CSE Winter 2008 Introduction to Program Verification January 15 tautology checking

recap Boole is important because he showed how logic could be implemented in arithmetic (a calculus)

examples: arithmetic analogue to or? true 1, false 0 a and b a * b a or b a + b - ? not?

computing reverses the logic-arithmetic relation arithmetic is implemented by (digital) logic

from the truth-table for implies memorize: (P implies Q) iff (not P or Q) easy to check using tautology logic operators are not intrinsically primitive redefinable using other operators

classifying propositions propositions as functions divide into 3 obvious categories: constant false = contradiction constant true = tautology not constant = contingent what’s the opposite of a contradiction? not always false = can be true = satisfiable

another way to do it the text (p. 13) uses different and more complicated expressions to define contradiction, contingent, satisfiable: what the point of this approach? we can use a tautology checker to test for all the cases examples: test for contradiction? test for satisfiable?

chapter 2 - tautology checking tautology is our first tool for computational logic to be replaced with a better but more complicated one we get started with a very simple one note: the tools we will be using are in /cs/fac/bin make this part of your PATH variable.

inputs tautology executes an input loop, either on sysin or a data file. each input must end in a period. Nothing happens until you enter the period (and carriage return) the program is a compiled version of a SWI Prolog source file, executed by the SWI Prolog interpreter (virtual machine -- like Java) runtime error almost always an error in the input note on using tautology: if you use terminal input to the tautology program, how do you exit?

input to be checked input a propositional function as a Boolean expression: false and true count as functions (with no arguments) use English operators function arguments are expressions or upper-case variables tautology echoes the input (replacing variable names with internal names) variables are renamed into a standard form $VAR(n),..

tautology's output tautology reports whether the input is “valid” (i. e. a tautology) or “not valid” if not valid, a valuation is printed that falsifies the input. example output, pp

method of truth tables how does this work? evaluation of truth-values is given by a set of rules that define the meaning of each operation: example: X and Y = true if X =true and Y = true. what if we find a certain combination of variable values make the expression false? we can quit evaluating so tautology searches for falsifying values

invalid inputs how are invalid inputs detected? an assignment of truth-values to variables is found which makes the input false. how is a counter-example constructed? output the input with the variables in the input replaced by the falsifying truth-values

under the hood false('false'). false(not 'true'). false(P iff Q) :- false((P implies Q) and (Q implies P)). false(P implies Q) :- false(not P or Q). false(P or Q) :- false(P), false(Q). false(P xor Q) :- false(not(P iff Q)). false(P and Q) :- false(P) ; false(Q). false(not not P) :- false(P). false(not(P iff Q)) :- false( not(P implies Q) or not(Q implies P)). false(not(P implies Q)) :- false(not( not P or Q)). false(not(P or Q)) :- false(not P and not Q). false(not(P xor Q)):- false(P iff Q). false(not(P and Q)) :- false(not P or not Q).

why look for a proof of a false case rather than a proof of a true case? what tells us that we don’t need any more rules? hint: have we covered all cases? (of what?)

rule-based programming tautology is example of data-driven rule-based programming very important programming paradigm, first developed in AI; data is matched to a sequence of patterns; first pattern to match triggers a rule which computes a partial result; repeat search for matching rule until no rule matches

checking tautology how can we check if a rule like P or Q is false if P is false and Q is false is correct logic? try: translate into tautology's input format not P and not Q implies not (P or Q) and input to tautology could we verify the tautology rules this way?

exercises exercise 2.2 Sec. 2.3: examples of translating various notations into the tautology input format

by hand vs. by machine? why prove manually, what we can compute? logic professor’s argument: doing proofs in propositional logic helps understanding proofs in math. problem: not really true historically logic provides only a very sparse framework on which to hang mathematical concepts (we'll see how to add the missing ingredient in Ch. 5)

is there a fundamental difference between automating logic and automating arithmetic? " AGPEPMPC Applicative Goedelian Peano-Extended Principia Mathematica Proof Checker Grant Olney Passmore October 15, 2004" "The Theorema project aims at extending current computer algebra systems by facilities for supporting mathematical proving. The present Theorema software system is implemented in Mathematica. The system consists of a general higher-order predicate logic prover and a collection of special provers that call each other depending on the particular proof situations."

Exercise 2.11 Let A -> B represent “If the car has gas, then I can go to the store.”; B ^ C -> D represents “If I can go to the store and I have money, then I can buy food.”; (D ^ (E v F)) -> G represents “If I have food and either the sun is shining or I have an umbrella, then today I can go on a picnic.” If the above formulae are true, and the car has gas, and I have money and an umbrella, can I go on a picnic? Show how to use tautology to answer the question.

general vs specific " If the above formulae are true, and the car has gas, and I have money and an umbrella, can I go on a picnic?" Notice how the propositions can be divided into general background statements and facts about a specific situation, which generate an implication. Apply this idea to Exercise 2.12