Formalizing the Confluence of Orthogonal Rewriting Systems
DD. Kesner and P. Viana (Eds.): LSFA 2012EPTCS 113, 2013, pp. 145–152, doi:10.4204/EPTCS.113.14 c (cid:13)
A.C.R. Oliveira & M. Ayala-Rinc´onThis work is licensed under theCreative Commons Attribution License.
Formalizing the Confluence of Orthogonal Rewriting Systems ∗ Ana Cristina Rocha Oliveira † and Mauricio Ayala-Rinc´on ‡ Grupo de Teoria da Computac¸ ˜aoDepartamentos de Matem´atica e Ciˆencia da Computac¸ ˜aoUniversidade de Bras´ıliaBras´ılia D.F., BrazilEmail: [email protected], [email protected]
Orthogonality is a discipline of programming that in a syntactic manner guarantees determinism offunctional specifications. Essentially, orthogonality avoids, on the one side, the inherent ambiguityof non determinism, prohibiting the existence of different rules that specify the same function andthat may apply simultaneously ( non-ambiguity ), and, on the other side, it eliminates the possibilityof occurrence of repetitions of variables in the left-hand side of these rules ( left linearity ). In thetheory of term rewriting systems (TRSs) determinism is captured by the well-known property ofconfluence, that basically states that whenever different computations or simplifications from a termare possible, the computed answers should coincide. Although the proofs are technically elaborated,confluence is well-known to be a consequence of orthogonality. Thus, orthogonality is an importantmathematical discipline intrinsic to the specification of recursive functions that is naturally applied infunctional programming and specification. Starting from a formalization of the theory of TRSs in theproof assistant PVS, this work describes how confluence of orthogonal TRSs has been formalized,based on axiomatizations of properties of rules, positions and substitutions involved in parallel stepsof reduction, in this proof assistant. Proofs for some similar but restricted properties such as theproperty of confluence of non-ambiguous and (left and right) linear TRSs have been fully formalized.
Termination and confluence of term rewriting systems (TRSs) are well-known undecidable propertiesthat are related with termination of computer programs and determinism of their outputs. Under thehypothesis of termination, confluence is guaranteed by the critical pair criterion of Knuth-Bendix(-Huet)[8, 9], which establishes that whenever all critical pairs of a given terminating rewriting system arejoinable, the system is confluent. This criterion as well as other criteria for abstract reduction systemssuch as Newman’s lemma were fully formalized in the proof assistant PVS in [5, 7] over the PVS theory trs [6], that is available in the NASA LaRC PVS library [14]. Without termination, confluence analysisresults more complex, but several programming disciplines, from which one could remark orthogonality,guarantee confluence without the necessity of termination.In the context of the theory of recursive functions and functional programming as in the one of TRSs,the programming discipline of orthogonality follows two restrictions: left-linearity and non-ambiguity .The former restriction allows only definitions or rules in which each variable may appear only once onthe left-hand side ( lhs , for short) of each rule; the latter restriction avoids the inclusions of definitions orrules that could simultaneously apply. ∗ Work supported by grants from CNPq/Universal, CAPES/STIC-AmSud and FAPDF/PRONEX. † Author supported by CAPES. ‡ Author partially supported by CNPq. On Formalizing Confluence of Orthogonal Systems
This work reports a formalization of the property of confluence of orthogonal systems in the proofassistant PVS. The formalization uses the PVS theory trs , but several additional notions such as theone of parallel rewriting relation were included in order to follow the standard inductive proof approachof this property, that is based on the proof of the diamond property for the parallel reduction associatedto any orthogonal TRS as presented in [3]. In the current state of this formalization, several technicaldetails that are related with properties of terms and subterms involved in one-step of parallel reductionare axiomatized. Additionally, the PVS theory includes a complete formalization of the confluence ofnon-ambiguous and linear TRSs. An extended version of this paper as well as the PVS development areavailable at ∼ ayala/publications.html .Proofs of confluence of orthogonal TRSs have been known at least since Rosen’s seminal study onChurch-Rosser properties of tree manipulating systems [12] and several of them are based on a similarstrategy through the famous Parallel Moves Lemma. Rosen’s proof uses a notion of residuals of positionsin a notation that was standardized further by Huet in [8], paper in which Huet presented a proof ofconfluence of left-linear and parallel closed TRSs that unlike Rosen’s proof admits critical pairs thatshould be joinable from left to right in a sole step of parallel reduction.In the chapter on orthogonality of [4], the authors presented five styles of proof of confluence oforthogonal systems as well as an extension of the confluence result to weakly orthogonal TRSs. All thegiven styles of proof are not different in essence: the first one uses the notions of residuals and descen-dants via the parallel moves lemma, the second one avoids explicit mention of residuals by underliningreductions, the third one imports from λ -calculus and combinatory logic the notion of complete develop-ments and the fourth style uses elementary and reduction diagrams. The fifth given proof is an inductiveconfluence proof that is the more related with our approach of formalization and follows lines of reason-ing based on analysis of properties of the parallel rewriting relation and the parallel moves lemma, justby changing the definition of parallel reduction. In this proof the parallel relation is defined from therewriting relation as the reflexive relation that is compatible with substitutions and, parallely compatiblewith contexts. Thus, after proving a version of the parallel moves lemma, the diamond property of theparallel reduction is proved by induction on the structure of terms based on the analysis of the six pos-sible cases of a parallel divergence; that is, whether the divergence terms are obtained from a term byapplication of two different steps of parallel reduction, by combinations of reflexivity, substitution andcontext according to the definition of the parallel relation. In this analysis, the version of the parallelmoves lemma is applied for the case of a divergence in which on the one side a term is obtained bysubstitution and on the other side by context.For this formalization it has been chosen the inductive proof presented in [3] because it uses thenowadays standard rewriting notation as the PVS theory trs does, uses a standard definition of parallelreduction and follows lines of reasoning that from the authors’ viewpoint are of great didactical interest. Standard notation of of the theory of rewriting is used as in [3] or [4]. One says that a rewriting relation → : is confluent whenever ( ∗ ← ◦ → ∗ ) ⊆ ( → ∗ ◦ ∗ ← ) , triangle-joinable if ( ← ◦ → ) ⊆ ( → ◦ = ← ) ∪ ( → = ◦ ← ) , has the diamond property if ( ← ◦ → ) ⊆ ( → ◦ ← ) . A well-defined set of terms is built from a given signature and an enumerable set of variables. A rule e = ( l , r ) is an ordered pair of terms such that the first one cannot be a variable and all variables in the .C.R. Oliveira & M. Ayala-Rinc´on → E induced bya TRS E is built as follows: a term t reduces to t (denoted as t → t ) if there are a position π of t , a rule e ∈ E and a substitution σ such that: t | π = lhs ( e ) σ , i.e., the subterm of t at position π is the lhs of therule e instantiated by the substitution σ ; and t is obtained from t , by replacing the subterm at position π by the corresponding instantiation of the right-hand side ( rhs , for short) of the rule, that is rhs ( e ) σ .The only change done in order to obtain t from t , occurs at position π . All this is summarized by thefollowing notation: t = t [ π ← lhs ( e ) σ ] → E t [ π ← rhs ( e ) σ ] = t , where, in general, u [ π ← v ] denotes the term obtained from u by replacing the subterm at position π of u by the term v .Given terms t and t , one says that t reduces in parallel to t , denoted as t ⇒ E t , whenever thereexist finite sequences Π : = π , . . . , π n ; Σ : = σ , . . . , σ n and Γ : = e , . . . , e n of parallel positions of t , substitutions and rules in E , respectively, such that: t | π i = lhs ( e i ) σ i , ∀ i = , . . . , n , i.e., the subterm of t at position π i is the lhs of the rule e i instantiated by the substitution σ i ; and t isobtained from t , by replacing all subterms at positions in Π as t | π i = rhs ( e i ) σ i , ∀ i = , . . . , n , i.e., for all i , the subterm at position π i , that is the σ i instance of the lhs of the rule e i , lhs ( e i ) σ i , is replacedby the σ i instance of the rhs of the rule, rhs ( e i ) σ i . The only changes done in order to obtain t from t ,occur at the positions in Π . All this is summarized by the following notation: t = t [ π ← l σ ] . . . [ π n ← l n σ n ] ⇒ E t [ π ← r σ ] . . . [ π n ← r n σ n ] = t , where, l i = lhs ( e i ) and r i = rhs ( e i ) , for 1 ≤ i ≤ n .The PVS theory trs includes all necessary basic notions and properties to formalize elaborated the-orems of the theory of rewriting such as the one of confluence of orthogonal systems. trs includesspecifications and formalizations of the algebra of terms, subterms and positions, properties of abstractreduction systems, confluence and termination, among others. The current development of the PVS the-ory called orthogonality deals specifically with orthogonality related notions and properties. Amongthe definitions specified inside the theory orthogonality one could mention the basic boolean oneslisted below, where E is a set of rewriting rules (equations). - Ambiguous?(E): bool = EXISTS (t1, t2) : CP?(E)(t1,t2)- linear?(t): bool = FORALL (x | member(x,Vars(t))) : Card[position](Pos_var(t,x)) = 1- Right_Linear?(E): bool = FORALL (e1 | member(e1, E)) : linear?(rhs(e1))- Left_Linear?(E): bool = FORALL (e1 | member(e1, E)) : linear?(lhs(e1))- Linear?(E): bool = Left_Linear?(E) & Right_Linear?(E)- Orthogonal?(E): bool = Left_Linear?(E) & NOT Ambiguous?(E) On Formalizing Confluence of Orthogonal Systems
In the specification of
Ambiguous?(E) , CP?(E)(t1,t2) specifies that t1 and t2 are critical pairsof the rewriting system E . A term t is linear? whenever, each variable x in t occurs only once. Theexpressions Right Linear?(E) and
Left Linear?(E) indicate respectively that the rhs and the lhs ofall rules in E are linear. The predicate Linear? specifies linearity of sets of rewriting rules. Finally,
Orthogonal? specifies orthogonality of TRSs.More elaborated auxiliary definitions are specified as: - local_joinability_triangle?(R) : bool = FORALL(t, t1, t2) : R(t, t1) & R(t, t2) =>EXISTS s : (RC(R)(t1, s) & R(t2, s)) OR (R(t1, s) & RC(R)(t2, s))- replaceTerm(s: term, t: term, (p: positions?(s))): RECURSIVE term =IF length(p) = 0 THEN tELSE LET st = args(s), i = first(p), q = rest(p),rst = replace(replaceTerm(st(i-1), t, q), st,i-1) IN app(f(s), rst)ENDIF MEASURE length(p)- reduction?(E)(s,t): bool = EXISTS ( (e | member(e, E)), sigma, (p: positions?(s))):subtermOF(s, p) = ext(sigma)(lhs(e)) & t = replaceTerm(s, ext(sigma)(rhs(e)), p)- replace_par_pos(s, (fsp : SPP(s)), fse | fse’length = fsp’length,fss | fss’length = fsp’length) RECURSIVE term =IF length(fsp) = 0 THEN sELSE replace_par_pos(replaceTerm(s, ext(fss(0))(rhs(fse(0))),fsp(0)), rest(fsp), rest(fse), rest(fss))ENDIF MEASURE length(fsp)- parallel_reduction?(E)(s,t): bool =EXISTS (fsp: SPP(s), fse | (FORALL (i : below[fse’length]) : member(fse(i), E)), fss) :fsp’length = fse’length & fsp’length = fss’length& (FORALL (i : below[fsp’length]) : subtermOF(s, fsp(i)) = ext(fss(i))(lhs(fse(i))))& t = replace_par_pos(s, fsp, fse, fss)
RC(R) , that is used in local joinability triangle? , specifies the reflexive closure of the rewrit-ing relation R . For a functional term s , f(s) and args(s) compute the head function symbol of s and its arguments respectively; also, app(f(s), args(s)) builds the functional term s . The function replace with arguments (t, st, i) replaces the (i+1) th term of the sequence of arguments st by t .The recursive function replaceTerm replaces a subterm of a term: it gives as output for the input triplet (s, t, p) the term obtained from s by replacing the subterm at position p of s by t , that in standardrewriting notation is written as s [ p ← t ] . Similarly, replace par pos specifies the parallel replacementsnecessary in one step of parallel reduction. The specification of the relation of parallel reduction is givenby parallel reduction? , in which the variables fsp, fse and fss are the sequences of parallel po-sitions, rewrite rules and substitutions, that were denoted respectively as Π , Γ and Σ , in the definition ofthe parallel reduction relation.The main lemmas and theorems specified and formalized about orthogonality are presented be-low. All presented lemmas were formalized. The lemma Linear and Non ambiguous impliesconfluent is a weaker version of the lemma of confluence of Orthogonal TRSs that is the last one. - Linear_and_Non_ambiguous_implies_triangle: LEMMA FORALL (E) :Linear?(E) & NOT Ambiguous?(E) => local_joinability_triangle?(reduction?(E))- One_side_diamond_implies_conflent: LEMMA local_joinability_triangle?(R) => confluent?(R)- Linear_and_Non_ambiguous_implies_confluent: LEMMA .C.R. Oliveira & M. Ayala-Rinc´on
FORALL (E) : ((Linear?(E) & NOT Ambiguous?(E) ) => confluent?(reduction?(E)))- parallel_reduction: LEMMA(reduction?(E)(t1, t2) => parallel_reduction?(E)(t1, t2))& (parallel_reduction?(E)(t1, t2) => RTC(reduction?(E))(t1, t2))- parallel_reduction_is_DP: LEMMA Orthogonal?(E) => diamond_property?(parallel_reduction?(E))- Orthogonal_implies_confluent: LEMMAFORALL (E : Orthogonal) : LET RRE = reduction?(E) IN confluent?(RRE)
RTC(R) , that is used in parallel reduction , specifies the reflexive transitive closure of the rewrit-ing relation R .The lemma Linear and Non ambiguous implies confluent is proved in a standard manner. Infact, since, in addition to orthogonality restrictions, variables cannot appear repeatedly in the rhs of therules this proof does not need elaborated manipulation of reductions and instantiations in order to buildthe term of parallel joinability for divergence terms.By the specification of these lemmas, one can observe that
Orthogonal implies confluent , thatis the main lemma, depends on the formalization of parallel reduction and parallel reductionis DP . The former lemma is relatively simple and the latter is the crucial one.In order to classify overlaps in a parallel divergence from a term in which, on the one side, a parallelreduction is applied at positions Π and, on the other side, at positions Π , positions involved in a paralleldivergence are classified through the following specified recursive relations: -sub_pos((fsp : PP), p : position): RECURSIVE finseq[position] =IF length(fsp) = 0 THEN empty_seq[position]ELSIF p <= fsp(0) & p /= fsp(0) THEN add_first(fsp(0), sub_pos(rest(fsp), p))ELSE sub_pos(rest(fsp), p)ENDIF MEASURE length(fsp)-Pos_Over((fsp1 : PP), (fsp2 : PP)): RECURSIVE finseq[position] =IF length(fsp1) = 0 THEN empty_seq[position]ELSE (IF ( length(sub_pos(fsp2, fsp1(0))) > 0OR PP?(add_first(fsp1(0), fsp2)))THEN add_first(fsp1(0), Pos_Over(rest(fsp1), fsp2))ELSE Pos_Over(rest(fsp1), fsp2) ENDIF)ENDIF MEASURE length(fsp1) sub pos ( Π , π ) builds the subsequence of positions of the sequence of parallel positions Π that arestrictly below the position π ; that is, π (cid:48) ∈ Π such that π is a prefix of π (cid:48) , as usual denoted as π < π (cid:48) . Pos Over ( Π , Π ) builds the subsequence of positions from Π that are parallel to all positions in Π orthat have positions in the sequence Π below them. In this specification, PP? is a predicate for the type PP of sequences of parallel positions. These functions are crucial in order to build the term of one-stepparallel joinability, necessary in the proof of lemma parallel reduction is DP .Confluence of orthogonal TRSs is proved according to the following sketch: Firstly, it is proved → ⊆ ⇒ ⊆ → ∗ , from which one concludes that ⇒ ∗ = → ∗ . The lemma parallel reduction correspondsto the latter inclusion. Then, it is proved that for orthogonal systems, ⇒ has the diamond property,which corresponds to the lemma parallel reduction is DP . For an analytical proof see the extendedversion of this paper.50 On Formalizing Confluence of Orthogonal Systems
Computational formalizations do not admit mistakes and, in particular, those specifications based onrewriting rules as well as on recursive functional definitions can profit from a formalization of conflu-ence of orthogonality. Several works report efforts on specification of different computational objects(software and hardware) through TRSs (e.g., [1, 2, 10, 11]). Consequently, it is relevant to have robustand as complete as possible libraries for the theory of abstract reduction systems and TRSs in differentproof assistants. To construct the joinability term for the lemma parallel reduction is DP , one hasto consider several cases from which one is explained in the sequel.Suppose, one has a parallel divergence from term t ⇔ s ⇒ t at positions Π and Π with respectiveassociated rules and substitutions Γ i and Σ i , i ∈ { , } . Let π ∈ Π and l → r and σ denote the associatedrule and substitution, respectively. sub pos ( Π , π ) builds the subsequence Π π of positions in Π below π . Let Π π = { π , . . . π k } . For 1 ≤ j ≤ k , let g j → d j and σ j denote the rule and substitution associatedwith position π j . Then, by non-ambiguity, for all 1 ≤ j ≤ k , there exist π (cid:48) j and π (cid:48)(cid:48) j such that ππ (cid:48) j π (cid:48)(cid:48) j = π j ,being π (cid:48) j a variable position of the lhs of the rule l → r .Let σ (cid:48) be the substitution obtained from σ modifying all variables according to substitutions σ j ,then, the divergence at position π , that is t | π ⇔ s | π ⇒ t | π can be joined in one step of parallel reductionas t | π = r σ ⇒ r σ (cid:48) ← l σ (cid:48) = t | π . The construction of σ (cid:48) is one of the most elaborated steps in thisformalization. Namely, suppose x is a variable occurring in the lhs of the rule l → r only at position π (cid:48) (left-linearity guarantees unicity of π (cid:48) ); if π (cid:48) (cid:54) = π (cid:48) j , for all 1 ≤ j ≤ k , then x σ (cid:48) : = x σ . Otherwise, let { j , . . . , j m } be the set of indices such that π (cid:48) = π (cid:48) j l , for 1 ≤ l ≤ m and 1 ≤ j l ≤ k . Since Π π are parallelpositions, { π (cid:48)(cid:48) j , . . . π (cid:48)(cid:48) j m } are parallel positions of x σ . By applying the rules g j l → d j l with substitutions σ j l , for 1 ≤ l ≤ m , one reduces in parallel x σ ⇒ x σ [ π (cid:48)(cid:48) j ← d j σ j ] . . . [ π (cid:48)(cid:48) j m ← d j m σ j m ] . Thus, in this case, x σ (cid:48) is defined as x σ [ π (cid:48)(cid:48) j ← d j σ j ] . . . [ π (cid:48)(cid:48) j m ← d j m σ j m ] .The polymorphic function choose seq below was specified to construct associated subsequencesof positions, rules or substitutions. choose seq ( Π π , Π , Γ ) and choose seq ( Π π , Π , Σ ) give re-spectively the subsequences of rules and substitutions associated with Π π . In particular, choose seq can be used in order to choose the sequence of terms, instantiations of rhs’s of rules, that should bechanged in order to obtain x σ (cid:48) , for a variable x occurring at position ππ (cid:48) . Namely, this is done calling choose seq(sub pos( Π , ππ (cid:48) ), Π , { d σ , . . . , d n σ n } ) , where the sequence of terms { d σ , . . . , d n σ n } is straightforwardly built from the sequences of rules and substitutions associated with Π , i.e., Γ = { g → d , . . . , g n → d n } and Σ = { σ , . . . , σ n } . choose_seq(seq:PP, seq1:PP, (seq2 | seq1’length=seq2’length)): RECURSIVE finseq[T] =IF length(seq)=0 THEN empty_seqELSIF index(seq1,seq(0)) < seq1’lengthTHEN add_first(seq2(index(seq1,seq(0))), choose_seq(rest(seq),seq1,seq2))ELSE choose_seq(rest(seq),seq1,seq2)ENDIF MEASURE(length(seq)) The function index ( Π , π ) above returns the index of the position π in the sequence Π , which is lessthan the length of Π , if π occurs indeed in Π . Otherwise, it returns the length of Π .The construction of σ (cid:48) requires the specification of two recursive functions SIGMA and
SIGMAP . SIGMA(sigma, x, fst, (fsp:SPP(sigma(x))|length(fsp)=length(fst)))(y:(V)): term =IF length(fst)=0 OR y/=xTHEN sigma(y)ELSE replace_terms(sigma(x),fst,fsp)ENDIF .C.R. Oliveira & M. Ayala-Rinc´on
SIGMA has as arguments σ , x and the associated subsequences of substituting terms and positionsrelative to the necessary update of x σ . One has, SIGMA ( σ , x , { d j σ j , . . . , d j m σ j m } , { π (cid:48)(cid:48) j , . . . , π (cid:48)(cid:48) j m } ) appliedto x will give x σ (cid:48) , that is x σ [ π (cid:48)(cid:48) j ← d j σ j ] . . . [ π (cid:48)(cid:48) j m ← r j m σ j m ] .The construction of the whole substitution σ (cid:48) , is done through the function SIGMAP below, that ade-quately calls the function
SIGMA . SIGMAP ( σ , { x , . . . , x q } , { ππ (cid:48) , . . . , ππ (cid:48) q } , { d σ , . . . , d n σ n } , { π , . . . , π n } ) ,where { x , . . . , x q } and { ππ (cid:48) , . . . , ππ (cid:48) q } are the sequence of variables at lhs of the rule l → r that shouldchange, assuming l σ occurs at position π , and the associated sequence of positions of these variablesin the whole term t , respectively. For a variable y ∈ { x , . . . , x q } , say y = x r , SIGMAP calls the function
SIGMA giving as input the sequence of terms to be substituted and their associated positions in y σ . This isdone through application of the functions choose seq and complement pos . The former one, is calledas choose seq ( { ππ (cid:48) r π (cid:48)(cid:48) r , j , . . . , ππ (cid:48) r π (cid:48)(cid:48) r , j mr } , { π , . . . , π n } , { d σ , . . . , d n σ n } ) , which gives the sequence ofsubstituting terms. The latter one is called as complement pos ( ππ (cid:48) r , { π , . . . , π n } ) , which gives as resultthe associated positions inside l σ , that is { π (cid:48)(cid:48) r , j , . . . , π (cid:48)(cid:48) r , j mr } . SIGMAP(sigma,fsv,(fsp1:PP|fsp1‘length=fsv‘length),fst,(fsp2:PP|fsp2‘length=fst‘length))(y:(V)): RECURSIVE term=IF length(fsv)=0THEN sigma(y)ELSIF y=fsv‘seq(0) & SP?(sigma(fsv‘seq(0)))(complement_pos(fsp1‘seq(0),fsp2))THEN SIGMA(sigma,fsv‘seq(0),choose_seq(sub_pos(fsp2,fsp1‘seq(0)),fsp2,fst),complement_pos(fsp1‘seq(0),fsp2))(y)ELSE SIGMAP(sigma,rest(fsv),rest(fsp1),fst,fsp2)(y)ENDIF MEASURE(length(fsv))
A small number of lemmas were formalized in order to prove soundness of this definition. Namely,the fact that it is in fact a substitution is axiomatized. Among these lemmas, as a matter of illustration, itis necessary to prove that the subsequences of terms and positions given as third and second parametersof the call of
SIGMA have the same length.This is stated as the following lemma easily formalized by induction on the length of the finitesequences. In fact, this lemma says that, if one compares a position p with a sequence of parallel positions fsp , the complementary positions are obtained from the same positions that are under p . complement_pos_preserv_sub_pos_length1: LEMMAPP?(fsp) => complement_pos(p, fsp)‘length = sub_pos(fsp, p)‘length Currently, the whole PVS orthogonal development consist of among 1.300 lines of specificationand 46.000 lines of proofs. Indeed, there are 40 definitions, 84 proved lemmas and 8 axioms.
PVS specifications of non trivial notions and formalizations of results of the theory of term rewritingsystems were presented, that are related with the properties of the parallel rewriting reduction and or-thogonal rewriting systems. The PVS theory for orthogonal TRSs enriches the PVS theory trs forTRSs introduced in [6] and available in [14]. The formalization of these properties of orthogonal TRSsare close to the analytical inductive proofs presented in textbooks such as [3] and [4] that in essence arebased in the well-known parallel moves lemma which projects parallel reductions over a simple rewritingreduction. These formalizations provide additional evidence of the appropriateness of both the higher-order specification language and the proof engine of PVS to deal in a natural way with specification ofrewriting notions and properties and their formalizations. This consequently implies the good support of52
On Formalizing Confluence of Orthogonal Systems
PVS to deal with soundness and completeness and integrity constraints of specifications of computationalobjects specified through rewriting rules.In its current status, the theory for orthogonal TRSs includes a complete formalization of conflu-ence of non-ambiguous and linear TRSs as well as a proof of confluence of orthogonal TRSs by usingstandard definitions and proof ideas shown in text books that ease the understanding of them. The lasttheorem depends on both the lemma of equivalence of the reflexive-transitive closure of the rewriting andthe parallel reduction relations and of the lemma of diamond property of the parallel reduction relationof orthogonal TRSs. The latter lemma is formalized axiomatizing some technical properties of parallelpositions, rules and substitutions involved in one-step of parallel reduction. In [13] the criterion of weakorthogonality was integrated to ensure confluence applying the certification tool CeTA. Unlike orthog-onality, weak orthogonality allows for trivial critical pairs. To the best of our knowledge any completeformalization of the property of confluence of orthogonal TRSs is available in any proof assistant.
References [1] Arvind & X. Shen (1999):
Using Term Rewriting Systems to Design and Verify Processors . IEEE Micro
Prototyping Time and Space EfficientComputations of Algebraic Operations over Dynamically Reconfigurable Systems Modeled by Rewriting-Logic . ACM Trans. Design Autom. Electr. Syst.
Term Rewriting and
All That. Cambridge University Press.[4] M. Bezem, J.W. Klop & R. de Vrijer, editors (2003):
Term Rewriting Systems by TeReSe . Cambridge Tractsin Theoretical Computer Science
55, Cambridge University Press.[5] A. L. Galdino & M. Ayala-Rinc´on (2008):
A Formalization of Newman’s and Yokouchi Lemmas in a Higher-Order Language . Journal of Formalized Reasoning
A PVS
Theory for Term Rewriting Systems . In:
Proceedings of theThird Workshop on Logical and Semantic Frameworks, with Applications - LSFA 2008 , Electronic Notes inTheoretical Computer Science
A Formalization of the Knuth-Bendix(-Huet) Critical Pair Theo-rem . J. of Automated Reasoning
Confluent Reductions: Abstract Properties and Applications to Term Rewriting Systems . Journal of the Association for Computing Machinery
Computational Problems in Abstract Algebra , chapter Simple WordsProblems in Universal Algebras, pp. 263–297. J. Leech, ed. Pergamon Press, Oxford, U. K.[10] C. Morra, J. Becker, M. Ayala-Rinc´on & R. W. Hartenstein (2005):
FELIX: Using Rewriting-Logic forGenerating Functionally Equivalent Implementations . In: , IEEE CS, pp. 25–30, doi:10.1109/FPL.2005.1515694.[11] C. Morra, J. Bispo, J.M.P. Cardoso & J. Becker (2008):
Combining Rewriting-Logic, Architecture Gen-eration, and Simulation to Exploit Coarse-Grained Reconfigurable Architectures . In Kenneth L. Pocek &Duncan A. Buell, editors:
FCCM , IEEE Computer Society, pp. 320–321, doi:10.1109/FCCM.2008.37.[12] B. K. Rosen (1973):
Tree-Manipulating Systems and Church-Rosser Theorems . J. of the ACM
Certification of Confluence Proofs using CeTA . In:
First International Workshop onConfluence (IWC 2012) , p. 45.[14] Theory trs (consulted January 2013):
Available in the NASA LaRC PVS library, http://shemesh.larc.nasa.gov/fm/ftp/larc/ PVS-library/pvslib.htmlhttp://shemesh.larc.nasa.gov/fm/ftp/larc/ PVS-library/pvslib.html