Using full first order logie as a programming language

Rend. Sem. Mat. Univ. Poi. Torino
Fascicolo speciale 1987
Logic and Computer Sciences, (1986)
Carlo Cellucci
USING FULL FIRST ORDER LOGIC AS A PROGRAMMING LANGUAGE
1. Logic programming did not seize the attention of most programmers until
the Japanese announced that they had chosen Prolog for their ambitious Fifth
Generation Computer Systems project. While that project appeàrs now to
be hampered by bureaucratic difficulties, the interest it aroused in Prolog
lives on.
Part of the attraction of Prolog stems from the fact that the beginner will
very quickly be able to write toy programs, even spectacular ones. Difficulties
in creating larger programs, however, seem to bring back Prolog to the level
of other programming languages. Such difficulties arise from numerous defects
of Prolog, some of which are purely logicai in nature. Among the latter at
least two should be mentioned: (a) the peculiar meaning of negation; (b)
the fact that reduction to clausal form is not part of the language.
As to (a), strictly speaking Prolog has no negation. Its notion ot.negationas-failure - by which -i <p is inferred from fatture to infer y - is a tricky
one. For instance, suppose that the goal likes (John, X ) succeeds with X
instantiated to mary. Then not (likes (John, X )) fails, so X becomes
uninstantiated and hence has no value. However not (not (likes (John, X )))
succeeds with X instantiated to mary. This makes the meaning of negation
almost incomprehensible.
As to (b), for efficiency Prolog uses the programmer, as it were, as a preprocessor for reduction to clausal form: with the gain in efficiency that one
can very well imagine. Of course reduction to clausal form can be implemented
in Prolog and bùilt up within every Prolog program together with a suitable user
interface, but this is very much like designing a new programming language.
116
Moreover reduetion to clausal form is not especially perspicuous which is
likely to make debugging very difficult.
Using the more transparent sequent calculus seems more promising. While
the sequent calculus was popular in the early days of automated theorem
proving (see e.g. [7], [18], [4]), interest in it declined for about two decades
and has been revived only recently by Bowen [2] who proposed to use a modified version of the calculus of sequents as the basis for a logie programming
system.
Bowen's proposai has however the following defeets: (a) the calculus of
sequents is cumbersome since it involves copying down ali the extra formulae;
(b) no 'intelligent' order of application of the rules is provided; (e) no mention
is made of the fact that at each stage one should only consider unifying
substitutions over the set of ali terms occurring in the branch. Thus the
proposed proof procedure as it stands is incorrect.
In order to overcome such difficulties in this paper we discuss how to use
a modified version of the tableaux method (see e.g.[l]) as an alternative
approach to logie programming. It should be stressed that our main concern
is with language design rather than with automated theorem proving: our
aim is to develop a programming language sharing ali the advantages of Prolog
while avoiding its logicai limitations. Thus we do not claim that our method
will be efficient under ali possible circumstances.
It will be up to the programmer to make the basic tableaux method work
more efficiently by devising suitable domain dependent techniques to guide
the construction. Hence a program will include both a logie component and
a control component, in agreement with Kowalski's [6] philosophy: algorithm = logie •+ control.
In this paper we confine ourselves to the logicai component leaving the
discussion of the control component for another occasion. Stripped of its
control component a program will consist of a goal together with any number
of procedures, where both the goal and the procedures will be expressed by
arbitrary first order sentences. The purpose of a program with goal <p and
procedures «^, ..., <pn will simply be to determine whether <p is a logicai
consequence of {«^,..., <p }.
Although tableaux seem to provide a reasonably satisfactory basis for
a logie programming system, they have two main defeets : (a) they are not
very perspicuous; (b) tableaux with many branches are not easily displayed.
Now both perspicuity and easy displayability are essential for program debugging. In order to overcome this problem we describe a mechanical method
117
for converting closed tableaux into deductions of a suitable naturai deduction
system. Alternatively we state a proof procedure for Smullyan's [15] analytic
naturai deduction system.
2. The language of predicate logie includes variables xlf x2, .., constants
ai, a2t ... (also called parameters), for each n > 0 w-ary predicates R",
R", -, logicai particles ~] ,A, V t-* , <> , V t 3
and puctuation marks
( and ) .
We use letters *x\ *y\ V to denote arbitrary variables; 'a', *b\ V to
denote parameters; 'Rn \ 'Sn', T* ' (orsimply 'R', 'S', T' whenever arity
is clear from context) to denote w-ary predicates.
An atomic formula is an expression of the form Rtx ... t
where R
is an »-ary predicate and each of tlt ..., t
is a variable or a parameter.
A formula is either an atomic formula, or an expression of one of the
forms ~*l<p, (sp A \//),(<p V \p), (<p -• i//), (<p *> \jj) where *p and ty are
formulae, or an expression of one of the forms V x *p, 3 x y where x
is a variable and <p is a formula.
We use V'» *V>'> W 'p' to denote arbitrary formulae.
The opposte of a formula <p , written <p, is defined by :
I
\jj if <p = ~l tf/
"1 <p if <p is not a negation.
We say that an occurrence of a variable x in a formula «p is free if
it is neither within the scope of some occurrence of V x or 3x nor
is itself immediately preceded by V or 3 .
We denote by <p (x/a) the result of replacing every free occurrence of
the variable x in <p by the parameter 0 .
A sentence is a formula in which no occurrence of a variable is free. A
literal is an atomic sentence or the negation of an atomic sentence.
3. By a sequent we mean any finite set
for r u {«p}.
T
of sentences. We write
T, <p
118
The rules of sequent tableaux are as follows:
r,-n*
(A)
(V)
r, ^ A ^
_ .
HA)
r , <p, ty
r, loVit
'y
y
r.n*
r,-i*
r,i(^v«
(IV)
r.n (*-•*)
r, ¢, n *
(•*)
r.-i(^**)
«***
n-ì
r,*,* r,>,~i*'' ' ' r,¥>,n* r.-ijp,*
r,~ivx<p
f—i \ / Ì
r
<*)
(V)
r, V x <p, ip (x/a)
I\ ~l(p(#/«)
provided that « does
not occur in V .
(3)
r,3«».
T, *p (èc/a)
r,i 3 *„
I\ ~13 # <p, ~"| <p (#/a)
provided that a does
not occur in T.
A sequent tableau for T is a tree obtained by placing T at the origin
and then continuing downward according to the above rules.
A branch of a sequent tableau is closed if there is a sequent T on that
branch and an atomic sentence \p such that both \p and ~~I <p are in T .
A sequent tableau is closed if ali of its branches are closed.
Remark. The rules of sequent tableaux are strictly related to the rules of the
Gentzen-type sequent system G4 of Kleene [5]. Indeed they are obtained
from the latter as follows : (1) Transpose ali sentences from right to left
replacing each sequent
{<Pi, ..., ^m }**• {0i, - ..., tyn } by an equivalent
119
sequent {</>i, ..., <pw, ~l #1, ..., 1 ^ } * and drop the symbol •* which
now becomes superflous. (The transposition is justified by the rule (""!=*)
of negation introduction in the antecedent). (2) Drop the rule thus resulting
from (~l =») which now becomes vacous. (3) Turn the rules upside-down.
Sequents T such that, for some atomic sentence <p , both <p and "1 «p
are in T are the result of transposing ali sentences from right to left in
axioms of G4 . Thus closed sequent tableaux coincide with proofs in the
system resulting from G4 by the above procedure, turned upside-down.
4. Sequent tableaux are cumbersome in actual practice because their rules
involve duplicating the extra sentences T ali the time. A more convenient
arrangement is given by sentence tableaux, which are obtained by dropping
the extra sentences T altogether and ticking off
(vO the principal
sentence of the premise whenever it is not duplicated in the conclusion. (Note
that ( V ) and ("13) are the only rules in which the principal sentence
of the premise is duplicated in the conclusion).
The rules of sentence tableaux are as follows:
f
(A)
HA)
1
1(<pA^)y/~
*
(V)
(IV)
•
"1*
CI-*)
( • * )
-|<£
(•)
yjj
CI-»)
/ \
<p
~\<p
120
(V)
V x <p
I
«p (x/a)
Civ)
I
~~\\p.'(x/a)
provided that a is
new to the tableau.
3x $ y/
(3)
I
<p (x/a)
provided that a is
new to the tableau.
CI 3)
~1 3 x<$
I
~1<p (x/a)
A sentènce tableau, or more briefly a tableau for a sequent
is a tree obtained by starting with
{<Pi, ••-, <Pn }
where $x is at the origin, and then continuing according to the rules where
the conclusion of a rule must be entered on every branch passing through
the premise.
A branch of a tableau is closed if there is an atomic sentènce <p such that
both «p and ~l «p are on that branch. A tableau is closed if ali of its branches are closed.
Remark. It is commonly held that sencence tableaux were originally introduced by Smullyan [16] (more fully in [17]). As a matter of historical fact they
were already used by Prawitz [9.].
5. There is a simple mechanical method for converting a sequent tableau
& for {<pj., ..., <£w} into a sentènce tableau: (1) Replace the origin of
jT,i.e. {^i,...,^ M },by
«Pi
121
(2) Replace each node except the origin by
*
m
where i//t, ..., \p
is the list of ali sentences occurring in that node but
not in its immediate predecessor, and tick off (\/") a sentence not occurring
in that node but occurring in its immediate predecessor. (3) Replace each
inference line
— by a vertical line
or a fork
/ \
depending on whether the corresponding inference rule has only one or two
premises.
There is also a simple mechanical method for converting a sentence tableau
& for {<£>!,..., <pw } into a sequent tableau:
(1) Put ali nodes of &~ not connected by a line in the same set.
(2) Add to each node of the resulting tree ali sentences occurring in its immediate predecessor which are not ticked off, or are ticked off but are not used
as premises of an inference whose conclusion occurs in that node.
6. We introduce the following notions concerning sequents.
A sequent
r.
T
is said to be confutable if there exists a closed tableau for
We say that a sequent
table.
T
entails a sentence y if r U {"1 \p} is confu-
Theorem
(i)
T is confutable =• T has no model.
(ii)
T entails \p *> \p is a logicai consequence of T .
7. Similarly to [2] we may say that there are two main problems in devising
a mechanical method for generating sentence tableaux (or sequent tableaux
for that matter) for arbitrary sequents Y :
(1) The determination of which tableau rule to apply next at any point in
the process.
122
(2) In applications of (V) and ("13), choice of the parameter a.
It is commonly held (see e.g. [2]) that (1) is solved by the following result which is more easily stated for sequent tableaux.
Lemma. Let T be a sequent, and let @lx and ^ 2 be sequent tableau
rules both of which may apply to Y . Let fj\ and ,T2 be the sequent
tableaux resulting from applications of these two rules in opposing orders.
Then .¥\ can be extended to a closed sequent tableau for T iff .T^
may be so extended.
Actually the above lemma fails to provide a full solution to (1). This is
shown by the following simple example.
Example
(I)
VxRx, 13 xRx
(V)
VxRx, Rat, 13xRx
CI3) —
VxRx, /?i»j,n 3 xRx, 1 Rat
(II)
VxRx, ~\3xRx
(V)
:
VxRx, Ralt 13xRx
(V)
(V)
VxRx, Ralt Ra2, 13xRx
—
;
\/xRx, Rat, Ra2, Ra3, ~13xRx
123
(HI)
VxRx, "1 3 xRx
(V)
VxRx, Ralf
13xRx
CI 3)
VxRx, Rau ~13xRx, 1 Rbt
(V)
—
VxRx, Rax, Ra2, ~\3xRx,
1Rbt
CI 3)
:
VxRx, Ralt Ra2, ~~]3xRx,~]Rb1,~\Rb2
While (I) is closed, both (II) and (IH) could be indefinitely continued
without closing although they do not violate any of the sequent tableau
rules.
A basic requirement on a mechanical method for generating a sequent
tableau for T is that it should produce a closed sequent tableau for T
whenever the latter exists as in the case T = { V xRx, H 3 xRx}. Then our
previous example shows that the above lemma is of little help in solving
(l).
A further basic requirement is that the method should be efficient. Such
a requirement affects the solution of (2) . For instance, in establishing the
completeness of the tableau rules the following approach to (2) is commonly
used (see [1] p. 436): if a sentence of the fórm V#<p occurs on a given
branch of the tableau and A = {aXt ..., an } is the set of ali parameters
occurring on that branch, then each of <p {x/ax ),..., «p (x/an ) is entered on
the branch within a finite number of lines.
Such an approach is very crude since it simply tries ali possible instances.
This is ali very well for completeness proofs but is hardly satisfactory as
regards efficiency.
8. A better approach consists in using a device originally introduced by
Prawitz (see [7] footnote 11) and Kanger [4]. The idea is to replace the
variable x by a dummy ih any application of ( V ) or ( 1 3 ) , postponing the search for an appropriate parameter a until convenient.
Accordingly we expand the language of predicate logie by including dummies
124
at., a 2 , ••• • We use letters '<x\ '0\ *y\ '5' to denote arbitrary dummies.
Both parameters and dummies will be terms. Moreover we expand the rules
of sentence tableaux by introducing the following two new rules :
(V*)
\
OL-.A
<p {X/OL)
provided that <x is
new to the tableau
(-»3*)
"13*x ip
I OL.A
~lv(x/oì)
provided that ce is
new to the tableau.
Both in (V*) and ( 1 3 *) A is the set of ali terms occurring in the
branch above $ {X/OL) or ~l<p(x/<x) respectively, or A={ax}
ifthere
are no such terms (where at is the first parameter). We cali A the set v
of ali admissible values of a. The restrictions on (~1V) or (3) are now
extended to guarantee that a is not an admissible value of any dummy and
is distinct from a%.
Sentence tableaux, closed branches and closed tableaux are defined as
usuai. We introduce the following additional notions.
A branch of a tableau is open if it is not closed. A finite open branch is
completed whenever each sentence occurring on that branch is one of the
following:
(i)
a literal;
(ii)
ticked off;
(iii)
a sentence of one of the forms \/xy
or "1 3 x <p such that also
cp (X/OL) or "1 </? (X/OL) respectively occurs on that branch (for some
dummy a whose set A of admissible values includes ali terms
occurring on that branch).
A tableau is open if it contains at least one completed open branch or at
least one non-terminating branch.
125
9. Next we define a mechanical method for generating a sentence tableau for
T , for arbitrary T . First we introduce some notions about substitution.
A substitution is a set of assignments of terms to dummies, where no
dummy is assigned more that one term. Substitutions will be denoted by
o> T , ... . If the terms assigned to dummies in a substitution a belong
to a given set A , then we say that a is a substitution over A .
Application of a substitution o to a sentence \p consists of replacing
dummies in <p by the terms which a assigns to them. Any dummies
in <p not mentioned in a are left unchanged, and any assignments in a
to dummies not occurring in «p are not applied. The result of applying
a to «p is denoted by «/? a .
Substitutions can be composed in the obvious way, i.e. <p (CJT) = (<po)T.
Given any two sentences <p and \p and any substitution a , if <pa =
\pa we say that o unifìes <p and \jj ; o is said to be a unifier of
# and ^ , and the latter are said to be unifìable.
There is an algorithm, called the unifìcation algorithm, which operates
on any two sentences «p and \jj, and either terminates with an indication
that <p and \j/ are not unifìable, or terminates with both an indication
that they are unifìable and a specific unifier of <p and \fr (see [13]).
Given any two sentences <p and i// let
unify {$, \jj) =
the unifier of \p and \jj given by the unifìcation
algorithm, if <p and \jj are unifìable
€ (= the empty substitution) otherwise.
Given any finite set
A of literals and any finite set
A
of terms let:
dose (A.,4) = {o I a = unify (<p, i//), o a substitution over A , and <p , t// G
A}.
10. A partial description of a method for generating a tableau for an arbitrary
T = {</?!,..., <pw } is as follows:(1)
Start with
%
126
where <pt is at the origin.
(2)
Let A be the set of ali literals occurring on the given branch and A
a set including ali the admissible values of oc, for any oc occurring
on that branch. Determine the set dose
(A,A).
(3)
If dose (A, A) = {£} , then go to (4). Else, by construction dose
(A, A) will contain a single non-empty substitution a . Apply a
to ali sentences occurring on open branches.
(4)
Are ali branches closed?
(5)
If so, stop: T is confutable.
(6)
If there any completed open branch?
(7)
If so, stop:
(8)
Is there any sentence of the form
(9)
If so, apply (111
(10)
Is there any sentence of one of the forms
~~1 (<P -* $) which is not ticked off?
(11)
If so, apply (A), ("1V), ("1 -•) respectively. Then go to (2).
(12)
Is there any sentence of one of the forms
not ticked off?
(13)
If so, apply (HV) or (3) respectively. Then go to (2).
(14)
Is there any sentence of one of the forms <p «• \p , 1 (<p *> ^/) which
is not ticked off?
(15)
If so, apply («») or (~l^) respectively. Then go to (2).
(16)
Is there any sentence of one of the forms
which is not ticked off?
(17)
If so, apply ( 1 A) t (V) or (->) respectively. Then go to (2).
(18)
Is there any sentence of one of the forms Vx<p , "13 x y ?
(19)
If so, apply (V*) or ("13 *) respectively to ali sentences of one
of such forms on that branch (including those entered by sùch applications). Then go to (2).
(20)
Else, mistake!
T is unconfutable.
"1 "1 «^ which is not ticked off?
Thengo to (2).
y A \jj , "1 (<p V ^) ,
IVx
<p, 3 x «p which is
~l(<pA \jj) ,<pV ^/,^-^ \jj
127
11. Part of the motivation for the above procedure is clear. We consider first
sentences of one of the forms 1 1 <p , <p A ^ , "1 (\p V \jf), H (<p -»• rjt), ~"IV# <p,
3 * <p because ("11) , (A) , ("1V) , ("I -•) , ("IV), (3) do not yield new
branches. We consider sentences of one of the forms
^^^,1(^^^/)
before considering those of one of the forms ~l(<pA^),<pV^ , *p ~+ \j/
because they introduce two sentences on each branch thus doubling the
chances of its closing soon. Further explanation is proVided by the foUowing
examples.
Example
VylxRyx
13
xVyRyx
I
a : {«!}
3xRocx\
I
1VyRyP\/~
I
Rab
I
n/?c0
If a is a substitution which assigns e to a and b to j3 , theri
clearly o - unify (Rab, ~\Rc$), hence applying o to ali sentences of
the tableau a closed tableau obtains. Therefore we should conclude that the
set { \/y 3 xRyx , "1 3 x V yRyx } is confutable and hence is not satisfiable
which is clearly false. Thus the restriction in. (2) to substitutions over the set
A of admissible values of dummies occurring on the branch is essential for
soundness.
128
(I)
V xRx
_3 x 1 Rx s/~
I
IRb
I
OC: { b }
Ra
OD
VxRx
3x~] Rx\/~
I a: {a{}
Ra
I
IRb
I
P:{<X,b}
Rp •
If a is a substitution which assigns b to a , and r is a substitution
which assigns b to |3 , then applying a to (I) yields a closed tableau,
and applying T to (II) also yields a closed tableau. However in (II) some
effort is wasted since b is not an admissible value of a., and so we must
introduce a new sentence i?0 . Now while in (I), in accordance with our
procedure, we consider 3 x "I Rx before considering VxRx , in (II) we do
just the opposite violating the procedure. This explains why in our procedure
we consider sentences of one of the forms 3 x <p , IVx <p before considering
those of one of the forms Vx <p , "13 x <p .
129
Example
(I)
V xRx
H 3 xRx
I
oc: {at}
Roc
I
0:{a}
IRp
(II)
VxRx
^\3xRx
I
a: {al }
Roc
I
/5: {OC}
Ry
If a is a substitution which assigns oc to j3 , then applying a to (I)
yields a closed tableau. However no substitution can convert (II) into a closed
tableau. While in (I), in accordance with step (19) of our procedure, we consider ali sentences of one of the forms V#<p,"13#<p on the branch, in (II)
we just ignore the sentence "13 xRx thus violating the procedure. Considering only V xRx we are headed for an endless cycle.
12. In order to compare the efficiency of our procedure with that originally
developed by Prawitz (cf. [9]) we consider the following tableau which shows
that { Vx Vy V 2 (Rxy A Ryz -> Rxz) , V# "1 Rxx } entails VxVy (Rxy -*
130
-iRyx).
\fx VyVz (Rxy A Ryz -• Rxz)
Vx~\Rxx
"l\/x\/y (Rxy -> ~l Ryx)*s/~~
I
~~\Vy(Ray -• 1
Rya)\f
I
H(i?dtfc-* "I Rba)\T
I
I a : {a, Z>}
Vy\/z(RotyARyz-+Roiz)
I /J: {*, b,CL}
I 7: {a, b, a, 0}
yz^Rotz)
\/z(R ayAR
I 5 : {a, *, a, ft 7}
# «7A/? 7 6 - ^ i ? a 6 V ^
:
n(/?aj7Ai? 76) \ / ~
X
Irta?
X
l/*75
X"
If a is a substitution which assigns a to oc, 0 , 5 and & to 7 , then
applyìng a to the above tableau yields a closed tableau. The tableau has
131
12 arcs. The tableau built up by the proof procedure of [9] had 60 arcs
(and required 12" to executé; 48" including printing).
13. Our procedure as described above is incomplete because it leaves open
two problems:
(1)
The determination of which sentence to consider next whenever
several sentences of the same form which are not ticked off occur
on a given branch.
(2)
The determination of which branch to continue generating next
whenever a branching rule is applied.
As to (1), a simple solution consists in considering the first sentence of
the given form occurring on the branch. However a more efficient solution
is to order ali sentences of the given form occurring on the branch by length
(= number of symbols), and then consider a sentence of maximal length.
The reason for (greater) efficiency is that if longer sentences are considered
earlier in a tableau, the chances are that there will be less open branches on
which the conclusions of the rule must be entered.
As to (2), a naturai solution is provided by a depth-fìrst strategy. In depthfirst we continue generating a branch until its end node (if any). Then we
retreat to the latest branching node, and plunge on down generating another
branch. For definiteness we assume that the leftmost branch is generated
first.
Depth-first can be easily implemented on a conventional (sequential)
computer. It has however the disadvantage that we may pursue an infinite
branch indefinitely and never back-up to the rest of the tableau. Thus we
may be unable to establish that the tableau is open because it has a completed open branch. Hence depth-first is an incomplete strategy.
A strategy which avoids such a problem is breadth-fìrst. In breadth-first
ali the nodes at depth 1 are generated first, then ali the nodes at depth 2
and so on, i.e. a tableau is generated in stagés, where at stage n ali the
nodes of depth
n are generated. Again for definiteness, whenever the
tableau is generated sequéntially, we assume that nodes of the same depth
are generated left-to-right.
Clearly ali nodes will thus eventually be generated, hence breadth-first
is a complete strategy. However, since at stage n ali the nodes of depth
n must be generated, generally the number of such nodes will grow expo-
132
nentially. Hence breadth-first is better implemented on a non-sequential
computer.
We cali canonical tableau any tableau built up by our procedure together
with a breadth-first strategy. The order in which sentences of the same form
on the same branch are considered is unimportant in the following results.
Theorem
(i)
(ii)
The canonical tableau for V is open =• T has a model,
T has no model => The canonical tableau for T is closed.
Corollary 1.
(i)
The canonical tableau for
T is closed ^T
has no model.
(ii)
(iii)
T is confutable <** T has no model.
The canonical tableau for T is closed <=> T is confutable.
Corollary 2.
(i)
(ii)
T entails <p <=*<£ is a logicai consequence of T .
The canonical tableau for r U {1 ^} is closed «=•<£ is a logicai
consequence of T.
Remark. Corollary 2 (ii) reduces the problem whether <p is a logicai
consequence of T to the problem whether the canonical tableau for
r u { 1 ^ } is closed. This does not provide an effective test for logicai consequence because there is no effective way of determining, for an uncompleted
open branch, whether that branch is a non-terminating one, or a branch that
will become, if appropriately continued, a completed open branch or a closed
branch. However, owing to the spatio-temporal constraints of computers, even
a closed canonical tableau for r u {1^} may be too large to be feasibly
generated. Thus the difference between such tableaux and those with nonterminating branches may be inessential in practice.
133
14. Now we introduce a naturai deduction system adequate for linearizing
sentence tableaux.
A deduction of the system is to be understood as a finite sequence of
ordered pairs (m, <p) where m is a vector of integers and <p is a sentence.
If (m, <p) is the »-th element of a deduction @ , then the integers in
m are called the assumption numbers of the w-th line of ^ , and <p is said
to occur as, or to be written as the w-th line of Q) ..
If m is an assumption number of line n , the sentence occurring as the
m-th line of @ is said to be an assumption of line n .
Rules for constructing deductions will include: (i)an assumption rule; (ii)
direct rules; (iii) a discharge rule.
The assumption rule has simply the form:
meaning: Any sentence <p may be written as the »-th line of a deduction
with n as its only assumption number.
The direct rules have the general form:
meaning: If \pXl ..., yk occur as lines wilf ..., mk of a deduction, then
ty may be written as a later line. The assumption numbers of the new line
are to be the assumption numbers of lines mx,..., mk .
We also write:
X
as a shorthand device for expressing both:
—
*
and
—.
X
134
The discharge mie has the form:
-lo
meaning: If \j/ occurs as line / of a deduction and "1 \p occurs as line
m , then 1 <p may be written as a later line. The assumption numbers of the
new line are to be either the assumption numbers of lines /, m or , if $ is
an assumption of lines /, m and occurs as line k , the assumption numbers
of lines /, m less k .
The rules are as follows:
(A)
*
n n)
(A) J ^ * -
(RAA)
(HA)
5
(V) —f—
nv)
—
n
^
^_
*
WJ
135
¥>->•*
~i(*>^)
<fi
V i
(-•)'
^
*
1*
-\(<p<->t)
<p « - • ^
(**,)
<p
n^*,)
*
f
~i*
T(,p^^)
(«*»)
1*
"1*
VA:
0+*>ù
<p
("IV)
<p (x/a)
."V
4>
"1 V * <p
"1 <£ (#/tf )
provided that a is
new to the deduction
(3)
^ ip(x/a)
provided that a is
new to the deduction
I~I
ai
"I3»ip
~~\ip(pc/a)
A deduction of y from {^, ..., <p } is a finite sequence of ordered
pairs (m, ^) generated by the above rules such that:
(i)
<p occurs as its last line, and *pVt..., <pM are the assumptions of thatline.
(ii)
No parameter occurring in \p or <Pi,.-.,^w has been introduced
into the deduction by an application of ( 3 ) or ("IV).
A proof o t
{p is a derivation of
<p from the empty sequent 0 .
Remark. The above system is intermediate between Smullyan's [15] analytic
naturai deduction system and more traditional naturai deduction systems
like [10], [11] or derivatives. Like in the case of [15] most of its rules are
eliminations, but not ali of them. Because of (RAA) the following subsentence property of [15] is violated: The only sentences occurring in a proof
136
of \p are either subsentences of y or negations of subsentences of
<p .
15. Next we describe a mechanical method for converting closed tableaux
into deductions. Deductions resulting from such conversion will not be pictured as arrays of lines of the forni:
m
(n) \f> ,
where m are the assumption numbers of line n and <£ is the sentence
which occurs as line n . Instead we use the following representation: (1)
Any sentence introduced by an application of (A) is to be starred (*). (2)
Any application of (RAA) is to be represented by drawing a box from
the discharged assumption <p up to "li//:
Our method for converting a closed tableau .T for {<£j, ..., <p , ~~l<p}
into a deduction Q) of y from {^,..., <pM } consists of the following
steps:
(1)
Copy down ali nodes of .T in the order established by the depthfirst search strategy, except as stated under (3) or (4) below.
(2)
Put a star before each of tplt - - , ^ , "l<p and before each node
which is a left successor (i.e. is the leftmost successor of a branching
node).
(3)
When you come to an end node which is a left successor, do not
copy down that node.
(4)
When you come to an end node x„ which is not a left successor,
put a box from the last starred node *%
which is not yet boxed
up to x« • Then add the sentence 1 x « and.whenever Y « ^
137
of the form
1 p , also the sentence
p . (Then copy next node
The followihg example gives the flavor of applications of the method.
Example. Let «p, ^, x> P he atomic sentences.
<p-»(i//->X)
^
p/\<p V~
•*-*(*-* x)
pA(p
nx
^-\xV~
*
x
x
x
16. Although our naturai deduction system may appear somewhat unusual,
its deductions are easily converted into deductions of a Quine-type naturai
deduction system. We consider the foUowing simplification of [10], [11]
which does not require that variablés are flagged and arranged in a certain
order.
138
The rules of the system are as follows:
(A)
>r
*
Vi
(TC)
<Pn
(RAA)
*
provided that \p is a tautological
consequence of {\px,..., \pn }
(VE)
ip (x/a)
(W)
<p (x/a)
Vx <p
provided that: (i) a does not occur
in ip ; and if V x <p occurs as line n,
then (ii) a does not occur in any assumption of that line nor (iii) in any
earlier line obtained by (3 E)
(3£)
3 a; <p
<p (#/#)
(3/)
<p (x/a)
3x <p
provided that: (i) a does not occur
in <p ; andif <p(x/a) occurs as
line n , then (ii) a does not occur
in any assumption of that line nor
(iii) in any earlier line obtained by
(3E) «
A deduction of y> from {^, ..., <pw } is a finite sequence of ordered
pairs (m , \jj) generated by the above rules such that:
(i)
<£ occurs as its last line, and
line.
yh ..., <pw are the assumptions of that
(ii)
No parameter occurring in (p or <Pi, ..., ip has been introduced
into the deduction by an application of ( 3 E).
139
Remark. An appealing feature of the restrictions on ( V/) and ( 3 E) is
that they are naturai and perfectly symmetric (like in [3]). However, as shown
in [8], they are stronger than necessary.
17. There is a simple mechanical method for converting a deduction Q) of <p
from {^i,...., ^ } in our former naturai deduction system into a deduction
@ in the latter Quine-type naturai deduction system:
(1)
Copy down ali lines of @ except as stated under (2) or (3) below.
(2)
When you come to lines of the form:
—•
m
(k)
~\Vxip
m
(n) ~\ip(x/a)
k
IV
replace such lines by the following lines and renumber the remaining
lines accordingly:
—>
m
(k) ~\yx<p
n
(n) ~~\3x~\if
n+1 (n+1)
A
1*p{x/b)
31
n+1
(n+2)
n
(»+3)ll^W n+l,n+2,n
RAA
n
(n+4)
«p (x/b) n+3
TC
n
(n+5)
Vx ip
VI
m
(n+6) T l f f x - t y n,n+5,k
RAA
m
(n+1)
3x~\<p n+6
TC
->-
(n+S)
1<p(x/a) n+1
3E
m
(3)
A
Rxlip
n+1
n+A-
When you come to lines of the form:
m
(k)
13x $
m
(n)
~1 {p (x/a)
k
-13
140
replace such lines by the following lines and renumber the remaining li
nes accordingly:
m
(k)
n
n
—>.
m
(n)
<p (x/a)
(n + 1) 3x*p
(»+2) 1if(x/a)
{p
13x
n
n,n + lyk
A
31
RAA
18. So far we have employed tableaux for proof search and naturai deduction
for linearizing tableaux. Alternatively we may use a modified version of Smullyan's [15] analytic naturai deduction system for proof search itself.
We consider box structures like in the following example;
«Pi
Vi
^3
i
*6
Vi
^8
^9
<PlO
The example illustrates the three basic conditions which must be satisfied by
a box structure: (a) if two distinct boxes overlap, then one of them wholly
contains the other; (b) no formula «p, is the top formula of two distinct
boxes, nor is the bottom formula of two distinct boxes; (e) if a formula
\pi is the bottom formula of a box, its successor <pi+1 is no the top formula
141
of another box. (Thus the structure used in the example at the end of section
15 is a box structure).
To introduce a sentence y as an assumption at a given stage n of the
constructión of a box structure means to write down fy a s the » + 1-th
line. To discharge (a line /. which is) an assumption at stage n means to
draw a box from the line /. up to the last line / ' (inclusive). A line which
is not boxed at stage n is said to be alive at that stage.
We consider rules for constructing box structures of a special kind, called
nests. The rules will include: (i) an assumption rule; (ii) direct rules; (iii)
discharge rules.
The assumption rule has the form:
V»
meaning: at stage n we may introduce any sentence <p as an assumption.
The direct rules have the general form:
meaning: If <£ is alive at stage n , then we may write down \jj as line
w+ 1 .
In order to introduce the discharge rules we need an auxiliary notion.
We say that at a given stage n of constructión a nest is in a contradictory
state if there exists an atomic sentence p such that both p and ~!<p
are alive at stage n .
The discharge rules may have one of the following two forms. Either
they have the form:
cont.
X
meaning: If
*^
is the last assumption alive at stage
n
and
\p has an
142
earlier occurrence also alive at stage n , and if the nest at stage » is in a
cpntradictory state, then we may discharge * ^ and write down x as
line « + 1 .
Alternatively the discarge rules may have the form:
*>
meaning: If *^j is the last assumption alive at stage » , \p2 is asuccessor of \pì alive at stage w , <p has an earlier occurrence also alive at
stage n , and if the nest at stage n is in a contradictory state, then we
may discharge * \jj\ and write down Xi as line » 4 - 1 and %i as
line » + 2 .
The rules for constructing nests are as follows:
(A)
ni)
~K*Atf/)
(A)
HA)
~1*
,pV*
OV)
(V)
n->)
(-)
"1 ( * < • * )
yfi<* \jj
ci*)
(~)
(V)
~»(»V»)
Vx *p
{f (x/a)
(IV)
"1 «p (#/tf )
provided that a
new to the nest
144
(3)
1*2-
(-,3)
ipipc/à)
^**
~]ip(x/a)
provided that a is
new to the nest.
A nest for a sequent
ting with
{<f>x > •••» V„ }
1S a DOX
structure obtained by star-
Vi
V
where
Vi
is the first line, and then continuing according to the rulès
subject to the restriction that no other sentence may be introduced as an
assumption except under the following conditions:
(i)
If "1 (<p A \jj) is alive at stage n , then "1 \p may be introduced
as an assumption at that stage.
(ii)
If ^> V \\j is alive at stage n , then y may be introduced as an
assumption at that stage.
(iii)
If ip -> \p is alive at stage n , then ~1 $ may introduced as an
assumption at that stage.
(iv)
If either $ «» \j/ or "1 (</> «» \jj) is alive at stage n , then \p may
be introduced as an assumption at that stage.
Whenever, in a nest for {\px, ..., \pn }, an assumption ~l</> is introduced
in accordance with coridition (i) above, we say that the corresponding sentence ~l (if A \p) is used to introduce "I $ . Similarly in the case of assumptions
introduced in accordance with one of the remaining conditions (ii) - (iv) .
A nest for {<pj, ..., \pn } is closed if it satisfies the following conditions:
(i)
Itis finite,
(ii)
It contains no assumptions alive at its last stage except for the initial
ones V i , - , V„ .
(iii)
It is in a'contradictory state at its last stage.
145
19. Confutability and entailment can be introduced as follòws.
A sequent T is said to be confutable if there exists a closed nest for T .
We say that a sequent T entails a sentence <p if r u {1\p}. is confutable.
Theorem.
(i)
T is confutable => T has no model.
(ii)
T entails <p => <p is a logicai consequence of T .
20. The problems involved in devising a mechanical method for generating
a nest for an arbitrary sequent {<pj, ...,$„} are similar to those already
discussed for tableaux.
Again we introduce dummies together with the following two new rules:
(V*)
V x yKp
yp (x/oc)
OL.A
provided that a is
new to the nest.
"13 x &
\ip(pe/a)
provided that a is
new to the nest.
Both in (V*) and ("13*) A is the set of ali terms occurring in sentences above «p (x/oì) or I <p (x/a) respectively which are alive, or A ={ax ]
if there are no such terms. We cali A the set of ali admissible values of a.
Nests and closed nests are defined as usuai. We introduce the following
additional notions.
By the main path of a nest for a sequent {\px, ..., $n } we mean the
sequence of lines beginning with the iriitial ones V i > •••> *VW and including ali lines which are not boxed. (If : the nest is finite, then the main path
will consist of ali lines which are alive at its last stage).
We say that a line /. on the main path is fulfilled if one of the following
146
conditions holds:
(i)
/. = 1 1 ^ and <p occurs on the main path..
(ii)
/. = <p A \j/ and both <p and ^ occur on the main path.
(iii)
/• = ~I (if A \j/) and either
(iv)
l. = ipV \p and either $ or ty occurs on the main path.
(v)
l. = 1 (</>V ^)
(vi)
l. = ip-> \j/ and either
(vii)
l. = "I (<p..-• \/0
(viii)
/ j = ^ ^ and either $ and ^ , or "1 <p and "1i// occur on the
main path.
(ix)
/ , = 1 ( ^ ^ ^ ) and either
on the main path.
(x)
/. = Vx<p and <p (#/a) occurs on the main path for some dummy
a whose set A of admissible values includes ali terms occurring
on the main path.
(xi)
/ f -=~lVtf^ anc*
parameter a .
(xii)
l. = 3*<p and <p (x/a) occurs on the main path for some parameter a.
(xiii)
/,- = ""13*^ and ~~l<£ (x/a)
occurs on the main path for some
dummy a whose set A of admissible values includes ali terms
occurring on the main path.
and both
"1 <p or "1 \j/ occurs on the main path.
"1 <p and
"1 \fr occur on the main path.
1 ^ or ^ occurs on the main path.
and both
<p and
«p and
"1 \j/ occur on the main path.
"1 \p , or
1<p and \J/ occur
~fy {pela) occurs on the main path for some
Any fulfilled line will be ticked off (vO except for the fulfilled lines
of one of the forms Vx <p or "13 # <p . A line which is fulfilled at a certain
stage may become unfulfilled at a later stage. This will be indicated by cancelling the tick
br).
147
Example. Let <p , <p,x be atomic sentences.
* (X V 0/> V n * ) ) A ( * A Op V x - ~ W ) v ' »xV («V-l*)>/~
\j> A(i/)Vx-*~l'/')v r "
*x
*"i(^Vx)V~
!
#
•
~lx
• n *
» ^VI^NT
The arrows show the sentences used to introduce the assumptions.
We say that a nest is a compieteci open nest if the following conditions
hold:
(i)
it is finite;
(ii)
every line on its main path is fulfilled;
(iii)
it is not in a contradictory state.
148
We say that a nest is open if either it is a compieteci open nest or it is
infinite.
21. A partial description of amethod for generating a nest for an arbitrary
r = {<£i,..., (pn } is as follows:
(1)
Start with
Vi
V,
(2)
(3)
where Vi ls the first line.
Let A be the set of ali literals occurring on the main path and A
a set including ali the admissible values of a, for any a occurring
on the main path. Determine the set dose (A, A).
If dose (A, A) = {£}'•, then go to (4). Else, by construction dose
(A,A) will contain a single non-empty substitution à. Apply o to
ali sentences occurring on the main path.
(4)
(5)
(6)
(7)
Is the nest closed?
If so, stop: T is confutable.
Is the nest a completed open nest?
If so, stop: B is unconfutable.
(8)
(9)
Is there any sentence of the form "1 ~1 \p which is not ticked off?
If so, apply O D . Then goto (2).
(10)
Is there any sentence of one of the forms y A ty , "1 (<p V 0), "1 (<p ~* i/0
which is not ticked off?
Isso, apply (A), ("IV), (H-*) respectively. Then go to (2).
(11)
(12)
Is there any sentence of one of the forms "1 Vx {p , 3 x \p which is
not ticked off?
(13)
If so, apply
(14)
Is there any sentence of one of the forms
which is not ticked off?
(~\V ) or (3) respectively. Then go to (2).
(<p «* \jj) , ~1 («p «» \js)
149
(15)
Ifso, apply («•) or (~l^) respectively. Then go to (2).
(16)
Is there any sentence of one of the forms
which is not ticked off?
(17)
If so, apply (1 A), (V) or (-•) respectively. Then go to (2).
(18)
Is there any sentence of one of the forms V x <p , 13 x <p • ?
(19)
If so, apply (V *) or (~"l #*) respectively to ali sentences òf
one of such forms on the main path (including those entered by
such applications). Then go to (2).
(20)
Else, mistake!
"~l(tpAi//),ipV^ , ^ - ^
22. The above procedure is incomplete because it leaves open the problem
of determining which sentence to consider next whenever several sentences
of the same form which are not ticked off occur on the main path. Like in
section 13 we may consider the first sentence occurring on the main path
or, more efficiently, a. sentence of maximal length.
We cali canonical nest any nest built up by our procedure irrespective of
the order in which sentences of the same form are considered.
Theorem.
(i)
The canonical nest for T is open ==• F has a model,
(ii)
T has no model
=* The canonical nest for Y is closed.
Corollary 1.
(i)
The canonical nest for T is closed *=• T has no model.
(ii)
T is confutable *=* V has no model.
(iii)
The canonical nest for T is closed *=> T is confutable.
Corollary 2.
(i)
(ii)
T entails <p <=> «p is a logicai consequence of T .
The canonical nest for T U {"1 <p} is closed <=* *p is a logicai
consequence of F .
150
23. It should be noted, however, that there are sequents T such that
the canonical tableau for T contains a completed open branch whereas
the canonical nest for T is not a completed open nest. This is shown by
the following simple example.
Example.
VyHxRyxV
VzSz\T
*Yy3xRyxV
VySxRyx
VzSzyf
VyHxRyx
a : {*! }
P-Aatì
SxRpx^
RPb
Sa
0 : {*i>
3xR&Xy/
Rpb
y.{P,b}
y.iP.b]
SxRyx y/~
Ryc
Ex Ryc
Ryc
24. So far we have confined ourselves to the language of predicate logie
without equality. If we add equality, then we may employ either a set of
equality axioms or a substitution rule for equals similar to paramodulation
(see [12]).
Generally, however, this is not the best approach because, contrary to a
widespread misunderstanding, equality is a domain dependent concept.
In implementing a logie programming system based on tableaux or nests,
it will be more efficient to build-in direct access to machine execution of
equality when both of its arguments are integer terms (and presumably also
other kinds of terms). In the remaining cases one may resort to the above
logicai approach.
151
REFERENCES
[1]
M. Bergmann, J. Moor and J. Nelson, The Logic Book, New York (Random
House) 1980.
[2]
K.A. Bowen frogrammtng with full first-order logie, in: J.E. Hayes, D. Michie and
Y-H Pao (Eds.), Machine Intelligence 10, Chichester (Ellis Horwood) 1982, 421440.
[3]
H.E. Hendry, Another system of naturai deduction, Notre Dame Journal of
Formai Logic 16 (1975) 491^95.
W
S. Kanger, A simplified proof method for elementare logie, in: P. Braffort and
D. Hirschberg (Eds.), Computer programming and formai systems, Amsterdam
(North-Holland) 1963, 87-94; reprinted in [14] 364-371.
[5]
S.C. Kleene, Mathematical logie, New York (John Wiley & Sons) 1967.
[6]
R.A. Kowalski, Algorithm = logie 4- control, Communications of the Association
for ComputingMachinery 22 (1979)424-431.
[7]
D. Prawitz, An improved proof procedure, Theoria 26 (1960) 102-139; reprinted
in [14] 162-199.
[8]
D. Prawitz, A note on existential instantiation, The Journal of Symbolic Logic 32
(1967) 81-82.
[9]
D. Prawitz, H. Prawitz and N. Voghera, A mechanical proof procedure and its
realization in an electronic computer, Journal of the Association for Computing
Machinery 7 (1960) 102-128; reprinted in [14] 202-228.
[10]
W.V. Quine, On naturai deduction, The Journal of Symbolic Logic 15 (1950)
93-102.
[11]
W.V. Quine, Methods of Logic, 3rd edition, New York (Holt, Rinehart and
Winston, Ine) 1972.
[12]
G. Robinson and L. Wos, Paramodulation and theorem-proving in first-order
theories with equality, in: B. Meltzer and D. Michie (Eds.), Machine Intelligence
4, Edinburgh (Edinburgh University Press) 1969, 135-150; reprinted in [14]
298-313.
[13]
J.A. Robinson, A machìne-orìentedlogie based on the resolution principle, Journal
152
of the Association for Computing Machinery 12 (1965) 23-41; reprinted in [14]
397415.
[14]
J. Siekmann and G. Wrightson (Eds), Automation of reasoning 1, Berlin (SpringerVerlag)1983.
[15]
R.M. Smullyan, Analytic naturai deduction, The Journal of Symbolic Logic 30
(1965)123-139. .
[16]
R.M. Smullyan, Trees and nest structures, The Journal of Symbolic Logic 31
(1966)303-321.
[17]
R.M. Smullyan, First order logie, Berlin (Springer-Verlag) 1968.
[18]
H. Wang, Toward mechanical mathematics, IBM Journal for Research and Development 4 (I960) 2-22; reprinted in [14] 244-264.
CARLO CELLUCCI - Università di Roma "La Sapienza" - Istituto di Filosofia - Via Nomentana, 118-00161 Roma