Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specification – Logic Specifications
Miaoqing HuangUniversity of Arkansas
Spring 2010
1 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Outline
1 Formulas in First-order Theory
2 Specifying complete programs
3 Specifying program fragments
2 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Outline
1 Formulas in First-order Theory
2 Specifying complete programs
3 Specifying program fragments
3 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Formula in First-order Theory
DefinitionA formula of a first-order theory is an expression involving
variables, numeric constants, functions, predicates andparentheseslogic connectives: and, or, not, implies, ≡quantifiers: for all (∀), exists (∃)
an expression that indicates the quantity of a proposition
1 x > y and y > z implies x > z;2 x = y ≡ y = x;3 for all x, y, z (x > y and y > z implies x > z);4 x + 1 < x - 1;5 for all x (exists y (y = x + z));6 x > 3 or x < -6;7 for all x (x ≥ 1) or (x ≤ -1) or (x = 0)
4 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
True or False of a Formula
Some formulas are always true
1 x > y and y > z implies x > z;2 x = y ≡ y = x;3 for all x, y, z (x > y and y > z implies x > z);4 x + 1 < x - 1;5 for all x (exists y (y = x + z));6 x > 3 or x < -6;7 for all x (x ≥ 1) or (x ≤ -1) or (x = 0)
5 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
True or False of a Formula
Some formulas are always false
1 x > y and y > z implies x > z;2 x = y ≡ y = x;3 for all x, y, z (x > y and y > z implies x > z);4 x + 1 < x - 1;5 for all x (exists y (y = x + z));6 x > 3 or x < -6;7 for all x (x ≥ 1) or (x ≤ -1) or (x = 0)
6 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
True or False of a Formula
Some formulas are either true or false
1 x > y and y > z implies x > z;2 x = y ≡ y = x;3 for all x, y, z (x > y and y > z implies x > z);4 x + 1 < x - 1;5 for all x (exists y (y = x + z));6 x > 3 or x < -6;7 for all x (x ≥ 1) or (x ≤ -1) or (x = 0)
7 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Free and bound variable, Closure of formulas
A variable is free if it is not quantified
1 x > y and y > z implies x > z;2 x = y ≡ y = x;3 for all x, y, z (x > y and y > z implies x > z);4 x + 1 < x - 1;5 for all x (exists y (y = x + z));6 x > 3 or x < -6;7 for all x (x ≥ 1) or (x ≤ -1) or (x = 0)
8 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Free and bound variable, Closure of formulas
A variable is bound if it is quantified
1 x > y and y > z implies x > z;2 x = y ≡ y = x;3 for all x, y, z (x > y and y > z implies x > z);4 x + 1 < x - 1;5 for all x (exists y (y = x + z));6 x > 3 or x < -6;7 for all x (x ≥ 1) or (x ≤ -1) or (x = 0)
9 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Free and bound variable, Closure of formulas
A formula is closed if all variables are quantifiedQuantifying all of its free variables with the for all quantifierA closed formula is always either true or false
1 x > y and y > z implies x > z;2 x = y ≡ y = x;3 for all x, y, z (x > y and y > z implies x > z);4 x + 1 < x - 1;5 for all x (exists y (y = x + z));6 x > 3 or x < -6;7 for all x (x ≥ 1) or (x ≤ -1) or (x = 0)
10 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Outline
1 Formulas in First-order Theory
2 Specifying complete programs
3 Specifying program fragments
11 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programInput-output assertions
Let P be programLet <i1, i2, . . ., in> denote the sequence of P’s input valuesLet <o1, o2, . . ., om> denote the sequence of P’s output valuesA property or requirement for P is specified as a formula asfollows{Pre(i1, i2, . . ., in)}P{Post(o1, o2, . . ., om, i1, i2, . . ., in)}Pre is called the precondition of PPost is called the postcondition of PThe above formula means that
if Pre holds for the given input values before P’s execution,then after P finishes execution, Post must hold for the outputand input values
12 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programInput-output assertions
Let P be programLet <i1, i2, . . ., in> denote the sequence of P’s input valuesLet <o1, o2, . . ., om> denote the sequence of P’s output valuesA property or requirement for P is specified as a formula asfollows{Pre(i1, i2, . . ., in)}P{Post(o1, o2, . . ., om, i1, i2, . . ., in)}Pre is called the precondition of PPost is called the postcondition of PThe above formula means that
if Pre holds for the given input values before P’s execution,then after P finishes execution, Post must hold for the outputand input values
13 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 1 – a division program
{exists z (i1 = z × i2)}P{o1 = i1/i2}
Requirementif the input value i1 is a multiple of the input value of i2, then theoutput must be the result of the division i1/i2
14 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 1 – a division program
{exists z (i1 = z × i2)}P{o1 = i1/i2}
Requirementif the input value i1 is a multiple of the input value of i2, then theoutput must be the result of the division i1/i2
15 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 2 – a division program with a stronger requirement
Stronger requirement: impose fewer constraints on the inputvalues and more constraints on the output values
{i1 > i2}P{i1 = i2×o1 + o2 and o2 ≥ 0 and o2 < i2}
Requirement
16 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 2 – a division program with a stronger requirement
Stronger requirement: impose fewer constraints on the inputvalues and more constraints on the output values
{i1 > i2}P{i1 = i2×o1 + o2 and o2 ≥ 0 and o2 < i2}
Requirementgiven two inputs i1 and i2 that satisfying i1 > i2, find the quotient andthe remainder of division between i1 and i2
17 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 2 – a division program with a stronger requirement
Stronger requirement: impose fewer constraints on the inputvalues and more constraints on the output values
{i1 > i2}P{i1 = i2×o1 + o2 and o2 ≥ 0 and o2 < i2}
Requirementgiven two inputs i1 and i2 that satisfying i1 > i2, find the quotient andthe remainder of division between i1 (the dividend) and i2 (the divisor)
18 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 3 – find the greater between two numbers
Requirementgiven two inputs i1 and i2, find the greater between these two inputs
{true}P{(o = i1 or o = i2) and o ≥ i1 and o ≥ i2}
19 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 3 – find the greater between two numbers
Requirementgiven two inputs i1 and i2, find the greater between these two inputs
{true}P{(o = i1 or o = i2) and o ≥ i1 and o ≥ i2}
20 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 4 – compute the greatest common divisor of two positive integers
Requirementgiven two positive integers i1 and i2, compute the greatest commondivisor of these two positive integers
{i1 > 0 and i2 > 0}P{(exists z1, z2 (i1 = o×z1 and i2 = o×z2))and not(exists h ((exists z1, z2 (i1 = h×z1 and i2 = h×z2)) and h > o))}
21 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 4 – compute the greatest common divisor of two positive integers
Requirementgiven two positive integers i1 and i2, compute the greatest commondivisor of these two positive integers
{i1 > 0 and i2 > 0}P{(exists z1, z2 (i1 = o×z1 and i2 = o×z2))and not(exists h ((exists z1, z2 (i1 = h×z1 and i2 = h×z2)) and h > o))}
22 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 5
{(i1, i2, . . ., in) and (n > 0)}P{for all k (1 ≤ k ≤ n) implies (ok = in−k+1)}
Requirementgiven a non-empty input sequence, produce the reverse of its inputsequence
23 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying a complete programExample 5
{(i1, i2, . . ., in) and (n > 0)}P{for all k (1 ≤ k ≤ n) implies (ok = in−k+1)}
Requirementgiven a non-empty input sequence, produce the reverse of its inputsequence
24 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Outline
1 Formulas in First-order Theory
2 Specifying complete programs
3 Specifying program fragments
25 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying procedures
Check whether element exists in table
{n > 0}procedure search (table: in integer_array; n: in integer;
element: in integer; found: out Boolean);{found ≡ (exists i (1≤i≤n and table(i) = element))}
Reverse the contents of an array of integers
{n > 0}procedure reverse (a: in out integer_array; n: in integer);{for all i (1 ≤ i ≤ n) implies (a(i) = old_a(n-i+1))}
Sorting in ascending order
{n > 0}procedure sort (a: in out integer_array; n: in integer);{for all i (1 ≤ i ≤ n) implies (a(i) ≤ a(i+1))}
26 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying procedures
Check whether element exists in table
{n > 0}procedure search (table: in integer_array; n: in integer;
element: in integer; found: out Boolean);{found ≡ (exists i (1≤i≤n and table(i) = element))}
Reverse the contents of an array of integers
{n > 0}procedure reverse (a: in out integer_array; n: in integer);{for all i (1 ≤ i ≤ n) implies (a(i) = old_a(n-i+1))}
Sorting in ascending order
{n > 0}procedure sort (a: in out integer_array; n: in integer);{for all i (1 ≤ i ≤ n) implies (a(i) ≤ a(i+1))}
27 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying procedures
Check whether element exists in table
{n > 0}procedure search (table: in integer_array; n: in integer;
element: in integer; found: out Boolean);{found ≡ (exists i (1≤i≤n and table(i) = element))}
Reverse the contents of an array of integers
{n > 0}procedure reverse (a: in out integer_array; n: in integer);{for all i (1 ≤ i ≤ n) implies (a(i) = old_a(n-i+1))}
Sorting in ascending order
{n > 0}procedure sort (a: in out integer_array; n: in integer);
{for all i (1 ≤ i ≤ n) implies (a(i) ≤ a(i+1))}
28 / 29
Formulas in First-order Theory Specifying complete programs Specifying program fragments
Specifying procedures
Check whether element exists in table
{n > 0}procedure search (table: in integer_array; n: in integer;
element: in integer; found: out Boolean);{found ≡ (exists i (1≤i≤n and table(i) = element))}
Reverse the contents of an array of integers
{n > 0}procedure reverse (a: in out integer_array; n: in integer);{for all i (1 ≤ i ≤ n) implies (a(i) = old_a(n-i+1))}
Sorting in ascending order
{n > 0}procedure sort (a: in out integer_array; n: in integer);{for all i (1 ≤ i ≤ n) implies (a(i) ≤ a(i+1))}
29 / 29