CSE 3341.03 Winter 2008Introduction to Program Verification

January 31

proofs through simplification

propositions and proofs

they’re different animals "P implies Q" is not the same thing as "from P

infer/deduce Q" rules of inference are different from tautologies, but

in prop. logic, they’re closely related

tautologies always have proofs. Why? example: truth-table = proof from a

list of 2n cases. messy from human point of view but perfectly effective as a logic tool

3.7 The "Deduction Theorem" if P implies Q is a tautology, then Q can be

proved from the assumption that P is true.

• (To prove this rigorously, we would need to formalize concept of proof.)

Idea: look at all rows of the truth table for which P is true.

• Informally, saying that Q can be proved from P just means that Q can be shown (calculated) to be true in all these rows.

the converse if Q has a (valid) proof, given P, then if P is

true, Q can't be false, so P implies Q is a tautology.

• (this follows from the definition of valid proof)

getting a proof from wang? implement a trace feature:

• sequence of logically equivalent sequents, terminating in an overlap = true, or not = false.

• use the fact that the rewrite rules are logical equivalences

but if wang is working correctly, a derivation is not very useful:

• like intermediate steps in a multiplication. We don't

need to check them if we trust the algorithm.

preprocess wang input use simplification to prepare input for Wang's

algorithm, in the hope that what we want proved becomes a

tautology

example from SVT: • x > 0 implies a+a = 2*a.• simplification uses mathematical theory of + to

simplify a+a to 2*a, and logic to simplify 2*a = 2*a to true

up to us to find an appropriate theory

simplification adds semantics to logic

simplification = mechanism for taking meanings of terms into accountsimplification rules are used to represent mathematical

knowledge ("truths")

mathematical truths are relative to a system of

axioms and inference rules

axioms and inference rules determine what the symbols mean (in that system)

typically, mathematical and logical truths are representable by equations:

• a+a = 2*a, where a is an integer• (P implies true ) = true

where P is a proposition.

truths as equations in general: mathematical truth is an equation you

learned in school, or a mathematical 'fact' from a book

• something you or someone else has proved

• something assumed to be true (0-length proof) = axiom

to use these ‘facts’, axioms, etc., we put them into the form of equations, and give them an orientation.

cf. 4.1: what makes a valid rule

given the “theory” X - X = 0X + 0 = XX = X is true

then a + (a - a) = a simplifies to true. note how the theory implicitly specifies the

meaning of the functors

simplification shortens expressions

eliminate redundancy from mathematical expressions

x + 0 = x1 + x + 1 = x + 2

use it also to eliminate redundancies from logical descriptions

A and A = A

"x < 0 and x <= 0" doesn't say any more than

"x < 0"

what lets us simplify this to x < 0?the general logical equation A and (A or B) = A

i. e., A and (A or B) iff A is a tautology

together with a mathematical "truth" (here a definition): ?

(notice that definition rules don't simplify (shorten))

theory files theory files = collection of rules =

"programs" for the simplify "interpreter" available in /cs/course/3341 example: equality.simp

max(A,C) = C ->> A <= C.max(B,C) = B ->> C <= B.X <=Y and not Y <= X ->> X < Y.X <= Y and not X = Y ->> X < Y.X <= Y and not Y = X ->> X < Y.X <= Y or Y < X ->> true.X = Y and X <= Y ->> X = Y.

variables Note the difference between rule (pattern)

variables and mathematical variables we use lower case for mathematical variables

upper case for pattern or rule variablesthese match arbitrary terms in the input

suppose we had a rule X/X ->> 1.2+(x<0)/(x<0) ->> 3 ??

why individual theory files?

theory files in /cs/course/3341arithmetic.simp, equality.simp, logic.simp

• why not have one huge theory file covering everything?

• same advantage as modules in constructing a program

• e. g., the theory of ‘+’ is independent of the theory of stacks

implementing simplification simplification means finding a simplification rule

whose left-side matches the structure of some sub-term and then rewriting (replace match with right-side of rule)then repeat this until no rule applies.

usually, simplification makes an expression shorter, but for definitions, we want expansion

A < B < C ->> A < B and B < C.

the algorithm simplify(Expr) = Result

if path_arg(Path, Expr) = Lhs,

% (there is a path in Expr to the sub-expression LHS)

and Lhs ->> Rhs, and

Modified = change_path_arg(Path, Expr, Rhs), and

Result = simplify(Modified)

otherwisesimplify(Expr) = Expr.

entering rules

How do we get the ->> rules into this algorithm?

enter from the terminal or from a file.

simplify supplements rewrite rules with special code for arithmetic expressions

arithmetic problems

some operators are commutative : X + Y = Y + X

(but not X**Y = Y**X) simplify to canonical form to detect

identity: let x + y ->> y + xthen given Y + X - X ->> Y,

x + y - x ->> y

canonical form suppose you had to handle date calculation in a variety

of formats:February 1, 2007, Feb 1 07, 1/2/2007 (Can.)

2/1/2007 (US) etc. use canonical form for date calculation

example: seconds after Jan 1, 1904. canonical form allows us to recognize

equivalences between terms with the same commutative functors

associativity

associativity difference between syntactic associativity

and semantic associativity• semantic: X op (Y op Z) = (X op Y) op Z• syntactic: (left) X op Y op Z = (X op Y) op Z

(right) X op Y op Z = X op (Y op Z) simplification algorithm chooses left

associativity as a canonical form (if term is not parenthesized)

simplifying with canonical forms

if A op ( B op C) = (A op B) op C)pick one as a canonical form

create an additional rule for the other case. canonical forms for relations and their

converseswhat’s the converse of a relation?

• what's the converse of >= ?

simplify x >= y ->> y <=x.

x > y ->> y < x.

cancellation cancellation: rewrite rules don't do this easily current version of simplify:

a + b + c + . . - a ->> . . c+band

a - b - c + b ->> a - cbut

• a - b - c - a ->> a - b - c - a• a - b - a - c ->> a - b - a- c