Section: Research Program
Automated Reasoning
Permanent researchers: S. Conchon, G. Melquiond, A. Paskevich
Generalities on Automated Reasoning

J. C. Blanchette and A. Paskevich have designed an extension to the TPTP TFF (Typed Firstorder Form) format of theorem proving problems to support rank1 polymorphic types (also known as MLstyle parametric polymorphism) [47]. This extension, named TFF1, has been incorporated in the TPTP standard.

S. Conchon defended his habilitation à diriger des recherches in December 2012. The memoir [76] provides a useful survey of the scientific work of the past 10 years, around the SMT solving techniques, that led to the tools AltErgo and Cubicle as they are nowadays.
Quantifiers and Triggers

C. Dross, J. Kanig, S. Conchon, and A. Paskevich have proposed a generic framework for adding a decision procedure for a theory or a combination of theories to an SMT prover. This mechanism is based on the notion of instantiation patterns, or triggers, which restrict instantiation of universal premises and can effectively prevent a combinatorial explosion. A user provides an axiomatization with triggers, along with a proof of completeness and termination in the proposed framework, and obtains in return a sound, complete and terminating solver for his theory. A prototype implementation was realized on top of AltErgo. As a case study, a featurerich axiomatization of doublylinked lists was proved complete and terminating [88]. C. Dross defended her PhD thesis in April 2014 [89]. The main results of the thesis are: (1) a formal semantics of the notion of triggers typically used to control quantifier instantiation in SMT solvers, (2) a general setting to show how a firstorder axiomatization with triggers can be proved correct, complete, and terminating, and (3) an extended DPLL(T) algorithm to integrate a firstorder axiomatization with triggers as a decision procedure for the theory it defines. Significant case studies were conducted on examples coming from SPARK programs, and on the benchmarks on B set theory constructed within the BWare project.
Reasoning Modulo Theories

S. Conchon, É. Contejean and M. Iguernelala have presented a modular extension of ground ACcompletion for deciding formulas in the combination of the theory of equality with userdefined AC symbols, uninterpreted symbols and an arbitrary signaturedisjoint Shostak theory X [78]. This work extends the results presented in [77] by showing that a simple preprocessing step allows to get rid of a full ACcompatible reduction ordering, and to simply use a partial multiset extension of a nonnecessarily ACcompatible ordering.

S. Conchon, M. Iguernelala, and A. Mebsout have designed a collaborative framework for reasoning modulo simple properties of nonlinear arithmetic [82]. This framework has been implemented in the AltErgo SMT solver.

S. Conchon, G. Melquiond and C. Roux have described a dedicated procedure for a theory of floatingpoint numbers which allows reasoning on approximation errors. This procedure is based on the approach of the Gappa tool: it performs saturation of consequences of the axioms, in order to refine bounds on expressions. In addition to the original approach, bounds are further refined by a constraint solver for linear arithmetic [84]. This procedure has been implemented in AltErgo.

In collaboration with A. Mahboubi (Inria projectteam Typical), and G. Melquiond, the group involved in the development of AltErgo have implemented and proved the correctness of a novel decision procedure for quantifierfree linear integer arithmetic [1]. This algorithm tries to bridge the gap between projection and branching/cutting methods: it interleaves an exhaustive search for a model with bounds inference. These bounds are computed provided an oracle capable of finding constant positive linear combinations of affine forms. An efficient oracle based on the Simplex procedure has been designed. This algorithm is proved sound, complete, and terminating and is implemented in AltErgo.

Most of the results above are detailed in M. Iguernelala's PhD thesis [105].
Applications

We have been quite successful in the application of AltErgo to industrial development: qualification by Airbus France, integration of AltErgo into the Spark Pro toolset.

In the context of the BWare project, aiming at using Why3 and AltErgo for discharging proof obligations generated by Atelier B, we made progress into several directions. The method of translation of B proof obligations into Why3 goals was first presented at ABZ'2012 [121]. Then, new drivers have been designed for Why3, in order to use new backend provers Zenon modulo and iProver modulo. A notion of rewrite rule was introduced into Why3, and a transformation for simplifying goals before sending them to backend provers was designed. Intermediate results obtained so far in the project were presented both at the French conference AFADL [87] and at ABZ'2014 [86].
On the side of AltErgo, recent developments have been made to efficiently discharge proof obligations generated by Atelier B. This includes a new plugin architecture to facilitate experiments with different SAT engines, new heuristics to handle quantified formulas, and important modifications in its internal data structures to boost performances of core decision procedures. Benchmarks realized on more than 10,000 proof obligations generated from industrial B projects show significant improvements [81].

Hybrid automatons interleave continuous behaviors (described by differential equations) with discrete transitions. D. Ishii and G. Melquiond have worked on an automated procedure for verifying safety properties (that is, global invariants) of such systems [106].
Projectteam Positioning
Automated Theorem Proving is a large community, but several subgroups can be identified:

The SMTLIB community gathers people interested in reasoning modulo theories. In this community, only a minority of participants are interested in supporting firstorder quantifiers at the same time as theories. SMT solvers that support quantifiers are Z3 (Microsoft Research Redmond, USA), CVC3 and its successor CVC4 (http://cvc4.cs.stanford.edu/web/).

The TPTP community gathers people interested in firstorder theorem proving.

Other Inria teams develop provers: veriT by team Veridis, and Psyche by team Parsifal.

Other groups develop provers dedicated to very specific cases, such as Metitarski (http://www.cl.cam.ac.uk/~lp15/papers/Arith/) at Cambridge, UK, which aims at proving formulas on real numbers, in particular involving special functions such as log or exp. The goal is somewhat similar to our CoqInterval library, cf objective 4.
It should be noticed that a large number of provers mentioned above are connected to Why3 as backends.