On a decision procedure for quantified linear programs

Quantified linear programming is the problem of checking whether a polyhedron specified by a linear system of inequalities is non-empty, with respect to a specified quantifier string. Quantified linear programming subsumes traditional linear programming, since in traditional linear programming, all the program variables are existentially quantified (implicitly), whereas, in quantified linear programming, a program variable may be existentially quantified or universally quantified over a continuous range. In this paper, the term linear programming is used to describe the problem of checking whether a system of linear inequalities has a feasible solution. On account of the alternation of quantifiers in the specification of a quantified linear program (QLP), this problem is non-trivial. QLPs represent a class of declarative constraint logic programs (CLPs) that are extremely rich in their expressive power. The complexity of quantified linear programming for arbitrary constraint matrices is unknown. In this paper, we show that polynomial time decision procedures exist for the case in which the constraint matrix satisfies certain structural properties. We also provide a taxonomy of quantified linear programs, based on the structure of the quantifier string and discuss the computational complexities of the constituent classes. This research has been supported in part by the Air Force Office of Scientific Research under contract FA9550-06-1-0050.     

Symbolic predictive analysis for concurrent programs

Predictive analysis aims at detecting concurrency errors during runtime by monitoring a concrete execution trace of a concurrent program. In recent years, various models based on the happens-before causality relations have been proposed for predictive analysis. However, these models often rely on only the observed runtime events and typically do not utilize the program source code. Furthermore, the enumerative algorithms they use for verifying safety properties in the predicted traces often suffer from the interleaving explosion problem. In this paper, we introduce a precise predictive model based on both the program source code and the observed execution events, and propose a symbolic algorithm to check whether a safety property holds in all feasible permutations of events of the given trace. Rather than explicitly enumerating and checking the interleavings, our method conducts the search using a novel encoding and symbolic reasoning with a satisfiability modulo theory solver. We also propose a technique to bound the number of context switches allowed in the interleavings during the symbolic search, to further improve the scalability of the algorithm.     

Type-based termination of generic programs

Instances of a polytypic or generic program for a concrete recursive type often exhibit a recursion scheme that is derived from the recursion scheme of the instantiation type. In practice, the programs obtained from a generic program are usually terminating, but the proof of termination cannot be carried out with traditional methods as term orderings alone, since termination often crucially relies on the program type. In this article, it is demonstrated that type-based termination using sized types handles such programs very well. A framework for sized polytypic programming is developed which ensures (type-based) termination of all instances.     

Proving termination of GHC programs

A transformational approach for proving termination of parallel logic programs such as GHC programs is proposed. A transformation from GHC programs to term rewriting systems is developed; it exploits the fact that unifications in GHC-resolution correspond to matchings. The termination of a GHC program for a class of queries is implied by the termination of the resulting rewrite system. This approach facilitates the applicability of a wide range of termination techniques developed for rewrite systems in proving termination of GHC programs. The method consists of three steps: (a) deriving moding information from a given GHC program, (b) transforming the GHC program into a term rewriting system using the moding information, and finally (c) proving termination of the resulting rewrite system. Using this method, the termination of many benchmark GHC programs such as quick-sort, merge-sort, merge, split, fair-split and append, etc., can be proved. This is a revised and extended version of Ref. 12). The work was partially supported by the NSF Indo-US grant INT-9416687 Kapur was partially supported by NSF Grant nos. CCR-8906678 and INT-9014074. M. R. K. Krishna Rao, Ph.D.: He currently works as a senior research fellow at Griffith University, Brisbane, Australia. His current interests are in the areas of logic programming, modular aspects and noncopying implementations of term rewriting, learning logic programs from examples and conuterexamples and dynamics of mental states in rational agent architectures. He received his Ph.D in computer science from Tata Institute of Fundamental Research (TIFR), Bombay in 1993 and worked at TIFR and Max Planck Institut für Informatik, Saarbrücken until January 1997. Deepak Kapur, Ph.D.: He currently works as a professor at the State University of New York at Albany. His research interests are in the areas of automated reasoning, term rewriting, constraint solving, algebraic and geometric reasoning and its applications in computer vision, symbolic computation, formal methods, specification and verification. He obtained his Ph.D. in Computer Science from MIT in 1980. He worked at General Electric Corporate Research and Development until 1987. Prof. Kapur is the editor-in-chief of the Journal of Automated Reasoning. He also serves on the editorial boards of Journal of Logic Programming, Journal on Constraints, and Journal of Applicable Algebra in Engineering, Communication and Computer Science. R. K. Shyamasundar, Ph.D.: He currently works as a professor at Tata Institute of Fundamental Research (TIFR), Bombay. His current intersts are in the areas of logic programming, reactive and real time programming, constraint solving, formal methods, specification and verification. He received his Ph.D in computer science from Indian Institute of Science, Bangalore in 1975 and has been a faculty member at Tata Institute of Fundamental Research since then. He has been a visiting/regular faculty member at Technological University of Eindhoven, University of Utrecht, IBM TJ Watson Research Centre, Pennsylvania State University, University of Illinois at Urbana-Champaign, INRIA and ENSMP, France. He has served on (and chaired) Program Committees of many International Conferences and has been on the Editorial Committees.     

命令式程序终止性验证方法综述

作为软件完全正确性的重要组成部分,程序终止性受到越来越多的关注。旨在跟踪国内外针对命令式程序的终止性验证方法,调研该领域的最新研究成果,同时提出解决该问题的建议性方法框架,对命令式程序终止性研究提供有意义的帮助。给出了程序终止性问题的定义,介绍了已有的数值程序、堆操作程序终止性验证方法,并分别进行了分析与对比。总结了当前研究中存在的难点与热点问题,给出了一种基于模型检验的C程序终止性验证框架,该框架可以作为研究命令式程序终止性的基本框架。     

Transformational methodology for proving termination of logic programs

A methodology for proving the termination of well-moded logic programs is developed by reducing the termination problem of logic programs to that of term rewriting systems. A transformation procedure is presented to derive a term rewriting system from a given well-moded logic program such that the termination of the derived rewrite system implies the termination of the logic program for all well-moded queries under a class of selection rules. This facilitates applicability of a vast source of termination orderings proposed in the literature on term rewriting, for proving termination of logic programs. The termination of various benchmark programs has been established with this approach. Unlike other mechanizable approaches, the proposed approach does not require any preprocessing and works well, even in the presence of mutual recursion. The transformation has also been implemented as a front end to Rewrite Rule Laboratory (RRL) and has been used in establishing termination of nontrivial Prolog programs such as a prototype compiler for ProCoS, PL₀ language.     

Symbolic analysis of linear polyhedra

This paper concerns several analytical problems related to linear polyhedra in euclidean three-dimensional-space. Symbolic formulas for line, surface, and volume integration are given, and it is shown that domain integrals are computable in polynomial time. In particular, it is shown that mass, first and second moments, and products of inertia are computable inO(E) time, whereE is the number of edges of the boundary. Simple symbolic expressions for the normal derivatives of domain integrals are also derived. In particular, it is shown that they are closely linked to the topology of the integration domain, as well as that they are expressible as combinations of domain integrals over lower-order domains (faces, edges, and vertices). The symbolic results presented in this paper may lead to an easy incorporation of integral constraints, for example, concerning mass and inertia, in the engineering designing process of solid objects.     

On termination problems for finitely interpreted ALGOL-like programs

Summary Main issue is: The actual termination problem for finitely interpreted non-deterministic ALGOL-like programs without procedure selfapplication and without global variables is algorithmically solvable. This result offers a new and substantial application of a theorem of Lipton: The above mentioned programs, restricted to deterministic ones, have a sound and relatively complete Hoare logic. So we conjecture: ALGOL-like programs (even non-deterministic ones with formal sharing of variables) without procedure selfapplication and without global variables have a sound and relatively complete Hoare deduction system with axioms and inference rules which reflect the syntactical structure of programs.     

The clean termination of iterative programs

Summary The paper is devoted to a program-correctness concept which captures partial correctness, termination (nonlooping) and clean termination (nonabortion). The underlying proof method offers a one-stage proof of all the three properties. This method is proved consistent and algebraically complete. It is first discussed for the general case of arbitrary possibly nondeterministic iterative programs. Next, this case is restricted to arbitrary deterministic iterative programs and finally to structured programs. The presented approach is compared with partial correctness, total correctness and weakest precondition methods. The concluding example shows the verification of an arithmetical program in machine-bounded arithmetics. As a side effect of the verification procedure one finds input boundary conditions which guarantee clean termination.This paper was prepared when the author was visiting the Department of Computer Science of the Technical University of Denmark in Lyngby.     

Symbolic synthesis of masking fault-tolerant distributed programs

We focus on automated addition of masking fault-tolerance to existing fault-intolerant distributed programs. Intuitively, a program is masking fault-tolerant, if it satisfies its safety and liveness specifications in the absence and presence of faults. Masking fault-tolerance is highly desirable in distributed programs, as the structure of such programs are fairly complex and they are often subject to various types of faults. However, the problem of synthesizing masking fault-tolerant distributed programs from their fault-intolerant version is NP-complete in the size of the program’s state space, setting the practicality of the synthesis problem in doubt. In this paper, we show that in spite of the high worst-case complexity, synthesizing moderate-sized masking distributed programs is feasible in practice. In particular, we present and implement a BDD-based synthesis heuristic for adding masking fault-tolerance to existing fault-intolerant distributed programs automatically. Our experiments validate the efficiency and effectiveness of our algorithm in the sense that synthesis is possible in reasonable amount of time and memory. We also identify several bottlenecks in synthesis of distributed programs depending upon the structure of the program at hand. We conclude that unlike verification, in program synthesis, the most challenging barrier is not the state explosion problem by itself, but the time complexity of the decision procedures.     

The clean termination of Pascal programs

The axiomatic definition of PASCAL takes no account of the finite bounds of real computers. It is proposed that the bounds of differing machines may be accounted for in the PASCAL definition by the use of an axiom schema with machine dependent parameters. If these parameters are available to the program prover and to the program it is possible to prove the clean termination of a program on a particular bounded machine. The use of a parameterised definition for all PASCAL machines, means that clean termination can be guaranteed over a range of machines. In particular a programmer may prove his program against a set of bounds chosen for ease of proof, as long as the implemented machine is larger.     

Underapproximation of procedure summaries for integer programs

International Journal on Software Tools for Technology Transfer - We show how to underapproximate the procedure summaries of recursive programs over the integers using off-the-shelf analyzers for...     

The decomposition principle for linear programs

The decomposition algorithm of Dantzig and Wolfe is a procedure for the solution of linear programs using a generalized extension of the simplex method. In this paper the algorithm is described and a worked numerical example given. No new results are presented. The paper is intended to further publicise the method. The terminology used is that agreed upon by the participants at a workshop on the decomposition algorithm held by Mathematica in February, 1962 under the sponsorship of the Special Interest Group of Mathematical Programming of the Association of Computing Machinery.     

Proving operational termination of membership equational programs

Reasoning about the termination of equational programs in sophisticated equational languages such as Elan, Maude, OBJ, CafeOBJ, Haskell, and so on, requires support for advanced features such as evaluation strategies, rewriting modulo, use of extra variables in conditions, partiality, and expressive type systems (possibly including polymorphism and higher-order). However, many of those features are, at best, only partially supported by current term rewriting termination tools (for instance mu-term, C i ME, AProVE, TTT, Termptation, etc.) while they may be essential to ensure termination. We present a sequence of theory transformations that can be used to bridge the gap between expressive membership equational programs and such termination tools, and prove the correctness of such transformations. We also discuss a prototype tool performing the transformations on Maude equational programs and sending the resulting transformed theories to some of the aforementioned standard termination tools.     

An optimal termination testing procedure for discrete event simulations

In this paper we consider discrete-event simulations which yield results until a termination condition is satisfied. The simulation can proceed beyond this time, but no useful information is generated. The time at which the termination condition will be satisfied is not known initially, and is taken to be randomly distributed with some prescribed density. It is necessary, therefore, to periodically check the termination condition, and this consumes CPU time. The question that we address is how to distribute checking time to minimize expected CPU expenditure. We do this by taking a limit in which the cost of checking is small, and then minimizing the limiting expected CPU expenditure. In general, uniformly distributed checking times are not optimal. The layouts of checking times which are generated by our minimization procedure can significantly outperform constant checking intervals.     

A tableau-based decision procedure for CTL*

We present a sound, complete and implementable tableau method for deciding satisfiability of formulas in the propositional version of computation tree logic CTL*. This is the first such tableau. CTL* is an exceptionally important temporal logic with applications from hardware design to agent reasoning, but there is no easily automated reasoning approach to CTL*. The tableau here is a traditional tree-shaped or top-down style tableau, and affords the possibility of reasonably quick decisions on the satisfiability of medium-sized formulas and construction of small models for them. A straightforward subroutine is given for determining when looping allows successful branch termination, but much needed further development is left as future work. In particular, a more general repetition prevention mechanism is needed to speed up the task of tableau construction.