is it important to explain a theorem? a case study in uml and alcqi
DESCRIPTION
presented at Ethecom 2009 (workshop of ER 2009, Gramado, RS)TRANSCRIPT
Is It Important to Explain a Theorem?A Case Study on UML and ALCQI
Edward Hermann Haeusler Alexandre Rademaker
Departamento de Informática - PUC-Rio - Brasil
Ethecom 2009
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
Conceptual Modelling from a Logical Point of ViewMain Steps
1. Observe the “World”.
2. Determine what is relevant.
3. Choose/Define your terminology (non-logical linguistic terms).
4. Write down the main laws governing your “World” (Axioms).
5. Verify the correctness (sometimes completeness too) of your setof Laws.
Additional Observations
I Steps 1 and 2 may be facilitated by the use of an informalnotation (UML, ER, FlowCharts, etc) and their respectivemethodology, but it is essentially “Black Art” (cf. Maibaum).
I Step 5 full-filling demands quite a lot of knowledge of the Model.
I Step 5 essentially provides finitely many tests as support for thecorrectness of an infinite quantification.
The Validation Cycle
Figure: Refinements and Cascaded Validation
Validation of (Formal?) Specifications
The Scientific Basis of our approach
I Results/analysis of the philosophy of science are compared tosoftware validation [Haeberer98, Maibaum01, Cengarle98, C.George05, etc].
I Formal Specifications as Scientific Theories⇒ Observableterms, Theoretical terms, Evidences, Refutations, FalseNegatives, False positives, etc.
I Popper’s Falseability Principle drives (formal) validation analysis.
I Correctness⇔ Positives and False Positives.
I Completeness⇔ Negatives and False Negatives.
Validation of (Formal?) Specifications
The Scientific Basis of our approach
I Results/analysis of the philosophy of science are compared tosoftware validation [Haeberer98, Maibaum01, Cengarle98, C.George05, etc].
I Formal Specifications as Scientific Theories⇒ Observableterms, Theoretical terms, Evidences, Refutations, FalseNegatives, False positives, etc.
I Popper’s Falseability Principle drives (formal) validation analysis.
I Correctness⇔ Positives and False Positives.
I Completeness⇔ Negatives and False Negatives.
Validation of (Formal?) Specifications
The Scientific Basis of our approach
I Results/analysis of the philosophy of science are compared tosoftware validation [Haeberer98, Maibaum01, Cengarle98, C.George05, etc].
I Formal Specifications as Scientific Theories⇒ Observableterms, Theoretical terms, Evidences, Refutations, FalseNegatives, False positives, etc.
I Popper’s Falseability Principle drives (formal) validation analysis.
I Correctness⇔ Positives and False Positives.
I Completeness⇔ Negatives and False Negatives.
Validation of (Formal?) Specifications
The Scientific Basis of our approach
I Results/analysis of the philosophy of science are compared tosoftware validation [Haeberer98, Maibaum01, Cengarle98, C.George05, etc].
I Formal Specifications as Scientific Theories⇒ Observableterms, Theoretical terms, Evidences, Refutations, FalseNegatives, False positives, etc.
I Popper’s Falseability Principle drives (formal) validation analysis.
I Correctness⇔ Positives and False Positives.
I Completeness⇔ Negatives and False Negatives.
Validation of (Formal?) Specifications
The Scientific Basis of our approach
I Results/analysis of the philosophy of science are compared tosoftware validation [Haeberer98, Maibaum01, Cengarle98, C.George05, etc].
I Formal Specifications as Scientific Theories⇒ Observableterms, Theoretical terms, Evidences, Refutations, FalseNegatives, False positives, etc.
I Popper’s Falseability Principle drives (formal) validation analysis.
I Correctness⇔ Positives and False Positives.
I Completeness⇔ Negatives and False Negatives.
Validation of (Formal?) Specifications
The Scientific Basis of our approach
I Results/analysis of the philosophy of science are compared tosoftware validation [Haeberer98, Maibaum01, Cengarle98, C.George05, etc].
I Formal Specifications as Scientific Theories⇒ Observableterms, Theoretical terms, Evidences, Refutations, FalseNegatives, False positives, etc.
I Popper’s Falseability Principle drives (formal) validation analysis.
I Correctness⇔ Positives and False Positives.
I Completeness⇔ Negatives and False Negatives.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Positives, False Negatives, False Positives
Is anything true about Truth ??
I M |= φ and Spec(M) ` φ.
I Why is φ truth ?? Provide me a proof of φ.
Is anything wrong with the Truth ??
I M |= φ, but Spec(M) 6|= φ.
I A counter-model is found. Why is this a counter-model ??
I Model-Checking based reasoning is of great help !!
I Explanations from counter-examples.
Is anything true about Falsity ??
I M 6|= φ, but Spec(M) ` φ.
I Why does this false proposition hold ?? Provide me a proof of φ.
Existing Deductive Systems Paradigms
1. Aristotle’s Syllogisms (300 B.C.)2. Axiomatic (Frege1879, Hilbert, Russell).3. Natural Deduction (Jaskowski1929,Gentzen1934-5,
Prawitz1965)4. Sequent Calculus (Gentzen1934-5)5. Tableaux (Beth 1955, Smullyan1964)6. Resolution-Based (A.Robinson1965)
Conceptual Modelling: Some motivation on explaining a theorem
Consider an ontology/KB containing:
(Quad ∧ PissOnFireHydrant)→ Dog
Conceptual Modelling: Some motivation on explaining a theorem
Consider an ontology/KB containing:
(Quad ∧ PissOnFireHydrant)→ Dog
This KB draws
(Quad → Dog) ∨ (PissOnFireHidrant → Dog)
Conceptual Modelling: Some motivation on explaining a theorem
Verifying this using Tableaux: V Quad ∧ PoFH → Dog
F(Quad → Dog) ∨ (PoFH → Dog)
F(Quad → Dog)
FPoFH → Dog
V Quad
FDog
V PoFH
FDog
FQuad ∧ PoFH
FQuad FPoFH
V Dog
Conceptual Modelling: Some motivation on explaining a theorem
Another tableaux proof of Quad ∧ PoFH → Dog ` (Quad → Dog) ∨ (PoFH → Dog):
V Quad ∧ PoFH → Dog
FQuad ∧ PoFH
F(Quad → Dog) ∨ (PoFH → Dog)
F(Quad → Dog)
FPoFH → Dog
V Quad
FDog
V PoFH
FDog
FQuad FPoFH
V Dog
F(Quad → Dog) ∨ (PoFH → Dog)
F(Quad → Dog)
FPoFH → Dog
V Quad
FDog
Conceptual Modelling: Some motivation on explaining a theorem
One more tableaux proof of Quad ∧ PoFH → Dog ` (Quad → Dog) ∨ (PoFH → Dog):
V Quad ∧ PoFH → Dog
FQuad ∧ PoFH
FQuad
F(Quad → Dog) ∨ (PoFH → Dog)
F(Quad → Dog)
FPoFH → Dog
V Quad
FDog
FPoFH
F(Quad → Dog) ∨ (PoFH → Dog)
F(Quad → Dog)
FPoFH → Dog
V PoFH
FDog
V Dog
F(Quad → Dog) ∨ (PoFH → Dog)
F(Quad → Dog)
FPoFH → Dog
V Quad
FDog
Conceptual Modelling: Some motivation on explaining a theorem
Yet another Tableaux: V Quad ∧ PoFH → Dog
F(Quad → Dog) ∨ (PoFH → Dog)
F(Quad → Dog)
FPoFH → Dog
FQuad ∧ PoFH
FQuad
V Quad
FDog
FPoFH
V Quad
FDog
V PoFH
FDog
V Dog
V Quad
FDog
and many more.....
In Sequent Calculus
A proof that KB ` (Quad → Dog) ∨ (PoFH → Dog)
KB ⇒ PoFH ∧ Quad → Dog
Quad ⇒ QuadQuad, PoFH ⇒ Quad
PoFH ⇒ PoFHQuad, PoFH ⇒ PoFH
Quad, PoFH ⇒ Quad ∧ PoFH Dog ⇒ Dog
Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog
Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog,Dog
PoFH, PoFH ∧ Quad → Dog ⇒ (Quad → Dog),Dog
PoFH,KB ⇒ (Quad → Dog),Dog
KB ⇒ (Quad → Dog), (PoFH → Dog)
KB ⇒ (Quad → Dog) ∨ (PoFH → Dog)
In Sequent Calculus
Other proof that KB ` (Quad → Dog) ∨ (PoFH → Dog)
KB ⇒ PoFH ∧ Quad → Dog
Quad ⇒ QuadQuad, PoFH ⇒ Quad
PoFH ⇒ PoFHQuad, PoFH ⇒ PoFH
Quad, PoFH ⇒ Quad ∧ PoFH Dog ⇒ Dog
Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog
KB,Quad, PoFH ⇒ Dog
KB,Quad, PoFH ⇒ Dog,Dog
KB, PoFH ⇒ (Quad → Dog),Dog
KB ⇒ (Quad → Dog), (PoFH → Dog)
KB ⇒ (Quad → Dog) ∨ (PoFH → Dog)
In Sequent Calculus
One more proof that KB ` (Quad → Dog) ∨ (PoFH → Dog)
KB ⇒ PoFH ∧ Quad → Dog
Quad ⇒ QuadQuad, PoFH ⇒ Quad
PoFH ⇒ PoFHQuad, PoFH ⇒ PoFH
Quad, PoFH ⇒ Quad ∧ PoFH Dog ⇒ Dog
Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog
KB,Quad, PoFH ⇒ Dog
KB, PoFH ⇒ (Quad → Dog)
KB, PoFH ⇒ (Quad → Dog),Dog
KB ⇒ (Quad → Dog), (PoFH → Dog)
KB ⇒ (Quad → Dog) ∨ (PoFH → Dog)
In Sequent Calculus
Yet another proof that KB ` (Quad → Dog) ∨ (PoFH → Dog)
KB ⇒ PoFH ∧ Quad → Dog
Quad ⇒ QuadQuad, PoFH ⇒ Quad
PoFH ⇒ PoFHQuad, PoFH ⇒ PoFH
Quad, PoFH ⇒ Quad ∧ PoFH
Dog ⇒ Dog
Dog ⇒ Dog,Dog
Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog,Dog
KB,Quad, PoFH ⇒ Dog,Dog
KB, PoFH ⇒ (Quad → Dog),Dog
KB, PoFH ⇒ (Quad → Dog),Dog
KB ⇒ (Quad → Dog), (PoFH → Dog)
KB ⇒ (Quad → Dog) ∨ (PoFH → Dog)
and many more...
