Characterization of Modal [Action] Logic - Imperial … · · 2017-06-19Characterization of Modal [Action] Logic Marcos Mota do Carmo Costa ... 3.2 Semantical Considerations 8 1

Characterization of Modal [Action] Logic

Marcos Mota do Carmo Costa

January 1990

Department of Computing

Imperial College of Science and Technology

University of London

London SW7 2BZ

United Kingdom

Submitted to the University o f London in partial fu lfillm en t

o f the requirements for the degree o f

Doctor of Philosophy

— 1 —

To Pedro, my son.

Acknowledgements

I would like to express deepest gratitude to my supervisor, Dr. Tom

Maibaum, for his sustaining support and encouragement throughout

my Ph.D. research, as well as for his invaluable and careful

revisions on the drafts of this dissertation.

I have also received technical guidance and inspiration from my

manager at the FOREST project, Mr. Jim Cunningham, to whom I feel

greatly indebted.

I am very thankful to my friend and supervisor at PUC/RJ, Dr. R. L.

Carvalho, who has indicated me to this position in the FOREST.

I wish to thank all my FOREST colleagues, especially the

collaborators Mr. S._ Khosla and Mr. M. Sadler, for invaluable

discussions and suggestions. My colleague Mr. P. Howells, for his

friendship and discussions on the logic. And, Mr. W. Atkinson and

Mr. M. Trimmer, who have implemented the theorem prover.

I wish to thank my friends at the College for the enduring research

and sociable atmosphere, especially, M. C. Pequeno, G. Zaverucha, R.

Queiroz and, more recently M. Benevides and H. Fuks.

Finally, I would like to thank the examiners Professor A. Ramsay

and Dr. S. Reeves for their thorough and supportive role in

improving the work presented in the thesis.

The financial support has come from FOREST project and EMBRAPA,

Empresa Brasileira de Pesquisa Agropecuaria.

— 3 —

Abstract

The purpose of this thesis is to provide adequate conditions of

provability - the so called characterization problem - for the Modal

[Action] Logic (M[A]L). M[A]L is a formal system to support formal

requirements specification of real time/embedded systems

designed and used by the FOREST project of the Alvey Software

Engineering Directorate.

The characterization problem is to be dealt with using two basic

approaches: possible world structures on the semantics level and

the Semantic Tableaux on the proof level. The development of the

work follows the paradigm of starting with a more simple logic, the

propositional M[A]L, and gradually adding components such as

quantification, deontic operators, sorts and others.

The use of formal systems is the central idea for the support of

mechanized deduction in Computer Science. Modal and temporal

logics may have a considerable role, but different areas of

application use various combinations of quantification and

modalities, and can lead to a generation of new logics (such as

M[A]L). The result of this enterprise will depend heavily on the

existence of suitable methods for providing adequate and efficient

proof procedures for these formalisms.

Traditionally, the Semantic Tableau method is considered to be

very intuitive: so that one could start reasoning in terms of tableau

— 4 —

and then extend the results to another system with different

characteristics. In this thesis we affirm this tradition and we

formulate evidences for its efficiency as well. This thesis constitutes

then, one step forward to the development of intuitive and efficient

theorem provers and produces the foundations and proof

procedures for a new action logic.

— 5

Table of Contents

1 Introduction 9

2 Characterization of Propositional M[A]L 2 3

2.1 The Presentation of the Logic 24

2.1.1 The Syntax 2 4

2.1.1.1 Considerations on Notation 2 8

2.1.2 Presentation of the Semantics 2 9

2.2 Equivalence Between the Logic and the Model 3 3

2.2.1 Soundness Theorem for the Logic 3 3

2.2.2 The Completeness Result for the Logic 3 7

2.3 State-Based Semantic Tableaux 4 5

2.3.1 Considerations on Strategy 4 9

2.3.2 Examples 5 1

2.3.3 Consistency of the Tableau System 5 7

2.3.4 Completeness of the Tableau System 6 1

2.4 Logical Consequence 6 6

2.5 Conclusion 7 0

3 Characterization of First Order M[A]L 7 2

3.1 Considerations on the Logic 7 4

3.1.1 Presentation of the Syntax 7 5

3.1.1.1 Considerations on Notation 7 9

3.1.1.2 Correspondence Theory 8 0

3.2 Semantical Considerations 8 1

— 6 —

3.2.1 Semantics with Restricted Non-Rigid Designator 8 3

3.2.1.1 Some Comments on Restriction RNR 8 6

3.2.2 Soundness Theorem 9 0

3.2.3 Completeness Theorem 9 2

3.3 Tableau Systems for First Order Classical Logic 9 8

3.3.1 The Traditional Tableau System 100

3.3.2 The Oppacher and Suen's Tableau System 106

3.3.3 A Tableau System with Unification 109

3.3.4 Some variations of the System 118

3.4 The tableau Systems for First Order M[A]L 122

3.4.1 Traditional Tableau for First Order M[A]L 122

3.4.1.1 Examples 125

3.4.2 Soundness and Completeness 129

3.4.3 Tableau with Unification for First Order M[A]L 134

4 Extension to Full M[A]L 146

4.1 Many-Sortedness and Equality 147

4.2 The Deontic Components 149

4.2.1 The Syntax 149

4.2.2 Semantical Considerations 152

4.2.3 The Tableau System 155

4.2.4 The Deontic Frame Rule 157

5 Implementation and Exploitation 161

5.1 Equivalence Between Resolution and Tableau 163

5.2 Linear Strategy 172

5.3 Resolution for M[A]L 184

5.4 Implementation of M[A]L Theorem Prover 188

— 7 —

6 Animation Using Information of the Database 194

6.1 Databases with Complete Information 198

6.2 Databases with Incomplete Information 216

6.3 The Change of State 224

7 Conclusion 243

References 249

— 8 —

Chapter 1

Introduction

The use of formal systems is central for the idea of supporting

mechanized deduction in computer science and, consequently, the

enterprise of artificial intelligence. Classical logic, modal and

temporal logics may have a considerable role, but different areas of

application require the usage of various combinations of

quantifications, modal operators (sometimes new modal operators),

and other components. Hence, there is an increasing demand for the

development of appropriate formalisms for specific areas of

application. To illustrate the above we mention some approaches:

the formalisms for non-monotonic reasoning (cf. [REI80], [McC80]

and others), for knowledge and belief (cf. [HIN62]), for the

situation calculus (cf. [McC63]), etc. In general, these formalisms

constitute extensions or variations of existing ones creating new

— 9 —

1. Introduction

formalisms (as is the case of knowledge and belief logics) or they

are just theory extensions (as is the case of the situation calculus).

The requirements specifications of real-time/embedded systems is

one of the areas aiming for specific formal treatment of their

applications. The FOREST (for Formal Requirements Specification)

Project of the Alvey Software Engineering Directorate was

conceived, then, to give this area a properly scientific (i.e.,

systematic and well-founded) framework (cf. [MAI87]). To achieve

its purposes a prescriptive method to assist the development of

such specifications was developed (cf [FIN86]) together with a

formal system in which the specifications can be written. This

formalism was called M o d a l [ A c t i o n ] L o g i c (M[A]L) and was

partially presented in [JER86]. A complete presentation of M[A]L

can be found in [MAI87]. For a more detailed exposition of this

formalism, aspects of its applications and needs/justifications for its

form and content the reader may refer to [KH088].

Modal [Action] Logic is built on top of many-sorted first order

classical logic with the main additions being modal indexical

operators corresponding to the notion of actions being performed

by agents and deontic components expressing the permissibility

relation of these performances. Further components for dealing

with time are also added to the logic (but the treatment of these

components are out of the scope of this thesis).

The modal operator is indexed by two related syntactic categories:

— 10 —

1. Introduction

the a c t i o n s to describe activities within the system, including

activities of the environment; and, the a g e n t s to describe objects

which embody actions. The agents are denoted by names, referring

to individual agents and the actions are represented by using

names, to refer to individual actions and by terms with variables, to

refer to families of (related) actions. Note that the performance of

an action by an agent is idealized as being instantaneous. A simple

modal formula may have the form:

[A g, A c] a

which can be understood to mean that if the action A c is executed

by the agent A g and the action A c terminates, then a will be true in

the resulting state.

The deontic aspects are captured by extending the logic with

predicates such that we are able to prescribe when an agent is

allowed { p e r m i t t e d ), forced (o b l i g e d ) or forbidden { r e f r a i n ) to do

an action.

In the following we present an illustration of how the Modal Action

Logic can be used to specify a "real” world phenomenon. In giving

this example we admit the possibility of being misinterpreted, for

we have not presented the logic yet. The reader who prefers to

have a formal presentation of the logic before using it may skip the

reading of this example without any loss of continuity. Although

— 11

1. Introduction

some explanation is given in the example, we assume that the

reader is familiar with classical and modal logics.

EXAMPLE l.a: Let us consider the naive blocks world

transcribed and adapted to M[A]L from the specification in [NIL87]:

We first describe the syntax of the theory we are going to specify.

The objects we are interested in workibg with give rise to the sort:

Sort: b l o c k

We need two types of actions to move the blocks over each other

( s t a c k ) or to move the blocks to the table ( u n s t a c k ) :

Actions:UNSTACK: B L O C K x B L O C K

STACK: B L O C K x B L O C K

We only have one agent to perform the actions:

Agent: user

We are interested in the description of the situations: the block is

on the table (O n T a b ie ) ; one block is on the top of another block ( O n ) ;

and, the block is clear, i.e., there is no block on the top of it (C le a r ) :

— 12 —

1. Introduction

Predicates:OnTable C B L O C K

On c B L O C K x B L O C K

Gear c B L O C K

Now, we present the axioms of the system specification followed by

some explanation:

V x V y (OnTable(x) => -O n (x , y))

For any block, if it is on the table, then it is not on the top of any

other block.

V x 3y (On(x, y) v OnTable(x))

Every block is on the table or on the top of another block.

Vx V y (Clear(x) => -tOn(y, x))

For any block, if it is clear, then there is no block on the top of it.

Vx 3y (On(y, x) v Clear(x))

Every block is clear or there is another block on the top of it.

V x Vy (On(x, y) a Clear(x) => per(user, U N STA C K (x, y))

13

1 . Introduction

For any block, if it is clear and it is on the top of another block, then

the user may unstack it. Note the use of per (permission) to capture

the force of "may".

Vx V y (-.On(x, y) => -iper(user,UNSTACK(x, y))

For any block, if it is not on the top of another block, then the user

is not permitted to unstack it.

Vx V y (OnTable(x) a Clear(x) a Clear(y) a x * y => per(user,STACK(x, y))

For any block, if it is on the table and clear, then the user may stack

it on the top of another clear block.

Vx Vy [user, U N STA C K (x, y)] OnTable(x)

Once the user has unstacked a block, it is on the table.

V x V y [user, STA C K(x, y)] On(x, y)

Once the user has stacked a block, it is on the top of the other.

[End_of_Ex ample]

'The primary object of a formal system is to provide a framework

for proving theorems. Hence a particularly important problem for

any formal system F is: find a necessary and sufficient condition

— 14 —

1. Introduction

that a formula of F be a theorem of F. This is called the

c h a r a c t e r i z a t i on p r o b l e m for F." [SH067]. The purpose of this thesis

is, then, to provide adequate solutions for the M[A]L

characterization problem, with solutions along two lines: the

proposition of a semantics, as the foundational aspect of the logic,

and the discovery of automatic theorem pro vers, in order to give a

computational usage for the formalism.

Our strategy for dealing with the characterization problem for

M[A]L is to start working with a simplified version of the logic, such

as the propositional M[A]L, and gradually add components such as

quantification, deontic operators, etc. We choose to use in each step

of this development possible-world semantics, for the foundational

aspect of the logic, and the semantic tableau as a basic proof

procedure. Following this strategy, after providing adequate and

intuitive solutions, we then start looking for implementation

directives which would abide by appropriate considerations of

efficiency and readability and could guide/support different usages

of the proof procedure as, for example, its usage in an animation

tool.

The ideas about tableaux were first presented by Hintikka [HIN55]

and by Beth [BET59]. Smullyan presented the Tableaux systems for

classical logic in a schematic and very simple way in [SMU68].

Tableau systems for several modal logics and intuitionistic logic are

presented in [FIT83].

— 15

1. Introduction

Beth sees "a tableau construction as an attempt to refute a given

formula; if it fails, the formula intuitively should be valid" (cf.

[FIT83]). Following Carnap, Hintikka affirms that "a set of formulas

F is satisfiable if and only if there is a state-description in which all

the members of T hold", and he presents his m o d e l s e t as a state-

description (cf. [HIN69a]). Also Hintikka points out "the ease at

which considerations pertaining to model sets can be transposed so

as to apply to models" (cf. [HIN69b]). We see this as a positive fact

about tableau systems, i.e., a tableau proof of a formula a is

intuitive enough even to be confused with the expression of the

meaning of a given by its model. But, tableau systems are derived

from Gentzen systems [SZA69], in fact Tableaux are nothing but

Gentzen systems written up-side-down as a tree. According to

Prawitz, a Gentzen-type system "can be thought of as a set of rules

that determines the concept of deduction for some language or set

of languages" (cf. [PRA65]). He goes even further with this

syntactical way of thinking about a Gentzen system (or natural

deduction system) as he suggests that "together with a language

such a system can thus be said to constitute a logical calculus" (cf.

[PRA65]). In fact these kinds of systems were first suggested by

Lukasiewics as an alternative to axiomatic systems.

Following the classical tradition, in this thesis the meaning of the

formulas is given in terms of models, namely the possible worlds

semantics. It is our primary intention to give the tableau system a

separate treatment as a proof procedure. But, we too mix the notion

16 —

1. Introduction

of a tableau system being a proof procedure for a formula a with

the semantics of a when, in chapter 6, we actually use a version of

the tableau system in the discovery of minimal models as a basis

for the animation tool. We make no direct connection between the

tableau system and the logic itself. The correspondence between

the logic and the tableau system is established via the intermediary

of the possible worlds semantics using the transitive properties of

the equivalence relation.

We give below a general description of the following chapters:

In chapter 2 we start the treatment of the foundations of and

automatic theorem proving for M[A]L using a very simple version

of this logic. This version is built on top of propositional classical

logic with the addition of a modal indexical operator with a single

Action (instead of a pair of Action and Agent as in its original

formulation). In section 2.1 and 2.2 we present the syntax and

possible-worlds semantics of propositional M[A]L together with

proofs of its soundness and completeness, i.e., we show that any

valid formula is provable in this logic by using appropriate

instantiations of axioms and the inference rules (c o m p l e t e n e s s )

and the converse (s o u n d n e s s ). In section 2.3 we extend the tableau

system presented in [SMU68] in order to support the notion of state

transitions by execution of actions of propositional M[A]L. Then we

prove its correctness and completeness, i.e., we show that the

tableau system for propositional M[A]L proves exactly the valid

formulas. We provide some examples in order to give a

— 17 —

1. Introduction

visualization of the usage of the tableau rules. We attempt to

provide simple examples with the proof of some axioms and

characteristic theorems (or nontheorems) of the logic, which could

give an introductory overview of the kind of formulas that are the

theorems (nontheorems) of propositional M[A]L. Finally, in section

2.4 we introduce the definitions related to logical consequence

which are going to be used throughout this thesis.

In chapter 3 we extend the results of the previous chapter as we

add quantification to the logic and reformulate its syntactic and

semantic characterization. This incorporates the central results for

the characterization of M[A]L in a sense that we are going to use

them as the basis for further extensions in the following chapters.

We present in section 3.1 the syntax of first order M[A]L and a

discussion of its semantics in section 3.2. In this section we present

the semantics for first order M[A]L considering the terms as non-

rigid designators with a restriction as required by the combination

of the axioms of the logic. With this semantics a term can be

interpreted to different individuals in different worlds provided

that the term is interpreted to the same value in all possible states

reached from some given state through the execution of some single

action. Finally, we present proofs of soundness and completeness.

In section 3.3 we describe the original tableau system in the way it

is presented by Smullyan (cf. [SMU68]) and two extensions of this

— 18 —

1. Introduction

method - Oppacher and Suen's method (cf. [OPP86]) which does not

use unification and another extension with unification. This original

tableau system is going to serve as the basis for all other tableau

systems we are going to discuss in this and following sections. The

ODDacher and Suen method is considered here because it contains aX X

variety of heuristics that could be used in another tableau system

for improving its efficiency and readability. And, as a basic

principle for an efficient theorem prover, we present a tableau

system with unification for first order classical logic together with

the proof of its equivalence to the original tableau method.

Examples are provided in order to give a better visualization of the

usage of the tableau rules.

In section 3.4 we present the traditional tableau method and the

tableau with unification for first order M[A]L as extensions for the

system of section 3.3. We present some examples in order to give a

visualization of the usage of the tableau rules. We attempt to

provide examples with the most characteristic theorems (or

nontheorems) of the logic, which constitute the simple tricky

problems for a theorem prover and give a good overview of the

kind of formulas that are the theorems (nontheorems) of first order

M[A]L. Finally, we present the outlines for the process of certifying

that the traditional tableau method for first order M[A]L proves

exactly the valid formulas and the equivalence between this system

and its extension using unification.

In chapter 4 we extend the results of the previous chapter to

— 19— ■

1. Introduction

incorporate the full description of M[A]L. This corresponds to

deontic components, equality, the pair of agent and action for

indexing the modalities and many-sortedness. In section 4.1 we

indicate how to deal with the many-sortedness and equality

concepts. In section 4.2 we extend the logic with the deontic

components and having a pair of agent/action to index the modality

corresponding to the execution of an action by an agent. First, in

section 4.2.1, we present the syntax of the logic without the frame

rule. In subsections 4.2.2 and 4.2.3 we develop the possible world

semantics and tableau system and make some comments about

their properties. In subsection 4.2.4 we discuss the problem of the

frame rule.

Chapter 5 is formed by combining three different topics: The

correspondence between tableau systems and the resolution

principle, the linear strategy and its applicability to tableau

systems and the extension of these two results to M[A]L. They are

linked together as evidence for the intuitiveness of tableau systems

and to demonstrate that it can be used as an efficient proof

procedure.

In section 5.1 we present procedures for transforming tableau

refutations into resolution refutations and indicate how to do the

reverse. In section 5.2 the linear strategy is analysed under the

tableau approach. In section 5.3 we give the derivation of a

resolution principle for M[A]L from the tableau system with

unification presented in section 3.4.3. The connections between the

— 20

1. Introduction

two systems are established in the same way as section 5.1, for first

order classical logic. Finally, in section 5.4 the linear strategy is

extended to the tableau system for first order M[A]L.

In chapter 6 we are going to explore the possibility of using a

tableau system in order to obtain an interactive tool for animating

M[A]L specifications so that the behavior of the specified system

can be examined. The theorem prover we are going to take as the

basis for this chapter is the traditional tableau system for first

order M[A]L presented in section 3.4.1. The interactions are

directed to the action level, simulating the interaction between the

system and the environment. Other kinds of interactions are

discussed - such as the case of inferring results from databases

with disjunctive incompleteness.

The intention of an animation tool is to provide the user with

information about the actual situation of the system at each state.

This is equivalent to listing all extensions of the predicates that can

be derived from the (extensional and intensional) database. In

terms of models, this is equivalent, by definition, to presenting the

minimal model for the theory. Then, those who prefer to think of

databases as containing "everything about each predicate of the

domain" (cf. [REI78a]) can think of M[A]L specifications as having

the finite domain closure obtained from the database by using this

animation tool.

— 21

1. Introduction

In section 6.1 we present the animation tool for databases with

complete information without considering the changes of state. In

section 6.2 this is augmented for the case of disjunctive

incompleteness in the database. In section 6.3 this is extended by

considering changes of state and the usage of different frame rules.

We treat the frame problem only in this chapter because here

(differently from the previous chapters) we can tackle this problem

in a more informal approach, since we are more concerned with

tools for the process of validation, which is necessarily less formal.

Thus, we are going to consider the existence of such frame rules

although we do not give its formalization. Its usage will be clear

and restricted to explicit indications in the examples. Most of the

examples of this chapter are actually part of the explanation and

they are not only intended to give a visualization of the procedures

we are going to discuss. At the end, the blocks world problem (cf.

[NIL87]) is used in order to give a more concrete example for the

animation tool of this chapter.

Finally, chapter 7 contains a presentation of the related works and

the final comments about this thesis with discussion with respect to

future work.

— 22

Chapter 2

Characterization of Propositional M[A]L

The treatment of the foundations of and automatic theorem proving

for M[A]L are started in this chapter using a very simple version of

the logic. This version of the logic is built on top of propositional

classical logic with the addition of a modal indexical operator with a

single Action (instead of a pair of Action and Agent as in its original

formulation).

We present the syntax and semantics for this logic and prove its

soundness and completeness. Then, we present a decision

procedure based on semantic tableaux and prove its correctness

and completeness results. Finally, we introduce the definitions

related to logical consequence which are going to be used

throughout this thesis.

— 23

2. Characterization of Propositional M[A]L

2.1 THE PRESENTATION OF THE LOGIC

In this section we present the syntactic and semantics of the

propositional M[A]L considering the possibility of having either

complete or incomplete information. The logic was originally

presented, in [MAI87] and [KH088], using axioms and inference

rules, the so called Hilbert style; In this thesis we preserve this

original form of presentation.

2.1.1 THE SYNTAX

We extract the syntactic part of the logic from [JER86] and [MAI87]

as follows:

LANGUAGE:

• Propositional components:

- Propositional symbols varying over alphabetic characters;

- Punctuation: "(" and ")";

- Logical connectives: "-i" and "v".

• Modal components:

— 24 —

2. Characterization of Propositional M[ A]L

- Actions: denoted by the constant symbols a, aj, ...,an.

- Modal connective: [_] is used to form modal formulas.

FORMATION. RULES.:• Atomic formula:

- Any propositional symbol is an atomic formula, called

c la s s ic a l a to m ic f o r m u l a ;

- If a is a formula and a is an action, then [a]a is an atomic

formula, called m o d a l a to m ic f o r m u la .

- No expression is an atomic formula unless it is compelled to

be one by the above.

• Formula (f):- Any Atomic formula is a formula;

- If a e f , then (-.a) e f ;

- If a, p e f , then (a v p) e f ;

- No expression is a formula unless it is compelled to be one by

the above.

FURTHER OPERATORS:

• We introduce three new operators, a ,=> and <=> , by the

definitions (where a and p are formulas):

- (a a P) =df (-i((-ia) v (^P))

- (a => P) =df ((-,a) v P)

- (a <=> p) =df ((a => p) a (P => a))

— 25 —


AXIOMS;a, P, (p e f then we have:

AXM1. (a => (p => a))

AXM2. ((cp => (a => P)) => ((cp => a) =» (q> => p)))

AXM3. ((-ia =* -iP) => ((-.a => P) => d))

AXM4. ([a](d => P) => ([a]d => [a]p))

AXM5. (([a]—id) => (-i[a]d))

OBSERVATION: The interpretation of axiom AXM5 (and its

converse) gives rise to the notion of incomplete and complete

information. In order to explain this notions we quote the passage

in [KH088] (where the axiom AXM5 is referred to as a x io m 8 and

the word s c e n a r i o "can be thought of as representing the collection

of observable system properties at a given observation instant" (cf.

[KH088])):

if we are to allow scenarios in which there is only partial

information, that is those in which it is possible that neither a nor

-ia hold, then we cannot form an equivalence in axiom 8 by adding

8’. «-i[a]a) => (M-ia))

since this would demand that any action not resulting in some

property a had to result in -ia . This is easier to see if we rewrite 8'

using negation and disjunction:

— 26 —


8'. (([a]a) v ([a]—.a))

Note that this is different from the valid disjunction (([a]a) v —.([a]a))”.

[End_of_Observation]

If we are dealing with the case of complete information, then the

axiom AXM5 becomes:

AXM5’. (([a]-ia) <=> (->[a]a))

RULES OF INFERENCE:

Rl. h a , h (a => p) "modus ponens”

i- p

R2. h a "necessitation"

h [a]a (where a is any action)

Here "h a" means that a can be recursively derived from proper

instantiations of axioms by applications of the rules of inference

above.

— 27 —


Note that in [JER86] and [MAI87] they do not have the

necessitation rule and have one more axiom, viz.:

[a] EUl,

where IMU is meant to be substitutable by any tautology. It is not

difficult to see that both formulations are equivalent. For a proof of

this the reader can refer to [FIT83].

2.1.1.1 Considerations on Notation

Most of the time we are going to refer to a formula by its form. For

example, a formula of the form a a (3 will be called a conjunction,

a v (3 a disjunction, etc. Then we need to be sure that, for example,

no conjunction can also be a disjunction and similarly for the other

connectives. In other words, we want to know if there is more than

one way of reading a formula of our logic. It can be demonstrated

that there is only one way of decomposing a formula into another

formula.

When no ambiguity arises, we are going to write a formula without

its outermost parentheses. Then, for example, the formula:

((W-ip) => ([a]—«p))

becomes just:

[a]—.p =» [a]—ip.

28 —


2.1.2 PRESENTATION OF THE SEMANTICS

Let p be the set of all propositional symbols, let jf be the set of all

possible formulas and Sc the set of all actions as defined above. We

define a s t r u c t u r e as being an ordered 3-tuple:

< Id, Z , t> >

where to is a non-empty set whose members are referred to as

p o s s i b l e s t a t e s or just s t a t e s . For the sake of convenience we

sometimes use the term a c t u a l s t a t e to refer to the current state

we are dealing with.

Z is a ternary relation between actual states, actions and a possible

state ( Z s to x x to) usually called the a c c e s s i b i l i t y r e la t io n . The

symbol E is used to represent the subset relation. We impose the

following restriction on Z :

Vw e to, Va e Sc, 3w' e to s.t. <w, a, w’> e Z .

This restriction is due to AXM5 which imposes that there is an

accessible state through the execution of any action in any state. It

does not matter here if the action is itself feasible or allowed.

However, permissions and obligations of executions of actions are

dealt with by using deontic components and are discussed in

chapter 4. In order to clarify the relation between this restriction

and the axiom AXM5 we need the notion of a formula being

satisfied by a structure. Hence, we explore this implication only at

— 29— ■


the end of this subsection, after these definitions.

If we take the case of complete information, then this ternary

relation (X) becomes a total function from states and actions to

possible states (&: to x Sc -*•to).

t> is a two-valued function (called the valuation function):

to xp -> {T, F}.

We define the notion of s a t i s f a c t i o n , represented by the symbol II- ,

as a binary relation between states and formulas (II- E Id x f ) subject to the following constraints (for every p e p, w, w' e In, a e &c

and a, p e f):

(SP) w lb p iff t»(w,p) = T;

(S-.) w lb —id iff NOT w It- a;

(Sa) w lb a a p iff w lb a and w lb p;

(Sv) w lb a v p iff w lb a or w lb P;

(S=>) w lb a => P iff NOT w lb a or w lb P;

(Sa) w lb [a]a iff (Vw' e tn)(<w, a, w'> g U => w' lb a).

Let « = <to,&, t>> be a structure. We say that © s a t i s f i e s a if there is

some state w e to s.t. w lb a . We say that a is s a t i s f i a b l e if there is

such a structure that satisfies a; otherwise we say that a is

u n s a t i s f i a b l e . We say that a formula a is valid in 5It if for every

state we to we have w II- a. In this case we say that this structure is

a m o d e l for a.

— 30 —


OBSERVATION: The introduction of the restriction on &

Vw e to, Va e SU, 3w' e to s.t. <w, a, w'> e &

is an immediate consequence of the axiom AXM5, as can be seen in

the following:

Let us suppose that ®t = <to,&, t>> is a structure for the propositional

M[A]L in which the mentioned restriction is not verified, i.e., there

is a state, say w \ e to and action ai e s.t. there is no state w' e to s.t.

<wj, aj, w'> g &.

As ® is a structure for the propositional M[A]L, must validate all

the axioms of the propositional M[A]L, including the axiom AXM5.

Then, we have (for every w e to, a e f , ae &*):

w lh ([a]-i<x => -i[a]a)

NOT w If- [a]—ia or w If- -i[a]a

iff

(by S=>)

Let us now consider the first disjunct:

NOT w If- [a]-i(X iff

NOT ((Vw' e to) (<w, a, w'> e JSl => w' Ih -ice)) (by Sa)

iff

31


( 3 w ' g to) NOT ( < w , a, w ’ > g % =» w ' Ih -ia) iff

( 3 w ' g to) ( < w , a, w ' > g & and NOT w ' l h - i a )

Now, instantiating w with wj and a with we have:

( 3 w ' g to) ( < w j , aj, w ’ > g & and NOT w ' lh -ia)

which cannot be true, by the assumption above.

Let us now consider the second disjunct:

w lh -i[a]a iff

NOT w If- [a]a iff

NOT (Vw* g to) (<w, a, w’> g i w' Ih a)

iff

(3w* g to) NOT (<w, a, w’> g X => w' II- a)

( 3 w ' g to) ( < w , a, w ' > g % and NOT w ’ l h a )

Now, instantiating w with wj and a with aj we have:

(3w' g to) (<wj, aj, w’> g & and NOT w' lh a)

which cannot be true, by the assumption above.

Since we cannot establish the truth of both disjuncts, the axiom

AXM5 is not valid in the structure ®. Then, the structure © is not a

structure for the propositional M[A]L. [End_of_Observation]

(by S-.)

(by Sa)

— 32 —


2.2 EQUIVALENCE BETWEEN THE LOGIC AND THE MODEL

In this section we prove the soundness and completeness of the

systems presented in the previous section. In other words, we are

interested in showing that any formula a is derivable in

propositional M[A]L from a set of formulas r precisely when it is

valid in all models for every member of T.

2.2.1 SOUNDNESS THEOREM FOR THE LOGIC

Let T be a set of formulas and a a formula. We write r h a to mean

that a is derivable from T by the logic. And we write r b a to mean

that a is valid in any model which validates every member of r . If

r b cc, then we say that T logically implies a . Now, we are in a

position to present the soundness theorem:

THEOREM 2.2.1 .a: Let r be a set of formulas and a a formula: if

T h a, then r b a.

— 33 —


PROOF: The idea is to show that the logical axioms are logically

implied by anything (they are valid in every structure), and that

our rules preserve logical implications. Then we will be able to

establish the conclusion by induction.

Case 1: a is a logical axiom:

• a is p => (q => p).

We say that every structure is a model for a . i.e. w lb a, for all

states w in any structure. Let us suppose, by contradiction, that

there is a state w in some structure such that NOT w lb a:

NOT w lb a

iff NOT (NOT w lb p or w lb (q => p)) (by S=>)

iff w lb p and NOT w lb (q => p)

iff w lb p and NOT (NOT w lb q or w lb p) (by S=>)

iff w lb p and w lb q and NOT w lb p

Then, we have a contradiction. We are assuming here that:

w lb p and NOT w lb p (for a state w and a formula p)

is not a possible situation.

• The axioms 2 and 3 are dealt with similarly.

• a is ([a](p => q) => ([a]p =i> [a]q)

Let us suppose, by contradiction, that there is a state w s.t.

w lb [a] (p => q) and NOT w lb ([a]p =» [a]q)

From one side we have:

w lb [a](p => q)

iff w' lb (p => q), Vw' s.t. <w, a, w'> e % (by Sa)

iff NOT w' lb p or w' lb q, Vw' s.t. <w, a, w’> e & (by S=>)

— 34 —


On the other hand:

NOT w lb ([a]p => [a]q)

iff NOT (NOT w lb [a]p or w lb [a]q) (by S=>)

iff w lb [a]p and NOT w lb [a]q

iff w' lb p, Vw' s.t. <w, a, w'> e & and

NOT (w" lb q, Vw” s.t. <w, a, w”> e &) (by Sa)

iff w' lb p, Vw' s.t. <w, a, w'> e % and

3w" s.t. <w, a, w”> e & and NOT w"1 it- qwhich contradicts the conclusion above.

a is ([a]—ip => —»[a]p)

Let us suppose, by contradiction, that there is a state w s.t.

NOT w lb ([a]—.p => —i[a]p)

iff NOT (NOT w lb [a]—ip or w lb -i[a]p) (by S=0

iff w lb [a]—ip and NOT w lb -i[a]p

From the first conjunct:

w lb [a]-«Piff (Vw' e to)(<w, a, w'> e & => w' lb -ip) (by Sa)

From the second conjunct:

NOT w lb —i[a]p

iff NOT NOT w lb [a]p (by S-.)

iff w lb [a]p

iff (Vw'e to)(<w, a, w'> e % => w' lb p) (by Sa)

As it stands, the two conjuncts above do not yet constitute a

contradiction, for in order to obtain w’ If- -ip and w' lb p, the

antecedents of both conjuncts must be valid. But, if there is no

state w' e to such that <w, a, w'> e &, then the antecedents of both

35 —


conjuncts are not valid.

Since we know that:

Vw g to, Va g Si, 3w' g to s.t. <w, a, w'> g & ,

by the restriction we imposed on &, the above are contradictory.

• a is (—i[a]p => [a]—ip).

This axiom is to be accepted only when we have a complete

information state and in this case the ternary relation U becomes

a function (U:toxSc->to). Let us suppose, by contradiction, that

there is a state w such that:

w lb —i[a]p and NOT w II- [a]—ip.

By the first conjunct:

w lb —i[a]p

iff NOT w lb [a]p (by S^)

iff NOT (w' lb p, Vw' s.t. <w, a, w’> g &) (by Sa)

iff NOT w' lb p, &(w, a) = w' (by the fact that

& is a function now)

By the other conjunct:

NOT w lb [a]—ip

iff NOT (w' If- —ip, Vw' s.t. <w, a, w'> g &) (by Sa)

iff NOT (w* If- -ip, &(w, a) = w') (by the fact that

H is a function)

iff NOT (NOT w' If- p, &(w, a) = w') (by S-i)

iff w' II- p, &(w,a) = w'

which contradicts the former.

Case 2: a e T. Then, clearly Til- a.

— 36 —


Case 3: a is obtained by modus ponens from p and p => a, where

(by the inductive hypothesis) r N P and r h (p => a). We have that for

all states w if w II- r, then w lb p and w lb (p => a).

w II- (p => a) iff NOT w II- p or w lb a (by S=>)

Since (Vw s.t. w lb T) w lb p, we must have w lb a. Hence, r h a.

Case 4: [a]a is obtained from a by necessitation, where (by the

inductive hypothesis) T lb a. In other words, a is valid in all worlds

of any structure which is a model for T. Then, by Sa, [a]a is valid in

all of these worlds, and hence T lb [a]a. [End_of_Proof]

2.2.2 THE COMPLETENESS RESULT FOR THE LOGIC

The question of the Completeness of a logic is to investigate

whether any valid formula is provable in this logic by using

appropriate instantiations of axioms and the inference rules.

Results about completeness of several systems of modal logic can be

found in [B0079] and [HUG68]. Both describe the proof using the

general principle presented by Henkin in [HEN49]. In this section

— 37 —


we prove the completeness of propositional M[A]L and we take the

approach of Henkin as the basis.

We say that a formula a is c o n s i s t e n t iff - .a is not provable in the

logic (NOT H -id). A finite set of formulas (say, {oq, a n}) is said to

be c o n s i s t e n t iff we cannot prove the negation of the conjunction

of its members (NOT h - i( ocia ... A a n )). And, a consistent set of

formulas is called m a x i m a l c o n s i s t e n t if it either contains a or

contains -ice, for all formulas a.

Some properties of maximal consistent sets are (where S is any

maximal consistent set and a, (3 are any formulas):

• If h a, then a e S ;

• Either a e S or -ia e S;

• If a g S and (a =» (3) e S, then |3 e S.

LEMMA 2.2.2.a: The following are equivalent (where a is a

formula):

a) If w lh a for every state w of any structure, then h a;

b) Any consistent set of formulas is satisfiable.

PROOF: The proof of this lemma can be found in [HUG68]

and we are not going to present it here. [End_of_Proof]

Then all we need now in order to prove the completeness of our

logic is to find a method of building a model for each given

consistent set of formulas. The method we are going to present

— 38 —


consists of building a whole system of maximal consistent sets and,

then, presenting a model for it.

LEMMA 2.2.2.b (Lindenbaum's Construction) Any consistent

set can be extended to a maximal consistent set.

PROOF: The proof of this lemma can be found in most of the

books on logic such as [SH067], [END72], etc., and we are not going

to present it here. We will only show how to obtain such an

extension:

Let S be a consistent set of formulas. We first generate an

enumeration of all formulas. Now we create a sequence of sets of

formulas Sq, S j , ...» in the following way:

1. Let Sq = S;

Sj u {aj} if it is consistent,2. Si+1 = {

Sj u {—icxi) otherwise.

3. Let T be the union of all S^s. Then T is maximal consistent and

contains S. [End_of_Proof]

The next theorem is used to help the prove of the lemma 2.2.2.C

which is used in the prove the completeness theorem.

THEOREM2.2.2.a: For formulas a , p , and action a, the

following and its converse are theorems of propositional M[A]L:

39


[a](a a p) => ([a]a a [a]p).

PROOF: We first observe that the propositional logic can be

formulated using axioms AXM1, AXM2 and AXM3 together with

modus ponens. Hence, every tautology is also a theorem of

propositional M[A]L. Then we have:

1. [a](a a p) => ([a]a a [a]p):

I- (a a p) => a (tautology)

By necessitation we have:

h [a]((a a p) => a)

H [a]((a a p) => a) => ([a](a a p) =» [a]a)

f- [a] (a a P) => [a] a

The same argument can be used to obtain:

h [a](<XAP)=>[a]p

Now, we can obtain the conclusion using the tautology

(p => R ) =» ((p =» S) => (P => (R a S)))

and two applications of modus ponens.

2. ([a]a a [a]p) => [a](a a P):

h a => (P => (a a p)) (tautology)

(AXM5)

(by modus ponens)

— 40 —


By necessitation we have:

b [a](a => (p => (a a P)))

b [a](a => (p => (a a P))) =» ([a]a => [a](P => (a a p))) (AXM5)

b [a]a => [a](P => (a a P)) (by modus ponens)

b [a](p =» (a a p)) =* ([a]P => [a](a a p)) (AXM5)

Now, using the tautology

(P => Q ) =» ( ( Q => R ) => (p => R ))

and two applications of modus ponens we obtain:

b [a]a =>([a]p=>[a](otAP))

We obtain the conclusion from the tautology

(P = » ( Q = » R ) ) => ((P A Q ) => R )

and modus ponens. [End_of_Proof]

LEMMA 2 . 2 . 2 . C : If the set of formulas {[a]oq, [a]an, —<[a]p} is

consistent, then {oq, a n, -ip} is consistent.

PROOF: Let us suppose that {cq, ...» a n, —iP} is inconsistent. Then:

b —»(0q A ... A (Xjj A *~ip)

then, by necessitation we have:

— 41 —


b [a]-i(cqA ... a Ojj a -iP)

h [a]-i(cci a ... a Oj, a -,p) => -t[a](aj a ... a an a -ip)

h - i[a ] (a i A ••• A a n A “’P)

(AXM5)

(by modus ponens)

now, with n applications of the theorem 2.2.2.a and modus ponens

we have:

h -i([a]aj a ... a [a]an a [a]—>P)

Then {[aja^, ..., [a]an, [a]-iP) is inconsistent and hence {[a]cq, ..., [a]an,

—i[a] P} is inconsistent (from AXM5 and modus ponens) which

contradicts the hypothesis. [End_of_Proof]

For our logic we do not want to have simply a maximal consistent

set but instead a whole system of maximal consistent sets

built in the following way:

1. Tj is obtained as a maximal consistent extension of the given

set;

2. For every Tj and for each formula of the type —i[a]a e Tj we

generate a new maximal consistent set Tj (called s u b o r d i n a t e

to w i th re s p e c t to the ac t ion a ) starting with -ia and the

set S = (P I [a]p e Tj) (note that - .a and S is consistent, by the

lemma 2.2.2.c) .

Now, we are in a position to present the verify ing m odel ® =

— 42 —


< to, ast, t) > :

- We identify each Tj of the system of maximal consistent sets

with some state, called for simplicity wj. Let to be the set of all

such states.

We form the accessibility relation in such a way that:

<wj, a, wj>€ Z iff the corresponding Tj is a subordinate set of Tj

with respect to the action a.

- Let t>(wj, p) = T if p g T[ and t>(wj, p) = F, otherwise, for all states

wj, propositions p and where Tj is the maximal consistent set

associated with wj.

It is easy to see that © is a structure and we only show that ©

satisfies the restriction:

Vw g to, Va g St, 3w' e to s.t. <w, a, w’> g &,

which is done by the next lemma.

LEMMA 2.2.2.d: Let © be the structure described above. Then

® satisfies the restriction:

Vw € to, Va g St, 3w' g to s.t. <w, a, w'> e Z .

PROOF: Let Tj be any maximal consistent set of the construction

above. Then for any action a and formula a we have that [a]a e Tj or

—i[a]a g Tj, by property of maximal consistent set. Then we have the

possibilities:

• -Ta]a g Tj. Therefore, by construction of the system of maximal

43 —


consistent sets, there is a maximal consistent set Fj subordinated

to T [. And, by definition of ffi, for the state wj identified to rj

there is a state wj identified to Tj such that <wj, a, wj> g & .

• [a]a g F:. Let -ip = a, then, by axiom AXM5 and property of

maximal consistent set we have that ([a]-ip => —i[a](3) g Tj. Hence,

by property of maximal consistent set, —i[a]P g Tj . Now, the

conclusion is derived as in the case above. [End_of_Proof]

Now, we need to show that ® is indeed a verifying model. In other

words, we need to prove for all formulas a that wj lh a if a g Tj and

NOT lh a otherwise. We will do this by induction on the structure

of the formula:

• If a is a propositional symbol, then it holds by the definition of

the structure ® and satisfiability ( lh).

• The formula is of the form -iOc. Suppose that a g T, then - .a e T

(by property of maximal consistent sets) and w If- a, by the

inductive hypothesis, hence NOT w II- -ia. On the other hand, if

a e T, then -ia g T (by property of maximal consistent sets) and

NOT w Ih a, by the inductive hypothesis, hence w lh -.a .• The formula is of the form a v p:

a) If a v p g T, then a g T or p g T, for if a e T and p e T, then

- ia g T and - ^ P e T, and hence - i c e a -ip g T and - . ( a v p) g T (by

properties o f maximal consistent sets) which contradicts the

— 44


hypothesis, for we cannot have a v p e r and -i(a v p) e r (by

consistency of r). Let us suppose then that one of then, say a,

belongs to w, then w If- a, by the inductive hypothesis. Hence w lh

a v p, by the definition of Ih . If both are in w, then it comes to

the same argument.

b) If, on the other hand, a v p e r, then -i(a v p) e r (by property

of maximal consistent set) and then, by a similar argument, -icx e

T and - . p e T , hence a e r and p r. Then, by the inductive

hypothesis, NOT w lb a and NOT w If- p, and therefore NOT w lh

a v p (by the definition of If-).

• The formula is of the form [a]a:

a) If [a]a e Tj, then a e Ij for every subordinate set Tj to Tj with

respect to the action a (by construction of the Tj's). Hence wj II- a,

for all wj such that <wj, a, wj> e % (by the inductive hypothesis).

Then w If- [a]a.

b) If [a]a e Tj, then -i[a]a e Tj (by property of maximal consistent

sets), -ia e Ij for some subordinate set Tj to Tj with respect to the

action a and wj II- -i<x, by the in d u ctive h y p o th esis . H ence,

NOT wj Ih a , by constraint S-i and therefore, NOT w Ih [a]a, by

constraint Sa. Finally, by constraint S-i, we obtain Wj Ih -.[a]a.

2.3 State-based Semantic tableaux


The tableau method for propositional classical logic due to Hintikka

([HIN55]) and Beth ([BET59]) is nicely presented in [SMU68]. We are

going to refer to this method as the t r a d i t i o n a l t a b l e a u s y s t e m or

the n o r m a l t a b l e a u s y s t e m or simply the t a b l e a u s y s t e m , when no

ambiguities arise. As an introduction to this system, we begin by

noting that every conjunct of the form p a -ip is unsatisfiable in any

structure. So, to verify if a given formula is unsatisfiable one might

put the formula in its disjunctive form and look at every conjunct:

if they are all unsatisfiable (i.e., they all contain the subformula p a

-ip), then the formula is unsatisfiable. A Semantic Tableau is a

method for obtaining the disjunctive normal form of a given

formula in a tree-structure in such a way that each disjunct

occupies a branch on this tree. The second step is to look for

unsatisfiable subformulas in all possible branches on the tree. We

call these branches c l o s e d and we say that a Tableau is a c l o s e d

T a b l e a u if all branches in the tree are closed.

Now, we give some definitions:

DEFINITION 2.3.a: A branch 0 of a tableau Z is said to be a

c l o s e d b r a n c h if it contains a and -.a , for any formula a.

DEFINITION 2.3.b: A tableau Z is said to be a c l o s e d t a b l e a u if

each branch in it is closed.

— 46 —


In this section we extend these ideas about Tableaux in order to

support the notions of state transitions by execution of actions of

propositional M[A]L. First, we present the rules for the

propositional tableau system and, then, we give the rules for the

propositional M[A]L tableau system. In order to give a better

understanding of the concepts presented in this section we present

some examples of applications of the tableau rules in section 2.3.2.

The rules for the propositional tableau system are given below,

followed by some explanations. Let a and P be formulas (a, p e f),

then:

(T—i—i) —i—iOc

a

(Ta) a a p (T-ia) - i(a a p )

OC —i (X I —iP

p

47 —


(Tv) a v p (T-iv) -.(a v p)

a I p — i o t

- p

(T=>) a => P (T-,=») -,(a => P)

— i o t I P a

E XP LA N A TIO N S:

• The rule T-i-. means that if - in a occurs in a branch, then a may

be added to the end of this branch.

• The rule Ta means that if a a p occurs in a branch, then a and p

may be added to the end of this branch.

• The rule Tv means that if a v p occurs in a branch, then the end

of this branch may be split into a left and a right continuation,

and a may be added to one side and p to the other.

The rules for the propositional M[A]L tableau system are those

presented for the propositional tableau system together with the

rules given below.

— 48 —


In the following rules we introduce the operator X for which we

give an explanation: the idea is to have one Tableau (tree)

corresponding to each state. So, the operator X applied to a set of

formulas T generates a new Tableau with the elements of T. And, if

the new tableau is closed, then so is the original branch.

Let a be an action (a e Sc), a and P be formulas (a, p g f ) and T the

set of formulas on the branch, then:

(Ta) [a]a

N((P I [a]p e r})

(T—ia) —i[a]cc

X({p I p = -.a or [a]p e T})

NOTE: If we are dealing with a complete information state then the

rules Ta and T-ia become just one:

(Ta’) [a]a or -i[a]a

X(p I [a]p e T or (—i[a]cp e T and P = -i(p))

49 —


As described by Fitting [FIT83], "the tableau rules are permissive,

not mandatory. They say what one may do, not what one must do.

Thus there may be more than one proof to one formula. Tableaux

are non-deterministic". Deterministic versions of the tableau rules

may be introduced (as in [SMU68]).

2.3.1 CONSIDERATIONS ON STRATEGY

• In order to obtain a systematic tableau Smullyan suggests (in

[SMU68]): "... to work downwards i.e. never to use a line until all

lines above it (on the same branch) have been used". As he

pointed out this method has problems of efficiency. Thus he

suggests another approach: "... to give priority to rules that do

not split the branch - i.e. to use up all such lines at hand before

using the others. In this way one will omit repeating the same

formula on different branches; rather it will have only one

occurrence above all those branch points".

50 —


• One can use the strategy above in a certain goal oriented way:

giving priority to the formulas that contain the propositional

symbol of the formula we are trying to prove.

• It is recommended that rules T-ia and Ta should be given lower

priority than the others, and Ta lower than T-ia.

• Dealing with a complete information state, the rule Ta' can be

implemented as follows: Create a new data base with the a's and

-ice's of all formulas of the type [a]a and -i[a]a, respectively.

• If we have an incomplete information, then the rules Ta and T-ia

can be implemented as follows: Give higher priority to T^a than

to Ta; When one applies the rule T-»a, he should take the p's of

all formulas of the form [a]p with the same action and the n a of

the formula being applied (—«[a]oc). If there is any formula of the

type -i[a]a, then there is no need for using the rule Ta.

• More discussions about strategy for implementation are given in

chapter 5.

2 .3.2 Ex a m p l e s

In this section we present some examples in order to give a

visualization of the usage of the tableau rules. We tried to provide

— 51 —


simple examples with the proof of some axioms and characteristic

theorems (or nontheorems) of the logic, which could give an

introductory overview of the kind of formulas are the theorems

(nontheorems) of propositional M[A]L.

EXAMPLE 2.3.2.a: Let us try to prove the formula p => [a]p. A

possible tableau is:

1. —.(p => [a]p)

2 . p

3. —«[a]p

(the denied formula)

(by T-i=>)

(by T-.=>)

The only rule we can apply is T-ia obtaining the new tableau:

3.1. -ip (from 3)

which cannot be closed, hence we cannot prove this formula. The

reader can easily verify by a similar proof construction that the

converse of the formula above is not a theorem of propositional

M[A]L either. [End_of_Example]

EXAMPLE 2.3.2.b: Let us prove the theorem:

[a] (p =» q) => ([a]p =» [a]q>

— 52


1. —«([a](p => q) =» ([a]p => [a]q)) (the denied formula)

2. [a](p =» q) (by T-i=»)

3. —>([a]p => [a]q) (by T ^ = > )

4. [a]p (from 3, by T-i=>)

5. —»[a] q (from 3, by T-i=>)

from 5 and by T-ia we obtain the new tableau:

5.1. P (from 4)

5.2. -iq (from 5)

5.3. p => q (from 2)

5.4.

✓ \-.p q (from 5.3, by Tv)

Then we have a closed tableau. [End_of_Example]

EXAMPLE 2.3.2.c: Let us prove the theorem:

([a]aA[a]p)=>[a](aAp)

1. —<(([a]oc a [a](3) =» [a](a a P)) (the denied formula)

2. [a]a a [a]P (from 1, by T-i=>)

3. -•[a](a a P) (from 1, by T-i=>)

4. [a]a (from 1, by Ta)

— 53 —


5. [a]|3 (from 1, by Ta)

From 3 we create a new tableau:

3.1. a (from 4)

3.2. P (from 5)

3.3. -,(a a P)

/ \

(from 3)

3.4.

>>

—i(X —iP (from 3.3, by T-ia)

Then we have a closed tableau. [End_of_Ex ample]

EXAMPLE 2.3.2.d: Let us prove the theorem:

[a](a A P) => ([a]a a [a]0)

1. -i([a](a a P) => ([a]a a [a]p)) (the denied formula)

2. [a](a a p) (from 1, by T-ia)

3. -n([a]a a [a]P)

/ \

(from 1, by T-ia)

4. -i[a]a —.[a]p (from 3, by T-tA)

From the left hand side of 4 and by T-ta we obtain the new tableau:

4.1. a a p (from 2)

4.2. —i ot (from left hand side of 4)

— 54 —


4.3. a (from 4.1, by Ta)

4.4. (3 (from 4.1, by Ta)

which is closed. And from the right hand side of 4 we obtain:

4.1. a a p (from 2)

4.2. - p (from left hand side of 4)

4.3. a (from 4.1, by Ta)

4.4. p (from 4.1, by Ta)

which too is closed. Then, the initial tableau is closed. [End. _of_Example]

EXAMPLE 2.3.2.e: Let us prove the theorem:

([a]a v [a]p) => [a](a v P)

1. -i(([a]a v [a]p) => [a](a v p)) (the denied formula)

2. ->[a](a v P) (from 1, by Tv)

3. [a] a v [a]P (from 1, by Tv)

(from 3, by Tv)

From the left branch and T-ia we obtain a new tableau:

4.1. -i(a v p) (from 2)


4.2. a

4.3. - ,a

4.4. —i P

which is closed.

(from 4)

(from 4.1, by T-.v)

(from 4.1, by T-iv)

The right hand side can be closed in the same

way. Hence, the tableau is closed. [End_of_Ex ample]

EXAMPLE 2.3.2.f: Let us try to prove the formula:

[a](avp)=>([a]av[a]p)

1. -'([a](a v (3) => ([a]a v [a]p)) (the denied formula)

2 . [a] (a v P) (from 1, by T-i=>)

3. -,([a]a v [a]P) (from 1, by T-i=>)

4. —i[a]tt (from 3, by T-iv)

5. —'[a] P (from 3, by T-iv)

Now, if we have incomplete states of information, we can generate

three new tableaux from 2, 4 and 5 having the set of formulas

( a v p ) , { a v p , -.a} and (a v p, -ip}, respectively. The reader can

easily verify that none of the new tableaux can be closed.

But if we are dealing with complete states of information, then we

generate only one tableau:

5.1. a v p

5.2. -ia

(from 2)

(from 4)


5.3. -ip (from 5)

which can be closed by just one application of Tv. [End_0f_Exampie]

EXAMPLE 2.3.2.g: Let us suppose that states of information are

complete and prove the theorem:

([a]p => [a]q) => [a](p => q)

1. —>(([a]p =* [a]q) => [a](p => q))

2. —»[a](p => q)

3. [a]p => [a]q

4. —.[a]p [a]q (from 3, by T=>)

From the term on the left of 4 (—»[a]p) and by Ta' we obtain the new

tableau:

1. -.p

2. i(p => q)

3. p (from 2, by T-i=>)

4. -iq (from 2, by T-i=>)

(the denied formula)

(from 1, by T-i=>)

(from 1, by T-.=>)

which is closed. And from the term on the right of 4 ([a]q) and by

Ta' we obtain the new tableau:


1. q

2. -.(p =* q)

3 . p

4. —iq

(from 2, by T-i=>)

(from 2, by T-i=>)

Thus, we have a closed tableau. [End_of_Example]

2.3.3 CONSISTENCY OF THE TABLEAU SYSTEM

In this section we prove the correctness of the propositional M[A]L

tableau system, i.e., we show that no formula and its negation are

both provable by this system.

We start with some definitions:

• Let T be a set of formulas. We write w If- T to mean that w lh a for

all a e T.

• Let T be a set of formulas. We say that T is satisfiable if there is

a structure <to, &, t» and some state w e to such that w II- T.

• A branch of a Tableau is said to be satisfiable if the set of its

formulas is satisfiable. A Tableau is said to be satisfiable if it has

some satisfiable branch.

LEMMA 2.3.3.a: The tableau rules preserve satisfiability. In

other words: If a tableau % is satisfiable then the tableau

obtained from the application of a single rule to ^ is satisfiable.

— 58 —


PROOF: Let Z be such a satisfiable tableau. Z must have at least

one satisfiable branch, say 0, and may have some non-satisfiable.

Then, we have two possibilities: The rule can be applied to a

satisfiable branch or not.

F irs t c a se - The rule is applied to a non-satisfiable branch:

In this case, each branch which was originally satisfiable remains

unaltered, i.e. it is still satisfiable and hence the new tableau is

satisfiable.

S e c o n d c a se - The rule is applied to a satisfiable branch, say 0:

Let us suppose that 0 consists of a set of formulas T and a formula y

to which the rule is applied. As 0 is satisfiable there must be a

structure <to,&,l>> with some state, say w, s.t. w IF T and, in

particular, w lb y. We note that the new branch, say 0’, must contain

the formulas of T and y, and we still have that w II- T and w lb y:

• T—i—i is the rule to be applied. Then, y is of the form - in a and the

new branch 0' is obtained from 0 by adding a . Note, again that

w lb Then by double application of the constraint S-c w lb a.

Hence 0' is satisfiable.

• T a is the rule. Then, y is of the form a a p and the new branch 0'

is obtained from 0 by adding a and p. But, we have that w lb y i.e.,

w lb a a p iff w lb a and w lb p. Hence 0' is satisfiable.

— 59 —


• If the rule is T-iv or T-i=», then the argument is similar.

• Tv is the rule. Then, y is of the form a v p and 0 is replaced by

two branches, say 0' and 0” generated from 0 by addition of a

and p, respectively. We have that w lb a v p iff w lb a or w lb p.

Let us suppose that w lb a. Then, 0' is satisfiable. On the other

hand, suppose that w lb p. Then, 0M is satisfiable.

• If the rule is T-ia or T=>, then the argument is similar.

• Ta is the rule. Since w lb {y I y = [a]a e 0}, for every state w' e to

such that <w, a, w'> e we have w' lb {a I [a]a e 0}. Note that by

the restriction we imposed on the accessibility relation &, which

states:

Vw e to, Va e St, 3w' e to s.t. <w, a, w'> e &,

there is at least one state w' e to such that <w, a, w’> e &. Then, the

new tableau is satisfiable (for each of those next states w'). Hence

0' is satisfiable.

• T-ia is the rule. Let Z be the set of formulas of the form [a]a in 0.

The formula y is of the form -i[a]a and w lb -i[a]a and w lb I. Note

that:

w lb -i[a]a and w lb Z

iff NOT w lb [a]a and w lb Z (by S-i)

iff NOT (w' lb a, for all w' s.t. <w, a, w’> e &)

and w lb Z (by Sa)

iff (3w' s.t. <w, a, w*> e H and NOT w' lb a) and w lb Z

— 60


iff (3w' s.t. <w, a, w’> e Z and w' lh na) and

(Vw' s.t. <w, a, w’> e Z and w' II- 8, for all [a]5 e Z)

(by S-i and Sa)

Then 3w' s.t. <w, a, w'> e Z , w' Ih —ia and w' Ih 8, for all [a]5 s Z.

Hence, 0' is satisfiable.

• If we are dealing with complete state of information and the rule

is Ta', then the proof is similar, considering the fact that there is

only one possible next state. [End_of_Proof]

We adapted the conclusion from [SMU68]: "A closed tableau

obviously cannot be satisfiable, hence the origin of a closed tableau

cannot be valid in any structure. From this it follows that every

formula provable by the tableau method is c o n s i s t e n t in the sense

that no formula and its negation are both provable (since no

formula and its negation can both be valid)".

2.3.4 COMPLETENESS OF THE TABLEAU SYSTEM

In this section we are going to consider the following question: is

any valid formula proved by some tableau? In fact, we will create

— 61


a notion of complete tableau and then show that if a is a valid

formula, then every complete tableau for -ice will be closed.

Completeness results for tableau systems are presented by

Smullyan in [SMU68] for classical logic. Smullyan presentation

"involves the invention of a systematic procedure for constructing

tableaux (complete tableaux), one that 'eventually does everything

that can be done'. Then one shows that a failed systematic attempt

to create a closed tableau for -ice will contain enough information to

construct a counter-model to a , hence a is not valid." [FIT83].

Extending the method presented by Smullyan to our logic (or other

modal logic), one may encounter some difficulties in keeping track

of the new tableaux originated in the construction.

Fitting presents in [FIT83] the completeness result of the tableaux

method for various systems of modal logic in two different ways: 1)

using a Lindenbaum type construction: "one extends a consistent set

to a maximal consistent one, and uses it to construct a model"

[FIT83] and 2) lifting the method presented by Smullyan with the

notion of Prefixed Tableaux in order to facilitate book keeping.

We choose the second presentation by Fitting as the basic approach

to be adapted to our logic.

We start with some definitions:

62


• Every formula of the form x a y, —»(x v y), -i(x => y) and —i—ix is said

to be of the type a.

• We define the components oti and a 2 of a formula of type a by

the table:

a 1 CL1 1 a o

x a y 1 x 1 y

-■(X v y) 1 —iX 1 -•y

>(x => y) 1 X 1 -•y

1 *x 1 X 1 X

• Every formula of the form x v y, —i(x a y) and x => y is said to be of

the type p.

• We define the components Pi and P2 of a formula of type p by

the table:

H 1 Bi 1 P-0

x v y 1 x 1 y

>(x a y) 1 —iX 1 ->y

x => y 1 —iX 1 y

• Note that one branch may involve more than one tableau and

then, one formula can occur more than once (in the different

possible tableaux) in the same branch. We are going to name

— 63 —


each tableau occurring in a branch by the sequences of symbols

a, a', a", ... . Now, for each branch, any formula x in a tableau a is

uniquely identified by the pair (a , x). This definition is a

variation of the one presented by Fitting in [FIT83] under the

name of Prefixed Tableaux. From now on, we are going to make

use of this pair in order to refer to a formula.

Let 0 be a branch of a tableau. The tableau a generated by

application of the rule Ta or T-ia to a formula of 0 is said to be

s u b o r d in a te d to 0 .

A branch 0 of a tableau a is said to be c o m p l e t e if it satisfies the

following conditions (where £ is the set of formulas in 0 , a is an

action and x is a formula):

Cl: if (a, a) e £, then (a, 0 4 ) e £ and (a, 0C2) <= £;

C2: if (a, (3) e £, then (a, Pi) e £ or (a, P2) e £.

C3: if (a, [a]x) e £, then (o', x) belongs to every tableau o' that

can be generated by application of the rule Ta (or T-ia) to

any formula (a, [a]y) (or (a, —i[a]y)) of 0 ;

C4: if (a , -«[a]x) e £, then (a*, -ix) belongs to the tableau o'

generated from a by application of rule T-ia to (a, —>[a]x);

C5: Every branch of every tableau which is subordinated to 0

is also complete or closed.

We say that a tableau a is complete if every branch of a is either

closed or complete.


• A branch 0 of a tableau a is said to be a Complete Open Branch (9

g COB) if it is open and every one of its subordinated tableaux

contains at least one open branch (which is also complete, by

recursivity on the definition of complete branch).

THEOREM 2.3.4.a: Any Complete Open Branch of any tableau is

satisfiable.

PROOF: Let 0 be a complete open branch of a tableau a and Z be

the set of formulas of 9 together with the formulas of the tableaux

cr’, a", ... which are recursively subordinated to 0. We construct a

structure <to,&, t» by associating to to the set {a, a', a", ...} of tableaux;

The relation & is formed by the ternaries <o\ a, a"> s.t. the tableau a"

is subordinated to the tableau a' with respect to the action a; and

satisfying the conditions (for every propositional symbol p and

every state a g to):

a. if (a, p) g Z, then t>(a, p) = T,

b. if (a, -ip) g Z, then t>(a, p) = F, and

c. if neither (a, p) nor (a, ->p) is an element of Z, then \>(c, p) can

be given any value. We give the value F, by definition.

It is easy to check that we have acquired, in fact, a structure.

We assert that for every pair (c, x) g Z we have a II- x, and we prove

this by induction on the structure of the formulas:

65 —


CASE 1: The pair (a , p) is in Z, for some a e to and a

propositional symbol p. Since V(a, p) = T, we have a If- p.

CASE 2: The pair (a, a) is in Z. Then (a, a j) and (a, (X2 ) must

also be in Z (by Cl). By the inductive hypothesis, a lr and a If- ot2

for both a i and <X2 of lower degree. Hence, a If- a.

CASE 3: The pair (a, p) is in Z. Then (o, p ) or (a, P2 ) must also

be in Z (by C2). By the inductive hypothesis, a If- pj or a lh P2 .

Hence, a If- p.

CASE 4: The pair (a, [a]x) e Z. Then (o', x) e Z Va' e in such that

<ct, a, g’> g % (by C3). By the inductive h yp oth esis , we have a' lh x,

Va' e to such that <a, a, & > e £ . Hence, a If- [a]x.

CASE 5: The pair (a, -i[a]x) e Z. Then (a\ -ix) e Z, for som e a'

e to s.t. <a, a, a'> e Z . B y the inductive hypothesis, we have a' If- -ix,

for some a' e to s.t. <a, a, a ’> e Z . Then NOT a' If- x, for all a' e to s.t.

<a, a, a’> g Z . Hence, NOT a If- [a]x. In other words, a If- —i[a]x.

Thus, Z is satisfiable in this structure. [End_of_Proof]

THEOREM 2.3.4.b: (Tableau Completeness) If a formula x is

valid in all models, then x has a tableau proof.

— 66


PROOF: Let us construct a complete tableau V starting with -ix. If

it is open, then -ix is satisfiable, by the previous theorem. Hence x

cannot be valid. Thus V is closed and x has a tableau proof.

[End_of_Proof]

2.4 logical Consequence

"Classically, to say that a formula a is a logical consequence of a set

T of formulas means that a is valid in every structure in which all

members of T are valid" (from [FIT83]). Note that for our logic we

have defined two notions of validity: A formula a can be valid in a

possible state and it can be valid in all states of a given structure.

Thus, we need to have (at least) two notions of logical consequence

as well. In the following we give this notions as appears in [FIT83]:

L O G IC A L C O N S E Q U E N C E IN A STATE: We are going to use the notion

of sequent introduced by Gentzen (see [SZA69]) slightly modified by

— 67 —


using sets instead of sequences of formulas: By a s e q u e n t w e

mean an ordered pair <T, 0 > of sets of formulas. We shall use the

notation r O which can be read as saying: if all elements of r are

true in a state, then at least one element of O is true in that state.

Then, we extend the notion of satisfiability relation presented in

section 2.1.2: Given a structure ® = <to, &, t>>, the sets T and O of

formulas and a state w e la, we write w 1H T O to mean:

If w If- T, then w II- a, for some a e O.

And we say that the sequent is valid in this structure if it is

satisfiable by every state w e to.

With the definition above we can capture the notion of "logical

consequence in a state" and the members of the set of formulas on

the left hand side of the sequent are called "local assumptions".

During the development of a system specification, this concept can

be used in order to derive consequences of the theory presentation

of a particular state of information. As an example, the local

assumption can be used to embody axiomatic specification of the

initial state of the system and, therefore, this notion of consequence

can be used to derive consequences from the initial state.

L O G IC A L C O N S E Q U E N C E IN A ST R U C TU R E : We are going to use the

double turnstile (h) to denote the "holds in each model" version of

logical consequence: "We write 'F h T -> O to indicate: T -> O is valid

in every model in which all the members of are valid." (where VF,

— 68 —


T and O are sets of formulas). The members of *F are called "global

assumptions".

During the development of a system specification, this concept can

be used in order to express the properties of the system which are

meant to be valid throughout the system execution. Therefore, the

set of global assumptions actually represents the axioms of the

theory presentation of a system specification.

Some properties of the definitions above can be found in [FIT83].

Now, we are going to present the extension of the Tableau System

in order to incorporate the above notions (as described by Fitting):

Let T, O and 'F be arbitrary sets of formulas. By a tableau for O

using members of T as local assumption and members of *F as

global assumptions we mean any tableau that:

1) Begins by putting down a finite subset of O;

2) Proceeds according to the usual tableau rules;

3) But which allows the following two assumptions rules:

L O C A L A S S U M P T IO N R U L E : Before any of the usual tableau

rules are applied, any member of T may be added to the

end of the branch;

G L O B A L A S S U M P T I O N R U L E : At any point in the tableau

— 69 —


construction, any member of may be added to the end of

any branch;

EXAMPLE 2.4.a; Lei us prove the formula [a]cc, having as global

assumption the formula a:

(a) h {} -» {[a]a}

1 . -t[a]a (the denied formula)

From 1 and by T-.a we create a new tableau:

1 .1 . -.a

1 .2 . a (global assumption rule)

then we have a closed tableau. [End_of_Exampie]

2.5 Conclusion

If we compare the FOREST propositional dynamic sublogic with the

usual systems of modal logic we see that the former has a great

similarity to serial modal logic (or deontic modal logic as in [FIT83]).

— 70 —


One obvious difference between the two formulations is the notion

of action in the M[A]L system. Thus, the important consequence of

the results in this chapter is that Kripke models and tableau

systems are adequate for the characterization problem of M[A]L, as

is the case for many modal logics. The advantage of this is that we

can inherit some of the results available for those modal systems

(and we are going to make more use of this in the following

chapters).

A prototype of a tableau system for propositional M[A]L was

implemented using POPLOG, version 9 and is running on a VAX

computer.

— 71

Chapter 3

Characterization of First Order M[A]L

In this chapter we extend the results of the previous chapter as we

add quantification to the logic and reformulate its syntactic and

semantic characterization. This constitutes the central results for

the characterization of M[A]L in a sense that the following chapters

are going to take these results into account. In order to explain how

these links are structured we list below the main connections

between the following chapters and this chapter.

Chapter 4 extends the results of this chapter for a logic with more

components. Chapter 5 describes general procedures for

implementing the theorem prover presented in this section. Also in

chapter 5 a resolution system for first order M[A]L is derived from

a tableau system of this section. Chapter 6 presents a tool based on

a tableau system of this chapter for animating M[A]L system

specifications. Thus, the results of this chapter represent a general

72 —

3. Characterization of First Order M[A]L

framework which each of the following chapters is going to refer to

and use in distinct ways.

The logic has originally been proposed with the Barcan formula and

its converse (see axiom AXM8 of section 3.1.1). It is our intention

to take into account a wider variety of systems. Thus we should

consider the different variations of the axiom AXM8 . The same

comment is applicable to the concept of a term being rigid or non-

rigid. In most of the cases these changes cause modifications in

other axioms as well. We are going to consider here mainly the

system in its original formulation and present brief discussions of

the variations mentioned above.

Unlike the previous chapter, here we make strong connections with

other logics already in the public domain and use well established

results (like the unification theorem, etc.) without showing the

proof. We also assume that the reader is familiar with the meaning

of terms like substitution, Herbrand’s theorem, etc.

We give a presentation of first order M[A]L in section 3.1. In section

3.2 we present a discussion of the semantics together with proofs of

soundness and completeness. In the next section (section 3.3) we

discuss the tableau systems for first order classical logic and

present a version with unification which is proved to be sound,

complete and efficiently implementable on a computer. In section

3.4 we present the tableau systems for first order M[A]L as

extensions for the system of section 3.3.

— 73 —


3.1 CONSIDERATIONS ON THE LOGIC

The possibility of having either complete or incomplete information

in states led us to have two different systems and formalizations of

the logic as described in the previous chapter. Obviously,

concerning the completeness of the information in states, we still

have to deal with these two different versions of the logic.

Moreover, the addition of quantifiers brings the possibility of

different combinations of the domains for each possible state, viz.

constant domains, cumulative domains, etc. Thus, besides the two

versions of the logic considered we would like to consider some

other variations, especially those relating to the Barcan formula

(axiom AXM8 below). But, as the change of this axiom now implies

modifications in other axioms as well, we are going present in this

section the logic as it appears in [JER86] and [MAI87]. In section 3.3

we make some discussions about the interpretation of some of

these variations and in chapter 5 we present some suggestions for

obtaining the theorem provers for these logics.

— 14


3.1.1 PRESENTATION OF THE SYNTAX

In this section we present the syntax of the first order M[A]L. The

logic was originally presented, in [MAI87] and [KH088], using

axioms and inference rules, the so called Hilbert style; In this thesis

we preserve this original form of presentation. We extracted the

syntactic part of the logic from [JER86] and [MAI87] as follows:

LANGUAGE:

• First order components:

- Constant symbols: a denumerable set of constants denoted by

b, c, d and their subscripted forms.

- -Variables: a denumerable set of variables denoted by x, y, z

and their subscripted forms.

- Functions: a denumerable set of functions denoted by f, g, h

and their subscripted forms.

- Predicate symbols: denoted by P, Q, R, S and their subscripted

forms.

- Punctuation: "(", ")” and

- Logical connectives: "-i" and "v".

- Quantifiers: the existential (3 ) and the universal (V )

quantifiers.

• Modal components:

- Actions: denoted by the symbols a, alf ....

- Modal connective: [_] is used to form modal formulas.

— 75


FORM ATION RULES:

• Terms:

- Any variable or constant symbol is a term.

- If t!.... tn (n> l) are terms and f is a function of arity n,

then f(tlt...,tn) is a term.

- No expression is a term unless it is compelled to be one by the

above.

• Atomic formulas:

- If P is a predicate of arity n (n > l) and tj.....tn are terms, then

is an atomic formula called c la s s ic a l a to m ic f o r m u la .

- If a is a formula and a is an action, then [a]a is an atomic

formula, called a m o d a l a to m ic fo rm u la .

- No expression is an atomic formula unless it is compelled to

be one by the above.

• Formulas:

- Any atomic formula is a formula.

- If a is a formula, then (-ia) is a formula.

- If a, P are formulas, then (a v p) is a formula.

- If a is a formula, then 3x a and Vx a are formulas.

- No expression is a formula unless it is compelled to be one by

the above.

FURTHER OPERATORS:

• We introduce three new operators a , => and <=>, by the definitions

(where a and p are formulas):

— 76 —


(a a p) - df ( i ( (n a ) v (-ip))

- (a => p) =df ((-.a) v p)

- (a <=> P) =df ((a => p) a (p => a))

DEFINITION 3.1.1.a: Let a be a formula and x a variable of

our language. We say that the variable x o c c u r s f r e e in a under

the following conditions:

1. If a is a classical atomic formula and x is a symbol of a.

2. If a is a formula of the form -.p and x occurs free in p.

3. If a is a formula of the form p v 8 and x occurs free in p or in 5.

4. If a is a formula of the form 3y p or Vy p and x occurs free in p

and y * x.

5. If a is a formula of the form [a]p and x occurs free in p.

6. No occurrence of a variable x in formula is free unless it is

compelled to be free by the above.

DEFINITION 3.1.1.b: Let a be a formula, x a variable and t a

term of our language. By a(x/ t) we mean the expression

resulting from replacing every free occurrence of x in a by t. And

we say that the variable x is s u b s t i t u t a b l e by the term t in a in

the same way as in classical logic (cf. [END72] and [SH067]).

Informally, this means that none of the variables of t (if any)

becomes bound in a when t is substituted for x in a.

— 77 —


A X IO M S:

• If a , p, y are formulas, t is a term and a is an action, then we

have:

AXM1. (a => (P => a))

AXM2. ((Y =Ka => P)) => ((Y => a) => ( Y =* P)))

AXM3. (((-,«) =» (-ip)) => (((-a) => P) =* a))

AXM4. (W(a =» P) =» ([a]a => [a]p))

AXM5. «[a](-ia)) =» (-i[a]a))

AXM6. (Vx a) => a(x/t), where the variable x is

substitutable by the term t in a.

AXM7. (V x (a => p)) => (a =» Vx P),

where a contains no free occurrences of x .

AXM8. Vx [a]a «=* [a]Vx a

AXM9. t = t

AXM10. VxVy( ( aAx = y) => a(x / y )),

where y is not within the

scope of a modal operator.

i 00 1


RULES OF INFERENCE:

Rl. h a, h (a =» P) modus ponens

H P

R2. h a "necessitation"

I- [a]oc (where a is any action)

Here " h a ” means that a can be recursively derived from proper

instantiations of the axioms and applications of the rules of

inference above.

3.1.1.1 Considerations on Notation

Most of the time we are going to refer to a formula by its form. For

example, a formula of the form a a p will be called a conjunction ,

a v p a disjunction, etc. Then we need to be sure that, for example,

no conjunction can also be a disjunction and similarly with the

other connectives. In other words, we want to know if there is

more than one way of reading a formula of M[A]L. It can be

demonstrated that there is only one way of decomposing a formula

into another formula (cf. [END72] for the classical components of the

— 79


logic).

When no ambiguity arises, we are going to write a formula without

its outermost parentheses. Then, for example, the formula:

(([a](-iP(x))) => (-.[a]P(x)))

becomes just:

[a ]-P (x ) => -n[a]P(x).

3.1.1.2 Correspondence Theory

The objective of this subsection is to make strong connections

between the logic we are presenting and existing systems of modal

logic, viz. the system of serial modal logic. The advantage of doing

so is that we can inherit some of the available results.

The serial modal logics are presented by Fitting (cf. [FIT83]) under

the name of "deontic modal logics". In his formulation he does not

use the axiom AXM5 but the alternative axiom

AXM5F. —i[a] m m

instead. He proves that once the logic has the axiom AXM4, the

axioms AXM5 and AXM5F are equivalent.

— 80


Another obvious difference between both formulations is the

presence of the notions of actions in our system. But we have

shown in the previous chapter that Kripke models and the normal

system of tableau are adequate for M[A]L (as they are for the other

modal logics without actions). Hence, what we need to do is to

extend the original system in order to deal with the notion of

actions.

3.2 Semantical considerations

In considering the semantics for the terms in a logic one might

assign the same value to each term in each possible state. Such

terms are referred to as ’’rigid designators" (cf., [KRI80]). On the

other hand, the assignment to the terms could give different values

in different states ("non-rigid designators"). But, it would be

interesting if we had both kinds of designators for the purposes of

formal requirements. For example, in the stack specification of

[MAI87] the formula

top = suc(zero) a [pop] top = zero,

— 81


contains the constant top which is supposed to be a non-rigid

designator and the constant zero which should be a rigid designator.

Then we are faced with these possibilities:

• Change the logic in order to have two disjoint subsets of the set

of terms, one for each kind of designator. In this case we should

provide in the specification of the logic two distinct ways of

dealing with substitution (or instantiation) of the terms.

• Consider all terms as rigid designators and the notion of non

rigidity can be captured using predicates instead of constants.

One should write for the stack specification above:

TOP(suc(zero)) a [pop] TOP(zero),

and, possibly, additional axioms in order to ensure that the

property of being "top" is satisfied for only one element at each

state:

TOP(x) a TOP(y) =* x = y.

Obviously, this approach is too narrow and is suitable only for

the cases where we have few non-rigid designators. But a very

simple semantics can be formulated and the classical axioms for

equality can be added to the system without any change.

— 82 —


• Consider all terms as non-rigid designators and the notion of

rigidity can be captured by specifying appropriate axioms for

the definitions of the terms in the system specification. Some

problems arise now in providing a semantics for this system. In

fact, the notion of non-rigidity must come with some restriction

in order to validate the axiom for universal instantiation (AXM6)

and one of the classical axioms for equality (AXM10, the

"substitutivity of identicals") needs the proviso we have

specified. Although this system is a bit more complicated than

the last one it seems to us to be the most adequate to formal

requirements and we are going to adopt it for this chapter.

3.2.1 SEMANTICS WITH RESTRICTED NON-RIGID DESIGNATORS

In this section we present the semantics for first order M[A]L

considering the terms as non-rigid designators with a restriction as

required by the combination of the axioms of the logic and is

explained below.

Let f be the set of all possible formulas and Sc the set of all

— 83— ■


elements of type action of the language defined in section 3.1.1. We

define a s t r u c t u r e as being an ordered quadruple:

< to, &, $ , t> >

where to is a non-empty set whose members are referred to as

p o s s i b l e s t a t e s or just s t a t e s . For the sake of convenience we

sometimes use the term a c t u a l s t a t e to refer to the current state

we are dealing with.

H is a ternary relation between actual states, actions and possible

states £ to x Sc x to) usually called th e a c c e s s i b i l i t y r e l a t i o n . We

impose the following restriction on % :

Vw e to, Va e Sc, 3w' e to s.t. <w, a, w’> e Jl.

This restriction is due to AXM5. The necessity of this restriction

was discussed in our previous chapter.

If we take the case of complete state of information (the reader

may refer to the definition in section 2.1.1), then the accessibility

relation (&) becomes a total function from states and actions to

possible states (Jt:tox&c -»to).

# is a non-empty set, called th e d o m a i n .

t> is a function (called the v a l u a t i o n f u n c t i o n ) defined as follows:

• t> assigns to each state and variable (or constant) an individual of

— 84 —


the domain

• t> assigns to each state w and n-ary function symbol f an n-ary

operation f on the elements of © such that:

l>(f(tl,..., tn), w) = f(l>(ti, w),..., t)(tn, w))

• t) assigns to each n-ary predicate P and each state w an n-ary

relation over the elements of $ .

The valuation function (t>) allows the possibility of having non-rigid

designators. But, we need to impose a restriction on this flexibility:

(RNR): Given any action a, states w, w’ and w" s.t.:

<w, a, w'> e 3H and <w, a, w"> e &,

then:

D(t,w')=t)(t, w"),

for any term t.

For some comments and interpretation of this restriction the reader

may refer to section 3.2.1.1.

In order to capture the notion of a formula being true in some state

w of a structure ffl = < to, £ , ®, t> > we define the concept of

s a t i s f a c t i o n , represented by the symbol II- . We say that ®

s a t i s f i e s a if there is some state w e to s.t. w lh a and we say that a

is s a t i s f i a b l e if there is such a structure that satisfies a; otherwise

we say that a is u n s a t i s f i a b l e . When we want the valuation

function to become explicit we write w lh a [t>]. We say that a

formula a is valid in © if for every state w e to we have w lh a. In this

— 85


case we say that this structure is a m o d e l for a.

Let ft = < to, t> > be a structure, then IH is defined under the

following constraints (for any n-ary predicate symbol p, terms t, tlt .... ^ a e and a and p e f ) :

(SP) w ll- p(t,,... g iff <Mtv w), .... t)(tn, w)> e t)(P, w);

(S=) w II- tj = t2 iff tKtj, w) and

V(t2, w) are identical;

(s-o w IH —ia iff NOT w IH a;

(Sa) w IH a a (3 iff w IH a and w IH p;

(Sv) w IH a v (3 iff w IH a or w IH P;

( S ^ ) w IH a => p iff NOT w IH a or w IH p;

(Sa) w IH [a]a iff for all w' e to if <w, a, w’> e % ,

then w' IH a;

(SV) w IH Vx a [t>] iff w IH a (x/c) [V],

for all t>* differing from V only in the

assignment to c in any state or states

and c is a constant not occurring in a.

(S3) w IH 3x a [t>] iff wlH a (x/c) [!)•],

for some t>’ differing from V only in the

assignment to c in any state or states

and c is a constant not occurring in a.

— 86 —


3.2.1.1 Some comments on restriction RNR

The normal possible world semantics for non-rigid terms usually

invalidates the axiom for universal instantiation (AXM6). In

[HUG68] there is presented a model which validates this axiom but

validates the formula:

( * ) [a] 3x P(x) => 3x [a] P(x),

which is not a theorem of most of the standard modal logics and is

not a theorem of first order M[A]L either. If we add this formula (*)

as an axiom, then we have to admit only the case of complete

information in states. Note that with restriction RNR our semantics

does not validate (*) as the following counter-model shows:

Let ® = < to, fc , t> > be any structure with states w t , w 2 and w 3 , the

relation % is defined by the ternaries < w l t a, w2 > e & and < w j , a, w3 > e &,

the domain containing two elements d l and d2 and the valuations

of the predicate P being: t>(P, w2) = {<d1>} and V(P, w 3) = {<d2>}. Clearly, the

antecedent of ( * ) is true in the state w t ; but not its consequent, as

we see in the following:

Wj I- 3x [a] P(x) [t>]

iff

— 87 —


w j I- [a] P (x )(x /c ) |V], with proviso, by constraint S3

iffW2 I- P(X) (X / C) [V] and W3 l- P(x) (X / C) IV], by Sa

iffw2 IF P(c) [V] and w3 IF P(C) [!>'], by definition of substitution

iff

w2)> e t)’(P, w2) and < b ’(c, w3)> e t>'(P, w3), by SP

Now, by restriction RNR we have that:

V ( c , w2) = w3)

Let us suppose that w2) = d!. Then:

w2)> e w 2) and w 3)> g V’(P, w 3)

On the other hand, let us suppose that V (c , w2 ) = d2. Then:

w2)> e t)'(P, w2) and <t>’(c, w 3)> e w 3)

Hence the formula (*) is not satisfiable by ©.

To see the difficulty with AXM6, consider the following

instantiation for the axiom:

(Vx —.[a] x = b) => (—.[a] b = b),

— 88


which can be rewritten as:

[a] b = b => 3x [a] x - b,

hence the value of the variable x is the same in all next states after

the execution of the action a . In systems with a reflexive

accessibility relation this instantiation implies rigidity. Since M[A]L

does not have this property we were able to provide a semantics

considering the possibility of changing the value of a term from one

state to another but having to be the same for all next states which

are accessible by the execution of the same action. This is exactly

what the restriction RNR means.

Another point to consider is that this constraint is not a narrowing

condition on the system. In fact, it matches very well with the

"interpretation between theories" semantics of [KOS88].

— 89 —


3 .2.2 Soundness theorem

In this section we prove the soundness of the logic with respect to

the semantics presented above, i.e., we show that any formula a

deducible form a set of formulas T is valid in every model in which

all members of T are valid.

Let T be a set of formulas and a a formula. We write T h a to mean

that a is derivable from T by the logic. And, T h a to mean that a

is valid in any model in which the members of T are all valid.

LEMMA 3.2.2.a: (Substitution lemma). Let a be a formulawhose only free variable is x, and let a(x / c) be satisfied by the

structure = < to, £, $, t> >, where c is a constant substitutable for x

in a. Let b be a constant such that t>(c, w) = t>(b, w), for any state w€ to. Them

lh a(x/c) iff lh a(x/b)

PROOF: The proof is done by simple induction on the

structure of the formula a. [End_of_Proof]

THEOREM 3.2.2.a: Let T be a set of formulas and a a formula:if T h a, then f h a.

— 90 —


PROOF: Similarly to our previous chapter we first show that

the logical axioms are logically implied by anything (i.e. they are

valid in every structure) and, then, that the rules preserve logical

implications. Then, we will be able to establish the conclusion by

induction.

C a s e 1: a is a logical axiom:

• If a is an instantiation of axioms AXM1, AXM2, AXM3, AXM4 or

AXM5, then the proof is the same as in the previous chapter.

• a is an instantiation of axiom AXM6:

Vx a => a(x / 1) (where the variable x is substitutable by

the term tin a).

Let us suppose that V x a is valid in the structure ® = < to,&,

w II- V x a [t>] for any w e to

iff

w IH cc(x / c) [V'l, for any valuation t>* which is the same

as t> except for the valuation of a

constant c.

We can consider now, one such valuation t>’ that gives the same

value for the constant c as 1) gives to t at any state w’ e to, then, by

lemma 3.2.2.a:

— 91 —


w IH cc(x/t)[t>]

C a s e 2 : a € T. Then clearly T IH a.

C a s e 3 : a is obtained by modus ponens from p and p => a.

Then it comes to the same thing as in the previous chapter.

C a s e 4 : [a]a is obtained from a by necessitation. Then the

proof is the same as in the last chapter. [End_of_Proof]

3.23 COMPLETENESS THEOREM

In this section we prove the completeness of the logic with respect

to the semantics presented above, i.e., we show that every formula

that is valid in any structure is a theorem of the logic.

We prove the completeness theorem using the general principle

— 92


described by Henkin for the case of first order classical logic in

[HEN49]. For modal logics the necessary modifications can be found

in [HUG68] and [BOW79] among others. For the sake of simplicity,

we present the proof considering the language without the

predicate for identity and we present the necessary modifications

to deal with it at the end of this subsection.

As for the propositional case, we need to construct a system of

maximal consistent sets from a given consistent set O of

formulas with the characteristics:

1. T i is obtained as the maximal consistent extension of O;

2 . For every and for each formula of the type - i [ a ] a e Tj we

generate a new maximal consistent set Tj (called s u b o r d i n a t e

to w i t h r e s p e c t to the a c t i o n a ) starting with -ia and the

set S = (P I [a]P e r^.

But now, as the language is augmented to have quantification we

need to impose another restriction on this system of maximal

consistent sets, viz.:

3. For every formula of the form 3x p and every T[ (i > 0) there

is a constant c such that:

3x p =» p (x /c ) e Tp

93— '


We construct the system of maximal consistent sets r ^ ,^ , T3 ,... in

the following way:

1. Create an extension of the original language with new constants

c l . l ’ c 1.2’ c 1.3’ * " c2.1 ’ c2.2* c2 .3 ’ — c3.1* c3 .2 ’ c3.3 ’ - »

2. The set Tj is obtained from the formula a as follows:

2.1. Arrange the formulas <p = 3x p in some order (clearly they

are enumerable);

2.2. Create the set q =2.3. For each formula cpj we create a set S \ j , which is obtained

from S i adding the formula 3x P => p (x / cx k) such that

c j k does not occur in (pj , or in any formula of the set

s l.i-l-2.4. The maximal consistent set T is obtained from the set u^Sj

in the same way it is described in section 2.2.2.

NOIE: Each set S \ j of step 2.2 above is consistent as it is shown

in the lemma 3.2.3.a below.

3. For every Tj and for each formula of the type -i[a]oc e we

generate a new maximal consistent set T j (called s u b o r d i n a t e to

r i w i th r e s p e c t to the a c t i o n a ) from -.a and the set {p | [a]p e T }

Each Tj is obtained in the same way it is described for T[ (step 2

above) with the addition of constants cjk in the place of cj k in

step 2.2.

NOTE: The set created from -ia and {p | [a]P e Tj} is consistent, by

— 94


the lemma 2.2.2.C.

LEMMA 3.2.3.a: Let O be a consistent set of formulas. Then theset d> u { 3 x p => p(x / c ) } , where c does not occur in <X> or in p , is also

consistent.

PROOF: See [HUG68] [End_of_Proof]

Now, after we have built the system of maximal consistent sets we

are in a position to present the verifying model © = < to, JB, t>>:

• We form to from the system of maximal consistent sets by

associating each Tj to some state wj g to.

• We form the accessibility relation in such a way that:

<wj, a, wj> e % iff the corresponding Tj is a subordinate set of Tj

with relation to the action a.

• Let I be a non-empty set of individuals such that for each state

w and term t there is an element d g JB which is assigned the value

of t)(x, w).

• The valuation function v follows the normal conditions and we

impose the restriction on the valuation of predicates:

<t>(tlt Wj), t) (P , wp iff P O j , . . . , ^ ) g T j ,

95 —


where P is an n-ary predicate, tj.........t n are terms and w j is the state

corresponding to the set T[ .

It is easy to see that © is a structure but we need to show that it is

indeed a verifying model. In other words, we need to prove for all

formulas a that wj If- a if a e Tj and NOT wj II- a otherwise. We do

the proof by induction on the structure of the formula:

• If a is an atomic formula, then it holds by the definition of the

structure © and satisfiability ( lb).

• If a is of the form —«(3, p v 5 or [a] (3, then it is analogous to the

propositional case.

• If a is of the form Vx p, then we have two possibilities:

a) Vx (3 e Tj. We need to show that Ih Vx (3.

In other words, we need to show:

wj lb P(x/c)[V],

for any valuation t>' that is different from t> only in the

assignment to c in any state and the constant c does not occur

in |3. Let us consider any such t>’; the value it assigns to c is

some individual of the domain $ and therefore, there must

have been some constant b such that t>(b, w') = b’(c, w’), for any

state w'. Then:

wj Ih 0 (x / b) [t>] iff wj Ih p (x / c) [I)’].

But, from AXM6 we have:

h Vx |3 => P (x / b)

96 —


and, since Vx p e T ’v we have by the property of maximal

consistent sets that p (x / b) e Tj and, by the inductive

hypothesis:

wj II- p(x/b)[t>], hence W| lb p ( x /c ) [ b ’].

b ) Vx p e Tp We need to show that NOT wj lb Vx p. Note that:

NOT wj lb Vxp iff wj lb —(x / c) [t)’],

for some valuation V and constant c not occurring in p. Now,

Vx p * iff -.Vx p e iff 3x -,p e Tj,

by properties of maximal consistent sets. Since we have put

in the formula:

3x ^ p => —.p (x / b),

for some constant b of the extended language, the formula:

—tp (x / b) e Tj,

by the property of maximal consistent sets. Hence, by the

inductive hypothesis:

W j lb -nPtx/b).

Now, let t>’ and t> be the same, except for t>’(c, w') = b(b, w'), for

any state w' € to; then we have:

Wj lb -.p (x / c) [V*]

and hence:

NOT Wj lb Vxp . [End_of_Proof]

If we have a predicate for identity, then we need to change the way

we build the verifying structure in the following way:

• Arrange the terms in some order.

97 —


• On assigning a value to a term t’ and a state w, we need to verify

if t' = t" g w", for any t" occurring earlier in the ordering than t’ and

any state w" (including w itself) s.t. <w', a, w"> g & and <w’t a, w> g

If it is the case, then we make l>(t\ w) = t>(t", w").

The rest of the proof is done following the same directive as

explained above for the case without a predicate for identity.

3.3 TABLEAU SYSTEMS FOR FIRST ORDER CLASSICAL LOGIC

As for the propositional case, the tableau method for first order

classical logic due to Hintikka ([HIN55]) and Beth ([BET59]) is nicely

presented in [SMU68]. This method can be described as lifting the

one for propositional logic by adding two new rules for dealing with

quantification. Although this method has been shown to be very

useful in the study of Logic it has been believed that it has no

satisfactory computational application because of the search space

needed for the various instantiations. We will return to this

discussion later in this section. Up to the present, two main

— 98 — ,


approaches have been presented in order to mechanize the system:

• Without unification: In the early sixties the use of d u m m y

v a r i a b l e s was proposed by Prawitz (cf. [PRA60]) and used by

Kanger (cf. [KAN63]) in order to delay instantiations and then

instantiating only in appropriate steps of the algorithm. Recently

Oppacher and Suen presented an implementation of a tableau

system in [OPP86] using redundancy elimination and heuristics

("for discovering as soon as possible that an open branch is

complete" and other purposes).

• With unification: These methods use the unification algorithm

(cf. [ROB65]) instead of ordinary instantiations of the original

tableau method. Bibel presented (cf. [BIB82]) the method he

called "Matrix with Connection", a system very similar to the

tableau method, at least in the propositional case. Bowen

suggested (cf. [BOW82]) the use of unification in the tableau

method. As he does not give any control mechanism for avoiding

illicit instantiation of existentially quantified formulas this

method seems to be appropriate to Skolemized formulas instead

of full first order formulas as he suggests in the paper.

Reeves considers the implementation aspects of both approaches

above and explores the possibilities of computational usage of the

tableau systems in his Doctoral thesis (cf. [REE85]).

In this section we describe the original tableau system in the way it

— 99 —


is presented by Smullyan (cf. [SMU68]) and two extensions of this

method - the Oppacher and Suen's method which does not use

unification and another extension with unification.

Most of the time the symbols b, c and d (and their subscripted

forms) are reserved for constants, the symbols x , y and z (and their

subscripted forms) for variables, the symbols f, g and h (and their

subscripted forms) for functions, the symbols P , Q and R for n-ary

predicates and a, p and y for representing formulas.

3 .3.1 the Traditional tableau System

In this subsection we describe the traditional tableau system in the

way it is presented by Smullyan in [SMU68]. This system will serve

as basis for all other tableau system we are going to discuss in the

following sections.

DEFINITION 3.3.1.a: Let a be a formula, x a variable and t be aterm. By a(x/t) we mean the expression resulting from

substituting every free occurrence of x in a by t.

— 100 —


The rules for the tableau system are of the following four types:

RULE.. TYPE. A;

—i—iCX a a p -i(a v p) -.(a => P)

a a —i(X a

p -p -p

RULE TYPE B:

a v p a => |3 -i(a a p)

a | p —i<x | P —»a | —ip

RULE TYPE C:

Vx a -i3x a

a(x/b) -i<x(x/b) where b is any constant.

101 —


RULE TYPE D:

3x a iVx a

a(x/b) -ia(x/b) where b is new to the branch.

NOTE: Sometimes the rule C is presented with instantiation by a

ground term instead of a constant.

We present below some examples in order to give a visualization of

the usage of the tableau rules.

EXAMPLE 3.3.1.a: Let us prove the theorem:

V x P(x) => 3y P(y)

1. i ( V x P(x) => 3y P(y)) (the denied formula)

2. V x P(x) (from 1, by rule A)

3. - 3 y P(y) (from 1, by rule A)

4. P (b ) (from 2, by rule C)

5. - P ( b ) (from 3, by rule C)

And we have a closed tableau. [End_of_Example]

— 102 —


EXAMPLE 3.3.1 .b: Let us prove the theorem:

3x (P(x) => V y P(y))

1. _|3x (P(x) => V y P(y)) (the denied formula)

2 : - (P (b ) => V y P(y)) (from 1, by rule C)

3. P (b ) (from 2, by rule A)

4. - i ( V y P(y)) (from 2, by rule A)

5. - P ( c ) (from 4, by rule D)

6. ^ (P (c ) => V y P (y» (from 1, by rule C)

7. P (c ) (from 6, by rule A)

8. ~>(Vy P(y)) (from 6, by rule A)

Then we have a closed tableau, by 5 and 7. [End_of_Example]

Example 3.3.i .c: Let us try to prove the formula:

V x 3y P(x, y) =» 3y V x P(x, y)

1. - . (V x 3y P(x, y) => 3y V x P(x, y)) (the denied formula)

2. V x 3 y P(x, y) (from 1, by rule A)

3. -n (3y V x P(x, y)) (from 1, by rule A)

4. 3 y P(a, y) (from 2, by rule C)

5. P(a, b) (from 4, by rule D)

— 103 — ■


6 . —i(V x P(x, b))

7. —-P(c, b)

8 . P(c, d)

9. -iP (e , d)

(from 3, by rule C)

(from 6, by rule D)

(from 2, by rule C and D)

(from 3, by rule C and D)

The reader can easily see that this tree may be continued infinitely

and the tableau will never close. [End_of_Exampie]

Note that in order to close the tableau of example 3 .3 .1 .b we needed

to apply the rule C twice to the formula 1 and in the second

application the constant used was not ’’any” constant, but one that

should give rise to a closed tableau. In the example 3.3.1.C we used

our experience in order to observe that the tableau would not close.

Obviously then, in order to use these rules on a computer we need

to provide a systematic proof procedure.

Smullyan presents a sound and complete systematic procedure for

this tableau method. This procedure can be summarized in the

following way (where the constants are supposed to be ordered by

an appropriate ordering):

— 104 —


P r o c e d u r e B a s i c l :

1. Create a boolean variable (initiated with false) for each formula in order to indicate whether a

formula has been used or not;

2. Change the rule C to:

V x a

V x a

a(x /b ) w here b is the next constant s.t. a (x /b )

is not ye t on the branch.

-i3 x a

- 0 x a

-.a (x /b ) w here b is the next constant s.t. - . a ( x /b )

is no t ye t on the branch.

3. Start the tableau writing down the denied formula;

4. U N T IL the tableau is not closed

DO IF there is any non-used nonatomic formula in the tableau

TH EN let a be the first (from the top) non-used nonatomic formula;

FOR each open branch 9 which contains a

DO apply the appropriate rule to a in 0;

ENDFOR;

mark a as a used formula;

ELSE stop with "fail";

ENDEF;

EN D U N TIL;

5. stop with "success";

6. EN D . [End_of_Procedure]


The completeness of this procedure (i.e., if a formula a is valid, then

a is provable by this procedure) yields a lot of important results in

a very simple way. One of them is Lowenheim's Theorem: "If a

formula a is satisfiable at all, then it is satisfiable in a denumerable

domain". But trying to implement this procedure on a computer one

might have some problems, such as:

• Amount of search space needed due to the many requirements

for application of the rule C.

• Though in view of Church's theorem one cannot expect any

procedure to stop for all nontheorems, this procedure does not

stop for most nontheorems (as the reader can verify for himself

using a nontheorem such as the one of the example 3.3.1.C

above).

3.3.2 THE OPPACHER AND SUENS TABLEAU SYSTEM

In this section we are going to discuss a variation of the original

tableau method presented by Oppacher and Suen (cf. [OPP86]). The

importance of presenting this system is that this contains a variety

106 —


of heuristics that could be used in another tableau system. For

instance, these heuristics could be incorporated into the algorithms

for linear strategy of the tableaux with unification (see chapter 5)

for improving their efficiency and readability.

Oppacher and Suen presented in [OPP86] an efficient

implementation of a tableau system having the procedure just

described as the basis. The system takes as input formulas of the

full language of first order classical logic and does not make

conversions to any kind of normal form, such as clausal form,

Skolem normal form, etc. The main modifications in the above

procedure are:

• Addition of the following proviso for the Rule type C: ’’the

universal instantiations should be done only with respect to

terms already on the branch unless there are none yet". This

minimizes the introduction of new parameters avoiding

unnecessary increase in the search space.

• The priority of the rules now obeys some heuristics (described

below) that determine the next formula to be used.

And, this basic algorithm is augmented with some new procedures:

• Proof condensation that increases the readability of the proof by

eliminating redundancies in the proof tree: "It is called

whenever a branch can be closed with a pair of conjugate

literals. The algorithm searches for and eliminates unnecessary

branch points" [OPP86]. We take an example from [OPP86] (the

tableau tree on the left is transformed to the one on the right

— 107 —


because the application of rule B to the formula r v g was

unnecessary):

-R

-Q

P a Q

R v G

= > P

Q

• Some heuristics with the objective of having efficient proof

construction and, particularly for "detecting nontheorems, i.e.,

discovering as soon as possible when an open branch is

complete" [OPP86]. Among them we list:

- Implement a depth-first strategy;

- Favor rules that introduce as few nodes as possible;

- Prefer existential to universal instantiation;

- Favor compounds derived from the negation of the conclusion;

- Favor fresh universal quantifications;

- Identify complete open branches as quickly as possible (and

this is very important: this should solve the termination

problem of the example 3.3.1.C above).

—i R

-Q

P A Q

R v G

R G

P

Q

— 108 —


3.3.3 A TABLEAU SYSTEM WITH UNIFICATION

The major breakthrough in the studies of automatic theorem

proving was established by Robinson's resolution principle (cf.

[ROB65] and [CHA73]). In the latter, a unification algorithm was

presented in order to avoid the generation of sets of ground

instances in the development of a resolution refutation. The same

algorithm can be used for proof by the tableau method. This section

presents, then, a tableau system with unification for first order

classical logic together with the proof of the equivalence between

the original tableau method and its variation with unification, i.e.,

we show that the tableau with unification proves a theorem exactly

when the original tableau method does. An immediate consequence

of this equivalence is the soundness and completeness of the

system with unification.

CONSIDERATIONS:• We assume that the reader is familiar with Unification, Skolem's

theorem, etc.

• From now on in this section we are going to consider only

formulas in Skolem normal form, i.e., the closed formulas freed

of existential quantifiers by using Skolem functions. Then,

— 109 —


instead of starting a tableau with the denied formula, we are

going to start a tableau with the Skolem normal form of the

denied formula.

• Because of the last restriction we do not need the rule D any

more.

DEFINITION 3.3.3.a: We call a tableau a t o m i c a l l y c l o s e d if every branch of the tableau contains an atomic formula and its

negation.

THEOREM 3.3.3.a: If a formula a is unsatisfiable, then thereexists an atomically closed tableau for a.

PROOF; See [SMU68]. [End_of_Proof]

Now we are in a position to present the tableau system with

unification:

P r o c e d u r e B a s i c 2 :

This procedure is the same as procedure Basic 1 except for;

110 —


• The rule C now is:

Vx a —i3x a

Vx cl -dx cx

a(x/y) -ia(x/y) where the variable y is new to the

tableau

• The algorithm of unification is used in order to obtain

complementary pairs of atomic formulas. [End_of_Procedure]

We illustrate the usage of this procedure with some examples. In

these examples we are not going to repeat the formula on the

application of the rule C.

EXAMPLE 3.3.3.a: (The trapezoid problem as presented in[CHA73]):

’’Show that alternate interior angles formed by a diagonal of a

trapezoid are equal. ... Then we have the following axioms:"

Al: V x V y V u Vv[T(x,y ,u ,v) => P(x,y,u,v)] (definition of a trapezoid)

A2: V x V y Vu Vv[P(x,y,u,v) => E(x,y,v,u,v,y)] (alternate interior angles

of parallel lines are equal)

— Ill —


A3: T(a,b,c,d)

We should be able to conclude:

A1 a A2 a A3 => E(a,b,d,c,d,b)

Thus we have the tableau, after transforming the negation of the

formula above into its Skolem normal form:

1. Vx Vy Vu Vv(((T(x,y,u,v) => P(x,y,u,v)) a

(P(x,y,u,v) = > E(x,y,v,u,v,y)) a

T(a,b,c,d)) => E(a,b,d,c,d,b))

2 . ((T(x\y\u\v’) =* P(x\y\u\v’)) a

^(x'.y'.u’.v') = * ECx'.y'.v’.u’.v'.y’)) a

T(a,b,c,d)) => E(a,b,d»c,d,b) (from 1, after 4 applications

of rule C)

(from 2, by rule A)

(from 2, by rule A)

5 . T(a,b,c,d)

6 . iE(a,b,d,c,d,b)

(from 2, by rule A)

(from 2, by rule A)

7a. -iTCx'.y'.u'.v') 7b. P(x',y',u',v') (from 3, by rule B)

The left branch is closed by 5 and 7a with the most general unifier

{ x’=a, y’=b, u’=c, v’=d}. Let us consider now the right branch:


7b. P(x',y',u',v')

8a. -iPCx'.y'.u'.v') 8b. E(x',y',v',u,,v',y') (from 4, by rule B)

The tableau is now closed by the pairs (7b, 8a) and (6, 8b) with the

same most general unifier as above. [End_of_Example]

EXAMPLE 3.3.3.b: Let us try to prove the formula:

Vx By P(x, y) => 3z Vu P(u, z)

1 . Vx Vz ->(P(x, f(x)) =* P(g(x,z), z)) (the Skolem normal form

of the denied formula)

2 . -»(P(x', f(x'» => P(g(x\zT z’)) (from 1 , after 2

applications of rule C)

3. P(x\ f(x’)) (from 2, by rule A)

4. -nP(g(x',Z'), Z') (from 2, by rule A)

As the pair (3, 4) cannot be unified, the only rule that can be

applied is rule C on 1 obtaining a new copy of 2 and then, by rule A,

new copies of 3 and 4 again. Thus the tableau will never close.

[End_o f_Ex ample]

— 113 — ,


PROPOSITION 3.3.3.a: Let a be a formula in Skolem normal

form and Z be the tableau for a using procedure Basic 1 which

contains the formula y(t), where the indicated terms t is obtained

by application of the rule C. Then (1) there is a tableau Z' for a

using procedure Basic2 which contains y(y) where y is a new

variable obtained by applications of rule C such that y i s

substitutable by the term t in y, and (2 ) the converse is also

valid.

PROOF: (1): We do the proof by induction on the number of

application of rule C:

F irs t S tep: The formula y(t) is obtained after one application of

the rule C in the tableau Z . Now, we just construct a tableau Z * for a

using procedure Basic2 following the same steps of the construction

of tableau Z . Hence, the application of rule C of procedure Basic2

creates the formula y(y) in the tableau Z \ where the indicated

variable y is a new variable. Then, the tableaux Z and Z ’ are the

same, except for the formula y(y) of tableau Z * appears in the

tableau Z with the variable y replaced by the term t (i.e., Y(t/y)).

Let us suppose by contradiction that in the tableau Z ' the variable y

is not substitutable by the term t in y, then the procedure Basic 1 is

not sound as it generates the formula y(t/y) in the tableau Z . Then,

the tableau Z ’ constructed by using procedure Basic2 contains y(y)

where y is a new variable obtained by applications of rule C such

that y is substitutable by the term t in y.

114 —


S e c o n d S t e p : Let us suppose now that (1) holds for n

applications of the rule C. We need to show that (1) holds for n + 1

applications of the rule C.

If the formula y was already generated, then (1) holds, by inductive

hypothesis.

Otherwise, the formula y is generated in the n + l - t h application of

rule C. Then, we construct a tableau IP for a using procedure Basic2

following the same steps of the construction of tableau % as we did

in the first step. And the result is established in the same way.

(2): The proof of the converse (2) can done by induction on the

number of application of rule C in the same way it is done for ( 1 ).

[End_of_Proof]

The next theorem shows the equivalence between the traditional

tableau method and the tableau with unification. As an immediate

consequence, we have the soundness and completeness of the

tableau with unification.

THEOREM 3.3.3.b: Let a be a formula in the Skolem normal

form. We can obtain an atomically closed tableau for a using

— 115 —


procedure Basicl if and only if we can obtain an atomically

closed tableau for a using procedure Basic2.

PROOF: We do the proof by induction on the number of

applications of the rule C.

(=>): Let the number of applications of rule C be zero and ® be the

atomically closed tableau for a generated by procedure Basicl.

Then take 1C itself as the tableau generated by procedure Basic2.

Let us suppose, as inductive hypothesis, that the theorem holds for

the case when we need n applications of the rule C. Let 1C be the

atomically closed tableau for a with n + l applications of rule C. Let

Vx p be the formula to which the (n + i)-th application of rule C was

made, obtaining p(x/c). Then all branches of 1C passing through P(x/c)

must close using some subformula of p(x/c). Let us suppose that P(c)

is the subformula (or one of the subformulas) of p(x/c) which has a

complementary pair -.P(c) on the same branch. Then, by proposition

3.3.3.a there is a complementary pair P (c/y) and -iP (c /y ) in the

corresponding tableau for a obtained by using the procedure Basic2

such that the variable y can be substituted by the term c in both

formulas. Then, the formula P(c/y) is unifiable with the complement

of -iP (c /y ) and, hence, the tableau for a obtained by using the

procedure Basic2 is closed. It is easy to see from a simple induction

on the structure of the formula Vx P (to which the rule C is applied)

that the theorem holds for n + l applications of the rule C, and

therefore, for any number.

116 —


($=): Let the number of applications of the rule C be zero and V

be the atomically closed tableau for a generated by procedure

Basic2. Then take ^ itself as the tableau generated by procedure

Basicl.

Let us suppose, as inductive hypothesis, that the theorem holds for

the case when we need n applications of the rule C. Let V be the

atomically closed tableau for a with n + l applications of the rule C.

Let Vx p be the formula in which the (n + i)-th application of the rule C

was made, obtaining p (x /y ), where y is a new variable for the

tableau. Then all branches of JL passing through p(x/y) must close

using some subformula of p(x/y). Let us suppose that P(y) is the

subformula (or one of the subformulas) of p (x /y ) which has a

complementary pair y on the same branch. If y is of the form -.P(t),

where t is a ground term, then, by proposition 3.3.3.a, there is a

complementary pair -,P(t) and P(y/t) in the corresponding tableau for

a obtained by using procedure Basicl which is, thus, closed. If y is

of the form -.P(z), then using procedure Basicl and proposition 3.3.3.a

we can obtain a closed tableau by instantiating with a term t

instead of the variables y and z. Again, it is easy to see that a simple

induction on the structure of the formula Vx p (to which the rule C

is applied), that the theorem holds for n + l applications of the rule C,

and therefore, for any number of applications. [End_of_Proof]

— 117


3.3.4 SOME VARIATIONS OF THE SYSTEM

It is not worth trying to implement a theorem prover using a direct

translation of the procedure Basic2. Some refinements - such as: use

of a linear strategy (or other), addition of new rules for stopping

the proof for some kinds of nontheorems (as seen in the example

3.3.3.b) and others - can be added to the system in order to obtain

a more efficient program.

Another point to be observed is the lack of naturalness of the

Skolemization process, because of the changing of the form of the

original formulas and the introduction of new terms. Then one

might require a theorem prover that would accept the full first

order formulas as input. Hence we are going to present a variation

of the Kanger's theorem prover (originally presented based on

Gentzen's system, cf. [KAN63]) using unification.

The notion of dummy variables was originally mentioned by

Prawitz (cf. [PRA60]) and used by Kanger in order to delay and

avoid many instantiations: "... When we apply the rule - rule C in

our notation - we shall not have to choose the term immediately.

— 118 —


Instead we replace the variable by a dummy y and make a note in

the margin that y stands for one of the terms in the conclusion".

Then, we can think of the system in terms of the procedure Basic 1

modified by the following rule:

RULE TYPE C:

Vx a

Vx a

a(x/y)

-i3x a

--------- y/cl....cn-i3x a

-ia(x/y)

Where y is a new dummy variable and c j ........cn are

the ground terms occurring in the tableau; if there

are no such terms, then take the first constant in

some enumeration.

It is not difficult to formulate a variation of this system using

unification. We list in the following some of the main concerns

which should be taken into account when specifying an algorithm

for the system with unification:

• Create an enumeration of all ground terms that appear in the

original formula such that to each of these ground terms is

associated a natural number starting from 1 .

— 119 —


Instead we replace the variable by a dummy y and make a note in

the margin that y stands for one of the terms in the conclusion".

Then, we can think of the system in terms of the procedure Basic 1

modified by the following rule:

RULE TYPE C:

Vx a

Vx a

a(x/y)

-i3x a

--------------- y/ci. ...,cn

-i3x a

-,a(x/y)

Where y is a new dummy variable and c j ........cn are

the ground terms occurring in the tableau; if there

are no such terms, then take the first constant in

some enumeration.

It is not difficult to formulate a variation of this system using

unification. We list in the following some of the main concerns

which should be taken into account when specifying an algorithm

for the system with unification:

• Create an enumeration of all ground terms that appear in the

original formula such that to each of these ground terms is

associated a natural number starting from 1 .

— 119


• Use a register rj which is a global variable to contain the number

of ground terms in the tableau. This register is used to indicate

the ground terms which are in the current instance of them

tableau and, therefore, can be used in the instantiation of a

dummy variable. The register r| is updated as described in the

following.

• The register is to be initialized with the number of ground

terms in the original formula.

• Each time a new term introduced to the tableau by an

application of rule C or D the content of the register r\ is

increased by 1 and this term is associated with the new value of

■n-

• Each time a new dummy variable is introduced to the tableau by

an application of rule C the dummy variable is marked with the

value of t| in order to indicate the ground terms that are

currently in tableau.

• Now, a branch of the tableau is said to be a c l o s e d b r a n c h if it

contains formulas a and p, such that a is unifiable with the

complement of p.

• In the unification algorithm is added the following question

when trying to unify a dummy variable with another term:

IF the mark of the dummy variable IS LESS THAN

the number given to the term

THEN do not unify

FI

— 120


In order to prove that this variation is sound and complete for first

order logic without function symbols one can use the same kind of

proof given for theorem 3.3.3.b.

Some improvements are also required in order to achieve an

efficient proof procedure. Another point to which we would like to

call attention is that in order to obtain a more natural proof one has

to "pay for it": a control structure for enumerating terms and one

more test in the algorithm of unification (note that this algorithm is

very frequently used in a proof development) had to be added to

the system.

— 121 —


3.4 The tableau systems for first Order M[A]L

In this section we present the tableau systems for first order

M[A]L. First we describe (in section 3.4.1) the traditional tableau

method which is an extension of the traditional tableau for first

order classical logic (see section 3.3.1). In section 3.4.3 we present a

variation of this system using unification as we did for first order

classical logic (see section 3.3.3). Both systems are proved to be

sound and complete. Examples are provided in order to give a

better visualization of the usage of the tableau rules.

3.4.1 TRADITIONAL TABLEAU FOR FIRST ORDER M [A ]L

As explained in [FIT83], one of the immediate consequences of a

traditional tableau system is the Craig interpolation lemma. On the

other hand, Fine has proved that modal logics with the Barcan

formula do not have this property (cf. [FIN79]). Thus, once we have

the Barcan formula we cannot expect to have a direct extension of

the tableau system as presented by Smullyan without some

modifications. Kripke originally proposed a tableau system for a

— 122 —

3. Characteriration of First Order M[A]L

logic with the Barcan formula and Fitting uses the notion of a

prefixed tableau in order to describe this system. We give a

simplified version of this method in the sequel.

DEFINITION 3.4.1.a: A p r e f i x is any expression that can be

used to name the different tableaux that might appear in a

tableau refutation proof for a given formula.

The idea is to have a different name for each tableau of a refutation

proof for a given formula. Then, any formula a in a tableau

refutation proof is uniquely identified by the pair (a, a), tableau a in

which a occurs. From now on, we can make use of this pair in order

to refer to a formula or, when no ambiguity arises, we just use the

formula.

The notions about complementary pairs, closed tableau and the

rules A, B, C and D are the same as in the previous sections,

provided that natural adaptations are made, since a formula may

be represented by a pair, as explained above. The rules Ta and T-ia

from the propositional M[A]L are modified and the resulting rules

as called rules of type E and F, respectively.

In order to present the rules of type E and F we need to use the

operator X , which is explained as follows: The idea is to have one

Tableau to each state. Then, the operator X applied to a prefix ft

— 123 —


and to a formula a gives one of the two results:

1. It generates a new tableau whose name is f t , starting with the

formula a, if f t is not a name for any existing tableau;

2. It adds a to the tableau designated by the prefix f t , if f t is a

name for an existing tableau.

Again, if the tableau designated by the prefix f t is closed, then so is

the original branch. We give the rules of type E and F in the

following:

RULE .TYPE E;

[a]a

a), where f t ' is a. new tableau or a tableau

previously generated by application of rule E

or F to a formula on the branch with respect

to the same action a.

RULE TYPE F:

—i[a]tt

N (^ \-ia ), where f t ' is a new tableau.

— 124 —


OBSERVATIONS:

• If we are dealing with a complete information state, then the

rule F has the same proviso as rule E.

• The specific rules for dealing with equality will be provided in a

later chapter.

3.4.1.1 Examples

In this section we present some examples in order to give a

visualization of the usage of the tableau rules. We tried to provide

examples with the most characteristic theorems (or nontheorems)

of the logic, which constitute the simple tricky problems for a

theorem prover and give a good overview of the kind of formulas

are the theorems (nontheorems) of first order M[A]L.

In most of these examples we write the prefix of a tableau before

each formula belonging to the tableau or we simply omit the

prefixes while no ambiguities arises.

