CS 376 Programming with Abstract Data Types Ulrich Berger 1 - - PDF document

CS 376 Programming with Abstract Data Types

Ulrich Berger

1 Introduction This course is about the development of reliable software, i.e., computer programs that are (i) adequate, i.e. solve the customers problem, (ii) correct, i.e. are free of bugs and thus behave the way the programmer wants them to behave, (iii) easy to maintain, i.e. can be easily modified or ex- tended without introducing new errors.

It is estimated that presently 80% of the total time and money presently invested into software development is spent for finding errors and amending incorrect or poorly de- signed software. Therefore: we need better programming methodologies.

The program development methods studied in this course will mainly rely on

• mathematical modelling
• formal specification
• formal reasoning

Other courses where these issues also played and will play an important role:

• Modelling Computing Systems
• Logic Programming
• System Specification
• Theory of Programming Languages
• Logic and Foundations of Mathematics
• Mathematics for Computation
• Logic and Semantics
• Functional Programming I,II
• Interactive Theorem Proving
• Concepts of Programming Languages
• Algebraic Specification of Software and Hardware

Practical applications:

• Implementation of ADTs in programming languages
• Structuring of large software systems through ADTs
• System support for the specification of ADTs
• Industrially applied specification languages
• Rapid prototyping
• Program verification

Literature [1] J Loeckx, H-D Ehrich, M Wolf, Specification of Abstract Data Types Wiley/Teubner 1996. Theoretical foundations of ADTs, [2] K Meinke, J V Tucker, Universal Algebra, pp. 189- 411 in Handbook of Logic in Computer Science, OUP, 1992. Model-theoretic aspects [3] A Baader, T Nipkow, Term rewriting and all that, CUP, 1998. Algorithmic aspects

[4] N Dale, H M Walker, Abstract Data Types: Speci- fication, Implementations, and Applications, D C Heath Company, 1996. Applications in programming [5] D van Dalen, Logic and Structure, third edition, Springer, 1994. Logical foundations [6] A Eliens, Principles of Object-Oriented Software De- velopment, 2nd edition, Addison Wesley 2000. ADTs and Object Orientation [7] C Okasaki, Purely Functional data Structures, Cam- bridge, 1998. Implementation of ADTs

2 Formal Methods in Software Design

• The software design process
• An Example of Program Development
• Programming by transformation
• Programming by extraction from proofs

Conventional software design

❄

problem ✛

❄

programming program

❄

compiling maintenance testing program in machine code

❄

executing results

Deficiencies:

• Tests can only confirm the existence of errors, not their

absence = ⇒ Testing fails to prove correctness

• In testing results are compared with expectations (which

might be wrong) = ⇒ Inadequacies are not detected

11

• Goal

Avoid errors and inadequacies, or detect and correct them in an early stage of the design

• Idea

Formalize problem and derive program in controlled steps

Controlled program development

❄ ✛ ✛ ❄

problem rapid protot.

❄

informal spec. formalization

✛ ✛ ❄

formal specification

• prog. verif.

maintenance program development

❄

program written in

• prog. lang.

compiling

❄

program written in machine code executing testing results

• 1. Informal specification, abstract from unnecessary de-

tails.

• 2. Formalisation. Formal specification possibly executable

(rapid prototyping). Inadequacies of the specification are detected at an early stage.

• 3. Program development leads to a provably correct pro-

gram.

• 4. Testing.

14

Example Problem Compute the gcd of two positive natural numbers m, n. Informal specification gcd(m, n) is a number k that divides m and n, such that if l is any other number l also dividing m and n then l divides k. Formal specification k = gcd(m, n) ↔ k | m ∧ k | n ∧ ∀l(l | m ∧ l | n → l | k) k | m ↔ ∃q k ∗ q = m Transformation Program extraction Formal specification 1 Prove the formula ∃r [ r < n ∧ ∃q m = q ∗ n + r ∧ ∀m > 0 ∀n > 0 ∃k r = 0 → gcd(m, n) = n ∧ k | m ∧ k | n ∧ r > 0 → gcd(m, n) = gcd(n, r) ] ∀l(l | m ∧ l | n → l | k) Formal specification 2 Extract from a formal proof mod(m, n) < n ∧ ∃q[m = q ∗ n + mod(m, n) ∧ a program gcd provably mod(m, n) = 0 → gcd(m, n) = n ∧ satisfying the specification. mod(m, n) > 0 → That is, the formula gcd(m, n) = gcd(n, mod(m, n)) ∀m > 0 ∀n > 0 Formal specification 3 gcd(m, n) | m ∧ gcd(m, n) | n ∧ m < n → mod(m, n) = m ∧ ∀l(l | m ∧ l | n → l | gcd(m, n)) m ≥ n → mod(m, n) = mod(m − n, n) ∧ mod(m, n) = 0 → gcd(m, n) = n ∧ is provable mod(m, n) > 0 → gcd(m, n) = gcd(n, mod(m, n))

Program function mod (m,n:integer, m,n>0) : integer; begin if m < n then mod := m else mod := mod(m-n,n) end function gcd (m,n:integer, n>0) : integer; begin r:= mod(m,n); if r=0 then gcd := n else gcd := gcd(n,r) end

Programming by transformation For correctness one needs to prove Formal specification ↑ Formal specification 1 ↑ Formal specification 2 ↑ Formal specification 3 Also, a proof is required that the derived program termi- nates on all legal inputs.

Formal specifications as they occurred in this example are called algebraic specifications because their natural interpretations are algebras. The class of models of an algebraic specification forms an Abstract Data Type (ADT). In the literature (but not in this course) algebraic specifi- cations and abstract data types are often identified.

Program development using ADTs is a well-established tech- nique for producing reliable software. Main methodological principles:

• Abstraction:

The description of unnecessary details is avoided.

• Modularisation

The programming task is divided into small manageable pieces that can be solved inde- pendently.

Program Extraction from Proofs

• 1. Programming problem is given in the form

∀x ∃y A(x, y)

• 2. Find a constructive formal proof of

∀x ∃y A(x, y)

• 3. Extract (automatically) program p from the proof that

provable meets the specification: ∀x A(x, p(x))

Constructive proofs

• Introduced by Kronecker, Brouwer and Kolmogorov
• Formalization by Heyting
• Algorithmic interpretation of constructive proofs is called

– BHK-interpretation – Curry-Howard-interpretation – proofs-as-programs paradigm formula ≡ data type constructive proof of formula A ≡ program of type A

Proof calculus studied in this course: Natural Deduction Systems supporting program extraction from proofs: Agda, Coq, Fred, Minlog, NuPrl, PX, . . .

3 Logic

• Signatures and algebras
• Terms and Formulas and their Semantics
• Logical Consequence, Validity, Satisfiability
• Undecidability of Validity
• Substitutions
• Other Logics

23

Signatures A many-sorted signature is a pair Σ = (S, Ω) such that

• S is a set of sorts
• Ω is a set of operations
• Operations are of the form

f : s1 × . . . × sn → s, where s1 × . . . × sn → s is called arity of f, with argument sorts s1, . . . , sn and tar- get sort s.

24

Algebras A many-sorted algebra A for a signature Σ = (S, Ω) is given by the following.

• For each sort s in S a nonempty set As, the

carrier set of sort s.

• For each constant c: s in Ω, that is operation

with arity → s, an element cA ∈ As.

• For each operation f : s1 × . . . × sn → s in Ω

a function fA: As1 × . . . × Asn → As

25

Example Signature Σ Sorts nat, boole Constants 0: nat, T: boole, F: boole Operations add: nat × nat → nat ≤: nat × nat → boole

26

Algebra A Carriers N, B Constants 0, T, F Operations +: N × N → N ≤: N × N → B N := {0, 1, 2, . . .} B := {T, F}

27

Algebra B Carriers N+, B Constants 1, T, F Operations ∗: N+ × N+ → N+ |: N+ × N+ → B m | n :⇔ m divides n

28

Terms Let Σ = (S, Ω) be a signature, and let for every sort s ∈ S a set Xs of variables be given. Σ-terms and their sorts are defined by the fol- lowing rules. (i) Every variable x ∈ Xs is a term of sort s. (ii) Every constant c in Σ of sort s is a term of sort s. (iii) If f : s1 × . . . × sn → s is an operation in Σ, and t1, . . . , tn are terms of sorts s1, . . . , sn, respectively, then f(t1, . . . , tn) is a term of sort s.

