Predicate Logic for Software Engineering David Lorge Parnas McMaster University, Ontario, Canada

Presentation for SwE Readings Class By: Sridhar Pentapati By: Sridhar Pentapati

03/21/03 Sri Progress in a scientific discipline can be measured by how quickly its founders are forgotten3 About Dave Parnas  His insights have changed the way that we specify, design, document, build, and maintain software  His techniques have changed modern programming languages  His wisdom has steered software engineering field

03/21/03 SriLogic is in the eye of the logician. *Gloria Steinem4 Abstract Conventional interpretations of expressions that describe predicates are not suitable for use in software engineering because they do not deal with partial functions. Parnas’ team defines an interpretation for predicate expressions that is suitable for use in software documentation Conventional interpretations of expressions that describe predicates are not suitable for use in software engineering because they do not deal with partial functions. Parnas’ team defines an interpretation for predicate expressions that is suitable for use in software documentation

03/21/03 'Contrariwise', continued Tweedledee, 'if it was so, it might be, and if it were so, it would be; but as it isn't, it ain't. That's logic!'. *Lewis Carroll5 Introduction Introduction   Predicate logic is a development of propositional logic, which we’re all well acquainted with   Sentences in predicate calculus are built up from atomic sentences

03/21/03 SriPredicate Logic For Software Engineering6 Introduction contd... Introduction contd...  Why logic in SwE? 1. Engineers need mathematical tools 1.for the description and analysis of their products 2. Mathematical logic is the basis of all proposed tools 1.A solid foundation of logic notation will be essential for anyone who hopes to be recognized as a software engineer

03/21/03 Sri Logic is one thing, the human animal another. You can quite easily propose a logical solution to something and at the same time hope in your heart of hearts it won't work out. * Luigi Pirandello7 Introduction Contd... Introduction Contd...  Focus  It is essential to have a precise meanings for logical expressions, one that unambiguously yields a value of true or false for every statement of values to the variables that appear in an expression

03/21/03 Sri Logic: The art of thinking and reasoning in strict accordance with the limitations and incapacities of the human misunderstanding. *Ambrose Bierce8 Problems with Existing Logic Logicians are conservative? Believes Martin Van Emden Lacks precise meaning for logical expression (* values) Complexity of expressions Assumption of total functions

03/21/03 Sri The want of logic annoys. Too much logic bores. Life eludes logic, and everything that logic alone constructs remains artificial and forced. * André Gide9 Parnas Says: 1. Change predicate logic to allow functions to be partial 2. To do away with the resulting truth value “undefined”

03/21/03 SriPredicate Logic For Software Engineering10 Structure of The Paper 1. Introduction 2. Basic definitions 3. Syntax of Logic Expressions 4. Meanings of Logical Expressions 5. Examples of the Use of This Logic in Software Documentation 6. Conclusions 7. References

03/21/03 Sri The fact that logic cannot satisfy us awakens an almost insatiable hunger for the irrational. * A. N. Wilson11 Reasons and Goal  Since practitioners do not want to use methods that require them to use many symbols to say simple things  They will not read expressions that are lengthy or deeply nested  A full, formal definition of a logic that permits concise expressions is a prerequisite for practical use

03/21/03 SriPredicate Logic For Software Engineering12 Introduction contd… Introduction contd… In one of his earlier papers’ Parnas reminded us that In one of his earlier papers’ Parnas reminded us that 1.functions and relations can be viewed as sets of ordered pairs, 2.sets can be characterized by predicates and described by logical expressions, 3.predicates can be represented in more readable way using multidimensional expressions, and 4.the meaning of these tables can be defined by rules for translating those tables into more conventional expressions

03/21/03 Sri From a drop of water a logician could infer the possibility of an Atlantic or a Niagara without having seen or heard of one or the other. * Sir Arthur Conan Doyle13 Introduction Contd… Many researchers are developing mathematical methods for use by software developers. It is hoped that these methods would do for SwE, what differential and integral calculus did for other areas of engineering Many researchers are developing mathematical methods for use by software developers. It is hoped that these methods would do for SwE, what differential and integral calculus did for other areas of engineering

03/21/03 SriPredicate Logic For Software Engineering14 Introduction contd… Crux of the problem 1. Conventional formal interpretations of logical expressions (e.g. [Mendelson]) assume that all functions are total, i.e. defined on a domain that includes all possible values of their arguments 2. Those interpretations are not intended to deal with partial functions, functions whose value has not been defined for certain values of the argument

03/21/03 SriPredicate Logic For Software Engineering15 Basics   A partial function ƒ from a set A to a set B is an assignment to each element a in a subset of A, called the domain of definition of ƒ, of a unique element b in B   The sets A and B are called the domain and codomain of ƒ, respectively

03/21/03 SriLogic is like the sword--those who appeal to it, shall perish by it. * Samuel Butler16 Basics Contd…   We say that ƒ is undefined for elements in A that are not in the domain of definition of ƒ   We write ƒ : A  B to denote that ƒ is a partial function from A to B   When the domain of definitions equals A, we say that ƒ is a total function

03/21/03 SriPredicate Logic For Software Engineering17 Another interpretation of Predicate Expressions!!!  But why?  Since under conventional interpretations a logical expression that includes partial functions will have a defined value only when the values assigned to all function arguments are within functions’ domains. Such interpretations are of limited usefulness when describing software because we frequently use partial functions to describe the behavior of programs

03/21/03 SriPredicate Logic For Software Engineering18 Motivating Example  Assume that  represents a function that is defined on a domain containing only non-negative real numbers. A s/w designer may write a boolean expression such as: ((x > 0)  (y =  x))  ((x  0)  (y =  -x)) (1) to describe the behavior of a computer program to describe the behavior of a computer program

03/21/03 SriPredicate Logic For Software Engineering19 The writer’s intent seems to be to write an expression that is equivalent to: y =  |x| (2) the usual rules for evaluating such expressions require evaluation of all of the functions and relational operators before application of the logical operators to the truth- values that result. For every value of x other than 0, some component of expression (1) is undefined. With the standard interpretation of logical operators, which are defined only for two-value logics, the value of (1) is not defined except when x is assigned the value 0

03/21/03 SriPredicate Logic For Software Engineering20 Comparison with Other Work  There is a huge and complex literature on the subject of logic with partial functions  This paper presents a specific proposal and its illustrated use  Confined to software engineering  Dijsktra’s cand  The interpretation for predicate expressions proposed here neither specifies the order of evaluation nor introduces new symbols into logic

03/21/03 SriPredicate Logic For Software Engineering21 Basic Definitions  Predicate – A predicate is a characteristic or attribute or property that the subject of the statement can have “No lawyers are shysters ” “No lawyers are shysters ” A function that returns true or false. Conceptually it tests for a condition The property that a bird is an eagle can be expressed by the predicate: eagle(x) eagle(x) This predicate holds for all birds x which are eagles. For other birds, the predicate is falseThis predicate holds for all birds x which are eagles. For other birds, the predicate is false

03/21/03 SriPredicate Logic For Software Engineering22 Propositional Logic  Proposition: A proposition is a statement that is either true or false, but not both 1. Washington, D.C., is the capital of the United States of America = 3 Proposition 1 is true, whereas 2 is false Proposition 1 is true, whereas 2 is false  More complex propositions can be formed by applying the logical operators (¬, , , etc..)  Propositional logic formula Eg. ((p  q)  ¬ c) Eg. ((p  q)  ¬ c)

03/21/03 SriPredicate Logic For Software Engineering23 Predicate Logic  Predicate logic allows us to represent fairly complex facts about the world, and to derive new facts in a way that guarantees that, if the initial facts were true then so are the conclusions. It is a well understood formal language, with well-defined syntax, semantics and rules of inference

03/21/03 SriPredicate Logic For Software Engineering24 Predicate Logic contd…  Predicate logic is obtained by extending propositional logic by using: 1. Predicates 2. Variables 3. Quantifiers

03/21/03 SriPredicate Logic For Software Engineering25 Quantifiers  Two types of Quantification: 1. Universal quantification   x P(x) - P(x) is true for every x  x P(x) - P(x) is true for every x 2. Existential quantification   x P(x) – There is an x for which P(x) is true  x P(x) – There is an x for which P(x) is true

03/21/03 SriYou can only find truth with logic if you have already found truth without it26 Tuples  A tuple is an ordered list of one or more simple tuples U = {true, false} U = {true, false} Simple n-tuple Simple n-tuple – Ordered list of n members of U – Ordered list of n members of U Eg. Eg. n-tuple n-tuple – Ordered list of n simple tuples – Ordered list of n simple tuples Eg., true, false> Eg., true, false>

03/21/03 SriPredicate Logic For Software Engineering27 Tuples Contd…  When representing specific tuples, we separate the elements with commas and enclose tuples in to make their structure clear E.G. represents a simple 4- tuple and, true, false> represents a 3- tuple that is not a simple 3-tuple E.G. represents a simple 4- tuple and, true, false> represents a 3- tuple that is not a simple 3-tuple S k is the set of all simple k-tuples: S 1 is U. S is the union of S 1, S 2,…, S u ; u is the length of the longest tuple needed to apply the semantic model developed below S k is the set of all simple k-tuples: S 1 is U. S is the union of S 1, S 2,…, S u ; u is the length of the longest tuple needed to apply the semantic model developed below T k is the set of all k-tuples. T 1 is S. T k includes S k. T is the union of T 1, T 2, …, T u T k is the set of all k-tuples. T 1 is S. T k includes S k. T is the union of T 1, T 2, …, T u

03/21/03 SriPredicate Logic For Software Engineering28 Relations, Functions  Binary relations represent relationships between the elements of two sets  Relations could be from one-to-many, whereas functions can’t be from one-to- many

03/21/03 SriPredicate Logic For Software Engineering29 Functions and Characteristic Predicate  We refer to two types: Partial functions: functions whose domain is a proper subset of S Partial functions: functions whose domain is a proper subset of S Total functions: functions whose domain includes all the members of S Total functions: functions whose domain includes all the members of S  Characteristic predicate: For any set of simple tuples, X, the characteristic predicate of that set is a predicate whose domain is S, and whose value, for a simple tuple b, is true if and only if b is a member of X For any set of simple tuples, X, the characteristic predicate of that set is a predicate whose domain is S, and whose value, for a simple tuple b, is true if and only if b is a member of X

03/21/03 SriPredicate Logic For Software Engineering30 The Syntax of Logical Expressions 1. Built-in functions and Predicates:  the strings f 1, ………., f k are the names of functions  View functions as set of pairs  R 1, …….., R m are the names of characterizing sets of simple tuples  View predicates as characterizing sets of simple tuples

03/21/03 SriPredicate Logic For Software Engineering31 Syntax contd… 2. Terms:  A function application is a string of the form f j (V). Nothing else is a function  A term is either a member of U, a variable, or a function application. Nothing else is a term

03/21/03 SriPredicate Logic For Software Engineering32 Syntax contd… 3. Primitive Expressions:  Primitive Expression is a string of the form R j (V)  R j is a characteristic predicate  V is comma separated list of terms (called arguments)

03/21/03 SriThere can never be surprises in logic33 Syntax contd… 4. Predicate Expressions  All primitive expressions are predicate expressions.  If P, Q: predicate expressions, x: variable, then following are also predicate expressions:  (x, P), (P), (P)  (Q), (P)  (Q), ¬(P)

03/21/03 SriThe mind has its own logic but does not often let others in on it. *Bernard Devoto34 The Meaning of Logical Expressions  Denotation  each predicate expression is denoted as a set  subset of S u, where u is the number of variables that may appear in the expressions whose meaning is defined.  Assignment  simple u-tuple

03/21/03 SriPredicate Logic For Software Engineering35 Meaning contd… 1. Evaluating terms for a given assignment: Mapping val for a term, t, and assignment, A: 1. If t is a constant representing t ’, val(t, A) is t ’ 2. If t is a variable, x k, val(t, A) is the kth element of the assignment A 3. If t is a function application, 3. If t is a function application, ƒ k (V), let 1. 1.n be the length of V, 2.V ’ is in the domain of val(t, A) is 2.if V ’ is in the domain of ƒ k, val(t, A) is ƒ k (V ’ ) 3.V ’ is not in the domain of val(t, A) is * 3.if V ’ is not in the domain of ƒ k, val(t, A) is *

03/21/03 SriPredicate Logic For Software Engineering36 Meaning contd… 2. Evaluating primitive expressions for a given assignment:  For a primitive expression R j (V), and assignment A  Let X j be the set of simple tuples characterized by R j  be the length of V,  n be the length of V,  V i be the i th element of V, and V ’ be simple tuple  If V ’ is in X j, tval(R j (V), A) is true  If V ’ is not in X j, tval(R j (V), A) is false

03/21/03 SriPredicate Logic For Software Engineering37 Meaning contd… 3. The denotation of primitive expressions:  tval(p, A) is true 4. The denotation of predicate expressions:  If P and Q are predicate expressions: 1.  (x k, P), is the set of all assignments, A,  if c is any value in U, A[k  c] is in the denotation of P 2.(P)  (Q) is the union of P and Q 3.(P)  (Q) is the intersection of P and Q, and 4.¬(P) is the set of all members of S u that are not in P

03/21/03 SriLogic is a poor guide compared with custom. *Winston Churchill38 Meaning contd… 5. Satisfaction of an expression  Expressions that denote empty set are said to be false  Expressions that denote all of S u are said to be true  An expression, e, is said to be satisfied by an assignment, A, if A is a member of the denotation of e

03/21/03 Sri Man has such a predilection for systems and abstract deductions that he is ready to distort the truth intentionally, he is ready to deny the evidence of his senses only to justify his logic. * Fyodor Mikhailovich Dostoyevsky39 Meaning contd… 6. Notational conveniences:  Specify values for some and not for others  e.g. A list such as “x 2 : x 24 ” represents all assignments in which the second element is 4 and the 24 th element is 96

03/21/03 Sri Logic, like whiskey, loses its beneficial effect when taken in very large quantities. * Lord Dunsany40 Use in Documentation Palindrome Palindrome (  i, 0 ≤ I < n  (B[l+i]=B[l+n-1-i])) (  i, 0 ≤ I < n  (B[l+i]=B[l+n-1-i])) This expression gives the desired results even though the implication is evaluated outside the domain of B; the domain is characterized by the left-hand implicationThis expression gives the desired results even though the implication is evaluated outside the domain of B; the domain is characterized by the left-hand implication

Relational description of a program that searches B for the value of x41 j| present= (  i, B[i] = x) ¬(  i, B[i] = x) B[j] = x truetruefalse Use in Documentation

03/21/03 SriPredicate Logic For Software Engineering42 Use in Documentation contd…  (  i, B[i] = C[i]) Here we are looking for matching elements in two arrays Here we are looking for matching elements in two arrays When the value of i is outside the index set of either B or C, the value of B[i] = C[i] is false When the value of i is outside the index set of either B or C, the value of B[i] = C[i] is false This is the logic which has been basically presented in this paper This is the logic which has been basically presented in this paper

03/21/03 SriPredicate Logic For Software Engineering43 Conclusions 1. Not necessary to introduce either a third variable or conditional operators in order to deal with partial functions 2. Not only is the “motivating example”, eq (1), fully defined using the set-theoretic operations but also greatly simplified: (y =  x)  (y =  -x) (y =  x)  (y =  -x)

03/21/03 Sri A mind all logic is like a knife all blade. It makes the hand bleed that uses it. *Rabindranath Tagore44 Conclusions contd… 3. Compact readable formulation is crucial 4. Easier to comprehend 5. Drawbacks with some complementary predicates – price for allowing partial functions 1.  x >  y would not denote the complement  x ≤  y. both evaluate to false if either x or y is assigned negative value 2.  a =  a cannot be assigned a value of true if U includes negative values

03/21/03 SriLogic is the art of going wrong with confidence45 Conclusions contd… 6. The properties of the functions used should be stated precisely 7. Axiom of reflection does not hold in this interpretation 8. Simplification is obtained by making primitive predicates evaluate to false whenever one or more of their arguments are undefined

03/21/03 SriPredicate Logic For Software Engineering46 Conclusions contd… Parnas believes that these are proper decisions because: 1. Keeping logic simple is essential to practical application 2. The assigned meanings are consistent with intuitive interpretations, and 3. The formulae that results are relatively simple for cases arising frequently

03/21/03 SriPredicate Logic For Software Engineering47 Questions And Suggestions!!!!!!!

03/21/03 SriPredicate Logic For Software Engineering48 References   Discrete Mathematics and Its Applications - Kenneth Rosen, Fourth Edition  Software Fundamentals - Collected Papers by David L. Parnas