Gandalf is a first-order resolution theorem-prover, optimized for speed and specializing in manipulations of large clauses. In this paper I describe GANDALF TAC, a HOL tactic that proves goals by calling Gandalf and mirroring the resulting proofs in HOL. This call can occur over a network, and a Gandalf server may be set up servicing multiple HOL clients. In addition, the translation of the Gandalf proof into HOL fits in with the LCF model and guarantees logical consistency.

This paper reports on the ongoing KeY project aimed at bridging the gap between (a) object-oriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specifiation and deductive verification.

Abstract. In this paper we evaluate the effectiveness of first-order proof procedures when used as tactics for proving subgoals in a higher-order logic interactive theorem prover. We first motivate why such first-order proof tactics are useful, and then describe the core integrating technology: an ‘LCFstyle’ logical kernel for clausal first-order logic. This allows the choice of different logical mappings between higher-order logic and first-order logic to be used depending on the subgoal, and also enables several different first-order proof procedures to cooperate on constructing the proof. This work was carried out using the HOL4 theorem prover; we comment on the ease of transferring the technology to other higher-order logic theorem provers. 1

Abstract not found

Interactive theorem provers require too much effort from their users. We have been developing a system in which Isabelle users obtain automatic support from automatic theorem provers (ATPs) such as Vampire and SPASS. An ATP is invoked at suitable points in the interactive session, and any proof found is given to the user in a window displaying an Isar proof script. There are numerous differences between Isabelle (polymorphic higher-order logic with type classes, natural deduction rule format) and classical ATPs (first-order, untyped, clause form). Many of these differences have been bridged, and a working prototype that uses background processes already provides much of the desired functionality. 1

Abstract. Interactive theorem provers can model complex systems, but require much effort to prove theorems. Resolution theorem provers are automatic and powerful, but they are designed to be used for very different applications. This paper reports a series of experiments designed to determine whether resolution can support interactive proof as it is currently done. In particular, we present a sound and practical encoding in first-order logic of Isabelle’s type classes. 1

Irrelevant clauses in resolution problems increase the search space, making it hard to find proofs in a reasonable time. Simple relevance filtering methods, based on counting function symbols in clauses, improve the success rate for a variety of automatic theorem provers and with various initial settings. We have designed these techniques as part of a project to link automatic theorem provers to the interactive theorem prover Isabelle. They should be applicable to other situations where the resolution problems are produced mechanically and where completeness is less important than achieving a high success rate with limited processor time. 1

Abstract not found

The aim of this chapter is to describe the integrated specification- and theorem proving environment of KIV. KIV is an advanced tool for developing high assurance systems. It supports: --- hierarchical formal specification of software and system designs --- specification of safety/security models --- proving properties of specifications --- modular implementation of specification components --- modular verification of implementations --- incremental verification and error correction --- reuse of specifications, proofs, and verified components KIV supports the entire design process from formal specifications to verified code. It supports functional as well as state-based modeling. KIV is ready for use, and has been tested in a number of indu...

State Machines (ASMs), respectively. As a rst step, predened theories from a library can be imported. New specications are added to the hierarchically structured specication graph which is graphically visualized. 2. In addition to the specication, a formal safety/security model is dened. The formulation of extra validation properties helps to detect gross speci- cation errors before it is attempted to prove the main safety/security properties. 3. It has to be shown that the validation and safety/security properties are satised by the specication. The necessary formal proofs are done in an interactive graphical proof environment. Proof search is automated to a large extent. Proof engineering facilities help to reveal specication errors. After correcting the specication, invalid proofs can be reused automatically. 4. The components of the hierarchical system specication can be implemented independently (modular) using an imperative programming language. Proof obligations fo...