## Improving Coq Propositional Reasoning Using a Lazy CNF Conversion Scheme

Citations: | 7 - 0 self |

### BibTeX

@MISC{Lescuyer_improvingcoq,

author = {Stéphane Lescuyer and Sylvain Conchon},

title = {Improving Coq Propositional Reasoning Using a Lazy CNF Conversion Scheme},

year = {}

}

### OpenURL

### Abstract

Abstract. In an attempt to improve automation capabilities in the Coq proof assistant, we develop a tactic for the propositional fragment based on the DPLL procedure. Although formulas naturally arising in interactive proofs do not require a state-of-the-art SAT solver, the conversion to clausal form required by DPLL strongly damages the performance of the procedure. In this paper, we present a reflexive DPLL algorithm formalized in Coq which outperforms the existing tactics. It is tightly coupled with a lazy CNF conversion scheme which, unlike Tseitin-style approaches, does not disrupt the procedure. This conversion relies on a lazy mechanism which requires slight adaptations of the original DPLL. As far as we know, this is the first formal proof of this mechanism and its Coq implementation raises interesting challenges. 1

### Citations

1192 | Chaff: engineering an efficient sat solver
- Moskewicz, Madigan, et al.
- 2001
(Show Context)
Citation Context ...nteractive prover in order to reconstruct a suitable proof object from the output of the external tool. For instance, Weber and Amjad [28] have successfully integrated two leading SAT solvers, zChaff =-=[23]-=- and MiniSat [18], with Higher Order Logic theorem provers. Integrations of resolution-based provers have also been realized in Coq [1,2] and Isabelle [22]. This approach’s main advantage is the abili... |

1113 |
A computing procedure for quantification theory
- Davis, Putnam
- 1960
(Show Context)
Citation Context ...w a DPLL procedure can be adapted to deal with literals that represent arbitrary formulas. We start by recalling a formalization of the basic DPLL procedure. 3.1 Basic Modular DPLL The DPLL procedure =-=[11,10]-=-, named after its inventors Davis, Putnam, Logemann and Loveland, is one of the oldest decision procedures for the problemof checking the satisfiability of a propositional formula. DPLL deals with CN... |

562 |
A machine program for theorem-proving
- Davis, Logemann, et al.
- 1962
(Show Context)
Citation Context ...w a DPLL procedure can be adapted to deal with literals that represent arbitrary formulas. We start by recalling a formalization of the basic DPLL procedure. 3.1 Basic Modular DPLL The DPLL procedure =-=[11,10]-=-, named after its inventors Davis, Putnam, Logemann and Loveland, is one of the oldest decision procedures for the problemof checking the satisfiability of a propositional formula. DPLL deals with CN... |

503 |
An extensible SAT-solver
- Eén, Sörensson
- 2003
(Show Context)
Citation Context ... in order to reconstruct a suitable proof object from the output of the external tool. For instance, Weber and Amjad [28] have successfully integrated two leading SAT solvers, zChaff [23] and MiniSat =-=[18]-=-, with Higher Order Logic theorem provers. Integrations of resolution-based provers have also been realized in Coq [1,2] and Isabelle [22]. This approach’s main advantage is the ability to use a very ... |

472 | The Omega test: A fast and practical integer programming algorithm for dependence analysis
- Pugh
- 1991
(Show Context)
Citation Context ...ach is to implement one’s own decision procedure in the sources of the interactive prover. It is actually the one being used for most of Coq’s automation tactics, including tauto by Muñoz [16], omega =-=[26]-=- by Crégut and congruence by Corbineau [9]. This approach is not as optimized as a mature external tool, but can be specifically designed for the prover in order to have a more efficient proof constru... |

379 | Simplify: a Theorem Prover for Program Checking
- Detlefs, Nelson, et al.
- 2003
(Show Context)
Citation Context ...e whole system since it can transform a rather easy problem into one that is much too hard for our decision procedure. A possible solutionis to rely on a lazy conversion mechanism such as Simplify’s =-=[15]-=-. Because this mechanism must be tightly coupled to the decision procedure, this rules out the use of an external tool and leads us to an approach of proof by reflection. In this paper, we present a r... |

310 |
On the complexity of derivation in propositional calculus
- Tseitin
- 1968
(Show Context)
Citation Context ...s well-known that the resulting formula can be exponentially bigger than the original. 2. Another techniquě that avoids the exponential blow-up of the naive conversion is to use Tseitin’s conversion =-=[27]-=-. It adds intermediate variables for subformulas and definitional clauses for these variables such that the size ofthe resulting CNF formula is linear in the size of the input. On the A∨(B∧C) formula... |

193 |
A structure-preserving clause form translation
- Plaisted, Greenbaum
- 1986
(Show Context)
Citation Context ...( ¯ X ∨C)∧(X ∨ ¯ B ∨ ¯ C) where X is a new variable. 3. A refinement of the previous techniquě is to first convert the formula to negation normal form and use Plaisted and Greenbaum’s CNF conversion =-=[25]-=- to add half as many definitional clauses for the Tseitin variables. In the above example, the resulting formula is (A ∨ X) ∧ ( ¯ X ∨ B) ∧ ( ¯ X ∨ C). The Need for Another CNF Conversion. The CNF conv... |

139 |
Contraction-free sequent calculi for intuitionistic logic
- Dyckhoff
- 1992
(Show Context)
Citation Context ...nother approach is to implement one’s own decision procedure in the sources of the interactive prover. It is actually the one being used for most of Coq’s automation tactics, including tauto by Muñoz =-=[16]-=-, omega [26] by Crégut and congruence by Corbineau [9]. This approach is not as optimized as a mature external tool, but can be specifically designed for the prover in order to have a more efficient p... |

94 | Computing Small Clause Normal Forms
- Weidenbach, Nonnengart
- 2001
(Show Context)
Citation Context ...instance, Plaisted and Greenbaum’s method was originally intended to preserve the structure of formulas, but in order to do so requires that equal subformulas be shared. Other optimization techniques =-=[24,12]-=- are based on renaming parts of the subformula to increase the potential sharing. However, it is hard to implement such methods efficiently as a Coq function, ie. in a pure applicative setting with st... |

50 | Using reflection to build efficient and certified decision procedures
- Boutin
- 1997
(Show Context)
Citation Context ...ot as optimized as a mature external tool, but can be specifically designed for the prover in order to have a more efficient proof construction. The last approach is the so-called proof by reflection =-=[3]-=- and is summarized in Fig. 1. It consists in implementing the decision procedure directly as a function in the prover’s logic, along with its correctness properties. If a formula Φ can be reified into... |

40 | Efficient E-matching for SMT solvers
- Moura, Bjørner
- 2007
(Show Context)
Citation Context ...ant can not only cause the DPLL procedure to perform many useless splits, but they also add ground terms that can be used to generate instances of lemmas. De Moura and Bjorner report on this issue in =-=[13]-=-, where they use a notion of relevancy in order to only consider definitional clauses at the right time. Lazy CNF conversion is a solution to this issue, and it is the method we currently use in our o... |

29 | Automation for interactive proof: First prototype
- Meng, Quigley, et al.
- 2005
(Show Context)
Citation Context ...y integrated two leading SAT solvers, zChaff [23] and MiniSat [18], with Higher Order Logic theorem provers. Integrations of resolution-based provers have also been realized in Coq [1,2] and Isabelle =-=[22]-=-. This approach’s main advantage is the ability to use a very efficient external tool. Another approach is to implement one’s own decision procedure in the sources of the interactive prover. It is act... |

28 | Proving equalities in a commutative ring done right in Coq
- Grégoire, Mahboubi
- 2005
(Show Context)
Citation Context ...lection Soundness lemma ∀f. DPLL f = UNSAT → ¬�f� UNSAT SAT Counter Model Fig.1. An overview of our reflexive tactic soundness theorem and executing the procedure on f. For instance, the tactics ring =-=[20]-=- and field [14], which respectively solve expressions on ring and field structures, are built along this reflection mechanism. The main advantage of the reflexive approach is the size of the generated... |

19 | Certification of automated termination proofs
- Contejean, Courtieu, et al.
- 2007
(Show Context)
Citation Context ... much harder since all implicit steps must be implemented in the proof assistant, for instance using reflection. Looking for an intermediate approach, Corbineau and Contejean [6] and Contejean et al. =-=[7]-=- proposed integrations mixing traces and reflection. Our project of integrating an SMT solver in Coq follows this mixed approach, giving a more prominent role to reflection. Indeed, we are especially ... |

16 | de Nivelle, H.: Automated proof construction in type theory using resolution
- Bezem, Hendriks
- 2002
(Show Context)
Citation Context ...8] have successfully integrated two leading SAT solvers, zChaff [23] and MiniSat [18], with Higher Order Logic theorem provers. Integrations of resolution-based provers have also been realized in Coq =-=[1,2]-=- and Isabelle [22]. This approach’s main advantage is the ability to use a very efficient external tool. Another approach is to implement one’s own decision procedure in the sources of the interactive... |

