## A proof-producing decision procedure for real arithmetic (2005)

### Cached

### Download Links

- [www.cl.cam.ac.uk]
- [apache2.risc.uni-linz.ac.at]
- DBLP

### Other Repositories/Bibliography

Venue: | Automated deduction – CADE-20. 20th international conference on automated deduction |

Citations: | 24 - 3 self |

### BibTeX

@INPROCEEDINGS{Mclaughlin05aproof-producing,

author = {Sean Mclaughlin and John Harrison},

title = {A proof-producing decision procedure for real arithmetic},

booktitle = {Automated deduction – CADE-20. 20th international conference on automated deduction},

year = {2005},

pages = {295--314},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. We present a fully proof-producing implementation of a quantifier elimination procedure for real closed fields. To our knowledge, this is the first generally useful proof-producing implementation of such an algorithm. While many problems within the domain are intractable, we demonstrate convincing examples of its value in interactive theorem proving. 1 Overview and related work Arguably the first automated theorem prover ever written was for a theory of linear arithmetic [8]. Nowadays many theorem proving systems, even those normally classified as ‘interactive ’ rather than ‘automatic’, contain procedures to automate routine arithmetical reasoning over some of the supported number systems like N, Z, Q, R and C. Experience shows that such automated support is invaluable in relieving users of what would otherwise be tedious low-level proofs. We can identify several very common limitations of such procedures: – Often they are restricted to proving purely universal formulas rather than dealing with arbitrary quantifier structure and performing general quantifier elimination.

### Citations

1592 |
1963] Linear partial differential equations
- HÖRMANDER
(Show Context)
Citation Context ...ely simple but rather inefficient, algorithm is also given in [19] (see [9] for a more leisurely description). Another even simpler but generally rather more efficient algorithm is given by Hörmander =-=[17]-=- based on an unpublished manuscript by Paul Cohen 2 (see also [10, 3] and a closely related algorithm due to Muchnik [26, 22]). It was this algorithm that we chose to implement. 2.4 Fully-expansive de... |

1099 | Proof-carrying code
- Necula
- 1997
(Show Context)
Citation Context ...gain, and has so far only been applied to relatively simple algorithms. Moreover, it is of no help if one wants an independently checkable proof for other reasons, e.g. for use in proof-carrying code =-=[23]-=-. Even discounting the greater implementation difficulty of a proof-producing decision procedure, what about the cost in efficiency of producing a proof? In many cases of practical interest, neither t... |

565 |
A decision method for elementary algebra and geometry
- Tarski
- 1951
(Show Context)
Citation Context ...ons, this is not a high priority. 2.3 Quantifier elimination for the reals A decision procedure for the theory of real closed fields, based on quantifier elimination, was first demonstrated by Tarski =-=[30]-=- 1 . However, Tarski’s procedure, a generalization of the classical technique due to Sturm [29] for finding the number of real roots of a univariate polynomial, was both difficult to understand and hi... |

502 |
Introduction to HOL: A Theorem Proving Environment for Higher Order Logic
- Gordon, Melham
- 1993
(Show Context)
Citation Context ...on, multiplication and the usual equality and inequality predicates. In this paper we describe the implementation of such a procedure in the HOL Light theorem prover [14], a recent incarnation of HOL =-=[11]-=-. It is in principle complete, and can handle arbitrary quantifier structure and nonlinear reasoning. For example it is able to prove the criterion for a quadratic equation to have a real root automat... |

371 |
iQuanti��er Elimination for Real Closed Fields by Cylindrical Algebraic Decomposition,j
- Collins
- 1975
(Show Context)
Citation Context ...lly: ∀a b c. (∃x. ax 2 + bx + c = 0) ⇔ a = 0 ∧ (b = 0 ⇒ c = 0) ∨ a �= 0 ∧ b 2 ≥ 4ac Similar — and indeed more powerful — algorithms have been implemented before, the first apparently being by Collins =-=[7]-=-. However, our algorithm has the special feature that it is integrated into the HOL Light prover and rather than merely asserting the answer it proves it from logical first principles. The second auth... |

222 | Semidefinite programming relaxations for semialgebraic problems
- Parrilo
(Show Context)
Citation Context ...ore ‘arithmetical’ vein, the second author has recently been experimenting with a technique based on real Nullstellensatz certificates to deal with the universal subset of the present theory of reals =-=[24]-=-. This involves a computationally expensive search using a separate semidefinite programming package, but this search usually results in a compact certificate which needs only a few straightforward in... |

205 |
CVC Lite: A new implementation of the cooperating validity checker
- Barrett, Berezin
- 2004
(Show Context)
Citation Context ...ould be translated to another theorem prover such as Isabelle [25]. Finally, there is the potential to use this procedure in a fully automated combined decision procedure environment such as CVC-Lite =-=[1]-=-. We have not explored these lines of research in any detail. 7 Conclusion It is difficult to foresee the practical benefits of using general decision procedures such as this one in the field of inter... |

163 |
Isabelle: A Generic Theorem Prover, volume 828 of LNCS
- Paulson
- 1994
(Show Context)
Citation Context ...t this gap can be significantly narrowed. One interesting continuation of the current work would be to see how easily our implementation could be translated to another theorem prover such as Isabelle =-=[25]-=-. Finally, there is the potential to use this procedure in a fully automated combined decision procedure environment such as CVC-Lite [1]. We have not explored these lines of research in any detail. 7... |

90 |
A New Decision Method for Elementary Algebra
- Seidenberg
- 1954
(Show Context)
Citation Context ...dure in 1930, but it remained unpublished for many years afterwards.spractice. Many alternative decision methods were subsequently proposed; two that are significantly simpler were given by Seidenberg=-=[27]-=- and Cohen[6]. Perhaps the most efficient general algorithm currently known, and the first actually to be implemented on a computer, is the Cylindrical Algebraic Decomposition (CAD) method introduced ... |

87 |
Edinburgh LCF: A Mechanised Logic
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ...due to Muchnik [26, 22]). It was this algorithm that we chose to implement. 2.4 Fully-expansive decision procedures Theorem provers like HOL Light belong to the tradition established in Edinburgh LCF =-=[12]-=-, where all theorems must be produced by application of simple primitive logical rules, though arbitrary programmability can be used to compose them. Thus, we need a procedure that does not simply ass... |

86 | Theorem Proving with the Real Numbers
- Harrison
- 1998
(Show Context)
Citation Context ... prover and rather than merely asserting the answer it proves it from logical first principles. The second author has previously implemented another algorithm for this subset in proof-producing style =-=[15]-=- but the algorithm was so inefficient that it never managed to eliminate two nested quantifiers and has not been useful in practice. The closest previous work is by Mahboubi and Pottier in Coq [21], w... |

68 | HOL Light: A tutorial introduction
- Harrison
- 1996
(Show Context)
Citation Context ...der formulas built up using addition, multiplication and the usual equality and inequality predicates. In this paper we describe the implementation of such a procedure in the HOL Light theorem prover =-=[14]-=-, a recent incarnation of HOL [11]. It is in principle complete, and can handle arbitrary quantifier structure and nonlinear reasoning. For example it is able to prove the criterion for a quadratic eq... |

63 | Quantifier Elimination and Cylindrical Algebraic Decomposition. ser. Texts and mographs in symbolic computation - Caviness, Johnson, et al. - 1998 |

55 | Metatheory and Reflection in Theorem Proving: A Survey and Critique,Technical Report CRC-053
- Harrison
- 1995
(Show Context)
Citation Context ...der than simply writing a standalone ‘black box’ that returns an answer. However, if we want to really be sure about correctness, the only other obvious alternative, often loosely called ‘reflection’ =-=[13]-=-, is to formally prove a standalone implementation correct. This is generally far more difficult again, and has so far only been applied to relatively simple algorithms. Moreover, it is of no help if ... |

49 |
Decision procedures for real and p-adic fields
- Cohen
- 1969
(Show Context)
Citation Context ...but it remained unpublished for many years afterwards.spractice. Many alternative decision methods were subsequently proposed; two that are significantly simpler were given by Seidenberg[27] and Cohen=-=[6]-=-. Perhaps the most efficient general algorithm currently known, and the first actually to be implemented on a computer, is the Cylindrical Algebraic Decomposition (CAD) method introduced by Collins[7]... |

42 | Quantifier elimination for real algebra - the quadratic case and beyond
- Weispfenning
- 1993
(Show Context)
Citation Context ...e inefficient general sign-matrix process even when such obvious simplifications could be made.) Slightly more complicated methods can yield very good results for low-degree equations like quadratics =-=[32]-=-. More generally, even more complicated higher-degree equations can be used to substitute, and we can even try to factor. For example, consider the assertion that the logistic map x ↦→ rx(1 − x) has a... |

32 |
Real algebraic geometry, volume 36 of Ergebnisse der Mathematik und ihrer Grenzgebiete (3
- Bochnak, Coste, et al.
- 1998
(Show Context)
Citation Context ... (see [9] for a more leisurely description). Another even simpler but generally rather more efficient algorithm is given by Hörmander [17] based on an unpublished manuscript by Paul Cohen 2 (see also =-=[10, 3]-=- and a closely related algorithm due to Muchnik [26, 22]). It was this algorithm that we chose to implement. 2.4 Fully-expansive decision procedures Theorem provers like HOL Light belong to the tradit... |

23 | Efficiency in a Fully-Expansive Theorem Prover
- Boulton
- 1993
(Show Context)
Citation Context ... – Many of the procedures are standalone decision algorithms that produce no certificate of correctness and do not produce a ‘proof’ in the usual sense. The earliest serious exception is described in =-=[4]-=-. Many of these restrictions are not so important in practice, since subproblems arising in interactive proof can still often be handled effectively. Indeed, sometimes the restrictions are unavoidable... |

18 |
Program result checking: A new approach to making programs more reliable
- Blum
- 1993
(Show Context)
Citation Context ...e. The first convincing example seems to have been [20], where a pretty standard first-order prover is used to search for a proof, which when eventually found, is translated into HOL inferences. Blum =-=[2]-=- generalizes such observations beyond the realm of theorem proving, by observing that in many situations, having an algorithm produce an easily checkable certificate is an effective way of ensuring re... |

16 |
Elements of mathematical logic: Model Theory
- Kreisel, Krivine
- 1971
(Show Context)
Citation Context ...procedure, and also shows that such a theory T is complete, i.e. every closed formula can be proved or refuted from T . For a good discussion of quantifier elimination and many explicit examples, see =-=[19]-=-. 2.2 Real-closed fields We consider a decision procedure for the theory of real arithmetic with addition and multiplication. While we will mainly be interested in the real numbers R, the same procedu... |

13 |
A Computer Program for Presburger’s Algorithm. In: Summary of talks presented at the
- Davis
- 1957
(Show Context)
Citation Context ...demonstrate convincing examples of its value in interactive theorem proving. 1 Overview and related work Arguably the first automated theorem prover ever written was for a theory of linear arithmetic =-=[8]-=-. Nowadays many theorem proving systems, even those normally classified as ‘interactive’ rather than ‘automatic’, contain procedures to automate routine arithmetical reasoning over some of the support... |

13 | Integrating a first-order automatic prover in the HOL environment
- Kumar, Kropf, et al.
- 1991
(Show Context)
Citation Context ...ficate that can then be checked by the theorem prover. Since inference only needs to enter into the second phase, the overall slowdown is not so large. The first convincing example seems to have been =-=[20]-=-, where a pretty standard first-order prover is used to search for a proof, which when eventually found, is translated into HOL inferences. Blum [2] generalizes such observations beyond the realm of t... |

11 | Linear and nonlinear arithmetic in ACL2
- Hunt, Krug, et al.
- 2003
(Show Context)
Citation Context ...erently on divisibility properties (e.g. ∀x y ∈ Z. 2x + 1 �= 2y) – They seldom handle non-trivial nonlinear reasoning, even in such simple cases as ∀x y ∈ R. x > 0 ∧ y > 0 ⇒ xy > 0, and those that do =-=[18]-=- tend to use heuristics rather than systematic complete methods. – Many of the procedures are standalone decision algorithms that produce no certificate of correctness and do not produce a ‘proof’ in ... |

