Higher-Order Logic. Specification and Verification with Higher-Order Logic

Size: px

Start display at page:

Download "Higher-Order Logic. Specification and Verification with Higher-Order Logic"

Arnold Tucker
5 years ago
Views:

1 Higher-Order Logic Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität Kaiserslautern Sommersemester 2008 Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

2 Outline Introduction 1 Introduction 2 Types Motivation Polymorphism Sematics 3 Terms Higher-Order Terms Semantics 4 HOL Proof System Formulas and Sequents Axioms and Rules 5 Summary Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

3 Overview Introduction Overview Higher-Order Logic quantification over predicates, functions and sets supports formalisation of arbitrary mathematics Motivation reasoning about hardware and software can require very sophisticated mathematics floating point: real numbers and analysis correctness of randomised algorithms: probability Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

4 Outline Types 1 Introduction 2 Types Motivation Polymorphism Sematics 3 Terms Higher-Order Terms Semantics 4 HOL Proof System Formulas and Sequents Axioms and Rules 5 Summary Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

5 Problem: Russell s Paradox Types Motivation Russel s Paradox Having variables that range over predicates allows to write terms like where P is a variable. By β -reduction: Ω def = λ P. (P P) Ω Ω = (λ P. (P P)) Ω = (Ω Ω) Conclusion To avoid this kind of thing types are needed! Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

6 Types Types of Types type constant: c type variable: α compound type: (σ 1,...,σ n )op Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

7 Types Type Examples Example (Type Constant) bool: Booleans num: natural numbers weekday: some appropriate user defined type Example (Compound Types) (σ 1,σ 2 )fun: functions from σ 1 to σ 2 (σ 1,σ 2 )prod: pairs of values Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

8 Terminology and Notation Types Definition (Type operator) op in (σ 1,...,σ n )op is called a type constructor Conventions The type (σ 1,σ 2 )fun is usually written σ 1 σ 2 and σ 1 σ 2 σ n = (σ 1 (σ 2 ( σ n ))) The type (σ 1,σ 2 )prod is usually written σ 1 σ 2 or σ 1 σ 2 and σ 1 σ 2 σ n = (σ 1 (σ 2 ( σ n ))) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

9 Typing of Terms Types Typing of Terms All terms must be well-typed. t:σ means the term t is well-typed and has type σ. Variables and Constants Variables may have any type: v:σ Constants have a fixed generic type: c:σ Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

10 Assigning Types to Terms Types Rules for the Assignment function application t 1 :σ 1 σ 2 t 2 :σ 1 (t 1 t 2 ):σ 2 abstraction x:σ 1 t:σ 2 λ x. t:σ 1 σ 2 Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

11 Polymorphism Types Polymorphism Example (Polymorphism) Consider the constant I, defined by: I def = λ x. x We may want to apply the function I to things of different types: I 7 = 7 with I : num num I T = T with I : bool bool It seems that I must have two different types. Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

12 Types Polymorphism and Generic Types Polymorphism Polymorphism The types of polymorphic functions such as I contain type variables: I def = (λ x. x):α α where α stands for any type. α α is the generic type of I. The constant I then has every type obtainable by substituting any type for the variable α in its generic type: I : bool bool I : num num I : (α bool) (α bool) I : α α Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

13 Polymorphism Examples Types Polymorphism Example (Function Composition) o def = λ f.λ g.λ x.f(g(x)) where o : (β γ) (α β) (α γ) Example (Equality) Example (Apply a Function and Add) = : α α bool app_add def = λ f.(λ x.f(x) + f(x)) where app_add : (α num) (α num) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

14 Types Church s Simple Theory of Types Sematics Definition (Universe) each element X U is a non-empty set if X U and Y X, then Y U. if X U and Y U, then X Y U if X U, then powerset (X) = {Y : Y X} U U contains a distinguished infinite set I distinguished element ch Π X U X: ch(x) X witnesses non-emptiness Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

15 Model Types Sematics Definition (Model of Type Structure) given: type structure Ω as set of type constants (ν,n) model: M(ν) : U n U Polymorphic Types types containing type variables: polymorphic meaning of polymorphic types not single set, but set-valued function Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

16 Summary of Types Types Sematics Fact (Types) Types are introduced to avoid inconsistency. Types Type constants: bool, num,... Type variables: α, β, γ,... Compound Types: (σ 1,...,σ n )op e.g. σ 1 σ 2, and σ 1 σ 2. Polymorphism twice def = λ f.λ x.f(f(x)) where twice : (α α) (α α) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

17 Outline Terms 1 Introduction 2 Types Motivation Polymorphism Sematics 3 Terms Higher-Order Terms Semantics 4 HOL Proof System Formulas and Sequents Axioms and Rules 5 Summary Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

18 of Terms Terms of Terms constants: c variables : v function applications: T 1 T 2 lambda abstractions λ v. T Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

19 Constants and Variables Terms Fact (Distinction between Constants and Variables) The distinction between a constant and a variable always depends on the context. Identifiers x, y, foo, t, k 2, c_val,... Special Symbols,,,,,, 1, 2, 3,..., +,, =,... Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

20 Function Applications Terms Notation term 1 term 2 denotes the result of applying the function term 1 to the value term 2. Precedence parentheses can be used for grouping f(x), f (g y), (f x) y,... default precedence f x 1 x 2 x n = (((f x 1 ) x 2 ) x n ) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

21 Abstractions Terms Notation λ var. term denotes the function x term[x/var]. Convention λ x 1 x 2 x n. t = λ x 1. λ x 2. λ x n. t Example (Abstraction) λ x. x: the identity function λ x. f(f x): function that applies f twice λ f.λ g.λ x. f(g x): function composition Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

22 Free and Bound Variables Terms Definition (Free Variable) λ x. body A variable x is called free in a term if it does not occur inside the body of an abstraction. Definition (Bound Variables) If an instance of a variable is not free, it is bound. Example (Free and Bound Variables) Consider variable x: (λ x. f x)(λ y. x) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

23 Syntactic Sugar Terms Infix Aplications Certain constants are written in infix position: t 1 + t 2 abbreviates + t 1 t 2 t 1 t 2 abbreviates t 1 t 2 t 1 t 2 abbreviates t 1 t 2 Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

24 Summary of Terms Terms Terms Terms may be Variables: x, y, a, a_var, phi 1,... Constants: T, F, phi,, +,... Applications: t 1 t 2, t 1 t 2 t 3... t n Abstractions: λ x. t, λ x 1 x 2... x n. t Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

25 Higher-Order Terms Terms Higher-Order Terms Fact (Higher-Order Terms) Variables can range over functions or predicates (i. e. boolean-valued functions) Example (Higher-Order Term) in λ f.f 0, the variable f ranges over functions in P. P(n) P(n+1), P ranges over predicates typical assertion x f. g. (g 0 = x) n.g (n+1) = (f (g n)) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

26 Syntactic Sugar Terms Higher-Order Terms Binders The quantifiers and are in fact polymorphic constants with types: : (α B) B : (α B) B They are defined such that for P : (α bool): P means P(x) = T for all x P means P(x) = T for some x Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

27 Hilbert s Choice Function Terms Higher-Order Terms Definition (ε-operator) εx. t[x] with x : σ and t[x] a term involving x binder of type (σ B) σ denotes a value of type σ some value of type σ, v:σ such that t[v] is true no such value exists: arbitrary but fixed value of type σ Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

28 Examples of ε-terms Terms Higher-Order Terms Example (ε-terms) This term denotes the number 1: εx. 0 < x x < 2 This term denotes an even number: εx. y. x = 2 y An unspecified natural number: εx. x + 1 = x The following proposition is true: (εx. x + 3 = 9) = 6 Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

29 Standard Signatures Terms Semantics Standard Signature and Intended Interpretation standard type structure Ω contains the atomic types B of Boolean values and I of individuals of type (B B B) Intended interpretation: implication = of type (α α B) Intended interpretation: equality on the set α ε of type ((α B) α) Intended interpretation: Hilbert s choice function. Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

30 Standard Logical Constants Terms Semantics Definition of Standard Logical Constants EXISTS def = λ P.P(εP) TRUTH def true = ((λ x.x) = (λ x.x)) FORALL def = λ P.(P = (λ x.true)) FALSITY def false = x.x NEGATION def = λ x.x false DISJUNCTION def = λ(x,y). x y CONJUNCTION def = λ(x,y). ( x y) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

31 Outline HOL Proof System 1 Introduction 2 Types Motivation Polymorphism Sematics 3 Terms Higher-Order Terms Semantics 4 HOL Proof System Formulas and Sequents Axioms and Rules 5 Summary Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

32 Formulas HOL Proof System Formulas and Sequents Definition (Formulas in HOL) Formulas in HOL are terms of type B Example (Formulas in HOL) x. x = 0 (x = 0) true (λ x. x)( y. y = y) x. x = true Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

33 Sequents HOL Proof System Formulas and Sequents Definition (Sequents in HOL) A sequent is a pair (Γ,t) where Γ is a set of formulas (assumptions) t is a formula (conclusion) A sequent (Γ, t) essentially means From the formulas in Γ, t can be derived. Example (Sequents in HOL) The sequent ({x = 3, n. n = n},x = 99) means { x = 3, y = 7, n. n = n } x + y = 10 Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

34 Theorems HOL Proof System Formulas and Sequents Definition (Theorems in HOL) A theorem is a sequent that is either an axiom, or can be derived from other theorems Notation Γ t or just t if Γ is empty Example (HOL Theorems) x. x = 0 (x = 0)? true? (λ x. x)( y. y = y)? x. x = true? Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

35 Axioms of the HOL Logic HOL Proof System Axioms and Rules Five Axioms b. (b = true) (b = false) b 1 b 2. (b 1 b 2 ) (b 2 b 1 ) (b 1 = b 2 ) f. (λ x. fx) = f P x. P x P(ε P) f.( x y. fx = fy x = y) ( x. y. x = f y) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

36 Inference Rules HOL Proof System Axioms and Rules Primitive Inference Rules ASSUME {t} t REFL MP t = t Γ 1 t 1 t 2 Γ 2 t 1 Γ 1 Γ 2 t 2 DISCH ABS Γ t 2 Γ {t 1 } t 1 t 2 Γ t 1 = t 2 Γ (λ x. t 1 ) = (λ x. t 2 ) (with x not free in Γ) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

37 Inference Rules HOL Proof System Axioms and Rules Primitive Inference Rules (continued) BETA_CONV SUBST INST_TYPE (λ x. t 1 )t 2 = t 1 [t 2 /x] Γ 1 t 1 = t 2 Γ 2 t[t 1 ] Γ 1 Γ 2 t[t 2 ] Γ t Γ t[σ 1...σ n /α 1...α n ] Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

38 Beta Conversion HOL Proof System Axioms and Rules Rule for Beta-Conversion BETA_CONV (λ x. t 1 )t 2 = t 1 [t 2 /x] t 1 [t 2 /x] denotes the result of substituting t 2 for all free occurrences of x in t 1 bound variables renamed if necessary so that no free variable in t 2 becomes bound Example (Beta Conversion) (λ x. x + 3) 7 = (λ x. ( x. x = true) x) false = ( x. x = true) false) (λ y. x. x = y) x = ( x. x = x) Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

39 HOL Proof System Axioms and Rules Substitution Rule for Substitution SUBST Γ 1 t 1 = t 2 Γ 2 t[t 1 ] Γ 1 Γ 2 t[t 2 ] where t[t 1 ] is a term with selected free occurences of t 1 singled out for t[t 2 ] is the result of replacing those chosen t 1 by t 2 bound variables are renamed so that variables free in t 2 do not become bound in t[t 2 ] Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

40 Type Instantiation HOL Proof System Axioms and Rules Rule for Type Instantiation INST_TYPE Γ t Γ t[σ 1...σ n /α 1...α n ] which effects the parallel substitution of types σ 1...σ n for type variables α 1...α n in t. Restriction: none of α 1...α n occur in Γ. Example (Type Instantiation) I(x : α) = x I(x : num) = x Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

41 Outline Summary 1 Introduction 2 Types Motivation Polymorphism Sematics 3 Terms Higher-Order Terms Semantics 4 HOL Proof System Formulas and Sequents Axioms and Rules 5 Summary Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

42 Summary Summary Higher-Order Logic types and terms quantification over predicates, functions and sets HOL Proof System five axioms and eight primitive inference rules Arnd Poetzsch-Heffter (Slides by Jens Brandt) ( Software Technology Higher-Order Group Fachbereich Logic Informatik Technische Universität Sommersemester Kaiserslautern) / 42

A Brief Introduction to Standard ML

A Brief Introduction to Standard ML Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität