logic for verification
play

Logic for Verification Jo ao Martins August 4, 2012 J. Martins () - PowerPoint PPT Presentation

Logic for Verification Jo ao Martins August 4, 2012 J. Martins () Logic for Verification August 4, 2012 1 / 96 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic


  1. Semantics Even more exercises, sorry guys :( Exercises Check whether the following are true or false: 1 {¬ ( a ∧ b ) , a } | = ¬ b 2 {¬ ( a → b ) , ¬ b } | = ¬ a 3 { a → b , ¬ a → b } | = b 4 { a → b } | = ( a ∧ c ) → b 5 { ( a ∧ b ) → c , d → a } | = b → ( d → c ) Pro-tip: if you have tons of implications, using reductio ad absurdum may turn them into ands! *hint hint* J. Martins () Logic for Verification August 4, 2012 23 / 96

  2. Semantics Some more cute details Are these true? { A ∧ B } | = A { A } | = A ∨ B {⊥} | = A (why?) Proposition = B iff � A → B . { A } | Proof : Let’s show the ⇒ direction first. By hypothesis, { A } | = B , by definition is for any V , if V � A then V � B . Again by definition, that is exactly � A → B . The ⇐ direction is similar. J. Martins () Logic for Verification August 4, 2012 24 / 96

  3. Semantics Some shortcuts! More (provable) laws of propositional logic Double-negation: ¬¬ A ≡ A Contradiction: A ∧ ¬ A ≡ ⊥ de Morgan Laws: ¬ ( A ∧ B ) ≡ ¬ A ∨ ¬ B ¬ ( A ∨ B ) ≡ ¬ A ∧ ¬ B Distributivity: A → ( B → C ) ≡ ( A → B ) → ( A → C ) A ∨ ( B ∧ C ) ≡ ( A ∨ B ) ∧ ( A ∨ C ) ( A ∨ B ) ∧ C ≡ ( A ∨ C ) ∧ ( B ∨ C ) A ∧ ( B ∨ C ) ≡ ( A ∧ B ) ∨ ( A ∧ C ) ( A ∧ B ) ∨ C ) ≡ ( A ∧ C ) ∨ ( B ∧ C ) J. Martins () Logic for Verification August 4, 2012 25 / 96

  4. Semantics Do we need all connectives? The de Morgan laws tell us A ∧ B ≡ ¬ ( ¬ A ∨ ¬ B ). We don’t need ∧ if we have ¬ and ∨ . Exercise Define ¬ , ∨ , ∧ and ↔ from ⊥ and → Exercise Define ⊥ , ∧ , → and ↔ from ¬ and ∨ J. Martins () Logic for Verification August 4, 2012 26 / 96

  5. Semantics One of you asked: how do we know the logic is consistent? Plus, you said you wanted more math :D Proposition Let V 1 and V 2 be two valuations over P . For any A ∈ F P , if V 1 ( a ) = V 2 ( a ) for every a ∈ P , then V 1 � A if and only if V 2 � A . J. Martins () Logic for Verification August 4, 2012 27 / 96

  6. Semantics One of you asked: how do we know the logic is consistent? Proof By induction on the formula A . Base case: A = ⊥ , trivially V 1 � ⊥ iff V 2 � ⊥ since for all V , V � � ⊥ A = a , a ∈ P . By hypothesis, V 1 ( a ) = V 2 ( a ), so it follows trivially that V 1 � a iff V 2 � a Induction step: A = A 1 → A 2 : is V 1 � A 1 → A 2 iff V 2 � A 1 → A 2 ? Since A 1 and A 2 are subformulae, by induction hypothesis we have that V 1 � A 1 iff V 2 � A 1 and similarly for A 2 . Then, the truth value of A 1 → A 2 is defined by whatever value A 1 and A 2 take, which is the same for V 1 � and V 2 . Exercise :P Do the case for A = A 1 ∨ A 2 . J. Martins () Logic for Verification August 4, 2012 28 / 96

  7. Semantics Substitution theorem Substitution Theorem Suppose A ≡ B , and that C has A as a subformula. Let C ′ be obtained by substitution A for B in C . Then, C ≡ C ′ . J. Martins () Logic for Verification August 4, 2012 29 / 96

  8. Semantics Substitution theorem Substitution Theorem Suppose A ≡ B , and that C has A as a subformula. Let C ′ be obtained by substitution A for B in C . Then, C ≡ C ′ . Proof by induction Base case: C = p , for p ∈ P . The only subformula of C is C , and therefore A = C = p and also B = C ′ . By hypothesis, A ≡ B , so that C ≡ C ′ . C = ⊥ , trivial, as before. Induction step: C = C 1 ∨ C 2 (other cases similar). By induction, C i ≡ C ′ i . By hypotesis, A is subformula of C , there are 3 cases: A = C , which is proven like the base cases. A = C 1 . Then, C ′ = C ′ 1 ∨ C 2 , from which we conclude C ≡ C ′ . A = C 2 , same as above J. Martins () Logic for Verification August 4, 2012 29 / 96

  9. Semantics What do we know so far? How to construct a logical language inductively Connectives, propositions and formulae as syntactic objects Valuation as a structure capable of assigning truth values to syntactic objects The notion of semantic consequence, or of how we can deduce something from hypothesis Some neat properties of propositional logic This does not help us for verification! How can we automatise this process? J. Martins () Logic for Verification August 4, 2012 30 / 96

  10. Verification Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 31 / 96

  11. Verification Verification The computer doesn’t understand natural language The computer doesn’t understand semantics The computer plays with symbols. It is syntactic! Wanted: purely syntactic techniques for checking semantic consequence/validity J. Martins () Logic for Verification August 4, 2012 32 / 96

  12. Verification Truth Tables Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 33 / 96

  13. Verification Truth Tables Truth Tables Extremely simple way to check the validity of a formula A Just lay down a table with all possible truth values for the propositions in A Each column contains a subformula of A Start with the smallest subfurmulae and fill in the blanks... J. Martins () Logic for Verification August 4, 2012 34 / 96

  14. Verification Truth Tables Example Example Simple example If the subway is late ( s ) and there are no cabs in the station ( ¬ c ), Peter gets home late ( l ). ( s ∧ ¬ c ) → l s c l ¬ c s ∧ ¬ c ( s ∧ ¬ c ) → l 0 0 0 X X X 0 0 1 X X X 0 1 0 X X X 0 1 1 X X X 1 0 0 X X X 1 0 1 X X X 1 1 0 X X X 1 1 1 X X X J. Martins () Logic for Verification August 4, 2012 35 / 96

  15. Verification Truth Tables Example Example Simple example If the subway is late ( s ) and there are no cabs in the station ( ¬ c ), Peter gets home late ( l ). ( s ∧ ¬ c ) → l s c l ¬ c s ∧ ¬ c ( s ∧ ¬ c ) → l 0 0 0 1 X X 0 0 1 1 X X 0 1 0 0 X X 0 1 1 0 X X 1 0 0 1 X X 1 0 1 1 X X 1 1 0 0 X X 1 1 1 0 X X J. Martins () Logic for Verification August 4, 2012 36 / 96

  16. Verification Truth Tables Example Example Simple example If the subway is late ( s ) and there are no cabs in the station ( ¬ c ), Peter gets home late ( l ). ( s ∧ ¬ c ) → l s c l ¬ c s ∧ ¬ c ( s ∧ ¬ c ) → l 0 0 0 1 0 X 0 0 1 1 0 X 0 1 0 0 0 X 0 1 1 0 0 X 1 0 0 1 1 X 1 0 1 1 1 X 1 1 0 0 0 X 1 1 1 0 0 X J. Martins () Logic for Verification August 4, 2012 37 / 96

  17. Verification Truth Tables Example Example Simple example If the subway is late ( s ) and there are no cabs in the station ( ¬ c ), Peter gets home late ( l ). ( s ∧ ¬ c ) → l s c l ¬ c s ∧ ¬ c ( s ∧ ¬ c ) → l 0 0 0 1 0 1 0 0 1 1 0 1 0 1 0 0 0 1 0 1 1 0 0 1 1 0 0 1 1 0 1 0 1 1 1 1 1 1 0 0 0 1 1 1 1 0 0 1 J. Martins () Logic for Verification August 4, 2012 38 / 96

  18. Verification Truth Tables Does it scale? What if we had 10 friends, and all of them could be late? J. Martins () Logic for Verification August 4, 2012 39 / 96

  19. Verification Truth Tables Does it scale? What if we had 10 friends, and all of them could be late? 2 10 = 1024 Welp... this could get boring... J. Martins () Logic for Verification August 4, 2012 39 / 96

  20. Verification Truth Tables Does it scale? What if each friend can choose to wear pants or skirts/kilts ... and a shirt or a t-shirt That’s three variables for each person, whether they are late, wearing pants, or t-shirt. 2 30 = 1 , 073 , 741 , 824 One billion, seventy-three million, seven-hundred and forty-one thousand, eight-hundred and twenty four (that’s right, I took the time to write this down!) Volunteers? Perhaps you could split into 4 groups, you’d only get 250 million each! J. Martins () Logic for Verification August 4, 2012 40 / 96

  21. Verification Resolution Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 41 / 96

  22. Verification Resolution Conjunctive Normal Form: CNF A formula A is in CNF if it is a conjunction of disjunctions of literals Wait what? A is a literal if it is p or ¬ p , for any p ∈ P A = ( a 11 ∨ ... ∨ a 1 n 1 ) ∧ ... ∧ ( a n 1 ∨ ... ∨ a nn n ) CNF as sets We represent ¬ a as a . We represent a ∨ ¬ b ∨ d as { abd } We represent ( a ∨ ¬ b ∨ d ) ∧ ( d ) ∧ ( ¬ d ∨ a ) as { abd , d , da } J. Martins () Logic for Verification August 4, 2012 42 / 96

  23. Verification Resolution All formulae can be CNF Lemma Let A ∈ F P . Then, there exists B ∈ F P such that B is in CNF and A ≡ B . Proof (sketch) By induction. The base cases are already in CNF. For A = A 1 ∧ A 2 we have by I.H. that A ′ 1 and A ′ 2 are in CNF and are equivalent to A 1 and A 2 respectively. Therefore, A ′ 1 ∨ A ′ 2 is equivalent to A 1 ∨ A 2 and is in CNF. For A = A 1 ∨ A 2 you do the same, but use distributivity to get CNF. J. Martins () Logic for Verification August 4, 2012 43 / 96

  24. Verification Resolution Resolution An algorithm for checking the satisfiability of a formula in CNF Use the following reasoning: if a ∨ b and ¬ a ∨ c then b ∨ c b ∨ c is called the resolvent of a ∨ b and ¬ a ∨ c This generalises to larger disjunctions ( ∨ ) J. Martins () Logic for Verification August 4, 2012 44 / 96

  25. Verification Resolution Simple examples: you know what comes next, right?:) Examples 1 { aba , acc , qwertyuiopasdfghjklzxcvbnmd } 2 { ab , ab , cac } 3 { abc , ab , a , abc } (what is the truth value of an empty disjunction?) J. Martins () Logic for Verification August 4, 2012 45 / 96

  26. Verification Resolution BAM - exercises! Exercises 1 ⊥ → a 2 ( a ∧ b ) ∨ ( ¬ a ∧ ¬ a ) 3 ( a → b ) ∧ ( a → ¬ b ) 4 ( a ∨ b ) ∧ ¬ a ∧ ( ¬ a ∧ ¬ b ) J. Martins () Logic for Verification August 4, 2012 46 / 96

  27. Verification Natural Deduction Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 47 / 96

  28. Verification Natural Deduction What is a proof? Elements that can be used in a proof: Axioms , which are true and can always be used Hypotheses , which one assumes to be true (the A in A | = A ) Rules of inference, which allow us to syntactically obtain new truths, called theorems J. Martins () Logic for Verification August 4, 2012 48 / 96

  29. Verification Natural Deduction What is a proof (formally)? A proof is a sequence of formulae The first elements in the sequence are the hypotheses All the elements after that are obtained by the application of a deduction rule Deduction rules may use previously proven formulae as hypotheses The last formula is the desired conclusion Notation Let { A 1 , ..., A n } be a set of hypotheses and A be the desired conclusion. Then, we write { A 1 , ..., A n } ⊢ A if from the hypotheses A 1 , ..., A n one can build a proof for A . J. Martins () Logic for Verification August 4, 2012 49 / 96

  30. Verification Natural Deduction Terminology Terminology If one can prove { A 1 , ..., A n } ⊢ A , then one says ϕ is a consequence of the set of hypotheses If one proves ∅ ⊢ A , then A is said to be a theorem of the deductive system (denoted ⊢ A ) This sounds awfully familiar... { A 1 , ..., A n } | = A Are they the same? J. Martins () Logic for Verification August 4, 2012 50 / 96

  31. Verification Natural Deduction Soundness and Completeness: super duper importantness { A 1 , ..., A n } ⊢ A is syntactic { A 1 , ..., A n } | = A is semantic But they should match! Desired theorem for all deductive systems { A 1 , ..., A n } ⊢ A if and only if { A 1 , ..., A n } | = A J. Martins () Logic for Verification August 4, 2012 51 / 96

  32. Verification Natural Deduction Soundness and Completeness: MOAR super duper importantness Definition (Soundness): If you can find a proof, the conclusion must hold semantically! This is the most important thing: You never want a system that deduces wrong things! { A 1 , ..., A n } ⊢ A implies { A 1 , ..., A n } | = A Definition (Completeness): If it is true (semantically), then you can find a proof. This is usually much harder, and sometimes you will not get a complete proof system because the logic is so complex. { A 1 , ..., A n } | = A implies { A 1 , ..., A n } ⊢ A J. Martins () Logic for Verification August 4, 2012 52 / 96

  33. Verification Natural Deduction Natural Deduction Natural deduction is an intuitive proof system, similar to human throught processes It is not the best for use by computers, but it is easy to understand It has rules of inference that allow you to introduce and eliminate each of the connectives If the rules “make sense”, this may be sound. If we cover all connectives, perhaps we will have completeness. J. Martins () Logic for Verification August 4, 2012 53 / 96

  34. Verification Natural Deduction Absurd rule Absurd rule [ ¬ A ] m D ⊥ ⊥ , m A J. Martins () Logic for Verification August 4, 2012 54 / 96

  35. Verification Natural Deduction Conjunction rules Conjunction rules D 1 D 2 D D A 1 ∧ A 2 A 1 ∧ A 2 A 1 A 2 ∧ I ∧ E 1 ∧ E 2 A 1 ∧ A 2 A 1 A 2 J. Martins () Logic for Verification August 4, 2012 55 / 96

  36. Verification Natural Deduction Implication rules Implication rules [ A ] m D D 1 A → B B A A → B → I → E B J. Martins () Logic for Verification August 4, 2012 56 / 96

  37. Verification Natural Deduction Disjunction rules Disjunction rules [ A 1 ] m [ A 2 ] n D D D 1 D 2 D 3 A 1 A 2 A 1 ∨ A 2 B B ∨ I 1 ∨ I 2 ∨ E ,m,n A 1 ∨ A 2 A 1 ∨ A 2 B D 1 D 2 D 3 A 1 ∨ A 2 A 1 → B A 2 → B Alternative: ∨ E B J. Martins () Logic for Verification August 4, 2012 57 / 96

  38. Verification Natural Deduction Super Theorem of Awesome Theorem Natural deduction is sound and complete with respect to propositional logic!!!!11one J. Martins () Logic for Verification August 4, 2012 58 / 96

  39. Verification Natural Deduction Example 1 Example 1 Prove { a , a → b } ⊢ a ∧ b J. Martins () Logic for Verification August 4, 2012 59 / 96

  40. Verification Natural Deduction Example 1 Example 1 Prove { a , a → b } ⊢ a ∧ b a 1 a → b 2 → E a 1 b ∧ I a ∧ b J. Martins () Logic for Verification August 4, 2012 59 / 96

  41. Verification Natural Deduction Example 2 Example 2 Prove ∅ ⊢ ( a ∧ b ) → b J. Martins () Logic for Verification August 4, 2012 60 / 96

  42. Verification Natural Deduction Example 2 Example 2 Prove ∅ ⊢ ( a ∧ b ) → b a ∧ b 1 ∧ E 1 b ( a ∧ b ) → b → I , 1 J. Martins () Logic for Verification August 4, 2012 60 / 96

  43. Verification Natural Deduction Example 3 Example 3 Prove ( a ∧ b ) ∨ ( a ∧ c ) ⊢ c J. Martins () Logic for Verification August 4, 2012 61 / 96

  44. Verification Natural Deduction Example 3 Example 3 Prove ( a ∧ b ) ∨ ( a ∧ c ) ⊢ c a ∧ b 2 a ∧ c 3 ( a ∧ b ) ∨ ( a ∧ c ) 1 E 1 −∧ E 1 −∧ a a ∨ E , 2 , 3 a J. Martins () Logic for Verification August 4, 2012 61 / 96

  45. Verification Natural Deduction Example 4 Example 4 Prove ⊢ ( a → b ) → ( ¬ b → ¬ a ) J. Martins () Logic for Verification August 4, 2012 62 / 96

  46. Verification Natural Deduction Example 4 Example 4 Prove ⊢ ( a → b ) → ( ¬ b → ¬ a ) a 3 a → b 1 ¬ b ≡ b → ⊥ 2 → E b → E ⊥ → I , 3 ¬ a ≡ a → ⊥ → I , 2 ( ¬ b → ¬ a ) → I , 1 ( a → b ) → ( ¬ b → ¬ a ) J. Martins () Logic for Verification August 4, 2012 62 / 96

  47. Verification Natural Deduction Last exercises, now with candy! Exercise ⊢ a → ( a ∨ b ) 1 ⊢ ( a ∨ a ) → a 2 ⊢ a → ( b → a ) 3 ⊢ ¬ ( a ∨ b ) → ¬ a 4 ⊢ ¬ a → ( a → b ) 5 ⊢ ( b → c ) → (( a ∧ b ) → c ) 6 ⊢ ( a → b ) → ( a → ( b ∨ c )) 7 ⊢ (( a → b ) ∧ ( b → c )) → ( a → c ) 8 ⊢ (( a → b ) ∧ ¬ b ) → ¬ a 9 10 ⊢ ( a → ( b → c )) → (( a → b ) → ( a → c )) 11 ⊢ a ↔ ¬¬ a 12 ⊢ (( a → b )) ↔ ( ¬ b → ¬ a ) 13 ⊢ a ∨ ¬ a J. Martins () Logic for Verification August 4, 2012 63 / 96

  48. Verification Natural Deduction Proof of correctness All rules are sound If H d i | = conc( d i ) then H d | = conc( d ). Proof (sketch) of correctness Rule for → E . We have conc( d ) = B , conc( d 1 ) = A , conc( d 2 ) = A → B , and can assume H d 1 | = A and H d 2 | = A → B . Want to prove: H d | = A → B . We can see that H d = H d 1 ∪ H d 2 . By hypothesis, let V be s.t. V � H d (because w.t.p. H d | =?). Then, necessarily, V � H d 1 and V � H d 2 , so that we know V � A and V � A → B . Therefore, V � B . Because we assumed V � H d and got V � B , we have H d | = B . J. Martins () Logic for Verification August 4, 2012 64 / 96

  49. Verification Natural Deduction Proof of correctness (continued) Proof (sketch) of correctness, continued Rule for → I . We have conc( d ) = A → B , conc( d 1 ) = B and can assume H d 1 | = B . Want to prove: H d | = A → B . We can see that H d 1 ⊂ H d ∪ { A } . By hypothesis, let V be s.t. V � H d (because w.t.p. H d | =?). Suppose V � A . Then, V � H d 1 ( H d ∪ { A } ). In that case, we conclude that V | = B . Therefore, by definition of satisfaction, V � A → B . Because we assumed V � H d and got V � A → B , we have H d | = A → B . J. Martins () Logic for Verification August 4, 2012 65 / 96

  50. Verification Natural Deduction Proof of correctness (continued) Proof (sketch) of correctness, continued Rule for ⊥ . We have conc( d ) = A , conc( d 1 ) = ⊥ and can assume H d 1 | = ⊥ . Want to prove: H d | = A . We can see that H d 1 ⊂ H d ∪ {¬ A } . By hypothesis, let V be s.t. V � H d (because w.t.p. H d | =?). Let’s assume V � ¬ A . Then, V � H d 1 ( H d ∪ {¬ A } ). Then, V � ⊥ . This is a contradiction. Therefore, V � � ¬ A , or V � A . Because we assumed V � H d and got V � A , we have H d | = A . J. Martins () Logic for Verification August 4, 2012 66 / 96

  51. Verification Natural Deduction What do we know so far? How do specify a logical language using syntax How to give it the intended meaning using semantics Truth tables Resolution for formulae in CNF Natural deduction as a sound and complete proof system We have techniques to verify systems. What are we missing? J. Martins () Logic for Verification August 4, 2012 67 / 96

  52. Verification Natural Deduction What do we know so far? How do specify a logical language using syntax How to give it the intended meaning using semantics Truth tables Resolution for formulae in CNF Natural deduction as a sound and complete proof system We have techniques to verify systems. What are we missing? Expressiveness! J. Martins () Logic for Verification August 4, 2012 67 / 96

  53. Beyond Propositional Logic Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 68 / 96

  54. Beyond Propositional Logic First Order Logic Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 69 / 96

  55. Beyond Propositional Logic First Order Logic First order logic What if these weren’t propositions? What if we could write them? 3 2 = 9 ∀ n ∈ N 0 , n ≥ 0 ∀ x , y ∈ N ( x 2 + y 2 = z 2 ) Any student is younger than any professor. J. Martins () Logic for Verification August 4, 2012 70 / 96

  56. Beyond Propositional Logic First Order Logic Core ideas of FOL You add variables, x ∈ X ! You keep the connectives You add properties: p ( x ), ismother ( Anne , John ) You add functions: s ( x ) = x + 1, or mother ( John ) = Anne . You add quantifiers over variables: ∃ xA , ∀ yB Variables � = propositions: Evaluate( x ) = v , v is a value. Evaluate( p ) ∈ { 0 , 1 } J. Martins () Logic for Verification August 4, 2012 71 / 96

  57. Beyond Propositional Logic First Order Logic Examples John is a child, C ( John ) Anne is John’s mother, M ( Anne , John ) Any child is younger than their mothers: ∀ x ∀ y ( C ( x ) ∧ M ( y , x )) → N ( x , y ) The function f is surjective: ∀ y ∃ xf ( x ) = y The set has at least three different elements: ∃ x ∃ y ∃ z ( ¬ ( x = y ) ∧ ¬ ( x = z ) ∧ ¬ ( y = z )) J. Martins () Logic for Verification August 4, 2012 72 / 96

  58. Beyond Propositional Logic First Order Logic Exercises (but it’s almost over anyways) Exercises 1 A and B are sons of C 2 Since noone is its own ancestor, if A is an ancestor of B , then B isn’t an ancestor of A 3 Sons of the same mother are brothers 4 No even number is a prime 5 Not all primes are odd 6 Any prime is equal to 2, or odd 7 Any transitive, anti-reflexive (binary) relation is anti-symmetric 8 Every hour someone is robbed. We’ll meet him today J. Martins () Logic for Verification August 4, 2012 73 / 96

  59. Beyond Propositional Logic First Order Logic Interpreting terms We need the following new elements: Variables take values in a given domain/universe U To keep track of variables, we need ρ : X → U Instead of valuation V , we have an interpretation I that also handles p ( x , y ) and f ( x , y ) Definition Let M = ( U , I ) be an interpretation structure . Interpreting terms is defined as follows: � x � ρ M = ρ ( x ), for x ∈ X � c � ρ M = I ( c ), for a constant c (what is a constant?) � f ( t 1 , ..., t n ) � ρ M = I ( f )( � t 1 � ρ M , ..., � t n � ρ M ), for a function f of arity n J. Martins () Logic for Verification August 4, 2012 74 / 96

  60. Beyond Propositional Logic First Order Logic Example I ( i ) = i ∈ U = N , from a symbol to a number (these are constants) ρ ( x ) = 3 and ρ ( y ) = 1 I ( ⊕ )( w , z ) = w + z (from the symbol ⊕ to the meaning of +!) Example Let’s interpret x ⊕ (2 ⊕ y ). (why can’t I write 2 instead?) J. Martins () Logic for Verification August 4, 2012 75 / 96

  61. Beyond Propositional Logic First Order Logic Example I ( i ) = i ∈ U = N , from a symbol to a number (these are constants) ρ ( x ) = 3 and ρ ( y ) = 1 I ( ⊕ )( w , z ) = w + z (from the symbol ⊕ to the meaning of +!) Example Let’s interpret x ⊕ (2 ⊕ y ). (why can’t I write 2 instead?) � x ⊕ (2 ⊕ y ) � ρ ( U , I ) = I ( ⊕ )( � x � ρ ( U , I ) , � 1 ⊕ y � ρ ( U , I ) ) = � x � ρ ( U , I ) + � 2 ⊕ y � ρ ( U , I ) = ρ ( x ) + I ( ⊕ )( � 2 � ρ ( U , I ) , � y � ρ ( U , I ) ) = 3 + � 2 � ρ ( U , I ) + � y � ρ ( U , I ) = 3 + I (2) + ρ ( y ) = 3 + 2 + 1 = 6 J. Martins () Logic for Verification August 4, 2012 75 / 96

  62. Beyond Propositional Logic First Order Logic Satisfying formulae Definition (satisfaction) Let M = ( U , I ). Besides the rules from propositional logic: M , ρ � P ( t 1 , ..., t n ) if I ( P )( � t 1 � ρ M , ..., � t n � ρ M ) = 1 M , ρ � ∀ x A if for all u ∈ U , M , ρ [ x �→ u ] � A M , ρ � ∃ x A if for some u ∈ U , M , ρ [ x �→ u ] � A Very quick exercises Convert the following formulae into equivalents with the other quantifier: 1 ¬∀ xA 2 ∃ xA J. Martins () Logic for Verification August 4, 2012 76 / 96

  63. Beyond Propositional Logic First Order Logic Satisfying formulae Definition (satisfaction) Let M = ( U , I ). Besides the rules from propositional logic: M , ρ � P ( t 1 , ..., t n ) if I ( P )( � t 1 � ρ M , ..., � t n � ρ M ) = 1 M , ρ � ∀ x A if for all u ∈ U , M , ρ [ x �→ u ] � A M , ρ � ∃ x A if for some u ∈ U , M , ρ [ x �→ u ] � A Very quick exercises Convert the following formulae into equivalents with the other quantifier: 1 ¬∀ xA 2 ∃ xA Answers: ∃ x ¬ A and ¬∀ x ¬ A J. Martins () Logic for Verification August 4, 2012 76 / 96

  64. Beyond Propositional Logic First Order Logic Final words on FOL A LOT more expressive There are proof systems that are sound and complete! Semidecidable: If A is a theorem, you can find a proof If A is not a theorem, the algorithm may not answer Most complex logics become undecidable :( J. Martins () Logic for Verification August 4, 2012 77 / 96

  65. Beyond Propositional Logic Modal Logics Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 78 / 96

  66. Beyond Propositional Logic Modal Logics Modal (Propositional) Logic: core ideas What if instead of one world, we had several “possible worlds”? Cars aren’t always going fast f Cars don’t always crash, c Perhaps V � f isn’t always the case... What if we represent each V explicitly? What if we can talk about them within the logic itself!? Valuception... cunning! J. Martins () Logic for Verification August 4, 2012 79 / 96

  67. Beyond Propositional Logic Modal Logics Example: cars crashing f c f c fc f c If the car is fast and crashed, it will probably skid to a stop If a car is going fast, it may crash A car may brake, accelerate, or keep its speed Notice the car won’t crash if it is going slow! J. Martins () Logic for Verification August 4, 2012 80 / 96

  68. Beyond Propositional Logic Modal Logics How do we talk about these different worlds? We use modalities: � A means that A is necessary ♦ A means that A is possible How do you think the semantics work? J. Martins () Logic for Verification August 4, 2012 81 / 96

  69. Beyond Propositional Logic Modal Logics How do we talk about these different worlds? We use modalities: � A means that A is necessary ♦ A means that A is possible How do you think the semantics work? Semantics Let F = � G , R , | = � be a frame. G is the set of possible worlds. R is the accessibility relation. w | = p , with w ∈ G means that p is true in w . = � A if whenever ( w , v ) ∈ R then v | w | = A . = ♦ A if there is some ( w , v ) ∈ R such that v | w | = A . Plus the usual propositional logic. J. Martins () Logic for Verification August 4, 2012 81 / 96

