Section: Application Domains
Trustworthy implementations of theorem proving techniques
The production of realworld verified software has made it necessary to integrate results coming from different theorem provers in a single certification package. One approach to this integration task is by exchanging proof evidence and relying on a backend proofchecker.
Another approach to integration consists in reimplementing the theorem proving techniques as proofsearch strategies, on an architecture that guarantees correctness.
Inference systems in general, and focused sequent calculi in particular, can serve as the basis of such an architecture, providing primitives for the exploration of the search space. These form a trusted Application Programming Interface that can be used to program and experiment various proofsearch heuristics without worrying about correctness. No proofchecking is needed if one trusts the implementation of the API.
This approach has led to the development of the Psyche engine, and to its latest branch CDSAT.
Three major research directions are currently being explored, based on the above:

The first one is about formulating automated reasoning techniques in terms of inference systems, so that they fit the approach described above. While this is rather standard for technique used in firstorder Automated Theorem Provers (ATP), such as resolution, superposition, etc, this is much less standard in SMTsolving, the branch of automated reasoning that can natively handle reasoning in a combination of mathematical theories: the traditional techniques developed there usually organise the collaborations between different reasoning black boxes, whose opaque mechanisms less clearly connect to prooftheoretical inference systems. We are therefore investigating new foundations for reasoning in combinations of theories, expressed as finegrained inference systems, and developed the ConflictDriven Satisfiability framework for these foundations [13].

The second one is about understanding how to deal with quantifiers in presence of one or more theories: On the one hand, traditional techniques for quantified problems, such as unification [29] or quantifier elimination are usually designed for either the empty theory or very specific theories. On the other hand, the industrial techniques for combining theories (NelsonOppen, Shostak, MCSAT [64], [69], [73], [53]) are designed for quantifierfree problems, and quantifiers there are dealt with incomplete clause instantiation methods or triggerbased techniques [41]. We are working on making the two approaches compatible.

The above architecture's modular approach raises the question of how its different modules can safely cooperate (in terms of guaranteed correctness), while some of them are trusted and others are not. The issue is particularly acute if some of the techniques are run concurrently and exchange data at unpredictable times. For this we explore new solutions based on Milner's LCF [63]. In [47], we argued that our solutions in particular provide a way to fulfil the “Strategy Challenge for SMTsolving” set by De Moura and Passmore [74].