Section: New Results

Analysis and verification of adversary systems

Participant : Isabelle Gnaedig.

In the last few years, a significative amount of work has been done to propose correctness proof methods for rewriting-based programming. For termination and sufficient completeness, for instance, various proof techniques are now available, when the reduction relation is enriched by equations, conditions, or when it is applied with particular strategies. Nevertheless, there is still a lack of techniques, for example for certain strategies, of for weak properties i.e., properties that are not verified on every computation branch of the reduction relation. The latter properties are interesting since in practice, programs do not always verify the properties in their strong acceptance.

For several years, we have been trying to answer the above problem in developing an induction based proof approach. For the problem of strategies, specific procedures were given for proving termination under innermost, outermost and local strategies  [71] , [70] , [72] . We then have extracted the common mechanisms of theses procedures, to propose a simpler and more general framework, parametrized by the strategy [16] . We also have proposed an instance of this mechanism for priority rewriting, for which there was no specific termination proof method until now [27] .

For the problem of weak properties, our technique was applied to weak termination under the innermost strategy  [73] , and to C-reducibility : a weak form of sufficient completeness, we have defined as the existence of a constructor form on at least one derivation branch from every term  [77] . We have continued the generalization work of our approach for the proof of weak properties. Our inductive technique consists in developing proof trees from patterns representing ground terms, by abstracting subterms, induction can be applied on, and by narrowing. Thanks to a lifting mechanism, the proof trees model the rewriting trees, the properties to be proved are defined on. For weak properties, the choice of narrowing branches of a term u is crucial. For weak termination, it is sufficient to consider a set of branches representing at least one rewriting step for every reducible ground instance of u . For C-reducibility, the set of narrowing branches has to be covering i.e., has to represent at least one reduction step for every ground instance of u . A new definition of narrowing has been proposed to integrate these conditions. The correctness proof of the approach has also been factorized, enlightening the common and the specific characteristics of both properties [41] .

Whatever the property to be proved, the above inductive technique lies on the notion of reductibility on ground terms. We have characterized how to model reducibility and irreducibility of rewriting on ground terms using equational and disequational constraints. We have shown in particular that innermost (ir)reducibility can be modeled with a particular narrowing relation and that equational and disequational constraints are issued from the most general unifiers of this narrowing relation. We then have proposed a proof of an innermost lifting lemma using this (dis)equation-based characterization [40] .