1 / 23

Understanding Program Verification through Proofs and Simplification

Explore the concepts of program verification through proofs, tautologies, and simplification. Discover how to derive conclusions from propositions by simplifying and deducing logic. Learn about the Deduction Theorem and effective proof strategies. Utilize Wang's algorithm trace feature for logical equivalence. Enhance your understanding of mathematical truths and logical equations. Implement simplification techniques to prepare input for verification tasks.

ebatson
Download Presentation

Understanding Program Verification through Proofs and Simplification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE 3341.03 Winter 2008Introduction to Program VerificationJanuary 31 proofs through simplification

  2. propositions and proofs • they’re different animals • "P implies Q" is not the same thing as "from P infer/deduce Q" • rules of inference are different from tautologies, but in prop. logic, they’re closely related • tautologies always have proofs. Why? • example: truth-table = proof from alist of 2n cases.messy from human point of view but perfectly effective as a logic tool

  3. 3.7 The "Deduction Theorem" • if P implies Q is a tautology, then Q can be proved from the assumption that P is true. • (To prove this rigorously, we would need to formalize concept of proof.) • Idea: look at all rows of the truth table for which P is true. • Informally, saying that Q can be proved from P just means that Q can be shown (calculated) to be true in all these rows.

  4. the converse • if Q has a (valid) proof, given P, then if P is true, Q can't be false, so P implies Q is a tautology. • (this follows from the definition of valid proof)

  5. getting a proof from wang? • implement a trace feature: • sequence of logically equivalent sequents, terminating in an overlap = true, or not = false. • use the fact that the rewrite rules are logical equivalences • but if wang is working correctly, a derivation is not very useful: • like intermediate steps in a multiplication. We don't need to check them if we trust the algorithm.

  6. preprocess wang input • use simplification to prepare input for Wang's algorithm, in the hope that what we want proved becomes a tautology • example from SVT: • x > 0 implies a+a = 2*a. • simplification uses mathematical theory of + to simplify a+a to 2*a, and logic to simplify 2*a = 2*a to true • up to us to find an appropriate theory

  7. simplification adds semantics to logic • simplification = mechanism for taking meanings of terms into account simplification rules are used to represent mathematical knowledge ("truths") • mathematical truths are relative to a system of axioms and inference rules

  8. axioms and inference rules determine what the symbols mean (in that system) • typically, mathematical and logical truths are representable by equations: • a+a = 2*a, where a is an integer • (P implies true ) = truewhere P is a proposition.

  9. truths as equations • in general: mathematical truth is an equation you learned in school, or a mathematical 'fact' from a book • something you or someone else has proved • something assumed to be true (0-length proof) = axiom to use these ‘facts’, axioms, etc., we put them into the form of equations, and give them an orientation. cf. 4.1: what makes a valid rule

  10. given the “theory” X - X = 0X + 0 = XX = X is true • then a + (a - a) = a simplifies to true. • note how the theory implicitly specifies the meaning of the functors

  11. simplification shortens expressions • eliminate redundancy from mathematical expressionsx + 0 = x 1 + x + 1 = x + 2 • use it also to eliminate redundancies from logical descriptions A and A = A

  12. "x < 0 and x <= 0" doesn't say any more than "x < 0" what lets us simplify this to x < 0? the general logical equation A and (A or B) = A i. e., A and (A or B) iff A is a tautology together with a mathematical "truth" (here a definition): ? (notice that definition rules don't simplify (shorten))

  13. theory files • theory files = collection of rules = "programs" for the simplify "interpreter" • available in /cs/course/3341 • example: equality.simp max(A,C) = C ->> A <= C.max(B,C) = B ->> C <= B.X <=Y and not Y <= X ->> X < Y.X <= Y and not X = Y ->> X < Y.X <= Y and not Y = X ->> X < Y.X <= Y or Y < X ->> true.X = Y and X <= Y ->> X = Y.

  14. variables • Note the difference between rule (pattern) variables and mathematical variables we use lower case for mathematical variablesupper case for pattern or rule variablesthese match arbitrary terms in the input • suppose we had a rule X/X ->> 1.2+(x<0)/(x<0) ->> 3 ??

  15. why individual theory files? • theory files in /cs/course/3341 arithmetic.simp, equality.simp, logic.simp • why not have one huge theory file covering everything? • same advantage as modules in constructing a program • e. g., the theory of ‘+’ is independent of the theory of stacks

  16. implementing simplification • simplification means finding a simplification rule whose left-side matches the structure of some sub-term and then rewriting (replace match with right-side of rule) then repeat this until no rule applies. • usually, simplification makes an expression shorter, but for definitions, we want expansion A < B < C ->> A < B and B < C.

  17. the algorithm • simplify(Expr) = Result if path_arg(Path, Expr) = Lhs, % (there is a path in Expr to the sub-expression LHS) and Lhs ->> Rhs, and Modified = change_path_arg(Path, Expr, Rhs), and Result = simplify(Modified) • otherwisesimplify(Expr) = Expr.

  18. entering rules • How do we get the ->> rules into this algorithm? • enter from the terminal or from a file. • simplify supplements rewrite rules with special code for arithmetic expressions

  19. arithmetic problems • some operators are commutative :X + Y = Y + X (but not X**Y = Y**X) • simplify to canonical form to detect identity: let x + y ->> y + x then given Y + X - X ->> Y, x + y - x ->> y

  20. canonical form • suppose you had to handle date calculation in a variety of formats:February 1, 2007, Feb 1 07, 1/2/2007 (Can.) 2/1/2007 (US) etc. • use canonical form for date calculation example: seconds after Jan 1, 1904. • canonical form allows us to recognize equivalences between terms with the same commutative functors

  21. associativity • associativity • difference between syntactic associativity and semantic associativity • semantic: X op (Y op Z) = (X op Y) op Z • syntactic: (left) X op Y op Z = (X op Y) op Z (right) X op Y op Z = X op (Y op Z) • simplification algorithm chooses left associativity as a canonical form (if term is not parenthesized)

  22. simplifying with canonical forms • if A op ( B op C) = (A op B) op C) pick one as a canonical form create an additional rule for the other case. • canonical forms for relations and their converseswhat’s the converse of a relation? • what's the converse of >= ? simplify x >= y ->> y <=x. x > y ->> y < x.

  23. cancellation • cancellation: rewrite rules don't do this easily • current version of simplify: a + b + c + . . - a ->> . . c+banda - b - c + b ->> a - cbut • a - b - c - a ->> a - b - c - a • a - b - a - c ->> a - b - a- c

More Related