Substructural Logic and Partial Correctness DEXTER KOZEN Cornell University and JERZY - PDF document

527 views
Uploaded On 2015-03-11

Substructural Logic and Partial Correctness DEXTER KOZEN Cornell University and JERZY - PPT Presentation

Partial correctness assertions are represented by intuitionistic linear implica tion We prove soundness and completeness over relational and trace models As a corollary we obtain a complete sequent calculus for inclusion and equivalence of regular e ID: 43924

Partial correctness assertions are

Link:

Copy

Embed:

<iframe width="560" height="315" src="https://www.docslides.com/embed/43924" frameborder="0" allowfullscreen></iframe>

Download Presentation from below link

Download Pdf The PPT/PDF document "Substructural Logic and Partial Correctn..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

1.INTRODUCTIONInformulatinglogicsforprogramvericationsuchasHoareLogic(),DynamicLogic(),orKleeneAlgebrawithTests(KAT),itistemptingtotreattests SubstructuralLogicandPartialCorrectness···,whereareprogramsandisatest.Becauseofthisrestrictionandbecauseofthesevererestrictionsonstructuralrulesregardingprograms,implicationhasalinearavor.Also,duetotheformoftherulesofinferenceforhandlingimplication,itfollowsthatimplicationisintuitionistic.Sequentsofthesystemareoftheform,whereisasequenceofprogramsandformulasandisaformula.Thesequenceiscalledanenvironment.Pro-gramsandformulasaretreateddierently,ascanbeseenfromthestructuralrules.Thereisaweakeningruleforformulas,butonlyaveryrestrictedweakeningforprograms:theycanbeinsertedonlyinfrontoftheenvironment.Thecontractionrule,althoughabsentinthesystem,isderivableforformulas,butitisnotderivableforprograms.Thereisnoexchangerule,althoughsomeweakformsofitcanbederived.Thereisaco-contractionrule:aprogramoftheformalreadypresentintheenvironmentcanbeduplicated.Troelstra[1992,p.25]remarksthatcontrac-tionhasmoredramaticproof-theoreticconsequencesthanweakeningwhenaddedtoLinearLogic.Thesystemhasintroductionrulesforimplicationontheleftandontherightof.Duetotheasymmetricalstructureofsequents,eachoftheprogramconnectiveshasintroductionandeliminationrulesexclusivelyontheleftsideof.Inthissense,thesystemisneitherinthestyleofnaturaldeduction(introduction/eliminationontheright),norinthestyleoftheGentzencalculus(introductionontheleftandontheright).Asmentionedearlier,thesystemhasthreestructuralrulesandacutrule.Thepaperisorganizedasfollows.InSection2weintroducethesyntaxofthelanguageofSystem.InSection3wegiverelationalandtracesemanticsforthislogicandshowhowthelogiccapturespartialcorrectness.InSection4,whichisthemaintechnicalpartofthepaper,weintroducetherulesofSystemandestab-lishitsbasicpropertiesneededlaterintheproofofthecompletenessresult.ThecompletenessproofreliesonresultsfromKleenealgebra.ArelationshipbetweenandKleenealgebra,togetherwithsomepropertiesusedintheproofofcompleteness,arepresentedinSection4.2.Asacorollary(Proposition4.13),weobtainacompletesequentcalculusforinclusionandequivalenceofregularex-pressions.InSection4.3weshowtwoexamplesofvalidrulesforreasoningaboutpartialcorrectnessassertionswhicharenotderivableinHoarelogicbutarederiv-ableinSystem.Section5isdevotedtothesoundnessofandSection6toitscompletenessoverbothclassesofmodels.WementionthatourtwoequivalentsemanticsofSection3arebothspecialcasesofamoregeneralapproachtothesemanticsofnoncommutativeLinearLogicviaquantales[Yetter1990].Werestrictourattentiontotwospecialkindsofquantales:setsoftracesandbinaryrelations.Ourcompletenessresultisthusstrongerthanitwouldbeforthemoregeneralsemanticsbasedonarbitraryquantales.2.SYNTAXThesyntaxofcomprisesseveralsyntacticcategories.Thesewillrequiresomeintuitiveexplanation,whichwedeferuntilaftertheformaldenition.InparticularACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. SubstructuralLogicandPartialCorrectness3.SEMANTICS3.1GuardedStringsGuardedstringsoverwereintroducedin[Kaplan1969](seealso[KozenandSmith1996]).Wereviewthedenitionhere.andbexeddisjointnitesetsofatomictestsandatomicprograms,respectively.Anatomisaprogramsuchthatiseither .Werequirefortechnicalreasonsthattheoccurinthisorder.AnatomrepresentsaminimalnonzeroelementofthefreeBooleanalgebra.Wedenotebythesetofallatomsof.Foranatomandatest,wewriteisaclassicalpropositionaltautology.guardedstringisasequencewhere0,each,and.Wedeneandlastlast),wecanformthefusionproductbyconcatenatingand,omittingtheextracopyoflast)inbetween.Forexample,ifandq ,thenpq .Iflast),thendoesnotexist.Thenotationforfusionproductshouldnotbemisinterpretedasconcatenationofstrings;thelatteroperationisnotdenedforguardedstrings.ForsetsX,Yofguardedstrings,deneX,lastAlthoughfusionproductisapartialoperationonguardedstrings,theoperationisatotaloperationonsetsofguardedstrings.Ifthereisnoexistingfusionproductbetweenanelementofandanelementof,thenEachprogramdenotesaset)ofguardedstrings:,atomicatestItfollowsthat.Aguardedstringisitselfaprogram,andAsetofguardedstringsoverregularifitis)forsomeprogram.TheregularsetsofguardedstringsformthefreeKleenealgebrawithtestsongenerators[KozenandSmith1996];inotherwords,)iisatheoremofKATLemma3.1.TheregularsetsofguardedstringsareclosedundertheBooleanoperations.ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. SubstructuralLogicandPartialCorrectnesscordingtothefollowinginductivedenition::[p]]Kdef={spt|(s,tatomicc[b]]Kdef=mK(b),batomicc[0]]Kdef=[[pq]]Kdef=[[p]]K[[q]]K[[pq]]Kdef=[[p]]K[[q]]K[[p+]]Kdef=n1[[p]]nK[[p]]Kdef={s|Þrst()=sandd[p]]Klastst[]]K}[[]]Kdef=K[[,]]Kdef=[[]]K[[]]K.Itfollowsthat [b]]K[[1]]K=K[[p ]]K=n0[[p]]nK.Everytracehasanassociatedguardedstringgs()denedbywhereistheuniqueatomofsuchthatat[i]]K.Theatomisuniquebecauseforeach,exactlyoneof .Thusgs()istheuniqueguardedstringoversuchthatat[gs(.Theguardedstringgs()isunique,becauseforanyguardedstring,anytracee[0p01···m1pm1m]]Kmustbeoftheformsuchthatt[i]]K,0im.Thesequentinthetracemodelifforalltracesces[]]K,lastst[]]K;equivalently,ifif[]]K[[,]]K.AsequentisifitisvalidinalltracemodelsoverandGuardedstrings(Section3.1)arejusttracesofaKripkeframewhosestatesareatomsofInthenotationofthissection,)wouldbedenotedted[p]]G.Therelationshipbetweentracesemanticsandguardedstringsisgivenbythefollowinglemma.Lemma3.2.Inanytracemodel,foranyprogramandtracee[p]]Kigs()GS(p).Inotherwords,,[p]]K=gs.ThemapisaKAThomomorphismfromthealgebraofregularsetsofguardedstringstothealgebraofregularsetsoftracesoverACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.Tiuryn Axiom(isatest):ArrowRules: Test-cutRule(isatest):,p,, ,p,(test-cut),b, IntroductionRules:EliminationRules:,p,q, ) ,p,q,,p,,q, ) ,p,(I0) ,q,,p,p ,p ,p,StructuralRules:CutRule: ,,,, ,) (CC , Fig.1.RulesofSystemsuchderivationwillthenbeuniformlyvalidoverallsubstitutioninstances.Forexample,thefollowingcontractionrule,,, ,,isadmissiblein.Indeed,belowisaderivationoftheconclusionfromthepremise,,, ,,(cut)ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.TiurynTheruleplaystheroleofModusPonens.Itisclearlyaneliminationruleontheright.WecannotwritearealModusPonensruleinthepresentsystem,sinceaprogramscannotstaytotherightof.Ifthiswereallowed,andModusPonenswouldhavebeeneasilyinterderivable.SeealsotheproofofLemma4.4.Wewishtopauseanddiscussbrieywhyweviewpartialcorrectnessreasoningasintuitionisticratherthanclassical.Itisnotimmediatelyobvious,sinceformulasareoftheform···,whereareprogramsandisatest.Inparticular,formulasarenotclosedunderimplication.Butwecanarguethattheimplicationintheformulahasanintuitionisticavorbyconsideringtherulesthatintroduceimplication.Ruleisatypicalruleofintroductionofimplicationontherightof.Ruleisnotsotypical,butitcanbeshownthatthisruleisderivablefrom(ident)andasfollows. ,p,p,p,, ,p,, ,p,(cut)Sinceeachoftherulesusedintheabovederivationclearlyhasanintuitionisticavor,itfollowsthathasaswell.Nextweshowthatispowerfulenoughtoproveallclassicallyvalidtests.Lemma4.4.Fortestsb,c,thesequentisderivableinwheneveraclassicalpropositionaltautology.Proof.Itiswellknown(see[Hareletal.2000;Johnstone1987])thatthefol-lowingproofsystemiscompleteforclassicalpropositionallogic:(MP) cbcb(bcd)(bc)(bd) Weshowthat(MP)arederivablein.For(MP) bc) (cut)For b,c ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.Tiurynwithcontainmentofregularsetsofguardedstrings.ItplaysthekeyroleinthecompletenessproofofSystem(Theorem6.1).RecallthataKleenealgebra)isanidempotentsemiringsuchthatistheleastsolutiontoandistheleastsolutionto.Equivalently,aKleenealgebraisastructure(1)satisfyingthefollowingaxioms.+0==1+(1)(2)(3)Boa[1990;1995],basedonresultsofKrob[1991],showsthatfortheequationaltheoryoftheregularsets,theright-handrule(3)isunnecessary.Wewillcallanidempotentsemiringsatisfying(1)and(2)aleft-handedKleenealgebra.Boasresultsaysthatforregularexpressionsand)iisalogicalconsequenceoftheaxiomsofleft-handedKleenealgebra,whereistheusualinterpretationofregularexpressionsassetsofstrings.Morespecically,Krob[1991]showsthattheclassicalequationsofConway[1971],alongwithacertaininnitebutindependentlycharacterizedsetofaxioms,logicallyentailallidentitiesoftheregularsetsover.TheclassicalequationsofConwayaretheaxiomsofidempotentsemirings,theequations(1),andtheequations=1+(1+Boa[1990;1995]actuallyshowsthattheseequationsplustherule=1+(4)which,thereaderwillnote,isneitherleft-norright-handedimplyalltheaxiomsofKrob,thereforetheclassicalequationsofConwayplusBoasrule(4)arecom-pletefortheequationaltheoryoftheregularsetsover.TheclassicalequationsandBoasrulearealleasilyshowntobetheoremsofleft-handedOurrsttaskistoextendtheseresultstoKleenealgebrawithtests(KAT)andguardedstrings.FirstletusrecallthatKleenealgebrawithtestsisaKleenealgebrawithanembeddedBooleansubalgebra.Formally,itisatwo-sortedalgebraK,B, ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.TiurynLemma4.9.Theoperatorsandaremonotonewithrespectto.Thatis,,then,andProof.Therules,andimplythatistheupperboundofandmodulo.Themonotonicityoffollowsbyequationalreasoning:andFor,wemustshowthatifforany,thenandforany.Using,and4.6),itsucestoshowthatandforany.Theformerisimmediatefromtheassumption,andthelatterfollowsfrom(Lemma4.2). Lemma4.10.and,thenProof.Certainlybymonotonicity.Then ,p ,pq ,p,q ,p ,p qp+) Lemma4.11.Letdenotethesetof-equivalenceclasses.Theoperations,andarewelldenedon,andthequotientstructureisaleft-handedProof.Wemustarguethatallthefollowingpropertieshold:qrpqThesearejustthelawsofleft-handedwrittenwiththesymbolsofToderivethedistributivelawpr,rstfrom,and,onecanderive,p,qfrom.Similarly,onecanderive,p,rinsteadof.Then,p,qpq,p,r ,p,q ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.TiurynProof.Wehave,bbytheaxiomandtheweakeningruleandwehave,c.Thedesiredconclusionfollowsfromand CombiningLemmas4.11and4.12andthefactthattheregularsetsofguardedstringsformthefreeKATongeneratorsand,wehaveProposition4.13.Thestructure isaleft-handedKATandisisomorphictothealgebraofregularsetsofguardedstringsoverand.ThusforanyprogramsandiGSandProof.Inordertoshowthat( )isaleft-handedKAT,byLemmas4.11and4.12,itremainstoshowthatcoincidesinthegreatestlowerboundandthatcoincideswiththeleastupperbound.Thegreatestlowerboundinoftwoequivalenceclasseswithrepresentativesandistheequivalenceclassof ,whiletheirleastupperboundistheequivalenceclassof .Hencewehavetoprovethefollowingtwoequivalences. (5) (b )(6)Westartwith(5).Since isapropositionaltautology,itfollowsfromLemma4.4that isderivable.Hence bc ( ,b bc)( bc)( bc) ( bc) c) ( ,b, c) ( ,b(cut)Inasimilarway,since isapropositionaltautology,wederivethesequent ,c.Hence,byand,weobtain bc)bcc Theoppositeinequalityisestablishedbythefollowingderivation. ,b ,b bc c,b ,b ,c bc b,c bc ) bc (test-cut) c( Thisproves(5).Fortheproofofin(6)letusobservethat (b )isapropositionaltautology.HencebyLemma4.4andweobtainb,c (b ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.TiurynItfollowsfromTheorem6.1thatallrelationallyvalidrulesofthisformarederivable;thisisfalsefor(see[Kozen2000;KozenandTiuryn2001]).Wegivetwoexamplesofthissituation.FirstletusremarkthateveryrelationallyvalidpartialcorrectnessassertionisderivableinHoarelogic.Recallthatwearedealingwithapropositionalformalism,hencetheincompletenessargumentsforrst-orderHoarelogicdonotapplyhere.DerivabilityinHoarelogicofrelationallyvalidpartialcorrectnessassertionsfollowsfromamoregeneralresult.Itisshownin[KozenandTiuryn2001,Theorem4.1]thateveryrelationallyvalidrule(7)inwhichtheprograms,...,pareatomicisderivableinHoarelogic.Sinceasinglepartialcorrectnessassertionisaspecialcaseofrule(7)for=0,theaboveremarkfollows.Thuswehavetolookforexamplesofrelationallyvalidrules(7)withnon-atomicpremises.Onesuchrule,mentionedin[KozenandTiuryn2001],thatisrelationallyvalidbutnotderivableinHoarelogicis (8)Thesequentofcorrespondingto(8)is.Hereisaderivationofthissequent: (1p+)p+c) c,p c,p c,p c,b,p Therstsequentintheabovederivationisaninstanceof(ident)(Lemma4.2).Anotherexampleofarelationallyvalidrulewhichisnotderivablein (9)Thereasonthattheaboverulecannotbederivedisthesameasfor(8):itiseasytoshowbyinductiononproofsinHoarelogicthatnoconclusionwithanatomicprogramcanbederivedfromnon-atomicpremises.Theprogramisencodedin .Hereisaderivationinofthesequentcorrespondingtotherule(9): c( c ( c,bp c) ( c,bp ( c,b,p c( c ( c,bp c) ( c) ( b,p ( c,p(test-cut) cpc) d( (mono)ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.Tiuryn6.COMPLETENESSTheorem6.1.,thenthereexistanacyclictracemodelandatracee[]]Ksuchthatlastst[]]K.Proof.ByLemma4.7,wecanassumewithoutlossofgeneralitythatisoftheform.Theproofproceedsbyinductiononthelengthof.Forthebasisoftheinduction,supposeisempty,sothat.Then.ByProposition4.13,.ConstructaKripkeframeconsistingofasingleacyclictracesuchthatgs().ByLemma3.2,2,[p]]K.Thenn[]]Kandd[p0]]K.Fortheinductionstepinwhichtheenvironmentendswithaprogram,say,wehave.Applyingtheinductionhypothesis,thereexistanacyclictracemodelandtracesandsuchthatat[]]K,lastst[p]]K,andlastst[]]K.Thenn[,p]]Kandlastst[]]K.Finally,wearguetheinductionstepinwhichtheenvironmentendswithafor-mula,say.ByLemma4.7,wecanrewritethisas.Letbeanexpressionrepresentingthesetofallguardedstrings(seeLemma3.1).andbeprogramssuchthat)and).TheseprogramsexistbyLemma3.1,andByProposition4.13,wecanreplacetoget.By,andby,eitherorButitcannotbetheformer,since,q,w,thereforeandbyProposition4.13,,thereforebyThusitmustbethecasethat,so.Byweaken-ingwehave.Thenbytheinductionhypothesis,thereexistanacyclictracemodelandtracesraces[]]Kandd[s]]KsuchthatlastConstructatracemodelconsistingonlyoftheacyclictrace.ByLemma3.2,2,[qw]]M,thereforenoprexofisinin[q]]M.Thenlastst[q0]]M,there-foree[,q0]]M.Moreover,lastst[p0]]M,sincelastand 7.CONCLUSIONSANDFUTUREWORKIthasrecentlybeenshownthatdecidingwhetheragivensequentisvalidisPSPACEcomplete[Kozen2001].Severalinterestingquestionspresentthemselvesforfurtherinvestigation.(1)ThecompletenessproofreliesontheresultsofBoa[1990;1995],whicharebasedinturnontheresultsofKrob[1991].Krobsproofisfairlyinvolved,com-prisinganentirejournalissue.Onewouldliketohaveaproofofcompletenessbasedonrstprinciples.(2)TherelativeexpressiveanddeductivepowerofcomparedwithsimilarsystemssuchasKAT,andisnotcompletelyunderstood.isatleastasexpressiveasandtheequationaltheoryofKAT,andapparentlymoreso,sinceitisnotclearhowtoexpressgeneralsequentsKAT.Ontheotherhand,itisnotclearhowtoexpressgeneralHornformulasofsuchasACMTransactionsonComputationalLogic,Vol.4,No.3,July2003. D.KozenandJ.TiurynU.Furbach,M.Kerber,K.-K.Lau,C.Palamidessi,L.M.Pereira,Y.Sagiv,andP.J.Stuckey,Eds.LectureNotesinArticialIntelligence,vol.1861.Springer-Verlag,London,56Kozen,D.andSmith,F.1996.Kleenealgebrawithtests:Completenessanddecidability.InProc.10thInt.WorkshopComputerScienceLogic(CSLÕ96),D.vanDalenandM.Bezem,Eds.LectureNotesinComputerScience,vol.1258.Springer-Verlag,Utrecht,TheNetherlands,Kozen,D.andTiuryn,J.2001.OnthecompletenessofpropositionalHoarelogic.InformationSciences139,34,187195.Kripke,S.1963.Semanticanalysisofmodallogic.Zeitschr.f.math.LogikundGrundlagend.Math.9,6796.Kripke,S.1965.SemanticalanalysisofintuitionisticlogicI.InFormalSystemsandRecursiveFunctions,J.N.CrossleyandM.A.E.Dummett,Eds.North-Holland,92130.Krob,D.1991.Acompletesystemof-rationalidentities.TheoreticalComputerScience89,(October),207343.Pratt,V.1990.Actionlogicandpureinduction.InProc.LogicsinAI:EuropeanWorkshopJELIAÕ90,J.vanEijck,Ed.LectureNotesinComputerScience,vol.478.Springer-Verlag,NewYork,97120.Restall,G.AnIntroductiontoSubstructuralLogics.Routledge.Troelstra,A.S.LecturesonLinearLogic.CSLILectureNotes,vol.29.CenterfortheStudyofLanguageandInformation.Yetter,D.N.1990.Quantalesand(noncommutative)linearlogic.J.SymbolicLogic55,4164.ReceivedSeptember2001;revisedJune2002;acceptedJune2002ACMTransactionsonComputationalLogic,Vol.4,No.3,July2003.