This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
T such that ]JULT(p,q) is infinite. The class of such theories is ~oo (type 00). (iv) A theory T is of type zero if it is not in one of the above classes The class of these theories is ~o' (v )
A theory is unification-re levant i f it is not of type zero. The class
of these theories is
1r .
Several examples for unitary, finitary and infinitary theories as well as type zero theories are discussed in 111.1. A matching problem <s~t>T
consists of a pair of terms and a theory TeGt= . A substitution
v€E is a T-matcher (or one-way-unifier) if vs t. MET is the set of matchers and a set of most general matchers ~MET is defined similarily to VULT'
18
The setvMLT induces the classes of matching-relevant theories similar to the classes based on VULT: a theory T is unitary matching if VMLT always exists and has at most one element. The class of such theories is .JIl1 • Analogeously we define A unification algorithm U A T
.Al./jJ..AI. oo JJlo and the class A (a matching algorithm MAT)
T is an algorithm which takes two terms sand t ~ ULT(~ ML
a set o/T
T)
for <s
=
t>T
(for <s
.
for a theory
as input and generates
t>T)' A minimal algorithm
2
vuA T (f./MA is an algorithm which generates a VULT T)
(VML T)'
For many practical applications this requirement is not strong enough, since it does not imply that the algorithm terminates for theories T E
11. 1
U,
11. w'
On the other hand, for T E
11.
/jJ
it is sometimes too
rigid, since an algorithm which generates a finite superset of VULT may be far more efficient than the algorithm vuAT and for that reason preferable. For that reason we define: An algorithm (i) uA (ii) uA (iii)
uA T
is type conformal iff:
generates a set o/T with UL T T T
terminates and v ,
if T E
'1l
oo
:=
v,
::::J
is finite i f T E
VULT for some VULT'
'1l 1
U
'1l
/jJ
and
then o/T~ [VULT]%'
Similarly: algorithm
MA T
is type conformal iff (i) -
U replaced by M.
(iii) hold with
19
"Howev er to ge ne rali ze . on e n e e ds exp eri e nc e ... " G. Gratze r Un i v er s a l Al g ebr a . 19 68 II I. RESULTS
" a comparative study neces sari ly pr esup pose s some pr ev i ou s se par a t e stu dy. co mpar ison bei ng impo s sible wit hou t k no wledge . " N. Whi t ehead Treat i s e on Univers a L Alg ebra. 18 9 8 1.
Spe c i a l The or i e s
Thi s sec t i o n i s conc er ned with Pr o blem Two a nd Th r ee (the e x i s t e n c e r es p. the enumerati on problem) me n tion e d i n I I .3 : For a give n equationaL
th e or y T. do e s t h ere exis t an a Lgor i thm. whi c h e nume ra t e s any te r ms s and t ?
~ UL T ( S , t )
for
The follow i ng t able summa rizes the -r e s u l t s t hat have b een ob t a i n e d for spec ial t heo r i es, whi ch con s is t o f combination s o f t he f oll owi ng e q u a t ion s : A
(associat i v i t y)
f ( f (x , y ) , z)
C
(commu t ativity)
D
(d i s t r i but i vi t y )
H, E
(homomor phism, e ndomor phi sm)
ql (x oy )
I
( idemp o tence )
f(x ,x)
f (x ,y)
!
DR :
f {x,g {y ,z»
D f{ g {x,y) , z) L:
f( x ,f (y ,z» f {y, x ) g (f (x,y ) , f (x , z » g(f {x , z) ,f {y,z »
Py. An ET-proof for A would then be the tree q given as:
... 1IIl,\y· ... Il,\%.... p%V Py]+-
+-
[l1IA% [lTIAx
p%V Pu) +- [ PtI V PuJl p% V Pv) +w [ Pwv PvllJ.
383
,.+·+·..
Here, Dp(q) = PtI V PulA "",["",Pw V PtllJ. The imbedding relation is the pair tI -
Let A be a
3.14. Soundness and Relative Completeness ror ET·Proors. formulao. A if and only if A Iuu an ET-proof.
r,.
This theorem is what we shall consider our higher-order version of Herbrand's theorem. The reader is referred to [16] for the details of this proof. The relative completeness A then A has an ET-proof, is proven by using the Abstract Consisresult, i.e. if tency Property in [11. The central result concerning Abstract Consistency Properties is based on Takahashi's proof of the cut-elimination theorem for higher-order logic [221. Since i is non-extensional, Henkin-style general models do not correctly characterize derivability in i. Hence, the completeness result is stated relative to the notion of derivability and is not based on a notion of validity.
r,.
3.1&. Definition. An expansion tree is grounded if none of its terminal nodes are labeled with formulas of the form JIB. An ET-proof is a grounded ET-proof if it is also a grounded expansion tree. I
A formula has an ET-proof if and only if it has a grounded ET-proof. 4.
List Representations or Expansion Trees
We shall now present a representation of expansion trees which is more succinct and more suitable for direct implementation on computer systems. We shall no longer consider the logic connectives A and:) and the quantifiers V and 3 to be abbreviations. This will help make list representations of expansion trees more compact. The set of all list structures over a given set, 5, is defined to be the smallest set which contains 5 and is closed under building finite tuples. Since expansion and selection nodes in an expansion tree must occur under an odd and even number of occurrences of negations respectively, we need to be careful how we imbed expansion trees under negations when we attempt to build up larger expansion trees from smaller ones. This explains why we need to consider so many cases in the following definition. 4.1. Definition. Let 5 be the set which contains the labels SEL and EXP and all formulas of T. Let be the smallest set of pairs (R, A), where R is a list structure over 5 and A is a formulas, which satisfies the conditions below. We say that a variable y is selected in the list structure R if it occurs in a sublist of the form (SEL y R').
e
(1) If A is a boolean atom and R is a A-normalform of A, then (R, A) E "'"A) E e. Here, "'" R is shorthand for the two element list ("'" R). (2) If (R, A) E
e and ("",R,
e then (R, B) E e where A conv B. e
e.
(3) If (R, A) E then ("'" "'" R, "'""'" A) E In cases (4), (5), and (6), we assume that R l and ~ share no selected variables in common and that Ai (A2 ) has no free variable selected in ~ (Rd.
e
(4) If (R l , Ad E and (~, A z ) E ((1\ R l ~), Ai 1\A z } E
e.
e then
((V R l
~), Ai
V Az} E
e and
384
(5) H (.....RI, .....A I) E t and (..... ~, ..... A~) E and (....(/\ R I ~) . ...... AI/\A~) E
e.
e
t
then (..... (v RI
~),
-« ,
AI
V A~)
E
t
e
(6) H (.... RI .....Ad E and (~,A2) E t then «~ RI ~),AI ~ A2) E and (.... (~ ~ Rd......A:I ~ AJl E In cases (7). (8). and (9). we assume that y is not selected in R and that y is not free in [A%P] or in B.
e.
e
e.
(7) H (R, [A%Ply) E then «SEL y R), V % P) E (8) H (....R, ....[A%P)y) E t then « .....(SEL y R» ...... 3 % P) E (9) H (R, By) E
t
then «SEL y R), rrB) E
e.
e.
In cases (10), (11). and (12), we must assume that for distinct i,i such that 1 ~ n, R; and R; share no selected variables and that no variable free in !A%P jti is free in Rj .
i.i
~
= 1•. ..• n, (R;, [A%Pjti) E t
(10)
H for i
(11)
H for i = 1, . .. .... '1% P) E t .
t.
,n. (.. . R;, .... [A%P)t;)
then «EXP (t l Rd .. . (t" R,.»,3 E
t
%
P) E
then (....(EXP (t l Rd . .. (t" R,.»,
H fori = 1, . .. . n, (.....R;. .... Bti) E t then (.....(EXP (t l Rd .. . (t" R,.», rrB) E t. I The pair (R, A) E t represents - in a succinct fashion - an expansion tree. Notice that the only formulas stored in the list structure R are those used for expansions and selections and those which are the leaves of the expaneion tree. Expansion trees as defined in §2 contain additional formulas which are used as "shallow formulas" to label expansion and selection nodes. These formulas. however, can be determined up to Aconvertibility if we know what the expansion tree is an "expansion" for. Notice, that one list structure alone may represent several expansion trees. For example, (EXP (a P aa» could represent an expansion tree for 3 % Pes, 3 % Paz, and 3 x Paa. H we keep this complication in mind. we can informally considered list structures as expansion trees. (12)
4.2. Example. The expansion tree in Example 3.13 can be written as the list structure: (EXP (u (SEL
5.
II
(~
PII Pu)
»(v (SEL
w (~ Pw PII) ))).
Natural Deductions
Beyond the fact that ET·proofs are sound and (relatively) complete for r, they also have several other pleasing properties, for both theoretical and practical concerns. We shall illustrate this claim by showing how ET.proofs can be converted to natural deductionstyle proofs. This investigation is an immediate extension of the work described by Andrews in [41. In that paper, Andrews showed how natural deduction proofs could be constructed by processing incomplete proofs, called ouUines, in both a top-down and bottom-up fashion. In these outlines, certain lines. called sponsoring lines, were not justified. To each sponsoring line is associated a (possibly empty) list of justified lines which appear earlier in the proof and which might be required for completing the
385
proof of the sponsoring line. These lines are called supporting lines. Proof lines which are either supporting or sponsoring are called active. Incomplete proofs built in this fashion are such that their asserlions are subformulas of the original theorem. (Notice that in higher-order logic, this is stretching the usual meaning of subformulas.) Using ih is fad, we shall be able to attach to each active line an expansion tree (actually a list representation) lor the assertion in that line. These expansion trees, which are essentially sub-trees of the ET·proof of the original theorem, provide the information necessary to determine how an active line should be "processed." Beyond the fact that the conversion process describe below works for higher-order logic, this process differs in two other important ways from the process described in (4). First, Andrews used a structure called a plan to provide the information which would indicate how to process active lines. ET-proofs, when restricted to first-order logic, contain the same kind of information as plans. Plans, however, are defined with respect to several global properties of formulas. This makes it awkward (in theory and practice) to construct new plans for new subproofs. Since subtrees or the negation of subtrees of expansion trees are themselves expansion trees, it is much easier to build new ET-proofs for new subproofs. Secondly, Andrews actually considered subproofs to be based on a sponsoring line and its hypotheses while we consider subproofs to be based on sponsoring lines and their supports. These differences allow us to give a complete analysis of this transformation process. Below we provide formal definitions for the concepts informally discussed above. In the rest of this paper, all ET·proofs will be assumed to be grounded. 6.1. Definition. By a natural deduction proof we mean a Suppes-style proof structures [211. Such systems emphasize reasoning from hypotheses instead of axioms. An incomplete natural deduction proo/is a list of proof lines some of which are justified by NJ - the non-justification label. Such lines represent subproofs which must be completed. The rules of inference in this system are those listed in [4] along with a rule for ~·conversion. The rules of existential generalization and universal instantiation are ! examples of two rules of inference. 6.2. Example. The following is an example of an incomplete natural deduction proof. (1) 1 f- 3 c Vp .13 u .pu] ::) .p.cp Hyp (2) 2 l- V:c 3y .P :cy Hyp (3) 3 f- V P .13u .pul ::) .p.cp H yp (16) 2,3 f- 31 Vz .P z .l z NJ (17) 1,2 f- 3/Vz .Pz.lz RuleC :1,16 (18) 1 f- [V:c3y .P:cy]::).3/Vz.Pz.lz Deduct: 17 (19) f- [3cVp .[3u.pu]::).p.cp!::) [V:c 3y .P :cyl ::) 3/ VZ .Pz.f« Deduct: 18 Here e is a variable,(o,), p is a variable"., P is a variable"... / is a variable,.. and :c, y, u are variables,. I
Z,
In what follows, we shall use .L to represent a false statement. It can be treated as an abbreviation for p" -po We shall also let .L stand for both the expansion tree for .L and for the list representation for this expansion tree. If .L occurs as one of the
386
disjuncts of a formula, we shall assume that that formula is an abbreviation for the formula which results from removing .L as a disjunct. 6.3. Definition. A proof outline, 0, is the triple, (L, p, {R,}), where:
(1) L is a list of proof lines which forms an incomplete natural deduction proof. A line with the justification N J corresponds to a subproof which must be completed. Let L o be the set of all lines labels in L which have this justification. These are called the sponsoring lines of O. (2) P is a function defined on Lo such that whenever z E Lo, p(z) c L \ Lo and all the lines in p(z) precede z in the list L. Whenever I E p(z), we say that z sponsors I, I supports z, z is a sponsoring line, and I is a supporting line. A line is active if it is either a supporting line or a sponsoring line which does not assert .L. (In the outlines we shall consider, only sponsoring lines may assert .L.)
(3)
{R,} represents a set of list structures, one for each active line, such that if I is a supporting line, then (.... R" ..../) E and if I is a sponsoring line, then (R" 1) E
e
e.
(4) If line a supports line z then the hypotheses of a are a subset of the hypotheses of z, If L o is not empty, we define the following formulas and expansion trees. For each z E L o set A z := [VIEP(z) ....lj V z (where line labels stand for their assertions) and let Qz be the expansion tree for A z represented by the list structure (v (V1EP(z) ....R,) R z ).
The following condition must also be satisfied by an outline. (5) If L o is not empty, then Qz is a (grounded) ET-proof for A z for each z E L o. It is easy to show that 0 has an active line if and only if L o is not empty. We say that 0 is an outline for A if the last line in 0 has no hypotheses and asserts A. I
The ET-proof Qz roughly corresponds to a plan for the sponsoring line z as described in [4]. 6.4. Delinition. Let A be a formula and R a list representation of an ET-proof for A. Let z be the label for the proof line
(z)
f-
A
NJ,
and set L:= (z), p(z) = 0 and R z := R. Then 00 := {L,p, {R,}) is clearly an outline. I We call this outline the trivial outline for A based on R. 6.5. Example. An example of a proof outline is given by setting L = (1,2,3, 16, 17, 18, 19), p(16) = {2,3} and
s«
= (EXP (z (SEL y pzy))) Ra = (EXP (pz (:) (EXP (y pzy)) pz.c.Pz))) R I 6 = (EXP ([).V.C.PII] (SEL z pz.c.Pz)))
where the lines in L are those listed in Example 5.2. It is easy to verify that (v .... ~ (v ....Ra R 16 )) represents an ET-proof of ....2 v ....3 V 16 and that {L,p, {~, Ra , R I 6 } ) is an outline. I
387
5.6. Deftnition. A formula t is admi$sible in 0 if no free variable in t is selected in R, for any active line I. I The D- and P- (deducing and planning) transformations described in [4) can now be used in this setting if we describe how each such transformation attributes expansion trees to each new active line. We illustrate how this is done with the P-Conj and D-All transformations. IT some sponsoring line z in an outline 0 = (L,p, {R,}) is of the form NJ
then R. is of the form (A HI ~). Applying P-Conj to line z will result in an outline 0' = (L', I, {H[}), where L' contains the new sponsoring lines
(%) Jl
NJ NJ
(y) Jl
and line a has its justification changed to RuleP: %, y. Also, P'C%) and p'(y) are set equal to pea), and R~ := RlI R~ := ~. I agrees on all other sponsoring lines of 0', and R( := R, for all active lines of 0' other than % and y. This application of P-Conj has reduced the subproof based on line a to the two subproofs based on lines % and y. IT the outline 0 contains a supporting line a of the form
(a) Jl
f-
"1% P
Hu/eX
for some justification RuleX (other than NJ), then Ra has the form (EXP (tl Rtl... (t,. R,.)). IT anyone of the terms t l , ••• ,t,. is admissible within 0, say ti, then D-All can be applied to line a by doing a universal instantiation of it with ti. L' is then equal to L with the line h, shown below, inserted after line a.
(h) Jl
f-
V1:a.
