Certi cation of Termination Proofs for Term RewritingAdam.Koprowski/pres/color-icis-08.pdf ·...

university-logo

Certification of Termination Proofs for Term RewritingA short story of a long battle...

Adam Koprowski

Radboud University NijmegenFoundations group, Intelligent Systems, ICIS

16 December 2008

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 1 / 21

university-logo

Who am I?

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21

university-logo

Who am I?

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21

university-logo

Who am I?

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21

university-logo

Who am I?

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21

university-logo

Who am I?

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21

university-logo

Outline

1 Background: termination of term rewriting

2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition

3 Conclusions... sort of

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 3 / 21

university-logo

Outline

1 Background: termination of term rewriting

2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition

3 Conclusions... sort of

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 4 / 21

university-logo

Introduction to term rewriting

Example (Quick sort)

qsort(nil)→ nil

qsort(x :: xs)→ append(qsort(filterLe(x , xs)), x :: qsort(filterGe(x , xs)))

append(nil, l)→ l

append(x :: xs, l)→ x :: append(xs, l)

filterLe(n, nil)→ nil

filterLe(n, x :: xs)→ filter(le(x , n), x , filterLe(n, xs))

filterGe(n, nil)→ nil

filterGe(n, x :: xs)→ filter(ge(x , n), x , filterGe(n, xs))

ge(x , y)→ le(y , x)

filter(false, x , xs)→ xs le(0, y)→ true

filter(true, x , xs)→ x :: xs le(s(x), 0)→ false

le(s(x), s(y))→ le(x , y)

Example (Collatz conjecture)

collatz(s(s(x)))→ f(even(x), s(s(x))) even(0)→ true

f(true, x)→ collatz(half(x)) even(s(0))→ false

f(false, x)→ collatz(s(triple(x))) even(s(s(x)))→ even(x)

half(0)→ 0 triple(0)→ 0

half(s(s(x)))→ s(half(x)) triple(s(x))→ s(s(s(triple(x))))

Definition

A TRS is terminating iff it does not admitinfinite reductions.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 5 / 21

university-logo

Introduction to term rewriting

Example (Quick sort)

qsort(nil)→ nil

qsort(x :: xs)→ append(qsort(filterLe(x , xs)), x :: qsort(filterGe(x , xs)))

append(nil, l)→ l

append(x :: xs, l)→ x :: append(xs, l)

filterLe(n, nil)→ nil

filterLe(n, x :: xs)→ filter(le(x , n), x , filterLe(n, xs))

filterGe(n, nil)→ nil

filterGe(n, x :: xs)→ filter(ge(x , n), x , filterGe(n, xs))

ge(x , y)→ le(y , x)

filter(false, x , xs)→ xs le(0, y)→ true

filter(true, x , xs)→ x :: xs le(s(x), 0)→ false

le(s(x), s(y))→ le(x , y)

Example (Collatz conjecture)

collatz(s(s(x)))→ f(even(x), s(s(x))) even(0)→ true

f(true, x)→ collatz(half(x)) even(s(0))→ false

f(false, x)→ collatz(s(triple(x))) even(s(s(x)))→ even(x)

half(0)→ 0 triple(0)→ 0

half(s(s(x)))→ s(half(x)) triple(s(x))→ s(s(s(triple(x))))

Definition

A TRS is terminating iff it does not admitinfinite reductions.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 5 / 21

university-logo

Introduction to term rewriting

Example (Quick sort)

qsort(nil)→ nil

qsort(x :: xs)→ append(qsort(filterLe(x , xs)), x :: qsort(filterGe(x , xs)))

append(nil, l)→ l

append(x :: xs, l)→ x :: append(xs, l)

filterLe(n, nil)→ nil

filterLe(n, x :: xs)→ filter(le(x , n), x , filterLe(n, xs))

filterGe(n, nil)→ nil

filterGe(n, x :: xs)→ filter(ge(x , n), x , filterGe(n, xs))

ge(x , y)→ le(y , x)

filter(false, x , xs)→ xs le(0, y)→ true

filter(true, x , xs)→ x :: xs le(s(x), 0)→ false

le(s(x), s(y))→ le(x , y)

Example (Collatz conjecture)

collatz(s(s(x)))→ f(even(x), s(s(x))) even(0)→ true

f(true, x)→ collatz(half(x)) even(s(0))→ false

f(false, x)→ collatz(s(triple(x))) even(s(s(x)))→ even(x)

half(0)→ 0 triple(0)→ 0

half(s(s(x)))→ s(half(x)) triple(s(x))→ s(s(s(triple(x))))

Definition

A TRS is terminating iff it does not admitinfinite reductions.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 5 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Termination of rewriting

Termination of rewriting:

Is undecidable.

Is an important topic in term rewriting.

Many methods exist and new ones are constantly being developed.

Recently the emphasis is on automation.

There exists a number of tools for proving termination.

Stimulated by the termination competition.

Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).

In 2007 a new category of certified termination introduced in thecompetition.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21

university-logo

Outline

1 Background: termination of term rewriting

2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition

3 Conclusions... sort of

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 7 / 21

university-logo

Motivation

CoLoR

http://color.loria.fr

CoLoR: Coq Library on Rewriting and Termination.Goal: certification of termination proofs produced by various terminationprovers.

Increasing reliability of termination provers.

Common proof format for termination provers:

common tools (proof presentation, manipulation, . . . ),control language for provers (integration of tools)

Extension of proof assistance kernels.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 8 / 21

university-logo

Motivation

CoLoR

http://color.loria.fr

CoLoR: Coq Library on Rewriting and Termination.Goal: certification of termination proofs produced by various terminationprovers.

Increasing reliability of termination provers.

Common proof format for termination provers:

common tools (proof presentation, manipulation, . . . ),control language for provers (integration of tools)

Extension of proof assistance kernels.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 8 / 21

university-logo

Motivation

CoLoR

http://color.loria.fr

CoLoR: Coq Library on Rewriting and Termination.Goal: certification of termination proofs produced by various terminationprovers.

Increasing reliability of termination provers.

Common proof format for termination provers:

common tools (proof presentation, manipulation, . . . ),control language for provers (integration of tools)

Extension of proof assistance kernels.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 8 / 21

university-logo

Motivation

CoLoR

http://color.loria.fr

CoLoR: Coq Library on Rewriting and Termination.Goal: certification of termination proofs produced by various terminationprovers.

Increasing reliability of termination provers.

Common proof format for termination provers:

common tools (proof presentation, manipulation, . . . ),control language for provers (integration of tools)

Extension of proof assistance kernels.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 8 / 21

university-logo

Motivation

CoLoR

http://color.loria.fr

CoLoR: Coq Library on Rewriting and Termination.Goal: certification of termination proofs produced by various terminationprovers.

Increasing reliability of termination provers.

Common proof format for termination provers:

common tools (proof presentation, manipulation, . . . ),control language for provers (integration of tools)

Extension of proof assistance kernels.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 8 / 21

university-logo

Motivation

CoLoR

http://color.loria.fr

CoLoR: Coq Library on Rewriting and Termination.Goal: certification of termination proofs produced by various terminationprovers.

Increasing reliability of termination provers.

Common proof format for termination provers:

common tools (proof presentation, manipulation, . . . ),control language for provers (integration of tools)

Extension of proof assistance kernels.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 8 / 21

university-logo

CoLoR’s approach to certification

How to certify termination results?

Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .

CoLoR’s approach:

TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21

university-logo

CoLoR’s approach to certification

How to certify termination results?

Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .

CoLoR’s approach:

TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21

university-logo

CoLoR’s approach to certification

How to certify termination results?

Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .

CoLoR’s approach:

TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21

university-logo

CoLoR’s approach to certification

How to certify termination results?

Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .

CoLoR’s approach:

TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21

university-logo

CoLoR’s approach to certification

How to certify termination results?

Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .

CoLoR’s approach:

TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21

university-logo

CoLoR’s approach to certification

How to certify termination results?

Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .

CoLoR’s approach:

TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21

university-logo

CoLoR’s architecture overview

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 10 / 21

university-logo

CoLoR’s architecture overview

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 10 / 21

university-logo

CoLoR’s architecture overview

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 10 / 21

university-logo

History

Project started (Blanqui) March 2004

First release March 2005

First certified proofs July 2006

First certification workshop May 2007

First certified competition June 2007

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21

university-logo

History

Project started (Blanqui) March 2004

First release March 2005

First certified proofs July 2006

First certification workshop May 2007

First certified competition June 2007

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21

university-logo

History

Project started (Blanqui) March 2004

First release March 2005

First certified proofs July 2006

First certification workshop May 2007

First certified competition June 2007

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21

university-logo

History

Project started (Blanqui) March 2004

First release March 2005

First certified proofs July 2006

First certification workshop May 2007

First certified competition June 2007

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21

university-logo

History

Project started (Blanqui) March 2004

First release March 2005

First certified proofs July 2006

First certification workshop May 2007

First certified competition June 2007

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Termination criteria:

polynomial interpretations [Hinderer]multiset ordering [Koprowski]recursive path ordering [Coupet-Grimal, Delobel]higher-order recursive path ordering [Koprowski]dependency graph cycles [Blanqui]matrix interpretations [Koprowski, Zantema]arctic interpretations [Koprowski, Waldmann]

Transformation techniques:

dependency pairs [Blanqui]dependency graph decomposition [Lucas, Blanqui]arguments filtering [Blanqui]term conversions [Blanqui]

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 12 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

Term structures:

simply typed lambda-terms [Koprowski]varyadic terms [Blanqui]algebraic terms with symbols of fixed arity [Hinderer, Blanqui]

General libraries and algorithms:

matrices [Koprowski]semi-rings [Koprowski,Zantema]finite multisets [Koprowski]integer polynomials with multiple variables [Hinderer]computation of strongly connected components (SCCs) [Ducas]lists, vectors, relations, etc.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 13 / 21

university-logo

Content of CoLoR.

In total:

≈ 50.000 lines of code.

≈ 1.000 definitions and ≈ 3.000 lemmas.

Only 20% of that is the code for actual termination methods!

Size comparison with other libraries:

Coq standard library

C-CoRN

COMPCERT

CoLoR

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 14 / 21

university-logo

Content of CoLoR.

In total:

≈ 50.000 lines of code.

≈ 1.000 definitions and ≈ 3.000 lemmas.

Only 20% of that is the code for actual termination methods!

Size comparison with other libraries:

Coq standard library

C-CoRN

COMPCERT

CoLoR

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 14 / 21

university-logo

Content of CoLoR.

In total:

≈ 50.000 lines of code.

≈ 1.000 definitions and ≈ 3.000 lemmas.

Only 20% of that is the code for actual termination methods!

Size comparison with other libraries:

Coq standard library

C-CoRN

COMPCERT

CoLoR

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 14 / 21

university-logo

Content of CoLoR.

In total:

≈ 50.000 lines of code.

≈ 1.000 definitions and ≈ 3.000 lemmas.

Only 20% of that is the code for actual termination methods!

Size comparison with other libraries:

Coq standard library

C-CoRN

COMPCERT

CoLoR

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 14 / 21

university-logo

Related work

CoLoR projectAuthors: Blanqui, . . .Proof assistant: Coq

A3PAT projectAuthors: Contejean, . . .Proof assistant: Coq

Isabelle/HOL termination checkerAuthors: Bulwahn, Krauss, Nipkow, . . .Proof assistant: Isabelle/HOL

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 15 / 21

university-logo

Related work

CoLoR projectAuthors: Blanqui, . . .Proof assistant: Coq

A3PAT projectAuthors: Contejean, . . .Proof assistant: Coq

Isabelle/HOL termination checkerAuthors: Bulwahn, Krauss, Nipkow, . . .Proof assistant: Isabelle/HOL

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 15 / 21

university-logo

Related work

CoLoR projectAuthors: Blanqui, . . .Proof assistant: Coq

A3PAT projectAuthors: Contejean, . . .Proof assistant: Coq

Isabelle/HOL termination checkerAuthors: Bulwahn, Krauss, Nipkow, . . .Proof assistant: Isabelle/HOL

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 15 / 21

university-logo

Certified competition

In the 2007 termination competition a new “certified” category wasintroduced.Participants 2007 (975 problems):

AProVE(non-certified) 723

TPA + CoLoR

354

CiME + A3PAT

317

TTT2 + CoLoR

289

Participants 2008 (1391 problems):

AProVE(non-certified) 995

AProVE + CoLoR+ A3PAT

594

AProVE + CoLoR

580

AProVE + A3PAT

532

CiME3 + A3PAT

531

Matchbox + CoLoR

458

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 16 / 21

university-logo

Certified competition

In the 2007 termination competition a new “certified” category wasintroduced.Participants 2007 (975 problems):

AProVE(non-certified) 723

TPA + CoLoR

354

CiME + A3PAT

317

TTT2 + CoLoR

289

Participants 2008 (1391 problems):

AProVE(non-certified) 995

AProVE + CoLoR+ A3PAT

594

AProVE + CoLoR

580

AProVE + A3PAT

532

CiME3 + A3PAT

531

Matchbox + CoLoR

458

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 16 / 21

university-logo

Certified competition

In the 2007 termination competition a new “certified” category wasintroduced.Participants 2007 (975 problems):

AProVE(non-certified) 723

TPA + CoLoR 354

CiME + A3PAT 317

TTT2 + CoLoR 289

Participants 2008 (1391 problems):

AProVE(non-certified) 995

AProVE + CoLoR+ A3PAT

594

AProVE + CoLoR

580

AProVE + A3PAT

532

CiME3 + A3PAT

531

Matchbox + CoLoR

458

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 16 / 21

university-logo

Certified competition

In the 2007 termination competition a new “certified” category wasintroduced.Participants 2007 (975 problems):

AProVE(non-certified) 723

TPA + CoLoR 354

CiME + A3PAT 317

TTT2 + CoLoR 289

Participants 2008 (1391 problems):

AProVE(non-certified) 995

AProVE + CoLoR+ A3PAT

594

AProVE + CoLoR

580

AProVE + A3PAT

532

CiME3 + A3PAT

531

Matchbox + CoLoR

458

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 16 / 21

university-logo

Certified competition

In the 2007 termination competition a new “certified” category wasintroduced.Participants 2007 (975 problems):

AProVE(non-certified) 723

TPA + CoLoR 354

CiME + A3PAT 317

TTT2 + CoLoR 289

Participants 2008 (1391 problems):AProVE(non-certified) 995

AProVE + CoLoR+ A3PAT 594

AProVE + CoLoR 580

AProVE + A3PAT 532

CiME3 + A3PAT 531

Matchbox + CoLoR 458Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 16 / 21

university-logo

Outline

1 Background: termination of term rewriting

2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition

3 Conclusions... sort of

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 17 / 21

university-logo

Lessons learned

Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.

That requires some notion of a certificate.

Proof search is usually much more complex than proof verification.

We see that even in theorem provers — proof checking VS proofsearching.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21

university-logo

Lessons learned

Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.

That requires some notion of a certificate.

Proof search is usually much more complex than proof verification.

We see that even in theorem provers — proof checking VS proofsearching.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21

university-logo

Lessons learned

Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.

That requires some notion of a certificate.

Proof search is usually much more complex than proof verification.

We see that even in theorem provers — proof checking VS proofsearching.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21

university-logo

Lessons learned

Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.

That requires some notion of a certificate.

Proof search is usually much more complex than proof verification.

We see that even in theorem provers — proof checking VS proofsearching.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21

university-logo

Lessons learned ctd.

Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.

It is even more so for Coq projects.

Why?algorithm 7→ program

paper proof 7→ formal proof in Coq

Lack of libraries.

Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21

university-logo

Lessons learned ctd.

Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.

It is even more so for Coq projects.

Why?algorithm 7→ program

paper proof 7→ formal proof in Coq

Lack of libraries.

Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21

university-logo

Lessons learned ctd.

Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.

It is even more so for Coq projects.

Why?algorithm 7→ program

paper proof 7→ formal proof in Coq

Lack of libraries.

Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21

university-logo

Lessons learned ctd.

Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.

It is even more so for Coq projects.

Why?algorithm 7→ program

paper proof 7→ formal proof in Coq

Lack of libraries.

Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21

university-logo

Lessons learned ctd.

Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.

It is even more so for Coq projects.

Why?algorithm 7→ program

paper proof 7→ formal proof in Coq

Lack of libraries.

Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21

university-logo

Lessons learned ctd.

Lesson 3When writing your definitions there is usually plenty of choice.

You want to make the right choices. You really do.

Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21

university-logo

Lessons learned ctd.

Lesson 3When writing your definitions there is usually plenty of choice.

You want to make the right choices. You really do.

Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21

university-logo

Lessons learned ctd.

Lesson 3When writing your definitions there is usually plenty of choice.

You want to make the right choices. You really do.

Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21

university-logo

Lessons learned ctd.

Lesson 3When writing your definitions there is usually plenty of choice.

You want to make the right choices. You really do.

Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21

university-logo

The end

http://color.loria.fr

Thank you for your attention.

Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 21 / 21