Upload
phamnhu
View
220
Download
3
Embed Size (px)
Citation preview
Recap (Lecture 1): Propositional logic program
A definite clause is a formula of one of the two shapes below
q (a Prolog fact q . )
p1 ∧ · · · ∧ pk → q (a Prolog rule q :- p1, . . . , pk .)
where p1, . . . , pk , q are all atoms (that is, atomic statements).
A logic program is a list F1, . . . ,Fn of definite clauses
A goal is a list g1, . . . , gm of atoms.
The job of the system is to ascertain whether the logicalconsequence below holds.
F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
Example logic program (Lecture 1)
chicago → windy
edinburgh → windy
edinburgh → scotland
scotland → rainy
windy ∧ rainy → insideOutUmbrella
edinburgh
The Prolog search procedure
The search starts with the goal g1, . . . , gm, given by the user to thesystem, as the initial (current) goal.
At every stage in the search, we have an associated list of atoms:the current goal.
If we ever obtain the empty goal (notation ε) as the current goalthen the search is successful, and Prolog returns the answer yes.
If the search terminates without obtaining the empty goal thenProlog returns the answer no.
We illustrate the procedure, using our running example.
The initial goal is thus insideOutUmbrella.
Current goal: insideOutUmbrella.
The only clause in the program that can be used to deriveinsideOutUmbrella is
windy ∧ rainy→ insideOutUmbrella
Replace the current goal with
windy, rainy
Current goal: windy, rainy
The clauses in the program that might be used to derive windyare:
chicago→windy
edinburgh→windy
Try the first rule first, so replace the current goal with
chicago, rainy
Current goal: chicago, rainy
There are no clauses in the program that can be used to derivechicago.
(This is the point at which Sicstus Prolog complains with theoriginal Prolog formulation of the example. The error messagestates that no rule is found with chicago as conclusion.)
We thus backtrack to the last point at which there remains anunexplored search option.
We thus restore the current goal to
windy, rainy
Current goal: windy, rainy
We have already seen that the first matching clause
chicago→ windy
does not produce a derivation of windy.
We thus try the next clause in the program that matches windy:
edinburgh→ windy
So replace the current goal with
edinburgh, rainy
Current goal: edinburgh, rainy
The first atom in the goal, edinburgh, is an axiom.
We thus remove edinburgh from the goal list.
So replace the current goal with
rainy
Continuing the same way, we obtain successively:
Current goal: rainy
Current goal: scotland
Current goal: edinburgh
Current goal: ε
Now the search has produced an empty list for the current goal.This means the search for a derivation has been successful.
So (idealized) Prolog search thus returns the answer yes to thequery insideOutUmbrella
Prolog search tree for goal insideOutUmbrella
iOU
(1)
windy,rainy
(2)
chicago,rainy
(3)
failedinburgh,rainy
(4)
rainy
(5)
scotland
(6)
edinburgh
(7)
ε
(8)
yes
Order in which the nodes are visited.
Prolog search tree for goal insideOutUmbrella
iOU (1)
windy,rainy (2)
chicago,rainy (3)fail
edinburgh,rainy (4)
rainy (5)
scotland (6)
edinburgh (7)
ε (8)yes
Order in which the nodes are visited.
What does Prolog search do?
Why is Prolog search correct? Where does it come from?
The theoretical explanation is that (propositional) Prolog issearching for a formal derivation of the goal from axioms given bythe program in an inference system (a.k.a. proof system) fordefinite clause (propositional) logic.
A derivation can be directly read off from a successful branch inthe search tree.
The next slide shows the derivation that is found by proof search inthe case of the running example.
After that we define the inference system rigorously
Example derivation
ε edin
edin edin→ scot
scot scot→ rain
rain edin
edin, rain edin→ wind
wind, rain wind ∧ rain→ iOU
insideOutUmbrella
The inference system
To derive new goals starting with the empty goal ε, which we viewas trivially established.
