Proof Generation in the Touchstone Theorem Prover

  • George C. Necula
  • Peter Lee
Conference paper

DOI: 10.1007/10721959_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 1831)
Cite this paper as:
Necula G.C., Lee P. (2000) Proof Generation in the Touchstone Theorem Prover. In: McAllester D. (eds) Automated Deduction - CADE-17. CADE 2000. Lecture Notes in Computer Science, vol 1831. Springer, Berlin, Heidelberg


The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benefits for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is not always obvious how to generate explicit proofs in a theorem prover that uses decision procedures whose operation does not directly model the axiomatization of the underlying theories. In this paper we describe the modifications that are necessary to support proof generation in a congruence-closure decision procedure for equality and in a Simplex-based decision procedure for linear arithmetic. Both of these decision procedures have been integrated using a modified Nelson-Oppen cooperation mechanism in the Touchstone theorem prover, which we use to produce proof-carrying code. Our experience with designing and implementing Touchstone is that proof generation has a relatively low cost in terms of design complexity and proving time and we conclude that the software-engineering benefits of proof generation clearly outweighs these costs.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • George C. Necula
    • 1
  • Peter Lee
    • 2
  1. 1.Electrical Engineering and Computer Science DepartmentUniversity of CaliforniaBerkeleyUSA
  2. 2.School of Computer ScienceCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations