Results 1  10
of
129
E  A Brainiac Theorem Prover
, 2002
"... We describe the superpositionbased theorem prover E. E is a sound and complete... ..."
Abstract

Cited by 176 (23 self)
 Add to MetaCart
We describe the superpositionbased theorem prover E. E is a sound and complete...
User Interaction with the Matita Proof Assistant
 J AUTOM REASONING (2007) 39:109–139
, 2007
"... Matita is a new, documentcentric, tacticbased interactive theorem prover. This paper focuses on some of the distinctive features of the user interaction with Matita, characterized mostly by the organization of the library as a searchable knowledge base, the emphasis on a highquality notational ..."
Abstract

Cited by 62 (17 self)
 Add to MetaCart
Matita is a new, documentcentric, tacticbased interactive theorem prover. This paper focuses on some of the distinctive features of the user interaction with Matita, characterized mostly by the organization of the library as a searchable knowledge base, the emphasis on a highquality notational rendering, and the complex interplay between syntax, presentation, and semantics.
Compiling and Verifying Security Protocols
, 2000
"... We propose a direct and fully automated translation from standard security protocol descriptions to rewrite rules. This compilation defines nonambiguous operational semantics for protocols and intruder behavior: they are rewrite systems executed by applying a variant of acnarrowing. The rewrite ru ..."
Abstract

Cited by 61 (7 self)
 Add to MetaCart
We propose a direct and fully automated translation from standard security protocol descriptions to rewrite rules. This compilation defines nonambiguous operational semantics for protocols and intruder behavior: they are rewrite systems executed by applying a variant of acnarrowing. The rewrite rules are processed by the theoremprover daTac. Multiple instances of a protocol can be run simultaneously as well as a model of the intruder (among several possible). The existence of flaws in the protocol is revealed by the derivation of an inconsistency. Our implementation of the compiler CASRUL, together with the prover daTac, permitted us to derive security flaws in many classical cryptographic protocols.
LightWeight Theorem Proving for Debugging and Verifying Units of Code
, 2003
"... Software bugs are very difficult to detect even in small units of code. Several techniques to debug or prove correct such units are based on the generation of a set of formulae whose unsatisfiability reveals the presence of an error. These techniques assume the availability of a theorem prover capab ..."
Abstract

Cited by 51 (25 self)
 Add to MetaCart
(Show Context)
Software bugs are very difficult to detect even in small units of code. Several techniques to debug or prove correct such units are based on the generation of a set of formulae whose unsatisfiability reveals the presence of an error. These techniques assume the availability of a theorem prover capable of automatically discharging the resulting proof obligations. Building such a tool is a difficult, long, and errorprone activity. In this paper, we describe techniques to build provers which are highly automatic and flexible by combining stateoftheart superposition theorem provers and BDDs. We report experimental results on formulae extracted from the debugging of C functions manipulating pointers showing that an implementation of our techniques can discharge proof obligations which cannot be handled by Simplify (the theorem prover used in the ESC/Java tool) and performs much better on others. 1.
Quantified invariant generation using an interpolating saturation prover
 In TACAS
, 2008
"... Abstract. Interpolating provers have a variety of applications in verification, including invariant generation and abstraction refinement. Here, we extended these methods to produce universally quantified interpolants and invariants, allowing the verification of programs manipulating arrays and heap ..."
Abstract

Cited by 49 (4 self)
 Add to MetaCart
Abstract. Interpolating provers have a variety of applications in verification, including invariant generation and abstraction refinement. Here, we extended these methods to produce universally quantified interpolants and invariants, allowing the verification of programs manipulating arrays and heap data structures. We show how a paramodulationbased saturation prover, such as SPASS, can be modified in a simple way to produce a firstorder interpolating prover that is complete for universally quantified interpolants. Using a partial axiomatization of the theory of arrays with transitive closure, we show that the method can verify properties of simple programs manipulating arrays and linked lists. 1
Finding Loop Invariants for Programs over Arrays Using a Theorem Prover
 In Proc. of FASE
, 2009
"... Abstract. We present a new method for automatic generation of loop invariants for programs containing arrays. Unlike all previously known methods, our method allows one to generate firstorder invariants containing alternations of quantifiers. The method is based on the automatic analysis of the so ..."
Abstract

Cited by 45 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new method for automatic generation of loop invariants for programs containing arrays. Unlike all previously known methods, our method allows one to generate firstorder invariants containing alternations of quantifiers. The method is based on the automatic analysis of the socalled update predicates of loops. An update predicate for an array A expresses updates made to A. We observe that many properties of update predicates can be extracted automatically from the loop description and loop properties obtained by other methods such as a simple analysis of counters occurring in the loop, recurrence solving and quantifier elimination over loop variables. We run the theorem prover Vampire on some examples and show that nontrivial loop invariants can be generated. 1
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 43 (20 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
ModelTheoretic Methods in Combined Constraint Satisfiability
 Journal of Automated Reasoning
, 2004
"... We extend NelsonOppen combination procedure to the case of theories which are compatible with respect to a common subtheory in the shared signature. The notion of compatibility relies on model completions and related concepts from classical model theory. ..."
Abstract

Cited by 40 (12 self)
 Add to MetaCart
We extend NelsonOppen combination procedure to the case of theories which are compatible with respect to a common subtheory in the shared signature. The notion of compatibility relies on model completions and related concepts from classical model theory.
A Decomposition Rule for Decision Procedures by Resolutionbased Calculi
 In: Proc. 11th Int. Conf. on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR
, 2004
"... Abstract. Resolutionbased calculi are among the most widely used calculi for theorem proving in firstorder logic. Numerous refinements of resolution are nowadays available, such as e.g. basic superposition, a calculus highly optimized for theorem proving with equality. However, even such an advanc ..."
Abstract

Cited by 36 (11 self)
 Add to MetaCart
(Show Context)
Abstract. Resolutionbased calculi are among the most widely used calculi for theorem proving in firstorder logic. Numerous refinements of resolution are nowadays available, such as e.g. basic superposition, a calculus highly optimized for theorem proving with equality. However, even such an advanced calculus does not restrict inferences enough to obtain decision procedures for complex logics, such as SHIQ. In this paper, we present a new decomposition inference rule, which can be combined with any resolutionbased calculus compatible with the standard notion of redundancy. We combine decomposition with basic superposition to obtain three new decision procedures: (i) for the description logic SHIQ, (ii) for the description logic ALCHIQb, and (iii) for answering conjunctive queries over SHIQ knowledge bases. The first two procedures are worstcase optimal and, based on the vast experience in building efficient theorem provers, we expect them to be suitable for practical usage. 1