Results 1  10
of
28
Automating the Meta Theory of Deductive Systems
, 2000
"... not be interpreted as representing the o cial policies, either expressed or implied, of NSF or the U.S. Government. This thesis describes the design of a metalogical framework that supports the representation and veri cation of deductive systems, its implementation as an automated theorem prover, a ..."
Abstract

Cited by 88 (16 self)
 Add to MetaCart
(Show Context)
not be interpreted as representing the o cial policies, either expressed or implied, of NSF or the U.S. Government. This thesis describes the design of a metalogical framework that supports the representation and veri cation of deductive systems, its implementation as an automated theorem prover, and experimental results related to the areas of programming languages, type theory, and logics. Design: The metalogical framework extends the logical framework LF [HHP93] by a metalogic M + 2. This design is novel and unique since it allows higherorder encodings of deductive systems and induction principles to coexist. On the one hand, higherorder representation techniques lead to concise and direct encodings of programming languages and logic calculi. Inductive de nitions on the other hand allow the formalization of properties about deductive systems, such as the proof that an operational semantics preserves types or the proof that a logic is is a proof calculus whose proof terms are recursive functions that may be consistent.M +
Improved Limited Discrepancy Search
 In Proceedings of AAAI96
, 1996
"... We present an improvement to Harvey and Ginsberg's limited discrepancy search algorithm. Our version eliminates much of the redundancy in the original algorithm, generating each search path from the root to the maximum search depth only once. For a uniformdepth binary tree of depth d, this red ..."
Abstract

Cited by 74 (3 self)
 Add to MetaCart
(Show Context)
We present an improvement to Harvey and Ginsberg's limited discrepancy search algorithm. Our version eliminates much of the redundancy in the original algorithm, generating each search path from the root to the maximum search depth only once. For a uniformdepth binary tree of depth d, this reduces the asymptotic complexity from O( d+2 2 2 d ) to O(2 d ). The savings is much less in a partial tree search, or in a heavily pruned tree. We also show that the overhead of the improved algorithm on a uniformdepth bary tree is only a factor of b=(b\Gamma1) compared to depthfirst search. This constant factor is greater on a heavily pruned tree. Finally, we present empirical results showing the utility of limited discrepancy search, as a function of problem difficulty, on the NPComplete problem of number partitioning. 1 Introduction: Limited Discrepancy Search The bestknown treesearch algorithms are breadthfirst and depthfirst search. Breadthfirst search is rarely used in pra...
A Calculus for and Termination of Rippling
 Journal of Automated Reasoning
, 1996
"... . Rippling is a type of rewriting developed for inductive theorem proving that uses annotations to direct search. Rippling has many desirable properties: for example, it is highly goal directed, usually involves little search, and always terminates. In this paper we give a new and more general forma ..."
Abstract

Cited by 43 (2 self)
 Add to MetaCart
(Show Context)
. Rippling is a type of rewriting developed for inductive theorem proving that uses annotations to direct search. Rippling has many desirable properties: for example, it is highly goal directed, usually involves little search, and always terminates. In this paper we give a new and more general formalization of rippling. We introduce a simple calculus for rewriting annotated terms, close in spirit to firstorder rewriting, and prove that it has the formal properties desired of rippling. Next we develop criteria for proving the termination of such annotated rewriting, and introduce orders on annotated terms that lead to termination. In addition, we show how to make rippling more flexible by adapting the termination orders to the problem domain. Our work has practical as well as theoretical advantages: it has led to a very simple implementation of rippling that has been integrated in the Edinburgh CLAM system. Key words: Mathematical Induction, Inductive Theorem Proving, Term Rewriting. ...
Automated Mathematical Induction
, 1992
"... Proofs by induction are important in many computer science and artiøcial intelligence applications, in particular, in program veriøcation and speciøcation systems. We present a new method to prove (and disprove) automatically inductive properties. Given a set of axioms, a wellsuited induction schem ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
(Show Context)
Proofs by induction are important in many computer science and artiøcial intelligence applications, in particular, in program veriøcation and speciøcation systems. We present a new method to prove (and disprove) automatically inductive properties. Given a set of axioms, a wellsuited induction scheme is constructed automatically. We call such an induction scheme a test set. Then, for proving a property, we just instantiate it with terms from the test set and apply pure algebraic simpliøcation to the result. This method needs no completion and explicit induction. However it retains their positive features, namely, the completeness of the former and the robustness of the latter. It has been implemented in the theoremprover SPIKE 1 . 1 Introduction 1.1 Motivation Inductive reasoning is simply a method of performing inferences in domains where there exists a wellfounded relation on the objects. It is fundamental when proving properties of numbers, datastructures, or programs axiomat...
Colouring Terms to Control Equational Reasoning
 Journal of Automated Reasoning
, 1997
"... . In this paper we present an approach to prove the equality between terms in a goaldirected way developed in the field of inductive theorem proving. The two terms to be equated are syntactically split into expressions which are common to both and those which occur only in one term. According to the ..."
Abstract

Cited by 26 (13 self)
 Add to MetaCart
(Show Context)
. In this paper we present an approach to prove the equality between terms in a goaldirected way developed in the field of inductive theorem proving. The two terms to be equated are syntactically split into expressions which are common to both and those which occur only in one term. According to the computed differences we apply appropriate equations to the terms in order to reduce the differences in a goaldirected way. Although this approach was developed for purposes of inductive theorem proving  we use this technique to manipulate the conclusion of an induction step to enable the use of the hypothesis  it is a powerful method for the control of equational reasoning in general. 1. Introduction The automation of equational reasoning is one of the most important obstacles in the field of automating deductions. Even small equational problems result in a huge search space, and finding a proof often fails due to the combinatorial explosion. Proving (conditional) equations by inductio...
Coloured rippling: An extension of a theorem proving heuristic
, 1993
"... . Rippling is a type of rewriting developed in inductive theorem proving for removing differences between terms; the induction conclusion is annotated to mark its differences from the induction hypothesis and rippling attempts to move these differences. Until now rippling has been primarily employed ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
(Show Context)
. Rippling is a type of rewriting developed in inductive theorem proving for removing differences between terms; the induction conclusion is annotated to mark its differences from the induction hypothesis and rippling attempts to move these differences. Until now rippling has been primarily employed in proofs where there is a single induction hypothesis. This paper describes an extension to rippling to deal with theorems with multiple hypotheses. Such theorems arise, for instance, when reasoning about datastructures like trees with multiple recursive arguments. The essential idea is to colour the annotation, with each colour corresponding to a different hypothesis. The annotation of rewrite rules used in rippling is similarly generalized so that rules propagate colours through terms. This annotation guides search so that rewrite rules are only applied if they reduce the differences between the conclusion and some of the hypotheses. We have tested this implementation on a number of pro...
A Divergence Critic for Inductive Proof
 Journal of Artificial Intelligence Research
, 1996
"... Inductive theorem provers often diverge. This paper describes a simple critic, a computer program which monitors the construction of inductive proofs attempting to identify diverging proof attempts. Divergence is recognized by means of a "difference matching" procedure. The critic then pro ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
Inductive theorem provers often diverge. This paper describes a simple critic, a computer program which monitors the construction of inductive proofs attempting to identify diverging proof attempts. Divergence is recognized by means of a "difference matching" procedure. The critic then proposes lemmas and generalizations which "ripple" these differences away so that the proof can go through without divergence. The critic enables the theorem prover Spike to prove many theorems completely automatically from the definitions alone. 1. Introduction Two key problems in inductive theorem proving are proposing lemmas and generalizations. A prover's divergence often suggests to the user an appropriate lemma or generalization that will enable the proof to go through without divergence. As a simple example, consider the theorem, 8n : dbl(n) = n + n: This is part of a simple program verification problem (Dershowitz & Pinchover, 1990). Addition and doubling are defined recursively by means of th...
Extensions to a Generalization Critic for Inductive Proof
 13th Conference on Automated Deduction
, 1996
"... In earlier papers a critic for automatically generalizing conjectures in the context of failed inductive proofs was presented. The critic exploits the partial success of the search control heuristic known as rippling. Through empirical testing a natural generalization and extension of the basic crit ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
(Show Context)
In earlier papers a critic for automatically generalizing conjectures in the context of failed inductive proofs was presented. The critic exploits the partial success of the search control heuristic known as rippling. Through empirical testing a natural generalization and extension of the basic critic emerged. Here we describe our extended generalization critic together with some promising experimental results. 1 Introduction A major obstacle to the automation of proof by mathematical induction is the need for generalization. A generalization is underpinned by the cutrule of inference. In a goaldirected framework, therefore, a generalization introduces an infinite branching point into the search space. It is known [13] that the cutelimination theorem does not hold for inductive theories. Consequently heuristics for controlling generalization play an important role in the automation of inductive proof. There are a number of different kinds of generalization. In this paper we present...