predicate logic - ustc

Predicate Logic

Xinyu Feng

University of Science and Technology of China (USTC)

11/20/2013

Xinyu Feng Predicate Logic

Overview

Predicate logic over integer expressions:a language of logical assertions, for example

∀x . x + 0 = x

Why discuss predicate logic?

It is an example of a simple language

It has simple denotational semantics

We will use it later in program specifications

Xinyu Feng Predicate Logic

Abstract Syntax

(intexp) e ::= 0 | 1 | . . .| x| −e | e+e | e-e | . . .

(assert) p,q ::= true | false| e=e | e < e | e < e | . . .| ¬p | p ∧ p | p ∨ p| p ⇒ p | p ⇔ p| ∀x .p | ∃x .p

Xinyu Feng Predicate Logic

Resolving Notational Ambiguity

Using parentheses: (∀x . (((x + 0) + 0) = x))

Using precedence and associativity: ∀x . x + 0 + 0 = x

arithmetic operators (∗ / . . . ) with the usual precedencerelational operators(= =<≤ . . . )

¬∧∨⇒⇔

The body of a quantified term extends to a delimiter.

Xinyu Feng Predicate Logic

Carriers and Constructors

Carriers (or Syntactic Categories): sets of abstract phrases(e.g. intexp, assert)

Constructors: specify abstract grammar productions

(intexp)e ::= 0 −→ c0 ∈ intexp(intexp)e ::= x −→ cvar ∈ var → intexp(intexp)e ::= e+e −→ c+ ∈ intexp × intexp → intexp

Note: Independent of the concrete pattern of the production:

(intexp)e ::=plus (e, e′) −→ c+ ∈ intexp × intexp → intexp

Constructors must be injective and have disjoint ranges

Carriers must be either predefined or their elements mustbe constructable in finitely many constructor applications

Xinyu Feng Predicate Logic

Inductive Structure of Carrier Sets

With these properties of constructors and carriers, carriers canbe defined inductively:

intexp(0) def= {}

intexp(j+1) def= {c0} ∪ {c+ (e0,e1) | e0,e1 ∈ intexpj} ∪ {. . . }

assert(0) def= {}

assert(j+1) def= {ctrue,cfalse}def= ∪{c=(e0,e1) | e0,e1 ∈ intexp}def= ∪{c¬ p | p ∈ assert(j)}def= ∪{c∧(p,q) | p,q ∈ assert(j)}

intexp def=

∞⋃j=0

intexp(j)

assert def=

∞⋃j=0

assert(j)

Xinyu Feng Predicate Logic

Denotational Semantics

The meaning of a term e ∈ intexp is �e�intexp, i.e. the function�−�intexp maps intexp objects to their meanings.

What is the set of meanings?

The meaning of �5 + 37�intexp of the term “5 + 37” (i.e.c+ (c5,c37) is the integer 42.

However, the term “x + 37” contains the free variable x , so themeaning of an intexp e in general cannot be an integer . . .

Xinyu Feng Predicate Logic

Environments or States

To give meanings to “x + 37”, we need an environment (alsocalled variable assignment or state):

σ ∈ Σdef= var → Z

which gives meanings to free variables.

The meaning of a term (intexp or assert) is a function from thestates to Z or B.

�−�intexp ∈ intexp → Σ → Z�−�assert ∈ assert → Σ → B

If σ = {(x ,3), (y ,4)}, then �x + 5�intexp σ = 8,�∃z. x < z ∧ z < y�assert σ = false

Xinyu Feng Predicate Logic

Direct Semantics Equations for Predicate Logic

�0�intexp σdef= 0

�x� σdef= σ x

�e0+e1�intexp σdef= (�e0�intexp σ)+(�e1�intexp σ)

�true�assert σdef= true

�e0=e1�assert σdef= (�e0�intexp σ)=(�e1�intexp σ)

�¬p�assert σdef= ¬(�p�assert σ)

�p ∧ q�assert σdef= (�p�assert σ)∧(�q�assert σ)

�∀x .p�assert σdef= ∀n ∈ Z. �p�assert (σ{x � n})

Xinyu Feng Predicate Logic

Example: The Meaning of a Term

�∀x . x+0=x�assert σ

Xinyu Feng Predicate Logic

Properties of the Semantics Equations

They are Syntax Directed (Homomorphic):exactly one equation for each constructor

results expressed using semantics (meanings) of subterms(arguments of constructors) only.

⇒ they have exactly one solutions (proof by induction onthe structure of terms)

They define compositional semantic functions(depending only on the meanings of subterms)

⇒ “equivalent” terms can be substituted.

Xinyu Feng Predicate Logic

Validity of Assertions

p holds/is true in σ ⇐⇒ �p�assert σ = true σ satisfies p

p is valid ⇐⇒ ∀σ ∈ Σ.p holds in σ

p is unsatisfiable ⇐⇒ ∀σ ∈ Σ. �p�assert σ = false⇐⇒ ¬p is valid

p is stronger than q ⇐⇒ ∀σ ∈ Σ. q holds in σ if p holds in σ⇐⇒ p ⇒ q is valid

p and q are equivalent ⇐⇒ p is stronger than q andq is stronger than p

Xinyu Feng Predicate Logic

Inference Rules

Axioms and Rules

� p� p0,� p1, · · · � pn−1

� p

They are all schemas.

Judgments � pWe also use � p to mean there exists a proof or derivationof � p following the axioms and rules.

Xinyu Feng Predicate Logic

Inference Rules – Examples

� x + 0 = x(xPlusZero)

� e0 = e1 ⇒ e1 = e0(SymmObjEq)

� p � p ⇒ q� q

(ModusPonens)

� p� ∀x .p

(Generalization)

Xinyu Feng Predicate Logic

Formal Proofs

A set of inference rules define a Logical Theory �.

A Formal Proof in a logical theory: a sequence of instantiationsof axioms and inference rules, where a premise of each ruleoccur as conclusions of another rule earlier in the sequence.

Example:

1. � x + 0 = x (xPlusZero)

2. � x + 0 = x ⇒ x = x + 0 (SymmObjEq)

3. � x = x + 0 (ModusPonens,1,2)

4. � ∀x . x = x + 0 (Generalization,3)

Xinyu Feng Predicate Logic

Tree Representation (Derivation Trees)

� x + 0 = x(xPZ) � x + 0 = x ⇒ x = x + 0

(Symm)

� x = x + 0(MP)

� ∀x . x = x + 0(Gen)

Xinyu Feng Predicate Logic

Sequent Style Rules

Γ,p � p,Δ(id)

Γ � p,ΔΓ,¬p � Δ

(negL)Γ,p � Δ

Γ � ¬p,Δ(negR)

Γ,p,q � Δ

Γ,p ∧ q � Δ(conjL)

Γ � p,Δ Γ � q,ΔΓ � p ∧ q,Δ

(conjR)

Γ,p � Δ Γ,q � Δ

Γ,p ∨ q � Δ(disjL)

Γ � p,q,ΔΓ � p ∨ q,Δ

(disjR)

Γ � p,Δ Γ,q � Δ

Γ,p ⇒ q � Δ(impL)

Γ,p � q,ΔΓ � p ⇒ q,Δ

(impR)

Xinyu Feng Predicate Logic

Sequent Style Rules (cont’d)

Γ,p(x) � Δ

Γ,∀x .p(x) � Δ(alL)

Γ � p(z),ΔΓ � ∀x .p(x),Δ

(alR)

Γ,p(z) � Δ

Γ,∃x .p(x) � Δ(exL)

Γ � p(x),ΔΓ � ∃x .p(x),Δ

(exR)

Xinyu Feng Predicate Logic

Soundness of a Logical Theory

An inference rule is sound if in every instance of the rulethe conclusion is valid if all the premises are.

A logical theory � is sound if all the inference rules in it aresound.

If � is sound and there is a formal proof of � p, then p isvalid.

Object vs. Meta implication:

� p ⇒ ∀x .p unsound� p

� ∀x .p sound.

Xinyu Feng Predicate Logic

Completeness of a Logical Theory

A logical theory � is complete if for every valid assertion p thereis a formal proof of � p.

A logical theory � is axiomatizable if there exist a finite set ofinference rules from which formal proofs of assertions in � canbe constructed.

No first-order theory of arithmetic is axiomatizable andcomplete (Gödel’s incompleteness theorem).

Xinyu Feng Predicate Logic

Variable Binding

∀x .∃y . x < y ∧ ∃x . x > y

Binder and scope

Bound and free occurrences of variables

α-renaming and substitution similar to λ-calculus

Xinyu Feng Predicate Logic

Only Assignment of Free Variables Matters

Coincidence Theorem:If σ x = σ′ x for all x ∈ fv(p), then �p�θ σ = �p�θ σ

′

(θ ∈ {intexp,assert} and p ∈ θ).

Proof: By induction over the structure of p.

Induction Hypothesis: The statement of the theorem holdsover all phrases of depth less than that of p.

Base cases:p = 0: �p�intexp σ = 0 = �p�intexp σ

′.p = x : �p�intexp σ = σ x = σ′ x = �p�intexp σ

′, since fv(x) = {x}.

Xinyu Feng Predicate Logic

Proof of Coincidence Theorem (cont’d)

Coincidence Theorem:If σ x = σ′ x for all x ∈ fv(p), then �p�θ σ = �p�θ σ

′

Inductive cases:p = e0 + e1: By IH, �ei�intexp σ = �ei�intexp σ

′ for i ∈ {0,1}.So �e�intexp σ = �e0�intexp σ + �e1�intexp σ

= �e0�intexp σ′ + �e1�intexp σ

′ = �e�intexp σ′

p = ∀x .q:σ z = σ′ z, for all z ∈ fv(p) = fv(q)− {x}So σ{x � n} z = σ′{x � n} z, for all n ∈ Z and z ∈ fv(q).By IH, �q�assert σ{x � n} = �q�assert σ

′{x � n}, for all n ∈ Z.Therefore(∀n ∈ Z. �q�assert σ{x � n}) = (∀n ∈ Z. �q�assert σ

′{x � n})That is �p�assert σ = �p�assert σ

′.

Xinyu Feng Predicate Logic

Substitution

−/δ ∈ intexp → intexp−/δ ∈ assert → assert

}where δ ∈ var → intexp

0/δ = 0

(-e)/δ = -(e/δ)

(e0+e1)/δ = (e0/δ)+(e1/δ)

. . .

x/δ = δ x

(p ∧ q)/δ = (p/δ) ∧ (q/δ)

(∀x .p)/δ = ∀x ′. (p/δ{x � x ′})where x ′ ∈ ⋃

z∈fv(∀x. p)fv(δ z)

Examples:

(x < 0 ∧ ∃x . x ≤ y)/{(x , y + 1)} = y + 1 < 0 ∧ ∃x . x ≤ y

(x < 0 ∧ ∃x . x ≤ y)/{(y , x + 1)} = x < 0 ∧ ∃z. z ≤ x + 1

Xinyu Feng Predicate Logic

Substitution Theorems

Substitution Theorem:If σ′ = �−�intexp σ ◦ δ (i.e. σ′ = λx ∈ var. �δ x�intexp σ),then �p�assert σ

′ = �p/δ�assert σ

Finite Substitution Theorem: Letδ = {(x0,e0), . . . , (xn−1,en−1)}, andσ′ = σ

{x0 � �e0�intexp σ, . . . , xn−1 � �en−1�intexp σ

}, then

�p�assert σ′ = �p/δ�assert σ.

Xinyu Feng Predicate Logic

Acknowledgments

Slides follow Chapter 1 of Reynolds, and are taken from ZhongShao’s lecture notes on Formal Semantics.

Xinyu Feng Predicate Logic