06: Truth & Proof 15-424: Foundations of Cyber-Physical Systems Andr´ e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 1 / 13
Outline Learning Objectives 1 Sequent Calculus 2 Propositional Example Proof Dynamics Example Proof Taming Arithmetic Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 2 / 13
Outline Learning Objectives 1 Sequent Calculus 2 Propositional Example Proof Dynamics Example Proof Taming Arithmetic Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 2 / 13
Learning Objectives Truth & Proof systematic reasoning for CPS verifying CPS models at scale pragmatics: how to use axiomatics to justify truth structure of proofs and their arithmetic CT M&C CPS discrete+continuous relation analytic skills for CPS with evolution domains Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 3 / 13
Logical Trinity with Extra Leg Axiomatics Pragmatics Syntax Semantics Syntax defines the notation What problems are we allowed to write down? Semantics what carries meaning. What real or mathematical objects does the syntax stand for? Axiomatics internalizes semantic relations into universal syntactic transformations. Pragmatics how to use axiomatics to justify syntactic rendition of semantical concepts. How to do a proof? Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 4 / 13
Outline Learning Objectives 1 Sequent Calculus 2 Propositional Example Proof Dynamics Example Proof Taming Arithmetic Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 4 / 13
Sequent Calculus Definition (Sequent) Γ ⊢ ∆ has the same meaning as � P ∈ Γ P → � Q ∈ ∆ Q . The antecedent Γ and succedent ∆ are finite sets of d L formulas. Definition (Soundness of sequent calculus proof rules) Γ 1 ⊢ ∆ 1 Γ n ⊢ ∆ n . . . Γ ⊢ ∆ is sound iff validity of all premises implies validity of conclusion: If � (Γ 1 ⊢ ∆ 1 ) and . . . and � (Γ n ⊢ ∆ n ) then � (Γ ⊢ ∆) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 5 / 13
Sequent Calculus Definition (Sequent) Γ ⊢ ∆ has the same meaning as � P ∈ Γ P → � Q ∈ ∆ Q . The antecedent Γ and succedent ∆ are finite sets of d L formulas. Definition (Soundness of sequent calculus proof rules) � construct proofs Γ 1 ⊢ ∆ 1 Γ n ⊢ ∆ n . . . Γ ⊢ ∆ is sound iff validity of all premises implies validity of conclusion: If � (Γ 1 ⊢ ∆ 1 ) and . . . and � (Γ n ⊢ ∆ n ) then � (Γ ⊢ ∆) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 5 / 13
Sequent Calculus Definition (Sequent) Γ ⊢ ∆ has the same meaning as � P ∈ Γ P → � Q ∈ ∆ Q . The antecedent Γ and succedent ∆ are finite sets of d L formulas. Definition (Soundness of sequent calculus proof rules) � construct proofs Γ 1 ⊢ ∆ 1 Γ n ⊢ ∆ n validity transfers . . . Γ ⊢ ∆ � is sound iff validity of all premises implies validity of conclusion: If � (Γ 1 ⊢ ∆ 1 ) and . . . and � (Γ n ⊢ ∆ n ) then � (Γ ⊢ ∆) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 5 / 13
Developed on the board: 1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules See lecture notes for details [1]. Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 6 / 13
Simple Propositional Example Proof in Sequent Calculus → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Simple Propositional Example Proof in Sequent Calculus ∧ R v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Simple Propositional Example Proof in Sequent Calculus ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∨ R v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) ∨ v 2 ≤ 10 ∧ R v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Simple Propositional Example Proof in Sequent Calculus ?? v 2 ≤ 10 , b > 0 ⊢ b > 0 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∨ R v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) ∨ v 2 ≤ 10 ∧ R v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Simple Propositional Example Proof in Sequent Calculus ∗ ?? v 2 ≤ 10 , b > 0 ⊢ b > 0 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∨ R v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) ∨ v 2 ≤ 10 ∧ R v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Simple Propositional Example Proof in Sequent Calculus ∗ ?? v 2 ≤ 10 , b > 0 ⊢ b > 0 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) , v 2 ≤ 10 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∨ R v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) ∨ v 2 ≤ 10 ∧ R v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Simple Propositional Example Proof in Sequent Calculus ?? v 2 ≤ 10 , b > 0 ⊢ ¬ ( v ≥ 0) , v 2 ≤ 10 ∗ ?? v 2 ≤ 10 , b > 0 ⊢ b > 0 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) , v 2 ≤ 10 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∨ R v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) ∨ v 2 ≤ 10 ∧ R v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Simple Propositional Example Proof in Sequent Calculus ∗ ?? v 2 ≤ 10 , b > 0 ⊢ ¬ ( v ≥ 0) , v 2 ≤ 10 ∗ ?? v 2 ≤ 10 , b > 0 ⊢ b > 0 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) , v 2 ≤ 10 ∧ L v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∨ R v 2 ≤ 10 ∧ b > 0 ⊢ ¬ ( v ≥ 0) ∨ v 2 ≤ 10 ∧ R v 2 ≤ 10 ∧ b > 0 ⊢ b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) → R ⊢ v 2 ≤ 10 ∧ b > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13
Developed on the board: 1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules See lecture notes for details [1]. Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 8 / 13
Developed on the board: 1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules See lecture notes for details [1]. Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 8 / 13
Simple Dynamics Example Proof in Sequent Calculus [;] ⊢ [ a := − b ; c := 10] v 2 ≤ 10 ∧ − a > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � � Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13
Simple Dynamics Example Proof in Sequent Calculus [:=] ⊢ [ a := − b ][ c := 10] v 2 ≤ 10 ∧ − a > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � � [;] ⊢ [ a := − b ; c := 10] v 2 ≤ 10 ∧ − a > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � � Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13
Simple Dynamics Example Proof in Sequent Calculus [:=] ⊢ [ c := 10] � v 2 ≤ 10 ∧ − ( − b ) > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � [:=] ⊢ [ a := − b ][ c := 10] v 2 ≤ 10 ∧ − a > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � � [;] ⊢ [ a := − b ; c := 10] v 2 ≤ 10 ∧ − a > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � � Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13
Simple Dynamics Example Proof in Sequent Calculus ⊢ v 2 ≤ 10 ∧ − ( − b ) > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ 10) [:=] ⊢ [ c := 10] � v 2 ≤ 10 ∧ − ( − b ) > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � [:=] ⊢ [ a := − b ][ c := 10] v 2 ≤ 10 ∧ − a > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � � [;] ⊢ [ a := − b ; c := 10] v 2 ≤ 10 ∧ − a > 0 → b > 0 ∧ ( ¬ ( v ≥ 0) ∨ v 2 ≤ c ) � � Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13
Recommend
More recommend