Automated Theorem Proving
Advanced Tableaux II
Reiner Hähnle
Department of Computer Science
Technische Universität Darmstadt
2 June 2014
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
1 / 22
140602
2 / 22
Advanced Tableaux II
Partial Interpretations
Tableaux with Selection Function
Summary
Proof Complexity
Tableaux with Lemmas
Cuts
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
A Classification of Tableau Calculi
(Tableau) Calculus
Proof Confluent
Destructive
Non-destructive
1. Incomplete search
1. Ground tableaux
2. Global fairness
2. Sentence tableaux
Not Proof Confluent
Destructive
3. Instance-based TP 3. Delayed closure
4. Model Evolution
Backtracking
Breadth-First
4. Incremental closure
1. Model elimination
2. Connection method
3. Connection tableaux
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
3 / 22
Partial Interpretations
Definition (Partial Interpretation)
A partial interpretation is a set of literals I such that not p ∈ I and
¬p ∈ I for any p ∈ A0Σ .
A partial interpretation I satisfies L iff L ∈ I, write I |= L.
A standard interpretation I0 can be seen as a partial interpretation I via
I = I0 ∪ {¬p | p 6∈ I0 }, but a partial interpretation may leave an I(L) open
Any open branch B in a ground clause tableau induces a partial
interpretation IB : the set of literals on B
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
4 / 22
Generalizing Regularity
Towards a more General Criterion than Regularity
Avoid extension of branch B with clause C whenever IB |= C .
I
Excludes irregular and tautological clauses: only slightly better
I
Don’t need to extend branches that can be extended to a model!
Definition (Saturation)
An open clause tableau branch B has a saturation wrt S iff there is an
e ⊇ B such that I e |= S.
open B
B
I
S satisfiable iff initial branch true has saturation: infeasible!
e
Try exactly one candidate B
I
e = B + selected literals from clauses C with IB 6|= C
B
I
2014-06-04
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
ATP
Advanced Tableaux II
Tableaux with Selection Function
Generalizing Regularity
140602
5 / 22
Generalizing Regularity
Towards a more General Criterion than Regularity
Avoid extension of branch B with clause C whenever IB |= C .
I
Excludes irregular and tautological clauses: only slightly better
I
Don’t need to extend branches that can be extended to a model!
Definition (Saturation)
An open clause tableau branch B has a saturation wrt S iff there is an
e ⊇ B such that I e |= S.
open B
B
I
S satisfiable iff initial branch true has saturation: infeasible!
e
Try exactly one candidate B
I
e = B + selected literals from clauses C with IB 6|= C
B
I
If IB is not yet a model of S, then there must be a reason for it in the
form of clauses C ∈ S not made true by IB . We try to complete IB into a
model of all S by adding to it any of the unsatisfied literals from such
clauses C .
Regularity is automatically ensured by the choice of C .
Formally, we need to define a function that selects literals in clauses.
This is what we do next.
Tableaux with Selection Function
Definition (Selection Function)
A selection function f maps each clause into a (possibly empty) subset
of its literals.
ef = B ∪ {f (C ) | C ∈ S, IB 6|= C }
The extension of a branch B wrt f is B
Example
S = { {{¬q, ¬s}},
{{¬r , s}},
{{p, q, r }},
true
¬q
¬s
ef = B ∪ {s, r , ¬p}
B
¬r
p
2014-06-04
ATP: Advanced Tableaux
{{¬p}} }
¬p
q
ef = B ∪ {¬p}
B
s
r
TU Darmstadt, Software Engineering Group
ATP
Advanced Tableaux II
Tableaux with Selection Function
Tableaux with Selection Function
140602
6 / 22
Tableaux with Selection Function
Definition (Selection Function)
A selection function f maps each clause into a (possibly empty) subset
of its literals.
ef = B ∪ {f (C ) | C ∈ S, IB 6|= C }
The extension of a branch B wrt f is B
Example
S = { {{¬q, ¬s}},
{{¬r , s}},
{{p, q, r }},
true
¬q
{{¬p}} }
¬s
ef = B ∪ {s, r , ¬p}
B
¬r
p
¬p
q
ef = B ∪ {¬p}
B
In S the selected literals are red.
The displayed clause tableau for S has two open branches.
The left branch satisfies only the clause already used on it.
ef is a model of S.
Observe that B
Similarly of the second open branch.
ef needs not be consistent, hence not a partial interpretation.
In general, B
ef leads to a tableau
An analysis of the reasons for inconsistency of B
calculus with selection function.
Notation: for set of literals B let B = {L | L ∈ B}
s
r
Tableaux with Selection Function
ef consistent and all clauses C with f (C ) = ∅ used on B:
B
ef |= S
B
Otherwise — Which clauses to use for extension?


Use clauses C ∈ S with IB 6|= C and one of:



Restart step w/
1. no literals selected in C : f (C ) = ∅
restart clause C

ef : f (C ) ∩ B
ef 6= ∅ 

2. f (C ) weakly connected to B

2.1 f (C ) ∩ f (D) 6= ∅ for D ∈ S
2.2 f (C ) ∩ B 6= ∅ or
Weak connection
First extension step in a tableau is always a restart step
2014-06-04
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
ATP
Advanced Tableaux II
Tableaux with Selection Function
Tableaux with Selection Function
140602
7 / 22
Tableaux with Selection Function
ef consistent and all clauses C with f (C ) = ∅ used on B:
B
ef |= S
B
Otherwise — Which clauses to use for extension?


Use clauses C ∈ S with IB 6|= C and one of:



Restart step w/
1. no literals selected in C : f (C ) = ∅
 restart clause C
ef : f (C ) ∩ B
ef 6= ∅ 

2. f (C ) weakly connected to B

2.1 f (C ) ∩ f (D) 6= ∅ for D ∈ S
2.2 f (C ) ∩ B 6= ∅ or
Weak connection
First extension step in a tableau is always a restart step
When a model has been found, B needs not be considered anymore.
1. If there are clauses with unselected literals, use them (they give no
guidance for restriction)—this is the usual extension rule.
ef inconsistent, look at sources for
2. Otherwise, if B is not closed and B
inconsistency.
ef , there must be an unused clause C with selected literals
By definition of B
f (C ) involved in this inconsistency.
The extension step must now be done with such a clause C . Depending on
the source for inconistency, the extension step is named differently.
Selection Functions Cont’d
ef inconsistent
B
ef inconsistent
B
}|
z
2.1 |
L
{z
B consistent
2014-06-04
ATP: Advanced Tableaux
}|
{
z
}
2.2 |
L
{z
L∈f (C )
}|
{
L
{z
B consistent
TU Darmstadt, Software Engineering Group
ATP
Advanced Tableaux II
Tableaux with Selection Function
Selection Functions Cont’d
L
{z
}|
}
L∈f (C )
140602
8 / 22
Selection Functions Cont’d
ef inconsistent
B
ef inconsistent
B
}|
z
2.1 |
{z
B consistent
{
z
L L
} | {z }
2.2 |
L∈f (C )
The complement can either be 2.(a) a selected literal in another unused
clause D or (b) a literal on B.
Call clauses of kind 1. and 2.(a) restart clauses, because they have no
connection to B.
Case 2.(b) is a weakly connected extension step via a selected literal
L ∈ f (C ).
}|
L
{z
B consistent
{
}|
L
{z
L∈f (C )
}
Selection Functions Cont’d
Restart clauses
z
}|
{
S = { {{¬q, ¬s}}, {{¬r , s}},
{{p, q, r }},
{{¬p}} }
true
¬q
¬s
ef = B ∪ {s, r , ¬p}
B
ef = B ∪ {s, r , ¬p}
B
true
¬q
¬s
ef = B ∪ {s, r , ¬p}
B
¬r
s
ef = B ∪ {r , ¬p}
B
true
¬q
¬s
ef = B ∪ {s, r , ¬p}
B
2014-06-04
ATP: Advanced Tableaux
¬r
p
s
r
140602
q
TU Darmstadt, Software Engineering Group
¬p
ATP
Advanced Tableaux II
Tableaux with Selection Function
Selection Functions Cont’d
ef = B ∪ {¬p}
B
9 / 22
Selection Functions Cont’d
Restart clauses
z
}|
{
S = { {{¬q, ¬s}}, {{¬r , s}},
{{p, q, r }},
{{¬p}} }
true
¬q
¬s
ef = B ∪ {s, r , ¬p}
B
ef = B ∪ {s, r , ¬p}
B
true
¬q
¬s
ef = B ∪ {s, r , ¬p}
B
¬r
ef = B ∪ {r , ¬p}
B
true
¬q
ef = B ∪ {s, r , ¬p}
B
s
¬s
¬r
p
¬p
q
ef = B ∪ {¬p}
B
s
r
1. The saturation of the initial branch contains all selected literals. The
complements give possible restart clauses.
The first clause used must be a restart clause.
We use the first clause.
The left branch is saturated (seen before).
2. Only a weakly connected extension step with selected literal s is possible.
3. Again with r and ¬p. The only open branch is saturated.
Selection Functions Cont’d
Theorem (Ground Completeness)
If the finite ground clause set S is unsatisfiable, then for any selection
function f there is a tableau proof with selection function f for S.
Moreover, ground tableaux with selection function are proof confluent.
Proof Idea.
Formalize the derivation of Tableaux with Selection Function.
2014-06-04
