Proof planning is a paradigm for the automation of proof that focuses on encoding intelligence to guide the proof process. The idea is to capture common patterns of reasoning which can be used to derive abstract descriptions of proofs known as proof plans. These can then be executed to provide fully formal proofs. This thesis concerns the development and analysis of a novel approach to proof planning that focuses on an explicit representation of choices during search. We embody our approach as a proof planner for the generic proof assistant Isabelle and use the Isar language, which is human-readable and machine-checkable, to represent proof plans. Within this framework we develop an inductive theorem prover as a case study of our approach to proof planning. Our prover uses the difference reduction heuristic known as rippling to automate the step cases of the inductive proofs. The development of a flexible approach to rippling that supports its various modifications and extensions is the second major focus of this thesis. Here, our inductive theorem prover provides a context in which to evaluate rippling experimentally. This work results in an efficient and powerful inductive theorem prover for Isabelle as well as proposals for further improving the efficiency of rippling. We also draw observations in order

The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, aimed at teaching basic use of the system quickly by means of a graded set of examples. Some readers may find it easier to absorb; those who do not are referred after all to the standard manual. “Shouldn’t we read the instructions?”

In this paper we present a method for automated induction proofs about partial functions. We show that most well-known techniques developed for (explicit) induction theorem proving are unsound when dealing with partial functions. But surprisingly, by slightly restricting the application of these techniques, it is possible to develop a calculus for automated induction proofs with partial functions. In particular, under certain conditions one may even generate induction schemes from the recursions of non-terminating algorithms. The need for such induction schemes and the power of our calculus have been demonstrated on a large collection of non-trivial theorems (including Knuth and Bendix' critical pair lemma). In this way, existing induction theorem provers can be directly extended to partial functions without major changes of their logical framework.

The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, aimed at teaching basic use of the system quickly by means of a graded set of examples. Some readers may find it easier to absorb; those who do not are referred after all to the standard manual. “Shouldn’t we read the instructions?”

A great deal of research effort has been recently spent in the areas of formal hardware verification. Several approaches have been proposed using model checkers, induction-based approaches and higher-order logics. Three problems common to all these approaches, however, include the ad hoc nature of proof organization, the lack of generalized hardware theories and the lack of support for modular verification. We address the last two problems by extending the idea of hardware combinators to structures that are tree-like in shape and develop general proof methods using these hardware combinators. The combinators provide support for modular design and verification and may be incorporated into larger verification tools while the general proof strategies reduce the verification effort required of the tool's user.

2.1 Formal verification........................ 3 2.2 Our choice of logic........................ 4