The ICS Decision Procedures for Embedded Deduction [chapter]

Leonardo de Moura, Sam Owre, Harald Rueß, John Rushby, Natarajan Shankar
2004 Lecture Notes in Computer Science  
Automated theorem proving lies at the heart of all tools for formal analysis of software and system descriptions. In formal verification systems such as PVS [10] , the deductive capability is explicit and visible to the user, whereas in tools such as test case generators it is hidden and often ad-hoc. Many tools for formal analysis would benefit-both in performance and ease of construction-if they could draw on a powerful embedded service to perform common deductive tasks. An embedded deductive
more » ... service should be fully automatic, and this suggests that its focus should be restricted to those theories whose decision and satisfiability problems are decidable. However, there are some contexts that can tolerate incompleteness. For example, in extended static checking, the failure to prove a valid verification condition results only in a spurious warning message. In other contexts such as construction of abstractions, speed may be favored over completeness, so that undecidable theories (e.g., nonlinear integer arithmetic) and those whose decision problems are often considered infeasible in practice (e.g., real closed fields) should not be ruled out completely. Most problems that arise in practice involve combinations of theories: the question whether f (cons(4×car(x)−2×f (cdr(x)), y)) = f (cons(6×cdr(x), y)) follows from 2 × car(x) − 3 × cdr(x) = f (cdr(x)), for example, requires simultaneously the theories of uninterpreted functions, linear arithmetic, and lists. The ground (i.e., quantifier-free) fragment of many combinations is decidable when the fully quantified combination is not, and practical experience indicates that automation of the ground case is adequate for most applications. Practical experience also suggests several other desiderata for an effective deductive service. Some applications (e.g., construction of abstractions) invoke their deductive service a huge number of times in the course of a single calculation, so that performance of the service must be very good. Other applications such as proof search explore many variations on a formula (i.e., alternately asserting and denying various combinations of its premises), so the deductive service should not examine individual formulas in isolation, but should provide a rich application programming interface that supports incremental assertion, retraction, and querying of formulas. Other applications such as test case generation
doi:10.1007/978-3-540-25984-8_14 fatcat:shrktb5z4ffbpkakpnkrvho4ly