Strong Normalization for the Safe Fragment of a Minimal Rewrite System: A Triple-Lexicographic Proof and the Termination Conjecture for the Full System

We present a minimal operator-only term rewriting system with seven constructors and eight reduction rules. Our main contribution is a mechanically-verified proof of strong normalization for a guarded fragment using a novel triple-lexicographic measure combining a phase bit, multiset ordering (Dershowitz-Manna), and ordinal ranking. From strong normalization, we derive a certified normalizer with proven totality and soundness. Assuming local confluence (verified through critical pair analysis), Newman's Lemma yields confluence and therefore unique normal forms for the safe fragment. We establish impossibility results showing that simpler measures, such as additive counters, polynomial interpretations, and single-bit flags, provably fail for rules with term duplication. The work demonstrates fundamental limitations in termination proving for self-referential systems. It connects to classical undecidability results while providing constructive, mechanically-verified proofs, and it states a conjecture on undecidable termination: some terminating operator-only systems have termination that is true but unprovable within a given base theory using internally definable methods. All theorems have been formally verified in a proof assistant. The formal development is available to program committee members and referees upon request for purposes of peer review.