Software Engineering Lecture Notes

Similar documents
Programming Languages Third Edition

STABILITY AND PARADOX IN ALGORITHMIC LOGIC

Propositional Logic. Part I

Lecture 5 - Axiomatic semantics

LOGIC AND DISCRETE MATHEMATICS

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

AXIOMS FOR THE INTEGERS

Logic and its Applications

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

6. Hoare Logic and Weakest Preconditions

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Program Verification & Testing; Review of Propositional Logic

[Ch 6] Set Theory. 1. Basic Concepts and Definitions. 400 lecture note #4. 1) Basics

Propositional Calculus. Math Foundations of Computer Science

THREE LECTURES ON BASIC TOPOLOGY. 1. Basic notions.

Lecture 5. Logic I. Statement Logic

An Annotated Language

1.3. Conditional expressions To express case distinctions like

Lectures 20, 21: Axiomatic Semantics

CSC 501 Semantics of Programming Languages

Chapter 3. Describing Syntax and Semantics

Chapter 3. Set Theory. 3.1 What is a Set?

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

Part I Logic programming paradigm

Going beyond propositional logic

6.001 Notes: Section 6.1

Introduction to Axiomatic Semantics

AXIOMS OF AN IMPERATIVE LANGUAGE PARTIAL CORRECTNESS WEAK AND STRONG CONDITIONS. THE AXIOM FOR nop

Semantics via Syntax. f (4) = if define f (x) =2 x + 55.

(a) (4 pts) Prove that if a and b are rational, then ab is rational. Since a and b are rational they can be written as the ratio of integers a 1

An Evolution of Mathematical Tools

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Introduction to dependent types in Coq

Mathematical Logic Prof. Arindama Singh Department of Mathematics Indian Institute of Technology, Madras. Lecture - 37 Resolution Rules

Propositional Logic. Andreas Klappenecker

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

Introductory logic and sets for Computer scientists

Proving Theorems with Athena

CS103 Spring 2018 Mathematical Vocabulary

1. true / false By a compiler we mean a program that translates to code that will run natively on some machine.

Evaluation Trees for Proposition Algebra

Bootcamp. Christoph Thiele. Summer An example of a primitive universe

Typed Lambda Calculus

Operational Semantics

Binary Decision Diagrams

Summary of Course Coverage

Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1

Program Analysis: Lecture 02 Page 1 of 32

Formal Predicate Calculus. Michael Meyling

Propositional Calculus. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

CS 3512, Spring Instructor: Doug Dunham. Textbook: James L. Hein, Discrete Structures, Logic, and Computability, 3rd Ed. Jones and Barlett, 2010

3.7 Denotational Semantics

== is a decent equivalence

Induction and Semantics in Dafny

SOFTWARE ENGINEERING DESIGN I

Introduction to Automata Theory. BİL405 - Automata Theory and Formal Languages 1

Treewidth and graph minors

Foundations of Computation

Towards a Logical Reconstruction of Relational Database Theory

CSE 20 DISCRETE MATH. Fall

Warm-Up Problem. 1. What is the definition of a Hoare triple satisfying partial correctness? 2. Recall the rule for assignment: x (assignment)

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

This book is licensed under a Creative Commons Attribution 3.0 License

COSC252: Programming Languages: Semantic Specification. Jeremy Bolton, PhD Adjunct Professor

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Homework 1. Due Date: Wednesday 11/26/07 - at the beginning of the lecture

Predicate Logic CHAPTER What This Chapter Is About

15-819M: Data, Code, Decisions

Automated Reasoning. Natural Deduction in First-Order Logic

Lecture 5: Predicate Calculus. ffl Predicate Logic ffl The Language ffl Semantics: Structures

Introduction to Sets and Logic (MATH 1190)

Hoare triples. Floyd-Hoare Logic, Separation Logic

Handout 9: Imperative Programs and State

2 Introduction to operational semantics

CSE 20 DISCRETE MATH. Winter

Constructive Coherent Translation of Propositional Logic

THE FOUNDATIONS OF MATHEMATICS

Module 11. Directed Graphs. Contents

6.001 Notes: Section 8.1

Automated Reasoning PROLOG and Automated Reasoning 13.4 Further Issues in Automated Reasoning 13.5 Epilogue and References 13.

Formally-Proven Kosaraju s algorithm

Logic as a framework for NL semantics. Outline. Syntax of FOL [1] Semantic Theory Type Theory

CS Bootcamp Boolean Logic Autumn 2015 A B A B T T T T F F F T F F F F T T T T F T F T T F F F

Intro to semantics; Small-step semantics Lecture 1 Tuesday, January 29, 2013

CS4215 Programming Language Implementation. Martin Henz

Propositional Calculus. Math Foundations of Computer Science

Mathematical Logic Prof. Arindama Singh Department of Mathematics Indian Institute of Technology, Madras. Lecture - 9 Normal Forms

The Rule of Constancy(Derived Frame Rule)

Reasoning About Imperative Programs. COS 441 Slides 10

BOOLEAN ALGEBRA AND CIRCUITS

Fondamenti della Programmazione: Metodi Evoluti. Lezione 5: Invariants and Logic

CS40-S13: Functional Completeness

logic with quantifiers (informally)

FreePascal changes: user documentation

Discrete Mathematics Lecture 4. Harper Langston New York University

Notes. Notes. Introduction. Notes. Propositional Functions. Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry.

Transcription:

Software Engineering Lecture Notes Paul C. Attie August 30, 2013 c Paul C. Attie. All rights reserved.

2

Contents I Hoare Logic 11 1 Propositional Logic 13 1.1 Introduction and Overview.............................. 13 1.1.1 Combining Propositions: Logical Connectives................ 14 1.1.2 Syntax and Semantics............................. 14 1.1.3 Universal Truth of Propositions........................ 14 1.2 Syntax.......................................... 15 1.2.1 Syntax of Propositions Propositional Formulae............. 15 1.2.2 Deductive Systems, Proofs........................... 17 1.2.3 A Deductive System.............................. 18 1.2.4 Example Proofs................................. 20 1.2.5 The Simplified Proof Format......................... 21 1.3 Semantics........................................ 23 1.3.1 Truth-tables................................... 23 1.3.2 Evaluation of Propositions........................... 24 1.3.3 Satisfiability and Validity, Tautologies.................... 27 1.3.4 Semantic Entailment, Soundness, Completeness............... 28 1.4 Normal Forms...................................... 30 2 Predicate (First-order) Logic 31 2.1 Predicates........................................ 31 2.1.1 Precedence of Operators in a Predicate................... 33 2.1.2 Arithmetic Inequalities............................. 33 2.2 Quantification...................................... 34 2.2.1 Logical Quantifiers The Universal Quantifier.............. 35 2.2.2 Logical Quantifiers The Existential Quantifier............. 35 3

4 CONTENTS 2.2.3 Arithmetic Expressions and Quantifiers................... 36 2.3 Properties of Quantifiers................................ 36 2.3.1 Quantifying Over an Empty Range...................... 36 2.3.2 Quantifiers Bound Variable Laws..................... 37 2.3.3 Quantifiers Range Laws.......................... 37 2.3.4 Quantifiers Function Laws......................... 38 2.3.5 Quantifiers Range and Function Interchange............... 39 2.4 States.......................................... 39 2.5 Notation for Functions, Sets, and Predicates..................... 39 2.6 Semantics: Evaluation of Predicates......................... 40 2.6.1 Satisfiability and Validity, Semantic Entailment............... 41 2.7 Translating English Into First-order Formulae.................... 42 2.7.1 Handling Predicates with Arguments..................... 42 2.7.2 Type Correctness in Writing Predicates................... 43 3 Verification of Program Correctness: Hoare-Floyd Logic 45 3.1 Our Programming Language............................. 45 3.2 Conditional Correctness of Programs: The Hoare Triple Notation {P} S {Q}... 45 3.2.1 Validity of {P } S {Q}............................. 46 3.3 Program Specification................................. 46 3.4 A Deductive System for Proving the Validity of Hoare Triples........... 47 3.4.1 The Assignment Axiom............................ 47 3.4.2 The two-way-if Rule.............................. 47 3.4.3 The one-way-if Rule.............................. 48 3.4.4 The Rules of Consequence the left consequence-rule........... 49 3.4.5 The Rules of Consequence the right consequence-rule.......... 50 3.4.6 The Rule of Sequential Composition..................... 50 3.4.7 The while Rule................................ 52 3.5 Proof Tableaux..................................... 53 3.5.1 Extended Example: Summing an Array................... 54 3.5.2 Another Extended Example: Finding the Minimum Element of an Array 57 3.6 Total Correctness of Programs: The Notation P S Q.............. 62 3.6.1 Specifying Termination Only......................... 63

CONTENTS 5 3.6.2 Relating Total Correctness, Conditional Correctness, and Termination.. 63 3.6.3 Proving Termination: The Proof Rule for Termination of while -loops.. 64 3.6.4 Proof Tableaux for Termination........................ 64 3.7 Deriving Invariants from Postconditions....................... 66 4 Verification of Programs Containing Procedures 67 4.1 Proving Conditional Correctness of Procedures................... 67 4.1.1 Conditional Correctness of Nonrecursive Procedures............ 69 4.1.2 Dealing with Initial Values of Parameters.................. 70 4.1.3 Conditional Correctness of Recursive Procedures.............. 71 4.2 Proving Termination of Procedures.......................... 73 4.2.1 Proving Termination of Nonrecursive Procedures.............. 73 4.2.2 Proving Termination of Recursive Procedures................ 74 II Software Engineering 77 5 Introduction 79 5.1 The Software Construction Problem......................... 79 5.2 Decomposition and Abstraction............................ 80 5.2.1 Example..................................... 81 5.2.2 Discussion.................................... 83 5.3 Errrors in Programs and their Detection....................... 83 6 Review of OO Concepts 85 6.1 Java Program Structure................................ 85 6.2 Packages......................................... 85 6.3 Variables, references, objects, and mutability.................... 85 6.3.1 Mutability.................................... 86 6.3.2 Equality and Identity............................. 86 6.3.3 Strings...................................... 87 6.4 Aliasing......................................... 87 6.5 Method call....................................... 88 6.6 Type checking...................................... 88 7 Procedural Abstraction 89

6 CONTENTS 7.1 Overview........................................ 89 7.1.1 Abstraction by Parametrization........................ 89 7.1.2 Abstraction by Specification.......................... 89 7.2 Specification of a Procedure.............................. 91 7.2.1 Example Specification............................. 91 7.2.2 Initial and Final Values............................ 92 7.2.3 Methodology.................................. 92 7.2.4 Example Implementation........................... 93 7.2.5 Contract View of Specifications........................ 94 7.3 Designing Procedural Abstractions.......................... 94 7.3.1 Choosing which procedures to implement.................. 94 7.3.2 Desirable qualities of procedure abstractions................. 95 7.4 Example of Functional Decomposition........................ 95 7.5 Another Example of Functional Decomposition................... 97 7.6 Behavioral Equivalence of Implementations..................... 98 8 Data Abstraction 99 8.1 Overview........................................ 99 8.2 Abstract Data Type.................................. 99 8.3 Specifying Data Abstractions............................. 100 8.4 Using Data Abstractions................................ 100 8.5 Implementing Data Abstractions........................... 100 8.5.1 Selecting a representation........................... 101 8.5.2 Implement constructors and methods..................... 101 8.5.3 The Abstraction Function........................... 101 8.5.4 The Representation Invariant......................... 102 8.5.5 Implementing the abstraction function and representation invariant.... 102 8.6 Properties of Implementations............................. 103 8.6.1 Benevolent side effects............................. 103 8.6.2 Exposing the Representation......................... 103 8.7 Reasoning about data abstractions.......................... 103 8.8 Example: IntSet.................................... 103 8.9 Linked Lists....................................... 109

CONTENTS 7 8.10 Binary Trees...................................... 113 8.10.1 The Tree Traversal Problem.......................... 114 9 Iterator Abstraction 117 9.1 Overview........................................ 117 9.2 Iteration in Java.................................... 117 9.3 Specifying Iterators................................... 118 9.4 Using Iterators..................................... 119 9.5 Implementing Iterators................................. 119 10 Testing 121 10.1 Overview........................................ 121 10.2 Black Box Testing................................... 121 10.2.1 Testing the cases of a specification...................... 121 10.2.2 Testing boundary conditions......................... 122 10.3 White Box Testing................................... 122 10.4 Testing Abstract Data Types............................. 123 10.5 Unit and Integration Testing............................. 123 10.6 Defensive Programming................................ 124 11 Requirements Specifications 125 11.1 Overview........................................ 125 11.2 The Data Model.................................... 125 11.2.1 The Data Model Graph............................ 126 11.2.2 The Textual Information........................... 127 11.3 Requirements Specifications.............................. 128 11.3.1 Interactive Programs.............................. 129 12 Example Specification for a Web Search Engine 131 12.1 The Specification.................................... 131 12.1.1 The Data Model................................ 131 12.1.2 The derived relations.............................. 132 12.1.3 The constraints................................. 132 12.1.4 The Operations................................. 133

8 CONTENTS 13 Extended example: a student information system 135 13.1 Operations....................................... 135 13.1.1 Register and drop courses........................... 135 13.1.2 Check grade point averages.......................... 137 13.1.3 Check courses needed for graduation..................... 139 13.1.4 Check probation status............................ 139 13.1.5 Check Deans honor list status......................... 140 13.2 Data Model Graph, Data Sets, and Basic Relations................. 140 13.2.1 Data sets.................................... 140 13.2.2 Basic Relations................................. 140 13.2.3 Defined Predicates............................... 141 13.2.4 Derived Functions and Relations....................... 141 13.2.5 Data Model Graph............................... 142 14 Example Requirements Specification for a File System 143 14.1 Primitive Sets and Relations............................. 143 14.2 Derived relations.................................... 144 14.2.1 Define parent in Terms of entries and contents............. 144 14.2.2 Define pn in terms of entries, contents, first, rest........... 145 14.3 Constraints....................................... 145 14.3.1 Parent constraints............................... 145 14.3.2 File system is acyclic............................ 145 14.3.3 Reachability of directories from the Root.................. 146 14.3.4 Reachability of files.............................. 146 14.3.5 Uniqueness of names within a subdirectory................. 147 14.3.6 Uniqueness of FSObjects within a directory................. 147 14.3.7 Basic and Implied Constraints........................ 148 14.4 File System Operations................................ 148 14.4.1 Operations within the current directory................... 149 14.4.2 Operations that take an absolute pathname as input............ 151 14.4.3 Operations that take a relative pathname as input............. 154 14.4.4 Operations that take either kind of pathname as input........... 156 14.4.5 Move and copy operations........................... 158

CONTENTS 9 15 Design 161 15.1 Overview........................................ 161 15.2 Design Documentation................................. 162 15.2.1 The introductory section............................ 162 15.2.2 The abstraction sections............................ 163 15.3 The Design Process................................... 163 15.3.1 Starting the design............................... 163 15.3.2 Designing a target............................... 164 15.3.3 Continuing the design: how to select the next target for design...... 164 16 Example Design for a Web Search Engine 165 16.1 The Design....................................... 165 16.2 The Module Specification for Engine......................... 165 16.3 The Design of Engine................................. 166 16.3.1 Implementation sketch of queryfirst(w).................. 166 16.3.2 Implementation sketch of querymore(w)................... 170 16.3.3 Implementation sketch of finddoc(t)..................... 171 16.3.4 Implementation sketch of adddocfromfile(f)................ 171 16.4 Next major step: document and specify all the abstractions introduced so far.. 171 16.4.1 Selecting the next target............................ 172 16.4.2 Design of TitleTable............................. 172 16.4.3 Design of Query................................ 175 16.4.4 Design of WordTable.............................. 177 16.4.5 Design of Doc.................................. 177 16.4.6 Canonical forms................................ 180 16.5 The Final Design.................................... 180 17 Example: text justification 183 17.1 Specification....................................... 183 17.2 Design: Implementation sketch............................ 188 17.3 Code........................................... 191

10 CONTENTS Acknowledgments The material on propositional, predicate, and Hoare Logic is based on Program Construction and Verification [1] by Roland Backhouse, Prentice-Hall, 1986. Much of the material in this book is based on Program Development in Java [4], by Barbara Liskov and John Guttag, Addison-Wesley, 2001.

Part I Hoare Logic 11

Chapter 1 Propositional Logic 1.1 Introduction and Overview A proposition is a statement that can be either true or false. For example: it rains I ll stay at home On the other hand, statements such as: open the door why were you late? are not propositions. Propositions can be either simple or compound. A simple (or atomic) proposition is a proposition that contains no other proposition as a part. The two propositions given above are simple. A compound proposition is a proposition that is built up from two or more simple propositions. For example, the compound proposition if it rains then I ll stay at home is built up from the two simple propositions given above using if...then. compound proposition it is Tuesday and the sky is blue Likewise, the is built up from the two simple propositions it is Tuesday, the sky is blue using and. In order to translate such propositions into logical notation, we use symbols to represent propositions. it rains: ra I ll stay at home: st it is Tuesday: tu the sky is blue: bl Then, the compound proposition if it rains then I ll stay at home can be represented by: ra st where is the symbol for if... then. The compound proposition it is Tuesday and the sky 13

14 CHAPTER 1. PROPOSITIONAL LOGIC is blue is represented by: tu bl where is the symbol for and. Symbols such as ra, st, tu, bl that represent propositions are called propositional identifiers. When the context makes it clear, we shall use the abbreviated term identifiers instead. 1.1.1 Combining Propositions: Logical Connectives We saw above that compound propositions are formed from simple propositions using extra words such as if... then (or, in symbolic form, the symbol ). These extra words represent logical connectives or operators. We shall mainly be concerned with the following five logical connectives (it is possible to define others): symbol informal meaning conjunction both disjunction at least one of negation opposite implication if...then equivalence same All of the connectives take two propositions as input, except for negation, which takes one. conjunction represents the informal concept of and. disjunction represents the informal concept of inclusive or (one or the other or both). negation represents the informal concept of not, i.e., the logical opposite. implication represents the informal concept of if... then. This concept is very important in deducing a conclusion logically from a set of assumptions, or premises. Finally, equivalence represents the informal concept of logical sameness. 1.1.2 Syntax and Semantics There are two aspects to propositional logic: syntax and semantics. Syntax refers to the notation that we use to write propositions. Semantics refers to how we assign meaning to propositions. An analogy can be made with programming: syntax is the programming language in which we write programs (C++, Java, etc) while semantics is the behavior of the program when we run it, i.e., the programs meaning. A key point is that syntax can be technically defined entirely independent of semantics, as a symbol pushing game. Just as a porgramming language can be defined independently of any discussion of what executing the various statements will do, e.g.., just give a BNF grammar. 1.1.3 Universal Truth of Propositions The whole point of a system of logic is to prove statements (propositions for now). That is, we have some notion of universal truth: some statements are universally true and others are not. For example, by using informal reasoning based on the informal meanings of the propositinal connectives given above, we intuitively expect the following to be universally true:

1.2. SYNTAX 15 (p q) (q p) (p q) p p p while we do not expect (p q) (q p) (p q) p p p to be universally true. There are two main methods for formally proving that a proposition is universally true : Syntactic: devise a deductive system, which consists of axioms and rules of inference. A deductive systems povides a systematic method of constructing a proof that a proposition is universally true. We discuss deductive systems in Section 1.2.2 below. Semantic: formalize the definition of universally true in a semantic system and then check the definition directly. 1.2 Syntax 1.2.1 Syntax of Propositions Propositional Formulae A proposition in general is written as a propositional formula. In other words, a propositional formula is a particular syntactic way of expressing a proposition. Other ways are conceivable, e.g., parse tree, truth-table, etc. For our purposes, we can regard proposition and propositional formula as synonyms. Definition 1 (Proposition) Propositions are formed as follows: 1. true and false are propositions 2. A propositional identifier is a proposition 3. If p is a proposition, then so is ( p) 4. If p and q are propositions, then so are (p q), (p q), (p q), (p q) You are familiar with arithmetic expressions. We can make an analogy between propositions and arithmetic expressions as follows: 1. Any integer constant is an arithmetic expression (e.g., 5, 100) 2. An integer variable is an arithmetic expression 3. If x and y are arithmetic expressions, then so are (x + y), (x y), (x y), (x/y)

16 CHAPTER 1. PROPOSITIONAL LOGIC ((p q) r) p q r p q Figure 1.1: Parse tree for the proposition of example 1 Example 1 If p, q, r are propositions, then so is ((p q) r). Figure 1.1 depicts a parse tree for ((p q) r), showing how it is built up from p, q, r and (p q). These are called subpropositions of ((p q) r). Example 2 If p, q are propositions, then so is (( p) q). Precedence of Logical Connectives In definition 1, every logical connective has a pair of associated parentheses. These parentheses are necessary so that a given proposition has a single well-defined meaning. For example, ((p q) r) is different from (p (q r)); in the state s = {(p, F), (q, F), (r, T)}, the first proposition evaluates to T while the second evaluates to F (the notions of state and evaluate are defined formally later on). Note however, that the outer parentheses are redundant in both cases, e..g, ((p q) r) is equally well written as (p q) r. In general, having one pair of parentheses for each logical connective tends to result in propositions with many parentheses, which are consequently hard to read. Precedence rules establish a convention that allows us to omit many of these parentheses. These rules are: 1. Sequences of the same connective are evaluated left to right 2. The precedence of different connectives is as follows (highest precedence first):,,,,

1.2. SYNTAX 17 Example 3 ((p q) r) can be written as p q r (p (q r)) can be written as p (q r) ((p q) r) can be written as p q r (p (q r)) can be written as p (q r) ( (( p) ( q)) r) can be written as ( p q) r 1.2.2 Deductive Systems, Proofs A deductive system, or calculus, is a symbolic manipulation system whose purpose is to prove statements that are universally true in some sense. It usually has two components: 1. A set of axioms: these are statements that are assumed to be universally true. 2. A set of rules of inference: these are rules that allow us to conclude that a particular statement q (the consequent) follows logically from some other statements p 1,..., p n (the premises). In particular, if p 1,..., p n have already been shown to be universally true, then we can conclude that q is also universally true. A rule of inference gives a deduction step: if we have already proven that the premises p 1,..., p n are universally true, then we can now deduce that the consequent q is universally true by applying the rule. An axiom can be viewed as an inference rule with no premises, since it states that some q is universally true per se. For the time being, we can think of a statement as being a proposition. However, the notion of proof applies to other kinds of statements, as we will see in the chapter on first-order logic. Now given that the axioms are universally true, and that the rules of inference preserve universal truth, it follows that: 1. if we start with the axioms, and 2. conclude new statements only by applying the rules of inference to statements that have previously been shown to be universally true then we will never incorrectly conclude that a statement is a universal truth when in fact it is not. This leads us to the following definition of proof: Definition 2 (Proof) A proof is a finite sequence e 1, e 2,..., e n of statements such that each e i (1 i n) is either an axiom, or follows from earlier statements (e j for 1 j < i) by application of a rule of inference. Remark 1 Every statement that occurs in some proof is a universal truth. Every prefix of a proof is also a proof. Suppose that, starting with some proposition p as an assumption, we can deduce another proposition q using both our proof system and in addition the assumption p. In other words, each e i in Definition 2 can be either an axiom, or follow from previous statements (e j for

18 CHAPTER 1. PROPOSITIONAL LOGIC 1 j < i) by applying a rule of inference, or can be just p itself, written as a statement in the proof without any justification whatsoever. Then, we have proven q using p as an assumption, and so, we have deduced q from p. The same reasoning applies if we replace the single statement p by a set of statements p 1,..., p n. This leads to notion of a deducibility relation between a set of statements p 1,..., p n, used as premises, and a statement q, used as a conclusion. We use the symbol for this relation, and write p 1,..., p n q if and only if q can be deduced from p 1,..., p n. Definition 3 ( ) p 1,..., p n q if and only if there exists a finite sequence e 1, e 2,..., e n of statements such that e n is q and each e i (1 i n) is either: an axiom, or follows from earlier statements (e j for 1 j < i) by application of a rule of inference, or is one of p 1,..., p n. Note that technically, the sequence of statements in the above definition is not necesarily a proof, since the p 1,..., p n are not necessarily axioms. When p 1,..., p n q, there may not be (in general) a single rule of inference whose premises match p 1,..., p n and whose conlcusion matches q. There will be a proof, of some length, of q from p 1,..., p n. When q occurs in a proof, and so is universally valid, it can be deduced from no assumptions, and so we write q, with an empty left hand side of the symbol. A rule of inference can now be formally written as p 1,..., p n q. An axiom is written as q. We regard axioms as statements whose universal truth is accepted on first principles, and so does not need to be proven. An alternative notation is p 1,...,p n q. The following is a definition of equivalent to the one given above, and which illustrates the inductive nature of proof. Definition 4 ( )-alternative p 1,..., p n q if and only if: q is an axiom, or there exist q 1,..., q m such that: q follows from q 1,..., q m by applying some rule of inference, and for all j from 1 to m : p 1,..., p n q j 1.2.3 A Deductive System We now present a deductive system, i.e., a set of axioms and rules of inference. Our system consists of several axioms, and two rules of inference. All of our axioms, apart from the excluded middle, are equivalence statements, i.e., they give the equivalence of two propositions.

1.2. SYNTAX 19 The Axioms 0. Axiom of The Excluded Middle: p p 1. Commutative Axioms: (p q) (q p) (p q) (q p) (p q) (q p) 2. Associative Axioms: p (q r) (p q) r p (q r) (p q) r 3. Distributive Axioms: p (q r) (p q) (p r) p (q r) (p q) (p r) 4. De Morgans Axioms: (p q) p q (p q) p q 5. Axiom of Negation: ( p) p 6. Axiom of Contradiction: p p false 7. Axiom of Implication: p q p q 8. Axiom of equivalence: (p q) (p q) (q p) 9. Axioms of or-simplification: p p p p true true p false p p (p q) p 10. Axioms of and-simplification: p p p p true p p false false p (p q) p 11. Axiom of Identity: p p The Rules of Inference: the rules of Substitution and Transitivity 12. Rule of Substitution Let E(b) be a proposition, written as a function of one of its identifiers b. The rule of substitution is: p q E(p) E(q) The rule of substitution allows us to substitute one proposition for another if they have been previously shown to be equivalent, i.e., it is the logical version of the idea of substitution of eqauls for equals from arithmetic. Example 4 Let E(b) = b r. Now p q p q by the law of implication. Hence

20 CHAPTER 1. PROPOSITIONAL LOGIC (p q) r ( p q) r by the rule of substitution. The rule of transitivity allows us to string together two equivalences that have a common proposition. 13. Rule of Transitivity If p q and q r, then p r. Expressed formally, this is: p q, q r p r. Example 5 p q p q by the law of negation. Also, p q q p by the law of commutativity. Hence p q q p by the rule of transitivity. Both of these rules facilitate the decomposition of a proof problem into several simpler subproblems. 1.2.4 Example Proofs There are several different kinds of statement that can be established using our second deductive system. First, we show how a proposition can be proven universally true, i.e., how to show p. Proof. Proof of (p (q r)) ((p q) r) 1. ( p q r) ( p q r) axiom of excluded middle 2. ( p q r) ( (p q) r) (2), DeMorgan, substitution 3. ( p (q r)) ( (p q) r) (3), implication, substitution 4. (p (q r)) ((p q) r) (4), implication 2, substitution 5. (p (q r)) ((p q) r) (5), implication, substitution The above is a correct proof, according to Definition 2, and so we conclude (p (q r)) ((p q) r). Note our proof format. On the left, we number each line. In the middle, we write down a statement e i (see Definition 2). On the right, we include a comment that explains the reason we are able to append the associated statement to the proof. Typically, this will contain a number (or numbers) that refer(s) to previous statements, as well as the names of the rules of inference that are used. The rule of substitution is used very often in the above proof. This is because we often manipulate only part of a formula (using one of our rules to turn it into something equivalent) and leave the rest untouched. Hence, we will usually use the rule of subsititution implicitly, and omit reference to it. To prove sequents, i.e., statements of the form p 1,..., p n q, we just use the premises p 1,..., p n in the proof as if they were axioms (see Definition 3). Proof. Proof of p q q p

1.2. SYNTAX 21 1. p q premise 2. p q (1), implication 3. q p (2), commutativity 4. q p (3), negation, substitution 5. q p (4), implication We now show how to prove statements of the form p q. Proof. Proof of p q q p. 1. p q p q implication 2. p q q p commutativity 3. q q negation 4. q p q p (3), substitution with E(b) = b p 5. q p q p implication 6. q p q p (5), symmetry of 7. p q q p (1), (2), transitivity of 8. p q q p (4), (7), transitivity of 9. p q q p (6), (8), transitivity of Because the direction of deduction in a proof is one way, from top to bottom, we are now obliged to carry the entire equivalence statement on every line. Thus there is a lot of repetition in the above proof. For example, many statements have a part p q that is never manipulated. If we use the above format, this will often be the case. The next section presents a more economical simplified proof format. 1.2.5 The Simplified Proof Format In the proof of (p (q r)) ((p q) r) above, every statement follows from the immediately preceding statement. Actually, every statement is equivalent to the immediately preceding statement. Hence we do not need to number the statements, but merely insert a sign between each succeeding pair to indicate that these are equivalent. We define this simplified proof format as follows. Definition 5 (Simplified Proof Format) A proof in simplified proof format of the statement e 1 e n is a finite sequence e 1, e 2,..., e n of statements where, for all i such that 1 i n 1, e i e i+1 can be proven using the axioms and rules of inference. To show that a proposition is valid using the simplified proof format, we show that it is equivalent to an axiom, or that it is equivalent to T. Here is Proof 1.2.4 from Section 1.2.4 rewritten in this format. Proof. Proof of t t (p (q r)) ((p q) r)

22 CHAPTER 1. PROPOSITIONAL LOGIC t t axiom of excluded middle ( p q r) ( p q r) substitution ( p q r) ( (p q) r) DeMorgan ( p (q r)) ( (p q) r) implication (p (q r)) ((p q) r) implication 2 (p (q r)) ((p q) r) implication In the above proof, it is difficult to see how the steps are being decided. Many times, it is easier to start with the proposition being proven, and to work backwards. With the simplified proof format, this is easy, since is symmetric. It is, in principle, possible to do this for proofs in the regular format, but much harder, and usually not useful. When we reverse the steps in Proof 1.2.5 we get: Proof. Proof of true (p (q r)) ((p q) r) (p (q r)) ((p q) r) (p (q r)) ((p q) r) implication ( p (q r)) ( (p q) r) implication 2 ( p q r) ( (p q) r) implication ( p q r) ( p q r) DeMorgan t t substitution true axiom of excluded middle This works because we show equivalence with true. Here is a proof of p q q p in the simplified format. Compare it with Proof 1.2.4 in Section 1.2.4 above. Proof. Proof of p q q p p q p q implication q p commutativity q p negation, substitution q p implication Definition 6 (Simplified Proof Format with ) A proof in simplified proof format of the statement e 1 e n is a finite sequence e 1, e 2,..., e n of statements where, for all i such that 1 i n 1, either e i e i+1 or e i e i+1 can be proven using the axioms and rules of inference. This format lets us prove implications, which is very useful in program verification.

1.3. SEMANTICS 23 1.3 Semantics 1.3.1 Truth-tables The meaning of the logical connectives can be given using truth-tables. A truth-table for a logical connective gives the value of a compound proposition formed using the connective in terms of the values of the simple propositions that are the inputs. As we said above, propositions can have two values only: true (which will be written as T from now on), and false (which will be written as F from now on). T and F are called truth-values. The truth-table contains a number of rows, one for each possible combination of values of the inputs. Since true is the proposition that is universally true, its meaning is just the truth value T: true T Truth-table for true Since false is the proposition that is universally false, its meaning is just the truth value F: false F Truth-table for false The meaning of negation is given by the following table: p p T F F T Truth-table for negation Since negation takes one proposition p as input, this table has two rows, one for each possible value of the input p. The meaning of conjunction is given by the following table: p q p q T T T T F F F T F F F F Truth-table for conjunction Since conjunction takes two propositions p, q as input, this table has four rows. Each of the inputs p, q has two possible values, and so the number of combinations of values is 2 2 = 4. Likewise, the truth-tables for the remaining connectives are as follows:

24 CHAPTER 1. PROPOSITIONAL LOGIC p q p q T T T T F T F T T F F F Truth-table for disjunction p q p q T T T T F F F T T F F T Truth-table for implication p q p q T T T T F F F T F F F T Truth-table for equivalence 1.3.2 Evaluation of Propositions Evaluation of Constant Propositions A constant proposition is a proposition that does not contain any identifiers. In other words, constant propositions are composed entirely of the truth values T, F and the logical connectives. You evaluate a constant proposition by executing the following steps: 1. The value of true is T, and the value of false is F. 2. Evaluate a constant proposition containing exactly one connective by using the truthtables given in subsection 1.3.1. 3. Evaluate a constant proposition containing n connectives (for any n > 1) inductively as follows: (a) Find all the subpropositions that contain exactly one connective and evaluate them using step 2. Replace each subproposition by the value obtained for it. (b) Repeat step 3a until you are left with either T or F. Example 6 The proposition ((T F) F) is evaluated as follows. First, the subproposition (T F) is evaluated using the truth table for conjunction (page 23). The result is F. Replacing (T F) by F, we obtain (F F). This is evaluated using the truth table for disjunction (page 24), obtaining the final result of F. Figure 1.2 shows this evaluation process depicted on the parse tree for ((T F) F).

1.3. SEMANTICS 25 F F F T F Figure 1.2: Parse tree depicting the evaluation of ((T F) F) Example 7 The proposition (( F) T) is evaluated as follows. First, the subproposition ( F) is evaluated using the truth table for negation (page 23). The result is T. Replacing ( F) by T, we obtain (T T). This is evaluated using the truth table for equivalence (page 24), obtaining the final result of T. Evaluation of (General) Propositions Now a proposition contains identifiers, in general. Hence, the proposition does not have a truth-value per se. This is because we cannot determine a truth-value for the proposition without knowing truth-values for all of the identifiers in the proposition first. For example, the proposition p q is neither true nor false in itself; it is true if p and q both happen to be true (but we don t know this yet), and false otherwise. Even though propositions do not have truth-values per se, they can be assigned truth-values. We assign a truth-value to a proposition by assigning truth-values to all of it s propositional identifiers. Once this is done, the truth-value of the proposition can be determined by replacing all the identifiers by their assigned values and then evaluating the resulting constant proposition as shown in subsection 1.3.2. Propositional identifiers are assigned truth-values by means of a state: Definition 7 (State) A state is a function from identifiers to truth-values. For example, the state s = {(b, T), (c, F)} assigns T to b and F to c. We use the notation s(b) to denote the value that a state s assigns to an identifier b. If s assigns no value to b, then s(b) is

26 CHAPTER 1. PROPOSITIONAL LOGIC undefined A state is sometimes also called a truth-value assignment, or a valuation. We use the term state because it is more related to the application of logic to programming, which is the focus of this class. Note that a state is somewhat like a row of a truth-table in that it assigns a value to every propositional identifier listed in the truth-table. We say a proposition p is well-defined in state s iff s assigns a truth-value to every identifier in p. For example, the proposition b c is well-defined in the state s = {(b, T), (c, F)}, whereas the proposition b d is not. We will usually assume that p is well-defined in state s when we write s(p), and will not mention this assumption explicitly. If p is well-defined in s, then we use s(p) to denote the truth-value assigned to p by s. s(p) is evaluated as follows: 1. Replace every identifier b in p by its value s(b) in state s 2. You now have a constant proposition. Evaluate it as shown above in subsection 1.3.2 Example 8 We evaluate the proposition ((p q) r) in the state s = {(p, T), (q, F), (r, F)}. Replacing p, q, r by their values T, F, F in state s, we obtain the constant proposition ((T F) F). From example 6, We see that this evaluates to F. We can construct a truth-table for an arbitrary proposition by evaluating it on all 2 n possible combinations of its input values (assuming it contains n propositional identifiers). Example 9 Truth-table for ((p q) r). The row within lines corresponds to example 8. p q r (p q) ((p q) r) T T T T T T T F T T T F T F T T F F F F F T T F T F T F F F F F T F T F F F F F Truth-table for ((p q) r) Example 10 We evaluate the proposition (( p) q) in the state s = {(p, F), (q, T)}. Replacing p, q by their values F, T in state s, we obtain the constant proposition (( F) T). From example 7, We see that this evaluates to T. We formally define the method of evaluating propositions as follows. Definition 8 (Evaluation of Propositions) Let p, q be propositions. Then, we have 1. s(true) = T, and s(false) = F

1.3. SEMANTICS 27 2. s( p) = (s(p)) 3. s(p q) = (s(p) s(q)) 4. s(p q) = (s(p) s(q)) 5. s(p q) = (s(p) s(q)) 6. s(p q) = (s(p) s(q)) Since s(p), s(q) are truth-values, it is permissible to use them as inputs to logical connectives. An important point is that our method of evaluating propositions is compositional: once the value of the subformulae p, q has been determined we cau use the appropriate truth-table to find the value of p q, p q etc. Since the (truth) value of a proposition depends only on the (truth) value of its subpropositions, this is called truth-functional semantics. Example 11 We redo Example 8 using Definition 8 as follows. s((p q) r) = s(p q) s(r) = (s(p) s(q)) s(r) = (T F) F = F F = F. 1.3.3 Satisfiability and Validity, Tautologies Using a deductive system, we formalized the idea of universally true by the idea that any proposition that has a proof is universally true: if p then p is universally true. We justified this as follows: (1) axioms are universally true, and (2) rules of inference preserve universal truth, i.e., if the premises are universally true, then so is the conclusion. Then, a simple inductive argument (on the length of a proof) establishes the above assertion. However, the notion of universally true is still an informal one, so this is not completely satisfying. Now that we know how to evalulate propositions, we can formalize this notion. Intuitively, a proposition is universally true if it evaluates to true in every state (in which it is well-defined). We call this formal notion validity: Definition 9 (Valid) A proposition p is valid iff for every state s such that s(p) is well-defined, s(p) = T. We call a proposition that is valid a tautology. Notice that true is a tautology. Example 12 p p is a tautology. (p (q r)) ((p q) r) is a tautology. What about propositions that are universally false? The corresponding formal concept is that of a contradiction : Definition 10 (Contradiction) A proposition p is a contradiction iff for every state s such that s(p) is well-defined, s(p) = F.

28 CHAPTER 1. PROPOSITIONAL LOGIC Finally, what about propositions that are neither universally true nor universally false? These are called contingencies : Definition 11 (Contingency) A proposition p is a contingency iff there exists a state s in which p is well-defined such that s(p) = T, and there exists a state t in which p is well-defined such that t(p) = F. Example 13 p is a contingency. Finally, another important idea is that of satisfiable : Definition 12 (Satisfiable) A proposition p is satisfiable iff there exists a state s in which p is well-defined such that s(p) = T. Example 14 p p is a contradiction. Exercise 1 Show that p is valid iff p is not satisfiable, i.e., that satisfiability is the dual of validity. Show that p is not satisfiable iff p is a contradiction. Show that p is a contingency iff both p and p are satisfiable. 1.3.4 Semantic Entailment, Soundness, Completeness Returning now to our key idea: if p then p is universally true, we now replace universally true by its formal counterpart, valid : if p then p is valid. In other words, our deductive system admits only proofs of valid propositions. This is actually the main reason for having deductive systems, to be able to prove that some propositions are valid. This crucial property of a deductive system is called soundness. We show below that our two deductive systems presented above are sound. The converse property: if p is valid then p is called completeness. It states that if a proposition is valid, then there is proof of that proposition. Completeness is desirable: a complete deductive system is more useful than an incomplete one. However, completeness is not crucial in the way that soundness is; incomplete deductive systems can still be useful. Indeed some logics (e.g., second-order logic, Hoare logic for languages with procedure parameters) are inherently incomplete: it is known that no complete deductive system exists for such logics. In a deductive system that is both sound and complete, we have:

1.3. SEMANTICS 29 p iff p is valid. Thus, provability and validity coincide, and we see that validity is the semantic counterpart of the (syntactic notion of) proof. We would also like a semantic counterpart of p q, i.e., of deducibility. This is given by the relation of semantic entailment, which is denoted by the symbol =: Definition 13 (Semantic Entailment, =) p 1,..., p n = q if and only if, for every state s such that s(p i ) = T for all i = 1,..., n, we also have s(q) = T. We write = q when there are no p i, i.e., for every state s, s(q) = T. Clearly, = q just says that q is valid. We now generalize the above statements of soundness and completeness as follows: Soundness: if p 1,..., p n q then p 1,..., p n = q. Completeness: if p 1,..., p n = q then p 1,..., p n q. Definition 14 Semantic Equivalence If p = q and q = p then we say that p and q are semantically equivalent. Soundness of the Deductive Systems Theorem 1 The proof system given in Section 1.2.3 is sound. For sake of simplicity, we will prove soundness in the restricted case only, and assume the simplified proof format, just to give you an idea of how such a proof is carried out. Theorem 2 In the proof system given in Section 1.2.3, if p then = p. Proof : For each axiom, check its validity by constructing its truth tableand checking that every row gives a result of T. For the rule of substitution, we argue that if p q, then E(p) E(q) by induction on the number of times that this rule has been used. Suppose that the first k uses of the rule are sound. Now suppose that p q is true. From the previous paragraph, and our inductive hypothesis, we have p q. Let s be any state whatsoever (we usually say: let s be an arbitrary state). By definition of how a proposition is evaluated (subsection 1.3.2), s(e(p)) and (E(q)) are computed by replacing all occurrences of p, q in E(p), E(q) by s(p), s(q) respectively. But s(p) = s(q) since p q. Hence s(e(p)) must have the same value as s(e(q)). Thus E(p) E(q) holds. Now suppose p. Thus p occurs in a proof. All proofs in the simplified proof format establish p t t, where t t is an instance of the axiom of excluded middle, since this is the only axiom. Thus p t t. Now = t t. Hence = p.

30 CHAPTER 1. PROPOSITIONAL LOGIC The rule of transitivity is left as an exercise. (end of proof) 1.4 Normal Forms It is occasionally very useful to be able to convert a proposition into an equivalent proposition that has a particular syntactic form. Two forms in particular shall concern us disjunctive normal form and conjunctive normal form. Definition 15 (Literal) A literal is either a propositional identifier or the negation of a propositional identifier. Definition 16 (Disjunctive Normal Form) A proposition is in disjunctive normal form iff it is a disjunction of conjunctions of literals. Definition 17 (Conjunctive Normal Form) A proposition is in conjunctive normal form iff it is a conjunction of disjunctions of literals. Theorem 3 For every proposition p, there is an equivalent proposition in disjunctive normal form. Proof : Left as an exercise. Theorem 4 For every proposition p, there is an equivalent proposition in conjunctive normal form. Proof : Left as an exercise. Example 15 The proposition p q can be expressed in disjunctive normal form as (p q) ( p q). It can be expressed in conjunctive normal form as ( p q) (p q).

Chapter 2 Predicate (First-order) Logic 2.1 Predicates A predicate is like a proposition, except that propositional identifiers may be replaced by any expression that has value T or F, e.g.: 1. Predicate symbols: P (v 1,..., v n ) expresses that a relation P holds among the n values v 1,..., v n. For example, the arithmetic inequalities =,, <,, >, are predicates, as in x 1 < x 2. 2. Logical quantifiers: these allow you to express for all and there exists in formal logic. These expressions are called atomic predicates. Atomic predicates play an analogous role in predicates that propositional identifiers do in propositions. They provide the expressions that are evaluated in a given state to provide truth-values. These truth-values are combined using the logical connectives to produce the final truth-value of a predicate. Notice that, predicates take values (over some domain) as arguments, e.g., x 1 < x 2. So, we need to enlarge our propositional language to be able to denote values. First, we admit constants, e.g., 21, 56, 0. Second, we admit variables, e.g., x, y, z. Finally, we admit function symbols, e.g., f(21), g(x, y), h(y, 56). Note that function (symbols) are applied to arguments, e.g, f is applied to 21, g is applied to x, y etc. A function can be applied (i.e., take as arguments) constants, variables, or the result of other function applications, e.g., f(g(x, y)), f(f(21)). Note that a function can be applied to the result from a previous application of the same functions, as in f(f(21)). This is just how a recursive function works. Each function symbol takes a fixed number n 0 of arguments, called its arity. When n = 0, the function symbol represents a constant, since a function with no arguments cannot change. Let F be the set of all function symbols in our language. This leads to the definition of the class of terms: Definition 18 (Term) The set of terms is built up as follows: A constant is a term. 31

32 CHAPTER 2. PREDICATE (FIRST-ORDER) LOGIC A variable is a term. If t 1,..., t n are terms and f F is a function symbol with arity n 1, then f(t 1,..., t n ) is a term. Nothing else is a term. We used P (v 1,..., v n ) above to indicate that relation P holds among the n values v 1,..., v n. P is a predicate symbol, which represents some relation. As with function symbols, each predicate symbol takes a fixed number n of arguments, i.e., has a fixed arity n. Also, since predicate symbols denote relations among values, they will take terms as arguments, since terms denote values. This leads to the definition of atomic prodicate. Let P be the set of all predicate symbols in our language. Definition 19 (Atomic Predicate) Atomic Predicates are formed as follows: 1. true and false are atomic predicates. 2. A propositional identifier is an atomic predicate. 3. If t 1,..., t n are terms and P P is a predicate symbol with arity n, then P (t 1,..., t n ) is an atomic predicate. The syntax of predicates is defined as follows. Definition 20 (Predicate) Predicates are formed as follows: 1. An atomic predicate is a predicate. 2. If p is a predicate, then so is ( p). 3. If p and q are predicates, then so are (p q), (p q), (p q), (p q). 4. If p is a predicate and x is a variable, then x p and x p are predicates 5. Nothing else is a predicate Predicates are also called formulas. Let x be a variable and r, p be predicates. We use ( x : r : p) as an abbreviation for x (r p), and ( x : r : p) as an abbreviation for x (r p). We call r the range and p the quantified predicate. We use x y p as an abbreviation for x y p, and similarly for more than two variables. Likewise x y p abbreviates x y p. We discuss quantification in much more detail below. Example 16 If i, j are integer variables and r is a proposition, then ((i < j) r) is a predicate.

2.1. PREDICATES 33 ((i < j) r) i < j r < i j Figure 2.1: Parse tree for ((i < j) r). 2.1.1 Precedence of Operators in a Predicate The operators, such as <, =, used in atomic predicates have higher precedence than logical connectives. Example 17 ((i < j) r) can be rewritten as i < j r. 2.1.2 Arithmetic Inequalities We assume as axioms all the familiar properties of arithmetic inequalities. These can be used in proofs by giving arithmetic as the law used. Some typical properties that you might use are: i, j, k (i < j j < k i k) (i j j k i k) i, j, k (i j j i i = j) i, j, k (i < j i + k < j + k) (i j i + k j + k) i, j, k (k > 0 i < j k i < k j) (k 0 i j k i k j) i, j, k (k < 0 i < j k i > k j) (k 0 i j k i k j)

34 CHAPTER 2. PREDICATE (FIRST-ORDER) LOGIC 2.2 Quantification We use LQ to stand for either or. Let p be a formula not containing any quantifiers. In LQ x p: x is the bound variable. x is said to be bound to LQ. All occurrences of x in LQxp are bound occurrences, i.e., the occurrence of x immediately following LQ, and all occurrences of x in p. p is the quantified predicate. In LQ x p, the bound variable x is a place holder that can be replaced by another variable y provided that this does not cause capture: x(w = z x) and y(w = z y) mean the same thing, namely that w is a multiple of z, but w(w = z w) means T (i.e., it is valid), since the quantified predicate w = z w is true for w = 0. So, replacing x by y preserved meaning, while replacing x by w did not. Before defining capture, we need to define the notion of free and bound occurrences of variables. The discussion above gives a definition of bound occurrence that works only when the quantified predicate p does not itself contain any quantifiers. If p contains quantifiers over variables other than x, then this does not affect the binding status of occurrences of x in p. If however, p contains a quantifier over x, e.g., p is x p, and we have: x x p then, the x quantifier overrides the x quantifier. So, we define: Definition 21 Bound and free occrrence of a variable Let p be a formula. In LQ x p: The occurrence of x immediately following LQ is bound to LQ. Occurrences of x within p are bound to the first LQ x quantifier that is encountered when moving left in LQ x p from where the occurence is. An occurrence of a variable that is not bound is free. Notice that in LQ x p, the occurrences of x that are bound to LQ x are exactly those occurrences of x that are free in p (considered by itself). Definition 22 Scope of a quantifier Let p be a formula. In LQ x p, the scope of LQ x is all of p, excepting subformulae of p that themselves have the form LQ xp. In other words, the scope of LQ x is that part of p where any occurrence of x would be bound to LQ x. Definition 23 Capture, t is not free for x in p Let t be a term, x be a variable, and p be a formula. Then t is not free for x in p iff there is a variable y such that:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback