Implementing H 1 by Resolution * Jean Goubault-Larrecq (goubault@lsv.ens-cachan.fr) LSV/UMR 8643, CNRS & ENS Cachan; INRIA Futurs projet SECSI Abstract. The h1 tool is an implementation of a theorem prover dedicated to solving Nielson, Nielson and Seidl’s decidable class H 1 of first-order Horn clauses. This is based on ordered resolution with selection, eager ǫ-splitting—a special case of Riazanov and Voronkov’s splitting with naming rule—, and several additional rules. We tested h1 on a few examples coming from cryptographic protocol verification, and in particular some produced by the csur static code analyzer, due to Parrennes and the author, a tool to detect leakage of secrets in C programs. We also tested h1 on a collection of about 800 problems without equality originating from Sutcliffe and Suttner’s TPTP library. We use these examples and report on the efficiency of h1. Particularly, we investigate the merits of several optimizations built into h1, which appear to be new. In each case, we try to understand why they fare well or fail. These include naive static soft typing, on-the-fly abbreviation of deep terms, and detecting fully-defined predicates. Of the latter three, on-the-fly abbreviation of deep terms, a variant of the rule of definition introduction known in Prolog program transformation circles, offers drastic speedups in specific applications. Keywords: resolution, splitting, H 1 , Horn clauses, abstract interpretation, static soft typing, abbreviation, definition introduction, TPTP, cryptographic protocol verification * Partially supported by the ACI Rossignol, and the RNTL projects EVA and PROUV ´ E. c  2005 Kluwer Academic Publishers. Printed in the Netherlands. implem.tex; 13/12/2005; 16:22; p.1