An Alternative To The Iteration Operator Of Propositional ... - CiteSeerX

An Alternative To The Iteration Operator Of Propositional Dynamic Logic Marcos Alexandre Castilho1

IRIT - Universite Paul Sabatier and UFPR - Universidade Federal do Parana (Brazil)

Andreas Herzig

IRIT - Universite Paul Sabatier e-mail: fcastilho,[email protected] February 19, 1996

Abstract

In this paper we present an alternative to the iteration operator of Propositional Dynamic Logic (PDL) and a tableau system for the resulting logic. We show the correctness and completeness of the method. REPORT 96-05-R

1

This work was supported by CAPES/BRAZIL

1 Introduction

In this work we present an alternative to the iteration operator () of Propositional Dynamic Logic (PDL) [Har84]. The way we do this is to replace this operator by the necessity operator (2) of modal logic S4 plus an interaction axiom of multimodal logic. The resulting logic (called A) is weaker than PDL, but is strong enough to reason about actions and plans. In section 2 we present the language, semantics and axiomatics of A. In section 3 we show how one can reason about actions and plans in A. In section 4 we present a tableau system for A, to provide an automatic way of deciding whether a formula is a theorem or not. Sections 5 and 6 present, respectively, the correctness and completeness results for the tableau system.

2 The logic A

In this section we present the logic A, the language, semantics and axiomatics. We also present the notation to be used in the rest of the paper.

2.1 Language

The language of A is as follows: Let ACT0 be a set of atomic actions (ACT0 = f; ; : : :g) and let FOR0 be a set of atomic formulas, or just atoms (FOR0 = fP; Q; : : :g). We construct inductively the set ACT of actions and the set FOR of formulas in the following way:

      

> 2 FOR; ? 2 FOR; FOR0  FOR if A; B 2 FOR then :A 2 FOR, A _ B 2 FOR and 2A 2 FOR. if A 2 FOR and  2 ACT then []A 2 FOR ACT0  ACT;  2 ACT0 if ; 2 ACT then (; ) 2 ACT and ( [ ) 2 ACT if A 2 FOR then A? 2 ACT We use ^, !, $ as usual, hiA to abbreviate :[]:A and 3A to abbreviate :2:A as in modal logic. We also use [; ]A for [][ ]A, [ [ ]A for ([]A ^ [ ]A), [A?]B for (A ! B), []A for A and [if A then  else ]B for ((A ! []B) ^ (:A ! [ ]B)) As in dynamic logic we read  \do nothing", A? \continue if A holds",  [ \do either  or

nondeterministically", (; ) \do  followed by " and []A \every possible execution of action  leads to a situation in which A is true". We read 2A \all plans leads to a situation in which A is true". A plan is a (possibly empty) sequence of actions. Finally, if a formula does not contain modal operators, we call it a classical formula.

1

2.2 Semantics

We de ne standard models for our logic A as quadruples of the form  = (W; (R)2ACT0 ; R2; j=), where W is a set of worlds, each R and R2  W  W is a binary relation (called an accessibility relation) and j= is the satisfaction relation with the following truth condition:  j=w P i w 2 (P), where  : FOR0 ?! 2W  j=w >  not j=w ?  j=w :A i not j=w A  j=w A ^ B i j=w A and j=w B  j=w A ! B i if j=w A then j=w B  j=w A _ B i j=w A or j=w B  j=w A $ B i j=w A if and only if j=w B  j=w []A i 8w0 2 W such that wRw0, j=w A.  j=w 2A i 8w0 2 W such that wR2 w0, j=w A. We impose no restrictions on the (R ) family of relations, but we require R2 to be re exive and transitive. Moreover, we suppose R2  R;  2 ACT0 . Validity and satis ability are de ned as usual. We denote j=A P to mean \P is valid in A". 0

0

2.3 Axiomatics

The following are the axioms and rules of inference schemes for A, where A; B 2 FOR and  2 ACT: PL: All tautologies of classical propositional calculus K(): [](A ! B) ! ([]A ! []B) K(2): 2(A ! B) ! (2A ! 2B) T(2): 2A ! A 4(2): 2A ! 22A I(2; ): 2A ! []A (M:P:): if A and A ! B then infer B (RN2 ): if A then infer 2A We denote `A A to mean \A is a theorem of A" and theoremhood is de ned as usual.

Remark.: A may be seen as a multimodal logic made up from Propositional Dynamic Logic (PDL) [Har84] without the iteration operator (*), plus the well known modal logic S4 for the 2operator plus the interaction axioms fI(2; ) : 2A ! []Ag. In fact, A is an abbreviation for K() + S4(2) + I(2; ).

