Vampire 2016: Papers with Abstracts

Papers
Abstract. Satisfiability Modulo Theories (SMT) solvers have emerged as prominent tools in formal methods applications. While originally targeted towards quantifier-free inputs, SMT solvers are now often used for handling quantified formulas in automated theorem proving and software verification applications. The most common technique for handling quantified formulas in modern SMT solvers in quantifier instantiation. This paper gives an overview of recent advances in quantifier instantiation in SMT. In addition to the well-known technique known as E-matching, we discuss the use of conflicts and models for accelerating the search for (un)satisfiably. We further mention new instantiation-based techniques that are specialized to background theories such as linear real and integer arithmetic, and future work in this direction.
Abstract. We describe new extensions of the first-order theorem prover Vampire for supporting program analysis and proving properties of loops with arrays. The common theme of our work is the symbol elimination method for generating loop invariants. In our work, we improve symbol elimination for program analysis in two ways. First, we enhance the program analysis framework of Vampire by simplifying skolemization during consequence finding. Second, we extend symbol elimination with theory-specific reasoning, in particular in the theory of polymorphic arrays, and generate and prove program properties over arrays. We illustrate our approach on a number of challenging examples coming from program analysis and verification. Our experiments show that, thanks to our improvements, programs that could not be analyzed before can now be verified with our method.
Abstract. \noindent Developing provably sound type systems is a non-trivial task which, as of today, typically requires expert skills in formal methods and a considerable amount of time. Our Veritas~\cite{GreweErdwegWittmannMezini15} project aims at providing support for the development of soundness proofs of type systems and efficient type checker implementations from specifications of type systems. To this end, we investigate how to best automate typical steps within type soundness proofs.
\noindent In this paper, we focus on progress proofs for type systems of domain-specific languages. As a running example for such a type system, we model a subset SQL and augment it with a type system. We compare two different approaches for automating proof steps of the progress proofs for this type system against each other: firstly, our own tool Veritas, which translates proof goals and specifications automatically to TPTP~\cite{Sutcliffe98} and calls Vampire~\cite{KovacsV13} on them, and secondly, the programming language Dafny~\cite{Leino2010}, which translates proof goals and specifications to the intermediate verification language Boogie 2~\cite{Leino2008} and calls the SMT solver Z3~\cite{DeMoura2008} on them. We find that Vampire and Dafny are equally well-suited for automatically proving simple steps within progress proofs.
Abstract. Vampire produces highly usable and informative proofs, but now they are even better and this paper explains how. It is important that the proofs produced by automated theorem provers are both understandable and machine checkable. Producing something that satisfies both of these goals is challenging, especially when dealing with complex steps performed by the solver. The main areas where proof output has been improved for understanding include (i) introduction of new symbols (such as Skolem functions) in preprocessing, (ii) representation of unifiers (for example, in resolution steps), and (iii) presentation of AVATAR proofs. These improvements will be illustrated via a number of examples. For checkable proofs Vampire provides a mode that outputs the proof as a number of individual (TPTP) problems that can be independently checked. This process is explained and illustrated with examples.
Abstract. Global subsumption is an existing simplification technique for saturation-based first-order theorem provers. The general idea is that we can replace a clause C by its subclause D if D follows from the initial problem as D will subsume C. The effectiveness of the technique comes from a cheap, global approach for (incompletely) checking whether D is a consequence of the initial problem. The idea is to produce and maintain a set S of ground clauses that follow from the input (e.g. grounded versions of all derived clauses) and to check whether a grounding of D follows from this set. As this is now a propositional problem this check can be performed by a SAT solver, making it efficient. In this paper we review the global subsumption technique and pose a number of questions related to the practical implementation of global subsumption and possible variations of the approach. We consider, for example, which groundings to place in S, how to select the subclause(s) D to check, how to integrate this technique with the AVATAR approach and whether it makes sense to replace the SAT solver with an SMT solver. This discussion takes place within the context of the Vampire theorem prover.
Abstract. We report on the results of evaluating the performance automated theorem provers using \ADIMENSUMO{}. The evaluation follows the adaptation of the methodology based on competency questions \cite{GrF95} to the framework of first-order logic, which is presented in \cite{ALR15}, and is applied to \ADIMENSUMO{} \cite{ALR12}. The set of competency questions used for this evaluation has been semi-automatically generated from a small set of semantic patterns and the mapping of \WORDNET{} to \SUMO{}, also introduced in \cite{ALR15}. Our experimental results demonstrate that improved versions of the proposed set of competency questions could be really valuable for the development of automated theorem provers.