- Email: [email protected]
A semantic backward chaining proof system
Artificial Intelligence 55 (1992) 109-128 Elsevier
109
A semantic backward chaining proof system * Xumin Nie Institute for Programming and Logics, Department of Computer Science, State University of New York at Albany,Albany, NY 12222, USA
D a v i d A. P l a i s t e d Department of Computer Science, University of North Carolina,Chapel Hill, NC 27599, USA Received January 1991 Revised June 1991
Abstract Nie, X. and D.A. Plaisted, A semantic backward chaining proof system, Artificial Intelligence 55 (1992) 109-128. We discuss a refutationally complete sequent style clause-based proof system that supports several important strategies in automatic theorem proving. The system has a goal-subgnal structure and supports backward chaining with caching. It permits semantic deletion, sometimes using multiple interpretations. It is also a genuine support strategy. We also show how to use multiple interpretations to control the case analysis rule, also called the splitting rule, how to design interpretations and how to select input clauses for a theorem.
1. Introduction Several strategies are important for automatic theorem proving [5]. One such strategy is backward chaining with caching. Backward chaining systems work in top-down fashion, where goals are expressed as subgoals, which are similarly expressed, and each subgoal is solved separately. Back chaining Correspondence to: X. Nie, Institute for Programming and Logic, Department of Computer Science, State University of New York at Albany, Albany, NY 12222, USA. *This work was partially supported by the National Science Foundation under grant CCR8802282. A preliminary version of this paper appeared in Proceedings of lOth International Conference on Automated Deduction (Kaiserslautern, Germany, July 1990).
0004-3702/92/$ 05.00 (~) 1992 - - Elsevier Science Publishers B.V. All rights reserved
110
X. Nie, D.A. Plaisted
is a fundamental problem solving method. Any proof system that cannot perform backward chaining properly is handicapped from the start. Caching is used to avoid repeated solution of the same subgoal. Another strategy is semantic deletion, which is used with backward chaining systems. Semantic deletion makes subgoals fail if they are false in one of a collection of interpretations. It allows the use of problem dependent knowledge to reduce the search space. The third strategy is genuine support, which permits us to concentrate on the theorem. This strategy is important when there are many assertions, because it focuses the search on relevant assertions. Although none of above mentioned strategies is new, a complete theorem proving system that supports all of them seems attractive. We will discuss such a system, called a semantic proof system. The system is a sequent style clause-based refutational system, in contrast to other subgoal methods like Gentzen style systems [5], which are often affirmative systems, that is, they prove a theorem from axioms, rather than deriving a contradiction from the negation of a theorem. Quite a number of theorem proving systems have been studied that support some of the strategies. Gelernter's geometry theorem prover [6] is the earliest system, which proves theorems in plane geometry. It uses backward chaining and deletes subgoals determined to be false by semantic information represented as diagrams of geometrical constructions. The inference rule in Gelernter's system is similar to that of Prolog [7] and is only complete for Horn clauses. The semantic proof system in this paper is a generalization of Gelernter's system to full first order logic. Reiter [14] proposes a natural deduction system which uses arbitrary interpretations to delete false subgoals. Reiter's system is not complete for first order logic. It is not clear how caching can be done in Reiter's system. The model elimination (ME) procedure [8] supports backward chaining and is a genuine support strategy. No semantic deletion can be performed in ME. Caching is not easy to do in ME, because the number of subgoals may be large due to the ancestor lists (however, see [ 12 ] ). Slagle [ 17 ] proposes semantic resolution which is a generalization of hyper-resolution to an arbitrary interpretation. Slagle's system gives a semantics criterion for restricting which resolutions can be performed. Our semantic proof system is in the spirit of Slagle's system. But Slagle's system cannot support backward chaining and it can only use one interpretation. Sandford [16] proposes hereditary lock resolution which combines locking resolution [4] and the model strategy [9]. It also gives a semantic criterion for restricting resolutions. This system fails to support backward chaining too. The resolution-based semantically guided hierarchical deduction [22] uses only false resolvents in some interpretation as goal clauses, but it does not seem to be a genuine support strategy. The connection method [2] can achieve many refinements of the resolution principle [15]. In a broad sense, the semantic proof system can probably be
A semantic backward chaining proof system
111
regarded as another such refinement. However, in the connection method, subgoals and solutions are not explicitly represented, nor is there a method for deleting subgoals false in an interpretation. There is no provision for caching subgoals and solutions either. But, it is possible that the connection graph method could be modified to accommodate these strategies.
2. Terminology A term is a well formed expression composed of variables, constant symbols and function symbols. An atom is an expression of the form p (tl . . . . . tn ) where ti (1 ~ i ~ n) are terms and p is a predicate symbol. A literal is an atom or an atom preceded by a negation sign -~. A literal is positive if it is an atom, negative if it is an atom preceded by -~. For an atom A, A = -~-~A. A clause is a disjunction of literals. A Horn clause is a clause with at most one positive literal. A non-Horn clause is a clause with more than one positive literals. A negative clause is a clause with only negative literals. We use Prolog notation and define a Prolog clause to be an expression L :- L 1, L2,..., Ln, which represents a clause L V-~L1V ~L2 V..- V -~Ln, .where L is the head literal, or simply the head, and the set of Li's (i = 1. . . . , n ) constitutes the clause body. A clause C is converted into a Prolog clause PC by first choosing as the head literal of PC one of the literals of C or the reserved literal f a l s e and then putting in the clause body of PC the negation of all other literals of C. A clause containing n literals can be represented by n + 1 Prolog clauses, which are called contrapositives of each other. For example, the four contrapositives of the clause P V -~Q v -~R are (false :- -~P,Q,R), (P :- Q,R), (-~Q :- -~P,R) and (-~R : - Q,-~P). A goal clause is a Prolog clause whose head is false. A formula in negation normal form (a NNF formula) is a quantifierfree first order formula containing no logical symbols other than -~, A and V, where each negation symbol -~ precedes an atom. A clause is a NNF formula by definition. An interpretation I for a NNF formula W consists of a domain D together with • For each n-ary predicate symbol P in W, an associated function PI " D n ~ { T , F}. • For each n-ary function symbol G in W, an associated function G~ : Dn ---~ D. The logical symbols are interpreted in an interpretation I in the usual way. An interpretation instance of a term or a NNF formula W, denoted by W', is obtained from W by substituting all variables occurring in W with some elements in D. We use E to stand for existential and U to stand for universal. For a N N F formula W, we use I [=E W to denote~the fact that
1 12
X. Nie, D.A. Plaisted
there is an interpretation instance W' of W which is interpreted to be T by I. We use I 1= u W to denote the fact that the interpretation I interprets all the interpretation instances W' of W to be T. We use I V=E W to denote I I=u -~W and use I ~ v W to denote I I=E -~W. We call an interpretation I a model for a N N F formula W if I 1= t: W. An interpretation I is a model for a set of N N F formulae if it is a model for each formula in the set. We use ~ and t= to denote derivability and validity, respectively.
3. Modified problem reduction format The modified problem reduction format [11] is an extension of Prologstyle Horn clauses logic programming to full first-order logic. It uses Prolog style backward chaining without contrapositives and handles non-Horn clauses using case analysis. The input clauses to the modified problem reduction format are given as Prolog clauses. For each clause, only one Prolog clause will be needed. The clause head of an input clause must be either a positive literal (for clauses containing positive literals) or false (for negative clauses). The modified problem reduction format has an inference rule for each input clause plus the assumption axioms and the case analysis rule. If S is a set of Prolog clauses, we obtain a set of inference rules from S for the modified problem reduction format as follows: For each Prolog clause L :- Ll, L 2 , . . . , Ln in S, we have the following clause rule. We call the F ' s on the left of the arrow ~ the assumption list.
Clause rules [F0 ~ L1 ~ F I ~ L 1 ] . . . . , [Fn-1 ~ L n ~ F n ~ L n ]
Fo~L~--+L We also have the assumption axioms and the case analysis rule where N is a positive literal.
Assumption axioms F~L
=~ F ~ L ,
F ~ -~L ~
ifLEF,
F,-~L -+ -~L,
Lisaliteral,
L is a positive literal.
Case analysis rule [Fo---~L~,-~N---~L],
[~,N---~L*IrI,N--+L], F o ~ L ~ I]I ~ L
IF0l ~< ICI
We call the literal N in the case analysis rule the splitting literal. IF] denotes the number of literals in F. Let's briefly explain the modified problem reduction format. Subgoals are of the form F -+ L where F is a list of literals and L is a literal. F ~ L is to be understood as F D L.
A semantic backward chaining proof system
113
In FI ~ L =~ F2 ---, L, where =~ may be read as "transforms to", Fl ---, L is the subgoal to be solved and F2 --* L is the subgoal solved; Fz will be F~ with extra assumptions added to make Fz ~ L solvable. If the clause set contains only Horn clauses, the modified problem reduction format will behave exactly like Prolog, since all the assumption lists will be empty. If the clause set contains non-Horn clauses, the assumption axioms and the case analysis rule will be used to perform case analyses. The idea is: for each negative literal -~L in the clause body of an input clause, we first assume -,L to be true (by adding it to the assumption list) and obtain the proof under this assumption. Then we assume L to be true and obtain the proof under this assumption. The transformation F~ ~ L =~ F2 ---, L is the device for introducing the assumptions and the case analysis rule performs the case analyses. The reader may refer to [11] for a complete discussion of the modified problem reduction format. We will only give an example. Suppose the clause set is S = {P v Q, P v -~Q, -~P v Q, -~P v -~Q}. The input clauses for S are P :- n o t ( q ) . P:-q. q :-P. false :-P, q. In the simplest term, the modified problem reduction format proves the top level goal --. false by considering two cases: the case when Q is true and when Q is false. It decides to perform case analysis on Q when it sees the negative subgoal --* -~Q. To prove the case when Q is false, it transforms the goal ~ false to -,Q ---,false. This part of the proof is shown below.
-,Q ~ -~Q ~ ~Q
-,Q ~ -~Q =~ -~Q ~ -~Q -~Q ~ p => -~Q __. p
p =~ -~Q ~ P -~Q ~ Q =~ -~Q __. Q false ~ -~Q ~ false To prove the case when Q is true, it transforms the goal Q ~ false to Q --* false, as shown below. Q~Q=~Q---,Q Q-.-,P=~Q~P Q---,Q=~Q~Q Q ~ false =~ Q ~ false
X. Nie, D.A. Plaisted
1 14
Then it uses the case analysis rule to combine the two parts to complete the proof. --* false ~ -~Q ~ false, Q ~ false ~ Q ~ false false ~ ~ false
Now we give the soundness and completeness theorems for the modified problem reduction format. For a set of clauses S, we use H s to denote derivability in the system.
