Using full first order logie as a programming language
Transcription
Using full first order logie as a programming language
Rend. Sem. Mat. Univ. Poi. Torino Fascicolo speciale 1987 Logic and Computer Sciences, (1986) Carlo Cellucci USING FULL FIRST ORDER LOGIC AS A PROGRAMMING LANGUAGE 1. Logic programming did not seize the attention of most programmers until the Japanese announced that they had chosen Prolog for their ambitious Fifth Generation Computer Systems project. While that project appeàrs now to be hampered by bureaucratic difficulties, the interest it aroused in Prolog lives on. Part of the attraction of Prolog stems from the fact that the beginner will very quickly be able to write toy programs, even spectacular ones. Difficulties in creating larger programs, however, seem to bring back Prolog to the level of other programming languages. Such difficulties arise from numerous defects of Prolog, some of which are purely logicai in nature. Among the latter at least two should be mentioned: (a) the peculiar meaning of negation; (b) the fact that reduction to clausal form is not part of the language. As to (a), strictly speaking Prolog has no negation. Its notion ot.negationas-failure - by which -i <p is inferred from fatture to infer y - is a tricky one. For instance, suppose that the goal likes (John, X ) succeeds with X instantiated to mary. Then not (likes (John, X )) fails, so X becomes uninstantiated and hence has no value. However not (not (likes (John, X ))) succeeds with X instantiated to mary. This makes the meaning of negation almost incomprehensible. As to (b), for efficiency Prolog uses the programmer, as it were, as a preprocessor for reduction to clausal form: with the gain in efficiency that one can very well imagine. Of course reduction to clausal form can be implemented in Prolog and bùilt up within every Prolog program together with a suitable user interface, but this is very much like designing a new programming language. 116 Moreover reduetion to clausal form is not especially perspicuous which is likely to make debugging very difficult. Using the more transparent sequent calculus seems more promising. While the sequent calculus was popular in the early days of automated theorem proving (see e.g. [7], [18], [4]), interest in it declined for about two decades and has been revived only recently by Bowen [2] who proposed to use a modified version of the calculus of sequents as the basis for a logie programming system. Bowen's proposai has however the following defeets: (a) the calculus of sequents is cumbersome since it involves copying down ali the extra formulae; (b) no 'intelligent' order of application of the rules is provided; (e) no mention is made of the fact that at each stage one should only consider unifying substitutions over the set of ali terms occurring in the branch. Thus the proposed proof procedure as it stands is incorrect. In order to overcome such difficulties in this paper we discuss how to use a modified version of the tableaux method (see e.g.[l]) as an alternative approach to logie programming. It should be stressed that our main concern is with language design rather than with automated theorem proving: our aim is to develop a programming language sharing ali the advantages of Prolog while avoiding its logicai limitations. Thus we do not claim that our method will be efficient under ali possible circumstances. It will be up to the programmer to make the basic tableaux method work more efficiently by devising suitable domain dependent techniques to guide the construction. Hence a program will include both a logie component and a control component, in agreement with Kowalski's [6] philosophy: algorithm = logie •+ control. In this paper we confine ourselves to the logicai component leaving the discussion of the control component for another occasion. Stripped of its control component a program will consist of a goal together with any number of procedures, where both the goal and the procedures will be expressed by arbitrary first order sentences. The purpose of a program with goal <p and procedures «^, ..., <pn will simply be to determine whether <p is a logicai consequence of {«^,..., <p }. Although tableaux seem to provide a reasonably satisfactory basis for a logie programming system, they have two main defeets : (a) they are not very perspicuous; (b) tableaux with many branches are not easily displayed. Now both perspicuity and easy displayability are essential for program debugging. In order to overcome this problem we describe a mechanical method 117 for converting closed tableaux into deductions of a suitable naturai deduction system. Alternatively we state a proof procedure for Smullyan's [15] analytic naturai deduction system. 2. The language of predicate logie includes variables xlf x2, .., constants ai, a2t ... (also called parameters), for each n > 0 w-ary predicates R", R", -, logicai particles ~] ,A, V t-* , <> , V t 3 and puctuation marks ( and ) . We use letters *x\ *y\ V to denote arbitrary variables; 'a', *b\ V to denote parameters; 'Rn \ 'Sn', T* ' (orsimply 'R', 'S', T' whenever arity is clear from context) to denote w-ary predicates. An atomic formula is an expression of the form Rtx ... t where R is an »-ary predicate and each of tlt ..., t is a variable or a parameter. A formula is either an atomic formula, or an expression of one of the forms ~*l<p, (sp A \//),(<p V \p), (<p -• i//), (<p *> \jj) where *p and ty are formulae, or an expression of one of the forms V x *p, 3 x y where x is a variable and <p is a formula. We use V'» *V>'> W 'p' to denote arbitrary formulae. The opposte of a formula <p , written <p, is defined by : I \jj if <p = ~l tf/ "1 <p if <p is not a negation. We say that an occurrence of a variable x in a formula «p is free if it is neither within the scope of some occurrence of V x or 3x nor is itself immediately preceded by V or 3 . We denote by <p (x/a) the result of replacing every free occurrence of the variable x in <p by the parameter 0 . A sentence is a formula in which no occurrence of a variable is free. A literal is an atomic sentence or the negation of an atomic sentence. 3. By a sequent we mean any finite set for r u {«p}. T of sentences. We write T, <p 118 The rules of sequent tableaux are as follows: r,-n* (A) (V) r, ^ A ^ _ . HA) r , <p, ty r, loVit 'y y r.n* r,-i* r,i(^v« (IV) r.n (*-•*) r, ¢, n * (•*) r.-i(^**) «*** n-ì r,*,* r,>,~i*'' ' ' r,¥>,n* r.-ijp,* r,~ivx<p f—i \ / Ì r <*) (V) r, V x <p, ip (x/a) I\ ~l(p(#/«) provided that « does not occur in V . (3) r,3«». T, *p (èc/a) r,i 3 *„ I\ ~13 # <p, ~"| <p (#/a) provided that a does not occur in T. A sequent tableau for T is a tree obtained by placing T at the origin and then continuing downward according to the above rules. A branch of a sequent tableau is closed if there is a sequent T on that branch and an atomic sentence \p such that both \p and ~~I <p are in T . A sequent tableau is closed if ali of its branches are closed. Remark. The rules of sequent tableaux are strictly related to the rules of the Gentzen-type sequent system G4 of Kleene [5]. Indeed they are obtained from the latter as follows : (1) Transpose ali sentences from right to left replacing each sequent {<Pi, ..., ^m }**• {0i, - ..., tyn } by an equivalent 119 sequent {</>i, ..., <pw, ~l #1, ..., 1 ^ } * and drop the symbol •* which now becomes superflous. (The transposition is justified by the rule (""!=*) of negation introduction in the antecedent). (2) Drop the rule thus resulting from (~l =») which now becomes vacous. (3) Turn the rules upside-down. Sequents T such that, for some atomic sentence <p , both <p and "1 «p are in T are the result of transposing ali sentences from right to left in axioms of G4 . Thus closed sequent tableaux coincide with proofs in the system resulting from G4 by the above procedure, turned upside-down. 4. Sequent tableaux are cumbersome in actual practice because their rules involve duplicating the extra sentences T ali the time. A more convenient arrangement is given by sentence tableaux, which are obtained by dropping the extra sentences T altogether and ticking off (vO the principal sentence of the premise whenever it is not duplicated in the conclusion. (Note that ( V ) and ("13) are the only rules in which the principal sentence of the premise is duplicated in the conclusion). The rules of sentence tableaux are as follows: f (A) HA) 1 1(<pA^)y/~ * (V) (IV) • "1* CI-*) ( • * ) -|<£ (•) yjj CI-») / \ <p ~\<p 120 (V) V x <p I «p (x/a) Civ) I ~~\\p.'(x/a) provided that a is new to the tableau. 3x $ y/ (3) I <p (x/a) provided that a is new to the tableau. CI 3) ~1 3 x<$ I ~1<p (x/a) A sentènce tableau, or more briefly a tableau for a sequent is a tree obtained by starting with {<Pi, ••-, <Pn } where $x is at the origin, and then continuing according to the rules where the conclusion of a rule must be entered on every branch passing through the premise. A branch of a tableau is closed if there is an atomic sentènce <p such that both «p and ~l «p are on that branch. A tableau is closed if ali of its branches are closed. Remark. It is commonly held that sencence tableaux were originally introduced by Smullyan [16] (more fully in [17]). As a matter of historical fact they were already used by Prawitz [9.]. 5. There is a simple mechanical method for converting a sequent tableau & for {<pj., ..., <£w} into a sentènce tableau: (1) Replace the origin of jT,i.e. {^i,...,^ M },by «Pi 121 (2) Replace each node except the origin by * m where i//t, ..., \p is the list of ali sentences occurring in that node but not in its immediate predecessor, and tick off (\/") a sentence not occurring in that node but occurring in its immediate predecessor. (3) Replace each inference line — by a vertical line or a fork / \ depending on whether the corresponding inference rule has only one or two premises. There is also a simple mechanical method for converting a sentence tableau & for {<£>!,..., <pw } into a sequent tableau: (1) Put ali nodes of &~ not connected by a line in the same set. (2) Add to each node of the resulting tree ali sentences occurring in its immediate predecessor which are not ticked off, or are ticked off but are not used as premises of an inference whose conclusion occurs in that node. 6. We introduce the following notions concerning sequents. A sequent r. T is said to be confutable if there exists a closed tableau for We say that a sequent table. T entails a sentence y if r U {"1 \p} is confu- Theorem (i) T is confutable =• T has no model. (ii) T entails \p *> \p is a logicai consequence of T . 7. Similarly to [2] we may say that there are two main problems in devising a mechanical method for generating sentence tableaux (or sequent tableaux for that matter) for arbitrary sequents Y : (1) The determination of which tableau rule to apply next at any point in the process. 122 (2) In applications of (V) and ("13), choice of the parameter a. It is commonly held (see e.g. [2]) that (1) is solved by the following result which is more easily stated for sequent tableaux. Lemma. Let T be a sequent, and let @lx and ^ 2 be sequent tableau rules both of which may apply to Y . Let fj\ and ,T2 be the sequent tableaux resulting from applications of these two rules in opposing orders. Then .