Formal Methods for Java

Similar documents
Formal Methods for Java

Software Engineering using Formal Methods

Fundamentals of Software Engineering

Mathematical Logic. Reasoning in First Order Logic. Chiara Ghidini. FBK-IRST, Trento, Italy

Fundamentals of Software Engineering

Classical First-Order Logic

Outline. Formale Methoden der Informatik First-Order Logic for Forgetters. Why PL1? Why PL1? Cont d. Motivation

Outline. Overview. Syntax Semantics. Introduction Hilbert Calculus Natural Deduction. 1 Introduction. 2 Language: Syntax and Semantics

Propositional Logic Language

Decision Procedures. Jochen Hoenicke. Software Engineering Albert-Ludwigs-University Freiburg. Summer 2012

Relations to first order logic

Sequent calculus for predicate logic

03 Review of First-Order Logic

Propositional Logic: Deductive Proof & Natural Deduction Part 1

Propositional Logic: Models and Proofs


Propositional and Predicate Logic

Herbrand Theorem, Equality, and Compactness

Lecture 2: Syntax. January 24, 2018

An Introduction to Modal Logic III

Classical First-Order Logic

Propositional and Predicate Logic - VII

Lecture 1: Logical Foundations

Some consequences of compactness in Lukasiewicz Predicate Logic

Foundations of Artificial Intelligence


Foundations of Artificial Intelligence

ACLT: Algebra, Categories, Logic in Topology - Grothendieck's generalized topological spaces (toposes)

First Order Logic vs Propositional Logic CS477 Formal Software Dev Methods

First Order Logic (FOL) 1 znj/dm2017

Reasoning Under Uncertainty: Introduction to Probability

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

Lecture Notes on Data Abstraction

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Logik für Informatiker Logic for computer scientists. Induction

Lecture 11: Measuring the Complexity of Proofs

Advanced Topics in LP and FP

06 From Propositional to Predicate Logic

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms

PROOFS IN PREDICATE LOGIC AND COMPLETENESS; WHAT DECIDABILITY MEANS HUTH AND RYAN 2.3, SUPPLEMENTARY NOTES 2

Foundations of Artificial Intelligence

INTRODUCTION TO PREDICATE LOGIC HUTH AND RYAN 2.1, 2.2, 2.4

MAI0203 Lecture 7: Inference and Predicate Calculus

if t 1,...,t k Terms and P k is a k-ary predicate, then P k (t 1,...,t k ) Formulas (atomic formulas)

GS03/4023: Validation and Verification Predicate Logic Jonathan P. Bowen Anthony Hall

The Mother of All Paradoxes

Introduction to Logic in Computer Science: Autumn 2006

Přednáška 12. Důkazové kalkuly Kalkul Hilbertova typu. 11/29/2006 Hilbertův kalkul 1

Marie Duží

- Introduction to propositional, predicate and higher order logics

Nonclassical logics (Nichtklassische Logiken)

Overview. CS389L: Automated Logical Reasoning. Lecture 7: Validity Proofs and Properties of FOL. Motivation for semantic argument method

Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P.

ECE473 Lecture 15: Propositional Logic

15414/614 Optional Lecture 3: Predicate Logic

Chapter 11: Automated Proof Systems

Propositional Logic: Part II - Syntax & Proofs 0-0

Section 5 Circumscription. Subsection 5.1 Introducing Circumscription. TU Dresden, WS 2017/18 Introduction to Nonmonotonic Reasoning Slide 128

Logic: The Big Picture

Program Analysis Part I : Sequential Programs

3 Propositional Logic

Natural Deduction for Propositional Logic

Chapter 11: Automated Proof Systems (1)

Propositional and Predicate Logic - V

First-Order Logic. Chapter Overview Syntax

CHAPTER 2. FIRST ORDER LOGIC

Real-Time Systems. Lecture 15: The Universality Problem for TBA Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany

T Reactive Systems: Temporal Logic LTL

Automated Reasoning Lecture 5: First-Order Logic

3. Only sequences that were formed by using finitely many applications of rules 1 and 2, are propositional formulas.

First-Order Theorem Proving and Vampire

Preliminaries. Introduction to EF-games. Inexpressivity results for first-order logic. Normal forms for first-order logic

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel

Propositional logic (revision) & semantic entailment. p. 1/34

Intelligent Agents. First Order Logic. Ute Schmid. Cognitive Systems, Applied Computer Science, Bamberg University. last change: 19.

