Introduction to Logical Proof

1
Introduction to Logical Proof

• A proof is a sequence of logical arguments where
  the premises together implies the conclusion.
• A simple example of (hypothetical syllogism)
• 1. P gt Q ( P implies Q)
• 2. Qgt R
• 3. P gt R
• A simple example of (disjunctive syllogism)
• 1. P or Q
• 2. Not P
• 3. Q

2
A Programming Statement Example

• Show that following the execution of the
  statement
• if X gt Max then X Max ,
• it is impossible for the condition, XgtMax,
  to be true .
• Proof (before and after execution conditions are
  given)
• Let P stand for XgtMax (before execution)
• Let Q stand for X Max (after execution)
• Let R stand for XgtMax (after execution)
• P is either true or false
• assume P is false, then the statement is never
  executed and R is also false or ( not P gt not
  R).
• assume P is true, then X is set to Max and Q
  becomes true. If P is true then Q becomes true or
  (P gtQ). If Q is true then R must be false or (Q
  gt not R). Thus with hypothetical syllogism of
  (PgtQ and Qgt not R, we have Pgt not R).
• So (not P gt not R) and ( P gt not R) gives us
  not R.
• This says that it is impossible for XgtMax to be
  true after the execution of the statement.

3
Program Correctness Proofs

• Preliminary Concepts
• the state of a system is usually given by the
  values of the variables of the system
• preconditions indicate the initial state prior to
  the execution of the code
• postconditions indicate the state after the
  execution of the code
• to show different pieces of code work
  correctly, one must divide the pieces of code
  into statements and convert the precondition
  (initial state) of each statement into
  postcondition of that statement which in turn
  becomes the precondition of the following
  statement

4
Preliminary Concepts (cont.)
Code A
Code B
Code C
Postcondition which is Precondition for Code C
Postcondition which is Precondition for Code B
Precondition for Code A
Postcondition for Code C
Example the precondition for a SQRT(x) function
is that input,x, is greater
than or equal to 0 the postcondition is the
desired square root of x.
5
Preliminary Concepts (cont.)

• An assertion is a statement regarding the
  state(s).
• A piece of code is considered correct if all the
  precondition assertions will lead to the
  postcondition assertions once the code is
  executed.
• Note that correctness does not address whether
  the precondition and postcondition assertions are
  what the designers or users had in mind.

6
Hoare Triple

• Definition If C is a piece of code and P is a
  precondition assertion and Q is a postcondtion
  assertion, the P C Q is called the Hoare
  Triple.
• Example of Hoare Triple
• consider the code
• Integer x, y, z
• z y
• y x
• x z
• let A be initial value of x and B be the initial
  value of y.
• then the following is a Hoare Triple
• xA, yB zy yx xz xB, yA

7
Correctness Definition

• Definition If C is some code with precondition
  P and postcondition Q, then PCQ is said
  to be partially correct if the final state of C
  satisfies Q provided that the initial state
  satisfies P. C is also considered partially
  correct if there is no final state !(that is, if
  C is non-terminating)
• Definition If PCQ is partially correct and
  C terminates, then PCQ is said to be totally
  correct.
• Partial correctness and total correctness differ
  only in termination. Thus they differ only in
  looping or recursive programs.

8
Thinking Pre and Post Conditions

• Finding a typical novice programming error
• assume x contained A and y contained B
• consider sequence of code for exchanging values
  x y y x
• precondition P for xy is (xA, yB)
• post condition (Q for xy is (xB)
• precondition P for y x is (xB)
• postcondition Q for y x is (yxB )
• Combining the code we have
• xA,yB xy yx xB, yB
• this is not the postcondition the programmer
  intended to get.
• Had the programmer formally stated the post
  condition to be xB,yA, which is the intent,
  then we could say the above code is incorrect.