Automated Reasoning in Modal, Tense and Temporal Logics Rajeev Gor - - PowerPoint PPT Presentation

Automated Reasoning in Modal, Tense and Temporal Logics

c Rajeev Gor´ e Logic and Computation Group School of Computer Sciences Australian National University http://cecs.anu.edu.au/~rpg Rajeev.Gore@anu.edu.au March 7, 2011 Version 1

1 / 90

Contents

Lecture 1: Modal logic and Tableaux Lecture 2: Description Logic with Converse and Tableaux Lecture 3: Complexity-optimal Tableaux Using and-or Graphs Lecture 4: Propositional Branching Temporal Logic

2 / 90

Lecture 1: Modal logic and modal tableaux

3 / 90

Syntax: atomic formulae, connectives and formulae

Atomic Formulae: p0, p1, p2, p3, · · · meta-variables p, q, r Connectives: ¬, ∧, ∨, →, [], Formulae: every atomic formula p is a formula Formulae: if ϕ and ψ are formulae then so are each of ϕ ∧ ψ, ϕ ∨ ψ, ϕ → ψ, []ϕ, ϕ meta-variables ϕ, ψ Example: [](p1 → p2) → ([]p1 → []p1) Example: []p4 → [][]p2 Example: (p2 ∧ p3) → (p2 ∧ p3)

4 / 90

Semantics: worlds, accessibility relation, valuation

Kripke frame: is a pair W , R where W is a non-empty set (of point/worlds/states) R ⊆ W × W is a binary (accessibility) relation over W Kripke model: is a triple W , R, ϑ where W , R is a Kripke frame ϑ : W × Atoms → {t, f} is a valuation mapping each world w and each atomic formula p to t or else to f Forcing: between worlds and formulae w p if ϑ(w, p) = t p is true at w w ¬ϕ if ϑ(w, ϕ) = f ϕ is false at w w ϕ ∧ ψ if ϑ(w, ϕ) = t and ϑ(w, ψ) = t w ϕ ∨ ψ if ϑ(w, ϕ) = t or ϑ(w, ψ) = t w ϕ → ψ if ϑ(w, ϕ) = f or ϑ(w, ψ) = t w ϕ if ∃v ∈ W .R(w, v) & ϑ(v, ϕ) = t i.e. some R-successor makes ϕ true w []ϕ if ∀v ∈ W .R(w, v) ⇒ ϑ(v, ϕ) = t i.e. every R-successor makes ϕ true

5 / 90

Example

W is the set of all students in this room R(w, v) holds if v ∈ W is one row in front of w ∈ W ϑ(w, p1) = t if student w has a brother ϑ(w, p2) = t if student w has a sister

6 / 90

Semantics of Logical Consequence Γ | = ϕ

M is a Kripke model W , R, ϑ Γ is a finite set of formulae ϕ is a given formula M ϕ if ∀w ∈ W .w ϕ ϕ is true everywhere in M M Γ if ∀ψ ∈ Γ.M ψ every ψ in Γ is true everywhere in M Γ | = ϕ if ∀M = W , R, ϑ.M Γ ⇒ M ϕ if Γ is true everywhere in M then ϕ is true everywhere in M ϕ is valid: if ∅ | = ϕ ϕ is true everywhere in all models ϕ is satisfiable: if ϕ is true in some world in some model Lemma: ϕ is valid iff ¬ϕ is not satisfiable ϕ is satisfiable wrt Γ: if ϕ is true in some world in some model that forces Γ Lemma: Γ | = ϕ iff ¬ϕ is not satisfiable wrt Γ

7 / 90

Negation Normal Form

nnf: a formula ϕ is in negation normal form if the symbol ¬ appears only directly before atomic formulae Lemma: For every ϕ, there exists a formula nnf (ϕ) in negation normal form such that the length of nnf (ϕ) is only polynomially longer than that of ϕ, and ϕ ↔ nnf (ϕ) is valid Proof: Repeatedly distribute negation over subformulae using the following valid principles: | = ¬¬ϕ ↔ ϕ | = (ϕ1 → ψ1) ↔ (¬ϕ1 ∨ ψ1) | = ¬(ϕ1 → ψ1) ↔ (ϕ1 ∧ ¬ψ1) | = ¬(ϕ ∧ ψ) ↔ (¬ϕ ∨ ¬ψ) | = ¬(ϕ ∨ ψ) ↔ (¬ϕ ∧ ¬ψ) | = ¬ϕ ↔ []¬ϕ | = ¬[]ϕ ↔ ¬ϕ Beware: if ↔ is a primitive connective then this blows up!

8 / 90

Examples of negation normal form

| = ¬¬ϕ ↔ ϕ | = (ϕ1 → ψ1) ↔ (¬ϕ1 ∨ ψ1) | = ¬(ϕ1 → ψ1) ↔ (ϕ1 ∧ ¬ψ1) | = ¬(ϕ ∧ ψ) ↔ (¬ϕ ∨ ¬ψ) | = ¬(ϕ ∨ ψ) ↔ (¬ϕ ∧ ¬ψ) | = ¬ϕ ↔ []¬ϕ | = ¬[]ϕ ↔ ¬ϕ Example: ¬([](p0 → p1) → ([]p0 → []p1)) [](p0 → p1) ∧ ¬([]p0 → []p1) [](p0 → p1) ∧ ([]p0 ∧ ¬[]p1) [](¬p0 ∨ p1) ∧ ([]p0 ∧ ¬p1) Example: ¬([]p0 → p0) ([]p0) ∧ (¬p0) ¬([]p0 → [][]p0) ([]p0) ∧ (¬[][]p0) ([]p0) ∧ (¬[]p0) ([]p0) ∧ (¬p0)

9 / 90

Modal Tableaux as Or-trees

Γ is a given finite set of global assumption formulae X, Y , Z are finite possibly empty sets of formulae ϕ; X stands for a partition of the non-empty set {ϕ} ∪ X Z is saturated: if it contains no top level ∧, ∨, [] formulae

Rules

(id)p; ¬p; X (∧)ϕ ∧ ψ; X ϕ; ψ; X (∨) ϕ ∨ ψ; X ϕ; X | ψ; X (K)ϕ; []X; Z Γ; ϕ; X Z is saturated

A K-tableau for Y given global assumptions Γ

is an inverted (or) tree of nodes with:

• 1. a root node nnf (Γ; Y )
• 2. and such that all children nodes are obtained from their

parent node by instantiating a rule of inference A K-tableau is closed if all leaves are (id), else it is open.

