Formal Methods for Java

Similar documents
Formal Methods for Java

Classical First-Order Logic

Software Engineering using Formal Methods

Sequent calculus for predicate logic

Fundamentals of Software Engineering

Propositional Logic Language

Fundamentals of Software Engineering

Outline. Formale Methoden der Informatik First-Order Logic for Forgetters. Why PL1? Why PL1? Cont d. Motivation

Classical First-Order Logic

Mathematical Logic. Reasoning in First Order Logic. Chiara Ghidini. FBK-IRST, Trento, Italy

Propositional and Predicate Logic

Decision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Summer 2012


Logik für Informatiker Logic for computer scientists. Induction

ACLT: Algebra, Categories, Logic in Topology - Grothendieck's generalized topological spaces (toposes)

Přednáška 12. Důkazové kalkuly Kalkul Hilbertova typu. 11/29/2006 Hilbertův kalkul 1

Propositional Logic: Deductive Proof & Natural Deduction Part 1

First Order Logic (FOL) 1 znj/dm2017

Outline. Overview. Syntax Semantics. Introduction Hilbert Calculus Natural Deduction. 1 Introduction. 2 Language: Syntax and Semantics

The Mother of All Paradoxes

Lecture 2: Syntax. January 24, 2018

Chapter 11: Automated Proof Systems

Lecture 11: Measuring the Complexity of Proofs

Chapter 11: Automated Proof Systems (1)

03 Review of First-Order Logic

Reasoning Under Uncertainty: Introduction to Probability

Real-Time Systems. Lecture 15: The Universality Problem for TBA Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany

Lecture 1: Logical Foundations

An Introduction to Modal Logic III

Propositional and Predicate Logic - V

Conjunction: p q is true if both p, q are true, and false if at least one of p, q is false. The truth table for conjunction is as follows.


Foundations of Artificial Intelligence

Foundations of Artificial Intelligence

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

Warm-Up Problem. Let be a Predicate logic formula and a term. Using the fact that. (which can be proven by structural induction) show that 1/26

Section 5 Circumscription. Subsection 5.1 Introducing Circumscription. TU Dresden, WS 2017/18 Introduction to Nonmonotonic Reasoning Slide 128

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Handout: Proof of the completeness theorem

MAI0203 Lecture 7: Inference and Predicate Calculus

ECE473 Lecture 15: Propositional Logic

Propositional Logic: Models and Proofs

Relations to first order logic

Automated Reasoning Lecture 5: First-Order Logic

GS03/4023: Validation and Verification Predicate Logic Jonathan P. Bowen Anthony Hall

Propositional and Predicate Logic - VII

if t 1,...,t k Terms and P k is a k-ary predicate, then P k (t 1,...,t k ) Formulas (atomic formulas)

Informal Statement Calculus

Marie Duží

Some consequences of compactness in Lukasiewicz Predicate Logic

Predicate Logic: Sematics Part 1

Completeness for coalgebraic µ-calculus: part 2. Fatemeh Seifan (Joint work with Sebastian Enqvist and Yde Venema)

INTRODUCTION TO PREDICATE LOGIC HUTH AND RYAN 2.1, 2.2, 2.4

Foundations of Artificial Intelligence

Introduction to Logic in Computer Science: Autumn 2006

First-Order Logic. Chapter Overview Syntax

- Introduction to propositional, predicate and higher order logics

Dual-Intuitionistic Logic and Some Other Logics

Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P.

Mathematics for linguists

Herbrand Theorem, Equality, and Compactness

PREDICATE LOGIC: UNDECIDABILITY AND INCOMPLETENESS HUTH AND RYAN 2.5, SUPPLEMENTARY NOTES 2

Preliminaries. Introduction to EF-games. Inexpressivity results for first-order logic. Normal forms for first-order logic

Computation and Inference

Overview. CS389L: Automated Logical Reasoning. Lecture 7: Validity Proofs and Properties of FOL. Motivation for semantic argument method

Axiomatization of Typed First-Order Logic

Notation for Logical Operators:

02 Propositional Logic

Nonclassical logics (Nichtklassische Logiken)

TABLEAU SYSTEM FOR LOGIC OF CATEGORIAL PROPOSITIONS AND DECIDABILITY

Intelligent Agents. First Order Logic. Ute Schmid. Cognitive Systems, Applied Computer Science, Bamberg University. last change: 19.

