AUTOMATED THEOREM PROVING: MAPPING …...AUTOMATED THEOREM PROVING: MAPPING LOGIC INTO AI D.W....

AUTOMATED THEOREM PROVING: MAPPING LOGIC INTO AI

D.W. Loveland Computer Science Depar tment

Duke University Durham, NC 27706

ABSTRACT. Logic can be defined as the formal s tudy of reasoning; if we replace "formal" by "mechanical" we can place almost the entire set of methodologies used in the field of au tomated theorem proving (ATP) within the scope of logic. Because of the goals of ATP, if not always the methodologies, ATP has been considered to be within the domain of AI. We explore the methodologies of ATP, including the logics that underlie the theorem provers, and discuss some of the mechanisms tha t utilize these logics. These include term rewriting systems, mathemat ical induction, inductionless induction and even mixed integer programming. The ATP field, via resolution, has even provided the foundation for an exciting AI and database programming language, PROLOG. We conclude with a new method for extending the PROLOG system to work with non-Horn clause sets within a positive logic format, particularly simple for "slightly non-Horn" clause sets.

KEYWORDS: automated theorem proving, mechanisms for automated provers, PROLOG, slightly non-Horn clause set.

I n t r o d u c t i o n . Logic and automated theorem proving (ATP) have enjoyed a special place in the artificial intelligence (AI) world from the beginning of AI. To oversimplify some, this is because at the beginning the core of AI was reasoning (and learning) and the core of reasoning was ATP. Now A T P shares the spotlight with knowledge representation, search methodology, common-sense reasoning, and ngive physics, to name just a few areas of study.

With the increased awareness of the complexity of AI came the sobering of our ambi- tions; nowhere is that more true than in ATP. We are not roaming freely through areas of mathemat ics in deadly competit ion with (human) m a t h e m a t i c i a n s a s a few had hoped or even predicted, but neither has progress stopped. I propose in the very limited time allotted to glimpse at the s tatus of ATP, highlighting the different logical systems upon which ATP systems are built, look briefly at some applications already found for ATP, and add what I hope is an interesting, perhaps important , new idea in conclusion. Obviously, in this limited space much that is impor tant will be omit ted; I apologize to many researchers for omit t ing their work, and to you for presenting a biased picture in this survey.

The author gratefully acknowledges partiM research support from Army Research Office Grant No. DAAG29-84- K-0073.

214

For another survey of ATP, focusing on ATP systems emphasizing human simulation as well as systems stressing a strong formal basis, see [1]. Some important systems omitted here are discussed there. Someone wishing to learn more about the ATP field may well want to start by surveying the papers in the volume [2] in which the above paper appears.

T h e U n d e r l y i n g Logics. Since various logics are used in ATP systems, it is important to understand the relationship of these logics. Figure 1 attempts to portray these relationships among the logics we consider. Missing are modal logics, belief logics, tem- poral logics, etc. that are not as prevalent yet in ATP systems although of increasing interest within AI.

Some comments regarding the logics named in Figure 1 are in order. The propositional calculus is well-understood by all. By equational logic we mean a formal system where the formulas are equations (equality of terms) only, with variables but only universal quantification. The logics are often sorted logics (i.e. typed logics) with integer and boolean types as a minimum. There may be an infinite number of equations involved in theory; addition can be defined by add(0,0) = 0, add(0,1) = 1, add(0,2) = 2, etc. and add(x,y) = add(y,x). If T and F are constant terms, we can define boolean functions by and(T,T) = T, and(F,x) ~-~ F, and(x,F) = F, for example. (if_then_else(x,y,z) is often the primitive boolean function in practice [3].) Inductive logic is an equational

t \

f / /

/ Logic I I CalCulus I Logic / w~th . . . . ] ] l t k / / Equality . / / ]

~ . . First-order Theories

A Hierarchy of Logics

Figure 1

215

theory with a rule of induction for proofs and permit t ing recursion definition of functions [3]. Existential quantification, although usually absent, can be effected by pro- ducing an object in an "existence proof".

First order predicate calculus in some form is well known to AIers. Hilbert-style formal systems [4] are rarely used in ATP, but natural deduction, where inference rules reflect the semantics of the connectives and quantifiers and the conditional proof (using tem- porary hypotheses) is a basic tool, is often used in some form. (See [5] for one version of natural deduction, somewhat distinct from Gentzen's original formulation.) Resolu- tion, a refutation logic covering the same ground, is also used of course. (See [6], [7], [8] or [9] for extensive coverage here).

Although many AIers are familiar with the several styles of logics for the predicate calculus, and one example does little to enlighten the others, we can display some flavor of the logics with a simple example: establish tha t VxP ( x ) = P (a )A P (b) is valid. Figure 2 gives proofs of this in three different logics: a Hilbert-style system, a natural- deduction system, and a resolution style proof. The Hilbert system happens to have an axiom tha t conveniently gets us started but some propositional manipulat ion is needed to obtain from traditional axioms for this logic. This difficulty can be overcome by use

Hilbert-style deduction

1 2. xP(x DD 3. ) P(a 4. P ( a l A P ( b )

) A P ( b )

Axiom Axiom Tautology Modus ponens (twice)

Natural Deduction

1. {1}2. {1}3. {1}4.

5.

~'xP (x) P(a) P(b) f ( a f ( b ) ~xPIxA) D P(a ) A P(b )

Premise 1, Universal Specification 1, Universal Specification 2,3, "And" Introduction 1,4, Conditional Proof

Resolution

1. P(x)

4. D

Given clause Given clause Resolve 1,2 Resolve 1,3

Proofs of V xP (x ) D P (a ) /~ P (b )

Figure 2

of the derived rule T a u t o l o g y which uses the fact that any tautology is a theorem of this logic, and we may check tautologyhood via t ruth tables. (The numbers in line 3 mean tha t line 1 and line 2 should be placed as indicated in the formula.) In the natural deduction proof the leftmost number, in braces, indicates tha t the present line depends on assumption of the formula in line 1. The condition of line 1 as hypothesis is discharged at line 5, using the impor tant relationship between proof and

216

implications. Resolution is a refutation logic, and so one seeks to show tha t the formula ,~[~xP(x ) D P(a )A P(b )] has a refutation. The first two lines are the processed input; the next lines find the contradiction quite readily in a manner almost all AIers know.

Even for this simple example several points s tand out. Resolution can have quite simple proof sequences but natural deduction proofs often relate better to the problem sta tement . Both are simpler than Hilbert-style proofs. (In fairness to Hilbert note that such formal systems are intended for proofs a b o u t logics where economy of the axiom system is key. Also, derived rules and the Deduction theorem bring tools that make Hilbert systems much more usable.) In particular we hope tha t we have suggested with this example that natural deduction systems, as well as resolution systems, are appropriate for automated deduction.

Adding equality to the predicate calculus does not really extend the expressive power beyond the predicate calculus, because equality can be specified by a finite number of axioms. Any finitely axiomizable theory can be embedded in the predicate calculus by viewing any theorem of the system as the consequent of an implication with the axioms as antecedent. Since there is a finite axiom system for set theory [10], technically there should be no further outer layers, since higher order logics (such as the typed k- calculus discussed here) can be expressed within first-order set theory. However, many logicians believe tha t the typed k-calculus is both more natural and more efficient than the first-order set theory equivalent. Recall that induction is an (infinite) axiom schema, although again expressible in substance within the finitely axiomatized first order set theory.

A T P Systems. The earliest theorem proving system to at t ract at tent ion was the Logic Theorist (LT) of Newell, Shaw and Simon [11], about 1957. LT used the formal system of P r i n c i p i a M a t h e m a t i c s (P.M.), a Hilbert-type system where m o d u s p o n e n s (MP) is a primary inference rule. This style system is now rarely used because MP can use complex intermediate formulas often not at all evident from the conclusion sought or the premises at hand (in spite of Craig's interpolation lemma). Figure 2 gives a hint of this property. Of course, the purpose of LT was to simulate production of P.M.'s proofs (rather, the proof style), and thus s tudy the mathemat ic ian 's reasoning forms.

Recent work in the propositional calculus by Jeroslow [12] has dealt more carefully with determining satisfiability (computationally equivalent to validity) using known mixed integer programming techniques. He shows that a method that includes branch-and-bound techniques relates closely to the theorem-proving method DP of Davis-Putnam found in [18] which is computat ionally more efficient than the original version of DP that uses a resolution-type rule. An interesting feature of the mathematical programming technique studied by Jeroslow is the use of computat ional ly fast linear programming to catch many inconsistent formulas. Jeroslow is a t tempt ing to extend these techniques to first-order logic. (See [13].)

Most mechanized theorem provers deal with the predicate calculus. About fifteen years ago one could safely say that most predicate calculus theorem provers were resolution based, but it may not be true now. Also the boundary is fuzzy because one might include or exclude PROLOG systems. PROLOG descended (some might say "ascended")

217

from a linear resolution theorem prover but is distinct in many ways, including not being sound (it can lie!). (We discuss PROLOG later.) Most of the non-resolution systems have some variant of natural deduction as a foundation. We consider resolution systems first.

Resolution is the most familiar proof system within AI. It is a refutation logic with no logical axioms required (only the axioms from the problem s ta tement , after processing) and only one rule of inference, two if binary resolution is used so factoring is required. Conversion of the input to conjunctive normal form (cnf) with Skolem functions replac- ing existential quantifiers is not only a nuisance but, processed directly, can achieve an exponential increase in length. This occurs because of the distributive law use in obtaining the cnf. Many people have observed a remedy for this, by introducing new variables. The idea goes back to Tseitin [14]; let C be u new variable and let C~---A V B , where A V B appears in some clause. Replace A V B by C and add axioms A V B V--~C, ~-~A V C and ~ B V C . This is done similarly for con- juncts, using D----A A B for new variable D. Variations of the above ideas improve efficiency, but this device is not needed for most problem inputs.

By far the most active group pursuing resolution theorem proving at present is a group of people (Wos, Overbeek, McClure, Lusk, etc.) centered at Argonne National Labs. A resolution theorem prover AURA, also containing inference rules for reasoning with equality, has assisted these investigators in discovering previously open mathemat ica l problems, plus practical problems such as designing logic circuits. See [9]. An interesting recent paper [15] presents one view of ATP and lists some open research problems. Also from the same group is the LMA system (for Logic Machine Architecture [16] which provides tools so others can build their own theorem prover and includes a ready-made prover with the full capability of AURA.

Within the last decade or so there has been u movement towards using a graph form of resolution where literals (occasionally, clauses) are graph nodes and arcs connect poten- tially complementary literals. (See, e.g., [17], [18], [19], [20].) Besides g iv ingqu i ck access to the complementary literals the organization induced a t ighter control on the introduction of new clauses, often with a very positive effect.

The work with resolution emphasizes the importance of interaction between the au tomated provers and the user. Resolution is a machine-oriented logic [21] yet the significant proofs involve, at the stage, definite participation by humans. This is true of almost all provers we discuss. For example, in AURA it includes inference rule selection (globally), weighting of symbols to determine priorities and selection of discard rules.

We should note an impor tant recent theoretical advance regarding resolution. Earlier Tseitin [14] showed that a restricted proof form of resolution could have proofs exponential in size relative to their input. Although the proof constraint seems very natural it turned out to be very difficult to show tha t if a broader class of proofs were permit ted, corresponding to s tandard resolution, tha t one still had problems with huge proofs. Haken [21a] has now shown exponential sized proofs exist for s tandard resolution. It is still open whether introducing new variables, in the flavor of our discussion of controlling input size, can limit proof size. Showing that this limits proof size,

218

deemed unlikely, would be a major breakthrough for computer science in general as it would solve the NP, co-NP problem.

Natural deduction logics are playing a significant role in ATP primarily because human interaction with the automated deductive system component is so important . This reason is very explicit in Andrews TPS for higher order logic, which in internal mode has a resolution connection graph flavor, but where conversion to a natural deduction format is performed for presentation to the user. (See [22].) It is also involved in the design of human-oriented theorem provers, such as those of Bledsoe (see [23]). Suppes has developed interactive theorem provers for teaching logic and set theory courses tha t use his version of natural deduction [24a], [24b]. The idea of Suppes' systems is to have the s tudents find the major points of the proof and let the computer automatically fill in the details. Besides first-order logic rules of inferences, significant use is made of previously established theorems and recently introduced definitions, and a resolution theorem prover is available for use, with fixed time bounds. These systems have been the primary instructors in two sources since the early 1970s with quite rea- sonable success.

A number of other systems, most in the research stage, are taking the natural deduction approach. Good sources to monitor new developments in the A T P field, for all approaches not just natural deduction, are the C o n f e r e n c e s o n A u t o m a t e d D e d u c - t i on , with proceedings published by Springer-Verlag in their Lecture Notes in Com- puter Science series (in particular, see volumes 87, 138 and 170). There is a conference approximately every two years; one occurred this last summer. Another excellent source reporting new work is the J o u r n a l o f A u t o m a t e d R e a s o n i n g , published by D. Reidel Publishing Company, Dordrecht, Holland.

Before turning to pure equational theories, we should mention the rule of paramodula- tion, used in AURA by Wos et hi. quite extensively and effectively. Paramodulat ion augments resolution by building in the equality axioms, although some reflexivity axioms are needed under most search strategies. Paramodulat ion is subst i tut ion of equals coupled with unification. For example, using infix notat ion for readability, if y + ( - y ) = 0 is paramodulated into P(x + (-a), x) one obtains P(0,a). Notice that both the equation and the target expression have variables instantiated. Also, paramodulat- ing the equation into P(x,x) can yield P(y + (-y), 0). The related rule of demodulation, which perhaps receives even more use, restricts paramodulat ion in specifying a replacement direction in the equation (usually the longer expression is replaced by the shorter) and not allowing instantiation in the target expression. The usefulness of demodulation is not surprising; it is exactly the notion of rewrite rule that occurs in theorem provers for equational logics. Note, however that Wos et hi. are working within a full predicate calculus with equality. (In particular, the existential quantifier is permitted.)

Recall tha t equational logics have formulas of the form V ~ ( t l = t z ) , where represents all the variables in terms t 1 and t 2. Usually the quantifiers is omitted. Thus, the axioms of group theory may be presented as: e • x ~ x , x -1 • x ~---e and (x • y ) . z = x - (y • z). The equation e • x-----x might yield the rewrite rule e • x --~ z . A rewrite rule l ~ r permits a r e p l a c e m e n t in an expression (term) t if there exists a subst i tut ion 0 and subexpression l 0 in t. The replacement of l 0 in t by r 0 then yields the new term t I and is justified by rule l ---* r . The deduction is

219

noted by t ~ > t t Usually one begins with a term ~ and performs replacements until a term ol N is reached where no further replacement is possible. Such termination may not occur. If (~N exists it is called the r e d u c e d or n o r m a l form for ~. The usual approach to establishing ~ f l is to reduce c~ to c~ N and fl to fiN (if they exist) and see if (::~N and fin are identical.

Figure 3 gives a term rewriting system for differentiation and demonstrates that the derivative of x2-t - 10 and x • x are equal by finding the normal form of each term. We use the symbol ~ > to indicate that multiple replacements have occurred.

Rewrite rules:

D (a)--~0 D (x p )--*px p -1 D I f +g )--*D ( f ) + D (g) D ( f .g )--*gD ( f ) + f D (g x "l---*x x +O---*x x +x ---+2x

Query: Does D (x2+10)=D (x-x )?

a: integer p: integer, ~A0 f,g: terms f,g: terms

D (x2+10)~--->D (x2)+D (10) = > 2x +0-~-~>2x D (z " x ) = > x "D ( x ) + x - n (x) = : > x "l+x "1 ----:> x +x ----> 2x

A token term rewriting system for differentiation

Figure 3

To determine the truth of equations by comparing the normal form of each side of the equation one must be concerned with the existence and uniqueness of the normal forms. A normal form exists if the sequence of replacements terminates. Uniqueness is assured if normal form obtained is independent of the sequence of rules applied. For certain theories term rewriting systems exist where the truth of every equation can be decided by comparing normal forms; in particular, there is assured existence and uniqueness for the normal form of any term. Such systems are called c a n o n i c a l rewriting systems. (Any procedure that allows one to determine the t ruth of any closed formula in a theory is called a decis ion p r o c e d u r e for that theory.) A canonical rewriting system gives a decision procedure for that theory. Group theory has a canonical rewriting system, but no such rewrite system can be extended to handle the commutat ivi ty axiom in full. (Alternate means of handling commutativi ty within rewriting systems exist. Also specialized unification algorithms exist that build commutativity, associativity and/or other features directly into the pattern matching for sub- stitution. See [1] for a limited discussion and references.)

The obvious questions, given the above situation, are: what theories have canonical rewriting systems and how are such systems found? A key theorem in this area is the Knuth-Bendix theorem, published in 1970 [25], that gives conditions as to when a rewriting system is canonical and provides an alorithm to extend an existing system of rewriting rules that may yield a complete set of rules (i.e. a canonical system). While there is no assurance that the algorithm will yield a complete set of rules even when a rewriting rule system exists for that theory, it is the primary method for obtaining

220

canonical systems and often is successful. It has become the basis for most of the work in term rewriting systems.

Our extra attention to term rewriting systems in this paper is justified by the great importance such an approach has in ATP. For example, most of the theorem provers that reside within program verification systems use term rewriting systems. The power of the Knuth-Bendix approach was demonstrated when Mark Stickel [26] proved that x a = x implies ring commutativity, a challenge problem given by Bledsoe in 1977 [27]. (This challenge theorem was also proved by Veroff using the AURA system at Argonne.) In Stickel's approach associative/commutative unification and other aug- mentation were used to speed the convergence of the Knuth-Bendix algorithm to a complete set of reductions. This use of multiple techniques is a nice example of the apparent underlying principle that deeper theorems are obtained only with a collection of techniques used together.

Another important technique for proving formulas in equational theories is the conguence closure decision procedure (for satisfiability) of Nelson and Oppen [28]. Equality is a congruence relation in that whenever a ---- b then f ( a ) ---- f (b), for any function f . The procedure is a graph algorithm with each term structured in the graph. Figure 4 (from [28]) gives a graph representation for the terms f ( a , b ) and j" ( f ( a , b ) , b ) . If f ( a , b ) = a then by going to the parent node of each term and identifying first arguments, second arguments etc., when possible by known equalities,

A graph representation of terms f ( a , b ) and / ( I ,b ),b)

Figure 4

we see by the congruence condition that f ( f (a ,b ),b ) = f (a ,b ). We can also infer immediately now that f ( f (a ,b ),b ) = a by transitivity.

This algorithm is applicable for quantifier-free equational theories with boolean connectives and uninterpreted function symbols. By "uninterpreted function symbols" we mean functions foreign to the theory of concern, and therefore not having simplifying reductions within the theory. We explicitly mention that the equational theories must be quantifier-free because a boolean combination of universally-quantified equations can implicitly introduce the existential quantifier. We noted earlier that the pure equational theories can use a defined propositional calculus (see [14]) but processing efficiency is lower. The congruence closure procedure can be very fast and the

221

algorithm has been adopted for some other provers because of its speed. It is clearly not a subst i tute for all term rewriting systems as most theories have (interpreted) functions in the axioms. However, by customizing the algorithm to the theory, functions of the theory can be handled. When much nesting of functions occurs, so that the congruence relation is very important , the congruence closure algorithm can be very impressive. See [28] for a presentation of its use in a theory of LISP list structure.

