Automated Reasoning

CONTRIBUTI SCIENTIFICI

AUTOMATED REASONING

MARIA PAOLA BONACINA Dipartimento di Infor matica - Università degli Studi di Ver ona

ALBERTO MARTELLI Dipartimento di Infor matica - Università degli Studi di Torino

1 Introduction counter-example,orcounter-model, that is, a model of S ∪{¬ϕ}. This branch of automated reasoning is called A central problem in automated reasoning is to determine automated model building. whether a conjecture ϕ, that represents a property to be In classical rst-order logic, deductive theorem proving veried, is a logical consequence of a set S of assump- is semi-decidable, while inductive theorem proving and tions, which express properties of the object of study (e.g., model building are not even semi-decidable.Itissignif- a system, a circuit, a program, a data type, a communica- icant that while books in theorem proving date from the tion protocol, a mathematical structure). early seventies [22, 48, 16, 27, 77, 44, 70], the rst book A conjoint problem is that of knowledge representation, on model building appeared only recently [21]. Most ap- or nding suitable formalisms for S and ϕ to represent as- proaches to automated model building belong to one of the pects of the real world, such as action, space, time, men- following three classes, or combine their principles: tal events and commonsense reasoning. While classical logic has been the principal formalism in automated rea- 1. Enumeration methods generate interpretations and soning, and many proof techniques have been studied and test whether they are models of the given set of for- implemented, non-classical logics, such as modal, tempo- mul; ral, description or nonmonotonic logics, have been widely 2. Saturation methods extract models from the nite set investigated to represent knowledge. of formul generated by a failed refutation attempt; and 2Automated reasoning in classical logic 3. Simultaneous methods search simultaneously for a Given the above central problem, one can try to answer af- refutation or a model of the given set of formul. ϕ S rmatively, by nding a proof of from . This problem In higher-order logics, that allow universal and existen- and the methods to approach it are called theorem prov- tial statements, not only on individuals, but also on func- ing. Theorem proving comprises both deductive theorem tions and predicates, even deductive theorem proving is no proving, which is concerned precisely with the entailment longer semi-decidable. Clearly, fully automated theorem S |= ϕ problem as stated above (in symbols: ), and induc- proving focuses on deductive theorem proving, while in- tive theorem proving, where the problem is to determine duction, model generation and reasoning in higher-order S ϕ whether entails all ground instances of (in symbols: logics resort to a larger extent to interactive theorem prov- S |= ϕσ σ , for all ground substitutions ). ing. Since the most important feature of higher-order logic In (fully) automated theorem proving, the machine alone for computer science are higher-order functions, that are is expected to nd a proof. In interactive theorem proving, a staple of functional programming languages, an inter- a proof is born out of the interaction between human and mediate solution is to develop a rst-order system, with machine. Since it is too difcult to nd a proof ignoring a functional programming language, used simultaneously the conjecture, the vast majority of theorem-proving meth- as programming language and as logical language [20, 43]. ods work refutationally, that is, they prove that ϕ follows logically from S,byshowing that S ∪{¬ϕ} generates a 2.1 Fully automated theorem proving contradiction, or is inconsistent. Otherwise, given assumptions S and conjecture ϕ, one Semi-decidability means that no algorithm is guaranteed to can try to answer negatively, disproving ϕ,bynding a halt, and return a proof, whenever S∪{¬ϕ} is inconsistent,

14 Anno III, N° 1/2, Marzo-Giugno 2006 CONTRIBUTI SCIENTIFICI or a model, whenever S ∪{¬ϕ} is consistent. The best one 1. the logic, can have is a semi-decision procedure, that is guaranteed to halt and return a proof, if S ∪{¬ϕ} is inconsistent. If 2. the form of admissible formulae for S or ϕ,or it halts without a proof, we can conclude that S ∪{¬ϕ} 3. the theory presented by the assumptions in S. is consistent, and try to extract a model from its output. However, if S ∪{¬ϕ} is consistent, the procedure is not An example of Case 1 is the guarded fragment of rst- guaranteed to halt. order logic, which propositional modal logic can be re- Intuitively, proofs of inconsistency of a given problem duced to. The most prominent instance is propositional S ∪{¬ϕ} are nite, if they exist, but there is an innite logic, whose decidable satisability problem is known as search space of logical consequences where to look for a SAT. Many problems in computer science can be encoded contradiction. A machine can explore only a nite part in propositional logic, reduced to SAT and submitted to of this innite space, and the challenge is to nd a proof SAT solvers.Asautomated reasoning is concerned primar- using as little resources as possible. A fundamental insight ily with complete SAT solvers, the dominating paradigm was the recognition that the ability to detect and discard is the DPLL procedure [25, 24, 79], implemented, among redundant formul is as crucial as the ability to generate others, in [78, 52]. consequences of given formul. In addition to standard As an example of Case 2, the Bernays-Schonnkel class expansion inference rules of the form admits only sentences in the form

A1 ... An (1) ∃x1,...xn.∀y1,...ym.P [x1,...xn,y1,...ym] B1 ... Bm where P is quantier-free. Decidable classes based on syn- which add inferred formul B1,...,Bm to the set of tactic restrictions are surveyed in [21]. known theorems, that already includes the premises Case 3 includes Presburger arithmetic or theories of data A1,...,An, contemporary inference systems feature con- structures, such as lists or arrays. For the latter, the typical traction rules, that delete or simplify already-inferred the- approach is to build a little engine of proof for each theorems. The double-ruled inference rule form ory [66], by building the theorys axioms into a congruence A1 ... An closure algorithm to handle ground equalities [67, 54, 9]. (2) B1 ... Bm Little engines are combined to handle combinations of theories [53, 68, 31]. However, also generic theorem-proving means that the formul (Ai) above the rule are replaced by methods proved competitive on these problems [5]. those below (Bj). It is a deletion rule if the consequences Decidable does not mean pratical, and the decidable rea- are a proper subset of the premises; otherwise, it is a sim- soning problems are typically NP-complete. Since auto- plication rule. mated reasoning problems range from decidable, but NP- An expansion rule is sound if what is generated is complete,tosemi-decidable, or not even semi-decidable, logical consequence of the premises ({A1 ... An}|= automated reasoning relies pretty much universally on the {B1 ...Bm}). Classical examples are resolution and articial intelligence paradigm of search. paramodulation.Acontraction rule is sound if what is removed is logical consequence of what is left or added 2.3 Automated reasoning as a search problem ({B1 ...Bm}|= {A1 ... An}). Classical examples are subsumption and equational simplication from Knuth- Automated reasoning methods are strategies, composed Bendix completion.Aninference system is sound if all its of an inference system and a search plan. The inference rules are, and it is refutationally complete,ifitallows us to system is a non-deterministic set of inference rules, that derive a contradiction, whenever the initial set of formul denes a search space containing all possible inferences. is inconsistent. The challenge is dealing with contraction Describing formally the search space of a reasoning prob- without endangering completeness [36, 7, 8, 18]: a key lem is not obvious, and can be approached through differ- ingredient is to order the data (terms, literals, clauses, for- ent formalisms that capture different levels of abstraction mul, proofs) according to well-founded orderings. Infer- [62, 19]. The search plan guides the search and determines ence systems of this nature were applied successfully also the unique derivation to inductive theorem proving as in inductionless induction or proof by the lack of inconsistency [37, 40, 18]. S0 S1 ...Si Si+1 ...

2.2 Decision procedures and SAT solvers that the strategy computes from a given input S0 = S ∪ {¬ϕ}.Itisthe addition of the search plan that turns a non- Decidable instances of reasoning problems do exist. For deterministic inference system into a deterministic proof these problems, the search space is nite and decision pro- procedure. cedures are known. Decidability may stem from imposing The search plan decides, at each step, which inference restrictions on rule to apply to which data. If it selects an expansion rule, Anno III, N° 1/2, Marzo-Giugno 2006 15 CONTRIBUTI SCIENTIFICI the set of formul is expanded: guage understanding, symbolic computation, such as constraint problem solving and computer algebra, compu- S tational logic, such as declarative programming and de- S ⊂ S S ductive databases, and mathematics, as witnessed by the If it selects a contraction rule, the set of formul is con- existence of databases of computer-checked mathematics tracted: [51]. Theorem provers are capable of proving non-trivial S mathematical theorems in theories such as Boolean alge- S ⊆ S S ≺mul S S bras, rings, groups, quasigroups and many-valued logic [3, 2, 41, 49, 75]. Last, the study of mechanical forms where ≺mul is the multiset extension of a well-founded of logical reasoning is part of the fundamental quest about ordering on clauses. Strategies that employ well-founded what computing machines can do. orderings to restrict expansion and dene contraction are called ordering-based. Ordering-based strategies with a contraction-rst search plan, that gives higher priority to 3Automated reasoning in non-classical logic contraction inferences, are termed contraction-based. These strategies work primarily by forward reasoning, Many aspects of AI problems can be modeled with logi- because they do not distinguish between clauses coming cal formalisms, and in particular, with so called nonclassi- from S and clauses coming from ¬ϕ. Semantic strategies, cal logics, such as modal or temporal logics. Automated strategies with set of support and target-oriented strategies deduction techniques have been developed for those log- were devised to limit this effect. ics, for instance by proposing tableau proof methods [34]. At the other extreme of the spectrum, subgoal-reduction Another approach is to translate formulas of nonclassical strategies work by reducing goals to subgoals. This class logic into formulas of classical logic, so as to give users of includes methods based on model elimination, linear reso- nonclassical logics access to the sophisticated state-of-the- lution, matings and connections, all eventually understood art tools that are available in the area of rst-order theorem in the context of clausal normalform tableaux. proving [57]. The picture is completed by instance-based strategies, An important research problem in AI is the logical for- that date back to Gilmores multiplication method. These malization of commonsense reasoning. The observation strategies generate ground instances of the clauses in the that traditional logics, even nonclassical ones, are not suit- set to be refuted, and detect inconsistencies at the propo- able to express revisable inferences, led to the denition of sitional level by using a SAT solver. A survey of strate- nonmonotonic logics. Various approaches have been used gies, according to this classication, with the relevant ref- to do nonmonotonic reasoning, based on xpoint tech- erences, was given in [17]. niques or semantic preference. [58] contains a survey of Interactive reasoning systems with higher-order features tableau based proof methods for nonmonotonic logics. also employ search, but only indirectly, or at the meta- As we cannot give here the details of all techniques for level, because the search is made of both automated and automated reasoning in those logics, we will describe only human-driven steps [23, 33, 60, 4, 13, 15]. An interactive some specic approaches that have been used with success. session generates a proof plan, that is, a sequence of actions to reach a proof. Actions may be chosen by the user 3.1 Extensions of Logic Programming or the search plan of the interactive prover. In turn, an action can be the application of an inference rule of the inter- Logic programming was proposed with the goal of com- active prover, the introduction of a lemma by the user, the bining the use of logic as a representation language with invocation of an automated rst-order prover [12] or a de- efcient deduction techniques, based on a backward infer- cision procedure [59], to dispatch a rst-order conjecture ence process (goal-directed) which allows to consider a set or a decidable subproblem, respectively. of formulas as a program. Prolog is the most widely used logic programming language. While originally logic pro- 2.4 Applications gramming was conceived as a subset of classical logic, it was soon extended with some nonclassical features, in par- Its intrinsic difculty notwithstanding, automated reason- ticular negation as failure.Toprove a negated goal not p, ing is important in several ways. Its direct applications, Prolog tries to prove p;ifp cannot be proved, then the such as hardware/software verication and program gen- goal not p succeeds, and vice versa. This simple feature eration, are of the highest relevance to computing and so- of Prolog has been widely used to achieve nonmonotonic ciety. Theorem provers [73, 50, 42, 46, 74, 55, 63, 64, 71] behavior. In fact, by adding new formulas, a goal p which were applied successfully to the verication of crypto- previously was not derivable might become true, and, as a graphic protocols, message-passing systems and software consequence, not p might become false. specications [72, 65]. Furthermore, automated reason- The semantics of negation as failure has been deeply ing contributes techniques to other elds of articial in- studied, and the relations with nonmonotonic logics have telligence, such as planning, learning and natural lan- been pointed out. The most widely accepted semantics is 16 Anno III, N° 1/2, Marzo-Giugno 2006 CONTRIBUTI SCIENTIFICI the answer set semantics [30]. According to this seman- formula ϕ in some logical formalism. Usually properties tics, a logic program may have several alternative models, have to do with the evolution of the behavior of the sys- called answer sets, each corresponding to a possible view tem over time, and are expressed by means of temporal of the world. logic. The last step consists in the verication that ϕ holds Logic programming has been made more expressive by in the model. The verication techniques depend on the extending it with the so called classical negation, that is kind of temporal logic which is used, i.e. branching-time monotonic negation of classical logic, and disjunction in or linear-time. the head of the rules. Recently, a new approach to logic Many model checking tools have been developed, programming, called answer set programming (ASP), has among which we can mention NuSMV [56] and SPIN [35]. emerged. Syntactically ASP programs look like Prolog Although model checking has been mainly used for ver- programs, but the computational mechanisms used in ASP ication of distributed systems, there have been proposals are different: they are based on the ideas that have led to to use this technique also for the verication of AI sys- the creation of fast satisability solvers for propositional tems, such as multi-agent systems. These proposals deal logic. ASP has emerged from interaction between two with the problem of expressing properties regarding not lines of research, the semantics of negation in logic pro- only temporal evolution, as usual in model checking, but gramming and application of satisability solvers to search also mental attitudes of agents, such as knowledge, beliefs, problems. Several efcient answer set solvers have been desires, intentions (BDI). This requires to combine tempo- developed, among which we can mention Smodels [69] ral logic with modal (epistemic) logics which have been and DLV [45], the latter providing an extension for dealing used to model mental attitudes. with preferences. The goal of [11] is to extend model checking to make it Often, automated reasoning paradigms in AI mimic hu- applicable to multi-agent systems, where agents have BDI man reasoning, providing a formalisation of the human ba- attitudes. This is achieved by using a new logic which is sic inferences. Abductive reasoning is one such paradigm, the composition of two logics, one formalizing temporal and it can be seen as a formalisation of abductive reason- evolution and the other formalizing BDI attitudes. The ing and hypotheses making. Hypotheses make up for lack model checking algorithm keeps the two aspects separated: of information, and they can be put forward to support the when considering the temporal evolution of an agent, BDI explanation of some observation. atoms are considered as atomic proposition. Abductive logic programming is an extension of logic A different framework for verifying temporal and epis- programming in which the knowledge base may contain temic properties of multi-agent systems by means of model special atoms that can be assumed to be true, even if they checking techniques is presented by Penczek and Lomus- are not dened, or cannot be proven. These atoms are cio [61]. Here multi-agent systems are formulated in the called abducibles. Starting from a goal G,anabductive logic language CTLK, which adds to the temporal logic derivation tries to verify G,byusing deductive inference CTL an epistemic operator to model knowledge, using in- steps as in logic programming, but also by possibly assum- terpreted systems as underlying semantics. ing that some abducibles are true. In order to have this process converging to a meaningful explanation, an abductive theory normally comes together with a set of integrity 3.3 Applications constraints IC, and, in this case, hypotheses are required 3.3.1 Reasoning about actions to be consistent with IC [39, 28, 38]. It is worth mentioning that the goal directed approach The most famous approach to reasoning about actions is of logic programming has been used also to formulate the situation calculus, proposed by John McCarthy. Situations proof theory of many non-classical logics. For instance are logical terms which describe the state of the world [29] presents a uniform Prolog-like formulation for many whenever an action is executed. A situation denes the intuitionistic and modal logics. truth value of a set of uents, predicates that vary from one situation to the next. Actions are described by spec- 3.2 Model checking ifying their preconditions and effects by means of rst- order logic formulas. For instance, the formula p(s) → Model checking is an automatic technique for formally q(result(a, s)) means that, if p holds in situation s, then q verifying nite state concurrent systems, which has been will hold after executing action a. successfully applied in computer science to verify proper- An alternative logical representation of actions is by ties of distributed software systems. The process of model means of modal logic, where each modality represents an checking consists of the following steps. First the software action [26]. For instance, the formula 2(p → [a]q) has system to be veried must be translated into a suitable for- the same meaning as the previous one (2ϕ means that ϕ malism, where the actions of the systems are represented is true in each state). Since the semantics of modal logic in terms of states and transitions, thus obtaining the model. is based on the so called possible worlds,itisrather nat- Then the properties to be veried will be specied as a ural to adopt it for reasoning about actions, by associating Anno III, N° 1/2, Marzo-Giugno 2006 17 CONTRIBUTI SCIENTIFICI possible worlds with states, and transitions between worlds The paper present a system that, during the evolution of a with actions. society of agents, veries the compliance of the agents be- An important problem which arises in reasoning about havior to the protocol, by checking fulllment or violation actions is the so called frame problem, i.e. the problem of expectations. of specifying in an efcient way what are the uents that Another approach for the specication and verication do not change from one situation to the next one when an of interaction protocols is proposed in [32] using a combi- action is executed. Usually this problem is formulated in nation of dynamic and temporal logic. Protocols are ex- a nonmonotonic way, by saying that we assume that each pressed as regular expressions, (communicative) actions uent persists if it is consistent to assume it. The frame are specied by means of action and precondition laws, problem has been formally represented by means of non- and temporal properties can be expressed by means of the monotonic formalisms, or in classical logic by means of a until operator. Several kinds of verication problems can completion construction due to Reiter. be addressed in that framework, including the verication Among other formalisms we can mention the event cal- of protocol properties and the verication that and agent is culus,anextension of logic programming with explicit compliant with a protocol. time points, and uent calculus. Formal techniques for reasoning about actions have been 3.3.3 Automated reasoning on the web mainly applied in the area of planning, where the term cog- Automated reasoning is becoming an essential issue in nitive robotics was coined. In this context, the robot pro- many web systems and applications, especially in emerg- gramming language GOLOG [47] has been dened, based ing Semantic Web applications. The aim of the Semantic on the situation calculus. GOLOG allows to write pro- Web initiative is to advance the state of the web through grams by means of statements of imperative programming the use of semantics. Various formalisms have already languages (similar to those provided by dynamic logic). emerged, like RDF or OWL, an ontology language stem- GOLOG programs are nondeterministic, and plans can be ming from description logics. So far, reasoning on the obtained by searching for suitable program executions sat- Semantic Web is mostly reasoning about knowledge ex- isfying a given goal. The language has been extended to pressed in a particular ontology. deal with concurrency and sensing. The next step will be the logic of proof layers, and A different approach, based on modal logic, is presented logic programming based rule systems appear to lie in the in [10] where programs consist of sets of Prolog-like rules mainstream of such activities. Combinations of logic pro- and can be executed by means of a goal-directed proof programming and description logics have been studied, and cedure. nonmonotonic extensions have been proposed, in particu- 3.3.2 Multi-agent systems lar regarding the use of Answer Set Programming. These research issues are investigated in REWERSE, Reason- Many of the techniques described in this article have been ing on the Web with Rules and Semantics, a research applied to reasoning in multi- agent systems. We have al- Network of Excellence of the 6th Framework Programme ready mentioned extensions to model checking to deal with (http://rewerse.net/). agents mental attitudes. Web services are rapidly emerging as the key paradigm The issue of developing semantics for agent communi- for the interaction and coordination of distributed business cation languages has been examined by many authors, in processes. The ability to automatic reason about web ser- particular by considering the problem of giving a veriable vices, for instance to verify some properties or to compose semantics, i.e. a semantics grounded on the computational them, is an essential step toward the real usage of web models. Given a formal semantics, it is possible to dene services. Web services have many analogies with agents, what it means for an agent to be respecting the semantics of and thus many of the techniques previously mentioned are the communicative action when sending a message. Veri- also being used to reason about web services. In partic- cation techniques, such as model checking can be used ular, regarding web service composition, we can mention to check it. For instance, in [76] agents are written in [14] and the ASTRO project [6] which has developed tech- MABLE, an imperative programming language, and have niques and tools for web service composition, in partic- a mental state. MABLE systems may be augmented by the ular by making use of sophisticated planning techniques, addition of formal claims about the system, expressed us- which can deal with nondeterminism, partial observability ing a quantied, linear time temporal BDI logic. Properties and extended goals. of MABLE programs can be veried by means of the SPIN model checker, by translating BDI formulas into the form used by SPIN. REFERENCES The problem of verifying agents compliance with a pro- [1] M. Alberti, D. Daolio, P. Torroni, M. Gavanelli, E. Lamma, tocol at runtime is addressed in [1]. Protocols are specied and P. Mello. Specication and verication of agent inter- in a logic-based formalism based on Social Integrity Con- action protocols in a logic-based system. In SAC, pages straints, which constrain the agents observable behavior. 7278, 2004. 18 Anno III, N° 1/2, Marzo-Giugno 2006 CONTRIBUTI SCIENTIFICI

[2] S. Anantharaman and M. P. Bonacina. An application of [20] R. S. Boyer and J S. Moore. A Computational Logic Hand- automated equational reasoning to many-valued logic. In book. Academic Press, 1988. CTRS-90,volume 516 of LNCS, pages 156161. Springer, [21] R. Caferra, A. Leitsch, and N. Peltier. Automated Model 1990. Building. Kluwer, 2004. [3] S. Anantharaman and J. Hsiang. Automated proofs of the [22] C. L. Chang and R. C. T. Lee. Symbolic Logic and Mechan- Moufang identities in alternative rings. J. Automat. Reason., ical Theorem Proving. Academic Press, 1973. 6(1):76109, 1990. [23] R. L. Constable. Implementing Mathematics with the Nuprl [4] P. B. Andrews, M. Bishop, S. Issar, D. Nesmith, F. Pfen- Proof Development System. Prentice Hall, 1986. ning, and H. Xi. TPS: a theorem proving system for classical type theory. J. Automat. Reason., 16(3):321353, 1996. [24] M. Davis, G. Logemann, and D. W. Loveland. A machine [5] A. Armando, M.P. Bonacina, S. Ranise, and S. Schulz. On program for theorem proving. C. ACM, 5:394397, 1962. arewriting approach to satisability procedures: extension, [25] M. Davis and H. Putnam. A computing procedure for quan- combination of theories and an experimental appraisal. In tication theory. J. ACM, 7:201215, 1960. FroCoS-5,volume 3717 of LNAI, pages 6580. Springer, [26] G. De Giacomo and M. Lenzerini. PDL-based framework 2005. for reasoning about actions. In M. Gori and G. Soda, edi- [6] ASTRO. http://sra.itc.it/projects/astro/. tors, AI*IA,volume 992 of Lecture Notes in Computer Sci- [7] L. Bachmair and N. Dershowitz. Equational inference, ence, pages 103114. Springer, 1995. canonical proofs, and proof orderings. J. ACM, 41(2):236 [27] M. Fitting. First-order Logic and Automated Theorem Prov- 276, 1994. ing. Springer, 1990. [8] L. Bachmair and H. Ganzinger. Rewrite-based equational [28] T.H. Fung and R.A. Kowalski. The IFF proof procedure for theorem proving with selection and simplication. J. Logic abductive logic programming. J. Log. Program., 33(2):151 and Comput., 4(3):217247, 1994. 165, 1997. [9] L. Bachmair, A. Tiwari, and L. Vigneron. Abstract congru- [29] D.M. Gabbay and N. Olivetti. Goal-Directed Proof Theory. ence closure. J. Automat. Reason., 31(2):129168, 2003. Kluwer Academic Publishers, 2000. [10] M. Baldoni, L. Giordano, A. Martelli, and V. Patti. Pro- [30] M. Gelfond and Vladimir Lifschitz. Classical negation in gramming rational agents in a modal action logic. Annals of logic programs and disjunctive databases. New Generation Mathematics and Articial Intelligence, 41(24):207257, Comput., 9(3/4):365386, 1991. 2004. [31] S. Ghilardi, E. Nicolini, and D. Zucchelli. A comprehensive [11] M. Benerecetti, F. Giunchiglia, and L. Serani. Model framework for combined decision procedures. In FroCoS-5, checking multiagent systems. J. Log. Comput., 8(3):401 volume 3717 of LNAI, pages 130. Springer, 2005. 423, 1998. [32] L. Giordano, A. Martelli, and C. Schwind. Specifying and [12] C. Benzmuller, L. Cheikhrouhou, D. Fehrer, A. Fiedler, verifying interaction protocols in a temporal action logic. Huang, M. Kerber, M. Kohlhase, K. Konrad, and E. Melis. Journal of Applied Logic, 2006. to appear. ΩMEGA: towards a mathematical assistant. In CADE-14, volume 1249 of LNAI, pages 252255. Springer, 1997. [33] M. Gordon and T. F. Melham. Introduction to HOL - A The- orem Proving Environment for Higher Order Logic. Cam- [13] C. Benzmuller and M. Kohlhase. LEO - A higher-order bridge Univ. Press, 1993. theorem prover. In CADE-15,volume 1421 of LNAI, pages 139143. Springer, 1998. [34] R. Gore. Tableau methods for modal and temporal logics. [14] D. Berardi, G. De Giacomo, M. Lenzerini, M. Mecella, In M DAgostino, D Gabbay, R Haehnle, and J Posegga, and D. Calvanese. Synthesis of underspecied composite editors, Handbook of Tableau Methods, pages 297396. -services based on automated reasoning. In ICSOC, pages Kluwer Academic Publishers, 1999. 105114, 2004. [35] G.J. Holzmann. The SPIN Model Checker. Addison- [15] Y. Bertot and P. Casteran. Interactive Theorem Proving and Wesley, 2003. Program Development CoqArt: The Calculus of Induc- [36] J. Hsiang and M. Rusinowitch. Proving refutational com- tive Constructions. Springer, 2004. pleteness of theorem proving strategies: the transnite se- [16] W. Bibel. Automated Theorem Proving. Friedr. Vieweg & mantic tree method. J. ACM, 38(3):559587, 1991. Sohn, 2nd edition, 1987. [37] G. Huet and J. M. Hullot. Proofs by induction in equational [17] M.P. Bonacina. A taxonomy of theorem-proving strategies. theories with constructors. J. Comput. Syst. Sci., 25:239 In Articial Intelligence Today Recent Trends and Devel- 266, 1982. opments,volume 1600, pages 4384. Springer, 1999. [38] A. C. Kakas and P. Mancarella. On the relation between [18] M.P. Bonacina and J. Hsiang. Towards a foundation of truth maintenance and abduction. In Proceedings of the 2nd completion procedures as semidecision procedures. Theor. Pacic Rim International Conference on Articial Intelli- Comput. Sci., 146:199242, 1995. gence, 1990. [19] M.P. Bonacina and J. Hsiang. On the modelling of search [39] A. C. Kakas, A. Michael, and C. Mourlas. ACLP: Abduc- in theorem proving towards a theory of strategy analysis. tive Constraint Logic Programming. Journal of Logic Pro- Inf. Comput., 147:171208, 1998. gramming, 44(1-3):129177, July 2000. Anno III, N° 1/2, Marzo-Giugno 2006 19 CONTRIBUTI SCIENTIFICI

[40] D. Kapur and D. R. Musser. Proof by consistency. Artif. [60] L. C. Paulson. Isabelle: A Generic Theorem Prover,volume Intell., 31:125157, 1987. 828 of LNCS. Springer, 1994. [41] D. Kapur and H. Zhang. A case study of the completion [61] W. Penczek and A. Lomuscio. Verifying epistemic prop- procedure: proving ring commutativity problems. In Com- erties of multi-agent systems via bounded model checking. putational Logic Essays in Honor of Alan Robinson, pages Fundam. Inform., 55(2):167185, 2003. 360394. The MIT Press, 1991. [62] D. A. Plaisted and Y. Zhu. The Efciency of Theorem Prov- [42] D. Kapur and H. Zhang. An overview of Rewrite Rule Lab- ing Strategies.Vieweg & Sohns, 1997. oratory (RRL). Computers and Mathematics with Applica- [63] A. Riazanov and A. Voronkov. The design and implementa- tions, 29(2):91114, 1995. tion of VAMPIRE. J. AI Commun., 15(2/3):91110, 2002. [43] M. Kaufmann, P. Manolios, and J S. Moore. Computer [64] S. Schulz. E a brainiac theorem prover. J. AI Commun., Aided Reasoning : ACL2 Case Studies. Kluwer, 2000. 15(23):111126, 2002. [44] A. Leitsch. The Resolution Calculus. Springer, 1997. [65] J.M. Schumann. Automated Theorem Proving in Software [45] N. Leone, G. Pfeifer, W. Faber, T. Eiter, G. Gottlob, S. Perri, Engineering. Springer, 2001. and F. Scarcello. The DLV system for knowledge represen- [66] N. Shankar. Little engines of proof, 2002. In- tation and reasoning. ACMTransactions on Computational vited talk, 3rd FLoC, and course notes, Fall 2003, Logic,toappear, 2002. http://www.csl.sri.com/users/shankar/LEP.html. [46] R. Letz, J.M. Schumann, S. Bayerl, and W. Bibel. [67] R.E. Shostak. An algorithm for reasoning about equality. SETHEO: a high performance theorem prover. J. Automat. C. ACM, 21(7):583585, 1978. Reason., 8(2):183212, 1992. [68] R.E. Shostak. Deciding combinations of theories. J. ACM, [47] H.J. Levesque, R. Reiter, Y. Lesperance, F. Lin, and R.B. 31(1):112, 1984. Scherl. GOLOG: A logic programming language for dy- [69] P. Simons, I. Niemela, and T. Soininen. Extending and im- namic domains. Journal of Logic Programming, 19(20):1 plementing the stable model semantics. Artif. Intell., 138(1- 679, 1994. 2):181234, 2002. [48] D. W. Loveland. Automated Theorem Proving: A Logical [70] R. Socher-Ambrosius and P. Johann. Deduction systems. Basis. North-Holland, 1978. Springer, 1997. [49] W. W. McCune. Solution of the Robbins problem. J. Au- [71] SPASS. http://spass.mpi-sb.mpg.de/, 2006. tomat. Reason., 19(3):263276, 1997. [72] M. E. Stickel, R. Waldinger, M. Lowry, T. Pressburger, and [50] W.W. McCune. Otter 3.0 reference manual and guide. Tech- I. Underwood. Deductive composition of astronomical soft- nical Report 94/6, MCS Division, Argonne National Labo- ware from subroutine libraries. In CADE-12,volume 814 ratory, 1994. of LNAI, pages 341355. Springer, 1994. [51] Mizar. http://mizar.uwb.edu.pl/, 2006. [73] Mark E. Stickel. A Prolog technology theorem prover: new [52] M.W. Moskewicz, C.F. Madigan, Y. Zhao, L. Zhang, and S. exposition and implementation in Prolog. Theor. Comput. Malik. Chaff: Engineering an efcient SAT solver. In David Sci., 104:109128, 1992. Blaauw and Luciano Lavagno, editors, DAC-39, 2001. [74] T. Tammet. Gandalf. J. Automat. Reason., 18(2):199204, [53] G. Nelson and D.C. Oppen. Simplication by cooperating 1997. decision procedures. ACMTOPLAS, 1(2):245257, 1979. [75] L. Vigneron. Automated deduction techniques for studying [54] G.Nelson and D.C. Oppen. Fast decision procedures based rough algebras. Fundamen. Inform., 33:85103, 1998. on congruence closure. J. ACM, 27(2):356364, 1980. [76] M. Wooldridge, M. Fisher, M.-P. Huget, and S. Parsons. [55] R. Niewenhuis, J.M. Rivero, and M.A. Vallejo. The Model checking multi-agent systems with mable. In AA- Barcelona prover. J. Automat. Reason., 18(2), 1997. MAS, pages 952959. ACM, 2002. [56] NuSMV. http://nusmv.irst.itc.it/. [77] L. Wos, R. Overbeek, E. Lusk, and J. Boyle. Automated Reasoning: Introduction and Applications. McGraw-Hill, [57] H.J. Ohlbach, A. Nonnengart, M. de Rijke, and D.M. Gab- 2nd edition, 1992. bay. Encoding two-valued nonclassical logics in classical logic. In John Alan Robinson and Andrei Voronkov, edi- [78] H. Zhang. SATO: an efcient propositional prover. In tors, Handbook of Automated Reasoning, pages 14031486. CADE-14,volume 1249 of LNAI, pages 272275. Springer, Elsevier and MIT Press, 2001. 1997. [58] N. Olivetti. Tableaux for nonmonotonic logics. In [79] L. Zhang and S. Malik. The quest for efcient boolean satis- M DAgostino, D Gabbay, R Haehnle, and J Posegga, ability solvers. In CADE-18,volume 2392 of LNAI, pages editors, Handbook of Tableau Methods, pages 469528. 295313. Springer, 2002. Kluwer Academic Publishers, 1999. [59] S. Owre, J. Rushby, N. Shankar, and D. Stringer-Calvert. PVS: an experience report. In Applied Formal Methods FM-Trends 98,volume 1641 of LNCS, pages 338345. Springer, 1998. 20 Anno III, N° 1/2, Marzo-Giugno 2006