CSE 3341.03 Winter 2008Introduction to Program Verification
January 8
Boolean operators
January 3 lecture notes available as a PDF file see link from the table of contents panel on the
course home page
or http://www.cse.yorku.ca/course/3341/lecture notes/3341 2008-1-3 slides.pdf
what does verification give you? a top-down understanding of a piece of
software: general and rigorous, not based on specific
examples the more perspectives, the better for catching
errors.• that's the idea behind the argument that open-
source will be more reliable than proprietary code.
two main approaches to verification
build a model of a machine that abstractly executes the program check zillions of cases for key desired
properties works well for hardware, communication
protocols construct and prove a theorem
our approach construct a logical proof based on the mathematical
meaning assigned to the program text (i. e. a theorem) this has been considered to be controversial from a
theoretical/philosophical perspective it’s been argued that verification, for a variety of reasons,
is only conditional, not absolute (some truth to this)• but having a proof is still better than claiming a
program is correct without one
"verification is a pain"
another knock on verification, from a practical perspective, is that even simple proofs are too hard to do, and even when “easy” are very tedious
we’ll deal with this objection head on:use tools to do the “heavy lifting”
treat logic as computation since our tools are computational and
concerned with proofs, we will need to develop an understanding of the basics of computational logic
a very different perspective on logic and mathematics than you have been given in your math courses
• but inevitable in a computer-based technological society.
contrast with "semantic" approach
logic is about truth? so logic is about distinguishing correct
from incorrect arguments? in the computational approach, these
issues essentially disappear!
the view from 10,000 ft.
verification occupies only a very small part of the field of software development:
http://www.cse.yorku.ca/course/3341/small-large.html
logical operators
chapter 1 start with a table of logical operators operator vs operation ?
• an operator is a syntactic entity• associated operation is a function
• cf. x f y with f(x, y)
is the table of operators complete?
multiple notations
additional operators two more logic operators: NAND (sometimes
NAN) and NOR we won’t use them
NAND is a basic building block of digital logical circuits
we could replace not,and,or expressions involving only the single operator NAND
not A = A NAND A• how do we get OR?
it gets worse!(Theorem 54.43 of Principia Mathematics)
standardizing our notation
important to be able to recognize various notations
not much pressure on a mathematician to adopt a standard notation; that’s why we get so many.
but we are required by the software we want to use to standardize on specific English words.
examples of logical operators in use
Find results of search for strings with all of the words A,B, C
• = A and B and C . .
with at least one of the words • = A or B or C . .
without the words A or B or C • = not A and not B and not C . . .
propositions
propositions are expressions constructed from Boolean operators, the special names true and false, and other names which are assumed to have a fixed truth value
this is a recursive datatype - why?• hint: function composition?
Boolean operators
our approach to logic derives from the work of George BooleBoolean operators are syntactically analogous
to +, x, etc.
Boolean operations are functions of truth-valued Boolean variables
truth-valued = true or false
arithmetic analogue
example: represent true by 1, false by 0x and y = x*y where * is ordinary multiplication
how about or? what's the arithmetic analogue to not ?
who was George Boole? -
19th cent. English mathematician• after whom Boolean algebras, operators,
variables are named
http://www.home.gil.com.au/~bredshaw/boole.htm
The Mathematical Analysis of Logic (1847)
most famous work
An Investigation of the Laws of Thought, on Which Are Founded the Mathematical Theories of Logic and Probabilities
based on a binary approach,
processing only two objects: the now famous 1-0, yes-no, true-false, on-off
logic as rules for correct argument
which arguments yield TRUTHS? Greeks discovered that one could have correct
arguments about incorrect or nonsensical things; or imagined, idealized objects such as points or lines
what made the argument correct was independent of what it was about;
it depended on relationships (patterns) between propositions
logic as a calculus
some 1500 years after the Greeks, Boole invents a radical new perspective:
the arithmetic analogy means that logic can be interpreted as a calculus like arithmetic
propositions can be interpreted as arithmetic expressions
a calculus doesn't require meaning
in mathematics, functions evaluate the values of their argumentsthey are blind to what's inside those arguments
(3401 survivors: compare with macros) so the truth-value of ". . . " and ". . . . " must
depend only on the truth-values of the arguments, as far as propositional logic is concerned.
blind to what the names or non-logical expressions may mean.
in ordinary/natural language this isn't always true: some language use a double negative for
emphasis: not not p = not p
operations as binary functions
operator = binary function = 2x2 table• you should be able to construct the 2x2 table for
all the binary operators we are concerned with• note: only one non-trivial unary function
more generally, lists of argument -value pairs
• if the function has arity n, 2^n entries in the table
operator grammar operators are syntactic, require grammatical
properties• operators involve precedence issues and
associativity to avoid writing ( )
the choices: left-associativity: x + y + z = (x+y) + z right-associativity ? I don't have an example:
x op y op z = x op (y op z) no associativity: x xor y xor z is an error: have to use
parentheses because the function xor is not associative
operator precedence
logic operations compared with arithmetic: and has the precedence of * or has the precedence of + iff has the precedence of =
are the boolean values arbitrary?
does it matter what the boolean values are just as long as there are 2?
Boolean values
SVT 1.1 assumes that the range of Boolean functions is {true, false}
is this important?see
http://www.cse.yorku.ca/course/3341/lost-logic.html
can logic tells us which is which?
• "we can tell which value functions as true and which as false by looking at and/or"
• true and false = false• true or false = true
but look at the "logic tables" page
Boolean algebra is self-dual
if we swap the names of Boolean values and the names of and/or?
we get exactly the same structure!
you actually knew that, in the form of "De Morgan’s Law"
• not(P and Q) = not P or not Q not(P or Q) = not P and not Q