CS411 Notes 3 Induction and Recursion

Completeness for coalgebraic µ-calculus: part 2. Fatemeh Seifan (Joint work with Sebastian Enqvist and Yde Venema)

A Logic Primer. Stavros Tripakis University of California, Berkeley. Stavros Tripakis (UC Berkeley) EE 144/244, Fall 2014 A Logic Primer 1 / 35

First-Order Theorem Proving and Vampire. Laura Kovács (Chalmers University of Technology) Andrei Voronkov (The University of Manchester)

Dual-Intuitionistic Logic and Some Other Logics

The Lambek-Grishin calculus for unary connectives

Logical Abstract Domains and Interpretations

An application of computable continuous model theory to a question in proof theory

A Logic Primer. Stavros Tripakis University of California, Berkeley

Propositional Logic: Syntax

Informal Statement Calculus

Matching Logic: Syntax and Semantics

CSE507. Satisfiability Modulo Theories. Computer-Aided Reasoning for Software. Emina Torlak

1 Completeness Theorem for Classical Predicate

Independence-Friendly Cylindric Set Algebras

First-Order Logic (FOL)

Predicate Calculus. Formal Methods in Verification of Computer Systems Jeremy Johnson

Computation and Inference

Propositional and Predicate Logic - XIII

Completeness in the Monadic Predicate Calculus. We have a system of eight rules of proof. Let's list them:

Uniform Schemata for Proof Rules

Chapter 2: Basic Notions of Predicate Logic

Principles of Knowledge Representation and Reasoning

185.A09 Advanced Mathematical Logic

Lecture 03: Duration Calculus I

Transcription:

Formal Methods for Java Lecture 20: Sequent Calculus Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg January 15, 2013 Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 1 / 20

Runtime vs. Static Checking Runtime Checking finds bugs at run-time, tests for violation during execution, can check most of the JML, is done by jmlrac. Static Checking finds bugs at compile-time, proves that there is no violation, can check only parts of the JML, is done by ESC/Java or Jahob. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 2 / 20

The -Project Developed at University of Karlsruhe http://www.key-project.org/. Interactive Theorem Prover Theory specialized for Java(Card). Can generate proof-obligations from JML specification. Underlying theory: Sequent Calculus + Dynamic Logic Proofs are given manually. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 3 / 20

Sequent Calculus Definition (Sequent) A sequent is a formula where φ i, ψ i are formulae. The meaning of this formula is: φ 1,..., φ n = ψ 1,..., ψ m Why are sequents useful? Simple syntax and nice calculus φ 1... φ n ψ 1... ψ m Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 4 / 20

Example for Sequents q = y/x, r = y%x = x = 0, y = q x + r It is logically equivalent to the formula: q = y/x r = y%x x = 0 y = q x + r This is equivalent to the sequent = q = y/x r = y%x x = 0 y = q x + r Another equivalent sequent is: x 0, q = y/x, r = y%x = y = q x + r Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 5 / 20

The Empty Sequent What is the meaning of the following sequent? = This is equivalent to which is false. true = false Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 6 / 20

Sequent Calculus To prove a goal (a formula) with sequent calculus: Start with the goal at the bottom Use rules to derive formulas, s.t. formulas are sufficient to prove the goal, formulas are simpler. A proof node can be closed if it holds trivially. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 7 / 20

A Rule of Sequent Calculus Rule impl-right: Γ, φ =, ψ Γ =, φ ψ This rule is sound: implies Γ φ ψ Γ (φ ψ) Here and Γ stand for an arbitrary set of formulae. We abstract from order: rule is also applicable if φ ψ occur in the middle of the right-hand side, e.g.: χ 1, φ = χ 2, ψ, χ 3 χ 1 = χ 2, φ ψ, χ 3 Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 8 / 20

A Sequent Calculus Proof Axiom close: Γ, φ =, φ Rule and-left: Γ, φ, ψ = Γ, φ ψ = Let s prove that commutes: φ ψ ψ φ. Γ, φ =, ψ Rule impl-right: Γ =, φ ψ Γ =, φ Γ =, ψ Rule and-right: Γ =, φ ψ φ, ψ = ψ close φ, ψ = φ close and-right φ, ψ = ψ φ φ ψ = ψ φ and-left = φ ψ ψ φ impl-right Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 9 / 20

Sequent Calculus Logical Rules close: Γ, φ =, φ false: Γ, false = Γ =, φ not-left: Γ, φ = Γ, φ, ψ = and-left: Γ, φ ψ = Γ, φ = Γ, ψ = or-left: Γ, φ ψ = Γ =, φ Γ, ψ = impl-left: Γ, φ ψ = true: Γ =, true Γ, φ = not-right: Γ =, φ Γ =, φ Γ =, ψ and-right: Γ =, φ ψ Γ =, φ, ψ or-right: Γ =, φ ψ Γ, φ =, ψ impl-right: Γ =, φ ψ Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 10 / 20

Sequent Calculus All-Quantifier all-left: Γ, X φ(x ), φ(t) =, where t is some arbitrary term. Γ, X φ(x ) = This is sound because X φ(x ) implies φ(t). all-right: Γ =, φ(x 0 ) Γ =, X φ(x ), where x 0 is a fresh identifier. x 0 is called a Skolem constant. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 11 / 20

Sequent Calculus Quantifier The rules for the existential quantifier are dual: all-left: all-right: exists-left: exists-right: Γ, X φ(x ), φ(t) =, where t is some arbitrary term. Γ, X φ(x ) = Γ =, φ(x 0 ) Γ =, X φ(x ), where x 0 is a fresh identifier. Γ, φ(x 0 ) = Γ, X φ(x ) =, where x 0 is a fresh identifier. Γ =, X φ(x ), φ(t), where t is some arbitrary term. Γ =, X φ(x ) Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 12 / 20

Example: ( X φ(x )) ( X φ(x )) Γ, φ = close: Γ, φ =, φ not-right: Γ =, φ or-right: Γ =, φ, ψ Γ =, φ ψ Γ =, φ(x 0 ) all-right: Γ =, X φ(x ), where x 0 is a fresh identifier. exists-right: Γ =, X φ(x ), φ(t), where t is some arbitrary term. Γ =, X φ(x ) Let s prove ( X φ(x )) ( X φ(x )). φ(x 0 ) = φ(x 0 ), X φ(x ) close = φ(x 0 ), X φ(x ), φ(x 0 ) not-right exists-right = φ(x 0 ), X φ(x ) = X φ(x ), X φ(x ) all-right = X φ(x ) X φ(x ) or-right Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 13 / 20

Rules for equality eq-close: Γ =, t = t s = t, Γ[t/s] = [t/s] apply-eq: s = t, Γ = These rules suffice to prove x = y = y = x and x = y, y = z = x = z. x = y = x = x eq-close x = y = y = x apply-eq x = y, y = z = y = z close x = y, y = z = x = z apply-eq Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 14 / 20

Soundness and Completeness Theorem (Soundness and Completeness) The sequent calculus with the rules presented on the previous three slides is sound and complete Soundness: Only true facts can be proven with the calculus. Completeness: Every true fact can be proven with the calculus. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 15 / 20

Signature Definition (Signature) A signature Sig = (Func, Pred) is a tuple of sets of function and predicate symbols, where f /k Func if f is a function symbol with k parameters, p/k Pred if p is a predicate symbol with k parameters. A constant c/0 Func is a function without parameters. We assume there are infinitely many constants. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 16 / 20

Structures Definition (Structure) A structure M is a tuple (D, I). The domain D is an arbitrary non-empty set. The interpretation I assigns to each function symbol f /k Func of arity k a function I(f ) : D k D and each predicate symbol p/k Pred of arity k a function I(p) : D k {true, false}. The interpretation I(c) of a constant c/0 Func is an element of D. Let M = (D, I), c a constant and d D. With M[c := d] we denote the structure (D, I ), where I (c) = d and I (f ) = I(f ) for all other function symbols f and I (p) = I(p) for all predicate symbols p. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 17 / 20

Semantics of Terms and Formulas Let M = (D, I) be a structure. The semantics M[[t]] of a term t is defined inductively by M[[f (t 1,..., t k )]] = I(f )(M[[t 1 ]],..., M[[t k ]]), in particular M[[c]] = I(c). The semantics of formula φ, M[[φ]] {true, false}, is defined by M[[p(t 1,..., t k )]] = I(p)(M[[t 1 ]],..., M[[t k ]]). M[[s = t]] = true, iff M[[s]] = M[[t]]. { true if M[[φ]] = true and M[[ψ]] = true, M[[φ ψ]] = false otherwise. M[[φ ψ]], M[[φ ψ]], and M[[ φ]], analogously. M[[ X φ(x )]] = true, iff for all d D: M[x 0 := d][[φ(x 0 )]] = true, where x 0 is a constant not occuring in φ. M[[ X φ(x )]] = true, iff there is some d D with M[x 0 := d][[φ(x 0 )]] = true, where x 0 is a constant not occuring in φ. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 18 / 20

Models and Tautologies Definition (Model) A structure M is a model of a sequent φ 1,..., φ n = ψ 1,..., ψ m if M[[φ i ]] = false for some 1 i n, or if M[[ψ j ]] = true for some 1 j m. We say that the sequent holds in M. A sequent φ 1,..., φ n = ψ 1,..., ψ m is a tautology, if all structures are models of this sequent. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 19 / 20

Soundness Definition (Soundness) A calculus is sound, iff every formula F for which a proof exists is a tautology. We write F to indicate that a proof for F exists. We write = F to indicate that F is a tautology. Jochen Hoenicke (Software Engineering) Formal Methods for Java January 15, 2013 20 / 20

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback