The Calculus of Computation: Decision Procedures with Applications - PowerPoint PPT Presentation

The Calculus of Computation: Decision Procedures with Applications to Verification by Aaron Bradley Zohar Manna Springer 2007 1- 1

Part I: FOUNDATIONS 1. Propositional Logic(PL) 1- 2

Propositional Logic(PL) PL Syntax Atom truth symbols ⊤ (“true”) and ⊥ (“false”) propositional variables P , Q , R , P 1 , Q 1 , R 1 , · · · Literal atom α or its negation ¬ α Formula literal or application of a logical connective to formulae F , F 1 , F 2 ¬ F “not” (negation) F 1 ∧ F 2 “and” (conjunction) F 1 ∨ F 2 “or” (disjunction) F 1 → F 2 “implies” (implication) F 1 ↔ F 2 “if and only if” (iff) 1- 3

Example: formula F : ( P ∧ Q ) → ( ⊤ ∨ ¬ Q ) atoms: P , Q , ⊤ literal: ¬ Q subformulas: P ∧ Q , ⊤ ∨ ¬ Q abbreviation F : P ∧ Q → ⊤ ∨ ¬ Q 1- 4

PL Semantics (meaning) Sentence F + Interpretation I = Truth value (true, false) Interpretation I : { P �→ true , Q �→ false , · · · } Evaluation of F under I : ¬ F F where 0 corresponds to value false 0 1 1 true 1 0 F 1 ∧ F 2 F 1 ∨ F 2 F 1 → F 2 F 1 ↔ F 2 F 1 F 2 0 0 0 0 1 1 0 1 0 1 1 0 1 0 0 1 0 0 1 1 1 1 1 1 1- 5

Example: F : P ∧ Q → P ∨ ¬ Q I : { P �→ true , Q �→ false } P Q ¬ Q P ∧ Q P ∨ ¬ Q F 1 0 1 0 1 1 1 = true 0 = false F evaluates to true under I 1- 6

Inductive Definition of PL’s Semantics I | = F if F evaluates to true under I I �| = F false Base Case: I | = ⊤ I �| = ⊥ I | = P iff I [ P ] = true I �| = P iff I [ P ] = false Inductive Case: I | = ¬ F iff I �| = F I | = F 1 ∧ F 2 iff I | = F 1 and I | = F 2 I | = F 1 ∨ F 2 iff I | = F 1 or I | = F 2 I | = F 1 → F 2 iff, if I | = F 1 then I | = F 2 I | = F 1 ↔ F 2 iff, I | = F 1 and I | = F 2 , or I �| = F 1 and I �| = F 2 Note: I �| = F 1 → F 2 iff I | = F 1 and I �| = F 2 1- 7

Example: F : P ∧ Q → P ∨ ¬ Q I : { P �→ true , Q �→ false } 1 . I | = P since I [ P ] = true 2 . �| = since I [ Q ] = false I Q 3 . I | = ¬ Q by 2 and ¬ 4 . I �| = P ∧ Q by 2 and ∧ 5 . I | = P ∨ ¬ Q by 1 and ∨ 6 . I | = F by 4 and → Why? Thus, F is true under I . 1- 8

Satisfiability and Validity F satisfiable iff there exists an interpretation I such that I | = F . F valid iff for all interpretations I , I | = F . F is valid iff ¬ F is unsatisfiable Method 1: Truth Tables Example F : P ∧ Q → P ∨ ¬ Q P Q P ∧ Q ¬ Q P ∨ ¬ Q F 0 0 0 1 1 1 0 1 0 0 0 1 1 0 0 1 1 1 1 1 1 0 1 1 Thus F is valid. 1- 9

Example F : P ∨ Q → P ∧ Q P ∨ Q P ∧ Q P Q F 0 0 0 0 1 ← satisfying I 0 1 1 0 0 ← falsifying I 1 0 1 0 0 1 1 1 1 1 Thus F is satisfiable, but invalid. 1- 10

Method 2: Semantic Argument Proof rules I | = ¬ F I �| = ¬ F I �| = F I | = F I | = F ∧ G I �| = F ∧ G I | = F I �| = F | I �| = G = G ← and տ or I | I | = F ∨ G I �| = F ∨ G I | = F | I | = G I �| = F I �| = G I | = F → G I �| = F → G I �| = F | I | = G I | = F I �| = G I | = F ↔ G I �| = F ↔ G I | = F ∧ G | I �| = F ∨ G I | = F ∧ ¬ G | I | = ¬ F ∧ G I | = F I �| = F I | = ⊥ 1- 11

Example 1: Prove F : P ∧ Q → P ∨ ¬ Q is valid. Let’s assume that F is not valid and that I is a falsifying interpretation. 1 . I �| = P ∧ Q → P ∨ ¬ Q assumption 2 . | = P ∧ Q 1 and → I 3 . I �| = P ∨ ¬ Q 1 and → 4 . | = 2 and ∧ I P 5 . I �| = P 3 and ∨ 6 . | = ⊥ 4 and 5 are contradictory I Thus F is valid. 1- 12

Example 2: Prove F : ( P → Q ) ∧ ( Q → R ) → ( P → R ) is valid. Let’s assume that F is not valid. 1 . I �| = F assumption 2 . I | = ( P → Q ) ∧ ( Q → R ) 1 and → 3 . �| = P → R 1 and → I 4 . I | = P 3 and → 5 . �| = 3 and → I R 6 . I | = P → Q 2 and of ∧ 7 . | = Q → R 2 and of ∧ I 1- 13

Two cases from 6 8 a . I �| = P 6 and → 9 a . I | = ⊥ 4 and 8a are contradictory and 8 b . I | = Q 6 and → Two cases from 7 9 ba . �| = 7 and → I Q 10 ba . I | = ⊥ 8b and 9ba are contradictory and 9 bb . I | = R 7 and → 10 bb . | = ⊥ 5 and 9bb are contradictory I Our assumption is incorrect in all cases — F is valid. 1- 14

Example 3: Is F : P ∨ Q → P ∧ Q valid? Let’s assume that F is not valid. 1 . I �| = P ∨ Q → P ∧ Q assumption 2 . I | = P ∨ Q 1 and → 3 . �| = P ∧ Q 1 and → I Two options 4 a . | = 2 and ∨ 4 b . | = 2 and ∨ I P I Q 5 a . I �| = Q 3 and ∧ 5 b . I �| = P 3 and ∧ We cannot derive a contradiction. F is not valid. Falsifying interpretation: I 1 : { P �→ true , Q �→ false } I 2 : { Q �→ true , P �→ false } We have to derive a contradiction in both cases for F to be valid. 1- 15

Equivalence F 1 and F 2 are equivalent ( F 1 ⇔ F 2 ) iff for all interpretations I , I | = F 1 ↔ F 2 To prove F 1 ⇔ F 2 show F 1 ↔ F 2 is valid. F 1 implies F 2 ( F 1 ⇒ F 2 ) iff for all interpretations I , I | = F 1 → F 2 F 1 ⇔ F 2 and F 1 ⇒ F 2 are not formulae! 1- 16

Normal Forms 1. Negation Normal Form (NNF) Negations appear only in literals. (only ¬ , ∧ , ∨ ) To transform F to equivalent F ′ in NNF use recursively the following template equivalences (left-to-right): ¬¬ F 1 ⇔ F 1 ¬⊤ ⇔ ⊥ ¬⊥ ⇔ ⊤ � ¬ ( F 1 ∧ F 2 ) ⇔ ¬ F 1 ∨ ¬ F 2 De Morgan’s Law ¬ ( F 1 ∨ F 2 ) ⇔ ¬ F 1 ∧ ¬ F 2 F 1 → F 2 ⇔ ¬ F 1 ∨ F 2 F 1 ↔ F 2 ⇔ ( F 1 → F 2 ) ∧ ( F 2 → F 1 ) Example: Convert F : ¬ ( P → ¬ ( P ∧ Q )) to NNF F ′ : ¬ ( ¬ P ∨ ¬ ( P ∧ Q )) → to ∨ F ′′ : ¬¬ P ∧ ¬¬ ( P ∧ Q ) De Morgan’s Law F ′′′ : P ∧ P ∧ Q ¬¬ F ′′′ is equivalent to F ( F ′′′ ⇔ F ) and is in NNF 1- 17

2. Disjunctive Normal Form (DNF) Disjunction of conjunctions of literals � � ℓ i , j for literals ℓ i , j i j To convert F into equivalent F ′ in DNF, transform F into NNF and then use the following template equivalences (left-to-right): � ( F 1 ∨ F 2 ) ∧ F 3 ⇔ ( F 1 ∧ F 3 ) ∨ ( F 2 ∧ F 3 ) dist F 1 ∧ ( F 2 ∨ F 3 ) ⇔ ( F 1 ∧ F 2 ) ∨ ( F 1 ∧ F 3 ) Example: Convert F : ( Q 1 ∨ ¬¬ Q 2 ) ∧ ( ¬ R 1 → R 2 ) into DNF F ′ : ( Q 1 ∨ Q 2 ) ∧ ( R 1 ∨ R 2 ) in NNF F ′′ : ( Q 1 ∧ ( R 1 ∨ R 2 )) ∨ ( Q 2 ∧ ( R 1 ∨ R 2 )) dist F ′′′ : ( Q 1 ∧ R 1 ) ∨ ( Q 1 ∧ R 2 ) ∨ ( Q 2 ∧ R 1 ) ∨ ( Q 2 ∧ R 2 ) dist F ′′′ is equivalent to F ( F ′′′ ⇔ F ) and is in DNF 1- 18

3. Conjunctive Normal Form (CNF) Conjunction of disjunctions of literals � � ℓ i , j for literals ℓ i , j i j To convert F into equivalent F ′ in CNF, transform F into NNF and then use the following template equivalences (left-to-right): ( F 1 ∧ F 2 ) ∨ F 3 ⇔ ( F 1 ∨ F 3 ) ∧ ( F 2 ∨ F 3 ) F 1 ∨ ( F 2 ∧ F 3 ) ⇔ ( F 1 ∨ F 2 ) ∧ ( F 1 ∨ F 3 ) 1- 19

Davis-Putnam-Logemann-Loveland (DPLL) Algorithm Decides the satisfiability of PL formulae in CNF In book, efficient conversion of F to F ′ where F ′ is in CNF and F ′ and F are equisatisfiable ( F is satisfiable iff F ′ is satisfiable) Decision Procedure DPLL: Given F in CNF let rec dpll F = let F ′ = bcp F in if F ′ = ⊤ then true else if F ′ = ⊥ then false else let P = choose vars( F ′ ) in ( dpll F ′ { P �→ ⊤} ) ∨ ( dpll F ′ { P �→ ⊥} ) Don’t choose only-positive or only-negative variables for splitting. 1- 20

Boolean Constraint Propagation (BCP) Based on unit resolution ℓ C [ ¬ ℓ ] ← clause where ℓ = P or ℓ = ¬ P C [ ⊥ ] throughout Example: F : ( ¬ P ∨ Q ∨ R ) ∧ ( ¬ Q ∨ R ) ∧ ( ¬ Q ∨ ¬ R ) ∧ ( P ∨ ¬ Q ∨ ¬ R ) Branching on Q F { Q �→ ⊤} : ( R ) ∧ ( ¬ R ) ∧ ( P ∨ ¬ R ) By unit resolution R ( ¬ R ) ⊥ F { Q �→ ⊤} = ⊥ ⇒ false 1- 21

On the other branch F { Q �→ ⊥} : ( ¬ P ∨ R ) F { Q �→ ⊥ , R �→ ⊤ , P �→ ⊥} = ⊤ ⇒ true F is satisfiable with satisfying interpretation I : { P �→ false , Q �→ false , R �→ true } F Q �→ ⊤ Q �→ ⊥ ( R ) ∧ ( ¬ R ) ∧ ( P ∨ ¬ R ) ( ¬ P ∨ R ) R �→ ⊤ ( ¬ R ) R ¬ P ⊥ P �→ ⊥ I : { P �→ false , Q �→ false , R �→ true } 1- 22