Introduction Proof planning [4] is an approach to theorem proving which encodes heuristics for constructing mathematical proofs in a meta-theory of methods. The Clam system, developed at Edinburgh [3], has been used for several years to develop proof planning, in particular proof plans for induction. It has become clear that many of the theorem-proving tasks that we would like to perform are naturally higher-order. For example, an important technique called middle-out reasoning [6] uses meta-variables to stand for some unknown objects in a proof, to be instantiated as the proof proceeds. Domains such as the synthesis and verification of software and hardware systems, and techniques such as proof critics [7], benefit greatly from such middle-out reasoning. Since in these domains the meta-variables often become instantiated with terms of function type, reasoning with them is naturally higher-order, and higher-order unification is a

. Humans have different problem solving strategies at their disposal and they can flexibly employ several strategies when solving a complex problem, whereas previous theorem proving and planning systems typically employ a single strategy or a hard coded combination of a few strategies. We introduce multi-strategy proof planning that allows for combining a number of strategies and for switching flexibly between strategies in a proof planning process. Thereby proof planning becomes more robust since it does not necessarily fail if one problem solving mechanism fails. Rather it can reason about preference of strategies and about failures. Moreover, our strategies provide a means for structuring the vast amount of knowledge such that the planner can cope with the otherwise overwhelming knowledge in mathematics. 1 Introduction The choice of an appropriate problem solving strategy is a crucial human skill and is typically guided by some meta-level reasoning. Trained mathematicia...

. Rippling is a type of rewriting developed for inductive theorem proving that uses annotations to direct search. Rippling has many desirable properties: for example, it is highly goal directed, usually involves little search, and always terminates. In this paper we give a new and more general formalization of rippling. We introduce a simple calculus for rewriting annotated terms, close in spirit to first-order rewriting, and prove that it has the formal properties desired of rippling. Next we develop criteria for proving the termination of such annotated rewriting, and introduce orders on annotated terms that lead to termination. In addition, we show how to make rippling more flexible by adapting the termination orders to the problem domain. Our work has practical as well as theoretical advantages: it has led to a very simple implementation of rippling that has been integrated in the Edinburgh CLAM system. Key words: Mathematical Induction, Inductive Theorem Proving, Term Rewriting. ...

We present the Ω-Ants theorem prover that is built on top of an agent-based command suggestion mechanism. The theorem prover inherits beneficial properties from the underlying suggestion mechanism such as run-time extendibility and resource adaptability. Moreover, it supports the distributed integration of external reasoning systems. We also introduce some notions that need to be considered to check completeness and soundness of such a system with respect to an underlying calculus.

This paper investigates analogy-driven proof plan construction in inductive theorem proving. We identify constraints of secondorder mappings that enable a replay of the plan of a source theorem to produce a similar plan for the target theorem. In some cases, differences between the source and target theorem mean that the target proof plan has to be reformulated. These reformulations are suggested by the mappings. The analogy procedure, implemented in ABALONE, is particularly useful for overriding the default control and suggesting lemmas. Employing analogy has extended the problem solving horizon of the proof planner CLAM : with analogy, some theorems could be proved that neither CLAM nor NQTHM could prove automatically.

Abstract. IsaPlanner is a generic framework for proof planning in the interactive theorem prover Isabelle. It facilitates the encoding of reasoning techniques, which can be used to conjecture and prove theorems automatically. This paper introduces our approach to proof planning, gives and overview of IsaPlanner, and presents one simple yet effective reasoning technique. 1

Test set induction is a goal-directed proof technique which combines the full power of explicit induction and proof by consistency. It works by computing an appropriate explicit induction scheme called a test set, to trigger the induction proof, and then applies a refutation principle using proof by consistency techniques. We present a general scheme for test set induction together with a simple soundness proof. Our method is based on new notions of test sets, induction variables, and provable inconsistency, which allow us to refute false conjectures even in the case where the functions are not completely deøned. We show how test sets can be computed when the constructors are not free, and give an algorithm for computing induction variables. Finally, we present a procedure for proof by test set induction which is refutationally complete for a larger class of specifications than has been shown in previous work. The method has been implemented in the prover SPIKE. Based on computer ex...

. We present a framework for automating the discovery of loop invariants based upon failed proof attempts. The discovery of suitable loop invariants represents a bottleneck for automatic verification of imperative programs. Using the proof planning framework we reconstruct standard heuristics for developing invariants. We relate these heuristics to the analysis of failed proof attempts allowing us to discover invariants through a process of refinement. 1 Introduction Loop invariants are a well understood technique for specifying the behaviour of programs involving loops. The discovery of suitable invariants, however, is a major bottleneck for automatic verification of imperative programs. Early research in this area [18, 24] exploited both theorem proving techniques as well as domain specific heuristics. However, the potential for interaction between these components was not fully exploited. The proof planning framework, in which we reconstruct the standard heuristics, couples ...

Introduction XBarnacle was built to meet the challenge of incorporating interactive features in the automated theorem prover CLAM whilst preserving the advantages of automation. Many people are not able to use theorem provers to their full strength. The aim of our research is to make semi-automated theorem proving a real possibility for a wide range of people -- from those primarily interested in formal specification, for whom proof is a chore, to developers of automated theorem proving systems themselves. We give an account of the advantages and limitations of the CLAM proof planning system, and describe how XBarnacle, a semi-automatic theorem prover, enhances the capabilities of CLAM. 2 The CLAM theorem prover 2.1 Proof planning CLAM [3] is based on the notion of proof planning [2]. LCF-style tactics -- examples are induction, gene

Abstract. We present an account of rippling with proof critics suitable for use in higher order logic in Isabelle/IsaPlanner. We treat issues not previously examined, in particular regarding the existence of multiple annotations during rippling. This results in an efficient mechanism for rippling that can conjecture and prove needed lemmas automatically as well as present the resulting proof plans as Isar style proof scripts. 1