Using the Prover I: Lee Pike. June 3, NASA Langley Formal Methods Group Using the Prover I:

Similar documents
CHAPTER 10. Gentzen Style Proof Systems for Classical Logic

Formal Methods and Theorem Proving Using PVS

Comp487/587 - Boolean Formulas

Computational Logic. Davide Martinenghi. Spring Free University of Bozen-Bolzano. Computational Logic Davide Martinenghi (1/30)

Notes on Inference and Deduction

Computational Logic for Computer Science

Propositional Logic: Models and Proofs

Deductive Systems. Lecture - 3

Chapter 11: Automated Proof Systems (1)

02 Propositional Logic

Announcements. CS311H: Discrete Mathematics. Propositional Logic II. Inverse of an Implication. Converse of a Implication

Truth-Functional Logic

Fundamentals of Software Engineering

Chapter 11: Automated Proof Systems

Natural Deduction. Formal Methods in Verification of Computer Systems Jeremy Johnson

Lecture 10: Gentzen Systems to Refinement Logic CS 4860 Spring 2009 Thursday, February 19, 2009

Logical Inference. Artificial Intelligence. Topic 12. Reading: Russell and Norvig, Chapter 7, Section 5

Propositional Logic: Methods of Proof (Part II)

Logical Agents. Chapter 7

Intelligent Agents. Pınar Yolum Utrecht University

Announcements. CS243: Discrete Structures. Propositional Logic II. Review. Operator Precedence. Operator Precedence, cont. Operator Precedence Example

3 Propositional Logic

EE562 ARTIFICIAL INTELLIGENCE FOR ENGINEERS

Software Engineering using Formal Methods

Propositional Logic: Methods of Proof (Part II)

Fundamentals of Software Engineering

Overview. I Review of natural deduction. I Soundness and completeness. I Semantics of propositional formulas. I Soundness proof. I Completeness proof.

Natural Deduction for Propositional Logic

CS:4420 Artificial Intelligence

The Calculus of Computation: Decision Procedures with Applications to Verification. Part I: FOUNDATIONS. by Aaron Bradley Zohar Manna

Lecture Notes on Proofs & Arithmetic

Propositional Logic: Methods of Proof. Chapter 7, Part II

Propositional Logic. CS 3234: Logic and Formal Systems. Martin Henz and Aquinas Hobor. August 26, Generated on Tuesday 31 August, 2010, 16:54

Computation and Logic Definitions

Knowledge base (KB) = set of sentences in a formal language Declarative approach to building an agent (or other system):

Propositional Logic: Part II - Syntax & Proofs 0-0

Decision Procedures for Satisfiability and Validity in Propositional Logic

CS156: The Calculus of Computation

Principles of AI Planning

Formal (natural) deduction in propositional logic

Applied Logic for Computer Scientists. Answers to Some Exercises

Lecture Notes on SAT Solvers & DPLL

Class Assignment Strategies

LOGIC PROPOSITIONAL REASONING

The Importance of Being Formal. Martin Henz. February 5, Propositional Logic

Propositional Calculus: Formula Simplification, Essential Laws, Normal Forms

Linear Temporal Logic (LTL)

Automated Program Verification and Testing 15414/15614 Fall 2016 Lecture 2: Propositional Logic

Logical agents. Chapter 7. Chapter 7 1

Manual of Logical Style (fresh version 2018)

Co-simulation of embedded systems: a PVS-Simulink integrated environment

Part 1: Propositional Logic

Part Two: The Basic Components of the SOFL Specification Language

Title: Logical Agents AIMA: Chapter 7 (Sections 7.4 and 7.5)

Topic 1: Propositional logic

Logical Agents. Outline

Rule-Based Classifiers

Semantics and Pragmatics of NLP

15414/614 Optional Lecture 1: Propositional Logic

Artificial Intelligence. Propositional logic

Requirements Validation. Content. What the standards say (*) ?? Validation, Verification, Accreditation!! Correctness and completeness

Inference Methods In Propositional Logic

Advanced Topics in LP and FP

Induction on Failing Derivations

Chapter 7 R&N ICS 271 Fall 2017 Kalev Kask

Introduction to Intuitionistic Logic

A brief introduction to Logic. (slides from

6. Logical Inference

22c:145 Artificial Intelligence

Warm-Up Problem. Is the following true or false? 1/35

CS156: The Calculus of Computation Zohar Manna Autumn 2008

Propositional Logic. Fall () Propositional Logic Fall / 30

Knowledge representation DATA INFORMATION KNOWLEDGE WISDOM. Figure Relation ship between data, information knowledge and wisdom.

SE 212: Logic and Computation. se212 Nancy Day

Logic for Computer Science - Week 4 Natural Deduction

First-Order Theorem Proving and Vampire

Propositional logic. Programming and Modal Logic

Logical agents. Chapter 7. Chapter 7 1

Logic. Introduction to Artificial Intelligence CS/ECE 348 Lecture 11 September 27, 2001

Logic. proof and truth syntacs and semantics. Peter Antal

Principles of AI Planning

Inference Methods In Propositional Logic

Supplementary Logic Notes CSE 321 Winter 2009

Chapter 3 Deterministic planning

Introduction to Isabelle/HOL

Proof Methods for Propositional Logic

The TLA + proof system

TDT4136 Logic and Reasoning Systems

3 The Semantics of the Propositional Calculus

Propositional Logic and Semantics

Propositional Logic Resolution (6A) Young W. Lim 12/12/16

Artificial Intelligence Chapter 7: Logical Agents

Logic. Stephen G. Ware CSCI 4525 / 5525

Recitation 4: Eventful Tactical KeYmaera X Proofs /15-624/ Logical Foundations of Cyber-Physical Systems

CSCE 222 Discrete Structures for Computing. Propositional Logic. Dr. Hyunyoung Lee. !!!!!! Based on slides by Andreas Klappenecker

Propositional Logic: Evaluating the Formulas

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.1 Propositions and logical connectives. Truth tables and tautologies

2. The Logic of Compound Statements Summary. Aaron Tan August 2017

Logic for Computer Science - Week 2 The Syntax of Propositional Logic

Formalising the Completeness Theorem of Classical Propositional Logic in Agda (Proof Pearl)

Transcription:

Basic Basic NASA Langley Formal Methods Group lee.s.pike@nasa.gov June 3, 2005

Basic

Sequents Basic Sequent semantics: The conjunction of the antecedents above the turnstile implies the disjunction of consequents. {-1} (p => q) antecedent {-2} p antecedent turnstile {1} q consequent {2} r consequent Thus, p => q and p entail either q or r.

Why Sequents? Basic There are many ways to represent proof information. Sequents are attractive because They ease the representation of subproofs. They ease the mechanization of proofs, where possible. They maintain a global picture of the proof at each step. That is, many of the formulas will be irrelevant in a given proof step, but they may be used later.

Terminal Sequents Basic A PVS proof is a sequence of commands to manipulate sequents. The commands transform sequents into new sequents in correctness-preserving ways. Goal: transform the sequent into a terminal sequent one PVS obviously recognizes as being valid. An antecedent is false. A consequent is true. The same formula is both an antecedent and a consequent. Sanity check: Why are these obviously valid?

On the Prover s Lisp-Based Notation Basic Proof commands take the form of Lisp S-expressions. : (flatten), (split -1), (expand "fib") invoke prover rules or strategies. Arguments are typically numbers or strings.

Prover Command Documentation Basic Documentation for each proof command describes its syntax Syntax Possible invocations (copy fnum) (copy 2) (copy -3) (skosimp &optional (skosimp) (skosimp -3) (fnum *) preds?) (skosimp + t) (induct var &optional (induct "n") (induct "n" 2) (fnum 1) name) (induct "n" :name "NAT induction") (hide &rest fnums) (hide) (hide 2) (hide -) (hide -3-4 1 2) (hide -2 +)

Help Basic Prover has a single help command: Syntax: (help &optional name) Provides a short description of each prover command Also a GUI based interface: M-x x-prover-commands Example: Rule? (help flatten) (flatten &rest fnums): Disjunctively simplifies chosen formulas. It eliminates any top-level antecedent conjunctions, equivalences, and negations, and succedent disjunctions, implications, and negations from the sequent.

Control Basic The prover provides several commands for control flow. Leaving the prover and terminating current proof: Syntax: (quit) Undoing one or more proof steps: Syntax: (undo &optional to) Undoes effects of recent proof steps and restores an earlier state Can undo a specified number of steps or to a specific label in the proof tree. Example: (undo 3) undoes previous 3 steps. Prunes the proof tree (deletes parallel branches). Limited redo capability: (undo undo) undoes last undo.

Changing Branches in a Proof It is possible to defer work on one branch and pursue another. Postponing the current proof branch: Syntax: (postpone &optional print?) Places current goal on parent s list of pending subgoals Brings up next unproved subgoal as the current goal The Emacs command M-x siblings shows the sibling subgoals of the current goal in a separate emacs buffer. Basic Sample proof tree: ("" (split) (("1" (flatten) (skosimp*) (inst?)) ("2" (flatten) (skosimp*) (inst?))))

Propositional Rules Basic Several commands are available to manipulate the current sequent. Sequent flattening is the most basic operation: Syntax: (flatten &rest fnums) Normally applied to entire sequent (no fnums given) Sequent splitting is the dual operation: Syntax: (split &optional (fnum *) depth) Splits the current goal into two or more subgoals for each specified formula Causes branching in the proof tree It s generally preferable to postpone splitting to reduce proof size

Where to Apply the Rules Basic Both the logical operator and the location of the formula in the sequent determine the appropriate rule to apply. Top-level logical connective Location OR, => AND, IFF Antecedent use (split) use (flatten) Consequent use (flatten) use (split)

Disjunctive vs. Conjunctive Form Basic Formulas involving NOT and IF are handled the same way regardless of which part of the sequent they appear: Location NOT IF... THEN... ELSE Any use (flatten) use (split) Prover normally flattens negated formulas automatically.

PVS Theory for We will be using a simple PVS theory to illustrate basic prover commands: %%% and exercises for basic prover commands Basic prover_basic: THEORY BEGIN p,q,r: bool. % Propositional constants prop_0: LEMMA ((p => q) AND p) => q prop_1: LEMMA NOT (p OR q) IFF (NOT p AND NOT q) prop_2: LEMMA ((p => q) => (p AND q)) IFF ((NOT p => q) AND (q => p)). fools_lemma: FORMULA ((p OR q) AND r) => (p AND (q AND r))

Completing a Simple Proof prop_0 : {1} ((p => q) AND p) => q Rule? (flatten) Applying disjunctive simplification to flatten sequent, this simplifies to: prop_0 : {-1} (p => q) {-2} p {1} q Basic Note that there is still only one goal. Proof tree is still linear (undo n) will undo n steps

Completing a Simple Proof (Cont d) Now we cause the proof tree to branch: Rule? (split) Splitting conjunctions, this yields 2 subgoals: prop_0.1 : {-1} q [-2] p [1] q Basic which is trivially true. This completes the proof of prop_0.1. Proof branched, another goal remains. Prover automatically moves to the next remaining goal. (undo n) will undo n steps along path to root.

Completing a Simple Proof (Cont d) Basic prop_0.2 : [-1] p {1} p [2] q which is trivially true. This completes the proof of prop_0.2. Q.E.D. Complete proof tree, showing two subgoals after splitting: ("" (flatten) (split) (("1" (propax)) ("2" (propax))))

A Second Proof Half of associativity of AND: prop_1 : {1} ((p AND q) AND r) => (p AND (q AND r)) Rule? (flatten) Applying disjunctive simplification to flatten sequent, this simplifies to: Basic prop_1 : {-1} p {-2} q {-3} r {1} (p AND (q AND r)) Again, splitting is required.

Second Proof (Cont d) Rule? (split) Splitting conjunctions, this yields 3 subgoals: prop_1.1 : [-1] p [-2] q [-3] r {1} p which is trivially true. This completes the proof of prop_1.1. Basic prop_1.2 : [-1] p [-2] q [-3] r {1} q which is trivially true.

Second Proof (Cont d) This completes the proof of prop_1.2. prop_1.3 : [-1] p [-2] q [-3] r {1} r which is trivially true. Basic This completes the proof of prop_1.3. Q.E.D. Proof tree: ("" (flatten) (split) (("1" (propax)) ("2" (propax)) ("3" (propax))))

A Slightly Longer Proof (De Morgan s Law) Basic prop_2 : {1} NOT (p OR q) IFF (NOT p AND NOT q) Rule? (flatten) No change on: (FLATTEN) prop_2 : {1} NOT (p OR q) IFF (NOT p AND NOT q)

A Slightly Longer Proof (De Morgan s Law) Basic Now, flatten doesn t work here, need split! Rule? (split) Splitting conjunctions, this yields 2 subgoals: prop_2.1 : {1} NOT (p OR q) IMPLIES (NOT p AND NOT q)

Longer Proof (Cont d) Rule? (flatten) Applying disjunctive simplification to flatten sequent, this simplifies to: prop_2.1 : {1} p {2} q {3} (NOT p AND NOT q) Rule? (split) Splitting conjunctions, this yields 2 subgoals: Basic prop_2.1.1 : {-1} p [1] p [2] q which is trivially true. This completes the proof of prop_2.1.1.

Longer Proof (Cont d) Basic prop_2.1.2 : {-1} q [1] p [2] q which is trivially true. This completes... prop_2.1.2,... prop_2.1.

Longer Proof (Cont d) Basic prop_2.2 : {1} (NOT p AND NOT q) IMPLIES NOT (p OR q) Rule? (flatten) Applying disjunctive simplification to flatten sequent, this simplifies to: prop_2.2 : {-1} (p OR q) {1} p {2} q

Longer Proof (Cont d) Rule? (split) Splitting conjunctions, this yields 2 subgoals: prop_2.2.1 : {-1} p [1] p [2] q which is trivially true. This completes the proof of prop_2.2.1. Basic prop_2.2.2 : {-1} q [1] p [2] q which is trivially true. This completes... prop_2.2.2,... prop_2.2. Q.E.D.

What Happens When the Formula is not a Theorem? Basic fools_lemma : {1} ((p OR q) AND r) => (p AND (q AND r)) Rule? (flatten) Applying disjunctive simplification to flatten sequent, this simplifies to: fools_lemma : {-1} (p OR q) {-2} r {1} (p AND (q AND r)) It s starting to look suspicious.

Impossible Proof (Cont d) Basic Rule? (split) Splitting conjunctions, this yields 2 subgoals: fools_lemma.1 : {-1} p [-2] r [1] (p AND (q AND r)) Rule? (postpone) Postponing fools_lemma.1. fools_lemma.2 : {-1} q [-2] r [1] (p AND (q AND r))

Impossible Proof (Cont d) Basic Rule? (split) Splitting conjunctions, this yields 3 subgoals: fools_lemma.2.1 : [-1] q [-2] r {1} p Rule? (quit) Do you really want to quit? (Y or N): y No hope. Give it up! Prover won t give up you decide

Propositional Simplification Basic A black-box rule for propositional simplification: Syntax: (prop) Invokes several lower level propositional rules to carry out a proof without showing intermediate steps Can generally complete a proof if only propositional reasoning is required

Equality Conversion Basic A rule to convert boolean equalities to IFF: Syntax: (iff &rest fnums) Converts equalities on boolean terms so that propositional reasoning can be applied to the two sides Example: convert (a < b) = (c < d) to (a < b) IFF (c < d)

Replacing Equalities Basic Antecedent equalities can be used for replacement/rewriting: Syntax: (replace fnum &optional (fnums *)...) Replaces term on LHS with RHS in target formulas Example: if formula -2 is x = 3 * PI / 2 (replace -2) Causes replacement for x throughout the entire sequent

User-Directed Splitting Basic A rule to force splitting based on user-supplied cases: Syntax: (case &rest formulas) Given n formulas A 1,..., A n case will split the current goal into n + 1 cases. Allows user-directed paths through the proof to be taken so branching can occur on conditions not apparent from the sequent itself Example: (case "n < 0" "n = 0") causes three cases to be examined corresponding to whether n is negative, zero, or positive (not negative and not zero).

Embedded IF-expressions Embedded IF-expressions must be lifted to the top (outermost operator) to enable splitting. Command to lift IF-expressions: Syntax: (lift-if &optional fnums (updates? t)). When several IFs are in the sequent, may need to be selective about which to choose. After lifting, split may be used. Effect of lift-if: Basic... f(if a THEN b ELSE c ENDIF)... becomes:... IF a THEN f(b) ELSE f(c) ENDIF... Repeated applications bring the IF to the top

Lemma Rules Basic The prover can be directed to import lemmas and other formulas. Lemmas can come from the containing theory, other user theories, PVS libraries, or the PVS prelude. Syntax: (lemma name &optional subst) Example: (lemma "div cancel2") Introduces a new antecedent. Free variables are bound by FORALL. Also: use and forward-chain

Lemma Rules Basic The prover can be directed to import lemmas and other formulas. Rewriting is a specialized way to use external formulas. Can (conditionally) rewrite terms in the sequent with equivalent terms. : (rewrite name &optional (fnums *)...), (rewrite-lemma lemma subst &optional (fnums *)...), and others Function applications can be expanded in place (a form of rewriting). Syntax: (expand name &optional (fnum *)...)

Graphical Proof Display Basic Current proof tree may be displayed during a proof. Command: M-x x-show-current-proof Tree is updated on each command Clicking on a node shows its sequent. Helpful for navigating during multiway or multilevel splits. Finished proof may also be displayed. Command: M-x x-show-proof Invoked outside of prover PostScript can be generated.

Summary Prover commands are S-expressions. Help is on the way: help and M-x x-prover-commands Do-over! undo No longer just professional wrestling moves: split and flatten Other propositional commands covered: prop, iff, replace, case, lift-if, etc. A little help from my friends: Basic lemma A picture is worth a thousand proof commands: M-x x-show-current-proof, and M-x x-show-proof

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback