Certification of prefixed tableau proofs for modal logic Tomer Libal - - PowerPoint PPT Presentation

Certification of prefixed tableau proofs for modal logic

Tomer Libal and Marco Volpe

INRIA, Parsifal Team

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Can we trust provers?

Complex software is rarely free of bugs. Automated theorem provers are complex software - can we trust them?

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

The Provers’ Tower of Babel

Current provers can rarely share each other’s proofs Work has been done for building bridges between two specific provers (but even a change in the version number of one prover can cause that bridge to collapse)

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Towards proof certification

Motivating questions

1 Can we trust provers? 2 Can provers talk a common language?

Goal Provide a flexible framework for defining the semantics of a wide range of proof evidences in such a way that: provers would define the meaning of their own proof evidence; trusted proof checkers would be able to interpret that meaning and check its formal correctness.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

An analogy

Structural Operational Semantics

1 There are many programming languages. 2 SOS can define the semantics of many of them. 3 Compilers can be built based on the semantics.

Foundational Proof Certificates (FPCs)

1 There are many forms of proof evidence. 2 FPC can define the semantics of many of them. 3 Checkers can be built based on the semantics.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Foundational Proof Certificates

Proof evidence: The proof output from a prover. Pretty printer: Some program for properly formatting the proof evidence. FPC specification: Specification of predicates used to interpret the proof evidence in order to guide the kernel proof search. Kernel: A trustable low-level calculus, with additional control predicates.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Foundational Proof Certificates (our implementation)

Proof evidence: The proof output from a prover. Pretty printer: Some (typically OCaml) program for properly formatting the proof evidence (as a λProlog file). FPC specification: λProlog specification of predicates used to interpret the proof evidence in order to guide the kernel proof search. Kernel: An encoding of (focused) sequent calculus (LKF + control predicates) as a λProlog program.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Focused proof systems

Let’s consider a sequent calculus for classical first-order logic (LK). Reduce the search space. Better organize the structure of derivations. Emphasis on: non-invertible vs. invertible rules. Propositional connectives have:

a positive version; a negative version.

⊢ Θ, Bi ⊢ Θ, B1 ∨ B2 ∨

+ F

⊢ Θ, B1, B2 ⊢ Θ, B1 ∨ B2 ∨

− F

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Focused proof systems

Let’s consider a sequent calculus for classical first-order logic (LK). Reduce the search space. Better organize the structure of derivations. Emphasis on: non-invertible vs. invertible rules. Propositional connectives have:

a positive version; a negative version.

Polarization of a formula does not affect its provability.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Focused proof systems

store (a positive formula to possibly focus on later) ⊢ Θ ⇑ Γ t−, f −, ∨

−, ∧ −, ∀

release ⊢ Θ ⇓ A t+, f +, ∨

+, ∧ +, ∃

decide (on a positive formula to focus on)

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Focused proof systems

store (a positive formula to possibly focus on later) ⊢ Θ ⇑ Γ NEGATIVE PHASE (invertible) release (change of phase) ⊢ Θ ⇓ A POSITIVE PHASE (non-invertible) decide (on a positive formula to focus on)

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Focused proof systems

store (a positive formula to possibly focus on later) ⊢ Θ ⇑ Γ t−, f −, ∨

−, ∧ −, ∀

By the way, release this is a BIPOLE ⊢ Θ ⇓ A t+, f +, ∨

+, ∧ +, ∃

decide (on a positive formula to focus on)

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

A focused proof system for classical logic (LKF)

Negative introduction rules ⊢ Θ ⇑ t− , Γ t− ⊢ Θ ⇑ A, Γ ⊢ Θ ⇑ B, Γ ⊢ Θ ⇑ A ∧

− B, Γ

∧

−

⊢ Θ ⇑ Γ ⊢ Θ ⇑ f − , Γ f − ⊢ Θ ⇑ A, B, Γ ⊢ Θ ⇑ A ∨

− B, Γ ∨ −

⊢ Θ ⇑ [y/x]B, Γ ⊢ Θ ⇑ ∀x.B, Γ ∀† Positive introduction rules ⊢ Θ ⇓ t+ t+ ⊢ Θ ⇓ B1 ⊢ Θ ⇓ B2 ⊢ Θ ⇓ B1 ∧

+ B2

∧

+

⊢ Θ ⇓ Bi ⊢ Θ ⇓ B1 ∨

+ B2

∨

+, i ∈ {1, 2}

⊢ Θ ⇓ [t/x]B ⊢ Θ ⇓ ∃x.B ∃ Identity rules ⊢ ¬Pa, Θ ⇓ Pa init ⊢ Θ ⇑ B ⊢ Θ ⇑ ¬B ⊢ Θ ⇑ · cut Structural rules ⊢ Θ, C ⇑ Γ ⊢ Θ ⇑ C, Γ store ⊢ Θ ⇑ N ⊢ Θ ⇓ N release ⊢ P, Θ ⇓ P ⊢ P, Θ ⇑ · decide

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Labeled proof systems

Labeled deduction approach: we encode in the syntax additional information (e.g. of a semantic nature). Labels denoting worlds Two classes of formulas:

1

Labeled logical formulas, e.g. x : A

2

Relational formulas, e.g. xRy

The basic idea is:

each label y refers to a world y in the Kripke semantics the relational symbol R refers to the accessibility relation

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

A labeled sequent system for modal logic

Classical rules x : P, Γ ⊢ ∆, x : P init x : A, x : B, Γ ⊢ ∆ x : A ∧ B, Γ ⊢ ∆ L∧ Γ ⊢ ∆, x : A Γ ⊢ ∆, x : B Γ ⊢ ∆, x : A ∧ B R∧ x : A, Γ ⊢ ∆ x : B, Γ ⊢ ∆ x : A ∨ B, Γ ⊢ ∆ L∨ Γ ⊢ ∆, x : A, x : B Γ ⊢ ∆, x : A ∨ B R∨ Modal rules y : A, x : A, xRy, Γ ⊢ ∆ x : A, xRy, Γ ⊢ ∆ L xRy, Γ ⊢ ∆, y : A Γ ⊢ ∆, x : A R xRy, y : A, Γ ⊢ ∆ x : ♦A, Γ ⊢ ∆ L♦ xRy, Γ ⊢ ∆, x : ♦A, y : A xRy, Γ ⊢ ∆, x : ♦A R♦ In R and L♦, y does not occur in the conclusion.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

A prefixed tableau system for modal logic

Classical rules σ : A ∧ B σ : A, σ : B ∧F σ : A ∨ B σ : A | σ : B ∨F Modal rules σ : A σ.n : A F σ : ♦A σ.n : A ♦F In F, σ.n is used. In ♦F, σ.n is new.

Plus branch closure rules, of course.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Labeling and focusing

PROPOSITIONAL MODAL LOGIC FIRST-ORDER CLASSICAL LOGIC STANDARD TRANSLATION LABELED PROOF SYSTEM FOCUSED PROOF SYSTEM

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Labeling and focusing

PROPOSITIONAL MODAL LOGIC FIRST-ORDER CLASSICAL LOGIC STANDARD TRANSLATION LABELED PROOF SYSTEM FOCUSED PROOF SYSTEM LESS STANDARD TRANSLATION + -

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Labeling and focusing

PROPOSITIONAL MODAL LOGIC FIRST-ORDER CLASSICAL LOGIC STANDARD TRANSLATION LABELED PROOF SYSTEM FOCUSED PROOF SYSTEM LESS STANDARD TRANSLATION + - inference rule bipole

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

The standard translation

Modal language ⇒ FO language with:

• a binary predicate R
• a unary predicate P for each P ∈ P

STx(P)

= P(x)

STx(A ∧ B)

= STx(A) ∧ STx(B)

STx(A)

= ∀y(¬R(x, y) ∨ STy(A))

STx(♦A)

= ∃y(R(x, y) ∧ STy(A))

where x is a free variable. For any modal formula A, any model M and any world w: M, w | = A iff M | = STx(A)[x ← w]

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Our translation [·]

STx(P)

= P(x)

[x : P]

= P(x)

STx(A ∧ B)

= STx(A) ∧ STx(B)

[x : A ∧ B]

= ∂+([x : A]) ∧

−∂+([x : B])

STx(A)

= ∀y(¬R(x, y) ∨ STy(A))

[x :

• A]

= ∀y(¬R(x, y)∨

−∂+([y : A]))

STx(♦A)

= ∃y(R(x, y) ∧ STy(A))

[x : ♦ ♦ ♦A]

= ∃y(R(x, y)∧

+∂−(∂+([y : A])))

Delay operators (∂+, ∂−) force a formula to be positive or negative.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Theorem of adequacy

PROPOSITIONAL MODAL LOGIC FIRST-ORDER CLASSICAL LOGIC STANDARD TRANSLATION LABELED PROOF SYSTEM FOCUSED PROOF SYSTEM LESS STANDARD TRANSLATION + - inference rule bipole

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

LKF + control predicates

⊢ Θ ⇓ [t/x]B ⊢ Θ ⇓ ∃x.B ∃ Ξ′ ⊢ Θ ⇓ [t/x]B existse(Ξ, t, Ξ′) Ξ ⊢ Θ ⇓ ∃x.B Typically, in an FPC specification, the information about t will be contained in Ξ. e.g., Ξ = {t, t1, . . . , tn} and Ξ′ = {t1, . . . , tn}.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

The augmented focused system LKF a

Invertible Rules Ξ′ ⊢ Θ ⇑ A, Γ Ξ′′ ⊢ Θ ⇑ B, Γ andNegc(Ξ, Ξ′, Ξ′′) Ξ ⊢ Θ ⇑ A ∧

− B, Γ

Ξ′ ⊢ Θ ⇑ A, B, Γ

• rNegc(Ξ, Ξ′)

Ξ ⊢ Θ ⇑ A ∨

− B, Γ

(Ξ′y) ⊢ Θ ⇑ [y/x]B, Γ allc(Ξ, Ξ′) Ξ ⊢ Θ ⇑ ∀x.B, Γ † Focused Rules Ξ′ ⊢ Θ ⇓ B1 Ξ′′ ⊢ Θ ⇓ B2 andPose(Ξ, Ξ′, Ξ′′) Ξ ⊢ Θ ⇓ B1 ∧

+ B2

Ξ′ ⊢ Θ ⇓ Bi

• rPose(Ξ, Ξ′, i)

Ξ ⊢ Θ ⇓ B1 ∨

+ B2

Ξ′ ⊢ Θ ⇓ [t/x]B existse(Ξ, t, Ξ′) Ξ ⊢ Θ ⇓ ∃x.B Identity rules Ξ′ ⊢ Θ ⇑ B Ξ′′ ⊢ Θ ⇑ ¬B cute(Ξ, Ξ′, Ξ′′, B) Ξ ⊢ Θ ⇑ · cut l,¬Pa ∈ Θ initiale(Ξ, l) Ξ ⊢ Θ ⇓ Pa init Structural rules Ξ′ ⊢ Θ ⇑ N releasee(Ξ, Ξ′) Ξ ⊢ Θ ⇓ N release Ξ′ ⊢ Θ, l,C ⇑ Γ storec(Ξ, C, l, Ξ′) Ξ ⊢ Θ ⇑ C, Γ store Ξ′ ⊢ Θ ⇓ P l,P ∈ Θ decidee(Ξ, l, Ξ′) Ξ ⊢ Θ ⇑ · decide

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

FPC specifications (1)

A proof is punctually represented by specifying:

1 at each step, on which formula we apply a rule

(decide-predicate);

2 in the case of a ♦-formula, with respect to which label

(∃-predicate);

3 in the case of an initial, with respect to which complementary

literal (init-predicate). This gives rise to a punctual FPC specification: it allows for reconstructing the proof in a very faithful way; it might be not very concise.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

FPC specifications (2)

We can only require some essential information:

1 a mapping between - and ♦- formulas (∃-predicate); 2 a mapping between complementary literals (init-predicate).

This gives rise to an essential FPC specification: it leaves the checker free of doing some not-driven reconstruction; it is less faithful but also more concise.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

FPC specifications

The essential specification can be used also to check proofs in, e.g., free variable (FV) tableaux (where punctual is not possible). 1 : ♦¬p ∨ ♦¬q 1 : (p ∧ q) 1 : ♦¬p 1.1 : ¬p 1.1 : p ∧ q 1.1 : p 1.1 : q 1 : ♦¬q 1.2 : ¬q 1.2 : p ∧ q 1.2 : p 1.2 : q 1 : ♦¬p ∨ ♦¬q 1 : (p ∧ q) 1.x : p ∧ q 1.x : p 1.x : q 1 : ♦¬p 1.1 : ¬p x → 1 1 : ♦¬q 1.2 : ¬q x → 2

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Tests

Formalism Prover Punctual FPC Essential FPC Labeled sequents by hand V V Prefixed tableaux ModLEAN-TAP V V FV-tableaux ModLEAN-TAP X V

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Conclusion

In this paper Application of the use of a general framework for proof checking/certification to modal logics. Two different specifications for prefixed tableau proofs. Current and future work Extension to modal logics represented by geometric frame properties. Extension to other formalisms:

“unlabeled” sequent systems; nested sequent systems; hypersequent systems; resolution methods.

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic

Thank you!

• T. Libal, M. Volpe

Certification of prefixed tableau proofs for modal logic