10 / 90

Examples of K-Tableau With Γ = ∅

(id)p; ¬p; X (∧)ϕ ∧ ψ; X ϕ; ψ; X (∨) ϕ ∨ ψ; X ϕ; X | ψ; X (K)ϕ; []X; Z Γ; ϕ; X Z is saturated There is a closed K-tableau for ¬([](p0 → p1) → ([]p0 → []p1))

11 / 90

Examples of K-Tableau With Γ = ∅

(id)p; ¬p; X (∧)ϕ ∧ ψ; X ϕ; ψ; X (∨) ϕ ∨ ψ; X ϕ; X | ψ; X (K)ϕ; []X; Z Γ; ϕ; X Z is saturated There is no closed K-tableau for ¬([]p0 → p0) There is no closed K-tableau for ¬([]p0 → [][]p0) How can we be sure, we only looked at one K-tableau for each ?

12 / 90

Examples

(K)ϕ; []X; Z Γ; ϕ; X Z is saturated How many different K-tableaux for p1; p2; ¬p1; []p1; []¬p3 ?

13 / 90

Loops!

The tableau for Γ = {p} and ϕ := q loops! p ; q

R

• p ; p
• p ; p

Solution: check whether new node exists already on the current branch

14 / 90

Soundness

(id)p; ¬p; X (∧)ϕ ∧ ψ; X ϕ; ψ; X (∨) ϕ ∨ ψ; X ϕ; X | ψ; X (K)ϕ; []X; Z Γ; ϕ; X Z is saturated Theorem: If there is a closed K-tableau for Γ∪{¬ϕ0} then Γ | = ϕ0. Proof: For each rule we prove that if the premiss is K-satisfiable then so is at least one conclusion. (id): if p; ¬p; X is satisfiable then ... (∨): if X; ϕ ∨ ψ is K-satisfiable then so is X; ϕ or X; ψ (∧): if X; ϕ ∧ ψ is K-satisfiable then so is X; ϕ; ψ (K): if ϕ; []X; Z is K-satisfiable then so is ϕ; X Each branch n0, n1, · · · , nk of nodes has n0 = Γ ∪ {¬ϕ0} and nk = {p, ¬p} ∪ X for some set X and some atomic formula p. So, if n0 is K-satisfiable then n1 is K-satisfiable ... then p; ¬p; X is K-satisfiable. Contradiction. This applies to every branch. So Γ ∪ {¬ϕ0} is not K-satisfiable i.e. ∀M.M Γ ⇒ M ϕ0

15 / 90

Completeness

Theorem: If Γ | = ϕ0 then there is a closed K-tableau for Γ∪{¬ϕ0}. Proof: We prove the contra-positive: if there is no closed K-tableau for Γ ∪ {¬ϕ0} then Γ | = ϕ0. Assume: that every K-tableau for Γ ∪ {¬ϕ0} is open Show: that Γ ∪ {¬ϕ0} is K-satisfiable i.e. ∃M = W , R, ϑ.∃w ∈ W .M Γ&w ¬ϕ0

16 / 90

Complexity and Optimisations

2exptime: we can explore the same node on multiple branches Optimisations: practical implementations use many optimisations

17 / 90

Lecture 2: Description Logic with Inverse Roles

18 / 90

Syntax: concepts and roles

Concept Names: A, B ::= a0 | a1 | a2 | · · · Role Names: R, S ::= r0 | r1 | r2 | · · · Concepts: C, D ::= ⊤ | ⊥ | A | ¬C | C ⊓ D | C ⊔ D | ∀R.C | ∃R.C TBox: finite set of “axioms” of the form C ⊑ D or C = D. NNF: later assume that all formulae are in Negation Normal Form

19 / 90

Semantics of Description Logics

Interpretation: I = ∆I, ·I consists of a non-empty (domain) set ∆I and an interpretation function ·I that maps every concept name A to a subset AI of ∆I and maps every role name R to a binary relation RI on ∆I Interpretation: of complex concepts is as follows ⊤I = ∆I ⊥I = ∅ (¬C)I = ∆I \ C I (C ⊓ D)I = C I ∩ DI (C ⊔ D)I = C I ∪ DI Intuition:: we have classical propositional logic at least

20 / 90

Semantics of Description Logics

Interpretation: I = ∆I, ·I consists of a non-empty (domain) set ∆I and an interpretation function ·I that maps every concept name A to a subset AI of ∆I and maps every role name R to a binary relation RI on ∆I Interpretation: of complex concepts is as follows (∀R.C)I =

• x ∈ ∆I | ∀y
• (x, y) ∈ RI implies y ∈ C I

(∃R.C)I =

• x ∈ ∆I | ∃y
• (x, y) ∈ RI and y ∈ C I

∀R.C

SI

• RI
• RI
• C

C ∃R.C

SI

• RI
• RI
• C

21 / 90

Semantics of Description Logics

Interpretation: I = ∆I, ·I consists of a non-empty (domain) set ∆I and an interpretation function ·I that maps every concept name A to a subset AI of ∆I and maps every role name R to a binary relation RI on ∆I Interpretation: of complex concepts is as follows ∀R.C means every RI-successor makes C true ∃R.C means some RI-successor makes C true ∀R.C

SI

• RI
• RI
• C

C ∃R.C

SI

• RI
• RI
• C

22 / 90

Semantics of Description Logics

Interpretation: I = ∆I, ·I consists of a non-empty (domain) set ∆I and an interpretation function ·I that maps every concept name A to a subset AI of ∆I and maps every role name R to a binary relation RI on ∆I I satisfies C: if C I = ∅ (true somewhere under I) I validates C: if C I = ∆I (true everywhere under I) Prop: I validates C iff it does not satisfy ¬C I is a model of TBox T : if for every axiom C ⊑ D (resp. C = D)

• f T , we have C I ⊆ DI (resp. C I = DI)

I satisfies a set X of concepts if there exists x ∈ ∆I such that x ∈ C I for all C ∈ X X is satisfiable w.r.t. TBox T : if there exists a model of T that satisfies X.

23 / 90

Negation Normal Form

nnf: a concept C is in negation normal form if the symbol ¬ appears only directly before atomic concepts Lemma: For every C, there exists a concept nnf (C) in negation normal form such that the length of nnf (C) is only polynomially longer than that of C, and C ↔ nnf (C) is valid Proof: Repeatedly distribute negation over subconcepts using the following valid principles: ¬¬C = C (C ⊑ D) = (¬C ⊔ D) ¬(C ⊑ D) = (C ⊓ ¬D) ¬(C ⊓ D) = (¬C ⊔ ¬D) ¬(C ⊔ D) = (¬C ⊓ ¬D) ¬∃R.C = ∀R.¬C ¬∀R.C = ∃R.¬C Beware: if = is a primitive connective then this blows up!

24 / 90

Description Logic Tableaux Are And-Trees

(id)X ; A ; ¬A (⊓)X ; C1 ⊓ C2 X ; C1 ; C2 (⊔)X ; C1 ⊔ C2 X ; Ci i ∈ {1, 2} (∃)X ; ∃R1.C1 ; · · · ; ∃Rn.Cn C1 ; X1 || · · · || Cn ; Xn Xi = {D : ∀Ri.D ∈ X} (⊔) rule does not cause any explicit branching in a tableau (∃) creates an Ri-child node for each ∃Ri.Ci, 1 ≤ i ≤ n || flags and-branching i.e. parent open if all children are open Models: satisfiability requires only one open child for ⊔-nodes but requires an open child for each ∃Ri.Ci

25 / 90

Description Logic Tableaux Are And-Trees

(id)X ; A ; ¬A (⊓)X ; C1 ⊓ C2 X ; C1 ; C2 (⊔)X ; C1 ⊔ C2 X ; Ci i ∈ {1, 2} (∃)X ; ∃R1.C1 ; · · · ; ∃Rn.Cn C1 ; X1 || · · · || Cn ; Xn Xi = {D : ∀Ri.D ∈ X} and-node ∃R.(A ⊔ B); ∃S.(B ⊔ A)

R

• S
• A ⊔ B
• B ⊔ A
• A

B and-node ∃R.(A ⊔ B); ∃S.(B ⊔ A)

R

• S
• A ⊔ B
• B ⊔ A
• B

A All nodes can be considered to be and-nodes i.e. open if all children open

26 / 90

Handling a non-empty TBox T

Change the (E) rule: (∃)X ; ∃R1.C1 ; · · · ; ∃Rn.Cn C1 ; X1 || · · · || Cn ; Xn Xi = {D : ∀Ri.D ∈ X} (∃) X ; ∃R1.C1 ; · · · ; ∃Rn.Cn nnf (T ) ; C1 ; X1 || · · · || nnf (T ) ; Cn ; Xn Xi = {D : ∀Ri.D ∈ X} Blocking: branch can cycle back to an ancestor (loop check) Thm: X is satisfiable w.r.t. TBox T iff there is an open and-tree tableau for the root node containing T ; X Note: real DL provers do not use this naive technique to handle TBoxes but use more sophisticated techniques (model merging)

27 / 90

Inverse Roles

Syntax: allow ∀R−.C and ∃R−.C Interpretation: of complex concepts is as follows (∀R−.C)I =

• x ∈ ∆I | ∀y
• (y, x) ∈ RI implies y ∈ C I

(∃R−.C)I =

• x ∈ ∆I | ∃y
• (y, x) ∈ RI and y ∈ C I

∀R−.C

SI

• C

RI

• C

RI

• ∃R−.C

SI

• C

RI

• RI
• 28 / 90

Inverse Roles

Syntax: allow ∀R−.C and ∃R−.C Interpretation: of complex concepts is as follows (∀R−.C)I means every RI-predecessor makes C true (∃R−.C)I means some RI-predecessor makes C true ∀R−.C

SI

• C

RI

• C

RI

• ∃R−.C

SI

• C

RI

• RI
• Intuition: inverse roles “look” against arrows

29 / 90

Inverse Roles Can Cause Incompatibility

∃R.(A ⊔ B) ⊓ ∃S.C ⊓ ∀R.D

• ∃R.(A ⊔ B) ; ∃S.C ; ∀R.D

R

• S
• ← this node needs an E

A ⊔ B ; D

• C

A := ∀R−.E ; D R-parent: (state) is missing the required concept E Solution: backtrack to parent and “restart” by adding E Dynamic Blocking: all nodes blocked on old state need to be unblocked after adding E e.g. some descendant of C Suboptimal: if this A-branch closes, same work may be required on B-branch and we have to repeat this work

30 / 90

Summary

Description logic ALC: is just multimodal logic Kn where: ∀R.C is analogue of [R]ϕ all R-successors ∃R.C is analogue of Rϕ some R-successor Semantics: of both is in terms of multi-binary-relational frames W , R1, R2, · · · , Rn Inverse roles: are just “converse” modalities Description logic ALCI: is just multi-modal tense logic Ktn where ∀R.C is analogue of [R]ϕ all R-successors ∃R.C is analogue of Rϕ some R-successor ∀R−.C is analogue of [R−1]ϕ all R-predecessors ∃R−.C is analogue of R−1ϕ some R-predecessor Traditional modal tableaux: are or-trees Traditional DL tableaux: are and-trees Both: methods provide suboptimal solutions with worst-case 2exptimebehaviour for an exptime-complete problem

31 / 90

Lecture 3:Complexity-optimal Tableaux Using and-or Graphs

32 / 90

Motivation: can we combine optimality and practicality?

Theory: ALC-satisfiability wrt a TBox is exptime-complete Practice: traditional modal- and DL- tableaux are suboptimal Okay: if done deliberately for practical reasons Example: Knuth-Morris-Pratt (optimal) versus Boyer-Moore (suboptimal) for string matching Example: Linear (optimal) versus Robinson (suboptimal) for unification Not Okay: if known optimal methods “not so easy to understand” Question: Can we get the best of both worlds?

33 / 90

Motivation: can we combine optimality and practicality?

Theory: ALC-satisfiability wrt a TBox is exptime-complete Practice: traditional modal- and DL- tableaux are suboptimal Okay: if done deliberately for practical reasons Example: Knuth-Morris-Pratt (optimal) versus Boyer-Moore (suboptimal) for string matching Example: Linear (optimal) versus Robinson (suboptimal) for unification Not Okay: if known optimal methods “not so easy to understand” Question: Can we get the best of both worlds?

33 / 90

Motivation: can we combine optimality and practicality?

Theory: ALC-satisfiability wrt a TBox is exptime-complete Practice: traditional modal- and DL- tableaux are suboptimal Okay: if done deliberately for practical reasons Example: Knuth-Morris-Pratt (optimal) versus Boyer-Moore (suboptimal) for string matching Example: Linear (optimal) versus Robinson (suboptimal) for unification Not Okay: if known optimal methods “not so easy to understand” Question: Can we get the best of both worlds?

33 / 90

Modal Logic Tableaux Are Or-Trees

(⊔) X ; C1 ⊔ C2 X ; C1 | X ; C2 (∃) X ; ∃R.C C ; {D : ∀R.D ∈ X} (⊔) rule creates explicit or-branching in a tableau | flags or-branching i.e. parent unsat iff both children are unsat (∃) non-deterministically creates an R-child node for some ∃R.C Proofs: unsatisfiability requires us to close both children of an ⊔-node but requires us to close the child of only one ∃Ri.Ci

34 / 90

Modal Logic Tableaux Are Or-Trees

(⊔) X ; C1 ⊔ C2 X ; C1 | X ; C2 (∃) X ; ∃R.C C ; {D : ∀R.D ∈ X} ∃R.(p ⊔ q); ∃S.(q ⊔ p)

R

• r-node

p ⊔ q

• p

q ∃R.(p ⊔ q); ∃S.(q ⊔ p)

S

• r-node

q ⊔ p

• q

p

35 / 90

Description Logic Tableaux Are And-Trees

(⊔) X ; C1 ⊔ C2 X ; Ci i ∈ {1, 2} (∃) X ; ∃R1.C1 ; · · · ; ∃Rn.Cn C1 ; X1 || · · · || Cn ; Xn Xi = {D : ∀Ri.D ∈ X} for 1 ≤ i ≤ n (⊔) rule does not cause any explicit branching in a tableau (∃) creates an Ri-child node for each ∃Ri.Ci, 1 ≤ i ≤ n || flags and-branching i.e. parent sat iff all children are sat Models: satisfiability requires only one open child for ⊔-nodes but requires an open child for each ∃Ri.Ci

36 / 90

Description Logic Tableaux Are And-Trees

(⊔) X ; C1 ⊔ C2 X ; Ci i ∈ {1, 2} (∃) X ; ∃R1.C1 ; · · · ; ∃Rn.Cn C1 ; X1 || · · · || Cn ; Xn and-node ∃R.(p ⊔ q); ∃S.(q ⊔ p)

R

• S
• p ⊔ q
• q ⊔ p
• p

q and-node ∃R.(p ⊔ q); ∃S.(q ⊔ p)

R

• S
• p ⊔ q
• q ⊔ p
• q

p

37 / 90

Search Space is an And-Or Tree

(⊔) X ; C1 ⊔ C2 X ; C1 | X ; C2 (∃) X ; ∃R1.C1 ; · · · ; ∃Rn.Cn C1 ; X1 || · · · || Cn ; Xn and-node ∃R.(p ⊔ q); ∃S.(q ⊔ p)

R

• S
• r-node

p ⊔ q

• r-node

q ⊔ p

• p

q

38 / 90

Termination Via Blocking (aka Loop-Check)

Block a node from expansion if we have seen it before ancestor equality blocking: within same (and- or or-) tree ancestor subset blocking: within same (and- or or-) tree anywhere blocking: within same and-tree dynamic blocking: within same and-tree pair-wise anywhere blocking: within same and-tree Status of a blocked node is immediately classified as open even though its logical status is “unknown” rather than satisfiable. closed = unsat

• pen = {sat, blocked}

39 / 90

Problem: traditional methods are suboptimal

TBoxes (aka global assumptions): imply complexity of deciding satisfiability is now exptime-complete Longest branch: can now contain an exponential number of nodes Branching: means that we can explore double-exponential number

• f nodes in worst case

Culprit: we explore the same node on different or-branches Anywhere blocking: does not help since it is restricted to the same and-tree

40 / 90

Caching: remember the status of previously seen nodes

Caching: store the sat or unsat status of previously seen nodes in a look-up table Use: when creating new tableau node, first check whether this node exists in the cache, and attach same status to new node Assuming current node contains X: if cache contains a node Y ⊇ X (respectively Y ⊆ X) and Y has status sat (unsat) then the current node is given the same status status(Y ) = sat

✫✪ ✬✩

Y

✒✑ ✓✏

X status(Y ) = unsat

✫✪ ✬✩

X

✒✑ ✓✏

Y

41 / 90

Caching Versus Blocking

Cached nodes must have a status of sat or unsat Blocked nodes must have a status of open

42 / 90

Mixed Caching

Cache blocked nodes in same and-tree as sat X ; A ⊔ B

• X ; A ⊔ B
• X ; A

X ; B Must remove such nodes from cache when moving to a different run

43 / 90

Global Caching: never explore the same node twice

root of and-or graph kind status

• X
• cachehit
• Y

cachehit

• Z

W Kind: rule application turns each node into or-node or and-node Status: unexpanded, expanded, unsat, sat Search strategy: immaterial for ALC

