Termination Analysis of Polynomial Programs with Equality Conditions
Abstract
In this paper, we investigate the termination problem of a family of polynomial programs, in which all assignments to program variables are polynomials, and test conditions of loops and conditional statements are polynomial equations. Our main result is that the nonterminating inputs of such a polynomial program is algorithmically computable according to a strictly descending chain of algebraic sets, which implies that the termination problem of these programs is decidable. The complexity of the algorithm follows immediately from the length of the chain, which can be computed by Hilbert’s function and Macaulay’s theorem. To the best of our knowledge, the considered family of polynomial programs should be the largest one with a decidable termination problem so far. The experimental results indicate the efficiency of our approach.
CONF ’yyMonth d–d, 20yy, City, ST, Country \copyrightyear20yy \copyrightdata9781nnnnnnnnn/yy/mm \doinnnnnnn.nnnnnnn
Yangjia Li,Naijun Zhan and Mingshuai Chen State Key Lab. of Comp. Sci., Institute of Software, Chinese Academy of Sciences {yangjia,znj,chenms}@ios.ac.cn \authorinfoHui Lu Nanjing Audit University luhui@nau.edu.cn \authorinfoGuohua Wu Nanyang Technological University guohua@ntu.edu.sg
F.3.1.Specifying and Verifying and Reasoning about ProgramsTermination
keywords: Termination Analysis, Polynomial Programs, Polynomial Ideals
1 Introduction
Termination analysis plays an important role in program verification and testing, and has attracted an increasing attention recently Cook et al. [2011]; Yang et al. [2010]. However, the program termination problem is equivalent to the famous halting problem Turing [1937], and hence is undecidable in general. Thus, a complete method for termination analysis for programs, even for the general linear or polynomial programs, is impossible Tiwari [2004]; MüllerOlm and Seidl [2004]; Bradley et al. [2005]; Braverman [2006]. So, a practical way for termination analysis is conducted by providing sufficient conditions for termination and/or nontermination. Classical method for establishing termination of a program, either linear or polynomial, makes use of a wellfounded domain together with a socalled ranking function that maps the state space of the program to the domain, which provides a sufficient condition for the termination of the program, e.g., BenAmram and Genaim [2014]; Colón and Sipma [2001]; Podelski and Rybalchenko [2004a, b]; Chen et al. [2007]; Cousot [2005]. In Gupta et al. [2008], the authors considered a sufficient condition for nontermination inputs, while in Harris et al. [2010], the authors investigated sufficient conditions for termination and nontermination inputs respectively, and check the two conditions in parallel for termination analysis.
In contrast, Tiwari investigated this issue at a very fundamental level. He first noticed that the termination of a class of simple linear loops is related to the eigenvalues of assignment matrix and proved that the termination problem of these linear programs with input set is decidable Tiwari [2004]. This theory was further developed in Braverman [2006]; Xia and Zhang [2010]; Xia et al. [2011].
Following this line, Bradley et al. Bradley et al. [2005] tried to investigate the termination problem of a family of polynomial programs, which are modeled as multipath polynomial programs (MPPs) by using finite difference tree (FDT).The MPP model is an expressive class of loops with multiple paths, polynomial loop guards and assignments, that enables practical code abstraction and analysis. It was proved in Bradley et al. [2005] that the termination problem of MPPs is generally undecidable. In Bradley et al. [2005], the authors only considered a small class of MPPs, i.e., MPPs with polynomial behaviour. Similar idea was used for termination analysis of polynomial programs in Babić et al. [2013]. In Liu et al. [2014], the authors considered another class of MPPs, whose loop guards are polynomial equations. According to their algebraic structures, the authors established sufficient conditions for termination and nontermination simultaneously for these MPPs, thus termination analysis can be conducted by checking these conditions in parallel, which is analogous to Harris et al. [2010]. In Liu et al. [2014], the authors raised an open problem whether the termination of this family of MPPs is decidable.
In this paper, we give a confirmative answer to the open problem raised in Liu et al. [2014] that the termination problem of MPPs with equality guards is decidable. To the best of our knowledge, this family of polynomial programs should be the largest one with a decidable termination problem so far, noting that the program termination with inequality conditions is hardly to decide even for linear loops, since such problem is equivalent to the famous Skolem’s problem Ouaknine and Worrell [2015]. On the other hand, inequality loop guards can be strengthened as equality guards, e.g. , thus our approach can also be used to find nonterminating inputs for general MPPs.
The basic idea of our approach is as follows: Given an MPP with paths, for any input , if at the first iteration satisfies the loop guard, then one of the paths in the loop body will be nondeterministically selected and the corresponding assignment will be used to update the value of , which results in possible values of ; afterwards, the above procedure is repeated until the guard does not hold any more. Thus the execution of an MPP on input forms a tree. An input is called nonterminating if the execution tree on has an infinite path. Obviously, each of such paths forms an ascending chain of polynomial ideals, and an input is nonterminating iff is in the variety of an ascending chain in the execution tree. By using some results of polynomial algebra, we prove that there is a uniform upper bound for these ascending chains. This implies the decidability of termination problem of the family of MPPs. Similar argument is applicable to polynomial guarded commands in which all test guards are polynomial equations.
Related work
In the past, various wellestablished work on termination analysis can only be applied to linear programs, whose guards and assignments are linear. For singlepath linear programs, Colón and Sipma utilized polyhedral cones to synthesize linear ranking functions Colón and Sipma [2001]. Podelski and Rybalchenko, based on Farkas’ lemma, presented a complete method to find linear ranking functions if they exist Podelski and Rybalchenko [2004a]. In BenAmram and Genaim [2014], BenAmram and Genaim considered to extend the above results in the following two aspects: firstly, they proved that synthesizing linear ranking functions for single path linear programs is still decidable if program variables are interpreted over integers, but with coNP complexity, in contrast to PTIME complexity when program variables are interpreted over rationals or reals; secondly, they proposed the notion of lexicographical ranking function and a corresponding approach for synthesizing lexicographical ranking functions for dealing with linear programs with multipath.
In recent years, the termination problem of nonlinear programs attracted more attentions as they are omnipresent in safetycritical embedded systems. Bradley et al. proposed an approach to proving termination of MPPs with polynomial behaviour over through finite difference trees Bradley et al. [2005]. Similar idea was used in Babić et al. [2013] for termination analysis of polynomial programs. Typically, with the development of computer algebra, more and more techniques from symbolic computation, for instance, Gröbner basis Sankaranarayanan et al. [2004]; MüllerOlm and Seidl [2004], quantifier elimination Kapur [2006] and recurrence relation RodríguezCarbonell and Kapur [2007]; Kovács [2008], are borrowed and successfully applied to the verification of programs. Certainly, these techniques can also be applied to polynomial programs to discover termination or nontermination proofs. Chen et al. proposed a relatively complete (w.r.t. a given template) method for generating polynomial ranking functions over by reduction to semialgebraic system solving Chen et al. [2007]. Gupta et al. proposed a practical method to search for counterexamples of termination Gupta et al. [2008], by first generating lassoshaped Cook et al. [2006] candidate paths and then checking the feasibility of the “lassoes” using constraint solving. Velroyen and Rümmer applied invariants to show that terminating states of a program are unreachable from certain initial states, and then identified these “bad” initial states by constraintsolving Velroyen and Rümmer [2008]. Brockschmidt et al. detected nontermination and Null Pointer Exceptions for Java Bytecode by constructing and analyzing termination graphs, and implemented a termination prover AProVE Brockschmidt et al. [2011].
For more general programs, many other techniques, like predicate abstraction, parametric abstraction, fair assumption, Lagrangian relaxation, semidefinite programming, sum of squares, etc., have been successfully applied Cousot and Cousot [2012]; Cousot [2005]; Cook et al. [2008].
The following work are more related to ours. Tiwari first identified a class of simple linear loops and proved that its termination problem is decidable over reals Tiwari [2004]. Braverman extended Tiwari’s result by proving the termination problem is still decidable when program variables are interpreted over integers Braverman [2006], and Xia and Zhang investigated an extension of Tiwari’s simple linear loops by allowing a loop condition to be nonlinear constraint and proved that the termination problem of the extension is still decidable over reals, and becomes undecidable over integers Xia and Zhang [2010]. In Bradley et al. [2005], Brandley et al. proved that the termination problem of MPPs with inequalities as loop conditions is not semidecidable. Additionally, MüllerOlm and Seidl proved that the termination problem of linear guarded commands with equations and inequations as guards is undecidable MüllerOlm and Seidl [2004]. Thus, we believe that the class of polynomial programs, i.e., polynomial guarded commands with equalities as guards, under consideration in this paper, is the largest one with a decidable termination problem, any extension of it by allowing inequalities, or inequations in a guard will result in the termination problem undecidable.
The rest of the paper is organized as follows. In Section 2, we give an overview of our approach by a running example. In Section 3, some concepts and results on computational algebraic geometry are reviewed. Section 4 is devoted to computing the upper bound on the length of a descending chain of algebraic sets. In Section 5, we introduce the model of MPPs with equality guards. In Section 6, we prove the decidability of the termination problem of the MPPs by proposing an algorithm to compute the set of nonterminating inputs. Section 7 extends the decidability result to polynomial guarded commands with equality guards. Section 8 reports some experimental results with our method. A conclusion is drawn in Section 9.
2 A running example
Consider the following polynomial program (denoted by running
):
Example 1.
(1) 
Here “?” means that the condition has been ignored by abstraction of the program, and thus in each iteration these two assignments are nondeterministically chosen. Our problem is to decide if or not for any initial value in a given set , the program would always terminate in a finite number of iterations.
For simplicity, the polynomial of the loop guard is denoted as , and the two polynomial vectors of the assignments as and . Our approach is to compute the set of all possible initial values of for which the program may not terminate. Thus, the termination problem of the program on the set of inputs is easily obtained by checking if . The detailed procedure is described step by step as follows:

Consider the equation , and write the set of its solutions as . Thus, means that the body of the loop should be executed once at least w.r.t. the input.

Denote by and the solution sets of equations:
respectively. So, means that the loop body may be executed twice at least by correspondingly choosing to be the assignment in the first iteration. So allows at least two iterations in the execution. It is easy to calculate that , , and so .

Similarly, the solution set of equation
is the set of inputs for which the third iteration is achievable by successively choosing and in the first and the second iterations. is the set of inputs which allow at least three iterations. By simple calculation, we obtain that , , , , and .

Now we note that . Our results reported in this paper guarantee that , namely, is actually the set of inputs which make the program possibly nonterminating.

Observe that . So the program is nonterminating on input .
3 Preliminaries
In this section, we recall some basic concepts and results on computational algebraic geometry, which serve as the theoretical foundation of our discussion. For a detailed exposition to this subject, please refer to Cox et al. [1997]MacAulay [1926].
3.1 Polynomial rings and ideals
Consider a number field , which could be the field of rational numbers , real numbers or complex numbers throughout this paper. Let be a vector of variables. A monomial of is of the form where is a vector of natural numbers, and is called the degree of , denoted by . A polynomial of is a linear combination of a finite number of monomials over , i.e., where is the number of distinct monomials of and is the nonzero coefficient of , for each . The degree of is defined as . Denote by the set of monomials of and the polynomial ring of over . The degree of a finite set is defined as .
we introduce the lexicographic order for monomials: if there exists such that and for all . For every polynomial we write its leading monomial (i.e., the greatest monomial under ) as . For any , a set of monomials is called compressed, if for any , , then
Definition 1 (Polynomial Ideal).

A nonempty subset is called an ideal if , and .

Let be a nonempty subset of , the ideal generated by is defined as

The product of two ideals and is defined as
The ideal generated by is actually the minimal one of ideals that contain . When is a finite set, we simply write as . Given two polynomial sets and , we define . Obviously, .
Theorem 1 (Hilbert’s Basis Theorem).
Every ideal is finitely generated, that is, for some . Here is called a basis of .
We define the degree of an ideal as
Note that an ideal may have different bases. However, using the Buchberger’s algorithm under a fixed monomial ordering, a unique (reduced) Gröbner basis of , denoted by , can be computed from any other basis. We also simply write as for any basis . An important property of Gröbner basis is that the remainder of any polynomial on division by , written as , satisfies that
The Hilbert’s Basis Theorem implies that the polynomial ring is a Noetherian ring, i.e.,
Theorem 2 (Ascending Chain Condition).
For any ascending chain of ideals
of , there exists an such that for all .
3.2 Algebraic sets and varieties
By assigning values in to , a polynomial can be regarded as a function from the affine space to . Then the set of zeros of a polynomial set can be defined as . It is easy to verify that .
Definition 2 (Algebraic Set and Variety).
A subset

is algebraic, if there exists some such that , and is called a set of generating polynomials of ;

is reducible, if it has two algebraic proper subsets and such that ; otherwise it is called irreducible;