Theorem 3.1 (Soundness Theorem in [ 11 ] ). I f H s F1 the list F1 is a prefix of the list F2 and S 1= F2 ~ L.
~
L ~
F2 ---* L, then
Theorem 3.2 (Completeness Theorem in [11]). A set o f clauses S is unsatisfiable i f and only i f H s ~ false ~ ~ false.
Note that the modified problem reduction format is still complete if the case analysis rule is restricted at the top level, as will be the semantic proof system. [Fo --* false =~ F1, -~N ~ false], [F~,N ---,false ~ Fl, N --, false] Fo ~ false ~ F1 --* false
Note that we require that ]Fo[ ~< IF~l. We call an application of the case analysis rule on goals other than those of the form F - , false a local application.
4. The semantic proof system The modified problem reduction format supports backward chaining with caching as well as semantic deletion. But it is not a genuine support strategy since it always uses the negative clauses as its top level goals. To remedy this, we generalize the modified problem reduction format using an interpretation. Suppose we are given a set S of clauses and an interpretation M for S which interprets the literal false to be T. For the moment, we will assume that the input clauses include all contrapositives. We have the following set of inference rules. For each Prolog clause L : - LI, L 2 . . . . , Ln, we have a clause rule M I = E L,
[Fo-*LI=~-*LI],...,[Fn_I--*Ln=~Fn-*Ln] Fo-'* L ~ Fn--* L
The case analysis rule (where N is a positive literal and we require IFol [Fll) is MI=EL,
[Fo--* L ~ F1,-~N ~ L], [F~,N ~ L ~ F~,N ~ L] Fo--* L ~ F1--* L
A semantic backward chaining proof system
115
The assumption axioms are F ~ L
~
F --, -~L ~
F ~ L,
if L E F , L is a literal.
F,-,L ~ -,L,
L is a positive literal.
Note that the semantic proof system differs from the modified problem reduction format in that contrapositives are used and the semantic tests M [= E L are performed prior to the applications of clause rules and case analysis rule. We now prove the soundness and completeness of the system. We only deal with the ground case, which can be lifted to first-order logic in the usual way. Given a set of clauses S and an interpretation M for S, we denote by ~ derivability in the system. T h e o r e m 4.1 (Soundness). I f ~lff FI ---, L ~ 1"2 ~ L, then the list Fl is a prefix o f the list F2 and S I= F2 3 L. ProoL We can prove this by induction on the size of the proof, i.e., the
number of times the inference rules are used, making use of the length restriction in the case analysis rule. (This theorem is the same as the Soundness Theorem in [ 11 ].) [] T h e o r e m 4.2 (Completeness). A set o f clauses S is unsatisfiable if and only
if for any interpretation M for S, ~ f f ~ false ~
false.
Proof. Let atom(S) denote the set of atoms in S and N-atom(S) denote the set of literals -~L where L E atom(S). Let M S be the set of literals in S which are interpreted to be T by M, then M S c_ atom(S) U N-atom(S) U {false}. For every atom A (E a t o m ( S ) ) , either A E M S or -~A E M S . In particular, false E M S . Consider the following set of inferences rules which includes all the clauses rules from S as described above, plus the assumption axioms (where L is a literal)
F~L
:~ F ~ L ,
F--, L
=~ F , L - , L,
ifLEF,
if L ~ M S
and the case analysis rule (where N is a literal, N fL M S and [Fol ~
L E M S,
I 1)
[Fo ~ L=~ F1,N--, L ], [F~,-~N ~ L=~ FI,-~N ~ L ] Fo ~ L ~ FI---" L
That this system is complete, follows from [ 11, Proof of Theorem 6], if we regard all the literals in M S as positive and the remaining literals as negative. The completeness of the semantic proof system follows if we observe that, in the case analysis rule of the semantic proof system, the
1 16
X. Nie, D.A. Plaisted
splitting literal N always occurs positive first. This effectively fixes the order of the two cases for each application of the case analysis rule. Obviously it does not matter in which order the case analysis is done. [] The modified problem reduction format is a special case of the semantic proof system where M S = atom(S) u {false}. Both the modified problem reduction format and the semantic proof system use the same syntactic criterion to detect the occurrence of splitting literals in the assumption axioms. A semantic criterion as in the completeness proof could be used. In practice, the syntactic criterion seems to work better. Let's consider the example in the previous section. We choose the interpretation M = {-~P,-~Q}. The clause set is S = {P v Q, P v -~Q,-~P v Q,--,P v -~Q} and the input clauses according to M are (see Section 8) false not(O) not(P) not(P)
:- n o t ( P ) , not(Q). :- n o t ( P ) . :- not(O). :- 0.
not(Q)
:-
P.
Note that the last two Prolog clauses are contrapositives of each other. The proof goes as follows: The top level goal ~ f a l s e has two subgoals ~ -~P and ~ -~Q. The proof for -~ ~P is ~Q ~ -~Q ~ -~Q Q ~ Q ~ Q ~ Q ___,-~p ~ -~Q ---, -,p Q ~ --,p => Q ~ -~p -~p ~--, -~p The proof for ~ -~Q is ~ ~p=>-~p ~ ~p
p ~ p:=> p---, p
-.-+ -~Q :=> -~p ___, -~Q
P ~ -~Q :=> p ---+-~Q
-~Q ~---, -~Q Then the clause rule -~p ~
-~P, ~ -~Q ~
~Q
-~ f a l s e ~ ~ f a l s e
is used to complete the proof. Note that the proof uses one local application of the case analysis rule on each of the goals ~ -~P and -~ -~Q.
A semantic backward chaining proof system
117
5. Back chaining with caching The semantic proof system supports true backward chaining, which resolution strategies fail to do. In backward chaining, goals are expressed as subgoals, which are similarly expressed, and each subgoal is solved separately. Caching means that a subgoal is solved only once. If a subgoal is solved, its solution is remembered; if a subgoal fails, it is not attempted again. In resolution, many subgoals can occur together in the same clause. If there are a number of choices for how each subgoal could be solved, these choices get multiplied together. As a result, the number of clauses generated could be much larger than the number of subgoals. If caching is used in a back chaining system, the search space is proportional to the number of subgoals. In resolution, however, the search space could be considerably larger. Consider the example of Horn clauses. If backward chaining is used on a set of Horn clauses, all the subgoals are unit clauses. Thus the search space consists entirely of unit clauses. Once a subgoal has been solved and its solution recorded, it never needs to be solved again. Thus the search time is roughly proportional to the number of subgoals (literals) seen times the number of solutions generated. However, using all-negative resolution, which is one of the closest approaches to backward chaining in resolution, the search space will contain clauses having many literals and can be proportional to the number of clauses seen, which may be larger than the number of literals. However, we do not mean to imply that resolution is always inferior. Some of the best theorem proving systems, Otter [ 10 ] for example, are resolution-based systems.
6. Semantic deletion The semantic proof system allows deletion of false subgoals in an arbitrary interpretation as the inference rules suggest. If the clause set consists of only Horn clauses and the interpretation only interprets atoms to be T, the semantic proof system is the same as Gelernter's method. Furthermore, no contrapositive is needed. Thus the semantic proof system is a generalization of Gelernter's method to full first-order logic. We will now show that semantic deletion can be made stronger in several ways. Consider the input clause L :- L1, L2 . . . . . Ln. Suppose M is the interpretation used and F0 ~ L is the subgoal attempted. The use of the corresponding clause rule M I=E L,
[Fo'.--~Ll=~--*Ll],...,[l'n_l--+Ln=~l'n--~Ln] F o ~ L ~ £'n---' L
118
X. /Vie, D.A. Plaisted
can be stopped if there exists a positive literal Li among LI, L 2 , . . . , Ln such that M ~::E Li and L i ¢ F0, even if M I= E L. This is because when Fi-1 ~ Li is attempted, the only way to solve it is to use the assumption axiom since M ~= ELi. But it is impossible to have any extra positive literal in F/_~ other than those already in F0, since the assumption axiom only adds negative literals and the case analysis rule, although adding positive literals, only adds them to the subgoals of F/_ m~ Li, never to the subgoal Fi-1 ~ L i itself. Let's consider the case analysis rule. Suppose the clause set is S = So u G where G are all the goal clauses and we have several models M1 . . . . . Mk for So. The application of the case analysis rule, where L ~ false and IF0[ ~< ]~ ], MI=EL,
[Fo ~ L =~ F1, -~N ~ L ] , [FI , N ~ L ~ F1, N ~ L ] F o ~ L ~ FI ~ L
can be stopped if, after the first transformation Fo ~ L ~ Ft, -~N -~ L, there exists an M j among Ml . . . . . Mk such that M j ~=E F1 ~ L . This follows from the soundness theorem since So ]= F1 ~ L. For example, suppose S = { Q v R , Pv-~Q, PV-~R,-~P},
So = { a v R, e v - ~ a , ev-~R} and G = {--,P}. Let 341 = {-~Q,R, P}, which is a model of So. Then, the application of the case analysis rule on the subgoal ~ Q can be stopped since M1 ~ E Q. This controls the local application of the case analysis rule, because we only perform case analysis on goals that pass the semantic test using all interpretations.
7. Genuine support strategy
A genuine support strategy is one that permits us to concentrate on the theorem. We consider a strategy to be a genuine support strategy if, for an unsatisfiable set of clauses S and an interpretation M of S, the strategy permits us to restrict inferences to those clauses that are false in M. For example, if a backward chaining system is a genuine support strategy, it only uses the clauses that are false (which usually come from the negation of the theorem) as its top-level goals. The modified problem reduction format is not a genuine support strategy because it requires that all inferences depend on a negative clause, thus effectively restricting the interpretations. The semantic proof system, on the other hand, is a genuine support strategy because, given an interpretation M, it only uses as goal clauses those clauses that are false in M. In particular, the semantic proof system is compatible with the set of support strategy
A semantic backward chaining proof system
119
(SOS) [23]. In the set of support strategy, a clause set S is divided into two sets A and T where S = A U T and A n T = 9. A usually represents the axioms and is satisfiable and T, called the set o f support, usually represents the negation of the theorem and the special hypotheses. A resolution operation is only allowed for two clauses if at least one of them comes from the set of support directly or indirectly. Given the partition S = A t3 T and A fq T = and the interpretation M, where M is a model of A and T represents the negation of the theorem, the semantic proof system will only use clauses in T as its top-level goals since they are the only clauses false in M. From the discussion above, we see that, given a clause set S and an interpretation M of S, the semantic proof system does not need the Prolog clause false :- L1, L 2 , . . . , Ln for the clause -~Ll V -~L2 V . . . v -~Ln if M I=u -~Li X/-~L2 V ... V -~Ln, due to the semantic tests in the clause rules and the case analysis rule. We can, however, obtain a stronger result below.
