We develop in complete detail an extension of Cooper’s decision procedure for Presburger arithmetic that returns a proof of the equivalence of the input formula to a quantifier-free formula. For closed input formulae this is a proof of their validity or unsatisfiability. The algorithm is formulated as a functional program that makes only very minimal assumptions w.r.t. the underlying logical system and is therefore easily adaptable to specific theorem provers. 1 Presburger arithmetic Presburger arithmetic is first-order logic over the integers with + and <. Presburger [3] first showed its decidability. We extend Cooper’s decision procedure [1] such that a successful run returns a proof of the input formula. The atomic PA-formulae are defined by Atom:

Abstract. This paper presents on-going researches on theoretical and practical issues of combining rewriting based automated theorem proving and user-guided proof development, with the strong constraint of safe cooperation of both. In practice, we instantiate the theoretical study on the Coq proof assistant and the ELAN rewriting based system, focusing first on equational and then on inductive proofs. Different concepts, especially rewriting calculus and deduction modulo, contribute to define and to relate proof search, proof representation and proof check.

We describe an extension of the Pvs system that provides a reasonably efficient and practical notion of reflection and thus allows for soundly adding formalized and verified new proof procedures. These proof procedures work on representations of a part of the underlying logic and their correctness is expressed at the object level using a computational reflection function. The implementation of the Pvs system has been extended with an efficient evaluation mechanism, since the practicality of the approach heavily depends on careful engineering of the core system, including efficient normalization of functional expressions. We exemplify the process of applying meta-level proof procedures with a detailed description of the encoding of cancellation in commutative monoids and of the kernel of a BDD package.

Abstract. An axiomatic theory represents mathematical knowledge declaratively as a set of axioms. An algorithmic theory represents mathematical knowledge procedurally as a set of algorithms. A biform theory is simultaneously an axiomatic theory and an algorithmic theory. It represents mathematical knowledge both declaratively and procedurally. Since the algorithms of algorithmic theories manipulate the syntax of expressions, biform theories—as well as algorithmic theories—are difficult to formalize in a traditional logic without the means to reason about syntax. Chiron is a derivative of von-Neumann-Bernays-Gödel (nbg) set theory that is intended to be a practical, general-purpose logic for mechanizing mathematics. It includes elements of type theory, a scheme for handling undefinedness, and a facility for reasoning about the syntax of expressions. It is an exceptionally well-suited logic for formalizing biform theories. This paper defines the notion of a biform theory, gives an overview of Chiron, and illustrates how biform theories can be formalized in Chiron. 1

Abstract. We describe a design for a system for mathematical theory exploration that can be extended by implementing new reasoners using the logical input language of the system. Such new reasoners can be applied like the built-in reasoners, and it is possible to reason about them, e.g. proving their soundness, within the system. This is achieved in a practical and attractive way by adding reflection, i.e. a representation mechanism for terms and formulae, to the system’s logical language, and some knowledge about these entities to the system’s basic reasoners. The approach has been evaluated using a prototypical implementation called Mini-Tma. It will be incorporated into the Theorema system. 1

Abstract. Forte is a formal verification system developed by Intel’s Strategic CAD Labs for applications in hardware design and verification. Forte integrates model checking and theorem proving within a functional programming language, which both serves as an extensible specification language and allows the system to be scripted and customized. The latest version of this language, called reFLect, has quotation and antiquotation constructs that build and decompose expressions in the language itself. This provides combination of pattern-matching and reflection features tailored especially for the Forte approach to verification. This short paper is an abstract of an invited presentation given at the International Conference on Integrated Formal Methods in 2004, in which the philosophy and architecture of the Forte system are described and an account is given of the role of reFLect in the system. 1 The Forte Verification Environment Forte [17] is a formal verification environment that has been very effective on

Existing meta-programming languages operate on encodings of programs as data. This paper presents a new meta-programming language, based on an untyped lambda calculus, in which structurally reflective programming is supported directly, without any encoding. The language features call-by-value and call-by-name lambda abstractions, as well as novel reflective features enabling the intensional manipulation of arbitrary program terms. The language is scope safe, in the sense that variables can neither be captured nor escape their scopes. The expressiveness of the language is demonstrated by showing how to implement quotation and evaluation operations, as proposed by Wand. The language’s utility for meta-programming is further demonstrated through additional representative examples. A prototype implementation is described and evaluated.

rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem prover. Our runtime consists of 7,500 lines of machine code and is able to complete a 4 gigabyte Milawa proof effort. When our runtime is used to carry out Milawa proofs, less unverified code must be trusted than with any other theorem prover. Our runtime includes a just-in-time compiler, a copying garbage collector, a parser and a printer, all of which are HOL4-verified down to the concrete x86 code. We make heavy use of our previously developed tools for machine-code verification. This work demonstrates that our approach to machine-code verification scales to non-trivial applications. 1

To my parents, Henry and Karen Reeber, and my fiancée, Carrie Pankrast, for all their love, guidance, and support. Acknowledgments Most of all, I would like to thank my thesis advisor, Warren Hunt. Warren always has the amazing ability to give me what I need, before I even ask for it. Furthermore, Warren has been a source of constant encouragement and guidance, without which I never would have started this dissertation, let alone completed it. I would also like to thank the rest of my dissertation committee, Allen Emerson, Steve Keckler, J Moore, and Anna Slobodova, for all the time and energy they spent re-viewing my research and for their great feedback both on the dissertation itself and the earlier dissertation proposal. Anna in particular provided me with copious notes that have significantly improved the quality of this dissertation. Thanks also to Sandip Ray, Simha Sethumadhavan, and Jun Sawada for providing excellent feedback on portions of this dis-sertation. A number of professors at the University of Texas have influenced my work. My

this paper applications of reflection in rewriting logic and Maude to the following areas: