Formalising Algorithmic Correspondence for Modal Languages - - PowerPoint PPT Presentation

Formalising Algorithmic Correspondence for Modal Languages

Removing propositional variables with SQEMA in Coq by

Merlin Göttlinger

February 20, 2018

Fundamentals 2/52

Fundamentals

Modal Syntax

Fundamentals 3/52

Let… τ = (O0, ρ0) be a modal similarity type consisting of a set O0 of base modal terms together with an arity function ρ0 : O0 → N, A be the set of atoms, N be the set of nominals. All sets involved are assumed to be disjoint.

Modal Terms

Fundamentals 4/52

Define now sets MT and MF and arity function ρ mutually: MT: α, β ::= ⊥ | ι1 | ι2 | ϕ | α(β1, . . . , βρ(α)) | o | α−i where 0 < i ≤ ρ(α), ϕ ∈ MF not mentioning any atoms or nominals, and o ∈ O0. Define arity function ρ as ρ(⊥) = 0 ρ(ι1) = 1 ρ(ι2) = 2 ρ(ϕ) = 0 ρ(α(β1, . . . , βn)) = ρ(β1) + · · · + ρ(βn) ρ(o) = ρ0(o) ρ(α−i) = ρ(α)

Modal Formulas

Fundamentals 5/52

MF: ϕ, ψ ::= p | j | ¬ϕ | ϕ ∨ ψ | ♦α(ϕ1, . . . , ϕρ(α)) where α ∈ MT, p ∈ A and j ∈ N. Plus the following definitions: ϕ → ψ := ¬ϕ ∨ ψ ϕ ∧ ψ := ¬(¬ϕ ∨ ¬ψ) ϕ ↔ ψ := (ϕ → ψ) ∧ (ψ → ϕ) α(ϕ1, . . . , ϕn) := ¬♦α(¬ϕ1, . . . , ¬ϕn) −i

α (ϕ1, . . . , ϕn) := α−i(ϕ1, . . . , ϕn)

Modal Term Semantics

Fundamentals 6/52

Definition (Kripke Frame)

A (Kripke) τ-frame F = (W, {Ro}o∈O0) consists of a set of worlds W and a (ρ(α) + 1)-ary accessibility relation Ro for each base modal term o. The relation for the nonrecursive elements in MT is defined as R⊥ := ∅ Rι1 := {(w, w) | w ∈ W} Rι2 := {(w, w, w) | w ∈ W} Rϕ := {w | (F, w) ϕ}

Modal Term Semantics

Fundamentals 7/52

The relations for the other modal terms are defined as follows: Rα−i := {(wi, w1, . . . , wi−1, w, wi+1, . . . , wn) | (w, w1, . . . , wn) ∈ Rα} Rα(β1,...,βn) := {(w, w11, . . . , w1b1, . . . , wn1, . . . , wnbn) | ∃u1 . . . un.Rα(w, u1, . . . , un)∧

n

• i=1

Rβi(ui, wi1, . . . , wibi)} where α has arity n and b1, . . . , bn are the arities of β1, . . . , βn.

Validity

Fundamentals 8/52

Definition (Kripke Model)

A Kripke τ-model based on a τ-frame F is a triple M = (F, V, N) where V : A → 2W is the valuation and N : N → W the nominal valuation.

Definition (Pointedness)

A pointed τ-frame (F, w) is a pair of a frame F with a world w ∈ W. Similarly a pointed τ-model is a pair of a model with a world.

Validity

Fundamentals 9/52

Validity of a modal formula in a pointed model is defined recursively: (M, w) p ifg w ∈ V(p) (M, w) j ifg w = N(j) (M, w) ¬ϕ ifg (M, w) ϕ (M, w) ϕ ∨ ψ ifg (M, w) ϕ or (M, w) ψ (M, w) ♦α(ϕ1, . . . , ϕρ(α)) ifg there exist w1 . . . wρ(α) such that Rα(w, w1, . . . , wρ(α)) and (M, wi) ϕi for each 1 ≤ i ≤ ρ(α)

Applied Modalities

Fundamentals 10/52

What do those applied modalities mean? Rα(β1,...,βn) := {(w, w11, . . . , w1b1, . . . , wn1, . . . , wnbn) | ∃u1 . . . un.Rα(wu1, . . . , un)∧

n

• i=1

Rβi(ui, wi1, . . . , wibi)} (M, w) ♦α(ϕ1, . . . , ϕρ(α)) ifg there exist w1 . . . wρ(α) such that Rα(w, w1, . . . , wρ(α)) and (M, wi) ϕi for each 1 ≤ i ≤ ρ(α) so ♦α(β1,...,βn)(ϕ11, . . . , ϕ1b1, . . . ) ≡ ♦α(♦β1(ϕ11, . . . , ϕ1b1), . . . )

Special Modalities

Fundamentals 11/52

R⊥ := ∅ Rϕ := {w | (F, w) ϕ} Rι1 := {(w, w) | w ∈ W} Rι2 := {(w, w, w) | w ∈ W} (M, w) ♦α(ϕ1, . . . , ϕρ(α)) ifg there exist w1 . . . wρ(α) such that Rα(w, w1, . . . , wρ(α)) and (M, wi) ϕi for each 1 ≤ i ≤ ρ(α) ♦⊥ ≡ ⊥ ⊥ ≡ ⊤ ♦ϕ ≡ ϕ ≡ ϕ ι1ϕ ≡ ϕ ≡ ♦ι1ϕ ♦ι2(ϕ, ψ) ≡ ϕ ∧ ψ ι2(ϕ, ψ) ≡ ϕ ∨ ψ

Standard Translation

Fundamentals 12/52

Those semantics are expressible in FOL via the first-order/model standard translation ST given we have a unary predicate Pi for each pi ∈ A a designated variable nj for each j ∈ N a (ρ(α) + 1)-ary predicate Rα for each α ∈ MT ST(pi, x) := Pi(x) ST(j, x) := x = nj ST(¬ϕ, x) := ¬ST(ϕ, x) ST(ϕ ∨ ψ, x) := ST(ϕ, x) ∨ ST(ψ, x) ST(♦α(ϕ1, . . . , ϕρ(α)), x) := ∃z1 . . . zρ(α).Rα(x, z1, . . . , zρ(α))∧

ρ(α)

• i=1

ST(ϕi, zi) (M, w) ϕ ifg M | = ST(ϕ, x)[w/x]

General Validity

Fundamentals 13/52

A modal formula ϕ can also be valid on a model… M ϕ ifg (M, w) ϕ for all w ∈ W … valid on a pointed frame… (F, w) ϕ ifg (M, w) ϕ for all M over F … valid on a frame… F ϕ ifg (F, w) ϕ for all w ∈ W … or valid ϕ ifg F ϕ for all F

Standard Translation

Fundamentals 14/52

What about standard translation for pointed frame validity? We have to capture the notions of every valuation for the atoms, every assignment for the nominals. We obtain the second-order/frame standard translation by quantifying over the atom/nominal variables in the result of the first-order translation: (F, w) ϕ ifg F | = ∀¯ P∀¯ n.ST(ϕ, x)[w/x] where ¯ P and ¯ n, are vectors of unary predicate symbols representing atoms, and variables resembling nominals in ϕ.

Correspondents

Fundamentals 15/52

Definition (Frame-Correspondents)

A modal formula ϕ and a first-order formula θ(x) are local frame-correspondents if for every pointed frame (F, w) (F, w) ϕ ifg F | = θ(x)[w/x] They are called global frame-correspondents if for every frame F F ϕ ifg F | = θ

Elementary Formulas

Fundamentals 16/52

If we can have a first-order formula expressing the same property as a second-order one it is beneficial to use that. Computationally easier to reason about More algorithms handling those Easier to read as a human

Definition (Elementary Formula)

A modal formula that has a first-order correspondent is called elementary. Note that this does not imply completeness w.r.t some elementary class of frames nor is implied by it.

Automatic Computation

Fundamentals 17/52

Can we compute those correspondents in an automatic way?

Theorem (Chagrova’s Theorem)

It is undecidable whether an arbitrary basic modal formula has a global first-order correspondent. We can however have algorithms working on subclasses of the class of elementary formulas.

Algorithms

Fundamentals 18/52

SCAN - Gabbay, D. M., & Ohlbach, H. J. (1992)

Eliminates second-order existential quantifiers in formulas of the shape ∃P1 . . . Pn.ϕ; Uses skolemization, resolution and unskolemization.

DLS - Doherty, P., Łukaszewicz, W., & Szałas, A. (1997)

Eliminates second-order quantifiers from arbitrary second-order formulas; Uses skolemization, the Ackermann lemma and unskolemization.

Algorithms

Fundamentals 19/52

SQEMA - Conradie, W., Goranko, V., & Vakarelov, D. (2006)

Eliminates atoms from modal formulas using a modal variation of the Ackermann lemma; Avoids skolemization and unskolemization; Computes local frame-correspondents.

ALBA - Conradie, W., & Palmigiano, A. (2012)

Counterpart to SQEMA for distributive modal logics; Using a variation of the Ackermann lemma.

Polarity

Fundamentals 20/52

Definition (Polarity)

A formula is… positive (negative) in p if any occurrence of atom p in it is under an even (odd) number of negations. pure in p if it doesn’t contain p. variable-positive (-negative) if it is positive (negative) in all its atoms. pure if it contains no atoms.

Monotonicity

Fundamentals 21/52

Definition (Monotonicity)

A formula ϕ is upwards monotone in an atom p if V(p) ⊆ V ′(p) implies ϕV ⊆ ϕV′

• r downwards monotone if it implies

ϕV′ ⊆ ϕV If a formula is positive(negative) in p it is also upwards(downwards) monotone in p.

Modal Ackermann Lemma

Fundamentals 22/52

Lemma (Modal Ackermann Lemma)

Let β and α be modal formulas such that α pure in p and β negative in p. Then for any model M M β[α/p] ifg there exists a model M′ difgering from M at most in the valuation of p such that M′ (α → p) ∧ β

Inductive Formulas

Fundamentals 23/52

Definition (Box Formula)

headed box : α(N1, . . . , p, . . . , Nn−1), headless box : α(N1, . . . , Nn), where p is a single propositional variable (called head) and N1, . . . , Nn are variable-negative formulas. box formula : either a headed or a headless box. An occurrence of an atom p in a box formula is called… essential if it occurs as head, inessential otherwise.

Inductive Formulas

Fundamentals 24/52

Definition (Regular Formula)

A regular formula is a formula of shape α(¬B1, . . . , ¬Bn) where B1, . . . , Bn are box formulas.

Definition (Dependency Digraph)

The dependency digraph of a regular formula ϕ = α(¬B1, . . . , ¬Bn) is a directed graph: nodes: essentially occurring variable in any Bi. edges: from p to q if p occurs inessentially in any Bi with head q. If this digraph is free of directed cycles or loops it is called acyclic.

Inductive Formulas

Fundamentals 25/52

Example (Dependency Digraph)

α(¬ βp

• headed

, ¬ γ(¬p, q)

• headed

, ♦ββq

headless

) p q Resulting digraph:

Definition (Inductive Formula)

An inductive formula is a regular formula with acyclic dependency digraph.

Only Boxes?

Fundamentals 26/52

So every inductive/regular/box formula has to be a box at the

• utermost level?

Recall: ι1ϕ ≡ ϕ ι2(ϕ, ψ) ≡ ϕ ∨ ψ α(β1,...,βn)(ϕ11, . . . , ϕ1b1, . . . ) ≡ α(β1(ϕ11, . . . , ϕ1b1), . . . )

Only Boxes?

Fundamentals 27/52

♦ααp → α♦αp Remove → ¬♦ααp ∨ α♦αp Remove ♦ α¬αp ∨ α¬α¬p Remove ∨ ι2(α¬αp, α¬α¬p) Accumulate ι2(α,α)(¬ αp

• headed

, ¬ α¬p

headless

)

SQEMA 28/52

SQEMA

SQEMA - Preprocessing

SQEMA 29/52

Input: (hybrid polyadic) modal formula

• 1. Negate the input formula.
• 2. Transform into negation normal form.
• 3. Distribute ♦ and ∧, over ∨.
• 4. Split the formula on top-level disjunctions.

Continue separately for each element in the resulting set.

SQEMA - Elimination

SQEMA 30/52

• 1. Form a disjunction with a negated special fresh nominal i

and call the result a system.

• 2. Eliminate every atom which is occurring only positively

(negatively) by replacing each occurrence with ⊥(⊤).

• 3. Choose an atom p to eliminate.
• 4. Try to transform the system using the SQEMA rules to

make the (ack) rule applicable, eliminating p from the system.

• 5. Choose the next atom and repeat until either the system

is pure or a variable can’t be eliminated.

SQEMA - Postprocessing

SQEMA 31/52

Input: from each disjunct, a system of pure formulas or a failure If all such systems are successes:

• 1. For each system S form

ϕ∈S ϕ.

• 2. Form the disjunction of all those formulas.
• 3. Negate the resulting formula.
• 4. Form ST(−, x) and prefix with ∀¯

n∃x where ¯ n is the vector

• f all occurring nominal variables except i which is lefu

free.

SQEMA - Rules

SQEMA 32/52

Γ, ϕ ∨ α(ψ1, . . . , ψn) (α) Γ, ψi ∨ −i

α (ψ1, . . . , ψi−1, ϕ, ψi+1, . . . , ψn)

Γ, ¬j ∨ ♦α(ϕ1, . . . , ϕn) (♦α) Γ, ¬j ∨ ♦α(k1, . . . , kn), ¬k1 ∨ ϕ1, . . . , ¬kn ∨ ϕn Γ, ϕ ∨ (ψ ∧ χ) (∧) Γ, ϕ ∨ ψ, ϕ ∨ χ ϕ1 ∨ p, . . . , ϕn ∨ p, ψ1, . . . , ψm (ack) ψ1[

n

• k=1

ϕk/¬p], . . . , ψm[

n

• k=1

ϕk/¬p] where ϕ1, . . . , ϕn are pure in p and ψ1, . . . , ψm are negative in p

SQEMA - Equivalences

SQEMA 33/52

In addition to those rules, SQEMA can do some propositional reasoning and transformation using: associativity and commutativity of ∧ and ∨ absorption and neutrality of ∧ and ∨ replacing ϕ ∧ ¬ϕ (ϕ ∨ ¬ϕ) with ⊥ (⊤) SQEMA can also switch the polarity of variables in the input formula and start over if all else fails.

The Missing Parts

SQEMA 34/52

What is missing from that algorithm description: How to apply the rules to solve the system for an atom? When to do that propositional reasoning and to what extent?

Solving

SQEMA 35/52

Γ, ¬j ∨ ♦α(ϕ1, . . . , ϕn) (♦α) Γ, ¬j ∨ ♦α(k1, . . . , kn), ¬k1 ∨ ϕ1, . . . , ¬kn ∨ ϕn Γ, ϕ ∨ (ψ ∧ χ) (∧) Γ, ϕ ∨ ψ, ϕ ∨ χ produce structurally smaller formulas and should therefore be applied whenever possible. Γ, ϕ ∨ α(ψ1, . . . , ψn) (α) Γ, ψi ∨ −i

α (ψ1, . . . , ψi−1, ϕ, ψi+1, . . . , ψn)

needs to decide which formula under the box to pull out.

Solving

SQEMA 36/52

Let the atom to solve for be p, the formula be of the shape ϕ ∨ α(ϕ1, . . . , ϕn) with positive occurrences of p. ϕ needs to be pure in p there can’t be negative occurrences of p anywhere we can only pull out one ϕi therefore only one can contain p Otherwise the propositional reasoning could still eliminate

• ccurrences to meet those conditions.

Does this occur?

SQEMA 37/52

To be complete with respect to the inductive formulas we don’t need to consider those complicated cases. Recall that an inductive formula was of the following shape α(¬B1, . . . , ¬Bρ(α)). afuer negating, normalizing and preprocessing we have {¬i ∨ ♦α(B1, . . . , Bρ(α))}, afuer applying the (♦α) rule all impure formulas have the shape ¬ki ∨ Bi,

Does this occur?

SQEMA 38/52

Bi where box formulas so we have two cases: Bi headless box: ki ∨ β(ϕ1, . . . , ϕρ(β)) where all ϕi are variable-negative

• nly has negative occurrences of p and is ready for

the (ack) rule; Bi headed box: ¬ki ∨ β(ϕ1, . . . , p, . . . , ϕρ(β)) apply the (β) rule; p ∨ −i

β (ϕ1, . . . , ¬ki, . . . , ϕρ(β)) where the part is

variable-negative; due to the acyclic dependency digraph the part is pure in p, making this ready for the (ack) rule.

And afuer the (ack) rule?

SQEMA 39/52

What if negative occurrences of an atom q get substituted into a headed box with head q while eliminating p? Take the formula α(¬β(p, ¬q), ¬β(¬p, q)).

• 1. preprocessing, (♦α), (β):

{¬i ∨ ♦α(k1, k2), p ∨ −1

β (¬k1, ¬q), ¬k2 ∨ β(¬p, q)}

• 2. (ack): {¬i ∨ ♦α(k1, k2), ¬k2 ∨ β(−1

β (¬k1, ¬q), q)}

• 3. Here the algorithm fails because the outer β has mixed

polarity occurrences of q This situation is prevented by the dependency digraph needing to be acyclic.

Example

SQEMA 40/52

CR: ♦ααp → α♦αp

• 1. Negate and systemize: {¬i ∨ (♦ααp ∧ ♦αα¬p)}
• 2. Choose p to eliminate
• 3. (∧) rule: {¬i ∨ ♦ααp, ¬i ∨ ♦αα¬p}
• 4. (♦α) rule: {¬i ∨ ♦αk1, ¬k1 ∨ αp, ¬i ∨ ♦αα¬p}
• 5. (α) rule: {¬i ∨ ♦αk1, p ∨ −1

α ¬k1, ¬i ∨ ♦αα¬p}

• 6. (ack) rule: {¬i ∨ ♦αk1, ¬i ∨ ♦αα−1

α ¬k1}

• 7. Join and negate: (i ∧ α¬k1) ∨ (i ∧ α♦α♦−1

α k1)

• 8. Simplify and translate:

∀nk1∃x.x = ni ∧ (∀y.Rα(x, y) → ¬(y = nk1) ∨ ∀y.Rα(x, y) → ∃x.Rα(y, x) ∧ ∃y.Rα(y, x) ∧ y = nk1)

• 9. Simplify: ∀nk1.Rα(ni, nk1) → ∀y.Rα(ni, y) →

∃x.Rα(y, x) ∧ Rα(nk1, x))

Completeness

SQEMA 41/52

Theorem (Completeness for Hybrid Polyadic Inductive Formulas)

SQEMA succeeds on every conjunction of hybrid polyadic inductive formulas.

Proof Sketch

Algorithm negates the input formula and then treats every disjunct separately. In previous slides we have seen why the algorithm succeeds on a single inductive formula.

Correctness

SQEMA 42/52

Theorem (Correctness w.r.t local equivalence)

If SQEMA succeeds on an input formula ϕ, then ϕ is locally frame-correspondent to the returned first-order formula.

Proof Sketch

Algorithm in essence does

• 1. Negate
• 2. Prefix with ¬i
• 3. Apply rules
• 4. Standard translation
• 5. Negate

Show that each rule is correct, show that prefixing with i is correct.

Formalising 43/52

Formalising

Type of Modal Terms

Formalising 44/52

If we take the type of modal terms which gets defined alongside its arity function: Inductive mt : Set := | ... | app op : Vect mt (arity op) -> mt with arity : mt -> nat := fun op => match op with | ... end. This is called an inductive-recursive type which Coq currently does not allow …

Type of Modal Terms

Formalising 45/52

Alternative approach: Inductive mt : nat -> Set := | ... | app n : mt n -> Vect (mt ?) n -> mt ?. This works with an HList or sigma types but gets really ugly to work with … What about pure formulas being modal terms?

Type of Modal Terms

Formalising 46/52

Inductive mt : nat -> Set := | ... | pf f : pure f -> mt 0 with mf : Set := | ... with pure : mf -> Prop := | ... . This is called an inductive-inductive type which Coq currently also doesn’t allow …

Type of Modal Terms

Formalising 47/52

What about using dependent types again? Inductive mt : nat -> Set := | ... | pf : mf true -> mt 0 with mf : bool -> Set := | ... . This works but now everything needs to care whether a formula is pure or not and requires dependent pattern matching everywhere.

Type of Modal Formulas

Formalising 48/52

To make the formalization usable we subset the language to not allow pure formulas as modal terms and restrict modal terms to unary and binary ones. Parameters (opu opb : Set). Inductive bmf : Set := | b_prop : atom -> bmf | b_negprop : atom -> bmf | ... (*verum, falsum, conj, disj, nominals*) | b_diau : opu -> bmf -> bmf | b_boxu : opu -> bmf -> bmf | b_diab : opb -> bmf -> bmf -> bmf | b_boxb : opb -> bmf -> bmf -> bmf. .

Termination of Rule Transform

Formalising 49/52

Γ, ϕ ∨ α(ψ1, . . . , ψn) (α) Γ, ψi ∨ −i

α (ψ1, . . . , ψi−1, ϕ, ψi+1, . . . , ψn)

consequent not a structurally smaller term, due to −i

α−i ≡ α not preventing loops.

Simiraly those propositional reasoning equivalences do not prevent loops. So we need a measure function and selective rule application to ensure termination.

Termination of Rule Transform

Formalising 50/52

Define measure function c : A → MF → N: c(p, f) :=

• if f pure in p

c′(f)

• therwise

where c′(⊥) = c′(⊤) = 0 c′(k) = c′(¬k) = 0 c′(p) = c′(¬p) = 1 c′(ϕ ∧ ψ) = c′(ϕ ∨ ψ) = 1 + c′(ϕ) + c′(ψ) c′(α ¯ ϕ) = c′(♦α ¯ ϕ) = 1 +

• f∈ ¯

ϕ

c′(f)

Size of Rule Transform

Formalising 51/52

Somewhere in our implementation we need to have a Fixpoint doing the rule transformation. To ensure it’s termination we use the previously defined measure function in a Program Fixpoint. This results in a 32 line pattern match over two formulas and two predicates. But… … produces 233 Proof obligations afuer tinkering with wildcards … produces a 12k line function body when unfolded

The End - Questions? 52/52

The End - Questions?