Solving gpo Ordering Constraints with a Shared ... - Semantic Scholar

Solving gpo Ordering Constraints with a Shared Term Data Structure Thomas Genet and Isabelle Gnaedig INRIA Lorraine & CRIN CNRS - BP 101 54602 Villers-lès-Nancy France Phone: (+33) 83-59-30-18 - Fax: (+33) 83-27-83-19 E-mail: [email protected] and [email protected]

19 january 1996

Abstract. We present here an algorithm for proving termination of term rewriting sys-

tems by gpo ordering constraint solving. Constraint solving is done eciently thanks to an original shared term data structure based on SOUR graphs. We show how the algorithm works for proving termination of self-embedding rules like ffx ! fgfx. For particular cases of gpo like lpo, the algorithm is fully automatic. We give here execution examples of an implementation we made for lpo case.

1 Introduction To prove termination of a Term Rewrite System (TRS in short), the most commonly used method is to dene a well-founded ordering between terms and show that each rewrite step is a strictly decreasing step. The main diculties for proving termination are:  there is no standard ordering for proving termination of a TRS. Then, one has sometimes to consider a large amount of orderings for nding the appropriate one,  only few ordering methods are automatizable,  automatic ordering methods are often exponential. In order to design a termination proof environment integrating dierent orderings, helping the user to choose among them, and proposing automatic processes whenever it is possible, we propose a proof algorithm  dealing with the largest amount of known termination orderings using the general path ordering of Dershowitz and Hoot (gpo for short),  pruning the search space of termination orderings using a constraint approach,  limiting exponential explosion of ordering constraint solving using a shared term data structure. The general path ordering (gpo) is a generic ordering, designed by Dershowitz and Hoot [2], for expressing, in a single notion, a large set of well known orderings: syntactic orderings as RPO [9] or LPO [7], as well as semantic orderings like SPO [7] or polynomial orderings [8]. It is based on a lexicographic combination of termination functions. Particular orderings, as those cited above, are obtained by instantiating termination functions with particular values. The traditional approach for proving termination of a TRS with either syntactic and semantic orderings consists in guessing an ordering and then in verifying that each rewrite rule is correctly oriented with regard to the chosen ordering. The constraint approach, however, restricting the search space, consists in deriving the ordering from the terms we want to compare, by a resolution process. Our idea here is to combine the genericity of gpo with the constructive power of the constraint approach, to provide a method as automatic as possible, for proving termination of TRS. Starting from inequalities on a general path ordering, we will reduce the set of possibilities for instantiation of termination functions by constraint solving, until getting particular orderings, when it is possible. 1

The last, but not least aspect of our work is eciency. A straightforward constraint solving algorithm for gpo is exploding even on small examples. We will see here how it is possible to limit the explosion of computations using SOUR graphs, a term sharing data structure for rewrite rules, rst introduced by C. Lynch and P. Strogova in [10]. Our constraint solving algorithm for gpo will work in two steps. The rst step will consist in syntactical solving of gpo constraints to give proof obligations which are ordering constraints on gpo termination functions. The second step will consist in testing satisability of proof obligations to nd an instance of gpo satisfying initial gpo constraints. In Section 2, we recall gpo denition and the related termination theorems. In Section 3, we dene gpo constraints as well as a constraint approach of termination proofs by gpo. We also present a straightforward constraint solving algorithm on an example, and explain why it is costly. In Section 4, we present specic data structures for achieving termination proofs as well as deduction rules for generating proof obligations. In Section 5, we dene the satisability of proof obligations. Finally, in section 6, we give practical methods for testing satisability of proof obligations.

2 The starting point: gpo Let F be a set of function symbols each one with an arity, X a set of variable symbols, and T (F; X ) the set of terms dened on F and X. For denitions of multiset, ordering, multiset extension, lexicographic extension, monotonic, strictly monotonic, stable ordering and other usual denitions, see [3]. Let us recall the denition of gpo ordering from Dershowitz and Hoot [2]. This denition is based on component orderings i, i = 1 : : :k dened as follows: A component ordering i is a pair hi ; ii such that  i is a homomorphism from the set of terms towards an algebra A and i is a well-founded quasi-ordering on A, or  i is a function (called multiset extraction function in [2]) from terms to multisets of selected immediate subterms, that is i (f (s1 ; : : :; sn )) = fsj1 ; : : :; sjm g, such that j1 ; : : :; jm 2 f1; : : :; ng and i is the multiset extension of gpo itself. Notations: for any component ordering hi ; ii: 'i = i \ i and >i = i \ 6i . For any term s 2 T (F; X ), i;j (s) = hi (s); : : :; j (s)i, where 0  i < j and i ; : : :; j are gpo termination functions. We will note  for 0;k. Let >lex be the lexicographic combination of orderings >i ; : : :; >j related to the homomorphisms i ; : : :; j .

Denition1. (General Path Ordering)(Dershowitz & Hoot [2]). Let hi ; i i be component orderings. The general path ordering gpo on T (F; X ) is inductively dened by gpo = >gpo [ 'gpo where  s = f (s1 ; : : :; sn ) >gpo g(t1 ; : : :; tm ) = t if one of the two following cases holds: 1. si gpo t for any subterm si of s, or 2. s >gpo t1 ; : : :; tm and (s) >lex (t), and (s) (t) = h0 (t); : : :; k (t)i.  s = f (s1 ; : : :; sm ) 'gpo g(t1 ; : : :; tn) = t

=

h0 (s); : : :; k (s)i and

if s >gpo t1; : : :; tm , t >gpo s1 ; : : :; sn and (s) 'lex (t).

Theorem 2. (Dershowitz & Hoot [2]) Let gpo be a gpo. A rewrite system R terminates if  l >gpo r for all rules l ! r of R, all substitution  and, 2

 s ! t and s gpo t implies f (: : :; s; : : :) gpo f (: : :; t; : : :) for any context f (: : : : : :). Denition3. A component ordering i = hi; ii is value preserving if i is an homomorphism and we have i (l) 'i i (r) for any rule l ! r of R and any ground substitution . Denition4. Given a multiset S, the multiset Ri(S) of terms of rank i (i > 0) with respect to the ordering  on terms in a multiset of terms S, is inductively dened as Ri(S ) = fu : u is maximal with respect to  in Li (S )g where S Li (S ) = S ? gpo t (resp. s 'gpo t) is a set of instances , such that s >gpo t (resp. s 'gpo t). Our goal is here to solve gpo constraints to nd a an instance  satisfying the initial set of constraints. If the related ordering >gpo is stable, then solving gpo constraints for all rules of a TRS provides an instance of gpo proving termination of the TRS. The solving process 3

we propose works in two steps. It rst does syntactic deductions (without any assumption on  nor on >lex ) on gpo constraints, until we get ordering constraints on  and >lex . It then instantiates the i of  layer by layer and tries to deduce a related ordering >i , whenever it is possible. A natural method for solving gpo constraints is to decompose them into simpler ones. We rst give the rules describing a decomposition process of gpo constraints. Then, on a small example, we shall see that decomposition is costly for resolution, mainly because of duplications. Let us dene the following sets of ordering constraints:  let ?gpo be the set of gpo constraints dened by:   2 ?gpo , where  is the trivially true gpo constraint,  s > t 2 ?gpo , s  t 2 ?gpo , where s; t 2 T (F; X ), > denotes gpo ordering and  denotes gpo equivalence,  A ^ B 2 ?gpo , where A; B 2 ?gpo .

 let ? be the set of constraints on  and >lex dened by:  > 2 ? , where > is the trivially true constraint on  and >lex ,  (s) >lex (t) 2 ? , (s) 'lex (t) 2 ? , where s; t 2 T (F; X ),  A ^ B 2 ? , where A; B 2 ? .  let ?mix be the set of mixed constraints dened by:  ? 2 ?mix, where ? is the trivially false mixed constraint,  (M jj N ) 2 ?mix where M 2 ?gpo and N 2 ? ,  A _ B 2 ?mix , where A; B 2 ?mix . Our resolution process will be applied on mixed constraints. The solving process deduces constraints on  and >lex from gpo constraints. The starting point of resolution is a mixed constraint representing a sucient condition for termination of the TRS R = (li ! ri ; i = 1; : : :; n), which is: (l1 > r1 ^ l2 > r2 ^ : : : ^ ln > rn jj >) In case of a successful resolution, the process ends on ( jj N ) with N 2 ? . If resolution fails, the process ends on ?.In the following, every constant symbol a is considered as a term a(), where  stands for the empty term, var(s) stands for the set of the variables of the term s. Let s; t; s1 ; : : :; sn ; t1; : : :; tm 2 T (F; X ), x 2 X, C 2 ? , E 2 ?gpo and M 2 ?mix . Symbols ^ and _ are supposed to be associative and commutative. The two rules Decompose > and Decompose  corresponds to the two cases of gpo definition (denition 1):

Decompose > W

si > t

i(

^

with s = f (s1 ; : : : ; sn ) and t = g(t1 ; : : : ; tm )

E jj C )

_

Decompose 

W

s > t ^ E jj CV) E jj C ) _ ( i s > ti

(

si  t

^

i(

E jj C

with s = f (s1; : : : ; sn ) and t = g(t1 ; : : : ; tm ) V

(

i s > ti

^

(s  t ^ E jj C ) t i > si ^ E jj C ^ (s) 'lex (t))

V

Simplication rules 1. s>x  if x 2 var(s) and s 6= x. 2. (s>t ^ E jj C ) if var(s) 6 var(t). 3.

