Formal Specification and Verification 23.04.2013 Viorica - PowerPoint PPT Presentation

Formal Specification and Verification 23.04.2013 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1

Mathematical foundations Formal logic: • Syntax: a formal language (formula expressing facts) • Semantics: to define the meaning of the language, that is which facts are valid) • Deductive system: made of axioms and inference rules to formaly derive theorems, that is facts that are provable 2

Last time Propositional classical logic • Syntax • Semantics Models, Validity, and Satisfiability Entailment and Equivalence • Checking Unsatisfiability Truth tables ”Rewriting” using equivalences Proof systems: clausal/non-clausal - non-clausal: Hilbert calculus 3

Today Propositional classical logic Proof systems: clausal/non-clausal - non-clausal: Hilbert calculus sequent calculus - clausal: Resolution; DPLL (translation to CNF needed) - Binary Decision Diagrams 4

Last time Inference systems Γ (proof calculi) are sets of tuples ( F 1 , . . . , F n , F n +1 ), n ≥ 0, called inferences or inference rules, and written premises � �� � F 1 . . . F n . F n +1 ���� conclusion Clausal inference system: premises and conclusions are clauses. One also considers inference systems over other data structures. 5

Proofs A proof in Γ of a formula F from a a set of formulas N (called assumptions) is a sequence F 1 , . . . , F k of formulas where (i) F k = F , (ii) for all 1 ≤ i ≤ k : F i ∈ N , or else there exists an inference ( F i 1 , . . . , F i ni , F i ) in Γ, such that 0 ≤ i j < i , for 1 ≤ j ≤ n i . 6

Proofs Provability ⊢ Γ of F from N in Γ: N ⊢ Γ F : ⇔ there exists a proof Γ of F from N . Γ is called sound : ⇔ F 1 . . . F n ∈ Γ ⇒ F 1 , . . . , F n | = F F Γ is called complete : ⇔ N | = F ⇒ N ⊢ Γ F Γ is called refutationally complete : ⇔ N | = ⊥ ⇒ N ⊢ Γ ⊥ 7

A deductive system for Propositional logic Variant of the system of Hilbert-Ackermann (Signature: ∨ , ¬ ; x → y ≡ Def ¬ x ∨ y ) Axiom Schemata (to be instantiated for all possible formulae) (1) ( p ∨ p ) → p (2) p → ( q ∨ p ) (3) ( p ∨ q ) → ( q ∨ p ) (4) ( p → q ) → ( r ∨ p → r ∨ q ) Inference rules Modus Ponens: p , p → q q 8

Example of proof Prove φ ∨ ¬ φ 1. (( φ ∨ φ ) → φ ) → ( ¬ φ ∨ ( φ ∨ φ ) → ¬ φ ∨ φ ) [Instance of (4)] 2. φ ∨ φ → φ [Instance of (1)] 3. ¬ φ ∨ ( φ ∨ φ ) → ( ¬ φ ∨ φ ) [1., 2., and MP] 3’. = ( φ → ( φ ∨ φ )) → ( ¬ φ ∨ φ ) [3 and definition of → ] 4. φ → φ ∨ φ [Instance of (2)] 5. ¬ φ ∨ φ [3., 4. and MP] 6. ( ¬ φ ∨ φ ) → ( φ ∨ ¬ φ ) [Instance of (3)] 7. φ ∨ ¬ φ ) [5., 6. and MP] 9

Soundness Γ is called sound : ⇔ F 1 . . . F n ∈ Γ ⇒ F 1 , . . . , F n | = F F Γ sound iff If N ⊢ Γ F then N | = F . Theorem. The Hilbert deductive system is sound. Proof: The proof for propositional logic is by induction on the length of the formal proof of F from N . Proof of length 0: show that all axioms are valid Induction step n �→ n + 1: uses the definition of a proof. It is sufficient to show that ( φ ∧ ( φ → φ ′ )) | = φ ′ . 10

Completeness Γ is called complete : ⇔ N | = F ⇒ N ⊢ Γ F Theorem. The Hilbert deductive system is complete. The very first proof for propositional logic was given by Bernays (a student of Hilbert). 11

Completeness: Sketch of Bernay’s proof Every formula is interderivable with its conjunctive normal form. A conjuction is provable if and only if each of its conjuncts is provable. A disjunction of propositional variables and negations of proprositional variables is provable if and only if it contains a propositional variable and its negation. Conversely, every such disjunction is provable. So, a formula is provable if and only if every conjunct in its conjunctive normal form contains a variable and its negation. Now suppose that φ is a valid but underivable formula. Its conjunctive normal form CNF ( φ ) is also underivable, so it must contain a conjunct φ ′ where every propositional variable occurs only negated or unnegated but not both. If φ was added as a new axiom (so that | = φ implies soundness of the new deductive system), then CNF ( φ ) and φ ′ would also be derivable. By substituting X for every unnegated variable and ¬ X for every negated variable in φ ′ , we would obtain X as a derivable formula (after some simplification), and the system would be inconsistent, which is the desired contradiction. 12

Sequent calculus for propositional logic Sequent Calculus based on notion of sequent ψ 1 , . . . , ψ m ⇒ φ 1 , . . . , φ n � �� � � �� � Antecedent Succedent Has same semantics as | = ψ 1 ∧ · · · ∧ ψ m → ( φ 1 ∨ · · · ∨ φ n ) { ψ 1 , . . . , ψ m } | = φ 1 ∨ · · · ∨ φ n 13

Notation for Sequents ψ 1 , . . . , ψ m ⇒ φ 1 , . . . , φ n � �� � � �� � Antecedent Succedent Consider antecedent/succedent as sets of formulae (may be empty) 14

Notation for Sequents ψ 1 , . . . , ψ m ⇒ φ 1 , . . . , φ n � �� � � �� � Antecedent Succedent Consider antecedent/succedent as sets of formulae (may be empty) Conventions: • empty antecedent = empty conjunction = ⊤ • empty succedent = empty disjunction = ⊥ 15

Notation for Sequents ψ 1 , . . . , ψ m ⇒ φ 1 , . . . , φ n � �� � � �� � Antecedent Succedent Consider antecedent/succedent as sets of formulae (may be empty) Conventions: • empty antecedent = empty conjunction = ⊤ • empty succedent = empty disjunction = ⊥ Alternative notation: ψ 1 , . . . , ψ m ⊢ φ 1 , . . . , φ n Not used here because of the risk of potential confusion with the provability relation 16

Notation for Sequents ψ 1 , . . . , ψ m ⇒ φ 1 , . . . , φ n � �� � � �� � Antecedent Succedent Consider antecedent/succedent as sets of formulas, may be empty Schema Variables: φ , ψ , . . . match formulas, Γ, ∆, ... match sets of formulas Characterize infinitely many sequents with a single schematic sequent: Example: Γ ⇒ ∆, φ ∧ ψ Matches any sequent with occurrence of conjunction in succedent We call φ ∧ ψ main formula and Γ, ∆ side formulae of sequent. 17

Sequent Calculus Rules of Propositional Logic Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible premises � �� � Γ 1 ⇒ ∆ 1 . . . Γ n ⇒ ∆ n Rule Name . Γ ⇒ ∆ � �� � conclusion 18

Sequent Calculus Rules of Propositional Logic Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible premises � �� � Γ 1 ⇒ ∆ 1 . . . Γ n ⇒ ∆ n Rule Name . Γ ⇒ ∆ � �� � conclusion Example: Γ ⇒ φ , ∆ Γ ⇒ ψ , ∆ andRight . Γ ⇒ φ ∧ ψ , ∆ 19

Sequent Calculus Rules of Propositional Logic Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible premises � �� � Γ 1 ⇒ ∆ 1 . . . Γ n ⇒ ∆ n Rule Name . Γ ⇒ ∆ � �� � conclusion Example: Γ ⇒ φ , ∆ Γ ⇒ ψ , ∆ andRight . Γ ⇒ φ ∧ ψ , ∆ Informal meaning: In order to prove that Γ entails ( φ ∧ ψ ) ∨ ∆ we need to prove that: Γ entails φ ∨ ∆ and Γ entails ψ ∨ ∆ 20

Sequent Calculus Rules of Propositional Logic Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible premises � �� � Γ 1 ⇒ ∆ 1 . . . Γ n ⇒ ∆ n Rule Name . Γ ⇒ ∆ � �� � conclusion Example: Γ ⇒ φ , ∆ Γ ⇒ ψ , ∆ andRight . Γ ⇒ φ ∧ ψ , ∆ Sound rule (essential): If | = (Γ 1 → ∆ 1 ) and . . . | = (Γ n → ∆ n ) then | = (Γ → ∆) 21

Sequent Calculus Rules of Propositional Logic Write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible premises � �� � Γ 1 ⇒ ∆ 1 . . . Γ n ⇒ ∆ n Rule Name . Γ ⇒ ∆ � �� � conclusion Example: Γ ⇒ φ , ∆ Γ ⇒ ψ , ∆ andRight . Γ ⇒ φ ∧ ψ , ∆ Sound rule (essential): If | = (Γ 1 → ∆ 1 ) and . . . and | = (Γ n → ∆ n ) then | = (Γ → ∆) Complete rule (desirable): If | = (Γ → ∆) then | = (Γ 1 → ∆ 1 ), . . . | = (Γ n → ∆ n ) 22

Rules of Propositional Sequent Calculus main left side (antecedent) right side (succedent) Γ ⇒ φ ,∆ Γ, φ ⇒ ∆ not Γ, ¬ φ ⇒ ∆ Γ ⇒¬ φ ,∆ 23

Rules of Propositional Sequent Calculus main left side (antecedent) right side (succedent) Γ ⇒ φ ,∆ Γ, φ ⇒ ∆ not Γ, ¬ φ ⇒ ∆ Γ ⇒¬ φ ,∆ Γ, φ , ψ ⇒ ∆ Γ ⇒ φ ,∆ Γ ⇒ ψ ,∆ and Γ, φ ∧ ψ ⇒ ∆ Γ ⇒ φ ∧ ψ ,∆ 24

Rules of Propositional Sequent Calculus main left side (antecedent) right side (succedent) Γ ⇒ φ ,∆ Γ, φ ⇒ ∆ not Γ, ¬ φ ⇒ ∆ Γ ⇒¬ φ ,∆ Γ, φ , ψ ⇒ ∆ Γ ⇒ φ ,∆ Γ ⇒ ψ ,∆ and Γ, φ ∧ ψ ⇒ ∆ Γ ⇒ φ ∧ ψ ,∆ Γ, φ ⇒ ∆ Γ, ψ ⇒ ∆ Γ ⇒ φ , ψ ,∆ or Γ, φ ∨ ψ ⇒ ∆ Γ ⇒ φ ∨ ψ ,∆ 25