3 Reasoning about actions and plans in A In this section we show how the components of systems for reasoning about actions and plans may be written in the formalism of our logic A. We present usual tasks and classical problems of reasoning about actions and plans in terms of A, but we don't propose any solution for them. This is subject of future research and is presented now only as a motivation. 2

3.1 Representation

Let ACT0 stand for atomic actions and ACT stand for compound actions built with elements of ACT0 and the operators \", \?", \;", \[", \if ... then ... else .. .". For example, we may have atomic actions like \load", \shoot" and \wait", and more complicated compound actions like \load; wait; shoot" and \if dead then  else load; shoot". Let KB be the knowledge base, the set of classical formulas representing the actual world. Let ICACT be the set of Action Laws. They have the form 2(A ! []B), where A is the precondition and B is the postcondition of the action . Special action laws have the form 2(A ! []A) and are called frame axioms. Finally, we have the set ICCLASS of Integrity Constraints, whose elements have the form 2A, where A is classical. In planning systems we also have the set Goal, whose formulas have the form 3A, where A is classical. Example: KB : walking ^ loaded. ICCLASS : 2(alive $ :dead), 2(loaded $ :empty), 2(walking ! alive). ICACT : hwaiti> hloadi> loaded ! [shoot]dead, loaded ! [shoot]empty, (frame axioms:) alive ! [wait]alive, loaded ! [wait]loaded walking ! [load]walking, dead ! [shoot]dead Goal : 3dead, 3alive

3.2 Reasoning tasks

Once we have a representation for the world and for the actions laws, the essentials tasks we are interested includes: 1. Planning: We know the actual and the desired world, and we want to know about the existence of a sequence of actions that lead from the actual situation to the desired one. In other words we want to know whether `A KB ^ ICACT ^ ICCLASS ! Goal is a theorem of A. We claim that as antecedents do not contain positive 3?operators, from the proof of a planning problem we can construct a plan. For example, we may have to know if there is a proof of the formula \:loaded ^ 2(loaded ! [shoot]dead) ^ 2[load]loaded ! 3dead". The proof of this theorem gives us a plan. 2. Prediction: We know the actual world (KB1 ) and we want to point out the correct state of the world we may obtain (KB2 ) if we apply in KB1 a given sequence of actions. In the formalismwe have, what we want to know is whether `A KB1 ^ ICACT ^ ICCLASS ! []KB2 is a theorem of A. 3. Postdiction: We want to know the preceding state of the world (KB1 ) having only the actual world (KB2 ) and knowing that a given sequence of actions was executed. In other words, we want to know whether `A []KB2 ^ ICACT ^ ICCLASS ! KB1 is a theorem of the logic. 3

3.3 Reasoning problems

In order to realize tasks as those described in the previous section, three main problems arise. These problems were pointed out the rst time by McCarthy and Hayes [MH69]: 1. The frame problem is that in real world, it is impractical to write down all non-consequences of an action. In other words, after an action, one must say everything that do not change in the world. In terms of A, the frame problem is that the set of frame axioms is too big, and in fact it contain almost all formulas of ICACT . E.g. we don't want to write the frame axioms alive ! [wait]alive, loaded ! [wait]loaded, etc... 2. The rami cation problem is the dual of the frame problem, i.e., it is dicult to take into account all the (direct and indirect) consequences of an action, i.e., it is dicult to take into account the set ICCLASS . E.g. after the execution of [shoot] in loaded ! [shoot]dead, one must also conclude that :walking and :loaded. 3. The quali cation problem is related with the diculty to write down the potentially immense number of preconditions of an action. E.g. the preconditions of the action of starting a car. Moreover, it may be computationally intractable to check all quali cations for each action to be executed. We note that with our formalism it is possible to solve the rami cation problem. In fact the solution is straightforward since we have the set ICCLASS . We don't have solutions to the frame neither the quali cation problem, but for the former we claim that it is possible to nd such a solution following the work of Gasquet and Herzig [GH95].

4 A-Tableau rules

In this section we present a tableau system for A. We will use a generalization of Fitting's signed formulas notation [Fit83]. Thus, if A is a formula we write:  V 2 to mean T 2A or F 3A  V  to mean T[]A or F hiA  2 to mean T 3A or F 2A   to mean T hiA or F[]A Moreover, the result of removing the modal operator of V 2 , V  , 2 or  is denoted by a subscripted 0. For example, if V 2 = 2A then V02 = A. We also consider the following de nitions in order to simplify notation in the next section. Let S be a set of formulas and  2 ACT. Then  S 2 = fV 2 : V 2 2 S g  S  = fV0 : V  2 S g When we want to evidence some formula A in a set of formulas S we will write S; fAg. In this case, we consider that A 2= S. The - and -rules2 are the same as in [Fit83] and are not listed. The other rules are divided in two categories: those that do not correspond to a world change in the semantics (the V -rules) and those that do correspond to a world change in the semantics (the -rules, represented in the gures by an arrow). In the former, like the - and -rules, we simply add a formula to the set, and in the latter we erase all formulas and rewrite new ones in the new world. They are3 : 2 3

 and appear in boldface when they are used as rule names and not to denote dynamic operators. This method does not have a V  -rule.

4

V 2 -rule from V 2

 -rule from S; 

2 -rule from S; 2

#

#

infer V02 infer S 2 ; 02 infer S 2 ; S  ; 0

Example: If we have the following formulas in a world w, where ; 2 ACT, Ai 2 FOR: w

1. T 3A1 2. T 3A2 3. T 2A3 4. T 2A4 5. T[]A5 6. T[ ]A6 7. T hiA7 8. T h iA8 We can apply the A-tableau rules to obtain (in the same world): w 9. TA3 3, V 2 -rule 10. TA4 4, V 2 -rule or we can apply the A-tableau rules to obtain (in dierent worlds w1 and w2): w1 w2 1'. T 2A3 1". T 2A3 2'. T 2A4 2". T 2A4 or 1, 2 -rule 7,  -rule 3'. TA1 3". TA5 4". TA7

5 Correctness

In this section we will present the correctness proof of the A-tableau system. In order to do this we have to show two lemmas. De nition 1 If w is a world in a model  = (W; (R)2ACT0 ; R2 ; j=) and S is a set of signed formulas, we write j=w S when j=w A, 8A 2 S. Lemma 1 Suppose  = (W; (R)2ACT0 ; R2; j=) is a standard model, S is a set of signed formulas, w 2 W and w0 2 W is any world such that wRw0 (and hence wR2 w0 , since R2  R). Then: 1. j=w S implies j=w S  [ fV02 : V 2 2 S g. 2. j=w S implies j=w S 2 . 3. j=w V 2 implies j=w V02 . Proof 1. If j=w S then j=w A, 8A 2 S. If A is of the form V  , then by de nition, 8w0 2 , wRw0, j=w V0 . So j=w fV0 jV  2 S g, i.e., j=w S  . And since R2  R; 8 2 ACT we have wR2w0 . So for each V 2 2 S we have by de nition j=w V02 . Thus j=w fV02 : V 2 2 S g. Hence j=w S  [ fV02 : V 2 2 S g. 0

0

0

0

0

0

0

5

0

2. Let w00 be any world in W such that w0R2 w00. Since wR2w0 and R2 is transitive, wR2 w00. So, for each V2 2 S, if j=w V 2 it follows j=w V02 , i.e., 8w00 2  such that w0 R2 w00 we have wR2 w00 and so j=w V02 , in other words, j=w V 2 . Hence j=w S 2 . 3. Since j=w V 2 , we have by de nition j=w V02 , 8w0 2  such that wR2 w0. But R2 is re exive, so in particular we have wR2w and hence j=w V02 . De nition 2 A tableau is A-satis able if some branch of it is A-satis able. A branch of a tableau is A-satis able if the set of formulas on it is A-satis able. A set S of formulas is A-satis able if there is a world w in a standard model  such that j=w S. Lemma 2 Suppose T is a A-satis able tableau. Then T 0 , the tableau that results from a single A-tableau rule applied to T, is also A-satis able. Proof If T is a A-satis able tableau then some branch of it is A-satis able. If a branch other then one on which we apply the rule is A-satis able that branch is still present in T 0 and is still A-satis able. Hence T 0 is A-satis able. Suppose  is a A-satis able branch of T and the tableau rule is applied on . We analyze the consequences for each tableau rule: i) case -rule is applied ( = S;  is replaced by 1 = S; ; 1; 2 ). Now  is A-satis able, so in some A-model  = (W; (R)2ACT0 ; R2; j=) there is a world w such that j=w S and j=w . By de nition j=w 1 and j=w 2 , and hence 1 is A-satis able. ii) case -rule is applied ( = S; is replaced by 1 = S; ; 1 and 2 = S; ; 2 ). Now  is A-satis able, so in some A-model  = (W; (R)2ACT0 ; R2; j=) there is a world w such that j=w S and j=w . Hence j=w 1 or j=w 2 , and hence either 1 or 2 is A-satis able. iii) case V 2 -rule is applied ( = S; V 2 is replaced by 1 = S; V 2 ; V02 ). Now  is A-satis able, so in some A-model  = (W; (R)2ACT0 ; R2; j=) there is a world w such that j=w S and j=w V 2 . By lemma 1 we also have j=w V02 . Hence 1 is A-satis able. iv) case 2 -rule is applied ( = S; 2 is replaced by 1 = S 2 ; 02 ). Now  is A-satis able, so in some A-model  = (W; (R)2ACT0 ; R2 ; j=) there is a world w such that j=w S and j=w 2 . But if j=w 2 then, by de nition, for some world w1 2  such that wR2 w1 we have j=w1 02 . Moreover, by lemma 1, if j=w S then j=w1 S 2 . Hence 1 is A-satis able in w1 2 , so 1 is A-satis able. v) case  -rule is applied ( = S;  is replaced by 1 = S 2 ; S  ; 0 ). Now  is A-satis able, so in some A-model  = (W; (R)2ACT0 ; R2; j=) there is a world w such that j=w S and j=w . But if j=w  then for some world w1 2  such that wRw1 we have j=w1 0 and by lemma 1, if j=w S then j=w1 S 2 and j=w1 S  (recall R2  R; 8 2 ACT, so if wRw1 then wR2 w1). So again 1 is A-satis able in w1 2 . Hence 1 is A-satis able. There are no more cases. Hence this completes the proof. Theorem 1 (Correctness theorem for A) If A has an A-tableau proof then j=A A. Proof Suppose there is a tableau proof starting by FA that arrives at a closed tableau. If fFAg were A-satis able, we would start with an A-satis able tableau, and by lemma 2 every A-tableau we get will also be A-satis able. But this is a contradiction because a closed tableau is not A-satis able. Hence FA is not A-satis able, i.e., there is no A-model  such that = 6j w A,for some world w 2  . In  other words, for every A-model  we have j=w A, that is, j=A A. 0

00

0

0

0

6 Completeness In this section we will prove the completeness of our tableau system. We will use the method proposed in [Fit83], i.e., we will rst show consistency properties for A (section 6.1), then we will show the model existency theorem for A (section 6.2), and nally (in section 6.3) we will present the completeness proof. 6

6.1 Consistency properties for A

In this section we present the de nition of A-consistency property and we show two important lemmas.

De nition 3 [A-Consistency Property] Let CI be a collection of sets of signed formulas. CI is an A-consistency property if it meets the following conditions, for each S 2 CI : 0. S contains no atomic signed formula TA and its conjugate FA; S contains neither F > nor T ?. 1.  2 S ) S [ f1; 2 g 2 CI 2. 2 S ) S [ f 1 g 2 CI or S [ f 2 g 2 CI 3. 2 2 S ) S 2 [ f02 g 2 CI 4.  2 S ) S 2 [ S  [ f0g 2 CI 5. V 2 2 S ) S [ fV02 g 2 CI If S 2 CI we say S is CI -consistent else S is CI -inconsistent. De nition 4 Let CI be an A-consistency property and let U be a set of signed formulas. We call CI U-compatible if, for each S 2 CI and for each Z 2 U, S [ fZ g 2 CI . Lemma 3 Let CI be an A-consistency property. Let CI 0 contain all subsets of all members of CI . Then CI 0 is also an A-consistency property, extending CI and closed under subsets. Also, if CI is U-compatible, so is CI 0.

Proof We check each item of the de nition:

0. Members of CI 0 are subsets of members of CI , which do not contain S with an atomic formula and its conjugate. So CI 0 either. For the same reason CI 0 does not contain S with F > or T ?. 1. Suppose S 2 CI 0 and  2 S. Then 9T 2 CI , S  T and, since CI is an A-consistency property, T [ f1; 2 g 2 CI . But, by construction of CI 0, and the fact S [ f1; 2 g  T [ f1; 2g, we have S [ f1; 2 g 2 CI 0 . 2. Suppose S 2 CI 0 and 2 S. Then 9T 2 CI , S  T and, since CI is an A-consistency property, T [ f 1 g 2 CI or T [ f 2 g 2 CI . Again by construction of CI 0 , and the fact S [ f 1 g  T [ f 1g and S [ f 2 g  T [ f 2 g, we have S [ f 1 g 2 CI 0 or S [ f 2g 2 CI 0. 3. Suppose S 2 CI 0 and 2 2 S. Then 9T 2 CI , S  T, and then S 2  T 2 (recall de nition of S 2 in section 4). Now, since CI is an A-consistency property, T 2 [ f02 g 2 CI . Again by construction of CI 0 and the fact that S 2 [ f02 g  T 2 [ f02 g, we have S 2 [ f02 g  CI 0. 4. Suppose S 2 CI 0 and  2 S. Then 9T 2 CI , S  T and since CI is an A-consistency property, T 2 [ T  [ f02 g 2 CI . But if S  T then by the de nitions of section 4, S   T  and S 2  T 2 . Since S 2 [ S  [ f0 g  T 2 [ T  [ f0g and by the de nition of CI 0, we conclude S 2 [ S  [ f0g 2 CI 0. 5. Suppose S 2 CI 0 and V 2 2 S. Then 9T 2 CI , S  T and since CI is an A-consistency property, T [ fV02 g 2 CI . Since S  T implies S [ fV02 g  T [ fV02 g and by the de nition of CI 0, we conclude S [ fV02 g 2 CI 0. Hence CI 0 is a A-consistency property. Obviously, CI 0 extends CI and is closed under subsentences. We show the U-compatibility: Let S 2 CI 0 and Z 2 U. Now S  T 2 CI and hence T [ fZ g 2 CI (which is U-compatible). It follows that S [ fZ g  T [ fZ g 2 CI 0. This concludes the proof that CI 0 is U-compatible. 7

Lemma 4 Let CI 0 be an A-consistency property closed under subsets. Let CI 00 consist of those sets S all of whose nite subsets are in CI 0. Then CI 00 is also an A-consistency property, extending CI 0 and meeting the condition that S 2 CI 00 if and only if all nite subsets of S belong to CI 00. Also CI 00 is U compatible if CI 0 is. Proof Again, we check each item of the de nition: 0. If 9S 2 CI 00 with an atomic formula and its conjugate, then the nite set of this two formulas belongs to CI 0. This is a contradiction, since CI 0 is an A-consistency property. For the same reason, neither F > nor T ? are in S. 1. Suppose S 2 CI 00 and  2 S and, by contradiction, S [ f1 ; 2g 2= CI 00. Hence there is a nite set F1  S [ f1 ; 2 g such that F1 2= CI 0. But S 2 CI 00, then all its nite subsets are in CI 0, so F1 cannot be a subset of S alone, hence 1 or 2 or both are in F1. Now let F11 be F1 ? f1 g, F12 be F1 ? f2 g and F112 be F1 ? f1; 2 g. Thus we have: F11 is a nite set with F11  S but F11 [ f1 g 2= CI 0 or F12 is a nite set with F12  S but F12 [f2g 2= CI 0 or F112 is a nite set with F112  S but F112 [ f1; 2 g 2= CI 0 or all of them. Let F = F11 [ F12 [ F112 [ fg. then F is nite and F  S and since S 2 CI 00, F 2 CI 0. But CI 0 is an A-consistency property, and  2 F, hence F [ f1g 2 CI 0, F [ f2 g 2 CI 0, and F [ f1 ; 2 g 2 CI 0. Since CI 0 is closed under subsets F1 2 CI 0, which is a contradiction. So S [ f1 ; 2g 2 CI 00. 2. Suppose S 2 CI 00 and 2 S and, by contradiction, S [ f 1 g 2= CI 00 and S [ f 2 g 2= CI 00. Since S [ f 1 g 2= CI 00 there is a nite subset F1  S [ f 1g such that F1 2= CI 0. But S 2 CI 00 then, since all nite subsets of S are in CI 0, F1 cannot be a subset of S alone, hence 1 2 F1 . We write F11 for F1 ? f 1g. Thus F11 is a nite set and F11  S but F11 [ f 1 g 2= CI 0. Similarly, F2  S [ f 2 g, F2 nite and F2 2= CI 0. Then we write F21 for F2 ? f 2g and conclude F21 is nite, F21  S but F21 [ f 2 g 2= CI 0. Let F = F11 [ F21 [ f g. F is nite and F  S and S 2 CI 00, then F 2 CI 0 which is an A-consistency property. But 2 F, hence F [ f 1 g 2 CI 0 or F [ f 2 g 2 CI 0. But CI 0 is closed under subsets, hence F11 [ f 1 g 2 CI 0 or F21 [ f 2 g 2 CI 0. Thus we have a contradiction. Hence S [ f 1 g 2 CI 00 or S [ f 2 g 2 CI 00. 3. Suppose S 2 CI 00 and 2 2 S and, by contradiction, S 2 [ f02 g 2= CI 00. Then there is some nite set F1  S 2 [ f02 g 2= CI 0. But F1 cannot be a subset of S 2 alone, since S 2  S, and all nite subsets of S are in CI 0. So 02 2 F1. Let F10 = F1 ? f02 g. We have F10 nite, F10  S 2  S, but F10 [ f02 g 2= CI 0. Let F = F10 [ f2 g. F is nite, F  S and S 2 CI 00. So F 2 CI20 . But CI 0 is an A-consistency property, so F 2 [ f02 g 2 CI 0. By construction we have F22 = F10 , and since all elements of F10 belong to S 2 (again by construction), we have F10 = F10 . Hence F 2 = F10 . So, we have a contradiction. Hence S 2 [ f02 g 2 CI 00. 4. Suppose S 2 CI 00,  2 S and, by contradiction, S 2 [ S  [f0 g 2= CI 00. Then there is some nite set F  S 2 [ S  [ f0 g 2= CI 0 . We consider two cases depending on where f0g is in F or not: i) f0 g 2= F. Then F  S 2 [ S  , and F is nite. We construct  F = f[]B : B 2 (F \ S  )g [ (F \ S 2 ). So we have a nite  F  S, and S  CI 00. So  F 2 CI 0. But  F is nite, so  F 2 CI 00. Since fg 2 S we have a nite  F [ f g 2 CI 00, so  F [ f g 2 CI 0, and since CI 0 is an A-consistency property, we have F [ f0 g 2 CI 0. Finally, since CI 0 is closed under subsets, we conclude F 2 CI 0, which is a contradiction. So we conclude S 2 [ S  [ f0 g 2 CI 00. ii) f0 g 2 F. Then let F1 be F ? f0g. We have F1 nite, F1  S 2 [ S  , so just as in the previous case, we conclude F1 [ f0g 2 CI 0, which is a contradiction. 5. Suppose S 2 CI 00, V 2 2 S and, by contradiction, S [ fV02 g 2= CI 00. Then there is some nite set F1 2 S [ fV02 g 2= CI 0. But F1 can not be a subset of S alone, since all nite subsets of S are in CI 0. So V02 2 F1. Let F10 = F1 ? fV02 g. We have F10 nite, F10  S but F10 [fV02 g 2= CI 0. Now, let F = F10 [ fV 2 g. F is nite F  S and S 2 CI 00, so F [ fV02 g 2 CI 0. CI 0 is closed under subsets, so it follows that F10 [ fV02 g 2 CI 0 and we have a contradiction. Hence, S [ fV02 g 2 CI 00. 8