Here it is assumed that in this substitution, bound variables are systematically renamed to avoid variable capture. Also, R1 := ~. IT n ~ 2 then line a must remain active, so
and for each sponsoring line a such that a E p(z), set I(z) := p(z) u{h} (i.e. h is a cosupport with a). IT n = 1, then line a is no longer active so b replaces a as a support - that is, for each sponsoring line z such that a E p(z), set p'(z) := p{z) \ {a} u{h}. In either case, l(z) := p(z) for all other sponsoring lines of 0 and R( := R, for all active lines I =I a of O. It is straightforward to verify that 0' = (L', I, {Rf}) is an outline. It is possible to show that at least one expansion term associated with such active lines in 0 must be admissible, so requiring that the tertIU! introduced in a universal instantiation (or introduced in a bottom-up fashion by P-Exists) be admissible is always possible to meet. This restriction to admissible terms is necessary to guarantee that
388
when variables are selected in the P-All and P-Choose transformations, they do not already have a free occurrence in the current proof outline. A simple, naive process of transforming an ET-proof, represented by the list structure R, for the theorem A, would then start by successively applying either D- or Ptransformations to the trivial outline for A based on R and finish when a.ll the subproofs generated can be recognized as instances of the RuieP transformation.
6.
Focused Construction of Proof Outlines
The proof outlines produced by the naive method described above will often turn out to be very inelegant for at last two reasons, which we willexamine here. An implementation of this naive algorithm was made in the computer program TPS (see [15]) and it was frequently found that many of the supporting lines for a given sponsoring line were not really needed to prove that sponsoring line. The naive algorithm contained no way of checking for this since it was provided with no ability to "look ahead." Hence, may applications of D- and P- rules were not necessary and the resulting, completed natural deduction proofs were much longer and redundant than necessary. The naive algorithm was also not equipped to recognize when it could backchain on a supporting line which asserted an implication, since backchaining also requires looking ahead to see it if can actually be applied. Hence, the naive procedure always treated such implicational linea in the most general possible way - by using its equivalent disjunctive form in the form of an argument from cases. Implicational support lines were always used in a very unnatural fashion. The information which would supply a transformation process with the necessary ability to look ahead is contained in a mating which is present in the tautology encoded in the ET-proofs of each subproof of a given outline. We now need several definitions. 6.1. Definition. If Jh and Jh are sets, define Jh till ..42 := {el u 6 I 6 E Jh, e2 E Jh}. Let D be a A-normal formulas. We shall define two sets, CD and VD , which are both sets of sets of b-asom subformula occurrences in D, by joint induction on the boolean structure of D. CD is the set of clauses in D while VD is the set of "dual" clauses in D. Dual clauses have been called vertical paths by Andrews (see [5]).
(1) If D is a b-asom, then CD := {{D}} and VD := {{D}}. (2) If D = -D 1 then CD := VD, and VD := CD,. (3) If D = D 1 V D 2 then CD := CD, iIJJ CD. and VD := VD, U VD•. (4) If D = D 1l\D2 then CD := CD, uC D• and VD := VD , UlJ VD•. (5) If D = D 1 :.) D2 then CD := VD, UlJ CD. and VD := CD, U VD•. I 6.2. Definition. Let D be a A-normal formula.; Let .M be a set of unordered pairs, such that if {H, K} E .M and Hand K are b-asom subformula occurrences in D, then Hand K are contained in a common clause in D, H conv-! K, and either H occurs positively and K occurs negatively in D, or H occurs negatively and K occurs positively in D. Such a set .M is called a mating for D. If {H, K} EM we say that Hand K are oM -mated, or simply mated if the mating can be determined from context. If it is also the case that for all E CD there is a {H, K} E .M such that {H, K} c then we say
e
e,
389
that M is a clause-spanning mating (cs-mating, for short) for D. In this case, we shall also say that M spans D. H Dis a set of A-normalformulas o , we say that M is a mating (cs-mating) for f) if M is a mating (cs-mating) for V f). Here, the order by which the I disjunction V D is constructed is taken to be arbitrary but fixed. The notion of a mating used by Andrews in [5] is a bit more general than the one we have defined here. In that paper, a mating, M, is a set of ordered pairs, (H, K), such that there is a substitution 0 which makes all such pairs complementary, i.e. OK = -OH. Except for this difference, the notion of a cs-mating corresponds very closely to his notion of a p-acceptable proof*-mating. Bibel in [7] also exploits matings for various theorem proving and metatheoretical application. 6.3. Proposition. a cs-mating.
Let D be in A-normal form. D is tautologous if and only if D has
6.'. Definition. Let f) be a finite, nonempty set of formulasg, and let M be a mating for f). With respect to D and M, define ~o to be the binary relation on f) such that when D I , D2 E f), D I ~o D2 if D I contains a b-asom subformula occurrence Hand D 2 contains a b-atom subformula occurrence K such that {H, K} E M. Let ~ be the reflexive, transitive closure of ~o. Clearly ~ is an equivalence relation on f). H D ED, we shall write [D].. to denote the equivalence class (partition) of D which contains D. The following proposition is easily proved. I 6.5. Proposition. Let f) be a finite, nonempty set of formulaso ' If M is a cs-mating for f) then M spans at least one of th.e ~-partitions of D. Th« conflerse is trivially true. 6.6. Definition. Let 0 = (L,z, {~}) be an outline. Let Dr be the formula Dp(Q,) if I is a sponsoring line or Dp(-Qd if I is a supporting line. Now define liz := {D,} U {Dr II E p(z)} if z does not assert .L and f)z := {Dr II E p(z)}, otherwise. Notice that for each z E Lo, Dp(Qz) = V Dz . Now let Mz be a cs-mating for Dp(Qz) for each z E L o and set oM := UzELo Mz. M is called a cs-mating for O. (Notice that .M is also a cs-mating for each Dp(Qz).) We say that 0 is .M-focused if for each z E Lo, Dz is composed of exactly one ~-partition. I 6.7. Example. If 0 is the outline in Example 5.5, then
D2 = -pzy D3 = -[Pzy:J pz.c.pz] D I 6 = Pz.c.Pz VDI 6 = .... Pzyv -[Pzy:J pz.c.pz] V pz.c.pz] Notice that DIG is tautologous. If we let AI, A2, A3, A4 represent the four b-atom I occurrences in DI 6 then a cs-mating for DIG would be {(AI, A2), (A3, A4)}. Let 0 = (L,z,{~}) be an outline and let M be a cs-mating for O. If 0 is not M-focused, then there must be a z E L o such that Dz has too many members, i.e. there are at least two ~·partitions of Dz • What we need is a thinning outline transformation which will permit us to deactivate lines in 0, there by removing elements from Dz • As long as the resulting Dz is still spanned by M, the result of the thinning transformation will satisify the requirements of being an outline. The thinning transformation works as follows. Let outline 0 and a cs-mating M for 0 be such that 0 is not M-focused. Let z be sponsoring line such that Dz contains
390
more than one ~-partition. By Proposition 6.5, there is at least one ~-partition P C f)~ such that .M spans P. Set P' := p \ f)~. For each supporting line I of z such that I E pI, the thinning transformation modifies the value of p(z) by removing I from it. If it is the case that Dz E pI, then the supporting lines in P are strong enough to prove .1, from which the assertion in line z follows immediately. In this case, the thinning transformation must add the new sponsoring line
(y) )(
f-
.1
NJ,
where )( is the set of hypotheses for line z. The justification for line z is changed to RuleP: y. The supports for line yare those lines which were supporting line z and were not thinned out as described above.
7.
Baekehaining
Using the mating information contained in the Dp-values of the expansion trees associated with each active line of an outline provides the outline transformation process with enough information to look ahead and identify unnecessary supporting and sponsoring lines. This same look ahead will help us determine when we should backchain on an implicational support line. Consider the outline fragment
(a) )( f(z)
RuleX NJ
f-
)(
(0')
where we have already determined that line a is a necessary support of line z, and RuleX is the justification for line a. One way to use line a in proving line z is to apply P-Cases (see [4]) to the lines in (0'), which would then yield the following lines.
(a) (b) (m)
(n)
)(
f-
b f)(, b f-
(y)
n }(,n
(z)
)(
fff-
.....Al V A 2 -Ai B A2 B B
RuleX Hyp NJ Hyp NJ Cases: a, m, y
(Til
It may turn out that this new outline is no longer focused for at least two reasons. First, line m may be proved indirectly from its sponsors, which now includes line b. In other words, f)m may contain a partition P such that Db E P but Dm !f. P. Hence, -Ai .is used to prove.i. The proof could, therefore, be reorganized so that we instead try' to prove Ai directly. In this case, we should apply the new D-ModusPonens transformation to the lines in (0') to yield the following lines.
(a) (m)
(n)
(y) (z)
)( )( )( )( )(
fffff-
.....Al V A2 Ai A2 A2 ::>B B
RuleX NJ R'uleP: a,m NJ RuleP: Y,n
(T2)
391
Lines m and Y are new sponsoring lines and they share the supports which z had, less line a. Notice that R". has the form (v -RI R.i) for some list structures R I and R.i . In the new outline, we set R:,. := R I and R~ := (:J R.i R,,). The new outline will be focused. Another way the outline containing the lines in (TI) may not be focused is that line y is proved indirectly from its supports. In this case, we need to backchain on the contraposltive form of line a, i.e. we should apply the new D-ModusTollens on the lines in (0") to yield the following lines.
(a)
}{ I-
(m) }{ II-
(n)
}{
(y) (z)
}{ I}{ I-
-AI V A 2 -A 2 -AI -AI:J B
B
RuleX NJ RuleP: a,m NJ RuleP : Y,n
If in fact the outline containing the lines in (Td was focused, then neither DModusPonens or D-ModusTollens could not be used on line a, and we actually needed to treat line a as a disjunction by applying P-Cases. Of course, all these comments apply equa.lly well when line a asserts a formula of the form Al :J A2 •
8.
Other Forms of Natural Deduction
There are several different formats of proofs which have been called natural deduction, and, at first glance, the problems encountered in converting ET-proofs to these other proof formats might appear to be quite different than the problems encountered in building the Suppes-style proofs of the previous sections. This is genera.lly not the case. For example, the transformation process already described produces , in a sense, proofs in Gentzen's LK format [131. For each sponsoring line z in a given outline, consider the sequent, p(z) -+ z, where line labels are used to refer to their assertions . Hence, to each outline there corresponds a set of sequents which represent the unfinished subproofs of that outline. The D- and P- transformations can then be seen as ways of taking the sequents of one outline and replacing some of them with logicia.lly simpler sequents. These simpler sequents can then be joined using derived rules of the LK-calculus to yield the sequents they replace. In this fashion, an entire LK derivation can be built. Of course, for this to work in higher-order logic, we would need to add an inference rule for A-conversion, but this is the only essential addit ion needed for this accommodation. LK derivations built in this fashion will contain no instances of the cut inference rule. Thus, by using our relative completeness result for ET-proofs, if A is a theorem of T, A has an ET-proof which can be converted to a cut-free LK derivation. Via the transformation process, our version of Herbrand's theorem can thus be used to prove Gentzen's Hauptsatz. See [16) for a complete account of how ET-proofs can be converted to LK deriviations.
o.
Acknowledgements
I would like to thank Peter Andrews and Frank Pfenning for many valuable comments concerning this paper and the work reported in it.
392
10.
Bibliography
[1]
Peter B. Andrews, "Resolution in Type Theory," Journal of Symbolic Logic 36 (1971), 414-432.
[21
Peter B. Andrews, "Provability in Elementary Type Theory," ZeitBchrift fiir Mathematische Logik und Grundlagen der Mathematik 20 (1974), 411-418.
[31
Peter B. Andrews and Eve Longini Cohen, "Theorem Proving in Type Theory," Proceedings of the Fifth International Joint Conference on Arti/kial Intelligence 1977,566.
[4]
Peter B. Andrews, "Transforming Matings into Natural Deduction Proofs," Fifth Conference on Automated Deduction, Le« Arcs, France, edited by W. Bibel and R. Kowalski, Lecture Notes in Computer Science, No. 87, Springer-Verlag, 1980, 281-292.
[5]
Peter B. Andrews, "Theorem Proving Via General Matings,;' Journal of the Association for Computing Machinery 28 (1981), 193-214.
[6]
Maria Virginia Aponte, Jose Alberto Fernandez, and Philippe Roussel, "Editing First-order Proofs: Programmed Rules vs. Derived Rules," Proceedings of the 19S. International Symposium on Logic Programming, 92-97.
[7]
Wolfgang Bibel, "Matrices with Connections," Journal of the Association of Computing Machinery 28 (1981), 633-645.
[8]
W. W. Bledsoe, "A Maximal Method for Set Variables in Automatic Theorem proving," in Machine Intelligence g, edited by J. E. Hayes, Donald Michie, and L. I. Mikulich, Ellis Horwood Ltd., 1979, 53-100.
[9]
W. W. Bledsoe, "Using Examples to Generate Instantiations for Set Variables," University of Texas at Austin Technical Report ATP-67, July 1982.
[10]
Alonzo Church, "A Formulation of the Simple Theory of Types," Journal of Symbolic Logic Ii (1940), 56--68.
[I1J Gerard P. Huet, "A Mechanization of Type Theory," Proceedings of the Third International Joint Conference on Artificial Intelligence 1973, 139-146.
[12]
Gerard P. Huet, "A Unification Algorithm for Typed A·calculus," Theoretical Computer Science 1 (1975), 27-57.
[13]
Gerhard Gentzen, "Investigations into Logical Deductions," in The Collected Papers of Gerhard Genizen; edited by M. E. Szabo, North-Holland Publishing Co., Amsterdam, 1969,68-131.
[14]
D. C. Jensen and T. Pietrzykowski, "Mechanizing w-Order Type Theory Through Unification," Theoretical Computer Science 3 (1976), 123-171.
[15]
Dale A. Miller, Eve Longini Cohen, and Peter B. Andrews, "A Look at TPS," 6th Conference on Automated Deduction, New York, edited by Donald W. Loveland, Lecture Notes in Computere and Science, No. 138, Springer-Verlag, 1982, 50-69.
[16]
Dale A. Miller, "Proofs in Higher-order Logic," Ph. D. Dissertation, CarnegieMellon University, August 1983. Available as Technical Report MS-CIS·83·37
393
from the Department of Computer and Information Science, University of Pennsylvania. [17]
Frank Pfenning, '"Analytic and Non-analytic Proofs," elsewhere in these proceedings.
[18]
T. Pietrzykowski and D. C. Jensen, '"A complete mechanization of w-order type theory," Proceedings of the ACM Annual Conference, Volume I, 1972,82-92.
[19]
Tomasz Pietrzykowski, '"A Complete Mechanization of Second-Order Type Theory," Journal of the Association for Computing Machinery 20 (1973), 333-364.
[20]
J. A. Robinson, '"Mechanizing Higher-Order Logic," Machine Intelligence inburgh University Press, 1969, 151-170.
[21]
Patrick Suppes, Introduction to Logic, D. Van Nostrand Company Ltd., Princeton, 1957.
[22]
Moto-o-Takahashi, '"A proof of cut-elimination theorem in simple type-theory," Journal of the Mathematical Society of Japan 19 (1967), 39~1O.
[23]
Alfred Tarski, '"A Lattice-theoretical Fixpoint Theorem and Its Applications," Pacific Journal of Mathematics li (1955), 285-309.
4, Ed-
394
Analytic and Non-analytic Proofs Fran k Plcnn iug Department of Mathematics Carnegie-Mellon University Pittsburgh, PA 15213
o.
Abstract
III au toruntcd theorem proving different kinds of proof systems have been used. Tradi~ t.ional proof systems, such as Hilbert-style proofs or nat urul deduct.ion we call non-analytic, while rosolut.ion or mal.ing proof systems we call analytic. There arc runny good reasons to study the connections between analytic and lion-analytic proofs. We would like a theorem prover to make officicnt use of both analytic and non-analytic methods to gel. the best of both worlds.
In this paper we present an algorithm for translating from a particular non-analytic proof system to analytic proofs. Moreover, some results about the translation in the other direction are reformulated and known algorithms improved. Implementation of the algorithms presented for use in research and teaching logic is under way at Carnegie-Mellon University in the framework of TPS and its educational counterpart ETPS. Finally we show how to obtain non-analytic proofs from resolution refutations. As an application, resolution refutations can be translated into comprehensible natural deduction proofs.
1.
Introduction
In automated theorem proving different kinds of proof systems have been used. Traditional proof systems, such as Hilbert-style proofs or natural deduction we call non-analytic, while resolution or mating proof systems we call analytic. There are many good reasons to study the connections between analytic and non-analytic proofs. We would like a theorem prover to make efficient use of both analytic and non-analytic methods to get the best of both worlds. The advantages of analytic proofs are well known. One of the most important advantage is that they seem to be ideally suited for an efficient automatic search for a proof on the com pu ter. On the other hand there is much to gain from the use of non-analytic proof systems in addition to analytic methods. Non-analytic proofs can be presented in a comprehensible and pleasing format. If we can translate, say, resolution refutations into legible non-analytic proofs, we can help the mathematician understand the automatically generated proof. Valuable work here has been done by Miller [10]. The natural deduction proofs obtained from mating refutations are often elegant and easy to understand and use such mathematically common concepts as proof by contradiction and case-analysis, and make use of intuitive operations such as backchaining. Better translations which arc the object of current research would make this even more useful for a wider class of theorems. The ability to freely translate between analytic and non-analytic proofs also gives us a tool for creating a more elegant natural deduction style proof from a given one. We would
395
translate a given proof into an analytic proof, possibly transform this analytic proof into a shorter one, and then build a new natural deduction style proof from it in a canonical fashion. Good translation procedures can also serve as a valuahle research tool. Heuristics and lemmas of use to a theorem prover can often be discovered and formulated naturally in some non-analytic proof style. The ability to translate these into an analytic format may help to incorporate them into a theorem prover. Moreover, if we can translate automatic proofs obtained with and without a certain heuristic , we may gain deeper insight int.o the nature and performance of the heuristics. Another perhaps more immediately important application is in the use of these procedures in compnl.er-nidcd instruct.ion in logic. The student will at.tempt his proof in a deductive format, e.g. in a natural deduction style, on the computer. The analytic proof of the exercise can he found beloreluuul by an automated theorem prover eiuploylug resolution or a mating procedure, or even constructed from a sample natural deduction proof given by the teacher. This analytic proof can then be used to guide the student through his own attempts to prove the theorem by suggesting which inference rules may be appropriate when the student asks for help. Moreover, when the student is done, a "normalizing" procedure like the one described above can demonstrate to the student how he might have proven the theorem more elegantly or efficiently. A system called ETPS, which will contain all these features, is currently under development at Carnegie-Mellon University. There is also a very good complexity-theoretic reason why a theorem prover may want to make use of non-analytic as well as analytic methods. A result by Statman [14] shows that there are theorems which have "short" non-analytic proofs, but no "short" analytic proofs whatsoever. He exhibits a sequence of theorems (from the theory of combinators) whose
.., }
d. (d is the number of connectives and quantifiers shortest possible analytic proof is 22 " of a theorem X, and I the length of a non-analytic proof for X.) This lower bound is not Kalmar-elementary, and there are therefore theorems which cannot be practically proven by purely analytic methods which have short non-analytic proofs.
Let us now try to make more precise the distinction between analytic and non-analytic proof systems. The term "analytic" was introduced by Smullyan in [13] and conveys the idea that the proof (or refutation) procedure analyzes the given formula. An analytic proof has a very strong subformula property: Only sub formulas of the theorem and their instances will appear in an analytic proof. In the field of automated deduction the discovery of analytic proof systems such as resolution [12] went hand in hand with the beginning of research. The mating approach [3] and a similar method by Bibel [4] are other examples of analytic proof systems. Examples of non-analytic methods in automated theorem proving can be found in Bledsoe's survey [6] of non-resolution theorem proving. This includes approaches like termrewriting, built-in inequalities, forward-chaining, models, and even counterexamples. Some of these approaches may be called non-analytic, since they sometimes consider formulas not part of the proposed theorem. Many of the stimuli here come from mathematics rather than pure logic. Hilbert-style, Gentzen-style [7], or natural deduction style systems are all examples of traditional non-analytic proof systems. In general they do not obey the subformula property. Usually Cut or Modus Ponens is used to eliminate the helpful formulas, which are not part of the theorem, but substitutivity of equivalence or equality may be used as well. The use of Cut itself does not characterize non-analytic proof systems, as can be seen from the case of resolution, where the cut formulas arc all suhformulas of the given theorem.
396 Andr ews ha s shown in 1 21 how to conve rt matin gs int.o natu ra l ded uct ion proofs. Miller 19] t ook t his work fur t her by generalizing it to higher-ord er logic an d also add ressing q uest.ions of sty le in th ese pro ofs. Som e rd at .,,) work was also done by Bihtd ill 151. Au algoritl uu tran slati ng in th e ot her dir ect ion is t he main contribu t ion of this pav er. T he ability to readil y translat e in eit her dir ection bet ween analytic and non-analyt ic proofs (in th e case of t he Imp lem en tat. iou ill Tl'S between expa nsion p ro ofs and na t ur nl dedu ct ion style proofs) gives us all the afor emention ed adv aut ngcs. As a rcp reseu t.ati vc of non-an aly tic proof systems we pick I' , mainly for its couccpt.ual cla rity a nd simp licity of cu t-eliminat ion. I" which is described in section 2 is closely related to the sys te m [,[( of G en tzen 171 an d a relate d syste m of Smu llyan 113]. Following Miller in [9j, who works in th e sctt.ing of higher ord er logic, we define a purely an nlyl.ic proof syste m in sr-ct iou 3. Expan5ion proo fs, as t. IICY ar c ca lled , arc very nnturnl and conve nient and very conc isely represen t the in formation contained in an analyt ic proof. In section 4 we give a new exposi t ion of part .of Miller 's work in ter ms of our analytic and non -analytic first-order proof syst ems. This exposition prov ides th e reader with a selfcontained and unified treatment of the translations between the vari ous proof styles. We also handle conjunction in a new way, thus creating stylistically different pro ofs. As the main part of this paper, we give an explicit algorithm which t ran slates r-proofs into expansion proofs in sections 5, G, and 7. Expansion pr oofs ar e very milch different from the kind of analytic proofs G entz en or Smullyan cons id ered, thou gh some of th eir ideas, in particular for cut-elimination, are us ed. Our merge al gorithm wh ich deals with the inference rul e Contraction is a significantly improved version of Miller 's [9] MERGE , which generally prod uces much larger exp ansion trees. Andrews in [1] has given an algorit hm whi ch comp utes a mating from a resolu t ion refutatio n. In sectio n 8 we state and prove the correctn ess of a different algor ithm which tr ans lat es res olution refu t ations into expansion proofs, which do no t make use of Skolem -Iun ct ions or conj unctive normal forms and satisfy a quite di fferent acceptability crit erion from An drews'. We thu s give a two-step procedure by whi ch re solu ti on refu ta tions can b e tran slated into I··proofs, or, in on e more step , in to na tural deduction proofs. Space do es not permit to include he re non-trivial examples illustrating th e various algorithms. Detailed examples for all th e translation procedures pre sented here are given by the author in (11].
2.
The Systems I and
t:
Our non-analytic proof syste m is r-, which builds up on simi lar syste ms of Gentzen (7] and Smullyan [13]. 1· is particul arly well suited for the descri pti on of our algorit hms. Notice, for instance, that any theorem derived in 1 · is automatically in negation normal form. The work done here can easily be gen eralized to other superficially riche r systems of first-order logic. To simplify some of our exp osition we introduce a system 1 wh ich is identical to 1" but doe s not contain the rule of Mix (a vari ant of Cut). Our formulation of first-ord er logic includes the proposit ional connectives V, A, -', the quantifiers 3 and \;f an d an infinite nu mber of individual vari ables and const an ts. Function constants of arb it rary finite arity are also permitted. An atomic formula is of the form PtJ _. . t n for an n-ary predicate P and term s t l , _. _, tn- A literal is of th e form A or -,A for an atom ic formula A . A formula is in negation normal form if the scope of each negation is
397
atomic. l':ach first-ord er form ula has a classically equi valent formula in negati on normal form, and we generally assume our form ulas to be in negation normal Iorm. X lv /a J is our notation fur the result of subst.il.ul.ing II for th e [rce occurrences of v ill X . We write n n fo nnu la for a for m ula in neg at ion norm al form . \Ve do not assume th at. formulas are alphabetically nor mal , exce pt in section 8 wh ere we talk ab out resolu t ion refut atio ns. Sometimes we wr it.e XX to indi cate th at an equation is valid for hoth conjunc t ion a nd dis] unction . Nod es in a pro of-t.rce in 1 we call lines. A line in I is a multi-set of fo rmulas . Th is form ula t.iou is halfway b etween Gen t.zen 's (sequ ent.s) and Smullyau's (s<>l.s). Th e rea son for choosing t his pnr t.icular repr esentati on lies in the fact. th at contraction is an ext re mely poworful inferenc e rule of our system , W hen we t.ry to an alyze how the d f"I,t. of a cont.radion ind uces a cha nge in au associated expa nsion tree, we will see th at I he t ransforma tion is really q uite com plica te d . T hus we can not. leave contractio n imp licit , like Smullyan did , when he int roduced set s of Iorm ulus as obj ect s in the pro of. St ructurul rules like exchange, however, h ave no imp act on the logical cont ents of the formul a or proof line, We therefore leave th em imp licit in the multi-set. notation. In general we let U and V stand for multi-sets of formulas, i.e, set s where we allow the same formula to appear more th an onc e as a member. We often write U, X to mean U U {X} if U is a multi-set, The axioms of 1 are of the form
U,A,--,A where A is an atomic formula. The inference rules can be divid ed into structu ral rules, propo~ itional ru les, and quantificational ru les. The only structu ral rul e in 1 is contra ction (0 ). T here is on e prop ositional TIlle for each propositional connect ive: V -int roduction (VI) and /\ -in troduction (1\1). There is also exactl y one rule for th e quantifi ers: 3 -in troduetion (31) and V-in troduction (VI) . Structural rules Con tr action:
U,X,X U,X
c
Propositional TIlles
U,X,Y VI U,XvY
U,X V,Y AI U, V,X 1\ Y
Quant ificational rules
U,X [v/t ] 31 . U,3vX , t a term free for v ill X. U,X[v/a] i U ,vV U X• U,VvX VI ' a not free ree 111 U, V contain the side -formulas of an inference rule . Th ey may b e empty. The proposit ional and q uantificational infer ence ru les correspond to Smullyan's [13] rul es Q, fl, "I, 6. System 1 is complete in the sense th a t we can derive th e negati on norm al form of every valid formula in classical first ord er logic. This follows almost inun cdiatcdly from Smullyan's
398
form of t he completeness res u lt for Gen tzen syste ms an d we will no t re peat t he argu m ent here . We shall a lso use th e sys tem I. " wh ich contains the rule of Mix:
X ¢' U, X ,/-V
X is th e negatio n uorm nl fOTlII of .X: Th er e must I" , at
leas t, 0 111' 0",',111'1"'1 " :" of X, the rrrix formula , in the left pre mi se and at leas t one occurrence of X ill th e figh t. p remise. Mix was intro d uced hy C"nlzen a mi is a vnri aut . of t l" , ru le of Out, and t Ill, tw o a n' ea sily shown to be equl valent .
3.
Expansion Trees
Analytic proofs in this paper ar e presented as expansion tr ees. Expan sion trees very concisely and naturally represent th e inform a t ion contained in a n an aly ti c proof, as we hope to show. They were first introduced by Miller [9] and are some what sim ilar to Herbrand expansions [8]. Some redundancies can eas ily be eliminated for an actua l implementation as done by Mill er in the context of h igh er ord er logic . The sh allow formula of an expansion tree will corresp ond to the th eorem; the deep formula is akin to a Herbrand-expansion proving t he theorem. Our formu la ti on of expansio n tre es differs onl y triv ially from Miller's in [10], if restricted to first-ord er logic. At se veral pl ac es it is con ven ient to allow n-ary conjunction and disjunction ins te a d of tr eatin g them as binary operat ions . 3.1. Definition.
We define E xpansion Trees ind nctively. Simu ltaneous ly, we a lso define
QD, t he deep formula of an exp an sion tree, wh ich is always quanti fier-free , a nd QS, the shallow formula of an expansion tree . We furth ermore place the res tr ict ion that no variable in an exp a nsion tr ee m ay be selected more than onc e. (i) (ii)
A litera l l (signed a t om ) is an exp a nsion tree. QD(l) = QS(l) = l. Literals form t h e leaves of expansion t r ees.
If Q I, .. . , Q n,
Q=
n ~ 2, are exp ansion trees, so is
A
QI
Then and
Qn
(iii) If Q1J .. . , Q", are expansion tre es s uch th at If Qr = S [v/t l ] , ... , Q~ = S [v /t n ], t; a term free for v in S for 1 ~ i ~ n, n ~ 1, then
Q=
is an expansion tree.
Then and
QD = Qf V • . . V Q~, QS = 3vS.
3vS is called an expansion node; v is th e expanded variable; tl, "" t n are the expansion terms. (iv)
If QIJ is an expansion tree such that
Qg = S[v/a] for a variable a , so is
399
Then •mel
QV =QR, QS ~,VvS.
VvS is called a selection node; a is the variable selected for this occurrence of v. To improve legibility of our diagrams we will frequently draw tree with QH = X.
&
for an expansion
Since traditional proof systems do not contain Skolcm-Iunctions, we need a different mecbanism to insure the soundness of our proofs. Following an idea of Bibd 1'11, which was picked up by Miller [9]' we introduce a relation <(J on occurrences of expansion terms. The condition that
= I, a literal.
Then C = (I) is the only clause in X.
(i)
X
(ii)
X = A V B. Then for all clauses (al,"" an) in A and (bl, ... , bm) in B, C = (al, ... , an, bl, ... , bm) is a clause in A V B.
(iii)
X = A /\ B. Then all clauses in A and all clauses in B are clauses in A r. B.
3.4. Definition. A relation on literal occurrences in a quantifier-free nnformula X is a mating .M if -.1 = k for every pair (I, k) E .M and there is at least one clause in X containing both I and k. If (I,k) E.M, I and k are said to be .M-mated. 3.5. Definition. A mating .M is said to span a clause C if there are literals I, k E C such that (I, k) E .M. A mating .M is said to be clause-spanning on a quantifier-free nnformula X if every clause in X is spanned by .M. The significance of this definition is of course that a quantifier-free nnformula X is tautologous iff there is a mating clause-spanning on X (see Andrews [3], [1], and Miller [9)). 3.6. Definition. A pair (Q,.M) is called an expansion tree proof for a nnformula X if
(i)
QS = X.
(ii) No selected variable is free in QS. (iii)
400
4.
Building I -P'roofs from Expansion Tree Proofs
The nlgorit.lun follows ideas or-Miller [9], but. we provide a different treatment of conjunction. Our algorit.luu results in shorter proofs than the more naive algorithm that always applies case (vii) below for a conjunction, but we do not achieve the full power of Miller's focusing method. In return, our method is computationally faster. In the cxposil.ion below we somct.imcs assume that. there is a unique correspondence between the formulas in it line and an associated expansion tree, even t.hough we like to think of tho line as a multi-set where several identical members are indisl.inguishablc. In general it is sufficient t.o pick any correspondence between those multiple occurrences of a formula in a line nnd t.he unique subtrees of the ussociatcd expansion tree. 4.1. Definition. 11 pair (Q, M) is an expansion t.ree proof for a line L I-proof iff (Q, M) is an expansion tree proof for Xl V··· V X".
X], ... , X" in an
4.2. Definition. Let (Q, M) be an expansion tree proof for a line L in an I -proof, and let X be a subforrnula of ,U\ element in L. Then Qlx is the part of the expansion tree Q representing X (Qli = X) , and Mix is the restriction of M to pairs both of whose elements lie in QI~. We will sometimes talk about X D instead of QI~, if the expansion tree Q is clear from the context. We shall describe an algorithm which constructs an J -proof from an expansion tree proof, starting with the nnfornmla to be proven and working upwards until every branch in the proof tree begins with an axiom. The cases given below can in principle be applied in any order. The ordering below will often, but not in general, result in the shortest proof that can be constructed with this algorithm. If an X E L is such that QI~ has no literal in a pair in M, then X is to be ignored and can only be part of a side-formula in an inference above L. Now assume L is a given line in an I -proof, and (Q, M) is an expansion tree proof for L. (i)
L
= U, A, -,A.
