ece750t-28: computer-aided reasoning for software engineering lecture 1: introduction...

ECE750T-28:Computer-aided Reasoning for Software Engineering

Lecture 1:Introduction to Logic in SE

Vijay Ganesh(Original notes from Isil Dillig)

Vijay Ganesh(Original notes from Isil Dillig), ECE750T-28: Computer-aided Reasoning for Software Engineering Lecture 1: Introduction to Logic in SE 1/40

What is this Course About?

I This course is about computational logic and its application to softwareengineering.

I Explore various logical theories widely used in computer science.

I Learn about decision procedures, provers, solvers.

I Learn about applications such as concolic testing, model checking,analysis, fault localization, synthesis and programming languages.

Why Should You Care?

Logic is a fundamental part of computer science:

I Computation, irrespective of representation, can be very complex tounderstand/process in all its gory detail.

I Hence, we need abstractions.

I Logics are precise languages that allow us torepresent/manipulate/process/morph abstractions of computations.

I Examples include Boolean logic (aka propostional or sentential calculus),predicate logic, first-order theories,...

I Artificial intelligence: constraint satisfaction, automated game playing,planning, . . .

I Programming Languages: logic programming, type systems, programminglanguage theory . . .

I Hardware verification and synthesis: correctness of circuits, ATPG, . . .

I Program analysis, verification and synthesis: Static analysis, softwareverification, test case generation, program understanding, . . .

I No matter what your research area or interest is, the techniques we coverin this course are likely to be relevant.

I Very good tool kit because many difficult problems can be reduceddeciding satisfiabilty of formulas in logic.

I No matter what your research area or interest is, the techniques we coverin this course are likely to be relevant.

I Very good tool kit because many difficult problems can be reduceddeciding satisfiabilty of formulas in logic.

Topics Covered in the Course

I Review of propositional logic

I Modern SAT solvers

I Complexity theory basics, reductions, classes,...

I First-order theorem provers

I Theory of uninterpreted functions

I Linear inequalities over reals (Simplex) and integers

I Theories of bit-vectors, arrays and strings

I Combining decision procedures (Nelson-Oppen)

I SMT Solvers and the DPLL(T) framwork

I Constraint Simplification

I Quantifier elimination

I Applications: concolic testing, analysis, formal methods

Logistics

I Class meets every Friday from 11:30 AM to 2:20 PM

I All lectures will be held in EIT 3141

I All the material for the class (lecture slides, homework, reading,announcements) will be posted on the course website:

https://ece.uwaterloo.ca/~vganesh/teaching.html

Logistics

Recommended Books

I The Calculus of Computation by Aaron Bradley and Zohar Manna

I Warning: Will cover many topics not in the Bradley & Manna textbookand will skip some chapters of this textbook

Recommended Books

I The Calculus of Computation by Aaron Bradley and Zohar Manna

I Warning: Will cover many topics not in the Bradley & Manna textbookand will skip some chapters of this textbook

Another Recommended Book

I Decision Procedures: An Algorithmic Point of View by Daniel Kroeningand Ofer Strichman

I Mostly I will follow papers, and these papers will be cited on the website.

Another Recommended Book

I Decision Procedures: An Algorithmic Point of View by Daniel Kroeningand Ofer Strichman

I Mostly I will follow papers, and these papers will be cited on the website.

Requirements

I Two homework assignments (15% of the final grade)

I You get 1-2 weeks to complete the assignment from the day it is handedout

I No late submissions

I All assignments should be done individually

Requirements

Final Exam

I One final exam (50% of the final grade)

I No mid-term exam

I All exams closed-book, closed-notes, closed-laptop, closed-phone etc.

I Date fixed by registrar. Non-negotiable.

Final Exam

I No mid-term exam

Final Exam

I No mid-term exam

Final Exam

I No mid-term exam

Research Projects

I Research Project (35% of the final grade)

I Maximum 2 people per research project group

I Ideally, new research that is publishable. Both theoretical or practicalprojects are acceptable

I Examples include: Novel solving technique, decidability/complexity result,feature in solver/prover, application of logics

I Must get approval of the project idea from instructor by October 4th, 2013

I Must submit 2-page project proposal with title, names, abstract, problemstatement, solution description, impact

Research Projects

Grading

I Final exam: 50%

I Homeworks and class participation: 15%

I Respect honor code on exams and homework

I You can consult other students on the homework, but write-up must beyour own

I Also, write-up must mention names of consultants/collaborators

I Research project: 35%

Grading

I Final exam: 50%

Grading

I Final exam: 50%

Grading

I Final exam: 50%

Grading

I Final exam: 50%

Grading

I Final exam: 50%

Let’s get started!

What are Logics?

I Precise mathematical languages with well-defined syntax and semantics

I Syntax: Meta-rules for defining well-formed formulas

I Semantics: Interpretation/models

I Forms of valid reasoning: Deductive, inductive, abductive,...

I Proof systems: Intuinistic vs. classical

I Fields of study: proof, model, set, recursion, and type theory

I Questions studied: Proof and truth, Provability, Decidability, Complexity,Foundations,...

I Properties of logics: Soundness, completeness, compactness, expressivepower, decidability,...

What are Logics?

Review of Propositional Logic: Syntax

Atom truth symbols > (“true”) and ⊥ (“false”)propositional variables p, q , r , p1, q1, r1, · · ·

Literal atom α or its negation ¬α

Formula literal or application of alogical connective to formulae F ,F1,F2

¬F “not” (negation)F1 ∧ F2 “and” (conjunction)F1 ∨ F2 “or” (disjunction)F1 → F2 “implies” (implication)F1 ↔ F2 “if and only if” (iff)

¬F “not” (negation)

F1 ∧ F2 “and” (conjunction)F1 ∨ F2 “or” (disjunction)F1 → F2 “implies” (implication)F1 ↔ F2 “if and only if” (iff)

¬F “not” (negation)F1 ∧ F2 “and” (conjunction)

F1 ∨ F2 “or” (disjunction)F1 → F2 “implies” (implication)F1 ↔ F2 “if and only if” (iff)

¬F “not” (negation)F1 ∧ F2 “and” (conjunction)F1 ∨ F2 “or” (disjunction)

F1 → F2 “implies” (implication)F1 ↔ F2 “if and only if” (iff)

¬F “not” (negation)F1 ∧ F2 “and” (conjunction)F1 ∨ F2 “or” (disjunction)F1 → F2 “implies” (implication)

F1 ↔ F2 “if and only if” (iff)

Interpretations in Propositional Logic

I An interpretation I for a formula F in propositional logic is a mappingfrom each propositional variables in F to exactly one truth value

I : {p 7→ >, q 7→ ⊥, · · · }

I For a formula F with 2 propositional variables, how many interpretationsare there?

I In general, for formula with n propositional variables, how manyinterpretations?

I : {p 7→ >, q 7→ ⊥, · · · }

Entailment

I Under an interpretation, every propositional formula evaluates to T or F

Formula F + Interpretation I = Truth value

I We write I |= F if F evaluates to > under I (satisfying interpretation)

I Similarly, I 6|= F if F evaluates to ⊥ under I (falsifying interpretation).

Entailment

Inductive Definition of Propositional Semantics

Base Cases:I |= >

I 6|= ⊥I |= p iff I [p] = >I 6|= p iff I [p] = ⊥

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

iff, I |= F1 and I |= F2

or I 6|= F1 and I 6|= F2

Base Cases:I |= > I 6|= ⊥

I |= p iff I [p] = >I 6|= p iff I [p] = ⊥

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

Base Cases:I |= > I 6|= ⊥I |= p iff I [p] = >

I 6|= p iff I [p] = ⊥

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

Base Cases:I |= > I 6|= ⊥I |= p iff I [p] = >I 6|= p iff I [p] = ⊥

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

Inductive Cases:

I |= ¬F iff I 6|= FI |= F1 ∧ F2 iff I |= F1 and I |= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

Inductive Cases:I |= ¬F iff I 6|= F

I |= F1 ∧ F2 iff I |= F1 and I |= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2

iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2

or I 6|= F1 and I 6|= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2 iff, I |= F1 and I |= F2

or I 6|= F1 and I 6|= F2

I |= F1 ∨ F2 iff I |= F1 or I |= F2

I |= F1 → F2 iff, I 6|= F1 or I |= F2

I |= F1 ↔ F2 iff, I |= F1 and I |= F2

or I 6|= F1 and I 6|= F2

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I p

since I [p] = >

2. I q

since I [q ] = ⊥

3. I ¬q

by 2 and ¬

4. I p ∧ q

by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Thus, F is true under I .

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |=? p

since I [p] = >2. I q

since I [q ] = ⊥

3. I ¬q

by 2 and ¬

4. I p ∧ q

by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |= p since I [p] = >

2. I q

since I [q ] = ⊥

3. I ¬q

by 2 and ¬

4. I p ∧ q

by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |= p since I [p] = >2. I |=? q

since I [q ] = ⊥3. I ¬q

by 2 and ¬

4. I p ∧ q

by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |= p since I [p] = >2. I 6|= q since I [q ] = ⊥

3. I ¬q

by 2 and ¬

4. I p ∧ q

by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |= p since I [p] = >2. I 6|= q since I [q ] = ⊥3. I |=? ¬q

by 2 and ¬4. I p ∧ q

by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |= p since I [p] = >2. I 6|= q since I [q ] = ⊥3. I |= ¬q by 2 and ¬

4. I p ∧ q

by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |= p since I [p] = >2. I 6|= q since I [q ] = ⊥3. I |= ¬q by 2 and ¬4. I |=? p ∧ q

by 2 and ∧5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

1. I |= p since I [p] = >2. I 6|= q since I [q ] = ⊥3. I |= ¬q by 2 and ¬4. I 6|= p ∧ q by 2 and ∧

5. I p ∨ ¬q

by 1 and ∨

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

by 1 and ∨6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

6. I F

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

by 4 and →

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

Simple Example

F : (p ∧ q)→ (p ∨ ¬q)

I : {p 7→ >, q 7→ ⊥}

Another Example

I What does the formula

F : (p ↔ ¬q)→ (q → ¬r)

evaluate to under this interpretation?

I = {p 7→ ⊥, q 7→ >, r 7→ >}

I I 6|= F

Another Example

I What does the formula

F : (p ↔ ¬q)→ (q → ¬r)

evaluate to under this interpretation?

I = {p 7→ ⊥, q 7→ >, r 7→ >}

I I 6|= F

Satisfiability and Validity

I F is satisfiable iff there exists an interpretation I such that I |= F .

I F valid iff for all interpretations I , I |= F .

I F is contingent if it is satisfiable but not valid.

I Duality between satisfiability and validity:

F is valid iff ¬F is unsatisfiable

I Thus, if we have a procedure for checking satisfiability, this also allows usto decide validity

Deciding Satisfiability and Validity

I Before we talk about practical algorithms for deciding satisfiability, let’sreview some simple techniques

I Two very simple techniques:

I Truth table method: essentially a search-based technique

I Semantic argument method: deductive way of deciding satisfiability

I Completely different, but complementary techniques

I In fact, as we’ll see later, modern SAT solvers combine both search-basedand deductive techniques!

Method 1: Truth Tables

Example F : (p ∧ q) → (p ∨ ¬q)

p q p ∧ q ¬q p ∨ ¬q F

0 0 0 1 1 10 1 0 0 0 11 0 0 1 1 11 1 1 0 1 1

Thus F is valid.

p q p ∧ q ¬q p ∨ ¬q F

0 0 0 1 1 10 1 0 0 0 11 0 0 1 1 11 1 1 0 1 1

Thus F is valid.

p q p ∧ q ¬q p ∨ ¬q F

0 0 0 1 1 10 1 0 0 0 11 0 0 1 1 11 1 1 0 1 1

Thus F is valid.

Another Example

F : (p ∨ q) → (p ∧ q)

p q p ∨ q p ∧ q F0 0 0 0 1 ← satisfying I0 1 1 0 0 ← falsifying I1 0 1 0 01 1 1 1 1

Thus F is satisfiable, but invalid.

Another Example

F : (p ∨ q) → (p ∧ q)

p q p ∨ q p ∧ q F0 0 0 0 1 ← satisfying I0 1 1 0 0 ← falsifying I1 0 1 0 01 1 1 1 1

Thus F is satisfiable, but invalid.

Summary: Truth Tables

I List all interpretations ⇒ If all interpretations satisfy formula, then valid.If no interpretation satisfies it, unsatisfiable.

I Completely brute-force, impractical: requires explicitly listing all 2n

interpretations in the worst-case!

I Method does not work for any logic where domain is not finite (e.g.,first-order logic)

Method 2: Semantic Argument

I Semantic argument method is essentially a proof by contradiction, and isalso applicable for theories with non-finite domain.

I Main idea: Assume F is not valid ⇒ there exists some falsifyinginterpretation I such that I 6|= F

I Apply proof rules.

I If we derive a contradiction in every branch of the proof, then F is valid.

I If there exists some branch where we cannot derive a contradiction (afterexhaustively applying all proof rules), then F is not valid.

The Proof Rules (I)

I According to semantics of negation, from I |= ¬F , we can deduceI 6|= F :

I |= ¬FI 6|= F

I Similarly, from I 6|= ¬F , we can deduce:

I 6|= ¬FI |= F

The Proof Rules (I)

I |= ¬FI 6|= F

I 6|= ¬FI |= F

The Proof Rules (I)

I |= ¬FI 6|= F

I 6|= ¬FI |= F

The Proof Rules (II)

I According to semantics of conjunction, from I |= F ∧G, we can deduce:

I |= F ∧GI |= FI |= G

←and

I Similarly, from I 6|= F ∧G, we can deduce:

I 6|= F ∧GI 6|= F | I 6|= G

I The second deduction results in a branch in the proof, so each case has tobe examined separately!

I |= F ∧GI |= FI |= G

←and

I 6|= F ∧GI 6|= F | I 6|= G

I |= F ∧GI |= FI |= G

←and

I 6|= F ∧GI 6|= F | I 6|= G

I |= F ∧GI |= FI |= G

←and

I 6|= F ∧GI 6|= F | I 6|= G

The Proof Rules (III)

I According to semantics of disjunction, from I |= F ∨G, we can deduce:

I |= F ∨GI |= F | I |= G

I Similarly, from I 6|= F ∨G, we can deduce:

I 6|= F ∨GI 6|= FI 6|= G

I |= F ∨GI |= F | I |= G

I 6|= F ∨GI 6|= FI 6|= G

I |= F ∨GI |= F | I |= G

I 6|= F ∨GI 6|= FI 6|= G

The Proof Rules (IV)

I According to semantics of implication:

I |= F → G

I 6|= F | I |= G

I And:I 6|= F → G

I |= FI 6|= G

I |= F → GI 6|= F | I |= G

I And:I 6|= F → G

I |= FI 6|= G

I |= F → GI 6|= F | I |= G

I And:I 6|= F → G

I |= FI 6|= G

I |= F → GI 6|= F | I |= G

I And:I 6|= F → GI |= FI 6|= G

The Proof Rules (V)

I According to semantics of iff:

I |= F ↔ G

I |= F ∧G | I |= ¬F ∧ ¬G

I And:I 6|= F ↔ G

I |= F ∧ ¬G | I |= ¬F ∧G

The Proof Rules (V)

I |= F ↔ GI |= F ∧G

| I |= ¬F ∧ ¬G

I And:I 6|= F ↔ G

I |= F ∧ ¬G | I |= ¬F ∧G

The Proof Rules (V)

I |= F ↔ GI |= F ∧G | I |= ¬F ∧ ¬G

I And:I 6|= F ↔ G

I |= F ∧ ¬G | I |= ¬F ∧G

The Proof Rules (V)

I |= F ↔ GI |= F ∧G | I |= ¬F ∧ ¬G

I And:I 6|= F ↔ G

I |= F ∧ ¬G | I |= ¬F ∧G

The Proof Rules (V)

I |= F ↔ GI |= F ∧G | I |= ¬F ∧ ¬G

I And:I 6|= F ↔ G

I |= F ∧ ¬G | I |= ¬F ∧G

The Proof Rules (Contradiction)

I Finally, we derive a contradiction, when I both entails F and does notentail F :

I |= FI 6|= FI |= ⊥

An Example

Prove F : (p ∧ q) → (p ∨ ¬q) is valid.

Let’s assume that F is not valid and that I is a falsifying interpretation.

⇒ Thus F is valid.

An Example

1. I 6|= (p ∧ q) → (p ∨ ¬q) assumption

An Example

1. I 6|= (p ∧ q) → (p ∨ ¬q) assumption2. I |= p ∧ q 1 and →3. I 6|= p ∨ ¬q 1 and →

An Example

6. I 6|= p 3 and ∨7. I 6|= ¬q 3 and ∨8. I |= ⊥ 4 and 6 are contradictory

An Example

8. I |= ⊥ 4 and 6 are contradictory

An Example

Another Example

I Prove that the following formula is valid using semantic argument method:

F : ((p → q) ∧ (q → r))→ (p → r)

Equivalence

I Formulas F1 and F2 are equivalent (written F1 ⇔ F2) iff for allinterpretations I , I |= F1 ↔ F2

F1 ⇔ F2 iff F1 ↔ F2 is valid

I Thus, if we have a procedure for checking satisfiability, we can also checkequivalence.

Equivalence

I Formulas F1 and F2 are equivalent (written F1 ⇔ F2) iff for allinterpretations I , I |= F1 ↔ F2

F1 ⇔ F2 iff F1 ↔ F2 is valid

I Thus, if we have a procedure for checking satisfiability, we can also checkequivalence.

Implication

I Formula F1 implies F2 (written F1 ⇒ F2) iff for all interpretations I ,I |= F1 → F2

F1 ⇒ F2 iff F1 → F2 is valid

I Thus, if we have a procedure for checking satisfiability, we can also checkimplication

I Caveat: F1 ⇔ F2 and F1 ⇒ F2 are not formulas (they are not part of PLsyntax); they are semantic judgments!

Implication

Example

I Prove that F1 ∧ (¬F1 ∨ F2) implies F2 using semantic argument method.

Summary

I Today:

Review of basic concepts underlying propositional logic

I Next lecture:

Normal forms and algorithms for deciding satisfiability

I Reading:

Bradley & Manna texbook until Section 1.6

Summary

I Today:

I Next lecture:

I Reading:

Summary

I Today:

I Next lecture:

I Reading:

ece750t-28: computer-aided reasoning for software engineering lecture 1: introduction...

Documents