Our decision procedure has been implemented as part of the Stanford Temporal Prover, STeP [2], a system which supports the computer-aided verication o

Similar documents
Diagram-based Formalisms for the Verication of. Reactive Systems. Anca Browne, Luca de Alfaro, Zohar Manna, Henny B. Sipma and Tomas E.

Computational Logic. Davide Martinenghi. Spring Free University of Bozen-Bolzano. Computational Logic Davide Martinenghi (1/30)

Mathematical Logic Propositional Logic - Tableaux*

APPLICATIONS OF FORMATIVE PROCESSES TO THE DECISION PROBLEM IN SET THEORY

Introduction to Logic in Computer Science: Autumn 2006

In this paper, we take a new approach to explaining Shostak's algorithm. We rst present a subset of the original algorithm, in particular, the subset

Introduction to Logic in Computer Science: Autumn 2006

INDEPENDENCE OF THE CONTINUUM HYPOTHESIS

An optimal tableau-based decision algorithm for Propositional Neighborhood Logic

WHAT IS AN SMT SOLVER? Jaeheon Yi - April 17, 2008

Splitting a Default Theory. Hudson Turner. University of Texas at Austin.

Hypersequent Calculi for some Intermediate Logics with Bounded Kripke Models

for Propositional Temporal Logic with Since and Until Y. S. Ramakrishna, L. E. Moser, L. K. Dillon, P. M. Melliar-Smith, G. Kutty

A decision procedure for a two-sorted extension of Multi-Level Syllogistic with the Cartesian product and some map constructs

On 3-valued paraconsistent Logic Programming

Propositional and Predicate Logic - V

Pairing Transitive Closure and Reduction to Efficiently Reason about Partially Ordered Events

Equational Logic. Chapter Syntax Terms and Term Algebras

On some Metatheorems about FOL

Classical Propositional Logic

Pairing Transitive Closure and Reduction to Efficiently Reason about Partially Ordered Events

Transformation Rules for Locally Stratied Constraint Logic Programs

Using Aspect-Oriented Programming in the Development of a Multi-strategy Theorem Prover

2 PLTL Let P be a set of propositional variables. The set of formulae of propositional linear time logic PLTL (over P) is inductively dened as follows

Towards the use of Simplification Rules in Intuitionistic Tableaux

Essentially based on Paramodulation [14], various renements for the ecient

Version January Please send comments and corrections to

On the satisfiability problem for a 4-level quantified syllogistic and some applications to modal logic

KE/Tableaux. What is it for?

On the Complexity of the Reflected Logic of Proofs

ME(LIA) - Model Evolution With Linear Integer Arithmetic Constraints

ME(LIA) - Model Evolution With Linear Integer Arithmetic Constraints

Interpolation theorems, lower bounds for proof. systems, and independence results for bounded. arithmetic. Jan Krajcek

Non-elementary Lower Bound for Propositional Duration. Calculus. A. Rabinovich. Department of Computer Science. Tel Aviv University

Description Logics. Deduction in Propositional Logic. franconi. Enrico Franconi

Math 42, Discrete Mathematics

Automated Reasoning. Introduction to Logic in Computer Science: Autumn Different Forms of Reasoning. Tableaux for Propositional Logic

example like a b, which is obviously not true. Using our method, examples like this will quickly halt and say there is no solution. A related deciency

2.5.2 Basic CNF/DNF Transformation

same literal in a formula), and useful equivalence-preserving operations based on anti-links are

A Resolution Method for Modal Logic S5

Cooperation of Background Reasoners in Theory Reasoning by Residue Sharing

In a second part, we concentrate on interval models similar to the traditional ITL models presented in [, 5]. By making various assumptions about time

Cooperation of Background Reasoners in Theory Reasoning by Residue Sharing

Using E-Unification to Handle Equality in Universal Formula Semantic Tableaux Extended Abstract

Lean clause-sets: Generalizations of minimally. unsatisable clause-sets. Oliver Kullmann. University of Toronto. Toronto, Ontario M5S 3G4

ABSTRACT In this work we propose a logical approach to planning, based on the view of a planning activity as the search for a nite model of the specic

Optimal Tableaux for Right Propositional Neighborhood Logic over Linear Orders

Electronic Notes in Theoretical Computer Science 18 (1998) URL: 8 pages Towards characterizing bisim

