Principles of model checking

Syntax Throughout this monograph, we provide the definition of the syntax of logics in a more relaxed way. Skipping the syntactic rules for brackets (which can be derived from the precedence order of the operators that will be declared in words), the above inductive definition of propositional formulae over AP can be rewritten as Φ ::= true ∣∣∣ a ∣∣∣ Φ1 ∧Φ2 ∣∣∣ ¬Φ where a ∈ AP. The above can be understood as a casual notation for the Backus-Naur form of a context-free grammar over the alphabet Σ = {true} ∪ AP ∪ {¬,∧}. In this short-form notation, the symbol Φ serves simultaneously for (1) a nonterminal symbol (variable) of the grammar and (2) its derived words over Σ∗ (i.e., propositional formulae). The latter explains the indices in the term Φ1 ∧Φ2, which is correct on the formula level, although the correct notation would be Φ ∧ Φ (without indices) in the grammar. Length of a Formula The length of a formula Φ is defined by the number of operators in Φ and is denoted by |Φ|. For instance, the formula Φ = (¬b) ∧ c has the length 2. Since in most cases we are only interested in the asymptotic length of formulae in formula sequences (Φn), we may also assign one cost unit to the derived operators ∨ and →. In fact, the asymptotic formula length does not depend on whether ∨ and → are treated as a basic operator (with one cost unit per occurrence in a formula) or a derived one (using conjunction and negation). Semantics of Propositional Logic To formalize the intuitive meaning of propositional formulae, we first need a precise definition of the “context” that declares which atomic propositions hold and which do not hold. This is done by means of an evaluation which assigns a truth value 0 (“false”) or 1 (“true”) to each atomic proposition. Formally, an evaluation for AP is a function μ : AP → { 0, 1 }. Eval(AP) denotes the set of all evaluations for AP. The semantics of propositional logic is specified by a satisfaction relation |= indicating the evaluations μ for which a formula Φ is true. Formally, |= is a set of pairs (μ,Φ) where μ is an evaluation and Φ is a formula. It is written Propositional Logic 917 μ |= true μ |= a iff μ(a) = 1 μ |= ¬Φ iff μ |= Φ μ |= Φ ∧Ψ iff μ |= Φ and μ |= Ψ. Figure A.2: The satisfaction relation |= of propositional logic. μ |= Φ instead of (μ,Φ) ∈ |=. Accordingly, μ |= Φ stands for (μ,Φ) / ∈ |=. Intuitively, μ |= Φ stands for the fact that Φ is true under evaluation μ. The satisfaction relation |= is inductively defined by the conditions indicated in Figure A.2. If μ |= Φ, then μ is called a satisfied condition for Φ. In literature, the notation μ(Φ) = 1 if μ |= Φ, and μ(Φ) = 0, if μ |= Φ, is used, too. The value μ(Φ) ∈ {0, 1} is called the truth-value of Φ under μ. Formulae with derived operators like disjunction ∨ or implication → have the expected semantics. Thus, μ |= Φ ∨Ψ iff μ |= Φ or μ |= Ψ μ |= Φ → Ψ iff μ |= Φ or μ |= Ψ iff μ |= Φ implies μ |= Ψ. Set Notation for Evaluations An alternative representation of evaluations for AP is based upon representation of sets. Each evaluation μ can be represented by the set Aμ = {a ∈ AP | μ(a) = 1}. And conversely, an evaluation μ = μA with A = Aμ can be assigned to each subset A of AP. Evaluation μA is the characteristic function of Aμ, that is, μA(a) = 1 if a ∈ A and μA(a) = 0 if a / ∈ A. This observation suggests extending the satisfaction relation |= to subsets of AP by A |= Φ iff μA |= Φ. As an example, we look at Φ = (a ∧ ¬b) ∨ c. Given an evaluation μ with μ(a) = 0 and μ(b) = μ(c) = 1, then μ |= a ∧ ¬b and μ |= c, and thus, μ |= Φ. The accompanying set Aμ is Aμ = {b, c}. Hence, {b, c} |= Φ. The empty set induces an evaluation μ∅ with μ∅(a) = μ∅(b) = μ∅(c) = 0. Due to μ∅ |= Φ (where Φ = (a ∧ ¬b) ∨ c as above), we get ∅ |= Φ. However, we have ∅ |= ¬a∧¬b since ¬a and ¬b hold for the associated evaluation μ∅. Semantic Equivalence Two propositional logic formulae Φ, Ψ are called (semantically) equivalent if they have the same truth-value for each evaluation. That is, for all evaluations μ: 918 Appendix: Preliminaries rule for double negation idempotency law ¬¬Φ ≡ Φ Φ ∨Φ ≡ Φ Φ ∧Φ ≡ Φ absorption law commutativity law Φ ∧ (Ψ ∨ Φ) ≡ Φ Φ ∧Ψ ≡ Ψ ∧Φ Φ ∨ (Ψ ∧ Φ) ≡ Φ Φ ∨Ψ ≡ Ψ ∨Φ associativity law de Morgan’s law Φ ∧ (Ψ ∧ Ξ) ≡ (Φ ∧Ψ) ∧ Ξ ¬(Φ ∧Ψ) ≡ ¬Φ ∨ ¬Ψ Φ ∨ (Ψ ∨ Ξ) ≡ (Φ ∨Ψ) ∨ Ξ ¬(Φ ∨Ψ) ≡ ¬Φ ∧ ¬Ψ distributivity law Φ ∨ (Ψ1 ∧Ψ2) ≡ (Φ ∨Ψ1) ∧ (Φ ∨Ψ2) Φ ∧ (Ψ1 ∨Ψ2) ≡ (Φ ∧Ψ1) ∨ (Φ ∧Ψ2) Figure A.3: Some equivalence rules for propositional logic. μ |= Φ iff μ |= Ψ. In this case we write Φ ≡ Ψ. For example, the formulae a∧¬¬b and a∧b are semantically equivalent. A few of the most important equivalence rules for propositional logic and the operators ¬, ∧ and ∨ are shown in Figure A.3. Here, the Greek capital letters Φ, Ψ, Ξ (with or without subscripts) serve as metasymbols for formulae of propositional logic. The associativity and commutativity law for disjunction ∨ and conjunction ∧ justify the omission of brackets and notations like ∧ 1 i n Φi or Φ1 ∧ . . . ∧ Φn . Note that the length of a formula of type ∧ 1 i nΦi is equal to n − 1 (and not to 1). Furthermore, notations like ∧ i∈I Φi or ∧{Φi | i ∈ I} are often used where I is an arbitrary finite index set. If I is nonempty, then Φ stands for one of the formulae Φi1 ∧ . . . ∧ Φik where I = {i1, . . . , ik} and i1, . . . , ik are pairwise different. For I = ∅, the convention is ∧ i∈∅ Φi def = true, while ∨ i∈∅ Φi def = false. Satisfiability and Validity Propositional formula Φ is called satisfiable if there is an evaluation μ with μ |= Φ. Φ is called valid (or a tautology) if μ |= Φ for each evaluation μ. Φ is unsatisfiable if Φ is not satisfiable. For example, a ∧ ¬a is unsatisfiable, while Propositional Logic 919 a ∨ ¬(a ∧ b) is a tautology. The formulae a ∨ ¬b and a ∧ ¬b are satisfiable, but not tautologies. Obviously: Φ is unsatisfiable iff μ |= Φ for all evaluations μ iff μ |= ¬Φ for all evaluations μ iff ¬Φ is valid. Thus, Φ is unsatisfiable if and only if ¬Φ is a tautology. Literals and Positive Normal Form (PNF) A literal means a formula of the form a or ¬a where a ∈ AP is an atomic proposition. Propositional formulae in positive normal form (PNF for short, also sometimes called negation normal form) use the negation operator only on the level of literals. To ensure that the class of PNF formulae is as expressive as full propositional logic, both the conjunction and the disjunction operator serve as basic operators. Thus, the abstract syntax of PNF formulae is Φ ::= true ∣∣∣ false ∣∣∣ a ∣∣∣ ¬a ∣∣∣ Φ1 ∧ Φ2 ∣∣∣ Φ1 ∨ Φ2 where a ∈ AP. Given a (non-PNF) formula Φ, de Morgan’s laws and the rule for double negation allow for “pushing the negation inside” until an equivalent formula in PNF arises. That is, successive application of the transformations ¬(Φ1 ∧Φ2) ¬Φ1 ∨ ¬Φ2 ¬(Φ1 ∨Φ2) ¬Φ1 ∧ ¬Φ2 ¬¬Ψ Ψ to Φ’s subformulae yields an equivalent formula in PNF of the same asymptotic length. Conjunctive and Disjunctive Normal Form Special cases of PNF are the conjunctive normal form (CNF) and disjunctive normal form (DNF). A CNF formula has the form ∧ i∈I ∨ j∈Ji liti,j where I and Ji are arbitrary finite index sets and liti,j for i ∈ I and j ∈ Ji are literals. The subformulae ∨ j∈Ji liti,j are called clauses. For instance, (a1∨¬a3∨a4)∧(¬a2∨¬a3∨a4)∧a4 is a CNF formula with three clauses. Note that, e.g., true and false are also representable by CNF formulae: true is obtained by I = ∅, while false is equivalent to a ∧ ¬a, a CNF with two clauses consisting of one literal each. Given a PNF formula Φ, an equivalent CNF formula is obtained (on the basis of the distributivity laws) by applying the transformation rules: Φ0 ∨ (Ψ1 ∧Ψ2) (Φ0 ∨Ψ1) ∧ (Φ0 ∨Ψ2) (Ψ1 ∧Ψ2) ∨Φ0 (Ψ1 ∨ Φ0) ∧ (Ψ2 ∨ Φ0) 920 Appendix: Preliminaries to Φ’s subformulae as long as possible. Thus, for each propositional formula Φ there exists an equivalent CNF formula Φ′. Similarly, DNF formulae are formulae of the form ∨ i∈I ∧ j∈Ji liti,j where I and Ji are arbitrary finite index sets and liti,j for i ∈ I and j ∈ Ji are literals. E.g., (a1 ∧ ¬a2) ∨ (¬a2 ∧ ¬a3 ∧ a4) ∨ (¬a1 ∧ ¬a3) is a DNF formula. A transformation similar to the one for CNF can be applied to prove that any propositional formula Φ has an equivalent DNF formula Φ′.