cs156 the calculus of computation
play

CS156: The Calculus of Computation The Calculus of Computation: - PowerPoint PPT Presentation

Textbook CS156: The Calculus of Computation The Calculus of Computation: Decision Procedures with Zohar Manna Applications to Verification Winter 2010 by It is reasonable to hope that the relationship between Aaron Bradley computation and


  1. Textbook CS156: The Calculus of Computation The Calculus of Computation: Decision Procedures with Zohar Manna Applications to Verification Winter 2010 by It is reasonable to hope that the relationship between Aaron Bradley computation and mathematical logic will be as fruitful Zohar Manna in the next century as that between analysis and physics in the last. The development of this relationship Springer 2007 demands a concern for both applications and mathematical elegance. John McCarthy A Basis for a Mathematical Theory of Computation , 1963 Page 1 of 50 Page 2 of 50 Topics: Overview 1. First-Order logic 2. Specification and verification 3. Satisfiability decision procedures Page 3 of 50 Page 4 of 50

  2. Part I: Foundations Part II: Decision Procedures 1. Propositional Logic 7. Quantified Linear Arithmetic Quantifier elimination for integers and rationals 2. First-Order Logic 8. Quantifier-Free Linear Arithmetic 3. First-Order Theories Linear programming for rationals 4. Induction 9. Quantifier-Free Equality and Data Structures 5. Program Correctness: Mechanics 10. Combining Decision Procedures Inductive assertion method, Ranking function method Nelson-Oppen combination method 11. Arrays More than quantifier-free fragment Page 5 of 50 Page 6 of 50 Motivation I CS156: The Calculus of Decision Procedures are algorithms to decide formulae. These formulae can arise Computation ◮ in software verification. ◮ in hardware verification Zohar Manna Winter 2010 Consider the following program: for @ ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) Motivation ( int i := ℓ ; i ≤ u ; i := i + 1) { if ( a [ i ] = e ) rv := true ; } How can we decide whether the formula is a loop invariant? Page 7 of 50 Page 8 of 50

  3. Motivation II Motivation III Prove: (Path 1) Path 2: assume ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) assume ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) assume i ≤ u assume i ≤ u assume a [ i ] = e assume a [ i ] � = e rv := true ; i := i + 1 i := i + 1 @ ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) @ ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) Each path generates a Verification Condition (VC). We have to prove that each VC holds (valid). Page 9 of 50 Page 10 of 50 Motivation IV Motivation V The VC for path 1 is computed by substitution: We need an algorithm that decides whether this formula holds. If the formula does not hold, the algorithm should give a assume ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) counterexample; e.g., assume i ≤ u ℓ = 0 , i = 1 , u = 1 , rv = false , a [0] = 0 , a [1] = 1 , e = 1 . assume a [ i ] = e rv := true ; We will discuss such algorithms in later lectures. i := i + 1 @ ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) Substituting ⊤ for rv and i + 1 for i , the postcondition (denoted by the @ symbol) holds if and only if the VC: ℓ ≤ i ≤ u ∧ ( rv ↔ ∃ j . ℓ ≤ j < i ∧ a [ j ] = e ) ∧ i ≤ u ∧ a [ i ] = e → ℓ ≤ i + 1 ≤ u ∧ ( ⊤ ↔ ∃ j . ℓ ≤ j < i + 1 ∧ a [ j ] = e ) holds. Page 11 of 50 Page 12 of 50

  4. Propositional Logic (PL) PL Syntax CS156: The Calculus of Atom truth symbols ⊤ (“true”) and ⊥ (“false”) Computation propositional variables P , Q , R , P 1 , Q 1 , R 1 , . . . Literal atom α or its negation ¬ α Zohar Manna Formula literal or application of a logical connective to formulae F , F 1 , F 2 Winter 2010 ¬ F “not” (negation) F 1 ∧ F 2 “and” (conjunction) F 1 ∨ F 2 “or” (disjunction) F 1 → F 2 “implies” (implication) F 1 ↔ F 2 “if and only if” (iff) Chapter 1: Propositional Logic (PL) Page 13 of 50 Page 14 of 50 Example: PL Semantics (meaning of PL) Formula F + Interpretation I = Truth value formula F : ( P ∧ Q ) → ( ⊤ ∨ ¬ Q ) (true, false) atoms: P , Q , ⊤ Interpretation literals: P , Q , ⊤ , ¬ Q I : { P �→ true , Q �→ false , · · · } subformulae: P , Q , ⊤ , ¬ Q , P ∧ Q , ⊤ ∨ ¬ Q , F abbreviation Evaluation of F under I : F : P ∧ Q → ⊤ ∨ ¬ Q F ¬ F where 0 corresponds to value false 0 1 1 true 1 0 F 1 F 2 F 1 ∧ F 2 F 1 ∨ F 2 F 1 → F 2 F 1 ↔ F 2 0 0 0 0 1 1 0 1 0 1 1 0 1 0 0 1 0 0 1 1 1 1 1 1 Page 15 of 50 Page 16 of 50

  5. Example: Inductive Definition of PL’s Semantics F : P ∧ Q → P ∨ ¬ Q I | = F if F evaluates to true under I I : { P �→ true , Q �→ false } i.e., I [ P ] = true , I [ Q ] = false I �| = F false Base Case: P Q ¬ Q P ∧ Q P ∨ ¬ Q F I | = ⊤ I �| = ⊥ 1 0 1 0 1 1 I | = P iff I [ P ] = true; i.e., P is true under I I �| = P iff I [ P ] = false 1 = true 0 = false Inductive Case: I | = ¬ F iff I �| = F F evaluates to true under I ; i.e., I [ F ] = true. I | = F 1 ∧ F 2 iff I | = F 1 and I | = F 2 I | = F 1 ∨ F 2 iff I | = F 1 or I | = F 2 (or both) I | = F 1 → F 2 iff I | = F 1 implies I | = F 2 I | = F 1 ↔ F 2 iff, I | = F 1 and I | = F 2 , or I �| = F 1 and I �| = F 2 Note: I | = F 1 → F 2 iff I �| = F 1 or I | = F 2 . I �| = F 1 → F 2 iff I | = F 1 and I �| = F 2 . I �| = F 1 ∨ F 2 iff I �| = F 1 and I �| = F 2 . Page 17 of 50 Page 18 of 50 Example of Inductive Reasoning: Satisfiability and Validity F satisfiable iff there exists an interpretation I such that I | = F . F : P ∧ Q → P ∨ ¬ Q F valid iff for all interpretations I , I | = F . I : { P �→ true , Q �→ false } F is valid iff ¬ F is unsatisfiable 1 . I | = P since I [ P ] = true Goal: devise an algorithm to decide validity or unsatisfiability of 2 . I �| = Q since I [ Q ] = false formula F . 3 . I | = ¬ Q by 2 and ¬ 4 . I �| = P ∧ Q by 2 and ∧ 5 . I | = P ∨ ¬ Q by 1 and ∨ 6 . I | = F by 4 and → Why? Thus, F is true under I . Note: steps 1, 3, and 5 are nonessential. Page 19 of 50 Page 20 of 50

  6. Method 1: Truth Tables Method 2: Semantic Argument ◮ Assume F is not valid and I a falsifying interpretation: Example F : P ∧ Q → P ∨ ¬ Q I �| = F P Q P ∧ Q ¬ Q P ∨ ¬ Q F ◮ Apply proof rules. 0 0 0 1 1 1 ◮ If no contradiction reached and no more rules applicable, 0 1 0 0 0 1 F is invalid. 1 0 0 1 1 1 ◮ If in every branch of proof a contradiction reached, 1 1 1 0 1 1 F is valid. Thus F is valid. Example F : P ∨ Q → P ∧ Q P Q P ∨ Q P ∧ Q F 0 0 0 0 1 ← satisfying I 0 1 1 0 0 ← falsifying I 1 0 1 0 0 1 1 1 1 1 Thus F is satisfiable, but invalid. Page 21 of 50 Page 22 of 50 Proof Rules for Semantic Arguments I Proof Rules for Semantic Arguments II I | = F → G I �| = F → G I | = ¬ F I �| = ¬ F I �| = F | I | = G I | = F I �| = F I | = F I �| = G I | = F ∧ G I �| = F ∧ G I | = F ↔ G I �| = F ↔ G I | = F I �| = F | I �| = G I | = F ∧ G | I �| = F ∨ G I | = F ∧ ¬ G | I | = ¬ F ∧ G = G ← and I | տ or I | = F I | = F ∨ G I �| = F ∨ G I �| = F I | = F | I | = G I �| = F I | = ⊥ I �| = G Page 23 of 50 Page 24 of 50

  7. Example: Prove Example: Prove F : P ∧ Q → P ∨ ¬ Q is valid. F : ( P → Q ) ∧ ( Q → R ) → ( P → R ) is valid. Let’s assume that F is not valid and that I is a falsifying Let’s assume that F is not valid. interpretation. 1. I �| = F assumption 1 . I = �| P ∧ Q → P ∨ ¬ Q assumption 2. I | = ( P → Q ) ∧ ( Q → R ) 1 and → 2 . = | P ∧ Q 1 and → I 3. I �| = P → R 1 and → 3 . I = �| P ∨ ¬ Q 1 and → 4 . I | = P 2 and ∧ 4. I | = P 3 and → 5 . I = �| P 3 and ∨ 5. I �| = R 3 and → 6 . I = | ⊥ 4 and 5 are contradictory 6. I | = P → Q 2 and ∧ Thus F is valid. 7. I | = Q → R 2 and ∧ Page 25 of 50 Page 26 of 50 Example 3: Is F : P ∨ Q → P ∧ Q 6. I | = P → Q 2 and ∧ valid? Assume F is not valid: 7. I | = Q → R 2 and ∧ 8a. I �| = P 6 and → (case a) 1. I �| = P ∨ Q → P ∧ Q assumption 9a. I | = ⊥ 4 and 8 2. I | = P ∨ Q 1 and → 8b. I | = Q 6 and → (case b) 3. I �| = P ∧ Q 1 and → 9ba. I �| = Q 7 and → (subcase ba) 4a. I | = P 2, ∨ (case a) 10ba. I | = ⊥ 8b and 9ba 5aa. I �| = P 3, ∨ (subcase aa) 9bb. I | = R 7 and → (subcase bb) 6aa. I | = ⊥ 4a, 5aa 10bb. I | = ⊥ 5 and 9bb 5ab. I �| = Q 3, ∨ (subcase ab) 9b. I | = ⊥ 10ba and 10bb 6ab. ? 8. I | = ⊥ 9a and 9b 5a. ? Our assumption is contradictory in all cases, so F is valid. Page 27 of 50 Page 28 of 50

Recommend


More recommend