AutomatedProgramVerificationandTesting …mfredrik/15414/lectures/05-fol.pdf ·...
Transcript of AutomatedProgramVerificationandTesting …mfredrik/15414/lectures/05-fol.pdf ·...
Automated Program Verification and Testing15414/15614 Fall 2016Lecture 5:First-Order Logic
Matt [email protected]
October 17, 2016
Matt Fredrikson FOL 1 / 33
Motivation
Propositional logic is limited
How could we express the following?
▶ All cats have more days than dogs.▶ The length of one side of a triangle is less than the sum of the
lengths of the other two sides.
First-order logic gives us ways of talking about:▶ Infinite sets of objects▶ Functions and relations over objects▶ Quantified statements over objects
Matt Fredrikson FOL 2 / 33
First-Order Logic: Syntax
Logical Symbols:▶ Propositional connectives: ∧,∨,¬,→,↔▶ Variables: v, y, z, x1, x2, . . .
▶ Quantifiers: ∃, ∀Non-logical symbols (parameters):
▶ Constant symbols: c1, c2, . . .▶ Function symbols: g, h, f, f1, f2, . . .▶ Predicate symbols: r, q, p, p1, p2, . . .
Matt Fredrikson FOL 3 / 33
First-Order Logic: Syntax
Predicate and function symbols are associated with an arity
Natural number that describes # of arguments
Examples:▶ =: arity 2▶ f(a, b, c): arity 3▶ Constants: can be seen as 0-arity functions▶ Propositional variables: can be seen as 0-arity predicates
Matt Fredrikson FOL 4 / 33
First-Order Logic: Terms
Terms in FOL evaluate to values other than truth values▶ People▶ Strings▶ 64-bit integers
Terms are expressions that name objects
▶ Constants are terms▶ Variables are terms▶ For each function symbol f of arity n,
f(t1, . . . , tn)is a term if t1, . . . , tn are terms.
Matt Fredrikson FOL 5 / 33
First-Order Logic: Atoms
Atoms in FOL evaluate to either true or false
These generalize propositional assertions▶ ⊥, ⊤ are atoms▶ Nullary predicates p, q, . . . are atoms▶ For each predicate symbol p of arity n,
p(t1, . . . , tn)is an atom is t1, . . . , tn are atoms
As before, a literal is an atom or its negation
Matt Fredrikson FOL 6 / 33
First-Order Logic: Formulas
A first-order formula is:▶ A literal▶ The application of ¬,∧,∨,→,↔ to a formula▶ The application of a quantifier to a formula
There are two quantifiers:▶ ∀x.F [x]: “For all x, F [x]”▶ ∃x.F [x]: “There exists an x such that F [x]”
In each case,▶ x is the quantifiedvariable▶ F [x] is the scope of the quantifier▶ x is bound in F [x] by the quantifier▶ y is free in F if it is not bound by any quantifier
Matt Fredrikson FOL 7 / 33
Closed, Open, and Ground Formulas
A few distinctions on first-order formulas:▶ A formula is closed if it contains no free variables▶ Closed formulas are also called sentences▶ A formula containing free variables is open▶ A formula is ground if it contains no variables
Which are these examples▶ ∀y.((∀x.p(x)) → q(x, y)
▶ ∀y.((∀x.p(x)) → (∃x.q(x, y)))▶ p(a, f(b)) → q(c)
Matt Fredrikson FOL 8 / 33
Examples
How do we “pronounce” the formula?Which variables are free/bound?
∀x.p(f(x), y) → ∀y.p(f(x), y)
∀x.g(x) → ∃y.f(y) ∧ h(x, y)
∀x′.x′ < x → ∀y.y > 0 → r(x′, y) < y
p(i, u) → (f(a, i) = e → ∃j.ℓ ≤ j ≤ u ∧ f(a, j) = e)
Matt Fredrikson FOL 9 / 33
Expressions in FOL
“All cats have more days than dogs.”∀x, y.dog(x) ∧ cat(y) → ndays(y) > ndays(x)
The numeric array a is sorted∀i.0 ≤ i < |a| → a[i] ≤ a[i + 1]
Graph G contains a triangle∃v1, v2, v3.e(v1, v2) ∧ e(v2, v3) ∧ e(v3, v1)
Graph G is connected. . .
Matt Fredrikson FOL 10 / 33
First-Order Logic: Semantics
A first-order structure S = (D, I):
▶ D: universeofdiscourse, non-empty set of objects we’d liketo talk about
▶ I: Interpretation mapping parameters to objects, functions, andpredicates in DI :
1. every constant symbol to a value in D
2. every function symbol f of arity n to a function fI : D 7→ D
3. every relation symbol p of arity n to a relation pI ⊆ Dn
Assignments map variables to values (not object constants!):α : Vars 7→ DI
Matt Fredrikson FOL 11 / 33
Example
x + y > z → y > z − x
What’s the “standard” structure?
Universe of discourse:▶ D = Z = {. . . ,−1, 0, 1, . . .}
Interpretation:▶ Function symbols: + 7→ +Z,− 7→ −Z
▶ Predicate symbols: > 7→>Z
Possible assignment:α = {x 7→ 0, y 7→ 1, z 7→ −1}
Matt Fredrikson FOL 12 / 33
Evaluating Terms
Given I and α, we can evaluate terms to values in D
We write ⟨I, α⟩(a) to denote the evaluation of term a
Three cases for terms:
▶ Object constants: ⟨I, α⟩(a) = I(a)
▶ Variables: ⟨I, α⟩(v) = α(v)
▶ Function terms:⟨I, α⟩(f(t1, . . . , tn)) = I(f)(⟨I, α⟩(t1), . . . , ⟨I, α⟩(tn))
Matt Fredrikson FOL 13 / 33
Evaluating Formulas
Given D, I, α, we define the evaluation of a first-order formula F
We write:
▶ D, I, α |= F if F evaluates to true
▶ D, I, α ̸|= F if F evaluates to false
Base cases:▶ D, I, α |= ⊤ and D, I, α ̸|= ⊥
▶ D, I, α |= p(t1, . . . , tn) iff (⟨I, α⟩(t1), . . . , ⟨I, α⟩(tn)) ∈ I(p)
Matt Fredrikson FOL 14 / 33
Evaluating Formulas
Inductive case for connectives:
D, I, α |= ¬F iff D, I, α ̸|= F
D, I, α |= F1 ∧ F2 iff D, I, α |= F1 and D, I, α |= F2
D, I, α |= F1 ∨ F2 iff D, I, α |= F1 or D, I, α |= F2
D, I, α |= F1 → F2 iff D, I, α ̸|= F1 or I |= F2
D, I, α |= F1 ↔ F2 iff D, I, α |= F1 and I |= F2, orD, I, α ̸|= F1 and D, I, α ̸|= F2
These are the same as they were for propositional logic
Matt Fredrikson FOL 15 / 33
Example
For universe D = {◦, •}, assignment α = {x 7→ •, y 7→ ◦}, and I:▶ I(a) = ◦▶ I(f) = {(◦, ◦) 7→ ◦, (◦, •) 7→ •, (•, ◦) 7→ •, (•, •) 7→ ◦}▶ I(g) = {◦ 7→ •, • 7→ ◦}▶ I(p) = {(◦, •), (•, •)}
What do the following evaluate to?▶ p(a, g(◦)) = true
▶ p(x, f(g(x), y)) → p(y, g(x)) = true
Matt Fredrikson FOL 16 / 33
Evaluating Quantifiers
Let x be a variable assigned by α
An x-variant of α is an interpretation that:▶ Agrees with α on all variables except x▶ Assigns x to some given value c ∈ D
We write an x-variant of α as α[x 7→ c]
Universal quantifier:D, I, α |= ∀x.F iff for all c ∈ D,D, I, α[x 7→ c] |= F
Existential quantifierD, I, α |= ∃x.F iff there exists c ∈ D,D, I, α[x 7→ c] |= F
Matt Fredrikson FOL 17 / 33
Example
For universe D = {◦, •}, assignment α = {x 7→ •, y 7→ ◦}, and I:▶ I(a) = ◦▶ I(f) = {(◦, ◦) 7→ ◦, (◦, •) 7→ •, (•, ◦) 7→ •, (•, •) 7→ ◦}▶ I(g) = {◦ 7→ •, • 7→ ◦}▶ I(p) = {(◦, •), (•, •)}
What do the following evaluate to?▶ ∃x.¬p(x, g(a)) = false
▶ ∀w.∃z.p(w, f(g(w), z)) = true
▶ (∃x.p(x, x)) → p(y, g(x)) = false
Matt Fredrikson FOL 18 / 33
Satisfiability & Validity
A first-order formula F is satisfiable if and only if:
There exists S = (D, I) and assignment α where D, I, α |= F
A first-order formula F is valid if and only if:
For all S = (D, I) and assignments α, D, I, α |= F
We write |= F when F is valid
As before, these are dual to eachother
Matt Fredrikson FOL 19 / 33
Example
Is the formula ∃x.f(x) = g(x) satisfiable?
Satisfying S, α:
▶ D = {0, 1}▶ I(f) = {0 7→ 1, 1 7→ 1}▶ I(g) = {0 7→ 0, 1 7→ 1}
Is it valid?
Falsifying S, α:
▶ D = {0, 1}▶ I(f) = {0 7→ 1, 1 7→ 1}▶ I(g) = {0 7→ 1, 1 7→ 0}
Matt Fredrikson FOL 20 / 33
Proving Validity for First-Order Logic
We’ll extend the semantic argument method from earlier1. Assume F is not valid: there exists I such that I ̸|= F
2. Apply proof rules (more on this shortly)3. If: no contradiction, no applicable rules, conclude that F is
invalid4. If: every branch reaches contradiction, conclude that F is valid
But, we need new proof rules for quantifiers
Matt Fredrikson FOL 21 / 33
Brief Review: Proof Rules
Recall the semantics for implication:
▶ From D, I, α |= F1 → F2:D, I, α |= F1 → F2
D, I, α ̸|= F1 | D, I, α |= F2
▶ From D, I, α ̸|= F1 → F2:D, I, α ̸|= F1 → F2
D, I, α |= F1 D, I, α ̸|= F2
Matt Fredrikson FOL 22 / 33
Proof Rules: Universal Quantification
▶ From D, I, α |= ∀x.F :D, I, α |= ∀x.F
D, I, α[x 7→ c] |= FFor any c ∈ D
For example, if we know D, I, α |= ∀x.p(x, a)
Then we can conclude D, I, α[x 7→ b] |= p(x, a)
Matt Fredrikson FOL 23 / 33
Proof Rules: Universal Quantification
▶ From D, I, α ̸|= ∀x.F :D, I, α ̸|= ∀x.F
D, I, α[x 7→ c] ̸|= FFor a fresh c ∈ D
Here, “fresh” means “not used previously in the proof”
If D, I, α ̸|= ∀x.F , all we know is that F doesn’t hold for some object
We don’t know which object
Hence, we pick a new one, making no assumptions
Matt Fredrikson FOL 24 / 33
Proof Rules: Existential Quantification
▶ From D, I, α |= ∃x.F :D, I, α |= ∃x.F
D, I, α[x 7→ c] |= FFor a fresh c ∈ D
Again “fresh” means “not used previously in the proof”
Notice the similarity to the previous rule
Matt Fredrikson FOL 25 / 33
Proof Rules: Existential Quantification
▶ From D, I, α ̸|= ∃x.F :D, I, α ̸|= ∃x.F
D, I, α[x 7→ c] ̸|= FFor any c ∈ D
There does not exist any object c for which F holds
No matter what x maps to, F won’t hold
Even if its something we used before
Matt Fredrikson FOL 26 / 33
Deriving a Contradiction
▶ Contradiction rule:
D, I, α[· · · ] |= p(s1, . . . , sn)D, I, α[· · · ] ̸|= p(t1, . . . , tn)
⟨I, α[· · · ]⟩(si) = ⟨I, α[· · · ]⟩(ti) for all 1 ≤ i ≤ n
⊥
In the top two lines, the assignments are both variants of α
Contradiction exists whenever disagreement on value of p
For example, if D, I, {x 7→ a} |= p(x)D, I, {y 7→ a} ̸|= p(y)
then ⊥
Matt Fredrikson FOL 27 / 33
Example
Prove the following valid:
F : (∀x.p(x)) → (∀y.p(y))
1 D, I, α ̸|= F2 D, I, α |= ∀x.p(x) 1 and →3 D, I, α ̸|= ∀y.p(y) 1 and →4 D, I, α[x 7→ c] |= p(x) 2 and ∀5 D, I, α[y 7→ c] ̸|= p(x) 3 and ∀6 ⊥ 4 and 5
Matt Fredrikson FOL 28 / 33
Example
Prove the following valid:
F : (∀x.p(x)) ↔ (¬∃x.¬p(x))
1 I, α ̸|= F2a I, α |= ∀x.p(x) 1 and ↔3a I, α ̸|= ¬∃x.¬p(x) 1 and ↔4a I, α |= ∃x.¬p(x) 3a and ¬5a I, α[x 7→ c] |= ¬p(x) 4a and ∃6a I, α[x 7→ c] |= p(x) 2a and ∀7a ⊥ 5a and 6a
2b I, α ̸|= ∀x.p(x) 1 and ↔3b I, α |= ¬∃x.¬p(x) 1 and ↔4b I, α[x 7→ o] ̸|= p(x) 2b and ∀5b I, α ̸|= ∃x.¬p(x) 3b and ¬6b I, α[x 7→ o] ̸|= ¬p(x) 5b and ∃7b I, α[x 7→ o] |= p(x) 6b and ¬8b ⊥ 4b and 7b
Matt Fredrikson FOL 29 / 33
Soundness and Completeness
These proof rules satisfy important properties
SoundnessIf every branch of the semantic argument proof derives acontradiction, then F is invalid. In other words, the proof rules don’treach wrong conclusions.
CompletenessIf F is valid, then there exists a finite-length proof in which everybranch derives a contradiction. In other words, there are no validformulas we can’t prove to be valid.
This is called refutationalcompleteness
Matt Fredrikson FOL 30 / 33
Decidability of First-Order Logic
Decidable ProblemA decision problem is decidable if and only if there exists aprocedure P such that, for any input, either
1. Halts with “yes” when the answer is positive2. Halts with “no” when the answer is negative
Importantresult (Church & Turing): The problem of deciding validityfor first-order logic is not decidable.
Is there a problem here?
Matt Fredrikson FOL 31 / 33
Semidecidability
Semidecidable ProblemA decision problem is semidecidable if and only if there exists aprocedure P such that, for any input, either
1. Halts with “yes” when the answer is positive2. Halts with “no” when the answer is negative3. or does not halt when the answer is negative
The first-order validity decision problem is semidecidable▶ Procedure always halts with yes when F is valid▶ Might not terminate when F is not valid
Matt Fredrikson FOL 32 / 33
Next Lecture
Topic: First-order theories
Read: Chapter 3, up to (not including) 3.5
Start the homework!
Come to office hours with questions
Matt Fredrikson FOL 33 / 33