CENTRAL CIRCULATION BOOKSTACKS The person charging this material is re- sponsible for its renewal or its return to the library from which it was borrowed on or before the Latest Date stamped ftfS «?< 2K bC Charfled a ™i"lmum fee of $75.00 for each lost book. ^ .* § " * "T" "***■ •' ^k. «. „.„„, Z £*S7 ocWo " ond moy r " u,, ,n *■— *- TO RENEW CAll TELEPHONE CENTER, M3-8400 J JN.VERSITY Of IUINOIS UBRA»Y AT F UMANA-CHAMPAICN APR 5 199 When renewing by phone, write new due date below previous due date. Ll62 I, vno L- UIUCDCS-R-79-961 UILU-ENG 79 1706 2 Theorem Proving with Abstraction, Part I by David A. Plaisted February 1979 THE UBRARX OE THE APR 1 1 19J9 UNIVtKbllT OMLUNQiS Digitized by the Internet Archive in 2013 http://archive.org/details/theoremprovingwi961plai UIUCDCS-R-79-961 Theorem Proving with Abstraction, Part I by David A. Plaisted Department of Computer Science University of Illinois at Urbana-Champaign Urbana, Illinois 61801 February 1979 This research was supported in part by the National Science Foundation under MCS 77-22830. Abstract A class of mappings called abstractions are defined, and examples of abstractions are given. These functions map a set S of clauses onto a possibly simpler set T of clauses. Also, resolution proofs from S map onto possibly simpler resolution proofs from T. In order to search for a proof of a clause C from S, it suffices to search for a proof from T and attempt to invert the abstraction mapping to obtain a proof of C from S. Some theorem proving strategies based on this idea are presented. Most of these strategies are complete. A method of using more than one abstraction at the same time is presented in Part II. This requires the use of "mul ticlauses" , which are multisets of literals, and associated "m-abstraction mappings" on mul ticlauses. Certain abstractions are especially interesting, because they correspond to particular interpretations of the set S of clauses. The use of abstractions permits the advantages of set-of-support strategies to be realized in arbitrary complete non set-of-support resolution strategies. Acknowledgements I would like to thank Marcia Copley for her dedicated typing of this and other papers. The support and encouragement of the Department of Computer Science at the University of Illinois is also appreciated, as is the financial support of the National Science Foundation. Table of Contents 1. Introduction 1 2. Ordinary Abstractions 5 2.1 Examples of abstractions 8 2.2 Algebraic properties of abstractions 11 2.3 Justification of the definition 14 2.4 Abstractions of resolution proofs 15 2.5 Terminology relating to proofs 19 2.6 Procedures on abstracted proofs 24 2.7 Properties of the procedures 29 2.8 A complete strategy for abstractions 35 3. Conclusions 46 4. References 47 List of Notations Used T a resolution proof C arbitrary clause in a proof D an abstraction of C Result(T) result (final clause) of a proof T C result of a proof D' an abstraction of C B clause obtained from abstractions by resolution f abstraction mapping Res(T) set of resolutions in a proof T Nodes (T) set of nodes in a proof T N, N' nodes in a proof d depth of a node in a proof label (N) label of a node N < Nl , N2, N3> a resolution (a triple of nodes) R, M relations between clauses, proofs T t U the proof U is an abstraction of the proof T via abstraction mapping f V, W, X, Y, Z proofs, usually abstracted proofs ■1- 1. INTRODUCTION The use of analogy seems to be helpful in many areas of problem solving P,2]. We present a particular kind of analogy which applies to theorem proving in the first-order predicate calculus. In particular, given a problem A, we convert it to a simpler problem D. If A has a solution, then B does too, and one of the solutions to B will have a structure similar to the structure of a solution to A. Therefore, we can use solutions to B as guides in searching for solutions to A. In this way, we avoid even looking at possible solutions to A that do not correspond to any solution to B. Of course, B may have solutions even if A does not. In part I of this paper, we apply this idea to resolution theorem proving in the first-order predicate calculus [3]. The approach seems sufficiently general to apply to other sets of inference rules and to higher-order logics as well. We define a class of mappings called "abstraction mappings" which satisfy certain properties. These mappings convert a set of clauses A into a simpler set of clauses B. Also, proofs in A correspond to proofs in B having a similar structure. We present several such abstraction mappings, and give a general method for obtaining such mappings. Both syntactic and semantic mappings are considered. A useful class of non-trivial semantic abstractions can be generated completely automatically. We then present some incomplete and complete theorem proving strategies based on abstractions. These strategies can guide the search for a proof of a particular consequence of a set of clauses, as well as guiding the search for a proof that a set of clauses is inconsistent. Some new inference rules related to resolution are discussed in Part II -2- n particular, we introduce "m-clauses," which are multisets of literals, rhal is, with each literal in the m-clause, a count is kept of "how many times it occurs" in the m-clause A version of resolution called m- resolution is defined for m-clauses. In addition, m-abstractions are defined. These map a set A of m-clauses onto a simpler set B, such tnat m-resolution proofs from A map onto m-resolution proofs in B having the same shape. The advantage of m-abstractions is that they preserve much more of the structure of a proof than do ordinary abstractions. As a consequence, theorem proving strategies based on m-abstractions are much simpler and much more elegant than strategies based on ordinary abstractions. Also, there are strategies that use more than one m-abstraction at the same time. This corresponds to the use of more than one analogy at the same time. In this way we get a very restrictive search strategy, which has no known counterpart in ordinary resolution and ordinary abstractions. All the strategies which we present that are based on m-abstractions are complete. Bounded m-clauses are discussed next. They are m-clauses in which less information about the number of occurrences of a literal in a clause is kept. Abstractions and complete theorem proving strategies based on bounded m-clauses are presented. The advantage of bounded m-clauses is that the abstracted search space is often finite, and can he searched exhaustively without excessive effort. A related kind of clause called an "interval m-clausi i r , al r ,o discussed. Next we present a particular kind of abstraction which seems to correspond to an "incompletely specified diagram." That is, these abstractions are related to interpretations of a set of clauses in which part of the interpretation is not fully described. The use of these abstractions seems orrespond to the human problem-solving approach in which diagrams are drawn with dots and vague areas to indicate unimportant features. Other classes -abstractions and houndr-d m-abstractions are also mentioned. -3- The use of abstractions and related methods of analogy gives a way to use semantic information and specialized knowledge in a general, hierarchical theorem proving strategy. The basic idea is to construct an outline of a proof and fill in the details later. This strategy is a global strategy and avoids the "myopia" of most theorem provers. That, is, each step of the search is controlled in a meaningful, non-trivial way by the structure of the problem as a whole rather than by local information such as whether two clauses can resolve according to a certain strategy. We view such local behavior as one of the greatest weaknesses of current theorem provers. This use of analogy has the additional advantage that the search strategy becomes more and more restrictive as the depth of inference becomes larger and larger. Near the end of the search, the number of choices is restricted more than in the middle, even though the strategy is based on forward reasoning. This contrasts with conventional strategies, in which the search space seems to grow exponentially in size with increasing depth. The use of abstraction also allows for the possibility of several levels of abstraction, each level keeping less information than the preceding level. The search at each level can be guided by the search at the next higher level of abstraction. One advantage of abstraction is that it automatically selects from the input clauses those clauses which seem relevant to the given problem. Thus we get the advantages of "set-of-support" strategies. However, the search strategies based on abstraction turn out to be compatible with other complete resolution strategies such as lockinn resolution and Pl-deduction. Therefore, we can get the advantages of set-of-support strategies in resolution strategies that are not directly compatible with the set-of-support restriction This compatibility should be particularly useful when there is a large number of input clauses, not all of them relevant to the given problem. We use a fairly standard notation for programs. For loops, we use the loop . . . wh i 1 e . . . repeat and the loop . . until . . repeat constructs. The while and until clauses may occur at the beginning or at the end of the loop. Also, if A(x, , x ? , ..., x ) is a Boolean-valued expression over the free variables x, , Xp, ..., x , then we use there exist x, , x~, . . . , x such that A(x, , x~, . . . , x ) in the fol lowing way: The value of this expression is TRUE if 3x,3x 2 ..3x A(x, , x ? , ..., x ) is true, and FALSE otherwise. If the value is TRUE, then x, , x , ..., x are 12 n assigned values making A(x, , x^, ..., x ) true. Thus we can write if there exist x, , Xp, • . • , x such that A(x-, , x ? , . . . , x ) then [do something with x,, Xp, ..., x ] else ... fi_. This allows us to write programs without specifying the details of how x, , x ? , ..., x satisfying A(x-|, Xp, ..., x ) are actually found, if they exist. -5- 2. ORDINARY ABSTRACTIONS Standard resolution theorem proving terminology will be assumed [4]. In particular, we say a clause CI subsumes a clause C2 if there is a substitution 8 such that Cle is a subset of C2. Also, clauses C and D are variants if they are instances of each other. That is, C and D are the same except for a renaming of variables. Definition . An abstraction is an association of a set f(C) of clauses with each clause C such that f has the following properties: 1. If clause C3 is a resolvent of CI and C2 and D3 e f(C3) then there exist Dl E f (CI ) and D2 E f(C2) such that some resolvent of Dl and D2 subsumes D3. 2. f(NIL) = {NIL}. (NIL is the empty clause.) 3. If CI subsumes C2, then for every abstraction D2 of C2 there is an abstraction Dl of CI such that Dl subsumes D2. If f is a mapping with these properties then we call f an abstract!" on mapping, of clauses. Also, if D E f(C) we call D an abstraction of C. Abstractions usually also satisfy the property that f(C) is a tautology if C is. Definition . A weak abstraction is an association of a set f(C) of clauses with each clause C such that f has the following properties: 1. If clause C3 is a resolvent of CI and C2, and D3 e f(C3), then there exist Dl E f (CI ) and D2 E f(C2) such that either Dl subsumes D3 or D2 subsumes D3 or some resolvent of 01 and D2 subsumes D3. -6- 2,3. As in the definition of abstraction. If f is such a function, we call f a weak abstraction mapping of clauses. If clause D is in f(C), we call D a weak abstraction of C. The following result gives us a fairly general method of constructing abstractions. Later we will see other methods. Theorem 2.1 . Suppose $ is a mapping from literals to literals. Let us extend $ to a mapping from clauses to clauses by (C) = {^( L) : L e C}. Suppose satisfies the following two properties: 1. (L) = ^"(L). That is, preserves complements. 2. If C and D are clauses and D is an instance of C, then (D) is an instance of (C). That is, preserves instances. Then is an abstraction mapping. To be precise, f is an abstraction mapping where f(C) = {(C)}. Proof . All properties are easy to verify except property 1. We do this as follows: Suppose C3 is a resolvent of CI and C2. Then there exist Al ,A2 such that Al c CI and A2 c C2 and there exist substitutions al ,a2 such that Alal = {L} and A2a2 = {L} for some literal L. Let al ,a2 be most general such substitutions, and suppose that C3 = (CI - Al)al u (C2 - A2)a2. We desire to show that 4>(C3) is subsumed by a resolvent of 4>(C1) and (C2). Now, (L)} and <{>(C2a2) = ((C2 - A2)a2) u U(L)}. Also, *(L) = 4>(L) by properties of . Thus ((Cl - Al)al) u ((C2 - A2)a2) is either a resolvent of ^(Clal) and (C2a2) or has a proper subset which is a resolvent of i(Clul) and (L) e *((C1 - Al)al), -7- for example.) Note that (C3) = <|>((C1 - Al)«l) u <},((C2 - A2)a2). Hence some resolvent of <|>(Clal) and (C2a2) subsumes 4> ( C3 ) . However, ^(Clal ) is an instance of 4>(C1) and (C2a2) is an instance of (C2) by properties of <|>. Hence by properties of resolution, some resolvent of 4>(C1) and (C2) subsumes 4>( C3) . We could prove a similar theorem if we let be a relation between literals and literals, and if we required 4 to have the appropriate properties The following result is more general. Theorem 2.2 . Suppose F is a set of mappings from literals to literals. Suppose that for all 4 e F, for all literals L, 4>(L) = 4(L) . If C is a clause, let 41(C) be (4>(L):L e C}, as usual. Suppose that if clause D is an instance of clause C, then for all 4>2 e F there exists 4>1 e F such that 4>2(D) is an instance of 4>1(C). Define f by f(C) = £ 4>( C ) : cj> e F}. Then f is an abstraction mapping. Proof . As before, properties 2, 3, and 4 of abstractions are easy to verify. We show that f satisfies property 1. Suppose C3 is a resolvent of CI and C2. Then there exist sets A1,A2 of literals such that Al c CI and A2 c C2 and there exist substitutions al and a2 such that C3 = (CI - Al)al u (C2 - A2)a2. Also, for some literal L, Alal = (U and A2a2 = {I}. We desire to show that for all 43 e F, there exist 4>1 e F and 4>2 e F such that 4>3(C3) is sub- sumed by a resolvent of 4>1(C1) and 4>2(C2). Let 4>1 and 4>2 be such that 3(Clal) is an instance of 4>1(C1) and 43(C2a2) is an instance of 2(C2). Such l and 3(C3) = 3((Cl - Al)al) u «j,3((C2 - A2)a2). Also, <|)3(Alal) = {<|>3(L)} and 3(A2a2) = {3(L)} = {cf>3(L)}. Hence as before, 4>3(C3) has a subset (possibly a proper subset) which is a resolvent of <|>3(Clal) and 4)3(C2a2). Therefore, since 3(Clal) is an instance of 4>1 ( CI ) and <(>3(C2a2) is an instance of 2(C2) , 3(C3) is subsumed by some resolvent of 4>1(C1) and 2(C2). If f is an abstraction mapping as in the above theorem, then we say f is defined in terms of literal mappings . Not all abstractions are defined in terms of literal mappings. 2.1 EXAMPLES OF ABSTRACTIONS Using these theorems, we can construct many abstractions. We now give some examples of abstractions, all of which can be obtained from the above theorems. The first syntactic abstraction example can be obtained from Theorem 2.2; the other syntactic abstraction examples can be obtained from Theorem 2.1. The semantic abstraction example can be obtained from Theorem 2.2. Examples o{) Syntactic Ab&tAactLoni 1. The ground abstraction. If C is a clause, then f(C) = (C':C is a ground instance of C}. Note that f(C) will usually be an infinite set of clauses. 2. The propositional abstraction. If C is the clause {L, ,L 2 ,. . . ,L. } then f(C) is {C} where C is the clause {L' ,Lp,. . . ,L£} and L! is defined as follows, for 1 <_ i <_ k: If L i is of the form P(t, t ) then L] is P. If L i is of the form HP(t 1 ,. . . ,t ) then L! is HP. Thus f(C) is a clause in the propositional calculus. -9- Renaming predicate and function symbols. For clause C, f(C) = {C} where C is the clause in which all function and predicate symbols of C have been renamed in some systematic way. The renaming need not be one-to-one; two distinct predicate or function symbols may be renamed to the same symbol. However, a predicate symbol and a function symbol may not be renamed to the same symbol . Changing signs of literals. Let Q be a set of predicate symbols. If C is the clause {L, ,...,!