## Certification of termination proofs using CeTA (2009)

Venue: | In Proc. TPHOLs’09, LNCS 5674 |

Citations: | 25 - 16 self |

### BibTeX

@INPROCEEDINGS{Thiemann09certificationof,

author = {René Thiemann and Christian Sternagel},

title = {Certification of termination proofs using CeTA},

booktitle = {In Proc. TPHOLs’09, LNCS 5674},

year = {2009},

pages = {452--468}

}

### OpenURL

### Abstract

Abstract. There are many automatic tools to prove termination of term rewrite systems, nowadays. Most of these tools use a combination of many complex termination criteria. Hence generated proofs may be of tremendous size, which makes it very tedious (if not impossible) for humans to check those proofs for correctness. In this paper we use the theorem prover Isabelle/HOL to automatically certify termination proofs. To this end, we first formalized the required theory of term rewriting including three major termination criteria: dependency pairs, dependency graphs, and reduction pairs. Second, for each of these techniques we developed an executable check which guarantees the correct application of that technique as it occurs in the generated proofs. Moreover, if a proof is not accepted, a readable error message is displayed. Finally, we used Isabelle’s code generation facilities to generate a highly efficient and certified Haskell program, CeTA, which can be used to certify termination proofs without even having Isabelle installed. 1

### Citations

1009 |
Term Rewriting and All That
- Baader, Nipkow
- 1998
(Show Context)
Citation Context ...or all possible edges (p, q) ∈ P × P. To overcome this problem we do not iterate over the edges but over P. To be more precise, we check that ∀(p, q) ∈ P × P. (∃i ≤ j. (p, q) ∈ Pi × Pj) ∨ (p, q) /∈ E =-=(2)-=- where the latter part of the disjunction is computed only on demand. Thus, only those edges have to be computed, which would contradict a valid decomposition. Example 7. Consider the set of nodes P =... |

795 |
Isabelle/HOL: A Proof Assistant for Higher-Order Logic, volume 2283
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ...to the two existing ones. First, our library IsaFoR (Isabelle Formalization of Rewriting, containing 173 definitions, 863 theorems, and 269 functions) is written for the theorem prover Isabelle/HOL 1 =-=[16]-=- and not for Coq. Second, and more important, instead of generating for each proof tree a new Coq-proof using the auxiliary tools CiME/Rainbow, our library IsaFoR contains several executable “check”-f... |

347 | An efficient unification algorithm
- Martelli, Montanari
(Show Context)
Citation Context ...timation in IsaFoR. Unfortunately, when doing so, we had a problem with the domain of variables. The problem was that although we first implemented and certified the standard unification algorithm of =-=[15]-=-, we could not directly apply it to compute tcap. The reason is that to generate fresh variables as well as to rename variables in rules apart, we need a type of variables with an infinite domain. One... |

229 | Termination of term rewriting using dependency pairs
- Arts, Giesl
- 2000
(Show Context)
Citation Context ...t in IsaFoR, e.g., LPO or matrix interpretations. Nevertheless, we also feature one new technique that has not been certified so far. Whereas currently only the initial dependency graph estimation of =-=[1]-=- has been certified, we integrated the most powerful estimation which does not require tree automata techniques and is based on a combination of [9,12] where the function tcap is required. Initial pro... |

70 | Automating the dependency pair method
- Hirokawa, Middeldorp
- 2005
(Show Context)
Citation Context ...tly only the initial dependency graph estimation of [1] has been certified, we integrated the most powerful estimation which does not require tree automata techniques and is based on a combination of =-=[9,12]-=- where the function tcap is required. Initial problems in the formalization of tcap led to the development of etcap, an equivalent but more efficient version of tcap which 1 In the remainder of this p... |

63 | The dependency pair framework: Combining techniques for automated termination proofs
- Giesl, Thiemann, et al.
- 2005
(Show Context)
Citation Context ... obtain s ♯ 1 →DP(R) t ♯ 1 →∗ID(R) s♯2 →DP(R) t ♯ 2 →∗ID(R) · · · and hence a so called infinite (DP(R), ID(R))-chain. Then the corresponding DP problem (DP(R), ID(R)) is called to be not finite, cf. =-=[8]-=-. Notice that in IsaFoR a DP problem is just a pair of two TRSs over arbitrary signatures—similar to [8]. In IsaFoR an infinite chain 3 and finite DP problems are defined as follows. fun ichain where ... |

58 |
et al. Haskell 98, Language and Libraries. The Revised Report
- Jones
- 2003
(Show Context)
Citation Context ...tions of term rewriting. • Since the analysis of the proof trees in IsaFoR is performed by executable functions, we can just apply Isabelle’s code-generator [11] to create a certified Haskell program =-=[17]-=-, CeTA, leading to the following workflow. IsaFoR Isabelle Haskell program Haskell compiler CeTA proof tree CeTA accept/error message Hence, to use our certifier CeTA (Certified Termination Analysis) ... |

46 | Proving and disproving termination of higher-order functions
- Giesl, Thiemann, et al.
(Show Context)
Citation Context ...tly only the initial dependency graph estimation of [1] has been certified, we integrated the most powerful estimation which does not require tree automata techniques and is based on a combination of =-=[9,12]-=- where the function tcap is required. Initial problems in the formalization of tcap led to the development of etcap, an equivalent but more efficient version of tcap which 1 In the remainder of this p... |

41 |
Tyrolean termination tool: Techniques and features
- Hirokawa, Middeldorp
(Show Context)
Citation Context ...rs, we do not have to prove transitivity of ≻ or � anymore, as it would be required for Thm. 18. Currently, we just support reduction pairs based on polynomial interpretations with negative constants =-=[13]-=-, but we plan to integrate other reduction pairs in the future. For checking an application of a reduction pair processor we implemented a generic function checkRedPairProc in Isabelle, which works as... |

25 |
A.: Color, a coq library on rewriting and termination
- Blanqui, Coupet-Grimal, et al.
(Show Context)
Citation Context ...s nonterminating. To solve this problem, in the last years two systems have been developed which automatically certify or reject a generated termination proof: CiME/Coccinelle [4,6] and Rainbow/CoLoR =-=[3]-=- where Coccinelle and CoLoR are libraries on rewriting for Coq (http://coq.inria.fr), and CiME and Rainbow are used to convert proof trees into Coq-proofs which heavily rely on the theorems within tho... |

20 | Certification of automated termination proofs
- Contejean, Courtieu, et al.
- 2007
(Show Context)
Citation Context ...ame TRS, i.e., that it is nonterminating. To solve this problem, in the last years two systems have been developed which automatically certify or reject a generated termination proof: CiME/Coccinelle =-=[4,6]-=- and Rainbow/CoLoR [3] where Coccinelle and CoLoR are libraries on rewriting for Coq (http://coq.inria.fr), and CiME and Rainbow are used to convert proof trees into Coq-proofs which heavily rely on t... |

20 |
Matchbox: A tool for match-bounded string rewriting
- Waldmann
- 2004
(Show Context)
Citation Context ...ported techniques are tried, including usable rules and nontermination. We compare to CiME/Coccinelle using AProVE [10] or CiME [5] as provers (ACC,CCC), and to Rainbow/CoLoR using AProVE or Matchbox =-=[18]-=- (ARC,MRC) where we take the results of the latest certified termination competition in Nov 2008 7 involving 1391 TRSs from the termination problem database. We performed our experiments using a PC wi... |

11 |
AProVE 1.2: Automatic termination proofs in the DP framework
- Giesl, Schneider-Kamp, et al.
(Show Context)
Citation Context ...uses only the techniques of this paper in the combination TC, whereas in TC + all supported techniques are tried, including usable rules and nontermination. We compare to CiME/Coccinelle using AProVE =-=[10]-=- or CiME [5] as provers (ACC,CCC), and to Rainbow/CoLoR using AProVE or Matchbox [18] (ARC,MRC) where we take the results of the latest certified termination competition in Nov 2008 7 involving 1391 T... |

6 |
Certifying a termination criterion based on graphs, without graphs
- Courtieu, Forest, et al.
- 2008
(Show Context)
Citation Context ...ame TRS, i.e., that it is nonterminating. To solve this problem, in the last years two systems have been developed which automatically certify or reject a generated termination proof: CiME/Coccinelle =-=[4,6]-=- and Rainbow/CoLoR [3] where Coccinelle and CoLoR are libraries on rewriting for Coq (http://coq.inria.fr), and CiME and Rainbow are used to convert proof trees into Coq-proofs which heavily rely on t... |

6 | Code generation from Isabelle/HOL theories. http://isabelle.in.tum.de/dist/Isabelle/doc/codegen.pdf
- Haftmann, Bulwahn
- 2013
(Show Context)
Citation Context ...r functions deliver error messages using notions of term rewriting. • Since the analysis of the proof trees in IsaFoR is performed by executable functions, we can just apply Isabelle’s code-generator =-=[11]-=- to create a certified Haskell program [17], CeTA, leading to the following workflow. IsaFoR Isabelle Haskell program Haskell compiler CeTA proof tree CeTA accept/error message Hence, to use our certi... |

6 |
Tyrolean Termination Tool
- Korp, Sternagel, et al.
(Show Context)
Citation Context ...f tcap which 1 In the remainder of this paper we just write Isabelle instead of Isabelle/HOL.is also beneficial for termination provers. Replacing tcap by etcap within the termination prover T T T 2 =-=[14]-=- reduced the time to estimate the dependency graph by a factor of 2. We will also explain, how to reduce the number of edges that have to be inspected when checking graph decompositions. Another benef... |

4 | Termination dependencies
- Dershowitz
- 2003
(Show Context)
Citation Context ...troduce dependency pairs [1] formally and give some details about our Isabelle formalization, we recapitulate the ideas that led to the final definition (including a refinement proposed by Dershowitz =-=[7]-=-). For a TRS R, strong normalization means that there is no infinite derivation t1 →R t2 →R t3 →R · · · . Additionally we can concentrate on derivations, where t1 is minimal in the sense that all its ... |