¥\ can be extended to a closed sequent tableau for T iff .T^ may be so extended. Actually the above lemma fails to provide a full solution to (1). This is shown by the following simple example. Example (I) VxRx, 13 xRx (V) VxRx, Rat, 13xRx CI3) — VxRx, /?i»j,n 3 xRx, 1 Rat (II) VxRx, ~\3xRx (V) : VxRx, Ralt 13xRx (V) (V) VxRx, Ralt Ra2, 13xRx — ; \/xRx, Rat, Ra2, Ra3, ~13xRx 123 (HI) VxRx, "1 3 xRx (V) VxRx, Ralf 13xRx CI 3) VxRx, Rau ~13xRx, 1 Rbt (V) — VxRx, Rax, Ra2, ~\3xRx, 1Rbt CI 3) : VxRx, Ralt Ra2, ~~]3xRx,~]Rb1,~\Rb2 While (I) is closed, both (II) and (IH) could be indefinitely continued without closing although they do not violate any of the sequent tableau rules. A basic requirement on a mechanical method for generating a sequent tableau for T is that it should produce a closed sequent tableau for T whenever the latter exists as in the case T = { V xRx, H 3 xRx}. Then our previous example shows that the above lemma is of little help in solving (l). A further basic requirement is that the method should be efficient. Such a requirement affects the solution of (2) . For instance, in establishing the completeness of the tableau rules the following approach to (2) is commonly used (see [1] p. 436): if a sentence of the fórm V#<p occurs on a given branch of the tableau and A = {aXt ..., an } is the set of ali parameters occurring on that branch, then each of <p {x/ax ),..., «p (x/an ) is entered on the branch within a finite number of lines. Such an approach is very crude since it simply tries ali possible instances. This is ali very well for completeness proofs but is hardly satisfactory as regards efficiency. 8. A better approach consists in using a device originally introduced by Prawitz (see [7] footnote 11) and Kanger [4]. The idea is to replace the variable x by a dummy ih any application of ( V ) or ( 1 3 ) , postponing the search for an appropriate parameter a until convenient. Accordingly we expand the language of predicate logie by including dummies 124 at., a 2 , ••• • We use letters '<x\ '0\ *y\ '5' to denote arbitrary dummies. Both parameters and dummies will be terms. Moreover we expand the rules of sentence tableaux by introducing the following two new rules : (V*) \ OL-.A <p {X/OL) provided that <x is new to the tableau (-»3*) "13*x ip I OL.A ~lv(x/oì) provided that ce is new to the tableau. Both in (V*) and ( 1 3 *) A is the set of ali terms occurring in the branch above $ {X/OL) or ~l<p(x/<x) respectively, or A={ax} ifthere are no such terms (where at is the first parameter). We cali A the set v of ali admissible values of a. The restrictions on (~1V) or (3) are now extended to guarantee that a is not an admissible value of any dummy and is distinct from a%. Sentence tableaux, closed branches and closed tableaux are defined as usuai. We introduce the following additional notions. A branch of a tableau is open if it is not closed. A finite open branch is completed whenever each sentence occurring on that branch is one of the following: (i) a literal; (ii) ticked off; (iii) a sentence of one of the forms \/xy or "1 3 x <p such that also cp (X/OL) or "1 </? (X/OL) respectively occurs on that branch (for some dummy a whose set A of admissible values includes ali terms occurring on that branch). A tableau is open if it contains at least one completed open branch or at least one non-terminating branch. 125 9. Next we define a mechanical method for generating a sentence tableau for T , for arbitrary T . First we introduce some notions about substitution. A substitution is a set of assignments of terms to dummies, where no dummy is assigned more that one term. Substitutions will be denoted by o> T , ... . If the terms assigned to dummies in a substitution a belong to a given set A , then we say that a is a substitution over A . Application of a substitution o to a sentence \p consists of replacing dummies in <p by the terms which a assigns to them. Any dummies in <p not mentioned in a are left unchanged, and any assignments in a to dummies not occurring in «p are not applied. The result of applying a to «p is denoted by «/? a . Substitutions can be composed in the obvious way, i.e. <p (CJT) = (<po)T. Given any two sentences <p and \p and any substitution a , if <pa = \pa we say that o unifìes <p and \jj ; o is said to be a unifier of # and ^ , and the latter are said to be unifìable. There is an algorithm, called the unifìcation algorithm, which operates on any two sentences «p and \jj, and either terminates with an indication that <p and \j/ are not unifìable, or terminates with both an indication that they are unifìable and a specific unifier of <p and \fr (see [13]). Given any two sentences <p and i// let unify {$, \jj) = the unifier of \p and \jj given by the unifìcation algorithm, if <p and \jj are unifìable € (= the empty substitution) otherwise. Given any finite set A of literals and any finite set A of terms let: dose (A.,4) = {o I a = unify (<p, i//), o a substitution over A , and <p , t// G A}. 10. A partial description of a method for generating a tableau for an arbitrary T = {</?!,..., <pw } is as follows:(1) Start with % 126 where <pt is at the origin. (2) Let A be the set of ali literals occurring on the given branch and A a set including ali the admissible values of oc, for any oc occurring on that branch. Determine the set dose (A,A). (3) If dose (A, A) = {£} , then go to (4). Else, by construction dose (A, A) will contain a single non-empty substitution a . Apply a to ali sentences occurring on open branches. (4) Are ali branches closed? (5) If so, stop: T is confutable. (6) If there any completed open branch? (7) If so, stop: (8) Is there any sentence of the form (9) If so, apply (111 (10) Is there any sentence of one of the forms ~~1 (<P -* $) which is not ticked off? (11) If so, apply (A), ("1V), ("1 -•) respectively. Then go to (2). (12) Is there any sentence of one of the forms not ticked off? (13) If so, apply (HV) or (3) respectively. Then go to (2). (14) Is there any sentence of one of the forms <p «• \p , 1 (<p *> ^/) which is not ticked off? (15) If so, apply («») or (~l^) respectively. Then go to (2). (16) Is there any sentence of one of the forms which is not ticked off? (17) If so, apply ( 1 A) t (V) or (->) respectively. Then go to (2). (18) Is there any sentence of one of the forms Vx<p , "13 x y ? (19) If so, apply (V*) or ("13 *) respectively to ali sentences of one of such forms on that branch (including those entered by sùch applications). Then go to (2). (20) Else, mistake! T is unconfutable. "1 "1 «^ which is not ticked off? Thengo to (2). y A \jj , "1 (<p V ^) , IVx <p, 3 x «p which is ~l(<pA \jj) ,<pV ^/,^-^ \jj 127 11. Part of the motivation for the above procedure is clear. We consider first sentences of one of the forms 1 1 <p , <p A ^ , "1 (\p V \jf), H (<p -»• rjt), ~"IV# <p, 3 * <p because ("11) , (A) , ("1V) , ("I -•) , ("IV), (3) do not yield new branches. We consider sentences of one of the forms ^^^,1(^^^/) before considering those of one of the forms ~l(<pA^),<pV^ , *p ~+ \j/ because they introduce two sentences on each branch thus doubling the chances of its closing soon. Further explanation is proVided by the foUowing examples. Example VylxRyx 13 xVyRyx I a : {«!} 3xRocx\ I 1VyRyP\/~ I Rab I n/?c0 If a is a substitution which assigns e to a and b to j3 , theri clearly o - unify (Rab, ~\Rc$), hence applying o to ali sentences of the tableau a closed tableau obtains. Therefore we should conclude that the set { \/y 3 xRyx , "1 3 x V yRyx } is confutable and hence is not satisfiable which is clearly false. Thus the restriction in. (2) to substitutions over the set A of admissible values of dummies occurring on the branch is essential for soundness. 128 (I) V xRx _3 x 1 Rx s/~ I IRb I OC: { b } Ra OD VxRx 3x~] Rx\/~ I a: {a{} Ra I IRb I P:{<X,b} Rp • If a is a substitution which assigns b to a , and r is a substitution which assigns b to |3 , then applying a to (I) yields a closed tableau, and applying T to (II) also yields a closed tableau. However in (II) some effort is wasted since b is not an admissible value of a., and so we must introduce a new sentence i?0 . Now while in (I), in accordance with our procedure, we consider 3 x "I Rx before considering VxRx , in (II) we do just the opposite violating the procedure. This explains why in our procedure we consider sentences of one of the forms 3 x <p , IVx <p before considering those of one of the forms Vx <p , "13 x <p . 129 Example (I) V xRx H 3 xRx I oc: {at} Roc I 0:{a} IRp (II) VxRx ^\3xRx I a: {al } Roc I /5: {OC} Ry If a is a substitution which assigns oc to j3 , then applying a to (I) yields a closed tableau. However no substitution can convert (II) into a closed tableau. While in (I), in accordance with step (19) of our procedure, we consider ali sentences of one of the forms V#<p,"13#<p on the branch, in (II) we just ignore the sentence "13 xRx thus violating the procedure. Considering only V xRx we are headed for an endless cycle. 12. In order to compare the efficiency of our procedure with that originally developed by Prawitz (cf. [9]) we consider the following tableau which shows that { Vx Vy V 2 (Rxy A Ryz -> Rxz) , V# "1 Rxx } entails VxVy (Rxy -* 130 -iRyx). \fx VyVz (Rxy A Ryz -• Rxz) Vx~\Rxx "l\/x\/y (Rxy -> ~l Ryx)*s/~~ I ~~\Vy(Ray -• 1 Rya)\f I H(i?dtfc-* "I Rba)\T I I a : {a, Z>} Vy\/z(RotyARyz-+Roiz) I /J: {*, b,CL} I 7: {a, b, a, 0} yz^Rotz) \/z(R ayAR I 5 : {a, *, a, ft 7} # «7A/? 7 6 - ^ i ? a 6 V ^ : n(/?aj7Ai? 76) \ / ~ X Irta? X l/*75 X" If a is a substitution which assigns a to oc, 0 , 5 and & to 7 , then applyìng a to the above tableau yields a closed tableau. The tableau has 131 12 arcs. The tableau built up by the proof procedure of [9] had 60 arcs (and required 12" to executé; 48" including printing). 13. Our procedure as described above is incomplete because it leaves open two problems: (1) The determination of which sentence to consider next whenever several sentences of the same form which are not ticked off occur on a given branch. (2) The determination of which branch to continue generating next whenever a branching rule is applied. As to (1), a simple solution consists in considering the first sentence of the given form occurring on the branch. However a more efficient solution is to order ali sentences of the given form occurring on the branch by length (= number of symbols), and then consider a sentence of maximal length. The reason for (greater) efficiency is that if longer sentences are considered earlier in a tableau, the chances are that there will be less open branches on which the conclusions of the rule must be entered. As to (2), a naturai solution is provided by a depth-fìrst strategy. In depthfirst we continue generating a branch until its end node (if any). Then we retreat to the latest branching node, and plunge on down generating another branch. For definiteness we assume that the leftmost branch is generated first. Depth-first can be easily implemented on a conventional (sequential) computer. It has however the disadvantage that we may pursue an infinite branch indefinitely and never back-up to the rest of the tableau. Thus we may be unable to establish that the tableau is open because it has a completed open branch. Hence depth-first is an incomplete strategy. A strategy which avoids such a problem is breadth-fìrst. In breadth-first ali the nodes at depth 1 are generated first, then ali the nodes at depth 2 and so on, i.e. a tableau is generated in stagés, where at stage n ali the nodes of depth n are generated. Again for definiteness, whenever the tableau is generated sequéntially, we assume that nodes of the same depth are generated left-to-right. Clearly ali nodes will thus eventually be generated, hence breadth-first is a complete strategy. However, since at stage n ali the nodes of depth n must be generated, generally the number of such nodes will grow expo- 132 nentially. Hence breadth-first is better implemented on a non-sequential computer. We cali canonical tableau any tableau built up by our procedure together with a breadth-first strategy. The order in which sentences of the same form on the same branch are considered is unimportant in the following results. Theorem (i) (ii) The canonical tableau for V is open =• T has a model, T has no model => The canonical tableau for T is closed. Corollary 1. (i) The canonical tableau for T is closed ^T has no model. (ii) (iii) T is confutable <** T has no model. The canonical tableau for T is closed <=> T is confutable. Corollary 2. (i) (ii) T entails <p <=*<£ is a logicai consequence of T . The canonical tableau for r U {1 ^} is closed «=•<£ is a logicai consequence of T. Remark. Corollary 2 (ii) reduces the problem whether <p is a logicai consequence of T to the problem whether the canonical tableau for r u { 1 ^ } is closed. This does not provide an effective test for logicai consequence because there is no effective way of determining, for an uncompleted open branch, whether that branch is a non-terminating one, or a branch that will become, if appropriately continued, a completed open branch or a closed branch. However, owing to the spatio-temporal constraints of computers, even a closed canonical tableau for r u {1^} may be too large to be feasibly generated. Thus the difference between such tableaux and those with nonterminating branches may be inessential in practice. 133 14. Now we introduce a naturai deduction system adequate for linearizing sentence tableaux. A deduction of the system is to be understood as a finite sequence of ordered pairs (m, <p) where m is a vector of integers and <p is a sentence. If (m, <p) is the »-th element of a deduction @ , then the integers in m are called the assumption numbers of the w-th line of ^ , and <p is said to occur as, or to be written as the w-th line of Q) .. If m is an assumption number of line n , the sentence occurring as the m-th line of @ is said to be an assumption of line n . Rules for constructing deductions will include: (i)an assumption rule; (ii) direct rules; (iii) a discharge rule. The assumption rule has simply the form: meaning: Any sentence <p may be written as the »-th line of a deduction with n as its only assumption number. The direct rules have the general form: meaning: If \pXl ..., yk occur as lines wilf ..., mk of a deduction, then ty may be written as a later line. The assumption numbers of the new line are to be the assumption numbers of lines mx,..., mk . We also write: X as a shorthand device for expressing both: — * and —. X 134 The discharge mie has the form: -lo meaning: If \j/ occurs as line / of a deduction and "1 \p occurs as line m , then 1 <p may be written as a later line. The assumption numbers of the new line are to be either the assumption numbers of lines /, m or , if $ is an assumption of lines /, m and occurs as line k , the assumption numbers of lines /, m less k . The rules are as follows: (A) * n n) (A) J ^ * - (RAA) (HA) 5 (V) —f— nv) — n ^ ^_ * WJ 135 ¥>->•* ~i(*>^) <fi V i (-•)' ^ * 1* -\(<p<->t) <p « - • ^ (**,) <p n^*,) * f ~i* T(,p^^) («*») 1* "1* VA: 0+*>ù <p ("IV) <p (x/a) ."V 4> "1 V * <p "1 <£ (#/tf ) provided that a is new to the deduction (3) ^ ip(x/a) provided that a is new to the deduction I~I ai "I3»ip ~~\ip(pc/a) A deduction of y from {^, ..., <p } is a finite sequence of ordered pairs (m, ^) generated by the above rules such that: (i) <p occurs as its last line, and *pVt..., <pM are the assumptions of thatline. (ii) No parameter occurring in \p or <Pi,.-.,^w has been introduced into the deduction by an application of ( 3 ) or ("IV). A proof o t {p is a derivation of <p from the empty sequent 0 . Remark. The above system is intermediate between Smullyan's [15] analytic naturai deduction system and more traditional naturai deduction systems like [10], [11] or derivatives. Like in the case of [15] most of its rules are eliminations, but not ali of them. Because of (RAA) the following subsentence property of [15] is violated: The only sentences occurring in a proof 136 of \p are either subsentences of y or negations of subsentences of <p . 15. Next we describe a mechanical method for converting closed tableaux into deductions. Deductions resulting from such conversion will not be pictured as arrays of lines of the forni: m (n) \f> , where m are the assumption numbers of line n and <£ is the sentence which occurs as line n . Instead we use the following representation: (1) Any sentence introduced by an application of (A) is to be starred (*). (2) Any application of (RAA) is to be represented by drawing a box from the discharged assumption <p up to "li//: Our method for converting a closed tableau .T for {<£j, ..., <p , ~~l<p} into a deduction Q) of y from {^,..., <pM } consists of the following steps: (1) Copy down ali nodes of .T in the order established by the depthfirst search strategy, except as stated under (3) or (4) below. (2) Put a star before each of tplt - - , ^ , "l<p and before each node which is a left successor (i.e. is the leftmost successor of a branching node). (3) When you come to an end node which is a left successor, do not copy down that node. (4) When you come to an end node x„ which is not a left successor, put a box from the last starred node *% which is not yet boxed up to x« • Then add the sentence 1 x « and.whenever Y « ^ 137 of the form 1 p , also the sentence p . (Then copy next node The followihg example gives the flavor of applications of the method. Example. Let «p, ^, x> P he atomic sentences. <p-»(i//->X) ^ p/\<p V~ •*-*(*-* x) pA(p nx ^-\xV~ * x x x 16. Although our naturai deduction system may appear somewhat unusual, its deductions are easily converted into deductions of a Quine-type naturai deduction system. We consider the foUowing simplification of [10], [11] which does not require that variablés are flagged and arranged in a certain order. 138 The rules of the system are as follows: (A) >r * Vi (TC) <Pn (RAA) * provided that \p is a tautological consequence of {\px,..., \pn } (VE) ip (x/a) (W) <p (x/a) Vx <p provided that: (i) a does not occur in ip ; and if V x <p occurs as line n, then (ii) a does not occur in any assumption of that line nor (iii) in any earlier line obtained by (3 E) (3£) 3 a; <p <p (#/#) (3/) <p (x/a) 3x <p provided that: (i) a does not occur in <p ; andif <p(x/a) occurs as line n , then (ii) a does not occur in any assumption of that line nor (iii) in any earlier line obtained by (3E) « A deduction of y> from {^, ..., <pw } is a finite sequence of ordered pairs (m , \jj) generated by the above rules such that: (i) <£ occurs as its last line, and line. yh ..., <pw are the assumptions of that (ii) No parameter occurring in (p or <Pi, ..., ip has been introduced into the deduction by an application of ( 3 E). 139 Remark. An appealing feature of the restrictions on ( V/) and ( 3 E) is that they are naturai and perfectly symmetric (like in [3]). However, as shown in [8], they are stronger than necessary. 17. There is a simple mechanical method for converting a deduction Q) of <p from {^i,...., ^ } in our former naturai deduction system into a deduction @ in the latter Quine-type naturai deduction system: (1) Copy down ali lines of @ except as stated under (2) or (3) below. (2) When you come to lines of the form: —• m (k) ~\Vxip m (n) ~\ip(x/a) k IV replace such lines by the following lines and renumber the remaining lines accordingly: —> m (k) ~\yx<p n (n) ~~\3x~\if n+1 (n+1) A 1*p{x/b) 31 n+1 (n+2) n (»+3)ll^W n+l,n+2,n RAA n (n+4) «p (x/b) n+3 TC n (n+5) Vx ip VI m (n+6) T l f f x - t y n,n+5,k RAA m (n+1) 3x~\<p n+6 TC ->- (n+S) 1<p(x/a) n+1 3E m (3) A Rxlip n+1 n+A- When you come to lines of the form: m (k) 13x $ m (n) ~1 {p (x/a) k -13 140 replace such lines by the following lines and renumber the remaining li nes accordingly: m (k) n n —>. m (n) <p (x/a) (n + 1) 3x*p (»+2) 1if(x/a) {p 13x n n,n + lyk A 31 RAA 18. So far we have employed tableaux for proof search and naturai deduction for linearizing tableaux. Alternatively we may use a modified version of Smullyan's [15] analytic naturai deduction system for proof search itself. We consider box structures like in the following example; «Pi Vi ^3 i *6 Vi ^8 ^9 <PlO The example illustrates the three basic conditions which must be satisfied by a box structure: (a) if two distinct boxes overlap, then one of them wholly contains the other; (b) no formula «p, is the top formula of two distinct boxes, nor is the bottom formula of two distinct boxes; (e) if a formula \pi is the bottom formula of a box, its successor <pi+1 is no the top formula 141 of another box. (Thus the structure used in the example at the end of section 15 is a box structure). To introduce a sentence y as an assumption at a given stage n of the constructión of a box structure means to write down fy a s the » + 1-th line. To discharge (a line /. which is) an assumption at stage n means to draw a box from the line /. up to the last line / ' (inclusive). A line which is not boxed at stage n is said to be alive at that stage. We consider rules for constructing box structures of a special kind, called nests. The rules will include: (i) an assumption rule; (ii) direct rules; (iii) discharge rules. The assumption rule has the form: V» meaning: at stage n we may introduce any sentence <p as an assumption. The direct rules have the general form: meaning: If <£ is alive at stage n , then we may write down \jj as line w+ 1 . In order to introduce the discharge rules we need an auxiliary notion. We say that at a given stage n of constructión a nest is in a contradictory state if there exists an atomic sentence p such that both p and ~!<p are alive at stage n . The discharge rules may have one of the following two forms. Either they have the form: cont. X meaning: If *^ is the last assumption alive at stage n and \p has an 142 earlier occurrence also alive at stage n , and if the nest at stage » is in a cpntradictory state, then we may discharge * ^ and write down x as line « + 1 . Alternatively the discarge rules may have the form: *> meaning: If *^j is the last assumption alive at stage » , \p2 is asuccessor of \pì alive at stage w , <p has an earlier occurrence also alive at stage n , and if the nest at stage n is in a contradictory state, then we may discharge * \jj\ and write down Xi as line » 4 - 1 and %i as line » + 2 . The rules for constructing nests are as follows: (A) ni) ~K*Atf/) (A) HA) ~1* ,pV* OV) (V) n->) (-) "1 ( * < • * ) yfi<* \jj ci*) (~) (V) ~»(»V») Vx *p {f (x/a) (IV) "1 «p (#/tf ) provided that a new to the nest 144 (3) 1*2- (-,3) ipipc/à) ^** ~]ip(x/a) provided that a is new to the nest. A nest for a sequent ting with {<f>x > •••» V„ } 1S a DOX structure obtained by star- Vi V where Vi is the first line, and then continuing according to the rulès subject to the restriction that no other sentence may be introduced as an assumption except under the following conditions: (i) If "1 (<p A \jj) is alive at stage n , then "1 \p may be introduced as an assumption at that stage. (ii) If ^> V \\j is alive at stage n , then y may be introduced as an assumption at that stage. (iii) If ip -> \p is alive at stage n , then ~1 $ may introduced as an assumption at that stage. (iv) If either $ «» \j/ or "1 (</> «» \jj) is alive at stage n , then \p may be introduced as an assumption at that stage. Whenever, in a nest for {\px, ..., \pn }, an assumption ~l</> is introduced in accordance with coridition (i) above, we say that the corresponding sentence ~l (if A \p) is used to introduce "I $ . Similarly in the case of assumptions introduced in accordance with one of the remaining conditions (ii) - (iv) . A nest for {<pj, ..., \pn } is closed if it satisfies the following conditions: (i) Itis finite, (ii) It contains no assumptions alive at its last stage except for the initial ones V i , - , V„ . (iii) It is in a'contradictory state at its last stage. 145 19. Confutability and entailment can be introduced as follòws. A sequent T is said to be confutable if there exists a closed nest for T . We say that a sequent T entails a sentence <p if r u {1\p}. is confutable. Theorem. (i) T is confutable => T has no model. (ii) T entails <p => <p is a logicai consequence of T . 20. The problems involved in devising a mechanical method for generating a nest for an arbitrary sequent {<pj, ...,$„} are similar to those already discussed for tableaux. Again we introduce dummies together with the following two new rules: (V*) V x yKp yp (x/oc) OL.A provided that a is new to the nest. "13 x & \ip(pe/a) provided that a is new to the nest. Both in (V*) and ("13*) A is the set of ali terms occurring in sentences above «p (x/oì) or I <p (x/a) respectively which are alive, or A ={ax ] if there are no such terms. We cali A the set of ali admissible values of a. Nests and closed nests are defined as usuai. We introduce the following additional notions. By the main path of a nest for a sequent {\px, ..., $n } we mean the sequence of lines beginning with the iriitial ones V i > •••> *VW and including ali lines which are not boxed. (If : the nest is finite, then the main path will consist of ali lines which are alive at its last stage). We say that a line /. on the main path is fulfilled if one of the following 146 conditions holds: (i) /. = 1 1 ^ and <p occurs on the main path.. (ii) /. = <p A \j/ and both <p and ^ occur on the main path. (iii) /• = ~I (if A \j/) and either (iv) l. = ipV \p and either $ or ty occurs on the main path. (v) l. = 1 (</>V ^) (vi) l. = ip-> \j/ and either (vii) l. = "I (<p..-• \/0 (viii) / j = ^ ^ and either $ and ^ , or "1 <p and "1i// occur on the main path. (ix) / , = 1 ( ^ ^ ^ ) and either on the main path. (x) /. = Vx<p and <p (#/a) occurs on the main path for some dummy a whose set A of admissible values includes ali terms occurring on the main path. (xi) / f -=~lVtf^ anc* parameter a . (xii) l. = 3*<p and <p (x/a) occurs on the main path for some parameter a. (xiii) /,- = ""13*^ and ~~l<£ (x/a) occurs on the main path for some dummy a whose set A of admissible values includes ali terms occurring on the main path. and both "1 <p or "1 \j/ occurs on the main path. "1 <p and "1 \fr occur on the main path. 1 ^ or ^ occurs on the main path. and both <p and «p and "1 \j/ occur on the main path. "1 \p , or 1<p and \J/ occur ~fy {pela) occurs on the main path for some Any fulfilled line will be ticked off (vO except for the fulfilled lines of one of the forms Vx <p or "13 # <p . A line which is fulfilled at a certain stage may become unfulfilled at a later stage. This will be indicated by cancelling the tick br). 147 Example. Let <p , <p,x be atomic sentences. * (X V 0/> V n * ) ) A ( * A Op V x - ~ W ) v ' »xV («V-l*)>/~ \j> A(i/)Vx-*~l'/')v r " *x *"i(^Vx)V~ ! # • ~lx • n * » ^VI^NT The arrows show the sentences used to introduce the assumptions. We say that a nest is a compieteci open nest if the following conditions hold: (i) it is finite; (ii) every line on its main path is fulfilled; (iii) it is not in a contradictory state. 148 We say that a nest is open if either it is a compieteci open nest or it is infinite. 21. A partial description of amethod for generating a nest for an arbitrary r = {<£i,..., (pn } is as follows: (1) Start with Vi V, (2) (3) where Vi ls the first line. Let A be the set of ali literals occurring on the main path and A a set including ali the admissible values of a, for any a occurring on the main path. Determine the set dose (A, A). If dose (A, A) = {£}'•, then go to (4). Else, by construction dose (A,A) will contain a single non-empty substitution à. Apply o to ali sentences occurring on the main path. (4) (5) (6) (7) Is the nest closed? If so, stop: T is confutable. Is the nest a completed open nest? If so, stop: B is unconfutable. (8) (9) Is there any sentence of the form "1 ~1 \p which is not ticked off? If so, apply O D . Then goto (2). (10) Is there any sentence of one of the forms y A ty , "1 (<p V 0), "1 (<p ~* i/0 which is not ticked off? Isso, apply (A), ("IV), (H-*) respectively. Then go to (2). (11) (12) Is there any sentence of one of the forms "1 Vx {p , 3 x \p which is not ticked off? (13) If so, apply (14) Is there any sentence of one of the forms which is not ticked off? (~\V ) or (3) respectively. Then go to (2). (<p «* \jj) , ~1 («p «» \js) 149 (15) Ifso, apply («•) or (~l^) respectively. Then go to (2). (16) Is there any sentence of one of the forms which is not ticked off? (17) If so, apply (1 A), (V) or (-•) respectively. Then go to (2). (18) Is there any sentence of one of the forms V x <p , 13 x <p • ? (19) If so, apply (V *) or (~"l #*) respectively to ali sentences òf one of such forms on the main path (including those entered by such applications). Then go to (2). (20) Else, mistake! "~l(tpAi//),ipV^ , ^ - ^ 22. The above procedure is incomplete because it leaves open the problem of determining which sentence to consider next whenever several sentences of the same form which are not ticked off occur on the main path. Like in section 13 we may consider the first sentence occurring on the main path or, more efficiently, a. sentence of maximal length. We cali canonical nest any nest built up by our procedure irrespective of the order in which sentences of the same form are considered. Theorem. (i) The canonical nest for T is open ==• F has a model, (ii) T has no model =* The canonical nest for Y is closed. Corollary 1. (i) The canonical nest for T is closed *=• T has no model. (ii) T is confutable *=* V has no model. (iii) The canonical nest for T is closed *=> T is confutable. Corollary 2. (i) (ii) T entails <p <=> «p is a logicai consequence of T . The canonical nest for T U {"1 <p} is closed <=* *p is a logicai consequence of F . 150 23. It should be noted, however, that there are sequents T such that the canonical tableau for T contains a completed open branch whereas the canonical nest for T is not a completed open nest. This is shown by the following simple example. Example. VyHxRyxV VzSz\T *Yy3xRyxV VySxRyx VzSzyf VyHxRyx a : {*! } P-Aatì SxRpx^ RPb Sa 0 : {*i> 3xR&Xy/ Rpb y.{P,b} y.iP.b] SxRyx y/~ Ryc Ex Ryc Ryc 24. So far we have confined ourselves to the language of predicate logie without equality. If we add equality, then we may employ either a set of equality axioms or a substitution rule for equals similar to paramodulation (see [12]). Generally, however, this is not the best approach because, contrary to a widespread misunderstanding, equality is a domain dependent concept. In implementing a logie programming system based on tableaux or nests, it will be more efficient to build-in direct access to machine execution of equality when both of its arguments are integer terms (and presumably also other kinds of terms). In the remaining cases one may resort to the above logicai approach. 151 REFERENCES [1] M. Bergmann, J. Moor and J. Nelson, The Logic Book, New York (Random House) 1980. [2] K.A. Bowen frogrammtng with full first-order logie, in: J.E. Hayes, D. Michie and Y-H Pao (Eds.), Machine Intelligence 10, Chichester (Ellis Horwood) 1982, 421440. [3] H.E. Hendry, Another system of naturai deduction, Notre Dame Journal of Formai Logic 16 (1975) 491^95. W S. Kanger, A simplified proof method for elementare logie, in: P. Braffort and D. Hirschberg (Eds.), Computer programming and formai systems, Amsterdam (North-Holland) 1963, 87-94; reprinted in [14] 364-371. [5] S.C. Kleene, Mathematical logie, New York (John Wiley & Sons) 1967. [6] R.A. Kowalski, Algorithm = logie 4- control, Communications of the Association for ComputingMachinery 22 (1979)424-431. [7] D. Prawitz, An improved proof procedure, Theoria 26 (1960) 102-139; reprinted in [14] 162-199. [8] D. Prawitz, A note on existential instantiation, The Journal of Symbolic Logic 32 (1967) 81-82. [9] D. Prawitz, H. Prawitz and N. Voghera, A mechanical proof procedure and its realization in an electronic computer, Journal of the Association for Computing Machinery 7 (1960) 102-128; reprinted in [14] 202-228. [10] W.V. Quine, On naturai deduction, The Journal of Symbolic Logic 15 (1950) 93-102. [11] W.V. Quine, Methods of Logic, 3rd edition, New York (Holt, Rinehart and Winston, Ine) 1972. [12] G. Robinson and L. Wos, Paramodulation and theorem-proving in first-order theories with equality, in: B. Meltzer and D. Michie (Eds.), Machine Intelligence 4, Edinburgh (Edinburgh University Press) 1969, 135-150; reprinted in [14] 298-313. [13] J.A. Robinson, A machìne-orìentedlogie based on the resolution principle, Journal 152 of the Association for Computing Machinery 12 (1965) 23-41; reprinted in [14] 397415. [14] J. Siekmann and G. Wrightson (Eds), Automation of reasoning 1, Berlin (SpringerVerlag)1983. [15] R.M. Smullyan, Analytic naturai deduction, The Journal of Symbolic Logic 30 (1965)123-139. . [16] R.M. Smullyan, Trees and nest structures, The Journal of Symbolic Logic 31 (1966)303-321. [17] R.M. Smullyan, First order logie, Berlin (Springer-Verlag) 1968. [18] H. Wang, Toward mechanical mathematics, IBM Journal for Research and Development 4 (I960) 2-22; reprinted in [14] 244-264. CARLO CELLUCCI - Università di Roma "La Sapienza" - Istituto di Filosofia - Via Nomentana, 118-00161 Roma