From OCL to Propositional and First-order Logic: Part I

Similar documents
Overview of the KeY System

From OCL to Typed First-order Logic

Typed First-order Logic

Fundamentals of Software Engineering

15-819M: Data, Code, Decisions

Formal Systems II: Applications

Fundamentals of Software Engineering

6. Hoare Logic and Weakest Preconditions

A Short Introduction to First-Order Theorem Proving with KeY

Overview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.

Propositional Logic. Part I

Finite Model Generation for Isabelle/HOL Using a SAT Solver

Typed Lambda Calculus for Syntacticians

Handling Integer Arithmetic in the Verification of Java Programs

Propositional Logic Formal Syntax and Semantics. Computability and Logic

From Hoare Logic to Matching Logic Reachability. Grigore Rosu and Andrei Stefanescu University of Illinois, USA

Testing, Debugging, Program Verification

Fundamentals of Software Engineering

Typed Lambda Calculus

Verifying Java Programs Verifying Java Programs with KeY

Programming Languages Third Edition

Semantics and Pragmatics of NLP Propositional Logic, Predicates and Functions

Software Engineering using Formal Methods

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

A Logic of Proofs for Differential Dynamic Logic

COMBINING PARTIAL EVALUATION AND SYMBOLIC EXECUTION

Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Verifying Java Programs Verifying Java Programs with KeY

A Theorem Prover for Differential Dynamic Logic

Formal Specification and Verification

Main Goal. Language-independent program verification framework. Derive program properties from operational semantics

Formal Systems and their Applications

Fundamentals of Software Engineering

Introduction to Axiomatic Semantics

KeY Quicktour. 1 Introduction/Prerequisites Version Information Logical Foundations The KeY-Prover... 2

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Semantics with Applications 3. More on Operational Semantics

Verifying Java Programs with KeY

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Lectures 20, 21: Axiomatic Semantics

CS 512, Spring 2017: Take-Home End-of-Term Examination

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

6.0 ECTS/4.5h VU Programm- und Systemverifikation ( ) June 22, 2016

VS 3 : SMT Solvers for Program Verification

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Software Engineering Lecture Notes

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Distributed Systems Programming (F21DS1) Formal Verification

LOGIC AND DISCRETE MATHEMATICS

Towards a Logical Reconstruction of Relational Database Theory

Where Can We Draw The Line?

Semantics and Pragmatics of NLP

The KeY System 1.0 (Deduction Component)

CSC 501 Semantics of Programming Languages

Semantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics

CMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics

Propositional Calculus: Boolean Functions and Expressions. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Towards a GUI for Program Verification with KeY. Master of Science Thesis in the Programme Software Engineering and Technology

Cover Page. The handle holds various files of this Leiden University dissertation

3.7 Denotational Semantics

Formal Verification. Lecture 10

An Annotated Language

Higher-Order Logic. Specification and Verification with Higher-Order Logic

Situation Calculus and YAGI

From Hoare Logic to Matching Logic Reachability

LTCS Report. Concept Descriptions with Set Constraints and Cardinality Constraints. Franz Baader. LTCS-Report 17-02

Chapter 3. Describing Syntax and Semantics

Induction and Semantics in Dafny

Verifying Safety Property of Lustre Programs: Temporal Induction

This is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS

Chapter 3 (part 3) Describing Syntax and Semantics

Static program checking and verification

Chapter 3. Describing Syntax and Semantics ISBN

Chapter 3: Propositional Languages

Towards Combined Static and Runtime Verification of Distributed Software

Combining Static and Dynamic Contract Checking for Curry

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

Chapter 3. Semantics. Topics. Introduction. Introduction. Introduction. Introduction

Dynamic Frames in Java Dynamic Logic

Chapter 2 (First-Order Logic) of. Verification of Object-Oriented Software

Handout 9: Imperative Programs and State

Denotational Semantics

Automated Reasoning. Natural Deduction in First-Order Logic

Denotational Semantics. Domain Theory

Binary Decision Diagrams

2 Introduction to operational semantics

T Reactive Systems: Kripke Structures and Automata

Application: Programming Language Semantics

Software Engineering: A Practitioner s s Approach, 6/e Roger Pressman. Chapter 28 Formal Methods

Logic as a framework for NL semantics. Outline. Syntax of FOL [1] Semantic Theory Type Theory

Formal Methods for Java

Formal Methods. CITS5501 Software Testing and Quality Assurance

Outline. What is semantics? Denotational semantics. Semantics of naming. What is semantics? 2 / 21

A Hoare Logic Contract Theory: An Exercise in Denotational Semantics

Basic Verification Strategy

A short manual for the tool Accumulator

JML tool-supported specification for Java Erik Poll Radboud University Nijmegen

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Software Quality Assurance

Transcription:

22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 From OCL to Propositional and First-order Logic: Part I Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally developed by Reiner Hähnle at Chalmers University and modified by Cesare Tinelli at the University of Iowa. These notes are copyrighted materials and may not be used in other course settings outside of the University of Iowa in their current form or modified form without the express written permission of one of the copyright holders. 22c181: Formal Methods in Software Engineering p.1/32

Contents Overview of KeY UML and its semantics Introduction to OCL Specifying requirements with OCL Modelling of Systems with Formal Semantics Propositional & First-order logic, sequent calculus OCL to Logic, horizontal proof obligations, using KeY Dynamic logic, proving program correctness Java Card DL Vertical proof obligations, using KeY Wrap-up, trends 22c181: Formal Methods in Software Engineering p.2/32

Reminder: Object Diagrams and OCL id0815:person name = Jane age = 5 ownership harley17:bike colour = idblack idblack:colour black() = idblack white() = idwhite red() = idred id0825:person name = Paul age = 25 context inv: ownership bmw3:car colour = idwhite Vehicle self.owner.age >= 18 idwhite:colour black() = idblack white() = idwhite red() = idred idred:colour black() = idblack white() = idwhite red() = idred 22c181: Formal Methods in Software Engineering p.3/32

Reminder: Object Diagrams and OCL id0815:person name = Jane age = 5 ownership harley17:bike colour = idblack idblack:colour black() = idblack white() = idwhite red() = idred id0825:person name = Paul age = 25 context inv: ownership bmw3:car colour = idwhite Vehicle self.owner.age >= 18 I(Vehicle) = {harley17, bmw3} idwhite:colour black() = idblack white() = idwhite red() = idred idred:colour black() = idblack white() = idwhite red() = idred 22c181: Formal Methods in Software Engineering p.3/32

Reminder: Object Diagrams and OCL id0815:person name = Jane age = 5 ownership harley17:bike colour = idblack idblack:colour black() = idblack white() = idwhite red() = idred id0825:person name = Paul age = 25 context inv: ownership bmw3:car colour = idwhite Vehicle self.owner.age >= 18 I(Vehicle) = {harley17, bmw3} idwhite:colour black() = idblack white() = idwhite red() = idred idred:colour black() = idblack white() = idwhite red() = idred harley17.i(owner).i(age) 18 and bmw3.i(owner).i(age) 18 22c181: Formal Methods in Software Engineering p.3/32

Reminder: Object Diagrams and OCL id0815:person name = Jane age = 5 ownership harley17:bike colour = idblack idblack:colour black() = idblack white() = idwhite red() = idred id0825:person name = Paul age = 25 context inv: ownership bmw3:car colour = idwhite Vehicle self.owner.age >= 18 I(Vehicle) = {harley17, bmw3} idwhite:colour black() = idblack white() = idwhite red() = idred idred:colour black() = idblack white() = idwhite red() = idred harley17.i(owner).i(age) 18 and bmw3.i(owner).i(age) 18 I(owner) : Vehicle Person 22c181: Formal Methods in Software Engineering p.3/32

Reminder: Object Diagrams and OCL id0815:person name = Jane age = 5 ownership harley17:bike colour = idblack idblack:colour black() = idblack white() = idwhite red() = idred id0825:person name = Paul age = 25 context inv: ownership bmw3:car colour = idwhite Vehicle self.owner.age >= 18 I(Vehicle) = {harley17, bmw3} idwhite:colour black() = idblack white() = idwhite red() = idred idred:colour black() = idblack white() = idwhite red() = idred harley17.i(owner).i(age) 18 and bmw3.i(owner).i(age) 18 I(owner)(harley17) = I(owner)(bmw3) = id0825 22c181: Formal Methods in Software Engineering p.3/32

Reminder: Object Diagrams and OCL id0815:person name = Jane age = 5 ownership harley17:bike colour = idblack idblack:colour black() = idblack white() = idwhite red() = idred id0825:person name = Paul age = 25 context inv: ownership bmw3:car colour = idwhite Vehicle self.owner.age >= 18 I(Vehicle) = {harley17, bmw3} idwhite:colour black() = idblack white() = idwhite red() = idred idred:colour black() = idblack white() = idwhite red() = idred harley17.i(owner).i(age) 18 and bmw3.i(owner).i(age) 18 I(owner)(harley17) = I(owner)(bmw3) = id0825 id0825.i(age) 18 22c181: Formal Methods in Software Engineering p.3/32

Reminder: Object Diagrams and OCL id0815:person name = Jane age = 5 ownership harley17:bike colour = idblack idblack:colour black() = idblack white() = idwhite red() = idred id0825:person name = Paul age = 25 context inv: ownership bmw3:car colour = idwhite Vehicle self.owner.age >= 18 I(Vehicle) = {harley17, bmw3} idwhite:colour black() = idblack white() = idwhite red() = idred idred:colour black() = idblack white() = idwhite red() = idred harley17.i(owner).i(age) 18 and bmw3.i(owner).i(age) 18 I(owner)(harley17) = I(owner)(bmw3) = id0825 id0825.i(age) 18 I(age)(id0825) = 25 25 18 22c181: Formal Methods in Software Engineering p.3/32

OCL and Formal Proofs Snapshots provide formal semantics for UML and OCL can formally prove properties of model and implementation 22c181: Formal Methods in Software Engineering p.4/32

OCL and Formal Proofs Snapshots provide formal semantics for UML and OCL can formally prove properties of model and implementation Examples: Invariant of class A implies invariant of class B For each snapshot I: if A s invariant holds in I, then so does B s Horizontal verification problem (within specification) Implementation of operation m fulfills its contract For each snapshot I: if precondition of m holds in I, then its postcondition holds in snapshot I produced by execution of m Vertical verification problem (implementation against specification) 22c181: Formal Methods in Software Engineering p.4/32

Snapshots and States: Static View Snaphots have static and dynamic part 22c181: Formal Methods in Software Engineering p.5/32

Snapshots and States: Static View Snaphots have static and dynamic part Static (object diagram): objects, attribute values, associations Static part of snapshot similar to execution state of program Denote such states with s, set of all states S (infinite!) Think of one single state as object diagram Proving horizontal verification problem: state inclusion 22c181: Formal Methods in Software Engineering p.5/32

Snapshots and States: Static View Snaphots have static and dynamic part Static (object diagram): objects, attribute values, associations Static part of snapshot similar to execution state of program Denote such states with s, set of all states S (infinite!) Think of one single state as object diagram Proving horizontal verification problem: state inclusion Example: Let inv A be invariant of class A, inv B invariant of class B {s S inv A holds in s} {s S inv B holds in s} 22c181: Formal Methods in Software Engineering p.5/32

Snapshots and States: Dynamic View Program state s = static part of snapshot Set of all states S Dynamic part of snapshot: Semantics of operations m: ρ(m) : S S Operation can be seen as state transformer For each m and s S result state ρ(m)(s) ρ is partial function: programs deterministic, may not terminate Proving vertical verification problem: state reachability 22c181: Formal Methods in Software Engineering p.6/32

Snapshots and States: Dynamic View Program state s = static part of snapshot Set of all states S Dynamic part of snapshot: Semantics of operations m: ρ(m) : S S Operation can be seen as state transformer For each m and s S result state ρ(m)(s) ρ is partial function: programs deterministic, may not terminate Proving vertical verification problem: state reachability Example: Let pre be precondition, post postcondition of m Does post hold in all states s {ρ(m)(s) s satisfies pre}? Does post hold in all states s that can be reached via m from any state s satisfying pre? 22c181: Formal Methods in Software Engineering p.6/32

Dynamic Part of Snapshots as LTS (Deterministic) Labelled Transition System (LTS) K = (S, ρ): S set of states, ρ : Method (S S) (takes a program and returns a map from S to S), α = ρ(m), β = ρ(m ) a s 1 β s 2 α β α β s 4 α β a a s 5 s 6 s 3 Infinite number of states need theorem proving (or approximation) 22c181: Formal Methods in Software Engineering p.7/32

Dynamic Part of Snapshots as LTS Each state is a static snapshot (ie, object diagram) with the current objects and values. If ρ(m) takes, say, state s 1 into s 4, then a directed edge from s 1 to s 4 labelled with ρ(m) is present in K. ρ(m) is then a (possibly infinite) number of pre-/post execution state pairs. There is no explicit notion of initial state. One may consider as initial states those that satisfy the precondition of a distinguished main method (and possibly the invariant of its class). 22c181: Formal Methods in Software Engineering p.8/32

Encoding Verification Problem in Logic UML Model Patterns/Idioms CASE Tool Java (Card) (partial implementation) OCL (partial specification) Java (Card) RecodeR Univ Karlsruhe AST XML API AST FOL/Java Card DL OCL OCL Parser Univ Dresden Translation formula synthesis (vert. verif.) Formal proof Interactive/Automated Theorem Prover 22c181: Formal Methods in Software Engineering p.9/32

Why translate OCL into Logic? 22c181: Formal Methods in Software Engineering p.10/32

Why translate OCL into Logic? Difficult and expensive to develop theorem prover for a formalism OCL only one of many specification languages (JML, RSL, etc.) OCL prone to change (1.3, 1.4, 1.5,..., 2.0,...?) First order logic (FOL) well understood, mature tools FOL in verification like the Reals in Calculus 22c181: Formal Methods in Software Engineering p.10/32

Why translate OCL into Logic? Difficult and expensive to develop theorem prover for a formalism OCL only one of many specification languages (JML, RSL, etc.) OCL prone to change (1.3, 1.4, 1.5,..., 2.0,...?) First order logic (FOL) well understood, mature tools FOL in verification like the Reals in Calculus OCL not designed for verification, programming language independent OCL (UML) doesn t know about implementation of operations Need to incorporate Java data types and programs OCL not designed to express verification problems OCL doesn t know about (class) initialization (<2.0) 22c181: Formal Methods in Software Engineering p.10/32

Contents Overview of KeY UML and its semantics Introduction to OCL Specifying requirements with OCL Modelling of Systems with Formal Semantics Propositional & First-order logic, sequent calculus OCL to Logic, horizontal proof obligations, using KeY Dynamic logic, proving program correctness Java Card DL Vertical proof obligations, using KeY Wrap-up, trends 22c181: Formal Methods in Software Engineering p.11/32

Formalisation Real World Formalisation Formal Model 22c181: Formal Methods in Software Engineering p.12/32

Formalisation Formal Language Real World Formal Semantics 22c181: Formal Methods in Software Engineering p.12/32

Formalisation UML OCL Java Real World I, ρ Snapshots/LTS 22c181: Formal Methods in Software Engineering p.12/32

Formalisation UML OCL Java I, ρ Real World Snapshots/LTS infinite 22c181: Formal Methods in Software Engineering p.12/32

Formalisation UML OCL Java I, ρ Real World Snapshots/LTS infinite Calculus finite 22c181: Formal Methods in Software Engineering p.12/32

Formal Verification UML OCL Java I, ρ Real World Snapshot/ LTS infinite Calculus finite 22c181: Formal Methods in Software Engineering p.13/32

Formal Verification UML OCL Java I, ρ Real World Obj. Diagr. Snapshot/ LTS Calculus 22c181: Formal Methods in Software Engineering p.13/32

Formal Verification UML OCL Java I, ρ Translation FO Logic Dyn. Logic I, ρ Real World Obj. Diagr. Snapshot/ LTS FO Interp. Kripke Str. Calculus 22c181: Formal Methods in Software Engineering p.13/32

Formal Verification UML OCL Java I, ρ Translation FO Logic Dyn. Logic I, ρi, ρ, = Real World Obj. Diagr. Snapshot/ LTS Calculus FO Interp. Kripke Str. Sequent Calculus 22c181: Formal Methods in Software Engineering p.13/32

Syntax, Semantics, Calculus Syntax Formula I, ρ, = Semantics Valid Calculus Derivable 22c181: Formal Methods in Software Engineering p.14/32

Syntax, Semantics, Calculus Syntax Formula I, ρ, = Semantics Valid Calculus Derivable Completeness 22c181: Formal Methods in Software Engineering p.14/32

Syntax, Semantics, Calculus Syntax Formula I, ρ, = Semantics Valid Calculus Derivable Completeness Soundness 22c181: Formal Methods in Software Engineering p.14/32

Propositional Logic Propositional Formulas I, = Mapping Variables into {true, f alse} Sequent Calculus SAT solver 22c181: Formal Methods in Software Engineering p.15/32

Propositional Logic Propositional Formulas I, = Mapping Variables into {true, f alse} Sequent Calculus 22c181: Formal Methods in Software Engineering p.15/32

Contents Overview of KeY UML and its semantics Introduction to OCL Specifying requirements with OCL Modelling of Systems with Formal Semantics Propositional & First-order logic, sequent calculus OCL to Logic, horizontal proof obligations, using KeY Dynamic logic, proving program correctness Java Card DL Vertical proof obligations, using KeY Wrap-up, trends 22c181: Formal Methods in Software Engineering p.16/32

Propositional Logic: Syntax Propositional Formulas I, = Mapping Variables into {true, f alse} Sequent Calculus 22c181: Formal Methods in Software Engineering p.17/32

Syntax of Propositional Logic The Signature: Propositional Variables P = {p i i IN} with type Boolean 22c181: Formal Methods in Software Engineering p.18/32

Syntax of Propositional Logic The Signature: Propositional Variables P = {p i i IN} with type Boolean Connectives {true, false, &,,!, ->, <-> } 22c181: Formal Methods in Software Engineering p.18/32

Syntax of Propositional Logic The Signature: Propositional Variables P = {p i i IN} with type Boolean Connectives {true, false, &,,!, ->, <-> } Propositional Formulas For 0 (all have type Boolean) Truth constants true, false and variables P are formulas 22c181: Formal Methods in Software Engineering p.18/32

Syntax of Propositional Logic The Signature: Propositional Variables P = {p i i IN} with type Boolean Connectives {true, false, &,,!, ->, <-> } Propositional Formulas For 0 (all have type Boolean) Truth constants true, false and variables P are formulas If G and H are formulas then!g, (G &H), (G H), (G -> H), (G <-> H) are also formulas There are no other formulas (inductive definition) 22c181: Formal Methods in Software Engineering p.18/32

Propositional Logic: Semantics Propositional Formulas I, = Mapping Variables into {true, f alse} Sequent Calculus 22c181: Formal Methods in Software Engineering p.19/32

Semantics of Propositional Logic Interpretation I Assigns a truth value to each propositional variable I : P {true,false} 22c181: Formal Methods in Software Engineering p.20/32

Semantics of Propositional Logic Interpretation I Assigns a truth value to each propositional variable I : P {true,false} Valuation function val I : extension of I to For 0 val I : For 0 {true,false} 22c181: Formal Methods in Software Engineering p.20/32

Semantics of Propositional Logic Interpretation I Assigns a truth value to each propositional variable I : P {true,false} Valuation function val I : extension of I to For 0 val I (p i ) = I(p i ) val I (true) = true val I (false) = false val I : For 0 {true,false} true if val I (G) = false or val I (G -> H) = val I (H) = true f alse otherwise etc. I satisfies G if val I (G) = true; otherwise, it falsifies G. 22c181: Formal Methods in Software Engineering p.20/32

Example Formula p -> (q -> p) 22c181: Formal Methods in Software Engineering p.21/32

Example Formula p -> (q -> p) Interpretation (one of four that are possible) I(p) = true I(q) = false 22c181: Formal Methods in Software Engineering p.21/32

Example Formula p -> (q -> p) Interpretation (one of four that are possible) I(p) = true I(q) = false Valuation val I ( q -> p ) = true 22c181: Formal Methods in Software Engineering p.21/32

Example Formula p -> (q -> p) Interpretation (one of four that are possible) I(p) = true I(q) = false Valuation val I ( q -> p ) = true val I ( p -> (q -> p) ) = true 22c181: Formal Methods in Software Engineering p.21/32

Semantic Notions Let G For 0, Γ For 0 Validity Relation = G is valid in I iff val I (G) = true (write: I = G) A formula that is valid in some interpretation is satisfiable Γ entails G (Γ = G) iff for all interpretations I: If I = H for all H Γ then also I = G If G is valid in any interpretation, i.e = G (short : = G) then G is called logically valid 22c181: Formal Methods in Software Engineering p.22/32

Propositional Logic Examples Satisfiable? p & ((!p) q) 22c181: Formal Methods in Software Engineering p.23/32

Propositional Logic Examples p & ((!p) q) Satisfiable? Yes 22c181: Formal Methods in Software Engineering p.23/32

Propositional Logic Examples p & ((!p) q) Satisfiable? Yes Satisfying Interpretation? 22c181: Formal Methods in Software Engineering p.23/32

Propositional Logic Examples p & ((!p) q) Satisfiable? Yes Satisfying Interpretation? I(p) = true, I(q) = true 22c181: Formal Methods in Software Engineering p.23/32

Propositional Logic Examples p & ((!p) q) Satisfiable? Yes Satisfying Interpretation? I(p) = true, I(q) = true Does this hold? p & ((!p) q) = q r 22c181: Formal Methods in Software Engineering p.23/32

Propositional Logic Examples p & ((!p) q) Satisfiable? Yes Satisfying Interpretation? I(p) = true, I(q) = true Does this hold? Yes. Why? p & ((!p) q) = q r 22c181: Formal Methods in Software Engineering p.23/32

Propositional Logic Propositional Formulas I, = Mapping Variables into {true, f alse} Sequent Calculus 22c181: Formal Methods in Software Engineering p.24/32

Reasoning by Syntactic Transformation Establish = G by finite syntactic transformations of G 22c181: Formal Methods in Software Engineering p.25/32

Reasoning by Syntactic Transformation Establish = G by finite syntactic transformations of G (Logic) Calculus: a set of syntactic transformation rules R defining a property over For 0 such that = G iff G (G is derivable) = G implies G (Completeness) G implies = G (Soundness) 22c181: Formal Methods in Software Engineering p.25/32

Reasoning by Syntactic Transformation Establish = G by finite syntactic transformations of G (Logic) Calculus: a set of syntactic transformation rules R defining a property over For 0 such that = G iff G (G is derivable) = G implies G (Completeness) G implies = G (Soundness) Sequent Calculus based on notion of sequent ψ 1,...,ψ m }{{} Antecedent ==> φ 1,...,φ n }{{} Succedent has same semantics as (ψ 1 & &ψ m ) -> (φ 1 φ n ) {ψ 1,...,ψ m } = φ 1 φ n 22c181: Formal Methods in Software Engineering p.25/32

Notation for Sequents ψ 1,...,ψ m ==> φ 1,...,φ n Consider antecedent/succedent as sets of formulas, may be empty Use schema variables Γ,φ,... that match (sets of) formulas Characterize infinitely many formulas with a single sequent Γ ==>,φ&ψ Matches any sequent with occurrence of conjunction in succedent Call φ &ψ main formula and Γ, side formulas of sequent Any sequent of the form Γ,φ ==>,φ is logically valid, and is called an axiom 22c181: Formal Methods in Software Engineering p.26/32

Sequent Calculus Rules Basic idea: write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible rule name { Premisses }} { Γ 1 ==> 1 Γ r ==> r Γ ==> }{{} Conclusion 22c181: Formal Methods in Software Engineering p.27/32

Sequent Calculus Rules Basic idea: write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible Example rule name AND_RIGHT { Premisses }} { Γ 1 ==> 1 Γ r ==> r Γ ==> }{{} Conclusion Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, 22c181: Formal Methods in Software Engineering p.27/32

Sequent Calculus Rules Basic idea: write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible Example rule name AND_RIGHT { Premisses }} { Γ 1 ==> 1 Γ r ==> r Γ ==> }{{} Conclusion Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, Rules can have zero premisses (iff conclusion is valid, eg. an axiom) 22c181: Formal Methods in Software Engineering p.27/32

Sequent Calculus Rules Basic idea: write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible Example rule name AND_RIGHT { Premisses }} { Γ 1 ==> 1 Γ r ==> r Γ ==> }{{} Conclusion Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, A rule is sound if every interpretation that satisfies each premiss of the rule also satisfies its conclusion (essential property) 22c181: Formal Methods in Software Engineering p.27/32

Sequent Calculus Rules Basic idea: write syntactic transformation schema for sequents that reflects semantics of connectives as closely as possible Example rule name AND_RIGHT { Premisses }} { Γ 1 ==> 1 Γ r ==> r Γ ==> }{{} Conclusion Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, A rule is sound if every interpretation that satisfies each premiss of the rule also satisfies its conclusion (essential property) A rule is complete if every interpretation that satisfies its conclusion also satisfies each of its premisses (desirable property) 22c181: Formal Methods in Software Engineering p.27/32

Rules of Propositional Sequent Calculus main left side (work on antecedent) right side (work on succedent) not Γ ==> φ, Γ,!φ ==> Γ, φ ==> Γ ==>!φ, 22c181: Formal Methods in Software Engineering p.28/32

Rules of Propositional Sequent Calculus main left side (work on antecedent) right side (work on succedent) not and Γ ==> φ, Γ,!φ ==> Γ,φ,ψ ==> Γ,φ&ψ ==> Γ, φ ==> Γ ==>!φ, Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, 22c181: Formal Methods in Software Engineering p.28/32

Rules of Propositional Sequent Calculus main left side (work on antecedent) right side (work on succedent) not and or Γ ==> φ, Γ,!φ ==> Γ,φ,ψ ==> Γ,φ&ψ ==> Γ, φ ==> Γ, ψ ==> Γ,φ ψ ==> Γ, φ ==> Γ ==>!φ, Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, Γ ==> φ,ψ, Γ ==> φ ψ, 22c181: Formal Methods in Software Engineering p.28/32

Rules of Propositional Sequent Calculus main left side (work on antecedent) right side (work on succedent) not and or imp Γ ==> φ, Γ,!φ ==> Γ,φ,ψ ==> Γ,φ&ψ ==> Γ, φ ==> Γ, ψ ==> Γ,φ ψ ==> Γ ==> φ, Γ, ψ ==> Γ,φ -> ψ ==> Γ, φ ==> Γ ==>!φ, Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, Γ ==> φ,ψ, Γ ==> φ ψ, Γ,φ ==> ψ, Γ ==> φ -> ψ, 22c181: Formal Methods in Software Engineering p.28/32

Rules of Propositional Sequent Calculus main left side (work on antecedent) right side (work on succedent) not and or imp Γ ==> φ, Γ,!φ ==> Γ,φ,ψ ==> Γ,φ&ψ ==> Γ, φ ==> Γ, ψ ==> Γ,φ ψ ==> Γ ==> φ, Γ, ψ ==> Γ,φ -> ψ ==> Γ, φ ==> Γ ==>!φ, Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, Γ ==> φ,ψ, Γ ==> φ ψ, Γ,φ ==> ψ, Γ ==> φ -> ψ, CLOSE Γ,φ ==> φ, TRUE Γ ==> true, FALSE Γ, false ==> 22c181: Formal Methods in Software Engineering p.28/32

Justification of Rules Compute rules by applying semantics definition of connectives 22c181: Formal Methods in Software Engineering p.29/32

Justification of Rules Compute rules by applying semantics definition of connectives OR_RIGHT Γ ==> φ,ψ, Γ ==> φ ψ, Follows directly from semantics of sequents 22c181: Formal Methods in Software Engineering p.29/32

Justification of Rules Compute rules by applying semantics definition of connectives OR_RIGHT Γ ==> φ,ψ, Γ ==> φ ψ, Follows directly from semantics of sequents AND_RIGHT Γ ==> φ, Γ ==> ψ, Γ ==> φ &ψ, Γ -> (φ &ψ) iff Γ -> φ and Γ -> ψ Distributivity of & over and -> 22c181: Formal Methods in Software Engineering p.29/32

Sequent Calculus Proofs Goal to prove: G = ψ 1,...,ψ m ==> φ 1,...,φ n find rule R whose conclusion matches G instantiate R such that conclusion identical to G recursively find proofs for resulting premisses G 1,..., G r tree structure with goal as root close proof branch when rule without premise encountered Goal-directed proof search In KeY tool proof displayed as JAVA Swing tree 22c181: Formal Methods in Software Engineering p.30/32

A Simple Proof ==> (A &(A -> B)) -> B 22c181: Formal Methods in Software Engineering p.31/32

A Simple Proof A &(A -> B) ==> B ==> (A &(A -> B)) -> B By imp right Γ,φ ==> ψ, Γ ==> φ -> ψ, 22c181: Formal Methods in Software Engineering p.31/32

A Simple Proof A,(A -> B) ==> B A &(A -> B) ==> B ==> (A &(A -> B)) -> B By and left Γ,φ,ψ ==> Γ,φ&ψ ==> 22c181: Formal Methods in Software Engineering p.31/32

A Simple Proof A ==> B,A A,B ==> B A,(A -> B) ==> B A &(A -> B) ==> B ==> (A &(A -> B)) -> B By imp left Γ ==> φ, Γ,ψ ==> Γ,φ -> ψ ==> 22c181: Formal Methods in Software Engineering p.31/32

A Simple Proof CLOSE A ==> B,A A,B ==> B CLOSE A,(A -> B) ==> B A &(A -> B) ==> B ==> (A &(A -> B)) -> B By close Γ,φ ==> φ, 22c181: Formal Methods in Software Engineering p.31/32

A Simple Proof CLOSE A ==> B,A A,B ==> B CLOSE A,(A -> B) ==> B A &(A -> B) ==> B ==> (A &(A -> B)) -> B A proof is closed, if all its branches are closed. 22c181: Formal Methods in Software Engineering p.31/32

Propositional Logic is insufficient A ALL PERSONS ARE HAPPY 22c181: Formal Methods in Software Engineering p.32/32

Propositional Logic is insufficient A B ALL PERSONS ARE HAPPY PAT IS A PERSON 22c181: Formal Methods in Software Engineering p.32/32

Propositional Logic is insufficient A B? ALL PERSONS ARE HAPPY PAT IS A PERSON PAT IS HAPPY Propositional logic lacks possibility to talk about individuals In particular, need to model objects, attributes, associations, etc. 22c181: Formal Methods in Software Engineering p.32/32

Propositional Logic is insufficient A B? ALL PERSONS ARE HAPPY PAT IS A PERSON PAT IS HAPPY Propositional logic lacks possibility to talk about individuals In particular, need to model objects, attributes, associations, etc. First-Order Logic (FOL) 22c181: Formal Methods in Software Engineering p.32/32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback