[15] Robinson, J.: A Machine-Oriented Logic Based on Resolution Principle. JACM (1965). 23â41. [16] Kanger, S.: Simplified proof method for elementary logic.
Evidence Algorithm and Sequent Logical Inference Search Anatoli Degtyarev, Alexander Lyaletski and Marina Morokhovets
Abstract In this paper we continue to develop the approach to automated search for theorem proofs started in Kyiv in 1960-1970s. This approach presupposes the development of deductive techniques used for the processing of mathematical texts, written in a formal first-order language, close to the natural language used in mathematical papers. We construct two logical calculi, gS and mS, satisfying the following requirements: the syntactical form of the initial problem should be preserved; the proof search should be goal-oriented; preliminary skolemization is not obligatory; equality handling should be separated from the deduction process. The calculus gS is a machine-oriented sequent-type calculus with “large-block” inference rules for first-order classical logic. The calculus mS is a further development of the calculus gS, enriched with formal analogs of the natural proof search techniques such as definition handling and application of auxiliary propositions. The results on soundness and completeness of gS and mS are given.
1
Introduction
Investigations in automated reasoning gave rise to the appearance of various computer-oriented calculi for the proof search in classical 1st-order logic. In practical applications preference is usually given to the methods based on the results of Skolem and Herbrand (for instance, resolution-type methods, Maslov’s inverse method, tableau methods, connection graph methods, etc.). The possibilities given by Gentzen-type calculi are less investigated. This happens due to higher efficiency of first-kind methods as compared to sequent-type calculi. This is mainly connected with various orders of the quantifier rule applications and formula duplications in Gentzen calculi while the first-kind methods, due to skolemization, are free from this deficiency. At the same time, the deduction process in Gentzen calculi reflects natural theorem-proving methods which, as a rule, do not include preliminary formula skolemization, so that logical inference is made within the scope of the signature of the initial theory. This feature of Gentzen calculi becomes important when the proof is found in an interactive mode since it is preferable to present the output data in the form usual for a user. This is how the problem of the efficient quantifier manipulation makes its appearance. The desire to overcome the lack of efficiency of standard Gentzen-type calculi has resulted in the appearance of the sound and complete 1st-order calculus of a-sequents [1] (denoted by S below), which uses the original notion of an admissible substitution to optimize enumaration connected with the possibilities of different orders of elimination of quantifiers (without obligatory carrying out preliminary skolemization). It has been shown later that this notion of an admissible substitution can be easily introduced into standard Gentzen calculi [2]. The S calculus was constructed to meet the following requirements: the syntactical form of an initial problem should be preserved; preliminary skolemization is not obligatory; proof search should be goal-oriented; equality handling should be separated from the deduction process. In this paper such approach to automated theorem proving is realized by means of constructing certain modifications of S, denoted by gS and mS.
1
The calculus gS is a Gentzen modification of the calculus S for classical first-order logic; the main results on gS are presented. The calculus mS is a modification of the calculus gS “enriched” with rules for application of definitions and auxiliary propositions for machine-oriented logical inference search in the environment of a self-contained mathematical text written in the so-called first-order TL-language (TL1-language).
2
Historical Notes
The calculus S was developed in the framework of the complex programme of automated theorem proving. This programme was initiated by V.M.Glushkov at the beginning of 1960s and called Algoritm Ochevidnosti (Evidence Algorithm), or AO. The exposition of the idea of AO can be found in [3]. In fact, in the frame of the programme it was proposed to conduct in parallel the following main lines of investigations: 1) construction a formalized language (languages) for writing down mathematical texts from different substantial sections of mathematics in the form which is as much as possible close to the form of natural-language mathematical publications; 2) formalization and consecutive development of the concept of machine evidence of a proof: every proof step in a formalized text has to be properly substantiated by computer with the use of formal proof search methods and mathematical facts already known to AO; 3) construction and development (by means of AO) of information base containing descriptions of mathematical concepts, their connections and properties, and having an influence on the concept of evidence of a proof step; 4) implementation of interface which enables a user to understand a proof search process and control it in an interactive mode. The first paper about the development (in Kyiv) of a procedure for theorem proof search appeared in 1966 [4]. Its further improvement resulted in construction of a machine-oriented inference search procedure for logical calculi [5]. In 1970 a new period in realization of the AO programme began. The main characteristic feature of the works held during that period was their orientation towards forming an integral mathematical text processing system as a single whole. During that period, research of language support of the system was carried out and the input language T L (Theory Language) of the system was developed [6], that was similar to the natural mathematical one and convenient, from the practical point of view, for use in manmachine systems. Also, various logical inference search methods were proposed and investigated (a machine-oriented sequent-type calculus without skolemization [1], resolution-type methods with a possibility to attach various techniques for equality handling [7], heuristic methods of proof searching based on using auxiliary propositions, or lemmas [8]). After a number of experiments with the system [9], the system was improved and extended in various directions. As a result, in 1980 the first implemented version of the system called SAD (Systema Avtomatizatsiyi Dokazatel’stv) was described in [10]. After 1980 SAD was developed in the following directions: formulation of admissible inference rules for resolution-type procedures to reduce enumaration during inference searching; development of equality handling techniques; investigation of natural theorem proving techniques and their combination with resolution procedures [11, 12]. Note, that proof search procedures of SAD could function both in automatic and interactive modes. At the beginning of 1990s, when ES computers went out of use, the experiments with SAD were curtailed. 2
In more detail, the history of investigation on AO is given in [13]. This paper reflects present efforts to attack problems in automated theorem proving in the AO-style.
3
Logical Inference Search in the AO-style
In this section, we give a formal description of the calculus gS, the main results on the calculus, and exemplify its peculiarities. As for mS, we shall restrict ourselves to the consideration of the substantial interpretation of mS, drawing the analogy to the calculus gS, and to an example of constructing the proof of a certain theorem. To make this proof transparent we comment every proof step in detail. We hope that the example will make up a good background for understanding the approach to ATP in the AO-style.
3.1
The Calculus gS
We treat here classical first-order logic in the form of the sequent calculus G given in [14]. We use the name Gal instead of G. We treat the notion of a substitution as in [15]. Any substitutional component is considered to be of the form t/x, where x is a variable and t is a term of a substitution. Let L be a literal, then ∼L denotes its complement. We use the expression L(t1 , . . . , tn ) to denote that t1 ,...,tn is a list of all the terms (possibly, with repetitions) occupying the argument places in the literal L in the order of their occurrences in L. If x, y are variables and F is a formula then F |xy denotes the result of replacing x with y. We also assume that besides usual variables there are two countable sets of special variables, namely unknown variables and fixed variables (sequences of “dummies” and “parameters” in the terminology of [16]). Note, that the basic object of gS (as of S [1]) is an a-sequent. An a-sequent may be considered as a special generalization of the standard notion of a sequent. We consider a-sequents having one object (goal) in its succedent only. An ordered triple < w, F, E > is called an ensemble iff w is a sequence (a word) of unknown and fixed variables, F is a 1st-order formula, and E is a set of pairs of terms t1 , t2 (equations of the form t1 = t2 ). An a-sequent is an expression of the form [B], < w1 , P1 , E1 >,...,< wn , Pn , En > ⇒ < w, F, E >, where < w1 , P1 , E1 >,...,< wn , Pn , En >,< w, F, E > are ensembles, [B] is a list of literals, possibly empty. Ensembles in the antecedent of an a-sequent are called premises, and an ensemble in the succedent of an a-sequent is called a goal of this a-sequent.The collection of the premises is thought as a set. So, the order of the premises is immaterial. Let W be a set of sequences of unknown and fixed variables, and s be a substitution. Put A(W, s) = {< z, t, w >: z is a variable of s, t is a term of s, w ∈ W , and z lies in w to the left of some fixed variable from t}. Then s is said to be admissible for W iff (1) the variables of s are unknown variables only, and (2) there are not elements < z1 , t1 , w1 >,...,< zn , tn , wn > in A(W, s) such that t2 /z1 ∈ s,...,tn /zn−1 ∈ s, t1 /zn ∈ s (n > 0). Decomposition of some formula F by its principal logical connective and possible interaction with Pi results in generating new a-sequents. The sets E1 ,...,En , E define the terms to be substituted for the unknown variables in order to transform every equation t1 = t2 from E1 ,...,En , E to identity t = t after applying to E1 ,...,En , E a substitution chosen in a certain way. The sets w1 ,...,wn , w serve to check whether the substitutions generated during proof searching are 3
admissible. Note, that in any a-sequent some (or all) sequences from w1 ,...,wn , w and some (or all) sets from E1 ,...,En , E may be empty. An initial a-sequent is constructed as follows. Suppose that we want to establish deducibility of a sequence P1 , . . . , Pn ⇒ F (in the terms of the calculus Gal). Then an a-sequent [ ], , . . . , ⇒ will be considered as an initial a-sequent (w.r.t. P1 , . . . , Pn ⇒ F ). During proof searching in gS an inference tree is constructed. At the beginning of a search process it consists of an initial a-sequent. The subsequent nodes of the inference tree are generated in accordance with the rules described below. Inference trees grow “from top to bottom”. 3.1.1
Goal Splitting Rules
(GS-rules). These rules are used for elimination of the principal logical connective from the formula in the goal of an a-sequent processed. Application of any rule results in generation of a new a-sequent (a-sequents) with only one goal (and, possibly, with new premises). Elimination of the propositional connectives is done according to the rules of 1st-order classical logic. It can be easily expressed in the terms of derivative rules of standard Gentzen-type calculi, and w1 ,...,wn , w, E1 ,...,En , E therewith are not changed. Essential deviation from traditional Gentzen techniques of inference search is observed in quantifier processing. This deviation reflects specific quantifier handling techniques when variables of eliminated quantifiers are replaced by unknown or fixed variables depending on an eliminated quantifier. Therewith w, but not w1 ,...,wn , E1 ,...,En , E, is changed, and new premises can be generated. In formulation of rules below, M denotes a set of premises. Propositional Rules (⇒⊃1 )-rule: [B], M ⇒< w, F ⊃ F1 , E > [B], M, < w, F, E >⇒< w, F1 , E > (⇒⊃2 )-rule: [B], M ⇒< w, F ⊃ F1 , E > [B], M, < w, ¬F1 , E >⇒< w, ¬F, E > (⇒ ∧)-rule: [B], M ⇒< w, F ∧ F1 , E > [B], M ⇒< w, F, E > [B], M ⇒< w, F1 , E > (⇒ ∨1 )-rule: [B], M ⇒< w, F ∨ F1 , E > [B], M, < w, ¬F, E >⇒< w, F1 , E > (⇒ ∨2 )-rule: [B], M ⇒< w, F ∨ F1 , E > [B], M, < w, ¬F1 , E >⇒< w, F, E > (⇒ ¬)-rule: [B], M ⇒< w, ¬F, E > [B], M ⇒< w, F ′ , E > where F ′ is the result of one-step transferring “¬” into F . Quantifier Rules (⇒ ∀)-rule: [B], M ⇒< w, ∀xF, E > [B], M ⇒< wx, F |xx , E > 4
where x is a new fixed variable. (⇒ ∃)-rule: [B], M ⇒< w, ∃xF, E > [B], M, < w, ∀x¬F, E >⇒< wx′ , F |xx′ , E > where x′ is a new unknown variable. 3.1.2
Auxiliary Goal Rules
(AG-rules). These rules are “extracted” from [1] and applied when formula F in the goal of an input (for AG) a-sequent is a literal. Applying AG-rules, we begin with some premise < wi , Pi , Ei >, s.t. the literal F from the goal of the input (for AG) a-sequent has a positive occurrence (modulo equations) in Pi . Denote this occurrence by F ′ . Then we generate asequents deterministically eliminating the principal logical connective from Pi and so on until we get the literal F ′ . Such series of eliminations of connectives in premises done deterministically can be viewed as an application of a “large-block” inference rule. (The phrase “modulo equations” means informally that the occurrence F ′ extracted from Pi can be transformed into F by replacing simultaneously terms occupying the argument places in F ′ with some terms from F . Below the phrase “modulo equations” will be often omitted.) As for elimination of principal logical connectives in premises, the remarks referring to the GS-rules are true excluding, naturally, remarks on w1 ,...,wn , w, E1 ,...,En , E. An application of a AG-rule results in generation of m (m > 0) a-sequents with new goals and, possibly, some new (w.r.t. an input for AG a-sequent) premises. Let us introduce inductively a notion of a positive (negative) occurrence of a literal L in a formula F (denoted by F ⌊L+ ⌋ and F ⌊L− ⌋, respectively) modulo equations in a rigorous way: (I) suppose that a literal F (∼ F ) can be obtained from L(t1 , . . . , tn ) by means of replacing t1 ,...,tn with some terms t′1 ,...,t′n . Then L is said to have a positive (negative) occurrence in F modulo the equations t1 = t′1 ,...,tn = t′n ; (II.1) if F ⌊L+ ⌋ (F ⌊L− ⌋) modulo the equations t1 = t′1 ,...,tn = t′n and F1 is a formula then L has a positive (negative) occurrence (modulo the equations t1 = t′1 ,...,tn = t′n ) in the following formulas: F ∧ F1 , F1 ∧ F , F ∨ F1 , F1 ∨ F , F1 ⊃ F , ∀xF , ∃xF ; (II.2) if F ⌊L+ ⌋ (F ⌊L− ⌋) modulo the equations t1 = t′1 ,...,tn = t′n and F1 is a formula then L has a negative (positive) occurrence (modulo the equations t1 = t′1 ,...,tn = t′n ) in the following formulas: F ⊃ F1 , ¬F ; (III) there are no other cases of positive (negative) occurrences of L in F .
Propositional Rules
5
(⊃1 ⇒)-rule: [B], < w, F ⌊L− ⌋ ⊃ F1 , E ′ >, M ⇒< w′ , L, E > [B], < w, (¬F )⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > [B, ∼ L], M ⇒< w, ¬F1 , E ′ > (⊃2 ⇒)-rule: [B], < w, F ⊃ F1 ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > [B], < w, F1 ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > [B, ∼ L], M ⇒< w, F, E ′ > (∨1 ⇒)-rule: [B], < w, F ∨ F1 ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > [B], < w, F1 ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > [B, ∼ L], M ⇒< w, ¬F, E ′ > (∨2 ⇒)-rule: [B], < w, F ⌊L+ ⌋ ∨ F1 , E ′ >, M ⇒< w′ , L, E > [B], < w, F ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > [B, ∼ L], M ⇒< w, ¬F1 , E ′ > (∧1 ⇒)-rule: [B], < w, F ⌊L+ ⌋ ∧ F1 , E ′ >, M ⇒< w′ , L, E > [B], < w, F ⌊L+ ⌋, E ′ >, < w, F1 , E ′ >, M ⇒< w′ , L, E > (∧2 ⇒)-rule: [B], < w, F ∧ F1 ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > [B], < w, F, E ′ >, < w, F1 ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > (¬ ⇒)-rule: [B], < w, ¬(F ⌊L− ⌋), E ′ >, M ⇒< w′ , L, E > [B], < w, F ′ ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > where F ′ is the result of one-step transferring “¬” into F . Termination Rules (⇒ ♯1 )-rule: [B], < w, L(t1 , . . . , tn ), E ′ >, M ⇒< w′ , L(t′1 , . . . , t′n ), E > M ⇒< w, ♯, E ′′ > (Here E ′′ = E ′ ∪ E ∪ {t1 = t′1 , . . . , tn = t′n }; L(t1 , . . . , tn ), L(t′1 , . . . , t′n ) are literals.) (⇒ ♯2 )-rule: [B1 , L(t1 , . . . , tn ), B2 ], M ⇒< w′ , L(t′1 , . . . , t′n ), E > [B1 , L(t1 , . . . , tn ), B2 ], M ⇒< w′ , ♯, E ′ > (Here E ′ = E ∪ {t1 = t′1 , . . . , tn = t′n }; L(t1 , . . . , tn ), L(t′1 , . . . , t′n ) are literals.) Quantifier Rules (∀ ⇒)-rule: [B], < w, ∀x(F ⌊L+ ⌋), E ′ >, M ⇒< w′ , L, E > [B], < wx′ , F |xx′ ⌊L+ ⌋, E ′ >, < w, ∀xF, E ′ >, M ⇒< w′ , L, E > where x′ is a new unknown variable. (∃ ⇒)-rule: [B], < w, ∃x(F ⌊L+ ⌋), E ′ >, M ⇒< w′ , L, E > [B], < wx, F |xx ⌊L+ ⌋, E ′ >, M ⇒< w′ , L, E > where x is a new fixed variable. 6
3.1.3
Premise Addition Rule
(PA-rule). This rule affects the whole proof search tree. After every application of (∀ ⇒)-rule ((∃ ⇒)-rule) the new premise < wx′ , F |xx′ ⌊L+ ⌋, E ′ > (< wx, F |xx ⌊L+ ⌋, E ′ >) is added to antecedents of all a-sequents containing the premise < w, ∀x(F ⌊L+ ⌋), E ′ > (< w, ∃x(F ⌊L+ ⌋), E ′ >) through the current tree. 3.1.4
Axioms.
Axioms are a-sequents of the form [B], M ⇒< w, ♯, E >, where ♯ denotes an empty formula. Applying the rules “from top to bottom” to an input a-sequent and afterwards to its “heirs”, and so on, we finally obtain an inference tree. An inference tree T r is called a proof tree for an input a-sequent (in gS) if and only if (1) every leaf of T r is an axiom; (2) there exists the most general simultaneous unifier (mgsu) s of all sets of equations from T r; (3) s is admissible for the set of all sequences of fixed and unknown variables from T r. The formulation of the calculus gS shows that the order of quantifier rule applications is immaterial, i.e. it does not influence the final result. In the calculus gS, the quantifier rules are needed to determine a quantifier structure of formulas from an input sequent P1 ,...,Pn ⇒ F . Also, note that generating the most general simultaneous unifier and checking the admissibility of the mgsu can be done in arbitrary moment of constructing an inference tree (in particular, this moment can be determined by a user). 3.1.5
Main Results on gS.
Below we give main results on gS. Remember that we consider 1st-order classical logic in a sequent form. Theorem 1 (soundness and completeness of gS) Let F1 ,...,Fn ⇒ F be a sequent (with its usual meaning) and the set {F1 , . . . , Fn } be consistent. The sequent F1 ,...,Fn ⇒ F is deducible in the calculus Gal if and only if there exists a proof tree for the input a-sequent [ ],,...,< , Fn , >⇒ in gS. A Proof Scheme. It can be shown that having a proof tree T r in gS it is possible to construct a proof tree T r′ in the calculus mG [2] and vice versa. In [2], it is shown (using some results from [17]) that T r′ can be transformed into a proof tree in Gal and vice versa. Corollary 2 A formula F is valid if and only if there exists a proof tree for the input a-sequent [ ] ⇒ in the calculus gS. 3.1.6
An Example on gS.
A simple example given below demonstrates the peculiarities of quantifier handling in the calculus gS and proof tree generation techniques. Suppose, we would like to establish the deducibility of the following sequent in the calculus Gal: ∀y1 ∃z1 ∀x1 (F1 ∨ F2 ) ⇒ ∀x2 ∃y2 F , where F1 is R(f (z1 , y1 ), x1 ), F2 is R(f (z1 , x1 ), x1 ), and F is R(y2 , f (x2 , c)) (R is a predicate symbol, f is a functional symbol, c is a constant symbol). To follow a proof search process, Figure 1 is given. The corresponding initial a-sequent in the calculus gS is: (1) [ ],⇒ Applying subsequently to (1) the rules (⇒ ∀) and (⇒ ∃) we obtain: (2) [ ], , P ⇒< x2 y2′ , F ′ , >, where P is < x2 , ∀y2 ¬R(y2 , f (x2 , c)), > and F ′ is R(y2′ , f (x2 , c)). There is a positive occurrence 7
(1) (⇒ ∀),(⇒ ∃) (2) (∀ ⇒),(∃ ⇒),(∀ ⇒) (3) (∨1 ⇒) � �
(3.1) (⇒ ♯1 ) (3.1.1)
�Z
Z Z
(3.2) (⇒ ♯2 ) (3.2.1)
Figure 1: The proof tree constructed in gS of F ′ into F2 (F2 ⌊F ′+ ⌋), so AG-rules, namely, (∀ ⇒), (∃ ⇒), (∀ ⇒), are applicable to (2). As a result, we have: (3) [ ],< y1′ z 1 x′1 , F1′ ∨ F2′ ⌊F ′+ ⌋, >, P1 , P2 , P ⇒< x2 y2′ , F ′ , >, where F1′ is R(f (z 1 , y1′ ), x′1 ), F2′ is R(f (z 1 , x′1 ), x′1 ), P1 is , and P2 is < y1′ z 1 , ∀x1 (F1′′ ∨ F2′′ ), >, with R(f (z 1 , y1′ ), x1 ) for F1′′ and R(f (z 1 , x1 ), x1 ) for F2′′ . ¿From (3) by (∨1 ⇒), we obtain two a-sequents: (3.1) [ ],< y1′ z 1 x′1 , F2′ ⌊F ′+ ⌋, >, P1 , P2 , P ⇒< x2 y2′ , F ′ , > (3.2) [¬F ′ ], P1 , P2 , P ⇒< y1′ z 1 x′1 , ¬F1′ , >. Note, that 1) GS-rules are applied until the formula in the succedent of the a-sequent is a literal; 2) AG-rules are applied “to shell” a positive occurrence of the goal in the antecedent. So, transition from the a-sequent (1) to the a-sequent (2) and, then, from the a-sequent (2) to the a-sequents (3.1) and (3.2) can be thought as the results of application of two “large-block” inference rules. Moreover, these transitions are strongly directed by the goal formula. As F2′ is R(f (z 1 , x′1 ), x′1 ) and F ′ is R(y2′ , f (x2 , c)), so (⇒ ♯1 )-rule is applicable to (3.1) yielding (3.1.1) [ ],P1 , P2 , P ⇒< y1′ z 1 x′1 , ♯, E1 >, where E1 = {y2′ = f (z 1 , x′1 ), f (x2 , c) = x′1 }. As F1′ is R(f (z 1 , y1′ ), x′1 ) so (⇒ ♯2 )-rule is applicable to (3.2), and the result is (3.2.1) [¬F ′ ], P1 , P2 , P ⇒< y1′ z 1 x′1 , ♯, E2 >, where E2 = {y2′ = f (z 1 , x′1 ), f (x2 , c) = x′1 }. We have obtained the tree T r in which every leaf has an a-sequent with the empty formula in a goal. The set E1 ∪ E2 is unifiable with mgsu σ = {f (x2 , c)/x′1 , f (z 1 , f (x2 , c))/y2′ , f (x2 , c)/y1′ }. For the tree T r, we have the following set W of all sequences of fixed and unknown variables: W = {x2 , x2 y2′ , y1′ , y1′ z 1 , y1′ z 1 x′1 }. So, A(W, σ) = {< y1′ , f (z 1 , f (x2 , c)), y1′ z 1 >, < / σ, so σ is admissible for W . Then T r is a y1′ , f (z 1 , f (x2 , c)), y1′ z 1 x′1 >}. As f (z 1 , f (x2 , c))/y1′ ∈ proof tree, and by proposition 1 the initial sequent is deducible in Gal. Note 3 If we would take ∃y2 ∀x2 F as a goal formula in the initial sequent, then “repeating” construction of T r we would obtain the “copy” T r′ of T r with the same mgsu σ and with the following set W ′ of all sequences of fixed and unknown variables: W ′ = {y2′ , y2′ x2 , y1′ , y1′ z 1 , y1′ z 1 x′1 }. For W ′ and σ, we have: A(W ′ , σ) = {< y1′ , f (z 1 , f (x2 , c)), y1′ z 1 >, < y1′ , f (z 1 , f (x2 , c)), y1′ z 1 x′1 >, < y2′ , f (z 1 , f (x2 , c)), y2′ x2 >}. As f (z 1 , f (x2 , c))/y2′ ∈ σ, so σ is not admissible for W ′ , and then T r′ is not a proof tree in gS. If we choose other positive occurrences of F in premises, we shall obtain the same result. (Note, that special techniques for checking the admissibility of substitutions have been proposed in [2].) 8
Remark 4 This example illustrates that both (⇒ ♯1 )-rule and (⇒ ♯2 )-rule are substantive for gS completeness. Really, if we refuse from any of the rules, we shall not get a proof tree. Remark 5 There is no application of PA-rule in the above example. However, it is not difficult to see, that PA-rule is necessary to prove the following sequent: ∃xR(x) ⇒ ∃y(R(y) ∧ R(y)).
3.2
A Brief Description of mS
The calculus mS permits to present an initial problem as a text in a certain 1st-order formal language containing definitions and auxiliary propositions, and to use analogs of such natural theorem proving techniques as application of definitions and auxiliary propositions. The peculiarity of mS is that needed definitions and auxiliary propositions are extracted from a selfcontained mathematical text written in the formal language T L [6] approximated to languages of usual mathematical papers. A self-contained mathematical text is a text that, in addition to a proposition to be proved, also includes assumptions, propositions, and definitions that can be used when the proof of a given assertion (theorem) is searching. Processing a self-contained mathematical text for the purpose of proving a given theorem is divided into two parts: 1. Translating an original T L-text into so-called 1st-order T L-text (T L1-text). T L1-sentences, on the one hand, are analogs of 1st-order logic formulas, and, on the other hand, preserve the signature of an original T L-text, its syntax and structure (i.e. partitioning into definition sections, auxiliary proposition sections and theorem to be proved). Notice, that translation of a T L-text (which satisfies certain restrictions) into a T L1-text can be done automatically (see, for example, [18]). A T L1-text is a source for the inference search procedure in the calculus mS. Note, that to use an inference search procedure in the calculus gS a T L1-text should be translated into a set of 1st-order formulas. 2. Searching for a proof in the calculus mS. After the text has been written in T L-language and converted into a T L1-text, a theorem proof search is carried out using the inference rules of mS. The assertion T to be proved is represented as a substantive T L1-section “theorem”, in which conditions and a conclusion are separated, and an initial a-sequent (with respect to T) is constructed with the conditions and conclusion in its antecedent and succedent, respectively. (The remaining part of the T L1-text is given as the set of definitions and auxiliary propositions.) The basic object of mS (as of gS) is an a-sequent. As in gS, an a-sequent of mS is an expression of the form [B], < w1 , P1 , E1 >, . . . , < wn , Pn , En > ⇒ < w, F, E >, where w1 ,...,wn , w, E1 ,...,En , E, B are the same as in gS-sequents, but P1 ,...,Pn , F are T L1-sentences. As T L1-sentences can be viewed as first-order formulas, GS-rules, AG-rules, and PA-rule are extended to mS-sequents in obvious way. In this connection, we omit the formulation of the rules here and use the same names for these rules in mS. Structuring T L1-texts according to substantive sections (i.e. definitions, propositions, etc.) enables introducing in mS the definition application rule (DA) and auxiliary proposition rule (AP) in a natural way. These rules can be viewed as specific variants of AG. A definition or auxiliary proposition being a substantive section of a T L1-text is treated as a premise for the goal under consideration. As in the case with AG, the DA and AP rules can be applied depending on the existence in the premise of a positive occurrence (modulo equations) of the T L1-sentence from the goal of an input (for DA or AP) a-sequent. DA and AP represent analogs of natural theorem-proving techniques for application of definitions and auxiliary propositions. 9
As in gS, during proof search in mS an inference tree T r is being constructed (w.r.t. the theorem T to be proved and “environmental” T L1-text T xt). The a-sequent in the root of T r is uniquely defined by T . A notion of a proof tree in mS has the same meaning as in gS. In any moment during inference search, it is possible to test whether a current inference tree can be transformed into a proof tree. When construction of a proof tree is made in an interactive mode, a user may initiate this test. Remark 6 Let T r be a current inference tree, s be an admissible substitution for T r (in the sense of [1, 2]). Let T r ∗ s denotes a result of application of s to every T L1-sentence from a-sequents occurring in T r. It is possible to search for a proof in mS in such a way that enables to continue a proof search with T r ∗ s, when T r is not a proof tree, and then backtrack if necessary. The example given below is exactly the case of using a search technique of this type, with an admissible substitution generated after every AG, or DA, or AP application. 3.2.1
Main Results on mS.
It was noted above that any T L1-sentence can be treated as an analog of some 1st-order classical logic formula. It enables constructing formula patterns of such units of a T L1-text as the theorem to be proved, a definition, an auxiliary proposition and to treat a self-contained T L1text as a set of 1st-order formulas. So, it is possible to understand unambiguosly the terms “T L1text consistency”, “logical consequence of a theorem from a given T L1-text”, and “validity” (of the theorem to be proved) without special defining the semantics of the T L1-language. With this in mind, we state main results about mS as follows. Proposition 7 (soundness and completeness of mS) T L1-theorem T is a logical consequence of a consistent T L1-text T xt if and only if a proof tree w.r.t. T and T xt can be constructed in mS. A Proof Scheme. As T L1-sentences can be viewed as analogs of first-order formulas, and DA and AP are special variants of AG, so Proposition 1 guarantees validity of Proposition 7. Corollary 8 A T L1-theorem T is valid if and only if a proof tree w.r.t. T only can be constructed in mS. We note, as a side-result, that rather rich collection of rules in mS enables to construct various proof search strategies which model proofs from usual mathematical texts, and, by maintaining the interactive mode of proof search, to allow a user to influence a proof process actively. If such a strategy (with or without the participation of a human) ensures an exhaustive search, then Proposition 7 and corollary 8 guarantee the soundness and completeness of the strategy. 3.2.2
An Example on mS.
As we present below a proof (but not a proof search), we use a standard Gentzen notation for sequents instead of the a-sequent notation, “hiding” equation handling and variable sequence processing into comments. Below, we regard a sequent to be proved if it is of the form: [B], P1 , . . . , Pi−1 , F,Pi+1 , . . . ,Pn ⇒ F , because it is obvious that subsequent AG-rule application transforms this sequent into the axiom. Let us consider the proof of the following assertion: “If M is a subset of any set then M is empty”. We treat this assertion as a part of the self-contained mathematical T L-text. Note that we use English version of T L and T L1 to which [19] is dedicated. The corresponding T L-text is as follows. 10
1 DA, Def. 2
!!
!aa !! a
aa
1.1
1.2
GS 1.1.1 GS 1.1.1.1 DA, Def. 1 ""
1.1.1.1.1 DA, Def. 2 �� �
�H
1.1.1.1.1.1. AP, Prop. 2
"
1.1.1.1.2
HH H
`` ` "b b ``` `` bb `` `
1.1.1.1.3
1.1.1.1.4
1.1.1.1.3’ AP, Prop. 1
1.1.1.1.1.2
1.1.1.1.3’.1
1.1.1.1.1.1.1 Figure 2: The proof tree constructed in mS The T L-text “Sets”. Definition 1. Let X be a set. Let Y be a set. Y is a subset of X IFF any element of Y is an element of X. Definition 2. Let Z be a set. Z is empty IFF it is not true that there exists an element of Z. Proposition 1. Any subset of any set is a set. Proposition 2. There exists the empty set. Theorem. If M is a subset of any set then M is empty. As a result of the syntactical transformation of the above T L-text, we get the following T L1-text. The T L1-text “Sets”. Definition 1. Let X be a set. Let Y be a set. Y is a subset of X IFF for any e it is true that if e is an element of Y then e is an element of X. Definition 2. Let Z be a set. Z is empty IFF it is not true that there exists e such that e is an element of Z. Proposition 1. For any X, Y it is true that if Y is a set and X is a subset of Y then X is a set. Proposition 2. There exists u such that u is empty and u is a set. Theorem. Let for any X it is true that if X is a set then M is a subset of X. Then M is empty. Note, that both in T L1-text and in the proof given below usual names for mathematical notions are preserved. It is suitable for a user while searching for a proof in an interactive mode. To make a proof search process more transparent, the proof tree constructed in mS is shown in Figure 2. P roof . The following initial sequent corresponds to the theorem: For any X it is true that if X is a set then M is a subset of X ⇒ M is empty, 11
where M is a fixed variable. Denote the formula in the antecedent of this sequent by Π. Then we have: 1. Π ⇒ M is empty. First of all, AG is to be tried. It is not applicable in this case, because there are no occurrences of the goal in the premises. GS-rules are not applicable, too, as the current goal does not include logical connectives. The rule DA is applied to the goal. Note, that when DA is applied, a definition is copied and then those variables which belong to the copy are renamed. In the text below, each renamed variable has a superscript which is equal to the number of a particular definition. In this case DA is applicable to Definition 2. As a result, we have: 1.1. Π ⇒ it is not true that there exists e such that e is an element of M . 1.2. Π ⇒ M is a set. So, inferencing the sequent 1 reduces to inferencing the sequents 1.1 and 1.2. Consider 1.1. Applying GS, we obtain: 1.1.1. Π ⇒ for any e it is true that (it is not true that e is an element of M ). 1.1.1.1. Π ⇒ it is not true that e is an element of M . Here e is a fixed variable; it cannot be substituted by terms. Now 1.1.1.1 is a current sequent. As there are no occurrences of the current goal in the premise, DA is applied to Definition 1: 1.1.1.1.1. Π ⇒ it is not true that e is an element of X11 . 1.1.1.1.2. Π ⇒ M is a subset of X11 . 1.1.1.1.3. Π ⇒ M is a set. 1.1.1.1.4. Π ⇒ X11 is a set. X11 is a new unknown variable; it can be replaced by terms. Note that Definition 2 is also applicable to 1.1.1.1. However, as we demonstrate the proof, and not the protocol of proof search, so we show only “successful” steps. Choose 1.1.1.1.1 to process. There are no occurrences of the goal in the premise. The rule DA is applicable to Definition 2. The application with appropriate substitution {Z12 /X11 } results in two sequents: 1.1.1.1.1.1. Π ⇒ Z12 is empty. 