Theorem 7.1. I f S is an unsatisfiable set o f clauses, then it is only necessary to have one goal clause according to some interpretation M. Proof. Assume that S = A t3 T and A f3 T = 0, A is satisfiable and T = {Cl, C2,..., Cn}. If there exists an interpretation M such that M [=u A and M I=u Ci (i = l , . . . , n 1) and M [/=u Cn, we can use Cn as the only goal clause according to the interpretation M. If such an interpretation does not exist, then we know 1= (A tA {C1,C2 . . . . , C n - l } ) ~ Cn. Thus A tA {Cl, C2 . . . . , Cn-l} = Sl is unsatisfiable since S is. We can apply the same argument to $1 to conclude the proof. []
8. Contrapositives and interpretations The Prolog-style extension to full first-order logic (non-Horn clauses) using the model elimination procedure [8] requires the use of all contrapositives if the clause set is non-Horn [ 19]. The modified problem reduction format, on the other hand, does not need any contrapositives. Using contrapositives sometimes costs efficiency since it effectively increases the number of clauses. More importantly, though, it can lead to unnatural search behavior and make the search process difficult to control. See [11] for some examples. However, our experience has shown that, for non-Horn problems especially, some contrapositives can significantly help to improve the efficiency of the prover based on the modified problem reduction format. This is because fewer case analysis steps are needed. The problem is to decide which contrapositives to include as input clauses. First :we want to note that, given an interpretation M for a set of clause S , we only need to include as input clauses the Prolog clauses whose clause
120
X, Nie, D.A. Plaisted
head is existentially satisfied by M. The reason is that if L :- Ll, L2 . . . . . Ln is an input clause and M ~:E L, this clause will never be used in the semantic proof system. Thus this problem becomes part of a larger problem, that is, how to select or design an interpretation for a given theorem? As pointed out in [21], this is not a trivial task. It is difficult to automate since problem domain knowledge is usually required and it is hard to characterize what is a suitable interpretation. It is difficult for a human to do since it is hard to interpret Skolem functions. Fortunately, a human usually has a natural interpretation in mind when he states a theorem. Wang [21] proposes a method for designing interpretations for a set of clauses. This method starts with a natural interpretation of a theorem. To interpret uninterpreted symbols, which are often Skolem function symbols, all the clauses containing the same uninterpreted symbol are put together and some simple interpretation rules are used to assign meaning to the uninterpreted symbol. This method is a general method and can be slightly modified to select the input clauses for the semantic proof system. We will briefly present Wang's method and the modification. Given a natural interpretation I for a theorem and the natural interpretations of the function symbols and predicate symbols, we need to interpret the uninterpreted symbols. We call a N N F formula an interpretation normal form (INF) formula if it is in the following form:
L1 V...vLk V [C1 A . . . A Ch] where the Li's are literals and the Cfls are clauses. Note that, corresponding to the INF formula above, there is an equivalent set of clauses, L~ V ... V Lk V Cl,
L 1 V . . . V Lk V C2, LI V . . . V Lk V Ch. There are two special cases of INF: a clause LI v . . . v L k is in INF form where h = 1 and Cl = [] and a formula C1 A..- A Ch is in INF form where k = 1 and L l = D. We usually combine all the clauses containing the same uninterpreted symbol into an INF formula, where the literals Li a r e common literals in these clauses, then interpret the symbol according to the interpretation rules. Typically the common literals Li do not contain the uninterpreted symbol. There are two interpretation rules for INF formulae. In addition to interpreting uninterpreted symbols, these rules can be used to select all
A semantic backward chaining proof system
121
the necessary contrapositives. For each interpretation instance of an INF formula LIV...VLkV[C1A...
ACh],
we have the following rule: (R.1) i f / [ = E [-~Ll A...A-~Lk], then for each i (1 ~< i ~ h), I [=u Ci, except when Ci is the negation (or part of) of the theorem. (R.1) simply states that the interpretation should satisfy all axioms and hypotheses of the theorem. Since the formula is universally true in I, unless it comes from the negation of the theorem, any interpretation instance should make the formula true in I. Thus, if some interpretation instance makes s o m e Li false in I, that instance must make all Cj true. We guarantee this by requiring that all Cj be universally true in I. For example, if P is interpreted to be F in P v (-~Q A-~R), then both -~Q and -~R should be interpreted to be T. To select the necessary contrapositives, we note that each Ci ( 1 ~ i <~ h) is a clause. Let some Ci be the clause Nl V N2 v . . - v Nn. Each Nj ( 1 <~ j <~ n ) would be the head of some Prolog clause. However, if for some Ns (1 <~ s <~ n ), I [/=E Ns, we need not include as input clause the Prolog clause whose head is Ns for the simple reason that this contrapositive would never be used. If for some j, I ~ E Cj, we will include a goal clause false : - -~LI . . . . . -~Lk,-~Cj, with a little misuse of notation. Each Li could be head of an input clause, depending on whether I [= E L i . (R.2) If I [=u [L1 V-.. V L k ], then, where possible, there should be at most one i (1 ~< i ~ h) such that I I=E ~Ci. (R.2) simply states that there should be as few rules as possible applicable to a subgoal. To select the input clauses, we note that each Li (1 ~< i ~ h) could be the clause head of some input clauses. Again, we need not include those Prolog clauses whose head is Ls (1 ~ s ~ h) where I ~ E Ls. If I I=E Lm (1 ~ m ~ h), we would include, again, with a little misuse of notation, the following Prolog clauses as input clauses:
Zm : - -~Ll . . . . . ~Lk, 'aC1. Lm :- -',Ll . . . . , ~Lk, -,C2. Lm :- ~L1 . . . . . -,Lk, -~Ch. Consider the task of proving F - . Lm. Rule (R.2) states that there should be only one rule for proving F --, Lm since there is at most one Cj that can pass the semantic test I I=E -~Cj. For example, if P is interpreted to be T
122
X. Nie, D.A. Plaisted
in P V (-~Q/x -~R), either Q or R can be interpreted to be T, but not both. Note that P v (-~Q/x -~R) can be represented by two Prolog clauses P :- Q and P : - R. If we interpret Q to be T, then only P : - Q can be used to prove F -~ P in the semantic proof system.
9. Predictive splitting Let's consider a degenerated case of the case analysis rule, [F ~ L ~
F , L ~ L], [F,-~L ~ L ~ F~L~F~L
F,-~L ~ L]
Because F ~ L ~ F, L ~ L is the assumption axiom in our system, this rule is simplified to ~ L ~ L ~ L ~ L F~L~F~L
We call this predictive splitting since we usually decide to perform this (implicit) case analysis by means other than the syntactic criterion. This rule is formulated based on the observation that it is often much easier to prove /',-~L ~ L than F --, L since we can use the negation of the goal. This rule can be regarded as a limited use of the ancestry resolution of model elimination [8]. The application of this rule needs heuristic guidance since it could be used for any subgoal. One useful heuristic is to use the technique on subgoal L if L is at or near the top-level and is satisfied by all the interpretations we have. Such an L is likely to be a successful subgoal, therefore proving F,-~L -~ L is like using proof by contradiction to prove L. This technique is very important for proofs of several 'hard' problems, including the intermediate value theorem and several set-theoretic problems in [22].
10. Implementation and examples To implement the semantic proof system, we modified the existing implementation of the modified problem reduction format [ 11 ] to include the semantic tests. Given an interpretation, we design a procedure to compute the interpreted values of functions and predicates. The prover invokes this procedure to perform the semantic tests. Let's discuss several examples.
A semantic backward chaining proof system
123
Intermediate Value Theorem (IMV) The theorem states that, if a function f is continuous in a real closed interval [a, b ] with f ( a ) <~ 0 and f ( b ) >1 O, then q x [ ( a <~ x) A (x ~ b) A ( f ( x )
= 0)].
This problem is discussed in [ 1,3]. We list the input clauses for IMV below.
p(a, b). p(f(a), 0). p(O, f(b)). least upper bound axioms. lubl p(X, 1) :- p(X, b), p(f(X), 0). lub2 p(f(g(X)), O) :- not(p(1, X)). p(g(X), b) :- not(p(1, X)). p(1, X) :- p(g(X), X). inequality axioms. p(X, X). p(X, Z) :- p(X, Y), p(Y, Z). p(X, Y) :- not(p(Y, X)). interpolation axioms. p(X, Y) :- p(X, q(Y, X)). p(X, Y) :- p(q(Y, X), Y). continuity axioms. p(f (X), O) :-p(a, X), p(X, b), p(X, h(X)). p(f (X), O) :- not(p(Z, h(X))), p(a, X), p(X, b), p(Z, X), p(f(Z), 0). p(O, f(X)) :-p(a, X), p(X, b), p(k(X), X). p(O, fCX)) :-not(p(k(X), Z)), p(a, X), p(X, b), p(X, Z), p(O, f ( Z ) ) . 7. The theorem. f a l s e :- p(f(X), 0), p(O, f(X)). We have designed the following interpretation for IMV using the two interpretation rules.
X. Nie, D.A. Plaisted
124
a = 0,
b = 2,
P ( x , y ) = x <~y, 1,
g(x) =
l = 1,
f ( x ) = x - 1;
q(x,Y) = ½(x + y); i f l ~
½(x+ 1), ifO ~ < x < 1;
h(x) = { ½ ( x + l ) , 1,
ifl
i f l ~
k(x) =
;'(x + 1), i f O ~ < x < 1.
Let us explain in detail how we obtain the interpretation for the Skolem function g(x). Following [21 ], the INF formula we consider is
p(l,x) V [p(f (g(x) ),O) A p(g(x),b) A -~p(g(x),x) ]. There are two cases to consider: • 1 ~< x ~< 2. In this case, p(l,x) will always be true. According to (R.2), at most one of ~p(f(g(x)),O), -~p(g(x),b) and p ( g ( x ) , x ) can be true. We m a k e p ( g ( x ) , x ) true, thus -~p(f(g(x)),O) and -~p(g(x),b) should be false. From these we derive g (x) ~< x /x g (x) ~< 1, which will be satisfied if we make g (x) = 1. • 0 ~< x < 1. In this case, p(l,x) is always false. According to (R.1), all o f p ( f ( g ( x ) ) , 0), p(g(x), b) and -~p(g(x),x) must be true. From these we derive x < g(x) ~< 1, which will be satisfied if we let g(x) = !2( x + 1). During the process of designing the interpretation, we select the necessary contrapositives based on the interpretation. Some contrapositives are determined to be unnecessary. For example, the two Prolog clauses of the clause
p ( f (x),O) V -~p(a,x) V -~p(x,b ) v -~p(x,h(x) ) with -~p (a, x ) or -~p (x, b) being the clause heads need not be included since any reasonable interpretation will interpret both of them to be F. To use the interpretation, we write a Prolog procedure which, when given a subgoal P, tests whether P is (existentially) satisfied by the interpretation. If a subgoal P is not satisfied, no clause rule or the case analysis rule will be used to prove it. For the sake of efficiency, we only perform the semantic test on ground subgoals. We could test nonground subgoals by choosing a finite domain. For example, the domain could be [0,1,2] for our example. To prove IMV, the prover automatically instantiates the top level goal to f ( l ) = 0 using the interpretation
A semantic backward chaining proof system
125
false :- [ ]
p ( f ( 1 ) ,o) : - [ ] not p ( g ( h ( 1 ) ) , h ( 1 ) ) : - [ ] not p ( 1 , h ( 1 ) ) : - [ ] p(a,l):-[ ] input (p(a,b)) inpuz (p (f ( a ) , 0) ) p(1,b) :- [ ] t r a n s p o s e d from false :- [not p ( 1 , b ) ] cases not p(l,b) : assumption( (not p(l ,b) :- [not p(l,b)] ) ) p(l,b) : p(l,b) :- [not p(l,b)] p(g(b),b) :-[not p(l,b)] assumption( (not p(l,b) :- [not p(l,b)] ) ) not p(f(1),O):-[ ] transposed from assume (not p (f (i),0)) lemma((p(a,l) :-[ ])) lemma((p(l,b) :-[ ])) p(g(h(1)),l) :-[ ] p ( g ( h ( 1 ) ) , b ) : - [ ] t r a n s p o s e d from f a l s e : - [not p(g(h(1)) ,b)] cases not p(f(1),O) : not p(f(1),O):-[not p(g(h(1)),b)] transposed from assume (not p (f (1), O) ) p ( f (1) ,0) : p ( f (1) ,0) :-Knot, p(gCh(1)) ,b)]
lemma((p(a,1) :-[ ] )) lemma((p(1,b) : - [ ] ) ) p ( 1 , h ( 1 ) ) :-[not, p ( g ( h ( 1 ) ) , b ) ] assumption((not, p ( g ( h ( 1 ) ) ,b) :-[not, p ( g ( h ( 1 ) ) ,b)] )) p(f(g(h(1))),0):-[ ] lemma((not, p ( 1 , h ( 1 ) ) : - [ ] ) ) lemma((p(f ( g ( h ( 1 ) ) ) ,0) :- [ ] )) Fig. 1. Proof for Intermediate Value Theorem (Part 1).
and solves the two subgoals (f(1) <~ 0 and f ( l ) >/ 0) by performing predictive splitting on them, since the two subgoals are near the top level and they are both satisfied by the interpretation. We want to point out that, without the contrapositives, our prover fails to obtain a proof even for the instantiated version of IMV. We show the proof in two parts in Figs. 1 and 2. The prover takes 2,054 seconds and performs 11,786 inferences. 1
IAU data are obtained on a SUN3/60 workstation with 12Mb memory using ALS-Prolog (Version 0.60).
126
X. Nie, D.A. Plaisted
p(0,f(1)) :-[ ] not p(k(1),q(l,k(1))):-[ ] not p(k(1),l):-[ ] lemma((p(a,l) :- [ ])) lemma((p(l,b) :-[ ])) not p(O,f(1)):-[ ] transposed from assume(not p(O,f (i))) lemma((p(a,l) :-[ ])) lemma((p(l,b) :-[ ])) p(l,q(l,k(1))) :-[ ] not p(q(l,k(1)),l):-[ ] lemma((not p(k(1),l):-[ ])) p(O,f(q(l,k(1)))):-[ ] transposed from false:- [not p(O,f (q(l,k(1))))] not p(q(l,k(1)),l) :
cases
lemma((not p(q(l,k(1)),l):-[ ])) p (q(l,k(1)),i) : p(q(l,k(1)),l):-[not p(O,f(q(l,k(1))))] p(q(l,k(1)),b) :-[ ] p(k(1),b) :-[ ] lemma((not p(O,f(1)):-[ ])) lemma((p(a,l) :-[ ])) lemma((p(l,b) :-[ ])) lemma((p(l,b) :-[ ])) input (p(O, f (b))) p(q(l,k(1)),k(1)) :- [ ] lemma((not p(k(1),q(l,k(1))):-[ ])) p(f(q(l,k(1))),O):-[not p(O,f(q(l,k(1))))] assumption((not p(O,f(q(l,k(1)))):-[not p(O,f(q(l,k(1))))])) Fig. 2. Proof for Intermediate Value Theorem (Part 2).
Schubert's steamroller problem This problem has been the subject of much study [18,20]. Our prover gets a proof for this problem in 600 seconds, without any contrapositives and without using any interpretations. 12,196 inferences are performed and 81 solutions are generated. The prover takes 450 seconds to obtain the same proof using an interpretation designed based on the statement of the problem [20]. 10,311 inferences are performed and 76 solutions are generated. Although there are much faster proofs of the problem by other systems [18], we think that the performance improvement of the prover using semantics is important. Furthermore, our prover fares well in terms of the number of inferences performed, which is roughly equivalent to the number of successful unifications, and the number of solutions generated, which is roughly equivalent to the number of derived clauses [l 8].
A semantic backward chaining proof system
127
Attaining minimum (or maximum) theorem (AM8) The theorem states that a continuous function in a closed real interval [a, b] attains its minimum (or maximum) value in this interval. The prover obtains a proof for this problem in 8,000 seconds, with all contrapositives and without using any interpretation. 46,141 inferences are performed and 1,688 solutions are generated. The prover takes 5,220 seconds to obtain a proof using an interpretation similar to the one for IMV, using the same set of input clauses. 63,310 inferences are performed and 1,254 solutions are generated. Again, we think that the performance improvement of the prover using semantics is important. We note that, without the contrapositives, the prover cannot obtain a proof. A look at the proof tells why. The contrapositives significantly reduce the number of case analyses by solving some negative subgoals directly.
11. Conclusion We have presented a complete sequent-style clause-based proof system. The system supports backward chaining with caching and is a genuine support strategy. It allows semantic deletion using interpretations. What is also interesting about the semantic proof system is that it provides an answer to the problem of how contrapositives are handled in similar systems. The use of multiple interpretations for controlling local applications of the case analysis rule is also interesting. We need to do more research on the effect of semantic deletion in the semantic proof system. We have experienced several occasions where it has an adverse effect on the performance of the prover to delete subgoals using semantics.
Acknowledgement We thank the referees and Neil Murray for their comments.
References [ 1]
[2] [3] [4]
A. Ballantyne and W.W. Bledsoe, On generating and using examples in proof discovery, in: J.E. Hayes, D. Michie and Y.-H. Pao, eds., Machine Intelligence 10 (Ellis Horwood, Chichester, 1982) 3-39. W. Bibel, Automated Theorem Proving (Vieweg, Braunschweig, 1987). W.W. Bledsoe, Using examples to generate instantiations for set variables, Tech. Rept. No. ATP-67, Department of Computer Science, University of Texas at Austin, Austin, TX (1982). R. Boyer, Locking: A restriction of resolution, Ph.D. Thesis, Department of Computer Science, University of Texas at Austin, Austin, TX (1970).
128 [5] [6] [7] [8] [9] [10] [11] [12] [ 13 ]
[14] [15] [16] [17] [18] [19] [20] [21] [22] [23]
X. Nie, D.A. Plaisted J. Gallier, Logics for Computer Science: Foundations of Automatic Theorem Proving (Harper and Row, Philadelphia, PA, 1986). H. Gelernter, Realization of a geometry theorem-proving machine, in: E.A. Feigenbaum and J. Feldman, eds., Computers and Thought (McGraw-Hill, New York, 1963) 134-152. J.W. Lloyd, Foundations of Logic Programming (Springer, New York, 1987). D.W. Loveland, A simplified format for the model elimination theorem-proving procedure, J. ACM 16 (3) (1969) 349-363. D. Luckham, Refinement theorems in resolution theory, in: Proceedings IRIA Symposium on Automatic Demonstration, Versailles, France (Springer, New York, 1970) 163-190. W. W. McCune, Otter 2.0 users' guide, ANL-90/9, Mathematics and Computer Science Division, Argonne National Laboratory, Argonne, IL (1990). D.A. Plaisted, Non-Horn clause logic programming without contrapositives, J. Autom. Reasoning 4 (3) (1988) 287-325. D.A. Plaisted, A sequent-style model elimination strategy and a positive refinement, J. Autom. Reasoning 6 (4) (1990) 389-402. D.A. Plaisted and S. Greenbaum, Problem representations for back chaining and equality in resolution theorem proving, in: Proceedings First Annual AI Applications Conference, Denver, CO (1984) 417-423. R. Reiter, A semantically guided deductive system for automatic theorem proving, IEEE Trans. Comput. 25 (4) (1976) 328-334. J.A. Robinson, A machine-oriented logic based on the resolution principles, J. ACM 12 (1) (1965) 23-41. D.M. Sandford, Using Sophisticated Models in Resolution Theorem Proving (Springer, New York, 1980). J.R. Slagle, Automatic theorem proving with renamable and semantics resolution, J. ACM 14 (4) (1967) 687-697. M.E. Stickel, Schubert's steamroller problem: formulations and solutions, J. Autom. Reasoning 2 (1986) 89-101. M.E. Stickel, A PROLOG technology theorem prover, J. Autom. Reasoning 4 (4) (1988) 353-380. C. Walther, A mechanical solution of Schubert's steamroller by many-sorted resolution, Artif Intell. 26 (1985) 217-224. T.C. Wang, Designing examples for semantically guided hierarchical deduction, in: Proceedings IJCAI-85, Los Angeles, CA (1985) 1201-1207. T.C. Wang and W.W. Bledsoe, Hierarchical deduction, J. Autom. Reasoning3 (1) (1987) 35-77. L.T. Wos, G.A. Robinson and D.F. Carson, Efficiency and completeness of the set of support strategy in theorem proving, J. A CM 12 (4) (1965) 484-489.
109
A semantic backward chaining proof system * Xumin Nie Institute for Programming and Logics, Department of Computer Science, State University of New York at Albany,Albany, NY 12222, USA
D a v i d A. P l a i s t e d Department of Computer Science, University of North Carolina,Chapel Hill, NC 27599, USA Received January 1991 Revised June 1991
Abstract Nie, X. and D.A. Plaisted, A semantic backward chaining proof system, Artificial Intelligence 55 (1992) 109-128. We discuss a refutationally complete sequent style clause-based proof system that supports several important strategies in automatic theorem proving. The system has a goal-subgnal structure and supports backward chaining with caching. It permits semantic deletion, sometimes using multiple interpretations. It is also a genuine support strategy. We also show how to use multiple interpretations to control the case analysis rule, also called the splitting rule, how to design interpretations and how to select input clauses for a theorem.
1. Introduction Several strategies are important for automatic theorem proving [5]. One such strategy is backward chaining with caching. Backward chaining systems work in top-down fashion, where goals are expressed as subgoals, which are similarly expressed, and each subgoal is solved separately. Back chaining Correspondence to: X. Nie, Institute for Programming and Logic, Department of Computer Science, State University of New York at Albany, Albany, NY 12222, USA. *This work was partially supported by the National Science Foundation under grant CCR8802282. A preliminary version of this paper appeared in Proceedings of lOth International Conference on Automated Deduction (Kaiserslautern, Germany, July 1990).
0004-3702/92/$ 05.00 (~) 1992 - - Elsevier Science Publishers B.V. All rights reserved
110
X. Nie, D.A. Plaisted
is a fundamental problem solving method. Any proof system that cannot perform backward chaining properly is handicapped from the start. Caching is used to avoid repeated solution of the same subgoal. Another strategy is semantic deletion, which is used with backward chaining systems. Semantic deletion makes subgoals fail if they are false in one of a collection of interpretations. It allows the use of problem dependent knowledge to reduce the search space. The third strategy is genuine support, which permits us to concentrate on the theorem. This strategy is important when there are many assertions, because it focuses the search on relevant assertions. Although none of above mentioned strategies is new, a complete theorem proving system that supports all of them seems attractive. We will discuss such a system, called a semantic proof system. The system is a sequent style clause-based refutational system, in contrast to other subgoal methods like Gentzen style systems [5], which are often affirmative systems, that is, they prove a theorem from axioms, rather than deriving a contradiction from the negation of a theorem. Quite a number of theorem proving systems have been studied that support some of the strategies. Gelernter's geometry theorem prover [6] is the earliest system, which proves theorems in plane geometry. It uses backward chaining and deletes subgoals determined to be false by semantic information represented as diagrams of geometrical constructions. The inference rule in Gelernter's system is similar to that of Prolog [7] and is only complete for Horn clauses. The semantic proof system in this paper is a generalization of Gelernter's system to full first order logic. Reiter [14] proposes a natural deduction system which uses arbitrary interpretations to delete false subgoals. Reiter's system is not complete for first order logic. It is not clear how caching can be done in Reiter's system. The model elimination (ME) procedure [8] supports backward chaining and is a genuine support strategy. No semantic deletion can be performed in ME. Caching is not easy to do in ME, because the number of subgoals may be large due to the ancestor lists (however, see [ 12 ] ). Slagle [ 17 ] proposes semantic resolution which is a generalization of hyper-resolution to an arbitrary interpretation. Slagle's system gives a semantics criterion for restricting which resolutions can be performed. Our semantic proof system is in the spirit of Slagle's system. But Slagle's system cannot support backward chaining and it can only use one interpretation. Sandford [16] proposes hereditary lock resolution which combines locking resolution [4] and the model strategy [9]. It also gives a semantic criterion for restricting resolutions. This system fails to support backward chaining too. The resolution-based semantically guided hierarchical deduction [22] uses only false resolvents in some interpretation as goal clauses, but it does not seem to be a genuine support strategy. The connection method [2] can achieve many refinements of the resolution principle [15]. In a broad sense, the semantic proof system can probably be
A semantic backward chaining proof system
111
regarded as another such refinement. However, in the connection method, subgoals and solutions are not explicitly represented, nor is there a method for deleting subgoals false in an interpretation. There is no provision for caching subgoals and solutions either. But, it is possible that the connection graph method could be modified to accommodate these strategies.
2. Terminology A term is a well formed expression composed of variables, constant symbols and function symbols. An atom is an expression of the form p (tl . . . . . tn ) where ti (1 ~ i ~ n) are terms and p is a predicate symbol. A literal is an atom or an atom preceded by a negation sign -~. A literal is positive if it is an atom, negative if it is an atom preceded by -~. For an atom A, A = -~-~A. A clause is a disjunction of literals. A Horn clause is a clause with at most one positive literal. A non-Horn clause is a clause with more than one positive literals. A negative clause is a clause with only negative literals. We use Prolog notation and define a Prolog clause to be an expression L :- L 1, L2,..., Ln, which represents a clause L V-~L1V ~L2 V..- V -~Ln, .where L is the head literal, or simply the head, and the set of Li's (i = 1. . . . , n ) constitutes the clause body. A clause C is converted into a Prolog clause PC by first choosing as the head literal of PC one of the literals of C or the reserved literal f a l s e and then putting in the clause body of PC the negation of all other literals of C. A clause containing n literals can be represented by n + 1 Prolog clauses, which are called contrapositives of each other. For example, the four contrapositives of the clause P V -~Q v -~R are (false :- -~P,Q,R), (P :- Q,R), (-~Q :- -~P,R) and (-~R : - Q,-~P). A goal clause is a Prolog clause whose head is false. A formula in negation normal form (a NNF formula) is a quantifierfree first order formula containing no logical symbols other than -~, A and V, where each negation symbol -~ precedes an atom. A clause is a NNF formula by definition. An interpretation I for a NNF formula W consists of a domain D together with • For each n-ary predicate symbol P in W, an associated function PI " D n ~ { T , F}. • For each n-ary function symbol G in W, an associated function G~ : Dn ---~ D. The logical symbols are interpreted in an interpretation I in the usual way. An interpretation instance of a term or a NNF formula W, denoted by W', is obtained from W by substituting all variables occurring in W with some elements in D. We use E to stand for existential and U to stand for universal. For a N N F formula W, we use I [=E W to denote~the fact that
1 12
X. Nie, D.A. Plaisted
there is an interpretation instance W' of W which is interpreted to be T by I. We use I 1= u W to denote the fact that the interpretation I interprets all the interpretation instances W' of W to be T. We use I V=E W to denote I I=u -~W and use I ~ v W to denote I I=E -~W. We call an interpretation I a model for a N N F formula W if I 1= t: W. An interpretation I is a model for a set of N N F formulae if it is a model for each formula in the set. We use ~ and t= to denote derivability and validity, respectively.
3. Modified problem reduction format The modified problem reduction format [11] is an extension of Prologstyle Horn clauses logic programming to full first-order logic. It uses Prolog style backward chaining without contrapositives and handles non-Horn clauses using case analysis. The input clauses to the modified problem reduction format are given as Prolog clauses. For each clause, only one Prolog clause will be needed. The clause head of an input clause must be either a positive literal (for clauses containing positive literals) or false (for negative clauses). The modified problem reduction format has an inference rule for each input clause plus the assumption axioms and the case analysis rule. If S is a set of Prolog clauses, we obtain a set of inference rules from S for the modified problem reduction format as follows: For each Prolog clause L :- Ll, L 2 , . . . , Ln in S, we have the following clause rule. We call the F ' s on the left of the arrow ~ the assumption list.
Clause rules [F0 ~ L1 ~ F I ~ L 1 ] . . . . , [Fn-1 ~ L n ~ F n ~ L n ]
Fo~L~--+L We also have the assumption axioms and the case analysis rule where N is a positive literal.
Assumption axioms F~L
=~ F ~ L ,
F ~ -~L ~
ifLEF,
F,-~L -+ -~L,
Lisaliteral,
L is a positive literal.
Case analysis rule [Fo---~L~,-~N---~L],
[~,N---~L*IrI,N--+L], F o ~ L ~ I]I ~ L
IF0l ~< ICI
We call the literal N in the case analysis rule the splitting literal. IF] denotes the number of literals in F. Let's briefly explain the modified problem reduction format. Subgoals are of the form F -+ L where F is a list of literals and L is a literal. F ~ L is to be understood as F D L.
A semantic backward chaining proof system
113
In FI ~ L =~ F2 ---, L, where =~ may be read as "transforms to", Fl ---, L is the subgoal to be solved and F2 --* L is the subgoal solved; Fz will be F~ with extra assumptions added to make Fz ~ L solvable. If the clause set contains only Horn clauses, the modified problem reduction format will behave exactly like Prolog, since all the assumption lists will be empty. If the clause set contains non-Horn clauses, the assumption axioms and the case analysis rule will be used to perform case analyses. The idea is: for each negative literal -~L in the clause body of an input clause, we first assume -,L to be true (by adding it to the assumption list) and obtain the proof under this assumption. Then we assume L to be true and obtain the proof under this assumption. The transformation F~ ~ L =~ F2 ---, L is the device for introducing the assumptions and the case analysis rule performs the case analyses. The reader may refer to [11] for a complete discussion of the modified problem reduction format. We will only give an example. Suppose the clause set is S = {P v Q, P v -~Q, -~P v Q, -~P v -~Q}. The input clauses for S are P :- n o t ( q ) . P:-q. q :-P. false :-P, q. In the simplest term, the modified problem reduction format proves the top level goal --. false by considering two cases: the case when Q is true and when Q is false. It decides to perform case analysis on Q when it sees the negative subgoal --* -~Q. To prove the case when Q is false, it transforms the goal ~ false to -,Q ---,false. This part of the proof is shown below.
-,Q ~ -~Q ~ ~Q
-,Q ~ -~Q =~ -~Q ~ -~Q -~Q ~ p => -~Q __. p
p =~ -~Q ~ P -~Q ~ Q =~ -~Q __. Q false ~ -~Q ~ false To prove the case when Q is true, it transforms the goal Q ~ false to Q --* false, as shown below. Q~Q=~Q---,Q Q-.-,P=~Q~P Q---,Q=~Q~Q Q ~ false =~ Q ~ false
X. Nie, D.A. Plaisted
1 14
Then it uses the case analysis rule to combine the two parts to complete the proof. --* false ~ -~Q ~ false, Q ~ false ~ Q ~ false false ~ ~ false
Now we give the soundness and completeness theorems for the modified problem reduction format. For a set of clauses S, we use H s to denote derivability in the system.
Theorem 3.1 (Soundness Theorem in [ 11 ] ). I f H s F1 the list F1 is a prefix of the list F2 and S 1= F2 ~ L.
~
L ~
F2 ---* L, then
Theorem 3.2 (Completeness Theorem in [11]). A set o f clauses S is unsatisfiable i f and only i f H s ~ false ~ ~ false.
Note that the modified problem reduction format is still complete if the case analysis rule is restricted at the top level, as will be the semantic proof system. [Fo --* false =~ F1, -~N ~ false], [F~,N ---,false ~ Fl, N --, false] Fo ~ false ~ F1 --* false
Note that we require that ]Fo[ ~< IF~l. We call an application of the case analysis rule on goals other than those of the form F - , false a local application.
4. The semantic proof system The modified problem reduction format supports backward chaining with caching as well as semantic deletion. But it is not a genuine support strategy since it always uses the negative clauses as its top level goals. To remedy this, we generalize the modified problem reduction format using an interpretation. Suppose we are given a set S of clauses and an interpretation M for S which interprets the literal false to be T. For the moment, we will assume that the input clauses include all contrapositives. We have the following set of inference rules. For each Prolog clause L : - LI, L 2 . . . . , Ln, we have a clause rule M I = E L,
[Fo-*LI=~-*LI],...,[Fn_I--*Ln=~Fn-*Ln] Fo-'* L ~ Fn--* L
The case analysis rule (where N is a positive literal and we require IFol [Fll) is MI=EL,
[Fo--* L ~ F1,-~N ~ L], [F~,N ~ L ~ F~,N ~ L] Fo--* L ~ F1--* L
A semantic backward chaining proof system
115
The assumption axioms are F ~ L
~
F --, -~L ~
F ~ L,
if L E F , L is a literal.
F,-,L ~ -,L,
L is a positive literal.
Note that the semantic proof system differs from the modified problem reduction format in that contrapositives are used and the semantic tests M [= E L are performed prior to the applications of clause rules and case analysis rule. We now prove the soundness and completeness of the system. We only deal with the ground case, which can be lifted to first-order logic in the usual way. Given a set of clauses S and an interpretation M for S, we denote by ~ derivability in the system. T h e o r e m 4.1 (Soundness). I f ~lff FI ---, L ~ 1"2 ~ L, then the list Fl is a prefix o f the list F2 and S I= F2 3 L. ProoL We can prove this by induction on the size of the proof, i.e., the
number of times the inference rules are used, making use of the length restriction in the case analysis rule. (This theorem is the same as the Soundness Theorem in [ 11 ].) [] T h e o r e m 4.2 (Completeness). A set o f clauses S is unsatisfiable if and only
if for any interpretation M for S, ~ f f ~ false ~
false.
Proof. Let atom(S) denote the set of atoms in S and N-atom(S) denote the set of literals -~L where L E atom(S). Let M S be the set of literals in S which are interpreted to be T by M, then M S c_ atom(S) U N-atom(S) U {false}. For every atom A (E a t o m ( S ) ) , either A E M S or -~A E M S . In particular, false E M S . Consider the following set of inferences rules which includes all the clauses rules from S as described above, plus the assumption axioms (where L is a literal)
F~L
:~ F ~ L ,
F--, L
=~ F , L - , L,
ifLEF,
if L ~ M S
and the case analysis rule (where N is a literal, N fL M S and [Fol ~
L E M S,
I 1)
[Fo ~ L=~ F1,N--, L ], [F~,-~N ~ L=~ FI,-~N ~ L ] Fo ~ L ~ FI---" L
That this system is complete, follows from [ 11, Proof of Theorem 6], if we regard all the literals in M S as positive and the remaining literals as negative. The completeness of the semantic proof system follows if we observe that, in the case analysis rule of the semantic proof system, the
1 16
X. Nie, D.A. Plaisted
splitting literal N always occurs positive first. This effectively fixes the order of the two cases for each application of the case analysis rule. Obviously it does not matter in which order the case analysis is done. [] The modified problem reduction format is a special case of the semantic proof system where M S = atom(S) u {false}. Both the modified problem reduction format and the semantic proof system use the same syntactic criterion to detect the occurrence of splitting literals in the assumption axioms. A semantic criterion as in the completeness proof could be used. In practice, the syntactic criterion seems to work better. Let's consider the example in the previous section. We choose the interpretation M = {-~P,-~Q}. The clause set is S = {P v Q, P v -~Q,-~P v Q,--,P v -~Q} and the input clauses according to M are (see Section 8) false not(O) not(P) not(P)
:- n o t ( P ) , not(Q). :- n o t ( P ) . :- not(O). :- 0.
not(Q)
:-
P.
Note that the last two Prolog clauses are contrapositives of each other. The proof goes as follows: The top level goal ~ f a l s e has two subgoals ~ -~P and ~ -~Q. The proof for -~ ~P is ~Q ~ -~Q ~ -~Q Q ~ Q ~ Q ~ Q ___,-~p ~ -~Q ---, -,p Q ~ --,p => Q ~ -~p -~p ~--, -~p The proof for ~ -~Q is ~ ~p=>-~p ~ ~p
p ~ p:=> p---, p
-.-+ -~Q :=> -~p ___, -~Q
P ~ -~Q :=> p ---+-~Q
-~Q ~---, -~Q Then the clause rule -~p ~
-~P, ~ -~Q ~
~Q
-~ f a l s e ~ ~ f a l s e
is used to complete the proof. Note that the proof uses one local application of the case analysis rule on each of the goals ~ -~P and -~ -~Q.
A semantic backward chaining proof system
117
5. Back chaining with caching The semantic proof system supports true backward chaining, which resolution strategies fail to do. In backward chaining, goals are expressed as subgoals, which are similarly expressed, and each subgoal is solved separately. Caching means that a subgoal is solved only once. If a subgoal is solved, its solution is remembered; if a subgoal fails, it is not attempted again. In resolution, many subgoals can occur together in the same clause. If there are a number of choices for how each subgoal could be solved, these choices get multiplied together. As a result, the number of clauses generated could be much larger than the number of subgoals. If caching is used in a back chaining system, the search space is proportional to the number of subgoals. In resolution, however, the search space could be considerably larger. Consider the example of Horn clauses. If backward chaining is used on a set of Horn clauses, all the subgoals are unit clauses. Thus the search space consists entirely of unit clauses. Once a subgoal has been solved and its solution recorded, it never needs to be solved again. Thus the search time is roughly proportional to the number of subgoals (literals) seen times the number of solutions generated. However, using all-negative resolution, which is one of the closest approaches to backward chaining in resolution, the search space will contain clauses having many literals and can be proportional to the number of clauses seen, which may be larger than the number of literals. However, we do not mean to imply that resolution is always inferior. Some of the best theorem proving systems, Otter [ 10 ] for example, are resolution-based systems.
6. Semantic deletion The semantic proof system allows deletion of false subgoals in an arbitrary interpretation as the inference rules suggest. If the clause set consists of only Horn clauses and the interpretation only interprets atoms to be T, the semantic proof system is the same as Gelernter's method. Furthermore, no contrapositive is needed. Thus the semantic proof system is a generalization of Gelernter's method to full first-order logic. We will now show that semantic deletion can be made stronger in several ways. Consider the input clause L :- L1, L2 . . . . . Ln. Suppose M is the interpretation used and F0 ~ L is the subgoal attempted. The use of the corresponding clause rule M I=E L,
[Fo'.--~Ll=~--*Ll],...,[l'n_l--+Ln=~l'n--~Ln] F o ~ L ~ £'n---' L
118
X. /Vie, D.A. Plaisted
can be stopped if there exists a positive literal Li among LI, L 2 , . . . , Ln such that M ~::E Li and L i ¢ F0, even if M I= E L. This is because when Fi-1 ~ Li is attempted, the only way to solve it is to use the assumption axiom since M ~= ELi. But it is impossible to have any extra positive literal in F/_~ other than those already in F0, since the assumption axiom only adds negative literals and the case analysis rule, although adding positive literals, only adds them to the subgoals of F/_ m~ Li, never to the subgoal Fi-1 ~ L i itself. Let's consider the case analysis rule. Suppose the clause set is S = So u G where G are all the goal clauses and we have several models M1 . . . . . Mk for So. The application of the case analysis rule, where L ~ false and IF0[ ~< ]~ ], MI=EL,
[Fo ~ L =~ F1, -~N ~ L ] , [FI , N ~ L ~ F1, N ~ L ] F o ~ L ~ FI ~ L
can be stopped if, after the first transformation Fo ~ L ~ Ft, -~N -~ L, there exists an M j among Ml . . . . . Mk such that M j ~=E F1 ~ L . This follows from the soundness theorem since So ]= F1 ~ L. For example, suppose S = { Q v R , Pv-~Q, PV-~R,-~P},
So = { a v R, e v - ~ a , ev-~R} and G = {--,P}. Let 341 = {-~Q,R, P}, which is a model of So. Then, the application of the case analysis rule on the subgoal ~ Q can be stopped since M1 ~ E Q. This controls the local application of the case analysis rule, because we only perform case analysis on goals that pass the semantic test using all interpretations.
7. Genuine support strategy
A genuine support strategy is one that permits us to concentrate on the theorem. We consider a strategy to be a genuine support strategy if, for an unsatisfiable set of clauses S and an interpretation M of S, the strategy permits us to restrict inferences to those clauses that are false in M. For example, if a backward chaining system is a genuine support strategy, it only uses the clauses that are false (which usually come from the negation of the theorem) as its top-level goals. The modified problem reduction format is not a genuine support strategy because it requires that all inferences depend on a negative clause, thus effectively restricting the interpretations. The semantic proof system, on the other hand, is a genuine support strategy because, given an interpretation M, it only uses as goal clauses those clauses that are false in M. In particular, the semantic proof system is compatible with the set of support strategy
A semantic backward chaining proof system
119
(SOS) [23]. In the set of support strategy, a clause set S is divided into two sets A and T where S = A U T and A n T = 9. A usually represents the axioms and is satisfiable and T, called the set o f support, usually represents the negation of the theorem and the special hypotheses. A resolution operation is only allowed for two clauses if at least one of them comes from the set of support directly or indirectly. Given the partition S = A t3 T and A fq T = and the interpretation M, where M is a model of A and T represents the negation of the theorem, the semantic proof system will only use clauses in T as its top-level goals since they are the only clauses false in M. From the discussion above, we see that, given a clause set S and an interpretation M of S, the semantic proof system does not need the Prolog clause false :- L1, L 2 , . . . , Ln for the clause -~Ll V -~L2 V . . . v -~Ln if M I=u -~Li X/-~L2 V ... V -~Ln, due to the semantic tests in the clause rules and the case analysis rule. We can, however, obtain a stronger result below.
