. The so-called "Boyer-Moore Theorem Prover" (otherwise known as "Nqthm") has been used to perform a variety of verification tasks for two decades. We give an overview of both this system and an interactive enhancement of it, "Pc-Nqthm," from a number of perspectives. First we introduce the logic in which theorems are proved. Then we briefly describe the two mechanized theorem proving systems. Next, we present a simple but illustrative example in some detail in order to give an impression of how these systems may be used successfully. Finally, we give extremely short descriptions of a large number of applications of these systems, in order to give an idea of the breadth of their uses. This paper is intended as an informal introduction to systems that have been described in detail and similarly summarized in many other books and papers; no new results are reported here. Our intention here is merely to present Nqthm to a new audience. This research was supported in part by ONR Contract N...

This paper investigates analogy-driven proof plan construction in inductive theorem proving. We identify constraints of secondorder mappings that enable a replay of the plan of a source theorem to produce a similar plan for the target theorem. In some cases, differences between the source and target theorem mean that the target proof plan has to be reformulated. These reformulations are suggested by the mappings. The analogy procedure, implemented in ABALONE, is particularly useful for overriding the default control and suggesting lemmas. Employing analogy has extended the problem solving horizon of the proof planner CLAM : with analogy, some theorems could be proved that neither CLAM nor NQTHM could prove automatically.

. In this paper we present an approach to prove the equality between terms in a goaldirected way developed in the field of inductive theorem proving. The two terms to be equated are syntactically split into expressions which are common to both and those which occur only in one term. According to the computed differences we apply appropriate equations to the terms in order to reduce the differences in a goal-directed way. Although this approach was developed for purposes of inductive theorem proving - we use this technique to manipulate the conclusion of an induction step to enable the use of the hypothesis - it is a powerful method for the control of equational reasoning in general. 1. Introduction The automation of equational reasoning is one of the most important obstacles in the field of automating deductions. Even small equational problems result in a huge search space, and finding a proof often fails due to the combinatorial explosion. Proving (conditional) equations by inductio...

We develop two applications of middle-out reasoning in inductive proofs: Logic program synthesis and the selection of induction schemes. Middle-out reasoning as part of proof planning was first suggested by Bundy et al [Bundy et al 90a]. Middle-out reasoning uses variables to represent unknown terms and formulae. Unification instantiates the variables in the subsequent planning, while proof planning provides the necessary search control. Middle-out reasoning is used for synthesis by planning the verification of an unknown logic program: The program body is represented with a meta-variable. The planning results both in an instantiation of the program body and a plan for the verification of that program. If the plan executes successfully, the synthesized program is partially correct and complete. Middle-out reasoning is also used to select induction schemes. Finding an appropriate induction scheme during synthesis is difficult, because the recursion of the program, which is un...

Proofs by induction are important in many computer science and artiøcial intelligence applications, in particular, in program veriøcation and speciøcation systems. We present a new method to prove (and disprove) automatically inductive properties. Given a set of axioms, a well-suited induction scheme is constructed automatically. We call such an induction scheme a test set. Then, for proving a property, we just instantiate it with terms from the test set and apply pure algebraic simpliøcation to the result. This method needs no completion and explicit induction. However it retains their positive features, namely, the completeness of the former and the robustness of the latter. It has been implemented in the theorem-prover SPIKE 1 . 1 Introduction 1.1 Motivation Inductive reasoning is simply a method of performing inferences in domains where there exists a well-founded relation on the objects. It is fundamental when proving properties of numbers, data-structures, or programs axiomat...

We describe a proof plan that characterises a family of proofs corresponding to the synthesis of recursive functional programs. This plan provides a significant degree of automation in the construction of recursive programs from specifications, together with correctness proofs. This plan makes use of meta-variables to allow successive refinement of the identity of unknowns, and so allows the program and the proof to be developed hand in hand. We illustrate the plan with parts of a substantial example --- the synthesis of a unification algorithm.

. Speculating intermediate lemmas is one of the main reason of user interaction/guidance while mechanically attempting proofs by induction. An approach for generating intermediate lemmas is developed, and its effectiveness is demonstrated while proving properties of recursively defined functions. The approach is guided by the paradigm of attempting to generate a proof of the conclusion subgoal in an induction step by the application of an induction hypothesis(es). Generation of intermediate conjectures is motivated by attempts to find appropriate instantiations for non-induction variables in the main conjecture. In case, the main conjecture does not have any non-induction variables, such variables are introduced by attempting its generalization. A constraint based paradigm is proposed for guessing the missing side of an intermediate conjecture by identifying constraints on the term schemes introduced for the missing side. Definitions and properties of functions are judici...

Abstract: We present a uniform procedure for proof search in classical logic, intuitionistic logic, various modal logics, and fragments of linear logic. It is based on matrix characterizations of validity in these logics and extends Bibel’s connection method, originally developed for classical logic, accordingly. Besides combining a variety of different logics it can also be used to guide the development of proofs in interactive proof assistants and shows how to integrate automated and interactive theorem proving. 1

A notion of embedding appropriate to higher-order syntax is described. This provides a representation of annotated formulae in terms of the difference between pairs of formulae. We define substitution and unification for such annotated terms. Using this representation of annotated terms, the proof search guidance technique of rippling can be extended to higher-order theorems. We illustrate this by several examples based on an implementation of these ideas in Prolog.

Difference matching is a generalization of first-order matching where terms are made identical both by variable instantiation and by structure hiding. After matching, the hidden structure may be removed by a type of controlled rewriting, called rippling, that leaves the rest of the term unaltered. Rippling has proved highly successful in inductive theorem proving. Difference matching allows us to use rippling in other contexts, e.g., equational, inequational, and propositional reasoning. We present a difference matching algorithm, its properties, several applications, and suggest extensions.