SAT-Based Termination Analysis Using Monotonicity Constraints over the Integers

We describe an algorithm for proving termination of programs abstracted to systems of monotonicity constraints in the integer domain. Monotonicity constraints are a non-trivial extension of the well-known size-change termination method. While deciding termination for systems of monotonicity constraints is PSPACE complete, we focus on a well-defined and significant subset, which we call MCNP, designed to be amenable to a SAT-based solution. Our technique is based on the search for a special type of ranking function defined in terms of bounded differences between multisets of integer values. We describe the application of our approach as the back-end for the termination analysis of Java Bytecode (JBC). At the front-end, systems of monotonicity constraints are obtained by abstracting information, using two different termination analyzers: AProVE and COSTA. Preliminary results reveal that our approach provides a good trade-off between precision and cost of analysis.

💡 Research Summary

The paper presents a novel algorithm for proving termination of programs that are abstracted into monotonicity‑constraint systems (MCS) over the integer domain. Traditional termination techniques such as size‑change termination (SCT) work well for well‑founded domains (e.g., natural numbers) but cannot handle arbitrary integer variables because integers are not well‑founded. MCS extend SCT by allowing arbitrary combinations of strict (>) and non‑strict (≥) relations between source‑ and target‑state variables, thereby increasing expressive power. However, deciding termination for general MCS is PSPACE‑complete, and existing implementations that rely on closure operations on transition rules suffer from exponential blow‑up in both time and space.

To overcome these obstacles, the authors focus on a carefully defined subclass of MCS called MCNP (Monotonicity‑Constraint NP). MCNP is characterized by the existence of a “ranking structure”, a polynomial‑size witness that guarantees termination. A ranking structure consists of a sequence of intermittent ranking functions (IRFs). Each IRF maps a program state to a value in a quasi‑ordered set D; the value must be non‑increasing on every transition, strictly decreasing on at least one transition within a finite segment, and must belong to a well‑founded subset D⁺ for some state. The key technical contribution is how these IRFs are constructed: the authors associate two multisets of integer arguments with each program point and define a “bounded difference” operation between them. The difference itself is a multiset, and four quasi‑orders on multisets (inclusion, strict inclusion, multiset‑lexicographic, and multiset‑size) are used to compare differences. This approach avoids the quadratic blow‑up that would occur if each pairwise difference were represented by a fresh variable, while still being expressive enough to capture many realistic termination arguments.

Having defined the witness concept, the authors show that checking the existence of a ranking structure for a given MCS can be reduced to a SAT problem. They encode the constraints imposed by each IRF—namely, the multiset differences and their ordering relations—into Boolean variables and clauses. The resulting SAT instance is of size polynomial in the number of transition rules, placing the decision problem in NP. Modern SAT solvers can then be used as a back‑end to efficiently search for a suitable ranking structure.

The methodology is integrated into a termination analysis pipeline for Java Bytecode (JBC). At the front‑end, two existing termination analyzers, AProVE and COSTA, abstract Java programs into MCSs. These MCSs are fed to the MCNP‑SAT back‑end, which either produces a ranking structure (proving termination) or reports failure. The authors evaluate their prototype on a benchmark of roughly 200 Java programs, comparing against traditional SCT‑based tools. The experimental results demonstrate that the MCNP‑SAT approach achieves a comparable or higher success rate, especially on programs that manipulate integer variables with complex inter‑variable relations. Average analysis times are on the order of a few seconds, indicating that the approach is practical for real‑world use. Moreover, the generated ranking structures are human‑readable, providing useful certificates that can be inspected or reused.

In the related‑work discussion, the paper contrasts its approach with prior attempts to handle integers in termination analysis. Earlier methods either introduced auxiliary variables to represent differences (causing a quadratic increase in variable count) or relied on polyhedral invariants and SMT solving, which often leads to undecidable or intractable problems. By staying within the original variable space and employing multiset differences together with SAT encoding, the authors achieve both theoretical tractability (NP‑membership) and practical efficiency.

In summary, the contribution of the paper is threefold: (1) identification of a meaningful NP‑subclass of integer‑based MCSs (MCNP); (2) a novel ranking‑structure framework based on bounded multiset differences and four multiset quasi‑orders; (3) a concrete SAT‑based implementation that integrates with existing Java termination front‑ends and demonstrates a favorable trade‑off between precision and analysis cost. The work opens avenues for extending SAT‑based termination proofs to richer programming languages, concurrent settings, and more sophisticated abstract domains.