^

? (st ^ E jj C ) if var(s) 6= var(t). ? 4

^

(s) >lex (t))

4. (x>t 5. s s 6. (xt 7.

^ E jj C) ?

^ E jj C) ? (s>s ^ E jj C ) ? t>

if x 6= t.

8. 

9. (s?jj C ) if s 6= .

10. (>t 11.

^ E jj C) ?

>^C C

12.  E^ E _M 13. ? M

Now, we present an example of naive gpo constraints decomposition process on a well-known example: ffx ! fgfx. This rule is terminating but its termination is impossible to prove with any simplication ordering. In the example, we use the following notations:

 every trivially false gpo constraint (like s > s) is quoted with 2 and is discarded in the next

step of the deduction,  every trivially true gpo constraint (like s  s) is replaced by  in the next step,  every mixed constraint is labelled by a letter (x). In the following, constraints arising from the decomposition of the mixed constraint (x) are labelled by new letters and bracketed together with the label (x). Even on this simple example of a TRS with one rule and with only two symbols of arity 1, the solving process is exploding, see page 6. Why is it exploding in such a way? The explosion is due to a lot of duplications of dierent kinds: 1. duplications of terms. For example, at the forth step of resolution, we nd 13 dierent occurences of the term fx, 2. duplications of constraints on gpo. Still at step four, we nd 5 occurences of the constraint: fx > fx, 3. duplications of proofs. At step four, there are 4 occurences of proof : (ffx) >lex (fgx). Note that duplications of gpo constraints cause duplications of computations. For example, at step 3, fx > gfx appears in (e), (f ) and (g). As a result, its decomposition is computed three times to reach step 4. Let us now see how to take advantage of a shared term data structure to avoid duplications. We dene a new ecient gpo constraints solving algorithm, based on a shared term structure called Ordering Constraint Solving Graphs (OCS Graphs for short), inspired from the SOUR graphs dened by C. Lynch and P. Strogova in the context of completion [10]. 5

a ffx > fgfx

1

( )(

a

2

( )

( (b) (fx > fgfx

c fx  fgfx (d) (ffx > gfx ( )(

(

b

3

( )

c

( )



f fx > gfx

( )(

d

( )

f

(

( )

2 (x > gfx 2 (x  gfx 2 (fx > fx



h 2 (fx > fx ( )

5

_

jj jj jj

(ffx) >lex (fgfx)) _ (ffx) >lex (fgfx)) _ (ffx) >lex (fgfx) ^ (ffx) >lex (gfx))

2 (x > gfx 2 (x  gfx 2 (fx > fx

jj jj jj

(fx) 'lex (fgfx)) _ (fx) 'lex (fgfx)) _ (fx) 'lex (fgfx) ^ (fx) >lex (gfx))

_

fgfx > x fgfx > x fgfx > x

jj jj jj

(fx) >lex (fgfx)) _ (fx) >lex (fgfx)) _ (fx) >lex (fgfx) ^ (fx) >lex (gfx))

_

2 (x > gfx 2 (x  gfx 2 (fx > fx

jj jj jj

(ffx) >lex (fgfx)) _ (ffx) >lex (fgfx)) _ (ffx) >lex (fgfx) ^ (fx) >lex (gfx))

_

gfx > fx

jj

(ffx) >lex (fgfx)

^

(fx) 'lex (gfx))

_

jj jj jj

(ffx) >lex (fgfx) (ffx) >lex (fgfx) (ffx) >lex (fgfx) (ffx) >lex (fx))

^ ^ ^

(ffx) >lex (gfx)) _ (ffx) >lex (gfx)) _ (ffx) >lex (gfx) ^



jj

(ffx) >lex (fgfx)

^

(ffx) >lex (gfx))



jj

(ffx) >lex (fgfx) (ffx) >lex (fx))

^

(ffx) >lex (gfx)

^ ^ ^

(

g

i

(fx) 'lex (fgfx))

h fx  gfx (i) (ffx > fx

( )

( )

jj

fgfx > x

( )(

( )

jj >) _ jj >) _ jj (fx) >lex

(fgfx)) _

^

(

jj >) _ jj >) _ jj (ffx) >lex

(fgfx))

( (g) (fx > gfx

e

4

2 (x > fgfx 2 (x  fgfx (e) (fx > gfx

jj >)

^

( 2 (fx > fx

j fx  fx (k ) (ffx > x ( )(

j

( )

k

( )

 

(

(

_ ^

4 Shared term data structure for reaching eciency An OCS graph is a DAG-like representation of terms and rewrite rules sharing variables, constants or whole terms. A formal denition follows, using the notion of proof obligation. Proof obligations (O-proofs for short) are ordering constraints on (,>lex ) obtained by syntactic solving of gpo constraints. The intuition is that O-proofs are relevant properties to prove on  and >lex in order to carry out a termination proof. A O-proof is a Directed Acyclic Graph with a unique top node and a unique bottom node, dened as follows:

Denition7. Let XP be a set of variables called the set of O-proof variables. Let > be the trivial O-proof, s; t 2 T (F; X ), P 2 XP . The set P of O-proofs is inductively dened by:  > 2 P,  (s) >lex (t) 2 P , and (s) 'lex (t) 2 P ,  P 2 P,  A 2 P , if A; B 2 P (we simply write A ), B B 6



> >

A B

2 P , if A; B 2 P (we simply write

).

A B

Denition8. Let P; Q 2 P . P is visible in Q, noted P " Q if (P

=

Q) or [Q =

P " A or P " B )].

A B

and

(

Denition9. A P -substitution  is an application from XP into P , which can be uniquely extended into a homomorphism  : P 7! P . Denition10. An OCS graph is a graph G = (V; E) where V is the set of vertices (or nodes) labelled by symbols of F or variables of X, and E is the set of edges labelled by S, R, > or  for Subterm, Rewrite, inequality and equivalence edges respectively. The S, R, > edges are directed. The >,  edges are also labelled by a O-proof variable. The inequality and equivalence edges represent respectively inequalities and equivalences between terms. Instantiations of variables labelling the edges are O-proofs of the corresponding inequalities and equivalences. In the following, inequality edges and equivalence edges between top nodes of terms s; t are denoted s > t and s  t respectively. Inequality and equivalence edges will be called ordering edges. Example 1. The OCS representation of the rewrite rule f (g(a); x) ! g(f (x; b)) is :

f

R

S

g

a

g

f S

S

x

S

S S

b

We now dene a set of inference rules describing a solving process for gpo constraints. We rst dene the structure on which rules are applied. This structure is composed by an OCS graph representing a rewrite rule and a P -substitution whose application to an inequality (resp: equivalence) edge label of the graph gives an O-proof of the corresponding inequality (resp: equivalence). Denition11. Let P = > or P 2 XP . The Structure for Ordering Constraint Solving (SOCS for short) of a rule l ! r is a pair (G || ) where G is an OCS graph representing the rule, and  a P -substitution. In following gures, plain arrows will denote subterm edges, plain arrows labelled by R will denote rewriting edges and dashed lines will denote inequality and equivalence edges. Example 2. Here is a possible SOCS for the rule g(f (x)) ! g(x):

g

P0 R

f P

g

P 7! (f (x)) >lex (g(x)) P 0 7! P

x

In this SOCS, the inequality edge between nodes f and g means that we have at least one possible O-proof P for f (x) > g(x). On the right hand side of the SOCS, we nd the related P -substitution mapping the variable P to the related O-proof. The mapping P 0 7! P means that the O-proof P is also a proof obligation for edge g(f (x)) > g(x). 7

For solving gpo constraints on a set of rules, we start from a set of initial SOCS, one for each rule. Initial SOCSs are SOCSs whose OCS graphs have no ordering edge and whose P -substitutions are empty. Deductions are achieved by the set of rule we present now. They transform a SOCS by adding ordering edges to the OCS graph and by constructing the corresponding P -substitution, whose application will provide the corresponding O-proofs. Solving is processed independently for each SOCS corresponding to each rewrite rule, and ends when no deduction rule applies any longer. Let us note by C the set of deduction rules, by `C the deduction relation on SOCS induced by C , and by `C the transitive closure of `C . Let us call C -deduction process the deduction process dened by C . A SOCS is said in C -normal form when no deduction rule applies to it. See rules in gure 1. In deduction rules, si >Pi t means that there exists either an edge si >Pi t or an edge si Pi t. Remark that if a rule matches two terms whose top symbols are f; g 2 F, we may have f = g but the nodes labelled by f and g have to be distinct. Each time we generate a new ordering edge, it is supposed to be labelled by a new O-proof variable. 1. SUBTERM Property: this rule expresses that if there is no O-proof (since there is no ordering edge) of f (: : :; u; : : :) >gpo u, we can generate a new orientation edge labelled by >, where > stands for the trivial O-proof. 2. SUBTERM First: this is another case of the subterm property of gpo: if there is a non trivial O-proof named Pi of si gpo t and if there is no O-proof of s >gpo t, then we can generate a new orientation edge labelled by P, where  is enriched by P 7! Pi . Note that Pi has to be dierent from the trivial O-proof. 3. SUBTERM Extension: if we have a non trivial O-proof P of s >gpo t, if fP 7! g appears in the P -substitution and if Pi is an O-proof of of si gpo t that is not visible in , then we can replace  by the disjunction between  (the old O-proof) and Pi , provided that neither Pi nor P are trivial O-proofs. 4. SUBTERM Trivial: this is the trivial case of subterm property, when there is a trivial O-proof of si >gpo t. If there is no O-proof of s >gpo t then we can deduce a trivial O-proof of s >gpo t. 5. SUBTERM Simplication: if there is a trivial O-proof of si >gpo t, then, whatever preexistent non trivial O-proof P of s >gpo t, we have a trivial O-proof of s >gpo t and we can replace P by the trivial O-proof >. 6. THETA >: if there are O-proofs P1; : : :; Pm of s >gpo t1 ; : : :; tm , if there is no O-proof of s >gpo t then we can generate one proof P where P denotes the conjunction of O-proofs P1; : : :; Pm and of (s) >lex (t). 7. THETA > Extension: it is the same rule that THETA >, assuming that there is already an O-proof of s >gpo t denoted by P where fP 7! g appears in the P -substitution.  is replaced by a disjunction between  (the old O-proof) and the new O-proof constructed in the same way that in the previous rule. 8. THETA : represents the deductions related to gpo equivalence. There is no rule for the case of a pre-existent P because unlike for s >gpo t, there is only one way for proving s 'gpo t. Note that every constant symbol a is considered as a term with a top symbol a and empty subterms. Every non-variable term is trivially greater than the empty term. With deduction rule THETA >, we can deduce an O-proof of a > b that is (a) >lex (b). Note also that no special strategy is required when rules are applied: neither for the choice of the pair of nodes, nor for the choice of the rule to apply. As a result, the process can be parallelised as it is. Thanks to the O-proof structure, application of rules can even be concurrent on a SOCS: n processes i can apply deduction rules concurrently on pairs of nodes of a common SOCS, provided that no processes consider identical pairs of nodes simultaneously. Let ; be two distinct nodes of a OCS graph. If i applies a rule on the pair of nodes ; , (noted i(; )) then there must be no other process considering the pair ; at the same time: for any i; j in f1; : : :; ng i 6= j and for any nodes ; : i(; ) =) (:j (; ) ^ :j ( ; )): 8

1. SUBTERM Property

P; P1; : : :Pm 2 XP , P10 ; : : :; Pn0 2 XP , f  2 P -substitution f; g 2 F u u 2 T (F; X ) s; s1 ; : : :; sn 2 T (F; X ) f t; t1; : : :; tm 2 T (F; X ) >

2. SUBTERM First



9i ...

9i

s = f (s1 ; : : :; sn ), and t = g(t1 ; : : :; tm ). P

9i

...

g

...

Pi

...



S

fP 7! g

PreCond:

P

f

9i ...

...

tm

g Pi

s1 si sn

...

t1

...

P



S

fP 7!

 Pi

...

g

9i

s1 si sn ...

...

>

f

9i

> t1

> t1

...

...

...

s1

s1

P

S

fP 7! g

sn f P

...

...

sn

P1

P1

...



P 6= >

S

fP 7! T g

...

s1

...

fP 7! Pig

tm

...

 tm 

g

> t1

...

tm

...

P1

g

Pm t1

P P1

tm 

g

Pm sn

...



t1

...

S

fP 7! P1 g ...

Pm (s) >lex (t)

tm

8. THETA 



S

fP 7! g

f

P 6= > P1 6 " 

PreCond: ,

Pm (s) >lex (t)

tm 

S

fP 7!

 P1

tm

s1

g

...

t1

sn

f

tm

g

Pm

>

...

...

t1

t1

f

PreCond:

s1

tm

g

Pm

...

S

6. THETA >

7. THETA > Extension

f

...

s1 si sn



g

s1 si sn ...

...



g

>

f

9i

tm

g

t1

s1 si sn

5. SUBTERM Simplication

f

tm

g

...

f

9i

Pi 6= > P 6= > Pi 6 "  ,

t1

...

PreCond:

Pi 6= >

4. SUBTERM Trivial ,

s1 si sn

P Pi

s1 si sn

3. SUBTERM Extension

f

t1

...

f



g

Pi

s1 si sn



u

with

f

Pm (s) >lex (t)

Figure 1:

s1

P10

P1 t 1

sn Pn0

P1 t1

...



Pm

sn Pn0 f P P10

...

The composition rules

9

g ...

tm 

g

Pm ...

tm

S

fP 7! P1 g ...

Pm P10 ...

Pn0

(s) 'lex (t)

In case of a sequential implementation, although no strategy is needed, adapted strategies lead to a faster algorithm. For example, we rst could try to saturate the graph with trivial O-proofs thanks to rules SUBTERM Property and SUBTERM Trivial before applying other rules. Theorem 12. (Complexity) Let l ! r be a rewrite rule, (G || ) the initial SOCS of l ! r, N the number of nodes of G, and M the non-zero maximal arity of function symbols of the rule. The complexity in time and space of the C -deduction process starting from (G || ) is polynomial in N and M in the worst case (see appendix A.4). As explained above, each rule of a rewrite system is treated independently. For constraint solving on the whole set of rules, we have to gather the results relative to rules. Denition13. Let R be a rewrite system (li ! ri; i = 1 : : :n) whose SOCSs (Gi jj i ), representing the rules li ! ri are in C -normal form. Let Pi be the label of the edge li > ri in Gi for any i = 1 : : :n. The global O-proof s of R is the O-proof: P11

j

:::

j

Pnn Note that if there is a rule li ! ri such that there is no edge li >Pi ri in Gi , then there is no possible termination proof with gpo for the whole TRS R. Denition 13 shows that O-proofs oer a nice method for dealing with the problem of incrementally adding rules in TRS. This feature can be very useful for completion procedures. Note also that, in a SOCS, we generate inequality edges and equivalence edges for the two possible orientations of the rewrite rules (left to right and right to left). The nal orientation of the TRS is dened while constructing the global O-proof. As a result, we can try dierent orientations for the TRS by choosing dierent inequality edges and O-proofs in the SOCS while constructing the global O-proof.

An example of deduction In order to compare the last method with the decomposition method presented in Section 3, we start from the same example of TRS R: ffx ! fgfx. Let ; stand for the empty P substitution. We start the initial SOCS corresponding to the rule of R, as dened in section 4: f R S

;

g

f

S

S

f S

x

Now let's explain some of the steps of the resolution process. For a better readability, we chose to represent only signicant ordering edges and we label them by a number or a letter. 1. When starting, since there is no ordering edges, the only rule that can be applied is SUBTERM Property. Thanks to multiple application of rule SUBTERM Property, some 10

trivial inequality edges for direct subterms can be obtained (labelled by a on the gure). Then if we apply the rule SUBTERM Trivial on every pair of nodes, we generate other trivial inequality edges representing the transitive closure of the subterm property (edges labelled by b ). f

a

R

>

b

f

a > >

S

f

b

g

a

>

S

;

>

b

S

a

>

S

b

>

>

x

2. Since gfx has a unique subterm fx and since we have an inequality edge 1 between ffx and fx, we can apply the rule THETA >, and raise the edge 2 . Note that since the O-proof of ffx > fx is >, the substitution of P1 can be simplied in (ffx) >lex (gfx). f R

P1

f

1 >

S

P1 7! (ffx) >lex (gfx)

S

f x

g

2

S

S

3. Symmetrically, thanks to edge 1 , we can also generate the edge gfx >P2 ffx by an application of the rule THETA > on terms gfx and ffx. f

P1 7! (ffx) >lex (gfx) P2 7! (gfx) >lex (ffx)

R S

P2

f

2

S

S

f S

x 11

g

>

1

4. Thanks to edge 1 we can apply the rule SUBTERM First on fgfx and ffx and raise the edge 2 .

2

P3

f R S

P2

f

S

1

S

f x

g

P1 7! (ffx) >lex (gfx) P2 7! (gfx) >lex (ffx) P3 7! P2

S

5. Since fgfx has a unique subterm gfx and since we have an inequality edge 1 between ffx and gfx, we can raise the edge 2 with the rule THETA >.

