Algebra and Proof Theory for a logic of propositions, actions, and - - PowerPoint PPT Presentation

Algebra and Proof Theory for a logic of propositions, actions, and adjoint modalities Joint work with Roy and Julian Truffault Mehrnoosh Sadrzadeh EPSRC Career Acceleration Research Fellow Oxford University, Department of CS

The muddy children puzzle There are n children playing in the mud and k of them have muddy

• foreheads. Their father announces to them that ‘at least one of you

has a dirty forehead’. Then asks ‘do you know it is you who has a muddy forehead?’. The children look around and think and all of them say ‘no!’, then again they look around and think and say ‘no!’ again, and so on. The question: will the dirty children ever know they are dirty? If so, after how many rounds of no answers? How about the clean ones? Modern twists: what if the father is a liar? what if the children are liars or imperfect reasoners? Can one prove the answers in a logic? If so which logic?

An analysis of the puzzle We need to model: Propositions: being dirty or not Actions: announcing no answers Modalities: knowing that one is dirty Learning: how do the actions update the knowledge Modern twists: knowledge about the actions

Existing work Epistemic Logics: Semantic proof: Fagin and Halpern Syntactic proof: Huth and Ryan, Natural Deduction Defect of Both: actions are not part of the logic, so the solution only formalizes half of the puzzle.

Bad attempt at taking actions into account Take Full Linear Logic This has both actions and propositions Add epistemic modalities to it (A. Martin, U of Ottawa) Use it to prove muddy children Automate the proof in COQ

Correct Approach Linear Logic of Actions Logic of Propositions Adjoint Modalities on both Make the two interact to model update and learning

Why adjoint modalities? Kripke Frame W = (W, RA)A where RA ⊆ W × W Satisfaction Relation | = ⊆ W × LML Defined by induction on the structure of the formulae W, w | = ✷Aφ iff ∀z, (w, z) ∈ RA implies z | = φ Read ✷Aφ as “A believes that φ.” Define Knowledge as KAφ := ✷Aφ ∧ φ. Knowledge becomes secondary to belief.

Adjoint Modalities Consider the converse of the relation (W, RA, Rc

A)A

Modalities for the converse relation too! W, w | = Aφ iff ∃z, (w, z) ∈ Rc and z | = φ Verify W, w | = φ → ✷AAφ W, w | = A✷Aφ → φ Balck diamond and box are adjoint. A ⊣ ✷A

Algebraic Modal Logic Start with the Kripke frame (W, RA) Lift it to its powerset: Boolean Algebra (P(W), fA) where operator fA: P(W) → P(W) is canonically defined by fA(X) =

• x∈X

RA[X] = {y ∈ W | ∃x ∈ X, (x, y) ∈ RA} = {y ∈ W | ∃x ∈ X, (y, x) ∈ Rc

A}

= AX

✷A as adjoint to A Since A preserves all the unions, it has a right adjoint. Canonically defined by gA(X) =

• {Y | fA(Y ) ⊆ X}

=

• {Y | RA[Y ] ⊆ X}

= {y ∈ W | ∀z, (y, z) ∈ RA implies z ∈ X} = ✷AX In fact: these hold for any complete lattice.

Epistemic Interpretation AX All possibilities, choices, options that A has wrt to X. All propositions that A might consider true if X is true. All actions A might consider happening if X is happening. A’s uncertainty about X. Appearance to A of X. Knowledge is secondary to belief. Belief is secondary to uncertainty.

Developing the logic

Logic of Actions The set Q of actions q of the logic is generated over a set A of agents A and a set B of basic actions σ by the following grammar: q ::= ⊥ | ⊤ | 1 | σ | q ∧ q | q ∨ q | q • q | ✷A q | Aq

Algebra of Actions with Adjoint Modalities

• Definition. Let A be a set of agents. A lattice monoid with adjoint

modalities (an LMAM) over A is both (1) a bounded lattice (Q, ∨, ∧, ⊤, ⊥) and (2) a unital monoid (Q, 1, •, ≤), and we have q • (q′ ∨ q′′) = (q • q′) ∨ (q • q′′) and (q′ ∨ q′′) • q = (q′ • q) ∨ (q′′ • q) (1) q • 1 = q and 1 • q = q (2) q ≤ q′ implies Aq ≤ Aq′ (3) q ≤ q′ implies ✷Aq ≤ ✷Aq′ (4) Aq ≤ q′ iff q ≤ ✷Aq′ (5) An LMAM Q over A is multiplicative whenever we have (6) A(q • q′) ≤ Aq • Aq′ (7) A1 ≤ 1

• Proposition. In any LMAM Q over A, the following hold:

A(q ∨ q′) = Aq ∨ Aq′ (8) ✷A(q ∧ q′) = ✷Aq ∧ ✷Aq (9) A(q ∧ q′) ≤ Aq ∧ Aq′ (10) ✷Aq ∨ ✷Aq′ ≤ ✷A(q ∨ q′) (11) A⊥ = ⊥ (12) ✷A⊤ = ⊤ (13) q • (q′ ∧ q′′) ≤ (q • q′) ∧ (q • q′′) (14) (q′ ∧ q′′) • q ≤ (q′ • q) ∧ (q′′ • q) (15) A✷Aq ≤ q (16) q ≤ ✷AAq (17) ✷Aq • ✷Aq′ ≤ ✷A(q • q′) (18) 1 ≤ ✷A1 (19)

Sequent Calculus for Actions We have action items Q and action contexts Θ generated by the following syntax: Q ::= q | ΘA Θ ::= Q list where ΘA will be interpreted as A( Θ), for Θ the composition

• f the interpretations of elements in Θ.

If one of the items inside a context is replaced by a “hole” [ ], we have a context-with-a-hole. More precisely, we have the notions of context-with-a-hole Σ and item-with-a-hole R, defined using mutual recursion as follows: Σ ::= Θ, R, Θ′ R ::= [ ] | ΣA Initial Sequents ⊢ 1 1R σ ⊢ σ Id Σ[⊥] ⊢ q ⊥L Θ ⊢ ⊤ ⊤R

Rules for the lattice operations, composition and modalities: Σ[ ] ⊢ q Σ[1] ⊢ q 1L Σ[qi] ⊢ q Σ[q1 ∧ q2] ⊢ q ∧Li Θ ⊢ q1 Θ ⊢ q2 Θ ⊢ q1 ∧ q2 ∧R Σ[q1] ⊢ q Σ[q2] ⊢ q Σ[q1 ∨ q2] ⊢ q ∨L Θ ⊢ q1 Θ ⊢ q1 ∨ q2 ∨R1 Θ ⊢ q2 Θ ⊢ q1 ∨ q2 ∨R2 Σ[q1, q2] ⊢ q Σ[q1 • q2] ⊢ q •L Θ1 ⊢ q1 Θ2 ⊢ q2 Θ1, Θ2 ⊢ q1 • q2 •R Σ[qA] ⊢ q′ Σ[Aq] ⊢ q′ AL Θ ⊢ q ΘA ⊢ Aq AR Σ[q] ⊢ q′ Σ[(✷Aq)A] ⊢ q′ ✷AL ΘA ⊢ q Θ ⊢ ✷A q ✷AR

And structural Rules, encoding the multiplicative axioms: Σ[ΘA, Θ′A] ⊢ q Σ[(Θ, Θ′)A] ⊢ q Dist Σ[ ] ⊢ q Σ[ A] ⊢ q Unit

Example of Derivation

q ⊢ q Id qB ⊢ Bq BR (qB)A ⊢ ABq AR q′ ⊢ q′ Id q′B ⊢ Bq′ BR (q′B)A ⊢ ABq′ AR (qB)A, (q′B)A ⊢ ABq • ABq′

• R

(qB, q′B)A ⊢ ABq • ABq′ Dist ((q, q′)B)A ⊢ ABq • ABq′ Dist ((q • q′)B)A ⊢ ABq • ABq′ •L (((q • q′) ∧ q′′)B)A ⊢ ABq • ABq′ ∧L q′′ ⊢ q′′ Id q′′B ⊢ Bq′′ BR (q′′B)A ⊢ ABq′′ AR (((q • q′) ∧ q′′)B)A ⊢ ABq′′ ∧L (((q • q′) ∧ q′′)B)A ⊢ (ABq • ABq′) ∧ ABq′′ ∧R B((q • q′) ∧ q′′)A ⊢ (ABq • ABq′) ∧ ABq′′ BL AB((q • q′) ∧ q′′) ⊢ (ABq • ABq′) ∧ ABq′′ AL

Admissibility of Cut Rule

• Theorem. The following Cut rule is admissible

Θ ⊢ q Σ′[q] ⊢ q′ Σ′[Θ] ⊢ q′ Cut

• Proof. Strong induction on the rank of the cut, where the rank is

given by the pair (size of cut formula q, sum of heights of derivations

• f premisses).

This involved checking 17 × 17 cases.

Example of a cases The cut-formula is of the form Aq′′: Θ ⊢ q′′ ΘA ⊢ Aq′′ AR Σ′[q′′A] ⊢ q′ Σ′[Aq′′] ⊢ q′ AL Σ′[ΘA] ⊢ q′ Cut transforms to Θ ⊢ q′′ Σ′[q′′A] ⊢ q′ Σ′[ΘA] ⊢ q′ Cut

Logic of Propositions Given sets A of agents A, At a set of (propositional) atoms p; the set M of propositions m is generated by the following grammar: m ::= ⊥ | ⊤ | p | m ∧ m | m ∨ m | ✷A m | Am | m · q | [q]m The last two binary connectives are mixed action-proposition con- nectives: the operator [q] is the dynamic modality operator and ·q is (as we shall see) its left adjoint, called update, just as A is the left adjoint of ✷A.

Algebra of Propositions with Adjoint Modalities

• Definition. Let A be a set, with elements called agents. A DLAM
• ver A is a bounded distributive lattice (L, ∧, ∨, ⊤, ⊥) with two A-

indexed families such that m ≤ m′ implies Am ≤ Am′ (20) m ≤ m′ implies ✷Am ≤ ✷Am′ (21) Am ≤ m′ iff m ≤ ✷Am′ (22)

Sequent Calculus for Propositions As in the action logic, we have propositional contexts Γ and propo- sitional items I (abbreviated to p–contexts and p-items), generated by the following grammar: Γ ::= I multiset I ::= m | ΓA | ΓΘ where ΓA will be interpreted as A( Γ), for Γ the conjunction

• f the interpretations of elements in Γ, and ΓΘ as ( Γ) · Θ, for

Θ the composition of the interpretations of elements in Θ.

Contexts with holes are defined as before, with more cases. Initial Sequents Γ, p ⊢ p Id ∆[⊥] ⊢ m ⊥L Γ ⊢ ⊤ ⊤R

Rules for the lattice operations and the modal operators are: ∆[m1, m2] ⊢ m ∆[m1 ∧ m2] ⊢ m ∧L Γ ⊢ m1 Γ ⊢ m2 Γ ⊢ m1 ∧ m2 ∧R ∆[m1] ⊢ m ∆[m2] ⊢ m ∆[m1 ∨ m2] ⊢ m ∨L Γ ⊢ m1 Γ ⊢ m1 ∨ m2 ∨R1 Γ ⊢ m2 Γ ⊢ m1 ∨ m2 ∨R2 ∆[mA] ⊢ m′ ∆[Am] ⊢ m′ AL Γ ⊢ m Γ′, ΓA ⊢ Am AR ∆[(✷Am, Γ)A, m] ⊢ m′ ∆[(✷Am, Γ)A] ⊢ m′ ✷AL ΓA ⊢ m Γ ⊢ ✷A m ✷AR

Interaction between propositions and actions A multiplicative LMAM Q acts on a DLAM M (with the same sets

• f agents) whenever we have two pointwise order-preserving maps

· : M × Q → M and [ ] : Q × M → L, with − · q left adjoint to [q]−. These mean the following q ≤ q′ implies m · q ≤ m · q′ (20) m ≤ m′ implies m · q ≤ m′ · q (21) m · q ≤ m′ iff m ≤ [q]m′ (22) And moreover the following must also hold m · (q • q′) = (m · q) · q′ (23) m · 1 = m (24) A(m · q) ≤ Am · Aq (25)

• Proposition. Whenever a multiplicative LMAM Q acts on a DLAM M,

the following hold: (m ∨ m′) · q = (m · q) ∨ (m′ · q) (26) (m ∧ m′) · q ≤ (m · q) ∧ (m′ · q) (27) [q] (m ∧ m′) = [q] m ∧ [q] m′ (28) [q] m ∨ [q] m′ ≤ [q] (m ∨ m′) (29) ⊥ · q = ⊥ (30) [q] ⊤ = ⊤ (31) ([q] m) · q ≤ m (32) m ≤ [q] (m · q) (33)

• q • q′

m = [q]

• q′

m (34) [1] m = m (35)

Sequent Rules for Dynamics ∆[mq] ⊢ m′ ∆[m · q] ⊢ m′ ·L Γ ⊢ m Θ ⊢ q Γ′, ΓΘ ⊢ m · q ·R Θ ⊢ q ∆[([q]m, Γ)Θ, m] ⊢ m′ ∆[([q]m, Γ)Θ] ⊢ m′ DyL Γq ⊢ m Γ ⊢ [q]m DyR And some structural rules: ∆[(ΓA)(ΘA)] ⊢ m ∆[(Γ′, ΓΘ)A] ⊢ m DyDist ∆[ΓΘ,Θ′] ⊢ m ∆[(Γ′, ΓΘ)Θ′] ⊢ m ReArr ∆[(ΓΘ)Θ′] ⊢ m ∆[ΓΘ,Θ′] ⊢ m ReArr′

And more We include all the four kinds of initial sequent and all the fifteen rules of the action logic, and the variants of the L rules (including ⊥L, Dist, Unit) of the action logic obtained by replacing any Σ by Λ and the succedent action q by a proposition m. These rules are ⊥L, 1L, ∧L, ∨L, •L, L, ✷L, Dist and Unit.

Admissible Rules

• Proposition. (1) The following Weakening and Contraction rules

are admissible: ∆[Γ] ⊢ m ∆[Γ, Γ′] ⊢ m Wk ∆[Γ, Γ] ⊢ m ∆[Γ] ⊢ m Contr (2) The ∧L, ∨L, AL, ✷AL, ·L, ∧R, ✷AR, DyR rules are invertible. (3) The rules ⊥R− and ⊤L− are admissible: Γ ⊢ ⊥ ∆[Γ] ⊢ q ⊥R− ∆[⊤] ⊢ m ∆[Γ] ⊢ m ⊤L−

Cut Rules The following DyCut rules are admissible: Θ ⊢ q Λ[q] ⊢ m Λ[Θ] ⊢ m DyCut Γ ⊢ m ∆[m] ⊢ m′ ∆[Γ] ⊢ m′ PrCut

• Proof. This involved checking 17 × 26 plus 26 × 26 cases.

Example of a case The cut-formula is of the form [q]m: Γq ⊢ m Γ ⊢ [q]m DyR Θ ⊢ q ∆[([q]m, Γ′)Θ, m] ⊢ m′ ∆[([q]m, Γ′)Θ] ⊢ m′ DyL ∆[(Γ, Γ′)q] ⊢ m′ PrCut transforms to Θ ⊢ q Γq ⊢ m ΓΘ ⊢ m DyCut Γ ⊢ [q]m ∆[([q]m, Γ′)Θ, m] ⊢ m′ ∆[(Γ, Γ′)Θ, m] ⊢ m′ PrCut ∆′[(Γ, Γ′)Θ, ΓΘ] ⊢ m′ PrCut ∆[(Γ, Γ′)Θ, (Γ, Γ′)Θ] ⊢ m′ Wk ∆[(Γ, Γ′)Θ] ⊢ m′ Contr

Soundness and Completeness We interpret the logic of actions on multiplicative LMAM’s and the logic of propositions on multiplicative LMAM’s acting on DLAM’s. Then for each logic prove

• Theorem. Any derivable sequent is valid.
• Proof. The initial sequents are valid and that the rules are truth-

preserving.

• Theorem. Any valid sequent is derivable.
• Proof. We follow the Lindenbaum-Tarski proof method of complete-

ness (building the counter-model).

Assumptions Each epistemic scenario has assumptions about atomic actions and facts (i.e. atomic propositions) involved in the scenario. For each atomic action σ, there is a weakest proposition k to which the action cannot apply, i.e. k ⊢ [σ]⊥; k is called the kernel of σ. Our basic actions are epistemic, i.e. a basic action σ has no effect

• n any propositional atom p, so if p is true before σ, it will stay true

after it: so p · σ ⊢ p. Each agent A has some uncertainty about each atomic proposition p (and action σ); so we have one or more assumptions of the form “appearance to agent A of fact p is proposition n” and “appearance to agent A of basic action σ is the action w”.

Assumption Rules To formalise these assumptions, we add the following assumption rules: Ker(σ,k) is for the assumption that an atomic action σ has k as kernel, PrApp(A,p,n) is for the assumption that the appearance to agent A of fact p is the proposition n, and App(A,σ,w) is for the assumption that the appearance to agent A of basic action σ is the action w: Γ ⊢ k ∆[Γσ] ⊢ m Ker(σ,k) ∆[(Γ, p)σ, p] ⊢ m ∆[(Γ, p)σ] ⊢ m Fact ∆[(Γ, p)A, n] ⊢ m ∆[(Γ, p)A] ⊢ m PrApp(A,p,n) ∆[Γw] ⊢ m ∆[ΓσA] ⊢ m App(A,σ,w)

Admissible Rules Proposition. The calculus with the assumption rules admits Contr and Wk. Theorem. The calculus with the assumption rules admits DyCut and PrCut.

• Proof. This involved 4 × 17 cases.

Encoding the muddy children puzzle Propositional atoms sβ for β ⊆ {1, · · · , n} where sβ stands for the proposition that ‘exactly the children in β are muddy’ and s∅ stands for the proposition that ‘no child is muddy’. ∆[(Γ, sβ)i, sβ∪{i} ∨ sβ\{i}] ⊢ m ∆[(Γ, sβ)i] ⊢ m PrApp(i,sβ,sβ∪{i}∨sβ\{i}) We denote father’s initial announcement by basic action σ and chil- dren’s ‘no’ replies by basic action σ′. These actions are honest pub- lic announcements, so their appearance to a child i is identity. ∆[Γσ] ⊢ m ∆[Γσi] ⊢ m App(i,σ,σ) ∆[Γσ′] ⊢ m ∆[Γσ′i] ⊢ m App(i,σ′,σ′)

Assumption Rules Father’s initial announcement cannot happen when there are no muddy children, hence the kernel of σ is s∅. Γ ⊢ s∅ ∆[Γσ] ⊢ m Ker(σ,s∅) ‘No’ replies cannot happen if any child knows that he is muddy, hence the kernel of σ′ is ∨i∈β✷isβ. Γ ⊢ ∨i∈β✷isβ ∆[Γσ′] ⊢ m Ker(σ′,∨i∈β✷isβ)

The proof tree of the muddy children puzzle

((s1

2, s2)σ, s2)σ′, s2 ⊢ s2

Id ((s1

2, s2)σ, s2)σ′ ⊢ s2

Fact (s1

2, s2)σσ′ ⊢ s2

Fact (s1

2, s2)σ,σ′ ⊢ s2

ReArr− ((s1

2, s2)2, s2)σ, s2 ⊢ s2 Id

((s1

2, s2)2, s2)σ ⊢ s2

Fact (s1

2, s2)2, s∅ ⊢ s∅

Id ((s1

2, s2)2, s∅)σ ⊢ s2

Ker(σ,s∅) ((s1

2, s2)2, s2 ∨ s∅)σ ⊢ s2

∨L ((s1

2, s2)2, s2 ∨ s∅)(σ2) ⊢ s2

App(σ,2,σ) ((s1

2, s2)2)(σ2) ⊢ s2

PrApp(2,s2,s2∨s∅) ((s1

2, s2)σ)2 ⊢ s2

DyDist (s1

2, s2)σ ⊢ ✷2s2

✷2R (s1

2, s2)σ ⊢ ✷1sβ ∨ ✷2sβ ∨R

(s1

2, s2)σσ′ ⊢ s2

Ker(σ′,✷1sβ∨✷2sβ) (s1

2, s2)σ,σ′ ⊢ s2 ReArr−

(s1

2, s2 ∨ s2)σ,σ′ ⊢ s2

∨L (s1

2, s2 ∨ s2)σ,σ′1 ⊢ s2

App(1,σ′,σ′) (s1

2, s2 ∨ s2)σ1,σ′1 ⊢ s2

App(1,σ,σ) (s1

2, s2 ∨ s2)(σ,σ′)1 ⊢ s2

Dist (s1

2)(σ,σ′)1 ⊢ s2

PrApp(1,s2,s2∨s2) (sσ,σ′

2

)1 ⊢ s2 DyDist sσ,σ′

2

⊢ ✷1s2 ✷1R sσ•σ′

2

⊢ ✷1s2

• L(∗)

s2 ⊢ [σ • σ′]✷1s2 DyR

Muddy children with a modern twist After father’s announcement, a round of honest ‘no’ answers and a round of lying ‘no’ answers, the clean child 3 believes that there are three muddy children.

(s3

2, s2)σ,σ′ ⊢ ✷1s2

(∗) (s3

2, s2)σσ′ ⊢ ✷1s2

ReArr (s3

2, s2)σσ′ ⊢ ✷1sβ ∨ ✷2sβ

∨R (s3

2, s2)σσ′σ′

⊢ s3 Ker(σ′,✷1sβ∨✷2sβ) (s3

2, s2)σ,σ′,σ′ ⊢ s3

ReArr−(twice) (s3

2, s3)σσ′σ′′

, sσ′σ′′

3

, sσ′′

3 , s3 ⊢ s3

Id (s3

2, s3)σσ′σ′′

⊢ s3 Fact (3 times) (s3

2, s3)σ,σ′,σ′′ ⊢ s3

ReArr−(twice) (s3

2, s2 ∨ s3)σ,σ′,σ′ ⊢ s3

∨L (s3

2, s2 ∨ s3)σ3,σ′3,σ′′3 ⊢ s3

App(3,σ,σ), App(3,σ′,σ′), App(3,σ′′,σ′) (s3

2)σ3,σ′3,σ′′3 ⊢ s3

PrApp(3,s2,s2∨s3) (sσ,σ′,σ′′

2

)3 ⊢ s3 DyDist, Dist sσ,σ′,σ′′

2

⊢ ✷3s3 ✷3R sσ•σ′•σ′′

2

⊢ ✷3s3

• L

s2 ⊢ [σ • σ′ • σ′′]✷3s3 DyR

Analysis Our calculus allows a proof procedure close to human reasoning. In first proof and the first (i.e. lowest) three steps DyR, •L, ✷qR rewrite the original statement into a normal form. Then DyDist and Dist apply a belief update procedure, that the appearance to child 1 of an updated proposition is the update of his propositional appearance by his action appearance. The forking rule ∨L creates a case analysis for child 2: the left branch is the real world; the right branch is when he is the only muddy child; the applications of Ker show that this option is impossible. A similar pattern is followed in the second proof, where, at the fork- ing rule, child 3’s possibilities are that either there are three muddy children, or that there are two, but since he has heard two ‘no’ an- swers, the case with two muddy children would be impossible.

Other people’s work Dynamic Epistemic Logic:

• Baltag-Moss-Solecki, van Benthem and the Dutch school
• Hilbert-style axiomatics, no sequent calculus, no proof theory, no

adjoint modalities, no formal logical proof of muddy children, · · · Epistemic Systems of Baltag-Coecke-MS:

• Infinite algebras, calculus with cuts that are not eliminable

Our work Current Work:

• Admissibility of cuts involved checking a grand total of 1500 cases
• Implementation in Haskel: Jael Kriener, Julien Truffault
• Loop Checking and bounded depth first proof search strategy

Future work:

• Complexity and Decision Procedures
• Application to serious domains: robot navigation