First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

Similar documents
Programming Languages and Compilers (CS 421)

Deductive Verification

CS477 Formal Software Dev Methods

Spring 2015 Program Analysis and Verification. Lecture 4: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

Lecture 1: Logical Foundations

Spring 2016 Program Analysis and Verification. Lecture 3: Axiomatic Semantics I. Roman Manevich Ben-Gurion University

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms

Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

Logic Part I: Classical Logic and Its Semantics

Program Analysis Part I : Sequential Programs

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P.

Logic. Propositional Logic: Syntax. Wffs

Weakest Precondition Calculus

Propositional Logic: Syntax

Automated Reasoning Lecture 5: First-Order Logic

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

Lecture 2: Axiomatic semantics

First Order Logic (FOL) 1 znj/dm2017

Axiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs

Model Checking for Propositions CS477 Formal Software Dev Methods

Propositional Logic: Part II - Syntax & Proofs 0-0

Axiomatic Semantics. Hoare s Correctness Triplets Dijkstra s Predicate Transformers

Notation for Logical Operators:

Hoare Logic: Reasoning About Imperative Programs

Propositional Logic Language

Propositional Logic: Deductive Proof & Natural Deduction Part 1

Learning Goals of CS245 Logic and Computation


The Assignment Axiom (Hoare)

Přednáška 12. Důkazové kalkuly Kalkul Hilbertova typu. 11/29/2006 Hilbertův kalkul 1

CS558 Programming Languages

Mathematics 114L Spring 2018 D.A. Martin. Mathematical Logic

Hoare Logic (I): Axiomatic Semantics and Program Correctness

Last Time. Inference Rules

Proof Calculus for Partial Correctness

A Short Introduction to Hoare Logic

ON SOME APPLIED FIRST-ORDER THEORIES WHICH CAN BE REPRESENTED BY DEFINITIONS

Natural Deduction for Propositional Logic

Proofs of Correctness: Introduction to Axiomatic Verification

Logic. Propositional Logic: Syntax

Relations to first order logic

CHAPTER 2. FIRST ORDER LOGIC

First-order logic Syntax and semantics

Spring 2014 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University

CS 2800: Logic and Computation Fall 2010 (Lecture 13)

Informal Statement Calculus

First Order Logic: Syntax and Semantics

Stanford University CS103: Math for Computer Science Handout LN9 Luca Trevisan April 25, 2014

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC)

PROOFS IN PREDICATE LOGIC AND COMPLETENESS; WHAT DECIDABILITY MEANS HUTH AND RYAN 2.3, SUPPLEMENTARY NOTES 2

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

INTRODUCTION TO PREDICATE LOGIC HUTH AND RYAN 2.1, 2.2, 2.4

Classical First-Order Logic

ACLT: Algebra, Categories, Logic in Topology - Grothendieck's generalized topological spaces (toposes)

Beyond First-Order Logic

Chapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

A Cut-Free Calculus for Second-Order Gödel Logic

Hoare Calculus and Predicate Transformers

CSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.

What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

Formal Methods for Java

Logic: The Big Picture

Formal Methods for Java

Lecture Notes on Compositional Reasoning

Spring 2015 Program Analysis and Verification. Lecture 6: Axiomatic Semantics III. Roman Manevich Ben-Gurion University

The Curry-Howard Isomorphism

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and

CS1021. Why logic? Logic about inference or argument. Start from assumptions or axioms. Make deductions according to rules of reasoning.

Predicate Logic: Sematics Part 1

MATH 770 : Foundations of Mathematics. Fall Itay Ben-Yaacov

Foundations of Computation

Unifying Theories of Programming

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600/COMP6260 (Formal Methods for Software Engineering)

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Hoare Logic and Model Checking

Part 2: First-Order Logic

Program Analysis and Verification

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

03 Review of First-Order Logic

Logics - Introduction

Examples: P: it is not the case that P. P Q: P or Q P Q: P implies Q (if P then Q) Typical formula:

Hoare Examples & Proof Theory. COS 441 Slides 11

Define logic [fuc, ] Natural Deduction. Natural Deduction. Preamble. Akim D le June 14, 2016

Notes. Corneliu Popeea. May 3, 2013

Part I: Propositional Calculus

Formal Reasoning CSE 331. Lecture 2 Formal Reasoning. Announcements. Formalization and Reasoning. Software Design and Implementation