is a variety, if it is a nonempty irreducible algebraic set.
The following properties on algebraic and variety can be easily verified: the union of two algebraic sets is an algebraic set, and the intersection of any family of algebraic sets is still algebraic; suppose are algebraic sets and is a variety, then
(2) 
An algebraic set is usually represented by its generating polynomials in practice. Note that an algebraic set may have different sets of generating polynomials. However, by defining
for any , one can easily verify that is the maximal set that generates . So, any algebraic set can be identified by the ideal . The membership for any polynomial and any finite set of polynomials is equivalent to the unsatisfiability of , which is decidable Tarski [1951].
Additionally, noting that for two algebraic sets and , it follows from Theorem 2 that
Theorem 3 (Descending Chain Conditions).
For any descending chain of algebraic sets
of , there exists an such that for all .
3.3 Monomial ideals and Hilbert’s functions
An ideal is called monomial if it can be generated by a set of monomials. A monomial ideal always has a basis of monomials (due to Dickson’s Lemma), and any monomial should be a multiple of some .
Definition 3 (Hilbert’s function).
For a monomial ideal , a function is defined as
where is the set of homogeneous polynomials of degree and , and both of them are linear spaces over .
Note that is the number of monomials of degree , where
And means that contains all monomials of degree .
We invoke the Macaulay’s theorem MacAulay [1926] to estimate the value of Hilbert’s function . To this end, we define a function for every natural number as follows. When is given, any number can be uniquely decomposed as
where and . In fact, with ; and for , are successively determined by
until for some . Now we define
For instance, , and (note that ).
Theorem 4 (Macaulay).
For any monomial ideal , for all . Moreover, if and is compressed.
4 Upper bound of the length of polynomial ascending chains
In this section, we investigate the length of polynomial ascending chains, which plays a key role in proving the decidability of the termination problem. In addition, this problem is independently of interest in mathematics and has received many studies Socías [1992]; Seidenberg [1971].
The computing is based on MorenoSocías’s approach Socías [1992], which consists of the following three steps:

Reduce computing the bound on bounded polynomial ideal chains to computing the bound on generating sequences of monomials, which is obtained by MorenoSocías’s result Socías [1992].

Compute the longest homogeneous generating sequence, which is achieved directly by using Hilbert’s function and Macaulay’s theorem. This step is different from MorenoSocias’s, as his result on this step (i.e. Proposition 4.3 in Socías [1992]) is wrong.

Prove that the bound of generating sequences of monomials is exactly same as the length of the longest homogeneous generating sequence obtained in (ii), which is trivially achieved by introducing a fresh variable.
Definition 4.
For any increasing function (that is, for all ), an ascending chain of polynomial ideals of is called bounded, if for all . Denote by the greatest length of all strictly ascending chains of which are bounded.
Remark.

The condition of boundedness is necessary to define the greatest length, as the length of chains with unbounded degrees could be arbitrarily large (for instance, the length of could be arbitrarily large if is unbounded).

For ease of discussion, we assume is increasing without loss of generality. In fact, for a general , consider the increasing function , . Then a bounded chain is always a bounded chain since for all . So , and we can use as the upper bound of the chains.
Our aim is to compute based on the number of variables and function . To this end, we particularly consider ascending chains of a special form.
Definition 5.
Given a function , a finite sequence of monomials is called generating, if and for all .
Then a generating monomial sequence generates a strictly ascending chain of monomial ideals satisfying , by defining . MorenoSocías proved in Socías [1992] that in order to compute , it suffices to consider the ascending chains that are generated by generating monomial sequences. That is,
Proposition 1 (Socías [1992]).
is exactly the greatest number of monomials of generating sequences in .
Hence, in the rest of this section, we construct the longest chain of this form. We first do this for a special case where the degrees of polynomial ideals are not just bounded but completely determined by a function . Then we reduce the general case to this special one.
4.1 The longest chain of specified degrees
In this subsection, we only consider a special type of generating sequences such that:
(3) 
We inductively construct a generating sequence of monomials as follows: Initially define ; suppose are defined for some , then let
(4) 
until for some .
Obviously, this sequence satisfies equation (3). It follows immediately from the equation (4) that the corresponding ideal is compressed for every , and from the definition of Hilbert’s function.
Example 2.
For and , we have a set
Then in this case.
Now we shall prove that the sequence we construct has the greatest number of monomials among all generating sequences that satisfies (3).
Lemma 1.
If is a generating sequence that satisfies equation (3), then .
Proof: We proceed by contradiction. Suppose . Let for all . For simplicity, we define and , for all . Observe that
(5) 
Indeed, the first two equalities directly follow from the definition of , and the third inequality is from Theorem 4. Similarly, we have
(6) 
Here, the third one becomes equality since is compressed and and so the conditions for equality in Theorem 4 is satisfied. On the other hand, we observe that . Then it can be inductively proved from equations (5) and (6) that:
Here, the fact that is applied. So we have proved that for all and . Then . We have , which is contrary to the definition of .
We consider to compute the greatest length using the condition . To this end, we define to be the number such that
(7) 
Then from this definition . Note that
then . Computing is presented in the following theorem.
Theorem 5.
Given a number , an increasing function , and a number , can be recursively calculated as follows:

and , for any , and ;

Write for , then they can be successively calculated by and for ,
Here is a function defined as .
Proof: It is equivalent to show that the recursive function defined by the calculation procedure above is the same as the one defined by equation (7); namely, if we compute a number by the calculation, then should be as in equation (7). On the other hand, for any , decompose as . It can be verified by equation (5) that . So can also be recursively calculated from . Then it is easy to prove the result by induction on and .
4.2 Reduction from the general case
Now we remove the restriction (3) and consider the length of a general generating sequence of monomials in . Our method is to reduce this general case to the homogenous case. Specifically, we introduce a new variable (for which the lexicographic order becomes ), and construct for each a monomial such that , where . So and thus the restriction (3) is satisfied by . Furthermore,
Proposition 2.
is a generating sequence of .
Proof: It suffices to prove that for every . In fact, if it is not the case then should be a multiple of some , where . It implies that is a multiple of , which is contrary to .
Then it immediately follows from the definition of that . Since is arbitrarily chosen, we obtain from Proposition 1. Conversely, we also show that . We consider the sequence of , which is defined as in equation (4). Then . By putting , this sequence becomes another sequence of .
Proposition 3.
is a generating sequence.
Proof: Observe that for all . Then we only need to prove that for all . We assume that is a multiple of some , where . Let and , then (otherwise would be a multiple of ). We also have ; otherwise,f(j)=f(i) and thus , which is contrary to .
Note that . Then we can find some monomial such that , and is simultaneously a multiple of and a factor of . Put , then and . So is also in the sequence . However, is a multiple of and thus we find contradiction.
follows immediately from this result. Therefore, we obtain the following theorem.
Theorem 6.
.
Example 3.
For , the monomial set of the longest monomial ascending chain is
and .
However, according to MorenoSocías’s approach Socías [1992], the monomial set is
and thus , which is obviously wrong.
More generally, it can be proved that for ,
(8) 
Here, is used to define the Ackermann’s function same as in Socías [1992]. In fact, the length of the generating sequence defined by (4) has been correctly computed in Socías [1992] by
Note that , then (8) follows immediately from this result and Theorem 6.
5 Termination of multipath polynomial programs with equality guards
5.1 Multipath polynomial programs
The polynomial programs considered in this paper are formally defined as follows:
Definition 6 (MPP with Equality Guard Liu et al. [2014]).
A multipath polynomial program with equality guard has the form
(9) 
where

denotes the vector of program variables;

is a polynomial and is the equality typed loop guard;

() are vectors of polynomials, describing the transformations on program variables in the loop body;

interprets as a nondeterministic choice between the transformations.
Remark.

The initial value of is not specified here, and assume it is taken from . If the input is subject to semialgebraic constraints, our decidability result still holds according to Tarski [1951].
Example 4.
Consider the following MPP (named as liu1
):
(10) 
We have , , and .
Example 5.
A nondeterministic quantum program Li et al. [2014] is of the form:
(11) 
where

is a density matrix.

is a twooutcome quantum measurement, where and are complex matrices.

are quantum superoperators, which are linear transformations over .
In this example, , and , where is the trace of a matrix , and is the complex conjugate of the transpose of . Clearly, it is a multipath linear program over . In Li et al. [2014], the nonterminating inputs of this program plays a key role in deciding the termination of quantum programs.
5.2 Execution of MPPs
Given an input , the behavior of MPP (9) is determined by the choices of nondeterministically, and all the possible executions form a tree.
Definition 7 (Execution Tree Liu et al. [2014]).
The execution tree of MPP (9) for an input is defined inductively as follows:

the root is the input value of ;

for any node , it is a leaf node if ; otherwise, has children , , and there is a directed edge from to , labeled by , for .
Now we consider the paths in the execution tree. Denote by the set of indices of the transformations (). For any string , we write for its length and for the set of its proper prefixes. The concatenation of two strings and is written as . For simplicity, we put and (i.e ) for the empty string . Then . Similarly, for an infinite sequence we define