predicate logic - ustc

Predicate Logic

Xinyu Feng

University of Science and Technology of China (USTC)

11/20/2013

Xinyu Feng Predicate Logic

Overview

Predicate logic over integer expressions:a language of logical assertions, for example

∀x . x + 0 = x

Why discuss predicate logic?

It is an example of a simple language

It has simple denotational semantics

We will use it later in program specifications


Abstract Syntax

(intexp) e ::= 0 | 1 | . . .| x| −e | e+e | e-e | . . .

(assert) p,q ::= true | false| e=e | e < e | e < e | . . .| ¬p | p ∧ p | p ∨ p| p ⇒ p | p ⇔ p| ∀x .p | ∃x .p


Resolving Notational Ambiguity

Using parentheses: (∀x . (((x + 0) + 0) = x))

Using precedence and associativity: ∀x . x + 0 + 0 = x

arithmetic operators (∗ / . . . ) with the usual precedencerelational operators(= =<≤ . . . )

¬∧∨⇒⇔

The body of a quantified term extends to a delimiter.


Carriers and Constructors

Carriers (or Syntactic Categories): sets of abstract phrases(e.g. intexp, assert)

Constructors: specify abstract grammar productions

(intexp)e ::= 0 −→ c0 ∈ intexp(intexp)e ::= x −→ cvar ∈ var → intexp(intexp)e ::= e+e −→ c+ ∈ intexp × intexp → intexp

Note: Independent of the concrete pattern of the production:

(intexp)e ::=plus (e, e′) −→ c+ ∈ intexp × intexp → intexp

Constructors must be injective and have disjoint ranges

Carriers must be either predefined or their elements mustbe constructable in finitely many constructor applications


Inductive Structure of Carrier Sets

With these properties of constructors and carriers, carriers canbe defined inductively:

intexp(0) def= {}

intexp(j+1) def= {c0} ∪ {c+ (e0,e1) | e0,e1 ∈ intexpj} ∪ {. . . }

assert(0) def= {}

assert(j+1) def= {ctrue,cfalse}def= ∪{c=(e0,e1) | e0,e1 ∈ intexp}def= ∪{c¬ p | p ∈ assert(j)}def= ∪{c∧(p,q) | p,q ∈ assert(j)}

intexp def=

∞⋃j=0

intexp(j)

assert def=

∞⋃j=0

assert(j)


Denotational Semantics

The meaning of a term e ∈ intexp is �e�intexp, i.e. the function�−�intexp maps intexp objects to their meanings.

What is the set of meanings?

The meaning of �5 + 37�intexp of the term “5 + 37” (i.e.c+ (c5,c37) is the integer 42.

However, the term “x + 37” contains the free variable x , so themeaning of an intexp e in general cannot be an integer . . .


Environments or States

To give meanings to “x + 37”, we need an environment (alsocalled variable assignment or state):

σ ∈ Σdef= var → Z

which gives meanings to free variables.

The meaning of a term (intexp or assert) is a function from thestates to Z or B.

�−�intexp ∈ intexp → Σ → Z�−�assert ∈ assert → Σ → B

If σ = {(x ,3), (y ,4)}, then �x + 5�intexp σ = 8,�∃z. x < z ∧ z < y�assert σ = false


Direct Semantics Equations for Predicate Logic

�0�intexp σdef= 0

�x� σdef= σ x

�e0+e1�intexp σdef= (�e0�intexp σ)+(�e1�intexp σ)

�true�assert σdef= true

�e0=e1�assert σdef= (�e0�intexp σ)=(�e1�intexp σ)

�¬p�assert σdef= ¬(�p�assert σ)

�p ∧ q�assert σdef= (�p�assert σ)∧(�q�assert σ)

�∀x .p�assert σdef= ∀n ∈ Z. �p�assert (σ{x � n})


Example: The Meaning of a Term

�∀x . x+0=x�assert σ


Properties of the Semantics Equations

They are Syntax Directed (Homomorphic):exactly one equation for each constructor

results expressed using semantics (meanings) of subterms(arguments of constructors) only.

⇒ they have exactly one solutions (proof by induction onthe structure of terms)

They define compositional semantic functions(depending only on the meanings of subterms)

⇒ “equivalent” terms can be substituted.


Validity of Assertions

p holds/is true in σ ⇐⇒ �p�assert σ = true σ satisfies p

p is valid ⇐⇒ ∀σ ∈ Σ.p holds in σ

p is unsatisfiable ⇐⇒ ∀σ ∈ Σ. �p�assert σ = false⇐⇒ ¬p is valid

p is stronger than q ⇐⇒ ∀σ ∈ Σ. q holds in σ if p holds in σ⇐⇒ p ⇒ q is valid

p and q are equivalent ⇐⇒ p is stronger than q andq is stronger than p


Inference Rules

Axioms and Rules

� p� p0,� p1, · · · � pn−1

� p

They are all schemas.

Judgments � pWe also use � p to mean there exists a proof or derivationof � p following the axioms and rules.


Inference Rules – Examples

� x + 0 = x(xPlusZero)

� e0 = e1 ⇒ e1 = e0(SymmObjEq)

� p � p ⇒ q� q

(ModusPonens)

� p� ∀x .p

(Generalization)


Formal Proofs

A set of inference rules define a Logical Theory �.

A Formal Proof in a logical theory: a sequence of instantiationsof axioms and inference rules, where a premise of each ruleoccur as conclusions of another rule earlier in the sequence.

Example:

1. � x + 0 = x (xPlusZero)

2. � x + 0 = x ⇒ x = x + 0 (SymmObjEq)

3. � x = x + 0 (ModusPonens,1,2)

4. � ∀x . x = x + 0 (Generalization,3)


Tree Representation (Derivation Trees)

� x + 0 = x(xPZ) � x + 0 = x ⇒ x = x + 0

(Symm)

� x = x + 0(MP)

� ∀x . x = x + 0(Gen)


Sequent Style Rules

Γ,p � p,Δ(id)

Γ � p,ΔΓ,¬p � Δ

(negL)Γ,p � Δ

Γ � ¬p,Δ(negR)

Γ,p,q � Δ

Γ,p ∧ q � Δ(conjL)

Γ � p,Δ Γ � q,ΔΓ � p ∧ q,Δ

(conjR)

Γ,p � Δ Γ,q � Δ

Γ,p ∨ q � Δ(disjL)

Γ � p,q,ΔΓ � p ∨ q,Δ

(disjR)

Γ � p,Δ Γ,q � Δ

Γ,p ⇒ q � Δ(impL)

Γ,p � q,ΔΓ � p ⇒ q,Δ

(impR)


Sequent Style Rules (cont’d)

Γ,p(x) � Δ

Γ,∀x .p(x) � Δ(alL)

Γ � p(z),ΔΓ � ∀x .p(x),Δ

(alR)

Γ,p(z) � Δ

Γ,∃x .p(x) � Δ(exL)

Γ � p(x),ΔΓ � ∃x .p(x),Δ

(exR)


Soundness of a Logical Theory

An inference rule is sound if in every instance of the rulethe conclusion is valid if all the premises are.

A logical theory � is sound if all the inference rules in it aresound.

If � is sound and there is a formal proof of � p, then p isvalid.

Object vs. Meta implication:

� p ⇒ ∀x .p unsound� p

� ∀x .p sound.


Completeness of a Logical Theory

A logical theory � is complete if for every valid assertion p thereis a formal proof of � p.

A logical theory � is axiomatizable if there exist a finite set ofinference rules from which formal proofs of assertions in � canbe constructed.

No first-order theory of arithmetic is axiomatizable andcomplete (Gödel’s incompleteness theorem).


Variable Binding

∀x .∃y . x < y ∧ ∃x . x > y

Binder and scope

Bound and free occurrences of variables

α-renaming and substitution similar to λ-calculus


Only Assignment of Free Variables Matters

Coincidence Theorem:If σ x = σ′ x for all x ∈ fv(p), then �p�θ σ = �p�θ σ

′

(θ ∈ {intexp,assert} and p ∈ θ).

Proof: By induction over the structure of p.

Induction Hypothesis: The statement of the theorem holdsover all phrases of depth less than that of p.

Base cases:p = 0: �p�intexp σ = 0 = �p�intexp σ

′.p = x : �p�intexp σ = σ x = σ′ x = �p�intexp σ

′, since fv(x) = {x}.


Proof of Coincidence Theorem (cont’d)

Coincidence Theorem:If σ x = σ′ x for all x ∈ fv(p), then �p�θ σ = �p�θ σ

′

Inductive cases:p = e0 + e1: By IH, �ei�intexp σ = �ei�intexp σ

′ for i ∈ {0,1}.So �e�intexp σ = �e0�intexp σ + �e1�intexp σ

= �e0�intexp σ′ + �e1�intexp σ

′ = �e�intexp σ′

p = ∀x .q:σ z = σ′ z, for all z ∈ fv(p) = fv(q)− {x}So σ{x � n} z = σ′{x � n} z, for all n ∈ Z and z ∈ fv(q).By IH, �q�assert σ{x � n} = �q�assert σ

′{x � n}, for all n ∈ Z.Therefore(∀n ∈ Z. �q�assert σ{x � n}) = (∀n ∈ Z. �q�assert σ

′{x � n})That is �p�assert σ = �p�assert σ

′.


Substitution

−/δ ∈ intexp → intexp−/δ ∈ assert → assert

}where δ ∈ var → intexp

0/δ = 0

(-e)/δ = -(e/δ)

(e0+e1)/δ = (e0/δ)+(e1/δ)

. . .

x/δ = δ x

(p ∧ q)/δ = (p/δ) ∧ (q/δ)

(∀x .p)/δ = ∀x ′. (p/δ{x � x ′})where x ′ ∈ ⋃

z∈fv(∀x. p)fv(δ z)

Examples:

(x < 0 ∧ ∃x . x ≤ y)/{(x , y + 1)} = y + 1 < 0 ∧ ∃x . x ≤ y

(x < 0 ∧ ∃x . x ≤ y)/{(y , x + 1)} = x < 0 ∧ ∃z. z ≤ x + 1


Substitution Theorems

Substitution Theorem:If σ′ = �−�intexp σ ◦ δ (i.e. σ′ = λx ∈ var. �δ x�intexp σ),then �p�assert σ

′ = �p/δ�assert σ

Finite Substitution Theorem: Letδ = {(x0,e0), . . . , (xn−1,en−1)}, andσ′ = σ

{x0 � �e0�intexp σ, . . . , xn−1 � �en−1�intexp σ

}, then

�p�assert σ′ = �p/δ�assert σ.


Acknowledgments

Slides follow Chapter 1 of Reynolds, and are taken from ZhongShao’s lecture notes on Formal Semantics.


predicate logic - ustc

Documents