Each step in our proof is a formula, but not only that; the entire proof is also aformula! The proofisapredicate.Written out in the usual way it isdistance =velocity *time= 60 *time= 60*4 = 240Without the annotations, our proof is just an ordinary Z predicate (it uses the Zconvention thata = b=cis an abbreviation fora = bAb= c).
15.1.Calculation and proof151Aproof can be any predicate; it need notbeanequation.Let's changetheproblemstatement slightly to say that the train is moving at less than sixty miles per hour:velocity <60. Then the proof becomes:distance=velocity*time[Definition]< 60 *time[velocity< 60]= 60*4[time =4]= 240[Arithmetic]Written out on one line, this isdistance=velocity*time< 60*time =60 *4 = 240This time we obtain the inequalitydistance <240 because we can infera < dfroma=b < c=d.Exercise 15.1.1Equality =, greater than >, and less than < are all transitive. Isinequality ^ transitive as well?Calculations need notbearithmetic.This exampleusesset membershipGand thesubset relation c. Organizations are modelled as sets ofpeople,and organizationalhierarchy is modelled as subset relations. Philip works on the adhesives team in thematerials group, which is part oftheresearch division.philip:PERSONadhesives, materials,research,manufacturing:¥ PERSONadhesivescmaterialsmaterialscresearchphilip6adhesivesIntuition tells us that Philip must work in the research division. We don't have towrite a formula to say that because it is easy to show:philipeadhesives[Definition]cmaterials[Definition]cresearch[Definition]This is a formal proof of the predicatephiliperesearch.It uses the transitivity ofthe subsetrelation:FromScTCUwe can infer 5 cU.The proofistrivial but itcansave us agreatdealofwriting.Without itwewouldhave toincludethepredicates
152Chapter 15. Formal reasoningphilip€materialsandphilip€manufacturingin the definition — and so on forevery otheremployee.Now that we can do theproof,we don't have to include thesefacts;we can infer them when they are needed. If the company is reorganized — forexample,materialsis moved fromresearchtomanufacturing— we only needto change a single line.In the preceding proofs, each line shows an expression which is joined to theexpression on the preceding line by an equal sign or a relation symbol. We canalso build proofs where the lines are predicates joined by logical connectives. Theconnective is often equivalence, which plays much the same role for predicates thatequality does forexpressions.Here is a formalization of the little algebra problem:findx,given2x+ 7 = 13.x:Z2*x + 7=13We simply solve forx2*x+ 7 = 13[Definition.]<»2*JC = 1 3 - 7[Subtract 7 from both sides.]4» 2*x =6[Arithmetic]=>•(2*x)div 2 = 6 div 2[Divide both sides by 2.]^ x = 6 div 2[Division on left side, algebra]O x—3[Division on right side, arithmetic]This completes our proof ofthepredicate 2*;t + 7=13=^;t = 3.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 370 pages?
Upload your study docs or become a
Course Hero member to access this document
Term
Fall
Professor
NoProfessor
Tags
Formal specification