We then use a single inference rule to derive a new established goalfrom a goal already established
g1, . . . , gl−1, h1, . . . , hk , gl+1, . . . , gm h1 ∧ · · · ∧ hk → gl
g1, . . . , gl−1, gl , gl+1, . . . , gm
where 1 ≤ l ≤ m and k ≥ 0.
The rule says: if we have already established goalg1, . . . , gl−1, h1, . . . , hk , gl+1, . . . , gm and we haveh1 ∧ · · · ∧ hk → gl as one of the program clauses, then we canobtain g1, . . . , gl−1, gl , gl+1, . . . , gm as a new established goal.
Constructing a derivation
Derivations can be constructed in two directions.
I Bottom up: To prove a goal g1, . . . , gm, start from the emptygoal ε and apply the inference rules until g1, . . . , gm is reached.
I Top down: To prove g1, . . . , gm, apply the inference rulesbackwards, starting from g1, . . . , gm, until ε is produced.
I Counterintuitively, “bottom up” starts at the top of the paperand proceeds downwards, whereas “top down” starts at thebottom and builds upwards. The terminology “top down” and“bottom up” is motivated by the approach to problem solvingrather than the direction the process takes on paper.
I It makes no difference to the derivation how it is put together.However the top down approach is (usually) the one bestsuited to searching for a derivation.
Prolog proof search is topdown.
Constructing a derivation
Derivations can be constructed in two directions.
I Bottom up: To prove a goal g1, . . . , gm, start from the emptygoal ε and apply the inference rules until g1, . . . , gm is reached.
I Top down: To prove g1, . . . , gm, apply the inference rulesbackwards, starting from g1, . . . , gm, until ε is produced.
I Counterintuitively, “bottom up” starts at the top of the paperand proceeds downwards, whereas “top down” starts at thebottom and builds upwards. The terminology “top down” and“bottom up” is motivated by the approach to problem solvingrather than the direction the process takes on paper.
I It makes no difference to the derivation how it is put together.However the top down approach is (usually) the one bestsuited to searching for a derivation.
Prolog proof search is topdown.
Constructing a derivation
Derivations can be constructed in two directions.
I Bottom up: To prove a goal g1, . . . , gm, start from the emptygoal ε and apply the inference rules until g1, . . . , gm is reached.
I Top down: To prove g1, . . . , gm, apply the inference rulesbackwards, starting from g1, . . . , gm, until ε is produced.
I Counterintuitively, “bottom up” starts at the top of the paperand proceeds downwards, whereas “top down” starts at thebottom and builds upwards. The terminology “top down” and“bottom up” is motivated by the approach to problem solvingrather than the direction the process takes on paper.
I It makes no difference to the derivation how it is put together.However the top down approach is (usually) the one bestsuited to searching for a derivation.
Prolog proof search is topdown.
Constructing a derivation
Derivations can be constructed in two directions.
I Bottom up: To prove a goal g1, . . . , gm, start from the emptygoal ε and apply the inference rules until g1, . . . , gm is reached.
I Top down: To prove g1, . . . , gm, apply the inference rulesbackwards, starting from g1, . . . , gm, until ε is produced.
I Counterintuitively, “bottom up” starts at the top of the paperand proceeds downwards, whereas “top down” starts at thebottom and builds upwards. The terminology “top down” and“bottom up” is motivated by the approach to problem solvingrather than the direction the process takes on paper.
I It makes no difference to the derivation how it is put together.However the top down approach is (usually) the one bestsuited to searching for a derivation. Prolog proof search is topdown.
Top-down proof search
A top-down search for a derivation maintains a list g1, . . . , gn ofatoms, the current goal. The procedure is:
I For l with 1 ≤ l ≤ n, find an axiom (program clause) of form
h1 ∧ · · · ∧ hk → gl
Replace gl with h1, . . . , hk . So the current goal becomes
g1, . . . , gl−1, h1, . . . , hk , gl+1, . . . , gn
This includes, with k = 0, the case in which gl is itself anaxiom, in which case it simply gets removed from the list.
The choice of l and choice of axiom means that the search spacebranches, producing a search tree.
The goal of the proof search procedure is to find a branch in thesearch tree ending in a leaf labelled with the empty goal ε.
Prolog search tree
Prolog search specializes the above by always considering theindividual goal atoms in goal order.
This means that given a current goal
g1, . . . , gn
Prolog always looks for an axiom (program clause) of form
h1 ∧ · · · ∧ hk → g1
That is l on the previous slide is always chosen to be 1.
This policy is built into the Prolog search tree for a query. In aProlog search tree, the branching reflects only the choice involvedin selecting which axiom to use.
Prolog proof search
Prolog proof search is depth first:
I The search always moves to an unvisited (i.e., not previouslyvisited) child (i.e., immediately below) node of the currentnode, whenever such a node exists.
I If there is no such node, the search backtracks to the mostrecently visited node from which such an unvisited child nodeis available.
Prolog proof search follows program order.
I Child nodes are visited in the order that the axioms (Prologrules) that determine the child node appear in the program(i.e., from left to right in the trees as we are drawing them).
Another example logic program
hotterSun → warmerClimate
carbonIncrease → warmerClimate
warmerClimate → iceMelts
iceMelts → albedoDecrease
albedoDecrease → warmerClimate
carbonIncrease
Reordering program can improve efficiency . . .
carbonIncrease → warmerClimate
hotterSun → warmerClimate
warmerClimate → iceMelts
iceMelts → albedoDecrease
albedoDecrease → warmerClimate
carbonIncrease
. . . or reduce efficiency . . .
hotterSun → warmerClimate
albedoDecrease → warmerClimate
carbonIncrease → warmerClimate
warmerClimate → iceMelts
iceMelts → albedoDecrease
carbonIncrease
In Sicstus Prolog
Program:
warmerClimate :- hotterSun.warmerClimate :- albedoDecrease.warmerClimate :- carbonIncrease.iceMelts :- warmerClimate.albedoDecrease :- iceMelts.carbonIncrease.hotterSun :- false.
Query:
| ?- iceMelts.! Resource error: insufficient memory
Incompleteness of Prolog proof search
The correct answer to the query iceMelts is yes, becauseiceMelts is a logical consequence of the program (irrespective ofhow we order the axioms in the program).
Our original derivation of iceMelts is a valid derivation(irrespective of how we order the axioms in the program).
However, whether Prolog proof search is successful or not dependson the order in which the axioms in the program are given.
The Prolog proof search procedure is said to be incomplete: itdoes not always find a derivation, even if a derivation exists.
Notation
I Goal g1, . . . , gm is a logical consequence of F1,F2, . . . ,Fn
F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
I Goal g1, . . . , gm is derivable from F1,F2, . . . ,Fn:
F1, . . . ,Fn ` g1, . . . , gm .
i.e., there is some derivation of g1, . . . , gm from axiomsF1,F2, . . . ,Fn
I Goal g1, . . . , gm is Prolog derivable from F1,F2, . . . ,Fn:
F1, . . . ,Fn `Prolog g1, . . . , gm ,
i.e., Prolog proof search is successful.
Fundamental properties
Correctness of Prolog proof search
(straightforward)
F1, . . . ,Fn `Prolog g1, . . . , gm implies F1, . . . ,Fn ` g1, . . . , gm .
Soundness of inference system
(not too hard; see appendix)
F1, . . . ,Fn ` g1, . . . , gm implies F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
Completeness of inference system
(a bit harder; see appendix)
F1, . . . ,Fn |= g1 ∧ · · · ∧ gm implies F1, . . . ,Fn ` g1, . . . , gm .
Incompleteness of Prolog proof search
(already shown)
F1, . . . ,Fn |= g1∧· · ·∧gm doesn’t imply F1, . . . ,Fn `Prolog g1, . . . , gm .
Fundamental properties
Correctness of Prolog proof search (straightforward)
F1, . . . ,Fn `Prolog g1, . . . , gm implies F1, . . . ,Fn ` g1, . . . , gm .
Soundness of inference system
(not too hard; see appendix)
F1, . . . ,Fn ` g1, . . . , gm implies F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
Completeness of inference system
(a bit harder; see appendix)
F1, . . . ,Fn |= g1 ∧ · · · ∧ gm implies F1, . . . ,Fn ` g1, . . . , gm .
Incompleteness of Prolog proof search
(already shown)
F1, . . . ,Fn |= g1∧· · ·∧gm doesn’t imply F1, . . . ,Fn `Prolog g1, . . . , gm .
Fundamental properties
Correctness of Prolog proof search (straightforward)
F1, . . . ,Fn `Prolog g1, . . . , gm implies F1, . . . ,Fn ` g1, . . . , gm .
Soundness of inference system (not too hard; see appendix)
F1, . . . ,Fn ` g1, . . . , gm implies F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
Completeness of inference system
(a bit harder; see appendix)
F1, . . . ,Fn |= g1 ∧ · · · ∧ gm implies F1, . . . ,Fn ` g1, . . . , gm .
Incompleteness of Prolog proof search
(already shown)
F1, . . . ,Fn |= g1∧· · ·∧gm doesn’t imply F1, . . . ,Fn `Prolog g1, . . . , gm .
Fundamental properties
Correctness of Prolog proof search (straightforward)
F1, . . . ,Fn `Prolog g1, . . . , gm implies F1, . . . ,Fn ` g1, . . . , gm .
Soundness of inference system (not too hard; see appendix)
F1, . . . ,Fn ` g1, . . . , gm implies F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
Completeness of inference system (a bit harder; see appendix)
F1, . . . ,Fn |= g1 ∧ · · · ∧ gm implies F1, . . . ,Fn ` g1, . . . , gm .
Incompleteness of Prolog proof search
(already shown)
F1, . . . ,Fn |= g1∧· · ·∧gm doesn’t imply F1, . . . ,Fn `Prolog g1, . . . , gm .
Fundamental properties
Correctness of Prolog proof search (straightforward)
F1, . . . ,Fn `Prolog g1, . . . , gm implies F1, . . . ,Fn ` g1, . . . , gm .
Soundness of inference system (not too hard; see appendix)
F1, . . . ,Fn ` g1, . . . , gm implies F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
Completeness of inference system (a bit harder; see appendix)
F1, . . . ,Fn |= g1 ∧ · · · ∧ gm implies F1, . . . ,Fn ` g1, . . . , gm .
Incompleteness of Prolog proof search (already shown)
F1, . . . ,Fn |= g1∧· · ·∧gm doesn’t imply F1, . . . ,Fn `Prolog g1, . . . , gm .
Discussion
We have a complete inference system for propositional definiteclause logic, but Prolog’s proof search procedure is incomplete.
Incompleteness can be remedied in different ways, e.g.:
I Add loop checking to the Prolog search procedure to checkwhen the search reconsiders an atom already encountered.
This provides a decision procedure for propositionaldefinite-clause logic: the search will say yes if a derivationexists, and no if no derivation exists.
I Use breadth-first search instead of depth-first search.
This gives a complete proof procedure (a derivation will befound whenever one exists) without loop checking, but not adecision procedure. Loop checking still needs to be added inorder to detect when no derivation is available.
Discussion
We have a complete inference system for propositional definiteclause logic, but Prolog’s proof search procedure is incomplete.
Incompleteness can be remedied in different ways, e.g.:
I Add loop checking to the Prolog search procedure to checkwhen the search reconsiders an atom already encountered.
This provides a decision procedure for propositionaldefinite-clause logic: the search will say yes if a derivationexists, and no if no derivation exists.
I Use breadth-first search instead of depth-first search.
This gives a complete proof procedure (a derivation will befound whenever one exists) without loop checking, but not adecision procedure. Loop checking still needs to be added inorder to detect when no derivation is available.
Discussion
We have a complete inference system for propositional definiteclause logic, but Prolog’s proof search procedure is incomplete.
Incompleteness can be remedied in different ways, e.g.:
I Add loop checking to the Prolog search procedure to checkwhen the search reconsiders an atom already encountered.
This provides a decision procedure for propositionaldefinite-clause logic: the search will say yes if a derivationexists, and no if no derivation exists.
I Use breadth-first search instead of depth-first search.
This gives a complete proof procedure (a derivation will befound whenever one exists) without loop checking, but not adecision procedure. Loop checking still needs to be added inorder to detect when no derivation is available.
Discussion (continued)
There are sound pragmatic reasons, however, that Prolog does notimplement such modified search algorithms.
I Loop checking makes proof search less efficient, and it isanyway not a useful modification once we move to thepredicate (first-order) logic used by Prolog (wherenon-terminating behaviour can occur without the same goalever repeating itself).
I Breadth-first search is in general inefficient, since it alwaysexplores all branches, irrespective of their usefulness.
The benefit of program-order depth-first search is that theprogramer can order the clauses in the program to maximizethe efficiency of Prolog’s proof search algorithm.
Conclusions
Prolog proof search is an example of good engineering design basedon an interplay between theoretical and practical considerations.
I It has a strong theoretical foundation, in being based on acomplete inference system for definite-clause logic.
I However, its incomplete proof search procedure is a goodimplementation choice, allowing efficient proof search in thecontext of predicate logic, and permitting the programmer totailor programs with regard to efficiency issues.
Main points today
Prolog search tree
inference system
Prolog search strategy as program-order depth-first search
incompleteness of Prolog proof search strategy
correctness of Prolog proof search strategy
soundness of inference system
completeness of inference system
Proofs of soundness and completeness are given as non-examinableappendices to this lecture.
Appendix: Proof of soundness
We need to prove:
F1, . . . ,Fn ` g1, . . . , gm implies F1, . . . ,Fn |= g1 ∧ · · · ∧ gm .
Suppose that F1, . . . ,Fn ` g1, . . . , gm.
Let I be an interpretation for which
I |= F1 and . . . and I |= Fn
We need to show that I |= g1 ∧ · · · ∧ gm.
To this end, let Π be a derivation tree for g1, . . . , gm.
We show on next 2 slides that, for every established goalg ′1, . . . , g
′m′ . that occurs in Π, it holds that I |= g ′1 ∧ · · · ∧ g ′m′ .
Thus, in particular, I |= g1 ∧ · · · ∧ gm, as required.
Proof of soundness (continued)
We show: for every established goal g ′1, . . . , g′m′ . that occurs in Π,
it holds that I |= g ′1 ∧ · · · ∧ g ′m′ .
We work from the initial empty goal in Π downwards, propagatingthe property that I |= g ′1 ∧ · · · ∧ g ′m′ as we go.
(Formally, this is a proof by induction on the structure/height ofthe derivation.)
There are two cases:
1. If the goal g ′1, . . . , g′m′ is empty then m′ = 0.
It is immediate that I |= g ′1 ∧ · · · ∧ g ′m′ since an emptyconjunction is true by convention.
Proof of soundness (continued)
2. Otherwise the derivation of g ′1, . . . , g′m′ within Π must look like
···g ′1, . . . , g
′l−1, h1, . . . , hk , g
′l+1, . . . , g
′m′ h1 ∧ · · · ∧ hk → g ′l
g ′1, . . . , g′m′
where h1 ∧ · · · ∧ hk → g ′l is an axiom.
By the property we are propagating through the tree,
I |= g ′1 ∧ · · · ∧ g ′l−1 ∧ h1 ∧ · · · ∧ hk ∧ g ′l+1 ∧ · · · ∧ g ′m′ .
Because h1 ∧ · · · ∧ hk → g ′l is an axiom,
I |= h1 ∧ · · · ∧ hk → g ′l .
Thus indeed I |= g ′1 ∧ · · · ∧ g ′m′ .
Illustration of the propagation process
(1) I |=
ε
(1) I |=
cI
(2) I |=
cI
(1) I |=
cI→ wC
(3) I |=
wC
(1) I |=
wC→ iM
(4) I |=
iM
Illustration of the propagation process
(1) I |= ε (1) I |= cI
(2) I |=
cI (1) I |= cI→ wC
(3) I |=
wC (1) I |= wC→ iM
(4) I |=
iM
Illustration of the propagation process
(1) I |= ε (1) I |= cI
(2) I |= cI (1) I |= cI→ wC
(3) I |=
wC (1) I |= wC→ iM
(4) I |=
iM
Illustration of the propagation process
(1) I |= ε (1) I |= cI
(2) I |= cI (1) I |= cI→ wC
(3) I |= wC (1) I |= wC→ iM
(4) I |=
iM
Illustration of the propagation process
(1) I |= ε (1) I |= cI
(2) I |= cI (1) I |= cI→ wC
(3) I |= wC (1) I |= wC→ iM
(4) I |= iM
Appendix: Proof of completeness
We need to prove:
F1, . . . ,Fn |= q1 ∧ · · · ∧ qm implies F1, . . . ,Fn ` q1, . . . , qm .
Suppose that F1, . . . ,Fn |= q1 ∧ · · · ∧ qm.
We need to show that F1, . . . ,Fn ` q1, . . . , qm.
To this end, define the following interpretation I:
I(q) =
{true if F1, . . . ,Fn ` q
false otherwise
We show on next 2 slides that
I |= F1 and . . . and I |= Fn
Proof of completness (continued)
I(q) =
{true if F1, . . . ,Fn ` q
false otherwise
We show that I |= Fi for every Fi in F1, . . . ,Fn.
There are 2 cases to consider.
1. If Fi is an atom q then trivially F1, . . . ,Fn ` q. SoI(q) = true. I.e., I |= q.
Proof of completness (continued)
I(q) =
{true if F1, . . . ,Fn ` q
false otherwise
2. In the case Fi is an implication p1 ∧ · · · ∧ pk → q, we need toshow I |= p1 ∧ · · · ∧ pk → q.
Suppose I |= p1 and . . . and I |= pk . That is,F1, . . . ,Fn ` p1 and . . . and F1, . . . ,Fn ` pk .
Combine the derivations of p1, . . . , pk to get one of q:
···p1 . . .
···pk
p1, . . . , pk p1 ∧ · · · ∧ pk → q
q
So F1, . . . ,Fn ` q. Thus I |= q.
Proof of completeness (completed)
I(q) =
{true if F1, . . . ,Fn ` q
false otherwise
We have assumed that F1, . . . ,Fn |= q1 ∧ · · · ∧ qm,and we have shown that I |= F1 and . . . and I |= Fn.
Therefore I |= q1 ∧ · · · ∧ qm. Whence, by definition of I:
F1, . . . ,Fn ` q1 and . . . and F1, . . . ,Fn ` qm
We now combine the derivations:
···q1 . . .
···qm
q1, . . . , qm
Showing that F1, . . . ,Fn ` q1, . . . , qm as required.
Combining derivations
In two places in the proof we needed to “combine” m derivationsof several individual goals q1 and . . . and qm to obtain a combinedderivation the single goal q1, . . . , qm. In the proof we drew thiscombined derivation in the schematic form:
···q1 . . .
···qm
q1, . . . , qm
It is left as an exercise to explicitly define the method of combiningderivations being used here.