Proof Theoretical Studies on Semilattice Relevant Logics

Tableau Calculus for Local Cubic Modal Logic and it's Implementation MAARTEN MARX, Department of Articial Intelligence, Faculty of Sciences, Vrije Uni

Taming Implications in Dummett Logic

On evaluating decision procedures for modal logic

A refined calculus for Intuitionistic Propositional Logic

Advanced Topics in LP and FP

Part II. Logic and Set Theory. Year

Propositional Calculus - Soundness & Completeness of H

Principles of Knowledge Representation and Reasoning

An Alternative To The Iteration Operator Of. Propositional Dynamic Logic. Marcos Alexandre Castilho 1. IRIT - Universite Paul Sabatier and

Hierarchic Superposition: Completeness without Compactness

KLMLean 2.0: a Theorem Prover for KLM Logics of Nonmonotonic Reasoning

Canonical Calculi: Invertibility, Axiom expansion and (Non)-determinism

Boolean Algebra and Propositional Logic

T -resolution: Refinements and Model Elimination

Introduction to Logic in Computer Science: Autumn 2007

Syntax of FOL. Introduction to Logic in Computer Science: Autumn Tableaux for First-order Logic. Syntax of FOL (2)

Propositional Calculus - Semantics (3/3) Moonzoo Kim CS Dept. KAIST

3 Propositional Logic

of acceptance conditions (nite, looping and repeating) for the automata. It turns out,

Classical Propositional Logic

2 Real-Time Systems Real-time systems will be modeled by timed transition systems [7, 15]. A timed transition system S = hv; ; ; T ; L; Ui consists of

7. F.Balarin and A.Sangiovanni-Vincentelli, A Verication Strategy for Timing-

( V ametavariable) P P true. even in E)

Part 1: Propositional Logic

Design of abstract domains using first-order logic

Propositional Resolution

Deciding Modal Logics using Tableaux and Set Theory

Part 1: Propositional Logic

Towards an ecient Tableau Proof Procedure for Multiple-Valued. Logics. Reiner Hahnle. University of Karlsruhe, Am Fasanengarten 5.

THEORY OF SYSTEMS MODELING AND ANALYSIS. Henny Sipma Stanford University. Master class Washington University at St Louis November 16, 2006

Propositional and Predicate Logic - IV

Bi-rewrite Systems. Universitat Politecnica de Catalunya. Consejo Superior de Investigaciones Cientcas. Abstract

Boolean Algebra and Propositional Logic

Rina Dechter and Irina Rish. Information and Computer Science. University of California, Irvine.

Translating a Satallax Refutation to a Tableau Refutation Encoded in Coq

A version of for which ZFC can not predict a single bit Robert M. Solovay May 16, Introduction In [2], Chaitin introd

Chapter 3: Propositional Calculus: Deductive Systems. September 19, 2008

Lecture 14 - P v.s. NP 1

Propositional Logic Language

Mathematical Logic. Introduction to Reasoning and Automated Reasoning. Hilbert-style Propositional Reasoning. Chiara Ghidini. FBK-IRST, Trento, Italy

Deductive Systems. Lecture - 3

Formal Logic and Deduction Systems

A Preference Semantics. for Ground Nonmonotonic Modal Logics. logics, a family of nonmonotonic modal logics obtained by means of a

TR : Tableaux for the Logic of Proofs

Integer Circuit Evaluation is PSPACE-complete. Ke Yang. Computer Science Department, Carnegie Mellon University, 5000 Forbes Ave.

result would be desirable, but there are no exact results on the complexity of the theorem prover approach. The situation for Gr(K R ) is more complic

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel

Chapter 2 Propositional Logic: Formulas, Models, Tableaux

Sciences, St Andrews University, St Andrews, Fife KY16 9SS, Scotland,

Chapter 3 Deterministic planning

Transcription:

