Method of analytic tableaux

(Redirected from Proof tree)

In proof theory, the semantic tableau[1] (/tæˈbl, ˈtæbl/; plural: tableaux), also called an analytic tableau,[2] truth tree,[1] or simply tree,[2] is a decision procedure for sentential and related logics, and a proof procedure for formulae of first-order logic.[1] An analytic tableau is a tree structure computed for a logical formula, having at each node a subformula of the original formula to be proved or refuted. Computation constructs this tree and uses it to prove or refute the whole formula.[3] The tableau method can also determine the satisfiability of finite sets of formulas of various logics. It is the most popular proof procedure for modal logics.[4]

A graphical representation of a partially built propositional tableau

A method of truth trees contains a fixed set of rules for producing trees from a given logical formula, or set of logical formulas. Those trees will have more formulas at each branch, and in some cases, a branch can come to contain both a formula and its negation, which is to say, a contradiction. In that case, the branch is said to close.[1] If every branch in a tree closes, the tree itself is said to close. In virtue of the rules for construction of tableaux, a closed tree is a proof that the original formula, or set of formulas, used to construct it was itself self-contradictory,[1] and therefore false. Conversely, a tableau can also prove that a logical formula is tautologous: if a formula is tautologous, its negation is a contradiction, so a tableau built from its negation will close.[1]

History

edit

In his Symbolic Logic Part II, Charles Lutwidge Dodgson (also known by his literary pseudonym, Lewis Carroll) introduced the Method of Trees, the earliest modern use of a truth tree.[5]

The method of semantic tableaux was invented by the Dutch logician Evert Willem Beth (Beth 1955)[6] and simplified, for classical logic, by Raymond Smullyan (Smullyan 1968, 1995).[7] Smullyan's simplification, "one-sided tableaux", is described here. Smullyan's method has been generalized to arbitrary many-valued propositional and first-order logics by Walter Carnielli (Carnielli 1987).[8]

Tableaux can be intuitively seen as sequent systems upside-down. This symmetrical relation between tableaux and sequent systems was formally established in (Carnielli 1991).[9]

Propositional logic

edit

Background

edit

A formula in propositional logic consists of letters, which stand for propositions, and connectives for conjunction, disjunction, conditionals, biconditionals, and negation. The truth or falsehood of a proposition is called its truth value. A formula, or set of formulas, is said to be satisfiable if there is a possible assignment of truth-values to the propositional letters such that the entire formula, which combines the letters with connectives, is itself true as well.[1] Such an assignment is said to satisfy the formula.[2]

A tableau checks whether a given set of formulae is satisfiable or not. It can be used to check either validity or entailment: a formula is valid if its negation is unsatisfiable, and formulae   imply   if   is unsatisfiable.

The following table shows some notational variants for logical connectives, for readers who may be more familiar with a different notation from the one used here. In general, as of the time of the inclusion of this sentence, the first symbol in each line has been used in the text of this article; however, since Wikipedia editors are not rule-bound to use consistent notation within or between articles, this may change.

Notational variants of the connectives[10][11]
Connective Symbol
AND  ,  ,  ,  ,  
equivalent  ,  ,  
implies  ,  ,  
NAND  ,  ,  
nonequivalent  ,  ,  
NOR  ,  ,  
NOT  ,  ,  ,  
OR  ,  ,  ,  
XNOR   XNOR  
XOR  ,  

General method

edit

The main principle of propositional tableaux is to attempt to "break" complex formulae into smaller ones until complementary pairs of literals are produced or no further expansion is possible.

 
Initial tableau for {(a⋁¬b)⋀b,¬a}

The method works on a tree whose nodes are labeled with formulae. At each step, this tree is modified; in the propositional case, the only allowed changes are additions of a node as descendant of a leaf. The procedure starts by generating the tree made of a chain of all formulae in the set to prove unsatisfiability.[12] Then, the following procedure may be repeatedly applied nondeterministically:

  1. Pick an open leaf node. (The leaf node in the initial chain is marked open).
  2. Pick an applicable node on the branch above the selected node.[13]
  3. Apply the applicable node, which corresponds to expanding the tree below the selected leaf node based on some expansion rule (detailed below).
  4. For every newly created node that is both a literal/negated literal, and whose complement appears in a prior node on the same branch, mark the branch as closed. Mark all other newly created nodes as open.

Eventually, this procedure will terminate, because at some point every applicable node gets applied, and the expansion rules guarantee that every node in the tree is simpler than the applicable node used to create it.

The principle of tableau is that formulae in nodes of the same branch are considered in conjunction while the different branches are considered to be disjuncted. As a result, a tableau is a tree-like representation of a formula that is a disjunction of conjunctions. This formula is equivalent to the set to prove unsatisfiability. The procedure modifies the tableau in such a way that the formula represented by the resulting tableau is equivalent to the original one. One of these conjunctions may contain a pair of complementary literals, in which case that conjunction is proved to be unsatisfiable. If all conjunctions are proved unsatisfiable, the original set of formulae is unsatisfiable.

 
(a⋁¬b)⋀b generates a⋁¬b and b

Whenever a branch of a tableau contains a formula   that is the conjunction of two formulae, these two formulae are both consequences of that formula. This fact can be formalized by the following rule for expansion of a tableau:

( ) If a branch of the tableau contains a conjunctive formula  , add to its leaf the chain of two nodes containing the formulae   and  

This rule is generally written as follows:

 

A variant of this rule allows a node to contain a set of formulae rather than a single one. In this case, the formulae in this set are considered in conjunction, so one can add   at the end of a branch containing  . More precisely, if a node on a branch is labeled  , one can add to the branch the new leaf  .

 
a⋁¬b generates a and ¬b

If a branch of a tableau contains a formula that is a disjunction of two formulae, such as  , the following rule can be applied:

( ) If a node on a branch contains a disjunctive formula  , then create two sibling children to the leaf of the branch, containing the formulae   and  , respectively.