_,} then f(C) is {C} where C is the clause {!_-!,. ..,!_'} and L! is defined as follows, for 1 < i <_ k: If L. is of the form P(tp...,t ) and P e Q then L: is np(t r ...,t n ). If L i is of the form np(t 1 ,...,t ) and P e Q then L! is P(t,,...,t ). Otherwise, L! i In l is L r Permuting arguments. For clause C, f(C) = {C 1 } where C is C with the order of the arguments of certain function or predicate symbols changed in some systematic way. Deleting arguments. For clause C, f(C) = {C} where C is C with certain arguments of certain function or predicate symbols deleted. For example, g(t, ,...,t ) may be replaced by q(t ? ,...,t ) everywhere. Note that the proposi tional abstraction is a special case of this (all arguments of all predicate symbols are deleted). 10- Examplz o& a Semantic AbA&iaction With each clause C, we associate a set f(C) of clauses as follows: Let I be an interpretation of the set of clauses over some set of function and predicate symbols. Let V be the domain of the interpreta- tion I. The interpretation I can treat equality as any other predicate symbol. That is, we may have a, = a„ true in I even if a, and a ? are distinct elements of V. With each ground literal of form P(t, »...,t ) we associate the literal P(a,,...,a ) where a. c V and a- is the value of t. in the inter- pretation I, for 1 <_ i < n. With the literal P(t, ,...,t ) we associate P(a r ...,a n ). With each ground clause C = {L,,...,L, } we associate C = {U,...,LM where I', is associated with L. as indicated above. If CI is an arbitrary clause then f (CI ) = {D: D is associated with C for some ground instance C of CI}. We call f the I-abstraction or the abstraction obtained from I. Example: If 7 is the usual interpretation of arithmetic then with the clause fl(x C2: {Pl(y,y),P2(y)} D2: {PI (y) ,P2(y) } C3: {P2(f(x))} D3: {P2(f(x))} The only resolvent of Dl and D2 is (P2(y)}, which is not a subset of {P2(f(x))K However, (P2(y)l does subsume (P2(f(x))}. 2.4 ABSTRACTIONS OF RESOLUTION PROOFS We now show how abstractions can be used to guide the search for a proof of a clause C from a set S of clauses. First we show that if there is a proof of C from S, then there is an "abstracted proof" of something subsuming an abstraction of C, from abstractions of clauses in S. We then describe procedures which, given an abstracted proof, attempt to reconstruct the original proof. Although this is not always possible, we are able to give a complete theorem proving strategy which uses abstracted proofs as a guide in searching for a proof of C from S. If f is an abstraction mapping and S is a set of clauses, then we write f(S) to indicate u{f(C): C c S}. ■16- Theorem 2.5 . Suppose S is a set of clauses and f is an abstraction mapping or a weak abstraction mapping for S. Suppose C is a clause derivable from S by resolution and D 1 e f(C'). Then there is a clause B' derivable from f(S) by resolution, such that B* subsumes D'. Proof . By induction on the depth of the proof of C. If C e S, the theorem is true since we can choose B' to be D'. Suppose C is a resolvent of CI and C2, where CI and C2 can be derived from S by proofs of depth less than the depth of the proof of C. Suppose Dl is a weak abstraction of CI such that Dl subsumes D'. Applying the theorem inductively ; there must be a clause Bl derivable from f(S) by resolution, such that Bl subsumes Dl . Hence Bl subsumes D 1 . Suppose Dl and D2 are abstractions or weak abstractions of CI and C2, respectively, such that some resolvent D of Dl and D2 subsumes D'. The clauses Dl and D2 must exist, if the preceding case does not apply. Applying the theorem inductively, there must exist clauses Bl and B2 derivable from f(S) such that Bl subsumes Dl and B2 subsumes D2. It follows by the properties of subsumption that either Bl subsumes D or B2 subsumes D or some resolvent B of Bl and B2 subsumes D. Hence either Bl subsumes D 1 or B2 subsumes D' or some resolvent B' of Bl and B2 subsumes D'. This completes the proof. Note that the derivation of B from f(S) will have depth not more than the depth of the derivation of C from S. Corollary: If S is inconsistent so is f(S). -17- Proof . Take C to be NIL. Then D' is also NIL, by properties of abstraction and weak abstraction mappings. Since B' subsumes D', B' must be NIL also. Since B' is derivable from f(S), f(S) is inconsistent, This theorem can be used to show that S is consistent, but its main value for us is in the information that a proof in f(S) can aive us about the structure of a possible proof in S. Here are some examples. Example 1. Consider the following proof: P(x), Q(x), R(x) P(x) \ / Q(a) Q(x), R(x) ^ / R(a) Suppose f is the propositional abstraction. Thus P(t,-..t ) is replaced by P, P(t, ...t ) is replaced by P, et cetera. We have the following abstracted proof: P, Q, R P \ / Q Q, R Example 2. Consider the following proof: P(a), P(b), 0(c) P(a) \ / P(b), R(d) P(b), Q(c) v / 0(c), R(d) -18- Suppose f is the propositi onal abstraction. We have the following abstracted proof: P, Q P N / Q Note that we lost the literal P from {P, Q} when resolving with P, even though the literal P(b) remains in (P(b), Q(c)}. Example 3. P(a), P(b), Q(c) P(a) \ / Q(c), Q(b) P(b), Q(c) \ / P(b), Q(b) Let f be the propositional abstraction, as before. We have the following abstracted proof: P, P \/ Q, Q Q Note that we include { Q, Q } in the abstracted proof, even though it is a tautology. This is not necessary here, but will turn out to be useful later, when we require the abstracted proof to have the same shape as the original proof. •19- 2.5 TERMINOLOGY RELATING TO PROOFS We now introduce some terminology which will help to describe and analyze various procedures for using abstracted proofs as a guide in the search for a proof of a clause C from a set S of clauses. From now on we consider only abstractions, not weak abstractions, since weak abstractions are not as useful in devising theorem proving strategies. We consider clauses that are variants to be identical. This can be accomplished by choosing variables in clauses in some canonical way. Although testing if two clauses are variants is in general polynomial ly equivalent to graph isomorphism, in practice this test is not difficult. If variants are not considered to be identical, then there might be many more possible resolvents of two clauses, since many resolvents might be variants of each other. Definition . A resolution proof T is an finite set of nodes together with a set of triples of these nodes. Also, each node N has a label, written label (N), which is a clause. No two distinct labels of nodes of T may be variants, but the same clause may label more than one node of T. If ( N1,N2,N3 ) is a triple of nodes of T, then we require label (N3) to be a resolvent of label (Nl) and label (N2). We refer to the set of triples of T by Res(T) and the set of nodes by Nodes(T). Each triple is called a resolution . We require that if (N1,N2,N3> e Res(T) then e Res(T). A node of T that is not the third component of any triple of T is called an initial node of T. The label of such a node is called an initial clause of T. A node that is not the first or second component of any triple of T is called a terminal node -20- of T. The label of such a node is called a terminal clause of T. Finally, we require that there be a function "depth" mapping from nodes of T into nonnegative integers, such that a) depth(N) = for all initial nodes N of T b) depth(N) = 1 + min {max (depth(Nl), depth(N2)): ( N1,N2,N3> e Res(T)}. We call depth(N) the depth of the node N. Thus a resolution proof is a special kind of "hypergraph" with labeled nodes. Note that a single node by itself, with a label, is a permissible resolution proof. The existence of a depth function insures that no node is used to derive itself. Thus the proof has no "loops". We sometimes refer to the triple < N1,N2,N3> of a proof T by < C1,C2,C3>, where CI = label (Nl), C2 = label (N2), and C3 = label (N3). Definition . Suppose Tl and T2 are resolution proofs. We say that Tl and T2 are isomorphic if there is a 1-1 mapping a from Nodes(Tl) onto Nodes(T2) such that < Nl ,N2,N3> e Res(Tl) iff e Res(T2), and such that for all nodes N of Nodes (Tl), label(N) = label(c(N)). Thus Tl and T2 are identical except for a renaming of nodes. We call o an isomorphism between Tl and T2. Definition . If S is a set of clauses, then a resolution proof from S is a resolution proof in which the labels of all initial nodes are clauses in S. Definition . If Tl and T2 are resolution proofs, we write Tl c T2 to indicate that Res(Tl) is a subset of Res(T2) and that Nodes(Tl) is a subset of Nodes(T2). We call Tl a sub-proof of T2. -21- If all initial nodes of Tl are also initial nodes of T2, we call Tl an initial sub-proof of 12. Definition . If T is a resolution proof and e Res(T), then we call Nl and N2 predecessors of T. We call N3 a successor of Nl and N2. Definition . The depth of a resolution proof T is the maximum depth of any node of T. The depth of a resolution of T is the depth of N3 in T. If label (N) = C, we often refer to the depth of C instead of the depth of N. Note that C may have more than one depth in T. If T is a resolution proof and clause C is the label of some node of T, then we say that C appears in T. Speaking informally, we say that C is an element of T. Definition . If the terminal clause C of a resolution proof T is unique, then we define Result(T) to be C. Note that C may appear at more than one node of T, but C must appear at the terminal node of T. Definition . Suppose S is a set of clauses and C is a clause. A resolution proof of C from S is a resolution proof T from S such that C is the label of some node of T. Definition . Suppose T is a resolution proof from S. Then we say T is a minimal resolution proof from S if a) T has exactly one terminal node (call it N) and b) no initial sub-proof of T other than T itself has N as a terminal node. -22- Note that if T is a minimal proof from S, then Result(T) is defined. A minimal proof need not be minimal in the usual sense. It could be that the terminal clause of T appears at more than one node of T, or that other clauses of T appear at more than one node of T. That is, some lemmas may have been derived more than once. We say T is a minimal proof of C from S if T is a minimal proof from S and Result(T) = C. If T is a minimal proof from S, then each node of T is the third component of at most one resolution of T (to be precise, at most two resolutions of T since if e Res(T) then e Res(T) also). This is an example of a minimal resolution proof of P3 from {P1,PT v P2, P2 v P3}. Let the proof T be defined to have nodes Nl ,N2,N3,N4,N5. The labels are PI, PT v P2, P2 v P3, P2, and P3, respectively. The triples are {, < N2,N1,N4> , < N4,N3,N5> , < N3,N4,N5>}. This corresponds to the following proof: PI PT v P2 P2 P2 v P3 P3 \/ Definition . Suppose T and T' are two resolution proofs. Then we say T and T have the same shape if there is a relation 'V between nodes in T and nodes in V such that 'V has the following properties: 1. For all nodes N of T there exists a node N' of T 1 such that N ^ N', and for all nodes N' of T' there exists a node N of T such that N ^ N'. -23- 2. Suppose is a resolution of T (that is, an element of Res(T)) and (N1',N2',N3') is a resolution of T' . Suppose N3 ^ N3'. Then either Nl % NT and N2 ^ N2', or Nl % N2' and N2 * NT . Both may be true if Nl = N2 or NT = N2'. 3. Suppose N is a node of T and N 1 is a node of T 1 and N ^ N'. Then N is initial in T iff N' is initial in T', and N is terminal in T iff N' is terminal in T'. 4. The relation "^" is a 1-1 relation between terminal nodes of T and T' . In this case, we call 'V a shape correspondence between T and T'. Property 1 of shape correspondences is actually a logical consequence of properties 2,3, and 4. The basic idea of shape correspondence is that if T and T' are expressed as sets of resolution Droof trees , then these sets of trees will have the same shape (ignoring the labels of the nodes in the trees). We write T-v T 1 if 'V is a shape correspondence between T and T'. Note that the relation of having the same shaDe is an equivalence relation. Also, if T ^ T' then the depths of T and T 1 are equal . We extend a shape correspondence 'V between T and T' to a relation between resolutions of T and T' as follows: Suppose e Res(T) and (Ml ' ,N2 ' ,N3 '> e Res(T'). Then we say ^ < NT ,N2 ' ,N3' > if Nl % Nl ' , N2 \ N2\ and N3 x N3\ or if Nl % N2', N2 * NT, and N3 % N3'. If Tl and T2 are resolution proofs and 'V is a shape -24- correspondence between Tl and T2, then we say CI ^ C2 iff there exists node Nl of Tl and node N2 of T2 such that CI = label (Nl) and C2 = label (N2) and Nl % N2. Definition . Suppose R is a binary relation on clauses. We extend R to a binary relation on resolution proofs in the following way: R(U,u") is true iff U and U' have the same shape, and there exists a shape correspondence 'V between U and U' such that C ^ C implies R(C,C) for all clauses C in U and all clauses C in U" . Suppose Rl and R2 are binary relations on clauses and U and U' are resolution proofs. Then we say (Rl ;R2)(U,U' ) if there is a shape correspondence 'V between U and IT such that a) if N is an initial node of U and N' is an initial node of U 1 and N ^ N' then Rl(label(N), label(N')) is true. b) if N is a non-initial node of U and N 1 is a non-initial node of u" and N % N' then R2(label(U), label(U')) is true. This allows us to specify a different relation between initial clauses than between non-initial clauses. 2.6 PROCEDURES ON ABSTRACTED PROOFS We introduce some procedures which will be useful in obtaining complete theorem proving strategies. Suppose f is an abstraction mapping on a set S of clauses. Given a proof from f(S), these procedures try to map it back onto a proof from S. Since proofs from S map onto proofs from f(S) by abstraction, we might find a proof from S in this way. Also, it will hopefully be easier to search for proofs from f(S) than to -25- search for proofs from S. However, these procedures by themselves are incomplete. Suppose V is a set of resolutions, S2 is a set of clauses, and Rl and R2 are arbitrary binary relations on clauses. We want to find all proofs V2 from S2 such that (R1;R2)(V, V2) is true. Let SI be the set of initial clauses in V. With each node N in V, we keep a set clauses(N) of clauses C having the following property: There is a proof V2 from S2 such that C is the unique terminal clause of V2, and there is an initial sub-proof VI of V such that VI is a minimal proof from SI and N is the terminal node of VI and (Rl ;R2)(V1 ,V2) is true. Note that C is derived from S2 by resolution procedure ndfind (V,S2,M1 ,M2) ; [[assume that for all initial nodes N of V, clauses(N) = {C e S2: Ml (Label (N), C) is true! and that clauses(N) = for non-initial nodes N of V]] loop wnile ( there exist nodes Nl , N2, N of V and clauses CI, C2, C such that 1. E Res(V) 2. CI c clauses(Nl) and C2 E clauses(N2) 3. C is a resolvent of CI and C2 4. C 4 clauses(n) 5. M2(label(N), C) is true); add C to cluases(N) repeat ; end ndfind; -26- Let Z be the resolution proof generated by "ndfind". It is not difficult to show that Z is the smallest proof (up to isomorphism) from S2 satisfying the following condition: If W is a proof from S2 such that (Ml; M2)(V, W) is true, then W is isomorphic to an initial sub-proof of Z. Thus "ndfind" finds all proofs W from S2 such that (Ml; M2)(V, W) is true. We are identifying clauses that are variants, as usual. We now give a recursive procedure which, given a minimal resolution proof V from SI, finds all proofs V2 from S2 such that (Ml, M2)(V, V2) is true. This procedure uses depth-first search for efficiency. If