Deductive Search for Errors in Free Data Type Specifications Using Model Generation

The presented approach aims at identifying false conjectures about free data types. Given a specification and a conjecture, the method performs a search for a model of an according counter specification. The model search is tailor-made for the semantical setting of free data types, where the fixed domain allows to describe models just in terms of interpretations

A Modula-2 language Binding for the Graphical Kernel System

SIGLECopy held by FIZ Karlsruhe; available from UB/TIB Hannover / FIZ - Fachinformationszzentrum Karlsruhe / TIB - Technische InformationsbibliothekDEGerman

How to prove inductive theorems? QUODLIBET

QUODLIBET is a tactic-based inductive theorem proving system that meets today’s standard requirements for theorem provers such as a command interpreter, a sophisticated graphical user interface, and a carefully programmed inference machine kernel that guarantees soundness. In essence, it is the synergetic combination of the features presented in the following sections that makes QUODLIBET a system quite useful in practice; and we hope that it is actually as you like it, which is the Latin “quod libet” translated into English. We start by presenting some of the design goals that have guided the development of QUODLIBET. Note that the system is not intended to pursue the push bottom technology for inductive theorem proving, but to manage more complicated proofs by an effective interplay between interaction and automation. 1.1 Design Goals for Specifications Given algebraic specifications of algorithms in the style of abstract data types, we want to prove theorems even if the specification is not (yet) sufficiently complete. As an example, consider the incomplete specification of the subtraction on the natural numbers E = {∀x. x−0=x, ∀x,y. s(x)−s(y)=x−y} and the conjecture ∀x,y. (x−y=0 ∧ y−x=0 ⇒ x=y)