# Integrating Stålmarck’s algorithm in Coq - PowerPoint PPT Presentation

1 / 26

Integrating Stålmarck’s algorithm in Coq. Laurent Théry Lemme. Motivations. Verifying verification tools Adding more automation to Coq. Outline. What is Stålmarck’s algorithm? How to integrate it to Coq? How efficient is the result?. Stålmarck’s algorithm. Tautology Checker

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Integrating Stålmarck’s algorithm in Coq

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

## Integrating Stålmarck’s algorithm in Coq

Laurent Théry

Lemme

### Motivations

• Verifying verification tools

• Adding more automation to Coq

### Outline

• What is Stålmarck’s algorithm?

• How to integrate it to Coq?

• How efficient is the result?

### Stålmarck’s algorithm

• Tautology Checker

• Developed by Gunnar Stålmarck

• Year 1994

• Commercialised by Prover Technology

• Patented Algorithm!!!!

Constant value:

Variables:

Negation:

Conjunction:

Disjunction:

Implication:

### Checking tautologies

Checking if the formula is true for

all assignment:

If Then

If Then

If Then

Case Split

Propagation

Case Split

### Case Splitting

Propagation

Exponential Growth

Propagation

Intersection

Propagation

Case Split

Propagation

Propagation

### Iteration

On all variables

Till no new information is gained

### Nesting

Level 2: most tautologies

Extraction

Reflection

Coq

Proof

Checking

Trace

### Implementation

• A Single Implementation for Extraction and Reflection

• Functional style

• Strict termination criterion

### State

• Variables: integer (T=1,=-1)

• State: {2=-3,3=-1,4=5}

• Union-find:

{1  1, 2  1, 3  -1, 4 4, 5  4}

• Back-pointer:

{1 [2,-3],2 -1,3 -1,4 [5],5 4}

### Termination

• Easy except:

fun append =

[] M => M

| L [] => L

| [a|L] [b|M] =>

if (lt a b) then [a |(append [a|L] M)]

else [b | (append L [b|M])]

• _

fun append =

[] M => M

| L [] => L

| [a|L] [b|M] =>

if (lt a b) then [a |(append L [b|M])]

else

let append1 = fun

[] => L

| [c|N] => if (lt a c) then [a|(append L [c|N])]

else [c|(append1 N)]

in [b|(append1 M)]

Coq

Ocaml

### 3 Level Approach

• Checking Trace:

• Correctness Theorem:

### Trace

Reducing Search:

Successful case splitting (v)

Successful rule propagation (r)

Result of the intersection (i)

### Conclusions

• Extraction: clearly the most efficient

• Reflection: computation is expensive in Coq (< 1s)

• Trace: practical if we can reduce the amount of computation