One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an approach will never be efficient enough for large, complex proofs. One alternative, commonly called reflection, is to analyze proofs using a second layer of logic, a metalogic, and so justify abbreviating or simplifying proofs, making the kinds of shortcuts humans often do or appealing to specialized decision algorithms. In this paper we contrast the fully-expansive LCF approach with the use of reflection. We put forward arguments to suggest that the inadequacy of the LCF approach has not been adequately demonstrated, and neither has the practical utility of reflection (notwithstanding its undoubted intellectual interest). The LCF system with which we are most concerned is the HOL proof ...

It is generally accepted that in principle it’s possible to formalize completely almost all of present-day mathematics. The practicability of actually doing so is widely doubted, as is the value of the result. But in the computer age we believe that such formalization is possible and desirable. In contrast to the QED Manifesto however, we do not offer polemics in support of such a project. We merely try to place the formalization of mathematics in its historical perspective, as well as looking at existing praxis and identifying what we regard as the most interesting issues, theoretical and practical.

Abstract. We present a fully proof-producing implementation of a quantifierelimination procedure for real closed fields. To our knowledge, this is the first generally useful proof-producing implementation of such an algorithm. Whilemany problems within the domain are intractable, we demonstrate convincing examples of its value in interactive theorem proving. 1 Overview and related work Arguably the first automated theorem prover ever written was for a theory of lineararithmetic [8]. Nowadays many theorem proving systems, even those normally classified as `interactive ' rather than `automatic', contain procedures to automate routinearithmetical reasoning over some of the supported number systems like N, Z, Q, R and C. Experience shows that such automated support is invaluable in relieving users ofwhat would otherwise be tedious low-level proofs. We can identify several very common limitations of such procedures:- Often they are restricted to proving purely universal formulas rather than dealingwith arbitrary quantifier structure and performing general quantifier elimination.- Often they are not complete even for the supported class of formulas; in partic-ular procedures for the integers often fail on problems that depend inherently on divisibility properties (e.g. 8x y 2 Z. 2x + 1 6 = 2y)- They seldom handle non-trivial nonlinear reasoning, even in such simple cases as 8x y 2 R. x> 0 ^ y> 0) xy> 0, and those that do [18] tend to use heuristicsrather than systematic complete methods.- Many of the procedures are standalone decision algorithms that produce no certifi-cate of correctness and do not produce a `proof ' in the usual sense. The earliest serious exception is described in [4]. Many of these restrictions are not so important in practice, since subproblems aris-ing in interactive proof can still often be handled effectively. Indeed, sometimes the restrictions are unavoidable: Tarski's theorem on the undefinability of truth implies thatthere cannot even be a complete semidecision procedure for nonlinear reasoning over

We present a new approach to automating the verification of hardware designs based on planning techniques. A database of methods is developed that combines tactics, which construct proofs, using specifications of their behaviour. Given a verification problem, a planner uses the method database to build automatically a specialised tactic to solve the given problem. User interaction is limited to specifying circuits and their properties and, in some cases, suggesting lemmas. We have implemented our work in an extension of the Clam proof planning system. We report on this and its application to verifying a variety of combinational and synchronous sequential circuits including a parameterised multiplier design and a simple computer microprocessor.

The HOL system is a mechanized proof assistant for higher order logic that has been under continuous development since the mid-1980s, by an ever-changing group of developers and external contributors. We give a brief overview of various implementations of the HOL logic before focusing on the evolution of certain important features available in a recent implementation. We also illustrate how the module system of Standard ML provided security and modularity in the construction of the HOL kernel, as well as serving in a separate capacity as a useful representation medium for persistent, hierarchical logical theories.

The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, aimed at teaching basic use of the system quickly by means of a graded set of examples. Some readers may find it easier to absorb; those who do not are referred after all to the standard manual. “Shouldn’t we read the instructions?”

Abstract. I describe the implementation of two complete decision procedures for integer Presburger arithmetic in the HOL theorem-proving system. The first procedure is Cooper’s algorithm, the second, the Omega Test. Between them, the algorithms illustrate three different implementation techniques in a fully expansive system. 1

Abstract. Building on a simple construction of the complex numbers and a proof of the Fundamental Theorem of Algebra, we implement, as a HOL derived inference rule, a decision method for the first order algebraic theory of C based on quantifier elimination. Although capable of solving some mildly interesting problems, we also implement a more efficient semidecision procedure for the universal fragment based on Gröbner bases. This is applied to examples including the automatic proof of some simple geometry theorems. The general and universal procedures present an interesting contrast in that the latter can exploit the finding-checking separation to achieve greater efficiency, though this feature is only partly exploited in the present implementation. 1

s and compressed postscript files are available via http://svrc.it.uq.edu.au Proof Representations in Theorem Provers Geoffrey Norman Watson Abstract This is a survey of some of the proof representations used by current theorem provers. The aim of the survey is to ascertain the range of mechanisms used to represent proofs and the purposes to which these representations are put. This is done within a simple framework. It examines both internal and external representations, although the focus is on representations that could be exported to an external proof checker. A number of examples from various provers are given in a series of appendices. 1 Contents 1 Introduction 3 2 Aim of the Survey 3 2.1 Why Construct Proofs . . . . . . . . . 3 2.2 Levels of Representation . . . . . . . . 4 3 Scope of the Survey 5 3.1 Ergo . . . . . . . . . . . . . . . . . . . 5 3.2 HOL . . . . . . . . . . . . . . . . . . 6 3.3 Isabelle . . . . . . . . . . . . . . . . . 7 3.4 Nuprl . . . . . . . . . . . ...

Interactive theorem proving provides a general approach to modeling and verification of both finite-state and infinite-state systems but requires significant human efforts to deal with many tedious proofs. On the other hand, modelchecking is limited to some application domain with small finite-state space. A natural thought for this problem is to integrate these two approaches. To keep the consistency of the integration and ensure the correctness of verification, we suggest to use type theory based theorem provers (e.g. Lego) as the platform for the integration and build a model-checker to do parts of the verification automatically. We formalise a verification system of both CCS and an imperative language in the proof development system Lego which can be used to verify both finite-state and infinite-state problems. Then a model-checker, LegoMC, is implemented to generate Lego proof terms for finite-state problems automatically. Therefore people can use Lego to verify a general problem ...