COMP 2600: Formal Methods for Software Engineeing Dirk Pattinson - - PowerPoint PPT Presentation

▶

Oct 16, 2023 481 likes •743 views

COMP 2600: Formal Methods for Software Engineeing Dirk Pattinson Australian National University Semester 2, 2013 Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 1 / 24 What do we mean by FORMAL ? Oxford Dictionary in accordance with

SLIDE 1

COMP 2600: Formal Methods for Software Engineeing

Dirk Pattinson

Australian National University

Semester 2, 2013

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 1 / 24

SLIDE 2

What do we mean by FORMAL?

Oxford Dictionary

▸ in accordance with convention or etiquette ▸ or denoting a style of writing or public speaking characterized by more

elaborate grammatical structures and more conservative and technical vocabulary.

▸ officially sanctioned or recognized ▸ of or concerned with outward form or appearance as distinct from

content The validity of logical arguments depends on form, rather than content.

1. Abstracting content allows us to study the mechanics of reasoning
2. We have more confidence in formalised arguments
3. Automation requires formalisation.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 2 / 24

SLIDE 3

Topics in COMP 2600

▸ Logic and Natural Deduction ▸ Proving Properties of Functional Programs (Induction) ▸ Proving Properties of Imperative Programs ▸ Formal Specification of Systems ▸ Automata, Languages and Parsing ▸ Turing Machines and Computability

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 3 / 24

SLIDE 4

Assessment

Assignments: 4 × 9%

▸ One for each major topic, released in weeks 5, 7, 9 and 12

Tutorials: 4%

▸ demonstrate a reasonable attempt at the tutorial questions

Mid-Semester Quiz: 10%

▸ redeemable: replaced by exam mark if better, covers weeks 2 – 6

Final Exam: 50%

▸ or 60% if quiz not attempted or quiz score < exam score

Final Mark

▸ capped at Exam * (100/60) + 10%

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 4 / 24

SLIDE 5

Boring Administrative Stuff

Tutorials

Register for a tutorial in Streams. Tutorials start in week 3.

Use the Course Web Page

▸ Textbooks ▸ Tentative Schedule ▸ Forum ▸ Lecture Notes

Course Web Page: http://cs.anu.edu.au/Student/comp2600/

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 5 / 24

SLIDE 6

History of Logic, the Science of Reasoning

▸ Aristotle: syllogistic logic logic. ▸ Leibniz: symbolic logic ▸ Boole: algebraic logic (boolean algebras) algebra. ▸ Russel: logic as foundation of mathematics logic. ▸ Later: Church, Turing, Curry, Goedel, Scott, Milner etc.: Formal

models of computational systems

Aristotle (384–322BC) Leibniz (1646– 1716) Boole (1815 – 1884) Russel (1872 – 1970)

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 6 / 24

SLIDE 7

Why study logic?

Coolness: Logic is cool — trust me. Hardware: Binary logic is logical. Software: Programming languages have logical constructs. Semantics: The language of logic is unambiguous and can be used to give meaning to programs. Proof: Arguments should be logical. Every day: Clearer thinking in every day situations. More effective communication.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 7 / 24

SLIDE 8

Propositions: Basic Building Blocks

Definition

A statement is a sentence for which it makes sense to ask whether it is true or false. A proposition is a statement that does not depend on any variables.

Example

▸ John had tea for breakfast. ▸ x2 > 12 ▸ Every integer > 2 is the sum of two primes (Goldbach’s conjecture)

We often use variables p,q,r to denote propositions (‘atomic propositions’

r ‘propositional variables’).

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 8 / 24

SLIDE 9

Logical Connectives

Operators on Statements

∧ conjunction, and ∨ disjunction, or → implication, if . . . then . . . ¬ negation, not ↔ , equivalence, if and only if ⊺, true, false

Definition

Propositional Formulae are built from a set of atomic propositions using the logical connectives.

