A static higher-order dependency pair framework
AA static higher-order dependency pairframework (extended version)
Carsten Fuhs and Cynthia Kop Dept. of Comp. Sci. and Inf. Sys., Birkbeck, University of London, UK Dept. of Software Science, Radboud University Nijmegen, The Netherlands
Abstract
We revisit the static dependency pair method for provingtermination of higher-order term rewriting and extend it in a numberof ways: (1) We introduce a new rewrite formalism designed for generalapplicability in termination proving of higher-order rewriting, AlgebraicFunctional Systems with Meta-variables. (2) We provide a syntacticallycheckable soundness criterion to make the method applicable to a largeclass of rewrite systems. (3) We propose a modular dependency pair framework for this higher-order setting. (4) We introduce a fine-grainednotion of formative and computable chains to render the framework morepowerful. (5) We formulate several existing and new termination provingtechniques in the form of processors within our framework.The framework has been implemented in the (fully automatic) higher-order termination tool
WANDA . Term rewriting [3,48] is an important area of logic, with applications in manydifferent areas of computer science [4,11,18,23,25,36,41].
Higher-order term rewrit-ing – which extends the traditional first-order term rewriting with higher-ordertypes and binders as in the λ -calculus – offers a formal foundation of functionalprogramming and a tool for equational reasoning in higher-order logic. A key ques-tion in the analysis of both first- and higher-order term rewriting is termination ;both for its own sake, and as part of confluence and equivalence analysis.In first-order term rewriting, a hugely effective method for proving termination(both manually and automatically) is the dependency pair (DP) approach [2].This approach has been extended to the DP framework [20,22], a highly modularmethodology which new techniques for proving termination and non-termination can easily be plugged into in the form of processors .In higher-order rewriting, two DP approaches with distinct costs and benefitsare used: dynamic [45,31] and static [6,44,34,46,32,33] DPs. Dynamic DPs aremore broadly applicable, yet static DPs often enable more powerful analysistechniques. Still, neither approach has the modularity and extendability of theDP framework, nor can they be used to prove non-termination. Also, theseapproaches consider different styles of higher-order rewriting, which means thatfor all results certain language features are not available. a r X i v : . [ c s . L O ] A p r Carsten Fuhs and Cynthia Kop
In this paper, we address these issues for the static
DP approach by extendingit to a full higher-order dependency pair framework for both termination andnon-termination analysis. For broad applicability, we introduce a new rewritingformalism,
AFSMs , to capture several flavours of higher-order rewriting, including
AFSs [26] (used in the annual Termination Competition [50]) and pattern HRSs [39,37] (used in the annual Confluence Competition [10]). To show the versatilityand power of this methodology, we define various processors in the framework –both adaptations of existing processors from the literature and entirely new ones.
Detailed contributions.
We reformulate the results of [6,44,34,46,32] into a DPframework for AFSMs. In doing so, we instantiate the applicability restriction of[32] by a very liberal syntactic condition, and add two new flags to track propertiesof DP problems: one completely new, one from an earlier work by the authorsfor the first-order
DP framework [16]. We give eight processors for reasoning inour framework: four translations of techniques from static DP approaches, threetechniques from first-order or dynamic DPs, and one completely new.This is a foundational paper, focused on defining a general theoretical frame-work for higher-order termination analysis using dependency pairs rather thanquestions of implementation. We have, however, implemented most of theseresults in the fully automatic termination analysis tool
WANDA [28].
Related Work.
There is a vast body of work in the first-order setting regardingthe DP approach [2] and framework [20,22,24]. We have drawn from the ideas inthese works for the core structure of the higher-order framework, but have addedsome new features of our own and adapted results to the higher-order setting.There is no true higher-order DP framework yet: both static and dynamicapproaches actually lie halfway between the original “DP approach” of first-order rewriting and a full DP framework as in [20,22]. Most of these works[30,31,32,34,46] prove “non-loopingness” or “chain-freeness” of a set P of DPsthrough a number of theorems. Yet, there is no concept of DP problems , and theset R of rules cannot be altered. They also fix assumptions on dependency chains– such as minimality [34] or being “tagged” [31] – which frustrate extendabilityand are more naturally dealt with in a DP framework using flags.The static DP approach for higher-order term rewriting is discussed in, e.g.,[34,44,46]. The approach is limited to plain function passing (PFP) systems.The definition of PFP has been made more liberal in later papers, but alwaysconcerns the position of higher-order variables in the left-hand sides of rules. Theseworks include non-pattern HRSs [34,46], which we do not consider, but do notemploy formative rules or meta-variable conditions, or consider non-termination,which we do. Importantly, they do not consider strictly positive inductive types,which could be used to significantly broaden the PFP restriction. Such types are considered in an early paper which defines a variation of static higher-orderdependency pairs [6] based on a computability closure [8,7]. However, this workcarries different restrictions (e.g., DPs must be type-preserving and not introducefresh variables) and considers only one analysis technique (reduction pairs).Definitions of DP approaches for functional programming also exist [32,33],which consider applicative systems with ML-style polymorphism. These works static higher-order dependency pair framework (extended version) 3 also employ a much broader, semantic definition than PFP, which is actuallymore general than the syntactic restriction we propose here. However, like thestatic approaches for term rewriting, they do not truly exploit the computability[47] properties inherent in this restriction: it is only used for the initial generationof dependency pairs. In the present work, we will take advantage of our exactcomputability notion by introducing a computable flag that can be used by thecomputable subterm criterion processor (Thm. 63) to handle benchmark systemsthat would otherwise be beyond the reach of static DPs. Also in these works,formative rules, meta-variable conditions and non-termination are not considered.Regarding dynamic DP approaches, a precursor of the present work is [31],which provides a halfway framework (methodology to prove “chain-freeness”) fordynamic DPs, introduces a notion of formative rules, and briefly translates a basicform of static DPs to the same setting. Our formative reductions consider theshape of reductions rather than the rules they use, and they can be used as a flagin the framework to gain additional power in other processors. The adaptationof static DPs in [31] was very limited, and did not for instance consider strictlypositive inductive types or rules of functional type.For a more elaborate discussion of both static and dynamic DP approachesin the literature, we refer to [31] and the second author’s PhD thesis [29].
Organisation of the paper. § § § § § In this section, we first define our notation by introducing the AFSM formalism.Although not one of the standards of higher-order rewriting, AFSMs combinefeatures from various forms of higher-order rewriting and can be seen as aform of IDTSs [5] which includes application. We will finish with a definition of computability , a technique often used for higher-order termination methods.
Unlike first-order term rewriting, there is no single, unified approach to higher-order term rewriting, but rather a number of similar but not fully compatiblesystems aiming to combine term rewriting and typed λ -calculi. For generality,we will use Algebraic Functional Systems with Meta-variables : a formalism whichadmits translations from the main formats of higher-order term rewriting.
Definition 1 (Simple types).
We fix a set S of sorts . All sorts are simpletypes, and if σ, τ are simple types, then so is σ → τ . Carsten Fuhs and Cynthia Kop
We let → be right-associative. Note that all types have a unique representationin the form σ → . . . → σ m → ι with ι ∈ S . Definition 2 (Terms and meta-terms).
We fix disjoint sets F of functionsymbols , V of variables and M of meta-variables , each symbol equipped witha type. Each meta-variable is additionally equipped with a natural number. Weassume that both V and M contain infinitely many symbols of all types. The set T ( F , V ) of terms over F , V consists of expressions s where s : σ can be derivedfor some type σ by the following clauses:( V ) x : σ if x : σ ∈ V ( @ ) s t : τ if s : σ → τ and t : σ ( F ) f : σ if f : σ ∈ F ( Λ ) λx.s : σ → τ if x : σ ∈ V and s : τ Meta-terms are expressions whose type can be derived by those clauses and:( M ) Z (cid:104) s , . . . , s k (cid:105) : σ k +1 → . . . → σ m → ι if Z : ( σ → . . . → σ k → . . . → σ m → ι, k ) ∈ M and s : σ , . . . , s k : σ k The λ binds variables as in the λ -calculus; unbound variables are called free , andFV ( s ) is the set of free variables in s . Meta-variables cannot be bound; we writeFMV ( s ) for the set of meta-variables occurring in s . A meta-term s is called closed if FV ( s ) = ∅ (even if FMV ( s ) (cid:54) = ∅ ). Meta-terms are considered modulo α -conversion. Application ( @ ) is left-associative; abstractions ( Λ ) extend as farto the right as possible. A meta-term s has type σ if s : σ ; it has base type if σ ∈ S . We define head ( s ) = head ( s ) if s = s s , and head ( s ) = s otherwise.A (meta-)term s has a sub-(meta-)term t , notation s (cid:4) t , if either s = t or s (cid:3) t , where s (cid:3) t if (a) s = λx.s (cid:48) and s (cid:48) (cid:4) t , (b) s = s s and s (cid:4) t or (c) s = s s and s (cid:4) t . A (meta-)term s has a fully applied sub-(meta-)term t ,notation s (cid:73) t , if either s = t or s (cid:73) t , where s (cid:73) t if (a) s = λx.s (cid:48) and s (cid:48) (cid:73) t ,(b) s = s s and s (cid:73) t or (c) s = s s and s (cid:73) t (so if s = x s s , then x and x s are not fully applied subterms, but s and both s and s are).For Z : ( σ, k ) ∈ M , we call k the arity of Z , notation arity ( Z ) . Clearly, all fully applied subterms are subterms, but not all subterms are fullyapplied. Every term s has a form t s · · · s n with n ≥ t = head ( s ) a variable,function symbol, or abstraction; in meta-terms t may also be a meta-variableapplication F (cid:104) s , . . . , s k (cid:105) . Terms are the objects that we will rewrite; meta-terms are used to define rewrite rules. Note that all our terms (and meta-terms) are,by definition, well-typed. For rewriting, we will employ patterns : Definition 3 (Patterns).
A meta-term is a pattern if it has one of the forms Z (cid:104) x , . . . , x k (cid:105) with all x i distinct variables; λx.(cid:96) with x ∈ V and (cid:96) a pattern; or a (cid:96) · · · (cid:96) n with a ∈ F ∪ V and all (cid:96) i patterns ( n ≥ ). In rewrite rules, we will use meta-variables for matching and variables onlywith binders . In terms, variables can occur both free and bound, and meta-variables cannot occur. Meta-variables originate in very early forms of higher-order rewriting (e.g., [1,27]), but have also been used in later formalisms (e.g., [8]).They strike a balance between matching modulo β and syntactic matching. Byusing meta-variables, we obtain the same expressive power as with Miller pat-terns [37], but do so without including a reversed β -reduction as part of matching. static higher-order dependency pair framework (extended version) 5 Notational conventions:
We will use x, y, z for variables,
X, Y, Z for meta-variables, b for symbols that could be variables or meta-variables, f , g , h or moresuggestive notation for function symbols, and s, t, u, v, q, w for (meta-)terms.Types are denoted σ, τ , and ι, κ are sorts. We will regularly overload notationand write x ∈ V , f ∈ F or Z ∈ M without stating a type (or minimal arity). Formeta-terms Z (cid:104)(cid:105) we will usually omit the brackets, writing just Z . Definition 4 (Substitution). A meta-substitution is a type-preserving func-tion γ from variables and meta-variables to meta-terms. Let the domain of γ be given by: dom ( γ ) = { ( x : σ ) ∈ V | γ ( x ) (cid:54) = x } ∪ { ( Z : ( σ, k )) ∈ M | γ ( Z ) (cid:54) = λy . . . y k .Z (cid:104) y , . . . , y k (cid:105)} ; this domain is allowed to be infinite. We let [ b := s , . . . , b n := s n ] denote the meta-substitution γ with γ ( b i ) = s i and γ ( z ) = z for ( z : σ ) ∈ V \ { b , . . . , b n } , and γ ( Z ) = λy . . . y k .Z (cid:104) y , . . . , y k (cid:105) for ( Z : ( σ, k )) ∈ M \ { b , . . . , b n } . We assume there are infinitely many variables x of all types such that (a) x / ∈ dom ( γ ) and (b) for all b ∈ dom ( γ ) : x / ∈ FV ( γ ( b )) .A substitution is a meta-substitution mapping everything in its domain toterms. The result sγ of applying a meta-substitution γ to a term s is obtained by: xγ = γ ( x ) if x ∈ V ( s t ) γ = ( sγ ) ( tγ ) f γ = f if f ∈ F ( λx.s ) γ = λx. ( sγ ) if γ ( x ) = x ∧ x / ∈ (cid:83) y ∈ dom ( γ ) FV ( γ ( y )) For meta-terms, the result sγ is obtained by the clauses above and: Z (cid:104) s , . . . , s k (cid:105) γ = γ ( Z ) (cid:104) s γ, . . . , s k γ (cid:105) if Z / ∈ dom ( γ ) Z (cid:104) s , . . . , s k (cid:105) γ = γ ( Z ) (cid:104)(cid:104) s γ, . . . , s k γ (cid:105)(cid:105) if Z ∈ dom ( γ )( λx . . . x k .s ) (cid:104)(cid:104) t , . . . , t k (cid:105)(cid:105) = s [ x := t , . . . , x k := t k ]( λx . . . x n .s ) (cid:104)(cid:104) t , . . . , t k (cid:105)(cid:105) = s [ x := t , . . . , x n := t n ] t n +1 · · · t k if n < k and s is not an abstraction Note that for fixed k , any term has exactly one of the two forms above( λx . . . x n .s with n < k and s not an abstraction, or λx . . . x k .s ).Essentially, applying a meta-substitution that has meta-variables in its domaincombines a substitution with (possibly several) β -steps. For example, we have that: deriv ( λx. sin ( F (cid:104) x (cid:105) ))[ F := λy. plus y x ] equals deriv ( λz. sin ( plus z x )). Wealso have: X (cid:104) , nil (cid:105) [ X := λx. map ( λy.x )] equals map ( λy. ) nil . Definition 5 (Rules and rewriting).
Let F , V , M be fixed sets of functionsymbols, variables and meta-variables respectively. A rule is a pair (cid:96) ⇒ r of closedmeta-terms of the same type such that (cid:96) is a pattern of the form f (cid:96) · · · (cid:96) n with f ∈ F and FMV ( r ) ⊆ FMV ( (cid:96) ) . A set of rules R defines a rewrite relation ⇒ R as the smallest monotonic relation on terms which includes:( Rule ) (cid:96)δ ⇒ R rδ if (cid:96) ⇒ r ∈ R and dom ( δ ) = FMV ( (cid:96) ) ( Beta ) ( λx.s ) t ⇒ R s [ x := t ] We say s ⇒ β t if s ⇒ R t is derived using a ( Beta ) step. A term s is terminating under ⇒ R if there is no infinite reduction s = s ⇒ R s ⇒ R . . . , is in normalform if there is no t such that s ⇒ R t , and is β -normal if there is no t with s ⇒ β t . Note that we are allowed to reduce at any position of a term, even belowa λ . The relation ⇒ R is terminating if all terms over F , V are terminating. Theset D ⊆ F of defined symbols consists of those ( f : σ ) ∈ F such that a rule f (cid:96) · · · (cid:96) n ⇒ r exists; all other symbols are called constructors . Carsten Fuhs and Cynthia Kop
Note that R is allowed to be infinite, which is useful for instance to modelpolymorphic systems. Also, right-hand sides of rules do not have to be in β -normalform. While this is rarely used in practical examples, non- β -normal rules mayarise through transformations, and we lose nothing by allowing them. Example 6.
Let
F ⊇ { : nat , s : nat → nat , nil : list , cons : nat → list → list , map : ( nat → nat ) → list → list } and consider the following rules R : map ( λx.Z (cid:104) x (cid:105) ) nil ⇒ nilmap ( λx.Z (cid:104) x (cid:105) ) ( cons H T ) ⇒ cons Z (cid:104) H (cid:105) ( map ( λx.Z (cid:104) x (cid:105) ) T )Then map ( λy. ) ( cons ( s 0 ) nil ) ⇒ R cons 0 ( map ( λy. ) nil ) ⇒ R cons 0 nil .Note that the bound variable y does not need to occur in the body of λy. tomatch λx.Z (cid:104) x (cid:105) . However, a term like map s ( cons 0 nil ) cannot be reduced,because s does not instantiate λx.Z (cid:104) x (cid:105) . We could alternatively consider the rules: map Z nil ⇒ nilmap Z ( cons H T ) ⇒ cons ( Z H ) ( map
Z T )Where the system before had ( Z : ( nat → nat , ∈ M , here we assume( Z : ( nat → nat , ∈ M . Thus, rather than meta-variable application Z (cid:104) H (cid:105) weuse explicit application Z H . Then map s ( cons 0 nil ) ⇒ R cons ( s 0 ) ( map s nil ).However, we will often need explicit β -reductions; e.g., map ( λy. ) ( cons ( s 0 ) nil ) ⇒ R cons (( λy. ) ( s 0 )) ( map ( λy. ) nil ) ⇒ β cons 0 ( map ( λy. ) nil ). Definition 7 (AFSM). An AFSM is a tuple ( F , V , M , R ) of a signature anda set of rules built from meta-terms over F , V , M ; as types of relevant variablesand meta-variables can always be derived from context, we will typically just referto the AFSM ( F , R ) . An AFSM implicitly defines the abstract reduction system ( T ( F , V ) , ⇒ R ) : a set of terms and a rewrite relation on this set. An AFSM isterminating if ⇒ R is terminating (on all terms in T ( F , V ) ).Discussion: The two most common formalisms in termination analysis ofhigher-order rewriting are algebraic functional systems [26] (AFSs) and higher-order rewriting systems [39,37] (HRSs). AFSs are very similar to our AFSMs, butuse variables for matching rather than meta-variables; this is trivially translatedto the AFSM format, giving rules where all meta-variables have arity 0, like the“alternative” rules in Ex. 6. HRSs use matching modulo β/η , but the commonrestriction of pattern HRSs can be directly translated into AFSMs, provided termsare β -normalised after every reduction step. Even without this β -normalisationstep, termination of the obtained AFSM implies termination of the original HRS;for second-order systems, termination is equivalent. AFSMs can also naturallyencode CRSs [27] and several applicative systems (cf. [29, Chapter 3]). Example 8 (Ordinal recursion).
A running example is the AFSM ( F , R ) with F ⊇ { : ord , s : ord → ord , lim : ( nat → ord ) → ord , rec : ord → nat → ( ord → nat → nat ) → (( nat → ord ) → ( nat → nat ) → nat ) → nat } and R given below. As all meta-variables have arity 0, this can be seen as an AFS. rec 0 K F G ⇒ K rec ( s X ) K F G ⇒ F X ( rec X K F G ) rec ( lim H ) K F G ⇒ G H ( λm. rec ( H m ) K F G ) static higher-order dependency pair framework (extended version) 7 Observant readers may notice that by the given constructors, the type nat in Ex. 8 is not inhabited. However, as the given symbols are only a subset of F ,additional symbols (such as constructors for the nat type) may be included. Thepresence of additional function symbols does not affect termination of AFSMs: Theorem 9 (Invariance of termination under signature extensions).
For an AFSM ( F , R ) with F at most countably infinite, let funs ( R ) ⊆ F be the set of function symbols occurring in some rule of R . Then ( T ( F , V ) , ⇒ R ) is terminating if and only if ( T ( funs ( R ) , V ) , ⇒ R ) is terminating.Proof. Trivial by replacing all function symbols in
F \ funs ( R ) by correspondingvariables of the same type. (cid:117)(cid:116) Therefore, we will typically only state the types of symbols occurring in therules, but may safely assume that infinitely many symbols of all types are present(which for instance allows us to select unused constructors in some proofs).
A common technique in higher-order termination is Tait and Girard’s comput-ability notion [47]. There are several ways to define computability predicates;here we follow, e.g., [5,8,9,7] in considering accessible meta-terms using strictlypositive inductive types. The definition presented below is adapted from theseworks, both to account for the altered formalism and to introduce (and obtaintermination of) a relation (cid:86) C that we will use in the “computable subtermcriterion processor” of Thm. 63 (a termination criterion that allows us to handlesystems that would otherwise be beyond the reach of static DPs). This allowsfor a minimal presentation that avoids the use of ordinals that would otherwisebe needed to obtain (cid:86) C (see, e.g., [9,7]).To define computability, we use the notion of an RC-set : Definition 10. A set of reducibility candidates , or RC-set , for a rewrite relation ⇒ R of an AFSM is a set I of base-type terms s such that: every term in I isterminating under ⇒ R ; I is closed under ⇒ R (so if s ∈ I and s ⇒ R t then t ∈ I ); if s = x s · · · s n with x ∈ V or s = ( λx.u ) s · · · s n with n ≥ , and forall t with s ⇒ R t we have t ∈ I , then s ∈ I (for any u, s , . . . , s n ∈ T ( F , V ) ).We define I -computability for an RC-set I by induction on types. For s ∈T ( F , V ) , we say that s is I -computable if either s is of base type and s ∈ I ; or s : σ → τ and for all t : σ that are I -computable, s t is I -computable. The traditional notion of computability is obtained by taking for I the set ofall terminating base-type terms. Then, a term s is computable if and only if (a) s has base type and is terminating; or (b) s : σ → τ and for all computable t : σ the term s t is computable. This choice is simple but, for reasoning, not ideal:we do not have a property like: “if f s · · · s n is computable then so is each s i ”.Such a property would be valuable to have for generalising termination proofsfrom first-order to higher-order rewriting, as it allows us to use computability Carsten Fuhs and Cynthia Kop where the first-order proof uses termination. While it is not possible to define acomputability notion with this property alongside case (b) (as such a notion wouldnot be well-founded), we can come close to this property by choosing a differentset for I . To define this set, we will use the notion of accessible arguments , whichis used for the same purpose also in the General Schema [8], the
ComputabilityPath Ordering [9], and the
Computability Closure [7].
Definition 11 (Accessible arguments).
We fix a quasi-ordering (cid:23) S on S with well-founded strict part (cid:31) S := (cid:23) S \ (cid:22) S . For a type σ ≡ σ → . . . → σ m → κ (with κ ∈ S ) and sort ι , let ι (cid:23) S + σ if ι (cid:23) S κ and ι (cid:31) S− σ i for all i , and let ι (cid:31) S− σ if ι (cid:31) S κ and ι (cid:23) S + σ i for all i . For f : σ → . . . → σ m → ι ∈ F , let Acc ( f ) = { i | ≤ i ≤ m ∧ ι (cid:23) S + σ i } .For x : σ → . . . → σ m → ι ∈ V , let Acc ( x ) = { i | ≤ i ≤ m ∧ σ i has the form τ → . . . → τ n → κ with ι (cid:23) S κ } . We write s (cid:4) acc t if either s = t , or s = λx.s (cid:48) and s (cid:48) (cid:4) acc t , or s = a s · · · s n with a ∈ F ∪ V and s i (cid:4) acc t for some i ∈ Acc ( a ) with a / ∈ FV ( s i ) . With this definition, we will be able to define a set C such that, roughly, s is C -computable if and only if (a) s : σ → τ and s t is C -computable for all C -computable t , or (b) s has base type, is terminating, and if s = f s · · · s m then s i is C -computable for all accessible i (see Thm. 13 below). The reason that Acc ( x ) for x ∈ V is different is proof-technical: computability of λx.x s · · · s m implies the computability of more arguments s i than computability of f s · · · s m does, since x can be instantiated by anything. Example 12.
Consider a quasi-ordering (cid:23) S such that ord (cid:31) S nat . In Ex. 8, wethen have ord (cid:23) S + nat → ord . Thus, 1 ∈ Acc ( lim ), which gives lim H (cid:4) acc H . Theorem 13.
Let ( F , R ) be an AFSM. Let f s · · · s m (cid:86) I s i t · · · t n if bothsides have base type, i ∈ Acc ( f ) , and all t j are I -computable. There is an RC-set C such that C = { s ∈ T ( F , V ) | s has base type ∧ s is terminating under ⇒ R ∪ (cid:86) C ∧ if s ⇒ ∗R f s · · · s m then s i is C -computable for all i ∈ Acc ( f ) } .Proof (sketch). Note that we cannot define C as this set, as the set relies onthe notion of C -computability. However, we can define C as the fixpoint of amonotone function operating on RC-sets. This follows the proof in, e.g., [8,9]. (cid:117)(cid:116) The full proof (for the definitions in this paper) is available in Appendix A.
The termination methodology in this paper is restricted to AFSMs that satisfycertain limitations: they must be properly applied (a restriction on the numberof terms each function symbol is applied to) and accessible function passing (arestriction on the positions of variables of a functional type in the left-hand sidesof rules). Both are syntactic restrictions that are easily checked by a computer(mostly; the latter requires a search for a sort ordering, but this is typically easy). Well-foundedness is immediate if S is finite, but we have not imposed that requirement. Here ι (cid:23) S + σ corresponds to “ ι occurs only positively in σ ” in [5,8,9]. static higher-order dependency pair framework (extended version) 9 In properly applied AFSMs , function symbols are assigned a certain, minimalnumber of arguments that they must always be applied to. Definition 14.
An AFSM ( F , R ) is properly applied if for every f ∈ D thereexists an integer k such that for all rules (cid:96) ⇒ r ∈ R : (1) if (cid:96) = f (cid:96) · · · (cid:96) n then n = k ; and (2) if r (cid:73) f r · · · r n then n ≥ k . We denote minar ( f ) = k . That is, every occurrence of a function symbol in the right-hand side of a rulehas at least as many arguments as the occurrences in the left-hand sides of rules.This means that partially applied functions are often not allowed: an AFSM withrules such as double X ⇒ plus X X and doublelist L ⇒ map double L is notproperly applied, because double is applied to one argument in the left-handside of some rule, and to zero in the right-hand side of another.This restriction is not as severe as it may initially seem since partial applica-tions can be replaced by λ -abstractions; e.g., the rules above can be made properlyapplied by replacing the second rule by: doublelist L ⇒ map ( λx. double x ) L .By using η -expansion, we can transform any AFSM to satisfy this restriction: Definition 15 ( R ↑ ). Given a set of rules R , let their η -expansion be given by R ↑ = { ( (cid:96) Z · · · Z m ) ↑ η ⇒ ( r Z · · · Z m ) ↑ η | (cid:96) ⇒ r ∈ R with r : σ → . . . → σ m → ι , ι ∈ S , and Z , . . . , Z m fresh meta-variables } , where – s ↑ η = λx . . . x m .s ( x ↑ η ) · · · ( x m ↑ η ) if s is an application or element of V ∪ F ,and s ↑ η = s otherwise; – f = f for f ∈ F and x = x for x ∈ V , while Z (cid:104) s , . . . , s k (cid:105) = Z (cid:104) s , . . . , s k (cid:105) and ( λx.s ) = λx. ( s ↑ η ) and s s = s ( s ↑ η ) . Note that (cid:96) ↑ η is a pattern if (cid:96) is. By [29, Thm. 2.16], a relation ⇒ R isterminating if ⇒ R ↑ is terminating, which allows us to transpose any methods toprove termination of properly applied AFSMs to all AFSMs.However, there is a caveat: this transformation can introduce non-terminationin some special cases, e.g., the terminating rule f X ⇒ g f with f : o → o and g : ( o → o ) → o , whose η -expansion f X ⇒ g ( λx. ( f x )) is non-terminating.Thus, for a properly applied AFSM the methods in this paper apply directly.For an AFSM that is not properly applied, we can use the methods to prove termination (but not non-termination) by first η -expanding the rules. Of course,if this analysis leads to a counterexample for termination, we may still be able toverify whether this counterexample applies in the original, untransformed AFSM. Example 16.
Both AFSMs in Ex. 6 and the AFSM in Ex. 8 are properly applied.
Example 17.
Consider an AFSM ( F , R ) with F ⊇ { sin , cos : real → real , times : real → real → real , deriv : ( real → real ) → real → real } and R = { deriv ( λx. sin F (cid:104) x (cid:105) ) ⇒ λy. times ( deriv ( λx.F (cid:104) x (cid:105) ) y ) ( cos F (cid:104) y (cid:105) ) } .Although the one rule has a functional output type ( real → real ), this AFSM isproperly applied, with deriv having always at least 1 argument. Therefore, we do not need to use R ↑ . However, if R were to additionally include some rules that didnot satisfy the restriction (such as the double and doublelist rules above), then η -expanding all rules, including this one, would be necessary. We have: R ↑ = { deriv ( λx. sin F (cid:104) x (cid:105) ) Y ⇒ ( λy. times ( deriv ( λx.F (cid:104) x (cid:105) ) y ) ( cos F (cid:104) y (cid:105) )) Y } .Note that the right-hand side of the η -expanded deriv rule is not β -normal. In accessible function passing AFSMs, variables of functional type may not occurat arbitrary places in the left-hand sides of rules: their positions are restrictedusing the sort ordering (cid:23) S and accessibility relation (cid:4) acc from Def. 11. Definition 18 (Accessible function passing).
An AFSM ( F , R ) is access-ible function passing (AFP) if there exists a sort ordering (cid:23) S following Def. 11such that: for all f (cid:96) · · · (cid:96) n ⇒ r ∈ R and all Z ∈ FMV ( r ) : there are variables x , . . . , x k and some i such that (cid:96) i (cid:4) acc Z (cid:104) x , . . . , x k (cid:105) . The key idea of this definition is that computability of each (cid:96) i implies com-putability of all meta-variables in r . This excludes cases like Example 20 below.Many common examples satisfy this restriction, including those we saw before: Example 19.
Both systems from Ex. 6 are AFP: choosing the sort ordering (cid:23) S that equates nat and list , we indeed have cons H T (cid:4) acc H and cons H T (cid:4) acc T (as Acc ( cons ) = { , } ) and both λx.Z (cid:104) x (cid:105) (cid:4) acc Z (cid:104) x (cid:105) and Z (cid:4) acc Z . The AFSMfrom Ex. 8 is AFP because we can choose ord (cid:31) S nat and have lim H (cid:4) acc H following Ex. 12 (and also s X (cid:4) acc X and K (cid:4) acc K, F (cid:4) acc
F, G (cid:4) acc G ).The AFSM from Ex. 17 is AFP, because λx. sin F (cid:104) x (cid:105) (cid:4) acc F (cid:104) x (cid:105) for any (cid:23) S : λx. sin F (cid:104) x (cid:105) (cid:4) acc F (cid:104) x (cid:105) because sin F (cid:104) x (cid:105) (cid:4) acc F (cid:104) x (cid:105) because 1 ∈ Acc ( sin ).In fact, all first-order AFSMs (where all fully applied sub-meta-terms of theleft-hand side of a rule have base type) are AFP via the sort ordering (cid:23) S thatequates all sorts. Also (with the same sort ordering), an AFSM ( F , R ) is AFP if,for all rules f (cid:96) · · · (cid:96) k ⇒ r ∈ R and all 1 ≤ i ≤ k , we can write: (cid:96) i = λx . . . x n i .(cid:96) (cid:48) where n i ≥ (cid:96) (cid:48) have base type.This covers many practical systems, although for Ex. 8 we need a non-trivialsort ordering. Also, there are AFSMs that cannot be handled with any (cid:23) S . Example 20 (Encoding the untyped λ -calculus). Consider an AFSM with
F ⊇{ ap : o → o → o , lm : ( o → o ) → o } and R = { ap ( lm F ) ⇒ F } (note that theonly rule has type o → o ). This AFSM is not accessible function passing, because lm F (cid:4) acc F cannot hold for any (cid:23) S (as this would require o (cid:31) S o ).Note that this example is also not terminating. With t = lm ( λx. ap x x ), weget this self-loop as evidence: ap t t ⇒ R ( λx. ap x x ) t ⇒ β ap t t .Intuitively: in an accessible function passing AFSM, meta-variables of a highertype may occur only in “safe” places in the left-hand sides of rules. Rules like theones in Ex. 20, where a higher-order meta-variable is lifted out of a base-typeterm, are not admitted (unless the base type is greater than the higher type). static higher-order dependency pair framework (extended version) 11 In the remainder of this paper, we will refer to a properly applied, accessiblefunction passing
AFSM as a PA-AFP AFSM.
Discussion:
This definition is strictly more liberal than the notions of “plainfunction passing” in both [34] and [46] as adapted to AFSMs. The notion in[46] largely corresponds to AFP if (cid:23) S equates all sorts, and the HRS formalismguarantees that rules are properly applied (in fact, all fully applied sub-meta-terms of both left- and right-hand sides of rules have base type). The notion in[34] is more restrictive. The current restriction of PA-AFP AFSMs lets us handleexamples like ordinal recursion (Ex. 8) which are not covered by [34,46]. However,note that [34,46] consider a different formalism, which does take rules whose left-hand side is not a pattern into account (which we do not consider). Our restrictionalso quite resembles the “admissible” rules in [6] which are defined using a patterncomputability closure [5], but that work carries additional restrictions.In later work [32,33], K. Kusakari extends the static DP approach to forms ofpolymorphic functional programming, with a very liberal restriction: the definitionis parametrised with an arbitrary RC-set and corresponding accessibility (“safety”)notion. Our AFP restriction is actually an instance of this condition (althougha more liberal one than the example RC-set used in [32,33]). We have chosen aspecific instance because it allows us to use dedicated techniques for the RC-set;for example, our computable subterm criterion processor (Thm. 63).
To obtain sufficient criteria for both termination and non-termination of AFSMs,we will now transpose the definition of static dependency pairs [6,34,46,33] toAFSMs. In addition, we will add the new features of meta-variable conditions , formative reductions , and computable chains . Complete versions of all proofsketches in this section are available in Appendix B.Although we retain the first-order terminology of dependency pairs , the settingwith meta-variables makes it more suitable to define DPs as triples . Definition 21 ((Static) Dependency Pair). A dependency pair (DP) is atriple (cid:96) (cid:86) p ( A ) , where (cid:96) is a closed pattern f (cid:96) · · · (cid:96) k , p is a closed meta-term g p · · · p n , and A is a set of meta-variable conditions : pairs Z : i indicating that Z regards its i th argument. A DP is conservative if FMV ( p ) ⊆ FMV ( (cid:96) ) .A substitution γ respects a set of meta-variable conditions A if for all Z : i in A we have γ ( Z ) = λx . . . x j .t with either i > j , or i ≤ j and x i ∈ FV ( t ) . DPswill be used only with substitutions that respect their meta-variable conditions.For (cid:96) (cid:86) p ( ∅ ) (so a DP whose set of meta-variable conditions is empty), weoften omit the third component and just write (cid:96) (cid:86) p . Like the first-order setting, the static DP approach employs marked functionsymbols to obtain meta-terms whose instances cannot be reduced at the root.
Definition 22 (Marked symbols).
Let ( F , R ) be an AFSM. Define F (cid:93) := F (cid:93) { f (cid:93) : σ | f : σ ∈ D} . For a meta-term s = f s · · · s k with f ∈ D and k = minar ( f ) , we let s (cid:93) = f (cid:93) s · · · s k ; for s of other forms s (cid:93) is not defined. Moreover, we will consider candidates . In the first-order setting, candidateterms are subterms of the right-hand sides of rules whose root symbol is a definedsymbol. Intuitively, these subterms correspond to function calls. In the currentsetting, we have to consider also meta-variables as well as rules whose right-handside is not β -normal (which might arise for instance due to η -expansion). Definition 23 ( β -reduced-sub-meta-term, (cid:4) β , (cid:4) A ). A meta-term s has afully applied β -reduced-sub-meta-term t (shortly, BRSMT ), notation s (cid:4) β t , ifthere exists a set of meta-variable conditions A with s (cid:4) A t . Here s (cid:4) A t holds if: – s = t , or – s = λx.u and u (cid:4) A t , or – s = ( λx.u ) s · · · s n and some s i (cid:4) A t , or u [ x := s ] s · · · s n (cid:4) A t , or – s = a s · · · s n with a ∈ F ∪ V and some s i (cid:4) A t , or – s = Z (cid:104) t , . . . , t k (cid:105) s · · · s n and some s i (cid:4) A t , or – s = Z (cid:104) t , . . . , t k (cid:105) s · · · s n and t i (cid:4) A t for some i ∈ { , . . . , k } with ( Z : i ) ∈ A . Essentially, s (cid:4) A t means that t can be reached from s by taking β -reductionsat the root and “subterm”-steps, where Z : i is in A whenever we pass intoargument i of a meta-variable Z . BRSMTs are used to generate candidates : Definition 24 (Candidates).
For a meta-term s , the set cand ( s ) of candidatesof s consists of those pairs t ( A ) such that (a) t has the form f s · · · s k with f ∈ D and k = minar ( f ) , and (b) there are s k +1 , . . . , s n (with n ≥ k ) such that s (cid:4) A t s k +1 · · · s n , and (c) A is minimal: there is no subset A (cid:48) (cid:40) A with s (cid:4) A (cid:48) t .Example 25. In AFSMs where all meta-variables have arity 0 and the right-handsides of rules are β -normal, the set cand ( s ) for a meta-term s consists exactly of thepairs t ( ∅ ) where t has the form f s · · · s minar ( f ) and t occurs as part of s . In Ex. 8,we thus have cand ( G H ( λm. rec ( H m ) K F G )) = { rec ( H m ) K F G ( ∅ ) } .If some of the meta-variables do take arguments, then the meta-variableconditions matter: candidates of s are pairs t ( A ) where A contains exactly thosepairs Z : i for which we pass through the i th argument of Z to reach t in s . Example 26.
Consider an AFSM with the signature from Ex. 8 but a rule usingmeta-variables with larger arities: rec ( lim ( λn.H (cid:104) n (cid:105) )) K ( λx.λn.F (cid:104) x, n (cid:105) ) ( λf.λg.G (cid:104) f, g (cid:105) ) ⇒ G (cid:104) λn.H (cid:104) n (cid:105) , λm. rec H (cid:104) m (cid:105) K ( λx.λn.F (cid:104) x, n (cid:105) ) ( λf.λg.G (cid:104) f, g (cid:105) ) (cid:105) The right-hand side has one candidate: rec H (cid:104) m (cid:105) K ( λx.λn.F (cid:104) x, n (cid:105) ) ( λf.λg.G (cid:104) f, g (cid:105) ) ( { G : 2 } )The original static approaches define DPs as pairs (cid:96) (cid:93) (cid:86) p (cid:93) where (cid:96) ⇒ r is arule and p a subterm of r of the form f r · · · r m – as their rules are built usingterms, not meta-terms. This can set variables bound in r free in p . In the currentsetting, we use candidates with their meta-variable conditions and implicit β -stepsrather than subterms, and we replace such variables by meta-variables. static higher-order dependency pair framework (extended version) 13 Definition 27 (
SDP ). Let s be a meta-term and ( F , R ) be an AFSM. Letmetafy ( s ) denote s with all free variables replaced by corresponding meta-variables.Now SDP ( R ) = { (cid:96) (cid:93) (cid:86) metafy ( p (cid:93) ) ( A ) | (cid:96) ⇒ r ∈ R ∧ p ( A ) ∈ cand ( r ) } . Although static DPs always have a pleasant form f (cid:93) (cid:96) · · · (cid:96) k (cid:86) g (cid:93) p · · · p n ( A )(as opposed to the dynamic DPs of, e.g., [31], whose right-hand sides can have ameta-variable at the head, which complicates various techniques in the framework),they have two important complications not present in first-order DPs: the right-hand side p of a DP (cid:96) (cid:86) p ( A ) may contain meta-variables that do not occur inthe left-hand side (cid:96) – traditional analysis techniques are not really equipped forthis – and the left- and right-hand sides may have different types. In § Example 28.
For the non- η -expanded rules of Ex. 17, the set SDP ( R ) has oneelement: deriv (cid:93) ( λx. sin F (cid:104) x (cid:105) ) (cid:86) deriv (cid:93) ( λx.F (cid:104) x (cid:105) ). (As times and cos are notdefined symbols, they do not generate dependency pairs.) The set SDP ( R ↑ ) forthe η -expanded rules is { deriv (cid:93) ( λx. sin F (cid:104) x (cid:105) ) Y (cid:86) deriv (cid:93) ( λx.F (cid:104) x (cid:105) ) Y } . Toobtain the relevant candidate, we used the β -reduction step of BRSMTs. Example 29.
The AFSM from Ex. 8 is AFP following Ex. 19; here
SDP ( R ) is: rec (cid:93) ( s X ) K F G (cid:86) rec (cid:93)
X K F G ( ∅ ) rec (cid:93) ( lim H ) K F G (cid:86) rec (cid:93) ( H M ) K F G ( ∅ )Note that the right-hand side of the second DP contains a meta-variable that isnot on the left. As we will see in Ex. 64, that is not problematic here.Termination analysis using dependency pairs importantly considers the notionof a dependency chain . This notion is fairly similar to the first-order setting: Definition 30 (Dependency chain).
Let P be a set of DPs and R a set ofrules. A (finite or infinite) ( P , R )-dependency chain (or just ( P , R ) -chain) isa sequence [( (cid:96) (cid:86) p ( A ) , s , t ) , ( (cid:96) (cid:86) p ( A ) , s , t ) , . . . ] where each (cid:96) i (cid:86) p i ( A i ) ∈ P and all s i , t i are terms, such that for all i :1. there exists a substitution γ on domain FMV ( (cid:96) i ) ∪ FMV ( p i ) such that s i = (cid:96) i γ, t i = p i γ and for all Z ∈ dom ( γ ) : γ ( Z ) respects A i ;2. we can write t i = f u · · · u n and s i +1 = f w · · · w n and each u j ⇒ ∗R w j .Example 31. In the (first) AFSM from Ex. 6, we have
SDP ( R ) = { map (cid:93) ( λx.Z (cid:104) x (cid:105) )( cons H T ) (cid:86) map (cid:93) ( λx.Z (cid:104) x (cid:105) ) T } . An example of a finite dependency chain is[( ρ, s , t ) , ( ρ, s , t )] where ρ is the one DP, s = map (cid:93) ( λx. s x ) ( cons 0 ( cons ( s 0 )( map ( λx.x ) nil ))) and t = map (cid:93) ( λx. s x ) ( cons ( s 0 ) ( map ( λx.x ) nil )) and s = map (cid:93) ( λx. s x ) ( cons ( s 0 ) nil ) and t = map (cid:93) ( λx. s x ) nil .Note that here t reduces to s in a single step ( map ( λx.x ) nil ⇒ R nil ).We have the following key result: Theorem 32.
Let ( F , R ) be a PA-AFP AFSM. If ( F , R ) is non-terminating,then there is an infinite ( SDP ( R ) , R ) -dependency chain. Proof (sketch).
The proof is an adaptation of the one in [34], altered for the morepermissive definition of accessible function passing over plain function passing aswell as the meta-variable conditions; it also follows from Thm. 37 below. (cid:117)(cid:116)
By this result we can use dependency pairs to prove termination of a givenproperly applied and AFP AFSM: if we can prove that there is no infinite(
SDP ( R ) , R )-chain, then termination follows immediately. Note, however, thatthe reverse result does not hold: it is possible to have an infinite ( SDP ( R ) , R )-dependency chain even for a terminating PA-AFP AFSM. Example 33.
Let
F ⊇ { , : nat , f : nat → nat , g : ( nat → nat ) → nat } and R = { f 0 ⇒ g ( λx. f x ) , g ( λx.F (cid:104) x (cid:105) ) ⇒ F (cid:104) (cid:105)} . This AFSM is PA-AFP, with SDP ( R ) = { f (cid:93) (cid:86) g (cid:93) ( λx. f x ) , f (cid:93) (cid:86) f (cid:93) X } ; the second rule does not cause theaddition of any dependency pairs. Although ⇒ R is terminating, there is an infinite( SDP ( R ) , R )-chain [( f (cid:93) (cid:86) f (cid:93) X, f (cid:93) , f (cid:93) ) , ( f (cid:93) (cid:86) f (cid:93) X, f (cid:93) , f (cid:93) ) , . . . ].The problem in Ex. 33 is the non-conservative DP f (cid:93) (cid:86) f (cid:93) X , with X on theright but not on the left. Such DPs arise from abstractions in the right-hand sidesof rules. Unfortunately, abstractions are introduced by the restricted η -expansion(Def. 15) that we may need to make an AFSM properly applied. Even so, oftenall DPs are conservative, like Ex. 6 and 17. There, we do have the inverse result: Theorem 34.
For any AFSM ( F , R ) : if there is an infinite ( SDP ( R ) , R ) -chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ] with all ρ i conservative, then ⇒ R is non-terminating.Proof (sketch). If FMV ( p i ) ⊆ FMV ( (cid:96) i ), then we can see that s i ⇒ R · ⇒ ∗ β t (cid:48) i forsome term t (cid:48) i of which t i is a subterm. Since also each t i ⇒ ∗R s i +1 , the infinitechain induces an infinite reduction s ⇒ + R t (cid:48) ⇒ ∗R s (cid:48) ⇒ + R t (cid:48)(cid:48) ⇒ ∗R . . . . (cid:117)(cid:116) The core of the dependency pair framework is to systematically simplify a setof pairs ( P , R ) to prove either absence or presence of an infinite ( P , R )-chain,thus showing termination or non-termination as appropriate. By Theorems 32and 34 we can do so, although with some conditions on the non-terminationresult. We can do better by tracking certain properties of dependency chains. Definition 35 (Minimal and Computable chains).
Let ( F , U ) be an AFSMand C U an RC-set satisfying the properties of Thm. 13 for ( F , U ) . Let F contain,for every type σ , at least countably many symbols f : σ not used in U .A ( P , R ) -chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ] is U -computable if: ⇒ U ⊇ ⇒ R ,and for all i ∈ N there exists a substitution γ i such that ρ i = (cid:96) i (cid:86) p i ( A i ) with s i = (cid:96) i γ i and t i = p i γ i , and ( λx . . . x n .v ) γ i is C U -computable for all v and B such that p i (cid:4) B v , γ i respects B , and FV ( v ) = { x , . . . , x n } .A chain is minimal if the strict subterms of all t i are terminating under ⇒ R . In the first-order DP framework, minimal chains give access to several powerfultechniques to prove absence of infinite chains, such as the subterm criterion [24]and usable rules [22,24].
Computable chains go a step further, by building onthe computability inherent in the proof of Thm. 32 and the notion of accessible static higher-order dependency pair framework (extended version) 15 function passing
AFSMs. In computable chains, we can require that (some of) thesubterms of all t i are computable rather than merely terminating . This propertywill be essential in the computable subterm criterion processor (Thm. 63).Another property of dependency chains is the use of formative rules , whichhas proven very useful for dynamic DPs [31]. Here we go further and consider formative reductions , which were introduced for the first-order DP framework in[16]. This property will be essential in the formative rules processor (Thm. 58). Definition 36 (Formative chain, formative reduction). A ( P , R ) -chain [( (cid:96) (cid:86) p ( A ) , s , t ) , ( (cid:96) (cid:86) p ( A ) , s , t ) , . . . ] is formative if for all i , thereduction t i ⇒ ∗R s i +1 is (cid:96) i +1 -formative. Here, for a pattern (cid:96) , substitution γ andterm s , a reduction s ⇒ ∗R (cid:96)γ is (cid:96) -formative if one of the following holds: – (cid:96) is not a fully extended linear pattern; that is: some meta-variable occursmore than once in (cid:96) or (cid:96) has a sub-meta-term λx.C [ Z (cid:104) s (cid:105) ] with x / ∈ { s } – (cid:96) is a meta-variable application Z (cid:104) x , . . . , x k (cid:105) and s = (cid:96)γ – s = a s · · · s n and (cid:96) = a (cid:96) · · · (cid:96) n with a ∈ F (cid:93) ∪ V and each s i ⇒ ∗R (cid:96) i γ by an (cid:96) i -formative reduction – s = λx.s (cid:48) and (cid:96) = λx.(cid:96) (cid:48) and s (cid:48) ⇒ ∗R (cid:96) (cid:48) γ by an (cid:96) (cid:48) -formative reduction – s = ( λx.u ) v w · · · w n and u [ x := v ] w · · · w n ⇒ ∗R (cid:96)γ by an (cid:96) -formativereduction – (cid:96) is not a meta-variable application, and there are (cid:96) (cid:48) ⇒ r (cid:48) ∈ R , meta-variables Z . . . Z n ( n ≥ ) and δ such that s ⇒ ∗R ( (cid:96) (cid:48) Z · · · Z n ) δ by an ( (cid:96) (cid:48) Z · · · Z n ) -formative reduction, and ( r (cid:48) Z · · · Z n ) δ ⇒ ∗R (cid:96)γ by an (cid:96) -formative reduction. The idea of a formative reduction is to avoid redundant steps: if s ⇒ ∗R (cid:96)γ byan (cid:96) -formative reduction, then this reduction takes only the steps needed to obtainan instance of (cid:96) . Suppose that we have rules plus 0 Y ⇒ Y, plus ( s X ) Y ⇒ s ( plus X Y ). Let (cid:96) := g 0 X and t := plus 0 0 . Then the reduction g t t ⇒ R g 0 t is (cid:96) -formative: we must reduce the first argument to get an instance of (cid:96) . Thereduction g t t ⇒ R g t ⇒ R g 0 0 is not (cid:96) -formative, because the reduction in thesecond argument does not contribute to the non-meta-variable positions of (cid:96) . Thismatters when we consider (cid:96) as the left-hand side of a rule, say g 0 X ⇒ : if wereduce g t t ⇒ R g t ⇒ R g 0 0 ⇒ R , then the first step was redundant: removingthis step gives a shorter reduction to the same result: g t t ⇒ R g 0 t ⇒ R . Inan infinite reduction, redundant steps may also be postponed indefinitely.We can now strengthen the result of Thm. 32 with two new properties. Theorem 37.
Let ( F , R ) be a properly applied , accessible function passing AFSM. If ( F , R ) is non-terminating, then there is an infinite R -computableformative ( SDP ( R ) , R ) -dependency chain.Proof (sketch). We select a minimal non-computable (MNC) term s := f s · · · s k (where all s i are C R -computable) and an infinite reduction starting in s . Then westepwise build an infinite dependency chain, as follows. Since s is non-computablebut each s i terminates (as computability implies termination), there exist a rule f (cid:96) · · · (cid:96) k ⇒ r and substitution γ such that each s i ⇒ ∗R (cid:96) i γ and rγ is non-computable. We can then identify a candidate t ( A ) of r such that γ respects A and tγ is a MNC subterm of rγ ; we continue the process with tγ (or a term at itshead). For the formative property, we note that if s ⇒ ∗R (cid:96)γ and u is terminating,then u ⇒ ∗R (cid:96)δ by an (cid:96) -formative reduction for substitution δ such that each δ ( Z ) ⇒ ∗R γ ( Z ). This follows by postponing those reduction steps not needed toobtain an instance of (cid:96) . The resulting infinite chain is R -computable because wecan show, by induction on the definition of (cid:4) acc , that if (cid:96) ⇒ r is an AFP ruleand (cid:96)γ is a MNC term, then γ ( Z ) is C R -computable for all Z ∈ FMV ( r ). (cid:117)(cid:116) As it is easily seen that all C U -computable terms are ⇒ U -terminating andtherefore ⇒ R -terminating, every U -computable ( P , R )-dependency chain is alsominimal. The notions of R -computable and formative chains still do not sufficeto obtain a true inverse result, however (i.e., to prove that termination impliesthe absence of an infinite R -computable chain over SDP ( R )): the infinite chainin Ex. 33 is R -computable.To see why the two restrictions that the AFSM must be properly applied and accessible function passing are necessary, consider the following examples. Example 38.
Consider
F ⊇ { fix : (( o → o ) → o → o ) → o → o } and R = { fix F X ⇒ F ( fix F ) X } . This AFSM is not properly applied; it is also notterminating, as can be seen by instantiating F with λy.y . However, it does nothave any static DPs, since fix F is not a candidate. Even if we altered thedefinition of static DPs to admit a dependency pair fix (cid:93) F X (cid:86) fix (cid:93) F , thispair could not be used to build an infinite dependency chain.Note that the problem does not arise if we study the η -expanded rules R ↑ = { fix F X ⇒ F ( λz. fix F z ) X } , as the dependency pair fix (cid:93) F X (cid:86) fix (cid:93)
F Z does admit an infinite chain. Unfortunately, as the one dependency pair does notsatisfy the conditions of Thm. 34, we cannot use this to prove non-termination.
Example 39.
The AFSM from Ex. 20 is not accessible function passing, since
Acc ( lm ) = ∅ . This is good because the set SDP ( R ) is empty, which would leadus to falsely conclude termination without the restriction. Discussion:
Thm. 37 transposes the work of [34,46] to AFSMs and extends itby using a more liberal restriction, by limiting interest to formative , R -computable chains, and by including meta-variable conditions. Both of these new propertiesof chains will support new termination techniques within the DP framework.The relationship with the works for functional programming [32,33] is lessclear: they define a different form of chains suited well to polymorphic systems,but which requires more intricate reasoning for non-polymorphic systems, asDPs can be used for reductions at the head of a term. It is not clear whetherthere are non-polymorphic systems that can be handled with one and not theother. The notions of formative and R -computable chains are not consideredthere; meta-variable conditions are not relevant to their λ -free formalism. static higher-order dependency pair framework (extended version) 17 In first-order term rewriting, the DP framework [20] is an extendable frameworkto prove termination and non-termination. As observed in the introduction, DPanalyses in higher-order rewriting typically go beyond the initial DP approach [2], but fall short of the full framework . Here, we define the latter for static DPs.Complete versions of all proof sketches in this section are available in Appendix C.We have now reduced the problem of termination to non-existence of certainchains. In the DP framework, we formalise this in the notion of a
DP problem : Definition 40 (DP problem). A DP problem is a tuple ( P , R , m, f ) with P a set of DPs, R a set of rules, m ∈ { minimal , arbitrary } ∪ { computable U | any set of rules U} , and f ∈ { formative , all } . A DP problem ( P , R , m, f ) is finite if there exists no infinite ( P , R ) -chainthat is U -computable if m = computable U , is minimal if m = minimal , and isformative if f = formative . It is infinite if R is non-terminating, or if thereexists an infinite ( P , R ) -chain where all DPs used in the chain are conservative.To capture the levels of permissiveness in the m flag, we use a transitive-reflexive relation (cid:23) generated by computable U (cid:23) minimal (cid:23) arbitrary . Thus, the combination of Theorems 37 and 34 can be rephrased as: anAFSM ( F , R ) is terminating if ( SDP ( R ) , R , computable R , formative ) is fi-nite, and is non-terminating if ( SDP ( R ) , R , m, f ) is infinite for some m ∈{ computable U , minimal , arbitrary } and f ∈ { formative , all } . The core idea of the DP framework is to iteratively simplify a set of DPproblems via processors until nothing remains to be proved:
Definition 41 (Processor). A dependency pair processor (or just processor ) isa function that takes a DP problem and returns either NO or a set of DP problems.A processor Proc is sound if a DP problem M is finite whenever Proc ( M ) (cid:54) = NO and all elements of Proc ( M ) are finite. A processor Proc is complete if a DPproblem M is infinite whenever Proc ( M ) = NO or contains an infinite element. To prove finiteness of a DP problem M with the DP framework, we proceedanalogously to the first-order DP framework [22]: we repeatedly apply sound DPprocessors starting from M until none remain. That is, we execute the followingrough procedure: (1) let A := { M } ; (2) while A (cid:54) = ∅ : select a problem Q ∈ A anda sound processor Proc with
Proc ( Q ) (cid:54) = NO , and let A := ( A \ { Q } ) ∪ Proc ( Q ). Ifthis procedure terminates, then M is a finite DP problem. Our framework is implicitly parametrised by the signature F (cid:93) used for term formation.As none of the processors we present modify this component (as indeed there is noneed to by Thm. 9), we leave it implicit. The processors in this paper do not alter the flag m , but some require minimality orcomputability. We include the minimal option and the subscript U for the sake offuture generalisations, and for reuse of processors in the dynamic approach of [31].8 Carsten Fuhs and Cynthia Kop To prove termination of an AFSM ( F , R ), we would use as initial DP problem( SDP ( R ) , R , computable R , formative ), provided that R is properly applied andaccessible function passing (where η -expansion following Def. 15 may be appliedfirst). If the procedure terminates – so finiteness of M is proved by the definitionof soundness – then Thm. 37 provides termination of ⇒ R .Similarly, we can use the DP framework to prove infiniteness: (1) let A := { M } ;(2) while A (cid:54) = NO : select a problem Q ∈ A and a complete processor Proc , andlet A := NO if Proc ( Q ) = NO , or A := ( A \ { Q } ) ∪ Proc ( Q ) otherwise. Fornon-termination of ( F , R ), the initial DP problem should be ( SDP ( R ) , R , m, f ),where m, f can be any flag (see Thm. 34). Note that the algorithms coincide whileprocessors are used that are both sound and complete. In a tool, automation (orthe user) must resolve the non-determinism and select suitable processors.Below, we will present a number of processors within the framework. We willtypically present processors by writing “for a DP problem M satisfying X , Y , Z , Proc ( M ) = . . . ”. In these cases, we let Proc ( M ) = { M } for any problem M notsatisfying the given properties. Many more processors are possible, but we havechosen to present a selection which touches on all aspects of the DP framework: – processors which map a DP problem to NO (Thm. 65), a singleton set (mostprocessors) and a non-singleton set (Thm. 42); – changing the set R (Thm. 58, 54) and various flags (Thm. 54); – using specific values of the f (Thm. 58) and m flags (Thm. 61, 54, 63); – using term orderings (Thm. 49, 52), a key part of many termination proofs. We can leverage reachability information to decompose
DP problems. In first-order rewriting, a graph structure is used to track which DPs can possibly followone another in a chain [2]. Here, we define this dependency graph as follows.
Definition 42 (Dependency graph).
A DP problem ( P , R , m, f ) induces agraph structure DG, called its dependency graph , whose nodes are the elementsof P . There is a (directed) edge from ρ to ρ in DG iff there exist s , t , s , t such that [( ρ , s , t ) , ( ρ , s , t )] is a ( P , R ) -chain with the properties for m, f .Example 43. Consider an AFSM with
F ⊇ { f : ( nat → nat ) → nat → nat } and R = { f ( λx.F (cid:104) x (cid:105) ) ( s Y ) ⇒ F (cid:104) f ( λx. ) ( f ( λx.F (cid:104) x (cid:105) ) Y ) (cid:105)} . Let P := SDP ( R ) = (cid:26) (1) f (cid:93) ( λx.F (cid:104) x (cid:105) ) ( s Y ) (cid:86) f (cid:93) ( λx. ) ( f ( λx.F (cid:104) x (cid:105) ) Y ) ( { F : 1 } )(2) f (cid:93) ( λx.F (cid:104) x (cid:105) ) ( s Y ) (cid:86) f (cid:93) ( λx.F (cid:104) x (cid:105) ) Y ( { F : 1 } ) (cid:27) The dependency graph of ( P , R , minimal , formative ) is:(1) (2)There is no edge from (1) to itself or (2) because there is no substitution γ suchthat ( λx. ) γ can be reduced to a term ( λx.F (cid:104) x (cid:105) ) δ where δ ( F ) regards its firstargument (as ⇒ ∗R cannot introduce new variables). static higher-order dependency pair framework (extended version) 19 In general, the dependency graph for a given DP problem is undecidable,which is why we consider approximations . Definition 44 (Dependency graph approximation [31]).
A finite graph G θ approximates DG if θ is a function that maps the nodes of DG to the nodesof G θ such that, whenever DG has an edge from ρ to ρ , G θ has an edge from θ ( ρ ) to θ ( ρ ) . ( G θ may have edges that have no corresponding edge in DG.) Note that this definition allows for an infinite graph to be approximatedby a finite one; infinite graphs may occur if R is infinite (e.g., the union of allsimply-typed instances of polymorphic rules).If P is finite, we can take a graph approximation G id with the same nodes as DG . A simple approximation may have an edge from (cid:96) (cid:86) p ( A ) to (cid:96) (cid:86) p ( A )whenever both p and (cid:96) have the form f (cid:93) s · · · s k for the same f and k . However,one can also take the meta-variable conditions into account, as we did in Ex. 43. Theorem 45 (Dependency graph processor).
The processor Proc G θ thatmaps a DP problem M = ( P , R , m, f ) to { ( { ρ ∈ P | θ ( ρ ) ∈ C i } , R , m, f ) | ≤ i ≤ n } if G θ is an approximation of the dependency graph of M and C , . . . , C n are the (nodes of the) non-trivial strongly connected components (SCCs) of G θ ,is both sound and complete.Proof (sketch). In an infinite ( P , R )-chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ], there isalways a path from ρ i to ρ i +1 in DG. Since G θ is finite, every infinite path in DG eventually remains in a cycle in G θ . This cycle is part of an SCC. (cid:117)(cid:116) Example 46.
Let R be the set of rules from Ex. 43 and G be the graph given there.Then Proc G ( SDP ( R ) , R , computable R , formative ) = { ( { f (cid:93) ( λx.F (cid:104) x (cid:105) ) ( s Y ) (cid:86) f (cid:93) ( λx.F (cid:104) x (cid:105) ) Y ( { F : 1 } ) } , R , computable R , formative ) } . Example 47.
Let R consist of the rules for map from Ex. 6 along with f L ⇒ map ( λx. g x ) L and g X ⇒ X . Then SDP ( R ) = { (1) map (cid:93) ( λx.Z (cid:104) x (cid:105) ) ( cons H T ) (cid:86) map (cid:93) ( λx.Z (cid:104) x (cid:105) ) T, (2) f (cid:93) L (cid:86) map (cid:93) ( λx. g x ) L, (3) f (cid:93) L (cid:86) g (cid:93) X } . DP (3)is not conservative, but it is not on any cycle in the graph approximation G id obtained by considering head symbols as described above:(3) (2) (1)As (1) is the only DP on a cycle, Proc
SDP G id ( SDP ( R ) , R , computable R , formative ) = { ( { (1) } , R , computable R , formative ) } . Discussion:
The dependency graph is a powerful tool for simplifying DPproblems, used since early versions of the DP approach [2]. Our notion of adependency graph approximation, taken from [31], strictly generalises the originalnotion in [2], which uses a graph on the same node set as DG with possiblyfurther edges. One can get this notion here by using a graph G id . The advantageof our definition is that it ensures soundness of the dependency graph processoralso for infinite sets of DPs. This overcomes a restriction in the literature [34,Corollary 5.13] to dependency graphs without non-cyclic infinite paths. At the heart of most DP-based approaches to termination proving lie well-foundedorderings to delete DPs (or rules). For this, we use reduction triples [24,31].
Definition 48 (Reduction triple). A reduction triple ( (cid:37) , (cid:60) , (cid:31) ) consists oftwo quasi-orderings (cid:37) and (cid:60) and a well-founded strict ordering (cid:31) on meta-termssuch that (cid:37) is monotonic, all of (cid:37) , (cid:60) , (cid:31) are meta-stable (that is, (cid:96) (cid:37) r implies (cid:96)γ (cid:37) rγ if (cid:96) is a closed pattern and γ a substitution on domain FMV ( (cid:96) ) ∪ FMV ( r ) ,and the same for (cid:60) and (cid:31) ), ⇒ β ⊆ (cid:37) , and both (cid:37) ◦ (cid:31) ⊆ (cid:31) and (cid:60) ◦ (cid:31) ⊆ (cid:31) . In the first-order DP framework, the reduction pair processor [20] seeks toorient all rules with (cid:37) and all DPs with either (cid:37) or (cid:31) ; if this succeeds, thosepairs oriented with (cid:31) may be removed. Using reduction triples rather than pairs,we obtain the following extension to the higher-order setting: Theorem 49 (Basic reduction triple processor).
Let M = ( P (cid:93) P , R , m,f ) be a DP problem. If ( (cid:37) , (cid:60) , (cid:31) ) is a reduction triple such that1. for all (cid:96) ⇒ r ∈ R , we have (cid:96) (cid:37) r ;2. for all (cid:96) (cid:86) p ( A ) ∈ P , we have (cid:96) (cid:31) p ;3. for all (cid:96) (cid:86) p ( A ) ∈ P , we have (cid:96) (cid:60) p ;then the processor that maps M to { ( P , R , m, f ) } is both sound and complete.Proof (sketch). For an infinite ( P (cid:93) P , R )-chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ] therequirements provide that, for all i : (a) s i (cid:31) t i if ρ i ∈ P ; (b) s i (cid:60) t i if ρ i ∈ P ;and (c) t i (cid:37) s i +1 . Since (cid:31) is well-founded, only finitely many DPs can be in P ,so a tail of the chain is actually an infinite ( P , R , m, f )-chain. (cid:117)(cid:116) Example 50.
Let ( F , R ) be the (non- η -expanded) rules from Ex. 17, and SDP ( R )the DPs from Ex. 28. From Thm. 49, we get the following ordering requirements: deriv ( λx. sin F (cid:104) x (cid:105) ) (cid:37) λy. times ( deriv ( λx.F (cid:104) x (cid:105) ) y ) ( cos F (cid:104) y (cid:105) ) deriv (cid:93) ( λx. sin F (cid:104) x (cid:105) ) (cid:31) deriv (cid:93) ( λx.F (cid:104) x (cid:105) )We can handle both requirements by using a polynomial interpretation J to N [43,15], by choosing J sin ( n ) = n +1, J cos ( n ) = 0, J times ( n , n ) = n , J deriv ( f ) = J deriv (cid:93) ( f ) = λn.f ( n ). Then the requirements are evaluated to: λn.f ( n ) + 1 ≥ λn.f ( n ) and λn.f ( n ) + 1 > λn.f ( n ), which holds on N .Thm. 49 is not ideal since, by definition, the left- and right-hand side of a DPmay have different types. Such DPs are hard to handle with traditional techniquessuch as HORPO [26] or polynomial interpretations [43,15], as these methodscompare only (meta-)terms of the same type (modulo renaming of sorts). Example 51.
Consider the toy AFSM with R = { f ( s X ) Y ⇒ g X Y, g X ⇒ λz. f X z } and SDP ( R ) = { f (cid:93) ( s X ) Y (cid:86) g (cid:93) X, g (cid:93) X (cid:86) f (cid:93) X Z } . If f and g both have a type nat → nat → nat , then in the first DP, the left-hand side hastype nat while the right-hand side has type nat → nat . In the second DP, theleft-hand side has type nat → nat and the right-hand side has type nat .To be able to handle examples like the one above, we adapt [31, Thm. 5.21]by altering the ordering requirements to have base type. static higher-order dependency pair framework (extended version) 21 Theorem 52 (Reduction triple processor).
Let
Bot be a set {⊥ σ : σ | σ a type } ⊆ F (cid:93) of unused constructors, M = ( P (cid:93) P , R , m, f ) a DP problemand ( (cid:37) , (cid:60) , (cid:31) ) a reduction triple such that: (a) for all (cid:96) ⇒ r ∈ R , we have (cid:96) (cid:37) r ; and (b) for all (cid:96) (cid:86) p ( A ) ∈ P (cid:93) P with (cid:96) : σ → . . . → σ m → ι and p : τ → . . . → τ n → κ we have, for fresh meta-variables Z : σ , . . . , Z m : σ m : – (cid:96) Z · · · Z m (cid:31) p ⊥ τ · · · ⊥ τ n if (cid:96) (cid:86) p ( A ) ∈ P – (cid:96) Z · · · Z m (cid:60) p ⊥ τ · · · ⊥ τ n if (cid:96) (cid:86) p ( A ) ∈ P Then the processor that maps M to { ( P , R , m, f ) } is both sound and complete.Proof (sketch). If ( (cid:37) , (cid:60) , (cid:31) ) is such a triple, then for R ∈ { (cid:60) , (cid:31)} define R (cid:48) as follows: for s : σ → . . . → σ m → ι and t : τ → . . . → τ n → κ , let s R (cid:48) t if for all u : σ , . . . , u m : σ m there exist w : τ , . . . , w n : τ n such that s u · · · u m R t w · · · w n . Now apply Thm. 49 with the triple ( (cid:37) , (cid:60) (cid:48) , (cid:31) (cid:48) ). (cid:117)(cid:116) Here, the elements of
Bot take the role of minimal terms for the ordering. Weuse them to flatten the type of the right-hand sides of ordering requirements,which makes it easier to use traditional methods to generate a reduction triple.While (cid:31) and (cid:60) may still have to orient meta-terms of distinct types, theseare always base types, which we could collapse to a single sort. The only relationrequired to be monotonic, (cid:37) , regards pairs of meta-terms of the same type. Thismakes it feasible to apply orderings like HORPO or polynomial interpretations.Both the basic and non-basic reduction triple processor are difficult to use for non-conservative
DPs, which generate ordering requirements whose right-handside contains a meta-variable not occurring on the left. This is typically difficultfor traditional techniques, although possible to overcome, by choosing triplesthat do not regard such meta-variables (e.g., via an argument filtering [35,46]):
Example 53.
We apply Thm. 52 on the DP problem (
SDP ( R ) , R , computable R , formative ) of Ex. 51. This gives for instance the following ordering requirements: f ( s X ) Y (cid:37) g X Y f (cid:93) ( s X ) Y (cid:31) g (cid:93) X ⊥ nat g X (cid:37) λz. f X z g (cid:93) X Y (cid:60) f (cid:93) X Z
The right-hand side of the last DP uses a meta-variable Z that does not occur onthe left. As neither (cid:31) nor (cid:60) are required to be monotonic (only (cid:37) is), functionsymbols do not have to regard all their arguments. Thus, we can use a polynomialinterpretation J to N with J ⊥ nat = 0, J s ( n ) = n + 1 and J h ( n , n ) = n for h ∈ { f , f (cid:93) , g , g (cid:93) } . The ordering requirements then translate to X + 1 ≥ X and λy.X ≥ λz.X for the rules, and X + 1 > X and X ≥ X for the DPs. Allthese inequalities on N are clearly satisfied, so we can remove the first DP. Theremaining problem is quickly dispersed with the dependency graph processor. While processors often simplify only P , they can also simplify R . One of themost powerful techniques in first-order DP approaches that can do this are usablerules . The idea is that for a given set P of DPs, we only need to consider a subsetUR ( P , R ) of R . Combined with the dependency graph processor, this makes itpossible to split a large term rewriting system into a number of small problems. In the higher-order setting, simple versions of usable rules have also beendefined [46,31]. We can easily extend these definitions to AFSMs:
Theorem 54.
Given a DP problem M = ( P , R , m, f ) with m (cid:23) minimal and R finite, let UR ( P , R ) be the smallest subset of R such that: – if a symbol f occurs in the right-hand side of an element of P or UR ( P , R ) ,and there is a rule f (cid:96) · · · (cid:96) k ⇒ r , then this rule is also in UR ( P , R ) ; – if there exists (cid:96) ⇒ r ∈ R or (cid:96) (cid:86) r ( A ) ∈ P such that r (cid:4) F (cid:104) s , . . . , s k (cid:105) t · · · t n with s , . . . , s k not all distinct variables or with n > , then UR ( P , R ) = R .Then the processor that maps M to { ( P , UR ( P , R ) , arbitrary , all ) } is sound. For the proof we refer to the very similar proofs in [46,31].
Example 55.
For the set
SDP ( R ) of the ordinal recursion example (Ex. 8 and29), all rules are usable due to the occurrence of H M in the second DP. For theset
SDP ( R ) of the map example (Ex. 6 and 31), there are no usable rules, sincethe one DP contains no defined function symbols or applied meta-variables.This higher-order processor is much less powerful than its first-order version: ifany DP or usable rule has a sub-meta-term of the form F s or F (cid:104) s , . . . , s k (cid:105) with s , . . . , s k not all distinct variables, then all rules are usable. Since applying ahigher-order meta-variable to some argument is extremely common in higher-orderrewriting, the technique is usually not applicable. Also, this processor imposes aheavy price on the flags: minimality (at least) is required, but is lost; the formativeflag is also lost. Thus, usable rules are often combined with reduction triples totemporarily disregard rules, rather than as a way to permanently remove rules.To address these weaknesses, we consider a processor that uses similar ideasto usable rules, but operates from the left-hand sides of rules and DPs rather thanthe right. This adapts the technique from [31] that relies on the new formative flag. As in the first-order case [16], we use a semantic characterisation of formativerules. In practice, we then work with over-approximations of this characterisation,analogous to the use of dependency graph approximations in Thm. 45. Definition 56.
A function FR that maps a pattern (cid:96) and a set of rules R toa set FR ( (cid:96), R ) ⊆ R is a formative rules approximation if for all s and γ : if s ⇒ ∗R (cid:96)γ by an (cid:96) -formative reduction, then this reduction can be done using onlyrules in FR ( (cid:96), R ) .We let FR ( P , R ) = (cid:83) { FR ( (cid:96) i , R ) | f (cid:96) · · · (cid:96) n (cid:86) p ( A ) ∈ P ∧ ≤ i ≤ n } . Thus, a formative rules approximation is a subset of R that is sufficient for aformative reduction: if s ⇒ ∗R (cid:96)γ , then s ⇒ ∗ FR ( (cid:96), R ) (cid:96)γ . It is allowed for there toexist other formative reductions that do use additional rules. Example 57.
We define a simple formative rules approximation: (1) FR ( Z, R ) = ∅ if Z is a meta-variable; (2) FR ( f (cid:96) · · · (cid:96) m , R ) = FR ( (cid:96) , R ) ∪ · · · ∪ FR ( (cid:96) m , R ) if f : σ → . . . → σ m → ι and no rules have type ι ; (3) FR ( s, R ) = R otherwise.This is a formative rules approximation: if s ⇒ ∗R Zγ by a Z -formative reduction,then s = Zγ , and if s ⇒ ∗R f (cid:96) · · · (cid:96) m and no rules have the same output type as s , then s = f s · · · s m and each s i ⇒ ∗R (cid:96) i γ (by an (cid:96) i -formative reduction). static higher-order dependency pair framework (extended version) 23 The following result follows directly from the definition of formative rules.
Theorem 58 (Formative rules processor).
For a formative rules approxim-ation FR, the processor Proc FR that maps a DP problem ( P , R , m, formative ) to { ( P , FR ( P , R ) , m, formative ) } is both sound and complete.Proof (sketch). A processor that only removes rules (or DPs) is always complete.For soundness, if the chain is formative then each step t i ⇒ ∗R s i +1 can be replacedby t i ⇒ ∗ FR ( P , R ) s i +1 . Thus, the chain can be seen as a ( P , FR ( P , R ))-chain. (cid:117)(cid:116) Example 59.
For our ordinal recursion example (Ex. 8 and 29), none of therules are included when we use the approximation of Ex. 57 since all rules haveoutput type ord . Thus,
Proc FR maps ( SDP ( R ) , R , computable R , formative ) to( SDP ( R ) , ∅ , computable R , formative ). Note: this example can also be completedwithout formative rules (see Ex. 64). Here we illustrate that, even with a simpleformative rules approximation, we can often delete all rules of a given type.Formative rules are introduced in [31], and the definitions can be adapted toa more powerful formative rules approximation than the one sketched in Ex. 59.Several examples and deeper intuition for the first-order setting are given in [16].
Reduction triple processors are powerful, but they exert a computational price:we must orient all rules in R . The subterm criterion processor allows us to removeDPs without considering R at all. It is based on a projection function [24], whosehigher-order counterpart [34,46,31] is the following: Definition 60.
For P a set of DPs, let heads ( P ) be the set of all symbols f thatoccur as the head of a left- or right-hand side of a DP in P . A projection function for P is a function ν : heads ( P ) → N such that for all DPs (cid:96) (cid:86) p ( A ) ∈ P , thefunction ν with ν ( f s · · · s n ) = s ν ( f ) is well-defined both for (cid:96) and for p . Theorem 61 (Subterm criterion processor).
The processor Proc subcrit thatmaps a DP problem ( P (cid:93) P , R , m, f ) with m (cid:23) minimal to { ( P , R , m, f ) } ifa projection function ν exists such that ν ( (cid:96) ) (cid:3) ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P and ν ( (cid:96) ) = ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P , is sound and complete.Proof (sketch). If the conditions are satisfied, every infinite ( P , R )-chain inducesan infinite (cid:4) · ⇒ ∗R sequence that starts in a strict subterm of t , contradictingminimality unless all but finitely many steps are equality. Since every occurrenceof a pair in P results in a strict (cid:3) step, a tail of the chain lies in P . (cid:117)(cid:116) Example 62.
Using ν ( map (cid:93) ) = 2, Proc subcrit maps the DP problem ( { (1) } , R , computable R , formative ) from Ex. 47 to { ( ∅ , R , computable R , formative ) } .The subterm criterion can be strengthened, following [34,46], to also handleDPs like the one in Ex. 28. Here, we focus on a new idea. For computable chains,we can build on the idea of the subterm criterion to get something more. Theorem 63 (Computable subterm criterion processor).
The processorProc statcrit that maps a DP problem ( P (cid:93) P , R , computable U , f ) to { ( P , R , computable U , f ) } if a projection function ν exists such that ν ( (cid:96) ) (cid:61) ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P and ν ( (cid:96) ) = ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P , is sound and complete.Here, (cid:61) is the relation on base-type terms with s (cid:61) t if s (cid:54) = t and (a) s (cid:4) acc t or (b)a meta-variable Z exists with s (cid:4) acc Z (cid:104) x , . . . , x k (cid:105) and t = Z (cid:104) t , . . . , t k (cid:105) s · · · s n .Proof (sketch). By the conditions, every infinite ( P , R )-chain induces an infinite( (cid:86) C U ∪ ⇒ β ) ∗ · ⇒ ∗R sequence (where C U is defined following Thm. 13). Thiscontradicts computability unless there are only finitely many inequality steps. Aspairs in P give rise to a strict decrease, they may occur only finitely often. (cid:117)(cid:116) Example 64.
Following Ex. 8 and 29, consider the projection function ν with ν ( rec (cid:93) ) = 1. As s X (cid:4) acc X and lim H (cid:4) acc H , both s X (cid:61) X and lim H (cid:61) H M hold. Thus
Proc statc ( P , R , computable R , formative ) = { ( ∅ , R , computable R , formative ) } . By the dependency graph processor, the AFSM is terminating.The computable subterm criterion processor fundamentally relies on the new computable U flag, so it has no counterpart in the literature so far. While (most of) the processors presented so far are complete, none of them canactually return NO . We have not yet implemented such a processor; however, wecan already provide a general specification of a non-termination processor . Theorem 65 (Non-termination processor).
Let M = ( P , R , m, f ) be a DPproblem. The processor that maps M to NO if it determines that a sufficientcriterion for non-termination of ⇒ R or for existence of an infinite conservative ( P , R ) -chain according to the flags m and f holds is sound and complete.Proof. Obvious. (cid:117)(cid:116)
This is a very general processor, which does not tell us how to determine sucha sufficient criterion. However, it allows us to conclude non-termination as partof the framework by identifying a suitable infinite chain.
Example 66.
If we can find a finite ( P , R )-chain [( ρ , s , t ) , . . . , ( ρ n , s n , t n )] with t n = s γ for some substitution γ which uses only conservative DPs, is formative if f = formative and is U -computable if m = computable U , such a chain is clearlya sufficient criterion: there is an infinite chain [( ρ , s , t ) , . . . , ( ρ , s γ, t γ ) , . . . , ( ρ , s γγ, t γγ ) , . . . ]. If m = minimal and we find such a chain that is howevernot minimal, then note that ⇒ R is non-terminating, which also suffices.For example, for a DP problem ( P , R , minimal , all ) with P = { f (cid:93) F X (cid:86) g (cid:93) ( F X ) , g (cid:93) X (cid:86) f (cid:93) h X } , there is a finite dependency chain: [( f (cid:93) F X (cid:86) g (cid:93) ( F X ) , f (cid:93) h x, g (cid:93) ( h x )) , ( g (cid:93) X (cid:86) f (cid:93) h X, g (cid:93) ( h x ) , f (cid:93) h ( h x ))]. As f (cid:93) h ( h x )is an instance of f (cid:93) h x , the processor maps this DP problem to NO .To instantiate Thm. 65, we can borrow non-termination criteria from first-order rewriting [21,42,13], with minor adaptions to the typed setting. Of course, itis worthwhile to also investigate dedicated higher-order non-termination criteria. static higher-order dependency pair framework (extended version) 25 We have built on the static dependency pair approach [6,34,46,33] and formu-lated it in the language of the DP framework from first-order rewriting [20,22].Our formulation is based on AFSMs, a dedicated formalism designed to maketermination proofs transferrable to various higher-order rewriting formalisms.This framework has two important additions over existing higher-order DPapproaches in the literature. First, we consider not only arbitrary and minimallynon-terminating dependency chains, but also minimally non-computable chains;this is tracked by the computable U flag. Using the flag, a dedicated processorallows us to efficiently handle rules like Ex. 8. This flag has no counterpart inthe first-order setting. Second, we have generalised the idea of formative rules in[31] to a notion of formative chains , tracked by a formative flag. This makes itpossible to define a corresponding processor that permanently removes rules. Implementation and experiments.
To provide a strong formal groundwork, wehave presented several processors in a general way, using semantic definitionsof, e.g., the dependency graph approximation and formative rules rather thansyntactic definitions using functions like
TCap [21]. Even so, most parts of theDP framework for AFSMs have been implemented in the open-source terminationprover
WANDA [28], alongside a dynamic DP framework [31] and a mechanism todelegate some ordering constraints to a first-order tool [14]. For reduction triples,polynomial interpretations [15] and a version of HORPO [29, Ch. 5] are used.To solve the constraints arising in the search for these orderings, and also todetermine sort orderings (for the accessibility relation) and projection functions(for the subterm criteria),
WANDA employs an external SAT-solver.
WANDA haswon the higher-order category of the International Termination Competition [50]four times. In the International Confluence Competition [10], the tools
ACPH [40]and
CSIˆho [38] use
WANDA as their “oracle” for termination proofs on HRSs.We have tested
WANDA on the
Termination Problems Data Base [49], using
AProVE [19] and
MiniSat [12] as back-ends. When no additional features areenabled,
WANDA proves termination of 124 (out of 198) benchmarks with staticDPs, versus 92 with only a search for reduction orderings; a 34% increase. Whenall features except static DPs are enabled,
WANDA succeeds on 153 benchmarks,versus 166 with also static DPs; an 8% increase, or alternatively, a 29% decreasein failure rate. The full evaluation is available in Appendix D.
Future work.
While the static and the dynamic DP approaches each havetheir own strengths, there has thus far been little progress on a unified approach,which could take advantage of the syntactic benefits of both styles. We plan tocombine the present work with the ideas of [31] into such a unified DP framework.In addition, we plan to extend the higher-order DP framework to rewritingwith strategies , such as implicit β -normalisation or strategies inspired by functionalprogramming languages like OCaml and Haskell. Other natural directions arededicated automation to detect non-termination, and reducing the number ofterm constraints solved by the reduction triple processor via a tighter integrationwith usable and formative rules with respect to argument filterings. References
1. P. Aczel. A general Church-Rosser theorem. Unpublished Manuscript, Universityof Manchester, 1978.2. T. Arts and J. Giesl. Termination of term rewriting using dependency pairs.
Theoretical Computer Science , 236(1-2):133–178, 2000.3. F. Baader and F. Nipkow.
Term Rewriting and All That . Cambridge UniversityPress, 1998.4. L. Bachmair and H. Ganzinger. Rewrite-based equational theorem proving withselection and simplification.
Journal of Logic and Computation , 4(3):217–247, 1994.5. F. Blanqui. Termination and confluence of higher-order rewrite systems. In
Proc.RTA ’00 , 2000.6. F. Blanqui. Higher-order dependency pairs. In
Proc. WST ’06 , 2006.7. F. Blanqui. Termination of rewrite relations on λ -terms based on Girard’s notionof reducibility. Theoretical Computer Science , 611:50–86, 2016.8. F. Blanqui, J. Jouannaud, and M. Okada. Inductive-data-type systems.
TheoreticalComputer Science , 272(1-2):41–68, 2002.9. F. Blanqui, J. Jouannaud, and A. Rubio. The computability path ordering.
LogicalMethods in Computer Science , 11(4), 2015.10. Community. The international Confluence Competition (CoCo). http://project-coco.uibk.ac.at/ , 2018.11. N. Dershowitz and S. Kaplan. Rewrite, rewrite, rewrite, rewrite, rewrite. In
Proc.POPL ’89 , 1989.12. N. E´en and N. S¨orensson. An extensible SAT-solver. In
Proc. SAT ’03 , pages502–518, 2004. See also http://minisat.se/ .13. F. Emmes, T. Enger, and J. Giesl. Proving non-looping non-termination automat-ically. In
Proc. IJCAR ’12 , 2012.14. C. Fuhs and C. Kop. Harnessing first order termination provers using higher orderdependency pairs. In
Proc. FroCoS ’11 , 2011.15. C. Fuhs and C. Kop. Polynomial interpretations for higher-order rewriting. In
Proc.RTA ’12 , 2012.16. C. Fuhs and C. Kop. First-order formative rules. In
Proc. RTA-TLCA ’14 , 2014.17. C. Fuhs and C. Kop. A static higher-order dependency pair framework. In
Proc. ESOP ’19 , 2019. To appear.18. C. Fuhs, C. Kop, and N. Nishida. Verifying procedural programs via constrainedrewriting induction.
ACM Transactions on Computational Logic , 18(2):14:1–14:50,2017.19. J. Giesl, C. Aschermann, M. Brockschmidt, F. Emmes, F. Frohn, C. Fuhs, J. Hensel,C. Otto, M. Pl¨ucker, P. Schneider-Kamp, T. Str¨oder, S. Swiderski, and R. Thiemann.Analyzing program termination and complexity automatically with
AProVE . Journalof Automated Reasoning , 58(1):3–31, 2017.20. J. Giesl, R. Thiemann, and P. Schneider-Kamp. The dependency pair framework:Combining techniques for automated termination proofs. In
Proc. LPAR ’04 , 2005.21. J. Giesl, R. Thiemann, and P. Schneider-Kamp. Proving and disproving terminationof higher-order functions. In
Proc. FroCoS ’05 , 2005.22. J. Giesl, R. Thiemann, P. Schneider-Kamp, and S. Falke. Mechanizing and improvingdependency pairs.
Journal of Automated Reasoning , 37(3):155–203, 2006.23. F. Haftmann and T. Nipkow. Code generation via higher-order rewrite systems. In
Proc. FLOPS ’10 , 2010. static higher-order dependency pair framework (extended version) 2724. N. Hirokawa and A. Middeldorp. Tyrolean termination tool: Techniques and features.
Information and Computation , 205(4):474–511, 2007.25. J. C. Hoe and Arvind. Hardware synthesis from term rewriting systems. In
Proc.VLSI ’99 , 1999.26. J. Jouannaud and A. Rubio. The higher-order recursive path ordering. In
Proc.LICS ’99 , 1999.27. J. Klop, V. v. Oostrom, and F. v. Raamsdonk. Combinatory reduction systems:introduction and survey.
Theoretical Computer Science , 121(1-2):279–308, 1993.28. C. Kop. WANDA – a higher-order termination tool. http://wandahot.sourceforge.net/ .29. C. Kop.
Higher Order Termination . PhD thesis, VU Amsterdam, 2012.30. C. Kop and F. v. Raamsdonk. Higher order dependency pairs for algebraic functionalsystems. In
Proc. RTA ’11 , 2011.31. C. Kop and F. v. Raamsdonk. Dynamic dependency pairs for algebraic functionalsystems.
Logical Methods in Computer Science , 8(2):10:1–10:51, 2012.32. K. Kusakari. Static dependency pair method in rewriting systems for functionalprograms with product, algebraic data, and ML-polymorphic types.
IEICE Trans-actions , 96-D(3):472–480, 2013.33. K. Kusakari. Static dependency pair method in functional programs.
IEICETransactions on Information and Systems , E101.D(6):1491–1502, 2018.34. K. Kusakari, Y. Isogai, M. Sakai, and F. Blanqui. Static dependency pair methodbased on strong computability for higher-order rewrite systems.
IEICE Transactionson Information and Systems , 92(10):2007–2015, 2009.35. K. Kusakari, M. Nakamura, and Y. Toyama. Argument filtering transformation. In
Proc. PPDP ’99 , 1999.36. C. A. Meadows. Applying formal methods to the analysis of a key managementprotocol.
Journal of Computer Security , 1(1):5–36, 1992.37. D. Miller. A logic programming language with lambda-abstraction, function vari-ables, and simple unification.
Journal of Logic and Computation , 1(4):497–536,1991.38. J. Nagele. CoCo 2018 participant: CSIˆho 0.2. http://project-coco.uibk.ac.at/2018/papers/csiho.pdf , 2018.39. T. Nipkow. Higher-order critical pairs. In
Proc. LICS ’91 , 1991.40. K. Onozawa, K. Kikuchi, T. Aoto, and Y. Toyama. ACPH: System description forCoCo 2017. http://project-coco.uibk.ac.at/2017/papers/acph.pdf , 2017.41. C. Otto, M. Brockschmidt, C. v. Essen, and J. Giesl. Automated terminationanalysis of Java Bytecode by term rewriting. In
Proc. RTA ’10 , 2010.42. ´E. Payet. Loop detection in term rewriting using the eliminating unfoldings.
Theoretical Computer Science , 403(2-3):307–327, 2008.43. J. v. d. Pol.
Termination of Higher-order Rewrite Systems . PhD thesis, Universityof Utrecht, 1996.44. M. Sakai and K. Kusakari. On dependency pair method for proving termination ofhigher-order rewrite systems.
IEICE Transactions on Information and Systems ,E88-D(3):583–593, 2005.45. M. Sakai, Y. Watanabe, and T. Sakabe. An extension of the dependency pair methodfor proving termination of higher-order rewrite systems.
IEICE Transactions onInformation and Systems , E84-D(8):1025–1032, 2001.46. S. Suzuki, K. Kusakari, and F. Blanqui. Argument filterings and usable rules inhigher-order rewrite systems.
IPSJ Transactions on Programming , 4(2):1–12, 2011.47. W. Tait. Intensional interpretation of functionals of finite type.
Journal of SymbolicLogic , 32(2):187–199, 1967.8 Carsten Fuhs and Cynthia Kop48. Terese.
Term Rewriting Systems , volume 55 of
Cambridge Tracts in TheoreticalComputer Science . Cambridge University Press, 2003.49. Wiki. Termination Problems DataBase (tpdb). http://termination-portal.org/wiki/TPDB .50. Wiki. The International Termination Competition (TermComp). http://termination-portal.org/wiki/Termination_Competition , 2018. static higher-order dependency pair framework (extended version) 29 – APPENDIX –
This appendix contains detailed proofs for all results in the paper. Proofs inhigher-order rewriting are typically intricate and subject to errors in the smalldetails, so we have strived to be very precise. However, aside from Appendix A(which is simply an adaptation of an existing technique to the present setting),the main idea of all proofs is captured by the proof sketches in the paper.In addition, Appendix D presents an experimental evaluation that considersthe power of the techniques in this paper on the termination problem database [49].
A Computability: the set C In this appendix, we prove Thm. 13: the existence of an RC-set C that providesan accessibility relation (cid:4) acc that preserves computability, and a base-typeaccessibility step (cid:86) C that preserves both computability and termination.As we have said before, V and F contain infinitely many symbols of all types.We will use this to select variables or constructor symbol of any given typewithout further explanation.These proofs do not require that computability is considered with respect toa rewrite relation: other relations (such as recursive path orderings) may be usedas well. To make this explicit, we will use an alternative relation symbol, (cid:61) .The proofs here consider a computability notion over the set T ( F , V ) ofterms without restrictions. However, they could easily be extended to subsetsof a different set of terms T , provided T is closed under ⇒ R . This could forinstance be used to obtain a computability result for terms that satisfy certainarity restrictions. To make this generality clear, each quantification over terms isexplicitly marked with T ( F , V ).Note: a more extensive discussion of computability can be found in [7]. Ournotion of accessibility largely corresponds to membership of the computabilityclosure defined there (although not completely). A.1 Definitions and main computability resultDefinition 67.
In Appendix A, (cid:61) is assumed to be a given relation on terms ofthe same type, with respect to which we consider computability. We require that: – (cid:61) is monotonic (that is, s (cid:61) t implies that s u (cid:61) t u and u s (cid:61) u t and λx.s (cid:61) λx.t ); – for all variables x : x s · · · s n (cid:61) t implies that t has the form x s · · · s (cid:48) i · · · s n with s i (cid:61) s (cid:48) i ; – if s ⇒ ∗ head β u and s (cid:61) t , then there exists v such that u (cid:61) ∗ v and t ⇒ ∗ head β v ;here, ⇒ head β is the relation generated by the step ( λx.u ) v w · · · w n ⇒ head β u [ x := v ] w · · · w n ; – if t is the head β -normal form of s , then s (cid:61) ∗ t .We call a term neutral if it has the form x s · · · s n or ( λx.u ) s · · · s n . The generality obtained by imposing only the minimal requirements on (cid:61) is not needed in the current paper (where we only consider computability withrespect to a rewrite relation), but could be used to extend the method to otherdomains. First note:
Lemma 68.
A rewrite relation ⇒ R satisfies the requirements of (cid:61) stated inDef. 67.Proof. Clearly ⇒ R is monotonic, applications with a variable at the head cannotbe reduced at the head, and moreover ⇒ R includes ⇒ head β .The third property we prove by induction on s with ⇒ β , using ⇒ ∗R insteadof ⇒ R for a stronger induction hypothesis. If s = u , then we are done choosing v := t . Otherwise we can write s = ( λx.q ) w w · · · w n and s ⇒ head β s (cid:48) := q [ x := w ] w · · · w n , and s (cid:48) ⇒ ∗ head β u . If the reduction s ⇒ ∗R t does not take any headsteps, then t = ( λx.q (cid:48) ) w (cid:48) w (cid:48) · · · w (cid:48) n ⇒ ∗ head β q (cid:48) [ x := w (cid:48) ] w (cid:48) · · · w (cid:48) n =: v and indeed u ⇒ ∗R v by monotonicity. Otherwise, by the same argument we cansafely assume that the head step is done first, so s (cid:48) ⇒ ∗R t ; we complete by theinduction hypothesis. (cid:117)(cid:116) Recall Def. 10 from the text.
Definition 10 (with (cid:61) rather than ⇒ R ). A set of reducibility candidates ,or RC-set , for a relation (cid:61) as in Def. 67 is a set I of base-type terms s ∈ T ( F , V ) such that: – every term in I is terminating under (cid:61) – I is closed under (cid:61) (so if s ∈ I and s (cid:61) t then t ∈ I ) – if s ∈ T ( F , V ) is neutral, and for all t with s (cid:61) t we have t ∈ I , then s ∈ I We define I -computability for an RC-set I by induction on types; for s ∈ T ( F , V ) we say s is I -computable if: – s : ι for some ι ∈ S and s ∈ I ( ι ∈ S ) – s : σ → τ and for all terms t : σ ∈ T ( F , V ) that are I -computable, s t is I -computable For ι a sort and I an RC-set, we will write I ( ι ) = { s ∈ I | s : ι } .Let us illustrate Def. 10 with two examples: Lemma 69.
The set SN of all terminating base-type terms in T ( F , V ) is anRC-set. The set MIN of all terminating base-type terms in T ( F , V ) whose head β -normal form can be written x s · · · s m with x ∈ V is also an RC-set.Proof. It is easy to verify that the requirements hold for SN . For MIN , clearlytermination holds. If s ∈ MIN , then s ⇒ ∗ head β x s · · · s m =: s (cid:48) , so for any t with s (cid:61) ∗ t the assumptions on (cid:61) provide that t ⇒ ∗ head β v for some (cid:61) ∗ -reduct of static higher-order dependency pair framework (extended version) 31 s (cid:48) , which can only have the form x t · · · t m . Finally, we prove that a neutralterm s ∈ T ( F , V ) is in MIN if all its (cid:61) + -reducts are, by induction on s with ⇒ β (this suffices because we have already seen that MIN is closed under (cid:61) ). If s = x s · · · s m then it is included in MIN if it is terminating, which is the case ifall its reducts are terminating, which is certainly the case if they are in
MIN . If s = ( λx.u ) v w · · · w m then it is included if (a) all its reducts are terminating(which is satisfied if they are in MIN ), and (b) the head β -normal form s (cid:48) of s hasthe right form, which holds because s (cid:61) + s (cid:48) (as ⇒ head β is included in (cid:61) ) andtherefore s (cid:48) ∈ MIN by assumption. (cid:117)(cid:116)
In fact, we have that
MIN ⊆ I ⊆ SN for all RC-sets I . The latter inclusion isobvious by the termination requirement in the definition of RC-sets. The formerinclusion follows easily: Lemma 70.
For all RC-sets I , MIN ⊆ I .Proof. We prove by induction on (cid:61) that all elements of
MIN are also in I . It iseasy to see that if s ∈ MIN then s is neutral. Therefore, s ∈ I if t ∈ I whenever s (cid:61) t . But since MIN is closed by Lemma 69, each such t is in MIN , so also in I by the induction hypothesis. (cid:117)(cid:116) Aside from minimality of
MIN , Lemma 70 actually provides I -computabilityof all variables, regardless of I . We prove this alongside termination of all I -computable terms. Lemma 71.
Let I be an RC-set. The following statements hold for all types σ :1. all variables x : σ are I -computable2. all I -computable terms s : σ are terminating (w.r.t. (cid:61) )Proof. By a mutual induction on the form of σ , which we may safely write σ → . . . → σ m → ι (with m ≥ ι ∈ S ).(1) By definition of I -computability, x : σ is computable if and only if x s · · · s m ∈ I for all I -computable terms s : σ , . . . , s m : σ m in T ( F , V ).However, as all σ i are smaller types, we know that such terms s i are terminating,so Lemma 70 gives the required result.(2) Let x : σ , . . . , x m : σ m be variables; by the induction hypothesis theyare computable, and therefore s x · · · x m is in I and therefore terminating. Thenthe head, s , cannot itself be non-terminating (by monotonicity of (cid:61) ). (cid:117)(cid:116) While SN is indisputably the easiest RC-set to define and work with, it willbe beneficial for the strength of the method to consider a set strictly between MIN and SN . To this end, we assume given an ordering on types, and a functionmapping each function symbol f to a set Acc ( f ) of arguments positions. Here,we deviate from the text by not fixing Acc ; again, this generality is not neededfor the current paper, but is done with an eye on future extensions.
Definition 72 (Generalisation of Def. 11).
Assume given a quasi-ordering (cid:23) S on S whose strict part (cid:31) S := (cid:23) S \ (cid:22) S is well-founded. Let ≈ S denote thecorresponding equivalence relation ≈ S := (cid:23) S ∩ (cid:22) S .For a type σ ≡ σ → . . . → σ m → κ (with κ ∈ S ) and sort ι , we write ι (cid:23) S + σ if ι (cid:23) S κ and ι (cid:31) S− σ i for each i , and we write ι (cid:31) S− σ if ι (cid:31) S κ and ι (cid:23) S + σ i for each i .For f : σ → . . . → σ m → ι we assume given a set Acc ( f ) ⊆ { i | ≤ i ≤ m ∧ ι (cid:23) S + σ i } . For x : σ → . . . → σ m → ι ∈ V , we write Acc ( x ) = { i | ≤ i ≤ m ∧ σ i = τ → . . . → τ n → κ ∧ ι (cid:23) S κ } . We write s (cid:4) acc t if either s = t , or s = λx.s (cid:48) and s (cid:48) (cid:4) acc t , or s = a s · · · s n with a ∈ F ∪ V and s i (cid:4) acc t for some i ∈ Acc ( a ) with a / ∈ FV ( s i ) .Remark: This definition of the accessibility relations deviates from, e.g., [9] byusing a pair of relations ( (cid:23) S + and (cid:31) S− ) rather than positive and negative positions.This is not an important difference, but simply a matter of personal preference;using a pair of relations avoids the need to discuss type positions in the text,allowing for a shorter presentation. It is also not common to allow a choice in Acc ( f ), but rather to fix Acc ( f ) = { σ i | ≤ i ≤ m ∧ ι (cid:23) S + σ } for some symbols(for instance constructors) and Acc ( f ) = ∅ for the rest. We elected to leave thechoice open for greater generality.The interplay of the positive and negative relations (cid:23) S + and (cid:31) S− leads to animportant result on RC-sets. Lemma 73.
Fix a sort ι ∈ S . Suppose I, J are RC-sets such that I ( κ ) = J ( κ ) for all κ with ι (cid:31) S κ and I ( κ ) ⊆ J ( κ ) if ι ≈ S κ . Let s : σ . Then we have: – If ι (cid:23) S + σ , then if s is I -computable also s is J -computable. – If ι (cid:31) S− σ , then if s is J -computable also s is I -computable.Proof. We prove both statements together by a shared induction on the form of σ . We can always write σ ≡ σ → . . . → σ m → κ with κ ∈ S .First suppose ι (cid:23) S + σ ; then ι (cid:23) S κ – so I ( κ ) ⊆ J ( κ ) – and each ι (cid:31) S− σ i .Assume that s is I -computable; we must show that it is J -computable, so that forall J -computable t : σ , . . . , t m : σ m we have: s t · · · t m ∈ J . However, by theinduction hypothesis each t i is also I -computable, so s t · · · t m ∈ I ( κ ) ⊆ J ( κ )by the assumption.For the second statement, suppose ι (cid:31) S− σ ; then ι (cid:31) S κ , so I ( κ ) = J ( κ ).Assume that s is J -computable; I -computability follows if s t · · · t m ∈ I ( κ ) = J ( κ ) whenever t , . . . , t m are I -computable. By the induction hypothesis theyare J -computable, so this holds by assumption. (cid:117)(cid:116) The RC-set C whose existence is asserted below offers computability with anotion of accessibility. It is worth noting that this is not a standard definition,but is designed to provide an additional relationship (cid:86) I that is terminating oncomputable terms. This relation will be useful in termination proofs using staticDPs. static higher-order dependency pair framework (extended version) 33 Theorem 74.
Let (cid:86) I be the relation on base-type terms where f s · · · s m (cid:86) I s i t · · · t n whenever i ∈ Acc ( f ) and s i : σ → . . . → σ n → ι and each t j is I -computable.There exists an RC-set C such that C = { s ∈ T ( F , V ) | s has base type ∧ s is terminating under (cid:61) ∪ (cid:86) C and if s (cid:61) ∗ f s · · · s m then s i is C -computable forall i ∈ Acc ( f ) } .Proof. We will define, by well-founded induction on ι using (cid:23) S , a set A ι of termsas follows.Assume A κ has already been defined for all κ with ι (cid:31) S κ , and let X ι be the set of RC-sets I such that I ( κ ) = A κ whenever ι (cid:31) S κ . We observethat X ι is a complete lattice with respect to ⊆ : defining the bottom element (cid:116)∅ := (cid:83) { A κ | ι (cid:31) S κ } ∪ MIN and the top element (cid:117)∅ := (cid:83) { A κ | ι (cid:31) S κ } ∪ (cid:83) { SN ( κ ) | ¬ ( ι (cid:31) S κ ) } , and letting (cid:116) Z := (cid:83) Z, (cid:117) Z := (cid:84) Z for non-empty Z , it iseasily checked that (cid:117) and (cid:116) give a greatest lower and least upper bound within X ι respectively. Now for an RC-set I ∈ X ι , we let: F ι ( I ) = { s ∈ I | s : κ (cid:54)≈ S ι }∪ { s ∈ T ( F , V ) | s : κ ≈ S ι ∧ s is terminatingunder (cid:61) ∪ (cid:86) I ∧ if s (cid:61) ∗ f s · · · s m for a symbol f ∈ F then ∀ i ∈ Acc ( f ) : s i is I -computable] } Clearly, F ι maps elements of X ι to X ι : terms of type κ (cid:54)≈ S ι are left alone,and F ι ( I ) satisfies the properties to be an RC-set. Moreover, F ι is monotone. Tosee this, let I, J ∈ X ι such that I ⊆ J ; we must see that F ι ( I ) ⊆ F ι ( J ). To thisend, let s ∈ F ι ( I ); we will see that also s ∈ F ι ( J ). This is immediate if s : κ (cid:54)≈ S ι ,as membership in X ι guarantees that F ι ( I )( κ ) = I ( κ ) ⊆ J ( κ ) = F ι ( J )( κ ). Soassume s : κ ≈ S ι . We must see two things: – s is terminating under (cid:61) ∪ (cid:86) J . We show that (cid:61) ∪ (cid:86) J ⊆ (cid:61) ∪ (cid:86) I ; as s isterminating in the latter, the requirement follows. Clearly (cid:61) ⊆ (cid:61) ∪ (cid:86) I , soassume s (cid:86) J s (cid:48) . Then s = f t · · · t m and s (cid:48) = t i u · · · u n for i ∈ Acc ( f ) and J -computable u , . . . , u n . We can write t i : σ → . . . → σ n → κ and since i ∈ Acc ( f ) we have ι (cid:23) S κ and ι (cid:31) S− σ j for each j . By Lemma 73 then each u j is also I -computable, so also s (cid:86) I s . – If s (cid:61) ∗ f s · · · s m for some symbol f then for all i ∈ Acc ( f ): s i is J -computable. But this is obvious: as s ∈ F ι ( I ), we know that such s i are I -computable, and since ι (cid:23) S + σ i for i ∈ Acc ( f ), Lemma 73 provides J -computability.Thus, F is a monotone function on a complete lattice; by Tarski’s fixpoint theoremthere is a fixpoint, so an RC-set I such that for all sorts κ : – if ι (cid:31) S κ then I ( κ ) = A κ ; – if ι ≈ S κ then I ( κ ) = { s ∈ T ( F , V ) | s : κ ∧ s is terminating under (cid:61) ∪ (cid:86) I ∧ if s (cid:61) ∗ f s · · · s m for a symbol f then ∀ i ∈ Acc ( f ) : s i is I -computable } We define A κ := I ( κ ) for all κ ≈ S ι .Now we let C := (cid:83) ι ∈S A ι . Clearly, C satisfies the given requirement. (cid:117)(cid:116) Thm. 74 easily gives the proof of Thm. 13 in the text:
Proof (Proof of Thm. 13).
Thm. 13 follows by taking ⇒ R for (cid:61) (which satisfiesthe requirements by Lemma 68) and taking for each Acc ( f ) the maximum set { i | ≤ i ≤ m ∧ ι (cid:23) S + σ i } . (cid:117)(cid:116) A.2 Additional properties of computable terms
For reasoning about computable terms (as we will do when defining static DPsand reasoning about computable chains), there are a number of properties besidesthose in Lemma 71 that will prove very useful to have. In the following, we fixthe RC-set C as obtained from Thm. 74. Lemma 75. If s is C -computable and s (cid:61) t , then t is also C -computable. (This actually holds for any RC-set, but we will only use it for C .) Proof.
By induction on the type of s . If s has base type, then C -computabilityimplies that s ∈ C , and because C is an RC-set all reducts of s are also in C .Otherwise, s : σ → τ and computability of s implies computability of s u forall computable u : σ . By the induction hypothesis, the fact that s u (cid:61) t u bymonotonicity of (cid:61) implies that t u is computable for all computable u , andtherefore by definition t is computable. (cid:117)(cid:116) Thus, computability is preserved under (cid:61) ; the following result shows that itis also preserved under (cid:86) C . Lemma 76. If s is C -computable and s (cid:86) C t , then t is also C -computable.Proof. If s (cid:86) C t , then both terms have base type, so C -computability is simplymembership in C . We have s = f s · · · s m and t = s i t · · · t n with each t j C -computable. Since, by definition of C , also s i is C -computable, C -computabilityof t immediately follows. (cid:117)(cid:116) Finally, we will see that C -computability is also preserved under (cid:4) acc . Forthis, we first make a more general statement, which will also handle variablesbelow binders (which are freed in subterms). Lemma 77.
Let s : σ → . . . → σ m → ι and t : τ → . . . → τ n → κ be meta-terms, such that s (cid:4) acc t . Let γ be a substitution with FMV ( s ) ⊆ dom ( γ ) ⊆ M .Let u : τ , . . . , u n : τ n be C -computable terms, and δ a substitution with dom ( δ ) ⊆ V such that each δ ( x ) is C -computable, and for t (cid:48) := ( t ( γ ∪ δ )) u · · · u n there is no overlap between FV ( t (cid:48) ) and the variables bound in s .Then there exist a C -computable substitution ξ with dom ( ξ ) ⊆ V and C -computable terms v : σ , . . . , v m : σ m such that we have ( s ( γ ∪ ξ )) v · · · v m ( (cid:86) C ∪ ⇒ head β ) ∗ t (cid:48) . static higher-order dependency pair framework (extended version) 35 Proof.
We prove the lemma by induction on the derivation of s (cid:4) acc t ; in this,we can assume (by α -conversion) that variables that occur bound in s do notalso occur free or occur in γ .If s = t , then we are done choosing ξ and v equal to δ and u .If s = λx.s (cid:48) with x : σ and s (cid:48) (cid:4) acc t , then by the assumption based on α -conversion above, x does not occur free in s or in the range of γ . By theinduction hypothesis, there exist a computable substitution ξ (cid:48) and computableterms v , . . . , v m such that ( s (cid:48) ( γ ∪ ξ (cid:48) )) v · · · v m ( (cid:86) C ∪ ⇒ head β ) ∗ t (cid:48) . We can safelyassume that x does not occur in the range of ξ (cid:48) , since x does not occur in t (cid:48) either (if x does occur, we can replace it by a different variable). Therefore, ifwe define ξ := [ x := x ] ∪ [ y := ξ (cid:48) ( y ) | y ∈ V ∧ y (cid:54) = x ], we have s (cid:48) ( γ ∪ ξ (cid:48) ) =( s (cid:48) ( γ ∪ ξ ))[ x := ξ (cid:48) ( x )]. Choosing v := ξ (cid:48) ( x ), we get ( s ( γ ∪ ξ )) v · · · v m ⇒ head β ( s (cid:48) ( γ ∪ ξ (cid:48) )) v · · · v m ( (cid:86) C ∪ ⇒ head β ) ∗ t (cid:48) .If s = x s · · · s j for s i : π → . . . → π n (cid:48) → κ (cid:48) with ι (cid:23) S κ (cid:48) and x / ∈ FV ( s i )and s i (cid:4) acc t , then the induction hypothesis provides C -computable terms w : π , . . . , w n (cid:48) : π n (cid:48) and a substitution ξ (cid:48) such that ( s i ( γ ∪ ξ (cid:48) )) w · · · w n (cid:48) ( (cid:86) C ∪ ⇒ head β ) ∗ t (cid:48) . Since x / ∈ FV ( s i ) by definition of (cid:4) acc , we can safely assume that x / ∈ dom ( ξ (cid:48) ). Now recall that by assumption F contains infinitely many construct-ors of all types; let c : κ → ι be a symbol that does not occur anywhere in R . Wecan safely assume that Acc ( c ) = { } . Then w := λy . . . y j z . . . z m . c ( y i w · · · w n (cid:48) )is C -computable. Now let ξ := [ x := w ] ∪ [ y := ξ (cid:48) ( y ) | y ∈ V ∧ y (cid:54) = x ], andlet v , . . . , v m be variables (which are C -computable by Lemma 71(1)). Then( s ( γ ∪ ξ )) v · · · v m ⇒ j + m head β s i ( γ ∪ ξ (cid:48) ) w · · · w (cid:48) n ( (cid:86) C ∪ ⇒ head β ) ∗ t (cid:48) .Otherwise, s = f s · · · s n and s i (cid:4) acc t for some i ∈ Acc ( f ); by the inductionhypothesis there exist ξ and C -computable terms w , . . . , w n (cid:48) such that s (cid:48) :=( s i ( γ ∪ ξ )) w · · · w n (cid:48) ( (cid:86) C ∪ ⇒ head β ) ∗ t (cid:48) . We have ( s ( γ ∪ ξ )) v · · · v m (cid:86) C s (cid:48) forany v (e.g., variables). (cid:117)(cid:116) From this we conclude:
Lemma 78.
Let s be a closed meta-term, γ a substitution with FMV ( s ) ⊆ dom ( γ ) ⊆ M and t such that s (cid:4) acc t and sγ is C -computable. Then for allsubstitutions δ mapping FV ( t ) to computable terms: t ( γ ∪ δ ) is C -computable.Proof. t ( γ ∪ δ ) is C -computable if ( t ( γ ∪ δ )) u · · · u n is C -computable for allcomputable u , . . . , u n . By Lemma 77 and the fact that s is closed, there exist C -computable terms v , . . . , v m such that ( sγ ) v · · · v m ( (cid:86) C ∪ ⇒ head β ) ∗ ( t ( γ ∪ δ )) u · · · u n . But sγ is C -computable, and therefore so is ( sγ ) v · · · v m . Since (cid:86) C and ⇒ head β are both computability-preserving by Lemmas 76 and 75 respectively(as ⇒ head β is included in (cid:61) ) we are done. (cid:117)(cid:116) Lemma 79.
A neutral term is C -computable if and only if all its (cid:61) -reducts are C -computable.Proof. That C -computability of a term implies C -computability of its reducts isgiven by Lemma 75. For the other direction, let s : σ → . . . → σ m → ι be neutraland suppose that all its reducts are C -computable. To prove that also s is C -computable, we must see that for all C -computable terms t : σ , . . . , t m : σ m the term u := s t · · · t m is in C . We prove this by induction on ( t , . . . , t m ) orderedby (cid:61) prod . Clearly, since s does not have the form f s · · · s n with Acc ( f ) (cid:54) = ∅ , nordoes u , so u ∈ C if all its reducts are in C . But since s is neutral, all reducts of u either have the form s (cid:48) t · · · t m with s (cid:61) s (cid:48) – which is in C because all t i are C -computable and s (cid:48) is computable as a reduct of s – or the form s t · · · t (cid:48) i · · · t m with t i (cid:61) t (cid:48) i – which is in C by the induction hypothesis. (cid:117)(cid:116) Using the ⇒ head β -restrictions on (cid:61) , we obtain the following result: Lemma 80.
Let x : σ ∈ V . A term λx.s ∈ T ( F , V ) is C -computable if and onlyif s [ x := t ] is computable for all C -computable t : σ .Proof. If λx.s is C -computable, then by definition so is ( λx.s ) t for all C -computable t ; by Lemma 75 and inclusion of ⇒ head β in (cid:61) , this implies C -computability of the reducts s [ x := t ].For the other direction, suppose s [ x := t ] is C -computable for all C -computable t : σ . To obtain C -computability of λx.s , we must see that ( λx.s ) t is C -computable for all C -computable t : σ . As ( λx.s ) t is neutral, this holds ifall its (cid:61) -reducts u are C -computable by Lemma 79, and certainly if all its (cid:61) + -reducts are C -computable, which we prove by induction on u oriented with (cid:61) . Butby definition of (cid:61) (and induction on the derivation ( λx.s ) t (cid:61) + u ) there existsa term v such that s [ x := t ] (cid:61) ∗ v and u ⇒ ∗ head β v . If u = v , we thus obtain therequired property, and if u ⇒ + head β v , then u is neutral and hence is C -computableif all its (cid:61) -reducts are, which is the case by the induction hypothesis. (cid:117)(cid:116) B Static dependency pairs
In this appendix, we will first prove the main result from §
4: Thm. 37. Then, wewill prove the “inverse” result, Thm. 34. Finally, to provide a greater contextto the current work, we will discuss how the definitions in [34,46] relate to thedefinitions here.
B.1 Static dependency pairs: the main result
To start, we prove Thm. 37, which states that a properly applied, accessiblefunction passing AFSM with rules R is terminating if it admits no R -computableformative ( SDP ( R ) , R )-dependency chains. Thm. 32, which states that an AFSMis terminating if it admits no ( SDP ( R ) , R )-dependency chains, follows as acorollary.In the following, let C = C R be a computability predicate following Def. 74for (cid:61) the rewrite relation ⇒ R . We will briefly call a term “computable” if it is C -computable.Henceforth, we will assume without explicitly stating it that ( F , R ) is properlyapplied, so we can speak of minar ( f ) without disclaimers; we let minar ( f ) = 0 for f / ∈ D . We start with an observation on the consequences of accessible functionpassingness: static higher-order dependency pair framework (extended version) 37 Lemma 81.
Let (cid:96) be a closed pattern, Z a meta-variable and x , . . . , x k variablessuch that (cid:96) (cid:4) acc Z (cid:104) x , . . . , x k (cid:105) . If (cid:96)γ is a computable term, then so is γ ( Z ) .Proof. Since (cid:96) is closed, (cid:96) ( γ ∪ δ ) = (cid:96)γ is computable for all computable substitu-tions δ whose domain is contained in V . By Lemma 78, we thus have computabilityof Z (cid:104) x , . . . , x k (cid:105) ( γ ∪ δ ) for all such δ . Since (cid:96)γ is a term, Z ∈ dom ( γ ) so we caneither write γ ( Z ) = λx . . . x k .s or γ ( Z ) = λx . . . x i .s (cid:48) with i < k and s (cid:48) not anabstraction.In the first case, if we let δ := [ x := u , . . . , x k := u k ] for computable terms u , . . . , u k we have computability of Z (cid:104) x , . . . , x k (cid:105) ( γ ∪ δ ) = s [ x := u , . . . , x k := u k ]. Since this holds for all computable u , . . . , u k , Lemma 80 provides computab-ility of λx . . . x k .s = γ ( Z ). In the second case, the same substitution δ providescomputability of s (cid:48) [ x := u , . . . , x i := u i ] u i +1 · · · u n which (since this holds for any u i +1 , . . . , u n ) implies computability of s (cid:48) [ x := u , . . . , x i := u i ], and this inturn implies computability of γ ( Z ) as before. (cid:117)(cid:116) Thus, computability of the left-hand side of an instantiated DP impliescomputability of all instantiated meta-variables. To transfer this property to theright-hand side of the instantiated pair, we have a closer look at the relation (cid:4) A .In the following, we say that a meta-term s respects minar if s (cid:4) β f t · · · t n implies n ≥ minar ( f ). Lemma 82.
Let s be a meta-term that respects minar and γ a substitution on afinite domain with FMV ( s ) ⊆ dom ( γ ) ⊆ M , such that all γ ( Z ) are computable. Ifthere exists a computable substitution δ on a variable domain (that is, dom ( γ ) ⊆ V )such that s ( γ ∪ δ ) is not computable, then there exists a pair t ( A ) ∈ cand ( s ) suchthat all of the following hold: – there is a computable substitution δ on variable domain such that t ( γ ∪ δ ) isnot computable; – γ respects A ; – for all t (cid:48) (cid:54) = t such that t (cid:4) B t (cid:48) holds for some B respected by γ : t (cid:48) ( γ ∪ δ ) iscomputable for all computable substitutions δ on variable domain.Proof. Let S be the set of all pairs t ( A ) such that (a) s (cid:4) A t , (b) there exists acomputable substitution δ on variable domain such that t ( γ ∪ δ ) is not computable,and (c) γ respects A . This set is non-empty, as it contains { s ( ∅ ) } . As the relations (cid:4) β and ⊇ are both well-founded quasi-orderings (the latter on finite sets), we canselect a pair t ( A ) that is, in a sense, minimal in S : for all t (cid:48) ( A (cid:48) ) ∈ S : if t (cid:4) β t (cid:48) then t = t (cid:48) and not A (cid:48) (cid:40) A (it is possible that A and A (cid:48) are incomparable). Weobserve that for all t (cid:48) , B such that t (cid:48) (cid:54) = t and t (cid:4) B t (cid:48) and γ respects B we cannothave t (cid:48) ( A ∪ B ) ∈ S by minimality of t ( A ), so since s (cid:4) A ∪ B t (cid:4) A ∪ B t (cid:48) and clearly γ respects A ∪ B , it can only follow that requirement (b) is not satisfied for t (cid:48) .Now suppose that t has the form f t · · · t n . Then by the above reasoning, all t i ( γ ∪ δ ) are computable, and by definition of “ s respects minar ” we know that n ≥ k := minar ( f ). Thus, ( f t · · · t k )( γ ∪ δ ) is not computable (since otherwise t ( γ ∪ δ ) would be computable), and by definition of S as a set of BRSMTs of s (and minimality of A ) we have f t · · · t k ( A ) ∈ cand ( s ). By minimality of t in S ,we see that f t · · · t k ( A ) satisfies all the requirements for the lemma to hold.Thus, if t has the form f t · · · t n , we are done; towards a contradiction wewill show that if t does not have this form, then t ( A ) is not minimal.Consider the form of t : – t = λx.t (cid:48) : by Lemma 80, non-computability of t ( γ ∪ δ ) implies non-computabi-lity of t (cid:48) ( γ ∪ δ )[ x := u ] for some computable u . Since, by α -conversion, wecan assume that x does not occur in domain or range of γ or δ , we havenon-computability of t (cid:48) ( γ ∪ δ ∪ [ x := u ]), and δ ∪ [ x := u ] is a computablesubstitution on variable domain while t (cid:4) A t (cid:48) . – t = x t · · · t n with x ∈ V : whether x ∈ dom ( δ ) or not, δ ( x ) is computable(either by the assumption on δ or by Lemma 71(1)). Therefore, the only wayfor t ( γ ∪ δ ) to not be computable is if some s i ( γ ∪ δ ) is not computable, and s (cid:4) A s i . – t = c t · · · t n with c ∈ F \ D : t ( γ ∪ δ ) is non-computable only if there existcomputable terms u n +1 , . . . , u m such that the term c t · · · t n u n +1 · · · u m of base type is not in C . This can only be the case if it is non-terminatingor some t i ( γ ∪ δ ) is not computable. Since head-reductions are impossible,non-termination implies non-termination of some t i ( γ ∪ δ ) or u j , whichby Lemma 71(2) implies non-computability; as all u j are computable byassumption, this means some t i ( γ ∪ δ ) is non-computable. We are donebecause t (cid:4) A t i . – t = f t · · · t n with f ∈ D but n < arity ( f ): same as above, because terms ofthis form cannot be reduced at the head (or the root). – t = ( λx.u ) t · · · t n : t ( γ ∪ δ ) is neutral, so by Lemma 79 non-computabilityimplies the non-computability of a reduct. If the reduct u ( γ ∪ δ )[ x := t ( γ ∪ δ )] ( t ( γ ∪ δ )) · · · ( t n ( γ ∪ δ )) = ( u [ x := t ] t · · · t n )( γ ∪ δ ) is non-computable, weare done because t (cid:4) A u [ x := t ] t · · · t n . Otherwise, note that all many-stepreducts of t ( γ ∪ δ ) are either also a reduct of ( u [ x := t ] t · · · t n )( γ ∪ δ ) – andtherefore computable – or have the form ( λx.u (cid:48) ) t (cid:48) · · · t (cid:48) n with u ( γ ∪ δ ) ⇒ ∗R u (cid:48) and each t i ( γ ∪ δ ) ⇒ ∗R t (cid:48) i . Thus, at least one of u ( γ ∪ δ ) or t i ( γ ∪ δ ) has to benon-terminating. But if u ( γ ∪ δ ) is non-terminating, then so is u [ x := u (cid:48) ]( γ ∪ δ ),contradicting computability of ( u [ x := t ] t · · · t n )( γ ∪ δ ). The same holds if t i ( γ ∪ δ ) is non-terminating for some i ≥
1. Thus, t ( γ ∪ δ ) is non-terminatingand therefore non-computable, and we indeed have t (cid:4) A t . – t = Z (cid:104) s , . . . , s k (cid:105) t · · · t n : we either have γ ( Z ) = λx . . . x k .u or γ ( Z ) = λx . . . x i .u (cid:48) with i < k and u (cid:48) not an abstraction; in the latter case let u := λx i +1 . . . x k .u (cid:48) x i +1 · · · x k . Either way, t ( γ ∪ δ ) = u [ x := s ( γ ∪ δ ) , . . . , x k := s k ( γ ∪ δ )] ( t ( γ ∪ δ )) · · · ( t n ( γ ∪ δ )).For this term to be non-computable, either some t i ( γ ∪ δ ) should be non-computable, or u [ x := s ( γ ∪ δ ) , . . . , x k := s k ( γ ∪ δ )]. The former caseimmediately contradicts minimality, since t (cid:4) ∅ t i , so we assume the latter.However, if all s i ( γ ∪ δ ) are computable, then so is u [ x := s ( γ ∪ δ ) , . . . , x k := s k ( γ ∪ δ )]: • if γ ( Z ) = λx . . . x k .u then this holds by computability of all γ ( Z ) andLemma 80; static higher-order dependency pair framework (extended version) 39 • if γ ( Z ) = λx . . . x i .u (cid:48) with i < k and u = u (cid:48) x i +1 · · · x k , then com-putability of γ ( Z ) and Lemma 80 provide computability of u (cid:48) [ x := q , . . . , x i := q i ], which by definition of computability for higher-orderterms implies computability for u (cid:48) [ x := q , . . . , x i := q i ] q i +1 · · · q n = u [ x := q , . . . , x n := q n ].Thus, some s i ( γ ∪ δ ) must be non-computable, and since substituting anunused variable has no effect, this must be the case for some i with x i ∈ FV ( u ).So in this case, γ respects B := A ∪ { Z : i } and we obtain s (cid:4) B t (cid:4) B s i . (cid:117)(cid:116) Next, let us consider formative reductions. We will prove that reductionsfrom a terminating term to some instance of a pattern may be assumed to beformative.
Lemma 83.
Let (cid:96) be a pattern and γ a substitution on domain FMV ( (cid:96) ) suchthat a meta-variable Z with arity ( Z ) = k is mapped to a term λx . . . x k .t . Let s be a terminating term. If s ⇒ ∗R (cid:96)γ , then there exists a substitution δ on thesame domain as γ such that each δ ( Z ) ⇒ ∗R γ ( Z ) and s ⇒ ∗R (cid:96)δ by an (cid:96) -formativereduction. Note that the restriction on γ is very light: every substitution γ on do-main FMV ( (cid:96) ) can be altered to map meta-variables with arity k to termswith k abstracted variables: if γ ( Z ) = λx . . . x k .t with k = arity ( Z ) then let γ (cid:48) ( Z ) = γ ( Z ), and if γ ( Z ) = λx . . . x i .t with i < arity ( Z ) and t not an ab-straction, then replace this by setting γ (cid:48) ( Z ) := λx . . . x k .t x i +1 · · · x k . Note that Z (cid:104) x , . . . , x k (cid:105) γ = Z (cid:104) x , . . . , x k (cid:105) γ (cid:48) . Therefore, we always have (cid:96)γ = (cid:96)γ (cid:48) . Proof.
We prove the lemma by induction first on s ordered by ⇒ R ∪ (cid:3) , secondon the length of the reduction s ⇒ ∗R (cid:96)γ . If (cid:96) is not a fully extended linear pattern,then we are done choosing δ := γ . Otherwise, we consider four cases:1. (cid:96) is a meta-variable application Z (cid:104) x , . . . , x k (cid:105) ;2. (cid:96) is not a meta-variable application, and the reduction s ⇒ ∗R (cid:96)γ does notcontain any headmost steps;3. (cid:96) is not a meta-variable application, and the reduction s ⇒ ∗R (cid:96)γ containsheadmost steps, the first of which is a ⇒ β step;4. (cid:96) is not a meta-variable application, and the reduction s ⇒ ∗R (cid:96)γ containsheadmost steps, the first of which is not a ⇒ β step.In the first case, if (cid:96) is a meta-variable application Z (cid:104) x , . . . , x k (cid:105) , then by α -conversion we may write γ = [ Z := λx . . . x k .t ] with (cid:96)γ = t . Let δ be[ Z := λx . . . x k .s ]. Then δ has the same domain as γ , and indeed δ ( Z ) = λx . . . x k .s ⇒ ∗R λx . . . x k . ( (cid:96)γ ) = γ ( Z ).In the second case, a reduction without any headmost steps, note that s hasthe same outer shape as (cid:96) : either (a) s = λx.s (cid:48) and (cid:96) = λx.(cid:96) (cid:48) , or (b) s = a s · · · s n and (cid:96) = a (cid:96) · · · (cid:96) n for some a ∈ V ∪ F (since (cid:96) is a pattern, a cannot be a meta-variable application or abstraction if n > δ such that s (cid:48) ⇒ ∗R (cid:96) (cid:48) δ by an (cid:96) (cid:48) -formative reduction and δ ⇒ ∗R γ by the induction hypothesis(as sub-meta-terms of linear patterns are still linear patterns). In case (b), we let γ i be the restriction of γ to FMV ( (cid:96) i ) for 1 ≤ i ≤ n ; by linearity of (cid:96) , all γ i havenon-overlapping domains and γ = γ ∪· · ·∪ γ n . The induction hypothesis provides δ , . . . , δ n on the same domains such that each s i ⇒ ∗R (cid:96) i δ i by an (cid:96) i -formativereduction and δ i ⇒ ∗R γ i ; we are done choosing δ := δ ∪ · · · ∪ δ n .In the third case, if the first headmost step is a β -step, note that s musthave the form ( λx.t ) u q · · · q n , and moreover s ⇒ ∗R ( λx.t (cid:48) ) u (cid:48) q (cid:48) · · · q (cid:48) n ⇒ β t (cid:48) [ x := u (cid:48) ] q (cid:48) · · · q (cid:48) n ⇒ ∗R (cid:96)γ by steps in the respective subterms. But then also s ⇒ β t [ x := u ] q · · · q n ⇒ ∗R t (cid:48) [ x := u (cid:48) ] q (cid:48) · · · q (cid:48) n ⇒ ∗R (cid:96)γ , and we can get δ and an (cid:96) -formative reduction for t [ x := u ] q · · · q n ⇒ ∗R (cid:96)δ by the induction hypothesis.In the last case, if the first headmost step is not a β -step, then we can write s = f s · · · s n ⇒ ∗R f s (cid:48) · · · s (cid:48) n = ( (cid:96) (cid:48) η ) s (cid:48) i +1 · · · s (cid:48) n ⇒ R ( rη ) s (cid:48) i +1 · · · s (cid:48) n ⇒ ∗R (cid:96)γ for some f ∈ D , terms s j ⇒ ∗R s (cid:48) j for 1 ≤ j ≤ n , rule (cid:96) (cid:48) ⇒ r and sub-stitution η on domain FMV ( (cid:96) (cid:48) ). But then (cid:96) (cid:48) Z i +1 · · · Z n ⇒ r Z i +1 · · · Z n ∈R ext , and for η (cid:48) := η ∪ [ Z i +1 := s (cid:48) i +1 , . . . , Z n := s (cid:48) n ] we both have s ⇒ ∗R ( (cid:96) (cid:48) Z i +1 · · · Z n ) η (cid:48) without any headmost steps, and ( r Z i +1 · · · Z n ) η (cid:48) ⇒ ∗R (cid:96)γ .By the second induction hypothesis, there exists a substitution ξ such that s ⇒ ∗R ( (cid:96) (cid:48) Z i +1 · · · Z n ) ξ by a ( (cid:96) (cid:48) Z i +1 · · · Z n )-formative reduction and ξ ⇒ ∗R η (cid:48) .This gives s ⇒ + R ( r Z i +1 · · · Z n ) ξ ⇒ ∗R ( r Z i +1 · · · Z n ) η (cid:48) ⇒ ∗R (cid:96)γ , so by the firstinduction hypothesis we obtain δ such that ( r Z i +1 · · · Z n ) ξ ⇒ ∗R (cid:96)δ by an (cid:96) -formative reduction, and δ ⇒ ∗R γ . (cid:117)(cid:116) Essentially, Lemma 83 states that we can postpone reductions that are notneeded to obtain an instance of the given pattern. This is not overly surprising,but will help us eliminate some proof obligations later in the termination proof.From this, we have the main result on static dependency chains.
Theorem 37.
Let ( F , R ) be a properly applied , accessible function passing AFSM. If ( F , R ) is non-terminating, then there is an infinite R -computableformative ( SDP ( R ) , R ) -dependency chain.Proof. In the following, let a minimal non-computable term be a term s := f s · · · s k with k = minar ( f ), such that f ∈ D , and s is not computable but all s i are C -computable. We say that s is MNC.We first observe that if ⇒ R is non-terminating, then there exists a MNCterm. After all, if ⇒ R is non-terminating, then there is a non-terminating term s , which (by Lemma 71(2)) is also non-computable. Let t ( A ) be the element of cand ( s ) that is given by Lemma 82 for γ = δ = []. Then A = ∅ and t has theform f t · · · t k with k = minar ( f ), and there exists a computable substitution δ such that tδ is not computable but all t i δ are.Thus, assuming ⇒ R is non-terminating, we can select a MNC term t − .Now for i ∈ N , let a MNC term t i − = f q · · · q k be given. By definition ofcomputability, there are computable q k +1 , . . . , q m such that f q · · · q k has basetype and is not computable. Since all q i are computable this implies that f q · · · q k is non-terminating, and since they are terminating, there is eventually a reductionat the head: there exist a rule f (cid:96) · · · (cid:96) k ⇒ r and a substitution γ such that f q · · · q m ⇒ ∗R ,in f q (cid:48) · · · q (cid:48) m (where ⇒ ∗R ,in indicates a reduction in the argumentterms q j ) = f ( (cid:96) γ ) · · · ( (cid:96) k γ ) q (cid:48) k +1 · · · q (cid:48) m ⇒ R ( rγ ) q (cid:48) k +1 · · · q (cid:48) m , which latter term static higher-order dependency pair framework (extended version) 41 is still non-terminating. But then also ( rγ ) q k +1 · · · q m is non-terminating (as itreduces to the term above), so rγ is not computable.From the above we conclude: t i − ⇒ ∗R ,in ( f (cid:96) · · · (cid:96) k ) γ ⇒ R rγ , and rγ is notcomputable. By Lemma 83, we can safely assume that the reductions q j ⇒ ∗R (cid:96) j γ are (cid:96) j -formative if f (cid:96) · · · (cid:96) k is a fully extended linear pattern; and since f (cid:96) · · · (cid:96) k is closed we can safely assume that dom ( γ ) = FMV ( f (cid:96) · · · (cid:96) k ).Let s i := f (cid:93) ( (cid:96) γ ) · · · ( (cid:96) k γ ), and note that all (cid:96) j γ are computable by Lemma 75.We observe that for all Z occurring in r we have that γ ( Z ) is C -computableby a combination of accessible function passingness, computability of (cid:96) j γ andLemma 81. As rγ is non-computable, Lemma 82 provides an element t ( A ) of cand ( r ) with pleasant minimality properties and a computable substitution δ on domain FV ( t ) such that γ respects A and t ( γ ∪ δ ) is not computable. For FV ( t ) = { x , . . . , x n } , let Z , . . . , Z n be fresh meta-variables; then p := t [ x := Z , . . . , x n := Z n ] = metafy ( t ), and pη = tδ for η the substitution mapping X ∈ FMV ( (cid:96) ) to γ ( (cid:96) ) and each Z j to δ ( x j ).Set ρ i := (cid:96) (cid:93) (cid:86) p (cid:93) ( A ) and t i := p (cid:93) η . Then t i is MNC, because the meta-term t supplied by Lemma 82 has the form g u · · · u m with m = arity ( g ) and u j ( γ ∪ δ ) is C -computable for each j because t (cid:4) A u j . Thus, we can continue the construction.The chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ] thus constructed is an infinite formative( SDP ( R ) , R )-dependency chain. That it is a ( SDP ( R ) , R )-dependency chain isobvious because each ρ i ∈ SDP ( R ) (since t ( A ) ∈ cand ( r )), because γ respects A and η corresponds with γ on all meta-variables that take arguments, and because FV ( p ) = ∅ and dom ( η ) = FMV ( (cid:96) ) ∪ { Z , . . . , Z n } = FMV ( (cid:96) ) ∪ FMV ( p ). That itis a formative chain follows by the initial selection of γ , as we assumed formativereductions to each (cid:96) j γ .It is also a computable chain: clearly we have t i = pη in step i in theconstruction above. Suppose p (cid:93) (cid:4) B v and η respects B , but ( λy . . . y n .v ) η isnot computable for FV ( v ) = { y , . . . , y n } – so by Lemma 80, v ( η ∪ ζ ) is notcomputable for some computable substitution ζ on domain FV ( v ). Since themeta-variables Z j do not occur applied in p , we can safely assume that B containsonly conditions for the meta-variables in dom ( γ ). By renaming each Z j back to x j ,we obtain that γ respects B and t (cid:4) B v (cid:48) with v = v (cid:48) [ x := Z , . . . , x n := Z n ]. Butthen rγ (cid:4) A ∪ B t (cid:4) A ∪ B v (cid:48) and γ respects A ∪ B and v (cid:48) ( γ ∪ δ ∪ ζ ) is non-computable.By minimality of the choice t ( A ), we have v (cid:48) = t , so v = p (cid:93) . However, p (cid:93) η has amarked symbol g (cid:93) as a head symbol, and thus cannot be reduced at the top; by C -computability of its immediate subterms, it is computable. (cid:117)(cid:116) We also prove the statement that U -computability implies minimality: Lemma 84.
Every U -computable ( P , R ) -dependency chain is minimal.Proof. Let [( ρ , s , t ) , ( ρ , s , t ) , . . . ] be a U -computable ( P , R )-chain and let i ∈ N ; we must prove that the strict subterms of t i are terminating under ⇒ R .By definition, since (cid:4) ∅ is a reflexive relation, t i is C U -computable where C U isgiven by Thm. 13 for a relation ⇒ U ⊇ ⇒ R . By Lemma 71(2), t i is thereforeterminating under ⇒ U , so certainly under ⇒ R as well. The strict subterms of aterminating term are all terminating. (cid:117)(cid:116) B.2 Static dependency pairs: the inverse result
In this section, we prove Thm. 34, which states that the existence of certainkinds of dependency chains implies non-termination of the original AFSM. Thisis not a true inverse of Thm. 37 or even Thm. 32: as observed in the text, thereare terminating AFSMs that do admit an infinite chain. It does, however, giveus a way to use the DP framework to prove non-termination in some cases.We begin by exploring the connection between (cid:4) β and reduction steps. Notethat this result is not limited to PA-AFP AFSMs, so in the following we do notassume that the rules or dependency pairs involved satisfy arity restrictions. Lemma 85.
Let s, t be meta-terms and suppose s (cid:4) A t for some set A of meta-variable conditions. Then for any substitution γ that respects A and has a finitedomain with FMV ( s ) ⊆ dom ( γ ) ⊆ M : sγ ( (cid:73) ∪ ⇒ β ) ∗ tγ .Proof. By induction on the definition of (cid:4) A . Consider the last step in its deriva-tion. – If s = t then sγ = tγ . – If s = λx.u and u (cid:4) A t , then by α -conversion we can assume that x / ∈ FV ( γ ( Z ))for any Z ∈ FMV ( s ). Thus, sγ = λx. ( uγ ) (cid:73) uγ ( (cid:73) ∪ ⇒ β ) ∗ tγ by theinduction hypothesis. – If s = ( λx.u ) s · · · s n and u [ x := s ] s · · · s n (cid:4) A t , then by α -conversion wecan safely assume that x is fresh w.r.t. γ as above; thus, sγ = ( λx. ( uγ )) ( s γ ) · · · ( s n γ ) ⇒ β ( uγ [ x := s γ ]) ( s γ ) · · · ( s n γ ) = ( u [ x := s ] s · · · s n ) γ , which re-duces to tγ by the induction hypothesis. – If s = u s · · · s n for u an abstraction, variable, function symbol or meta-variable application, and s i (cid:4) A t , then sγ = ( uγ ) ( s γ ) · · · ( s n γ ) (cid:73) s i γ ( (cid:73) ∪ ⇒ β ) ∗ tγ by the induction hypothesis. – If s = Z (cid:104) t , . . . , t k (cid:105) s · · · s n and t i (cid:4) A t for some 1 ≤ i ≤ k with ( Z : i ) ∈ A ,then we can write γ ( Z ) = λx . . . x n .w (where n ≤ k ), and sγ = w [ x := t γ, . . . , x n := t n γ ] ( t n +1 γ ) · · · ( t k γ ). Since γ respects A , either x i occursin w or i > n ; therefore γ ( Z ) (cid:73) t i γ . We again complete by the inductionhypothesis. (cid:117)(cid:116) In fact, the text is ambiguous regarding the definition of
SDP when an AFSMis not properly applied, since minar ( f ) may not be uniquely defined. However,the result holds for any choice of minar ( f ). In the following lemma, we onlyuse that the elements of SDP ( R ) are DPs f (cid:93) (cid:96) · · · (cid:96) k (cid:86) g (cid:93) p · · · p i ( A ) where f (cid:93) (cid:96) · · · (cid:96) k ⇒ r is a rule and there exist p i +1 . . . p n such that r (cid:4) A g p · · · p n . Lemma 86.
For (cid:96) (cid:93) (cid:86) p (cid:93) ( A ) ∈ SDP ( R ) such that FMV ( p ) ⊆ FMV ( (cid:96) ) , andsubstitution γ on domain FMV ( (cid:96) ) such that γ respects the meta-variable condi-tions in A : both (cid:96)γ and pγ are terms and (cid:96)γ ( ⇒ R ∪ (cid:3) ) + pγ .Proof. By definition of
SDP and the fact that no fresh meta-variables occuron the right, there is a rule (cid:96) ⇒ r such that p ( A ) ∈ cand ( r ), so there are r , . . . , r n such that r (cid:4) A p r · · · r n . Clearly, we have (cid:96)γ ⇒ R rγ by that rule, and rγ ( (cid:3) ∪ ⇒ R ) ∗ ( p r · · · r n ) γ (cid:4) pγ by Lemma 85 (using that (cid:73) is a sub-relationof (cid:3) ). We are done because ⇒ β is included in ⇒ R . (cid:117)(cid:116) static higher-order dependency pair framework (extended version) 43 This allows us to draw the required conclusion:
Theorem 34.
For any AFSM ( F , R ) : if there is an infinite ( SDP ( R ) , R ) -chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ] with all ρ i conservative, then ⇒ R is non-terminating.Proof. Let s (cid:91)i , t (cid:91)i denote the terms s i , t i with all (cid:93) marks removed. An infinite( SDP ( R ) , R )-dependency chain that does not use any DPs where fresh meta-variables are introduced on the right-hand side provides a sequence ( s i , t i ) for i ∈ N such that for all i , s (cid:91)i ( ⇒ R ∪ (cid:3) ) + t (cid:91)i (by Lemma 86), and t (cid:91)i ⇒ ∗R s (cid:91)i +1 . Thus,we obtain an infinite ⇒ R ∪ (cid:3) sequence, which provides an infinite ⇒ R sequencedue to monotonicity of ⇒ R . (cid:117)(cid:116) B.3 Original static dependency pairs
Since the most recent work on static dependency pairs has been defined for apolymorphic variation of the HRS formalism, it is not evident from sight howour definitions relate. Here, we provide context by showing how the definitionsfrom [34,46] apply to the restriction of HRSs that can be translated to AFSMs.It should be noted that HRSs, as translated to AFSMs, should be seen as η -expanded rules; in practice, for (cid:96) ⇒ r we have that (cid:96) (cid:73) s or r (cid:73) s implies thateither s is an abstraction, or s has base type. This definition implies that thesystem is properly applied, but is much stronger. We will refer to this restrictionas fully applied . Definition 87.
An AFSM ( F , R ) is plain function passing following [34] if: – for all rules f (cid:96) · · · (cid:96) m ⇒ r and all Z ∈ FMV ( r ) : if Z does not havebase type, then there are variables x , . . . , x n and some i such that (cid:96) i = λx . . . x n .Z (cid:104) x j , . . . , x j k (cid:105) .An AFSM ( F , R ) is plain function passing following [46] if: – for all rules f (cid:96) · · · (cid:96) m ⇒ r and all Z ∈ FMV ( r ) : there are some variables x , . . . , x k and some i ≤ m such that (cid:96) i (cid:4) [46] safe Z (cid:104) x , . . . , x k (cid:105) , where the relation (cid:4) [46] safe is given by: • s (cid:4) [46] safe s , • λx.t (cid:4) [46] safe s if t (cid:4) [46] safe s , • x t · · · t n (cid:4) [46] safe s if t i (cid:4) [46] safe s for some i with x ∈ V \ FV ( t i ) • f t · · · t n (cid:4) [46] safe s if t i (cid:4) [46] safe s for some t i of base type. In addition, in both cases right-hand sides of rules are assumed to be presentedin β -normal form and are fully applied. The authors of [46] refer to such subterms as accessible . We do not use this terminology,as it does not correspond to the accessibility notion in [8,9] which we follow here. Inparticular, the accessibility notion we use considers the relation (cid:23) S + , which correspondsto the positive/negative inductive types in [8,9]. This is not used in [46].4 Carsten Fuhs and Cynthia Kop The definitions of PFP in [34,46] also capture some non-pattern HRSs, butthese cannot be represented as AFSMs. Note that the key difference between (cid:4) [46] safe and (cid:4) for patterns is that the former is not allowed to descend into a non-baseargument of a function symbol. The same difference applies when comparing (cid:4) [46] safe with (cid:4) acc : (cid:4) [46] safe also cannot descend into the accessible higher-order arguments. Example 88.
The rules from Ex. 6 are PFP following both definitions. The rulesfrom Ex. 17 are PFP following [46] but not following [34]. The rules from Ex. 8are not PFP in either definition, since lim F (cid:4) [46] safe F does not hold (althoughthey are AFP).For a PFP AFSM, static dependency pairs are then defined as pairs (cid:96) (cid:93) (cid:86) f (cid:93) p · · · p m . This allows for a very simple notion of chains, even closer to the onein the first-order setting than our Def. 30. Definition 89.
A static dependency chain following [34,46] is an infinite se-quence [( (cid:96) (cid:86) p , γ ) , ( (cid:96) (cid:86) p , γ ) , . . . ] where p i γ i ⇒ ∗R (cid:96) i +1 γ i +1 for all i . It is minimal if each p i γ i is terminating under ⇒ R . Both papers present a counterpart of Theorems 32 and 37 that roughlytranslates to the following:
Theorem 90 ([34,46]).
Let R be plain function passing following either defini-tion in Def. 87. Let P = { (cid:96) (cid:93) (cid:86) f (cid:93) p · · · p m | (cid:96) ⇒ r ∈ R ∧ r (cid:4) f p · · · p m ∧ f ∈D ∧ m = arity ( f ) } . If ⇒ R is non-terminating, then there is an infinite minimalstatic dependency chain with all (cid:96) i (cid:86) p i ∈ P . Note that the chains are proved minimal , but not computable (which is a newdefinition in the current paper).However, there is no counterpart to Thm. 34: this result relies on the presenceof meta-variable conditions, which are not present in the static DPs from theliterature.Note that (cid:4) acc corresponds to (cid:4) [46] safe (from Def. 87) if (cid:23) S equates all sorts(as then always Acc ( f ) = { the indices of all base type arguments of f } ). Thus,Def. 18 includes both notions from Def. 87. C Dependency pair processors
In this appendix, we prove the soundness – and where applicable completeness –of all DP processors defined in the text.We first observe:
Lemma 91.
If Proc maps every DP problem to a set of problems such that forall ( P (cid:48) , R (cid:48) , m (cid:48) , f (cid:48) ) ∈ Proc ( P , R , m, f ) we have that P (cid:48) ⊆ P , R (cid:48) ⊆ R , m (cid:48) (cid:23) m and f (cid:48) = f , then Proc is complete. static higher-order dependency pair framework (extended version) 45 Proof. Proc ( P , R , m, f ) is never NO . Suppose Proc ( P , R , m, f ) contains an infiniteelement ( P (cid:48) , R (cid:48) , m (cid:48) , f (cid:48) ); we must prove that then ( P , R , m, f ) is infinite as well.This is certainly the case if ⇒ R is non-terminating, so assume that ⇒ R isterminating. Then certainly ⇒ R (cid:48) ⊆ ⇒ R is terminating as well, so ( P (cid:48) , R (cid:48) , m (cid:48) , f (cid:48) )can be infinite only because there exists an infinite ( P (cid:48) , R (cid:48) )-chain that is U -computable if m (cid:48) = computable U , minimal if m (cid:48) = minimal and formative if f (cid:48) = formative . By definition, this is also a ( P , R )-dependency chain, which isformative if f = f (cid:48) = formative . Since ⇒ R is terminating, this chain is alsominimal. If we have m = computable U , then also m (cid:48) = computable U (since computable U is maximal under (cid:23) ) and the chain is indeed U -computable. (cid:117)(cid:116) C.1 The dependency graph
The dependency graph processor lets us split a DP problem into multiple smallerones. To prove soundness of its main processor, we first prove a helper result.
Lemma 92.
Let M = ( P , R , m, f ) and G θ an approximation of its dependencygraph. Then for every infinite M -chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ] there exist n ∈ N and a cycle C in G θ such that for all i > n : θ ( ρ i ) ∈ C .Proof. We claim (**): for all i ∈ N , there is an edge from θ ( ρ i ) to θ ( ρ i +1 ). Bydefinition of approximation , the claim follows if DG has an edge from ρ i to ρ i +1 .But this is obvious: by definition of a chain, if [( ρ , s , t ) , ( ρ , s , t ) , . . . ] is adependency chain, then so is [( ρ i , s i , t i ) , ( ρ i +1 , s i +1 , t i +1 )].Now, having (**), the chain traces an infinite path in G θ . Let C be the setof nodes that occur infinitely often on this path; then for every node d that isnot in C , there is an index n d after which θ ( ρ i ) is never d anymore. Since G θ isa finite graph, we can take n := max( { n d | d a node in G θ ∧ d / ∈ C } ). Now forevery pair d, b ∈ C : because they occur infinitely often, there is some i > n with θ ( ρ i ) = d and there is j > i with θ ( ρ j ) = b . Thus, by (**) there is a path in G θ from d to b . Similarly, there is a path from b to d . Hence, they are on a cycle. (cid:117)(cid:116) Note that to find a chain with all θ ( ρ i ) ∈ C , we do not need to modify theoriginal chain at all: the satisfying chain is a tail of the original chain. Hence,the same flags apply to the resulting chain. This makes it very easy to provecorrectness of the main processor: Theorem 45 (Dependency graph processor).
The processor Proc G θ thatmaps a DP problem M = ( P , R , m, f ) to { ( { ρ ∈ P | θ ( ρ ) ∈ C i } , R , m, f ) | ≤ i ≤ n } if G θ is an approximation of the dependency graph of M and C , . . . , C n are the (nodes of the) non-trivial strongly connected components (SCCs) of G θ ,is both sound and complete.Proof. Completeness follows by Lemma 91. Soundness follows because if ( P , R , m,f ) admits an infinite chain, then by Lemma 92 there is a cycle C such that a tailof this chain is mapped into C . Let C (cid:48) be the strongly connected component inwhich C lies, and P (cid:48) = { ρ ∈ P | θ ( ρ ) ∈ C (cid:48) } . Then clearly the same tail lies in P (cid:48) ,giving an infinite ( P (cid:48) , R , m, f )-chain, and ( P (cid:48) , R , m, f ) is one of the elements ofthe set returned by the dependency graph processor. (cid:117)(cid:116) The dependency graph processor is essential to prove termination in ourframework because it is the only processor defined so far that can map a DPproblem to ∅ . C.2 Processors based on reduction triplesTheorem 49 (Basic reduction triple processor).
Let M = ( P (cid:93) P , R , m,f ) be a DP problem. If ( (cid:37) , (cid:60) , (cid:31) ) is a reduction triple such that1. for all (cid:96) ⇒ r ∈ R , we have (cid:96) (cid:37) r ;2. for all (cid:96) (cid:86) p ( A ) ∈ P , we have (cid:96) (cid:31) p ;3. for all (cid:96) (cid:86) p ( A ) ∈ P , we have (cid:96) (cid:60) p ;then the processor that maps M to { ( P , R , m, f ) } is both sound and complete.Proof. Completeness follows by Lemma 91. Soundness follows because everyinfinite ( P (cid:93)P , R )-chain [( ρ , s , t ) , ( ρ , s , t ) , . . . ] with P , P , R satisfying thegiven properties induces an infinite (cid:31) ∪ (cid:60) ∪ (cid:37) sequence, and every occurrence ofa DP in P in the chain corresponds to a (cid:31) step in the sequence. By compatibilityof the relations, well-foundedness guarantees that there can only be finitely manysuch steps, so there exists some n such that [( ρ n , s n , t n ) , ( ρ n +1 , s n +1 , t n +1 ) , . . . ]is an infinite ( P , R )-chain.To see that we indeed obtain the sequence, let i ∈ N . Denote ρ i := (cid:96) (cid:86) p ( A ),and let γ be a substitution on domain FMV ( (cid:96) ) ∪ FMV ( p ) such that s i = (cid:96)γ and t i = pγ . Meta-stability gives us that s i = (cid:96)γ ( (cid:60) ∪ (cid:31) ) pγ = t i . As ⇒ R is includedin (cid:37) by meta-stability and monotonicity, and because t i ⇒ ∗R s i +1 , we have t i (cid:37) s i +1 . Thus, s i ( (cid:60) ∪ (cid:31) ) · (cid:37) s i +1 . Moreover, a (cid:31) step is used if ρ i ∈ P . (cid:117)(cid:116) Now that we have seen a basic processor using reduction triples, soundness ofthe base-type processor presented in the text follows easily.
Theorem 52 (Reduction triple processor).
Let
Bot be a set {⊥ σ : σ | σ a type } ⊆ F (cid:93) of unused constructors, M = ( P (cid:93) P , R , m, f ) a DP problemand ( (cid:37) , (cid:60) , (cid:31) ) a reduction triple such that: (a) for all (cid:96) ⇒ r ∈ R , we have (cid:96) (cid:37) r ; and (b) for all (cid:96) (cid:86) p ( A ) ∈ P (cid:93) P with (cid:96) : σ → . . . → σ m → ι and p : τ → . . . → τ n → κ we have, for fresh meta-variables Z : σ , . . . , Z m : σ m : – (cid:96) Z · · · Z m (cid:31) p ⊥ τ · · · ⊥ τ n if (cid:96) (cid:86) p ( A ) ∈ P – (cid:96) Z · · · Z m (cid:60) p ⊥ τ · · · ⊥ τ n if (cid:96) (cid:86) p ( A ) ∈ P Then the processor that maps M to { ( P , R , m, f ) } is both sound and complete.Proof. Completeness follows by Lemma 91. Soundness follows by soundness ofThm. 49: let ( (cid:37) , (cid:60) , (cid:31) ) be a reduction triple satisfying the requirements above,and for R ∈ { (cid:60) , (cid:31)} define R (cid:48) as follows: for s : σ → . . . → σ m → ι and t : τ → . . . → τ n → κ , let s R (cid:48) t if for all u : σ , . . . , u m : σ m there exist w : τ , . . . , w n : τ n such that s u · · · u m R t w · · · w n . We claim that ( (cid:37) , (cid:60) (cid:48) , (cid:31) (cid:48) )is a reduction triple satisfying the requirements of Thm. 49, which impliessoundness of the present processor. static higher-order dependency pair framework (extended version) 47 It is clear that (cid:60) (cid:48) and (cid:31) (cid:48) satisfy the requirements of Thm. 49: if (cid:96) (cid:86) p ( A ) ∈ P , then for any u , . . . , u m we let w := ⊥ τ , . . . , w n := ⊥ τ n and have (cid:96) u · · · u m (cid:31) p w · · · w n by meta-stability of (cid:31) ; the same holds for (cid:60) . It remainsto be seen that (cid:31) (cid:48) and (cid:60) (cid:48) are both transitive and meta-stable, that (cid:60) (cid:48) is reflexiveand that (cid:31) (cid:48) is well-founded. – Meta-stability: given that (cid:96) (cid:31) (cid:48) p and γ is a substitution on domain FMV ( (cid:96) ) ∪ FMV ( p ), we must see that (cid:96)γ (cid:31) (cid:48) pγ (the case for (cid:60) (cid:48) follows in the same way).Let u , . . . , u m be arbitrary terms and δ := γ ∪ [ Z := u , . . . , Z m := u m ];then ( (cid:96) Z · · · Z m ) δ (cid:31) ( p ⊥ τ · · · ⊥ τ n ) δ , so indeed (cid:96)δ = (cid:96)γ (cid:31) (cid:48) pγ . – Transitivity: if s (cid:31) t (cid:31) v then for all u there exist w such that s u (cid:31) t w ,and for all w there exist q such that t w (cid:31) v q ; thus, also s u (cid:31) v q . Thecase for (cid:60) is similar. – Reflexivity of (cid:60) (cid:48) : always s (cid:60) (cid:48) s since for all u , . . . , u m we have s u (cid:60) s u . – Well-foundedness of (cid:31) (cid:48) : suppose s (cid:31) (cid:48) s (cid:31) (cid:48) . . . and let u be a sequence ofvariables; we find u , u , . . . such that s u (cid:31) (cid:48) s u (cid:31) (cid:48) . . . as in the casefor transitivity. (cid:117)(cid:116) C.3 Rule removal without search for orderings
There is very little to prove: the importance is in the definition.
Theorem 58 (Formative rules processor).
For a formative rules approxim-ation FR, the processor Proc FR that maps a DP problem ( P , R , m, formative ) to { ( P , FR ( P , R ) , m, formative ) } is both sound and complete.Proof. Completeness follows by Lemma 91. Soundness follows by definition of aformative rules approximation (a formative infinite ( P , R )-dependency chain canbe built using only rules in FR ( P , R )). (cid:117)(cid:116) The practical challenge lies in proving that a given formative rules approx-imation really is one. The definition of a good approximation function is left tofuture work.
C.4 Subterm criterion processors
Next, we move on to the subterm processors. We first present the basic one –which differs little from its first-order counterpart, but is provided for context.
Theorem 61 (Subterm criterion processor).
The processor Proc subcrit thatmaps a DP problem ( P (cid:93) P , R , m, f ) with m (cid:23) minimal to { ( P , R , m, f ) } ifa projection function ν exists such that ν ( (cid:96) ) (cid:3) ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P and ν ( (cid:96) ) = ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P , is sound and complete.Proof. Completeness follows by Lemma 91. Soundness follows because an infinite( P , R , m, f )-chain with the properties above induces an infinite sequence ν ( s ) (cid:4) ν ( t ) ⇒ ∗R ν ( s ) (cid:4) ν ( t ) ⇒ ∗R . . . . Since the chain is minimal (either because m = minimal , or by Lemma 84 if m = computable U ), ν ( p ) is terminating, andtherefore it is terminating under ⇒ R ∪ (cid:3) . Thus, there is some index n suchthat for all i ≥ n : ν ( s i ) = ν ( t i ) = ν ( s i +1 ). But this can only be the case if ν ( (cid:96) i ) = ν ( p i ). But then the tail of the chain starting at position n does not useany pair in P , and is therefore an infinite ( P , R , m, f )-chain. (cid:117)(cid:116) We now turn to the proof of the computable subterm criterion processor.This proof is very similar to the one for the normal subterm criterion, but itfundamentally uses the definition of a computable chain.
Theorem 63 (Computable subterm criterion processor).
The processorProc statcrit that maps a DP problem ( P (cid:93) P , R , computable U , f ) to { ( P , R , computable U , f ) } if a projection function ν exists such that ν ( (cid:96) ) (cid:61) ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P and ν ( (cid:96) ) = ν ( p ) for all (cid:96) (cid:86) p ( A ) ∈ P , is sound and complete.Here, (cid:61) is the relation on base-type terms with s (cid:61) t if s (cid:54) = t and (a) s (cid:4) acc t or (b)a meta-variable Z exists with s (cid:4) acc Z (cid:104) x , . . . , x k (cid:105) and t = Z (cid:104) t , . . . , t k (cid:105) s · · · s n .Proof. Completeness follows by Lemma 91. Soundness follows because, for C := C U the computability predicate corresponding to ⇒ S , an infinite ( P , R , computable U , f )-chain induces an infinite (cid:86) C ∪ ⇒ R sequence starting in the C -computable term ν ( s ), with always s i ( (cid:86) C ∪ ⇒ R ) ∗ t i if ρ i ∈ P and ν ( s i ) = ν ( t i )if ρ i ∈ P ; like in the proof of the subterm criterion, this proves that the chainhas a tail that is a ( P , R , computable U , f )-chain because, by definition of C , ⇒ R ∪ (cid:86) C is terminating on C -computable terms.It remains to be seen that we indeed have ν ( s i ) ( (cid:86) C ∪ ⇒ R ) + ν ( t i ) whenever ρ i ∈ P . So suppose that ρ is a dependency pair (cid:96) (cid:86) p ( A ) ∈ P such that ν ( (cid:96) ) (cid:61) ν ( p ); we must see that ν ( (cid:96)γ ) ( (cid:86) C ∪ ⇒ β ) + ν ( pγ ) for any substitution γ on domain FMV ( (cid:96) ) ∪ FMV ( r ) such that vγ is C -computable for all v, B suchthat r (cid:4) B v and γ respects B .Write (cid:96) = f (cid:96) · · · (cid:96) k and p = g p · · · p n ; then ν ( (cid:96)γ ) = (cid:96) ν ( f ) γ and ν ( pγ ) = p ν ( g ) γ . Since, by definition of a dependency pair, (cid:96) is closed, we also have FV ( (cid:96) ν ( f ) ) = ∅ . Consider the two possible reasons why (cid:96) ν ( f ) (cid:61) p ν ( g ) . – (cid:96) ν ( f ) (cid:4) acc p ν ( g ) : since both sides have base type by assumption and (cid:96) ν ( f ) isclosed, by Lemma 77 also (cid:96) ν ( f ) γ ( (cid:86) C ∪ ⇒ β ) ∗ p ν ( g ) γ . – (cid:96) ν ( f ) (cid:4) acc Z (cid:104) x , . . . , x k (cid:105) and p ν ( g ) = Z (cid:104) u , . . . , u k (cid:105) v · · · v n : denote γ ( Z ) = λx . . . x k .q and also γ ( Z ) ≈ k λx . . . x k .q (cid:48) . Then we can write q = λx k +1 . . . x i .q (cid:48)(cid:48) as well as q (cid:48) = q (cid:48)(cid:48) x i +1 · · · x k for some k ≤ i ≤ k . Moreover: p ν ( g ) γ = q (cid:48) [ x := u γ, . . . , x k := u k γ ] v γ · · · v n γ By definition of an U -computable chain, v j γ is computable for each 1 ≤ j ≤ n ,and u j γ is computable for each 1 ≤ j ≤ k such that x j ∈ FV ( q (cid:48) ). Write v (cid:48) j := v j γ and let u (cid:48) j := u j γ if x j ∈ FV ( q (cid:48) ), otherwise u (cid:48) j := a fresh variable;then all u (cid:48) j and v (cid:48) j are computable, and still: p ν ( g ) γ = q (cid:48) [ x := u (cid:48) , . . . , x k := u (cid:48) k ] v (cid:48) · · · v (cid:48) n = q (cid:48)(cid:48) [ x := u (cid:48) , . . . , x i := u (cid:48) i ] u (cid:48) i +1 · · · u (cid:48) k (cid:48) v (cid:48) · · · v (cid:48) n static higher-order dependency pair framework (extended version) 49 On the other hand, by Lemma 77 and the observation that FV ( (cid:96) ν ( f ) ) = ∅ ,we have (cid:96) ν ( f ) γ ( (cid:86) C ∪ ⇒ β ) + q [ x := u (cid:48) , . . . , x k := u (cid:48) k ] u (cid:48) k +1 · · · u (cid:48) k v (cid:48) · · · v (cid:48) n ,and as q = λx k +1 . . . x i .q (cid:48)(cid:48) this term β -reduces to q (cid:48)(cid:48) [ x := u (cid:48) , . . . , x i := u (cid:48) i ] u (cid:48) i +1 · · · u (cid:48) k (cid:48) v (cid:48) · · · v (cid:48) n = p ν ( g ) γ . (cid:117)(cid:116) C.5 Non-termination
Soundness and completeness of the non-termination processor in Thm. 65 areboth direct consequences of Def. 40 and Def. 41.
D Experimental results
Finally, while the main paper focuses on a theoretical exposition, we here presentan experimental evaluation of the results in this paper. The work has beenimplemented in the second author’s termination tool
WANDA , using higher-orderpolynomial interpretations [15] and a recursive path ordering [29, Chapter 5] forreduction triples. Both methods rely on an encoding of underlying constraintsinto SAT. The search for a sort ordering, and a projection function for thesubterm criterion, is also delegated to SAT. The non-termination processor hasnot been implemented (
WANDA performs some loop analysis, but outside theDP framework; this is a planned future improvement), and the subterm criterionprocessor has been merged with the computable subterm criterion processor.In addition to the results in this paper,
WANDA includes a search for monotonictermination orderings outside the DP framework (using successive rule removal),a dynamic DP framework (following [31]), and a mechanism [14] within bothDP frameworks to delegate some first-order parts of the AFSM to a first-ordertermination tool (here we use
AProVE [19]).We have evaluated the power of our techniques on the
Termination ProblemsDatabase [49], version 10.5. Of the 198 benchmarks in the category
Higher OrderUnion Beta , 153 are accessible function passing. Comparing the power of staticDPs versus dynamic DPs or no DP framework gives the following results (where
Time is the average runtime on success in seconds):
Technique Yes Time
Only rule removal 92 0.32Static DPs with techniques from this paper 124 0.07Dynamic DPs with techniques from this paper 132 0.52Static DPs with delegation to a first-order prover 129 0.58Dynamic DPs with delegation to a first-order prover 137 0.93Static and dynamic DPs with delegation to a first-order prover 150 0.70Non-terminating? 16While static DPs have a slightly lower success rate than dynamic DPs, theirevaluation is much faster, since they allow for greater modularity: the dynamicsetting includes dependency pairs where the right-hand does not have a (marked)defined symbol at the head (e.g., map F ( cons H T ) (cid:86) F H ), which make both the subterm criterion processor and the dependency graph processor harder toapply. The combination of static and dynamic DPs performs substantially betterthan either style alone: although the gains can be seen as modest if the size ofthe data set is not taken into account (153 versus 166 YES+NO, giving an 8%increase), the numbers indicate a 29% decrease in failure rate (from 45 to 32).We have also compared the individual techniques in this paper by disablingthem from the second test above. This gives the table below:
Disabled Yes Time
Formative rules 124 0.07Usable rules 124 0.10Subterm criterion 121 0.16Graph 121 0.35Reduction triples 92 0.01Nothing 124 0.07 Note that none of the techniques individually givemuch power except for reduction triples: whereone method is disabled, another can typically pickup the slack. If all processors except reductiontriples are disabled, only 105 benchmarks areproved. Most processors do individually give asignificant speedup . Only formative rules does not;this processor is useful in the dynamic setting,but does not appear to be so here.Evaluation pages for these and further experiments are available at:. Only formative rules does not;this processor is useful in the dynamic setting,but does not appear to be so here.Evaluation pages for these and further experiments are available at: