Computing Fundamentals 1 Lecture 0 Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/Compfund1/compfun1.htm Room K308 Based on Chapter 0. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Leibniz: Logician, Mathematician “It is unworthy of excellent men to lose hours like slaves in the labour of calculations which could safely be relegated to anyone else if machines were used.” Leibniz 1646-1716. Some ideas from Leibniz are used in the course text. http://en.wikipedia.org/wiki/Gottfried_Leibniz

Leibniz: Logician, Mathematician Leibniz identified the main components that make automated reasoning possible: A language for expressing ideas precisely Rules of calculation for manipulating ideas in the language The need to mechanize the calculations. http://en.wikipedia.org/wiki/Gottfried_Leibniz http://en.wikipedia.org/wiki/Gottfried_Leibniz Leibniz identified the main components that make automated reasoning possible: 1 a language for expressing ideas precisely, 2 rules of calculation for manipulating ideas in the language 3 the need to mechanize the calculations.

Computing Fundamentals 1 This module presents theoretical aspects of computer science which are necessary to support and enhance other modules on the course. In particular the topics covered on this module will be required in computer technology, databases, software engineering, programming, GIS. Artificial Intelligence, and algorithms. Lectures Logic 3 Set Theory 2 Relations 1 Functions 1 Boolean Algebra 1

Computing Fundamentals 1 Logic: Propositional calculus, truth tables, logical equivalence, logical argument, predicate calculus, simple proofs. Set Theory: Algebra of sets, power sets, cardinality, Venn diagrams, programming using sets. Relations: Types, representations, equivalence, partial order, relational database theory. Functions: The graph of a function, properties, composition, functions in programming languages. Boolean Algebra: Basic laws, simplification of expressions, application to switching circuits. Number Systems: Binary, octal, decimal, hexadecimal, simple binary arithmetic. Supporting software: The above topics will be supported by software tools including functional and logic based languages. Lectures Logic 3 Set Theory 2 Relations 1 Functions 1 Boolean Algebra 1

Computing Fundamentals 1 The aim of this module is to provide the student with the theoretical foundations for other modules on the programme. Lectures Logic 3 Set Theory 2 Relations 1 Functions 1 Boolean Algebra 1

Computing Fundamentals 1 Main Reference A Logical approach to Discrete Math By David Gries and Fred B. Schneider Publisher: Springer; 1 edition (1993) ISBN: 0387941150 Lectures Logic 3 Set Theory 2 Relations 1 Functions 1 Boolean Algebra 1

Computing Fundamentals 1 Useful Reading Seymour Lipschutz, Essential Computer Mathematics, Schaum's Outline series, 1987, ISBN 0-07-0379990-4. Winfred Karl Grassmann and Jean-Paul Tremblay , 1996, Logic and Discrete Mathematics; A Computer Science Perspective, Prentice Hall 1996, ISBN: 0-13-501206-6. Seymour Lipschutz and Marc Lars Lipson, 1997, Discrete Mathematics, Schaum's Outline series, ISBN 0-07-038045-7.   Lectures Logic 3 Set Theory 2 Relations 1 Functions 1 Boolean Algebra 1

Mathematics & Logic Mathematics can be used to represent, or model the world. Math provides a precise, concise representation of quantities and relationships. As Information Scientists we are required to reason correctly to reach conclusions, and hence we need a knowledge of formal logic.

Formalizing Common Sense The following pair of signs are displayed at the foot of an escalator. What do they mean? They have exactly the grammatical structure. Dogs Must Be Carried Shoes Must Be Worn

Formalizing Common Sense If I tell you: “The vase is in the box” Can you deduce by logic the following? “Hence the box is not inside the vase” Are the following a well formed logical statement? I am standing and I am sitting. I am standing and I am running.

Syntax and Semantics What do the following symbols mean? The number six VI 3 + 3 The smallest whole number greater that five. The integer successor of five. The positive square root of 36.

Syntax and Semantics We need to separate symbols from meaning. What do the following symbols mean? 2^7 = 128 2^6 = 64 2^5 = 32 2^4 = 16 2^3 = 8 2^2 = 4 2^1 = 2 2^0 = 1 2^7 = 128 2^6 = 64 2^5 = 32 2^4=16 2^3=8 2^2=4 2^1=2 2^0=1 128+32+16++2+1=179 10^2 = 100 10^1 = 10 10^0 = 1

Computing Powers in CafeOBJ mod! POWER { protecting(NAT) op _^_ : Nat Nat -> Nat vars X I : Nat eq X ^ 0 = s 0 . – s is successor function eq X ^ I = X * (X ^ ( p I)) . } -- Open the module and reduce expression open POWER red (2 ^ 7) + (2 ^ 5) + (2 ^ 4) + (2 ^ 1) + (2 ^ 0) . (179):NzNat

Syntax and Semantics A language has a formal syntax (or grammar) which describes how sentences can be put together. Well formed sentences that obey the syntax are called Well Formed Formulas (WFF). Keep in mind that a WFF is purely a syntactic entity, we are not interested in badly formed sentences or formulas. The truth value of a WFF depends on the truth values we assign to the propositions it involves. An inference system is a deductive mechanism for manipulating a language’s WFF It has two parts, Axioms and Inference rules: Axioms WFF that can be written without reference to other WFF. Inference rules allow us to produce new WFF as an immediate consequence of old WFF. Various proof techniques Equational reasoning with equivalences Natural Deduction Induction Case Analysis One point rule (page 148) Guide for axiom writing (chapter 8) You should include axioms that apply each observer or extension to each generator, except where an error might occur. A formal system has a language and an inference system CafeOBJ is a formal system. Syntax refers to the structure of expressions, or rules for putting symbols together to form expressions. Semantics refers to the meaning of expressions or how they are evaluated.

Syntax and Semantics A language has a formal syntax (or grammar) which describes how sentences can be put together. Well formed sentences that obey the syntax are called Well Formed Formulas (WFF). Keep in mind that a WFF is purely a syntactic entity, we are not interested in badly formed sentences or formulas. The truth value of a WFF depends on the truth values we assign to the propositions it involves. An inference system is a deductive mechanism for manipulating a language’s WFF It has two parts, Axioms and Inference rules: Axioms WFF that can be written without reference to other WFF. Inference rules allow us to produce new WFF as an immediate consequence of old WFF. Various proof techniques Equational reasoning with equivalences Natural Deduction Induction Case Analysis One point rule (page 148) Guide for axiom writing (chapter 8) You should include axioms that apply each observer or extension to each generator, except where an error might occur. A formal system has a language and an inference system CafeOBJ is a formal system. Syntax refers to the structure of expressions, or rules for putting symbols together to form expressions. Semantics refers to the meaning of expressions or how they are evaluated.

What is computing?

Logic Logic is the glue that binds together methods of reasoning, in all domains. Proof methods have their basis in formal logic. An interpretation assigns meaning to the operators, constants, and variables of a logic (model theory). From Gries & Schneider[1] Logic is the study of reasoning; it is specifically concerned with whether reasoning is correct. Logic focuses on the relationship among statements as opposed to the content of any particular statement. From Johnsonbaugh[2] Logic as Theory of Science: People can hold scientific theories. A scientific theory consists of a multiplicity of acts of knowing, of verifying and falsifying, validating and calculating. Logic is a theory which seeks to determine the conditions which must be satisfied by a collection of acts if it is to count as a science. Logic is a ‘theory of science’. Barry Smith[3] [1] A Logical approach to Discrete Math By David Gries and Fred B. Schneider [2] Discrete Mathematics (5th Edition) by Richard Johnsonbaugh [3] Logic and Formal Ontology, Barry Smith

Logic and Language Logic takes into account syntactically well-formed sentences and studies whether they are semantically correct. There are sentences that are syntactically correct but not from the semantic point of view. For instance "The big house is green" is both syntactically and semantically correct (provided the house under consideration is green), while "The big house is small" is contradictory as a sentence and thus semantically incorrect.

Logic and Language Keep in mind the distinction between formal logic on this course and the intuitive everyday logic (informal) Further we often use informal logic to reason about formal logic. For example, we can say the a particular logic is not suited to a particular task.

Logic and Language Consider two English sentences: A Mother is a Person. Ellen is a Mother. What does “is a” mean in each sentence? Two possible mathematical meanings: A Mother is a Person: Mother ⊆ Person Ellen is a Mother: Ellen ∊ Mother What is the relation between Ellen and Person? With “A Mother is a Person” we might mean mother is a “kind-of” person. Theorem: Ellen ∊ Person

Logic and Language We will start with a logic called equational logic We will use the CafeOBJ language, which is based on equational logic. We will use CafeOBJ as a functional programming language and as a theorem prover. The role of CafeOBJ on this course is to provide a logically based language that can be used to represent the mathematical concepts such as logic itself, sets, functions, relations and even programs (considering programs as mathematical objects). At the end of the course you should be able to read and understand small CafeOBJ proofs and programs.

Mathematical Models Mathematical models are more concise, precise, and rigorous than informal English descriptions. A mathematical model allows us compute solutions. A mathematical model allows computers and humans to reason about the problems in a mechanical way. This allows us to: manipulate expressions; prove properties from and about expressions; obtain new results from know facts or expressions

Mathematical Models There are rules that allow use to perform syntactic manipulations without regards for semantics. Rigour does not mean complexity. Rigour is defined as “strict precision or exactness”. Rigour usually leads to simplicity of proof and extensibility. With a mathematical based language, like CafeOBJ, one can specify or represent , reason, prove, and compute A value is, in contrast a computation does something. A value has a value type, a computation has computation type.

Equational logic Equational logic (EL) can be used as a tool to reason about systems. EL is based on equality and Leibniz’s rule for substituting equals for equals. You should be familiar with EL from school. For example. Mary has twice as many apples as John, can be written as: m = 2 * j There are many values of m and j that make the equation true (e.g. m=4 and j=2, m=6 and j=3). Syntax refers to the structure of expressions, or rules for putting symbols together to form expressions. Semantics refers to the meaning of expressions or how they are evaluted.

Equational logic Mary has twice as many apples as John. Mary throws half her apples away, because they were rotten, and John eats one of his. Mary still has twice as many apples as John. How many apples did Mary and John have initially? (0.1) m = 2 * j and [EQ1] m/2 = 2 * (j – 1) [EQ2] There are now fewer values of m and j that make these two equations true (m=4 and j=2). Are these equations consistent? Are there values of m and j that make one equation true and the other false? It happens that these two equations have a common solution.

The Apple0 problem 1 Equations represent facts about John’s and Mary’s apples mod APPLES0 { [ Apples ] var M : Apples -- Mary's apples var J : Apples -- Johns apples ops 0 1 2 : -> Apples ops * quo : Apples Apples -> Apples eq [eq1]: M = J * 2 . eq [eq2]: M quo 2 = 2 * (J – 1) . } The above specification represents the mini-world of Mary and John’s apples. As it stands it does not compute a solution. we have symbol; * representing multiplication operation quo representing division operation (quotient) 0, 1, 2 representing numbers M,J variables representing number of Apples But these as yet do not have their normal computable interpretation. You could say that at the moment the symbols have an intended interpretation. Initially we focus representation not computation. See Apples1.mod and Apples2.mod on web page. In mathematics, a quotient is the result of a division. For example, when dividing 6 by 3, the quotient is 2, while 6 is called the dividend, and 3 the divisor. The quotient can also be expressed as the number of times the divisor divides into the dividend.

The Apple0 problem 1 We can rewrite the following equations in terms of J only: eq [eq1]: M = J * 2 . eq [eq2]: M quo 2 = 2 * (J – 1) . Giving: eq [eq1] : 2 * J quo 2 = 2 * (J - 1) . In mathematics, a quotient is the result of a division. For example, when dividing 6 by 3, the quotient is 2, while 6 is called the dividend, and 3 the divisor. The quotient can also be expressed as the number of times the divisor divides into the dividend.

The Apple problem 1 Equations represent some of the true facts about John’s apples A quotient is the result of a division. For example, dividing 6 by 3, the quotient is 2. In this case we do not have a numeric value for J. Order of equations matters. mod! APPLES1 { [ Apples ] var M : Apples -- Mary's apples var J : Apples -- Johns apples ops 0 1 2 : -> Apples op _quo_ : Apples Apples -> Apples {assoc } op _*_ : Apples Apples -> Apples {assoc } op _-_ : Apples Apples -> Apples {assoc } eq [eq1] : 2 * J quo 2 = 2 * (J - 1) . eq [eq2] : 2 * (J - 1) = 2 * J - 2 . eq [eq3] : 2 * J quo 2 = J . -- what this equation mean?} To test if an equation, say [eq1], is true: open APPLES1 reduce 2 * J quo 2 == 2 * J - 2 . – true -- to test if an equation, say [eq1] is true issue the following command at the CafeOBJ prompt: open APPLES1 red 2 * J quo 2 == 2 * (J - 1) . – true -- The double equals symbol ‘==‘ is CafeOBJ’s equality operator. -- Note we do not have a value for J, but according to the equations in our APPLES1 world this equation is true. -- Although we have a signature for some well known mathematical operations (e.g. +) at this point in time these are not fully defined. The first equation, called [eq1] above, represents the combining of the original (0.1) equations from GS chapter 1. Its purpose is to eliminate Mary’s apples (M) from the equation, so that it be can solved for John’s apples. So by design, it expressed in terms of John’s apples (it has no M) . The two equations [eq1] and [eq2] represent some of the true facts about John’s apples. [eq1] can be solved without explicitly using (1.9) from GS, which in CafeOBJ can be written: eq [eq3] : 2 * J quo 2 = J . -- what does this equation say? Some simplifying liberties were taken with the CafeOBJ syntax, the infix operations do not have argument place holders. The associativity attributes were omitted. Don’t worry too much about syntax for the moment. This equality only holds for one value of J, it is not generally true.

The Computing the Apple problem mod! APPLES2 { pr(INT) op solution : Int -> Int var M : Int -- Mary's apples var J : Int -- John’s apples eq solution(J) = if (2 * J quo 2 == 2 * (J - 1)) then J else solution(J + 1) fi . } Mary’s apples not used to compute J. The above program can be run by: placing the file Apples2.mod in a directory starting CafeOBJ in that directory load the file with the command ‘in apples2.mod’, open the APPLES” modules with the command ‘open APPLES2’ Type ‘red solution(0)’ which executes the program (you should get 2). For CafeOBJ to solve the first equation [e1] from the previous slide, the following is required: -- A starting value, which is an educated guess. -- A way to calculate and test the success criteria. -- A way to generate the next ‘guess’, an iteration method. To find out how many apples John had we use CafeOBJ’s ‘red’ (short for reduce) to execute an expression. One first guess will be 0: red solution(0) . It should give result 2. Exercises: How would we calculate Mary’s apples? What happens if our first guess is 1, 2, or 3?

Pre-condition, Post-condition A pre-condition of a program (or algorithm) statement is an assertion about the program variables in a state in which the statement must be executed, and a post-condition is an assertion about the state in which it may terminate. A reasonable precondition for the Apples2 program is that the first guess should be equal or greater than zero (no negative number of apples)

More Examples In English: we wish approximate In Math: Let b approximate (therefore b2 approx. n) Precondition: 0 <= n (root of negative undefined) Postcondition: b2 <= n < (b+1)2 The postcondition corresponds to computing the largest integer (b) that is at most . It is what we would expect to hold after the computation. These conditions do not tell us how to compute. With maths can model, reason, and compute The Postcondition: b2 <= n < (b+1)2 can be written as two conditions (b2 <= n) and (n <(b+1)2)

More Examples Here is an equation in CafeOBJ that will allow us to compute an approximation of the square root of a number. eq approx(B, N) = if ((B * B <= N) and (N < (B + 1) * (B + 1)) ) then B else approx(B + 1, N) fi . (see ROOTN1.MOD on web page) The Postcondition: b2 <= n < (b+1)2 can be written as two conditions (b2 <= n) and (n <(b+1)2 See page 2 of course text.

Systematic Syntactic manipulation From e=mc2 show e/c2=m Precondition 0<c2 e = m*c2 = <Divide both sides by c2> e/c2 = (m*c2)/c2 = <Associativity of / and *> e/c2 = m*(c2/c2) = <(c2/c2) = 1 > e/c2 = m*1 <m*1 = m > e/c2=m Transitivity: if a=b and b=c then we can conclude that a=c Equality is transitive, hence we can conclude e=mc2 is equivalent e/c2=m Einstein showed a mass–energy equivalence. Matter can be turned into energy, and energy into matter. Here we focus on syntactic manipulation disregarding the meanings of the symbols. E = energy M = mass C = constant speed of light Transitivity if a=b and b=c then we can conclude that a=c Associativity a * (b * c) = (a * b) * c

Mathematical expressions Syntax of mathematical expressions are constructed from constants, variables, and operators: A constant such as 123 is an expression A variable such as y is an expression1. An operator such as + used in expression 123 + y Brackets can be used to aggregate expressions e.g. 2 * (3 + 4) . 1. Not to be confused with a program variable, which is like a box with a value inside.

Mathematical expressions Syntax refers to the structure of expressions, or rules for putting symbols together to form expressions. Semantics refers to the meaning of expressions or how they are evaluated. We are interested in syntax, semantic, and how they are related.

Evaluation State is a list of variables with associated values. Evaluation of an expression E in a state is performed by replacing all variables in E by their values in the state and then computing the value of the resulting expression. For example: Expression x – y + 2 State (x,5),(y,6) Gives 5 – 6 + 2 Evaluates to 1

Programming & Logic The basic components of current languages are: Data types e.g. Integers, String, Polygon. Variables to refer to data types e.g. a = 2; Operations on data types e.g. area(polygon) Control structures e.g. sequence, iteration, and conditions. Logic is an important part of programming, but it is often implicit and external to the language. Some languages like Prolog or SQL are quite close to logic. In many cases a CafeOBJ program has a one-to-one relation with its mathematical or logical meaning.

CafeOBJ The CafeOBJ system and documentation can be downloaded from: http://www.ldl.jaist.ac.jp/cafeobj/ You should download the latest version. The site contains installation instructions for Linux, Mac OS X, and Windows There are excellent CafeOBJ notes by Kokichi Futatsugi at: http://www.jaist.ac.jp/~kokichi/class/i613-0712/ Kazuhiro OGATA has written an excellent set of notes on functional programming using CafeOBJ http://www.jaist.ac.jp/~ogata/lecture/i217/ Takahiro Seino has written an excellent introduction to CafeOBJ as a theorem prover. http://www.jaist.ac.jp/~t-seino/lectures/cafeobj-intro/en/index.html The CafeOBJ manual is useful but a bit too detailed for our needs

Installing CafeOBJ For this course you should install CafeOBJ on your U: drive in college and on your own machine. For Windows 7 download from https://bitbucket.org/tswd/cafeobj/downloads cafeobj-1.4.12p1-win32.zip Unzip the file into a folder of your choice, say U:\ComFun1. A folder called W:\CompFun1\cafeobj-1.4 will be made. Click on CafeOBJ.exe in that new folder. Or at command prompt cd U:\CompFun1\cafeobj-1.4 and type CafeOBJ

Staring CafeOBJ After installing CafeOBJ there are typically four things that you need to do to work on a file: 1. In a command prompt, start CafeOBJ, type CafeOBJ 2. Set CafeOBJ to point to files in your current working directory (or folder), type: cd yourDir 3. Load the file you wish to work on: in workingFile 4)Open the module you wish to working with: open ModuleName

Computing Fundamentals 1 Lecture 1 Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308 Based on Chapter 1. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Equational logic State is a list of variables with associated values. Evaluation of an expression E in a state is performed by replacing all variables in E by their values in the state and then computing the value of the resulting expression. For example: Expression x – y + 2 State (x,5),(y,6) Gives 5 – 6 + 2 Evaluates to 1 An expression may consists of constants, variable, operations and brackets.

Equational logic Theories in mathematical logic are defined by their axioms and inference rules (e.g. equational logic). An axiom is a distinguished expression that cannot be proved or disproved. An inference rule is a valid argument which permits the substitution of expressions in the steps of a formal proof. A theorem is either an axiom or an expression, that using the inference rules, is proved equal to an axiom or a previously proved theorem. An axiom is a ‘A self-evident proposition, requiring no formal demonstration to prove its truth, but received and assented to as soon as mentioned’ (Hutton). Axioms are used to construct proofs. An axiom in one system may be a theorem in another.

Textual Substitution Let E and R be expressions and let x be a variable then E[x := R] Denotes an expression that is the same as E but with all occurrences of variable x replaced by R. Textual substitution only replaces variables not expressions, but the variables can be replaced by expressions. The symbol ‘:=‘ indicates substitution (LHS replaced by RHS). Textual substitution has a higher precedence than any other operator. “is true in every state” == “is a theorem”

Inference Rule E premise/hypothesis if true The inference rule provides a mechanism for deriving "truths" or theorems. A theorem is an expression that is true in all states. The inference rule is written as follows: (Expression or list of Expressions) E premise/hypothesis if true R conclusion then also true

Inference Rule Substitution Textual substitution can be considered as inference rule, which provides a syntactic mechanism for deriving ‘truths’, or theorems. Theorems correspond to expressions that are true in all states. An inference rule consists of a list of expressions, called its premises or hypotheses, above a line and an expression, called its conclusion, below the line. It asserts that if the premises are theorems, then the conclusion is a theorem. The inference rule called substitution uses an expression E , a list of variables v , and a corresponding list of expressions F (next slide).

Inference Rule Substitution Inference Rule Substitution (IRS) uses an expression E, a list of variables v and a corresponding list of expressions F: (1.1) Substitution: This rule asserts that if expression E holds in all states then so does E with all occurrences of the variable v replaced with corresponding expression F. The symbol ‘:=‘ indicates substitution (LHS replaced by RHS)..

Inference Rule Substitution(1.1) E premise/hypothesis if true E[v := F] conclusion then also true expression E , a list of variables v, and a corresponding list of expressions F This rule asserts that if expression E is a theorem, then so is E with all occurrences of the variables of v replaced by the corresponding expressions of F. 3

Inference Rule Substitution(1) If we know x + y = y + x in all states, then IRS allows us to conclude that b + 3 = 3 + b. After substitution

Inference Rule Substitution(1) E is 2•x/2 = x Use inference rule substitution to form the inference rule 2•x/2 = x (2•x/2 = x)[x := j+5] after substitution 2•(j+5)/2 = j+5 At the syntactic symbol level the RHS and LHS of 2•x/2 = x are not equal. However, their values may be equal. May be obvious to you or I, but machines needs such rules.

Equality At the syntactic (or symbol level) the RHS and LHS of 2•x/2=x are not equal. However, their values are equal. One way equality can be characterised in terms of expression evaluation: Evaluation of the expression X = Y in a state yields the value true if expressions X and Y have the same value and yields false if they have different values. Definition: iff is used as an abbreviation for “If and only if”; b iff c holds provided (i) b holds if c holds and (ii) c holds if b holds.

Equality Another way of looking at equality is to use laws that allow us to show expressions are equal without evaluating them. A collection of such laws can be regarded as a definition of equality, provided that two expressions have the same value in all states if and only if (iff) one expression can be translated into the other according to these laws.

Four laws for Equality Reflexivity: x = x Symmetry: (x=y) = (y=x) Transitivity: Leibniz: The four laws characterize equality. The first two are expressions that hold in every state. The fourth law (Leibniz) says: Two expressions are equal in all states iff replacing one by the other in any expression E does not change the value of E (in any state). Leibniz says: Two expressions are equal in all states iff replacing one by the other in any expression E does not change the value of E (in any state).

Leibniz Two expressions are equal in all states iff replacing one by the other in any expression E does not change the value of E (in any state).

Leibniz The variable z is used in the conclusion because textual substitution is defined for the replacement of a variable but not for the replacement of an expression. In one copy of E, z is replace by X, and in the other copy it is replace by Y. Effectively, this use of the variable z allows replacement of an instance of X in E[z:= X] by Y, while still preserving the same value of E

Leibniz (See lab 2) Assume b+3 = c+5 holds in all states. We can conclude that adding d to both sides d+b+3=d+c+5 holds by: X: b+3 Y: c+5 E: d+z z : z After substitution

Semantics of variables, equality & Identity Variables in Python & CafeOBJ Identical (Python is) Equal >>> x = 99999 >>> y = 99999 >>> x == y True >>> x is y False >>> x = y X:Nat x = y x  y 99999 99999 99999 0, 1, 2 , 3 , ….  Variables in some programming language Some points: CafeOBJ variables do not match the above (left) conventional view of variables. In CafeOBJ a variable is constrained to range over a particular sort or kind (a domain). A variable is not considered equal to a particular element in the domain. In contrast to programming languages real world objects are unique, so we may need different concepts of equality and identity for real world objects than computational objects.

Functions Function application can be defined in terms of textual substitution. Let g.z: E (expression e.g. z + 1) define a function g, then function application g.X is defined by: g.X = E[z := X] Python >>> def g(z): return z + 1 >>> g (3) 4

Fibonacci Function in Python and CafeOBJ Function Name Formal parameter CafeOBJ mod* FIB { pr(NAT) op fib : Nat -> Nat var N : Nat eq fib(0) = 0 . eq fib(1) = 1 . ceq fib(N) = fib(p(N)) + fib(p(p(N))) if N > 1 .} Start CafeOBJ @ cmd. prompt in fib.cafe open FIB . red fib(14) . def fib(n): if n == 0: return 0 elif n == 1: return 1 else: return fib(n-1) + fib(n-2) fib(14) Actual argument

Python function definition def g(z) : return (z + 1) Function application g(6) Functions Function application can be defined in terms of textual substitution. Let g.z: Expression Define a function g, then function application g.X is defined in general by: g.X = E[z := X] In this case: g.6 = E[z := 6] (6 is substituted for z)

Functions This close correspondence between function application and textual substitution suggests that Liebniz links equality and function application:

In computing and mathematics there is a lot of notation!

Reasoning with Leibniz’s rule Leibniz allows the substitution of equals for equals in an expression without changing the value of that expression. We can demonstrate that two expressions are equal as follows: E[z:=X] = <X=Y> E[z:=Y] Explanation of proof step Expressions Variables

2 Notations for Leibniz’s rule Leibniz says: Two expressions are equal in all states iff replacing one by the other in any expression E does not change the value of E (in any state). Premise E[z:=X] <X=Y> = <X=Y> E[z:=X]=E[z:=Y] E[z:=Y] Conclusion The first and third lines on the left are the equal expressions of the conclusion in Leibniz. In notation on left the middle line is the premise. These are just two notations or formats for writing proof steps. Notation 1 E[z:=X] = <X=Y> E[z:=Y] Or alternatively using Notation 2: <X=Y> -------------------- E[z:=X]=E[z:=Y]

Reasoning with Leibniz’s rule Recall John and Mary’s apples: [eq1] m = 2 * j and [eq2] m/2 = 2 * (j – 1) Using Leibniz: [eq2] m/2 = 2 * (j – 1) = <using [eq1] m = 2 * j equation in terms of j> [eq3] (2*j)/2 = 2 * (j – 1) From arithmetic, the following holds in every state: 2*x/2 = x Continuing from above: 2*j/2 = 2 * (j – 1) = < 2*j/2 = j , can put j on LHS> j = 2*(j – 1)

Reasoning with Leibniz’s rule Solve the following for j: j = 2*(j – 1) giving: j = 2j – 2 j = 2 We can reduce equations to value (or answer), or at least to their simplest possible form (SPF). An example of SPF J = Y * (J – 1) J = Y * J – Y * 1 J = Y * J - Y Without additional information we can go no further. CafeOBJ reduces expressions to a simplified form called ‘normal form’ In a sense CafeOBJ implements mathematics in the computer

The assignment statement In a procedural programming language the execution assignment statement looks like: (1.10) x := E (x becomes E) Where x is a variable and E is an expression. This does not say that x is mathematically equal to E. Also, it is not a test for equality. The assignment statement in some programming languages is the same symbol as used for textual substitution (i.e. :=) While in some languages on this course using CafeOBJ a single equals sign means is defined as equal, double equals == tests for equality. Neither = ore == are assignments. If we consider a typical assignment n = n+1 as a mathematical statement asserting that n and n+1 are the same value. As a mathematical statement it is untrue, As a definition of n, it says that to calculate the value of n, you have to work out n+1. If you used n = n + 1 a CafeOBJ program it will go into an infinite loop (where n is a constant). In CafeOBJ it will not to modify the value of n.

The assignment statement A Hoare Triple is of the form {P}S{Q} where P is a precondition, Q is a post-condition and S is a statement. Example of a procedural language + pre/post condition {x=0} x := x+1 {x > 0} is VALID iff execution of x:=x+1 in any state where x=0 results in a state where x>0. This provides a logical scaffolding or logical framework for procedural programs (e.g. written in C). The framework is added to the program, the program does not include the logical framework. While in some languages on this course using CafeOBJ a single equals sign means is defined as equal, double equals == tests for equality. Neither = ore == are assignments. If we consider a typical assignment n = n+1 as a mathematical statement asserting that n and n+1 are the same value. As a mathematical statement it is untrue, As a definition of n, it says that to calculate the value of n, you have to work out n+1. If you used n = n + 1 a CafeOBJ program it will go into an infinite loop (where n is a constant). In CafeOBJ it will not to modify the value of n.

The assignment statement in a procedural programming language. (1.12) Definition of Program Assignment {R[x:= E]} x:= E {R}. This allows us to compute the pre-condition from the post-condition and assignment. Suppose we want to use the assignment x:=x+1 and we want a post condition of x>4. Then R is x>4 so the pre-condition is (x>4)[x:=x+1] which after substitution gives x+1>4 or x>3. This is substitution This is assignment This is substitution

The assignment statement in a procedural programming language. Working through the last example in detail: {R[x:=E]} x:=E {R} {?} x:=x+1 {x>4} R is x>4, Assignment/substitution is x:=x+1 pre-condition is {R[x:=E]} x>4[x:= x+1] substitution gives x+1 > 4 or x > 3.

Substitution examples Perform the following textual substitutions. a + b  a[a := d + 3] Solution: a+b(d+3) Using brackets we get (a + b  a)[a := d + 3] Solution: (d+3)+b(d+3) Note this a purely mathematical form of substitution. Although it is similar to assignment in a procedural language for this course they are distinct.

Substitution examples Substituting two variables. x + 2  y[x,y := y,x] (x + 2  y)[x := y][y := x] Textual substitution is left associative. E[x := R][y := Q] is (E[x := R])[y := Q]

The assignment statement in a procedural programming language Finding preconditions: {precondition} y:=y+4 { x + y > 10} x+(y+4)>10 simplifies to x+y>6 {precondition} a:=a+b { a = b } (a+b)=b simplifies to a=0. {precondition} x:=x+1 { x = y - 1 } {x + 1 = y – 1} or { x = y-2}

Precondition Examples(*) {precondition} x:=x+7 { x + y > 20} Solution: {(x+7)+y>20} simplifies to {x+y>13} {precondition} y:=x+y { x = y } Solution: x = (x+y) simplifies to y=0. {precondition} a:=a+1 { a = y - 1 } Solution: {a + 1 = y – 1} or { a = y - 2}

Leibniz substitution in CafeOBJ eq [axiom] : (b + 3) = (c + 5) . In Leibniz terms: X = Y Leibniz: X = Y implies E[z := X] = E[z := Y] E = d + z, E[z := (b + 3)] = E[z := (c + 5)], The following reduction should give true. red d + (b + 3) == d + (c + 5) . A Logical Approach to Discrete Math by David Gries, David, Fred Schneider, page 12 substitution

Substitutions in CafeOBJ module SIMPLE-NAT { [Zero NzNat < Nat ] op 0 : -> Zero op s : Nat -> NzNat op _+_ : Nat Nat -> Nat vars N N' : Nat eq [eq1] : 0 + N = N . eq [eq2] : s(N) + N’ = s(N + N’) . } Substitutions can be used for proofs. Evaluate expressions from CafeOBJ manual, see notes below. SIMPLE-NAT is from page 23 of the CafeOBJ manual. Using SIMPLE-NAT module run through section 6.2.5 in page 67-68 of the CafeOBJ manual, which is at: http://www.ldl.jaist.ac.jp/cafeobj/doc/c06node9.html Note each individual substitution. Note the difference between using different type of execution trace. set trace whole on set trace on You can check the trace setting with ‘show switch’ command. Do the following operations note the different traces. open SIMPLE-NAT red 0 + s(0) . red s(0) + 0 . It is best to consider SIMPLE-NAT as a mini-world with very few assumptions. In particular the familiar symbols ‘+’ and ‘0’ are only intended to capture some of the meaning of every day arithmetic e.g. there are no other number symbols ‘1’, ‘2’,’3’,..... A numbers here are represented as follows 1 = s(0) 2 = s(s(0)) 3 = s(s(s(0))) -- just count the number each ‘s’. The operation s() is intended to represent the successor function giving the next number. In normal arithmetic we would expect s(3) to give 4.

SIMPLE-NAT1 Here is a graphical representation of SIMPLE-NAT. Note the sets and the operations. module SIMPLE-NAT { [Zero NzNat < Nat ] op 0 : -> Zero op s : Nat -> NzNat op _+_ : Nat Nat -> Nat vars N N' : Nat eq [eq1] : 0 + N = N . eq [eq2] : s(N) + N’ = s(N + N’) . } 1. From Lecture notes by FUTATSUGI,Kokichi http://www.jaist.ac.jp/~kokichi/class/i636-0612/ Here we use the ‘:is’ operation which returns true if a term is of a given type. Check out the subset relations with following commands: open SIMPLE-NAT red s(0) :is Zero . – this check the type of s(0) red 0 :is Zero . red 0 :is Nat . red s(0) :is NzNAT . – is it a non-zero natural number? red s(0) :is NzNAT . – is it a natural number?

Computing Fundamentals 1 Lecture 2 Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308 Based on Chapter 2. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Boolean Expressions Boolean constants: true and false. Boolean variables can only have values true or false. Boolean operators: ,, ,  , , ˅, ˄. Expressions are of type Boolean (or sort Bool in CafeOBJ, or type bool in Python). (,, ,  , , ˅, ˄)

Truth table for  and identity (id) There are as many unary truth-functions as there are different ways to fill in a two row column in a truth-table. For unary connectives, there are 2^(2^1)=4, for binary connectives, 2^(2^2)=16, for ternary connectives, 2^(2^3), and so on) Unary Ops Argument id not  true false Id.true = true

Unary Op. Truth Table The previous TT provides a complete enumeration of the Boolean operations with one argument (unary operators). The first and last operation results do not depend on the argument, they have no names. The identity (id) operation returns the argument, and negation or not operation () returns the constant that is not the argument. The truth table for Boolean operations with two arguments is shown in the next slide.

Truth table for two argument ops Operations Arg1 Arg2 ˅ O R   I M P L E S  = Q U A ˄A N D t f O = operations (,, ,  , , ˅, ˄) A = Arguments Blue is the result

A look at implication While the TTs for ˅ and ˄ are symmetric and fairly intuitive the TT for implication requires some discussion. All States True States T premise implies a T conclusion, therefore T -> T is T; T premise cannot imply a F conclusion, therefore T -> F is F and 4. You can conclude anything from a false assumption, so F -> anything is T. The value of marked conclusions (some states of Q) doesn’t affect the value of entire proposition "4 is odd => 4 is even"  !!! Not a cause and effect relation. a True premise implies a True conclusion, therefore T -> T is T; a True premise cannot imply a False conclusion, therefore T -> F is F; and you can conclude anything from a false assumption, so F -> anything is T.

Implication with constants T/F and variables P/Q

A look at implication Logicians claim that the TT for implication is consistent. P is stronger than Q, the implication is true only once when P is true, twice when Q is true Q is weaker than P All States True States A vacuous truth is a truth that is devoid of content because it asserts something about all members of a class that is empty. An example of vacuous truth in relation to implication says "If A then B" when in fact A is false. For example, the statement "all cell phones in the room are turned off" may be true simply because there are no cell phones in the room. In this case, the statement "all cell phones in the room are turned on" would also be considered true, and vacuously so.

Strong and Weak assertions Definition: If P and Q are two assertions, then P is stronger than Q if P  Q. If P is stronger than Q, then Q is weaker than P. Example: i<0 (P) is stronger than i<1(Q) because i<0  i<1. Fewer states satisfy i<0 than satisfy i<1. Stronger means more selective or specific. Weaker means more frequent or general. A stronger proposition excludes more possibilities.

Binary Op Truth Table(1) The TT on slide 5 provide a complete enumeration of the Boolean operations with two arguments (binary operators). Eight of the infix ops have names. b = c “b equals c” b  c “b differs c” (AKA exclusive or, XOR) b  c “b equivales c” or b and c are equivalent. The Boolean expression b  c is evaluate exactly as b=c, except that  can be used only when b and c are Boolean expressions (= can be used for arithmetic equality e.g. 2 = 1 + 1). b  c “the inequivalence of b and c”, again strictly for Boolean operands.

Binary Op Truth Table(2) b ˄ c conjunction or AND, &, or && b ˅ c disjunction or OR, || bc implication. “b implies c”, “if b then c”. b is called the antecedent c is called the consequent bc consequence. “b follows from c” b is called the consequent c is called the antecedent (,, ,  , , ˅, ˄)

Binary Op Truth Table(2) Alternative symbols for equivalence: “x if and only if y” iff  <->  The last symbol is used in the course text. The should not be confused with the CafeOBJ equality operation ==. CafeOBJ’s BOOL module uses iff for equivalence. CafeOBJ’s PROPC module uses <-> for equivalence. Check the definition in CafeOBJ (note spaces): open BOOL show op (_ iff _) (,, ,  , , ˅, ˄)

Evaluating Truth Tables In addition to defining Boolean operators TT can be used to compute the value of a Boolean expression in every state. They offer a decision procedure. The TT on the following slide gives the value of : p ˅ (q ˄ r) The precedence of operators are described at: http://www.cs.cornell.edu/Info/People/gries/Logic/Prec.html A precedence specifies the order of evaluation of various operations (lower the number the higher the precedence) Note the precedence rules may differ in CafeOBJ. This can be check with the show op or show module command. http://www.cs.cornell.edu/Info/People/gries/Logic/Introduction.html (,, ,  , , ˅, ˄)

Evaluating Truth Tables p q r r q ˄ r p ˅ (q ˄ r) t f (,, ,  , , ˅, ˄)

Truth Table Generators b  ( b ˅ c) b  (b ˅ c) http://turner.faculty.swau.edu/mathematics/materialslibrary/truth/ http://turner.faculty.swau.edu/mathematics/materialslibrary/truth/ (,, ,  , , ˅, ˄) On line truth table generators (TTG) vary in syntax. Note the brackets and symbols differ from pure math. http://www-cs-students.stanford.edu/~silver/truth/

Truth Table Example Is b  (b ˅ c) a tautology? One solution is to draw TT of b  (b ˅ c) b c b (b ˅ c) b  (b ˅ c) t t f t t t f f t t f t t t t f f t f f

Table Example Is b  ( b ˅ c) satisfiable? Satisfiable means at lease one solution b c b ( b ˅ c) (b  ( b ˅ c)) t t f t f t f f t f f t t t t f f t f f b  (b ˅ c)

Equality versus Equivalence The Boolean expression a  b is evaluated exactly the same as a = b, except that  can only be used when b and c are Boolean expressions. They each have different precedence indicating which operation is done 1st , 2nd , 3rd , etc.: = (arithmetic) higher precedence (done before  )  (Boolean) lower precedence (done last) Conjunctional and Associative: Conjunctional: b = c < d abbreviation for (b = c) ˄ (c < d) Associative: a  b  c, (a  b)  c, or a  (b  c) b  (b ˅ c)

Satisfiability and validity A Boolean expression P is satisfied in a state if its value is true in that state; P is satisfiable if there is a state in which it satisfied; and P is valid if it satisfied in every state. A valid Boolean expression is called a tautology. If P cannot be satisfied (e.g. A ˄ A) then P is always false for all values of A. If P is unsatisfiable it is called a contradiction. A Boolean expression that is neither a tautology nor a contradiction is called a contingency or satisfiable . (,, ,  , , ˅, ˄)

Tautologies, satisfiable, contradiction

Satisfiable and Valid1 Recall, State is a list of variables with associated values. pq is satisfiable because it is satisfied if (p, true) is in state S1. It is not valid in the state S2: (p,false), (q,false). pp  p is valid in every state. A formula is valid if and only if it is true under every interpretation. 1. http://en.wikipedia.org/wiki/Satisfiability_and_validity

Duality The dual PD of a Boolean expression P is constructed from P by interchanging the occurrences of: true with false  with   with   with  ˄ with ˅ Duality principle: the Boolean identity remains valid when both sides of a Boolean expression are replaced by their duals. The dual is not the negation of an expression, in the negation each p is replaced by p. Note the dual is not the negation of an expression: (,, ,  , , ˅, ˄)

Examples of Duals. P PD p  q p  q p ˅ q p ˄ q p  p false  true ˅ p true  false ˄ p p ˄ q  r p ˅ q  r (,, ,  , , ˅, ˄)

Meta-theorem Duality (a) P is valid iff PD is valid (b) (P  Q) is valid iff PD  QD is valid A theorem is a Boolean expression that is proved equal to an axiom. A meta-theorem is a general statement about a logic that can be proved true. The operator iff is the textual representation of  . It can be executed in CafeOBJ: Try the following: open BOOL red true iff true . red true iff false . red false iff false . Is this a bit like ‘exclusive or’ XOR red false xor false .

Using duality to generate valid expression P (valid) PD (also valid) true false p ˅, true (p ˄ false) p ˅, p (p ˄ p) Using duality to generate valid expressions (,, ,  , , ˅, ˄)

Using duality to generate valid expression (,, ,  , ,, ) (,, ,  , , ˅, ˄)

Modelling English propositions A proposition can be interpreted as being either true or false. For example: “Henry VIII had one son and Cleopatra had two” We wish to translate English propositions to Boolean expressions because: English is ambiguous, computers require logical clarity. We can automate, analyse, reason about, simplify, and prove properties of Boolean expressions. Rules of logic provide effective computer based way to simulate human reasoning (in English).

Modelling English propositions Issues involving inclusive vs. exclusive or are encountered when translating natural language to symbolic logic. We need to decide which "or" the natural language means. Example: I worked hard or I played the piano. If I worked hard, then I will get a bonus. I did not get a bonus.

Converting English Lets use: R: its raining, S: I’m going swimming. Whether or not it is raining, I am going swimming: (R ˅ R)  S If it is raining then I will not go swimming: R  ¬S I will go swimming only if it is not raining: S  ¬R (see later) (,, ,  , , ˄, ˅) RC: its raining cats, RD: its raining dogs, EH: I’ll eat my hat.

Converting English If we write p -> q for the sentence “We will help you(p) only if you help us(q) ” This is false only if “We help you”(p) is true, but “you help us”(q) is false.

Logic and reality Two ways to say the same thing? To stay dry it is sufficient to have an umbrella. If you have an umbrella, then you will stay dry: hu  sd We will assume common sense meanings and avoid complex interpretation issues. http://www.psy.gla.ac.uk/~simon/index.html http://www.nbu.bg/cogs/events/2007/coventry_course.html http://sites.google.com/site/kennycoventry2/ Coventry and Garrod1

Modelling English propositions Let Boolean (or propositional) variable p denote the proposition: p : Henry VIII had one son and Cleopatra had two. The proposition p contains two sub-propositions: x: Henry VIII had one son. y: Cleopatra had two (sons). x ˄ y (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Modelling English propositions Negated Disjunction: English sentences containing neither and nor are treated as negated disjunction (i.e. a negative version of English or). Example: [S1] John neither washed the car nor went to the cinema. Let W = washed car, C = went to cinema. S1 can be written as ¬(W ˅ C) . (,, ,  , , ˄, ˅)

Translating into a Boolean Expression 1. Introduce a Boolean variable to denote sub-propositions. 2. Replace these sub-propositions by their corresponding Boolean variables. 3. Translate the result of step 2 into a Boolean expression, using obvious translations of English words into operators. See table on next slide.

Translation of English Words and, but ˄ or ˅ not  it is not the case that if p then q p  q (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Translation Boolean variable English Sentence x: Henry VIII has one son y: Cleopatra had two sons z: I’ll eat my hat w: 1 is prime

Translation Proposition translation x ˅ z x ˄ w w ˄ y  z Henry VIII has one son or I’ll eat my hat x ˅ z Henry VIII has one son and 1 is not prime x ˄ w If 1 is prime and Cleopatra had two sons, then I’ll eat my hat w ˄ y  z (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Translating Or We must distinguish between: “inclusive or” (or, ˅) “exclusive or” (xor, b  c, b  c ) sometimes written ‘||’ or ⊕ Would you like coffee or tea? Would you like sugar or milk? Is it raining or not raining? Yes! Island of Liars and Truth tellers? (,, ,  , ,, )

Translating This example is from Logic Made Easy by Deborah J. Bennett I never wear my dress without wearing my hat If something then something D -> H Can you express the above statement using just one logical connective? This example is from Logic Made Easy by Deborah J. Bennett

Implication “If a then b” becomes ab “if you don’t eat your spinach I will scold you.” becomes: es  sy In English the following have same meaning: “if you don’t eat your spinach then I will scold you.” “eat your spinach or I will scold you.” We even drop the ‘then’ (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Implication This gives an equivalence: es  sy es ˅ sy Hidden implication: “Every name in the Dublin West Side telephone directory is in the Dublin directory” “If a name is in the Dublin West Side telephone directory, then it is in the Dublin directory”. A->b = ¬A or B (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Contrapositive Contrapositive: e  s s  e In general From a given implication we get three derived implications (inverse, converse, inverse). Contrapositive is logically equivalent to original implication. p->q  q -> p * statement: if p then q * converse: if q then p * inverse: if not p then not q * contrapositive: if not q then not p For every implication there are three other derived implications. P -> Q (original implication) -Q -> -P (contrapositive of original) Q -> P (converse of original) -P -> -Q (inverse of original) They all obey the truth table for implication.nHowever, the derived implications contain negations and/or are in a different order than the original implication. So in the sample to get the convers we switch P->Q to Q->P giving if (0>11) then (11>0) which has truth values F -> T Which according to the TT for implication is true.

Implies in terms of OR implies: e  s OR e ˅ s Use the on line truth tables to evaluate the expression in this lecture. A->b = ¬A or B (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Implication In English the antecedent and the consequence can be switched, and the then dropped: If you pay me then I will go. I will go if you give me money. There is a subtle difference between ‘If’ meaning ‘in case’ or ‘in the event of’ ‘If’ meaning ‘when’ A->b = ¬A or B

Implication There is a subtle difference between ‘If’ meaning ‘in case’ or ‘in the event of’ ‘If’ meaning ‘when’ “When the sun is shining, I feel happy” Also, in logic a consequential relation is not necessary. If I drink too much, then I get sick. If pigs can fly, then 2+2=5. Logic usually needs a sensible interpretation to be useful. A->b = ¬A or B

Implication And Equivalence The English “if” should be sometimes regarded as an equivalence. “If two sides of a triangle are equal, the triangle is isosceles.” Which as a definition could be stated: t : two sides of the triangle are equal is: the triangle is isosceles. t  is

Necessity A necessary condition for the occurrence of a specified event is a circumstance in whose absence the event cannot occur. Oxygen is necessary for combustion or oxygen is necessary for human life. A necessary implication can be used to represent sub-set-of relation (AKA subsumption or “is kind of”). Student => Person Does “B is a kind of A” mean “All Bs are As”? On Computing Fundamentals 1 it is necessary to pass the exam to pass the module. What is sufficient to pass the module? “A necessary condition for the occurrence of a specified event is a circumstance in whose absence the event cannot occur.” Oxygen is necessary for combustion. Oxygen is necessary for human life “A sufficient condition for the occurrence of an event is a circumstance in whose presence the event must occur.” A sufficient condition for the end of life is the cessation of blood circulation.

All members of B are members of A Having four sides is a necessary condition for something's being a square, that single condition is not, by itself, sufficient something's being a square; e.g. trapezoids All members of a subclass can be inferred to be members of its superclass. Given an object of type A it cannot be inferred that it is a B.

Sufficient A sufficient condition for the occurrence of an event is a circumstance in whose presence the event must occur. If a conditional statement (a->b) is true then its antecedent is said to provide a sufficient condition for its consequent. http://instruct.westvalley.edu/lafave/necandsuff.htm http://philosophy.wisc.edu/hausman/341/Skill/nec-suf.htm Definition: A necessary condition for some state of affairs S is a condition that must be satisfied in order for S to obtain. Definition: A sufficient condition for some state of affairs S is a condition that, if satisfied, guarantees that S obtains.

Necessity & Sufficiency(1) Two ways to say the same thing? To stay dry it is sufficient to wear a raincoat. If you wear a rain coat, then you will stay dry. wr  sd When the conditional "p => q" is true the truth of the consequent, "q", is necessary for the truth of the antecedent, "p", and the truth of the antecedent is in turn sufficient for the truth of the consequent. This relation between necessary and sufficient conditions matches the formal equivalence between a conditional formula and its contrapositive.

Necessity & Sufficiency(2) Two ways to say the same thing? To stay dry it is necessary to wear a raincoat. You will stay dry only if you wear a raincoat. sd  wr This statement is actually false, you might use an umbrella.

Necessity & Sufficiency(3) “x is sufficient for y” means x  y “x is necessary for y” means y  x “x is necessary and sufficient for y” means (x  y) ˄ (y  x) Note: care is needed when ‘only’ is used. A->b = ¬A or B (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Necessity & Sufficiency(3) "If X then Y", or "X is enough for Y", can also be understood as saying that X is a sufficient condition for Y. Bob eats dessert if it is apple pie. (If it‟s apple pie, then Bob will eat it, A => B) Bob eats dessert only if it is apple pie. (If Bob eats dessert, then it must be apple pie; B=>A)

Bob’s Eyesight Logical equivalence () is associative. Bob can use no eyes Bob can use one eye Bob can use two eyes Generalizes to “Bob can use j eyes” Bob0  Bob1  Bob2 Is this always true? Draw truth table. What if we say “exactly n eyes” -- See A Logical approach to Discrete Math By David Gries and Fred B. Schneider -- page 36 set include FOPL-CLAUSE on mod* BLINDBOB { -- predicates for the number of eyes Bob can see with pred bob0 : pred bob1 : pred bob2 : -- We must include this axiom because it is not universally true. -- It is true in the case where Bob can have from 0 to 2 eyes. -- i.e. when exactly one of bob0,bob1,bob2 is true. -- Can this be proved using equational logic? ax (bob0 <-> (bob1 <-> bob2)) . -- we must manually do right associativity } open BLINDBOB -- The goal is to prove that bob0 == bob1 == bob2 . goal ((bob0 <-> (bob1 <-> bob2)) <-> true) . option reset . flag(auto, on) . flag(very-verbose,on) . param(max-proofs, 1) . resolve . close eof -- This uses ‘proof by contradiction’ the we have not yet covered. ** PROOF ________________________________ 1:[] ~(bob0) | ~(bob1) | bob2 2:[] ~(bob0) | ~(bob2) | bob1 3:[] bob0 | bob1 | bob2 4:[] ~(bob1) | ~(bob2) | bob0 5:[] ~(bob1) | bob0 | bob2 6:[] ~(bob2) | bob0 | bob1 7:[] ~(bob0) | bob1 | bob2 8:[] ~(bob0) | ~(bob1) | ~(bob2) 17:[hyper:3,6] bob0 | bob1 18:[hyper:17,5] bob0 | bob2 19:[hyper:18,4,17] bob0 20:[hyper:19,7] bob1 | bob2 21:[hyper:20,2,19] bob1 22:[hyper:21,1,19] bob2 23:[hyper:22,8,19,21] ** ______________________________________

Examples None or both of p and q is true. ¬p ≡ ¬q ˅ p ≡ q (~ P ˄ ~ Q) ˅ (P ˄ Q) ≡ T A->b = ¬A or B

Examples Exactly one of P and Q is true (~ P ˄ Q) ˅ (P ˄ ~ Q) ≡ T None or both of P and Q is true (~ P ˄ ~ Q) ˅ (P ˄ Q) ≡ T A->b = ¬A or B (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Examples Whether or not it is raining, I am going swimming.

A logical equivalence

Examples(*)

The English use of Unless1 ‘Unless’ generally means ‘or’. ‘I will go out unless it rains’ translates to ‘I will go out ˅ it will rain’. (Note the extra ‘will’.) You could also use ‘￢(it will rain)  I will go out’. But you may think that ‘I will go out unless it rains’ implies that if it does rain then I won’t go out. This is a stronger reading of ‘unless’. If you take that view, you’d translate it as ‘I will go out ⇔ ￢(it will rain)’. This is a bit like ‘exclusive or’. Deciding whether to take the strong or weak reading is done by individual context, and can be impossible: English is not always precise. You must decide what the correct logical translation is. Example from Hodkinson, Computing 140 Course Notes. www.doc.ic.ac.uk/~imh/teaching/140_logic/140.pdf (,, ,  , ,, ) (,, ,  , , ˄, ˅)

The English use of Unless English is sometimes difficult to translate: “I will go out unless it rains” could be ¬(rains)  I will go out or ¬(rains) ⇔ I will go out (rains) ˅ I will go out (,, ,  , ,, ) (,, ,  , , ˄, ˅)

The English use of But1 ‘But’ can mean ‘and’. ‘I will go out, but it is raining’ translates to ‘I will go out ˄ it is raining’. Example from Hodkinson, Computing 140 Course Notes. www.doc.ic.ac.uk/~imh/teaching/140_logic/140.pdf (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Translating If the bill was sent, then you will be paid and the bill was sent. B = Bill was sent P = You will be paid (B->P) ˄ B (,, ,  , ,, ) (,, ,  , , ˄, ˅)

Translating If Mary is the author of the book, then the book is fiction, but the book is non-fiction implies that Mary did not write the book. M = Mary is Author F = Book is Fiction

Translating

Translating from English Example

Translating from English Example Premise Indicators For Since Because Assuming that

Translating from English Example Conclusion Indicators Therefore Thus Hence So

Expressions in CafeOBJ These convert to in the PROPC module of CafeOBJ. red not(b) -> (b or c) red not(b) <-> (b or c) In CafeOBJ PROPC module is very like BOOL, but it offers a decision procedure for the prepositional calculus (see next lecture). What is a decision procedure? According to Encyclopaedia Britannica a decision procedure is "A mechanistic procedure for determining whether an arbitrary well-formed formula is a theorem of a given formal system or theory by following a rule within a finite number of steps or a procedure to determine its semantic validity". Given a decision procedure for a given logic can check the equivalence of two expressions. Truth tables can be used as decision procedure Prepositional Calculus What is the result of this expression Open PROPC red (a -> b) <-> (not a or b ) red (a or b) -> (b or a)

Prove the following

Prove the following

Prove the following

Prove the following

Expressions in TT and CafeOBJ What results does CafeOBJ give for the following? open PROPC set trace whole on . red not(b) <-> (b or c) . red not(b) <-> b or c . red not(b) -> (b or c) . red not(b) or c <-> b -> c . To see the operations available in PROPC type in: open PROPC . show module . The truth table above was generate using a truth table generator (TTG) at: http://www.macs.hw.ac.uk/~nutt/Proplog/truthTable.html Other TTGs are at: The truth table generator (TTG) at: http://www-cs-students.stanford.edu/~silver/truth/ Note the brackets and symbols differ from pure math. http://turner.faculty.swau.edu/mathematics/materialslibrary/truth/

Monoticity What results does CafeOBJ give for the following? open PROPC vars P Q R : Prop red (P -> Q) -> ((P or R) -> (Q or R)) . red (P -> Q) -> ((P and R) -> (Q and R)) . red (P -> Q) -> ((R -> P) -> (R -> Q)) .

Superman Example If Superman were able and willing to prevent evil, he would do so. If Superman were unable to prevent evil, he would be ineffective; if he were unwilling to prevent evil, he would be malevolent. Superman does not prevent evil. If Superman exists, he is neither ineffective nor malevolent. Therefore Superman does not exist.

Superman Example a: Superman is able to prevent evil. w: Superman is willing to prevent evil. i: Superman is ineffective. m : Superman is malevolent. p: Superman prevents evil. e: Superman exists.

Superman Example CafeOBJ has a special module FOPL-CLAUSE with the following syntax -- The syntax for the axioms differs from that of the ordinary CafeOBJ equations -- 'and' is translated to & -- 'implies' is translated to -> -- 'not' is translated to ~ -- 'ax' are similar to 'eq' in previous modules

Superman Proof: Gries & Schnieder Proof using the manipulation of Boolean expressions. CafeOBJ has a special module FOPL-CLAUSE with the following syntax -- The syntax for the axioms differs from that of the ordinary CafeOBJ equations -- 'and' is translated to & -- 'implies' is translated to -> -- 'not' is translated to ~ -- 'ax' are similar to 'eq' in previous modules

Superman Proof using CafeOBJ rewriting. set trace on – System settings set auto context mod! SUPERMAN { -- Main module ops a w i m p e : -> Bool -- Declare propositions rl [F0] : (a and w) => p . -- Axioms -- We use contrapositive: (not a => i) = (not i => a) rl [F1a] : not i => a . rl [F1b] : not m => w . rl [F2] : p => false . rl [F3] : e => (not i) and (not m) . } exec e . This returns false. CafeOBJ’s rewriting was used for the proof, rather than the technique of manipulating Boolean expressions on the previous slide. Logically, each rewriting step is a logical entailment in a formal system.

Superman Proof using CafeOBJ rewriting. We have not yet studied rewriting which provides the operational semantics of the CafeOBJ language. The operational semantics is responsible for the correct execution of specifications or programs. From a logical perspective rewriting provides logical entailment.

Superman Proof using CafeOBJ rewriting. A proof of a conclusion from a set of premises is a sequence of sentences terminating in the conclusion in which each item is either: 1. a premise (axiom) 2. an inference rule 3. the result of applying a rule of inference to earlier items in sequence. Here is the proof produced by CafeOBJ 1>[1] rule: trans [F3] : e => ((not i) and (not m)) {} 1<[1] e --> ((not i) and (not m)) 1>[2] rule: trans [F1a] : (not i) => a {} 1<[2] (not i) --> a 1>[3] rule: trans [F1b] : (not m) => w {} 1<[3] (not m) --> w 1>[4] rule: trans [F0] : (a and w) => p {} 1<[4] (a and w) --> p 1>[5] rule: trans [F2] : p => false {} 1<[5] p --> false (false):Bool

Superman Proof truth table. ******How Many rows in TT? *********

Work or Play? Write the following statements in propositional logic: I worked hard or I played the piano. If I worked hard, then I will get a bonus. I did not get a bonus. (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) ∃∀

Work or Play? Construct a TT using: http://turner.faculty.swau.edu/mathematics/materialslibrary/truth/ This expression is only true in one case.

Work or Play? Here are the intermediate truth tables for (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) Overall argument

Work or Play? The intermediate truth tables for (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) . The following are useful transformations: ¬(¬(w)) = w. Expressing or as ⇒ The contrapositive rule

Work or Play? Given I worked hard or I played the piano. If I worked hard, then I will get a bonus. I did not get a bonus. Can we conclude : I played the piano. In logical notation is the following a valid argument? (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) P Therefore or ∴

Work or Play? In logical notation is the following a ? mod WORK { ops w p b : -> Bool eq [e1] : p = if (not w) then true else false fi . ceq [e2] : w = false if (not b) . eq [e3] : b = false . } open WORK red p .

Valid Argument The following is a valid argument [P1] If Pats’s program is less than 10 lines long then it is correct. [P2] Pat’s program is not correct. [C1] Therefore Pat’s program is more than 10 lines long. The first two lines are the premisses and the last the conclusion. Recall the contrapositive rule (P ⇒ C)  (¬P ⇒ ¬L)

Invalid argument The following is an invalid argument [P1] If I am wealthy then I give away lots of money [P2] I give away lots of money [C1] Therefore I am wealthy The reasoning is not valid because from the premisses you cannot derive the conclusion. (W⇒M)  (M⇒W) We can describe functions in a number of ways We can specify the function value explicitly by giving one equation for each individual input element The left-hand or the right hand side of an equation or rule The righ-hand side describes how the result is constructed using the parameters

Valid argument: Modus Ponens An example a very general valid argument is Modus Ponens (from Latin mode that affirms)

Turnstile |= In propositional logic the double turnstile is symbol that is placed between propositions and the conclusion. Sequent expressions assert that an entailment relation holds between the set of propositions on the left and the conclusion on right-hand sides of the double turnstile. A |= B can be read “A entails B” There is no interpretation which makes A true and B false. As a specification we could say A satisfies B.

Single Turnstile |- The intuitive meaning of A |- B is that under the assumption of A the conclusion of B is provable. It denotes syntactic consequence Soundness: A|-B ⇒ A|=B Completeness: A|=B ⇒ A|-B Soundness prevents proving things that aren't true when we interpret them. Completeness means that everything we know to be true on interpretation, we must be able to prove.

Double turnstile |= in relation to  P1, ..., Pn |= Z iff |= (P1 ˄ … ˄ Pn)  Z Recall the work, piano, bonus example. (w˅p) ,(w  b) ,(~b) |= p iff |= (w˅p) ˄(w  b) ˄(~b)  p

Difference between valid arguments and implies. An argument is valid iff it is necessary that under all interpretations (valuations in propositional logic), in which the premises are true the conclusion is true as well: P1,...,Pn |= Z P1,...,Pn |= Z if and only if the statement of the form P1 and ... and Pn implies Z is necessarily true (a tautology): |= (P1 & … & Pn)  Z

Model |= Theory A formula is satisfiable if it is possible to find an interpretation (model) that makes the formula true. A |= B read “A satisfies B”. A valid argument is one in which , if the premises are true, then the conclusion must be true.

Building And-Or in CafeOBJ -- No variables -- We turn of implicit import of built-in BOOL . set include BOOL off -- This allows us to develop our own Boolean operations mod* BOOLEAN1 { signature { [ Boolean ] op false : -> Boolean op true : -> Boolean op -_ : Boolean -> Boolean op _\/_ : Boolean Boolean -> Boolean op _/\_ : Boolean Boolean -> Boolean } axioms { eq - false = true . eq - true = false . eq false \/ false = false . eq false \/ true = true . eq true \/ false = true . eq true \/ true = true . }} eof -- Check these reductions? open BOOLEAN1 var A : Boolean red true \/ false . red true \/ A . red A \/ true .

Computing Fundamentals 1 Lecture 3 Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308 Based on Chapter 3 Propositional Calculus. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Need for formalism1 It is difficult to reason in natural language: “The sun is shinning and I feel happy”1. Are the two facts related, do I feel happy because the sun shining? “Roses are red and violets are blue” Are roses red because violets are blue? Both sentences have the same form, two facts connect with ‘and’. 1 Discrete Mathematics Using a Computer, Second Edition, by John O'Donnell, Cordelia Hall and Rex Page. Published by Springer, 2006.

Need for formalism There is no known way to formally handle all the ambiguities of English. So, we need a separate ‘logical language’ where many of the ambiguities are filtered out. We start with propositional logic. There are several mathematical systems (calculi) for reasoning about propositions: Truth tables (semantic), Equational Logic (syntactic/semantic) which we use on this course, Boolean Algebra (axiomatic)1, Natural Deduction (can be used as an alternative to equational logic) On this course we use an algebraic system called CafeOBJ. However, we do not study algebraic systems themselves. In pure predicate calculus the symbols are un-interpreted (except for =) We get a theory by adding axioms that give meaning to some of the un-interpreted function symbols e.g. a theory of Integers. An algebra is a model of a theory One can view an inference rule that has no premises as an axiom. 1 Boolean Algebra (axiomatic) An algebra1 is a model of a theory. BA is a model for propositional calculus E.

Propositional Calculus Boolean expressions can be defined: By how they are evaluated or By how they can be manipulated. To help use manipulate Boolean expressions we need proofs, heuristics, and principles. A calculus is a method or process of reasoning by calculation with symbols. The propositional calculus uses Boolean expressions and propositional variables. A Boolean variable that can denote a proposition can be called a “propositional variable” Boolean expressions can be defined by how they are evaluated. Boolean expressions can be defined by how they are manipulated. We can reason and prove with/about Boolean expressions based on their value (semantic) or the rules of grammar (syntactic). Later, when we study predicate logic, we will see the role of quantified variables. Quantified variables can be bound or free. A formula is open if it has free variables. A formula is closed if it has no free variables. A closed formula is also called a sentence. Later we will that as long as a logical expression does not contain open formulae, a variable assignment is not necessary to determine the truth of a formulae.

Propositional Calculus A calculus is a method of reasoning by calculating with symbols. Logic is the study of correct reasoning. Equational reasoning is a style of logic. The propositional calculus used on this course is called equational logic E. E has two parts: A set of axioms, Four inference rules

Propositional Calculus The axioms are Boolean expressions that define the basic manipulative properties of the Boolean operators. For example, p ⋁ q  q ⋁ p Indicates that ⋁ is symmetric. An inference rule asserts the if the premises are assumed to be truths, then the conclusion is also a truth. On the next slide are the four inference rules for E.

Four Inference Rules for E Leibniz: Transitivity: Substitution Equanimity Example X+1>0 Two of these Leibniz and Transitivity were used in Lecture 1 (slide 13) to describe equality. Leibniz says: Two expressions are equal in all states iff replacing one by the other in any expression E does not change the value of E (in any state). Choosing different axioms for the propositional calculus could lead to the same set of theorems. Equanimity is a form of ‘modus ponens’ for equivalence. Given E and E  F then F. A theorem is either an axiom or the conclusion of an inference rule whose premises are theorems Note for substitution to be valid P must be a theorem, there are variations on this, where substitution is not considered as an inference rule. X+1>0 (X+1>0)[x:=3] 4 > 0

CafeOBJ’s version of Equational Logic

Reminder on observation & interpretation

Reminder on Interpretation Our scientific theories about the world can be expressed using mathematics and logic. The models of these theories often match the actual world. But our scientific theories can be wrong.

Reminder on Interpretation Before 1674 it was generally though that that the main source of water in rivers was from underground springs. In 1674 Pierre Perrault measured and compared rainfall and river flow. He found that the annual rainfall of part of a river catchment exceeded the annual river flow and that no underground water supply was needed to sustain the river. Other reasonable theories had been published previously (Bernard Plassy, 1580), but in general it was thought that rivers were maintained from underground sources rather than rainfall. In this case does measurement validate Perrault theory? http://en.wikipedia.org/wiki/Pierre_Perrault_%281608%E2%80%931680%29 http://www.britannica.com/EBchecked/topic/452551/Pierre-Perrault Perrault estimated the flow in the Seine River and compared it with rainfall in the watershed, showing that the rainfall was easily enough to account for the flow in the river. Perrault also showed that rain does not penetrate the soil beyond about 2 feet. Thus, most of the rain that falls does not go into springs.

Reminder on Interpretation We use the following definitions: Volume of underground source (Underground ) Volume rainfall (Rainfall) Volume flowing in river (Riverflow) Assume that there are only two possible sources. Assume only Rainfalland RiverFlow are measured. A working assumption could be that the volume of the sum of sources is greater or equal to river flow: (Underground + Rainfall) ≥ RiverFlow Perrault’s experiment tells us: Rainfall > RiverFlow Would the above allow us to conclude anything about the value of Underground in this experiment?

Reminder on Interpretation Can Perrault’s experiment be used to prove that rivers are feed by rainfall only? Can Perrault’s experiment be used to prove that the flow of a river does not depend on any underground source? Are any of the following true? (Rainfall > RiverFlow) ⇒ (Underground < RiverFlow) (Rainfall > RiverFlow) ⇒ (Underground > RiverFlow)

Theorems in E A theorem of the prepositional calculus E is either: An axiom The conclusion of an inference rule whose premises are theorems A Boolean expression, that using the rules of inference is proved to be equal to an axiom or a previously proved theorem. The definition of theorem is more precise than that in Lecture 1 slide 3 We will use premises as plural of premise. Premise  is an idea or theory on which a statement or action is based, for example: They had started with the premise that all men are created equal. The research project is based on the premise stated earlier. premise verb FORMAL to base a theory, argument, etc. on an idea, thought, or belief:

Proof Method in E To prove that P  Q is a theorem (where P and Q are expressions e.g. P is say a ˅ b and Q is b ˅ a), transform P to Q or Q to P using Leibniz. Proofs in E have the form: P < Hint for proof step 1 > R . < Hint for proof step n > Q (,, ,  , ,˄, ˅) (,, ,  , , ˄, ˅)

Helpful Hints Focus on ‘manipulation’ rather than ‘evaluation’. These are syntactic operations that do not consider meaning. There are many axioms and theorems, you do not have to memorise them. Details of precedence rules, theorems, axioms, etc. will be supplied for examination questions.

The Axioms of equational propositional logic. The next slide present the main axioms of equational propositional logic. The full list is at: http://www.cs.cornell.edu/courses/cs400/2004fa/theoremsfoot.pdf You are not expected to learn these off by heart! But you should be able to see how they are used in a proof.

Note these axiom numbers differ from those in the book.

Heuristics Heuristic: (3.21) Identify an applicable theorem from table 2 by matching its structure to the given expressions or sub-expressions to be proved. The operators that appear in a Boolean expression and the shape of its sub-expressions can focus the choice of theorems, from table 2, that can be used to manipulate it. Principle: Structure proofs to avoid repeating the same sub-expression many times.

A Proof Prove theorem: p  q  p  q p  q  p  q = <axiom(3.9,5), (p  q)  p  q> (p  q)  p  q = <axiom(3.9,3.17),with p,q:=q,p (q  p)  q  p > (p  q)  (p  q) = <(3.5,3.8) Reflexivity of  > true To prove this we try to transform it to true. The symmetry of  is implicitly used in step 2. Substitution is used p   q   (p  q) But the hint is (q  p)  q  p These two expressions are the same up to symmetry of equivalence. To shorten proofs Symmetry and Associativity axioms are used without mention. The number in brackets refers to an axiom in the book, axiom(3.9) in book is axiom(5) in table 2.

Heuristic (3.33) Heuristic: To prove P  Q, transform the expression with the most structure (either P or Q) into the other. To illustrate this heuristic we prove: p ˅ true  true. Start with LHS. p ⋁ true = <(3.3) Identity of  > p ⋁ (p  p) = < (3.27,3.32) Distributivity of ⋁ over  > p ⋁ p  p ⋁ p = <(3.3,3.7) Identity of  > true Which is the same as the RHS.

Heuristic (3.23) Heuristic of definition of elimination: To prove a theorem concerning an operator  that is defined in terms of another operator , expand the definition of  to arrive at a formula that contains : exploit the properties of  to manipulate the formula and then (possibly) reintroduce  using its definition.

Using a Heuristic To illustrate the heuristic (3.23) we prove (p  q)  (q  p), where  is  and  is  LHS (p  q) = < (3.10) Def of  > (p  q) = <(3.2)Symmetry of  > (q  p) = < (3.10) Def of  with p,q:=q,p> (q  p) RHS

Equational Proof

The Golden rule1 p˄q  p  q  p˅q Check that GR is an in CafeOBJ module PROPC: set trace on whole red p and q <-> p <-> q <-> p or q . p˄q  p  q  p˅q On one hand the Golden Rule2 can be seen as a definition of conjunction (˄) in terms of equivalence () and disjunction (˅): (p˄q)  (p  q  p˅q) But it can also be read in other ways, e.g. assertion of equality: (p˄q  p) = (q  p˅q) This can be used to define logical implication. 1The above is from Roland Backhouse www.cs.nott.ac.uk/~rcb/G5TMPC/slides/LogicalConnectives.pdf 2Try this in the BOOL module of CafeOBJ Set p = true, q=true red true and true iff true iff true iff true or true . Set p = true, q=false red true and false iff true iff false iff true or false . Set p=false,q=true red false and true iff false iff true iff false or true . Set p=false,q=false red false and false iff false iff false iff false or false . 3. Try this in CafeOBJ open BOOL red (A and B iff A iff B iff A or B) . – A,B are predefined vars in BOOL close -- PROPC in CafeOBJ represents the propositional calculus, it has a different syntax from BOOL e.g. (iff in BOOL us <-> in PROPC) -- Checking the Golden Rule open PROPC red (p and q <-> p <-> q <-> p or q) .

Golden Rule definition of ˄

From Roland Backhouse http://www.cs.nott.ac.uk/~rcb/ http://www.cs.nott.ac.uk/~rcb/G51MPC/slides/LogicalConnectives.pdf http://www.cs.nott.ac.uk/~rcb/ From Roland Backhouse http://www.cs.nott.ac.uk/~rcb/

The Golden rule1 The GR can also be read as a definition of disjunction (˅) in terms of conjunction (˄) (p˄q  p  q)  (p˅q) This form can be useful in calculations replacing disjunctions by conjunctions. GR can say p and q are equal iff their conjunction & disjunction are equal. (p  q)  (p˄q  p˅q) 1The above is from Roland Backhouse www.cs.nott.ac.uk/~rcb/G5TMPC/slides/LogicalConnectives.pdf

Using Golden Rule Since the GR is the definition of ˄, it can be used with the heuristic of Definition Elimination (3.23). The GR can be used to eliminate ˄. The next slide shows a proof of : p ˄ (p ˅ q)  p ˄ q

Using Golden Rule(*) Prove: p ˄ (p ˅ q)  p ˄ q LHS p ˄ (p ˅ q) Check that substitution is justified LHS=RHS: red (p and q) <-> (p <-> q <-> p or q) Prove: p ˄ (p ˅ q)  p ˄ q LHS p ˄ (p ˅ q) = < (3.35) GR, with q:=  p ˅ q > p   p ˅ q  p ˅  p ˅ q = < (3.28) Excluded Middle > p   p ˅ q  true ˅ q = <(3.29) Zero for ˅ > p   p ˅ q  true = < (3.3)Identity of  > p   p ˅ q = < (3.32) p ˅ q  p ˅ q  p, with p,q:=q,p > p  p ˅ q  q = < (3.35) GR> p ˄ q Which is RHS. Line 1 First Step Line 2 Using GR as definition of ‘and’, the first inference substitutes the q:=  p ˅ q in GR LHS = RHS p˄q  p  q  p ˅ q (GR) p  ( p ˅ q)  p ˅ ( p ˅ q) Hence the ˄ gone after step 1. In CafeOBJ module PROPC the equivalence symbol is <-> which corresponds to  in the course text. The above can be proved in CafeOBJ as follows: Set trace off – turn off detailed trace rule, substitution & replacement Set trace whole on – turn on only rewrite step open PROPC red (p and (not(p) or q)) <-> (p <-> not(p) or q <-> p or not(p) or q) . This should be true and seen as validating the first proof step above. Note CafeOBJ will reduce the RHS to the LHS of the Golden Rule. red (p <-> q <-> p or q) . CafeOBJ will reduce the first line of the above proof to the last line. red p and (not(p) or q) . The Golden Rule has four equivalents, which can be used as a sophisticated form of substitution as follows: One equivalent can be replaced by three Two equivalents can be replaced by two Three equivalents can be replaced by one. Identity of = : true = q = q (same arguments) Zero of \/ : p \/ true = true In logic \/ and /\ are idempotent( x op x = x) but multiplication and addition in arithmetic are not. The first inference using the GR goes as follows. Substituting the q in GR as q:=  p ˅ q GR is: p˄q  p  q  p ˅ q p  ( p ˅ q)  p ˅ ( p ˅ q) Hence the ‘and’ from line one is gone. Note p and q are already defined as variables in PROPC red p or q <-> p or not(q) <-> p . – true (P and ~ p) or (p and q) = p and q

DeMorgan and Monoticity 3.47(a)(b) DeMorgan: (p ˄ q)  p ˅ q (p ˅ q)  p ˄ q 4.2 Monoticity of ˅: (p  q)  (p ˅ r  q ˅ r) O = operations (,, ,  , ,˄, ˅)

Implication and Consequence Axiom, Definition of Implication: p  q  p ˅ q  q Axiom, Definition of Consequence: p  q  q  p Rewriting Implication p  q  p ˅ q p  q  p ˄ q  p Contrapositive: p  q  q  p Negation not(p  q)  p ˄ q O = operations (,, ,  , ,˄, ˅)

Implication, Converse, Inverse Original statement: p  q Converse: q  p Inverse: p  q Contrapositive: q  p If a statement is true, the contrapositive is also logically true If the converse is true, the inverse is also logically true. (,, ,  , ,˄, ˅) Original statement: if p then q converse: if q then p inverse: if not p then not q contrapositive: if not q then not p

Implication, Converse, Inverse From a given implication we get three derived implications (inverse, converse, inverse. P -> Q (original implication) -Q -> -P (contrapositive of original) Q -> P (converse of original) -P -> -Q (inverse of original) They all obey the truth table for implication. However, the derived implications contain negations and/or are in a different order than the original implication. (,, ,  , ,˄, ˅) Original statement: if p then q converse: if q then p inverse: if not p then not q contrapositive: if not q then not p

Implication (⇒), or (˅) The statement (P ⇒ Q)is equivalent to (not P ˅ Q). “If I finish this chapter then I will learn" This is equivalent to saying, “I do not finish this chapter or I will learn."

Implication (⇒), or (˅) The statement ((not P) ⇒ Q) is propositionally equivalent to P ˅ Q. “If I don't finish this chapter, I'm in trouble" This is equivalent to saying, “I (must) finish this chapter or I'm in trouble."

Negation of ⇒in terms of ⋀ The negation of an implication is an and statement: not(p implies q) = (p and not q) ~(p -> q) <-> (p & ~q) Example: “if I hit my thumb with a hammer, then my thumb will hurt” The negation is: “I hit my thumb with a hammer and my thumb does not hurt.”

Truth Table for Contrapositive p  q  q  p Note p and q are swapped In General statement: if p then q converse: if q then p inverse: if not p then not q contrapositive: if not q then not p O = operations (,, ,  , ,˄, ˅)

Truth Table for Implication Q PQ t f P is stronger than Q In General statement: if p then q converse: if q then p inverse: if not p then not q contrapositive: if not q then not p Q is weaker than P. When  is true then Q is true in more than cases P. O = operations (,, ,  , ,˄, ˅)

Weakening & Strengthening Suppose P  Q. Then we say that P is stronger than Q and Q is weaker than P. This because Q is true in more (or at least the same) states than P. P imposes more restrictions on a state. The strongest formula is false (true in fewer case) and the weakest is true (true in more case). The following theorems are called weakening or strengthen depending on whether it is used to transform the antecedent into the consequent, thus weakening it, or transform the consequent into the antecedent, thus strengthening it. If we weaken an argument it is true in more cases (false in less) If we strengthen an argument it is true in less cases (false in more) You should distinguish the form of implication and inference. Form of implication antecedent  consequent. Form of inference hypothesis( or premise) -------------- conclusion See http://www.logicandlanguage.net/archives/2FF5/F3/inference_vs_im_T.html

Weakening & Strengthening p  p (starting with) p  p ˅ q (weaken RHS) p ˄ q  p (strengthen LHS) p ˄ q  p ˅ q (strg/weak) p ˅ (q ˄ r)  (p ˅ q) (p ˄ q)  p ˅ (q ˄ r) p=>p (p logically follows from p) p & q => p (strengthen LHS) (c) p => p or q (weaken RHS) If the left hand side is strengthened to p&q then p still logically follows from it. If the right hand side is weakened to p or q then it still logically follows from p. If the LHS is strengthened to p&q and the RHS is weakened to (p or x) then the RHS still logically follows from the LHS.

Modus ponens Modus ponens. p ˄ (p  q)  q In many propositional calculi MP is a major inference rule. It is somewhat less important in E where the emphasis is on equational reasoning.

Heuristic (3.33) Heuristic: To prove P  Q, transform the expression with the most structure (either P or Q) into the other. (3.34)Principle: Structure proofs to minimize the number of rabbits pulled out of the hat – make each step seem obvious, based on the structure of the expression and the goal of the manipulation. (3.54) Principle: Lemmas (small proofs) can provide structure, bring to light interesting facts, and should shorten proofs. Heuristic. To prove P == Q, transform P == Q to a known theorem, transform P to Q, or transform Q to P. Heuristic. The operators that appear in an expression and the shape of its subexpressions focus the choice of theorems to be used in manipulating it. Therefore, in developing the next step of a proof, identify applicable theorems by matching theorems with the structure of the subexpressions of the current expression. Heuristic of Operator Elimination. To prove a theorem about an operator, first eliminate it using its definition, then manipulate, and finally reintroduce the operator (if necessary). Heuristic. To prove P == Q, transform the side with the most structure (either P or Q) into the other. Principle. Structure proofs to minimize the number of rabbits pulled out of a hat --make each step seem obvious, based on the structure of the expression and the goal of manipulation. Principle. Lemmas can provide structure, bring to light interesting facts, and ultimately shorten a proof. Heuristic. Exploit the ability to parse theorems like Golden rule, p / q == p == q == p / q, in many different ways (using associativity and symmetry transparently).

Implication Is the following valid? i.e. true in all states. x > 2  x > 0 What about when x is 0? What about when x is 1? Can we use a truth table? open BOOL + NAT let x = 3 . red x > 3 implies x > 0 . let x = 1 . True in all cases

Definition of implication 3.60 (3.60) p  q ≡ p ˄ q ≡ p Use TTG (p⇒q) ⇔ (p ˅ q) ⇔ p p q Result is a tautology F F T T F T F T T T T T

Definition of implication 3.60 q p  q p ˄ q p  q  p ˄ q  p F T Equivalence is associative and has the lowest precedence. If we evaluate the first line left to right we get (T  F)  F , which gives true If we evaluate the first line right to left we get T  (F  F) , which gives true The two evaluations are the same which demonstrated the associative property.

Proof Implication Theorem Prove: p  (q  r)  p˄q  p˄r Start with LHS p  (q  r) = < Def of Implication (3.60) > p ˄ (q  r)  p = <(3.49)relates and equivalence > p ˄ q  p ˄ r Which gives us RHS. Prove this by truth table In the course text equivalence  (<=> below) is associative and has the lowest precedence. However the TTG software may not use the same rules, so it is best to use brackets. Prove this by truth table. First prove definition of implication 3.60 (p=>q) <=> (p & q) <=> p p q Result is a tautology F F T T F T F T T T T T Then prove 3.49 p & (q <=> r) <=> (p & q) <=> (p & r) <=> p p q r Result F F F T T F F T F T F T T T F T F F T T T F T T F T T T T T T T Or prove the expression directly, see next slide for more detail (p => (q <=> r)) <=> ((p&q) <=> (p&r)) p q r Result

F T p q r p˄q p˄r LHS p ˄ q  p ˄ r (q  r) RHS p  (q  r) Prove this by truth table

Abbreviation for proving implication This abbreviation allows us to use  as well as = in proof steps Given (pq) and (q  r) We show (p  r) holds. ------------------------------- We want to prove (p  q) ˄ (q  r)  (p  r) = <Why? p  q  true> true ˄ (q  r)  (p  r) = <Why? q  r  true > true ˄ true  (p  r) = < (3.38 and 3.73) > p  r (LHS true gives RHS) 3.38 idempotency of ˄ : p ˄ p  p 3.73 left identity of  : true  p  p

Abbreviation for proving implication Previously, we only used = in the proof steps, now we can use . A shorter proof of previous slide, given: (pq) and (q  r) We prove that (p  r) holds. p = <Why? pq> q  <Why? q  r > r Note we use  in the second proof step. Previously we only used = in the proof steps, now we use .

How does CafeOBJ evaluate expressions? To find out, type in the following: open BOOL set trace on red true xor false xor true and false . To further clarify the order of evaluation look at the precedence of 'and' and 'xor' by using the following command: show module BOOL . Note: 1)the lower the number the higher the precedence and 2)the associativity of 'and' and 'xor'. This slide is repeated in the lab sheet.

How does CafeOBJ evaluate expressions? CafeOBJ uses left to right re-write rules to evaluate terms. A term can be a variable or a function name applied to zero or more arguments e.g., add(X,1). Zero argument functions are called constants. More complex terms can be built from a vocabulary of function and variable symbols. Terms can be considered as simple strings. A term is well-formed if it has exactly one least parse tree. A ground term has no variables e.g. a. See http://www.meta-environment.org/doc/books/extraction-transformation/term-rewriting/term-rewriting.html#section.tr-terms See Sections 3.3 and 6.1.1 of the CafeOBJ Manual.

How does CafeOBJ evaluate expressions? CafeOBJ uses left to right re-write rules to evaluate terms. A term can be a variable or a function name applied to zero or more arguments e.g., add(X,1). Zero argument functions are called constants. More complex terms can be built from a vocabulary of function and variable symbols. Terms can be considered as simple strings. A term is well-formed if it has exactly one least parse tree. A ground term has no variables e.g. a. See http://www.meta-environment.org/doc/books/extraction-transformation/term-rewriting/term-rewriting.html#section.tr-terms See Sections 3.3 and 6.1.1 of the CafeOBJ Manual.

How does CafeOBJ evaluate expressions? Substitution is a mapping from variables to terms. Substitution are specified by equations. Example: let σ = {(x ↦ f(a, z))} be a substitution function. If we apply σ on the term t = g(a, g(x, x)) we get term (t) = g(a, g(f(a, z), f(a, z))) See http://www.meta-environment.org/doc/books/extraction-transformation/term-rewriting/term-rewriting.html#section.tr-terms See Sections 3.3 and 6.1.1 of the CafeOBJ Manual.

How does CafeOBJ evaluate expressions? Left to right rewriting does not exactly match equational logic. In equational logic the inference rules used for deducing “behaviour” are those familiar for reasoning about equalities, namely, for all x, y, and z x = x, if x = y, then y = x, if x = y and y = z, then x = z, and we may “substitute equals for equals”, e.g., if x = y, then f(x) = f(y), etc. See http://www.meta-environment.org/doc/books/extraction-transformation/term-rewriting/term-rewriting.html#section.tr-terms See Sections 3.3 and 6.1.1 of the CafeOBJ Manual.

How does CafeOBJ evaluate expressions? CafeOBJ uses left to right re-write rules to evaluate terms. A term can be a constant, a variable or a function name applied to zero or more arguments e.g., add(X,Y). More complex terms can be built from a vocabulary of function symbols and variable symbols. Terms can be considered as simple strings. Term rewriting is a computational method that is based on the repeated application of simplification rules. TRS provides methods of replacing sub-terms of a formula with other terms. The CafeOBJ keyword for evaluation is reduce, which can be abbreviated to red at the CafeOBJ command line. See Section 6.1.1 of the CafeOBJ Manual. See http://www.meta-environment.org/doc/books/extraction-transformation/term-rewriting/term-rewriting.html#section.tr-terms

(Wirsing and Rauschmayer 2003) and (Kokichi Futatsugi 2008). When computing an equivalence relation over the terms we determine which terms give the same result, and which terms give different results.

In the previous slide the proof that 1 + 1 == 2, which is written as p s s s 0 == s 0 + s 0, where p is the predecessor , and s is the successor of a natural number (p 0 is not defined). Note the equality predicate (denoted as == ) defines an equivalence relation and is distinct from definitional equality (denoted as = ) used in equational definitions (e.g. eq N + 0 = 0).

An algebra with two sorts

Superman Example If Superman were able and willing to prevent evil, he would do so. If Superman were unable to prevent evil, he would be ineffective; if he were unwilling to prevent evil, he would be malevolent. Superman does not prevent evil. If Superman exists, he is neither ineffective nor malevolent. Therefore Superman does not exist.

Superman Example a: Superman is able to prevent evil. w: Superman is willing to prevent evil. i: Superman is ineffective. m : Superman is malevolent. p: Superman prevents evil. e: Superman exists.

Superman Example The first four sentences: F0 : a ˄ w  p F1 : (a  i) ˄ (w  m) F2 : p F3 : e  i ˄ m Superman argument is equivalent to: ALL= F0 ˄ F1 ˄ F2 ˄ F3  e Note that F3 is the only place e appears. CafeOBJ has a special module FOPL-CLAUSE with the following syntax -- The syntax for the axioms differs from that of the ordinary CafeOBJ equations -- 'and' is translated to & -- 'implies' is translated to -> -- 'not' is translated to ~ -- 'ax' are similar to 'eq' in previous modules

Superman Proof Example Six steps. Assume F0,F1,F2,F3 : Start at conclusion e. e  <Contrapositive (3.61) (i˄m) e of F3> (i˄m) = < DeMorgan(3.47a)> i ˅ m  < First conjunct of F1, monoticity 4.2 ) a ˅ m  < Second conjunct of F1, monoticity 4.2 ) a ˅ w = < DeMorgan(3.47a)> (a ˄ w) < Contrapositive(3.61) p  (a˄w)) of F0> p (this is F2) (We conclude that ALL (from slide 39) is a theorem so the argument of the superman paragraph is sound) One way to prove (ALL of slide 39) is to assume the four conjunctions of the antecedent and prove the consequent e. We begin by manipulating the consequent e. If we start with e there is only one way to proceed. The only place e appears is in F3, so we must start at F3. We must translate F3 into its contra-positive, i.e. p  q  q  p The numbers in the proof steps (e.g. 3.61) refer to either theorems or axioms in the course text.

Superman in CafeOBJ Example mod! SUPERMAN{  protecting(BOOL)  ops a w i m p e : -> Bool   eq [F0]: (a and w implies p) = true . eq [F1]: (not(a) implies i) and (not(w) implies m) = true . eq [F2] : not(p) = true . eq [F3] : e implies (not(i) and not(m)) = true . } For translation into English, see notes section below. If Superman were able and willing to prevent evil, he would do so[F0]. Superman in CafeOBJ Example If Superman were unable to prevent evil, he would be ineffective and if he were unwilling to prevent evil, he would be malevolent[F1]. Superman does not prevent evil[F2]. If Superman exists, he is neither ineffective nor malevolent[F3]. Therefore Superman does not exist [conclusion].

Make Truth Table for Superman Enter the following expression into truth table generator at http://turner.faculty.swau.edu/mathematics/materialslibrary/truth/ ((((a & w) > p) & (~a > i) & ( ~w > m) & (e > (~i & ~m)) & ~p) > (~e)) Describe the result. If Superman were able and willing to prevent evil, he would do so[F0]. Superman in CafeOBJ Example If Superman were unable to prevent evil, he would be ineffective and if he were unwilling to prevent evil, he would be malevolent[F1]. Superman does not prevent evil[F2]. If Superman exists, he is neither ineffective nor malevolent[F3]. Therefore Superman does not exist [conclusion].

BAD TEST module! BADTEST{ pr(BOOL) pred a : . pred b : . eq a and b = true . eq not(a) = true . eq not(b) = true . } open BADTEST red (not(a) and not(b)) and (a and b) . -- inconsistent expression gives true! open BOOL **> same expression gives correct result (false) in BOOL pred a : . pred b : . red (not(a) and not(b)) and (a and b) . -- false When asserting arbitrary as being true one needs to be careful.

CafeOBJ Superman in English Example red e implies (not(i) and not(m)) iff (not(not(i) and not(m)) implies (not(e))) English (version 1) SM existence implies that he is not ineffective and not malevolent if and only if SM is ineffective or SM is malevolent implies that he does not exist. Various ways of doing prackets. red e implies ((not i) and (not m)) implies not((not i) and (not m)) implies not(e) . red e implies ((not(i)) and (not(m))) implies not((not(i)) and (not(m))) implies (not(e)) .

CafeOBJ Superman in English Example red (e implies (not(i) and not(m))) implies (not(not(i) and not(m)) implies (not(e))) English (version 2) If Superman exists then he is not ineffective and not malevolent, which using the contrapositive rule, means that if he is ineffective or is malevolent then he does not exist. This can be written in ‘normal’ notation. (e -> (i & m)) <=> ( (i & m) -> e) This is an example of the contrapositve rule and must be true regardless of the values of e,i, or m. So CafeOBJ will evaluate it to true. Also it is a tautology.

Superman Proof in CafeOBJ Note in the following proof we do not need the truth values of the equations from the SUMPERMAN module in the previous slide. We only need the constants representing the sentences. The proof uses the given equations and general theorems of equational logic. The proof does not depend on the value of the equations in the SUPERMAN module, hence their truth values are not used directly. The following reductions (or evaluations) validate the 6 steps

Superman Proof in CafeOBJ open SUPERMAN . -- Step 1 : 3.61 Contrapositive of F3 red e implies (not(i) and not(m)) implies (not(not(i) and (not(m)) implies not(e))) -- Step 2 : 3.47a DeMorgan red not(not(i) and not(m)) iff (i or m) . -- Step 3 :First conjunct of F1 and Monoticity 4.2 ('or m' added) red (not(a) implies i) implies ((not(a) or m) implies (i or m)) . -- The following is true and does not depend on the superman's axioms F0-F3 -- It represents the first step of the proof red e implies (not(i) and not(m)) implies (not(not(i) and (not(m)) implies not(e))) . -- If step 1 does not work try it without the first set of brackets. red e implies (not(i) and not(m))) iff (not(not(i) and not(m)) implies not(e)) .

Superman Proof in CafeOBJ -- Step 4 :Second conjunct of F1 and Monoticity 4.2 ('or not(a)' added) red (not(w) implies m) implies ((not(w) or not(a)) implies (m or not(a))) . -- Step 5 : 3.47a DeMorgan red (not(a) or not(w)) iff (not(a and w)) . -- Step 6 : 3.61 Contrapositive of F0 red ((a and w) implies p) implies ((not(p)) implies (not(a and w))) . O = operations (,, ,  , ,˄, ˅)

Alternative Proof1 This argument is valid. We can also argue by contradiction. Assume that Superman does exist. Then he is not ineffective, and he is not malevolent (this follows from F3). Therefore by (the contrapositives of) the two parts of F1, we conclude that he is able to prevent evil, and he is willing to prevent evil. By the implication of F0, we therefore ‘know’ that Superman does prevent evil. But this contradicts F2. Since we have arrived at a contradiction, our original assumption must have been false, so we conclude finally that Superman does not exist. Based on proof from: Discrete Mathematics and Its Applications ISBN: 0072880082 Kenneth H. Rosen, AT&T Laboratories

Alternative Proof in CafeOBJ CafeOBJ has a built theorem prover which can use proof by contradiction. The next slide shows how CafeOBJ can prove the non-existence of superman by applying equational logic and substitution in a mechanical way.

Alternative Proof in CafeOBJ mod! SUPERMAN { -- the basic facts ops a w i m p e : -> Bool ax [F0] : (a & w) -> p . ax [F1] : (~(a) -> i) & (~(w) -> m) . ax [F2] : ~(p) . ax [F3] : (e -> (~(i) & ~(m))) . } -- The syntax for FOPL-CLAUSE the axioms differs from that of the ordinary CafeOBJ equations -- 'and' is translated to & -- 'implies' is translated to -> -- 'not' is translated to ~ -- 'ax' are similar to 'eq' in previous modules

Alternative Proof in CafeOBJ The expected output is ** PROOF ________________________________ 1:[] ~(a) | ~(w) | p 2:[] a | i 3:[] m | w 4:[] ~(p) 5:[] ~(e) | ~(i) 6:[] ~(e) | ~(m) 7:[] e 15:[hyper:7,5,2] a 16:[hyper:3,1,15] m | p 17:[hyper:16,4] m 18:[hyper:17,6,7] ** ______________________________________ In the above proof ~ is logical negation (not) and | is logical disjunction (or). Line number 1 rewrites the axiom ((a & w) -> p) to (~(a) | ~(w) | p) using the general fact a->b == ~a | b. Line number 2 rewrites the axiom (~(a) -> i) to (a | i). Line number 3 negates (~(w) -> m) to (m | w). Line number 4 asserts (~p) which was given Line number 5 and 6 rewrites ((e -> (~(i) & ~(m)))) to (~(e) | ~(i)) and (~(e) | ~(m)) Line 7 asserts e (superman exists). This is the negation of the thing that we wish to prove (our goal) Line number 15 relates lines 7,5, and 2, reducing them to a. Line number 16 relates lines 3,1, and 15, reducing them to m | p Line number 17 relates lines 16 and 4 reducing, them to m. Line number 18 establishes a contradiction between 17,6, and 7. This shows that by assuming e we arrive at a contraction i.e. a set of equations that can never be satisfied. By assuming e and the other axioms we get a contradiction. Given that all equations (except e=true) are given as true, we can conclude that assumption that (e=true) is not consistent with the other axioms.

Terms syntax: formal structure of sentences semantics: truth of sentences wrt models entailment: necessary truth of one sentence given another inference: deriving sentences from other sentences, provides a syntactic mechanism for deriving ‘truth’ soundness: derivations produce only entailed sentences completeness: derivations can produce all entailed sentences

Formal Logic A logic consists of: A set of symbols A set of formulas constructed from the symbols A set of distinguished formulas called axioms A set of inference rules. The set of formulas is called the language of the logic, pure syntax. Inference rules (premise and conclusion) allow formulas to be derived from other formula.

Formal Logic A formula is a theorem of the logic if it is an axiom or can be generated from the axioms and already proven theorems. A proof that a formula is a theorem is an argument that shows how the inference rules are used to generate the formula.

Equational Logic E Symbols (,) ,, ,  , ,˄, ˅ Constants true, false. Boolean variables p, q, etc. Formulas are expressions using symbols, constants, and variables. Axioms e.g. Associativity of . Inference rules e.g. Leibniz Theorems are formulas that can be shown to be equal to axioms using inference rules. In pure predicate calculus the symbols are un-interpreted (except for =) We get a theory by adding axioms that give meaning to some of the un-interpreted function symbols e.g. a theory of Integers. An algebra is a model of a theory

Model Theory The formulas of a logic are intended to be statements about some domain of discourse (DOD). Formulas may be interpreted as having a meaning with respect to this DOD by defining which formulas are true statements and which statements are false about DOD. An interpretation assigns meaning to the operators, constants, and variables of a logic. Strictly speaking, the values true and false are not part of the logic but part of the model theory that relates the logic to our perception of the real world.

Model Theory Smaller theories have bigger models they are less constraining Bigger theories have smaller models they are more constraining Recall the theory of Mary & John’s apples: m = 2 * j Has many models m=2,,j=1, m=4,j=2, m=6, j=,…. Strictly speaking, the values true and false are not part of the logic but part of the model theory that relates the logic to our perception of the real world.

Model Theory mary = 2 * john and mary/2 = 2 * (john – 1) Smaller theories have bigger models they are less constraining Bigger theories have smaller models they are more constraining Recall Mary & John’s apples: mary = 2 * john and mary/2 = 2 * (john – 1) Has only one model m=4, j=2.

Reminder on Interpretation

Model Theory We distinguish between: Syntax : a formal logic Semantics : the interpretation of a formal logic In Lecture 2 we used truth tables to define operations and to evaluate expressions. Truth tables provide an interpretation (or meaning) for the Boolean expressions in Lecture 2. An interpretation can have two parts: A fixed meaning, based on operators and constants A state based meaning, based on values of the variables.

Interpretation or evaluation of E An interpretation of an expression in E gives its value in some state. Here is the ‘standard’ interpretation of expressions in E. eval (evaluation) gives ‘meaning’ to operators and constants of E. For expression P without variables, let eval.’P’ be the value of P. Let Q be any expression with variables and let s be a state that gives values to all the variables of Q. Define s.’Q’ to be a copy of Q in which all of the variables are replaced by their corresponding values in state s. Then function f given by f.’Q’=eval(s.’Q’) is an interpretation for Q. The eval operation is called red in CafeOBJ, meaning reduction. The ‘eval’ (or evaluation) operation is called red in CafeOBJ, meaning reduction.

Satisfiability and validity Satisfiability and validity for Boolean expressions were defined in Lecture 2. Here satisfiability and validity are defined for any logic. Let S be a set interpretations for a logic and F be formulas for the logic. F is satisfiable under S iff at least one interpretation of S maps F to true. F is valid iff every interpretation in S maps F to true.

Sound and Complete A logic is sound iff every theorem is valid. A logic is complete iff every valid formula is a theorem. Soundness means that the theorems are true statements about DOD. Completeness means that every valid formula can be proved. E is sound and complete wrt standard interpretation.

Sound and Complete The soundness and completeness of a logic can be expressed in symbols of a ‘meta-logic’. P1,P2,..Pn|- Q means that there is a proof which infers the conclusion Q from the assumptions P1,P2,..Pn using formal inference rules (syntactic turnstile). P1,P2,..Pn|= Q means that Q must be true if P1,P2,..Pn are true but, says nothing about whether we have a proof, or even whether a proof exists (semantic turnstile).

Sound and Complete A formal system is sound (or consistent) if a |- b then a |= b A system is sound if each proposition is provable using the inference rules is actually true. You can only prove true things. A formal system is complete if a |= b then a |- b A system is complete if the inferences are powerful enough to prove every proposition is true. You can prove all true things.

Necessary & Sufficient1 Let r be the proposition “I revised”, and Let q be the proposition “I passed”. Then r → p may be expressed as: “if I revised, I passed”; “I passed if I revised”; “I revised only if I passed”. See necessary and sufficient in Lecture 2. 1.George Constantinides http://cas.ee.ic.ac.uk/people/gac1/Complexity/ “x is necessary for y” means y  x r  p

Necessary & Sufficient Conditions for classifying concepts Necessary Conditions: If something is a member a given concept the it is necessary to fulfill some conditions if something is concept member then meets condition Necessary and Sufficient Conditions: If something fulfills some conditions then it must be a member of a given class if something is concept member then it meets conditions If something meets condition then concept member

Proof by Contradiction A direct proof of a theorem shows that there cannot be a counterexample of the theorem. If a counterexample exists then two properties will hold: P(1) It must make the hypothesis of the implication true P(2) It must make the conclusion of the implication false. If no counterexample exists then no states the variables in the theorem will satisfy both P(1) and P(2).

Proof by Contradiction Using proof by contradiction we temporarily assume a counterexample exists and then show that this cannot be because it would result in a contradiction. A contradiction is a statement that we know to be false (e.g. A˄A). In finding such a counterexample we are showing that P(1) and P(2) are logically incompatible.

Proof by Contradiction Hence assuming a counterexample we arrive at a contradiction. So, the assumed counterexample could not hold.

Proof by Contradiction (4.9) Proof by Contradiction PbC: p  false  p PbC uses (3.74): pfalse  p A theorem P is assumed false and we derive a contradiction. Once we have shown P  false is a theorem we can conclude that P is also a theorem.

PbC in CafeOBJ CafeOBJ’s theorem prover (based on OTTER), negates the current goal, and reduces the given equations to the form: ~goal & ( a | b) & (c | d) a,b,c,d can be positive or negative. The CafeOBJ prover tries to resolve terms to find the empty set (no values can satisfy the equations). By looking for the pattern (a&~a). A positive term is ‘a’ a negative term is ‘~a’.

PbC in CafeOBJ Here is an example of proving Modus Ponens: P, PQ P : premise P ˅ Q : premise Q : Negation of conclusion Q : Resolvent of 1,2 False : Resolvent of 3,4 Each line of resolution process is a set of ‘or’ ‘|’ Lines are related by ‘ands’ ‘&’ open PROPC vars P Q : Bool red P and (P implies Q) and not(Q) implies Q .

Portia’s Suitors Dilemma (simplified) Portia has a gold casket and a silver casket and has place a picture of herself in one of them. On the casket’s are written the following inscriptions: Gold : The portrait is not in here. Silver: Exactly one of these inscriptions is true.

Portia’s Suitors Dilemma (simplified) Portia explains to here suitor that each inscription may be true or false, but she has placed her portrait in one of the caskets that is consistent with the truth or falsity of the inscriptions. If the suitor chooses the casket with her portrait, she will marry him. The suitor must determine which casket contains the portrait using only the inscriptions which may be true or false.

Portia’s Suitors Dilemma (simplified) The two possible situations are represented as: gc: the portrait is in the gold casket. sc: the portrait is in the silver casket. The two inscriptions on the caskets are represented as: g: the portrait is not in the gold casket s: exactly one of g and s is true.

Portia’s Suitors Dilemma (simplified) The fact that the portrait is exactly one place is written as: F0 : gc  sc The inscription g on the gold casket is the negation of gc written as: F1 : g  gc F0 could be written: (gc ˄  sc) ˅ (gc ˄ sc) or (gc ˅ sc) ˄ (gc ˄ sc) but gc  sc is shorter.

Portia’s Suitors Dilemma (simplified) We do not know whether the inscription s on the silver casket is true or false, but we do know that inscription s is equivalent to the fact that only one of the inscriptions is true. This is written as: F2 : s  (s  g) O = operations (,, ,  , ,˄, ˅)

Recall Basic Proof Alternatively, using Notation 2: <X=Y> The basic rule of reasoning is Leibniz ‘substitute equals for equals’. See slide 21 of lecture 1. Where two formats of proof are described: Notation 1 E[z:=X] = <X=Y> E[z:=Y] The premise for a proof step is the reason why the step is valid, written as a hint between brackets <>. The conclusion of a proof step consists of the line immediately above and immediately below the premise line related by equality (or iff) using notation 2. The 2nd line is usually the result of a substitution. If whenever the premise true then the conclusion is true, then we can conclude that this is a valid proof step. Alternatively, using Notation 2: <X=Y> -------------------- E[z:=X]=E[z:=Y]

Portia’s Suitors Dilemma Having formalized the situation as a set logical axioms, we now try to derive either gc or sc from the axioms. We start with F2, because it is the axiom with most structure (heuristic 3.33). s  s  g = <3.2 Symmetry of , (gs)(sg), replace ssg with g> g = <F1: ggc, negation of both sides and 3.12 double negation, replace g with gc > gc The axioms used above look like this: 3.2 Axiom of Symmetry (p  q)  (q  p) (g  s)  (s  g) 3.12  p  p There are several ways to validate the first proof step, we could start with s  s g vars gc34 s34 g34 sc34 : Bool . red (not(g34) iff s34) iff (s34 iff not(g34)) iff ((s34 iff s34 iff not(g34)) iff not(g34)) . Should true : Bool Where the premise is the symmetry rule 3.2, that is this bit (not(g34) iff s34) iff (s34 iff not(g34)) And the conclusion is the fact the first and second step of the proof are equal, that is this bit. (s34 iff s34 iff (not(g34)) iff not(g34)) So the total argument goes that because the premise leads to the conclusion the proof step is valid. Or you could just say that it is always valid to replace the first line with the second because the following line is always true. red (s34 iff s34 iff not(g34)) iff not(g34) . The second step can be checked in CafeOBJ as: red (g34 iff not(gc34)) == (not(g34) iff gc34) . Or red (g34 iff not(gc34)) iff (not(g34) iff gc34) . Which says that if the premise, in the form of a proof hint, is true then so is the conclusion. Or you could say that It is always valid to negate both sides of a Boolean equation. It is always valid to replace g with gc in any expression, because g  gc Alternative manual proof (not required) (s  s)  g = <3.3 identity (true  s  s) and 3.2 Symmetry of  > g = < 3.12 double negation of F1:ggc > (gc  g) = <3.9 distributivity of  over  removes negation on LHS > gc  g = <3.5 reflexivity of  > gc

Portia’s Suitors Dilemma (simplified) From F1 and F2 we can conclude that the portrait is in the gold casket (gc). F0 was not needed to solve this puzzle We must make sure that F0, F1, and F2 do not form a contradiction which can never be satisfied. In other words, we must check that there is a least one assignment of values that makes all three true. If F0 ˄ F1 ˄ F2 were false in every state then they would be inconsistent (see note below) and anything could be proved. Were that to be the case, the assumptions could not be satisfied, so we would conclude that the problem had no solution. A logical system is consistent if at least one of its formulas is a theorem and at least one is not; otherwise the logic is inconsistent . We are looking fro a state that makes F0 & F1 & F2 true F0 : gc  sc F1 : g  gc F2 : s  (s  g)

Portia’s Suitors Dilemma (simplified) Here is the checking: With gc=true, the additional assignments sc=false, g=false, and s=false, satisfy F0, F1, and F2 . Note that it does not matter whether the inscription on the silver casket is true or false. That is s=false or s=true still satisfy the three assumptions. This is illustrated in the truth table on next slide We are looking for a state that makes F0 & F1 & F2 true F0 : gc  sc F1 : g  gc F2 : s  (s  g)

Portia’s Suitors Dilemma Truth Table gc sc g s Result F T Proof by truth table. We are looking for a state that makes F0 & F1 & F2 true F0 : gc  sc F1 : g  gc F2 : s  (s  g) We construct a truth table from F0 & F1 & F2 (gc  sc) & (g  gc) & (s  (s  g)) Or using the notation of TTGs (gc <-> sc) & (g <-> gc) & (s <->(s <-> g)) We can say that ‘s’ is a don’t care fact because it is true and false when the whole expressions is true. We can say the truth table provides all possible values for the Boolean variables. Hence it establishes the conditions under which the entire expression is true. This validates the CafeOBJ proof. Truth table for (gc <-> sc) & (g <-> gc) & (s <->(s <-> g))

Portia’s Suitors Dilemma (inconsistent) So far there is no inconsistency in this problem. Here we add an inconsistency by adding a different inscription on the silver casket: s’ : This inscription is false. A formalization of this inscription is: F2’ : s’  s’ Then F2’ is true in no state which is equivalent to false. Adding F2’ as an axiom to propositional logic, then would make false an axiom. Recall true is axiom 3.4, so false cannot be an axiom. O = operations (,, ,  , ,˄, ˅)

Portia’s Suitors Dilemma (inconsistent) From false anything can be proved. The addition of F2’ makes the logic inconsistent and cannot be part of any mathematical or model of reality. This would lead to a puzzle that has no solution. An inconsistency can also arise from an interplay between axioms. Suppose F0:gcsc is already an axiom, if we now add axiom F5:gcsc, then F0 ˄ F5 is false, so the system is inconsistent. O = operations (,, ,  , ,˄, ˅)

CafeOBJ code mod! PORTIA1{ protecting(BOOL) -- the basic facts are (in this case misleading) called predicates. pred gc : pred sc : pred g : pred s : -- Different syntax to CafeOBJ equations -- 'and' is translated to & -- 'implies' is translated to -> -- 'not' is translated to ~ ax [F0] : gc <-> ~(sc) . ax [F1] : g <-> ~(gc) . ax [F2] : s <-> (s <-> ~(g)) . -- there is an implicit '&' between the axioms.}

CafeOBJ set up for proof open PORTIA1 -- The goal is to prove that the portrait is in the gold casket. option reset . goal(gc) . -- We are only interested goal line flag(auto, on) . flag(very-verbose,on) . flag (universal-symmetry,on) param(max-proofs, 1) . resolve . close CafeOBJ’s theorem prover OTTER will try to use proof by contradiction. It will create not(gc) and try to find a contradiction.

CafeOBJ output There is a lot of output. We are only concerned that CafeOBJ found the empty clause ** PROOF 4:[unit-del:7] g 5:[] ~(s) | ~(g) 6:[] s | ~(g) 7:[] ~(gc) 18:[hyper:4,6] s 19:[hyper:18,5,4] ______________________________________ Try to follow this proof by comparing it to the output from SupermanMadeEasy.mod CafeOBJ’s theorem prover OTTER will try to use proof by contradiction. It will create not(gc) and try to find a contradiction. This uses proof by contradiction. CafeOBJ’s theorem prover sets up the negation of the goal (gc) which is not(gc). The symbol ~ stands for ‘not’, and | stands for ‘or’. There is an assumed ‘and’ between each line of the proof. The numbers refer to the lines in the proof. The word 'hyper' refers to a cancellation when the prover finds 'x&~x'. The word ‘unit-del’ means that the prover has established the proposition at the end of the line. Line number 4 says that the prover has established g to be true. Line number 5 establishes (~(s) | ~(g) ) Line number 6 establishes ( s | ~(g) ) Line number 7 establishes ~(gc) Line number 18 cancels lines 4 and 6 giving ‘s’ Line number 19 cancels lines 18,5, and 4 giving the empty set. Line number 19 establishes a contradiction This shows that by assuming (~gc) we arrive at a contraction i.e. a set of equations that can never be satisfied. By assuming (~gc) and the given axioms we get a contradiction. All the equations are given as true, except (~gc) which is temporarily assumed true. We can conclude that assumption that (~gc) is not consistent with the other axioms. In more detail, the given facts are F0 & F1 & F2 which we will call AllGivenAxioms We want to prove AllGivenAxioms -> gc To prove the by ‘proof by contradiction’ CafeOBJ assumes a counterexample of gc is true, as follows AllGivenAxioms & (~gc) -> gc CafeOBJ finds that there are no truth values to make this true. So the assumed (~gc) cannot hold. (~gc) = false gc = true

CafeOBJ using equational logic mod! PORTIA2{ pr(BOOL) -- the basic facts. pred gc : pred sc : pred g : pred s : -- We are using '=' instead of 'iff' eq [F0] : gc = not(sc) . eq [F1] : g = not(gc) . eq [F2] : s = (s iff not(g)) . } open PORTIA2 vars gc1 s1 g1 sc1 : Bool . red (gc1 iff not(sc1)) and (g1 iff not(gc1)) and (s1 iff (s1 iff not(g1))) implies gc1 . -- The first proof used proof by contradiction, here is the same problem as in Portia1.mod, using equational logic and a direct proof . -- The proof uses substitutions and the rules of propositional logic. -- It does not use proof by contradiction. mod! PORTIA2{ protecting(BOOL) -- the basic facts. pred gc : pred sc : pred g : pred s : -- We are using equational '=' instead of 'iff' eq [F0] : gc = not(sc) . eq [F1] : g = not(gc) . eq [F2] : s = (s iff not(g)) . -- there is an implicit and between the axioms. -- Stating this explicitly makes no difference to the proof of 'gc'. -- So the following line, which combines the previous 3 and adds the implication, is redundant. -- eq [F3] : (gc iff not(sc)) and (g iff not(gc)) and (s iff (s iff not(g))) implies gc = true . -- We can demonstrate this by evaluating F3 using only equational logic, with the 'red' command. } eof -- type in the following open PORTIA2 vars gc1 s1 g1 sc1 : Bool . red (gc1 iff not(sc1)) and (g1 iff not(gc1)) and (s1 iff (s1 iff not(g1))) implies gc1 . -- should get true.

CafeOBJ using equational logic There is an implicit and between the axioms. Stating this explicitly makes no difference to the proof of gc. See Portia2.mod for further details. -- Here is the same problem as in Portia1.mod, using equational logic. -- The proof uses substitutions and the rules of propositional logic. -- It does not use proof by contradiction. mod! PORTIA2{ protecting(BOOL) -- the basic facts. pred gc : pred sc : pred g : pred s : -- We are using equational '=' instead of 'iff' eq [F0] : gc = not(sc) . eq [F1] : g = not(gc) . eq [F2] : s = (s iff not(g)) . -- there is an implicit and between the axioms. -- Stating this explicitly makes no difference to the proof of 'gc'. -- So the following line, which combines the previous 3 and adds the implication, is redundant. -- eq [F3] : (gc iff not(sc)) and (g iff not(gc)) and (s iff (s iff not(g))) implies gc = true . -- We can demonstrate this by evaluating F3 using only equational logic, with the 'red' command. } eof -- type in the following open PORTIA2 vars gc1 s1 g1 sc1 : Bool . red (gc1 iff not(sc1)) and (g1 iff not(gc1)) and (s1 iff (s1 iff not(g1))) implies gc1 . -- should get true.

Propositional proof Example Given (p  q) and (q  r) prove that (p  r) holds. You may use the following theorems: (1) Idempotency of ˄: p ˄ p  p (3.38 in course text) (2) Left identity of : true  p  p (3.73 in course text) Solution: Given (pq) and (q  r). We show (p  r) holds. The numbers (e.g. 3.38) refer to either theorems or axioms in the course text. (p  q) ˄ (q  r)  (p  r) = <Why? p  q  true, given> true ˄ (q  r)  (p  r) = <Why? q  r  true, given > true ˄ true  (p  r) = < (3.38 and 3.73) > p  r (LHS true gives RHS)

Using Golden Rule Prove: p ˄ (p ˅ q)  p ˄ q LHS p ˄ (p ˅ q) = < (3.35) GR, with q:=  p ˅ q > p   p ˅ q  p ˅  p ˅ q = < (3.28) Excluded Middle > p   p ˅ q  true ˅ q = <(3.29) Zero for ˅ > p   p ˅ q  true = < (3.3)Identity of  > p   p ˅ q = < (3.32) p ˅ q  p ˅ q  p with p,q=q,p > p  p ˅ q  q = < (3.35) GR> p ˄ q Which is RHS. Using GR as definition of ˄, the first inference substitutes the q in GR LHS = RHS p˄q  p  q  p ˅ q p  ( p ˅ q)  p ˅ ( p ˅ q) Hence the ˄ from line one is gone in line two. Line 1 First Step Line 2 In CafeOBJ module PROPC the equivalence symbol is <-> which corresponds to  in the course text. The above can be proved in CafeOBJ as follows: Set trace off – turn off detailed trace rule, substitution & replacement Set trace whole on – turn on only rewrite step open BOOL We can check is the overall proof automatically red p and q iff p iff q iff p or q . The following should be true and seen as validating the first proof step in the main slide red (p and (not(p) or q)) iff (p iff not(p) or q iff p or not(p) or q) . The Golden Rule has four equivalents, which can be used as a sophisticated form of substitution as follows: One equivalent can be replaced by three Two equivalents can be replaced by two Three equivalents can be replaced by one. Identity of = : true = q = q (same arguments) Zero of \/ : p \/ true = true In logic \/ and /\ are idempotent( x op x = x) but multiplication and addition in arithmetic are not. The first inference using the GR goes as follows. Substituting the q in GR as q:=  p ˅ q GR is: p˄q  p  q  p ˅ q p  ( p ˅ q)  p ˅ ( p ˅ q) Hence the ‘and’ from line one is gone.

Write CafeOBJ functions A supplier gives the following discounts: 5 Euro if the total bill is 100 Euro or more and 50 Euro if the total is 500 Euro or more. . Write two CafeOBJ functions called discount and bill that given the price and quantity that calculates the correct amount of the bill.

Write CafeOBJ functions module! BILL { pr (INT) op bill : Int Int -> Int op discount : Int -> Int vars p q r : Int ceq discount(p) = 0 if p < 100 . ceq discount(p) = 5 if (p >= 100) and ( p < 500) . ceq discount(p) = 50 if p >= 500 . eq bill(p,q) = p * q - discount(p * q) . }

Golden Rule Tests could select p and q to check the boundaries, negative number for either argument: error 99, discount 0 100, discount -50 101, discount -50 499, discount -50 500, discount -10 501, discount -10 2 * 0.30 + 1

Another example of propositional reasoning. Write the following statements in propositional logic: I worked hard or I played the piano. If I worked hard, then I will get a bonus. I did not get a bonus. (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) ∃∀

Another example of propositional reasoning. Construct a TT using: http://turner.faculty.swau.edu/mathematics/materialslibrary/truth/ This Boolean expression is only true in one case. A argument P1,P2,...Pn => C to be valid if the truth table is such that there is no line in which the premises are all true but the conclusion if false.

Another example of propositional reasoning. Truth tables for each premise. (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) Premise 1 Premise 1 Premise 3 An argument form is valid iff the truth of the conclusion is guaranteed by the truth of the premises. An argument form is valid iff the truth of the conclusion is guaranteed by the truth of the premises. if we can find any row in the truth table where all the premises are represented as true and the conclusion false, we will have shown that the argument is invalid.

Another example of propositional reasoning. The intermediate truth tables for (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) . Double negation: ¬(¬(w)) = w. Expressing or as ⇒ If not(pass) then fail == if not(fail) then pass. Two ways of expressing or as ⇒ ways are equivalent Expressing or as ⇒ The contrapositive rule

translation between or and implies Two ways to rewrite ˅ as ⇒ eq [e1] : b = false . ceq [e2] : p = true if (not w) . ceq [e3] : w = false if not b eq [e1] : b = false . ceq [e2] : w = true if (not p) . ceq [e3] : w = false if not b

Another example of propositional reasoning. Given I worked hard or I played the piano. If I worked hard, then I will get a bonus. I did not get a bonus. Can we conclude : I played the piano. In logical notation is the following a valid argument? (W ˅ P) ˄ (W ⇒ B) ˄ ¬(B) P Therefore or ∴

Another example of propositional reasoning. Premises: I worked hard or I played the piano. If I worked hard, then I will get a bonus. I did not get a bonus. Conclusion: Therefore I played the piano. Can we use (not(b) implies p) to prove that the sentences form a valid argument? Could be written in CafeOBJ as: ceq [e3] : p = true if not b

Conditional Equations The Inference rule Modus Ponens can be written as a CafeOBJ conditional equation A, A -> B ---------- B In CafeOBJ this would be: ceq B = true if A .

Valid Argument The following is a valid argument [P1] If my program is less than 10 lines long then it is correct.
[P2] My program is not correct.
[C1] Therefore my program is more than 10 lines long. The first two lines are the premisses and the last the conclusion. Let P10 be the proposition that my programme is less than 10 lines long and C be the proposition that it is correct. Recall the contrapositive rule (P10 ⇒ C)  (¬C ⇒ ¬P10).

Invalid argument The following is an invalid argument [P1] If I am wealthy then I give away lots of money [P2] I give away lots of money [C1] Therefore I am wealthy The reasoning is not valid because from the premisses you cannot derive the conclusion. (W⇒M)  (M⇒W)

Valid argument: Modus Ponens An example a very general valid argument is Modus Ponens (from Latin mode that affirms) This can be represented in CafeOBJ as a conditional equation: ceq Q = true if P . eq P = true . Also applies to predicates ceq Q(x) = true if P(x) .

Turnstile |= In propositional logic the double turnstile is symbol that is placed between propositions and the conclusion. Sequent expressions assert that an entailment relation holds between the set of propositions on the left and the conclusion on right-hand sides of the double turnstile. A |= B can be read “A entails B” There is no interpretation which makes A true and B false. As a specification we could say A satisfies B.

Single Turnstile |- The intuitive meaning of A |- B is that under the assumption of A the conclusion of B is provable. It denotes syntactic consequence Soundness: A|-B ⇒ A|=B Completeness: A|=B ⇒ A|-B Soundness prevents proving things that aren't true when we interpret them. Completeness means that everything we know to be true on interpretation, we must be able to prove.

Double turnstile |= in relation to  P1, ..., Pn |= Z iff |= (P1 ˄ … ˄ Pn)  Z Recall the work, piano, bonus example. (w˅p) ,(w  b) ,(~b) |= p iff |= (w˅p) ˄(w  b) ˄(~b)  p

Difference between valid arguments and implies. An argument is valid iff it is necessary that under all interpretations (valuations in propositional logic), in which the premises are true the conclusion is true as well: P1,...,Pn |= Z P1,...,Pn |= Z if and only if the statement of the form P1 and ... and Pn implies Z is necessarily true (a tautology): |= (P1 & … & Pn)  Z

Model |= Theory A formula is satisfiable if it is possible to find an interpretation (model) that makes the formula true. A |= B read “A satisfies B”. A valid argument is one in which , if the premises are true, then the conclusion must be true.

Building And-Or in CafeOBJ -- No variables -- We turn of implicit import of built-in BOOL . set include BOOL off -- This allows us to develop our own Boolean operations mod* BOOLEAN1 { signature { [ Boolean ] op false : -> Boolean op true : -> Boolean op -_ : Boolean -> Boolean op _\/_ : Boolean Boolean -> Boolean op _/\_ : Boolean Boolean -> Boolean } axioms { eq - false = true . eq - true = false . eq false \/ false = false . eq false \/ true = true . eq true \/ false = true . eq true \/ true = true . }} eof -- Check these reductions? open BOOLEAN1 var A : Boolean red true \/ false . red true \/ A . red A \/ true .

Alternative Terminology G&S do not use the terminology found in many other textbooks. For example, they use the term expression for what is often called a clause in other texts. The next few slides cover this alternative terminology.

Alternative Terminology In propositional calculus: A literal is a propositional variable or its negation. A clause is a finite disjunction of literals (a OR b OR c ...) A unit-clause is composed of a single literal. Unit deletion is used to simplify a set of clauses.

Alternative Terminology Conjunctive normal form (CNF) is a conjunction of clauses, where a clause is a disjunction of literals. It is an ANDing of ORs.

Alternative Terminology If a set of clauses contains the unit clause L, the other clauses are simplified by the application of the two following rules: every clause (other than the unit clause itself) containing L is removed; not(L) is deleted from other clauses. Example L = a: removing any instances of −p from the other clauses,

Alternative Terminology Unit deletion propagates the fact that a is true into the other clauses.

Alternative Terminology In general. subsumption can be used when deciding whether one description, D1, is more general than another one, D2 That is whether D2 logically implies D1. For example, IRISH-PERSON is subsumed by PERSON (i.e. an IRISH-PERSON is-a PERSON).

Alternative Terminology Given a clause in a CNF formula, if a subset of its literals constitutes another clause in the formula, then the first clause is said to be subsumed by the second clause. Clause C subsumes clause D if the variables of C can be instantiated in such a way that it becomes a subclause of D. If C subsumes D, then D is redundant and can be discarded, because it is weaker than or equivalent to C.

Computing Fundamentals 1 Lecture 4 Quantification Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308 Based on Chapter 8. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Quantification We now study quantifiers of operators. These can be logical (e.g. ˄) or arithmetic (e.g. +) operators that act on a range of objects named by ‘dummy variables’. We use the symbols ∃ and ∀ to indicate that a variable refers to some object(s) or all objects. ∀ is called the universal quantifier. ∃ is called the existential quantifier. Quantifiers can be applied to Symmetric and Associative operations that have an Identity operation. O = operations (,, ,  , ,˄, ˅) ˄ = ˄ ∃∃ ∀ ∀

Functions We have already used expressions with constants and variables. We briefly mentioned functions application. A function is a rule for computing a result-value v from argument-value w, e.g. Definition of: g(z) = 3 ∙ z + 6 The argument is designated in a function application, which is a form of expression. ∙ ∙

Functions We apply function to argument (function application) g(5) Gives the value of 3 ∙ 5+6 To reduce brackets we can write function.argument. We evaluate this function g.5 = < Apply function> 3 ∙ 5 + 6 = < Arithmetic> 21 Function application can be defined as textual substitution. g.z:E

Functions Function application can be defined as textual substitution. If g.z:E Defines a function g then function application g.X for any argument X is defined by g.X = E[z := X]

Functions This close correspondence between function application and textual substitution suggests that Leibniz (1.5) links equality and function application. So, we can reformulate Leibniz for functions.

Functions & Types Up to now we have used the Boolean type. In Computer Science many types are needed. Simple types like integers and natural numbers Complex types like sets, lists, sequences. Each function has a type which describes the types of its parameters and the type of its result: (8.1)1 f:arg1 ⨯ arg2 ...⨯ argn ⟶ r 1In CafeOBJ this would be written op f arg1 arg2 : -> r

Functions & Types Some function signatures: plus: ℤ⨯ℤ ⟶ℤ (plus(1,3)or 1+3) not : ⟶ (not(true) or true) less: ℤ⨯ℤ ⟶ (less(1,3)or 1<3) ℤ

Functions & Types Type and type correctness are syntactic notions. Type correctness depends only on the sequence of symbols in the proposed expression, and not on evaluation of the expression (in a state). For example1, (1/(x:ℤ )):ℝ is an expression even though its evaluation is undefined if x=0. 1The notation variable:type is common in maths & computing: In CafeOBJ we can write this for Integers (Z) all positive and negative number including zero. red in INT : A:Int quo 0 . – where quo is the quotient or division operator for Integer numbers in CafeOBJ Which returns an error type, denoted by the type name preceded by a question mark. -- Does CafeOBJ consider zero a natural number? red in INT : 0 :is Int . -- In some contexts zero is not legal Or you could try this for rational numbers (Q) red in RAT : x:Nat / 0 . Which also returns an error type, denoted by the type preceded by a question mark. (A / 0):?Rat

Functions & Types Certain restrictions are need to insure expression are type correct. During textual substitution E[x := F], x and F must have the same type. Equality b=c is defined only if b and c have the same type. Treating equality as an infix function: _=_ :t⨯t⟶ . For any type t. See exercise 13 in lab1. Checking the sort (or type) of a term. This same-type restriction is relaxed in Order Sorted Algebras, where we have sub-types and super-types.

Syntax & interpretation of quantification Summation notation: ∑ni=1 expression ∑3i=1(i2) = 12+22+32 In linear notation: (∑i | 1 ≤ i ≤ n : e) Or (+i | 1 ≤ i ≤ n : e) Where e is some expression (aka body) like i2 The parentheses make the scope of a quantified or dummy variable explicit. ∑ ≤

General form of Quantification Binary operator Range Type separators (*x : type | R : P) Dummy or quantified variable Body Separators

Universal Quantifier The declaration introduces a typical term (or body) that may be optionally constrained or restricted in some way: For example: (∀ i:ℕ | i<10 : i2 < 100 ) Which states that for all natural numbers less than 10 their square is less than 100.

Syntax & interpretation of quantification We use linear notation: (+i | 1 ≤ i ≤ n : e) The scope of the quantified variable i is confined to expressions within the brackets. In this case quantified variable is know as a dummy, it does not obtain a value from the state in which the expression is evaluated. The dummy is used to represents a range of values.

Syntax & interpretation of quantification The range in linear notation can include any Boolean expression: (+i | 0 ≤ i ≤ 7 ˄ even.i : i) = 0 + 2 + 4 + 6 The above sums only even numbers between 1 and 7 inclusive. See sumev in next slide. Zero is even

Sum even numbers 0-n mod SUM { pr(INT) op sumev : Int -> Int op even_ : Int -> Int var n : Int **> Even returns n if n is even otherwise returns 0. ceq even n = n if (n rem 2 == 0) . ceq even n = 0 if (n rem 2 =/= 0) . **> Sum of even numbers between 0 and n -- base case eq sumev(0) = 0 . -- the general case ceq sumev(n) = (even n) + sumev(n - 1) if (n =/= 0) . } red in SUM : sumev(7) . – gives 12

Syntax & interpretation of quantification We can have more than one dummy variable: (+i,j | (1 ≤ i ≤ 2) ˄ (3 ≤ j ≤ 4): ij) = 13 + 14 + 23 + 24 The above sums ij over the given range of i and j.

Syntax & interpretation of quantification Moving from summation we let * represent any binary operator (not just +). We consider symmetric associative binary operators that have an identity u. Symmetry: b * c = c * b Associative: (b*c) * d = b * (c*d) Identity u: u * b = b = b* u

Syntax & interpretation of quantification (8.6) (*x:t1,y:t2 | R : P) The bound or dummy or quantified variables x and y are distinct. t1 and t2 are the types of the variables. R is a Boolean expression; the range of the quantification. x and y must satisfy R. The expression P is the body of the quantification. The type (or sort in CafeOBJ terms) of the result is the type of P. http://en.wikipedia.org/wiki/Quantification

Syntax & interpretation of quantification Specific instances of the general (8.6)1 (+i | 0 ≤ i < 4 : i∙8) = 0∙8 + 1∙8 + 2∙8 + 3∙8 (˄i | 0 ≤ i < 2 : i∙d≠6) = 0∙d≠6 ˄ 1∙d≠6 (⋁i | 0 ≤ i < 21 : b[i] = 0) = b[0]=0 ⋁ … ⋁ b[20]=0 Dot ∙ denote multiplication. The variable d is not quantified. b[i] is an array 1Here the dot ∙ denotes multiplication.

Syntax & interpretation of quantification Different representations of common quantifications (+x | R : P) (∑x | R : P) (∙x | R : P) (∏x | R : P) (⋁x | R : P) (∃x | R : P) (˄x | R : P) (∀x | R : P) ∃

Scope, Free, Bound There are two ways in which a variable can occur in a formula: free or bound. A variable is said to occur free in a expression E if and only if it is not within the “scope” of a quantifier. If a variable never occurs free in E, then we say the variable is bound. See http://en.wikipedia.org/wiki/Free_variables_and_bound_variables

Scope (8.7) (˄i | :x∙i = 0 ) (8.7) asserts that x multiplied by any integer equals 0. This is only true for x=0. Expression depends on value of x not i. The occurrence of x in (8.7) is free. The scope of the dummy i is the range and the body of (8.7) Occurrences of i in the scope of the dummy i are said to be bound to dummy i. See http://en.wikipedia.org/wiki/Free_variables_and_bound_variables

Avoid Confusing Scope (8.8) i>0 ⋁ (˄i | 0≤i : x∙i=0) Two distinct variables both named i. In (8.8) the leftmost iis free. The second quantified i is bound. Best avoid this situation by renaming. Scope in quantified expressions can be considered similar to the concept of scope in programming languages.

Scope in a procedure1 procedure p(x : integer); var i:integer begin i := x * y; x := 2 * I; end; If variable is not local or an argument then it is free in a function or procedure. Above, the scope of i is the procedure body, and the argument x is bound to the procedure p. In contrast y is free (it comes from outside the procedure, out of the blue, aka global). Note that a procedure differs from a function, it does not have to return a value, rather it can perform operations (e.g. open a file). y = 3 def p(x): global y i = x * y x = 2 * 1 return 1We will ignore call by value and call by reference issues, but if you are interested you can read on. See http://en.wikipedia.org/wiki/Free_variables_and_bound_variables In computer programming, a free variable is a variable referred to in a function that is not a local variable or an argument of that function. For example, in f(x) = x+ y, x is bound variable and y is free variable. In programming languages, we call these as argument or parameter and local variable respectively.

Quantifiers bind variables The quantifiers ∀ and ∃ are the binding operators.

Free1 The formal definition of free: (8.3) The occurrence of i in expression i is free. (8.4) If i is free in E then that same occurrence is free in (E) , f(..,E,..), (*x | E:F), and (*x | F:E) provided that iis not on one of the dummies in list x. It is best to keep variable names distinct. 1See http://en.wikipedia.org/wiki/Free_variables_and_bound_variables In mathematics, and in other disciplines involving formal languages, including mathematical logic and computer science, a free variable is a notation that specifies places in an expression where substitution may take place. The idea is related to a placeholder (a symbol that will later be replaced by some literal string), or a wildcard character that stands for an unspecified symbol. The variable x becomes a bound variable, for example, when we write 'For all x, (x + 1)2 = x2 + 2x + 1.' or 'There exists x such that x2 = 2.' In either of these propositions, it does not matter logically whether we use x or some other letter. However, it could be confusing to use the same letter again elsewhere in some compound proposition. That is, free variables become bound, and then in a sense retire from further work supporting the formation of formulae.

Occurs We define the predicate: occurs(‘v’,’e’) To mean that at least one variable in the list ‘v’ of variables occurs free in at least one expression in the expression list ‘e’. The quotes mean we are considering a list of variables and a list expressions rather than values. Here we are interested in the occurrence of the variable that may be bound or free not the variable itself. An occurrence is in an expression. We are just talking about scope.

Bound (8.10) Let an occurrence of i be free in expression E. That occurrence of i is bound (to dummy i) in the expression (*x | E:F) or (*x | F:E) provided that i is one of the dummies in list x. Suppose an occurrence of i is bound in expression E. Then it is also bound to the same dummy) in (E) , f(..,E,..), (*x | E :F), and (*x | F:E).

Example i + j + (∑i | 1≤ i ≤ 10 : b[i]j)+ (∑i | 1≤ i ≤ 10 : (∑j | 1≤ j ≤ 10 : c[i,j])) On first line i and j are free On the second line j is free. All other occurrences of i & j are bound There are two distinct dummies called i.

Textual Substitution Textual substitution that worked for propositions can be extended to cover quantification. (8.11) provided  occurs(‘y’,’x,F’) (*y|R : P)[x:=F] = (*y|R[x:=F] : P[x:=F]) The caveat in (8.11) means that the dummy of list y will have to be replaced by a fresh variable if that dummy occurs free in x or F. A fresh variable is a variable that does not already occur in the expression under consideration. occurs(‘list1’,list2’) means that at least one variable from ‘list1’ occurs in lisr2.I

Textual Substitution => (+x|1 ≤ x ≤2:y)[y:=y+z] (+x|1 ≤ x ≤2:y+z) (+i| 0≤i<n:b[i]=n)[n:=m] (+i| 0≤i<m:b[i]=m) (+y| 0≤y<n:b[y]=n)[n:=y] (+j| 0≤j<n:b[j]=n)[n:=y] (+j| 0≤j<y:b[j]=y) To avoid clash use variable j instead of y. (+y| 0≤y<n:b[y]=n)[y:=m] (+j| 0≤j<n:b[j]=n) Fresh variable j O = operations (,, ,  , ,˄, ⋁) ≤

Textual Substitution => (*x | 0≤x+r<n : x+ k)[k:=6] (*x | 0 ≤ x + r < n : x+6) (+y | 0≤y<m : b[y]=m)[m:=y] (+k | 0 ≤ k < y : b[k] = y) O = operations (,, ,  , ,˄, ⋁) ≤

Quantified Textual Substitution Example (*x | 0 ≤ x + r < n : x + v)[v := 3] Solution (*x | 0 ≤ x + r < n : x + 3) (+y | 0 ≤ y < m : b[y]=m)[m:=y] Solution: needs renaming of quantified variable y to k. (+k | 0 ≤ k < y : b[k] = y)

Rules about quantification Recall, for quantification we are interested in symmetric associative binary operators that have an identity u. Symmetry: b * c = c * b Associative: (b*c) * d = b * (c*d) Identity u: u * b = b = b* u We need additional inference rules for quantified expressions.

Inference Rules about quantification (8.12) As with Leibniz (1.5), we can use the (8.12) inference rules implicitly in substituting equals for equals.

8.22 allows the change of dummy variable. 8.22 provided occurs(‘y’,’R,P’) (*x|R:P) = (*y| R[x:=f.y] : P[x:=f.y]) Where f is a function with an inverse i.e. (x = f.y)  (y = f-1.x) (4 = squared(2))  (2 = sqroot(4)) Think of f as the square function and f-1 as the square-root function

Proof of 8.22 Start with RHS: (*y|R[x:=f.y] : P[x:=f.y]) = < (8.14) > (*y|R[x:=f.y] : (*x |f.y : P) = < (8.20) > (*x,y|R[x:=f.y] ˄ x = f.y : P) = < (3.84a) > (*x,y|R[x:=x] ˄ x = f.y : P) (*x|R:(*y = f.y : P)) = < (8.14) inverse of f > (*x|R:(*y | y =f-1.x : P)) (*x|R: P[y:=f-1.x]) = < textual substitution > (*x|R:P) O = operations (,, ,  , ,˄, ⋁) ≤

Splitting ranges In computer science ranges are often split for operations that involve repetitions or loops, especially when determining the invariant of such a repetition1. An invariant of a loop is a predicate that that holds true for every repetition step and describes a kind of overall property of the whole loop. 1. From Logical Reasoning: A First Course by R Nederpelt, page 89

Manipulating ranges Manipulating ranges allows us to split a range into two distinct ranges. The first example below takes one right hand (n+1) term out of the range. The second example below takes one left hand (0) term out of the range.

Manipulating ranges (∑i | 0≤i<n+1:b[i]) sum (∑i| 0≤i<n: b[i]) + b[n] (∏i| 0≤i<n+1:b[i]) product b[0]∙(∏ i | 0≤i<n : b[i]) (∀i| 0≤i≤n:b[i]=0) For all (∀i| 0≤i<n:b[i]=0) ˄ b[n]=0 (∏i|5≤i≤10:i2) 52 ∙(∏i|5<i≤10:i2)

Methods for describing ranges Various ways to describe i for values 2..15 For B and C the number of the number of values of i in the range is equal to the upper bound minus the lower bound (16-2 or 15-1).

Collapse or Split ranges 2 ≤ i ≤ 15 ⋁ 16 ≤ i ≤ 20 2 ≤ i ≤ 20 B 2 ≤ i < 16 ⋁ 16 ≤ i < 21 2 ≤ i < 21 C 1 < i ≤ 15 ⋁ 15 < i ≤ 20 1 < i ≤ 20 D 2 < i < 16 ⋁ 15 < i < 21 1 < i < 21 B and C are the easiest to manipulate, because the upper bound of the lower adjacent range equals the lower bound of the upper adjacent range.

Substitutions in Quantification (*x | 0 ≤ x + r < n : x + v)[v := 3] Solution (*x | 0 ≤ x + r < n : x + 3) (+y | 0 ≤ y < n : b[y]=n)[n:=y] (+j | 0 ≤ j < y : b[j] = y)

English Quantification All even integers that are multiples of 2 (∀x:ℤ | even.x:multiple(x,2)) Contrast this with similar statement using ‘set comprehension ‘ Lecture 5 Slide 14.

English Quantification Express this set in English {x:ℤ+ | 0 ≤ x < 4} The set of non-negative integers less than 4.

English Quantification The set of positive even integers that are less than 26. {x:ℤ + | 0<x<26 ˄ (x mod 2 = 0) : x} The set of odd integers. {x:ℤ | (x mod 2 = 1) : x} OR {x:ℤ | : 2*x-1} Modulus or remainder function. red in INT : 3 rem 2 . red in INT : 2 rem 2 . red in INT : 2 quo 2 . red in INT : 2 divides 2 . ‘mod’ is the remainder operation for integer division. (‘quo’ or ‘÷’ is the quotient or division) Course text (page 316) defines ‘÷’ and ‘mod’ b ÷ c = q, b mod c = r, where b = q*c + r and 0 ≤ r < c (or more complex ) {x:ℤ + | 0<x<6 ˄ x/2=x÷2 : x} where ‘/’ is division,’÷’ is integer division and ‘=’ is assumed to be overloaded or perhaps an autimatic casting between LHS and RHS.

English Quantification Express this in English {z | (∃x,y | 0≤x ˄ 2≤y≤ 3 : z = xy} The set of squares and cubes of all natural numbers. All even integers are multiples of 2. (∀x:ℤ | even.x : multiple(x,2)) Where multiple(x,2)is a predicate that returns true if x is a multiple of 2 (or 2 goes into x evenly)

English Quantification Example Some integer between 50 and m is a multiple of y. (∃i:ℤ | 50 ≤ i ≤ m : mutiple(i,y)) Every integer is larger than one integer and smaller than another integer. (∀z:ℤ |: (∃w,v:ℤ | w≠v : w < z < v)) An integer n is divisible by a different integer m if n is an integral multiple of m. For example, 15 is divisible by 3 because 15 = 5 · 3. The numbers which divide a given integer are called its divisors; for example, the divisors of 12 are 1, 2, 3, 4, 6, and 12 (which divides itself because 12 = 12 · 1)

Quantification and Programming Language C. void P(int x) { int i; i = x*x; x = i*2;} The scope rules for quantification are similar to local variables in a C like language. The scope of i is P in the C function, in maths: (*i | R : P) We ignore call by value and call by reference issues. Any occurrence of i outside P is a different i. (*i | R : P) If there is an x in P then x is free in P, because it is not quantified We ignore call by value and call by reference issues.

Set Construction as a specification

Computing Fundamentals 1 Lecture 5 Predicate Calculus Lecturer : Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308, Lab A115 Based on Chapter 9. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Predicate Calculus The predicate calculus is an extension of the propositional logic that allows the use of variables of types other than Boolean. This extension leads to a logic with enhanced expressive and deductive power.

Predicate Calculus A predicate calculus formula is a Boolean expression in which some Boolean variables may have been replace by: Predicates, which are applications of Boolean functions whose arguments may be types other than Boolean {true,false},e.g. equal(x:Int,y:Int), max(x:Int,y:Int). Universal and existential (,) quantified variables. A predicate can be understood to be a Boolean-valued function P: X→ {true, false},

Predicate Calculus For integers, the following is not generally true. But it is true when all variables = 1/3. RAT> red (1/3 + (1/3 * 1/3)) == (1/3 + 1/3) * (1/3 + 1/3) . Gives (true):Bool RAT> red (1 + (1 * 1)) == (1 + 1) * (1 + 1) . Gives false The universally quantified version is false, while the existential version is true. red (1 + (1 * 1)) == (1 + 1) * (1 + 1) .

Predicate Calculus (PC) An example formula in the predicate calculus: (x < y)  (x = z)  q(x,z+x) Where: x<y, x=z, q(x,z+x) are predicates. What about type? x,y,z, and (z+x) are terms. Pure PC includes the axioms of propositional calculus together with axioms for quantifications (x | R: P) and (x | R: P) The PC inference rules are Substitution, Transitivity, Leibniz, and Leibniz with quantification. CafeOBJ has a module corresponding to the predicate calculus (FOPL-CLAUSE). O = operations (,, ,  , ,, )

Predicate Calculus (PC) In pure PC the function symbols are un-interpreted (except for =). The logic provides no specific rules for manipulation the function symbols. This means that we can develop general rules for manipulating function symbols regardless of their meaning (interpretation). The pure predicate calculus is sound in all domains that may be of interest. O = operations (,, ,  , ,, )

Predicate Calculus and relations and functions. We must distinguish between relations and function. Function: for a given element in the domain (input) a function can have one element in the range (output) e.g. motherOf(John)=Mary or <Mother,John>. Relation: for a given element in the range a relation can have several elements in the range e.g. parentOf(John)={Liam,Mary} or <Mary,John> , <Liam,John>

Predicate Calculus (PC) We get a theory by adding axioms that give meaning to some of the un-interpreted function symbols. For example, the theory of integers consists of pure predicate calculus together with axioms for manipulating the operators +,-, <,  (i.e. functions). The axioms say that  (multiply) is symmetric and associative and has the zero 01. See CafeOBJ INT module. op _ + _ : Int Int -> Int { assoc comm idr: 0 prec: 3} eq [ident4] : (0 + X-ID:Int) = X-ID . Similarly the theory of sets provides axioms for manipulating set expressions (union etc). The core of the above theories is PC. The theory provides meaning the logic provides inference. 1 In CafeOBJ note show module NAT Note the equation eq [:BDEMOD] : (N * 0) = 0

Zero Z is a zero of some binary operation  if (x | : x  Z = Z  x = Z) Z is a left zero if (x | : Z  x = Z) Z is a right zero if (x |: x  Z = Z) The term zero comes from the fact that 0 is the zero of multiplication. Think of having the zero property rather than the value 0. In the CafeOBJ NAT module, the quotient (or integer division) operation will give 0, when 0 is on the left: red in INT : 0 quo 6 . Where x quo y means x/y What happens when 0 is on the right of this operation?

Universal Quantification Conjunction () is symmetric and associative and has identity true. (9.1) (x | R : P) For all x such that R holds, P holds. Predicate R is called the range, predicate P the body (or the term), and x the dummy variable.  is idempotent (pp=p, 1*1=1,0*0=0) and satisfies range-split axiom(8.18). http://en.wikipedia.org/wiki/Idempotent Given a binary operation, an idempotent element (or simply an idempotent) is something that when multiplied by (or for a function, composed with) itself, gives itself as a result. For example, the only two real numbers which are idempotent under multiplication are 0 and 1. A unary operation (i.e., a function), is idempotent if, whenever it is applied twice to any element, it gives the same result as if it were applied once. For example, the greatest integer function is idempotent as a function from the set of real numbers to the set of integers.

Existential Quantification Disjunction () is symmetric and associative and has identity false. (x| R : P) written as (x | R : P) There exists an x in the range R such that P holds. Predicate R is called the range, predicate P the body (or the term), and x the dummy variable.  is idempotent (pp=p) and satisfies range-split axiom(8.18). http://en.wikipedia.org/wiki/Idempotent Given a binary operation, an idempotent element (or simply an idempotent) is something that when multiplied by (or for a function, composed with) itself, gives itself as a result. For example, the only two real numbers which are idempotent under multiplication are 0 and 1. A unary operation (i.e., a function), is idempotent if, whenever it is applied twice to any element, it gives the same result as if it were applied once. For example, the greatest integer function is idempotent as a function from the set of real numbers to the set of integers.

From Lecture 3 recall DeMorgan 3.47(a)(b) DeMorgan: (p  q)  p  q (p  q)  p  q O = operations (,, ,  , ,, )

Generalized DeMorgan (9.18)(a) (x | R : P)  (x | R : P) (9.18)(b) (9.18)(c) (x | R : P)  (x | R : P)

English to Predicate Logic Expressions can be transformed or rewritten using the axioms of a particular theory. For example, using the Theory of Integers() the following can be proved: even.x(m:|:n=mx) (m:|:n=mx/2)

English to Predicate Logic In would be difficult to reason about such statements using only the propositional calculus. With the predicate calculus we can reason over collections of objects. Formalizing English or mathematical expressions in predicate logic is useful: Firstly, it enforces precision and exposes ambiguities. Does “between 80 an n” include 80 and n? This question must be answered during formalization. Secondly, once formalized we can use inference rules to reason formally about the objects under consideration.

English to Predicate Logic Quantifier every  all for all for each for any

English to Predicate Logic Quantifier exists  some there is at least one for some

English to Predicate Logic Every chapter has at least three pages: (c| c  Chapter | : size.c  3) There is a chapter with a even number of pages: (c|c  Chapter | : even(size.c))

English to Predicate Logic Everyone is younger than their father (x) person(x) => younger(x, father(x))

Negation of Quantified expression The correct negation of “All integers are even” is “Not all integers are not even”. Note an incorrect negation is “All integers are not even”. Is the ‘all’ being negated? The1 universal () statement “Not all integers are not even” can be rewritten as an existential () statement “Some (at least one) integers are not even” . 1. Which is the negated version of “All integers are even”

Negation of Quantified expression Not( all integers are even) = < Formalization in predicate calculus > (z: |: even.z ) = < DeMorgan (9.18c) > (z: |: even.z ) = < Return to English > Some integer is not even

Negation of Quantified expression Not(all people older than 20) = < Formalization in predicate calculus > (z: |: age > 20 ) = < Generalized DeMorgan (9.18c) > (z: |: (age > 20)) = < Return to English > Some people are not older than 20 or There exists a person who is not older than 20.

Negation of Quantified expression For any predicates P and Q over Domain D. The negation of xD,P(x) is  xD,P(x) The negation of xD,Q(x) is xD,Q(x)

Quantified Equivalences Assume x is the only variable in F or G. (x)(F) or (x)(G)  (x)(F or G) (x)(F) and (x)(G) (x)(F and G) not(x)(F)  (x)(not F) not( x)(F)  ( x)(not F) The last two equivalences are alternative representations of the negations on the previous slide. The last two equivalences are an alternative representation of the negations on the previous slide.

Quantified Equivalences

For the moment we are only interested in the 1. From [Pohl98] [Pohl98] Pohl, Wolfgang: Logic-Based Representation and Reasoning for User Modeling Shell Systems; Infix; 1998.

Predicate logic in CafeOBJ set include FOPL-CLAUSE on module MORTAL{ [ Elt ] pred man : Elt pred mortal : Elt op Socrates : -> Elt op Superman : -> Elt op CaptainKirk : -> Elt ax \A[X:Elt] man(X:Elt) -> mortal(X) . ax man(Socrates) . } -- goal mortal(Socrates) . open MORTAL **> This can be proved **> Use CafeOBJ’s built in theorem prover goal mortal(Socrates) . option reset flag(auto, on) flag(very-verbose,on) param(max-proofs, 1) resolve . close

Proof using predicate logic in CafeOBJ * PROOF mortal(Socrates) .________________________________ 1:[] ~(man(_v4:Elt)) | mortal(_v4) 2:[] man(Socrates) 3:[] ~(mortal(Socrates)) 7:[hyper:2,1] mortal(Socrates) 8:[binary:7,3] Substitution: Socrates for _v4 open MORTAL **> This can be proved **> Use CafeOBJ’s built in theorem prover goal mortal(Socrates) . option reset flag(auto, on) flag(very-verbose,on) param(max-proofs, 1) resolve . close

Proof by Contradiction using resolution Suppose we have a complex predicate logic statement, and we want to prove that a certain clause is true. For example the statement may set out various aspects of property law, and the clause express be whether a certain transaction is legal or not. In automated proof : The system will convert the complex statement(s) to an internal form suitable for processing The system assumes the NEGATION of the original clause 3. The applies resolution (includes substitution and cancellation) several times, 4. If and when a contradiction (A/\~A) is found, the system has proved the original clause.

Suppose we have: And want to prove is true. Start with assuming the negation of what we want to prove. Write down what we already know to be true 2) Resolution twice on the 3rd clause of 2, using each part of 1, gives: Resolution using 3 and the second clause of 2 gives: Resolution using 4 and the first clause of 2 gives: This is the negation of 1), so we have a contradiction.

NOTE In reality, Resolution is sound, but not complete – we won’t necessarily always be able to prove what we want to prove. At any particular point, there will typically be many, many ways that the rule could be used with the clauses that are known or derived so far. There is no obvious way to decide which is the best move to make -- that’s a research issue, beyond our scope for the moment.

Combining Quantifiers What is the precedence or associativity used? Is forAll(x),forAll(y) equivalent to forAll(y),forAll(x)? Assuming standard notation, they are read left to right; two universal quantifiers following one another commute (just like multiplication a*b=b*a). So they are regarded as being the same.

Combining Quantifiers Likewise, if we have two existential quantifiers, they commute, because Exists(x),Exists(y), p(x,y) is true if and only if Exists(y),Exists(x), p(x,y) is true.

Mixing Quantifiers (y), (x), p(x,y) But if we have mixed universal and existential quantifiers, we have to be careful. If you write (x), (y), p(x,y) that means that for all x, there exists a y, which may depend on x, for which p(x,y) is true. But if we write (y), (x), p(x,y) we are saying that there is a y which works for any given x (including y=x), that makes p(x,y) true. Try letting = childOf, parentOf

Mixing Quantifiers Let the predicate1 g(x,y) be defined as: g(x,y) = x<y. Write each of the following propositions in words and state whether they are true or false. 1)x:, y: g(x,y) 2)x: , y: g(x,y) Solution on next slides. 1. A predicate also known as a propositional function

Mixing Quantifiers 1)x:, y: g(x,y) For all natural numbers x there exists a y such that x<y. The statement is true if we make y=x+1. To prove this statement we only require the existence of one y for a given x that makes the statement true.

Mixing Quantifiers 2) x: ,y:, g(x,y) There exists a natural number x such that for all y, x<y. The statement is false when x>y or x=y. To disprove that statement, we only had to find one y for a given x that makes the statement false.

Skolem Functions (Skolemisation) A function can be used as an argument to a predicate e.g. the functions mother, father and s. likes(mother(fred); father(bill)) greater(s(s(x)), s(x)) It is possible to re-express existential quantifiers (∃) with constants or functions e.g. ∀Y∃X : likes(Y,X) In CafeOBJ becomes: likes(Y,skolem1(Y )) See FamilySisterProverAndReduction.cafe on course web page.

Logical & Operational meaning of CafeOBJ program. Two interpretations of meaning of CafeOBJ program declarative or logical meaning operational meaning as a set of rewrite rules The declarative meaning determines logical answers. It is concerned only with the relations and functions that have been defined in the program.

Logical & Operational meaning of CafeOBJ program. The operational meaning is concerned with computing the output. This means that the order of the equations is significant. Consider the query parent(X,Emily) using the following equations: eq [o4] : parent(John,Emily) = true . eq [o5] : parent(Beth,Emily) = true .

Logical & Operational meaning of CafeOBJ program. The declarative meaning tells us that both John and Beth are parents of Emily. Declaratively, the two equations are the same. Operationally the relation parent(John ,Emily) occurs before parent(Beth,Emily), means that the first answer returned will be John. We can obtain the second answer (Beth) by using the theorem prover of using sophisticated coding techniques.

Logical and operational meaning of a program. mod FAMILY { [Person] ops Emily Ken Anne Beth Gran Liz John Ellen Pat : -> Person op parent : Person Person -> Bool op parentOf : Person -> Person vars X Y : Person -- Beth has two children eq [f1] : parent(Beth,Emily) = true . eq [f2] : parent(Beth,Ellen) = true . -- Emily has two parents eq [f3] : parent(John,Emily) = true .} open FAMILY -- The theorem prover will find that both John and Beth are parents of Emily. There exists an P such that P is parent of Emily. Set max-proofs to 2 to get both cases. goal \E[P:Person] parent(P,Emily) . -- Ordinary reduction will not find a value for P. red parent(P:Person,Emily) .

Mixing Quantifiers English: Every human has a mother Predicate Logic: ∀x∃y[human(x) ⇒ Mother(y,x)] In CafeOBJ it is necessary to use the mum(X) Skolem function to name the individual Y which exists as a function of X . mod FAMILY { [Being] op mother : Being Being -> Bool op mum : Being -> Being op human : Being -> Bool ops Emily Ellen : -> Being vars X Y : Being -- Axiom: Every human has a mother eq human(X) = mother( mum(X),X) . -- Facts eq mum(Emily) = Ellen . eq mother(Ellen,Emily) = true . } open FAMILY red human(Emily) . – true

Mixing Quantifiers

More than one answer? Suppose we have the following two facts: Ken has a child Beth Ken has a child Emily Suppose we wish to find all of Ken’s children. If we use CafeOBJ normal equations and reduction we will only get one result from the first equation of: eq childOf(Ken) = Beth . eq childOf(Ken) = Anne .

More than one answer? To find all of Ken’s children we can use CafeOBJ rewrite logic (RWL) and special reduction. RWL equations are called rules. rl childOf(Ken) => Beth . rl childOf(Ken) => Anne . The special reduction command is: red childOf(Ken) =(*,*)=>* x:Person . Giving Beth and Anne.

Nesting Quantifiers (p: |(t: | fool(p,t))) You can fool all of the people some of the time. (p: |(t: | fool(p,t))) You can fool some of the people all of the time. Using logical operations /\ (and), => (implies). :x :t (person(x) /\ time(t)) => fool(x,t) What about the possible cases for implication: false => false, and false => true?

Nesting Quantifiers

Nesting Quantifiers

Quantifier Examples Let O(x,y) be the predicate (or propositional function) “x is older than y”. The domain of discourse consists of three people Garry, who is 30; Ellen who is 20; and Martin who is 35. Write each of the following propositions in words and state whether they are true or false.

Quantifier Examples

Quantifier Examples(*)

Quantifiers What is the truth value of each of the following sentences: (x:) (y:) (x2>y) (x:) (y:) (x2>y) (y:) (x:) (x2>y) (y:) (x:) (x2>y) (x:) (y:) (x2>y) (x:) (y:) (x2>y) The symbol  represents integers all positive, zero and negative numbers .. -3,-2,-1,0,1,2,3..  The symbol  represents natural numbers i.e. zero and all positive numbers 0,1,2,3..

Quantifiers What is the truth value of each of the following sentences: (x:) (y:) (x2>y) false (x:) (y:) (x2>y) false (y:) (x:) (x2>y) true (y:) (x:) (x2>y) true (x:) (y:) (x2>y) true (x:) (y:) (x2>y) true The symbol  represents integers all positive, zero and negative numbers .. -3,-2,-1,0,1,2,3.. . The symbol  represents natural numbers i.e. zero and all positive numbers 0,1,2,3..

Quantifiers Why are the following true or false: (x:) (y:) (x2>y) false(x=1,y=2) (x:) (y:) (x2>y) false (no x for every y e.g. x=1, y=2) (y:) (x:) (x2>y) true, x=|y|+1, where || is absolute value (y:) (x:) (x2>y) true, y = -1 (x:) (y:) (x2>y) (x:) (y:) (x2>y) true x = 2 , y = 1 The symbol  represents integers all positive, zero and negative numbers .. -3,-2,-1,0,1,2,3.. The symbol  represents natural numbers i.e. zero and all positive numbers 0,1,2,3..

Formalizing English Example The predicate Attends(C,S) is interpreted to mean child C attend school S. Using this predicate write the following English statements as quantified statements in predicate logic: Every child attends school . Possible negations of the above. At least one child does not attend school. It is not the case that all children attend school.

Formalizing English Example Every child attends school . What does the English sentence mean? Does it mean: cs Attends(c,s) or cs Attends(c,s) Most likely the latter i.e. Every child attends a school (at a time!).

Formalizing English Example Rephrasing the possible negations of the above. It is not the case that all children attend a school. At least one child does not attend a school. not(cs Attends(c,s)) cs not(Attends(c,s)) “There exists a child that does not attend any school” What does the following say; not(sc Attends(c,s))

Formalizing English Example Do these statements mean the same thing? There exists a child that does not attend any school At least one child does not attend a school. It is not the case that all children attend a school. not(cs Attends(c,s)) cs not(Attends(c,s))

Predicate logic example During the design of a communication system it is often required to formalise parts of the specification. In this context write the following two sentences in predicate logic: Messages sent from one process to another process are received in the order in which they were sent. All messages are received in the same order by all processes.

Predicate logic example First we must decide on the predicates and their arguments. sent(m,p,t) : message m is sent by process p at time t. rec(m,p,t) : message m is received by process p at time t.

Predicate logic example Messages sent from one process to another process are received in the order in which they were sent. (m,p,p’,m,m’,t,t’,t’’,t’’’ |: sent(m,p,t)  sent(m’,p,t’)  (t<t’)  (rec(m,p’,t’’)  (rec(m’,p’,t’’’)  (t<t’’)  (t’<t’’’)  (t’’<t’’’))) The above represents a formal requirement, it does not tell us how to implement message passing. It is just one of the properties that such a system should have. There are many implementations for which the above axiom could hold (called models) To guarantee that the messages are received in the correct order, messages could include a sequence number. Both sender and receiver could keep a counter that refers to the message they are currently working with. The sender could, non-deterministically choose the next value which is then paired with the sender’s counter to compose a message that is sent. The value itself is also appended to a list of sent values owned by the sender (sender history). The receiver has a corresponding list of received values (receiver history). The purpose of these lists is hold properties that can be used in proofs. When the receiver gets a message with a sequence number equal to its current counter, it adds its value to its list of received values.

Predicate logic example Axiom X(Y((mother(X)child_of(Y,X))loves(X,Y))) Given mother(mary) child_of(tom,mary) Does Mary love Tom? Does Mary love John? Does John love Tom? X = mary, Y=tom mother(mary)child_of(tom,mary)loves(mary,tom) X = mary, Y=John mother(mary)child_of(john,mary)loves(mary,john)

Formalizing English Example English statement: “Every senior student took one mathematics class and passed one programming class”.

Formalizing English Example First we write predicates: taken(s,c): Student s completed class c passed(s,c) : Student s passed c senior(s) : Student s is a senior math(c) : c is a mathematics class prog(c) : c is a programming class

Formalizing English Example The translation of “Every senior student took one mathematics class and passed one programming class” is: (s | senior(s) : (c,c’| : math(c)  taken(s,c)  prog(c’)  passed(s,c’)))

Formalizing English Example What does this mean?: (c,c’| : (s| senior(s) : math(c)  taken(s,c)  prog(c’)  passed(s,c’))) All senior students took the same math class and passed the same programming class. There exists classes c and c’ such that math(c) and prog(c’) are true. Also for all senior student s it is true that s took c and passed c’. Alternatively: All senior students took the same math class and passed the same programming class.

Formalizing English Example Translate the following sentence into predicate calculus. “Every senior student who took a maths class did not take a programming class”. (c,c’| : (s| senior(s) : maths(c)  taken(s,c)  prog(c’)  not(taken(s,c’)) )

Formalizing English Example Does the following predicate calculus expression include the fact the maths class and the programming class are distinct? (c,c’| : (s| senior(s) : taken(s,c)  passed(s,c’))) Could include a predicate, taken, as below or state c=/=c’ math(c)  prog(c’)  taken(s,c’)))

Family mod FAMILY { [Person] pred mother : Person Person pred parent : Person Person pred female : Person op Anne : -> Person op Ken : -> Person vars X Y : Person ax parent(X,Y) & female(X) -> mother(X,Y). ax parent(Anne,Ken) = true . ax female(Anne) = true . } goal mother(Anne, Ken) . In general we can consider CafeOBJ variables as universally quantified. In general we can consider CafeOBJ operations as existentially quantified.

Family mod FAMILY { 1. Module name [Person] 2. Data sort or type 3. predicate by default returns Bool pred mother : Person Person 4. takes two persons and returns Bool pred parent : Person Person 5. takes two persons and returns Bool pred female : Person 6. takes one person and returns Bool op Anne : -> Person 7. Constant of type person op Ken : -> Person 8. Constant of type person vars X Y : Person 9. Variables of type person ax parent(X,Y) & female(X) -> mother(X,Y). 10. Axiom for mother ax parent(Anne,Ken) = true . 11. Axiom for fact.. ax female(Anne) = true . 12. Axiom for fact.. }

Proof: Anne is Ken’s mother goal(mother(Anne,Ken) 1:[] ~(parent(_v21:Person,_v22:Person)) | ~(female(_v21)) | mother(_v21,_v22) 7:[] female(Anne) = true 10:[] parent(Anne,Ken) = true 13:[] ~(mother(Anne,Ken)) 44:[para-from:10,1,demod:7] mother(Anne,Ken) 45:[binary:44,13]

Family Tree

Skolem Functions A Skolem function f is used to construct a new value that depends on the universally quantified variable. For example: (x)(y)loves(x,y) Becomes (x)loves(x,f(x)) In this case, f(x) specifies the person that x loves In general:

Using Skolem constant to remove ∃ The existential quantifier (∃) says that some object exists. When we remove the existential quantifier we are giving the object a name. It is safe to move from ∃X dog(x) to dog(aSkolemDog) .

What is a logic A formal logical system, or logic, is a set of rules defined in terms of a set of symbols, a set of formulas constructed from the symbols, a set of distinguished formulas called axioms, and a set of inference rules. The set of formulas is called the language of the logic. The language is defined syntactically; there is no notion of meaning or semantics in a logic per se.

Propositional and Predicate Logic The CafeOBJ version of SUPERMAN is expressed in propositional logic i.e. variables can only be of type Boolean. The particular 'flavour' of propositional logic is called 'equational logic' known as E in the course text. This fact is not hugely import on this course, so we will just consider SUPERMAN as being expressed in propositional logic. Propositional logic can not deal with sentences such as x>1. We cannot tell whether it is true until we know the value or range of x.

Propositional and Predicate Logic The version of Family in previous slides uses predicate logic, where variables can be Boolean or any other type e.g. Person. Some authors call the predicates such as male(John) 'propositional functions‘. This terminology links predicate logic back to the simpler propositional logic. Apart form the 'type' of variables used in predicate logic the variables are also quantified. Predicate logic uses 'forAll' () and 'thereExists‘() to make statements about variables. Predicate logic is more general than propositional logic and can handle a wider range of problems.

Predicates in CafeOBJ 1. module HOUSE { 2. [ Person Room Wall ] 3. pred inRoom : Person 4. pred inHouse : Person 5. pred roomHasWall : Room Wall 6. pred beside : Room Room 7. op I : -> Person 8. var X : Person 9. vars R1 R2 : Room 10. var W1 : Wall 11. ax inRoom(X) -> inHouse(X) . 12 ax inRoom(I) = true . 13 ax roomHasWall(R1,W1) & roomHasWall(R2,W1) -> beside(R1, R2) . } See description in notes section below. Description of HOUSE module 2. Types called Person Room Wall are declared, representing sets. 5. A predicate called roomHasWall that takes a Room and Wall as an argument and return a Boolean value. 11. An axiom that says for all X of type Person that if X is inRoom then X is inHouse. 12. An axiom that says that the Person called I (an constant) is inRoom. This corresponds to a fact. 13. Is an axiom that says if two rooms have a common wall then they are beside each other. The constants will not change during evaluation. The variables can take any value of type Person. The variables will be instantiated according to 1) the rules of predicate calculus and 2)the rules in the axioms

Predicates in CafeOBJ(*) We now explain the result of executing the following commands in CafeOBJ: open HOUSE . goal inHouse(I) . resolve . Based on the two axioms CafeOBJ can prove inHouse(I). The axioms in the HOUSE module correspond to a fact and an inference rule in the predicate calculus. The CafeOBJ module definition and the execution of the goal are a software representation of the following argument from predicate calculus. All X:Person who are in a room are in a house I am in a room Therefore, I am in a house. module HOUSE { [ Person Room Wall ] pred inRoom : Person pred inHouse : Person pred roomHasWall : Room Wall pred beside : Room Room op I : -> Person var X : Person vars R1 R2 : Room var W1 : Wall ax inRoom(X) -> inHouse(X) . ax inRoom(I) = true . ax roomHasWall(R1,W1) & roomHasWall(R2,W1) -> beside(R1, R2) . }

Predicates in CafeOBJ Here are 3 operations and two equations that would enable CafeOBJ to prove beside(room1,room2) is true. op wall : -> Wall . op room1 : -> Room . op room2 : -> Room . eq roomHasWall(room2 , wall) = true . eq roomHasWall(room1, wall) = true . -- check if its true goal beside(room1, room2) .

Contrasting Logics(*) SUPERMAN is expressed in propositional logic which uses propositions of type Boolean which can only be true or false. HOUSE uses predicate logic in which predicates (or propositional functions) can take types other than Boolean as argument. Also those types can be quantified. Contrast: Both logics have a grammar, axioms, and inference rules. The predicate logic is an extension of the propositional logic with a broader range of applications (or possible domains of discourse).

Chapter 7: Logical Consequence G is a logical consequence of X X  G The symbol  may be read as “semantically implies”, “semantic inference”, “implies”, “entails”. Not to be confused with the implication Boolean operator from Chapter 2. The symbol  may be read as “semantically implies”, “implies” (not to be confused with the Boolean operation of the same name), or “entails”. The symbol |- can be called the syntactic turnstile. The notion of a tautology is considered syntactic, because a mere formal computation determines whether a formula is a tautology.

Logical Consequence ‘A |-L B' means: B follows from or is a consequence of A.. B is provable from A in logic L ‘A |= B' means: B is a semantic consequence or entailment of B in some model (or valuation system) M (with truth values, etc.) where the argument is valid. |= is called semantic turnstile |- is called syntactic turnstile The symbol  may be read as “semantically implies”, “implies” (not to be confused with the Boolean operation of the same name), or “entails”. The symbol |- can be called the syntactic turnstile, syntactically entails The notion of a tautology is considered syntactic, because a mere formal computation determines whether a formula is a tautology. A semantic sequent says, in effect, that there is no way of making all the formulae (if any) before the turnstile true and the formula (if any) after the turnstile false simultaneously. Let us be a little more precise. A structure in the propositional calculus is an assignment of truth-values to sentence letters. What a semantic sequent says is that there is no structure (which assigns truth-values to all the sentence letters in the sequent) which makes all the formulae (if any) before the turnstile true, and the formula (if any) after it false.

The symbol  may be read as “semantically implies”, “implies” (not to be confused with the Boolen operation), or “entails”.

Chapter 7: Formal Logic syntax: formal structure of sentences semantics: truth of sentences wrt models entailment: necessary truth of one sentence given another inference: deriving sentences from other sentences, provides a syntactic mechanism for deriving ‘truth’ soundness: derivations produce only entailed sentences completeness: derivations can produce all entailed sentences

Formal Logic A logic consists of: A set of symbols A set of formulas constructed from the symbols A set of distinguished formulas called axioms A set of inference rules. The set of formulas is called the language of the logic, pure syntax. Inference rules (premise and conclusion) allow formulas to be derived from other formula.

Formal Logic A formula is a theorem of the logic if it is an axiom or can be generated from the axioms and already proven theorems. A proof that a formula is a theorem is an argument that shows how the inference rules are used to generate the formula.

Equational Logic E Symbols (,) ,, ,  , ,,  Constants true, false. Boolean variables p, q, etc. Formulas are expressions using symbols, constants, and variables. Axioms e.g. Associativity of . Inference rules e.g. Leibniz Theorems are formulas that can be shown to be equal to axioms using inference rules. In pure predicate calculus the symbols are un-interpreted (except for =) We get a theory by adding axioms that give meaning to some of the un-interpreted function symbols e.g. a theory of Integers. An algebra is a model of a theory

Theories We can think of a theory as the set of all statements we want to make about some phenomenon. Theories are often presented as a subset of the facts together with some laws from which the remainder can be derived . More precisely, a theory is a set T of sentences, in some underlying logic, which is closed under logical consequences if X is a logical consequence of T, then X must be in T If the underlying logic is equational logic, then we will call the theory an equational theory. These axioms can describe atomic operation, or compound operations.

Equality in numbers (5+X) × (5+Y) = (X+Y)×10 + (5-X)×(5-Y) e.g. (7*8=56) = (5*10+3*2=56) The variables X and Y are used to show a general law for numbers! Replacing X and Y by an arbitrary number, one get's an equality. X = 2, Y = 3 is one example, X = 1, Y = 2 is another example A logic may be called local if each model may be used to define the truth. In the proposition calculus each boolean algebra define the truth by its greatest element. In the equational logic the equality between the algebra elements define the truth In the clause Horn logic the truth is given by the interpretation of the predicates in the model. From the syntactic viewpoint the logic was global, i.e., the deductions are made using expressions from different free algebras having the same signature. We may make deductions using expressions from a fixed free algebra only (local). These logics are especially used in computer science. Our small idea is to replace the free algebra where the deductions are made by an arbitrary algebra and to show the wo… Equational logic does not have quantifiers or connectives, we can only have one equality But equational logic does offer the means to capture the notion of computabillty.

Is the theory T algorithmically decidable ? A set G of formulas is algorithmically decidable if there is an algorithm which can determine whether or not an arbitrary sentence s is in G. This tells us what it means for a theory to be algorithmically decidable. EQUATIONAL LOGIC AND ABSTRACT ALGEBRA by Taje I. Ramsamujh mcc1.mccfl.edu/fl_maa/proceedings/2001/ramsamujh.pdf Dept. of Mathematics, Florida International University.

Is the theory T axiomatizable ? We say that a theory T is axiomatizable if there is an algorithmically decidable set G of formulas such that T = Conseq(G). Usually we have a formal deductive system for the underlying logic and augment it with G. If the logic is has good properties we get a formal deductive system ST such that sT if and only if s is derivable in ST. Good properties include; soundness, completeness of appropriate rules of deduction, initial and free algebras. EQUATIONAL LOGIC AND ABSTRACT ALGEBRA by Taje I. Ramsamujh mcc1.mccfl.edu/fl_maa/proceedings/2001/ramsamujh.pdf Dept. of Mathematics, Florida International University. A free object over a set A can be thought as being a "generic" algebraic structure over A the only equations that hold between elements of the free object are those that follow from the defining axioms of the algebraic structure.

Theories Is the theory T algorithmically decidable ? Is the theory T axiomatizable ? Is the theory T consistent ? A set G of formulas is algorithmically decidable if there is an algorithm which can determine whether or not an arbitrary sentence s is in G. This tells us what it means for a theory to be algorithmically decidable. EQUATIONAL LOGIC AND ABSTRACT ALGEBRA by Taje I. Ramsamujh mcc1.mccfl.edu/fl_maa/proceedings/2001/ramsamujh.pdf Dept. of Mathematics, Florida International University.

Model Theory The formulas of a logic are intended to be statements about some domain of discourse (DOD). Formulas may be interpreted as having a meaning with respect to this DOD by defining which formulas are true statements and which statements are false about DOD. An interpretation assigns meaning to the operators, constants, and variables of a logic. Strictly speaking, the values true and false are not part of the logic but part of the model theory that relates the logic to our perception of the real world.

Model Theory We distinguish between: Syntax : a formal logic Semantics : the interpretation of a formal logic In Lecture 2 we used truth tables to define operations and to evaluate expressions. Truth tables provide an interpretation (or meaning) for the Boolean expressions in Lecture 2. An interpretation can have two parts: A fixed meaning, based on operators and constants A state based meaning, based on values of the variables.

Interpretation of E An interpretation of an expression in E gives its value in some state. Here is the ‘standard’ interpretation of expressions in E. eval (evaluation) gives ‘meaning’ to operators and constants of E. For expression P without variables, let eval.’P’ be the value of P. Let Q be any expression with variables and let s be a state that gives values to all the variables of Q. Define s.’Q’ to be a copy of Q in which all of the variables are replaced by their corresponding values in state s. Then function f given by f.’Q’=eval(s.’Q’) is an interpretation for Q. The eval operation is called red in CafeOBJ, meaning reduction. The ‘eval’ (or evaluation) operation is called red in CafeOBJ, meaning reduction.

Satisfiability and validity Satisfiability and validity for Boolean expressions were defined in Lecture 2, slide 19. Here satisfiability and validity are defined for any logic. Let S be a set interpretations for a logic and F be formulas for the logic. F is satisfiable under S iff at least one interpretation of S maps F to true. F is valid iff every interpretation in S maps F to true.

Sound and Complete A logic is sound iff every theorem is valid. A logic is complete iff every valid formula is a theorem. Soundness means that the theorems are true statements about DOD. Completeness means that every valid formula can be proved. E is sound and complete wrt standard interpretation.

Sound and Complete The soundness and completeness of a logic can be expressed in symbols of a ‘meta-logic’. P1,P2,..Pn|- Q means that there is a proof which infers the conclusion Q from the assumptions P1,P2,..Pn using formal inference rules. P1,P2,..Pn|= Q means that Q must be true if P1,P2,..Pn are true but, says nothing about whether we have a proof, or even whether a proof exists.

Sound and Complete A formal system is sound (or consistent) if a |- b then a |= b A system is sound if each proposition is provable using the inference rules is actually true. You can only prove true things. A formal system is complete if a |= b then a |- b A system is complete if the inferences are powerful enough to prove every proposition is true. You can prove all true things.

Set Construction as a specification

Executing (red) CafeOBJ terms1 Albert Gräf; CafeOBJ has both a conceptual semantics based on the logic of equations, and an operational semantics based on a term rewriting system (TRS); CafeOBJ uses a TRS to execute programs and specifications. Technically the TRS reduces a term to its normal form, which is a ground term that can not be further reduced.

Satisfaction & Deduction Satisfaction A  B; reads A satisfies the equations of B Deduction A  B; reads from A we can prove B

Satisfaction & Deduction The  symbol is sometimes called the semantic turnstile. Usage:  (1)    A  B; A satisfies B (2)     B; B is valid.  (3)    A  B; A has as a logical consequence B The notation of (1) is the most common notation.

Satisfaction & Deduction The  symbol is sometimes called the syntactic turnstile. Usage:  (1)    B; B if and only if there is a correct derivation of from no premises, i.e. B is provable (2)  A  B ; B if and only if there is a correct derivation of B which takes the members of A as premises. A proves B (A has as a derivational consequence B) Note; the semantic (1) from the previous slide has no syntactic counterpart.

Computing Fundamentals 1 Lecture 6 A Theory of Sets Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308 Based on Chapter 11. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Sets Set theory can be defined as an extension of predicate calculus. A set is a collection of distinct elements (e.g. set of integers, set of students). The operations on sets (e.g. union) correspond in a natural way to the logical connectives of logic (e.g. or). http://books.google.co.uk/books?id=ZWTDQ6H6gsUC&pg=PA195&lpg=PA195&dq=gries+schneider+%22set+theory%22&source=bl&ots=k9WUNd7Ndz&sig=wNNh1h27iiQqYb6e5I-5bbPf4OU&hl=en&ei=JwqkTeSyD8yxhAeTvYHJCQ&sa=X&oi=book_result&ct=result&resnum=1&ved=0CB0Q6AEwAA#v=onepage&q=gries%20schneider%20%22set%20theory%22&f=false

Sets Two methods of describing sets; set enumeration and set comprehension. Set comprehension is defined in terms testing membership in sets. This membership test is the basis for the definition of equality of sets.

Sets Enumerations list elements: Comprehension state properties: Constants {1,2,3}, Variables {a,b} Comprehension state properties: {x: | 0  x < 5 : 2  x} Represents: {0,2,4,6,8} The general form of comprehension (11.1) is: {x:t | R : E}

Sets Recall from Lecture 1 a state is a list of variables with associated values. The evaluation of: {x:t | R:E} in a state yields the set of values from evaluating E[x := v] in the state for each value v in t such that R[x:=v] holds in that state. Notation similar to quantification Evaluation of an expression E in a state is performed by replacing all variables in E by their values in the state and then computing the value of the resulting expression.

Universe A theory of sets concerns sets constructed from some collection of elements. There is a theory of sets of integers, a theory of sets of characters, a theory of sets of sets of integers. The collection of elements is called the domain of discourse or universe of values and is denoted by U. The DOD can be thought of as the type of every set variable in the theory (e.g. DOD is set(), then v:set()).

Universe When several set theories are being used at the same time, there is a different universe for each. The name U is then overloaded similar to 1 being considered as a real or an integer.

Set Membership & Equality For expression e and a set valued expression S e  S is an expression whose value is the value of the statement “e is a member of S”. We can write “e is not a member of S” as: (e  S) or (eS) The symbol  is treated as conjunctional operator and has the same precedence as equality (=). O = operations (,, ,  , ,, ) 

Set Membership & Equality (11.3) Axiom, set membership. For expression F:t and set {x|R : E:t} for type t : provided  occurs(‘x’,’F’) F  {x | R : E}  (x | R : F= E) Example y  {x | x>1 : 3x)}  (x | x>1 : y=3x) (11.4) Axiom ,extensionality S=T  (x| xS  xT) An extensional definition depends only on the content of the set. In contrast, an intentional1 definition describes how the set was defined or constructed. Recall that F and E are expressions. For example F=z+y-3 is OK but F=x+y+3 is not. In the second case the x in F clashes with the quantified x. 1. The spelling of intensional varies Recall that F and E are expressions. For example F=z+y-3 is OK but F=x+y+3 is not. In the second case the x in F will clash with the quantified x.

Sets versus Predicates Free x Bound x Free x (11.7) Theorem: x  {x| R }  R For any expression y y  {x | R}  R[x:=y] Theorem (11.7) formalizes the connection between sets and predicates; a predicate is a representation for the set of argument-values for which the predicate is true. 2  {x | x>1}  2>1 Range Substitution Note x has two meanings. The leftmost x is free in the RHS. All occurrences of second x in {x | R} are bound Substitution x:=2

Sets versus Predicates (11.8) The principle of comprehension: To each predicate R there corresponds a set comprehension {x|R} , which contains the objects t that satisfy R; R is called the characteristic predicate of the set.

Sets versus Predicates (11.8) means we can define a set using comprehension and by its characteristic predicate. For example the set comprehension: S = { x | x=3  x=5} And the characteristic predicate: x  S  x=3  x=5 (for all x) Are equivalent. O = operations (,, ,  , ,, ) 

Sets versus Predicates Theorem (11.10) {x|Q}={x|R} is valid iff Q  R is valid. The above says that if we show that the characteristic predicates of two sets are equivalent can say that the sets are equal. DeMorgan’s Laws for logic can be applied to sets. O = operations (,, ,  , ,, ) 

Logic in Action : Johan van Benthem, Hans van Ditmarsch, Jan van Eijck, Jan Jaspars

Sets examples O = operations (,, ,  , ,, ) 

O = operations (,, ,  , ,, ) 

Operations on Sets O = operations (,, ,  , ,, ) 

Operations on Sets Three methods for proving set equality: (a) Use Leibniz directly (substitution of equals) (b) Use axiom of Extensionality (11.4) and prove v  S  v  T for an arbitrary value of v. (using element by element) (c) Prove Q  R and conclude {x|Q}={x|R} (using characteristic predicates) O = operations (,, ,  , ,, ) 

Operations on Sets Let S,T,U,V have type set(t) for some type t. This convention allows us to shorten a definition For example, set cardinality (S:set(t) | #S =(x| xS:1)) If we remove quantifier we lose the type: #S =(x| xS : 1) O = operations (,, ,  , ,, ) 

Operations on Sets

Operations on Sets

Operations on Sets

The cardinality of Sets denoted by n or # http://www.math.hawaii.edu/~hile/math100/setsd.htm

The cardinality of Sets (n,#)

The general 3 set problem Note this is a similar but distinct example from the previous one.

Draw a Venn Diagram for the following:

Operations on Sets

Example: EU set The remaining slides contain mainly examples; Let the set EU be the set of all countries in the European Union (old). EU = the set of all countries in the European Union. It could be declared as an enumeration: EU={A,B,DK,F,SF,D,GB,GR,IRL,I,L,NL,P,E,S} The variable homeland can refer to one element in the set EU homeland  EU benelux={B,NL,L}

The Empty Set and Singleton It is possible to have a set with no values, it is called the empty set and denoted as: 0 or { } A set that contains only one element is called a singleton set. For example: {IRL} Note the difference between the set {IRL} and element IRL. Sets are not ordered. There are no duplicates, each element is unique.

Subset or Set inclusion The following statements are true: {B,NL} z {B,NL,L} 0 z{B,NL,L} {B,NL,L} z {B,NL,L} X (universal set) S:PX ( is power set) T:PX S z T T S X

Subset & Superset S is a subset of T if every element if of S is an element of T. (11.13) axiom, subset: S  T  (x | x  S : x  T) (11.14) axiom, proper subset: S  T  ST  ST

Subset & Superset (11.15) axiom, superset: T  S  S  T (11.16) axiom, proper superset: T  S  S  T The axioms and theorems for set operations are given in the course text and the course web site, only a few are covered in these slides.

Set Operators Set Equivalence Two values of the same type can be tested to see if they are the same by using the equals sign, as in: x = y Two sets are equal if they contain exactly the same elements. For example the two sets below are equal: {B,NL,L} = {NL, B, L}

Set Operators Set Non-Equivalence Two values of the same type can be tested to see if they are not the same by using the not-equals sign . Two sets are not equal if they do not contain exactly the same elements {B,NL}  {B,NL,L}

.x Set Operators The membership operator is written: e NL e {B, NL, L}it is true; the Netherlands is a Benelux country General case below: S:PX x:X xeS .x S X

IRL{B, NL, L}; Ireland is not a Benelux country Set Operators The non-membership operator is written: IRL{B, NL, L}; Ireland is not a Benelux country S:PX x:X x  S General case S .x X

Set Operators The validity of membership test. The value to be tested for membership must be an element of the underlying type of the set. For example: USA  {B, NL, L} USA {B, NL, L} is illegal in this context, since USA is not an element of the type EU.

Set Operators Size Cardinality: The number of values in a set is called its size, or cardinality, and is signified with the has sign: #{B,NL,L} = 3 #{IRL} = 1 #IRL illegal, IRL is not a set # = 0

Set Operators Powersets: The powerset of a set is written PS It is the set of all subsets of S. For example the powerset of the Benelux countries is: P{B,NL,L} ={ , {B},{NL},{L}, {B,NL},{B,L},{NL,L}, {B,NL,L}}

Set Operators:Powersets When a variable is to be declared to have a type that is a set of elements, the type is the powerset of the type of the elements: benelux: PEU This can be read as ‘the variable benelux is a subset of the set of countries EU’ or ‘the variable benelux is a set of EU countries’ (not the set)

Set Operators:Powersets The size of the powerset of a set is equal to two raised to the power of the size of the set. #(PS) = 2#s #{B,NL,L} = 3 #(P{B,NL,L}) = 8

Complement The complement of S (S) is the set of elements that are not in S but are in the universe. (11.17) axiom, complement: vSc  vU  vS S U

Set Operators: Union The union of two sets is the set containing all the elements that are in either the first set or the second set or both. U = [X] S:PX T:PX T U S T U S = S U T S U 0 = S S T X

Set Operators: Intersection The intersection of two sets is the set containing all the elements that are in the first set and in the second set. U =[X] S:PX T:PX T I S T I S = S I T S I 0 = 0 S T X

Set Operators: Difference The difference of two sets is the set containing all the elements that are in the first set and are not in the second set. The shaded area is the difference of S and T. [X] S:PX T:PX S \ T S \ T T \ S S \ 0 = S 0 \ S = 0 S T X

Set Operators: Distributed Union The distributed union of a set of sets is the set containing just those elements that occur in at least one of the component sets. [X] S:PX R:PX T:PX {R,S,T} R S T X {{2,4},{3,1,2},{2,3,4}} = {1,2,3,4}

Set Operators: Distributed Intersection The distributed intersection of a set of sets is the set containing just those elements that occur in all of the component sets. [X] S:PX R:PX T:PX {R,S,T} R T S X

Disjoint Sets Sets that are disjoint have no elements in common; their intersection is the empty set. For disjoint sets T and S the following expression is true: T I S = 0.

More than 2 Disjoint Sets For more that two sets the notation become clumsy, since every pair must have an empty intersection. For example for sets A, B and C to be disjoint the following must be true: A I B = 0 and B I C = 0 and C I A = 0

Partition A sequence of sets is said to partition another larger set if the sets are disjoint and their distributed union is the entire larger set if the sets are disjoint. For example: if disjoint<A,B,C>  ({A,B,C} = T) then <A,B,C> partition T For example: <Temporary, Part-time, Permanent> may partition Employee.

Relating sets and Boolean Expressions The definition of the set operations reveals a connection between the set operators and the propositional operators. For example, in the definition of  , as the phrase “x” of the LHS is distributed inward to the operands S and T of the RHS,  becomes . x  (S  T)  x  S  x  T

Relating sets and Boolean Expressions The properties of propositional operators are reflected as similar properties of set operators, e.g. absorption laws: S  (S  T)  S (type S,T:Boolean) S  (S  T) = S (type S,T:set(t)) The zero laws for props. & sets. S  false  false (type S:Boolean) S  0 = 0 (type S:set(t))

Set expression Es Propositional expression Ep In Es replace symbols with the symbols giving Ep false     Sc  U true

Set Comprehension Example Express: The set of positive integers that are less than 5 Solution {x: | 0  x  4:x} or {x: | 0  x <5:x} Or {0,1,2,3,4}

Computing Fundamentals 1 Lecture 7 Relations Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308 Based on Chapter 14. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Relations and Functions The term tuple is used to describe a row in a database. Tuples are record like structure e.g. <name,age>. Cross products represent the types (or sorts in CafeOBJ) in a tuple e.g. String  Nat Relations describe relationships between objects. Functions (covered in next lecture) are relations with some special properties.

Tuples1 Given expressions b and c then b,c is called an ordered pair. Well known ordered pairs are x,y coordinates in the plane, or name,address in a database. Axiom, Pair equality: b,c = b’,c’  b = b’  c = c’ A 2-tuple is called an ordered pair. http://en.wikipedia.org/wiki/Tuple 2. http://en.wikipedia.org/wiki/Plane_(mathematics)

Cross Products The Cross product (or Cartesian product) ST of two sets S and T is the set of all ordered pairs b,c such that b is in S and c is in T. Axiom Cross product (used in later proof): ST = {b,c | bS  cT : b,c} Cross products can be extended to n sets producing n-tuples.

Cross Products A 2-tuple: S = {2,5} T = {1,2,3}

Cross Products Example of a 2-tuple: S = {Mary,John} T = {John,Bill,Brent} ST = {Mary, John, Mary,Bill , Mary,Brent , John, John , John,Bill , John,Brent}

Cross Products Example ST =/= TS : S = {Mary,John} T = {John,Bill,Brent} TS = {<John,Mary>, <John,John>, <Bill,Mary>,<Bill,John>, <Brent,Mary>,<Brent,John>} ST = {Mary, John, Mary,Bill , Mary,Brent , John, John , John,Bill , John,Brent}

Some Theorems for Cross products Membership: x,y  ST  xS  yT Distributivity of  over  S  (TU)  (S  T)  (S  U) (S  T)  U  (S  U)  (T  U) Monotonicity T  U  (S  T)  (S  U)

Relations A relation is a subset of a cross product B1 B2  …  Bn A binary relation over BC is a subset of BC. It is possible to have a relation on BB. Well know relation lessThan(i,j)is difficult to enumerate (or list), so use: {i,j :  | j-i is positive : i,j}

Relations A relation can be represented by: A Set of ordered pairs A table e.g. a tuple in a database A directed graph A set comprehension; a rule based description similar to the quantifications of Chapter 8 Two notations for membership of relation  b,c   (set of pairs) b  c (infix, conjunctional) The Greek letter  is pronounced rho (r in English) The Greek letter  is pronounced sigma (s in English)

Relation as Directed Graph One vertex for each element of the set. There is a directed edge from each vertex b to vertex c iff <b,c> is in the binary relation. 2 1 3 6 4 5 Set = {1,2,3,4,5,6} Relation = {<1,1>,<1,3>,<2,5>,<2,1>, <5,3>}

Diagraph of Relations Given the relation On the set {1,2,3} Below is the digraph of R. 1 2 3

Digraph Relations as sets of ordered pairs and digraphs: Q = {<1, 4> ,<2, 4>} 2 2 1 1 3 4 4 (a) (b)

Digraphs Relations as sets of ordered pairs and digraphs:: (c) R = {<1, 4>, <2, 3>, <3, 3>,<2, 1>} (d) S = {<3, 1> ,<1, 2> ,<2, 3>} 2 2 1 1 3 3 4 (c) (d)

A set of ordered pairs A Set of Relations (Ordered Pairs) With sets order is not significant {<3, 1> ,<1, 2> ,<2, 3>} = {<1, 2> ,<2, 3>, <3, 1>} With relations order is significant <3, 1> =/= <1, 3> {<3, 1> ,<1, 2> ,<2, 3>}=/={<1, 3> ,<1, 2> ,<2, 3>} 2 1 2 1 3 3

Relations on Sets The relation R on {1,2,3,4} is defined by <x,y>  R if x2y . The relation R can be written as a set of ordered pairs: R = {<1,1>,<2,1>,<3,1>,<4,1>,<2,2>,<3,2>,<4,2>,<2,3>,<3,3>,<4,3>,<2,4>,<3,4>,<4,4>}

Some Relations The empty relation on ST is the empty set . The identity relation iB on B is { x | x  B : x,x } The relation parent, b is a parent of c. The relation predecessor (pred(x)). The relation square root (see book1). The algorithm relation between input and output state. 1. Every positive number x has two square roots.

Relations Lower case Greek letters represent relations. The Greek letter  is pronounced rho (r in English) The Greek letter  is pronounced sigma (s in English) The domain, Dom., and range Ran. of a relation  on BC are defined as: Dom. = {b:B | (c |: b  c)} Ran. = {c:C | (b |: b  c)} The Greek letter  is pronounced rho (r in English) The Greek letter  is pronounced sigma (s in English)

Relations  Dom. = {b:B | (c|: b  c)} Ran. ={c:C | (b|: b  c)}

Operations on Relations Let  be a relation on BC and  be a relation CD. The product (or composition) of  and  denoted    is defined by: b,d    (c | cC : b,c  c,d)  d b  c  D B C Alternative notation b()d holds iff bcd holds for some c.

Composing Relations COMPUTATIONAL TRANSFORMATION BETWEEN DIFFERENT SYMBOLIC REPRESENTATIONS OF BK PRODUCTS OF FUZZY RELATIONS by HA V. HOANG (2007)

Powers of a relation For example parentparent can be written parent2. 0 = iB (the identity relation on B) n+1 = n   (for n0) n+m = n  m nm = (n )m

Classes of relations Name Property Reflexive (b| b  b) Irreflexive (b| (b  b)) Symmetric (b,c | (b  c)  (c  b))

Classes of relations Antisymmetric (b,c | (b  c)  (c  b)  b=c) Asymmetric (non-symmetric, see notes section) (b,c | (b  c)  (c  b)) Transitive (b,c,d | (b  c)  (c  d)  b  d) We will take the terms ‘non-symmetric’ and ‘not symmetric’ to mean asymmetric as defined above. Strictly speaking the ‘asymmetry’ described in the course text is stronger than ‘not symmetric’. There are definitions of ‘non-symmetric’ that may permit some pairs to have symmetry. Hence, we are omitting the mixed case where the relation holds for some elements of the relation, but not for others. For example, A = {1,2,3}  = {<1,2>, <2,1>,<2,3>} Then the relation  is neither symmetric nor antisymmetric, nor does it fit the definition of asymmetric above, which is kind of the opposite to symmetry. The relation < on integers is asymmetric. The relation <= on integers is antisymmetric. The relation ‘a fatherOf b’ is asymmetric. The stronger course definition of asymmetry implies ‘non-symmetric’, but the reverse implication does not hold.

Relations Discussion  is a relation is on a set, A = {1,2,3} For  to be either reflexive and irreflexive it must hold for all of A. For  to be reflexive then  must contain the following ordered pairs {<1,1>,<2,2>,<3,3>} The relation < (less than) is irreflexive. The relation = (equal to) is reflexive. With relation to A, the relation  ={<1,1>} is neither reflexive or irrflexive. In a digraph of a relation: If all nodes have a loop the relation is reflexive If no nodes have a loop the relation is irreflexive. If some nodes have loops and others don’t it is neither reflexive nor irreflexive.

Relations Discussion Consider the relation square b square c iff b = c * c square is not reflexive because it does not contain {<2,2>} square is not irreflexive because it does contains pair {<1,1>} Thus square is neither reflexive or irreflexive. A relation that is not reflexive need not be irreflexive. Page In a digraph of a relation: If all nodes have a loop the relation is reflexive If no nodes have a loop the relation is irreflexive. If some nodes have loops and others don’t it is neither reflexive nor irreflexive.

Relations Discussion For symmetric relations  does not have to hold for all of A, (b  c) need only hold where (c  b) holds and visa versa. The relation  on {1,2,3}  = {<1,2>,<2,1>,<1,3>} is neither symmetric nor antisymmetric. It is not symmetric because there is no <3,1> to match the (1,3). It is not antisymmetric because it has both <2,1> and <1,2>, but 12. Antisymmetric allows <1,1>. Recall that we will take the terms ‘non-symmetric’ and ‘not symmetric’ to mean asymmetric as defined above. The love(X,Y) relation is neither symmetric nor antisymmetric,

Relations Discussion The subset ( or ) relation is antisymmetric. If A and B are two sets, and if A is a subset of B and B is a subset of A then A=B. (A  B)  (B  C)  (A = B) We will take the terms ‘non-symmetric’ and ‘not symmetric’ to mean asymmetric as defined above.

Relation Properties reflexive, yes <a,a> symmetric, no, has <3,2> and not <2,3> Antisymmetric, yes, because it is not symmetric and has symmetry on <a,a>. Asymmetric (which precludes <a,a>), no, because it is antisymmetric (which allows <a,a>).

Relation Properties reflexive, no because <a,a> doesn’t hold symmetric, yes for all <a,b> then <b,a> asymmetric, no, because it is symmetric. antisymmetric, no because no <a,b>,<b,a> with a=b.

Relation closure Example Let R = {<a,b>,<c,a>,<c,c> } be a relation on the set A={a,b,c}. The reflexive closure is: r(R) = {<a,b>,<c,a>,<a,a>,<b,b>,<c,c>} The symmetric closure is: s(R) = {<a,b>,<c,a>,<c,c>,<b,a>,<a,c>}

Relation Properties Let X be the set of all four bit strings. Define a relation R on X as <s1,s2>R if a substring of s1 of length 2 is equal to a substring of s2 length 2. Examples <0111,1010>  R <1110,0001>  R Is this relation reflexive, symmetric, antisymmetric, and/or a partial order?

Relation Properties Is <s1,s2>R reflexive? Yes. Example: <0111,0111>  R Is <s1,s2>R symmetric? Yes. Example: <0100,0111>  R  <0111,0100>  R Is <s1,s2>R antisymmetric? No, because it is symmetric.

Relation Properties Is <s1,s2>R transitive? No, here is a counter example: 1000 R 1011 R 0011 Is <s1,s2>R partial order? No, because it is not reflexive, not antisymmetric, and not transitive. Partial order is a property of certain relations, we will look this at later in the lecture.

Reflexive or Symmetric? On the set {1, 2, 3, 4} we have relation {(1,1),(1,3),(2,2),(2,4),(3,1),(3,3),(4,2),(4,4)} We can use a matrix to check whether the relation is reflexive and symmetric. Using matrix operations we can identify the presence of many relations (not covered here)

Closure The closure of a relation  with respect to some property (e.g. reflexivity) is the smallest relation that both has the property and contains . To construct a closure, add pairs to , but not too many, until it has the property. The less-than relation is not reflexive, but the less-than-or-equal-to relation is. For example, the reflexive closure of < over integers is the relation constructed by adding to the relation all pairs (b,b) for b an integer. Therefore  is the reflexive closure of <.

Closures Reflexive closure r(<) of < on integers is . Symmetric closure s(parent) of parent is (parent  child), since if <b,c> is in the symmetric closure so is <c,b>. Transitive closure parent+ of parent is ancestor, since if <b,c> and <c,d> is in the transitive closure so is <b,d>. The reflexive transitive closure parent* of parent-or-self.

Various Closures(OUT) Reflexive Closure r() (  0) Symmetric s() (  -1) Transitive closure + (1  2  3  4 .. n ) Reflexive Transitive closure * (0  1  2  3  4 .. n )

Sensible Closures(OUT) Let  be a relation on a set. The reflexive (symmetric, transitive) closure of  is the relation ’ that satisfies: ’ is reflexive (symmetric, transitive)   ’ If ’’ is reflexive (symmetric, transitive) and   ’’ then ’  ’’ . (i.e. smallest subset)

Closures Let R = {<1,2>,<3,1>,<3,3> } be a relation on the set A={1,2,3}. Calculate the following closures: the reflexive closure, the symmetric closure, Introductory Logic and Sets for Computer Scientists Addison Wesley Longman, 1999. http://myweb.lsbu.ac.uk/~nissanke/

Closures Reflexive Closure: A={1,2,3}. Closures Reflexive Closure: r(R) = {<1,2>,<3,1>,<1,1>,<2,2>,<3,3>} Symmetric Closure: s(R) = {<1,2>,<3,1>,<3,3>,<2,1>,<1,3>} Introductory Logic and Sets for Computer Scientists Addison Wesley Longman, 1999. http://myweb.lsbu.ac.uk/~nissanke/

Equivalence Relations A relations is an equivalence relation iff it is reflexive, symmetric and transitive (e.g. =). An equivalence relation  on a set B partitions the set into non-empty disjoint subsets. Elements that are equivalent under  are placed in the same partition. Elements that are not equivalent under  are placed in different partitions. For example: b,c  sameEye  b and c have same eye colour

Equivalence Relations Let  be an equivalence relation on B. Then [b], the equivalence class of b, is the subset of elements of B that are equivalent (under ) to b. x  [b]  x  b The sets [b] form an equivalence  relation on B partition of B. Thus an equivalence relation on B induces a partition of B, where each partition element consists of equivalent elements.

Equivalence Relations Objects b and c are in the same partition and [b]=[c] [b]green . b . [c]green . . c . . . . . d [d]blue

Equivalence Relations Objects b and c are in the same partition and [b]green=[c]green [b]green [c]green [d]blue

Equivalence Classes1  Si = A Theorem: The equivalence classes of an equivalence relation R partition the set A into disjoint nonempty subsets whose union is the entire set. This partition is denoted A/R and called, the quotient set, or the partition of A induced by R, or A modulo R. Definition: Let S1, S2, . . ., Sn be a collection of subsets of A. Then the collection forms a partition of A if the subsets are nonempty, disjoint and exhaust A: Si   Si Sj =  if i  j  Si = A 1. From Chapter 6 Discrete Mathematics by Kenneth H. Rosen 0-07-289905-0

Equivalence Relations The relation b =4 c on integers 0..9(must be +) b =4 c  (b – c) is a multiple of 4 Their difference is a multiple of 4 We have 4 partitions [0] = [4] = [8] = {0,4,8} [1] = [5] = [9] = {1,5,9} [2] = [6] = {2,6} [3] = [7] = {3,7}

Equivalence Relations Consider the relation  defined on the set of people by: (b  c) iff b and c are female or b and c are the same person or b is c’s sister. Relation  is reflexive, symmetric, and transitive, so it is an equivalence relation. For female b, [b] consists of b and b’s sisters, while the equivalence for a male consists of only that male. Are males are precluded from this relation?

Equivalence Relations There is a correspondence between equivalence in relations and partitions in sets. b,c  sameEye  b and c have same eye colour

Equivalence Relations Theorem 1: Let S be a partition of a set X. Define (x R y) to mean that for some S’ in S, both x and y belong to S’. Then R is reflexive, symmetric, and transitive. Stating this another way, a relation that is reflexive, symmetric, and transitive is an equivalence relation.

Equivalence Relation(*) Let S be a partition of X which gives rise to an equivalence relation R on X. X = {1,2,3,4,5,6} S = {{1,3,5},{4},{2,6}} partition X The relation R on X is an equivalence relation therefore R is reflexive, symmetric, and transitive. Draw S. List the ordered pairs of the relation R on X. Draw the diagraph of R. (*) Let P be a partition of Y which gives rise to an equivalence relation R on Y. Y = {a, b, c, d, e, f} P = {{a, c, e},{d},{b, f}} is a partition of Y

Equivalence Relation(*) Draw S = {{1,3,5},{4},{2,6}} [1]1 [2]2 . . 2 1 [6]2 . . [3]1 3 6 . 5 [5]1 . (*) Let P be a partition of Y which gives rise to an equivalence relation R on Y. Y = {a, b, c, d, e, f} P = {{a, c, e},{d},{b, f}} is a partition of Y 4 [4]3 Venn Diagram The equivalence classes are subscripted according to their respective partitions

Equivalence Relation(*) List the ordered pairs of the relation R on X. R = {(1,1), (1,3),(1,5),(2,2),(2,6), (3,1),(3,3),(3,5),(4,4),(5,1), (5,3),(5,5),(6,2),(6,6)}

Graph of Equivalence Relation (3,1),(3,3),(3,5),(4,4),(5,1), (5,3),(5,5),(6,2),(6,6)} 1 2 3 5 4 6

Order Relations The order relation compares some members of a set. A typical order relation is < on integers. An order relation need not be a comparison of every member of a set, e.g. while A and B may be parents parent(A,B) may not hold.

Equivalence Relation(*) Draw P = {{a,c,e},{d},{b,f}} [a]1 [b]2 . . b a [f]2 . . [c]1 c f . e [e]1 . (*) Let P be a partition of Y which gives rise to an equivalence relation R on Y. Y = {a, b, c, d, e, f} P = {{a, c, e},{d},{b, f}} is a partition of Y d [d]3 Venn Diagram The equivalence classes are subscripted according to their respective partitions

Equivalence Relation(*) Draw the diagraph of R. b a c e d A=1 B=2 C=3 D=4 E=5 F=6 f

Equivalence Relation(*) List the ordered pairs of the relation R on X. R = {(a,a), (a,c),(a,e),(b,b),(b,e), (c,a),(c,c),(c,e),(d,d),(e,a), (e,c),(e,e),(f,b),(f,f)}

Def. Partial Order Relation A binary relation  on a set b is called a partial order on B if it is Reflexive, Antisymmetric, and Transitive. <B,  > is called a partially ordered set or poset. We will write partial orders using ab and bc. This notation differs from the course text book.

Partial Order Relation1 Is this relation reflexive, antisymmetric, and transitive? ML for the working programmer By Lawrence C. Paulson http://en.wikipedia.org/wiki/Topological_sorting

Hasse Diagrams Hasse diagrams are a form of simplified digraph that allow us to represent partial orders. They are simplified as follows. Loops may be suppressed Arrows not necessary, read from bottom to top. Transitive arrows may be suppressed.

Order Relation on Power set. <,> is a poset and  is a partial order on . Let B be a set. Then <B,> is a poset and  is a partial order on B (the power set of B), since is symmetric, antisymmetric, and transitive. Let C be the set of courses offered at DIT. Define the relation  by c1c2 if c1=c2 or c1 is a prerequisite of c2. Then <C,> is a poset and  is a partial order on C.

Order Relation on Power set1. A partially order set can be represented with using a POSET diagram. The POSET diagram on the right is based on the power set (all possible subsets) of the three element set {a, b, c}. These subsets form a special kind of partial order that is referred to as a lattice From Charles F. Schmidt , Cognition - Section 1 http://www.rci.rutgers.edu/~cfs/305_html/Induction/SimpleLattice.html Arrows are usually implicit and not required.

Order Relation. The POSET diagram on the right is based on the power set (all possible subsets) of the three element set {1, 2, 3}.

Partial Order Relation on Divisibility1. http://en.wikipedia.org/wiki/Hasse_diagram The set A = { 1, 2, 3, 4, 5, 6, 10, 12, 15, 20, 30, 60 } of all divisors of 60, partially ordered by divisibility.

Order Relations In the construction of a house, certain jobs have to be done before other jobs. Let J be the set of jobs and let defined on J be defined by j1  j2 if j1has to be completed before j2 can be started. <J, > is a poset.

Total Order Relations With partial orders because not all elements need to be comparable. But some total relations give rise to “total order”. For example “less than or equal to" is a total relation over the set of real numbers, because for two numbers either the first is less than or equal to the second, or the second is less than or equal to the first. We can define a total order in two ways 1)in terms of membership and 2)in terms of operations on sets.

Total Order Definition A partial order  over B is called a total order or linear order if Def 1 (b,c | : bc  cb) Def 2 iff -1 = B  B <B,> is called a linearly ordered set or a chain.

Total Orders <,> and <,> are chains Let set S contain more than one element. Then  over S is not a total order. Because if b and c are distinct elements of S, then neither {b}{c} nor {c}{b} holds. Any subset of a totally ordered set, with the restriction of the order on the whole set. Any partially ordered set X where every two elements are comparable (i.e. if a,b are members of X either a≤b or b≤a or both). The letters of the alphabet ordered by the standard dictionary order, e.g., A < B < C etc.

Partial but not Total Order Let C be the set of courses at DIT. Let b  c mean that b = c or b is a prerequisite for c. The relation is a partial order but not a total order.

Total Orders The letters of the alphabet ordered by the standard dictionary order (e.g., A < B < C) is a partial order.

UML Association as a Relation A representation of a UML association as 1)a diagram and 2)a relation

UML Aggregation Relation Informal ‘whole-part’ relationships can be modelled using aggregation a specialized form of an association can have standard annotations on ends

UML: Cyclic Object Structures Aggregation is useful for ruling out invalid cyclic object structures eg where an assembly contains itself, directly or indirectly

UML: Properties of Aggregation Aggregation rules this out because it is antisymmetric: an object can’t link to itself transitive: if a links to b and b to c, a links to c part end whole end

Meaning of Aggregation Sometimes there is a conflict E.g. people cannot be their own ancestors this can be specified using aggregation but a person’s ancestors are not a part of them! The aggregation does not make sense in this case

Meaning (semantics) of Aggregation Relation A hand may be considered as part of a person and a person may be considered as part of an orchestra, but we would not consider hand as part of an orchestra. Heuristic: If the part moves, can one deduce that the whole moves with it in normal circumstances.

Computing Fundamentals 1 Lecture 8 Functions Lecturer: Patrick Browne http://www.comp.dit.ie/pbrowne/ Room K308 Based on Chapter 14. A Logical approach to Discrete Math By David Gries and Fred B. Schneider

Given two countries Aland and Bland Given two countries Aland and Bland. We can travel from Aland to Bland using AtoB airways. Cities in Aland are called ai and cities in Bland are called bi . b4 a1 a2 a3 AtoB b1 b2 b3 Aland Bland

From any given city ai in Aland AtoB airways provide one and only one flight to one city bi in Bland. In other words, you can travel from every city in Aland but cannot travel to more than one city in Bland from that Aland city. We can consider the flights offered by AtoB as function called FAtoB. b4 a1 a2 a3 FAtoB b1 b2 b3 A rough analogy is, physically a person can only make one trip from one airport at time. This analogy does not accurately represent the situation because with a real airlines a passenger could fly out of the same airport to different destinations over a period of time. The fact we can travel from every city means we are talking about total functions. Aland Bland

There are some cities in Bland, such as b4, that are not served by AtoB airways, therefore they cannot be reached from Aland. Obviously, if you cannot get to b4 then you cannot come back to Aland from b4 . (no return tickets) b4 a1 a2 a3 AtoB b1 b2 b3 Roughly no return tickets corresponds to no inverse for b4 Aland Bland

If for every city that AtoB airways flies into in Bland they supply a return ticket, then AtoB supply a pair of functions, FAtoB and FBtoA. We call FAtoB an injective function because it has a left inverse (a return ticket). b4 a1 a2 a3 FAtoB b1 b2 b3 FAtoB is the inverse of FBtoA. An injective function is one-to-one. If e is an identity element of (S, * ) and a * b = e, then a is called a left inverse of b and b is called a right inverse of a. Aland Bland

If AtoB airways flies into every city in Bland, still using the original rule that only one flight can leave an Aland city, then there may be more than one way back to Aland. For example, from b2 you can fly to a1 or a3. Then FAtoB is called a surjective function. It has a right inverse (but you may not get back to where you started). a1 a2 a3 FAtoB b1 b2 FAtoB has a right inverse. If you fly from Bland to Aland you can get back to the same city in Bland. FAtoB FBtoA Aland Bland

If a function is both injective and surjective it is then called bijective, it has both a left and right inverse. a1 a2 a3 FAtoB b1 b2 b3 A bijective function is also known as an ‘isomorphism’ or ‘invertible map’ http://en.wikipedia.org/wiki/Inverse_function#Left_and_right_inverses Aland Bland

Functions We apply function to argument (function application) Function definition (dot notation) g.x = 3  x + 6 Function application g(5) Gives the value of 35+6 To reduce brackets we can write function.argument. We evaluate this function g.5 = < Apply function> 3  5 + 6 = < Arithmetic> 21

Functions Functions can be considered as a restricted form of relation. This is useful because the terminology and theory of relations carries over to function. In programming languages like C or CafeOBJ a function can have a signature, which includes its name, type of argument and the type of the expected return value.

Fibonacci Function in C and CafeOBJ Signature of a function consists of a name, argument(s) type, and return type Function Name Argument type p is a predecessor function mod* FIBO-NAT { pr(NAT) op fib : Nat -> Nat var N : Nat eq fib(0) = 0 . eq fib(1) = 1 . ceq fib(N) = fib(p(N)) + fib(p(p(N))) if N > 1 .} int fib(int n) { if (n <= 1) return n; else return fib(n-1) + fib(n-2); } Argument variable

Fibonacci Function in Python and CafeOBJ Signature of a function consists of a name, argument(s) type, and return type Function Name Argument type p is a predecessor function mod* FIBO-NAT { pr(NAT) op fib : Nat -> Nat var N : Nat eq fib(0) = 0 . eq fib(1) = 1 . ceq fib(N) = fib(p(N)) + fib(p(p(N))) if N > 1 .} def fib(n): a, b = 0, 1 while b < n: print(b, end=' ') a, b = b, a+b print() Argument variable

Fibonacci Function in C and CafeOBJ Signature of a function consists of a name, argument(s) type, and return type. Return type mod* FIBO-NAT { pr(NAT) op fib : Nat -> Nat var N : Nat eq fib(0) = 0 . eq fib(1) = 1 . ceq fib(N) = fib(p(N)) + fib(p(p(N))) if N > 1 .} int fib(int n) { if (n <= 1) return n; else return fib(n-1) + fib(n-2); } There are other elements above that are closely related to the signature e.g. the a variable name for the argument and return values. But generally a signature of a function is just its name and types The signature of a ‘module’ is a list of function signatures. Fibonacci: After two starting values, each number is the sum of the two preceding numbers. The first Fibonacci numbers, also denoted as Fn, for n = 0, 1, … , are: 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, 377, 610, 987, 1597, 2584, 4181, 6765, 10946, 17711, 28657, 46368, 75025, 121393, 196418, 317811 Argument constraints

Functions A function f is a rule for computing a value v from another value w, so that the application f(w) or f.w denotes a value v:f.w = v. The fundamental property of function application, stated in terms of inference rule Leibniz is: This property allows us to conclude theorems like f(b+b)= f(2b) and f.b + f.b = 2f.b.

Functions and programming In programming functions can have ‘side effects’ i.e. they can change a parameter or a global variable. For example, if b is changed by the function f then f.b + f.b = 2  f.b no longer holds. This makes it difficult to reason or prove properties about a program. By prohibiting side-effects we can use mathematical laws for reasoning about programs involving function application.

Functions as relations While we can consider functions as a rule we can also think of functions as a binary relation B  C, that contains all pairs <b,c> such that f.b=c. A relation can have distinct values c and c’ that satisfy bfc and bfc’, but a function cannot. c Informally we can say that there is ‘no fan out’ from domain to range. Allowed for relations but not allowed for functions b c’

Functions Textual Substitution Function application can be defined as textual substitution. If g.z:Expression Defines a function g then function application g.X for any argument X is defined by g.X = Expression[z := X]

Function Def. & Types A binary relation f on B  C, is called a function iff it is determinate. Determinate (no fan out): (b,c,c’| b f c  b f c’ : c=c’) A function f on B  C is total if Total: B = Dom.f Otherwise it is partial. We write f:BC for the type of f if f is total and f:BC if f is partial. Note: partial and total functions differ from ‘partial order’ and ‘total order’ in relations. The determinate property formally defines ‘no fan out’. All functions whether they are total or partial are determinate. Partial means that there are elements in the domain for which the function is not defined. You could say that the partiality is a property of the domain whereas injective, surjective, and bijective (discussed later) properties are properties of the range.

Functions This close correspondence between function application and textual substitution suggests that Leibniz (1.5) links equality and function application. So, we can reformulate Leibniz for functions.

Functions & Types In Computer Science many types are needed. Simple types like integers and natural numbers Complex types like sets, lists, sequences. Each function has a type which describes the types of its parameters and the type of its result: (8.1) f: t1  t1 ... t1 r

Functions & their types Are the following functions? plus: (plus(1,3)or 1+3) not : (not(true) or true) less: (less(1,3)or 1<3)

Functions & Types Certain restrictions are need to insure expression are type correct. During textual substitution E[x := F], x and F must have the same type. Equality b=c is defined only if b and c have the same type. Treating equality as an infix function: _=_ :tt  For any type t.

14.41 Theorem Total function f:BC is surjective (or onto ) if Ran.f = C. Total function f:BC is injective (or one-to-one) if (b,b’:B,c:C| bfc  b’fc  b=b’) A function is bijective if it is injective and surjective. Compare injective with determinate: (b,c,c’| b f c  b f c’ : c=c’) The definition of injective uses the relational for Domain-RelationName-Co-Domain These definitions are only concerned with total function. Partial functions (elements in the domain for which the function is not defined) are more tricky. Roughly partiality is a property of the domain whereas injective, surjective, and bijective properties are properties of the range.

14.41 Theorem Total function f is injective,one-to-one if (b,b’:B,c:C| bfc  b’fc  b=b’) Total function f:BC is surjective, onto if Ran.f = C. A function is bijective if it is injective and surjective. (g f a) should give back the same a:A. (f g b) should give back the same b:B.

An Injective function can : f: A ->B ={f:A ->B | f-1  B ->A : f} (have inverse) f: A->B ={f:A ->B | dom f = A : f} (be total) Target Source f a1 a2 a3 b1 b4 b2 b3 (g f a) should give back the same a:A. (f g b) should give back the same b:B. mod* INJ { -- A function f has at least one "left inverse" if and only if it is an injection. -- A left inverse is a function g such that g(f(x)) = x. -- Page 173 of Gries and Schneider has the following definitions of one-to-one -- A function is one-to-one if for different arguments it yields different arguments -- (forAll x,y | x =/= y : f.x =/= f.y) -- alternatively -- (forAll x,y | x == y : f.x == f.y) [ A B ] op f_ : A -> B op g_ : B -> A var a : A vars b0 b1 : B eq [linv] : g f a = a . ceq [inj] : b0 = b1 if g b0 == g b1 . } eof -- here is an annotated proof open INJ . op b2 : ­> B . start f g b2 . -- this term should return b2 show term . (f (g b2)) : B – this is the term that will be used in the .inj equation apply .inj with b1=b2 at term . -- response shifting focus to condition -- condition(1) g (f (g b2)) == g b2 : Bool show pending . [pending actions] 1| in f (g b2) at top | rule ceq [inj] : b0 = b2 if g b0 == g b2 | condition g (f (g b2)) == g b2 replacement b2 apply red at term . close . A B dom f ran f

Injective function in CafeOBJ(*) module INJ { [ A B ] op f_ : A -> B op g_ : B -> A var a : A vars a b' : B eq [linv] : g f a = a . ceq [inj] : b = b' if g b == g b' . }

Injective function in CafeOBJ(*) eq [linv] : g f A = A . [linv] represents an axiom for a left inverse taking an A to a B and back to the same A. The [linv] equation says that g is a left inverse of f (i.e. g(f(a)) = a). ceq [inj] : B = B' if g B == g B' . The conditional equation [inj] represents the injective property, that two B’s are the same if they map to the same A. The [inj] equation expresses the injective (or one-to-one) property.

CafeOBJ Injective Function left inverse mod* INJ { [ A B ] op f_ : A -> B op g_ : B -> A var a : A vars b0 b1 : B eq [linv] : g f a = a . ceq [inj] : b0 = b1 if g b0 == g b1 .} Not in range of f. b4 a1 a2 a3 f b1 b2 b3 -- here is an annotated proof open INJ . op b2 : ­> B . start f g b2 . -- this term should return b2 show term . (f (g b2)) : B – this is the term that will be used in the .inj equation apply .inj with b1=b2 at term . -- response shifting focus to condition -- condition(1) g (f (g b2)) == g b2 : Bool show pending . [pending actions] 1| in f (g b2) at top | rule ceq [inj] : b0 = b2 if g b0 == g b2 | condition g (f (g b2)) == g b2 replacement b2 apply red at term . close . A B dom f ran f

f f Surjective Function a1 a2 a3 b1 b2 a1 a2 a3 b1 b4 b2 b3 A B Total function f:AB is surjective, onto if Ran.f = B. Total function f is injective,one-to-one if (b,b’:B,c:C| bfc  b’fc  b=b’). a1 a2 a3 f b1 b2 a1 a2 a3 b1 b4 b2 b3 f A B

http://homepages.cwi.nl/~jve/svdi/RCRH7.pdf

14.42 Theorem Let f:BC be a total function, and let f-1 is its relational inverse. If f is not injective (one-to-one) then f-1 is not a determinate function.    B C A functions ‘relational inverse’ does not have to be a function. The above shows an element in C mapping to two elements in B hence fan out. B  C   Function f not injective The inverse (f-1) is not determinate

14.42 Theorem Let f:BC be a total function, and let f-1 be its relational inverse. Then f-1 is a (i.e. determinate) function iff f is injective (one-to-one). And, f-1 is total if f is surjective (onto).   f-1 is total iff f is surjective onto. The left diagram above shows that there are some elements in B that are not mapped to C.   B C B C  ? Inverse not surjective (onto) Function not total

14.42 Theorem Let f:BC be a total function, and let f-1 be its relational inverse. Then f-1 is total iff f is surjective (onto).     B C B C  ? Inverse not surjective (onto) Function not total

Total & Partial functions Dealing with partial functions can be difficult. What’s the value of (f.b=f.b) if bDom.f ? The choice of value must be such that the rules of manipulations that we use in the propositional and predicate calculus hold even in the presence of undefined values, and this is not easy to achieve. However, for partial function f:BC one can always restrict attention to its total counterpart, f:Dom.f C

Functions The binary relation < is not a function because 1 < 2 and 1 < 3 both hold. Identity relation iB over B is a total function, iB:BB ; ib=b for all b in B. Total function f: is defined by f(n)=n+1 is the relation {<0,1>,<1,2>,…}. Partial function f: is defined by f(n) = 1/n is the relation {<1,1/1>,<2,1/2>,<3,1/3>…}. It is partial because f.0 is not defined. Note  is a natural number,  is a rational number.

Functions  is an integer, + is a positive integer, - is a negative integer. Function f:+ is defined by f(b)=1/b is total, since f.b is defined for all elements of +. However, g: is defined by g.b =1/b is partial because g.0 is not defined.

Functions The partial function f takes each lower case character to the next character can be defined by a finite number of pairs {<‘a’,’b’>,<‘b’,’c’>,..,<‘y’,’z’>} It is partial because there is no component whose first component is ‘z’.

Functions When partial and total functions are viewed as binary relations, functions can inherit operations and properties of binary relations. Two functions are equal when their sets of pairs are equal. Similar to relations, we can have the product and powers (or composition see later) of functions.

Inverses of Total Functions Every relation has an inverse relation. However, the inverse of a function does not have to be a function. For example: f: defined as f(b)=b2. f(-2)=4 and f(2)=4 f-1(4)=2, two values (inverse is sq. rt).

Inverse of Total Functions Partial functions Total functions Injective or on-to-one Surjective or onto Bijective has inverse

Functions Products We can have the product of two relations. We now look at the product (f  g) of two total functions. (f  g).b = d = < viewing as relation > b(f  g)b = < product of relation 14.20> ( |: bfc  cgd) = < relation as function application > ( |: f.b=c  g.c=d) = <Trading 9.19> ( |: c = f.b : g.c=d) = < one point rule 8.14> g(f.b) = d

Functions Products (f  g).b = d = < viewing as relation > b(f  g)b = < product of relation 14.20> ( |: bfc  cgd) = < relation as function application > ( |: f.b=c  g.c=d) = <Trading 9.19> ( |: c = f.b : g.c=d) = < one point rule 8.14> g(f.b) = d Hence (f  g).b = g(f.b). This illustrates the difference between relational notation and functional notation.

Functions Products Hence (fg).b = g(f.b). This illustrates the difference between relational notation and functional notation, particularly for products. Functions possess an asymmetry between input and output. Expression f(arg) stands for the value of the function for the argument. On the other hand a relational expression r(a,b) is a statement that may be true or false. The product operation for relations is legal when the range of the first relation is the same as the domain of the second relation.

Functions Products We would prefer f(g.b) instead of g(f.b). So we have the new symbol  for composition of functions, defined as: f  g  g  f

Composition of Functions1 g o f, the composition of f and g 1 From http://en.wikipedia.org/wiki/Function_composition

Composition of Functions1 The functions f:X→Y and g:Y→Z can be composed by first applying f to an argument x and then applying g to the result. Thus one obtains a function: gof: X → Z defined by (gof)(x) = g(f(x)) for all x in X. The notation gof is read as "g circle f" or "g composed with f“. The composition of functions is always associative. That is, if f, g, and h are three functions with suitably chosen domains and codomains, then f o (g o h) = (f o g) o h.

A function in C arg1 arg2 return1 return2 Return value:int int addTwo(int arg) Example of usage {return (arg+2);} y = addTwo(7); arg1 arg2 addTwo(arg1) return1 return2 addTwo(arg2) Argument:int Return value:int

A function is a relation A function is a special case of a relation in which there is at most one value in the range for each value in the domain. A function with a finite domain is also known as a mapping. Note in diagram no diverging lines from left to right. f x5 x1 x2 x4 x6 y1 y2 X x3 Y Dom.f Ran.f

A function is a relation The function f:XY ‘the function f, from X to Y’ Is equivalent to relation XfY with the restriction that for each x in the domain of f, f relates x to at most one y; f x5 x1 x2 x4 x6 y1 y2 X x3 Y Dom.f Ran.f

Functions The relation between persons and their identity numbers identityNo  < Person, > or Person identityNo  is a function if there is a rule that a person may only have one identity number . It could be defined: identityNo: Person   Perhaps there should also be a rule that only one identity number may be associated with any one person, but that is not indicated here.

Functions A functions source and target can be the same ‘domain’ or type: hasMother: Person  Person any person can have only one mother and several people could have the same mother.

Function Application All the concepts which pertain to relations apply to functions. In addition a function may be applied. Since there will be at most only one value in the range for a given x it is possible to designate that value directly. The value of f applied to x is the value in the range of function of the function f corresponding to the value of x in its domain.

Function Application The application is undefined if the value of x is not in the domain of f. It is important to check that the value of x is in the domain of the function f before attempting to apply f to x. The application of the function to the value x (the argument) is written: f.x or f(x)

Function Application We can check the applicability of f by writing: x  dom f f.x = y These predicates must be true if f(x)=y is a function.

Partial and Total Functions If the identyNo function is a partial function there may be values in the source that are not in the domain (some people may have no identity number). A total function is one where there is a is a value for every possible value of x, so f.x is always defined. It is written f: X Y Because: Dom f = X (or source) function application can always be used with a total function.

Total Functions The function age, from Person to natural number, is total since every person has an age: age: Person   The function hasMother, is total since every person has one mother (including a mother!): hasMother : Person  Person

Injective Function An injective function may be partial or total. The functions identityNo and MonogamousMarriage are injective.

Isomorphism Given two functions: f:A->B, g:B->A f is isomorphism or invertible map iif gf=IA and fg=IB . Where IA, IB are the identity functions of A and B respectively. A left inverse of f is a function g such that g(f(x)) = x. or using alternative notation g f x = x

Isomorphism Let f:A->A and g:B->B be two functions on A and B respectively. If there is a mapping t that converts all x in A to some u=t(x) in B such that g(t(x))=t(f(x)), then the two functions f and g are homomorphic and t is a homomorphism If also if t is bijective, then the two functions are isomorphic and t is an isomorphism with respect to f and g. f(x)=x+2 for Arabic numerals g(u) = u + ii for Roman numerals t(a) maps every Arabic numeral to every Roman numeral. The functions f and g are isomorphic and t is an isomorphism with respect to f and g.

Isomorphism x t u Arabic f g Roman y t z f(x)=x+2 for Arabic numerals g(u) = u + ii for Roman numerals t(a) maps every Arabic numeral to every Roman numeral. The functions f and g are isomorphic and t is an isomorphism with respect to f and g. y t z

An Injective functions1. Two injective functions A non-injective function. 1 http://en.wikipedia.org/wiki/Injective_function

Injective Function f Using the INJ module and the CafeOBJ apply command we will prove that an injective function with a right inverse is an isomorphism. For f:A->B, g:B->A is isomorphism or invertible map iif gf=IA and fg=IB A function f has at least one left inverse if it is an injection. A left inverse is a function g such that g f a = a or g(f(a)) = a See lab 6 for details

Injective Function f module INJ { -- module name [ A B ] -- two sorts op f_ : A -> B -- a function from A to B op g_ : B -> A -- a function from B to A var a : A -- variables vars b b' : B -- equation for left inverse equation of f eq [linv] : g f a = a . -- conditional equation for injective property ceq [inj] : b = b' if g b == g b' . } The [Linv] equation says that g(f(x)) = x, i.e. g is a left inverse of f. The [inj] equation expresses the injective (or one-to-one) property. A function f has at least one "left inverse" if and only if it is an injection. -- From Lab 6 -- Task 1 theorem proving with 'apply' command. -- We will use apply to prove a theorem. -- For more detail see course notes. -- Using the INJ module(below) and the CafeOBJ 'apply' command -- we will prove that an injective function with a right inverse is an isomorphism. -- We need to understand the following terms: -- A (left) <-> B (right) -- right inverse: f:A->B, g:B->A, fg=IB -- left inverse: f:A->B, g:B->A, gf=IA -- isomorphism: f:A->B, g:B->A f is isomorphism or invertible map iif gf=IA and fg=IB -- injective function: every element in the domain is used (total) and every element in codomain is used. -- In the module INJ we are given two equations which represent the fact that f is injective (has a left inverse) -- 1) The left inverse (linv) says g f a = a, gives the identity of a. -- 2) The injective equation (inj) says two b's are equal only if g brings them to the same a (no fan-out for g). -- This equation asserts that two variables are equal, the apply command is used to evaluate it.

Injective Function f open INJ . op b : ­> B . -- make a constant b -- make a right inverse as the term to which the equation(s) will be applied to. start f g b . -- substitute B = f g b (our term) and B' = b in [inj] apply .inj with B' = b at term . -- normal evaluation will execute [linv] apply red at term . result b : B -- From Lab 6 -- Paste in each of the non-comment lines into CafeOBJ -- Try to understand the output. set trace on open INJ . op b : ­> B . -- make a constant b start f g b . -- make a right inverse as the term to which the equation(s) will be applied to. apply .inj with B' = b at term . -- put B = f g b(our term) and B' = b in [inj] -- this will cause the focus to shift to the condition. show term . -- ((g (f (g b))) == (g b)) : Bool show tree . apply red at term . -- normal evaluation will execute [linv] -- here is full trace -- 1>[7] rule: eq [linv] : g (f A:A) = A -- { A:A |-> g b } -- 1<[7] g (f (g b)) --> g b -- [7]: g (f (g b)) == g b -- -> g b == g b -- 1>[8] rule: eq CXU == CYU = #{ CXU |-> g b, CYU |-> g b } -- 1<[8] g b == g b --> true -- [8]: g b == g b ---> true -- condition(1) true : Bool -- condition is satisfied, applying rule -- shifting focus back to previous context -- result b : B -- So given an injective function with a left inverse -- we applied a 'right inverse'(our term) and an arbitrary 'b' which returned that 'b' -- This proves that f (or g) is an isomorphism. close

Injective Function f In CafeOBJ equations are written declaratively and interpreted operationally as rewrite rules, which replace substitution instances of the LHS by the corresponding substitutions instances of the RHS. The operational semantics normally require that the least sort of the LHS is greater that or equal to the least sort of the RHS. The [Linv] equation says that g(f(x)) = x (or g is a left inverse of f). The [inj] equation expresses the injective (or one-to-one) property.

Right Inverse module* GROUP { [ G ] op 0 : -> G op _+_ : G G -> G { assoc } op -_ : G -> G var X : G eq [EQ1] : 0 + X = X . eq [EQ2] : (-X) + X = 0 . }

Right Inverse manual Proof We want to prove that –X is a right inverse of +. A standard proof goes as follows: X + (­ X) = 0 + X + (­ X) = (­ (­ X)) + (­ X) + X + (­ X) = (­ (­ X)) + 0 + (­ X) = (­ (­ X)) + (­ X) = CafeOBJ does substitution using rewrite rules converting the LHS to the RHS (where it can) But in two lines of the above proof requires two reverse applications of rewrite rules i.e. converting from RHS to LHS. Moving from line 1 to line 2 requires the reverse of EQ1 Moving from line 2 to line 3 requires the reverse of EQ2

Right inverse CafeOBJ proof open GROUP op a : ­> G . -- a constant start a + (­ a) . – the term apply ­.1 at (1) . apply ­.2 with X = ­a at [1] . apply reduce at term . Note difference between show rules and show rule show rules Two versions of show rule show rule .1 show rule .EQ1 You can use the name (EQ1) or the number (.1) of rewrite rules with show command. of reversed rules, reduction yields the desired result, as follows. open GROUP op a : -> G -- a is used to distinguish it from X in the equations start a + (- a) -- this is the term to be proved (try show term). apply ­.1 at (1) . -- apply the first rule (EQ1) in reverse to the current term (at (1)) *result 0 + a + ­ a : G apply ­.2 with X = ­ a at [1] . – apply the reverse of second rule (EQ2) substituting –a for X in the first argument of EQ2. result ­ (­ a) + ­ a + a + ­ a : G apply reduce at term . – Finally evaluate the current term result 0 : G Look in more detail what happened at the second apply command. This command applied eq (­ X) + X = 0 . to the subterm 0. Without saying anything, a variable X would be introduced. This situation often occurs when a rule is reversely applied. The substitution ``X = ­ a'' avoids that. You can continue, and prove another theorem that 0 is a right identity (so the identity). Since we already showed ``a + (­ a)'' equals 0, it is sound to add the equation. That leads to the command sequence eq a + (­ a) = 0 . start a + 0 . apply ­.2 with X = a at (2) .

Injective composition.

An Surjective functions1. Two surjective functions A non-surjective function 1 http://en.wikipedia.org/wiki/Injective_function

An Surjective Composition1. Surjective composition: the first function need not be surjective 1 http://en.wikipedia.org/wiki/Surjective

A bijection 1. A bijective function Composition gof of two functions is bijective, we can only say that f is injective and g is surjective. 1 http://en.wikipedia.org/wiki/Bijection

A function f from X to Y is a relation from X to Y having the Some examples, range on the left domain on the right A function is called a bijection , if it is onto and one-to-one. A bijective function has an inverse Function Application A function f from X to Y is a relation from X to Y having the properties: 1. The domain of f is in X. 2. If (x,y),(x,y’)f, then y=y’ (no fan out from domain). A total function from X to Y is denoted f: X Y.

Injective Surjective For each map state whether or not it represents a function. If it is a function state whether or not it represents a surjective, injective or bijective function. In each case explain your reasoning.

Functions Which of the following sets P, Q, and R represents a partial, surjective, injective or bijective function from X={1,2,3,4} to Y={a,b,c,d}?

Functions X={1,2,3,4} to Y={a,b,c,d} P = {<1,a>,<2,a>,<3,c>,<4,b>} It is a function from X to Y. Domain = X, range = {a,b,c}. The function neither injective (both 1 and 2 map to a) nor surjective(nothing maps to d)

Functions X={1,2,3,4} to Y={a,b,c,d} P = {<1,a>,<2,a>,<3,c>,<4,b>} Q = {<1,c>,<2,a>,<3,b>,<4,c>,<2,d> } It is not a function from X to Y, because 2 maps to both a and d. R = {<1,c> ,<2,d>,<3,a>,<4,b>} It is a function from X to Y. Domain = X, range =Y. The function both injective and surjective.

CafeOBJ Error sorts The idea of error sorts is to add new elements to the models of a specification and to let the result of a function be one of the error elements, whenever the function is not defined for an input. Error sorts can be included in the definition of the function, specifying for which inputs the result will be an error.

CafeOBJ Error sorts From CafeOBJ Manual An error sort is automatically declared for each connected component of the sort graph, and has an internal name that starts with ?. 2 rules for error sorts. (1) If a term is ill-formed but potentially well-formed, it is regarded as a well-formed term of questionable sort. (2) On evaluation, the potential is investigated. If the result is a term which is unquestionably well-formed, it acquires a full citizenship. Otherwise it remains an outcast (i.e. an error sort).

CafeOBJ parse and errors Factorial (!) and division (/) are def defined in the FACT and RAT modules respectively. Division is not defined for zero. parse in FACT + RAT : (4 / 2) . parse in FACT + RAT : (4 / 0) . parse in FACT + RAT : (4 / 2) ! . A \/ B \/ C The principle of contradiction – that a thing cannot be and not be at the same time and in the same respect- is an axiom of thought, a law of reason of greater certitude than any law of science. parse in FACT + RAT : (3 / 0) . (3 / 0):?Rat parse in FACT + RAT : (4 / 0) . (4 / 0):?Rat parse in FACT + RAT : (4 / 0) ! . ((4 / 0) !):?Rat parse in FACT + RAT : (4 / 2) ! . ((4 / 2) !):?Rat

CafeOBJ Error sorts Above the error super-sort ?Elt for the Elt. Every sort has an error super-sort (or super set).

A Function Given Side = left  right the function driveON Country  Side Representing the side of the road vehicles drive on is a surjection, because the range includes all the values of the type Side. It would usually be considered total because driveOn should be defined in all countries.

What is a Hash Function? A hash function takes a data item to be stored or retrieved (say to/from disk) and computes the first choice for a storage location for the item. For example assume StudentNumber is the key field of a student record, and one record is stored on one disk block. To store or retrieve the record for student number n in a choice of 11 disk locations numbered 0 to 10 we might use the hash function. h(n) = n mod 11

Describe the steps needed to store a record for student number 257 using in locations disk 0-10 using h(n) = n mod 11 558 32 132 102 15 5 0 1 2 3 4 5 6 7 8 9 10 Steps to store 257 using h(n)=n mod 11 into locations 0-10 1. Calculate h(257) giving 4. 2. Note location is already occupied, a collision has occurred. 3. Search for next free space , with 0 assumed to follow 10. 4. If no free space then array is full, otherwise store 257 in next free space 558 32 132 102 15 5 257 0 1 2 3 4 5 6 7 8 9 10

Exercise 1 Only one person can book a room. A system records the booking of hotel rooms on one night. Given the domain of discourse consists of: Rooms the set of all rooms in hotel Person the set of all possible persons The state of the hotel’s bookings can be represented by the following: bookedTo: Room  Person

Exercise 1 Solution (a) Explain why bookedTo is a function. bookedTo is a function since it maps rooms to persons and for any given room(domain) at most one person (range) can book it. A person can book any number of rooms. b) Explain why bookedTo is partial. The function is partial since not all rooms have been booked. A partial function is a binary relation that associates each element of a domain set with at most one element of another codomain set. It is not defined for some inputs of the right type, that is, for some of the domain. Another way of saying this is, that not every element of the domain has to be associated with an element of the codomain.

Example Which of the following sets P, Q, and R represents a partial, surjective, injective or bijective function from X={1,2,3,4} to Y={a,b,c,d}? In each case explain your reasoning. P = {<1,a>,<2,a>,<3,c>,<4,b>} Q = {<1,c>,<2,a>,<3,b>,<4,c>,<2,d> } R = {<1,c> ,<2,d>,<3,a>,<4,b>}

Example Which of the following sets P, Q, and R represents a partial, surjective, injective or bijective function from X={1,2,3,4} to Y={a,b,c,d}? In each case explain your reasoning. P = {<1,a>,<2,a>,<3,c>,<4,b>} P is a total function from X to Y. Domain = X, range={a,b,c}. The function neither injective (both 1 and 2 map to a) nor surjective (nothing maps to d).

Example Which of the following sets P, Q, and R represents a partial, surjective, injective or bijective function from X={1,2,3,4} to Y={a,b,c,d}? In each case explain your reasoning. Q = {<1,c>,<2,a>,<3,b>,<4,c>,<2,d> } Q is not a function from X to Y, because 2 maps to both a and d.

Example Which of the following sets P, Q, and R represents a partial, surjective, injective or bijective function from X={1,2,3,4} to Y={a,b,c,d}? In each case explain your reasoning. R = {<1,c> ,<2,d>,<3,a>,<4,b>} R is a total function from X to Y. Domain = X, range =Y. The function both injective and surjective.

Exercise Which of the following sets represents a functions from {1,2,3} to {4,5,6}? If it is a functions, what type of function is it?. P = {<1, 4> ,<2,5>, <3, 4>} Q = {<1, 4> ,<2, 6>} R = {<1, 4> ,<2, 1>,<3,3>}

Exercise Which of the following sets represents a functions from X = {1,2,3,4} to Y={a,b,c,d}? If it is a functions, what type of function is it? P = {<1,a>,<2,a>,<3,c>,<4,b>} Q = {<1,c>,<2,a>,<3,b>,<4,c>,<2,d> } R = {<1,c> ,<2,d>,<3,a>,<4,b>} R = {<1,d> ,<2,d>,<4,a>} R = {<1,b> ,<2,b>,<3,b>,<4,b>}

Exercise-Solution 1 Does P represents a functions from X = {1,2,3,4} to Y={a,b,c,d}? If it is a functions, what type of function is it? P = {<1,a>,<2,a>,<3,c>,<4,b>} It is a function from X to Y. Domain = X, range = {a,b,c}. The function neither injective nor surjective.

Exercise-Solution 2 Does Q represents a functions from X = {1,2,3,4} to Y={a,b,c,d}? If it is a functions, what type of function is it? Q = {<1,c>,<2,a>,<3,b>,<4,c>,<2,d> } It is not a function from X to Y.

Exercise-Solution 3 Does R represents a functions from X = {1,2,3,4} to Y={a,b,c,d}? If it is a functions, what type of function is it? R = {<1,c> ,<2,d>,<3,a>,<4,b>} It is a function from X to Y. Domain = X, range =Y. The function both injective and surjective, therefore bijective.

Function on Sets Determine whether the set P represents a function from X={e,f,g,h} to Y={a,b,c,d}. P = {<e,a>,<f,a>,<g,c>,<h,b> } It is a function from X to Y. Domain = X, range = {a,b,c}. The function neither injective nor surjective. Why?

Function on Sets Determine whether the set Q represents a function from X={e,f,g,h} to Y={a,b,c,d}. Q={<e,c>,<f,a>,<g,b>,<h,c>,<f,d>} It is not a function from X to Y. Why?

Function on Sets Determine whether the set R represents a function from X={e,f,g,h} to Y={a,b,c,d}. R = {<e,a> ,<f,b>,<g,c>,<h,d>} It is a function from X to Y. Domain = X, range =Y. The function both injective and surjective, therefore bijective.

Identifying Functions Which of the following are functions? Explain why they are or are not functions? parent(child:Person)->parent:Person mother(child:Person) -> parent:Person oldestChild(parent:Person) -> child:Person allChilderenOf(parent:Person) -> (Person) 1: Not a function, because people have two parents, which contradicts definition of function. 2: Is a total function, because everyone has exactly one biological mother. 3: Not a total function, because some people have no children, therefore function is undefined for some of the domain. 4: Is a function, because for those with children a set is returned, for those people without children the empty set is returned. In either case the domain and range are defined.

Identifying Functions(*) Let the sort Person represent the set of all people and the sort PPerson represent the power set of Person. [Person < PPerson ] Which of the following are total functions: 1) Returns the parents of the argument op parentOf : Person -> Person 2) Returns the oldest child of the argument op oldestChildOf : Person -> Person 3) Returns all the children of the argument op allChildrenOf : Person -> PPerson

INJ Explained open INJ . op b : ­> B . eq [linv] : g f a = a . ceq [inj]: b0 = b1 if g b0 == g b1 . open INJ . op b : ­> B . start f g b . – right inverse apply .inj with b1 = b at term apply red at term . Print out notes section slides 90-95, run slide show 90-95. Try to relate notes to slide show. The first two lines in the above slide contains the two relevant equations from INJ. The final five lines represent the placing of a right inverse equation (f g b) into INJ. Line 3 just opens the module INJ for processing this always has to be done to work on a CafeOBJ module. Line 4 sets up an arbitrary ‘b’ which exists in B (also known as the range or the co-domain). Line 5 represents a right inverse ‘f g b’. It is really lines 6 and 7 that do the work, which can be stated as follows: “The 6 and 7 lines prove that if you add a ‘right inverse’ to INJ the you get a bijective function.” INJ already represents an injective function which by definition already has a ‘left inverse’. The right inverse, ‘f g b’, works line this; it takes a ‘b’ brings it to an ‘a’ in A (Aland) and then takes that ‘a’ back to a ‘b’ in B (Bland). We will show that the starting and finishing ‘b’ are the same.

INJ Explained open INJ . op b : ­> B . eq [linv] : g f a = a ceq [inj]: b0 = b1 if g b0 == g b1 open INJ . op b : ­> B . start f g b . – right inverse apply .inj with b1 = b at term apply red at term . Substitutions are : f g b b f g b b Line 6 sets ‘bo’ equal to the right inverse ‘f g b’. It also sets ‘b1’ to b. Looking at line 6 in more detail. The first bit ‘apply .inj’ says that we are interested in evaluating the equation called [inj]. The second bit ‘with b1 = b’ says let the ‘b’ that we declared in line 4 be substituted into ‘b1’ in the equation [inj]

INJ Explained open INJ . op b : ­> B . eq [linv] : g f a = a ceq [inj]: b0 = b1 if g b0 == g b1 open INJ . op b : ­> B . start f g b . – right inverse apply .inj with b1 = b at term apply red at term . giving : ceq [injNew] : f g b = b if g f g b == g b Line 6 sets ‘bo’ equal to the right inverse ‘f g b’. It also sets ‘b1’ to b. Looking at line 6 in more detail. The first bit ‘apply .inj’ says that we are interested in evaluating the equation called [inj]. The second bit ‘with b1 = b’ says let the ‘b’ that we declared in line 4 be substituted for ‘b1’ in the equation [inj] We will call this new equation constructed in line 6 ‘injNew’.

INJ Explained open INJ . op b : ­> B . eq [linv] : g f a = a ceq [inj]: b0 = b1 if g b0 == g b1 open INJ . op b : ­> B . start f g b . – right inverse apply .inj with b1 = b at term apply red at term . Eval :ceq [injNew] : f g b = b if g f g b == g b evaluate Line 7 reduces (or executes) the term that constructed in line 6 as [injNew]. [injNew] is a conditional equation, which if true will establish ‘f g b = b’ for an arbitrary b. We now focus on the evaluation of [injNew]: Because [injNew] is a ‘conditional equation’ its condition must be check first. Which switches evaluation to the conditional part (g f g b == g b) CafeOBJ finds this to be the similar in form to the equation [linv] on line 1. So CafeOBJ switches focus to [linv].

start f g b . – right inverse apply .inj with b1 = b at term INJ Explained Substitutions g b g b eq [linv] : g f a = a ceq [inj]: b0 = b1 if g b0 == g b1 open INJ . op b : ­> B . start f g b . – right inverse apply .inj with b1 = b at term apply red at term . giving :ceq [injNew] : f g b = b if g f g b == g b Above are the substations for [linvNew].

start f g b . – right inverse apply .inj with b1 = b at term INJ Explained Giving new equation eq [linvNew] : g f g b = g b eq [linv] : g f a = a ceq [inj]: b0 = b1 if g b0 == g b1 open INJ . op b : ­> B . start f g b . – right inverse apply .inj with b1 = b at term apply red at term . giving :ceq [injNew] : f g b = b if g f g b == g b When the substitutions are done [linvNew] can be evaluated eq [linvNew] : g f g b = g b Which gives ‘true’. Which means the condition of [injNew] is also true. Which in turn means that ‘f g b’ does give ‘b’ (same ‘b’) Which means adding a right inverse to INJ makes the fg pair an isomorphism (or bijection or invertible map)

Algebra with two sorts mod! TWOSORTS { [ T V ] op f : T -> T op g : T -> V -- Specific elements of T ops t1 t2 t3 t4 t5 : -> T -- Specific elements of V ops v1 v2 v3 v4 : -> V -- equations for f eq f(t1) = t3 . eq f(t3) = t4 . eq f(t4) = t5 . -- equations for g eq g(t1) = v1 . eq g(t2) = v2 . eq g(t4) = v4 . eq g(t5) = v4 . } open TWOSORTS **> Some reductions red f(t1) . red f(f(f(t1))) . red g(t4) == g(t5) .