44 / 90

Global Caching Algorithm Outline

(⊔) X ; C1 ⊔ C2 X ; C1 | X ; C2 (∃) X ; ∃R1.C1 ; · · · ; ∃Rn.Cn C1 ; X1 ; T || · · · || Cn ; Xn ; T WHILE there are unexpanded nodes, pick one say x if {A, ¬A} ⊆ x then x.status = unsat ElseIf no rule applicable to x then x.status = sat Else apply (⊓) or (⊔) or (∃) rule to x, create children only if they don’t exist in G, add appropriate edges, mark x as expanded if x.status ∈ {unsat, sat} then propagate iteratively END Result: if root.status = unsat then unsat else sat

45 / 90

Propagation: Determining the status of nodes

• r-node: becomes sat if any child becomes sat and becomes

unsat if all children become unsat and-node: becomes unsat if any child becomes unsat and becomes sat if all children become sat

46 / 90

Theorems

Thm: algorithm terminates Proof: finite number of different nodes eventually all nodes exist in G each iteration expands one node Thm: root.status = unsat implies X is unsatisfiable wrt T Proof: by induction on the order in which nodes become unsat Thm: root.status = sat implies X is satisfiable wrt T Proof: any traditional modal- or DL- tableau has an open branch Intuition: unwind cross-branch edges by copying nodes until ancestor-cylce found Thm: Worst-case complexity is exptime Proof: in worst case, we explore all 2n subsets of Sf (T ∪ X)

47 / 90

Implications of Global Caching

Termination: trivial exptime worst-case complexity: immediate (Anywhere) Equality Blocking: comes for free (Global) unsat caching: comes for free Sound (Global) sat caching: comes for free Individual reuse: comes for free

48 / 90

Experimental Results

One framework: written in C++ Implements: no-caching, unsat-caching, mixed-caching, global-caching, all with backjumping (use-check) Benchmarks: TANCS 1999 modal formulae with TBoxes Conclusions: global caching is competitive with mixed-caching Pathological examples exist: where mixed-caching is arbitrarily worse ... reverse not possible But: could not reproduce this behaviour in FaCT++

49 / 90

Inverse Roles Can Cause Incompatibility

∃R.(A ⊔ B) ⊓ ∃S.C ⊓ ∀R.D

• ∃R.(A ⊔ B) ; ∃S.C ; ∀R.D

R

• S
• A ⊔ B ; D
• C

A := ∀R−.E ; D B := ∀R−.¬E ; D

50 / 90

Traditional Solution for Handling Inverse Roles

◮ Choose disjunctions non-deterministically and add

choice-point

◮ Add formulae to nodes as needed ◮ Implementation must revert all changes when backtracking ◮ Plus: event driven ... no unnecessary guessing ◮ Minus: not optimal (nexptime) ◮ Minus: need dynamic blocking since node contents change

• ver time

51 / 90

Global Caching Not Possible

Node with no top-level conjunctions or disjunctions is a state Non-states are pre-states states ∃R.

• ∀R−p. ⊔ ⊥
• R
• √

¬p, ∃R.

• ∀R−p. ⊔ ⊥
• R
• ×

pre-state ∀R−p. ⊔ ⊥

√

Satisfiability of pre-state does not imply satisfiability of state

52 / 90

Our Alternative Method

Starting point: “Sound Global Caching for ALC” from DL07 Node contents fixed: at its creation no dynamic blocking New status type: unexpanded, sat, unsat, open, toosmall Dynamic Status: status of a node changes during the algorithm:

◮ Example 1: unexpanded unsat ◮ Example 2: unexpanded open toosmall

But: status of sat, unsat, or toosmall will not change

53 / 90

Global State Caching: never explore the same state again

Global caching: no two nodes with the same set of formulae Global state caching: no two states with the same set of formulae Saturation: apply ⊓ and ⊔ rules until not applicable (giving state) pre-states (saturation) pre-states (saturation) pre-states (saturation)

s s s

54 / 90

Special Nodes

Basic idea: separate a state from the saturation phase of another state. state s ∃R.A, ∀R.∆, . . .

R

• A, ∆, T

saturate

• special node

∀R−.Γ, Σ If Γ is contained in the formulae of s, the special node is compatible with s.

55 / 90

Compatible Special Nodes

state ∃R.A, ∀R.∆, . . . , Γ

R

• A, ∆, T

saturate

• special node

∀R−.Γ, Σ

• state

(might already exist) ∀R−.Γ, Σ

56 / 90

Not Compatible Special Nodes

remember possible extension Γ for s state s ∃R.A, ∀R.∆, Θ

R

• + Γ

A, ∆, T saturate

• special node

∀R−.Γ, Σ marked as too small

57 / 90

The Algorithm: Main Loop

◮ Pick node x which has not been expanded yet. ◮ Expand x, that is create children if needed and link them

appropriately.

◮ Determine and set the status of x from unexpanded to either

• pen, sat, unsat, or too small (see next slides).

◮ Explicit update/propagation phase, activated by status change

• f a node

58 / 90

Determining the Status of an Or-Node

◮ some child is sat or-node is sat ◮ else: some child is open or unexpanded or-node is open ◮ else: some child is too small or-node is too small ◮ else: all children unsat or-node is unsat

59 / 90

Determining the Status of a State

◮ some child is unsat state is unsat ◮ else: some child is too small state is too small ◮ else: some child is open or unexpanded state is open ◮ else: all children are sat state is sat

60 / 90

Determining the Status of a Special Node

◮ child = too small special node gets the same status ◮ state child too small with possible extensions Γ1, . . . , Γn:

• special

node ∆

• ∆
• behaves like

an or-node

• too small

state ∆

• + Γ1 ...
• + Γn

∆ ∆ ∪ Γ1

...

∆ ∪ Γn

61 / 90

Theorems

◮ Optimality is a consequence of the fact that states are unique. ◮ If a node is sat or remains open, its formulae are jointly

satisfiable.

◮ If a node is unsat, its formulae are not jointly satisfiable. ◮ If the root node is too small, its formulae are not jointly

satisfiable.

62 / 90

Implications of Global State Caching

Termination: immediate since every pre-state must give a state exptime worst-case complexity: immediate (Anywhere) Equality State Blocking: comes for free (Global) sat/unsat caching: just keep a separate cache Sound (Global) sat State caching: comes for free Individual reuse: comes for free ... when it is saturated Dynamic Blocking: not needed

63 / 90

Experimental Results

Implementation: in OCaml using some optimisations Problems: randomly generated formulae of increasing sizes Comparison: against FaCT++ Conclusion: they both behave similarly Paper: “Sound global caching for ALC with Inverse Role”, RG and Florian Widmann, Proc. TABLEAUX 2009 Bug in FaCT++: due to complexity of anywhere pair-wise blocking

64 / 90

Experimental Results

Implementation: in OCaml using some optimisations Problems: randomly generated formulae of increasing sizes Comparison: against FaCT++ Conclusion: they both behave similarly Paper: “Sound global caching for ALC with Inverse Role”, RG and Florian Widmann, Proc. TABLEAUX 2009 Bug in FaCT++: due to complexity of anywhere pair-wise blocking

64 / 90

Lecture 4: Fix-point Logics

LTL: linear temporal logic CTL: computation tree logic PDL: propositional dynamic logic LCK: logic of common knowledge

65 / 90

CTL: Computation Tree Logic

Atomic Formulae: p ::= p0 | p1 | p2 | · · · (AP) Formulae: (Fml) ϕ ::= p | ¬ϕ | ϕ ∧ ϕ | ϕ ∨ ϕ | ϕ → ϕ (CPL) | EXϕ | AXϕ ∃/∀-neXt | E(ϕ U ψ) | A(ϕ U ψ) ∃/∀-Until | E(ϕ B ψ) | A(ϕ B ψ) ∃/∀-Before Note: Ep is not a formula! Unary Modal connectives are: EX· and AX· Binary Modal Connectives are: E(· U ·) A(· U ·) A(· B ·) E(· B ·) NNF: later assume that all formulae are in Negation Normal Form

66 / 90

Semantics of CTL

Transition Frame: pair (W , R) where W is a non-empty set (of worlds) and R is a binary relation over W that is total/serial (which means that ∀w ∈ W . ∃v ∈ W . w R v) Fullpath: in transition frame (W , R) is an infinite sequence σ0, σ1, σ2, . . . of worlds in W with σi R σi+1 for all i ∈ N B(w): is the set of all fullpaths in (W , R) which begin at w ∈ W Model: M = (W , R, L) is a transition frame (W , R) and a labelling function L : W → 2AP where L(w) is the set of atomic formulae true at w Seriality: B(w) is non-empty by seriality

67 / 90

Semantics of CTL

Model: M = (W , R, L) is a transition frame (W , R) and a labelling function L : W → 2AP where L(w) is the set of atomic formulae true at w World forces formula: defined by induction on shape of formula M, w p iff p ∈ L(w), for p ∈ AP M, w ¬ψ iff M, w ψ M, w ϕ ∧ ψ iff M, w ϕ & M, w ψ M, w ϕ ∨ ψ iff M, w ϕ or M, w ψ Intuition: classical connectives behave as usual at a world

68 / 90

Semantics of CTL

Model: M = (W , R, L) is a transition frame (W , R) and a labelling function L : W → 2AP where L(w) is the set of atomic formulae true at w World forces formula: defined by induction on shape of formula M, w EXϕ iff ∃v ∈ W . w R v & M, v ϕ M, w AXϕ iff ∀v ∈ W . w R v ⇒ M, v ϕ Intuitions: EXϕ means “some immediate R-successor forces ϕ” Intuitions: AXϕ means “every immediate R-successor forces ϕ” X: stands for neXt i.e. immediate

69 / 90

Semantics of CTL

Model: M = (W , R, L) is a transition frame (W , R) and a labelling function L : W → 2AP where L(w) is the set of atomic formulae true at w World forces formula: defined by induction on shape of formula M, w E(ϕ U ψ) iff “some fullpath from w forces ϕ until ψ” M, w A(ϕ U ψ) iff “every fullpath from w forces ϕ until ψ” But: have not defined what it means for a fullpath to force a formula Must: express it in terms of a world forcing a formula

70 / 90

Semantics of CTL

World forces formula: defined by induction on shape of formula M, w E(ϕ U ψ) iff ∃σ ∈ B(w). ∃i ∈ N. [M, σi ψ & ∀j < i. M, σj ϕ] M, w A(ϕ U ψ) iff ∀σ ∈ B(w). ∃i ∈ N. [M, σi ψ & ∀j < i. M, σj ϕ] E(ϕ U ψ) ϕ

R

• R
• R
• R
• ϕ

R

• R
• .

. .

R

• ψ

A(ϕ U ψ) ϕ

R

• R
• R
• ψ

R

• ϕ

R

• ϕ

R

• .

. .

R

• ψ

ψ

71 / 90

Semantics of CTL

Model: M = (W , R, L) is a transition frame (W , R) and a labelling function L : W → 2AP where L(w) is the set of atomic formulae true at w World forces formula: defined by induction on shape of ϕ M, w E(ϕ B ψ) iff ∃σ ∈ B(w). ∀i ∈ N. [M, σi ψ ⇒ ∃j < i. M, σj ϕ] “some fullpath from w forces ϕ before it forces ψ” M, w A(ϕ B ψ) iff ∀σ ∈ B(w). ∀i ∈ N. [M, σi ψ ⇒ ∃j < i. M, σj ϕ] “every fullpath from w forces ϕ before it forces ψ” Note: it is possible that ψ is never forced in both cases

72 / 90

Exercises for CTL

• 1. Show that M, w AXϕ iff M, w ¬EX¬ϕ

(duality)

• 2. Give semantics for EFϕ := E(⊤ U ϕ) where ⊤ := p0 ∨ ¬p0
• 3. Give semantics for AFϕ := A(⊤ U ϕ) where ⊤ := p0 ∨ ¬p0
• 4. Work out the semantics for AGϕ := ¬EF¬ϕ
• 5. Work out the semantics for EGϕ := ¬AF¬ϕ
• 6. Why can’t we define AGϕ := A(ϕ U ⊥) where ⊥ := p0 ∧ ¬p0
• 7. Why can’t we define EGϕ := E(ϕ U ⊥) where ⊥ := p0 ∧ ¬p0
• 8. Express AGϕ and EGϕ in terms of A(· B ·) and E(· B ·) (resp)

73 / 90

Exercises for CTL

NNF: Show that ¬E(ϕ U ψ) ↔ A((¬ϕ) B ψ) is CTL-valid NNF: Show that ¬A(ϕ U ψ) ↔ E((¬ϕ) B ψ) is CTL-valid NNF: Show that ¬E(ϕ B ψ) ↔ A((¬ϕ) U ψ) is CTL-valid NNF: Show that ¬A(ϕ B ψ) ↔ E((¬ϕ) U ψ) is CTL-valid β: Show that E(p U q) ↔ q ∨ (p ∧ EXE(p U q)) is CTL-valid β: Show that A(p U q) ↔ q ∨ (p ∧ AXA(p U q)) is CTL-valid α: Show that E(p B q) ↔ ¬q ∧ (p ∨ EXE(p B q)) is CTL-valid α: Show that A(p B q) ↔ ¬q ∧ (p ∨ AXA(p B q)) is CTL-valid

74 / 90

Smullyan’s α− and β−notation

Notation captures abstract “conjunctive” and “disjunctive” notions

α α1 α2 ϕ ∧ ψ ϕ ψ E(ϕ B ψ) ∼ψ ϕ ∨ EXE(ϕ B ψ) A(ϕ B ψ) ∼ψ ϕ ∨ AXA(ϕ B ψ) AG ϕ ϕ AXAG ϕ β β1 β2 ϕ ∨ ψ ϕ ψ E(ϕ U ψ) ψ ϕ ∧ EXE(ϕ U ψ) A(ϕ U ψ) ψ ϕ ∧ AXA(ϕ U ψ) EF ϕ ϕ EXEF ϕ

Define: ∼ψ := NNF(¬ψ) Prop: all instances of α ↔ α1 ∧ α2 and β ↔ β1 ∨ β2 are CTL-valid Note: some of these equivalences require that R is serial/total

75 / 90

Tableau Rules for CTL

α α1 α2 ϕ ∧ ψ ϕ ψ E(ϕ B ψ) ∼ψ ϕ ∨ EXE(ϕ B ψ) A(ϕ B ψ) ∼ψ ϕ ∨ AXA(ϕ B ψ) AG ϕ ϕ AXAG ϕ β β1 β2 ϕ ∨ ψ ϕ ψ E(ϕ U ψ) ψ ϕ ∧ EXE(ϕ U ψ) A(ϕ U ψ) ψ ϕ ∧ AXA(ϕ U ψ) EF ϕ ϕ EXEF ϕ

Define: ∼ψ := NNF(¬ψ) Prop: all instances of α ↔ α1 ∧ α2 and β ↔ β1 ∨ β2 are valid Assume: that all formulae are in Negation Normal Form Tableau Rules: only applicable to non-starred formulae

(α) Γ; α α∗; Γ; α1; α2 (β) Γ; β β∗; Γ; β1 | β∗; Γ; β2 (EX)Λ; EXϕ1; · · · ; EXϕn; AX∆ ϕ1; ∆ || · · · || ϕn; ∆ where Λ contains only atoms, negated atoms and starred formulae

76 / 90

Tableau Calculus for CTL: (Construction) Phase 1

V , E: a graph of nodes V and edges E Initialise: put V := {r} where root node r contains a given finite set Y of NNF-formulae, put E := ∅ and mark r as unexpanded Repeat: choose an unexpanded node x from V Expand: If some rule is applicable to x then Apply: apply the rule giving n ≥ 1 children w1, · · · , wn Check: for i = 1 · · · n, if wi duplicates some v ∈ V then add (x, v) to E else add wi to V and add (x, wi) to E Mark: x as expanded Until all nodes in V are expanded Seriality: for every childless node x ∈ V add (x, x) to E Termination: only finite number of different nodes possible

77 / 90

Tableau Method for CTL: (Pruning) Phase 2

Unstar: starred formulae in V , E Path: a maximal (cyclic) sequence of nodes starting at the root Eventuality: E(ϕ U ψ) / A(ϕ U ψ) since it entails that eventually ψ must become true on some/every path Fulfilled: E(ϕ U ψ) ∈ s is fulfilled if for some path s0 = s, s1, · · · from s there exists a k such that ψ ∈ sk and ϕ ∈ sj for all j < k Fulfilled: A(ϕ U ψ) ∈ s is fulfilled if for every path s0 = s, s1, · · · from s there exists a k such that ψ ∈ sk and ϕ ∈ sj for all j < k Repeat: given V , E from Phase 1

◮ delete all nodes that contain a pair {p, ¬p} ◮ delete all nodes with no E-successor (seriality) ◮ delete all nodes that contain an un-fulfilled eventuality

Until: root is deleted or no node is deleted Thm: Y is satisfiable iff the root node is not deleted

78 / 90

Example: is AGp → AGp CTL-valid ? Phase 1

α α1 α2 AG ϕ ϕ AXAG ϕ β β1 β2 EF ϕ ϕ EXEF ϕ (EX)Λ; EXϕ1; · · · ; EXϕn; AX∆ ϕ1; ∆ || · · · || ϕn; ∆ ¬(AG p → AG p)

nnf

• AG p ; EF ¬p

α

(AG p)∗ ; EF ¬p p ; AXAG p

β1

• β2
• (AG p)∗ ; (EF ¬p)∗

p ; AXAG p ; ¬p (AG p)∗ ; (EF ¬p)∗ p ; AXAG p ; EXEF ¬p

EX

• 79 / 90

Example: is AGp → AGp CTL-valid ? Phase 2

¬(AG p → AG p)

nnf

• AG p ; EF ¬p

α

AG p ; EF ¬p p ; AXAG p

β2

• AG p ; EF ¬p

p ; AXAG p ; ¬p AG p ; EF ¬p p ; AXAG p ; EXEF ¬p

EX

• Unstar all starred formulae

Prune the node containing {p, ¬p}

80 / 90

Example: is AGp → AGp CTL-valid ? Phase 2

¬(AG p → AG p)

nnf

• AG p ; EF ¬p

α

AG p ; EF ¬p p ; AXAG p

β2

• AG p ; EF ¬p

p ; AXAG p ; ¬p AG p ; EF ¬p p ; AXAG p ; EXEF ¬p

EX

• Prune the root containing EF ¬p since no path reaches ¬p

That is, AG p ; EF ¬p is not CTL-satisfiable. Hence AG p → AG p is CTL-valid.

81 / 90

Fixpoint Logics: PLTL, CTL, LCK, PDL

PLTL: ϕ U ψ ↔ ψ ∨ X(ϕ U ψ) CTL: E (ϕ U ψ) ↔ ψ ∨ EX(ϕ U ψ) LCK: Cψ ↔ Eψ ∨ ECψ PDL: α∗ψ ↔ ψ ∨ αα∗ψ Least Fixpoint Expansion Rule: now or later Global condition: Must ensure that the formula ψ eventually becomes true (unfulfilled eventualities))

82 / 90

Traditional Multipass Methods

Phase 1: apply rules to obtain a cyclic graph Phase 2: prune inconsistent nodes and nodes that cannot fulfil their eventualities using multiple passes Answer unsat: if root node gets pruned Answer sat: if no pruning possible (all eventualities fulfilled) Advantage: optimal Disadvantage: can do unnecessary work Example: EFψ1 ∧ EFΨ2 where EFψ is easily shown to be unsatisfiable and EFΨ is much harder

83 / 90

One-pass And-Or Tree Tableaux

One pass: build a rooted and-or tree with ancestor cycles and allow nodes to pass up a list of unfulfilled eventualities Advantage: can explore one branch at a time Disadvantage: suboptimal (2exptime) EFψ

fulfill

• procrastinate
• ψ

EFEXψ i X i + 1

• r-node

(ev, min(j,k))

• i + 2

(ev, j)

• i + 2

(ev, k)

• Close: any node at height h with an eventuality (ev, h + 1)

84 / 90

On-the-fly And-Or Graph Tableaux

Interleave: the graph building and graph pruning phases Advantage: optimal Disadvantage: requires more memory rt

done

• todo
• z

f

• f
• todo
• ·

f

• f
• f
• todo
• u

f

• f
• y

f

• x

f

• b
• todo
• w

b

• ·

v

b

• y′

85 / 90

On-the-fly And-Or Graph Tableaux

Fulfilled: in the graph to the left of the frontier Potentially fulfillable: path from x always procrastinates but hits a forward-ancestor of x on the current branch e.g. the path x, y, v, u, w, z Closed: unfulfilled and unfulfillable rt

done

• todo
• z

f

• f
• todo
• ·

f

• f
• f
• todo
• u

f

• f
• y

f

• x

f

• b
• todo
• w

b

• ·

v

b

• y′

86 / 90

Theorems for On-the-fly Tableau

Thm: root.status = unsat implies X is unsatisfiable wrt T Proof: not trivial Thm: root.status = sat implies X is satisfiable wrt T Proof: not trivial Thm: Worst-case complexity is exptime Proof: in worst case, we explore 2n different (annotated) nodes

87 / 90

Experimental Results

GMUL: multipass method using and-or tree-tableaux BDDCTL: BBD-based method CTL-RP: modal resolution-based method TreeTab: tree-tableaux uev-based method (suboptimal) MLSolver: method based upon parity games Conclusions:

◮ resolution and bdd methods are more robust ◮ TreeTab either succeeds spectacularly or fails spectacularly ◮ GMUL is not competitive against CTL-RP and BDDCTL ◮ MLSolver is generally worst ◮ hybrid of TreeTab and BBDCTL solves the most problems

Further work: needed to find efficient data structures for tableau-based methods (as already enjoyed by BDD and resolution methods)

88 / 90

Experimental Results

GMUL: multipass method using and-or tree-tableaux BDDCTL: BBD-based method CTL-RP: modal resolution-based method TreeTab: tree-tableaux uev-based method (suboptimal) MLSolver: method based upon parity games Conclusions:

◮ resolution and bdd methods are more robust ◮ TreeTab either succeeds spectacularly or fails spectacularly ◮ GMUL is not competitive against CTL-RP and BDDCTL ◮ MLSolver is generally worst ◮ hybrid of TreeTab and BBDCTL solves the most problems

Further work: needed to find efficient data structures for tableau-based methods (as already enjoyed by BDD and resolution methods)

88 / 90

Tableaux-based Prototypes and a Warning

Provers for many logics available: http://users.cecs.anu.edu.au/~rpg/software.html Warning: Obvious optimisations not always sound

89 / 90

References

ALC: “Sound Global Caching for ALC”, DL 2007 ALC “An Experimental Evaluation of Global Caching for ALC (System Description)”, IJCAR 2008 ALCI: “Sound Global State Caching for ALC with Inverse Roles”, TABLEAUX 2009 PLTL: “A New One-Pass Tableau Algorithm for PLTL”, S Schwendimann, Proc. TABLEAUX 1998 CTL: “One-pass Tableaux for Computational Tree Logic”, Proc. LPAR 2007 LCK: “Cut-free Single-pass Tableaux for the Logic of Common Knowledge” Workshop on Agents and Deduction at TABLEAUX 2007 PDL: “An On-the-fly Tableau-based Decision Procedure for PDL”,

• Proc. M4M 2007

PDL: “An Optimal On-the-fly Tableau-based Decision Procedure for PDL”, CADE 2009 CPDL: “An Optimal and Cut-free Tableau-based Decision Procedure for CPDL”, IJCAR 2010

90 / 90