AutomatedProgramVeriﬁcationandTesting …mfredrik/15414/lectures/05-fol.pdf · AutomatedProgramVeriﬁcationandTesting 15414/15614Fall2016 Lecture5: First-OrderLogic Matt Fredrikson

Automated Program Verification and Testing15414/15614 Fall 2016Lecture 5:First-Order Logic

Matt [email protected]

October 17, 2016

Matt Fredrikson FOL 1 / 33

Motivation

Propositional logic is limited

How could we express the following?

▶ All cats have more days than dogs.▶ The length of one side of a triangle is less than the sum of the

lengths of the other two sides.

First-order logic gives us ways of talking about:▶ Infinite sets of objects▶ Functions and relations over objects▶ Quantified statements over objects


First-Order Logic: Syntax

Logical Symbols:▶ Propositional connectives: ∧,∨,¬,→,↔▶ Variables: v, y, z, x1, x2, . . .

▶ Quantifiers: ∃, ∀Non-logical symbols (parameters):

▶ Constant symbols: c1, c2, . . .▶ Function symbols: g, h, f, f1, f2, . . .▶ Predicate symbols: r, q, p, p1, p2, . . .


First-Order Logic: Syntax

Predicate and function symbols are associated with an arity

Natural number that describes # of arguments

Examples:▶ =: arity 2▶ f(a, b, c): arity 3▶ Constants: can be seen as 0-arity functions▶ Propositional variables: can be seen as 0-arity predicates


First-Order Logic: Terms

Terms in FOL evaluate to values other than truth values▶ People▶ Strings▶ 64-bit integers

Terms are expressions that name objects

▶ Constants are terms▶ Variables are terms▶ For each function symbol f of arity n,

f(t1, . . . , tn)is a term if t1, . . . , tn are terms.


First-Order Logic: Atoms

Atoms in FOL evaluate to either true or false

These generalize propositional assertions▶ ⊥, ⊤ are atoms▶ Nullary predicates p, q, . . . are atoms▶ For each predicate symbol p of arity n,

p(t1, . . . , tn)is an atom is t1, . . . , tn are atoms

As before, a literal is an atom or its negation


First-Order Logic: Formulas

A first-order formula is:▶ A literal▶ The application of ¬,∧,∨,→,↔ to a formula▶ The application of a quantifier to a formula

There are two quantifiers:▶ ∀x.F [x]: “For all x, F [x]”▶ ∃x.F [x]: “There exists an x such that F [x]”

In each case,▶ x is the quantifiedvariable▶ F [x] is the scope of the quantifier▶ x is bound in F [x] by the quantifier▶ y is free in F if it is not bound by any quantifier


Closed, Open, and Ground Formulas

A few distinctions on first-order formulas:▶ A formula is closed if it contains no free variables▶ Closed formulas are also called sentences▶ A formula containing free variables is open▶ A formula is ground if it contains no variables

Which are these examples▶ ∀y.((∀x.p(x)) → q(x, y)

▶ ∀y.((∀x.p(x)) → (∃x.q(x, y)))▶ p(a, f(b)) → q(c)


Examples

How do we “pronounce” the formula?Which variables are free/bound?

∀x.p(f(x), y) → ∀y.p(f(x), y)

∀x.g(x) → ∃y.f(y) ∧ h(x, y)

∀x′.x′ < x → ∀y.y > 0 → r(x′, y) < y

p(i, u) → (f(a, i) = e → ∃j.ℓ ≤ j ≤ u ∧ f(a, j) = e)


Expressions in FOL

“All cats have more days than dogs.”∀x, y.dog(x) ∧ cat(y) → ndays(y) > ndays(x)

The numeric array a is sorted∀i.0 ≤ i < |a| → a[i] ≤ a[i + 1]

Graph G contains a triangle∃v1, v2, v3.e(v1, v2) ∧ e(v2, v3) ∧ e(v3, v1)

Graph G is connected. . .


First-Order Logic: Semantics

A first-order structure S = (D, I):

▶ D: universeofdiscourse, non-empty set of objects we’d liketo talk about

▶ I: Interpretation mapping parameters to objects, functions, andpredicates in DI :

1. every constant symbol to a value in D

2. every function symbol f of arity n to a function fI : D 7→ D

3. every relation symbol p of arity n to a relation pI ⊆ Dn

Assignments map variables to values (not object constants!):α : Vars 7→ DI


Example

x + y > z → y > z − x

What’s the “standard” structure?

Universe of discourse:▶ D = Z = {. . . ,−1, 0, 1, . . .}

Interpretation:▶ Function symbols: + 7→ +Z,− 7→ −Z

▶ Predicate symbols: > 7→>Z

Possible assignment:α = {x 7→ 0, y 7→ 1, z 7→ −1}


Evaluating Terms

Given I and α, we can evaluate terms to values in D

We write ⟨I, α⟩(a) to denote the evaluation of term a

Three cases for terms:

▶ Object constants: ⟨I, α⟩(a) = I(a)

▶ Variables: ⟨I, α⟩(v) = α(v)

▶ Function terms:⟨I, α⟩(f(t1, . . . , tn)) = I(f)(⟨I, α⟩(t1), . . . , ⟨I, α⟩(tn))


Evaluating Formulas

Given D, I, α, we define the evaluation of a first-order formula F

We write:

▶ D, I, α |= F if F evaluates to true

▶ D, I, α ̸|= F if F evaluates to false

Base cases:▶ D, I, α |= ⊤ and D, I, α ̸|= ⊥

▶ D, I, α |= p(t1, . . . , tn) iff (⟨I, α⟩(t1), . . . , ⟨I, α⟩(tn)) ∈ I(p)


Evaluating Formulas

Inductive case for connectives:

D, I, α |= ¬F iff D, I, α ̸|= F

D, I, α |= F1 ∧ F2 iff D, I, α |= F1 and D, I, α |= F2

D, I, α |= F1 ∨ F2 iff D, I, α |= F1 or D, I, α |= F2

D, I, α |= F1 → F2 iff D, I, α ̸|= F1 or I |= F2

D, I, α |= F1 ↔ F2 iff D, I, α |= F1 and I |= F2, orD, I, α ̸|= F1 and D, I, α ̸|= F2

These are the same as they were for propositional logic


Example

For universe D = {◦, •}, assignment α = {x 7→ •, y 7→ ◦}, and I:▶ I(a) = ◦▶ I(f) = {(◦, ◦) 7→ ◦, (◦, •) 7→ •, (•, ◦) 7→ •, (•, •) 7→ ◦}▶ I(g) = {◦ 7→ •, • 7→ ◦}▶ I(p) = {(◦, •), (•, •)}

What do the following evaluate to?▶ p(a, g(◦)) = true

▶ p(x, f(g(x), y)) → p(y, g(x)) = true


Evaluating Quantifiers

Let x be a variable assigned by α

An x-variant of α is an interpretation that:▶ Agrees with α on all variables except x▶ Assigns x to some given value c ∈ D

We write an x-variant of α as α[x 7→ c]

Universal quantifier:D, I, α |= ∀x.F iff for all c ∈ D,D, I, α[x 7→ c] |= F

Existential quantifierD, I, α |= ∃x.F iff there exists c ∈ D,D, I, α[x 7→ c] |= F


Example

For universe D = {◦, •}, assignment α = {x 7→ •, y 7→ ◦}, and I:▶ I(a) = ◦▶ I(f) = {(◦, ◦) 7→ ◦, (◦, •) 7→ •, (•, ◦) 7→ •, (•, •) 7→ ◦}▶ I(g) = {◦ 7→ •, • 7→ ◦}▶ I(p) = {(◦, •), (•, •)}

What do the following evaluate to?▶ ∃x.¬p(x, g(a)) = false

▶ ∀w.∃z.p(w, f(g(w), z)) = true

▶ (∃x.p(x, x)) → p(y, g(x)) = false


Satisfiability & Validity

A first-order formula F is satisfiable if and only if:

There exists S = (D, I) and assignment α where D, I, α |= F

A first-order formula F is valid if and only if:

For all S = (D, I) and assignments α, D, I, α |= F

We write |= F when F is valid

As before, these are dual to eachother


Example

Is the formula ∃x.f(x) = g(x) satisfiable?

Satisfying S, α:

▶ D = {0, 1}▶ I(f) = {0 7→ 1, 1 7→ 1}▶ I(g) = {0 7→ 0, 1 7→ 1}

Is it valid?

Falsifying S, α:

▶ D = {0, 1}▶ I(f) = {0 7→ 1, 1 7→ 1}▶ I(g) = {0 7→ 1, 1 7→ 0}


Proving Validity for First-Order Logic

We’ll extend the semantic argument method from earlier1. Assume F is not valid: there exists I such that I ̸|= F

2. Apply proof rules (more on this shortly)3. If: no contradiction, no applicable rules, conclude that F is

invalid4. If: every branch reaches contradiction, conclude that F is valid

But, we need new proof rules for quantifiers


Brief Review: Proof Rules

Recall the semantics for implication:

▶ From D, I, α |= F1 → F2:D, I, α |= F1 → F2

D, I, α ̸|= F1 | D, I, α |= F2

▶ From D, I, α ̸|= F1 → F2:D, I, α ̸|= F1 → F2

D, I, α |= F1 D, I, α ̸|= F2


Proof Rules: Universal Quantification

▶ From D, I, α |= ∀x.F :D, I, α |= ∀x.F

D, I, α[x 7→ c] |= FFor any c ∈ D

For example, if we know D, I, α |= ∀x.p(x, a)

Then we can conclude D, I, α[x 7→ b] |= p(x, a)


Proof Rules: Universal Quantification

▶ From D, I, α ̸|= ∀x.F :D, I, α ̸|= ∀x.F

D, I, α[x 7→ c] ̸|= FFor a fresh c ∈ D

Here, “fresh” means “not used previously in the proof”

If D, I, α ̸|= ∀x.F , all we know is that F doesn’t hold for some object

We don’t know which object

Hence, we pick a new one, making no assumptions


Proof Rules: Existential Quantification

▶ From D, I, α |= ∃x.F :D, I, α |= ∃x.F

D, I, α[x 7→ c] |= FFor a fresh c ∈ D

Again “fresh” means “not used previously in the proof”

Notice the similarity to the previous rule


Proof Rules: Existential Quantification

▶ From D, I, α ̸|= ∃x.F :D, I, α ̸|= ∃x.F

D, I, α[x 7→ c] ̸|= FFor any c ∈ D

There does not exist any object c for which F holds

No matter what x maps to, F won’t hold

Even if its something we used before


Deriving a Contradiction

▶ Contradiction rule:

D, I, α[· · · ] |= p(s1, . . . , sn)D, I, α[· · · ] ̸|= p(t1, . . . , tn)

⟨I, α[· · · ]⟩(si) = ⟨I, α[· · · ]⟩(ti) for all 1 ≤ i ≤ n

⊥

In the top two lines, the assignments are both variants of α

Contradiction exists whenever disagreement on value of p

For example, if D, I, {x 7→ a} |= p(x)D, I, {y 7→ a} ̸|= p(y)

then ⊥


Example

Prove the following valid:

F : (∀x.p(x)) → (∀y.p(y))

1 D, I, α ̸|= F2 D, I, α |= ∀x.p(x) 1 and →3 D, I, α ̸|= ∀y.p(y) 1 and →4 D, I, α[x 7→ c] |= p(x) 2 and ∀5 D, I, α[y 7→ c] ̸|= p(x) 3 and ∀6 ⊥ 4 and 5


Example

Prove the following valid:

F : (∀x.p(x)) ↔ (¬∃x.¬p(x))

1 I, α ̸|= F2a I, α |= ∀x.p(x) 1 and ↔3a I, α ̸|= ¬∃x.¬p(x) 1 and ↔4a I, α |= ∃x.¬p(x) 3a and ¬5a I, α[x 7→ c] |= ¬p(x) 4a and ∃6a I, α[x 7→ c] |= p(x) 2a and ∀7a ⊥ 5a and 6a

2b I, α ̸|= ∀x.p(x) 1 and ↔3b I, α |= ¬∃x.¬p(x) 1 and ↔4b I, α[x 7→ o] ̸|= p(x) 2b and ∀5b I, α ̸|= ∃x.¬p(x) 3b and ¬6b I, α[x 7→ o] ̸|= ¬p(x) 5b and ∃7b I, α[x 7→ o] |= p(x) 6b and ¬8b ⊥ 4b and 7b


Soundness and Completeness

These proof rules satisfy important properties

SoundnessIf every branch of the semantic argument proof derives acontradiction, then F is invalid. In other words, the proof rules don’treach wrong conclusions.

CompletenessIf F is valid, then there exists a finite-length proof in which everybranch derives a contradiction. In other words, there are no validformulas we can’t prove to be valid.

This is called refutationalcompleteness


Decidability of First-Order Logic

Decidable ProblemA decision problem is decidable if and only if there exists aprocedure P such that, for any input, either

1. Halts with “yes” when the answer is positive2. Halts with “no” when the answer is negative

Importantresult (Church & Turing): The problem of deciding validityfor first-order logic is not decidable.

Is there a problem here?


Semidecidability

Semidecidable ProblemA decision problem is semidecidable if and only if there exists aprocedure P such that, for any input, either

1. Halts with “yes” when the answer is positive2. Halts with “no” when the answer is negative3. or does not halt when the answer is negative

The first-order validity decision problem is semidecidable▶ Procedure always halts with yes when F is valid▶ Might not terminate when F is not valid


Next Lecture

Topic: First-order theories

Read: Chapter 3, up to (not including) 3.5

Start the homework!

Come to office hours with questions


Documents

AutomatedProgramVeriﬁcationandTesting …mfredrik/15414/lectures/05-fol.pdf · AutomatedProgramVeriﬁcationandTesting 15414/15614Fall2016 Lecture5: First-OrderLogic Matt Fredrikson