Since CI 0 is closed under subsets, if S 2 CI 0, all nite subsets of S are in CI 0, hence S 2 CI 00. Thus CI 00 extends CI 0. Suppose F is nite. If F 2 CI 00 then all nite subsets of F must be in CI 0, in particular F 2 CI 0. Conversely, if F 2 CI 0, by the previous paragraph, F 2 CI 00. Hence CI 0 and CI 00 agree on nite subsets. Now, S 2 CI 00 if and only if all nite subsets of S are in CI 0 (by de nition) if and only if all nite subsets of S are in CI 00 (by the previous paragraph). For the U-compatibility, suppose S 2 CI 00 and Z 2 U. S 2 CI 00, so all nite subsets of S belongs to CI 0 . Let F nite and F  S. F 2 CI 0 and CI 0 is U-compatible, hence F [ fZ g 2 CI 0. Hence all nite subsets of S [ fZ g belongs to CI 00 (by the previous paragraph). This concludes the proof. De nition 5 A collection CI of sets is said to be of nite character provided S 2 CI i each nite subset of S belongs to CI . Proposition 1 Any (U-compatible) A-consistency property may be extended to a (U-compatible) A-consistency property of nite character. Proof This follows immediately from lemmas 3 and 4. Proposition 2 Let CI be an A-consistency property of nite character. Each member of CI may be extended to a maximal member of CI . Proof The proof is identical as in [Fit83].

6.2 Model existence theorem for A

In this section we present the proof of the model existence theorem of A. This theorem will be used In the next section to show the completeness of A. Theorem 2 (Model existence theorem for A) Let CI be an A-consistency property. If S is CI consistent then S is A-satis able. Proof Let CI be an A-consistency property, and suppose S is CI -consistent (S 2 CI ). We show S is A-satis able. By proposition 1, CI  CI 0, where CI 0 is also an A-consistency property and is of nite character. We use CI 0 to create an A-model. Let W be the set of all maximal members of CI 0 (there are some, by proposition 2). Let ACT0 be a set of atomic actions. For v; w 2 W let vRw mean v  w and vR2 w mean v2  w. We note the following: (1) v  w ) v2  w2 and v  w. (2) v2 = v22 and v2  v. We claim (W; (R);2ACT0 ; R2 ) is a A-frame. In fact, there is no restriction on R and since v2  v, R2 is re exive. Now suppose uR2 v and vR2 w, i.e., u2  v and v2  w. Thus, by the above observation, u22  v2 . And since u2 = u22 we have u2  v2  w. Hence u2  w, i.e., uR2 w. So R2 is transitive. Hence (W; (R);2ACT ; R2) is a A-frame. Now we de ne an interpretation v in (W; (R)2ACT0 ; R2) as follows: for each w 2 W and for each propositional variable P, set  TP 2 w v(w; P) = TF ifotherwise The interpretation v determines a unique model  = (W; (R)2ACT0 ; R2 ; j=) which is an A-model. We claim: for each w 2 W and for each signed formula Z, Z 2 w implies j=w Z. We prove this by induction on the size of Z: Base step: If Z is of size 0, Z is TP or FP, where P is a variable. Then: TP 2 w ) v(w; P) = T (de nitions of v). So j=w P. FP 2 w ) TP 2= w (IC 0 is an A-consistency property so it does not contains an atomic formula and its conjugate). So v(w; P) = F (de nition of v). So j6 =w P. Induction Hypothesis (IH): Suppose Z 2 w implies j=w Z is valid for all w 2 W and all signed formulas of size less or equal than n  0. 9

Suppose now Z is of size greater than n > 0. We have several cases depending on where Z is of type ; ; 2 ; ; V 2 ; V  : i) Case Z = : then  2 w implies w [ f1; 2 g 2 CI 0 (since CI 0 is a A-consistency property). So 1; 2 2 w (since w is maximal). Hence j=w 1 and j=w 2 (IH). So j=w . ii) Case Z = : then 2 w implies (since CI 0 is a A-consistency property) w [ f 1 g 2 CI 0 or w [ f 2g 2 CI 0 . So 1 2 w or 2 2 w (since w is maximal). Hence j=w 1 or j=w 2 (IH). So j=w . iii) Case Z = 2 : then 2 2 w implies w2 [ f02 g 2 CI 0 (IC 0 is a A-consistency property). Now let w0 be a maximal extension in CI 0 of w2 [ f02 g. Then w0 2 W. Since 02 2 w0 and 02 is of lower size than 2 , by IH, j=w 02 . Since w2  w0 we have wR2 w0. So j=w 2 . iv) Case Z =  : then  2 w implies w [ w2 [f0g 2 CI 0. Now let w0 be a maximal extension in CI 0 of w [ w2 [ f0 g. Then w0 2 W. Since 0 2 w0 and 0 is of lower size than  , by IH j=w 0 . But w  w0 , so wRw0 . Hence j=w  . v) Case Z = V 2 : then V 2 2 w. Take any w0 2 W such that wR2 w0, that is, w2  w0. We claim V02 2 w0. In fact, if V 2 2 w then V 2 2 w2 , so V 2 2 w0. Since V 2 2 w0 we have w0 [fV02 g 2 CI 0 (and CI 0is an A-consistency property). But w0 is maximal in CI 0, so V02 2 w0 . Now V02 2 w0, then j=w V02 by IH. So we have 8w0 2 W such that wR2 w0; j=w V02 . Hence, j=w V 2 . vi) Case Z = V  : then V  2 w. Take any w0 2 W such that wRw0 , that is, w  w0. If V  2 w then by the de nition of w we conclude V0 2 w. So V0 2 w0 . Hence by (IH), j=w V0 . Thus we have 8w0 2 W such that wRw0 ; j=w V0 . Hence j=w V  . To nish the proof, recall we started with an A-consistency property CI and a set S 2 CI . Then S 2 CI 0. Extend S to a maximal member w of CI 0 and by the above remarks w is A-satis able, hence the subset S as well is. 0

0

0

0

0

0

Theorem 3 (Strong model existence theorem for A) Let U be a set of signed formulas and let CI be an A-consistency property that is U-compatible. If S is CI -consistent, then S is satis able at a world in some A-model  = (W; (R)2ACT0 ; R2; j=) in which the members of U hold at every possible world.

Proof In addition to the previous proof, suppose CI is U-compatible. Then so is CI 0 (if w is a maximal member of CI 0 then U  w, because Z 2 U then w [ fZ g 2 CI 0 since CI 0 is U-compatible). But w is maximal so w [ fZ g = w. Hence Z 2 w. Then j=w U for each w 2 W. This completes the proof.

6.3 Completeness theorem of A

In this section we prove the completeness theorem for A. We will need to show a lemma.

De nition 6 Suppose fZ1;


; Zng is a nite set of formulas. By an A-tableau for fZ1;


; Zn g we mean any tableau that begins:

Z1 Z2 .. . Zn and continues by applications of the ; ; V 2 ; 2 and  - rules.

De nition 7 A nite set S of signed formulas is A-consistent if no A-tableau for S closes. Lemma 5 Let CI be the collection of all A-consistent sets. CI is an A-consistency property. 10

Proof We check each item of the de nition: 0. Suppose S 2 CI . If S contains an atomic formula and its conjugate then S is a closed tableau. So S is not A-consistent, thus S 2= CI , which is a contradiction. So S does not contain a formula and its conjugate. For the same reason S does contain neither F > nor T ?. 1. Suppose S 2 CI ,  2 S and S [ f1 ; 2g 2= CI . Then there is a closed tableau of the form: S

1 2 

where  represents the tableau structure below the occurrence of 1 and 2 . But since  2 S we may begin an A-tableau proof by an application of an -rule, which results in: S

 1 2 Now we just copy the structure represented by  and we get a closed tableau for S. So S is not A-consistent, thus S 2= CI , which is a contradiction. Hence S [ f1 ; 2 g 2 CI . 2. Suppose S 2 CI , 2 S, and S [ f 1g 2= CI and S [ f 2g 2= CI . If S [ f 1 g 2= CI then there is a closed tableau of the form: S

1 1

where 1 represents the tableau structure below the occurrence of 1 . And if S [ f 2 g 2= CI then there is a closed tableau of the form: S

2 2

where 2 represents the tableau structure below the occurrence of 2 . But 2 S, so we may begin an A-tableau proof by a -rule, like this: S

1

.



&

2

and we can copy the structures 1 and 2 below the respective occurrences of 1 and 2. In this way we obtain: S

1



.

1

&

2 2

11

which is a closed tableau for S. So S is not A-consistent, thus S 2= CI , which is a contradiction. Hence S [ f 1g 2 CI or S [ f 2 g 2 CI . 3. Suppose S 2 CI , 2 2 S and S 2 [ f02 g 2= CI . Then there is a closed tableau of the form: S2 02  where  represents the tableau structure below the occurrence of 02 . Now, since 2 2 S, we may begin an A-tableau proof by a 2 -rule in S to obtain: S 2

#

S2 02 and if we copy the structure represented by  we get a closed tableau for S. Thus S is not A-consistent and so S 2= CI , which is a contradiction. Hence S 2 [ f02 g 2 CI . 4. Suppose S 2 CI ,  2 S and S 2 [ S  [ f0g 2= CI . Then there is a closed tableau of the form: S2 S 0  where  represents the tableau structure below the occurrence of 0 . Now, since  2 S, we may begin an A-tableau proof by a  -rule in S to obtain: S 

#

S2 S 0 and if we copy the structure represented by  we get a closed tableau for S. Thus S is not A-consistent and so S 2= CI , which is a contradiction. Hence S 2 [ S  [ f02 g 2 CI . 5. Suppose S 2 CI , V 2 2 S and S [ fV02 g 2= CI . Then there is a closed tableau of the form: S

V02 

where  represents the tableau structure below the occurrence of V02 . Now, since V 2 2 S, we may begin an A-tableau proof by a V 2 -rule in S to obtain: S

V2 V02 and if we copy the structure represented by  we get a closed tableau for S. Thus S is not A-consistent and so S 2= CI , which is a contradiction. Hence S [ fV02 g 2 CI . 12

This nishes the proof of the lemma.

Theorem 4 (Completeness theorem for A) Let X be a formula. If j=A X then X has an A-tableau proof. Proof Suppose A has no A-tableau proof. Then there is no closed tableau for fFAg. Hence by lemma 5, fFAg 2 CI . By the model existence theorem, fFAg is A-satis able, hence A is not valid in all A-models. This is a contradiction.

7 Conclusion

We have presented the de nition of the logic A, which is a version of Propositional Dynamic Logic (PDL) that we claim suitable for reasoning about actions and plans. This logic is an alternative to PDL in the sense that it presents an alternative to the iteration operator. It is a formal system with \almost" the same expressive power of PDL, in the sense that we are able to speak about atomic and compound actions, as well as action laws, integrity constraints, goals and the existence of plans. We have presented a tableau system for this logic in order to allow automatic deductions of facts. We have showed correctness and completeness results. We have presented open problems which are subjetc of future research.

References [Fit83] M. Fitting. Proof methods for modal and intuitionistic logics. Reidel Publishing Company, 1983. [GH95] O. Gasquet and A. Herzig. Reasoning about actions using dependence relations. Technical report, IRIT - Universite Paul Sabatier, 1995. [Har84] D. Harel. Dynamic logic. In D. Gabbay and F. Gunthner, editors, Handbook of Philosophical Logic, volume II, pages 497{604. D. Reidel Publishing Company, 1984. [MH69] J. McCarthy and P. Hayes. Some philosophical problems from the standpoint of arti cial intelligence. In B. Meltzer and D. Michie, editors, Machine Intelligence, volume 4, pages 463{502. Edinburgh University Press, 1969.

13