SLIDE 1 Proof Systems for Inductive Reasoning in the Logic of Bunched Implications
James Brotherston
- Dept. of Computing, Imperial College London
J.Brotherston@imperial.ac.uk HAV workshop 25 March 2007
SLIDE 2 Overview
The logic of bunched implications BI, offers a convenient means
- f expressing properties of programs that access and modify
some shared resource (e.g., the heap). Our main contributions are:
- to extend BI with a general framework for inductive
definitions;
- to give two proof systems in sequent calculus style for two
different inductive reasoning techniques in the extended logic:
- 1. explicit rule induction over definitions;
- 2. cyclic proof embodying a notion of proof by infinite descent
for inductively defined relations.
SLIDE 3 The logic of bunched implications (BI)
- our structures M contain a notion of resource, given by a
partial commutative monoid R, ◦, e;
- in addition to the standard first-order logic connectives BI
introduces the new binary connectives ∗ and — ∗;
- satisfaction of a formula F is given by the relation
M, r | =ρ F, where r ∈ R is the “current resource state”: M, r | =ρ Qt ⇔ QM(r, ρ(t)) M, r | =ρ F1 ∗ F2 ⇔ r = r1 ◦ r2 and M, r1 | =ρ F1 and M, r2 | =ρ F2 for some r1, r2 ∈ R M, r | =ρ F1 — ∗ F2 ⇔ M, r′ | =ρ F1 implies M, r′ ◦ r | =ρ F2 for all r′ ∈ R
SLIDE 4 BI with inductive definitions (BIID)
- two types of predicate symbol: ordinary Q1, Q2, . . . and
inductive P1, . . . , Pn;
- our inductive definitions are given by a finite set Φ of
productions which are rules of the form: C(x) i ∈ {1, . . . , n} Pit(x) C(x) ::= I | Qt(x) | Pit(x) (i ∈ {1, . . . , n}) | C(x) ∧ C(x) | C(x) ∗ C(x)
- from Φ we generate an n-ary monotone operator ϕΦ.
SLIDE 5 Example: list segments
I ls x x x → x′ ∗ ls x′ y ls x y where → is an ordinary predicate. In separation logic, ls is a predicate representing (possibly cyclic) list segments. The
- perator for Φls is defined by:
ϕΦls(X) = {(e, (d, d)) | d ∈ D} ∪ {(r1 ◦ r2, (d, d′)) | (r1, (d, d′′)) ∈ →M and (r2, (d′′, d′)) ∈ X}
SLIDE 6
Example: tree segments
I ts x x x → (x′, y′) ∗ tree x′ ∗ ts y′ y ts x y x → (x′, y′) ∗ tree y′ ∗ ts x′ y ts x y In separation logic, ts is a predicate representing (possibly cyclic) tree segments. We have: ϕΦts(X) = {(e, (d, d)) | d ∈ D} ∪ {(r1 ◦ r2 ◦ r3, (d, d′)) | (r1, (d, (d1, d2))) ∈ →M and (r2, d1) ∈ tree M and (r3, (d2, d′)) ∈ X} ∪ {(r1 ◦ r2 ◦ r3, (d, d′)) | (r1, (d, (d1, d2))) ∈ →M and (r2, d2) ∈ tree M and (r3, (d1, d′)) ∈ X}
SLIDE 7 Standard models of BIID
- From the n-ary monotone operator ϕΦ we construct a
sequence (ϕα
Φ) of approximants by iteratively applying ϕΦ
to the empty set.
α ϕα Φ is the least prefixed point of ϕΦ.
Definition M is a standard model if for all inductive predicates Pi we have P M
i
= πn
i ( α ϕα Φ).
Proposition For any definition set Φ we have
α ϕα Φ = ϕω Φ.
SLIDE 8
Sequent calculus rules for BI
We write sequents Γ ⊢ F where F is a formula and Γ is a bunch: Γ ::= F | Γ; Γ | Γ, Γ where ; is equivalent to ∧ and , is equivalent to ∗. The rules for the multiplicative connectives ∗ and — ∗ are: ∆ ⊢ F1 Γ(∆′, F2) ⊢ F (— ∗L) Γ(∆, ∆′, F1 — ∗ F2) ⊢ F Γ(F1, F2) ⊢ F (∗L) Γ(F1 ∗ F2) ⊢ F Γ, F1 ⊢ F2 (— ∗R) Γ ⊢ F1 — ∗ F2 Γ ⊢ F1 ∆ ⊢ F2 (∗R) Γ, ∆ ⊢ F1 ∗ F2
SLIDE 9
LBIID: a sequent calculus for induction in BIID
Extend sequent calculus for BI by adding introduction rules for inductively defined predicates. E.g. the right-introduction rules for ls are: Γ ⊢ I (lsR1) Γ ⊢ ls t t Γ ⊢ t1 → t ∗ ls t t2 (lsR2) Γ ⊢ ls t1 t2 The left-introduction rules embody rule induction over definitions, e.g. for ls: ∆; I ⊢ Hxx ∆; x → x′ ∗ Hx′y ⊢ Hxy Γ(∆; Htu) ⊢ F (Ind ls) Γ(∆; ls t u) ⊢ F where H is the induction hypothesis associated with ls and x, x′, y are fresh. (NB. mutual definitions give rise to mutual induction rules.)
SLIDE 10 CLBIω
ID: a cyclic proof system for BIID
- Rules are as for LBIID except the induction rules are
replaced by weaker case-split rules, e.g. for ls: Γ(t1 = t2; I) ⊢ F Γ(t1 → x, ls x t2) ⊢ F (Case ls) Γ(ls t1 t2) ⊢ F where x is fresh. ls x t2 is called a case-descendant of ls t1 t2;
- pre-proofs are finite derivation trees in which every bud
(node to which no proof rule is applied) is assigned a companion (an identically labelled interior node);
- for soundness we need to impose a global condition on
pre-proofs.
SLIDE 11 Traces
A trace following a path (Γi ⊢ Fi) in an CLBIω
ID pre-proof D is
a sequence Ψi(τi) such that for each i:
- Γi = Ψi(τi) and τi = Pt for some inductive predicate P;
- if a case-split rule is applied at i, then τi+1 may be a
case-descendant of τi (and we have progress at i);
- otherwise, τi+1 is the occurrence in Γi+1 ⊢ Fi+1
corresponding to the occurrence of τi in Γi ⊢ Fi, modulo any splitting of Γi and any substitutions applied by the rule. Key point: if Γ ⊢ F is false in some r, ρ, then there is an
- rdinal associated with any trace element in Γ.
Definition An CLBIω
ID pre-proof D is a proof if for every infinite path in D
there is a trace following some tail of the path that progresses infinitely often.
SLIDE 12 Example: cyclic proof of list segment concatenation
(Id) ls x y ⊢ ls x y (≡) I, ls x y ⊢ ls x y (=L) (x′ = x; I), ls x′ y ⊢ ls x y (Id) x → z ⊢ x → z (†) ls x x′, ls x′ y ⊢ ls x y (Subst) ls z x′, ls x′ y ⊢ ls z y (∗R) x → z, ls z x′, ls x′ y ⊢ x → z ∗ ls z y (lsR2) x → z, ls z x′, ls x′ y ⊢ ls x y (Case ls) (†) ls x x′, ls x′ y ⊢ ls x y (∗L) ls x x′ ∗ ls x′ y ⊢ ls x y
A progressing trace following the cycle given by (†) is
- highlighted. One can build an infinitely progressing trace on the
- nly infinite path by concatenating copies of this trace. So this
pre-proof is a proof.
SLIDE 13 Discussion of CLBIω
ID
- it is decidable whether a CLBIω
ID pre-proof is a proof;
- some cyclic proofs seem to avoid the need for generalisation
in inductive proof;
- work is in progress to develop cyclic proof systems for
proving termination of simple programs.
Cyclic proofs for first-order logic with inductive definitions. In Proceedings of TABLEAUX 2005.
- J. Brotherston and A. Simpson.
Complete sequent calculi for induction and infinite descent. To appear at LICS 2007.
Sequent Calculus Proof Systems for Inductive Definitions. PhD thesis, University of Edinburgh, November 2006.
