A Formal Semantics and Axiomatization for

A Formal Semantics and Axiomatization for Specifying the Dynamics of Knowledge-based Systems Dieter Fensel

Rix Groenboom

†

Abstract We study the KADS specification languages KARL and (ML)2 in a states as algebras setting. The essence of these languages is that they integrate a declarative specification of inferences together with control information. Therefore, these languages can be used to specify the dynamic reasoning process of knowledge-based systems besides their pure input/output behavior. The departure of our discussion is the logic MLCM (Modal Logic of Creation and Modification) which is developed to reason about dynamic properties of the specification language COLD stemming from software engineering. We propose necessary extensions to MLCM leading to the definition of MLCM++, and show that it is sufficient to express the inference steps of KADS-models. The three main contributions of the paper are: defining a semantics for the specification of the dynamic reasoning behavior of a knowledge-based system within the states as algebra setting; proposing an extension of MLCM for integrating the specification of static and dynamic aspects of a system; and providing for the first time an axiomatization of specification languages for knowledgebased systems.

1 Introduction The model of expertise as developed in the KADS-I [WSB92] and CommonKADS projects [SWH+94] has become a widely used framework for developing and describing knowledgebased systems (kbs). Such a model of expertise can be used to describe the reasoning process and the knowledge required by this reasoning process in an implementation-independent manner. The model distinguishes three different types of knowledge:

The domain layer provides the domain-specific knowledge necessary for defining the task and for realizing the different inference steps of the problem-solving process. The inference layer defines the reasoning process of the kbs. It consists of inference actions, (static and dynamic) knowledge roles, and an inference structure. The inference actions define the elementary inference steps of the reasoning process. The static roles define the role of the domain knowledge for the reasoning process. The dynamic roles are used to refer to intermediate results of the problem-solving process. The inference structure connects inference actions and roles and defines the data-flow dependencies between these elements.

University of Amsterdam, Department of Social Science Informatics, Roetersstraat 15, 1018 WB Amsterdam, the Netherlands. E-mail: [email protected] † University of Groningen, Department of Computing Science, P.O. Box 800, 9700 AV Groningen, the Netherlands. E-mail: [email protected]

1

The task layer defines the goals of the reasoning process and the way to achieve the goals. For the latter, control over the execution of inference actions is defined.

During the last years a couple of formal or executable specification languages have been developed for describing kbs. Most of them are based on the KADS model of expertise or define their conceptual model as a modification of this model. A survey on (most of) these languages can be found in [TW93, FvH94, Fen95b]. Supplementing conceptual modeling techniques like the KADS model by formal specification languages has three well known advantages:

Formal specification languages can be used to resolve ambiguity and lacking details of specifications stated in natural language. Executable specification languages enable the evaluation of the specification by prototyping (i.e. testing). Proof calculi based on formal semantics of the languages can be used to check relevant properties of a specification.

During the paper, we will discuss a new semantical framework for the inference and tasklayer in KADS which express the dynamic reasoning process of a kbs. In fact, we study two KADS-languages (KARL [Fen95a] and (ML)2 [vHB92]) and incorporate the ideas for inferences in the multi-modal logic MLCM [GR94]. The language (ML)2 was developed as part of the KADS projects and provides a formal specification language for the KADS model of expertise by combining three types of logic: order-sorted first-order logic extended by modularization for specifying the domain layer, first-order meta-logic for specifying the inference layer, and quantified dynamic logic [Har84], which was originally developed for the verification of procedural programs, for specifying the task layer. The language KARL was developed as part of the MIKE project [AFL+93] and provides a formal and executable specification language for the KADS model of expertise by combining two types of logic: A variant of Frame Logic [KLW93] is used to specify domain and inference layers. It combines first-order logic with semantical data modeling primitives. A restricted version of dynamic logic is provided to specify a task layer. Executability is achieved by restricting Frame logic to Horn logic with stratified negation and by restricting dynamic logic to regular and deterministic programs. We have chosen KARL and (ML)2 for our exercise as both languages (like MLCM) rely on dynamic logic to represent the dynamics of the reasoning process. As the technical core of the semantics of KBSSF [SP94] is close to that of KARL, most of the results of the paper can also applied to it. The other specification languages for kbs use different means for specifying the dynamics of a kbs: Petri nets (MoMo [VV93]), abstract data types (TASK [PGT95]), or linear temporal logic (DESIRE [Tre94]). Common for all approaches is that a formal semantics has to cover three aspects: the specification of static aspects of a kbs, the specification of the dynamics of a kbs (i.e., its reasoning), and the combination of both i.e. its overall semantics. For our study we restrict our attention to the second and third part as we think that the main improvement has to be done for the dynamic part. This part introduces also the main distinction to specification languages aiming on a pure functional description of a software system. As a consequence of our focus we abstract from some aspects of the languages:

In the case of KARL we abstract from all syntactical extensions of Horn logic by semantical data modeling primitives. 2

In the case of (ML)2 we abstract from the object-meta relationship between domain and inference layers.

These restrictions are not adopted for technical reasons as for both aspects clear semantics and axiomatization exist. Instead, the abstraction from these aspects helps to focus on the relevant aspects and it also significantly simplifies the formal parts of this paper. For the reminder of the paper we therefore assume first-order logic as language for representing the static knowledge. That is, first-order logic is used to specify the domain layer and the elementary inference actions in KARL and (ML)2 . A serious shortcoming of all of the specification languages for kbs appear when taking a closer look at the third advantages of formal specification languages: Proof calculi can be used to formally prove properties of specifications. Up to now, none of these languages provides such a support. Making process in such a direction is precisely the aim of our work. We introduce a framework for a formal semantics of dynamics which includes the way in which KARL and (ML)2 define it. We achieve this by taking and adapting work done in software engineering. As a consequence, we can also provide an axiomatization of the languages. Our starting point from software engineering is the wide-spectrum specification language COLD which can be used to specify static and dynamic aspects of a system. COLD, Common Object-oriented Language for Design, is developed at Philips Research Eindhoven in several ESPRIT-projects. The main ideas for the language originate from Hans Jonkers. The formal definition of COLD-K and its semantics have has been given in 1987 in [FJKR87]. The semantics is based on the many sorted partial infinitary logic MPLw , see [KR89]. The textbook [FJ92] gives a good introduction into COLD-K, the kernel language of COLD. For the notion of state, COLD and the specification formalism Evolving Algebras [G94] use, what we could call, the states as algebra’s approach. In this paradigm, a state is modeled using a (many-sorted) algebra. State transitions are performed by procedures, and consist of the modification of functions and predicates and the creation of new objects. To reason about this kind of formalisms a variant of Dynamic Logic [Har84] was studied. This resulted in the logic MLCM [GR94], a multi-modal logic for reasoning about state. To study the properties of Evolving Algebras [G94], a similar semantic approach is followed. This leads to the definition FLEA (Formal Language for Evolving Algebras ) in [GR95]. One could describe the relation of the four formalisms as follows: EA : FLEA = COLD : MLCM In this paper we will use states-as-algebra-paradigm to model the inference and task layers of KADS-models. The logic MLCM is the vehicle to formalize in a uniform way the inference process, based on KARL and (ML)2, and to derive an axiomatization for them. The structure of the paper is as follows. First we introduce the knowledge specification languages KARL and (ML)2 and focus on the dynamics of them. Then we discuss the language MLCM stemming from software engineering. In the following section, we show that the available program constructions of MLCM are not powerful enough and propose extension of MLCM. This leads to the definition of MLCM++. Then we use MLCM++ to define the inferences as present in the KADS language (ML)2 and KARL. We illustrate this by our running examples. Finally, we outline directions for future research. The appendix provides the axiomatization of MLCM++.

3

2 Formal languages This section introduces the formal languages that form the basis of the paper. First we introduce the KADS model of expertise and the two languages KARL and (ML)2 in question, and then we discuss the requirements for formal languages to specify knowledge based systems.

2.1 The Model of Expertise of KADS The languages KARL and (ML)2 use variants the KADS model of expertise as conceptual framework for specifying a kbs. We use a simple diagnostic task as an example to illustrate these models. The domain layer provides causal knowledge which can be used to relate findings to diagnoses and knowledge which can be used to assign preferences to possible diagnoses. The task of the kbs consists of finding the diagnosis with the highest probability for a given set of symptoms. The inference layer consists of two inference actions:

generate, creating possible hypotheses based on the given findings and the causal relationships at the domain layer. select, assigning a preference to hypotheses and selecting the diagnosis with the highest preference.

A simple control flow is defined by first executing the inference generate and applying the inference select on its output. generate derives all possible hypotheses which could explain some of the findings and select chooses the hypothesis with the highest preference (i.e., probability). The complete model is given in figure 1. The main point of a model of expertise is the separation of domain knowledge and control knowledge. The domain layer contains the static knowledge from the application domain and its terminology. The inference and task layers describe the dynamic reasoning process of the system. The inference layer defines the elementary inference steps, the relations between them, and the role of the domain knowledge for the reasoning process. In our example, the causal relationship is used by the generate inference step and the knowledge about probabilities is used by the select step. The description at the task layer provides the definition of the dynamics by defining control over the execution of the inference steps. The inference layer can be viewed as defining the vocabulary to express the control at the task layer. The distinction between the domain-specific knowledge and the domain-independent description of the reasoning process enables the reuse of domain knowledge for different task and reasoning strategies and the reuse of reasoning strategies (called problem-solving methods) in different domains. Without using formal specification languages, the semantics of the elementary elements of a model of expertise have to be defined by using natural language. KARL and (ML)2 have been developed to formalize these elementary elements.

2.2

(ML)2

In the following, we discuss domain, inference, and task layers of a model in (ML)2. Finally, we discuss of the semantics of the dynamics.

4

Task Layer Goal: Find the diagnosis which explains the reported findings and which has the highest preference. Body: hypothesis := generate(finding, causality); diagnosis := select(hypothesis, preference)

Inference Layer finding

generate

hypothesis

causality

symptom

diagnosis

select

preference

disease caused-by

[0,1] probability

Domain Layer

Figure 1: A model of expertise for a simplified diagnostic task.

5

2.2.1 Domain layer The sub-language of (ML)2 used to model a domain layer is order-sorted first-order logic extended by modularization. Instances are modeled by constants, and sorts can be used to model classes of such constants. Sorts can be arranged in an is-a hierarchy. Relationships between concepts are modeled by predicates of the according sorts. Attributes of concepts are modeled by functions. Arbitrary first-order theories can be used to specify the defined relationships. The specification of a domain layer can be divided into several modules. Such a module or theory defines a signature (i.e., sorts, constants, functions, and predicates) and defines axioms (i.e., logical formulae). These modules, i.e. sub-theories, can be combined by a union operator. In the following, we define the domain layer for our running example. For simplicity, we define the entire domain layer in one module. theory domain layer signature sorts symptom, disease, real; constants no ? f ever, low ? f ever, high ? f ever : symptom; healthy, in f luenza, pneumonia : disease; 0.5, 0.1, 0.05 : real; functions probability : disease ! real; predicates =: (real, real ); >: (real, real ); actual ? symptom : symptom; caused ? by : (symptom, disease); pre f er : (disease, disease); axioms actual ? symptom(low ? f ever); caused ? by(no ? f ever, healthy); caused ? by(low ? f ever, in f luenza); caused ? by(low ? f ever, pneumonia); caused ? by(high ? f ever, pneumonia); = ( probability(healthy), 0.5); = ( probability(in f luenza), 0.1); = ( probability( pneumonia), 0.05); = ( probability(X1), Y1 )^ = ( probability(X2), Y2 ) ^ Y1 > Y2 ! pre f er(X1, X2); endtheory

2.2.2 Inference layer In (ML)2 every inference action and every knowledge role is described by a theory similar to domain layer theories. An inference action (called primitive inference action in (ML)2) is described by a predicate and a logical theory. The inference actions generate and select are modeled by two predicates: 6

piagenerate( f inding(X ), causality( f inding(X ), hypothesis(Y )), hypothesis(Y )) piaselect (hypothesis(X ), pre f erence(Z ), diagnosis(Y )) The descriptions of the inference actions generate and select are given in the following. also uses order-sorted logic at this layer, but we leave out the sorts for brevity.

(ML)2

theory generate input roles finding, causality; output roles hypothesis; signature predicates piagenerate; variables X, Y ; axioms input f inding( f inding(X ))^ inputcausality(causality( f inding(X ), hypothesis(Y ))) ! piagenerate( f inding(X ), causality( f inding(X ), hypothesis(Y )), hypothesis(Y )) endtheory

theory select input roles hypothesis, preference; output roles diagnosis; signature predicates piaselect ; variables X, Y, Z; axioms inputhypothesis(hypothesis(X ))^ input pre f erence( pre f erence(Z ))^ :(9Y : inputhypothesis(hypothesis(Y ))^ pre f (hypothesis(Y ), hypothesis(X )) 2 Z ) ! piaselect (hypothesis(X ), pre f erence(Z), diagnosis(Y )) endtheory

The inference layer is modeled as a meta-language of the domain layer. This meta-relation allows the inference-layer to specify properties of relations over domain-layer formulae without resorting to second-order logic. Object- and meta-language are connected by a naming relation and reflection rules. At the inference layer a lift operation is defined for every knowledge role which is connected to the domain layer. The lift operator defines a naming relation by mapping expressions of the domain layer to variable-free terms at the inference layer. This lift-operator is defined as a system of rewrite rules that translate domain-layer sentences into inference-layer terms. In the following, we introduce the lift definitions for the knowledge roles finding, causality, preference, hypothesis, and diagnosis. The knowledge roles finding, causality and preference are connected to the domain layer as they provide domain knowledge

7

for the reasoning process. On the other hand, the knowledge role hypothesis collects intermediate results from the problem-solving process and provides it for another inference action. As it obtains its contents from an inference action it does not require a mapping definitions which would connect it to the domain layer. The knowledge role diagnosis collects the results of the problem-solving process and has no connection to the domain layer either. lift-definition finding from domain layer; to generate; signature sorts boolean, quoted ? term; constants 00 X 00 : quoted ? term; functions f inding : quoted ? term ! boolean; mapping lift(domainlayer, actual ? symptom(X )) ! f inding(00X 00 ); end lift-definition

lift-definition causality from domain layer; to generate; signature sorts boolean, quoted ? term; constants 00 X 00 ,00 Y 00 : quoted ? term; functions causality : (quoted ? term, quoted ? term) ! boolean; mapping lift(domainlayer, caused ? by(X, Y )) ! causality(00X 00 ,00 Y 00 ); end lift-definition

lift-definition preference from domain layer; to select; signature sorts boolean, quoted ? term; constants 00 X 00 ,00 Y 00 : quoted ? term; functions pre f erence : (quoted ? term, quoted ? term) ! boolean; mapping lift(domainlayer, pre f er(X, Y )) ! pre f (00 X 00 ,00 Y 00 ); end lift-definition

lift-definition hypothesis to generate, select; signature sorts term, boolean; functions hypothesis : term ! boolean; 8

end lift-definition

lift-definition diagnosis to select; signature sorts term, boolean; functions diagnosis : term ! boolean; end lift-definition

Still, the input predicates input f inding, inputcausality, and input pre f erence used in the definition of the inference action piagenerate and piaselect have not yet been defined. For this purpose, reflection rules are provided which connect truth in object- and meta-logic. input f inding( f inding(X )) =def ask2 (domainlayer, f inding(X )) inputcausality(causality(X, Y )) =def ask2(domainlayer, causality(X, Y )) input pre f erence(Z ) =def f pre f (hypothesis(X ), hypothesis(Y ))jask`(domainlayer, pre f er(X, Y ))g ask2(theory, X ) is true iff X is an axiom of theory and ask`(theory, X ) is true iff X is a logical consequence of theory. The knowledge role hypothesis does not provide domain knowledge for the inference actions. It collects the output of the inference action generate and provides it as an input to the inference action select. This dynamic character of hypothesis makes it necessary to define the input predicate inputhypothesis at the task layer. The knowledge role diagnosis is used as an output role only and require therefore no input predicate. 2.2.3 Task layer Quantified-dynamic logic is used to specify dynamic control at the task layer. Every predicate specifying an inference action at the inference layer together with the test operator ? is regarded as an elementary program statement and the knowledge roles are used as input and output parameters of such programs. For every such elementary program a history variable Vpiai is defined which stores the input-output pairs for every execution step. The key idea is to nondeterministically choose a value binding of a logical variable by the test operator and store this value in a state variable. Four types of task-layer operations are available for each inference action piai : checking whether an instantiation exists, checking whether an instantiation has already been computed, checking whether more instantiations exist, and actually computing and storing a new instantiation: has-solution-piai (I, O)

=def

piai (I, O)

old-solution-piai (I, O)

=def

((I, O)

more-solutions-piai (I, O)

=def

(has-solution-piai (I, O)^ :old-solution-piai (I, O))

9

2 Vpiai )

The important program is give-solution-piai which gives one possible solution: give-solution-piai (I, O)

=def

(more-solutions-piai (I, O))?; Vpiai :=< (I, O)jVpiai >)

Note that old-solution-piai versus Vpiai is an administration for the non-deterministic execution of give-solution-piai necessary to ensure the derivation of new instantiations of the predicate. These primitive programs and predicates can be combined using sequential composition, non-deterministic iteration and non-deterministic choice. For our example, we have to define the input predicate input hypothesis and the control flow between the inference actions. The knowledge role hypothesis collects the output of the inference action generate and provides it as input to the inference action select. The following definition of the input predicate is the way in which (ML)2 can be used to define data-flow between inferences. inputhypothesis(X ) =def 9I1 , I2 with(I1, I2 , X ) 2 Vpiagenerate The task layer of our example looks like: while

(more-solution-piagenerate( f inding(X ),

causality( f inding(X ), hypothesis(Y )), hypothesis(Y )) do give-solution-piagenerate( f inding(X ), causality( f inding(X ), hypothesis(Y )), hypothesis(Y )) enddo; give-solution-piaselect (hypothesis(X ), pre f erence(Z ), diagnosis(Y ))

2.2.4 Semantics of Dynamics Dynamic Logic [Har84] uses Kripke structures to define a semantics for programs. A structure has the form S = (D, F, P) consisting of a domain D, an interpretation F of the function symbols and an interpretation P of the predicate symbols. A state over S is a function s interpreting variables as elements of D. The interpretation of functions and predicates is fixed for all states. Let denote W the set of all states. Programs p are interpreted by binary relation on states. Formulas ψ are interpreted by all states for which they are true. For example, I ( p; q) I (ψ ?) I (Y := X )

= = =

f(s0, s1 ) j s0 , s1 2 W ^ 9s2 2 W ^ (s0, s2 ) 2 I( p) ^ (s2, s1) 2 I(q)g f(s, s) j s 2 W ^ ψ is true in sg f(s0, s1 ) j s0 , s1 2 W ^ s1 (Y ) = s0 (X )^ 8Z such that Z =6 Y s0 (Z) = s1(Z)g

The important program in (ML)2 is give ? solution ? piai which gives one possible solution. The gist of the matter of this state transition is to apply the test operator ? to the predicate piai which defines an inference action. piai (I, O)? eliminates all states which interprets (i.e., 10

substitutes) the variables I, O in a way which does not fulfill piai (I, O). In the successor step, these variable substitutions are appended to the list of already computed input-output pairs. Simplified, we have the following pattern: I (P(X )?; Y := X )

= =

f(s0, s1) j f(s0, s1) j

s0 2 I (P(X )) ^ (s0, s1) 2 I (Y := X )g (P(s0(X ))) is true in s0 ^ s1 (Y ) = s0 (X )^ 8Zsuch that Z 6= Y s0(Z) = s1(Z)g

2.3 KARL The language KARL provides a formal and executable specification language for the KADS model of expertise by combining two types of logic: Logical-KARL (L-KARL) and ProceduralKARL (P-KARL). L-KARL, a variant of Frame Logic [KLW93], is provided to specify domain and inference layers. It combines first-order logic with semantic data modeling primitives (see [Bro84] for an introduction to semantic data models ). A restricted version of dynamic logic is provided by P-KARL to specify a task layer. Executability is achieved by restricting Frame logic to Horn logic with stratified negation [Prz88] and by restricting dynamic logic to regular and deterministic programs. Again, we will discuss the domain, inference, and task layers in KARL and sum up with discussing the semantics of dynamics. 2.3.1 Domain layer KARL uses L-KARL to describe the domain layer. It provides predicates, classes, class hierarchies, single- and set-valued attributes with domain and range restrictions, and multiple attribute inheritance for modeling terminological domain knowledge. The derivation of new object denotations can be expressed by functions. The domain layer of our running example is given in figure 2. As it is a simple example the domain layer contains only ground facts and some terminological definitions given by the graphical language of KARL. 2.3.2 Inference layer The same language L-KARL as is used at the domain layer is provided for specifying inference actions and roles at the inference layer. KARL distinguishes three types of knowledge roles. Views define an upward translation from the domain layer to the inference layer (giving readaccess). Terminators define a downward translation from the inference layer to the domain layer (giving write-access). Stores provide the input or output of inference actions. Whereas views and terminators are used to link a domain layer with a generic inference layer, stores are used to model the data-flow dependencies between inference actions. The definitions of the inference actions, stores, views, and terminators of our example are given in figure 3. 2.3.3 Task layer KARL uses the logical language Procedural-KARL (P-KARL), a variant of dynamic logic, at the task-layer. Therefore, it can be used in a similar way as procedural programming languages to express control. The primitive programs correspond to calling an inference action, and atomic formulae indicate whether knowledge roles contain elements of a given class. Such

11

symptom

effect

cause

disease

probability Real

caused-by output data

symptom

caused-by

disease

E-ID term

effect

cause

E-ID term

probability

no-fever

no-fever

healthy

healthy

0.5

low-fever

low-fever

influenca

influenca

0.1

high-fever

low-fever

pneumonia

pneumonia

0.05

high-fever

pneumonia

Figure 2: The domain layer of the example in KARL.

12

VIEW Finding UPWARD MAPPING x ∈ finding← x ∈ symptom. END;

VIEW Preference DEFINITIONS high hypothesis

preference low

UPWARD MAPPING preference(low:x, high:y)← x ∈ hypothesis ∧ x[probability : v] ∈ disease ∧ y ∈ hypothesis ∧ y[probability : w] ∈ disease ∧ v < w. END;

STORE hypothesis DEFINITIONS

INFERENCE ACTION generate PREMISES finding, causality; CONCLUSIONS hypothesis; RULES Y ∈ hypothesis ← X ∈ finding ∧ causality(cause:X,effect:Y). END

hypothesis END

INFERENCE ACTION select PREMISES hypothesis, preference; CONCLUSIONS diagnosis; RULES X ∈ not-max-hypothesis ← X ∈ hypothesis ∧ Y ∈ hypothesis ∧ preference(low:X,high:Y). X ∈ diagnosis ← X ∈ hypothesis ∧ ¬ X ∈ not-max-hypothesis. END

VIEW Causality DEFINITIONS effect finding

cause

hypothesis

causality UPWARD MAPPING causality(cause:x, effect:y)← caused-by(cause:x, effect:y). END;

TERMINATOR diagnosis DEFINITIONS diagnosis DOWNWARD MAPPING x ∈ output-data ← x ∈ diagnosis. END;

Figure 3: The inference layers of the example in KARL.

13

primitive programs and atomic formulae can be arranged into sequences, loops, and alternatives. Programs may be combined to named subtasks, similar to procedures in programming languages. The task layer of our example looks like: hypothesis := generate( f inding); diagnosis := select (hypothesis) Each inference action defines a function symbol used in assignments. Each store and terminator is modeled by a (program) variable. The value assignments of the variables are used to represent the current state of the reasoning process. 2.3.4 Semantics of Dynamics The logical language L-KARL used to describe the domain, the inference layer, and their connection has a Herbrand model semantics [Llo87]. KARL allows stratified negation under the closed-world assumption using the minimal (i.e., perfect) Herbrand model as semantics [Prz88]. In contrast to Prolog, the evaluation of these clauses is set-oriented [Ull88]: not one but all instantiations of an inference action are computed. The procedural knowledge is represented by P-KARL. It is a variant of Dynamic Logic using Kripke structures as semantics. The integration of the modal semantics of the task-layer and the Herbrand models of L-KARL is as follows: the models of L-KARL are used to define an interpretation for a P-KARL language, i.e., the perfect Herbrand model of the set of clauses which define an inference action piai is used to interpret a function symbol piai occurring in assignments in P-KARL. Each store and each terminator is modeled by a (program) variable. The current state is represented by an assignment s of these variables. Notice, that a set of ground facts is assigned to each program variable. Slightly simplified, a transition is defined as: I (output-role(X ) := piai (input-role)) = f(s0, s1) j s1(output-role) = perfect-Herbrand-model (PIAi [ s0(input-role))g where PIAi is the set of Horn clauses describing piai . 2.3.5 Differences Between KARL and (ML)2 Inference actions are modeled as relations in (ML)2 and as functions in KARL. In KARL, each inference action defines a function which is used to interpret a function symbol used in an assignment in dynamic logic. The execution of an inference action deliver one instantiation of the predicate in (ML)2 and all ’instantiations’ in KARL as the complete minimal Herbrand model of the logical theory describing the inference and the facts of the input roles is evaluated. Therefore, there is no non-deterministic choice in KARL. (ML)2 defines a history variable V piai for each inference action piai . This variable stores all already derived tuples of the relation defined by the logical theory of the inference action. It is mainly used to ensure that give-solution-piai(I, O) derives new tuples. Therefore, (ML)2 provides the local history of each inference action but provides neither a description of the global state or the global history as the states of the different roles are not uniquely related together. On the other hand, KARL does not provide a history of the reasoning process but a description of the global state of it. 14

2.4 The Requirements of Specification Languages for Knowledge-Based Systems A language for specifying the reasoning process of knowledge-based systems must combine non-functional and functional specification techniques: On the one hand, it must be possible to express algorithmic control over the execution of sub-steps. On the other hand, it must be possible to characterize sub-steps only functionally without making commitments to their algorithmic realization. In the following we will see how these requirements cause problems in directly applying MLCM for this purpose and we will also discuss the extension of MLCM to MLCM++ which overcomes this difficulty.

3 MLCM MLCM is an abbreviation of Modal Logic of Creation and Modification. The logic is developed for reasoning over state transitions as described in the specification language COLD. As stated in the introduction, COLD uses algebras to model states and procedures to perform states transitions. The principal observation is that we can identify two basic modification operators: the modification of a function or predicate, and the creation of a new object. Modification of a function can be regarded as a generalization of the assignment in traditional imperative programming languages; creation can be compared with dynamic data-types in imperative programming languages (for example the new in Pascal). MLCM is a modal logic in the tradition of Dynamic Logic as proposed by Pratt [Pra76] (see also Goldblatt [Gol82] and Harel [Har84]). In the traditional setting of dynamic logic, a state is represented as the assignment of (logical) variables. To modify a state the assignment of variables is changed. The same interpretation is given to the evaluation of the quantifiers, that also modify the assignment of a variable. Take as example the following formula from dynamic logic; the evaluation of the existential quantification more or less ‘undoes’ the states modification.

9x(x = 2))

[x := 3](

In MLCM, ‘programming variables’ are represented as objects (constant function symbols). The variables in a quantification ranges over objects, and constants and functions refer to objects. So, in MLCM we write:

9x(x = 2))

[c := 3](

The logic MLCM is first presented in [GR94]. In that publication we present the semantics in a slightly different way. Besides COLD, the specification formalism Evolving Algebras also uses the states-as-algebra paradigm. A good introduction to Evolving Algebras can be found in [G94]. In [GR95], the logic MLCM is used to formalize Evolving Algebras resulting in the definition of a language FLEA (Formal Language for Evolving Algebras ). For the definition of FLEA we extend MLCM with a join operator (the join operator gives the parallel execution of two updates, for example c:=3,d:=4). Syntax The logic MLCM is an extension of predicate logic with partial functions, obtained by adding formulae [α ]A, where α is a program expression. For the construction of complex program expressions the same operations are used as in dynamic logic. 15

The syntax of MLCM reads: VAR

x

FUNC

f

PRED

p

TERM

t ::=

PROG

α ::=

FORM A ::=

(a

countably infinite collection of variables)

0) (predicate symbols, with arity 0) ? j x j f (t1, . . . , tn) NEWc j f (t1, . . . , tn) := t j p(t1, . . . , tn) :$ A j A? j α ; α j α [ α j α (t = t ) j p(t1 , . . . , tn ) j A ^ A j :A j 8xA j [α ]A (function

symbols, with arity

Here, c stands for constant symbols, i.e. function symbols with arity 0. The formulae >, ?, A _ B, A ! B, A $ B and 9xA are defined as usual. The symbol ? denotes the undefined object. The dual of [α ]A (written as hα iA) is defined as :[α ]:A. Variables and substitution Contrary to Dynamic Logic, the definition of the free and bound occurrences of variables is straightforward. The set of free variables, FV , is defined as FV ([α ]A) = FV (α ) [ FV (A). In Dynamic Logic the assignments (x := t ) have a binding character. Substitution [t/x]A of term t for x in A is not always defined in MLCM, only if no function symbols in t come into the scope of program statements that may change their meaning. So, e.g., [c=x]([NEWc](x = y)) nor [ f y=x]([ f (s) := t ](x = z)) are defined. The clauses for the definition of substitution are as usual, except for formulae of the form [α ]A: [t/x]([α ]A) = [[t/x]α ]([t/x]A)

if func(t ) \ mod(α ) = 0/ or x does not occur freely in A else undefined.

Here func(t ) is the set of function symbols occurring in t and mod(α ), the collection of signature elements that are possibly modified by α , is defined by: mod (NEWc) mod ( f (s) := t ) mod ( p(s) :$ A) mod (A?) mod (α ; β ) mod (α [ β ) mod (α )

fcg ffg = f pg =

=

0/ mod (α ) [ mod (β ) = mod (α ) [ mod (β ) = mod (α ) =

=

As an example, [t ( f , c)=x]([ f (s) := t ]φ (x)) cannot be rewritten as [ f (s) := t ]φ (t ( f , c)). Semantics The definition of the semantics of MLCM has two steps. First we define the notion of structure, a kind of proto-model in which terms and formulae of MLCM can be interpreted. Then we restrict this notion to models by imposing requirements on the accessibility relations corresponding to the program statements: the interpretation of formulae is used in the formulation of these requirements.

16

Structure

A structure is a quadruple M

< U, V, W, R >, where

=

? 2 U; / V is the set of new objects V = fvnjn 2 N g. Define Vn := fvk 2 V jk < ng, so V0 = 0, V1 = fv0 g and Vn+1 = Vn [ fvn g. W 6= 0/ is the collection of worlds. One world is a triple w =< Uw, Fw, Pw >, where: – Uw = U [ Vn for some n; – Fw = f fwj f 2 FUNCg with fw : Uwn ! Uw (n the arity of f ); – Pw = f pwj p 2 PREDg with pw Uwn (n the arity of p). R = fRα ,ajα 2 PROG, a 2 ASSg W W is a collection of binary relations on W . U is a set of objects with

Here, ASS is the set of assignments: – Assignments a 2 ASS = VAR ! (U [ V ) and pointwise modification a[x (where x 2 VAR, u 2 (U [ V )) of an assignment are defined as usual.

7! u]

Interpretation For the definition of the interpretation we observe only unary function and predicate application. The generalization to the n-ary case is straightforward. For an assignment a : VAR ! (U [ V ) we have a local assignment aw : VAR ! (U [ V ) for each world w: aw(x)

= =

a(x) if a(x) 2 Uw ? if a(x) 62 Uw

Let [[t ]]w,a, the interpretation of term t in world w with assignment a, be defined by:

?

[[ ]]w,a [[x]]w,a

=

[[ f t ]]w,a

=

=

?

aw (x) fw ([[t ]]w,a)

For w, a j= A, the interpretation of formula A in world w with assignment a, we have w, a j= p(t ) w, a j= (s = t ) w, a j= :A w, a j= A ^ B w, a j= 8xA w, a j= [α ]A

=def =def

[[t ]]w,a

2

pw [[s]]w,a = [[t ]]w,a =

6 ?

not (w, a j= A) w, a j= A and w, a j= B =def for all u 2 (Uw n f?g)(w, a[x 7! u] j= A) =def for all w0 2 W (wRα ,a w0 ) w0 , a j= A)

=def =def

When necessary, we use the following abbreviations: w j= A Γ j= A j= A

for all a 2 ASS(w, a j= A) =def for all w 2 W (for all B 2 Γ(w j= B) ) w j= A) =def for all w 2 W (w j= A) =def

Here, Γ denotes a set of formulae.

17

Model A structure is called a model if it satisfies a number of requirements for the relations Rα ,a 2 R.

wRNEW c,a w0 iff w0 is the unique world with: Uw [ fvng where n is the unique number with Vn – cw0 = vn – fw0 = fw [ fvn ! fw (?)g for all f 2 FUNCnfcg – Uw0

=

– pw0

=

Uw and vn 62 Uw

pw for all p 2 PRED

Note that we do not need a nor the interpretation of expressions and formulae.

wR f (s):=t,aw0 iff w0 is the unique world with: =

– Uw0

Uw

– fw0 ([[s]]w,a) = [[t ]]w,a

– fw0 u = fwu for all u 2 Uw n f[[s]]w,ag – gw0 = gw for all g 2 FUNC n f f g – pw0

=

pw for all p 2 PRED

Note that we need the interpretation of expressions.

wR p(s):$A,aw0 iff w0 is the unique world with: =

– Uw0 – – – –

Uw

2 pw0 iff w, a j= A v 2 pw0 , v 2 pw for all v 2 Uw n f[[s]]w,ag fw0 = fw for all f 2 FUNC qw0 = qw for all q 2 PRED n f pg ([[s]]w,a )

Note that we need the interpretation of formulae.

RA?,a

f

Rα ;β ,a Rα [β ,a Rα ,a

jw, a j= Ag

= (w, w) =

Rα ,a Rβ ,a

=

=

Rα ,a [ Rβ ,a

Rα ,a

18

Axiomatization For MLCM we propose an axiomatization in the appendix. The axiomatization is proven complete for the fragment without the -operator in [GR94]. The logic has the following inference rule () denotes meta implication): MP

A, A ! B ) B

Subst

A ) [t =x]A

N

Γ ` A ) [α ]Γ ` [α ]A

Dec

Γ, A ` B ) Γ ` (A ! B)

Furthermore, the axioms of predicate logic hold. For atomic programs, we demand determinism and termination: Atom

hα iA $ [α ]A

, α atomic.

For each elementary program and program constructor satisfies some axioms. The appendix presents a full axiomatization of MLCM. The axiomatization is claimed to be complete, a publication is being prepared.

4 Adaptation of MLCM for Knowledge-Based Systems This section discusses attempts to formalize the inferences as present in the presented KADSlanguages. The first approach we present leads to the insight that the basic language of MLCM is not suitable for this modeling. Then we present MLCM++, that will serve as our language to formalize KADS-inferences. MLCM++ contains also constructs that are not used in the (current ) formulation of the KADS-languages. We will discuss this issue briefly at the end of this section. We model each inference action by a predicate and assume that each predicate is defined by some formulas (at the domain layer, in the mapping between domain and inference layers, and directly in an inference action). In other words, if some relation pia(x, y) is defined and we have that x is in an instantiation of an input role, then we want to infer that y is an instantiation of the output role: input-role(x) ^ pia(x, y) ! output-role(y)

4.1 Using pure MLCM On first sight, the following definition for an elementary action looks tentative (in conformity with the definition of KARL-inferences): generate =def

(( f inding(x)

^ causality(x, y))?; hypothesis(y) :$ true)

For (ML)2 , the inference actions can be encoded similarly. But there is a technical problem. The encoding as a MLCM-program ((input-role(x)

^ pia(x, y))?; output-role(y) :$ true)

does not work. This is due to the fact that the repetition statement does not alter the assignment of the variable x. So, in order to ‘check’ all the objects from the universe we have be able to let x range over all objects. 19

The problem is caused by the different grain-size of the elementary transitions in MLCM and in languages as KARL or (ML)2. In MLCM, the elementary programs are assignments of a value to one constant or the modification of one function value or an assignment of a truth value to one ground literal. In KARL, the elementary program in dynamic logic is itself a logical program, i.e., describes an entire set of these updates which should be done in parallel. The functional specification of an inference action in KARL can be programmed in MLCM, but that does not fit our demands states earlier. Two possibilities would exist. First, MLCM could be used to program a fix-point operator which evaluates the declarative definition of inference action as done by the interpreter of KARL [Ang93]. Second, for each inference action a specific algorithm can be programmed which computes its functionality. Both solution would violate the declarative character of the specification of inference actions. In the following, two new language constructs are introduced in MLCM to allow the evaluation of a logic program as elementary transitions in dynamic logic.

4.2 Definition of MLCM++ For MLCM++, we introduce two new operators: a δ -operator for a non-deterministic adjustment of a predicate and a λ -operator that allows us to modify the truth values of all ground instantiations of a predicate in one atomic action. The elementary programs that we add to the syntax are: PROG α ::=

p :$ δ x.A

j

p :$ λ x.A

For these operations, we define the following semantics:

wR p:$δ x.A,a w0 iff w0 is a world with: – Uw0

=

– fw0 – qw0

= fw

Uw

– exists precisely one u 2 Uw ((u 2 pw0 for all u0 2 Uw n fug(u0 2 = pw0 ))

, w, a[x ! u] j= A) and

2 FUNC = qw for all q 2 PRED n f pg for all f

wR p:$λ x.A,a w0 iff w0 is the unique world with: – Uw0

=

– qw0

= qw

Uw

– for all u 2 Uw (u 2 pw0 , w, a[x ! u] j= A) – fw0 = fw for all f 2 FUNC for all q 2 PRED n f pg

A program using the λ operator also succeeds in the case where no ground instantiation of the predicate p is evaluated to truth (i.e., :A is a tautology). A program using the δ operator fails in that case as no instantiation of the predicate with truth value true can be produced. Note also that the program p :$ δ x.A is non-deterministic. The axiomatization of δ and λ closely follows the axioms for the one-point predicate modification (as presented in the appendix):

20

DM1 DM2 DM3 DM4

8y[ p :$ δ x.A]B $ [ p :$ δ x.A](8yB) [ p :$ δ x.A](9!x( px)) 9xA ! 9x(A ^ [ p :$ δ a.A] px) B $ [ p :$ δ x.A]B for all B not containing p

For λ we have: LM1 LM2 LM3

8y[ p :$ λ x.A]B $ [ p :$ λ x.A](8yB) 8x(A $ [ p :$ λ x.A]( px) B $ [ p :$ λ x.A]B for all B not containing p

For both axiomatizations holds that the first axiom reflects that the does not change the universes. The second states the change of the predicate p. The last axiom states that the other functions and predicates do not change. Generalization to n-ary predicates. We can easily generalize the restrictions imposed during the introduction of MLCM, viz. that functions and predicates are considered unary. For the a binary predicate p the parallel predicate modification ( p :$ λ x, y.A) has the following characteristic for the accessibility relation: for all u, v 2 Uw ((u, v) 2 pw0

, w, a[x ! u, y ! v] j= A)

Not used MLCM++ constructs. The original formulation of MLCM contains an operator NEW which extends the universe with an additional object. This kind of dynamics is not exploited in (ML)2 but for some applications of KARL it can be useful. In KARL, the creation of new objects is expressed by applying a function symbol on a given term (i.e., new-object(t )). The full use of NEW is still point of further research. Function updates. Besides the generalization of the one-point predicate modification, we can also generalize the one-point function update. If we extend the syntax with PROG α ::=

f := λ x.t

we can define the semantics as follows:

wR f :=λ x.t w0 iff w0 is the unique world with: – Uw0

=

Uw

– for all u 2 Uw ( fw0 u = [[t ]]w,a[x!u] ) – gw0 = gw for all g 2 FUNC n f f g – pw0 = pw for all p 2 PRED

This function modification relates to some extent with the parallel composition of one-point function update of Evolving Algebras (the join-operator as in introduced in [G94] and [GR95]).

21

If we consider the multiple modification of a predicate p with aid of the join-operator, we have for example: p(t1) := true ,

p(t2) :$ true ,

p(t3) :$ f alse

This statement reflects the modification of p on three places and leaving the p not changed. The parallel modification (denoted by the , operator) is only defined if the result is not-contradicting (the modification should be consistent). Given a statement containing parallel predicate modification (thus with the join operator) we can give an equivalent multiple predicate modification (with the λ -operator). The above example can be translated with the λ -operator as: p :$ λ x.A with A defined as:

8x( )

6 ^ x 6= t2 ^ x 6= t3 ! p(x)) ! true) ^ ^(x = t2 ! true) ^(x = t3 ! f alse)

(x = t 1 (x = t1

It states that p gets overwritten with the predicate A (evaluated with in the old state). For the objects different of t1 , t2 , and t3 the predicate does not change (it keeps the old value of p). And for t1, t2 , and t3 the predicate p change to true, true, and f alse respectively. A full treatment of these generalization goes beyond the scope of this paper. In particular the generalization for the λ -operator applied to functions is not evident.

4.3 The use of MLCM++ for KADS-inferences From the previous analysis we can conclude that the general scheme of an inference in KADS can be stated as: input-role(x) ^ pia(x, y) ! output-role(y) We will discuss the formalization in MLCM++, inspired on KARL and (ML)2. KARL In KARL the calling of an inference action, for example hypothesis := generate( f inding) can be expressed in the extended version of MLCM++ as: generate =def hypothesis :$ λ y.(9x( f inding(x) ^ causality(x, y))) This formulation can be paraphrased as: output role hypotheses will be true iff there exists an object x in the input role finding that is related according to the formula which defines the inference action.

22

The formulation offers flexibility enough to state more advance expressions. In the above statement the value of the output role gets over-written. If we would like to only extend it (with extend we mean that output-role stays true if is was true), we can formulate this as: output-role :$ λ y(9x((input-role(x) ^ pia(x, y)) _ output-role(x)

) )

This implies a significant improvement of modeling with KARL. Currently, KARL requires artificially two inference actions (one select and one copy step) when a fact of an input role should be deleted.1 (ML)2

The δ operator of MLCM++ catches the technical core of (ML)2. One instantiation of the predicate is chosen non-deterministically. Otherwise, we have not yet decided to hardwire the mechanism give-solution-pia of (ML)2 in MLCM++ as there are some problems related to this construct. This construct can fail in a non-intuitive manner. For example, an inference action multiply fails if it gets the same input values a second time.

4.4 The diagnostic example with MLCM++ We use our running example to exemplify the formulation of inference steps in MLCM++. Assume the domain layer and its mapping onto the inference layer specifies the predicates finding, causality, and pref (for preference). The definition of the generate and select can now be given as follows. First we add a initialization step, and then we perform a generate step followed by a select phase:

GenerateAndSelect =def hypothesis :$λ x.false; diagnosis :$λ x.false;

hypothesis :$λ y.(9x(finding(x) ^ causality(x, y)));

diagnosis :$δ x.(hypothesis(x) ^ :9y(hypothesis(y) ^ (pref(x) < pref(y)))) Using this formulation we can make some simplifications to the proposed algorithm. Since both hypothesis and diagnosis get overwritten in the right hand side of the multiple predicate modification where the old values are not, we can omit the initialization step. To annotate this program, using the proof rules, we use the following notation. We abbreviate P ! [α ]Q as fPgα fQg. The resulting definition of generate & select is fairly straightforward:

GenerateAndSelect =def

ftrueg

hypothesis :$λ y.(9x(finding(x) ^ causality(x, y)));

f8y(hypothesis(y) $ 9x(finding(x) ^ causality(x, y)))g diagnosis :$δ x.(hypothesis(x) ^ :9y(hypothesis(y) ^ (pref(x) < pref(y)))) f8y(hypothesis(y) $ 9x(finding(x) ^ causality(x, y))) ^9x(diagnosis(x) ^ hypothesis(x) ^ :9y(hypothesis(y) ^ (pref(x) < pref(y))))g 1

In (ML)2 it is not possible to delete elements of roles at all.

23

5 Related Work Not yet done. Should be done for Evolving Algebras [G94], Transaction Logic [KLW93], PDDL [SWM95] and DDL [SWM93].

6 Conclusions and Future Work We have studied the dynamic constructs in the KADS languages KARL and (ML)2. Just as for the formalization of Evolving Algebras, the logic MLCM is a good departure for the formulation dynamic systems but some extension have to be done. The possible world semantics of MLCM offers a flexible setting for the definition of additional constructs. For the specification of the steps in the inference layer, we made use of the multiple predication modification. The example of a simple KADS-model, shows that is it possible to use concise MLCM-programs to describe the dynamic behavior defined at the inference and task layers of a KADS model of expertise. In this way, a precise and clean semantics as well as an axiomatization is achieved for KADS specification languages. This result was achieved by extending the grain-size of the elementary state transitions of MLCM. Currently, we are specifying the problem-solving method propose & revise [SB95] with MLCM++ to get some experience in proofs with MLCM++. Automated support for this proofs could probably be provided by the Karlsruhe Interactive Verifier (KIV) [HRS90] which is currently also adapted to the state as algebra setting of MLCM and Evolving Algebras. This studying of the KADS-language also influenced the further development of MLCM. The research let to the definition of four new operators, of which two are useful to model KADS-inferences. The relation between for example the join operator of Evolving Algebras and the generalized modification (the λ -construction) needs further studies.

7 Acknowledgment We would like to thank Joeri Engelfriet, Pascal van Eick, Frank van Harmelen, G. R. Renardel de Lavalette, and Mark Willems for valuable comments on early drafts of the paper.

References [Ang93]

J. Angele: Operationalisierung des Modells der Expertise mit KARL, Infix, St. Augustin, 1993.

[AFL+93]

J. Angele, D. Fensel, D. Landes, S. Neubert, and R. Studer: Model-based and Incremental Knowledge Engineering: The MIKE Approach. In J. Cuena (ed.), Knowledge Oriented Software Design, IFIP Transactions A-27, Elsevier Science Publisher B.V., Amsterdam, 1993.

[Bro84]

M.L. Brodie: On the development of data models. In M.L. Brodie et al. (eds.), On Conceptual Modeling, Springer-Verlag, Berlin, 1984.

[Fen95a]

D. Fensel: The Knowledge Acquisition and Representation Language KARL, Kluwer Academic Publ., Boston, 1995. 24

[Fen95b]

D. Fensel: Formal Specification Languages in Software and Knowledge Engineering, The Knowledge Engineering Review, vol 10( 4), 1995.

[FJ92]

L.M.G. Feijs and H.B.M. Jonkers: Formal Specification and Design, Cambridge Tracts in Theoretical Computer Science 35, 1992.

[FJKR87]

L.M.G. Feijs, H.B.M. Jonkers, C.P.J. Koymans and G.R. Renardel de Lavalette: Formal definition of the design language COLD-K (Preliminary version), ESPRIT document METEOR/t7/PRLE/7, April 1987 (Final version: August 1989).

[FvH94]

D. Fensel and F. van Harmelen: A Comparison Of Languages Which Operationalize And Formalize KADS Models of Expertise, The Knowledge Engineering Review, vol 9( 2), 1994.

[Gol82]

R. Goldblatt, Axiomatising the logic of computer science, Lecture Notes in Computer Science, no 130, Springer-Verlag, Berlin, 1982.

[GR94]

R. Groenboom and G.R. Renardel de Lavalette: Reasoning about Dynamic Features in Specification Languages. In D.J. Andrews and J.F. Groote and C.A. Middelburg (eds), Proceedings of Workshop in Semantics of Specification Languages, October 1993, Utrecht, Springer Verlag, 1994.

[GR95]

R. Groenboom and G.R. Renardel de Lavalette: A formalization of Evolving Algebras. In Proceedings of Accolade 95, Dutch Graduate school in Logic, Amsterdam, 1995, pp. 17 – 28.

[G94]

Y. Gurevich: Evolving Algebras 1993: Lipari Guide. In E.B. Bo¨ rger (ed.), Specification and Validation Methods, Oxford University Press, 1994.

[Har84]

D. Harel: Dynamic Logic. In D. Gabbay and F. Guenthner (eds.), Handbook of Philosophical Logic, Vol. II, D. Reidel Publishing Company, 1984, pp. 497 – 604.

[HRS90]

M. Heisel, W. reif, W. Stephan: Tactical Theorem Proving in Program Verification, 10th International Conference on Automated Deduction, Kaiserslautern, Germany, July 1990, Springer-Verlag, Lecture Notes in Computer Science, no 449, Berlin, pp. 117-131.

[KLW93]

M. Kifer, G. Lausen, and J. Wu: Logical Foundations of Object-Oriented and Frame-Based Languages. In Technical Report 93/06, Department of Computer Science, SUNY at Stony Brook, NY, April 1993. To appear in Journal of ACM.

[KR89]

C.P.J. Koymans and G.R. Renardel de Lavalette, The logic MPLω , In: Algebraic Methods: Theory, tools and applications, M. Wirsing and J.A. Bergstra (eds.), LNCS 394, Springer Verlag, 1989, pp. 247 – 282.

[Llo87]

J. W. Lloyd: Foundations of Logic Programming, 2nd Editon, Springer-Verlag, Berlin, 1987.

[PGT95]

C. Pierret-Golbreich and X. Talon: An Algebraic Specification of the Dynamic Behaviour of Knowledge-Based Systems. Submitted, The Knowledge Engineering Review, 1995. 25

[Pra76]

V.R. Pratt, Semantical considerations on Floyd-Hoare logic, Proc. 17th annual IEEE symp. on foundations of computer science, 1976, pp. 109 – 121.

[Prz88]

T. C. Przymusinski: On the Declarative Semantics of Deductive Databases and Logic Programs. In J. Minker (ed.), Foundations of Deductive Databases and Logic Programming, Morgan Kaufmann Publisher, Los Altos, CA, 1988.

[SP94]

J. W. Spee and L. in ’t Veld: The Semantics of KBS SF, A Language For KBS Design, Knowledge Acquisition, vol 6, no 4, pp 369 – 394, 1994.

[SWH+94]

G. Schreiber, B. Wielinga, R. de Hoog, H. Akkermans, and W. Van de Velde: CommonKADS. A Comprehensive Methodology for KBS Development, IEEE Expert, vol 9(6), 1994.

[SB95]

A. Th. Schreiber and B. Birmingham (eds.): special issue on the VT Sisyphus Task, International Journal of Human-Computer Studies (IJHCS), special issue, in press.

[SWM93]

P. Spruit, R. Wieringa, and J.-J. Meyer: Dynamic Database Logic: The First Order Case. In V.W. Lipeck and B. Thalheim (eds.), Fourth International Workshop on Foundations of Models and Languages for Data and Objects, Workshop in Computing, Springer-Verlag, 1993.

[SWM95]

P. Spruit, R. Wieringa, and J.-J. Meyer: Axiomatization, Declarative Semantics and Operational Semantics of Passive and Active Updates in Logic Databases, Journal of Logic Computation, vol 5(1), 1995.

[Tre94]

J. Treur: Temporal Semantics of Meta-Level Architectures for Dynamic Control of Reasoning, In L. Fribourg et al. (eds.), Logic Program Synthesis and Transformation - Meta Programming in Logic, Proceedings of the 4th International Workshops, LOPSTER-94 and META-94, Pisa, Italy, June 20-21, 1994, Lecture Notes in Computer Science, no 883, Springer Verlag-Berlin, 1994.

[TW93]

J. Treur and T. Wetter (eds.): Formal Specification of Complex Reasoning Systems, Ellis Horwood, New York, 1993.

[Ull88]

J. D. Ullman: Principles of Database and Knowledge-Base Systems, vol I, Computer Sciences Press, Rockville, Maryland, 1988.

[WSB92]

B.J. Wielinga, A.Th. Schreiber, and J.A. Breuker: KADS: A Modelling Approach to Knowledge Engineering, Knowledge Acquisition, vol 4(1), 1992.

[vHB92]

F. van Harmelen and J. Balder: (ML)2: A Formal Language for KADS Conceptual Models, Knowledge Acquisition, vol 4(1), 1992.

[VV93]

H. Voss and A. Voss: Reuse-Oriented Knowledge Engineering with MoMo. In Proceedings of the 5th International Conference on Software Engineering and Knowledge Engineering (SEKE93), San Fransisco Bay, June 14-18, 1993.

26

Appendix: Axioms of MLCM++ The mentioned syntax is extended with a unary definedness predicate ! and weak equality ' (also called equivalence or partial equality ) defined as: t! s't

=def

(t = t )

=def

(s!

_

t!) ! s = t

MLCM is axiomatised as follows ([α ]Γ stands for the set

f[α ]A j A 2 Γg).

General rules For MLCM we have to following inference rules: A, A ! B ) B

MP Subst

A ) [t =x]A

N

Γ ` A ) [α ]Γ ` [α ]A

Γ, A ` B ) Γ ` (A ! B)

Dec

Predicate logic For the precidate logic, the fragment without modal operators, we have: Taut

All tautologies of propositional logic

Eq1 Eq2 Eq3 Eq4

x'y!y'x x ' y^y ' z! x ' z x ' y ! fx ' fy x ' y ! ( px $ py)

Undef Quan1 Quan2

:(? !) (x! ! A) ) 8xA (8xA ^ x!) ! A

Derivability Γ ` A (A is derivable from Γ), is defined inductively as usual: all A 2 Γ and all instances of axioms are derivable from Γ, and if all premises of a rule are derivable from Γ then so is the conclusion. A collection of formulae Γ is called consistent iff Γ 6` ?. Let x be not free in Γ. Observe that we do not have Γ ` A , Γ ` 8xA for x not free in Γ, / A = x!. But we do have, again for x not free in Γ: i.e. a counterexample is Γ = 0, Γ ` A(x) Γ ` 8xA(x)

, ,

Γ ` (8xA(x)) ^ A(?) Γ ` (x! ! A(x))

Modal logic For atomic programs, we demand determinism: Atom

hα iA $ [α ]A

For NEW: C1 x = y $ [NEWc](x = y 6= c) C2

px $ [NEWc] px

C3

[NEWc](c!

^

f (x) 6= c

^

f (c) ' f (?) ^ 27

( p(c)

$ p(?)))

For function modification: FM1 FM2 FM3 FM4

A $ [ f (s) := t ]A s ' x ! (t

for all A not containing f

' y $ [ f (s) := t ] f x ' y) s 6' x ! ( f x ' y $ [ f (s) := t ] f x ' y) 8x[ f (s) := t ]A $ [ f (s) := t ](8xA)

For predicate modification: PM1 PM2 PM3 PM4

A $ [ p(s) :$ C]A

for all A not containing p

s ' x ! (C $ [ p(s) :$ C] px)

s 6' x ! ( px $ [ p(s) :$ C] px)

8x[ p(s) :$ C]A $ [ p(s) :$ C](8xA)

For the program constructs:

$ (A ! B) ;AX [α ; β ]A $ [α ][β ]A [AX [α [ β ]A $ ([α ]A ^ [β ]A) AX [α ]A $ (A ^ [α ][α ]A) INF fA ! [α n]Bjn 2 Ng ) A ! [α ]B Here, [α n] is recursively defined as: [α 0 ] = [>?] and [α n+1] = [α ][α n]. ?AX

[A?]B

MLCM++ The constructs for MLCM++, can be axiomatized as follows. For the random predicate ajustment (δ ) we have: DM1 DM2 DM3 DM4

8y[ p :$ δ x.A]B $ [ p :$ δ x.A](8yB) [ p :$ δ x.A](9!x( px)) 9xA ! 9x(A ^ [ p :$ δ a.A] px) B $ [ p :$ δ x.A]B for all B not containing p

For the multiple predicate modification (λ ) we have: LM1 LM2 LM3

8y[ p :$ λ x.A]B $ [ p :$ λ x.A](8yB) 8x(A $ [ p :$ λ x.A]( px) B $ [ p :$ λ x.A]B for all B not containing p

28