Post on 16-Dec-2015
CSE 3341.03 Winter 2008Introduction to Program Verification
January 24
tautology checking,
take 2
terms -- review
due date for exercise set 1: Feb. 11 term = labelled tree
all these are terms:P implies Q, -w, z(1,q)!, 2+6*z
a or f(b), x ≤ y - z
true, ‘true’, ‘this is true’
label of the root = functor
term notation
any term can be written in functional notation: f(arg1, . .) root = function name subtrees = args
if the functor is a logical or arithmetic operation, the term can be written with operator notation. Example:+(+(a, b), c) = a + b + c
interpreting terms
terms, in general, are uninterpreted; they have no values
but some terms can be interpreted as a function and evaluatede. g. the term 1+ 1 can be evaluated to 2
A+A can be evaluated if A is given a value
tautology program requires logical variables to be actual Prolog variables which are assigned truth-values in the testing for falsity.
• variable name begins with upper-case letter
wang requires logical variables to be terms
• name begins with lower-case letter, or is quoted
semantics vs syntax
the tautology algorithm (checking the truth table) operates on the semantics of Boolean logic what the Boolen functions evaluate to
wang operates syntactically, which allows greater expressivity in the input
Exercise 3.2: English to logic againLet A B represent “If the car has gas, then I can go to the store.”; B C D represents “If I can go to the store and I have money,
then I can buy food.”; (D (E F)) G represents “If I have food and either the sun is
shining or I have an umbrella, then today I can go on a picnic.”
If the above formulae are true, and the car has gas, and I have money and an umbrella, can I go on a picnic?
(('the car has gas' implies 'I can go to the store') and ('I can go to the store' and 'I have money' implies 'I can buy food') and ( . . . implies 'I can go on a picnic') and 'the car has gas' and 'I have money' and 'I have an umbrella'
implies
'I can go on a picnic'.
exercises 3.1, 3.4
3.1: x equals 0 if it is not less than 0 , unless it is greater than 0.
3.4: "Portia's caskets" • two caskets; one of gold and one of silver. Which
contains Portia's portrait?
On the Gold casket: "The portrait is not in here."
Silver: "Exactly one of the inscriptions is true."
convert to terms
'Silver inscription is true' 'Gold inscription is true' 'portrait is in Gold' 'portrait is in Silver'.
tie the facts together with logic
premises? Describe what is known about the situation :
• 'Gold inscription is true' iff not 'portrait is in Gold' and• 'Silver inscription is true' iff (('Silver inscription is
true' or 'Gold inscription is true') and
not ('Silver inscription is true' and 'Gold inscription is true') and
• 'portrait is in Gold' xor 'portrait is in Silver'.
All this implies 'portrait is in Gold'.
sequents to understand Wang's algorithm, we need
another way of structuring propositions sequent: represent an implication L implies R by
a pair of lists: L >> RL and R are sets of terms.
L represents the conjunction of its elements
R represents the disjunction of its elements
examples
p and q implies r or psequent: {p, q} >> {r, p}
what's the sequent for an arbitrary proposition P ?
sequent: {true} >> {P}
= {} >> {P} — why?(what is the truth-value of the empty conjunct?)
{P} >> {false} = P implies false = not P
why is {P} >> {false} = {P} >> {}?(what is the truth-value of the empty disjunct?)
testing a sequent
when is a sequent a tautology?when left-side and right-side overlap
(p and . . .) implies (p or . . .)
how wang works
use rewrite rules (p.29) to eliminate logical operators from the sequent, or split sequent into 2 shorter sequents
any sequent (input) or generated with left-right overlap is a tautology
any sequent with no logical operators and no overlap is not a tautology (why?)
• hint: treat non-logical terms as Boolean variables
so Wang's algorithm is data-driven, and rule-based why is termination guaranteed? why is it correct ? I. e., why does computing a
valid/invalid sequent guarantee that the input proposition is valid or invalid?