In Natural Deduction
A (normal) proof
[Quad ]d
[Quad ]a [PoFH]b
Quad ∧ PoFH Quad ∧ PoFH → Dog
Dogb
PoFH → Dog
(Quad → Dog) ∨ (PoFH → Dog) [¬((Quad → Dog) ∨ (PoFH → Dog))]c
⊥a¬Quad
⊥Dog
dQuad → Dog
(Quad → Dog) ∨ (PoFH → Dog) [¬((Quad → Dog) ∨ (PoFH → Dog))]c
⊥c
(Quad → Dog) ∨ (PoFH → Dog)
In Natural Deduction
THE other (normal) proof
[Quad ]a [PoFH]b
Quad ∧ PoFH Quad ∧ PoFH → Dog
Dogb
PoFH → Dog
(Quad → Dog) ∨ (PoFH → Dog) [¬((Quad → Dog) ∨ (PoFH → Dog))]c
⊥Dog
aQuad → Dog
(Quad → Dog) ∨ (PoFH → Dog) [¬((Quad → Dog) ∨ (PoFH → Dog))]c
⊥c
(Quad → Dog) ∨ (PoFH → Dog)
Fundamental facts on Automating S.C. and N.D.
Analyticity
I Every proof of Γ ` α has only occurrences of sub-formulasof Γ and α (Sub-formula Principle SFP).
I Cut-Elimination in S.C entails SFP. Haupsatz
I Normalization in N.D. entails SFP. Normalization
I Strongly related to analytic Tableaux based procedures.
Fundamental facts on Automating S.C. and N.D.
Analyticity
I Every proof of Γ ` α has only occurrences of sub-formulasof Γ and α (Sub-formula Principle SFP).
I Cut-Elimination in S.C entails SFP. Haupsatz
I Normalization in N.D. entails SFP. Normalization
I Strongly related to analytic Tableaux based procedures.
Fundamental facts on Automating S.C. and N.D.
Analyticity
I Every proof of Γ ` α has only occurrences of sub-formulasof Γ and α (Sub-formula Principle SFP).
I Cut-Elimination in S.C entails SFP. Haupsatz
I Normalization in N.D. entails SFP. Normalization
I Strongly related to analytic Tableaux based procedures.
Fundamental facts on Automating S.C. and N.D.
Analyticity
I Every proof of Γ ` α has only occurrences of sub-formulasof Γ and α (Sub-formula Principle SFP).
I Cut-Elimination in S.C entails SFP. Haupsatz
I Normalization in N.D. entails SFP. Normalization
I Strongly related to analytic Tableaux based procedures.
Arguments in favour of Natural Deduction as a basis for theorem explanation
Common Sense and Intuitive reasons
I “Fewer” proofs of a proposition when compared to otherDeductive Systems.
I “More” structure and existence of specific patterns to helpparagraph construction in NL.
I Working hypothesis: “Optimal explanations should betailored from well-known proof patterns”
Technical reasons
I Natural Deduction reveals the computational content of aproof. CH-Isomorphism
I The prover can choose the pattern it wants the proofshould have. Seldin Prawitz
Arguments in favour of Natural Deduction as a basis for theorem explanation
Common Sense and Intuitive reasons
I “Fewer” proofs of a proposition when compared to otherDeductive Systems.
I “More” structure and existence of specific patterns to helpparagraph construction in NL.
I Working hypothesis: “Optimal explanations should betailored from well-known proof patterns”
Technical reasons
I Natural Deduction reveals the computational content of aproof. CH-Isomorphism
I The prover can choose the pattern it wants the proofshould have. Seldin Prawitz
Arguments in favour of Natural Deduction as a basis for theorem explanation
Common Sense and Intuitive reasons
I “Fewer” proofs of a proposition when compared to otherDeductive Systems.
I “More” structure and existence of specific patterns to helpparagraph construction in NL.
I Working hypothesis: “Optimal explanations should betailored from well-known proof patterns”
Technical reasons
I Natural Deduction reveals the computational content of aproof. CH-Isomorphism
I The prover can choose the pattern it wants the proofshould have. Seldin Prawitz
Arguments in favour of Natural Deduction as a basis for theorem explanation
Common Sense and Intuitive reasons
I “Fewer” proofs of a proposition when compared to otherDeductive Systems.
I “More” structure and existence of specific patterns to helpparagraph construction in NL.
I Working hypothesis: “Optimal explanations should betailored from well-known proof patterns”
Technical reasons
I Natural Deduction reveals the computational content of aproof. CH-Isomorphism
I The prover can choose the pattern it wants the proofshould have. Seldin Prawitz
Conceptual Modelling in UML and ER
The Informal Side
I Graphical notations seem to be adequate to the humanbeing understanding and manipulation.
I Lacking of a formal consistency checking.
The Logical Side
I FOL cannot provide checking of KB consistency.I Decidable logics seems to be more adequate.
Conceptual Modelling in UML and ER
The Informal Side
I Graphical notations seem to be adequate to the humanbeing understanding and manipulation.
I Lacking of a formal consistency checking.
The Logical Side
I FOL cannot provide checking of KB consistency.I Decidable logics seems to be more adequate.
Conceptual Modelling in UML and ER
The Informal Side
I Graphical notations seem to be adequate to the humanbeing understanding and manipulation.
I Lacking of a formal consistency checking.
The Logical Side
I FOL cannot provide checking of KB consistency.I Decidable logics seems to be more adequate.
Conceptual Modelling in UML and ER
The Informal Side
I Graphical notations seem to be adequate to the humanbeing understanding and manipulation.
I Lacking of a formal consistency checking.
The Logical Side
I FOL cannot provide checking of KB consistency.
I Decidable logics seems to be more adequate.
Conceptual Modelling in UML and ER
The Informal Side
I Graphical notations seem to be adequate to the humanbeing understanding and manipulation.
I Lacking of a formal consistency checking.
The Logical Side
I FOL cannot provide checking of KB consistency.I Decidable logics seems to be more adequate.
Explaining Theorems on the Conceptual Modelling Domain
A Case Study in UML
1. Why UML ?⇒ It is complex (UML consistency isEXPTIME-Complete), useful and popular.
2. What do we need ?
I A Logical Language to express properties and their proofs(ALCQI)
I A Good (Normalizable) Natural Deduction for ALCQII Proof Patterns that yield good explanation (to come...)
Explaining Theorems on the Conceptual Modelling Domain
A Case Study in UML
1. Why UML ?⇒ It is complex (UML consistency isEXPTIME-Complete), useful and popular.
2. What do we need ?
I A Logical Language to express properties and their proofs(ALCQI)
I A Good (Normalizable) Natural Deduction for ALCQII Proof Patterns that yield good explanation (to come...)
Explaining Theorems on the Conceptual Modelling Domain
A Case Study in UML
1. Why UML ?⇒ It is complex (UML consistency isEXPTIME-Complete), useful and popular.
2. What do we need ?
I A Logical Language to express properties and their proofs(ALCQI)
I A Good (Normalizable) Natural Deduction for ALCQII Proof Patterns that yield good explanation (to come...)
Explaining Theorems on the Conceptual Modelling Domain
A Case Study in UML
1. Why UML ?⇒ It is complex (UML consistency isEXPTIME-Complete), useful and popular.
2. What do we need ?
I A Logical Language to express properties and their proofs(ALCQI)
I A Good (Normalizable) Natural Deduction for ALCQII Proof Patterns that yield good explanation (to come...)
Explaining Theorems on the Conceptual Modelling Domain
A Case Study in UML
1. Why UML ?⇒ It is complex (UML consistency isEXPTIME-Complete), useful and popular.
2. What do we need ?
I A Logical Language to express properties and their proofs(ALCQI)
I A Good (Normalizable) Natural Deduction for ALCQI
I Proof Patterns that yield good explanation (to come...)
Explaining Theorems on the Conceptual Modelling Domain
A Case Study in UML
1. Why UML ?⇒ It is complex (UML consistency isEXPTIME-Complete), useful and popular.
2. What do we need ?
I A Logical Language to express properties and their proofs(ALCQI)
I A Good (Normalizable) Natural Deduction for ALCQII Proof Patterns that yield good explanation (to come...)
ALCQI KB related to UML Class Diagram [BerCalvGiac2005]D. Berardi et al. / Artificial Intelligence 168 (2005) 70–118 81
Fig. 12. UML class diagram of Example 2.5.
2.4. General constraints
Disjointness and covering constraints are in practice the most commonly used con-straints in UML class diagrams. However, UML allows for other forms of constraints,specifying class identifiers, functional dependencies for associations, and, more generallythrough the use of OCL [8], any form of constraint expressible in FOL. Note that, dueto their expressive power, OCL constraints could in fact be used to express the semanticsof the standard UML class diagram constructs. This is an indication that a liberal use ofOCL constraints can actually compromise the understandability of the diagram. Hence,the use of constraints is typically limited. Also, unrestricted use of OCL constraints makesreasoning on a class diagram undecidable, since it amounts to full FOL reasoning. In thefollowing, we will not consider general constraints.We conclude the section with an example of a full UML class diagram.
Example 2.5. Fig. 12 shows a complete UML class diagram that models phone calls origi-nating from different kinds of phones, and phone bills they belong to.13 The diagram showsthat a MobileCall is a particular kind of PhoneCall and that the Origin of each PhoneCallis one and only one Phone. Additionally, a Phone can be only of two different kinds: aFixedPhone or a CellPhone. Mobile calls originate (through the association MobileOrigin)from cell phones. The association MobileOrigin is contained in the binary association Ori-gin: hence MobileOrigin inherits the attribute place of association class Origin. Finally, aPhoneCall is referenced in one and only one PhoneBill, whereas a PhoneBill contains atleast one PhoneCall. In FOL, the diagram is represented as shown in Fig. 13.Notice that, in the above diagram, one would like to express that each MobileCall is
related via the association Origin only to instances of CellPhone. Similarly for the otherdirection of the association. This can be expressed in FOL as follows:
!y1, y2, x. MobileCall(y1) "Origin(x) " call(x, y1) " from(x, y2) # CellPhone(y2)
!y1, y2, x. CellPhone(y2) "Origin(x) " call(x, y1) " from(x, y2) #MobileCall(y1)
The association MobileOrigin approximates this, making it explicit in the diagram that Mo-bileCalls and CellPhones are related to each other.
13 This diagram is based on an example provided with I.COM, a prototype design tool for conceptual modelingwith reasoning support [17].
Origin v ∀place.StringOrigin v ∃place.> u (≤ 1 place)Origin v ∃call.PhoneCall u (≤ 1 call) u ∃from.Phone u (≤ 1 from)
MobileOrigin v ∃call.MobileCall u (≤ 1call) u ∃from.CellPhone u (≤ 1 from)
PhoneCall v (≥ 1 call−.Origin) u (≤ 1 call−.Origin)
> v ∀reference−.PhoneBill u ∀reference.PhoneCallPhoneBill v (≥ 1 reference−)
PhoneCall v (≥ 1 reference) u (≤ 1 reference)MobileCall v PhoneCall
MobileOrigin v OriginCellPhone v Phone
FixedPhone v PhoneCellPhone v ¬FixedPhone
Phone v CellPhone t FixedPhone
Towards a Natural Deduction for ALCQI
I A Sequent Calculus for ALC (EDOC2007, AOW2007, etc)
I A Proof Theory for ALC (Sequent Calculus[RadeHaeuPere2008,2009])
I A Deterministic Sequent Calculus for ALC[RadeHaeuSBIA2008]
I Maude Implementations of S.C. Provers for ALC and ALCQI[Rade2009]
I A Good Natural Deduction for ALC [RadeHaeu2008-9]
I A Natural Deduction for ALCQI [RadeHaeu2009]
ALC, ALCQI and further DLs
ALC
C ::= ⊥ | > | A | ¬C | C1 u C2 | C1 t C2 | ∃R.C | ∀R.C
ALCQI
C ::= ⊥ | A | ¬C | C1 u C2 | C1 t C2 | ∃R.C | ∀R.C |≤ nR.C |≥ nR.CR ::= P | P−
UML with OCL constraintsSecureUML needs ID(C) role for each concept C for specifyinguniqueness of a default in a concept. [BragaHaeu2009]
∀ID(>).A v ∃ID(>).A A ≡ (= 1isdefault .(= 1isdefault−.Role))
Labeling formulas of ALC
Labeling Grammar:
LL ::= R,LL | ∅LR ::= R,LR | R(LL),LR | ∅C ::= LLCLR
The ALC formula:∃R2.∀Q2.∃R1.∀Q1.α
is represented by the labeled formula:
Q2,Q1αR1(Q2),R2
A Natural Deduction to ALC
L(α u β)
Lαu-e
Lα Lβ
L(α u β)u-i
L1αL2
R,L1αL2Gen
(α t β)L
[αL]....γ
[βL]....γ
γ t-eαL
(α t β)Lt-i
βL
(α t β)Lt-i
L1αL2
L2L1 ¬α
L1L2
⊥¬-e
[L1αL2 ]....⊥
L2L1 ¬α
L1L2
¬-i L1∃R.αL2
L1αR(L1),L2∃-e
L1αR(L1),L2
L1∃R.αL2∃-i
L1∀R.αL2
L1,RαL2∀-e
L1,RαL2
L1∀R.αL2∀-i
L1αL2 L1αL2 v M1βM2
M1βM2v -e
[L1αL2 ]....
M1βM2
L1αL2 v M1βM2v -i
[
L2L1 ¬α
L1L2 ]
.
.
.
.⊥
L1αL2⊥c
A Natural Deduction for ALCQI
Main properties of NALCTheoremNALCQI is complete regarding the standard semantics of ALC.
TheoremNALCQI is sound regarding the standard semantics of ALC.if Ω ` γ then Ω |= γ.
FactThe NALCQI t-rules and ∃-rules are derived in ALCQI − t,∃ .
Lemma (Moving ⊥c downwards on branches)If Ω ` α in ALCQI − t,∃ then there is a deduction Π of α from Ω,such that, each branch in Π has at most one application of ⊥c-rule,which is the last rule in it.
Theorem (Eliminating maximal v-formulas)reductions If Π is a deduction of α from Ω, in the restricted system, then
there is a deduction Π′ of α from Ω without any maximal formulas.
FactSFP holds in ALC.
ALCQI KB related to UML Class Diagram [BerCalvGiac2005]D. Berardi et al. / Artificial Intelligence 168 (2005) 70–118 81
Fig. 12. UML class diagram of Example 2.5.
2.4. General constraints
Disjointness and covering constraints are in practice the most commonly used con-straints in UML class diagrams. However, UML allows for other forms of constraints,specifying class identifiers, functional dependencies for associations, and, more generallythrough the use of OCL [8], any form of constraint expressible in FOL. Note that, dueto their expressive power, OCL constraints could in fact be used to express the semanticsof the standard UML class diagram constructs. This is an indication that a liberal use ofOCL constraints can actually compromise the understandability of the diagram. Hence,the use of constraints is typically limited. Also, unrestricted use of OCL constraints makesreasoning on a class diagram undecidable, since it amounts to full FOL reasoning. In thefollowing, we will not consider general constraints.We conclude the section with an example of a full UML class diagram.
Example 2.5. Fig. 12 shows a complete UML class diagram that models phone calls origi-nating from different kinds of phones, and phone bills they belong to.13 The diagram showsthat a MobileCall is a particular kind of PhoneCall and that the Origin of each PhoneCallis one and only one Phone. Additionally, a Phone can be only of two different kinds: aFixedPhone or a CellPhone. Mobile calls originate (through the association MobileOrigin)from cell phones. The association MobileOrigin is contained in the binary association Ori-gin: hence MobileOrigin inherits the attribute place of association class Origin. Finally, aPhoneCall is referenced in one and only one PhoneBill, whereas a PhoneBill contains atleast one PhoneCall. In FOL, the diagram is represented as shown in Fig. 13.Notice that, in the above diagram, one would like to express that each MobileCall is
related via the association Origin only to instances of CellPhone. Similarly for the otherdirection of the association. This can be expressed in FOL as follows:
!y1, y2, x. MobileCall(y1) "Origin(x) " call(x, y1) " from(x, y2) # CellPhone(y2)
!y1, y2, x. CellPhone(y2) "Origin(x) " call(x, y1) " from(x, y2) #MobileCall(y1)
The association MobileOrigin approximates this, making it explicit in the diagram that Mo-bileCalls and CellPhones are related to each other.
13 This diagram is based on an example provided with I.COM, a prototype design tool for conceptual modelingwith reasoning support [17].
Origin v ∀place.StringOrigin v ∃place.> u (≤ 1 place)Origin v ∃call.PhoneCall u (≤ 1 call) u ∃from.Phone u (≤ 1 from)
MobileOrigin v ∃call.MobileCall u (≤ 1call) u ∃from.CellPhone u (≤ 1 from)
PhoneCall v (≥ 1 call−.Origin) u (≤ 1 call−.Origin)
> v ∀reference−.PhoneBill u ∀reference.PhoneCallPhoneBill v (≥ 1 reference−)
PhoneCall v (≥ 1 reference) u (≤ 1 reference)MobileCall v PhoneCall
MobileOrigin v OriginCellPhone v Phone
FixedPhone v PhoneCellPhone v ¬FixedPhone
Phone v CellPhone t FixedPhone
Example : A Negative Testing
I An (incorrect) generalization (a CellPhone is aFixedPhone) is introduced in the KB.
I CellPhone v FixedPhone is added to KB.I CellPhone is empty (inconsistent)
.Cell v ¬Fixed [Cell]1
¬FixedCell v Fixed [Cell]1
Fixed⊥
1Cell v ⊥
Example : A Negative Testing
I An (incorrect) generalization (a CellPhone is aFixedPhone) is introduced in the KB.
I CellPhone v FixedPhone is added to KB.
I CellPhone is empty (inconsistent).
Cell v ¬Fixed [Cell]1
¬FixedCell v Fixed [Cell]1
Fixed⊥
1Cell v ⊥
Example : A Negative Testing
I An (incorrect) generalization (a CellPhone is aFixedPhone) is introduced in the KB.
I CellPhone v FixedPhone is added to KB.I CellPhone is empty (inconsistent)
.Cell v ¬Fixed [Cell]1
¬FixedCell v Fixed [Cell]1
Fixed⊥
1Cell v ⊥
Example: A False Positive in the new KB
I In the modified diagram, Phone ≡ FixedPhone can be drawn.This is not directly proved from the inconsistency of CellPhone.
I It is shown that Phone v FixedPhone sinceFixedPhone v Phone is already an axiom of KB.
I Proof:[Phone]1 Phone v Cell t Fixed
Cell t Fixed
[Cell] Cell v Fixed
Fixed [Fixed]
Fixed1
Phone v Fixed
Example: A False Positive in the new KB
I In the modified diagram, Phone ≡ FixedPhone can be drawn.This is not directly proved from the inconsistency of CellPhone.
I It is shown that Phone v FixedPhone sinceFixedPhone v Phone is already an axiom of KB.
I Proof:[Phone]1 Phone v Cell t Fixed
Cell t Fixed
[Cell] Cell v Fixed
Fixed [Fixed]
Fixed1
Phone v Fixed
Example: A False Positive in the new KB
I In the modified diagram, Phone ≡ FixedPhone can be drawn.This is not directly proved from the inconsistency of CellPhone.
I It is shown that Phone v FixedPhone sinceFixedPhone v Phone is already an axiom of KB.
I Proof:[Phone]1 Phone v Cell t Fixed
Cell t Fixed
[Cell] Cell v Fixed
Fixed [Fixed]
Fixed1
Phone v Fixed
ALCQI KB related to UML Class Diagram [BerCalvGiac2005]D. Berardi et al. / Artificial Intelligence 168 (2005) 70–118 81
Fig. 12. UML class diagram of Example 2.5.
2.4. General constraints
Disjointness and covering constraints are in practice the most commonly used con-straints in UML class diagrams. However, UML allows for other forms of constraints,specifying class identifiers, functional dependencies for associations, and, more generallythrough the use of OCL [8], any form of constraint expressible in FOL. Note that, dueto their expressive power, OCL constraints could in fact be used to express the semanticsof the standard UML class diagram constructs. This is an indication that a liberal use ofOCL constraints can actually compromise the understandability of the diagram. Hence,the use of constraints is typically limited. Also, unrestricted use of OCL constraints makesreasoning on a class diagram undecidable, since it amounts to full FOL reasoning. In thefollowing, we will not consider general constraints.We conclude the section with an example of a full UML class diagram.
Example 2.5. Fig. 12 shows a complete UML class diagram that models phone calls origi-nating from different kinds of phones, and phone bills they belong to.13 The diagram showsthat a MobileCall is a particular kind of PhoneCall and that the Origin of each PhoneCallis one and only one Phone. Additionally, a Phone can be only of two different kinds: aFixedPhone or a CellPhone. Mobile calls originate (through the association MobileOrigin)from cell phones. The association MobileOrigin is contained in the binary association Ori-gin: hence MobileOrigin inherits the attribute place of association class Origin. Finally, aPhoneCall is referenced in one and only one PhoneBill, whereas a PhoneBill contains atleast one PhoneCall. In FOL, the diagram is represented as shown in Fig. 13.Notice that, in the above diagram, one would like to express that each MobileCall is
related via the association Origin only to instances of CellPhone. Similarly for the otherdirection of the association. This can be expressed in FOL as follows:
!y1, y2, x. MobileCall(y1) "Origin(x) " call(x, y1) " from(x, y2) # CellPhone(y2)
!y1, y2, x. CellPhone(y2) "Origin(x) " call(x, y1) " from(x, y2) #MobileCall(y1)
The association MobileOrigin approximates this, making it explicit in the diagram that Mo-bileCalls and CellPhones are related to each other.
13 This diagram is based on an example provided with I.COM, a prototype design tool for conceptual modelingwith reasoning support [17].
Origin v ∀place.StringOrigin v ∃place.> u (≤ 1 place)Origin v ∃call.PhoneCall u (≤ 1 call) u ∃from.Phone u (≤ 1 from)
MobileOrigin v ∃call.MobileCall u (≤ 1call) u ∃from.CellPhone u (≤ 1 from)
PhoneCall v (≥ 1 call−.Origin) u (≤ 1 call−.Origin)
> v ∀reference−.PhoneBill u ∀reference.PhoneCallPhoneBill v (≥ 1 reference−)
PhoneCall v (≥ 1 reference) u (≤ 1 reference)MobileCall v PhoneCall
MobileOrigin v OriginCellPhone v Phone
FixedPhone v PhoneCellPhone v ¬FixedPhone
Phone v CellPhone t FixedPhone
A Natural Deduction for ALCQI
Example: A False Positive yielding a refining of KB
I MobileCall participates on the association MobileOrigin
with multiplicity 0..1, instead of the 0..* presented in the UMLdiagram
I Proof:
[≥ 2 c−.MO]2
MO v O
≥ 2 c−.MO v≥ 2 c−.O
≥ 2 c−.O
[MC]1 MC v PC
PC PC v≥ 1 c−.O u ≤ 1 c−.O
≥ 1 c−.O u ≤ 1 c−.O
≤ 1 c−.O
⊥2
¬ ≥ 2 c−.MO1
MC v ¬ ≥ 2 c−.MO
Sequent
Example: A False Positive yielding a refining of KB
I MobileCall participates on the association MobileOrigin
with multiplicity 0..1, instead of the 0..* presented in the UMLdiagram
I Proof:
[≥ 2 c−.MO]2
MO v O
≥ 2 c−.MO v≥ 2 c−.O
≥ 2 c−.O
[MC]1 MC v PC
PC PC v≥ 1 c−.O u ≤ 1 c−.O
≥ 1 c−.O u ≤ 1 c−.O
≤ 1 c−.O
⊥2
¬ ≥ 2 c−.MO1
MC v ¬ ≥ 2 c−.MO
Sequent
Example: A False Positive yielding a refining of KB
I MobileCall participates on the association MobileOrigin
with multiplicity 0..1, instead of the 0..* presented in the UMLdiagram
I Proof:
[≥ 2 c−.MO]2
MO v O
≥ 2 c−.MO v≥ 2 c−.O
≥ 2 c−.O
[MC]1 MC v PC
PC PC v≥ 1 c−.O u ≤ 1 c−.O
≥ 1 c−.O u ≤ 1 c−.O
≤ 1 c−.O
⊥2
¬ ≥ 2 c−.MO1
MC v ¬ ≥ 2 c−.MO
Sequent
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Conclusions
I Yes !! It is Important to explain a theorem !!!
I Proof explanations provide good and adequate support forformal validation of KB. It is as important as Model Checkingbased explanations.
I Under our Working Hyp., N.D. provides the adequate basis forexplanation generation from formal proofs.
I N.D. for DLs is an important step towards good explanations inConceptual Modeling. NALCQI provides a good basis regardingUML and ER reasoning explanation.
Advices
I Conceptual Modeling in UML is not tractable(EXPTIME-complete)
I Unless CoNP = NP, proofs can be really huge !!! IntroducingCuts/Maximal formulas cannot reduce always the size of a proof.
I Interactive theorem proving helps with the above feature. Whatabout partial (under) Modelling (?)
Curry-Howard Isomorphism
The computational content of Intuitionistic ProofsAny Proof of α from γ1, . . . , γn in IL corresponds to analgorithm that yields values of type α from any list of n values oftypes γ1, . . . , γn, respectively
IntuitionisticLogic
Technically:Any proof π of α from γ1, . . . , γn corresponds to a typed λ-termt(x1, . . . , xn) : α[x1 : γ1, . . . , xn : γn], such that any evaluation in tcorresponds a normalization step in π, and vice-versa.
return
Seldin’s strategy to normalize Classical Proofs
Moving the Classical Absurdity Rule towards the Conclusion of theproofGiven any Classical derivation Π of α from Γ, one can transform Π
into a derivation Π1 of α from Γ of the following form:
Γ, [¬α]a
Π1
⊥a α
where Π1 is intuitionistic. reductions
return
Prawitz’s strategy to normalize Classical ProofsMoving the Classical Absurdity Rule towards atomic conclusions inthe proofGiven any Classical derivation Π of α from Γ, one can transform Πinto a derivation Π1 of α from Γ where the Classical-⊥ has onlyatomic conclusions
[¬(α ∧ β)]a
Π
⊥a
α ∧ β
Transforms into
[α ∧ β]a
α [¬α]b
⊥a¬(α ∧ β)
Π
⊥b α
[α ∧ β]c
β [¬β]d
⊥c¬(α ∧ β)
Π
⊥d
β
α ∧ β
return
Example of reduction
[¬α]a
Π1
⊥a
α
[¬β]b
Π2
⊥b α
α ∧ β
Transforms into
[α]a [β]b
α ∧ β [¬(α ∧ β)]c
⊥a ¬α
Π1
⊥b¬β
Π2
⊥c
α ∧ β
other
Normalizing reductions
u-reduction ∀-reductionΠ1Lα
Π2Lβ
L(α u β)Lα B
Π1Lα
Π1L1,RαL2
L1∀R.αL2
L1,RαL2 BΠ1
L1,RαL2
¬-reduction v -reduction[L2L1 ¬α
L1L2
]Π1⊥
L1αL2
Π2L2L1 ¬α
L1L2
⊥ B
Π2[L2L1 ¬α
L1L2
]Π1⊥
Π1α
[α]Π2β
α v ββ B
Π1[α]Π2β
return
MC v ¬ ≥ 2 c−.MO in Sequent Calculus
MO⇒ O
≥ 2 call−.MO⇒ ≥ 2 call−.O
MC,≥ 2 call−.MO⇒ ≥ 2 call−.O
MC⇒ PC PC⇒ ≥ 1 call−.O u ≤ 1 call−.O
MC⇒ ≥ 1 call−.O u ≤ 1 call−.O
MC,≥ 2 call−.MO⇒ ≥ 1 call−.O u ≤ 1call−.O
MC,≥ 2 call−.MO⇒ ≥ 1 call−.O u ≤ 1call−.O u ≥ 2call−.O
MC,≥ 2 call−.MO⇒ ⊥
MC⇒ ¬ ≥ 2 call−.MO
return
The Haupsatz
I The cut rule:
Γ1 ⇒ ∆1, α α, Γ2 ⇒ ∆2
Γ1, Γ2 ⇒ ∆1,∆2
I Every proof of Γ⇒ ∆ can be rewritten without the cut-rule.