some such proof V2 exists, we would expect this procedure to be faster than "ndfind" on the average. With each node N of V, we keep the following information: clauses(N) is as in "ndfind". full(N) is TRUE if it is known that no more elements of clauses(N) can possibly be derived. Otherwise, full(N) is FALSE. Suppose N is not initial in V. Suppose < Nl , N2, N>e Res(V). Recall that we call Nl and N2 predecessors of N. (It could be that Nl = N2.) Thus label (Nl) and label (N2) are parent clauses of label (N). If N is not initial in V, then last-try(N) is the predecessor of N most recently looked at when attempting to generate new elements of clauses(N). next-try(N) is the other predecessor. If the predecessors of N are identical, then last-try(N) = next-try(N) . •27- If N is not initial in V, and Nl and N2 are the predecessors of N In V, then pairs(N) is the set of pairs {CI, C2} such that CI e clauses(Nl) and C2 e clauses(N2) and CI and C2 have been resolved together already to get elements of clauses(N) The point of keeping last-try(N) and next-try(N) is that we want to alternate between generating new elements of clauses(Nl) and new elements of clauses(N2), where Nl and N2 are the predecessors of N in V. However, when Nl or N2 becomes full, this alternation stops. procedure findclauses(V, S2, Ml, M2); [[assume Visa minimal resolution proof]] for all initial nodes N of V do full (N) - TRUE; clauses(N) +- {C e S2:M1 (label (N) , C) is true} od; for all non-initial nodes N of V do full (N) - FALSE; clauses(N) ■«- 0; let Nl, N2 be nodes of V such that e Res(V); last-try(N) *■ Nl ; next-try(N) +- N2; pairs(N) +■ qd; let N' be the terminal node of V; loop until full (N 1 ); findclausesKV, N', M2) repeat ; end findclauses; -26- procedure findclausesl (V, N, M2); [[try to add at least one clause to clauses(N)]] let Nl and N2 be nodes of V such that < Nl, N2, N > e Res(V); S «- clauses(N) ; loop wh i 1 e ( not full(N) and S = clauses (N)); if (for all CI e clauses (Nl) and for all C2 e clauses(N2), {CI, C2} z pairs(N)) then if full (Nl) and full (N2) then full (N) <- TRUE; return f± else if not full (next-try(N) ) then findclausesl (V, next-try(N), M2); next-try(N) <-> last-try(N) else findclausesl (V, last-try(N), M2) £1 fi [[findclausesl will never be called on a node N that is full, hence will never be called on an initial node]] if there exist CI e clauses(Nl) and C2 e clauses(N2) such that {CI , C2} t pairs(N) then add {CI, C2} to pairs(N); add to clauses(N) all resolvents C of CI and C2 such that M2(label(N), C) is true fi; ropeat -29- The procedure "findclausesl " is designed so that when it returns, either full(N) is true or some new clause has been added to clauses(N). Possibly more than one new clause has been added. Let W be the resolution proof from S2 generated when "findclausesl" returns. Note that W is generated implicitly, not explicitly. That is, Nodes(W) and Res(W) are not explicitly generated. Suppose "findclausesl" returns and full(N) is FALSE. Then W will contain at least one new minimal proof V2 such that (Ml; M2)(V, V2) is true. If "findclausesl" returns and full(N) is TRUE, then W will contain isomorphic copies of all minimal proofs V2 such that (Ml; M2)(V, V2) is true. (There may not be any.) As described, "findclauses" is no more efficient than "ndfind"; in fact, they both do exactly the same resolutions, given the same inputs. The advantage of "findclauses" is that the search can be stopped if a specific clause appears in clauses(N'), and the depth-first search makes it more likely that this will happen soon. We could modify "findclausesl" to return with full (N) = TRUE if clauses (Nl) = and full(Nl) = TRUE or if clauses(N2) = and full(N2) = TRUE. However, we do not do this so that "findclauses" can be used in a complete theorem proving strategy later on. 2.7 PROPERTIES OT THE PROCEVURES We now develop some concepts which will help to obtain a complete theorem proving strategy based on abstractions. We relax the concept of two proofs being the same shape. Later we will discuss another inference rule called m-resolution in which this relaxed concept is not necessary. •30- Definition . Suppose S is a set of clauses and f is an ab- straction mapping. We define a relation T ^ U between minimal resolution proofs T from S, and minimal resolution proofs U from f(S). This relation has the property that if C = Result(T), then for all D 1 e f(C'), there exists U such that T -*■ U and Result(U) is defined and Result(U) subsumes D'. We define this relation and show that it has this property, inductively. This relation is useful for analyzing the behavior of "ndfind" and "findclauses" . Suppose that T consists of a single node N with label (N) = C. Then U is any proof consisting of a single node N 1 with label (N') e f(C'). Suppose that T contains more than one node. Let N3 be the terminal node of T, and let Nl and N2 be the predecessors of N3 in T. (It could be that Nl = N2.) Let CI and C2 be the labels of Nl and N2, respectively. Let Tl be the smallest sub-proof of T whose terminal node is Nl and whose initial nodes are initial nodes of T. (Thus Tl is the portion of T used in deriving CI.) Let T2 be the smallest sub- proof of T whose terminal node is N2 and whose initial nodes are initial nodes of T. (Thus T2 is the portion of T used in deriving C2.) Suppose Tl -> Ul and Result(Ul) = Bl for some Bl subsuming an element of f(C'), where C = Result(T). Suppose Tl has more than one node. Then T - Ul also. Similarly, if T2 + U2 and Result(U2) = B2 f f for some B2 subsuming an element of f(C'), and if T2 has more than one node, then T ■+ U2. Suppose that Tl -* Ul and T2 + U2 and Bl = Result(Ul) f f f and B2 = Result(U2). Suppose that some resolvent B of Bl and B2 subsumes an element of f(C). Let U be the proof of B which consists of Ul and U2 together with the resolution ( Bl, B2, B ) (and < B2, Bl , B > ) . Then 31 T ► U. Finally, T > U is true only if T -> U can be derived by a sequence f f f of such steps. This completes the definition of this relation. We have defined this relation so that if T -*■ U and T does f not consist of a single node then U does not consist of a single node. This will be importnat later on. Theorem 2.6 . Suppose f is an abstraction mapping and S is a set of clauses. Suppose T is a minimal proof of C from S, and suppose T does not consist of a single node. Then for all D' e f(C'), there exists a proof U from f(S) such that T ■+ U and Result(U) subsumes D' , and such that U does not consist of a single node. Proof . Let Tl , T2, CI, and C2 be as in the above definition. By properties of abstractions, there exists Dl e f (CI ) and D2 e f(C2) such that some resolvent D of Dl and D2 subsumes D 1 . Applying the theorem inductively, there exist Ul and U2 such that Tl ■* Ul and T2 -> U2 and Result(Ul) subsumes Dl and Result(U2) subsumes D2. Also, if Tl does not consist of a single node, then neither does Ul , and if T2 does not consist of a single node, then neither does U2. Let Bl be Result(Ul) and let B2 be Result(U2). If Bl subsumes D', and Tl does not consist of a single node, then T -> Ul and the desired conclusion follows. Similarly, if B2 subsumes D', and T2 does not consist of a single node, then T -*■ U2 and the desired conclusion follows. If some resolvent B f of Bl and B2 subsumes D', then let U be Ul and U2 together with the resolution < Bl , B2, B > (and < B2, Bl , B > ). In this case, T ■+ U and the conclusion follows. The only case we have not considered is when no resolvent of Bl and B2 subsumes D' , and when (Tl consists of a single node or Bl does not subsume D') and (T2 consists of a single node or B2 does not subsume D'). -32- If Tl and T2 both consist of a single node, then CI e S and C2 e S and so we can choose Ul and U2 such that Bl = D1 and B2 = D2. Thus some resolvent of Bl and B2 subsumes D'. If neither Tl nor T2 consist of a single node, then neither Ul nor U2 do and so the conclusion of the theorem follows regardless of whether T -> Ul or T ■* U2 or T -> U, f f f with U as above. Suppose Tl consists of a single node and T2 does not. We know that a resolvent of Dl and D2 subsumes D 1 , and that B2 subsumes D2. It follows by the properties of resolution that either a resolvent of Dl and B2 subsumes D', or B2 itself subsumes D'. In either case, U as desired exists. The argument when Tl does not consist of a single node and T2 does is similar. This completes the proof. It is easy to see that if T -> U then the depth of U is not greater than the depth of T. The number of nodes in U may differ greatly from the number of nodes in T, however, even if T -*■ U and T and U have the same shape. In fact, the number of nodes in U may be exponentially larger or exponentially smaller than the number of nodes in T. This may also be true of the number of clauses in U and T. This is because T may make repeated use of lemmas which are "separated" in U. Or possibly U collapses many separate clauses of T into repeated lemmas. Theorem 2.7 . Suppose f is an abstraction mapping on a set S of clauses, and T is a minimal proof from S. Suppose T does not consist of a single node. Also, suppose T ■> U. Let R1(B, C) be the relation "B e f(C)" and let R2(B, C) be the relation "B subsumes some element of f(C)." Suppose findclauses(U , S, Rl , R2) or ndfind(U, S, -33- Rl , R2) is called. When the procedure (either one) exits, there will be some clause C in clauses (N) for some node N of U, such that C appears at a non-initial node of T. Thus "ndfind" and "findclauses" will make some progress towards constructing the proof T. Lemma . Suppose f is an abstraction mapping on a set S of clauses, and T is a minimal proof from S. Suppose T ■* U where U is a proof from f(S). Let T' be an initial sub-proof of T, and suppose that T' is a minimal proof. Suppose that T' ■*■ U' where U' is an initial f sub-proof of U. (Such a U' will not always exist.) Then the resolutions done by ndfind(L)' , S, Rl , R2) will be a subset of those done by ndfind(U, S, Rl , R2), and the resolutions done by f indclauses(U' , S, Rl, R2) will be a subset of those done by f indclauses(U, S, Rl , R2). Proof of Lemma . For "ndfind", the result is easy to see. For "findclauses", this result follows because of the recursive nature of "findclausesl". Note that this result would not be true for "findclauses" if we modified "findclausesl" to return with full(B) = TRUE if clauses(Bl) and full(Bl) = TRUE, or if clauses(B2) = and full (B2) = TRUE. Proof of Theorem . Note that the theorem is trivial if T consists of a single node. Suppose C is Result(T). Suppose N is the terminal node of C. Let Nl and N2 be the predecessor nodes of N in T, and let CI and C2 be the labels of Nl and N2, respectively. Thus CI and C2 are the parents of C in T. Let Tl be the portion of T used in deriving CI, and let T2 be the portion of T used in deriving C2. Thus Nl is the terminal node of Tl and N2 is the terminal node of T2. (It could be that CI and C2 occur at other nodes of T besides Nl and N2.) Assume Tl and T2 are minimal proofs from S. 34- Suppose that Tl and T2 both consist of a single node. Thus CI e S and C2 e S. Let D be the terminal clause of U, and let Dl and D2 be its parents. Suppose Dl e f (CI ) and D2 e f(C2). We know that D subsumes an element of f(C). Thus C will eventually be generated by resolution and added to clauses(N'), where N 1 is the terminal node of U, regardless of whether "ndfind" or "findclauses" is called. Therefore the theorem is true for this case. Suppose that at least one of Tl and T2 does not consist of a single node. Then either (Tl does not consist of a single node and Tl -> U), or (T2 does not consist of a single node and T2 -*■ U), or (Tl does not consist of a single node and for some Ul c U, Tl -> Ul), or (T2 does not consist of a single node and for some U2 c U, T2 -> U2). This is true by the definition of the relation ■>. In the first two cases, f we can apply the theorem inductively to Tl or T2 to obtain the desired result. In the second two cases, using the lemma, we can apply the theorem inductively to Ul and U2 to obtain the desired result. This completes the proof. The point of the theorem is that we will always make some progress towards a proof of C from S. At least one clause at a non- initial node of T will be derived. If f is a weak abstraction, this is not necessarily true. Note that the theorem is true for ndfind(V, S, Rl , R2) if T -> U and U is an initial sub-proof of V. Also, recall that the depth of U is not more than the depth of T if T | U. Thus if V represents an exhaustive resolution search to depth at least the depth of T, then "ndfind" will make some progress towards constructing the proof T. This is still true if D is chosen in f(C) and V is restricted to only contain resolutions contributing to a proof of something subsuming D. -35- Theorem 2.8 . Suppose f is an abstraction mapping on a set S of clauses, and T is a minimal proof from S. Suppose T -► U and T % U. This essentially means that U has no "subsumption steps." Then the procedures ndfind(U, S, Rl , R2) and findclauses (U, S, Rl , R2) will generate Result(T) from S by resolution. Here Rl and R2 are as in theorem 2.7. This theorem gives conditions under which an abstracted proof, by itself, is a sufficient guide to reconstruct the original proof. The result can be extended to give conditions guaranteeing that portions of T can be reconstructed, even if all of T cannot be so reconstructed. The proofs of examples 1 and 3 of section 2.4. can be completely reconstructed from their abstractions, but the proof of example 2 cannot. It will turn out that a proof can always be reconstructed from any m-abstraction of the proof. 2.8. A COMPLETE STRATEGY TOR ABSTRACTIONS The procedure "ndfind" can be used repeatedly to obtain a complete theorem proving strategy which we call "proof searchl ". The idea is to use "ndfind" on a set of abstracted proofs. Suppose S is the set of input clauses and f is the abstraction mapping. Suppose we are looking for a proof of C from S. We keep a set SI of nodes such that (label (N): N e SI} is a set of abstracted clauses. Initially, {label (N): N e SI } = f(S). Thereafter, whenever a new clause C is derived by "ndfind", nodes may be added to SI so that certain of the abstractions of C will be in {label(N): N e SI}. Suppose C can be derived from S by resolution. Each time "ndfind" is called, it will make more progress towards a proof of C from S. Eventually an entire proof of C will be found. -36- We do not know whether "proofsearchl " will be a good strategy. Perhaps it will, but strategies to be presented later seem much more desirable. These strategies are based on "m-abstractions". They are more desirable because they find the proof all at once, instead of piece by piece. Also, they permit the use of more than one m-abstraction at the same time, in a way that ordinary abstractions do not permit. However, "proofsearchl" may be useful, and it does illustrate the need for m-abstractions. This strategy constructs an "abstracted proof space" VI whose nodes are ordered pairs of the form , where B is an abstracted clause or is derived from such clauses by resolution, and n is a "modified depth" of B. The same clause B may appear at more than one modified depth. If N is the node , then we define label (N) to be B and mdepth(N) to be n. The resolutions of VI correspond to resolutions in the abstracted space. We keep modified depths because an initial node N of VI may have a label which is the abstraction of a non-initial clause C derivable from S. We may want to have mdepth(N) = depth(C) in this case. This restricts the abstracted search space in a reasonable way as various pieces of the desired proof are found. The meaning of the variables of "proofsearchl" is as follows: S : The set of input clauses. C : The clause we are trying to derive. f : An abstraction mapping. D': An arbitrary element of f(C'). -37- d : The maximum depth proof we are currently looking for. S': The set of clauses so far derived from S by resolution. SI: The set of initial nodes used in constructing V and VI. S2: The old value of SI. V : The "exhaustive" resolution search space up to depth d, generated from SI . VI: The portion of V consisting of proofs from f(S) of something subsuming D'. Now, V and VI are functions of SI, d, and D 1 alone. Furthermore, D' is constant. Therefore when SI stops changing, so will V and VI, until d is increased. In addition, the loop L2 will not do anything new unless VI changes. Hence when SI = S2, no more clauses can be generated with the current depth restriction, and so we go on to the next higher depth. procedure proofsearchl (S, C, f); [[attempt to construct a proof of C from S using abstraction mapping f, This is a complete theorem proving strategy.]] S' - S; choose D' in f(C ); SI *■ {< D, > :(3C e S)D e f(C)>; for all (D, > e SI do clauses((D, >) «- {C e S: D E f(C)} od; for d = 1 to °° while C j S' do [[look for a proof of depth d or less]] -38- Ll : loop S2 <- SI; let V be the smallest resolution proof such that a) SI c Nodes(V) b) If e Nodes(V) and (B2, d 2 > e Nodes(V) and d, < d and d~ < d and B3 is a resolvent of Bl and B2 then < B3, d 3 > e Nodes(V) and < , , > e Res(V) where d 3 = 1 + max(d-j , d^) ; let VI be the smallest sub-proof of V such that a) If < Bl , d^ e Nodes(V) and d ] <_ d and Bl subsumes D" then < Bl , d-, > e Nodes(Vl) b) If e Res(V) and N3 e Nodes(Vl) then Nl e Nodes(Vl) and N2 e Nodes(Vl) and < Nl , N2, N3 > e Res(Vl); [[note: V can be found by exhaustive search and VI can be found by deleting nodes and resolutions from V. Perhaps VI can be found by applying more levels of abstraction, also.]] [[VI represents the minimal proofs Zl from {label (N): N e SI} such that Result(Zl) subsumes D' and such that mdepth(N) < d for all N e Nodes(Zl)]] for all new nodes N of VI do clauses(N) «- od; [[The following section is a slightly modified version of "ndfind"]] L2 . lop£ while C t S' and ( there exist nodes Nl , N2, N and clauses CI, C2, C suchHETiat 1. < Nl, N2, N > e Res(Vl) 2. CI e clauses(Nl) and C2 e clauses(N2) 3. C is a resolvent of CI and C2 4. C / clauses(N) 5. label (N) subsumes some element of f(C)); 39- [[it ncay he best to choose N with the largest possible mdepiii here]] ad to SI if it is not already there; add C to clauses (< D, mdepth(N)> ) repeat L2; until SI = S2 or C E S' ; repeat LI ; od; end proofsearchl ; The last part of "proofsearchl" is almost identical to "ndfind". In a similar way, we could write a version of "proofsearchl" based on an adapted version of "findclauses". To do this, it would be necessary to modify "findclausesl " to allow a clause to have more than one set of parents. This approach would have the advantage of using a depth-first search. Therefore we would expect a proof to be found more rapidly on the average by "proofsearchl" with "findclauses" than by "proofsearchl" with "ndfind". The reason that "proofsearchl" works is this: Suppose there is a proof T of C from S such that depth(T) < d. Suppose also that no node of T is the third component of more than one resolution of T. (To be precise, we may have < Nl , N2, N3> and in Res(T), so N3 is the third component of two resolutions.) Thus T is minimal in the technical sense defined earlier. In addition, •40- suppose that no node of T occurs as the first or second component of more than one resolution of T. That is, each clause is rederived as many times as it is used. Thus T is a "resolution proof tree." Note that any proof can be expanded into a proof tree of the same depth. With each node N of T we associate an element of f(label(N)) as follows: With the terminal node of T, we associate D'. Also, if (Nl, N2, N3 > e Res(T) and D3 is associated with N3, let Dl and D2 be clauses such that Dl e f (label (Nl ) ) and D2 e f (label (N2)) and some resolvent of Dl and D2 subsumes f (label (N3) ) . We knew that such Dl and D2 exist, since f is an abstraction. Then we associate Dl with Nl and D2 with N2. There may be some freedom in the choice of Dl and D2; any choice wil 1 do. Consider the state of "proofsearchl" at the beginning of the "repeat" loop at LI. Let Wl be the set of nodes N of T such that < Dl , d, > e SI, where Dl is associated with N and d, = depth(N), and such that label (N) e clauses(). We claim that each time through this loop, Wl increases in size, unless C is derived first some other way, Hence eventually all nodes of T will be in Wl , and we will have derived C from S, unless C is derived first some other way. Let X be the set of "terminal nodes" of Wl . That is, a node N of Wl is in X iff no successors of N are in Wl. Let T2 be the portion of T used in deriving C from X. That is, T2 is a proof of C from (label (N): N e X}, and X is the set of initial nodes of T. Thus T2 is a sub-proof of T. See figure 2. We know by theorem 2.6. that there is a proof Z such that ; Z and such that Result(Z) subsumes D'. Also, it is easy to show that mdepth(Z) d, where we define mdepth(Z) to be maxfmdepth(N) : -41- N t Nodes (Z)}. Hence, in fact,Z will be isomorphic to a sub-proof of VI after VI is constructed the next time. Also, we know by theorem 2.7 that "ndfind", given Z, will make some progress towards constructing T2. Since the loop L2 of "proofsearchl " essentially simulates "ndfind" on VI, the loop L2 will also make some progress towards constructing T2. In particular, there will be some resolution < Nl , N2, N3 > of T2 in which Nl and N2 are initial nodes of T2 and there will be some resolution < NT , N2' , N3' > of VI such that a) label (Nl 1 ) is associated with Nl b) label (N2 1 ) is associated with N2 c) label (Nl ) e clauses(Nl') d) label (N2) e clauses(N2') e) label(N3) e clauses(N3' ) . By the statements at the end of L2, a new node N will be added to SI such that mdepth(N) = depth(N3) and label (N) is associated with N3 and label (N3) e clauses(N). Thus N3 will be in the set Wl the next time through the loop LI of "proofsearchl". This completes the proof. f VI SI Completeness of "Proofsearchl" Figure 2 -42- Note that T is an arbitrary proof of C from S, expanded into a "tree". Therefore "proofsearchl " is still complete if we restrict the resolutions from S according to any complete theorem proving strategy (such as locking resolution [5]). However, it is not allowable to restrict the resolutions in VI in any way. We cannot even delete tautologies from VI, or clauses that are subsumed by other clauses. For particular abstraction mappings, the resolutions in VI can be restricted, however. For example, consider the complete strategy in which predicate symbols are ordered, and in which in each resolution, the largest predicate symbols in each clause must be resolved away. Also, let f be the propositional abstraction. Suppose T is minimal resolution proof from S according to the ordering strategy defined above. Then there is a resolution proof U from f(S) such that T^U and such that U is also a proof according to the ordering strategy. Furthermore, for all clauses D e f (Resul t(T) ) , such a U exists in which Result(U) subsumes D. Hence "proofsearchl" is still complete if the propositional abstraction is used, and if resolutions in V and resolutions from S are both restricted according this ordering strategy. By similar reasoning, iff is an abstraction defined in terms of literal mappings, and if each literal mapping preserves predicate symbols of literals, then resolution with ordering of predicate symbols can be done in both the abstracted search space and in the original search space. Also, if f is an abstraction defined in terms of literal mappings, and if each literal mapping preserves signs of literals, then ■43- Pl-deduction (all-positive resolution) and hyper-resolution [6] can be done in both the abstracted space and in the original space. Similarly, a combination of hyper-resolution and ordering [7] can be done in both the abstracted space and in the original space, if f is defined in terms of literal mappings which preserve both signs and predicate symbols of literals. These restrictions to "proofsearchl " yield complete theorem proving strategies. The latter restrictions should be particularly useful when the set of input clauses is a Horn set [8] or is "almost" a Horn set (that is, there are not very many positive literals in any input clause). The program "proofsearchl" can easily be modified to test if a clause C is a logical consequence of a set S of clauses. This can be done by making use of the following fact [9 ]: If C is a logical consequence of S, then there is a clause C" derivable from S by resolution such that C" subsumes C. Furthermore, by property 3 of abstractions, there will be some abstraction D" of C" which subsumes the chosen abstraction D' of C. Therefore there is a proof from f(S) of some clause B subsuming D". Note that B subsumes D' also. It follows that some such proof of B will be in VI for large enough depth. Hence "proofsearchl" will eventually reconstruct the proof of C", if it is allowed to continue long enough. To modify "proofsearchl" to test if C is a logical consequence of S, we change the exit condition from "C e S 1 " to "some clause subsuming C is in S' ". If such a clause is found, then C is certainly a logical consequence of S. Conversely, by the above reasoning, if C is a logical consequence of S, some such clause will eventually be derived. -44- The procedure "proofsearchl " will work regardless of how D' is chosen. It would be possible, therefore, to use all abstractions of C at the same time, and to look for proofs of something subsuming any abstraction of C. That is, we could change the statement "a) If < Bl, d-j) e Nodes(V) and d ] < d and Bl subsumes D' then e Nodes(Vl)" to read "a) If < Bl , d, > e Nodes(V) and d-j <_ d and Bl subsumes some element of f(C) then < Bl , d ] > e Nodes(Vl)." We would then eliminate the statement "choose D' in f(C');" from "proofsearchl". This might yield a proof of C with fewer passes through the repeat statement. We would like to use all abstractions of C together in another way, however. In particular, suppose {f,, f~, ..., f. } is a set of abstraction mappings (not necessarily all distinct) and suppose D^ r f.j (C) for 1 <_ i <_ k. Suppose T is a proof of C from a set S of input clauses, and U. is a proof from f.(S) such that T. -> Ui i r i if. and Result(U i ) subsumes D i for 1 < i < k. Let m](D, C) be the relation "D E f.(C) 1 and let NL(D, C) be the relation "B subsumes an element of f.(C)", for 1 :_ i <^ k. Then for each i, 1 <_ i <_ k, there exist resolutions R i in T and R\ in U i such that (M];Ml)(R!, R-) is true. However, there does not necessarily exist a resolution R in T such that for all i, 1 i < k, there exists R'. in U. such that (mJ;m!)(R'. , R) is — — l i 1 2 l true. If such a resolution R were guaranteed to exist, we could restrict the search for a proof of C to resolutions R which correspond to resolutions in all the abstracted sets U . . In fact, for m-abstractions and "m-resolution" proofs, to be described, such an m-resolution R is guaranteed to exist. If k is large, it seems unlikely that a "random" iOlution R will correspond to m-resolutions in all the sets U • , -45- and so we apparently get a very restrictive search strategy. Such a strategy eliminates many irrelevant m-resolutions and does not prevent the proof of smallest depth from being found. Also, the use of many m-abstractions at once is potentially inexpensive in the amount of time and storage required. In Part II, we present two strategies based on m-abstractions. These strategies use more than one m-abstraction at the same time, and seem to be the most promising strategies presented here. We also present a simple strategy based on the use of only one m-abstraction Other strategies based on a modified kind of multiclause are also discussed. -46- 3. CONCLUSIONS We have shown how to formalize the idea of using a solution to a simple problem as a guide to the solution of a more complicated problem. This formalization makes use of "abstraction mappings", and applies to theorem proving in the first-order predicate calculus. Some examples of such abstraction mappings have been given. We have presented a complete resolution theorem proving strategy based on abstractions. This strategy permits subgoaling and depth-first search in a more natural way than most resolution theorem proving strategies do. Also, it is compatible with any complete conventional resolution theorem proving strategy. Certain abstractions correspond to particular interpretations of the input clauses. They are especially interesting because they lead to a strategy which seems to capture the intuitive idea of proving a theorem for a particular example. Furthermore, we can generate such semantic abstractions in a completely mechanical way, for interpretations with a finite domain. However, we cannot explain in the framework of this paper why semantic abstractions should be any more useful than arbitrary abstractions. In Part II of this paper we will introduce "m-abstractions", which lead to much simpler .complete strategies than those presented here. -47- 4. REFERENCES 1. Kling, R. E., A paradigm for reasoning by analogy, Artificial Intelligence 2 (1971) 147-178. 2. Munyer, J. C, Towards the use of analogy in deductive tasks, University of California at Santa Cruz (1979). 3. Chang, C. L. and Lee, R. C, Symbolic Logic and Mechanical Theorem Proving (Academic Press, New York, 1973) . 4. Robinson, J. A., A review of automatic theorem proving, Proc . Symp . Appl . Math . Amer . Math Soc . 19 (1967) 1-18. 5. Boyer, R. S. , Locking, a restriction of resolution, Ph.D. Thesis, University of Texas at Austin, Texas (1971). 6. Robinson, J. A., Automatic deduction with hyper-resolution, Internat . J. Comput . Math 1 (1965) 227-234. 7. Slagle, J. R. , Automatic theorem proving with renameable and semantic resolution, J. ACM 14 (1967) 687-697. 8. Henschen, L. and Wos, L., Unit refutations and Horn sets, J. ACM 21 (1974) 590-605. 9. Kowalski, R. , The case for using equality axioms in automatic demonstration, Symp . Automatic Demonstration (Springer-Verlag, New York, 1970) 112-127. ILIOGRAPHIC DATA •ET 1. Report No. UIUCDCS-R-79-%1 'illc and Sunt ic le heorem Proving with Abstraction, Part I 3. Recipient's Accession No. 5- Report Hate February iq7Q 6. luthor. s > David A. Plaisted 8. Performing Organization Kept. No. •rganization Name and Address Department of Computer Science 222 Digital Computer Lab University of 111 inois Jrbana, Illinois 61801 10. Proiect/Task/U'ork Unit No. 1 1. ( ontrai i drant No. NSF MCS 77-22830 sponsoring Organization Name and Address National Science Foundation Washington D. C. 13. I'ypc of Report & Period Covered 14. Supplementary Notes 1 A class of mappings called abstract b given. These functions map a set S auses. Also, resolution proofs from S Dm T. In order to search for a proof proof from T and attempt to invert the Dm S. Some theorem proving strategies ese strategies are complete. A method ne is presented in Part II. This requ ts of literals, and associated "m-abst stractions are especially interesting, stations of the set S of clauses. The t-of-support strategies to be realized solution strategies. Key lords and Document Analysis. 17o. Descriptors eorem proving, first-order predicate calculus, resolution, analogy, abstraction ions are defined, and examples of abstractions of clauses onto a possibly simpler set T of map onto possibly simpler resolution proofs of a clause C from S, it suffices to search for abstraction mapping to obtain a proof of C based on this idea are presented. Most of of using more than one abstraction at the same ires the use of "multi clauses", which are multi raction mappings" on mul ticlauses. Certain because they correspond to particular inter- use of abstractions permits the advantages of in arbitrary complete non set-of-support Identifiers Open-Ended Terms ri Field/Group •crr.ent 19. Sec urity ( lass (I his Report ) "N( 1 ASS1MI.D 20. Security ( lass (This UN( l.ASSIITII) 21. No. of I 22. Price ■ USCOMM-DC 40329-P7I m i 137S