Automated Theorem Proving
From Calculus to Proof Procedure
Reiner Hähnle
Department of Computer Science
Technische Universität Darmstadt
16 May 2014
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
1 / 21
140516
2 / 21
Proof Procedures
From Calculus to Proof Procedure
Fairness
Properties of Tableau Calculi
A Classification of Tableau Calculi
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
Dynamic Free Variable Tableau Construction
{
{{p(x), q(x)}},
{{¬p(a)}},
{{¬p(b)}},
{{¬q(b)}}
}
true
p(a)
{X1 7→a}
q(a)
¬p(a)
{X2 7→b}
ATP: Proof Procedures
p(b)
q(b)
¬p(b)
¬q(b)
TU Darmstadt, Software Engineering Group
140516
3 / 21
From Calculus to Proof Procedure
Completeness merely guarantees existence of closed tableau:
Proof (search) procedure needed to find it!
Choice Points of Non-Deterministic Tableau Construction
1. Next branch a rule is applied to?
2. Close the branch or extend it?
3. Extension: with which clause?
4. Closure: with which literals (which MGU)?
Bad choice can prevent finding a tableau proof for unsatisfiable formula
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
4 / 21
From Calculus to Proof Procedure Cont’d
Definition (Tableau Proof Procedure)
A tableau proof procedure consists of
1. a tableau calculus (a set of tableau construction rules);
2. a function computing for given clause set S and tableau T
in deterministic polynomial time (in size of S and T )
the kind, instance and position of the next rule to be applied on T .
This function is called (tableau) computation rule.
Definition (Strongly Complete)
A tableau proof procedure that preserves completeness of the underlying
calculus (i.e., computes a tableau proof for any given unsatisfiable clause
set) is called strongly complete.
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
5 / 21
From Calculus to Proof Procedure Cont’d
Branch Computation
Observations
I All branches must be closed
I
Consequence of proof of lifting theorem:
sequence of closure rule applications is irrelevant
I
Consequence of proof of ground completeness:
No need to work on closed branches
Any deterministic computation rule selecting open branches will do
Common choices of computation rule for branch selection
Typically driven by effiency in implementation
I
leftmost-open-first
I
rightmost-open-first
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
6 / 21
From Calculus to Proof Procedure Cont’d
Closure vs. Extension
Select Kind of Tableau Rule: (Closure)/(Extension)
Bad news: greedy closure can destroy completeness
Example
Left-open-first branch computation rule, clauses selected round-robin
{ {{¬p(u, a)}}, {{p(a, x), q(x)}}, {{p(b, w )}}
is unsatisfiable
{{¬p(y , b), r (y )}}, {{¬q(b)}}, {{¬r (a)}}
}
¬p(U, a)
p(a, X )
ATP: Proof Procedures
q(X )
¬p(Y , b)
p(b, W )
r (Y )
¬q(b)
¬r (a)
..
.
TU Darmstadt, Software Engineering Group
140516
7 / 21
140516
8 / 21
From Calculus to Proof Procedure Cont’d
Clause Selection
Select Clause Used for (Extension)
Unfair choice can prevent branch closure
Example
{ {{p(x)}},
{{q}},
{{¬q}}
}
true
p(X )
p(X 0 )
p(X 00 )
..
.
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
Fairness
Formalising a Notion of Fairness (Tableau Construction Order F )
I
For computation rule F and clause set S let T ≺0F T 0 iff T is
tableau for S and T 0 obtained from T via F in one step.
I
Let F be the reflexive and transitive closure of ≺0F and T∞ the
supremum of the chain starting with initial tableau “true”.
Definition (Fair Computation Rule)
A tableau computation rule F is fair if for all clause sets S and for each
branch B in the tableau T∞ for S:
1. each ground clause in S was used at least once to extend B
2. each non-ground clause in S was used infinitely often to extend B
I
I
Fair computation rule: no incompleteness due to clause selection
Easy to implement (arrange input clauses in queue per branch)
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
9 / 21
From Calculus to Proof Procedure Cont’d
MGU Selection
Select MGU Used for (Closure)
Unfair choice among several possible MGUs can prevent tableau closure
Example
{
{{p(0)}},
{{¬p(x), p(s(x))}},
{{¬p(s(s(0)))}}
}
true
p(0)
¬p(X1 )
X1 /0
ATP: Proof Procedures
p(s(X1 ))
¬p(X2 )
X2 /0
p(s(X2 ))
¬p(X3 )
X3 /0
TU Darmstadt, Software Engineering Group
p(s(X3 ))
..
.
140516
10 / 21
From Calculus to Proof Procedure Cont’d
Summary
I
A tableau computation rule turns the non-deterministic clause
tableau calculus into an implementable search procedure
I
Selection of (open) branches is uncritical
Fair selection of extension clauses required for completeness
I
I
I
Deals effectively with that choice point
How to deal with choice (Closure)/(Extension) and choice of MGU?
I
I
Greedy closure causes incompleteness even for fair computation rule
No obvious fairness notion for available MGUs for closure
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
11 / 21
Two Central Properties of Tableau Calculi
Closure and clause selection can interact subtly
Definition (Destructive Tableau Calculus)
A tableau calculus is non-destructive if all tableaux T 0 such that
T T 0 contain T as an initial subtree.
(Closure) rule renders free variable clause tableaux destructive
Definition (Proof Confluent Tableau Calculus)
A tableau calculus is proof confluent if every tableau for an unsatisfiable
clause set S can be extended to a tableau proof of S.
Proof confluence: “no need to backtrack”
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
12 / 21
Trade-Offs for the Design of Proof Procedures
Proof Confluence is Highly Desirable
1. Proof confluence avoids necessity for proof enumeration (implicit via
backtracking or explicit via breadth-first search).
2. In a proof confluent framework, open branches where rules were
exhaustively applied indicate satisfiability and allow construction of
counter models (+ simple completeness proof).
Main problem: How to deal with destructive (Closure) rule?
Allow it A strongly complete, destructive tableau proof procedure
Does it exist? Have to deal with fairness of (Closure)!
Avoid it Replace (Closure) with something non-destructive
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
13 / 21
A Classification of Tableau Calculi
(Tableau) Calculus
Proof Confluent
Destructive
Non-destructive
1. Incomplete search
1. Ground tableaux
2. Global fairness
2. Sentence tableaux
Not Proof Confluent
Destructive
Breadth-First
3. Instance-based TP 3. Delayed closure
4. Model Evolution
4. Incremental closure
Backtracking
1. Model elimination
2. Connection method
3. Connection tableaux
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
14 / 21
The Proof Confluent, Non-Destructive Case
Avoid destructiveness
Assuming a fair computation rule for (Extension)
1 Ground/Propositional Clause Tableaux
S quantifier-free: all MGUs are empty, (Closure) non-destructive
I
I
Not available for general FOL
Possible to extend to clauses in range-restricted form
2 Smullyan or Sentence Tableaux [Smullyan, 1968]
I
I
In (Extension), instead of new instances, use ground instances
Generate these ground instances systematically on each branch
Discussion:
I Enumeration of ground terms very inefficient way to search
I Incomplete, heuristic “triggers” can work well in specific situations
(used as instantiation patterns in SMT solvers and KeY)
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
15 / 21
The Proof Confluent, Non-Destructive Case Cont’d
Delay destructiveness
Assuming a fair computation rule for (Extension)
3 Delayed Closure Rule
Apply (Closure) only when all branches can be closed simultaneously
I Cannot discard closable branches: space problem
I Repeated closure test of same branches
4 Tableaux with Incremental Closure [Giese, 2001]
At each tableau node maintain constraint system characterizing all
possible closures of the subtree below it without applying them
I Many tricky implementation issues, system PrInS
I Several faulty implementation attempts exist in literature
I System Princess FOL+LIA won TFA division of CASC 2012
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
16 / 21
A Classification of Tableau Calculi
(Tableau) Calculus
Proof Confluent
Destructive
Non-destructive
1. Incomplete search
1. Ground tableaux
2. Global fairness
2. Sentence tableaux
Not Proof Confluent
Destructive
3. Instance-based TP 3. Delayed Closure
4. Model Evolution
Backtracking
Breadth-First
4. Incremental closure
1. Model elimination
2. Connection method
3. Connection tableaux
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
17 / 21
The Proof Confluent, Destructive Case
1 Accept Incompleteness
Limit number of instances or size of MGUs to achieve finiteness
I
Nature of incompleteness also practical problem
2 Global Fairness [Beckert, 2001]
Fairness takes (Extension) and (Closure) into account
A strongly complete, destructive tableau proof procedure
I
Computation rule requires to keep closed branches
I
Was never properly implemented due to its complexity
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
18 / 21
The Proof Confluent, Destructive Case Cont’d
3 Instance-Based Theorem Proving “Third Stream”
Compute from MGU in (Closure) clause instances that are added to S
Moves fairness issue from (Closure) to (Extension) where easier to handle
Disconnection Method [Billon, 1996] not properly implemented
Hyper Tableaux [Baumgartner, 1998] one variant discussed later
Disconnection Tableaux [Letz & Stenz, 2001] System DCTP
Related, but not tableau-based: system iProver by K. Korovin
(see also Separate lecture on Instance-Based Theorem Proving)
4 Model Evolution [Baumgartner & Tinelli, 2003]
Use MGUs to maintain partial Herbrand model as non-ground literal set
I
Atoms in model are universal literals wrt their variables
I
Systems Darwin, E-Darwin
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
19 / 21
A Classification of Tableau Calculi
(Tableau) Calculus
Proof Confluent
Destructive
Non-destructive
1. Incomplete search
1. Ground tableaux
2. Global fairness
2. Sentence tableaux
Not Proof Confluent
Destructive
Breadth-First
3. Instance-based TP 3. Delayed Closure
4. Model Evolution
4. Incremental closure
Backtracking
1. Model elimination
2. Connection method
3. Connection tableaux
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
20 / 21
The Non-Proof Confluent Case
For each choice of (Closure)/(Extension) and MGU in (Closure)
explore all possible tableaux
Breadth-First Search
I Each node in search tree is a tableau, proofs are success nodes
I
S finite, branches finite, only MGUs: branching degree finite
I
Space inefficiency
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
21 / 21
The Non-Proof Confluent Case
For each choice of (Closure)/(Extension) and MGU in (Closure)
explore all possible tableaux
Depth-First Iterative Deepening Search (DFID)
Space-efficient implementation of breadth-first search
I
Enumerate tableaux until finite limit via backtracking + increase
I
Used in practice for all non-confluent proof procedures
Next lectures discuss a number of variants of clause tableaux, some of
which are non-proof confluent already for ground calculus
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
21 / 21
Peter Baumgartner.
Hyper Tableaux — The Next Generation.
In H. de Swart, ed., Proc. Automated Reasoning with Analytic Tableaux and Related Methods, Oosterwijk, The
Netherlands, vol. 1397 in LNCS, pp. 60–76. Springer, 1998.
Peter Baumgartner and Cesare Tinelli.
The model evolution calculus.
In F. Baader, ed., 19th Intl. Conf. on Automated Deduction, Miami Beach, FL, USA, vol. 2741 of LNCS, pp. 350–364.
Springer, 2003.
Bernhard Beckert.
Depth-first proof search without backtracking for free-variable clausal tableaux.
Journal of Symbolic Computation, 36:117–138, 2003.
Jean-Paul Billon.
The disconnection method: a confluent integration of unification in the analytic framework.
In P. Miglioli, U. Moscato, D. Mundici, and M. Ornaghi, ed., Proc. Automated Reasoning with Analytic Tableaux and
Related Methods, Terrassini, Italy, vol. 1071 in LNCS, pp. 110–126. Springer, 1996.
Martin Giese.
Incremental closure of free variable tableaux.
In R. Goré, A. Leitsch, & T. Nipkow, eds., Proc. Intl. Joint Conf. on Automated Reasoning IJCAR, Siena, Italy, vol.
2083 of LNCS, pp. 545–560. Springer, 2001.
Reinhold Letz and Gernot Stenz.
Automated theorem proving proof and model generation with disconnection tableaux.
In R. Nieuwenhuis & A. Voronkov, eds., Proc. Logic for Programming, Artificial Intelligence & Reasoning, Havana,
Cuba, vol. 2250 of LNCS, pp. 142–156. Springer, 2001.
Raymond M. Smullyan.
First-Order Logic.
Springer-Verlag, New York, 1968.
ATP: Proof Procedures
TU Darmstadt, Software Engineering Group
140516
21 / 21