Abstract
This work describes the Sibyl prover, an implementation of a tableau based proof procedure for multi-modal hybrid logic with the converse, graded and global modalities, and enriched with features largely used in description logics: transitivity and relation hierarchies. The proof procedure is provably terminating when the input problem belongs to an expressive decidable fragment of hybrid logic. After a description of the implemented proof procedure, the way how the implementation deals with the most delicate aspects of the calculus is explained. Some experimental results, run on sets of randomly generated problems as well as some hand-tailored ones, show only a moderate deterioration in the performances of the prover when the number of transitivity and inclusion axioms increase. Sibyl is compared with other provers (HTab, the hybrid logic prover whose expressive power is closer to Sibyl’s one, and the first-order prover SPASS). The obtained results show that Sibyl has reasonable performances.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Notes
Note that \(\textsf {HL}{\setminus } {\mathord \downarrow }\Box \) is a proper subset of \(\textsf {HL}{\setminus }\Box {\mathord \downarrow }\Box \).
Properly, the offspring relation and blockings are defined by mutual recursion on branch construction. The reader is referred to [13] for the details.
By default, (1) the equality rule and branch closure checks are applied with the highest priority. Following come (2) the @ rule, (3) the \(\textsf {A}\) rule, (4) the \(\wedge \) rule, (5) the \({\mathord \downarrow }\) rule, (6) the other universal rules, \(\Box \), \(\mathsf {Trans}\) and \(\mathsf {Link}\), (7) the blockable rules \(\Diamond \) and \(\textsf {E}\) and, finally, (8) the \(\vee \) rule.
Since hGen generated only formulae with forward relations, they were randomly replaced by the corresponding converse ones.
The first experiments with Sibyl, briefly reported in [14], used the same random test set described here. Unfortunately, in fact, hGen is no longer maintained, and could not be used to generate new problems.
The percentage of unsolved tests grows almost linearly from 0.2% in the test set with no assertions to 2.72% in the basic set.
Consider, for instance \(S_2\): the current state a is r-related, hence s-related, to exactly the two states \(a_1\) and \(a_2\) (from the first and second formulae); \(a_1\) is s-related (hence r-related) to neither \(a_1\) nor \(a_2\) (Formula 3), hence it must be r-related to some state b different from both \(a_1\) and \(a_2\). By transitivity, a is also r-related, hence s-related, to b, contradicting 2.
HTab sources can be found at https://hackage.haskell.org/package/HTab.
SPASS had already been used to test Sibyl for correctness, find out and correct bugs [14]. At that time, the language accepted by HTab was more restricted, since it did not include transitivity and relation inclusion assertions, and consequently HTab and Sibyl were not compared.
When called with a specific option, HLtranslate converts files from Sibyl input syntax to HTab one. The tool can be downloaded from Sibyl web page.
Moreover, the simplified translation of the global modalities given in Fig. 11 omits the trivial guards of the form \(x=x\) or \(y=y\).
It is fair to remark that for one of the 4860 considered problems HTab gives a “satisfiable” answer, while both Sibyl and SPASS declare it to be unsatisfiable. See also Sect. 6.3.2.
After preprocessing, the problem of size 2 without the relation inclusion assertions becomes \(S_2=\{\mathsf {Trans}(r),~\textsf {A}{\mathord \downarrow }x.\Diamond _r(p\wedge {\mathord \downarrow }y_0.x\mathord :\,\Diamond _r (p\wedge \lnot y_0), ~ \Box _r(a_1\vee a_2), ~a_1\mathord :\,(\lnot a_1\wedge \lnot a_2),~ a_2\mathord :\,(\lnot a_1\wedge \lnot a_2)\}\).
A node is a value of the main data type defined in the module Node, described later on.
Propositional letters and formulae of the form \(\Box _{R} F\) labelled by the nominal are stored in specific fields, so as to ease compatibility checks.
References
Areces, C., Blackburn, P., Marx, M.: A road-map on complexity for hybrid logics. In: Flum, J., Rodriguez-Artalejo, M. (eds.) Computer Science Logic, pp. 307–321. Springer (1999)
Areces, C., Gennari, R., Heguiabere, J., de Rijke, M.: Tree-based heuristics in modal theorem proving. In: Proceedings of the 14th European Conference on Artificial Intelligence (ECAI 2000), pp. 199–203 (2000)
Areces, C., Gorín, D.: Unsorted functional translations. Electron. Notes Theor. Comput. Sci. 278, 3–16 (2011)
Areces, C., Heguiabehere, J.: Hylores 1.0: Direct resolution for hybrid logics. In: Proceedings of the 18th International Conference on Automated Deduction (CADE-18), pp. 156–160 (2002). Previously presented in the Proceedings of Methods for Modalities 2 (2001)
Areces, C., Heguiabehere, J.: hGen: A random CNF formula generator for hybrid languages. In: Proceedings of the 3rd Workshop on Methods for Modalities (M4M-3), Nancy, France (2003)
Areces, C., ten Cate, B.: Hybrid logics. In: Blackburn, P., Van Benthem, J., Wolter, F. (eds.) Handbook of Modal Logics, pp. 821–868. Elsevier (2007)
Balsiger, P., Heuerding, A., Schwendimann, S.: A benchmark method for the propositional modal logics K, KT, S4. J. Autom. Reason. 24(3), 297–317 (2000)
Blackburn, P., Seligman, J.: Hybrid languages. J. Log. Lang. Inf. 4, 251–272 (1995)
Bolander, T., Blackburn, P.: Termination for hybrid tableaus. J. Log. Comput. 17(3), 517–554 (2007)
Cerrito, S., Cialdea Mayer, M.: An efficient approach to nominal equalities in hybrid logic tableaux. J. Appl. Non-class. Log. 1–2(20), 39–61 (2010)
Cerrito, S., Cialdea Mayer, M.: Nominal substitution at work with the global and converse modalities. In: Beklemishev, L., Goranko, V., Shehtman, V. (eds.) Advances in Modal Logic, vol. 8, pp. 57–74. College Publications (2010)
Cerrito, S., Cialdea Mayer, M.: A tableaux based decision procedure for a broad class of hybrid formulae with binders. In: Automated Resoning with Analytic Tableaux and Related Methods (TABLEAUX 2011), vol. 6793 of LNAI, pp. 104–118. Springer (2011)
Cerrito, S., Cialdea Mayer, M.: A tableau based decision procedure for a fragment of hybrid logic with binders, converse and global modalities. J. Autom. Reason. 51(2), 197–239 (2013)
Cialdea Mayer, M.: A proof procedure for hybrid logic with binders, transitivity and relation hierarchies. In: Proceedings of the 24th Conference on Automated Deduction (CADE-24), Number 7898 in LNCS, pp. 76–90. Springer (2013)
Cialdea Mayer, M.: A proof procedure for hybrid logic with binders, transitivity and relation hierarchies (extended version). Technical report. arXiv:1312.2894 (2013)
Cialdea Mayer, M.: Extended decision procedure for a fragment of HL with binders. J. Autom. Reason. 53(3), 305–315 (2014)
Cialdea Mayer, M., Cerrito, S.: Herod and Pilate: two tableau provers for basic hybrid logic. In: Proceedings of the 5th International Joint Conference on Automated Reasoning (IJCAR 2010), pp. 255–262. Springer (2010)
Donini, F.M., Massacci, F.: EXPTIME tableaux for \(\cal{ALC}\). Artif. Intell. 124(1), 87–138 (2000)
Freeman, J.W.: Hard random 3-SAT problems and the Davis–Putnam procedure. Artif. Intell. 81(1), 183–198 (1996)
Gent, I.P., Walsh, T.: The SAT phase transition. In: Proceedings of the Eleventh European Conference on Artificial Intelligence (ECAI’94), pp. 105–109 (1994)
Götzmann, D., Kaminski, M., Smolka, G.: Spartacus: a tableau prover for hybrid logic. Electron. Notes Theor. Comput. Sci. 262, 127–139 (2010). Proceedings of the 6th Workshop on Methods for Modalities (M4M-6 2009)
Grädel, E.: On the restraining power of guards. J. Symb. Log. 64, 1719–1742 (1998)
Hladik, J.: Implementation and evaluation of a tableau algorithm for the guarded fragment. In: Automated Reasoning with Analytic Tableaux and Related Methods (TABLEAUX 2002), pp. 145–159. Springer (2002)
Hoffmann, G.: Tâches de raisonnement en logiques hybrides. PhD thesis, Université Henri Poincaré—Nancy I (2010)
Hoffmann, G., Areces, C.: HTab: A terminating tableaux system for hybrid logic. Electron. Notes Theor. Comput. Sci. 231, 3–19 (2007). Proceedings of the 5th Workshop on Methods for Modalities (M4M-5)
Horrocks, I., Glimm, B., Sattler, U.: Hybrid logics and ontology languages. Electron. Notes Theor. Comput. Sci. 174, 3–14 (2007)
Horrocks, I., Patel-Schneider, P.F.: Optimizing description logic subsumption. J. Log. Comput. 9, 267–293 (1999)
Horrocks, I., Sattler, U.: A description logic with transitive and inverse roles and role hierarchies. J. Log. Comput. 9(3), 385–410 (1999)
Horrocks, I., Sattler, U.: A tableau decision procedure for \(\cal{SHOIQ}\). J. Autom. Reason. 39(3), 249–276 (2007)
Hustadt, U., Schmidt, R.A.: Simplification and backjumping in modaltableau. In: Automated Reasoning with Analytic Tableaux and RelatedMethods. TABLEAUX 1998, pp. 187–201. Springer, Berlin, Heidelberg (1998)
Kaminski, M., Schneider, S., Smolka, G.: Terminating tableaux for graded hybrid logic with global modalities and role hierarchies. Log. Methods Comput. Sci. 7(1), 1–21 (2011)
Kaminski, M., Smolka, G.: Hybrid tableaux for the difference modality. Electron. Notes Theor. Comput. Sci. 231, 241–257 (2007). Proceedings of the 5th Workshop on Methods for Modalities (M4M-5)
Kaminski, M., Smolka, G.: Terminating tableau systems for hybrid logic with difference and converse. J. Log. Lang. Inf. 18(4), 437–464 (2009)
Marx, M.: Narcissists, stepmothers and spies. In: Proceedings of the 2002 International Workshop on Description Logics (DL 2002). CEUR Workshop Proceedings, Vol. 53 (2002)
Mundhenk, M., Schneider, T.: Undecidability of multi-modal hybrid logics. Electron. Notes Theor. Comput. Sci. 174(6), 29–43 (2007)
Mundhenk, M., Schneider, T., Schwentick, T., Weber, V.: Complexity of hybrid logics over transitive frames. J. Appl. Log. 8(4), 422–440 (2010)
Nalon, C., Hustadt, U., Dixon, C.: KSP: A resolution-based prover for multimodal K, Abridged Report. In: Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence, IJCAI 2017, pp. 4919–4923 (2017)
Ohlbach, H., Schmidt, R.: Functional translation and second-order frame properties of modal logics. J. Log. Comput. 7(5), 581–603 (1997)
Pelletier, F.J.: Seventy-five problems for testing automatic theorem provers. J. Autom. Reason. 2(2), 191–216 (1986)
Schild, K.: A correspondence theory for terminological logics: preliminary report. In: Proceedings of the 12th International Joint Conference on Artificial Intelligence (IJCAI-91), pp. 466–471 (1991)
Schmidt, R.A., Hustadt, U.: A principle for incorporating axioms into the first-order translation of modal formulae. In: Proceedings of the 19th International Conference on Automated Deduction (CADE-19), pp. 412–426 (2003)
Sutcliffe, G.: The TPTP problem library and associated infrastructure. From CNF to TH0, TPTP v6.4.0. J. Autom. Reason. 59(4), 483–502 (2017)
ten Cate, B., Franceschet, M.: On the complexity of hybrid logics with binders. In: Proceedings of Computer Science Logic, pp. 339–354. Springer (2005)
Tsarkov, D., Horrocks, I., Patel-Schneider, P.F.: Optimizing terminological reasoning for expressive description logics. J. Autom. Reason. 39(3), 277–316 (2007)
van Eijck, J.: Constraint tableaux for hybrid logics. CWI, Amsterdam (2002)
van Eijck, J.: HyLoTab—Tableau-based theorem proving for hybrid logics. Manuscript, CWI, Amsterdam. available at https://homepages.cwi.nl/~jve/hylotab/Hylotab.pdf (2002)
Weidenbach, C., Dimova, D., Fietzke, A., Kumar, R., Suda, M., Wischnewski, P.: SPASS version 3.5. In: Proceedings of the 22nd International Conference on Automated Deduction (CADE-22), pp. 140–145. Springer (2009)
Acknowledgements
The present version of the Sibyl prover extends and improves the work done by some students in their bachelor or master projects. Beyond them, the author wishes to thank Renate Schmidt for her ready answers to my questions on the SPASS prover and translation issues.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix: Architecture of the Sibyl Prover
Appendix: Architecture of the Sibyl Prover
This appendix is devoted to describe the main architecture of the prover and the modules and data types used to implement the techniques described in Sect. 5.
1.1 Main Architecture and System Dynamics
The architectural decomposition of the system is shown in Fig. 6. Here, the execution lifecycle is presented, showing the functionalities provided and the responsibilities assigned to the components of the system, as well as the interaction among them.
All the modules depend on a set of Utilities, containing modules that provide various kinds of services, and on the module Logic. The latter contains the definition of the data type representing formulae, as well as a collection of functions to manipulate them. In particular, it contains a function implementing formula preprocessing, as described in Sect. 3, and a test verifying whether the input formulae belong to the decidable fragment \(\textsf {HL}{\setminus }\Box {\mathord \downarrow }\Box \). Before being fed to the tableau construction procedure, formulae are simplified and transformed into negation normal form. Such operations are also under the responsibility of the module Logic. Another important task carried out by the module is nominal substitution, implemented as described in Sect. 5.1.
The main System control is under the responsibility of a group of modules, arranging all the necessary operations for the startup and the lifecycle of the program. It handles all aspects of Sibyl’s simple command-line interface, it reads, if present, a configuration file defining rule application priorities, it initializes the computation environment and collaborates with the input/output handling modules. Moreover, it initializes all the data structures in memory that will be used in the computation. In particular, it builds the initial segment of the tableau and passes it to the main module handling tableau expansion, i.e. Search.
Tableau branches are expanded one at a time, in a depth-first manner, until either a contradiction is found (the branch closes) or the branch is complete. The Search module keeps a stack of the branches to be expanded, pops them out when the currently explored branch closes, and pushes new branches into the stack when the branching \(\vee \)-rule is applied. Its direct collaborators are the modules Branch and Rules: while the selected branch can be expanded, it is passed to the Branch module, which selects the correct rule instance to be fired and module Rules applies it. When a branch closes, Searchbackjumps and pops out another branch stored in the stack (the backjumping mechanism is described in Sect. A.4).
The core of the system is made up by the modules cooperating in branch expansion, that can be partitioned into two classes: the modules taking care of the Rule system and those constituting the Branch structure.
1.2 Rule System
In the Rule system, Premisses defines the type used to represent (sets of) tableau nodes [and assertions] constituting suitable premisses for a rule application,Footnote 14 so each element of this type represents a possible rule application. The representation of an application of the \(\textsf {A}\) rule, beyond its “main” premiss, contains the name of the focused nominal. Each rule is associated a priority (either the default one or the priority read from the configuration file), so that Premisses can compare two rule applications accordingly. A priority queue of possible rule applications is in fact part of the Branch structure, and Premisses helps Branch in its management.
The main responsibility of the module Rules is firing a selected rule application and modifying the current branch accordingly. When the current branch forks, Rules returns the two branches to Search, which stores them both into the stack and resumes the first one to be expanded further. If the application of the selected rule causes a clash, Rules informs Search, communicating also the dependency points of the clash, used by Search for backjumping (see Sect. A.4).
1.3 Branch Structure
The Branch structure groups modules containing all the elements constituting a tableau branch and the functions to handle its dynamics. Each module in this group defines an abstract data type, whose values will be referred to with the same name of the corresponding module.
The lowest-level module of this group is Node. A Node structure represents a tableau node and its main responsibility is to encapsulate its state. Node values play an important role by supporting other modules, and supplying them with the state information they need. A Node has a unique numeric identifier (identifiers reflect node order in the branch), and maintains the label of the node. Moreover, a set of fields supports operations taking into account the restrictions on the applicability of the expansion rules:
flags signaling whether the node is directly blocked or a phantom;
the node’s relatives according to the offspring relation;
a list of nodes whose labels have the same structure of its own label, that are therefore potentially blockers for it; in other terms a node (n)F belongs to the list of potential blockers of (m)G whenever there exists a matching \(\theta \) such that \(\theta (F)=G\) (matchings are defined in Sect. 4.2).
a flag frozen, that is set when the node cannot be added to the branch because of restriction R1 (but can possibly be resumed afterwards), and a list of nodes that are “frozen” by the current node for the same reason;
a flag deferred, that is set whenever the node label has the form \(a\mathord :\,\textsf {A}F\) and no minor premiss for its expansion currently exists (all the potential ones being phantoms); the node cannot therefore be expanded because of restriction R3 (but may be resumed afterwards).
Finally, an optimization support field stores the branching points (in the form of a list of branch identifiers) causing the presence of the node in the branch. They are the dependency points that will be used on backjumping, when a clash is detected involving the current node.
A Nominal structure represents a nominal occurring in the branch. It stores the nodes labeled by satisfaction statements where the nominal is the outermost one,Footnote 15 as well as those where the nominal simply occurs, and the nodes labelled by relational formulae involving it. Moreover, a Nominal dynamically maintains its top/non-top status and caches a list of compatible nominals.
The functionalities of the module Nominal include clash detection, which is “internal” to nominals (a clash is caused by a pair of nodes of the form \(a\mathord :\,p\) and \(a\mathord :\,\lnot p\), or a node of the form \(a\mathord :\,\lnot a\)). Furthermore, since the module also maintains a list of all the nominals occurring in the branch, it can determine whether a matching \(\{a_1\mapsto b_1,\ldots , a_n\mapsto b_n\}\) is a mapping for the branch.
Let us recall that a partial injective function \(\theta =\{a_1\mapsto b_1,\ldots , a_n\mapsto b_n\}\) maps a formula F to G if:
\(\theta (F)=G\), i.e. F and G have the same structure;
for all i, \(a_i\) and \(b_i\) are compatible non-top nominals.
The first property is structural and pertains to formulae while the second pertains to nominals. Accordingly, the responsibility of checking the existence of a mapping between two formulae is split between Logic and Nominal.
Branch defines the abstract data type of branches in a tableau. A Branch-typed value stores most of the current state of the computation. It maintains the list of its nodes and the nominals occurring in it, and is responsible for the rule expansion queue. A Branch is a complex structure whose main components are:
a unique identifier used to implement backjumping.
The set of all the Nodes constituting the branch. The set of nodes labelled by formulae of the form \(a\mathord :\,\textsf {A}F\) is stored apart so that they can be easily retrieved when new nominals are added to the branch.
The set of the directly or indirectly blocked Nodes, that have not been expanded but might be resumed afterwards.
The set of Nominals occurring in the branch.
A priority queue containing the applicable rules (Premisses-typed values), i.e. suitable, yet-to-be-processed rule premisses.
The set of Nodes labelled by formulae of the form \(a\mathord :\,\textsf {A}F\) presently lacking a minor premiss, whose application is deferred. The applicability of the \(\textsf {A}\) rule to such nodes is checked again before terminating the branch construction.
Structures devoted to help the branch in enforcing the restrictions on branch expansion: a Blocker, a Freezer and a Pairer. The corresponding modules are described below.
It is worth pointing out that, at first, a node is inserted in the expansion queue as if it were the premiss of a single premiss rule. Then, when, for instance, a node labelled by a relational formula is dequeued, all the possible tuples of companion premisses are looked for (by module Rules) and enqueued again. When a previously (directly or indirectly) blocked node is unblocked, it re-enters the queue, and this mechanisms deals with the dynamic applicability of all the expansion rules, except for the \(\textsf {A}\) rule.
A Blocker, whose role and main functionalities are described in Sect. 5.2, is a hash table where keys are denominalized formulae, i.e. formulae where nominals are replaced by a special “dummy” one, so that a denominalized formula represents a formula structure. The values associated to each of such formula structures are lists of blockable nodes (in descending order, i.e. higher node identifiers first) whose labels have the structure determined by the key. Consequently, the labels of all the nodes in the same list have the same structure. Every node is potentially blocked by those that occur later in the list (i.e. before it in the branch), depending on whether a mapping actually exists. Nodes enter the data structure as soon as they are created.
A Freezer, whose role is described in Sect. 5.2, is concretely implemented by a hash table. The values of the table are pairs of lists \(\langle \text {freezing}, \text {frozen}\rangle \). All freezing and frozen nodes in the same map entry share the exact same label; thus the pairs are indexed and retrieved by the labels of the nodes they store. A Freezer is updated as soon as the frozen status of a node may have changed, due to some freezing node becoming a phantom, as a consequence of an update of the corresponding Blocker.
Finally, a Pairer, the branch helper managing applications of the \(\textsf {A}\) rule, is concretely implemented by a hash table of records, where the keys are the Node identifiers of \(\textsf {A}\)-nodes and each record contains, beyond the corresponding \(\textsf {A}\)-node, the information described in Sect. 5.3.
1.4 Backjumping
This section gives a brief description of the (standard) mechanism used to implement backjumping. As already seen, each Branch is identified by a unique, progressive number, called its identifier. Branching points are labelled by the identifier of the right branch (pushed into the stack by Search) and each Node has a dependency set, that contains the branching points on which it depends, determined according to the following rules: a node always inherits the dependency set(s) of the node(s) that have caused its addition to the branch; when the \(\vee \) rule is applied and the branch splits, the identifier of the right branch is added to the dependency set of the node added to the left; finally, when the equality rule is applied to a node n, every node whose outermost nominal is affected by the substitution inherits the dependency set of n.
When a branch closes because a contradiction is detected, the dependency sets of the Nodes involved in the clash are merged in descending order; the first dependency point identifies the branch where the search will resume.
Rights and permissions
About this article
Cite this article
Cialdea Mayer, M. A Prover Dealing with Nominals, Binders, Transitivity and Relation Hierarchies. J Autom Reasoning 64, 135–165 (2020). https://doi.org/10.1007/s10817-019-09513-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10817-019-09513-3