School of Computer Science Partiality without the Cost - University of

THE UNIVERSITY OF BIRMINGHAM

Edgbaston, Birmingham B15 2TT, England URL: http://www.cs.bham.ac.uk/

School of Computer Science

Partiality without the Cost Manfred Kerber and Michael Kohlhase Published as: CADE-13 Workshop on Mechanization of Partial Functions, New Brunswick, New Jersey, USA, 30.7.1996, p.65{76

Partiality without the Cost Manfred Kerber1 and Michael Kohlhase2? 1

The University of Birmingham, School of Computer Science Birmingham, B15 2TT, England e-mail: [email protected] WWW: http://www.cs.bham.ac.uk/~mmk 2 Universitat des Saarlandes, FB Informatik D-66041 Saarbrucken, Germany e-mail: [email protected] WWW: http://jswww.cs.uni-sb.de/~kohlhase

Abstract. Even though it is not very often admitted, partial functions

do play a signi cant role in many practical applications of deduction systems. Kleene has already given a semantic account of partial functions using a three-valued logic decades ago, but there has not been a satisfactory mechanisation. Based on this, we have developed resolution and tableau calculi for automated theorem proving. The three-valued approach is more restrictive and allows rejecting certain unwanted formulae as faulty, which the simpler two-valued accept. It is commonly assumed that this ner analysis has to be payed for by greater computational complexity of proof search. However, for a large class of theorems that hold with respect to Kleene logic, the proofs can be transformed into classical ones and vice versa conserving the structure and size of the proof. Another main objective against a three-valued approach are the costs to implement a corresponding theorem prover. We show, that it is possible to enhance a two-valued theorem prover by a simple strategy so that it can be used to generate proofs for the theorems of the three-valued setting. 1

Introduction

Many practical applications of deduction systems in mathematics and computer science rely on the correct and ecient treatment of partial functions. For this purpose dierent approaches | ranging from workarounds for concrete situations to a proper general treatment | have been developed. For an overview, we will introduce the main approaches and exemplify their advantages and disadvantages by some trivial examples from arithmetic. For a more detailed discussion of the dierent approaches compare [Far90]. There are essentially four approaches of treating partiality. First, these expressions can syntactically be excluded. Second, it is possible to disregard or bypass partiality. In the third and fourth, partiality is taken serious and this is ?

This work was supported by the Deutsche Forschungsgemeinschaft (SFB 378, B1)

re ected in the semantics and the calculus. While the third considers unde ned terms only, but atomic formulae are evaluated either to false or true, in the fourth, atomic formulae can be unde ned too, that is, be evaluated to a third truth value unde ned. In the rst approach terms like 1=0 are syntactically excluded, for instance by using a sorted logic. In the second approach a value is assigned to 1=0, either a xed value (e.g. 0) or an undetermined one. In both cases it is necessary to tolerate undesired theorems, in the rst case, for instance, 1=0 = 0, or in the second case from 0
x = 0 the instance 0
1=0 = 0. This approach is not satisfying, if such theorems are unwanted, which is normally the case in mathematics. The third approach treats terms of the form 1=0 as unde ned and all atomic formulae containing such a meaningless term are evaluated to false. This has the advantage that partial functions can be handled within the classical twovalued framework. However, the serious drawback is that the results of these logic systems can be unintuitive to the working mathematician. For instance in elementary arithmetic the following sentence

8x; y; z z = xy ) x = y  z is a theorem of such systems since the scope is true for the case y 6= 0 and for the case y = 0, the formula z = x=0 obtains the truth value which in turn makes the implication true, too. However, it is mathematical consensus that the equation should only hold provided that y is not 0. In the fourth approach, which has, in particular, been investigated by Kleene in [Kle52], this is not a theorem. In this approach atomic formulae containing meaningless terms are evaluated to unde ned. In particular, the example above is not a theorem in the three-valued approach, since for the instantiation y = 0 the formula evaluates to unde ned. It is generally assumed that for the proper treatment in the three-valued approach a high computational price has to be paid. Indeed in early (unsorted) mechanisations of Kleene's approach by Tichy [Tic82], Lucio-Carrasco and Gavilanes-Franco [LCGF89], this is the case to a very high extent. In [KK94, KK96] we have developed a sorted three-valued logic SKL and corresponding resolution and tableau calculi RPF and TPF carefully integrating ideas from sorted dynamic logics as introduced by Weidenbach [Wei89, Wei94] and form many-valued truth-functional logics as mechanised by Hahnle [Hah92] as well as by Baaz and Fermuller [BF92]. The main contribution of this paper is the result that for a large class of SKLtheorems (which are also classical theorems by construction) the TPF and RPF proofs can be transformed into classical sorted tableau and resolution proofs and vice versa conserving the structure and size of the proof. Furthermore we can show that by adding a simple strategy in proof search for two-valued theorems, it is possible to use a two-valued theorem prover for proving SKL-theorems. f

66

SKL)

2

Strong Sorted Kleene Logic (

In [Kle52] Kleene presents a logic, which he calls strong three-valued logic for reasoning about partial recursive predicates on the set of natural numbers. He argues that the intuitive meaning of the third truth value should be \unde ned" or \unknown" and introduces the truth tables shown in de nition 2.1. Similarly Kleene enlarges the universe of discourse by an element ? denoting the unde ned number. In his exposition the quanti ers only range over natural numbers, in particular he does not quantify over the unde ned individual (number). In [KK94] we have made Kleene's meta-level discussion of de ned and unde ned individuals explicit and presented a formal syntax and semantics that we will now present informally. The universe of discourse is structured into the sort
for all de ned individuals and an error element ?; all functions and predicates are strict, that is, if one of the arguments of a compound term or an atom evaluates to ?, then the term evaluates to ? or the truth value of the atom is . Just as in Kleene's system, our quanti ers only range over individuals in
, that is, individuals that are not unde ned. Since SKL needs the sort
for bounded quanti cation anyway, it is no further eort to give the full sorted system. The further use of sorts gives the well-known advantages of sorted logics for the conciseness of the representation and the reduction of search spaces. Terms in SKL are ordinary rst-order terms, while formulae are built up from formulae by the usual connectives, and a unary connective ! with the intended meaning that !A is true, whenever the value of A is not . Furthermore, all quanti cations are bound by a sort S (i.e. of the form 8xS A or 9xS A). The three-valued semantics for SKL has a \unde ned individual" ? in the universe of discourse. Note that this is similar to the classical at CPO construction [Sco70], but Kleene's interpretation of truth values does not make minimal. Since we are not interested in least x-points, monotonicity does not play a role in this paper. The standard notion of value function, -algebra and assignments directly carry over to the partial-function case. The only interesting part is the nonclassical truth functions for the connectives and quanti ers. u

u

u

De nition 2.1 The value of a formula dominated by a connective is obtained from the value(s) of the subformula(e) in a truth-functional way. Therefore it suces to de ne the truth tables for the connectives: ^ _ ) : ! f

u

t

f

u

t

f

u

t

f

f

f

f

f

f

u

t

f

t

t

t

f

t

f

t

u

f

u u

u

u

u

t

u

u u

t

u

u

u

f

t

f

u

t

t

t

t

t

f

t

t

f

t

t

t

u

The semantics of the quanti ers is de ned with the help of function e8 and e9 from the non-empty subsets of the truth values in the truth values. We de ne I' ( xS A) := e (fI';[a=x](A) a 2 AS g) Q

Q

67

where 2 f8; 9g and furthermore Q

8 0 IR

IR

IR

IR

IR

IR

IR

IR

IR

IR

IR

IR

68

An informal mathematical argumentation why T is entailed by fA1; : : : ; A5g can be as follows: In the consequent above, the Ai are assumed to be true, that is, neither false nor unde ned. Let x and y be arbitrary elements of . If x = y, the premise of T is false, hence the whole expression true (in this case the conclusion evaluates to ). If x 6= y, then the premise is trueand the truth value of the 2 whole expression is equal to that of the conclusion x,1 y > 0. Since x 6= y we get by A5 that x , y 6= 0 and by A4that x , y< , , hence by A1 x , y 0 together with A3. IR

u

IR

IR

IR

3

Tableau

Now we turn to the exposition of our tableau calculus. The case of standard tableaux for partial functions is a simple extension of rst-order tableau methods to SKL. Therefore we will only concern ourselves with free variable tableaux. While a labelled formula A means that A has the truth value , we also make use of multi-indices as introduced by Hahnle and write A as an abbreviation for A _ A . (Normally, we do not have to consider three dierent truth values, since the corresponding formulae are tautological and cannot contribute to refutations.) As has been pointed out by Hahnle [Hah92], the use of multi-indices does not only oer a concise notation, but can drastically improve a calculus, when special rules for their treatment are introduced.

De nition 3.1 (Tableau Rules) The tableau rules consist of the traditional tableau rules for the propositional connectives, augmented by the case of the label . u

(A _ B )

t

A B t



t

(A _ B )

u

A B

fu

f

A B

f

fu

A B u

(A _ B )



(A _ B )

(A _ B )

ut

A



ut

B

A B

ut

fu

fu

f

fu

u

Since we have special rules for the multi-indices and , we only need a splitting rule re ecting the de nition of multi-indices as disjunctions for the remaining multi-index . Note that the multi-index gives rise to tautologies, which can never contribute to refutations. ut

ft

fu

f ut

A

ft

A A f



t

The negation rules just ip the labels in the intuitive way. (:A)

t

A

f

(:A)

u

A

u

(:A)

f

A

t

69

(:A)

(:A)

fu

ut

ut

A

A

fu

The ! rule for the case closes the branch (we use an explicit symbol  for that), since (!A) is unsatis able in SKL. u

u

(!A)

(!A)

t

(!A)

u



A

ft

(!A)

f

A

(!A)

ut

A

u

fu

A

ft

u

The quanti er rules for the classical truth values and multi-indices are very similar to the standard rules (fxS ; y1 ; : : : ; yn g are the free variables of A and f is a new function symbol of arity n), with the exception that the sort of the Skolem function has to be speci ed. The rule for the case has a mixed existential and universal character: for yS the value of A is unde ned or true (that is there is no instance, which makes the formula false) and there is at least one witness for the unde nedness. (8xS A) (8xS A) (8xS A) [yS =xS ]A [f (y1 ; : : : ; yn )=xS ]A [f (y1 ; : : : ; yn )=xS ]A [yS =xS ]A (f (y1 ; : : : ; yn )< ,S ) 1 n (f (y ; : : : ; y )< ,S ) (8xS A) (8xS A) [yS =xS ]A [f (y1 ; : : : ; yn )=xS ]A (f (y1 ; : : : ; yn )< ,S ) The rules for connectives and quanti ers above can now be used to reduce complex labelled formulae to literals. Some sort literals can further be reduced, due to the fact that sorts are de ned on all de ned individuals and the predicate
is de ned everywhere. (These rules have to be slightly generalised for multi-indices. We only display the interesting case.) u

t

u

f

t

u

f

ut

t

t

ut

fu

ut

fu

t

(t< ,S )  (t< ,
) Now we only need tableau closure rules: The cut rule and the strict rule (t< ,
)

u

u

f

C ( t< ,
)    SC ()  SC () where  \ = ;,  f g, and  = [t1 =x1S1 ]; : : : ; [tn =xnSn ] is the most general uni er of A and B or the most general uni er of the term t and a subterm s of C , respectively. In both cases the sort constraint SC () = ((t1 < ,S1 )^: : : ^(tn 0) s(A10 ) (u 6= 0 ) u < , ) s

IR

IR

s

fu

IR

IR

(A20 ) ( v 1 < , ) IR

IR

t

IR

t

t

t

s

(A30 ) (w2  > 0)

s

(A40 ) (s , t < , )

s

(A50 ) (x , y = 0 ) x = y )

s

(T1) (c< , )

s

(T2) (d< , )

t

t

IR

IR

t

IR

IR

t

t

IR

IR

IR

IR

IR

t

IR

t

fu

t

fu

,




(T3) (c = d _ c,1 d 2 > 0) s(T30 ) (c = d)

s

fu

fu

fu

,




fu

(T300 ) ( c,1 d 2 > 0)  s(F1) ( 1 < c,d , )

s

fu

@(F2) (c , d