Integrating Testing and Interactive Theorem Proving

Using an interactive theorem prover to reason about programs involves a sequence of interactions where the user challenges the theorem prover with conjectures. Invariably, many of the conjectures posed are in fact false, and users often spend considerable effort examining the theorem prover's output before realizing this. We present a synergistic integration of testing with theorem proving, implemented in the ACL2 Sedan (ACL2s), for automatically generating concrete counterexamples. Our method uses the full power of the theorem prover and associated libraries to simplify conjectures; this simplification can transform conjectures for which finding counterexamples is hard into conjectures where finding counterexamples is trivial. In fact, our approach even leads to better theorem proving, e.g. if testing shows that a generalization step leads to a false conjecture, we force the theorem prover to backtrack, allowing it to pursue more fruitful options that may yield a proof. The focus of the paper is on the engineering of a synergistic integration of testing with interactive theorem proving; this includes extending ACL2 with new functionality that we expect to be of general interest. We also discuss our experience in using ACL2s to teach freshman students how to reason about their programs.

[1]  Tobias Nipkow,et al.  Random testing in Isabelle/HOL , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[2]  Robert Cartwright,et al.  Formal program testing , 1981, POPL '81.

[3]  Warren A. Hunt,et al.  A SAT-based procedure for verifying finite state machines in ACL2 , 2006, ACL2 '06.

[4]  Achim D. Brucker,et al.  Symbolic Test Case Generation for Primitive Recursive Functions , 2004, FATES.

[5]  Panagiotis Manolios,et al.  Termination Analysis with Calling Context Graphs , 2006, CAV.

[6]  Panagiotis Manolios,et al.  Verification of executable pipelined machines with bit-level interfaces , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[7]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2011, SIGP.

[8]  Panagiotis Manolios,et al.  A Framework for Verifying Bit-Level Pipelined Machines Based on Automated Deduction and Decision Procedures , 2006, Journal of Automated Reasoning.

[9]  Panagiotis Manolios,et al.  Computer-Aided Reasoning: An Approach , 2011 .

[10]  Marie-Claude Gaudel,et al.  Testing Can Be Formal, Too , 1995, TAPSOFT.

[11]  Panagiotis Manolios,et al.  ACL2s: "The ACL2 Sedan" , 2007, ICSE Companion.

[12]  Peter Dybjer,et al.  Combining Testing and Proving in Dependent Type Theory , 2003, TPHOLs.

[13]  Tobias Nipkow,et al.  Nitpick: A Counterexample Generator for Higher-Order Logic Based on a Relational Model Finder , 2010, ITP.

[14]  John Erickson,et al.  Backtracking and Induction in ACL 2 , 2007 .

[15]  Catherine Dubois,et al.  Functional Testing in the Focal Environment , 2008, TAP.

[16]  S. Owre Random Testing in PVS , 2006 .

[17]  Tjark Weber,et al.  SAT-based finite model generation for higher-order logic , 2008 .

[18]  Rob Sumners Checking ACL2 theorems via SAT checking , 2002 .

[19]  Jeremy Dick,et al.  Automating the Generation and Sequencing of Test Cases from Model-Based Specifications , 1993, FME.

[20]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.