Proof Systems for Inductive Reasoning in the Logic of Bunched - PowerPoint PPT Presentation

Proof Systems for Inductive Reasoning in the Logic of Bunched Implications James Brotherston Dept. of Computing, Imperial College London J.Brotherston@imperial.ac.uk HAV workshop 25 March 2007

Overview The logic of bunched implications BI, offers a convenient means of expressing properties of programs that access and modify some shared resource (e.g., the heap). Our main contributions are: • to extend BI with a general framework for inductive definitions; • to give two proof systems in sequent calculus style for two different inductive reasoning techniques in the extended logic: 1. explicit rule induction over definitions; 2. cyclic proof embodying a notion of proof by infinite descent for inductively defined relations.

The logic of bunched implications ( BI ) • our structures M contain a notion of resource, given by a partial commutative monoid � R, ◦ , e � ; • in addition to the standard first-order logic connectives BI introduces the new binary connectives ∗ and — ∗ ; • satisfaction of a formula F is given by the relation M, r | = ρ F , where r ∈ R is the “current resource state”: Q M ( r, ρ ( t )) M, r | = ρ Q t ⇔ M, r | = ρ F 1 ∗ F 2 ⇔ r = r 1 ◦ r 2 and M, r 1 | = ρ F 1 and M, r 2 | = ρ F 2 for some r 1 , r 2 ∈ R M, r ′ | = ρ F 1 implies M, r ′ ◦ r | M, r | = ρ F 1 — ∗ F 2 ⇔ = ρ F 2 for all r ′ ∈ R

BI with inductive definitions (BI ID ) • two types of predicate symbol: ordinary Q 1 , Q 2 , . . . and inductive P 1 , . . . , P n ; • our inductive definitions are given by a finite set Φ of productions which are rules of the form: C ( x ) i ∈ { 1 , . . . , n } P i t ( x ) C ( x ) ::= I | Q t ( x ) | P i t ( x ) ( i ∈ { 1 , . . . , n } ) | C ( x ) ∧ C ( x ) | C ( x ) ∗ C ( x ) • from Φ we generate an n -ary monotone operator ϕ Φ .

Example: list segments x �→ x ′ ∗ ls x ′ y I ls x x ls x y where �→ is an ordinary predicate. In separation logic, ls is a predicate representing (possibly cyclic) list segments. The operator for Φ ls is defined by: ϕ Φ ls ( X ) = { ( e, ( d, d )) | d ∈ D } { ( r 1 ◦ r 2 , ( d, d ′ )) | ( r 1 , ( d, d ′′ )) ∈ �→ M ∪ and ( r 2 , ( d ′′ , d ′ )) ∈ X }

Example: tree segments x �→ ( x ′ , y ′ ) ∗ tree x ′ ∗ ts y ′ y x �→ ( x ′ , y ′ ) ∗ tree y ′ ∗ ts x ′ y I ts x x ts x y ts x y In separation logic, ts is a predicate representing (possibly cyclic) tree segments. We have: ϕ Φ ts ( X ) = { ( e, ( d, d )) | d ∈ D } { ( r 1 ◦ r 2 ◦ r 3 , ( d, d ′ )) | ( r 1 , ( d, ( d 1 , d 2 ))) ∈ �→ M ∪ and ( r 2 , d 1 ) ∈ tree M and ( r 3 , ( d 2 , d ′ )) ∈ X } { ( r 1 ◦ r 2 ◦ r 3 , ( d, d ′ )) | ( r 1 , ( d, ( d 1 , d 2 ))) ∈ �→ M ∪ and ( r 2 , d 2 ) ∈ tree M and ( r 3 , ( d 1 , d ′ )) ∈ X }

Standard models of BI ID • From the n -ary monotone operator ϕ Φ we construct a sequence ( ϕ α Φ ) of approximants by iteratively applying ϕ Φ to the empty set. α ϕ α • standard result: � Φ is the least prefixed point of ϕ Φ . Definition M is a standard model if for all inductive predicates P i we have P M = π n α ϕ α i ( � Φ ). i Proposition α ϕ α Φ = ϕ ω For any definition set Φ we have � Φ .

Sequent calculus rules for BI We write sequents Γ ⊢ F where F is a formula and Γ is a bunch : Γ ::= F | Γ; Γ | Γ , Γ where ; is equivalent to ∧ and , is equivalent to ∗ . The rules for the multiplicative connectives ∗ and — ∗ are: ∆ ⊢ F 1 Γ(∆ ′ , F 2 ) ⊢ F Γ( F 1 , F 2 ) ⊢ F (— ∗ L) ( ∗ L) Γ(∆ , ∆ ′ , F 1 — ∗ F 2 ) ⊢ F Γ( F 1 ∗ F 2 ) ⊢ F Γ , F 1 ⊢ F 2 Γ ⊢ F 1 ∆ ⊢ F 2 ( ∗ R) (— ∗ R) Γ ⊢ F 1 — ∗ F 2 Γ , ∆ ⊢ F 1 ∗ F 2

LBI ID : a sequent calculus for induction in BI ID Extend sequent calculus for BI by adding introduction rules for inductively defined predicates. E.g. the right-introduction rules for ls are: Γ ⊢ t 1 �→ t ∗ ls t t 2 ( ls R 2 ) Γ ⊢ I ( ls R 1 ) Γ ⊢ ls t 1 t 2 Γ ⊢ ls t t The left-introduction rules embody rule induction over definitions, e.g. for ls : ∆; I ⊢ Hxx ∆; x �→ x ′ ∗ Hx ′ y ⊢ Hxy Γ(∆; Htu ) ⊢ F (Ind ls ) Γ(∆; ls t u ) ⊢ F where H is the induction hypothesis associated with ls and x, x ′ , y are fresh. (NB. mutual definitions give rise to mutual induction rules.)

CLBI ω ID : a cyclic proof system for BI ID • Rules are as for LBI ID except the induction rules are replaced by weaker case-split rules, e.g. for ls : Γ( t 1 = t 2 ; I ) ⊢ F Γ( t 1 �→ x, ls x t 2 ) ⊢ F (Case ls ) Γ( ls t 1 t 2 ) ⊢ F where x is fresh. ls x t 2 is called a case-descendant of ls t 1 t 2 ; • pre-proofs are finite derivation trees in which every bud (node to which no proof rule is applied) is assigned a companion (an identically labelled interior node); • for soundness we need to impose a global condition on pre-proofs.

Traces A trace following a path (Γ i ⊢ F i ) in an CLBI ω ID pre-proof D is a sequence Ψ i ( τ i ) such that for each i : • Γ i = Ψ i ( τ i ) and τ i = P t for some inductive predicate P ; • if a case-split rule is applied at i , then τ i +1 may be a case-descendant of τ i (and we have progress at i ); • otherwise, τ i +1 is the occurrence in Γ i +1 ⊢ F i +1 corresponding to the occurrence of τ i in Γ i ⊢ F i , modulo any splitting of Γ i and any substitutions applied by the rule. Key point: if Γ ⊢ F is false in some r , ρ , then there is an ordinal associated with any trace element in Γ. Definition An CLBI ω ID pre-proof D is a proof if for every infinite path in D there is a trace following some tail of the path that progresses infinitely often.

Example: cyclic proof of list segment concatenation ( † ) ls x x ′ , ls x ′ y ⊢ ls x y (Id) (Id) (Subst) ls z x ′ , ls x ′ y ⊢ ls z y ls x y ⊢ ls x y x �→ z ⊢ x �→ z ( ≡ ) ( ∗ R) x �→ z, ls z x ′ , ls x ′ y ⊢ x �→ z ∗ ls z y I, ls x y ⊢ ls x y (=L) ( ls R 2 ) ( x ′ = x ; I ) , ls x ′ y ⊢ ls x y x �→ z, ls z x ′ , ls x ′ y ⊢ ls x y (Case ls ) ( † ) ls x x ′ , ls x ′ y ⊢ ls x y ( ∗ L) ls x x ′ ∗ ls x ′ y ⊢ ls x y A progressing trace following the cycle given by ( † ) is highlighted. One can build an infinitely progressing trace on the only infinite path by concatenating copies of this trace. So this pre-proof is a proof.

Discussion of CLBI ω ID • it is decidable whether a CLBI ω ID pre-proof is a proof; • some cyclic proofs seem to avoid the need for generalisation in inductive proof; • work is in progress to develop cyclic proof systems for proving termination of simple programs. J. Brotherston. Cyclic proofs for first-order logic with inductive definitions. In Proceedings of TABLEAUX 2005 . J. Brotherston and A. Simpson. Complete sequent calculi for induction and infinite descent. To appear at LICS 2007. J. Brotherston. Sequent Calculus Proof Systems for Inductive Definitions . PhD thesis, University of Edinburgh, November 2006.