Nqthm

 ( Theorem Proving Software Systems ) 

Nqthm is a theorem prover sometimes referred to as the Boyer–Moore theorem prover. It was a precursor to ACL2.

The system was built on top of Lisp and had some very basic knowledge in what was called "Ground-zero", the state of the machine after bootstrapping it onto a Common Lisp implementation.

This is an example of the proof of a simple arithmetic theorem. The function is part of the (called a "satellite") and is defined to be

(DEFN TIMES (X Y)
 (IF (ZEROP X)
     0
     (PLUS Y (TIMES (SUB1 X) Y))))
     

(prove-lemma commutativity-of-times (rewrite)
  (equal (times x z) (times z x)))
     

The proof itself is given in a quasi-natural language manner. The authors randomly choose typical mathematical phrases for embedding the steps in the mathematical proof, which does actually make the proofs quite readable. There are macros for LaTeX that can transform the Lisp structure into more or less readable mathematical language.

The proof of the commutativity of times continues:

 Give the conjecture the name *1.
 We will appeal to induction.  Two inductions are suggested by terms in the conjecture,
 both of which are flawed.  We limit our consideration to the two suggested by the
 largest number of nonprimitive recursive functions in the conjecture.  Since both of
 these are equally likely, we will choose arbitrarily.  We will induct according to
 the following scheme:
       (AND (IMPLIES (ZEROP X) (p X Z))
          (IMPLIES (AND (NOT (ZEROP X)) (p (SUB1 X) Z))
                   (p X Z))).
 Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP inform
 us that the measure (COUNT X) decreases according to the well-founded relation
 LESSP in each induction step of the scheme.  The above induction scheme
 produces the following two new conjectures:
 Case 2. (IMPLIES (ZEROP X)
                  (EQUAL (TIMES X Z) (TIMES Z X))).
     

and after winding itself through a number of induction proofs, finally concludes that

Case 1. (IMPLIES (AND (NOT (ZEROP Z))
                      (EQUAL 0 (TIMES (SUB1 Z) 0)))
                 (EQUAL 0 (TIMES Z 0))).
This simplifies, expanding the definitions of ZEROP, TIMES, PLUS, and EQUAL, to:
     T.
That finishes the proof of *1.1, which also finishes the proof of *1.
Q.E.D.
[ 0.0 1.2 0.5 ]
COMMUTATIVITY-OF-TIMES
     

• (1971) list concatenation
• (1973) insertion sort
• (1974) a binary adder
• (1976) an expression compiler for a stack machine
• (1978) uniqueness of prime factorizations
• (1983) invertibility of the RSA encryption algorithm
• (1984) unsolvability of the halting problem for Pure Lisp
• (1985) FM8501 microprocessor (Warren Hunt)
• (1986) Gödel's incompleteness theorem (Shankar)
• (1988) CLI Stack (Bill Bevier, Warren Hunt, Matt Kaufmann, J Moore, Bill Young)
• (1990) Gauss' law of quadratic reciprocity (David Russinoff)
• (1992) Byzantine Generals and Clock Synchronization (Bevier and Young)
• (1992) A compiler for a subset of the Nqthm language (Arthur Flatau)
• (1993) bi-phase mark asynchronous communications protocol
• (1993) Motorola MC68020 and Berkeley C String Library (Yuan Yu)
• (1994) Paris–Harrington Ramsey theorem (Kenneth Kunen)
• (1996) The equivalence of NFSA and DFSA (Debora Weber-Wulff)

• (1998). 9780121229559, Academic Press. ISBN 9780121229559

• The Automated Reasoning System, Nqthm
• The Boyer-Moore Theorem Prover (NQTHM)
• Even though the system is no longer being supported, it is still available at [4]
• Runnable version on GitHub: [5]