Proof Generation in the Touchstone Theorem Prover

The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benefits for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is not always obvious how to generate explicit proofs in a theorem prover that uses decision procedures whose operation does not directly model the axiomatization of the underlying theories. In this paper we describe the modifications that are necessary to support proof generation in a congruence-closure decision procedure for equality and in a Simplex-based decision procedure for linear arithmetic. Both of these decision procedures have been integrated using a modified Nelson-Oppen cooperation mechanism in the Touchstone theorem prover, which we use to produce proof-carrying code. Our experience with designing and implementing Touchstone is that proof generation has a relatively low cost in terms of design complexity and proving time and we conclude that the software-engineering benefits of proof generation clearly outweighs these costs.

[1]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[2]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[3]  Wilhelm Ackermann,et al.  Solvable Cases Of The Decision Problem , 1954 .

[4]  M. Gordon HOL : A machine oriented formulation of higher order logic , 1985 .

[5]  Bengt Aspvall,et al.  A Polynomial Time Algorithm for Solving Systems of Linear Inequalities with Two Variables per Inequality , 1980, SIAM J. Comput..

[6]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[7]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[8]  Greg Nelson,et al.  Fast Decision Procedures Based on Congruence Closure , 1980, JACM.

[9]  Richard J. Boulton,et al.  Combining Decision Procedures in the HOL System , 1995, TPHOLs.

[10]  Robert E. Shostak,et al.  Deciding Linear Inequalities by Computing Loop Residues , 1981, JACM.

[11]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[12]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[13]  F. Pfenning Logic programming in the LF logical framework , 1991 .

[14]  Robert E. Tarjan,et al.  Variations on the Common Subexpression Problem , 1980, J. ACM.

[15]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.

[16]  Dale Miller,et al.  A Logic Programming Language with Lambda-Abstraction, Function Variables, and Simple Unification , 1991, J. Log. Comput..

[17]  Frank Pfenning,et al.  Elf: A Meta-Language for Deductive Systems (System Descrition) , 1994, CADE.

[18]  R. Boulton A Lazy Approach to Fully-Expansive Theorem Proving , 1992, TPHOLs.

[19]  Gopalan Nadathur,et al.  Uniform Proofs as a Foundation for Logic Programming , 1991, Ann. Pure Appl. Log..

[20]  George C. Necula,et al.  Compiling with proofs , 1998 .