29

• The set of all terms of sort s with variables in

X is denoted by T(Σ, X)s.

• A term is closed if it doesn’t contain vari-

ables, i.e. is built without the use of rule (i).

• The set of all closed terms of sort s is denoted

by T(Σ)s.

• Clearly T(Σ)s = T(Σ, ∅)s.

30

Examples of terms x add(0, y) add(add(0, x), y) add(add(0, 0), add(x, x)) add(0, add(0, add(0, 0))) Which of these terms are closed?

31

Semantics of terms Let A be an algebra for the signature Σ = (S, Ω), and let X = (Xs)s∈S a set of variables. A variable assignment α: X → A is a func- tion assigning to every variable x ∈ Xs an ele- ment α(x) ∈ As. Given a variable assignment α: X → A we define for each term t ∈ T(Σ, X)s its value tA,α ∈ As by the following rules. (i) xA,α := α(x). (ii) cA,α := cA. (iii) f(t1, . . . , tn)A,α := fA(tA,α

1

, . . . , tA,α

n

).

32

Semantics of closed terms For closed terms t, i.e. t ∈ T(Σ) (= T(Σ, ∅)) the variable assignment α and rule (i) are obsolete and we write tA instead of tA,α

33

Example and exercise α: {x, y} → N, α(x) := 3 and α(y) := 5. xA,α = α(x) = 3 0A,α = 0A = 0 add(0, y)A,α = add(add(0, x), y)A,α = add(add(0, 0), add(x, x))A,α = add(0, add(0, add(0, 0)))A,α = Compute tB,α for the assignment α and the terms t above.

34

Formulas over a signature Σ (i) ⊥ is a formula, called absurdity. (ii) If t1, t2 ∈ T(Σ, X) are terms of the same sort then t1 = t2 is a formula. (iii) If P and Q are formulas then so are P → Q , P ∧ Q , P ∨ Q (iv) If P is a formula then so are ∀x P , ∃x P for every variable x ∈ X.

35

Free variables

• A free occurrence of a variable x in a formula P is

an occurrence of x in P which is not in the scope of a quantifier ∀x or ∃x.

• FV(P) := the set of free variables of P.
• L(Σ, X) := {P | P Σ-formula , FV(P) ⊆ X}
• L(Σ) := L(Σ, ∅),
• A formula P is closed if FV(P) = ∅.
• L(Σ) is the set of closed Σ-formulas

(that is, L(Σ) = L(Σ, ∅)).

36

Remarks

• Formulas as defined above are usually called first-order

formulas, since we allow quantification over object variables only. If we would also quantify over set vari- ables we would obtain second-order formulas.

• A formula is quantifier free, qf for short, if it doesn’t

contain quantifiers.

• An equation is a formula of the form t1 = t2.
• A formula is universal if it is of the form ∀x1 . . . ∀xn P

where P is quantifier free.

37

Abbreviations Formula Abbreviation P → ⊥ ¬P (negation) (P → Q) ∧ (Q → P) P ↔ Q (equivalence) t = T t where t is of sort boole

38

Formula Abbreviation ∀x1∀x2 . . . ∀xn P ∀x1, x2, . . . , xnP ∃x1∃x2 . . . ∃xn P ∃x1, x2, . . . , xn P ∀x1, . . . , xnP, ∀ P (closure of P) where {x1, . . . , xn} = FV(P)

39

Examples and exercises P1 :≡ F = F P2 :≡ x = 0 → add(y, x) = x P3 :≡ ∃y (x = y → ∀z x = z) P4 :≡ ∀x (≤ (y, x) = T) P4 can be abbreviated ∀x (y ≤ x).

• Compute the free variables of these formulas.
• Which formulas are closed?
• Which formulas are quantifier free?
• Which formulas are universal?
• Which formulas are equations?

40

Semantics of formulas Let

• A a Σ-algebra,
• P a Σ-formula,
• α a variable assignment, that is, a mapping assign-

ing to every variable x of sort s an element α(s) ∈ As. We define the relation A, α | = P which can be equivalently read as P holds in A under the assignment α

• r

A,α is a model of P

41

(i) A, α | = ⊥, i.e. A, α | = ⊥ does not hold. (ii) A, α | = t1 = t2 iff tA,α

1

= tA,α

2

. (iii) A, α | = P ∧ Q iff A, α | = P and A, α | = Q. A, α | = P ∨ Q iff A, α | = P or A, α | = Q. A, α | = P → Q iff A, α | = P implies A, α | = Q (that is A, α | = P or A, α | = Q).

42

(iv) A, α | = ∀x P iff A, αa

x |

= P for all a ∈ As A, α | = ∃x P iff A, αa

x |

= P for at least one a ∈ As (provided x is of sort s). αa

x(x) := a

αa

x(y) := α(y) if y is different from x

43

A Σ-algebra P closed Σ-formula α0 the empty variable assignment, α0: ∅ → A Γ set of closed Σ-formulas Truth A | = P : ⇔ A, α0 | = P (“P is true in A”; “P holds in A”) Model A | = Γ : ⇔ A | = P for all P ∈ Γ (“A is a model of Γ”)

44

Logical consequence Γ | = P : ⇔ P is true in all models of Γ that is, Γ | = P : ⇔ for all A (A | = Γ ⇒ A | = P) (“P is a logical consequence of Γ”; “Γ logically implies P”)

45

A Σ-algebra P closed Σ-formula Γ set of closed Σ-formulas Validity | = P : ⇔ A | = P for all A (“P is (logically) valid”; “P is a tautology”) Satisfiability Γ is satisfiable : ⇔ A | = Γ for some A (“Γ has a model”)

46

Theorem (A Church) It is undecidable whether or not a formula is valid. (Proof: reduce the halting problem to the validity problem (i.e. code Turing machines into logic) However: There is an effective procedure generating all valid formulas (technically: the set of valid formulas is re- cursively enumerable). ⇒ next chapter.

47

Exercise: Level 1 tutorial allocation On the form it says: “Please mark with a cross every time slot where you have a lecture in the first or second teaching block” Formalize the statement “The form f for first-year tutorial allocation has been filled out correctly”.

48

Use the following signature: Signature Σ Sorts boole, time, student, course, form Constants T: boole, F: boole Operations crossed: form × time → boole tutee: form → student

• ncourse: student × course → boole

slottb1: course × time → boole slottb2: course × time → boole

49

The intended interpretation (algebra) for this signature is: time the set of possible slots for a tutorial, that is, Mon 9 - Fri 15. student the set of level 1 students course the set of courses at UWS form the set of (filled in) forms crossed(f, t) tests whether on the form f there is a cross at time t tutee(f) the student whose name is on form f

• ncourse(s, x) tests whether student s has taken

course x slottbi(x, t) tests whether course x has a slot at time t in TB i.

50

Exercise (ctd.) Extend the signature on the previous slide by a sort lform for forms where a lecturer can cross out all times when he

• r she is not available for a tutorial, and an operation

lcrossed: lform × time → boole with a meaning analogous to the operation crossed. Write a formula containing a free variable f that expresses that the student on the form f cannot be allocated a tuto- rial slot (use a variable lf of sort lform).

51

Other logics First-order predicate logic is a general purpose logic. It is used to

• formulate and answer questions concerning the founda-

tions of mathematics,

• specify and verify programs written in all kinds of pro-

gramming languages.

52

Some specialized sub-logics tailored for specific kinds of problems in computer science:

• Hoare logic – imperative programs
• higher-order logic – functional program’s
• clausal logic – logic programming, AI
• modal/temporal/process logic – distributed processes
• equational logic – hardware, rapid prototyping
• bounded/linear logic – complexity analysis

. . .

53

Exercises

• 1. In this and the next exercise we consider terms of an

arbitrary signature. Define the size of a term t, that is, the number of oc- currences of variables, constants and operations in t, by recursion on t.

54

• 2. We define the depth of a term t as the length of the

longest branch in the syntax tree of t, that is, depth(t) = 0, if t is a constant or a variable. depth(f(t1, . . . , tn)) = 1 + maximum{depth(t1), . . . , depth(t1)} Show size(t) ≤ 1 + arity(t)depth(t) where arity(t) is 0 if t is a constant or a variable, and oth- erwise the largest arity of an operation occurring in t. Hint: First, give a recursive definition of arity(t).

55

• 3. Compute the value of the term t := f(x, f(x, x)) in the

algebra C with carrier N and f C(n, m) := n+2∗m under the valuation α with α(x) := 3.

56

• 4. Let Σ be the signature with one sort, one constant, 0, and

two binary operations, + and ∗. Let R be the Σ-algebra with the real numbers as carrier, the constant 0, and the usual addition and multiplication of real numbers. Write down formulas that express in R the following statements: (a) x ≤ y. (b) x = 1.

57

4 Proofs

• Natural Deduction
• Equality rules
• Soundness and Completeness
• Axioms and rules for data types

58

We will now study a proof calculus for deriving facts of the form Γ | = P According to G¨

• del’s Completeness Theorem, there is

a bunch of simple proof rules that suffices to derive all true statements of the form Γ | = P. In particular all tautologies can be derived (set Γ := ∅).

59

Kurt G¨

• del (1906-1978)

60

Natural Deduction The proof calculus we will study is usually called Natural Deduction. It was introduced by Gentzen and further developed by Prawitz. Compared with other proof calculi, e.g. Sequent Calculi,

• r Hilbert Calculi, Natural Deduction has two advan-

tages:

• It is close to the natural way of human reasoning and

thus easy to learn;

• It is closely related to functional programming and thus

particularly suited for program synthesis from proofs.

61

Propositional rules

Introduction rules Elimination rules ∧ P Q ∧+ P ∧ Q P ∧ Q ∧− l P P ∧ Q ∧− r Q → u : P . . . Q →+ u P → Q P → Q P →− Q ∨ P ∨+ l P ∨ Q Q ∨+ r P ∨ Q P ∨ Q P → R Q → R ∨− R ⊥ ⊥ efq P ¬¬P raa P

62

Quantifier rules

Introduction rules Elimination rules ∀ P(x) ∀+ ∀x P(x) (*) ∀x P(x) ∀− P(t) ∃ P(t) ∃+ ∃x P(x) ∃x P(x) ∀x (P(x) → Q) ∃− Q (**) (*) x not free in any free assumption above that rule. (**) x not free in Q. Introduction Rules: How to obtain a formula. Elimination Rules: How to use a formula.

63

• A derivation is a finite tree d where each node is la-

beled by a formula and a rule according to the derivation rules.

• An application of the rule →+, deriving P → Q from

Q, binds every (unlabelled) occurrence of P at a leaf above that rule. We mark such a binding by attaching to the leaf P and the rule →+ a fresh label u.

• The formula at the root of d is called the end formula
• f d.
• The formulas at the leaves of d which are not bound by

implication introduction are called the free assump- tions of d, denoted FA(d).

• If d is a derivation with FA(d) ⊆ Γ and end formula P,

we say d is derivation of P from Γ and write Γ ⊢ d: P.

64

Conjunction Introduction Elimination P Q ∧+ P ∧ Q P ∧ Q ∧− l P P ∧ Q ∧− r Q Example A derivation of Q ∧ P from the (free) assumption P ∧ Q: P ∧ Q ∧− r Q P ∧ Q ∧− l P ∧+ Q ∧ P

65

Exercise Derive from the assumption P ∧ (Q ∧ R) the formula (P ∧ Q) ∧ R.

66

Implication Introduction Elimination u : P . . . Q →+ u P → Q P → Q P →− Q Example u : P ∧ Q ∧− r Q u : P ∧ Q ∧− l P ∧+ Q ∧ P →+ u P ∧ Q → Q ∧ P

67

Further examples u : P →+ v Q → P →+ u P → (Q → P) P ∧ Q → R u : P v : Q ∧+ P ∧ Q →− R →+ v Q → R →+ u P → (Q → R)

68

Proof strategy: Construct derivations “bottom up”. Exercise: Derive from the assumption P → (Q → R) the formula P ∧ Q → R. Notation: P1 → P2 → . . . → Pn−1 → Pn abbreviates P1 → (P2 → . . . → (Pn−1 → Pn) . . .) Exercise: Derive (P → Q → R) → (P → Q) → P → R.

69

Disjunction Introduction Elimination P ∨+ l P ∨ Q Q ∨+ r P ∨ Q P ∨ Q P → R Q → R ∨− R Disjunction elimination represents proof by case analysis: If we know P ∨ Q, we can prove any formula R by case analysis. Case P: Prove R assuming P holds, i.e. prove P → R. Case Q: Prove R assuming Q holds, i.e. prove Q → R.

70

Example Deriving Q ∨ P from P ∨ Q. P ∨ Q u : P ∨+ r Q ∨ P →+ u P → Q ∨ P v : Q ∨+ l Q ∨ P →+ v Q → Q ∨ P ∨− Q ∨ P

71

Proof strategy: Working bottom up

• use disjunction elimination (with P ∨ Q say) as

early as possible, as it reduces a goal R to the simpler goals P → R and Q → R;

• use disjunction introduction as late as possible:

Proving P ∨ Q by disjunction introduction means to commit yourself to proving either P or Q, so the goal P ∨ Q is replaced by the stronger goal P (or Q). Exercise Prove (P ∧ Q) ∨ (P ∧ R) → P ∧ (Q ∨ R).

72

Absurdity Introduction Elimination None ⊥ efq P ¬¬P raa P efq = ex-falso-quodlibet: From falsity (= absurdity) deduce anything. raa = reductio-ad-absurdum: To prove P, it suffices to reduce ¬P to absurdity, that is, prove ¬P → ⊥ (≡ ¬¬P).

73

Example (Peirce’s law) u : ¬P w : (P → Q) → P u : ¬P v : P →− ⊥ efq Q →+ v P → Q →− P →− ⊥ →+ u ¬¬P raa P →+ w ((P → Q) → P) → P

74

The rule ex-falso-quodlibet is weaker than reductio-ad-absurdum in the sense that the former can be obtained from the latter: From the assumption ⊥ we can derive any formula P with-

• ut using ex-falso-quodlibet (but using reductio-ad-absurdum

instead): ⊥ →+ u (P → ⊥) → ⊥ raa P However, we are particularly interested in proofs using ex- falso-quodlibet only, because they directly correspond to programs. Proofs using the stronger rule reductio-ad-absurdum do (in general) not correspond to programs.

75

Universal Quantification Introduction Elimination P(x) ∀+ ∀x P(x) (*) ∀x P(x) ∀− P(t) (*) provided x does not occur free in any free assumption above that rule. Example ∀x P(x) ∀− P(x + 1) ∀+ ∀x P(x + 1) The variable condition is satisfied, because x is not free in ∀x P(x).

76

What is wrong with the following ‘derivations’? ∀y(x < 1 + y) ∀− x < 1 + 0 ∀+ ∀x(x < 1 + 0) ∀ x(∀y(x < y + 1) → x = 0) ∀− ∀y(y < y + 1) → y = 0 ∀y(y < y + 1) →− y = 0 ∀+ ∀y(y = 0) Exercise Prove ∀x (P(x) → Q(x)) → ∀x P(x) → ∀x P(x)

77

Existential Quantification Introduction Elimination P(t) ∃+ ∃x P(x) ∃x P(x) ∀x (P(x) → Q) ∃− Q (**) (**) provided x is not free in Q Example u : ∀x (x − 1) + 1 = x ∀− (x − 1) + 1 = x ∃+ ∃y(y + 1 = x) ∀+ ∀x ∃y(y + 1 = x) →+ u ∀x ((x − 1) + 1 = x) → ∀x ∃y(y + 1 = x) Exercise Derive from ∀x(P(x) → Q(f(x))) the formula ∃x P(x) → ∃y Q(y)

78

Equality rules Reflexivity refl t = t Symmetry s = t sym t = s Transitivity r = s s = t trans r = t Compatibility s1 = t1 . . . sn = tn comp f(s1, . . . , sn) = f(t1, . . . , tn) for every operation f of n arguments.

79

Example ∀x ∀y (x + y = y + x) ∀− ∀y (0 + y = y + 0) ∀− 0 + x = x + 0 ∀x (x + 0 = x) ∀− x + 0 = x trans 0 + x = x refl y = y comp (0 + x) ∗ y = x ∗ y ∀+ ∀y ((0 + x) ∗ y = x ∗ y) ∀+ ∀x ∀y ((0 + x) ∗ y = x ∗ y)

80

Classical, intuitionistic, and minimal derivability Γ ⊢c P : ⇔ Γ ⊢ d: P for some derivation d. (P is derivable from Γ in classical logic) Γ ⊢i P : ⇔ Γ ⊢ d: P for some derivation d not using the rule reductio-ad-absurdum. (P is derivable from Γ in intuitionistic logic) Γ ⊢m P : ⇔ Γ ⊢ d: P for some derivation d using neither the rule reductio-ad-absurdum nor the rule ex- falso-quodlibet. (P is derivable from Γ in minimal logic)

81

Fundamental properties of substitution Lemma Let t(x) be a term possibly containing the variable x, and let r, s be terms of the same sort as x. Then r = s ⊢m t(r) = t(s) Proof. Induction on t(x). Lemma Let P(x) be a formula possibly containing the variable x, and let r, s be terms of the same sort as x. Then r = s ⊢m P(r) ↔ P(s) Proof. Induction on the formula P(x).

82

Soundness Theorem If Γ ⊢c P then Γ | = P.

• Proof. The theorem follows immediately from the follow-

ing statement which can be easily shown by induction on derivations: For every finite set of (not necessarily closed) formulas Γ and every formula P, if Γ ⊢c P then A, α | = P for all algebras A and variable assignments α such that A, α | = Γ Completeness Theorem (G¨

• del)

If Γ | = P then Γ ⊢c P. The proof of this theorem is beyond the scope of this course.

83

Definition (Consistency) A (possibly infinite) set of formulas Γ is called consistent if Γ ⊢c ⊥, that is there is no (classical) derivation of ⊥ from assumptions in Γ. In other words: A set of formulas Γ is consistent if and only if no contradiction can be derived from Γ. Satisfiability Theorem Every consistent set of formulas has a model. Exercise. Prove the Satisfiability Theorem from the Com- pleteness Theorem and vice versa.

84

Axioms for the booleans Boole 1 boole1 T = F Boole 2 boole2 ∀x (x = T ∨ x = F) Lemma We can derive ∀x (¬x ↔ x = F) without assumptions. Proof: Exercise

85

Peano Axioms (G Peano, 1858-1932) Peano 1 peano1 0 = t + 1 Peano 2 peano2 s + 1 = t + 1 → s = t Induction P(0) ∀x (P(x) → P(x + 1)) ind ∀x P(x) Remarks

• 1. In applications there will be further axioms describing

additional operations on the booleans and natural numbers. Examples are, the equations defining addition by primitive recursion from zero and the successor function.

• 2. Similar axioms can be introduced for data types such as

lists or trees.

86

Summary

• Derivations: minimal, intuitionistic and classical.
• Soundness and Completeness Theorem for First-Order

Logic.

• Axioms and rules for equality and data types.

87

Exercises

• 1. Minimal logic

(a) (P → ¬Q) → (Q → ¬P) (b) (P → (Q → R)) → ((P → Q) → (P → R)) (c) P → ¬¬P (d) ¬(P ∧ ¬P) (e) (P ∧ (Q ∨ R)) ↔ ((P ∧ Q) ∨ (P ∧ R)) (f) (P ∨ Q) → ¬(¬P ∧ ¬Q) (g) ¬(P ↔ ¬P)

88

• 2. Intuitionistic logic

(a) (P ∧ ¬P) → R (b) (¬P ∨ Q) → (P → Q) (c) (¬¬P → P) ↔ ((¬P → P) → P) (d) (P ∨ Q) → (¬P → Q)

89

• 3. Classical logic

(a) ¬¬P → P (b) (¬P → P) → P (c) P ∨ ¬P (d) ¬(¬P ∧ ¬Q) → (P ∨ Q) (e) ¬(¬P ∨ ¬Q) → (P ∧ Q) (f) ¬(P → Q) → P ∧ ¬Q

90