A New Fast Tableau-Based Decision Procedure for an Unquantied Fragment of Set Theory? Domenico Cantone 1 and Calogero G. Zarba 2 1 Universita di Catania, Dipartimento di Matematica, Viale A. Doria 6, I-95125 Catania, Italy, e-mail: cantone@cs.unict.it 2 Stanford University, Computer Science Department, Gates Building, Stanford CA 94305, USA, e-mail: zarba@theory.stanford.edu Abstract. In this paper we present a new fast tableau-based decision procedure for the ground set-theoretic fragment Multi-Level Syllogistic with Singleton (in short MLSS) which avoids the interleaving of model checking steps. The underlying tableau calculus is based upon the system KE. 1 Introduction In the last few years many fragments of set theory have been proved decidable [6, 5]. However, the problem of nding ecient decision procedures for these fragments still remains largely unexplored. In this paper we present a new fast tableau-based decision procedure for the ground set-theoretic fragment Multi-Level Syllogistic with Singleton (in short MLSS). Tableaux have the appealing feature that it is easy to extract a counterexample from an open and saturated branch, but on the other hand they can be highly inecient if the splitting rules are not designed properly, at least for certain classes of formulae. We address this anomaly by presenting a tableau calculus based on the system KE introduced in [7] which forces tableau branches to be mutually exclusive. This results in an exponential speed-up with respect to Smullyan tableau-based calculi. 1 In addition, in the procedure we are going to describe useful cuts are recognized in constant time, without the interleaving model-checking steps approach used in [1, 4, 9]. Moreover, useless cuts that might be executed by an exhaustive search strategy are totally avoided. This will have the overall eect to considerably speed up the saturation process with respect to the previous approaches.? Work partially supported by the C.N.R. of Italy, coordinated project SETA, by M.U.R.S.T. Project \Tecniche speciali per la specica, l'analisi, la verica, la sintesi e la trasformazione di programmi", and by project \Deduction in Set Theory: A Tool for Software Verication" under the 1998 Vigoni Program. 1 See [7] for further details about the cited speed-up.

Our decision procedure has been implemented as part of the Stanford Temporal Prover, STeP [2], a system which supports the computer-aided verication of reactive, real time and hybrid systems based on temporal specication. The integration of our decision procedure with STeP First-Order Reasoning and STeP's other decision procedures is done using the method described in [3]. The paper is organized as follows. In Section 2 we introduce some preliminary concepts which will be useful in what follows. In Section 3 we present a decidable tableau calculus for MLSS, whose proof of correctness is given in Section 4. Finally, after giving in Section 5 some experimental results, in Section 6 we hint at some directions of future research. 2 Preliminaries In this section we introduce the syntax and semantics of MLSS, as well as the concept of realization. 2.1 Syntax The unquantied set-theoretic fragment MLSS contains { a denumerable innity of variables, { the constant ; (empty set), { the operator symbols t (union), u (intersection),? (set dierence) and [] (singleton), { the predicate symbols @? (membership) and (equality), and { the logical connectives :, ^ and _. 2 Plainly, the predicate v and the nite enumeration operator [; ; : : : ; ] can be expressed in MLSS by noticing that s v t is equivalent to s t t t and that [t 1 ; t 2 ; :::; t k ] can be expressed by [t 1 ] t : : : t [t k ]. We denote by T ' the collection of all terms occurring in the formula ', and we use the abbreviations s 6@? t and s 6 t to denote :(s @? t) and :(s t), respectively. 2.2 Semantics The semantics of MLSS is based upon the von Neumann standard cumulative hierarchy V of sets dened by: V 0 = ; V +1 = P(V ) ; for each ordinal V = S V < ; for each limit ordinal V = S V 2On ; 2 In our treatment, ::p is considered to be a syntactic variation of p.

where P(S) is the power set of S and On denotes the class of all ordinals. It can easily be seen that there can be no membership cycle in V, namely sets in V are well-founded with respect to membership. An assignment M over a collection V of variables is any function M : V! V. Given an assignment M over the variables of a formula ', we denote with M' the truth-value obtained by interpreting each variable v in ' with the set Mv and the set symbols and logical connectives according to their standard meaning (thus, for instance, t, u,?, [], @?, and are interpreted as the set operators [, \, n, fg, and as the set predicates 2 and =, respectively). A set model for a formula ' is an assignment M over the collection of variables occurring in ' such that M' evaluates to true. A formula ' is satisfiable if it has a set model. 2.3 Realizations Let G = (N; b@?) be a directed acyclic graph, and let (P; T ) be a bipartition of N. Also, let fu x : x 2 P g be a family of sets. Denition 1. The realization of G = (N; b@?) relative to fu x : x 2 P g and to (P; T ) is the assignment R over N recursively dened by: Rx = fu x g ; for x in P Rt = frs : s b@? tg ; for t in T. Observe that R is well-dened since G is acyclic. Next we dene the function h : N! N (called the height), by putting: h(t) = ( 0 if t 2 P or s b 6@? t, for all s 2 N maxfh(s) : s b@? tg + 1 otherwise. The following lemma states the main properties of realizations. Lemma 1. Let G = (P [ T; b@?) be a directed acyclic graph, with P \ T = ;. Also, let fu x : x 2 P g and R be respectively a family of sets and the realization of G relative to fu x : x 2 P g and (P; T ). Assume that: (a) u x 6= u y for all distinct x; y in P ; (b) u x 6= Rt, for all x in P and t in P [ T. 3 Then the following properties hold: (i) if s b@? t then h(s) < h(t), for all s in P [ T and t in T ; (ii) if Rt 1 = Rt 2 then h(t 1 ) = h(t 2 ), for all t 1 ; t 2 in P [ T ; (iii) if Rs 2 Rt then h(s) < h(t), for all s; t in P [ T. 3 Notice that conditions (a) and (b) can always be satised by letting the u x's be pairwise distinct sets of cardinality no less than jp [ T j, since jrtj < jp [ T j.

Proof. (i) is immediate. (ii) If either t 1 or t 2 is in P, the claim is ensured by conditions (a) and (b). On the other hand, if t 1 ; t 2 2 T, we proceed by induction on maxfh(t 1 ); h(t 2 )g. The base case (maxfh(t 1 ); h(t 2 )g = 0) is trivial. For the inductive step, suppose Rt 1 = Rt 2 and, without lost of generality, that h(t 1 ) > 0. Then there exists s such that s b@? t 1 and h(t 1 ) = h(s) + 1. Since s b@? t 1, it follows that Rs 2 Rt 1 and therefore Rs 2 Rt 2. Moreover, there exists s 0 such that Rs 0 = Rs and s 0 b@? t 2. By inductive hypothesis h(s) = h(s 0 ). Finally, h(t 2 ) h(s 0 ) + 1 = h(s) + 1 = h(t 1 ). Exchanging the r^oles of t 1 and t 2 it is also possible to deduce h(t 2 ) h(t 1 ). Thus h(t 1 ) = h(t 2 ). (iii) If Rs 2 Rt then there exists some s 0 such that Rs 0 = Rs and s 0 b@? t. For (i) h(s 0 ) < h(t) and for (ii) h(s) = h(s 0 ). Thus h(s) < h(t). ut 3 The Tableau Calculus In this section we describe a tableau calculus for MLSS. See [8] for a complete introduction to semantic tableaux. We extend the notion of closed tableau as follows: Denition 2. A branch of a tableau T is closed if it contains: { two complementary formulae, :, or { a membership cycle of the form t 0 @? t 1 @? : : : @? t 0, or { a literal of the form t 6 t, or { a literal of the form s @? ;. A tableau is closed if all its branches are closed. 3.1 Saturation Rules Our calculus has two kinds of rules: saturation and fullling rules. Moreover, we impose the restriction that no new term will be created by any application of a saturation rule. Thus, for instance, the rule s @? t 1 =) s @? t 1 t t 2 can be applied to a branch of a tableau for ' only if the term t 1 t t 2 is already in T '. Under this fundamental restriction, the full collection of saturation rules is shown in Table 1. Notice also that in the rst two rules for equality, ` stands for a literal, and the substituted term is restricted to be a top-level term occurring in `. This will prevent the search space from exploding. A branch is said to be linearly saturated if no saturation rule produces new formulae.

