mathematical logic for computer science
TRANSCRIPT
1 / 136
Mathematical Logic for Computer Science(Third Revised Edition)
Springer, 2012
Mordechai (Moti) Ben-Arihttp://www.weizmann.ac.il/sci-tea/benari/
c© 2012 by Springer.
Example 1.2: A half-adder
2 / 136
Bit2
Bit1
Sum
Carry
��������
AAAAAAAA
$%$%��
$%
AA��e
Figure 2.1: Two formulas
3 / 136
p q
JJJ
→
p
¬
q
¬
���\\\
→
""""
ZZZZ
↔
p
q
p
q
¬
���JJJ
→
¬
""""JJJ
↔
!!!!!!JJJ
→
Notation
4 / 136
Operator Alternates Java language
¬ ∼ !
∧ & &, &&
∨ |, ||
→ ⊃,⇒
↔ ≡,⇔
⊕ 6≡ ^
↑ |
Figure 2.2: Derivation tree for p→q↔¬ p→¬q
5 / 136
p
fml →
q
fml
����
QQQQ
fml ↔
¬
p
fml
���JJJ
fml →
¬
q
fml
���JJJ
fml
!!!!!!
aaaaaa
fml
""""
PPPPPPPP
fml
Figure 2.3: Truth values of formulas
6 / 136
A v(A1) v(A2) v(A)
¬A1 T F¬A1 F T
A1∨A2 F F F
A1∨A2 otherwise T
A1∧A2 T T T
A1∧A2 otherwise F
A1→A2 T F F
A1→A2 otherwise T
A v(A1) v(A2) v(A)
A1 ↑ A2 T T F
A1 ↑ A2 otherwise T
A1 ↓ A2 F F T
A1 ↓ A2 otherwise F
A1↔A2 v(A1) = v(A2) T
A1↔A2 v(A1) 6= v(A2) F
A1⊕A2 v(A1) 6= v(A2) T
A1⊕A2 v(A1) = v(A2) F
Example 2.21
7 / 136
p q p→q
T T T
T F F
F T T
F F T
Example 2.22
8 / 136
p q p→q ¬ p ¬q ¬q→¬ p (p→q)↔ (¬q→¬ p)
T T T F F T T
T F F F T F T
F T T T F T T
F F T T T T T
Example 2.23
9 / 136
(p → q) ↔ (¬ q → ¬ p)
T F F T
T F T F T
T F T F F T
T F T F F F T
T F F T F F F T
T F F T T F F F T
p q (p → q) ↔ (¬ q → ¬ p)
T T T T T T F T T F T
T F T F F T T F F F T
F T F T T T F T T T F
F F F T F T T F T T F
Example 2.27
10 / 136
p q v(p∨q) v(q∨ p)
T T T T
T F T T
F T T T
F F F F
Figure 2.4: Subformulas
11 / 136
p q
JJJ
→
p
¬
q
¬
���\\\
→
""""
ZZZZ
↔
p q
JJJ
→
p
¬
q
¬
���\\\
→
p
¬
p
¬
p q
Logically equivalent formulas (1)
12 / 136
A∨ true ≡ true A∧ true ≡ A
A∨ false ≡ A A∧ false ≡ false
A→ true ≡ true true→A ≡ A
A→ false ≡ ¬A false→A ≡ true
A↔ true ≡ A A⊕ true ≡ ¬A
A↔ false ≡ ¬A A⊕ false ≡ A
A 𠪪A
A ≡ A∧A A ≡ A∨A
A∨¬A ≡ true A∧¬A ≡ false
A→A ≡ true
A↔A ≡ true A⊕A ≡ false¬A ≡ A ↑ A ¬A ≡ A ↓ A
Logically equivalent formulas (2)
13 / 136
A∨B ≡ B∨A A∧B ≡ B∧A
A↔B ≡ B↔A A⊕B ≡ B⊕A
A ↑ B ≡ B ↑ A A ↓ B ≡ B ↓ A
A∨ (B∨C) ≡ (A∨B)∨C A∧ (B∧C) ≡ (A∧B)∧C
A↔ (B↔C) ≡ (A↔B)↔C A⊕ (B⊕C) ≡ (A⊕B)⊕C
A∨ (B∧C) ≡ (A∨B)∧ (A∨C)
A∧ (B∨C) ≡ (A∧B)∨ (A∧C)
Logically equivalent formulas (3)
14 / 136
A↔B ≡ (A→B)∧ (B→A)
A⊕B ≡ ¬(A→B)∨¬(B→A)
A→B ≡ ¬A∨B
A→B ≡ ¬(A∧¬B)
A∨B ≡ ¬(¬A∧¬B)
A∧B ≡ ¬(¬A∨¬B)
A∨B ≡ ¬A→B
A∧B ≡ ¬(A→¬B)
One-place operators
15 / 136
x ◦1 ◦2 ◦3 ◦4
T T T F F
F T F T F
Two-place operators
16 / 136
x1 x2 ◦1 ◦2 ◦3 ◦4 ◦5 ◦6 ◦7 ◦8
T T T T T T T T T T
T F T T T T F F F F
F T T T F F T T F F
F F T F T F T F T F
x1 x2 ◦9 ◦10 ◦11 ◦12 ◦13 ◦14 ◦15 ◦16
T T F F F F F F F F
T F T T T T F F F F
F T T T F F T T F F
F F T F T F T F T F
Operator names
17 / 136
op name symbol op name symbol
◦2 disjunction ∨ ◦15 nor ↓
◦8 conjunction ∧ ◦9 nand ↑
◦5 implication → ◦12
◦3 reverse implication ← ◦14
◦7 equivalence ↔ ◦10 exclusive or ⊕
Valid, satisfiable, falsifiable and unsatisfiable formulas
18 / 136
'
&
$
%
'&
$%
True inall interpretations.
True in some interpretations;false in others.
False inall interpretations.
Falsifiable
6 6
Unsatisfiable
6
Satisfiable
6
6
Valid
6
Example 2.41
19 / 136
p q p∨q ¬ p ¬q (p∨q)∧¬ p∧¬q
T T T F F F
T F T F T F
F T T T F F
F F F T T F
Semantic tableau forp∧ (¬q∨¬ p)
20 / 136
p∧ (¬q∨¬ p)↓
p,¬q∨¬ pւ ց
p,¬q p,¬ p⊙ ×
Semantic tableaux(p∨q)∧ (¬ p∧¬q)
21 / 136
(p∨q)∧ (¬ p∧¬q)↓
p∨q,¬ p∧¬q↓
p∨q,¬ p,¬qւ ց
p,¬ p,¬q q,¬ p,¬q× ×
(p∨q)∧ (¬ p∧¬q)↓
p∨q,¬ p∧¬qւ ցp,¬ p∧¬qq,¬ p∧¬q
↓ ↓p,¬ p,¬q q,¬ p,¬q
× ×
α-formulas
22 / 136
α α1 α2
¬¬A1 A1
A1∧A2 A1 A2
¬(A1∨A2) ¬A1 ¬A2
¬(A1→A2) A1 ¬A2
¬(A1 ↑ A2) A1 A2
A1 ↓ A2 ¬A1 ¬A2
A1↔A2 A1→A2 A2→A1
¬(A1⊕A2) A1→A2 A2→A1
β -formulas
23 / 136
β β1 β2
¬(B1∧B2) ¬B1 ¬B2
B1∨B2 B1 B2
B1→B2 ¬B1 B2
B1 ↑ B2 ¬B1 ¬B2
¬(B1 ↓ B2) B1 B2
¬(B1↔B2) ¬(B1→B2) ¬(B2→B1)
B1⊕B2 ¬(B1→B2) ¬(B2→B1)
Section 2.7.1: Inductive step in proof of soundness
24 / 136
n′ : {A1,A2}∪U0
n : {A1∧A2}∪U0
n′ : {B1}∪U0 n′′ : {B2}∪U0
n : {B1∨B2}∪U0
�����
@@@
@@
Example 2.73: Semantic tableau forp∧ (¬q∨¬ p)
25 / 136
p∧ (¬q∨¬ p)↓
p,(¬q∨¬ p)ւ ց
p,¬q p,¬ p⊙ ×
Example 2.74: Semantic tableau forp∨ (q∧¬q)
26 / 136
p∨ (q∧¬q)ւ ց
p q∧¬q⊙ ↓
q,¬q×
Figure 3.1: Classification ofα-formulas
27 / 136
α α1 α2
¬¬A A
¬(A1∧A2) ¬A1 ¬A2
A1∨A2 A1 A2
A1→A2 ¬A1 A2
A1 ↑ A2 ¬A1 ¬A2
¬(A1 ↓ A2) A1 A2
¬(A1↔A2) ¬(A1→A2) ¬(A2→A1)
A1⊕A2 ¬(A1→A2) ¬(A2→A1)
Figure 3.1: Classification ofβ -formulas
28 / 136
β β1 β2
B1∧B2 B1 B2
¬(B1∨B2) ¬B1 ¬B2
¬(B1→B2) B1 ¬B2
¬(B1 ↑ B2) B1 B2
B1 ↓ B2 ¬B1 ¬B2
B1↔B2 B1→B2 B2→B1
¬(B1⊕B2) B1→B2 B2→B1
Section 3.2.1:G and semantic tableaux
29 / 136
¬ p,q, p ¬q,q, pց ւ¬(p∨q),q, p
↓¬(p∨q),(q∨ p)
↓(p∨q)→ (q∨ p)
¬[(p∨q)→ (q∨ p)]↓
p∨q,¬(q∨ p)↓
p∨q,¬q,¬ pւ ց
p,¬q,¬ p q,¬q,¬ p× ×
Hilbert system H
30 / 136
Axiom 1 ⊢ (A→ (B→A)),
Axiom 2 ⊢ (A→ (B→C))→ ((A→B)→ (A→C)),
Axiom 3 ⊢ (¬B→¬A)→ (A→B).
Modus ponens⊢ A ⊢ A→B
⊢ B.
Derived rules of inference
31 / 136
DeductionU∪{A}⊢BU⊢A→B
Contrapositive U⊢¬B→¬AU⊢A→B
Transitivity U⊢A→B U⊢B→CU⊢A→C
Exchange of antecedentU⊢A→(B→C)U⊢B→(A→C)
Double negation U⊢¬¬AU⊢A
Reductio ad absurdumU⊢¬A→false
U⊢A
Theorem 3.37: Soundness of axioms 1 and 3
32 / 136
¬[A→ (B→A)]↓
A,¬(B→A)↓
A,B,¬A×
¬[(¬B→¬A)→ (A→B)]↓
¬B→¬A,¬(A→B)↓
¬B→¬A,A,¬Bւ ց
¬¬B,A,¬B ¬A,A,¬B↓ ×
B,A,¬B×
Figure 3.32: Rules of inference for sequents
33 / 136
op Introduction into consequent Introduction into antecedent
∧U ⇒V ∪{A} U ⇒V ∪{B}
U ⇒V ∪{A∧B}U ∪{A,B}⇒V
U ∪{A∧B}⇒V
∨U ⇒V ∪{A,B}
U ⇒V ∪{A∨B}U ∪{A}⇒V U ∪{B}⇒V
U ∪{A∨B}⇒V
→U ∪{A}⇒V ∪{B}U ⇒V ∪{A→B}
U ⇒V ∪{A} U ∪{B}⇒VU ∪{A→B}⇒V
¬U ∪{A}⇒V
U ⇒V ∪{¬A}U ⇒V ∪{A}
U ∪{¬A}⇒V
Figure 3.3: A natural deduction proof
34 / 136
1. A→¬A Assumption
2. ¬¬A Assumption3. A Double neg. 24. ¬A MP 1, 35. A→ (¬A→ false) Theorem 3.216. ¬A→ false MP 3, 57. false MP 4, 6
8. ¬¬A→ false Deduction 2, 79. ¬A Reductio ad absurdum 8
10. (A→¬A)→¬A Deduction 1, 9
Figure 4.1: Resolution refutation as a tree
35 / 136
2
p̄ p
p̄q̄ p̄q
p̄q̄r r̄
������
HHHHHH
����
@@@@
����
AAAA
Figure 4.2: Incomplete resolution tree
36 / 136
pqr̄ r pq̄r r̄
pq pq̄
p
����
@@@@
����
@@@@
������
HHHH
HH
Figure 4.3: Semantic tree
37 / 136
����������
XXXXXXXXXXp p̄q
qq i2
�����
HHHHHq q̄
���
@@@ �
��
@@@r r̄ r r̄i3 i4 q q
qqi1
�����
HHHH
Hq q̄
����
@@@@
����
@@@@
r r̄ r r̄q qqq
Figure 4.4: Inference and failure node
38 / 136
n
n1 n2
l lc
����
@@@@
Section 4.5: Graph for Tseitin clauses
39 / 136
��������
0 t 0
q r s
0 p 1
Section 5.1: Efficient truth table for p∨ (q∧ r)
40 / 136
p q r p∨ (q∧ r)
T T T T
T T F T
T F T T
T F F T
F T T T
F T F F
F F T F
F F F F
p q r p∨ (q∧ r)
T T ∗ T
T F ∗ T
p q r p∨ (q∧ r)
T ∗ ∗ T
p q r p∨ (q∧ r)
T ∗ ∗ T
F T T T
F T F F
F F ∗ F
Section 5.1: Efficient truth table for p⊕q⊕ r
41 / 136
p q r p⊕q⊕ r
T T T T
T T F F
T F T F
T F F T
F T T F
F T F T
F F T T
F F F F
p q r p⊕q⊕ r
T T T T
T T F F
T F T F
T F F T
F T ∗ (See rows 3 and 4.)
F F ∗ (See rows 1 and 2.)
Figure 5.1: BDD for p∨ (q∧ r)
42 / 136
kpkq kq
kr kr kr krT T T TF F F T
HHHH
HHHH
@@@
@@@
AAA
AAA
AAA
AAA
Example 5.6: First reduction of BDD for p∨ (q∧ r)
43 / 136
kpkq kq
kr kr kr krF T
HHHH
HHHH
@@@
@@@
����
QQQQ
````````
`````
QQQQ
Example 5.6: Second reduction of BDD forp∨ (q∧ r)
44 / 136
kpkq kqkr
F TQQ
@@@
Example 5.6: Third reduction of BDD for p∨ (q∧ r)
45 / 136
kpkqkr
F TQQ
@@@
Example 5.7: BDD for p⊕q⊕ r after first reduction
46 / 136
kpkq kq
kr kr kr kr
F T
HHHH
H
@@@
@@@
�����
PPPP
PPPP
PPPP
PPP
��������
�����
Example 5.6: BDD for p⊕q⊕ r after second reduction
47 / 136
kpkq kqkr kr
F T
@@@
""""""
bbbbbb
""""""
bbbbbb
BDD for (p⊕q)⊕ (p⊕ r) from BDDs for p⊕q and p⊕ r
48 / 136
kpF T
@@@
BDD for p⊕q
kpkq kqF T
@@@
!!!!!!!
aaaa
aaa
⊕
BDD for p⊕ r
kpkr krF T
@@@
!!!!!!!
aaaa
aaa
BDD for (p⊕q)⊕ (p⊕ r) from BDDs for p⊕q and p⊕ r
49 / 136
BDD for p⊕q
kpkq kq
BDD for F⊕q BDD for T ⊕q
@@@
���
@@@
���
@@@
⊕
BDD for p⊕ r
kpkr kr
BDD for F⊕ r BDD for T ⊕ r
@@@
���
@@@
���
@@@
BDD for (p⊕q)⊕ (p⊕ r) from BDDs for p⊕q and p⊕ r
50 / 136
BDD for ¬q
kqF T
BDD for ¬T BDD for ¬F
���
⊕
BDD for ¬rkrF T
BDD for ¬T BDD for ¬F
���
BDD for ¬F
T ⊕
BDD for ¬rirF T
BDD for ¬T BDD for ¬F
��
BDD for (p⊕q)⊕ (p⊕ r) from BDDs for p⊕q and p⊕ r
51 / 136
T F T⊕ ≡
BDD for ¬F BDD for ¬T BDD for ¬F⊕¬T
T T F⊕ ≡
BDD for ¬F BDD for ¬F BDD for ¬F⊕¬F
T ⊕ ≡
BDD for ¬F BDD for ¬r BDD for ¬F⊕¬rirF T��
irT F��
BDD for (p⊕q)⊕ (p⊕ r) from BDDs for p⊕q and p⊕ r
52 / 136
ipiq iqir ir ir ir
F FT T F FT T
HHHH
HH
@@
��
AA
AA
��
��
BDD for q⊕ r
iqir irF T
@@
!!!!!!
aaaa
aa
Example 5.21: Restriction
53 / 136
(a)
ipiqir
F TAAA
@@
(b)
ipiq
F T\\\\\\
(c)
ipiq
F T
(b)
ip
F T
Section 6.4: 4-queens problem
54 / 136
1 2 3 4
4
3
2
1
Q
Q
Q
Q
Section 6.4.1: Encoding the 4-queens problem (1)
55 / 136
11∨12∨13∨14,21∨22∨23∨24,31∨32∨33∨34,41∨42∨43∨44.
11∨12, 11∨13, 11∨14, 12∨13, 12∨14, 13∨14,21∨22, 21∨23, 21∨24, 22∨23, 22∨24, 23∨24,31∨32, 31∨33, 31∨34, 32∨33, 32∨34, 33∨34,41∨42, 41∨43, 41∨44, 42∨43, 42∨44, 43∨44,
Section 6.4.1: Encoding the 4-queens problem (2)
56 / 136
11∨21, 11∨31, 11∨41, 21∨31, 21∨41, 31∨41,12∨22, 12∨32, 12∨42, 22∨32, 22∨42, 32∨42,13∨23, 13∨33, 13∨43, 23∨33, 23∨43, 33∨43,14∨24, 14∨34, 14∨44, 24∨34, 24∨44, 34∨44.
11∨22, 11∨33, 11∨44, 12∨21, 12∨23, 12∨34,13∨22, 13∨31, 13∨24, 14∨23, 14∨32, 14∨41,21∨32, 21∨43, 22∨31, 22∨33, 22∨44,23∨32, 23∨41, 23∨34, 24∨33, 22∨42,31∨42, 32∨41, 32∨43,33∨42, 33∨44, 34∨43.
Figure 7.1: Tree for ∀x(¬∃yp(x,y)∨¬∃yp(y,x))
57 / 136
p(x,y)
∃y
¬
p(y,x)
∃y
¬
����
QQQQ
∨
∀x
Figure 7.2: Global and local variables
58 / 136
class MyClass {int x;
void p() {int x;
x = 1;
// Print the value of x
}void q() {
// Print the value of x
}... void main(...) {x = 5;
p;
q;
}
Logically equivalent formulas (1)
59 / 136
∀xA(x)↔¬∃x¬A(x) ∃xA(x)↔¬∀x¬A(x)
∀x∀yA(x,y)↔∀y∀xA(x,y) ∃x∃yA(x,y)↔∃y∃xA(x,y)
∃x∀yA(x,y)→∀y∃xA(x,y)
(∃xA(x)∨B)↔∃x(A(x)∨B) (∀xA(x)∨B)↔∀x(A(x)∨B)
(B∨∃xA(x))↔∃x(B∨A(x)) (B∨∀xA(x))↔∀x(B∨A(x))
(∃xA(x)∧B)↔∃x(A(x)∧B) (∀xA(x)∧B)↔∀x(A(x)∧B)
(B∧∃xA(x))↔∃x(B∧A(x)) (B∧∀xA(x))↔∀x(B∧A(x))
Logically equivalent formulas (2)
60 / 136
∀x(A→B(x))↔ (A→∀xB(x))
∀x(A(x)→B)↔ (∃xA(x)→B)
(∃x(A(x)∨B(x))↔ (∃xA(x)∨∃xB(x))
∀x(A(x)∧B(x))↔ (∀xA(x)∧∀xB(x))
∀xA(x)∨∀xB(x))→∀x(A(x)∨B(x))
∃x(A(x)∧B(x))→ (∃xA(x)∧∃xB(x))
∀x(A(x)↔B(x))→ (∀xA(x)↔∀xB(x))
∀x(A(x)↔B(x))→ (∃xA(x)↔∃xB(x))
∃x(A(x)→B(x))↔ (∀xA(x)→∃xB(x))
(∃xA(x)→∀xB(x))→∀x(A(x)→B(x))
Logically equivalent formulas (3)
61 / 136
∀x(A(x)∨B(x))→ (∀xA(x)∨∃xB(x))
∀x(A(x)→B(x))→ (∀xA(x)→∀xB(x))
∀x(A(x)→B(x))→ (∃xA(x)→∃xB(x))
∀x(A(x)→B(x))→ (∀xA(x)→∃xB(x))
Figure 7.3: Semantic tableau for a satisfiable formula
62 / 136
¬(∀x(p(x)∨q(x))→ (∀xp(x)∨∀xq(x)))↓
∀x(p(x)∨q(x)), ¬(∀xp(x)∨∀xq(x))↓
∀x(p(x)∨q(x)), ¬∀xp(x), ¬∀xq(x)↓
∀x(p(x)∨q(x)), ¬∀xp(x), ¬q(a)↓
∀x(p(x)∨q(x)), ¬ p(a), ¬q(a)↓
p(a)∨q(a), ¬ p(a), ¬q(a)ւ ց
p(a), ¬ p(a), ¬q(a) q(a), ¬ p(a), ¬q(a)× ×
Figure 7.4: A tableau that should close, but doesn’t
63 / 136
∀x∃yp(x,y) ∧ ∀x(q(x)∧¬q(x))↓
∀x∃yp(x,y), ∀x(q(x)∧¬q(x))↓
∀x∃yp(x,y), ∃yp(a1,y), ∀x(q(x)∧¬q(x))↓
∀x∃yp(x,y), p(a1,a2), ∀x(q(x)∧¬q(x))↓
∀x∃yp(x,y), p(a1,a2), ∀x(q(x)∧¬q(x))↓
∀x∃yp(x,y), ∃yp(a2,y), p(a1,a2), ∀x(q(x)∧¬q(x))↓
∀x∃yp(x,y), p(a2,a3), p(a1,a2), ∀x(q(x)∧¬q(x))
Rules for γ- and δ -formulas
64 / 136
γ γ(a)∀xA(x) A(a)
¬∃xA(x) ¬A(a)
δ δ (a)∃xA(x) A(a)
¬∀xA(x) ¬A(a)
Figure 8.1: Semantic tableau in first-order logic
65 / 136
¬((∀xp(x)∨∀xq(x))→∀x(p(x)∨q(x)))↓
∀xp(x)∨∀xq(x), ¬∀x(p(x)∨q(x))ւ ց
∀xp(x), ¬∀x(p(x)∨q(x)) ∀xq(x), ¬∀x(p(x)∨q(x))↓ ↓
∀xp(x), ¬(p(a)∨q(a)) ∀xq(x), ¬(p(a)∨q(a))↓ ↓
∀xp(x), ¬ p(a), ¬q(a) ∀xq(x), ¬ p(a), ¬q(a)↓ ↓
∀xp(x), p(a), ¬ p(a), ¬q(a) ∀xq(x), q(a), ¬ p(a), ¬q(a)× ×
Figure 8.2: Gentzen proof tree in first-order logic
66 / 136
¬∀xp(x), ¬ p(a), p(a), q(a) ¬∀xq(x), ¬q(a), p(a), q(a)↓ ↓
¬∀xp(x), p(a), q(a) ¬∀xq(x), p(a), q(a)↓ ↓
¬∀xp(x), p(a)∨q(a) ¬∀xq(x), p(a)∨q(a)↓ ↓
¬∀xp(x), ∀x(p(x)∨q(x)) ¬∀xq(x), ∀x(p(x)∨q(x))ց ւ
¬(∀xp(x)∨∀xq(x)), ∀x(p(x)∨q(x))↓
(∀xp(x)∨∀xq(x))→∀x(p(x)∨q(x))
Rules for γ- and δ -formulas
67 / 136
U ∪{γ ,γ(a)}U ∪{γ}
U ∪{δ (a)}U ∪{δ}
,
The rule forδ -formulas can be applied only if the constanta does notoccur in any formula ofU .
γ γ(a)∃xA(x) A(a)
¬∀xA(x) ¬A(a)
δ δ (a)∀xA(x) A(a)
¬∃xA(x) ¬A(a)
Figure 8.3: δ -formulas follow γ-formulas
68 / 136
¬∀yp(a,y), ¬ p(a,b), ¬ p(a,a), ∃xp(x,b), p(a,b)↓
¬∀yp(a,y), ¬ p(a,a), ∃xp(x,b), p(a,b)↓
¬∀yp(a,y), ∃xp(x,b), p(a,b)↓
¬∀yp(a,y), ∃xp(x,b)↓
¬∀yp(a,y), ∀y∃xp(x,y)↓
¬∃x∀yp(x,y), ∀y∃xp(x,y)↓
∃x∀yp(x,y)→∀y∃xp(x,y)
Hilbert system H
69 / 136
Axiom 1 ⊢ (A→ (B→A)),
Axiom 2 ⊢ (A→ (B→C))→ ((A→B)→ (A→C)),
Axiom 3 ⊢ (¬B→¬A)→ (A→B),
Axiom 4 ⊢ ∀xA(x)→A(a),
Axiom 5 ⊢ ∀x(A→B(x))→ (A→∀xB(x)).
Modus ponens⊢ A→B ⊢ A
⊢ B
Generalization⊢ A(a)⊢ ∀xA(x)
.
In Axiom 5, B(x) is a formula with a free variablex, while x is not a freevariable of the formulaA.
Derived rules of inference
70 / 136
GeneralizationU⊢A(a)
U⊢∀xA(x), a does not appear inU .
DeductionU∪{A}⊢BU⊢A→B
Axiom 4U⊢∀xA(x)U⊢A(a)
Generalization⊢A(a)→B(a)⊢∀xA(x)→∀xB(x)
C-ruleU⊢∃xA(x)U⊢A(a) , a does not appear inU or ∃xA(x).
Figure 9.1: Finite sequences of terms (1)
71 / 136
n = 1 a
n = 2 b
n = 3 f (a), f (b), f ( f (a)), f ( f (b))
n = 4 f ( f ( f (a))), f ( f ( f (b),
g(a,a), g(a,b), g(a, f (a)), g(a, f (b)), g(a, f ( f (a))), g(a, f ( f (b))),
six similar terms withb as the first argument ofg,
g( f (a),a), g( f (a),b), g( f (a), f (a)), g( f (a), f (b)),
g( f (a), f ( f (a))), g( f (a), f ( f (b))),
six similar terms withf (b) as the first argument ofg,
Figure 9.1: Finite sequences of terms (2)
72 / 136
g( f ( f (a)),a), g( f ( f (a)),b), g( f ( f (a)), f (a)), g( f ( f (a)), f (b)),
g( f ( f (a)), f ( f (a))), g( f ( f (a)), f ( f (b))),
six similar terms withf ( f (b)) as the first argument ofg,
f (g(a,a)), f (g(a,b)), f (g(a, f (a)), f (g(a, f (b)),
twelve similar terms withb, f (a), f (b) as the first argument ofg,
f ( f (g(a,a))), f ( f (g(a,b))), f ( f (g(b,a))), f ( f (g(b,b))).
Example 9.20: Hebrand universes
73 / 136
S1 = {pa¬ pbqz, ¬qz¬ pbqz}
HS1 = {a, b}
S2 = {¬ px f (y), pwg(w)}
HS2 = {a, f (a), g(a),
f ( f (a)), g( f (a)), f (g(a)), g(g(a)), . . .}
S3 = {¬ pa f (x,y), pb f (x,y)}
HS3 = {a, b, f (a,a), f (a,b), f (b,a), f (b,b),
f (a, f (a,a)), f ( f (a,a),a), . . .}
Example 10.2: Ground resolution
74 / 136
{q( f (b)), r(a, f (b))} {p(a), ¬q( f (b)), r( f (a),b)}
�����������
HHHHHHHH
{p(a), r(a, f (b)), r( f (a),b)}
Example 10.7: Unification
75 / 136
〈 g(y) = x, f (x,h(x),y) = f (g(z),w,z) 〉
〈 f (g(y),h(g(y)),y) = f (g(z),w,z), x = g(y) 〉
〈 g(y) = g(z), h(g(y)) = w, y = z, x = g(y) 〉
〈 y = z, h(g(y)) = w, y = z, x = g(y) 〉
〈 h(g(z)) = w, z = z, x = g(z), y = z 〉
〈 z = z, x = g(z), y = z, w = h(g(z)) 〉
〈 x = g(z), y = z, w = h(g(z)) 〉
Example 10.29: Resolution refutation (1)
76 / 136
1. ¬ p(x)∨q(x)∨ r(x, f (x))
2. ¬ p(x)∨q(x)∨ s( f (x))
3. t(a)
4. p(a)
5. ¬r(a,y)∨ t(y)
6. ¬t(x)∨¬q(x)
7. ¬t(x)∨¬s(x)
Example 10.29: Resolution refutation (2)
77 / 136
8. ¬q(a) x← a 3,69. q(a)∨ s( f (a)) x← a 2,410. s( f (a)) 8,911. q(a)∨ r(a, f (a)) x← a 1,412. r(a, f (a)) 8,1113. t( f (a)) y← f (a) 5,1214. ¬s( f (a)) x← f (a) 7,1315. 2 10,14
Example 10.30: Resolution refutation
78 / 136
1. ¬ p(x,y)∨ p(y,x)
2. ¬ p(x,y)∨¬ p(y,z)∨ p(x,z)
3. p(x, f (x))
4. ¬ p(x,x)
3′. p(x′, f (x′)) Rename 35. p( f (x),x) σ1 = {y← f (x),x′← x} 1,3′
3′′. p(x′′, f (x′′)) Rename 36. ¬ p( f (x),z)∨ p(x,z) σ2 = {y← f (x),x′′← x} 2,3′′
5′′′. p( f (x′′′),x′′′) Rename 57. p(x,x) σ3 = {z← x,x′′′← x} 6,5′′′
4′′′′. ¬ p(x′′′′,x′′′′) Rename 48. 2 σ4 = {x′′′′← x} 7,4′′′′
Theorem 10.33: Lifting Lemma
79 / 136
C1,C2
C′1,C′2
-
-Resolution
Ground resolution
C
C′? ?
Instance Instance
Figure 10.1: Example for the lifting lemma (1)
80 / 136
C1 = {p(x), p( f (y)), p( f (z)), q(x)}
C2 = {¬ p( f (u)), ¬ p(w), r(u)}
θ1 = {x← f (a), y← a, z← a}
θ2 = {u← a, w← f (a)}
C′1 = C1θ1 = {p( f (a)), q( f (a))}
C′2 = C2θ2 = {¬ p( f (a)), r(a)}
C′ = Res(C1,C2) = {q( f (a)), r(a)}
Figure 10.1: Example for the lifting lemma (2)
81 / 136
L1 = {p(x), p( f (y)), p( f (z))}
λ1 = {x← f (y), z← y}
L1λ1 = {p( f (y))}
L2 = {¬ p( f (u)), ¬ p(w)}
λ2 = {w← f (u)}
L2λ2 = {¬ p( f (u))}
λ = λ1∪λ2 = {x← f (y),z← y,w← f (u)}
L1λ = {p( f (y))}
C1λ = {p( f (y)), q( f (y))}
L2λ = {¬ p( f (u))}
C2λ = {¬ p( f (u)), r(u)}
Figure 10.1: Example for the lifting lemma (3)
82 / 136
σ = {u← y}
C = Res(C1λ ,C2λ ) = {q( f (y)), r(y)}, usingσλσ = {x← f (y), z← y, w← f (y), u← y}
C1λσ = {p( f (y)), q( f (y))}
C2λσ = {¬ p( f (y)), r(y)}
C = Res(C1,C2) = {q( f (y)), r(y)}, usingλσ
θ ′1 = {y← a}
C′1 = C1θ1 = {p( f (a)), q( f (a))}=C1λσθ1
θ ′2 = {y← a}
C′2 = C2θ2 = {¬ p( f (a)), r(a)}=C2λσθ2
θ ′ = {y← a}
C′ = Res(C′1,C′2) = {q( f (a)), r(a)}
Figure 11.1: SLD-tree for selection of leftmost literal
83 / 136
(1) (2)
(5) (6) (7) (3) (10)
(1) (2) (1) (2)
q(y,b)�����
PPPPPPPPp(y,b)
2 2 2
���
@@@
p(y,z),q(z,b)
. . .q(a,b) q(h,b)
p(a,b) p(a,z′),q(z′,b) p(h, j) p(h,z′′),q(z′′, j)× ... × ...
�����
HHHHH
���
@@@
���
@@@
Theorem 12.3: Church’s Theorem
84 / 136
SM =
(n∧
i=0
Si∧ p0(a,a)
)
→∃z1∃z2pn(z1,z2).
Li Si
x = x + 1; ∀x∀y(pi(x,y)→ pi+1(s(x),y))
y = y + 1; ∀x∀y(pi(x,y)→ pi+1(x,s(y)))
if (x == 0) goto Lj; ∀x(pi(a,x)→ p j(a,x)) ∧
else x = x - 1; ∀x∀y(pi(s(x),y)→ pi+1(x,y))
if (y == 0) then goto Lj; ∀x(pi(x,a)→ p j(x,a)) ∧
else y = y - 1; ∀x∀y(pi(x,s(y))→ pi+1(x,y))
Figure 13.1: State transition diagram
85 / 136
����
p¬q
s0
-����
pq
s1
�--
� ����¬ pq
s2
��?
����¬ p¬q
s3
��?�
������
Figure 13.2: Alternate representation
86 / 136
����
p
s0
-����
pq
s1
�--
� ����
q
s2
��?
����s3
��?�
������
Definition 13.27: Linear temporal logic
87 / 136
����¬ p
s0
-����¬ p
s1
-����
p
s2
- . . .
Example 13.33
88 / 136
� ��ps0
-� ��qs1
-� ��ps2
-� ��qs3
-� ��ps4
- . . .
Commutativity
89 / 136
� ��¬ps0
-� ��¬ps1
-� ��ps2
-� ��¬ps3
-� ��¬ps4
-� ��ps5
- . . .
� ��¬ps0
-� ��¬ps1
-� ��¬ps2
-� ��¬ps3
-� ��ps4
-� ��ps5
- . . .
Section 13.51: Tableaux rules for LTL
90 / 136
α α1 α2
2A A #2A
¬3A ¬A ¬#3A
β β1 β2
3A A #3A
¬2A ¬A ¬#2A
X X1
#A A
¬#A ¬A
The rule for next formulas (1)
91 / 136
(p∨q)∧#(¬ p∧¬q)↓
p∨q, #(¬ p∧¬q)ւ ց
p, #(¬ p∧¬q) q, #(¬ p∧¬q)
The rule for next formulas (2)
92 / 136
(p∨q)∧#(¬ p∧¬q)↓
p∨q, #(¬ p∧¬q)ւ ց
p, #(¬ p∧¬q) q, #(¬ p∧¬q)
↓ ↓
¬ p∧¬q ¬ p∧¬q↓ ↓
¬ p, ¬q ¬ p, ¬q
The rule for next formulas (3)
93 / 136
����
p
s0
-����¬ p¬q
s1
����
q
s0
-����¬ p¬q
s1
����
p
s0
-����¬ p¬q
s1
�� ����
q
s0
-����¬ p¬q
s1
��
Semantic tableau for¬(2(p∧q)→2p)
94 / 136
¬(2(p∧q)→2p)↓
2(p∧q), 3¬ p↓
p∧q, #2(p∧q), 3¬ p↓
p, q, #2(p∧q), 3¬ pւ ց
p, q, #2(p∧q), ¬ p p, q, #2(p∧q), #3¬ p×
Interpretations for ¬(2(p∧q)→2p)
95 / 136
����
pq
s0
-����
pq
s1
-����
pq
s2
-
����
pq
s0
��
Example 13.38
96 / 136
l0 : 23p↓
l1 : 3p, #23pւ ց
l2 : p, #23p l3 : #3p, #23p
↓ ↓l4 : 23p l5 : 3p, 23p
↓ ↓l6 : 3p, #23p l7 : 3p, #23pւ ց ւ ց
To l2 To l3 To l2 To l3
Example 13.43
97 / 136
l0 : 23p↓
l1 : 3p, #23pւ ց
l2 : p, #23p l3 : #3p, #23p
↓ ↓
To l0 To l1
����
p
s0
�--����s1
����
?
Figure 13.3: 2(3(p∧q)∧3(¬ p∧q)∧3(p∧¬q))
98 / 136
����
p¬q
s2
�-
����
pq
s0
�- ����¬ pq
s1
��
����s3
��-
�
-�
6
?
6
?�������������*��������������
HHHHHHHHHHHHHjHHH
HHHH
HHHH
HHY
Section 13.5.4: A linear, fulfilling Hintikka structure
99 / 136
����
pq
s0
-����¬ pq
s1
-����
p¬q
s2
��?
Figure 13.4: Strongly connected components
100 / 136
����s0
@@@@R
����������������
����s2 s3
s1
���� @@R ��������
��������s6 s7
s4 s5
�
-
6 ?
�
Figure 13.5: Component graph
101 / 136
��
@@R
�
G0
'&$%��
��s0
@@@@R
��������G1
'
&
$
%������������
s2 s3
s1
���� @@R G2
'
&
$
%����������������
s6 s7
s4 s5
�
-
6 ?
�
Figure 13.6: An SCC is contained in an MSCC
102 / 136
'
&
$
%
G′
G
'
&
$
%������������
s2 s3
s1
���� @@R
-����������������
s6 s7
s4 s5
�
-
6 ?
�
Example 13.68
103 / 136
����
p
s0
-����
p
s1
-����
q
s2
- · · ·
����
p
s0
-����
p
s1
-����
p
s2
- · · ·
����
p
s0
-����¬ p
s1
-����
q
s2
- · · ·
Deductive systemL
104 / 136
Axiom 0 Prop Any substitution instance ofa valid propositional formula.
Axiom 1 Distribution of 2 ⊢2(A→B)→ (2A→2B).Axiom 2 Distribution of # ⊢#(A→B)→ (#A→#B).Axiom 3 Expansion of2 ⊢2A→ (A ∧ #A ∧ #2A).Axiom 4 Induction ⊢2(A→#A)→ (A→2A).Axiom 5 Linearity ⊢#A↔¬#¬A.
Modus ponens⊢ A ⊢ A→B
⊢ B.
Generalization⊢ A⊢2A
.
Example 14.9
105 / 136
����
p
s0
-����¬ p
s1
-����
p
s2
-����¬ p
s3
- · · ·
Semantic tableau for the negation of2p→#2p
106 / 136
¬(2p→#2p)↓
2p, #3¬ p↓
ls p, #2p, #3¬ p
↓2p, 3¬ p↓
p, #2p, 3¬ pւ ց
p, #2p, ¬ p (To nodels)×
Section 14.4: Axioms for binary temporal operators
107 / 136
Axiom 6 Expansion ofU ⊢ AU B↔ (B∨ (A∧#(AU B))).Axiom 7 Eventuality ⊢ AU B→3B.
Definition 15.8: H L (1)
108 / 136
Domain axiomsEvery true formula over the domain(s) of the program variables.
Assignment axiom
⊢ {p(x){x← t}}x := t{p(x)}.
Composition rule
⊢ {p}S1{q} ⊢ {q}S2{r}⊢ {p}S1;S2{r}
.
Definition 15.8: H L (2)
109 / 136
Alternative rule
⊢ {p∧B}S1{q} ⊢ {p∧¬B}S2{q}⊢ {p}if B then S1 else S2{q}
.
Loop rule⊢ {p∧B}S{p}
⊢ {p}while B do S{p∧¬B}.
Consequence rule
⊢ p1→ p ⊢ {p}S{q} ⊢ q→q1
⊢ {p1}S{q1}.
Section 15.3: Program to be verified
110 / 136
{true}x := 0;
{x = 0}y := b;
{x = 0∧ y = b}while y <> 0 do
{x = (b− y) ·a}begin x := x + a; y := y - 1 end;
{x = a ·b}
Section 15.4.1: Solution 1 (outline)
111 / 136
{0≤ a}x = E1(x,a);
while (B(x,a))
{0≤ x2≤ a}x = E2(x,a);
{0≤ x2≤ a < (x+1)2}.
Section 15.4.1: Solution 1 (final)
112 / 136
{0≤ a}x = 0;
while ((x+1)*(x+1) <= a)
{0≤ x2≤ a}x = x + 1;
{0≤ x2≤ a < (x+1)2}.
Section 15.4.1: Solution 2 (outline)
113 / 136
{0≤ a}x = 0;
y = a+1;
while (y != x+1)
{(0≤ x2≤ a < y2) ∧ (x < y≤ a+1)}E(x,y,a);
{0≤ x2≤ a < (x+1)2}.
Section 15.4.1: Solution 2 (final)
114 / 136
{0≤ a}x = 0;
y = a+1;
while (y != x+1)
{0≤ x2≤ a < y2 ∧ x < y≤ a+1}{z = (x+y) / 2;
if (z*z <= a)
x = z;
else
y = z;
}{0≤ x2≤ a < (x+1)2}.
Example 15.15: Weaker conditions
115 / 136
'
&
$
%����������������
' $
& %' $& %
y = 0 y = 1 y = 2 y = 3
y = 1∨ y = 3
y≤ 3
Definition 15.21: Sequential composition
116 / 136
'
&
$
%
'&
$%wp(S1, wp(S2, q)) -
'
&
$
%'&$%wp(S2, q) ���
������
��:
'
&
$
%
'&$%
q
Corollary 9.26: Excluded miracle
117 / 136
︸ ︷︷ ︸
wp(S, p)
︷ ︸︸ ︷
wp(S, ¬ p)'&
$%
p ∞ ¬ p
Theorem 9.28: Monotonicity
118 / 136
'
&
$
%
'
&
$
%wp(S, q)����wp(S, p) -
-
'
&
$
%
'&$%
q�� ��p
Lemma 15.37
119 / 136
'
&
$
%
'
&
$
%
'
&
$
%
'
&
$
%
'&
$%
��
��
0∨
k=0wp(Wk, p)
1∨
k=0wp(Wk, p)
2∨
k=0wp(Wk, p) · · ·
∞∨
k=0wp(Wk, p)
Example 16.2
120 / 136
int n = 0
Process p Process q
1: n = n + 1 1: n = n + 1
2: n = n + 1 2: n = n + 1
end: end:
Atomic operations
121 / 136
int n = 0
Process p Process q
1: n = n + 1 1: n = n + 1
end: end:
int n = 0
Process p Process q
int temp = 0 int temp = 0
1: temp = n 1: temp = n
2: temp = temp + 1 2: temp = temp + 1
3: n = temp 3: n = temp
end: end:
Peterson’s algorithm
122 / 136
boolean wantp = false, wantq = false
int turn = 1
Process p Process q
while (true) { while (true) {
non-critical-section non-critical-section
wantp = true wantq = true
turn = 1 turn = 2
wait until wait until
(!wantq or turn == 2) (!wantp or turn == 1)
critical-section critical-section
wantp = false wantq = false
} }
Abbreviated algorithm
123 / 136
boolean wantp = false, wantq = false
int turn = 1
Process p Process q
while (true) { while (true) {
tryp: wantp=true; turn=1 tryq: wantq=true; turn=2
waitp: wait until waitq: wait until
(!wantq or turn == 2) (!wantp or turn == 1)
csp: wantp = false csq: wantq = false
} }
Progress axioms
124 / 136
Statement Progress axioms
li: v := expression ⊢ li→3li+1
li+1:
li: if B then ⊢ li→3(lt ∨ l f )
lt: S1 ⊢ (li∧2B)→3ltelse
lf: S2 ⊢ (li∧2¬B)→3l f
li: while B do ⊢ li→3(lt ∨ l f )
lt: S1; ⊢ (li∧2B)→3ltlf: ⊢ (li∧2¬B)→3l f
Figure 16.3: Finite automata for Peterson’s algorithm
125 / 136
-����tryp -
wantp=trueturn=1 ����waitp -
!wantq orturn == 2��
��-
wantq andturn == 1
����csp
6
wantp=false
-����tryq -
wantq=trueturn=2 ����waitq -
!wantp orturn == 1��
��-
wantp andturn == 2
����csq
6
wantq=false
Product automaton for Peterson’s algorithm
126 / 136
?
"!# tryptryq
-
wantp=trueturn=1�
wantq=trueturn=2
"!# trypwaitq "!
# waitptryq
· · ·· · ·
Figure 16.2: State space for Peterson’s algorithm
127 / 136
1. (tryp,tryq,1)�������
HHHHHHj2. (waitp,tryq,1)
���
@@@R
3. (tryp,waitq,2)
���
@@@R
4. (csp,tryq,1)
��i1 @@@R
5. (waitp,waitq,2)
���
@@R i56. (waitp,waitq,1)
��i6?
7. (tryp,csq,2)������� ?
8. (csp,waitq,2)
��i3 @@R i89. (waitp,csq,1)
��i9 @@R i210. (tryp,tryq,2)
��i2 @@R i3
Section 16.5.2: Dijkstra’s second attempt
128 / 136
boolean wantp = false, wantq = false
Process p Process q
while (true) { while (true) {
waitp: wait until !wantq waitq: wait until !wantp
tryp: wantp = true tryq: wantq = true
csp: wantp = false csq: wantq = false
} }
Figure 16.3: State space for the second attempt
129 / 136
1. (waitp,waitq,F ,F)�������
HHHHHHj2. (tryp,waitq,F ,F)
���
@@@R
3. (waitp,tryq,F ,F)
���
@@@R
4. (csp,waitq,T ,F)
��i1 @@@R
5. (tryp,tryq,F ,F)�������
HHHHHHj
6. (waitp,csq,F ,T )
@@R i1���
7. (csp,tryq,T ,F)
��i3 @@@R
8. (tryp,csq,F ,T )
���
@@R i210. (csp,csq,T ,T )
��i6 @@R i4
Section 16.6
130 / 136
����waitp
s0
-����waitp
s1
-����waitp
s2
-����waitp
s3
��?
����tryp
s0
-����waitp
s1
-����waitp
s2
-����waitp
s3
��?
Section 16.6.1
131 / 136
-"!# ����
s0
-true
��
��-
¬waitp∨ csp"!#
s1� csp ��
��-
true
-"!#
s0 -waitp∧¬csp��
��-
true"!# ����
s1 ��
��-
¬csp
Figure 16.4: Model checking liveness
132 / 136
1. (tryp,tryq,1)��������
HHHHHHHj2. (waitp,tryq,1)
@@@@R
����
3. (tryp,waitq,2)
����
@@@@R
4. (csp,tryq,1)
��j1 @
@@@R
5. (waitp,waitq,2)
@@R j5
����
6. (waitp,waitq,1)
��j6
?
7. (tryp,csq,2)�������� ?
8. (csp,waitq,2)
��j3 @
@R j89. (waitp,csq,1)
��j9 @
@R j210. (tryp,tryq,2)
��j2 @
@R j3
Figure 16.5: The state space as a tree
133 / 136
1. (tryp,tryq,1)��������
HHHHHHHj2. (waitp,tryq,1)
��
��
@@@@R
3. (tryp,waitq,2)
����
@@@@R
4. (csp,tryq,1)
?
@@@@R
5. (waitp,waitq,2)
����
@@@@R
6. (waitp,waitq,1)
?
@@@@R
7. (tryp,csq,2)
���� ?
8. (t,t,1) 9. (c,w,2) 10. (w,w,2) 11. (w,w,1) 12. (w,c,1) 13. (t,t,2)
Figure 16.6: CTL model checking
134 / 136
1. (tryp,tryq,1)��������
HHHHHHHj2. (waitp,tryq,1)
��
��
@@@@R
3. (tryp,waitq,2)
����
@@@@R
4. (csp,tryq,1)
��j1 @
@@@R
5. (waitp,waitq,2)
����
@@R j5
6. (waitp,waitq,1)
��j6
?
7. (tryp,csq,2)�������� ?
8. (csp,waitq,2)
��j3 @
@R j89. (waitp,csq,1)
��j9 @
@R j210. (tryp,tryq,2)
��j2 @
@R j3
Section 16.8: Symbolic model checking
135 / 136
tryp p0∧ p1 tryq q0∧q1
waitp ¬ p0∧ p1 waitq ¬q0∧q1
csp p0∧¬ p1 csq q0∧¬q1
����s0
-����s1
-����s2
-����s3
��?
Venn diagrams
136 / 136
'
&
$
%
'&
$%S
T
'
&
$
%
'
&
$
%S−T S∩T T −S
S T
︷ ︸︸ ︷
S∪T