A Resourcebased Logic for Termination and NonTermination Proofs

A Resource-based Logic for Termination and Non-Termination Proofs Ton Chanh Le Aquinas Hobor Cristian Gherghina Wei-Ngan Chin National University of Singapore ICFEM 2014 1

A Resource-based Logic for Termination and Non-Termination Proofs ICFEM 2014 2

Hoare Logic for Partial Correctness • Proving Partial Correctness ICFEM 2014 3

Hoare Logic for Total Correctness • Proving Termination ICFEM 2014 4

Hoare Logic for Total Correctness • Proving Non-Termination ICFEM 2014 5

(Non-)Termination Specification • “So-called partial correctness is inadequate: if a program is intended to terminate, that fact must be part of its specification. ” – Cliff Jones • Non-termination specification is also important for • More comprehensive specifications to understand program better • A clearer distinction between expected non-termination and failure of termination proofs ICFEM 2014 6

Research Questions • Is the separation between termination and nontermination specifications good? while (x ≥ 0) { x = x + y; } requires x ≥ 0 y < 0 variance x ensures true; requires x ≥ 0 y ≥ 0 ensures false; ICFEM 2014 7

Research Questions • How can the termination and non-termination specifications be unified? while (x ≥ 0) { x = x + y; } requires x ≥ 0 y < 0 variance x ensures true; requires x ≥ 0 y ≥ 0 ensures false; ICFEM 2014 8

A Unified Specification Logic • A unified logical foundation for both termination and non-termination reasoning • Integration of termination and non-termination specifications into expressive logics for functional correctness and safety verification ICFEM 2014 9

Temporal Predicates • Term M: termination • Loop: definite non-termination • May. Loop: possible non-termination ICFEM 2014 10

Example while (x ≥ 0) { x = x + y; } requires (x ≥ 0 y < 0 Term[x]) (x ≥ 0 y ≥ 0 Loop) ensures (x ≥ 0 y ≥ 0 false); ICFEM 2014 11

Example while (x ≥ 0) { x = x + y; } case { x < 0 -> requires Term ensures true; x ≥ 0 -> case { y ≥ 0 -> requires Loop ensures false; y < 0 -> requires Term[x] ensures true; } } ICFEM 2014 12

A Resource-based Logic for Termination and Non-Termination Proofs ICFEM 2014 13

Foundation for Specification Logic • Solution: Consider non-termination and termination as resources. • Our proposal: A new logic for consumable resources which captures the concept of resource capacity; tracking both minimum and maximum of resource usage ICFEM 2014 14

Resource Assertions • ICFEM 2014 15

Temporal Entailment • ICFEM 2014 16

Flow-Insensitive Temporal Entailment • ICFEM 2014 17

Hip. TNT: A Termination Verification System http: //loris-7. ddns. comp. nus. edu. sg/~project/hiptnt ICFEM 2014 18

Hip. TNT+: A Termination Inference System http: //loris-7. ddns. comp. nus. edu. sg/~project/hiptnt void loop (int x, int y) { if (x < 0) return; else loop(x + y, y); } ICFEM 2014 19

Hip. TNT+: A Termination Inference System http: //loris-7. ddns. comp. nus. edu. sg/~project/hiptnt void loop (int x, int y) { if (x < 0) return; else loop(x + y, y - 1); } ICFEM 2014 20

Hip. TNT+: A Termination Inference System http: //loris-7. ddns. comp. nus. edu. sg/~project/hiptnt int Ack(int m, int n) { if (m == 0) return n + 1; else if (n == 0) return Ack(m-1, 1); else return Ack(m-1, Ack(m, n-1)); } ICFEM 2014 21

Hip. TNT+: A Termination Inference System http: //loris-7. ddns. comp. nus. edu. sg/~project/hiptnt int Ack(int m, int n) case { m < 0 -> requires Loop ensures false; m = 0 -> requires Term ensures = n + 1; m > 0 n < 0 -> requires Loop ensures false; m > 0 n ≥ 0 -> requires Term[m, n] ensures ≥ n + 1; } ICFEM 2014 22

Conclusions • “Termination and Non-Termination as Resources” provides a unified framework to combine both partial correctness and (non-)termination verification • The termination inference can benefit from mechanisms developed for safety verification, such as shape inference ICFEM 2014 23