Fundamentals of Software Engineering

Transcription

1 Fundamentals of Software Engineering First-Order Logic Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner Hähnle (Chalmers University of Technology, Gothenburg, Sweden) Ina Schaefer FSE 1

2 Main Approaches Spin 1st part of course Abstract programs, Simple properties Concrete programs, Simple properties Abstract programs, Complex properties Concrete programs, Complex properties KeY 2nd part of course Ina Schaefer FSE 33

3 Motivation for Introducing First-Order Logic We will specify Java programs with Java Modeling Language (JML) JML combines Java expressions First-Order Logic (FOL) Ina Schaefer FSE 2

4 Motivation for Introducing First-Order Logic We will specify Java programs with Java Modeling Language (JML) JML combines Java expressions First-Order Logic (FOL) We will verify Java programs using Dynamic Logic Dynamic Logic combines First-Order Logic (FOL) Java programs Ina Schaefer FSE 3

5 FOL: Language and Calculus We introduce: FOL as a language (no formal semantics) calculus for proving FOL formulas KeY system as FOL prover (to start with) Ina Schaefer FSE 4

6 First-Order Logic: Signature Signature A first-order signature Σ consists of a set T Σ of types a set F Σ of function symbols a set P Σ of predicate symbols a typing α Σ Ina Schaefer FSE 5

7 First-Order Logic: Signature Signature A first-order signature Σ consists of a set T Σ of types a set F Σ of function symbols a set P Σ of predicate symbols a typing α Σ intuitively, the typing α Σ determines for each function and predicate symbol: its arity, i.e., number of arguments its argument types for each function symbol its result type. Ina Schaefer FSE 6

8 First-Order Logic: Signature Signature A first-order signature Σ consists of a set T Σ of types a set F Σ of function symbols a set P Σ of predicate symbols a typing α Σ intuitively, the typing α Σ determines for each function and predicate symbol: its arity, i.e., number of arguments its argument types for each function symbol its result type. formally: α Σ (p) T Σ for all p P Σ (arity of p is α Σ (p) ) α Σ (f ) T Σ T Σ for all f F Σ (arity of f is α Σ (f ) 1) Ina Schaefer FSE 7

9 Example Signature 1 + Constants T Σ1 = {int}, F Σ1 = {+, -} {..., -2, -1, 0, 1, 2,...}, P Σ1 = {<} Ina Schaefer FSE 8

10 Example Signature 1 + Constants T Σ1 = {int}, F Σ1 = {+, -} {..., -2, -1, 0, 1, 2,...}, P Σ1 = {<} α Σ1 (<) =(int,int) α Σ1 (+) =α Σ1 (-) =(int,int,int) α Σ1 (0) =α Σ1 (1) =α Σ1 (-1) =... =(int) Ina Schaefer FSE 9

11 Example Signature 1 + Constants T Σ1 = {int}, F Σ1 = {+, -} {..., -2, -1, 0, 1, 2,...}, P Σ1 = {<} α Σ1 (<) =(int,int) α Σ1 (+) =α Σ1 (-) =(int,int,int) α Σ1 (0) =α Σ1 (1) =α Σ1 (-1) =... =(int) Constants A function symbol f with α Σ1 (f ) = 1 (i.e., with arity 0) is called constant symbol. Ina Schaefer FSE 10

12 Example Signature 1 + Constants T Σ1 = {int}, F Σ1 = {+, -} {..., -2, -1, 0, 1, 2,...}, P Σ1 = {<} α Σ1 (<) =(int,int) α Σ1 (+) =α Σ1 (-) =(int,int,int) α Σ1 (0) =α Σ1 (1) =α Σ1 (-1) =... =(int) Constants A function symbol f with α Σ1 (f ) = 1 (i.e., with arity 0) is called constant symbol. here, the constants are:..., -2, -1, 0, 1, 2,... Ina Schaefer FSE 11

13 Syntax of First-Order Logic: Signature Cont d Type declaration of signature symbols Write τ x; to declare variable x of type τ Write p(τ 1,..., τ r ); for α(p) =(τ 1,..., τ r ) Write τ f (τ 1,..., τ r ); for α(f )=(τ 1,..., τ r,τ) r = 0 is allowed, then write f instead of f (), etc. Ina Schaefer FSE 12

14 Syntax of First-Order Logic: Signature Cont d Type declaration of signature symbols Write τ x; to declare variable x of type τ Write p(τ 1,..., τ r ); for α(p) =(τ 1,..., τ r ) Write τ f (τ 1,..., τ r ); for α(f )=(τ 1,..., τ r,τ) r = 0 is allowed, then write f instead of f (), etc. Example Variables integerarray a; int i; Predicates isempty(list); alerton; Functions int arraylookup(int); Object o; Ina Schaefer FSE 13

15 Example Signature 1 + Notation typing of Signature 1: α Σ1 (<) =(int,int) α Σ1 (+) =α Σ1 (-) =(int,int,int) α Σ1 (0) =α Σ1 (1) =α Σ1 (-1) =... =(int) can alternatively be written as: <(int,int); int +(int,int); int 0; int 1; int -1;... Ina Schaefer FSE 14

16 Example Signature 2 T Σ2 = {int, LinkedIntList}, F Σ2 = {null, new, elem, next} {...,-2,-1,0,1,2,...} P Σ2 = {} Ina Schaefer FSE 15

17 Example Signature 2 T Σ2 = {int, LinkedIntList}, F Σ2 = {null, new, elem, next} {...,-2,-1,0,1,2,...} P Σ2 = {} intuitively, elem and next model fields of LinkedIntList objects Ina Schaefer FSE 16

18 Example Signature 2 T Σ2 = {int, LinkedIntList}, F Σ2 = {null, new, elem, next} {...,-2,-1,0,1,2,...} P Σ2 = {} intuitively, elem and next model fields of LinkedIntList objects type declarations: Ina Schaefer FSE 17

19 Example Signature 2 T Σ2 = {int, LinkedIntList}, F Σ2 = {null, new, elem, next} {...,-2,-1,0,1,2,...} P Σ2 = {} intuitively, elem and next model fields of LinkedIntList objects type declarations: LinkedIntList null; LinkedIntList new(int,linkedintlist); int elem(linkedintlist); LinkedIntList next(linkedintlist); Ina Schaefer FSE 18

20 Example Signature 2 T Σ2 = {int, LinkedIntList}, F Σ2 = {null, new, elem, next} {...,-2,-1,0,1,2,...} P Σ2 = {} intuitively, elem and next model fields of LinkedIntList objects type declarations: LinkedIntList null; LinkedIntList new(int,linkedintlist); int elem(linkedintlist); LinkedIntList next(linkedintlist); and as before: int 0; int 1; int -1;... Ina Schaefer FSE 19

21 First-Order Terms We assume a set V of variables (V (F Σ P Σ )= ). Each v V has a unique type α Σ (v) T Σ. Ina Schaefer FSE 20

22 First-Order Terms We assume a set V of variables (V (F Σ P Σ )= ). Each v V has a unique type α Σ (v) T Σ. Terms are defined recursively: Terms A first-order term of type τ T Σ is either a variable of type τ, or has the form f (t 1,..., t n ), where f F Σ has result type τ, and each t i is term of the correct type, following the typing α Σ of f. Ina Schaefer FSE 21

23 First-Order Terms We assume a set V of variables (V (F Σ P Σ )= ). Each v V has a unique type α Σ (v) T Σ. Terms are defined recursively: Terms A first-order term of type τ T Σ is either a variable of type τ, or has the form f (t 1,..., t n ), where f F Σ has result type τ, and each t i is term of the correct type, following the typing α Σ of f. If f is a constant symbol, the term is written f, instead of f (). Ina Schaefer FSE 22

24 Terms over Signature 1 example terms over Σ 1 : (assume variables int v 1 ; int v 2 ;) Ina Schaefer FSE 23

25 Terms over Signature 1 example terms over Σ 1 : (assume variables int v 1 ; int v 2 ;) -7 +(-2, 99) -(7, 8) +(-(7, 8), 1) +(-(v 1, 8), v 2 ) Ina Schaefer FSE 24

26 Terms over Signature 1 example terms over Σ 1 : (assume variables int v 1 ; int v 2 ;) -7 +(-2, 99) -(7, 8) +(-(7, 8), 1) +(-(v 1, 8), v 2 ) some variants of FOL allow infix notation of functions: (7-8) + 1 (v 1-8) + v 2 Ina Schaefer FSE 25

27 Terms over Signature 2 example terms over Σ 2 : (assume variables LinkedIntList o; int v;) Ina Schaefer FSE 26

28 Terms over Signature 2 example terms over Σ 2 : (assume variables LinkedIntList o; int v;) -7 null new(13, null) elem(new(13, null)) next(next(o)) Ina Schaefer FSE 27

29 Terms over Signature 2 example terms over Σ 2 : (assume variables LinkedIntList o; int v;) -7 null new(13, null) elem(new(13, null)) next(next(o)) for first-order functions modeling object fields, we allow dotted postfix notation: new(13, null).elem o.next.next Ina Schaefer FSE 28

30 Atomic Formulas Logical Atoms Given a signature Σ. A logical atom has either of the forms true false t 1 = t 2 ( equality ), where t 1 and t 2 have the same type. p(t 1,..., t n ) ( predicate ), where p P Σ, and each t i is term of the correct type, following the typing α Σ of p. Ina Schaefer FSE 29

31 Atomic Formulas over Signature 1 example formulas over Σ 1 : (assume variable int v;) Ina Schaefer FSE 30

32 Atomic Formulas over Signature 1 example formulas over Σ 1 : (assume variable int v;) 7 = 8 7 < v < 99 v < (v + 1) Ina Schaefer FSE 31

33 Atomic Formulas over Signature 2 example formulas over Σ 2 : (assume variables LinkedIntList o; int v;) Ina Schaefer FSE 32

34 Atomic Formulas over Signature 2 example formulas over Σ 2 : (assume variables LinkedIntList o; int v;) new(13, null) = null elem(new(13, null)) = 13 next(new(13, null)) = null next(next(o)) = o Ina Schaefer FSE 33

35 General Formulas first-order formulas are defined recursively: Formulas each atomic formula is a formula with φ and ψ formulas, x a variable, and τ a type, the following are also formulas: φ ( not φ ) φ ψ ( φ and ψ ) φ ψ ( φ or ψ ) φ ψ ( φ implies ψ ) φ ψ ( φ is equivalent to ψ ) Ina Schaefer FSE 34

36 General Formulas first-order formulas are defined recursively: Formulas each atomic formula is a formula with φ and ψ formulas, x a variable, and τ a type, the following are also formulas: φ ( not φ ) φ ψ ( φ and ψ ) φ ψ ( φ or ψ ) φ ψ ( φ implies ψ ) φ ψ ( φ is equivalent to ψ ) τ x; φ ( for all x of type τ holds φ ) Ina Schaefer FSE 35

37 General Formulas first-order formulas are defined recursively: Formulas each atomic formula is a formula with φ and ψ formulas, x a variable, and τ a type, the following are also formulas: φ ( not φ ) φ ψ ( φ and ψ ) φ ψ ( φ or ψ ) φ ψ ( φ implies ψ ) φ ψ ( φ is equivalent to ψ ) τ x; φ ( for all x of type τ holds φ ) τ x; φ ( there exists an x of type τ such that φ ) Ina Schaefer FSE 36

38 General Formulas first-order formulas are defined recursively: Formulas each atomic formula is a formula with φ and ψ formulas, x a variable, and τ a type, the following are also formulas: φ ( not φ ) φ ψ ( φ and ψ ) φ ψ ( φ or ψ ) φ ψ ( φ implies ψ ) φ ψ ( φ is equivalent to ψ ) τ x; φ ( for all x of type τ holds φ ) τ x; φ ( there exists an x of type τ such that φ ) In τ x; φ and τ x; φ the variable x is bound (i.e., not free ). Ina Schaefer FSE 37

39 General Formulas first-order formulas are defined recursively: Formulas each atomic formula is a formula with φ and ψ formulas, x a variable, and τ a type, the following are also formulas: φ ( not φ ) φ ψ ( φ and ψ ) φ ψ ( φ or ψ ) φ ψ ( φ implies ψ ) φ ψ ( φ is equivalent to ψ ) τ x; φ ( for all x of type τ holds φ ) τ x; φ ( there exists an x of type τ such that φ ) In τ x; φ and τ x; φ the variable x is bound (i.e., not free ). Formulas with no free variable are closed. Ina Schaefer FSE 38

40 General Formulas: Examples (signatures/types left out here) Example (There are at least two elements) Ina Schaefer FSE 39

41 General Formulas: Examples (signatures/types left out here) Example (There are at least two elements) x, y; (x = y) Ina Schaefer FSE 40

42 General Formulas: Examples (signatures/types left out here) Example (Strict partial order) Ina Schaefer FSE 41

43 General Formulas: Examples (signatures/types left out here) Example (Strict partial order) Irreflexivity x; (x < x) Asymmetry x; y;(x < y (y < x)) Transitivity x; y; z; (x < y y < z x < z) Ina Schaefer FSE 42

44 General Formulas: Examples (signatures/types left out here) Example (Strict partial order) Irreflexivity x; (x < x) Asymmetry x; y;(x < y (y < x)) Transitivity x; y; z; (x < y y < z x < z) (is any of the three formulas redundant?) Ina Schaefer FSE 43

45 General Formulas: Examples (signatures/types left out here) Example (All models have infinite domain) Ina Schaefer FSE 44

46 General Formulas: Examples (signatures/types left out here) Example (All models have infinite domain) Signature and axioms of strict partial order plus Existence Successor x; y; x < y Ina Schaefer FSE 45

47 Semantics (briefly, but see Appendix) Domain A domain D is a set of elements which are (potentially) the meaning of terms and variables. Ina Schaefer FSE 46

48 Semantics (briefly, but see Appendix) Domain A domain D is a set of elements which are (potentially) the meaning of terms and variables. Interpretation An interpretation I (over D) assigns meaning to the symbols in F Σ P Σ (assigning functions to function symbols, relations to predicate symbols). Ina Schaefer FSE 47

49 Semantics (briefly, but see Appendix) Domain A domain D is a set of elements which are (potentially) the meaning of terms and variables. Interpretation An interpretation I (over D) assigns meaning to the symbols in F Σ P Σ (assigning functions to function symbols, relations to predicate symbols). Valuation In a given D and I, a closed formula evaluates to either T or F. Ina Schaefer FSE 48

50 Semantics (briefly, but see Appendix) Domain A domain D is a set of elements which are (potentially) the meaning of terms and variables. Interpretation An interpretation I (over D) assigns meaning to the symbols in F Σ P Σ (assigning functions to function symbols, relations to predicate symbols). Valuation In a given D and I, a closed formula evaluates to either T or F. Validity A closed formula is valid if it evaluates to T in all D and I. Ina Schaefer FSE 49

51 Semantics (briefly, but see Appendix) Domain A domain D is a set of elements which are (potentially) the meaning of terms and variables. Interpretation An interpretation I (over D) assigns meaning to the symbols in F Σ P Σ (assigning functions to function symbols, relations to predicate symbols). Valuation In a given D and I, a closed formula evaluates to either T or F. Validity A closed formula is valid if it evaluates to T in all D and I. In the context of specification/verification of programs: each (D, I) is called a state. Ina Schaefer FSE 50

52 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: Ina Schaefer FSE 51

53 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) Ina Schaefer FSE 52

54 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ Ina Schaefer FSE 53

55 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) Ina Schaefer FSE 54

56 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ Ina Schaefer FSE 55

57 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) Ina Schaefer FSE 56

58 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ Ina Schaefer FSE 57

59 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) Ina Schaefer FSE 58

60 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ Ina Schaefer FSE 59

61 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ Ina Schaefer FSE 60

62 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) Ina Schaefer FSE 61

63 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) Ina Schaefer FSE 62

64 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) ( φ ψ) Ina Schaefer FSE 63

65 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) ( φ ψ) φ true Ina Schaefer FSE 64