Example

If p,q and ‘John had toast for breakfast’ and ’John is hungry’ are atomic propositions, then

▸ p → (¬q ∨ (p ↔ ⊺)) → (p ∧ q) ∨ r ▸ ’John had toast for breakfast’ → ’John is hungry’

are propositional formulae.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 9 / 24

SLIDE 10

Precedences and Meaning

Precedences

Operator priorities (‘strength of binding’) to minimise parentheses ¬ ≻ ∧ ≻ ∨ ≻ → ≻ ↔ where ≻ stands for ‘binds more strongly’ or ‘has higher precedence’.

Example

¬p ∨ q → r ∧ s ≡ ((¬p) ∨ q) → (r ∧ s) p ∨ q ∧ r ≡ p ∨ (q ∧ r)

Meaning of Connectives: Truth Tables

p q p ∧ q ⊺ ⊺ ⊺ ⊺

⊺
(and similarly for other connectives)

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 10 / 24

SLIDE 11

Tautologies

Definition

A propositional formula is said to be a tautology if it is true for all possible assignments of truth values to its atomic propositions.

Example

p ¬p p ∨ ¬p ⊺

⊺ In general, to prove a tautology, one can construct a truth table for the proposition and checks that its column is all ⊺s.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 11 / 24

SLIDE 12

Contradictions and Contingencies

Definition

A contradiction is a compound proposition which evaluates to for all values of its elementary propositions. A contingency is a compound proposition which may evaluate to ⊺ or for different values of its elementary propositions.

Example

1. ’John had toast for breakfast’ is a contingency.
2. ’John had toast for breakfast’ ∧¬ ’John had toast for breakfast’ is a

contradiction

3. p → (¬q ∨ (p ↔ ⊺)) → (p ∧ q) ∨ r – can be complicated!

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 12 / 24

SLIDE 13

(Algebraic) Laws of Propositional Calculus

Associative laws

▸ p ∨ (q ∨ r) ≡ (p ∨ q) ∨ r ▸ p ∧ (q ∧ r) ≡ (p ∧ q) ∧ r

Distributive laws

▸ p ∧ (q ∨ r) ≡ (p ∧ q) ∨ (p ∧ r) ▸ p ∨ (q ∧ r) ≡ (p ∨ q) ∧ (p ∨ r)

(These are just a representative few. Replacing ≡ by ↔ they are all tautologies.)

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 13 / 24

SLIDE 14

Logical Arguments, or: Formal Proofs

Example: Arguments in English

▸ If the professor is naked then the class is amused. ▸ If the class is amused and the material is organized then the class is

happy.

▸ The lecture is good if both the material is organized and the class is

happy.

▸ Therefore, the lecture is good if the professor is naked.

Typical Structure

▸ the assumptions appear above the horizontal line ▸ the conclusions appear below.

(Is this a valid argument?)

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 14 / 24

SLIDE 15

Exercise: Reconstruct the Argument in Logic

▸ identify the atomic propositions, or variables ▸ translate assumptions and conclusions into logical form

For Example

Propositions n – naked, a – amused, o – organised, h – happy, g – good Translation

▸ If the professor is naked then the class is amused: n → a ▸ If the class is amused and the material is organised, then the class is

happy: a ∧ o → h

▸ . . .

In Logical Form

n → a a ∧ o → h

∧ h → g

n → g As a single formula: (n → a) ∧ (a ∧ o → h) ∧ (o ∧ h → g) → (n → g)

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 15 / 24

SLIDE 16

Disjunctive Syllogism — An inference rule

Definition

An inference rule is a blueprint for a valid argument. Its propositions are variables, and applying an inference rule amounts to providing formulae for the variables.

Disjunctive Syllogism

One of Aristotle’ patterns of valid deduction: p ∨ q ¬p q

Example

The student was happy ∨ The student was awake ¬The student was happy The student was awake

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 16 / 24

SLIDE 17

Disjunctive Syllogism — Proof in the Algebraic Style

(p ∨ q) ∧ ¬p → q ≡ ¬p ∧ (p ∨ q) → q (commutativity) ≡ (¬p ∧ p) ∨ (¬p ∧ q) → q (distribution) ≡ ∨ (¬p ∧ q) → q (contradiction) ≡ ¬p ∧ q → q (or-simplification) ≡ ¬(¬p ∧ q) ∨ q (implication) ≡ (p ∨ ¬q) ∨ q (De Morgan) ≡ p ∨ (¬q ∨ q) (associativity) ≡ p ∨ ⊺ (excluded middle) ≡ ⊺ (or-simplification)

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 17 / 24

SLIDE 18

A non-example

‘Or’ in logic

In natural language, ’or’ is almost always exclusive.

▸ ‘Do you want to have chips or peas with your dinner?’ ▸ ‘The car was grey or green’

In logic, ’or’ is always inclusive – see the truth table.

Non-Example

The student was happy ∨ The student was awake The student was happy ¬The student was awake This “reasoning” is INVALID.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 18 / 24

SLIDE 19

Modus ponens — Inference rule

Modus Ponens: the most important rule

p → q p q

Example

The student worked hard → The student passed The student worked hard The student passed

Non-Example

The student worked hard → The student passed The student passed The student worked hard This “reasoning” is INVALID.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 19 / 24

SLIDE 20

Limitations of propositional logic

Is this argument valid? useful?

Natural language Propositional logic All COMP2600 students are happy. p Lisa is a COMP2600 student. q Therefore, Lisa is happy. ∴r

Maybe – but not in propositional logic!

Not a valid in terms of propositional logic, since p ∧ q → r is not a

tautology. (No relationship between the propositions.)

Problem

The identity of Lisa is not maintained through the propositions. In other words, the propositions don’t take arguments.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 20 / 24

SLIDE 21

Predicate Calculus: Propositions on Steroids

Formalising the Argument

What are the propositions? p(x) ≡ x is a COMP2600 student. q(x) ≡ x is happy. Logical Form of the argument: ∀x.p(x) → q(x) p(Lisa) q(Lisa) . . . which we might be able to deal with. . .

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 21 / 24

SLIDE 22

Predicates — Introduction

Definition

A statement that depends on (zero, one or more) variables is called a

predicate. They are usually written as expressions with (unbound)

variables, e.g. x > 5.

How to think about predicates

▸ As a a mapping from some domain to a Boolean value, such as

p ∶ N → Bool where p(x) ≡ x > 5.

▸ The domain of a predicate is some set of appropriate values for the

variable(x) in the predicate expression. In the above example the domain of p is N.

▸ If a predicate contains more than one variable, then the elements of

the domain are tuples. That is x + y = 5 is the function p ∶ N × N → Bool where p(x,y) ≡ (x + y = 5).

▸ Instantiating the variables in a predicate with values yields a

proposition, e.g. p(12,17) ≡ 12 + 17 = 5.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 22 / 24

SLIDE 23

Quantifiers – What they mean and how they are written

Definition

If P(x) is a predicate that depends on a variable x, then ∀x.P(x) means that P(x) is true for all values of x (chosen from a domain of discourse), and ∃x.P(x) means that P(x) is true for some choice of x (from a suitable domain of discourse). In both cases

▸ ∀ (resp. ∃) is the quantifier ▸ x is the quantified (or bound) variable.

Formulae of predicate logic are built from atomic predicates, propositional connectives and the quantifiers.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 23 / 24

SLIDE 24

Abbreviations and Simple Laws

Abbreviations

∀x,y.P(x,y) ≡ ∀x.∀y.P(x,y) ≡ ∀x.(∀y.P(x,y)) i.e. we can remove (some) parentheses and group quantifiers.

Quantifiers of the same type commute

∃x.∃y.P(x,y) ≡ ∃y.∃x.P(x,y) and ∀x.∀y.P(x,y) ≡ ∀y.∀x.P(x,y)

Quantifiers of different types don’t commute

Predicates. C(x,y) – car x has colour y

Translation.

▸ ∀x∃y.C(x,y) – every car has a colour. ▸ ∃y.∀x.C(x,y) – every car has the same colour.

Dirk Pattinson (ANU) COMP 2600 Semester 2, 2013 24 / 24