Using Decision Procedures to Build Domain-Specific Deductive Synthesis Systems

This paper describes a class of decision procedures that we have found useful for efficient, domainspecific deductive synthesis. These procedures are called closure-based ground literal satisfiability procedures. We argue that this is a large and interesting class of procedures and show how to interface these procedures to a theorem prover for efficient deductive synthesis. Finally, we describe some results we have observed from our implementation. Amphion/NAIF [Stickel 94] is a domain-specific, high-assurance software synthesis system. It takes an abstract specification of a problem in solar system mechanics, such as “when will a signal sent from the Cassini spacecraft to Earth be blocked by the planet Saturn?”, and automatically synthesizes a FORTRAN program to solve it. Amphion/NAIF uses deductive synthesis in which programs are synthesized as a byproduct of theorem proving from a domain theory. In this paradigm, problem specifications are of the form , where and are vectors of variables, and we are only interested in constructive proofs in which witnesses have been produced for each of the variables in . Deductive synthesis has two potential advantages over competing synthesis technologies. The first is the well-known but unrealized promise that developing a declarative domain theory is more cost-effective than developing a special-purpose synthesis engine. The second advantage is that since synthesized programs are correct relative to a domain theory, verification is confined to domain theories. Because declarative domain theories are simpler than programs, they are presumably easier to verify. This is of particular interest when synthesized code must be high-assurance. There are several reasons why, despite these potential advantages, the number of deductive synthesis systems remains small. Perhaps the most serious reason is that systems built using this technology are almost always unacceptably inefficient unless the domain theory and theorem prover are carefully tuned. This tuning process requires a large amount of automated reasoning expertise, and even with this expertise, the process is iterative and extremely time consuming. In our attempts to construct an efficient deductive synthesis system for Amphion/NAIF, we initially considered using Prolog. However, due to the extensive need for equality in the domain theory, Prolog was inappropriate. So we moved to a more general paradigm employing a refutation-based theorem prover. Constructing an efficient implementation in this setting was very time consuming. In order to assist in constructing efficient implementations, we are developing a tool, Meta-Amphion [Lowry 97], that takes a domain theory as input and automatically generates an efficient, specialized deductive synthesis engine such as Amphion/NAIF. The key is a technique that generates efficient decision procedures for subtheories of the domain theory and then integrates them through an interface to a generalpurpose refutation-based theorem-prover. A prototype of Meta-Amphion has been constructed [Roach 97]. This prototype has generated domainspecific deductive synthesis systems that achieve a significant speed improvement over non-optimized, general-purpose theorem provers. More importantly, these generated systems perform at least as well as, and often better than, expertly-tuned theorem provers for particular application domains. Figure 1 is a graph of the problem size (number of literals) vs. the number of inference steps required to find a proof for an unoptimized system, a hand tuned system, and a system generated by Meta-Amphion (Tops). Figure 2 compares a hand-tuned system vs. the Meta-Amphion generated system (Tops). This paper describes the underlying infrastructure used by Meta-Amphion, i.e. the interface and the properties of the procedures. (We do not discuss the generation of these procedures here.) We have found that even with hand-generation of these procedures, this infrastructure dramatically reduces the time it takes ∀ ∃ v v v v x y P x y [ ( , )] v x v y