    PDF e-Pub

Section: Application Domains

Integrating a model checker and a theorem prover

The goal of combining model checking with inductive and co-inductive theorem in a rather appealing one. The strengths of systems in these two different systems are strikingly different. A model checker is capable of exploring a finite space automatically: such a tool can repeatedly explores all possible cases for how a computational space can be explored. On the other hand, a theorem prover might be able to prove clever things about a search space. For example, a model checker could attempt to discover whether or not there exists a winning strategy for, say, tic-tac-toe while an inductive theorem prover might be able to prove that if there is a winning strategy from one board then there is a winning strategy from any symmetric version of that board. Of course, being about to combine proofs from these system could drastically reduce the state exploration and proof certificate that needs to be produced to prove the existence of winning strategies.

Our first step to providing an integration of model checking and (inductive) theorem proving was to develop a strong logic, we call $𝒢$, that extends intuitionistic logic with notions of least and greatest fixed points. We have developed the proof theory of this logic in earlier papers   . We have now recently converted the Bedwyr system so that it formally accepts almost all definitions and statements of theorems that are accepted by the inductive theorem prover Abella. Thus, these two systems are proving theorems in the same logic and their theorems can now be shared.

The tabling mechanism of Bedwyr has been extended so that its it can make use of previously proved lemmas. Thus, when a goal to prove that some board position has a winning strategy, the lemma can to conclude yes if some symmetric board position is already in the table.

For more about recent progress on providing checkable proof certificates for model checking, see the web site for Bedwyr http://slimmer.gforge.inria.fr/bedwyr/ .