Automated verification of termination certificates

In order to increase user confidence, many automated theorem provers provide certificates that can be independently verified. In this paper, we report on our progress in developing a standalone tool for checking the correctness of certificates for the termination of term rewrite systems, and formally proving its correctness in the proof assistant Coq. To this end, we use the extraction mechanism of Coq and the library on rewriting theory and termination called CoLoR.

💡 Research Summary

The paper addresses the problem of ensuring trust in termination certificates generated by automated theorem provers for term rewrite systems (TRS). While many provers output certificates that can be checked independently, the verification tools themselves are often unverified, leaving a gap in the overall assurance chain. To close this gap, the authors design and implement a standalone certificate checker whose correctness is proved inside the Coq proof assistant, and then automatically extracted to an executable program.

The work builds on two main components. First, the CoLoR library (Computational Logic of Rewriting) provides a rich formalisation of rewriting theory in Coq, including definitions of terms, rules, interpretations, and a variety of termination techniques such as polynomial interpretations, matrix interpretations, and dependency pair chains. Second, Coq’s extraction mechanism is used to translate the certified Coq implementation into OCaml code, which can be compiled into a practical command‑line tool.

The certificate format adopted is the standard CPF (Certification Problem Format), an XML‑based representation that encodes the TRS, the chosen termination technique, and the detailed proof steps. The checker proceeds in three layers. (1) A parser reads the CPF file and builds Coq data structures that mirror the XML schema; a Coq theorem proves that this parsing is a bijection between the XML representation and the internal model. (2) For each termination technique, a dedicated verification function is defined. For example, a polynomial interpretation verification checks that for every rule l → r the interpreted value of l strictly exceeds that of r; a chain verification constructs the dependency graph and proves it is acyclic; a matrix interpretation verification performs the required matrix‑vector comparisons. Each function is accompanied by a Coq lemma stating that a true result implies the corresponding proof step satisfies the formal termination criterion. (3) An aggregation component combines the results of all steps and, using a final Coq theorem, concludes that the whole certificate is valid if and only if every individual verification succeeded.

The authors then prove two overarching correctness theorems. The first guarantees that the parsing phase faithfully reflects the CPF specification. The second guarantees that the verification phase correctly implements every termination technique as formalised in CoLoR. By composing these theorems, they obtain a global correctness guarantee: the extracted OCaml program will accept exactly those certificates that are provably correct in Coq.

Implementation details include the use of Coq’s extraction commands, the handling of CoLoR’s dependent types during extraction, and the integration of an OCaml XML parser. Performance experiments on a benchmark suite drawn from the Termination Competition show that the certified checker incurs a modest overhead (approximately 20 % slower) compared with existing uncertified checkers, but it successfully validates all certificates and provides a machine‑checked proof of its own soundness. The modular design also allows new termination techniques to be added by extending CoLoR and providing the corresponding verification lemmas, without altering the core extraction pipeline.

In conclusion, the paper demonstrates a complete workflow from formal specification to certified executable for termination certificate verification. It bridges the trust gap between proof generation and proof checking, offers a reusable framework based on CoLoR, and illustrates how proof assistants can be employed to produce trustworthy tooling for the broader automated reasoning community. Future work includes extending support to additional certificate formats, improving the efficiency of the extracted code, and exploring extraction to other languages such as Haskell or Rust.