8 | Complex quantifier elimination in HOL
- Harrison
(Show Context)
Citation Context ...midecision procedure for nonlinear reasoning oversthe integers. At the other end of the tower of number systems, one of the few implementations that has none of the above restrictions is described in =-=[16]-=-, but that is for the complex numbers where quantifier elimination is particularly easy. Over the real numbers, there are algorithms that can in principle perform quantifier elimination from arbitrary... |

6 |
The complexity of deciding consistency of systems of polynomial in exponent inequalities
- Vorobjov
- 1992
(Show Context)
Citation Context ...acteristic example of the difference in effort required.s5 Results It is well-known that quantifier elimination for the reals is in general computationally intractable, both in theoretical complexity =-=[31]-=- and in the limited success on real applications. So we cannot start with high expectations of routinely solving really interesting problems. This applies with all the more force since proof productio... |

4 |
Elimination des quantificateurs sur les réels en Coq
- Mahboubi, Pottier
- 2002
(Show Context)
Citation Context ...le [15] but the algorithm was so inefficient that it never managed to eliminate two nested quantifiers and has not been useful in practice. The closest previous work is by Mahboubi and Pottier in Coq =-=[21]-=-, who implemented precisely the same algorithm as us — in fact we originally learned of the algorithm itself via Pottier. However, while it appeared to reach a reasonable stage of development, this pr... |

2 |
Foundations of Mathematics: Questions of Analysis, Geometry and Algorithmics
- Engeler
- 1993
(Show Context)
Citation Context ...lly to be implemented on a computer, is the Cylindrical Algebraic Decomposition (CAD) method introduced by Collins[7]. A relatively simple but rather inefficient, algorithm is also given in [19] (see =-=[9]-=- for a more leisurely description). Another even simpler but generally rather more efficient algorithm is given by Hörmander [17] based on an unpublished manuscript by Paul Cohen 2 (see also [10, 3] a... |

2 |
Some Points of Analysis and Their History, volume 11
- G˚arding
- 1997
(Show Context)
Citation Context ... (see [9] for a more leisurely description). Another even simpler but generally rather more efficient algorithm is given by Hörmander [17] based on an unpublished manuscript by Paul Cohen 2 (see also =-=[10, 3]-=- and a closely related algorithm due to Muchnik [26, 22]). It was this algorithm that we chose to implement. 2.4 Fully-expansive decision procedures Theorem provers like HOL Light belong to the tradit... |

2 |
Quantifier elimination following Muchnik, Université de Mons-Hainaut, Institute de
- Michaux, Ozturk
- 1985
(Show Context)
Citation Context ...en simpler but generally rather more efficient algorithm is given by Hörmander [17] based on an unpublished manuscript by Paul Cohen 2 (see also [10, 3] and a closely related algorithm due to Muchnik =-=[26, 22]-=-). It was this algorithm that we chose to implement. 2.4 Fully-expansive decision procedures Theorem provers like HOL Light belong to the tradition established in Edinburgh LCF [12], where all theorem... |

1 |
Muchnik’s proof of Tarski-Seidenberg. Notes available from http://www.math.ohio-state.edu/ schoutens/PDF/Muchnik.pdf
- Schoutens
- 2001
(Show Context)
Citation Context ...en simpler but generally rather more efficient algorithm is given by Hörmander [17] based on an unpublished manuscript by Paul Cohen 2 (see also [10, 3] and a closely related algorithm due to Muchnik =-=[26, 22]-=-). It was this algorithm that we chose to implement. 2.4 Fully-expansive decision procedures Theorem provers like HOL Light belong to the tradition established in Edinburgh LCF [12], where all theorem... |

1 |
Mémoire sue la résolution des équations numériques. Mémoire des Savants Etrangers
- Sturm
(Show Context)
Citation Context ... for the theory of real closed fields, based on quantifier elimination, was first demonstrated by Tarski [30] 1 . However, Tarski’s procedure, a generalization of the classical technique due to Sturm =-=[29]-=- for finding the number of real roots of a univariate polynomial, was both difficult to understand and highly inefficient in 1 Tarski actually discovered the procedure in 1930, but it remained unpubli... |