Advanced Topics in LP and FP

First-Order Logic (FOL)

CHAPTER 2. FIRST ORDER LOGIC

A Cut-Free Calculus for Second-Order Gödel Logic

On the Craig interpolation and the fixed point

CS411 Notes 3 Induction and Recursion

185.A09 Advanced Mathematical Logic

Lecture 03: Duration Calculus I

Logic (3A) Young W. Lim 10/29/13

1 Completeness Theorem for Classical Predicate

A Tableau Calculus for Minimal Modal Model Generation

Between proof theory and model theory Three traditions in logic: Syntactic (formal deduction)

Propositional Logic: Part II - Syntax & Proofs 0-0

Mathematics 114L Spring 2018 D.A. Martin. Mathematical Logic

CHAPTER 10. Gentzen Style Proof Systems for Classical Logic

Learning Goals of CS245 Logic and Computation

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms

A Logic Primer. Stavros Tripakis University of California, Berkeley. Stavros Tripakis (UC Berkeley) EE 144/244, Fall 2014 A Logic Primer 1 / 35

CS589 Principles of DB Systems Fall 2008 Lecture 4e: Logic (Model-theoretic view of a DB) Lois Delcambre

3 Propositional Logic

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel

Lecture Notes on Data Abstraction

CS720 Class Notes. Steve Revilak

CSE507. Satisfiability Modulo Theories. Computer-Aided Reasoning for Software. Emina Torlak

First Order Logic Semantics (3A) Young W. Lim 9/17/17

AAA615: Formal Methods. Lecture 2 First-Order Logic

KRIPKE S THEORY OF TRUTH 1. INTRODUCTION

Logic (3A) Young W. Lim 11/2/13

Transcription:

Formal Methods for Java Lecture 12: Soundness of Sequent Calculus Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg June 12, 2017 Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 1 / 16

The -Project Developed at University of Karlsruhe http://www.key-project.org/. Interactive Theorem Prover Theory specialized for Java(Card). Can generate proof-obligations from JML specification. Underlying theory: Sequent Calculus + Dynamic Logic Proofs are given manually. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 2 / 16

Sequent Calculus Definition (Sequent) A sequent is a formula where φ i, ψ i are formulae. The meaning of this formula is: φ 1,..., φ n = ψ 1,..., ψ m φ 1... φ n ψ 1... ψ m Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 3 / 16

Sequent Calculus Logical Rules close: Γ, φ =, φ false: Γ, false = Γ =, φ not-left: Γ, φ = Γ, φ, ψ = and-left: Γ, φ ψ = Γ, φ = Γ, ψ = or-left: Γ, φ ψ = Γ =, φ Γ, ψ = impl-left: Γ, φ ψ = true: Γ =, true Γ, φ = not-right: Γ =, φ Γ =, φ Γ =, ψ and-right: Γ =, φ ψ Γ =, φ, ψ or-right: Γ =, φ ψ Γ, φ =, ψ impl-right: Γ =, φ ψ Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 4 / 16

Sequent Calculus Quantifier The rules for the existential quantifier are dual: all-left: all-right: exists-left: exists-right: Γ, X φ(x ), φ(t) =, where t is some arbitrary term. Γ, X φ(x ) = Γ =, φ(x 0 ) Γ =, X φ(x ), where x 0 is a fresh identifier. Γ, φ(x 0 ) = Γ, X φ(x ) =, where x 0 is a fresh identifier. Γ =, X φ(x ), φ(t), where t is some arbitrary term. Γ =, X φ(x ) Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 5 / 16

Rules for equality eq-close: Γ =, t = t apply-eq: s = t, Γ[t/s] = [t/s] s = t, Γ = Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 6 / 16

Soundness and Completeness Theorem (Soundness and Completeness) The sequent calculus with the rules presented on the previous three slides is sound and complete Soundness: Only true facts can be proven with the calculus. Completeness: Every true fact can be proven with the calculus. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 7 / 16

Signature A signature defines the constants, functions and predicates that can occur in a formula. Definition (Signature) A signature Sig = (Func, Pred) is a tuple of sets of function and predicate symbols, where f /k Func if f is a function symbol with k parameters, p/k Pred if p is a predicate symbol with k parameters. A constant c/0 Func is a function without parameters. We assume there are infinitely many constants. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 8 / 16

Structures A structure gives a meaning to the constants, functions and predicates. Definition (Structure) A structure M is a tuple (D, I). The domain D is an arbitrary non-empty set. The interpretation I assigns to each function symbol f /k Func of arity k a function I(f ) : D k D and each predicate symbol p/k Pred of arity k a function I(p) : D k {true, false}. The interpretation I(c) of a constant c/0 Func is an element of D. Let M = (D, I), c a constant and d D. With M[c := d] we denote the structure (D, I ), where I (c) = d and I (f ) = I(f ) for all other function symbols f and I (p) = I(p) for all predicate symbols p. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 9 / 16

Semantics of Terms and Formulas Let M = (D, I) be a structure. The semantics M[[t]] of a term t is defined inductively by M[[f (t 1,..., t k )]] = I(f )(M[[t 1 ]],..., M[[t k ]]), in particular M[[c]] = I(c). The semantics of formula φ, M[[φ]] {true, false}, is defined by M[[p(t 1,..., t k )]] = I(p)(M[[t 1 ]],..., M[[t k ]]). M[[s = t]] = true, iff M[[s]] = M[[t]]. { true if M[[φ]] = true and M[[ψ]] = true, M[[φ ψ]] = false otherwise. M[[φ ψ]], M[[φ ψ]], and M[[ φ]], analogously. M[[ X φ(x )]] = true, iff for all d D: M[x 0 := d][[φ(x 0 )]] = true, where x 0 is a constant not occuring in φ. M[[ X φ(x )]] = true, iff there is some d D with M[x 0 := d][[φ(x 0 )]] = true, where x 0 is a constant not occuring in φ. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 10 / 16

Models and Tautologies Definition (Model) A structure M is a model of a sequent φ 1,..., φ n = ψ 1,..., ψ m if M[[φ i ]] = false for some 1 i n, or if M[[ψ j ]] = true for some 1 j m. We say that the sequent holds in M. A sequent φ 1,..., φ n = ψ 1,..., ψ m is a tautology, if all structures are models of this sequent. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 11 / 16

Soundness Definition (Soundness) A calculus is sound, iff every formula F for which a proof exists is a tautology. We write F to indicate that a proof for F exists. We write = F to indicate that F is a tautology. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 12 / 16

Definition (Soundness of a rule) A rule F 1 F n G is sound, iff = F 1 and... and = F n imply = G. An axiom G is sound, iff G is a tautology, i.e., = G. Lemma A calculus is sound, if all of its rules and axioms are sound. Proof. By structural induction over the proof. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 13 / 16

Soundness of impl-left The rule Γ =, φ Γ, ψ = Γ, φ ψ = is sound: Assume Γ =, φ and Γ, ψ = are tautologies and M is an arbitrary structure. Prove that F := (Γ, φ ψ = ) holds in M. If one of the formulas in Γ is false in M, then F holds in M. Otherwise, from Γ =, φ it follows that φ or a formula in is true. If M[[φ]] = true and M[[ψ]] = false, then M[[φ ψ]] = false. Hence, F holds in M. If M[[φ]] = true and M[[ψ]] = true, then Γ, ψ = implies that a formula in is true. If a formula in is true, F holds in M. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 14 / 16

Soundness of exists-left exists-left: Γ, φ(x 0 ) = Γ, X φ(x ) =, where x 0 is a fresh identifier (constant). Assume Γ, φ(x 0 ) = is a tautology, where x 0 does not occur in Γ nor. Given an arbitrary structure M, prove that F := (Γ, X φ(x ) = ) holds in M. If one of the formulas in Γ is false in M, then F holds. If M[[ X φ(x )]] = false, then F holds in M. Otherwise, there is a d D such that M[x 0 := d][[φ(x 0 )]] = true. Also in M[x 0 := d], all formulas in Γ are true. Since Γ, φ(x 0 ) = is a tautology, some formula of is true in M[x 0 := d]. Since x 0 does not occur in, the formula is also true in the structure M. Therefore F holds in M. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 15 / 16

Completeness Theorem (Completeness) If a sequent F is a tautology, it can be proven. In this lecture we do not prove completeness. Jochen Hoenicke (Software Engineering) Formal Methods for Java June 12, 2017 16 / 16

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback