Improved WD Lemma Generation: Difference between revisions

Revision as of 10:58, 20 May 2010

This page describes work in progress for optimising well-definedness lemmas generated by the Core Rodin platform.

The lemmas are generated according to the $\mathcal{L}$ operator defined in Well-definedness in Event-B. However, this operator being defined as a syntactic transformation, it sometimes generates lemmas that are unnecessarily complicated. We first give some motivating examples showing cases where this happens, then we describe what result shall be produced by the tool. Finally, we describe the design retained for development.

Motivating Examples

All examples corresponds to the behavior of Rodin 1.3

Example A

The well-definedness lemma generated for predicate $f(x) = f(y)$ is

 $f\in S\pfun T\land x\in\dom(f)\land f\in S\pfun T\land y\in\dom(f)$

This predicate is sub-optimal as it contains twice the same sub-predicate ( $f\in S\pfun T$ ). Consequently, when the prover is fed with the generated lemma, it will have to prove twice the same goal.

Example B

The well-definedness lemma generated for predicate $x \div y=5 \land \lnot x \div y=3$ is

 $\lnot y=0 \land (x\div y=5 \limp \lnot y=0)$

This predicate is sub-optimal as the sub-predicate $x\div y=5 \limp \lnot y=0$ is subsumed by the sub-predicate $\lnot y=0$ . The prover doesn't need to prove $x\div y=5 \limp \lnot y=0$ if $\lnot y=0$ has been proved.

Example C

In the well-definedness lemma,

$\forall x, P(x) \limp Q(x) \land (... \land P(a) \land ... \limp Q(a))$ , the sub-predicate $(... \land P(a) \land ... \limp Q(a))$ by $\forall x, P(x) \limp Q(x)$ .

In the same way, the well-definedness lemma,

$\forall x, P(x) \limp Q(x) \land (\forall y, ... \land P(y) \land ... \limp Q(y))$ , the sub-predicate $(\forall y,... \land P(y) \land ... \limp Q(y))$ by $\forall x, P(x) \limp Q(x)$ .

This issue will not be fixed by the improved generation.

Improved Generation

To fix the issues shown in the above examples, we need that the tool produces a WD lemma equivalent (in the logical sense) to the predicate obtained through the $\mathcal{L}$ operator and satisfying the following constraints:

No sub-predicate subsumes another sub-predicate (exception : example C)

. TODO: Is there any other constraint to add?

Constraint 1 covers both examples A and B.

Design for Improved Generation

TODO: Do the design

@@ Line 22: / Line 22: @@
 In the well-definedness lemma,
-<math> \forall x, P(x) \limp Q(x) \land (... \land P(a) \land ... \limp Q(a)) </math>, the sub-predicate <math> Q(x) \land (... \land P(a) \land ... \limp Q(a)) <\math> by <math> \forall x, P(x) \limp Q(x) </math>
+<math> \forall x, P(x) \limp Q(x) \land (... \land P(a) \land ... \limp Q(a)) </math>, the sub-predicate <math> (... \land P(a) \land ... \limp Q(a)) </math> by <math> \forall x, P(x) \limp Q(x) </math>.
+In the same way, the well-definedness lemma,
+<math> \forall x, P(x) \limp Q(x) \land (\forall y, ... \land P(y) \land ... \limp Q(y)) </math>, the sub-predicate <math> (\forall y,... \land P(y) \land ... \limp Q(y)) </math> by <math> \forall x, P(x) \limp Q(x) </math>.
+This issue will not be fixed by the improved generation.
@@ Line 28: / Line 34: @@
 To fix the issues shown in the above examples, we need that the tool produces a WD lemma equivalent (in the logical sense) to the predicate obtained through the <math>\mathcal{L}</math> operator and satisfying the following constraints:
-# No sub-predicate subsumes another sub-predicate.
+# No sub-predicate subsumes another sub-predicate (exception : example C)
 .
 {{TODO|Is there any other constraint to add?}}

Improved WD Lemma Generation: Difference between revisions

Revision as of 10:58, 20 May 2010

Contents

Motivating Examples

Example A

Example B

Example C

Improved Generation

Design for Improved Generation

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Contribute

Tools