Proving Ramsey's theorem by the cover set induction: A case and comparison study

An experiment of the cover set induction method inRRL is presented with a mechanical proof of Ramsey's theorem in graph theory. The proof is similar to the proof obtained by Kaufmann using the Boyer-Moore theorem prover. We show that this similarity is not unusual, because there is a close relationship between the Boyer-Moore logic and the algebraic specification of abstract data types on which the cover set induction method is based. (This implies that many proofs done by the Boyer-Moore theorem prover can be reproduced byRRL.) Our experiment shows thatRRL can automatically prove all the lemmas in Ramsey's theorem, while the Boyer-Moore theorem prover needs several user's hints and takes much longer (CPU time) to finish.Partially supported by National Science Foundation Grants Nos. CCR-9202838 and INT-9016100.     

An experiment with the Boyer-Moore theorem prover: A proof of Wilson's theorem

This paper describes the use of the Boyer-Moore theorem prover in mechanically generating a proof of Wilson's theorem: for any prime p, (p-1)! and p-1 are congruent modulo p. The input to the theorem prover consists of a sequence of three function definitions and forty-two propositions to be proved. The proofs generated by the system are based on a library of lemmas relating to list manipulation and number theory, including Fermat's theorem.     

An autonomous multistrategy theorem proving system using knowledge-based techniques

Most general-purpose theorem-proving systems have weak search control. There is no alternative to the use of a large number of heuristics or strategies for search guidance. Choosing appropriate strategies for solving a given problem may require the knowledge of different strategies and may involve a lot of painstaking trial-and-error. To encourage the widespread use of computer reasoning systems, it is important that a theorem prover be usable by those with little knowledge of problem-solving strategies, and that a theorem prover be able to select good strategies for the user. An autonomous multistrategy theorem-proving system is developed, using knowledge-based techniques, to entirely free the user from the necessity of understanding the system or the merits of different strategies. All the user has to do is input his or her problem in first-order logic, and the system solves the problem efficiently for him or her without any manual intervention. The system embodies much of expert knowledge about how to solve problems. The knowledge is represented as metarules in knowledge base which guide a hyperlinking theorem prover to solve problems automatically and efficiently.     

Lazy techniques for fully expansive theorem proving

The HOL system is afully expansive theorem prover: proofs generated in the system are composed of applications of the primitive inference rules of the underlying logic. One can have a high degree of confidence that such systems are sound, but they are far slower than theorem provers that exploit metatheoretic or derived properties.This paper presents techniques for postponing part of the computation so that the user of a fully expansive theorem prover can be more productive. The notions oflazy theorem andlazy conversion are introduced. These not only allow part of the computation to be delayed, but also permit nonlocal optimizations that are only possible because the primitive inferences are not performed immediately. The approach also opens the way to proof procedures that exploit metatheoretic properties without sacrificing security; the primitive inferences still have to be performed in order to generate a theorem, but during the proof development the user is free of the overheads they entail.     

Towards mechanical metamathematics

Metamathematics is a source of many interesting theorems and difficult proofs. This paper reports the results of an experiment to use the Boyer-Moore theorem prover to proof-check theorems in metamathematics. We describe a First Order Logic due to Shoenfield and outline some of the theorems that the prover was able to prove about this logic. These include the tautology theorem which states that every tautology has a proof. Such proofs can be used to add new proof procedures to a proof-checking program in a sound and efficient manner.     

Translation Templates to Support Strategy Development in PVS

In presenting specifications and specification properties to a theorem prover, there is a tension between convenience for the user and convenience for the theorem prover. A choice of specification formulation that is most natural to a user may not be the ideal formulation for reasoning about that specification in a theorem prover. However, when the theorem prover is being integrated into a system development framework, a desirable goal of the integration is to make use of the theorem prover as easy as possible for the user. In such a context, it is possible to have the best of both worlds: specifications that are natural for a system developer to write in the language of the development framework, and representations of these specifications that are well matched to the reasoning techniques provided in the prover. In a tactic-based prover, these reasoning techniques include the use of tactics (or strategies) that can rely on certain structural elements in the theorem prover's representation of specifications. This paper illustrates how translation techniques used in integrating PVS into the TIOA (Timed Input/Output Automata) system development framework produce PVS specifications structured to support development of PVS strategies that implement reasoning steps appropriate for proving TIOA specification properties.     

The Watson Theorem Prover

Watson is a general-purpose system for formal reasoning. It is an interactive equational higher-order theorem prover. The higher-order logic supported by the prover is distinctive in being type free (it is a safe variant of Quine's NF). Watson allows the development of automated proof strategies, which are represented and stored by the prover in the same way as theorems. The mathematical foundations of the prover and the way these are presented to a user are discussed. The paper also contains discussions of experiences with the prover and relations of the prover to other systems.     

Representations of the language recognition problem for a theorem prover

Two representations of the language recognition problem for a theorem prover in first-order logic are presented and contrasted. One of the representations is based on the familiar method of generating sentential forms of the language, and the other is based on the Cocke parsing algorithm. An augmented theorem prover is described which permits recognition of recursive languages. The state-transformation method developed by Cordell Green to construct problem solutions in resolution-based systems can be used to obtain the parse tree. In particular, the end-order traversal of the parse tree is derived in one of the representations. The paper defines an inference system, termed the cycle inference system, which makes it possible for the theorem prover to model the method on which the representation is based. The general applicability of the cycle inference system to state-space problems is discussed. Given an unsatisfiable setS, where each clause has at most one positive literal, it is shown that there exists an input proof. The clauses for the two representations satisfy these conditions, as do many state-space problems.This work was supported by the National Aeronautics and Space Administration Grant NGR-21-002-270.     

Kit: a study in operating system verification

The author reviews Kit, a small multitasking operating system kernel written in the machine language of a uniprocessor von Neumann computer. The kernel is proved to implement on this shared computer a fixed number of conceptually distributed communicating processes. In addition to implementing processes, the kernel provides the following verified services: process scheduling, error handling, message passing, and an interface to asynchronous devices. As a by-product of the correctness proof, security-related results such as the protection of the kernel from tasks and the inability of tasks to enter supervisor mode are proved. The problem is stated in the Boyer-Moore logic, and the proof is mechanically checked with the Boyer-Moore theorem prover     

Automatic inductive theorem proving using prolog

Although Prolog is a programming language based on techniques from theorem proving, its use as a base for a theorem prover has not been explored until recently (Stickel, 1984). In this paper, we introduce a Prolog-based deductive theorem proving method for proving theorems in a first-order inductive theory representable in Horn clauses. The method has the following characteristics:

• 1.It automatically partitions the domains over which the variables range into subdomains according to the manner in which the predicate symbols in the theorem are defined.
• 2.For each of the subdomains the prover returns a lemma. If the lemma is true, then the target theorem is true for this subdomain. The lemma could also be an induction hypothesis for the theorem.
• 3.The method does not explicitly use any inductive inference rule. The induction hypothesis, if needed for a certain subdomain, will sometimes be generated from a (limited) forward chaining mechanism in the prover and not from employing any particular inference rule.

In addition to the backward chaining and backtracking facilities of Prolog, our method introduces three new mechanism—skolemization by need, suspended evaluation, and limited forward chaining. These new mechanisms are simple enough to be easily implemented or even incorporated into Prolog. We describe how the theorem prover can be used to prove properties of Prolog programs by showing two simple examples.     

Theories for mechanical proofs of imperative programs

For convenient application of a first-order theorem prover to verification of imperative programs, it is important to encapsulate the operational semantics in generic theories. The possibility to do so is illustrated by two theories for the Boyer-Moore theorem prover Nqthm.The first theory is an Nqthm version of the classical while-theorem. Here the main interest is to show how one can use Nqthm's facilities to constrain and to functionally instantiate for the development and application of a generic theory. The theory is illustrated by a linear search program.The second theory is a finitary approach to progress for shared-memory concurrent programs. It is illustrated by Peterson's algorithm for mutual exclusion of two processes. The proof of progress for Peterson's algorithm is new. The assertion of bounded fairness is slightly stronger than the conventional notion of weak fairness. This new concept may have other applications.     

Mechanical theorem proving in projective geometry

We present an algorithm that is able to confirm projective incidence statements by carrying out calculations in the ring of all formal determinants (brackets) of a configuration. We will describe an implementation of this prover and present a series of examples treated by the prover, includingPappus' andDesargues' theorems, thesixteen point theorem, Saam's theorem, thebundle condition, theuniqueness of a harmonic point andPascal's theorem.     

Computer proofs in Group Theory

This paper reports the results of an experiment in using the Boyer-Moore Theorem Prover in seeking computer-checked proofs in Group Theory. Starting from the axioms for groups and elementary list and number theory, the theorem prover was led to the proofs of two basic theorems in Elementary Group Theory by a sequence of lemmas suggested by the author. The computer proofs illustrate the effective use of the Boyer-Moore Theorem Prover in Group Theory.     

Gazing: An approach to the problem of definition and lemma use

A major outstanding problem in automated theorem proving research is determining the appropriate use of definitions and previously proved theorems within a proof. Presenting the theorem prover with only the formulae that are necessary for the proof might be viewed as ‘cheating’ and requires that the user prove the theorem ahead of time. In real world applications of theorem proving, this is almost certain to be infeasible. On the other hand providing the prover with all formulae that might be relevant rapidly swamps the prover with unnecessary information. A technique for the selective retrieval of formulae based on features of those formulae and the conjecture at hand is required to solve this problem. In this paper I describe an abstraction-based technique which addresses this problem. Implicit hypotheses such as definitions, axioms and previously proved theorems are stored in a database which may be accessed by a heuristic rule of inference calledgazing. Before accessing this database the gazing rule plans the use of these formulae in a hierarchy of abstraction spaces. When the planning phase is complete, the system can use the indicated formulae with some confidence that they are relevant to the proof. Since the technique is abstraction-based, no guarantee that the plant will be eventually applicable or successful can be made. However, because the plans are built by considering increasing amounts of detail, the number of ways in which the application of a plan can fail is limited. Plan failures may be ‘patched’ in a uniform way.     

A mechanically verified code generator

We describe the specification, implementation and proof of correctness of a code generator for a subset of Gypsy 2.05. The code generator is specified in the Boyer-Moore logic; its proof is fully machine-checked using the Kaufmann-enhanced Boyer-Moore theorem prover. Our code generator sits atop a stack of verified system components providing a prototype development environment for constructing highly reliable application Programs.     

An integral theorem prover and the role of proof planning

An investigation is made into the ways proof planning can enhance the capability of a rule based prover for the theory of integration. The integrals are of the Riemann type and are defined in a way to maximize the theorem proving methods of predicate calculus. Approximately fifty theorems have been proved and several examples are discussed. A major shortcoming was found to be the inability of the system to work with or produce a proof plan. As a result, a planning scheme based on the idea of subgoals or milestones was considered. With user defined plans, there was a substantial increase in performance and capability of the system and, in some cases, proofs which were previously unsuccessful were completed.     

Formalization of a normalization theorem in simplicial topology

In this paper we present a complete formalization of the Normalization Theorem, a result in Algebraic Simplicial Topology stating that there exists a homotopy equivalence between the chain complex of a simplicial set, and a smaller chain complex for the same simplicial set, called the normalized chain complex. Even if the Normalization Theorem is usually stated as a higher-order result (with a Category Theory flavor) we manage to give a first-order proof of it. To this aim it is instrumental the introduction of an algebraic data structure called simplicial polynomial. As a demonstration of the validity of our techniques we developed a formal proof in the ACL2 theorem prover.