Wolfgang Bibel, Koichi Furukawa, Mark Stickel (editors):
Deduc�on
Dagstuhl-Seminar-Report; 58 08.03.-12.03.93 (9310) ISSN 0940-1121 Copyright © 1993 by IBF I GmbH, Schloß Dagstuhl, 66687 Wadern, Germany Tel.: +49-6871 - 2458 Fax: +49-6871 - 5942 Das Intemationale Begegrungs- und Forschungszentrum für Informatik (IBFI) ist eine gemein- nützige GmbH. Sie veranstaltet regelmäßig wissenschaftliche Seminare, welche nach Antrag der Tagungsleiter und Begutachtung durch das wissenschaftliche Direktorium mit persönlich eingeladenen Gästen durchgeführt werden. Verantwortlich für das Programm: Prof. Dr.-Ing. José Encamagao, Prof. Dr. Winfried Görke, Prof. Dr. Theo Härder, Dr. Michael Laska, Prof. Dr. Thomas Lengauer, Prof. Walter Tichy Ph. D., Prof. Dr. Reinhard Wilhelm (wissenschaftlicher Direktor) Gesellschafter: Universität des Saarlandes, Universität Kaiserslautern, Universität Karlsruhe, Gesellschaft für Informatik e.V., Bonn Träger: Die Bundesländer Saarland und Rheinland-Pfalz Bezugsadresse: Geschäftsstelle Schloß Dagstuhl Informatik, Bau 36 Universität des Saarlandes Postfach 1150 66041 Saarbrücken Germany Tel.: +49 -681 - 302 - 4396 Fax: +49 -681 - 302 - 4397 Dagstuhl Seminar on Deduction
VVolfgang Bibel Koichi Furukawa Mark Stickel TechnischeHochschule Darnistadt Keio University SRI Internationa.l
Logic is an essentia.lformalism for computer scienceand artificial int.elligence. It is used in such diverse and importa.nt activities as
0 Problem specifica.tion.
0 Program transformation, verification, and synthesis.
o Hardware design and veri�cation.
0 Deductive da.tabases.
0 Knowledge representation, reasoning, diagnosis, a.nd planning.
o Natural language understanding. 0 Mathematicaltheorem proving.
The universality of the la.ngua.geof logic, the certainty about the meaning of statements in logic, and the implementability of operations of logic, all contribute to its usefulness in these endeavors. Implementations of logica.l operations are realized in the field of a.uto1nated clccluction, which has introduced fundamental techniques such as unification. resolution, and term rewriting, a.nd developed automated deduction systems for propositional, first-order, higher-order, and noncla.ssica.llogics. This meeting was convenedto give international researcherson deduction the opportu- nity to meeta.nd discuss techniques, applications, and research directions for deduction. Presentationscovered many topics of current researchin the �eld. At least equally va- luable was the opportunity to discuss our successes,failures, plans, and dreams. Wo have achieved some great successes,such as solving open problems in matl1en1a.tics and verifying a microprocessor design, and deductive techniques are embedded in logic programming,deductive database, a.nd artificial intelligencesystems. However, a.uto� mated deduction systems a.re not yet used extensively by mathematicians. logicians, or hardware and software developers. At the start. of a new German national project 011deduction, our discussions of goals for the field, as well as its methods, could prove important. �
The success of this meeting was due in no small pa.rt to the Dagstuhl Seminar Center and its staff for creating such a friendly a.ndproductive environment. The orga.ni'/.ers a.nd participants greatly appreciate their effort. Contents
Avenhaus, �I.: 6 Hierarchical Theorem. Proving Using Rewrite Techniques Denzinger, J. Dist-rubted knowledge-basetl equational theorem [)l�0'Ut'II._(j Podelski,, A; Sort Unfolding Is Not Horn�C'lause Resolution Caferra, R; Building mo:/(ls 'urhile searching refutations Leitsch, A.: C�/J Resolution Decision Procedures and Automated Model Building Héihnle, R; Uses of ./\Iang � valued Logic in Ha.r(lwar(- 1-"'¬ri�c(ztio-n. Dahn, B. 1.: 9 What Thron m Proving can Learn from Model Theory Bnndy, A.: '10 The Prod zzc'l1'rc Use of Failure in Inductive Theorem Proving Walther, (3.: (.7'omputin.g I "ml ucl ion. A;rioms Lusk, E; 11 Recent Throrcm-Proving Activities at Argonne Mc.Al1ester, D; 11 Tractable In.fc;rence and Obvious-ness H algiya,M.: A Typed ,\-(?'a.lculus for Provin.g-l)y-E;ra-mple and Bottom- Up Generali::a.tio12 Procedure Schwichtenberg, II.: Arithmetic for the partial continuous functions Letz, R.: Extensions of Model Elimination Calculi Petermann, U.: Connection calculi with built-in theories 9-6 v-Ir-I Ohlbach, H.-J.: C40 KL-ONE, lVIo(lal Logic, Generalized Quanti�ers and F irst-Order Predicate Logic Theorem Proving Bledsoe, W.: ab- 00 Some Thoughts on Automated Proof Discovery, Especially HOL and Analysis Sa.to, T; An Inductively Complete Inference System Loveland, D.W.: SATCHMORE: SA TCHA/[0 with RElevancy Hasegawa, R.: Non-Horn Magic Sets on MGTP Bayer, R.S.: e 1 7 �ein.Update� on .\Ie('/m�n'ieal T'eri�mlion: :\Im'/zine Code und �licvvqirocessmrs Ganzingcr, H.: 1.7 Basic P11ranzm/zl/aiioiz Kapur, D.: l8 Consll'ai-rz.i.s um! [IIIÄ�CGfITOII Kirchner, C.: 18 Dedu.ctio'n. will: C'ons/rainls Siekmann, J.: 19 Q-1\-IKIIP: .4 Proof De'velop'nzr~nf E1ll7l'l�0�lIIl2.¬7ll Nipkow, T.: 20 A;r2Tomr1I.ie Type (7lasses Smolka, G; '21 C'on..s'h'a'int Lngic Prag-rannning mil/1 .:'\-"(gallon Mukai, I{.: '22 An Algebra/z}? Ge-n.em.li:aI'ion of I�n_/o~rnml�ion ._S'll.l)._'~"ll�lII[)l-'lT()'II Satoh, I\'.: 22 Two P-roceelu-res for log-ic prog-ra-nzs l)(l.S'('(/ on slablct models Robinson, J.A.: 23 Parallel Reasoning and La-rge info-re-nces Hölldobler, S.: '23 On the Adequafeness of the Co-no-nee!-io-n Mr"-I/zo(l Kleine Biining, H.: '24 Search Space: and Average Proof L¢;~n.gl/2 of I?(-s-olniion Bibel, W.: 2e! Aspects of 1.126.: Proof-..S'y.'wIe--nz IA\'()1�\lIE'1l' Goltz, H.-J.: - �.25 Cent-rolling Deduction. Iltxroug/2 I)e:elara,lire (-'o-nsl-ruels Leiß, H.: 13:") Solvable Cases of the Sen2.i-I/12.-ijic(1,Irio12 Il�ro1)le-n1 Plaisted, D.: 26 Theorem P-rmvi-izg by Model Testing
Q5�! Hierarchical Theorem Proving Using Rewrite Techniques Jürgen Avenhaus, Klaus Becker, Claus-Peter Wirth Universität Kaiserslautern
We present a method to handle rewrite systems R with a built�in a.lgebra A. The algebra A may be a well-known one (such as t.he int.eger or rational numbers) or 1na.y itself be given by a convergent rewrite system R0. The approach a.llows one to de�ne new (partial) functions on A by positive/ negative conditional rewrite rules. To de�ne the semantics of such a speci�cation we use a mild form of order-sorted speci�cations to deal with unde�ned terms and give a careful de�nition of how to evaluate the negative conditions in a rewrite rule. As a result of this de�nition, adding new equations to the speci�ca.tion is a monotone operation in the sense of logic. \'Ve carry over the well-known methods to prove confluence of the rewrite relation �-+3, provided ��>R is terminating. To prove that R is terminating we extend the RPO- approach to our setting. Such a proof may need to prove a theorem in A. The bene�ts of this work are
0 Hierarchical theorem proving is supported
o Explicit knowledge on the world of interest can be stated
0 Ef�ciency of the built-in operators can be used
0 Expressiveness of speci�cation is enhenced
0 Partial functions a.re allowed
Distributed knowledge-based equational theorem proving Jörg Denzinger Universität. Kaiserslautern
Distributing the theorem proving task to several experts is a promising idea. Our approach, the team work method, allows the experts to compete for a while and then they are forced to cooperate. Each expert has a referee that judges the work done by the expert (competition) a.ndthat selectsuseful results of his expert (thus achieving cooperation). The refereesreport to a supervisorthat usesall results of the best expert and the selectedresults of the other experts to generatea new starting input for a next round. This is repeated until a proof is found. Experts use different tactical control knowledge. referees use assessmentknowledge and the supervisor is based on strategical control knowledge. \-Veused the team work method to rlistrilinte equational theorem proving based on unfailing completion. }?J.\'l)(�ri(�ll(.�(�Sshowed that for many examples reinarkable (i.e. "super-linear�) speed-ups can be achie\'ed.
Sort Unfolding Is Not Horn-Clause Resolution
Ha.ssa11 Ait-Kaci , Andreas Podelski Digital Paris R.esearC11Lab
VVewill describe. and formally justify. a.n algorithm performing lazy sort. unfolding in the nornialization of or(ler�sortrfd feature (OSF) structures modulo a.sort theor_v.We will argue that this algorithm has a. radi('all_\_'different operational effect.and logical sernantics tha.n the resolution-based method used in most other s_ystemswith sort definitions. All other formalisms and systems known to us. most in linguistics. tha.t support sort. definitions, see sorts as monadic predicates defined as llorn�Clausesand tl1e11operationally enforce sort constraints by Ilorn-clause resolution. Tlie essential but very important difference is that our algoritlnn does not generate the solutions of a sort theory�s axioms, but rather is a ma.\'imallypassive structural <�onstraint <-nliorring schemethat weedsout any violation of a sort�s defining axiom by objects claimed or derived to be of that sort. VVe claim that the teclmiques we have developed for this algorithm go lieyong their more use 111fea.ture structure forma.lism. Tliey provide a.n elegant and ('lli«'i(�nl.means to incorporate knowldege-based reasoning in a (le(lu(�ti0n pro('('ssas well as olfer a powerful and clean facility for objectt-oriente(l logic programming.
Building models While searching refutations
Ri(°ar(lo Caferra LItF�IA-IMAG FRAN CE
We report results of a previous work (together with  Zabel) and a. current I�(�S("rH�('ll (together with C. Bourely). It ('on('erusa new (resohition�has<- Resolution Decision Procedures and Automated Model Building Alexa.11(le1'Leitsch U11ivc1�sit_vof Teclulology. Vie1111aAUSTRIA A proof theoretical method. based on resolution relinements. is used to decide a wide rangeof cla.useclasses. The basic i(lea consistsin defining specific resolution refinements which terminate on (decidable) clause classes. By this approach one ca.nsuccessfully ha.ndlealmost. a.ll of the classicaldecidable pre�x classes;moreover a. wide rangeof non- prefix classes(the function symbols need not be of Skolem type) can be decided by resolution. Ba.sedon the approachof \~V.ll..loynerwe give a method-orientedapproach to the decision problem in clauselogic. First A-ordering refinementsare presentedand it is outlined. how the one-variable class can be decided by this type of relinemeilt; it @&\� emphasizedtha.t the use of a-iposterioriordering a.ndcondensing is necessa.ryin order to get termina.tion. It is shown tha.t A-ordering refinements a.re not suited for deci- ding classeshaving syntax properties strongly connectedto the propositional structure of clauses;e.g. no A-ordering re�nement terminates on the class Bernays-Sch6n�nkel- Ilorn. For classes of this type hyperresolution turns out to be an adequate refinement. We define the classes PVD a.nd OCC1N, which a.re general (non-Horn) termination classesfor hyperresolution. In order to decide these classesa refinement generator for semantical settings) instead of a fixed refinement is required. Resolution decision pro- cedures a.re at the same time very ef�cient theorem provers. As decision re�nements keep term complexity a.ndclause size low, it is suggestedt.o design a theorem prover based on a preclassific.ationof sets of clausesby meansof decision theory. The ter1ni� nation classesof hyperresolution ca.nbe used as raw materia.l for a algorithmic model building method which does not use case-splitting. In case of PVD a.nd OCCIN the Herbrand models can be turned into finite models by �ltration. Uses of Many-Valued Logic in Hardware Veri�cation Reiner Hähnle Unix-'ersityof Karlsruhe Recent. a.dva.ncesin deduction techniques for many-valuecl logic (M VL) created the possibility of designing theorem provers for M\-"L that. can compete in performance withth-° . ein� c I assica I eoun t1 .er)ar.s. t 'l| �iis lllf 10 cs or 11 )ro)osi t iona I as we ll as '01�l f its t --01'( ler logic. On the other hand, a. review of the lit.erat.ure where MV L theorem proving can pla.y a role, shows that instead of genuine MVL reasoning reductions to classic.al logic. are used. The implement.a.tions a.re usually based on decision diagrams. Vt/e argue tha.t genuine MVL proof procedures a.re potentially more efficient (and cer- tainly more genera.l) and we point out some problems of hardware verifica.tion, where techniques developed in ma.ny~va.lueddeduction might be applied aclvant.ageously. What Theorem Proving can Learn from Model Theory Bernd I. Dahn Berlin Model theory is concerned with the study of the relations between properties of theories and properties of it�s model classes. Looking a.t the proval)ilit...\'of a formula. as a property of the class of models of the given theory, properties of that. class can be used to reason about the provability of tlie formula.. This requires a logic, that has a. good model tlieory (like first order logic. topological logic Ltop or the logic with the quantifier "tliere exist (uncountably) inauy� LQ�) and a detailed knowledgeof the algebraicproperties of the concrete classof models. Besidesnegative results showing that each proper extension of first. order logic loses some valuable model theoretic property, there a.re positive model theoretic results that. can be useful in the design of theorem provers for specific theories. If}. g. due to a theorem by Ryll-Nardzewski the branching of cases for count.abl (.'2l.l.(*.g()l'l(.'El.ltheories can be bounded. Axiomatizability a.nd quaut.ilier elimination results can t�est.1'l(.�tthe complexity of the formulas to be considered. The invariance of the validity of formulas under certain algebraic cotist.ructions (e. g. subdirect products. homomorphic images etc.) can be applied t.o transform the problem given t.o a prover. This is demonstrated by the design of a non-heuristic control mechanism for the work of background experts in a prover for the theory of la.ttice ordered groups within the ILF system, where the selection of the expert. for a 9 given subproblem as well as the evaluation of its results is guided by model theoretic a.nd algebra.ic principles. The Productive Use of Failure in Inductive Theorem Proving Ala.n Bundy Universit.y of Edinburgh Lemma (liscovery a.nd generalisation a.re t.wo of the major |un'dlesin automating in- ductive proof. \~\�eshow how to use the failure of an initial prool' attempt to suggest appropriate lr-rminata.and generalisations. We build upon -mippling.a. heuristic which plays a pivotal role in guiding inductive proof search. The goa.l of rippling is to reduce the difference between the induction conclusion a.nd the induction hypothesis by the selective application of appropriate rewrite rules. This ca.n fail in various ways. Diffe- rent failure patterns suggest diilerent kinds of patches, eg the la.ck of a. suitable rewrite rule suggests the proof of a lemma in the form of the missing rule: the inapplica.bility of a. lemma. suggests either a. nested induction or a generalisation, according to the reason for the ina.pplica.bility. We use meta.va.riablesto stand for the unknown parts of the lemma/ generalisationa.nd inst.a.ntiate these ineta.va.riablesduring the subsequentproof using higher-order unification. Computing Induction Axioms Christoph Walther Technische Hochschule Darmstadt. We analyse techniques and heuristics for computing induction axioms as proposed in Boyer a.nd Moore�s "A Computational Logic� (1979). The aim of this research is to obtain a better understanding of the semantics of the proposals, i.e. what are the intended effects, which limits exist, a.re the limits relevant, ca.n relevant limits be overcome etc. It ca.n be shown that one central goal of the proposals is to compute well-founded relations which (consideredas sets) are snpersetsof given well�founded relations or to compa.rewell�founded relations by set-theoretic inclusion. Another central goal is to guess useful inst.a.ntia.tionsfor universally quanti�ed va.ria.bleswhich cannot be used in the Boyer&Moore logic. The analysis uncovers faults of the subsumption heuristic which easily ca.n be repaired yielding a non-heuristic compa.risontest for compeetinginduction schemes. It can be shown that merging is a heuristic for guessing�successful� insta.ntiations of universally quantilied va.ria.bl.esin induction hypotheses prior to a. proof. This means 10 that the merging heuristi<%is 0l)s()leleif uni\'ersall_\°tpiantified \'aria|)lesare allowed in induction l1_\'p0t'lIeses. Recent Theorem-Proving Activities at Argonne Ewing Lusk Argonne National Lal)orator_v The theorem-proving researchgroup a.t Argonne (Bill l\«lcCune,l.arry Wos, and Ewing Lusk) continues work on high-performance and parallel implementations of clause- hased inference systems a.ud the application of theses_ystemsto open prohleins 111 mathematicsa.nd logic. This talk sur\~'eyedrecenta. Tractable Inference and Obviousness David M('A1leste1' Massa('h11ssettsInstitute of Te(�l1nolog_v We take the view that a.proof verification systemshould provide a notion of proof su('lI that a proof is a sequenceof �acceptal)le� steps. A step is acceptableif the statement made in that step is �o|)vious� in a teclmical senseprovided l)y the system. The main challengein the construction of such a system is providing a notion of obviousuess(or acceptibility for proof steps) that is natural for human proof writers and yet. allows the system to efficiently determine if a give.nstep is obvious. This ta.lk discussesthe use of inference rules in de�ning notions of obviousness. The ta.lk emphasizessets of inferencerules that de�ne polynomial time decidable inference relations. Powerful general purpose rule sets can be constructed using nonstandard syntax for first. order logic. A syntax for first order logic basedon Montaguegrammar is discussedalong 11 with a corresponding pol_ynomia.ltime i1|l'eren('<�~relation (lelined by inference rules in this synta.x. The general nature of inference rules as a model of co1nput.a.tionis also discussed. There are two ma.in theorems in this area.. Frust, the forward chaining closure of any set of premises under a.ny set of inference rules can be computed in time proportional to t.he number of rules firings. This theorem allows for the simple construction of a variety of polynomia.l time algorithms. Second, inference rules provide a very simple descriptive characterization of the complexity class P. A set of expressions is a polynomial time decida.ble language if and only if it is the set of theorems of some polynomialtime rule set. i A Typed A-Calculus for Proving-by-Example and Bottom-Up Generalization Procedure Masami Hagiya University of Tokyo We extend Logica.lFramework, one of the typed /\-calculi of La.1nbdaCube, and ap- ply it to the problem of proving-by-example. The extended calculus allows recursions a.nd inductions on natural numbers, a.nd inferences on linea.r arithmetical terms are built into its type system. The extension corresponds to tha.t of logic programming by constraints in the sense that the constraint solver cooperates with the ordinary type-checking algorithm. We then formulate a bottom-up procedure for generalizing a concrete proof by recovering inductions that are expanded in the concrete proof. The procedure can reconstruct inductions whose induction formula is a E1-formula. The generalization procedure can be iterated to construct nested inductions. Conse- quently, it ca.n �nd inductions whose induction formula. is a limited form of bounded quanti�cation. Arithmetic for the partial continuous functions Helmut Schwichtenberg Mathematisches Institut der Universität München Computable functionals ha.vethe Kreisel~Scott�Ersov partial continuous fnnctiona.ls as their natural domain. Hence in order to reason about functional programs it is natural to work in a higher order arithmetic. with (program) constants for computable functiona.lsand the sets D, of partial continuousfunctionals of type p as the intended domains of the type p variables. To be able to talk about non�continuous functionals as well (like non-strict equality) we also allow function symbols denoting functions externalto the model. A formal systemof the strengthof Peano~-arithmetica.nd based on the -+ /\�v��-fragment of minimal logic. is described which is then used to study the 1?. proof as/about programs pa.radigmsin this setting. The e.\'p|i<.'it.representa.tion of proofs ��^� (essent.ia.ll_vt.ype»�free) ,\»-terms makes it. possible to do progra.m development by proof tra.nsforma.t.ioii,specifi(°a.ll_\' using Goads idea.of pruning proof trees. The system has been implemented(in .S'Clll3l\l19)),using SCl*ll'Il\*fEevaluation as an efficient mechanismto normalize terms and proofs; a side result here is a st.ongcompleteness theorem for typed )\~ca.lculns(cf. Berger/Schwichtenberg,LlCS�91). Extensions of Model Elimination Calculi Reinhold Lenz TU I\Iu11icl1 In this ta.lk extensions of model elimination calculi are presented. both concerning t.he reduction of proof length a.nd the reduction of search space. The not.ions are intro- duced in the framework of connection ta.hlean.\'.which genera.lizesmodel elimination a.ndconnection ca.lculi in t.worespects; first, arbit.ra.ry subgoal selection functions a.re admissiblein connectiont.ablea.u.\', secondly. t.he presence of t.ablea.u.\'as static proof ob- jects throughout the deduction processfacilit.a.t.es the a.pp|i<:a.t.ionof a.la.rger number of re�nements. In order to improve on the indeterminist.icpower of connection ta.bleau.\�._ we introduce the so-calledfolding up a.nd folding down operations which both can be viewed as controlled variants of the backward cut rule. The folding up operation is motivated by the fact tl1a.t.bot.tom�up lennnata. can be e.\'tract.edfrom the solution of a subta.bleauwhich ca.nbe reusedlater on a.t.other parts of the t.a.bleau.Folding up achievesa. particula.rly efficient rea.liza.t.ionof this idea by storing context.nnitt.Alen1ma.ta. in the tableau itself. As an optimistic versionof folding up, the folding down operation is de�ned, a.nd it is shown that folding down representsa.n efficient. implementa.t.ion of the factorization rule in tableaux. The way both operations a.re introduced also gives rise to a sharpeningof the regula.ritycondition, which forbids the presenceof two identical literals on the Samebranch. Consequently,the resulting refinementsof the new calculi, which a.rede�nitely superior t.o regular connection ta.l)lea.uXwith respect. to proof lengths, may also be better off concerningsearch pruning. Connection calculi with built-in theories Uwe Petermann Universität. Leipzig We presenta techniquefor building-intheories into f�irst.-orclertheorem pro\='ers and for proving their completeness.As the basecalculus we adapt the pool calculus wliich is one of the forma.lizationsof the connection method. Tlie approach relies on asformal characterizationof the interfacebetween forground and backgroundrea.soner. This 13 interface has two components. The first component. is a decidable set of theory connec- tions. Theory connectionsgeneralize coinplmnem ary pairs. \'\"'liene\-'erthe basecalculus would have to detect a complementarypair the forground reasonernow ha.sto detect a theory connection. The second component is an a.|gorithrn which computes a complete set of theory unifiers for ea.chtheory connection. This kind of theory unification is just the task of the background reasoner. It may be proved that the base calculus which has been modi�ed this way is complete if there are enough theory connections. �Enough� is formalized by the notion of a complete set.of theory connections. The approach may be applied among others to constraint theories, to taxonomic theories and to equational theories as their appear in the translation of modal into �rst-order logic. The examples show that complet.e sets of theory connections with solvable uni�cation problem may exist only for subclasses of formulas. In some theories there is no upper bound of the number literals within a theory connection. This causes a high bra.nching factor of the calculus. The way out is partia.l theory reasoning. That. means that. dilferently to total theory reasoning a theory connection and its unifier is not found in one step. Rather they are approxima.ted by a number of tra.nsformations of lit.era.ls. The partial theory connection calculus is complete if every theory� connection may be approximated by a. linear partial theory resolution derivation. For both the tota.l a.nd the partial theory connection calculus are given PTTP-like versions. Implementation is ongoing. KL-ONE, Modal Logic, Generalized Quanti�ers and First-Order Predicate Logic Theorem Proving Hans�JiirgenOhlbach MPI S'aa.rI)1'1'icl There are very close correspondences between certain pa.rts of the KL-ONE knowledge representation langua.ge a.nd standard propositional modal logic. More sophisticated versionsof KL-ONE correspondto multimodal logic of graded modalities. In this logic there are operators �for more than n m�. �for less than n ...� a.nd �for exactly n ...� which also play a role in generalizedquanti�er theory. In the talk I give a.noverview on these corresponda.ncesa.nd I present a new method for ma.pping these systems to first order logic which avoids many of the problems in earlier approaches. 14 Some Thoughts on Automated Proof Discovery, Especially HOL and Analysis Woody Bledsoe University of Texas at Austin We discussedour SET-\-"AR prover. for proving a.portion of Second-OrderLogic. N mely, those theorems of the form SOME A P(A), where P(A) contains the va.ria.hleA ONLY in the form (t e A) (ie. t is an element of A), o1 --1(t 0 A), and where A must be instantiated by a. set.of the form 2: Q(z), where � is a formula in 170L. (We 0011111 have written (t e A) instead of A(t), where A is a.monatic predicate variable.) W0 gaveexamples of proofs using SET-VAR, discussedit soundness.a.nd conjec-.t,ure(l it completeness,for t.hisextention 011701..And showedits proof of a number of theorems, including the lntermedia.teValue Theorem. using the Least Upper Bound a,..\'iom. We a.lsocompared its performancewith other 5110115y51.01115. And st.a.l.e(lthat. a.ll other such known systems,though funda.menta.|l_\'import.a.nt.. need improvementsl.)(:�f0l'C they can prove certain important theorems (511111a5 the lutermecliate Value Tlieorem. the lleine- Borel Theorem . 010.). We also stated that to ])l'0(�(_�(�(lfurther with 511111important. theorems we 1111151employ higher-level planning stategies.use goals. motives. etc. An Inductively Complete Inference System Taisuke Sato Elm-t1'otec_l111i(°a.lLa.l)o1'a.to1'y Tsukuha. W6 present a. set I? of rules for in(lu('tiveinl'eren<'e. '_l�hereare three rules : o The ca.serule infers from a. clause ('two ('la.usesA \'(Ü. 1101(.-'\) \'('where A i5 a.n a.1'1)it1a.1ya.ton1. o The inverse-or rule is the inverse of or i1111°o1l111°ti011.(liven a clause l, v (X i1 infers C by deleting L. 0 The anti-substitution rule infers a. clause (Ö from its iIIslam'(�(�n where rr i5 a. Substitution. R is inductively Coml�)lete in the sense 1.11a.18117011 a. finite set (I of 112111505.it 02111 infer every possible clause set S such 1.11a.1.S F n. Applications include machine learning, Prograimniug from e.\'mnples,aml miventim; la.ws for observed facts e.\'pressedin terms 01111111505. SATCHMORE: SATCHMO with RElevancy Donald \\". Loveland Duke University, U.S.A. As effectivea.s forward chaining ca.n be, it suffersfrom the inabilityto workonly with relevant.information. i.e., information that relates to the goal. We have developed a method for propagating goa.l information (relevant.clauses and variable bindings) to (usua.lly) non-Horn clauses being processed, a.nd we present. this method as a relevancy detectionalgoritlun used with the SATCIIMO(forward�chaining) prover. \'Ve usethe version of SATCHMO that. utilizes Prolog for backchaining on llorn clauses, with forward chaining on non-Horn clauses. We-mark potentially relevant non-Horn clause head literals. a.ndthen require that. all! head literals be marked relevant before a cla.use is used for forward chaining. This relevam-�x,-'testing ca.n be implemented quite simply in Prolog such that the search is notJext.en(le(l beyond t.ha.t done for S.�\TCI°Il\�IO. Two examples are considered for which SATC-lll\l() takes da.ys to �nd a solution where SATCIll\/IORE takes seconds. One example involves inclusion of an irrelevant non- Horn clause and the secondinvolves propagation of va.ria.blebindings from the goal. Non-Horn Magic Sets on MGTP Ryuzo Hasegawa, Yoshihiko Ohta, Katsumi Inoue ICOT Institute for the New Generation Computer Technology VVepresent a new method that combinestop-down and bottom�up computations on model genera.tion theorem provers. This method called non-I-lorn magic sets is a. natural extension of Horn magic sets and is applicable to range-restricted non-Horn clauses. We show two types of non- Horn magic sets tra.nsforma.tions:brea.dt.h-first NHM and depth-first NHM. The first. one evaluates the antecedentlit.era.ls in a clause in parallel. The other evaluatesthem sequentially while propaga.tingthe bindings in a.n antecedent literal to the next by using continuation predica.tes. We prove the soundnessand completenessof the two transformations. We also prove a theorem saying that non-Horn magic sets have the Samepower as SATCllMOR.E (SATCHMO with relevancy testing) which is proposed by Lovelandet a.l. Severalexperiments have been made by running MGTP on the parallel inference machine PIM/m. The results show that. non-Horn magic sets can a.voiduseless case-splitting thereby shorteningexecution time drastically. For instance, the benchmarks requiring over one hour execution time are solved within a second. An Update on Mechanical Veri�cation: Machine Code and Microprocessors .Robert S. Boyer University of Texas at Austin and Computational Logic, Inc. (Cli11c) The Boyer-Moore mechanical theorem-prover (a..k.a.. Nqthm, see the book A C'0-znpu,Ia- tional Logic Handbook, Boyer and Moore, Aca.demic Press. 1988) 1121.3been increasingly employed in the verification of computing systems. Two interesting examples of veri�- cation are discussed. One is the \'erilica.t.ionof dozens of small machine code prog�ra.1ns for the Motorola. 68020, where the ma.chine code wa.sobtained via �indust.ria.l strength� compilers for C and Ada. Included are such Standard exaniples a.s quick sort, and bi- na.ry searcll. and all but. one subroutine in the Berkeley Unix (f string library. (\'\"orl Basic Paramodulation Harald Ga.nzinger MP1 Saa.1°b1'iicke11 (joint workwith L..Ba.chma.ir,Chr. Lynch,a.nd W. Snyder) We introduce a. class of restrictions for the orclercd paranioclulation and superposition (calculi (inspired by the ()n..s~icst.rat.eg_\' for narrowing). in which paramorlnlation inte- rences are forbidden a.t terms introclucecl by snbstit utions from previous inference steps. In addition we introduce restrict:.ions based on term selection rules and rcclcx orderings, which are general critieria. for delimiting the terms which are ?1.\"E1ll�l)l(�tor inferences. These re�nements a.recon1pa.til)le with st.a.n Deepak I{ap11r._Paliath i\�a1'e«l1'an State University of New Kork at All)a11_v Unification problems over equational theories can be transformed t.o solving a system of constraints over various domains. Solutions to unification problems ca.n be consi- dered as as building a decision tree by using constraints ba.sedon subterms appearing in them. This framework not only provides an elegant way for thinking about unifi- cation, but also gives efficient. optimal a.lgorithms for unifiabilit.__\.'check as well as for generating a complete set. of minimal unifiers. Coinplexity analysis ca.n be performed easily; heuristics can be devised to utilize additional struct.ural information in terms appearing in a unification problem. This is illusttratecl using unification problems with associative-comtnutative function symbols (which may or may not have ic|empot.enc_\' property a.nd ident.it_\').'l�his framework also seems to |)e useful for type-inference problems in the presence of subtype relation. union and refinement. types. DEDUCTION WITH CONSTRAINTS Claude I{irchner INRIA Lorraine S: CRIN Deduction with constraint.s is a. pa.ra.digm already widely recognized in the context. of logic progrannning. A general framework for deduction with const.ra.ints is presented with empha.sison its a.dvant.agesand the new problems t.ha.tshould be solved in order to extend complete deduction procedures like completion, resolution or narrowing. Recent results contributing to solving these problems will be presented. This talk is basedon our early work on deduction with constraints [1] and a.ftershowing the ma.in concepts, we present ongoing researches on this topic. Constrained formulae are first-order formulae completed by constraints; their semantics is to schematize all the instances of the formula. satisfying the ('onst1'a.i11tpart. This technique has many advantageswhich already havebeen recognized in the context of logic programming. In the framework of deduct.ionprocesses too, it. is most useful to homogenizethe deduction rules by letting a.ppa.rentfor example the unification, typing a.ndorientation problems. First, this allows studying strategiesa.t low level, refining them a.ndhopefully deriving efficient ones, for instance by dela.yingthe solving of difficult constraints. Second, constraints c.a.naccount for many aspects of structure-sharing: several instances of a term may be repla.cedby one constra.int. Last, a.ndthis is perhaps the ma.in point, constrained deduction is more expressive than classical deduction in the following sense: it makes possible t.o represent. infinitely many objects by a single one. For instance, the constra.i11edequality [f(.r) = f(y), (m # y)] schematizesa.n infinite number of classical equalities which cannot be equivalently replaced by a finite number of equalities. 18 WC shall see that this approa.ch has useful applications in autornated theorem proving in pa.rticula.r when focussing on uni�cation, disunification and orientation problems. The proposed deduction rules are very general and we feel that. most approac.hes follo- wed in automated deduction with constra.ints �t into this frainework. But the iiiference rules presented here should not be loosely iiiipleiiieiitecl. In order to get well-behavecl strategies a ca.reful scheduling should be thought a.bout too. ln particular we will moti- va.te the necessity of restructuration rules. the role of ba.sicit_v and the ma.in differences between t.he standard rewriting and constraint rewriting. [1] C. Kirchner. H. l\'irchner. and M. Rusinowitch : Deduction with symbolic constra.int.s. A R("l.?lt¬ Frrt-n.c(1.i.s'c d"inIclligence ar!i�.ciclle, rl(3):9-5�2, 1990. Special issue on .»\ut.on1atic Deduction. Q-MKRP: A Proof Development Environment Jörg Siekmaiin, Xiaorong Huang. l\Ianfred Kerber. Michael Iiohlhase. Erica Melis, Dan Neslnith, Jörn Ricllts Universitéit des Saarlandes Motivation: In the following we describe the basic idea.s underlying Sl�Ml{RP, an interactive proof development. environment. The requirements for this systein were derived from our experiences in proving an interrelated collection of theorems of a. typical textbook on semi�groups a.nd autoniata. with the first-order theorem prover Ml\'RP. An importa.nt finding \va.s that although current. automated theorem pl'()\'('l�s ha.ve evidently reac.hed the power to solve non�trivial problems. they do not provide suHic.ie.nt assistance for proving such a t.e.\'tl)ool<. Requirenlents and our Approach: Our ba.sic idea. is to build a. proof clevelopinent environment which combines both the reasoning power of automated theorem provers as logic engines a.-ml of the proof pla.nning mechanism proposed by .='\la.n liundy c't a.l. The proof planning approac.h, which is la.rgely l1uma.n�oriented and lends itself to a more natural interactive interfa.ce, is complenienta.ry to the more machine�0riented traditional theorem proving approa.ch. Below, we discuss two key features such systems should ha.ve, followed by the concrete solution we choose. Appropriate Connmuiication La.nguage: The input� la.ngua.ges of classic.al automated theorem provers are usually variants of first-order logic. When encoding tlietlu-orerns of the mentioned textbook in first-order logic, we were forced to use b�()])lliSl..i("d.l.(�(l formulation techniques. T ha.t is, although such a la.ngua.ge is sufficient in p-rinz-ip/r. in practice it is too weak to allow an adequate representation. Since the teclinical mathematical language in textbooks is much closer to sorted higher-order"logic, we have developed such an input language called '/DOST. Since the user e.\'pec.ts that apart from the knowledge of predicate logic, the system should also possess a large 19 amount of mathematica.l definitions and theorems, we are filling a database with the mathematica.lknowledge contained in the te.\'tbookmentioned above. In addition to the problemformulation language, the proof format is crucia.lfor a.n adequate interface. As a common proof format. for both the user and the system. we ha.vechosen the generally establishednatural deduction formalism. Integration of Automated and Interactive Theorem Proving�: Tliere is a gap between the problem formulation langua.gePOST and the proof format, on the one hand, a.nd the input and output langua.gesof the underlying first-order theorem provers on the other hand. In order to bridge this ga.pwe have to transform POST into the input la.nguagesof the underlying provers a.nd to transform the output proofs (such as a clause proof of a resolution-based prover) into natural deduction proofs. An advanced tool for proving mathematical theorems should also enable the user to communicate his proof strategies to the system, since every a.utoma.ted theorem prover still needs guidance through the search space for more difficult problems a.nd this situation will not cha.ngefundamenta.lly in the foreseeablefuture. In order to provide such facilities, we basically follow the proof planning approach of Alan Bundy, although certain modi�cations a.re necessary in order to incorporate higl1er�level human proof strategies such as analogy. A problem solving cycle in our system ca.nbe described briefly as follows: The user formulates his problem in 77'057.In order to solvethe problem he ca.nload de�nitions and already-proved theorems from the database, he ca.n invoke. a method to split the original problemby hand or let a plannerdo this, and he ca.npass a subproblemto a logic engine. When the subproblem is within the capability of the logic engine, a corresponding proof will be found a.nd translated back a.nd then the user will continue with the cycle from above. Outlook: Currently we a.re implementing these i-deas. As the first logic engine the MKRP system is already incorporated into the Q-MKRP, other systems will follow, in particular logic engines for higher-order logic a.nd mathematical induction. Axiomatic Type Classes Tobias Nipkow TU M1"1nchen Axiomatic type classesa.re a type system basedapproach to axiomatic theories. The aim is to support interpreta.tions between theories in order to facilitate the following kind of reasoning: �In all linear orderings the mazr-function is commutative. The integers are linea.rly ordered. Hence man: on integers is commutative�. The basis is the concept of type classes in the functional programming language Haskell. Type classes are collections of types which provide certain operations. Adding axioms to type. classesresults in a.naxiomatic theory. Concrete theories (types) are shown to be instances of abstract theories (classes) via a.n interpretation of the abstract operations 20 in the concrete I.heor_\'togetlier �with a.proof of t.heabstract. a.\'ioms. The concepts are demonstrated using \�aI'ionsorderings and lattices. The main a.d\*antagesof the concept.are o simp_licity: it only requires a. simple extension of ML polymorphism; 0 theory managementis performed by type inference; o o\v'erloa.(lingof functions is permitted. Constraint Logic Programming with Negation Gert Smolka DFKI Saa.rbr1'icke11 We present. a. framework GCl..li� for constraint logic programming with negation, which is designed to replace t.he con\'entionalmodel based on SLDNI�-resolut.ion. (l(TLl� assumes t.ha.t.a. constraint. system is given by a signature and a first-order theory. and that a program describes procedures by equivalences reminiscent. of (_'~|ark'scomplel.ion. 1As (|ec.lara.tivesemantics we take a.ll three-\¢°alne(lmodels of the cons! raint theory and the program, where only procedurescan have pa.rtial denotations (an approach due to Fitting a.nd I\'unen).A constra.int is any first-order formula. respecting the constraint. signature. GCLP is based on the well-known idea. that the purpose of computation consists in ma.king information explicit. 'l�hiscan be l°ornialized by taking const.raint..sas e.\'plicil. information, and by calling a const.raint. c5a.n e.\'plicat.i0n of a. formula 0 if o ��+ (7 is valid in every three�va.lued model of the constraint theory and the progrz-nn. ./\n interpreter is complete,if for every query a.nd e\=ery e.\'p|ica.tionit can compute an at least as tight explication when given the query and sul�cient. resources. We give an ideali'/.cd complete interpret.er a.nd proc.eed to a.n a.bstrac.toperational frainework providing for the design and a.na.lysisof pra.ct.ica.linterpret.ers. The framework captures computation as (lon�t c.arenondeterministic rewriting of e.\'pressionsmodulo a.congruence acconntin g for constraint sinipli�cation a.nd propa.ga.t.ion.In contrast to the SLDN 17-resolution. GCLP captures the notions of don�t. know choice a.nd finite failure within the calculus. An Algebraic Generalization of Information Subsumption Kuniaki Mukai Faculty of Environmental Information. Ixeio University, Japan Extensional subsumption relation on feature algebrasis generalizedfor coalgebrasfor class functors. For any set-based functor that preserves weak pullbacks, subsuniption constraints ha.ve a solution in the final coalgebra for the functor if and only if they have a solution in some coalgebra for the functor. This result is a g'enei°aliza.tio1iof the uni�cation lemma. forma.lized a.nd proved by J. Barwise, which, l]()W(�V'(�l',assumes the a.nti-foundation axiom a.nd trea.t.sonly the power class functor. W ith some more reasonableassumptions, e.\'ten(.la.l)ilityof constraints to those con- sisting of bisimulations a.nd subsumptions is (le.cidable from a simple combinatoria.l rea.soning due to our algebraic generalization of information subsumption. As fea.ture structures are a coalgebra for a functor which satisfies the above condition, this re- sult is a genera.liza.tion of the (lecidability on e.\'te1'1ia.lversion of feature subsumption problems obtained by �I. Dörre. This present work is based on the �nal coalgc-bra theorem proved by I�.Aczel and N.Mendler, which says that in ZFC minus the foundation axiom, every set-based func- tor ha.sa final coalgebra. Two Procedures for logic programs based on stable models Ken Satoh Fujitsu Labs., Kawasaki, Japan In this ta.lk, I give two procedures for logic programs. Stable model semantics is shown to be quite promising becauseof relationship with non�monotonic reasoning formalisms such as Autoepistemic Logic, Default Logic and Abduction. However, the original definitionof stablemodel is givenl)y �xed point a.nduntil recentlywe do not know how to compute stable models. Fortunately, there a.resome proposals on bottom-up algorithm to compute stable mo- dels a.nd we enhance it in treatment of integrity constraints. This is one of procedures in my talk and I give the simplest form of the bottom-up procedures. In terms of top�down proof procedure or query evaluation method, there was a proposal by Kowalski a.nd Eshghi. but it is only correct for a restricted class of logic programs. In this ta.lk, we show a query evaluation method which is correct for all consistent logic programs. It combines Kowalski a.nd Eshghi�s abductive method and Kowalski and Sadri�s integrity constra.int check method. This method is applicable not only to a logic program but also to a logic program with integrity constraints. 22 Parallel Reasoning and Large inferences J. A. Robinson S3-'1�acnseUniVe1'sity 'l"raditionalideas about.deductive reasoningare strongly human-orient.ed:for e.\'ample, the very common idea t.hat proofs should he formalized as sequencesof small inferences. But unification-basedlogics. such as those ba.sedon resolution, permit highly machine- oriented proofs whose constituents can be arbitrarily large inferences which need not be a.rra.ngedor processed sequentially. Such proofs are networks of inferences which can be processed (in particular, checked for correctness) in parallel. llnification itself is a naturally pa.ra.llelconcept. �last parallel algorithms (which are also e.\'tremelysimpler) are known for unification. and their proper deployinent yields large-inference patterns (such a.sultraresolution) featuring a very high degree of potential parallelism. Proofs built. from such �unnatural� machine-oriented logics are unsuitable. a.nd often even unintelligible. for lnimans. To make them directly useful to humans as aids to understanding. it would be necessaryto develop techniques for rearra.ngingand rescaling proofs. and for magnifying or zooming in on large inferencesso t.hat they can be seen a.scomposite proofs built from smaller inferences. On the Adequateness of the Connection Method Steffen Hfill(l()l)lC1� TH Da1'11'1sta(lt Roughly speaking, adequat.nessis the property of a theorem proving lH(�l1ll()(lto solve simpler problems faster than more difficult ones. .+�\utoma.l.edinfercucing methods are often not ade.qua.tea.s they require thousands of steps to solve problems which lnnnans seem to solve effortlessly. spontaneously. and with reinarkahle pllicienc_\'.hokendra. Shastri and Venkat Ajjanagadde --~ who call this gap the artificial intelligence paradox ~�� claim that their connectionist inference .s�_\'Sl-¬111is a first step t.owa.rd bridging this gap. In this ta.lk we show that their inference method is just reasoning l)_yreductions in the well-known connection method. In part.icular, we e.\'tenda. l'(�(lll(�l.l()ll technique called evaluation of isolated connections such that this technique �� togetlier with ot.lie1' reduction techniques -� solves a.ll problems which ca.n be solved by Shastri and ./\_ija- na.gadde�ssystem under the same parallel time and space requirements. (7onseqnentl_\-'. we obtain a semanticsfor Shastri and Ajjanagaddeis logic. But. most.inn)orta.ntl_\'. if Shastri and Ajjanagadde�s logic really captures the kind of reasoning which humans can perform effortlessly, spontaneously. and with remarl Hans Kleine Biining , Theodor L(:�l�.l'-lllilllll Universität. Paderborn V\"e introduce a de�nition of search space for resolut.ion based proof procedures. This definition describes more clearly t.he~differencesbetween the restrictions of resolution. Applying this concept. t.o monot.one rest.rictions of the resolution. an example is the N-�resolut.ion,we show t.hat.the averageproof length for propositional forrmilas is a.t. most four times a.s large as for unrestricted resolution. The inequality shows that comparing proof procedures with respect to minimal proof length and to average proof length may lead to essentia.lly different results. because for the N~-«resolutionthere exists infinite ma.ny formulas with superpolynomially minimal proofs whereas the resolution has polynomially minimal proof length. Aspects of the Proof-System KOMET W. Bibel TH Da1'111st.a(lt Based on the experiencewith the developmentof the proof-system SETHEO, a new system, ca.lled KOMET (Connection MEthod Theorem prover), is under development. We aim at a computationally adequate system which roughly means that. simple theo- rems a.re proved faster than harder ones. The talk begins with identifying six different structural features in (connection) proofs, namely simple extensions, hinged loops, cy- cles, data. base entries, factors, a.nd macro structures. For some of them new results a.re presented which have been integrated in the kernel version of l\'()l\�llT.l�. The first result is the rea.cha.bilitygraph whicli isolates all possible hinged loops in a preprocessingstep and this way reducesthe overheadneeded for performing reduction steps. Data base entries for a given relation a.retreated as a single literal using index tree representation which speeds up the performance of database oriented problems enormously. Two results ha.ve a releva.nce for treating cycles. One allows the com- putation of a cyclein a grammatical(rather than a deductive)way thus eliminating search altogether. The second one allows the identi�cation of unsuccessful cycles in advance a.nd thisway prevents the system t.o enter a.n infinite loop. Other features of KOMET such as reductions, non-normal form handling, lemmata-handling, integration of inductiona.re also briefly mentioned. Controlling Deduction through Declarative Constructs Hayns-.loacl1i1n Goltz GUD-FIRST The main point of this talk is to show that an important. (lirection of the further development of logics used for clecluction systems consist.s in the fact that (lecla.ra.t.ive syntactic constructs can be 11se(lmore powerfully for the representation of l<11o\\'le(lg'e about the (leduction system and for controlling deduction such that t.he search space can l)e reduced. Existing synta.ctic constructs can better be usecl for controlling (l¬.�(.lU(�l.l()l1 and new decla.rati\'esyntactic constructs can be introclncetl Tor this purpose. Tliese syntactic construct.s can be usetl for tlillerent aims such as [or building up terms. for the cla.ssifica.t.ion of the elements of the 1.ttti\'(�t'se,for the classilica.t ion of cliflerent kinds of functional symbols or of e.\'pressions(e.g. equations). and for the represeiitation of meta. l<1'1owle(hf_e. Methods of controlling (le(luct.ion by syntactic constructs are tliscussetl for stt.ruct..uring the universe by a type S_\'Sl.(:�ll1and for reducing the search space of unification. Solvable Cases of the Semi-Uni�cation Problem Hans Leill CIS. Ulliversitéit M1"111cl1e11 The se1ni�unification problem is the problem to �Hd, for a given finite set of z'urquul/u;2.~< 5': {SI S] �|-�'- -«.372. <11 tn} between �rst�or(ler terms .5,-,t,�. a solution 71'r: ('12,, .. , 7'.) such that 'l'U(s,~)zzzu/r/2r..< :r0(r,~)for�t .�. 1....��. u. i T,-('/'U(s,-))E _'I},(l,,:) for each i z: �...�n. Otherwise the non�e.\'istenceof such a solution shoul(l be t�(�])()l�l(�(l. We present a.simple proof o!� l\«l.Ba.a.z�result that sol\='a.bleinstances o!� the problem have 1no.stgener.'e.l solu?'.uions (TU, . . . , Tn), in the sense that for other solutions (Na. . . .. Im). the main si:l)stituti«»n R0 can be l�£-�»(�t.'OI�(.�(lthrough T0 on the tree vasriables ol'H. This is (zbta.ii1e(3lrom 2:.sound �und 1�e�:2�»t.i\'el_ycoinplete transl'orma.tioncalculus Im� semi- 1u1il1ca.tio:'1§.\rol)len�tt.. \\'lIl('ll is given -11 terms ol'equa.t.ions_\�st,enis with lll()ll2l.(ll('{und ion variables ranging (wer s11l»si.it.t1ti(>=i.s. Due to a. result of Kl()l.ll�}'2*.£t.., the senii�unilica.t.ion problem is re('urs'i\'el_\'tinsol\'able z when at least. two inequation relations <\,-cu...(resp. t;wo lunctlion xariahies for �/',.'/'2)and a. l)inary l'unctionconst.ai~.t.. are in\'ol\'e [x3 �n conimon st1'u(�tm'cin two sol\'ahl(~ 51111111011101115: (21)1\'21|>111 <".21.°51051111 111211 5011211111111� 15 (1(_�C1(1a.1)1¬1111011 only 011011111111011 12111211110 7] 0101115. and (h) 111021111110155 1051111 1112115()1\'211)i111_1* 15(10('1(1211)10 11110110211-11 101111 of 1.110111512111111 .3� 11215 01111� 0110 11121.\'i111211 5111)101111C(>1151111('10(1 of 111(11\'1(111211 and 11111011011 \'2111211)105. Theorem Proving by Model Testing David Platistx-id,Hang C1111 U11iVorsit._\»'of 4`01'111 Carolina 211C1121p01 Hill �"0 1115011550111 501112111111 h\'p<'r-linking 1110010111|>10\'01 which sh0\\'s111152111511211)1111_1' of 21111'51-<)1(101 10111111121by 1110 12111111001 21p0151510111 21110111111 10 00115111111 2111101101 101 it. T110 1121.510|>1(>00(11110 15 00111111010 2111<1 05|)0('121.11_1' 0111010111for 5015 of 01211150511121.1. are highly 11011-110111and haw 51112111111012115. \\"0 2111111111111.11115|>1()00(1111°0 with UR. (lllliti-1�(�S1tii.il]g)105011111011 10 (31111111121101110 110111parts of proofs and with 21112111101110111 01 resolution C21110(1rough 105011111011.1.00111111112111: 11101211g0 1110121.15 111proofs. This combination 01 1.111001'1101.110(15� two 011.111.111 in('0ml)lot.e, works 11'011and |)1'()\'<3s 21.11111111101� 011110010111521111<)111a11<'2111_1� 1112112110 110101111 1110 reach of 1110511.110010111 |>1011'015. These include 1,110111101°1110(11211.0 12111101.110010111. 21.1118, 0.\'(|1. 0xq2� 0x113,and 111100of Blecls0e�s 1111111.1�11e0101115. All 11100152110 0111211110(1 1111021.5<)11211)1e tithes with 511121115021.10.11 51121005 and (1012111115011111g5 012111 5111101105. Dagstuhl-Seminar 9310: List of Participants (11.03.93) Jürgen Avenhaus Ricardo Caferra Universität Kaiserslautern LIFIA-IMAG FB lnformatik 46 avenue Felix Viallet Postfach 3049 F-38031 Grenoble Cedex W-6750 Kaiserslautern France Germany [email protected] [email protected] tel.: +33 7657 4659 teI.: +49-631-205-26 33 Bernd Dahn Wolfgang Blbel Tetrower Ring 37 TH Darmstadt 0-1044 Berlin FG Intellektik Germany Alexanderstr. 10 [email protected] W-6100 Darmstadt teI.: +49-30-561-0385 Germany [email protected] Jörg Denzinger teI.: +49-61 51-1 6-21 00 Universität Kaiserslautern FB Informatik Woody Bledsoe Postfach 3049 University of Texas at Austin W-6750 Kaiserslautern Department of Computer Sciences Germany Taylor GääinHall TX 78712-1188 teI.: [email protected]+49-631-205-2181 [email protected] Elmar Eder teI.: +1-512-453-1101 Universität Salzbu rg Institut für Computenrvissenschaften Robert Boyer Jakob Haringer Str. 5 University of Texas at Austin A-5020 Salzburg Department of Computer Sciences Austria Taylor Hall 2.124 [email protected] Gtésltin TX78712-1188 teI.: +43-662-8044-6314 [email protected] I [email protected] Koichi Furukawa teI.: +1-512-471 -97 45 Kaio University Faculty of Environmental Alan Bundy Information Universit of Edinburgh 5322 Endo Dept. of rtificial lntelligence Kanagawa 80 South Bridge 252 Edinburgh EH1 IHN +81-466-47-5111 Great Britain teI.: Japan [email protected] teI.: +44-31-650-27 16 Harald Ganzinger Max-Planck-Institut für Informatik Jochen Bur hardt lm Stadtwald 15 Universität arlsruhe W-6600 Saarbrücken 11 (SMD-Forschungsstelle Germany Vincenz-Prielinitz-Str. 1 [email protected] W-7500 Karlsruhe teI.: +49-681-302-5361 (Secr. 5360) Germany [email protected] Hans-Joachim Goltz teI.: +49-721 -6622-45 GMD-Fl RST Rudower Chaussee 5 O-1199 Berlin Germany [email protected] teI.: +49-O30-67045298 Shigeki Goto NTT Software Research Labs. NTT Twins Buildings Deepak Kapur 1-9-1 Kohnan SUNY Albany Minato-ku Dept. of Computer Science Tokyo 108 L167A Japan Albany NY 12222 [email protected] USA teI.: +81 -3-3740-6050 [email protected] teI.: +1-0110518-442-4281 Reiner Hähnle Universität Karlsruhe Claude Kirchner Fakultät für Informatik INRIA & CRIN Lorraine Am Fasanengarten 5 615 rue du Jardin Botanique W-7500 Karlsruhe F-54602 Villers les Nancy Cedex f France Germany [email protected] [email protected] teI.: +33-8359301 1 teI.: +49-721 -608-4329 Hans Kleine Büning Universität GH Paderborn Masami Hagiya FB 17 - Mathematik/Informatik University of Tokyo Warburgerstr. 100 Department of Information Science W-4790 Paderborn 7-3-1 Hongo Bunkyo-ku Germany Tokyo 113 Japan kbcsI@uni�paderborn.de [email protected] teI.: +49-5251-6033 61 teI.: +81-3-3812-2111 Hans Lelß Ryuzo Hasegawa Universität München ICOT Institute for the New Generation Centrum für Informations- und Computer Technology Sprachverarbeitung (CIS) Mita Kokusai Bldg. 21 F Leopoldstr. 139 4-28 Mita 1-Chome W�8000 Münchens40 Minato-ku Tokyo 108 Japan Germany [email protected] teI.: +81 -3-3456-4365 [email protected] teI.: +49�89-36 40 72 Ext.21 Bernd Heimrich Dt. Forschungsgemeinschaft Alexander Leitsch Referat II D6 TU Wien Postfach 20 50 04 Institut für Computersprachen W-5300 Bonn 2 Resselgasse 3 Germany A-1040 Wien teI.: +49-228-885-25 23 Austria Steffen Hölldobler Technische Hochschule Darmstadt [email protected] Fachbereich Informatik teI.: +43-1�5880t �4095 Alexanderstr. 10 W-6100 Darmstad Reinhold Letz Germany TU München [email protected] Forschungsgruppe Kl teI.: +49-6t51�16-S469 Augustenstr. 46 W�8000 München 2 Germany 2 [email protected]�de teI.: +49-89-521 098 Donald W. Loveland Hans-Jürgen Ohlbach Duke University Max-Planck-lnstitut für Informatik Computer Science Dept. Im Stadtwald 210 North Building W-6600 Saarbrücken 11 Box 90129 Germany Durham NC 27708-0129 [email protected] USA teI.: +49-681-302 5366 [email protected] tel.: +1-919-660-6542 Uwe Petermann Universität Leipzig Ewing Lusk lnstitut für Informatik Argonne National Laboratory Augustuspiatz 10 Math. and Computer Science Div. O-7010 Leipzig 9700 South Cass Avenue 1 Germany Argonne IL 60439 [email protected]�Ieipzig.de USA tel.: +49-41 -719-2507 [email protected] tel.: +1-708-252-7852 David Plaisted University of North Carolina David McAl|ester Department of Computer Science Massachussetts Institute of Technology 352 Sitterson Hall AI Laboratory Chapel Hill NC 27599 � 3175 545 Technology Square USA SgrgbridgeMA02139 [email protected] [email protected] Andreas Podelski tel.: +1-617-253-6599 Digital Equipment Corporation Paris Research Laboratory Michael A. McRobbie 85 avenue Victor Hugo Australian Nat. Uni.�Canberra F-92500 Rueil-Malmaison Cedex Centre for Information France Science Research [email protected] GPO. Box 4 tel.: +33�1-47 83 44 01 Canberra ACT. 2601 Australia M. M. Richter [email protected] Universität Kaiserslautern tel.: +61 -6-249 2035 FB Informatik Postfach 3049 Kuniaki Mukai W-6750 Kaiserslautern Keio University Germany Fac. of Environmental Information [email protected]�kI.de 5322 Endo Fujisawa 252 John Alan Robinson Japan Syracuse University [email protected] P.O. Box 51 Tully NY 13159-0051 Tobias Nipkow USA TU München [email protected] Institut für Informatik tel.: +1 -315-696 5281 Arcisstral3e 21 W-8000 München 2 Taisuke Sato German i ETL Tsukuba nipkow informatik.tu�muenchen�de 1-1-4 Umezono tel.: +49�89-2105-2690 Ibaraki 305 Japan [email protected] tel.: +81 -298-54-5624 Ken Satoh RichardWaldinger Fujitsu Laboratories LTD SRI International Knowledge Processing Laboratory 333 Ravenswood Ave. 1015 Kamikodanaka Menlo Park CA 94025 Nakahara-ku USA Kawasaki 211 wa|[email protected] Japan tel.: +1 -415-859-2216 ksatoh@f|ab.fujitsu.oo.jp tel.: +81 -44-754-2661 Christoph Walther Technisohe Hochschule Darmstadt Peter Schmitt Fachbereich Informatik Universität Karlsruhe Alexanderstr. 10 Fakultät für Informatik W-6100 Darmstadt Am Fasanengarten 5 German W-7500 Karlsruhe walther inferenzsysteme.informatik.th- Germany darmstadt.de [email protected] teI.: +49-6151-16-44 92 teI.: +49-721-6 O8 40 O0 Helmut Schwichtenberg Universität München Institut für Mathematik Theresienstr.39 W-8000 München 2 Germany [email protected] muenchen.de tel.: +49-89-2394-441 3 Jörg Siekmann DFKI Saarbrücken Stuhlsatzenhausweg 3 W�6600 Saarbrücken 11 Germany [email protected] teI.: +49-681-302-52 76 Gert Smolka DFKI Saarbrücken Stuhlsatzenhausweg 3 W�6600 Saarbrücken 11 German smolka dfki.uni�sb.de tel.: +49�681 -302-53 11 Mark Stickel SRI International 333 Ravenswood Ave. Menlo Park CA 94025 USA [email protected] tel.: +1-415-859-6151 Zuletzt erschienene und geplante Titel: K. Compton, J.E. Pin , W. Thomas (editors): Automata Theory: Infinite Computations, Dagstuhl-Seminar-Report; 28, 6.-10.1.92 (9202) H. Langmaack, E. Neuhold, M. Paul (editors): Software Construction - Foundation and Application, Dagstuhl-Seminar-Report; 29, 13.-111.92 (9203) K. Ambos-Spies, S. Homer, U. Schöning (editors): Structure and Complexity Theory, Dagstuhl-Seminar-Report; 30, 3.-7.2.92 (9206) B. Booß, W. Coy, J.�M. Pllüger (editors): Limits of Inlormation-technological Models. Dagstuhl-Seminar-Report; 31, 10.�14.2.92 (9207) N. Habermann, W.F. Tichy (editors): e Future Directions in Software Engineering, Dagstuhl-Seminar-Report; 32; 17.2.-21.2.92 (9208) R. Cole, E.W. Mayr, F. Meyer auf der Heide (editors): Parallel and Distributed Algorilhms; DagstuhI-Seminar-Report; 33; 2.3.-6.3.92 (9210) P. Klint, T. Reps, G. Snelting (editors): Programming Environments; Dagstuhl-Seminar-Report; 34; 9.3.-13.3.92 (9211) H.-D. Ehrich, J.A. Goguen, A. Sernadas (editors): Foundations of lnforrnation Systems Specification and Design; Dagstuhl-Seminar-Report; 35; 16.3.-19.3.9 (9212) W. Damm, Ch. Hankin, J. Hughes (editors): Functional Languages: Compiler Technology and Parallelism; Dagstuhl-Seminar-Report; 36; 23.3.-27.3.92 (9213) Th. Beth, W. Diffie, G..J. Simmons(editors): System Security; Dagstuhl-Seminar-Report; 37; 30.3.-3.4.92 (9214) CA.Ellis. M. Jarke (editors): Distributed Cooperation in Integrated Information Systems; Dagstuhl-Seminar-Report; 38, 8.4.- 9.4.92 (9215) J. Buchmann, H. Niederreiter, A.M.Odlyzko, H.G.Zimmer (editors): Algorithms and Number Theory, Dagstuhl-Seminar-Report; 39: 22.06.-26.06.92 (9226) E. Bürger, Y. Gurevich� H. Kleine-Büning, M.M. Richter (editors): Computer Science Logic, Dagstuhl-Seminar-Report; 40; 13.07.-17.07.92 (9229) J. von zur Gathen, M. Karpinski, D. Kozen (editors): Algebraic Complexity and Parallelism, Dagstuhl-Seminar-Report; 41; 20.07.-24.07.92 (9230) I F.Baader, J.Siekmann, w. Snyder(editors): 6th Intemational Workshop on Unification, Dagstuhl-Seminar-Report; 42; 29.07.-31.07.92 (9231) J.W. Davenport, F. Kriickeberg, R.E.Moore, S. Rump (editors): Symbolic, algebraic and validated numerical Computation, Dagstuhl-Seminar-Report; 43; 03.08.- 07.08.92 (9232) R. Cohen, R. Kass, C. Paris, W. Wahlster (editors): Third International Workshop on User Modeling (UM�92), Dagstuhl-Seminar-Report; 44; 10.- 13.8.92 (9233) R. Reischuk, D. Uhlig (editors): Complexity and Realization of Boolean Functions, Dagstuhl-Seminar-Report; 45; 24.08.�28.08.92 (9235) Th. Lengauer, D.Schomburg, M.S.Waterman (editors): Molecular Biointormatics, Dagstuhl-Seminar-Report; 46; 07.09.-11.09.92 (9237) V.R. Basili, H.D. Rombach, R.W. Selby(editors): Experimental Software Engineering Issues, Dagstuhl-Seminar-Report; 47; 14.-18.09.92 (9238) �6�- littrich, H. Hastedt, P. Schete (editors): Computer Science and Philosophy, Dagstuhl-Seminar-Report; 48; 21 .09.-25.09.92 (9239) RP. Daley, U. Furbach, K.P. Jantke (editors): Analogical and Inductive Inference 1992 , Dagstuhl-Seminar-Report; 49; 05.10.-09.10.92 (9241) :F. =:~lovak,St. Smale, J.F. Traub (editors): Algorithms and Complexity for Continuous Problems, Dagstuhl-Seminar-Report; 50; 12.10.- 16.10.92 (9242) .3.Encarnagao, J. Foley (editors): . Multimedia � System Architectures and Applications, Dagstuhl-Seminar-Report; 51; 02.11.- 06.1 1.92 (9245) E�-'Rammig, J. Staunstrup, G. Zimmermann (editors): e SeIf-Timed Design, Dagstuhl-Seminar-Report; 52; 30.11.-04.12.92 (9249 ) B. Courcelle, H. Ehrig, G. Rozenberg, H.J. Schneider (editors): Graph-Transformations in Computer Science, Dagstuhl-Seminar-Report; 53; 04.01.-08.01.93 (9301) +%�Arnold, L. Priese, R. Vollmar (editors): . Automata Theory: Distributed Models, Dagstuhl-Seminar-Report; 54; 1 1.01.-15.01 .93 (9302) W. Cellary, K. Vidyasankar , G. Vossen (editors): Versioning in Database Management Systems, Dagstuhl-Seminar-Report; 55; 01.02.-05.02.93 (9305) 8. Becker, R. Bryant, Ch. Meinel (editors): Computer Aided Design and Test , Dagstuhl-Seminar-Report; 56; 15.02.�19.02.93 (9307) M. Pinkal, R. Scha� L. Schubert (editors): Semantic Formalisms in Natural Language Processing, Dagstuhl-Seminar-Report; 57; 23.02.- 26.02.93 (9308) W. Bibel, K. Furukawa, M. Stickel (editors): Deduction , Dagstuhl-Seminar-Report; 58; 08.03.-12.03.93 (9310) H. Alt, B. Chazelle, E. Welzl (editors): Computational Geometry, Dagstuhl-Seminar-Report; 59; 22.03.-26.03.93 (9312) H. Kamp, J. Pustejovsky (editors): Universals in the Lexicon: At the Intersection of Lexical Semantic Theories, Dagstuhl-Seminar- Report; 60; 29.03.-02.04.93 (9313) W. Straßer, F. Wahl (editors): Graphics & Robotics, Dagstuhl-Seminar-Report; 61; 19.04.-22.04.93 (9316) C. Beeri, A. Heuer, G. Saake, S.D. Urban (editors): Formal Aspects of Object Base Dynamics , Dagstuhl-Seminar-Report; 62; 26.04.-30.04.93 (9317) R. Book, E.P.D. Pednault, D. Wotschke (editors): Descriptional Complexity: A Multidisciplinary Perspective , Dagstuhl-Seminar-Report; 63; 03.05.- 07.05.93 (9318) H.-D. Ehrig, F. von Henke, J. Meseguer, M. Wirsing (editors): Specification and Semantics, Dagstuhl-Seminar-Report; 64; 24.05.-28.05.93 (9321) M. Droste, Y. Gurevich (editors): Semantics of Programming Languages and Algebra, Dagstuhl-Seminar-Report; 65; 07.06.- 1 1.06.93 (9323) Ch. Lengauer, P. Quinton, Y. Robert, L. Thiele (editors): Parallelization Techniques for Uniform Algorithms, Dagstuhl-Seminar-Report; 66; 21 .06.-25.06.93 (9325) G. Farin, H. Hagen, H. Noltemeier (editors): Geometric Modelling, Dagstuhl-Seminar-Report; 67; 28.06.-02.07.93 (9326)