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
ATP
Advanced Tableaux II
Tableaux with Selection Function
Selection Functions Cont’d
140602
Selection Functions Cont’d
Theorem (Ground Completeness)
If the finite ground clause set S is unsatisfiable, then for any selection
function f there is a tableau proof with selection function f for S.
Moreover, ground tableaux with selection function are proof confluent.
Proof Idea.
Formalize the derivation of Tableaux with Selection Function.
Proof.
Assume to contrary there is a tableau w/selection function f and open
saturated branch B. S is finite ; B is finite.
ef is consistent.
Assume that B
Then, because all clauses with no selected literals used on B, also
IBef |= S which finishes the proof by contradiction.
ef is inconsistent.
Assume now that B
There is literal L ∈ {f (C ) | C ∈ S, IB 6|= C } s. th.
(a) L ∈ B or
(b) L ∈ f (D) for some D with IB 6|= D.
In either case, extension step possible, B saturated.
Proof independent of sequence of extension steps
; tableaux with selection function proof confluent!
10 / 22
Lifting
Tableau proof for S
Unsatisfiable clause set S
Lifting
Compactness
Herbrand T.
Unsatisfiable finite set S ⊂ Σ(S)
Ground completeness
Tableau proof for S
Lifting
ρ-instance of S: {{L1 ρ, . . . , Li ρ, . . . , Lr ρ}}
f (C σ) ⊆ f (C )σ
Clause in S: {{L1 σ, . . . , Li σ, . . . , Lr σ}}
σ = τ ◦ ρ for some τ , Li σ selected
TU Darmstadt, Software Engineering Group
11 / 22
Lifting
Tableau proof for S
Unsatisfiable clause set S
Lifting
Herbrand T.
Unsatisfiable finite set S ⊂ Σ(S)
Ground completeness
Tableau proof for S
ρ-instance of S: {{L1 ρ, . . . , Li ρ, . . . , Lr ρ}}
Lifting
ATP
Advanced Tableaux II
Tableaux with Selection Function
Lifting
140602
Compactness
2014-06-04
ATP: Advanced Tableaux
f (C σ) ⊆ f (C )σ
Clause in S: {{L1 σ, . . . , Li σ, . . . , Lr σ}}
σ = τ ◦ ρ for some τ , Li σ selected
Selected literals in instances of clauses are instances of selected literals.
Lifting Cont’d
f (C σ) ( f (C )σ is possible
Example
{
{{p(x), q(x)}}
{{p(a), q(a)}}
{{p(b), q(b)}}
}
I
Checking tableau-global preservation of selection condition under
substitutions is additional complete restriction
I
Achieved by suitable constraints as for regularity
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
12 / 22
Summary: Tableau Refinements
I
Connection tableaux are a non-proof confluent ground tableau
calculus: backtracking necessary for completeness
I
Non-proof confluent refinements typically require syntactic
completeness proof
Implementations Setheo, leanCoP:
I
I
I
leanCoP 2.1: 6 Prolog clauses, < 1kB
surprisingly efficient, amazing Prolog hack
∞
I
Tableaux with selection function are proof confluent
I
I
I
Unconnected “restart steps” required for completeness
Heuristic tuning: selection function, frequency of restarts
Tableaux with selection function: basis of non-destructive calculi
I
I
Can be combined with Incremental Closure
Ideas used in Model Evolution, Hyper Tableaux
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
13 / 22
Advanced Tableaux II
Partial Interpretations
Tableaux with Selection Function
Summary
Proof Complexity
Tableaux with Lemmas
Cuts
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
14 / 22
Proof Complexity
Definition (Proof Complexity)
The size of a ground tableau proof is its number of nodes.
Unsatisfiability check of clause set S is co-NP complete:
expect exponential worst case in number of variables of S
Example
Let Sn = {{{L1 , . . . , Ln }} | Li ∈ {pi , ¬pi }}
Size of Sn is n2n over n variables, S obviously unsatisfiable
What is the size of the smallest tableau proof for Sn ?
Theorem
The smallest tableau proof of Sn has a size in O(n!).
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
15 / 22
Complexity of Tableau Proofs
An “Anomaly” of Clause Tableaux
I
The smallest tableau proof for Sn is not polynomial in |Sn |
I
Trivial truth table checking for n variables never worse than
n2n = |Sn |
I
Tableau proofs may be super-polynomially longer than truth tables!
Inspection of tableau proof of Sn gives idea of what is lacking:
Tableaux have no mechanism to save intermediate results
Introduction of lemmas is essential to structure mathematical proofs
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
16 / 22
Tableaux with Lemmas
Definition (Lemma Generation Rule)
Lemma Generation Let literal L occur in tableau for S, where all
branches below L are closed. Then obtain a tableau
for S by adding L directly below any sibling of L.
T
Closed subtableau implies
S ∪ {literals in T above L} |= L
There is a tableau proof with lemmas
for Sn whose size is linear in |Sn |
(Proof is exercise)
···
L
ATP: Advanced Tableaux
L0 · · ·
L
Completeness of lemma generation is trivial
For soundness, change the perspective!
TU Darmstadt, Software Engineering Group
140602
17 / 22
Lemmas vs. Case Distinctions
Lemmas are case distinctions that can occur at specific places
···
L
L
L
L0 · · ·
L
···
If this tableau is closed . . .
L
×
L0 · · ·
. . . then so is this one!
Definition (Case Distinction Rule)
Case Distinction Any leaf of a tableau for S can be extended anytime
with a clause of the form {{L, L}}.
Soundness and completeness of tableaux with case distinctions obvious!
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
18 / 22
The Cut
A Short History Lesson
I
Early proof calculi (until 1935) always incorporated case distinction
I
I
I
In the form of Modus Ponens: {P, P → Q} ` Q
In the form of Cut: (P → (Q ∨ C )) ∨ ((C ∧ P) → Q)))
Why?
1. Formal proof systems were modelled after mathematical reasoning
2. There was no notion of model, semantics, clause form, lifting, etc.
I
What happened in 1935?
1. Alfred Tarski invented model theory
2. Gerhard Gentzen proved that cuts can be eliminated from FOL proofs
Paved the way for cut-free proof systems (such as tableaux) and
semantic (saturation-based) completeness proofs . . .
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
19 / 22
Analytic Cuts
In a non-clausal proof system, case distinctions (equivalently, “cuts”)
may range over arbitrary FOL formulas ϕ, called cut formula
Definition (Analytic Cut)
(The cut rule of) a proof system is called analytic if the cut formula ϕ is
(the complement) of a subformula of the input S.
(In FOL the subformulas of a Σ-formula (Qx)ϕ are the elements of Σ(ϕ))
Obviously, the case distinction rule of clause tableaux is analytic
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
20 / 22
Why Cuts Matter
Worst-Case Complexity of Proofs
I Already absence of analytic cuts can have super-polynomial penalty
I
In non-clausal FOL arbitary cuts lead to a super-exponential
minimal proof length gap
Methodological Link
I
(Analytic) cuts are the link between tableaux and other proof
systems, such as DPLL and resolution (see later lectures)
I
Close relation of cut formulas to interpolants, invariants, induction
Non-existence of Cut-Free Proof System
Some logics do not possess cut-free proof systems
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
21 / 22
Problematic Aspects of Cuts
1. Non-analytic cuts are not amenable to automated proof search
Non-analytic cuts are mainly used in interactive theorem proving
2. In ground case, lemma generation never makes proofs substantially
longer, but sometimes substantially shorter, but:
T
additional closures
···
L
L
L0 · · ·
additional closures
It proved to be difficult to control the usage of lemmas in (Closure)
ATP: Advanced Tableaux
TU Darmstadt, Software Engineering Group
140602
22 / 22