This rule splits a branch into two, differing only for the final node. Since branches are considered in disjunction to each other, the two resulting branches are equivalent to the original one, as the disjunction of their non-common nodes is precisely  . The rule for disjunction is generally formally written using the symbol   for separating the formulae of the two distinct nodes to be created:

 

If nodes are assumed to contain sets of formulae, this rule is replaced by: if a node is labeled  , a leaf of the branch this node is in can be appended two sibling child nodes labeled   and  , respectively.

The aim of tableaux is to generate progressively simpler formulae until pairs of opposite literals are produced or no other rule can be applied. Negation can be treated by initially making formulae in negation normal form, so that negation only occurs in front of literals. Alternatively, one can use De Morgan's laws during the expansion of the tableau, so that for example   is treated as  . Rules that introduce or remove a pair of negations (such as in  ) are also used in this case (otherwise, there would be no way of expanding a formula like  :

 
 
 
The tableau is closed

Closure

edit

Every tableau can be considered as a graphical representation of a formula, which is equivalent to the set the tableau is built from. This formula is as follows: each branch of the tableau represents the conjunction of its formulae; the tableau represents the disjunction of its branches. The expansion rules transforms a tableau into one having an equivalent represented formula. Since the tableau is initialized as a single branch containing the formulae of the input set, all subsequent tableaux obtained from it represent formulae which are equivalent to that set (in the variant where the initial tableau is the single node labeled true, the formulae represented by tableaux are consequences of the original set.)

 
A tableau for the satisfiable set {a⋀c,¬a⋁b}: all rules have been applied to every formula on every branch, but the tableau is not closed (only the left branch is closed), as expected for satisfiable sets

The method of tableaux works by starting with the initial set of formulae and then adding to the tableau simpler and simpler formulae until contradiction is shown in the simple form of opposite literals. Since the formula represented by a tableau is the disjunction of the formulae represented by its branches, contradiction is obtained when every branch contains a pair of opposite literals.

Once a branch contains a literal and its negation, its corresponding formula is unsatisfiable. As a result, this branch can be now "closed", as there is no need to further expand it. If all branches of a tableau are closed, the formula represented by the tableau is unsatisfiable; therefore, the original set is unsatisfiable as well. Obtaining a tableau where all branches are closed is a way for proving the unsatisfiability of the original set. In the propositional case, one can also prove that satisfiability is proved by the impossibility of finding a closed tableau, provided that every expansion rule has been applied everywhere it could be applied. In particular, if a tableau contains some open (non-closed) branches and every formula that is not a literal has been used by a rule to generate a new node on every branch the formula is in, the set is satisfiable.

This rule takes into account that a formula may occur in more than one branch (this is the case if there is at least a branching point "below" the node). In this case, the rule for expanding the formula has to be applied so that its conclusion(s) are appended to all of these branches that are still open, before one can conclude that the tableau cannot be further expanded and that the formula is therefore satisfiable.

Set-labeled tableau

edit

A variant of tableau is to label nodes with sets of formulae rather than single formulae. In this case, the initial tableau is a single node labeled with the set to be proved satisfiable. The formulae in a set are therefore considered to be in conjunction.

The rules of expansion of the tableau can now work on the leaves of the tableau, ignoring all internal nodes. For conjunction, the rule is based on the equivalence of a set containing a conjunction   with the set containing both   and   in place of it. In particular, if a leaf is labeled with  , a node can be appended to it with label  :

 

For disjunction, a set   is equivalent to the disjunction of the two sets   and  . As a result, if the first set labels a leaf, two children can be appended to it, labeled with the latter two formulae.

 

Finally, if a set contains both a literal and its negation, this branch can be closed:

 

A tableau for a given finite set X is a finite (upside down) tree with root X in which all child nodes are obtained by applying the tableau rules to their parents. A branch in such a tableau is closed if its leaf node contains "closed". A tableau is closed if all its branches are closed. A tableau is open if at least one branch is not closed.

Below are two closed tableaux for the set

 

Each rule application is marked at the right hand side. Both achieve the same effect, the first closes faster. The only difference is the order in which the reduction is performed.

 

and second, longer one, with the rules applied in a different order:

 

The first tableau closes after only one rule application while the second one misses the mark and takes a lot longer to close. Clearly, we would prefer to always find the shortest closed tableaux but it can be shown that one single algorithm that finds the shortest closed tableaux for all input sets of formulae cannot exist.[citation needed]

The three rules  ,   and   given above are then enough to decide if a given set   of formulae in negated normal form are jointly satisfiable:

Just apply all possible rules in all possible orders until we find a closed tableau for   or until we exhaust all possibilities and conclude that every tableau for   is open.

In the first case,   is jointly unsatisfiable and in the second the case the leaf node of the open branch gives an assignment to the atomic formulae and negated atomic formulae which makes   jointly satisfiable. Classical logic actually has the rather nice property that we need to investigate only (any) one tableau completely: if it closes then   is unsatisfiable and if it is open then   is satisfiable. But this property is not generally enjoyed by other logics.

These rules suffice for all of classical logic by taking an initial set of formulae X and replacing each member C by its logically equivalent negated normal form C' giving a set of formulae X' . We know that X is satisfiable if and only if X' is satisfiable, so it suffices to search for a closed tableau for X' using the procedure outlined above.

By setting   we can test whether the formula A is a tautology of classical logic:

If the tableau for   closes then   is unsatisfiable and so A is a tautology since no assignment of truth values will ever make A false. Otherwise any open leaf of any open branch of any open tableau for   gives an assignment that falsifies A.

Conditional

edit

Classical propositional logic usually has a connective to denote material implication. If we write this connective as ⇒, then the formula AB stands for "if A then B". It is possible to give a tableau rule for breaking down AB into its constituent formulae. Similarly, we can give one rule each for breaking down each of ¬(AB), ¬(AB), ¬(¬A), and ¬(AB). Together these rules would give a terminating procedure for deciding whether a given set of formulae is simultaneously satisfiable in classical logic since each rule breaks down one formula into its constituents but no rule builds larger formulae out of smaller constituents. Thus we must eventually reach a node that contains only atoms and negations of atoms. If this last node matches (id) then we can close the branch, otherwise it remains open.

But note that the following equivalences hold in classical logic where (...) = (...) means that the left hand side formula is logically equivalent to the right hand side formula:

 

If we start with an arbitrary formula C of classical logic, and apply these equivalences repeatedly to replace the left hand sides with the right hand sides in C, then we will obtain a formula C' which is logically equivalent to C but which has the property that C' contains no implications, and ¬ appears in front of atomic formulae only. Such a formula is said to be in negation normal form and it is possible to prove formally that every formula C of classical logic has a logically equivalent formula C' in negation normal form. That is, C is satisfiable if and only if C' is satisfiable.

Propositional tableau with unification

edit

The above rules for propositional tableau can be simplified by using uniform notation. In uniform notation, each formula is either of type   (alpha) or of type   (beta). Each formula of type alpha is assigned the two components  , and each formula of type beta is assigned the two components  . Formulae of type alpha can be thought of as being conjunctive, as both   and   are implied by   being true. Formulae of type beta can be thought of as being disjunctive, as either   or   is implied by   being true. The below tables shows how to determine the type, and the components, of any given propositional formula:

   

In each table, the left-most column shows all the possible structures for the formulae of type alpha or beta, and the right-most columns show their respective components. Alternatively, the rules for uniform notation can be expressed using signed formulae:

 

When constructing a propositional tableau using the above notation, whenever one encounters a formula of type alpha, its two components   are added to the current branch that is being expanded. Whenever one encounters a formula of type beta on some branch  , one can split   into two branches, one with the set { ,  } of formulae, and the other with the set { ,  } of formulae.[14]

First-order logic tableau

edit

Tableaux are extended to first-order predicate logic by two rules for dealing with universal and existential quantifiers, respectively. Two different sets of rules can be used; both employ a form of Skolemization for handling existential quantifiers, but differ on the handling of universal quantifiers.

The set of formulae to check for validity is here supposed to contain no free variables; this is not a limitation as free variables are implicitly universally quantified, so universal quantifiers over these variables can be added, resulting in a formula with no free variables.

First-order tableau without unification

edit

A first-order formula   implies all formulae   where   is a ground term. The following inference rule is therefore correct:

  where   is an arbitrary ground term

Contrarily to the rules for the propositional connectives, multiple applications of this rule to the same formula may be necessary. As an example, the set   can only be proved unsatisfiable if both   and   are generated from  .

Existential quantifiers are dealt with by means of Skolemization. In particular, a formula with a leading existential quantifier like   generates its Skolemization  , where   is a new constant symbol.

  where   is a new constant symbol
 
A tableau without unification for {∀x.P(x), ∃x.(¬P(x)⋁¬P(f(x)))}. For clarity, formulae are numbered on the left and the formula and rule used at each step is on the right

The Skolem term   is a constant (a function of arity 0) because the quantification over   does not occur within the scope of any universal quantifier. If the original formula contained some universal quantifiers such that the quantification over   was within their scope, these quantifiers have evidently been removed by the application of the rule for universal quantifiers.

The rule for existential quantifiers introduces new constant symbols. These symbols can be used by the rule for universal quantifiers, so that   can generate   even if   was not in the original formula but is a Skolem constant created by the rule for existential quantifiers.

The above two rules for universal and existential quantifiers are correct, and so are the propositional rules: if a set of formulae generates a closed tableau, this set is unsatisfiable. Completeness can also be proved: if a set of formulae is unsatisfiable, there exists a closed tableau built from it by these rules. However, actually finding such a closed tableau requires a suitable policy of application of rules. Otherwise, an unsatisfiable set can generate an infinite-growing tableau. As an example, the set   is unsatisfiable, but a closed tableau is never obtained if one unwisely keeps applying the rule for universal quantifiers to  , generating for example  . A closed tableau can always be found by ruling out this and similar "unfair" policies of application of tableau rules.

The rule for universal quantifiers   is the only non-deterministic rule, as it does not specify which term to instantiate with. Moreover, while the other rules need to be applied only once for each formula and each path the formula is in, this one may require multiple applications. Application of this rule can however be restricted by delaying the application of the rule until no other rule is applicable and by restricting the application of the rule to ground terms that already appear in the path of the tableau. The variant of tableaux with unification shown below aims at solving the problem of non-determinism.

First-order tableau with unification

edit

The main problem of tableau without unification is how to choose a ground term   for the universal quantifier rule. Indeed, every possible ground term can be used, but clearly most of them might be useless for closing the tableau.

A solution to this problem is to "delay" the choice of the term to the time when the consequent of the rule allows closing at least a branch of the tableau. This can be done by using a variable instead of a term, so that   generates  , and then allowing substitutions to later replace   with a term. The rule for universal quantifiers becomes:

  where   is a variable not occurring everywhere else in the tableau

While the initial set of formulae is supposed not to contain free variables, a formula of the tableau may contain the free variables generated by this rule. These free variables are implicitly considered universally quantified.

