Deduction-based software component retrieval uses preand postconditions as indexes and search keys and an automated theorem prover (ATP) to check whether a component matches. This idea is very simple but the vast number of arising proof tasks makes a practical implementation very hard. We thus pass the components through a chain of filters of increasing deductive power. In this chain, rejection filters based on signature matching and model checking techniques are used to rule out non-matches as early as possible and to prevent the subsequent ATP from "drowning." Hence, intermediate results of reasonable precision are available at (almost) any time of the retrieval process. The final ATP step then works as a confirmation filter to lift the precision of the answer set. We implemented a chain which runs fully automatically and uses MACE for model checking and the automated prover SETHEO as confirmation filter. We evaluated the system over a medium-sized collection of components. The resul...

In verification of finite domain models (model checking) counterexamples help the user to identify, why a proof attempt has failed. In this paper we present an approach to construct counterexamples for first-order goals over infinite data types, which are defined by algebraic specifications. The approach avoids the implementation of a new calculus, by integrating counterexample search with the interactive theorem proving strategy. The paper demonstrates, that this integrations requires only a few modifications to the theorem proving strategy. 1

Abstract. In this contribution we present a variant of a resolution theorem prover which selects resolution steps based on the proportion of models a newly generated clause satisfies compared to all models given in a reference class. This reference class is generated from a subset of the initial clause set. Since the empty clause does not satisfy any models, preference is given to such clauses which satisfy few models only. Because computing the number of models is computationally expensive on the one hand, but will remain almost unchanged after the application of one single resolution step on the other hand, we adapt Kowalski’s connection graph method to store the number of models at each link. 1

We study weakenings of associativity which imply that a quasigroup is a loop. In particular, these weakenings include each of Fenyves' "Extra" loop axioms. x1. Introduction. A quasigroup is a system (G; \Delta) such that G is a non-empty set and \Delta is a binary function on G satisfying 8xz9!y(xy = z) and 8yz9!x(xy = z). A loop is a quasigroup which has an identity element, 1, satisfying 8x(x1 = 1x = x). See the books [1, 2, 9] for background and references to earlier literature. A group is, by definition, an associative loop. As is well-known, every quasigroup satisfying the associative law has an identity element, and is hence a group. In this paper we consider weakenings of associativity which also imply that a quasigroup is a loop, even though many of these weakenings do not imply the full associative law. For example, consider the four Moufang identities: M1 : (x(yz))x = (xy)(zx) M2 : (xz)(yx) = x((zy)x) N1 : ((xy)z)y = x(y(zy)) N2 : ((yz)y)x = y(z(yx)) As usual, equations wri...

We argue that the detection and refutation of non-theorems, and the discovery of appropriate counterexamples, is of vital importance to the Grand Challenge of a Program Verifier.

Introduction Model generators play an increasing role in automated theorem proving. The reasons range from the recognition of ill-formulated problems or the suggestion of lemmas to semantically driven strategies. The arguments in favor of a model generator hold for a first-order logic as well as for a higher-order logic. The main problem of efficient model finding can be seen in the complexity of the search space. This problem will drastically increase if we try to transfer the standard methods to higher-order logic. If you have n elements in a first-order universe D ' of individuals you will have n n functions in D ('!') , the universe for the unary functions, which have to be searched heuristically. For the theorem proving in higher-order logic there are three main approaches: first build higher-order theorem provers, second use an axiomatic set theory and

Attempts to use finite models to guide the search for proofs by resolution and the like in first order logic all suffer from the need to trade off the expense of generating and maintaining models against the improvement in quality of guidance as investment in the semantic aspect of the reasoning is increased. Previous attempts to resolve this tradeoff have resulted either in poor selection of models, or in fragility as the search becomes over-sensitive to the order of clauses, or in extreme slowness. Here we present a fresh approach, whereby most of the clauses for which a model is sought are treated as soft constraints. The result is a partial model of all the clauses rather than an exact model of only a subset of them. This allows our system to combine the speed of maintaining just a single model with the robustness previously requiring multiple models. We present experimental evidence of benefits over a range of first order problem domains.

Proof planning is an application of AI-planning in mathematical domains. The planning operators, called methods, encode proving steps. One of the strength of proof planning comes from the usage of mathematical knowledge that heuristically restricts the search space. Semantically guided proof planning takes a different perspective and uses semantic information as search control heuristics. In this report we describe the realisation of semantically guided proof planning in the framework of the Ωmega system. We realised a module that answers queries from Multi, a multi-strategy proof planner of Ωmega, whether a concrete method application is suitable with respect to the semantic information as well as how promising the method application is. Provided with this information Multi rejects unsuitable method applications and prefers the most promising ones.