66 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) ( φ ψ) φ true false φ Ina Schaefer FSE 65

67 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) ( φ ψ) φ true false φ (true φ) Ina Schaefer FSE 66

68 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) ( φ ψ) φ true false φ (true φ) φ Ina Schaefer FSE 67

69 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) ( φ ψ) φ true false φ (true φ) φ (φ false) Ina Schaefer FSE 68

70 Useful Valid Formulas Let φ and ψ be arbitrary, closed formulas (whether valid of not). The following formulas are valid: (φ ψ) φ ψ (φ ψ) φ ψ (true φ) φ (false φ) φ true φ (false φ) (φ ψ) ( φ ψ) φ true false φ (true φ) φ (φ false) φ Ina Schaefer FSE 69

71 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: Ina Schaefer FSE 70

72 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) Ina Schaefer FSE 71

73 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ Ina Schaefer FSE 72

74 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) Ina Schaefer FSE 73

75 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ Ina Schaefer FSE 74

76 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ ( τ x; φ ψ) Ina Schaefer FSE 75

77 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) Ina Schaefer FSE 76

78 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) ( τ x; φ ψ) Ina Schaefer FSE 77

79 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) Ina Schaefer FSE 78

80 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) Are the following formulas also valid? Ina Schaefer FSE 79

81 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) Are the following formulas also valid? ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) Ina Schaefer FSE 80

82 Useful Valid Formulas Assume that x is the only variable which may appear freely in φ or ψ. The following formulas are valid: ( τ x; φ) τ x; φ ( τ x; φ) τ x; φ ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) Are the following formulas also valid? ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) ( τ x; φ ψ) ( τ x; φ) ( τ x; ψ) Ina Schaefer FSE 81

83 Remark on Concrete Syntax Text book Spin KeY Negation!! Conjunction && & Disjunction Implication, > > Equivalence < > < > Universal Quantifier x; φ n/a \forall τ x; φ Existential Quantifier x; φ n/a \exists τ x; φ. Value equality = == = Ina Schaefer FSE 82

84 Part I Sequent Calculus for FOL Ina Schaefer FSE 83

85 Reasoning by Syntactic Transformation Prove Validity of φ by syntactic transformation of φ Ina Schaefer FSE 84

86 Reasoning by Syntactic Transformation Prove Validity of φ by syntactic transformation of φ Logic Calculus: Sequent Calculus based on notion of sequent: ψ 1,..., ψ m }{{} Antecedent = φ 1,..., φ n }{{} Succedent Ina Schaefer FSE 85

87 Reasoning by Syntactic Transformation Prove Validity of φ by syntactic transformation of φ Logic Calculus: Sequent Calculus based on notion of sequent: ψ 1,..., ψ m }{{} Antecedent = φ 1,..., φ n }{{} Succedent has same meaning as (ψ 1 ψ m ) (φ 1 φ n ) Ina Schaefer FSE 86

88 Reasoning by Syntactic Transformation Prove Validity of φ by syntactic transformation of φ Logic Calculus: Sequent Calculus based on notion of sequent: ψ 1,..., ψ m }{{} Antecedent = φ 1,..., φ n }{{} Succedent has same meaning as (ψ 1 ψ m ) (φ 1 φ n ) which has same meaning as {ψ 1,..., ψ m } = φ 1 φ n Ina Schaefer FSE 87

89 Notation for Sequents ψ 1,..., ψ m = φ 1,..., φ n Consider antecedent/succedent as sets of formulas, may be empty Ina Schaefer FSE 88

90 Notation for Sequents ψ 1,..., ψ m = φ 1,..., φ n Consider antecedent/succedent as sets of formulas, may be empty Schema Variables φ, ψ,... match formulas, Γ,,... match sets of formulas Characterize infinitely many sequents with a single schematic sequent Γ = φ ψ, Matches any sequent with occurrence of conjunction in succedent Call φ ψ main formula and Γ, side formulas of sequent Any sequent of the form Γ,φ = φ, is logically valid: axiom Ina Schaefer FSE 89

91 Sequent Calculus Rules Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible RuleName Premisses {}}{ Γ 1 = 1 Γ r = r Γ= }{{} Conclusion Ina Schaefer FSE 90

92 Sequent Calculus Rules Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible RuleName Premisses {}}{ Γ 1 = 1 Γ r = r Γ= }{{} Conclusion Meaning: For proving the Conclusion, it suffices to prove all Premisses. Ina Schaefer FSE 91

93 Sequent Calculus Rules Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible RuleName Premisses {}}{ Γ 1 = 1 Γ r = r Γ= }{{} Conclusion Meaning: For proving the Conclusion, it suffices to prove all Premisses. Example andright Γ= φ, Γ = ψ, Γ= φ ψ, Ina Schaefer FSE 92

94 Sequent Calculus Rules Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible RuleName Premisses {}}{ Γ 1 = 1 Γ r = r Γ= }{{} Conclusion Meaning: For proving the Conclusion, it suffices to prove all Premisses. Example andright Γ= φ, Γ = ψ, Γ= φ ψ, Admissible to have no premisses (iff conclusion is valid, eg axiom) Ina Schaefer FSE 93

95 Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, Ina Schaefer FSE 94

96 Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, and Γ, φ, ψ = Γ,φ ψ = Γ= φ, Γ = ψ, Γ= φ ψ, Ina Schaefer FSE 95

97 Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, and or Γ, φ, ψ = Γ,φ ψ = Γ,φ = Γ,ψ = Γ,φ ψ = Γ= φ, Γ = ψ, Γ= φ ψ, Γ= φ, ψ, Γ= φ ψ, Ina Schaefer FSE 96

98 Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, and or imp Γ, φ, ψ = Γ,φ ψ = Γ,φ = Γ,ψ = Γ,φ ψ = Γ= φ, Γ,ψ = Γ,φ ψ = Γ= φ, Γ = ψ, Γ= φ ψ, Γ= φ, ψ, Γ= φ ψ, Γ,φ = ψ, Γ= φ ψ, Ina Schaefer FSE 97

99 Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, and or imp Γ, φ, ψ = Γ,φ ψ = Γ,φ = Γ,ψ = Γ,φ ψ = Γ= φ, Γ,ψ = Γ,φ ψ = Γ= φ, Γ = ψ, Γ= φ ψ, Γ= φ, ψ, Γ= φ ψ, Γ,φ = ψ, Γ= φ ψ, close Γ,φ = φ, Ina Schaefer FSE 98

100 Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, and or imp Γ, φ, ψ = Γ,φ ψ = Γ,φ = Γ,ψ = Γ,φ ψ = Γ= φ, Γ,ψ = Γ,φ ψ = Γ= φ, Γ = ψ, Γ= φ ψ, Γ= φ, ψ, Γ= φ ψ, Γ,φ = ψ, Γ= φ ψ, close Γ,φ = φ, true Γ= true, Ina Schaefer FSE 99

101 Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, and or imp Γ, φ, ψ = Γ,φ ψ = Γ,φ = Γ,ψ = Γ,φ ψ = Γ= φ, Γ,ψ = Γ,φ ψ = Γ= φ, Γ = ψ, Γ= φ ψ, Γ= φ, ψ, Γ= φ ψ, Γ,φ = ψ, Γ= φ ψ, close Γ,φ = φ, true Γ= true, false Γ, false = Ina Schaefer FSE 100

102 Sequent Calculus Proofs Goal to prove: G = ψ 1,..., ψ m = φ 1,..., φ n find rule R whose conclusion matches G instantiate R such that conclusion identical to G recursively find proofs for resulting premisses G 1,..., G r tree structure with goal as root close proof branch when rule without premiss encountered Goal-directed proof search In KeY tool proof displayed as Java Swing tree Ina Schaefer FSE 101

103 A Simple Proof = (p (p q)) q Ina Schaefer FSE 102

104 A Simple Proof p (p q) = q = (p (p q)) q Ina Schaefer FSE 103

105 A Simple Proof p, (p q) = q p (p q) = q = (p (p q)) q Ina Schaefer FSE 104

106 A Simple Proof p = q, p p, q = q p, (p q) = q p (p q) = q = (p (p q)) q Ina Schaefer FSE 105

107 A Simple Proof Close p = q, p p, q = q Close p, (p q) = q p (p q) = q = (p (p q)) q Ina Schaefer FSE 106

108 A Simple Proof Close p = q, p p, q = q Close p, (p q) = q p (p q) = q = (p (p q)) q Demo A proof is closed iff all its branches are closed prop.key Ina Schaefer FSE 107

109 Proving Validity of First-Order Formulas Proving a universally quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? Ina Schaefer FSE 108

110 Proving Validity of First-Order Formulas Proving a universally quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? All even numbers are divisible by 2 int x; (even(x) divbytwo(x)) Ina Schaefer FSE 109

111 Proving Validity of First-Order Formulas Proving a universally quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? All even numbers are divisible by 2 int x; (even(x) divbytwo(x)) Let c be an arbitrary number Declare unused constant int c Ina Schaefer FSE 110

112 Proving Validity of First-Order Formulas Proving a universally quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? All even numbers are divisible by 2 int x; (even(x) divbytwo(x)) Let c be an arbitrary number Declare unused constant int c The even number c is divisible by 2 prove even(c) divbytwo(c) Ina Schaefer FSE 111

113 Proving Validity of First-Order Formulas Proving a universally quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? All even numbers are divisible by 2 int x; (even(x) divbytwo(x)) Let c be an arbitrary number Declare unused constant int c The even number c is divisible by 2 prove even(c) divbytwo(c) Sequent rule -right forallright Γ= [x/c] φ, Γ= τ x; φ, [x/c] φ is result of replacing each occurrence of x in φ with c c new constant of type τ Ina Schaefer FSE 112

114 Proving Validity of First-Order Formulas Cont d Proving an existentially quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? Ina Schaefer FSE 113

115 Proving Validity of First-Order Formulas Cont d Proving an existentially quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? There is at least one prime number int x; prime(x) Ina Schaefer FSE 114

116 Proving Validity of First-Order Formulas Cont d Proving an existentially quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? There is at least one prime number int x; prime(x) Provide any witness, say, 7 Use variable-free term int 7 Ina Schaefer FSE 115

117 Proving Validity of First-Order Formulas Cont d Proving an existentially quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? There is at least one prime number int x; prime(x) Provide any witness, say, 7 Use variable-free term int 7 7 is a prime number prime(7) Ina Schaefer FSE 116

118 Proving Validity of First-Order Formulas Cont d Proving an existentially quantified formula Claim: τ x; φ is true How is such a claim proved in mathematics? There is at least one prime number int x; prime(x) Provide any witness, say, 7 Use variable-free term int 7 7 is a prime number prime(7) Sequent rule -right existsright Γ= [x/t ] φ, τ x; φ, Γ= τ x; φ, t any variable-free term of type τ Proof might not work with t! Need to keep premise to try again Ina Schaefer FSE 117

119 Proving Validity of First-Order Formulas Cont d Using a universally quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? Ina Schaefer FSE 118

120 Proving Validity of First-Order Formulas Cont d Using a universally quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? We know that all primes are odd int x; (prime(x) odd(x)) Ina Schaefer FSE 119

121 Proving Validity of First-Order Formulas Cont d Using a universally quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? We know that all primes are odd int x; (prime(x) odd(x)) In particular, this holds for 17 Use variable-free term int 17 Ina Schaefer FSE 120

122 Proving Validity of First-Order Formulas Cont d Using a universally quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? We know that all primes are odd int x; (prime(x) odd(x)) In particular, this holds for 17 Use variable-free term int 17 We know: if 17 is prime it is odd prime(17) odd(17) Ina Schaefer FSE 121

123 Proving Validity of First-Order Formulas Cont d Using a universally quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? We know that all primes are odd int x; (prime(x) odd(x)) In particular, this holds for 17 Use variable-free term int 17 We know: if 17 is prime it is odd Sequent rule -left prime(17) odd(17) forallleft Γ, τ x; φ, [x/t ] φ = Γ, τ x; φ = t any variable-free term of type τ We might need other instances besides t! Keep premise τ x; φ Ina Schaefer FSE 122

124 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? Ina Schaefer FSE 123

125 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? We know such an element exists. Let s give it a new name for future reference. Ina Schaefer FSE 124

126 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula We assume τ x; φ is true How is such a fact used in a mathematical proof? We know such an element exists. Let s give it a new name for future reference. Sequent rule -left existsleft Γ, [x/c] φ = Γ, τ x; φ = c new constant of type τ Ina Schaefer FSE 125

127 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula Ina Schaefer FSE 126

128 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula Let x, y denote integer constants, both are not zero. (x. = 0), (y. = 0) = Ina Schaefer FSE 127

129 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula Let x, y denote integer constants, both are not zero. We know further that x divides y. (x. = 0), (y. = 0), int k; k x. = y = Ina Schaefer FSE 128

130 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula Let x, y denote integer constants, both are not zero. We know further that x divides y. Show: (y/x) x. = y ( / is division on integers, i.e. the equation is not always true, e.g. x =2, y = 1) (x. = 0), (y. = 0), int k; k x. = y = (y/x) x. = y Ina Schaefer FSE 129

131 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula Let x, y denote integer constants, both are not zero. We know further that x divides y. Show: (y/x) x. = y ( / is division on integers, i.e. the equation is not always true, e.g. x =2, y = 1) Proof: We know x divides y, i.e. there exists a k such that k x. = y. Let now c denote such a k. (x. = 0), (y. = 0), c x. = y = (y/x) x. = y (x. = 0), (y. = 0), int k; k x. = y = (y/x) x. = y Ina Schaefer FSE 130

132 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula Let x, y denote integer constants, both are not zero. We know further that x divides y. Show: (y/x) x =. y ( / is division on integers, i.e. the equation is not always true, e.g. x =2, y = 1) Proof: We know x divides y, i.e. there exists a k such that k x =. y. Let now c denote such a k. Hence we can replace y by c x on the right side (see slide 34). (x. = 0), (y. = 0), c x. = y = ((c x)/x) x. = y (x. = 0), (y. = 0), c x. = y = (y/x) x. = y (x. = 0), (y. = 0), int k; k x. = y = (y/x) x. = y Ina Schaefer FSE 131

133 Proving Validity of First-Order Formulas Cont d Using an existentially quantified formula Let x, y denote integer constants, both are not zero. We know further that x divides y. Show: (y/x) x =. y ( / is division on integers, i.e. the equation is not always true, e.g. x =2, y = 1) Proof: We know x divides y, i.e. there exists a k such that k x =. y. Let now c denote such a k. Hence we can replace y by c x on the right side (see slide 34)..... (x. = 0), (y. = 0), c x. = y = ((c x)/x) x. = y (x. = 0), (y. = 0), c x. = y = (y/x) x. = y (x. = 0), (y. = 0), int k; k x. = y = (y/x) x. = y Ina Schaefer FSE 132

134 Proving Validity of First-Order Formulas Cont d Example (A simple theorem about binary relations) x; y; p(x, y) = y; x; p(x, y) Untyped logic: let static type of x and y be Ina Schaefer FSE 133

135 Proving Validity of First-Order Formulas Cont d Example (A simple theorem about binary relations) y; p(c, y) = y; x; p(x, y) x; y; p(x, y) = y; x; p(x, y) -left: substitute new constant c of type for x Ina Schaefer FSE 134

136 Proving Validity of First-Order Formulas Cont d Example (A simple theorem about binary relations) y; p(c, y) = x; p(x, d) y; p(c, y) = y; x; p(x, y) x; y; p(x, y) = y; x; p(x, y) -right: substitute new constant d of type for y Ina Schaefer FSE 135

137 Proving Validity of First-Order Formulas Cont d Example (A simple theorem about binary relations) p(c, d), y; p(c, y) = x; p(x, d) y; p(c, y) = x; p(x, d) y; p(c, y) = y; x; p(x, y) x; y; p(x, y) = y; x; p(x, y) -left: free to substitute any term of type for y, choose d Ina Schaefer FSE 136

138 Proving Validity of First-Order Formulas Cont d Example (A simple theorem about binary relations) p(c, d), y; p(c, y) = p(c, d), x; p(x, y) p(c, d), y; p(c, y) = x; p(x, d) y; p(c, y) = x; p(x, d) y; p(c, y) = y; x; p(x, y) x; y; p(x, y) = y; x; p(x, y) -right: free to substitute any term of type for x, choose c Ina Schaefer FSE 137

139 Proving Validity of First-Order Formulas Cont d Example (A simple theorem about binary relations) p(c, d), y; p(c, y) = p(c, d), x; p(x, y) p(c, d), y; p(c, y) = x; p(x, d) y; p(c, y) = x; p(x, d) y; p(c, y) = y; x; p(x, y) x; y; p(x, y) = y; x; p(x, y) Close Ina Schaefer FSE 138

140 Proving Validity of First-Order Formulas Cont d Example (A simple theorem about binary relations) p(c, d), y; p(c, y) = p(c, d), x; p(x, y) p(c, d), y; p(c, y) = x; p(x, d) y; p(c, y) = x; p(x, d) y; p(c, y) = y; x; p(x, y) x; y; p(x, y) = y; x; p(x, y) Demo relsimple.key Ina Schaefer FSE 139

141 Proving Validity of First-Order Formulas Cont d Using an equation between terms We assume t. = t is true How is such a fact used in a mathematical proof? Ina Schaefer FSE 140

142 Proving Validity of First-Order Formulas Cont d Using an equation between terms We assume t. = t is true How is such a fact used in a mathematical proof? Use x =. y 1 to simplify x+1/y x =. y 1 = 1 =. x+1/y Ina Schaefer FSE 141

143 Proving Validity of First-Order Formulas Cont d Using an equation between terms We assume t. = t is true How is such a fact used in a mathematical proof? Use x =. y 1 to simplify x+1/y x =. y 1 = 1 =. x+1/y Replace x in conclusion with right-hand side of equation Ina Schaefer FSE 142

144 Proving Validity of First-Order Formulas Cont d Using an equation between terms We assume t. = t is true How is such a fact used in a mathematical proof? Use x =. y 1 to simplify x+1/y x =. y 1 = 1 =. x+1/y Replace x in conclusion with right-hand side of equation We know: x+1/y equal to y 1+1/y x. = y 1 = 1. = y 1+1/y Ina Schaefer FSE 143

145 Proving Validity of First-Order Formulas Cont d Using an equation between terms We assume t. = t is true How is such a fact used in a mathematical proof? Use x =. y 1 to simplify x+1/y x =. y 1 = 1 =. x+1/y Replace x in conclusion with right-hand side of equation We know: x+1/y equal to y 1+1/y x. = y 1 = 1. = y 1+1/y Sequent rule =-left. applyeql Γ, t =. t, [t/t ] φ = Γ, t =. t,φ = applyeqr Γ, t. = t = [t/t ] φ, Γ, t. = t = φ, Always replace left- with right-hand side (use eqsymm if necessary) t,t variable-free terms of the same type Ina Schaefer FSE 144

146 Proving Validity of First-Order Formulas Cont d Closing a subgoal in a proof We derived a sequent that is obviously valid close Γ,φ = φ, true Γ= true, false Γ, false = We derived an equation that is obviously valid eqclose Γ= t. = t, Ina Schaefer FSE 145

147 Sequent Calculus for FOL at One Glance left side, antecedent Γ, τ x; φ, [x/t ] φ = Γ, τ x; φ = Γ, [x/c] φ = Γ, τ x; φ = right side, succedent Γ= [x/c] φ, Γ= τ x; φ, Γ= [x/t ] φ, τ x; φ, Γ= τ x; φ,. = Γ, t. = t = [t/t ] φ, Γ, t. = t = φ, Γ= t. = t, (+ application rule on left side) [t/t ] φ is result of replacing each occurrence of t in φ with t t,t variable-free terms of type τ c new constant of type τ (occurs not on current proof branch) Equations can be reversed by commutativity Ina Schaefer FSE 146

148 Recap: Propositional Sequent Calculus Rules main left side (antecedent) right side (succedent) Γ= φ, Γ,φ = not Γ, φ = Γ= φ, and or imp Γ, φ, ψ = Γ,φ ψ = Γ,φ = Γ,ψ = Γ,φ ψ = Γ= φ, Γ,ψ = Γ,φ ψ = Γ= φ, Γ = ψ, Γ= φ ψ, Γ= φ, ψ, Γ= φ ψ, Γ,φ = ψ, Γ= φ ψ, close Γ,φ = φ, true Γ= true, false Γ, false = Ina Schaefer FSE 147

149 Features of the KeY Theorem Prover Demo Feature List rel.key, twoinstances.key Can work on multiple proofs simultaneously (task list) Proof trees visualized as Java Swing tree Point-and-click navigation within proof Undo proof steps, prune proof trees Pop-up menu with proof rules applicable in pointer focus Preview of rule effect as tool tip Quantifier instantiation and equality rules by drag-and-drop Possible to hide (and unhide) parts of a sequent Saving and loading of proofs Ina Schaefer FSE 148

150 Literature for this Lecture essential: W. Ahrendt Using KeY Chapter 10 in [KeYbook] further reading: M. Giese First-Order Logic Chapter 2 in [KeYbook] KeYbook B. Beckert, R. Hähnle, and P. Schmitt, editors, Verification of Object-Oriented Software: The KeY Approach, vol 4334 of LNCS (Lecture Notes in Computer Science), Springer, 2006 (access via Chalmers library E-books Lecture Notes in Computer Science) Ina Schaefer FSE 149

151 Part II Appendix: First-Order Semantics Ina Schaefer FSE 150

152 First-Order Semantics From propositional to first-order semantics In prop. logic, an interpretation of variables with {T, F } sufficed In first-order logic we must assign meaning to: variables bound in quantifiers constant and function symbols predicate symbols Each variable or function value may denote a different object Respect typing: int i, List l must denote different objects What we need (to interpret a first-order formula) 1. A collection of typed universes of objects 2. A mapping from variables to objects 3. A mapping from function arguments to function values Ina Schaefer FSE 151

153 First-Order Domains/Universes 1. A collection of typed universes of objects Definition (Universe/Domain) A non-empty set D of objects is a universe or domain Each element of D has a fixed type given by δ : D τ Notation for the domain elements of type τ T : D τ = {d D δ(d) =τ} Each type τ T must contain at least one domain element: D τ Ina Schaefer FSE 152

154 First-Order States 3. A mapping from function arguments to function values 4. The set of argument tuples where a predicate is true Definition (First-Order State) Let D be a domain with typing function δ Let f be declared as τ f (τ 1,..., τ r ); Let p be declared as p(τ 1,..., τ r ); Let I(f ):D τ 1 D τr D τ Let I(p) D τ 1 D τr Then S =(D, δ, I) is a first-order state Ina Schaefer FSE 153

155 First-Order States Cont d Example Signature: int i; short j; int f(int); Object obj; <(int,int); D = {17, 2, o} where all numbers are short I(i) = 17 I(j) = 17 I(obj) =o D int I(f ) D int D int in I(<)? (2, 2) F (2, 17) T (17, 2) F (17, 17) F One of uncountably many possible first-order states! Ina Schaefer FSE 154

156 Semantics of Reserved Signature Symbols Definition Equality symbol. = declared as. = (, ) Interpretation is fixed as I(. =) = {(d, d) d D} Referential Equality (holds if arguments refer to identical object) Exercise: write down the predicate table for example domain Ina Schaefer FSE 155

157 Signature Symbols vs. Domain Elements Domain elements different from the terms representing them First-order formulas and terms have no access to domain Example Signature: Object obj1, obj2; Domain: D = {o} In this state, necessarily I(obj1) = I(obj2) = o Ina Schaefer FSE 156

158 Variable Assignments 2. A mapping from variables to objects Think of variable assignment as environment for storage of local variables Definition (Variable Assignment) A variable assignment β maps variables to domain elements It respects the variable type, i.e., if x has type τ then β(x) D τ Definition (Modified Variable Assignment) Let y be variable of type τ, β variable assignment, d D τ : { βy d β(x) x y (x) := d x = y Ina Schaefer FSE 157

159 Semantic Evaluation of Terms Given a first-order state S and a variable assignment β it is possible to evaluate first-order terms under S and β Definition (Valuation of Terms) val S,β : Term D such that val S,β (t) D τ for t Term τ : val S,β (x) =β(x) val S,β (f (t 1,..., t r )) = I(f )(val S,β (t 1 ),..., val S,β (t r )) Ina Schaefer FSE 158

160 Semantic Evaluation of Terms Cont d Example Signature: int i; short j; int f(int); D = {17, 2, o} where all numbers are short Variables: Object obj; int x; I(i) = 17 I(j) = 17 D int I(f) Var β obj o x 17 val S,β (f(f(i)))? val S,β (x)? Ina Schaefer FSE 159

161 Semantic Evaluation of Formulas Definition (Valuation of Formulas) val S,β (φ) for φ For val S,β (p(t 1,..., t r )=T iff (val S,β (t 1 ),..., val S,β (t r )) I(p) val S,β (φ ψ) =T iff val S,β (φ) =T and val S,β (ψ) =T... as in propositional logic val S,β ( τ x; φ) =T iff val S,β d x ( τ x; φ) =T for all d D τ val S,β ( τ x; φ) =T iff val S,β d x ( τ x; φ) =T for at least one d D τ Ina Schaefer FSE 160

162 Semantic Evaluation of Formulas Cont d Example Signature: short j; int f(int); Object obj; <(int,int); D = {17, 2, o} where all numbers are short I(j) = 17 I(obj) =o D int I(f ) D int D int in I(<)? (2, 2) F (2, 17) T (17, 2) F (17, 17) F val S,β (f (j) < j)? val S,β ( int x; f (x). = x)? val S,β ( Object o1; Object o2; o1. = o2)? Ina Schaefer FSE 161

163 Semantic Notions Definition (Satisfiability, Truth, Validity) val S,β (φ) =T (φ is satisfiable) S = φ iff for all β : val S,β (φ) =T (φ is true in S) = φ iff for all S : S = φ (φ is valid) Closed formulas that are satisfiable are also true: one top-level notion Ina Schaefer FSE 162

164 Semantic Notions Definition (Satisfiability, Truth, Validity) val S,β (φ) =T (φ is satisfiable) S = φ iff for all β : val S,β (φ) =T (φ is true in S) = φ iff for all S : S = φ (φ is valid) Closed formulas that are satisfiable are also true: one top-level notion Example f (j) < j is true in S. int x; i = x is valid int x; (x. = x) is not satisfiable Ina Schaefer FSE 163