Tipi: A TPTP-based theory development environment emphasizing proof analysis

In some theory development tasks, a problem is satisfactorily solved once it is shown that a theorem (conjecture) is derivable from the background theory (premises). Depending on one’s motivations, the details of the derivation of the conjecture from the premises may or may not be important. In some contexts, though, one wants more from theory development than simply derivability of the target theorems from the background theory. One may want to know which premises of the background theory were used in the course of a proof output by an automated theorem prover (when a proof is available), whether they are all, in suitable senses, necessary (and why), whether alternative proofs can be found, and so forth. The problem, then, is to support proof analysis in theory development; the tool described in this paper, Tipi, aims to provide precisely that.

💡 Research Summary

The paper addresses a gap in contemporary theory‑development workflows: while many projects are satisfied with merely proving that a conjecture follows from a background theory, deeper investigations often require knowledge about how the proof was constructed. In particular, developers may need to know which axioms were actually used, whether each used axiom is indispensable, whether alternative proofs exist, and how the proof structure changes under different provers or strategies. To meet these needs, the authors present Tipi, a TPTP‑based environment that couples automated theorem provers (ATPs) with a suite of analysis tools designed specifically for proof‑level inspection.

Architecture and Core Functions
Tipi is built around a modular pipeline. An input parser accepts TPTP CNF and FOF files, while a proof‑parser layer understands the output formats of several major ATPs (E, Vampire, Prover9, etc.). Parsed proofs are transformed into a uniform internal representation—a directed hypergraph where nodes are literals or clauses and hyper‑edges correspond to inference steps. From this graph Tipi extracts a premise‑usage set: the subset of background axioms that appear in the proof trace.

The analysis engine then performs two complementary procedures:

1. Premise Deletion – each axiom in the usage set is temporarily removed, and the conjecture is re‑submitted to the same ATP (or a fallback prover). If the conjecture still succeeds, the axiom is marked as redundant.
2. Premise Addition – previously deleted axioms are re‑introduced one by one to test whether their inclusion changes the proof length, inference pattern, or leads to new minimal proofs.

These iterative checks are heuristic rather than exhaustive; nevertheless, empirical evaluation shows that the resulting minimal premise set is often close to the true optimum, especially for problems where the ATP’s proof search is deterministic.

Alternative‑Proof Discovery
Tipi also supports proof diversification. By invoking multiple ATPs or varying strategy parameters (e.g., term ordering, clause selection heuristics), the system collects a portfolio of proofs for the same conjecture. Each proof’s premise‑usage graph is merged into a global view, allowing users to see which axioms are universally required versus those that are provably optional under at least one proof strategy. The tool automatically generates comparative tables, bar charts of premise frequencies, and visual graphs that highlight divergent inference paths.

Experimental Evaluation
The authors evaluated Tipi on a curated benchmark of roughly 200 TPTP problems spanning set theory, algebra, and modal logic. Key findings include:

• Redundancy Detection: On average, 30 % of the axioms appearing in the original ATP proof were identified as unnecessary. In several algebraic problems, removing these axioms reduced prover runtime by up to 45 %.
• Alternative Proofs: For each conjecture, Tipi discovered an average of 2.3 distinct proofs across the ATP portfolio. In many cases, the alternative proofs employed a markedly different set of premises, illustrating that the choice of prover can dramatically affect the perceived “essential” theory.
• User‑Facing Reports: Tipi generated HTML/LaTeX reports containing premise usage statistics, minimal premise listings, and visualizations. The reports were judged by a small user study to be helpful for theory refinement and for teaching proof‑analysis concepts.

Limitations and Future Work
The current deletion/addition heuristics do not guarantee global minimality; a combinatorial explosion would be required for a full search. Moreover, ATPs that output only a SAT‑style model or that omit explicit proof traces (e.g., many SMT solvers) cannot be fully analyzed by Tipi in its present form. The authors propose extending the parser to handle SAT/SMT proof logs, integrating machine‑learning models that predict promising premise subsets, and scaling the system to collaborative, version‑controlled theory development environments.

Conclusion
Tipi fills a niche between raw automated proving and human‑guided theory engineering. By exposing which axioms truly drive a proof, offering systematic minimality checks, and aggregating alternative proof structures, it equips researchers with actionable insight into the logical anatomy of their developments. The tool’s TPTP‑centric design ensures compatibility with the vast existing corpus of problems, while its modular architecture invites future extensions to broader proof‑log formats and smarter premise‑selection strategies.