1.1.1.1.1.2. Π ⇒ Z12 is a set. Here Z12 is an unknown variable. One more point needs to be made. A unifier produced when a particular inference rule is applied to the current goal should be used in every node of the inference tree. Both Definition 2 and Proposition 2 are applicable to 1.1.1.1.1.1. We choose to apply Proposition 2. As a result, the set of premises for the current goal is extended and the substitution {u/Z12 } is generated. New premises can be added to the antecedent of any sequent in the inference tree and can participate in further inference steps. Then we have: 1.1.1.1.1.1.1. Π, u is empty, u is a set ⇒ u is empty. As there is an occurrence of the current goal in the premises, so this goal is proven. The sequent 1.1.1.1.1.2 is now of the form: Π, u is empty, u is a set ⇒ Z12 is a set. There is an occurrence of the goal in the premises (the corresponding unifier is u/Z12 ). So, the goal “Z12 is a set” is also proven. The next sequent is 1.1.1.1.2. It is provable, because there is an occurrence of its goal in the premises (the corresponding substitution is X11 /X10 , where X10 ia a new variable which substitutes X in Π when searching for an occurrence of the goal of the sequent in Π). Consider sequent 1.1.1.1.3 taking into account the additional premises: 1.1.1.1.3’. Π, u is a set, u is empty ⇒ M is a set. There are no occurrences of the current goal in the premises. The rule AP is applicable to Proposition 1. Notice that the assumptions of Proposition 1 are true under the premises of the current sequent. It is particularly transparent if Π is transformed into “M is a subset of set X”, and the premise of Proposition 1 is transformed into “X is a subset of set Y ”. (Note that, in general, representation of assumptions of propositions and premises of sequents in such 12
a form makes a part of a proof environment along with definitions and auxiliary propositions.) In that way, we obtain: 1.1.1.1.3’.1. Π, u is a set, u is empty, M is a set ⇒ M is a set. So, the goal “M is a set” is proven. Then the sequents 1.1.1.1.3 and 1.2 are proven, too. In respect that the additional premises have been introduced and the substitution has been generated, the sequent 1.1.1.1.4 is now of the form: Π, u is empty, u is a set ⇒ u is a set. Now, AG is applicable. The sequent is proven. There is not any more sequents to prove. So, the initial theorem is proven.
4
Related Work
In this paper we mainly focused on theorem proving in the AO-style but the AO programme also concerns issues other than theorem proving. By now, a lot of various ATP systems have been developed (see, for example, [20]). They differ in the types of calculi underlying inference search procedures, search methods used, ranges of problems tackled. Of course, historical relationship between AO and the other systems which are well-known in the world and the relationship between the calculi presented here and the systems in use today are worth of special discussion. But here we would like to mention some of the works (both projects and functioning systems) which are mostly congenial to the ideas underlying the AO programme, i.e. those supporting an integrated environment for “doing mathematics” and concerning the following issues: - source data language is rich enough to support communication with a user in the terms of a given application domain; - different computer mathematical tools, such as theorem provers, computer algebra systems, numerical computation procedures, proof editors, etc., are integrated to assist in solving mathematical problems; - a base of mathematical knowledge is used during problem solving, and it evolves and increases as new knowledge is obtained; - problem solving can be done in an interactive mode, enabling a user to influence search processes. The system MIZAR [21] is oriented to theorem proof checking within a mathematical environment. Its input data language is closer syntactically to the usual mathematical one than a first-order logic language. The system THEOREMA [22] is being built as an integrate environment for solving mathematical problems. So, the issues of interaction between a user and the system, enriching an input data language, the development of natural-like proof search procedures, natural language formulation of proofs are dealt with as the system progresses. The system OMEGA [23] supports theorem proving in mathematics and mathematical education in which different units for “doing mathematics”, namely deductive procedures, both well-known general-purpose theorem provers and specialized reasoners, and a computer algebra system are integrated. It provides a structured knowledge base of mathematical theories and supports theorem proving as a human-oriented interactive process. The system ISABELLE [24] is an environment for interactive theorem proving. It contains a mathematical knowledge base: a library of concrete mathematics and various packages for advanced mathematical concepts. It also attempts to support the kind of proving usual for mathematicians by reasoning “in the terms” of a given application domain. As the final goal of the QED project [25] is computer supported integration of existing mathematical knowledge, the problems of adequate representation of mathematical data, par13
ticularly, of the development of appropriate languages for mathematical theories description, and efficient mathematical theorem validation techniques arise.
5
Conclusion
Nowadays, there is observed a tendency of integration of various systems for representing and processing mathematical knowledge. Taking this fact into consideration, the authors hope that this paper and some theses on the AO programme can be helpful in attacking such problems as distributed automated theorem proving, checking self-contained mathematical texts for correctness, remote training in mathematical disciplines, extracting knowledge from mathematical papers, and constructing data bases for mathematical theories.
6
Acknowledgements
This research was supported by projects INTAS 96-0760 and INTAS-RFBR 95-0095, and the EPSRS grant GR/M46631 given to the first author. The authors thank all the participants of these projects. The authors would also like to thank anonymous referees whose comments and useful remarks made it possible to improve the quality of this paper.
References [1] Degtyarev, A., Lyaletski, A.: Logical inference in SAD (In Russian). In: Kapitonova, Yu. (ed.): Matematicheskie osnovy sistem iskusstvennogo intellekta. Institute of Cybernetics, Kiev (1981) 3–11 [2] Lyaletski, A.: Gentzen calculi and admissible substitutions. In: Actes preliminaries, du Simposium Franco-Sovetique “Informatika-91”. Grenoble, France (1991) 99–111 [3] Glushkov, V.: Some problems of automata theory and artificial intelligence (in Russian). Kibernetika 2 (1970) 3–13 [4] Anufriyev, F., Fediurko, V., Letichevski, A., Asel’derov, Z., Didukh I.: On one algorithm of theorem proof search in Group Theory (in Russian). Kibernetika 1 (1966) 23–29 [5] Anufriyev, F.: An algorithm of theorem proof search in logical calculi (in Russian). In: Teoriya avtomatov 5. Institute of Cybernetics, Kiev (1969) 3–26 [6] Glushkov, V, Vershinin, K., Kapitonova, Yu., Letichevski, A., Malevanniy, N., Kostyrko, V.: On a formal language for description of mathematical texts (in Russian). In: Avtomatizatsiya poiska dokazatel’stv teorem v matematike. Institute of Cybernetics, Kiev (1974) 3–36 [7] Degtyarev, A.: The strategy of monotone paramodulation (in Russian). In: Proc.of 5th All Soviet Union conf.on mathematical logic. Novosibirsk (1979) 39 [8] Atayan, V., Vershinin, K.: On formalization of some inference search methods (in Russian). In: Avtomatizatsiya obrabotki matematicheskikh tekstov. Institute of Cybernetics, Kiev (1980) 36–52
14
[9] Kapitonova, Yu., Vershinin, K., Degtyarev, A., Zhezherun, A., Lyaletski, A.: On a system for mathematical texts processing (in Russian). Kibernetika 2 (1979) 48 [10] Glushkov, V.: The System for Proving Automation (in Russian). In: Avtomatizatsiya obrabotki matematicheskikh tekstov. Institute of Cybernetics, Kiev (1980) 3–30 [11] Degtyarev, A.: Equality handling techniques in theories with a full set of reductions (in Russian). In: Matematicheskoye obespecheniye sistem logicheskogo vyvoda i deduktivnych postroyeniy na EVM. Institute of Cybernetics, Kiev (1983) 42–55 [12] Atayan, V., Morokhovets, M.: Combining formal derivation search procedures and natural theorem proving techniques in an automated theorem proving system. Cybernetics and System Analysis 32 (1996) 442–465 [13] Degtyarev, A., Kapitonova, Yu., Letichevski, A., Lyaletski, A., Morokhovets, M.: A brief historical sketch on Kiev school of automated theorem proving. In: Buchberger, B., Jebelean, T. (eds.): Proc. Second International THEOREMA Workshop. RISC, Linz, Austria (1998) 151–155 [14] Gallier, J. : Logic for computer science: foundations of Automatic Theorem Proving. Harper and Row, Inc. New York (1986) 513 p. [15] Robinson, J.: A Machine-Oriented Logic Based on Resolution Principle. JACM (1965) 23–41 [16] Kanger, S.: Simplified proof method for elementary logic. In: Comp. Program. and Form. Sys.: Stud. in Logic. Amsterdam, North-Holland, Publ. Co. (1963) 87–93 [17] Lyaletski, A.V.: Variant of Herbrand Theorem for Formulas in Prefix Form (in Russian). Kibernetika 1 (1981) 112–116 [18] Atayan, V., Vershinin, K., Zhezherun, A.: On structural processing of mathematical texts (in Russian). In: Raspoznavaniye obrazov. Institute of Cybernetics, Kiev (1978) 43–54 [19] Morokhovets, M., Luzhnykh, A.: Representing mathematical texts in a formalized naturallike language. In: Buchberger, B., Jebelean, T. (eds.): Proc. Second International THEOREMA Workshop. RISC, Linz, Austria (1998) 157–160 [20] http://www-formal.stanford.edu/clt/ARS/systems.html [21] http://mizar.uw.bialostok.pl/ [22] Buchberger, B., Jebelean, T., Kriftner, F., Marin, M., Tomuta, E., Vasaru, D.: A survey of the Theorema project. In: Kuechlin, W. (ed.): Proc. ISSAC’97, Maui, Hawaii (1997) 384–391 [23] http://www.ags.uni-sb.de/projects/deduktion/projects/omega/ [24] http://www.cl.cam.ac.uk/Research/HVG/Isabelle/ [25] http://www.Cybercom.net/~rbjones/rbjpub/logic/qedres00.htm
15
