1 / 9

Introduction to Logical Proof

Introduction to Logical Proof. A proof : is a sequence of logical arguments where the “ premises combined together ” implies the “ conclusion .” (reminds you of ---- theorem?) A simple example of (hypothetical syllogism) 1. P -> Q ( P implies Q) is true 2. Q-> R is true

viveca
Download Presentation

Introduction to Logical Proof

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Logical Proof • A proof : is a sequence of logical arguments where the “premises combined together” implies the “conclusion.” (reminds you of ---- theorem?) • A simple example of (hypothetical syllogism) • 1. P -> Q ( P implies Q) is true • 2. Q-> R is true • 3. P -> R must be true • A simple example of (disjunctive syllogism) • 1. P or Q • 2. Not P • 3. Q

  2. Premises and Conclusion • What are premises and conclusion? • They are propositions , assertions, or statements. • Using this notion of premises and conclusion, we will make assertions about computation in the form of • Preconditions (premises) • Post-conditions (conclusions)

  3. A Programming Statement “Example” • Show that following (after) the execution of the statement: “ if X > Max then X:= Max ; ” it is impossible for the condition, X>Max, to be true . • Proof: (before and after execution conditions are given) • Let P stand for X > Max (before execution condition) • Let Q stand for X = Max (after execution condition) • Let R stand for X > Max (after execution condition) • P is either true or false • assume P is false, then the statement is never executed and R is also false or ( not P -> not R because P is the same as R). • assume P is true, then X is set to Max and Q becomes true. If P is true then Q becomes true or (P ->Q). If Q is true then R must be false or (Q -> not R). Thus using hypothetical syllogism of (P->Q and Q-> not R, we have P-> not R). • So (not P -> not R) and ( P -> not R); that gives us not R. • This says that it is impossible for X>Max to be true after the execution of the statement.

  4. Program Correctness Proofs • Preliminary Concepts: • the state of a system is “usually” given by the values of the variables of the system • preconditions indicate the initial state prior to the execution of the code • post-conditions indicate the state after the execution of the code • to show different pieces of code work “correctly”, one must (1)divide the pieces of code into individual statements and (2)convert the precondition (“initial state”) of each statement into post-condition of that statement which in turn becomes the precondition of the following statement

  5. Preliminary Concepts (cont.) Code C (execution) Code A (execution) Code B (execution) Post-condition which is Precondition for Code C Post-condition which is Precondition for Code B Precondition for Code A (usually states of some variable) Post-condition for Code C Example : the precondition for a SQRT(x) function is that input,x, is greater than or equal to 0; the post-condition is the desired square root of x.

  6. Preliminary Concepts (cont.) • An assertion is a statement regarding the state(s). • A piece of code is considered correct if all the precondition assertions will lead to the post-condition assertions once the code is executed. • Note that “correctness” may not address whether the precondition and post-condition assertions are what the designers or users had in mind.

  7. Hoare Triple • Definition : If C is a piece of code-statements and {P} is a precondition assertion and {Q} is a post-condition assertion, then the expression {P} C {Q} is called the Hoare Triple. (Tony Hoare is a UK Computer Scientist, well know for his Quick Sort algorithm and many other contributions.) • Example of Hoare Triple: • consider the pseudo-code statements • Integer x, y, z ; • z := y; • y := x; • x := z; • let “A” be initial value of x and “B” be the initial value of y. • then the following is considered a Hoare Triple • {x=A, y=B} z:=y; y:=x; x:=z {x=B, y=A}

  8. Correctness Definition • Definition : If C is some code with precondition {P} and post-condition {Q}, then {P}C{Q} is said to be partially correct if the final state of C satisfies {Q} provided that the initial state satisfies {P}. C is also considered partially correct if there is no final state ! (that is, if C is non-terminating !) • Definition : If {P}C{Q} is partially correct and C terminates, then {P}C{Q} is said to be totally correct. • Note : Partial correctness and total correctness differ only in termination. Thus they differ (only) in “looping” or “recursive” programs.

  9. Thinking Pre and Post Conditions • Finding a “typical” novice programming error • assume variable x contained value A, and variable y contained value B initially • consider sequence of code for “exchanging values” : x:= y ; y := x ; (novice programmer code) • precondition {P} for x:=y is (x=A, y=B) • post condition (Q} for x:=y is (x=B) • precondition {P} for y:= x is (x=B) • post condition {Q} for y:= x is (y=x=B ) • Combining the code we have : • {x=A,y=B} x:=y; y:=x {x=B, y=B} • this is NOT the post-condition the programmer intended to get. • Had the programmer formally stated the post condition to be {x=B,y=A}, which is the intended requirement, then we could say the above code is incorrect.

More Related