CSE Winter 2008 Introduction to Program Verification January 31 proofs through simplification

propositions and proofs they’re different animals "P implies Q" is not the same thing as "from P infer/deduce Q" rules of inference are different from tautologies, but in prop. logic, they’re closely related tautologies always have proofs. Why? example: truth-table = proof from a list of 2 n cases. messy from human point of view but perfectly effective as a logic tool

3.7 The "Deduction Theorem" if P implies Q is a tautology, then Q can be proved from the assumption that P is true. (To prove this rigorously, we would need to formalize concept of proof.) Idea: look at all rows of the truth table for which P is true. Informally, saying that Q can be proved from P just means that Q can be shown (calculated) to be true in all these rows.

the converse if Q has a (valid) proof, given P, then if P is true, Q can't be false, so P implies Q is a tautology. (this follows from the definition of valid proof)

getting a proof from wang? implement a trace feature: sequence of logically equivalent sequents, terminating in an overlap = true, or not = false. use the fact that the rewrite rules are logical equivalences but if wang is working correctly, a derivation is not very useful: like intermediate steps in a multiplication. We don't need to check them if we trust the algorithm.

preprocess wang input use simplification to prepare input for Wang's algorithm, in the hope that what we want proved becomes a tautology example from SVT: x > 0 implies a+a = 2*a. simplification uses mathematical theory of + to simplify a+a to 2*a, and logic to simplify 2*a = 2*a to true up to us to find an appropriate theory

simplification adds semantics to logic simplification = mechanism for taking meanings of terms into account simplification rules are used to represent mathematical knowledge ("truths") mathematical truths are relative to a system of axioms and inference rules

axioms and inference rules determine what the symbols mean (in that system) typically, mathematical and logical truths are representable by equations: a+a = 2*a, where a is an integer (P implies true ) = true where P is a proposition.

truths as equations in general: mathematical truth is an equation you learned in school, or a mathematical 'fact' from a book something you or someone else has proved something assumed to be true (0-length proof) = axiom to use these ‘facts’, axioms, etc., we put them into the form of equations, and give them an orientation. cf. 4.1: what makes a valid rule

given the “theory” X - X = 0 X + 0 = X X = X is true then a + (a - a) = a simplifies to true. note how the theory implicitly specifies the meaning of the functors

simplification shortens expressions eliminate redundancy from mathematical expressions x + 0 = x 1 + x + 1 = x + 2 use it also to eliminate redundancies from logical descriptions A and A = A

"x < 0 and x <= 0" doesn't say any more than "x < 0" what lets us simplify this to x < 0? the general logical equation A and (A or B) = A i. e., A and (A or B) iff A is a tautology together with a mathematical "truth" (here a definition): ? (notice that definition rules don't simplify (shorten))

theory files theory files = collection of rules = "programs" for the simplify "interpreter" available in /cs/course/3341 example: equality.simp max(A,C) = C ->> A > C > X > X > X > true. X = Y and X > X = Y.

variables Note the difference between rule (pattern) variables and mathematical variables we use lower case for mathematical variables upper case for pattern or rule variables these match arbitrary terms in the input suppose we had a rule X/X ->> 1. 2+(x > 3 ??

why individual theory files? theory files in /cs/course/3341 arithmetic.simp, equality.simp, logic.simp why not have one huge theory file covering everything? same advantage as modules in constructing a program e. g., the theory of ‘+’ is independent of the theory of stacks

implementing simplification simplification means finding a simplification rule whose left-side matches the structure of some sub-term and then rewriting (replace match with right-side of rule) then repeat this until no rule applies. usually, simplification makes an expression shorter, but for definitions, we want expansion A > A < B and B < C.

the algorithm simplify(Expr) = Result if path_arg(Path, Expr) = Lhs, % (there is a path in Expr to the sub-expression LHS) and Lhs ->> Rhs, and Modified = change_path_arg(Path, Expr, Rhs), and Result = simplify(Modified) otherwise simplify(Expr) = Expr.

entering rules How do we get the ->> rules into this algorithm? enter from the terminal or from a file. simplify supplements rewrite rules with special code for arithmetic expressions

arithmetic problems some operators are commutative : X + Y = Y + X (but not X**Y = Y**X) simplify to canonical form to detect identity: let x + y ->> y + x then given Y + X - X ->> Y, x + y - x ->> y

canonical form suppose you had to handle date calculation in a variety of formats: February 1, 2007, Feb 1 07, 1/2/2007 (Can.) 2/1/2007 (US) etc. use canonical form for date calculation example: seconds after Jan 1, canonical form allows us to recognize equivalences between terms with the same commutative functors

associativity difference between syntactic associativity and semantic associativity semantic: X op (Y op Z) = (X op Y) op Z syntactic: (left) X op Y op Z = (X op Y) op Z (right) X op Y op Z = X op (Y op Z) simplification algorithm chooses left associativity as a canonical form (if term is not parenthesized)

simplifying with canonical forms if A op ( B op C) = (A op B) op C) pick one as a canonical form create an additional rule for the other case. canonical forms for relations and their converses what’s the converse of a relation? what's the converse of >= ? simplify x >= y ->> y <=x. x > y ->> y < x.

cancellation cancellation: rewrite rules don't do this easily current version of simplify: a + b + c a ->>.. c+b and a - b - c + b ->> a - c but a - b - c - a ->> a - b - c - a a - b - a - c ->> a - b - a- c