Predicate Logic and

Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

Chapter 1e
Predicate Logic and Program Verification
Discrete Mathematics II
Contents

Warm-up questions

Program Verification

Homeworks

(Materials drawn from Chapter 2 in:

“Michael Huth and Mark Ryan. Logic in Computer Science: Modelling and
Reasoning about Systems, 2nd Ed., Cambridge University Press, 2006.”)

Nguyen An Khuong, Huynh Tuong Nguyen

Faculty of Computer Science and Engineering
University of Technology, VNU-HCM
1e.1
 Predicate Logic and
Contents Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1 Warm-up questions
Contents

Warm-up questions

Program Verification

Homeworks
2 Program Verification

3 Homeworks

1e.2
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

Contents

Warm-up questions

Program Verification

Homeworks

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.

Contents

Warm-up questions

Program Verification

Homeworks

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false.
Contents

Warm-up questions

Program Verification

Homeworks

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false.
Contents

Warm-up questions

Program Verification

Homeworks

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions

Program Verification

Homeworks

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification

Homeworks

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification
Ans.: Yes Homeworks

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification
Ans.: Yes Homeworks
c) How do you represent a propositional variable (as used in
Propositional Logic) in a Predicate Logic formula?

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification
Ans.: Yes Homeworks
c) How do you represent a propositional variable (as used in
Propositional Logic) in a Predicate Logic formula?
Ans.: As a 0-ary predicate.

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification
Ans.: Yes Homeworks
c) How do you represent a propositional variable (as used in
Propositional Logic) in a Predicate Logic formula?
Ans.: As a 0-ary predicate.
d) Fermat’s Last Theorem is the name of the statement in
number theory that: It is impossible to separate any power
higher than the second into two like powers.

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification
Ans.: Yes Homeworks
c) How do you represent a propositional variable (as used in
Propositional Logic) in a Predicate Logic formula?
Ans.: As a 0-ary predicate.
d) Fermat’s Last Theorem is the name of the statement in
number theory that: It is impossible to separate any power
higher than the second into two like powers.
Or, more precisely:

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification
Ans.: Yes Homeworks
c) How do you represent a propositional variable (as used in
Propositional Logic) in a Predicate Logic formula?
Ans.: As a 0-ary predicate.
d) Fermat’s Last Theorem is the name of the statement in
number theory that: It is impossible to separate any power
higher than the second into two like powers.
Or, more precisely:
If an integer n is greater than 2, then the equation
xn + y n = z n has no solutions in positive integers x, y, and z.

1e.3
 Predicate Logic and
Warm-up questions Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
a) Are there expressions in Predicate Logic that do not evaluate
to TRUE or FALSE? If so, give an example.
Ans.: Terms, unlike predicates and formulas, do not evaluate to the
distinguished symbols true or false. Examples of terms
include: a, a constant (or 0-ary function); x, a variable; f (t),
Contents
a unary function f applied to a term t.
Warm-up questions
b) Is p(a) −→ ∃x.p(x) a valid formula? Program Verification
Ans.: Yes Homeworks
c) How do you represent a propositional variable (as used in
Propositional Logic) in a Predicate Logic formula?
Ans.: As a 0-ary predicate.
d) Fermat’s Last Theorem is the name of the statement in
number theory that: It is impossible to separate any power
higher than the second into two like powers.
Or, more precisely:
If an integer n is greater than 2, then the equation
xn + y n = z n has no solutions in positive integers x, y, and z.
Formulate the above statement in Predicate Logic with
Equality? 1e.3
 Predicate Logic and
Warm-up questions (cont’d): An answer to Fermat’s Last Program Verification

Theorem Formulation Nguyen An Khuong,

Huynh Tuong Nguyen

Contents

Warm-up questions

Program Verification

Homeworks

1e.4
 Predicate Logic and
Warm-up questions (cont’d): An answer to Fermat’s Last Program Verification

Theorem Formulation Nguyen An Khuong,

Huynh Tuong Nguyen

Contents

Warm-up questions

Program Verification
∀n.integer(n) ∧ n > 2 −→ ∀x, y, z.integer(x) ∧ integer(y) ∧
Homeworks
integer(z) ∧ x > 0 ∧ y > 0 ∧ z > 0 −→ xn + y n 6= z n .

