CSE 3341.03 Winter 2008Introduction to Program Verification

January 15

tautology checking

recap

Boole is important because he showed how logic could be implemented in arithmetic (a calculus)

examples:

arithmetic analogue to or?true <--> 1, false <--> 0

a and b <--> a * b

a or b <--> a + b - ?

not?

computing reverses the logic-arithmetic relation

arithmetic is implemented by (digital) logic

from the truth-table for implies

memorize:(P implies Q) iff (not P or Q)

• easy to check using tautology

logic operators are not intrinsically primitiveredefinable using other operators

classifying propositions

propositions as functions divide into 3 obvious categories:constant false = contradiction

constant true = tautology

not constant = contingent

what’s the opposite of a contradiction?not always false = can be true = satisfiable

another way to do it

the text (p. 13) uses different and more complicated expressions to define contradiction, contingent, satisfiable: what the point of this approach? we can use a tautology checker to test for all

the cases• examples:

• test for contradiction?• test for satisfiable?

chapter 2 - tautology checking

tautology is our first tool for computational logic to be replaced with a better but more

complicated one we get started with a very simple one

note: the tools we will be using are in /cs/fac/binmake this part of your PATH variable.

inputs tautology executes an input loop, either on sysin or a

data file.

each input must end in a period. Nothing happens until you enter the period (and carriage return)

the program is a compiled version of a SWI Prolog source file, executed by the SWI Prolog interpreter (virtual machine -- like Java)

runtime error almost always an error in the input note on using tautology: if you use terminal input to the tautology

program, how do you exit?

input to be checked input a propositional function as a Boolean expression:

• false and true count as functions (with no arguments)

• use English operators

• function arguments are expressions or upper-case variables

• tautology echoes the input (replacing variable names with internal names)

• variables are renamed into a standard form $VAR(n), . .

tautology's output

tautology reports whether the input is “valid” (i. e. a tautology) or “not valid”

if not valid, a valuation is printed that falsifies the input.

example output, pp. 14-15

method of truth tables

how does this work? evaluation of truth-values is given by a set of rules that

define the meaning of each operation: example: X and Y = true if X =true and Y = true.

what if we find a certain combination of variable values make the expression false? we can quit evaluating

so tautology searches for falsifying values

invalid inputs

how are invalid inputs detected?an assignment of truth-values to variables is

found which makes the input false. how is a counter-example constructed?

output the input with the variables in the input replaced by the falsifying truth-values

under the hoodfalse('false').

false(not 'true').

false(P iff Q) :- false((P implies Q) and (Q implies P)).

false(P implies Q) :- false(not P or Q).

false(P or Q) :- false(P), false(Q).

false(P xor Q) :- false(not(P iff Q)).

false(P and Q) :- false(P) ; false(Q).

false(not not P) :- false(P).

false(not(P iff Q)) :- false( not(P implies Q)

or not(Q implies P)).

false(not(P implies Q)) :- false(not( not P or Q)).

false(not(P or Q)) :- false(not P and not Q).

false(not(P xor Q)):- false(P iff Q).

false(not(P and Q)) :- false(not P or not Q).

why look for a proof of a false case rather than a proof of a true case?

what tells us that we don’t need any more rules?

• hint: have we covered all cases? (of what?)

rule-based programming

tautology is example of data-driven rule-based programming

very important programming paradigm, first developed in AI;

data is matched to a sequence of patterns;

first pattern to match triggers a rule which computes a partial result;

repeat search for matching rule until no rule matches

checking tautology how can we check if a rule like

• P or Q is false if P is false and Q is false

is correct logic? try: translate into tautology's input format

• not P and not Q implies not (P or Q)• and input to tautology

could we verify the tautology rules this way?

exercises

exercise 2.2 Sec. 2.3: examples of translating various

notations into the tautology input format

by hand vs. by machine?

why prove manually, what we can compute? logic professor’s argument: doing proofs in

propositional logic helps understanding proofs in math.

problem: not really true historically logic provides only a very sparse framework

on which to hang mathematical concepts(we'll see how to add the missing ingredient in Ch. 5)

is there a fundamental difference between automating logic and automating arithmetic?

"AGPEPMPC

Applicative Goedelian Peano-Extended Principia

Mathematica Proof Checker

Grant Olney Passmore

October 15, 2004" "The Theorema project aims at extending current computer algebra systems

by facilities for supporting mathematical proving. The present Theorema software system is implemented in Mathematica . The system consists of a general higher-order predicate logic prover and a collection of special provers that call each other depending on the particular proof situations."

Exercise 2.11

Let A -> B represent “If the car has gas, then I can go to the store.”;

B ^ C -> D represents “If I can go to the store and I have money, then I can buy food.”;

(D ^ (E v F)) -> G represents “If I have food and either the sun is shining or I have an umbrella, then today I can go on a picnic.”

If the above formulae are true, and the car has gas, and I have money and an umbrella, can I go on a picnic?

Show how to use tautology to answer the question.

general vs specific

"If the above formulae are true, and the car has gas, and I have money and an umbrella, can I go on a picnic?"

Notice how the propositions can be divided into

general background statements and facts about a

specific situation, which generate an implication.

Apply this idea to Exercise 2.12