A Reasoning System for a First-Order Logic of Limited Belief††thanks: This is an extended version of the IJCAI 2017 paper [Schwering, 2017] with proofs in the appendix.
Christoph Schwering
School of Computer Science and Engineering
The University of New South Wales
Sydney NSW 2052, Australia
[email protected]
Abstract
Logics of limited belief aim at enabling computationally feasible reasoning in highly expressive representation languages.
These languages are often dialects of first-order logic with a weaker form of logical entailment that keeps reasoning decidable or even tractable.
While a number of such logics have been proposed in the past, they tend to remain for theoretical analysis only and their practical relevance is very limited.
In this paper, we aim to go beyond the theory.
Building on earlier work by Liu, Lakemeyer, and Levesque, we develop a logic of limited belief that is highly expressive while remaining decidable in the first-order and tractable in the propositional case and exhibits some characteristics that make it attractive for an implementation.
We introduce a reasoning system that employs this logic as representation language and present experimental results that showcase the benefit of limited belief.
1 Introduction
Dealing with incomplete knowledge is one of the longstanding aims of research in Knowledge Representation and Reasoning. Incompleteness often demands highly expressive languages to be represented accurately.
For instance, the statement
“I don’t know who Sally’s father is, but I know he’s rich”
involves an individual (Sally’s father) and both knowns (he’s rich) and unknowns (his identity) about him.
From the representational point of view, first-order and modal logics are excellent tools to formalise such statements.
However, reasoning in classical first-order logic very quickly gets undecidable: an existential quantifier and two unary functions with equality can be enough to make validity an undecidable problem Börger et al. (1997).
One way to get around undecidability of first-order reasoning is through models of limited belief.111We use the terms knowledge and belief interchangeably.
Inspired by natural agents, the idea behind limited belief is to give up the property of logical omniscience Hintikka (1975).
This separates limited belief from other approaches to decidable reasoning like the classical prefix-vocabulary classes Börger et al. (1997) or description logics Baader (2003), but relates to approaches of approximate reasoning like D’Agostino (2015).
While a number of models of limited belief have been proposed in the past Konolige (1986); Vardi (1986); Fagin and Halpern (1987); Levesque (1984b); Patel-Schneider (1990); Lakemeyer (1994); Delgrande (1995), these approaches can be criticised for either being too fine-grained or overly weakening the entailment relation and thus even ruling out the most basic cases of modus ponens.
A more recent proposal for limited belief is due to Liu, Lakemeyer, and Levesque Liu et al. (2004).
Their logic is equipped with a perspicuous semantics based on subsumption, unit propagation, and case splitting,222Unit propagation of a clause c with a literal ℓ means to remove all literals from c that are complementary to ℓ. Subsumption refers to inferring a clause c2 from a clause c1 when every literal in c1 subsumes a literal in c2. A case split means to branch on all possible values a literal or term can take. and keeps the computational complexity under control by stratifying beliefs in levels:
level 0 comprises only the explicit beliefs; every following level draws additional inferences by doing another case split.
Every query specifies at which belief level it shall be evaluated, and thus controls how much effort should be spent on proving it.
The rationale behind this technique of limiting belief by case splits is the hypothesis that in many practical reasoning tasks few case splits – perhaps no more than one or two – suffice.
Let us consider a brief example to illustrate the idea.
Suppose we have the following knowledge base (KB):
[TABLE]
At level 0 the agent believes these clauses, but does not draw any meaningful inferences from them yet.
For instance, Rich(Frank)∨Rich(Fred), while entailed in classical logic, is not believed at level 0.
It can however be inferred by splitting the cases for Sally’s potential fathers:
if fatherOf(Sally)=Frank, then we obtain Rich(Frank) by unit propagation with the second clause from the KB;
if fatherOf(Sally)=Fred, then analogously Rich(Fred);
if fatherOf(Sally) is anyone else, then unit propagation with the first clause in the KB yields the empty clause.
Either of the three cases subsumes Rich(Frank)∨Rich(Fred).
Hence, Rich(Frank)∨Rich(Fred) is believed at level 1.
Several variants of Liu, Lakemeyer, and Levesque’s original theory have been developed Lakemeyer and Levesque (2013, 2014, 2016); Klassen et al. (2015); Schwering and Lakemeyer (2016); they include concepts like introspection, actions, functions, or conditional beliefs.
Despite this progress, the framework has remained a purely theoretical one without practical applications.
In this paper, we want to bring their approach to limited belief to practice.
We make two contributions to this end:
Firstly, we devise a logic of limited belief that unifies some concepts from the earlier proposals and adds several features to make it more attractive for practical use.
The result is a sorted first-order logic with functions and equality and two introspective belief operators, one for knowledge and one for what is considered possible. While closely related to the earlier proposals, many technical details in this new language have been changed with practical considerations in mind.
Secondly, we present a reasoning system that uses this logic as representation language.
Our evaluation is twofold.
Besides modelling toy domains to showcase the language’s expressivity, we have also tested the system’s performance with two popular puzzle games, Sudoku and Minesweeper.
The results affirm the hypothesis that small belief levels often suffice to achieve good results.
The paper is organised as follows.
In Section 2 we introduce an (omniscient) logic of knowledge.
Based on this logic, we then develop a logic of limited belief in Section 3.
In Section 4 we sketch a decision procedure for limited belief, discuss an implementation of this system, and present experiment results.
2 A Logic of Knowledge
The logic we present in this section is a variant of Levesque’s logic of only-knowing Levesque (1990) and will serve as a reference for the logic of limited belief in the next section.
We refer to the logic from this section as L.
2.1 The Language
The language of L is a sorted first-order dialect with functions, equality, standard names, and three epistemic modalities.
With minor modifications, this language will also be the language used for the logic of limited belief L\mspace−1.0muL.
We assume an infinite supply of sorts, and for each sort we assume an infinite number of variables, function symbols of every arity j≥0, and standard names (or names for short).
Standard names serve as special constants that satisfy the unique name assumption and an infinitary version of domain closure.
The set of terms (of a sort s) contains all variables (of sort s) and names (of sort s) as well as all functions f(t1,…,tj) where f is a j-ary function symbol (of sort s) and every ti is a variable or a name (not necessarily of sort s).
A literal is an expression of the form t1=t2 or ¬t1=t2 where t1 is a variable, name, or function, and t2 is a variable or a name.
The set of formulas is the least set that contains all literals and all expressions ¬α, (α∨β), ∃x\mspace1.0muα, K\mspace1.0muα, M\mspace1.0muα, and O\mspace1.0muα where α and β are formulas and x is a variable.
Intuitively, K\mspace1.0muα reads as “α is known,” M\mspace1.0muα as “α is considered possible,” and O\mspace1.0muα as “α is all that is known.”
We say a formula is objective when it mentions no belief operator, and subjective when it mentions no function outside of a belief operator.
Only-knowing is particularly useful to capture the meaning of a knowledge base.
As we only consider objective knowledge bases in this paper, we restrict ourselves from now on to objective ϕ in O\mspace1.0muϕ.
For convenience, we use the usual abbreviations =, ∧, ∀, ⊃, and ≡, and we sometimes omit brackets to ease readability.
Some differences between our language and traditional first-order languages are apparent: our language features no predicates; functions cannot be nested; only the left-hand side of a literal may be a function.
These restrictions will prove helpful for the implementation of a reasoning system. We remark that none of these restrictions means a limitation of expressivity: a predicate P(t1,…,tj) can be simulated by a literal p(t1,…,tj)=⊤ where ⊤ is some standard name chosen to represent truth, and nested functions and literals with a function on the right-hand side can be flattened by introducing a new variable – these transformations preserve equivalence.
As an example, we formalise the introductory statement about Sally’s father, who is rich but unknown to the agent:
[TABLE]
where Sally is a standard name of the same sort (say, ‘human’) as x and fatherOf, and ⊤ is a name of the same sort (say, ‘Boolean’) as rich.
Quantifying x into the modal context M\mspace1.0mu expresses that the father’s identity is unknown.
The next subsection gives a semantic justification to this interpretation.
2.2 The Semantics
The semantics is based on possible worlds.
We call a term f(t1,…,tj) primitive when all ti are standard names.
Let N and T be the sets of all names and primitive terms, respectively.
To denote the names or primitive terms that occur in a formula α, we write N(α) and T(α), respectively, and analogously for sets of formulas.
To include only terms of the same sort as t, we write Nt and Tt.
A world w:T→N is a sort-preserving mapping from primitive terms to standard names, that is, w(t)∈Nt for every primitive term t.
A sentence is a formula without free variables.
We denote by αtx the result of substituting t for all free occurrences of the variable x in α.
Truth of a sentence α is defined w.r.t. a world w and a set of possible worlds e as follows:
-
e,w⊨t=n iff
t and n are identical namesw() if t is a name;
w(t) and n are identical names otherwise;
2. 2.
e,w⊨¬α iff e,w⊨α;
3. 3.
e,w⊨(α∨β) iff e,w⊨α or e,w⊨β;
4. 4.
e,w⊨∃x\mspace1.0muα iff
e,w⊨αnx for some n∈Nx;
5. 5.
e,w⊨K\mspace1.0muα iff e,w′⊨α for all w′∈e;
6. 6.
e,w⊨M\mspace1.0muα iff e,w′⊨α for some w′∈e;
7. 7.
e,w⊨O\mspace1.0muϕ iff e={w′∣e,w′⊨ϕ}.
Unlike classical first-order logic, this semantics handles quantification by substitution of names.
Standard names thus effectively serve as a fixed, countably infinite universe of discourse.
See Levesque (1984a) for a discussion why this is no effective limitation for our purposes.
O\mspace1.0muϕ has the effect of K\mspace1.0muϕ and additionally requires the set of possible worlds e to be maximal.
Hence the agent knows ϕ but considers possible everything else provided it is consistent with ϕ.
In other words, everything that is not a consequence of ϕ is unknown, for its negation is consistent with ϕ. That way, O\mspace1.0muϕ captures that ϕ and only ϕ is known.
As usual, a sentence α entails another sentence β, written α⊨β, when e,w⊨α implies e,w⊨β for all e,w.
A sentence α is valid, written ⊨α, when e,w⊨α for all e,w.
We omit a deeper analysis except to note that K\mspace1.0mu is a K45 operator Fagin et al. (1995) and the following equivalences:
Proposition 1** **
- (i)
⊨K\mspace1.0muα≡¬M\mspace1.0mu¬α;
2. (ii)
⊨∀x\mspace1.0muK\mspace1.0muα≡K\mspace1.0mu∀x\mspace1.0muα* and
⊨K\mspace1.0muα∧K\mspace1.0muβ≡K\mspace1.0mu(α∧β);*
3. (iii)
⊨∃x\mspace1.0muM\mspace1.0muα≡M\mspace1.0mu∃x\mspace1.0muα* and
⊨M\mspace1.0muα∨M\mspace1.0muβ≡M\mspace1.0mu(α∨β);*
4. (iv)
⊨O\mspace1.0muϕ⊃K\mspace1.0muϕ.
To familiarise ourselves with the logic, we show that the query formalised at the end of Section 2.1 is entailed by
[TABLE]
where Frank and Fred are names of sort ‘human.’
Let ϕ denote the sentence within O\mspace1.0mu.
By Rule 7, e={w∣e,w⊨ϕ} is the only set of worlds that satisfies O\mspace1.0muϕ, so proving the entailment reduces to model checking for e.
By assumption, for every w∈e, w(fatherOf(Sally))∈{Frank,Fred}.
Suppose w(fatherOf(Sally))=Frank; the case for Fred is analogous.
By assumption, w(rich(Frank))=⊤, so it only remains to be shown that e,w⊨M\mspace1.0mufatherOf(Sally)=Frank, which holds because there are w′∈e with w′(fatherOf(Sally))=Fred.
3 A Logic of Limited Belief
We now introduce the logic L\mspace−1.0muL, the limited counterpart of L.
3.1 The Language
The language of L\mspace−1.0muL follows the rules from L with the following modifications: the expressions K\mspace1.0muα and M\mspace1.0muα are replaced with Kk\mspace1.0muα and Mk\mspace1.0muα where k≥0 is a natural number, and the expression G\mspace1.0muα is added to the language.
We read Kk\mspace1.0muα and Mk\mspace1.0muα as “α is believed at level k” and “α is considered possible at level k,” respectively, and the new expression G\mspace1.0muα intuitively means “assuming the knowledge base is consistent, α is true.”
Guaranteeing consistency is motivated by practical applications where it often may reduce the computational cost of reasoning.
3.2 The Semantics
In L\mspace−1.0muL, sets of clauses take over from sets of possible worlds as the semantic primitive that models belief.
Intuitively, these clauses will represent the agent’s explicit knowledge, like fatherOf(Sally)=Frank∨fatherOf(Sally)=Fred and ∀x\mspace1.0mu(fatherOf(Sally)=x∨rich(x)=⊤) in our running example.
By means of case splitting and unit propagation then further inferences can be drawn from these clauses.
Before we can formalise this, we need to introduce some terminology.
We call a literal ground when it contains no variables.
Recall that a primitive term is one of the form f(n1,…,nj) where the ni are names.
Therefore every ground literal is of form n=n′ or n=n′ or f(n1,…,nj)=n or f(n1,…,nj)=n for names ni,n,n′.
A literal is valid when it is of the form t=t, or n=n′ for distinct names n,n′, or t=t′ for terms t,t′ of distinct sorts.
A literal ℓ1 subsumes a literal ℓ2 when ℓ1,ℓ2 are identical or ℓ1,ℓ2 are of the form t=n1 and t=n2 for distinct names n1,n2.
Two literals ℓ1,ℓ2 are complementary when ℓ1,ℓ2 are of the form t=t′ and t=t′ (or vice versa), or ℓ1,ℓ2 are of the form t=n1 and t=n2 for distinct names n1,n2.
A clause is a finite set of literals.
A clause with a single literal is a unit clause.
We abuse notation and identify non-empty clauses {ℓ1,…,ℓj} with formulas (ℓ1∨…∨ℓj).
The above terminology for literals carries over to clauses as follows.
A clause is valid when it contains a valid literal, or a literal t=t′ and its negation t=t′, or two literals t=n1 and t=n2 for distinct names n1,n2.
A clause c1 subsumes a clause c2 if every literal ℓ1∈c1 subsumes a literal ℓ2∈c2.
The unit propagation of a clause c with a literal ℓ is the clause obtained by removing from c all literals that are complementary to ℓ.
A setup is a set of ground clauses.
We write UP(s) to denote the closure of s with all valid literals under unit propagation:
if c∈s, then c∈UP(s);
if ℓ is a valid literal, then ℓ∈UP(s);
if c,ℓ∈UP(s) and c′ is the unit propagation of c with ℓ, then c′∈UP(s).
We write UP\textsuperscript+(s) to denote the result of adding to UP(s) all valid clauses and all clauses that are subsumed by some clause in UP(s).
Similarly, UP\textsuperscript\textminus(s) shall denote the setup obtained by removing from UP(s) all valid clauses and all clauses subsumed by some other clause in UP\textsuperscript+(s).
Truth of a sentence α in L\mspace−1.0muL, written s0,s,v∣\joinrel≈α, is defined w.r.t. two setups s0,s and a set of unit clauses v.
The purpose of having these three parameters is to deal with nested beliefs.
For the objective part of the semantics, only s is relevant:
-
s0,s,v∣\joinrel≈ℓ iff
ℓ∈UP\textsuperscript+(s) if ℓ is a literal;
2. 2.
s0,s,v∣\joinrel≈(α∨β) iff
(α∨β)∈UP\textsuperscript+(s) if (α∨β) is a clause;
s0,s,v∣\joinrel≈α or s0,s,v∣\joinrel≈β otherwise;
3. 3.
s0,s,v∣\joinrel≈¬(α∨β) iff s0,s,v∣\joinrel≈¬α and s0,s,v∣\joinrel≈¬β;
4. 4.
s0,s,v∣\joinrel≈∃x\mspace1.0muα iff s0,s,v∣\joinrel≈αnx for some n∈Nx;
5. 5.
s0,s,v∣\joinrel≈¬∃x\mspace1.0muα iff s0,s,v∣\joinrel≈¬αnx for every n∈Nx;
6. 6.
s0,s,v∣\joinrel≈¬¬α iff s0,s,v∣\joinrel≈α.
Note how negation is handled by rules for (t1=t2), ¬(α∨β), ¬∃x\mspace1.0muα, ¬¬α.
A rule s0,s,v∣\joinrel≈¬α iff s0,s,v∣\joinrel≈α would be unsound, as L\mspace−1.0muL is incomplete w.r.t. L (as we shall see).
We proceed with the semantics of Kk\mspace1.0muα.
The idea is that k case splits can be made first, before α is evaluated.
A case split means to select some term (say, fatherOf(Sally)) and branch (conjunctively) on the values it could take (namely all standard names of the right sort, such as Frank and Fred).
To preserve soundness of introspection, the effect of case splits must not spread into nested beliefs.
This is why we need to carefully manage three parameters s0,s,v.
Intuitively, s0 is the “original” setup without split literals, and v “stores” the split literals.
Once the number of case splits is exhausted, s0∪v takes the place of s, so that the objective subformulas of α are interpreted by s0∪v, whereas the subjective subformulas of α are interpreted by s0 (plus future splits from the nested belief operators).
We say a setup s is obviously inconsistent when UP(s) contains the empty clause.
In this special case, which corresponds to the empty set of worlds in the possible-worlds semantics, everything is known.
The semantics of knowledge formalises this idea as follows:
-
s0,s,v∣\joinrel≈K0\mspace1.0muα iff
s0∪v is obviously inconsistent, or
s0,s0∪v,∅∣\joinrel≈α;
2. 8.
s0,s,v∣\joinrel≈Kk+1\mspace1.0muα iff
for some t∈T and every n∈Nt,
s0,s,v∪{t=n}∣\joinrel≈Kk\mspace1.0muα;
3. 9.
s0,s,v∣\joinrel≈¬Kk\mspace1.0muα iff s0,s,v∣\joinrel≈Kk\mspace1.0muα.
Similarly, the idea behind Mk\mspace1.0muα is to fix the value of certain terms in order to show that the setup is consistent with α.
Intuitively this means that we want to approximate a possible world, that is, an assignment of terms to names, that satisfies α.
Often we want to fix not just a single term, but a series of terms with a common pattern, for instance, f(n)=n for all n.
To this end, we say two literals ℓ1,ℓ2 are isomorphic when there is a bijection ∗:N→N that swaps standard names in a sort-preserving way so that ℓ1 and ℓ2∗ are identical, and define \displaystyle{v\uplus_{s}\ell_{1}}=v\cup\{\ell_{2}\mid\text{\ell_{1},\ell_{2}areisomorphicand\neg\ell_{2}\notin\mathsf{UP}\textsuperscript{+}({s\cup v})}\}.
In English: v⊎sℓ1 adds to v every literal that is isomorphic to ℓ1 and not obviously inconsistent with the setup s∪v.
Furthermore, we need to take care that after fixing these values the setup is not potentially inconsistent.
We say a setup s is potentially inconsistent when it is obviously inconsistent or when the set {ℓ∣ℓ∈c∈UP\textsuperscript\textminus(s)} of all literals in UP\textsuperscript\textminus(s) contains two complementary literals, or a literal t=n for n∈/Nt, or all literals t=n for n∈Nt for some primitive term t.
Note that this consistency test is intentionally naive, for the complexity of Mk\mspace1.0muα shall be bounded by k alone.
The semantics of the consistency operator is then:
-
s0,s,v∣\joinrel≈M0\mspace1.0muα iff
s0∪v is not potentially inconsistent, and
s0,s0∪v,∅∣\joinrel≈α;
2. 11.
s0,s,v∣\joinrel≈Mk+1\mspace1.0muα iff
for some t∈T and n∈Nt,
s0,s,v∪{t=n}∣\joinrel≈Mk\mspace1.0muα or
s0,s,v⊎s0(t=n)∣\joinrel≈Mk\mspace1.0muα;
3. 12.
s0,s,v∣\joinrel≈¬Mk\mspace1.0muα iff s0,s,v∣\joinrel≈Mk\mspace1.0muα.
To capture that O\mspace1.0muϕ means that ϕ is all the agent knows, we need to minimise the setup (modulo unit propagation and subsumption), which corresponds to the maximisation of the set of possible worlds in L.
We hence define:
-
s0,s,v∣\joinrel≈O\mspace1.0muϕ iff
s0,s0,∅∣\joinrel≈ϕ, and
s0,s^0,∅∣\joinrel≈ϕ for every s^0 with UP\textsuperscript+(s^0)⊊UP\textsuperscript+(s0);
2. 14.
s0,s,v∣\joinrel≈¬O\mspace1.0muϕ iff s0,s,v∣\joinrel≈O\mspace1.0muϕ.
Lastly, we define the semantics of the G\mspace1.0muα operator, which represents a guarantee that s is consistent and therefore can reduce the size of s to clauses potentially relevant to α.
We denote the grounding of α by \mathsf{gnd}(\alpha)=\mbox{\displaystyle{\beta{}^{x_{1}\ldots x_{j}}{n{1}\ldots n_{\smash{j}}}\mid n_{i}\in\mathcal{N}{x{i}}}} where β is the result of removing all quantifiers from α, and x1,…,xj are the free variables in β.
Finally, s∣T is the least set such that if c∈UP\textsuperscript\textminus(s) and c mentions a term from T, is empty, or shares a term with another clause in s∣T, then c∈s∣T.
Then G\mspace1.0muα works as follows:
-
s0,s,v∣\joinrel≈G\mspace1.0muα iff s0∣T(gnd(α)),s,v∣\joinrel≈α;
2. 16.
s0,s,v∣\joinrel≈¬G\mspace1.0muα iff s0,s,v∣\joinrel≈G\mspace1.0mu¬α.
This completes the semantics.
We write s0,s∣\joinrel≈α to abbreviate s0,s,∅∣\joinrel≈α.
Note that for subjective formulas σ, s is irrelevant, so we may just write s0∣\joinrel≈σ.
Analogous to ⊨ in L, we overload ∣\joinrel≈ for entailment and validity.
In this paper we are mostly concerned with reasoning tasks of the form O\mspace1.0muϕ∣\joinrel≈σ where σ is a subjective query and ϕ is a knowledge base of a special form called proper+: ϕ is of the form ⋀i∀x1\mspace1.0mu…∀xj\mspace1.0muci for clauses ci.
Observe that a proper+ KB directly corresponds to the setup gnd(ϕ)=⋃ignd(ci).
Also note that while existential quantifiers are disallowed in proper+ KBs, they can be simulated as usual by way of Skolemisation.
Reasoning in proper+ KBs is sound in L\mspace−1.0muL w.r.t. L, provided that the query does not mention belief modalities Kk\mspace1.0mu,Mk\mspace1.0mu in a negated context.
While the first-order case is incomplete, a restricted completeness result for the propositional case will be given below.
We denote by σL the result of replacing in σ every Kk\mspace1.0mu,Mk\mspace1.0mu with K\mspace1.0mu,M\mspace1.0mu.
The soundness theorem follows:
Theorem 2** **
*Let ϕ be proper+ and σ be subjective, without O\mspace1.0mu,G\mspace1.0mu, and without negated Kk\mspace1.0mu,Mk\mspace1.0mu.
Then O\mspace1.0muϕ∣\joinrel≈σ implies O\mspace1.0muϕ⊨σL.*
Negated beliefs break soundness because of their incompleteness.
For example, Kk\mspace1.0mu(t=n∨¬¬t=n) in general only holds for k≥1.
Hence ¬K0\mspace1.0mu(t=n∨¬¬t=n) comes out true, which is unsound w.r.t. L.
As a consequence of this incompleteness, Mk\mspace1.0muα≡¬Kk\mspace1.0mu¬α is not a theorem in L\mspace−1.0muL.
For propositional formulas, that is, formulas without quantifiers, high-enough belief levels are complete:
Theorem 3** **
*Let ϕ,σ be propositional, ϕ be proper+, σ be subjective and without O\mspace1.0mu,G\mspace1.0mu.
Let σk be like σ with every Kl\mspace1.0mu,Ml\mspace1.0mu replaced with Kk\mspace1.0mu,Mk\mspace1.0mu.
Then O\mspace1.0muϕ⊨σL implies that there is a k such that O\mspace1.0muϕ∣\joinrel≈σk.*
To conclude this section, let us revisit our running example.
The KB is the same as in Section 2.2, and the modalities in the query are now indexed with belief levels:
[TABLE]
By Rule 13, s0={fatherOf(Sally)=Frank∨fatherOf(Sally) =Fred,fatherOf(Sally)=n∨rich(n)=⊤∣n∈Nx} is the unique (modulo UP\textsuperscript+) setup that satisfies the KB.
To prove the query, by applying Rule 8 we can split the term fatherOf(Sally).
Consider s0∪{fatherOf(Sally)=Frank}.
By unit propagation we obtain rich(Frank)=⊤, so we can choose Frank for x in Rule 4, and all that remains to be shown is that s0∣\joinrel≈M1\mspace1.0mufatherOf(Sally)=Frank.
This is done by assigning fatherOf(Sally)=Fred in Rule 11, and as the resulting setup s0∪{fatherOf(Sally)=Fred} is not potentially inconsistent and subsumes fatherOf(Sally)=Frank, the query holds.
Returning to the splitting in Rule 8, the case s0∪{fatherOf(Sally)=Fred} is analogous, and for all other n, the setups s0∪{fatherOf(Sally)=n} are obviously inconsistent and therefore satisfy the query by Rule 7.
4 A Reasoning System
We now proceed to describe a decision procedure for reasoning in proper+ knowledge bases, and then discuss an implementation as well as experimental results.
4.1 Decidability
Reasoning in proper+ knowledge bases is decidable in L\mspace−1.0muL:
Theorem 4** **
Let ϕ be proper+, σ be subjective and without O\mspace1.0mu.
Then O\mspace1.0muϕ∣\joinrel≈σ is decidable.
We only sketch the idea here for space reasons; for the full proof see the appendix.
For the rest of this section, we use Lk\mspace1.0mu as a placeholder for Kk\mspace1.0mu and Mk\mspace1.0mu.
Let us first consider the case where σ is of the form L\mspace1.0mukψ for objective ψ; we will turn to nested modalities later.
As ϕ is proper+, gnd(ϕ) gives us the unique (modulo UP\textsuperscript+) setup that satisfies O\mspace1.0muϕ, so the reasoning task reduces to model checking of gnd(ϕ).
An important characteristic of standard names is that, intuitively, a formula cannot distinguish the names it does not mention.
As a consequence, we can limit the grounding gnd(ϕ) and quantification during the model checking to a finite number of names.
For every variable x in ϕ or ψ, let px be the maximal number of variables occurring in any subformula of ϕ or ψ of the same sort as x.
It is then sufficient for the grounding and for quantification of x to consider only the names Nx(ϕ)∪Nx(ψ) plus px+1 additional new names.
Given the finite grounding and quantification, splitting in Rules 8 and 11 can also be confined to finite many literals.
That way, the rules of the semantics of L\mspace−1.0muL can be reduced to only deal with finite structures, which immediately yields a decision procedure for O\mspace1.0muϕ∣\joinrel≈Lk\mspace1.0muψ.
In the propositional case, this procedure is tractable:
Theorem 5** **
Let ϕ,ψ be propositional, ϕ be proper+, ψ be objective.
Then O\mspace1.0muϕ∣\joinrel≈Lk\mspace1.0muψ is decidable in O(2k(∣ϕ∣+∣ψ∣)k+2).
Now we turn to nested beliefs, which are handled using Levesque’s representation theorem Levesque (1984a).
When ψ mentions a free variable x, the idea is to replace a nested belief Lk\mspace1.0muψ with all instances n for which Lk\mspace1.0muψnx holds.
Given a proper+ ϕ, a set of primitive terms T, and a formula Lk\mspace1.0muψ for objective ψ, we define RES[ϕ,T,Lk\mspace1.0muψ] as
if ψ mentions a free variable x:
⋁n∈Nx(ϕ)∪Nx(ψ)(x=n∧RES[ϕ,T,Lk\mspace1.0muψnx])∨
\big{(}\bigwedge_{n\in\mathcal{N}_{x}(\phi)\cup\mathcal{N}_{x}(\psi)}x\mathbin{\neq}n\land\mathsf{RES}[\phi,T,\mathbf{L}_{k}\mspace{1.0mu}\psi^{x}_{\hat{n}}]^{\hat{n}}_{x}\big{)}
where n^∈Nx∖(Nx(ϕ)∪Nx(ψ)) is a some new name;
if ψ mentions no free variables:
true if gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ, and ¬\textsctrue otherwise,
where true stands for ∃x\mspace1.0mux=x.
In our running example, RES[ϕ,T,M1\mspace1.0mufatherOf(Sally)=x] is (x=Frank∧\textsctrue)∨(x=Fred∧\textsctrue)∨(x=Sally∧\textsctrue)∨(x=Frank∧x=Fred∧x=Sally∧\textsctrue), which says that everybody is potentially not Sally’s father.
The RES operator can now be applied recursively to eliminate nested beliefs from the inside to the outside.
For proper+ ϕ, a set of terms T, and α without O\mspace1.0mu, we define
∥t=t′∥ϕ,T as t=t′;
∥¬α∥ϕ,T as ¬∥α∥ϕ,T;
∥(α∨β)∥ϕ,T as (∥α∥ϕ,T∨∥β∥ϕ,T);
∥∃x\mspace1.0muα∥ϕ,T as ∃x\mspace1.0mu∥α∥ϕ,T;
∥Lk\mspace1.0muα∥ϕ,T as RES[ϕ,T,Lk\mspace1.0mu∥α∥ϕ,T];
∥G\mspace1.0muα∥ϕ,T as ∥α∥ϕ,T∩T(gnd(α)).
Note that ∥⋅∥ works from the inside to the outside and always returns an objective formula.
In our example, ∥K1\mspace1.0mu…∥ϕ,T first determines RES[ϕ,T,M1\mspace1.0mufatherOf(Sally)=x], and then RES[ϕ,T,K1\mspace1.0mu∃x\mspace1.0mu(fatherOf(Sally)=x∧rich(x)=⊤∧RES[ϕ,T,M1\mspace1.0mufatherOf(Sally)=x)]] evaluates to true.
Levesque’s representation theorem (transferred to L\mspace−1.0muL) states that this reduction is correct:
Theorem 6** **
Let ϕ be proper+, σ be subjective and without O\mspace1.0mu.
Then O\mspace1.0muϕ∣\joinrel≈σ iff ∣\joinrel≈∥σ∥ϕ,T.
It follows that propositional reasoning is tractable:
Corollary 7** **
Let ϕ,σ be propositional, ϕ be proper+, σ be subjective, and k≥l for every Kl\mspace1.0mu,Ml\mspace1.0mu in σ.
Then O\mspace1.0muϕ∣\joinrel≈σ is decidable in O(2k(∣ϕ∣+∣σ∣)k+3).
4.2 Implementation
The reasoning system limbo implements the decision procedure sketched in the previous subsection.
Limbo is written in C++ and available as open source.333The system is available www.github.com/schwering/limbo.
Compared to literals in propositional logic, literals in our first-order language are relatively complex objects.
As we want to adopt SAT solving technology, care was taken to keep literal objects lightweight and efficient.
To this end, a technique called interning is used for terms, so that for every term only one copy is created and stored in a pool, and the term from then on is uniquely identified by a 31 bit number that points to its full representation in the pool.
With this lightweight representation of terms, a literal fits into a single 64 bit number: two 31 bit numbers for the left- and right-hand terms, and one more bit to indicate whether the literal is an equality or inequality.
Furthermore, every term index encodes whether the term is a standard name or not.
Hence, all information that is needed for the complement or subsumption tests for two literals (as defined in Section 3.2) is stored directly in the literal representation, so that these tests reduce to simple bitwise operations on the literals’ 64 bit representation.
Note that this lightweight representation is supported by our strict syntactic definition of a literal, which allows a function only on the left-hand side.
An experiment showed that this lightweight representation of terms and literals speeds up complement and subsumption operations by a factor of 24 compared to the naive representation.
Complement and subsumption tests for literals are mostly used in the context of setups for determining unit propagation and subsumption.
To avoid unnecessary blowup, invalid literals in clauses as well as valid clauses in setups are not represented explicitly.
To facilitate fast unit propagation and cheap backtracking during splitting, the setup data structure uses the watched-literals scheme Gomes et al. (2008).
Other SAT technologies like backjumping or clause learning are not used at the current stage.
The setup data structure also provides an operation to query the value of a primitive term, which is used to optimise subformulas of the form Kk\mspace1.0mut=x in queries.
Other than this special case, grounding and substitution are handled naively at the moment and offer much room for improvement.
Within the G\mspace1.0mu operator the system confines the setup, which often reduces the branching factor for splitting and thus improves performance.
Note that in case of an inconsistent KB, using the G\mspace1.0mu operator may violate soundness, as it may discard the inconsistent clauses from the setup.
As mentioned before, predicates can be simulated using functions and a name ⊤ that represents truth of the predicate.
Typically, ⊤ is of a specific sort (say, ‘Boolean’), and no other names or variables of that sort occur in the KB or query.
It is noteworthy that this representation of predicates by functions is free of overhead, because besides ⊤ only one other name needs to be considered for splitting (to represent falsity).
The system also rewrites formulas, exploiting equivalences that hold in L but not in L\mspace−1.0muL like Proposition 1 (ii–iii), and provides syntactic sugar for nested functions and the like.
4.3 Evaluation
Three sample applications were developed to evaluate the reasoning system.444Browser-based versions of these examples can be accessed at www.cse.unsw.edu.au/~cschwering/limbo.
For one thing, a textual user interface allows for specification of reasoning problems and has been used to model several small-scale examples, including this paper’s running example, to test the system’s full expressivity.
In this section, however, we focus on the application of limited belief to the games of Sudoku and Minesweeper.
Sudoku is played on a 9×9 grid which is additionally divided into nine 3×3 blocks.
The goal is to find a valuation of the cells such that every row, column, and 3×3 block contains every value [1,9] exactly once.
The difficulty depends on how many and which numbers are given as clues from the start.
In Minesweeper the goal is to explore a grid by uncovering all and only those cells that contain no mine.
When such a safe cell is uncovered, the player learns how many adjacent cells are safe, but when a mined cell is uncovered, the game is lost.
The difficulty depends on the number of mines and grid size.
Both games were played by simple agents that use the reasoning system to represent and infer knowledge about the current game state.
For Sudoku, we use a function value(x,y)∈[1,9] and translate the game rules to constraints such as y1=y2∨value(x,y1)=value(x,y2).
For Minesweeper a Boolean function isMine(x,y) is used, and when a cell (x,y) is uncovered, clauses are added to represent the possible valuations of isMine(x±1,y±1).
Both agents use iterative deepening to find their next move: first, they look for a cell (x,y) for which value(x,y) or isMine(x,y) is known at belief level 0; if none exists, they repeat the same for belief level 1; and so on, until a specified maximum level is reached.
Once a known cell is found, the corresponding information is added to the knowledge base.
In the case of Minesweeper, it is sometimes necessary to guess; we then use a naive strategy that prefers cells that are not next to an uncovered field.
While both games do not require much expressivity to be modelled, they are nevertheless interesting applications of limited belief because they are known to be computationally hard – Sudoku on N×N grids is NP-complete Takayuki and Takahiro (2003), Minesweeper is co-NP-complete Scott et al. (2011) – yet often easily solved by humans.
According to the motivating hypothesis behind limited belief, a small split level should often suffice to reach human-level performance.
Indeed we find this hypothesis confirmed for both games.
The results for Sudoku in Table 1 show that most ‘easy’ instances are solved just by unit propagation, and the number of necessary case splits increases for ‘medium’ and ‘hard.’
Significantly more effort is needed to solve games from the “Top 1465” list, a repository of extremely difficult Sudokus.
For Minesweeper, Table 2 shows that strong results are already achieved at level 1 already, and while belief level 2 increases the chance of winning by 0.5%, there is no improvement at level 3.
The Sudoku experiments show a strong increase in runtime for higher belief levels. This is caused by the cells being highly connected through constraints, so that the G\mspace1.0mu operator has only little effect in terms of confining the setup and relevant split terms.
In Minesweeper, by contrast, using G\mspace1.0mu improves runtime considerably.
The experiments were conducted using custom implementations of both games.
Note that while the numbers for Minesweeper are competitive with those reported by Bonet and Geffner (2014); Buffet et al. (2012), small differences in the rules may make them incomparable.
The tests were compiled with clang -O3 and run on an Intel Core i7-4600U CPU at 3.3 GHz.
5 Conclusion
We developed a practical variant of Liu, Lakemeyer, and Levesque’s Liu et al. (2004) theory of limited belief and introduced and evaluated limbo, a reasoning system that implements this logic.
The system features a sorted first-order language of introspective belief with functions and equality.
The computational complexity of reasoning in this highly expressive logic is controlled through the number of allowed case splits, which keeps reasoning decidable in general and sometimes even tractable.
The motivating hypothesis behind limited belief is that often a small number of case splits is sufficient to obtain useful reasoning results; this hypothesis was confirmed in our experimental evaluation using Sudoku and Minesweeper.
A natural next step is to incorporate (limited) theories of action, belief change, and/or multiple agents into the system.
This could open up interesting applications in epistemic planning and high-level control in cognitive robotics.
Another challenge is to improve the system’s performance and expressivity using SAT and ASP solving technology such as clause learning, backjumping, efficient grounding techniques, and background theories.
Appendix: Proofs
\startcontents\printcontents
1
Contents
We begin with some auxiliary definitions and basic lemmas in Appendix A and showing a unique-model property of limited only-knowing in Appendix B.
Then we proceed to show the soundness and eventual completeness results, Theorems 2 and 3, in Appendices C and D, respectively.
Next, we prove the Levesque’s representation theorem for limited belief as stated in Theorem 6 in Appendix E.
Then we turn to the decidability result, Theorem 4, and the complexity analysis from Theorem 5 and Corollary 7 in Appendix F.
All definitions are assumed as above.
Some of them are restated, and, in some cases, refined, for convenience.
Appendix A Basics
Definition 8** (Term) **
The set of terms (of a sort s) contains all variables and names (of sort s) as well as all functions f(t1,…,tj) where f is a j-ary function symbol (of sort s) and every ti is a variable or a name (not necessarily of sort s).
We call a term f(t1,…,tj) primitive when all ti are standard names.
We denote by N and T be the sets of all names and primitive terms, respectively.
To include only terms of the same sort as t, we write Nt and Tt.
A.1 Literals
Definition 9** (Literal) **
A literal is an expression of the form t1=t2 or ¬t1=t2 where t1 is a variable, name, or function, and t2 is a variable or a name.
A literal is ground when it contains no variables.
Hence any ground literal is of the form n=n′, n=n′, t=n, or t=n for names n,n′ and a primitive term t.
Literals of the former two forms, t=n and t=n, are called primitive as well.
A clause is valid when it contains a valid literal, or a literal t=t′ and its negation t=t′, or two literals t=n1 and t=n2 for distinct names n1,n2.
Analogously, a literal is invalid when it is of the form t=t, or n=n′ for distinct names n,n′, or t=t′ for terms t,t′ of distinct sorts.
Lemma 10** **
Let ℓ be ground.
Then ℓ is valid iff ⊨ℓ.
Proof*. *
For the only-if direction, suppose ℓ is valid.
When ℓ is of the form t=t or n=n′, the result immediately follows from the semantics.
When ℓ is of the form t=t′ for two terms of distinct sort, then Nt∋w(t)=w(t′)∈Nt′ since Nt∩Nt′=∅, and hence ⊨t=t′.
For the converse, suppose ℓ is not valid.
A literal can have the following forms: n=n (), n=n′, n=n, n=n′ (), t=t (), t=n, t=n for same sorts, t=n for distinct sorts, for distinct n,n′ and a primitive t, all of, unless specified otherwise, perhaps of different sorts.
The cases marked () need no consideration as they are valid.
Clearly, ⊨n=n′ and ⊨n=n.
For t=n, there is a w with w(t)=n, so ⊨t=n.
For t=n of the same sort, there is a w with w(t)=n, so ⊨t=n.
Lemma 11** **
Let ℓ be ground.
Then ℓ is invalid iff ⊨¬ℓ.
Proof*. *
For the only-if direction, suppose ℓ is invalid.
When ℓ is of the form t=t or n=n′, the result immediately follows from the semantics.
When ℓ is of the form t=t′ for two terms of distinct sort, then Nt∋w(t)=w(t′)∈Nt′ since Nt∩Nt′=∅, and hence ⊨¬t=t′.
For the converse, suppose ℓ is not invalid.
A literal can have the following forms: n=n, n=n′ (), n=n (), n=n′, t=n for same sorts, t=n for distinct sorts (), t=t (), t=n, for distinct n,n′ and a primitive t, all of, unless specified otherwise, perhaps of different sorts.
The cases marked (*) need no consideration as they are invalid.
Clearly, ⊨¬n=n and ⊨¬n=n′.
For t=n of the same sorts, there is a w with w(t)=n, so ⊨¬t=n.
For t=n, there is a w with w(t)=n, so ⊨¬t=n.
Lemma 12** **
Let ℓ be not valid and the left-hand side be a name.
Then ⊨¬ℓ.
Proof*. *
ℓ is of the form n=n (), n=n, n=n′, or n=n′ () for distinct, n,n′.
The cases marked (*) need no consideration as they are valid.
For the remaining cases, clearly ⊨¬n=n and ⊨¬n=n′.
Definition 13** (Literal subsumption, unit propagation) **
A literal ℓ1 subsumes a literal ℓ2 when ℓ1,ℓ2 are identical or ℓ1,ℓ2 are of the form t=n1 and t=n2 for two distinct names n1,n2.
Two literals ℓ1,ℓ2 are complementary when ℓ1,ℓ2 are of the form t=t′ and t=t′ (or vice versa), or ℓ1,ℓ2 are of the form t=n1 and t=n2 for distinct names n1,n2.
Lemma 14** **
Suppose ℓ1,ℓ2 are ground and ℓ1 subsumes ℓ2.
Then ⊨ℓ1⊃ℓ2.
Proof*. *
Suppose w⊨ℓ1.
If ℓ1,ℓ2 are identical, the lemma holds trivially.
If ℓ1,ℓ2 are of the form t=n1 and t=n2 for distinct n1,n2 and w⊨t=n1, then w(t)=n1=n2 and thus w⊨t=t2.
Lemma 15** **
Suppose ℓ1 subsumes ℓ2 and ℓ2 subsumes ℓ3.
Then ℓ1 subsumes ℓ3.
Proof*. *
First suppose ℓ1 and ℓ2 are identical.
If ℓ2 and ℓ3 are identical, then ℓ1 subsumes ℓ3 trivially.
If ℓ2, ℓ3 are of the form t=n2 and t=n3 for distinct n2,n3, then ℓ1,ℓ3 are of the form t=n2 and t=n3, so ℓ1 subsumes ℓ3.
Now suppose ℓ1,ℓ2 are of the form t=n1 and t=n2 for distinct n1,n2.
If ℓ2 and ℓ3 are identical, then ℓ1 subsumes ℓ3 trivially.
The remaining case that ℓ2, ℓ3 are of the form t=n2′ and t=n3 for distinct n2′,n3 is incompatible with the assumption that ℓ2 is of the form t=n2.
Lemma 16** **
Let ℓ1 subsume ℓ2 and ℓ2 subsume ℓ1.
Then ℓ1,ℓ2 are identical.
Proof*. *
By assumption, ℓ1,ℓ2 are identical or of the form t1=n1 and t1=n2 for distinct n1,n2.
Analogously, ℓ2,ℓ1 are identical or of the form t1=n1 and t1=n2 for distinct n1,n2.
Hence ℓ1,ℓ2 must be identical.
Lemma 17** **
Suppose ℓ1,ℓ2 are ground and complementary.
Then ℓ1∧ℓ2 is unsatisfiable.
Proof*. *
First ℓ1,ℓ2 are of the form t=t′ and t=t′.
Then t′ is a name.
If w(t)=t′, then w⊨t=t′.
If w(t)=t′, then w⊨t=t′.
Now suppose ℓ1,ℓ2 are of the form t=n1 and t=n2 for distinct n1,n2.
If w(t)=n1, then w⊨t=n2.
If w(t)=n1, then w⊨t=n1.
Lemma 18** **
Suppose ℓ1 subsumes ℓ2, ℓ3 subsumes ℓ4, and ℓ2,ℓ4 are complementary.
Then ℓ1,ℓ3 are complementary.
Proof*. *
By assumption, ℓ1,ℓ2 are identical or of the form t=n1 and t=n2 for distinct n1,n2.
Analogously, ℓ3,ℓ4 are identical or of the form t=n1 and t=n2 for distinct n1,n2.
Moreover, ℓ2,ℓ4 are of the form t=t′ and t=t′, or t=t′ and t=t′, or t=n1 and t=n2 for distinct n1,n2.
First suppose ℓ1,ℓ2 are identical.
If ℓ3,ℓ4 are identical as well, the lemma holds trivially.
Otherwise, ℓ3,ℓ4 are of the form t=n1 and t=n2 for distinct n1,n2.
Then ℓ2 is of the form t=n2.
Then ℓ1 is of the form t=n2, too.
Then ℓ1,ℓ3 are of the form t=n2 and t=n1 and hence complementary.
Now suppose ℓ1,ℓ2 are of the form t=n1 and t=n2 for distinct n1,n2.
Then ℓ4 is of the form t=n2.
Then ℓ3 must be identical to ℓ4.
Then ℓ1,ℓ3 are of the form t=n1 and t=n2 for distinct n1,n2, and thus complementary.
Remark 19** **
If ℓ1,ℓ2 are complementary and ℓ2 subsumes ℓ3, then ℓ1,ℓ3 are not necessarily complementary: ℓ1,ℓ2 could be t=n1, t=n1, and ℓ2,ℓ3 could be t=n1, t=n2.
A.2 Clauses
Definition 20** (Clause) **
A clause is a set of literals.
A clause with a single literal is a unit clause.
We abuse notation and identify the non-empty clauses {ℓ1,…,ℓj} with formulas (ℓ1∨…∨ℓj).
A clause is valid when it contains a valid literal, or a literal t=t′ and its negation t=t′, or two literals t=n1 and t=n2 for distinct names n1,n2.
A clause is invalid when all its literals are invalid.
Lemma 21** **
A ground clause is valid iff ⊨c.
Proof*. *
For the only-if direction, there are three cases.
If a literal in c is valid, then by Lemma 10 the lemma holds.
If two literals t=t′ and t=t′ are in c, then w(t)=t′ or w(t)=t′ for every w and hence w⊨c.
If two literals t=n1 and t=n2 for distinct n1,n2 are in c, then either w(t)=n1 or w(t)=n2 for every w and hence w⊨c.
Conversely, suppose c is not valid.
Then all its clauses are not valid and there are no two clauses of the form t=n and t=n or t=n1 and t=n2 for distinct n1,n2.
By Lemma 12, all literals without a primitive term on the left-hand side are unsatisfiable, so we only need to to consider the literals of the form t=n and t=n.
Let w be such that for every t=n∈c, w(t)=n.
Such w is well-defined because there are no two t=n1,t=n2∈c for distinct n1,n2.
Also note that for every t=n∈c there is no t=n′∈c, so we can furthermore let w(t)=n^, where n^∈/{nˉ∣t=nˉ∈c}.
By construction, w⊨c.
Definition 22** (Clause subsumption, unit propagation) **
A clause c1 subsumes a clause c2 if every literal ℓ1∈c1 subsumes a literal ℓ2∈c2.
The unit propagation of a clause c with a literal ℓ is the clause obtained by removing from c all literals that are complementary to ℓ.
Lemma 23** **
Suppose c1 subsumes c2.
Then ⊨c1⊃c2.
Proof*. *
Suppose w⊨c1.
Then w⊨ℓ1 for some ℓ1∈c1.
By assumption, ℓ1 subsumes some ℓ2∈c2.
By Lemma 14, w⊨ℓ2.
Thus w⊨c2.
Lemma 24** **
Suppose c1 subsumes c2 and c2 subsumes c3.
Then c1 subsumes c3.
Proof*. *
Let ℓ1∈c2 subsume ℓ2, and ℓ2 subsume ℓ3∈c3, which exist by assumption.
By Lemma 15 the lemma follows.
Lemma 25** **
Let c1 subsume c2 and c2 subsume c1.
Then c1,c2 are identical.
Proof*. *
By assumption, every ℓ1∈c1 subsumes an ℓ2∈c2, and by Lemma 16, ℓ1,ℓ2 are identical, so c1⊆c2.
By the analogous argument, c2⊆c1.
Lemma 26** **
Suppose c2 is the unit propagation of c1,ℓ.
Then ⊨c1∧ℓ⊃c2.
Proof*. *
Suppose w⊨c1∧ℓ.
Then w⊨ℓ1 for some ℓ1∈c1.
If ℓ1,ℓ were complementary, then w⊨ℓ1∧ℓ by Lemma 17, which contradicts the assumption.
Thus ℓ1,ℓ are not complementary.
Hence ℓ1∈c2 and thus w⊨c2.
Lemma 27** **
Suppose c1 subsumes c2, ℓ1 subsumes ℓ2, and c1′ and c2′ are the unit propagations of c1 with ℓ1 and c2 with ℓ2.
Then c1′ subsumes c2′.
Proof*. *
By assumption, every ℓ1′∈c1 subsumes an ℓ2′∈c2.
By Lemma 18, if ℓ2′ is complementary to ℓ2, then ℓ1′ is complementary to ℓ1.
Hence, if ℓ1′∈c1′, then ℓ1′ is not complementary to ℓ1, and so the ℓ2′∈c2 which is subsumed by ℓ1′ is not complementary to ℓ2 and hence ℓ2′∈c2′.
A.3 Setups
Definition 28** (Setup) **
A setup is a set of ground clauses.
We write UP(s) to denote the closure of s together with all valid clauses under unit propagation:
if c∈s, then c∈UP(s);
if ℓ is a valid literal, then ℓ∈UP(s);
if c,ℓ∈UP(s) and c′ is the unit propagation of c with ℓ, then c′∈UP(s).
Furthermore s\textsuperscript+ denotes the result of adding to s all clauses that are valid or subsumed by some clause in s.
We further write s\textsuperscript\textminus denote the setup obtained by removing from s all valid clauses and all clauses subsumed by some other clause in UP\textsuperscript+(s).
To ease readability, we write UP\textsuperscript\textminus(s) for UP(s)\textsuperscript\textminus and UP\textsuperscript+(s) for UP(s)\textsuperscript+.
A setup s subsumes a clause c when some c′∈s subsumes c.
Lemma 29** **
The following are equivalent:
- (i)
w⊨c* for all c∈s;*
2. (ii)
w⊨c* for all c∈s\textsuperscript\textminus;*
3. (iii)
w⊨c* for all c∈s\textsuperscript+;*
4. (iv)
w⊨c* for all c∈UP(s).*
Proof*. *
We show that (i) is equivalent to (ii), (iii), (iv).
The remaining equivalences then follow.
The only-if direction of (i) iff (ii) is trivial.
Conversely, suppose (ii) and c∈s and c∈/s\textsuperscript\textminus.
Then c is either valid or subsumed by some other clause.
In the first case, w⊨c by Lemma 21.
In the second case, there is some c′∈s\textsuperscript\textminus that subsumes c by Lemmas 24 and 25.
By assumption, w⊨c′, and by Lemma 23 w⊨c.
The if direction of (i) iff (iii) is trivial.
Conversely, suppose (i) and c∈s\textsuperscript+ and c∈/s.
Then c is either valid or subsumed by some other clause c′∈s.
In the first case, w⊨c by Lemma 21.
In the second case, w⊨c′ by assumption, and by Lemma 23 w⊨c.
The if direction of (i) iff (iv) is trivial.
Conversely suppose (i) and c∈UP(s).
We show by induction on the length of the derivation of c that w⊨c.
The base case for valid ℓ follows by Lemma 10.
The base case c∈s is trivial.
For the induction step, let c∈UP(s) be the resolvent of c′,ℓ∈UP(s).
By induction, w⊨c′ and w⊨ℓ.
By Lemma 26, w⊨c.
Definition 30** **
Let UPk(s) be the set of clauses derivable by at most k unit propagations from s together with all valid literals.
Lemma 31** **
Let s⊆s′.
Then UP(s)⊆UP(s′) and UP\textsuperscript+(s)⊆UP\textsuperscript+(s′).
Proof*. *
We first show that if c∈UP(s) then c∈UP(s′) by induction on the length of the derivation of c.
If c∈UP0(s), then c is either valid or c∈s⊆s′, and so c∈UP0(s′).
If c∈UPk+1(s)∖UPk(s), then c is the unit propagation of c′,ℓ∈UPk(s).
By induction, c′,ℓ∈UPk(s′), and so c∈UPk+1(s′).
Finally, if c∈UP\textsuperscript+(s), then c is valid or subsumed by some c′∈UP(s)⊆UP(s′), so c∈UP\textsuperscript+(s′).
Lemma 32** **
- (i)
s⊆s′* implies s\textsuperscript+⊆s′\textsuperscript+;*
2. (ii)
s\textsuperscript\textminus⊆s′\textsuperscript\textminus* implies s\textsuperscript+⊆s′\textsuperscript+;*
3. (iii)
s\textsuperscript\textminus=s′\textsuperscript\textminus* iff s\textsuperscript+=s′\textsuperscript+.*
Proof*. *
- (i)
Suppose s⊆s′ and let c∈s\textsuperscript+.
If c is valid, then c∈s′\textsuperscript+.
Otherwise c is subsumed by some c′∈s.
By assumption, c′∈s′, and so c′∈s′\textsuperscript+.
Hence c∈s′\textsuperscript+.
2. (ii)
Suppose s\textsuperscript\textminus⊆s′\textsuperscript\textminus and let c∈s\textsuperscript+.
If c is valid, then c∈s′\textsuperscript+.
Otherwise c is subsumed by a clause in s, and by Lemmas 24 and 25, c is subsumed by some c′∈s\textsuperscript\textminus.
By assumption, c′∈s′\textsuperscript\textminus, and so c′∈s′\textsuperscript+.
Hence also c∈s′\textsuperscript+.
3. (iii)
Suppose s\textsuperscript+=s′\textsuperscript+ and let c∈s\textsuperscript\textminus.
Since s\textsuperscript\textminus⊆s\textsuperscript+, we have c∈s\textsuperscript+, and by assumption, c∈s′\textsuperscript+.
Moreover, c is not valid and not subsumed by any clause in s by assumption.
Then c is also not subsumed by any clause in s\textsuperscript+=s′\textsuperscript+, and in particular, not subsumed by any clause in s′.
Hence c∈s′\textsuperscript\textminus.
Lemma 33** **
Let f(s)∈{UP\textsuperscript+(s),UP\textsuperscript\textminus(s)}.
- (i)
f(s∪s′)=f(s\textsuperscript\textminus∪s′);
2. (ii)
f(s∪s′)=f(s\textsuperscript+∪s′);
3. (iii)
f(s∪s′)=f(UP(s)∪s′).
Proof*. *
- (i)
First consider UP\textsuperscript+(s∪s′)=UP\textsuperscript+(s\textsuperscript\textminus∪s′).
The ⊇ direction follows from Lemma 31 since s∪s′⊇s\textsuperscript\textminus∪s′.
Conversely, suppose c∈UP\textsuperscript+(s∪s′).
If c is valid, then c∈UP\textsuperscript+(s\textsuperscript\textminus∪s′).
Otherwise c is subsumed by some clause in UP(s∪s′), and by Lemmas 24 and 25, c is subsumed by some c′UP(s∪s′) which itself is not subsumed by any clause UP(s∪s′).
We show by induction on the length of the derivation of c′ that c′∈UP(s\textsuperscript\textminus∪s′), which implies c∈UP\textsuperscript+(s\textsuperscript\textminus∪s′).
If c′∈UP0(s\textsuperscript\textminus∪s′), then c′ is a valid literal or c′∈s\textsuperscript\textminus∪s, and hence c′∈UP0(s\textsuperscript\textminus∪s′).
If c′∈UPk+1(s∪s′)∖UPk(s∪s′), then it is the unit propagation of some c′′,ℓ∈UPk(s∪s′) that are not subsumed by any clause in UPk(s∪s′).
For otherwise either the empty clause were in UPk(s∪s′), or the unit propagation of the subsuming clauses would subsume c by Lemma 27, both of which would contradict the assumption.
By induction, c′′,ℓ∈UPk(s\textsuperscript\textminus∪s′), and so c′∈UPk+1(s\textsuperscript\textminus∪s′).
The claim UP\textsuperscript\textminus(s∪s′)=UP\textsuperscript\textminus(s\textsuperscript\textminus∪s′) follows by Lemma 32.
2. (ii)
Now consider UP\textsuperscript\textminus(s∪s′)=UP\textsuperscript\textminus(s\textsuperscript+∪s′).
By (i), UP\textsuperscript\textminus(s\textsuperscript+∪s′)=UP\textsuperscript\textminus((s\textsuperscript+)∪s′\textsuperscript\textminus).
Since (s\textsuperscript+)\textsuperscript\textminus=s\textsuperscript\textminus, we have UP\textsuperscript\textminus(s\textsuperscript+∪s′)=UP\textsuperscript\textminus(s\textsuperscript\textminus∪s′), and again by (i), UP\textsuperscript\textminus(s\textsuperscript\textminus∪s′)=UP\textsuperscript\textminus(s∪s′).
The claim UP\textsuperscript+(s∪s′)=UP\textsuperscript+(s\textsuperscript\textminus∪s′) follows by Lemma 32.
3. (iii)
Now consider UP\textsuperscript+(s∪s′)=UP\textsuperscript+(UP(s)∪s′).
The ⊆ direction holds by Lemma 31 since s∪s′⊆UP(s)∪s′.
Conversely, suppose c∈UP\textsuperscript+(UP(s)∪s′).
If c is valid, then c∈UP\textsuperscript+(s∪s′).
Otherwise c is subsumed by some c′∈UPk(UPl(s)∪s′) for some k,l.
We show by induction on l and subinduction on k that c′∈UPk+l(s∪s′), which implies c∈UP\textsuperscript+(s∪s′).
For the base case let l=0.
Then UPk(UP0(s)∪s′)=UPk(s∪s′), so the claim holds.
Now consider l>0 and suppose c′∈UPk(UPl(s)∪s′).
We show that c′∈UPk+l(s∪s′) by subinduction on k.
For k=0, UP0(UPl(s)∪s′)⊆UPl(s∪s′), so the claim holds.
For k>0, suppose c′∈UPk(UPl(s)∪s′) and that c′ is the unit propagation of two clauses c′′,ℓ∈UPk−1(UPl(s)∪s′).
By induction, c′′,ℓ∈UPk−1+l(s∪s′).
Hence c∈UPk+l(s∪s′).
The claim UP\textsuperscript\textminus(s∪s′)=UP\textsuperscript\textminus(s\textsuperscript\textminus∪s′) follows by Lemma 32.
A.4 Formulas
Definition 34** (Formula) **
The set of formulas is the least set that contains all literals and all expressions ¬α, (α∨β), ∃x\mspace1.0muα, Kk\mspace1.0muα, Mk\mspace1.0muα, O\mspace1.0muα, G\mspace1.0muα where α and β are formulas, x is a variable, and k≥0 is a natural number.
To denote the names or primitive terms that occur in a formula α, we write N(α) and T(α), respectively, optionally indexed with a term t to restrict the set to terms of the same sort as t; and analogously for sets of formulas.
We use L\mspace1.0mu as a placeholder for K\mspace1.0mu and M\mspace1.0mu.
Definition 35** (Length) **
The length ∣α∣ of a formula α is defined as follows:
∣t=t′∣=3;
∣(α∨β)∣=3+∣α∣+∣β∣;
∣¬α∣=2m(α)+∣α∣;
∣∃x\mspace1.0muα∣=1+∣α∣;
∣Lk\mspace1.0muα∣=k+1+∣α∣;
∣O\mspace1.0muϕ∣=1+∣ϕ∣;
∣G\mspace1.0muα∣=1+∣α∣;
where m(α) is the number of modal operators in α.
The point of defining ∣¬α∣=2m(α)+∣α∣ is that ∣¬Lk\mspace1.0muα∣>∣Lk\mspace1.0mu¬α∣ and likewise ∣¬G\mspace1.0muα∣>∣G\mspace1.0mu¬α∣.
Appendix B Only-Knowing
In this section we show Theorem 38, which says that limited only-knowing has a unique model (modulo unit propagation and subsumption).
Lemma 36** **
Let f(s)∈{UP(s),s\textsuperscript\textminus,s\textsuperscript+}.
Then s0,s∪s′,v∣\joinrel≈α iff s0,f(s)∪s′,v∪∣\joinrel≈α iff f(s0),s∪s′,v∣\joinrel≈α.
Proof*. *
By induction on ∣α∣.
For the base case consider a clause c, which includes the base cases for ℓ and a clause (α∨β).
Then s0,s∪s′,v∣\joinrel≈c iff c∈UP\textsuperscript+(s∪s′) iff c∈UP\textsuperscript+(f(s)∪s′) iff s0,f(s)∪s′,v∣\joinrel≈c.
Moreover s0,s∪s′,v∣\joinrel≈c iff f(s0),s∪s′,v∣\joinrel≈c.
The induction steps for ¬(α∨β), ∃x\mspace1.0muα, ¬∃x\mspace1.0muα, and ¬¬α are trivial.
Now consider K0\mspace1.0muα.
Firstly, s0,s∪s′,v∣\joinrel≈K0\mspace1.0muα iff s0∪v is obviously inconsistent or s0,s0∪v∣\joinrel≈α iff s0,f(s)∪s′,v∣\joinrel≈K0\mspace1.0mu.
Secondly, s0,s∪s′,v∣\joinrel≈K0\mspace1.0muα iff s0∪v is obviously inconsistent or s0,s0∪v∣\joinrel≈α iff (by induction and by the fact that UP\textsuperscript+(s0∪v)=UP\textsuperscript+(f(s0)∪v)) f(s0)∪v is obviously inconsistent or f(s0),f(s0)∪v∣\joinrel≈α iff f(s0),s∪s′,v∣\joinrel≈K0\mspace1.0muα.
Now consider Kk+1\mspace1.0muα.
Firstly, s0,s∪s′,v∣\joinrel≈Kk+1\mspace1.0muα iff for some t and all n∈Nt, s0,s∪s′,v∪{t=n}∣\joinrel≈Kk\mspace1.0muα iff (by induction) for some t and all n∈Nt, s0,f(s)∪s′,v∪{t=n}∣\joinrel≈Kk\mspace1.0muα iff s0,f(s)∪s′,v∣\joinrel≈Kk+1\mspace1.0muα.
Analogously for the second claim.
Now consider M0\mspace1.0muα.
Firstly, s0,s∪s′,v∣\joinrel≈M0\mspace1.0muα iff s0∪v is not potentially inconsistent and s0,s0∪v∣\joinrel≈α iff s0,f(s)∪s′,v∣\joinrel≈M0\mspace1.0mu.
Secondly, s0,s∪s′,v∣\joinrel≈M0\mspace1.0muα iff s0∪v is not potentially inconsistent s0,s0∪v∣\joinrel≈α iff (by induction and by the fact that UP\textsuperscript\textminus(s0∪v)=UP\textsuperscript\textminus(f(s0)∪v)) f(s0)∪v is not potentially inconsistent f(s0),f(s0)∪v∣\joinrel≈α iff f(s0),s∪s′,v∣\joinrel≈M0\mspace1.0muα.
Now consider Mk+1\mspace1.0muα.
Firstly, s0,s∪s′,v∣\joinrel≈Mk+1\mspace1.0muα iff for some t and n∈Nt, s0,s∪s′,v∪{t=n}∣\joinrel≈Mk\mspace1.0muα or s0,s∪s′,v⊎s0(t=n)∣\joinrel≈α iff (by induction) for some t and all n∈Nt, s0,f(s)∪s′,v∪{t=n}∣\joinrel≈Mk\mspace1.0muα iff s0,f(s)∪s′,v∣\joinrel≈Mk+1\mspace1.0muα.
Secondly, s0,s∪s,v∣\joinrel≈Mk+1\mspace1.0muα iff for some t and n∈Nt, s0,s∪s′,v∪{t=n}∣\joinrel≈Mk\mspace1.0muα or s0,s∪s′,v⊎s0(t=n)∣\joinrel≈α iff (by induction and by the fact that UP\textsuperscript+(s0∪v)=UP\textsuperscript+(f(s)∪v)) for some t and n∈Nt, f(s0),s∪s′,v∪{t=n}∣\joinrel≈Mk\mspace1.0muα or f(s0),s∪s′,v⊎f(s0)(t=n)∣\joinrel≈α iff f(s0),s∪s′,v∣\joinrel≈α.
Firstly, s0,s∪s′,v∣\joinrel≈G\mspace1.0muα iff s0∣T(gnd(α)),s∪s′,v∣\joinrel≈α iff (by induction) s0∣T(gnd(α)),f(s)∪s′,v∣\joinrel≈α iff s0,f(s)∪s′,v∣\joinrel≈α.
Secondly, s0,s∪s′,v∣\joinrel≈G\mspace1.0muα iff s0∣T(gnd(α)),s∪s′,v∣\joinrel≈α iff (by induction and by the fact that UP\textsuperscript\textminus(s0)=UP\textsuperscript\textminus(f(s0))) f(s0)∣T(gnd(α)),s∪s′,v∣\joinrel≈α iff f(s0),s∪s′,v∣\joinrel≈α.
The induction steps for ¬Kk\mspace1.0muα, ¬Mk\mspace1.0muα, and ¬G\mspace1.0muα are trivial.
Lemma 37** **
Let ϕ be proper+.
Then s0∣\joinrel≈O\mspace1.0muϕ iff UP\textsuperscript+(s0)=UP\textsuperscript+(gnd(ϕ)).
Proof*. *
For the only-if direction suppose s0∣\joinrel≈O\mspace1.0muϕ.
Then s0,s0∣\joinrel≈ϕ.
Then gnd(ϕ)⊆UP\textsuperscript+(s0), and hence clearly UP\textsuperscript+(gnd(ϕ))⊆UP\textsuperscript+(s0).
Moreover, s0,gnd(ϕ)∣\joinrel≈ϕ, and by assumption, there is no s^0 with UP\textsuperscript+(s^0)⊆UP\textsuperscript+(s0) and s0,s^0∣\joinrel≈ϕ.
Thus UP\textsuperscript+(gnd(ϕ))⊇UP\textsuperscript+(s0).
Together, this gives UP\textsuperscript+(s0)=UP\textsuperscript+(gnd(ϕ)).
For the if direction suppose UP\textsuperscript+(s0)=UP\textsuperscript+(gnd(ϕ)).
Then c∈UP\textsuperscript+(s0) for every c∈gnd(ϕ), so s0,s0∣\joinrel≈c, and thus s0,s0∣\joinrel≈ϕ.
Suppose s^0 is such that UP\textsuperscript+(s^0)⊊UP\textsuperscript+(s0).
Let c∈UP\textsuperscript+(s0) but c∈/UP\textsuperscript+(s^0).
Then c is not valid.
If c is subsumed by some other clause c′∈UP\textsuperscript+(s0), then c′∈/UP\textsuperscript+(s^0); hence we can assume that c is not subsumed by any other clause in UP\textsuperscript+(s0).
If c is the unit propagation of two clauses c′,ℓ∈UP\textsuperscript+(s0), then c′,ℓ∈/UP\textsuperscript+(s^0); hence we can assume that c is not the unit propagation of any other clauses.
By these assumptions and since UP\textsuperscript+(s0)=UP\textsuperscript+(gnd(ϕ)), we have c∈gnd(ϕ) but c∈/UP\textsuperscript+(s^0).
Hence s0,s^0∣\joinrel≈ϕ.
Theorem 38** **
Let ϕ be proper+.
O\mspace1.0muϕ∣\joinrel≈α iff gnd(ϕ)∣\joinrel≈α.
Proof*. *
For the only-if direction, suppose O\mspace1.0muϕ∣\joinrel≈α.
By Lemma 37, gnd(ϕ)∣\joinrel≈O\mspace1.0muϕ, and hence gnd(ϕ)∣\joinrel≈α.
Conversely, suppose gnd(ϕ)∣\joinrel≈α and s0∣\joinrel≈O\mspace1.0muϕ.
By Lemma 37, UP\textsuperscript+(s0)=UP\textsuperscript+(gnd(ϕ)), and by Lemma 36, s0∣\joinrel≈α.
Appendix C Soundness
In this section we prove Theorem 2 that states the soundness of limited belief.
Definition 39** **
We denote by σL the result of replacing in σ every Lk\mspace1.0mu with L\mspace1.0mu.
We abbreviate [ϕ]={w∣w⊨ϕ}, and [Φ]=⋂ϕ∈Φ[ϕ].
Lemma 40** **
Suppose s is obviously inconsistent.
Then there is no w such that w⊨c for all c∈s.
Proof*. *
Suppose w⊨c for all c∈s.
By Lemma 29, w⊨c for all c∈s\textsuperscript+.
By assumption, n=n∈s\textsuperscript+.
Thus w⊨n=n.
Contradiction.
Lemma 41** **
Suppose s is not potentially inconsistent.
Then there is a w such that w⊨c for all c∈s.
Proof*. *
Let L={ℓ∣ℓ∈c∈UP\textsuperscript\textminus(s)}.
By assumption, L contains no two complementary literals and for no t all t=n for n∈Nt occur in UP\textsuperscript\textminus(s).
Let w be such that w(t)=n for every t=n∈L.
Such w is well-defined because by assumption, if t=n∈L, then n∈Nt for otherwise it would contain complementary literals, and neither t=n∈L nor t=n′∈L for n′ distinct from n.
Moreover for every t=n∈L there is an n′∈Nt such that t=n′∈/L, so we can let w(t)=n′.
By assumption, s is not obviously inconsistent, so every clause in s is subsumed by a literal in L.
Hence by construction w⊨c for every c∈s.
Lemma 42** **
For all s1,s2, s0,s1,v∣\joinrel≈Lk\mspace1.0muα iff s0,s2,v∣\joinrel≈Lk\mspace1.0muα.
Proof*. *
By induction on k.
Base case and induction step are obvious as s1,s2 are not mentioned on the right-hand sides of the semantic rules.
Lemma 43** **
Suppose s0,s,v∣\joinrel≈Mk\mspace1.0muα.
Then there is a w such that w⊨c for all c∈s0.
Proof*. *
By induction on k.
Base case k=0: since s0,s,v∣\joinrel≈M0\mspace1.0muα requires s0∪v to be not potentially inconsistent, which by Lemma 41 gives the lemma.
The induction step is trivial.
Lemma 44** **
Let ϕ be proper+, α be without O\mspace1.0mu,G\mspace1.0mu, and without negated Lk\mspace1.0mu, and [s0]=gnd(ϕ).
For every UP\textsuperscript+(s)⊇UP\textsuperscript+(s0), if s0,s∣\joinrel≈α, then [s0],w⊨α for all w∈[s].
Proof*. *
We first prove the lemma by induction on ∣α∣.
For the base case consider a clause c, which includes the base cases for ℓ and a clause (α∨β).
Suppose s0,s∣\joinrel≈c.
Then c∈UP\textsuperscript+(s).
Then for all w with w⊨c′ for all c′∈UP\textsuperscript+(s) also w⊨c.
By Lemma 29, for every w with w⊨c′ for all c′∈s also w⊨c.
Thus e,w⊨c for all w∈[s].
The induction steps for ¬(α∨β), ∃x\mspace1.0muα, ¬∃x\mspace1.0muα, and ¬¬α are trivial.
Consider Kk\mspace1.0muα.
We define e0,e⊨K\mspace1.0muαL iff e0,w⊨K\mspace1.0muαL for all w∈e.
We show by subinduction on k that s0,s,v∣\joinrel≈Kk\mspace1.0muα implies [s0],[s0∪v]⊨K\mspace1.0muαL.
Since [s0]=[s0∪∅], we obtain that s0,s∣\joinrel≈Kk\mspace1.0muα implies [s0]⊨K\mspace1.0muαL.
Consider k=0 and suppose s0,s,v∣\joinrel≈K0\mspace1.0muα.
If s∪v is obviously inconsistent, then by Lemma 40, [s∪v]=∅ and hence trivially [s0],[s0∪v]⊨K\mspace1.0muαL.
If s0,s0∪v∣\joinrel≈α, then by induction [s0],w∣\joinrel≈αL for all w∈[s0∪v].
Then [s0],[s0∪v]⊨K\mspace1.0muαL.
Consider k+1 and suppose s0,s,v∣\joinrel≈Kk+1\mspace1.0muα.
For some t∈T and all n∈Nt, s0,s,v∪{t=n}∣\joinrel≈Kk+1\mspace1.0muα.
By subinduction, for all n∈Nt, [s0],[s0∪v∪{t=n}]⊨K\mspace1.0muαL.
Since [s0∪v]=[s0∪v∪{t=n}], [s0],[s0∪v]∣\joinrel≈K\mspace1.0muαL.
Consider Mk\mspace1.0muα.
We show by subinduction on k that s0,s,v∣\joinrel≈Mk\mspace1.0muα implies [s0]∣\joinrel≈M\mspace1.0muαL.
Consider k=0 and suppose s0,s,v∣\joinrel≈M0\mspace1.0muα.
By assumption, s0∪v is not potentially inconsistent, and s0,s0∪v∣\joinrel≈α.
Then by Lemma 41, [s0∪v]=∅, and by induction, [s0],w⊨αL for all w∈[s0∪v].
In particular, there is w∈[s0∪v] such that [s0],w⊨αL.
Thus the same w∈[s0] satisfies [s0],w⊨αL.
Thus [s0]⊨M\mspace1.0muαL.
Consider k+1 and suppose s0,s,v∣\joinrel≈Mk+1\mspace1.0muα.
Then for some t=n, either s0,s,v∪{t=n}∣\joinrel≈Mk\mspace1.0muα or s0,s,v⊎s0(t=n)∣\joinrel≈Mk\mspace1.0muα.
In either case by subinduction [s0]⊨M\mspace1.0muαL.
Lemma 45** **
Let ϕ be proper+, σ be subjective, without O\mspace1.0mu,G\mspace1.0mu, and without negated Lk\mspace1.0mu, and [s0]=gnd(ϕ).
If s0,∅∣\joinrel≈σ, then [s0]⊨σ.
Proof*. *
By induction on ∣σ∣.
For the base case consider a clause c, which includes the base cases for ℓ and a clause (α∨β).
By assumption, c∈UP\textsuperscript+(∅), so c is valid, and by Lemma 21, [s0]⊨c.
The induction steps for ¬(α∨β), ∃x\mspace1.0muα, ¬∃x\mspace1.0muα, and ¬¬α are trivial.
Now consider K0\mspace1.0muα.
If s0,∅∣\joinrel≈Kk\mspace1.0muα, then by Lemma 42, s0,[s0],∅∣\joinrel≈Kk\mspace1.0muα, and by the Lemma 44, [s0],w⊨K\mspace1.0muαL for all w∈[s0], and so [s0]⊨K\mspace1.0muK\mspace1.0muαL and thus [s0]∣\joinrel≈K\mspace1.0muαL.
Now consider M0\mspace1.0muα.
If s0,∅∣\joinrel≈Mk\mspace1.0muα, then by Lemma 42, s0,[s0],∅∣\joinrel≈Mk\mspace1.0muα, and by the Lemma 44, [s0],w⊨M\mspace1.0muαL for all w∈[s0], and since [s0]=∅ by Lemma 43, [s0]⊨M\mspace1.0muαL.
**Theorem 2 (Soundness) **
Let ϕ be proper+, σ be subjective, without O\mspace1.0mu,G\mspace1.0mu, and without negated Lk\mspace1.0mu.
If O\mspace1.0muϕ∣\joinrel≈σ, then O\mspace1.0muϕ⊨σL.
Proof*. *
Suppose O\mspace1.0muϕ∣\joinrel≈σ and e⊨O\mspace1.0muϕ.
Let s0=gnd(ϕ).
Then [s0] is the unique set of worlds such that [s0]⊨O\mspace1.0muϕ, so we need to show that [s0]⊨σL.
By Theorem 38, s0∣\joinrel≈O\mspace1.0muϕ, and by assumption, s0∣\joinrel≈σ.
Then s0,∅∣\joinrel≈σ, and by Lemma 45, [s0]⊨σL.
Appendix D Eventual Completeness
Here we prove the eventual completeness result for propositional limited belief, Theorem 3.
Definition 46** **
A formula without quantifiers is called propositional.
Definition 47** **
Let s(w,T)=s∪{t=n∣w(t)=n and t∈T}.
Lemma 48** **
Lk\mspace1.0muα∣\joinrel≈Lk+1\mspace1.0muα.
Proof*. *
By induction on k.
Suppose s0∣\joinrel≈Lk\mspace1.0muα.
If s0,s,v∣\joinrel≈K0\mspace1.0muα, then s0 is obviously inconsistent or s0,s0∪v,∅∣\joinrel≈α.
Let t∈/T(s0∪v∪{α}) be a primitive term and n∈Tt be arbitrary.
If s0 is obviously inconsistent, then clearly s0∪{t=n} is obviously inconsistent.
If s0,s0∪v,∅∣\joinrel≈α, then s0,s0∪v∪{t=n},∅∣\joinrel≈α, as can be shown by a trivial induction on ∣α∣.
In either case, s0,s,v∪{t=n}∣\joinrel≈K0\mspace1.0muα for every n∈Tt.
Then s0,s,v∣\joinrel≈K1\mspace1.0muα.
If s0,s,v∣\joinrel≈M0\mspace1.0muα, then s0 is not potentially inconsistent and s0,s0∪v,∅∣\joinrel≈α.
Let t∈/T(s0∪v∪{α}) be a primitive term and n∈Tt be arbitrary.
Then clearly s0∪{t=n} is not potentially inconsistent, and as in the case for K0\mspace1.0mu, s0,s0∪v∪{t=n},∅∣\joinrel≈α.
In either case, s0,s,v∪{t=n}∣\joinrel≈M0\mspace1.0muα.
Then s0,s,v∣\joinrel≈M1\mspace1.0muα.
The induction step is trivial.
Lemma 49** **
Let s0,s∣\joinrel≈α and s′⊇s.
Then s0,s′∣\joinrel≈α.
Proof*. *
By induction on ∣α∣.
For every clause c with s0,s∣\joinrel≈c, we have c∈UP\textsuperscript+(s)⊆UP\textsuperscript+(s′), and thus s0,s′∣\joinrel≈c.
The induction steps are trivial.
Lemma 50** **
Let s0 be finite, α be propositional, s⊇s0, T⊇T(s0∪{α}), and T′={t1,…,tj}⊆T be maximal such that for every n∈Nt, t=n∈/s0.
If s0,s(w,T)∣\joinrel≈α for all w∈[s0], then s0,s∪{t1=n1,…,tj=nj}∣\joinrel≈α for all ni∈Nti.
Proof*. *
By induction on j.
Suppose s0,s(w,T)⊨αL for all w∈[s0].
Suppose j=0.
If there is some w∈[s0], then s(w,T)=s, for otherwise there is a t∈T∖T′ such that t=n∈s and w(t)=n and thus w⊨t=n, which contradicts the assumption.
The claim follows trivially s(w,T)=s.
Otherwise, for every w there must be some c∈s0⊆s such that w⊨c, which implies w⊨¬ℓ for every ℓ∈c.
This implies that such ℓ is not valid by Lemma 10, and since ℓ mentions a name on the left-hand side by assumption, ⊨¬ℓ by Lemma 12, so ℓ is of the form n=n or n=n′ for two distinct names n,n′.
As n=n,n=n′∈UP(s) since they are valid literals, UP(s) contains the empty clause.
A simple subinduction on ∣α∣ then shows that s0,s∣\joinrel≈α.
Now consider j+1 and suppose the claim holds for {t1,…,tj}.
Suppose s0,(s∪{tj+1=nj+1}(w,T)∣\joinrel≈α for all w∈[s0].
By Lemma 49, s0,(s∪{tj+1=nj+1})(w,T)⊨αL for every nj+1∈Ntj+1 and all w∈[s0].
By induction, s0,s∪{t1=n1,…,tj+1=nj+1}∣\joinrel≈α.
Lemma 51** **
Let s0 be finite, T⊇T(s0∪{α}), and T′={t1,…,tj}⊆T be maximal such that for every n∈Nt, t=n∈/s0.
If [s0]=∅, then s0∪{t1=n1,…,tj=nj} is obviously inconsistent.
Proof*. *
Suppose [s0]=∅.
By Lemma 50, s0∪{t1=n1,…,tj=nj}∣\joinrel≈n=n for arbitrary n.
Then UP\textsuperscript+(s0∪{t1=n1,…,tj=nj}) must contain the empty clause and therefore it is obviously inconsistent.
Lemma 52** **
Let s0 be finite, w∈[s0], and T⊇T(s0), α be propositional.
Then s0(w,T) is not potentially inconsistent.
Proof*. *
By assumption, w⊨c for all c∈s0.
Furthermore, w⊨t=n for every primitive term t, in particular for t∈T, and name n identical to w(t).
Thus w⊨c for all c∈s0(w,T).
By Lemma 40, s0(w,T) is not obviously inconsistent
By Lemma 29, w⊨c for every c∈UP(s0(w,T)).
Thus for every clause c∈UP(s0(w,T)), there is some ℓ∈c such that w⊨ℓ.
If ℓ is of the form t=n, then w(t)=n and hence t=n∈UP(s0(w,T)).
If ℓ is of the form t=n′, then w(t)=n for some distinct n and hence t=n∈UP(s0(w,T)).
In either case, t=n subsumes c, and so either c is just the unit clause t=n or c∈/UP\textsuperscript\textminus(s0(w,T)).
Since s0(w,T) is not obviously inconsistent, there is at most one one n per t such that t=n∈UP\textsuperscript\textminus(s0(w,T)).
Thus s0(w,T) is not potentially inconsistent.
Lemma 53** **
Let s0 be finite, αk be propositional with l≥k for every Ll\mspace1.0mu it mentions, and T⊇T(s0∪{αk}).
If w∈[s0] with [s0],w⊨αL, then s0,s0(w,T)∣\joinrel≈α∣T∣.
Proof*. *
By induction on ∣αk∣.
Suppose w∈[s0] and [s0],w⊨c.
Then w⊨ℓ for some ℓ∈c.
If ℓ has a function as left-hand side, then ℓ∈s0(w,T).
Otherwise, ⊨ℓ, and by Lemma 10, ℓ∈UP(s0(w,T)).
Thus s0,s0(w,T)∣\joinrel≈c.
The induction steps for ¬(α∨β), ∃x\mspace1.0muα, ¬∃x\mspace1.0muα, and ¬¬α are trivial.
Suppose w∈[s0] and [s0],w⊨K\mspace1.0muαL.
Then [s0]=∅.
Then [s0],w′⊨αL for all w′∈[s0].
By induction, s0,s0(w′,T)∣\joinrel≈α∣T∣ for all w′∈[s0].
By Lemma 50, s0,s0∪{t1=n1,…,tj=nj}∣\joinrel≈α∣T∣ for all ni∈Nti.
Thus s0∣\joinrel≈K\mspace1.0mujα∣T∣.
By Lemma 48, s0∣\joinrel≈Kl\mspace1.0muα∣T∣ for arbitrary l≥∣T∣.
Suppose w∈[s0] and [s0],w⊨¬K\mspace1.0muαL.
Then [s0],w⊨K\mspace1.0muαL.
By Theorem 2, s0∣\joinrel≈Kl\mspace1.0muα for arbitrary l.
Thus s0∣\joinrel≈¬Kl\mspace1.0muα.
Suppose w∈[s0] and [s0],w⊨M\mspace1.0muαL.
Then [s0]=∅.
Then [s0],w′⊨αL for some w′∈[s0].
By induction, s0,s0(w′,T)∣\joinrel≈α∣T∣ for this w′.
By Lemma 52, s0(w′,T) is not potentially inconsistent.
Thus and since s0(w′,T) is the result of adding ∣T∣ equality literals to s0, we have s0∣\joinrel≈M\mspace1.0mu∣T∣α.
By Lemma 48, s0∣\joinrel≈Ml\mspace1.0muα∣T∣ for arbitrary l≥∣T∣.
Suppose w∈[s0] and [s0],w⊨¬M\mspace1.0muαL.
Then [s0],w⊨M\mspace1.0muαL.
By Theorem 2, s0∣\joinrel≈Ml\mspace1.0muα for arbitrary l.
Thus s0∣\joinrel≈¬Ml\mspace1.0muα.
Lemma 54** **
- (i)
If s0∣\joinrel≈Kk\mspace1.0muα, then s0∣\joinrel≈Ml\mspace1.0mu¬α.
2. (ii)
If s0∣\joinrel≈Mk\mspace1.0muα, then s0∣\joinrel≈Kl\mspace1.0mu¬α.
Proof*. *
- (i)
Suppose s0∣\joinrel≈Kk\mspace1.0muα.
Then [s0]⊨K\mspace1.0muαL by Theorem 2.
Then [s0]⊨M\mspace1.0mu¬αL.
Then s0∣\joinrel≈Ml\mspace1.0mu¬α by Theorem 2.
2. (ii)
Suppose s0∣\joinrel≈Mk\mspace1.0muα.
Then [s0]⊨M\mspace1.0muαL by Theorem 2.
Then [s0]⊨K\mspace1.0mu¬αL.
Then s0∣\joinrel≈Kl\mspace1.0mu¬α by Theorem 2.
**Theorem 3 (Eventual completeness) **
Let ϕ,σl be propositional, ϕ be proper+, σl be subjective, without O\mspace1.0mu,G\mspace1.0mu, and k≥l for all Lk\mspace1.0mu in σl.
Then O\mspace1.0muϕ⊨σL implies that there is a k such that O\mspace1.0muϕ∣\joinrel≈σk.
Proof*. *
Let s0=gnd(ϕ), which is the unique (modulo UP\textsuperscript+) model of O\mspace1.0muϕ, and [s0]⊨O\mspace1.0muϕ.
Let k=∣T(s0∪{σ})∣.
The proof is by induction on ∣σ∣.
For the base case suppose [s0]⊨c for a clause c, which includes the base cases for ℓ and a clause (α∨β).
Then c is valid by Lemma 21, and hence c∈UP\textsuperscript+(s), and so s0,s∣\joinrel≈c.
The induction steps for ¬(α∨β), ∃x\mspace1.0muα, ¬∃x\mspace1.0muα, and ¬¬α are trivial.
Suppose [s0]⊨K\mspace1.0muαL.
If [s0]=∅, then by Lemma 53 s0∣\joinrel≈Kl\mspace1.0muα for arbitrary l≥k.
If [s0]=∅, then by Lemma 51 there are t1,…,tk terms such that s0∪{t1=n1,…,tk=nk} is obviously inconsistent for all ni∈Nti, and hence s0∣\joinrel≈Kl\mspace1.0muα for arbitrary l≥k.
Suppose [s0]⊨¬K\mspace1.0muαL.
Then [s0]⊨M\mspace1.0mu¬αL.
Then s0∣\joinrel≈Ml\mspace1.0mu¬α for arbitrary l≥k.
Then s0∣\joinrel≈Kl\mspace1.0mu¬¬α for arbitrary l≥k by Lemma 54.
Then s0∣\joinrel≈¬Kl\mspace1.0muα for arbitrary l≥k.
Suppose [s0]⊨M\mspace1.0muαL.
Then [s0]=∅, and by Lemma 53, s0∣\joinrel≈Ml\mspace1.0muα for arbitrary l≥k.
Suppose [s0]⊨¬M\mspace1.0muαL.
Then [s0]⊨K\mspace1.0mu¬αL.
Then s0∣\joinrel≈Kl\mspace1.0mu¬α for arbitrary l≥k.
Then s0∣\joinrel≈Ml\mspace1.0mu¬¬α for arbitrary l≥k by Lemma 54.
Then s0∣\joinrel≈¬Ml\mspace1.0muα for arbitrary l≥k.
Appendix E Representation Theorem
This section proves the limited version of Levesque’s representation theorem, Theorem 6.
A key lemma on the way is Lemma 64 about the RES operator.
E.1 The RES Operator
Definition 55** **
Let ϕ be proper+, T be a set of primitive terms, and ψ be objective.
Then RES[ϕ,T,Lk\mspace1.0muψ] is defined as follows:
if ψ mentions a free variable x:
⋁n∈Nx(ϕ)∪Nx(ψ)(x=n∧RES[ϕ,T,Lk\mspace1.0muψnx])∨
\big{(}\bigwedge_{n\in\mathcal{N}_{x}(\phi)\cup\mathcal{N}_{x}(\psi)}x\mathbin{\neq}n\land\mathsf{RES}[\phi,T,\mathbf{L}_{k}\mspace{1.0mu}\psi^{x}_{\hat{n}}]^{\hat{n}}_{x}\big{)}
where n^∈Nx∖(Nx(ϕ)∪Nx(ψ)) is a some new name;
if ψ mentions no free variables:
true if gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ, and ¬\textsctrue otherwise,
where true stands for ∃x\mspace1.0mux=x.
Definition 56** **
A name involution is a sort-preserving bijection ∗:N→N such that n∗∗=n.
Lemma 57** **
Suppose T(s0) and T(s1) are disjoint, and c∈UP(s0∪s1) mentions terms from T(si) or no terms at all.
Then c∈UP(si) or s1−i is obviously inconsistent.
Proof*. *
By induction on the length of the derivation of c.
For the base case, if c∈s0∪s1 mentions a term from T(si), then c∈UP(si).
For the induction step, suppose c is the unit propagation of c′,ℓ∈UP(s0∪s1).
First suppose ℓ is valid and c′ mentions terms from T(si).
By induction, c′∈UP(si).
Then c∈UP(si).
Since T(c)⊆T(c′) and if c is the empty clause then si is obviously inconsistent, the lemma follows.
Now suppose ℓ is invalid.
By induction, ℓ∈UP(si) or s1−i is obviously inconsistent.
Then s0 or s1 are obviously inconsistent.
Finally suppose ℓ is neither valid nor invalid.
Then ℓ must mention a term, and c′ must also mention that term.
By induction, c′,ℓ∈UP(si).
Then c∈UP(si).
Since T(c)⊆T(c′) and if c is the empty clause then si is obviously inconsistent, the lemma follows.
Lemma 58** **
Suppose T(c)∪T(s1) and T(s2) are disjoint.
Then c∈UP\textsuperscript+(s1∪s2) iff c∈UP\textsuperscript+(s1) or s2 is potentially inconsistent.
Proof*. *
The if direction is trivial.
Conversely, suppose c∈UP\textsuperscript+(s1∪s2).
Then c is subsumed by some c′∈UP(s1∪s2).
Then T(c′)⊆T(c).
By Lemma 57, c′∈UP(s1) or s2 is obviously inconsistent, and so the lemma holds.
Lemma 59** **
Let f(s)∈{UP(s),s\textsuperscript\textminus,s\textsuperscript+} and ∗ be a name involution.
Then f(s)∗=f(s∗).
Proof*. *
We first show UP(s)∗=UP(s∗).
For the ⊆ direction suppose c∗∈UP(s)∗.
Then c∈UP(s).
If c∈s or c is valid, then c∗∈s∗ or c∗ is valid, and hence c∗∈UP(s∗).
Otherwise c is the unit propagation of c′,ℓ∈UP(s), and then a trivial induction on the length of the derivation shows that then c′∗,ℓ∗∈UP(s∗) and then c∗∈UP(s∗).
For the ⊇ direction suppose c∗∈UP(s∗).
If c∗∈s∗ or c∗ is valid, then c∈s or c is valid, and then c∈UP(s) and thus c∗∈UP(s)∗.
Otherwise c is the unit propagation of c′∗,ℓ∗∈UP(s∗), and then a trivial induction on the length of the derivation shows that c′∗,ℓ∗∈UP(s)∗, and then c′,ℓ∈UP(s), and so c∈UP(s) and c∗∈UP(s)∗.
Now we show that (s\textsuperscript\textminus)∗=(s∗)\textsuperscript\textminus.
We have c∗∈(s\textsuperscript\textminus)∗ iff c∈s\textsuperscript\textminus iff no other clause in s subsumes c iff no other clause in s∗ subsumes c∗ iff c∗∈(s∗)\textsuperscript\textminus.
Finally we show that (s\textsuperscript+)∗=(s∗)\textsuperscript+.
We have c∗∈(s\textsuperscript+)∗ iff c∈s\textsuperscript+ iff some clause in s subsumes c iff some clause in s∗ subsumes c∗ iff c∗∈(s∗)\textsuperscript+.
Lemma 60** **
Let ψ be objective, ∗ be a name involution and T(s0′) be disjoint from T(s0)∪T(gnd(ψ)).
Then ⋅,s0∪s0′∣\joinrel≈ψ iff ⋅,s0∗∪s0′∣\joinrel≈ψ∗.
Proof*. *
By induction on ∣ψ∣.
For the base case consider a clause c.
By assumption, T(c)⊆T(gnd(ψ)).
Then ⋅,s0∪s0′∣\joinrel≈c iff c∈UP\textsuperscript+(s0∪s0′) iff (by Lemma 58) c∈UP\textsuperscript+(s0) or s0′ is obviously inconsistent iff c∗∈UP\textsuperscript+(s0)∗ or s0′ is obviously inconsistent iff (by Lemma 59) c∗∈UP\textsuperscript+(s0∗) is obviously inconsistent iff (by Lemma 58) ⋅,s0∗∪s0′∣\joinrel≈c∗.
The induction steps for ¬(α∨β), ∃x\mspace1.0muα, ¬∃x\mspace1.0muα, and ¬¬α are trivial.
Corollary 61** **
Let ψ be objective and ∗ be a name involution.
Then ∣\joinrel≈ψ iff ∣\joinrel≈ψ∗.
Proof*. *
Follows from Lemma 60 for s0′=∅.
Lemma 62** **
Let ψ be objective, ∗ be a name involution, and T(s0′) be disjoint from T(s0)∪T(gnd(ψ)).
Then s0∪s0′∣\joinrel≈Lk\mspace1.0muψ iff s0∗∪s0′∣\joinrel≈Lk\mspace1.0muψ∗.
Proof*. *
We show s0∪s0′,⋅,v∪v′∣\joinrel≈Lk\mspace1.0muψ iff s0∗∪s0′,⋅,v∗∪v′∣\joinrel≈Lk\mspace1.0muψ∗ where T(v′) are disjoint from T(s0)∪T(gnd(ψ))∪T(v).
The proof is by induction on k.
For the base case consider k=0.
By Lemma 60, ⋅,s0∪s0′∪v∪v′∣\joinrel≈ψ iff ⋅,s0∗∪s0′∪v∗∪v′∣\joinrel≈ψ∗.
Moreover, s0∪s0′∪v∪v′ is obviously/potentially inconsistent iff (by Lemma 58) s0∪v or s0′∪v′ is obviously/potentially inconsistent iff (by Lemma 59) s0∗∪v∗ or s0′∪v′ is obviously/potentially inconsistent.
Thus s0∪s0′,⋅,v∪v′∣\joinrel≈L0\mspace1.0muψ iff s0∗∪s0′,⋅,v∗∪v′∣\joinrel≈L0\mspace1.0muψ∗.
Now consider k+1 and suppose s0∪s0′,⋅,v∪v′∣\joinrel≈Kk\mspace1.0muψ iff s0∗∪s0′,⋅,v∗∪v′∣\joinrel≈Kk\mspace1.0muψ∗.
Then s0∪s0′,⋅,v∪v′∣\joinrel≈Kk+1\mspace1.0muψ iff for some t and all n∈Nt, s0∪s0′,⋅,v∪v′∪{t=n}∣\joinrel≈Kk\mspace1.0muψ iff (by induction) for some t and all n∈Nt, s0∗∪s0′,⋅,(v∪{t=n})∗∪v′∣\joinrel≈Kk\mspace1.0muψ∗ or s0∗∪s0′,⋅,v∗∪(v′∪{t=n})∣\joinrel≈Kk\mspace1.0muψ∗ iff s0∗∪s0′,⋅,v∗∪v′∣\joinrel≈Kk+1\mspace1.0muψ∗.
Now consider k+1 and suppose s0∪s0′,⋅,v∪v′∣\joinrel≈Mk\mspace1.0muψ iff s0∗∪s0′,⋅,v∗∪v′∣\joinrel≈Mk\mspace1.0muψ∗.
Then s0∪s0′,⋅,v∪v′∣\joinrel≈Mk+1\mspace1.0muψ iff for some t and n∈Nt, s0∪s0′,⋅,v∪{t=n}∪v′∣\joinrel≈Mk\mspace1.0muψ or s0∪s0′,⋅,(v⊎s0(t=n))∪v′∣\joinrel≈Mk\mspace1.0muψ or s0∪s0′,⋅,v∪(v′⊎s0′(t=n))∣\joinrel≈Mk\mspace1.0muψ iff (by induction and Lemma 59) for some t and all n∈Nt, s0∗∪s0′,⋅,(v∪{t=n})∗∪v′∣\joinrel≈Mk\mspace1.0muψ∗ or s0∗∪s0′,⋅,v∪(v′∪{t=n})∣\joinrel≈Mk\mspace1.0muψ∗ or s0∗∪s0′,⋅,(v∗⊎s0∗(t∗=n∗))∪v′∣\joinrel≈Mk\mspace1.0muψ or s0∗∪s0′,⋅,v∪(v′⊎s0′(t=n))∣\joinrel≈Mk\mspace1.0muψ iff s0∗∪s0′,⋅,v∗∪v′∣\joinrel≈Mk+1\mspace1.0muψ∗.
Lemma 63** **
Let ϕ be proper+, T=T or T=T(gnd(α))⊇T(gnd(ψ)) for some α be a set of primitive terms, ψ be objective, and ∗ be a name involution that leaves the names in ϕ unchanged.
Then gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ iff gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ∗.
Proof*. *
First consider T=T.
Then gnd(ϕ)∣T=UP\textsuperscript\textminus(gnd(ϕ)).
Since gnd(ϕ)=gnd(ϕ)∗ and by Lemma 59, we have UP\textsuperscript\textminus(gnd(ϕ))=UP\textsuperscript\textminus(gnd(ϕ))∗.
Thus gnd(ϕ)∣T=gnd(ϕ)∣T∗ and the lemma follows from Lemma 62.
Now consider T=T(gnd(α)) for some α such that T(gnd(α))⊇T(gnd(ψ)).
Let s0 be the least set such that if c∈UP\textsuperscript\textminus(gnd(ϕ)) and c mentions a term from T(gnd(ψ)) or shares a term with another clause in s0, then c∈s0.
Let s0′ be UP\textsuperscript\textminus(gnd(ϕ)∣T)∖s0.
By construction, T(s0′) is disjoint from T(s0)∪T(gnd(ψ)) ().
Furthermore, s0∗ is the least set such that if c∈UP\textsuperscript\textminus(gnd(ϕ))∗ and c mentions a term from T(gnd(ψ))∗ or shares a term with another clause in s0∗, then c∈s0∗; by Lemma 59 and since gnd(ϕ)=gnd(ϕ)∗, this is the least set such that if c∈UP\textsuperscript\textminus(gnd(ϕ)) and c mentions a term from T(gnd(ψ)) or shares a term with another clause in s0∗, then c∈s0∗; and hence s0=s0∗ (**).
Then gnd(ϕ)T∣\joinrel≈Lk\mspace1.0muψ iff s0∪s0′∣\joinrel≈Lk\mspace1.0muψ iff (by () and Lemma 62) s0∗∪s0′∣\joinrel≈Lk\mspace1.0muψ∗ iff (by (**)) s0∪s0′∣\joinrel≈Lk\mspace1.0muψ∗ iff gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ∗.
Lemma 64** **
Let ϕ be proper+, T=T or T=T(gnd(α))⊇T(gnd(ψ)) for some α be a set of primitive terms, and ψ be objective.
Then gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψn1…njx1…xj iff ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψ]n1…njx1…xj.
Proof*. *
By induction on j.
For the base case, ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψ] iff ∣\joinrel≈\textsctrue if gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ and otherwise ∣\joinrel≈¬\textsctrue iff gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ.
For the base case, suppose j>0 and ψn1x1 satisfies the lemma for every n1∈Nx1.
Consider RES[ϕ,T,Lk\mspace1.0muψ]n1…njx1…xj.
If n1 occurs in ϕ or ψ, then all but one of the disjuncts in RES[ϕ,T,Lk\mspace1.0muψ]n1…njx1…xj are false, and we have ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψ]n1…njx1…xj iff ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψn1x]n2…njx2…xj iff (by induction) gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψn1…njx1…xj.
If n1 does not occur in ϕ or ψ, then all but the last disjuncts in RES[ϕ,T,Lk\mspace1.0muψ]n1…njx1…xj are false, and the last disjunct simplifies to ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψn^x1]x1n1…njn^1x1…xj.
As RES[ϕ,T,Lk\mspace1.0muψn^x1]x1n^ mentions neither n^ nor n1, we can apply an involution that swaps n^ and n1 and leaves everything else unchanged, and ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψn^x1]x1n1…njn^1x1…xj iff (by Corollary 61) ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψn^x1]x1n1∗…nj∗n^1x1…xj iff (since n1∗=n^) iff ∣\joinrel≈RES[ϕ,T,Lk\mspace1.0muψn^x1]n2∗…nj∗x2…xj iff (by induction) gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψn^1n2∗…nj∗x1x2…xj iff (by Lemma 63) gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψn1…njx1…xj.
E.2 The ∥⋅∥ Operator
Definition 65** **
Let ϕ be proper+, T be a set of primitive terms, and α without O\mspace1.0mu.
Then ∥α∥ϕ,T is defined as follows:
∥t=t′∥ϕ,T is t=t′;
∥¬α∥ϕ,T is ¬∥α∥ϕ,T;
∥(α∨β)∥ϕ,T is (∥α∥ϕ,T∨∥β∥ϕ,T);
∥∃x\mspace1.0muα∥ϕ,T is ∃x\mspace1.0mu∥α∥ϕ,T;
∥Lk\mspace1.0muα∥ϕ,T is RES[ϕ,T,Lk\mspace1.0mu∥α∥ϕ,T];
∥G\mspace1.0muα∥ϕ,T is ∥α∥ϕ,T∩T(gnd(α)).
Lemma 66** **
Let ϕ be proper+, T=T or T=T(gnd(α))⊇T(gnd(σ)) for some α be a set of primitive terms, and σ be subjective and without O\mspace1.0mu.
Then gnd(ϕ)∣T∣\joinrel≈σn1…njx1…xj iff ∣\joinrel≈∥σ∥ϕ,Tn1…njx1…xj.
Proof*. *
We show gnd(ϕ)∣T,s∣\joinrel≈αn1…njx1…xj iff ⋅,s∣\joinrel≈∥α∥ϕ,Tn1…njx1…xj by induction on ∣α∣.
The non-modal cases are trivial since ∥⋅∥ does not introduce any new clauses.
Consider Lk\mspace1.0muα.
Then gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muαn1…njx1…xj iff (by reducing Lk\mspace1.0mu) for certain sets of split literals v, gnd(ϕ)∣T∪v is obviously/not potentially inconsistent or/and ⋅,gnd(ϕ)∣T∪v∣\joinrel≈αn1…njx1…xj iff (by induction) for these v, gnd(ϕ)∣T∪v is obviously/not potentially inconsistent or/and ⋅,gnd(ϕ)∣T∪v∣\joinrel≈∥α∥ϕ,Tn1…njx1…xj iff (by reversing the steps to reduce Lk\mspace1.0mu) gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0mu∥α∥ϕ,Tn1…njx1…xj iff (since ∥α∥ϕ,Tn1…njx1…xj is objective, by Lemma 64) gnd(ϕ)∣T∣\joinrel≈RES[ϕ,T,Lk\mspace1.0mu∥α∥ϕ,T]n1…njx1…xj iff gnd(ϕ)∣T∣\joinrel≈∥Lk\mspace1.0muα∥ϕ,Tn1…njx1…xj.
Consider G\mspace1.0muα.
Then gnd(ϕ)∣T∣\joinrel≈G\mspace1.0muαn1…njx1…xj iff (gnd(ϕ)∣T)T(gnd(α))∣\joinrel≈αn1…njx1…xj iff gnd(ϕ)∣T∩T(gnd(α))∣\joinrel≈αn1…njx1…xj iff (by induction) ∣\joinrel≈∥α∥ϕ,T∩T(gnd(α))n1…njx1…xj iff ⊨∥G\mspace1.0muα∥ϕ,Tn1…njx1…xj.
**Theorem 6 (Representation theorem) **
Let ϕ be proper+, σ be subjective and without O\mspace1.0mu.
Then O\mspace1.0muϕ∣\joinrel≈σ iff ∣\joinrel≈∥σ∥ϕ,T.
Proof*. *
O\mspace1.0muϕ∣\joinrel≈σ iff (by Theorem 38) gnd(ϕ)∣\joinrel≈σ iff (by Lemma 36) gnd(ϕ)∣T∣\joinrel≈σ iff (by Lemma 66) ∣\joinrel≈∥σ∥ϕ,T.
Appendix F Decidability
This section proves the decidability result Theorem 4.
First we show that only finitely many literals need to be considered for both Kk\mspace1.0mu and Mk\mspace1.0mu.
Next we show that finite groundings of proper+ knowledge bases suffice.
Then we put these results together to define a decision procedure.
Definition 67** **
For a term t, let Vt(α) be the maximum number of free variables in any subformula of α.
Then we define the following sets of names:
\mathcal{N}_{t\bullet}(\alpha)=\mathcal{N}_{t}(\alpha)\cap\{n\mid\text{t\mathbin{=}nort\mathbin{\neq}nisasubformulaofanelementof\mathsf{gnd}(\alpha)}\};
Nt+p(α)=Nt(α)∪{n1,…,np∈Nt∖Nt(α)};
Nt∙+p(α)=Nt∙(α)∪{n1,…,np∈Nt∖Nt(α)};
Nt+v+p(α)=Nt+Vt(α)+p(α);
Nt∙+v+p(α)=Nt∙+Vt(α)+p(α).
(To make Nt+p(α),Nt∙+p(α) well-defined, we assume np are the minimal names w.r.t. some preorder < that do not occur in Nt(α)).
Let N+p(α)=⋃tNt+p(α) and N+v+p(α)=⋃tN+v+p(α).
These definitions naturally extend to sets of formulas and terms; when the set is finite, we sometimes omit the brackets.
F.1 Finite Splitting for Kk\mspace1.0mu
Lemma 68** **
Let ϕ be proper+, ψ be objective, and n1∈Nt∖Nt∙(ϕ,ψ,t) and n2∈Nt∖Nt(ϕ,ψ,t).
Then gnd(ϕ),⋅,{t=n1}∣\joinrel≈Lk\mspace1.0muψ iff gnd(ϕ),⋅,{t=n2}∣\joinrel≈Lk\mspace1.0muψ.
Proof*. *
Since n1∈Nt∖Nt∙+0(ϕ,ψ,t), we have either n1∈Nt∖Nt(ϕ,ψ,t) or n1∈Nt(ϕ,ψ,t) but t=n1 and t=n1 are no subformulas of gnd(ϕ,ψ,t).
First suppose n1∈Nt∖Nt(ϕ,ψ,t).
Let ∗ be the name involution that swaps n1 and n2 and leaves all other names unchanged.
Then gnd(ϕ),⋅,{t=n1}∣\joinrel≈Lk\mspace1.0muψ iff gnd(ϕ)∗,⋅,{t=n1}∗∣\joinrel≈Lk\mspace1.0muψ∗ iff gnd(ϕ),⋅,{t=n2}∣\joinrel≈Lk\mspace1.0muψ.
Now suppose n1∈Nt(ϕ,ψ,t) but t=n1 and t=n1 are no subformulas of gnd(ϕ,ψ,t).
First we show that if UP(gnd(ϕ)∪{t=n1})∖{t=n1}=UP(gnd(ϕ)∪{t=n2})∖{t=n2}, and c∈(UP(gnd(ϕ)∪{t=n1})∖{t=n1})∪(UP(gnd(ϕ)∪{t=n2})∖{t=n1}) contains neither t=n1, t=n1, t=n2, nor t=n2 by induction on the length of the derivation of c.
For the base case, c∈UP0(gnd(ϕ)∪{t=n1})∖{t=n1} iff c is a valid literal or gnd(ϕ) iff c∈UP0(gnd(ϕ)∪{t=n2})∖{t=n2}.
Moreover, c contains neither t=n1 nor t=n2.
Finally suppose c contains t=n2 or t=n2; since neither is valid, c∈gnd(ϕ), and since n2∈Tt∖Tt(ϕ,ψ,t), there c must contain a literal t=x or t=x; then, however, c also mentions t=n1 or t=n1, which contradicts the assumption.
Hence c also mentions neither t=n2 nor t=n2.
Now suppose c∈UPk+1(gnd(ϕ)∪{t=n1})∖(UPk(gnd(ϕ)∪{t=n1}).
Then c is the resolution of c′,ℓ∈UPk(gnd(ϕ)∪t=n1).
By induction, we have four cases concerning c′,ℓ:
Case 1: c′,ℓ∈UPk(gnd(ϕ)∪{t=n2}) and c′,ℓ contain neither t=n1, t=n1, t=n2, nor t=n2.
Then also c∈UPk+1(gnd(ϕ)∪{t=n2}), and c contains neither t=n1, t=n1, t=n2, nor t=n2.
Case 2: c′∈UPk(gnd(ϕ)∪{t=n2}) and c′ contains neither t=n1, t=n1, t=n2, nor t=n2, and ℓ is t=n1.
Then all literals in c′ complementary to ℓ are of the form t=n for n distinct from n1.
By assumption, all these literals are distinct from t=n2.
Hence c is the unit propagation of c′ and t=n2, and hence c∈UPk+1(gnd(ϕ)∪{t=n2}) and c contains neither t=n1, t=n1, t=n2, nor t=n2.
Case 3: ℓ∈UPk(gnd(ϕ)∪{t=n2}) and ℓ is neither t=n1, t=n1, t=n2, nor t=n2, and c′ is t=n1.
This is just a special case of Case 2.
Case 4: c′,ℓ both are t=n1.
This contradicts the assumption that c is the unit propagation of c′,ℓ.
Now suppose c∈UPk+1(gnd(ϕ)∪{t=n2})∖(UPk(gnd(ϕ)∪{t=n2}).
Then c is the resolution of c′,ℓ∈UPk(gnd(ϕ)∪t=n2).
By induction, we have two different cases concerning c′,ℓ:
Case 1: c′,ℓ∈UPk(gnd(ϕ)∪{t=n1}) and c′,ℓ contain neither t=n1, t=n1, t=n2, nor t=n2.
Then also c∈UPk+1(gnd(ϕ)∪{t=n1}), and c contains neither t=n1, t=n1, t=n2, nor t=n2.
Case 2: c′∈UPk(gnd(ϕ)∪{t=n1}) and c′ contains neither t=n1, t=n1, t=n2, nor t=n2, and ℓ is t=n2.
Then all literals in c′ complementary to ℓ are of the form t=n for n distinct from n2.
By assumption, all these literals are distinct from t=n1.
Hence c is the unit propagation of c′ and t=n1, and hence c∈UPk+1(gnd(ϕ)∪{t=n1}) and c contains neither t=n1, t=n1, t=n2, nor t=n2.
Case 3: ℓ∈UPk(gnd(ϕ)∪{t=n1}) and ℓ is neither t=n1, t=n1, t=n2, nor t=n2, and c′ is t=n2.
This is just a special case of Case 2.
Case 4: c′,ℓ both are t=n2.
This contradicts the assumption that c is the unit propagation of c′,ℓ.
Since no clause in UP(gnd(ϕ)∪{t=ni})∖{t=ni} mentions t=ni, both gnd(ϕ)∪{t=n1} is potentially inconsistent iff gnd(ϕ)∪{t=n2} is not potentially inconsistent.
An induction on k and subinduction on ∣ψ∣ then shows that gnd(ϕ),⋅,{t=n1}∣\joinrel≈Lk\mspace1.0muψ iff gnd(ϕ),⋅,{t=n2}∣\joinrel≈Lk\mspace1.0muψ.
Lemma 69** **
Let ϕ be proper+ and ψ be objective.
Then gnd(ϕ)∣\joinrel≈Kk+1\mspace1.0muψ iff for some t∈T, for all n∈Nt, gnd(ϕ∧t=n)∣\joinrel≈Kk\mspace1.0muψ.
Proof*. *
We show by induction on k that gnd(ϕ),⋅,{t=n}∪v∣\joinrel≈Kk\mspace1.0muψ iff gnd(ϕ∧t=n),⋅,v∣\joinrel≈Kk\mspace1.0muψ.
The base case follows by a simple subinduction on ∣ψ∣ since gnd(ϕ)∪{t=n}∪v=gnd(ϕ∧t=n)∪v.
For the induction step, gnd(ϕ),⋅,{t=n}∪v∣\joinrel≈Kk+1\mspace1.0muψ iff for some t′∈T, for all n′∈Nt′, gnd(ϕ),⋅,{t=n}∪v∪{t′=n′}∣\joinrel≈Kk\mspace1.0muψ iff (by induction) for some t′∈T, for all n′∈Nt′, gnd(ϕ∧t=n),⋅,v∪{t′=n′}∣\joinrel≈Kk\mspace1.0muψ iff gnd(ϕ∧t=n),⋅,v∣\joinrel≈Kk+1\mspace1.0muψ.
Since gnd(ϕ)∣\joinrel≈Kk+1\mspace1.0muψ iff for some t∈T, for all n∈Nt, gnd(ϕ),⋅,∅∪{t=n}∣\joinrel≈Kk\mspace1.0muψ, the lemma follows by the above statement.
Lemma 70** **
Let ϕ be proper+, ψ be objective.
Then gnd(ϕ)∣\joinrel≈Kk+1\mspace1.0muψ iff for some t∈T(gndN+v+0(ϕ,ψ)(ϕ,ψ)), for all n∈Nt∙+1(ϕ,ψ,t), gnd(ϕ∧t=n)∣\joinrel≈Kk\mspace1.0muψ.
Proof*. *
First we show that gnd(ϕ)∣\joinrel≈Kk+1\mspace1.0muψ iff for some t∈T(gndN+v+0(ϕ,ψ)(ϕ,ψ)), for all n∈Nt, gnd(ϕ∧t=n)∣\joinrel≈Kk\mspace1.0muψ.
The if direction immediately follows by the semantics.
Conversely, suppose gnd(ϕ)∣\joinrel≈Kk+1\mspace1.0muψ.
Then for some t∈T, for all n∈Nt, gnd(ϕ),⋅,{t=n}∣\joinrel≈Kk\mspace1.0muψ.
Then there is such a t with t∈T(gnd(ϕ,ψ)), for otherwise t=n cannot be complementary to or subsume any literal occurring in gnd(ϕ,ψ).
In particular, then t mentions at most Vn′(ϕ,ψ) names of the same sort as n′ that do not occur in ϕ or ψ.
Let ∗ be a name involution that swaps these n′∈N(t)∖N(ϕ,ψ) with some n′∗∈Nn′+v+0(ϕ,ψ) and leaves all other names unchanged.
Then t∗∈T(gndN+v+0(ϕ,ψ)(ϕ,ψ)), and for every n∈Nt, gnd(ϕ),⋅,{t=n}∣\joinrel≈Kk\mspace1.0muψ iff for every n∈Nt, gnd(ϕ)∗,⋅,{t∗=n∗}∣\joinrel≈Kk\mspace1.0muψ iff for every n∈Nt, gnd(ϕ),⋅,{t∗=n}∣\joinrel≈Kk\mspace1.0muψ iff (by Lemma 69) for every n∈Nt, gnd(ϕ∧t∗=n)∣\joinrel≈Kk\mspace1.0muψ.
Next we show that gnd(ϕ)∣\joinrel≈Kk+1\mspace1.0muψ iff for some t∈T, for all n∈Nt+1(ϕ,ψ,t), gnd(ϕ∧t=n)∣\joinrel≈Kk\mspace1.0muψ.
The only-if direction immediately follows by the semantics.
Conversely, suppose for some t∈T, for all n∈Nt∙+1(ϕ,ψ,t), gnd(ϕ∧t=n)∣\joinrel≈Kk\mspace1.0muψ.
By Lemma 69, for all n∈Nt∙+1(ϕ,ψ,t), gnd(ϕ),⋅,{t=n}∣\joinrel≈Kk\mspace1.0muψ.
Let {n^}=Nt∙+1(ϕ,ψ,t)∖Nt∙(ϕ,ψ,t); then n^∈Nt∖Nt(ϕ,ψ,t) and gnd(ϕ),⋅,{t=n^}∣\joinrel≈Kk\mspace1.0muψ, and by Lemma 68, for all n∈Nt∖Nt∙(ϕ,ψ,t), gnd(ϕ),⋅,{t=n}∣\joinrel≈Kk\mspace1.0muψ.
Hence for every name n∈Nt, gnd(ϕ),⋅,{t=n}∣\joinrel≈Kk\mspace1.0muψ.
Thus gnd(ϕ)∣\joinrel≈Kk+1\mspace1.0muψ.
F.2 Finite Splitting for Mk\mspace1.0mu
Definition 71** **
Let ϕ be proper+ and ℓ be a literal t=n.
Let Φ be the least set such that if ℓ,ℓ^ are isomorphic and ¬ℓ^∈/UP(gnd(ϕ)), then ⋁1≤i≤j,n∈N(ϕ)xi=n∨⋁1≤i1<i2≤jxi1=xi2∨ℓ^x1…xjn1…nj∈Φ where {n1,…,nj}∈N(ℓ^)∖N(ϕ) and x1,…,xj are variables of corresponding sort.
Then ϕ⊎ℓ is defined as {ϕ}∪Φ.
Lemma 72** **
Let ϕ be proper+ and ℓ be a literal t=n.
Then ϕ⊎ℓ is finite (modulo variable renamings) and a well-defined formula, N(ϕ⊎ℓ)=N(ϕ), and V(ϕ⊎ℓ)≤max{V(ϕ),∣t∣+1}, where ∣t∣+1 is the arity of t.
Proof*. *
Assume the notation from the definition of ϕ⊎ℓ.
Since N(ϕ) is finite, every element in Φ is a well-defined formula.
Since there are only finitely many variables in ℓx1…xjn1…nj, the set Φ must be finite as well (modulo variable renamings).
Hence ϕ⊎ℓ is a well-defined formula.
Since Φ introduces no new names, N(ϕ⊎ℓ)=N(ϕ), and since the clauses in Φ contain at most ∣t∣+1 variables, V(ϕ⊎ℓ)≤max{V(ϕ),∣t∣+1}.
Lemma 73** **
Let ϕ be proper+ and ℓ be a literal t=n.
Then UP\textsuperscript\textminus(gnd((ϕ⊎ℓ)∖{ϕ}))=∅⊎gnd(ϕ)ℓ.
Proof*. *
First we show the ⊆ direction.
By construction, every clause in UP(gnd((ϕ⊎ℓ)∖{ϕ})) is either a unit clause or subsumed by a unit clause.
Hence UP\textsuperscript\textminus(gnd((ϕ⊎ℓ)∖{ϕ})) only contains literals ℓ~ of the form (ℓ^x1…xjn1…nj)n1′…nj′x1…xj, where ℓ^ is isomorphic to ℓ, ¬ℓ^∈/UP(gnd(ϕ)), {n1,…,nj}=N(ℓ^)∖N(ϕ), ni′∈/N(ϕ), and ni1′=ni2′ for i1=i2.
Let ∗ be the involution that swaps ni′ and ni.
Then ℓ^ is identical to ℓ~∗, so ℓ^,ℓ~ are isomorphic.
Moreover, ¬ℓ^∈/UP(gnd(ϕ)), so ¬ℓ~∈/UP(gnd(ϕ))∗, and by Lemma 59, ¬ℓ~∈/UP(gnd(ϕ)).
Hence, ℓ~∈∅⊎gnd(ϕ)ℓ.
For the ⊇ direction suppose ℓ^∈∅⊎gnd(ϕ)ℓ.
Then ℓ,ℓ^ are isomorphic and ¬ℓ^∈/UP\textsuperscript+(gnd(ϕ)).
Then ⋁1≤i≤j,n∈N(ϕ)xi=n∨⋁1≤i1<i2≤jxi1=xi2∨ℓ^x1…xjn1…nj∈(ϕ⊎ℓ)∖{ϕ} where {n1,…,nj}∈N(ℓ^)∖N(ϕ) and x1,…,xj are variables of corresponding sort, and hence ℓ^∈UP(gnd((ϕ⊎ℓ)∖{ϕ})).
Lemma 74** **
Let ϕ be proper+.
Then UP\textsuperscript+(gnd(ϕ⊎(t=n)))=UP\textsuperscript+(gnd(ϕ)∪(∅⊎gnd(ϕ)(t=n))).
Proof*. *
By Lemma 73, UP\textsuperscript+(gnd(ϕ)∪(∅⊎gnd(ϕ)ℓ))=UP\textsuperscript+(gnd(ϕ)∪UP\textsuperscript\textminus(gnd((ϕ⊎ℓ)∖{ϕ}))), and by Lemma 33, UP\textsuperscript+(gnd(ϕ)∪UP\textsuperscript\textminus(gnd((ϕ⊎ℓ)∖{ϕ})))=UP\textsuperscript+(gnd(ϕ)∪gnd((ϕ⊎ℓ)∖{ϕ}))=UP\textsuperscript+(gnd(ϕ⊎ℓ)).
Lemma 75** **
Let ϕ be proper+ and ψ be objective.
Then gnd(ϕ)∣\joinrel≈Mk+1\mspace1.0muψ iff for some t∈T and n∈Nt, gnd(ϕ∧t=n)∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ⊎(t=n))∣\joinrel≈Mk\mspace1.0muψ.
Proof*. *
Precisely analogous to the proof of Lemma 69, we gnd(ϕ),⋅,{t=n}∪v∣\joinrel≈Mk\mspace1.0muψ iff gnd(ϕ∧t=n),⋅,v∣\joinrel≈Mk\mspace1.0muψ.
Additionally, we show by induction on k that gnd(ϕ),⋅,(∅⊎gnd(ϕ)(t=n))∪v∣\joinrel≈Mk\mspace1.0muψ iff gnd(ϕ⊎(t=n)),⋅,v∣\joinrel≈Mk\mspace1.0muψ.
The base case follows by a simple subinduction on ∣ψ∣ since UP\textsuperscript+(gnd(ϕ)∪(∅⊎gnd(ϕ)(t=n))∪v)=UP\textsuperscript+(gnd(ϕ⊎(t=n))∪v) by Lemmas 33 and 74.
For the induction step, gnd(ϕ),⋅,(∅⊎gnd(ϕ)(t=n))∪v∣\joinrel≈Mk+1\mspace1.0muψ iff for some t′∈T and n′∈Nt′, gnd(ϕ),⋅,(∅⊎gnd(ϕ)(t=n))∪v∪{t′=n′}∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ),⋅,((∅⊎gnd(ϕ)(t=n))∪v)⊎gnd(ϕ)(t′=n′)∣\joinrel≈Mk\mspace1.0muψ iff (by induction and definition of ⊎gnd(ϕ)) for some t′∈T and n′∈Nt′, gnd(ϕ⊎(t=n)),⋅,v∪{t′=n′}∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ),⋅,v⊎gnd(ϕ)(t′=n′)∣\joinrel≈Mk\mspace1.0muψ iff gnd(ϕ⊎(t=n),⋅,v∣\joinrel≈Mk+1\mspace1.0muψ.
Since gnd(ϕ)∣\joinrel≈Mk+1\mspace1.0muψ iff for some t∈T and n∈Nt, gnd(ϕ),⋅,∅∪{t=n}∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ),⋅,∅⊎gnd(ϕ)(t=n)∣\joinrel≈Mk\mspace1.0muψ, the lemma follows by the above statement.
Lemma 76** **
Let ϕ be proper+, ψ be objective.
Then gnd(ϕ)∣\joinrel≈Mk+1\mspace1.0muψ iff for some t∈T(gndN+v+0(ϕ,ψ)(ϕ,ψ)) and some n∈Nt∙+1(ϕ,ψ,t), gnd(ϕ∧t=n)∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ⊎(t=n))∣\joinrel≈Mk\mspace1.0muψ.
Proof*. *
The if direction immediately follows from the definition of the semantics.
For the converse direction, suppose gnd(ϕ)∣\joinrel≈Mk+1\mspace1.0muψ.
Then for some t∈T and n∈Nt, gnd(ϕ),⋅,{t=n}∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ),⋅,∅⊎gnd(ϕ)(t=n)∣\joinrel≈Mk\mspace1.0muψ.
Then there is such a t with t∈T(gnd(ϕ,ψ)) and n∈N(gnd(ϕ,ψ)), for otherwise t=n cannot be complementary to or subsume any literal occurring in gnd(ϕ,ψ).
In particular, then t mentions at most Vn′(ϕ,ψ) names of the same sort as n′ that do not occur in ϕ or ψ.
Let ∗ be a name involution that swaps these n′∈N(t)∖N(ϕ,ψ) with some n′∗∈Nn′+v+0(ϕ,ψ) and swaps n in case it is not in N(t) with the name Nt∗∙+1(ϕ,ψ,t∗)∖Nt∗∙(ϕ,ψ,t∗) and leaves all other names unchanged.
Then t∗∈T(gndN+v+0(ϕ,ψ)(ϕ,ψ)) and n∗∈Nt∗∙+1(ϕ,ψ,t∗), and gnd(ϕ),⋅,{t=n}∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ),⋅,∅⊎gnd(ϕ)(t=n)∣\joinrel≈Mk\mspace1.0muψ iff gnd(ϕ)∗,⋅,{t∗=n∗}∣\joinrel≈Mk\mspace1.0muψ∗ or gnd(ϕ)∗,⋅,∅⊎gnd(ϕ)∗(t∗=n∗)∣\joinrel≈Mk\mspace1.0muψ∗ iff gnd(ϕ),⋅,{t∗=n∗}∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ),⋅,∅⊎gnd(ϕ)(t∗=n∗)∣\joinrel≈Mk\mspace1.0muψ iff (by Lemma 75) gnd(ϕ∧t∗=n∗)∣\joinrel≈Mk\mspace1.0muψ or gnd(ϕ⊎t∗=n∗)∣\joinrel≈Mk\mspace1.0muψ.
F.3 Finite Setup
Lemma 77** **
Let ϕ be proper+, α be some formula, and c be a clause.
Suppose ∣Nt(c)∖Nt(ϕ,α)∣≤Vt(ϕ) for every term t.
Let ∗ be an involution that swaps every n∈N(c)∖N(ϕ,α) with a name n∗∈Nn+v+1(ϕ,α)∖Nn(ϕ,α) and leaves all names in N(ϕ,α) unchanged.
Then c∈UP(gnd(ϕ)) implies c∗∈UP(gndN+v+1(ϕ,α)(ϕ)).
Proof*. *
We show by induction on k that when c∈UPk(gnd(ϕ))\textsuperscript\textminus and ∗ is a bijection that swaps every n∈N(c)∖N(ϕ,α) with an n∗∈Nn+v+1(ϕ,α)∖Nn(ϕ,α) and leaves the rest unchanged, then c∗∈UPk(gndN+v+1(ϕ,α)(ϕ)).
First consider the base case k=0.
If c is a valid literal, then c∗ is a valid literal as well, and hence c∗∈UP(gndN+v+1(ϕ,α)(ϕ)).
Otherwise, c∈gnd(ϕ), so c=(ci)n1…njx1…xj for some ci and n1,…,nj.
Then c∗=(ci)n1∗…nj∗x1…xj, and hence c∗∈UP(gndN+v+1(ϕ,α)(ϕ)).
Now suppose the claim holds for k and suppose c∈UPk+1(gnd(ϕ))\textsuperscript\textminus and ∗ is a bijection that swaps every n∈N(c)∖N(ϕ,α) with an n∗∈Nn+v+1(ϕ,α)∖Nn(ϕ,α) and leaves the rest unchanged.
Now suppose c is the unit propagation of c′,ℓ∈UP(gnd(ϕ)).
By Lemmas 10 and 17, either c′ or ℓ must not be valid; without loss of generality suppose that c′ is not valid.
We have the following cases:
-
ℓ is of the form t=n1 and c′ contains t=n1, or alternatively ℓ is of the form t=n1 and c′ contains t=n1.
Let ∘ be the involution such that n∘ is n∗ for every n∈N(c)∖N(ϕ,α) and that furthermore swaps every n∈N(ℓ)∖N(ϕ,α) with n∘∈Nn+v+1(ϕ,α)∖Nn(ϕ,α) and leaves the rest unchanged.
Such an involution exists because Nt(c′)⊇Nt(ℓ) and ∣Nt(c′)∖Nt(ϕ,α)∣≤∣Nt+v+1(ϕ,α)∖Nt(ϕ,α)∣.
Then ∘ is an involution that swaps all n∈N(c′)∖N(ϕ,α) with n∘∈Nn+v+1(ϕ,α)∖Nn(ϕ,α).
By induction, c′∘,ℓ∘∈UPk(gndN+v+1(ϕ,α)(ϕ)).
Since c∗ is the unit propagation of c′∘ and ℓ∘, we have c∗∈UPk+1(gndN+v+1(ϕ,α)(ϕ)).
2. 2.
ℓ is of the form t=n1 and c′ contains at least one literal of the form t=n2.
Let ∘ be the involution such that n∘ is n∗ for every n∈N(c)∖N(ϕ,α) and that furthermore swaps every n∈(N(ℓ)∪N(c′))∖(N(c)∪N(ϕ,α)) with n∘∈Nn+v+1(ϕ,α)∖Nn(ϕ,α) and leaves the rest unchanged.
Such an involution exists because Nt(c′)⊇(Nt(ℓ)∖{n1}) and ∣(Nt(c′)∪{n1})∖Nt(ϕ,α)∣≤∣Nt+v+1(ϕ,α)∖Nn(ϕ,α)∣.
Then ∘ is an involution that swaps all n∈(N(c′)∪N(ℓ))∖N(ϕ,α) with n∘∈Nn+v+1(ϕ,α)∖Nn(ϕ,α).
By induction, c′∘,ℓ∘∈UPk(gndN+v+1(ϕ,α)(ϕ)).
Since c∗ is the unit propagation of c′∘ and ℓ∘, we have c∗∈UPk+1(gndN+v+1(ϕ,α)(ϕ)).
F.4 Decision Procedure
Definition 78** **
Let ϕ be proper+ and ψ be objective.
Let ϕ∣T be the conjunction of clauses of the form ⋁1≤i≤j,n∈/N+(ϕ,ψ)xi=n∨⋁i1=i2xi1=xi2∨cx1…njn1…nj for every c∈gndN+v+1(ϕ,ψ)(ϕ)∣T where x1,…,xj are of the same sorts as {n1,…,nj}=N+v+1(ϕ,ψ)∖N(ϕ,ψ), and where the empty clause is turned into a clause x=x.
Lemma 79** **
Let ϕ be proper+, ψ be objective.
Let N⊇N+v+1(ϕ,ψ).
Then UP\textsuperscript\textminus(gndN(ϕ∣T))=gndN(ϕ)∣T.
Proof*. *
For the ⊆ direction suppose c′∈UP\textsuperscript\textminus(gndN(ϕ∣T)).
Then c′ is the result of unit propagation with the grounding of a formula ⋁1≤i≤j,n∈/N+(ϕ,ψ)xi=n∨⋁i1=i2xi1=xi2∨cx1…njn1…nj with names n1′,…,nj′.
Then ni′∈N∖N(ϕ,ψ) and ni1′=ni2′, for otherwise the clause were subsumed by the valid literal ni1′=ni2′ and hence not in UP\textsuperscript\textminus(gndN(ϕ∣T)).
Thus c′ is just cn1′…nj′n1…nj; for if c′ were the result unit propagation of cn1′…nj′n1…nj, then c′ would subsume cn1′…nj′n1…nj, and by Lemma 77, c′n1…njn1′…nj′∈UP(gndN(ϕ)) and c∈/UP\textsuperscript\textminus(gndN(ϕ)) and hence also c∈/gndN(ϕ)∣T, which contradicts the assumption.
Then by Lemma 77 c′∈UP\textsuperscript\textminus(gndN(ϕ)), and an induction on the construction of gndN(ϕ)∣T shows that c′∈gndN(ϕ)∣T.
Conversely, suppose c∈gndN(ϕ)∣T.
Then ϕ∣T contains a clause c′ of the form ⋁1≤i≤j,n∈/N+(ϕ,ψ)xi=n∨⋁i1=i2xi1=xi2∨cx1…njn1…nj.
Then c′n1…njx1…xj∈UP(gndN+v+1(ϕ,ψ)(ϕ∣T)), and by unit propagation with valid literal clauses, c∈UP(gndN+v+1(ϕ,ψ)(ϕ∣T)).
Then c is not subsumed by any other in UP(gndN+v+1(ϕ,ψ)(ϕ∣T)), for otherwise c∈/gndN(ϕ)∣T⊆UP\textsuperscript\textminus(gndN(ϕ)).
Thus c∈UP\textsuperscript\textminus(gndN+v+1(ϕ,ψ)(ϕ∣T)).
Lemma 80** **
Let ϕ be proper+ and ψ be objective and without G\mspace1.0mu.
Then gnd(ϕ)∣T∣\joinrel≈Lk\mspace1.0muψ iff gnd(ϕ∣T)∣\joinrel≈Lk\mspace1.0muψ iff the following reduction is true:
-
gnd(ϕ∣T)∣\joinrel≈ℓ* iff
ℓ is valid or subsumed by some c∈UP(gndN+v+1(ϕ∣T,ℓ)(ϕ∣T))*
2. 2.
gnd(ϕ∣T)∣\joinrel≈(ψ∨χ)* iff*
(ψ∨χ)* is valid or subsumed by some c∈UP(gndN+v+1(ϕ∣T,ψ,χ)(ϕ∣T)) if (ψ∨χ) is a clause;*
gnd(ϕ∣T)∣\joinrel≈ψ* or gnd(ϕ∣T)∣\joinrel≈χ otherwise;*
3. 3.
gnd(ϕ∣T)∣\joinrel≈¬(ψ∨χ)* iff gnd(ϕ∣T)∣\joinrel≈¬ψ and gnd(ϕ∣T)∣\joinrel≈¬χ;*
4. 4.
gnd(ϕ∣T)∣\joinrel≈∃x\mspace1.0muψ* iff gnd(ϕ∣T)∣\joinrel≈ψnx for some n∈Nx+1(ϕ∣T,ψ);*
5. 5.
gnd(ϕ∣T)∣\joinrel≈¬∃x\mspace1.0muψ* iff gnd(ϕ∣T)∣\joinrel≈¬ψnx for every n∈Nx+1(ϕ∣T,ψ);*
6. 6.
gnd(ϕ∣T)∣\joinrel≈¬¬ψ* iff gnd(ϕ∣T)∣\joinrel≈ψ;*
7. 7.
gnd(ϕ∣T)∣\joinrel≈K0\mspace1.0muψ* iff*
gndN+v+1(ϕ∣T)(ϕ∣T)* is obviously inconsistent, or*
gnd(ϕ∣T)∣\joinrel≈ψ;
8. 8.
gnd(ϕ∣T)∣\joinrel≈Kk+1\mspace1.0muψ* iff*
for some t∈T(gndN+v+0(ϕ∣T,ψ)(ϕ∣T,ψ)) and every n∈Nt∙+1(ϕ∣T,ψ,t),
gnd(ϕ∣T∧t=n)∣\joinrel≈Kk\mspace1.0muψ;
9. 9.
gnd(ϕ∣T)∣\joinrel≈¬Kk\mspace1.0muψ* iff gnd(ϕ∣T)∣\joinrel≈Kk\mspace1.0muψ;*
10. 10.
gnd(ϕ∣T)∣\joinrel≈M0\mspace1.0muψ* iff*
gndN+v+1(ϕ∣T)(ϕ∣T)* is not potentially inconsistent, and*
gnd(ϕ∣T)∣\joinrel≈ψ;
11. 11.
gnd(ϕ∣T)∣\joinrel≈Mk+1\mspace1.0muψ* iff*
for some t∈T(gndN+v+0(ϕ∣T,ψ)(ϕ∣T,ψ)) and n∈Nt∙+1(ϕ∣T,ψ,t),
gnd(ϕ∣T∧t=n)∣\joinrel≈Mk\mspace1.0muψ* or*
gnd(ϕ∣T⊎(t=n))∣\joinrel≈Mk\mspace1.0muψ;
12. 12.
gnd(ϕ∣T)∣\joinrel≈¬Mk\mspace1.0muψ* iff gnd(ϕ∣T)∣\joinrel≈Mk\mspace1.0muψ.*
Proof*. *
The step from gnd(ϕ)∣T to gnd(ϕ∣T) holds by Lemmas 79 and 36.
Rules 1 and 2 follow from Lemma 77.
Rule 3 is trivial.
Rules 4 and 5 follow from Lemma 63.
Rule 6 is trivial.
Rule 7 follows from Lemma 77.
Rule 8 follows from Lemma 70.
Rule 9 is trivial.
Rule 10 follows from Lemma 77.
Rule 11 follows from Lemma 76.
Rule 12 is trivial.
**Theorem 4 (Decidability) **
Let ϕ be proper+ and σ be objective.
Then gnd(ϕ)∣\joinrel≈σ is decidable.
Proof*. *
Follows directly from Theorem 6 and Lemma 80.
F.5 Complexity
This section proves the complexity results Theorem 5 and Corollary 7.
**Theorem 5 (Tractability) **
Let ϕ,ψ be propositional, ϕ be proper+, ψ be objective.
Then O\mspace1.0muϕ∣\joinrel≈Lk\mspace1.0muψ is decidable in O(2k(∣ϕ∣+∣ψ∣)k+2).
Proof*. *
First consider O\mspace1.0muϕ∣\joinrel≈Kk\mspace1.0muψ.
Let f(k) be the complexity of deciding this with the procedure from Lemma 80 after k splits.
Then f(0)∈O((∣ϕ∣+k)⋅∣ψ∣), as at most k literals have been added to ϕ and unit propagation and the at most ∣ψ∣ subsumptions can be computed in linear time.
Furthermore, f(k+1)∈O((∣ϕ∣+∣ψ∣)⋅f(k)) as only primitive terms and their corresponding right-hand side plus one more name need to be tested for splitting; there are at most 31⋅(∣ϕ∣+∣ψ∣) primitive terms in ϕ and ψ.
Then f(k)∈O((∣ϕ∣+∣ψ∣)k⋅(∣ϕ∣+k)⋅∣ψ∣)=O((∣ϕ∣+∣ψ∣)k⋅(∣ϕ∣+∣ϕ∣+∣ψ∣)⋅(∣ϕ∣+∣ψ∣))=O((∣ϕ∣+∣ψ∣)k⋅2⋅(∣ϕ∣+∣ψ∣)⋅(∣ϕ∣+∣ψ∣))=O((∣ϕ∣+∣ψ∣)k+2).
Now consider O\mspace1.0muϕ∣\joinrel≈Mk\mspace1.0muψ.
Let f(k) be the complexity of deciding this with the procedure from Lemma 80 after k splits.
Then f(0)∈O(2⋅(∣ϕ∣+∣ψ∣)⋅∣ψ∣), as at most ∣ϕ∣+∣ψ∣ literals have been added during splitting.
Furthermore, f(k+1)∈O(2⋅(∣ϕ∣+∣ψ∣)⋅f(k)) as only terms in ϕ and ψ are split with their corresponding right-hand side plus one more name, and both the one-literal and the isomorphic-literals variants need to be checked; there are at most 31⋅(∣ϕ∣+∣ψ∣) primitive terms in ϕ and ψ.
Then f(k)∈O(2k⋅(∣ϕ∣+∣ψ∣)k⋅2⋅(∣ϕ∣+∣ψ∣)⋅∣ψ∣)=O(2k⋅(∣ϕ∣+∣ψ∣)k+1⋅∣ψ∣)=O(2k⋅(∣ϕ∣+∣ψ∣)k+2).
Corollary 81** (Tractability) **
Let ϕ,σ be propositional, ϕ be proper+, σ be subjective, and k≥l for every Kl\mspace1.0mu,Ml\mspace1.0mu in σ.
Then O\mspace1.0muϕ∣\joinrel≈σ is decidable in O(2k(∣ϕ∣+∣σ∣)k+3).
Proof*. *
σ contains at most ∣σ∣ subformulas Ll\mspace1.0muσ′, each of which by Theorem 6 reduces to at most ∣σ∣ instances of solving O\mspace1.0muϕ∣\joinrel≈Ll\mspace1.0muψ where ∣ψ∣≤∣σ′∣≤∣σ∣.
By Theorem 5, each instance can be solved in O(2k(∣ϕ∣+∣σ∣)k+2).