Christian SternagelUniversity of Innsbruck | UIBK · Department of Computer Science
Christian Sternagel
Dr. rer. nat.
About
70
Publications
6,635
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
717
Citations
Introduction
I left my research position at the University of Innsbruck on September 30, 2019. Before, I was a postdoctoral researcher in computer science, working in the Computational Logic Group of the Department of Computer Science at the Leopold-Franzens-Universität Innsbruck. Previously I held an Erwin-Schrödinger Fellowship at the Japan Advanced Institute of Science and Technology (北陸先端科学技術大学院大学). I obtained my PhD from the University of Innsbruck.
My research interests are: interactive theorem proving, verification of (functional) programs, term rewriting (confluence, termination and certification of (conditional) rewrite systems, ...).
Publications
Publications (70)
I present a short, mechanically checked Isabelle/HOL formalization of Higman’s lemma by open induction.
Completion is one of the most studied techniques in term rewriting and
fundamental to automated reasoning with equalities. In this paper we present
new correctness proofs of abstract completion, both for finite and infinite
runs. For the special case of ground completion we present a new proof based on
random descent. We moreover extend the results...
On the one hand, equational reasoning is a fundamental part of automated theorem proving with ordered completion as a key technique. On the other hand, the complexity of corresponding, often highly optimized, automated reasoning tools makes implementations inherently error-prone. As a remedy, we provide a formally verified certifier for ordered com...
We introduce nonreach, an automated tool for nonreachability analysis that is intended as a drop-in addition to existing termination and confluence tools for term rewriting. Our preliminary experimental data suggests that nonreach can improve the performance of existing termination tools.
The termination and complexity competition (termCOMP) focuses on automated termination and complexity analysis for various kinds of programming paradigms, including categories for term rewriting, integer transition systems, imperative programming, logic programming, and functional programming. In all categories, the competition also welcomes the pa...
In term rewriting, reachability analysis is concerned with the problem of deciding whether or not one term is reachable from another by rewriting. Reachability analysis has several applications in termination and confluence analysis of rewrite systems. We give a unified view on reachability analysis for rewriting with and without conditions by mean...
Term rewriting in the presence of associative and commutative function symbols constitutes a highly expressive model of computation, which is for example well suited to reason about parallel computations. However, it is well known that the standard notion of termination does not apply any more: any term rewrite system containing a commutativity rul...
In this work we are interested in minimal complete sets ofsolutions for homogeneous linear diophantine equations. Such equationsnaturally arise during AC-unification—that is, unification in the presenceof associative and commutative symbols. Minimal complete sets of solu-tions are for example required to compute AC-critical pairs. We presenta verif...
On the one hand, checking specific termination proofs by hand, say using a particular collection of matrix interpretations, can be an arduous and error-prone task. On the other hand, automation of such checks would save time and help to establish correctness of exam solutions, examples in lecture notes etc. To this end, we introduce a template mech...
On the one hand, ordered completion is a fundamental technique in equational theorem proving that is employed by automated tools. On the other hand, their complexity makes such tools inherently error prone. As a remedy to this situation we give an Isabelle/HOL formalization of ordered rewriting and completion that comes with a formally verified cer...
This is an introduction to the remote_build tool for transparent remote session builds. The intended workflow for a user is to locally issue a build command for some session heap images and then continue working, while the actual build runs on a remote machine and the resulting heap images are synchronized incrementally as soon as they are availabl...
We formalize basic results on first-order terms, including a first-order
unification algorithm, as well as well-foundedness of the subsumption order.
This entry is part of the Isabelle Formalization of Rewriting IsaFoR, where
first-order terms are omni-present: the unification algorithm is used to certify
several confluence and termination techniqu...
We formalize the theory of homogeneous linear diophantine equations, focusing on two main results: (1) an abstract characterization of minimal complete sets of solutions, and (2) an algorithm computing them. Both, the characterization and the algorithm are based on previous work by Huet. Our starting point is a simple but inefficient variant of Hue...
We present three methods to check CTRSs for non-confluence: (1) an ad hoc method for 4-CTRSs, (2) a specialized method for unconditional critical pairs, and finally, (3) a method that employs conditional narrowing to find non-confluence witnesses. We shortly describe our implementation of these methods in ConCon, then look into their certification...
Completion is one of the first and most studied techniques in term rewriting and fundamental to automated reasoning with equalities. In an earlier paper we presented a new and formalized correctness proof of abstract completion for finite runs. In this paper we extend our analysis and our formalization to infinite runs, resulting in a new proof tha...
We describe a line of work that started in 2011 towards enriching Isabelle/HOL’s language with coinductive datatypes, which allow infinite values, and with a more expressive notion of inductive datatype than previously supported by any system based on higher-order logic. These (co)datatypes are complemented by definitional principles for (co)recurs...
The Isabelle/HOLCF-Prelude is a formalization of a large part of Haskell's standard prelude in Isabelle/HOLCF. We use it to prove the correctness of the Eratosthenes' Sieve, in its self-referential implementation commonly used to showcase Haskell's laziness; prove correctness of GHC's "fold/build" rule and related rewrite rules; and certify a numbe...
We formalize a confluence criterion for the class of quasi-decreasing strongly deterministic conditional term rewrite systems in Isabelle/HOL: confluence follows if all conditional critical pairs are joinable. However, quasi-decreasingness, strong determinism, and joinability of conditional critical pairs are all undecidable in general. Therefore,...
We present an SMT encoding of a generalized version of the subterm criterion and evaluate its implementation in TTT2.
In 2010 Schernhammer and Gramlich showed that quasi-decreasingness of a DCTRS R is equivalent to \mu-termination of its context-sensitive unraveling Ucs(R) on original terms. While the direction that quasi-decreasingness of R implies \mu-termination of Ucs(R) on original terms is shown directly; the converse - facilitating the use of context-sensit...
We present an Isabelle/HOL formalization of a characterization of confluence for quasi-reductive strongly deterministic conditional term rewrite systems, due to Avenhaus and Lor\'ia-S\'aenz.
We present a short proof of the Church-Rosser property for the lambda-calculus enjoying two distinguishing features: Firstly, it employs the Z-property, resulting in a short and elegant proof; and secondly, it is formalized in the nominal higher-order logic available for the proof assistant Isabelle/HOL.
We present an Isabelle/HOL formalization of a characterization of confluence for quasi-reductive strongly deterministic conditional term rewrite systems, due to Avenhaus and Loría-Sáenz.
In 2010 Schernhammer and Gramlich showed that quasi-decreasingness of a DCTRS R is equivalent to µ-termination of its context-sensitive unraveling Ucs (R) on original terms. While the direction that quasi-decreasingness of R implies µ-termination of Ucs (R) on original terms is shown directly; the converse – facilitating the use of context-sensitiv...
Rewriting modulo AC, i.e., associativity and/or commutativity of certain symbols, is among the most frequently used extensions of term rewriting by equational theories. In this paper we present a generalization of the dependency pair framework for termination analysis to rewriting modulo AC. It subsumes existing variants of AC dependency pairs, adm...
We formalize the Z property introduced by Dehornoy and van Oostrom. First we show that for any abstract rewrite system, Z implies confluence. Then we give two examples of proofs using Z: confluence of lambda-calculus with respect to beta-reduction and confluence of combinatory logic.
Suzuki et al. showed that properly oriented, right-stable, orthogonal, and oriented conditional term rewrite systems with extra variables in right-hand sides are confluent. We present our Isabelle/HOL formalization of this result, including two generalizations. On the one hand, we relax proper orientedness and orthogonality to extended proper orien...
We present an Isabelle/HOL development that allows for the automatic generation of certain operations for user-defined datatypes. Since the operations are defined within the logic, they are applicable for code generation. Triggered by the demand to provide readable error messages as well as to access efficient data structures like sorted trees in g...
We present an Isabelle/HOL formalization of an earlier result by Suzuki, Middeldorp, and Ida; namely that a certain class of conditional rewrite systems is level-confluent. Our formalization is basically along the lines of the original proof, from which we deviate mostly in the level of detail as well as concerning some basic definitions.
Nowadays certification is widely employed by automated termination tools for term rewriting,
where certifiers support most available techniques. In complexity analysis, the situation is quite
different. Although tools support certification in principle, current certifiers implement only the
most basic technique, namely, suitably tamed versions of r...
Current tools for automated deduction are often powerful and complex. Due to their complexity there is a risk that they contain bugs and thus deliver wrong results. To ensure reliability of these tools, one possibility is to develop certifiers which check the results of tools with the help of a trusted proof assistant. We present a framework which...
We provide an overview of CPF, the certification problem format, and explain
some design decisions. Whereas CPF was originally invented to combine three
different formats for termination proofs into a single one, in the meanwhile
proofs for several other properties of term rewrite systems are also
expressible: like confluence, complexity, and compl...
This entry provides several monads intended for the development of stand-alone certifiers via code generation from Isabelle/HOL. More specifically, there are three flavors of error monads (the sum type, for the case where all monadic functions are total; an instance of the former, the so called check monad, yielding either success without any furth...
The insertion sort algorithm of Cormen et al. (Introduction to Algorithms) is expressed in Imperative HOL and proved to be correct and terminating. For this purpose we also provide a theory about imperative loop constructs with accompanying induction/invariant rules for proving partial and total correctness. Furthermore, the formalized algorithm is...
This article presents the first formalization of Kurskal's tree theorem in a proof assistant. The Isabelle/HOL development is along the lines of Nash-Williams' original minimal bad sequence argument for proving the tree
theorem. Along the way, proofs of Dickson's lemma and Higman's lemma, as well as some technical details of the formalization are d...
Monotone algebras are frequently used to generate reduction orders in automated termination and complexity proofs. To be able to certify these proofs, we formalized several kinds of interpretations in the proof assistant Isabelle/HOL. We report on our integration of matrix interpretations, arctic interpretations, and nonlinear polynomial interpreta...
Completion is one of the most studied techniques in term rewriting. We present a new proof of the correctness of abstract comple-tion that is based on peak decreasingness, a special case of decreasing diagrams. Peak decreasingness replaces Newman's Lemma and allows us to avoid proof orders in the correctness proof of completion. As a result, our pr...
Métivier (1983) proved that every confluent and terminating rewrite system can be transformed into an equivalent canonical rewrite system. He also proved that equivalent canonical rewrite systems which are compatible with the same reduction order are unique up to variable renaming. In this note we present simple and formalized proofs of these resul...
This paper gives the first formalization of Kruskal’s tree theorem in a proof assistant. More concretely, an Isabelle/HOL development of Nash-Williams’ minimal bad sequence argument for proving the tree theorem is presented. Along the way, the proofs of Dickson’s lemma and Higman’s lemma are discussed.
We present the HOLCF-Prelude, a formalization of a large part of Haskell's
standard prelude in Isabelle/HOLCF. Applying this formalization to the hints
suggested by HLint allows us to certify them formally.
We present a Haskell library for first-order term rewriting covering basic
operations on positions, terms, contexts, substitutions and rewrite rules. This
effort is motivated by the increasing number of term rewriting tools that are
written in Haskell.
We present extensions of our Isabelle Formalization of Rewriting that cover two historically related concepts: the Knuth-Bendix order and the Knuth-Bendix completion procedure. The former, besides being the first development of its kind in a proof assistant, is based on a generalized version of the Knuth-Bendix order. We compare our version to vari...
Based on Isabelle/HOL's type class for preorders, we introduce a type class for well-quasi-orders (wqo) which is characterized by the absence of "bad" sequences (our proofs are along the lines of the proof of Nash-Williams, from which we also borrow terminology). Our main results are instantiations for the product type, the list type, and a type of...
A proof of the open induction schema based on J.-C. Raoult, Proving open properties by induction, Information Processing Letters 29, 1988, pp.19-23.
This research was supported by the Austrian Science Fund (FWF): J3202.
We present our Isabelle/HOL formalization of GHC’s sorting algorithm for lists, proving its correctness and stability. This constitutes another example of applying a state-of-the-art proof assistant to real-world code. Furthermore, it allows users to take advantage of the formalized algorithm in generated code.
Automatic tools for proving (non)termination of term rewrite systems, if successful, deliver proofs as justification. In this work, we fo-cus on how to certify nontermination proofs. Besides some techniques that allow to reduce the number of rules, the main way of showing nontermination is to find a loop, a finite derivation of a special shape that...
We present a locale that abstracts over the necessary ingredients for
constructing a minimal bad sequence, as required in classical proofs of
Higman's lemma and Kruskal's tree theorem.
This is a beginner-oriented introduction to Isabelle/jEdit, the main user interface for the proof assistant Isabelle.
When we want to answer/certify whether a given equation is entailed by an
equational system we face the following problems: (1) It is hard to find a
conversion (but easy to certify a given one). (2) Under the assumption that
Knuth-Bendix completion is successful, it is easy to decide the existence of a
conversion but hard to certify this decision....
In this paper we generalize the DP framework to a relative DP framework,
where a so called split is possible.
We provide a formalization of the mergesort algorithm as used in GHC's Data.List module, proving correctness and stability. Furthermore, experimental data suggests that generated (Haskell-)code for this algorithm is much faster than for previous algorithms available in the Isabelle distribution.
(See http://afp.sourceforge.net/entries/Efficient-Me...
Uncurrying is a termination technique for applicative term rewrite systems. During our formalization of uncurrying in the theorem prover Isabelle, we detected a gap in the original pen-and-paper proof which cannot directly be filled without further preconditions. Our final formalization does not demand additional preconditions, and generalizes the...
We show how to automate termination proofs for recursive functions in (a first-order subset of) Isabelle/HOL by encoding them as term rewrite systems and invoking an external termination prover. Our link to the external prover includes full proof reconstruction, where all necessary properties are derived inside Isabelle/HOL without oracles. Apart f...
Semantic labeling is a powerful transformation technique to prove termination of term rewrite systems. The dual technique is unlabeling. For unlabeling it is essential to drop the so called decreasing rules which sometimes have to be added when applying semantic labeling. We indicate two problems concerning unlabeling and present our solutions.
The...
We provide a generic work-list algorithm to compute the transitive closure of finite relations where only successors of newly detected states are generated. This algorithm is then instantiated for lists over arbitrary carriers and red black trees (which are faster but require a linear order on the carrier), respectively. Our formalization was perfo...
We give the first mechanized proof of the fact that for showing termination of a term rewrite system, we may restrict to well-formed terms using just the function symbols actually occurring in the rules of the system. Or equivalently, termination of a term rewrite system is preserved under signature extensions. We did not directly formalize the exi...
We define multivariate polynomials over arbitrary (ordered) semirings in combination with (executable) operations like addition, multiplication, and substitution. We also define (weak) monotonicity of polynomials and comparison of polynomials where we provide standard estimations like absolute positiveness or the more recent approach of Neurauter,...
Proving the correctness of computer software is of utmost importance for
safety-critical systems. A crucial part of proving correctness is to show
that a computer program always yields a result. This property, called
termination, is undecidable in general. Instead of handling a specific
programming language, we use a mathematical model of computati...
There are termination proofs that are produced by termination tools for which
certifiers are not powerful enough. However, a similar situation also occurs in
the other direction. We have formalized termination techniques in a more
general setting as they have been introduced. Hence, we can certify proofs
using techniques that no termination tool su...
In this paper we present our formalization of two important termination techniques for term rewrite systems: the subterm criterion and the reduction pair processor in combination with usable rules. For both techniques we developed executable check functions using the theorem prover Isabelle/HOL. These functions are able to certify the correct appli...
While there are many approaches for automatically proving termination of term
rewrite systems, up to now there exist only few techniques to disprove their
termination automatically. Almost all of these techniques try to find loops,
where the existence of a loop implies non-termination of the rewrite system.
However, most programming languages use s...
We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further show that the standard semirings over the naturals, i...
The first part of this paper presents a new approach for automatically proving nontermination of string rewrite systems. We encode rewrite sequences as propositional formulas such that a loop can be extracted from a satisfying assignment. Alternatively, loops can be found by enumerating forward closures. In the second part we give a formalization o...
There are many automatic tools to prove termination of term rewrite systems, nowadays. Most of these tools use a combination of many complex termination criteria. Hence generated proofs may be of tremendous size, which makes it very tedious (if not impossible) for humans to check those proofs for correctness.
In this paper we use the theorem prover...
Most techniques to automatically disprove termination of term rewrite systems search for a loop. Whereas a loop implies nontermination for full rewriting, this is not necessarily the case if one considers rewriting under strategies. Therefore, in this paper we first generalize the notion of a loop to a loop under a given strategy. In a second step...
This paper describes the second edition of the Tyrolean Ter- mination Tool|a fully automatic termination analyzer for rst-order term rewrite systems. The main features of this tool are its (non-)ter- mination proving power, its speed, its exibility due to a strategy lan- guage, and the fact that the source code of the whole project is freely availa...
Since the first termination competition in 2004 it is of great interest,
whether a proof that has been automatically generated by a termination tool, is
indeed correct. The increasing number of termination proving techniques as well
as the increasing complexity of generated proofs (e.g., combinations of several
techniques, exhaustive labelings, tre...
In 2006 Jambox, a termination prover developed by Endrullis, surprised the termination community by winning the string rewriting division and almost beating AProVE in the term rewriting division of the international termination competition. The success of Jambox for strings is partly due to a very special case of semantic labeling. In this paper we...
In this paper we propose different translations from SAT to termination of term rewriting, i.e., we translate a propositional formula φ into a generic rewrite system Rφ with the property that φ is satisfiable if and only if Rφ is (non)terminating. Our experiments reveal that the generated rewrite systems are challenging for automated termination pr...
We present an Isabelle formalization of abstract rewriting (see, e.g., the book by Baader and Nipkow). First, we define standard relations like joinability, meetability, conversion, etc. Then, we formalize important properties of abstract rewrite systems, e.g., confluence and strong normalization. Our main concern is on strong normalization, since...