1. No category

A Man-Machine Theorem

Session 3
Logic:
I
Theorem Proving and
A MAN-MACHINE THEOREM PROVING SYSTEM
W. W. Bledsoe and Peter B r u e l l
U n i v e r s i t y of Texas, A u s t i n
ABSTRACT: This paper describes a man-machine theorem
proving system at the U n i v e r s i t y of Texas (Austin)
which has been used to prove a few theorems in
general topology. The theorem (or subgoal) being
proved is presented on the scope in i t s n a t u r a l form
so t h a t the user can e a s i l y comprehend it and, by a
series of i n t e r a c t i v e commands, can help w i t h the
proof when he d e s i r e s . A feature c a l l e d DETAIL is
employed which allows the human to i n t e r a c t only when
needed and only to the extent necessary f o r the p r o o f .
The program is b u i l t around a modified form of
IMPLY, a n a t u r a l - d e d u c t i o n - l i k e theorem proving
technique which has been described e a r l i e r .
A few examples of proofs are g i v e n .
1.
w i t h the mathematician. The theorem prover, which is
described in Section 3, is w r i t t e n in LISP and is
based on IMPLY (see Section 4 of [ 1 ] ) and the methods
given i n [1] and [ 2 ] ,
I t has the a b i l i t y t o prove
theorems on i t s own; human i n t e r v e n t i o n is used to
increase i t s power and speed up p r o o f s .
The DETAIL Feature.
One of the p r i n c i p a l d i f f i c u l t i e s w i t h most manmachine provers is in knowing when and how the man
should i n t e r v e n e . F i r s t l y the human may have t r o u b l e
in reading and comprehending the t e x t on the scope,
and secondly, he doesn't know when the machine should
be helped, and how much he should do. He does not
want to make a l o t of unneeded e n t r i e s , and if he
makes a mistake he wants to e a s i l y recover.
The f i r s t d i f f i c u l t y is solved in the system
described here by employing the human oriented l a n guage IMPLY and in d i s p l a y i n g the theorem on the scope
in a " p r e t t y - p r i n t " form. This i s f u r t h e r described
below.
The second d i f f i c u l t y is handled by a procedure
which allows the computer by i t s e l f to f i r s t t r y to
prove the theorem (or subgoal).
If it succeeds, then
a l l i s w e l l , but i f i t f a i l s w i t h i n a prescribed timel i m i t , it p r i n t s on the scope the statement of the
theorem and the word "FAILURE" and awaits a command
from the user.
If he commands "DETAIL" then it w i l l
proceed (again) w i t h i t s proof to the p o i n t where the
current goal i s s p l i t i n t o subgoals.
At that point it
p r i n t s on the scope the statement of the new subgoal
f o r which it f a i l e d and stops, and the whole process
can be repeated.
At any of these stops the user can employ a
v a r i e t y of other commands such as DEFN, PUT, USE, e t c .
(which are described below) to help w i t h the proof.
In t h i s way he can e a s i l y i s o l a t e the d i f f i c u l t y and
make only those e n t r i e s needed by the machine in i t s
p r o o f . Indeed he can s t a r t the machine on the proof
of a theorem w i t h o u t enough hypotheses (reference
theorems) and supply them only when and if they are
needed in the p r o o f .
The f o l l o w i n g is a symbolic example f o r e x p l a i n ing the DETAIL process. Real examples are given in
Section 4 .
Introduction.
Some workers in automatic theorem p r o v i n g , i n c l u d i n g the authors, b e l i e v e t h a t it w i l l be many
years ( i f ever) before machines alone can prove
d i f f i c u l t theorems in mathematics. Thus some, who
hope to see machines used as p r a c t i c a l a s s i s t a n t s to
pure mathematicians, have r e d i r e c t e d t h e i r a t t e n t i o n
to man-machine theorem provers [ 3 , 4, 5] and theorem
proof checking [ 6 , 7, B ] .
The present paper describes a man-machine theorem proving system at the U n i v e r s i t y of Texas which
has been used to prove a few theorems in general
topology. Our system is organized in the same general
way as those of Guard [ 3 ] , Luckham [ 4 ] , and Huet [ 5 ] ,
but w i t h many major d i f f e r e n c e s . For example,
Luckham and Huet use v a r i a t i o n s of Resolution as
t h e i r p r i n c i p a l r u l e s of inference whereas we use a
modified form of IMPLY [ 1 ] , which is a natural-deduct i o n - t y p e method.
Also our system displays formulas on the scope
in a n a t u r a l , easy to read, manner and has a v a i l a b l e
a v a r i e t y of i n t e r a c t i v e commands the user can employ
to hel p w i t h the p r o o f . Among these is a feature
c a l l e d DETAIL which allows the human to i n t e r a c t only
when needed and only as much as is required f o r the
proof.
As yet t h i s system has proved no new theorem in
topology.
The program is s t i l l in the s t a t e of d e v e l opment and It w i l l be sometime before we can d e t e r mine whether It can m a t e r i a l l y help a mathematician
prove new theorems.
This paper describes the f a c i l i t y , the i n t e r a c t i v e commands a v a i l a b l e to the user mathematician,
the modified v e r s i o n of IMPLY which is used, and
gives a few examples of proofs of theorems.
2.
The F a c i l i t y and I n t e r a c t i v e Commands.
The f a c i l i t y consists of a Datapoint 3300 t e r minal connected to the CDC 6600 computer v i a the UT
i n t e r a c t i v e ( t i m e - s h a r i n g ) system TAURUS [ 1 1 ] . A
mathematician (the user) s i t s at the t e r m i n a l , types
in a theorem to be proved and o c c a s i o n a l l y helps the
program w i t h the proof by p r o v i d i n g i n f o r m a t i o n he
feels is needed and answering questions the program
poses.
The computer program consists of a large automatic theorem prover and a subroutine f o r i n t e r a c t i n g
56
The other subgoals of (3) are handled s i m i l a r l y ,
using other hypotheses from H.
Thus the very d i f f i c u l t problem (1) has been r e ­
duced to a series of easier problems by the human
a c t i o n (2) and some machine m a n i p u l a t i o n s . It is
true t h a t the mathematician is required to provide
the most d i f f i c u l t step in the proof but then the
computer does the r e s t , proving a series of smaller
theorems and v e r i f y i n g t h a t the mathematician's
choice f o r G was indeed c o r r e c t , if he made a
wrong choice at (2) he might want to intervene l a t e r ,
backup, and t r y a d i f f e r e n t value f o r G.
The PUT f e a t u r e , though q u i t e simple, is a very
powerful device. It alone makes a tremendous d i f f e r ­
ence in the number of theorems the computer program
can prove.
58
REDUCE helps convert expressions i n t o forms which are
more e a s i l y provable by IMPLY. It also is a convenient place to store facts that can be used by the
machine as they are needed. For example REDUCE returns
"TRUE" when applied to such formulas as (Closed C1ST
A ) , (Open X ) , (Open
(Open i n t e r i o r A ) ,
etc.
Forward Chaining.
It seems t h a t unrestrained forward
chaining is a poor idea in automatic theorem proving
because it tends to produce an excessive number of
useless hypotheses (lemmas). Consequently, our e a r l i e r
versions of IMPLY r e l i e d h e a v i l y on backward chaining.
However, the use of the man-machine system (especially
the PUT f e a t u r e ) on theorems in topology has brought
to our a t t e n t i o n the power of forward chaining in
many p r o o f s , e s p e c i a l l y in cases where the chaining
expression is a ground ( a l l constant) formula. We
therefore have provided ground forward chaining as a
new r u l e in IMPLY.
RULE (forward c h a i n i n g ) . If P O is a ground expression ( i . e . , contains no v a r i a b l e s ) which is an instance
of P ( i . e . , there is a s u b s t i t u t i o n T for which
P O = P T ) then the goal
to be p r i n t e d .
HISTORY. If commanded the program keeps a record
( h i s t o r y ) of each step it has taken in the proof of a
theorem, i n c l u d i n g steps where the human intervenes
but excluding unproductive steps. This h i s t o r y can
be used by the mathematician l a t e r , upon the command
"RUN HISTORY N", to rerun a l l or p a r t of the proof
without i n t e r r u p t i o n , and to t r y if desired a
d i f f e r e n t l i n e of proof at any step.
3. The. Machine Prover
The prover used by t h i s system consists mainly
of a modified form of IMPLY (Section 4 of [ 1 ] ) , w i t h
the a d d i t i o n of REDUCE (see p. 57 of [ 2 ] ) , and other
concepts from [2] and [ 1 7 ] .
Two of the p r i n c i p a l differences in the present
v e r s i o n is t h a t IMPLY is now the main r o u t i n e (instead
of CYCLE), and REDUCE is now applied i n s i d e IMPLY.
The SPLIT functions (p. 56 of [ 2 ] ) are an i n t e g r a l
part of IMPLY i t s e l f . Also IMPLY has been given a
b r e a d t h - f i r s t search capacity (see below), and the
back-up feature (see Footnote 11 of [ 1 ] ) has been
removed and replaced by a human back-up c a p a b i l i t y .
IMPLY. IMPLY is a n a t u r a l deduction type system which
processes formulas in t h e i r " n a t u r a l " form (see also
[9, 10]).
It consists p a r t i a l l y of a few r e w r i t e
rules such as
is converted to the new goal
This r u l e need only be applied at the time somet h i n g new is added to the hypothesis, such as when an
expression (H
(A
B))
is converted to (H
A
B),
or when another forward chaining step has j u s t been
completed.
This r u l e has been f u r t h e r extended in the system
to provide f o r so-called "PEEK forward c h a i n i n g " ,
which works as f o l l o w s :
RULE (PEEK forward c h a i n i n g ) . If P
is a ground
expression, P. =
A has the d e f i n i t i o n (P
Q),
then the goal
which convert the expression being proved from one
form to another.
I t s main f u n c t i o n is to s p l i t a
goal i n t o subgoals
backchain, s u b s t i t u t e equals, and forward chain (new
a d d i t i o n ) . A fundamental part of IMPLY is a matching
r o u t i n e ( u n i f i c a t i o n ) : if T is a most general
u n i f i e r of A and A' then the subgoal
is converted to the new goal
is judged "TRUE" w i t h T being returned to be applied
to f u r t h e r subgoals.
REDUCE. REDUCE consists wholly of a set of r e w r i t e
r u l e s which converts parts of formulas.
It contains
special h e u r i s t i c s f o r set theory, topology, e t c .
For example
Note t h a t the machine "peeks" at the d e f i n i t i o n of
A to see if forward chaining is p o s s i b l e , but then
returns A to i t s o r i g i n a l form. This v a r i a t i o n is
very u s e f u l (see Example 2, (111 H 1 ) ) . Returning A
to I t s o r i g i n a l form makes the theorem much easier to
comprehend for the mathematician reading the d i s p l a y
on the scope.
Forward chaining s t i l l tends to c l u t t e r up the
scope w i t h useless hypotheses, and the user occasiona l l y f i n d s It u s e f u l to remove some of them by the
command DELETE. More importantly the user, when he
gives the computer a theorem to prove, need not l i s t
a l l required lemmas but can give them only as they are
aeeded In the proof, and thereby can e l i m i n a t e much
i r r e l e v a n t forward c h a i n i n g .
B r e a d t h - F i r s t - S e a r c h . One of the d i f f i c u l t i e s w i t h the
previous v e r s i o n of IMPLY was t h a t i t s search was
e s s e n t i a l l y " d e p t h - f i r s t . " For example, in proving
*Since REDUCE is now c a l l e d from i n s i d e IMPLY, it (REIt would back chain o f f of
DUCE) must e l i m i n a t e q u a n t i f i e r s and skolemize in the
course of reducing formulas. As was explained in Sect i o n 2 under DEFN, the exact form of t h i s skolemization
depends on the p o s i t i o n of the expression in the theorem.
59
and t r y to prove H(x ), before f i n a l l y g e t t i n g
around to the t r i v i a l proof (P(x O ) -> P(x ) ) .
A human, a c t i n g more i n t e l l i g e n t l y , would
casually glance across the hypotheses, and n o t i c e
P(xo.) before t r y i n g to e s t a b l i s h H ( x O ) .
A more serious d i f f i c u l t y is encountered in
i n s t a n t i a t i n g d e f i n i t i o n s , i n t h a t not enough d i r e c t i o n is provided as to which d e f i n i t i o n to i n s t a n t i a t e
f i r s t . As a general r u l e , an expression such as " r e g "
should not be replaced by i t s d e f i n i t i o n unless it
w i l l "do some good." Otherwise a g l u t of new symbols
hamper both man and machine. Also it is u s u a l l y
b e t t e r t o i n s t a n t i a t e d e f i n i t i o n s i n the conclusion
before those in the hypothesis, and to i n s t a n t i a t e
d e f i n i t i o n s of " s t r a n g e " terms such as "paracompact"
before those of ordinary terms such as " c l o s e d " or
We have attempted to remedy these two d i f f i c u l t i e s and have also added another feature c a l l e d
"PAIRS" which t r i e s if possible to apply t h a t
hypothesis which is l i k e the desired conclusion, even
when a complete match cannot be made.
The f o l l o w i n g is a r a t h e r sketchy d e s c r i p t i o n of
the revised IMPLY program, which gives only the
f l a v o r o f I t . A d e t a i l e d d e s c r i p t i o n i s given i n
[12].
When a theorem (or subgoal)
is given for IMPLY to prove, it f i r s t c a l l s REDUCE,
then applies i t s own r e w r i t e r u l e s , and SPLITS it if
a p p r o p r i a t e . Next it does a b r e a d t h - f i r s t search
by t r y i n g the f o l l o w i n g seven steps In the order
indicated.
I f any step f a i l s i t goes t o the n e x t ;
the success of a step u s u a l l y r e s u l t s in another c a l l
to the f u n c t i o n IMPLY.
These are described in more d e t a i l below. With
the exception of step 5 each of the steps l i s t e d
involves a c a l l from IMPLY to a f u n c t i o n c a l l e d HOA.
What b a s i c a l l y happens is t h a t IMPLY s p l i t s the
theorem i n t o subgoals on the basis of the OR-AND
s t r u c t u r e of C , and HOA attempts to use the hypotheses to prove these subgoals.
1. Try matching the conjuncts of H w i t h C.
That is if H is of the form H 1 - H 2 - H 3
it t r i e s to match C w i t h one or the H . .
2. Same as 1 . , except t h a t backchaining is
allowed. For example, in
60
4. Examples.
The examples we have explored are mostly from
K e l l e y ' s General topology [13], though in f a c t any
reasonably precise t e x t would do.
We have taken examples from various parts of the
book. Example 2 is a theorem about paracompactness.
The examples t r i e d so f a r have been about j u s t one
topology.
This i s convenient since i t allows f i x e d
symbols T and X f o r the topology T on the space
X. The space X is assumed to be non-empty. The
d e f i n i t i o n s used by the computer are stored (perma­
n e n t l y ) i n i t s memory.
The theorem labels used in the f o l l o w i n g examples
are also those used by the computer. They help inform
the user where he is in the proof. For example, if a
goal has theorem l a b e l (1 2) and it SPLITS, then the
two parts w i l l be labeled (1 2 1) and ( 1 2 2 ) . If
back chaining is used on a theorem labeled L, then
the two steps are labeled (LB) and (LH).
The presentation on the scope is always in the
" p r e t t y - p r i n t " format depicted on page 1 1 . But to
conserve space we have here shown our examples in a
more compact
form, and some l i n e s of the proof are
omitted.
I n t h i s p r e s e n t a t i o n , a n " h " a t the l e f t i n d i ­
cates a human i n p u t , an " E d " i n d i c a t e s an e d i t o r i a l
comment, and an "m" indicates machine output. The
m's are omitted in our d e s c r i p t i o n a f t e r the f i r s t
few l i n e s of each example.
In the examples
61
62
Ed
In t h i s writeup we have denoted by G O
the skolem expression G ( F ' ) . The
machine r e t a i n s i t s complete skolem
expressions but p r i n t s only (G) on the
scope f o r ease of reading.
Ed
Since the new entry [->] in the hypothesis
is an i m p l i c a t i o n , and since F' has been
given a value, the machine f i r s t t r i e s
proving OcF' before proceeding. This is
done in (111 H) below.
If It succeeds
i t w i l l then r e t a i n the hypothesis
0
63
This work was supported in p a r t by NSF Grant
GJ-32269 and NIH Grant 5801 GM 157-69-05.
References
Many of the a b i l i t i e s which are b u i l t i n t o t h i s
man-machine f a c i l i t y have been developed only a f t e r a
period of t r i a l and e r r o r . In f a c t the reason f o r
many of these is to provide for more ease in checking
out and changing the program. We expect the program
to continue to change as it is t r i e d on more and
more examples, h o p e f u l l y e v o l v i n g i n t o a system which
w i l l be u s e f u l to the researcher in topology. So f a r
t h i s is not the case, we have handled only w e l l known
theorems. Our next step involves work on the system
by some p r a c t i c i n g t o p o l o g i s t . This should help
determine whether such a system might have any p r a c t i c a l
value in the near f u t u r e .
An i n t e r e s t i n g point is t h i s - Even though the
mathematician is able to intervene at any p o i n t in the
proof, he is nevertheless very annoyed when he has to
do so in a t r i v i a l way. When, f o r example, he PUTS
the values f o r F' and G in Example 2, he feels he
has done enough and r i g h t f u l l y expects the computer
to do the r e s t . Thus even in a man-machine system, the
theorems t h a t the machine alone is required to prove
are f a r from t r i v i a l . In f a c t experience so f a r shows
t h a t they are on a par w i t h the hardest theorems being
proved today by automatic theorem p r o v e r s .
Therefore, i t i s f e l t t h a t any improvement i n
machine-alone programs is t r u l y worthwhile to the
man-machine e f f o r t .
Acknowledgment.
Various people both at U.T. and elsewhere have
g r e a t l y influenced our t h i n k i n g about automatic theorem
proving and i n t e r a c t i v e systems. We want to e s p e c i a l l y
thank B i l l Hemneman, Robert Anderson, Dave Luckham,
Vesko Marinov, B i l l Bennett, Mike B a l l e n t y n e , and
Howard Ludwig.
65
1.
W. W. Bledsoe, R. S. Boyer, and W. H. Henneman,
Computer Proofs of L i m i t Theorems,
A r t i f i c i a l I n t e l l i g e n c e 3 (1972), 27-60.
2.
W. W. Bledsoe, S p l i t t i n g and Reduction H e u r i s t i c s
in Automatic Theorem Proving, A r t i f i c i a l
I n t e l l i g e n c e 2 (1971), 55-77.
3.
J. R. Guard, F. C. Oglesby, J. H. Bennett, and
L. G. S e t t l e , Semi-automated Mathematics,
JACM 16 (1969), 49-62.
4.
John A l l e n and David Luckham, An I n t e r a c t i v e
Theorem-Proving Program, Machine I n t e l l i g e n c e
5 (1970), 321-336.
5.
G. P. Huet, Experiments w i t h an I n t e r a c t i v e Prover
f o r Logic w i t h E q u a l i t y , Report 1106,
Jennings Computing Center, Case Western
Reserve U n i v e r s i t y .
6.
John McCarthy, Computer Programs for Checking
Mathematical Proofs, Proc. Aroer â–  Math. Soc.
on Recursive f u n c t i o n Theory, held in
Ney York, A p r i l , 1961.
7.
Paul W. Abrahams, Machine V e r i f i c a t i o n of Mathe­
m a t i c a l Proof, Doctoral D i s s e r t a t i o n i n
Mathematics, MIT, May, 1963.
8.
W. W. Bledsoe and E.J . G i l b e r t , Automatic Theorem
Proof-Checking in Set Theory: A Preliminary
Report, Sandia Corp. Report SC-RR-67-525,
J u l y , 1967.
9.
Arthur J. Nevins, A Human Oriented Logic f o r
Automatic Theorem Proving, MIT AI Memo No.
268, October, 1972.
10.
Raymond R e i t e r , The Use of Models in Automatic
Theorem Proving, Dept. of Computer Science,
U n i v e r s i t y of B r i t i s h Columbia, September,
1972.
11.
TAURUS, described in Users Manual, Computation
Center, U n i v e r s i t y of Texas, A u s t i n .
12.
Peter B r u e l l , A D e s c r i p t i o n of the Functions of
The Man-Machine Topology Theorem Prover,
(under p r e p a r a t i o n ) .
13.
John L. K e l l e y , General Topology, van Nostrand,
1955.
14.
James R. S l a g l e , Automatic Theorem Proving w i t h
B u i l t - i n Theories I n c l u d i n g E q u a l i t y , P a r t i a l
Ordering, and Sets, JACM 19 (1972),
120-135.
15.
Robert Boyer, L o c k i n g : A R e s t r i c t i o n on Resolution,
Ph.D. D i s s e r t a t i o n , Mathematics Dept.,
U n i v e r s i t y of Texas, A u s t i n , 1971.
16.
Dallas S. Lankford, E q u a l i t y Atom Term Locking,
Ph.D. D i s s e r t a t i o n , Mathematics D e p t . ,
U n i v e r s i t y of Texas, A u s t i n , 1972.
17.
George E r n s t ,
The U t i l i t y of independent subgoals
in Theorem Proving,
I n f o r m a t i o n and C o n t r o l ,
v o l . 18, 3, 1971.

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz