CSE 3341.03 Winter 2008Introduction to Program Verification

January 24

tautology checking,

take 2

terms -- review

due date for exercise set 1: Feb. 11 term = labelled tree

all these are terms:P implies Q, -w, z(1,q)!, 2+6*z

a or f(b), x ≤ y - z

true, ‘true’, ‘this is true’

label of the root = functor

term notation

any term can be written in functional notation: f(arg1, . .) root = function name subtrees = args

if the functor is a logical or arithmetic operation, the term can be written with operator notation. Example:+(+(a, b), c) = a + b + c

interpreting terms

terms, in general, are uninterpreted; they have no values

but some terms can be interpreted as a function and evaluatede. g. the term 1+ 1 can be evaluated to 2

A+A can be evaluated if A is given a value

tautology program requires logical variables to be actual Prolog variables which are assigned truth-values in the testing for falsity.

• variable name begins with upper-case letter

wang requires logical variables to be terms

• name begins with lower-case letter, or is quoted

semantics vs syntax

the tautology algorithm (checking the truth table) operates on the semantics of Boolean logic what the Boolen functions evaluate to

wang operates syntactically, which allows greater expressivity in the input

Exercise 3.2: English to logic againLet A B represent “If the car has gas, then I can go to the store.”; B C D represents “If I can go to the store and I have money,

then I can buy food.”; (D (E F)) G represents “If I have food and either the sun is

shining or I have an umbrella, then today I can go on a picnic.”

If the above formulae are true, and the car has gas, and I have money and an umbrella, can I go on a picnic?

(('the car has gas' implies 'I can go to the store') and ('I can go to the store' and 'I have money' implies 'I can buy food') and ( . . . implies 'I can go on a picnic') and 'the car has gas' and 'I have money' and 'I have an umbrella'

implies

'I can go on a picnic'.

exercises 3.1, 3.4

3.1: x equals 0 if it is not less than 0 , unless it is greater than 0.

3.4: "Portia's caskets" • two caskets; one of gold and one of silver. Which

contains Portia's portrait?

On the Gold casket: "The portrait is not in here."

Silver: "Exactly one of the inscriptions is true."

convert to terms

'Silver inscription is true' 'Gold inscription is true' 'portrait is in Gold' 'portrait is in Silver'.

tie the facts together with logic

premises? Describe what is known about the situation :

• 'Gold inscription is true' iff not 'portrait is in Gold' and• 'Silver inscription is true' iff (('Silver inscription is

true' or 'Gold inscription is true') and

not ('Silver inscription is true' and 'Gold inscription is true') and

• 'portrait is in Gold' xor 'portrait is in Silver'.

All this implies 'portrait is in Gold'.

sequents to understand Wang's algorithm, we need

another way of structuring propositions sequent: represent an implication L implies R by

a pair of lists: L >> RL and R are sets of terms.

L represents the conjunction of its elements

R represents the disjunction of its elements

examples

p and q implies r or psequent: {p, q} >> {r, p}

what's the sequent for an arbitrary proposition P ?

sequent: {true} >> {P}

= {} >> {P} — why?(what is the truth-value of the empty conjunct?)

{P} >> {false} = P implies false = not P

why is {P} >> {false} = {P} >> {}?(what is the truth-value of the empty disjunct?)

testing a sequent

when is a sequent a tautology?when left-side and right-side overlap

(p and . . .) implies (p or . . .)

how wang works

use rewrite rules (p.29) to eliminate logical operators from the sequent, or split sequent into 2 shorter sequents

any sequent (input) or generated with left-right overlap is a tautology

any sequent with no logical operators and no overlap is not a tautology (why?)

• hint: treat non-logical terms as Boolean variables

so Wang's algorithm is data-driven, and rule-based why is termination guaranteed? why is it correct ? I. e., why does computing a

valid/invalid sequent guarantee that the input proposition is valid or invalid?