CS589 Principles of DB Systems Fall 2008 Lecture 4e: Logic (Model-theoretic view of a DB) Lois Delcambre

Axiomatic Semantics. Semantics of Programming Languages course. Joosep Rõõmusaare

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Hoare Logic: Part II

Program verification. 18 October 2017

Propositional logic. First order logic. Alexander Clark. Autumn 2014

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

Classical First-Order Logic

λ Slide 1 Content Exercises from last time λ-calculus COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification

Propositional Logic: Models and Proofs

Reasoning About Imperative Programs. COS 441 Slides 10b

Transcription:

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods Elsa L Gunter 2112 SC, UIUC egunter@illinois.edu http://courses.engr.illinois.edu/cs477 Slides based in part on previous lectures by Mahesh Vishwanathan, and by Gul Agha February 16, 2018 First Order Logic extends Propositional Logic with Non-boolean constants Variables Functions and relations (or predicates, more generally) Quantification of variables Sample first order formula: x. y.x < y y x + 1 Reference: Peled, Software Reliability Methods, Chapter 3 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 1 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 2 / 33 Signatures Terms over Signature Start with signature: G = (V, F, af, R, ar) V a countably infinite set of variables F finite set of function symbols af : F N gives the arity, the number of arguments for each function Constant c is a function symbol of arity 0 (af (c) = 0) R finite set of relation symbols ar : R N, the arity for each relation symbol Assumes = R and ar(=) = 2 Terms t are expressions built over a signature (V, F, af, R, ar) t ::= v v V f (t 1,..., t n ) f F and n = af (f ) add(1, abs(x)) where add, abs, 1 F ; x V For constant c write c instead of c( ) Will write s + t instead of +(s, t) Similarly for other common infixes (e.g. +,,,...) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 3 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 4 / 33 Structures Assignments Meaning of terms starts with a structure: where S = (G, D, F, φ, R, ρ) G = (V, F, af, R, ar) a signature, D and domain on interpretation F set of functions over D; F n 0 Dn D Note: F can contain elements of D since D = (D 0 D) φ : F F where if φ(f ) (D n D) then n = af (f ) R set of relations over D; R n 1 P(Dn ) ρ : R R where if ρ(r) D n then n = ar(r) V set of variables, D domain of interpretation An assignment is a function a : V D V = {w, x, y, z} a = {w 3.14, x 2.75, y 13.9, z 25.3} Assignment is a fixed association of values to variables; not update-able Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 5 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 6 / 33

Interpretation of Terms of Interpretation For given assignment a : V D, the interpretation T a of a term t is defined by structural induction on terms: T a (v) = a(v) for v V T a (f (t 1,..., t n )) = φ(f )(T a (t 1 ),..., T a (t n )) V = {w, x, y, z}, D = R 1, add, abs F, constant 1, and functions (in F) for addition and absolute value respectively a = {w 3.14, x 2.75, y 13.9, z 25.3} T a (add(1, abs(x))) = (T a (1)) + (T a (abs(x))) = 1.0 + (T a (abs(x))) = 1.0 + T a (x) = 1.0 + a(x) = 1.0 + 2.75 = 1.0 + 2.75 = 3.75 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 7 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 8 / 33 First-Order Formulae First-order formulae built from terms using relations, logical connectives, quantifiers: form ::= true false r(t 1,..., t n ) r R, t i terms, n = ar(r) (form) form form form form form form form v.form v.form Note: Scope of quantifiers as far to right as possible x.(x > y) (2 > x) same as x.((x > y) (2 > x)) not same as ( x.(x > y)) (2 > x) Subformulae A subformula of formula ψ is a formula that occurs in ψ More rigorous definition by structural induction on formulae ψ subformula of ψ Use proper subformula to exclude ψ Write i=1,...,n ψ i for ψ 1... ψ n ψ i called a conjunct Write i=1,...,n ψ i for ψ 1... ψ n ψ i called a disjunct Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 9 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 10 / 33 M a (true) = T M a (false) = F

