Automated support for set-theoretic specifications

In this thesis we are concerned with the activity of discharging proof obligations that arise from the construction of a formal specification. Discharging these proof obligations may be facilitated by establishing a partnership between the specifier and a suitable automated reasoning assistant. Given the availability and sophistication of resolution-based theorem provers, we adopted the OTTER theorem prover as the vehicle for our investigation. There exist formal specification languages, of which the most popular is, arguably, Z, a language based on first-order logic and a strongly typed fragment of Zermelo-Fraenkel set theory. While the Z notation has a precise meaning, its unadorned use poses a number of problems: (1) Z has a few ‘dark corners’ and pitfalls for the unwary, especially in the use of some of the schema calculus operators. (2) The Z notation is too rich to serve as input to a resolution-based theorem prover like OTTER, since the input to OTTER is the language of first-order logic in simple ASCII format. We have therefore decided to use the fragment of set theory on which Z is based as the notation in which to construct our specifications. Set-theoretic proofs, however, pose demanding challenges to automated reasoning assistants and in the light of these challenges we develop a set of heuristics for finding short proofs of properties that involve typical set-theoretic constructs. The use of our heuristics suggests the development and use of a suitable set of problem frames (derived from Jackson's work in this area) that can be fitted onto our proof attempts. This forms the first part of a twofold hypothesis: (1) A resolution-based theorem prover such as OTTER can be used to discharge proof obligations arising from a formal specification. We also develop a set of design principles aimed at further facilitating the process of proof. This forms the second part of our hypothesis: (2) The application of certain design principles in the construction of a specification facilitates the theorem proving process. Our twofold hypothesis is justified in the construction of a multi-level marketing application from the business world.