13 |
Field: une procédure de décision pour les nombres réels en Coq
- Delahaye, Mayero
- 2001
(Show Context)
Citation Context ...ss lemma ∀f. DPLL f = UNSAT → ¬�f� UNSAT SAT Counter Model Fig.1. An overview of our reflexive tactic soundness theorem and executing the procedure on f. For instance, the tactics ring [20] and field =-=[14]-=-, which respectively solve expressions on ring and field structures, are built along this reflection mechanism. The main advantage of the reflexive approach is the size of the generated proof term, wh... |

13 |
H.: Efficiently checking propositional refutations in HOL theorem provers
- Weber, Amjad
- 2009
(Show Context)
Citation Context ... proof traces of its proof search. Work must then be done in the interactive prover in order to reconstruct a suitable proof object from the output of the external tool. For instance, Weber and Amjad =-=[28]-=- have successfully integrated two leading SAT solvers, zChaff [23] and MiniSat [18], with Higher Order Logic theorem provers. Integrations of resolution-based provers have also been realized in Coq [1... |

11 |
Implementing Modules in the Coq System
- Chrzaszcz
- 2003
(Show Context)
Citation Context ... an empty context ∅ ⊢ F, this means that the whole tree has been explored and that the formula F is unsatisfiable. In Coq, we can implement this formalization in a modular way using the module system =-=[4]-=-. The DPLL procedure can be implemented as a functor parameterized by a module for literals. Such a module for literals contains a type equipped with a negation function, comparisons, and various prop... |

11 | Type-safe modular hash-consing
- Filliâtre, Conchon
- 2006
(Show Context)
Citation Context ...formulas to be structurally shared which can give a big performance boost to the procedure. Moreover, in standard programming languages, proxies can be compared in constant time by using hash-consing =-=[19]-=-, which removes the main cost of using lazy literals. Lazy literals also provide a solution to a problem that is specific to SMT solvers : definitional clauses due to Tseitin-style variables appearing... |

10 | P.: Reflecting proofs in first-order logic with equality
- Contejean, Corbineau
- 2005
(Show Context)
Citation Context ...make proof reconstruction much harder since all implicit steps must be implemented in the proof assistant, for instance using reflection. Looking for an intermediate approach, Corbineau and Contejean =-=[6]-=- and Contejean et al. [7] proposed integrations mixing traces and reflection. Our project of integrating an SMT solver in Coq follows this mixed approach, giving a more prominent role to reflection. I... |

2 |
de la Tour. Minimizing the number of clauses by renaming
- B
- 1990
(Show Context)
Citation Context ...instance, Plaisted and Greenbaum’s method was originally intended to preserve the structure of formulas, but in order to do so requires that equal subformulas be shared. Other optimization techniques =-=[24,12]-=- are based on renaming parts of the subformula to increase the potential sharing. However, it is hard to implement such methods efficiently as a Coq function, ie. in a pure applicative setting with st... |

1 |
The Alt-Ergo Prover. http://alt-ergo.lri.fr
- Conchon, Contejean
(Show Context)
Citation Context ...ndeed, we are especially interested in proving proof obligations from program verification, similar to AUFLIA and AUFLIRA divisions of the SMT competition. Our experience with our own proverAlt-Ergo =-=[5]-=- is that these formulas’ difficulty lies more in finding the pertinent hypotheses and lemmas’ instances than in their propositional structure or the theory reasoning involved in their proofs. Conseque... |

1 | Deciding equality in the constructor theory
- Corbineau
- 2006
(Show Context)
Citation Context ...edure in the sources of the interactive prover. It is actually the one being used for most of Coq’s automation tactics, including tauto by Muñoz [16], omega [26] by Crégut and congruence by Corbineau =-=[9]-=-. This approach is not as optimized as a mature external tool, but can be specifically designed for the prover in order to have a more efficient proof construction. The last approach is the so-called ... |

1 |
Some benchmark formulae for intuitionistic propositional logic
- Dyckhoff
- 1997
(Show Context)
Citation Context ...ion methods. Timings are given in seconds and – denote time-outs (>120s). We benchmarked our tactic and the different CNF conversion methods on valid and unsatisfiable formulaš described by Dyckhoff =-=[17]-=- ; for instance holen stands for the pigeon-hole formula with n holes. We used two extra special formulas in order to test sharing of subformulas : partage is the formula hole3 ∧ ¬hole3, while partage... |

1 |
A Reflexive Formalization of a
- Lescuyer, Conchon
- 2008
(Show Context)
Citation Context ...is CNF conversion can yield really big proof terms on average-sized formulas and it even ends up taking much longer than the proof search itself — we experimented it in earlier versions of our system =-=[21]-=-. Performing the CNF conversion on the abstract side, however, can be summarized in the following way: – we implement a function conversion : formula → formula that transforms an abstract formula as w... |