1e.4
 Predicate Logic and
Program Verification Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
• Below is a function written in an imperative programming
language to perform binary search,

Contents

Warm-up questions

Program Verification

Homeworks

1e.5
 Predicate Logic and
Program Verification Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
• Below is a function written in an imperative programming
language to perform binary search,

Contents

Warm-up questions

Program Verification

Homeworks

1e.5
 Predicate Logic and
Program Verification Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
• Below is a function written in an imperative programming
language to perform binary search, by returning TRUE iff the
array a contains the value e in the range [l, u] and FALSE
otherwise, under the assumption that the input range is
sorted.
Contents

Warm-up questions

Program Verification

Homeworks

1e.5
 Predicate Logic and
Program Verification Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
• Below is a function written in an imperative programming
language to perform binary search, by returning TRUE iff the
array a contains the value e in the range [l, u] and FALSE
otherwise, under the assumption that the input range is
sorted.
Contents
bool binarySearch ( int [] a, int l, int u, int e) {
Warm-up questions
if (l > u) return false ; Program Verification
else { Homeworks
int m = (l + u) div 2;
if (a[m] == e) return true ;
else if (a[m] < e) return binarySearch (a, m + 1, u, e);
else return binarySearch (a, l, m - 1, e);
}
}

1e.5
 Predicate Logic and
Program Verification Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen
• Below is a function written in an imperative programming
language to perform binary search, by returning TRUE iff the
array a contains the value e in the range [l, u] and FALSE
otherwise, under the assumption that the input range is
sorted.
Contents
bool binarySearch ( int [] a, int l, int u, int e) {
Warm-up questions
if (l > u) return false ; Program Verification
else { Homeworks
int m = (l + u) div 2;
if (a[m] == e) return true ;
else if (a[m] < e) return binarySearch (a, m + 1, u, e);
else return binarySearch (a, l, m - 1, e);
}
}
• As a first step towards determining whether an
implementation (such as that in the function above) fulfills its
specification, the specification has to be formalized. We do so
in terms of preconditions and postconditions.
1e.5
 Predicate Logic and
Program Verification (cont’d) Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

• A precondition specifies what should be true upon entering

the function (i.e., under what inputs the function is expected
to work). Contents

Warm-up questions

Program Verification

Homeworks

1e.6
 Predicate Logic and
Program Verification (cont’d) Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

• A precondition specifies what should be true upon entering

the function (i.e., under what inputs the function is expected
to work). Contents

Warm-up questions
• The postcondition is a formula G whose free variables include Program Verification
only the formal parameters and the special variable rv Homeworks
representing the return value of the function.

1e.6
 Predicate Logic and
Program Verification (cont’d) Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

• A precondition specifies what should be true upon entering

the function (i.e., under what inputs the function is expected
to work). Contents

Warm-up questions
• The postcondition is a formula G whose free variables include Program Verification
only the formal parameters and the special variable rv Homeworks
representing the return value of the function.
• The postcondition relates the function’s output (the return
value rv) to its input (the parameters).

1e.6
 Predicate Logic and
Program Verification (cont’d) Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

• A precondition specifies what should be true upon entering

the function (i.e., under what inputs the function is expected
to work). Contents

Warm-up questions
• The postcondition is a formula G whose free variables include Program Verification
only the formal parameters and the special variable rv Homeworks
representing the return value of the function.
• The postcondition relates the function’s output (the return
value rv) to its input (the parameters).
Prob: Formulate in Predicate Logic the precondition and the
postcondition for binarySearch.

1e.6
 Predicate Logic and
Program Verification (cont’d): Answer Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

Contents
• First precondition: 0 ≤ l ∧ u < |a| Warm-up questions

Program Verification

Homeworks

1e.7
 Predicate Logic and
Program Verification (cont’d): Answer Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

Contents
• First precondition: 0 ≤ l ∧ u < |a| Warm-up questions

• Second precondition: Program Verification

Homeworks

1e.7
 Predicate Logic and
Program Verification (cont’d): Answer Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

Contents
• First precondition: 0 ≤ l ∧ u < |a| Warm-up questions

• Second precondition: Program Verification

Homeworks
∀i, j.integer(i) ∧ integer(j) ∧ 0 ≤ i ≤ j < |a| −→ a[i] ≤ a[j]

1e.7
 Predicate Logic and
Program Verification (cont’d): Answer Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

Contents
• First precondition: 0 ≤ l ∧ u < |a| Warm-up questions

• Second precondition: Program Verification

Homeworks
∀i, j.integer(i) ∧ integer(j) ∧ 0 ≤ i ≤ j < |a| −→ a[i] ≤ a[j]
• Postcondition: rv ←→ ∃i.l ≤ i ≤ u ∧ a[i] = e

1e.7
 Predicate Logic and
HW Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1. Do all HWs which have not been done in previous lectures.

Contents

Warm-up questions

Program Verification

Homeworks

1e.8
 Predicate Logic and
HW Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1. Do all HWs which have not been done in previous lectures.

2. Try to understand deeply the following notations/terms

Contents

Warm-up questions

Program Verification

Homeworks

1e.8
 Predicate Logic and
HW Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1. Do all HWs which have not been done in previous lectures.

2. Try to understand deeply the following notations/terms
arity, expression, term, formula, atomic formula, sentence,
clause, Backus Naur form (BNF), parse tree, precondition, Contents

postcondition, binding priorities, provability, witness, scope, Warm-up questions

bound, verification, model checking, Hoare triple, and their Program Verification

other related notation/terms. Homeworks

1e.8
 Predicate Logic and
HW Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1. Do all HWs which have not been done in previous lectures.

2. Try to understand deeply the following notations/terms
arity, expression, term, formula, atomic formula, sentence,
clause, Backus Naur form (BNF), parse tree, precondition, Contents

postcondition, binding priorities, provability, witness, scope, Warm-up questions

bound, verification, model checking, Hoare triple, and their Program Verification

other related notation/terms. Homeworks

3. Do exercise 1.5.14 on page 89 in [2].

1e.8
 Predicate Logic and
HW Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1. Do all HWs which have not been done in previous lectures.

2. Try to understand deeply the following notations/terms
arity, expression, term, formula, atomic formula, sentence,
clause, Backus Naur form (BNF), parse tree, precondition, Contents

postcondition, binding priorities, provability, witness, scope, Warm-up questions

bound, verification, model checking, Hoare triple, and their Program Verification

other related notation/terms. Homeworks

3. Do exercise 1.5.14 on page 89 in [2].

4. Consider the following program

1e.8
 Predicate Logic and
HW Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1. Do all HWs which have not been done in previous lectures.

2. Try to understand deeply the following notations/terms
arity, expression, term, formula, atomic formula, sentence,
clause, Backus Naur form (BNF), parse tree, precondition, Contents

postcondition, binding priorities, provability, witness, scope, Warm-up questions

bound, verification, model checking, Hoare triple, and their Program Verification

other related notation/terms. Homeworks

3. Do exercise 1.5.14 on page 89 in [2].

4. Consider the following program
temp := x
x := y
y := temp

1e.8
 Predicate Logic and
HW Program Verification

Nguyen An Khuong,
Huynh Tuong Nguyen

1. Do all HWs which have not been done in previous lectures.

2. Try to understand deeply the following notations/terms
arity, expression, term, formula, atomic formula, sentence,
clause, Backus Naur form (BNF), parse tree, precondition, Contents

postcondition, binding priorities, provability, witness, scope, Warm-up questions

bound, verification, model checking, Hoare triple, and their Program Verification

other related notation/terms. Homeworks

3. Do exercise 1.5.14 on page 89 in [2].

4. Consider the following program
temp := x
x := y
y := temp
What does this tinny program do? Find preconditions,
postconditions and verify its correctness?

1e.8