Why the Structure Encountered in Mathematical

Why the Structure Encountered in Mathematical Textbooks is Adequate also for Automated Theorem Proving Detlef Fehrer Universitat des Saarlandes Fachbereich Informatik 66041 Saarbrucken Germany [email protected]

Abstract. Successful application of deduction systems in

practice depends (besides other factors) on whether the huge sets of formulae encountered in mathematical knowledge bases can be eciently maintained. This does not only apply to the eld of mathematics itself, but is crucial in hard- and softwareveri cation as well. The complexity induced by thousands of formulae (axioms, de nitions, theorems and lemmata) can be made manageable by structuring the knowledge bases. In analogy to the procedure found in mathematics the knowledge base is divided into single theories or modules . In order to enable the system to perform the selection of axioms necessary for the proof of a concrete given theorem on its own, the knowledge base must contain detailed information about both the relations between theories and their internal structure. This paper argues that much can be learned from the structure found in mathematical textbooks. In particular it should be possible to represent mathematical knowledge in a similar way and exploit this structure in the design of heuristic methods for automatic selection of preconditions required in proofs.

1 Motivation

One serious problem with using (automated) deduction systems in practical applications is the size of knowledge bases encountered. Today's deduction systems are designed for the situation that one complicated theorem has to be deduced from a set of formulae given as preconditions, which is typically tailored to contain exactly the ones necessary for the problem at hand. This situation, however, can be rarely found in practice. Here we usually have to deduce numerous, relatively easy statements from a huge set of formulae (maybe thousands of axioms, de nitions, theorems and lemmata in a given theory), most of which are irrelevant for the concerned task, but which nevertheless blow up the search space into dimensions not tractable. Selecting the \correct" preconditions automatically is far from trivial. But exactly this problem must be solved, if deduction systems are to be applied in practice. This does not only concern fully automated systems. Interactive systems are

c 1996 D. Fehrer

ECAI 96. 12th European Conference on Arti cial Intelligence Workshop on Representation of Mathematical Knowledge Edited by H. Stoyan, K. Homann, S. Jacob, M. Kerber

also supposed to come up with intelligent propositions in similar situations. It is rather utopian to gain the information necessary for the selection from an unstructured (\ at") formula set. Therefore the only chance is to structure the used knowledge base in advance, hoping that this structure can be exploited in order to reduce the number of formulae considered. The degree of structure in present systems varies between dierent domains of research: In automated theorem provers (like e.g. Otter [14], Setheo [13], MKRP [2], : : : ) it is extremely limited (because the typical settings such as various benchmark tests are minimal, hand tailored axiomatizations), so that these systems show a nonmonotonic characteristic in the sense that they are no longer capable of proving some theorems if further (irrelevant) axioms are added. In interactive systems, structured theories are more commonly used. Isabelle [15, 16], HOL [8] and IMPS [6, 4] for instance use a layered approach to knowledge bases (cf. \little theories" in IMPS [5]). Theories, however, are in a sense atomic, so that for a proof one must either explicitly enter a theory and use its methods solely, or gets the sum of all theories logically underneath. In the sequel it is shown why a selective theory expansion is preferable.

2 Learning from Mathematical Textbooks

Mathematical textbooks are usually written in a layered fashion. Also there is seldom a minimal axiomatization of the considered theory (like e.g. the Zermelo-Fraenkel axiomatization for set theory), but on the contrary a very redundant, reader-oriented presentation with strong internal structure of the single theories. Explicit mentioning of many (redundant) lemmata and propositions with marked grade of importance is signi cant. There are projects whose concern is the structured presentation of mathematical knowledge, e.g. the MIZAR project [17]. Here, however, the main emphasis is not so much on automatization, but on a combination of veri cation and readability by humans. A frame based approach has been successfully pursued by Kerber [11, 12]. It is very strongly oriented at

the structure of mathematical literature. Thus it was possible to code big chunks of a textbook on automata theory using this approach [18]1. It was also possible to prove the theorems with the help of an automated theorem prover, but the selection of required preconditions had to be done by hand. The representation of the knowledge does not support automatic extraction. \The preconditions had to be selected by the user. But even if this important job was done optimally, that is the user entered a minimal set of preconditions, normally the proofs were too dicult to be found without any lemmata. The user had to split the proof into dierent parts, prove certain lemmata with MKRP and enter them later on as preconditions for the actual theorem. The system did not provide any support for such a procedure" [12, p. 6] The next section gives an example from an analysis textbook that strongly suggests that the required knowledge may nevertheless be contained in the structure and thus could possibly be exploited.

If these de nitions are to be expanded, the signature had to be extended by adding further elements, for example environments. However, the proof given in the book runs like this:

Proof: We consider a xed z0 2 CI . According to (7.21) we have for all z 2 CI : exp z = exp z0
exp(z ? z0 ) = exp z0 + exp z0 (exp(z ? z0 ) ? 1) = exp z0 + exp z0 exp(zz ?? zz0 ) ? 1 (z ? z0 ): 0

Following (8.16) and (8.17) (a) the right hand fraction strives to the limit 1 for z ! z0 , and we get lim ! exp z = exp z0 :

z z0

Since z0 2 CI was arbitrary, and because of (8.12) this proves the claim. 2 It should be noticed that here only theorems, but no de nitions, from the imported theory are referred to, namely

3 An Example from Analysis

This is an example from a German textbook on analysis [1]2, which shows rather clearly that mathematicians, when proving in a theory, do not completely import all the theories underneath, but use only distinct key results. In particular de nitions are usually not expanded outside their \home theory", but instead derived properties are used, the proof of which of course originally presupposed the expansion. On page 125 we nd

Theorem (7.21)

For arbitrary z1 ; z2 2 CI we have

exp(z1 + z2 ) = exp z1
exp z2 :

Theorem (8.12)

A function f is continuous in point  2 A i

Theorem (8.17) (b) The exponential function is continuous on the whole of CI .

lim ! f (x) = f ():

x 

which contains as elements of the signature \exponential function" and \continuous" (as well as CI ), which are de ned in smaller theories (i.e. previous chapters) as

X exp z :=

Theorem (8.16)

If the functions f : A ! B and g : B ! C possess the limits

lim ! f (x) = ;

De nition 1 (exponential function) 1 zk k=0

and

x 

k! :

and further (a) f (x) 6=  8x or (b) g is continuous in point , so lim g(f (x)) = ylim x! ! g(y):

De nition 2 (continuous functions) If f is continuous in every point  2 D(f ), we call f continuous.

Theorem (8.17) (a)

exp z ? 1 = 1: lim ! z

resp.

z 0

De nition 3 (continuous) The function f is called continuous in point  2 D(f ), if

Although for the proofs of these the de nitions of \continuous" and \exponential function" have to be expanded, the import of the expansion and the increase in complexity connected with this is obviously not necessary for the presented proof. Of course this is not always the case. There are examples, where a proof on a very high level requires descending deep into the fundamentals. This is, however, suciently seldom that heuristic methods exploiting the layered structure of the knowledge base can be expected.

for every  > 0 there is a () =:  > 0, such that from

jx ? j < ; x 2 D(f ) we get 1 2

lim ! g(y) (=:  )

y 

jf (x) ? f ()j < :

A pioneer work in this direction has been [10]. English translation by the author of this paper.

Structure of Mathematical Textbooks

7

D. Fehrer

4 A Sketch of the Proposed Structure

only be guaranteed if potential descent to the bottom is allowed. Examples show that this can be assumed to be rather seldom needed. The concrete research goal is therefore to examine how such heuristics should look like and how the dependences are inherited (e.g. one can already see that in contrast to logical dependence we do certainly not want transitivity here). In addition procedures have to be developed that allow for the ecient treatment of theory management, much in the spirit of indexing techniques for big term sets (cf. e.g. [9]).

In this section it is brie y sketched, how the author thinks the structure of a mathematical knowledge base eciently usable by automatic theorem provers should look like. This is a re nement of the approach proposed by Kerber [11, 12], in that his distinction between true axioms and de nitions is crucial for our management of signatures. Newly to be introduced is a ner grained scale of graduation for the entities originally subsumed under \theorems" (e.g. \lemma", \proposition"), according to their importance and position within the respective theory. Of great importance is then the de nition of a theory's interface, determining what is visible from other theories. Relations (i.e. dependences) do not only hold between complete theories (this has been examined in literature, cf. e.g. theory interpretations [3]), but between single components of theories. There are two hierarchies to be distinguished:

5 Summary

The incapability to automatically select the required preconditions for a proof from a huge set of formulae is a major problem in the use of deduction systems in many applications. We have argued that this problem can possibly be tackled by exploiting information given by a layered structure of knowledge as it can be found in mathematical textbooks. The idea of segmenting a knowledge base into theories is not new. However, we have shown that examples speak in favour of not treating theories itself as atomic and consider relations not only between whole theories, but between their elements. In particular the expansion of de nitions and its eect on signatures should be thoroughly studied in order to come to powerful heuristics that support solving the problem of reducing the set of preconditions.

4.1 Logical Dependence

Logical dependences characterize, which axioms (or previously proven theorems) have been used in the proof of a theorem. This information can simply be gained simultaneously to the proof, using a method described in [7]. It is of importance particularly during the development of speci cations, since changing some de nitions then results in less newly created proof obligations, if only those parts are to be proved anew that really depend on the items changed.

REFERENCES

4.2 De nitional Dependence

[1] Christian Blatter, Analysis I, number 151 in Heidelberger Taschenbucher, Springer Verlag, 1980. [2] Norbert Eisinger and Hans Jurgen Ohlbach, `The Markgraf Karl Refutation Procedure (MKRP)', in Proceedings CADE 86, pp. 681{682, (1986). [3] William M. Farmer, `Theory interpretation in simple type theory', in HOA'93; An International Workshop on Higher Order Algebra, Logic and Term Rewriting. CWI, Amsterdam, the Netherlands, (September 1993). [4] William M. Farmer, Joshua D. Guttman, and F. Javier Thayer, `IMPS: System description', in Automated Deduction | CADE-11; 11th International Conference on Automated Deduction; Proceedings, ed., D. Kapur, number 607 in Lecture Notes in Arti cial Intelligence, pp. 701{705, Saratoga Springs, N.Y., (June 1992). Springer. [5] William M. Farmer, Joshua D. Guttman, and F. Javier Thayer, `Little theories', in Automated Deduction | CADE11; Proceedings of the 11th International Conference on Automated Deduction, ed., D. Kapur, number 607 in Lecture Notes in Arti cial Intelligence, pp. 567{581, Saratoga Springs, N.Y., (June 1992). Springer. [6] William M. Farmer, Joshua D. Guttman, and F. Javier Thayer, `IMPS: An Interactive Mathematical Proof System', Journal of Automated Reasoning, 11(2), 213{248, (October 1993). [7] Detlef Fehrer, A Unifying Logical Framework for Reason Maintenance, Dissertation, Universitat des Saarlandes, Saarbrucken, February 1996. also available as SEKI-report SR{96{04. [8] M. J. C. Gordon and T. F. Melham, Introduction to HOL | A theorem proving environment for higher order logic, Cambridge University Press, 1993. [9] Peter Graf, Term Indexing, Dissertation, Technische Fakultat der Universitat des Saarlandes, Saarbrucken, 1995. will be published in LNAI series, 1996.

De nitions are special axioms in so far as in principle every occurrence of the de niendum can be replaced by the corresponding de niens and the de nition itself eliminated, without changing anything concerning the logical dependences. This results in a smaller signature. In mathematical practice, however, we meet quite the opposite: after the de nition of new structures, some propositions are proven, which together with the de nitions form the theory. In theories built on top of it, usually the de nitions are not further referred to, as shown in the detailed example above This means, that it is useful to associate with each symbol the theory it has been de ned in. When trying to prove a theorem, an automated system then can make some educated guess at which theory (theories) have to be used: from the symbols occurring the topmost theory can be extracted. But | and this is what we plead for here | neither is it sucient to use that theory alone nor is it necessary to \load" all the theories underneath, but there are more or less relevant parts that can successively added.

4.3 Heuristics for the Reduction of Used Preconditions

The dependences stemming from the introduction of symbols by de nitions can be used for selecting of the relevant preconditions for a proof. While reduction because of logical irrelevance (cf. 4.1) can always be performed, the dependences discussed in 4.2 can only lead to heuristic strategies, preferring not to expand de nitions. Completeness, however, can

Structure of Mathematical Textbooks

8

D. Fehrer

[10] L.S. van Benthem Jutting, Checking Landau's \Grundlagen" in the AUTOMATH System, volume 83 of Mathematical Centre Tracts, Mathematisch Centrum, Amsterdam, Netherlands, 1979. [11] Manfred Kerber, `A frame based approach to representing mathematical concepts', SEKI Report SR{89{20, Universitat Kaiserslautern, Fachbereich Informatik, Kaiserslautern, (1989). [12] Manfred Kerber, On the Representation of Mathematical Concepts and their Translation into First-Order Logic, Dissertation, Universitat Kaiserslautern, Fachbereich Informatik, Kaiserslautern, 1992. also SEKI Report SR{92{08. [13] R. Letz, J. Schumann, S. Bayerl, and W. Bibel, `SETHEO: A high performance theorem prover', Journal of Automated Reasoning, 8, 183{212, (1992). [14] William Mc Cune, `Otter 3.0 reference manual and guide', Technical Report ANL-94/6, Argonne National Laboratory, (1994). [15] Lawrence C. Paulson, `Isabelle: The next 700 theorem provers', Logic and Computer Science, 361{386, (1990). [16] Lawrence C. Paulson, Isabelle, number 828 in Lecture Notes in Computer Science, Springer Verlag, 1994. [17] Pjotr Rudnicki. An overview of the MIZAR project. presented at the Bastaad Summer School, Sweden, 1992. [18] Barbara Schutt and Manfred Kerber, `A mathematical knowledge base for proving theorems in semigroup and automata theory | part I |', SEKI Working Paper SWP{93{02, Universitat des Saarlandes, Fachbereich Informatik, Saarbrucken, (1993).

Structure of Mathematical Textbooks

9

D. Fehrer