1. SS 2018 Software Verification SAT & FOL
Prof. Dr. Holger Schlingloff 1,2
Dr. Esteban Pavese 1
(1) Institut für Informatik der Humboldt Universität
(2) Fraunhofer Institut für offene Kommunikationssysteme FOKUS

2. Some Questions for Recap
What is a formal method?
Can you give the syntax of propositional logic?
Give a wff of PL of length at least 5!
Translate the following into proper PL:
((pq)(pq))
What are the literals in the above formula?
Can you describe the semantics of PL?
What is the complexity of boolean satisfiability?

3. Propositional Calculus
Various calculi have been proposed
boolean satisfiability (SAT) algorithms
tableau systems, natural deduction,
enumeration of valid formulæ
Hilbert-style axiom system
⊢ (()) (weakening)
⊢ ((()) (()())) (distribution)
⊢ (¬¬) (excluded middle)
, () ⊢  (modus ponens)
Derivability
All substitution instances of axioms are derivable
If all antecedents of a rule are derivable, so is the consequent

4. An Example Derivation Show ⊢ (pp)
⊢(p((pp)p))((p(pp))(pp)) (dis)
⊢(p((pp)p)) (wea)
⊢((p(pp))(pp)) (1,2,mp)
⊢(p(pp)) (wea)
⊢(pp) (3,4,mp)

5. Alternativen zu (excluded middle)
⊢ (¬¬)
⊢ (¬¬) (Doppelnegation)
⊢ ((¬¬)  ()) (Kontraposition)
⊢ ((¬¬)  ((¬) ))
⊢ ((¬)), ⊢ (() ((¬)  )) (v. Neumann)
⊢ (  ) (ex falsum quodlibet, schwächer)

6. Correctness and Completeness
Only valid formulæ can be derived
Induction on the length of the derivation
Show that all axiom instances are valid, and that the consequent of (mp) is valid if both antecedents are
Completeness: ⊨  ⊢
All valid formulæ can be derived
Show that consistent formulæ are satisfiable ~⊢¬  ~⊨¬

7. Consistency and Satisfiability
A finite set Φ of formulæ is consistent, if ~⊢¬ΛΦ
Extension lemma: If Φ is a finite consistent set of formulæ and  is any formula, then Φ{} or Φ{¬} is consistent
Assume ⊢¬(Φ) and ⊢¬(Φ¬). Then ⊢(Φ¬) and ⊢(Φ¬¬). Therefore ⊢¬Φ, a contradiction.
Let SF() be the set of all subformulæ of 
For any consistent , let # be a maximal consistent extension of  (i.e., # and for every SF(), either #or ¬#. (Existence guaranteed by extension lemma)

8. Canonical models
For a maximal consistent set #, the canonical model CM(#) is defined by I(p)=true iff p#.
Truth lemma: For any SF(), I()=true iff  #
Case =p: by construction
Case =: Φ{} cannot be consistent
Case =(12): by induction hypothesis and derivation
Therefore, if  is consistent, then for any maximal consistent set #, CM(#)⊨
any consistent formula is satisfiable
any unsatisfiable formula is inconsistent
any valid formula is derivable

9. Example: Combinational Circuits
Pictures taken from:
Multiplexer
S selects whether I0 or I1 is output to Y
Y = if S then I1 else I0 end
(Y((SI1)(¬SI0))) S I0 I1 Y - 1

10. Boolean Specifications
Evaluator (output is 1 if input matches a certain binary value)
Encoder (output i is set if binary number i is on input lines)
Majority function (output is 1 if half or more of the inputs are 1)
Comparator (output is 1 if input0 > input1)
Half-Adder, Full-Adder, …

11. Software Example Code generator optimization Loop optimization
if (p and q) then if (r) then x else y else if (q or r) then y else if (p and not r) then x else y
Loop optimization

12. Verification of Boolean Functions
Latch-Up: can a certain line go up?
does (¬L0) hold?
is (L0) satisfiable?
Given , ; does () hold?
usually reduced to SAT: is ((¬)(¬)) satisfiable?
efficient SAT-solver exist (annual competition)
partitioning techniques
any output depends only on some inputs
find which ones
generate test patterns (BIST: built-in-self-test)

13. Propositional Resolution
A clause is a disjunction of literals
Resolution rule: Given two clauses
C1=(x1  ...  xn  p) (or (¬p  x1  ...  xn))
C2=(y1  ...  ym  ¬p) (or (p  y1  ...  yn))
infer
C3=(x1  ...  xn  y1  ...  ym)
If the empty clause is derivable, the set of clauses is unsatifiable ((x) = (x  ))

14. SAT Solving DPLL solvers backtracking-based resolution:
let R be a set of clauses, p a proposition
R = ((R  p)  (R  ¬p))
unit propagation: no backtracking necessary
pure literal elimination: p only positive or only negative
from wikipedia

15. Optimizing Boolean Functions
Given ; find  such that () holds and  is „optimal“
much harder question
optimal wrt. speed / size / power /…
translation to normal form (e.g., OBDD)

16. Break!

17. Predicate Logic used to formalize mathematical reasoning
dates back to Frege (1879) „Begriffsschrift“
„Eine der arithmetischen nachgebildete Formelsprache des reinen Denkens“
individuals, predicates (sets of individuals), relations (sets of pairs), ...
quantification of statements (quantum = how much)
all, none, at least one, at most one, some, most, many, ...
need for variables to denote “arbitrary” objects
In contrast to propositional logic, first-order logic adds
structure to basic propositions
quantification on (infinite) domains

18. FOL: Syntax New syntactic elements
R is a set of relation symbols, where each pR has an arity nN0
V is a denumerable set of (first-order or individual) variables
An atomic formula is p(x1,…,xn), where pR is n-ary and (x1,…,xn)Vn.
Syntax of first-order logic FOL ::= R (Vn) |  | (FOL  FOL) | V FOL

19. FOL: Syntax Abbreviations and parenthesis as in PL
Of course, x = ¬x ¬
Propositions = 0-ary relations Predicates = 1-ary relations
if all predicates are propositions, then FOL = PL
Examples
xxx (p()  x(q()  p()))
xxy ¬p(x)
xy (p(x,y)  p(y,x))
(xy p(x,y)  yx p(x,y))

20. Typed FOL Often, types/sorts are used to differentiate domains
Signature =(D, F, R), where
D is a (finite) set of domain names
F is a set of function symbols, where each fF has an arity nN0 and a type DDn+1
0-ary functions are called constants
R is a set of relation symbols, where each pR has an arity nN0 and a type DDn
unary relations are called predicates
propositions can be seen as 0-ary relations
Remark: domains and types are for ease of use only (can be simulated in an untyped setting by additional predicates)

21. Terms and Formulas
Let again V be a (denumerable) set of (first-order) variables, where each variable has a type DD (written as x:D) (for any type, there is an unlimited supply of variables of that type)
The notions Term and Atomic Formula AtF are defined recursively:
each variable of type D is a term of type D
if f is an n-ary function symbol of type (D1,…Dn,Dn+1) and t1, …, tn are terms of type D1, …, Dn, then f(t1,…,tn) is a term of type Dn+1
if p is an n-ary relation symbol of type (D1,…Dn) and t1, …, tn are terms of type D1, …, Dn, then p(t1,…,tn) is an atomic formula
Revised syntax of first-order logic FOL ::= AtF |  | (FOL  FOL) | V:D FOL

22. Examples x:Boy y:Girl loves(x,y)
x:Human y:Human (needs(x,y)  loves(y,x))
x,y:Int equals(plus(x,y), plus(y,x))
x:Int ¬equals(zero(), succ(x)) …