  70. Beyond Propositional Logic Modal Logics Restrictions on the frame If the frame is arbitrary, we have the following properties: If ⊢ A , then ⊢ � A (Necessitation rule) � ( A ∨ B ) → ( � A → � B ) (Distribution Axiom) The more restrictions you put in your frame, the more axioms you get: If R is reflexive, then � A → A You can get up to making R an equivalence relation, and get � A → �� A , ♦ A → �♦ P . J. Martins () Logic for Verification August 4, 2012 82 / 96

  71. Beyond Propositional Logic Modal Logics Final thoughts Modalities can have many meanings: Knowledge Belief Necessity/possibility Temporal Etc... But suppose we wanted to change our location? Or suppose that we want to specify how R is defined? What if R was dynamic? J. Martins () Logic for Verification August 4, 2012 83 / 96

  72. Beyond Propositional Logic Dynamic Logic Summary 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic First Order Logic Modal Logics Dynamic Logic Hybrid systems and Differential Dynamic Logic J. Martins () Logic for Verification August 4, 2012 84 / 96

  73. Beyond Propositional Logic Dynamic Logic Dynamic Logic: core ideas Instead of propositions, we’ve got variables Inside the � , we put programs !!! The programs tells us what R should be! Man, if this is not exciting, I don’t know WHAT is! � J. Martins () Logic for Verification August 4, 2012 85 / 96

  74. Beyond Propositional Logic Dynamic Logic Programs D.L. was defined to be able to reason about computer programs. Therefore, the programs we will use are similar to computer programs Programs Basic actions: Assignment: x := e , where x is a variable and e is an expression made from other variables and the usual operators (+, -, etc). Test: ? cond , where cond is some condition, such as x = 3, or x < 0. NOP: 1 , does nothing BLOCK: 0 , an action that results in contradiction And compound actions: Sequence: a ; b , means b executes after a Choice: a ∪ b , the program can perform either of the two actions Iteration: a ∗ runs a zero or more times sequentially. J. Martins () Logic for Verification August 4, 2012 86 / 96

  75. Beyond Propositional Logic Dynamic Logic A simple example Cars have speed and position, p and v . The wind might affect the car. When time passes, the car moves, but might be affected by the wind: ( p := p + v ) ∪ ( p := p − 1) ∪ ( p := p + 1) The driver may also decide to accelerate or brake: ( v := v + 1) ∪ ( v := v − 1) Suppose v is 2. Numbers represent p . Here’s ( p := p + v ) ∪ ( p := p − 1) ∪ ( p := p + 1): 1 2 3 4 5 J. Martins () Logic for Verification August 4, 2012 87 / 96

  76. Beyond Propositional Logic Dynamic Logic A simple example Cars have speed and position, p and v . The wind might affect the car. When time passes, the car moves, but might be affected by the wind: ( p := p + v ) ∪ ( p := p − 1) ∪ ( p := p + 1) The driver may also decide to accelerate or brake: ( v := v + 1) ∪ ( v := v − 1) Suppose v is 2. Numbers represent p . Here’s v := v − 1; (( p := p + v ) ∪ ( p := p − 1) ∪ ( p := p + 1)): 1 2 3 4 5 J. Martins () Logic for Verification August 4, 2012 88 / 96

  77. Beyond Propositional Logic Dynamic Logic Some interesting axioms The following axioms might help understand how programs interact with modalities: [0] A [1] A ≡ A [ a ∪ b ] A ≡ [ a ] A ∧ [ b ] A [ a ; b ] A ≡ [ a ]([ b ] A ) [ a ∗ ] A ≡ A ∧ [ a ][ a ∗ ] A A ∧ [ a ∗ ]( A → [ a ] A ) → [ a ∗ ] A (what does this look like?) Quick exercise Define the program that represents: if A then a else b J. Martins () Logic for Verification August 4, 2012 89 / 96

  78. Beyond Propositional Logic Dynamic Logic What do we have so far? You know how to start from propositional logic ... then build in modalities ... then build in even more complex and dynamic modalities All these logics have axiomatisations/proof systems They can also be extended to first-order variations Can we accurately model a car and car cruise control with what we have? J. Martins () Logic for Verification August 4, 2012 90 / 96

Recommend


More recommend