Abstract—As an extension of our previous work on imperative program verification, we present a formalism for handling the total correctness of While loops in imperative programs, consisting in functional based definitions of the verification conditions for both partial correctness and for termination. A specific feature of our approach is the generation of verification conditions as first order formulae, including the termination condition which is expressed as an induction principle. Keywords-program analysis and verification, symbolic execution, theorem proving I.

We present our work in progress concerning the logical foundations of the analysis of termination for imperative recursive programs. The analysis is based on forward symbolic execution [12] and functional semantics. The distinctive feature of our approach is the formulation of the termination condition as an induction principle developed from the structure of the program with respect to iterative structures (recursive calls and while loops). Moreover the termination condition insures the existence and the uniqueness of the function implemented by the program. Note that the existence is not automatic, because a recursive program corresponds, logically, to an implicit definition. It is interesting that this inductive termination condition can be also used for proving the uniqueness of the function as well as the total correctness of the program. We show in this paper how to prove the existence of the implemented function in the case of single recursion programs (programs with at most one recursive call on each branch). The method can be applied however to all imperative recursive programs, where recursive calls are outside the loops. For other programs, termination analysis appears to involve co-recursive functions and it is subject to further investigation. The methods presented here are under implementation in the Theorema system [2]. Related work. Existing static analysis methods in the Floyd-Hoare style [7, 10] for proving termination of programs with loops consist in manually annotate the loop with a termination term [9], or to synthesize the termination term automatically using various techniques mostly from linear [integer] programming [15, 1]. These approaches can be seen in the context of our work as methods for proving certain classes of such logically expressed termination conditions that we generate. A recent approach for termination of functional programs is based on the comparison of infinite paths in the control flow graph and in,,sizechange graphs”, comparison that is reduced to the inclusion test for Büchi automata [13]. Automated tools supporting termination analysis are e.g. Terminator [3, 8], ACL2 [11], and termination tools for term rewriting systems

Ich erkläre an Eides statt, dass ich die vorliegende Dissertation selbstständig und ohne fremde Hilfe verfasst, andere als die angegebenen Quellen und Hilfsmittel nicht benutzt bzw. die wörthlich oder sinngemäß entnommenen Stellen als solche kenntlich gemacht habe.

Observing is the process of obtaining new knowledge, expressed in language, by bringing the senses in contact with reality. Reasoning, in contrast, is the process of obtaining new knowledge from given knowledge, by applying certain general transformation rules that depend only on the form of

Abstract—We present and illustrate a method for the generation of the termination conditions for nested loops with abrupt termination statements. The conditions are (first-order) formulae obtained by certain transformations of the program text. The loops are treated similarly to calls of recursively defined functions. The program text is analyzed on all possible execution paths by forward symbolic execution using certain meta-level functions which define the syntax, the semantics, the verification conditions for the partial correctness, and the termination conditions. The termination conditions are expressed as induction principles, however, still in first-order logic. Our approach is simpler than others because we use neither an additional model for program execution, nor a fixpoint theory for the definition of program semantics. Because the meta-level functions are fully formalized in predicate logic, it is possible to prove in a purely logical way and at object level that the verification conditions are necessary and sufficient for the existence and uniqueness of the function implemented by the program. Index Terms—program analysis and verification, symbolic execution, semantics, induction, termination, Theorema system I.