Nitpick: A Counterexample Generator for Higher-Order Logic Based on a Relational Model Finder

Abstract

Anecdotal evidence suggests that most “theorems” initially given to an interactive theorem prover do not hold, typically because of a typo or a missing assumption, but sometimes because of a deep flaw. Modern proof assistants for higher-order logic (HOL) provide counterexample generators that can be run on putative theorems or on specific subgoals in a proof to spare users the Sisyphean task of trying to prove non-theorems. Isabelle/HOL includes two such tools: Quickcheck [1] generates functional code for the HOL formula and evaluates it for random values of the free variables, and Refute [5] searches for finite countermodels of a formula through a reduction to SAT (Boolean satisfiability). Their areas of applicability are almost disjoint: Quickcheck excels at inductive datatypes but is restricted to the executable fragment of HOL (which excludes unbounded quantifiers) and may loop endlessly on inductive predicates. In contrast, Refute copes well with logical symbols, but inductive datatypes and predicates are mostly out of reach due to the state space explosion. Our new tool, Nitpick [6], is designed to bridge this gap. Instead of using a SAT solver directly, it builds upon the Kodkod first-order relational model finder [4].1 As a result, it benefits from Kodkod’s optimizations (notably its symmetry breaking) and its richer logic. Inductive datatypes are handled following an Alloy idiom [3], and inductive predicates are unrolled as in bounded model checking [2]. Infinite datatypes are approximated by a finite fragment augmented with an undefined value, embedded in a three-valued logic. The current prototype outperforms Refute in nearly all benchmarks while enjoying wider applicability than Quickcheck.

DOI: 10.1007/978-3-642-14052-5_11

Extracted Key Phrases

1 Figure or Table

010203020102011201220132014201520162017
Citations per Year

163 Citations

Semantic Scholar estimates that this publication has 163 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@inproceedings{Blanchette2010NitpickAC, title={Nitpick: A Counterexample Generator for Higher-Order Logic Based on a Relational Model Finder}, author={Jasmin Christian Blanchette and Tobias Nipkow}, booktitle={ITP}, year={2010} }