propositional rules p ^ q =) p; q rules for t s 6@? t 1 t t 2 =) s 6@? t 1; s 6@? t 2 :(p _ q) =) :p; :q s @? t 1 =) s @? t 1 t t 2 p _ q; :p =) q s @? t 2 =) s @? t 1 t t 2 p _ q; :q =) p s @? t 1 t t 2; s 6@? t 1 =) s @? t 2 :(p ^ q); p =) :q s @? t 1 t t 2; s 6@? t 2 =) s @? t 1 :(p ^ q); q =) :p s 6@? t 1; s 6@? t 2 =) s 6@? t 1 t t 2 rules for u rules for? s @? t 1 u t 2 =) s @? t 1; s @? t 2 s 6@? t 1 =) s 6@? t 1 u t 2 s 6@? t 2 =) s 6@? t 1 u t 2 s 6@? t 1 u t 2; s @? t 1 =) s 6@? t 2 s 6@? t 1 u t 2; s @? t 2 =) s 6@? t 1 s @? t 1; s @? t 2 =) s @? t 1 u t 2 rules for [] =) t 1 @? [t 1] s @? [t 1] =) s t 1 s 6@? [t 1] =) s 6 t 1 Table 1. Saturation rules. s @? t 1? t 2 =) s @? t 1; s 6@? t 2 s 6@? t 1 =) s 6@? t 1? t 2 s @? t 2 =) s 6@? t 1? t 2 s 6@? t 1? t 2; s @? t 1 =) s @? t 2 s 6@? t 1? t 2; s 6@? t 2 =) s 6@? t 1 s @? t 1; s 6@? t 2 =) s @? t 1? t 2 rules for equality t 1 t 2; ` =) `ft 2=t 1g t 1 t 2; ` =) `ft 1=t 2g s @? t; s 0 6@? t =) s 6 s 0 3.2 Fullling Rules A fullling rule can be applied to an open linearly saturated branch, provided that its associated precondition and subsumption requirement are, respectively, true and false. Table 2 summarizes the fullling rules and their associated preconditions and subsumption requirements. Notice that even fullling rules (that, incidentally, in our calculus are exactly the splitting rules) are not allowed to introduce new terms, with the exception of the last one, which introduces fresh parameters x not occurring in the branch to which it is applied. Remark 1. Notice that literals of type s 6@? t 1 u t 2 and s 6@? t 1? t 2 do not trigger any split rule, as would happen in an exhaustive search strategy. Notice also the asymmetry in the precondition for u: no split needs to occur if for some term t 1 u t 2 in T ' a literal s @? t 2 occurs in a branch. In early versions of this work all sorts of cut rules were allowed, whereas a careful analysis of the correctness proof has pointed out that most of them can be avoided. Remark 2. Observe that if the literals s 1 s 2, t 1 t 2, s 1 6 t 1, s 1 6 t 2, s 2 6 t 1, s 2 6 t 2 occur in a branch, an exhaustive search strategy would apply a splitting rule to each inequality, thereby generating 2 4 branches, whereas in our calculus at most 2 branches will eventually be created. Remark 3. It is possible to further strengthen the subsumption requirement associated to the last fullling rule by noticing that if a literal t 6 ; occurs in a

fullling rule precondition subsumption requirement p :p :p p s @? t 1 s 6@? t 1 s @? t 2 s 6@? t 2 s @? t 2 s 6@? t 2 x @? t 1 x 6@? t 1 x 6@? t 2 x @? t 2 p _ q is in :(p ^ q) is in t 1 t t 2 2 T ' s @? t 1 t t 2 is in t 1 u t 2 2 T ' s @? t 1 is in t 1? t 2 2 T ' s @? t 1 is in t 1; t 2 2 T ' t 1 6 t 2 is in p is in or :p is in :p is in or p is in s @? t 1 is in or s 6@? t 1 is in s @? t 2 is in or s 6@? t 2 is in s @? t 2 is in or s 6@? t 2 is in 9x : (x @? t 1 is in and x 6@? t 2 is in ) or 9x : (x 6@? t 1 is in and x @? t 2 is in ) Table 2. Fullling rules. branch, then it is enough to require that x @? t occurs in for some x, thus obtaining the linear fullling rule t 6 ; =) x @? t (x new parameter) This improvement will be used in Example 1. More generally, one can maintain a transitivity graph [3] whose nodes are labeled with terms in P [ T ' and edges are labeled with v, 6 or 6@. Then, if a literal t 1 6 t 2 occurs in a branch, we may check whether there exists a path from t 1 to t 2 (or from t 2 to t 1 ) with edges labeled with v, and the fullling rule would then be: t 1 6 t 2 ; t 1 v t 2 =) x @? t 2 ; x 6@? t 1 (x new parameter) : We should also notice that if the literals t 1 6 t 2, t 1 @? : : : @? t 2 occur in a branch, we do not need to apply any fullling rule at all. Soundness of such optimizations is an easy matter. Example 1. Table 1 contains a closed tableau with 3 branches for proving the validity of the formula :(x [y] ^ x y t z) _ (y ; ^ x z). We denote with ' i the formula labeling node i, and provide justications for the construction of the tableau. { ' 2 ; ' 3 ; ' 4 ; ' 5 and ' 7 are obtained by means of propositional rules; { ' 6 and ' 17 are obtained by means of the second fullling rule; { ' 8 ; ' 9 ; ' 13 and ' 14 are obtained by means of the last fullling rule; { ' 10 ; ' 12 ; ' 16 ; ' 20 ; ' 21 and ' 23 are obtained by means of equality rules; { ' 11 ; ' 15 and ' 19 are obtained by means of rules for t;

1: :(:(x [y] ^ x y t z) _ (y ; ^ x z)) 2: x [y] ^ x y t z 3: :(y ; ^ x z) 4: x [y] 5: x y t z 8: w @? x 9: w 6@? z 10: w @? y t z 11: w @? y 12: w @? ;? 6: y ; 7: x 6 z 13: w 6@? x 14: w @? z 15: w @? y t z 16: w @? x? 17: y 6 ; 18: w @? y 19: w @? y t z 20: w @? x 21: w @? [y] 22: w y 23: y @? y? Fig. 1. A closed tableau for :(:(x [y] ^ x y t z) _ (y ; ^ x z)) { the optimization promised in Remark 3 is used to deduce ' 18 ; { ' 22 is obtained by means of a rule for []. The tableau is closed since the leftmost branch contains the contradiction ' 12, the central branch contains two complementary literals ' 13 ; ' 16, and the rightmost branch contains a membership cycle (' 23 ). Finally, notice that to prove the same formula, the approach described in [4] produced a tableau with 8 branches 4 The Decision Procedure In this section, after introducing some denition and terminology, we state our decision procedure and prove its correctness. Denition 3. To any branch of a tableau T for a formula ' we associate the following objects: P : the collection of parameters added to ; V : the collection of variables and parameters occurring in ; P 0: the collection of parameters fx 2 P : there is no t in T ' such that x t occurs in g; T 0: the set T ' [ (P n P 0); G : the oriented graph (P 0 [ T 0; b@?), where s b@? t if and only if the literal s @? t occurs in ; R : a realization of G relative to the partition (P 0; T 0 ) and to pairwise distinct sets u x, for x 2 P 0, each having cardinality no less than jp 0 [ T 0j;

M : the assignment over V dened by M v = R v, for each v in V. Denition 4. An open branch is saturated if it is linearly saturated and all its subsumption requirements are fullled. Denition 5. A branch is said to be coherent if R t = M t, for all t in P [ T '. Procedure 1 (MLSS-satisability test). Input: an MLSS-formula '. 1. Let T be the tableau consisting of a single node labeled with '; 2. linearly saturate T by strictly applying to it all possible saturation rules until either T is closed or no new formula can be produced; 3. if T is closed, announce that ' is unsatisable; 4. otherwise, if there exists an open and saturated branch in T, announce that ' is satised by the model M ; 5. otherwise, let be a non-saturated open branch; apply to any fullling rule whose subsumption requirement is false and go to step 2. 4.1 Termination We begin to prove total correctness of Procedure 1 by rst showing termination, and leave the proof of partial correctness for the next subsection. Theorem 1. Procedure 1 always terminate. Proof. Let ' be the root formula of the tableau limit T constructed by Procedure 1. Since steps 3 and 4 cause the procedure to terminate, and step 5 always add new formulae, to show termination it is enough to prove that T must be nite. Now, let be any branch in T. Because of the restriction imposed to the application of the rules, jt j is bounded by jt ' j 2, and therefore T ' [ T is nite. It follows that the number of literals occurring in is nite, as well as the number of formulae involving propositional connectives. Having shown that any branch in T is nite, in view of the Konig Lemma even T is nite. ut 4.2 Partial Correctness Let again ' be the root formula of the tableau T constructed by Procedure 1. Since all rules are plainly sound, if T is closed then ' is unsatisable. Otherwise the tableau T must contain an open and saturated branch. Thus, in order to establish the correctness of Procedure 1, it is enough to prove that the assignment M (cf. Denition 3) satises the branch and, therefore, the formula '. The following lemma is easily proved by induction on the number of applications of the inferences rules. Lemma 2. In any branch if x 2 P 0 then:

(a) there can be no term t in T ' [ P dierent from x such that x t occurs in ; (b) there can be no term s in T ' [ P such that s @? x occurs in. In order to show that the assignment M models correctly all formulae occurring in an open and saturated branch, we rst show in the following lemma that the realization R models correctly all literals in an open and saturated branch, provided that terms are just considered as \complex names" for variables (namely operators are not interpreted). Lemma 3. Let be an open and saturated branch. Then: (i) if s @? t occurs in, then R s 2 R t; (ii) if t 1 t 2 occurs in, then R t 1 = R t 2 ; (iii) if t 1 6 t 2 occurs in, then R t 1 6= R t 2 ; (iv) if s 6@? t occurs in, then R s =2 R t. Proof. (i) Let s @? t be in. By Lemma 2, t =2 P 0, and by construction of R it trivially follows that R s 2 R t. (ii) Let t 1 t 2 be in. If either t 1 2 P 0 or t 2 2 P 0 then by Lemma 2 it must be t 1 = t 2 and therefore R t 1 = R t 2. If t 1 ; t 2 2 T 0 but R t 1 6= R t 2, suppose w.l.o.g. that there is some a such that a 2 R t 1 and a =2 R t 2. Then there exists s such that R s = a and s @? t 1 occurs in. Since is saturated, s @? t 2 must also occur in, and by (i) a = R s 2 R t 2, a contradiction. (iii) Let t 1 6 t 2 be in but R t 1 = R t 2. W.l.o.g. we can assume that t 1 ; t 2 2 T ' (otherwise either at least one among t 1 ; t 2 is in P 0, and the claim easily follows from Lemma 2, or would contain a literal t 0 6 1 t0 2 with t 0 ; 1 t0 2 T 2 ' and such that t 1 t 0 1 and t 2 t 0 2 are in ; then t 0 1 6 t 0 2 could play the r^ole of t 1 6 t 2 in the following discussion). By Lemma 1 we have h(t 1 ) = h(t 2 ). We proceed by induction on h(t 1 ). In the base case (h(t 1 ) = 0) we reach a contradiction, since by saturation there is some x such that either x @? t 1 and x 6@? t 2 occur in, or x 6@? t 1 and x @? t 2 occur in, and we would have h(t 1 ) > 0 in either cases. For the inductive step, w.l.o.g. let x @? t 1 and x 6@? t 2 be in (their occurrence is due to saturation), for some x. Then R x 2 R t 1 that implies R x 2 R t 2, so that there exists x 0 such that R x = R x 0 and x 0 @? t 2 occurs in. Notice that x 0 6= x (otherwise would be closed). Since by Lemma 1 we have h(x) = h(x 0 ) < h(t 1 ), we can apply the inductive hypothesis and obtain the contradiction R x 6= R x 0. (iv) Let s 6@? t be in but R s 2 R t. Then there exists s 0 dierent from s such that R s = R s 0 and s 0 @? t occurs in. By saturation s 6 s 0 is in, and by (iii) R s 6= R s 0, a contradiction. ut Next we show that even operators are correctly modeled by R (and therefore by M ), for an open and saturated branch. Lemma 4. If a branch is open and saturated, then it is coherent.

Proof. Let be an open and saturated branch. We prove that R t = M t, for each t in P [ T ', by structural induction on t. The base case is trivial for variables. Concerning ;, notice that trivially M ; = ; and that R ; = ; since is open. For the inductive step we prove only that R (t 1 u t 2 ) = M (t 1 u t 2 ) (other cases are similar). Suppose that a 2 R (t 1 u t 2 ). Then there exists s such that R s = a and s @? t 1 ut 2 occurs in, and since is saturated both s @? t 1 and s @? t 2 occur in. By Lemma 3 R s 2 R t 1 and R s 2 R t 2, and by inductive hypothesis a 2 M t 1 \ M t 2 = M (t 1 u t 2 ). Conversely, if a 2 M (t 1 u t 2 ) then a 2 M t 1 \ M t 2, and by inductive hypothesis a 2 R t 1 \ R t 2. After noticing that, because of the restrictions imposed to the application of the rules, it must be the case that t 1 ; t 2 2 T ', it follows that there exist s 0 ; s 00 such that Rs 0 = Rs 00 = a and both s 0 @? t 1 and s 00 @? t 2 occur in. By saturation, either s 0 @? t 2 or s 0 6@? t 2 occurs in. In the former case s 0 @? t 1 u t 2 occurs in, and therefore a 2 R (t 1 u t 2 ). In the latter case s 0 6 s 00 occurs in, and therefore R s 0 6= R s 00, a contradiction. ut The following theorem concludes the proof of partial correctness. Theorem 2. If is an open and saturated branch, then it is satisable, and indeed it is satised by M. Proof. Let be an open and saturated branch. By combining together Lemma 3 and 4, it follows that M satises all literals occurring in. Finally, proceeding by structural induction, it easy to see that even formulae involving propositional connectives are satised by M. ut 5 Some Experimental Results On a 200 Mhz ULTRA-Spark Sun workstation, the formulae :(x [y] ^ x y t z) _ (y ; ^ x z) (cf. Example 1) and a t (b t c) (a t b) t c were proved valid in 0:03 seconds and 0:02 seconds, respectively, whereas the formula :(x @? y ^ x 6@? z 1 ^ z 1 t z 2 @? [y]) was recognized not to be valid in 0:04 seconds. Moreover, using the basic notion of pair (a; b) = Def ffag; fa; bgg due to Kuratowski, it has been possible to prove the validity of (a; b) 6= (u; b)_(a = u^b = v) in 0.08 seconds. Similar theorems have also been proved for 3-tuples, 4-tuples and 5-tuples in 0.24, 0.58 and 1.79, respectively. 6 Future plans We plan to further investigate heuristics which allow to strengthen subsumption requirements, as hinted in Remark 3. Also, we intend to study thoroughly the cases in which cuts are really needed, in order to further optimize our calculus. Finally, we plan to generalize our tableau calculus and relative saturation strategy to extensions of MLSS (cf. [6, 5]).

Acknowledgments The authors wish to thank Bernhard Beckert, Nikolaj S. Bjrner, and Tomas E. Uribe for helpful comments. The second author wishes to thank Prof. Zohar Manna for having given him the opportunity to visit his REACT group. References 1. Bernhard Beckert and Ulrike Hartmer. A tableau calculus for quantier-free set theoretic formulae. In Proceedings, International Conference on Theorem Proving with Analytic Tableaux and Related Methods, Oisterwijk, The Netherlands, LNCS 1397, pages 93{107. Springer, 1998. 2. Nikolaj S. Bjrner, Anca Browne, Eddie S. Chang, Michael Colon, Arjun Kapur, Zohar Manna, Henny B. Sipma, and Tomas E. Uribe. STeP: Deductive-algorithmic verication of reactive and real-time systems. In Proc. 8 th Intl. Conference on Computer Aided Verication, volume 1102 of LNCS, pages 415{418. Springer-Verlag, July 1996. 3. Nikolaj S. Bjrner, Mark E. Stickel, and Tomas E. Uribe. A practical integration of rst-order reasoning and decision procedures. In Proc. of the 14 th Intl. Conference on Automated Deduction, volume 1249 of LNCS, pages 101{115. Springer-Verlag, July 1997. 4. Domenico Cantone. A fast saturation strategy for set-theoretic Tableaux. In Didier Galmiche, editor, Proceedings of the International Conference on Automated Reasoning with Analytic Tableaux and Related Methods, volume 1227 of LNAI, pages 122{137, Berlin, May13{16 1997. Springer. 5. Domenico Cantone and Alfredo Ferro. Techniques of computable set theory with applications to proof verication. Comm. Pure Appl. Math., XLVIII:1{45, 1995. 6. Domenico Cantone, Alfredo Ferro, and Eugenio Omodeo. Computable set theory, volume no.6 Oxford Science Publications of International Series of Monographs on Computer Science. Clarendon Press, 1989. 7. Marcello D'Agostino and Marco Mondadori. The taming of the cut. Classical refutations with analytic cut. Journal of Logic and Computation, 4(3):285{319, June 1994. 8. Melvin C. Fitting. First-Order Logic and Automated Theorem Proving. Graduate Texts in Computer Science. Springer-Verlag, Berlin, 2nd edition, 1996. 1st ed., 1990. 9. Calogero G. Zarba. Dimostrazione automatica di formule inisiemistiche con tagli analitici. Tesi di Laurea, Universita di Catania (in Italian), July 1998.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback