## Finding lexicographic orders for termination proofs in Isabelle/HOL (2007)

### Cached

### Download Links

- [www4.in.tum.de]
- [www4.informatik.tu-muenchen.de]
- [www21.in.tum.de]
- DBLP

### Other Repositories/Bibliography

Venue: | Theorem Proving in Higher Order Logics: TPHOLs 2007, volume 4732 of Lecture Notes in Computer Science |

Citations: | 15 - 5 self |

### BibTeX

@INPROCEEDINGS{Bulwahn07findinglexicographic,

author = {Lukas Bulwahn and Er Krauss and Tobias Nipkow},

title = {Finding lexicographic orders for termination proofs in Isabelle/HOL},

booktitle = {Theorem Proving in Higher Order Logics: TPHOLs 2007, volume 4732 of Lecture Notes in Computer Science},

year = {2007},

pages = {38--53},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. We present a simple method to formally prove termination of recursive functions by searching for lexicographic combinations of size measures. Despite its simplicity, the method turns out to be powerful enough to solve a large majority of termination problems encountered in daily theorem proving practice. 1

### Citations

2343 | Computational Complexity
- Papadimitriou
- 1994
(Show Context)
Citation Context ...er than finding just one solution: Lemma 4. Given a Matrix M, the optimization problem of finding a minimal solution for M is NP-hard. Proof. The optimization version of the NP-hard Set Cover problem =-=[18]-=- can easily be expressed in a matrix: For a universe U = {x1, . . . , xn} and a collection S1, . . . , Sm of subsets of U, construct the n × m-matrix M with Mij = < if xi ∈ Sj and ≤ otherwise. Obvious... |

718 |
Isabelle/HOL — A Proof Assistant for HigherOrder Logic
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ...ng), and their proofs cannot be easily checked independently. Consequently, the state of the art in the implementations of interactive theorem provers is much less developed: In PVS [16] and Isabelle =-=[15]-=-, and Coq [5], no automation exists, and users must supply termination orderings manually. HOL4 [7] 1 and HOL Light [8] provide some automation by enumerating all possible lexicographic orderings. For... |

534 | PVS: A Prototype Verification System
- Owre, Rushby, et al.
- 1992
(Show Context)
Citation Context ...ch as term rewriting), and their proofs cannot be easily checked independently. Consequently, the state of the art in the implementations of interactive theorem provers is much less developed: In PVS =-=[16]-=- and Isabelle [15], and Coq [5], no automation exists, and users must supply termination orderings manually. HOL4 [7] 1 and HOL Light [8] provide some automation by enumerating all possible lexicograp... |

262 |
Computer-Aided Reasoning: An Approach
- Kaufmann, Manolios, et al.
- 2000
(Show Context)
Citation Context ...ly. HOL4 [7] 1 and HOL Light [8] provide some automation by enumerating all possible lexicographic orderings. For functions with more than five or six arguments, this quickly becomes infeasible. ACL2 =-=[10]-=- uses heuristics to pick a size measure of a single parameter. Lexicographic combinations must be given manually, and are expressed in terms of ordinal arithmetic. Recently, a more powerful terminatio... |

210 | Termination of term rewriting using dependency pairs
- Arts, Giesl
(Show Context)
Citation Context ...cent, show that all recursive calls decrease wrt. the global ordering. 1.2 Related Work The field of automated termination analysis is vast, and continuously attracts researchers. Many analyses (e.g. =-=[4, 13, 22]-=-) have been proposed in the literature, and some of them are very powerful. However, these methods are often hard to integrate, as they apply to different formal frameworks (such as term rewriting), a... |

198 |
Melham, editors. Introduction to HOL: A Theorem Proving Environment for Higher Order Logic
- Gordon, F
- 1993
(Show Context)
Citation Context ...the implementations of interactive theorem provers is much less developed: In PVS [16] and Isabelle [15], and Coq [5], no automation exists, and users must supply termination orderings manually. HOL4 =-=[7]-=- 1 and HOL Light [8] provide some automation by enumerating all possible lexicographic orderings. For functions with more than five or six arguments, this quickly becomes infeasible. ACL2 [10] uses he... |

175 | The size-change principle for program termination
- Lee, Jones, et al.
- 2001
(Show Context)
Citation Context ...cent, show that all recursive calls decrease wrt. the global ordering. 1.2 Related Work The field of automated termination analysis is vast, and continuously attracts researchers. Many analyses (e.g. =-=[4, 13, 22]-=-) have been proposed in the literature, and some of them are very powerful. However, these methods are often hard to integrate, as they apply to different formal frameworks (such as term rewriting), a... |

112 |
A complete method for the synthesis of linear ranking functions
- Podelski, Rybalchenko
- 2004
(Show Context)
Citation Context ...n declare their own measure functions. Moreover, while the type based choice of measures is simple, this is not the only possible solution. In the realm of linear arithmetic, Podelski and Rybalchenko =-=[19]-=- describe how to synthesize measures (which they call ranking functions) for simple nonnested while loops. It would be interesting to try to use such a method to generate measures for our approach, wh... |

45 |
On proving the termination of algorithms by machine
- Walther
- 1994
(Show Context)
Citation Context ...cent, show that all recursive calls decrease wrt. the global ordering. 1.2 Related Work The field of automated termination analysis is vast, and continuously attracts researchers. Many analyses (e.g. =-=[4, 13, 22]-=-) have been proposed in the literature, and some of them are very powerful. However, these methods are often hard to integrate, as they apply to different formal frameworks (such as term rewriting), a... |

42 | Inductive datatypes in HOL - lessons learned in formal-logic engineering
- Wenzel
(Show Context)
Citation Context ...r a function type. 4sFor inductive data types, we return the size function | . |T associated to that type. Size functions are provided automatically by the definition package for inductive data types =-=[6]-=-. Product types are special and treated differently, as we are mainly interested in the measures of the different components. For products, the measures for the component types are computed recursivel... |

41 | A predicative analysis of structural recursion
- Abel, Altenkirch
(Show Context)
Citation Context ...ination proof from these orderings. Unlike the naive enumeration of all possible lexicographic combinations, which is currently implemented in some systems, we use an algorithm by Abel and Altenkirch =-=[3]-=- to find the right order in polynomial time. We subsequently show how, by a simple extension, our analysis can deal with mutual recursion, including cases where a descent is not present in every step.... |

30 |
Reasoning about Terminating Functional Programs
- Slind
- 1999
(Show Context)
Citation Context ...ust check termination but construct object-level proofs in a formal framework. 1 The guessing of termination orderings in HOL4 is unpublished work by Slind, extending his work on function definitions =-=[20, 21]-=-. 2s2 Preliminaries We work in the framework of classical higher-order logic (HOL). Many examples are expressed in the Isabelle’s meta-logic, with universal quantification ( � ) and implication (=⇒). ... |

26 | Termination analysis with calling context graphs
- Manolios, Vroon
- 2006
(Show Context)
Citation Context ... of a single parameter. Lexicographic combinations must be given manually, and are expressed in terms of ordinal arithmetic. Recently, a more powerful termination criterion has been proposed for ACL2 =-=[14]-=-, based on a combination of the size-change principle [13] and other analyses. However, the analysis is nontrivial and only available as an axiomatic extension that must be trusted, as its soundness c... |

18 | Function definition in Higher-Order Logic
- Slind
- 1996
(Show Context)
Citation Context ...ust check termination but construct object-level proofs in a formal framework. 1 The guessing of termination orderings in HOL4 is unpublished work by Slind, extending his work on function definitions =-=[20, 21]-=-. 2s2 Preliminaries We work in the framework of classical higher-order logic (HOL). Many examples are expressed in the Isabelle’s meta-logic, with universal quantification ( � ) and implication (=⇒). ... |

17 | V.: Defining and reasoning about recursive functions: a practical tool for the Coq proof assistant
- Barthe, Forest, et al.
- 2006
(Show Context)
Citation Context ... proofs cannot be easily checked independently. Consequently, the state of the art in the implementations of interactive theorem provers is much less developed: In PVS [16] and Isabelle [15], and Coq =-=[5]-=-, no automation exists, and users must supply termination orderings manually. HOL4 [7] 1 and HOL Light [8] provide some automation by enumerating all possible lexicographic orderings. For functions wi... |

14 | Certified size-change termination
- Krauss
- 2007
(Show Context)
Citation Context ... its soundness cannot be justified within ACL2’s firstorder logic. Inspired by this approach, the second author of the present paper developed a formalization of the size-change principle in Isabelle =-=[12]-=-, which can be used to show termination for a larger class of functions. While that approach is more powerful than the one presented here, it is also more complicated and computationally expensive. On... |

12 | foetus — termination checker for simple functional programs. URL: http://www2.tcs.ifi.lmu.de/˜abel/foetus.pdf (1998) Boujarwah - Abel - 1997 |

12 | 2006): Partial recursive functions in higher-order logic
- Krauss
(Show Context)
Citation Context ...he method is not specific to HOL and could easily be adapted to other frameworks, such as type theory. 2.1 Termination Proof Obligations General recursion is provided by a function definition package =-=[11]-=-, which transforms a definition into a non-recursive form definable by other means. Then the original recursive specification is derived from the primitive definition in an automated process. A termin... |

5 |
The hol light theorem prover. http://www.cl.cam.ac.uk/~jrh13/ hol-light
- Harrison
(Show Context)
Citation Context ...of interactive theorem provers is much less developed: In PVS [16] and Isabelle [15], and Coq [5], no automation exists, and users must supply termination orderings manually. HOL4 [7] 1 and HOL Light =-=[8]-=- provide some automation by enumerating all possible lexicographic orderings. For functions with more than five or six arguments, this quickly becomes infeasible. ACL2 [10] uses heuristics to pick a s... |

5 |
Mechanical verification of total correctness through diversion verification conditions
- Homeier, Martin
- 1998
(Show Context)
Citation Context ... from prod all arguments are unchanged. Termination is proved automatically because one can order the functions such that oprod and eprod are less than prod. 12s5.4 Pedal and Coast Homeier and Martin =-=[9]-=- describe an intricate call graph analysis for which Homeier holds a US patent. Their one example is an imperative version of what they call the bicycling program: pedal :: nat ⇒ nat ⇒ nat ⇒ nat coast... |

5 |
A Structure-directed Total Correctness Proof Rule for Recursive Procedure Calls
- Pandya, Joseph
- 1986
(Show Context)
Citation Context ... f g h i) blowup 0 (Suc b) c d e f g h i = Suc (blowup b b c d e f g h i) blowup (Suc a) b c d e f g h i = Suc (blowup a b c d e f g h i) 5.3 Multiplication by shifting and addition Pandya and Joseph =-=[17]-=- introduced a new proof rule for total correctness of mutually recursive procedures. The contribution of this proof rule is a refined method for proving termination by analysing the procedure call gra... |