125 —


EXAMPLE 3.4.1.1.a: Let us prove the formula:

Vx [a]Px => [a]Vx Px

1 . -.(Vx [a]Px => [a]Vx Px) (the denied formula)

2 . Vx [a]Px (from 1, by rule A)

3. “Cj -i[a]Vx Px (from 1, by rule A)

4. —iVx Px (from 3, by rule F)

5. ^Pc (from 4, by rule D)

6 . [a]Pc (from 2, by rule C)

7. ® 2 Pc (from 6, by rule E)

Then we have a closed tableau with formulas 5 and 7. [End _of_Example]

EXAMPLE 3.4.1.1.b: Let us prove the formula:

[a]Vx Px => Vx [a]Px

1 . -i([a]Vx Px => Vx [a]Px) (the denied formula)

2 . [a]Vx Px (from 1, by rule A)

3. -iVx [a]Px (from 1, by rule A)

4. —«[a]Pc (from 3, by rule D)

5. ^ 2 —iPc (from 4, by rule F)

6 . ^ 2 Vx Px (from 2, by rule E)

— 126 —


7. ^2 Pc (from 6, by rule C)

Then we have a closed tableau with formulas 7 and 5. [End _of_Example]

EXAMPLE 3.4.1.1.c: Let us prove the formula:

(Vx (Px => [a]Px)) => (Pt => [a]Pt)

1 . -i((Vx (Px => [a]Px)) => (Pt => [a]Pt)) (the denied formula)

2 . Vx (Px => [a]Px) (from 1, by rule A)

3. -i(Pt => [a]Pt) (from 1, by rule A)

4. Pt => [a]Pt (from 2, by rule C)

Then we have a closed tableau with formulas 3 and 4. [End_of_Example]

EXAMPLE 3.4.1.1.d: Let us prove the formula:

[a]Pc => 3x -{a]-iPx

1 . -<([a]Pc => 3x —.[a]—.Px) (the denied formula)

2 . '©l [a]Pc (from 1, by rule A)

3. —i3x —.[a]—iPx (from 1, by rule A)

4. ■ &1 —.—.[a]—.Pc (from 3, by rule C)

5. [a]-.Pc (from 4, by rule A)

— 127 —


6 . Z 2 Pc (from 2, by rule E)

7. ^ 2 - ’Pc (from 5, by rule E)

Then we have a closed tableau with formulas 6 and 7. [End_of_Example]

EXAMPLE 3.4.1.1.e: Let us try to prove the formula:

[a]3x Px => 3x [a]Px

1 . —r([a]3x Px =* 3x [a]Px) (the denied formula)

2 . [a]3x Px (from 1, by rule A)

3. VC} -i3x [a]Px (from 1, by rule A)

4. -i[a]Pc (from 3, by rule C)

5. ^ 2 “'Pc (from 4, by rule F)

6 . “ST2 3x Px (from 2, by rule E)

Note that we cannot instantiate the formula 6 with the constant c

because it is not new to the branch. Then, we cannot close the

t a b l e a u . [End_of_Ex ample]

— 128 — ■


3.4.2 SOUNDNESS AND COMPLETENESS

In this section we present the lines for certifying that the

traditional tableau method proves exactly the valid formulas.

LEMMA 3.4.2.a: The tableau rules preserve satisfiability. In

other words: if a tableau V is satisfiable, then the tableau

obtained from the application of a single rule to ^ is satisfiable.

PROOF: The proof is an extension of that for the

propositional case. Let us suppose that the rule is applied to a

satisfiable branch 0 and that 0 consists of a set of formulas T and a

formula y t0 which the rule is applied. As 0 is satisfiable there must

be a structure « = with some state, say w, s.t. w If- T and,

in particular, w II- y. In view of the results for the propositional logic

we need to consider only the rules of type C, D, E and F.

• The rule applied is of the type C. If y is of the form Vx a, then the

new branch 0 ’ is obtained from 0 by adding a(x/b) for some

constant b. Note that:

w lh Vxa[t>] iff w lb a(x/c) [!>'], for any valuation b’ which is

the same as b except for the valuation of a constant c not

occurring in a.

Now we can consider one such valuation b’ that gives the same

value for the constant c as b gives to b at any state w' e to; then, by

— 129 —


lemma 3.2.a:

w lb a(x/b).

If y is of the form ->3x a, then the proof is the same.

• The rule applied is of the type D. If y is of the form 3x a, then

the new branch 0 ' is obtained from 0 by adding a(x/b) for a new

constant b. Note that:

wlh3xa[t>] iff w lb a(x/c) for some valuation t>’ which

is the same as V except for the assignment in any state or states

to a constant c not occurring in a.

As b is a new constant we can make t> assign to b the same value

as V’ does to c; then, by lemma 3.2.a:

w lb a(x/b).

• The rule applied is of the type E. Then y is of the form [a]a and

the formula a is applied to a subordinated tableau If the

tableau is new, then we just associate tt* with any state w' such

that <w, a, w’> e Z . Note that by the restriction we imposed on the

accessibility relation Z , which states:

Vw e to, Va e Sc, 3w' € to s.t. <w, a, w’> e Z,

there is at least one state w' e to such that <w, a, w'> e Z . Thus by

constraint Sa we have that w’ lb a.

I f Z ' is a tableau previously generated by application of rule E or

F with respect to the same action, then, by hypothesis, Z ' is

satisfiable and therefore there is a state w' s.t. <w, a, w’> e % and w’

satisfies Z \ By Sa we have again that w’ lb a.

• The rule applied is of the type F. Then y is of the form -i[a]a and

the formula a is applied to a new tableau Z \ By constraints Sa

and S—i we know that there is a state w’ such that <w, a, w> e % and

— 130


w' b a. Then t P is satisfiable by w'. [End_of_Proof]

THEOREM 3.4.2.a: (tableau soundness). If the formula a has a

proof by using the tableau method described above, then a is

valid in all models.

PROOF: This follows directly from lemma 3.4.2.a by the simple fact

that no closed tableau can be satisfied, hence the origin of a closed

tableau cannot be valid. [End_of_Proof]

For the completeness theorem we are going to extend the

definitions presented for the propositional case in section 2.3.4.

• We maintain the definitions of type of formulas a and p of

section 2.3.4. And, following the same notation of Smullyan we

add two new ones - the type y, for formulas Vx tp (and -i3x <p) and

8 for formulas 3x <p (and -iVx <p). Given the formula Vx cp we write

y(c) to represent cp(x/c). The same representation is extended to

—i3x <p, 3x cp and —iVx <p.

• A branch 0 of a tableau a is said to be c o m p l e t e if it satisfies the

following conditions (where Z is the set of formulas in 9, a is an

action and x is a formula):

Cl: if (a, a) e Z, then (a, 04) € Z and (a, a^) e Z;

C2: if (a, P) e Z, then (a, p ) e Z or (a, P2) e Z;

C3: if (a, y) e Z, then for every constant c, (o, y(c)) e Z;

C4: if (a, 8) e Z, then for at least one constant c, (a, 8(c)) e Z;

— 131 —


C5: if (0 , [a]x) 6 E, then (a', x) belongs to every tableau

designated by the prefix a' that can be generated by

application of the rule E (or F) to any formula (a, [a]y) (or

(a, —>[a]y» of 6;

Co: if (o , -i[a]x) e Z, then (0 ', -ix) belongs to the tableau

designated by the prefix 0 ’ generated by application of rule

F to (0 , -i[a]x);

C7: Every branch of every tableau which is subordinated to 0

is also complete or closed.

• We say that a tableau is complete if each of its branches is either

closed or complete.

• A branch 0 of a tableau is said to be a Complete Open Branch (0 e

COB) if it is open and every of its subordinated tableaux contains

at least one open branch (which is also complete, by recursivity

on the definition of complete branch).

Constructing a tableau with at least one complete open branch for

the propositional logics is a simple process, since every

propositional tableau is finite. For first order logics, one can for

example keep instantiating a formula of type y and never generate

a complete open branch. Then, in order to obtain a complete open

branch for first order logics one needs a systematic procedure such

as the procedure basic 1 presented for the traditional tableau for

— 132

3. Characterization of First Order M[A}L

first order classical logic (see section 3.1.1). Extending this

procedure for first order modal logics is a simple task and the

reader can find such an extension in [FIT83].

THEOREM 3.4.2.b: Any Complete Open Branch of any tableau is

satisfiable.

PROOF: Let 0 be a branch of a tableau a and E be the set of

formulas of 0 together with the formulas of the tableaux c \ a ”, ...

which are recursively subordinated to 0. We construct a structure

= <to, &, JB,t> > by associating to to the set {a, a', a”, ...} of tableaux. The

relation & is formed by the ternaries < a \ a, g"> s.t. the tableau a” is

subordinated to the tableau a' by the action a. The domain JB is

composed by the constants appearing in the tableau. The structure

© satisfies the conditions (for every atomic formula a and every

state a e to):

a. if (a, a) e E, then t>(a, a) = T,

b. if (a, -ia) e E, then t>(a, a) = F, and

c. if neither (a, a) nor (a, ~ia) is an element of E, then V(a, a) can

be given any value. We give the value F, by definition.

It is easy to verify that we have acquired, in fact, a structure.

We assert that for every pair (a, a ) € E we have o lh a , and the

proof done by induction on the structure of the formulas is just an

— 133 —


extension of the one for the propositional case (theorem 2 .3.4.a).

[End_of_Proof]

THEOREM 3.4.2.c: (Tableau Completeness) If a formula a is

valid in all models, then a has a tableau proof.

PROOF: Let us construct a complete tableau Z starting with - .a . If

it is open, then -ia is satisfiable, by the previous theorem. Hence a

cannot be valid. Thus Z is closed and a has a tableau proof.

[End_of_Proof]

3.4.3 TABLEAU WITH UNIHCATION FOR FIRST ORDER M[A]L

As for the first order classical logic, we are interested in providing a

version of the tableau system for first order M[A]L with unification.

This section presents a tableau system with unification for first

order M[A]L and the lines for certifying the equivalence between

this system and the traditional tableau of the previous section. An

immediate consequence of this equivalence is the soundness and

— 134


completeness of this tableau with unification.

Again, as for first order classical logic, we are going to consider

formulas in Skolem normal form (i.e., the extension of the concept

of Skolem normal form of first order classical logic formulas to

formulas of the dynamic logic). Hence, we are going to provide

some definitions to achieve our purpose.

DEFINITION 3.4.3.a: We extend the P r e n e x n o rm a l f o r m for

our logic directly from classical logic by considering only the

quantifiers outside of any modal operator. Thus, if a is a

formula, its Prenex normal form has the form Qjxj ... Qnxnp, where

Qi (l £ i < n) are all the quantifiers outside any modal operator and

p is the matrix, as defined for classical logic.

DEFINITION 3.4.3.b: We define the S k o le m n o r m a l f o r m of a

modal formula already in Prenex normal form (as defined

above) directly from classical logic by considering only the

quantifiers outside of any modal operator.

THEOREM 3.4.3.a: Let a be a formula in Prenex normal

form and a ’ its Skolem normal form. Then a is unsatisfiable if

— 135 —


and only if a ’ is unsatisfiable.

PROOF: Let us suppose that a is of the form: Vx 3y p, where p is the

matrix. Then a ’ is of the form: Vx P(y / f(x)), where f is the new

Skolem function corresponding to x.

(=0 Let us suppose that a' is satisfied for som e structure ® =

<to, J9, t» and state w e to; then:

w Ih Vx P(y / f(x)) if f

w Ih p (y / f(x), x / d), for all t>’ different from t> only in the

assignment to d in any state (or states)

and d is a constant not occurring in p.

We can create a valuation for each t>* s.t. each i>” is the same as 1)’

except for the valuation of the constant c not occurring in p and

t)’(f(d), w') = w’), for any state w € to. Hence, by lemma 3.3.2.a:

w Ih p (y / c, x / d) [t>"] (w ith proviso)

Then:

w Ih 3y p (x / d) [t>*] (with proviso)

and therefore:

w Ih Vx 3y p.

— 136 —


($=) Let us suppose that a is satisfied for som e structure =

<to,&, fc, t» and state w e to, then:

w IH Vx 3y P iff

w IH 3y p (x / d), for all V' different from t> only in the

assignment to d in any state (or states)

and d is a constant not occurring in p,

Iff for each t>' there is some t>" that is different from t>’ only in the

assignment for c, where c is a constant not occurring in p and:

w IH p (x / d, y / c) [t>"]

Now, we extend each valuation t>* (and the corresponding t>‘*) in

order to have t)*’(f(d), w') = l>”(c, w'), for every state w e to. Then, by

lemma 3.3.2.a:

w IH p (x / d, y / f(x)) [IT ] (with proviso)

and hence:

w IH p (x / d, y / f(x)) [V] (with proviso)

and therefore:

— 137 —


w Ih Vx (3 (y/f(x)).

Now. one can use a simple induction on the number of the

existential quantifiers and using the same arguments as we did

above to conclude the proof. [End_of_Proof]

The following definition and theorem are useful in order to

establish the correspondence between the traditional tableau for

first order M[A]L and its extension with unification.

DEFINITION 3.4.3.c: We denote by a t o m i c a l l y c l o s e d the

tableau whose every branch contains a classical atomic formula

and its negation.

THEOREM 3.4.3.b: If a formula a is unsatisfiable, then there

exists an atomically closed tableau for a.

PROOF: This is simply an extension of the arguments for the

classical logic tableau systems presented in [SMU68]. [End_of_Proof]

The rules for the tableau system with unification are derived from

the ones of the traditional tableau in the same way we did for the

— 138 —


case of classical logic as stated below:

• At any stage any formula of the tableau proof is in Skolem

normal form (as defined above).

• The algorithm of unification is used in order to obtain

complementary pairs of atomic formulas.

• After each application of the rules E or F we need to Skolemize

the formula taking the following into account: when we are going

to start a new tableau with the formula a we need to Skolemize

a considering the quantifiers of the original tableau as if they

were the most external quantifiers of a; and, when we are going

to add a to an existing tableau we need to Skolemize a

considering the quantified variables of the formula which

originated X, as if they were the most external quantifiers of a.

• Because of the previous comment, the rule C is changed in order

to have a device for keeping track of the quantifiers outside

modalities. Then, when applying rule C the quantified variable is

written as a superscript of the action operator. As an example,

let us consider the formula:

Vx[a]P(x)

After one application of rule C we obtain:

[a]*P(x)

The formalization of rule C is given below.

— 139----


• The renaming process of unification is now subject to a

restriction: Let a = —.[a]p be a subformula of Vx<p. If we apply the

rule F to a, then we cannot rename the variable x when we are

going to unify the formula -.p (or any of its subformulas) in the

generated tableau. And, we indicate this by putting the mark •

before the variable x. Then, the rule C is again changed in a way

that when applied to Vx<p, the formula a is written as:

->[a]°x p.

This restriction is due to the fact that when we are proving by

the traditional method we can apply the rule E more than once

to the same pair of formula and prefix creating more than one

instance of the quantified outside variable and each time we

apply the rule F we generate a new tableau, then we cannot

create more than one instantiation of the quantified outside

variable for each new tableau.

• An occurrence of a subformula a has a p o s i t i v e p o l a r i t y in a

formula if a is in the scope of an even number of explicit of

implicit -Vs. Otherwise, a is said to have a n e g a t i v e p o l a r i t y .

• Let a be a formula and x be a variable or a marked variable of

the form x = *y. Then, the formula a x is obtained by the rules:

1 . a x = a, if a is a classical atomic formula;

2. a x = [a]x Px, if a = [a] P and a has a positive polarity;

3. a x = [a]oX pox, if a = [a] p and a has a negative polarity;

4. ax = -ipx, if a = -ip;

140 —


5. ax = Px v q , if a = p v cp;

6. ax = VxPx, if a = Vx P;

7. ax = 3x Px, if a = 3x p.

• The rule C now is:

Vx a

Vx a

a Cx/y) where the variable y is new to the tableau and is

obtained as defined above.

PROPOSITION 3.4.3.a: Let a be a formula in the Skolem normal

form and V be the tableau for a using the normal tableau

method containing the formula y(t), where the indicated terms t is

obtained by application of the rule C. Then (1) there is a tableau

W for a using the system with unification which contains y(y)

where y is a new variable obtained by applications of rule C such

that y is substitutable by the term t in y, and (2) the converse is

also valid.

PROOF: The proof is a direct extension of the one for the first order

classical logic (proposition 3.3.3.a) [End_of_Proof]

The next theorem shows the equivalence between the traditional

— 141 —


tableau method and the tableau with unification. As a consequence,

we have the soundness and completeness of the tableau with

unification.

THEOREM 3.4.3.c: Let a be a formula in Skolem normal form.

We can obtain an atomically closed tableau for a using the

normal tableau system if and only if we can obtain an atomically

closed tableau for a using the system with unification.

PROOF: The proof is a direct extension of the one for the first order

classical logic (theorem 3.1.3.b) [End_of_Proof]

We present below some examples in order to give a visualization of

the usage of the tableau rules.

EXAMPLE 3.4.3.a: Let us prove the formula:

Vz [a]Pz => [a]Vx Px

1. ^ Vz -i([a]Pz => [a]Vx Px) (the Skolem normal form

2. -<[a]yPy=> [a]*y Vx Px)

3. [a]y Py


(from 1, by rule C)

(from 2, by rule A)

142 —


4. -{a]#y V x Px (from 2, by rule A)

5. (from 4, by rule F

and Skolemization)

6. ^ 2 P y (from 3, by rule E)

Then the tableau is closed by unifying the formulas 5 and 6. Note

that we cannot rename the variable *y of formula 5 but we can

rename the variable y of formula 6 in order to make the unification.

[End_o f_E xample]

EXAMPLE 3.4.3.b: Let us try to prove the formula:

[a]3x P x => 3 z [a]Pz

1. V z - i([a ] 3 x Px => [a] Pz) (the Skolem normal form


2. —<[a]y 3 x P x = > [a ]* y p * y > (from 1, by rule C)

3. [a jy 3 x P x (from 2, by rule A)

4. ^ l - n [ a ] #y p * y (from 2, by rule A)

5. ^ 2 ->P*y (from 4, by rule F)

6. ^2Pf(*y) (from 3, by rule E

and skolemization)

Note that the quantified variable » y of the formula - . [ a ] # y p * y which

originated the tableau was considered in the skolemization of

3 x P x as if • y was its external quantified variable, giving rise to the

— 143 —


formula P f ( « y ) . Now, we cannot close the tableau by unifying the

formulas 5 and 6 because we cannot rename the variable *y.

[End_of_Ex ample]

EXAMPLE 3.4.3.c: Let us prove the formula:

(V y (Py => [a]Py)) => (Pt => [a]Pt)

1. Vy —>((Py => [a]Py) =* (Pt => [a]Pt)) (the Skolem normal form


2. -.((Px => [a]x Px) => (Pt =* [a]*x Pt)) (from 1, by rule C)

3. Px => [a]x Px (from 2, by rule A)

4. —<Pt=> [a]°x Pt) (from 2, by rule A)

5. Pt (from 4, by rule A)

6. Pt (from 4, by rule A)

7a. ' C j - i P x 7b. ^ | [a ]x P x (from 3, by rule B)

The branch on the left is closed by the formulas 7a and 5 by

unifying the variable x and the term t. The right one (7b) gives rise

to the following tableau, by applying rule F to the formula 6:

^ 2 — ' P t

^ 2 Px (x/t)

8.9.

(from 6, by rule F)

(from 7b, by rule E)


This tableau is closed by formulas 8 and 9 and the same unifier as

for the other branch. [End_of_Exampie]

— 145 —

C hapter 4

E xten sion to F u ll M [A ]L

In this chapter we extend the results of the previous chapter to

incorporate the full description of M[A]L. This corresponds to

deontic components, equality, the pair of agent and action for

indexing the modalities and many-sortedness as it appears in

[MAI87] and [KH088].

In the next section we indicate approaches concerned with the

many-sortedness and equality concepts. In section 4.2 we extend

the logic with the deontic components, having a pair of agent/action

to index the modality corresponding to the execution of an action

by an agent. First, in section 4.2.1, we present the syntax of the

logic (as it appears in [MAI87]) without the frame rule. In

subsections 4.2.2 and 4.2.3 we develop the possible world

— 146 —

4. Extension to Full M[A}L

semantics and tableau system and make some comments about

their properties. In subsection 4.2.4 we deal with the problem of

the frame rule.

4.1 MANY-SORTEDNESS AND EQUALITY

In this section we indicate approaches concerning with the many-

sortedness and equality concepts. We do not intend to solve these

problems in this Thesis, for we think they represent research areas

in their own right and, although improvements are still to be

provided in these areas, some of the available results can simply be

incorporated to the tableau system.

The logic is extended to incorporate the notion of disjoint many-

sorted terms in the same way as it is presented traditionally for

many sorted classical logic, such as the description in [END72]. Each

sort can be defined by using a predicate which is intended to be

interpreted to the same relation in every state.

Much research has been done in this area. A very elaborated work

was presented by Cohn (cf. [COH87]) using not only disjoint sorts

but various forms of sorts and analyzing approaches to automatic

— 147

4. Extension to Full M[A]L

theorem proving using resolution. It seems to be worth while trying

to incorporate his ideas into the tableau framework for M[A]L.

The syntax and semantics of equality were presented in chapter 3.

Hence, we need to consider here only the extensions to the tableau

system. Traditionally, the tableau system can be obtained by

adding the rule:

If x - y (for some variables x and y ) appears in a branch 9 of some

tableau derivation, then for every atomic formula a which contains

the variable x , add the formula a (xJy).

Note that due to the usage of non-rigid designators in the logic the

application of this rule is restricted to atomic formulas only. Now,

the branches of a tableau are closed in the normal way (i.e., when

the branch contains a and -ice, for any formula a ) and when it

contains a formula of the form -.(t = t), for any term t.

The problem is that one may generate many extra formulas with an

unrestricted usage of this rule. Robinson and Wos (cf. [ROB69])

suggested usage of the paramodulation method for treating

equalities in resolution. A nice treatment of equality in the tableau

framework was given by Reeves (cf. [REE87]), where he combines

the notion of re-write rules and "partial unification, an operation

which is based on unification without the presence of variables".

148


4.2 THE DEONTIC COMPONENTS

In this section we extend the first order M[A]L with deontic

components (as it appears in [MAI87] and [KH088]) and present its

semantical and proof theoretical characterization.

The logic has originally been proposed with a frame-like rule for

the deontic components of the logic in order to keep "the

permission structures [...] stable from one state to the next to the

extent that they are not modified by the executions of actions"

([MAI87]). As may be expected, the addition of this rule brings with

it some problems and, hence, we treat the deontic component in

two distinct steps, considering the presence and absence of this

rule, respectively.

4.2.1 THE SYNTAX

In this section we present the syntax of M[A]L with deontic

components. This is presented in [MAI87] as an extension of the

logic we have been considering in the previous chapter with the

following characteristics:

— 149


• The primitive sorts Sc and 2U denoted by constant terms to

correspond to the categories of actions and agents, respectively.

• The modal connective [_. J is used to form modal formulas. This

is indexed by the two syntactical categories:

- Actions: denoted by the symbols a, aj.. representing the

variable free terms of the sort St.

- Agents: denoted by the symbols c, cj, ..., representing the

variable free terms of sort Su.

• Deontic components:

- If c is an agent, A is a set of actions and a is an action, then

per(c, A) and OBL(c, a) are formulas, where per and obl are two

primitive predicates representing permission and obligation,

respectively.

- If A is a set of actions, then ref(A) is also a set of actions, where

ref is a function defined below.

- The symbol n is a boolean constant which helps us to

characterize how we expect permissions and non-permissions

to behave. The boolean n is intended to be true in the states

accessible by respecting the deontic specification (n o r m a t i v e

s t a t e s ) and false otherwise (n o n - n o r m a t i v e s t a t e s ) .

• If a , p, y are formulas, t is a term, A is a set of actions, Ac is the

set of all actions, i.e., the variable free terms of sort 21c of some

specification, c is an agent and a is an action s.t. a e A, then the

following are axioms:

D1 ref(A) = Ac - A where the operator is imported

from the set theory

— 150 —


D2 PER(c, A) o 3 a ((a e A) a ([c, a]ll)

D3 —iPER(c, A) <=> 3 a ((a e A) a ( [ c , a]—ill)

• The following are inference rules:

R 3 h OBL(c, a)

h PER(c, {a})

R4 h OBL(c, a)

h -PER(c, REF({a}))

Although terms with variables should be allowed, ’’the semantics of

this logic will interpret single actions and agents (i.e., variable free

terms) and not families (i.e., terms with variables)" (cf. [MAI87])

but, we do not foresee any problems in having terms with

variables.

The operators o b l s (for sequence of obligations) and p e r (for

permissibility on actions instead of set of actions given by p e r ) are

defined in [MAI87], but, we do not need to consider them here once

they are defined in terms of the primitives o b l , p e r and r e f .

— 151


4.2.2 SEMANTICAL CONSIDERATIONS

In this section we present the extension of the semantics for first

order M[A]L considering the addition of the deontic components

and the pair of agent/action as described in the previous section.

Let f be the set of all possible formulas. We define a s t r u c t u r e as

being an ordered quadruple:

< to ,* , 3 , t>>

where is is a non-empty set whose members are referred to as

p o s s i b l e s t a t e s , a c t u a l s t a t e s or just s t a t e s .

The d o m a i n ) is a non-empty set which includes the partitions

created by the individuals of the sorts S i and St.

U is a ternary relation between actual states, the pair agent/action

of individuals of $ and possible states (21 E to x (S i, Sc) x to) called

the a c c e s s i b i l i t y r e la t i o n . As in the previous chapters we impose

the following restriction on

Vw € to, Va e Sc,Vc e Si, 3w' e to s.t. <w, (c, a), w'> e 21.

152 —


The necessity for this restriction was discussed in previous

chapters.

If we take the case of complete information, then the accessibility

relation (&) becomes a total function from states and the pair

action/agent to possible states (&: to x (Sfl, -»to).

t) is a function (called the valuation function ) defined as in the

previous chapters with the addition of the valuation of a set A of

actions being the valuation set of each of the elements of A.

Again, the valuation function (t>) allows the possibility of having

non-rigid designators. But, we need to impose a restriction on this

flexibility:

(RNR): Given any pair action/agent (c, a) of individuals of JB, states

w, w’ and w" s.t.:

<w, (c, a), w*> € & and <w, (c, a), w"> e &,

then:

t>(t,V) = i>(t, w"),

for any term t.

For some comments and interpretation of this restriction the reader

may refer to section 3.3.1.1.

In order to capture the notion of a formula being true in some state

— 153 —


w of a structure & = < t o , £ , B , t > > the concept of the satisfiability

relation (lh ) was defined. This is changed in order to capture the

new approach to the modality index with the following constraint

(where a is an action, c an agent and a s f ) :

(Sa) w IH [c, a]a if f for all w' e to

if <w, (t)(c, w), t)(a, w)), w'> e &,

then w' \\- a.

The structures are restricted to respect the following conditions on

the relations corresponding to the primitive predicates o b l and p e r

and function r e f , in order to give them the expected behavior and

meaning, according to their definitions via axioms and inference

rules:

• If (l>(c, w),t>(a, w))e h(OBL, w), then

(l)(c, w),t)((a},w» € t>(PER, w) and (t>(c, w),t>(REF((a}),w))«£ t)(PER, w),

for any state w e to, agent c and action a.

• t)(REF(A), w) = - t)(A, w),

where A is a set of action and w e Id.

• I f (l>(c,w),t>(A,w))e t)(PER, w), then

t)(n,W') = T,

for any states w, w' e to, set of actions A, agent c and action a s A

such that <w, (t> (c, w), V (a, w)), w’> e Z .

• I f (t>(c,w),V(A,w))e t)(PER, w), then

154 — '


t)(Fl, w') = F,

for any states w, w' € to, set of actions A , agent c and action a e A

such that < w , (t) (c, w ), (a, w )), w ’> e Z .

Soundness and completeness are established in the same way as in

the previous chapter considering the addition of the new axioms

and inference rules in the induction steps.

4.2.3 THE TABLEAU SYSTEM

In this section we present the extension to deal with the deontic

components to the tableau system of previous chapters. As we are

interested only in the behavior of the normative states, we are

going to provide a system of tableau rules which proves only

theorems of these states. We start with a definition:

DEFINITION 4.2.3.a: We say that a branch e of a tableau tree

is a n o r m a l b r a n c h f o r th e p a i r (c, a) if the formula per(c, a) is in 0,

where c is an agent and A is a set of actions such that a e A.

The tableau system is composed by the following rules:

• The rules A, B, C and D of the previous chapter remain

— 155 —


unchanged.

• The rules E and F are restricted to applications to a formula a, of

the form [c, a]p (or —.[c, a]p), only in the normal branches for the pair

(c, a), according to definition 4.2.3.a above.

• Adequate rules for dealing with the set theory components.

• And, the additional rules G1 and G2 corresponding to the

inference rules R3 and R4 above:

RULE Gl: RULE G2:

OBL(c, a) OBL(c, a)

PER(c, {a}) -PER(c, REF({a}))

The soundness and completeness theorems can be proved as a

simple extension of the theorems provided in the previous chapter.

OBSERVATION: In [JER86], instead of using rules for the

deontic components (rule R3 and R4), these notions are presented

in terms of axioms, namely:

D5. OBL(c, a) =* PER(c, {a})

D6. OBL(c, a) =* -PER(c, REF({a})).

— 156


As proof by reduction to absurdity is classically accepted, this

formulation is equivalent to the one of Maibaum (cf., [MAI87]).

With this formulation, the extension of the logic to capture the

deontic concepts can be treated as a theory of first order M[A]L and

we do not need to formulate the rules G1 and G2 above, for we can

use the new axioms as global assumptions; in other words, the new

axioms can constitute a part of any system specification.

[End_of_Observation]

4.2.4 THE DEONTIC FRAME RULE

In this sections we provide some discussion about the addition of

the deontic frame rule in a simplified version (i.e. using o b l instead

o f the sequence of obligations component O B L S ) of the rule

presented in [MAI87],

We state the deontic frame rules using the notation r NOT h a, to

mean that it is not the case that r h a. If SP is the set of axioms of the

system specification, a and b are actions and c and d are agents, then

the following is a presentation of the (simplified) rules:

— 157 —


FI SP I- PER(c, {a}), SP NOT h [d, b] -nPER(c,{ a})

SPf- [d,b]PER(c, (a})

F2 SP h —PER(c, {a}), SP NOT h [d, b] PER(c, {a})

SPI- [d, b] -JPER(c, {a})

DEFINITION 4.2.4.a: A system of logic X is said to be m o n o t o n i c if

it has the property:

If T I- a, then T, P h a,

where a and p are any formulas of X and T is a set of formulas of

X. Otherwise, we say that X is n o n - m o n o t o n i c .

With the deontic frame rules presented above, this logic becomes a

non-monotonic logic. Thence, we are possibly importing some

advantages of the non-monotonic systems as well some of their

disadvantages, as we can see below.

Applying circumscription to the Peano axioms without the induction

one obtains the Peano Arithmetic (cf. [DAV80]). Hence, according to

Goedel’s incompleteness theorem (cf. [GOE31]), circumscription is

incomplete with respect to the minimal model semantics (cf.

— 158


[PEQ85] and [DAV80]).

On the proof level, the non-monotonic logics are, in general,

undecidable. Let’s take, as an example, the McDermott and Doyle

non-monotonic logic. The problem about decision procedure for this

logic is summarized by Davis in [DAV80] as follows (where h

represents the provability relation for this logic): ”in the general

case, the decision problem is of the same degree of unsolvability as

the decision problem for the classical predicate calculus ... .

However, the provability relation h is not recursively enumerableV

so there can be no semi-decision procedure". The undecidability is a

property shared by full M[A]L. There can be no semi-decision

procedure for first order deontic M[A]L with such frame rules, for

in order to use these rules one needs to show the unprovability of a

formula.

Thus, if we want to have an automatic theorem prover for this logic

with the frame rules we have to restrict the logic and/or use

heuristics, as pointed out by Reiter with respect to the default

reasoning: "... any proof theory whatever for closed normal default

theories must somehow appeal to some inherently non-semi-

decidable process. This extremely pessimistic result forces the

conclusion that any computational treatment of defaults must

necessarily have an heuristic component and will, on occasion, lead

to mistaken beliefs" (cf. [REI80]).

For the first order classical logic we can have, at least theoretically,

— 159


a semi-decision procedure. However, due to practical reasons, the

implementations of automatic theorem provers for first order

classical logic are not complete, i.e., occasionally some theorems are

not proved. But, in general they can be proved to be sound with

respect to this logic. For non-monotonic logics, as we must base

arguments in heuristics, not even the soundness of the theorem

prover with respect to the logic can always be assured.

Now, there are many ways of restricting the logic. A very simple

and perhaps not too restrictive way is to apply the frame rules

considering only atomic information for the deontic components.

The result is that we need only to do pattern matching on the

information of the database. We prefer not to tackle this and

propose restrictions to the logic when we are dealing with the

foundational or proof procedure aspects of the logic, for we need to

give them a formal treatment. We do make some restrictions to the

logic together with some different usages of the frame rule in

chapter 6, which takes account of rather less formal considerations.

— 160 —

C hapter 5

Im p le m e n ta tio n and E x p lo ita t io n

In previous chapters we have presented the tableau system

together with some basic proof procedures. These procedures are

good for explaining the tableau system because they are rather

intuitive. But it is obvious that if we try to obtain an

implementation from one of them we are going to obtain a very

inefficient system. Thus we need to find a proof procedure efficient

enough to provide the basis for computational usage.

This situation seems to be very similar to that which occurred in

the late sixties and early seventies with the resolution principle.

Unguided usage of resolution generates many redundant and

irrelevant clauses. Then, many researchers started looking for

refinements of resolution with which one could obtain a refutation

for a given formula using a smaller search space.

— 161 —

5. Implementation and exploitation

It is not our intention to look for new refinements for the tableau

system. Our paradigm is simply to try to import the refinements

available for the resolution principle and analyse them under the

context of the tableau system with unification. Indeed we are going

to observe that the same algorithm can be used to run both systems

provided that the natural conversions are made. This not only

show that the theorem provers based on tableau systems can be

efficient but also that they can have the same search space as the

resolution systems.

The main objective of this chapter is to provide a refinement to the

tableau system for M[A]L. And, these are the results of this chapter:

We stress the correspondence between tableau and resolution for

formulas of the first order classical logic; Using this correspondence,

we derive a resolution principle for M[A]L from the M[A]L tableau

system with unification; And, we propose a linear algorithm for

M[A]L refutations which could run both the tableau and the

resolution systems provided that natural conversions are made.

In section 5.1 we present procedures for transforming tableau

refutations into resolution refutations and indicate how to do the

reverse. In section 5.2 the linear strategy is analysed under the

tableau approach. The derivation of a resolution principle for M[A]L

from the tableau system with unification for M[A]L is given in

section 5.3. Finally, in section 5.4 the linear strategy is extended to

the tableau system for M[A]L.

— 162 —


Every time we mention a closed tableau, we are actually referring

to an atomically closed tableau.

5.1 EQUIVALENCE BETWEEN RESOLUTION AND TABLEAU

The tableau system has been used by Robinson [ROB79] in order to

explain the resolution method. Gallier in his book ([GAL86]) gives

procedures to transform a Gentzen refutation of propositional

clausal formulas into resolution proofs, and conversely. This

procedure, in fact, not only shows the soundness and completeness

of the resolution system for propositional clauses but it proves that

the complexity of both system are equal. Similar procedures can be

used for transforming refutations of first-order clausal formulas by

tableaux with unification into resolution proofs, and conversely. The

objective of this section is, then, to establish the claim above, and

this is done by the following theorems which are just extensions of

the ones presented by Gallier for the case of first-order clausal

formulas using tableaux instead of Gentzen system. We start with

some definitions:

163 —


DEFINITION 5.1.a: A pair of formulas of the kind a and -ice in a

branch of a tableau is called a c o n n e c t i o n .

In most of the cases we are going to be interested in substitutions

of more than one variable at the same time. Then, we are going to

represent substitutions by a set of the form [ X \ / 1\ , ...» Xn / t n}, where

every Xj is a variable, every t[ is a term different from X [ and no

variable is to be substituted more than once in the same set.

EXAMPLE 5.1.a: If a \ = {X / a, Y / b} is a substitution and a =

P(X, Y) is a formula, then:

CCO = P(a, b). [End_of_Example]

DEFINITION 5.1.b: Given two substitutions g \ = {Xi / u \ , Xn /u n}

and 02 = {Yi / u \ t ..., Ym / um}, we define the composition of a \ and

02, denoted by 01 o G2, as the substitution:

01 o <j2 = {Xi/ti02, ...,Xn/tn02, Y i /u i , ..., / um},

where the elements:

x i / ^^2 suc that Xi = qo2 and

Yj / uj such that Yj is among {Xj, ..., Xn}

— 164— '


are not included in o 02 .

DEFINITION 5.1 .c: Let r be a set of clauses and D a resolution

refutation for the members of F. Every member of T is said to be

an input clause for D.

THEOREM 5.l.a: There is a procedure for transforming a

tableau with unification refutation for the set T of formulas of

the first-order classical logic into a resolution refutation for this

set of formulas. The number of resolvents is less than or equal to

the number of connections needed to close the tableau.

PROOF: We do the proof by induction on the number of branches

in the tableau. And, in order to establish the result we need to show

that the following conditions are satisfied in each of the induction

steps:

• There is a resolution refutation for T, derived from the tableau

refutation for T with the same unifier;

• The number of resolvents is less than or equal to the number of

connections needed to close the tableau;

• Furthermore, the set of literal pairs used in the resolution steps

is a subset of the set of literal pairs used for closing the tableau.

F ir s t c a s e - The tableau consists of only one branch:

165 —


Then, it contains atomic clauses C and Cj such that C[ is unifiable

with the complement of Cj with some most general unifier a. Then

we form the resolution refutation:

with the same unifier a. The resolution refutation has one resolvent.

Note that the pair of literals used in the resolution step is the same

pair used for closing the tableau.

Hence, the base step of the induction holds.

S e c o n d c a s e - The tableau consists of more than one branch:

Then, the tableau which is closed with a most general unifier, say a,

is of the form:

Ci

Ci

Bi B2

— 166 —


Where the clause Cj is of the form Cj’ v Cj" and the branches Bj and b2

are generated by application of rule type B to Cj such that Cj' is in Bj

and Cj” is in b2. As the tableau is closed, each of its branch must also

be closed. Let us suppose that the branches Bj and b2 are closed

with the most general unifiers a j and a 2, respectively, then a is the

most general unifier given by the expression a = a \ o o 2.

By the induction hypothesis we have:

• There is a resolution refutation D j derived from b j with the

unifier ai and a resolution refutation d2 from b2 with the unifier

<*2;

• The number of resolvents of Dj and d 2 are less than or equal to

the number of connections needed for closing Bj and b 2,

respectively;

• Furthermore, the set of literal pairs used in the resolution steps

of Dj is a subset of the set of literal pairs used for closing Bj. The

same happens with d2 with respect to b2.

If every input clause of Dj is a member of T, then:

• By induction hypothesis, Dj is a refutation for T with the unifier

0 1 . Since the set of literal pairs used in the resolution steps of Dj

is a subset of the set of literal pairs used for closing b j , the

tableau unifier a is also a unifier for Dj. Now, we just restate Di

using the unifier c instead of o \ .

• The number of resolvents is, by the induction hypothesis, less

than or equal to the number of connections needed for closing b ^

— 167 —


thus it is less than the number of connections of the whole

tableau.

• The set of literal pairs used in the resolution steps of Dj is a

subset of the set of the literal pairs used for closing b i , and

therefore it is a subset of the literal pairs used for closing the

entire tableau.

If every input clause of D2 is a member of T, then the situation is

similar to the one above.

Otherwise, we replace by Dj’, where Df has the same steps as in

Dl, but in D i' the clause Cf is changed for the clause (Cf vCj") and,

consequently, all the resolvents recursively resulting from the

clause Ci’.

If the final resolvent is the empty clause, then the refutation is

done and, the results take place in same form as the case above.

Otherwise, the last resolvent must be an instance of Cj", namely

CiMo i . Then we construct a resolution refutation for T, by

concatenating D2 to D f and using the unifier a . Note that this

construction is feasible, for the induction hypothesis and a is

obtained from o \ and 0 2 (the unifiers of Dj and D2, respectively) by

the expression o = aj o a 2 . The number of resolvents is equal to the

sum of the number of resolvents of Dj and D2 which is less than or

equal to the sum of the connections needed to close Bj and B2, the

— 168 —


number of connections needed for closing the entire tableau.

[End_of_Proof]

THEOREM 5.l.b: There is a procedure for transforming a

resolution refutation for the set T of formulas of first-order

classical logic into a tableau with unification refutation for this

set of formulas. The number of connections needed to close the

tableau is less than or equal to the number of resolvents.

PROOF: The proof is just an extension of the one presented in

[GAL86] proceeding in the same way as we did for the theorem

5 . 1 . a . [End_of_Proof]

We present below a example in order to give a visualization of the

usage of these procedures.

EXAMPLE 5.l.b: Given the set of clauses

{P(a, u), -tP(x, y) V -nP(y, x) v Q(z, x), -,Q(x, b)}

we can obtain its tableau refutation tree as follows:

— 169 —


Q(x, b)-iP(x\ y) v -nP(y, x1) v Q(z, x1)

-iP(z. y) -P(y, x*) QCz.x')

P(a, u') P(a, u")

Then, the tableau is closed with the most general unifier:

{z/a, u’/y, y/a, u"/x\ x'/b}.

And the resolution refutation can be obtained from this tableau

derivation as follows:

For each of the three leaves we obtain a corresponding resolution

refutation with the same general unifier:

-.P(z,y) P(a,u') -P(y, x1) P(a,u") Q(x,b) Q(z.x')

□ □ □

Going up with the branch on the right we obtain:

— 170 —


—<P(y» x') V Q(z, x) P(a, u”)

□

Finally, with the branch on the left:

-•P(z, y) v —iP(y, x’) v Q(z, x') P(a, u1)

□[End_o f_E x ample]

— 171 —


5.2 Lin e a r St r a t e g y

In this section we present the linear refinement of resolution and

indicate how this can be used together with the tableau approach.

Algorithms for the first order classical logic linear tableau are

provided in the end of the section. These algorithms are later (in

section 5.4) used as the basis for the extension to the linear tableau

for first order M[A]L.

Linear resolution was independently proposed by Loveland (cf.

{[LOV70]), Luckham (cf. [LUC70]) and Zamov and Sharnov (cf.

[ZAM69]). Since then, it has been the basis in many

implementations of resolution theorem provers.

A linear derivation from a set of clauses X starts by resolving a

given clause (called the t o p c l a u s e ) with some clause p of X and

then every resolvent has the previous resolvent as one of its

parents. We give the definition:

DEFINITION 5.2.a: A l i n e a r d e d u c t i o n of a clause c n from a set X

of clauses with top clause Ci in X is a sequence of clauses (Ci, ....

Cn) such that each Cj+i (l £ i £ n - l) is a resolvent of c , (the centre

clause) and p (side clause) where P is in E or is a previously

generated resolvent.

— 172 —


Linear resolution has been proved complete for first order logic (cf.

[CHA73]). Still several refinements can be added to linear resolution

such as set of support restriction, tautology elimination, etc.,

reducing unnecessary derivations and preserving its completeness

characteristic. Take, for example, the resolution derivation for the

set Z ={r v s, R v ^s, - iR v q, - .R v - q} of clauses with top clause RvS:

R V S R v -iS

—iR v Q

—iR v —iQ

At this point, the top clause nR can be resolved with the input

clauses Rv s and r v -,s and with the previously generated clause R.

But, using the clause R as the side clause will give us a shorter

prove. Furthermore, we can only generate a refutation for the set if

we eventually use the clause R as the side clause. Then, determining

when one should use a clause generated previously as the center

clause is a such a refinement to the linear strategy that leads to a

more efficient theorem proven

173 —


Hence, we are going to consider here a simplified version of the

refinement OL-resolution (cf. [CHA73]) without merging and

tautology eliminations. For other refinements and more details the

reader may refer to [LOV79], [AND70] and [KOW71].

OL-resolution uses the notion of ordered clauses, i.e. a clause is

considered as a sequence of literals together with a mechanism that

determines the necessary and sufficient condition under which one

should use a clause generated previously as the center clause. This

mechanism is achieved by recording the literal resolved upon

together with the resolvent. Now, each time we need to use this

literal in a resolution step this information can be used reducing,

then, the search space. We describe this mechanism in the

following.

Each time two literals Lj and L2 of clauses a v L j and p v L2 ,

respectively, are resolved upon the literal of the centre clause, say

Li, is recorded in the resolvent with the assigned state of f r a m e d

l i t e r a l generating a clause represented by a v [Lj] v p. The name

f r a m e d l i t e r a l is used in [CHA73] and is maintained in this Thesis.

As an 'example, consider the following two clauses:

Cp R v —iP v Q

C2’ S v —Q v —iR

The possible resolvents are:

— 174 — ■


C3: - P v Q v [ R ] v S v - tQ

C4: R v - tP v [Q] v S v - . R

The use of framed literals avoids searching in the memory for a

side clause to be resolved with the center clause if the last literal of

the center clause is complementary to a framed literal. When this

condition is satisfied, i.e. when the last literal of the top clause is

unifiable with the complement of a framed literal, we just delete

this literal. If we obtain a clause with framed literals not followed

by any u n f r a n t e d literals, then these framed literals are deleted

too.

EXAMPLE 5.2.a: Consider the the set I = ( Q v P , ^ P v R, - iR v ^ p )

of ordered clauses with top clause Q v p. The information about the

framed literal can be used as shown in the derivation:

175 —


Q vP

o

—tP v R

o Q v [P] v R

-JR v - P

° Qv[P]v[R] v-iP

(QvP)

o Q

[End_of_Ex ample]

In the above, the framed literals are indicated by brackets. In the

first derivation, the clause was obtained resolving Q v P against - P v R

upon - .P, therefore the literal P is framed in the resolvent. In the

second resolvent the literal -.P has a complementary framed literal.

Then there is a centre clause, namely Q v P which can be resolved

with upon the literal --P. At this moment we could just delete the

literal -.p as indicated above. Note that the framed literals not

followed by any unframed literal are deleted too.

We give the formal definition of the concepts just mentioned and a

whole description of OL-resolution:

— 176 —


DEFINITION 5.2.b: An ordered clause c is said to be a reducible

ordered clause if the last literal of c is unifiable with the

complement of a framed literal of c.

DEFINITION 5.2.c: Let C be a reducible ordered clause with the

last literal L unifiable with the complement of a framed literal of

c with a most general unifier a . We use the name r e d u c t i o n for

the operation of deleting L a from c a and every subsequent

framed literal not followed by any unframed literal.

Note that the framed literals do not in fact participate in the

resolution. The reduction operation on C is equivalent to resolving

C with the centre clause which gave origin to the framed literal

used for the reduction.

DEFINITION 5.2.d: Given a set £ of ordered clauses and a clause

Cq of £ , an OL-deduction of Cn from £ with top clause Cq is a

linear deduction of Cn from £ with top clause Cq in which every C[

(U U n) is obtained following the constraints:

1. If C[.i is a reducible ordered clause, then Cj is obtained by a

reduction operation on Cj_i.

— 177 —


2. Otherwise Cj is obtained by resolving the last literal of

with the literal of some clause P in £.

EXAMPLE 5.2.b: An OL-resolution refutation for the set E =

{p v Q,-iP,-tQ v R,t R v S , - tR v -,s } with top clause P v Q is:

P v Q iQ v R

P v [Q] v R iR v S

Pv [Q] v [R] v [S] v -iR

P i P

[End_o f_Ex ample]

— 178 —


The first effort at obtaining a linear strategy for the tableau method

was sketched in [BRO80]. Bibel shows, in [BIB82], how to

incorporate the notion of linearity for testing complementarity in

his connection matrix method. Schonfeld (cf. [SCH85]) presents an

algorithm for the SLD refinement of the linear strategy for a

propositional tableau system.

We argue too, that OL-deduction of resolution can be used equally

well in a tableau based theorem prover. In fact it seems to suit

tableau systems better because of the fact that the framed literals

are the very literals stored on the branches of the tree derivation

as we can see in the following example.

EXAMPLE 5.2.c: The corresponding tableau derivation for the

example 5.2.b is presented in the tree below.

— 179 —


P v Q

[End_of_Ex ample]

In the example above the tree was developed first to the right,

following the same sequence as the OL-resolution refutation. Note

that the literals Q and R which are framed in the OL-resolution are

stored in a branch of the tableau refutation.

We present below two algorithms for the tableau system of classical

logic using the linear strategy:

— 180 —


ALGORITHM 5.2.a: Linear strategy for a tableau theorem prover

using the depth-first method for formulas of first-order classical

logic in clausal form (where a is the top clause and r is the set of

side clauses):

1. Start a new tableau breaking down a into atomic components;

2. Let 6 be the first branch of the tableau;

3. WHILE there are non visited branches

DO IF level of TOP(0) is greater than the maximum depth level

THEN IF stack for backtrack is not empty

THEN backtrack

ELSE terminate with "fail

ENDIF;

ENDIF;

Let C be the list of formulas of 0 and T (in this order) which are complementary to TOP(0);

IF Ot is empty


THEN backtrack

ELSE terminate with "fail"

ENDIF;

ELSE IF length t > 1

THEN create backtrack mark

ENDIF;

Append the tableau extension for the first element of <£ to 0;

Close 0;

Let 0 be the next non visited branch;

ENDIF;

— 181 —


END WHILE;

4. Terminate with "success";

5. END.

[End_of_Algorithm]

ALGORITHM 5.2.b: Linear strategy for a tableau theorem prover

using the depth-first method for formulas of first-order logic in

non-clausal form (where a is the top formula and r is the set of side

formulas):

1. Start a new tableau breaking down -.a into atomic components;

2. Let 6 be the first branch of the tableau;

3. WHILE there are non visited branches

DO IF level of TOP(0) is greater than the maximum depth level


THEN backtrack

ELSE

ENDIF;

ENDIF;

terminate with "fail"

Let l be the list of literals of the last formula (top literals) added to 6;

Let P be the first literal of %;

UNTIL % is empty or

0 is closed

DO Let & be the list of formulas of 9 and T (in this order) which are complementary to (3;

IF <£ is empty

— 182 —


THEN Delete p from %;

Let p be the next literal of %

ELSE IF length of £ > 1 or

length of % > 1

THEN create backtrack mark

ENDIF;

Append the tableau extension for the first element of £

Close 0;

ENDIF;

ENDUNTIL;

IF 0 is closed

THEN Let 0 be the next non visited branch

ELSE IF stack for backtrack is not empty

THEN backtrack

ELSE terminate with "fail"

ENDIF;

ENDWHILE;

4. Terminate with "success";

5. END.

[End_of_Algorithm]

Following these lines, a prototype of a tableau theorem prover for

formulas of first order classical logic in Skolem normal form was

implemented by Trimmer using a PROLOG language (cf. [TRI88]).

This implementation extends the basic linear strategy above with

some improvements such as giving priority to atomic and

— 183 —


conjunctive formulas with the objective of achieving more

efficiency.

5 .3 RESOLUTION FOR M [A ]L

A resolution system for modal logics was first presented by

Farinas-del-Cerro (cf. [FAR83]). Konolige presented in [KON84] and

[KON86] resolution systems for several modal logics based on

Stickel's total narrow theory resolution rule (cf. [STI85]). As the

modal logics he considered does not admit a direct extension of the

Skolem theorem he needed to introduce the notion of "bullet

construction" in order to deal with the quantifiers outside modal

operators and obtain an extension of the Skolem normal form.

In this section we obtain the resolution principle for M[A]L from

the tableau system as an extension of the correspondence between

the resolution and tableau systems for first-order classical logic.

Although the resolution rules obtained are similar to the ones of

Konolige, the way we treat variables in relation to modalities is

quite different. Indeed, the treatment we gave for the terms for

proving by tableau refutation with unification came from direct

observation of the behaviour of the variables and the changing of

184 —


states in a tableau proof without unification (and a possible worlds

semantics specification). Then it was possible to maintain this

principle for the resolution system and we just needed to add the

following rules to the well known resolution rule:

RULE R.E

[A, a]cq v pj

[A, a]an v pn

Pi v ... v pn , where {a i,... ,a n } is unsatisfiable.

RULE R.F

[A, a]oq v pj

[A, ajGCfi v Pn

-i[A, ajy v p

Pi v ... v pn v p, where 6 = { a i , ..., an , - q ] is unsatisfiable

and the variables of 0 are subject to the

same restrictions as in the application of

rule E of the tableau system.

— 185 —


The soundness and completeness of the system just presented can

easily be verified by taking the procedures from translating the

tableau refutations for classical first-order logic into resolution

refutations and converse and extending them for M[A]L. Note that

since the rules R.E and R.F are very similar to the rules E and F of

the tableau systems, this extension does not take too much effort.

The number of connections can still be related to the number of

resolvents. But now, this result does not imply the same complexity.

Note that rule E was formulated in a way that allows its application

more than once in order to obtain one application of rule R.E or R.F.

Obviously, we could change the formulation of this rule (E) in order

to obtain the same complexity. As the actual formulation leads to a

better understanding of the behaviour of the changing of states and

we are more interested in clearness than efficiency we are not

going to consider this change. Below, we present two theorems

establishing the correspondence between these systems:

THEOREM 5.3.a: There is a procedure for transforming a

tableau with unification refutation for the set X of formulas of

M[A]L into a resolution refutation for 2.

PROOF: In light of the proof given for the theorem 5.1.a, we

need only consider the case where the last branch 0 is closed by

closing a tableau subordinated to 0. By the inductive hypothesis,

— 186 —


there is a resolution refutation for this subordinated tableau. Let M

= { a i , . . . , a n } be the set of all modal formulas in 0 used by

application of the rule E (or F) for forming the subordinated

tableau. If every aj (1 < i £ n) is an instance of a formula of E, then

we create a resolution refutation with the application of rule R.E

(R.F) to the members of M.

Otherwise, let M' £ M be the set of those modal formulas which are

not instantiations of formulas of I \ M' = {aj,..., a^}. Each (j < i < k)

was then obtained by application of a rule of type B on a formula of

the form aj v Pj. Then the application of rule R.E (R.F) to the

member of M will give the resolvent pj v ... v p . As by hypothesis

all other branches of the tableau are closed and we have the

corresponding- resolutions, then we can derive the final resolution

refutation by using the method described for earlier steps of

theorem 5.1.a of concatenating the respective resolution trees

relative to each of the pj’s. [End_of_Proof]

THEOREM 5.3.b: There is a procedure for transforming a

resolution refutation for the set E of formulas of M[A]L into a

tableau with unification refutation for £.

PROOF: The proof is an extension of the proof for theorem

5.1.b, obtained in the same way as we did for theorem 5.3.a.

[End_of_Proof]

— 187 —


Although the general resolution principle has been presented, work

still has to be done in terms of solving the specific problems of

implementing the theorem prover, particularly concerning the

treatment of modalities. We deal with this problem in the next

section.

5.4 IMPLEMENTATION OF M [A ]L THEOREM PROVER

In providing a refinement for a modal theorem prover one faces a

basic problem: when a change of state (possible world) should take

place. This and other specific implementation problems of a

theorem prover for the system K of modal logic were examined by

Geissler and Konolige in [GEI86], In order to explore the

consequences of the choices of changing states, let us consider two

different principles, one that forces change to a new state as soon as

possible and another that postpones these changes of state:

— 188 —


i. C h a n g e to a n o th e r s ta te o n ly w h en w e h a ve in the b r a n c h a ll

f o r m u la s that are going to f o r m the new tab leau :

Let us consider the following example:

1. [A, a]P

2 . ([A, a]R) v Q

3. -i[A, a]P

4a. [A, a]R 4b.

Axiom

Axiom

The denied theorem

Q From 2, by rule B

Now, in order to close the tableau we need to apply the rule F to the

formula 3 twice (once for each branch), compromising the efficiency

of the process. Note that the linear strategy of classical logic can

hardly be extended to a modal logic if this principle is to be carried

out.

ii. C h a n g e to a n o th e r s ta te b y using rule E o r F each t ime w e f a c e

the p o s s i b i l i t y :

Let us consider the following example:

1. ([A,a]P)vR Axiom

2. -iR Axiom

— 189 —


3. -.[A , a]P The denied theorem

3.1. -p From 3, by rule F

The new state cannot obviously be closed by using only the formula

-,p. When we applied the rule F we could not yet bring to the new

state all the information we need to close its tableau. Then, in order

to use this principle one must be able to apply tableau rules to

formulas in branches higher up in the hierarchy. Note that this

principle can take in consideration the most recently derived

formula, and hence, contrarily to the previous one, it has a close

relation with the linear strategy.

We have no evidence that one approach is more efficient than the

other. The advantage of the second principle is that the linear

strategy of classical logic can be extended to a modal logic using this

principle. We present below the algorithm for this extension:

ALGORITHM 5.4.a: Linear strategy for a tableau theorem prover

using the depth-first method for formulas of M[A]L in non-clausal

form (where a is the top formula and r is the set of side formulas

and all data mentioned is defined locally, except the stack for

backtracking which is global)

1. Start a new tableau breaking down a into atomic components;

190 —


2. Let 0 be the first branch o f the tableau;

3. W H ILE there are non visited branches

DO IF level o f TO P(0) is greater than the maximum depth level

TH EN IF the global stack for backtracking is not empty

TH EN backtrack

ELSE terminate w ith " fa il"

E N D IF;

EN D IF;

Let X be the list o f literals o f the last formula (top literals) added to 0;

Let p be the first literal o f X;

U N T IL X is empty or 0 is closed

DO IF p is a modal formula o f the form [A , a]y or

p is a modal formula o f the form -,[A , a]y

TH EN C all recursively this procedure with y (-vy) being the theorem to be derived from

the set o f subformulas q> obtained from formulas a o f 0 and T , where [A , a]<p is

a subformula o f <r,

IF the result is successful

TH E N IF length o f % > 1

TH EN create mark in the global stack for backtracking

E N D IF;

Close 0

E N D IF ;

ELSE Let C be the list o f formulas o f 0 and T (in this order) which are complementary

to p ;

IF ( is empty

TH E N Delete P from X ;

Let p be the next literal o f X

— 191 —


ELSE IF length o f C > 1 or

length of % > 1

THEN create marie in the global stack for backtracking

E N D IF;

IF the first element o f C is a subformula o f some form ula 8

which is not in 0 nor in the actual branch up in the recursive

hierarchy

THEN put 8 in the appropriate branch

E N D IF;

Append the tableau extension o f the first element o f t to 0;

Close 0;

E N D IF;

E N D U N TIL;

IF 0 is closed

TH E N Let 0 be the next non visited branch

ELSE IF stack for backtracking is not empty

TH EN backtrack

ELSE terminate w ith "fail"

E N D IF;

EN D W H ILE;

4. Term inate w ith "su ccess" w ith the inform ation for recovering the processing in case o f

backtracking;

5. E N D .

[End_of_Algorithm]

192 —


OBSERVATIONS:

a) In order to achieve a more efficient system, further

improvements can be added, such as:

- Giving priority to atomic and conjunctive formulas;

- Adding a simple control structure to avoid the change of

state more than once for the same positive modality in the

same branch;

- More complex heuristics can still be added such as the one

for "discovering non theorems as soon as possible" as

specified in [OPP86].

b) The addition of the return data of the procedure in step 4 is

due to the following:

As the stack for backtrack is a global definition, a call for a

backtrack can cause a recursive entrance in the procedure to

be restated and this information can simplify this process.

c) Following these lines, a prototype of a tableau theorem prover

for first order M[A]L with deontic components and the pair

agent/action, where the actions are expressed by terms (see

chapter 4 for considerations on this logic) was implemented

by Atkinson (cf.[ATK88]) as an extension of the theorem

prover of Trimmer (cf. [TRI88]).

— 193 —

Chapter 6

Animation Using Information

of the Database

Animation of a specification is a potentially powerful aid to

validation (cf. [COS87]). Justifications of various forms of validation

and animation are presented in [QUI85]. In particular, animation

enables the formal system to be presented and exercised in terms

of the application domain, rather than the mathematical

formulation. The theorem prover can be used in such a situation to

run the system using information of the database in an early stage

of development, such as validation of the requirements

specification. By a d a t a b a s e we mean the system requirement

specification in M[A]L and the additional axioms providing the

— 194

6. Animation Using Information of the Database

information concerning the initial state.

A prototype of such an animation tool for M[A]L was developed by

J. P. Booth (cf. [TAV88]) in which the specifications are translated

into PROLOG and then executed. These translations are obviously

subjected to the restrictions of the PROLOG language. Despite these

restrictions, the system works nicely for certain applications and it

could be taken into account as a basic application goal for a rather

more formal approach.

In this chapter we are going to explore the possibility of using a

tableau system in order to obtain an i n t e r a c t i v e t h e o r e m p r o v e r

for M[A]L for animating a specification so that the behavior of the

specified system can be examined. The theorem prover we are

going take as the basis for this chapter is the traditional tableau

system for first order M[A]L presented in section 3.4.1. The

interactions are directed to the action level, simulating the

interaction between the system and the environment. Other kinds

of interactions are discussed - such as the case of inferring results

from incomplete database information. Note that the completeness

of information we referring in this chapter is not the same defined

in section 2.1.1.

The usage of first-order classical logic for modeling databases

requires certain assumptions, such as domain closure and the closed

world assumption, as it is described in [REI84]. These constraints

can be provided by explicit specifications of axioms in the database

195 —


or they can be derived from the database. McCarthy's

circumscription (cf. [McC80]) provides us with a schema for

obtaining minimal models from which we could derive these

assumptions. Hintikka has just given (cf. [HIN88]) an alternative to

McCarthy's circumscription "for formulas with finite models, as

asking whether the conclusion C is true in all the minimal finite

models of the premise T" using a modified version of the tableau

method.

It is argued that the inclusion of axioms for the domain closure

"makes it difficult to develop a theory of operations on databases,

such as adding new data to it or dropping some of the data" (cf.

[HIN88]). These operations are not appropriate for systems with the

Barcan formula, as it imposes a constant domain in all states. It

seems, then, rather natural to have this requirement specified

explicitly than to use mechanisms for obtaining it which could lead

to the generation of new constants in the database.

As we have already discussed (see chapter 4) it is rather

appropriate to have adequate conditions for assuming the truth of

the formulas which are not negated in the actual state and are

accepted in the previous state. This should be required not only for

the deontic formulas as is cited in the M[A]L formalization (cf.

[MAI87]), but for all kinds of formulas. This is the so called F r a m e

P r o b l e m . As we have argued, the use of such a frame rule brings

together almost unsolvable problems. Using simple versions of

— 196


frame rules, restricting the specifications of theories only to those

with finite models and accepting interactions with the user many of

these problems can be solved. In this chapter we are interested in

explore the usage of different versions of frame rules in the context

of an animation tool. Hence, we are going to consider here the

existence of such a frame rule although we do not give its

formalization. Its usage will be clear and restricted to explicit

indications in the examples. Note that this frame rules should be

applied to any kind information (under restrictions) and not only to

the deontic components.

The intention of an animation is to provide the user with

information about the actual situation of the system at each state.

This is equivalent to querying the database for all the predicates

(or the selected ones) and list all the answers. In other words, we

need to list all extensions of the predicates that can be derived

from the (extensional and intensional) database. In terms of

models, this is equivalent, by definition, to presenting the minimal

model for the theory. This process is first presented (in section 6.1)

for databases with complete information without considering the

changes of state. In section 6.2 this is augmented in order to accept

incompleteness in the database. In section 6.3 this is extended by

considering the changes of state and the usage of different frame

rules. Most of the examples of this chapter are actually part of the

explanation and not only to give a visualization of the procedures

we are going to discuss.

— 197 —


Thus, the main contribution of this chapter is, then, to provide a

formal basis for animation of a system requirements specification.

This is done by exploring the usage of an animation tool considering

different levels of complexity. We start with a simple case, viz.

databases with complete information without considering the

change os states; Then, we extend the process to databases with

incomplete information; And, finally, we consider the change of

state with addition of simplified versions of frame rule. A side

result of this chapter is the development of a process to find

minimal models for finite theories using the tableau system.

6.1 DATABASES WITH COMPLETE INFORMATION

In this section we are going to assume that we have complete

information in the database. "Loosely speaking, a database is

incomplete when it does not have all the information necessary to

answer some question of interest to the system." (cf. [LEV81]). As

an example of completeness, no formula of the kind a v p is part of

the database specification, where none of the formulas a, p and a a p

is derivable from the database. In order to have this notion of

completeness as simple as possible one can suppose that the

— 198 —


database consists only of formulas reducible to definite Horn

clauses. Note that the notion of Horn clause can easily be extended

to M[A]L, considering the modal formulas as literals.

We also assume that the formulas and constants of the database are

ordered by some appropriate orderings. The function symbols are

not present in the definition of the language as "they lead to severe

difficulties for database theory. Fortunately, they are not required

for a formal treatment of current ideas in databases" (cf. [REI84]

and [REI78b]). Although this restriction conforms to the actual

database specifications, it limits considerably the expressiveness of

the language. We adopt this restriction, for solving the problems

that result from using functions in database specifications is out of

the scope of this Thesis.

We give in the following a general description of the animation

process taking into account the restrictions above. This process is

augmented as required in the exposition of this section and of the

following sections, when we drop some of the restrictions. The

treatment of the existential quantifier is given separately.

The method consists of breaking down all formulas of the database

according to the ordering of the formulas. The rule C is only applied

to constants of the database following the ordering of the constants.

Each formula is used only once in each branch (except for the rule C

— 199 —


which can be used once for each constant). At this stage we do not

make use of rules E and F as we attempt to find out only the

situation of the system in the actual state. Since the number of

constants and formulas are finite this process always stops.

Let us analyse then, the possible conditions of the tableau when it

stops.

• It stops after closing all branches. Then the original database is

inconsistent.

• It stops with only one complete open branch, i.e., no further rule

can be applied to any formula of the branch and the branch is

still open. Clearly this branch contains all possible extensions of

the predicates and it represents the actual state of a model for

the intensional database.

• It stops with alternative complete open branches. The following

illustrates the possibilities:

mR(b)

P(a) v R (b)

P(a) R(b)

— 200


In this case, as the formula P (a) v R (b ) does not contain any

information which is not in the database it can be disregarded

and a backtrack takes place. A different and more detailed

solution for this case is given in the next section. Other

possibilities are:

-P (a ) - m

Vx (P(x) => Q (x)) V x (R (x) => Q (x))

P(a) => Q(a) R (a) => Q (a)

In both cases we cannot assert that Q (a ) is a proper extension of

the predicate Q because of the impossibility of establishing from

these tableau constructions the unsatisfiability of - .P (a ) and - .R ( a ) ,

respectively.

Note that we have complete information in the database and

these applications of the tableau rules constitute then, an

addition of incompleteness to the database. As we cannot decide

between any of the disjuncts, the branch extension derived from

the original formula (V x (P (x ) => Q (x )) andVx (R (x ) => Q (x )) in the

examples above) is disregarded and a backtrack occurs.

The alternative complete open branches considered above were

introduced because the tableau systems are concerned with

201 —


classical models for the theory. They consist of valid applications of

tableau rules but they represent a search for classical models. In

providing the user with all the information about the actual state of

the system being animated we have to restrict our attention only to

minimal models. This is the reason for disregarding applications of

the tableau rules and resuming the process with a backtrack.

EXAMPLE 6.1.a: Let us consider the naive school database:

Data Sorts: t e a c h e r , s t u d e n t , c o u r s e ;

Variables:

x : T E A C H E R ;

y : C O U R S E ;

z : S T U D E N T ;

Relations:

ENR O LLED C S T U D E N T X C O U R S E ;

TEA C H c T E A C H E R X C O U R S E ;

TEA C HER_O F c T E A C H E R X S T U D E N T ;

Axioms:

ENROLLED(John, Logic)

ENROLLED(John, Math)

E N R O LLE D (B ill, Logic)

— 202 —


TEA C H (T1, Logic)

TE A C H (T2, Math)

Vx Vy V z ((TE A C H (x, y) a EN R O LLED (z, y )) => TEA C HER_O F(x, z))

For some ordering we have the initial extension of the tableau:

V y V z ((TE A C H (T1, y) a EN R O LLED (z , y )) = * TEA C H ER _O F(T 1, z))

Vz ((TE A C H (T1, Logic) a EN R O LLED (z , Logic)) =* TE A C H E R _O F(T l, z))

(TE A C H (T1, Logic) a ENROLLED(John, Logic)) =* TE A C H E R _O F(T l, John)

-iT E A C H (T l, Logic) -E N R O LLE D (John , Logic) T E A C H E R _O F (T l, John)

The branch on the left is closed and then disregarded. The tableau

extension is continued with another instantiation of a student on

the rightmost branch:

V y V z ((TE A C H (T1, y) a E N R O L L E D ^, y)) => TEA C HER_O F(T 1, z))

V z ((TE A C H (T1, Logic) a E N R O LLED (z , Logic)) => TEA C HER_O F(T 1, z))

(TE A C H (T1, Logic) a ENROLLED(John, Logic)) => TE A C H E R _O F (T l, John)

TE A C H ER _O F(T 1, John)

— 203 —


(TEACHCT1, Logic) a E N R O LLE D (B ill, Logic)) => TE A C H E R _O F(T l, B ill)

-T E A C H (T 1 , Logic) ->E N R O LLE D (B ill, Logic) TE A C H E R _O F (T l, B ill)

Again, the branch on the left is closed and we then instantiate

another course on the rightmost branch:

V y V z ((TE A C H (T1, y) a EN R O LLED (z , y)) => TEA C HER_O F(T 1, z ))

V z ((TE A C H (T1, Logic) a EN R O LLED (z, Logic)) => TE A C H E R _O F(T l, z))

(TE A C H (T1, Logic) a ENROLLED(John, Logic)) => TE A C H E R _O F(T l, John)

TE A C H ER _O F(T 1, John)

(TE A C H (T1, Logic) a E N R O LLE D (B ill, Logic)) =» TE A CH ER _O F(T 1, John)

TE A C H E R _O F (T l, BiU)

V z ((TE A C H (T1, M ath) a ENROLLED<z, M ath)) => TE A C H E R _O F(T l, z))

(TE A C H (T1, M ath) a ENROLLED<John, M ath)) => TE A C H E R _O F(T l, John)

-.T E A C H (T 1 , M ath) ->ENROLLED(John, M ath) TEA C H ER _O F(T 1, John)

Now, the leftmost branch cannot be closed. Since we cannot decide

between the disjunction, the process is continued with a backtrack

204 —


and another instantiation of a student, which is disregarded causing

the instantiation of another teacher... . At the end we have the

following extensions of the predicates:

ENROLLED(John, Logic)

ENROLLED(John, Math)

E N R O LLED (B ill, Logic)

TE A C H (T1, Logic)

TEA C H (T2, Math)

TE ACH ER _O F(T 1, John)

TE A C H E R _O F(T l, B ill)

TEACHER_OF(T2, John) [End_of_Ex ample]

Although we are not yet interested in change of state it might be

necessary to consider these changes, as in the case where we need

to decide between two alternates. The following example illustrates

the case:

EXAMPLE 6.1.b: Consider the simple database:

[Ag, A c]V x P(x)

([Ag, Ac]P(a)) => Q(a)

We start the tableau by breaking down the second formula:

— 205 —


1. [Ag, A c]Vx P(x)

2. ([Ag, Ac]P(a)) => Q<a)

(from 2, by rule B)

In order to assert Q (a ) we need to establish the unsatisfiability of the

branch starting with -.[A g , A c ]P (a ), which is done by applying rule F to

-.[A g , A c]P (a ), creating a new tableau as follows:

3.1. -P®

3 .2 . V x P(x) (from 1 , by rule E)

3 .3 . P(a) (from 3.2, by rule C)

Since this tableau is closed, the original branch is also closed. Hence,

the extension of the predicates in the actual state is {Q ( a ) } .

[End_of_Example]

Although we have so far been considering formulas of M[A]L we

give in the following the formal definitions for formulas of first-

order classical logic, as we are not yet interested in the changes of

state. The corresponding extensions to M[A]L are intuitively clear,

but to be well defined they need explicitly formulated frame rules.

Extending M[A]L with such inference rules is out of the scope of this

thesis. Then, we present a theorem ensuring that the procedure

discussed above is correct, i.e., we are going to show that the branch

— 206 —


obtained by the process above determines the minimal model for

the actual state which corresponds to the information of the

system’s "real situation" at this state.

DEFINITION 6.1.a: The first-order theory specificationcorresponding to a logical database is the theory obtained from

the set of closed formulas of the database and the axioms for

equality, domain closure and unique names, where these two

latter axioms are (supposing that c i ........ cn are the constants of the

database):

i) Domain closure axiom:

V x (x = Cj V . . . V x = cn);

ii) Unique name axioms:

Cj * c2» ••• C1 * cn ,

c2 * c3......c2 * cn’

<11-1

DEFINITION 6.1.b: Let r be the consistent set of closed formulasof first-order classical logic corresponding to a database as in

definition 6.1.a. Let the complete open tableau for r be obtained

as described above with the complete open branch 0 . We define

an a n i m a t i o n m o d e l for the theory T as follows:

a) The constants of the language are interpreted by a one to one

valuation function t> onto the domain.

— 207 —


b) To each atomic ground formula in 0, s a y P C q ........ cn ) , and only to

them, create a tuple < t ) ( c j V ( c n) > as a member of the

corresponding relation for P over the elements of the domain.

c) The other components of the formulas are evaluated in the

usual way.

THEOREM 6.1.a: Let T be the consistent set of closed formulas

of first-order classical logic corresponding to a complete

database. Let 0 be the unique complete open branch of the

tableau obtained by the process described above. Then, the

animation model Mq is the minimal model for I\

PROOF: i) is a model for T, i.e., 0Lq satisfies a, for each formula

a g T. We do the proof using induction on the structure of a:

If a is of degree zero, i.e., a ground atomic formula, then a is a

ground atomic formula of 0 and hence, ift e satisfies a , by the

construction of *e .

Now suppose a is of degree greater than zero and every element of

0 of lower degree is true in SHq. We have the possibilities:

• a is of the form -.-icq: Then, by the construction of the tableau,

04 g 0. Hence, by the inductive hypothesis, 04 is satisfiable by # 9

and so is a.

• a is of the form cq a 0C2 : Then, by the construction of the tableau,

0 4 , a 2 e 0 . Hence, by the inductive hypothesis, cq and a 2 are

— 208 —


satisfiable by # q and so is a.

• a is of the form v P2 : Let us suppose a is P (a ) v R (b ) . We have

the possible combinations:

- - iP (a ) is in 0 and -n R (b ) is not in 0. Then, by the construction of

the tableau R (b ) e 0. Hence, by inductive hypothesis, R (b ) is

satisfiable by 0L$. Therefore P ( a ) v R ( b ) is satisfiable by # q.

- - iR ( b ) is in 0 and - iP (a ) is not in 0. Then, by the construction of

the tableau P (a ) <= 0. Hence, by inductive hypothesis, P (a ) is

satisfiable by 0Lq . Therefore P ( a ) v R ( b ) is satisfiable by # 9.

- Both P (a ) and R (b ) are in 0. Then, by inductive the hypothesis, P (a ) and R (b ) are satisfiable by ALq and so is a . Note that the

formula P(a) v R (b ) has been disregarded by the backtrack

mechanism.

- The other combinations are trivially not adequate as they

lead to inconsistent or incomplete databases.

• a is of the form-.P (a ) v - ,R ( b ) : The possibilities are as in the

earlier case, respecting the correspondence between the

different polarities.

• a is of the form-.P (a ) v R (b ) : Then we have the possible

combinations:

— 209


- Neither p (a ) nor ^ R ( b ) are in 0. Then, a backtrack occurred

during the construction of 0 (i.e., a e 0), but since P (a ) e 0, it is

not satisfiable by i d 0 and then, -^ P (a ) is satisfiable by # 0.

Therefore # 0 satisfies a.

- The other combinations are as in the earlier cases respecting

the correspondence between the different polarities.

Now, an induction on the structure of a establishes the result for

the disjunctive case.

• a is of the form Pj => P2 : Then it is the same as in the disjunctive

case above.

• a is of the form Vx P: Then # 0 satisfies a if 4fl0 satisfies p(x/c),

for all constants c of the language. Let the set of constants of the

language be

{cj,..., cn, c^,..., cm}.

Let us suppose that, for j£ i £ n, we have P(x/cj) e 0 , then # 9

satisfies P(x/q), by the inductive hypotheses. If p(x/cj) g 0 , for k i £ m, a backtrack has occurred for the formula p(x/Cj), but it is

still satisfiable by # 0, as explained in the disjunctive case above.

Therefore # 0 satisfies a.

• a is of the form -.p: It then turns out to be the same as one

of the cases above.

ii) # e is a minimal model for T, i.e., # 9 E for every model of

210 —


r. Let us suppose, by contradiction, that there is a model f t ' of T

such that f t ' c # 0, i.e., there is at least one tuple < (c ), ...,t>(cn)>

which is member of some relation p in # 9 and is not member of p in

f t . Let us consider such an atomic ground formula P(cj, cn) which is

satisfiable by # 9, but not by f t ' . By definition of ill9, we have that P(clt cn) g 0. Let us examine the conditions under which P(clt .... cn)

was put on the branch, supposing that every formula in 0 was

obtained with only one application of a tableau rule:

• Suppose P(clf .... cn) g T. As P(cj,.... cn) is not satisfiable by f t ', it is not

a model for T.

• If P(cj..... cn) is a subformula of a formula a g T of the form-i-iP(cl t cn), then any model for a must satisfy P(cl .....cn). Hence f t '

is not a model for T.

• If P(clt .... cn) is a subformula of a formula a e r of the formP(cp cn) a a2 , then any model for a must satisfy any of the

conjuncts. Hence f t ' is not a model for r.

• If P(clf .... cn) is a subformula of a formula a g T of the formP(cj, .... cn) v P2 , then as the tableau has only one open branch, one

of the alternates must contain a contradiction. This cannot be the

alternative branch starting with P(cj.....cn), by the construction of

# 9 . Then, the branch starting with P2 must be inconsistent.

Therefore, any model for a must satisfy P(clt .... cn ) and,

— 211 —


consequently, M ' is not a model for T.

• If P ( c l t c n ) is a subformula of a formula a e T of the form

VxP(c1(..., Cj.j.x, ci+1.....cn), then any model for a must satisfyP ( c l t . . . . cj. j , cj, c i + 1 , . . . . cn ) , for any constant c l of the language. Hence

is not a model for T.

Now, a simple induction on the number of application of the tableau

rules to each formula can establish the result. [End_of_Proof]

Once we have the unique complete open branch we can construct

the predicate completion by adding (virtually) for each predicate p

of our language (supposing, for simplicity, the arity of p equals 1):

“•P(cl)» •••* “ (Cn)

For all constants c j , . . ., cn such that P ( c i ) ......... P(cn ) are not on the

branch.

Note that with this assumption the negative facts can be omitted

from the information of the database. This concept constitutes one

of the main features of the PROLOG language (cf. [LL084]) and it has

considerable acceptance due to the work of Reiter, Clark and others

(cf. [VAN77], [CLA78] and [REI78a]).

— 212


We consider now the existential quantifier. Let c lt cn be all the

constants in our database. We change the rule D applied to a

formula p of the form 3xa (or -iVxa) in the following way:

• Instead of instantiating p with a new constant, we open n

alternative branches such that each branch i starts with a(x/ci),

for 1 £ i £ n. (This idea is borrowed from Hintikka's "ghosts

subtableau" in [HIN88]).

• These alternative branches are treated differently: If we end

the process with only one of these branches, then it states the

actual situation of the system. Otherwise, we consider any

minimal branch, i.e., a branch whose set of formulas is a subset

of another branch. If we have more than one (non-identical)

minimal branch, then we have alternate minimal models and the

system specification is not complete; this is dealt with in the next

subsection.

It is intuitively clear that the results of theorem 6.1.a still hold with

this extension for the existential quantifier and the proof is done by

just augmenting the proof presented for this theorem considering

the formulas of the type 3x a.

EXAMPLE 6.1.c: Consider the simple database:

P(a)

R(b)

213 —


3x P(x)

We obtain the complete open tableau:

mR(b)

3x P(x)

Although we have two alternate branches {P (a), R (b )} and {P (a), R (b), P (b )} ,

the branch on the right is disregarded because the branch on the

left is a subset of it. Hence, the minimal model is {P (a ), R (b ) } .

[End_o f_Ex ample]

EXAMPLE 6.1.d: Consider the simple database:

m

R(b)

3 x (P (x )= *Q < x ))

We start the tableau by instantiating the third formula:

— 214 —


m

m3 x (P (x )= > Q (x ))

As we cannot decide between - .P (b ) and Q (b ) (on the right hand side

branch), these two branches are disregarded. The leftmost branch is

closed. Hence, the minimal model is {P (a), R (b), Q (a )} . [End_of_Exampie]

— 215 —


6.2 DATABASES WITH INCOMPLETE INFORMATION

In this section we are going to consider animation tools using

databases with some kind of incompleteness. As we discussed

before, we can informally say that a database is incomplete "when

it does not have all the information necessary to answer some

question of interest to the system." (cf. [LEV81]). Then, in this

section we are going to consider two kinds of incompleteness:

d i s j u n c t i v e i n f o r m a t i o n and n u l l v a l u e s .

The disjunctive incompleteness is arised when "there is the need to

represent a fact of the kind 'P is the case, or Q is the case, or ... ' but

it is not known which of P, Q, ..., actually is the case", (cf. REI84]). As

an example, let us consider the following database:

P(a)

P (b )v Q (c )

Any of the three sets {P (a ), P (b )} , {P (a ), Q (c )} and {p (a ), P(b), Q (c )} could be

used to represent the actual situation of the system, but we do not

know which.

Although there is more than one kind of incompleteness derived

from specifications with null value (cf. [REI84]), the kind of such an

incompleteness we consider in this section is only the one

— 216


manifested by a "value at present unknown, but one of some finite

set of known possible values" (cf. [REI84]). In order to illustrate

this, let us consider the following database:

m

P(b)

3x R (x)

Any of the three sets {P(a), P(b), R (a>), {P (a), P(b), R (b )} and {P(a), P(b), R (a), R (b )}

could be used to represent the actual situation of the system, but

we do not know which.

These kinds of incompleteness we shall designate p r o p e r

i n c o m p l e t e n e s s . When trying to extend the tableau for these

databases we are going to have two alternative complete open

branches. Differently from the previous section, these alternative

complete open branches do not constitute an addition of

incompleteness, for this incompleteness is already in the database

specification. Hence, these branches do not any longer represent

just a search for classical models but rather for minimal models. On

the syntactic level, what differentiates them from the alternative

branches we have being considering in section 6.1 is the fact that

they are started with formulas with the same p o l a r i t y . This

concept of polarity, exemplified above with atomic formulas, can be

extended easily to the nonatomic case.

— 217 —


Now, let us indicate how these kinds of incompleteness affect the

animation system behaviour:

When we have proper alternatives in the database we no longer

ignore the alternative complete open branches starting with

formulas having the same polarity. When this occurs, one predicate

completion is made for each of the alternatives. Then, an interaction

with the user could take place in order to decide in favor of one of

the alternates, the conjunction of both or the coexistence of two

alternative systems running separately. If the choice is for the

conjunction, then a backtrack occurs with the conjunction taking the

place of the disjunction. As the choice of two alternative models

implies two systems running independently of each other, in any

case we can consider the existence of one minimal model.

Note that negative information now assumes another feature, as it

can be used to decide between alternatives. Hence, the negative

information cannot any longer be disregarded.

EXAMPLE 6.2.a: Consider the simple database:

p v Q

p => R

We start the tableau breaking down the second formula via

— 218 —


application of rule B:

P v Q

p => R

Applying the rule B to the first formula in both branches we have:

P v Q

P =* R

As the two main branches start with formulas with different

polarities, namely -»P and R , the construction requires a backtrack.

Thus the tableau is now extended breaking down the first formula

via application of rule B:

— 219 —


P v Q

P => R

Applying the rule B to the second formula in both branches we

have:

P v Q

p = > R

The leftmost branch is closed and the alternative generated on the

bottom of the right branch is disregarded, for they are open and

start with formulas with different polarities. Then, we obtain the

tableau:

— 220 —


P v Q

P => R

o

6

R [End_of_Ex ample]

EXAMPLE 6.2.b: Consider the simple database:

R(a)

R(b)

3x P(x)

We obtain the complete open tableau:

R(a)

R(b)

3x P(x)

— 221 —


As we have two alternative branches, an interaction with the user

could take place in order to decide in favor of one of the disjuncts,

the conjunction of both or even for the coexistence of two

alternative systems running separately.[End_o f_Ex ample]

EXAMPLE 6.2.c: Consider the simple database:

R(b)

m

V x (P (x )= > (Q (x )v R (x )) )

We can start the tableau extension for this database instantiating

the variable x with b in the third formula, then we have the tableau:

R(b)P(a)

V x (P (x )= * (Q (x )v R (x ) ) )

As the formulas of the alternative complete open branches do not

have the same polarity, a backtrack occurs with the instantiation of

the constant a:

— 222 —


R(b)m

V x (P(x) => (Q (x) v R (x)))

As the leftmost branch is closed, we have the two alternative

minimal models for the theory:

{R (b ), P(a), Q (a)} and {R (b), P (a ) , R (a )} . [End_of_Example]


P(a)

—P(b) v —P(c)

Although this theory has only one minimal model (viz., {P (a )}), in

applying the only possible rule of the tableau system we obtain the

two alternative branches: {P (a), —.P(b)} and {P (a ), - iP ( c ) } . [End_0f_Exampie]

In the last example a curious situation occurred. The theory has

only one minimal model and applying the instructions described in

— 223


new tableau.

As we have already discussed in chapter 4 it is rather appropriate

to have adequate conditions for assuming the truth of the formulas

which are not negated in the actual state and are accepted in the

previous state. As we have argued, the use of such a frame rule

brings together almost unsolvable problems. Hence, we are going to

consider here the existence of simplified versions of frame rule

although we do not give their formalization. Their usage will be

clear and restricted to explicit indications in the examples. Note that

this frame rules should be applied to any kind information (under

restrictions) and not only to the deontic components. We note also

that we treat the frame rule in this chapter because here

(differently from the previous chapters) we can tackle this problem

in a more informal approach, since we are more concerned with

tools for the process of validation, which is necessarily less formal.

Let us consider first the animation tool using a very simple version

a the frame rule. Let us suppose that we have a kind of frame rule

that assures, in the new state, the truth of the predicate extensions

of the last state which are n o t d e n i e d b y e x p l i c i t a t o m i c

i n f o r m a t i o n . Note that this frame rule can be applied to any atomic

information and not only to the deontic components. Then its

application is performed simply by matching atomic ground

formulas and the addition to the new tableau of undenied atomic

formulas of the complete open branch of the last state. Then, the

resulting tableau is extended following the instructions of the

225 —


previous subsections and the predicate completion can now be

obtained. The process is repeated with the selection of another pair

of action and agent.

Suppose now, we have a more complex frame rule which is meant

to be applied after the new tableau has being extended to a

complete open tableau and assures in any branch 9 of the new

tableau the truth of positive atomic formulas which are c o n s i s t e n t

w i t h t h e f o r m u l a s of 0 and were true in the last state. Then each

positive atomic formula a of the extended branch of the last state is

added to the new branch according to the rule: add a and extend

the tableau as described in the previous subsections (without the

predicate completion); if all subbranches of 0 are closed, then a is

inconsistent with the formulas of 0 and a backtrack occurs.

The following examples try to cover a variety of interesting

situations related to the use of such a frame rule and the last

example animates a naive blocks world in order to give an

overview of the ideas presented in this subsection.

EXAMPLE 6.3.a: Consider the simple database representing theactual state:

P(a)

[Ag, Ac]Vx(P(x) => R(x))

226 —


[Ag, Ac]P(b)

After A g has executed A c we start the steps to obtain the complete

open tableau:

P(b)

V x (P (x )= > R (x ))

P(a) => R(a)

This. extension represents an addition of incompleteness and is

disregarded. After the backtrack we obtain the complete open

tableau:

P(b)

Vx(P(x) => R(x))

P(b) => R(b)

The leftmost branch is closed and we just have one branch to which

apply the frame rule, adding the formula P (a ) of the previous state

which results in the tableau:

— 227 —


P(b)

V x(P (x )= > R (x ) )

P(b) =* R(b)

R(b)

P(a)

This tableau is now extended to a complete open tableau by just

instantiating the second formula with the constant a. Hence, the

complete extension of the predicates in this state is:

{p(b) , R(b), P(a) , R(a) } . [End_of_Example]

EXAMPLE 6.3.b: Consider the simple database representing theactual state:

P(a)

P(b)

[Ag, Ac](-iP(a) v -iP(b))

After A g has executed Ac we obtain the complete open tableau:

-iP(a) v -iP(b)

— 228 —


Note that this extension is not necessary for finding the minimal

model of the actual information in this state and it could thus, be

disregarded according to section 6.1. Once we have incompleteness

in the database and applications of the frame rule can take place,

this extension should not be disregarded anymore. Then, applying

the frame rule to both branches we obtain the tableau:

-P (a ) v -P (b )

P(b) P(a)

And, the state has two alternate minimal models:

{ P (a)} and {P (b )} . [End_of_Example]

EXAMPLE 6.3.c: Consider the simple database representing theactual state:

P(a)

P(b)

[Ag, Ac](P(a) => P(c))

[Ag, Ac](P(b) =* -nP(c))

— 229 —


Apparently we have here a problem of choosing between P (a ) and

P (b ). Let us see how we can solve this problem. After A g has executed

A c we obtain the complete open tableau:

P(a) => P(c)

P (b)=>^P (c)

Again, this extension is not necessary to find the minimal model of

the actual information in this state and it could, thus, be

disregarded according to section 6.1. But, using this disjunct and

interaction with the user we can solve this kind of priority problem.

Applying the frame rule and extending the resulting tableau to a

complete open tableau we obtain:

230 — ■


P(a) => P(c)

P(b) => -P (c )

-P (b ) -P (c )

P(a) PCb)

-P (a ) P(c) -iP(a) P(c)

The left and rightmost branches are closed. Then we have the two

possible minimal models:

As we can see in the previous example, the problem of priority was

reduced to the problem of deciding between two alternatives which

in turn is dealt with using interaction with the user.

If we extend the frame rule to consider not only positive atomic

information of the last state but all formulas, then a priority

problem can occur as shown in the next example.

{p (a ), P (c )} and (P (b ) } . [End_of_E xample ]

— 231 —



- m

P(b)

[Ag, Ac](P(b) => P(a))

After A g has executed A c we obtain the complete open tableau with

only:

P(b) =* P(a)

Now, different orderings of the formulas for the application of the

frame rule can give us two different results. Suppose P (b ) is the first

formula to be taken into account. Then, we obtain the tableau:

P(b)

P (b)=>P (a)

As the formula - iP (a ) can not be brought to this new tableau, because

it is not consistent with the formulas of the open branch, this state

has the minimal model:

(P(b), P (a)}.

— 232 —


But, if - i P ( a ) is the first to be taken into account we obtain the

tableau:

-P (a )

P(b) => P(a)

And the set of relations of the minimal model of this state the

empty set which is obviously different from the minimal model for

the previous ordering of the formulas. [End_of_Example]

EXAMPLE 6.3.e: Let us consider the naive blocks world withcomplete information (transcribed and adapted to M[A]L from the

specification in [NIL87]):

Sorts: b l o c k

Actions:UNSTACK: BLOCK x BLOCK

STACK: BLOCK x BLOCK

Agents:

u se r

233


Predicates:OnTable c B L O C K

On C B L O C K x B L O C K

Clear c B L O C K

Extensional database:OnTable(a)

OnTable(b)

OnTable(c)

System specification (global assumptions):Vx Vy (OnTable(x) =* -O n (x , y))

Vx 3y (On(x, y) v OnTable(x))

Vx V y (Clear(x) = * -O n (y , x))


V x V y (On(x, y) a Clear(x) => per(user, U N STA C K (x, y))

Vx Vy (-iO n(x, y) => -,per(user,UNSTACK(x, y))

V x V y (OnTabIe(x) a G ear(x) a Clear(y) a x * y => per(user,STACK(x, y))

V x V y (-C lear(x ) => -nper(user,STACK(y, x))

Vx V y [user, U N STA C K (x, y)] OnTable(x)

V x V y [user, STA C K(x, y)] On(x, y)

Let us suppose that the constants are ordered alphabetically, the

axioms are ordered as they appear above and that the only objects

(blocks) we have are those specified above, i.e., the constants a, b

— 234


and c. The development of the tableau starts as follows (where the

closed branches are marked by underlining the last formula):

OnTable(a)

OnTable(b)

OnTable(c)

V x V y (OnTable(x) => -O n (x , y))

Vy (OnTable(a) => -On(a» y»

OnTable(a) => -O n (a , a)

-O nTable(a) -iO n(a, a)

OnTable(a) => -O n (a , b)

nQnTable(a) -O n (a , b)

OnTable(a) => -O n (a , c)

iQnlablgfa) -iO n(a, c)

V y (OnTable(b) => -rOn(b, y))

OnTable(b) =* -tO n(b, a)

iQnTabJgd?) -tOn(b, a)

— 235 —


When the tableau reaches the formula:

Vx V y (On(x, y) a Clear(x) => per(user,UNSTACK(x, y)),

The only open branch contains the following set of atomic formulas:

{OnTable(a), OnTable(b), OnTable(c), -iO n(a , a), -tOn(a, b), -nOn(a, c), -.O n(b, a), -nOn(b, b),

^On(b, c), -TOn(c, a), -nOn(c, b), -TOn(c, c), Gear(a), CIear(b), G ear(c )}.

The instantiations of the formula above is exemplified by the

following:

V x V y (On(x, y) a Clear(x) => per(user,UNSTACK(x, y))

V y (On(a, y) a Clear(a) => per(user,UNSTACK(a, y))

On(a, a) a Gear(a) => per(user,UNSTACK(a, a)

As we cannot close any of the disjuncts, this instantiation is

disregarded and a backtrack occurs with another instantiation of

the same formula. But, all of its instantiations are disregarded. The

— 236


process is continued with the other formulas and at the end we

obtain the following extensions of the predicates (only the positive

atomic formulas):

OnTable(a)

OnTabIe(b)

OnTable(c)

Gear(a)

Clear(b)

Gear(c)

per(user,STACK(a, b))

per(user,STACK(a, c))

per(user,STACK(b, a))

per(user,STACK(b, c))

per(user,STACK(c, b))

per(user,STACK(c, a))

[user, UNSTACK(a, a)] OnTable(a)

[user, U NSTACK(a, b)] OnTable(a)

[user, UNSTACK(a, c)] OnTable(a)

[user, UNSTACK(b, a)] OnTable(b)

[user, UNSTACK(b, b)] OnTable(b)

[user, UNSTACK(b, c)] OnTable(b)

[user, UNSTACK(c, a)] OnTable(c)

[user, UNSTACK(c, b)] OnTable(c)

[user, UNSTACK(c, c)] OnTable(c)

[user, STACK(a, a)] On(a, a)

[user, STACK(a, b)] On(a, b)

-— 237 —


[user, STACK(a, c)] On(a, c)

[user, STACK(b, a)] On(b, a)

[user, STACK(b, b)] On(b, b)

[user, STACK(b, c)] On(b, c)

[user, STACK(c, a)] On(c, a)

[user, STACK(c, b)] On(c, b)

[user, STACK(c, c)] On(c, c)

Now, the user can discover that a better formulation would have

the formulas:

V x Vy (per(user,UNSTACK(x, y)) => [user, U NSTAC K(x, y)] OnTable(x))

Vx V y (per(user,STACK(x, y)) => [user, STACK(x, y)] On(x, y))

instead of:

V x V y [user, U N STA C K (x, y)] OnTable(x)

V x V y [user, STACK(x, y)] On(x, y)

in order to avoid unnecessary extensions such as:

[user, STACK(a, a)] On(a, a).

Let us suppose the user decides to restart the process with the new

specification and at this point he/she chooses to stack block b on top

of block c. Then, we change state by applying rule E to the formula:

— 238 —


Then, a new tableau is initiated with On(b, c) and all the formulas of

the system specification (which are intended to be true in all states)

as follows:

On(b,c)

Vx V y (OnTable(x) => -iO n(x, y))

Vx 3y (On(x, y) v OnTable(x))

Vx V y (Clear(x) => ->On(y, x))


Vx V y (On(x, y) a Clear(x) => per(user,UNSTACK(x, y))

Vx V y (—tOn(x, y) => -iper(user,UNSTACK(x, y))

Vx Vy (OnTable(x) a Clear(x) a Clear(y) A x ^ y = > per(user,STACK(x, y))

Vx V y (-U lear(x ) => -.per(user,STACK(y, x))

V x Vy (per(user,UNSTACK(x, y) => [user, U N STA C K (x, y)] OnTable(x))

V x V y (per(user,STACK(x, y) => [user, STA C K(x, y)] On(x, y))

Note that the formulas of the system specification are carried to the

new tableau because they are supposed to be true in every state

(cf. section 2.4) and not because of an application of the frame rule.

The tableau is now extended as follows:

[user, STACK(b, c)] On(b, c)

— 239 —


V x V y (O nTable(x) => -O n (x , y ))

V y (OnTable(a) => -O n (a , y))

OnTable(a) => -O n (a , a)

On(b, c)

As we cannot close any of the disjuncts, this instantiation is

disregarded and a backtrack occurs with another instantiation of

the same formula. But, all of its instantiations are disregarded

except for:

On(b, c)

V x V y (O nTabIe(x) => -rO n(x, y ))

V y (OnTable(b) = * -O n (b , y»

OnTable(b) => -O n (b , c)

-O nT ab le (b ) -»Q n(b.c)

V x 3y (O n(x, y) v OnTable(x))

The instantiations of this formulas will result in three alternative

— 240 —


branches, each starting with one of the formulas O n(b, a ), O n(b, b) and

On(b, c ). The same happens with the formula:

Vx 3y (On(y, x) v Clear(x)),

which results in three more alternative branches (for each alternate

above) starting with O n(a, c ), O n(b, c) and O n(c, c ), respectively.

Suppose now, that we have the complete open tableau with the

alternative branches as described above. Let us consider the left

branch (starting with O n(b , a )) and the application of a frame rule

which assures in any branch 0 of the new tableau the truth of

positive atomic formulas which are c o n s is te n t w ith the f o r m u la s of

9 and were true in the last state. With the addition of the

information of the last state, this branch is closed as follows

(showing only the relevant parts):

O n(b,c)

-O nTable(b)

O n(b,a)

C iear(a) (from the last state)

V x V y (C lear(x) => -iO n (y , x))

V y (G ear(a) => -iO n (y , a))

— 241


Clear(a) => ->On(b, a)

The same happens with the other instantiations, except for the

branch starting with On(b, c) as the result of the instantiations in the

two formulas above.

This process follows with additions of formulas of the last state,

backtracks and instantiations until we reach the complete open

branch with the following positive atomic information:

On(b, c)

OnTable(a)

OnTabIe(c)

Gear(a)

Clear(b)

per(user,STACK(a, b))

per(user,UNSTACK(b, c))

[user, UNSTACK(b, c)] OnTable(b)

[user, STACK(a, b)] On(a, b)

Now the user can again choose a new action to be executed and the

p r o c e s s C o n t in u e s . [End_of_Example]

— 242 —

C hapter 7

C o n c l u s i o n

First-order dynamic logic was introduced by Pratt (cf. [PRA76]) in

order to give the axiomatic notation of Hoare (cf. [HOA69]) a modal

logic interpretation. A detailed exposition of this formalism directed

to the foundations of the semantics of programs can be found in

[GOL82]. Fischer and Ladner discussed the decidability of

propositional dynamic logic in [FIS77], and its completeness was

proved in [PAR78] and [GAB77]. A decision procedure for

propositional dynamic logic based on semantic tableau can be found

in [PRA77], from which we took an initial motivation.

Automatic decision procedures for several modal logics were

suggested by various authors. The first main result in this area was

proposed by Farinas del Cerro (cf. [FAR82]). In his paper, Farinas

extends the resolution principle for classical logic to clausal

formulas of the propositional modal logics K, S4 and S5 and for

quantified formulas in [FAR86]. The definition of modal clausal

243 —

7. Conclusion

in chapter 5 we regard this system as being closely related to the

tableau system considered in this thesis.

An extension of the connection matrix system was explored by

Wallen and appears in a nice and elaborated presentation in his

Doctoral dissertation (cf. [WAL87]). But, Wallen's extension assumes

quite unrelated aspects if compared with the tableau method, as we

explain: when proving by the modal connection matrix method one

must create an extra index for the atomic components of the matrix

corresponding to modal paths; now, the changes of state are implicit

when spanning the classical and modal paths; then, the link and

intuitiveness are loose. By using indexes to designate modalities,

this method reminds us of translating the modal formulas into

classical ones.

Following the lines presented in this thesis, a prototype of a tableau

theorem prover for formulas of first order classical logic in Skolem

normal form was implemented by Trimmer using a PROLOG

language (cf. [TRI88]). This implementation extends the basic linear

strategy of chapter 5 with some improvements such as giving

priority to atomic and conjunctive formulas with the objective of

achieving more efficiency. A prototype of a tableau theorem prover

for first order M[A]L with deontic components and the pair

agent/action, where the actions are expressed by terms (see

chapter 4 for consideration of this logic) was implemented as an

extension of the theorem prover of Trimmer. These experiments

— 245 —

7. Conclusion

have shown satisfactory results given that they were not developed

in a language which enables elaborated data structure definitions.

In order to give the proof a natural language presentation, Novello

(cf. [NOV88]) has implemented a translator of the results of this

theorem prover into natural deduction rules and explains these

results in English.

We believe that by using Kripke’s possible worlds for the semantics

and the tableau systems for the proof procedure we have provided

in this thesis adequate conditions of provability for M[A]L.

Traditionally, the semantic tableau method is considered to be very

intuitive. We affirmed this tradition and formulated evidence for its

efficiency as well. This thesis constitutes, then, one step forward

into the- development of intuitive and efficient theorem provers by

producing the foundations and proof procedures for a new action

logic and providing intermediate results as described below.

As a side effect, we explored the correspondence between tableau

and resolution. There are many advantages in the equivalence

between resolution and tableau systems. For example, take the

increase in the number of logics we are experiencing nowadays. If

we expect to have a theorem prover for each of these logics we

certainly need to have a good method for providing them. As is well

known, the resolution system possesses some undesirable

properties (cf. [NIL80]), especially the lack of naturalness. On the

other hand, the tableau system is always presented as a very

natural and elegant proof method. Therefore, we re-state our basic

— 2 4 6 — -

7. Conclusion

method searching for an automatic theorem prover:

- Take the tableau system as the initial approach.

- Obtain the extended version of the tableau system using

unification following the lines of chapter 3.

- Obtain the corresponding resolution system from the tableau

system in the same way as in chapter 5.

Another advantage of the equivalence of both systems is that one

can actually have an efficient implementation of the tableau system

and even import some techniques (such as the linear strategy,

facilities for dealing with equality and others) from the resolution

system.

. Besides exploring a different application of the tableau system in an

animation tool for M[A]L, we obtained as another side effect one

more application of this system in a method for finding the minimal

models of finite theories, as described in chapter 6.

We think that some research still has to be done on the application

and implementation aspects of what we considered in this thesis,

such as:

• The incorporation of some refinements and heuristics (as was

indicated in chapter 5) for the linear strategy in order to achieve

an even more efficient system;

• Exploring the usage of the animation tool (of chapter 6) and the

Modal [Action] Logic in solving planning problems;

• Exercising the implications in the design and development of the

247 —

7. Conclusion

systems using an animation tool which considers the existence of

a frame rule;

• Exploring the usage of different and more complex frame rules

in the animation tool;

® Extending the results of this thesis to a Modal [Action] Logic with

temporal components.

As suggested above, by no means have we tried to exhaust the

possibilities of research in this area. We believe that science is built

by cementing new results on the top of available research and that

we have just added one more brick to this construction.

248 —

7. Conclusion

form of this system involves not only the components outside

modalities but the components in all levels of modalities. The usage

of clausal form in classical logic has been criticized by many (cf.

[NIL80]) for the loss of readability. With the above extension the

result is even worse, as the transformation of a formula into its

modal clausal form can give us as result a quite different and

complicated formula. Another point to consider is that the changes

of state are not apparent, for they are masked by the modal

resolution rules, indicating a lack of intuitiveness. Although a linear

strategy was proposed for propositional modal formulas (cf.

[FAR88]), efficient algorithms for automatic theorem provers for

first order modal logics are still to be provided.

Konolige presented in [KON84] and [KON86] resolution systems for

several modal logics based on Stickel’s total narrow theory

resolution (cf. [STI85]). As the modal logics he considered do not

admit a direct extension of the skolem theorem, he needed to

introduce the notion of "bullet construction" in order to deal with

the quantifiers outside modal operators and obtain an extension of

the Skolem normal form. In the modal clausal form only the outside

modality components are considered. Then, the loss of readability is

similar to the case of classical logic. The extra rules added to deal

with the modal formulas actually make changes of state in a similar

way as the tableau system does. In fact, Konolige starts (in [KON84])

reasoning with tableau and, then, he abandons this approach and

presents the modal resolution, for he believes the tableau system is

not adequate for automatic theorem proving. For reasons presented

— 244 —

R e f e r e n c e s

[ATK88]

[AND70]

[BET59]

[BIB82]

[B0077]

[BOW79]

[BOW82]

[BRO80]

Atkinson, W. and M. Trimmer, FOREST Theorem Proving

Tool, forthcoming FOREST internal report, 1988.

Anderson, R. and W.W. Bledsoe, "A linear format for

resolution with merging and a new technique for

establishing completeness” in JACM 17, 1970.

Beth, E.W., The foundations of Mathematics. North Holland,

1959.

Bibel, W., Automated Theorem Proving, Friedr. Vieweg &

Sohn, Braunschweig, 1982.

Boolos, G., The Unprovability of Consistency. Cambridge

University Press, 1979.

Bowen, K.A., Model Theory for Modal Logic, D. Reidel

Publishing Co., Dordrecht, Holland, 1979.

Bowen, K.A., "Programming with full first order logic”. In

Machine Intelligence No. 10. (ed. J. E. Hayes et a l . ) .

Ellis Horwood, Chichester, 1982.

Broda, K., The relation between semantic tableaux and

resolution theorem-provers. Internal report, Imperial

College, University of London, 1980.

— 249 —

References

[CLA78]

[COH87]

[COS87]

[DAV80]

[END72]

[FAR82]

[FAR83]

[FAR86]

[FAR88]

[FIN79]

[CHA73] Chang, C.L. and R.C.T.Lee, Symbolic Logic and Mechanical

Theorem Proving. Academic Press, New York, 1973.

Clark, K.L., "Negation as failure", in Logic and data bases,

(ed. H. Gallaire and J. Minker), Plenum Press - New

york, 1978.

Cohn, A. G., "A More Expressive Formulation of Many

Sorted Logic", in Journal of Automated Reasoning, vol.

3 no. 2, 1987.

Costa, M.M.C., et a l , "Tool Support for the Verification and

Validation of Formal Requirements Specifications", in

IERE Conference on Software for Real-Time System,

Cirencester, 1987.

Davis, M., "The Mathematics of Non-Monotonic Reasoning",

in Artificial Intelligence, volume 13, numbers 1 and 2,

1980.

Enderton, H.B., A mathematical introduction to logic.

Academic press, 1972.

Farinas del Cerro, L., "A simple deduction method for

modal logic", in Information Processing Letter 14,

1982.

Farinas del Cerro, L., "Temporal reasoning and termination

of programs", in IJCAI 1983.

Farinas del Cerro, L., "Resolution modal logics, in Logique

et Analyse, 1986.

Farinas del Cerro, L., "Linear Modal Deductions", CADE-9,

1988.

Fine, K., "Failures of the interpolation lemma in quantified

— 250 — ■

References

[F IN 8 6 ]

[FIS77]

[F IT 8 3 ]

[GAB77]

[GAL86]

[GEI86]

[G0E31]

[GOL82]

modal logic", in Journal of Symbolic Logic, vol 44,

1979.

Finkelstein, A. and C. Potts, "Structured Common Sense:

The Elicitation and Formalization of System

Requirements". In Proc. of Software Engineering 86.

Fischer, J.J. and R.L. Ladner., "Propositional Modal Logic of

Programs", in Proc. 9th Ann. ACM Symp. on Theory of

Computing, Boulder, Col., May 1977.

Fitting, M., Proof Methods For Modal and Intuitionistic

Logics. D. Reidel Pub. Co., Dordrecht, 1983.

Gabbay, D., Axiomatizations of Logics of Programs.

Manuscript, under cover dated Nov. 1977.

Gallier, J.H., Logic for Computer Science. Harper and Row,

New York, 1986.

Geissler, C. and K. Konolige, "A resolution method for

quantified modal logics of knowledge and belief", in

Proc. of Conference on theoretical aspects of reasoning

about knowledge, Monterey, California, 1986.

Goedel, K., Uber formal unentscheidbare Satze der

Principia Mathematica und verwandter Systeme, in

Monatshefte fur Mathematik und Physik, vol 38

(1931); English translation in From Frege to Goedel. pp

596-616, edited by J. van Heijenoort, Harvard

University Press, Cambridge, Mass., 1967.

Goldblatt, R., Axiomatizing the Logics of Computer

Programming, LNCS 130, Springer-Verlag, 1982.

— 251 —

References

[HEN49]

[HIN55]

[HIN62]

[HIN69a]

[HIN69b]

[HIN88]

[HOA69]

[HUG68]

[JER86]

[KAN63]

Henkin, L., "The completeness of the first-order functional

calculus", JSL vol 14, 1949.

Hintikka, J., "Form and content in quantification theory", in

Acta Philosophica Fennica. No. 8, 1955.

Hintikka, J., Knowledge and Belief, Cornell University

Press, Ithaca, New york, 1962.

Hintikka, J., "Modality and Quantification", in Models for

Modalities, D. Reidel Publishing Company, Dordrecht,

Holland, 1969.

Hintikka, J., "Existential Presuppositions and Uniqueness

Presuppositions", in Models for Modalities, D. Reidel

Publishing Company, Dordrecht, Holland, 1969.

Hintikka, J., "Model minimization - An alternative to

circumscription", in Journal of Automated Reasoning 4,

1988.

Hoare, C.A.R, "An axiomatic basis for computer

programming", in Communications of the ACM 12,

1969.

Hughes, G.E. and M.J. Cresswell, An introduction to Modal

Logic. Methuen, London, 1968.

Jeremaes, P., S. Khosla and T.S.E. Maibaum, "A modal

(action) logic for requirements specification". In Proc.

of Software Engineering 86.

Kanger, S., "A Simplified Proof Method for Elementary

Logic". In Computer Programming and Formal Systems,

(ed. P. Braffort and D. Hirschberg). North-Holland

Publishing Company, Amsterdam, 1963.

— 252 —

References

[KON84]

[KON86]

[K0W71]

[KRI59]

[KRI63]

[KRI80]

[LEV81]

[LIF86]

[LL084]

[LOV70]

[LOV79]

[K H 088] Khosla, S., Inferential Information Systems, forthcoming

Doctoral Thesis, Imperial College, Department of

Computing, London, 1988.

Konolige, K., A deduction model of belief and its Logics.

Doctoral dissertation, Stanford University, 1984.

Konolige, K., "Resolution and Quantified Epistemic Logics",

in proc. of CADE-8, Oxford, England, 1986.

Kowalski, R. and D. Kuhner, "Linear resolution with

selection function" in Artificial Intelligence 2, 1971.

Kripke, S., "A Completeness Theorem in Modal Logic", in

Journal of Symbolic Logic, vol. 24, No. 1, march 1959.

Kripke, S., "Semantical Considerations on Modal Logics", in

Acta Philosophica Fennica, No. 16, 1963.

Kripke, S., Naming and necessity. Basil Blackwell, Oxford,

1980.

Levesque, H. J., "The interaction with incomplete

knowledge bases: A formal treatment", in IJCAI, 1981.

Lifschitz, V. On the declarative semantics of logic

programs with negation. Stanford University Computer

Science Dept. Tech. Report, Stanford, 1986.

LLoyd, J.W., Foundations of Logic Programming, Springer-

Verlag, Berlin, 1984.

Loveland, D.W., "A linear format for resolution", in

Symposium on Automatic Demonstration, Lecture

Notes in Mathematics 125, Springer-Verlag, Berlin,

1970.

Loveland, D.W., Automated Theorem Proving: A Logical

— 253

References

[MAI87]

[McC63]

[McC80]

[NIL80]

[NIL87]

[NOV88]

[OPP86]

[PAR78]

[LUC70]

Basis. North-Holland, New york, 1979.

Luckham, D. "Refinement theorems in resolution theory",

in Symposium on Automatic Demonstration, Lecture

Notes in Mathematics 125, Springer-Verlag, Berlin,

1970.

Maibaum, T.S.E., A logic for the Formal Requirements

Specification of Real-Time/Embedded Systems. FOREST

internal report, Imperial College, London, 1987.

McCarthy, J., Situations, actions and causal laws, Technical

Report, Stanford University, Stanford, California, 1963.

McCarthy, J., "Circumscription - a form of non-monotonic

reasoning", in Artificial Intelligence 13, 1980.

Nilsson, N.J., Principles of Artificial Intelligence, Tioga

Publishing Co., Palo Alto, California, 1980.

Nilsson, N.J., Logical Foundations of Artificial Intelligence,

Morgan Kaufmann Publishers, Inc. Los Altos,

California, 1987.

Novello, S., Transforming tableau proof in M[A]L into

natural deduction proofs, forthcoming Master Science

thesis, Imperial College, Department of Computing,

London,1988.

Oppacher, F. and E. Suen, "Controlling deduction with proof

condensation and heuristics". In Proc. of 8th

International Conference on Automated deduction.

Springer-Verlag, Oxford, 1986.

Parikh, R.A., "The Completeness of Propositional Dynamic

— 254 —

References

Logic". In Proceedings of the 7th Symposium on

Mathematical Foundations of Computer Science.

Springer-Verlag, Berlin, 1978.

[PEQ85] Pequeno, M.C., Logicas Nao-Monotonicas, Ms.C. Thesis,

Universidade Federal do Ceara, Fortaleza, Brazil, 1985,

(in Portuguese).

[PRA60] Prawitz, D., An improved Proof Procedure, in Theoria, 26,

1960.

[PRA65] Prawitz, D., Natural Deduction, Almqvist & Wiksell,

Stockholm, 1965.

[PRA76] Pratt, V.R., "Semantical Considerations on Floyd-Hoare

Logic". In Proc. 17th Ann. IEEE Symp. on Foundations

of Comp. Sci, 1976.

[PRA77] Pratt, V.R., "A Practical Decision for Propositional Dynamic

Logic: Preliminary Report". In Proc. 10th Ann. ACM

Symp. on Theory of Computing, San Diego, May 1977.

[QUI85] Quirk, W.J. (Ed.), Verification and Validation of Real-Time

Software, Springer-Verlag, Berlin, 1985.

[REE85] Reeves, S.V., Theorem-proving by Semantic Tableaux.

Ph.D. Thesis, University of Birmingham, 1985.

[REE87] Reeves, S.V., "Adding Equality to Semantic Tableaux", in

Journal of Automated Reasoning 3, 1987.

[REI78a] Reiter, R., "On closed world data bases", in Logic and data

bases, (ed. H. Gallaire and J. Minker), Plenum Press -

New york, 1978.

[REI78b] Reiter, R., "Deductive question-answering on relational

data bases", in Logic and data bases, (ed. H. Gallaire

— 255 — .

References

and J. Minker), Plenum Press - New york, 1978.

[REI80] Reiter, R., "A Logic for Default Reasoning", in Artificial

Intelligence, volume 13, numbers 1 and 2, 1980.

[REI84] Reiter, R., "Towards a logical reconstruction of relational

database theory", in On Conceptual Modelling, (ed. M.

L. Brodie et a l ), Springer-Verlag, New york, 1984.

[ROB65] Robinson, J.A., "A machine-oriented based on the

resolution principle". In JACM, 1965.

[ROB69] Robinson, J.A. and L. Wos, "Paramodulation and Theorem-

Proving in First order Logic with Equality", in Machine

Intelligence 4, 1969.

[ROB79] Robinson, J.A., Logic: Form and Function. North Holland,

New york, 1979.

[SCH85] Schonfeld, W., "PROLOG Extensions based on Tableaux

Calculus", in IJCAI 1985.

[SH067] Shoenfield, J.R., Mathematical Logic. Addison-Wesley Pub.

Co., London, 1967.

[SMU68] Smullyan, R.M., First-Order Logic. Springer-Verlag, Berlin,

1968.

[SZA69] Szabo, M.E. (ed.), The collected Papers of Gehard Gentzen.

North-Holland Pub. Co., Amsterdam, 1969.

[STI85] Stickel, M.E., "Automated deduction by theory resolution",

in IJCAI 1985.

[TAV88] Tavendale, R., FOREST internal report R3, Imperial College,

Department of Computing, London, 1988.

[TRI88] Trimmer, M., Implementation of a theorem prover for

first order predicate logic, FOREST internal report No.

256 —

References

[VAN77]

[WAL87]

[ZAM69]

4094, GEC-Marconi LTD, 1988.

van Emden, M.H., Computation and deductive information

retrieval, Dept, of Computer Science, University of

Waterloo, Research Report CS-77-16, 1977.

Wallen, L.A., Automated Proof Search in Non-Classical

Logics: Efficient Matrix Proof Methods for Modal and

Intuitionistic Logics. Ph.D. Thesis, University of

Edinburgh, 1987.

Zamov, N.K. and Sharanov, V.I. On a class of strategies

which can be used to establish decidability by the

resolution principle. (National Lending Library,

Russian Translating Program 5857, Boston Spa,

Yorkshire).

— 257 —

Documents

Characterization of Modal [Action] Logic - Imperial … · · 2017-06-19Characterization of Modal [Action] Logic Marcos Mota do Carmo Costa ... 3.2 Semantical Considerations 8 1