• If T2 is finite, then T2 ∈ ¹CRS|C[ch0](a : b)ºc and sp(T2) ∈ ¹CRS0|C[chc0](a : b)ºc (this is the finite case which we have already proved). Because T is infinite, there must be a call to a non-terminating chain so there must be aci ∈phthat is tail-divergent. This means that the phasephtd is well-defined and p01 matchesphtd (phtd contains both the complete, the tail-divergent, and the partial versions of the CEs inph),chω=phtd·chc0is defined, and every pathp0 matcheschω.
• If T2 is infinite, then T2 ∈ ¹CRS|C[ch0](a : b)ºω and there is a chain chω0 such that sp(T2) ∈
¹CRS0|Cr[chω0](x y)ºωby induction hypothesis and p20 matcheschω0. Moreover, we have that every node inp1 is mapped tocp(because they contain an infinite evaluation onC) and thus p10 matches php. The chainchω=php·chω0is defined and everyp0matches it.
Here we can see how a summary provides conditions for the applicability of the chain, i.e. a precondition, and input-output relations. For instance, in order to evaluate the chain(3)+(2)the initial value ofnmust be higher than the size of the list l(n>l). In that case the returned list has the size ofl (ret=l).
Chain summaries are computed by propagating information backward from the end of a chain to the beginning using the polyhedra abstract domain [CH78] (although other domains such as the octagon domain [Min06] could be considered). Let us introduce some notation. A constraint setϕ corresponds to a polyhedron. The operation ϕ x corresponds to the projection of ϕ over the variables x and the operationϕ1tϕ2is the convex hull (least upper bound) ofϕ1 andϕ2.
Next, we define the operations necessary to compute chain summaries. The operation τ−1(c,ϕ) re-ceives a CEcand a constraint setϕthat represents a state and abstractly executes the CE inversely (hence the−1super-script) with respect to such state. Letc:C(x : y) =ϕc,b0,C(x1: y1),b13be a refined CE:
τ−1(c,ϕ) = (ϕ(x1y1)∧ϕc)x y The operation can be extended to disjunctions of cost equations:
τ−1((c1∨c2∨ · · · ∨cn),ϕ) = Gn i=1
τ−1(ci,ϕ)
and to a pattern E(e.g. a disjunction of cost equations) applied one or zero times:
τ−1(E0−1,ϕ) =τ−1(E,ϕ)tϕ
Finally, the operation is defined for a patternEapplied and unknown number of times and for a positive number of times. The latter corresponds to the pattern of iterative phases. This is defined as a fixpoint iteration of the previous pattern:
τ−1(E∗,ϕ) =fix(τ−1(E0−1))(ϕ) τ−1(E+,ϕ) =τ−1(E,τ−1(E∗,ϕ))
The refinement procedure uses widening to ensure termination of the fixpoint computation.
Once the operationτ−1 has been defined for all possible patterns corresponding to iterative and non-iterative phases, it can be used to compute chain summaries. The summary of a chain with a single ch := ph is defined by the convex hull of all the constraint sets ϕi of the CEs in the phase ci ∈ ph projected onto the input and output variables. This is the case even ifphis divergent. This is equivalent to assume that some CE in the divergent phase is evaluated at least once which is sound. The summary of a chain formed by several phases is computed recursively. Letch:=ph1·ch0, its summary is computed by applying the operationτ−1with the patternphto the summary ofch0. The formal definition is:
summary(ch) =
¨ F ϕx y c:C(x : y) =ϕ· · · ∈ph ifch=ph τ−1(ph,summary(ch0)) ifch=ph·ch0 Observation5.29. summary(ch)returns a summary ofch.
3 We usebin cost equations to denote a sequence of calls or linear expressions b1,· · ·,bn.
5.3. Invariants 63
5.3.2 Calling Contexts
The refinement also considers calling contexts, which are invariants that are valid at a certain point of the evaluation with respect to some entry set. In contrast to summaries, calling contexts are propagated forward along the chains and they are defined in terms of finite chain prefixes.
Definition 5.30(Chain Prefix). Let ch=ph1· · ·phn, a prefix ofchis defined aspfx:=phi·phi−1· · ·ph1 for0≤i<n. The empty prefix (i=0) is writtenε. Ifphn= (c1∨ · · · ∨cn)ω, thenpfx= (c1∨ · · · ∨cn)+· phn−1· · ·ph1 is also a valid prefix.
In order to define calling contexts in terms of evaluations, we need an auxiliary notion to identify where the evaluation of a given cost relation starts.
Definition 5.31 (Maximal Evaluation of C in T). Let T be an evaluation, T0 is maximal in T with respect toC if it is a sub-evaluation T0T, it is an evaluationT0 ∈¹CRS|Cºand no ancestor T00 of T0 (T0T00T) is in¹CRS|Cº.
Definition 5.32(Calling Context). LetCRSbe a cost relation system with an entry setES. A constraint setϕ(x)is a calling context of a prefixpfxif it is valid |=ϕ(a) for any evaluationT ∈¹CRSES|C(a:b)º that satisfies the following conditions:
• T belongs to an evaluation Te∈¹CRS|EºforE∈ES(T Te)
• Ti is a maximal evaluation ofCin Tewith T TiTe
• The path fromT toTi matches the prefixpfx(without including T)
Note that these calling contexts are only “context sensitive” with respect to the path inside the cost relationCbut they do not distinguish between the different paths that can reachCfrom the entries.
Example 5.33. Let us consider a variant of Program 11 in which the while loop is defined inside a function void foo(int i,int x){ int j=i+10; while(i<x){. . .}}which corresponds to the follow-ing cost relation foo(i,x) ={j =i+10},wh(i,j,x). In this example CR whis called only at one point under the condition j=i+10. This is the initial calling context of CRwh, that is, the calling context of its empty prefix. The remaining calling contexts of CRwhare:
Chain prefix Calling context Chain prefix Calling context ε {j=i+10} (4)+ {x ≥i,j≥i≥ j−9}
(2)+ ⊥ (3)(4)+ {j=i−1,x≥ j+1}
(3) ⊥ (2)+(3)(4)+ {i≥ j+2,x≥i}
Note that the calling context forεis incompatible with the constraint sets of CEs3and2ofwh. Conse-quently, the calling contexts for the prefixes(2)+and(3)are⊥.
The inference of calling contexts is very similar to the inference of chain summaries but it is defined recursively over chain prefixes. Let C be a cost relation, the calling context of the empty prefix ε for Cis an empty constraint set >if C is an entry (C∈ES), or an over-approximation (convex hull) of all the calling contexts in which C is called from other CRs otherwise. For the recursive case, we define the operation τ1(c,ϕ) that receives a CE c and a constraint set ϕ and abstractly executes the CE. Let c:C(x :y) =ϕc,b0,C(x0:y0),b1be a refined CE:
τ1(c,ϕ) = (ϕ(x)∧ϕc)x0
We lift the operation forτ1to the patterns of iterative phases as in the case ofτ−1(see previous section).
The computation of calling contexts is:
callCxt(pfx) =
> ifpfx=ε∧C∈ES
F§
ϕx0 c:C0(x : y) =ϕ,· · ·,C(x0:y0)· · · ∈CRS
∧C06=C
ª
ifpfx=ε∧C6∈ES τ1(ph,callCxt(pfx0)) ifpfx=ph·pfx0 Observation5.34. callCxt(pfx) returns a calling context ofpfx.
5.3.3 Discarding Unfeasible Chains
Both chain summaries and calling contexts can be used to detect and discard unfeasible chains.
Observation 5.35. Ifsummary(ch) is unsatisfiable, then ¹CRS|C[ch]ºis empty and chcan be discarded.
Any chainch0that haschas a suffix can also be discarded.
Observation 5.36. If callCxt(pfx) is unsatisfiable, then for any chain ch such that pfx is its prefix
¹CRSES|C[ch]ºis empty andchcan be discarded.
These observations rely on Observations 5.29 and 5.34 and the chain summary and calling context definitions (Definition5.26and Definition5.32).
Example 5.37. Continuing with Example5.33, we can discard the chains(3)(2)+(1),(3)(1)and(2)+(1) because they contain the prefixes(2)+ and(3)whose calling contexts are unsatisfiable.
5.3.4 Strengthening Cost Equations
The information contained in calling contexts and chain summaries can be useful for its bound compu-tation and even for other steps in the analysis such as proving termination.
The refinement procedure strengthens cost equations’ constraints using the inferred summaries and calling contexts. It does so in a context insensitive manner. For a cost equationc, it computes a summary for its recursive calls by joining all the summaries of the chains that can be evaluated in such recursive call. These are the chains wherecis in the first phase or chains that come immediately after a phase that containsc(the recursive call of a CE can already belong to a different phase).
Definition 5.38(Cost Equation Summary). LetCbe a cost relation with a set of chainsCH. Letc:C(x : y) =ϕ,b,C(x0: y0),bbe a recursive CE, its summary is:
summary(c) =G
summary(ch)(x0y0) (ph·ch∈CH∧c∈ph)∨(ch=ph_∈CH∧c∈ph)
Lemma 5.39. For every t(c(a:b),[T1,· · ·,Tj,· · ·,Tn])∈¹CRS|CºwhereTj corresponds to a recursive call C(x0: y0)andparam(Tj) =a0b0 then|=summary(c)(a0b0).
Proof. The lemma is a consequence of the completeness of refined chains (Theorem5.25), everyTj has to belong to one of the chains considered for computing the summary ofc, and of Observation5.29that guarantees thatsummary(ch)generates a summary ofch.
Definition 5.40(Call Summary Strengthening). Letc:C(x : y) =ϕ,b0,C(x0: y0),b1 be a recursive CE, the strengthened CE is c0:C(x : y) =ϕ∧summary(c),b0,C(x0 : y0),b1. The transformation generates CRS0=CRS\ {c} ∪ {c0}.
Corollary 5.41. Call Summary Strengthening is sound and precise.
5.3. Invariants 65
Program 12 Cost relations void1 strengthen (int x){
2 int s =1;
3 while(x >0)
4 x=x -s;
5 }
1:strengthen(x) ={s=1}, 1,wh(x,s) 2:wh(x,s) ={x≤0}
3:wh(x,s) ={x>0,x0=x−s}, 1,wh(x0,s) Figure 5.2.:Program12: Example where strengthening is important
Similarly, for a cost equation c, the refinement computes a calling context for its head by considering the calling contexts of all the prefixes that can lead toc.
Definition 5.42(Cost Equation Calling Context). Let C be a cost relation with a set of chain prefixes PFX. Letcbe a cost equation inC, its calling context is:
callCxt(c) =G
callCxt(pfx) (ph·pfx∈PFX∧c∈ph)∨(pfx=ph_∈CH∧c∈ph) Lemma 5.43. For every t(c(a:b),[T1,· · ·,Tn])∈¹CRSES|Cº, we have|=callCxt(c)(ab).
Proof. The lemma is a consequence of the completeness of the chain case distinction (Theorem5.25), everyTj has to belong to one of the chains and its corresponding prefixes are considered for computing the calling contexts of c. For each of the prefixes pfx,callCxt(pfx) is a valid calling context because of Observation5.34.
Definition 5.44(Calling Context Strengthening). Letc:C(x :y) =ϕ,bbe a CE, the strengthened CE is c0:C(x :y) =ϕ∧callCxt(c),b. The transformation generatesCRS0=CRS\ {c} ∪ {c0}.
Corollary 5.45. Calling Context Strengthening is sound and precise with respect toES.
Example 5.46. Consider the Program 12 in Figure 5.2. The cost relationwh is not necessarily termi-nating if considered without a context. In particular, wh diverges if variable s is not strictly positive.
However, if we consider that CR strengthenis its only entry, wh is always called with s =1 and wh is guaranteed to terminate.
The chains of CRwhare(3)+(2),(3)ωand(2). As it is, the phase(3)ωcannot be proved terminating.
The calling contexts ofwh arecallCxt(ε) ={s= 1} andcallCxt((3)+) ={s =1,x+s >0}. Therefore, the calling context of CE3 iscallCxt(3) ={s=1,x+s>0} t {s=1}={s=1}and if we apply Calling Context Strengthening to CE3, we obtain:
30:wh(x,s) ={x>0,x0=x−s,s=1}, 1,wh(x0,s)
Now the phase loop of(30)ωhas a ranking function x and the non-terminating chain can be discarded.