IsaFoR/CeTA - An Isabelle/HOL Formalization of Rewriting for Certified Tool Assertions

XML-Format (versions 1.02 - 1.05)

CeTA requires two input files, the first being the TRS, the second being the proof. The TRS has to be provided in the upcoming XML format for TPDB. There also is a converter to transform TPDB files to the XML format. (call java -jar tpdb2xtc.jar input.trs)

For the proof, the following XML format (schema, schema in graphical representation, XSLT translation to HTML, examples) is required where '*' denotes arbitrary repetition (including zero times), '+' denotes at least one repetition, and '?' means that the previous item is optional (i.e., occurs exactly once or not at all). A detailed description of each element can be found below:

⟨proof⟩	≡	<proof>⟨trsProof⟩</proof>
	\|	<proof>⟨trsDisproof⟩</proof>

⟨trsProof⟩	≡	<rIsEmpty/>
	\|	⟨ruleRemoval⟩
	\|	⟨dpTrans⟩

⟨trsDisproof⟩	≡	<loop>⟨substitution⟩⟨context⟩⟨term⟩*</loop>
	\|	<notWellFormed/>

⟨dpProof⟩	≡	<pIsEmpty/>
	\|	⟨depGraphProc⟩
	\|	⟨redPairProc⟩
	\|	⟨redPairUrProc⟩
	\|	⟨monoRedPairProc⟩
	\|	⟨monoRedPairUrProc⟩
	\|	⟨unlabProc⟩
	\|	⟨semlabProc⟩
	\|	⟨spscProc⟩

⟨depGraphProc⟩	≡	<depGraphProc>⟨component⟩*</depGraphProc>

⟨component⟩	≡	<component>⟨dps⟩⟨dpProof⟩?</component>

⟨dps⟩	≡	<dps><rules>⟨rule⟩*</rules></dps>

⟨trs⟩	≡	<trs><rules>⟨rule⟩*</rules></trs>

⟨usableRules⟩	≡	<usableRules><rules>⟨rule⟩*</rules></usableRules>

⟨rule⟩	≡	<rule><lhs>⟨term⟩</lhs><rhs>⟨term⟩</rhs></rule>

⟨redPairProc⟩	≡	<redPairProc>⟨redPair⟩⟨dps⟩⟨dpProof⟩</redPairProc>

⟨redPairUrProc⟩	≡	<redPairUrProc>⟨redPair⟩⟨dps⟩⟨usableRules⟩⟨dpProof⟩</redPairUrProc>

⟨monoRedPairProc⟩	≡	<monoRedPairProc>⟨redPair⟩⟨dps⟩⟨trs⟩⟨dpProof⟩</monoRedPairProc>

⟨monoRedPairUrProc⟩	≡	<monoRedPairUrProc>⟨redPair⟩⟨dps⟩⟨trs⟩⟨usableRules⟩⟨dpProof⟩</monoRedPairUrProc>

⟨unlabProc⟩	≡	<unlabProc>⟨dps⟩⟨trs⟩⟨dpProof⟩</unlabProc>

⟨semlabProc⟩	≡	<semlabProc>⟨model⟩⟨dps⟩⟨trs⟩⟨dpProof⟩</semlabProc>

⟨spscProc⟩	≡	<spscProc>⟨simpleProjection⟩⟨dps⟩⟨dpProof⟩</spscProc>

⟨ruleRemoval⟩	≡	<ruleRemoval>⟨redPair⟩⟨trs⟩⟨trsProof⟩</ruleRemoval>

⟨dpTrans⟩	≡	<dpTrans>⟨dps⟩⟨dpProof⟩</dpTrans>

⟨redPair⟩	≡	<redPair><interpretation>⟨type⟩⟨domain⟩⟨interpret⟩*</interpretation></redPair>

⟨type⟩	≡	<type><linearPolynomial/></type>

⟨domain⟩	≡	<domain><naturals/></domain>

⟨interpret⟩	≡	<interpret>⟨name⟩<arity>nonNegativeInteger </arity>⟨function⟩</interpret>

⟨function⟩	≡	<function><linearPolynomial>⟨constant⟩⟨coefficient⟩*</linearPolynomial></function>

⟨constant⟩	≡	<constant><number>integer </number></constant>

⟨coefficient⟩	≡	<coefficient>⟨natural⟩</coefficient>

⟨model⟩	≡	<model><carrierSize>positiveInteger </carrierSize>⟨interpret'⟩*</model>

⟨interpret'⟩	≡	<interpret>⟨name⟩<arity>nonNegativeInteger </arity>⟨arithFunction⟩</interpret>

⟨arithFunction⟩	≡	⟨natural⟩
	\|	<variable>positiveInteger </variable>
	\|	<sum>⟨arithFunction⟩+</sum>
	\|	<product>⟨arithFunction⟩+</product>
	\|	<minimum>⟨arithFunction⟩+</minimum>
	\|	<maximum>⟨arithFunction⟩+</maximum>

⟨simpleProjection⟩	≡	<simpleProjection>⟨projEntry⟩*</simpleProjection>

⟨projEntry⟩	≡	<projEntry>⟨name⟩<argument>nonNegativeInteger </argument></projEntry>

⟨substitution⟩	≡	<substitution>(<substEntry>⟨var⟩⟨term⟩</substEntry>)*</substitution>

⟨context⟩	≡	<box/>
	\|	<funContext>⟨name⟩⟨before⟩⟨context⟩⟨after⟩</funContext>

⟨before⟩	≡	<before>⟨term⟩*</before>

⟨after⟩	≡	<after>⟨term⟩*</after>

⟨term⟩	≡	⟨var⟩
	\|	<funapp>⟨name⟩⟨arg⟩*</funapp>

⟨var⟩	≡	<var>string </var>

⟨name⟩	≡	<name>string ⟨label⟩*</name>
	\|	<name sharp=bool>string ⟨label⟩*</name>

⟨label⟩	≡	<label>⟨natural⟩*</label>

⟨natural⟩	≡	<natural>nonNegativeInteger </natural>

⟨arg⟩	≡	<arg>⟨term⟩</arg>

Description

Termination Proofs:
- If a TRS has no rules its termination can be trivially proven by <rIsEmpty/>.
- ⟨ruleRemoval⟩ allows to use a monotonic reduction pair, in order to remove some rules from a TRS before proceeding with the termination proof. The reduction pair is provided by ⟨redPair⟩, the remaining rules are given in ⟨trs⟩, and the termination proof for the remaining rules is ⟨trsProof⟩. Note that for each combination of function symbol and arity one can give a different interpretation. The i-th ⟨coefficient⟩ within a ⟨function⟩ corresponds to c_i in the function [f(x₁,...,x_n)] = c + c₁x₁ + ... + c_nx_n. For monotonic reduction pairs only non-negative constants are supported.
- To switch to the DP framework the method ⟨dpTrans⟩ is used. The generated dependency pairs are provided by ⟨dps⟩ and the termination proof within the DP framework by ⟨dpProof⟩. After this transformation, the different available processors are used to prove termination.
Nontermination Proofs:
- A ⟨loop⟩ t₁ → ... → t_n → C[t₁σ] is represented by the list of terms t₁ to t_n together with the ⟨context⟩ C and the ⟨substitution⟩ σ.
- If a TRS violates the variable conditions, then the loop does not have to be provided, but it suffices to use a <notWellFormed/> proof.

Processors

<pIsEmpty/> provides a termination proof for a trivial DP problem (where the first component is empty).
A combination of a dependency graph approximation (not stronger than EDG***) plus a decomposition into strongly connected components is provided by ⟨depGraphProc⟩. The list of ⟨component⟩s has to be provided in topological order (the one with no incoming edges first) including also trivial SCCs (single nodes without self-edges). Every component for which the ⟨dpProof⟩ is missing, is assumed to be such a trivial component.
Some P-rules may be removed by using the ⟨redPairProc⟩, for which ⟨redPair⟩ is the used (weakly monotone) reduction pair, ⟨dps⟩ is the list of remaining P-rules, and ⟨dpProof⟩ is the termination proof for those rules.
A more powerful variant of the reduction pair processor is given with the ⟨redPairUrProc⟩. Here, only the usable rules instead of all rules have to be oriented. The ⟨usableRules⟩ have to provided in the proof where all variants of usable rules are accepted, i.e., using usable symbols or using tcap, regarding or disregarding the argument filter.
By using a strictly monotone reduction pair with ⟨monoRedPairProc⟩ it is possible to remove rules from P and R. The only difference to ⟨redPairProc⟩ is that the provided reduction pair needs to be strictly monotone and also the list of remaining R-rules has to be specified (within ⟨trs⟩).
A more powerful variant of the monotonic reduction pair processor is given with the ⟨monoRedPairUrProc⟩. Here, only the usable rules have to be oriented. Moreover, one can always delete all non-usable rules. As in ⟨redPairUrProc⟩ one has to provide the usable rules.
The model variant of semantic labeling is done using ⟨semlabProc⟩, where ⟨model⟩ is a carrier together with interpretations for function symbols.
One can always remove the labels that were attached last by using the ⟨unlabProc⟩.
The subterm criterion is given by ⟨spscProc⟩, where by ⟨simpleProjection⟩ a list of projection functions for dependency pair symbols is specified.

Input for versions < 1.02

TRSs are Haskell expressions of type

[(Term String String, Term String String)]

Proofs have to be provided as Haskell expressions of type TRSProof String String A detailed description of the (Haskell) input format can be found below. Examples are provided on the results page (click on CeTA format for a TRS and on some green entry of the TTT2 column for a proof). One can either download all TRSs of TPDB 5.0 in CeTA format, or use these converters which transform TPDB files (in the current or the upcoming XML format for TPDB) into CeTA format. The converters require Java and xsltproc.

The following code contains all required data types.


data Nat =
   Suc Nat
 | Zero_nat

newtype RedPair a = Polo [(a, (Nat, [Nat]))]

data Term a b =
   Fun a [Term a b]
 | Var b

data Ctxt a b =
   More a [Term a b] (Ctxt a b) [Term a b]
 | Hole

data Shp a =
   Plain a
 | Sharp a

data DPProof a b =
   DepGraphProc [(Maybe (DPProof a b), [(Term a b, Term a b)])]
 | RedPairProc (RedPair a) [(Term a b, Term a b)] (DPProof a b)
 | PisEmpty

data TRSProof a b =
   DPTrans [(Term (Shp a) b, Term (Shp a) b)] (DPProof (Shp a) b)
 | Loop ([Term a b], (Ctxt a b, [(Term a b, Term a b)]))

Description

The type Nat represents natural numbers in unary notation, where Suc is the successor function and Zero_nat is 0.
A reduction pair (RedPair) is currently restricted to polynomial orders using linear polynomial interpretations (Polo). The interpretations are given as a list of pairs, where the first component is a function symbol and the second a pair consisting of the constant factor for the polynomial plus the list of coefficients. E.g., ("f", (Suc(Suc Zero_nat), [Suc(Suc(Suc Zero_nat)), Zero_nat, Suc Zero_nat])) represents
```
Pol(f)(x,y,z) = 2 + 3x + z
```
A Term is either a function (Fun) applied to a list of arguments or a variable (Var).
A context (Ctxt) containing exactly one hole is either a hole (Hole) or a function symbol applied to a list of terms, a subcontext, and a second list of terms.
The type Shp is used to differentiate ordinary function symbols (Plain) from dependency pair symbols (also known as tuple symbols) (Sharp).
Currently 3 DP processors are supported:
1. the dependency graph processor (DepGraphProc)
2. the reduction pair processor (RedPairProc)
3. the empty P processor (PisEmpty)
Their respective arguments have the following semantics:
1. The DG processor takes a list of pairs, where the first component is either Just proof containing the proof for the corresponding SCC, or Nothing if the corresponding SCC is trivial (i.e., a single node without a self-loop). The second component consists of the rules that form the SCC. Note that this list is expected to be in topological order (where the component with no incoming edges comes first).
2. The RP processor takes a reduction pair (RedPair), the list of dependency pairs that remain after applying the reduction pair, and the proof for the remaining DP problem.
On the outermost level there is either a termination proof using the DP framework (i.e., starting with the DP transformation) or a nontermination proof providing a loop.
1. The DP transformation (DPTrans) takes the list of dependency pairs together with a termination proof.
2. A Loop t1 -> ... -> tN -> C[t1σ] is represented by the list of terms t1 to tN together with the context C and the substitution σ (given as a list of bindings, where the terms on the left are expected to be variables).
Note that strings have to be Haskell-strings where certain characters like \ have to be escaped.