2

f

P4

P1 7! (ffx) >lex (gfx) P2 7! (gfx) >lex (ffx) P3 7! P2 P4 7! P1 (ffx) >lex (fgfx)

R

P1

f

S

g

1

S

f x

S

S

6. The equality edge 3 is deduced thanks to edges 1 , 2 and thanks to the application of the rule THETA . f R

f

2

>

3

P5 S

S

g

>

1

S

f S

x 12

P1 7! (ffx) >lex (gfx) P2 7! (gfx) >lex (ffx) P3 7! P2 P4 7! P1 (ffx) >lex (fgfx) P5 7! (ffx) 'lex (gfx)

7. Deduction process has raised edge 2 at step 4 of deduction. However O-proof P5 on edge

1 is another O-proof of edge 2 . Thanks to rule SUBTERM Extension, we can replace P3 by the disjunction between existent O-proof and P5.

2

P3

f

P1 7! (ffx) >lex (gfx) P2 7! (gfx) >lex (ffx) P3 7! P2 P5

R S

f

1

P5 S

g

P4 7! P1 (ffx) >lex (fgfx) P5 7! (ffx) 'lex (gfx)

S

f S

x

8. The whole nal SOCS with every deducible edges and O-proof (trivial edges are discarded for a better readability) is: P4 P3

P1 7! (ffx) >lex (gfx) P2 7! (gfx) >lex (ffx) P3 7!

f

P6 R

P1

f

P2

S

g

P5

P4 7! P1 (ffx) >lex (fgfx) P5 7! (ffx) 'lex (gfx) P6 7! P1 (ffx) 'lex (fgfx)

P2 S

S

f x

P5 (fgfx) >lex (ffx)

S

In the following, we will note  the P -substitution of the nal SOCS. Since after deduction, we obtain, ffx >P4 fgfx, the global O-proof for the TRS is P4. Applying  to P4, we obtain: (ffx) >lex (gfx)

j

(ffx) >lex (fgfx):

5 Satisability of O-proofs by partial instantiation of termination functions At this stage of the solving process, we have obtained a set of saturated SOCS (one for each rewrite rule), with non instantiated O-proofs in the P -substitution part: no assumption is made on  nor on >lex . The next step of our solving process will consist in proving the satisability of O-proof by nding particular values (T0;k ; lex ) of (; >lex ) in order to satisfy the initial constraints. In the following, T0;k is the combination of termination functions 0 ; : : :; k , and 0 ; : : :; k are the related quasi-orderings. lex is the lexicographic combination of 0 ; : : :; k and lex is the lexicographic combination of 0 ; : : :; k . 13

Denition14. Let  be the pair (T0;k, lex ). Let P; A; B 2 P and s; t 2 T (F; X ). We say that  satises P, denoted  j= P i:  P = >, where > is the trivial O-proof, or  P= and ( j= A or  j= B), or

A B  P= A and ( j= A and  j= B), or B  P = (s) >lex (t) and T ;k (s) lex T ;k (t), or  P = (s) 'lex (t) and T ;k (s) lex T ;k (t). 0

0

0

0

Before giving more details about satisability of O-proofs, we give three theorems: correction, completeness and termination of C . Denition15. Given a SOCS (G || ), s; t 2 T (F; X ), an edge s >P t of G (resp. s P t) is correct w.r.t. gpo if for any  = (T0;k; lex ) such that  j= P, we have s >gpo t (resp. s 'gpo t).

Denition16. A SOCS (G || ) is correct w.r.t. gpo if any ordering edge of G is correct w.r.t. gpo.

Theorem 17. (Correctness) For any initial SOCS S, if S `C S 0 then S 0 is correct w.r.t. gpo. Proof. We rst show that if S is correct w.r.t. gpo and S `C S 0 then S 0 is correct w.r.t. gpo. This can be shown by case on the deduction rule of C applied. For each deduction rule, we prove

that if an ordering edge is added then it is correct and existing edges remain correct. Then, since any initial SOCS is correct, the theorem holds. See appendix A.1 for details. Theorem 18. (Completeness) Let (G || ) be a SOCS in C-normal form. For any subgraphs s; t 2 T (F; X ) of G, and for any  = (T0;k ; lex ): s >gpo t =) (s >P tjj) and  j= P

s 'gpo t =) (s P tjj) and  j= P: Proof. We rst show that s >gpo t implies the existence of an edge s >P t and then we prove that s >gpo t and s >P t implies that  j= P. See appendix A.2 for details.

Theorem 19. (Termination) The C-deduction process starting on an initial SOCS is terminating.

Proof. The proof consists in showing that the number of possible deduction for a pair of vertices

in the OCS graph is nite. Since the number of choices for distinct pairs is nite, deduction is nite. See appendix A.3 for details.

6 Testing satisability of O-proofs in practice Let us show how to proceed in practice for verifying the satisability of an O-proof, using the partial instantiation process we now dene. Denition20. A i;j O-proof is an O-proof whose every non instantiated node is either of the form i;j (s) >lex i;j (t) or of the form i;j (s) 'lex i;j (t) where s; t are terms of T (F; X ). Denition21. Let P be a i;j O-proof. A left (resp. right) partial instantiation of P is obtained by instantiating every i (resp. j ) in P by a particular termination function i and by delaying the instantiation of i+1;j (resp. i;j ?1). We now give a representation of left Partial Instantiation (LPI for short) and Right Partial Instantiation (RPI) in the O-proofs. For the two kinds of partial instantiation, one can replace each non instantiated node by an O-proof: 14

 each node i;j (s) >lex i;j (t) can be replaced by: i (s) i i (t) i (s) i i (t) i+1;j (s) >lex i+1;j (t)

i;j?1 (s) >lex i;j?1 (t) j (s) j j (t) i;j?1 (s) 'lex i;j?1 (t)

(LPI)

(RPI)

 each node i;j (s) 'lex i;j (t) can be replaced by: i(s) i i (t) (LPI) i+1;j (s) 'lex i+1;j (t)

j (s) j j (t) i;j?1 (s) 'lex i;j?1 (t)

(RPI) We now dene how to nd a solution to our constraint problem in an instantiated O-proof. Informally, an O-proof contains a solution if it contains at least a path from top to bottom, whose nodes are instantiated and compatible. The instantiated nodes in an O-proof are of the form i (s) i i (t) or i (s) i i (t), where i are termination functions and i are associated orderings. Note also that by denition of gpo, when the termination function i is an extraction function, the related quasi-ordering i is gpo itself. For instance, let 1 be a function extracting the rst subterm of a term, 1 (s) 1 1(t) and 1(s) 1 1 (t) can be replaced respectively by s1 >gpo t1 and s1 'gpo t1. However, those constraints have already been solved in the SOCS (since s1 and t1 are subterms of s and t). If those constraints have a corresponding ordering edge and an O-proof in the SOCS, then we replace their occurrence in the global O-proof by their related O-proof. If there is no edge, then the constraint is unsatisable.

Denition22. A set of inequalities and equalities f (si )   (ti ); (si )   (ti )j = 1 : : :n; i = 1 : : :mg is compatible i 8, there exists a quasi-ordering  such that 8i, (si )   (ti ) =)  (si )   (ti ) and  (si )  (ti ) =)  (si )   (ti ) (where  stands for  [ ). Denition23. A satisable path of an O-proof is a path from top node to bottom node of the O-proof and whose nodes are instantiated and compatible. In Section 4, resolution ended on a saturated SOCS. We showed that the global O-proof was: (ffx) >lex (gfx)

j

(ffx) >lex (fgfx) Recall that  is a simplied notation for 0;k. Let us now apply a left partial instantiation on 0;k . Let (0 ; 0) be a precedence. As a result, we can transform the global O-proof into:

f >F g

f 'F g 1;n(ffx) >lex 1;n(gfx)

f >F f

f 'F f 1;n(ffx) >lex 1;n(fgfx)

We can simplify this O-proof by discarding trivially unsatisable branches and simplifying trivially true nodes. We discard the branch containing trivially false node f >F f, and we discard the trivial true node f 'F f. We obtain the O-proof: 15

f >F g

f 'F g 1;n(ffx) >lex 1;n(gfx)

1;n(ffx) >lex 1;n(fgfx) In order to nd a satisable path in this O-proof, we look for a path from top to bottom through instantiated nodes. One can see that there is no totally instantiated path. We then have to achieve another step of partial instantiation in order to generate another path in the O-proof. Let us apply another left partial instantiation on 1;k. We choose 1 to be an extended precedence. A precedence is an order on top symbols of terms, whereas an extended precedence is an order on top symbols of terms labelled by the top symbols of direct subterms. For instance: 1 (h(k(x; a); b)) = hk;b. In appendix B, we give formal denitions of extended precedence and related proofs in appendix B.3. Since extended precedence is not an homomorphism but just a function, we also give a light extension of gpo to functional components in appendix B.2. This kind of labelling is based on Gnaedig's typing [5] and is also a particular case of Zantema's semantic labelling [15]. Thus, the next step of partial instantiation leads to the tree:

f >F g

f 'F g ff 'F gf ff > F gf 2;n(ffx) >lex 2;n(gfx)

ff >F fg ff 'F fg 2;n(ffx) >lex 2;n(fgfx)

The dotted line path on the above gure is satisable since it is fully instantiated and since the set of inequalities ff >F g; ff >F fg g carried by the path is compatible. As a result, we found a termination proof for the system ffx ! fgfx, that is a gpo where (0 ; 0) is the precedence f >F g and (1 ; 1) is the extended precedence ff >F fg .

7 Implementation We developed a prototype achieving automatic termination proofs. This prototype generates

O-proofs from the TRS, using the C -deduction process on SOCS, described in section 4. Then, it tests satisability of O-proofs with a LPO-like ordering, by looking for the rst satisable path in the global O-proof DAG corresponding to a valid precedence. The output of the prototype is

a precedence proving the termination of the TRS with LPO ordering. This prototype has been developed in ECLiPSe (ECRC Common Logic Programming System). Let us now give some traces of automatic termination proofs obtained by its execution. 16

Example 1: var. x,y,z. append(nil, x) -> x. append(cons(x, y), z) -> cons(x, append(y, z)). rev(nil) -> nil. rev(cons(x, y)) -> append(rev(y), cons(x, nil)).

Solving is successful precedence: [prec(append, >, cons), prec(rev, >, nil), prec(rev, >, cons), prec(rev, >, append)] Termination proof done in 0.666667 seconds, cpu time

Example 2: var. x,y. plus(zero, x) -> x. plus(s(x), y) -> s(plus(x, y)). fib(zero) -> zero. fib(s(zero)) -> s(zero). fib(s(s(x))) -> plus(fib(x), fib(s(x))).  Comments: 4 function symbols

Solving is successful precedence: [prec(fib, >, s), prec(plus, >, s), prec(fib, >, plus)] Termination proof done in 1.8 seconds, cpu time

Example 3 (example 2.22 of [14]: factorial function). var. x,y. fac(0) -> 1. fac(s(x)) -> mult(s(x), fac(x)). floop(0,y) -> y. floop(s(x), y) -> floop(x, mult(s(x), y)). mult(x, 0) -> 0. mult(x, s(y)) -> plus(mult(x,y), x). plus(x,0) -> x. plus(x, s(y)) -> s(plus(x, y)). 1 -> s(0). Comments: 7 function symbols

17

Solving is successful precedence: [prec(fac, >, 0), prec(fac, >, 1), prec(fac, >, plus), prec(fac, >, s), prec(fac, >, mult), prec(floop, >, plus), prec(floop, >, s), prec(floop, >, mult), prec(mult, >, s), prec(mult, >, plus), prec(plus, >, s), prec(1, >, 0), prec(1, >, s)] Termination proof done in 1.56667 seconds, cpu time

Example 4 (example 3.7 of [14]): var. x, y, z. (x + y) + z -> x + (y +z). 0 + 0 -> 0. x + (-x) -> 0. f(0, y, z) -> y. g(x + y, y) -> f(x + y, x, y). -(0) -> 0. -(-(x)) -> x. -(x + y) -> -(y) + -(x). x + 0 -> x. 0 + y -> y. -(x) + x -> 0. -(x) + (x + y) -> y. x +(-(x) + y) -> y. g(x, y) -> f(x, x + -(y), y).  Comments: 5 function symbols

Solving is successful precedence: [prec(-, >, 0), prec(-, >, +), prec(g, >, 0), prec(+, >, 0), prec(g, >, -), prec(g, >, +), prec(g, >, f)] Termination proof done in 1.45 seconds, cpu time

Example 5 (symbolic dierentiation given in [4]): var. alpha, beta. dx(x) -> one. dx(a) -> zero. dx(plus(alpha, beta)) -> plus(dx(alpha), dx(beta)). dx(times(alpha, beta)) -> plus(times(beta, dx(alpha)), times(alpha, dx(beta))). dx(minus(alpha, beta)) -> minus(dx(alpha), dx(beta)). dx(neg(alpha)) -> neg(dx(alpha)). dx(div(alpha, beta)) -> minus(div(dx(alpha), beta), times(alpha, div(dx(beta), exp(beta,two)))). dx(ln(alpha)) -> div(dx(alpha), alpha).

18

dx(exp(alpha, beta)) -> plus(times(beta, times(exp(alpha, minus(beta, one)), dx(alpha))), times(exp(alpha, beta), times(ln(alpha), dx(beta)))). Comments: 13 function symbols.

Solving is successful precedence: [prec(dx, >, x), prec(one, =, x), prec(x, =, one), prec(zero, =, a), prec(a, =, zero), prec(dx, >, neg), prec(dx, >, two), prec(dx, >, div), prec(dx, >, ln), prec(dx, >, one), prec(dx, >, minus), prec(dx, >, exp), prec(dx, >, times), prec(dx, >, plus)] Termination proof done in 36.4667 seconds, cpu time

8 Conclusion and perspectives In this paper, we proposed a termination proof algorithm for rewrite rule systems using gpo constraint solving on OCS graphs. An OCS graph is a shared term data structure, dened to represent rewrite rules. Its nodes are operators, and its edges represent the rewrite relation, the subterm relation, or the gpo ordering relation between terms. The last kind of edge is labelled by a variable of validation proof of the ordering relation, called proof obligation (O-proof). A set of correct, complete, and terminating inference rules working in polynomial time was then given to construct O-proofs starting from OCS. These rules work by instantiating O-proof variables while adding ordering edges to the OCS graph of the rewrite rules, till obtaining a normal form. A method was then proposed to test satisability of O-proofs, by instantiating termination functions and by nding a path whose nodes are compatible. For some of these termination functions, compatibility can automatically be veried. For precedence, for instance, it is enough to prove that the relation described by constraints between symbols is a partial ordering on the set of symbols. It could also be possible to use automatic semantic termination functions: methods for nding interpretations could be integrated. See [4] for a nice example of what can be done with polynomial interpretations. In addition, for instances of gpo where compatibility of termination functions can automatically be veried, the whole termination proof can be achieved in a fully automatic way. For other cases, the process focusses user's eort to the key parts of the proof by automatically proving simple properties and extracting dicult ones. Next prospects are the improvement of O-proofs satisability testing. Automatic solvers could certainly be integrated for many more syntactic and semantic termination functions.

Acknowledgements We would like to thank Hélène Kirchner, Claude Kirchner and Christopher Lynch for comments and discussions on this paper.

References 1. H. Comon. Solving inequations in term algebras. In Proceedings 5th IEEE Symposium on Logic in Computer Science, Philadelphia (Pa., USA), pages 6269, June 1990. 2. N. Dershowitz and C. Hoot. Natural termination. Theoretical Computer Science, 142(2):179207, May 1995. 3. N. Dershowitz and J.-P. Jouannaud. Rewrite Systems. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, chapter 6, pages 244320. Elsevier Science Publishers B. V. (NorthHolland), 1990. 19

4. J. Giesl. Generating polynomial orderings for termination proofs. In Jieh Hsiang, editor, Proceedings 6th Conference on Rewriting Techniques and Applications, Kaiserslautern (Germany), volume 914 of Lecture Notes in Computer Science. Springer-Verlag, 1995. 5. I. Gnaedig. Typing for termination. Technical Report 94-R-219, CRIN, 1994. 6. P. Johann and Rolf Socher-Ambrosius. Solving simplication ordering constraints. In J.-P. Jouannaud, editor, Proceedings of the 1st International Conference on Constraints in Computational Logics, Munich (Germany), volume 845 of Lecture Notes in Computer Science, pages 352367. Springer-Verlag, 1994. 7. S. Kamin and J.-J. Lévy. Attempts for generalizing the recursive path ordering. Unpublished manuscript, 1980. 8. D. S. Lankford. On proving term rewriting systems are noetherian. Technical report, Louisiana Tech. University, Mathematics Dept., Ruston LA, 1979. 9. P. Lescanne. On the recursive decomposition ordering with lexicographical status and other related orderings. Journal of Automated Reasoning, 6:3949, 1990. 10. Christopher Lynch and Polina Strogova. Sour graphs for ecient completion. Technical Report 95-R-343, crin, 1995. 11. R. Nieuwenhuis. Simple lpo constraint solving methods. Information Processing Letters, 47(2), 1993. 12. R. Nieuwenhuis and A. Rubio. Theorem proving with ordering constrained clauses. In D. Kapur, editor, Proceedings 11th International Conference on Automated Deduction, Saratoga Springs (N.Y., USA), volume 607 of Lecture Notes in Computer Science, pages 477491. Springer-Verlag, 1992. 13. D. Plaisted. Polynomial time termination and constraint satisfaction tests. In C. Kirchner, editor, Proceedings 5th Conference on Rewriting Techniques and Applications, Montreal (Canada), volume 690 of Lecture Notes in Computer Science, pages 405420, Montreal (Québec, Canada), June 1993. Springer-Verlag. 14. J. Steinbach and U. Kühler. Check your ordering  termination proofs and open problems. Technical report, Universität Kaiserslautern, 1993. 15. H. Zantema. Termination of term rewriting by semantic labelling. Technical Report RUU-CS-9238, Utrecht University, December 1992. Extended and revised version appeared as RUU-CS-93-24, July 1993, accepted for special issue on term rewriting of Fundamenta Informaticae.

20

A Proofs A.1 Correctness of deduction rules

Let us give three lemmas necessary for the proof of correctness. Lemma 24. Given P; Q 2 P ,  = (T0;k ; lex ), P " Q and  j= P =)  j= Q Proof. We make a proof by induction on the size of Q. By denition of P " Q, either  Q = P then since  j= P, we have  j= Q, or  Q is a disjunctive graph between graphs A and B and we have P " A or P " B. By induction, we obtain  j= A or  j= B, hence by denition of j=, we get  j= Q. Lemma 25. Given P; Q 2 P and  a P -substitution, P " Q =) P " Q Proof. We make a proof by induction on the size of Q. By denition of P " Q, either  Q = P then Q = P, hence P " Q, or  Q is a disjunctive graph between graphs A and B and we have P " A or P " B. By induction, we obtain that P " A or P " B. Hence by denition of " , P " Q. In the following, s P t will denote any ordering edge: s >P t, s

u to G. Since every edge of G is already correct, all we need to prove is that this new added edge is correct. Since gpo has the subterm property, we have 8 f (: : : ; u; : : :) >gpo u. SUBTERM First Like in the case of SUBTERM Property, G0 diers from G only S because of a new inequality edge. The extension of the P -substitution  into 0 =  fP 7! Pi g does not concern preexistent edges of G since P is always a new variable. As a result, we only need to prove that the new edge is correct. We already know that 9i such that  j= Pi  we si Pi t in G. Since S is correct, this edge is correct, thus we obtain that 8S have si gpo t. The new edge is labelled by P. The new P -substitutionis 0 =  fP 7! Pig, hence P0 = Pi0. Since P is a new variable, Pi0 = Pi . Then P0 = Pi and 8 j= P0 we have  j= Pi. Consequently, 8 j= P0, we have si gpo t, and by denition of gpo si gpo t implies s >gpo t. >

21

SUBTERM Extension The only transformation is done on the substitution of P. We rst Q P prove that any Sedge below s >P t remains S correct.0 Let u > v be an edge below s >0 t, 0 and let  =  fP 7! g and  =  fP 7!  g. By lemma 27, we obtain that Q = Q = Q, hence 8 such that  j= Q0 and  j= Q, hence u >gpoSv. Now we want to prove that the edge s >P t is correct. Let  =  fP 7! g and 0 be the P -substitution obtained after the application of the rule: P0 is a disjunctive graph between 0 and Pi 0 . By denition of j=,  j= P0 if  j= 0 or  j= Pi0 . Thanks to lemma 27, we get that 0 =  and Pi 0 = Pi, hence  j= P0 if  j=  or  j= Pi. By case on  j=  or  j= Pi:  By induction hypothesis, the SOCS is correct, hence 8 such that  j=  we have s >gpo t. By lemma 27, we get that  =  hence 8 such that  j=  we have s >gpo t.

 Similarly, by hypothesis on the SOCS and by lemma 27, we get that 8 such that  j= Pi  we have si gpo t that induces s >gpo t. Since Pi = Pi  we have : 8 such that  j= Pi s >gpo t.

We still have to prove that edges above s >P t remain correct in spite of the transformation of  in 0 . In edges above, we may encounter ordering edges whose O-proofs are including P. Now we are mapping P to a dierent O-proof by P -substitution 0 . However, those edges were generated with the only assumption that edge s >P t was correct. This edge is still correct. Thus, correctness of s >P t implies correctness of edges above.

SUBTERM Trivial This proof is exactly the same as the proof for SUBTERM First, except that O-proof are the trivial ones. SUBTERM Simplication There are two transformations: P is replaced by the trivial Oproof > and in the P -substitution P is mapped to >. Like in the proof for SUBTERM Extension, every edge below s > t remains correct in S 0, thanks to lemma 27. The proof that edge s > t is correct is akin to the proof SUBTERM First, provided that O-proof are trivial ones. The case of edges above s > t can be treated as for SUBTERM Extension: i.e. edges above are correct provided that s > t remains correct. THETA > P is a new variable, thus edges above and beyond s >P t remain correct. We >

>

>

>

are only concerned with the correctness of the new edge itself. Since we already have edges s >P1 t1 ; : : :; s >Pm tm , by induction hypothesis, those edges are correct. We get that:  81 such that 1 j= P1 we have s >gpo1 t1,  ...  8m such that m j= Pm we have s >gpom tm . As a result 8 such that  j= P1 and . . . and  j= Pm , we have s >gpo t1 ; : : :; tm . Moreover, if  j= (s) > (t) then  j= P and by denition of gpo, we can conclude. THETA > Extension The proof for the extension case is akin to the THETA > case and edges above are treated like in the SUBTERM Extension case. THETA  The proof is similar to the THETA > case. Thus, if S is a correct SOCS and S `C S 0 we have S 0 correct, hence by induction if S `C S 00 then S 00 is correct. Moreover, an initial SOCS (with an empty P -substitution and without any ordering edge in its OCS Graph) is always correct w.r.t. gpo. As a result, any SOCS generated by deduction rules starting from an initial SOCS is also correct w.r.t. gpo.

A.2 Completeness

Let (G || ) be a SOCS in C -normal form. For any subgraphs s; t 2 T (F; X ) of G, and for any  = (T0;k ; lex ): s >gpo t =) (s >P tjj) and  j= P s 'gpo t =) (s P tjj) and  j= P We rst prove that if s >gpo t (resp. s 'gpo t) then there must be an edge s >P t (resp. s P t). Assuming that s >gpo t (resp. s 'gpo t) and that the process had stopped without 22

creating any edge s >P t (resp. s P t) leads to a contradiction. We prove it by induction on the size of terms on both sides of the inequality (or the equality). Let us assume that s = f (s1 ; : : :; sn ) >gpo g(t1 ; : : :; tm ) = t and that there is no edge s >P t. Since s >gpo t, by denition of gpo, either:  91  i  n such that si gpo t. Applying induction, we obtain that there is an edge si Pi t. Since there is still no edge between s and t, deduction rule SUBTERM First or SUBTERM Trivial can be applied. This is a contradiction with the assumption that the SOCS S was in C -normal form.  s >gpo t1 ; : : :; tm and (s) >lex (t). Applying induction on the m inequalities, we obtain that there are m edges s >Pi ti . Since there is still no edge between s and t, deduction rule THETA > can be applied, which contradicts the assumption that the SOCS S was in C -normal form. Let us assume that s = f (s1 ; : : :; sn) 'gpo g(t1 ; : : :; tm ) = t and that there is no edge s P t. Since s 'gpo t, by denition of gpo: s >gpo t1; : : :; tm , t >gpo s1 ; : : :; sm and (s)  (t). By induction, we obtain that there are edges s >Pi ti (i = 1 : : :m) and t >Pj sj (j = 1 : : :n). Then rule THETA  can be applied. This is a contradiction with the assumption that S was in C -normal form. Now, we will prove that for all  such that s >gpo t (resp. s 'gpo t), if the SOCS S = (G jj ) is in C -normal form with an edge s >P t (resp. s P t) in G then  j= P. If P = >, then by denition of j=, we get that  j= P. For the case where P 6= >, we proceed by induction on the size of terms on both sides of the inequality (or the equality). Let us assume that s = f (s1 ; : : :; sn) >gpo g(t1 ; : : :; tm ) = t. By denition of gpo, wether: 0

