KITP-93: An Automated Inference System for Program Analysis

KITP is an automated inference system developed for supporting the formal design, veriication, and validation of computer programs. It has evolved from an automated veriication system, RVF 5]. The latest version of KITP, KITP-93, features a typed formulation and deduction, meta-level reasoning, and resolution-based proving enhanced by conditional term-rewriting. This report describes KITP-93 from a user's perspective. 1 Logical Framework KITP-93 employs a classical higher-order language for a convenient interaction with the user, and a typed clausal language for eeciently carrying out the inference. It accepts, in general, any well-formed higher-order formula. Internally, all input axioms and lemmas will be transformed into clausal normal form, and stored as rules in the knowledge-base (KB) of the system. Only these KB rules will be directly accessed by the deductive components of the system. For example, the user is allowed to input the following statement into the KB, 1. 8(s)(stringp(s) ^ 8(k: char)(k in s) (k #2 ^ k #7))) valid-key(s)) The system will transform the statement into the following three KB rules (k! is a Skolem symbol). 1a. (k!(s) : char)=:valid-key(s)=(s : seq(char)) 1b. valid-key(s) _ :(#2 k!(s)) _ :(k!(s) #7)=(s : seq(char)) 1c. valid-key(s) _ (k!(st) in s)=(s : seq(char)) The set of clausal normal forms is divided into two classes: typing rule and typed clause. A typing rule has a form t: =H=R; which speciies that a term t has a type if H and R holds. t: is called a type description (TD). R is a conjunction of TDs. H is a conjunction of ordinary literals. For example, the above 1a is a typing rule, which states that k!(s) is of type char if s is of type seq(char) and :valid-key(s) holds. A typed clause has a form K=R; where K is an ordinary clause and R is a conjunction of TDs, which means that K holds under R: The above 1b and 1c are typed clauses. The inference supported by this framework is primarily predicate calculus with equality and a restricted form of higher-order reasoning. It employs two kinds of resolution (and paramodulation). One is kernel resolution, which is a resolution made by unifying