CoCEC: An Automatic Combinational Circuit Equivalence Checker Based on the Interactive Theorem Prover

Checking the equivalence of two Boolean functions, or combinational circuits modeled as Boolean functions, is often desired when reliable and correct hardware components are required. The most common approaches to equivalence checking are based on simulation and model checking, which are constrained due to the popular memory and state explosion problems. Furthermore, such tools are often not user-friendly, thereby making it tedious to check the equivalence of large formulas or circuits. An alternative is to use mathematical tools, called interactive theorem provers, to prove the equivalence of two circuits; however, this requires human effort and expertise to write multiple output functions and carry out interactive proof of their equivalence. In this paper, we (1) define two simple, one formal and the other informal, gate-level hardware description languages, (2) design and develop a formal automatic combinational circuit equivalence checker (CoCEC) tool, and (3) test and evaluate our tool. The tool CoCEC is based on human-assisted theorem prover Coq, yet it checks the equivalence of circuit descriptions purely automatically through a human-friendly user interface. It either returns a machine-readable proof (term) of circuits’ equivalence or a counterexample of their inequality. The interface enables users to enter or load two circuit descriptions written in an easy and natural style. It automatically proves, in few seconds, the equivalence of circuits with as many as 45 variables (3.5 × 10 13 states). CoCEC has a mathematical foundation, and it is reliable, quick, and easy to use. The tool is intended to be used by digital logic circuit designers, logicians, students, and faculty during the digital logic design course.

Checkable Proofs for First-Order Theorem Proving

Inspired by the success of the DRAT proof format for certification of boolean satisfiability (SAT),we argue that a similar goal of having unified automatically checkable proofs should be soughtby the developers of automated first-order theorem provers (ATPs). This would not onlyhelp to further increase assurance about the correctness of prover results,but would also be indispensable for tools which rely on ATPs,such as ``hammers'' employed within interactive theorem provers.The current situation, represented by the TSTP format is unsatisfactory,because this format does not have a standardised semantics and thus cannot be checked automatically.Providing such semantics, however, is a challenging endeavour. One would ideallylike to have a proof format which covers only-satisfiability-preserving operations such as Skolemisationand is versatile enough to encompass various proving methods (i.e. not just superposition)or is perhaps even open ended towards yet to be conceived methods or at least easily extendable in principle.Going beyond pure first-order logic to theory reasoning in the style of SMT orbeyond proofs to certification of satisfiability are further interesting challenges.Although several projects have already provided partial solutions in this direction,we would like to use the opportunity of ARCADE to further promote the idea andgather critical mass needed for its satisfactory realisation.

Metis-based Paramodulation Tactic for HOL Light

Metis is an automated theorem prover based on ordered paramodulation.It is widely employed in the interactive theorem provers Isabelle/HOL and HOL4to automate proofs as well as reconstruct proofs found by automated provers.For both these purposes, the tableaux-based MESON tactic is frequently usedin HOL Light. However, paramodulation-based provers such as Metisperform better on many problems involving equality.We created a Metis-based tactic in HOL Light which translates HOL problemsto Metis, runs an OCaml version of Metis, and reconstructs proofsin Metis' paramodulation calculus as HOL proofs.We evaluate the performance of Metis as proof reconstruction methodin HOL Light.

The Architecture of Inference from SMT to ETB

Modularity plays a central role in logical reasoning. We want to beable to reuse proofs, proof patterns, theories, and specializedreasoning procedures. Architectures that support modularity have beendeveloped at all levels of inference: SAT solvers, theory solvers,combination solvers and rewriters, SMT solvers, simplifiers, rewriters,and tactics-based interactive theorem provers. Prior work has mostlyfocused on fine-grained modular inference. However, with theavailability of a diverse range of high-quality inference tools, it hasbecome important to systematically integrate these big components intorobust toolchains. At SRI, we have been developing a framework calledthe Evidential Tool Bus (ETB) as a distributed platform for thecoarse-grained integration of inference components into flexible,scriptable workflows. The talk describes the architecture of ETB alongwith some motivating applications.

Three years of experience with Sledgehammer, a Practical Link Between Automatic and Interactive Theorem Provers

Sledgehammer is a highly successful subsystem of Isabelle/HOL that calls automatic theorem provers to assist with interactive proof construction. It requires no user configuration: it can be invoked with a single mouse gesture at any point in a proof. It automatically finds relevant lemmas from all those currently available. An unusual aspect of its architecture is its use of unsound translations, coupled with its delivery of results as Isabelle/HOL proof scripts: its output cannot be trusted, but it does not need to be trusted. Sledgehammer works well with Isar structured proofs and allows beginners to prove challenging theorems.

Three Years of Experience with Sledgehammer, a Practical Link between Automatic and Interactive Theorem Provers

Sledgehammer is a highly successful subsystem of Isabelle/HOL that calls automatic theorem provers to assist with interactive proof construction. It requires no user configuration: it can be invoked with a single mouse gesture at any point in a proof. It automatically finds relevant lemmas from all those currently available. An unusual aspect of its architecture is its use of unsound translations, coupled with its delivery of results as Isabelle/HOL proof scripts: its output cannot be trusted, but it does not need to be trusted. Sledgehammer works well with Isar structured proofs and allows beginners to prove challenging theorems.

Partiality and recursion in interactive theorem provers – an overview

The use of interactive theorem provers to establish the correctness of critical parts of a software development or for formalizing mathematics is becoming more common and feasible in practice. However, most mature theorem provers lack a direct treatment of partial and general recursive functions; overcoming this weakness has been the objective of intensive research during the last decades. In this article, we review several techniques that have been proposed in the literature to simplify the formalization of partial and general recursive functions in interactive theorem provers. Moreover, we classify the techniques according to their theoretical basis and their practical use. This uniform presentation of the different techniques facilitates the comparison and highlights their commonalities and differences, as well as their relative advantages and limitations. We focus on theorem provers based on constructive type theory (in particular, Agda and Coq) and higher-order logic (in particular Isabelle/HOL). Other systems and logics are covered to a certain extent, but not exhaustively. In addition to the description of the techniques, we also demonstrate tools which facilitate working with the problematic functions in particular theorem provers.