cse 3341.03 winter 2008 introduction to program verification january 31 proofs through...
TRANSCRIPT
CSE 3341.03 Winter 2008Introduction to Program Verification
January 31
proofs through simplification
propositions and proofs
they’re different animals "P implies Q" is not the same thing as "from P
infer/deduce Q" rules of inference are different from tautologies, but
in prop. logic, they’re closely related
tautologies always have proofs. Why? example: truth-table = proof from a
list of 2n cases. messy from human point of view but perfectly effective as a logic tool
3.7 The "Deduction Theorem" if P implies Q is a tautology, then Q can be
proved from the assumption that P is true.
• (To prove this rigorously, we would need to formalize concept of proof.)
Idea: look at all rows of the truth table for which P is true.
• Informally, saying that Q can be proved from P just means that Q can be shown (calculated) to be true in all these rows.
the converse if Q has a (valid) proof, given P, then if P is
true, Q can't be false, so P implies Q is a tautology.
• (this follows from the definition of valid proof)
getting a proof from wang? implement a trace feature:
• sequence of logically equivalent sequents, terminating in an overlap = true, or not = false.
• use the fact that the rewrite rules are logical equivalences
but if wang is working correctly, a derivation is not very useful:
• like intermediate steps in a multiplication. We don't
need to check them if we trust the algorithm.
preprocess wang input use simplification to prepare input for Wang's
algorithm, in the hope that what we want proved becomes a
tautology
example from SVT: • x > 0 implies a+a = 2*a.• simplification uses mathematical theory of + to
simplify a+a to 2*a, and logic to simplify 2*a = 2*a to true
up to us to find an appropriate theory
simplification adds semantics to logic
simplification = mechanism for taking meanings of terms into accountsimplification rules are used to represent mathematical
knowledge ("truths")
mathematical truths are relative to a system of
axioms and inference rules
axioms and inference rules determine what the symbols mean (in that system)
typically, mathematical and logical truths are representable by equations:
• a+a = 2*a, where a is an integer• (P implies true ) = true
where P is a proposition.
truths as equations in general: mathematical truth is an equation you
learned in school, or a mathematical 'fact' from a book
• something you or someone else has proved
• something assumed to be true (0-length proof) = axiom
to use these ‘facts’, axioms, etc., we put them into the form of equations, and give them an orientation.
cf. 4.1: what makes a valid rule
given the “theory” X - X = 0X + 0 = XX = X is true
then a + (a - a) = a simplifies to true. note how the theory implicitly specifies the
meaning of the functors
simplification shortens expressions
eliminate redundancy from mathematical expressions
x + 0 = x1 + x + 1 = x + 2
use it also to eliminate redundancies from logical descriptions
A and A = A
"x < 0 and x <= 0" doesn't say any more than
"x < 0"
what lets us simplify this to x < 0?the general logical equation A and (A or B) = A
i. e., A and (A or B) iff A is a tautology
together with a mathematical "truth" (here a definition): ?
(notice that definition rules don't simplify (shorten))
theory files theory files = collection of rules =
"programs" for the simplify "interpreter" available in /cs/course/3341 example: equality.simp
max(A,C) = C ->> A <= C.max(B,C) = B ->> C <= B.X <=Y and not Y <= X ->> X < Y.X <= Y and not X = Y ->> X < Y.X <= Y and not Y = X ->> X < Y.X <= Y or Y < X ->> true.X = Y and X <= Y ->> X = Y.
variables Note the difference between rule (pattern)
variables and mathematical variables we use lower case for mathematical variables
upper case for pattern or rule variablesthese match arbitrary terms in the input
suppose we had a rule X/X ->> 1.2+(x<0)/(x<0) ->> 3 ??
why individual theory files?
theory files in /cs/course/3341arithmetic.simp, equality.simp, logic.simp
• why not have one huge theory file covering everything?
• same advantage as modules in constructing a program
• e. g., the theory of ‘+’ is independent of the theory of stacks
implementing simplification simplification means finding a simplification rule
whose left-side matches the structure of some sub-term and then rewriting (replace match with right-side of rule)then repeat this until no rule applies.
usually, simplification makes an expression shorter, but for definitions, we want expansion
A < B < C ->> A < B and B < C.
the algorithm simplify(Expr) = Result
if path_arg(Path, Expr) = Lhs,
% (there is a path in Expr to the sub-expression LHS)
and Lhs ->> Rhs, and
Modified = change_path_arg(Path, Expr, Rhs), and
Result = simplify(Modified)
otherwisesimplify(Expr) = Expr.
entering rules
How do we get the ->> rules into this algorithm?
enter from the terminal or from a file.
simplify supplements rewrite rules with special code for arithmetic expressions
arithmetic problems
some operators are commutative : X + Y = Y + X
(but not X**Y = Y**X) simplify to canonical form to detect
identity: let x + y ->> y + xthen given Y + X - X ->> Y,
x + y - x ->> y
canonical form suppose you had to handle date calculation in a variety
of formats:February 1, 2007, Feb 1 07, 1/2/2007 (Can.)
2/1/2007 (US) etc. use canonical form for date calculation
example: seconds after Jan 1, 1904. canonical form allows us to recognize
equivalences between terms with the same commutative functors
associativity
associativity difference between syntactic associativity
and semantic associativity• semantic: X op (Y op Z) = (X op Y) op Z• syntactic: (left) X op Y op Z = (X op Y) op Z
(right) X op Y op Z = X op (Y op Z) simplification algorithm chooses left
associativity as a canonical form (if term is not parenthesized)
simplifying with canonical forms
if A op ( B op C) = (A op B) op C)pick one as a canonical form
create an additional rule for the other case. canonical forms for relations and their
converseswhat’s the converse of a relation?
• what's the converse of >= ?
simplify x >= y ->> y <=x.
x > y ->> y < x.
cancellation cancellation: rewrite rules don't do this easily current version of simplify:
a + b + c + . . - a ->> . . c+band
a - b - c + b ->> a - cbut
• a - b - c - a ->> a - b - c - a• a - b - a - c ->> a - b - a- c