Strong Normalization for the Safe Fragment of a Minimal Rewrite System: A Triple-Lexicographic Proof and a Conjecture on the Unprovability of Full Termination for Any Relational Operator-Only TRS
Moses Rahnama
TL;DR
KO7 presents a minimal operator-only TRS and proves strong normalization for a guarded safe fragment using a novel triple-lexicographic measure combining a delta phase flag, Dershowitz–Manna multiset ranks, and an ordinal weight. It delivers a certified normalizer, confluence for the safe fragment via a verified Newman module, and a decidability result for reachability under SN, along with formal impossibility results for simpler measures. The authors also conjecture an intrinsic limitation: any relational operator-only TRS capable of ordered computation cannot have full termination proved by internally definable methods, highlighting fundamental bounds of internal termination techniques. The work combines mechanized formalization with a rigorous study of duplication stress, showing that DM/MPO-based termination tools are necessary in operator-only settings and clarifying the boundary between internal methods and externally anchored reasoning. This has implications for termination proofs in self-referential systems and supports stratified approaches to prove termination while acknowledging inherent limits.
Abstract
We present a minimal operator-only term rewriting system with seven constructors and eight reduction rules. Our main contribution is a mechanically-verified proof of strong normalization for a guarded fragment using a novel triple-lexicographic measure combining a phase bit, multiset ordering (Dershowitz-Manna), and ordinal ranking. From strong normalization, we derive a certified normalizer with proven totality and soundness. Assuming local confluence (verified through critical pair analysis), Newman's Lemma yields confluence and therefore unique normal forms for the safe fragment. We establish impossibility results showing that simpler measures, such as additive counters, polynomial interpretations, and single-bit flags, provably fail for rules with term duplication. The work demonstrates fundamental limitations in termination proving for self-referential systems. We state a conjecture: no relational operator-only TRS can have its full-system termination proved by internally definable methods. Here "relational" is equivalent to "capable of ordered computation" - systems with a recursor enabling iteration over successors, comparison, or sequential counting. Such recursors necessarily redistribute step arguments across recursive calls, defeating all additive termination measures. This structural limitation applies to any TRS expressive enough to encode ordered data. All theorems have been formally verified in a proof assistant. The formal development is available to program committee members and referees upon request for purposes of peer review.