M a (true) = T M a (false) = F M a (r(t 1,..., t n )) = T if (T a (t 1 ),..., T a (t n )) ρ(r) and M a (r(t 1,..., t n )) = F if (T a (t 1 ),..., T a (t n )) / ρ(r) M a (true) = T M a (false) = F M a (r(t 1,..., t n )) = T if (T a (t 1 ),..., T a (t n )) ρ(r) and M a (r(t 1,..., t n )) = F if (T a (t 1 ),..., T a (t n )) / ρ(r) M a ((ψ)) = M a (ψ) M a (true) = T M a (false) = F M a (r(t 1,..., t n )) = T if (T a (t 1 ),..., T a (t n )) ρ(r) and M a (r(t 1,..., t n )) = F if (T a (t 1 ),..., T a (t n )) / ρ(r) M a ((ψ)) = M a (ψ) M a ( ψ) = T if M a (ψ) = F and M a ( ψ) = F if M a (ψ) = T M a (true) = T M a (false) = F M a (r(t 1,..., t n )) = T if (T a (t 1 ),..., T a (t n )) ρ(r) and M a (r(t 1,..., t n )) = F if (T a (t 1 ),..., T a (t n )) / ρ(r) M a ((ψ)) = M a (ψ) M a ( ψ) = T if M a (ψ) = F and M a ( ψ) = F if M a (ψ) = T M a (ψ 1 ψ 2 ) = T if M a (ψ 1 ) = T and M a (ψ 2 ) = T, and M a (ψ 1 ψ 2 ) = F otherwise M a (true) = T M a (false) = F M a (r(t 1,..., t n )) = T if (T a (t 1 ),..., T a (t n )) ρ(r) and M a (r(t 1,..., t n )) = F if (T a (t 1 ),..., T a (t n )) / ρ(r) M a ((ψ)) = M a (ψ) M a ( ψ) = T if M a (ψ) = F and M a ( ψ) = F if M a (ψ) = T M a (ψ 1 ψ 2 ) = T if M a (ψ 1 ) = T and M a (ψ 2 ) = T, and M a (ψ 1 ψ 2 ) = F otherwise M a (ψ 1 ψ 2 ) = T if M a (ψ 1 ) = T or M a (ψ 2 ) = T, and M a (ψ 1 ψ 2 ) = F otherwise M a (true) = T M a (false) = F M a (r(t 1,..., t n )) = T if (T a (t 1 ),..., T a (t n )) ρ(r) and M a (r(t 1,..., t n )) = F if (T a (t 1 ),..., T a (t n )) / ρ(r) M a ((ψ)) = M a (ψ) M a ( ψ) = T if M a (ψ) = F and M a ( ψ) = F if M a (ψ) = T M a (ψ 1 ψ 2 ) = T if M a (ψ 1 ) = T and M a (ψ 2 ) = T, and M a (ψ 1 ψ 2 ) = F otherwise M a (ψ 1 ψ 2 ) = T if M a (ψ 1 ) = T or M a (ψ 2 ) = T, and M a (ψ 1 ψ 2 ) = F otherwise M a (ψ 1 ψ 2 ) = T if M a (ψ 1 ) = F or M a (ψ 2 ) = T, and M a (ψ 1 ψ 2 ) = F otherwise

Let { d if w = v a + [v d] (w) = a(w) if w v Let { d if w = v (a + [v d])(w) = a(w) if w v Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 12 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 12 / 33 Let { d if w = v a + [v d] (w) = a(w) if w v Let { d if w = v a + [v d] (w) = a(w) if w v M a ( v.ψ) = T if for every d D we have M a+[v d] (ψ) = T, and M a ( v.ψ) = F otherwise M a ( v.ψ) = T if for every d D we have M a+[v d] (ψ) = T, and M a ( v.ψ) = F otherwise M a ( v.ψ) = T if there exists d D such that M a+[v d] (ψ) = T, and M a ( v.ψ) = F otherwise Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 12 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 12 / 33 Modeling First-order Formulae s Given structure S = (G, D, F, φ, R, ρ) where G = (V, F, af, R, ar) (S, M) model for first-order language over signature G Truth of formulae in language over signature G depends on structure S Assignment a models ψ, or a satisfies ψ, or a = S ψ if M a (ψ) = T ψ is valid for S if a = S ψ for some a. S is a model of ψ, written = S ψ if every assignment for S satisfies ψ. ψ is valid, or a tautology if ψ valid for every mode. Write = ψ ψ 1 logically equivalent to ψ 2 if for all structures S and assignments a, a = S ψ 1 iff a = S ψ 2 Assignment {x 0} satisfies y.x < y valid in interval [0, 1]; assignment {x 1} doesn t x. y.x < y valid in N and R, but not interval [0, 1] ( x. y.(y x)) ( y. x.(y x)) tautology Why? Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 13 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 14 / 33

Sample Tautologies All instances of propositional tautologies Sample Tautologies All instances of propositional tautologies = ( x. y.(y x)) ( y. x.(y x)) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 15 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 15 / 33 Sample Tautologies All instances of propositional tautologies = ( x. y.(y x)) ( y. x.(y x)) Sample Tautologies All instances of propositional tautologies = ( x. y.(y x)) ( y. x.(y x)) = (( x. y.ψ) ( y. x.ψ)) = (( x. y.ψ) ( y. x.ψ)) = (( x.ψ) ( x.ψ)) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 15 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 15 / 33 Sample Tautologies All instances of propositional tautologies = ( x. y.(y x)) ( y. x.(y x)) Sample Tautologies All instances of propositional tautologies = ( x. y.(y x)) ( y. x.(y x)) = (( x. y.ψ) ( y. x.ψ)) = (( x. y.ψ) ( y. x.ψ)) = (( x.ψ) ( x.ψ)) = (( x.ψ) ( x.ψ)) = ( x.ψ 1 ψ 2 ) (( x.ψ 1 ) ( x.ψ 2 )) = ( x.ψ 1 ψ 2 ) (( x.ψ 1 ) ( x.ψ 2 )) ( x.ψ 1 ψ 2 ) (( x.ψ 1 ) ( x.ψ 2 )) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 15 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 15 / 33

Free Variables: Terms Free Variables: Formulae Informally: free variables of a expression are variables that have an occurrence in an expression that is not bound. Written fv(e) for expression e Free variables of terms defined by structural induction over terms; written Note: fv(x) = {x} fv(f (t 1,..., t n ) = i=1,...,n fv(t i) Free variables of term just variables occurring in term; no bound variables No free variables in constants fv(add(1, abs(x))) = {x} Defined by structural induction on formulae; uses fv on terms fv(true) = fv(false) = fv(r(t 1,..., t n )) = i=1,...,n fv(t i) fv(ψ 1 ψ 2 ) = fv(ψ 1 ψ 2 ) = fv(ψ 1 ψ 2 ) = fv(ψ 1 ψ 2 ) = (fv(ψ 1 ) fv(ψ 2 )) fv( v. ψ) = fv( v. ψ) = (fv(ψ) \ {v}) Variable occurrence at quantifier are binding occurrence Occurrence that is not free and not binding is a bound occurrence fv(x > 3 ( y. ( z. z (y x)) (z y))) = {x, z} Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 16 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 17 / 33 Free Variables, Assignments and Interpretation Syntactic Substitution versus Assignment Update Theorem Assume given structure S = (G, D, F, φ, R, ρ), term t over G, and a and b assignments. If for every x fv(t) we have a(x) = b(x) then T a (t) = T b (a). Theorem Assume given structure S = (G, D, F, φ, R, ρ), formula ψ over G, and a and b assignments. If for every x fv(ψ) we have a(x) = b(x) then M a (ψ) = M b (ψ). When interpreting universal quantification ( x. ψ), wanted to check interpretation of every instance of ψ where v was replaced by element of semantic domain D How: semantically - interpret ψ with assignment updated by v d for every d D Syntactically? Answer: substitution Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 18 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 19 / 33 Substitution in Terms Substitution in Formulae: Problems Substitution of term t for variable x in term s (written s[t/x]) gotten by replacing every instance of x in s by t x called redex; t called residue Yields instance of s Formally defined by structural induction on terms: x[t/x] = t y[t/x] = y for variable y where y x f (t 1,..., t n )[t/x] = f (t 1 [t/x],..., t n [t/x]) (add(1, abs(x)))[add(x, y)/x] = add(1, abs(add(x, y))) Want to define by structural induction, similar to terms Quantifiers must be handled with care Substitution only replaces free occurrences of variable (x > 3 ( y. ( z. z (y x)) (z y)))[x + 2/z] = (x > 3 ( y. ( z. z (y x)) (x + 2 y))) Need to avoid free variable capture Problem: (x > 3 ( y. ( z. z (y x)) (z y)))[x + y/z] (x > 3 ( y. ( z. z (y x)) (x + y y))) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 20 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 21 / 33

