Name: Nqthm
Keywords:
quantifier free, structured data, recursively defined functions, induction
Description:
Semantics: quantifier free first-order theory of inductively defined
data structures, intended model - a term model
Deductive machinery: events -- shell definition, recursive function
definition, proving lemmas using heuristics for generating
induction schemata, rewriting, generalization, elimination of destructors,
User can specify how proved lemmas are to be used by the heuristics.
Hints can be given. Proved meta-theorems can be installed as simplifiers.
Dynamics: theories are event histories
Persistence: the current state can be saved in a library and restored.
Contact persons:
boyer@cs.utexas.edu
moore@cs.utexas.edu
User group support:
mailing list: nqthm-users@cs.utexas.edu
(send requests for addition or deletion to nqthm-users-request@cs.utexas.edu)
mailing list maintainer:
Robert S. Boyer
Philosophy Department
University of Texas
Austin, TX 78712
boyer@cs.utexas.edu
Pragmatics:
Strengths:
That well over 16,000 theorems have been checked with Nqthm covering
different parts of mathematics, especially those related to computing,
demonstrates something about Nqthm. Has any other theorem proving
system has been used to check a proof of quadratic reciprocity, which
Gauss called the crown jewel of number theory? Has any other
automated reasoning system been used to prove not only the correctness
of a compiler that targets a typical von Neumann processor which has
been fabricated, but also to prove the correctness of the design of
that processor down to the level of gates and registers? Many Nqthm
theorem proving efforts are very well-documented in papers, reports,
and theses. The user's manual, A Computational Logic Handbook, gives
voluminous hints for successful use of the prover, and precisely
describes the logic and user commands.
Weaknesses:
1. Nqthm is built to work on conjectures about recursive functions
over the integers and other finitely generated structures, e.g.,
conses. Nqthm does not support, especially well, attacks on theorems
in set theory or about such nonconstructive entities as the real
numbers. (It is certainly possible to axiomatize set theory in Nqthm,
as one can in practically any first order prover. However, the
theorem-proving strategies of Nqthm are not especially appropriate for
dealing with arbitrary user axioms.)
2. As with any contemporary automated reasoning tool, successful
checking of interesting theorems with Nqthm requires a considerable
amount of mathematical talent, experience, and persistence. As with
most uses of most contemporary automated reasoning tools, Nqthm should
be regarded by the serious user as a proof checker rather than a proof
discoverer. That is, the user had better have in mind a proof of any
theorem to be checked, and be prepared to guide Nqthm to checking that
proof by giving hints, such as formulating lemmas. Otter is sometimes
used to find novel solutions to hard, open questions, but Nqthm has
not been used in this way, and one might doubt that it could ever be
used successfully in this way.
3. Is it a strength or a weakness that Nqthm does not support typed
syntax?
Documentation:
R. S. Boyer, M. Kaufmann, and J S. Moore, The Boyer-Moore Theorem Prover and
Its Interactive Enhancement, {\em Computers and Mathematics with Applications,}
Vol. 29, No. 2, pp. 27-62, 1995.
The ./doc/ directory in the Nqthm distribution, which includes several
revised chapters for "A Computational Logic Handbook", including the
two most essential chapters, which describe the logic and all the user
commands. A second edition of this handbook is scheduled to appear in
late 1997 or early 1998.
Applications:
By far, the most significant application of Nqthm has been to a prove
the correctness of a computing system known as the CLI Stack, which
includes (a) a microprocessor design (FM8502) based on gates and
registers, (b) an assembler (Piton) that targets FM8502, and (c) a
higher level language (micro Gypsy) that targets Piton. We have also
seen a proof of correctness of a small operating system kernel (KIT).
FM8502, Piton, micro Gypsy, and Kit are documented in [62, 62a].
Another major application of Nqthm is the Ph.D. work of N. Shankar in
proof checking Goedel's incompleteness theorem [69a]. The text of this
proof effort is included in the standard distribution of Nqthm, along
with Shankar's checking of the Church-Rosser theorem.
In the first chapter of "A Computational Logic Handbook", many other
applications of Nqthm are enumerated, including those in list processing,
elementary number theory, metamathematics, set theory, and concurrent
algorithms.
Recently Bill Young and Bill Bevier at Computational Logic, Inc.,
have used Nqthm to develop a machine checked proof of correctness of the
``Oral Messages'' Algorithm of Pease, Shostak, and Lamport for solving the
problem of achieving interactive consistency. Such algorithms are important
in ensuring fault tolerance by redundant processing.
J. S. Moore, et. al. "Special Issue on System Verification". Journal of
Automated Reasoning 5, 4 (1989), 409-530.
Books:
W. Hunt. FM8501: A Verified Microprocessor. LNCS 795. Spring-Verlag. 1994.
N. Shankar. Metamathematics, Machines, and Goedel's Proof, Cambridge
University Press, 1994.
J S. Moore. A Mechanically Verified Assembly-Level Language. Kluwer, 1996.
Resource requirements:
The system runs well in at least these Common Lisps: Gnu Common Lisp (GCL),
Allegro (Franz), Lucid, and Macintosh. There are no operating system or
dialect conditionals, so the code may well run in other implementations of
Common Lisp. Executable images for some of this Lisps are available.
Bibliography: (lists about 100 publications about Nqthm's design
and about use of Nqthm)
ftp://ftp.cs.utexas.edu/pub/boyer/nqthm/nqthm-bibliography.html
Where-to-get-it:
To get a copy of Nqthm, read
ftp://ftp.cs.utexas.edu/pub/boyer/nqthm/index.html
Extensions/enhancements: Pc-Nqthm
[info date July 97]
