An experiment with the Boyer-Moore theorem prover: A proof of Wilson's theorem

This paper describes the use of the Boyer-Moore theorem prover in mechanically generating a proof of Wilson's theorem: for any prime p, (p-1)! and p-1 are congruent modulo p. The input to the theorem prover consists of a sequence of three function definitions and forty-two propositions to be proved. The proofs generated by the system are based on a library of lemmas relating to list manipulation and number theory, including Fermat's theorem.     

A mechanical proof of Quadratic Reciprocity

We describe the use of the Boyer-Moore theorem prover in mechanically generating a proof of the Law of Quadratic Reciprocity: for distinct odd primes p and q, the congruences x ² q (mod p) and x ² p (mod q) are either both solvable or both unsolvable, unless pq3 (mod 4). The proof is a formalization of an argument due to Eisenstein, based on a lemma of Gauss. The input to the theorem prover consists of nine function definitions, thirty conjectures, and various hints for proving them. The proofs are derived from a library of lemmas that includes Fermat's Theorem and the Gauss Lemma.     

Automated proofs of equality problems in Overbeek's competition

This paper reports the detailed computer proofs of nine equality problems in Overbeek's competition obtained by Herky, a completion-based theorem prover developed by the author. Advanced techniques implemented in Herky made it a high-performance theorem prover for equational reasoning. Herky is able to prove the first nine of the ten equality problems in the competition (the tenth is an open problem). These equality problems are likely to serve as good exercises for theorem provers based on different approaches, and the proofs of these problems may help people to solve them using their own theorem provers.     

Accelerating tableaux proofs using compact representations

In this article a modified form of tableau calculus, calledTableau Graph Calculus, is presented for overcoming the well-known inefficiencies of the traditional tableau calculus to a large extent. This calculus is based on a compact representation of analytic tableaux by using graph structures calledtableau graphs. These graphs are obtained from the input formula in linear time and incorporate most of the rule applications of normal tableau calculus during the conversion process. The size of this representation is linear with respect to the length of the input formula and the graph closely resembles the proof tree of tableau calculi thus retaining the naturalness of the proof procedure. As a result of this preprocessing step, tableau graph calculus has only a single rule which is repeatedly applied to obtain a proof. Many optimizations for the applications of this rule, to effectively prune the search space, are presented as well. Brief details of an implemented prover called FAUST, embedded within the higher-order theorem prover called HOL, are also given. Applications of FAUST within a hardware verification context are also sketched.This work has been partly financed by german national grant under the project Automated System Design, SFB No. 358.     

Mechanical verification of strategies

This paper presents a method of representing planning domains in the Boyer-Moore logic so that we can prove mechanically whether a strategy solves a problem. Current approaches require explicit frame axioms and state constraints to be included as part of a domain specification and use a programming language for expressing strategies. These make it difficult to specify domains and verify plans efficiently. Our method avoids explicit frame axioms, since domains are specified by programming an interpreter for sequences of actions in the Boyer-Moore logic. Strategies are represented as planners, Lisp programs that take an initial state and other arguments as input and return a sequence of actions that, when executed in the given initial state, will bring about a goal state. Mechanical verification of a strategy is accomplished by proving that the corresponding planner solves all instances of the given problem. We illustrate our approach by verifying strategies in some variations of the blocks world.The work described here was supported in part by NSF Grant MIP-9017499.     

Short proofs of the pigeonhole formulas based on the connection method

Quadratic proofs of pigeonhole formulas are presented using connection method proof techniques. The interest of this result derives from the fact that for this class of formulas exponential lower bounds are known for the length of resolution refutations.     

Computer-aided proofs of Arrow's and other impossibility theorems

Arrow's impossibility theorem is one of the landmark results in social choice theory. Over the years since the theorem was proved in 1950, quite a few alternative proofs have been put forward. In this paper, we propose yet another alternative proof of the theorem. The basic idea is to use induction to reduce the theorem to the base case with 3 alternatives and 2 agents and then use computers to verify the base case. This turns out to be an effective approach for proving other impossibility theorems such as Muller-Satterthwaite and Sen's theorems as well. Motivated by the insights of the proof, we discover a new theorem with the help of computer programs. We believe this new proof opens an exciting prospect of using computers to discover similar impossibility or even possibility results.     

Automated proofs of the moufang identities in alternative rings

In this paper we present automatic proofs of the Moufang identities in alternative rings. Our approach is based on the term rewriting (Knuth-Bendix completion) method, enforced with various features. Our proofs seem to be the first computer proofs of these problems done by a general purpose theorem prover. We also present a direct proof of a certain property of alternative rings without employing any auxiliary functions. To our knowledge our computer proof seems to be the first direct proof of this property, by human or by a computer.On leave from the Department of Computer Science, UNYY at Stony Brook, New York. Research supported in part by NSF grants CCR-8805734, INT-8715231, and CCR-8901322.     

A Graphical User Interface for Formal Proofs in Geometry

We present in this paper the design of a graphical user interface to deal with proofs in geometry. The software developed combines three tools: a dynamic geometry software to explore, measure, and invent conjectures; an automatic theorem prover to check facts; and an interactive proof system (Coq) to mechanically check proofs built interactively by the user.     

Link inheritance in abstract clause graphs

Clause graphs, as they were defined in the 1970s, are graphs representing first order formulas in conjunctive normal form: the nodes are labelled with literals and the edges (links) connect complementary unifiable literals, i.e. they provide an explicit representation of the resolution possibilities. This report describes a generalization of this concept, called abstract clause graphs. The nodes of abstract clause graphs are still labelled with literals, the links however connect literals that are unifiable relative to a given relation between literals. This relation is not explicitely defined, only certain abstract properties are required. For instance the existence of a special purpose unification algorithm is assumed, which computes substitutions, the application of which makes the relation hold for two literals.When instances of already existing literals are added to the graph (e.g. due to resolution or factoring), the links to the new literals are derived from the links of their ancestors. An inheritance mechanism for such links is presented which operates only on the attached substitutions and does not have to unify the literals. The definition of abstract clause graphs and the theory about link inheritance is general enough to provide a framework so that as new ideas are proposed for graph based theorem provers, the methodology for both implementing links and proving their properties will be readily available.This research was supported by the Sonderforschungsbereich 314, Künstliche Intelligenz, of the German Research Agency.     

A λ-unifiability test for set theory

We present a semi-decision algorithm for the unifiability of two set-theoretic formulas modulo -reduction. The algorithm is based on the approach developed by G. Huet for type theory, but requires additional measures because formulas in set theory are not all normalizable. We present the algorithm in an Ada-like pseudocode, and then prove two theorems that show the completeness and correctness of the procedure. We conclude by showing that -unification is not a complete quantifier substitution method for set theory-unlile first-order unification and first-order logic. In this respect set theory is similar to type theory (higher-order logic).This material is based upon work supported by the National Science Foundation under award number ISI-8560438. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the author and do not necessarily reflect the views of the National Science Foundation.     

Automated reasoning about elementary point-set topology

In this paper we present first-order formulas for basic point-set topology, in an attempt to extend the mathematical range available for exploration with automated theorem-proving programs. We present topology definitions and sample lemmas both in first-order logic and in clausal form. We then illustrate some of the difficulties of these sample lemmas through a proof of a basic lemma in five parts.This work was supported by the Applied Mathematical Sciences subprogram of the Office of Energy Research, U.S. Department of Energy, under contract W-31-109-Eng-38, and by the Division of Educational Programs, Argonne National Laboratory.     

微内核操作系统互斥量模块功能正确性的形式化验证

操作系统在许多安全攸关领域为软件系统提供关键性底层支撑，操作系统中一个微小的错误或漏洞都可能引起整个软件系统的重大故障，造成巨大经济损失或危及人身安全.为了减少此类安全事故的发生，对操作系统正确性进行验证十分必要.传统测试手段无法穷尽系统中的所有潜在错误，因而操作系统验证有必要使用具有严格数学理论基础的形式化方法.在操作系统中，互斥量可协调多任务对资源的访问，是一种常用的任务同步方式，其功能正确性对于保障多任务应用的正确性十分关键.本文基于定理证明方法，在交互式定理证明器Coq中对某抢占式微内核操作系统的互斥量模块进行代码级形式化建模，给出其接口函数的形式化规范，并实现这些接口函数的功能正确性验证.     

Automated Proof Construction in Type Theory Using Resolution

We provide techniques to integrate resolution logic with equality in type theory. The results may be rendered as follows. A clausification procedure in type theory, equipped with a correctness proof, all encoded using higher-order primitive recursion. A novel representation of clauses in minimal logic such that the -representation of resolution steps is linear in the size of the premisses. A translation of resolution proofs into lambda terms, yielding a verification procedure for those proofs. Availability of the power of resolution theorem provers in interactive proof construction systems based on type theory.     

Automated production of traditional proofs in solid geometry

This paper presents a method of producing readable proofs for theorems in solid geometry. The method is for a class of constructive geometry statements about straight lines, planes, circles, and spheres. The key idea of the method is to eliminate points from the conclusion of a geometric statement using several (fixed) high-level basic propositions about the signed volumes of tetrahedrons and Pythagorean differences of triangles. We have implemented the algorithm, and more than 80 examples from solid geometry have been used to test the program. Our program is efficient and the proofs produced by it are generally short and readable.The work reported here was supported in part by the NSF Grant CCR-9117870 and Chinese National Science Foundation.On leave from Institute of Systems Sciences, Academia Sinica, Beijing 100080, P.R. China.     

Productive use of failure in inductive proof

Proof by mathematical induction gives rise to various kinds of eureka steps, e.g., missing lemmata and generalization. Most inductive theorem provers rely upon user intervention in supplying the required eureka steps. In contrast, we present a novel theorem-proving architecture for supporting the automatic discovery of eureka steps. We build upon rippling, a search control heuristic designed for inductive reasoning. We show how the failure if rippling can be used in bridging gaps in the search for inductive proofs. The research reported in this paper was supported by EPSRC grant GR/J/80702 and ARC grant 438.     

On subsumption in distributed derivations

In this paper we study the subsumption inference rule in the context of distributed deduction. It is well known that the unrestricted application of subsumption may destroy the fairness and thus the completeness of a deduction strategy. Solutions to this problem in sequential theorem proving are known. We observe that in distributed automated deduction, subsumption may also thwartmonotonicity, a dual property of soundness, in addition to completeness. Not only do the solutions for the sequential case not apply, even proper subsumption may destroy monotonicity in the distributed case.We present these problems and propose a general solution that treats subsumption as a composition of a replacement inference rule,replacement subsumption, and a deletion inference rule,variant subsumption. (Proper subsumption, in this case, becomes a derived inference rule.) We define a newdistributed subsumption inference rule, which has all the desirable properties: it allows subsumption, including subsumption of variants, in a distributed derivation, while preserving fairness and monotonicity. It also works in both sequential and distributed environments.We conclude the paper with some discussion of the different behavior of subsumption in different architectures.     

Theory decision by decomposition

The topic of this article is decision procedures for satisfiability modulo theories (SMT) of arbitrary quantifier-free formulæ. We propose an approach that decomposes the formula in such a way that its definitional part, including the theory, can be compiled by a rewrite-based first-order theorem prover, and the residual problem can be decided by an SMT-solver, based on the Davis–Putnam–Logemann–Loveland procedure. The resulting decision by stages mechanism may unite the complementary strengths of first-order provers and SMT-solvers. We demonstrate its practicality by giving decision procedures for the theories of records, integer offsets and arrays, with or without extensionality, and for combinations including such theories.