Substitution in Formulae: Two Approaches Theorem Assume given structure S = (G, D, F, φ, R, ρ), variable x, terms s and t over G, and a assignment. Let b = a[x T a (t)]. Then T a (s[t/x]) = T b (s). When quantifier would capture free variable of redex, can t substitute in formula as is Solution 1: Make substitution partial function undefined in this case Solution 2: Define equivalence relation based on renaming bound variables; define substitution on equivalence classes Will take Solution 1 here Still need definition of equivalence up to renaming bound variables Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 22 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 23 / 33 Substitution in Formulae Substitution in Formulae Defined by structural induction; uses substitution in terms Read equations below as saying left is not defined if any expression on right not defined true[t/x] = true false[t/x] = false r(t 1,..., t n )[t/x] = r((t 1 [t/x],..., t n [t/x])) (ψ)[t/x] = (ψ[t/x]) ( ψ)[t/x] = (ψ[t/x]) (ψ 1 ψ 2 )[t/x] = (ψ 1 [t/x]) (ψ 2 [t/x]) for {,,, } (Q x. ψ)[t/x] = Q x. ψ for Q {, } (Q y. ψ)[t/x] = Q y. (ψ[t/x]) if x y and y / fv(t) for Q {, } (Q y. ψ)[t/x] not defined if x y and y fv(t) for Q {, } s (x > 3 ( y. ( z. z (y x)) (z y)))[x + y/z] not defined (x > 3 ( w. ( z. z (w x)) (z w)))[x + y/z] = (x > 3 ( w. ( z. z (w x)) ((x + y) y))) Theorem Assume given structure S = (G, D, F, φ, R, ρ), formula ψ over G, and a assignment. If ψ[t/x] defined, then a = S ψ[t/x] if and only if a[x T a (t)] = S ψ Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 24 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 25 / 33 Renaming by Swapping: Terms Renaming by Swapping: Terms Define the swapping of two variables in a term t[x y] by structural induction on terms: x[x y] = y and y[x y] = x z[x y] = z for z a variable, z x, z y f (t 1,..., t n )[x y] = f (t 1 [x y],..., t n [x y]) s: Theorem Assume given structure S = (G, D, F, φ, R, ρ), variables x and y, term t over G, and a assignment. Let b = a[x a(y)][y a(x)]. Then T a (t[x y]) = T b (t) add(1, abs(add(x, y)))[x y] = add(1, abs(add(y, x))) add(1, abs(add(x, y)))[x z] = add(1, abs(add(z, y))) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 26 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 27 / 33

Renaming by Swapping: Terms Renaming by Swapping: Terms Proof. By structural induction on terms, suffices to show theorem for the case where t variable, and case t = f (t 1,..., t n ), assuming result for t 1,..., t n Case: t variable Subcase: t = x. Then T a (x[x y]) = T a (y) = a(y) and T b (x) = b(x) = a[x a(y)][y a(x)](x) = a[x T a (y)](x) = a(y) so T a (t[x y]) = T b (t) Subcase: t = y. Then T a (y[x y]) = T a (x) = a(x) and T b (y) = b(y) = a[x a(y)][y a(x)](x) = a(x) so T a (t[x y]) = T b (t) Subcase: t = z variable, z x and z y. Then T a (z[x y]) = T a (z) = a(z) and T b (z) = b(z) = a[x a(y)][y a(x)](z) = a[x T a (y)](z) = a(z) so T a (t[x y]) = T b (t) Proof. Case: t = f (t 1,..., t n ). Assume T a (t i [x y]) = T b (t i ) for i = 1,..., n. Then T a (t[x y]) = T a (f (t 1,..., t n )[x y]) = T a (f (t 1 [x y],..., t n [x y])) = φ(f )(T a (t 1 [x y]),..., T a (t n [x y])) = φ(f )(T b (t 1 ),..., T b (t n )) since T a (t i [x y]) = T b (t i ) for i = 1,..., n = T b (f (t 1,..., t n )) = T b (t) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 28 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 29 / 33 Renaming by Swapping: Formulae Renaming by Swapping: Formulae Define the swapping of two variables in a formula ψ[x y] by structural induction, using swapping on terms: true[x y] = true false[x y] = false r(t 1,..., t n )[x y] = r((t 1 [x y],..., t n [x y])) (ψ)[x y] = (ψ[x y]) ( ψ)[x y] = (ψ[x y]) (ψ 1 ψ 2 )[x y] = (ψ 1 [x y]) (ψ 2 [x y]) for {,,, } (Q x. ψ)[x y] = Q y. (ψ[x y]) for Q {, } (Q y. ψ)[x y] = Q y. (ψ[x y]) for Q {, } (Q z. ψ)[x y] = Q z. (ψ[x y]) for z a variable with z x, z y, and Q {, } s (x > 3 ( y. ( z. z (y x)) (z y)))[x y] = (y > 3 ( x. ( z. z (x y)) (z x))) (x > 3 ( y. ( z. z (y x)) (z y)))[y z] (x > 3 ( y. ( z. z (y x)) (z y)))[y w] Theorem Assume given structure S = (G, D, F, φ, R, ρ), variables x and y, formula ψ over G, and a assignment. If x / fv(t) and y / fv(t) then ψ[x y] ψ Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 30 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 31 / 33 α-equivalence α-equivalence: ψ α ψ α α If ψ 1 ψ2 then ψ 2 ψ. α α α It ψ 1 ψ2 and ψ 2 ψ3 then ψ 1 ψ3 If x / fv(ψ) and y / fv(ψ) then ψ α ψ[x y]. α If ψ i ψ i for i = 1, 2 then (ψ 1 ) α (ψ 1 ) ψ 1 ψ 1 α ψ 1 ψ 2 ψ 1 ψ 2 for {,,, } α Q z. ψ 1 Q z. ψ 1 for Q {, } α (x > 3 ( y. ( z. z (y x)) (z y))) α (x > 3 ( w. ( z. z (w x)) (z w))) (x > 3 ( y. ( z. z (y x)) (z y))) α (x > 3 ( w. ( y. y (w x)) (z w))) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 32 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 33 / 33

Proof Rules Will give Sequent version of Natural Deduction rules All rules from Propositional Logic included Γ ψ [t/x] Γ x.ψ provided ψ α ψ Γ x.ψ Γ {(ψ[y/x])} ϕ Γ ϕ provided y / fv(ϕ) (fv(ψ) \ {x}) ψ Γ fv(ψ ) Γ ψ[y/x] Γ x.ψ provided y / (fv(ψ) \ {x}) ψ Γ fv(ψ ) Γ x.ψ Γ {ψ [t/x]} ϕ Γ ϕ provided ψ α ψ ( x. y. x y) ( x. y. y x) Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 34 / 33 ( x. y. x y) ( x. y. y x) {( x. y. x y)} ( x. y. x y) ( x. y. y x) { x. y. x y} x. y. x y {( x. y. x y)} ( x. y. x y) ( x. y. y x) Hyp { x. y. x y} x. y. x y {( x. y. x y)} ( x. y. x y) ( x. y. y x)

; z x Hyp { x. y. x y} x. y. x y {( x. y. x y)} ( x. y. x y) ( x. y. y x) Hyp ; z x Hyp { x. y. x y} x. y. x y {( x. y. x y)} ( x. y. x y) ( x. y. y x) ; z x Hyp ; z x Hyp { x. y. x y} x. y. x y {( x. y. x y)} ( x. y. x y) ( x. y. y x) Hyp ; z x Hyp ; z x Hyp { x. y. x y} x. y. x y {( x. y. x y)} ( x. y. x y) ( x. y. y x) Let s try to show 1 Let s try to show 2 ( x. y. y x) ( x. y. x y) ( x. y. y x) ( x. y. x y)

Let s try to show 3 Let s try to show 4 { x. y. y x} ( x. y. y x) ( x. y. x y) { x. y. y x} { x. y. y x} ( x. y. y x) ( x. y. x y) Let s try to show 5 Let s try to show 6 x. y. y x; { x. y. y x} x. y. y x y. y x { x. y. y x} { x. y. y x} ( x. y. y x) ( x. y. x y) Hyp { x. y. y x} x. y. y x x. y. y x; y. y x { x. y. y x} { x. y. y x} ( x. y. y x) ( x. y. x y) Let s try to show 7 Lab x. y. y x; Something y. y x; z x Hyp x. y. y x; { x. y. y x} x. y. y x y. y x { x. y. y x} { x. y. y x} ( x. y. y x) ( x. y. x y) Let s try to show 8 Hyp Lab x. y. y x; Something y. y x; z x Hyp x. y. y x; { x. y. y x} x. y. y x y. y x { x. y. y x} { x. y. y x} ( x. y. y x) ( x. y. x y)

Let s try to show 9 Hyp Lab x. y. y x; Something y. y x; z x Hyp x. y. y x; { x. y. y x} x. y. y x y. y x { x. y. y x} { x. y. y x} ( x. y. y x) ( x. y. x y) Let s try to show 10 Hyp Lab x. y. y x; Something y. y x; z x Hyp x. y. y x; { x. y. y x} x. y. y x y. y x { x. y. y x} { x. y. y x} ( x. y. y x) ( x. y. x y) Floyd-Hoare Logic Also called Axiomatic Semantics Based on formal logic (first order predicate calculus) Logical system built from axioms and inference rules Mainly suited to simple imperative programming languages Ideas applicable quite broadly Floyd-Hoare Logic Used to formally prove a property (post-condition) of the state (the values of the program variables) after the execution of program, assuming another property (pre-condition) of the state holds before execution Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 37 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 38 / 33 Floyd-Hoare Logic Goal: Derive statements of form {P} C {Q} P, Q logical statements about state, P precondition, Q postcondition, C program Floyd-Hoare Logic Approach: For each type of language statement, give an axiom or inference rule stating how to derive assertions of form {P} C {Q} where C is a statement of that type Compose axioms and inference rules to build proofs for complex programs {x = 1} x := x + 1 {x = 2} Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 39 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 40 / 33

Partial vs Total Correctness Simple Imperative Language An expression {P} C {Q} is a partial correctness statement For total correctness must also prove that C terminates (i.e. doesnt run forever) Written: [P] C [Q] Will only consider partial correctness here We will give rules for simple imperative language command ::= variable := term command ;... ; command if statement then command else command while statement do command Could add more features, like for-loops Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 41 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 42 / 33 Substitution The Assingment Rule Notation: P[e/v] (sometimes P[v e]) Meaning: Replace every v in P by e (x + 2)[y 1/x] = ((y 1) + 2) {P[e/x]} x := e {P} {? } x := y { x = 2 } Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 43 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 44 / 33 The Assingment Rule The Assingment Rule {P[e/x]} x := e {P} { = 2} x := y { x = 2 } {P[e/x]} x := e {P} { x = 2} x := y { x = 2 } Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 44 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 44 / 33

The Assingment Rule The Assignment Rule Your Turn s: {P[e/x]} x := e {P} {y = 2} x := y {x = 2} What is the weakest precondition of x := x + y { x + y = wx }? {y = 2} x := 2 {y = x} {x + 1 = n + 1} x := x + 1 {x = n + 1} {? } x := x + y { x + y = wx } {2 = 2} x := 2 {x = 2} Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 45 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 46 / 33 The Assignment Rule Your Turn Precondition Strengthening What is the weakest precondition of x := x + y { x + y = wx }? { (x + y) + y = w(x + y) } x := x + y { x + y = wx } (P P ) {P } C {Q} {P} C {Q} Meaning: If we can show that P implies P (i.e. (P P ) and we can show that {P} C {Q}, then we know that {P} C {Q} P is stronger than P means P P Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 46 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 47 / 33 Precondition Strengthening Which Inferences Are Correct? s: x = 3 x < 7 {x < 7} x := x + 3 {x < 10} {x = 3} x := x + 3 {x < 10} True (2 = 2) {2 = 2} x := 2 {x = 2} {True} x := 2 {x = 2} x = n x + 1 = n + 1 {x + 1 = n + 1} x := x + 1 {x = n + 1} {x = n} x := x + 1 {x = n + 1} {x x < 25} x := x x {x < 25} Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 48 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 49 / 33

Which Inferences Are Correct? Which Inferences Are Correct? YES {x x < 25} x := x x {x < 25} YES NO {x x < 25} x := x x {x < 25} Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 49 / 33 Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 49 / 33 Which Inferences Are Correct? YES NO {x x < 25} x := x x {x < 25} YES Elsa L Gunter CS477 Formal Software Dev Methods February 16, 2018 49 / 33

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback