Invariant Generation for Multi-Path Loops with Polynomial Assignments

Let $\mathbb{K}$ be a computable field of characteristic zero. This means that addition and multiplication can be carried out algorithmically, that there exists an algorithm to test if an element in $\mathbb{K}$ is zero, and that the field of rational numbers $\mathbb{Q}$ is a subfield of $\mathbb{K}$. For variables $x_{1},\dots,x_{n}$, the ring of multivariate polynomials over $\mathbb{K}$ is denoted by $\mathbb{K}[x_{1},\dots,x_{n}]$, or, if the number of variables is clear from (or irrelevant in) the context, by $\mathbb{K}[\vec{x}]$. Correspondingly, $\mathbb{K}(x_{1},\dots,x_{m})$ or $\mathbb{K}(\vec{x})$ denotes the field of rational functions over $\mathbb{K}$ in $x_{1},\dots,x_{m}$. If every polynomial in $\mathbb{K}[x]$ with a degree $\geq 1$ has at least one root in $\mathbb{K}$, then $\mathbb{K}$ is called algebraically closed. An example for such a field is $\overline{\mathbb{Q}}$, the field of algebraic numbers. In contrast, the field of complex numbers $\mathbb{C}$ is algebraically closed, but not computable, and $\mathbb{Q}$ is computable, but not algebraically closed. We suppose that $\mathbb{K}$ is always algebraically closed. This is not necessary for our theory, as we only need the existence of roots for certain polynomials, which is achieved by choosing $\mathbb{K}$ to be an appropriate algebraic extension field of $\mathbb{Q}$. It does, however, greatly simplify the statement of our results.

In our framework, we consider a program $B$ to be a loop of the form

where $B^{\prime}$ is a program block that is either the empty block $\epsilon$, an assignment $v_{i}=f(v_{1},\dots,v_{m})$ for a rational function $f\in\mathbb{K}(x_{1},\dots,x_{m})$ and program variables $v_{1},\dots,v_{m}$, or has one of the composite forms

for some program blocks $B_{1}$ and $B_{2}$ and the usual semantics. We omit conditions for the loop and if statements, as the problem of computing all polynomial invariants is undecidable when taking affine equality tests into account [11]. Consequently, we regard loops as non-deterministic programs in which each block of consecutive assignments can be executed arbitrarily often. More precisely, grouping consecutive assignments into blocks $B_{1},\dots,B_{r}$, any execution path of $B$ can be written in the form

for a sequence $(n_{i})_{i\in\mathbb{N}}$ of non-negative integers with finitely many non-zero elements. To that effect, we interpret any given program (1) as the set of its execution paths, written as

We adapt the well-established Hoare triple notation

for program specifications, where $P$ and $Q$ are logical formulas, called the pre- and postcondition respectively, and $B$ is a program. In this paper we focus on partial correctness of programs, that is a Hoare triple (2) is correct if every terminating computation of $B$ which starts in a state satisfying $P$ terminates in a state that satisfies $Q$.

In this paper we are concerned with computing polynomial invariants for a considerable subset of loops of the form (1). These invariants are algebraic dependencies among the loop variables that hold after any number of loop iterations.

Polynomial invariants are algebraic dependencies among the values of the variables at each loop iteration. Obviously, non-trivial dependencies do not always exist.

In [8, 17], it is observed that the set of all polynomial loop invariants for a given loop forms an ideal. It is this fact that facilitates all of our subsequent reasoning.

Polynomial ideals can informally be interpreted as the set of all consequences when it is known that certain polynomial equations hold. In fact, if we have given a set $P$ of polynomials of which we know that they serve as algebraic dependencies among the variables of a given loop, the ideal generated by $P$ then contains all the polynomials that consequently have to be polynomial invariants as well.

A basis for a given ideal in a ring does not necessarily have to be finite. However, a key result in commutative algebra makes sure that in our setting we only have to consider finitely generated ideals.

Subsequently, whenever we say we are given an ideal $\mathcal{I}$, we mean that we have given a finite basis of $\mathcal{I}$.

There is usually more than one basis for a given ideal and some are more useful for certain purposes than others. In his seminal PhD thesis [1], Buchberger introduced the notion of Gröbner bases for polynomial ideals and an algorithm to compute them. While, for reasons of brevity, we will not formally define these bases, it is important to note that with their help, central questions concerning polynomial ideals can be answered algorithmically.

We will use Gröbner bases to compute the ideal of all algebraic relations among given rational functions. For this, we use the polynomials $q_{i}y_{i}-p_{i}$ to model the equations $y_{i}=q_{i}/p_{i}$ by multiplying the equation with the denominator. In order to model the fact that the denominator is not identically zero, and therefore allowing us to divide by it again, we use the saturation with respect to the least common multiple of all denominators. To see why this is necessary, consider $y_{1}=y_{2}=\frac{x_{1}}{x_{2}}$. An algebraic relation among $y_{1}$ and $y_{2}$ is $y_{1}-y_{2}$, but with the polynomials $x_{2}y_{1}-x_{1}$ and $x_{2}y_{2}-x_{1}$, we only can derive $x_{2}(y_{1}-y_{2})$. We have to divide by $x_{2}$.

A polynomial ideal $\mathcal{I}\vartriangleleft\mathbb{K}[\vec{x}]$ gives rise to a set of points in $\mathbb{K}^{n}$ for which all polynomials in $\mathcal{I}$ vanish simultaneously. This set is called a variety.

Varieties are one of the central objects of study in algebraic geometry. Certain geometric shapes like points, lines, circles or balls can be described by prime ideals and come with an intuitive notion of a dimension, e.g. points have dimension zero, lines and circles have dimension one and balls have dimension two. The notion of the Krull dimension of a ring formalizes this intuition when being applied to the quotient ring $\mathbb{K}[\vec{x}]/\mathcal{I}$. In this paper, we will use the Krull dimension to provide an upper bound for the number of necessary iterations of our algorithm.

In this section, we restrain ourselves to loops whose bodies are comprised of rational function assignments only. This means that we restrict the valid composite forms in a program of the form (1) to sequential compositions and, for the moment, exclude inner loops and conditional branches. We therefore consider a loop $L=B_{1}^{*}$ where $B_{1}$ is a single block containing only variable assignments.

Each variable $v_{i}$ in a given loop of the form (1) gives rise to a sequence $(v_{i}(n))_{n\in\mathbb{N}}$, where $n$ is the number of loop iterations. The class of eligible loops is then defined based on the form of these sequences. Let $r(x)^{\underline{n}}$ denote the falling factorial defined as ${\prod_{i=0}^{n-1}r(x-i)}$ for any $r\in\mathbb{K}(x)$ and $n\in\mathbb{N}$.

Definition 8 extends the class of P-solvable loops in the sense that each sequence induced by an extended P-solvable loop is the sum of a finitely many hypergeometric sequences. This comprises C-finite sequences as well as hypergeometric sequences and sums and Hadamard products of C-finite and hypergeometric sequences. In contrast, P-solvable loops induce C-finite sequences only. For details on C-finite and hypergeometric sequences we refer to [5].

Every sequence of the form (3) can be written as

where $r_{j}=p_{i}/q_{i}$ is a rational function, and $v^{(0)}$ and $v^{(1)}$ denote the values of $v$ before and after the execution of the loop. Let $I(\vec{\theta},\vec{\zeta})\vartriangleleft\mathbb{K}[y_{0},\dots,y_{k+\ell}]$ be the ideal of all algebraic dependencies in the variables $y_{0},\dots,y_{k+\ell}$ between the sequence $(n)_{n\in\mathbb{N}}$, the exponential sequences $\theta_{1}^{n},\dots,\theta_{k}^{n}$ and the sequences $(n+\zeta_{1})^{\underline{n}},\dots,(n+\zeta_{\ell})^{\underline{n}}$. Note that it was shown in [4] that this ideal is the same as the extension of the ideal $I(\vec{\theta})\vartriangleleft\mathbb{K}[y_{0},\dots,y_{k}]$ of all algebraic dependencies between the $\theta^{n}\kern-2.0pt$ in $\mathbb{K}[y_{0},\dots,y_{k}]$ to $\mathbb{K}[y_{0},\dots,y_{k+\ell}]$, as the factorial sequences $(n+\zeta_{i})^{\underline{n}}$ are algebraically independent from the exponential sequences $\theta_{i}^{n}$. Now the following proposition states how the invariant ideal of an extended P-solvable loop can be computed.

In this section we give the prerequisites for proving termination of the invariant generation method for multi-path loops (Section 3.3). The results of this section will allow us to proof termination by applying Theorem 2.4.

Let $\vec{v}^{(i)}=v_{1}^{(i)},\dots,v_{m}^{(i)}$ and $\vec{y}^{(i)}=y_{1}^{(i)},\dots,y_{\ell}^{(i)}$ for $i\in\mathbb{N}$. We model the situation in which the value of the $j$th loop variable after the execution of the $i$th block in (1) is given by a rational function in the $\vec{y}^{(i)}$ (which, for us, will be the exponential and factorial sequences as well as the loop counter) and the ‘old’ variable values $\vec{v}^{(i-1)}$ and is assigned to $v_{j}^{(i)}$. Set ${\mathcal{I}_{0}=\sum_{j=1}^{m}\langle v^{(1)}_{j}\kern-2.0pt-v^{(0)}_{j}\rangle}$ and let ${I_{i}\vartriangleleft\mathbb{K}[\vec{y}^{(i)}]}$ for $i\in\mathbb{N}^{*}$. Furthermore, let $q^{(i)}_{j},p^{(i)}_{j}\kern-2.0pt\in\mathbb{K}[\vec{v}^{(i)}\kern-2.0pt,\vec{y}^{(i)}]$ such that for fixed $i$ there exists a $\vec{y}\in V(I_{i})$ with ${p_{j}^{(i)}(\vec{v}^{(i)}\kern-2.0pt,\vec{y})/q_{j}^{(i)}(\vec{v}^{(i)}\kern-2.0pt,\vec{y})=\vec{v}^{(i)}_{j}\kern-2.0pt}$ for all $j$ and with $d_{i}:=\operatorname{lcm}(q^{(i)}_{1},\dots,q^{(i)}_{m})$ we have $d_{i}\notin I_{i}$ and $d_{i}(\vec{v_{i}},\vec{y})=1$. Set

In order to develop some intuition about the following, consider a list of consecutive loops $L_{1};L_{2};L_{3};\dots$ where each of them is extended P-solvable. Intuitively, the ideals $I_{i}$ then correspond to the ideal of algebraic dependencies among the exponential and factorial sequences occurring in $L_{i}$, whereas $J_{i}$ stands for the ideal generated by the closed form solutions of $L_{i}$. Moreover, the variables $v_{j}^{(i+1)}$ correspond to the values of the loop variables after the execution of the loop $L_{i}$. The following iterative computation then allows us to generate the invariant ideal for $L_{1};L_{2};L_{3};\dots$

Now the remaining part of this section is devoted to proving properties of the ideals $\mathcal{I}_{i}$ which will help us to show that there exists an index $k$ such that $\mathcal{I}_{k}=\mathcal{I}_{k^{\prime}}$ for all $k^{\prime}>k$ for a list of consecutive loops $L_{1};\dots;L_{r};L_{1};\dots;L_{r};\dots$ with $r\in\mathbb{N}$.

First note that the ideal $\mathcal{I}_{i}$ can be rewritten as

If $I_{i}$ is radical, an equation $\mathbf{mod}\;I_{i}$ is, informally speaking, the same as substituting $\vec{y}$ with values from $V(I_{i})$, so (3.2) translates to

We now get the following subset relation between two consecutively computed ideals $\mathcal{I}_{i}$.

For prime ideals, we get an additional property:

We now use Lemmas 1 and 2 to give details about the minimal decomposition of $\mathcal{I}_{i}$.

In this section, we extend the results of Section 3.1 to loops with conditional branches. Without loss of generality, we define our algorithm for a loop of the form

where $L_{i}=B_{i}^{*}$ and $B_{i}$ is a block containing variable assignments only.

Let $I(\vec{\theta}_{i},\vec{\zeta}_{i})$ denote the ideal of all algebraic dependencies as described in Section 3.1 for a inner loop $L_{i}$. As every inner loop provides its own loop counter, we have that the exponential and factorial sequences of distinct inner loops are algebraically independent. Therefore $I(\vec{\theta},\vec{\zeta}):=\sum_{i=0}^{r}I(\vec{\theta}_{i},\vec{\zeta}_{i})$ denotes the set of all algebraic dependencies between exponential and factorial sequences among the inner loops $L_{1},\dots,L_{r}$.

Consider loop bodies $B_{1},\dots,B_{r}$ with common loop variables $v_{1},\dots,v_{m}$. Suppose the closed form of $v_{j}$ in the $i$th loop body is given by a rational function in $m+k+\ell+1$ variables:

where $\smash{v^{(i)}_{j}}\kern-2.0pt$ and $\smash{v^{(i+1)}_{j}}\kern-2.0pt$ are variables for the value of $v_{j}$ before and after the execution of the loop body. Then we can compute the ideal of all polynomial invariants of the non-deterministic program $(B_{1}^{*};B_{2}^{*};\dots;B_{r}^{*})^{*}$ with Algorithm 1.