Stack Overflow
Stack Overflow

Questions tagged [theorem-proving]

Theorem proving, currently the most well-developed subfield of automated reasoning, is the proving of mathematical theorems by a computer program.

Theorem proving, currently the most well-developed subfield of automated reasoning, is the proving of mathematical theorems by a computer program.

Depending on the underlying logic, the problem of deciding the validity of a formula varies from trivial to impossible. Commercial use of automated theorem proving is mostly concentrated in integrated circuit design and verification. Nowadays, AMD, Intel and others use automated theorem proving to verify that division and other operations are correctly implemented in their processors.

In the context of programming, theorem provers are increasingly influencing the design of programming languages, and methods for verifying program correctness.

412 questions
42
votes
1 answer

Difference between Z3 and coq

I am wondering if someone can tell me the difference between Z3 and coq? Seems to me that coq is a proof assistant in that it requires the user to fill in the proof steps, whereas Z3 does not have that requirement. But seems like coq also has auto…
JRR
  • 5,290
  • 4
  • 32
  • 54
33
votes
1 answer

Z3: finding all satisfying models

I am trying to retrieve all possible models for some first-order theory using Z3, an SMT solver developed by Microsoft Research. Here is a minimal working example: (declare-const f Bool) (assert (or (= f true) (= f false))) In this propositional…
marczoid
  • 1,055
  • 2
  • 10
  • 18
31
votes
2 answers

How to learn agda

I am trying to learn agda. However, I got a problem. All the tutorials which I found on agda wiki are too complex for me and cover different aspects of programming. After parallel reading of 3 tutorials on agda I was able to write simple proofs but…
Konstantin Solomatov
  • 9,752
  • 6
  • 52
  • 83
30
votes
4 answers

Is it possible to program and check invariants in Haskell?

When I write an algorithm I usually write down invariants in comments. For example, one function might return an ordered list, and the other one expect that a list would be ordered. I'm aware that theorem provers exists, but I have no experience…
Andrew
  • 7,680
  • 11
  • 42
  • 73
21
votes
6 answers

Hilbert System - Automate Proof

I'm trying to prove the statement ~(a->~b) => a in a Hilbert style system. Unfortunately it seems like it is impossible to come up with a general algorithm to find a proof, but I'm looking for a brute force type strategy. Any ideas on how to…
aramadia
  • 1,596
  • 2
  • 12
  • 24
21
votes
1 answer

Limits of SMT solvers

Traditionally most work with computational logic was either propositional, in which case you used a SAT (boolean satisfiability) solver, or first-order, in which case you used a first-order theorem prover. In recent years, a lot of progress has been…
rwallace
  • 26,045
  • 30
  • 102
  • 195
14
votes
3 answers

Formalizing computability theory in Coq

I'm trying to teach myself Coq by formalizing formalize a mathematical theorem I'm familiar with: the undecidability of the halting problem various theorems in computability theory. Since I'm not interested in formalizing the details of…
Pteromys
  • 1,321
  • 1
  • 11
  • 25
13
votes
2 answers

Has anyone tried proving Z3 with Z3 itself?

Has anyone tried proving Z3 with Z3 itself? Is it even possible, to prove that Z3 is correct, using Z3? More theoretical, is it possible to prove that tool X is correct, using X itself?
Longfei Zhu
  • 139
  • 3
13
votes
1 answer

How do I prove a "seemingly obvious" fact when relevant types are abstracted by a lambda in Idris?

I am writing a basic monadic parser in Idris, to get used to the syntax and differences from Haskell. I have the basics of that working just fine, but I am stuck on trying to create VerifiedSemigroup and VerifiedMonoid instances for the…
h.forrest.alexander
  • 158
  • 7
12
votes
1 answer

Coq simpl for Program Fixpoint

is there anything like the tactic simpl for Program Fixpoints? In particular, how can one proof the following trivial statement? Program Fixpoint bla (n:nat) {measure n} := match n with | 0 => 0 | S n' => S (bla n') end. Lemma obvious: forall n,…
ouler
  • 123
  • 6
12
votes
3 answers

How should the general type of a "lemma" function be understood?

Perhaps this is a stupid question. Here's a quote from the Hasochism paper: One approach to resolving this issue is to encode lemmas, given by parameterised equations, as Haskell functions. In general, such lemmas may be encoded as functions of…
Benjamin Hodgson
  • 37,496
  • 16
  • 98
  • 147
11
votes
3 answers

Non-empty list append theorem in Coq

I am trying to prove the following lemma in Coq: Require Import Lists.List. Import ListNotations. Lemma not_empty : forall (A : Type) (a b : list A), (a <> [] \/ b <> []) -> a ++ b <> []. Right now my current strategy was to destruct on a, and…
Akhil
  • 113
  • 4
11
votes
8 answers

Using theorem provers to find attacks

I've heard a bit about using automated theorem provers in attempts to show that security vulnerabilities don't exist in a software system. In general this is fiendishly hard to do. My question is has anyone done work on using similar tools to find…
BCS
  • 67,242
  • 64
  • 175
  • 277
10
votes
1 answer

Coq can't find subterm when using rewrite tactic

I'm trying to do a modified proof of compile_correct from the first chapter of Certified Programming with Dependent Types. In my version, I try to make use of the fact that progDenote is a fold, and use a weaker inductive hypothesis in the proof of…
Kester Tong
  • 171
  • 8
10
votes
2 answers

Proving that a reversible list is a palindrome in Coq

Here is my inductive definition of palindromes: Inductive pal { X : Type } : list X -> Prop := | pal0 : pal [] | pal1 : forall ( x : X ), pal [x] | pal2 : forall ( x : X ) ( l : list X ), pal l -> pal ( x :: l ++ [x] ). And the theorem I want…
user287393
  • 1,171
  • 5
  • 12
1
2 3
27 28