Then L is an axiom.
VI. (Q, M) is an expansion tree proof for U,X, Y. (ii) L = U,X V Y. Infer L by!/'J'VYy ,
(iii) L
= U,VvS.
Infer L by
U,S[v/a] VI U,VvS '
where a is the variable selected for this occurrence of S[v/aJ.
In Q we replace the corresponding subtree
By definition 3.6 and the inductive assumption that (Q, M) forms an expansion tree proof for U, VvS, a cannot be free in U or VvS, since a is a selected variable in Q. (iv)
L = U, :JvS and :JvS has n, n 2: 2 successors in Q. U,:JvS, ... ,3vS Infer L by
...
U,3vS
(n-1)xC.
401
Change Q =
Since QD = R D , (R, M) is ag..in an expansion tree proof for V, 3vS, ... , 311S. (v)
L U,JvS, and JvS has exactly one successor SlvjtJ, and no free variable in t is a variable to be selected in Q. 3vS CO"
%~J~~] 31, and replace
Infer L by
t ill Q by
A
S[v/t]
From the restriction on t it is clear that no variable to be selected will be free in S[11/t), and therefore by inductive hypothesis in V,8[11/tJ. (vi)
L = V, V, X 1\ Y such that M to any literal in V D or yD.
Mjff,X U MIv,Y, i.e. no literal in V D or X D is M-mated
Here we have to consider three subcases, (a)
(b) (c)
=
Miff is clause-spanning for VD. Then restrict the mating to )J Mlu. Then no literal in V, X 1\ Y is involved in the mating and they will only appear as side formulas in any inference above L.
M!v is clause-spanning on yD. This case is symmetric to case (a): Let Neither case (a) nor case (b) apply. Then infer
)J:=
Mly.
Lby ViT:ir, X : ; AI.
Since the problem is symmetric, we will simply show that (Q!ff,X, Mlu,x) is an expansion tree prooffor V,X. It then follows analogously that (Qlv,y, Mlv,¥) is an expansion tree proof for y, Y. The only condition we have to test is whether Mlu,x is clause-spanning on QlfJ,x' Let P be a clause in QI{J,x. Since neither case (3) nor case (b) applies, there is a clause 0 in yD not spanned by .M. Let P' be the extension of P to a clause in QD such that P'jv = 0 and P'!u,x P. By inductive assumption, pi is spanned by (I, k) E M. Not both I and" k are in v>, since M does not span O. We also assumed M:::= Mlff,x U M\v,Y and hence (I,k) E MhT,X.
(vii) L
= V,X 1\ Y
and case (vi) does not apply.
. r Lb Then mer y
V, U, X 1\ Y 0 V,XAY .
V
Modify Q
~
A'>...
V
to
go' R ~
Li/~
For every occurrence of a literal I in V, there are two occurrences of I in U,V. Call these 11 and 12 for the occurrences in the left and right copies of V, respectively. Let
402
MII,.x I}.{Ifr.l·1be th e resu lt of repla cing eve ry oc currenc e of a literal l Irom U D in M1/1.x IMlv.yl hy [I 1[2]. TllCn ),f = }.{Ilu : U }.1I ~.l' spa ns every cla use in R D. To sec th is, Jet P he a clause in R V . Theil P contains lite ral s from eit her X or Y, but not bo th. Withou t loss of gene rality , assume l' contains lite ral s in X , and let 0 be th e clause in QD which agrees with P on X a nd contains a literal
I in U D iff [I is in P . By inductive
N . But th en a lso (k l , m) E Mlk x C ),f (if m (ifm is in QI/?). T hu s I' is spa n ned hy N. Since
assumption, 0 is closed hy a pa ir (k, m)
E
is in Q I~) , or (kl,rn 1 ) C .M II,.x c » / ' was a rhit.rary, N s pa ns eVNy d an s" in
tt" ,
Now the ca se (vi) ca n h e a p plied lnuu cdiatcdly, thus red ucing th e co m plex ity of L lJ, X /\ Y to the complexities of 1.Ju, lines I I, X a url V , Y .
=
Since the siz e of connected s uhfon uulas of th e unju stifi ed lines ill t he I -proo f is dlminis hed in each step, all we need t o s how to prov e correct.ne ss is (.]I al. a t. k-ast, on e of till< cases alw ays applies. One can sec that onl y on e problem may ari se: a ll top' lev el nnforrnulas are exi stentially quantified, each of them h as ju st one subst.itution t erm , a nd all of the substitu-
tion terms contain a free variable wh ich is still to be selected. Sin ce < q has no cycles, there is a term t such that for no 5, 5 « J t. If t contained a free vari nb!e a, which were still to be selected, then the node whe re a is selected has to lie below on e of th e top-level existential quantifiers in Q. But if 5 is th e sub stit ut ion term for this node, th en by definition 3.2, 5
5.
Building Expansion Tree Proofs from I -proofs
In this section we show how to construct a n expansion tree pro of fr om a proof in I. This transla tion plays an imp or tant role in giving a translation p roc ed u re from I· into expansion tree proofs. Some ideas of Mill er [9] are used, but we proc eed enti rely construct ively, Also, th e p rocedure for merge presen t ed in cas e (vi) below results in mu ch smaller exp ansion trees than the ones obtained by Mill er 's MERGE alg orithm. M or eover , b ecause of the way we set up I· , a merge is nec essary only for contra ct ion and not inherentl y ti ed to any quantifier or logical connective. This allows a clearer exposition of the id ea s wh ich underly the translation from I-proofs in t o expansion tree proofs. The construction proceeds by in duct ion on the I -pro of t ree. Not e th a t all cases except for Contraction are very simple. This supp orts our claim that th e exp an sion t ree proof induced by an I -pro of corresponds to the I -pro of "in a natural way" . Th e b asic "id ea" underlying the original proof is retained. We now as sume we are given an in Ierence (or axiom) in I , and we have already constructed expansion tree proofs for the prem ise. We shall call this exp ans ion tree proof (Q, M) ((QJ, Mil and (Q2, M2) in the case of III). The expansion tr ee proof for the conclusion will be (R, ),f). (i)
We have an axiom U, A, -,A. V
Then N
= {(-'A,A)}
and 17.
~ 6/ 1 ~
=
In Qlu , let each existen tially quantifi ed variable expand to its elf, a nd s elect a new unique variable for each universall y qu antifi ed variable.
403
(ii)
V[:
iJ,:'-f-tlv' Here (H, lJ) '"" (Q,.M).
(iii)
/\J:
--U;-V; X /\ y-' Hen' lJ = .M 1 U .M 2 and
/I, X
V, Y
v
r,"mQ,~ h"'" AW,g'IR~~ In the new tree we JIIay have to rename the selections for some universal variahles, to make sure that no free or selected variable from one branch of the I -proof tree is selected in the other branch. (iv)
31:
UU~~~D, t free
for u in S.
v
FwmQ~APM"roR~~~ S[u/t] If u does not appear in S, we pick a new variable a to be t, a not selected in Q and not free in U,S. Since R D = QD, we can take lJ = .M. What remains to be shown in this case is that
VI:
UU~~:~!!l, a a variable not free
in
Uor "IuS. V
FwmQ~ A ~P~roR~~"S L!J~
£
~
If u docs not appear in S, we pick a new variable a not free in U or S or selected in Q. Since R D QD, we can take lJ .M. Moreove~, since a is not free in U,"IuS, a is a valid selection. Moreover, a could not have been. selected in Q, since a occurs free in S[u/aJ or had been chosen not to be selected in Q. Thus a is selected in R only once.
=
=
404
(vi)
C; Let Q I , Q 2 be th e su btre es of Q with the root nod e being th e left a nd right occurren ces of X in th e pr em ise, r cspcct.ivcly, We a pply a recu rsive mer ging algor it h m t o obtain an expa nsio n t ree Q I ED Q z for t he sing le occur re nc e of X in the conclus ion. We will p ass from
v
V
~
Q ='
d/
cil ~z
to li =
&
/1\ QI"mQZ
In order to appl y ED t o tw o exp a nsion t rees PI , Pz , we req uire p i'i = p 2'i, wh ich is certuinly true or Q I and Qz.
(a)
PI =' II = l = lz = Pz . Then PI ED Pz occurrences of the literal l ,
A
(b)
and Pz =
= l. We say we identify th e distin ct
A
A
Y I EB Z I "IuS
"IuS
(c)
PI
=
laand Pz
Yn EB Zn
= Ib
Yl
Yz
V F Yl EB Yz [b/a) Yz[b/a] is the result of repl acing every occurrence of b in th e exp ansion tree Yz by
a. But not onl y do we hav e to a p ply this change of names in Y z, but in th e whole exp a nsion tree in wh ich ou r merge takes place.
3uS
3uS and Pz
=
405
Here T I, ... ,Tk arc the expansion terms which appear only in one of t I, ... ,tTl and s j , ••• ,8 m ; TI'+I, ... ,Tk.H are the expansion terms which appear in both. 8 1 [8 2 ) stands for the occurrence of a subtree in 1'1 l/'2]. If Tk+h -- t; .c: 8 J we say that Tk+h is the result of identifying the distinct occurrences of the expansion terms ti and Bj.
We now show by induction on the number of identifications of expansion terms in QI G1Q2 that
6.
Cut Elimination in I"
Our cut elimination algorithm is based on similar algorithms of Gentzen [7] and Smullyan [13]. We reformulate these algorithms in terms of the system I" in order to give a completely self-contained and unified treatment to all the translations between analytic and non-analytic proofs. If one wanted to write out the details of a procedure which computes an expansion tree proof for a formula B, given those for A and ...,A V B directly in terms of expansion tree proofs, one could usc the cases below in an inductive proof to show that such a direct procedure will result in the same expansion tree proof for B as the less direct procedure described in section 7. The proof of termination relies on a double induction argument: At each step we transform one mix (which has no other mixes above it) into one or several mixes with lower degree, or, if the degree stays the same, with smaller rank. The degree of a mix is the number of quantifiers and connectives in the mix formula (the formula being eliminated). The left [right]
406
rank of a mix is the number of lines in the left [right] premise of a mix which contain the mix formulas. The rank of a mix is the SUIll of left and right rank. For many of the following cases there is an obvious symmetric case which can be treated completely analogously. It is to be understood that there could be more occurrences of the mix formula in the premises of a mix, hut we .do not write this out to keep the diagrams as simple as possible. First we consider the case that one of the premises of the mix is an axiom. (i)
The mix formula is the side-formula of the axiom. Then we eliminate the mix immcdiatedly: U,A,~A,X V,X. ---V;V,-A~-::;A----M,x
(ii)
U,V,A"A
The mix formula is not the side-formula of the axiom. Then we also eliminate the mix: Add V as a side-
U,A
V,A,~A M'
U,V,A
lX
formula
to every inference above U,A U,V, A
We will now treat the case that the rank of the mix (which contains no other mix above it) is 2. (i)
The mix formula is a literal A. Since the rank of the mix is 2, one of the previous two cases must apply.
(ii)
C = X V Y,
C = X I-.}'. U,X,Y VI,X M' U,VI,Y ,:z: V.,V M' U, VJ,V. ,:Z:
Each of the two new mixes has smaller degree.
(iii) C
= VvS, C = 3vS. U, B[vla] VI U, VvS U,V
V,S[v~13I V,3vS Mix
V,S[vlt] M'
'x
Now we consider the case where the rank is greater than 2. We treat the case where the left rank is greater than 1. The case where the right rank is greater than 1 can be treated analogously. This case again breaks up into two subcases. The new formula on the left hand side of the premise mayor may not be the same as the mix formula. First we show how to reduce a mix in case the new formula is not the same as the mix formula. Here we generally reduce the mix to a mix with the same degree but lower rank. (i)
U,A,B,X VI U,AvB,X V,X M' U,V,AVB ,:z:
U,A,B,X
V,X M'
U, V, A, B VI
U,V,AvB
,:z:
407
(ii)
If X appears in only one premise of the 1\1, this case simplifies in the obvious way. U,A[l,/t],X (iii)
V,X Mix
ll,Afll/tj,X V,X. -------.----------- M 1X U, !':!....~1':(!131 U,V,JvA
V;VvA;X-' V1 V X -'--U",.... V",V7';;"A"--'-'- Mix
-U,A[lI/aj,X -.-.- ..~-.-- V,X. -.-.- M1x U, V, Alv/a] VI U,V,VvA
"U,-3;;A~X- J[ ll,V,311A
u, AllI/a], X (iv)
*
If a happens to be free in V, replace a by a new variable b everywhere above V, X, (v)
U,A,A,X C _ U,A,X V,X M' U,V, A 1X
U,A,A,X v,X , M 1X U,V,A,A C U,V,A
*
The last case remaining occurs when the mix formula is also the formula introduced by the last inference rule on the left-hand side, The cases are analogous to the previous ones, except that one mix is now reduced to one mix of lower rank and another mix of left rank 1.
(i)
(ii)
U,A,B,AVB V,AI\B M' U,V,A,B VI _ 1~ U, V, A v B V, A /\ B M' U,V,V C 1Z U,V
U,A,B,Av B VI U,AvB,AvB U,V Ul,A,A/\B U2,B,AI\B /\1 U1,U2,A /\ B, A /\ B,A/\ B Ul,U2,V
V,AVB
M,'LZ
This case simplifies if the mix formula does not appear in both premises of the /\1.
(iii)
U, 3v8, 8[v/t] 31 U,3v8,3v8 U,V
(iv)
U, Vv8, S[vla] VI U,VvS,VvS U,V
(v)
U,X,X,X U,X,X C U,V
V,\lvS M'1X
V,VvS M'1X
V,X M'1X
*
U, 3v8, 8[v/t]· V, VvS M' U,V,8[v/t]31 1~ U,V, 3v8 V, \lv8 M' U,V,V 0 1Z U,V
*
U,Vv8,S[v/a] V,VvS M' U,V, S[vla] VI ~ U,V,Vv8 V,VvS M' U,V,V 0 1Z U,V
*
U,X,X,X U,V
V,X
M,1Z
408
7.
Building E xpansion Tre e Proofs from 1"- p r o o fs
Sinc e we already showed how to con st ru ct expansio n tree p roofs from I -pro ofs we have only to show how to constru ct an ex pansion t ree proo f, given expansion tree proofs for the two premi ses of a mix. We emphasize the constructiven ess of our a p p ro ach. Of course we could simpl y use a ny theo rem pr ov ing procedure a nd a rrive a t a pro of, since we a lready know we are dealin g wi th a th eorem. Our goa l, how ever, is t.o construct a n exp ans ion tree proof whi ch most closely reflects t he st r uctu re of t.he two given or igina l pr oofs, an d moreover can h e explicit.ly olrtainerl from the m. Here is onr pr ocednr e: If we do Hot alread y have mix-free I -p roofs for b oth premises, construct th em wit h t he algor ithm described in section 1 . El iminate t.11(' mix [rm u the res ulting proof in 1" t.o obtain a proof in I usin g th e a lgor it hm in secti on G. Fin all y, cons truct an expansion tr ee proof from th is I-pro of usin g t he proced ure given in section 5. In practice we do not have to exp licitly contr uct these I-pr oofs. The proced ure may be reformulated in terms of the expansion tree proofs themselves, bu t sp ace does not permit to wri te out the rather laborious details here. By can see (degree a wors t
looking at one of the cr it ica l ca ses, case (i) where a mix of rank I is eliminated, one the following: If d is the number of quantifiers and conn ectives in the mix formula of the mix), l is the length of the p roof (say, above the leftv pr em ise) , and f(d,l) is cas e lower bound of the leng th of the r esulting mix-free proof, th e following relation
must hold: f(d,l) 2':
f(~ ,f(~,l» .
Thus we get f(d,l) 2': 22"'"
}d.
Since an I -proof is at most exponen tially bigg er than a correspond ing expansion tree proof, the lower bound rem a ins non- K a lm a r-e leme n tary wh en the re su lt ing I -p roof is translated in to an expansion tree pr oof. A r esul t by Statm an [14J m ention ed in the introduction t ells us that this can no t be sign ifica ntly improved. There ca nnot be a Kalmar-elementary translation from L"-proofs into I -proofs, In practice, however, th e trans la t ion is oft en feasibl e and it is not clear which class of theorems will ac tually blow up the size of the proof by as mu ch as J(d, l).
8.
Building Expansion Tree Proofs from Resolution Refutations
When de scribing the tr an sla tion procedure from resolution refuta t ions into exp ansion tree proofs care mus t be taken to avoid confus ion between th e d iffer ent nnform ulas and the clauses in them . Resolution refuta tio ns are st a t ed for th e n egati on of a theorem ; expansion tree proofs ar e defined for the th eor em it self. In both cas es clau ses playa central role. Thus we will call clauses in an expansion tr ee paths, while clau ses in a resolution refutation will be called clauses. We say a path intersects a clause if they have a literal occurrence in common. Notice that our definition of a cla use is sligh tl y different from the cus toma ry definition as a set. Since matings are rel ations on literal occurrences, we canno t afford t o regard different occurrences of the same literal as id entical. During a resoluti on of two clauses we delete all occurrences of the literal res olved upon . Gen erally in this section we will assume nnformulas als o to be a,B-normal, i.e, no variable occurs both free and bound and ea ch variable is bound at most once. Andrews [IJ described an algorit hm which tran slates resolu tio n refutati on int o matings, but the setting here is essentially difTer en t. We do not work wit h conj unct ive normal forms or Sk olem-terms in expansion tr ee proofs and the cond ition th at matin gs in expansion tree
409
proofs mu st be cla use-sp anning is also qui te different fro m Andrews' condition that every cycl e in a mating mu st have a m erg.e. W ith the aid of thi s algorithm a resolu tion refutation ca n b e t ran sla ted into a nonanalyt ic proof hy first t ranslating it into an expansion tree pro of and then into a proof in I" using th e alg orithm in sect ion 5. Th is can b e ca rri ed even furt her by t ra nslating the I" -proof int o a proof in natural dedu ction sty le. A procedure for t his tr a nsla tion is given by Miller in [101. This can help a mathemat icia n und erst a nd a proof by a reso lut ion t h eorem prover since he ca n study it in a familiar form a t . It may also he a valuahl e research t oo l as ind icated in the introduction. 8 .1. Definition. Let X b e au o:,B-normal nnformula. is t h e resul t of replaci n g ever y subfo rmula of th e form W j , .. . ,W" are all the univ ersally qu antified variables deleting all the universal qu antifiers. f ,,(wj, ... ,w..) and terms , Iv the Skolem-function for v.
T hen X" , th e Skolem-forrn of X,
311S hy S[II/f,,(v'l""'w,,)], where in wh ose scope :JvS lies, and then instances thereof a rc called Skolem-
8 .2. Definition. Let X be an o:j9-norm al nnformula. A resolution refutation of X is a list of clauses C1, ..• ,c" such that (i)
3m such that {c; : 1 :S j :S m} is a sub set of the set of clauses of
X" ,
(ii) for each j > m either (a) (b) (c)
c; is a subs t itu t ion ins tance
,pc; for
some i $
i,
c; is the resol vent of C"i and Chi ' wher e a;, b; $ i, an d c; is formed by appending the r esul ts of del etin g all occurr ences of a liter al /; from c", an d -. /; from Chi ' c n = 0 (the empty clau se).
In our t ran sla ti on we will have to select unique variabl es for Skolem-functions and their arguments. In general, if I( W I ' .. . , w,,) is a Skolem -term for ar b itrary terms WI,,,., W n , th en I(wj, . . . ,w n ) is a unique corr esponding var iable. Note th at this is just a notational conveni en ce in our metalanguage. We m ust also occasionally m od el the effect of a subst it ut ion into a Skolem-tenn on the corr esponding variables. 8.3. Definition. Let I( W I , • .• ,w n ) b e a vari able, ,p a subs titution for var iables which do not come from Skol em-terms. We ext end ,p to te rm s an d form ulas in the usual way, but also ex t end it to act on vari a bles wh ich com e from Skolem- t enns. R ecursively define
,pf(wj , .. . ,w,,) := J( rf>wl ,"" rf>wn ). We a re now ready to define what it me ans to apply a subst itut ion to an expansion tree. Note that (,pQ)S = ,p(QS). 8 .4. Definition. Let Q be an expansion tree. Then we define ,pQ inductively.
(i) Q is a literal I. Then ,pQ
(ii) Q =
A
= ,pI. Th en ,pQ =
410
(iii) Q =
We leave the original expansions intact, and add all terms which change under the subst.itut.ion as new expansion terms. Let t i l " ' " tim be all t.he expansions terms Ii such that
3vS
~t,.
Q1
VvS (iv)
Q=
VvS
/f(Wb ... ,wn)
Then
Qo
=
1
During the translation from resolution refutations to expansion tree proofs we associate an expansion tree and a mating with each line in the resolution refutation. These expansion trees have to satisfy all of the conditions of expansion tree proofs except that the mating does not have to be clause-spanning. We therefore define: 8.5. Definition. A partial expansion tree proof (Q,.M) for a nnformula X is an ordered pair consisting of an expansion tree Q and a mating .M on QD such that
(i) QS (ii) (iii)
= X.
No selected variable is free in QS.
is acyclic.
A particular partial expansion tree will correspond to the part of the resolution proof which is constructed solely from the clauses in the negated and Skolemized theorem. 8.6. Definition. Let X be an al9-normal nnformula. The initial expansion tree Q(X) for X is inductively defined for parts Y of X by (i)
Y
= 1 for a literal I. Then
(ii)
Y
= Y1)O( .. ·)O(Yn .
Q(Y)
Then Q(Y) =
3vS
(iii) Y = 3vS. Then Q(Y) =
Iv Q(S)
= I.
411
VvS (iv)
Y =VvS. Then Q(Y)
=
If1J(Wl, ... ,Wn)
Q(S[v/ f1J(Wl,"" w n )]) where f1J(Wl,"" wn)is the Skolem-term for v in X. Now we construct an expansion tree proof from a resolution refutation. Let a resolution refutation Cll"" C""C m + l , " " Cn C~ LJ he given. For each clause Cj, j 2: m we will recursively construct a partial expansion tree proof (Qj, Mj) with the following property:
(*)j
Let Ci, i :S j be a clause in the resolution refutation. Then every path through which does not intersect c, contains a pair of Mj-mated literals.
Qf
If we can show that (*)j holds for all m :S j :S n, the correctness of our translation is 0 and therefore no path through intersects C n by (*)n' Hence every proven, since Cn path through Q:? must be spanned by Mn and (Q:?, Mn ) is an expansion tree proof for X.
Q;;
Now we come to the construction of (Qj, Mj). Let (Qm,M m) (Q(X),O). Since every path in Q(X)D intersects every clause in X·, (Qm, M m) is a partial expansion tree proof for X and satisfies (*)m' Now assume (Qm, Mm ) , ••• , (Qj-b Mj-I) are partial expansion tree proofs for X and (*)i is satisfied for m :S i :Sj -1. We have to distinguish cases, since Cj could either be a substitution instance or a resolvent of earlier clauses. (i)
1, > a substitution for Assume Cj is a substitution instance >Ci for some 1 :S i :S j the free variables in Ci. If a variable is free in c, it must be existentially quantified in X. Now we pass to a substitution (J such that (} agrees with > if the substituent is not a Skolem-term, and (Jv == f(Wl, .•. ,wn ) if >v = f(Wb'" ,wn ). Let Qj later):
= (}Qj-l. = QJ-l
(Qj, Mj) is a partial expansion tree proof for X (Mj to be contructed
(a)
QJ
(b)
From the way selections for universal variables in X are chosen and from the fact that X was a,B-normal, it is clear that every variable is selected at most once and that no selected variable is free in QJ.
(c)
X by inductive assumption.
The first relation means that there is a variable selected below t l which is free in t 2 • Since the variable is selected below t 1 in the expansion tree, it has the form of a variable corresponding to a Skolem-term which contains tl. Thus t2 contains a term of the form ft( ... , tb . ..). Hence in the Skolem-form > of the substitution, tl is free in t2 The next relation would say that there is a variable selected below t2 which is free in t3' Thus a term of the form 12(... ,t2,"') is free in t3' Combined with the previous conclusion this gives us that t 1 is free in t3. Iterating this process tl. But this would mean we finally arrive at the conclusion that tl is free in t n that the original substitution > was not legal, which is a contradiction. Therefore
412
Now we show how to construct .Mj. First note that because of definition 8.4 any literal occurrence in Qi'-l is still present in Qf. Each new literal occurrence in Qf is of the form Oi for some l in Qf-l' Then we simply let.Mj .Mj-l U HOi,Ok): (I,k) E; .Mj-l}' (a)
Consider Ch, h < j, P a path through Qf not intersecting CI<' Since paths in Qi' can only be longer than paths in Qf-l' there is a projection 1" of P-in Qf-l' P' may be obtained by deleting all the new literals from P. Then 1" is spanned by M j _ 1 by inductive hypothesis and hence P by M j ::J Mi-l.
(b)
Consider Cj, P a path through Qf not intersecting ci' Construct a path 1" through Qf-l as follows: Every literal occurrence i in Qf-I such that there is a new literal occurrence Oi E P is included. Furthermore all Iitcral occurrences such that there is no new literal occurrence 01 in Qf, but l E P are also included. Then 1" does not intersect Ci and is therefore spanned by a pair (i,k) E .Mi-l' But then OI,Ok E P (neither necessarily new) and (Oi, Ok) E .Mj. Hence Pis spanned by .M j •
(ii)
Assume Cj is the resolvent of ca j and Cbj upon the literal Ii E Ca" .ii E Cbi' where aj, bj < j. Define Qj = Qj-l and let .Mj .Mi-I U {(I,k) : I an occurrence of ij in Ca" k an occurrence of ..,lj in Cbj} '
=
Since Qi Qj-l, Qj is a partial expansion tree proof for X. What remains to be shown is that Mi spans every path through Qf which does not intersect Ci, for all i ~ j. For i < j this is obvious by the inductive hypothesis and the fact that M j ::J M j - 1 . Now consider a path P through Qj not intersecting Cj' There are three cases:
c
.Mj spans P.
1 C
Mi spans P.
[a]
P does not intersect ca j ' By inductive hypothesis Mj-l
(b)
P does not intersect
(c)
Cbi'
By inductive hypothesis M j _
P intersects both Ca, and Cbi' Since P does not intersect ci, P must intersect in one of the literal occurrences Ii resolved upon, and Cbl in one of the literal occurrences .li' But then .Mi spans P since (lb·li) E .Mi'
Ca,
9.
References
(1) Peter B. Andrews. Refutations by Matings. IEEE Transactions on Computers C·25 (1976). 801-807. (2) Peter B. Andrews. Transforming Matings into Natural Deduction Proofs. in 5th Conference on AutomatedDeduction. Les Arcs. France. edited by W. Bibel and R. Kowalski. Lecture Notes in Computer Science 87. Springer-Verlag. 1980.281-292.
[3] Peter B. Andrews. Theorem Proving viaGeneral Matings, Journal of the Association for Computing Machinery 28 (1981). 193-214. [4) Wolfgang Bibel, Automatic Theorem Proving. Vieweg. Braunschweig. 1982. (5] W. Bibel and J. Schreiber. Proofsearch in a Gentzen-like system a/first-orderlogic. Proceedings of the International Computing Symposium. 1975.pp, 205-212. (6] W. W. Bledsoe. Non-resolution Theorem Proving. ArtificiallntclIigence 9 (1977).1-35.
413
[7] G. Gentzen, Investigations into Logical Deductions. In The Collected Papersa/Gerhard Gentzen, M. E. Szabo, Ed.,North -Holland Publishing Co., Amsterdam, 1969, pp . 68-131. [8] J. Herbrand, LogicalWritings, Harvard University Press. 1972. [9] Dale A. Miller, Proofsin HigherOrderLogic, Ph.D. Th., Carn egie-Mellon University, August 1983. [10] Dale A. Miller, Expansion Tree Proofs and TheirConversion to Natural DeductionProofs. 7th Conference on Automated Deduction, Napa, May 1984. [II] Frank Pfenning. Conversions between Analytic and Non-anal ytic Proofs. Tech. Report, Carnegie-Mellon University, 1984. (to appear) [12] J. A. Robinson, A machine-oriented logicbasedon the resolution principle, Journal of the Association for Computing Machinery 12 (1965), 23-41. [13] R. M. Smullyan, First-Order Logic. Springer-Verlag, Berlin, 1968. [14] R. Statman, Lower Boundson Herbrand's Theorem, Proceedings of the American Mathematical Society 75 (1979),104'107.
414
Applications or Protected Circumscription Jack Minter and Donald Perlis
Computer Science Department University or Maryland College Park, MD 20742
Abstract We examine applications or an extension or circumscription that allows protection or certain objects against being included in the circumscription process. We show that this allows a clean handling or incomplete information in problems from artificial intelligence and databases.
1. Introduction
Thill paper amplifies on results proven elsewhere (see Minker
&;
Perlis (1984)), in
which we extended the idea or circumscription to allow prescription of what objects are or are not to be included in the circumscription process, broadening the applicability of the technique. A way to view circumscription is that it characterizes what it means for a set to be specified by means of various assertions. We review briefly the idea of circumscription, before discussing the extended version. We begin with a suggestive example.
Suppose a precious red sapphire, s, ill purchased in India and brought to Denver, only to be lost. Then years later a youngster ill found living alone in the Rocky Mountain wilderness wearing a red sapphire ring, r.
The reader of the mystery is supposed to
immediately think, Aha! That's the red sapphire that disappeared earlier! In fact , only one
415
red sapphire exists, one presumes, at least as far as we need consider.
Yet such has not been stated, and to state it is to go further than we wish. Somehow we have great use for jumping to conclusions of thls sort, although we realize they need not be true.
Still, in order to get ideas to begin reasoning at all, we need to do some such
associating, and often it is useful to use these associations as conclusions for immediate acceptance (at least until forced to alter them by weight of later evidence). How then are we
to do this? It clearly is a kind of default problem, and one addressed recently by several workers in artificial intelligence (McDermott & Doyle [lgSO), McCarthy IlgSO!, Reiter [lgSOI). The approach of McCarthy, predicate circumscription, applies particularly well to the above In another paper (Minker & Pedis IlgS4)) we have extended McCarthy's formalism;
problem.
here we are concerned with specific applications of the extension.
McCarthy's approach then is as follows: Given a predicate symbol P and a formula A[P) containing P, the circumscription of P by AlP! can be thought of as saying that the P-things consist of certain ones as needed to satisfy AlP! and no more, in the sense that any P-things Z satisfying AIZ! already include ALL P-things:
P C IZI:
[AIZ! & (x)(Z(x)->P(x))] -> (x)(P(x) -> Z(x))
A
To see how this •solves' the sapphire problem, let P(x) say x is a red sapphire. We decide to circumscribe on P since red sapphires are, as far as we can judge, quite unusual and unlikely to be present without being recognized and well-known. Once mentioned, the gem becomes •the' red sapphire s of the story until futher notice. So, the property of being a red sapphire becomes the only contextual information needed: AlP) is P(s). As long as it remains our judgement that red-sapphired-ness is appropriate to circumscibe, we will conclude that this red sapphire is also the one and only red sapphire, namely, the lost one. Thus we
416
wiD be able to prove that r
= s.
In detail, circumscription of P by P(s) (as the only information AIPI that initially pertains) can be applied by taking the predicate Z(x) to be x
= s.
Then AIZI will be Z(s),
i.e., s = s, resulting from replacing P by Z in AIPI. It follows by the above circumscription schema that P(x) -> Z(x), i.e., that the only red sapphire is s, This is seen as follows: first, Z(s) is obvious; and Z(x) -> P(x) follows from P(s). So the schema yields P(x)-> Z(x).
If we retain this conclusion on hearing about the sapphire r, then of course we must
conclude that r
= s,
which is automatic:
Of course, we have made two significant judgements here, neither of that red sapphires are things to circumscribe on, and that new data of
the sort presented (the existence of g) does not alter the first judgement.
We are not
tackling this issue here, but simply the one of how to formally represent such reasoning.
2. Circumscription with Protected Terms
Here we discuss a simple syntactic device from Minker &. Perlis 119841. There we suggested that once A has been selected as appropriate for circumscribing P, and if (perhaps later) it is desired to protect S-things from this process so that circumscription wiD not be used to show S-things are not P-things, we can keep the same criteria A, but alter the form of the schema itself.
Starting with P(x) &. -S(x), which we write P IS(x) (and more generally
T/U(x) for T(x) &. -U(x», we alter the circumscription schema to read as follows:
PIS C IZI: tA[ZI &. (x){Z/S(x)->P(x») -> (x)(PIS(x) -> Z(x» A
for all formulas Z.
Intuitively, we are saying that conclusions are drawn only about
417
non-S-things, u far u ruling out possible P-thinp goell. 'protected circumscription '
j
We refer to this IIChema u
unless so indicated, circumllCription wiD refer to McCarthy's
IIChema. We write CIZI when context makes clear what the A, P , and S (if protected) are.
It may appear that by circumllCribing on the formula P(x)k-S(x) the same elect ill achieved. Indeed intuitinly this should be the cue. However, circulDlICription, u dellDed by McCarthy, applies only for sinpe predicate letters. It is Dot obvious how to extend it to general formulu. John McCarthy hu communicated to us that he is currently pursuing this extension.
To return to our sapphire example, suppose in addition to the red sapphire that ill lost, another precious stone has been brought from India by another Denver resident, but its precise gemology has not been revealed . III fact, we may suppose for the sake of story-line, that the two gem buyers are in fact obtaining gifts for their (one and the same) admiree, a third Denver resident whose birthday anniversary is to be celebrated soon. The reader may already feel a tingling sense of worry that the two gems may be identical in type and bound to produce embarrassment.
How then can we represent the reasoning that there are one and p06llibly two red sapphires, but no more, and that s is one, and the other stone, say g, may or may not be, in such a way that we still can conclude later that r
= s (supposing g not to be l06t)!
Our
schema will do this if we again let P(x) say x is a red sapphire, P(s) being the only information that is needed to circumscribe that very property (i.e., the axiom AIPI is simply P(s) itsell) except that now we also state S(g) to protect g from being squeezed out of possible red-eapphired-ness.
Again we let Z(x) be x=s, and further simply take S(g) as an
axiom. S(x) will have no special meaning other than that x is ' selected ' for protection from circumscription.
418
Then much as before we call conclude P(x)
-> l(x) v S(x), l.e., any red lapphire
either is the Ont one (I) or is the new untyped stone (g). Then on learning 01 the red sapphire ring r, it followl thM either r - lor r - g. If further it is bown that g il not
loat, indeed is in the Orm poll8ellllion of ita owner, then we toow r -/:- g, hence r - I.
Notice the apparent non-monotoDic:ity present in 8uch a line of re3llOning. Before we have heard
or the second stone g, we conclude r
-
I; later with further information but
(apparently) no 1081 of what was previously known, we no longer Call make such a Itrona conclusion but in8tead have only (r == 8) V (r
== I).
III lact, of course. information has been
retracted, namely our original unprotected treMment or red sapphires: now AlP) il {P(s),S(g)} where311 before it was jU8t {P(s)},
60
the previouslc:hema haa been replaced by a new one thM
in fact is not loaically stronger.
3. Using Model-Theory
III McCartby I198O( the concept 01 minimal model was discussed in the context of clreumscription. In Minker k Perlis IIgs4) we re-defined minimal model in an manner appropriate to tbe new version of c:ircumseription as follows: Let M aad N be models of AlP). We say M
truths of M are contained in those of N, if those atomic: truthl
of M not using P are precisely those of N, and if the extension i.e., if {x
I
or PkS in M is also that in N,
P(x) and S(x) holds in M} == {x I P(x) and S(x) hold in N}. Then M is a
PIS-minimal model of AIPI if M is a model of AIP( minimal with respect to the relation
As an example, suppose P(a)kP(b)kP(c)k-P(d)kQ(d) is the sentence AIP(, and we wish to
protect the constant c: S(e). Then the only model is {Pta) P(b) P(c) Q(d) S(e)}. (Here we indicate a model by writing the positive ground clauses thM hold in it.) This model is the only minimal model. In this case protection is superOuous since P(c) is required to hold.
419
Now consider the sentence P(a)&P(b) where e is still a protected constant-S(c)-and d is
aD
unprotected constant. Here we obtain four models:
MI =: {Pta) P(b) P(c) P(d) S(cn
M2 =: {Pta) P(b) P(c) S(cn
M3 =: {Pta) P(b) P(d) S(cn
M4
=
{Pta) P(b) S(c)}.
Of these only M2 and M4 are minimal, M2 beinl a PIS-minimal submodel of MI, sad M4 of M3.
Finally, consider Pta) v P(b) v P(c) with S(a) aad S(c). Then the models are
MI = {Pta) P(b) P(c) S(a) S(cn
M2 = {Pta) P(b) S(a) S(cn
M3 = {Pta) P(c) S(a) S(cn
M4
=:
{P(b) P(c) S(a) S(en
M5 = {Pta) S(a) S(e)}
M6 =: {P(b) S(a) S(cn
M7 = {P(c) S(a) S(c)}.
420
The minimal ones are M3, MS, M6, M7.
Using models to draw conclusions about derivablility relies on having appropriate soundness and completeness theorems tying model-theoretic truth to syntactic proof.
McCarthy
1111801 provides the soundness haIr of such a result for circumscription, but not the
119801 the fully general completeness result would be at Perlis 119841 have a soundness and completeness result that
completeness part. As noted by Davis false.
Nonetheless, Minker
applies to cases of •ground' theories (among others), i.e., ones with no variables, such as we are considering here: for such theories AIPI, and for any ground formula B, we have
AIP]IP/S== B ill' AIPIIP/S- B.
It is instructive to consider t,he following example: Let AIPI consist of the data P(a),
-Pfb] v -Pfe]. Then there are three models 01 AlP]:
1. {P(a)} 2. {P(a), P(b)} 3. {P(a), P(c)}
or these, only 1 is minimal, and so the formulas true in 1 are the circumscriptive theorems of AIPJ, for all choices 01 Z at once! Notice that the theory A'IPI having ONLY P(a) as axiom also has these three models as well as: 4. {P(a), P(b), P(c)} which still is not minimal. So A and A' have the same minimal models and hence the same circumscriptive theorems. In fact in both theories we have the theorems -Plb] and ·P(c), so that the axiom -P[b] v -Plc] in A is circumscriptively redundant.
421
Now suppose we wish to protect b and e in A 80 that ALL we bow about P(b) and P(c) is that they are not jointly true, i.e., -P(b) v -P(c) represents real uncertainty. Then we find that 1, 2, and 3 are the only models and all are minimal. Furthermore, although -P(b) v -P(c) holds in each, neither -P(b) nor -P(c) does, 80 that the protection has really worked.
But
now if we pass to A' and protect b and c, we find still all four models as before and aU are minimal, 80 that Dot eveD -P(b) v -P(c) holds.
Although the completeness result has shown us what the ground theorems of these four theories are, we see from this example that negative data (-P(b) v -P(c» can have a DOD-redundant elect when there are protected constants. This shows a strong distinctioD from the situation for ordinary circumscriptioD.
4. Applications to Databases
We believe that protected circumscription is applicable to belief systems, databases, and many other areas. We give here an application to databases.
Suppose a database DB contains the information P(a) and P(b) and neither P(c) nor P(d). Traditional database approaches would take this to mean that Ple] and P(d) are false. Le., there is an assumption of complete data, often referred to as the 'closed world assumption' (Reiter 119781). This is not to say that the closed world assumption is logically valid; rather, that in certain data sets, it happens to hold. This of course is a very limiting situation. For instance it does not allow for the possibility that some data simply has not yet been gathered, surely an extremely frequent oceurence in real-world databases.
A more dramatic version of this is 'indefinite' data of the form P(c) or P(d). Here it is not simply that we do not know about e and d. We know that at least one of them has
422
property P, but we do not know which. McCarthy's circumscription (amonl other approaches) provides a solution to this, in which from P(x) one can conclude, ror instance x=a v x=b v x-c v x=d. pven the database DB = {Pta), P(b), P(c) v P(d)}. Thus there is in force a kind of closed world assumption, but broadened so as to deal with indefinite data, what Minker 119821 calls •the generalized closed world assumption' .
Indeed, we can regard the incomplete database as a special kind of indefinite database, in which the lack or information about P(c) is represented as an indelinitenC88 between P[e] and .P(c). Yet no assertion of the form P(c) v P(x) will do what is required. Ir x is different from e, then we are asserting more than is wanted , for now we are committinl x also to be indefinite, not to mention that x and e are also being bound together in a special relation not part of our intention. Ir on the other hand , we let x be c itsetr, then P(c) v P(c) tells us too much, namely that e definitely has property P.
Other ideas in this vein include P(c) v -Ptc] (a tautology which achieves nothing). and P(c) v P(ind) where ind is a new constant introduced for this purpose.
The latter has
some promise, but leaves us with the undesirable reature that now we can prove that something (either e or ind) has property P, this again not being the intended outcome.
With this background we then look at protected circumscription for a solution to this dilficulty. Let S(x) be the predicate x=c. This will serve to protect c.
Now if we use
protected circumscription on P by the database DB = {P(a) P(b) Q(c) Q(d)} with S as stated, we find as expected that -P(c) cannot be concluded. although -P(d) can be concluded. In terms of minimal models, we first consider all objects that do not have property S (this is only c here) and that also must have property P in each model. These objects are only a and b, so these are the only ones we can conclude to have property P. On the other hand , we also examine all objects which do not have property S (again just c here) and which must rail to have property P in each minimal model. In this case the only such object is d. hence we
423
eoaelude .P(d).
In the case of (Hora) datablllell we han a seneralization of the idea of Clark
110781
who, when discu8llins negation aa failure, showed that an 'if and only if' condition waa its analogue. For example, if P(a) and P(b) are known and we do not care about e or d, then we would write
(x - a) v (x = b)
<->
P(x).
Now, if one wants to protect c while leaving d unprotected, our solution is simply to place (x - c) on both the right and left hand sides of the above formula, to obtain
(x = a) v (x = b) v (x = c)
<->
P(x) v (x = c).
Relating this to our protected circumscription shcema, we can re-write this as a conjunction
or two formulas and then remove tautologies: (1)
(x=a) v (x=b) v (x=c)
->
P(x) v (x=c)
(2)
(x=a) v (x=b) v (x-c)
<-
P(x) v (x=c)
and then
(3)
(x=a) v (x=b)
(4)
P(x)
->
->
P(x)
(x=a) v (x=b) v (x=c)
(here we assume distinct constants stand for distinct entities). Let Z(x) be (x=a) v (x=b);
424
then
(5)
P(x) 8l (x=/=c)
->
Z(x) from (4)
and flnally, letting S(x) be (x-c), we have
(6)
P/S(x)
->
(7)
Z/S(x)
-> P(x)
Z(x)
from (5)
from (3).
Hence, the &eneralization or Clark's is simply achieved for databaaea by the modified formula which is equivalent to our protected circumscription.
Acknowledgements
Our work obviously depends greatly on that of John McCarthy. We have also been influenced by work of and discussions with Ray Reiter. This paper was written with support from the following &rants: AFOSR-82-0303, for J. Minker and D. Perlis NSFD MCS 79 19418, for J. Minker U. of Md. Summer Research Award for D. Perlis
425
Bibliography
(19781 "Negation
Clark, K.
88
Failure", In: Logic and Databases, (Gallaire, H. and
Minker, J., Eds.) Plenum Press, NY 1978, 293-322. Davis, M. (19801 "The Mathematics of Non-Monotonic Reasoning". ArtiflciallntelIigence 13
(1980), 73-80. McCarthy, J.
119801 "Circumscription-A Form of Non-Monotonic Reasoning". Artificial InteUigence 13 (1980), 27-39.
McDermott, D., and Doyle, J. 119801 "Non-Monotonic Logic I" Artiflciallntelligence 13
(1980), 41-72. Minker, J.
(19821 "On Indellnite Databases and the
CIOlIed-World
Assumption".
Springer-Verlag Lecture Notes in Computer Science, v.I38, 292-308.
Sixth
Conference on Automated Deduction. New York, NY. 1982. Minter, J., and Pedis, D.
11984) "On the
Semantics
or
Circumscription". Technical Report, Univ. of Maryland, 1984. Reiter, R.
119801" A Logic for Default Reasoning". ArtificiallntelIigence 13 (1080),
81-132. Reiter, R. 11(78) "On Closed World Databases". In: Lolic and Data Bases, (Gallaire, H. and Minker, J., eds.] Plenum, 1078, 1)5.76. Reiter, R. 119821 "Circumscription Implies Predicate Completion (Sometimes)". Proceedinp
or AAAI-82, 418-420.
426
IMPLEMENTATION STRATEGIES FOR PLAN-BASED DEDUCTION Kenneth Forsythe and Stanislaw Matwin Dept. of Computer Science University of Ottawa Ottawa, Ontario KIN 6N5
ABSTRACT This paper discusses some results of experimentation with a plan-based deduction system. The system incorporates an efficient intelligent backtracking strategy. During implementation, several important questions concerning different strategies to control the deduction process arose. These questions are answered in the paper, with special emphasis on the problem of generating redundant solutions. 1. INTRODUCTION This paper presents different implementation strategies for a plan-based deduction method. The method, presented in [Pietrzykowski & Matwin 82] and further developed in [Matwin & pietrzykowski 83], forms the basis of a logic programming system using intelligent backtracking. Given an initial set of clauses with a goal statement, a mechanical theorem prover will attempt to refute the goal statement via resolution. There are many different algorithms upon which to base the resolution process (for example see [Chang and Lee 73]) but most of these incorporate a linear backtracking strategy or do not address the backtracking implementation at all. By linear
This work has been supported by National Sciences and Engineering Research Council of Canada grant No A2480.
427
backtracking
we mean
a strategy
which backtracks
through applicative goals in exactly
the reverse order they were
encountered, starting with the current goal. strategy found.
will blindly Since the
sequentially
explore every
Dnfortunately, this
path until
number of paths grows
a solution
is
exponentially with the
number of clauses, it is advantageous to elimate paths which can~his
is the concept
is not
restricted to
not lead to a solution before they are tried. behind plan based deduction. In plan
based deduction,
starting with goal.
In
flicts) ~he
it.
backtracking
the most current
practice,
goal but
we limit this
can be applied
to those goals
whose removal from the plan will restore unifiability to structure
of the plan is such
that backtracking termi-
nates when the original goal statement is encountered. erty speeds up the worst case
~his
prop-
of linear backtracking by an expo-
nential factor [pietrzykowski & Matwin of other
to any
(called con-
deduction algorithms in
82].
There are a number
which graphs are
76], [Kowalski 75], [Chang, Slagle 79],
[Bibel 83].
used [Sickel However, the
approach presented here differs from all of them in terms of what a plan represents and how it is operated upon to obtain a refutation. In [Chang,
Slagle 79] connection
graphs represent the search
space and rewriting rules are obtained from it. Connection graphs determine sequences of substitutions, leading possibly to a refutation.
Consistency of these substitutions is only checked after
a whole sequence has been generated. If it turns out to be inconsistent, another sequence is tried, tracking.
which is equivalent to back-
The problem of avoiding backtracking is not addressed,
neither is the problem of redundancy as understood here. In [Sickel 76], tation of the 79],
clause interconnection graphs are a represen-
total search space.
Similarly
this representation is traversed
set of substitutions. crementally,
~his
Slagle
set of substitutions is generated in-
as opposed[to [Chang,
approach does not, however,
to [Chang,
in search of a consistent
Slagle 79].
The incremental
prevent the method from a backtrack-
428
ing behavior: the issue of the action, appropriate when inconsistency is detected, is not discussed. Yet another, comprehensive approach is presented in [Kowalski 75] • Although the redundancy problem is discussed, it is presented differently from our approach, i.e. on the propositional calculus level. It is not obvious how the method suggested by [Kowalski 75] for deduction in prepositional calculus generalizes for predicate calculus. The approach, presented in this paper, follows suggestions in [Kowalski 75] and develops them into a full redundancy removal algorithm for predicate calculus. Another method, presented in [Bibel 83], is different from all the ones mentioned above because of its non-clausal representation. It also uses graphs to represent the solution space, similarly to [Kowalski 75]. However, as in [Sickel 76], backtracking may occur, but this issue is not addressed at length. In our plan based deduction system, the plan is a graph containing all the clauses currently involved in the resolution process where each clause is a node in the graph. A node consists of a key: the complementary literal selected for resolution, and its goals: all the remaining literals in the clause. The root of the graph is the original goal statement which consists of all goals. The deduction process consists of selecting clauses with complementary literals to resolve all the goals in the plan (i.e. the plan is closed). If this is accomplished and a most general unifier for the plan exists then a refutation for the goal statement has been found. If the plan is nonunifiable then conflicts are determined and removed from the plan so that the deduction process can be resumed and new clauses selected. Unfortunately, the problem of generating redundant plans is inherent to this type of deduction system. In other words, unless some kind of restriction is placed on the conflict selection process, duplicate plans will be generated although the paths leading to these plans are unique. This overlapping of paths results from generating new plans that produce the same conflicts as those they were developed from. As there may be several different
429
clauses from which to resolve a goal with,
it is inevitable that
different paths may derive the same plan. This problem is
further compounded when one
all the refutations of clauses. tions,
possible for a given goal
This is important in many Logic Programming applica-
particularly
[Clocksin,
wishes to obtain statement and set
Mellish
when
the
"generate
82] is applied.
specified by a set of clauses, superset of solutions.
and
test"
A solution to
paradigm a problem,
is obtained by first generating a
Each of them
is then tested for satisfi-
ability of conditions, which extract a true solution from the superset. cial
To accomplish this,
conflicts.
The
we introduce the concept of artifi-
deduction
process
in
our
system,
as
previously mentioned, consists of resolving goals introduced into the plan via nonunit clauses or by processing conflicts. To reactivate the deduction to artificially
process on a closed unifiable
induce conflicts
into this plan
that all solutions will eventually be generated.
plan we have in such
a way
However, unless
some restrictions are placed on the method of selecting artificial conflicts, redundant plans will also be generated. The problem of generating duplicate plans is the main theme of this paper,
but when these problems were realized a separate but
related problem concerning the efficiency of developing plans was also encountered. It was found that sometimes, nodes are added to a plan, the
which later becomes
selection of
nonunifiable,
conflicts and
later get
but do not influence deleted through
the
backtracking mechanism. All of these problems were
encountered during the implementa-
tion of a plan based deduction system. This paper describes more completely the nature of these problems and the strategies used to solve them.
In summary,
the following questions: generating 2)
we can paraphrase these problems as
1)
Removing redundancy - How to avoid
redundant solutions
processing
criteria - How to
while maintaining develop a plan
completeness? efficiently so
that only nodes relevent to the selection of conflicts are created?
3)
Artificial conflicts - How to introduce artificial con-
430
flicts on a unifiable plan so that a complete solution set can be generated with minimal redundancy? These three 3,
4,
questions are discussed individually
and 5.
tn section 2,
concepts is presented
in sections
a preliminary review of terms and
and section 6 contains
our concluding re-
marks. 2. TERMS AND CONCEPTS This
section
deals
with
[Pietrzykowski & Matwin 82],
introducing for
This system acts on a given goal collectively called the base,
notation
used
in
a plan-based deduction system. statement and a set of clauses,
and
attempts to find a refutation
for the goal statement via resolution. In a preprocessing associated with
phase,
a list
every literal in
of all
the other
complementary literals in the base. the literal's potentials
This
the base becomes
potentially unifiable list is referred to as
and it also contains
the corresponding
most general unifier for the two literals. In the
second phase of
the resolution process,
the dynamic
processing phase, a refutation for the goal statement is attempted.
This
phase builds and
which is a resolution,
maintains two structures:
graph depicting which clauses have and the
the plan
been selected for
graph of dynamic constraints
which records
the most general unifier for the plan (i.e., records all the substitions which have occurred). The
plan is
constructed of
nodes,
which
corresponds to
a
clause in the base, each of which contains a key and zero or more goals. The key is the resolvent literal and the goals are the remaining literals in
the clause.
The only exception
to this is
the top node, which consists of all goals and is derived from the goal statement. eral is
The list of potentials associated with each lit-
accessible by
the goal representing
that literal
in a
the original
goal
node. To
begin the
statement is
dynamic processing
inserted into the plan
phase,
as the top node,
which is
431
considered to be the root of the graph and all other nodes become descendants of it.
As nodes are
goal in them is classified as
inserted into the plan,
open.
every
The resolution ·process con-
sists of repeatedly selecting open goals to be processed. This is goal~s
accomplished by choosing one of the vent,
potential~s
inserting the
clause
the most general unifier for the the goal from open to closed. are no
more goals to
This process continues until there
clash is said
the open goals
have an
In the first case, if the plan is uni-
fiable then a refutation for the wise a
updating
plan and changing the status of
resolve or all of
empty list of potentials.
potentials as a resol-
into the plan,
to have
statement has been found otheroccured and the
conflict checker
phase is activated. In the second case there is no refutation for the goal statement. The conflict checker phase removes the plan,
restores
back to the
the conflicting nodes from
the graph of dynamic
dynamic processing phase.
constraint and returns This
is accomplished by
determining which sets of nodes can be removed so that unifiabilty will be restored to the plan. These sets of nodes are represented via the
goals they are resolvents of,
where
each set of
goals is called a clash and each goal in a clash is called a conflict.
Each of these clashes
completeness
will be
are processed individually so that
retained.
To
ensure that
each of
these
clashes are processed on the correct plan and corresponding graph of dynamic constraints, copied to Matwin 83]. in turn and
the current state of the search space is
disk so that it
can be retrieved later
Processing a clash
[Forsythe and
consists of selecting each goal
backtracking up the graph
through successive father
goals until a goal with a nonempty set of potentials is found. If no such
goal is encountered then
clash is tried.
the process fails
If the search is sucessful
nodes of that goal are pruned from namic constraints updated to reflect the modified plan. processing resumed.
and another
then all descendant
the plan and the graph of dythe most general unifer for
The goals are then marked as open and dynamic
432
3. REMOVING REDUNDANCY
Consider the following set of clauses in example 1: -P(x)-Q(x) P (a)
P(b) P (e)
Q(c) Q(d) Q(e) Example 1. Figure 1 shows
a trace of the deduction process
for the base
in example 1 of which the first clause is the goal statement. this figure
each plan is
above the constants variables of each
represented by
the name of
of the conmplementary literals goal is bound.
In braces
In
the goals
to which the
alongside the con-
stant is a list of constants belonging to the list of potential complementary literals which could have been chosen instead. Each line under a goal-complementary literal pair generated by replacing potential inside the then this leads to the line.
leads to a new plan
the complementary literal with braces.
If the set of
a failure,
the first
potentials is empty
indicated by a bar
at the end of
If a line extends from more than one goal-complementa-
ry literal pair it means that both goals belong to the same clash and the two literals are replaced simultaneously. notation is used
as we are interested in the
This shorthand
development of the
total search space rather than the individual plan. From this figure, we can see that the first plan is nonunifiable.
The set of clashes associated with it consists of two ele-
ments, each containing one conflict.
One element consists of the
goal which
other consists of
introduced P(a)
and the
which introduced Q(c) .
The left
flict introducing P(a)
was chosen and replaced with
containing P(b).
the goal
branch indicates that the con-
The right branch indicates that Q(d)
a new node replaces
433
Q(c) as the new node. Both of the two new plans contain similar conflict sets which when resolved lead to further plans. All the possible plans which could be developed for this set of clauses are as shown. Notice that in figure 1, six branches lead to the same refutation. In fact the left subtree of every right branch duplicates the right subtree of the corresponding left branch. The inefficiency of this strategy (although it is complete) is unacceptable for an¥ practical implementation and this section presents an algorithm to remove this inefficiency • • Q(x)
<{d,e}
~ -Plx).Q(x)
e l c]d,e}
J/ .P{x).Q(xl
ell die
1 /
/ -P(xl-Q(x)
.P(X).O(X)
-P(xl-O(x)
_P(x)_O(x)
ell ell
ell ell
ell ell
ell ell
-P(x).O(x) .P(x).Q(X)
ell ell
ell ell
Figure 1. A trace of the deduction process for example 1. A possible solution to this problem, suggested in [Bruynooghe 83], is to give each predicate an ordering which controls which alternatives to that predicate are permitted to be selected. This ordering restricts lower order predicates from generating solutions already obtained by a higher ordered one. We have employed a similiar strategy, but instead of giving each individual predi~
434
cate an ordering we have given each clash in the set of clashes an ordering (it is possible that a conflict can occur in more than one clash though the clashes, themselves, are distinct) • Initially each clash in a set is given a unique order number which becomes the current order number as each particular clash is processed. If the resulting plan produces a new set of clashes then all the similar elements in the new set are given the same order number. By similar we mean any clash which contains the same conflicts as a clash in the generating plan. All the clashes in the new set which obtain an order number greater than the current order number are discarded. As shown in figure 1, it is common for most of the resulting clashes to be similar to the clashes of the plan it was derived from. In the special case where nonsimilar clashes are generated then each of these is given an order number (bounded by the current order number) which guarantees completeness of the search space. The result of applying this strategy to the base of example 1 is shown in figure 2. The two clashes of one conflict each, are initially ordered as 1 and 2. The figure shows that the set of clashes of any plan derived from processing a clash with an order number of 1 is restricted to elements whose resulting order number is not greater than one. By censuring the paths leading from any given plan through this algorithm, we can eliminate the overlapping of the search space. Graphically, this can be interpreted as removal of the redundant left subtree of every right branch. In order to measure the amount of improvement by this strategy we introduce the idea of counters for the the number of arcs in the graph we traverse, delete and insert. By arcs we mean every goal-key pair in the graph. For the search space using the original strategy as shown in figure 1 we determined that the number of traversals was 46, the number of insertions 20 and the number of deletions 18. Comparatively, for figure 1, the numbers of traversals, insertions and deletions are 22, 10 and 8, respectively. Also, the number of identical refutations found in figure 2 is zero as opposed to five in figure 1.
435
. P(x)
-O(x )
.{ b,e l t jd, . }
I
~,
-P( x)
' Pl x/ · 0(, ) b.
t {d, .{
/ \ J\ \ J\ - P(x)-Q(, )
\
- P(x). O(' )
- P(xJ. O(' 1
ell t{ d,e}
b{e dje
,P (x)' O(xl
. 11
-O{' I
a{b•• } dIe
dje
a{b, t}
.1I
\ -P(,/-O(,)
b{.
ell
\
. P(x)-O(x)
ell
el l
Figure 2. A trace for example 1 using the improved algorithm. In order to measure the amount of improvement by this strategy we introduce the idea of counters for the the number of arcs in the graph we traverse, delete and insert. By arcs we mean every goal-key pair in the graph. For the search space using the original strategy as shown in figure 1 we determined that the number of traversals was 46, the number of insertions 20 and the number of deletions 18. Comparatively, for figure 1, the numbers of traversals, insertions and deletions are 22, 10 and 8, respectively. Also, the number of identical refutations found in figure 2 is zero as opposed to five in figure 1. We now explain the ordering strategy for situations where a nonsimiliar set of clashes is generated. There are essentially two types of these situations: when a new open goal is developed thus introducing a totally new conflict set and when the same conflicts get rearranged i n t o different clashes.
436
When a new
open goal is developed clashes are
given an order
number dictated only in the way they are arranged. This method of ordering is obviously conflict set
is empty
situation can which creates a
and all goals
also occur
when a
as the previous
are initially
clash has
unifiable plan causing the
choose a new open goal. a conflict is
used on the original plan
open.
just been
This
resolved
deduction process to
This phenomena occurs because as soon as
determined the plan development
process is inter-
rupted and the conflict-checker phase initiated. As a result, the development of
all the other open
goals is suspended
until the
conflict is resolved (see section 4) . It is
possible that
which cannot be ordering.
a new
set of
clashes can
paralleled to the previous set
If this happens,
any element in the new set for which
there is no corresponding clash in the number high enough
be generated
for an identical
old set is given an order
to maintain completeness.
usually means giving these elements an
In
practice this
order number equal to the
current order number. This approach may lead to generating redundant solutions
but we have not
yet discovered a
more efficient
algorithm that will still generate a complete solution set.
How-
ever, it may be possible to minimize the inefficiency by ordering the elements in the conflict set using heuristic strategies which would reduce the number of redundant solutions generated. example of how this strategy of example 2. P(x)Q(x)R(x) -Pia) -Pie) -Q(a) -Q(b) -Q(e) -R(b) -R(e) Example 2.
For an
is implemented consider the clauses
437
An outline of the resolution process for the clauses in example 2 is given in figure 3. In the first plan of figure 3, predicates P and Q are in conflict with predicate R. Suppose the goals belonging to P and Q are given an order number of 2 and the goal belonging to R an order number of 1. New potentials are selected for P and Q and the second plan is developed. In this second plan the predicates Q and R are in conflict with predicate P, thus there is no parallel ordering between the goals in the two plans. Consequently, both elements in the new conflict set are given an order number of 2, the current order number. Resolving these two conflicts leads to a failure and a refutation. If we resolve the second conflict of the first plan we find that after generating a nonunifiable plan this path leads to a failure. It can be shown that the work done by this strategy in this example is less than half of what a linear backtracking algorithm would do.
7<""\ -P(x)
j'
-PI"
-Q(x'
-R(x)
-Q(x' -R(X/
.~
-P(xl -Q(X) -RlX'
a]• • , ••, ' \
-} ell '-RlX' eI
-Pix '-Q(X
Figure 3. A trace for example 2 using the improved algorithm.
4. PROCESSING CRITERIA In this section we would like to address the question of when to interrupt the processing of open goals and begin resolving clashes. Our initial strategy was to allow the resolution process to resolve all the open goals (i.e. generate a closed plan) before it began processing conflicts. However, analysis of this
438
a pp roa c h s howed t hat
t h e r e wa s much work that was
velop ing g o als tha t we r e la t er disc ard e d . t h e following
b ase of
clause s
~s
( t h i s e x a mpl e
was ted by de-
an e x amp l e c o nsider shows o nl y
one o f
many s it ua tio n s wher e de veloping a c l os ed p l a n is ine f f i c i e n t) . -P( x)-Q(x, y) Pta)
Q(c,z) M(z) Q(b,z)M(z) Q(a,z)M(z) -M(Z)R(x,z)S(y,z) T(x,yl -R(c,e) -S(d,e) -T(c,d) Example 3. If we consider clauses we would
th e resolution proces s appl i e d to find that the fi rst a ttempt to
t his s e t o f
r e f u t e the goal
statement leads to a confl ict between the term a in li teral P and the term c in
literal Q.
If we develop the
whole plan we would
also resolve literals M, R, S, and T. Howe ver to reso l ve t he conflict we
need only to r e p l a c e
t he clause contain i ng c
with an-
other alternati ve ( t h e clause containing liter a l Q(b,z». ing
this
we would
remove
the
effectively removing the a rcs
arc
from -Q( x,z)
to
In doQ(c,z),
containing the comp lementary pairs
of literals M, R, Sand T, and r e p l a c e Q(c,z) wi t h Q (b,z) . This in turn leads to a simili ar situat ion wh er e l ite r a l s M, R, Sand T
are again
resolved and
Q(b,z) with Q(a,z). solved.
This
deleted
Once more,
give s a closed
from the
literals M,
p lan b y
replacing
R,
Sand T are re-
plan without any
conflicts (i.e.
refutation) so the resolution process is finished. If we determine the work done using this stra teg y we find that 13 insertions and 2 deletions were made befor e a refutation was found.
However,
if we interrupt
the plan develoment process as
soon as a conflict is encountered we would have avoided resolving
439
literals M, R, Sand T.
In the third attempt, there are no con-
flicts generated so the literals M, R, Sand T are resolved. ing this approach we find that are made,
Us-
only 7 insertions and 2 deletions
which is roughly half
of the work that
our original
strategy does. If in example 3, we replace the literal Q(a,z) with Q(d,z), we would find this new set of clauses has no sOlution.
In this case
the process would terminate after finding that Q(d,z) conflict in which there are the literals M, R,
no more alternatives.
leads to a
Consequently,
Sand T would never be resolved and the total
number of insertions would be 4 and the number of deletions 2.
5. ARTIFICIAL CONFLICTS This section deals with the question of how to generate a complete solution set. cess open
goals,
The deduction obtained
algorithm is designed to pro-
by resolving
literals contained
in
non-unit clauses or by removing conflicts, until a refutation is found. The idea behind artificial conflicts is that by designating specific goals in a closed deduction process
unifiable plan as conflicts,
can be continually
reactivated until
the
all the
solutions are found. The problem we would like to address is how to arrange the goals which are selected as artificial conflicts into clashes so that a complete
solution set with minimal redun-
dancy can be generated. To obtain artificial conflicts from a closed unifiable plan we simply label flict. ally
each goal that introduces
a unit clause as
a con-
This ensures that all goals with potentials will eventube considered
strategy which
because
checks each
of the
nature
goal on the
of the
path from
bactracking the selected
goal to the root of the plan. The problem is how to arrange these conflicts into
clashes so that
every possible solution
will be
derived. The first approach which comes to mind is to put each conflict into a
separate clash.
This
strategy will
obviously guarantee
completenes as each path will eventually be backtracked.
The ef-
440
fect of applying this strategy to the clauses of example 4, below, is shown in figure 4. (In this figure only the plans which represent soutions are shown.)
-P(x)-Q(x)-R(y) Pta)
P(b) Q(a) Q(b) R(c) R(d) Example 4. In figure 4 we see that by selecting every goal introducing a unit clause as the only conflict in a clash, we obtain three clashes for the first solution space generated. Resolving each of these clashes gives three more solutions of which only two are unique. Applying this strategy to each of these solutions results in four more solutions of which only one is unique. So out of eight solutions generated four are redundant.
-. 7"1 /'1'\
-:\~I -~\~I -~\~I
/
-PIx )-OIX)-Rly!
'j"
-Pix )-0(') -R(¥)
b)
b{} dll
-P(X) -O{x) -Rly)
-P(x )-O(x) -R(y I
b{} b{}
d{}
-Pix) -O(x) -R{y)
-P(x )-0(') -R(y I
b{} b{} d{}
-P(X)-Q(x)-R(y)
b{} b{} d{}
Figure 4. A complete solution set for example 4.
To derive a more efficient algorithm for this clash selection process we must first consider the sources of redundancy. The major cause of duplication is the lack of consideration for bound constants. If we examine figure 4 more closely we see that in the first solution the predicates PIal and Q(a) are bound together through the variable x in the clause -P(x)-Q(x)-R(y). Resolving the clash containing P leads to the same solution as resolving the clash containing Q. This is because the binding between P and Q implies that to replace P one must also replace Q and vice-versa. Thus the first improvement we can make to the clause selection algorithm is to place all the goals bound through a variables together into one clash. This ensures that both predicates will be replaced at the same time. If a goal is bound to two different goals through two diffent bindings, which are not themselves bound together, then two separate clashes must be created with the common goal contained in both. This is neccessary to maintain completeness by allowing each binding to be processed individually. The second cause of redundant solutions is the same as that described in section 3. Essentially, other duplications can occur because all the potentials associated with one clash are systematically processed with all the potentials of a second clash. Then the potentials for this second clash are processed with all the potentials of the first clash. (This is the duplication of subtrees phenomena described above). In section 3, we described a solution to this problem by introducing the idea of ordering the clashes in the set. This caused the deduction process to keep from choosing combinations of potentials and goals that had already been resolved. Applying this concept of ordering to clashes to artificial conflicts allows the deduction procedure to prevent duplicate solutions from being generated. In other words we wish to extend this concept of ordering clashes within a single solution search space to apply to the complete search space. That is, as new clashes of artificial conflicts are generated they are compared with the previous set of artificial conflicts and given
442
the appropriate ordering. Any clash in the new set given an order number greater than
the element which generated the
set is dis-
carded. Adding the above two strategies to the clash selection process for artificial conflicts produces an ate a complete solution set of applying
this new
shown in figure 5.
algorithm which will gener-
with minimal redundancy.
strategy to One can see
the clauses
The result
of example
4 is
that a complete solution set is
generated but without the redundancy of the original algorithm.
/'Id'\ -P(x) -O(x) -R(y)
-Pix )-Q(x )-R(yl
-P(x) -Q(x) -R(y)
XI 'I'
'
1 ' , \,
-P(x)-O(xi-'(y)
bll btl dtl
Figure 5. A complete nonredundant solution set for example 4.
CONCLUSION An implementation been completed.
It
of a
plan based
deduction system
involves some 6000 lines of
has now
PASCAL code and
runs under eMS on an AMDAHL 470jV5. Three important problems,
encountered during early experimen-
tation with this plan-based deduction system, ed.
have been present-
We have shown, using simplified examples, solutions to these
problems. leading.
However, simplicity of the examples should not be misThey extract important experience gained during the us-
age of our system
on larger logic programs,
such
as the graph-
coloring problem used as illustration in [pereira & Porto 80] ,lor the Huffman-Clewes theory of polyhedral by M. van Emden.
scenes,
suggested to us
443
Reviewing
the
results
of
experimentation
and
suggested
implementation strategies, we feel that our research will lead to a practical and efficient deduction tempting to control
system.
the system so that it
Our emphasis on atavoids generating re-
dundant solutions is particularly significant.
Without some kind
of constraint, the system tends to generate an unacceptably large number of identical
solutions which makes it
and inflates its memory requirements.
impractically slow
The problem lies with im-
posing a constraint which does not
restrict the system from gen-
erating a complete
Completeness is
solution set.
an important
consideration when applying an automated deduction system to cope with the
intensional clauses of a
that the
strategy outlined
large data base.
straint,
where completeness (of [Matwin & Pietrzykowski 83])
in this paper
We believe
provides such
a conis
preserved and reduncancy is significantly decreased. An open and interesting question, however remains. duction the
system may
proceed either
first when developing open goals. egy relevant for
During de-
depth-first or
breadth-
lS the choice of either strat-
efficiency (if yes,
in what way?)
dependant upon some topological properties
or is this
of the plan being as-
serted? REFERENCES [Bibel 83] Bibel, W. "Matings in Matrices", Communications of ACM, Vol 26, No 26, pp. 844-852, 1983. [Bruynooghe 83] Bruynooghe,
M.,
Backtracking",
"Deducti.on
Revision by
Universidade Nova
Illtelligent
de Lisboa,
Research
Report, July 1983. [Chang and Slagle 79] Chang, C.L.
and Slagle,
J.R.,
"Using Rewriting Rules
for Connection Graphs to Prove Theroms", Artificial Intelligence, Vol. 12, pp. 159-180, 1979.
444
[Clocksin and Mellish 82] Clocksin, W.F.
and Mellish, C.S., "Programming in Pro-
log", Springer verlag, 1982. [Forsythe & Matwin 83] Forsythe,
K and Matwin,
S.,
"Copying of Multi-level
Structures in a PASCAL Environment", submitted to Software - Practice and Experience, 1983. [Kowalski 75] Kowalski,
R.,
"A
Proof
Graphs", Journal of ACM,
Procedure Using Vol 22,
No 4,
Connection
pp.
572-595,
1975. [Matwin & Pietrzykowski 83] Matwin,
Sand pietrzykowski,
tracking in
T.,
"Intelligent Back-
Plan-Based Deduction",
submitted
to IEEE
Trans. on Pattern Analysis and Machine Intelligence. [Pereira & Porto 80] Pereira, L.M., and Porto,
A.,
"Selective Backtracking
for Logic programs", Procs. of CADE-5, pp. 306-317. [pietrzykowski & Matwin 82] Pietrzykowski,
T.
and Matwin,
"Exponential Improvement of Exhaustive Backtracking: Strategy
for
S., A
Plan-Based Deduction", Procs. of CADE-6,
pp.223-239. [Sickle 76] Sickle, S.
"A Search Technique for Clause Interconnec-
tivity Graphs", IEEE Trans. on Computers, Vol 25, No 8, pp. 823-835, 1976.
445
A Programming Notation for Tactical Reasoning David A. Schmidt Computer Science Department Edinburgh University Edinburgh, Scotland*
Abstract:
A notation for expressing the control algorithms (subgoaling strate-
gies) of natural deduction theorem provers is presented.
The language provides
tools for building widely known, fundamental theorem proving strategies and is independent of the problem area and inference rule system chosen, facilitating formulation of high level algorithms that can be compared, analyzed, and even ported across theorem proving systems.
The notation is a simplification and
generalization of the tactic language of Edinburgh LCF.
Examples using a
natural deduction system for propositional logic are given.
O.
Introduction Logical systems of natural deduction (Pra) have demonstrated their useful-
ness in the development of traditional problem areas in formal logic and mathematics.
Their application to computing related areas such as formal semantics
(Hoa,Plo), data type specification (Gut), and program development (Cos,Nor) emphasizes the importance of understanding the notion of derivation and the strategies available for constructing proofs.
Traditionally, these concerns
have fallen in the realm of automated theorem proving (Ble,Boy,Coh,Gor), but the emphasis in this mechanized world often falls upon the number ot difficulty of the theorems proved, rather than the style in which they are proved. the boundaries
Further,
between kind of logical system (natural deduction versus axio-
matic), problem area of interest (first order logic, group theory, set theory, etc.), and the proof discovery strategy are often poorly delineated.
If the
theorem proving art is to be advanced and its most elegant ideas applied to new problem areas such as program development, the distinctions between these levels must be made clear, and the methodologies underlying proof discovery need to be expressed in a machine independent, understandable way. This paper describes an initial version of a notation for expressing control algorithms for natural deduction theorem provers.
The notation is independent
of the specific problem area and rule system chosen, but it supplies the *Present address: Computer Science Department, Kansas State University, Manhattan, Kansas 66506
446
fundamental tools for building useful subgoaling strategies from the inference rules supplied.
The addition of control structures and a scoping mechanism
allows definition of realistic algorithms. generalization of the tactic language
The language is a simplification and
of Edinburgh LCF (Gor).
After a brief review of natural deduction in section 1, section 2 outlines the basic features of Edinburgh LCF.
The new notation is described in section 3,
and section 4 presents an example algorithm for theorem proving in a subset of propositional logic. 1.
Background The form of natural deduction used is described in Prawitz (Pra); the exam-
ples in this paper use propositional logic (Lem) , although any other problem area would do as well.
Given a language L built up from propositions P,Q,R, .•. , and
logical symbols A, V, => propositional logic.
,~,
use the usual syntax rules to build the language of
Arbitrary propositions (also called formulas) are denoted
by A,B ,C, ... , and lists of propositions are represented by
r, (:" '[, ,...
The
rule schemes for inferring new facts from already established ones are
AE.>',:
AI: A
vIr:
VI.>',:
AAB B
A A v B
A AB A
AEr:
vE:
(A) C
Av B
(B)
C
C
(A) =>E:
=>1:
A=> B
A B
(~A)
(A) ~E:
~I:
ff ----A
where ff abbreviates any formula propositions C.
(:,
DA ~D.
A proof of a proposition
is a tree whose leaves are the members of
(:,
C from
and whose root is
Each internal connection between parent and children nodes is justified by one
of the inference rules.
A rule with a parenthesized formula (Such as
::>1)
causes the removal (discharge) of that parenthesized leaf node when applied to the tree.
As an example,
447
(PAQ):>R
PA(Q::>R) is a proof that
(PAQ)::>R
and
P
infer
PA(Q::>R).
Write (PAQ) :>R, P I- PA(Q:>R)
to abbreviate the tree; this expression is called a theorem.
Note that the
order in which the nodes of the tree were added does not affect the final result. The following two results hold for all natural deduction systems: i)
if
ii)
if
r
I- Band
r l-C, ~
Call i) the
then
B,lI I- C, then
r,A l-
r,l\ l- C.
C.
principle and ii) the
~
principle.
Since the proofs of both
are constructive, there exist associated functions cut and
~
which build the
deduction tree of the consequent theorem form the deduction tree(s) of the antecedent theorem(s).
2.
These functions will be useful for tree assembly.
LCF ~ogic
for fomputable
~unctions
natural deduction style proofs. tional depiction of deduction.
(Gor) is a software tool for developing
A notable feature of the system is its funcFormulas are assigned the data type form and
are built using formulas and logical connectives. taken as axioms are given type thm (theorem).
Those formulas which are
Inference rule schemes are func-
tions which produce results of type thm from their arguments. For example, P
has type form
PAQ
has type form
~
has type form -+ thm
~(PI\Q)
has type thm
:>E
has type thm x thm ... thm
:>E
(~(P::>(PAQ»,
~(P)
has type thm.
448
Expressions of type thm are written in their sequent form, e.g., Po (PAQ),P ~ PAQ.
The two expressions of type thm seen above are short
exa~ples
of (forwards) LCF proofs, which are constructed by nested applications of inference rule functions.
th~
This provides an element of security to the system,
for only through the use of the
axio~
and the inference rules can new theorems
be created. The LCF system rises above its role as a mere proof checker due to its perfor~
ability to
goal directed (backwards) proofs, bUilding a deduction tree
from its root-- its goal-- to its leaves, i.e., assumptions.
The basic approach
~~? C, where ~ is a set of assumptions and
is to take a goal,
desired conclusion, and decompose that if proofs exist for also constructable.
C into a list of subgoals
~~? CI, '"
,
~~? Cn,
C is the
CI, ... ,Cn
then a proof of
such
~~? C is
A function which decomposes a goal is called a tactic.
The functional formalization of goal directed proof is defined in LCF as goal:
form list x form the assumption formula set
tactic:
~
and the desired conclusion
C;
goal ->(goal list x validation)
-- the decomposition step of goal a thm producing function; validation:
~~? C into its subgoals plus
thm list ->thm
the thm producing function which produces ~ ~ C_ from CI, ••. , ~ ~ Cn, thus justifying the decomposition.
~ ~
Using angle brackets to enclose lists and parentheses to bind pairs, here are the definitions of some LCF-style tactics: IMPTAC: ANDTAC: TRIV: IDTAC:
~ ~
? «~,A ~.
I~
? «~ ~.
?
f-' AAB ?
~,A ~. ~
~
?
1-' A:>B
?
1-'
A
A H>
«> , ?
Ho
«~ 1-'
B>, :::>1)
A;
? ~ 1-"
B> , AI)
triv<~;A»
A>, A.t)
For example, ANDTAC accepts as an argument a goal ture
AAB, the result is the list of subgoals
sition is justified by the rule
AI.
Note that if
the tactic fails (generates an exception). empty list of theorems to the axiom tactics.
<~
~,A ~
~
?
1-' C.
I-? A;
~
If
B>.
C has strucThis decompo-
C is not a conjunction,
The validation A.
?
~.
triv<~;A>
maps an
IDTAC is the identity map for
449
Systematic decomposition of goals is performed by composing tactical steps such as these until all subgoals reduce to empty subgoal lists.
The forwards
proof corresponding to the decompositions is obtained by applying the validation functions in the order inverse to that of the composition of the corresponding tactics.
To aid in tactic (and validation) composition, tactic combinators
known as tacticals are used. and
In the descriptions to follow, let
@ denote the list append operator.
g
be a goal
The four tacticals used most frequently
are:
i)
THENL:
tactic x tactic list -> tactic
THENL performs sequencing of tactics. applies
t
to its input goal
corresponding goal
gi
g
An expression
t THENL