I Corollary: Every formula in a proof of Γ⇒ ∆ is subformula fromat least one formula of Γ ∪∆.
I Corollary: If the Haupsatz holds for a logic/theory L then thislogic is consistent. (There is no proof of the empty sequent).
I Gentzen proved that PA is consistent by means of Haupsatz.
return
The Haupsatz
I The cut rule:
Γ1 ⇒ ∆1, α α, Γ2 ⇒ ∆2
Γ1, Γ2 ⇒ ∆1,∆2
I Every proof of Γ⇒ ∆ can be rewritten without the cut-rule.
I Corollary: Every formula in a proof of Γ⇒ ∆ is subformula fromat least one formula of Γ ∪∆.
I Corollary: If the Haupsatz holds for a logic/theory L then thislogic is consistent. (There is no proof of the empty sequent).
I Gentzen proved that PA is consistent by means of Haupsatz.
return
The Haupsatz
I The cut rule:
Γ1 ⇒ ∆1, α α, Γ2 ⇒ ∆2
Γ1, Γ2 ⇒ ∆1,∆2
I Every proof of Γ⇒ ∆ can be rewritten without the cut-rule.
I Corollary: Every formula in a proof of Γ⇒ ∆ is subformula fromat least one formula of Γ ∪∆.
I Corollary: If the Haupsatz holds for a logic/theory L then thislogic is consistent. (There is no proof of the empty sequent).
I Gentzen proved that PA is consistent by means of Haupsatz.
return
The Haupsatz
I The cut rule:
Γ1 ⇒ ∆1, α α, Γ2 ⇒ ∆2
Γ1, Γ2 ⇒ ∆1,∆2
I Every proof of Γ⇒ ∆ can be rewritten without the cut-rule.
I Corollary: Every formula in a proof of Γ⇒ ∆ is subformula fromat least one formula of Γ ∪∆.
I Corollary: If the Haupsatz holds for a logic/theory L then thislogic is consistent. (There is no proof of the empty sequent).
I Gentzen proved that PA is consistent by means of Haupsatz.
return
The Haupsatz
I The cut rule:
Γ1 ⇒ ∆1, α α, Γ2 ⇒ ∆2
Γ1, Γ2 ⇒ ∆1,∆2
I Every proof of Γ⇒ ∆ can be rewritten without the cut-rule.
I Corollary: Every formula in a proof of Γ⇒ ∆ is subformula fromat least one formula of Γ ∪∆.
I Corollary: If the Haupsatz holds for a logic/theory L then thislogic is consistent. (There is no proof of the empty sequent).
I Gentzen proved that PA is consistent by means of Haupsatz.
return
Normalization and Normal Proofs
I A→ B is maximal formula in a ND proof:
Π1
A
[A]
Π2
BA→ B
B
reduces to
Π1
[A]
Π2
B
I Normalization: Every derivation of α from ∆ can be transformedinto a Normal derivation (without maximal formulas) of α from ∆′
(∆′ ⊆ ∆)
I Corollary: Every formula in a proof of α from Γ is subformula of Γor α.
return
Normalization and Normal Proofs
I A→ B is maximal formula in a ND proof:
Π1
A
[A]
Π2
BA→ B
B
reduces to
Π1
[A]
Π2
B
I Normalization: Every derivation of α from ∆ can be transformedinto a Normal derivation (without maximal formulas) of α from ∆′
(∆′ ⊆ ∆)
I Corollary: Every formula in a proof of α from Γ is subformula of Γor α.
return
Normalization and Normal Proofs
I A→ B is maximal formula in a ND proof:
Π1
A
[A]
Π2
BA→ B
B
reduces to
Π1
[A]
Π2
B
I Normalization: Every derivation of α from ∆ can be transformedinto a Normal derivation (without maximal formulas) of α from ∆′
(∆′ ⊆ ∆)
I Corollary: Every formula in a proof of α from Γ is subformula of Γor α.
return
Moving the ⊥ towards the conclusion of a derivation [Seldin1977]
[¬A]a
Π1
⊥aA
Π2
BA ∧ B
reduces to
[A]aΠ2
BA ∧ B [¬(A ∧ B)]b
⊥a ¬AΠ1
⊥b A ∧ B
return
Classical Logic × Intuitionistic Logic
TheoremThere are a,b ∈ R−Q, such that, ab ∈ Q
A Classical Proof (Math Folklore)Consider a = b =
√2. Then, either ab ∈ Q or ab 6∈ Q. In the first case
we are done. In the second case, consider a =√
2√
2and b =
√2,
hence, ab = 2 ∈ Q.
An Intuitionistic (constructive) proof (E. Bishop)Consider a =
√2 and b = 2log2(3). We have a,b 6∈ Q and
ab = 3 ∈ Qreturn