# Maria Paola BonacinaUniversity of Verona | UNIVR · Department of Computer Science

Maria Paola Bonacina

PhD Computer Science State University of New York at Stony Brook

## About

128

Publications

5,960

Reads

**How we measure 'reads'**

A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more

1,322

Citations

Introduction

Professor of Computer Science at the Università degli Studi di Verona, Verona, Italy, EU, conducting research in automated reasoning. Visiting the Computer Science Laboratory of SRI International in Menlo Park, California, USA.
Disclaimer: The list of publications appears okay, but no guarantee. A more accurate list and the full texts are available on my institutional web page at http://profs.sci.univr.it/~bonacina/

Additional affiliations

June 2013 - June 2013

**Microsoft Research**

Position

- Gratis Visitor

May 2008 - June 2008

**Microsoft Research**

Position

- Visiting Research Scholar

Education

August 1989 - December 1992

November 1986 - January 1991

**Universita' degli Studi di Milano**

Field of study

- Informatica

November 1982 - July 1986

**Universita' degli Studi di Milano**

Field of study

- Scienze dell'Informazione

## Publications

Publications (128)

SGGS (Semantically-Guided Goal-Sensitive reasoning) is a clausal theorem-proving method, which generalizes to first-order logic the Davis-Putnam-Loveland-Logemann procedure with conflict-driven clause learning (DPLL-CDCL). SGGS starts from an initial interpretation, and works towards modifying it into a model of a given set of clauses, reporting un...

Interpolation is a deductive technique applied in program analysis and verification: for example, it is used to compute over-approximations of images or refine abstractions. An interpolation system takes a refutation and extracts an interpolant by building it inductively from partial interpolants. We survey color-based interpolation systems for gro...

Reasoning semantically in first-order logic is notoriously a challenge. This
paper surveys a selection of semantically-guided or model-based methods that
aim at meeting aspects of this challenge. For first-order logic we touch upon
resolution-based methods, tableaux-based methods, DPLL-inspired methods, and we
give a preview of a new method called...

Given two inconsistent formulæ, a (reverse) interpolant is a formula implied by one, inconsistent with the other, and only containing symbols they share. Interpolation finds application in program analysis, verification, and synthesis, for example, towards invariant generation. An interpolation system takes a refutation of the inconsistent formulæ...

This article is a tribute to the scientific legacy of automated reasoning pioneer and JAR founder Lawrence T. (Larry) Wos. Larry’s main technical contributions were the set-of-support strategy for resolution theorem proving, and the demodulation and paramodulation inference rules for building equality into resolution. Starting from the original def...

This paper celebrates the scientific discoveries and the service to the automated reasoning community of Lawrence (Larry) T. Wos, who passed away in August 2020. The narrative covers Larry’s most long-lasting ideas about inference rules and search strategies for theorem proving, his work on applications of theorem proving, and a collection of perso...

Search-based satisfiability procedures try to build a model of the input formula by simultaneously proposing candidate models and deriving new formulae implied by the input. Conflict-driven procedures perform non-trivial inferences only when resolving conflicts between formulæ and assignments representing the candidate model. CDSAT ( Conflict-Drive...

The main ideas in the CDSAT (Conflict-Driven Satisfiability) framework for SMT are summarized, leading to approaches to proof generation in CDSAT.

SGGS (Semantically-Guided Goal-Sensitive reasoning) is a conflict-driven first-order theorem-proving method which is refutationally complete and model complete in the limit. These features make it attractive as a basis for decision procedures. In this paper we show that SGGS decides the stratified fragment which generalizes EPR, the PVD fragment, a...

Many applications depend on solving the satisfiability of formulæ involving propositional logic and first-order theories, a problem known as Satisfiability Modulo Theory. This article presents a new method for satisfiability modulo a combination of theories, named CDSAT, for Conflict-Driven SATisfiability. CDSAT also solves Satisfiability Modulo As...

This is a preliminary report of work in progress on the development of the Eos SMT/SMA-solver. Eos is the first solver built from the start based on the CDSAT (Conflict-Driven SATisfiability) paradigm for solving satisfiability problems modulo theories and assignments. The latter means that assignments to first-order terms may appear in the input....

Satisfiability is the problem of deciding whether a formula has a model. Although it is not even semidecidable in first-order logic, it is decidable in some first-order theories or fragments thereof (e.g., the quantifier-free fragment). Satisfiability modulo a theory is the problem of determining whether a quantifier-free formula admits a model tha...

La deduzione automatica comprende la dimostrazione automatica di teoremi, per trovare prove di congetture, e la costruzione automatica di modelli, per trovare soluzioni di insiemi di vincoli. In deduzione automatica, la difficoltà del problema è spesso direttamente proporzionale all'espressività del linguaggio logico. La procedura di Apprendimento...

This chapter surveys the research in parallel or distributed strategies for mechanical theorem proving in first-order logic, and explores some of its connections with the research in the parallelization of decision procedures for satisfiability in propositional logic (SAT). We clarify the key role played by the Clause-Diffusion methodology for dist...

Automated formal methods and automated reasoning are interconnected, as formal methods generate reasoning problems and incorporate reasoning techniques. For example, formal methods tools employ reasoning engines to find solutions of sets
of constraints, or proofs of conjectures. From a reasoning perspective, the expressivity
of the logical language...

Search-based satisfiability procedures try to construct a model of the input formula by simultaneously proposing candidate models and deriving new formulae implied by the input. When the formulae are satisfiable, these procedures generate a model as a witness. Dually, it is desirable to have a proof when the formulae are unsatisfiable. Conflict-dri...

Search-based satisfiability procedures try to construct a model of the input formula by simultaneously proposing candidate models and deriving new formulae implied by the input. When the formulae are satisfiable, these procedures generate a model as a witness. Dually, it is desirable to have a proof when the formulae are unsatisfiable. Conflict-dri...

Reasoning and learning have been considered fundamental features of intelligence ever since the dawn of the field of artificial intelligence, leading to the development of the research areas of automated reasoning and machine learning. This short paper is a non-technical position statement that aims at prompting a discussion of the relationship bet...

We present a new method for clausal theorem proving, named SGGS from semantically-guided goal-sensitive reasoning. SGGS generalizes to first-order logic the Conflict-Driven Clause Learning (CDCL) procedure for propositional satisfiability. Starting from an initial interpretation, used for semantic guidance, SGGS employs a sequence of constrained cl...

The CDCL procedure for SAT is the archetype of conflict-driven procedures for satisfiability of quantifier-free problems in a single theory. In this paper we lift CDCL to CDSAT (Conflict-Driven Satisfiability), a system for conflict-driven reasoning in combinations of disjoint theories. CDSAT combines theory modules that interact through a global t...

We present in expository style the main ideas in SGGS, which stands for Semantically-Guided Goal-Sensitive theorem proving. SGGS uses sequences of constrained clauses to represent models, instance generation to go from a candidate model to the next, and resolution as well as other inferences to repair the model. SGGS is refutationally complete for...

SGGS (Semantically-Guided Goal-Sensitive theorem proving) is a clausal theorem-proving method, with a seemingly rare combination of properties: it is first order, DPLL-style model based, semantically guided, goal sensitive, and proof confluent. SGGS works with constrained clauses, and uses a sequence of constrained clauses to represent a tentative...

This volume contains the papers presented at the 24th International Conference on Automated Deduction (CADE-24), held June 9--14, 2013, in Lake Placid, New York, USA. CADE is the major forum for the presentation of research in all aspects of automated deduction, including foundations, applications, implementations, and practical experiences. The Pr...

This Festschrift volume is published in memory of William W. McCune (1953-2011). William W. McCune was an accomplished computer scientist all around but especially a fantastic system builder and software engineer.
The volume includes 13 full papers, which are presenting research in all aspects of automated reasoning and its applications to mathemat...

An abstract framework of canonical inference based on proof orderings is applied to ground Horn theories with equality. A finite presentation that makes all normal-form proofs available is called saturated. To maximize the chance that a saturated presentation be finite, it should also be contracted, in which case it is deemed canonical. We apply th...

Applications in software verification often require determining the satisfiability of first-order formulae with respect to
background theories. During development, conjectures are usually false. Therefore, it is desirable to have a theorem prover
that terminates on satisfiable instances. Satisfiability Modulo Theories (SMT) solvers have proven to...

Interpolation means finding intermediate formulae between given formulae. When formulae decorate program locations, and describe
sets of program states, interpolation may enable a program analyzer to discover information about intermediate locations and
states. This mechanism has an increasing number of applications, that are relevant to program an...

This article is a survey of recent results, related works and new challenges in automated theorem proving for program checking. The aim is to give some historical perspective, albeit necessarily incomplete, and highlight some of the turning points that made crucial advances possible.

The topic of this article is decision procedures for satisfiability modulo theories (SMT) of arbitrary quantifier-free formulæ. We propose an approach that decomposes the formula in such a way that its definitional part, including the theory, can be compiled by a rewrite-based first-order theorem prover, and the residual problem can be decided by a...

Applications in software verification often require determining the satisfiability of first-order formulæ with respect to
some background theories. During development, conjectures are usually false. Therefore, it is desirable to have a theorem
prover that terminates on satisfiable instances. Satisfiability Modulo Theories (SMT) solvers have proven...

Applications in software verification often require determining the satisfiability of first-order formulæ with respect to some background theories. During development, conjectures are usually false. Therefore, it is desirable to have a theorem prover that terminates on satisfiable instances. Satisfiability Modulo Theories (SMT) solvers have proven...

Program analysis and verification require decision procedures to reason on theories of data structures. Many problems can be reduced to the satisfiability of sets of ground literals in theory T. If a sound and complete inference system for first-order logic is guaranteed to terminate on T-satisfiability problems, any theorem-proving strategy with t...

Completion is a general paradigm for applying inferences to generate a canonical presentation of a logical theory, or to semi-decide the validity of theorems, or to answer queries. We investigate what canonicity means for implicational systems that are axiomatizations of Moore fam- ilies { or, equivalently, of propositional Horn theories. We build...

Verification problems require to reason in theories of data structures and fragments of arithmetic. Thus, decision procedures for such theories are needed, to be embedded in, or interfaced with, proof assistants or software model checkers. Such decision
procedures ought to be sound and complete, to avoid false negatives and false positives, efficie...

Much research concerning Satisabilit y Modulo Theories is devoted to the design of ecien t SMT-solvers that integrate a SAT- solver with T -satisabilit y procedures. The rewrite-based approach to T -satisabilit y procedures is appealing, because it is general, uniform and it makes combination of theories simple. However, SAT-solvers are unparallele...

The rewrite-based approach to satisfiability modulo theories consists of using generic theorem-proving strategies for first-order logic with equality. If one can prove that an inference system generates finitely many clauses from the presentation T of a theory and a finite set of ground unit clauses, then any fair strategy based on that system can...

If a rewrite-based inference system is guaranteed to terminate on the axioms of a theory T and any set of ground literals, then any theorem-proving strategy based on that inference system is a rewrite-based decision procedure for T-satisfiability. In this paper, we consider the class of theories defining recursive data structures, that might appear...

An abstract framework of canonical inference is used to explore how different proof orderings induce different variants of saturation and completeness. Notions like completion, paramodulation, saturation, redundancy elimination, and rewrite-system reduction are connected to proof orderings. Fairness of deductive mechanisms is defined in terms of pr...

In the context of combinations of theories with disjoint signatures, we classify the component theories according to the decidability of constraint satisfiability problems in arbitrary and in infinite models, respectively. We exhibit a theory T
1 such that satisfiability is decidable, but satisfiability in infinite models is undecidable. It follows...

A central problem in automated reasoning is to determine whether a conjecture that represents a property to be verified, is a logical consequence of a set of assumptions,
which express properties of the object of study (e.g., a system, a circuit, a program, a data type, a communication protocol, a mathematical structure). A conjoint problem is that...

Peer Reviewed http://deepblue.lib.umich.edu/bitstream/2027.42/62917/1/441025a.pdf

The rewriting approach to T\mathcal{T}-satisfiability is based on establishing termination of a rewrite-based inference system for first-order logic on the T\mathcal{T}-satisfiability problem. Extending previous such results, including the quantifier-free theory of equality and the theory of arrays with or without extensionality, we prove terminati...

Many domains,of reasoning,include a set of distinct objects. For general-purpose automated theorem provers, this property has to be specified explicitly, by including distinctness axioms. Since their number grows quadratically with the number of distinct objects, this results in large and clumsy specifications, that may affect performance adversely...

This paper advances the design of a unified model for the representation of search in first-order clausal theorem-proving, by extending to tableau-based subgoal-reduction strategies (e.g., model-elimination tableaux), the marked search-graph model, already introduced for ordering-based strategies, those that use (ordered) resolution, paramodulation...

We outline an approach to use ordering-based theorem-proving strategies as satisabilit y procedures for certain decidable theories. We report on experiments with synthetic benchmarks in the theory of arrays with extensionality, showing that a theorem prover { the E system { compares favorably with the state-of-the-art validity checker CVC.

We outline an approach to use ordering-based theorem-proving strategies as satisfiability procedures for certain decidable theories. We report on experiments with synthetic benchmarks in the theory of arrays with extensionality, showing that a theorem prover -- the E system -- compares favorably with the state-of-the-art validity checker CVC.

Peers-mcd.d implements contraction-based strategies for equational logic, modulo associativity and commutativity, with paramodulation,
simplification and functional subsumption. It is a new version of Peers-mcd [4], that parallelizes McCune’s prover EQP (version 0.9d), according to the Modified Clause-Diffusion methodology (http://www.cs.uiowa.edu/...

This paper presents a taxonomy of parallel theorem-proving methods based on the control of search (e.g., master–slaves versus peer processes), the granularity of parallelism (e.g., fine, medium and coarse grain) and the nature of the method (e.g.,
ordering-based versus subgoal-reduction). We analyze how the different approaches to parallelization a...

While various approaches to parallel theorem proving have been proposed, their usefulness is evaluated only empirically. This research is a contribution towards the goal of machine‐independent analysis of theorem‐proving strategies. This paper considers clausal contraction‐based strategies and their parallelization by distributed search, with subdi...

this paper, we have extended our analysis to the impact of the parallelization approaches on the control of search. We observed that approaches with parallelism at the term level may replace the search plan by low-level data-driven forms of concurrency, or produce strategy-compliant parallelizations. It seems that the potential problem is a loss of...

This article presents a taxonomy of strategies for fully-automated general-purpose first-order theorem proving. It covers
forward-reasoning ordering-based strategies and backward-reasoning subgoal-reduction strategies, which do not appear together
often. Unlike traditional presentations that emphasize logical inferences, this classification strives...

proof attempts, and those strategies that work on one object at a time (e.g., a goal clause, or a tableau) and develop one proof attempt at a time, backtracking when the current proof attempt cannot be completed into a proof. The strategies in the first group, on the other hand, never backtrack, because whatever they do may further one of the proof...

This extended abstract summarizes two contributions from ongoing work on parallel search in theorem proving. First, we give a framework of definitions for parallel theorem proving, including inference system, communication operators, parallel search plan, subdivision function, parallel strategy, parallel derivation, fairness and propagation of redu...

: We present a parallel propositional satisfiability (SAT) prover called PSATO for networks of workstations. PSATO is based on the sequential SAT prover SATO, which is an efficient implementation of the Davis-Putnam algorithm. The master-slave model is used for communication. A simple and effective workload balancing method distributes the workload...

We present a model for representing search in theorem proving. This model captures the notion ofcontraction, which has been central in some of the recent developments in theorem proving. We outline an approach to measuring the complexity of search which can be applied to analyze and evaluate the behaviour of theorem-proving strategies. Using our fr...

We present a model of parallel search in theorem proving for forward-reasoning strategies, with contraction and distributed
search. We extend to parallel search the bounded-search-spaces approach to the measurement of infinite search spaces, capturing
both the advantages of parallelization, e.g., the subdivision of work, and its disadvantages, e.g....

this methodology was extended from sequential search to parallel search. Parallel search means that deductive processes search in parallel the space of the problem: each executes a strategy, develops a derivation, builds a set of data, and communicates with the others; the parallel search succeeds as soon as one of the processes does. Approaches to...

ic programming and all applications of deduction. The idea of "strategy analysis" is new. Most of the work on search in artificial intelligence concentrates on the design of heuristics (e.g., [5]). Most of the research in complexity related to theorem proving studies the complexity of propositional proofs as part of the quest for NP 6= coGammaN P (...

. This note presents purely mechanical proofs of the Levi commutator problem in group theory. The problem was solved first by using the theorem prover EQP, developed by William McCune at the Argonne National Laboratory. The fastest proof was found by using Peers-mcd, the Clause-Diffusion parallelization of EQP, developed by the author at the Univer...

Reducing redundancy in search has been a major concern for automated deduction. Sub- goal-reduction strategies, such as those based on model elimination and implemented in Pro- log technology theorem provers, prevent redundant search by using lemmaizing and caching, whereas contraction-based strategies prevent redundant search by using contraction...

We introduce the distributed theorem prover Peers-mcd for networks of workstations. Peers-mcd is the parallelization of the Argonne prover EQP, according to our Clause-Diffusion methodology for distributed deduction. The new features of Peers-mcd include the AGO (Ancestor-Graph Oriented) heuristic criteria for subdividing the search space among par...

Peers-mcd is a distributed theorem prover for equational logic with associativity and commutativity built-in. It is based on the Clause-Diffusion methodology for distributed deduction and the Argonne prover EQP. New features include ancestor-graph oriented criteria to subdivide the search among the parallel processes. Peers-mcd shows superlinear sp...

We introduce the distributed theorem prover Peers-mcd fornetworks of workstations. Peers-mcd is the parallelization ofthe Argonne prover EQP, according to our Clause-Diffusionmethodology for distributed deduction. The new featuresof Peers-mcd include the AGO (Ancestor-Graph Oriented)heuristic criteria for subdividing the search space amongparallel...

We present a distributed/parallel prover for propositional satisfiability (SAT), called PSATO, for networks of workstations. PSATO is based on the sequential SAT prover SATO, which is an efficient implementation of the Davis -Putnam algorithm. The master-slave model is used for communication. A simple and effective workload balancing method distrib...

Proof reconstruction is the operation of extracting the computed prooffrom the trace of a theorem-proving run. We study the problem of proof reconstruction indistributed theorem provingbecause of the distributed nature of the derivation and especially because of deletions of clauses bycontraction,it may happen that a deductive process generates the...

Reducing redundancy in search has been a major concern for automated deduction. Subgoal-reduction strategies prevent redundant search by using lemmaizing and caching, whereas contraction-based strategies prevent redundant search by using contraction rules, such as subsumption. In this work we show that lemmaizing and contraction can coexist in the...

ch spaces. The main reason for the absence of "strategy analysis" is the lack of formal tools to analyze the complexity of problems involving search in an infinite search space. There are several obstacles in analyzing the complexity of search in an infinite space, including the following: ffl The methodology of traditional complexity analysis is n...

this document. Two surveys are available in [4] and [11], and most approaches proposed since those surveys were written may be found in [6] or [7]. In the following we give first some motivation and introduction, then we focuse on a fundamental problem for future research, the design of techniques to partition the search space among cooperating con...

Thesis (Ph. D.)--State University of New York at Stony Brook, 1992. Includes bibliographical references (leaves 144-258).

In this paper we apply category theory to investigate the mathematical structure of theorem proving derivations. A theorem-proving strategy is given by a set of inference rules and a search plan. Search plans have been usually described either informally (e.g., a criterion to select the next inference step) or procedurally (e.g., by giving a specif...

This paper describes a methodology for parallel theorem proving in a distributed environment, called deduction by Clause-Diffusion. This methodology utilizes parallelism at the search level, by having concurrent, asynchronous deductive processes searching in parallel the search space of the problem. The search space is partitioned among the process...

Completion procedures, originated from the seminal work of Knuth and Bendix, are well-known as procedures for generating confluent rewrite systems, i.e. decision procedures for equational theories. In this paper we present a new abstract framework for the utilization of completion procedures as semidecision procedures for theorem proving. The key i...

Aquarius is a distributed theorem prover for first order logic with equality, developed for a network of workstations. Given as input a theorem proving problem and a number n of active nodes, Aquarius creates n deductive processes, one on each workstation, which work cooperatively toward the solution of the problem. Aquarius realizes a number of va...

We present a parallel propositional satisfiability (SAT) prover called PSATO for networks of workstations. PSATO is based on the sequential SAT prover SATO, which is an efficient implementation of the Davis-Putnam algorithm. The master-slave model is used for communication. A simple and effective workload balancing method distributes the workload a...

In this paper we study the subsumption inference rule in the context of distributed deduction. It is well known that the unrestricted application of subsumption may destroy the fairness and thus the completeness of a deduction strategy. Solutions to this problem in sequential theorem proving are known. We observe that in distributed automated deduc...

In this paper we present a general analysis of the parallelization of deduction strategies. We classify strategies assubgoal-reduction strategies, expansion-oriented strategies, andcontraction-based strategies. For each class we analyze how and what types of parallelism can be utilized. Since the operational semantics of deduction-based programming...