This rule employs a variable instead of a ground term. What is gained by this change is that these variables can be then given a value when a branch of the tableau can be closed, solving the problem of generating terms that might be useless.

  if   is the most general unifier of two literals   and  , where   and the negation of   occur in the same branch of the tableau,   can be applied at the same time to all formulae of the tableau

As an example,   can be proved unsatisfiable by first generating  ; the negation of this literal is unifiable with  , the most general unifier being the substitution that replaces   with  ; applying this substitution results in replacing   with  , which closes the tableau.

This rule closes at least a branch of the tableau—the one containing the considered pair of literals. However, the substitution has to be applied to the whole tableau, not only on these two literals. This is expressed by saying that the free variables of the tableau are rigid: if an occurrence of a variable is replaced by something else, all other occurrences of the same variable must be replaced in the same way. Formally, the free variables are (implicitly) universally quantified and all formulae of the tableau are within the scope of these quantifiers.

Existential quantifiers are dealt with by Skolemization. Contrary to the tableau without unification, Skolem terms may not be simple constants. Indeed, formulae in a tableau with unification may contain free variables, which are implicitly considered universally quantified. As a result, a formula like   may be within the scope of universal quantifiers; if this is the case, the Skolem term is not a simple constant but a term made of a new function symbol and the free variables of the formula.

  where   is a new function symbol and   the free variables of  
 
A first-order tableau with unification for {∀x.P(x), ∃x.(¬P(x)⋁¬P(f(x)))}. For clarity, formulae are numbered on the left and the formula and rule used at each step is on the right

This rule incorporates a simplification over a rule where   are the free variables of the branch, not of   alone. This rule can be further simplified by the reuse of a function symbol if it has already been used in a formula that is identical to   up to variable renaming.

The formula represented by a tableau is obtained in a way that is similar to the propositional case, with the additional assumption that free variables are considered universally quantified. As for the propositional case, formulae in each branch are conjoined and the resulting formulae are disjoined. In addition, all free variables of the resulting formula are universally quantified. All these quantifiers have the whole formula in their scope. In other words, if   is the formula obtained by disjoining the conjunction of the formulae in each branch, and   are the free variables in it, then   is the formula represented by the tableau. The following considerations apply:

  • The assumption that free variables are universally quantified is what makes the application of a most general unifier a sound rule: since   means that   is true for every possible value of  , then   is true for the term   that the most general unifier replaces   with.
  • Free variables in a tableau are rigid: all occurrences of the same variable have to be replaced all with the same term. Every variable can be considered a symbol representing a term that is yet to be decided. This is a consequence of free variables being assumed universally quantified over the whole formula represented by the tableau: if the same variable occurs free in two different nodes, both occurrences are in the scope of the same quantifier. As an example, if the formulae in two nodes are   and  , where   is free in both, the formula represented by the tableau is something in the form  . This formula implies that   is true for any value of  , but does not in general imply   for two different terms   and  , as these two terms may in general take different values. This means that   cannot be replaced by two different terms in   and  .
  • Free variables in a formula to check for validity are also considered universally quantified. However, these variables cannot be left free when building a tableau, because tableau rules works on the converse of the formula but still treats free variables as universally quantified. For example,   is not valid (it is not true in the model where  , and the interpretation where  ). Consequently,   is satisfiable (it is satisfied by the same model and interpretation). However, a closed tableau could be generated with   and  , and substituting   with   would generate a closure. A correct procedure is to first make universal quantifiers explicit, thus generating  .

The following two variants are also correct.

  • Applying to the whole tableau a substitution to the free variables of the tableau is a correct rule, provided that this substitution is free for the formula representing the tableau. In other worlds, applying such a substitution leads to a tableau whose formula is still a consequence of the input set. Using most general unifiers automatically ensures that the condition of freeness for the tableau is met.
  • While in general every variable has to be replaced with the same term in the whole tableau, there are some special cases in which this is not necessary.

Tableaux with unification can be proved complete: if a set of formulae is unsatisfiable, it has a tableau-with-unification proof. However, actually finding such a proof may be a difficult problem. Contrarily to the case without unification, applying a substitution can modify the existing part of a tableau; while applying a substitution closes at least a branch, it may make other branches impossible to close (even if the set is unsatisfiable).

A solution to this problem is delayed instantiation: no substitution is applied until one that closes all branches at the same time is found. With this variant, a proof for an unsatisfiable set can always be found by a suitable policy of application of the other rules. This method however requires the whole tableau to be kept in memory: the general method closes branches, which can be then discarded, while this variant does not close any branch until the end.

The problem that some tableaux that can be generated are impossible to close even if the set is unsatisfiable is common to other sets of tableau expansion rules: even if some specific sequences of application of these rules allow constructing a closed tableau (if the set is unsatisfiable), some other sequences lead to tableaux that cannot be closed. General solutions for these cases are outlined in the "Searching for a tableau" section.

Tableau calculi and their properties

edit

A tableau calculus is a set of rules that allows building and modification of a tableau. Propositional tableau rules, tableau rules without unification, and tableau rules with unification, are all tableau calculi. Some important properties a tableau calculus may or may not possess are completeness, destructiveness, and proof confluence.

A tableau calculus is called complete if it allows building a tableau proof for every given unsatisfiable set of formulae. The tableau calculi mentioned above can be proved complete.

A remarkable difference between tableau with unification and the other two calculi is that the latter two calculi only modify a tableau by adding new nodes to it, while the former one allows substitutions to modify the existing part of the tableau. More generally, tableau calculi are classed as destructive or non-destructive depending on whether they only add new nodes to tableau or not. Tableau with unification is therefore destructive, while propositional tableau and tableau without unification are non-destructive.

Proof confluence is the property of a tableau calculus being able to obtain a proof for an arbitrary unsatisfiable set from an arbitrary tableau, assuming that this tableau has itself been obtained by applying the rules of the calculus. In other words, in a proof confluent tableau calculus, from an unsatisfiable set one can apply whatever set of rules and still obtain a tableau from which a closed one can be obtained by applying some other rules.

Proof procedures

edit

A tableau calculus is simply a set of rules that prescribes how a tableau can be modified. A proof procedure is a method for actually finding a proof (if one exists). In other words, a tableau calculus is a set of rules, while a proof procedure is a policy of application of these rules. Even if a calculus is complete, not every possible choice of application of rules leads to a proof of an unsatisfiable set. For example,   is unsatisfiable, but both tableaux with unification and tableaux without unification allow the rule for the universal quantifiers to be applied repeatedly to the last formula, while simply applying the rule for disjunction to the third one would directly lead to closure.

For proof procedures, a definition of completeness has been given: a proof procedure is strongly complete if it allows finding a closed tableau for any given unsatisfiable set of formulae. Proof confluence of the underlying calculus is relevant to completeness: proof confluence is the guarantee that a closed tableau can be always generated from an arbitrary partially constructed tableau (if the set is unsatisfiable). Without proof confluence, the application of a 'wrong' rule may result in the impossibility of making the tableau complete by applying other rules.

Propositional tableaux and tableaux without unification have strongly complete proof procedures. In particular, a complete proof procedure is that of applying the rules in a fair way. This is because the only way such calculi cannot generate a closed tableau from an unsatisfiable set is by not applying some applicable rules.

For propositional tableaux, fairness amounts to expanding every formula in every branch. More precisely, for every formula and every branch the formula is in, the rule having the formula as a precondition has been used to expand the branch. A fair proof procedure for propositional tableaux is strongly complete.

For first-order tableaux without unification, the condition of fairness is similar, with the exception that the rule for universal quantifiers might require more than one application. Fairness amounts to expanding every universal quantifier infinitely often. In other words, a fair policy of application of rules cannot keep applying other rules without expanding every universal quantifier in every branch that is still open once in a while.

Searching for a closed tableau

edit

If a tableau calculus is complete, every unsatisfiable set of formulae has an associated closed tableau. While this tableau can always be obtained by applying some of the rules of the calculus, the problem of which rules to apply for a given formula still remains. As a result, completeness does not automatically imply the existence of a feasible policy of application of rules that always leads to a closed tableau for every given unsatisfiable set of formulae. While a fair proof procedure is complete for ground tableau and tableau without unification, this is not the case for tableau with unification.

 
A search tree in the space of tableaux for {∀x.P(x), ¬P(c)⋁¬Q(c), ∃y.Q(c)}. For simplicity, the formulae of the set have been omitted from all tableau in the figure and a rectangle used in their place. A closed tableau is in the bold box; the other branches could be still expanded.

A general solution for this problem is that of searching the space of tableaux until a closed one is found (if any exists, that is, the set is unsatisfiable). In this approach, one starts with an empty tableau and then recursively applies every possible applicable rule. This procedure visits a (implicit) tree whose nodes are labeled with tableaux, and such that the tableau in a node is obtained from the tableau in its parent by applying one of the valid rules.

Since each branch can be infinite, this tree has to be visited breadth-first rather than depth-first. This requires a large amount of space, as the breadth of the tree can grow exponentially. A method that may visit some nodes more than once but works in polynomial space is to visit in a depth-first manner with iterative deepening: one first visits the tree depth first up to a certain depth, then increases the depth and perform the visit again. This particular procedure uses the depth (which is also the number of tableau rules that have been applied) for deciding when to stop at each step. Various other parameters (such as the size of the tableau labeling a node) have been used instead.

edit

The size of the search tree depends on the number of (children) tableaux that can be generated from a given (parent) one. Reducing the number of such tableaux therefore reduces the required search.

A way for reducing this number is to disallow the generation of some tableaux based on their internal structure. An example is the condition of regularity: if a branch contains a literal, using an expansion rule that generates the same literal is useless because the branch containing two copies of the literals would have the same set of formulae of the original one. This expansion can be disallowed because if a closed tableau exists, it can be found without it. This restriction is structural because it can be checked by looking at the structure of the tableau to expand only.

Different methods for reducing search disallow the generation of some tableaux on the ground that a closed tableau can still be found by expanding the other ones. These restrictions are called global. As an example of a global restriction, one may employ a rule that specifies which of the open branches is to be expanded. As a result, if a tableau has for example two non-closed branches, the rule specifies which one is to be expanded, disallowing the expansion of the second one. This restriction reduces the search space because one possible choice is now forbidden; completeness is however not harmed, as the second branch will still be expanded if the first one is eventually closed. As an example, a tableau with root  , child  , and two leaves   and   can be closed in two ways: applying   first to   and then to  , or vice versa. There is clearly no need to follow both possibilities; one may consider only the case in which   is first applied to   and disregard the case in which it is first applied to  . This is a global restriction because what allows neglecting this second expansion is the presence of the other tableau, where expansion is applied to   first and   afterwards.

Clause tableaux

edit

When applied to sets of clauses (rather than of arbitrary formulae), tableaux methods allow for a number of efficiency improvements. A first-order clause is a formula   that does not contain free variables and such that each   is a literal. The universal quantifiers are often omitted for clarity, so that for example   actually means  . Note that, if taken literally, these two formulae are not the same as for satisfiability: rather, the satisfiability   is the same as that of  . That free variables are universally quantified is not a consequence of the definition of first-order satisfiability; it is rather used as an implicit common assumption when dealing with clauses.

The only expansion rules that are applicable to a clause are   and  ; these two rules can be replaced by their combination without losing completeness. In particular, the following rule corresponds to applying in sequence the rules   and   of the first-order calculus with unification.

  where   is obtained by replacing every variable with a new one in  

When the set to be checked for satisfiability is only composed of clauses, this and the unification rules are sufficient to prove unsatisfiability. In other worlds, the tableau calculi composed of   and   is complete.

Since the clause expansion rule only generates literals and never new clauses, the clauses to which it can be applied are only clauses of the input set. As a result, the clause expansion rule can be further restricted to the case where the clause is in the input set.

  where   is obtained by replacing every variable with a new one in  , which is a clause of the input set

Since this rule directly exploits the clauses in the input set there is no need to initialize the tableau to the chain of the input clauses. The initial tableau can therefore be initialize with the single node labeled  ; this label is often omitted as implicit. As a result of this further simplification, every node of the tableau (apart from the root) is labeled with a literal.

A number of optimizations can be used for clause tableau. These optimization are aimed at reducing the number of possible tableaux to be explored when searching for a closed tableau as described in the "Searching for a closed tableau" section above.

Connection tableau

edit

Connection is a condition over tableau that forbids expanding a branch using clauses that are unrelated to the literals that are already in the branch. Connection can be defined in two ways:

strong connectedness
when expanding a branch, use an input clause only if it contains a literal that can be unified with the negation of the literal in the current leaf
weak connectedness
allow the use of clauses that contain a literal that unifies with the negation of a literal on the branch

Both conditions apply only to branches consisting not only of the root. The second definition allows for the use of a clause containing a literal that unifies with the negation of a literal in the branch, while the first only further constraint that literal to be in leaf of the current branch.

If clause expansion is restricted by connectedness (either strong or weak), its application produces a tableau in which substitution can applied to one of the new leaves, closing its branch. In particular, this is the leaf containing the literal of the clause that unifies with the negation of a literal in the branch (or the negation of the literal in the parent, in case of strong connection).

Both conditions of connectedness lead to a complete first-order calculus: if a set of clauses is unsatisfiable, it has a closed connected (strongly or weakly) tableau. Such a closed tableau can be found by searching in the space of tableaux as explained in the "Searching for a closed tableau" section. During this search, connectedness eliminates some possible choices of expansion, thus reducing search. In other worlds, while the tableau in a node of the tree can be in general expanded in several different ways, connection may allow only few of them, thus reducing the number of resulting tableaux that need to be further expanded.

This can be seen on the following (propositional) example. The tableau made of a chain   for the set of clauses   can be in general expanded using each of the four input clauses, but connection only allows the expansion that uses  . This means that the tree of tableaux has four leaves in general but only one if connectedness is imposed. This means that connectedness leaves only one tableau to try to expand, instead of the four ones to consider in general. In spite of this reduction of choices, the completeness theorem implies that a closed tableau can be found if the set is unsatisfiable.

The connectedness conditions, when applied to the propositional (clausal) case, make the resulting calculus non-confluent. As an example,   is unsatisfiable, but applying   to   generates the chain  , which is not closed and to which no other expansion rule can be applied without violating either strong or weak connectedness. In the case of weak connectedness, confluence holds provided that the clause used for expanding the root is relevant to unsatisfiability, that is, it is contained in a minimally unsatisfiable subset of the set of clauses. Unfortunately, the problem of checking whether a clause meets this condition is itself a hard problem. In spite of non-confluence, a closed tableau can be found using search, as presented in the "Searching for a closed tableau" section above. While search is made necessary, connectedness reduces the possible choices of expansion, thus making search more efficient.

Regular tableaux

edit

A tableau is regular if no literal occurs twice in the same branch. Enforcing this condition allows for a reduction of the possible choices of tableau expansion, as the clauses that would generate a non-regular tableau cannot be expanded.

These disallowed expansion steps are however useless. If   is a branch containing a literal  , and   is a clause whose expansion violates regularity, then   contains  . In order to close the tableau, one needs to expand and close, among others, the branch where  , where   occurs twice. However, the formulae in this branch are exactly the same as the formulae of   alone. As a result, the same expansion steps that close   also close  . This means that expanding   was unnecessary; moreover, if   contained other literals, its expansion generated other leaves that needed to be closed. In the propositional case, the expansion needed to close these leaves are completely useless; in the first-order case, they may only affect the rest of the tableau because of some unifications; these can however be combined to the substitutions used to close the rest of the tableau.

Tableaux for modal logics

edit

In a modal logic, a model comprises a set of possible worlds, each one associated to a truth evaluation; an accessibility relation specifies when a world is accessible from another one. A modal formula may specify not only conditions over a possible world, but also on the ones that are accessible from it. As an example,   is true in a world if   is true in all worlds that are accessible from it.

As for propositional logic, tableaux for modal logics are based on recursively breaking formulae into its basic components. Expanding a modal formula may however require stating conditions over different worlds. As an example, if   is true in a world then there exists a world accessible from it where   is false. However, one cannot simply add the following rule to the propositional ones.

 

In propositional tableaux all formulae refer to the same truth evaluation, but the precondition of the rule above holds in one world while the consequence holds in another. Not taking this into account would generate incorrect results. For example, formula   states that   is true in the current world and   is false in a world that is accessible from it. Simply applying   and the expansion rule above would produce   and  , but these two formulae should not in general generate a contradiction, as they hold in different worlds. Modal tableaux calculi do contain rules of the kind of the one above, but include mechanisms to avoid the incorrect interaction of formulae referring to different worlds.

Technically, tableaux for modal logics check the satisfiability of a set of formulae: they check whether there exists a model   and world   such that the formulae in the set are true in that model and world. In the example above, while   states the truth of   in  , the formula   states the truth of   in some world   that is accessible from   and which may in general be different from  . Tableaux calculi for modal logic take into account that formulae may refer to different worlds.

This fact has an important consequence: formulae that hold in a world may imply conditions over different successors of that world. Unsatisfiability may then be proved from the subset of formulae referring to a single successor. This holds if a world may have more than one successor, which is true for most modal logics. If this is the case, a formula like   is true if a successor where   holds exists and a successor where   holds exists. In the other way around, if one can show unsatisfiability of   in an arbitrary successor, the formula is proved unsatisfiable without checking for worlds where   holds. At the same time, if one can show unsatisfiability of  , there is no need to check  . As a result, while there are two possible way to expand  , one of these two ways is always sufficient to prove unsatisfiability if the formula is unsatisfiable. For example, one may expand the tableau by considering an arbitrary world where   holds. If this expansion leads to unsatisfiability, the original formula is unsatisfiable. However, it is also possible that unsatisfiability cannot be proved this way, and that the world where   holds should have been considered instead. As a result, one can always prove unsatisfiability by expanding either   only or   only; however, if the wrong choice is made the resulting tableau may not be closed. Expanding either subformula leads to tableau calculi that are complete but not proof-confluent. Searching as described in the "Searching for a closed tableau" may therefore be necessary.

Depending on whether the precondition and consequence of a tableau expansion rule refer to the same world or not, the rule is called static or transactional. While rules for propositional connectives are all static, not all rules for modal connectives are transactional: for example, in every modal logic including axiom T, it holds that   implies   in the same world. As a result, the relative (modal) tableau expansion rule is static, as both its precondition and consequence refer to the same world.

Formula-deleting tableau

edit

A method for avoiding formulae referring to different worlds interacting in the wrong way is to make sure that all formulae of a branch refer to the same world. This condition is initially true as all formulae in the set to be checked for consistency are assumed referring to the same world. When expanding a branch, two situations are possible: either the new formulae refer to the same world as the other one in the branch or not. In the first case, the rule is applied normally. In the second case, all formulae of the branch that do not also hold in the new world are deleted from the branch, and possibly added to all other branches that are still relative to the old world.

As an example, in S5 every formula   that is true in a world is also true in all accessible worlds (that is, in all accessible worlds both   and   are true). Therefore, when applying  , whose consequence holds in a different world, one deletes all formulae from the branch, but can keep all formulae  , as these hold in the new world as well. In order to retain completeness, the deleted formulae are then added to all other branches that still refer to the old world.

World-labeled tableau

edit

A different mechanism for ensuring the correct interaction between formulae referring to different worlds is to switch from formulae to labeled formulae: instead of writing  , one would write   to make it explicit that   holds in world  .

All propositional expansion rules are adapted to this variant by stating that they all refer to formulae with the same world label. For example,   generates two nodes labeled with   and  ; a branch is closed only if it contains two opposite literals of the same world, like   and  ; no closure is generated if the two world labels are different, like in   and  .

A modal expansion rule may have a consequence that refers to different worlds. For example, the rule for   would be written as follows

 

The precondition and consequent of this rule refer to worlds   and  , respectively. The various calculi use different methods for keeping track of the accessibility of the worlds used as labels. Some include pseudo-formulae like   to denote that   is accessible from  . Some others use sequences of integers as world labels, this notation implicitly representing the accessibility relation (for example,   is accessible from  .)

Set-labeling tableaux

edit

The problem of interaction between formulae holding in different worlds can be overcome by using set-labeling tableaux. These are trees whose nodes are labeled with sets of formulae; the expansion rules explain how to attach new nodes to a leaf, based only on the label of the leaf (and not on the label of other nodes in the branch).

Tableaux for modal logics are used to verify the satisfiability of a set of modal formulae in a given modal logic. Given a set of formulae  , they check the existence of a model   and a world   such that  .

The expansion rules depend on the particular modal logic used. A tableau system for the basic modal logic K can be obtained by adding to the propositional tableau rules the following one:

 

Intuitively, the precondition of this rule expresses the truth of all formulae   at all accessible worlds, and truth of   at some accessible worlds. The consequence of this rule is a formula that must be true at one of those worlds where   is true.

More technically, modal tableaux methods check the existence of a model   and a world   that make set of formulae true. If   are true in  , there must be a world   that is accessible from   and that makes   true. This rule therefore amounts to deriving a set of formulae that must be satisfied in such  .

While the preconditions   are assumed satisfied by  , the consequences   are assumed satisfied in  : same model but possibly different worlds. Set-labeled tableaux do not explicitly keep track of the world where each formula is assumed true: two nodes may or may not refer to the same world. However, the formulae labeling any given node are assumed true at the same world.

As a result of the possibly different worlds where formulae are assumed true, a formula in a node is not automatically valid in all its descendants, as every application of the modal rule corresponds to a move from a world to another one. This condition is automatically captured by set-labeling tableaux, as expansion rules are based only on the leaf where they are applied and not on its ancestors.

Notably,   does not directly extend to multiple negated boxed formulae such as in  : while there exists an accessible world where   is false and one in which   is false, these two worlds are not necessarily the same.

Differently from the propositional rules,   states conditions over all its preconditions. For example, it cannot be applied to a node labeled by  ; while this set is inconsistent and this could be easily proved by applying  , this rule cannot be applied because of formula  , which is not even relevant to inconsistency. Removal of such formulae is made possible by the rule:

 

The addition of this rule (thinning rule) makes the resulting calculus non-confluent: a tableau for an inconsistent set may be impossible to close, even if a closed tableau for the same set exists.

Rule   is non-deterministic: the set of formulae to be removed (or to be kept) can be chosen arbitrarily; this creates the problem of choosing a set of formulae to discard that is not so large it makes the resulting set satisfiable and not so small it makes the necessary expansion rules inapplicable. Having a large number of possible choices makes the problem of searching for a closed tableau harder.

This non-determinism can be avoided by restricting the usage of   so that it is only applied before a modal expansion rule, and so that it only removes the formulae that make that other rule inapplicable. This condition can be also formulated by merging the two rules in a single one. The resulting rule produces the same result as the old one, but implicitly discard all formulae that made the old rule inapplicable. This mechanism for removing   has been proved to preserve completeness for many modal logics.

Axiom T expresses reflexivity of the accessibility relation: every world is accessible from itself. The corresponding tableau expansion rule is:

 

This rule relates conditions over the same world: if   is true in a world, by reflexivity   is also true in the same world. This rule is static, not transactional, as both its precondition and consequent refer to the same world.

This rule copies   from the precondition to the consequent, in spite of this formula having been "used" to generate  . This is correct, as the considered world is the same, so   also holds there. This "copying" is necessary in some cases. It is for example necessary to prove the inconsistency of  : the only applicable rules are in order  , from which one is blocked if   is not copied.

Auxiliary tableaux

edit

A different method for dealing with formulae holding in alternate worlds is to start a different tableau for each new world that is introduced in the tableau. For example,   implies that   is false in an accessible world, so one starts a new tableau rooted by  . This new tableau is attached to the node of the original tableau where the expansion rule has been applied; a closure of this tableau immediately generates a closure of all branches where that node is, regardless of whether the same node is associated other auxiliary tableaux. The expansion rules for the auxiliary tableaux are the same as for the original one; therefore, an auxiliary tableau can have in turns other (sub-)auxiliary tableaux.

Global assumptions

edit

The above modal tableaux establish the consistency of a set of formulae, and can be used for solving the local logical consequence problem. This is the problem of telling whether, for each model  , if   is true in a world  , then   is also true in the same world. This is the same as checking whether   is true in a world of a model, in the assumption that   is also true in the same world of the same model.

A related problem is the global consequence problem, where the assumption is that a formula (or set of formulae)   is true in all possible worlds of the model. The problem is that of checking whether, in all models   where   is true in all worlds,   is also true in all worlds.

Local and global assumption differ on models where the assumed formula is true in some worlds but not in others. As an example,   entails   globally but not locally. Local entailment does not hold in a model consisting of two worlds making   and   true, respectively, and where the second is accessible from the first; in the first world, the assumptions are true but   is false. This counterexample works because   can be assumed true in a world and false in another one. If however the same assumption is considered global,   is not allowed in any world of the model.

These two problems can be combined, so that one can check whether   is a local consequence of   under the global assumption  . Tableaux calculi can deal with global assumption by a rule allowing its addition to every node, regardless of the world it refers to.

Notations

edit

The following conventions are sometimes used.

Uniform notation

edit

When writing tableaux expansion rules, formulae are often denoted using a convention, so that for example   is always considered to be  . The following table provides the notation for formulae in propositional, first-order, and modal logic.

Notation Formulae
       
       
     
     
     
     

Each label in the first column is taken to be either formula in the other columns. An overlined formula such as   indicates that   is the negation of whatever formula appears in its place, so that for example in formula   the subformula   is the negation of  .

Since every label indicates many equivalent formulae, this notation allows writing a single rule for all these equivalent formulae. For example, the conjunction expansion rule is formulated as:

 

Signed formulae

edit

A formula in a tableau is assumed true. Signed tableaux allows stating that a formula is false. This is generally achieved by adding a label to each formula, where the label T indicates formulae assumed true and F those assumed false. A different but equivalent notation is that to write formulae that are assumed true at the left of the node and formulae assumed false at its right.

See also

edit

Notes

edit
  1. ^ a b c d e f g Howson, Colin (1997). Logic with trees: an introduction to symbolic logic. London; New York: Routledge. pp. ix, x, 24–29, 47. ISBN 978-0-415-13342-5.
  2. ^ a b c Restall, Greg (2006). Logic: an introduction. Fundamentals of philosophy. London; New York: Routledge. pp. 5, 42, 55. ISBN 978-0-415-40067-1. OCLC 63115330.
  3. ^ Howson 2005, p. 27.
  4. ^ Girle 2014.
  5. ^ The Encyclopedia of Philosophy 2023.
  6. ^ Beth 1955.
  7. ^ Smullyan 1995.
  8. ^ Carnielli 1987.
  9. ^ Carnielli 1991.
  10. ^ Plato, Jan von (2013). Elements of logical reasoning (1. publ ed.). Cambridge: Cambridge University press. p. 9. ISBN 978-1-107-03659-8.
  11. ^ Weisstein, Eric W. "Connective". mathworld.wolfram.com. Retrieved 2024-03-22.
  12. ^ A variant to this starting step is to begin with a single-node tree whose root is labeled by  . In this second case, the procedure can always copy a formula in the set below a leaf. As a running example, the tableau for the set   is shown.
  13. ^ An applicable node is a node whose outermost connective corresponds to an expansion rule, and which has not already been applied at any prior node on the selected leaf node's branch.
  14. ^ Smullyan 2014, pp. 88–89.

References

edit
edit
  • TABLEAUX: an annual international conference on automated reasoning with analytic tableaux and related methods
  • JAR: Journal of Automated Reasoning
  • The tableaux package: an interactive prover for propositional and first-order logic using tableaux
  • Tree proof generator: another interactive prover for propositional and first-order logic using tableaux
  • LoTREC: a generic tableaux-based prover for modal logics from IRIT/Toulouse University
  • Intro to Truth Trees on YouTube