university-logo Certification of Termination Proofs for Term Rewriting A short story of a long battle... Adam Koprowski Radboud University Nijmegen Foundations group, Intelligent Systems, ICIS 16 December 2008 Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 1 / 21
91
Embed
Certi cation of Termination Proofs for Term RewritingAdam.Koprowski/pres/color-icis-08.pdf · Termination of rewriting Termination of rewriting: Is undecidable. Is an important topic
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
university-logo
Certification of Termination Proofs for Term RewritingA short story of a long battle...
Adam Koprowski
Radboud University NijmegenFoundations group, Intelligent Systems, ICIS
16 December 2008
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 1 / 21
university-logo
Who am I?
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21
university-logo
Who am I?
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21
university-logo
Who am I?
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21
university-logo
Who am I?
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21
university-logo
Who am I?
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 2 / 21
university-logo
Outline
1 Background: termination of term rewriting
2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition
3 Conclusions... sort of
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 3 / 21
university-logo
Outline
1 Background: termination of term rewriting
2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition
3 Conclusions... sort of
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 4 / 21
A TRS is terminating iff it does not admitinfinite reductions.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 5 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Termination of rewriting
Termination of rewriting:
Is undecidable.
Is an important topic in term rewriting.
Many methods exist and new ones are constantly being developed.
Recently the emphasis is on automation.
There exists a number of tools for proving termination.
Stimulated by the termination competition.
Tools (and proofs that they produce) are getting more and morecomplex, so reliability is an issue (tools disqualifications in thecompetition).
In 2007 a new category of certified termination introduced in thecompetition.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 6 / 21
university-logo
Outline
1 Background: termination of term rewriting
2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition
3 Conclusions... sort of
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 7 / 21
university-logo
Motivation
CoLoR
http://color.loria.fr
CoLoR: Coq Library on Rewriting and Termination.Goal: certification of termination proofs produced by various terminationprovers.
Increasing reliability of termination provers.
Common proof format for termination provers:
common tools (proof presentation, manipulation, . . . ),control language for provers (integration of tools)
Extension of proof assistance kernels.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 8 / 21
Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .
CoLoR’s approach:
TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21
university-logo
CoLoR’s approach to certification
How to certify termination results?
Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .
CoLoR’s approach:
TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21
university-logo
CoLoR’s approach to certification
How to certify termination results?
Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .
CoLoR’s approach:
TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21
university-logo
CoLoR’s approach to certification
How to certify termination results?
Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .
CoLoR’s approach:
TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21
university-logo
CoLoR’s approach to certification
How to certify termination results?
Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .
CoLoR’s approach:
TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21
university-logo
CoLoR’s approach to certification
How to certify termination results?
Possibility: certification of tools source code.⇒ difficult, tool dependent, extra work with every change, . . .
CoLoR’s approach:
TPG: common format for termination proofs.Tools output proofs in TPG format.CoLoR: a Coq library of results on termination.Rainbow: a tool for translation from proofs in TPG format to Coqproofs, using results from CoLoR.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 9 / 21
university-logo
CoLoR’s architecture overview
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 10 / 21
university-logo
CoLoR’s architecture overview
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 10 / 21
university-logo
CoLoR’s architecture overview
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 10 / 21
university-logo
History
Project started (Blanqui) March 2004
First release March 2005
First certified proofs July 2006
First certification workshop May 2007
First certified competition June 2007
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21
university-logo
History
Project started (Blanqui) March 2004
First release March 2005
First certified proofs July 2006
First certification workshop May 2007
First certified competition June 2007
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21
university-logo
History
Project started (Blanqui) March 2004
First release March 2005
First certified proofs July 2006
First certification workshop May 2007
First certified competition June 2007
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21
university-logo
History
Project started (Blanqui) March 2004
First release March 2005
First certified proofs July 2006
First certification workshop May 2007
First certified competition June 2007
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21
university-logo
History
Project started (Blanqui) March 2004
First release March 2005
First certified proofs July 2006
First certification workshop May 2007
First certified competition June 2007
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 11 / 21
Matchbox + CoLoR 458Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 16 / 21
university-logo
Outline
1 Background: termination of term rewriting
2 CoLoR project: certification of termination proofsWhy?... motivationHow?... CoLoR’s approach to certificationWhen?... history of the projectWhat?... overview of the contentRelated workCertified competition
3 Conclusions... sort of
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 17 / 21
university-logo
Lessons learned
Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.
That requires some notion of a certificate.
Proof search is usually much more complex than proof verification.
We see that even in theorem provers — proof checking VS proofsearching.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21
university-logo
Lessons learned
Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.
That requires some notion of a certificate.
Proof search is usually much more complex than proof verification.
We see that even in theorem provers — proof checking VS proofsearching.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21
university-logo
Lessons learned
Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.
That requires some notion of a certificate.
Proof search is usually much more complex than proof verification.
We see that even in theorem provers — proof checking VS proofsearching.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21
university-logo
Lessons learned
Lesson 1If it is possible do (involved) computations/reasoning in an unsafesetting and verify the results in Coq a posteriori.
That requires some notion of a certificate.
Proof search is usually much more complex than proof verification.
We see that even in theorem provers — proof checking VS proofsearching.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 18 / 21
university-logo
Lessons learned ctd.
Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.
It is even more so for Coq projects.
Why?algorithm 7→ program
paper proof 7→ formal proof in Coq
Lack of libraries.
Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21
university-logo
Lessons learned ctd.
Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.
It is even more so for Coq projects.
Why?algorithm 7→ program
paper proof 7→ formal proof in Coq
Lack of libraries.
Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21
university-logo
Lessons learned ctd.
Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.
It is even more so for Coq projects.
Why?algorithm 7→ program
paper proof 7→ formal proof in Coq
Lack of libraries.
Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21
university-logo
Lessons learned ctd.
Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.
It is even more so for Coq projects.
Why?algorithm 7→ program
paper proof 7→ formal proof in Coq
Lack of libraries.
Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21
university-logo
Lessons learned ctd.
Lesson 2It is not unusual for software projects to be behind schedule / run outof budget.
It is even more so for Coq projects.
Why?algorithm 7→ program
paper proof 7→ formal proof in Coq
Lack of libraries.
Proof engineering is not yet as mature as software engineering(re-usability, re-factoring etc.)
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 19 / 21
university-logo
Lessons learned ctd.
Lesson 3When writing your definitions there is usually plenty of choice.
You want to make the right choices. You really do.
Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21
university-logo
Lessons learned ctd.
Lesson 3When writing your definitions there is usually plenty of choice.
You want to make the right choices. You really do.
Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21
university-logo
Lessons learned ctd.
Lesson 3When writing your definitions there is usually plenty of choice.
You want to make the right choices. You really do.
Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21
university-logo
Lessons learned ctd.
Lesson 3When writing your definitions there is usually plenty of choice.
You want to make the right choices. You really do.
Because that will have a tremendous impact on the reasoning aboutthose definitions that you are going to do for long hours afterwards.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 20 / 21
university-logo
The end
http://color.loria.fr
Thank you for your attention.
Adam Koprowski (RU) Certification of Termination Proofs 16 December 2008 21 / 21