Lecture 004

$$ \begin{array}{ll} \text{Variables} & x,y,z \ \text{Constants} & c \; ::= \; \ldots,-1,0,1,\ldots \

\text{Expressions} & e \; ::= \; c \mid x \mid e_1 + e_2 \mid e_1 * e_2 \mid \ldots \

\text{Programs} & \alpha,\beta \; ::= \; x := e \mid \alpha;\beta \mid \textbf{if } P \textbf{ then } \alpha \textbf{ else } \beta \mid \textbf{while } P \ \alpha \

\text{Formulas} & P,Q \; ::= \; e_1 \le e_2 \mid e_1 = e_2 \mid \ldots \ & \qquad \mid P \land Q \mid P \lor Q \mid P \rightarrow Q \mid P \leftrightarrow Q \mid \neg P \mid \top \mid \bot \ & \qquad \mid \forall x.P(x) \mid \exists x.P(x) \ & \qquad \mid [\alpha]Q \mid \langle \alpha \rangle Q \end{array} $$

State: total (For every x\in X, there exists exactly one y\in Y such that f(x)=y) map from variable to integer.

Program: partial function (loop may not terminate) from prestate to poststate

Trace: sequence of states a program goes

Dynamic Logic

[\alpha]Q (pronounced “box alpha Q”) which is true if, starting in a prestate w, the formula Q will be true in every poststate v we can reach by executing program \alpha

<\alpha>Q (pronounced “diamond alpha Q”) which is true in a state w if there is a poststate v that we can reach by executing \alpha in which Q is true.

For deterministic program, since there will be zero or one poststates, <\alpha>Q \implies [\alpha]Q

$$ \begin{array}{lll} \omega \models e_1 \le e_2 & \text{iff} & \omega\llbracket e_1 \rrbracket \le \omega\llbracket e_2 \rrbracket \

\omega \models e_1 = e_2 & \text{iff} & \omega\llbracket e_1 \rrbracket = \omega\llbracket e_2 \rrbracket \

\omega \models P \land Q & \text{iff} & \omega \models P \text{ and } \omega \models Q \

\omega \models P \lor Q & \text{iff} & \omega \models P \text{ or } \omega \models Q \

\omega \models P \rightarrow Q & \text{iff} & \omega \models P \text{ implies } \omega \models Q \

\omega \models \neg P & \text{iff} & \omega \not\models P \

\omega \models P \leftrightarrow Q & \text{iff} & \omega \models P \text{ iff } \omega \models Q \

\omega \models \forall x.P(x) & \text{iff} & \omega[x \mapsto c] \models P(x) \text{ for every } c \in \mathbb{Z} \text{ (what x currently holds doesn't matter) } \

\omega \models \exists x.P(x) & \text{iff} & \omega[x \mapsto c] \models P(x) \text{ for some } c \in \mathbb{Z} \text{ (what x currently holds matters) }\

\omega \models [\alpha]Q & \text{iff} & \text{for every } \nu \text{ with } \omega\llbracket \alpha \rrbracket \nu \text{ we have } \nu \models Q \text{ (allow loop) } \

\omega \models \langle \alpha \rangle Q & \text{iff} & \text{there is a } \nu \text{ with } \omega\llbracket \alpha \rrbracket \nu \text{ and } \nu \models Q \text{ (allow non-deterministic) } \end{array} $$

Now we redefine validity of P (\models P) as: P is valid if w \models P for every state w. Same goes with sequent.

Axioms: both sound and invertible

Good left/right rules: reductive axioms

We design the rules

\frac{\Gamma \vdash [\alpha]([\beta]Q), \Delta}{\Gamma \vdash [\alpha; \beta]Q, \Delta}[;]R
\frac{\Gamma, [\alpha]([\beta]Q) \vdash \Delta}{\Gamma, [\alpha; \beta]Q \vdash \Delta}[;]L

to be sound, invertible, and reductive by proving [\alpha ; \beta]Q \iff [\alpha]([\beta]Q)

Some Axioms for Dynamic Logic

So we have the following axioms

\begin{aligned} &[:=]A && [x := e]Q(x) \iff \forall x'.x' = e \rightarrow Q(x') \quad (x' \text{ not in } e \text{ or } Q(x)) \\ &[;]A && [\alpha ; \beta]Q \iff [\alpha]([\beta]Q) \\ &[\text{if}]A && [\text{if } P \text{ then } \alpha \text{ else } \beta]Q \iff (P \rightarrow [\alpha]Q) \wedge (\neg P \rightarrow [\beta]Q) \\ &[\text{unfold}]A && [\text{while } P \ \alpha] \iff (P \rightarrow [\alpha][\text{while } P \ \alpha]Q) \wedge (\neg P \rightarrow Q) \end{aligned}

Notice that we can't write [x := e]P \iff x = e \to P, this is because while := is a program assignment, = is a mathematical equality check. Therefore x:=x+1 is a valid program that increases x while x=x+1 will always resulting a false statement. If we have above incorrect rule, then [x := x + 1](x=17) \iff (x = x + 1) \to (x = 17) (which is incorrect, since the right side (x = x + 1) is always false and therefore right side is always true but the left side isn't always true.). So we prevent this issue by replacing variable x with a new variable x' so that if e mentions x, it would still be fine.

Table of Content