Reference Card Jean-Raymond Abrial and Thai Son Hoang April 2008
Contents 1 - Logic Rules of Inference: slides 2 to 6. - Equality Rules of Inference: slide 7. - Set-theoretic Axioms and Definitions: slides 8 to 20. - Syntax of Event-B: slides 21 to 23. - Proof Obligation Rules: slides 24 to 36. - ASCII Representations of the Math. Symbols: slides 37 to 41. 1
Basic Inference Rules of Mathematical Reasoning 2 HYP H , P ⊢ P H ⊢ Q MON H , P ⊢ Q H ⊢ P H , P ⊢ Q CUT H ⊢ Q 2
Propositional Calculus Rules of Inference (1) 3 - Rules about conjunction H , P , Q ⊢ R H ⊢ P H ⊢ Q AND L AND R ⊢ P ∧ Q H H , P ∧ Q ⊢ R - Rules about implication H , P ⊢ Q ⊢ H , P , Q R IMP L IMP R H , P , P ⇒ Q ⊢ R H ⊢ P ⇒ Q Note: Rules with a double horizontal line can be applied in both directions 3
Propositional Calculus Rules of Inference (2) 4 - Rules about negation NOT L CNTR ⊥ ⊢ P P , ¬ P ⊢ Q H , P ⊢ Q H , P ⊢ ¬ Q NOT R H ⊢ ¬ P H , ¬ P ⊢ Q H , ¬ P ⊢ ¬ Q NOT R ⊢ H P 4
Propositional Calculus Rules of Inference (3) 5 - Rules about disjunction H , P R H , Q R ⊢ ⊢ OR L H , P ∨ Q R ⊢ H P H Q ⊢ ⊢ OR R1 OR R2 H P ∨ Q ⊢ H P ∨ Q ⊢ - Transforming a disjunctive goal H , ¬ P Q ⊢ NEG H P ∨ Q ⊢ 5
Predicate Calculus Rules of Inference 6 H , ∀ x · P(x) , P(E) ⊢ Q H ⊢ P(x) ALL L ALL R H , ∀ x · P(x) ⊢ Q H ⊢ ∀ x · P(x) H , P(x) ⊢ Q H ⊢ P(E) XST L XST R H , ∃ x · P(x) ⊢ Q H ⊢ ∃ x · P(x) - In rule ALL L and XST R , E is an expression - In rule ALL R and XST L , variable x is not free in H . 6
Equality Rules of Inference 7 H(F) , E = F P(F) H(E) , E = F P(E) ⊢ ⊢ EQ LR EQ RL H(E) , E = F P(E) H(F) , E = F P(F) ⊢ ⊢ EQL E = E ⊢ H E = G F = I ⊢ ∧ PAIR H E �→ F = G �→ I ⊢ 7
Basic Set Operator Memberships (Axioms) 8 These axioms are defined by equivalences. Left Part Right Part E �→ F ∈ S × T E ∈ S ∧ F ∈ T S ∈ P ( T ) ∀ x · x ∈ S ⇒ x ∈ T E ∈ { x · x ∈ S ∧ P ( x ) | F ( x ) } ∃ x · x ∈ S ∧ P ( x ) ∧ E = F ( x ) E ∈ { x | x ∈ S ∧ P ( x ) } E ∈ S ∧ P ( E ) 8
Set Inclusion and Extensionality Axiom 9 Left Part Right Part S ⊆ T S ∈ P ( T ) S = T S ⊆ T ∧ T ⊆ S The first rule is just a syntactic extension The second rule is the Extensionality Axiom 9
Elementary Set Operator Memberships 10 E ∈ S ∪ T E ∈ S ∨ E ∈ T E ∈ S ∩ T E ∈ S ∧ E ∈ T E ∈ S \ T E ∈ S ∧ E / ∈ T E ∈ { a, . . . , b } E = a ∨ . . . ∨ E = b E ∈ ∅ ⊥ 10
Generalizations of Elementary Operator Memberships 11 E ∈ union ( S ) ∃ s · s ∈ S ∧ E ∈ s E ∈ � x · x ∈ S ∧ P ( x ) | T ( x ) ∃ x · x ∈ S ∧ P ( x ) ∧ E ∈ T ( x ) E ∈ inter ( S ) ∀ s · s ∈ S ⇒ E ∈ s E ∈ � x · x ∈ S ∧ P ( x ) | T ( x ) ∀ x · x ∈ S ∧ P ( x ) ⇒ E ∈ T ( x ) Well-definedness condition for case 3: S � = ∅ Well-definedness condition for case 4: ∃ x · x ∈ S ∧ P ( x ) 11
Binary Relation Operator Memberships (1) 12 Left Part Right Part r ∈ S ↔ T r ⊆ S × T E ∈ dom ( r ) ∃ y · E �→ y ∈ r F ∈ ran ( r ) ∃ x · x �→ F ∈ r E �→ F ∈ r − 1 F �→ E ∈ r 12
Binary Relation Operator Memberships (2) 13 Left Part Right Part r ∈ S ↔ → T r ∈ S ↔ T ∧ ran( r ) = T r ∈ S ← ↔ T r ∈ S ↔ T ∧ dom( r ) = T r ∈ S ↔ ↔ T r ∈ S ↔ → T ∧ r ∈ S ← ↔ T 13
Binary Relation Operator Memberships (3) 14 Left Part Right Part E �→ F ∈ S ✁ r E ∈ S ∧ E �→ F ∈ r E �→ F ∈ r ✄ T E �→ F ∈ r ∧ F ∈ T E �→ F ∈ S ✁ − r E / ∈ S ∧ E �→ F ∈ r E �→ F ∈ r ✄ − T E �→ F ∈ r ∧ F / ∈ T 14
Binary Relation Operator Memberships (4) 15 F ∈ r [ w ] ∃ x · x ∈ w ∧ x �→ F ∈ r E �→ F ∈ ( p ; q ) ∃ x · E �→ x ∈ p ∧ x �→ F ∈ q p ✁ − q (dom ( q ) ✁ − p ) ∪ q E �→ F ∈ id ( S ) E ∈ S ∧ F = E 15
Binary Relation Operator Memberships (5) 16 E �→ ( F �→ G ) ∈ p ⊗ q E �→ F ∈ p ∧ E �→ G ∈ q ( E �→ F ) �→ G ∈ prj 1 ( S, T ) E ∈ S ∧ F ∈ T ∧ G = E ( E �→ F ) �→ G ∈ prj 2 ( S, T ) E ∈ S ∧ F ∈ T ∧ G = F ( E �→ G ) �→ ( F �→ H ) ∈ p � q E �→ F ∈ p ∧ G �→ H ∈ q 16
Some Useful Modelling Concepts 17 Given a relation r such that r ∈ S ↔ S r = r − 1 r is symmetric r ∩ r − 1 = ∅ r is asymmetric r ∩ r − 1 ⊆ id( S ) r is antisymmetric id( S ) ⊆ r r is reflexive r ∩ id( S ) = ∅ r is irreflexive r ; r ⊆ r r is transitive 17
� Function Operator Memberships (1) 18 Left Part Right Part ( f − 1 ; f ) = id(ran( f )) f ∈ S � → T f ∈ S ↔ T ∧ f ∈ S → T f ∈ S � → T ∧ S = dom( f ) f − 1 ∈ T � f ∈ S T f ∈ S � → T ∧ → S f − 1 ∈ T � f ∈ S T f ∈ S → T ∧ → S 18
Function Operator Memberships (2) 19 Left Part Right Part f ∈ S � ։ T f ∈ S � → T ∧ T = ran( f ) f ∈ S ։ T f ∈ S → T ∧ T = ran( f ) f ∈ S ։ T f ∈ S T ∧ f ∈ S ։ T 19
Applying a Function 20 Given a partial function f , we have Left Part Right Part F = f ( E ) E �→ F ∈ f f is a partial function Well-definedness conditions: 20
Context Structure 21 context < context identifier > extends ⋆ < context identifier > . . . sets ⋆ < set identifier > . . . constants ⋆ < constant identifier > . . . axioms ⋆ < label > : < predicate > . . . theorems ⋆ < label > : < predicate > . . . end - Sections with " ⋆ " might be empty - All keyword sections are predefined in the Rodin Platform - All labels are generated automatically by the Rodin Platform (but can be modified) 21
Machine Structure 22 machine < machine identifier > refines ⋆ < machine identifier > sees ⋆ < context identifier > . . . variables < variable identifier > . . . invariants < label > : < predicate > . . . theorems ⋆ < label > : < predicate > . . . events initialisation . . . . . . variant ⋆ < variant > end - Each machine has exactly one initialisation event - All keyword sections are predefined in the Rodin Platform - All labels are generated automatically by the Rodin Platform (but can be modified) 22
Event Structure 23 < event identifier > � = status { ordinary, convergent, anticipated } refines ⋆ < event identifier > . . . any ⋆ < parameter identifier > . . . where ⋆ < label > : < predicate > . . . with ⋆ < label > : < witness > . . . then ⋆ < label > : < action > . . . end - Notice that keyword " where " becomes " when " in the Rodin Platform Pretty Print when there is no " any ". - Again, all keyword sections are predefined in the Rodin Platform. - All labels are generated automatically by the Rodin Platform (but can be modified) 23
Formal Definition of Invariant Preservation (INV) 24 seen sets s : seen constants c : variables v : evt seen axioms and thms A ( s, c ) : any x where invariants and thms. I ( s, c, v ) : G ( x, s, c, v ) specific event evt : then event parameters x : v : | BAP ( x, s, c, v, v ′ ) event guards G ( x, s, c, v ) : end BAP ( x, s, c, v, v ′ ) event before-after predicate : inv ( s, c, v ′ ) modified specific invariant : Axioms A ( s, c ) Invariants I ( s, c, v ) Guards of the event evt/inv/ INV G ( x, s, c, v ) Before-after predicate of the event BAP ( x, s, c, v, v ′ ) ⊢ ⊢ Modified Specific Invariant inv ( s, c, v ′ ) - In case of the initialization event, I ( s, c, v ) is removed from the hypotheses 24
Formal Definition of the Feasibility PO (FIS) 25 s : seen sets c : seen constants evt v : variables any x where seen axioms and thms A ( s, c ) : G ( x, s, c, v ) I ( s, c, v ) : invariants and thms. then specific event evt : v : | BAP ( x, s, c, v, v ′ ) x : event parameters end event guards G ( x, s, c, v ) : BAP ( x, s, c, v, v ′ ) : event action Axioms A ( s, c ) Invariants I ( s, c, v ) Guards of the event evt/act/ FIS G ( x, s, c, v ) ⊢ ⊢ ∃ v ′ · Before-after predicate ∃ v ′ · BAP ( x, s, c, v, v ′ ) 25
Formal Definition of the Guard Strengthening PO (GRD) 26 s : seen sets evt c : seen constants refines evt0 v : abstract variables evt0 any w : concrete variables any x A ( s, c ) : seen axioms and thms y where abs. invts. and thms. I ( s, c, v ) : where g ( x, s, c, v ) J ( s, c, v, w ) : conc. invts. and thms. H ( y, s, c, w ) . . . evt : specific concrete event with then abstract event parameter x : x : W ( x, y, s, c, w ) . . . y : concrete event parameter then end g ( x, s, c, v ) : abstract event specific guard . . . H ( y, s, c, w ) : concrete event guards end Axioms A ( s, c ) Abstract invariants and thms. I ( s, c, v ) Concrete invariants and thms. J ( s, c, v, w ) Concrete event guards evt/grd/ GRD H ( y, s, c, w ) witness predicate W ( x, y, s, c, w ) ⊢ ⊢ Abstract event specific guard g ( x, s, c, v ) - It is simplified when there are no parameters 26
Recommend
More recommend