Theorem 7.1. I f S is an unsatisfiable set o f clauses, then it is only necessary to have one goal clause according to some interpretation M. Proof. Assume that S = A t3 T and A f3 T = 0, A is satisfiable and T = {Cl, C2,..., Cn}. If there exists an interpretation M such that M [=u A and M I=u Ci (i = l , . . . , n 1) and M [/=u Cn, we can use Cn as the only goal clause according to the interpretation M. If such an interpretation does not exist, then we know 1= (A tA {C1,C2 . . . . , C n - l } ) ~ Cn. Thus A tA {Cl, C2 . . . . , Cn-l} = Sl is unsatisfiable since S is. We can apply the same argument to $1 to conclude the proof. []
8. Contrapositives and interpretations The Prolog-style extension to full first-order logic (non-Horn clauses) using the model elimination procedure [8] requires the use of all contrapositives if the clause set is non-Horn [ 19]. The modified problem reduction format, on the other hand, does not need any contrapositives. Using contrapositives sometimes costs efficiency since it effectively increases the number of clauses. More importantly, though, it can lead to unnatural search behavior and make the search process difficult to control. See [11] for some examples. However, our experience has shown that, for non-Horn problems especially, some contrapositives can significantly help to improve the efficiency of the prover based on the modified problem reduction format. This is because fewer case analysis steps are needed. The problem is to decide which contrapositives to include as input clauses. First :we want to note that, given an interpretation M for a set of clause S , we only need to include as input clauses the Prolog clauses whose clause
120
X, Nie, D.A. Plaisted
head is existentially satisfied by M. The reason is that if L :- Ll, L2 . . . . . Ln is an input clause and M ~:E L, this clause will never be used in the semantic proof system. Thus this problem becomes part of a larger problem, that is, how to select or design an interpretation for a given theorem? As pointed out in [21], this is not a trivial task. It is difficult to automate since problem domain knowledge is usually required and it is hard to characterize what is a suitable interpretation. It is difficult for a human to do since it is hard to interpret Skolem functions. Fortunately, a human usually has a natural interpretation in mind when he states a theorem. Wang [21] proposes a method for designing interpretations for a set of clauses. This method starts with a natural interpretation of a theorem. To interpret uninterpreted symbols, which are often Skolem function symbols, all the clauses containing the same uninterpreted symbol are put together and some simple interpretation rules are used to assign meaning to the uninterpreted symbol. This method is a general method and can be slightly modified to select the input clauses for the semantic proof system. We will briefly present Wang's method and the modification. Given a natural interpretation I for a theorem and the natural interpretations of the function symbols and predicate symbols, we need to interpret the uninterpreted symbols. We call a N N F formula an interpretation normal form (INF) formula if it is in the following form:
L1 V...vLk V [C1 A . . . A Ch] where the Li's are literals and the Cfls are clauses. Note that, corresponding to the INF formula above, there is an equivalent set of clauses, L~ V ... V Lk V Cl,
L 1 V . . . V Lk V C2, LI V . . . V Lk V Ch. There are two special cases of INF: a clause LI v . . . v L k is in INF form where h = 1 and Cl = [] and a formula C1 A..- A Ch is in INF form where k = 1 and L l = D. We usually combine all the clauses containing the same uninterpreted symbol into an INF formula, where the literals Li a r e common literals in these clauses, then interpret the symbol according to the interpretation rules. Typically the common literals Li do not contain the uninterpreted symbol. There are two interpretation rules for INF formulae. In addition to interpreting uninterpreted symbols, these rules can be used to select all
A semantic backward chaining proof system
121
the necessary contrapositives. For each interpretation instance of an INF formula LIV...VLkV[C1A...
ACh],
we have the following rule: (R.1) i f / [ = E [-~Ll A...A-~Lk], then for each i (1 ~< i ~ h), I [=u Ci, except when Ci is the negation (or part of) of the theorem. (R.1) simply states that the interpretation should satisfy all axioms and hypotheses of the theorem. Since the formula is universally true in I, unless it comes from the negation of the theorem, any interpretation instance should make the formula true in I. Thus, if some interpretation instance makes s o m e Li false in I, that instance must make all Cj true. We guarantee this by requiring that all Cj be universally true in I. For example, if P is interpreted to be F in P v (-~Q A-~R), then both -~Q and -~R should be interpreted to be T. To select the necessary contrapositives, we note that each Ci ( 1 ~ i <~ h) is a clause. Let some Ci be the clause Nl V N2 v . . - v Nn. Each Nj ( 1 <~ j <~ n ) would be the head of some Prolog clause. However, if for some Ns (1 <~ s <~ n ), I [/=E Ns, we need not include as input clause the Prolog clause whose head is Ns for the simple reason that this contrapositive would never be used. If for some j, I ~ E Cj, we will include a goal clause false : - -~LI . . . . . -~Lk,-~Cj, with a little misuse of notation. Each Li could be head of an input clause, depending on whether I [= E L i . (R.2) If I [=u [L1 V-.. V L k ], then, where possible, there should be at most one i (1 ~< i ~ h) such that I I=E ~Ci. (R.2) simply states that there should be as few rules as possible applicable to a subgoal. To select the input clauses, we note that each Li (1 ~< i ~ h) could be the clause head of some input clauses. Again, we need not include those Prolog clauses whose head is Ls (1 ~ s ~ h) where I ~ E Ls. If I I=E Lm (1 ~ m ~ h), we would include, again, with a little misuse of notation, the following Prolog clauses as input clauses:
Zm : - -~Ll . . . . . ~Lk, 'aC1. Lm :- -',Ll . . . . , ~Lk, -,C2. Lm :- ~L1 . . . . . -,Lk, -~Ch. Consider the task of proving F - . Lm. Rule (R.2) states that there should be only one rule for proving F --, Lm since there is at most one Cj that can pass the semantic test I I=E -~Cj. For example, if P is interpreted to be T
122
X. Nie, D.A. Plaisted
in P V (-~Q/x -~R), either Q or R can be interpreted to be T, but not both. Note that P v (-~Q/x -~R) can be represented by two Prolog clauses P :- Q and P : - R. If we interpret Q to be T, then only P : - Q can be used to prove F -~ P in the semantic proof system.
9. Predictive splitting Let's consider a degenerated case of the case analysis rule, [F ~ L ~
F , L ~ L], [F,-~L ~ L ~ F~L~F~L
F,-~L ~ L]
Because F ~ L ~ F, L ~ L is the assumption axiom in our system, this rule is simplified to ~ L ~ L ~ L ~ L F~L~F~L
We call this predictive splitting since we usually decide to perform this (implicit) case analysis by means other than the syntactic criterion. This rule is formulated based on the observation that it is often much easier to prove /',-~L ~ L than F --, L since we can use the negation of the goal. This rule can be regarded as a limited use of the ancestry resolution of model elimination [8]. The application of this rule needs heuristic guidance since it could be used for any subgoal. One useful heuristic is to use the technique on subgoal L if L is at or near the top-level and is satisfied by all the interpretations we have. Such an L is likely to be a successful subgoal, therefore proving F,-~L -~ L is like using proof by contradiction to prove L. This technique is very important for proofs of several 'hard' problems, including the intermediate value theorem and several set-theoretic problems in [22].
10. Implementation and examples To implement the semantic proof system, we modified the existing implementation of the modified problem reduction format [ 11 ] to include the semantic tests. Given an interpretation, we design a procedure to compute the interpreted values of functions and predicates. The prover invokes this procedure to perform the semantic tests. Let's discuss several examples.
A semantic backward chaining proof system
123
Intermediate Value Theorem (IMV) The theorem states that, if a function f is continuous in a real closed interval [a, b ] with f ( a ) <~ 0 and f ( b ) >1 O, then q x [ ( a <~ x) A (x ~ b) A ( f ( x )
= 0)].
This problem is discussed in [ 1,3]. We list the input clauses for IMV below.
p(a, b). p(f(a), 0). p(O, f(b)). least upper bound axioms. lubl p(X, 1) :- p(X, b), p(f(X), 0). lub2 p(f(g(X)), O) :- not(p(1, X)). p(g(X), b) :- not(p(1, X)). p(1, X) :- p(g(X), X). inequality axioms. p(X, X). p(X, Z) :- p(X, Y), p(Y, Z). p(X, Y) :- not(p(Y, X)). interpolation axioms. p(X, Y) :- p(X, q(Y, X)). p(X, Y) :- p(q(Y, X), Y). continuity axioms. p(f (X), O) :-p(a, X), p(X, b), p(X, h(X)). p(f (X), O) :- not(p(Z, h(X))), p(a, X), p(X, b), p(Z, X), p(f(Z), 0). p(O, f(X)) :-p(a, X), p(X, b), p(k(X), X). p(O, fCX)) :-not(p(k(X), Z)), p(a, X), p(X, b), p(X, Z), p(O, f ( Z ) ) . 7. The theorem. f a l s e :- p(f(X), 0), p(O, f(X)). We have designed the following interpretation for IMV using the two interpretation rules.
X. Nie, D.A. Plaisted
124
a = 0,
b = 2,
P ( x , y ) = x <~y, 1,
g(x) =
l = 1,
f ( x ) = x - 1;
q(x,Y) = ½(x + y); i f l ~
½(x+ 1), ifO ~ < x < 1;
h(x) = { ½ ( x + l ) , 1,
ifl
i f l ~
k(x) =
;'(x + 1), i f O ~ < x < 1.
Let us explain in detail how we obtain the interpretation for the Skolem function g(x). Following [21 ], the INF formula we consider is
p(l,x) V [p(f (g(x) ),O) A p(g(x),b) A -~p(g(x),x) ]. There are two cases to consider: • 1 ~< x ~< 2. In this case, p(l,x) will always be true. According to (R.2), at most one of ~p(f(g(x)),O), -~p(g(x),b) and p ( g ( x ) , x ) can be true. We m a k e p ( g ( x ) , x ) true, thus -~p(f(g(x)),O) and -~p(g(x),b) should be false. From these we derive g (x) ~< x /x g (x) ~< 1, which will be satisfied if we make g (x) = 1. • 0 ~< x < 1. In this case, p(l,x) is always false. According to (R.1), all o f p ( f ( g ( x ) ) , 0), p(g(x), b) and -~p(g(x),x) must be true. From these we derive x < g(x) ~< 1, which will be satisfied if we let g(x) = !2( x + 1). During the process of designing the interpretation, we select the necessary contrapositives based on the interpretation. Some contrapositives are determined to be unnecessary. For example, the two Prolog clauses of the clause
p ( f (x),O) V -~p(a,x) V -~p(x,b ) v -~p(x,h(x) ) with -~p (a, x ) or -~p (x, b) being the clause heads need not be included since any reasonable interpretation will interpret both of them to be F. To use the interpretation, we write a Prolog procedure which, when given a subgoal P, tests whether P is (existentially) satisfied by the interpretation. If a subgoal P is not satisfied, no clause rule or the case analysis rule will be used to prove it. For the sake of efficiency, we only perform the semantic test on ground subgoals. We could test nonground subgoals by choosing a finite domain. For example, the domain could be [0,1,2] for our example. To prove IMV, the prover automatically instantiates the top level goal to f ( l ) = 0 using the interpretation
A semantic backward chaining proof system
125
false :- [ ]
p ( f ( 1 ) ,o) : - [ ] not p ( g ( h ( 1 ) ) , h ( 1 ) ) : - [ ] not p ( 1 , h ( 1 ) ) : - [ ] p(a,l):-[ ] input (p(a,b)) inpuz (p (f ( a ) , 0) ) p(1,b) :- [ ] t r a n s p o s e d from false :- [not p ( 1 , b ) ] cases not p(l,b) : assumption( (not p(l ,b) :- [not p(l,b)] ) ) p(l,b) : p(l,b) :- [not p(l,b)] p(g(b),b) :-[not p(l,b)] assumption( (not p(l,b) :- [not p(l,b)] ) ) not p(f(1),O):-[ ] transposed from assume (not p (f (i),0)) lemma((p(a,l) :-[ ])) lemma((p(l,b) :-[ ])) p(g(h(1)),l) :-[ ] p ( g ( h ( 1 ) ) , b ) : - [ ] t r a n s p o s e d from f a l s e : - [not p(g(h(1)) ,b)] cases not p(f(1),O) : not p(f(1),O):-[not p(g(h(1)),b)] transposed from assume (not p (f (1), O) ) p ( f (1) ,0) : p ( f (1) ,0) :-Knot, p(gCh(1)) ,b)]
lemma((p(a,1) :-[ ] )) lemma((p(1,b) : - [ ] ) ) p ( 1 , h ( 1 ) ) :-[not, p ( g ( h ( 1 ) ) , b ) ] assumption((not, p ( g ( h ( 1 ) ) ,b) :-[not, p ( g ( h ( 1 ) ) ,b)] )) p(f(g(h(1))),0):-[ ] lemma((not, p ( 1 , h ( 1 ) ) : - [ ] ) ) lemma((p(f ( g ( h ( 1 ) ) ) ,0) :- [ ] )) Fig. 1. Proof for Intermediate Value Theorem (Part 1).
and solves the two subgoals (f(1) <~ 0 and f ( l ) >/ 0) by performing predictive splitting on them, since the two subgoals are near the top level and they are both satisfied by the interpretation. We want to point out that, without the contrapositives, our prover fails to obtain a proof even for the instantiated version of IMV. We show the proof in two parts in Figs. 1 and 2. The prover takes 2,054 seconds and performs 11,786 inferences. 1
IAU data are obtained on a SUN3/60 workstation with 12Mb memory using ALS-Prolog (Version 0.60).
126
X. Nie, D.A. Plaisted
p(0,f(1)) :-[ ] not p(k(1),q(l,k(1))):-[ ] not p(k(1),l):-[ ] lemma((p(a,l) :- [ ])) lemma((p(l,b) :-[ ])) not p(O,f(1)):-[ ] transposed from assume(not p(O,f (i))) lemma((p(a,l) :-[ ])) lemma((p(l,b) :-[ ])) p(l,q(l,k(1))) :-[ ] not p(q(l,k(1)),l):-[ ] lemma((not p(k(1),l):-[ ])) p(O,f(q(l,k(1)))):-[ ] transposed from false:- [not p(O,f (q(l,k(1))))] not p(q(l,k(1)),l) :
cases
lemma((not p(q(l,k(1)),l):-[ ])) p (q(l,k(1)),i) : p(q(l,k(1)),l):-[not p(O,f(q(l,k(1))))] p(q(l,k(1)),b) :-[ ] p(k(1),b) :-[ ] lemma((not p(O,f(1)):-[ ])) lemma((p(a,l) :-[ ])) lemma((p(l,b) :-[ ])) lemma((p(l,b) :-[ ])) input (p(O, f (b))) p(q(l,k(1)),k(1)) :- [ ] lemma((not p(k(1),q(l,k(1))):-[ ])) p(f(q(l,k(1))),O):-[not p(O,f(q(l,k(1))))] assumption((not p(O,f(q(l,k(1)))):-[not p(O,f(q(l,k(1))))])) Fig. 2. Proof for Intermediate Value Theorem (Part 2).
Schubert's steamroller problem This problem has been the subject of much study [18,20]. Our prover gets a proof for this problem in 600 seconds, without any contrapositives and without using any interpretations. 12,196 inferences are performed and 81 solutions are generated. The prover takes 450 seconds to obtain the same proof using an interpretation designed based on the statement of the problem [20]. 10,311 inferences are performed and 76 solutions are generated. Although there are much faster proofs of the problem by other systems [18], we think that the performance improvement of the prover using semantics is important. Furthermore, our prover fares well in terms of the number of inferences performed, which is roughly equivalent to the number of successful unifications, and the number of solutions generated, which is roughly equivalent to the number of derived clauses [l 8].
A semantic backward chaining proof system
127
Attaining minimum (or maximum) theorem (AM8) The theorem states that a continuous function in a closed real interval [a, b] attains its minimum (or maximum) value in this interval. The prover obtains a proof for this problem in 8,000 seconds, with all contrapositives and without using any interpretation. 46,141 inferences are performed and 1,688 solutions are generated. The prover takes 5,220 seconds to obtain a proof using an interpretation similar to the one for IMV, using the same set of input clauses. 63,310 inferences are performed and 1,254 solutions are generated. Again, we think that the performance improvement of the prover using semantics is important. We note that, without the contrapositives, the prover cannot obtain a proof. A look at the proof tells why. The contrapositives significantly reduce the number of case analyses by solving some negative subgoals directly.
11. Conclusion We have presented a complete sequent-style clause-based proof system. The system supports backward chaining with caching and is a genuine support strategy. It allows semantic deletion using interpretations. What is also interesting about the semantic proof system is that it provides an answer to the problem of how contrapositives are handled in similar systems. The use of multiple interpretations for controlling local applications of the case analysis rule is also interesting. We need to do more research on the effect of semantic deletion in the semantic proof system. We have experienced several occasions where it has an adverse effect on the performance of the prover to delete subgoals using semantics.
Acknowledgement We thank the referees and Neil Murray for their comments.
References [ 1]
[2] [3] [4]
A. Ballantyne and W.W. Bledsoe, On generating and using examples in proof discovery, in: J.E. Hayes, D. Michie and Y.-H. Pao, eds., Machine Intelligence 10 (Ellis Horwood, Chichester, 1982) 3-39. W. Bibel, Automated Theorem Proving (Vieweg, Braunschweig, 1987). W.W. Bledsoe, Using examples to generate instantiations for set variables, Tech. Rept. No. ATP-67, Department of Computer Science, University of Texas at Austin, Austin, TX (1982). R. Boyer, Locking: A restriction of resolution, Ph.D. Thesis, Department of Computer Science, University of Texas at Austin, Austin, TX (1970).
128 [5] [6] [7] [8] [9] [10] [11] [12] [ 13 ]
[14] [15] [16] [17] [18] [19] [20] [21] [22] [23]
X. Nie, D.A. Plaisted J. Gallier, Logics for Computer Science: Foundations of Automatic Theorem Proving (Harper and Row, Philadelphia, PA, 1986). H. Gelernter, Realization of a geometry theorem-proving machine, in: E.A. Feigenbaum and J. Feldman, eds., Computers and Thought (McGraw-Hill, New York, 1963) 134-152. J.W. Lloyd, Foundations of Logic Programming (Springer, New York, 1987). D.W. Loveland, A simplified format for the model elimination theorem-proving procedure, J. ACM 16 (3) (1969) 349-363. D. Luckham, Refinement theorems in resolution theory, in: Proceedings IRIA Symposium on Automatic Demonstration, Versailles, France (Springer, New York, 1970) 163-190. W. W. McCune, Otter 2.0 users' guide, ANL-90/9, Mathematics and Computer Science Division, Argonne National Laboratory, Argonne, IL (1990). D.A. Plaisted, Non-Horn clause logic programming without contrapositives, J. Autom. Reasoning 4 (3) (1988) 287-325. D.A. Plaisted, A sequent-style model elimination strategy and a positive refinement, J. Autom. Reasoning 6 (4) (1990) 389-402. D.A. Plaisted and S. Greenbaum, Problem representations for back chaining and equality in resolution theorem proving, in: Proceedings First Annual AI Applications Conference, Denver, CO (1984) 417-423. R. Reiter, A semantically guided deductive system for automatic theorem proving, IEEE Trans. Comput. 25 (4) (1976) 328-334. J.A. Robinson, A machine-oriented logic based on the resolution principles, J. ACM 12 (1) (1965) 23-41. D.M. Sandford, Using Sophisticated Models in Resolution Theorem Proving (Springer, New York, 1980). J.R. Slagle, Automatic theorem proving with renamable and semantics resolution, J. ACM 14 (4) (1967) 687-697. M.E. Stickel, Schubert's steamroller problem: formulations and solutions, J. Autom. Reasoning 2 (1986) 89-101. M.E. Stickel, A PROLOG technology theorem prover, J. Autom. Reasoning 4 (4) (1988) 353-380. C. Walther, A mechanical solution of Schubert's steamroller by many-sorted resolution, Artif Intell. 26 (1985) 217-224. T.C. Wang, Designing examples for semantically guided hierarchical deduction, in: Proceedings IJCAI-85, Los Angeles, CA (1985) 1201-1207. T.C. Wang and W.W. Bledsoe, Hierarchical deduction, J. Autom. Reasoning3 (1) (1987) 35-77. L.T. Wos, G.A. Robinson and D.F. Carson, Efficiency and completeness of the set of support strategy in theorem proving, J. A CM 12 (4) (1965) 484-489.