There are other decision procedures of importance; a classic is Presburger ari thmetic (Pr.A.), a first-order theory of linear arithmetic. Other decision procedures are aug- menta t ion of Pr.A. to include array functions, a decision procedure for part of set theory, and a very powerful and interesting new decision procedure for par t of elementary plane geometry, discovered by a Chinese mathematician, Wen-Tsiin Wu in 1978. See [1] for references. Articles pertaining to Wu's algorithm appear in [21].

Since in practice (e.g., program verification) formulas do not always (usually?) stay boxed within a single classical theory, methods for combining decision procedures are important . Two methods for combining satisfiability decision procedures are those of Nelson-Oppen [29] and Shostak [30].

Many pure equational theories of interest require an infinite number of equations and a metalevel recursive definition mechanism for handling these equations in a finitistic manner. (Theories involving ari thmetic form one such class of examples.) If one wishes to au tomate the entire domain of reasoning in such cases, one incorporates mechanisms for proof by induction and recursive definition into the formal system of concern. This has been under taken by Boyer and Moore in work dat ing back to the early 1970's. (See [4].) As is usual in the ATP field, their system is interactive, often relying on the user to suggest useful lemmas and conjectures for induction proofs. However, the Boyer-Moore prover is capable of designing its own induction predicates, often by significant generalization of the theorem to be proved. (Recall that induction proofs may be easier to find for a generalization of a s ta tement than for the s ta tement itself.) Rewrite rules also are a major part of the inference s t ructure of this system.

The power of their methodology and the capability of their implementat ion is demonstrated by the span of theorems proved using their theorem prover. The prover can be regarded as a high-level proof checker for elementary number theory and recursive function theory, but besides proving the prime factorization theorem and similar classical theorems, the prover has been used to show the Tur ing completeness of the PURE LISP programming language and the correctness of the RSA public key encryption algo- ri thm. See [31] for a short overview of this impor tant project and for references regarding these and other applications.

A very intriguing discovery regarding equational theories with induction ("inductive domains") was made by David Musser about 1979 [32] and fur ther investigated by others such as Goguen [33]. It can be called "inductionless induct ion" and, very roughly, allows an induction proof to be replaced by a consistency proof. Applicable to "fully specified" theories, where variable-free terms are sufficiently expressive, one can apply the Knuth-Bendix algorithm to a (consistent) set E of equations defining the theory plus the conjectured equation e , and if the algorithm terminates wi thout a boolean inconsistency (true ~ false) then e follows from E . As dramat ic as the result is, there

222

is evidence that in practice the induction proof is often no harder than obtaining a successful Knuth-Bendix completion.

The last logic calculus we consider is higher-order logic, usually in the form of the typed k-calculus. This is a theory of types in the spirit of Russell but using the k- calculus of Church. A just published text by Peter Andrews [34] should be the best introduction to this material for those wishing an in-depth presentation.

Computer scientists are familiar with types from programming language methodology. Examples of types are the integers or sequences (lists) of integers. This is essentially the correct conception although sequences are defined via functions, for example. Like- wise, k-abstraction and, in principle, ),-reduction are familiar to those knowing LISP , or at least its roots. These are the main building blocks of the typed k-calculus.

A main contribution of Andrews is the development of an approach to proving theorems in higher-order logic that closely resembles resolution theory in first-order logic, using a connection graph approach. Indeed, Andrews and Miller have shown that every typed k-calculus formula is provable in the theory if and only if it has a "tauto- logous development", a generalized form of Herbrand's theorem upon which resolution depends [35]. However, the unification (due to Huet) used in the procedure arising from this theorem is much more complex than for first-order logic; the algorithm may not terminate. Nevertheless, a concise proof representation they call an e x p a n s i o n t r e e p r o o f format has been discovered, both useful for proof development and with the property that when a proof is completed it may be converted without further search to a natural deduction format.

Unlike first-order logic, when one needs to expand a formula by instantiating quantifiers, terms need not be generated by pattern mtching existing subformulas, but may be "inventive creations". This will remain a problem in automating higher-order logic for some time to come. Nevertheless, significant theorems most naturally stated in (set theory or) higher-order logic can be proved automatically. Andrews system demonstrated this by so proving Cantor's theorem (See [35].)

A p p l i c a t i o n s of A T P . When outlining this talk (and paper) it was our intent to conclude with some consideration of applications of ATP, particularly to programming languages of interest to people in AI. Certainly PROLOG is the most notable example. But equational logic has similarly spawned an interesting language whose prime developer is Michael O'Donnell. For lack of space we must simply give a pointer [36] to some very interesting work in programming using equational logic. Likewise, we can only reference here a program development system NUPRL of Robert Constable and others [37] that works within both the typed k-calculus framework and is based on constructive mathematics. Although it is a proof development system, by demanding a constructive existence proof, an object is constructed that satisfied the properties required. PROLOG programmers will recognize the connection between this and a problem-solving programming language.

PROLOG is the well-known application of automated theorem proving to the programming languages world. As the headliner for logic programming and the idea of declara- tive programming, PROLOG has been used in applications from intelligent databases to

223

expert systems. It is available for microcomputers as well as large mainframes, and is at the core of the Fifth Generation Computer Project [38].

As previously mentioned, the technology of PROLOG is that of a linear input resolution theorem prover. However, its application as a general context-free language parser, as a generalized database implementat ion language and as a general problem solving language was not obvious. To oversimplify, Colmerauer and Roussel s t ructured the language system and Kowalski helped us all unders tand the expressive power of Horn clause systems, the underlying logic for PROLOG. (See [39].)

There is much activity in the area of logic programming, and extending PROLOG in particular. Two impor tant extensions are into parallel PROLOG [40] and introducing higher-order logic constructs, i.e. )~-conversion [41]. Reintroducing the occurs-check in unification so that PROLOG is sound again but still fast is receiving at tent ion [42], [43].

A primary reason why PROLOG has been so successful is that so much of what one wishes to do can be expressed in Horn classes. However, some problems of interest demand a larger setting, where several implications have a disjunction of conclusions and /o r negated s ta tements naturally occur. There are solutions to this problem -- one tha t directly extends PROLOG to a complete system is the Prolog Technology Theorem Prover ( P T T P ) of Mark Stickel [43] based on the model elimination (ME) procedure of [7]. This is of particular interest not only because it compares itself to modern imple- menta t ions of PROLOG but because the first implementat ion of a PROLOG prototype by Colmerauer et al. was based on SL-resolution of Kowalski and Kuehner [44], itself rooted in the model elimination procedure. Another interesting extension of the problem reduction method tha t processes Horn clause logic is a natural deduction system of Plaisted [45].

While these systems do handle any problem having a first-order formulation, there is a price to pay in speed and complexity of machinery. For example, for the P T T P it is necessary to present (or have the system automatically create) certain contrapositives of each clause if the clause set is not Horn.

We would like to close this paper by presenting a proposal of a system that deals with non-Horn clause sets in a positive logic sett ing that minimally extends the PROLOG . machinery. The extension is particularly simple for "slightly non-Horn" clause sets, Horn clause sets altered by a disjunctive conclusion for a very few clauses. The pro- posed system can work on any problem presented as a single query and extended definite clauses so as to remain within a positive logic structure. However, added proof mechanism similar to the P T T P becomes desirable if too many non-Horn clauses are given. The advantage of this approach is simplicity, and possible speed in many cases. Because negation is not introduced no contrapositives need be generated. (This system can be extended to handle negated facts, on an a d ho e basis but with some practical success. The mechanism is within first-order logic, not a negation by failure.) This approach is still under development, and although we unders tand quite well the underlying principle, we are unsett led on many things, including notation. We use our current notat ion and labels, expecting that implementat ion considerations will suggest some changes. For a full presentation of the methods suggested here, see [42].

224

Because of limited space, we can only suggest the idea by illustration, and we must assume familiarity with PROLOG for this portion. By an e x t e n d e d d e f i n i t e c l a u s e we mean a clause tha t may have a disjunction of literals as a head. (We dislike the PRO- LOG terminology " t e r m " for atomic formula so use "li teral".) We presently use a semi- colon to separate head literals to keep the semantics of operators clean, al though the variance from Gentzen 's similar sequent notat ion displeases us. We use the symbol # (called u w a l l ) to separate d e f e r r e d h e a d s when they move to the right side of the clause. Figure 5 gives a very simple example of a slightly non-Horn clause set; non- Horn because of clause 5. The example is drawn from [7], p. 344. Clause 5 read literally s tates "If I have a swimming pool then either I go swimming or it rains". This is a t ranslat ion of the second sentence of the problem s t a t emen t to avoid a negation

I have a swimming pool. If I have a pool and it doesn't rain, I will go swimming. If I go swimming, I will get wet. If it rains, I will get wet. Prove I will get wet.

A: I have a swimming pool B: I go swimming C: I get wet D: It rains

Input. 1. ?- C. Proof. 2. C : - B . 3. C : - D . 4. A. 5. B; D :- A.

1. ?-C. 2. :- B. using 2 3. :- A#D. using 5 4. :- #D. using 4 5. :- C#D. restart 6. :- D#D. using 3 7. # success

Yes

A slightly non-Horn clause set

Figure 5

and keep a positive implication logic s t ructure .

The proof search begins with the que ry and proceeds in depth-first order, first-to-last, left- to-right as for PROLOG. When a goal matches with one of the head literals of a non-Horn clause, the only alteration is tha t the remaining head literals are placed to the right of the wall, whereas all goals are placed to the left of the wall. If all goals are successfully processed, as PROLOG prescribes, then removing deferred head literals are addressed. The query is again entered as a goal (a restart) and the process proceeds as PROLOG protocol demands. The restar t with query C is simply for proof presentation; actually, one restar ts with the goal tha t calls the clause with the last retained deferred head and proceeds from there, using s tandard backtracking control. Thus, line 6 follows from line 5 because goal B (line 2) had no al ternative call after line 5. When a goal is identical to a deferred head the two are cancelled. When no goals or deferred heads remain, we close successfully; the query is confirmed.

The first-order form, with variables, follows the pa t te rn with added st ipulat ions which we cannot detail here. Restar ts are constrained to the intant iat ion of the successful prior deduction, cancellation of goal with matching deferred head may require instan- t iation (hence branching), and identification of head literals (factoring) is not necessary.

225

These considerations appear in [4{}].

Even with this limited outline some people familiar with PROLOG and ME can deduce the rest. If one tries examples with more non-Horn clauses one sees that redundant deductions can arise quite easily. Techniques used in ME can reduce much of this redundancy very easily, but it is not apparent if even those simple checks constantly done exceed in cost the possible redundant search in slightly non-Horn problems. For sufficiently non-Horn clause sets the added checking is beneficial. We hope to get some feel for trade-offs through a prototype implementat ion but considerable experience may be needed for final judgment . Even with the small added ME-type mechanism this res- triction to a positive implication logic provides a considerable processing gain.

For some time, we have felt that a method that would allow a "gent le" extension of PROLOG for "a lmost-Horn" clause sets would be invaluable. This system seems to pro- vide the best we might hope for -- clearly some price had to be paid for leaving the Horn clause domain, and this seems to minimize the cost for small variants of Horn clause sets. When an input set is no longer "slightly non-Horn" will be determined by experience.

It is unfor tunate that the necessarily limited space restricts further amplification of many interesting projects, ideas and applications of the field of au tomated theorem proving. It is hoped that this survey has interested some of you in pursuing this area further, and has updated others as to the progress of this impor tant field.

References

[1] Loveland, D.W. Automated theorem proving: a quarter century review. In [2], 1-45.

[2] Bledsoe, W.W. and D.W. Loveland (Eds.). Automat ing Theorem Proving: After 25 Years. Contemporary Mathemat ics Series, Vol. 29, Amer. Math. Soc., 1984.

[3] Boyer, R.S. and J.S. Moore. A Computa t iona l Logic. Academic Press, New York, 1979.

[4] Mendelson, E. Introduction to Mathematical Logic. van Nostrand, 2nd edition, 1979.

[5] Suppes, P. Introduct ion to Logic, van Nostrand, 1957.

[6] Chang, C. and R.C. Lee. Symbolic Logic and Mechanical Theorem Proving. Academic Press, New York, 1973.

[7] Loveland, D.W. Automated Theorem Proving: A Logical Basis. North-Holland, Amsterdam, 1978.

226

[8] Wos, L., R. Overbeek, E. Lusk and T. Boyle. Automated Reasoning: Introduction and Applications. Prentice-Hall, Englewood Cliffs, N J, 1984.

[9] Bibel, W. Automated Theorem Proving. Vieweg Verlag. Braunschweig, 1982.

[10] Cohen, P.J. Set Theory and the Continuum Hypothesis. W.A. Benjamin, New York, 1966.

[11] Newell, A., J.C. Shaw and H.A. Simon. Empirical explorations of the logic theory machine: a case study in heuristics. Proc. Western Joint Computer Conf., 1956, 218-239. Also in Computers and Thought (Feigenbaum and Feldman, Eds.), McGraw-Hill, 1963, 134-152.

[12] Blair, C.E., R.G. Jeroslow and J.K. Lowe. Some results and experiments in programming techniques for propositional logic. To appear in Computer and Opera- tions Research.

[13] Jeroslow, R.G. Computation-oriented reduction of predicate calculus to propositional logic. Submitted for publication.

[14] Tseitin, G. On the complexity of derivations in propositional calculus. Studies in Constructive Mathematics and Mathematical Logic - Part II (Slisenko, Ed.), Con- sultants Bureau, New York, 1970, 115-125. Reprinted in Automation of Reason- ing 2: Classical Papers on Computational Logic (Seikmann and Wrightson, Eds.) Springer-Verlag, Berlin, 1983, 466-483.

[15] Wos, L. Automated reasoning: basic research problems. Report ANL/MCS- TM-67. Argonne National Lab., Argonne, IL, March 1986.

[16] Lusk, E.L., W.W. McCune and R.H. Overbeek. Logic machine architecture: (I) kernel functions (II) inference mechanisms. Proc. Sixth Conf. on Auto. Deduction (Loveland, Ed.), Lecture Notes in Comp. Sci. 138, Springer-Verlag, Berlin, June 1982, 70-108.

[17] Kowalski, R. A proof procedure based on connection graphs. Jour. Assoc. Com- put. Mach., 1975.

[18] Shostak, R.E. Refutation graphs. Artif. Intell., 1976.

[19] Andrews, P. Refutations by matings. IEEE Trans. on Computers, C-25, 1976, 801-807.

[20] Bl~ius, K., N. Eininger, J. Siekmann, G. Smolke, A. Herold and C. Walthur. The Markgraf Karl refutation procedure (Full 1981). Proc. Seventh Intern. Joint Conf. on Artif. Intell., Aug. 1981, 511-518.

227

[21] Robinson, J.A. A machine-oriented logic based on the resolution principle. Jour. Assoc. for Comput. Much., 1965, 23-41.

[21a] Haken, A. Resolution takes more than polynomial time. Ph.D. thesis, Univ. of Illinois, Urbana-Champaign, IL, 1983.

[22] Miller, D. Expansion tree proofs and their conversion to natural deduction proofs. Proc. Seventh Conf. on Auto. Deduction (Shostak, Ed.), Lecture Notes in Com- puter Science, Springer-Verlag, Berlin, May, 1984, 375-393.

[23] Bledsoe, W.W. Some automatic proofs in analysis. In [2], 89-118.

[24a] Suppes, P. University-level computer-assisted instruction at Stanford: 1968-1980. Inst. for Math. Studies in the Social Sci., Stanford Univ., Stanford, CA., 1981.

[24b]McDonald, J. and P. Suppes. Student use of an interactive theorem prover. In [2], 315-360.

[25] Knuth, D.E. and P.B. Bendix. Simple word problems in universal algebra. Com- binatorial Problem in Abstract Algebras (Leech, Ed.), Pergamon, New York, 1970, 263-270.

[26] Stickel, M.E. A case study of theorem proving by the Knuth-Bendix method discovering that x3=z implies ring commutativity. Proc. Seventh Conf. on Auto. Deduction (Shostak, Ed.), Lecture Notes in Computer Science, Springer-Verlag. Berlin, May, 1984, 248-258.

[27] Bledsoe, W.W. Non-resolution theorem proving. Artif. Intell., 1977, 1-35. Also in Readings in Artif. Intell. (Webber and Nilsson, Eds.), Tioga, Palo Alto, 1981, 91-108.

[28] Nelson, G. and D. Oppen. Fast decision procedures based on congruence closure. Jour. Assoc. for Comput. Mach., 1980, 356-364.

[29] Nelson, G. and D. Oppen. Simplification by cooperating decision procedures. ACM Trans. on Progr. Lang. and Systems, 1979.

[30] Shostak, R.E. Deciding combinations of theories. Proc. Sixth Conf. on Auto Deduction (Loveland, Ed.), Lecture Notes in Comp. Sci. 138, Springer-Verlag, Ber- lin, June 1982, 209-223.

[31] Boyer, R.S. and J.S. Moore. Proof checking, theorem proving, and program verification. In [2], 133-167.

[32] Musser, D. On proving inductive properties of abstract data types. Proc. Seventh ACM Conf. on Principles of Progr. Lang., Las Vegas, Jan. 1980, 154-162.

228

[33] Goguen, J.A. How to prove algebra inductive hypotheses without induction with applications to the correctness of data type implementation. Proc. Fifth Conf. on Auto. Deduction (Bibel and Kowalski, Eds.), Lecture Notes in Comp. Sci. 87, Springer-Verlag, Berlin, July, 1980, 356-373.

[34] Andrews, P.B. An Introduction to Mathematical Logic and Type Theory: To Truth Through Proof. Academic Press, New York, 1986.

[35] Andrews, P.B., D.A. Miller, E.L. Cohen and F. Pfenning. Automating higher- order logic. In [2], 169-192.

[36] O'Donnell, M.J. Equational Logic as a Programming Language. MIT Press, Cam- bridge, 1985.

[37] Constable, R.L., S.F. Allen, H.M. Bromley, W.R. Cleaveland, J.F. Cremer, R.W. Harper, D.J. Howe, T.B. Knoblock, N.P. Mendler, P. Panangaden, J.T. Sasaki, S.F. Smith. Implementing Mathematics with the Nuprl Proof Development Sys- tem. Prentice-Hall, Englewood Cliffs, N J, 1986.

[38] Lindamood, G.E. The structure of the Japanese fifth generation computer project - then and now. Future Generations Comp. Systems, July 1984, 51-55.

[39] Kowalski, R.A. Logic for Problem Solving. North-Holland, Amsterdam, 1980.

[40] Shapiro, E.Y. and A. Takeuchi. Object oriented programming in Concurrent Pro- log. New Generation Computing, 1, 1, 1983.

[41] Miller, D. and G. Nadathur. Higher-order logic programming. Report MS-CIS- 86-17, Dept. of Computer and Infor. Sci., Moore School, Univ. of Penn., Phil. PA., March, 1986.

[42] Plaisted, D. The occur-check problem in Prolog. New Generation Computing, 1984, 309-322.

[43] Stickel, M.E. A Prolog technology theorem prover. New Generation Computing, 1984, 371-383.

[44] Kowalski, R. and D. Kuehner. Linear resolution with collection function. Artif. Intell., 1971, 227-260.

[45] Plaisted, D.A. A simplified problem reduction format. Artif. Intell., 1982, 227- 261.

[46] Loveland, D.W. A Prolog for non-Horn programs. Forthcoming report.

229

AUTOMATED THEOREM PROVING: MAPPING …...AUTOMATED THEOREM PROVING: MAPPING LOGIC INTO AI D.W....

Documents

Transcript of AUTOMATED THEOREM PROVING: MAPPING …...AUTOMATED THEOREM PROVING: MAPPING LOGIC INTO AI D.W....