1. 91  i  n such that si gpo t. Thanks to the rst part of the proof, we know that there are edges si Pi t and s >P t. If Pi = > then since P 6= > we can apply rule SUBTERM Simplication, that contradicts the fact that S is in C-normal form. Hence, Pi 6= >. Applying induction on si gpo t, we obtain that  j= Pi. Provided that fP 7! g 2 , if Pi 6 "  then we could apply SUBTERM Extension that contradict the fact that S is in C -normal form. Thus Pi " , and by lemma 25, Pi  " . By lemma 24, we get  j= . Since fP 7! g 2 , P = , we nally get that  j= P. 2. s >gpo t1 ; : : :; tm and (s) >lex (t). Thanks to rst part of the proof, we know that there are edges s >P1 t1 , . . . , s >Pm tm and s >P t. Applying induction on the m inequalities, we obtain that  j= P1; : : :; Pm . By denition of j=,  j= (s) >lex (t). Like in the case (1), provided that fP 7! g 2  and assuming that the O-proof containing P1; : : :; Pm and (s) >lex (t) is not visible in  leads to a contradiction, since we can apply rule THETA > Extension. Thus the O-proof containing P1; : : :; Pm and (s) >lex (t) is visible in . Finally, like in case 1 and thanks to lemma 25 and lemma 24, we obtain  j= P. For the case s = f (s1 ; : : :; sn) 'gpo g(t1 ; : : :; tm ) = t, proof is simpler. s 'gpo t implies that s >gpo t1; : : :; tm and t >gpo s1 ; : : :; sn and (s) 'lex (t). Like in previous cases, there are edges s >P1 t1 , . . . , s >Pm tm and t >P1 s1 , . . . , t >Pn sn and s >P t. Applying induction on the m + n inequalities, we obtain that  j= P1; : : :; Pm and  j= P10 ; : : :; Pn0 . By denition of j=,  j= (s) 'lex (t). Hence  j= P. 0

0

A.3 Termination Considering nite terms (with nite arity symbols), the OCS Graph of any SOCS has only a nite number of vertices. We are going to prove that for any distinct pair of vertices, the number of possible deductions is nite. Then, since the number of distinct pairs of vertices is also nite, we will conclude that the number of deductions on the whole graph is nite. By case on the rules, we prove that the number of deduction is nite for any pair of vertices in the OCS Graph. Rules SUBTERM Property, SUBTERM First, SUBTERM Trivial, THETA > and THETA  can be applied only if there is no existing edge between the two considered vertices. When applied, they generate an edge. Since no rule retrieves edges, those rules can only be applied once for each pair of vertices. However rules SUBTERM Extension, 23

SUBTERM Simplication and THETA > Extension may apply even if there is already an edge between two vertices. Fortunately, as we will see, the number of applications S is bounded by the preconditions. Remark rst that in a SOCS, for any edge (s >P t jj  fP 7! g) such that a O-proof " , then

whatever the deduction rule applied, either  P is replaced by >, or  the SOCS becomes (s >P t jj  SfP 7! 0 g) and " 0 Now, we prove that the number of application of rules SUBTERM Extension, SUBTERM Simplication and THETA > Extension is nite:  the precondition of THETA > Extension verify that the O-proof containing P1; : : :; Pm and (s) >lex (t) is not visible in . After the application of this rule the O-proof containing P1; : : :; Pm and (s) >lex (t) becomes visible in the new P -substitution0 of the SOCS, and then this rule cannot be applied again.  the precondition of SUBTERM Simplication is similar: since P has to be dierent from >, this rule can only be applied once.  Precondition Pi 6 "  of SUBTERM Extension does not prevent it to apply twice, but it prevents it to add twice a specic proof Pi to P. As a result, all we have to prove is that the number of possible added proofs by the rule SUBTERM Extension is nite. Since the arity of symbols is nite, assuming that the arity of f is n one can only add n proofs coming from edges si >Pi t and n coming from edges si Pi t. So the number of added proofs is nite and is 2n. 0

A.4 Complexity

We rst give an upper bound for the number of possible deduction (or applied rules) on a single SOCS. We assume that the maximal number of nodes in the OCS Graph of the SOCS is N and that maximal arity of function symbols of F is M. Consequently, the number of distinct pairs of nodes is N  (N ? 1) (provided that we have to consider separately symmetrical pairs of nodes: (a; b) and (b; a)). For any pair of nodes f and g, top symbols of terms s = f (s1 ; : : :; sn ) and t = g(t1 ; : : :; tm ), we can give an upper bound for the number of deduction. By case on the edge added to the OCS Graph:  for edges s > t there are M possible O-proof constructed by SUBTERM rules thanks to si > t edges. There are also M possible O-proof constructed thanks to si  t edges. Finally, there is only one last possible O-proof constructed by a THETA rule. We constructed a maximum of 2M + 1 O-proofs.  for the symmetrical case t > s, the bound is strictly the same: 2M + 1.  for s  t, one can construct a unique O-proof thanks to the THETA  rule. For any pair of vertices, the maximal number of applied rules is 4M + 3. As a result, for the complete OCS Graph, the upper bound for the number of deductions is: N  (N ? 1)  (4M + 3) Since any construction of O-proof is linear in space (like THETA >, THETA > Extension, THETA , linear on M) or constant (like all the others), global complexity in space is polynomial on M and N: O(N 2M 2 ). Now we want to investigate time complexity. First, an important point is complexity of testing wether a rule may applies or not. For instance testing if the rule THETA > applies consists in verifying that there are edges between top symbol f of term s and every subterms t1 ; : : :; tm of term t. We assume that testing can be done in linear time on M for any deduction rule. The application of the rule consists in adding a new edge and/or modifying or adding a O-proof. For example, remark that the application of rule THETA > consists in adding a new edge and construct a new O-proof that is the conjunction of variables P1 ; : : :; Pm . We assume that application can be achieved in linear time on M for any deduction rule. As a result, for any couple of vertices, testing if a rule can be applied and the application itself (i.e construction of the proof) can be done in linear time: O(M ). A sequential algorithm for applying each deduction rule once to any pair of nodes can be expressed as follows: 24

For any distinct pair of nodes (f,g) in the SOCS do For any deduction rule A apply A on (f,g) if possible

Complexity for achieving this process is O(N 2M ) (since there is a constant amount of deduction rules). In the worst case, the process described above may try every rule on any pair of nodes and apply only one rule. We already show that we will apply at most N  (N ? 1)  (4M + 3) rules. Thus, the global complexity in the worst case is: O(N 4M 2). Note that the last result is an upper bound on a naive sequential algorithm. It is easy to get better results in practice by specic strategies.

B Extended Precedence B.1 Extended precedence We rst dene the labelled signature F F = ffs1;:::;sn j f 2 F; arity(f ) = n and s1 ; : : :; sn 2 F [ X g Let  = h; i be an extended precedence dened by:   : T (F; X ) ! F (x) = x (f (t1 ; : : :; tn)) = froot(t1 );:::;root(tn ) if t1; : : :; tn 2 T (F; X )

 F is the quasi-ordering >F on the extended signature F. Example 3. Let F = fa; f; g; hg where arity of a; f; g; h is respectively 0,1,2,3, and let x be a

variable.

1 (g(x; f (a))) = gx;f 1 (a) = a 1 (h(f (a); a; x)) = hf;a;x Note that  of extended precedence  is a function and not an homomorphism.As a consequence, it is impossible to use it in standard denition of gpo. Since it is an interesting termination function for designing instances of gpo proving termination of self-embedded rewrite rules, we chose to dene a little enhancement of gpo.

B.2 Non homomorphic gpo In order to deal with non-homomorphic termination functions, like extended precedence, we dene a light extension of gpo, by relaxing homomorphic condition on the termination functions i . Denition28. A non homomorphic gpo is a gpo founded on component orders: 0 = h0 ; 0 i; : : :; k = hk ; k i where for all i = 1 : : :k:  i is a function from the set of terms towards an algebra A and i is a well-founded preorder on A or,  i is an extraction function from the set of terms towards the multiset of subterms and i is the multiset extension of the gpo itself. Theorem 29. Non homomorphic gpo is a quasi-ordering. Proof. In the proofs of [2] of Dershowitz & Hoot, the homomorphism assumption does not appear, function assumption is sucient for the proof that gpo is a quasi-ordering.  the proof that 'gpo is symetrical remain the same since x are still symetrical, 25

   

the proof of the subterm property is conserved since it comes from the inductive denition of gpo itself and is not concerned with the i , the proof that gpo is reexive is identical since the only assumption needed on i is that each one is at least a function, the proof for transitivity of gpo is also the same since transitivity of i is conserved, the proof of irreexivity of >gpo only depend on the inductive denition of gpo, so it its also conserved.

Theorem 30. Let  be a non homomorphic general path ordering. A rewrite system R terminates if 1. l  r for all rules l ! r in R and, 2. s ! t and s  t implies f (: : :; s; : : :)  f (: : : ; t; : : :).

Proof. In [2] of Dershowitz & Hoot, the proof of this termination theorem does not depend on the homomorphism assumption. The function assumption is sucient to achieve the proof. Dershowitz & Hoot proved the well foundation of gpo by contradicting the existence of an innite gpo descending sequence: Assuming that there is an innite descending sequence s1 >gpo s2 >gpo : : : leads to the existence of an innite descending subsequence (s01 ) >lex (s02 ) >lex : : :. This is a contradiction, since every ordering >i is well founded and so is their lexicographic combination >lex . The extraction of the innite subsequence (s01 ) >lex (s02 ) >lex : : : from s1 >gpo s2 >gpo : : : does not depend on the fact that all i should be homomorphisms. Moreover, the assumption that i are only functions does not contradict the fact that >lex is well-founded. As a result, there is no innite descending sequence (s1 ) >lex (s2 ) >lex : : :

B.3 Termination theorem for extended precedence

gpo dened in section 6 for the termination proof is based on a precedence h0 ; 0i, an extended precedence h1 ; 1i and a remaining non instantiated 2;n. Fisrt, we are going to prove condition (2) of theorem 30 and then we will prove stability (by instantiation) of this specic gpo for condition (1). Even if 2;n needs no instantiation for the termination proof, it does need it for proving condition (2). We choose 2;n to be h2 ; : : :; n i where i is the extraction function that returns the subterm ti?1 and i is gpo itself. As a result, 2;n corresponds to a lexicographic extension of gpo (just as in LPO). We will see in the following that the proof of conditions (1) and (2) requires preconditions on >1 and on 1 :  1(f (: : :; l; : : :)) 1 1(f (: : : ; r; : : :)) for any rule l ! r 2 R such that root(l) 6= root(r), and  if 1(s) >1 1 (t) alors 1(s) >1 1 (t) if 1 (s) '1 1 (t) alors 1 (s) '1 1 (t) For any term s; t and any substitution . Note that in Section 6, we chose needed extended precedence ff >F fg to prove termination of TRS ffx ! fgfx. This extended precedence and this TRS trivially satisfy those preconditions since root(ffx) = root(fgfx) and 1 (ffx) = 1 (ffx) and 1 (fgfx) = 1 (fgfx) for any substitution . Lemma 31. If 1 (f (: : :; s; : : :)) 1 1 (f (: : : ; t; : : :)) then for any substitution , we have: 1 (f (: : : ; s; : : :)) 1 1 (f (: : :; t; : : :)). Proof. Let x1; : : :; xn be variables that does not appear in , nor in s and t. 1 (f (: : : ; s; : : :)) 1 1 (f (: : :; t; : : :))

)

=

1 (f (x1 ; : : :; xi; s; xi+1; : : :; xn)) 1 1 (f (x1 ; : : :; xi; t; xi+1; : : :; xn)) Thanks to preconditions on 1 , for any substitution , we obtain 1 (f (x1 ; : : :; xi; s; xi+1; : : :; xn)) 1 1 (f (x1 ; : : :; xi; t; xi+1; : : :; xn)) 26

()

1 (f (x1 ; : : :; xi; s; xi+1; : : :; xn)) 1 1 (f (x1 ; : : :; xi; t; xi+1; : : :; xn)) Since for i such that 1  i  n, xi does not appear in , we obtain 1 (f (x1 ; : : :; xi; s; xi+1; : : :; xn)) 1 1 (f (x1 ; : : :; xi; t; xi+1; : : :; xn)) Now, we construct a substitution 

1 we obtain

=

fxi ! si j8ig for any si . Thanks to preconditions on

1 (f (x1 ; : : :; xi; s; xi+1; : : :; xn) ) 1 1 (f (x1 ; : : :; xi; t; xi+1; : : :; xn) )

()

1 (f (x1 ; : : :; xi; s; xi+1 ; : : :; xn )) 1 1 (f (x1 ; : : :; xi; t; xi+1 ; : : :; xn )) Since for all i, xi does not appear in , nor in s and t, xi does not appear in s nor in t. We obtain 1 (f (s1 ; : : :; si ; s; si+1; : : :; sn )) 1 1 (f (s1 ; : : :; si ; t; si+1; : : :; sn )) for any si such that 1  i  n.

()

1 (f (: : : ; s; : : :)) 1 1 (f (: : :; t; : : :))

Lemma 32. For any gpo based on a precedence h0; 0i, an extended precedence h1 ; 1i and lexicographic extension of gpo on h2 ; 2i; : : :; hn ; ni, we have s ! t ^ s gpo t =) f (: : : ; s; : : :) gpo f (: : :; t; : : :) Proof. Let s and t be terms such that s ! t and s gpo t. Let u = f (: : :; s; : : :) and v = f (: : :; t; : : :). Precisely, u = f (u1 ; : : :; un) and v = f (v1 ; : : :; vn) where 9p 2 1 : : :n such that up = s and vp = t. We distinguish two major subcases for s ! t: 1. s = C [s0 ] ! C [t0] = t where C [:] is a non-empty context. Since root(s) = root(C [s0]) = root(C [t0]) = root(t), we obtain that 1 (f (: : :; s; : : :)) = 1 (f (: : :; t; : : :)) Hence  0(u) '0 0(v) (since root(u) = root(v) = f ),  1(u) '1 1(v),  i (u) = ui?1 'gpo vi?1 = i(v) for any 1 < i < p + 1. Now, p+1 (u) = up = s and p+1 (v) = vp = t. Thus, p+1 (u) = s gpo t = p+1 (v). (a) wether s >gpo t. In that case, we get  p+1 (u) >gpo p+1 (v)  8i 6= p we have f (: : :; ui; : : :) >gpo ui = vi  for i = p we have f (: : : ; s; : : :) >gpo s >gpo t hence by case 2) of gpo denition we get u >gpo v (b) wether s 'gpo t. In that case, we have  p+1 (u) 'gpo p+1 (v)  8i 6= p we have f (: : :; ui; : : :) >gpo ui = vi  8i 6= p we have f (: : :; vi ; : : :) >gpo vi = ui  for i = p we have f (: : : ; s; : : :) >gpo s 'gpo t  fpr i = p we have f (: : :; t; : : :) >gpo t 'gpo s hence by case 3) of gpo denition, we get u 'gpo v 2. s = l ! r = t and l ! r 2 R. If root(l) = root(r) the proof is akin to the case 1. If root(l) 6= root(r), thanks to the preconditions on 1 , we have 1 (f (: : : ; l; : : :)) 1 1 (f (: : :; r; : : :)). By lemma 31, we obtain : 1 (u) 1 1 (v). Then by case on s gpo t : (a) if s 'gpo t then 27

   

8i 6= p we have f (: : :; ui; : : :) >gpo ui = vi 8i 6= p we have f (: : :; vi ; : : :) >gpo vi = ui for i = p we have f (: : : ; s; : : :) >gpo s 'gpo t for i = p we have f (: : : ; t; : : :) >gpo t 'gpo s Then, by case on 1 (u) 1 1 (v): i. if 1 (u) '1 1 (v), we also have 81 < i  n + 1 i (u) 'i i (v), thus by cas 3) of gpo denition: u 'gpo v.

ii. if 1 (u) >1 1 (v), by case 2) of gpo denition, we obtain: u >gpo v (b) if s >gpo t then  8i 6= p we have f (: : :; ui; : : :) >gpo ui = vi  for i = p we have f (: : : ; s; : : :) >gpo s >gpo t By case on 1 (u) 1 1 (v) i. if 1 (u) '1 1 (v), we also have 81 < i  p + 1 i (u) 'i i (v) and p+1 (u) = s >gpo t = p+1 (v) thus by case 2) of gpo denition: u >gpo v. ii. if 1 (u) >1 1 (u), by case 2) of gpo denition we obtain that u >gpo v.

Lemma 33. (stability) For any gpo based on a precedence h ;  i, an extended precedence h ;  i and lexicographic extension of gpo on h ;  i; : : :; hn ; ni, we have  s >gpo t =) s >gpo t  s 'gpo t =) s 'gpo t 0

1

1

2

0

2

for any subsitution . Proof. By induction on the size of both terms s and t.

1. if s >gpo t, by gpo denition, wether (a) 9si such that si gpo t. by induction we obtain si  gpo t, hence s >gpo t, (b) 8ti s >gpo ti and (s) > (t). By induction we obtain 8ti s >gpo ti . By case on (s) > (t)  wether 0 (s) >0 0(t). Since 0 and >0 is a precedence, we get 0 (s) >0 0 (t) and nally s >gpo t,  0 (s) 0 0(t) et 1 (s) >1 1 (t). We similarly obtain that 0 (s) 0 0 (t). Then, thanks to the preconditions on >1 , we obtain 1 (s) >1 1 (t) and nally s >gpo t,  0 (s) 0 0 (t), 1 (s) 1 1 (t) and 9p such that 81 < i < p i (s) 'gpo i (t) and p (s) >gpo p (t). We still have 0 (s) 0 0 (t) and 1 (s) 1 1 (t). By induction, we obtain 81 < i < p i (s) = si?1  'gpo ti?1 = i (t) and p (s) = sp?1  >gpo tp?1  = p (t), hence s >gpo t. 2. if s 'gpo t then by denition of gpo, 8ti s >gpo ti , 8si t >gpo si and (s) lex (t). By induction, we obtain 8ti s >gpo ti  , 8si t >gpo si  0 (s) 0 0 (t) implies that 0 (s) 0 0 (t) 1 (s) 1 1 (t). Thanks to preconditions on 1 we obtain 1 (s) 1 1 (t)

8i > 1 i (s) 'gpo i (t). by induction, we obtain 8i > 1 i (s) 'gpo i (t)

28