View
213
Download
0
Category
Preview:
Citation preview
2012: J Paul Gibson TSP: MSC SAI Mathematical Foundations MAT7003.ProofsWithRodin.1
MAT 7003 : Mathematical Foundations
(for Software Engineering)
J Paul Gibson, A207
paul.gibson@it-sudparis.eu
http://www-public.it-sudparis.eu/~gibson/Teaching/MAT7003/
Proofs With RODIN
http://www-public.it-sudparis.eu/~gibson/Teaching/MAT7003/L8-ProofsWithRodin.pdf
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.2
Working with RODIN: different proof techniques
Proof by exhaustion, establishes the conclusion by dividing it into a finite number of cases and proving each one separately.
Proof by contradiction (reductio ad absurdum) - it is shown that if some statement were true then a logical contradiction occurs, hence the statement must be false.
Proof by transposition (contrapositive) establishes the conclusion "if p then q" by proving the equivalent statement "if not q then not p".
Proof by mathematical induction establishes a "base case" and then an "induction rule" is used to prove a series of, possibly infinite, other cases
Proof by construction, or proof by example, is the construction of a concrete example with a property to show that something having that property exists
A nonconstructive proof establishes that a certain mathematical object must exist without explaining how such an object can be found. Often, this uses a proof by contradiction in which the nonexistence of the object is proven to be impossible.
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.3
The proving perspective (Rodin User Manual)http://wiki.event-b.org/index.php/The_Proving_Perspective_(Rodin_User_Manual)
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.4
The proving perspective (Rodin User Manual)http://wiki.event-b.org/index.php/The_Proving_Perspective_(Rodin_User_Manual)
DecorationThe leaves of the tree are decorated with one of three icons: • means that this leaf is discharged, • means that this leaf is not discharged, • means that this leaf has been reviewed.
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.5
The proving perspective (Rodin User Manual)http://wiki.event-b.org/index.php/The_Proving_Perspective_(Rodin_User_Manual)
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.6
The proving perspective (Rodin User Manual)http://wiki.event-b.org/index.php/The_Proving_Perspective_(Rodin_User_Manual)
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.7
The proving perspective (Rodin User Manual)http://wiki.event-b.org/index.php/The_Proving_Perspective_(Rodin_User_Manual)
Proof Control View
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.8
The proving perspective (Rodin User Manual)http://wiki.event-b.org/index.php/The_Proving_Perspective_(Rodin_User_Manual)
Search HypothesesView
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.9
The proving perspective (Rodin User Manual)http://wiki.event-b.org/index.php/The_Proving_Perspective_(Rodin_User_Manual)
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.10
Example 1: odd and even integers
1. How would you specify the sets of odd and even integers?
2. What interesting properties should we be able to prove?
3. Does the structure of the specification help/hinder the proof process?
We can examine how to do this using Rodin
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.11
OddEven : proposed solution 1
Q: Can you explain the axioms and theorems ?
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.12
OddEven 1: proving 2 is even
Why can’t the tool do this automatically?
Interactive proof – the red bits provide interaction points
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.13
OddEven 1: proving 2 is even
A good start is to simplify by removing the axioms that are not relevant in the proof
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.14
OddEven 1: proving 2 is even
We know 2 is even because 2 = 1 + 1 … so we need to tell the tool by using the forall axiom. But we can separate the <=> as we only need it in 1 direction. This rewrites the equivalence as 2 implications
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.15
OddEven 1: proving 2 is even
NOTE: The proof tree is updated
Which of two forall axioms do we no longer need?
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.16
OddEven 1: proving 2 is even
Now, we want to instantiate x with the value 2 and apply modus ponens (by clicking on the =>)
This gives a goal which is immediately provable by instantiation of y to 1
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.17
OddEven 1: proving 2 is even
Now, dont forget to save the proof
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.18
OddEven 1: proving 4 is even
Follow the same reasoning as for proving 2 is even
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.19
OddEven 1: proving 3 is odd
The goal seems obvious, but why is it not proven automatically?
In order not to waste time we can mark it as reviewed
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.20
OddEven 1: proving 3 is odd
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.21
OddEven 1: proving 5 is odd
We can do the same for 5
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.22
OddEven 1: proving even+even = even
Can you do the proof yourselves?
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.23
OddEven : proposed solution 2
Q: Can you explain the axioms and theorems ?
Think about why certain are more easily proven than others … try to prove axm5 and review axiom7
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.24
OddEven : proposed solution 3
Q: Can you explain the axioms and theorems ?
Think about why certain are more easily proven than others … try to prove axm10
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.25
OddEven : proposed solution 3
We start the proof by considering the simplest cases where a=0 or b = 0 …dc a = 0dc b = 0
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.26
OddEven : proposed solution 3
We can then add hypotheses to help in the proof
QUESTION: But, are we missing something critical?
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.27
Arrays in Event-B
Some of you asked about specifying arrays.
These are simply a function from integer indexes to array element values
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.28
Another Event-B Example : Purse Behaviour
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.29
Another Event-B Example : Purse Behaviour
TSP: MSC SAI Mathematical Foundations2012: J Paul Gibson MAT7003.ProofsWithRodin.30
Another Event-B Example : Purse Behaviour
Modelling a change of state to a Purse: adding a coin
Question: can you model the removal of a coin?
Recommended