Lecture 1: Propositional Logic

COMS E6998 Formal Verification of System Software
Fall 2018
Ronghui Gu

1. Logical Statements

Propositional logic involves only declarative statements.

Declarative statements can be declared to be either true or false (but not both).
- “The train is late”
- “There are no taxis in the station”
Not all statements are declarative. The following cannot be declared true/false.
- “Let’s go to the cinema” (proposal)
- “It will probably rain tomorrow” (likelihood)
- “Where is Eric?” (question)
- “Fantastic!” (exclamation)

Complex propositions can be constructed by simple ones using operators.
$p$ : “If the train is late and there are no taxis in the station, then Bob is late to work.”

We can examine whether such propositions are true or false when we know the values of the basic propositions.

English (or any human language) is imprecise and subtle (verb tenses, etc.) and error prone. A more mathematical language for logic would make the above arguments clear (Propositional Logic).

2. Symbolic Propositional Logical

Declarative statement is just a “string of symbols”
Consider some statements are atomic. Name atomic propositions with distinct mathematical symbols (lowercase English letters): $p, p_1, q, q_2$
We form complex propositions using the following operators
- Negation
- Disjunction
- Conjunction
- Implication
- Parentheses
We will call atomic and complex propositions “formulas”: $(p \wedge ~q) \rightarrow r$

3. Syntax

To be rigorous, we need to define grammar (or meta-) variables that stand for any term derivable from the grammar: $A, B, ...$

Definition The logical formulas of Propositional Logic are exactly those accepted by the following grammar in Backus Naur Form (BNF):

$A::=p\ |\ (\neg A)\ |\ (A \wedge A)\ |\ (A \vee A)\ |\ (A \rightarrow A)$

We can draw a parse tree for the formula.

4. Semantics

Now we are going to look at the truth values of propositional logic formulas $A$ . We will write this as $sem(A)$

Definition

The set of truth values contains two elements $T$ and $F$
The meaning of an atomic formula is a single value from the set of truth values.
The meaning of each logical operator is a predefined function
The valuation or model of a formula $A$ is an assignment of each propositional atom in $A$ to a truth value.

A model of the formula $A = \neg p \wedge (q \vee p)$ can be any of the following:

$p: T, q: T$
$p: F, q: F$
…

We can write truth tables of composed operators using multiple columns.

Q: Create the truth table of the formula: $(p \rightarrow \neg q) → (q∨¬p)$

Q: Give a model that makes the above formula true.

Definition

$A$ is satisfiable when it has a model which makes it true.
$A$ is valid or a tautology when it has no model which makes it false.
$A$ is invalid or a contradiction when it has no model which makes it true.

Q: which of the above are properties of $(p → ¬q) → (q∨¬p)$

Q: show that if $A_1 ∧(A_2 ∧A_3)$ is satisfiable then $(A_1 ∧A_2)∧A_3$ is satisfiable.

Q: Let $(A_1 ∧ A_2) → A_3$ be valid. Is it necessary that $A_3$ is satisfiable?

5. Reasoning

Our goal is to use the logic to derive logical conclusions from logical premises (assumptions).

Two ways to do this:

Semantic reasoning: using the truth values. We already did this in the associativity questions.
Syntactic reasoning: using syntactic axioms and derivation rules. The preferred way because it’s easier. We’ll see this in the next lecture.

Definition We write “ $A_1,...,A_n \models B$ ” to mean that any valuation giving to all $A_1, . . . , A_n$ the value $T$ also gives $B$ the value $T$ .

This is called semantic entailment.

We call A1,…,An the preconditions.
We call $B$ the conclusion.
We assume that any valuation makes the empty premises $T$ .
We will write $A≡B$ when $A\models B$ and $B\models A$ . This is called semantic equivalence.

Lemma
$A$ is valid iff $\models A$ .

Lemma
$A$ is invalid iff $\models ¬A$ .

Lemma
$\models A→B$ iff $A\models B$ .

Lemma
$A_1 ∧A_2 \models B$ iff $A_1,A_2 \models B$ .

Lemma
$A \models B_1 ∨B_2$ iff $A\models B_1$ or $A\models B_2$ .

Q: show $p → q \models ¬q → ¬p$
Proof.

$p$	$q$	$p → q$	$¬q → ¬p$
T	T	T	T
T	F	F	_
F	F	T	T
F	T	F	_

$\Box$

Brute force algorithm for checking semantic entailment is exponential to the number of atomic propositions. $2^n$ ( $n$ is the number of atomic propositions)
an indirect proof can be quicker

Indirect Proof

assume entailment is falsifiable
check if that’s possible

Q: show $(p → (q ∨ r)) , (q → s) , p \models ¬ r → s$
Proof.

1. Set all the preconditions to be T.
We have :
 
| p → (q ∨ r)  |  q → s  | p | ¬ r → s |
|--------------|---------|---|---------|
|     T        |    T    | T |    _    |
 
Thus, p must be T. And the entailment is simplified as:
| q ∨ r | q → s | ¬ r → s |
|-------|-------|---------|
|   T   |   T   |    _    |
 
2. Case analysis over q:
2.1 If q is T, since q → s is T, we know s is T. Thus:
 
|   s   | ¬ r → s |
|-------|---------|
|   T   |    T    |
 
2.2 If q is F, since q ∨ r is T, we know r is T. Thus:
|   r   | ¬ r → s |
|-------|---------|
|   T   |    T    |
 
Qed

6. Syntactic Logical Proofs

Three different entailments:

$A→B$ : This is merely syntax. Its semantics is defined as $sem(A→B)$
$A_1 ... A_n \models B$ : This means $A_1 ... A_n$ model $B$ .
$A_1 ... A_n ⊢ B$ : from $A_1 ... A_n$ , we can syntactically derive (or prove) $B$ (using the inference rules of propositional logic)

6.1 Natural Deduction

There is a standard calculus for axioms of this form called Natural Deduction

$\frac{A_1 \ \cdots \ A_n}{B} \text{ Rule Name}$

Inference rules: If we have formulas $A_1 . . . A_n$ then we can derive formula $B$ .

Examples:
Axiom (∧i) If we have any formulas $A_1$ and $A_2$ then we can derive the formula $A_1 ∧ A_2$

$\frac{A_1 \quad A_2}{A_1 ∧ A_2} \text{ ∧i}$

Axiom (∧e1) If we have formula $A_1 ∧ A_2$ then we can derive the formula $A_1$

$\frac{A_1 ∧ A_2}{A_1} \text{ ∧e1}$

Axiom (∧e2) If we have formula $A_1 ∧ A_2$ then we can derive the formula $A_2$

$\frac{A_1 ∧ A_2}{A_2} \text{ ∧e2}$

Q: Prove “ $(p∧q)∧r, s∧t ⊢ q∧s$ ” using above axioms.

Proof
1. (p ∧ q) ∧ r  (Pre)
2. s ∧ t        (Pre)
3. p ∧ q        (∧e1, 1)
4. q            (∧e2, 3)
5. s            (∧e1, 2)
6. q ∧ s        (∧i, 4, 5)
 
Qed

Simple inference rules: given formulas derive a formula
Complex inference rules: given proofs and formulas derive a formula

6.2 Disjunction

The introduction rules of $∨$ are simple rules.

$\frac{A_1 }{A_1 ∨ A_2} \text{ ∨ i1} \qquad \frac{A_2 }{A_1 ∨ A_2} \text{ ∨ i2}$

The elimination rules of $∨$ are complex rules.

$\frac{\begin{array}{c} \\ \\ \\ \\ A_1 ∨ A_2 \end{array} \quad \boxed{\begin{array}{c} A_1\\ .\\.\\.\\ B \end{array}} \quad \boxed{\begin{array}{c} A_2\\ .\\.\\.\\ B \end{array}} }{B} \text{ ∨ e}$

Q: show $p∨q ⊢ q∨p$

Proof
1. p ∨ q      (Pre)
   -------------------------
2. | p        (Hyp)
3. | q ∨ p    (∨i2, 2)
   -------------------------
4. | q        (Hyp)
5. | q ∨ p    (∨i1, 4)
   -------------------------
6. q ∨ p      (∨i, 2~3, 4~5)
 
Qed

6.3 Implication

Elimination of $→$ (aka modus ponens)

$\frac{A \quad A→B}{B} \text{ →e}$

Q: show $p→q→r, p, q⊢r$
Q: show $p→q→r, p, p→q⊢r$

Introduction of $→$ : “If we can prove $B$ by assuming $A$ , then $A$ implies $B$ .”

$\frac{\boxed{\begin{array}{c} A\\ .\\.\\.\\ B \end{array}} }{A →B} \text{ →i}$

Q: show $p→q⊢p→r→q$

Proof
1. p → q        (Pre)
   -------------------------
2. | p          (Hyp)
     -----------------------
3. | | r        (Hyp)
4. | | q        (→e, 1, 2)
     -----------------------
5. | r → q      (→i, 3~4)
   -------------------------
6. p → r → q    (→i, 2~5)
 
Qed

Q: show ⊢ p → q → p

Thus, we can replace “all the proofs” with “implications”.

$\frac{ A_1∨A_2 \quad A_1→B \quad A_2→B }{B} \text{ v e}$

If we prove $A_1,...A_n ⊢ B$ then we can use in our proofs a derivable rule (aka a theorem)

$\frac{ A_1 \quad \cdots \quad A_n }{B} \text{ theorem}$

For example, we can prove the following theorem (called modus tollens)

$\frac{ A_1 → A_2 \quad ¬A_2 }{¬A_1} \text{ MT}$

6.4 Negation

Writing contradictions in the logic:

$p∧¬p$
$p∧¬q∧(p→q)$
Contradictions are formulas whose semantics returns $F$ for all models. They are unsatisfiable.
Contradictions are all semantically equivalent.
We should be able to prove one from the other.

We will pick an atomic proposition (say $p$ ) and name the following:

we write $⊥$ (pronounced “bottom”) to represent $p ∧ ¬p$
we also write $⊤$ (pronounced “top”) to represent $¬(p ∧ ¬p)$

We will allow to introduce $⊥$ from any contradiction.

$\frac{ A \quad ¬A }{⊥} \text{ ¬e}$

To introduce a negation $¬A$ we must show that from $A$ we can derive bottom (a contradiction).

$\frac{ A → ⊥ }{¬A} \text{ ¬i}$

Finally, from bottom we are allowed to derive anything:

$\frac{ \quad ⊥ \quad }{A} \text{ ⊥e}$

Q: show $p∧¬q ⊢ ¬(¬p ∨ q)$
Q show $p→q⊢¬q→¬p$

6.5 Double Negation

We know that $sem(¬¬A) = sem(A)$ , for any $A$ . That is, $¬¬A ≡ A$ .

Can we derive:

$\frac{ \quad A \quad }{¬ ¬ A} \text{ ¬¬i}$

Can we derive:

$\frac{ \quad ¬ ¬ A \quad }{A} \text{ ¬¬e}$

If our logic does not include $¬¬e$ then it is called intuitionistic logic.
If our logic does include $¬¬e$ then it is called classical logic.

7 Meta-theory of propositional logic

7.1 Soundness

Q: Is every provable statement $A_1, . . . , A_n ⊢ B$ valid according to the semantics of the logic?
In other words is the proof system sound?

Theorem (Soundness of proof rules)
For any provable statement $A_1, . . . , A_n ⊢ B$ it is valid that $A_1,...,A_n \models B$ .
Proof by a form of induction.

7.2 Completeness

Q: Do we have enough proof rules so that, any valid $A_1,...,A_n \models B$ , we can be proved syntactically as $A_1, . . . , A_n ⊢ B$ ? In other words is the proof system complete?

Theorem (Completeness of proof rules)
For any valid sequent $A_1,...,A_n \models B$ it is provable that $A_1,...,A_n ⊢ B$ .
Proof:

Eliminate premises: $A_1, A_2, . . . , A_n \models B$ implies $\models A_1 → (A_2 → . . . → (A_n → B))$ .
Show provability: $\models A_1 → (A_2 → . . . → (A_n → B))$ implies $⊢ A_1 → (A_2 → . . . → (A_n → B))$ .

$γ_l(p_1), γ_l(p_2), . . . , γ_l(p_n) ⊢ γ_l(B)$ is provable
$\models B \Rightarrow γ_l(B) = B$
$γ_l(p_1), γ_l(p_2), . . . , γ_l(p_n) ⊢ B$ by removing each $p_i$ using Law of the Excluded Middle.

Reintroduce premises: $⊢ A_1 → (A_2 → . . . → (A_n → B))$ implies $A_1, A_2, . . . , A_n ⊢ B$ $\quad\Box$

7.3 Decidability

Q: is it possible to write an algorithm that decides whether $A_1,...,A_n ⊢ B$ is a valid sequent?

We only need an algorithm to decide whether $\models A$ :
$A_1,...,A_n ⊢ B$ by a theorem, is equivalent to
$⊢ A_1 → . . . → A_n → B$ by soundness and completeness, is equivalent to $\models A_1 →...→A_n →B$ .

There are many ways to do this. One is to turn formulas into Conjunctive Normal Form (CNF).

7.4 CNF

CNF is a a formula which has the following structure:

It contains literals L which are either atoms (e.g., $p$ ) or their negation (e.g., $¬p$ )
It composes literals into clauses using disjunction ( $∨$ )
It composes clauses into a formula using conjunction ( $∧$ )

Example: $(q ∨ p ∨ r) ∧ (¬p ∨ s ∨ p) ∧ (¬s)$

CNF formulas do not contain:

double negation
implication

7.4.1 Validity

A CNF formula is valid iff every clause contains a literal and its negation. (Why?)

Valid formulas:

$(p ∨ ¬p)$
$(q ∨ p ∨ r ∨ ¬q) ∧ (¬p ∨ s ∨ p) ∧ (¬s ∨ s)$

Not valid formulas:

$p$
$(p ∨ q)$
$(q ∨ p ∨ r ∨ ¬q) ∧ (¬p ∨ s ∨ p) ∧ (s)$

The above gives an efficient algorithm to check validity of CNF formulas (O(n) to the size of the formula).

7.4.2 CNF conversion

Every fomula can be transformed to an equivalent CNF formula by the following method:

replace implication using the theorem: $A → B ≡ ¬A ∨ B$
push all negations inwards using De Morgan laws: $¬(A1 ∧A2) ≡ ¬A1 ∨¬A2\qquad ¬(A1 ∨A2) ≡ ¬A1 ∧¬A2$
remove double negations: $¬¬A ≡ A$
distribute and over or: $(A1 ∧ A2) ∨ B ≡ (A1 ∨ B) ∧ (A2 ∨ B)$

The above conversion outputs in the worst case an exponentially large formula (O(2n) to the size of the input formula).

Convert to CNF and check the validity of the formulas:

$(p→q)→(¬q→¬p)$

(p→q)→(¬q→¬p)
≡ ¬(¬p ∨ q) ∨ (¬¬q ∨ ¬¬p)         (rule 1)
≡ (¬¬p ∧ ¬q) ∨ (¬¬q ∨ ¬¬p)        (rule 2)
≡ (p ∧ ¬q) ∨ (q ∨ p)              (rule 3)
≡ (p ∨ (q ∨ p)) ∧ (¬q ∨ (q ∨ p))  (rule 4)
≡ (p ∨ q) ∧ (¬q ∨ q ∨ p)          (simplified)

$¬p∧q→p∧(r→q)$
$p→q→r$
$(p→q→r)→(p∧q→r)$
$⊥→p$
$p→⊤$

7.4.3 Satisfiability

Satisfiability: Given $A$ , is there a model which makes $A$ true? Q: Can we decide satisfiability?

Theorem The satisfiability problem is decidable, and NP-complete
So there are known algorithms but they are not efficient in the worst case.

SAT is the first problem that was proven to be NP-complete; see Cook–Levin theorem. This means that all problems in the complexity class NP, which includes a wide range of natural decision and optimization problems, are at most as difficult to solve as SAT. There is no known algorithm that efficiently solves each SAT problem, and it is generally believed that no such algorithm exists; yet this belief has not been proven mathematically, and resolving the question of whether SAT has a polynomial-time algorithm is equivalent to the P versus NP problem, which is a famous open problem in the theory of computing.

The exponential time hypothesis asserts that no algorithm can solve 3-SAT (or indeed k-SAT for any k > 2) in exp(o(n)) time (i.e., fundamentally faster than exponential in n).

Algorithms for Satisfiability
Given a sentence in CNF, how can we prove it is satisfiable?

Enumerate all possible assignments and see if sentence is true for any of them. The number of possible assignments grows exponentially in the number of variables.
Consider a search tree where at each level we consider the possible assignments to one variable, say P. On one branch, we assume P is f and on the other that it is t.
Given an assignment for a variable, we can simplify the sentence and then repeat the process for another variable.

$(P ∨Q) ∧(P ∨¬Q∨R) ∧(T ∨¬R) ∧(¬P ∨¬T) ∧(P ∨S) ∧(T ∨R∨S) ∧(¬S ∨T)$
If we assign $P=F$ , we get

$P ∨Q \Rightarrow Q$
$P ∨¬Q∨R \Rightarrow ¬Q∨R$
$¬P ∨ ¬T$ removed
$P ∨S \Rightarrow S$

The result is
$(Q) ∧(¬Q∨R) ∧(T ∨¬R) ∧(S) ∧(T ∨R∨S) ∧(¬S ∨T)$

This algorithm is called DPLL, which stands for the names of the inventors of the algorithm (Davis, Putnam, Logeman and Loveland).

Properties of satisfiability algorithms:

Sound – if it gives you an answer, it’s correct
Complete – it always gives you an answer
DPLL is sound and complete

Other algorithms: GSAT, WALKSAT,…

But there are efficient algorithms for a some CNF formulas: Horn clauses

A CNF formula is a horn formula if all its clauses have at most one positive literal:

$¬p∨¬q∨r$ becomes $p∧q → r$
$¬p∨¬q$ becomes $p∧q → ⊥$
$p$ becomes $⊤ → p$

Algorithm: Inputs a Horn formula and maintains a list of literals, $⊥$ , and $⊤$ in the formula.
It marks the literals in this list as follows:

it marks $⊤$ if it exists in the list
If there is a conjunct
$L_1 ∧ . . . L_n → L′$ and all $L_1, . . ., L_n$ are marked then mark L′. Repeat (2) until no more such conjuncts.
if $⊥$ marked then output “unsatisfiable” and stop
else output “satisfiable” and stop

This is a O(n) algorithm.

Q: show

$(p∧q∧s → p)∧(q∧r → p)∧(p∧s → s)$

1. ⊤ is marked
2. No conjunct satisfies rule 2.
3. since ⊥ is not marked, the formula is satisfiable

$(p∧s → ⊥)∧(s → p)∧(⊤ → s)$

1. ⊤ is marked
2. From clause (⊤ → s), s is marked
3. From clause (s → p), p is marked
4. From clause (p∧s → ⊥), ⊥ is marked. Thus the formula is unsatisfiable

$(p∧q∧s → ⊥)∧(q∧r → p)∧(⊤ → s)$
$(p∧q∧s → ⊥)∧(p∧s → q)∧(s → p)∧(⊤ → s)$
$(p∧q∧s → ⊥)∧(s → p)∧(⊤ → s)$