18 I.

Propositional Logic

The other connectives are handled similarly and are left to Exercise 17. 0

This theorem corresponds to what is often called the unique readability of propo-
sitions: There is only one way to parse a proposition into its component parts
all the way down to the propositional letters. Along these lines, we, in informal
usage, abuse our notation by omitting parentheses whenever no confusion can
arise. Thus, for example, we write -xli for (-'0:) and 0: -t {J for (a ----..
(J). Formally,
unique readability gives us another way to define functions on the propositions
and prove facti; about them: induction on formation trees. Typically, we induct
on the depth of the formation tree associated with a proposition. The advantage
of using trees is that, if one defines a function on formation trees, one eutometi-
cally has one on the associated propositions. If instead, one defined an operation
directly on propositions by induction, one would not know that there is only
one way of analyzing a given proposition inductively so as to guarantee that
the operation is well defined. This is precisely unique readability. We see some
examples of such procedures in the next section. For now, we just note that the
theorem allows us to define the depth of a proposition. We can also use it to pick
out the propositional letters that are "relevant" to a given proposition:
Definition 2.5:

(i) The depth of a proposition is the depth of the associated formation tree.

(ii) The support of a proposition is the set of propositional letters that occur
as labels of the leaves of the associated formation tree. (That this notion
corresponds to the ones that occur syntactically in the proposition is proven
by another induction argument. See Exercise 16.)

·Closure operations and inductive definitions:

~:~~ili)
:;e type of ~dudive definition given may clarify the role
(i) and (il) are'ro .:arant~ th~ only those exprfSSions generated by
eer 5 is c/o.sed~ . n&. We begin with the (algebraic) notion of cloeure. A
every ". "e a smgle (for example n-ary) operation f(a1, ... , s,,) iff for
operatio~'~ ."set
15
i:.I\"h"···
,"n) e S. The cl~t1reof. 5et S under (all) the
e mallest set C such that
I. s c c ee
2. if 1 E T is n-azy and
Ill, ... , "n e C, then 1("" ... ,II,,) e C.

To see that. there is • lllIla11est such set consider the set

C~n{DlsCDkD'
Of - 15 closed under the Operations of T}.
COUJlJe S ~ C. Now show that C .
clear that C is the srnaileBt.ueb IS cl~ under the operations of T. It is then
set U It 18CQntain~ in every set D ;2 S that is
 2 Propositions, Connectives and Truth Tables 17

closed under the operations of T. We could now define the set of propositions as
the closure of the set of propositional letteN! (i) under the operations 1\, v, ......
, .....
and ......as listed in (ii).
Turning now to semantics, we take the view that the meaning of a Propositional
letter is simply its truth value, that is, its truth or falsity. (Remember that we
are postponing the analysis of the internal structure of propositions to the next
chapter.) Each proposition then hes a unique truth value (T, for true or F, for
false). The truth value of a compound proposition is determined from the truth
values of its parts in accordance with the troth tables in Figure 3:

Definition 2.6 (Truth tables):

a P (aV P) a P (aAp) a P (a_pj

T T T T T T T T T
T F T T F F T F F
F T T F T F F T T
F F F F F F F F T

a P (a_pj

fffij
T T T -.>
T F F T F
F T F F T
F F T

FIGURE 3.

As pointed out earlier, the meaning of these connectives as specified by these

truth tables is not exactly the same as in ordinary English. For V, the meaning
is that of the inclusive or: a V {3 is true if either or both of Q and IJ are true. The
meaning of --0 is further removed from that in colloquial usage. In mathematics,
(0' --0 fJ) is asserted to be false only when Q is true and P is false. It is asserted
to be true in all other cases.
The formal assignment of truth values: to Propositions based on those of the
Propositional letters is given in the next section. Intuitively, it should be clear
from the inductive definition of propositions how, given any proposition wbeteo-
ever, we can construct a truth table for it by considering it &S being built up step
by step .sta.rting from propositional letters. For example, Figure 4 is the truth
table for «A 1\ B) __ C).
18 L Propositional Logic

A B C (AAB) ((AAB)_C)
T T T T T
T T F T F
T F T F T
T F F F T
F T T F T
F T F F T
F F T F T
F F F F T
FIGURE 4.

The eight combinations of truth values for A, B, C (~ = 8) can be thought of

as all possible states of the world as far as any proposition in which only t~e
propositional letters A, B, C appear is concerned. The column for (A 1\ B) ~
auxiliary and could be eliminated. The result would be the abbrettiated troth. tab
for ((AI\B) .....0). If the convention implicit in the above table for systema.tl~~
listing the (eight) possjble combinations of truth values for the propoeitio
letters A, B and C is observed, then it is clear that to any proposition there
corresponds a unique abbreviated truth table.

A priori, we might have begun our definition of propositions with some other
list of basic connectives, In general, an n-ary connective is any function o that
assigns a proposition q(AI, ... ,An) to every a-tuple of propositions At, ... , ~n'
So -. is I-My (u.nary), while 1\ and V are 2-ary (or binary). An n-ary connective
is tndhfunctional if the truth value for q(Aj, .•• ,An) is uniquely determined by
the truth values for AI"., ,An' Our five connectives are truth functional since
their meaning was defined by truth tables. On the other hand a connective like
"because" is not. For let A symbolize "I bad prune juice for breakfast" and B
"there was an earthquake at noon". Even in the event that both A and B have
truth values T it is at least debatable whether (B because A) should have trutb
value T. The debate might be more or less heated in other cases depending on
the content of A and B. An n-ary connective that is truth functional can be
completely described by means of a truth table as in Figure 5 where each bj,
1 $ i ~ 2" is either T or P.

Conversely, two distinct abbreviated truth tables (with the conventional listing of
truth values for AI, .. " An) correspond to distinct truth functional connectives.
By counting we see that there are 22" distinct n-ary truth functional connectives.
(So there are 12 = 16 - 4 binary oonnectiYe!l that we are not using.)

Definition ~. 7: A set S of truth functional connectives is adeqtwte if, given any truW E
~nd;Io.nal connective a, we can find a proposition bUilt Up from the connectives
m S wnb the same abbreviated truth table as a.
 2 Propositions, Connoctives end Truth Tables 19

A, A, ... A• O'(AI, ... , Ak)

T T ... T bt
T T ... F b,
...
... .
F F ... F

FIGURES.

Theorem 2.8 (Adequacy): {.....

, A, v} is adequate.

Proof: Let AI, ... ,Ak be distinct propositional letters and let aij denote the entry
(T or F) corresponding to the ith row and jth column of the truth table for
O'(Al, ... , AkJ as in Figure 6. Suppose that at least one T appears in the last
column.

At --. A; ... A. '" a(AJ, ... , Ak)

b,
b,

a.j b,

FIGURE 6.

For any proposition a, let aT be a and of be ( 0). For the ith row denote
the conjunction (A~n A ... AA:'·) bra.. Let i1, ,i ... be the rows with a T in
the last column. The desired proposition is the disjunction (Git V ... Vai-)' The
proof that this proposition has the given truth table is left as Exercise 14. (Note
that we abused our notation by leaving out a lot of parentheses in the interest
of readability. The convention is that of right B.,!8ociativity, that is, A /\ B A 0
is an abbreviation for (A A (B A 0».) We also indicate a disjunction over a set
of propositions with the usual set-theoretic terminology. Thus, the disjunction
just constructed would be written as V{GiI bi = T}. 0

:xarnple 2.9: The procedure given in the above proof can be illustrated by construct,
ing a Proposition built using only A, V and ., which has the truth table given in
Figure 7.
20 I. Propositional Logic

A B C ?
1 T T T T
2 T T F F
3 T F T F
4 T F F F
5 F T T T
6 F T F F
7 F F T F
8 F F F T
FIGURE 7.

We begin by looking only at rows with a T in the last column. For each such
row we find a proposition which is true for that row and false for every other
tow. The Proposition we want is the disjunction of the propositions we obtain
fur all relevant rows (rows 1, 5, 8 in this case). For any particular row, the
proposition true for only that row is obtained by taking the conjunction of the
letters having a T in that row and the negations of letters having an F in that
row. In this case row 1 gives (AAB /I.e) (we abuse notation again!); row 5 gives
«(-..A) A B A C); and row 8 gives ((-,A) A (-.B) /I. (-,C)). Thus, the proposition
(A A B A C) v «"A) A B A C) v «"A) A ("B) A ("C)) has tho given truth
table.

Clearly, given any proposition Q we can COnstruct its truth table and then follow
the above procedure to find another proposition that has the same truth table
and is a disjunction of conjunctions of propositional letters and their negations.
A proposition of this form that bas the same (abbreviated) truth table es a is
called a dUjunctitie fi01T1lal form. (ONF) of o. There is also a conjunctive nonnal
form (CNf') equivalent of Q that is presented in Exercise 3.3. Another method of
finding DNF and CNF equiva.lents of Q is presented at the end of the exercises for
§4.

Remark 2,10: The above procedure does not tell us what to do in case the last
column consists entirely of F's. See Exercise 13.

Corollary 2.11: (-', V} is adequate.

Proof: We can easily ~ that (Ai /I. A'l) has the same truth table as.-.«-.(Ar)) V
~-,(A'l))). Thus, gIVen any proposition Q we can find a DNF of Q and then elim-
matesame
the any truth
use oftable.
/I. by this substitution. The re8lllting proposition will still have
0
 2 Propoaitions, Connectivesand Truth Tables 21

The sets {..." I\} and {.." .......

} are also shown to be adequate in the exercises. If
a set is not adequate, how do you prove that? (See Exercise 10.)

Remark 2.12: By the adequacy theorems (Theorem 2.8 and Corollary 2.11) we could,
in theory, get by with just the connectives ...,. V and 1\ or even just ...,and V. The
induction clause in the definition of Propositions and many related definitions
and proofs (such as those involving tableaux in Sections 4, 5 and 6) could then
be considerably shortened. We, however, leave the list of connectives as it is but
generally explicitly deal with only a couple of cases in any Particular proof and
leave the rest as exercises.

F;xerr:ises

1. Which of the following expressions are official (i. e., unabbreviated) propo-
sitions of Propositional logic based on the propositional letters A, B, C, D?

(e) (HA V B» A C)
Cb) CAAB)vC
(c) A _ (B AC)

Cd) (CA - B) _ (~A»

(e) «~A)-BVC)

(I) (((CVB)AA)_D)
Cg) (CVA) A (~B»

(b) (A A CBA C»).

2. Prove your answers to l(a), (b) and (f) by either giving the step by step
procedure producing the proposition in accordance with the inductive def-
inition of propositions (you can simply draw a correctly labeled formation
tree) or proving, by Induction on statements, that there is some property
enjoyed by all Prop06itions but not by this expression.

3. Prove that every proposition other than a propositional Jetter begins with
a left parenthesis and ends with 8 right parenthesis. Moreover, the number
of right and left parentheses are equal in every proposition.

4. Prove that in any nonempty proper initial segment of a proposition there

are more left than right parentheses.
22 I. Propos.itionalLogic

5. Find DNF _,
.....uivalents for the following propositions:

(a) (A - 8) _ C
(b) (A _ 8) V (,C).

6. Prove that {-., A} is an adequate set of connectives. (Hint: Express V in

terms of.., and A .)

,
7. P ave that {...,, -') is an adequate set of connectives.

8. Prove that the binary connective (0 I (J) (Unat both, ... and") called the
Sheffer Jtroke whose truth table is given in Figure 8 IS adequate.

a 8 018
T T F
T F T
F T ·T
F F T
FIGURE 8.

(Hint: Express -. and 1\ in terms of ).)

9. Show that joint denial (neither 0: nor 13), written as Q 1 {j, is also adequate.
10. Prove that {A, V} is not adequate. .
Hint: Show by induction that -a is not equivalent to any statement built
up from a using only 1\ and v.

11. Prove that {V,_} is not an adequate set of conne<:tives.

12. Prove that {V, ..... J .... } is not an adequate set of connectives. [

13. Theorem 2.8. to handle the case of a column of all F's

Explain how in the proof of

14. Prove that the expressions constructed in the proof of Theorem 2.8 (in-
cluding the case COnsidered in Exercise (3) have the desired truth tables.
15. We say that all PMpositionalletters are built at Stage o. If propositions a
and,B have been bullt by level 11., we say that (-.a), (aV.B), (0''''.8), (a -+ fJ)
and (Q ......P) have been built by level 11. + 1. Clause (iii) of Definition 2.1
sa", that every Pro""'itkm ~ ~ built by "'m, 1""1 n. E>plain how we can Th
rephrase proof by induction on the definition of propositions in terms of
ordinary induction on the natUral numbers N.
 3 Truth AliSignments and ValuatiolUl 23

(Hint: Proving that all Propositions have property P by induction on propo-

sitions corresponds to provIng that all propositions built by level n have
property P by induction on n.)

16. We say that each propositional letter A OCCUrs in itself and no Proposi.
tionalletters other than A Occur in A. The propositional letters that occur
in (-.0) are precisely the ones that OCcur in a. The ones that OCCur in
(a V 13), (a A P), (a - 13) and (a _ 13) are Precisely these that Occur in
either Q or 13 (or both). This notion clearly captures the idea of a syntactic
occurrence of a propositional letter A in a proposition a.
Prove that the support of a proposition a is Precisely the set of proposi-
tional letters that occur in a.

3 Truth Assignments and Valuations

Our view of propositionailogic is that the meaning or content of a proposition is

just its truth value. Thus, the whole notion of semantics for propositional logic
consists of assigning truth values to Propositions. We begin with the propositional
letters.

Definition 3.1: A truth as.ngnml':ntA is a function that assigns to each Propositional

letter A a unique truth value A(A) € {T, F}.

The truth values of all Propositions should now be determined by the assignment
to the propositional letters. The determinations are made in accordance with the
truth tables for the connectives given in the last section.

lEflnition 3.2: A truth valuation V is a function that assigns to each proposition a

a unique truth value V(a) so that its value on a compound proposition (that is,
one with a connective) is determined in accordance with the appropriate truth
tables. Tbus, 1<" exampl., V«~a)) ~ T iff VIa) ~ F end V«a V P)) ~ T iff
V(a) == T or V(I3) =:: T. We say that V makes a true if Veal =:: T.

The basic result here is that a truth assignment to the propositional letters
uniquely determines the entire truth valuation on all Propositions. We analyze
the situation in terms of an induction on the depth of the propositions, that is,
the depth of the (unique) formation tree associated with the proposition.

eol"Qtn 3.3: Gi~n a truth assignment A tJun i.s a unique truth valuation V such
th4t V(a) == A(a) for I':tIery Propositionallettl':r Q.
24 I. Propositional Logic

Proof: Given a truth assignment.A., define (by induction on the depth of the associated
formation tree) a valuation Von all propositions by first setting V(a) = ..4(0) for
all propositional letters a, This takes care of all formation trees (propositions)
of depth O. Assuming that V has been defined on all propositions with depth at
most n, the inductive steps are simply given by the truth tables associated with
each connective. For example, suppose T(a_l') is the formation tree (of depth
n + 1) for (0 ......13). (It is built from Ta and TtJ (with the maximum of their
depths being exactly n) 6S in Theorem 2.4.) V((o ..... /1»
is then defined to be
F iff V(o) "" T and V(/1) "" F. The valuation is defined on a and P by induction
since they have depth at most n.

Clearly V has been defined so as to be a valuation and it does extend A. It

remains to show that any two valuations VI, V2 both extending A must coincide.
We prove this by induction on the depth of propositions:
(i) V1(o:) = V2;(O) for all propositional letters 0: (depth 0) since VI, V2 both
extend A.

(ii) Suppose Vl(O) = V2(o) for all propositions a of depth at most n and that
0: and 13 have depth at most n. Thus, V1(0) = V2(0) and Vt(P) = V2(13) by
induction. VI ((0 A ti» and V2((0 A.8» are then both given by the truth table
for 1\ and so are equal. The same argument works for ell the other connectives
and so VI and V2 agree on every proposition. 0
D
Note that, by induction again on the depth of 0, the definition of V(a) in this
construction only depends on the values of.A. on the support of 0 (the propoel-
tionalletters occurring in 0). Thus, the proof of the theorem actually proves:

CoroU~ 3.4: If Vt a~d. V2 are two valuations that agree on the support of a, the
fimte set of proPOS1tional letters tUM in the construction of the prnpo.tition 0,
thfn Vt(a) = V2(a). 0

Definition 3..5: A proposition a of propositional logic is said to be valid if for any Pr

valuation V, V(a) = T. Such a proposition is also caUed a tautology.

Definition 3.6: Two prop05itions 0 and fJ such that for ev ry val u V V( ) ""
V(,8) are called logically equivalent. We denote this by ~ := ti. ue IOn , a

Example 3.7:

AV
(I) (Pe . (~AI))~) d (((A - B) ~ A) - A) (Law o!the .xdud"" middle aod
tree s aware tautologies. See Exercise 1.

(il) For any proposition a and any DNF fJ of c, 0:= {J.

(iii) We could rephrase the adequacy theorem (2 8) to .

sit ion a, we can find a fJ that U3eS onl . say that, gwen any propo-
y .." v, 1\ and such that Q := p,
 3 Truth Assignments and Valuations 25

Although Corollary 3.4 allows us to check whether a given propcsltlcn is a tau-

tology or not using Definition 2.5, it also tells us that we can answer the same
question by finding out whether the last coJumn of the corresponding truth te-
ble has all T's or not. We choose not to develop these proofs by truth tables
further because they do not generalise to proofs for predicate logic which we
study shortly. We close this section with some definitions and notations which
are important later and generalize nicely to the corresponding concepts in the
logic of predicates.

Je8nition 3.8: Let E be a (possibly infinite) set of propositions. We say that a is Q

consequence 01 E (and write E 1= u) if, for any valuation V,

(V(T) = T Co, all TE E) => V = T.

Note that, if E is empty, E 1= (1 (or just 1= (1) iff (1 is valid. We also write
this as 1= (1. This definition gives a semantic notion of consequence. We see
several syntactic notions in tbe coming sections that correspond to different
proof procedures. A major result is the equivalence of the syntactic and semantic
notions of COnsequence that is embodied in the soundness and completeness
theorems (§S).

<e8nition 3.9: We say that a valuation V is a model of E if V(O') = T for every

0'E E. We denote by M(E) the set of all models of E.

etation: Rather tban"writing "'implies" and "if and only if" in our definitions,
theorems, eec., we often use ::::}and ~ instead. These are not symbols of the
language of Propositional logic but of the language (or metalanguage) in which
we discuss Propositional logic.

'oposltion 3.10: ut E, Et, £2 be 4et" ojpropontioru. Let Cn(E) denote the 4et
of consequencu 0/ E Qnd Taut the 6et 0/ all tl1utologiu.

Ii) E, c E, .. Cn(Ed c Cn(E,).

Iii) E ~ C.(E).

(iii) Taut ~ Cn (E) for all E.

liv) Cn(E) = Cn(Cn(E».

Iv) E, ~ 1:, .. M(E,) ~ M(E,).

I,,;) Cn(E)={ujV(u)=T far all VEM(±)j.

(vii) 0 E Cn{{Ol'.",O,,}) ~ 0'1-(0'2'''-{0'''-0')''') E Taut.

26 I. Propmitional Logic

We leave the proof of this proposition as Exercise 5.

The last esseruon of Proposition 3.10 tells us that testing whether o is a conse-
quence of a finite set E of propositions (sometimes called "premises") can be done
in finitely many steps by checking (for example, by using truth tables) whether
the proposition on the right-h8l1d side of (vii) is a tautology, But what do we do
If E is infinite? We had better learn how to prove that u is a consequence, The
first method we consider is that of tableaux,

Exercises

L Prove that the propositions in Example 3.7 (i) are tautologies by checking
directly, using Corollary 3.4, that they are true under all valuations.

2. Prove De Morgan's laws for any propOBitions 01,'" ,On, l.e.,

Hint:. ~ not ~":teo~t the truth tables. Argue directly from the truth
condItions for dISJunct10ns and conjunctions.

3 A rc 't' . I:.~
. P ~ Ion l~a """rW if it is a propositional letter or its negation. A
proJ)OSltion 0 IS in conjunctive normal form (CNF) if there are literals
01,1, ... , lIII,n, , 0~,1, "" 0:2,n1' "" 0",1, ... , 0:2,n~ such that 0: is

V
(01,1 VQI,2 ... VO'I,n,)A(Q2,1 V02,~ V ... VO~,n.)/\ ... /\ (Q.,,1 V ... VOk,n.)'

Prove that every prop'f' .

th OSIIOn IS equivelent to one in CNF (i e one that has
e same truth table). (Hint: Consider a DNF (of ""0) and use Exercise 2.)

4. Find a CNF for each of the follow',og ','

ProPOSl IOns:

(al {AABAC)_D,
I
{bl (A A B) _ (C V D),

5. Supply the (short) proofs from .

Proposition 3.10. the appropnate definitions (or (i)-(vii) of
 4 Tableau Proofs in Prupositional Calculus 27

4 Tableau Proofs in Propositional Calculus

We describe a system for building proofs of propositions. The proofs are labeled
binary trees called tableaux. The labels on the trees are signed propositions,
that is, a proposition preceded by either a T or an F (which we can think of
as indicating an assumed truth value for the proposition). We call the labels
of the nodes the entries of the tableau. Formally, we define (or describe how to
build) tableaux for propositions inductively by first specifying certain (labeled
binary) trees as tableaux (the so-called atomic tableaux) and then giving a
development rule defining tableaux for compound propositions from tableaux
for simple propositions.

The plan of the procedure is to start with some entry, i.c., some signed propo-
sition such as F( .....
(A 1\ (B V CD), and analyze it into its components. We say
that an entry is correct if our assumption about the truth value of the given
proposition is correct. For our current example, F( .....
(A 1\ (B V C))), this would
mean that ..,(A 1\ (B V C» is false. The guiding principle for the analysis is that,
if an entry is correct, then (at least) one of the sets of entries into which we
analyze it contains only correct entries. In our sample case, we would analyze
FHA A (8 V C))) 6", into T(A A (8 V C)). (rh(A A (8 V C)) Is false, then
(A 1\ (B V C» is true.) We would then analyze T(A 1\ (B V C» into T A and
T(Bv C). (If (A 1\ (B V C» is true, then so are both A and (B V C).) Next we
would analyze T(B V C) into either TB or TC, (If (B V C) is true, then so is
one of B or C.)

The intent of the procedure, as a way of producing proofs of propositions, is to

start with some signed proposition, such as Fa, as the root of our tree and to
analyze it into its components in such a way as to see that any analysis leads to
a contradiction. We then conclude that we have refuted the original assumption
that Q is false and so have a proof of e. Suppose, for example, that we start with
F(..,(A 1\ ..,A)) and proceed as in the above analysis (replacing (B V C) by --.A).
We reach T A and T..,A and then analyze T..,A into FA. We now have entries
saying both that A is true and that it is false. This is the desired contradiction
and we would conclude that we have a proof of the valid proposition ..,(A 1\ ...,A).
The base case of our inductive definition of tableaux consists of the (labeled
binary) trees displayed in Figure 9 as the atomic tablea'lJ:t:for any propositions
c and /3 and propositional letter A. It then proceeds as in Definition 4.1.

}efinition 4.1 (Tableaux): A finite tableau is a binary tree, labeled with signed
Propositions called entries, that satisfies the following inductive definition:

(i) All atomic tableaux are finite tableaux.

(ii) If T is a finite tableau, P a path on T, E an entry of T occurring on P and

T' is obtained from T by adjoining the unique atomic tableau with root
entry E to T at the end of the path P, then T' is also a finite tableau.
28 I. Propositional Logic

,. 1b ,. n,

T{o-Ajj)

TA FA
I F{OIAP)
T.

I F.
/\ Fp
Tp

.. " •• <b

F(OI v P)

T(~OI) F(~Q) T(QvP) I

I I /\ F.
F. T. T. Tp I
..
FP
,. 2b
6b

F(Q_f,l)
T(Q .... (1) F(Q .... fJ)
T(Q ~ (1) I /\ /\
/\ T. T. F. T. F.
F. Tp
PO
I
Tp
I I
Fp Fp
I
TP
I

FIGURE 9.
 4 Tableau Proofs in Propositional Calculus 29

If TO,T1,"" Ttl,··· is a (finite or infinite) sequence of finite tableaux such that, for
each n ~ 0, 7tl+1 is constructed from Ttl by an application of (ii), then T ::::UTn
is a tableau.

This definition describes ell possible tableaux. In this section, we could get by
with finite tableaux (see Theorem 4.11) but 'WOuldnecessarily be driven to in-
finite ones in predicate logic and even in the next section where we consider
propositional logic with (infinitely many) premises.
Each tableau is a way of analyzing a proposition. The intent is that, if it is all
right to assume that all the signs on entries on a path down to some entry E
in a tableau are correct, then one of the paths of the tableau that continue on
through E to the next level of the tree is also correct.
To see that this intention is realized, it suffices to consider the atomic tableaux.
Consider, for example, (Sa). If a --+ fl is true, then so is one of the branches
through it: a is false or fJ is true. Similarly for (4a), if a V fl is true, then so is
one of Q or fl. The other atomic tableaux can be analyzed in the same way. This
intuition is developed formally in the next section as the soundness theorem for
tableaux. The other major theorem about tableaux is the completeness theorem.
It is connected with the idea that we can show that if 0 is valid, then all possible
analyses of a given signed proposition FQ lead to contradictions. This constitutes
a proof c. In order to do this, we have to develop a systematic method for
generating a tableau with a given root which includes all possible procedures.
First, however, some examples of tableaux.

~xample 4.2: We wish to begin a tableau with the signed proposition F(((a --+
fJ) V (,,/ V 6)) A (0 V fJ)). There is only one atomic tableau that has this entry as
its root - the appropriate instance of the atomic tableau of type (2b) given in
Figure 10.

F«('-P)V(7v,)j F(. V Pl

FIGURE 10.

Now this tableau has two entries other than its root either of which could be
chosen for use in the induction clause to build a bigger tableau. (We could
legally use the root entry again but that would not be very interesting.) The
two POSSibilities are given in Figure 11 A and B.
We could also do each of these steps in turn to get the tableau given in Figure
11 c.
30 I. Propositional Logic

""
(0) F(((<r .......0) v h v 6») ,,(O' v,O))

F({o-iJ)v(-yV6)) / F(Ot V (J)

F(("
I
-Pl v h v 6))

I
F(Ot ..... Pl

I
Fhv6)
(,)

""
F(({o- _ (1) v b v 6» II (a v,O))

/ P(a V (J)

F(c.
I V /3)

I
F.

I
FP
(0)

""
F{((a ..... ,8) V h V 6)) 1\ (0 V .0))

F((o-p)V{-,V6)j
/ F(a v,O)

F((o-P)Vhv6))
I I
I
F( ....... .0)
F(o

I
V p)

F.
I
I
FIGURE 11.
 4 'Thbleau Proofs in Propositional Calculus 31

In this last tableau we could (ignoring duplications) choose either F(o. --+ {3} or
F(..., V 6} as the entry to develop. F(..., V 6} is the end of the only path in the
tableau that contains either of these entries. Thus, in either case the appropriate
atomic tableau would be appended to that path. Choosing F(a --+ {3} would give
the tableau of Figure 12.

F({(a -IJ) V C7 V 6)) A (a V IJ»)

/ "'" F(a V IJ)

I
F(. V IJ)

I
F.

I
FIJ

FIGURE 12.

As the reader must have noticed, each time we select an entry it gets repeated at
the end of the chosen path as part of the atomic tableau that we affix to the end
of the path. As a notational convenience we often omit this second occurrence
when we draw tableaux although it remains part of the lonna! definition. (They
actually are needed when we consider the predicate calculus and so we included
them in our formal definition.)
We now wish to describe those tableaux that will constitute proem and a sys-
tematic procedure for generating them from given signed propositions. We need
a number of auxiliary notions:

[)eBnition 4.3: Let T be a tableau, P a path on T and E an entry occurring on P.

(i) E has been reduced on P if all the entries on one path through the atomic
32 I. Propositional Logic

tableau with root E occur on P. (For example, T A and FA are reduced

for every propositional letter A. T..,o and Fr-o are reduced (on P) if Fo
and To, respectiwly, appear em P. T(a V /3) is reduced if either To. or Tfi
appears on P. F(o V fJ) is reduced if both Fa and F/3 appear on P.)

(ii) P is contradictory if, for some proposition 0, To. and Fa are both entries
on P. P is finished if it is contradictory or every entry on P is reduced on
P.

(iii) r is fini.shed. if every path through -r is finished.

(iv) -r is oontrodictory if every path through r is contradictory. (It is, of course,

then finished as well.)

Example 4.4: Figure 13shows a finished tableau with three paths. The leftmost path
is contradictory; the other two are not.

We can now define tableau proofs of o as ones that show that the assumption
that Q is false always leads to a contradiction.

Definition 4.5: A tablMU proof of a proposition Q is a contradictory tableau with

root entry Fo. A propositlon is tableau provable, written f-- a, if it has a tableau
proof.

T((A A ('Al) V (B V (C A D)))

~A~ / "'"
~BV~A~

1/""
I
TA
TB T(C A D)

T('A) I
I TC

FA I
I TD

PIGURE 13.
 4 'nt.bJeauProofs in Propositional Calculus 33

A tableau refutation for a proposition 0' is a contradictory tableau starting with

TO'. A proposition is tableau refutable if it has a tableau refutation.

Example 4.6: Peirce's law. Figure 14 gives a tableau proof of an instance of Peirce's
law. Remember that we don't actually recopy the entries that we are reducing.
We put <81 at the end of a path to denote that it is contradictory.

F«(A - B) _ A) _ A)

I
T«A _ Bj _ A)

I
FA

~~
F(A _ B) TA

TA
I I
IFB
~
I
FIGURE 14.

In much of what follows, for every definition or theorem dealing with a tableau
proof or a logical truth (or both), there is a dual definition or theorem dealing
with a tableau refutation and a logical falsehood, respectively. It is left to the
reader to provide these dual propositions. ..

The next step in producing proofs is to see that there is a finished tableau starting
with any given signed proposition as root entry. We describe a simple systematic
procedure for producing such a tableau. Theorem 4.11 shows that the tableaux
produced by this procedure are always finite.

Deftnitjon 4.1 (Complete systematic tableaux): Let R be a signed proposition. We

define the compkte "Ystematic tabletJu (CST) with root entry R by induction.
We begin the construction by letting 7b be the unique atomic tableau with R
34 I. PropOOtionalLogic

at its root. Assume that Tm has been defined. Let n be the smallest l~vel of T'd
containing an entry that is unreduced on some noncontradictory path m Tm an
let E be the leftmost such entry of level n. We now let Tm+l be the tableau
gotten by adjoining the unique atomic tableau with root E to the end of every
noncontradictory path of Tm on which E is unreduced. The union of the sequence
Tm is our desired complete systematic tableau.

Theorem 4.8: Every CST is finished.

Proof: Consider any entry E that OCcurs at some level 11 of the CST T an d rna res 0
noncontradictory path PinT. There are at most finitely many entries on T at
or above level n. Thus, all the entries at level n or above on T must be III
. p lace
by some point of the construction. That is, there is an mo such that for every
m ~ mo, Tm through level n is the same as T through level n. Now, for m ~ 17l(J,
the restriction of P to Tm is a path in Tm containing E. At each step m 2': 171\1
in the construction of the CST we reduce the entry on the lexicographically le~t
node labeled with an unreduced entry that is on some noncontradictory path m
the tableau Tm. U E is not already reduced on P by stage mo, we can proceed
for at most finitely many steps in this construction before E would become the
lexicographically least unreduced entry. At this point in the construction we
would reduce E. 0

In allowing infinite tableaux, we seem to be in conflict with the intuition that

proofs should be finite objects. However, by Konig's lemma, we can restrict our
attention to finite contradictory tableaux.

Theorem 4.9: If T = UTn is a controdictQTy tableau, then for .!orne m, Tm is. a

fini~ oontmdictory tableau. Thus, in particular, if a CST it a proof, it is a finite
tGbt<a u,

Proof: T is a finitely branching tree. Consider the subset of all nodes of T with no
contradiction above them. If this.set is infinite, It has an infinite path by Konig's
lemma. As this contradicts the assumption that every path in T is contradictory,
there are only finitely many such nodes. They must all appear by some level 110 of
T. Thus, every node at level n + 1 of T has a contradiction above it. Once again,
as T throUgh level n + 1 is finite, there is an m such that ~ is the same as 1
through level n + 1. Now every path P in Tm is either a path in T (ending with
a l~ of level :5 n) or a path containing a node of level n + 1. In the first case,
~ 18 contr.adlCtory by our assUIIiption that T is contradictory. In the second, P
~~~~Ictory by our choice of n and m. Thus, T... Is the desired contradictory

Note that if T == \JT, ,~ .. " ln th d fini '

Is nt· n '" .... e e tion of a CST and m Is least such that T'"
~ radlctory, then we cannot extend Tm in the COnstruction of T. In this case
T - T.... 0
 4 Tableau Proofs in Propositional Calculus 35

In the next section, we consider the import of this argument for the semantic 85
well as syntactic versions of the compactness theorem.

We conclude this section with a proof that each CST is actually finite. The proof
involves an induction based on a measure of the complexity of propositions that
we call the degree of tI propositiotL

Definition 4.10: We define d(a), the degree of 4 proposition a by induction.

(i) If a is a propositional letter, then d(a) = O.
(H) If a is ,13, then d(o) ~ d(fJ) + 1.
(iii) If a is {3 V ",/, {3 A "t, {3 - "'/ or (3 ...... ",/, then d(o) = d({3) + d(",/) + 1.
The degree of a signed proposition To or Fa is the degree of a. If P is a path
in a tableau 'T, then d(P) the degree of P is the sum of the signed propositions
on P that are not reduced on P.

Theorem 4.11: Every CST U finite.

Proof: Let T = U'Tm be any CST as described in Definition 4.7. We prove that every
path on T is finite (indeed has length at most the degree of the root of T) and so,
by Konig's lemma., T itself is finite. Consider any path P on T. It is the union of
paths Pm on Tm. A change occurs between Pm and Pm+! when, according to the
Definition 4.7, we add the atomic tableau a with root E to the end of Pm for some
entry E that is unreduced on a path in 'Tm. We claim that d(Pm+1) < d(Pm}.
Of course, this immediately implies that we can add an atomic tableau to the
end of Pm at most finitely often (indeed at most d(a) many times where a is
the proposition at the root of'T). Thus, P is finite as desired. To verify the claim
first note that adding o to the end of our path reduces the entry E on P. This
subtracts d(E) from the degree of the path while adding on the degrees of the
signed propositions other than E occurring on the path of (T that is added on to
Pm to form Pm+l. Thus, it suffices to check that the sum of the degrees of the
signed formulas (excluding the root) on each path through any atomic tableau
a is less than the degree of the root of (T. This is immediate from the definition
of degree and the list of atomic tableaux in Figure 9. 0

Exercises

Give tableau proofs of each of the propositions listed in (1) - (9) below.

1. Idempotence and Commutativity of 1\, V

(a) (a V a) .....a
(h) (oAa)_o
36 I. PropositionalLogic

(e)(.AP)_ (PA.)
(d) (.VPl-(pv.).

2. Associativity and Distributivity of A, V

(a) ((.APlA»_(.A(PA>})
(b) «(.vP)v»_(.v(pv>})
(e) (.V(PA>})_«.VP)A(.V>})
(d) (.A(PV>})-(aAPlV(aA»).

3. Pure Implication Laws

(a) Q ...... Q

(b) a-(P_a)

(e) (.-P)-((P-»-(a~>})
(d) (c _ (P _ >}) _ ((a _ P) _ (a _ >}).

4. Introduction and Elimination of A

(a) (a - (P _ >}) _ (Ic A P) _ »

(b) (aAP)_»_((a_(p_»).

5. De Morgan's Laws

(a) -qc v P) _ [r-c A 'P)

(b) ,(aAPl-(,av,Pl.

6. Contrapositive
(.-P}-('~-'a).
7. Double Negation
01 ...... -'-0.

8. Contradiction
-'(0 A -.0-).

9. (a) (,"VPl_(._p)
(b) (o - P) _ (t-o v Pl.
 4 Tableau Prool's in Propoeltlcnal CalCUIUB 31

Conjunctive and disjunctive normal forms

Recall from Exercise 3.3 that a conjunctive normal form (CNF) for a proposition
a is a conjunct of disjuncts of literals (prop06ltional letters or their negations)
which is equivalent to a. Similarly, a disjunctive normal form (DNF) for 0 is a
disjunct of conjuncts of literals which is equivalent to a. For any proposition a,
we can find equivalent conjunctive and disjunctive normal forms by the following
procedure:

(i) Eliminate all uses of ......in the formation (tree) of a by replacing any step
going from f3 and l' to f3 ...... l' by one going to ({J 1') A b ......
{J). This
produces a proposition at equivalent to a in which does not occur.

(ii) Eliminate all uses of ..... in the formation of 01 by replacing any step going
to {J ..... l' by one going to -.{J V 'Y. This produces an Q:J equivalent to Q in
which the only connectives are -t, V and A.

(Iii) Get a third equivalent propcelnon a3 in which, in addition, -. appears only

immediately before propositional letters by replacing In 02 all occurrences
of ~~P by P. of ~(PV7) by ~PA ~ and of ~(PA 7) by ~pv ~7.

(iv) Now use the associativity and distributivity laws above to get equivalents
of Q3 which are either conjuncts of disjuncts of literals (CNF) or disjuncts
of conjuncts of literals (DNF).

We provide an example of this procedure by finding both normal forms for the
-.c:
Proposition a = (A .....B) ......
(A _ B) _ -,0 (i)
(A _ B) _ -,Q) A (,C _ (A _ B)) (ii)

(-o(--.A V B) V -.e) A (-.-.e V ( ...A V B» (iii)

(~"A A "B) v -,0) A (,-,0 V (~A V Bl) (iii)
~A~V-,Q)A~V(~V~ ~.

We can now apply step (iv) to get a CNF for a:

(A V -.0) A ( ...8 V -.0) A (Cv.,A V B).

We can also use distributlvity to produce a DNF for a :

~A~V-,Q)A0vmAA~V-,Q)A~V~
(AA .,BAC)V (-.0 AC) V(AA -rB A .,A) v (-.0 A -.A) V (AA .,SA B) V (-.0 A B).

This last line is a DNF for Ct. It can. however, be simplified by using some of the
other rules proved above and simple truth table considerations. In particular I
contradictions such as C A ~ can be eliminated from disjuncts and tautologies
38 J. Propositional Logic

such as C V ~ can be eliminated from conjuncts. Applying these procedures

simplifies tbe DNF derived for Q to the following:
(AA~B 1\ C) v (~C 1\ --.A) V (-(J A B).

10. Use the procedure described above to find CNF and DNF equivalents for the
following propositions:

(a) (A - B) _ (A - C)
(b) (A - B) _ (e V D).

11. Use the laws provided in the above exercises to prove that each step of the
above procedure produces a proposition equivalent to the original propo-
sition a.

5 Soundness and Completeness of Tableau Proofs

We are going to prove the equivalence of the semantic notion of validity (1=)
and the syntactic notion of provability (f-). Thus, we show that all tableau pro~· I
able propositions are valid (soundness of the proof method) and that all valid
propo!'litions are tableau provable (completeness of the method).

Theorem 5.1 (Soundness): If a is tableau provable, then Q i! valid, i.e., l- a=} 1= a.

Proof: We prove the contrapositive. Suppose a is not valid. By definition there is II

valuation V assigning F to a. We say that the valuation V agrees with a signed
proposition E in two situations: if E is To: and V{a) = T or if E is Fa and F
V(a) = F. We show (Lemma 5.2) that if any valuation V agrees with the root
node of a tableau, then there is a path P in the tableau such that V agrees with
every entry on P. As no valuation can agree with any path on a contradictory
tableau there can be no tableau proof of a. 0

If V is a valuation that agrees with the root entry of a given tableau r given as
in Definition 4.1 8.8 Urn, then T bas a path P every entry of which agrees with
v.

Lemma 5.2: If V is 11 vlllulltion thIlt Ilgrees with th£ TOOt entTlf of 11 given tllblealJ
T given ~ in Definition 4·1 as Urn, then r has 11 path P every entry of which
ll,9fUs with V.

ove
Proof;. We pr. ~y indUction that there is a sequence (P,,) such that, for every fI, P..
15 contamed m P"+l and Pro is a path through rn such that V agrees with every
entry on p... The desired path P thrQugh r will then simply be the union of the
p... The base case of the induction is easily seen to be true by the eseumpuce
 5 Soundness and Completeness or Tableau ProolS 39

that V agrees with the root of T. As an example, consider (6a) with root entry
J'(o - Pl. If V(a - P) ~ T. then either V(a) = T and V(P) ~ T cr V(a) ~ F
and V(fJ) = F by the truth table definition for .......We leave the verifications for
the other atomic tableaux as Exercise I.
For the induction step, suppose that we have constructed a path p.. in Tn every
entry of which agrees with V. If Tn+l is gotten from Tn without extending Pn,
then we let Pn+l = p... If Pn is extended in T.. +1J then it is extended by adding
on to its end an atomic tableau with root E for some entry E appearing on Pn.
As we know by induction that V agrees with E, the same analysis as used in the
base case shows that V agrees with one of the extensions of Pn to a path Pn+1
in Tn+l. 0

theorem 5.3 (Completeness): If a is valid, then a is tableau protJable, ce., 1= a -=>

I- ct. In fact, anll finished tableau with root entry Fa is 0. proof of a and so, in
particular, the complete &y$tematic tableauz with root Fa is such 0. proof.

The crucial idea in the proof of the completeness theorem is embodied in Lemma
5.4: We can always define a valuation that agrees with all entries on any non-
contradictory path of any finished tableau.

-emme 5.4: Let P be 0. noncontrodictOfll path of a finUhed tableau T. Define 0. truth

assignment A on all propo.titionalleUers A as follows:
.4(A) = T if T A is an entry on P.
.4(A) = F othenuise.
If V is the unique valuation (Theorem 9.9) e:dending the truth assignment .4,
tMn V agrees with all entries of P.

'roof: We proceed by induction on the depth of propositions on P.

(i) If a is a propositional letter and TO' occurs on P, then V(a) = T by

definition and we are done. If Fa. occurs on P, then, as P is noncontra-
dictory, TO' does not and Veal = F.

(li) Suppose T(a 1\ fJ) occurs on the noncontradictory path P. Since T is a fin-
ished tableau, both T(a) and T{P) occur on P. By the induction hypothesis
Via) ~ T ~ ViP) and eo V(a AP) ~ T es required.
(iii) Suppose F(al\{3) occurs on the noncontradictory path P. Again by the def-
inition of a finished tableau, either Fa or FfJ must occur on P. Whichever
it is, the induction hypothesis tells us that it agrees with V and so either
V(a) = F or V(P) = F. In either case V(a 1\ fJ) = F as required.

The remaining connectives are treated like one of these two cases depending on
whether or not the corresponding atomic tableau branches. The deta.ils are left
as EJr:ercise 2. 0
40 I. Propositional Logic

Proof (of Theorem 5.3): Suppose that (J is valid and so V(o) = T for every valuation V,
Consider any finished tableau T with root Fa. (The CST with root Fa is one by
Theorem 4.8.) If T had a noncontradictory path P, there would be, by Lemma
5.2, a valuation V that agrees with all its entries and so in particular with Fa.
This would give us a valuation with V(o:) = F contradicting the validity of a,
Thus, every path on T is contradictory and T is a tableau proof of a. 0

It is clear from the proof of the completeness theorem (in fact from Lemma 5.4)
that if you try to construct a tableau proof for 0: {i.e., one starting with Fa)
and you do your best by constructing a finished tableau with root Fa but fail to
produce a proof of Q [i.e., the finished tableau has at least one noncontradictory
path), then the valuation defined by this noncontradictory path as in Lemma
5.4 gives us a counterexample to the assertion that 0: is valid. As we can always
produce a finished tableau with any given root, we must, for every proposition,
be able to get either a tableau proof or a counterexample to its validity!
It is this dichotomy (albeit expressed at the level of more complicated fragments
of predicate logic) that forms the basis for constructive solutions to many prob-
lems. It is also the underlying rationale of PROLOGand of the implementation of
other constructive theorem provers as programming languages. One starts witb
~ assumption such as "there is no x such that P(x)" and one either proves
It true or finds a counterexample, that is, one actually produces an :r such that
P(x). We consider these matters in II.S and, in more detail, in Chapter III.

Exercises

1. Verify the remaining cases of atomic tableaux in Lemma 5.2.

2. Verify the cases for the remaining connectives in Lemma 5.4.

Refor~ulate and ~rove the analogs of the results or this section for tableau
refutatlOns and satlSfiability:

3. IfhQis ~leau ~futable, i.e., there is a contradictory tableau with root Ta,
t en Q 18 unsl1ti.!J;:able I ,L_ •. T
~. ,.e., nere IS no valuatlOn V such that V(a):::: .
4. If Q is unsatisfiable, then there is a tableau refutation of 0:.

6
Deductions from Premises and Compactness
Recall the treatment at the end f §3
(which we called pre~) A 0 ro of~~econsequencesorasetEofpropositiO~
every valuation that is a ~et ~t1on (1 is a consequence of E (I: 1= a)if
of E IS also one of a, i.e., every valuation that
 6 Deductiona from Premises and Compactness 41

makes all the elements of E true also makes o true. (See Definitions 3.2 and 3.8.)
This notion of consequence and the associated one of a proof from given premises
(which we are about to define) reflect common usage in mathematical arguments.
A theorem is typically stated as an implication of'the form a --+ p. The proof of
the theorem, however, is generally presented in a format that begins by assuming
that the hypotheses (0) are true and then argues that the conclusion (jJ) must be
true. Viewed syntactically in terms of proofs, we might describe this procedure
as "assuming" a and then "deducing" fl. The semantic notion of consequence
captures the first view of such an argument. We now want to capture the syntactic
or proof-theoretic version by defining what it means to prove a proposition from
a set of premises. Once we have developed the appropriate notions, a formal
version of the informal mathematical method of argument described above is
(easily) provided by the deduction theorem (Exercise 6). We now turn to the
abstract formulation of the notions needed to express this result.

We begin our analysis with the definition of tableaux with premises from a set of
sentences. It differs from the basic definition only in that we are allowed to add
on entries of the form To for premises a. This variation reflects the intuition
that working from a set of premises means that we are assuming them to be
true.

Definition 6.1 (Tableaux from premises): Let E be a (possibly infinite) set of propo-
sitions. We define the finite tableau:t' with premisu from E (or just from E for
short) by induction:

(i) Every atomic tableau is a finite tableau from E.

(il) If T is a finite tableau from E and a e E, then the tableau fonned by
putting To at the end of every noncontradictory path not containing It Is
also a finite tableau from E.

(iii) If T is a finite tableau from E, P a path in T, E an entry of T occurring on

P and T' Is obtained from T by adjoining the unique atomic tableau with
root entry E to the end of the path P, then T' Is also a finite tableau from
E.

If To, Tl, ..•

, Tn' •.• is a (finite or infinite) sequence of finite tableaux from E such
that, for each n :?: 0, Tn+l is constructed from Tn by an application of (ii) or (iii),
then T "" UTn is a tableGu from E.

We can now define tableau proofs as before.

Oeo.nltion 6.2: A tableau proof of a propo.!ition 0 from E (or with premisu from E) Is
a tableau from E with root entry Fo that is contradictory', that is, one in which
every path Is contradictory. If there is such a proof we say that 0 iJ provable
fmm I: and write it as E r o.
42 I. Propollitional Logic

Examp 1e 6 .•3· .." .... 15 gives a tableau proof of A from a set consisting
Ft-0-- of two
prem tsee , {~B, (A VBn.

FA
I
T(~B)

I
T(A V B)

/
TA """ TB

I
o
I
FB

I
FIGURE 15.

We can now mmuc . . the development of the last section

. to prove the soundn~ are
and completeness theorems for deductions from premises. The only Chan; E
in the definition of a finished tableau and the CST. A finuhed tableau 3:W
is a tableau from E that is a finished tableau in the 5e118e of Definition 4. The
has an occurrence of To on every noncontradictory path for every,o E. E. the
idea here is again that we are incorporating the truth of the prermses 1000
analysis.

Similarly we must take steps in the construction of the CST from E to guaran;
the appearance of these premises. We list the elements of E as am, m E J!.'
of
revise the definition of the CSTby aitnply adding on one step to the defimtlo~ u
'm+!. If our new construction has produced T... we let T + be the next tab ~
m 1
that would be defined by the standard CST procedure. (If that procedure wo nt
now terminate because every path is contradictory, we also terminate the curre th
construction.) We now add on Tam to the end of every noncontradictory pa
in T:n+l that does not already contain To to form OUf new 7"",+1,
Theorem 6.4: Every CST from a set 0/ premise" is finished.
Proof: Exercise 1.
a
The proofs of the soundness and completeness theorems can now be carried ()Ill
as before with the caveat that we must alwa.ys see to it tha.t the propositiolJS
 6 Deducucne fr(lffi Premises and Compactness 43

in E are true in the relevant valuations. We state the appropriate lemmas and
theorems and leave most of their proofs in this setting as exercises.

Lemma 6.51 If a valuation V make" every Q E E true and agrees with the root of a
tableau 'T from E, then there it a path in 'T every entry of which agrees with V.

Proof: Exercise 2. o

Theorem 6.6 (Soundness of deductions from premises): If there is a tableau proof of

0: from a set of premises E, then 0 i.! a comequence of E, Le., E I- 0 '*1: F o.

Proof: If not, there is e. valuation that makes /3 true for every {3 E E but makes 0
false. Continue now as in the proof of Theorem 5.1. 0

Lemma 6.7: Let p be a noncontrodictory path in a finished tableau 'T from E. Define
a valuation V as in Lemma 5.4. V then 4fPUS with all entries on P and so in
particular makes every proposition fJ E E true (as TfJ must appear on P for
every /3 E E by chfinition oj a finished tableau from E ).

Proof: Exercise 3. o

Theorem 6.8 (Completeness of deductions from premises): 1J 0: i.! a consequence

of a set E oj premises, then there is a tableau deduction oj 0: from E, i.e.,
EFa: '*
EI-a:.

Proof: If E F 0, every valuation V that makes every proposition in E true also makes
a true. Consider the CST from E with root Fa. It is finished by Theorem 6.4.
Now apply Lemma 6.7. 0

Again we consider the problem of finiteness of proofs. If E is finite, then an

argument similar to that of Theorem 4.11 shows that the CST from E itself
is also finite. (See Exercise 12.) For infinite sets of premises, the argument for
Theorem 4.9 using Konig's lemma works just as before.

Theorem 6.9: If T = UTn is a contnulictory tableau from E, then, Jor some m, Ton it
a finite controdictory tableau from .E. In ptJrticular, if a CST from E i.! a p'TJOJ,
it i.! finite.

Proof: Exercise 4. o
Thus, we know that if 0 is provable from E, then there is a finite tableau proof of
it. This can be viewed as a syntactic version of the compactness theorem. Using
the completeness and soundness theorems it can be converted into a semantic
one.
44 I. PropOflitionaiLogic

Theorem 6.10 (Compactness): o is a consequence oj E iff 0 is a consequence of

"orne finde .whet oj E.

Proof: Exercise 5. o
We have left the indirect proof, via completeness and soundness, of the semantic
version of the compactness theorem as an exercise. However, a direct proof of
this result is also available. The compactness theorem is genuinely deeper than
the others we have proven and deserves two proofs. An advantage of the direct
approach is that the completeness theorem can be proved from the compactness
theorem and without recourse to infinite tableaux. The direct approach also
shows that compactness is simply a consequence of Konig's lemma.

Definition 6.11: A set E of proposition.s is called "atisfiable if it has a model, i.e.,

there is a valuation V such that V(o) = T for every 0 E E. We also say that
such a valuation satUfie3 E.

Example 6.12:

(i) {All A2, (AI A A2), A3, (AI/\ A3), A4, (AI/\ A,,), ... } is a satisfiable
infinite set of propositions.

(ii) {AI, A2, (AI ..... A3), (-,A3)} is a finite set of propositions that is not
satisfiable nor is any set containing it.

I
Theorem. 6.13. (Compactness): Let E = {0.1 i E w} be an infinde IIat of propo"itiOnll.
t Lt IIati!fiable if and only if ellery finite subset I' of E is IIatisfiable.

Proof: Note that the "only if" direction of the theorem is trivially true; the other
direction is not (not trivially that is). The problem is that finding different
valuation.s which satisfy longer and longer initial segments does not necessarily
mean that there is a single valuation satisfying the whole sequence. Building
such a valuation is essentially an application of Konig's lemma.

Let (eil i E w) be a list of all the Propositional letters. We define a tree T whose
nodes are binary sequences ordered by extension. We use tth(u) to denote the
~ength of a sequence a and set T = [e] there is a valuation V such that, for
1 $ lth(I1), V(Qj) = T and V(C,) = T iff l1(i) = I}. What this definition says is
that we put ".o.n the tree unless interpreting it as an assignment of truth values
to the proPOSItional letters C. (i :5 lth(l1)) already forces one of the Q' to be •
false for i ~lth(I1). •

Claim: There is an infinite path in T if and only if t is satisfiable.

Prt_oflc:;m:(lf V sat~es E, then, by definition, the set of all (7 such that
U I - V Gi) = T 18 a Path on T. On the other hand, suppose that
 6 Deductions from Premillel!land Compactness 45

(O"jl i E /If) is an infinite path on T. Let V be the unique valuation extend.

ing the assignment determined by the Uj, t.e., the one (or which C. is true iff
O"j(1) = 1 for some i (or equivalently, as the u. are linearly ordered by extension,
iff O"j(1) = 1 for every 1 euch that 1 ~ Ith(uj)).lfV ~ E, then there is some OJ E E
such that V(Oj) = F. Now by Corollary 3.4 this last fact depends on the truth
values assigned by V to only finitely many propositional letters. Let us suppose
it depends only on those Cj with 1~ n. It is then clear from the definition of T
that no (1 with length 2: n can be on T at all. As there are only finitely many
binary sequences (1 with length ~ n, we have contradicted the assumption that
the sequence ((1;) is an infinite path on T and so V l= E as claimed.
The next claim is that there is, for every n, a a of length n in T. By assumption
every finite subset of E is satisfiable. Thus, for each n, there is a valuation Vn
that makes OJ true for each 1::;:n. The string U given by 0'(1) = 1 iff Vn(Ci) = T
for 1 :::;n is then on T by definition.
Konig's lemma (Theorem 1.4) now tells us that there is an infinite path in T and
so E is satisfiable as required. 0

The connection between this version of the compactness theorem for proposi-
tionallogic and the compactness theorem of topology is considered in Exercises
9 and 10. Other applications of the compactness theorem can be found in Exer-
cises 7 and 8.

~Xercises

1. Prove Theorem 6.4.

2. Prove Lemma 6.5.

3. Follow the proof of Lemma 5.4 to prove Lemma 6.7.

4. Follow the proof of Theorem 4.9 to prove Theorem 6.9.

5. Deduce Theorem 6.10 from the results preceding it.

6. Deduction Theorem: Let E be a finite set of propositions and A E the

conjunction of its members. Prove that for any proposition a the following
are equivalent:

(a) E"o.
(b) "/lE~o.
(o)El-o.
(d) I-/IE-o.
46 I. Propositional Logic

Appllc::atioD8 of Compac::tness

For Problems 7 and 8, use the compactness theorem for propositional logi~or
Konig's lemma. The key point in each case is to faithfully translate the given
problem into an appropriate set of propositions (or an appropriate tree). One
then applies compactness or Konig's lemma, Finally, one must translate the
result of this application back into the terms of the problem. These problems are
treated in predicate logic in Exercises 11.7.5.

7. A partial order has width at most n if every set of pairwise incomparable

elements has size at most n. A chain in a partial order < is simply a su~
of the order that is linearly ordered by <. Prove that an infinite part.lal
order of width at most 3 can be divided into three chains (not necessarily
disjoint) if every finite partial suborder of width at most 3 can be so
divided.
Hint (Using compactness): Let the elements of the order be {PnJ n E }f}.
Consider propositions RPiPj, APi, BPi and CPt. for i,i E N. Think ~f
RPiPj as saying that Pi < Pj. Think of APi as saying that Pi is in .~aw
A and similarly for BPi and CPt. Now write down the sets of propostncss
expressing the desired conclusions: Each of A, B and C is a chain; every
element is in A, B or C; the order has width 3.
Note: Dilworth's theorem states that any partial order of width at most n
can be divided into n chains. Thus, Dilworth's theorem for infinite orders
~ollowsfrom the theorem for finite orders by compactness. As the finite ~~
IS proved by induction on the size of the given order, this is a nontriviel
application of compactness.

8. A graph G is a set of elements {no, a}, ... } called nodes and a. set of pa.iIs
of nodes {(I.;, Qj} called edges. We say that G is n-colomble jf we can label
its nodes with n colors CI, •.• , en so that no two nodes in a single edge of
G have the same color. Suppose every finite subgraph of G (a finite subset
?f the nodes and the edges between them) is four-colorable. Prove that G
IS four--colorable.

Hint (~sing KOnig's lemma): Define a. tree of 4-ary sequences ordered by

extension. p.ut a sequence a of length n+ 1 on the tree If and only If it defines
a four-wlonng ofthe nodes Go, cr, .'., an by coloring a. with color CoW,
Note: The four-color theorem says that every planar gra~h is four--colorable.
~y this ~rch;e, it suffices to prove the theorem for finite graphs, as a graph
IS planar If and only if all its finite subgraphs are planar.

Conn t' .h
ee IOns Wit topological compactness and Konig's lemma

~~e :r:;c~~e;.
the Open ts be
~rem fo~ propositional lOgic can be connected to the to~I'
all POSSibletruth valuations that is determined by letting
set I; of p:posi~:~rated by tboae of the form {V: (30 E E) (V ~ o)} for anY
 7 An Axiomatic Approach- 47

9. Prove that the space T with this topology is compact.

10. Deduce the nontrivial direction of the semantic version of the compact-
ness theorem (6.13). Hint: Prove the contrapositive from the open cover
property.

11. Prove Konig's lemma from Theorem 6.13.

See also Exercises 1.10 and 1.11 for other connections between Konig's lemma
and topological compactness.

Finite sets of premises and tableau proofs

12. Suppose E is a finite set of propositions. Show that every CST from E is
finite.

7 An Axiomatic Approach"
Propositional calculus (as well as other mathematkal systems) are often rormu-
lated as a collection ofaxionu and ndu of in/erenu. The axioms of propositional
logic are certain valid propositions. A rule of Inference, R, in general. "Infers" a
proposition Q from certain n-tuples al •...• a" of propositions in a way that is
expected to preserve validity. Thus. for R to be an acceptable rule ef Inference,
it must be true that. if one can use R to jnCer a from the valid propositions
or, .. '. an. then a must be valid as well.
We now give a brief description o( one such classical formulation based on the
adequate set o( connectives {..." -t}. (For simplicity we view the other connee-
tives as defined from..., and ......This cOJUllderablyreduces the number o( axioms
needed.]
7'.1 Axiom5: The axioms of our system are aU proposittons of the (ollowing
(orms:
(;) (0 _ (p _ 0»
(il) ((0 _ (p _ ,)) _ «(0 _ p) _ (0 _ ,)))

(iii) (....,8 .....~) -+ (...,,8 -+ a) -+,8)

where Q. ,8 and "'f can be any proposltiollB.
The fonna in this list are often called axiom 8chemu. The extoms are all instances
of these schemes as a. ,8 and .., vary over all prcpoeitiona. It is easy to check that
these axioJJlll are all valid. Their choice. in some BeJI5e. is justified a bit later. Our
system has only one rule of inference called modw pom:ru.
7.2 The Rule of Inference (Modus Ponens):
From a and a -+ 11. we can infer {J. This rule is written as (ollows:
o
48 I. Propoeitional Logic

S stems beeed on axioms and rules in the style of the one pre5een~::.~~y ~~
~nerally ca.lled Hilbert-style proof systems. We therefore denot p
this ')'IItem by ~ H.

Definition T.3: Let E be a set of propositions.

(i) A proof from E is a finite sequence 01,02, ... , o n such that for each i :5 n
either:

(I) 0, is a member of Ej
(2) OJ is an axiom;
or

(3) 0; can be inferred from some of the prevrous

. OJ by an a pplication of a
rule of inference.

(ii) 0 is provable from E, E I- H 0, if there is a proo f 01,. .. ,On from r: where

Q~~O. .

(iii) A proof of 0 is simply a proof from the empty set ,. ,a .

15 provable if it IS
provable from 101.

Example 7.4: p
Here is a proof o((( .... ---0 0) ---0 P) from E = [e-o]:

from E
(~- ('P - '.») axiom (i)
(,p-~) modus ponena
({'P -~) - ({,P _.) - P» axiom (iv)
('P -.) - P) modus ponens.

We should note here, as we did for tableau deductions, that, although the set of
premises E may be infinite, if 0 is provable from E, then Q is provable from a
finite subeet. of E. Proo& life always finite!

The standard theorems are again soundness, completeness and compactness.

Soundness is fairly easy to prove. One has only to check that the axioms are
all valid and the rule of inference (modus ponens] preserves truth, Le., if t~e
premises are true for some valuation, then so is the conclusion. The syntactic
version of the oompadnesa theorem is immediate in this setting as all proofs are
finite. The semantic version (as stated in Theorem 6.13) remains nontrivial. Of
course, the sem.antic Pfoof given there also remains applicable. The theorem can
also be derived from the completeness theorem for this rule-based system (which
mU!lt therefore be nontrivial).

We omit the proofs of soundness and completeness for this particular system
(they can be found in Mendelson [1979, 3.2J but in the next section we consider
another rule-based syatem and Ill1Pply the prcofa of such results. For now, 'We
simply state the theorems for the system presented here.

Theorem T.3 (Soundnesl:l and completeness from premises): Q U protlab~ from a $e!
o/~ E I/and onll/ i/ Q Ua comequrnce of E, i.e., E I- Q *lo E F cr.
H
 8 Rescjutlon 49

Corollary 7.6 (Soundness and completeness): A propo!itwn Q is provable if and only

s.e., rn Q ¢> 1= Q.
if it is valid,

Remarks 7.7:
(i) On modus ptmens: If Q has a tableau proof and Q ..... {3 has a tableau proof,
then Q and Q ..... {3 are both valid by the soundness theorem. As modus ponens
preserves validity, {3 is also valid. Thus, by the completeness theorem for tableau
proofs, {3 has a tableau proof. There is actually an algorithm for getting a tableau
proof for fJ from such proofs for a and a .....{3. This is known as the Gentzen
Hauptsatz (principle theorem) and is too long to prove here. Modus ponena is also
called the cut rule and this theorem is therefore referred to as a cut elimination
theorem.
(ii) On theorem.t: A theorem is any proposition that is provable. So any proposi-
tion that occurs as an element in a proof is a theorem. We usually think of the
conclwion as being the last element of a proof but, any initial segment of a proof
is also a proof.
(iii) Choice of o.:r;iom.t:The corollary says that the axioms are complete in the
sense that we can prove any valid proposition from them by repeated applications
of modus ponens. On the other hand, since the axioms are valid and modus pcnens
preserves validity, every theorem (i.e., every proposition provable in this system)
has a tableau proof. Thus, tableau proofs are sufficient and so are the axioms and
rules of inference listed above. One could have more axioms (or fewer) or more
(or other) rules of inference or both. Scmenmee it is a matter of taste, other
times a matter of expediency (e.g., what makes various proofs easier). The key
point is that whatever the proof system, there is really only one set of theorems,
the valid propositions.
(iv) EfficienclI: Proving theorems efficiently from such a system of axioms and
rules may be somewhat tricky since you often have to guess which axiom to use
rather than having a systematic procedure as is the case for the tableaux. The
source of tmll problem is having a plethora of axiom II from which to choose. The
Hilbert-style proof system presented here has many axioms and few rules. Other
systems that reverse the emphasis are Gentzen lIystems and natural deduction
systems. These are much more relevant to automatic theorem proving and, in
their intuitionistic or constructivist forms, to producing systems that have the
property of always being able to produce a proof or counterexample for any given
proposition (as discussed at the end of §5).

I Resolution
The proof method underlying PROLOG and most automatic theorem provers is
a particularly simple and efficient system of axioms and rules called 1Uolution.
Like the system presented in §7, resolution has only one rule. It reduces the large
amount of the guesswork involved in producing a proof by essentially eliminating
all axioms. {Actually it incorporates them automatically via various formatting
rules but as far as the work of producing the proof is concerned, this almost
50 I. Propos.itionalLogic

amounts to their elimination.) The resolution method, like our version of the
tableau method, ill a refutation procedure. That is, it tries to show that the
given formula is unsatisfiable. It begins by assuming that the formula of interest
is in conjunctive normal form (see Exercises 3.3 and 4.10-11). In typical computer
science treatments this fonn is called clawal form and the associated terminology
is as follows:
Definition 8.1:

(i) A literal t is a Propositional letter p or its negation .....

p. If l is p or .....
p, we
write i for ~ or p, respectively. The propositional letters are also called
porititll! literal! and their negations negative litemls.

(il) A clawe C is a finite set of literals (which you should think of as the
disjunction of its elements). As we think of C as being true iff one of
its elements is true, the empty clawe 0 is always false ~ it has no true
element.

(iii) A formula S is a (not necessarily finite) set of clauses (which you should
think of as the conjunction of its elements). Ai> we think of a formula S
as being true if every one of its elements is true, the empty fonnula 0 is
always true - it has no false element.

(iv) An a.s.rignment .A is a consistent set of literals, i.e., one not containing

both .p and -e for any proPOSitional letter p. (This, of course, is just the
(~iall truth assignment in which those pEA are assigned T and those
q With q E A are assigned F.) A complete assignment is one containing P
or ""'p for.every propositional letter p. It corresponds to what we called a
truth assignment in Definition 3.1.

(v) .A ilatUjie., S, A ~ s,
iffVC E S(C n A # 0), i.e., the valuation induced by
A makes every clause in S true.
(vi) ~ formula S i3 (un)satisfiahle ifthere is an (no) assignment A that satisfie'l
it,

Examples 8.2:

(I) p, q, r, ....p, ii(= "'q), f' and ""'ii(= q) are literals.

(iI) {P, r}, (~} and {q, .....
r} are clauses.
(iii) S - {
~P,T}, .{q, ""-}, {-.q}, {"'p, t}, {s, ..,t}} is a formula that, in OUI
0(' V t) no(tatlOn syste) m, would be written 85 ((p Y r) /I (q V -.r) /I (-.q) A
""""'P t) .
A aY .....
(iv) 1f.A is given b {P I. I
T = A( ) =
y '~' r, a, t ,I.e., the (partial) assignment such that A(P) '"
the forr: :t)(ill)1a~
ula =:.~~t),then ~ is an assignment not satisfying
. lS, .....wever, satiBfiable.
 8 Resolution 51

·PROLOGNotation:

Another way of thinking of clausal or conjunctive normal form ill in terms of im-
plications. SUPP05e we have a cleuee C whose pontive li~ral$ (the propositional
letters contained in 0) are AI, ... , Am and whose negative litera~(the propoai-
tionalletters p eueh that p (i.e., (-.p)) is an element of 0) are B1, •.• , Bn• The
clause 0 ill then equivalent to AI V A2 V ... V A v..,81 V ... V ..,Bn• This in
tum is equivalent to BI " B2 ••• "Bn --0 Al V V Am. U there ill at most one
positive literal [i.e., at most one A.) in 0, then 0 is called a Horn clawe (or a
program clawe if it has exactly one positive literal). If the Hom clause contains
some negative literals it is a role, otherwise a fact. A goal claWt is one with no
positive literals. It is the logic and proof theory ofthese c1aUBeS (which we analyze
in Section 10) that is the heart oE PROLOG. (PROLOG is, however, not limited to
propositional letters. It also allows for variables in its literals. We elaborate on
this when we deal with predicate logic in Chapter II.)
The standard notations in PROLOG reverse the order used in --0 and instead use
either _ or :~ which are read "if". Occurrences of the "symbol are replaced by
commas. Thus, At :- BI,~ •... , Bn or AI +- BI, ... , Bn is read (and means)
Al if (BI and B2 and ... and Bn). In terms of generating deductions or writing
programs one thinks of the assertion of a clause 0 such BB AI :- 81, ••• , Bn,
as specifying conditions under which AI is true. We are usually Interested in
I'$tablishing BODIe result. Thus, AI is called the goal of the clause 0 (or at umee
the head of 0) and Bt, ...• B« the subgoals (or body and with this terminology
the symbol" :- .. is called the nul) of O. The idea is that 0 telIa us that to
establish A we should first erItablish each of B1, ••• ,Bn• Along with the goal -
subgoal terminology, come the terms succeed and fail. One says a goal A succeeds
if it is true, or more preciBely from the programming point of view. if we have
a proof of A. Otherwise we aay the goal fails. Be warned, however, that this
terminology of success and failure.is (at I_t for now) somewhat imprecise.
It is worth noting what these views imply for the meaning of the degenerate cases
of the notation :_ ,i.e., when n = 0 or m = O. If m = 0, then :- BI, ... , B..
(or +- BI, ... , Bn). called a goal claw!!', is t:quivalent to ....BI V ••• V ....8.., i.e., it
asserts that one of the Bi fails (ill false).lfn = 0, then AI:- (or Al _), caI1ed
a unit daWt, is equivalent to simply AI; thus this notation simply say.a that AI
succeeds (is true).

The resolution rule is much like a version of modus pcnens called cut. Modus
pcnens (see §1) says that from a and a _ fJ one can infer /3. In this format, the
cut rule says that from a V.., and --.a V fJ infer .., V [3. Thus, cut is somewhat
more general than modus ponens in that it allows one to carry along the extra
proposition ..,. Resolution is & restricted version of cut in which a must be a
literal while fJ and "y must be clauses.

le6nition 8.3 (Resolution): In our current terminology. we say that, from clauses
eland 02 ofthe form {t} u c;:
and {l}u C&, infer 0 = c;:
u 0& which is called
a feSoll1ent of 01 and O2, (Here t is any literal and U means that we are taking
a union of disjoint eeee.) We may also cell 01 and 02 the parent and 0 their
child and say that we rt.folved on (the literal) t.
�2 I. Propcsitional Logic

(Note that, compared to the classical form of the cut rule, the ~Iution rule
abo eliminates redundancies, l.e., letters common to Ct and C2. This takes the
place of certain axioms in 11 classical proof system such as the Hilbert-style one
of §7.)

Resolution is, of course, 11 sound rule, that is, it preserves satisfiability for evel)'
truth assignment. If some assignment satisfies both Ct and ell, whatever it does
for I, the literal on which one resolves, it must satisfy one of C: or q and
hence the resolvent qU~ . (This argument is formalized in Lemma 8.12.) The
resolution rule can thus be used as the basis of a sound proof procedure.

Definition 8.4: A (ruolution) deduction or proof of C /rom a given formula Sis

a finite sequence Ci,C2, ••• ,Cn = C of clauses such that each Ci is either a
member of S or a resolvent of clauses Cj, Ck for j, k < i. If there is such B
deduction, we say that C is (molution) provable from S and write S f--'R. C. A
deduction of 0 from S is called a (resolution) refutation of S. If there is such &
deduction we say that S is (molution) refutable and write S f--'R. D.

Warning: A resolution refutation of S gives a proof of 0 from S. As 0 is

always false, we should think of this 85 showing that S can never be true, l.e., 5
is unsatistiable. This is the soundness theorem (Theorem 8.11).
Examples 8.5:

(i) From {P, r} and i-s , -rr} conclude {p, __q} by resolution (on r).
(ti) From {P, q, __r, s] and (__p, q, r , t] we could ooncludeeither{q, --.r, s,
r, t} or {p, q, s , --p, t} by resolution (on p or r), respectively. Of course,
both of these c:Iauses are valid and are equivalent to the empty formula.

~ more useful picture of a resolution proof is as a tree of deductions rather t,h8l1

JUst the sequence described above.

Definition 8.6: A re.!olution tree proof of C from S is a labeled binary tree T with
the following Properties:

(i) The root ofT is labeled C.

(il) The leaves of T are labeled with elements of S.

(iii) If any non1eaf node . labeled
Ut IU'e labeled with U IS wit.h C2 and its immediate successors aD,
,.
COo, 0" respectively, then C2 is a resolvent of Co and

Example 8.1: Figure 16 .

{{p r} {q -rr} gives a resolution tree refutation of the formula S ""
o ~m 'S:' , I'vl. {-.p,t}, {-..,a}, {IJ, ...,t}}, I.e., a resolution tree proof of
 8 Resolution 53

FIGURE 16.

Lemma 8.8: C has a reBolution tree proof from S if and only if there is a resolution
deduction of e from S.

Proof: (=» List all the labels of the nodes (T of the tree proof of e
from.s in any
order that reverses the < ordering of the tree (so leaves are listed first and the
root last). This sequence can be seen to be a resolution deduction of e
from S
by simply checking the definitions.
(<=) We proceed by induction on the length of the resolution deduction of e
from S. Suppose we can get tree proofs for any deduction of length < n and
C1, •••,en is one of length n from S. If Cn E S, there is nothing to prove. If not,
then Cn is the resolvent of Ci and Cj for some i and j less than n. By induction,
we have tree proofs T. and Tj of C. and CJ. Let Tn be the tree whose root is
labeled e and to whose Immediate successors we attach T, and Tj• Again, by
definition, this is the desired tree proof. 0

Yet another picture of resolution deduction corresponds to the inductive defini-

tion of the set of theorems or clauses provable from S.

Definition 8.9: R(S) is the closure of Sunder reBolution, Le., the set determined by
the following inductive definition:

1. If C E S, C E 'R(S).

2. If Gl, C:l E R(S) and e is a resolvent of G1 and C:l, then G E :R(S).

Proposition 8.10: For any clause e

and fOfTTlW4S, there is a resolution deduction
of G /rom S iff C E R(S). In particular, there is 11 re301tdionrefutation of S
iff 0 E 'R(S).
Proof: Exercise 1. 0
S4 I. Propositional Logic

The first observation to be made is that no matter how the resolution method
is described, It gives a sound proof procedure.

Theorem 8.11 (Soundness of resolution): If there is a resolution refutation of 5,

then 5 is tl1UotUfioble. I

We first prove a lemma which is needed for the inductive step in the proof of the
~rem. I

Lemma 8.12: If the formula (i.e., set of clawes) 5 = {C1, C2} is satisfi~ble and ~
is a ~"olvent 0/ 01 and O2, then C i3 sati3fiable. Indeed, any asSIgnment
JotUfJliny S satiJ}ies C.

Proof: A$ C is a resolvent ofCI and C2, there are t, Cl and C2 such that CI = {l}~0'
C2 = {il u q and C = Cl u C~.As A satisfies {CI, C2}, it sa.tisfi~ (that 1S,~
contains an element of) each of CI and C'l' As A is an 8SSignmen~, It cannot C!,
the case that both I E A and lEA. Say 1'1. A. As A F C'l an~ l fI- A, AF 0
and so A Fe. The proof for I 'I- A just replaces C'l by Cl and l by t.

1
Proof (of Theorem 8.11): If CI, ... ,C.. is a resolution deduction from 5, then the
lemmashows by induction (on n) that any assignment satisfying S satisfies every
0•. If the deduction is in fact a refutation of S, then en
= D. As no 8S5ignme~
can satisfy 0, S is unsatisfiable. F

Remark 8.13: The soundness theorem and its proof could just as well have ~n
phrased direetly in terms of Definitions 8,6 or 8.9. We leave these formulations
85 Exercises 2 and 3.

Our next major goal is to prove that the resolution method is complete, i.e., if S is
unsatisfiable, then there is a resolution refutation of S. We then want to consider
ways of Implementing a search for a refutation of S. We first consider using the
resolution method as originally presented. We then introduce more and more
restricUve versions of resolution which are designed to make the search more
efficient without rendering the method either unsound or incomplete. Following
this line of development, we first present a simple direct proof of the completeness
of the general form of resolution given in Definition 8.3. This proof, however,
relies on the (semantic form of the) compactness theorem. We then introduce
~d analyze a somewhat abstract description of umatisfiability. It supplies us
With a proof of the completeness theorem for resolution deduction that does not
rely on the compactness theorem and a new proof of the compactness theorem.
That. proof of .completeness is the paradigm for the completeness proofs of the
restncted version of resolution presented in §9.
 8 Resolution 55

We begin our first path to completeness with a lemma that allows us to eliminate
literals in clauses which are resolution deducible from an unsatisfiable formula
S. Repeated applications of the lemma show that 0, the clause with no literals,
is deducible from S,

.emma 8.14: For any formula T and any literali, let T(i} = {C E :R.(T}I i, I fI. C}.
If T is unsatisfiable, then &0 is T(l}.

)roof: Assume T is unsatisfiable and suppose, for the sake of a contradiction, that
A is any assignment that satisfies T(l} and is defined on all the literals (of T)
other than t. Let At = =
Au {l} and A:z A u {i}. Ai;, T is unsatisfiable, there
are clauses Ct and C:z in T such that Al JI! CI and A:z JI! C:z. Now as lEAl and
At JI! CI, l fI. Ot. If I is also not in CI, then 01 E T(l} by definition. Ai;, this
would contradict our assumption that A 1= T(l}, IE Ot. Similarly, l E O:z. Thus,
we may resolve 01 and C:z on l to get a clause D not containing l and hence in
T(l). (As a resolvent of two clauses in T, D is certainly in :R.(T». Then, by our
choice of A, A 1= D. If .A satisfies the resolvent D, however, it must satisfy one
of the parents 01 or 02. Thus, we have the desired contradiction. 0

lheorem 8.15 (Completeness of resolution): If S u umatufiable, then there is a

resolution refutation of 8.

'roof: By the compactness theorem (Theorem 6.13), there is a finite subset 8' of 8
that is unsatisfieble. As any refutation deduction from 8' is one from 8, we may
assume that 8 is finite, i.e., it contains only finitely many clauses. If there are
only finitely many clauses in S and each clause is finite, there are only finitely
many literals, say l1,l2,'" ,l .. which are in any c:lause in S. For the rest of the
proof we consider only clauses and formulas based on these n literals.
We wish to consider the set of clauses 0 E :R.(5) and prove that it contains 0. We
proceed by eliminating each literal in turn by applying Lemma 8.14. We begin
with S.. = 8(l ..) = {C e 'R.(S)ll .. .i; ¢ O}. By definition, it is a collecuca of
resolution consequences of 5 none of which contain l,. or l... By Lemma 8.14 it
is unsatis6able. Next we let 8 .. _1 = 5..(l.._I). It is an unsatisfiable collection of
resolution consequences of 8 .. (and hence of S) none of which contain l .. _I, 1.._1.
l..or l...ContinuIng in this way we define 8"_2,' .. ,80• By repeated applications
of the definitions and Lemma 8.14, we see that 80 is an unsatisfiable set of
resolution consequences of 5 containing no literals at all. Ai;, the only formulas
with no literals are 0 and {D} and 0 is satisfiable, 0 E 50. Thus, 0 is a resolution
consequence of 5 as required. 0

We now turn to a more abstract formulation of the notions and lemmas inherent
in the proof of the completeness of resolution deduction. They are needed to deal
with the refinements of resolution in §9 and §10.
56 I. PropaaitionaJ Logic

Defl.nition 8.16: If S is a formula and l a literal, we let

S' ~ IC - Il)l C E SAt ¢ C).

So st consists of those clauses C of 5 containing neither l nor l, plus those

clauses (not containing l) such that C u {l} E S. Note that if the singleton
clause {l} is in 5, then 0 is in 51.

Admittedly, this definition seems somewhat obscure at first reading. It is based

on the idea that we can analyze (the satisfiability of) S by cases. Sl corresponds
to the result of the analysis under the assumption that l is true. S1 gives the
result when 1is essumed false. Consider, for example, the formula $ under the
assumption that l is true. The first point here is that, if l is true, then ~y
I
clause containing 1 is satisfied since a clause is equivalent to the disjunction
of its literals. As the formula S is equivalent to the conjunction of its c~au~,
any clause known to be true can be eliminated from S without changmg Its
satisfiability. Thus, assuming l to be true, we may omit any clause containing
1 from 5 a" far as satisfiability is concerned. This is precisely the point of the
part of the definition of st that restricts the clauses under consideration to those
C such that l 'I- C. The next point of the analysis is that, still assuming l. to
be true, l can be omitted from any clause C containing it without changing the
satisfiability of C. (Again C is equivalent to the disjunction of its members. If one
of them is known to be false it cannot affect the S&tisfiability of the disjunction.)
Of course, if the satisfiability of C is not affected, neither is that of the formula
5 containing it. This is then the point of that part of the definition of s' which
says replace C by the smaller clause C _ {l}.

!f l is false, then l is true and the same analysis applies to 51. As one of I s.n~
l must be true, we can argue (as we do in Lemma 8.19) that $ is satisfiable If
and only if one of st and 51 is satis6able. Thus, we can reduce the satisfiability
problem for 5 to two similar problems for formulas Sl and Sl with one less
propositional letter. We can then continue this procedure by considering each of
the two new formulllS st and sf. In this way, we could produce a binary tree of
formulllS in which we would successively eliminate one literal at each level of the
tree. E~ ~h through this tree corresponds to an assignment. The branch
through S 1lI the one that tnakes l true. The one through l is the one that
makEs 1false. If every path through the tree ends with a formula containing the
empty clause 0, we can conclude that the original formula S was uusatlsfiable.
On the other hand, if Dot all patl1lllead to 0, then, if we successively eliminate
all the literals appearing in $, either there is an infinite path along which we
have ~inated ~ry li~eral or at least one path ends with the empty formula
0. In el~her case S ~ satisfiable. Indeed, the appropriate path (infinite or leading
to it) directly supplies an assignment satisfying S.
 8 Resolution 57

Seen in this way, the plan of the analysis is similar to that of tableau proem
beginning with Fa for some proposition a. There too, we attempted to analyze
all ways of making a false, i.e., of verifying Fa. If they all lead to contradictions
(18), we conclude that Fa is unsatisfiable and 0 is valid. Here, if all paths lead
to a formula containing the unsatisfiable clause 0, we conclude that the formula
S is unsatisfiable. On the other hand, if the tableau analysis was finished and
produced a noncontradictory path, we could use that path (Lemma 5.4) to define
a valuation satisfying a. In the analysis here, when we eliminate all the literals
(corresponding to finishing the tableau) and are left witb an infinite path or one
ending with the empty formula 0, this path itself directly supplies the assignment
satisfying S.

We illustrate the construction of Sl from S and the general form of this analysis
by considering two examples.

~mple 8.11: Let S == {{P}, {-.q}, {-.p,...,q}}. The analysis in which we eliminate
first p and then q can be represented by the tree in Figure 17:

13" = {O}

FIGURE 17.

Assuming p is true, we eliminate the clause {P} from S and the literal-.p from the
clause {""p, -.q} to get sP on the left side of the first level of the tree. Assuming
that p is false;
the right side (Si') reduces to {D, {-.q}} since S asserts that p is
true by haYing {p} as one of its clauses. At the next level, we consider q. On the
left, when q is assumed true, we again get 0 as $P asserts that -.q is true. On
the right, where we assume that q is false, we eliminate all clauses containing
""q to get the empty formula. Thus, we have a path ending in 0. It supplies the
esslgnment satisfying S: Make p true and q false.

lxaxnple 8.18: Consider the formula proven unsatisfiable in Example 8.7, S =

{{P, r}, {q, ~r}, {~q}, {-.p, I}, {",-,},{s ~I}}.We _ the analy,~ byelim-
inating p. When we assume p to be true, we eliminate the clauses containing P
(as they are true) and omit -.p from the others (since being false -.p cannot
help to sa t~fy them) to get 13' ~ {{q,~}, {-.q}, {t}, {~.}, is, ~t}}. On the
other hand, when we assume that p is false we eliminate clauses containing -e
and «move p from tbe otbe'" to get s> _ {{r}, {q,~}, {-.q}, {~.}, [e ~t}}.
Figure 18 shows part of the full tree analysis.
58 I. Propositional Logic

FIGURE 18.

The path of the analysis through $fill terminates at this point since ~t eon-
tains 0 and so is unsatisfiable. The other paths displayed, however, continue- If
continued, every path would eventually terminate with an unsatisfiable formula
containing 0 as a clause. This is the analog of the proof that 5 I-n O. We leave
the completion of this analysis as Exercise 4.

We now formulate and prove the results that say that the analysis discussed
above correctly captures the notion of satisfiability.

Lemma 8.19: S i.!J 3awfiable if and only if either S' or 51 is satisfiable. (Warning:
In the "if" direction the assignments are not necessarily the seme.)

Proof: (=?) Suppose that A F S.U A were a complete assignment, we could conclude
that it must make one of l, 1true, say i. We could then show that A l= st. Ifwe
do not wish to make this assumption on A, we instead start with the fact that,
by definition, one of l or 1 does not belong to A. For the sake of definitenESS
assume that 1 ¢ A. We DOW also claim that A F st. We must show that ).
satis:6.~ every clause in s, Consider My C E st. By the definition of 51, eithet
C U {l} e S or C e S (depending on whether or not l is in the clause of 5
which "puts" C into st). Thus, by hypothesis, A ): C or A t= C u {l}. As &II
assignment satisfies a clause only if it contains one of its literals, there is a literal
It such that either k E Cn A or k e (CU {l})nA. As l f1. A by our assumptioll,
in either case we must have k e C n A, l.e., A t= C as required. The case that
l f1. .A is handled similarly.

('¢::) Suppose for definiteness that A t= S'. Now neither l nor l appear in anY
clause of Sl and so we may adjust A on l as we choose without disturbing the
satisfiability of s'. More precisely, if we let A' = (A ~ it}) U {l}, then A' F s'
ss well. We claim that A' Fe S. Consider any C E S. If lee then A' t= C as
~ e A'. If t 't G th~n C - {t} E Sl by definition of st. As A Fe 'st, there is some
llterel It E (C - (l}) n.A. Now A and A' differ at most at 1 and t. As k '" l OT
l, we see that k e A' n C as required. [J

Corollary 8.20: S U UMalisfiable iff both st and S' are.

 8 Resolution 59

This corollary, together with the unsatisfiability of 0, actually characterizes the

property of unsatisfiability.

Theorem 8.21: 11 UNSAT = {SI S is an unsatisfiable formula}, then UNSAT is the

collection U of 10rmult:Ul defined inductively by the 10UOUJingclauses:

(i)OES => SEU

and

(ii) e cu A SlEU => SEU.

Proof: As 0 is unsatisfiable, UNSAT satisfies [i). By Corollary 8.20 it also satisfies [Il].
Thus, U \:; UNSAT. We must show that UNSAT \:; U. We prove the contrapositive
by showing that if S ¢. U, then S is satisfiable. Let {Pi} list the propositional
letters such that Pi or Pi occurs in a clause of S. Define by induction the sequence
{li} such that li = Pi or Pi and Sll,...,t, ¢. U. (Property (ii) guarantees that we
can always find such an ld Now let A = {lil i E JI}. We claim that A satisfies
S. Suppose C E 5. We must show that en A # 0. As C is finite, there is an
n such that for all propositionallettefS Pi occurring in C, i < n, If C n A = 0,
then Vi < n (li ¢ C) and so a clause corresponding to C is passed on to each
st" ....e, for i < n. At each such transfer,. say to 51\,....e, we remove Ii from the
clause. As all literals in C are among the Ii, the clause deriving from C becomes
Din st......e... By our choice of the ii' Stl,...,t.. ¢. U. On the other hand, any S
containing 0 is in U by Clause {l] and we have our desired contradiction. 0

This result is the analog of Lemma. 5.4. The choice of the sequence li corresponds
to the definition of the assignment in Lemma 5.4 from the signed propositional
letters appearing on the noncontradictory path on the finished tableau. As there,
we are building an assignment that satisfies every entry on the path being con-
structed. Since we eventually reach the unsatisfiable clause 0 in this construction,
we have the desired contradiction. As for tableau proofs, this characterization
of unsatisfiabillty is really the heart of the completeness proof of the resolution
method.

Theorem 8.22 (Completeness of the resolution method): 11 5 u uraatuftable, then

thert is a re301ution nfutation of 5 (equivalently, 0 E 1l(5)).

Proof: We proceed by induction according to the characterization of UNSAT provided

by Theorem 8.21. Of course, if 0 E S, then 0 E R(S). For the inductive step,
suppose that, for some i and S, 0 E 'R(st) and 0 E 'R(sl}. We must show that
DE Ro(S). By assumption, we have tree proofs Ta and T1 of 0 from Sl end Sl.
Consider To. If every leaf in To is labeled with a clause in S, then To is already
a proof of 0 from S. If not, we define a tree 76 by changing every label C on To
 60 J. PrOpoliitionaJLogic

that is above a leaf labeled with a clause not in S to C U {l}. We claim that
~ Is a tree proof of {l} from S. Clearly, by the definition of st, every leaf of
~ is in S. We must now check that every nonlear node of T~ is labeled with a
resolvent C' of its immediate successors q and er.
Suppose they correspond to
clauses C, CO and CI, respectively, on To. As To is a resolution tree proof, C is a
resolvent of Co and CI• Note first that no resolution in To is on l or l as neither
appear in any label on To (by the definition of st). Next, consider the possible
forroso! clauses Co, q and C' on 10. If, for example, both Co and C1 (and hence
certainly C) are above leaves labeled with clauses not in 5, then C' = C U {l}
is the resolvent ofq = Cou{l} and C; = C1 U{l}, as is required forT~to be
a resolution tree proof. The other cases to consider either keep all three clauses
the same in 10 as they were in To or change C and precisely one of Co and C1
by adding on {l}. In all these cases C' is still clearly the resolvent of C~ and c:
and we again verify that 'I6 is a tree proof. Similarly, if we replace every label
C on a node of T1 above a leaf labeled with a clause not in S by C U { t },we
get r:, a tree proof of {I} from S (or, if ell leaves were in S, one of 0). We
can now define a tree proof T of 0 from S by simply attaching 70 and T{ to the
immediate successors of the root node of T which we label with O. As 0 is a
resolvent of {l} and {i}, the resulting tree T is a proof of 0 from S. 0

·Compactness revisited

Of COUl1le there ill no need to reprove the compactne&l theorem as it can be

phrased 1KI1e1~in. semantic terms. Nonet.helell8 we offer another proof based on
the characteri2a.tlon of UNSAT given by Theorem 8.21. It is the construction of
the infinite sequence Ii of literals in the proof of this theorem that corresponds
to. ~e path through the tree of assignments (given by Konig's lemma) in our
ol"lglnal proof of compactness in Theorem 6.13.

Theorem 8.:13 (Compactness): If S is u!Ualisjiable, 80 i.s some finite sub"et 0/ S.

Proof; T Let
aatisfi {SI3Sd1 (")
T ~ (') ~ SISt is finite 1\ SI ts UlISatisfiabl.jl ~a" show that
, If we ~.
·'1 ~ t an formulllll.
... uliSahsfiable U of Theorem 8.21. then we are done for it will then contain

(i) If 0 E 5, then 51 = (O} C 8 ahOWli that SET '_>

~ ~:PPQle~'~
- IIlI teqUh .....

E T. We must show that SET. By definition of T, ~ and

d• C'lere are nl.ta formulllS 8" 52 <;;; 8 such that ~, C ~ s! c sl and
an ~ are UllSBtl8fiable. Let 5 8 _ , 2_
sf
to show that it ill UIl8at. 3 "" I U 82• SJ is a finite sub6et of 5. It suffiCe!!
e
..... fyioo S N A 1S.fut.bl.~ . not, the.!' there would be an assigmnent .A
"C J. ow must omit either I I. ""'- ..J
51, respectively. As it would then . o~ ... nus, .A would satisfy either '>,j or
desired con·_ .. -.....I: 'lOn.
• sf
satisfy 2 or (8fl 83 J 52, 51), we have the0
 8 Resolution 61

~ercises

1. Prove Proposition B.lO by induction. (Hint: For one direction proceed by

induction on the number of lines in the proof. For the other direction
proceed by induction on the definition of 'R.(S).)

2. Rephrase the proof of Theorem 8.11 (soundness) in terms of resolution tree

proofs and an induction on their definition.

3. Do the same for the version of resolution deductions defined in terms of

o E R(S).
4. Continue the analysis in Example 8.18 until every path terminates with a
formula equivalent to the unsatisfiable clause O.

5. Rewrite the following in both conjunctive normal and clausal form.

(a) ((A v B) ~ (CV D))

(b) ~(A 1\ B 1\ ~C)
(0) ~«(A 1\ B) v (B V C) V (A 1\ C».

6. Which of the following clause sets are satisfiable? Give assignments satis-
fying them if they are. If they are not, explain why not.

(a) {{A,B}, {~A,~B}, {,A,B}}

(b) {{~A}, {A,~B}, {B}}
(0) {{A},O}
(d) {OJ.

7. Find aU resolvents for the following pairs:

(a) {A,B}, {~A,~B}

(b) {A,~B}, {B,C,D}.

8. Find R(S) for the following sets S:

(a) {{A,~B}, {A,B}, {~A}}

(b) {{A}, {B}, {A,B}}.

9. Find a deduction of the empty clause from

10. Use resolution to show that each of the following is not satisfiable by any
assignment.
62 I. Propositional Logic

[e} (A - (B - C)) A (A _ B) A (A ~ "e))

(b) "«((A - B) _ "B) _ "B)

II. Let 0: be the proposition -.(pVq) ......(-.pl\-.q).

(a) Give a tableau proof of a.

(b) Convert -o into CNF and clausal form. (Show the steps of the COD-
version.)
(c) Give a resolution proof of a.

12. Do the same for the Proposition {3 = (--.r V (p 1\ q)) ...... ((r --+ p) 1\ (r ......q)).
13. Provt! that if S I-'R, C, then S 1= C.

14. Provt! that if Su {-...A} E UNSAT, then S ht A.

15. Let T be defined inductively by the following clauses;

(i) {O)ET D
(il) Sl,SIET~SET.

Prove that for every finite S E UNSAT, SET but that not every S E UNS: L.
is in T. (Thus, the characterization of UNSAT in Theorem 8.21 cann~t.
changed by replacing the base step assumption that all formulas cont~n~ng
o are included by the plausible alternative that just the formula COnslStLDg
of 0 alone be included.) PI

9 Refining Resolution

Resolution is already a considerable improvement, for example, on the classical

system of rules and axioms in §7. Resolution is intUitively more efficient becaus;
one is never tempted to ask which (of the infinitely many) axioms (of §7) shoul
we put down next in our proof. There is only one rule for resolution. Thus, when
we try to search systematically for a resolution refutation of a given (say finite)
I Tl
Pr

$, we need only arrange to check the application of this one rule to elements
of S and Previously deduced clauses. Even so, the search space can quickly be-
come quite large. In fact, it is known that, for a certain class of theorems, the
standard resolution method takes exponential time. A major concern is then
developing ways to limit the search space (preferably without giving up sound-
ness or completeness although in actual applications both are often sacrificed;
more on this POint later). In all honesty, we should point out that restricting
the search space for proofs means that we will miss some proofs. Thus, although
we search through a. smaller space, the proofs we find may well be longer than
 9 Refining Resolution 63

those found by a wider search. Nonetheless, pruning the search tree does seem
to be more efficient. (Of course we are using efficiency in a heuristic sense. SAT
= {SI S is satisfiable} is NP-Complete in the sense of complexity theory (see
Garey and Johnson 11979, 5.3]) and no system can avoid this theoreticallimita-
tion. Nonetheless, in practice smaller search spaces tend to correspond to faster
run times.) We consider just a few of the many possible strategies for directing
the search for a resolution refutation.
We can consider directing the search from two viewpoints. The first is to ter-
minate the search along paths that are unpromising. The second is to direct it
by specifying the order in which we should try to go down alternative paths.
Perhaps the most obvious branches to prune are those with tautologies on them:
If C is a tautology, then it can't be of any use in showing that S is unsatisfiable.
As it is easy to cheek if a clause C is a tautology (just in case it contains both p
and fi for some propositional letter p), this is an inexpensive and useful pruning.
(The cost of checking for tautologies has been absorbed by the requirement that
we consider only clausal forms. Putting an arbitrary proposition into CNF can
be expensive.)

~finition 9.1: T-resolutions are resolutions in which neither of the parent clauses
is a tautology. 'RT(S) is the closure of 5 under T-resolutions.

emma 9.2: Any restriction of a sound method, ce., one that allows fewer deductions
than the sound method, is itself ,found. In particular, as resolution is sound, so
is 'R.T, ce., if 0 E 'RT(5), 5 is un.!atisfiable.

roof: AB any deduction in the restricted system is one in the original system and
by soundness there is no deduction of 0 in the original one, there is none in the
restricted system. 0

It is also not hard to see that 'R.T is complete.

'ecrem 9.3 (Completeness ofT-resolution): If S i! unsatisfiable, then 0 E R.T(S).

oaf: The proof of the completeness of resolution given in Theorem 8.22 remains
correct for 'RT. The only remark needed is that if To and TI heve no tautologies on
them, then neither do the trees 70 and 7i gotten by adding l and t, respectively,
to the appropriate clauses. The point here is that no clause on To (TI) contains
1 (1) by assumption as To (Til is a proof from 5' (5i). 0

Tautologies are true in every assignment and so can surely be ignored. We can
Considerably strengthen this semantic approach to refining resolution by fixing
one assignment A and requiring that in every resolution one of the clauses be
false in .A. (Again, if both are true in A, so is the resolvent and we cannot hope
to get unsolvabillty without resorting to clauses that fail in A. Of course, this is
far from a proof that we can simply ignore all such resolutions.)
 64 I. Propolitional Logic

Defin.ltion 9.4: Let A be an assignment. An A-resolution is a resolution in whi~ at

least one of the parents is false in A. R:A. is the closure of S under A-resolutIOns.
This procedure is often called "emantic resolution.

Theorem 9.5 (Completeness of A-resolution): FOTany A and S, If S E UNSAT, then

DE 1<A(8).

Proof: Fix an assignment A and let TA = {SIDE :RA(S}}. We mu~t show th:
UNSAT ~ TA. By the characterization of UNSAT of Theorem 8.211t suffices
prove that

(I) OES~SETAand

(il) For any 5 and l, if 5' E TA and 51 ETA, then SETA.

(i)t is immediate. For (ti) consider the A-resolution proofs To and T1 of 0 from
5 and st, respectively. We can fonn 1ri (Tn as in the proof of Theorem 9.3
before by adding 1(i) to the approp!iate clauses of To (Td. The resulting trees)
1
are, of course, resolution proofs of { l} and { z}, respectively (or perhaps of 0 '
They may not, however, be A-resolutions since one of 1, l may be true in A. On
To
the other hand, as at most one of i, l is true in .4, at least one of and 11 is.au
A-resolution proof. For definiteness say that i fI- A and so T: is an A-resolution
proof of {i} or 0 from 5. In the latter case we are done. In the former, we csn
combine this proof of {l} with To to get the desired A-resolution proof ~f 0 as
follows: To each leaf C of To that is not In 5 attach as children C U { i} and
{l}. As i;' A, this is an A-resolution. Since C ¢ S, C u {l} is in S. Th.U5,
except for the fact that { l} may not be in S we have the desired A-resolution
proof of 0 from S. We finish the construction'of the required proof by attaching
a copy of the tree 11 below each leaf labeled with { z}. The resulting tree is nOW
easily seen to represent an A-resolution deduction of 0 from S. Other than the E
resolutions of {i} and nodes of the form C U {i} that we have just consid~,
all the resolutions appearing in this new proof appear in one of the A-resolution
deduction trees To or 11· Thus, every resolution appearing on the tree is an
A-resolution. 0

As.an example of a syntactic procedure that, to some extent at least, determines

which resolutions we should try first, we Consider ordered resolution.
De8nition 9.6: Assume that we have indexed aU the propositional letters. We define
'R«S), for ordered resolUtion, as usual except that we only allow resolutions of
In U {P}
~I Ct or Cand
2•
C2 U {p} when p has a higher index than any propositional letter

~ain if we t.ry to mimic the proof of completeness given in Theorem 8.22 by

sunply restonng P and jj to the ordered proofs To T of 0 from S1' and S', v.'e
may no longer have ordered resolutions. All we need ~ do however is reeJCB,lIlinll
our characterization of UNSAT to see that ordering can ~ im~.
 9 Refining Resolution 65

Theorem 9.1: UNSAT i.! equal to the chis., of formulw U< ckfined inductively by the
following clauses:

(i) OeS=}SeU< and

(ii<) If no propositional letter with index stricUy smaller tMn that of p occurs
in S, 8" e us and S' eU<, then S «u«.

Proof: As the inductive clause (il<) is weaker than (il) of 8.21, U< is surely contained
in U = UNSAT. On the other hand, if we list the {Pi} occurring in S in ascending
order of their indices, then the original proof of the characterization of UNSAT
(Theorem 8.21) actually shows that any S ¢ U< is satisfiable and so UNSAT is
also contained in U<. 0

The proof of completeness of resolution in Theorem 8.22 with 'R. replaced by n<
and (ii) by (ii<) now proves the completeness of ordered resolution.

rheorem 9.8 (Completeness of ordered resolution): If S is unsatisfiable, then there

is an ordered re30lution refutation 0/ S, i.e., 0 e 'R«S).

Ordered resolution eliminates some of the duplications resulting from different

permutations of the literals on which we resolve producing the same resolvent.
It therefore reduces the number of times we derive any particular clause. There
are many other versions of refutation each of which eliminates some aspect of
the search space. A couple of them are discussed in the exercises while the most
powerful - linear resolution -is considered in the next section in the setting of
propositional logic and in the next chapter in the setting of full predicate logic.

xercises

1. Suppose S is a set of clauses, U ~ S and S - U is satisfiabJe. A resolution

has support U if not both parents are in S - U. Give a complete definition
of a resolution of clauses with support U and the associated set 'RP (8).
Prove that S e UNSAT ~ 0 E 'R,U(S).

2. We say informally that an F-f'e$oIution is one in which one of the clauses

is a goal clause (I.e., it contains only negative literals). Give a complete
formal definition of F-resoJution (that is, without referring to the basic
definition of resoJution) and of S I-F 0 (there is an F-resolution proof of
o from S). Prove that 8 e UNSAT iff S J- F D.
3. Let S be a finite set of clauses. Arbitrarily give each occurrence of a
literal in the clauses of S a distinct index. A lock resolution is a resolution
in which the literal resolved on has in each parent the lowest index of any
literal in that parent. The literals in the child inherit their indices from its
parents with the proviso that, If a literal appears in both parents, then in
 66 I. Propoaitional Logic

the child it has the smaller of the two possible indices. (We use superscripts
to indicate the tndextng.)
Example:
C1 = {pi, q2, r3}
C1"" {""p4, q5}
C, = {",'J
S = {CI, C1, C3}.

Here we can lock resolve C1 and C2 to get {q1, rJ} "" C4. C4 can then
be lock resolved against CJ to get {r3}. We cannot, however, lock r~~
C1 and C3 as we would have to resolve on q and the occurrence of q In . 1
does not have the lowest index of any literal in C2. (It has index 5 while
""p has index 4.)

Prove that lock resolution is complete, i.e., if Sis unsatisfiable, then there
is a lock resolution deduction of 0 from S. (Hint: Proceed by induct~on:
the euus literal parameter"" the total number of occurrences of liter
in S minus the number of clauses in S.)

4. Show that lock resolution cannot be combined with the omission of tau-
tologies to get a complete resolution system.

10 Linear Resolution, Horn Clauses and PROLOG

I
We wish to consider another refinement of resolution: linear resolution. We defer
the full analysis of this method to the chapter on predicate logic. Here we simply
describe it IlJ1d analyze its specialization to Horn clauses. In this form it becom;
the basic theorem prover underlying PROLOG. The plan here is to try to prcc ,
via a linear sequence of resolutions rather than a branching tree of them. \'Ie
carry out a sequence of resolutions each of which (after the first) must have 85
one of its parents the child of the one previously carried out.
Defln1tion 10.1:

(i) A linear (resolution) deduction or proof of C from S is a sequence of pairs

(Co,Ba), "" (O",B,,) such that C = On+! and

(l) Co and each B; are elements of S or some C with j

j
< i,
(2) each Ci+\, i :$ n, is a resolvent of C; and B•.

(il) ~ USU~we ~y that C is Unt:4rly deducible (or provable) from 5, S r£ C,

~ there 18 a bnear deduction of C from S. There is a linear refutation of S
if S I-c O. C(S) is the set of all clauses linearly deducible from S.
 10 Linear Resolution. Hom Clauses and PROLOG 67

The usual convention is to write linear resolutions with the starting point at
the top and the conclusion at the bottom (as opposed to the picture of tree
resolutions which put the node. labeled by the conclusion, at the top). Thus, we
picture a linear resolution as follows in Figure 19:

Co Bo

1/
Ct B1

1/

FIGURE 19.

= = =
:xample 10.2: Let S {AI, A2• A3, A..J. AI {p, q}. A2 {P, ~}, A3 = {-.p, q}.
At. {"'p, ~}. Figure 20 gives a linear refutation of S:
0::

FIGURE 20.
 68 I. Propoaitiooal Logic

Definition 10.3: In the context of linear resolution, the elements of the set S from
which we are making our deductions are frequently celled input clawes. The C,
are called unter clawe.! and the B; side clowes. Co is called the starting dame
of the deduction.

If we extend the parent-child terminology by defining the ancestors of a clause C

In a resolution proof of C from S to be the clauses above it in the tree proof, we
can rephrase the definition of linear deduction by saying that each C; is resolved
against an input clause or one of its own ancestors to produce C;+l'

Linear resolution is clearly a refinement of resolution; that is, every linear res-
olution proof is an ordinary resolution proof, As resolution is sound (Theorem
8.11), so then is linear resolution. In Chapter II, Section 14 we prove that linear L.
resolution is complete. For now, we wish to consider only the case of Horn clauses
and PROLOG programs.

DefInItion 10.4: P,

(i) A Hom claUJe is a clause that contains at most one positive literal.

(il) A progrom clalUe is one that contains exactly one positive literal. (In PRO-
LOG notation It looks like A;- Bl, B~" .. , B .)
n

(ill) If a program clause contains some negative literals it is called a rule (n > 0
in the notation of (li)).

(Iv) A fact (or unit clause) is one that consists of exactly one positive literal
(Notation: A. or A:- .).

(v) ~ goo1 claWie is one that contains no positive literals. (Thus, in PROLOG it
18entered as a question with the symbol 1_ .)

(Vi) A PROLOG program is a set of clauses containing only program clauses

(rules or facts).

Noti~e that Horn clauses are either program or goal clauses while program clauses
are mther rules or facts. An important point is that an inconsistency can arise
only. from the combination of a goal clause and a fact. The contradiction may be
mediated by rules but rules (and facts) alone cannot produce a contradiction.

Lemma 10.5: If a .Jet of Horn clatl.,le.JS it uruQtisfiable, then S mwt contain at least
one fact and one goal el4tl.,1e.

Proof: The assignment that mAL_ e ..

I~••~-
1AUlle very proJ)Osltionalletter true satisfies every pro-
<u<t:S
gram c • The assignment that makes every propositional letter false satisfie15
every,goa] clause and every rule. Thus, any unsatisfiable set of Horn clauses must
contam both a fact and a goal clause. 0
 10 Linear Resolution, Horn Clauses and PROLOG 69

The general view of a PROLOG program is that we are given a collection of facts
and rules and wish to deduce COnsequences from them. Typically, we may want to
know if the conjunction of some facts ql, q2, ... , q" follows from our program P.
We enter this as a question 1- ql,lh, ... ,q" at the PROLOG prompt and receive
an answer telling us if the qi are consequences of the program. The general idea
implemented by PROLOG Is to add on a goal clause 0 = {"'qt. -ea, ... , -,q',.}
to the given program and ask if the resulting set P u {O} of Horn clauses Is
unsatisfiable. The simple but crucial point here is that the conjunction of facts
qlllh,· .. ,q,. is a consequence of our assumptions P just in case Pu {G} is
unsatisfiable. We isolate this basic semantic transformation as a lemma. It is
implicitly employed every time we ask a question in PROLOG.

emma 10.6: If P is a PROLOG progmm and 0 = {-,q'lt ~2, ... , -.q,.} a goal clause,
then all of the q. are consequence.! of P if and only if P U {O} is unsatis/iable.

~of: The proof simply consists of tracing through the definitions. First note that
Pu {G} is unsatisfiable if and only if any assignment satisfying P makes 0 false.
Next note that the goal clause 0 is faJse iff none of the -.qi are true, i.e., Gis
false iff all the qi are true. Thus, our desired conjunction of facts is a consequence
of our assumptions P just In case Pu {G} is unsettsdeble. 0

Our goal now is to translate this semantic condition into a proof-theoretic one
that we can verify by resolution methods. In fact, we show that linear resolution
suffices to decide unsatisfiability for sets of Horn clauses.

eorem 10.7 (Completeness of linear resolution for Horn clauses): If S is an

tJ7I.'J
atisjiable "et of Hom clawu, then there is a linear re"olutWn deduction of
o from 8, ce., 0 E £(8).

lOt:. By the compactness theorem (Theorem 6.13 or 8.23) we may assume that S
IS finite. We proceed by induction on the number of literals in S. By Lemma
10.5 we know that there is at least one positive literal p occurring as a fact {p}
in S. Consider the formula Sf' as described in Definition 8.16. Each clause in
sP is a subset of one in S and 50 ia Horn by definition. We claim that sP is
Unsatisfiable. The point here Is that, if .A F S1', then .A U {p} to< S contradicting
the Unsatisfiability of S. As sP contains fewer literals than S (we omit any clause
containing p and remove p from every other clause), we may apply the induction
~ypothesis to sP to get a linear resolution deduction of 0 from sP. As in the
Inductive step of the proof of the completeness theorem for the general resolution
method given for Theorem 8.22, either this is already a linear proof of 0 from
S or we can convert it into one of {P} from S by adding P to every clause below
One Dot in S. We can now extend this proof one step by adding on {p} E S as
8 ne", side clause and resolving against the last: center clause {p} to get 0 as
l'tQuired. 0
 70 l. PWJlOllItional Logie

The advantage of linear resolution is obvious. We are now looking for a lin-
ear sequence to demonstrate uIlllatisfiability rather than a whole tree. The tree
structure of the searching in PROLOG is generated by the different possibilities
for side clauses. Each path in the tree of possible deductions by PROLOG repre-
sents a linear resolution. In the actual setting of a PROLOG program and a giWll
goal clause (question to the interpreter) we can be more precise in specifying the
order of clauses in the linear resolutions for which we are searching. By Lemma
10.4, we know that the goal clause must be used in the deduction. In fact, 'lie
can require our deduction of 0 to start with the goal clause and thereafter 00
use only clauses from the PROLOG program as side clauses. As these clauses are
called input clauses, this restriction of resolution is called linear input resolution.

Definition 10.8: Let P be a set of program clauses and G a goal clause. A linear inp!il
(L1) 1'e801utionrefutation of S = p U {G} is a linear resolution refutation of S
that starts with G and in which all the side clauses are from P (input clauses).

The method of LI-resalution is not complete in general as may be seen from the
following example.

Example 10.9: Recall the clauses of Example 10.2: S = {At. A2, A , A.}, At = {p,q/,
3
2
A .= {p, -,q}, A.l =
{"'p, q}, At = {"'p, -.q}. The only goal clause here is~
which we set equal to G. The remaining clauses are, however, not ail progralll
=
clauses. If we set P {AI, A2,~} and try. to produce a linear input resolutilJll
r:futation of S = Pu {G} beginning with G, we are always thwarted. Figure 21
grves one attempt.

The problem here is that, DO matter how we start the resolution when we gel
to a center clause that contains exactly one literal, any resolution' with a clause
~rn P produces another such clause as resolvent. Thus, 'We can never deduce
I
Linear input resolution does, however, suffice for the cases of interest in PROLOG
programming.

Theorem 10 10' ut P be L'

S -- P U' {G' ) E UNSAT
a set of /.1JTO:9ram
there· . dawes and G be a gool claUJe. 1

, 18 a lnear Input resolution refutation oj S.

Proof: Note first thatwe
(88 opposed to th can resolve a goal clause only against a program cw:
clauses being ~e~ ~Iause)as we must have some literal p in one of ~
literals. Moreover h ~ P m the other while goal clauses contain only negati"
as the single POSilj~ ~::: ~f any such resolution must again be a goal c1sU91
8lId It is removed fr m the program clause must be the one resolved oP
clause and the remain .the child leaving only the negative literals of the prograiJl
proof of 0 from S st":.:
o~ of the goal clause. Thus, if we have any Iin~
the proof must be oal ~ With G, then all the children of the resolutioDS ill
g c eueee and all the side clauses must be program claU¢
 JO Linear Resolution, Hom Clauses and PR.OLOG 71

{~p, ~q} {p, ~,I

1/
bl {p"l

1/
{pI {~p,,1

1/
{,I {p, ~,I
1/
{pI {~p,,1

FIGURE 21.

as desired. It therefore suffices to prove that there is a linear proof of 0 from

S starting with G. We again proceed by induction on the number of literals in
our unsatis.6able set of clauses, but we prove a stronger assertion than that of
Theorem 10.7 .

-emma 10.11: If T is a set of Horn clauses, G a goal clawe such that T U {G} E
UNSAT but T E SAT, then there is a lineor resolution deduction of 0 /rom TU{ G}
starting with G.

lroof: As before, we may assume that T is finite by the compactness theorem. We

proceed by induction on the number of literals in T. & in the proof of Theorem
10,7, we know that T contains a fact {P} for some positive literal p and that
T' = (T U {G})P = TP U {G}P is an unsatisfiable set of Horn clauses. (As G is a
goal clause, it contains no positive literals and so {G}P is just {G - {j}} }.) As
T Was satisfiable and contained {p}, TP is satisfiable by the same assignment
that satisfied T (by the proof of the "only if" direction of Lemma 8.19). Thus,
we may apply the induction hypothesis to T' to get a linear proof of 0 from T'
starting with G - {pl. If this proof is Dot already the desired one of 0 from T
starting with G, we may, as in the proofs of Theorem 8.22 or 10.7, convert it into
a proof of {p} from T starting with G. We can again extend this proof one step
by adding on {P} ETas a new side clause at the end to do one more resolution
to get 0 as desired. 0

As any set of program clauses is satisfiable by Lemma 10.5, this lemma suffices
to prove Theorem 10.10. 0
72 I. Propoeltlonal Logic

We now know the general format of the resolution proofs for PROLOG: linear
input resolution. There are two points left to consider before we have the precise
mechanism used by the PROLOG implementation. The most important one is that
PROLOG is not restricted to propositional logic; it uses predicates and variables
I
as well. This is the topic of the next chapter. The other point is more technical;
it concerns ordering considerations which come in two varieties. The first deals
with the actual representation of clauses in the implementation of resolution and
the choice of literal on which to resolve. The second deals with the ordering of
the search for linear proofs: searching and backtracking.
We begin with the representation of clauses. Our abstract presentation of res--
olution deals with clauses viewed as sets of literals. As sets, the clauses are in-
trinsically unordered. A machine, however, typically stores clauses as sequences
of literals. Moreover, it manipulates them as sequences and not as sets. Thus,
set-theoretic operations such as union must be replaced by some sort of merg-
ing procedure on sequences. In particular, when G = {...,Ao,...,Al>" .,...,A .. } and
H = {B, .... 80, ... , ....Brn} (viewed as ordered clauses) are resolved, sayan A; '" D
....
8, the interpreter simply replaces Ai by ....Bo, ... , ...,B.... The resolvent is then
(as an ordered clause) {....Ao • ...,A1, ... , ....A;_h ....Bo, ... ,...,B ... ,...,A;+1, ........ An}.
In addition to the ordering itself. one should note that as a result of this view of
clauses, duplications may arise if, for example, one of the B· is the same as some
At (I: ¥ i). The implementation of PROLOG does not check Jfor such duplication;
It merely carries along all copies of literals in the appropriate location in the
TI
ordered clause. (Ordered clauses are sometimes referred to as definite clauses,
hence the notation in the next definition using LD for llneer-definite.) This
ordering of clauses does not cause any serious changes. We embody it in the
following definition and lemma. P,
We continue to use T to denote a set of Horn clauses P a set of program clauses
and G a goal clause. '

De8nition 10.12: If PU{G} is given as a set of ordered clauses then an LD--re801ution

~/u~ion of P U {G} is a sequence (Co, Co)., ..• {Gn,C .. } of ordered clauses
I, 1 such that Go = G, G"+l = D, and

(i) ~
n(t) +G;,
1.
i S n, is an ordered goal clause {~A
I"
0 •••
,
..,A. (.)} of length
I," •

(ii) Each Cj = {B, ....8· B} . f I _~h

(.) '1,0,· •• , -., ......(1) 15 an
ordered program clause 0 eU6'
~\:) +2 from P. {We include the POSSibility that c.
= {Bol. i.e., m(i) '"

(ill) For ~~ i < n, there is a resolution of G; and C. as ordered clauses with

resotvent the dered cl • k<t
j...,Ao or ause G'+1 (of length n(i) + m(i) + 1) given "I
,o,· .. '...,A'.k_l, ....Bio ...,B A }
(In this resalutir.~ I' •... , i,rn(i} • ..., ;,1:+1 •.•• ,...,Ai,..!;) .
.......we reso ve on Hi = A;,Io.)
 10 Linear Resolution, Hom Clauses and PROLOG 73

:.emma 10.13: If P U {G} E UNSAT. then there i! an LD-resolution refutation of

Pu {O} stoning with G.

)roor: This is left as Exercise 1. Proceed by induction on the length of the t.r-resolution
refutation of P U {G}. (Note that we can only resolve a program clause and a
goal clause at each step of the resolution. Each center clause must be a goal
clause and each side one a program cleuse.) 0

Our next task is to describe how we choose the literal of G. to be resolved on in

an io-reeolutloa proof. The selection rule used in virtually all implementations
of PROLOG is to always resolve on the first literal in the ordered goal clause
G (in our notation this is just the leftmost literal in Gi). The literals in the
resolvent of C; and G. are then ordered as indicated in Definition 10.12. We
call such linear input resolutions with ordered clauses SLD-resolution.t. (The S
stands for selection.} More generally, we can consider any selection rule R, l.e.,
any function choosing a literal hom each ordered goal clause.

eftnition 10.14: An SLD-resolution refutation of PU {G} via (the selection rule} R

is an LD-resolution proof (Go. Co}, ... , (Gn, Cn) with Go = G and Gn+1 = 0
in which R(G.) is the literal resolved on at the (i + 1) step of the proof. (If no
R is mentioned we assume that the standard one of choosing the leftmost literal
is intended.)

~eorem 10.15 (Completeness of SLD--refutation for PROLOG): If PU {G} E UNSAT

and R is any aelection rule, then there i! an SLD----reaolutionrefutation of pu{ G}
via R,

'OOc: By Lemma 10.13, there is an to-resolution refutation of P U {O} start-

ing with G. We prove by induction on the length n of such proofs (for any P
and G) that there is an SLD one via R. For n = 1 there is nothing to prove
as G '= Go is a unit clause and so every R makes the same choice from Go.
Let {Go, Co)" .. , (On, Cn). with the notation for these clauses as in Definition
10.12, be an to-resolution refutation of length n of {Go} U P. Suppose that
the selection rule R chooses the clause .40.11 from Go. As On+l = 0 there
must be a j < n at which we resolve on k,.t.
U j = 0, we are done by in-
duction. Suppose then that j ~ 1. Consider the result C of resolving Go and
Cj '= {Bj, "'Sj,o, Bj,m{j)} on Bj = Ao,,t:
, ....

C '= Ao,o,
{ .... , ....,Ao.,t-I , ...Bj,o, ... ,-.Bj,mU) ,-..4o,,t+1 , .•. , -.Ao,n{o)}·

We claim that there is an LD-resolution refutation of length n - 1hom PU {C}

t,hat hegins with C. One simply resolves in tum with Co, ... ,Cj_1 on the same
literals as in the original proof that started with G. The only change is that
:-ve Carry along the sequence of clauses -.Bj,o, ...• -.BJ,mU) in place of -.Ao,,t
m the center clauses of the resolution. After resolving with each side clause
Co" '. ,e
j_l, we have precisely the same result Gj+l as we had in the original
74 1. Propositional Logic

resolution after resolving with Cj• We can then continue the resolution deduction
exactly as in the original resolution with Cj+1 ••.•• C.... This procedure produces
an t.e-resoluncn refutation of length n-l beginning with C. By induction, it can
be replaced by an sm-reecluucn refutation via R. Adding this SLD-resolution
via R onto the single step resolution of Go with Cj described above produces the
desired SLD-resolution refutation from P U {G} via R starting with G = Go. 0

We now know what the PROLOG interpreter does when a question is entered
as in "1- AI •...• An. ". It searches for an SLD-resolution proof of 0 from the
current program P and the goal clause G = {...,A1,...• -.An} starting with G.
The remaining uncertainty in our description of its action is just bow it organizes
this search. At each step i of the SLD--resolution, the only choice to be made is
which clause in P to use to resolve on the leftmost term in our current goal
clause Gi. We can thus display the Space of all possible sLo-derivations as a
labeled tree T. The root ofT is labeled G. If any node of T is labeled G', then
its immediate successors are labeled with the results of resolving on the leftmart
literal of G' with the various possible choices of clauses in P. We call such trees
SLD-tTuJ for P and G.

Example 10.16 (SLD--Trees): Ai:. a simple example, consider the program Po:

pr- q,r. (I)

p:- 6.
(2)
q. (3)
q:- 6.
(4) E""
r. (5)
6:- t. (6)
•• (7)

Program Po

=::
S.~~ we ~ave. G = {""p} as our goal clause. The corresponding stu-tree is
gr low. In Figure 22. Along each branching we indicate the clause of Po
resolved agamst. The convention is that the successors are listed in Ii left to right
:enV;th ~he order in w~chth.e clauses used appear in Po. S~
such that ..1._ mg lD D. A path 18 a failure path if it ends with a clause G'
._
Uj cnere ~ no clause in P "h L'_L [ll
of G' In this WI wrucn we can resolve on the leftmost ter
example there are five POSSible paths. Two end in failure and three
end with su ccess.
The PROLOG theorem provernL_~ th
trying the left eeercnes e SLD--tree for a SUCCe5S path by always
first clause in ~;: first: That is, .it tries to resolve the current G with the
(I) (3) (5) to et the POSSIble.In FIgUre 22 it would simply follow the path
• g COrrect !llISWer "yes". If the theorem prover hits a failure
 10 Linear Resolution, Hom Clauses and PROLOG 15

~p

~~

r 1(') .....
q, .....
r .....
8

(6)1~

.....
r s, ...r
..... .....
t 0

o
r r ~ .....
t, .....
r .....
r
I
failure

I I IS)

failure 0

FIGURE 22.

POint (te., DOt 0 and no resolution is possible) it backtracks, that is, it goes
back up the tree until it returns to a node N that has a path leading out of it to
the right of the one the theorem prover has followed upward. The prover then
exits from N along the path immediately to the right of the one it just returned
on (i.e., it tries the leftmost successor of N not yet attempted). This process is
repeated until a success path is found.
mple 10.17 (Backtracking): If we omit clause (3) from the above program Po to
produce Pl, we get a new st.e-eree as pictured in Figure 23 .

.....
q, .....
r

1')1 (6)/ ~)
.....
s, .....
r ,t 0

.....
r~
t, .....
r
I
failure

I
failure

FIGURE 23.
mt~ case, . It then
the theorem prover first tries the path (1), (4), (6), failure.
backtracks to .....
8, -'r and tries (7), (5), success, to give the answer yes.
 76 I. Propositional Logic

Suppose tbe PROLOGinterpreter has searched the tree until it has found ~
answer and we then enter a semicolon '";" at the prompt. The interpreter will
resume backtracking to look for another resolution refutation in the part of the
tree that it has not yet searched. A "no" answer now means that there are no
more proofs. A "yes" answer indicates another one has been found. In this case,
we may once more enter ";" to start the search for yet another proof. In the
last example after finding the proof along the path (1), (4), (7), (5) the theore~
prover answered "yes". If we asked for another proof by entering a semicolon, It
would backtrack all the way up to the top node and try the path (2), It then
would proceed down (6) to a failure, backtrack to "'8 and follow (7) to another
success and "yes" answer. One more request for a proof via entering a semicolon
would finally produce a "no" answer.
If PROLOGsearches through the entire SLD--tree without finding a path leading
to 0, it gives the answer "no" the first time we ask our question. By our general
completeness theorem, we then know that in this case P U {G} is satisfiable and
so (by Theorem 10.6) the question asked ill not a logical consequence of P.
This type of search procedure ill called a depth-first search procedure 8.'1 it tries
to go as deeply as POSSiblein the tree by running down to the end of a path before
searching sideways along any other branches. In contrast, one that searches the
tree in Figure 23 in the order -e: -e. -or; -.s;"""'I1'; -'8, ..,r; ..,t; 0; 0; ..,t
j

-'r; ..,r; failure; failure; 0 is called a breadth-first search. Clearly many mixed
strategies are also possible. In our case, the depth-first search was much faster
than breadth-first (3 versus 6 steps). Indeed, this is a quite general phenomenon.
Depth-first is usually much faster than breadth-first. That, of course, is why the
implementations use depth-first searches. The cost of this strategy can, however,
~ quite high. In a breadth-first search, it is clear that, if there is a path ending
~n0, we must eventually find it. In contrast, the procedure of depth-first search
15 not complete: There may he a path leading to 0 but we may search the tree
forever without finding it.

Example 10.18 (Failure of depth-first searching): Consider the following simple

program:

q,- r . (1)
'0- q. (2)
q. (3)

~~h =arch Procedure applied to the starting clause -e will loop back llJId
n -.q and "'T. It will never find the contradiction supplied by (3).
This example seems ..,,"" to fix d ..•~
in the ~~ an to depend purely on the order of the cia""",
tennin~rogram. Unfortunately, rearranging clauses will not always produce II
of III 2 fI ng Program even when a correct proof does exist. (See program fi
. or an example.) The full impact of these problems cannot, however,
 -- -----
10 Linear Resolution, Horn Clauses and PROLOG 77

be felt until we deal with full PROLOG rather than restricting our attention to
the propositional case. Indeed, it is only with the introduction of predicates and
variables that one sees the true power of PROLOG. We now turn to these matters,
first in the general setting of full predicate logic and then in just PROLOG.

ercases

L Prove Lemma 10.13.

2. Consider the following sentence in "English": If the Congress refuses to

enact new laws, then the strike will not be over unless it lasts more than
one year and the president of the firm resigns.

(8) Represent this sentence in three ways:

(i) by a statement in the propositional calculus
(ii) by one in conjunctive normal form
(iii) as part of a PROLOG program.
(b) Suppose Congress has refused to act and the strike has not yet lasted
mote than a month. Add these to your list (in (i), (il) and (iii» and
use a tableau deduction to see if the strike is over yet. (You can try
to do a deduction from the appropriate premises or an ordinary one
from the appropriate conjunction but be careful how you formulate
the problem.)
(c) Suppose instead that the Congress refused to act, the strike is now
over but the president of the firm did not resign. Use tableau deduction
to see if the strike lasted more than a year.
(d) In (b) and (c) if you had a list of the relevant clauses in your PROLOG
data base, what would you enter to get the answer?

3. One of the successful applications of expert systems has been analyzing

the problem of which chemical syntheses are possible. We oon.sider here an
extremely simple example of such a problem.
We know we can perform the following chemical reactions:

(1) MgO + H, _ Mg + H,O

(2) C+O, _ CO,
(3) CO2 + H20 H2C03•

(a) Represent these rules and the assumptions that we have some MgO,
H2, O2 and C by propositional logic formulas in which assertions say
that we have a particular chemical and implications are understood
to mean that, if we have the hypotheses, we can get the conclusion.
(Thus, (1) Is MgO A H, _ Mg A H,O.)
78 I. Propositional Logic

(b) Describe the state of affairs in clausal form and as a PROLOG Program.
(c) Give a resolution proof (in tree or linear form) that we can get some
H2C03·

4. Represent the following information as a PROLOG program so that. if yo.u

are told that Jones has faIlen deathly ill and Smith has gone off to his
bedside, you could determine if the directors will declare a dividend.

If Jones is ill or Smith is away. then the directors will meet and declare a
dividend if Robinson comes to his senses and takes matters into his own
hands. If Patterson comes, he will force Robinson back to his senses but,
of course, he wUlcome only if Jones is ill. On the other hand, if Townsend,
who is inseparable from Smith. stays away, Robinson will have to take
matters into his own hands.

Give a resolution proof from your program and the added hypotheses from
above that shows that the directors will declare a dividend.

5. Represent the following information as a PROLOGprogram:

If Congress enacts a line item veto and the President acts responsibly, there
will be a decrease in both the budget and trade deficits if there is no maJor
lobbying campaign by both the protectionists and the advocates of high
interest rates. A strong public outcry will get the Congress to enact the line
item veto and force the President to act responsibly. The protectionists can
be kept quiet if productivity increases and the dollar is further devalued.
(It may help to start with a formulation in propositional logic and convert
it appropriately.)

How would you add on PROLOGclauses to reflect the fact that the public
is vocally outraged about the deficits, the dollar is continuing to fallon
world markets and productivity is on the increase?

How do you now ask the PROLOGprogram if the trade deficit will decrease?

Give the resolution refutation that shows that it will go down.

6. D~aw the SLD--tree illustrating all possible attempts at sLD--refutatioDS

the standard selection rule (always resolve on the leftmost literal) lor
USI.Ilg
the question "?- p." and following program:

(I) p:- s,t.

(2) p:- q.
(3) q.
(4) q:- r.
(5) rr- v.
 10 Linear Resolution, Hom Clauses and PROLOG 19

(6) r,
(7) a.
(8) ,,- •.

In what order will the PROLOG interpreter search this tree and what output
will it give if we enter a semicolon at each yes answer?

Iggestions for Further Reading

For the general set-theoretic background needed for our treatment of orders and
trees see Chapter VI. For more about orderings, partial orderings and trees,
consult Bickhoff {I973, 3.8]. or elmoet any of the logic and computer science
texts listed in the bibliography [5.21.
For early propositional logic. read Boole (1952, 2.3] and Post [1921, 2.3].
For various alternate formalisms for logic, read the propositional part of the
following;

Tableaux: Beth {1962, 3.21, Smullyan (1968, 3.2], and Fitting [1981, 4.2].
Axioms and Rules of Inference: Hilbert and Ackermann {1950, 3.21, Mendelson
[1964, 3.21 and Enderton {1972, 3.2]. For an approach at a more advanced level,
see Kleene {1971, 3.2J, Monk {1976, 3.2J or Shoenfield 11967, 3.2].
Resolution: Chang and Lee (1973, 5.7], J. A. Robinson [1979, 5.21, Lewis and
Papadimitriou [1981, 5.2], Maier and Warren {198B, 5.4].
Natural Deduction: Prawitz [1965, 3.5], or at a more advanced level, Girard
[1987, 3.51 and Girard et aI. [1989, 3.5J.
Sequents: Gallier 11986, 5.2], Manaster [1975, 3.2) or Girard f1987, 3.5] and Girard
et el. [1989, 3.5}.
For a problem-oriented text based on resolution and Hom logic, see Kowalski
11979, 5.4J.
For Boolean algebra and its relations to propoeitlonel logtc, see Halmos [1914,
3.81, Sikorski [1969, 3.8} or Resicwe and Sikorski 11963, 3.8].
Interest in Propositional logic has recently revived primarily because of work on
~he complexity of proofs in different proof systems. A good survey of this work
III Urquhart [1995, 3.5].
I
F

1
I
'redicate Logic

Predicates and Quantifiers

The logic of predicates encompasses much of the reasoning in the mathematical

sciences. We are already familiar with the Informal idea of a property holding of
an object or a relation holding between objects. Any such property or relation is
an example of a predicate. The difference between e property and a relation is just
in the arity of the predicate. Unary predicates are simply properties of objects,
binary ones are relations between pairs of objects and in general n-ary predicates
express relations among n-tuples of objects. A reasonable answer to the question
of what are o-ary predicates might well be that they are propositions. The point
here is that they are simply statements of facts independent of any variables.
Thus, for example, If we are discussing the natural numbers we may let tp{x,y)
denote the binary relation (predicate) "x is less than y". In this case tp(3,y)
denotes the property (unary predicate) of'Y "3 is less than y" and tp(3, 4) denotes
the (true) proposition (Q-ary predicate) that 3 ill less than 4.
In this discussion x and y were used as tl4riables while 3 and 4 were used as
constants. Variables act as placeholders in much the same way as pronouns act
as placeholders in ordinary language. Their role is best understood with the
follOWingconvention; At the beginning of any particular discourse we specify a
nonempty domain of objects. AU variables that show up in the ensuing discussion
are thought of as ranging over this domain. Constants play the role of names
for objects (individuals) in this domain. In such a setting, n-ary predicates can
be viewed as simply sets of n-tuples from the domain of discourse, the ones for
which the predicate holds. Thus, for example, unary predicates can be seen as
the subset of the domain consisting of the elements of which the property is true.
()-.a.ry predicates assert facts about the domain of discourse and, in the context
of Predicate logic, are usually called sentences rather than propositions.
~other important class of objects in mathematical discourse is that of June·
hons. For example f{I,2) might stand for the sum of 1 and 2. Functions also
~ve an arity that corresponds to the number of arguments the function takes as
Ulput. Ordinary addition on the natural numbers is a binary function as is mul-
82 II. Predicate Lot!:ic

tipUcation. Subtraction, however, is not even a function on the natural numbers.

The point here is that the difference of two natural numbers is not necessarily
a natural number. We require that the outputs of any function considered al-
ways be elements of our domain of discourse. (We may change the domain of
discourse, however, 8lI the need arises or our mood dictates.) On the other hand,
not every element of the domain need be a value for a function. As another
example consider a ternary function g{x, y,z) defined as x . y + z. Here we see
that variables can play the role of placeholders in functions as well as predicates,
In an analogy with our manipulations of the binary relation <p above, we can
define binary and unary functions from 9 by replacing some of the variables by
constants: 9(1, II, 1) is the unary function 11+ 1 and g(x, y, 0) is multiplicaticD.
How then should we view 9(1, 1,0)? It is, of course, (the constant) 1. Thus, just
8.'1 we can think of propositions as predicates of arity 0, we can think of constants

as functions of ality O. They are objects that have no dependence on any inputs;
they simply denote elements of the domain of discourse. More generally, we call
all the symbols generated by the function symbols, constants and variables such
as !(x,9(y,II)), ternu. We think of them also as ranging over our domain of
discourse (or possibly just some subset of the domain, what is usually called tilt
range of the function).

Ai> with propositions, the truth-functional connectives can be used to build COlli-
po~d P:ed~cates from simpler ones. For example, if <p(x, y) still denotes the
relation x IS less than y" and .p(x,y) denotes the relation "x divides y" theD
(~{x, y) A ,p(x, V)) is a new binary predicate with the obvious meaning. In addi-
tion to the truth functional connectives, predicate logic uses two other predicate
constructors:
2
(i) the universal quantifier, "'If' , with the intended meaning 'for all"

""d

(ii) the e::ci.ftential quanti}U:r, "3" with the intended meaning "there existsn •

Example 1.1:

(i) Let the dOmain of disco . "( J'

d t" urse consist of the natural numbers.N· let <px, Y
eno. e z e II"'!(
' Z, II
) th bl '.
e l.Dary function x + y and abc be constaD
naming the numbers 0, 1 and 2, respectively: ' ,

(a) ~)~{x,y)) is a unary Predicate which says of y that there is a

:ten
ur number less than it. It is equivalent to "II is not zero". 'fhe
t ({'o'x)({3J,!)<p(x, II)}} is a true one (predicate of enty 0) say~
foce
r any natural nwnbe
greater than x,
L. hie ,
r x, tuere lli a natural number y w leu
 2 The Language: Terms and Formulas 83

(b) «Vx)tp(x,f(x.b») is a sentence saying that x < x + 1 for every e,

l.e., every natural number is less than its successor. rp(Y.f(Y,Y» is
again a unary predicate saying of 11 that 11 < Y + y. This predicate is
also equivalent to y being nonzero.

(ll) Let the domain of discourse consist of all rational numbers Q. Again tp(x,y)
denotes x < y, f(x.lI) represents addition (x + 11),g(x, y) division (x + y)
and a, b, c are constants representing 0, 1 and 2.

(a) The ternary predicate (rp(:z:,y) A tp(y,z» says that x < y and y < z.
(b) The binary predicate «3y)(tp(x, y) A rp(y, z))) says that there is a ra-
tional number between x and z, The unary predicate «('Ix)(rp(%,z)---
«3y)('I'(x, y) A 'I'(y, z))) expreeeee • property of z which says thl,
for any x, if x is less than z then there is a rational number between
them.
(0) «('txJ«Vy)('I'(x, y) ~ ('I'(x,g(/(x, y), oj) A 'I'(g(/(x, y), oJ,y))))) Is •
sentence saying that for every x and y, if x < 11 then x < ~ < y.
(d) tp(y,/(y, y)) is again a unary predicate saying that y < y + y. Note.
however, that in this domain this predicate is equivalent to y being
positive.

The Language: Terms and Formulas

We can now give a formal definition ofwbat constitutes an appropriate language
for predicate logic and then specify the formulas of predicate logic by an inductive
definition that selects certain "well-formed" strings of symbols which we think
of sa the meaningful ones.

!f1.nition 2.1: A language J:. consists of the following disjoint sets of distinct primitive
symbols:

(i) Variables: :z:, y, z, v,xo, Xl, ••• ,Yo, 111, ••.•.•. (an infinite set)

(ii) Constants: c,d,CG, do, ... (any set of them)

(iii) Connectives' . A ,....,V,__ .
(iv) Quantifiers: V,3

(v) Predicate symbols: P,Q, R, Pt,P2,'" (some set of them for each erity n =
1,2, .... There must be at least one predicate symbol in the language but
otherwise there are no restrictions on the number of them for each arity).
 84 II. Predlcate Logic

{vi} Function symbols: t.s.x.t«ft, ...• !Jo, ... (any set of them for each ~lj'
n = 1,2, .... The o-ary function symbols are simply the constants listed
by convention separately in (ii). The set of constant symbols may also b!:
empty. finite or infinite).

(vii) Punctuation: the comma. and. (right and left) parentheses) , ( .

Note that we no longer have propositional letters (which would be D-ary pred-
Icates). They are simply unnecessary in the context of predicate logic. A true
{false} proposition can be replaced by any sentence that is always true (false)
such lIS one of the form Q V -o (0 A -'0). (See Theorem 4.8 for an embedding 01
propositional logic in predicate Jogic.)

As a prelude to defining the formulas of e language .c., we define the ter~ of

.c., the
symbols which, when interpreted, represent elements of our domaUl.of
discourse. We define them inductively. (Readers who prefer to use the form~1Oll
tree approach exclusively may skip the more traditional syntactic one glven
here In favor of the presentation of the next section. They should then take the
formulations given there as definitions and omit the proofs of their equivalence
to the ones given here.)

Definition 2.2: Terms.

(I) Every variable is a term.

(ii) Every constant symbol is a term.

(iii) If f is an n-ary function symbol (n = 1,2, ... ) and tl, ... , t.. are terms,
then f(tl, ...• t..) is also a term.

Definition Terms with no variables are called ooriabk-jree terms or ground

I<rnu.2.3;

0.,
The ground terms are the ODesyOUshould think of as naming particular elements
of the dOmain of diacoume. They are the constants and the terms built up horn
the constants by applications of function symbols as in (iii) above.

The base ease for the definition of formulas is given by:

De8nitRio~2.4: An atom.~ fornndo. is an expression of the form ) bere

... _ ..J! R(tIt ... , t.. w
an n-ary pr'OUleatesymbol and tIt ... ,t .. are terms.

We now give the full inductive definition of formulas.

 2 The Language: Terms and Formulas 85

!8nltLon 2.5: Formulas.

(i) Every atomic formula is a formula.

(ii) If a, f3 are formulas, then so are (a 1\ /1), (a --+ f3), (a - IJ), (-.0) and
(a V Pl.
(ill) If v is a variable and a is a formula, then «3v)a) and «Vv)a) are also
formulas.

ifinition 2.6:

(i) A subfotTnula of a formula II' is a consecutive sequence of symbols from II'

which is itself a formula.

(il) An eccarreace of a variable u in a formula 'fJ is bound if there is a. sub-

formula 1/J of II' containing that occurrence of u such that ¢ begins -Nith
({'Vv) or {(3v). (This includes the t1 in "Iv or 3v that are bound by this
definition.) An occurrence of v in rp is free if it is not bound.

(iii) A variable v is said to oa:ur fru in rp if it has at least one free occurrence
there.

(iv) A sentence of predicate logic is a formula with no free occurrences of any

variable, Le., one in which ell occurrences of all variables are bound.

(v) An open formula is a formula without quantifiers.

To see that the definition of a sentence corresponds to the idea of a formula with
a si?gle fixed meaning and truth value, notice that all references to variables
(which are the only way of moving up to predicates of arity greater than 0)
oc~ur in the context of a quantifier. That is, they occur only in the form "there
exists an x such that ... " or "for all x it is true that ... n . The idea. of replacing
8. variable by BOrneother term to produce predicates of perhaps smaller arity (as
we did in Section 1) is captured by the following definition:
lnition 2.1 Sub.stitution (or Instantiation): If II' is a formula and v a variable,
we Write !p(u) to denote the fact that v occurs free in 'fJ. If t is a term, then
i(t), o~ ~ we wish to be more explicit, rp(ujt), is the result of su~tituting (or
~tlatlng) t for aU free occurrences of v in 11'. We call tp(t) an snstance of cp.
r,o(t) contains no free variables, we call it a ground in.Jtance of!p.
There is one important caveat that must be heeded when doing substitutions.
:oition 28.: If the term t contains an occurrence of some variab Ie:r (hiw c b l18
~ly free in t ) we say that t is lJubnituto.bk for the free variable v in 'fJ(v)
all occurrences of % in t remain free in cp(ujt).
 86 II. Predicate Logic

Note that ground terms are always substitutable for any free variable. The prob- 1
lems with substituting a term t (with variables) which is not substitutable in r;
become clearer when we define the semantics of formulas. For now, we consider
two examples.

Example 2.9: P

(i) Consider first a unary predicate 1/;(y) = «3x)rp(x, y)) where our notatioo
is as in Example l.l(i). There is no problem substituting z or 2 or eWll
I(w,w) fo' y to get (3x),(x,,)), «3oo),(x,2» and «3xJ.(x,l(w,wlll,
respectively These formulas simply say that e, 2 and w + w are not zero &l
we would want and expect. However, if we try to substitute /(x,x) f~r.,
we get «3x)tp(x, f(x,x))). This formula says nothing about x or x+x; It II P
simply the true sentence assertiD8 that there is some x such that x < x+t-

(il) Next consider a language for the integers Z with constants 0 and, I, ,a P
unary function symbol 8 for successor and a predicate A(x, y, z) which ~
interpreted. as :r + y =
z. Let rp be the sentence V'x3yA(x, LI,O) which e
true in Z. As a true universal sentence, Ip should be true of any objed,
Indeed, any permissible substitution results in a formula valid in Z. On
the other hand, if we violate sUbstitutability and substitute s{y) for x we
get V:r3yA{s(y), 11,0) which is false in Z. TI

Example 2.10:

(i) «(\f:r)R(x,y)) is a formula in which y occurs free but x does not. The
formula «3Y){(\fx)R(x,y») has no free variables; it is a sentence.

(ii) A variable may have both a free and a bound Occurrence in a single formula
esdo both x and y in «(Vx)R(x, y)) V «3y)R(x,y))). P,
[iii] If ~(x) is (((3y)R(x,y)) A ((Vx)~(x,x»)) and r Is I(w u), then ~(t),
~(xlt) ls «(3y)R(f(w, u), y)) A «(V'l'Q(/(w, u}, ,))). The term g(y, ,(I}I
would, however, not be substitutable for x in tp{x).

After the exercises

~~M·. for this section We usually omit parentheses from forma.,
r
«.3:t)'I'{z) ~ so Improv~ readability. For example, we may write 3x!p(:r) ~
can be . b' r~ P~mg, however, we Prove that, as formally defined, the
no am rguny ill reading a term or formula.
ProPOSition 2.11' It f . .. . t
• J a erm s ts an tnltial segment of a term t, s ~ t, then s "" .
PrOOf: If ~is a variable r . 5

ini:
ant
must be of the fa a !,ODJ;t symbol, then the proposition is clear. OtherWtse
s is a proper Sl,. ", .lin) and 80 of length at least two. Now if s '" t, t~
of parenth __ ' ~_ segment of t, Set, and we would contradict the properliti
-= III ...,rms proved in Exercise 6. p
 2 The Language: Terms and Formulas 87

'heorem 2.12 (Unique readability for terms): Every term S is either (l; variable or
constant symbol or of the form f(st, ... , sn) in which case f, n and ~ Si for
1 :::;i :::;
n an! all uniquely determined.

'roof: Us is neither a variable nor constant symbol, then it is of the form J(81, ... , 8n)
by the definition ofterms. If it is also of the form 9(t1>"" tm). then clearly f = 9
and so n = m. Moreover, it is then obvious that either 81 £: tl or t1 £: 81. In
either case, S = t by Proposition 2.11. We can now argue in the same way for
each i in turn to get that 8.: = t.: for each i ~n as required for uniqueness. 0

roposition 2.13: IJ a formula a is an initial segment of a formula "t, a ~ ",/, then

O'=-y.

roof: Clearly every formula is of length at least 2 and so if 0 were a proper ini-
tial segment of "t we would contradict the properties of parentheses in formulas
established in Exercise 9. 0

~eorem 2.14 (Unique readability for formulas): Each formula 1/J is of precisely one
of the following forms: an atomic formula (ie., of the form R(t1,'" ,tn) for
an n-ary predicate symbol R and terms tlo ... , t«), (0 A P), (0 -+ P), (0: +-> P),
(-.0:), (aV{3), (3tI)0) or «(Vv)a) (where 0 and /3 are formulas and v a tJariable).
Moreover, the relevant "components" of ¢ 43 di.!played in Mch of theae forms are
uniquely determined {i.e., R, n and tne t.: f01' 1 $ i :::;
n for an atomic formula ¢
and the formulatJ 0:, /3 and variobie tJ 43 appropriate to the other po.!sible forms
f" 'I».

'OOf: It is clear from the definition of formulas that ¢ must be of one of these
forms. If it is atomic it cannot be of any other form as all the others start with
a left parenthesis and DO atomic formula does. To establish uniqueness in this
case suppose 't/J is both R(tl, ••. ,tn) and else P(SI, .. ' ,8m), It is then clear that
R = P and so n = m. We then have that tl ~ SI or S1 ~ t1 whence h '-'"-81
by Proposition 2.11. Again we can show in this way that ti = .!i for each i ~n
as required for uniqueness. If t/J is not atomic, it is of one of the other forms.
Suppose, for example, that T/J is of the form (0 A fJ). If it were also of the fonn
b'.-> 6), h .....6) or (-yV6). then Q C "'/or -y C 0 contradicting Proposition 2.13.
If Instead 't/J were also of the form (4), ((3tJh) or((vvh), 'We would contradJct
Exercise 7. To establish uniqueness of the "components" of T/J in this case suppose
that T/J is also (-y A 6). It is now clear that Q ~ "t or -y £: 0 and so 0 = "t by
Proposition 2.13. We then argue in the same way that /3 = 6 as required.
The arguments for the other possible forms for T/J are similar and are left as
Exercise 10. 0
88 II. Predicate Logic:

&ercises
3
For each of Exercises 1-5 let the language be specified by the list of symbols
given in Definition 2.1.

1. Which of the following are terms?

a) r e] I(r, d)
b) "" f) ('tr)(R(o» D,
0) 0 g) .(o,/(y,z))
d) pro) h) .(R,d)

2. Which of the following are formulas fully wntten

. au , In
. ac cordence with
Definition 2.5?
a) I(r,o) d) Yr(P(r))
b) R(o,/(d,z)) e] ("R(z,/(w))
0) (3y)(P(o)) f) «(3r)((Yy)P(z» ~ R(x,y»).
3. List all the 5ubformulas of the formulas listed in Exercise 2.

4. Which occurrences of variables are free in the Formulas I·ted

IS
iIn answer to
Exercise 3? Which are bound?

5. Which of the following proposed substitutions are allowable by our defini.

tion of substitutable? Ex.

a) rll(z, y) in «3y)(P(y) A R(r,z))).

b) rl.(j(z, y),a) in (((3r)(P(r) A R(r, y))) _ P(r».
0) rl.(j(z,y), a) in ((3r)(P(r) A R(r, y))).
d) rl.(n,b) in ((3y)(R(a, r) A pry»~).

6. p"", 'hat ""'Y term hao the sam numbe, af I'ft and ,igh' per enth~
Mo'"","", ""'Y prop" loitla! ",m'a' of a term t h es a'
1,as , es many e t
P&"entheses as right parentheses while if the initial segment is of length a
least 2, it has OlOre left than right parentheses.

7. Prove that no formula begins with ...."3, 'V, (3 or (V.

8. Prove that every formula has the same nUmber of left and right parentheses.
9. p,,,,,, that ''''Y proper ioitial "'gmon, of a fo'mula h es at I, es t as mao~
left parentheses as right parentheses and that if the initial segment is 0
length at least 2, it has more left than right parentheses.
10. Verify the remaining case of Theorem 2.14.
 3 Formation 'frees, Structures and Lists 89

Formation Trees, Structures and Lists

As with the definition of propositions, we can make the formation rules for
formulas more explicit and the definition of such terms 8B "occurrence" more
precise by reformulating everything in terms of formation trees. This is also
the preferred presentation in most texts on PROLOG programming. Our starting
point is again the terms.

e8nition 3.1:

(i) Term formation tnu are ordered, finitely branching trees T labeled with
terms satisfying the following conditions:

(1) The leaves of T are labeled with variables or constant symbols.

ofT is labeled with a term ofthe form /(tll.'" tn).
(2) Each nonleafnode
(3) A node of T that is labeled. with a term of the form f(tl"" tn)
has exactly n immediate successors in the tree. They are labeled in
(lexicographic) order with tll"" tn.

(il) A term formation tree is tlUociatd with the term with which its root node
is labeled .

... ple 3.2: (i) Aseocieted with /(C,9(%,9)) and h(J(d"),9(c,a),w) we have the
term formation trees of Figure 24.

/(C,9(%,g)) root

c / "'/ " -. 9(%,9)

and

h(/(d,'),9(C, a), w) root

.>
/(d,.)
I
,(c,a)
~ w

d
/ \ c
/ \ a

FIGURE 24.
 90 II. Predicate Logtc

Proposition 3.3: Every urm t ha! a uniqut: formati.on tree associated with iL
t
Proof: The proof of this proPOSition, like those of the other results of this section, is
a simple exercise in induction like that of Theorem 1.2.4. We leave them aIIlL\
exercises. This one is Exercise 4. 0

Proposition 3.4: The ground terms are those terms whose formation trees have M
variables on their leaves.
Proof: Exercise 5.
o
The atomic formulas are handled as follows:
DefInition 3.5:

(i) The atomic formul4 auxiliary formation trees are the labeled, ordered,
finitely branching trees of depth one whose root node is labeled with au
atomic formula. If the root node of such a tree is labeled with an n-at}'
relation R(t], ... , t,d, then it has 1'1 immediate successors which are labeled
in order with the terms tl, .•• ,tn.

(ii) The atomic fonnula fOrmation trees are the finitely branching, labele:!, &
ordered trees gotten from the auxiliary trees by attaching at each Jeaf
labeled with a term t the rest of the formation tree associated with t. Sud!
a tree is associated with the atomic formula with which its root is labeled.

Example 3.6: Figure 25 shows the atomic fOnnation trees associated with the formula
R(o,f(.,y),g(a,z, w»).

y
a z w
FIGURE 25.
Proposition 3.1: E
ve1"y atomic formula is associated with a unique formation tret. Pf(
Proof: Exercise 6. 0
 3 Formation Trees, Structures and Lists 91

le8nition 3.8:

(i) The formula auxiliary /orrnt1tion trees are the labeled, ordered, binary
branching trees T such that

(1) The leaves ofT are labeled with atomic formulas.

(2) If o is a nonleaf node of T with one immediate successor a 1\ 0 which
is labeled with a formula !p, then a is labeled with ~, 3vrp or Vvrp
for some variable v.
(3) If a is a nonleaf node with two immediate successors, (1" 1\ 0 and a /\ 1,
which are labeled with formulas cp and 1/J, then a is labeled with cp/\1/J.
!p V t/J, cp -1/J or cP ...... 1/1.

(ii) The formuhJ jormo,tion trees are the ordered, labeled trees gotten from the
auxiliary ones by attaching to each leaf labeled with an atomic formula
the rest of its associated formation tree. Each such tree is again associated
with the formula with which its root is labeled.

(iii) The depth of 4 formula is the depth of the associated auxiliary formation
tree.

taJnple 3.9: Figure 26 shows the formula formation tree associated with the formula
3xR(c, f(x, y), g(a, %, w)) A VyR(c,f(x, y), g(a, z, w)).

""
3xR(c, f(x, y), g(a", w)) A VyR(c, f(x, y),g(a, z, w))

3zR(c, l(z, y), g(a, z, / tu» VyR(c, f(z, y), g(a, z, tu»
R(" f(x, y),g(a,
/ %, w))
\
R(,,!(x,y),g(a, z , w))

c
/1 -.
f(.r,y) g(a,z,w) c
~ J(z,y)
I
g(a,z,w)

/ \/1\
x y a % w
/
x
\/1\
v a % w

FIGURE 26.

lPasition 3.10: Every formula is ~ociated with a unique (auriliary) formation

'''''.
lOr: Exercise 7. 0
 92 II. Pft'dieate Logic

. . nn t'ivale •ts
F"mally, we contln ue tn treat the ,.m.mmg boutf the
formulas,
notionssubformu!&l
d.fi,~'
and oocun.n,,, of vanebles as the proven "QUO en ~I h. replaced wl'h"
the last section. Those definitions could, however, eceu y
ones we present here.

Proposition 3.11: The subfoFTnuiasof a formula IIJ all'! the a

auziliary formation tree tU!ociated with lp. I bets of the nodes of/hi

P,opo.IUon 3.12, Ex

Ii) The "'"'U""n"" of 0 v,nohl. v m . 0 formu Ia ~ are •'n one-one labeled,;l

co~
d.n", with the leaves of the a"acialed formation tree thaI are romn, ~
v IThe "'''''''pond ence ;, given h. ma"hing the I.pogroph",; l 0the 1m'
th. """""n"" of v in ~ with the I.!t-nghl ord.nng gi ue~ ,: leaf Ia!</O
the leQve.tlabeled with v.) We may also reier to the llppropna
with v as the occurrence of v in lp.

Iii) An """rmnoe oj the vanabl.

. .. ~ ... hound ":1 th ere e
v '0 . a formula 'I/Jpo"""
~n-
ning with «('Vv)or ((3v) which is the label of a node above the COTT'e3
leaf of the fOrmation tree for lp labeled with u.

Proposition 3.13, If ~ is a fonnula and v a vanabl.,

. then ~(v/I) is I the fo,~I,J
tormuJ4
""ocialed with the fonnation e-ee gott'n b. repladng roch leaf m the "" ""''''
which is labeled with a /ru OCCttF'7l!nce of v with the forma on
IJIith t and propagating this change through the tree. ti tree ass"".

Pro"";Unn 3.14, The lenn I ;, ,"hatitut.bl. fo< v in .~(v) if all occu'7:~':f:,

m I "'m"n free m ~(t),•.•.•an. leaf in the formation Ire. for t wh. pes'"
0CCtl~ of a variable :r n:mains free in every location in which d ap
the fOJ'Tnatitm tree df3cribed in ProPOsition 3.9.

We leave the proofs of these Propositions as Exercises 7-11.

Notice th." ·'''.pt fo, the distlo,tlon we h.ve made In ou, alphahet
function _bob and pl.,ll,,,,, _bob,
he:::
the fommtion t .. " fo, term. and. "",.
fonnul", "e in""tl'_·!shahle. Each baa Ie.ves l.beled with oonstants 01 ••
.bI .. and eve." other-"6"nod. ~ labeled by 'PpI,,;ng one nf the 'ppwpn. . te n-"'J
nt>-
_hob tn the Iabeb of Its immooiate 'u"' .... "'. Th •• tand",d Implem~
tlo.. 01 PRol.O<l,and an the """" .... prog'''''''''lng text., In fact do not h"
tbl. alPhabetl, distinction. T.nn. and atoml, fOnnul", are all lumped tog.t oc
and <alled 'lruaurc... One <an the"'fo", he.... yut""tically ac"ptable ~RO~'"
d .... like "<eadlngUohn, "'adlngOacl<,HatI))". Thi. PRoLOG cI.u .. _h ",
rendered intn Engheh '" follawa, John ~ readlog Jacl<', fi,st "'adlng list. d
-"'ading' b thought 01 both ... P'OOI,,,,, desol!bing who ~ reading wh.t R an
 3 Fonnation Trees, Structures and Lists 93

a function giving people's items for reading. In general, however, it seems very
difficult to make consistent sense out of such combined usages. The semantics
we present in the next section, which is the standard one for predicate logic,
makes no sense unless we maintain the distinction between function and predl-
cate symbols. As it is the basis for the theoretical analysis of PROLOG (in terms
of soundness and completeness, for example) and we know of no reason that
it might ever be necessary to exploit such a confusion, we simply assume that
separate alphabets are maintained for function and predicate symbols (at least
within any particular program or application).

ample 3.15: As an example of a typical PROLOG structure, we briefly consider one of

its most important function symbols (or operators), the pairing /unction denoted
by '',". Thus .(a, b) denotes the ordered pair with first element a and second
element b. This function is used to form arbitrary lists by repeated application.
Practically speaking, the operator ''. n in PROLOG should be applied only to pairs,
the second element of which is already a list (the first element can be anything).
To get such a procedure olf the ground. PROLOG starts with a constant symbol
[ I denoting the empty list (one with no elements). Thus a list consisting of
just the element b would be represented by .(b, [J) and the ordered pair (a,b)
would actually be realized as .(a •.(b. [ ])). As this notation is cumbersome, lists
in PROLOG are also denoted by putting their elements in order within square
brackets and separating them by commas. Thus (a, b. c, d) denotes the list with
elements a, b, c and d in that order. This notation is really an abbreviation for an
iterated use of pairing (with the conwntion that we always end with the empty
list). [a,b,c, dJ is treated as if it were .(a, .(b, .(c, .(d, f J)}». Its formation tree is
given in Figure 27 below .

.(a, .(6, .(0, .(d, I]))))

a
/ \
.(6, .(0, .(d, I])))

6
/ \ ~~~~[l))

e
/ \ I])
.(d,

d
/ \I J
FIGURE 21.

T~e list la, b, c. dJ is also written [e lIb, c, d]J. The notation with the vertical bar,
I. 18 another version of the function symbol. for combining lists. [X I Y] denotes
94 II. Predicate Logic

the list whose first element is X and whose succeeding elements are those of the
list Y in order. The terminology that accompanies this notation is that X, t~
first element of the new list, is called the head of the list IX I YJ and the listY
consisting of the remaining elements is celled its tail.

The reason for avoiding terms such as la r b) or equivalently .(a, b) when b is ~

a list is that we usually define list handling functions by recursion. The startlCl8
point for such recursions is generally the empty list fl. Thus a function so ~eflnet!
would never be computed on an input such as .(a, b) when b is not a list. ~e
return to this point with examples and explanations of definition by recursion a 4
section 5 after we have defined the semantics for predicate logic and PROLOG.

Exmises

L Draw the formation trees associated with the following terms:

0) c
b) f(x,d)
I
0) 9(f(x,d),,)
d) h(y,9(',f(f("d),g(x,x)))).

2. Draw the formation trees associated with the following formulas:

0) R(',d)
b) R(f(x,y),d)
0) R«,d) A R(f(x,y),d)
d) 3yV'(R(x, f«,d)) V 'P(h(y))) De
e] V'(R(g(x", ,)) _ Ply)) A P(,).

3. erclSe 2. which leaves are free occurrences

Ind.icate of variables in the trees of Ex.

4. Prove Propnsition 3.3. (Hint: Use Theorem 2.12.)

5. Prove PropOSition 3.4.

6. Prove ProPQ6ition 3.7. (Hint: Use Theorem 2.14.)

7. Prove ProPOSition 3.10. (Hint: Use Theorem 2.14.)

8. Prove PrOPOSition 3.11.

9. Prove Proposition 3.12.

10. Prove ProPD6ition 3.13.

 4 Semantics: Meaning and Truth 95

11. Prove Proposition 3.14.

12. Prove that the length of every term t in a language I:. for predicate logic is
greater than or equal to the depth of the associated formation tree.

13. Prove that the length of every formula r,p of predicate logic is strictly greater
than the depth of the associated formation tree.

Semantics: Meaning and Truth

A language £. of predicate logic is specified by its predicate (or relation) symbols

and function symbols. A single language will have many possible interpretations
each suited to a different context or domain of discourse. Thus the language
with just one binary predicate P(x, y) can be viewed. as talking about any of the
following situations:

1) The natural numbers, N, with <.

2) The rationals, Q, with <.
3) The integers, Z, with >.

or any of a hoot of other possibilities. If we add a binary function symbol f(x,y),

we could view f as representing, for example, z . y, x - y or max{x,y} in these
respective domains. To begin to interpret the language, we must specify a domain
of discourse and the intended meanings for the predicate and function symbols.

ftnition 4.1: A structure .A for a language £. consists of a nonempty domain A,

a.n assignment, to each n-ary predicate symbol R of 1:., of an actual predicate
[i.e., a relation) R.A on the n-tuples (al,' .. ,an) from A, an assignment, to each
constant symbol c of 1:., of an element c-'" of A and, to each n-ary function symbol
J of c, an n-ary function fA from An to A.

In terms of the examples considered above, we can specify structures for the
language with one binary predicate by letting the domain be N, Q or Z, re-
Spectively. The interpretations p.A of the binary predicate are then <, < and >,
resPectively. When we add the binary function symbol f we must specify in each
case a binary function fA on the domain to interpret it. In each of our exam-
ples, the function would be the one specified above: multiplication, subtraction
or max,

We begin the task of interpreting the fonnulas of I:. in the structure.A by saying,
fo~each. ground term of the language 1:., which element of the domain of discourse
A It names.
 96 II. Predicate Logie

Definition 4.2 (The interyf'etation of ground terrn.s):

(1) Each constant term c names the element cA. .

f
of A andtheJ elenea
(ii) Hthe terms tl •...,tn of t: name the elemenfts( t1,A , .• '/ tA names 15 an n- ,

8ly function symbol of E, then the term tl, ... , n h fA's an n-8IJ
f(
• )A - IA(~ tA) of A. (Remember t at t A ~I
t .. ···'n - 1:.t"'"A
function on A and that t1 "'" tn are e Iemen ts 0 fAsothatj.A(t" ... ,.
is in fact an element of A.)

Continuing with OUf above examples, we might a dd cons t an ts c and

as follows:
dtooUl
language and assign them to elements c4 and d.A of the structures
1) c" =0; <t' = 1.
2) c" = 1/2; <t' = 2/3
3) c" = 0; dA = -2.

Supposef is interpretedas multiplicationin each of the three structun;~

the ground terms f(c,d) and f(d,f(d,d)) name elements of the strue
follows:

1) (I«,d))A = 0; (f(d,f(d,d))y' = 1.
2) (I«,d))A = 1/3; (I(d,/(d,d)))A = 8/27.
3) (I«,d))A = 0; (I(d,f(d,d)))A = -8.

It " oon_oot to deal wnb structures .A for langu ages £ that have a g=~
term -u,g e""ry element 0 of A. If we ere given a ,tmctu".A for alangu ~
In whi<h not.".ry element of the domain is named by a ground term, we£A oDd
£ by adding a new <o"'tan, '" to £ un
_h 0 E A to get a language h~o.
edend .A to a '''u<ture Co, £A by int",preting th ese oonstants m the 0""",
c:
WRy, = o. Thus in £A ""ry element of the domain A is named hy a rod "'"
Notice that every structure.A for t. becomes one for £..A in tbis wayan
structure for {;.4 becomes one for C by simply ignoring the constants Ca.

.Ve<an now define when a .,.ten"

1: ~ of -language £ is true m _ ",ven
• • ...
struclurt
Co, £. We write thio ae.A" ~. The fOnna! definitwn " by indu<tion. on .. ,:::~ t'
.. the _00 m.... ,. The intereeti .. <... " that Co, the quantifie~. not
" n_ to ha"" ground te_ that _e ea<h element of A. ff the" are"","
nne
:""ugh ",oood te . in £, we &mply use the definition in £A. Thus, we
In the follOWing defilUtion that every a E A is named by a ground term 0
7::.
De,
Deftnitlnn 4.3, The ""til of a "'_" ~ nf £ in _ "m<tu" .A in whim eve"!.~
~_00 by e ground leon of £ " definoo by induction. (ff not every ele !o'
of .c.) we use the definition of A. 1= "p for £...A to define A 1= III
of A is so rpnamed,
sentences
 <I Semantics: Meaning and Truth 97

(i) For an atomic sentence R(tr. ... ,tn), A l= R(t}, ... , tn) iff RA,(tf, ... , t:),
i.e., the relation R"" on An assigned to R holds of the elements named by
the terms t... ,., tn' Note that, 88 R(h, ... , tn) is a sentence, the ti are all
ground terms and so name particular elements of A.

(ii) A l= -,tp <=> it is not the case that A l= tp. (We also write this as A)t' tp.)

(iii) A l= (tp V tP) <=> A l= tp or A F t/J,

(iv) AF (<pA¢)" AF 'I' and AF ¢.

(v) AF(<p~¢) .. AI'<pmAF¢.

(vi) A F ('I' _ ¢) .. (A F 'I' and A F ¢) 0' (AI' 'I' and AI' ¢).
,'..~lt
,.lel.(, ....... ~" ,,.,j, l't 1 b
(vii) A l= 3vtp(v) # for some ground term t, A F tp(t). ' I , ... e ~ t
(viii) A F 'Vvtp(v) # for all ground terms t, A F tp(t).

Note that truth (or $ati!jactioR, as F is often called) for longer sentences is always
defined in (ii)-(viii) in terms of truth for shorter sentences. It is for clauses (vii)
and (viii) that the assumption that all elements of our structure are named by
ground terms is crucial.

~8nition 4.4: Fix some language £.

(I) A sentence tp of £ is valid, l= 11', if it is true in all structures for E.

(Ii) Given a set of sentences E = {al •... }, we say that a is a logical consequence
of E, E l= a, if a is true in every structure in which all of the members of
E are true.

(iii) A set of sentences E = {Ol,"'} is .Jati!fiable if there is a structure A in

which all the members of E are true. Such a structure is called a model of
E. If E has no model it is unsGtisfiable,

Note that we have defined truth only for sentences, that is, formulas with no
~ee variables. The point here is that if Ip(v) has u free, then the formula has no
single fixed meaning in a structure A. It rather represents an n-ary predicate on
A for n > 0 and so we do not say that it is true or false. The notion for formulas
with free variables that is anaJogous to truth for sentences is that of validity.

6.nitio
. n .5·
.: A formula 'P of a language 4. with free varlab I·
es VI ••.• ,Vn is t1G '·d
I
In a .ttM1ctun: A for £ (also written A 1= cp) if the universal of tp, i.e.,
clo.fUTe
the. sentence 'Vv1'Vt/2, .. , VVn'P gotten by putting 'V'Il1in front of tp for every free
Vllriable Vi in 'P, is true in ..4.. The formula tp of 4. is valid if it is valid in every
structure for 4..
 98 II. Predicate Logic

As long as we are in a situation in which every element of th.e structure ~ ill

named by a ground term, this definition of validity in A is equivalent to sa,:
g:
that every ground in"tance of tp is true in A, l.e., .A 1= tp( t 1, ... , t..) for al~
terms tr, ... , t.. of t. Also note that as sentences have no free verieb ,
a

sentence is true in a structure iff it is valid in the structure. 1

Warning: For a sentence I{J and structure A either 'P or -,tp is true in A. (and
the other false). It is not true, however, for an arbitrary formula t/J that I/J or
-.lj.J must be valid in A. It may well be that some ground instances of fjJ a.r:
true
while others are false. Similarly, one can have a sentence such that neither It Jl()f
p
its negation is valid. It is true in some structures but not in others.

Definition 4.6: A set E of formulas with free variables is satisfiable if there is a

structure in which all of the formulas in E are valid [Le., their universal cloo~
are true). Again such a structure is called a model of E. If E has no models It 15
un"atisfiable.

Example 4.7: Consider a language £, specified by a binary relation symbol ~ and

constants Co, Ct,Ca,· ... Here are two ptJ6sihle structures for £, correepcndieg to
two different interpretations of the language. N

(I) Let the domain A consist of the natural numbers, let RA be the ustllll
relation <, and crt
= 0, cf = 1,.... The sentence (Yx)(3y)R(x,~) sa~
E:
that for every natural number there is a larger one, so it is true m t
structure.
(··)'-h· }.M
u ~ t e domain ofA "''''''' of th"";onal numbers Q ~ {qo, q" ... , I
ItA again be <, and let et = =
qo, cf ql, .... The sentence (Vz)(Vy)(R(x,."
.....(3z)(R(x, z) A R(z, y») is true in this structure. (It says that the rat:r
naJs
(i) forarethedense.) It is not, however valid as it is false in the structure
natural numbers. I

Warning: We have not included any special or reserved predicate symbol for
equality in either our syntax or sernllbtics for predicate logic. In other words,
we. have made no Provisions in our definitions that could be used to force US
to ~teCJ>re.t SOme ~ieular predicate, such as "=", as true equality. We have
avo,dad tim - ..
n of on, d.ftn;t;"n of • lang .... in 2.1 and the com.pond
~ restnet~ IJ1 the definition of truth in 4.3 because it does not mesh "IVe U
with resolutIOn theorem proving, logic prl:lgranuWng and PROLOG. Some of the
perhaps. uneJtpected consequences of this choice can be seen In Exercises 2-3 of
§7. A VIew of Predicate logic with such a distinguished equality predicate (as
:en as.an &PProa.ch to equality without it) is Presented in ]11.5. The syntaX 3l1d
mantics ~resented there can be read now. The proofs of soundness and ecm-
plete.ru~ss
ones discUssed
we Present in there
§7. for logic With equality are simple modifications of the
 4 Semantics: Meaning and Truth 99

Now that we have defined the semantics for predicate logic we can make precise
the claim that we do not need propositions. Indeed there is a faithful embedding
of propositional logic in predicate logic.

'beorem 4.8: Let rp be an open (i.e., quantifier-fru) formula of predicate logic.

We may view II' as a formula rp' of propositional logic by regarding every atomic
81Jbformulaof cp as a propo3itionalletter. With thi.3 coTT"e.!pondence,cp i.3 a valid
formula of predicate logic if and only if rp' i.! valid in propontionallogic.

roof: Exercises 8-11. o

Now that we have both the syntax and semantics for predicate logic it should
be clear by analogy with our development of propositional logic what we should
do next. We have to give methods of proof in predicate logic and then prove
soundness and completeness theorems analogous to those we have seen for the
propositional calculus. First, however, we consider the application (or actually,
the specialization) of our semantics to PROLOG.

otation: We often use vector notation as in X, ; and eto denote sequences of variables,
terms and constants, respectively.

tercises

1. Let.l. contain a constant c, a binary function f and a unary predicate P.

Give two structures for £: one in which Vx P(f(x,c» is true and one in
which it is false.

2. Show that Vx(P(x) _ q{f(x))) A 'v'xp{x) A 3x-.q(x) is satisfiable.

3. Give an example of an unsatisfiable sentence.

4. Define a structure for the language containing constant symbols 0 and I, a

binary predicate < and one binary function symbol + in which x + 1 < x
is valid but x + x < x is not. Indicate why the structure bas the required
properties.

5. Prove that A F -03xrp(x) <¢:> A 1= Vx-.rp(x). Does it matter if rp has free

variables other than x1

6. P""" that. for any sen ten ce ,p, A F (,p ~ 3x,,(x» .. A F 3x(,p - ,,(x».
What happens if t/J is a fonout. in which :r is free1

7. Prove that for aoy .. 0eence ,p. A F (3x,,(x) ~ ,p) .. A F Vx(,,(x) ~ ,pl·
What happens if t/J is a fottnula in which x is free?
 100 II. Predicate Logic

8. Theorem on constants: Let <p(i') be a formula of a language [, with .•

z
sequence:i of free varlables. Let be a sequence of new constants (not 1II
£. ). Prove that <p(i) is valid iff <p{e) is.

9. Prove Theorem 4.8 for formulas with no free variables. (Hint: Convert
between models for <p or ""1{) to assignments making !pI or .....
!p' true.)

10. Combine Exercises 8 and 9 to prove Theorem 4.8.

5 Interpretations of PROLOG Programs

In this section we want to specialize the ideas and definitions of the last section
to explain the semantiC! of clausal form and Horn formulas with free variables
and so begin the study of the semantics of full PROLOG programs.
The syntax for clausal form and PROLOG format is the same as in the proposi-
tional case (Definition 1.10.4) except that liternls can now be any a.tomic formula:;
or their negations. Note, however, that implementations of PROLOG uniformly
use (initial) capital letters for (names of) variables and lower case ones for (names
of) predicates, constants and functions.

Definition 5.1 (Clawal notation):

(i) Literals are atomic formulas or their negations. The atomic formulas are
called po..titiveliural$ and their negations, negative liternls.
(il) A clawe is a. finite set of literals.

(ill) A clause is a Hom clause if it contains at most one positive literal.

(iv) A progrnm clawe is a clause with exactly one positive literal. If a program
clause contains SOme negative literals it Is a rule; otherwise, it is a Joel.
(v) A goal clowe is a clause with no positive literals.

(vi) A formuk is a not necessarily finite set of clauses.

The PROLOG notation for rules and facts is as in the propositional case as well.

Definition 5.2 (PROLOG notation):

(i) In PROL?G, the fact {P(X)} consisting of the single positive literal P(X)
appears in PROLOG programs as follows:

P(X).
 5 Interpretations of PROLOG Programs 101

(ii) The rule C = {P{X) .....ql (X, Y), ... , ....

q.. {X, Y)} appears in PROLOGpro-
grams as follows:

p(X),- q,(X,Y), ... ,q.(X,Y).

(iii) For a rule C as in (U), we call p(X) the 900l or Mad of C. We cell the
qt(.X.y), ...• q..(X.y) the subgoals or body of C. When the head-body
terminology is used, the symbol :- which connects the head and body of
o is called the neck.

(iv) A (PROLOG)progrom is a formula (set of clauses) containing only program

clauses (t.e., rules and facts).

The intended meaning of clauses and formulas is as in the propositional case

exceptthat we must explain how we treat the free vertebles. Each clause is in-
terpreted as the universal closure of the disjunction of its elements. Thus the in-
tended meaning of Ct = {q(X. Y). r(Y)} is VXVY!q(X, Y) V r(Y)J. In this vein
the intended meaning of the rule C given by P(X):- ql(X. Y), ... ,q .. (X, Y)
(in clausal notation C = (P(X), ....ql(X, Y), ... , -v..(X, Y)}) is VXVY[p(X) V
--,ql(X, Y) V .. , V-.q,,(X, Y)I. Repeated applications of Exercises 4.8 and 1.3.2
wouldshow that this is equivalent to VX{3Y(qt(X. Y) 1\ ... l\q,,(X, Y)) -+ p(X)].
(.welater analyze some examples to see how this equivalence can be esteb-
lished.)Thus, C truly embodies a rule: If, for any X, there is a Y such that
ql(X, Y),Q2(X. Y) •... ,q..(X. Y) are all true (have been verified), then p(X) is
also true (has been verified).
Aformula S is interpreted as the conjunction of its clauses. Thus if S = (CI, C2)
where01 is 88 above and Oz = {q(X.Y),m(Y)}, then S has the same meaning
".vXW(q(X, Y) V T(Y)) A .vXWlq(X, Y) V m(Y)J. In particular, if tho formula
S IS a PROLOGprogram, then it is equivalent to a. list of universal facts of the
form VXP(X) and rules like C in the previous paragraph. Implementing PROLOG
consistsof making deductions from such a list of !acts and rules.
Notethat in describing the intended meaning of a formula, each clause is univer-
sallyclosed before we take the conjunction. The importance of this convention
becomesapparent when we consider resolution for predicate calculus. Confusion
can be avoided by using distinct variables in each clause. (This corresponds to
what is called .standardizing the IJariablu apart (see §I3». We later (§9) show
that, at the expense of adding new function symbols to our language, every sen-
tenceof Predicate calculus is equivalent to a formula in the sense of Definition
5,1. (This result is the analog of CNF for the predicate calculus.) For now, ef-
ter ane example involving such transformations, we simply deal with the syntax
and ~tnantiCB of formulas in clausal form directly. The notions of structures for,
::':terpretations of, formulas in clausal form are immediately specified by the
translation into predicate calculus.
102 II. Predicate Logic

'Knight's moves: an example: .

Let us briefly examine the added expressive power gIVen,

. '0 ustiby using
about variables in
a knight's
. . th e pro bl em 0 f representing hin erma
PROLOGbyeonsldenng by pairs of num ben
board JOn
moves on a chessboard. We can mbel the 5ql1&fE:ll of t e
from I to 8 in the usual way as in Figure 28.

2 3

FIGURE 28.

We thus might well want our language to mclude

. the eonseen t 5YmbclsX 1,2,
X3...X~),
,8.
The baaie predicate of our language will be the 4-ary one, ktmove(X 1, a Wi~n of
(Fo,tho mom", .. won,
to ."'" """Yin•• bout 'h. ~tu" represen p..a'
pain in PROLOG via the list notation introduced in §3 and eo use)
cete on {I, ... 8} rather th&n a binary one on pairs of n~be~.
;t::endlld
owed to move
interpretation of Uktmove(X"XlIXaIX4)~ is that a knight 18 all . Ived is
Io
from
to position
simply (Xthe
list all X 2) to (X3,X.).
facts: One way to represent the data mvc

ktrnolle(I, 1,2,3).
ktmove{l, 1,3,2).

Th, Jot .. ho.. ver, ""''' Ion. (336 foe,,). Mo",,",,,, In"
. is, h uon
itua , else wi>h
quicldy be-
oom~ Intobbk wh" .. eek '0'
only. Uttk bl' ,"0". Suppcee we . ht cen
to ba", 0UU>th~2 p"di"" 2IdUn'",(X"X,.X" X.) whicl> My•• bat. k... lon,
get fmrn
list of (X\,X ) to (X3,X4) in two moves. Here too we could enter 8 very
facbl:

2ktmove(l, 1,1, 1),

2ktmove(l,1,3,5).
 5 Interpretations of PROLOGPrograms 103

'tIXtVX2VX3VX4(3YI3Y2(ktmove(X1, X2, YI, Y2)

i\ktmove(YI> Y2, X3,X4)) -+ 2ktmove(XI, X2,X3, X4)]. (#)

We introduce a general method for converting all such sentences of predicate

calculus to clausal equivalents (or PROLOGprograms) in S9. For now we analyze
this one in an ad hoc way. We begin with eliminating the implication in favor
of -. and V as in constructing a CNf' in propositional logic to get the following
sentence equivalent to (#):

"IXIVX2VX3VX4[-.(3Yt3Y2}(ktmove(Xl,X2, YI, Y,)

Aktmove(Yi, l'2,X3, X4)) V 2ktmove(XI, X2,X3, Xt)J.

The next steps are to apply the equivalence of -.3zrp to VZ-.I.p established in
Exercise 4.5 and then De Morgan's laws from Exercise 1.3.2 to get

"IXIV X2VX3"1XtrvYiW2[-.ktmove(Xl,X2, YI, Y2)

V...,ktmove(YI,Y"X3,Xt)] V 2ktmove(Xt,X2,X3,Xt)!.

Finally we have an equivalent of (#) which is essentially in clausal form

't/XI't/X2VX:J't/Xt't/Yi'IrIY2[-.ktmove(XI. X2, YI, Y,)

V...,ktmove{Y1Y , " Xs, X4) V 2ktmove(XI, X2.X3,Xt)].
(The semantic equivalence of these last two sentences should be clear.]
The clausal. form of our rule originally stated in predicate calculus as (#) is thus
simply:

(-.ktmove(XI• X2, YI, V,), -.ktmove{YI• Y2,Xs,Xt),

2ktmove(XI. X2, X3, X,)}.
This Is a Horn clause which we write in PROLOGnotation lIS

2ktmove(XI, X"X3, X,):- ktmOve(XI,X2, YI, V,),

ktmove(Yl, Y2,X3,X,).

ThU8,we have an example of the general interpretation of a program clause of

the form "p(X'):- ql(X, Y), ... ,q,,(X, y)" in PR.QLOG.It is a rule which says
that, for every choice of the Yatiables X in the goal (he4d) P(X) of the clause, p
holds of X (.rucceed.r) if there are Y such that all of the f1ubgoal(body) clauses
qt(X',Y), ... ,q..(X,Y) hold {.ucz:ttd).ln our C8Se, the clause says ~ ex~ted
that you can get from (XI, X,) to (X3, X.) in two knight's moves If there IS a
(l'I' Y2) such that you can get from (X I, X,) to (YI, Y,) in one move and from
('Yi., y,) to (X3,X4) in another.
Let us see how we might reduce the size of the program representing ktmove from
336 claU8eBto one of more manageable size by the introduction of other rules.
104 II. Predicate Losic

One apprQ6Ch is to introduce symmetry type rules that would enable us to deri~
every bight's move from a small list of basic moves. One obvious such rule IS
symmetry iteelf:

(51) ktmove(XI,X~,X3,X4):- ktmove(X3,X4,XI,X~).

Remember that dtis rule lIllys that (for any XI, Xi, X3, X4) if a knight can move
from (X3,X4) to (XI,X2), it can move from (Xl,X~) to (X3,X4). Introducing
this rule woukl allow lIS to cut our database in half. Other possible such rules
include the following:

(52) ktmove(XI,X~,X3,Xtl;_ ktmOVl!(Xl,X4,X3'X~).

(53) ktmove(XhX~,X3,X4);_ ktmove(X~,XJ,X4,X3).
(54) ktmove(XI,Xi,X3,X4):_ ktmove(X3,X~,XI,X4)'

(Check that these are in fac:t coned rules about a knight's behavior in chess.]
We could then list just a few basic moves which, together with these program
clauses, 1VOuidcorrectly define the predicate ktmove. (It is correct in the sense
that any structure lIlltisIying all these facts and rules would give exactly the legal
knight's moves all the quadruples of COnstants {I, ... ,8} of which the predicate
"ktmove" hokb. The correctness of the program in terms of execution, which
employs rell(llution-type theorem Proving, is dealt with later.)

Another taclt might be to try to define "ktmove" in terms of arithmetic operations

on the positiOIlS, l.e., to capture, in IIOmesense, the rule as it is usually taught:
The knight may move from (XI ,X~) to (X", X4) if the change in one coordinate
is I and 2 in the other, i.e.,

(We must abo make sure that the two positions are different. This is taken care
of by the way we define the appropriate arithmetic operations. In particular 0 is
not an allowed value for IXI - X"J.) Now PROLOG hll8 many arithmetic operations
end ~redicates built in but a precise unde1'lltanding o( how they are used req~
knOWing more about how PfOgr8lJl8 are implemented. So for now, we wish to aVOid
using the built-in predicates. We can, however, put into our program definitions
of our own fOl'as much arithmetic as we need. (Be careful not to use the names
reserved for built-in predicates (or the ones you define.]

To begin with, we might define the "succeeded byn predicate on the set of numbers
{I, ... , 8} by a database:

suc(I,2).
suc(2,3).

sUC(1, 8).

We couk!: then define a truncated version of addition by the (ollowing rules:

 5 Int.eTpretations of PROLOG Programs lOS

(AI) add(X, I, Z) :- IUC(X, Z).

(A2) add(X, Y,Z) :- ItlC(l'i., Y), IUC(Zt. Z), add(X, YI,Zd.

We could then directly define IXI - X21 = Y by:

(A3) absolute...difference(X1> X" Y):- add(XI, Y,Xl).

(A4) absolute..difference(X1,X2,Y):_ add(X"Y,Xd.

(These rules do what we want because we are only interested in truncated opera-
tions, i.e., only on what happens on {I, ... ,S}. They do not define the operwo'18
correctly on all the integers. We say more about intended structures for a program
later.]

So far we have been considering the meaning of clauses in a PROLOG program

entered as such, e.g., by "consulting" a file containing the program as listed.
We must now explain the semantics of goal clauses entered at the "?" prompt.
The intended meaning of, for example, "?- p(X1, X2}, q(X2, Xa}." is "are there
objects 4r,02,Oa such that P(0t.02} and q(a2,aa)". PROLOG responds not only
by answering yes or no to this question but, if the answer is yes, by giving
instances that verify it, i.e., actual terms (and so names for objects) 010 02 and
~3such that P(Ol,.B2} II q(02' oa}. (As discussed in the case of propositional logic
III 1.10.4, entering "i" after one answer has been found asks for another. This
may be repeated until there are no more, at which point PROLOG answers "no".
~he search for additional answers may also be terminated after any reply by
Simplyentering a return.)

As in the ProPOSitional case, PROLOG implements the search for such witnesses
p(X1>X2), "'Q(X2,Xa)} to the
lIl, 42 and 4a by adding the goal clause G = {.....
cur~nt program P and then deciding if the result is an unsatisfiable formula. u:t
Us list varioWj semantic equivalenta of the resulting formula to help see bow t~
search produces an answer to our question. First, the meaning of the clause G IS
IIXI'VX2'VX3[-.p(X t , X2) V -.q(X2,X3)]. U adding it to the program P produces
~ UDsatisfiable formula P U {G}, then its negation is a logical consequence of
(check through the definitions 88 we did in Lemma 1.10.6). Thus

P F ~YX.YX,YX,[~p(X.. X,) V -,q(X" X,)J.

As we have seen above (and in Exercise 4.S), this is equivalent to

P F 3X.3X,3X,[p(X.,X,) Aq(X"X,)].
The implementation of PROLOG tries to establish this consequence relation by
;foduCing a resolution refutation of PUC G}. (We define resolution refutations ~r
t~ate caJculUSln §13 and Cbapter III.) A by-product afthe proof procedure 15
at It actually produces witnesses, °1,42.°3 in this case, that show that PU{G}
 is unsatisfiable by providing a proof from P that p(al,a~} 1\ q(a~.a3}' From the
vifnvpolnt of resolution theorem proving, these witnesses are a mere by-product
of the proof. From the programming point of view, they are the essentiaJ result.
They are the output of our program; the answers to our questions.

Because of the way PROLOG represents data via logic, there is an unusual sym-
metry between input and output. We can put the variables anywhere in our
predicate when we ask questions. Thus the simple predicate add (X, Y, Z) not
only supplies a+b when we enter "?- add (a, b, Z)." it also supplies b-a when
we enter Y?- add (a, Z,o)." (at least if b > a). A single PROWG program can
thus be used to answer quite fancy questions that might be difficult to extract
from a simple database. Compare asking if one can get from (a, b) to (c,d). in
three knight's moves given one of the above PROLOG programs to explicitly writ-
ing such a program in some other language given only the database listing the
knight's moves. The arrangement of, and orders for, searching are all done auto-
matically. Again we return to these points of reversibility and searching later.

Exercises

1. Verify that the symmetry rules (SI)~(S4) are legitimate. (You can do this
by applying the arithmetic definition of ktmove (AD).)

2. ExpJa.in (in EngJish) the meaning of the rules (AI}-(A2) and why they
correctly represent addition on the structure {I, ... , 8}.

3. Explain (in English) the meaning of the rules (A3)-(A4) and why they
correctly represent absolute difference on the structure {I, ... ,8}.

4. Suppose that suc(X, Y) were correctly defined in some wayan all the nat-
ural numbers, t.e., suc(n, m) is true iff n + 1 = m.

a} Do the clauses (AI)-(A2) still correctly define addition?

b) Do the clauses (A3)-(A4) still correctly define absolute difference?

Suppcse now that suc(X, Y} defines "succeeded by" on the integers. What
relatlODSdo
gers? the clauses (AI)-(A2) and (A3)-(A4) now define on the inte-

5. Suppcee we switch to a language containing the constant c, a unary func-

tion symbol seX) and a ternary Predicate symbol a(X. Y, Z}. Write a set
of PROLOG clauses that will make Ya" define addition in the sense that
a(:"(c~,""'(c},st(c) will be a consequence of the program iff n + m = t.
~s (he) IS ~horthand for s( ... (s(e)) ... ) Where there are n occurrences of s
In t e string of "'s.)
 5 Interpretations of PROLOGPrograms 107

6. Prove that every PROLOG program is satisfiable.

The fdilowing problems (and others later on) were designed to be used with a
database which we supplied online. This database consists of the genealogy given
in the first few chapters of Chronicles (the last book of the Hebrew Bible). The
information there is in terms of male descent only. (Actua1ly there are bits and
pieces of information on women and their children but so fragmentary as to make
inclusion fairly useless. The information was recorded in the database in terms
of the predicate "fatherof(a,b)lt. Thus the file consisted purely of (ma.ny) facts
entered as follows:

fatherof(adam, seth).
fatherof(abraham, isaac).
fatherof(isaae, jacob).
fatherof(isaac, esau).

In Problems 7 and 8 assume that this is the only type of information avail-
able (e.g., in defining grandfather, there is no need to consider ancestry on the
mother's side as this sort of information is not available).

We.Provide a printout of the database as-Appendix B.1f the reader does not have
online access to this database or a similar one, the following problems should be
lUlswered by just writing down a PROLOG program which is sema.ntically correct
~rding to the interpretations of facts and rules described in this section. Sim-
1~ly, descriptions of how to get the requested information from the programs
will suffice.

7. Ancestors:

a) Write a program defining "grandfatherof".

b) Find the grandfathers of nimrod, Iud and joktan.
c) Use this program to find a grandson of noah; to find all his grend-
sons (use the facility that generates alternate answers by entering a
setnicolon after each answer is given until there are no more).
d) Write & program defining "greatgrandfatherof".
e) Find the great-grandfathers of shem and canaan.
£) Use the program to find a great-grandson of abraham; to find ten of
his great-grandson!.
g) Write & program to define "ancestorof".
h) Find three ancestors ofsbem.
108 II. Predicate Logie

8. Uncles:

a) Write a program defining "uncleof".

b) Find the uncles of nimrod, Iud and joktan.
c) Use this program to find a nephew ofshem; to find all ~is nephe~ (use
the facility that generates alternate answers by entermg a semicolon
after each answer is given until there are no more).
d) Write a program defining "granduncleof' (recall that my grandfa-
ther's brothers are my granduncles).
e) Find the granduncles of shelah and canaan.
f) Use the program to find a grandnephew of ham; to find eight of his DelUl
grandnephews.

Note that for this exercise you should allow yourself to use the PROLOG
version of inequality X F Y.

6 Proofs: Complete Systematic Tableaux

We now describe a system for building proofs of sentences in predicate logic. As

for propositional logic the proofs are labeled binary trees called tableaw:. The
labels on the trees are signed seeeences {i.e., sentences preceded by T or t:
indicate that, for the sake of the analysis, we are assuming them true or
respectively], We again call these labels the entries of the tableau, F~rmallY,
define tableaux for predicate lOgicinductively by first specifying certern (~a~ Ii
I:
,

binary) trees as tableaux (the so-called atomic tableaux) and then givmg
development rule defining more complex tableaux from simpler ones. T be III he
' ten'
of the proof procedure is to start with SOmesigned sentence such as Fa as t
root of our tree and to analyze it into its components in such a way as to sh~
that any anal)1iis leads to a contradiction. We then conclude that we have refu
the original assumption that o is false and so have a proof of a.
The analysis of the connectives is the same as in propositional logic and the pIan
of the analysis is again that if some sentence is correctly signed (T or F) t~~~t
least one of its immediate euccessces in the tree analysis is also correctly S1!l"<'~'
The new problem is how to deal with quantifiers, If we consider, for example,
T3rrp(x), the obvious analysis ofthe assertion that there is an x such that. r,o(r)
is simply to supply such an x, Supplying such a witness means specify~:
ground term t and 88Serting that rp(t) is true. Thus, our first concern ebc we
be that there are as many ground terms available as we might ever need, If
therefore begin with any language l. we immediately expand it to one [,C by
adding on a set of constant symbols ',.~ c..... not ..__.J in £. Let A be anY
, '1,t,l ....
~,... ~ four
atomic sentence of l.c and Q, fJ be any sentences of l.c. The bese case 0
 6 Proofs: Complete Systematic Tableaux 109

inductive definition of tableaux for the analysis of sentences of the language £

starts with the (labeled binary) trees in Figure 29 as the atomic tobleaux.
Intuitively the requirement that the constant introduced in Cases 7b and 8a
be ~new" is easy to understand. The starting point of the tableau here is the
assertion that an x with some property exists. There can be no danger in then
essertlng that c is such an x as long as we have no prior demands on c. On the
other hand, if some other assertions have already been made about c. we have
no right to assume that an element with these other properties can also IJe a
witness for this new assertion. The precise syntactic meaning of "new" is defined
simultaneously with the inductive definition of tableau:z: as binary trees labeled
with signed statements.

iition 6.1: We define tableaux as binary trees labeled with signed sentences (of
£C) called entries by induction:

(i) AU atomic tableaux are tableaux. The requirement that c be new in Cases
7b and 8a here simply means that c is one of the constants ct added on to
f. to get £c (which therefore does not appear in !p).

(ii) If 7 is a finite tableau, P a path on 7, E an entry of 7 occurring on P and

7' is obtained hom. by adjoining an atomic tableau with root entry E to
7 at the end of the path P, then r' is also a tableau. Here the requirement
that c be new in Cases 7b and 8a means that it is one of the ct that do
not appear in any entries on P. (In actual practice it is simpler in terms
of bookkeeping to choose one not appearing at any node of -r.)

(ill) If 70 is a finite tableau and TO.'1, ...• Tn •..•. is a sequence of tableaux such
tbat, for every n ~ 0, Tn+! is constructed hom 'Tn by an application of (il),
then T" = lJ7"nis also a tableau.

Warning: It is crucial in the setting of predicate logic that the entry E in

Clause (il) be repeated when the corresponding atomic tableau is added on to
P (at least; in Cases 7a and Bb). The reason for this becomes apparent once we
analyze the action needed In these cases and the resulting definition of a finished
tableau (Definition 6.7).

:e n~ define tableau proofs of sentences in predicate logic. It is important

realize, however, that in most situations one does not simply prove a sen-
te~ceoutright. One normally proves something based on various ASSumptions or
~tns. The semantic aspect of this procedure was embodied in the notion of lo~-
al. consequence in Definition 4.4. Th capture the corresponding proo~-theoret~c
llotion we need to define tableaux and proofs from premises for predleete logic

~:ed
analogous to the ones presented in 1.6 for propositional logic. The modifications
are like thQ6e incorporated In the definitions of 1.6 for propositional logic.
key change is In the definition of & tableau from a set of sentences S. The
110 II. Predicate Logic

I. Ib ,. 2b

T(a" P)

TA FA
I F(a"p)
T.

I F.
/\ FP
Tp

'" 3b
•• .b

F(aVPI

T("n) F("a) T(o v P) I

I I /\ F.
F. T. T. TP
FP
I
50 5b 6. 6b

F(o .... fJ) T(o .... fJ) F(o .... fJ)

T(o .... fJ) I /\ / \

/\ T. T. F. T. F.
F. Tp
Fp
I Tp
I I Fp
I I
Fp TP
7.
7b
•• .b

Tf"r),.,(r} F('t'r)<jl(r)
T(3r)<p(r} F(3r).p(r)

I
T<p(t)
I I I
F<p(c) T<jl(c) FIl'(t)
fot"&l>y POund
fot" .. ne"
term t of £c for .. D ...... (or any sround
- ..... 0 constant e term t of cc

FIGURE 29.
 6 Proofs: Complete Systematic Tableaux 111

underlying idea is that we are assuming that every sentence in S is true. Thus,
in addition to the formation rules for ordinary tableaux, we may assert at any
time that any sentence in S is true. We accomplish this by adding on one new
formation rule for tableaux from S.
For the remainder of this section we let S be a set of sentences in the language
C. We often refer to the elements of S as premises.

rLition6.1 (Continued): Tableaux from 8. The definition for tableaux from S is

the same as for ordinary tableaux except that we include an additional formation
rule:

(ii') 1f'T is a finite tableau from 5, !p a sentence from S, P a path on 'T and 'T'
is obtained from 'T by adjoining T!p to the end of the path P, then r' is
also a tableau from 5.

From now on we define our notions for tableaux from 5 simultaneously with the
ones for ordinary tableaux. The additional clauses pertaining to tableaux from
S are parenthesized, as in the following important observation.

Note: It is clear from the definition that every tableau 'T (from S) is the union
?f a finite or infinite
sequence TO, Tit .•. , Tn' ... of tableaux (from S) in which 1"0
~.~ atomic tableau and each Tn+l is gotten from Tn by an application of [ii] (or
(ll)). From now on, we always assume that every tableau (from S) is presented
as such a union.

Lition6.2: Tableau proof~ (from 5): Let 'T be a tableau and P a path in 'T.

(i) P is controdictory if, for some sentence a, To. and Fa both appear as
labels of nodes of P.

(ii) T is contrndictory if every path on r is contradictory.

(iii) 'T is a proof of a (from S) if r is 8 finite contradictory tableau (from S)

with its root node labeled Fa. If there is proof 'T of a (from S), we say a
is Provable (from S) and write I- a (5 I- a).

(iv) S is incon.ti9tent if there is a proof of a A --.0 from S for some sentence a.

Note that, if there is any contradictory tableau (from S) with root node Fa,
then there is one which is finite, t.e .• a proof of a (from S). Just terminate each
~ .when it becomes contradictory. ~ each path is now finite, the whole t~
tabfinite by Konig's lemma. Thus, the added requirement that proofs be finite
o lea? has no effect on the existence of proofs for any sentence. Anot~er way
f looking at this is that we could have required the path P in Clause (li) of the
 112 II. Predicate Logic

definition of tableaux (Definition 6.1) to be noncontradictory without affeding

the existence of proofs.

Before describing the appropriate version of finished tableaux and the construt.
tion of complete systematic tableaux, it is instructive to look at some examples of
proofs by tableaux in predicate logic. Note that we again abbreviate the tableaux
by not repeating the entry being analyzed (or developed) unless we are dealing
with either Case 7a or 8b of the atomic tableaux.

Example 6.3: Suppose we want to check the validity of the formula ((Vx)rp(z) ....
(3.z)'P(x)). We form the tableau in Figure 30.

F[(Vz)~(z) - (3z)~(z)J

I
T(VzJ-(z)

I
F(3z)~(z)

I
F~(,)

I
T(Vz)~(z)

I
T~(,)

I
o
FIGURE 30.
For the last entrv we ftk __ ~ to h ' j'_
as to use t e same constant c as in the previous Inc .
ge:
.J. '''~

tabl t~ desired contradiction. We were able to do so because the atoiIllC

eau or :C'P(:C) allows us to use any constant.

The next example also yields a contradictory tableau.

Example 6.4: See Figure 31.

In practice, it will generall firSt

expanding the atomic tab~ Prove more. efficien: to extend a tableau by &lid
to then turn to th Co hlch that requue the mtroduction of new terms
cse r w ch any ground term can be used.
 6 Proofs: Complete SYlItematicTableaux 113

F[(Vx)(P(r) - Q(r» - «Vr)P(r) - (Vr)Q(x»]

T(Vr)(P(r)
I _ Q(r»

F«Vr)P(r)
I
_ (Vr)Q(r»

T(Vr)P(r)
I
F(Vr)Q(r)
I
FQ(c)
I a "new" c

I
T(Vr)P(r)

TP(,)
I
T(Vr)(P(r)
I _ Q(r»

I
T(P(,) _ Q('»

/
FP(,)
~
TQ(,)

I I
FIGURE 31.
 114 II. Predicate Logic

Example 6.5: See Figure 32.

F(( v.r)(~(r)" -to(r»)_ ((Vr)~(r)" (....r)1,/.o(r»)

T(( ....r)(~(r)
/
....,;(z)))
\
F(( ....x)(..,,(.r) II "'(z)))

I
F(( ....z)~(x) ....(....
r)vi(r))
I
T(( ....
r)~(Z)1I (....X)-to(Z))

/
F('+'r)\<I(r)
\ I
F('+'r)vi(r) T( ....
r)..,,(r)

IWU F~(e)
I I I
Fvi(d) nn d T( ....
r)"'(r)

I
T(('+'r)(~(r)" vi(r»))
I I
T(("'r)(<p(r)" -to(x))) F(..,,(c)" "'(e)) ntt.1

T(~(e)"
I
vile))
I
T(~(d)"""(d»)
/ \
F<p(e) F,,(c)

I
TIII(e)
I I I
TIII(d) T( ....x)<p(r) T( ....r)"(r)

I
H(e)
I I I
T"(d) T<p(e) T,,(c)

I I I I
•
FIGURE 32.

The atomic tableaux for T{'Vx)~(x) and F(3x)!p(x) tell us that we can d",Jare
d the
Sl'(t) true or false, respeetively, for any ground term t. On the other han the f
atomic tableau for T(33;)!p(z) allows us to declare !pet) true only fo~ on~pJe
constants Cj which have not appeared so far in the tableau. The followmg
shows how we can get into trouble if we do not obey this proviso.

Example 6.6: Reverse the implication in Example 6.3 to get the sentence «3r);P(x~; I'\_~
(Vx)lp(x») which is not valid. H, however, we violate the provisions for using "llIl
constants, we can produce a "proof" of this sentence, as in Figure 33.
 6 Proofs: Complete Systematic Tableaux 115

F«3.M.) - (v.M.»
I
T(3·M·)

I
F(V.)~(.)

I
T~(,)

I
F~(,)
Heft we have developed the enuy
F (V~),,(~), illegally wJing the lame
e u in a p",vioUi entry.
I
o
FIGURE 33.

It is easy to see that tableaux in predicate logic need never terminate if no con-
tradiction arises. Thus, there is some question as to when we should say that
an entry has been reduced and when a tableau is finished. To motivate these
definitions, we first consider the role of the atomic tableaux for the quantifiers
and how we use them in building tableaux. When we deal with T(3x)rp(x) (or
F(\r'z)tp(z)), we analyze it simply by listing Ttp(e) (or Frp(e)) (or some con-
stant c not yet appearing along the path being extended. The original sentence
(3%lfP(z) contains no more information than the new one !p(e) and so we may
r~nably claim to have finished with it. On the other hand, if we are dealing
wtth T(ltx)r.p(z) (or F(3x)r.p(x)) the situation is quite diJferent. Here we may
add Ttp(t) (or F!p(t)) to our tableau for any ground term t. This, however, far
~om exhausts the information in the original sentence. It merely gives us one
tnstance cf the universal fact asserted by T(\"x)rp(x). Thus, we cannot say that
: have as yet finished with T(Vx)rp(x). With this distinction in mind we can
he the notion of when an entry of a tableau has been reduced and when a
ta~leau is finished. M. in the propositional case, our goal is to describe a system-
at~cProcedure to produce a tableau proof (from S) of a given sentence rp. That
~ ~matic procedure will always succeed if r.p is valid (a logical consequence
S) 18the content of the Completeness Theorem (Theorem 1.1).

Let tr, ... ,t .., ... be a list of all the ground terms of our language £c which, we
""ll "._.
, mctudee the new constants Cj.
Oil"
IOn8.7: Let T = UT.. be a tableau (from S), P a path in T, E an entry on P
and tIi the ith occurrence of E on P {l.e., the itb node on P labeled with E).
 116 It Predicate Logic

(I) ttl is reduud on P if

(1) E is neither of the form T(Vx)tp(x) nor F(3x)lf'(x) and.' .for some j, TJ+)
is gotten from Tj by an application of Rule (ii) of :O:fimtlon 6.1 to E and
a path on Tj which is an initial segment of P. (In this case we say that E
occurs on P Il.S the root entry of an atomic tableau.)

0'

(2) E is of the form T(Vx)tp(x) or F(3x)lo'(x), TIp(t;) or Flo'{t;), respectively,

is an entry on P and there is an (i + l)st occurrence of E on P.

(ii) T is finished if every occurrence of every entry on T is reduced on every

noncontradictory path containing it (and Tlo' appears on every noncontre-
dictory path of T for every lo' in S). It is unfinished otherwise.

The idea here is that signed sentences such as T(\fx)rp(x) must be instanti~
for each term t; in our language before we can say that we have finished WI
them. We can now show that there is a finished tableau (from S) with ~.
given entry on its root node by constructing the appropriate complete systematIC
tableau (from 8). The plan is to devise an ordering procedure so that we .c~
reduce each entry in turn to produce the finished tableau. We employ a vaflatl
on the lexicographic ordering on the nodes of the tableau.

Definition 6.8: Suppose T is a tree with a left-right ordering on the nodes at each of
Its levels. Reca1I (from lI) that ifT is, for example, a tree of binary sequences,
the left-right ordering is given by the usual lexicographic ordering. We define
the ltvel-lexicographic oTdeTifl9 SLL on the nodes v, J.l of T as follows:

v S LL Jl ~ the level of 11in T is less than that of p. or 11 and p. are on the

same level of T and v is to the left of 11.

Definition 6.9: We COnstruct the CST, the CDmplete systematic tableau, with anY
~..
Proa
given signed sentence as the label of its root, by induction.

(i) We begin with TO an atomic tableau with root the given signed senten~
This atomic tableau is uniquely specified by requiring that in Cases 7a an
8b we use the term tl and that in Cases 7b and 8a we use c, for the least
allowable i.

At stage n, we have, by induction, a. tableau T. which we extend to one T,,+I'

As Tn is a (fi~ite, labeled) binary tree the level-'iexicographic ordering is de~
as ~ on Its nodes. If every occurrence of every entry on T is reduced,
termmate the construction. Otherwise, let ttl be the level-lexicographically least
 6 Proofs: CompleteSystematicTableaux 117

node of Tn that contains an occurrence of an entry E which is unreduced on

some noncontradictory path P of'Tm. We now proceed according to one of the
following cases:

(ii) If E is not of the form T(Vx)!p(x) or F(3x)lp(x), we adjoin the atomic

tableau with apex E to the end of every noncontradictory path in T that
contains w, For E of the form T(3x)Ip(x) or F('tIx)Ip(X), we use the least
constant Cj not yet appearing in the tableau.

(iii) If E is of the form T('tIx)lp(x) or F(3x)Ip(x) and w is the ith occurrence of

E on P we adjoin

E E

I I
F~(';)
T~(';)

respectively, to the end of every noncontradictory path in 'T containing w.

The CST from a set of premises S with a given root is defined like the ordinary CST
above with one change to introduce the elements of S. At even stages (n = 2k)
we proceedas in (i), (Il) and (iii) above. At odd stages (n = 2k+l) we adjoin Ta"
for Q", the kth element of S to every noncontradictory path in 'Tn to get Tn+1'
Wedo not terminate the construction of the CST from S unless all elements of S
have been put on every noncontradictory path in this way and every occurrence
of every entry is reduced on every path containing it.
Note that, in general a CST will be an infinite tableau (even if S is finite). The
cru'al '. '
C1 pomt IS that it is always a finished tableau.

OSition8.10: Every CST is finished.

i: Co nsider any unreduced occurrence w of an entry E in n ~ 'T that is on

a noncontradictory path P of the given CST T. (If there is none, T is finished
~ definition.) Suppose there are n nodes of T that are level-lexicographically
ess than w. It is clear from the definition of the CST that we must reduce w
On P by the time we form 1'), 1 Thus every occurrence of each entry on a
lloncont_.... +01+ • ,
rn.ulctorypath in T is reduced as required.
If we COnsiderthe CST from S the considerations apply to show that every
e ........

entry'
The 18 reduced on every path.• (It..-..... h
just takes twice as many steps to get t ere.
)

th Procedure of adding on the kth member of 5 at stage 2k + 1 guarantees

fi~every element of S is put on every path of the CST from S. It is therefore a
ed tableau from S. 0
118 II. Prtdieate Logic

Example 6.11: Figure 34 above gives an example of a tableau that is finished except
for one unreduced entry. Exercise 15 asks for the unreduced entry.

Exercises
In Exercises I-Il, let 'P and T/J be any formulas either with no free varia?les or
with only % free as appropriate. Give tableau proofs of each of the following:

1. (3%)(~(%) V ¢(%)) ~ (3%)~(%)V (3%)¢(x).

2. (\I%)(~(%)A ¢(%)) ~ (\I%)~(%)A (Vx)¢(%).
3. (~V (\I%)¢(%)) - (\Ix)(~ V ¢(%)), % not free in ~.
4. (r,o /\ (3x)T/J(x)) -. (3x)('P /\ T/J(x)), x not free in (/).
5. (3%)(~ ~ ¢(%)) ~ (~~ (3%)¢(%)), z not free in ~.
6. (3%)(~ A ¢(%)) - (~A (3%)¢(%)), x not free In ~.
7. "(3%J.(%) ~ (V%)-.p(%).
8. (V%)-.p(%)~ ~(3%J.(%) .
•. (3%)"~(%) ~ ~(\I%)~(%).

10 (3%)(~(%) - ¢) ~ «(\I%)~(%)~ ¢), % not Iree in ¢.

11. «3%)~(x) ~ ¢) ~ (Vx)(,(%) ~ ¢), x not free in ¢.
12. Let 'P and ,p be any formulas with free variables x, y and Zj let w be any
variable not appearing in 'P or ,p. Give tableau proofs of the following:
a) Vx3y-.Vz (/)(%,y, z) _ Vx3y3z-.'P(x, y, z).
b) 3%Vy(\l%, V ¢) ~ 3%VyVw(~(zfw) V ¢).
c) V%3y(, V 3,¢) ~ V%3y3w(, V ¢(%/w)).
d) V%3y(, - V%¢(%))~ V%3yVw(~ ~ ¢(%/w)).

13. Theorem on Constants: Let 'P(%1, ... ,xn) be a formula in a language

£. with all free variables displayed and let cit , en be constant s~
bois not in £.. Show that V'XI ... V'x ...lp(Xt, ... , x ) is tableau provable f
r,o(Ct, ... , c,..) is. Argue syntactically to show that stven a proof of one 0
t h e formulas, one can construct a proof of the other. ' "'.(You may assume the
proof is given by the CST prccedure.)

14. If the left-right orderings on each level of T is a well-ordering (t.e., every

subset has a least element), then the ordering :::;LL is a weU-ordering of
the nodes of T.

15. Find the umeduced entry in Figure 34 and give a finished tableau with the
same root as the one there.
 6 Proofs:Complete SystematicTableaux 119

T«3y)(~R(y, y) V Ply, y)) A (V.)R(.,.))

T(3y)(~R(y,y)
I V P(y,y»

I
T(V.)R(.,.)

T(~R(,o,'o)
I V P(",.,,))

I
T(V.)R(.,,)

I
TR(co, co)

(suppose to = co)
.> ~ TP(co,eo)

I
T(V.)R(.,.)

I
TR('" t,)

I
T(V.)R(.,.)

I
TR('".,)

FIGURE 34.
120 II. Predicate Logic

7 Soundness and Completeness of Tableau Proofs

We can DOWexploit the complete systematic tableaux to prove the basic theo-
rems about predicate logic and provability: Soundness, Completeness and C0m-
pectness. We begin with the soundness of proofs by tableaux in predicate logk.
Throughout this section, t. is a fixed language of predicate calculus and S is a
set of sentences in t. The case of pure tableaux, l.e., with no set S of premises,
Is simply the case S = 0. This remark applies to all the results of this sectioo
and so we deal only with the case of proofs and tableaux from S. The root nodes
of our tableaux are also taken from c..

Lemma 7.1: 11 T = UT.. is

11 tableau /rom a set of sentences S with root Fa, ~n
any £-structUI'l: s
.A that is a model 01 u {.....
o.} can be extended to one agrum9
with every entry on "orne path P through T. (ReJ:lll1 that.A agrees with To (Fa)
if a is true (faue) in..4.)

Proof: The only expansion of .A that is necessary to make it a structure for all ~e
sentences appearing in r is to define et
for the constants Co in [;c _ t. appe~
on P. (Remember, these are the constants used in, as the "new" constants LD
instantiations.)

We define P and
A
et
by an induction on the .......uence T. giving the construction of
--, n (.th
T. t each step n we have a path p.. through T.. and an extension .An of A WI.
the same dOmain) which interprets all the c, on p.. and agrees with p... T.hlS
clearly suffices to prove the lemma. When r...+1 Is gotten from T.. byextendiD&
some path. other than p.. we need make no changes in p.. or .An. Suppose t~en
that '''+1 IS gotten by adding on to the end of P. either an atomic tableau WIth
E
root nan entry on Pn or an element Ok of S. In the latter case we extend p,.. ln
the only way possible by attaching OJ: to its end. No extension of .An is necessarY
and it a,g~ with OJ: (and hence Pn+ll by hypothesis. We consider then the case
of extendlDg T.. by adding on an atomic tableau T' with root E. By induction we
may assume that A.. agrees with E. We wish to extend.A to .An+land find II
~th ~nH extending p.. through TnH agreeing with A,,+l' (The base case ofo~r
induction ~ the atomic tableau TO wh06e root r« agrees with A by hypothe51S.
The analysIS of the base case is then exactly as in the inductive step: We wish to
extend .A to An and find a path Po through TO agreeing with ..40.) We consider
each type of atomic tablea.u T'.

(i) The situation for the prOpositional connectives is the same as in the proof of 1'Ite
soundness for propositional logic (Lemma 1.5.4). In particular, no extension of
 7 Soundness and Completeness or Tableau Proofs 121

~ is necessary. If, for example, we added on

T(. V P)

T.
/ ~

then we know by induction that An 1= ov f3 and so.An F a. or An F {l We choose

to extend Pn accordingly. The analysis for the other propositional connectives is
left as Exercise 7.

(iil If we added on

T(Vr)~(r) F(3r)~(r)

T~(t)
I 0' I
F~(')

we again have no problem. An 1= Vx<p(x) (or An 1= .....3xI,O(x» and so An F lp(t)

(An I: .....
1,O(t)). (Note that if tA. is not yet defined by our inductive procedure we
can DOW define it arbitrarily and still maintain our inductive hypothesis as we
know that An '" Vr~(r) (0' An '" ~3r~(r».)

(iii) Finally, if we added on

~~ SOme new corutant symbol c (Le., one not appearing either in S or in an

--.\:1; on p...), we must define~. By induction, we know that An. F 3x1,O(x)(An F
h ip(:r:)) and so we may choose an element a e A (= An by construction) such
t .(t,)if·) we extend An. to A...+t by letting cA = a, we have .An+1 1= I,O(C)(.4n+1 '"
'V C as required. 0

•.... 1.2 (Soundness): IJ tht~ u a tableau proof T' of a from 5, then 51=0:·
 122 If. Predicate Logic

Proof: If not, then there is a structure A ~ -.a in which every a:/< in S is true. Lemma
1,1 then tells us that there is a path P through T and an expansion A' of A that.
agrees with every node on P. As P is contradictory by assumption, we have our
desired contradiction. 0

We now turn to the completeness of the tableau method of proof for predicate
logic. As in the propositional case (Theorem 1.5.3 and especially Lemma 1.5.4)
the plan is to use a noncontradictory path in a CST to build a structure for
tc that agrees with every entry on P. The underlying idea here is to build the
desired structure out of the only available materials _ the syntactic objects, in
particular, the ground terms appearing on the path. This idea and its application
in the proof of the completeness theorem are crucial ingredients in the proofs
of many other important results including Herbrand's theorem (Theorem 10.4)
and the Skclem-Lowenhetm theorem (Theorem 1.1).

Theorem 1.3: Suppose P is a noncontradictory path through a complete systematic

tableau T /rom S with root FQ. There is then a structure A in which 0: i$ fahl
and every sentence in S is true.

Proof: Let the domain of this structure be the set A of ground terms tj on the master
list of ground terms of our expanded language Le. We define the functions fA
associated with the n-ary function symbols f of our language in the natural way
corresponding to the syntax of £..c:

Remember that the elements of our structure are the ground terms and so the
t; appearing On the left-hand side of this equation are being viewed as elements
of our structure to which we apply the function fA. On the right-hand side:
have another term, and so an element of our structure which we declare to
the value of this function. If R is an n-ary predicate' letter we define R). es
dictated by the path P: '

,RA(til' ... , ti.,) <* T R(t;" ... ,t •.,) is an entry on P.

We ~
ductlon.
prove the theorem by establishing a slightly stronger assertion by in'
0
"",
Lemma 7.4: Let the not4tion be as _L_
uwtle.
(i) If F{3 OCCUrson P, then /3 is false in A.
(ii) If T/3 OCCurson P, then {3 is tnu in A.
Proof: First recall that bv P
't' 6 p,
roposllOn .10, every Occurrence of every entry on.
' J

reduced on P. We now proceed by induction on the depth of {J (more precJSC1y,

 7 Soundness and Completeness of Tableau Proofs 123

on the depth of the associated auxiliary formation tree as given in Definition

3.8}.
(i) I£ (J is an atomic sentence, then J3 is of the form R(til,···, ti..)· If TJ3 occurs
on P,then R.A. has been declared true of til' ... ' ti... If FP occurs on P, then, as
P is noncontradictory, TJ3 does not occur on P and R.A. has been declared false
oUil'" . ,ti ..·
(il) Suppose P is built using a connective, e.g., J3 is (PI V f32). As 'T is finished,
we know that if TJ3 occurs on P, then either T{31 or Tfh occurs on P. By the
induction hypothesis, if T{JI occurs on P, then {31 is true in A (and similarly
for P2). Thus, one of {JI, 132 is true so ({JI V !h) is true in A (by the inductive
definition of truth). On the other ha.nd, if F({31 V 132) appears on P, then we
know that both F{3i a.nd Ffh appear on P. Our inductive hypothesis then tells
lUIthat both Pi and fh are false in A. We then have that ({31 V 13:z) is false in
A as required. The cases for the other connectives are similar and are left as
Exercise8.
(iii) Suppose (3 is of the form (Vv)lp(v). If w is the ith occurrence of T( ('rIv)lp(v)
on P, then Trp(ti) occurs on P and there is an i+ 1st occurrence of T«('v'x)lp{:r»
on P. Thus, if T(('v'v)lp(v» appears on P, then !p(t) appears on P for every
ground term t. As the depth of !p(t) is less than that of (Vv)rp(v), the inductive
hYPothesistells us that tp(t) is true in A for every ground term t. As these terms
constitute the universe of our structure A, (Vv)rp(v) is true in A as required.
U F(Vv)lp(v) occurs on P, then, again as 'T is finished, Fcp(t) occurs on P for
some t. By induction hypothesis Ip(t) is false in A. So (Vv)cp(v) is false in A.
(iv) The case for 3vcp(v) is similar and is left as Exercise 9. 0

This also completes the proof of Theorem 7.3. 0

We now specialize our general remarks on the finiteness of proofs to complete

S}'stematic tableaux.

lS.it~n 7.5: 1/ every path 0/ a complete systematic tableau is controdictory, then

it I.S Q finite tableau.

'1'hBy construction, we never extend a path on a CST once it is contradictory.

I<"~'every contradictory path on a CST is finite. The theorem then follows from
omg'S lemma (Theorem 1.1.4). 0

'Ye have thus proven an effective version of the completeness theorem. For any
~ sentence Q and any set of sentences S we can produce either a proof that
'. '!ogi--'
'4l consequence of S or a model of• S in which Q fails.

Iary 7.6: For evuy eeaeence Q and set 0/ sentences S of L., either

(i) ~ CST /rom S with root Fer it a tGbleau proof of Q from S

 124 II. Predkate Logic

(ii) there it a noncontradictory branch through the complete 3113temat~ tablma

that ¢tldJ a Itructure in that a it falle and every element of S " lrut.

As the path In (Ii) of Corollary 7.6 is countable (I.e., there is a one-to-ere

correspondence between its symbols (and hence its terms and formulas) and I
subset of the natural numbers), so is the structure associated with It. We have
thus also proven the Skolem-LOwenheim theorem. 0

Theorem 1.1 (Skolem-LOwenheim): If a countable set of sentences S is 14ti3jitJ/!k

(lJud ii, it 1lfJ.J 14me model), then it has a count4ble model:

Proof: Consider the CST from S that starts with a contradiction 01\-'0 at its root. By
the soundness theorem (Theorem 7.2) it cannot be a tableau proof of aA-.a from
S. Thus, it must have a noncontradictory path P. As there are only countabJ.Y
many ground terms in £c, the structure defined in the proof of Theorem 7.4 ~
the desired countable model of S.

The analogous theorem can also be proved for arbitrary cardinalities. Also note
that we use countable in the sense of at most countable, that Is, the model ro.a:Y
be finite. In our setting, however, one can always guarantee that the model.IS ~
infinite (Exercise 3). One can guarantee that a set of sentences has only finite
models only by the special treatment of equality which we consider in III.~'
POint. the rernacks on PROLOG,this treatment of equality can be read at this
Ig~

We can refonnulate Corollary 7.6, in analogy with the completeness and sound-
ness theorems for Propositional celculus, in terms of the equivalences ~
P~bllity and logical consequence. The point to keep in mind is that, if a IS
false 11) SOmemodel for S, then it cannot be a logical consequence of S.
Theorem 7.8: (Completeness and Soundness):

(i) c is tableau provable /rom S <:$ 0 i5 a lDgical consequence 0/ S.

~li)If ~ ta.t~Q to be any contrndiction &uch (U /1 A -.fJ in (i), we see thtJt S ~
Incomt.rient if and omy if S it UnlatUfiable.

The compactness theorem for Predicate logic is also a consequence

eulte. of these tr

Theorem,7.9 (?om~tne&!.l: Let S = {al,a:l, ... ) be a let of sentences of predidJ.U

logic. S IS !dtUfiable if and only if every finite sub!et 0/ S U latujiabk.

Proof: :Theonly if direction Is immediate. For the if direction consider the CST ~~ S
WIth root entry F(o A --0). If the CST is contradictory, it is finite by ProposltjoD.
 7 Soundness and Completeness of Tableau Proofs 125

7.s.nit is infinite, it has a noncontradictory path and so by Corollary 7.6 there

is a structure in which every a,
is true. If it is contradictory and finite. then
aA-.o: is a logical consequence of the finite subset of S whose elements are those
appearing on this tableau. This finite subset can have r o model as a A ..... o has
nomodel. 0

We should point out one important difference between the completeness proofs
for predicate and propositional logic. The finished tableaux for propositional
logicwere always finite and so for every proposition 0: we can effectively decide
if it is valid or actually produce a counterexample. For predicate logic, if a given
sentence 'fI is valid, we eventuaUy find a proof. On the other hand. if it is Dot
valid, the finished tableau and the path providing a counterexample may well
be infinite. Thus we may never in the course of our construction actually know
that rp is not valid. This phenomenon is unavoidable. Church's theorem states
that there is no effective method for deciding if a given sentence in the predicate
calculus is valid. We prove this result in Corollary III.B.IO as a corollary to a
result on termination of PROLOG programs. A proof suitable for insertion at this
POintcan, however. be based on the semantic approach indtcated in Exercise
ITI.8.3.

1. Give a semantic proof of Exercise 6.13 (the Theorem on Constants); Let

rp{:t'lJ ... ,xn) be a formula in a language £, with all free variables displayed
and let en be constant symbols not in £'. Show that the sentence
Cit ....

~Xl'" Xt'l) is tableau provable iff cp(Clt .. ·, en) is by show-

\t'Xt'lCP(Xlt
109 that cp(Xlt xn) is valid iff rp(CI, .••• en) is valid. Now apply the
completeness theorem.

2. Find a finite language £, and a finite set of sentences S of £, that has an

infinite model but no finite ones.

3. Let l. be any language for predicate logic and S be any set of sentences in
t. Prove that S is satisfiable iff it has an infinite model.
4. Let l. be a language for arithmetic on the natural numbers N (= {O.l, 2,
... }) including 0, 1. +•. and c-. Let Th(.N) be the set of all sentences of
r. true in N. Show that there is a nonstandard model of Th(.N'). Le., a
structure M for l. in which every sentence of Th(JrI) is true but in which
there is an element c greater than every n E N.

5. ~nsider the appUcations of compactness in the exercises for prcposi-

tio~ logic. Use predicate logic to give considerably simpler ~roofs of~.
ercLSes1.6.7 and 1.6.8. (Note that the planarity of a graph G 15expressible
11. Prediet.te Logic

in predicate logic since by a theorem of Kuratowski it is equivalent to tllo'O 8

specific finite graphs not being subgraphs of G.)

6. Deduction Theorem: Let I: be a finite set of sentences in a language r.

and I\I: the conjunction of its members. Prove that, for any sentence I{) of
C, the following are equivalent:

(i) EF~.
(ii) F I\I: .....!p.
(Iii) I: I- !p.

(iv) t- AI: .....!p.

7. Complete the proof of Case (i) of Lemma 7.1 by describing the required
extensions of POI for the other propositional connectives.
•
8. Complete the proof of Case (ti) of Lemma 7.4 by handling the other propo-
sitional connectives.

9. Complete the proof or Case (iv) of Lemma 7.4 by considering the case that
p;, 3v<p(v).
10. Let C be a language with no function symbols. Describe a procedure that,
given any sentence !/Jof the form 'v'XI •.• Vx .. 31h ... 3Ymlp, with Ip quantifier
free, decides if!/J is valid. ( Hint: First use Exercise 6.13 to reduce the va-
lidity of 1/J to that of 3YI'" 3Ym!p(cJ,... , c"" Yl, ... ,Ym) for new cons~t5
cr, ... , c... If this problem is still too difficult now, reconsider it as ExercISe
10.6.)

II. Let R be a binary relation symbol, and let RA be its interpretation in

a structure A. The traJl.ritive Cwsure of R.A is the set of all pairs of el-
ements (a, b) for which there exists a finite RA~path from a to h·,I.e., a
sequence Co,a), ... ,an, n ::::1, of elements of A with Go = a, an = b, and
JtA(40,40H), 0:5 i < n. Show that transitive closure is not first--order de-
fin~ble; Le., show that there does not exist a formula TC(x,y) of predica~
logiC~u~ that for all structures A and 0, bE A, A 1= TC(a, b) if and only
(a,b) IS in the transitive closure of .ftA. (Hint: Define the formulas p,,(x,y)
inductively by:
Pl(X,y) =: R(:t,y)
Pn+l (:t, y) es .3z(R(:t, z) A p,,(z, y)).
Show that in any structure A the pair (a b) is in the transitive closure o{
-:t
RA iff 1= p,,(a, b) for some n.' Suppose th~re were such a formula TC(X, 11
expressing the transitive closure of R. Consider the infinite set of sentences

{Te(a, hll U h'.(a, h)1 n" I}.

Obtain a contradiction using the compactness of predicate logic.)
 8 An Axiomatic Approach· 127

AnAxiomatic Approach"
~ for the propositional logic we give a brief sketch of a classical approach to
predit:ate logic via axioms and rules. For the sake of brevity, we use as propo-
sitional connectives only ... and -+ as we did In 1.7. In the same vein we view
the existential quantifier 3 88 a defined symbol as well: We replace 3xip(x) by
-,VX"">ip(z). (They are equivalent by Exercise 4.5.) We also fix some list of con-
stants, function symbols and predicate symbols to complete our language £.. The
axioms include the schemes (1.7.1) for propoBitionallogic but now the variablp.s
CII, f3 and 'Y range over all formulas of £.. In addition we Include two schemes thlt.t
express the meaning of the universal quantifier. Note that we are considering all
formulas, not just sentences and remember that validity for a formula with free
variables is the same as for Its universal closure .

.1 Axiorna: Let 0, P and 'Y be any formulas of £.. The axioms of our system are all
formulas of £. of the following forms:

0) (o-IP_o»)
(ti) ((0_IP _ ,)) _ ((0 _ P) - (a - ,m
(m) II".) _ 10 _ P))

(iv) (V'X)OI(Z) -0 o:(t) for any term t that Is substitutable for :t In 0:

(v) ('Vz)(o .....(j) -0 (0: -+ (Vx)J1) if 0: contains no free occurrences of e.

It is easy to check that all instances of these axiom schemes are valid. The re-
striction in (iv) Is necessary as we explained when we defined sub6titutability
(Definition 2.8). Recall that we considered in Example 2.9 (ii) the structure Z
~ the integers with constants for 0 and I, a function s for successor and a pred-
ICate A(:t,y,~) which is Interpreted as z + II = ~.In particular, we oonsidered
the true sentence If' = Vx3yA(z, II, 0). AB a true universal sentence, If' should be
~rue of any object. Indeed (iv) a88eJ'ts that any permleslble substitution result!!
~n &. formula valid in Z. On the other hand, If we substitute S(II) for z. we get
:t3yA(,(y),y,O), which is false in Z. As for the restriction in (v), collllider the
true .(i~ Z) sentence If' = Vx(\/yA(X.II,Y) -0 A(s, 1,1)). If we could ignore. the
;:nction in (v) we could conclude from rp (via the rule of modus ponens given

:n low) that 'oJyA(X,II, II) -0 VxA(s, I, 1). This formula. is not valid in Z as can be
~y setting the free occurrence of s to O. (This substitution only affects. the
. SIde of the implication by making it the true sentence VIIA(O,y,y). Tbe nght
Bide olthe implication is, however, false.)
~r system has two rules of inference. The fiI'llt rule is modus ponens applied to
~ fo~~ of 1:.. The aecond captures one direction of the equivalence between
h validity of a formula with free val"iables and that of its universal dOllure. (The
at ee direction is included in axiom scheme (Iv). Just take t to be s.)
l2 The rulell f'
o lIl(enlocel

Ii) Modu POTlenlll: From 01 and 0: _ fJ we can infer IJ for any formulas a and {j.
(iI) Ge ..•..."...Uq ~n: From V:o infer o.
_I· " '
128 II. Predicate Logic

As in propolll\ionalIOlic, such axiom and rule based systems are generally eall~
Hilbert. ....tyle proof systems. The definition of a proof £rom a set of formulas E IS
the same as for prDpositionailogi<: except that we have more axioms and rules.

Definition 8.3: Let E be a set of formulas of t..

(i) A proof from E is a finite sequence 01,02, ... ,On of formulas of C such that,
for eech i :5 fl., one of the following is true:
(1) OJ is a member of E
(2) 0; is an axiom
(3) Oi can be inferred from IIOmeof the previous OJ by an application of.
rule of inference.

(il) 0 is provable (a theorem) from E if there is a proof 01, ... ,On from E with
On =0.
(iii) A proof of 0 is simply a proof from 0. 0 is provable if it is pro1HJble from t.

The standard soundness, completeness and compactness theorems can be proven

for the system presented here. It is taken from Elliot Mendelson's lntroduclion
to Molhefn4tiool Logic [1979, 3.21 and a development of predicate logic using it
can be found there. In §13, we extend the rule based system of resolution to 8
fragment of predicate logic and prove the corresponding results for it.

Prenex Normal Form and Skolemization

We would. like to show that, in a certain sense, predicate logic CIlIl alm06t be
reduced to propositional logic. Roughly speaking, we want to eliminate the quan-
"",
tifiers by introducing new function symbols and terms. The basic idea is that a
formula such as:

r.p = 'r/Xl •.. 'v'Xn3Yl ... 3ymR(xl>'" ,Xn, YI> .•. ,tim)
will be replaced by one

fjJ == VXI ... Vx..R(xlt ... 'XI'l' ft(XIt ... ,XI'l)' !2(Xl,'" ,x ..),
.. " .. (XI, ... ,xn))·

Here each Ii is a new function symbol. The intended interpretation of I; is as

~ functio~ choosing, for any given XI, ••• 'XI'l' a Yi that makes the formula tru:
If One exists. Such functions are called Skolem functions. It is clear that tp lID
t/J are equisatisfiable (I.e., I{J is satisfiable iff t/J is) and so we could try to find ll
tableau (or other) refutation of,p just as well as one of r.p. In order to reap the fu
benefits from such a procedure, it is convenient to first replace IfJ by an equivalent
formula !p' called a pnme:r normal /01711 of r.p in which all the quantifiers are at
 9 Prenex Normal Form and Skolemization 129

the beginning. We can then hope to eliminate successive blocks of quantifiers

"BY by introducing appropriate Skolem functions. The ultimate goal is to get a
unttmal formula'" (te., one with only universal quantifiers which all occur as
the initial symbols of t/J) that is equuatisfiable with the original 'fJ. (We say that
ip and t/J are equuatufiable if both are satisfiable or if neither ere.) We would
then only need to consider universal formulas in any refutation proof scheme.
(Of course, we have resolution in mind.)
As we know how to replace all uses of oonnectives by expressions involving only .....
and V (they form an adequate set of connectives by Corollary 1.2.11), we assume
for convenience that our given formula 'fJ has no other connectives. We now show
how to find a prenex equivalent for such a "p. We first need the basic moves to
handle .., and V.

18. 9.1: For any string of quantifiers ~ = QIXIQ,X2'" Qnxn (each Qi U V or

3) and any formulru rp, t/J we have the following provable equivalences:

(la) I- j$ .....
Vyrp +-+ ~3Jrrp
(lb) l- Q;~3W _ Q;Vy~~
(,.) f- Q;rvy~ V,p) _ Q;Vz(~(Ylz) V,p)
I U) ~
l- Qz(~ ~
VVy,p) _ QzVz(~ V ,p(ylz))
I'b) f- Q;(3y~ V,p) _ Q;3z(~(Ylz) V,p)
I'~)f- Q;(~ V 3y,p) _ Q;3z(~ V ,p(ylz)).
1ltlere% is a variable not occurring in rp or t/J or among the Xi·

f: Tableaux proofs of such equivalences are fairly simple and are left as exercises.
(Samplesof (la), (2a) and (2b') were given in Exercise 6.12 (a), (b) and (c),
resPectively.)Alternatively one can argue semantically for the equivalences and
then apply the completeness theorem. (Exercise 4.5 essentially gives (la) and
(lb),)A general approach to these equivalences is outlined In Exercises 1-3, 0

as.' In t he context of resolution proofs, the practice of renammg

Note' . varia . b1es
~ (280)and (2b) to avoid possible oon6icts is often called standardizing the
tlariables apart.

We can no '__ 1_ t
w prove that every formula rp has a prenex. equiv __ n .

reID.
fi 9 . 2 (P renex normal form): ,
For etIe'1l formtJia rp the~ 1.8 an equu'. ale n t
::;:~ rI with the "amt: free tlariahtu in which all quantifiers appear ce the
nnlng. Such an equivalmt of rp is called a prena normal fonn (PNF) of rp.
f: By ind
9aurne ucticn on the depth of rp. Remember that, by Corollary 1.2.11, we may
'P ' that the only propositional connectives occurring in q; are .....and V. If
IS atoOlic, there is nothing to prove. If rp is 'tI1I¢ or 3yt/J and '1/1 is a PNF of
ISO U. Predicate Logic

lJ, then 'I'lJVIor 3y1fI is one for t{J. (This fact is the base case for the inductioo
In Exercise l.) If t{J "'" ..,,p and 1/1 is a PNF of,p, then repeated applications d
the clauses (la) and (lb) of the lemma will produce the desired PNF for fI.lf
t{J= tP V 9, then repeated applications of the clauses (2a), (2a'), (2b) and (2b'j
will give the result for tp. 0

Note: One can easily introduce prenexing rules that deal directly with the other
connectives. The following equivalences may be used to put formulas in PNF
without first eliminating any of the connectives except _:
~ ~
(30)"Qx('lY.A~)_QxVz(.(Y/Z)A~)
~ ~
(Ja') "QX(.AVY~)_QxV'(.A~(y/z))
~ ~
(3b) " Qx(3y. A~) _ Qx3,(.(y/,) A~)
~ ~
(3b') "QX(.A3Y~)_Qx3'(.A~(y/,))
~ ~
('0) " Qx('ly. _ ~) _ Qx3z(.(y/z) _~)
('0') "Q";(. _ VW) _ Q";V,(. _ ~(y/,»)
('b) "Q";(~ _~) _ Q";Vz(.(y/,) _~)
('b') "Q";(. _~) _ Q";3'(. _ ~(y/,)).

Again z is a variable not occurring on the left-hand side of the equivalences.

Example 9.3: We find PNF's for two formulas:

(i) Vx3yP(x,y) V '3xVYQ(x,y),

VaI3yP(a,y) V '3xVyQ(x, y)1
Va3aIP(a, v) V '3xVyQ(x,y)!
Vu3v{P(a,v) V Vx,Vy Q(x,y)1
Vu3vIP(a,v) VVx3y,Q(x, y)1
Va3aVwIP(a, v) V 3y,q(w,y)1
Va3aVw3'IP(a, e) V ~Q(w,')I.

(ii) VxVy{(3,)(P(x, ,) A P(y,,)) _ 3uQ(x,y, a)I'

'IxVy'v'w(P(x, e} 1\ P(y,w) ......3uQ(:t,y, u)]
'v'xVy'v'w3z(P(x, 10) A P(y,w) ......Q(x, y, z)J.
(iii) Alternatively"" u1d .
co get a different PNF for (i) as follows:
Val3yP(a,y) V~3xVYQ(x, y)]
Val3yP(a,y) VVx~Vy Q(x, y)J
VuVwl3yP(u,y) V ~VyQ(w, y)1
 9 Prenex Nonnal Form and Skolemiul.tion 131

VuVw3u[P(u,u) V ~VyQ(w,y)1
VuVw3u(P(u, v) V 3y~(w, y)1
'1u'lw3tl3z{P(u, tI) V -.(J(w, z)}.

We can now reduce the problem of giving refutation proofs of arbitrary sentences
of the predicate calculus to that for universal ones.

Iheorem 9.4 (Skolemization): For every sentence I{J in a given language t:. there is a
uniuersal formula I{J' in an expanded language t: goUen by the addition of new
junction symbols such that I{J and rp' are equisatisjiable.
(Note that we do not claim that the formulas are equivalent. The procedure will
always produce a ~ such that rI -0 rp is valid but I{J -0 ~ need not always hold.
See Exercise 9.4 for an example.)

>roof: By Theorem 9.2 we may assume that 'P is in prenex normal form. Let YI, ... , Yn
be the existentially quantified variables of 'P in the order in which they appear
in rp from left to right and, for each i 5 n, let XI,··· ,Xn; be all the universally
quantified variables preceding 1/•. We expand £, to £" by adding new n;-ary
function symbols Ii for each i :5 n. We now form ~ by first deleting each 311;
and then replacing each remaining occurrence of y. by /;(XI. ... , xnJ. We claim
that ~ is the desired sentence equisatisfiable with rp. To verify this claim it
suffices to apply the following lemma n times. 0

-emma 9.5: For any sentence I{J = VXI .. , '1x.. 3y1JJ of a language £" If) and cp' =
'1XI ... Vxnw{lIl J(Xt, ... ,xn » are equisatisfiab~ when f is a function symbol
not in C.

)roof: Let J:.' be the language obtained from £, by adding the function symbol l-
It is clear that if A' is a structure for £', A is the structure obtained from A'
by omitting the function interpreting f and A' F rp', then A F cpo On the other
band, if A is a structure for £ and A F cp, we can extend A to a structure A' by
defining rA.' so that for every ai> ... ,tIn E A:=: A', A F w(ylf(a1> ... ,a ..)). Of
course, A' F rp'. Note that n may be 0; that is, f may be a constant symbol. 0

~oroUary 9.6: For any set S of sentenceS' of a language t:. we can construct a set
9' of universal sentences of a language C which if an expansion of C. gotten by
adding on new /undion .symbols such that 5 and 5' an: equisatisjiable.
,, roof: Apply the construction supplied by Theorem 9.4 to each sentence !fJ of S
separately to introduce new function symbols f'# for each sentence lp of S and
form the corresponding universal sentence Ip'. Let S' be the collection of ell of
these sentences vi and C the corresponding expansion of £. As in the proof of
the theorem it is clear that, if a structure A' for C' is a model of 5', then it
132 II, Predicate Logic

is one of S. The proof also shows how to extend any model of ~ to one of BI I
by defining each new function symbol IV' independently of what IS done for the
others. 0

Example 9.7: Possible Skolemizll.tions corresponding to the prenex normal formso£

Example 9.3 above are as follows:

(;) VuVwIP(u.J,(u)) v 'Q(w,h(u, w))1

(H) V,VyVwIP(" W) A Ply, w) ~ Q(.,y.J(., y, w»J

and

Example 9.8: There are many familiar examples of Skolemization in the constru~tion
of axiom systems for standard mathematical structures such as groups or negs-
In these situations, axioms of the form Vx3yrp(x,y) can be replaced by ~pen
formulas of the form <p(z,f(x)) by introducing the appropriate Skolem functiOns.

As a particular example let us reconsider the structure of Example 2.9 for the
integers Z and the sentence 'tIx3yA(x,y,O) which says that every integer has
an additive inverse. The Skolemization of this sentence is YxA(x, f(x), 0). T~e
interpretation of f should be the unary function taking every integer z to Its
additive Inverse -x. The Skolemized sentence then simply says that, for all x,
x+(-x) =0.

Harking back to the clausal forms for predicate calculus introdUced in §5, we
now see that every set of sentences has an equisatisfiable clausal form. 1
Corollary 9.9: For any set S of sentences o{ £, then U (in the terminology 0/ §5)
. , . new
a formula, that '-9, a set T of clauses in a language I:/ gotten by add'lIg
function symbols to £, such that Sand T are equisatisfiable.

Proof: Consider the set 5' of Universal sentences Vrtp'(X) equisatisfiable with S given
by Corollary 9.6. Let T consist of the equivaJent open formulas !p'(£) gotten by
dropping the initial universal quantifiers from the elements of S. (lp and If/' ace
equivalent by Exercise 4,8 or 6.13.) If we view each atomic formula of £' as~
propositional letter and fonn the CNF ""'uivalent,.J, = 1\.1. ,of each formu
.- T' ..... 'f'1lI 'f'1lI, th one
Of" E • we get a set of formulas T" each in CNF and each equivalent to e"
ofT: ATPIlI,i = f/Jrp;: vi:=:: cp for eech cp E S. (For each V', 1/I is equivalent to set
1lI
by Theorem 4.8.) The desired set T of clauses then consists precisely of the 0 I
of all ccnjuncts from all of the formulas cp in Tit : T = {"pili •• IV' E S}.
 10 Herbrand'sTheorem 133

~
L Let 1(Jand 1/J be any formulas (with free variables) and let Qx represent
any string of quantifiers QIXIQ~X2'" QnXn- Prove that if 1(Jand 'if! are
equivalent then so are ~ 8J1d q;",. (Hint: Proceed by induction on
the length n of q;.) Thus in proving the equivalences (la)-(4b')
~
we may
assume that the formulas have free variables but the strings Qx of initial
quantifiers are empty.

2. Use the theorem on constants (Exercise 4.8) to show that we may also
assume that there are no free variables in formulas in the equivalences
(la)-(4b').
3. Now argue for the validity of each equivalence (la)-(4b') either semanti-
cally or by giving a tableau proof. (Use Exercises 1 and 2 to assume that
the Q; are empty and that there are no free variables present.)

4. Let 1(J(x, y) be an atomic formula. and ! a function symbol not appearing

in 1(J.Show that the sentence 'VXl,O(x,!(x)) - Vx3yl,O(x,y) is valid but its
converse, Vx3y1(J(x, y) _ VXIp(x, f(x)), is not.

5. Find prenex equivalents and Skolemizations for the following sentences:

(a) Vy(3xP(x, y) ~ Q(y, x)) A 3y('olxR(x, y) V Q(x,y)).

(b) 3xR(x,y) _ VyP(x,y).
(0) Vx3yQ(x, y) V 3xVyP(x, y) A ~3x3yP(x,y).
(d) ~('oIx3yP(x, y) ~ 3x3yR(x, y)) A Vx~3yQ(" y).

o Herbrand's Theorem
The introduction of Skolem functions and the reduction of any set of sentences
~ universal ones gives us a more concrete approach to the dichotomy of unset-
lSfiability and model building implicit in the completeness theorem ~r tab~eau
proofs. Consider any set S of universal sentences in a language £, WIth venous
Skolem functions already included. We also assume that £, contains at least one
conetam c. We claim that either S is inconsistent [l.e., unsatisfiable) or there
IS a model A of S whose elements are simply the ground terms of the language
t.. A1i all such terms must be interpreted in any structure for £', this is in some
sense a minimal structure for £.
~ftn·.
ItlOU 10.1: The set of ground (Le., variable-free) terms of a langu.age £, is ~l~
the HeTbrand unitJef'$e of l,. A structure .A for £, is an Herbrand structun! If Its
134 tt. Predicate Logic

universe A Is the Herbrand universe of L; and, for every function symbol f of r.

and elements tl •.·.•tn of A,

r"(tiJ"" t,.,.) = J(tl>"" tn).

(We Include here the requirement that c4 = c for each constant symbol c of .q
The Herbrand universe is reminiscent of the structure produced in the proof of
the completeness theorem (Theorem 7.3). As we shall see, they are intimately
related. Note also that no restrictions are placed on the interpretations of the
predicates of L; so there can be many Herbrand structures for a given language
£.

Definition 10.2: If S is a set of sentences of L, then an Herbrand model M of S is

an Herbrand structure for i which is a model of S, i.e., every sentence of S is
true in M.

Example 10.3: If our language C contains the constants a and c. a unary function
symbol J and a binary one g and predicates P, Q, R, then the Herbrand universe
Hfor£is

{a, e, f(a), fIe), ,(a, c), f f(a), f fIe), f(g(a, e)l, g(a, f(a)), g(a, f(e)),
... g(a,g(a, e)), ... ,g(f(a), f(e)), ... ,f f f(a), ... ).

We claim not only that there is an Herbrand model for any consistent set of uni·
versal sentences (or open formulas) S but also that, if S is inconsistent, then its
unsatisfiability is demonstrable at the truth-functional level via ground instanCES
of the formulas (that is, instances of substitutions of terms from the Herbrand
structure for the universally quantified (free) variables in S).

Theorem 10.4 (Herbrand's theorem): Let S = (\O.(X1, ... ,xn,)} be a set oj opeTl
JonnuJ4! oj a language l. Either

(i) S has an Herorund model or

(ii) S is unsawfiable and, in particular, there are finitely many ground ill-
st4nces of elements of S w/u)se conjunction is unsatisfiable.

The latter case, (il), is equivalent to

(if) ;:ere are !i'!dely. ma.ny ~und instances oj the negations oj formulas :
~se disJlmction 15 valid. (As we may view these ground tnstances
~ilt J:otn
propositional ktters, the disjunction being valid is equivalent to
114 being a truth-functional tautolDgy.)
 10 Herbrand's Theorem 135

Proof: Let 5' consist of aU ground instances from £, of formulas from 5. Consider the
CST from 5' (in the language £, alone, t.e., with no additional constant symbols
added on) starting with F(o: A -.o:} for any sentence 0:. There are two possible
outcomes. First, there might be a (possibly infinite) noncontradictory path in
the tableau. In this case, the proof of Theorem 7.3 supplies us with a model A
of 5' whose elements are the ground terms of £., l.e., an Herbrand model for S'.
By definition of 5' and of tableau proofs from 5', lp(tlt··., t..} is true in A for
every cp E 5 and every tl,"" t.. in the Herbrand universe. Thus the structure
A defined on the Herbrand universe by the path is a model for S.
The other possibility is that the tableau is finite and contradictory. In this case,
the tableau is, by definition, a proof of the unsatisfiability of the set of elements
of 5' appearing in the tableau and so we have the unsatisfiable conjunction
required in (ii). Moreover, S cannot be satisfiable: A model for S is one in
which r,oi{XlJ _.• ,x ..;} is valid, l.e., true for every instance of the free variables
Xl,. _. ,X"" for every lpi E S. Any example of (il), however, directly exhibits a
set of such instances that cannot be simultaneously satisfied in any model.
Finally, by Theorem 4.8 we may manipulate the variable-free formulas as propo-
sitional letters. The unsatisfiability of the conjunction as required in (ii) is then
equivalent by propositional rules to the disjunction of their negations being valid
or a. tautology. Thus, (ii) and (ii') are equivalent. 0

Note that if S is unsatisfiable (and so (i) fails), then (ii) directly exhibits the
unsatisfia.bility of S. Thus we have a method for producing either an Herbrand
model for 5 or a particular finite counterexample to the existence of any model
of 5.
We can now give some variations on Herbrand's theorem that are particularly
useful in our study of resolution theorem proving and PROLOG. We can also
phrase our results positively to give a direct reduction of provability or validity
In predicate logic to provability or validity in propositional logic. We begin with
the special case of an existential formula.

Corollary 10.5: If ",(X) '" a quantifier-free formul4 in a language £. with at least

~YUl CDn3tant symbol, then 3i",(X) is valid if and only if iMre are ground tern13
to of t. such that ",{ti) V ... V lp{t:) is a tautology-

Pl'()()f: First, note that 3Xlp{X) is valid ~ Ir/x......qJ(X) is unsatisfiable -# ...,,,,(X) is

unsatisfieble. By Theorem 10.4 (ii), """"(X) is unsat~able iff there are finitely
many ground terms t-; of t. such that lp(ti) V .,. V ",(t..) is a tautology. 0

Translating these results into the terminology of clauses of §5, we have what will
be the key to resolution theorem proving in the predicate calculus.
Theorem 10.6: A set S of clauses is umatisfiable if and only if the set S' of all
ground instances from the Herbrnnd universe of the clauses in S is unsatisfiable.
136 11. Pftdieate Logic

Proof: If some set of instances of elements of S (instantiated with terms from the Her-
brand universe) is unsatWiable, then 5, which asserts the validity of its member
clauses, is surely unsatisfiable. In the other direction, if 5 is unsetlsfiable, then,
by Herbrand's theorem [il], there is, in fact, a finite set of instances of cleuse
of 5 that is unsatisfiable. 0

The restriction in our version of Herbrand's theorem that S contain only univer-
sal formulas (or equivalently that we consider only sets of clauses) is necessary
as can be seen from the example in Exercise 1. On the other hand, further re-
stricting S to consist of only program clauses allows us to establish the existence
of minimal and Indeed least Herbrand models. (See Exercise 3.) Moreover, in the
case of a deduction from a set of program clauses, which is the case of interest
for PROLOG, we can eliminate the disjunction in the analog of Corollary 10.5 in
favor of a single valid instance. That is, if P is a set of program clauses and 8(i)
is an atomic formula, then P Fe 3:f8(i) # there are Herhrand terms f such that
p" e(fj (Ex,,,,,,, 5).
Finally, although it is not directly relevant to resolution theorem proving, we can
use Skolemization to get a generalization of Corollary 10.5 to arbitrary sentences.
This result provides a propositional equivalent for validity in predicate logic.

Theorem 10.7: Let rp be a sentence in prena normal/orm in a language E, t/J a prena

equill4lent 0/ .....
rp and 9(i) an ope1l Skolemization 0/ 1/J in the language £.' a.l
in Theorem 9·4· (Note that the fret variable" in ¢ are precisely the exi.ftenti~ly
quantified ones of rp.) Then'P is valid if and only if there are terms ft,.·· ,tn' 11
(J/ C' sw;h that -.8(ti) V ... V .....6(fn) U a tautolCJ9Y.

Proof: By Corollary 10.5, it suffices to prove that !{) is valid if and only if 3X...,8(i} is
valid. Now Ip is valid iff .....rp is not satisfiable. On the other hand, Theorem 9.4
says that --.y; is satisfiable if and only if 9(i) is satisfiable. Thus, !{) is valid iff 6(il
is not satisfiable. Finally, note that 6(i) (or, equivalently V:EO) is not satisfiable
iff 3X.....8(i) is valid. t 0

Exercises

1. Let C. consist of the constant c and the unary predicate R.

(a) What is the Herbrand universe for l ?

(b) What are the possible Herbrand structures for £. ?
(c) Let S = {R(c),3x..,R(x)}. Note that S does not consist solelY of
universal formulas and so is not in clausal form Show that while S is
satisfiable, it has no Herbrand model. .

2. Let C. consist of the constant c, the function f and the unary predicate R.
 11 Unification 137

(a) What is the Herbrand universe for 1:.1

(b) Describe infinitely many possible Herbrend structures for L.

3. Prove that every set P of program clauses has a minimal (indeed least)
Herbrand model. (Hint: Prove that the intersection of all Herbrand models
for P is itself an Herbrand model for P.)
4. Let Mp be the minimal Herbrand model for a set P of program clauses in
a language 1:.. Prove that for each atomic sentence lp of L, Mp F lp iff lp is
a logical consequence of P.
5. Let P be a set of program clauses and G = --.9(£) be a goal clause. Prove
that, if P F 3X6(£) (or equivalently, P U {G} is unsatisfiable), then there
are Herbrand terms f such that P F 6(t). (Hint: If P F 3i6(X), look at the
minimal model Mp and apply Exercise 4.)
6 Let L be a language with no function symbols. Describe a procedure that,
given any secteoce e of the form '<Ix I ..• '1x .. 31/1 .. , 311mlp, with lp quantifier
free, decides if 1/J is valid. These sentences are called the 'v'3-sentenees of
the language 1:.. ( Hint: First use Exercise 6.13 to reduce the validity of 1/J
to that of 3yl ... 3ymV'(Cl'''' ,Cn,lI1t.··, Ym) for new constants Cl,···' en·
Then apply Corollary 10.5.)

Unification
We saw in Theorem 9.4 that, for fN8ry formula lp of predicate logic, there is
another one 1/J which is open, in conjunctive normal form and equisatisfiable with
'P. Thus if we are interested in the satisfiability of (sets of) formulas in predicate
logic, it suffices to consider open formulas in clausal form. The only difference
~m the propositional case is that literals are now atomic formulas (possiblY
WIth free variables and the added Skolem function symbols) rather than simply
propositional letters. Of course, a clause with free variables is understood to
be eqUivalent to its universal closure. From the viewpoint of resolution theorem
proving, the only difference between predicate and propositional logic in deducing
o from S is the problem of how to instantiate the free variables {l.e., make
substitutions) in the available clauses so that we may then apply the reduction
rule.
Of course. we could, as in the tableau proof of Herbrand's theorem, simply list
all ground term substitutions in the Herbrand structure and start running our
resolution machine with all of them as inputs. Needless to say, this is not an
efficient procedure. We need a better guide.
For example, if we have two clauses Cl = {P(!(%),y), -Q(a.b.x)} and C'l =
{"'P(f(g(c»,g(d)} we should be able to resolve Cl and C2 by directly substi*
 tutlng g(c) (or:r and g(d) for y to get {~(a,b,g(c»)}. (Remember that C, is
equivalent to its universal closure 't/z'r/1J(P(f(z),y) v ...,q(a, b,z» from which we
can deduce any substitution lnstance.) The general approach to the problem of
which substitutions to make when doing resolution proofs is called unifiro!ion
(or matching). We describe it before giving the resolution algorithm for predicate
calculus. First, we need some notation for substitutions.

De8nltion 11.1: A .tub.ditution 9 is a finite set ofthe form {Xl/tt.X'J/t'J' ... ,xn/t ..}
where the X; are distinct variables and each t; is a term other than x;. If the
t, are all ground terms, we call 8 a ground substitution. If the t; are distinct
variables, we call 8 a f1!:naming substitution.

As we are concerned with substitutions in clauses, we must define the action of

8 on a clause C. In order to define the composition (successive application) of
different substitutions, it is convenient to define the action of a. substitution e
on terms as well.

Definition 11.2: An e%pTeS.!ion is any term or literal. Given a substitution 8 and

an expression E (or a set of expressions S) we write E8 (86) for the result of
replacing each occurrence of X; in E (in every element of S), by ti for every i ~n.
If the resulting expression E8 (set of expressions 88) is ground, i.e., variable-free,
then the substitution is called a ground inlltance of E (8).

Note: The substitution 8 is written as a set of elements of the form x;/t;

rather than as a sequence of such terms because the intended substitutions of
ti for each Xi are performed simultaneously rather than successively. Thus, in
E{Zl/tl>X'J/t'J}, any occurrences of x,
in tl will be unaffected by the substitution
of t'J for X'J'

Example 11.3:

(i) Lot S= {J(X,9(Y)), P(a,x), Q(y",b), "P(y,x)), 9= {xlh(a), YIg(b)"jc}.

Then S9={!(h(a),9(9(b))),P(a, h(a)), Q(9(b), c,b), "P(9(b), h(a))). H'"
8 IS a ground substitution and 89 is a ground instance of S.

(ti) Lot She" in (i) and let a = {xlh(Y),YI9(')"lc}. Then

Sa = {J(h(Y),9(9(,))),P(a,h(Y)),Q(9(')'C, b). "P(9('), h(Y»))'

6Q
Composition is. a ~atural operation on substitutions, i.e., we want to define.
to be the substltuticn that when applied to any expression E to get E(80') gl\o~
the same result as applying a to E9, i.e., (E8)a-.

Example 11.4: Let E = P(x,1J, W, u) and consider the two substitutions 8:= {x/I(')'
yI9('), wlv} and a = {xla,Ylb,'1 f(y), vlw,.lc}. Then EO = P(!(y),g(')' "~,I
 11 Unification 139

and (E8)u = P{f(b), g(1(y», w.c). What then should 8u be? Well. x is replaced
first by fey). We then replace 11 by b. The result is x/feb). y is replaced by g(z)
and then z by ley) and so we get y/g([(y)). w gets replaced by v which is in
turn replaced by tv. The result might be written w/w but this is omitted from
the description as it causes no changes. The substitution x/a in o also h-s no
bearing on the final outcome since there are no e'e left after applying 6. The
final substitution in u, ute,
however, acts unimpeded as there is no substitution
Ior a mad, by O. Thus eo ~
I_I f(b), Y/9(1(y», ale, '/ flY), vlw).
Guided by this example we can write out the formal definition of composition of
substitutions.

>eflnition 11.5:

(i) If 6 = {xt!t), ...• x"./t",} and a = {yl/Sl .... ,ym/Sm}. then Ou is the
substitution {Xdtla, ...• x"Jt"a, lidsit' .. ,11m/Sm} with any Xi/ti(J for
which Xi = t.u and any l/;/Sj for which l/j E {Xl,'" ,x,,} removed.

(ii) The empty substitution f (which does nothing to any expression) is an

identity for this operation. t.e .• Bf =- f8 = 8 for every substitution 6.

We now check that we have defined composition correctly and that it is associa·
tive.

Proposition 11.6: For any upression E and nbstitutioDS 8.!./J and a:

(i) (EO)u = E(Ou) and

(ii) (¢/J)u ~ "'(Ou).

n
Proof: Let 0 and o be as in the definitionaf composition and let 1/J={zl/rl"'" Zk/ }.
As the result of a substitution consists simply of replacing each variable in an
expression by some term. it suffices to consider the case in which E is a variable,
say v, in (i) and the result of applying (,,8)a and ,,(Ou) to tJ in (il).

(i) We divide the argument into two cesee-

Case 1: 11'" {XIt ... , Xn}. In this case 118=- t/ and (uB)(J = t/u. If 11 ¢ {yI •. ··' 11m}.
then 110' = 11 = 11(80') as 11f. {Xt, .... :t".l11> ... 'l/m} and SO no substitution is
made. If, on the other band, 11 =- l/j for some j :S n, then l/j '" {Xl.··· ,z,,}.
(v9)a = l1U = 8j =- 11(8(J).
Case 2: v = Xi for some i 5 n. In this case v8 = ti and (119)".= t;". but this is
exactly 11(8a) by definition.
 140 II. Predicate Logic

(li) The result follows from several eppncencne of [i]:

,«(... ).) (,(""n·

= (, ..).).
(v")(")
= v("(").)

Thus, we may omit parentheses when composing sequences of compositions. T.M

composition operation on substitutions is, however, not commutative. (ExerClSll
3 asks for a counterexemple.)
Our interest in substitutions, we recall, is to make certain elements of different
clauses identical so that we may apply the resolution rule. The process of making &
substitutions that identify expressions is called unification.

Definition 11.7: If 5 = {EI, ••. , E.,} is a set of expressions, we say a substitution 9

is a unifier for 5 if EI9 = E-J9 = ... = E.,8, i.e., 59 is a singleton. S is said to
be unifiable if it has a unifier.

Example 11.8: (i) Neither {P(x,a),P(b,c)} nor {P(f(x), z), P(a,w)} is unifiable.
(Exercise 2).
(;;) S, = {P(z,,), P(b,,)) end S, = {P(f(z),y),P(f(a),w)) are. however,
both unifiable. The first can be unified by {x/b} and only by this substitution.
The situation for 52 is a bit different. 9 = {x/a,Ylw} unifies 52 but so do
a = {x/a, II/a, w/a} and t/J = {x/a, y/b,w/b} as well as many others. Here 8
has a certain advantage over the other substitutions in that it allows more scope
for future substitutions. If we first applied 9 to unify S'J we could then unify
the resulting set with the expression P(f(a), c) by applying {w/c}. Had we used
either of o or T/J, however, we would be stuck. On the other hand, we can always
go from (J to o or '" by applying the substitution {m/a} or {w/b}, respectively.
We capture this property of 8 in the following definition.

Definition 11.9: A unifier 8 for 5 is a most genern.lunijier (mgu) for S if, for ever)' 12
unifier a for S, there is a substitution>. such that 9>' = <7.

Up to renaming variables there is only one result of applying an mgu:

Theorem 11.10: If 8 and T/J ere both mgu'" for S, then there are renaming ,,~titu-
troM a and>' {i.e., one.! that con.riJt 5Qlely of replaul'ltent.! of distinct 1J4nab/e3
by other distinct variables) such that S9(j = 5,p and 58 = S,p>..

Proof: By the definition of an mgu there are a and >. such that S8<7 = St/J and 5T/J). ~
S9. Clearly, we may assume that o and >. make substitutions only for variables
occurring in 58 and 51jJ, respectively. (They consist of the single terms EO and
 12 The Unification Algorithm 141

E'iJ, respectively, as 9 and T/J both unify S.) Suppose o makes some substitution
t;lt; where t; is not a variable or a constant. In this case the complexity [e.g.,
length) or the expression E9q in S9q = {E9q} must be strictly larger than that
of Ee in S9. As DO substitutions of terms for variables [e.g .• >') can decrease the
length of an expression we could not then have ST/J>" = 89(1)'' = 89 as required.
If there were in a a substitution x.le, for some constant c, then no further
substitution (e.g., >") could return the resulting instances of c in an expression
EOa in S8(1 back to instances of the variable x, in E8 E 89. Thus. once again,
we could not have S8(1 >. = Sf} for any>.. We now know that a can contain only
substitutions of one variable by another. If o identified distinct variables by such
a substitution, then>' could not distinguish them again. Thus (1 (and similarly
A) is simply a renaming substitution. 0

1. Find substitutions that unify the following sets of expressions:

(a) {P(x, fly), a), P(.(a),f(w), u),P(v, feb), ell

(b) {Q(h(x, y), w), Q(h(g( c], a), f(v», Q(h(g( v), a), f(b))}.

2. Explain why neither expression in Example 8 (i) is unifiable.

3. Show that composition of substitutions is not commutative. that is. find

two substitutions o and >. such that (1)''1- >.U.
4. We say that expressions E and F are variants (or E is a variant of F) if
there are substitutions (J and T/J such that Ef} = F and FT/J = E. Recall
that a renaming substitution is one of the form {Xt!Yl.··· .Xn!Yn} where
:tt •...• :t are distinct variables in E and the Yt.· ..• Yn are distinct vari-
n
ables in E such that Y' #= Xi for any i ::::; n. Prove that if E and F are
variants. then there is a renaming substitution (1 for E such that Ba = F.

The Unification Algorithm

In this section we give an effective procedure for finding an mgu for a finite set of
expressions S. We start with two examples. SI = {/(x.g(x).!(h(lI),g(h(Z)))}
1
and. 82 = {/(h(x).9(X»,!(g(.:t),h(X»}. We begin our search for. m~'s for 8
and 52 by noting that in each case the termS to be unified beglD With f· Of
COUrse, if they each began with different function or predicate symbols there
WOuldbe no hope as unification only replaces wriables. The next step must be
to check the first and second place arguments of f In the termS of 81 (8::). If
we can unify them both by a single substitution, then we can unify 51 (52)' For
142 II. Pr«llcate Lop:

S" we get Tt = {s, h(y)} and T, :::::{g(x}, g(h(z)}}, respectively. In order to E

unify T in the moet general way, we should substitute h(y} for z , As we must
l
do the substitution throughout the expressions being unified, the second piau
arguments in T, become g(h(y)} and g(h(z». These first differ at 1/. We can DOW
unify them by applying {ylz}. Again this must be applied to the entire expressice
and we get f(h(z}, g(h(z))) and f(h(z), g(h(z))) as required for unification. TbU!
the composition {x/h(y)}{y/z} = {x/h(z)} is our desired unifier. For 5, the
process halts when we try to unify the arguments of f. Here the first difference
occurs in the set of first arguments where we get {h(x),g(x)}. As these terms
differ at the function symbol rather than at a variable there is no hope of unifying
them and so S, is not unifiable.
The general procedure for unification is to move along each of the expressions iD
the given set to the first position of disagreement. If, in anyone of the expressions,
it is not a variable, the set is not unifiable. If it does not contain a variable in
one of the expressions, we can replace it by one of the terms in the corresponding
position at another expression. As long as the variable being replaced does not
occur in the term replacing it, this substitution makes some progress towards
unification. We can now try to repeat the process in the hope of eventually
unifying the set of expressions. We now formalize this process.

Definition 12.1: Let S be a finite nonempty set of expressions. To define the disagn'l'
rrn:nt.,-et S find the first (l.e., leftmost) position at which not all elements E
of
of 5 have the same symbol. The set of subexpressions of each E E S that begin
at this position is the disagreement set D(S) of S. (In terms of formation tr~,
we find the lexicographically least node of the formation trees associated vntb
each expression such that not all the labels of these nodes begin with the same
symbol. D(S) is then the set of labels of these nodee.)

Note that any unifier l/J of S must necessarily unify D(S).

Example 12.2, Fer the sets of expressions 8, ~ {!(x,g(x)).!(h(y),g(h(')))).,d
8, = {f(h(x), g(x)),f(g(x),h(x))} considered above, the disagreement sets
lire D(S,) =
{x.h(y)) and D(S,) ~ {h(x),g(x)}. For T, = 8,{x/h(y)) >
(j(h(y).g(h(y))), f(h(Y),9(h(,)))} the disagreement se t Is {y,,}.
ll1
12.3 The Unification Algorithm for S: Let 5 be a set of expressions. We atte pt
to unify it as follows:
Step o. Set So "" 5, 0"0 ""~.
Step k + L If SSt is a singleton, terminate the algorithm with the announcement
that 0'00'10', •.• 00St is an mgu for 5. Otherwise see if there is a variable t' and
a te~ t DO.tcontaining u both of which are 'in D(S.). If not, terminate ~
~gonthm with the announcement that 5 has no mgu. (Note that, in this ~,.lt
IS at least dear that S/<is not unifiable.) If so, let t1 and t be the least such par (Ill
anY fixed :rdering of terms], (Indeed, we could nondeterministically ~~)
Set hO't an _ 11 as will become clear from the proof that the algorithm sUCCt"""'·
It+l - {vlt} and 81tH =- 5"0'.\:+1 and go on to step It + 2.

....
 12 The Unifice.tionAlgorithm 143

xample 12.4: Consider the set of expressions

S = (P(J(y,g(z)), h(b)), P(J(h(w),g(a)), t), P(J(h(b),g(z)), y)).

Step L S = Sf. = S0(10 is not a singleton. D(80) = {y,h(w),h(b)}. Depending

on the ordering of terms, there are two possibilities for O"t: {y/h(w)} and
{1Ilh(b)}. It is better to choose the second (see Step 2) but suppose we
are not so clever and blindly set (11 = {y/h(w)}. We then get 81 = 50(11
which is
(P(J(h(w),g(z)), h(b», P(J(h(w),g(a)), t), P(J(h(b),g(z)), h(w»}.

Stop 2. D(S,) ~ {w,b},a, ~ {wjb} [so we get to (yjh(b)) alter 011).Then S,"
(P(f(h(b), g(z», h(b)), P(J(h(b), g(a», t), P(J(h(b), g(z», h(b))}.

Step 3. D(S:;l) = {z,o.}, (13 = {z/o.}. Then 53 is

(P(f(h(b), g(a)), h(b)), P(J(h(b),g(a)), t), P(f(h(b), g(a)),h(b))}.

Stop 4. D(S,) ~ (h(b),t},a. = (tjh(b)). Then S. Is

{P(J(h(b), g(a)), h(b)), P(J(h(b), g(a», h(b)), P(f(h(b), g(a», h(b»}

Step 5. 54 is a singleton and the mgu for 5 is

{yjh(w)}{wjb}{zja}{tjh(b)) = {yjh(b),wjb,zja,tjh(b)j.
1
I'heorem 12.5: For any 8, the unification algorithm tenninate.s at some step k+ with
Q correct solution, ce., either S is not unifiable Q,$ announced or '" = (10dl'" m.
is in fact an mguJor S. Moreover, T/J ha.! the special property thatJor any unifier
9 oj S, 9 ~ ;'9.
Proof: First of all, the algorithm always terminates as each nonterminal step eliminates
all occurrences of one of the finitely many variables in 8. It is obvious that if the
algorithm terminates with an announcement that there is no unifier, then S is not
unifiable. On the other hand, if the algorithm terminates with the announcement
that fjI = (10'" (1n is an mgu for S, then it is at least clear that'" is a unifier
for S. Suppose then that 8 is any unifier for S. We must show that 8 -= ,p8. We
prove by induction that, for every i, 8 = oc-, (1i8.
For i -= 0, the claim clearly holds. Suppose we have 9 -= (10(11" .l1i6 and (1i+l-=
{v/t}. It suffices to show that the substitutions l1i+1B and 6 are equal. We show
that their actions on each variable are the same. Fcr s '" v, Xl1H1B is clearly the
same as z8. For v itself Wi+18 -= t6. A5 8 unifies 5(10··' (1, and v and t belong
to D(8l1o" . (1i), 8 must unify v and t as well. Le., to -= vB as required. 0
:rhetheunification algorithm given here simple but inefficient. As presented, it
is
IS search for a v and t with u not occurring that can take excessive
in t
amounts of time. The problem is that we may have to check each pair of items
in the disagreement set rather than simply taking the first variable and term
that we come across. As an example, consider the problem of unifying S -=
{P(Xl, ... ,x ..), P(f(xo,xo),.··' !(x .._1>X..-l))}:
144 n. Predicate Logic

D(S,) = {x,.!I"''')); a, = {xolf(x"x,)); 13

51 "" {P(/(xo,XO),X2, ... ,Xn),P(J(xo,xo),
/(/(xo, xo), /(xo, xo)), 1(X2, X2), ... ,1(X,,-I, X.._I))}·
D(Sd "" (x,,/(/(xo, ec), /(xo,xo))}; (1, = {X2/ /(/(xo, xo), 1(xo, xo))};
etc.

Note that before announcing (11 we had to check that Xl was not either of the
twO occurrences of variables in /(xo,xo). For 0'2 there were four occurrences to
chock. In general D(SHtl will have twice 11.5 many occurrences of variables lIS
D(S.) and so the "occurs check" takes exponential time.
More efficient (even linear time) procedures for unification are now available
(Martelli and Montannari [1982, 5.4]). Unfortunately, all current PROLOG imple-
mentations simply omit the -cccurs check". They simply take the first variable
x in D(S..) and substitute for it the first term t other than x in D(Sk) in the
expressions contributing x to D(Sk)' Thus, the implementations believe that
S = [z, [(x)} is unifiable. (They cannot actually carry out the substitution.
They would try to replace x by [(x) and then return to x which would again
be replaced by [(x) and so on Iorever.) Needless to say, this type of unification
destroys the soundness of the resolution method. Some protections against such
incorrect deductions can be put into programs. We discuss one in 1II.2 after we
have more fully described the actual deduction procedure of PROLOG. Unfortu·
nately, almost nothing the programmer can do can fully compensate for omitting
the occurs check. We do, however, prove (Corollary 11.8.7) that certain programs
sufficient to calculate all effective functions do in fact run correctly even without
the occurs check.

Exercises
1. Apply the unification algorithm to each of the following sets to find an
mgu or show that none exists.

(a) {P(x,y), P(y,fl'))}

(b) {Pta, y.f(y)), PI'", u)}
[c] {P(x,glx»),P(.,y)}
(d) {Plx,g(x),y),P(" u,g(a)), P(a,g(a), v)}
(e) {P{g(x), y), Ply, y), Ply, flu))}.

2. Apply the unification algorithm to each of the following sets to find rngu's
or show that they are not unifiable.

(a) {Plh(y),a, z], P(hf(w),a, w), Plhf(a),a, u)}

(b) (P{h(y),a, a}, Plhflw), a, w), P(hfla),a, b)}.
 13 Resolution 145

Resolution
We DOW describe how to combine unification with the resolution method for
propositional logic to give a proof scheme for full predicate logic. As before,
we consider formulas in clausal form. Remember. however, that literals are now
atomic formulas or their negations with free variables allowed. The results of
S9and §10 show that, as long as we are willing to add function symbols to our
language, every sentence has an equisatisfiab\e version in clausal form. Note that
all the variablesin a sentence S are local. that is, each clause is understood as its
universal closure. S is then the conjunction of the universally quantified clauses.
Thus, there are no connections between the variables of distinct clauses. To
reflect this syntactically, we generally rename variables when using two clauses
together so that they have no variables in common. (This procedure is called
standardizing the variables apart.)
A1> in the propositional case, clauses with at most. one positive literal are called
Horn clauses. The rest of the terminology from Definition 1.10.4 (or 11.5.1) de--
scribing progrom etcwes, rules, facts and goals, is also carried over intact from
the propositional case. Thus, for example, 80 (PROLOG) program is a formula that
contains only program clauses, that is, ones with exactly one positive literal. We
continue to use PROWG notation.
Zwnple 13.1: Consider the following list of clauses: (1)
parent (X,Y):- mother (X,y). (2)
parent (X,Y):- father (X,Y). (3)
daughter (X,Y);- mother (Y,x), female (X). (4)
son (X,V);- mother (V,X), male (X). (5)
child (X,Y)o- son (X,Y). (6)
child (X,Y);- dBughter (X,V). (1)
daughter (X,V);- father (V,x), female(X). (8)
son (X,Y):- father (Y,X), male (X). (9)
male (jim). (10)
male (tim). (11)
female(jane) . (12)
female (pam). (13)
father (jim, tim). (14)
{ather (jim, pam). (15)
mother (jane, tim). (16)
mother (jane, pam).
These clauses are the PROLOG versions of
{{parent(:r:,y), ....,mother(.:r:,y)},
{parent(:I:, y), ....,father(:r:,y)}.

{mother(jane, pam)} }.
 146 II. Predkate Logic

Which are in turn the clausal forms of

\fx\fy[mother(x, y) parent(x, y)] A

Itxlty[father(x,y) parent(x,y)]/\
... /\
... 1\

... 11
mother(jane, pam).

De8nition 13.2: Suppose that we can rename the variables of C..! and C2}O that ~ey
have _no variabl~ in comm~n and ar~ of the form q ~{Ptt. -.::' P:n} ~~h.},
{",PsI.. '" ....,Psrn}, respectively. If (TiS an mgu for {Ptl> ... , Ptn, PSI,.' , chiiJ
then q tr U qu is a resolvent of C1 and C2_ (qo U C~17is also called the
of the parents CI and C2.)

Resolution proofs of C from S and resolution refutations of S. both

and tree form are now defined as in thepropositional case (Definitions 1.8.4
i? lin:;
1.8.6) except that we use the version of the resolution rule given above and al~
the premises inserted from S, or equivalently the leaves of the tree proof, to
Co for any renaming substitution o and any C E S. Similarly, we define 1l(S)
as the closure under resolution of the set of all renamings of elements of S.
Two points should be noted in this definition of resolvent. The first is that the re-
naming of variables is necessary. For example the sentence {{P(x)},{ ....,P(f{Z~~}
is (unsatisfiable and) resolution refutable bu~ the clauses cannot be unified WI h-
out ren~ the variables. The second point is that we cann~t. assume .in ~;
above definitIOn that n or m are equal to 1 as we did in propceluonel Iogtc-
must be able to eliminate several literals at once. (This aspect of the procedure
~ often ~alled factoring.) For example, S = {{P(X).P(y)},{....,P(x),....,P(U~{
IS (unsatlSJl:able and) resolution refutable but no resolution proof from S
eliminates only one literal at a time can produce O.
Example 13.3:

(i) We can resolve

c, ~ {Q(.), ~R(y), P(', s), PU(.), f(.))}

and

to get

c, ~ {QU(a)), "R(f(a)), "N(u), "R(a)).

To do ,hj, we un;fy {P(" y), PU(.), f(.)), PU(a), f(a)), PU(",), f(Ull~
VI~ t~ mgu {xl ~(a),yl f(a), zla,wla} and perform the appropriate s
stltUtlOtlS and umcn on 01 and O _
2
 13 Resolution 147

(ii) From the clauses corresponding to (3) and (16) in Example 13.1 above, we
can form the resolvent {daughter(pam,jane),...,female(pam)} by the sub-
stitution {X/pam, Yfjane}.

Example 13.4:

(i) From (a) and (b) below we wish to conclude (c):

(e) VxVyV'IP(x,y) A P(y,.) _ P(x, .)1 (t,ansit;vity)

(b) VxVy[P(x,y) _ P(y,x)1 {symmetry)
(0) VxVyV.[P(x, y) A P(.,y) - P(x,.)J.

In clausal form, we wish to derive C3 from S = {Cl, C2} where

c, ~ I-rt», y), ,P(y, e), P(x, .)),

C, ~ l'P(u,v),P(v,u)),

and
c, = l'P(x,y)"P(.,y),P(x,.)).

(Note that we have standardized the clauses of S apart.)

We exhibit a resolution tree proof with the substitutions used in the reso-
lution displayed on the branches. For clarity, we also underline the literal
on which we resolve.

c, = (....P(:,J) .....P(".%).P(r.%)} ( ....P(v,v).P(t1.v)} = C,

------~ ;l'lu'z."z}
( ....P(z,v), ....P(v, %). P(-e.:)} {....P(v.t1),P(t1, un = C2
\ ;I'{.'.,uM
C2 ""( ....P(v,t1).P(v,u)) ( ....P(z.v), .. P(lI.%),P(;J,z))

{U,.,.,,'l\ ;I'
( ....P(z.lI) ....P(%,v),P(z,%)} = C3

FIGURE 35.
 II. Predicate Logic

(i1) We can show that son{tim,Jun).. follows I rom tee

h Ieuses in Example 13.!
by the following resolution proof:

(8): {~n(X, Y), ,lath,,(Y, X), 'mal«X)) {father(jim, tim)} = (13)

\
{son(tim,jim), "'maJe(tim)}
/
{mal«tim)): (10)

\/
{son(tim,jim)}.

FIGURE 36.

One can ask for the results gotten by resolution in the above examples ~
PROLOG. If one has the c1aU8e5of Example 13.1 in the database, one ent;;; the
desired result at the "1_ " prompt as "?- son(tim, jim).". One then( ~ jim)
answer yes. PROLOG interprets the question as a request to prove son tun'tered
from the database. More precisely, if positive literals OJ, O2, ••• , 0 .. a:t~n goa!
at the "7" prompt, PROLOG tri~ ~ deduce.D from the database S an(Recal~thaI
clauseG== {"'C1, •• ' ,"'C..} which 18 also written :- 01.02, •••• 0... A,.
a goal clause is one without positive literals, Le., one of th~ form :~ Ar::;.
';uch
where the Ai are positive. The reason for this terminology 18 apparent m
examples.)

If the C. are ground, then we would expect a successful deduction . ofhis' plio
0 from
SU{..,q,.", -.e..} to imply that all of the C, are Consequences of S, (T ~36
cation follows from the soundness of resolution for predicate logic, Theo~e~. are
below, With some syntactic effort it can also be viewed, in the case that tale I~:;".I
ground, lIS a consequence of the soundness of resolution for proposmulon ~- 'ables
Consider, however, the meaning of entering an atomic formula with free ": as ~
sud> es "maIe(X),lemale(Y)" at the -r- prompt, Again PROLOG takes~«YJl.
request to Prove 0 from S and the added goal clause {-,male(X),..,fe el (Xl V
Suo_ he,e nnly meens that from S we 'an conclude ,YXWI,m e(X) V
,lemale(Y)1 as the clause {'maIe(X)"lemaJe(Y)) mean, YX\lYI,m~:oLOG
,lemale(Y)]. That ts, we rond~de 3X3Y(male(X) A lemale(Y)], What dam'"
actually does IS return a substitutIOn, say X = jim, Y = Jane which on the
strates the truth of the conclusion 3X3Yfmale(X) A female(Y)j b~ S Of
infonna~ionin S - i.e. {"'maleOirn), "'Cemale(ja.ne)} is inconsistent. wl~h ~b8t
COurse, In applications it is almost always this correct answer substitution
we reaUy want, not the mere 8B8ertion that 3X3Y(male(X) 1\ female(Y)J.
DeDn;tion 13,5, Up;,. P'<>gnun and G ~ {,A" ... "An} e goal do"",,:::
~at the substitution 9 (for the variables of G ) is a correct amwer $UbJ~ rs&l
2
If (AI A A A ... A .4,.)8 is a logical consequence of P (that is, of its uJUVt!
closure),
 13 Resolution 149

Note that, by an application of Herbrand's theorem given in Exercise 10.5, if

P U {G} is unsatisfiable, then there is a correct answer substitution which is a
ground substitution. That one can always find such a substitution via resolution
is essentially a statement of the completeness theorem. We will return to the issue
of completeness of resolution after proving its soundness. We discuss general
resolution methods in this and the next sections and leave the specific search
procedures used in PROLOG to Chapter III.

Theorem 13.6 (Soundness of resolution): If 0 E 'R.(S), then S is ufUati!Jjiable.

Proof: Suppose, for the sake of a contradiction, that A F S. Let the notation for a
resolution be as in Definition 13.2. It suffices to show that if A F C1> C2 and C
is a resolvent of 01> O2 then A F 0, l.e., A F CT for every ground substitution
T. (If so, we could show by induction that A 1= C for every 0 E 'R.(S). As 1<.(8)
contains 0, we would have the desired contradiction.) The only point to notice
here is that if A F Oit then A F Cin; for any t7i as the 0; are open. For every
ground instantiation". of the variables of C :;:Cia U C~uwe can argue as in
the propositional case. (See Lemma 1.8.12 and Theorem 1.8.11.) As, for each
ground instantiation"., either Ci/1". or C~t7".is true in A (depending on whether
the literal resolved on is true in A or not and in which of the C;". it appears
positively), then so is their union C".. 0
We now want to prove the completeness of the resolution method for predicate
logic by reducing it to the case of propositional logic. We begin with two lemmas.
The first (Lemma 13.7) relates single resolutions in propositional and predicate
lcgte. The second (Lemma 13.8) extends the correspondence to resolution proofs.
This lemma (which is often called the lifting lemma as it "lifts" proofs in propo-
sitionallogic to ones in predicate logic) is quite useful in the analysis of restricted
versions of resolution in §14 and Hl.I. The special case of proofs of 0 is especially
useful and is singled out as Corollary 13.9.

Lemma 13.7: If Ci and q are ground instancu (trio. the substitutions 81 and 82)
of C1 and C2, respectively, and 0 is a resolvent of and c: c~,
then there is a
resolvent C of Ct and C2 .wch that C' is a ground in.!tarn:e of C (via 8182 if
C1 and C2 have no variablu in common).

Proof: A1; the resolution rule allows us to rename the variables in C1 and C2 as part
of the resolution, we may as well assume that they (and so also fh and 82) have
no variables in common. As Ci "'"Ct81 and ~ "'" C282 are resolvable, say on the
ground literal P(tl, ... ,tn), there are sets of literals

and
150 II. Predicate Logic

which become unified to {P(th"" tn)} and {-.P(t" ... ,tn)} by fh and 82, re-
spectively. A8 the sets of variables in 81 and 92 are disjoint, 9192 unifies both
sets of literals Al and A2 simultaneously. Thus, by the definition of resolution
for the predicate calculus (Definition 13.2), C = ((Cl - AI) U (C2 - A2))17 is a
resolvent of Ct and C2 where a is the mgu for

given by the unification algorithm. The only point left to verify is that C' is lID
instance of C. We claim that C' = C9.92. Note that as 9192 unifies -.A1 UA2, the
special property of the mgu given by our algorithm (Theorem 12.5) guarantees
that 17919<J = 9192. Thus
c
C9192 = ((CI - Ad U (C2 - A2))l79192
= ((C1 - Ad U (C2 - A2))9t92
= (C191 - A19t} U (C292 - A292) (by disjointness of variables)
~ (C; - (P(t" ... , tn))) U (C; - {_P(t" ... , tn))) P
= C' (by definition). 0

o
T
Lemma 13.8 (Lifting lemma): Let 8 be a formula in a language £:. and let 5' be
tM .Jet of all ground instance.JI of clawes in 8 in the Herbrand universe for l. P
If T is a resolution tree proof of C' from 8', then there is a clause C of L,
a ruolution tree proof T of C from S and a substitution 9 such that T8 =' r
(i.e., T and T' are fabeling" of the same tree and Co9 = for Ci, c:
~e c;
rupective labels of each node of the common tree underlying T and T'. Thus, III
particular, C' "" C8). Moreover, if the leaves of T' are labeled R; and each R.
i.J an instance of an 5i in 5, then we may arrange it so that the corruponding
lea1Je3of T aN! labeled with f'entlmings of the appropriate 5i•

Proof: We proceed by induction on the depth of resolution tree proofs from 8'. F~r
the base case of elements 14 of 51, the lemma is immediate as each such R; IS E
a substitution instance of an element of S. Consider now a proof of C' from S'
of depth n + 1. It consists of two proofs T' and X' (of depth < n) of ground
c1a"c~C'
--= l' C'fr2 om
S' and a final resolution
'1
of C' 2and C' to get
-, C. SUPr-
-
that P(tlo"" tn) E Gi, ",P(h"" ,t'l) E q and th1at we r:SOlved on this literal
to get
C' ~ C; U C; - {P(,,, ... , 'n), _P("' ... ' tn)).
By induction, we have predicate clauses CI and C2 proof trees T1 and T2 of Cl
and OJ and su~tutions 91 and 82 such that Tj8i =' r:.
(The leaves of Ti ~ also
~abeled appropnately by induction.) At the cost perhaps of renaming vanables
In T1 and T2, we may assume that 91 and 82 have no variables in common. {As
 13 Resolution 151

the resolution rule allows for arbitrary renamings of the parents, the T; re'llain
resolution proofs. As our lemma only calls for the leaves to be labeled with some
renamings of the given clauses from S, this renaming does not alter the fact that
we have the leaves appropriately Iebeled.) We now apply Lemma 13.7 to get a
resolvent C of C1 and C2 with C' = C8182' We can now form a resolution tree
proof T from S of C by combining T1 and T2. As 81 and 82 are disjoint, 1'8182
restricted to T and T, simply gives us back T181 and T,8,. Of course, on the
1
remaining node C of T we have C818, = C'. Thus T is the required predicate
logic resolution proof from S' of C and 8182 is the substitution required in our
lemma. 0

orollary 13.9: If T' is a resolution tree proof of 0 each of whose leaves L; is labeled
with a ground instance ~ of the clause Sit then there is a relabeling T of the
underlying tree of T' that gitJe8 a resolution proof of 0 each of whose leave$ L;
is labeled with (a renaming) of Si.

roof: This is simply the special case of the theorem with C' = O. The only point to
notice is that the only clause C that can have 0 as a substitution instance is 0
itself. 0

heorem 13.10 (Completeness of Resolution): If S is unsatisfiable, then 0 E 'R.{S).

roof: Let $' be the set of all ground instances of claw>es in S in the Herbrand
universe for the language J:. of $. By one of the consequences (Theorem 10.6) of
Herbrand's theorem, S and S' are equisatisfiable. Thus if we assume that $ is
unsatisfiable, then so is 8'. By the completeness of resolution for propositional
logic (Theorem 1.8.15 or 1.8.22) we then know that 0 E R.,,(S') where we use 'R.p
to represent the resolution procedure in propositional logic. (As usual we consider
the atomic formulas as propositional letters in this situation.) The completeness
?f resolution for predicate logic [Le., 0 E 'Ro(S) if S is unsatisfiable) is now
munediate from Corollary' 13.9. 0

:xercises

1. Find resolvents for each of the following:

.) {P(z, v),Ply, z)}, {,P(u,/(u»}

b) {P(z,z), ,R(z,/(z))}, {R(z,y),Q(y, z)}
0) {P(z, V), ,P(z,zl,Q(z, !(z), z)},I-.(l(J(z),z, z), P(z, z)}.

2. Translate the following sentences into predicate logic, put them in clausal
form and prove the stated conclusion by resolution:
 II. Predicate Logic

a) Suppose all barbers shave everyone who does not shave himself. More-
over, no barber shaves anyone who shaves himself. Conclude that there
are no barbers.
b) Suppose John likes anyone who doesn't like himself. Conclude that it
is not the case that John likes no one who likes himself.

3. Suppose I believe each of the following four statements:

(i) There exists a dragon.

(ii) The dragon either sleeps in its cave or hunts in the forest.
(iii) If the dragon is hungry, it cannot sleep.
(iv) If the dragon is tired, it cannot hunt.

Translate (i)-(iv) into predicate logic. Use resolution to answer the follow-
ing questions:

(a) What does the dragon do when it is hungry?

(b) What does the dragon do when it is tired?
(Assume that if X cannot do Y then X does not do Y.)

4. (a) Express the following three statements in clausal form:

(i) Everyone admires a hero.

(ii) A failure admires everyone.
(iii) Anyone who is not a hero is a failure.

(b) Use resolution to find X and Y who admire each other.

5. Give a resolution refutation of the following set of clauses. Indicate the

literals being resolved on and the substitutions being made to do the res-
olutions:

(i) {P(a,x,!(y)), Pta, z !(h(b))), ~Q(Y,,)}

(ii) {~Q(h(b),w),H(w,a)}
(iii) {~P(a, w,f(h(b))), H(x, a)}
(iv) {Pta, u,!(h(u))), H(u,a),Q(h(b),b)}
(v) {~H(.,a)}.

6. Consider the following six sentences.

(i) All the stockholders who will have real estate partners will vote againSt
the proposal but no others.
 14 Refining Resolution: Linear Resolution 153

(ii) john and jim (and similarly mary and jane) will form real estate part-
nerships if some bank will give them a loan unless none of the lawyers
can get them the needed zoning variance.
(iii) No banker will give a loan to form a real estate partnership without a
lawyer's getting the needed zoning variances. With such an assurance
they require only a good appraisal to agree to the loan.
(iv) john and jane are stockholders.
(v) joyce is a lawyer who can get zoning approval for anyone with enough
money.
(vi) john is immensely wealthy and his and jim's land has been given a
good appraisal.

Translate these sentences into predicate logic, put them in clausal form
and use resolution to deduce that someone will vote against the proposal.
Who is it?

14 Refining Resolution: Linear Resolution

Systematic attempts at generating resolution proofs are often redundant and in-
efficient. As in the propositional case, we can impose various restrictions to make
the procedure more efficient. The analogous procedures (to those considered in
1.9) are covered in the exercises. We now wish to analyze, in the setting of full
predicate logic, the refinement dealt with in 1.10 for pmpcsitlonal Hom clauses:
linear resolution. The plan here is to try to proceed via a linear sequence of
resolutions rather than a branching tree. We carry out a sequence of resolutions
each of which (after the first) must have as one of its parents the child of the
one previously carried out.

Definition 14.1: Let C be a clause and S a formula.

(i) A linear deduction 0/ C from S is a sequence (Co, 80).···, (C .., B .. ) of

pairs of clauses such that Co and each Bi are either renaming substitutions
of elements of S or some Cj for j < i; each Ci+l, i ~ n, is a resolvent of
Cj and Bj; and C..+l = C.

(ii) C is linearly deducible from S, S r" C, if there is a linear deduction of C

from S. There is a linear ruolution n/tdation of 5 if 0 is linearly deducible
from 5. £(5) is the set of all clauses linearly deducible from 5.

We picture a linear resolution as follows:

 154 II. Predicate Logic

FIGURE 31.

The linear resolution for the following familiar example (1.10.2) is illustrated in
Figure 38.

S~ (A"A"A"A.), A, ~ (P(x),q(x)), A, ~ {p(x),~q(x)),

A, ~ {~p(x),q(x)), A. ~ {"p(x),~(x)).

{p(x), ~q(x))

.:

o
FIGURE 38 .

DeHmtIoD
• '. 14.2: In thIS context, the elements of S are frequently cal J-->'
t:U mpu t dauses.

The Ci are called center clo,tues and the B, side clauses.

C
If we extend the Pillent---child terminology by defining the ancestors of 8. clau; we
in a resolution proof of C from S to be the clauses above it in the tree proo ,
 14 Refining Resolution: Linear Resolution 155

can rephrase the definition of linear deduction by saying that each Cj is resolved
against an input clause or one of its own ancestors to produce CHI.

We want to prove that linear resolution is complete. (As it is a restriction of the

sound method of full resolution its soundness is, as usual, eutcmetlc.) For the
sake of the eventual induction argument as well as applications to the special
case of proofs in PROLOG, we actually prove a stronger result which gives us some
control over the starting point of the linear proof (Co in the above notation).

lnition 14.3: U ~ S is a set of support for S if S - U is satisfiable. We say that

a linear resolution proof (Oi, Bi), i :5 n, of C from S has support U if Co e U.

The intuition here is that we consider a formula S e UNSAT. In this case the
"cause" of the unsatisfiability has been isolated in U (which "supports" the fact
that S E UNSAT).

Wecan now state e strengthened version of the completeness theorem.

IOtem 14.4: IJ S E UNSAT and U is a set of support for S, then there is a linear
refutation oj S with support U.

OUt first step is to reduce the proof of Theorem 14.4 to the case in which every
nonempty subset of S is a set of support for 8.

lnition 14.5: 8 is minimally umatisfiable if it is unsatisfiable

but every proper
subset is satisfiable, i.e., {C} is a set of support for S for every C E S.

~ 14.6: IJ S e UNSAT, tMn there is a minimally umatisfiable 8' s;: S. Moreover,

if U i.t a IIet of S'Upportfor S, Un 8' is one for 5'.
of: By compactness some finite subset of 8 is unsatisfiable. If S' is an unsatisfiable
aubse~of S with the least possible number of clauses, 8' is certainfY a minimally
unsatisfiable subset of S. Let U be any set of support for S. If Un5 = 0, $I would
?e COntainedin the satisfiable set 8 _ U for a contradiction. Thus 5' - (5' n U)
ISa proper subset of S' and 50, by the minimaUty of 8', is satisfiable. 0

of (of Theorem 14.4): Our plan nOWis once again to reduce the p~ to the case
or Pro . 10 • bel w) As In the case of
POSit nal Iogie. (We supply a proof for this case o· . bl d has
::neral resoiution, we apply Herbrand's theorem. If S is unsat;lS;; :n':it has
s pport U, so is 8', the set of all ground instances of elements 0 ~ to show
uPport U', the set of all ground instances of elements of U. We wish I
that . . rt U' lifts to one rom
S . any hnear reeoluncn proof 1" of 0 from S' With suppo the lifting lemma.
'!'helrithliffsupPOrt U. This' IS immediate from Coronary
_~ __ 1 •
13.9 to .'
tree and so lifts linear
mg lemma preserves the shape of the retlUIutlOD th leaves of the
proofsto linear proofs. It also lifts instances Rt of c1aUSeJSo on e
156 11. Predicate Logic

tree to (renamings of) Si. Thus if the clause CO of the proof T is in V' and ill
'
is an instance of a clause C in U, then it lifts to a (renaming of) the same
clause C. 0

We now turn to the proof of the strengthened completeness theorem for linear
resolution in the propositional calculus. The proof here is more difficult than for
semantic or ordered resolution but is connected with the set of support and Joel:
resolution methods considered in the exercises for 1.9.

Prool (of the Propositional version of Theorem 14.4): By Lemma 14.6, it suffi~
to consider only those S that are minimally uDSatis6able. (Any linear resolutkm
refutation of 8' ~ S with support Uns' is one of 8 with support U by definition.)
We proceed by induction on E(8) = the excess literal number 0/ 5, that is, the
number of occurrences of literals in all clauses of 8 minus the number of clauses
in S. (Note that we need S to be finite to even define the excess literal number.)
We in fact prove by induction that, for any C E S, there is a linear refutation of
8 that begins with C, i.e. C = Co in the proof tree. At the bottom, if E(S) = -1,
DES and there is nothing to prove. Suppose now that E(8) ~ O.

Case 1. C is a unit clause, t.e., it contains exactly one Iiterall. There must be a
clause C' E 5 with L E C' as otherwise any assignment satisfying S _ C
(which is satisfiable by the minimality of 5 ) could be extended to one
satisfying S by adding on t: Note that t ~ C' for if it did, C' would be
a tautology and 5 would not be minimally unsatisfiahle contrary to.
~ur
assumption. Thus C' - {i} is in st by the definition of SL (Defimtlon
1.8.16). If C' = {I}, we are done as we can simply resolve C and C' to
get D. Su~pose then that c: = {i, ...} has more than one literal. As S,E
UNSAT, S t E UNSAT by Lemma 1.8.19. Each clause removed from S ~
forming 8 has at least one literal (i) (again by definition). Thus the!1
removal cannot increase the excess literal number. On the other hand, at
least C' loses one literal (l) in its transition to st. Thus E(SL) < E(S).
E,
We next claim that st is also minimally unsatisfiable: Suppose D E gt
but st - {D} is unsatisfie.ble. Now, by the definition of SL, DES or
D U {l} E S and in either case ilf. D. Let D' represent whichever clause
~Ion.gsto S. We know, by the minimal unsatisfiability of S, that S_ {D'}
IS satisfiable. Let A be an assignment satisfying it. As C = {t} E S _ {D'},
AFt. Consider now any F E 5t - {D} and the associated F' E S _ {~!'
As A F i and A Fe F', A F F in either case of the definition of P. (F IS
defined from F as D' was defined from D.) Thus A F st _ {D} contrarY
to our assumption.

Our induction
t hypothesis now gives us a linear resolution deduction of 0
from 5 5~gWithC'_{i}: (Q1,B1 }, .•. ,(C .., B.. ) with Co = C'-{ll
Each B. IS a member of st or is Cj for some j < i and C.., B.. resolve
 14 Refining Resolution: Linear Resolution 157

to O. We construct a new proof (Dj,Aj) in segments with the ith one

ending with D" = Ct. We begin by setting Do = {i} = C and Ao = C'. Of
course. ,they can be resolved to get D1 = Co. Now we proceed by induction.
Suppose we have Ai> j < k and D" = Ci. If B; = Cj for some j < i. we
let A" = Cj (which by induction is a previous Don) and resolve to get
D"+l = C"+I' Otherwise, Bi E st and we have two cases to consider. I(
Bi E 8 we set A" = Bt and resolve to get D,,+! = Ci+1' I( Bi fJ.. 5, then
Hi u {I} E 8. We set A" = Bi U {l} and resolve to get Dk+l = CHI u {i}.
In this case, we set A"+l = {i} and resolve to get Dk+2 = CHI and
so continue the induction. As {i} = Do, we now have a linear resolution
refutation of 5 as required.

Case 2. C = {f •... } has more than one literal. Now consider Si. As above, it
is minimally unsatis6able and has lower excess literal number than 5, We
thus have, by induction, a linear resolution deduction of 0 from SI starting
with C - {f~.If we add on t to every center clause and to any side clause
which is in S but not 5. we get aUnear proof of {f} from 5 starting with C.
Consider now 5' = S-{C}u{ {t}}. It too is unsatis6able. (Any assignment
satisfying it satisfies S.) As C bas more than one literal, E(5') < E(8).
Now as 0 ~ S', for any 5/1 ~ 5', E(5"):5 E(5/).1( we take 5" ~ 5' to be
rninimaJly unsatis6able we have, by induction, a linear resolution proof of
o from S" ~ Su {{til beginning with {t}. (Note that S' - {t} ~ S - {e}
is satisfiable by the minimal unsatisfiability of 5. Thus, any unsatisfiable
subset 8" of 5' must contain {f}.) Attaching this proof to the end of the
ODeof {f} from 5 gives the desired linear refutation of S starting with C8

Further refinements of general resolution are possible. Some of these (such as

ordered linear resolution) are considered in the exercises. Instead of pursuing the
general problem further, we turn our attention to the special case of resolution
from Horn clauses, the deduction mechanism for PROLOG.

:ercises

L Following the model in 1.9 for ordered resolution in propositional logic,

give a complete definition of an ordered resolution and an ordered resolu-
tion refutation for the predicate calculus in which you index the predicate
symbols of the language.
2. State and prove the soundness theorem for ordered resolution for predicate
logio.
3. ~tateand prove the completeness theorem for ordered resolution for peed-
icete logic.
4. Give the definitions and prove the soundness and completeness theoIems
for the predicate version of F_resolution (Exercise 1.9.4).
158 II. Predicate Logic

5. Give the definitions and prove the soundness and completeness theorems I
for the predicate version of lock resolution (Exercise 1.9.1).

F
Suggestions for FUrther Reading

To see how predicate logic got its start, read Frege [18791 in van Heijenoort [1967,
2.1J.

For more on the predicate logic versions of tableaux, axioms and rules of in.
Ierecce, resolution, natural deduction and sequents, see the references to these
topics at the end of Chapter I.

The basic development of model theory (beyond the few theorems given, he~) J
can be found in Chang and Keisler 11990, 3.41 or any of the other texts ~ l~
3.4 of the bibliography. A wide-ranging current view of much of the subject IS
given in Hodges [1993, 3.4J.

To see where Herbrand universes and unification come from, read the first few
pages of Herbrand [1930J in van Heijenoon [1967, 2.1J or Herbrand {1971. 2.31.
To see Herbrand's theorem used as a basis for the exposition oflogic, see Chang
and Lee [1973, 5,7J, Many varieties of resolution can be found there; see also
Loveland [1978, 5.7J and Bibel {1987, 5.71.

The standard text on the theory of PROLOG is Lloyd {19B7, 5.41 which also has
an extensive bibliography. Other Suggestions for reading about PROLOG can be
found at the end of Chapter Ill.
II
lROLOG

8LD-Resolution

In this chapter we consider the full PROLOG language for logic programming in
~redicate logic. Much of the basic terminology is simply the predicate logic ver-
sicn of that introduced in 1.10. We, nonetheless, restate the basic definitions in a
form suitable for resolution theorem proving in the predicate calculus. PROLOG
~mploysa refinement of linear resolution but we have made the presentation
independent of the (ratber difficult) completeness theorem for linear resolution
(:theorem 11.14.4). We do, however, assume familiarity with the definitions for
linear resolution in Definitions 11.14.1-3. Thus our proofs are based on the anal-
ysis of the propositional version of PROLOG discussed in 1.10, together with Her-
bra:nd's theorem (11.10.4) and the reduction of predicate logic to propositional
logic that it entails. At times when a knowledge of II.l4 would illuminate certain
Ideas or simplify proofs, we mark such alternate results or proofs with an *.
~I from 11.5.1 that a PROLOG program P is 8 set of program clauses, Le., ones
:-"~thprecisely one positive literal. We ask questions by entering a sequence of p0s-
Itive literals A ..... , A", at the II 1- "prompt. The PROLOGinterpreter answers
the question by convecting our entry into a goal clause G = {...,Al, .. ·,...,An}
and asking if P U {G} is UDSatisfiable. We now describe the way in which PRO-
~ discovers if P U {G} is unsatisfiable. Our starting point is the method of
linear resolution introduced in 1.10 for propositional logic and proved complete
for predicate logic in U.14. We next restrict ourselves to an input version of lin-
ear resolution. Although this is not in general a complete version of resolution
(as can be seen from the example following Definition 11.14.1), it turns out to
~ complete in the setting of PROLOG. For the remainder of this section P is a
LOG program and G a goal clause.

i1I.nition1." } G 15. a lin~

in .1. A lineae resolution proof {Go,Co), ..• ,(G""C"" ",+1 •
put, or LI, (resolution) refuudion of pu {Gl if Go = G, Gn+l = 0, each G. 15
a goal. clause and each Cj. is a (renaming of a) clause in P.
 160 Ill. PROLOG

·Theorem 1.2 If P U {O} E UNSAT, there U Q. linear resolution refutation of

PU (G).

·Proof: AHvery PROLOG program is satisfiable (Exercise 1I.5.6), {G} is a set o(

SUpport (or PU{G}. By the completeness theorem for linear resolution (Theon;m
1l.14.4) there is a linear refutation (Go, Co) , "', (en, Cn) with Go = G. WedllJm
that every G; is a goal clause and, modulo renaming, every Ci E P. Proceeding
by induction, the only point to notice is that we cannot resolve two goal clauses
and so the next C; must be from P while the result of the resolution of a goal
clause and a program clause is again a goal clause or O. 0

We now know the general format of resolution proofs for PROLOG: linear input
resolution. Before continuing to examine the additional refinements implemented
in PROLOG, we should note (and this is usually true of implementations of all res-
olution methods) that when G = {"Ao, ... ,.,An} and C = {8, .,80,' .. , ...,Bm}
are resolved, say on Ai = B via mgu 9, the interpreter does not check to see
if perhaps some resulting duplications should be eliminated (e.g., A 9 = k9
j
or Aj9 = Bt9 or B,,9 = Bt9) . It simply replaces .,Ai by .,Bo, ... , -.Bm and
then applies 9 to each term. It does no further simplification. To understand ~he
actual implementations, we should therefore think of clauses (as the machine
does) not 8S sets of literals but as ordered clauses, te., sequences of literals. A
resolution 8S above then inserts the literals -.Bo, ... , -.B". in place of -.A, and
applies 9 to each literal in the sequence to get the next (ordered) goal c1~~.
This ordering of clauses does not cause any serious changes. We embody It iD
the foUowing definition and lemma.
Deflnition 1.3:

(i) U G "" {-'Ao, ... ,-.A..} and C "" {B, -,Bo, ... , -.B } are ordered c1a~
m
and 9 is an mgu for A; and B, then we can perform an ordered resolu!l~n
of G and C on the literal A,. The (ordered) resolvent of this resolution 15
the ordered clause {"".Au, ... , .,Ai_h .,Bo, ... ,-.8 , .,A + ... , -.A,,}8,
m i lt

(il) U P U {G} is given as a set of ordered clauses then a linear definite or

LO--rejUtotion of Pu {G} is a sequence {Go,Co}, ... , (G , en) of ordered
n
clauses G"C; in which G "" Go, Gn ...! ""0 , each Ge is an ordered ~
clause, each Ct. is a renaming of an element of P containing only V8Tlab
~hat do not appear in Gj for j S i or C" for k < i and each 0;+1 (0 ~
, :'5 n) is an ordered resolvent of G; and Ci. If Cn is not 0, we call the
sequence, as usual, an LD--re.solution proof.

Note that this ~ethod does not employ the strategy of collapsing literals. We
resolve on one literal from each clause and remove only these two literals from
the resolvent.

Lemma 1.4 (Completeness of LD--resolution): If P U {G} i.J an unsatisfiahle set of

u
ordered claus , then thef?: is an LO-1?;jUtation of Pu {G} beginning with G.
 I SLD-Resolution 161

Proof: Consider all (ordered) ground instances pi U G' of the (ordered) clauses in
PU{G} in the appropriate Herbrand universe. By Herbrand's theorem (Theorem
11.10.6)PuG' is unsatisfiable. By the compactness theorem (11.7.9), some finite
subset of P' u G' is unsatisfiable. M all sets of program clauses are satisfiable
(Exercise 11.5.6), any such subset must include elements of G', Le., instances
of G. Let pi' u Gn be an unsatis6able subset of pi u G' of minimal size. By
minimality there is a G" E Gil such that pIt U Gil - {Gg} is satisfiable. By
Lemma 1.10.11, there is then an LD-resolution refutation of P" U Gil starting
with 0'6' By Lemma. 1.5 below this can be lifted to the desired LD--refutation of
PUG. 0

'Proof: Let P' and {G'} be the sets of unordered clauses corresponding to P and {O},
respectively. The proof proceeds by a simple induction on the length of the L1-
refutation of P'u{G'}. Note, however. that one u-eeectcncn may be replaced by
~ sequence of LD-resolutiona to compenaate for the collapsing of literal.!lallowed
In u-resolution. We leavethe details as Exercises 1-2. 0

Lemma 1.5: The lifting lemma holth for LD---f'eSolution proofs. More preci3ely 11.13.7
/wld.! for ordered resolutiofl.!l; 11.13.8 holds for LD---f'eSolutionproofs; and 11.13.9
holds for LO-resolution rejutatiofl.!l.
Proof: The proofs are essentially the same as in 11.13.The lifting of a single resolution
(11.13.7) is, however, somewhat simpler in that no collapsing of literals occurs
here (and so the parameters n1 and n:J are both equal to 1 in the proof). In the
proof of the lifting lemma itself, we note that. for linear resolutions, an induction
on the depth of the tree is the same as one on the length of the proof. The leaves
of the tree are the starting clause and the side clauses. We leave the details of
rewriting the proofs of 11.13 in this setting as Exercises 3-5. 0

Our next task is to describe bow in an LD--resolution proof, we should choose

~he literal of Gi on which to resolve. The .selection rule used in essentially all
~p1ementations of PROLOG is to always resolve on the first, l.e.• the leftmost,
~lteral In Gi• The literals in the resolvent deriving from Ci are then always
inherited with their original order and put to the left of all of the clauses coming
from Gi. We call this an sLD--T'e.9olution. (The S stands for .selection.) ~ore
~enera1lY.we can consider any selection rule R, i.e., any function chooslllg a
lteral from each ordered goal clause.
o,llni.,lOn 1.6: '
A "election role R is simply a function that chooses a literal R(C)
~OlIl every nonempty ordered clause C. An SLo-n:futation of PU {G} litO R
,e
~ an LD-refutation, (Go. Co}.· ... (G.. n). of P u {G} in which R(Gi) is the
hteral resolved. on at step i of the proof. (U no R is mentioned we assume that
the standard one of choosing the leftmost literal is Intended-]

~ur next goal is to prove a completeness theorem for sLD--refutatioDS. We ~

gIve a simple proof along the lines of our previous arguments that uses a verston
162 111. PROLOG
p
of the lifting lemma for sue-proofs. On the propo.sitional level. the heart of this
proof is essentially that of Theorem 1.10.13, the completeness of SLD-resolution
for propositional logic. The difficulty with lifting that result directly to predl-
cete logic is that the lifting lemma does not apply directly to sLD-proofs with
arbitrary selection rules. The problem is that the rule may choose a literal out of
the predicate lifting of a given cleuse which is not the lifting of the literal chosen
by the rule from the ground instance of the given clause. However. this problem
does not arise for a wide class of selection rules. including the standard one of
always cbocetng the leftmost literal. So in the case in which we are interested for
implementations of PROLOG, we can directly lift the completeness theorem.

Definition 1.7: A selection rule R is intlanant if. for every (ordered) clause C and
every substitution 8. R(C8) := (R(C»8.

Note that the standard selection rule is obviously invariant.

Theorem 1.8 (Completeness of sLD-refutations): If P U {O} E UNSAT, there is an

sLo-ruoluhon n:futation of P U {O} via R for any selection rule R.

Proof (for invariant selection rules): We argue exactly as in the proof of Lemma 1.4
except that we apply Theorem 1.10.13 in place of Lemma 1.10.9. We then apply
the lifting lemma for SLD-resolutions with an invariant selection rule (Exercise
6). 0

We could now supply a direct but fairly complicated proof of Theorem 1.8 for
arbitrary selection rules. It is somewhat simpler to instead prove a lemma. as-
serting an independence result: given an Lo-refutation starting from O. we can
find an SLDone via any selection rule R. The general form of Theorem 1.8 woul.d
then foUow directly from Lemma. 1.4. The proof of this independence result IS
itself somewhat technical and we postpone it to Lemma 1.12.

We now know what the PROLOGinterpreter does when a question is entered as

"?- At.· .. , An.". It searches for an sto-reecluncn proof of 0 from the current
program P and the goal clause 0 = {..,AI •...• ..,An}. Before analyzing thesearcb
method for finding such a proof. let us consider what happens at the end. If aU
a~tempts at finding a proof fail PROLOGanswers "no". If a proof is found, PROLOG
gives us an an.swer "ub"tihdion, that is, a substitution for the variables in G. ~
fact, if the proof found by the interpreter is (Oo.Co) •...• (On. On) with mgu 5
80 •••• , On, then it gives us the answer substitution 8 = 60 ... 8n restricted to the
~iables of G. Most importantly, these are always correct answer substitutioDS,
r.e., (AlA ... A An)8 is a logical consequence of P.

Theorem 1.9 (Soundness of implementation): If 0 is an answeT substitution given by

~n SLo-refutation 01 Pu {O} (via R for any "election role R), tJu.n 8 is correct.
s.e., (AlA ... A An)8 is a log1cal COlUeqtlenc.e of P.
 1 SLD-Resolution 163

roof: We proceed by induction on the length of the sLD-refutation. For the base
case of a refutation of length one, G ::=: Go = {...... =
A} and Co {B} are singletons
with 6 an mgu for {A} and {B}. As B E P. it is a logical consequence of P as
is its substitution instance B6. As 6 is a unifier. 86 = A6 which is then also
n
a logical consequence of P as required. Suppose now that G = {...,~,... , ...,A }
and Pu{G} has an sLo-refutation of length n+1 starting with Go = G and Co =
{B, .....B , ,...,B } and a resolution on ...,Ai with mgu 60' The resolvent Gt =
o m
{...,~, , Ai_ll BO Bm, Ai+l' ' ...,~}60 has an SLD-refutation from
P of length n with mgu 6' = 6t ••• 6n. Thus, by the induction hypothesis, G1606'
is a logical consequence of P. Let 6 = 606'. As Co E P, C06 is also a logical
consequence of P. Now C 6 is equivalent to (B06 A A 8,.,.6) -> 86. So by
0
propositional logic, {.....
~6, ... , ...... B6, ......
Ai_16, ...... AH16' An6} is then also a
, ......
consequence of P. As 6 = 606', 6 also unifies Ai and B, t.e., Ai6 = B6. Thus G6
is a logical consequence of P as required. 0
The answers supplied by sco-reeotoucoe are, in a sense, all the correct ones
there are.
Theorem 1.10 (Completeness of implementation): Let R be a selection rule. If P F
(AlA ... A An)u and G =
{Al""'A,.}, then there is an SLD-refutation T =
({ G , C )1 i $. n) of P U {G} via R with answer substitution 6 and also a
i i
substitution t/J such that GO" = G61/!.

Proof (for invariant selection rules): We prove by induction on the length n of an SLD-
refutation of PU {Gu} via R that there is a refutation with answer substitution
(J and a t/J such that 0 = 6t/J on the variables of G. Choose a substitution "'f
instantiating all the Vlloriablesof Go to new constants (Le., ones not appearing
in PU{G}). As PF (At A ... A An)O' it is clear that PU{GO''''f} E UNSAT.Let
T = «(Gi.Oi)l i < n) be aground SLo-refutation of PU {Ga;} via R. By the
invariance of R, reversing the substitution I (i.e., replacing the constants by the
original variables) gives an SLo-refutation T' = ( ~.C:)l i < n) of PU {Gu}
via R In which the unifiers tPi restricted to the variables in GO' are the identity.
The ground refutation can also be lifted, by Exercise 6, to one
T'=((G':.~')li<n)

of p U {O} with mgu's 60,... ,6n. Suppose that R selects the literal Ai from G.
We can now apply the induction hypothesis to

and
c; = { .....
Ao6 •... , ...... Bo.I90,·.·,
Ai_tBo, ...... ...,Bo,mo60,.....Ai+160'···, ....,An60}
0
as Gi = G'tatPo = G','t/JoO' (remember that GutPo = GO' and, as O't/JO unifies
An end B • 6 O'1/Jo=~t/Jo). Thus, we have an sLD-refutation of P U {ott} via
o 0
164 III. PROLOG

R with mgu's ~ ... /Y., and a >" such that 8i ... e:.>.' = 0" on the variables in
G't. If x occurs in G = Go. but x80 does not appear in G1, then x80 does not
appear in OJ,, ... ,/Y.,. Since 90fT = 0 on the variables in Ao, we can extend ).,'to
)" by setting >.(x) "" o(x) for each variable x in Ao such that x80 is not in 0';.
Then 90~ ... ~>."" CT on aU the variables of G, as required. (Keep in mind that
p
¢OCT = IICT for II occurring in G.) 0
1b provide proofs for Theorems 1.8 and 1.10 for arbitrary selection rules, we now
prove the independence lemma, as promised. We begin with a basic procedure
to change a single choice of literal in an LD-refutation.

Lemma 1.11 (Switching lemma): Le! G = Go = {.... Ao, ... , ....An} and let (Go,Co),
... , (G., C.) ~ an Lo-rejutation of P U {Go} with answer substitution !/J =
VJo ... t/J.- Suppose that AjtPo ... ..p~-l is the liteml resolved on at step s > O.
There u then an LD-rejutation (Go, Cb),"" (GI., C~) of PU {Go} with answer
.tub.dilution 9 = 90", 6J: in which we resolve on Aj90" . (J._2 = AjtPo··· !/J.-2 nt
slap .t - 1 such that G9 is a renaming of G1/J .
Proof: Let C, = {B, •.....B"o, ... , ....,Bt,ma for i $; k. Let G~_l = {.... Au, ....,A~.... , -,AD
where AjtPo ... tP~-2 =0 Aj, and Suppose we resolved on A~ at stage s - 1. Thus
G~={....,AO,....,Ai,... , ....A~_h ....B._t,D, ... , ....B~-1,m._l •.....A~+l' ... , ....AaW~-1and
?~+l is ,p. applied to the result of replacing ....A; = ..,Aj, by ..,B.,o•... , .... 8"...,
ill G._ (Recall that by the definition of LD refutations, ..,B.,o, ... , ....B~,m, haw
no variables acted on by W.-to) We know that Aj,tP~_lW~= B.W. = B~,p.-l,p.
and so we can unify Aj, and B.. Let W;_l be the corresponding rngu ~d.let
A be liuch that W~-lt/J.= ¢;-l>'. We now replace step s - 1 of the Original
refutation by this resolution. We want to show that we can resolve with C,_l on
the literal A~1/J~_lat step s with mgu '1/1.. If we can also show that the result
of this resolution is a renaming of G.+I, ;e can continue the refutation, modulo
renamings, to get the desired result.
'!'e ~t note t~at. from oU,roriginal refutation, A~¢._l= 8._1 W.-l' combin~
109 t~ fact with the relation for>. above we can get the following sequence .
iualltles: A~?/J;_l)" = .A:.?/J.-ITP, = B'_l¢~_lt/J. = B .._1"'~_1A. Thus A;
es A~!/I._l and B~_l = B'-1t/J~_1 (by convention, B,_1 has no variables .
on by 1/1.-.). We may therefore resolve on ti' .IJ with rngu Wi as required.
W; also >" ~'II~-l' h va
e get a sU~hthat A = "':>'" _ Combining the equations for )", ~ a,
"'~-11/J. = V'.-1W:>'. If we can now prove the existence of a substitutiOn ~
s.uch that t/J;,I'ltt. ~ 1Ji.-IW.rp', then, by Exercise II.H.4, we will have est &7
hshed that 1/J~_1 t/I" 18a renaming of W.-I1/J. as required to complete the proe ~
T~e argument for the existence of !.p' is similar to that of A'. We knoW thai
A .. 'tI,_I¢; = B~-I¥t:_l!Jl, while in the original proof 1/J~-1 is an mgu for ~
and B._I, Thus there is a!.p such that .,.' .,J = .1, ,n We next note tha+
At. IJi - At 1/1' !JI, 'i-'I_l'll. 'i-'~-lr' and
8" ~-1!P - j' .-1 ~ = B~¥I,1/J~_1= B~1/J~_IIp. Thus 'P unifies Aj,1/J~-l ..1
~¢~-l' As 1/J~in the original proof is an mgu for tbis unification, there is a If
such that Ip - 1/JqI Co b' . see that
.1,1 .IJ -.. m uung this with the first equation for 'P, we 0
'i-'~-t''II~"" W.-l1/J.rp'as required.
 1 SLD-Resolution 165

mma 1.12 (lnd,pendon" I,mma)' For nn. LD-fOfn",tion of P U {G) of l<ngthnn

'WIth IlnsUleT substitution 8 and any selection rule R, there is en sLo-refutatio
of P U {G} via R of length n with an answer substitution 1/1 such that G1/J is a
renantingof GO. n
"",f, W, proceed by indu,tion on tb, lengtb of tbe given LD-refutatio . A> usuel,
thereis nothing to prove if it has length 1. Suppose we have an Lo-refutation
of G of length k + 1 wltb answer ",bstltution ~. Let Aj be the lite,aI seIected
from G by R and suppose it is resolved on at step s of the given LD-refutation.
Apply Lemma 1.11 s _ 1 umes to get an LD-refutation (Go. Co) ... ·• (G,. C,)
of PU {G) ~ PU {Go) with enswer ,ubstitution ~ ~ ~o~''''~' in whi,h Aj ts
the bteral resolved on at step 1 and such that cp is a renaming of 0 via ).. Now
apply the indu"ion hypoth",1s to tbe LD--refutation (G,. C, )..... (G,. C,) to
g,t one of G, via R wlth"'-' ,ubot!tutlon (J' ,uw that~, .. , ~,A' ~ (J' with A'
a renaming substitution. We can now prefix the resolution of G = Go with Co on
A; (with mgu ~o) to tbls refutation to get the d",lred SLD-refutation of pu {G}
"a.R with answer ,ub,tltution ~0(J'. W, ",mpl,te the Indudion argum,nt by
noting that Go~09' ~ GO~O~l'" .~.A' ~ Go~A' ~ Go~).).'· W' have now found
the required SLD-refutatlon .. d renaming ,ubstitution »: 0

o eorems 1.8 and 1.10): It is nOWclear that, by applying Lemma 1.12,

Proof Theorem
( f Th 1.8 follows immediately from Lemma 104. Similarly, Theorem \.10 fol-
lows from Lemme 1.4 together with the special case proved above for invariant

selectionrules 0

Exercises
1. Pro", ebe following lerom" If G Is an o,dered goal
program 010_, G' .. d C' tbe uno,d,red 010_ "",.,ponding
01._. C an o,dered
onte to G .. d
C, reepecetvely (t.e., th' union of the ele .... nts of the "",u ) and th'
goal clause D' Is an u-eeso lvant of G' and C'. then th,re Is a "",uente
of LD-,esolutions ,tortlng with G and C and ,ndlng with an ordered goal

clause D that corresponds to D' . f

2. Use the results of Exercise 1 to carry out the inductive "'proo of Lemma

1.4.
3. Prove Lemma 11.13.7 for ordered cla.uses and Lo-resolution.
4. Prove Lemma 11.13.8 for ordered clauses and Lo-resolution.

5. Prove Corollary 11.13.9 for ordered clauses and Lo-refutations.

6. Notloe that the proob of Exero\seO 3-5 wo,k fo' ,LD-_Iutlons if the

selection rule is invll.Iiant.

166 1II. PROLOG

7. Let S be a set of clauses in a language £. . The success set of S is the set

of all ground instances A(tl,"" tn) in E of the predicates of £. such that
there is a resolution refutation of S U {...,A(tl,' .. , tn)}' Prove that if P is
a PROLOGprogram, then a ground atomic formula A(t), ... , tn) is in the
success set of P iff it is true in every Herhrand model of P.
8. Suppose a graph G is represented as a database of edges via the list of
facts wedge(n, m)." for each pair of nodes, n, m for which there is an edge
connecting them in the graph. (Assume that the graph is undirected and
so wedge(n,m)." appears in the database iff "edgetm,n)." also appears.)
Deline, via a PROLOGprogram, the predicate "conne<:ted(X, Y)" so that
connected(n, m) is a logical consequence of the program iff there is a se-
quence of nodes n = n\, na.. .. , n,. = m such that each successive pair of
nodes 7li, niH is joined by an edge.

Implementations: Searching and Backtracking

Although SLD-resolution is both sound and complete, the available implementad

tions of PROLOGare neither. There are two sources of problems. The first, ~
at least theoretically relatively minor one, is in the implementation of the u~fi-
cation algorithm. As we have mentioned, the available PROLOG implementatlOl15
omit the "occurs check" in the unification algorithm. Thus, for example, the
PROLOGunifier believes that X and f(X) are unifiable. In addition, the PRO:-
LOG theorem prover does not make the substitutions needed by the unifier untU
they are required in the SLD-resolution. These two facts combine to destroy the
soundness of the system. Thus, for example, given the program:

test ,- p(X,X).
P(X,J(X)).
~d the question "?- test." PROLOGwill answer "yes.". What has happened here
ISthat the theorem prover says that to verify "test", we must verify p(X,X~.
As p(X, f(X)) is given, it suffices to see if p(X, X) and p(X,/(X)) can be un~
Jied. The unifier answers that they can. As no further information is needed (
inst·t .............e ..._"to
anne e 1oC)~, lor example) the theorem prover gives the answer r-:
our question. Thus, it gives an answer that is not a logical consequence of the
program - a violation of soundness.
A key point in the above implementation is that the theorem prover did no~ have
to. car? out the .substitution {XI f(X)} implicit in the unifier's answer. If It b~
tried, It ~uI~have ~all~n in~ the endless loop of trying to output the results
the substitution, This SituatIOn is illustrated by the program:

testl(X) ,- p(X, X).

p(X,J(X)).
 2 Implementations: Searchingand Backtracking 167

If we now ask "7- test1(X).", tbe result oftbe looping is displayed as PROLOG
tries to give the "correct" answer substitution of X = f(J(J( .... (Hit control-
break to stop the dlspley.) This type of failure can also occur undisplayed in the
search.for an SLD-resolution. Consider the program:

"""2,- p(X, X).

p(X,t(X» ,- p(X,X).

In this case, the only indication that something has gone wrong is that no answer
is forthcoming.
Unfortunately, these problems may well occur in natural programs as well. Of
course, both of these problems could be eliminated by implementing the uni-
fication algorithm correctly. As there are now reasonably efficient (i.e., linear)
unification algorithms, this is not an unreasonable expectation. For now, how-
ever, one can fairly easily eliminate the first type of problem in favor of the
second. One simply writes programs in which any variable appearing in the head
of a clause also appears in the body. This can be done by simply adding X = X
to the body (or any variable X in the head not already in the body. The first
program would then become

test ,- p(X, X).

p(X, t(X)) ,- X = X.

Now, when the theorem prover tries to resolve on p(X,X} and P(X, f(X)) and
~e unifier says they are unifiable, the prover asks for the substitution so that
It can put the expression resulting from X = X into the goal clause in place
ofP(X,X). As the substitution is circular, it never gets to complete the proof.
Thus, this simple programming trick will restore the soundness of the PROLOG
theorem prover (at the expense, of course, of taking longer to run). Completeness,
however, is another matter.
The SOurceof the incompleteness of the PROLOG implementation is the method
employed to search for an sLD-refutation. Suppose we are given a program P
and a goal clause G. We wish to find an sLD-resolution refutation of P U {G}
~inning with G. At each step i of the sLD-reso1ution, the only choice to make
18which clause in P to use to resolve on the leftmost term in our current goal
claUseGi. We can thus display the space of all possible SLo--derivations as a
!ree: the root node is labeled G and if a node is labeled G' then the labels of
It successors are the results of all possible choices of clauses of P for the next
resolution on the leftmost term of G'. We call such trees SLD-treu for P and G.
As a simple example, consider the program Pi below:
168 Ill. PROLOG

p(X,X) ,- ,(X,Y),dX,Z). (1)

p(X, X) ,- ,(X). (2)
,(b, a). (3)
,(a,a). (4)
,(X, Y) ,- ,(a, Y). (5)
,(b,Z). (6)
,(X) ,- ,(X,a). (7)
Program PI

The SLD-tree for PI starting with the goal clause G = {-,p(X, X)} is displayed
in Figure 39. Along each branching we indicate the clause of Pi resolved against.
The convention is that the successors are listed in a. left to right order that
agrees with the order in which the clauses used appear in Pl' Sueass patJu,
corresponding to yes answers, are those ending in D. At the end of each such
suc:cesspath we put the answer substitution given by the proof (of 0) represented
by the path. A path is a failure path if it ends with a cleuse G' such that there
is no clause in P with which we can resolve on the leftmost term of 0'.

~p(X,X)

Y
",(X, Y), ",(X, Z)
~ ~,(X)
(3y' I(4) \(~) \(1)

~,(b, Z) ",(a. Z) ",(a, Y), ",(X, Z) ~,(X, a)

('1/ I I 13y 1('1 \( 5)

o
{X/b)
failure failure 0
{X/b)
0
{X/a} I
-,r(a,a)

failure
FIGURE 39.

We see here that, of the six possible paths, three end in failure, two end with
the correct substitution {X/b} and one with the correct substitution {X/a}.
T~ PROLOGtheorem prover searches the SUr-tree for a success path by al~YS
trymg the leftmost path first. That is, it tries to resolve the current G WIth
the first clause in P that is possible. In Figure 39 it would simply follow the
path (1), (3), (6) to get the correct answer substitution {Xjb}. If the theorem
prover hi~a failure point [l.e., not 0 and no resolution is possible) it backtrack'·

:=:
Baclrtre:cking means retracing the path one has just followed until one finds li-
With a branch to the right of the path being retraced. If there is DlO:e
one .such path, take the leftmost one. The theorem prover repeats this
backtrackmg procedure until a success path is found.
 2 Implementations: Searching and Backtracking 169

Copiesof printouts for runs of the programs Pi (and other programs listed in this
section) are included at the end of the section. We also include printouts of the
runs with "tracing". (Tracing is a facility supplied with most implementations
of PROLOG that displays the actual steps of the search of the sue-tree. It is
an important tool for understanding the flow of control in a program and for
debugging. Note that items of the form .._Oonn" are just names for variables.)
If, for example. we omit clause (3) from the above program Pi to produce P2,
we get a new SLD-tree as pictured in Figure 40.

r
~p(X,X)
~J
~q(X, Y), ~r(X,Z) ~,(X)
(i ~) ~J
'r(a,Z) ~r(a,Y),~r(X,Z) ~q(X,a)
I I (i ~'J
-.r(a,a)
failure 0
failure (Xla)
I
failure

FIGURE 40.

In this case. the theorem prover first tries the path (I), (4). failure. It then
backtracks to --.q(X. Y). --.r(X. Z) and tries (5), failure. It then backtracks all the
;~~ . ...,p(X.X) and tries (2), (7), (4), success to give the answer substitution

The same backtracking procedure is i.mplemented when we ask PROLOG for a

~nd answer. Thus, with the original program Pl and goal {-.p(X,X)}, Le .•
._ p(X,X)." we got the reply "X = b _".1fwe now ask for another answer
b~ entering ";" the theorem prover backtraCks from the success node until it
hi~a node with alternate paths _ here -.q(X, Y). ""r(X. Z). It tben tries (4),
~I~e and (5). failure and then backtracks to ....p(X.X). It nOWtries (2), {7}, (3)
glVlng once again the answer X = b. If we enter";" • once again, it backtracks
from the success node to -.q(X.a) to try (4) and give the answer X = a. Should
we once again ask for another answer, pROLOG will backtrack to -.q(X, a), try
fou remaining path (5), fail and report no - no more success nodes have been
und and there are no more paths to try.
The situation is similar if we get a '"no" answer on first entering our question.
Here it means that all paths in the SLo-tree have been traversed and they are
all :ailures. By our general completeness theorem. we then know that !'U {G! is
satISfiable and so there is no substitution for which the question asked IS a lOgical
170 III. PROLOG

consequence of Pl' By the completeness theorem for the implementation we also

know that when we finally get a no after a series of ";" requests, every correct
answer substitution is an instance of one of the answer substitutions already
displayed.

This type of search procedure is called a depth-first search procedure as it tries

to go as deeply as possible in the tree by running down to the end of a path before
searching along any other branches. In contrast, a procedure that searches the
tree in Figure 40 in the order -.p(X, X); ...,q(X, Y); ...,r(X, Z); ""s(X); ...,r(b,Z);
""r(a, Z); ""r(a, Y); ""r(a, Z); -.q(X, 0); 0; failure; failure; 0; 0; ""r(a, 0); failure,
is called a breadth-first search. Clearly many mixed strategies are also possible.
In our case, the depth-first search was much faster than breadth-first (3 verSUS
9 steps). Indeed, this is a quite general phenomenon. Depth-first is usually much
faster than breadth-first. That, of course, is why the implementations use depth-
first searches. The cost, however, is quite high - we lose the completeness of the
sto-resoiuncn method (quite independently of the procedure used to implement
unification).

The general completeness theorem guarantees that, if PU {G} E UNSAT, there

is a (necessarily finite) SLD--refutation proof beginning with G. If there is one of
length n, it is clear that in a breadth-first search we must find such a proof by the
time we have searched the tree to depth n, i.e., we have traversed every possible
path of length n. Unfortunately, there are no such guarantees for depth-first
searching. The problem is that some paths of the tree may be infinite. Depth-
first searching may then keep us on such a path forever when a short proof lies
along another path. As an example, consider the program PJ gotten by replacing
(6) in PI by
,(W, Z) ,- ,(b, Z). (6')
The SLD-tree for P:J beginning with ""p(X,X) is displayed in Figure 41.
Here we see that, even though there are SLD--refutations along the paths (2), (7),
(3) and (2), (7), (4), the depth-first search employed by PROLOG will not find
them. Instead, it will endlessly pursue the leftmost path (1), (3), (6') and then
continue trying to use Clause (6') again and again forever.
We can now see why the ordering of the clauses plays a crucial role in the actual
running of a PROLOGprogram. 1£ we rearranged PJ to get P4 by interchanging
Clauses (1) and (2), the theorem prover would first find the proof (2), (7), (3)
and then (2), (7), (4). Only then, if asked for another answer, would it f&11 into
the endless .search part of the tree. Unfortunately, the arrangement of clauses,
thougb an Important programming consideration, is not enough to guarantee
completeness. To see this, consider the program PI; :

equ~valent(X, Y) :- equivalent(Y,X). (1)

equ~valent(X. Z) :- equivalent(X, Y), equivalent(Y, Z). (2)
equlvalent(a,b). (3)
equivalent(b,c). (4)
 2 Implementations: Searching and Backtracking 171

~p(X,X)

;Y ~
~q(X,Y), ~,(X,Z) ~.(X)
I'y' (.)[ \(5) \(1)
,,(b,Z) ~,(a,Z) ~,(a, Y),~,(X,Z) ~q(X,a)
(6')1 I I I'y' 1,)1 ~')
...,r(a, a)
""r(6, Z) failure failure 0 0
(6')1 {Xlb) {Xla}
1

failure

FIGURE 41.

and the goal G = -.equivalent(c,a). It is dear that equivalent(c,a) is a logical

~nsequence of ~ (Exercise 1). The problem is that no matter in which order
~uses ~1)and (2) are listed in the program, a depth-first search will always
p ~rytng to apply the first of them since both heads will unify with any ex-
pression of the form equivalent(t2' ta} for any terms ea and ta- Thus the theorem
prover will be able to use one of (1) and (2) but not both. It is, however, easy
to ~ that if either clause is omitted from 1\ then the result together with G is
satisfiable. Thus, no depth-first search procedure can find an sLo-refutation of
:U {G} regardless of the ordering of the clauses in P. (Note that the depth-first
unple~entation remains unable to find the proof here even if we use another
select~n rule.) Thus, depth-first search methods, altbough efficient, are inher-
ently mcomplete. In the next section we present a programming tool to minimize
or get around these problems. In §4 we brie8y consider the general problem of
guaranteeing termination (for certain types) of programs in pure PROLOG with
t~e standard selection rule and depth-first searching of SUr-trees. In §8 we show
t at the general termination problem for PROLOGprograms is undecidable.

1. Find an SLD-refutation of 1\ U {-.equivalent(c, a)}.

2. Prove that every set P of program clauses has a minimal (actually least)
Herbrund mod!!l Mp (i.e., prove that the intersedion of all Herbrand mod-
els of P is also a model of P) but not every set S of universal sentences
has a minimal Herbrand model.
3. Consider the program p conaisting of the following three lines:
172 III. PROLOG

p(X,Zk ,(X,Y),p(Y,Z). (1)

p(X.X). (2)
,(a, b). (3)
Draw sun-trees (or P and goal II 1- p{X, Y)." for the standard selection
rule and also for the rule that &I.wayschooses the rightmost literal from a
clause.

4. a) Draw the SLD--refutation tree illustrating all possible attempts at sur-

proofs using the standard selection rule and the associated correct answer
substitutions for the following program and goal:

(I) p(X, Y) ,- .(X),t(X).

(2) p(X, Y) ,- ,(X,f(X)), ,(X,f(Y».
(3) ,(b, Y).
(4) ,(a, Y) ,- ,(a,f(a».
(S) ,(a,f(a)).
(6) '(b,f(b)).
(7) .(a).
(8) .(b).
(9) t(a).
Gaol, ?- p(X, Y).

b) Explain what happens in terms of PROLOG searching and backtraekin&

when we enter "?- p(X,y)." and then repeatedly ask for more answers
via "j".

5. Defi~PROLO~programs for the following operations on lists. (The basic

notatiOns for lists were introduced in 11.3.)

a) second~element(X> Y} which is to define the predicate" X is the sec-

ond element of the list Y".
b) subst~tu~.Ior..1l€(:ond-element(Y, Ll, £2) which is to define the predi-
cate £2 IS Ll with Y substituted for its second element".
c) swit.ch(L,M) which is to define the predicate "M is L with its first
and last elements exchangedn.

d) ~~ t~ your programs work correctly, at least when all variabl:

lIlStantiated, by running some examples: Is b the second element 7
[e, [b, c], d, e] or of (a, b, e]? Is (b, e] the second element of either ofthe:n'
~ [a, (b,e],?dj the result of replacing the second element of [a, b,e] "",1th
~,Iba.: dJ· Is (a, la, [b,el, dj, ej? Is [a, e, bJ the result of interchaJ1gin8
t e and last elements of [a, b, cj? Is [c, b. o]?
 2 Implementations: Searching and Backtracking 173

e) 'fry a couple of examples with uninstantia.ted variables as well: find the

second element of (a,lb, c], d, e] and [a, b, c]; replace the second element
of [a, b, cJ with (a, lb, c], d] and then replace the second element of the
result with b; interchange the first and last elements of [e, b, c] and
then of the resulting list. Now some examples with the roles of the
variables interchanged: Find a list with second element b; one which,
when its second element is replaced by b, would be la, b, c); one which,
when il:Bfirst and last elements are interchanged, would be [a, b, eJ.
f) What simple universal statements suggested by the above examples
should be true about your programs? 'fry asking, as a. PROLOGques-
tion, if substituting the second element of a list X for its own second
element returns the original list; similarly for the result of switch-
ing the first and last elements twice. Explain the output when these
questions are entered.

6. Trace the execution of your programs on the examples in Exercise 5 and

explainany enomaloua behavior (depending on your program there may
not be any).

~ises 7-8 we use a unary function symbol s (with the intended meaning
r of") to define a counter beginning with the constant O. Thus 0 cor-

:tio~
~~ to 0, s{O) to 1, 8(8(0» to 2, and in general sft(O) (= 8 ... 8(0) with n
of the. function tl) corresponds to n. Do not try to use the built-in
rnetlCoperations supplied with PROLOG.

1. :rite a program to calculate the length of 8 list using this counter. Try
on a couple of inputs: [e, b,e], (a,b,e, [b,el, [d,e, eJJ. What happens when
you try to find a list of length three?

8. ~ ~d on to our language two predicate symbols "add(X, Y, Z)" and

u1t,ply(X, Y, Z)".
a) Prove that, if we interpret "0" as 0 in the natural numbers and ".9"
~ eucceesor, then the following two-llne PROLOGprogram defines ad-
~ltlOn on the natural numbers as represented by {a, 8(0), s(s(O», ... )
in the sense that "'a.dd(81'1(0),8m(0),,,"(0»" is a consequence of the
program iff n +m = r:
add(X,0, Xl. (1)
add(X,.(Y),.(Z)) ,_ add(X,Y,Z). (2)
b) Write a similar PROLOG program to define multiplication in ;er~ of
addition and successor so that "multiply(8"(0), sm(O),tlf'(O» will ~
a consequence of the program iff mn == r. (Hint: x(y + I) = ry + x.
c) ~rove that "multipIY(8ft(0), sm(o}, 8"(0))" is in fact a consequence of
he Program iff mn = T.
174 Ill. PROLOG

9. Recall the procedure in II.5 for defining a knight's move on the chess hoard.
Do not use any built-in predicates (Le., no arithmetic, no cut, no "not")
in writing the programs for (a)-(c).

a) Write a program defining a queen's move. (It can move horizontally,

vertically or diagonally.)
b) Write one defining when a queen cannot move from one position to
another.
c) Write a program to find a way to put a queen in each column so that
none of them could move to any square occupied by any of the others.
d) Use the program from (c) to find two solutions to the chess problem
given there.

10. Write a program for the function FLATTEN that strips off all brackets from
a list except the outermost, i.e., it returns a list of atoms in the order in
which they would appear on the page when the input list is written out,

11. Consider the following program:

'qX, y) ,- r(X, Y).

tc(X,Yk r(X,Z),tc(Z,Y).

ThegoaJ
?- tc(a,b).

",,:ill SUCCeed. exactly when the pair (a, b) is in the transitive closure of t~e
hl,nary relatIOn T as defined in Exercise 11 of II. 7. How do you reconcile~
with the result of that exercise? (This problem is also relevant to gxercse
1.8.)

The following.problems are continuations of Exercises 1I.5.7~8 and faUOWthe

;:me conventions about the assumed genealogical database. A printout of the
a~base and some words of warning are included in Appendix B. They also
~tab use ?f the co~ter defined in Exercise 7. Once again, if not using the
I .sse Slmply wnte out the programs defining the required predicates and
e? ~n ho: one would obtain the desired information Now in addition to eJC'
p~(g w y your answers are semantically correct d~uss
as imp emented by PROLOG. '
how
they would run

12. a) :~:hgrand(~ther(~, Y,sl'l(c)) to mean that X is an ancestor of Y 7l

ns up. tart With n = 1 for X is the father of Y.)

b) Use this program to.find " ,
llbnl s grandfather's great-grandfather.
 2 Implementations: Searching and Backtracking 175

e) Can you lind more than one such ancestor? Should you be able to do 50 if
all were well with the database?
d) Use this program to find four of levi's great-great-great-grandchUdren.

e) Find three of esa.u's grandchildren.

13.a) Define cousin(X, Y) to give the usual meaning of first cousin.

b) Find five cousins of tola.

e) Define secondcousin(X, Y).

d} Find six second cousins of libni.

1. Recall the usage in English: My children and my brother's children are first
cousins; my grandchildren and his grandchildren are second cousins; my
children and his grandchildren are first cousins once removed; my children
and his great-grandchildren are first cousins twice removed; my grecdcbll-
dren and his great-grandchildren are second cousins once removed.

e) Define cousin(X, Y, s"(c),sm(c» to mean that X is the nth cousin m times

removed of Y.
f} Find seven second cousins once removed of libnl. Can you tell or guess and
verify what relation they are to the people listed in (d)?

g) Find three third cousins twice removed of libni. Can you predict from your
program how they are likely to be related to libni {i.e., what routing is
taken to find these instances)?
14. Various anomalies may creep into your results when implemented with an
actual genealogical database. Consider bow the following typical problems
with such databases might affect your programs.

a) The same data may be recorded twice. For example, the fact fa-
therof(abraham,isaaC) appears twice in the database. Will this cause
any wrong answers to be reported? What effect if any will it have on
running a program such 85 the one for ancestor or for nth cousins m

times removed?
b) Different people may have the same Dame and not be distingUished in
the database. (Try to see who is the father of enoeh-] How will this
affect the ancestor and cousin programs? Can you devise B method for
identifying people in the datab~ tha.t might be used to eliminate or
reduce the impact of this problem? (Hint: Consider using a counter.)
Try the father of enoch again. Also see if you have eliminated all
solutions to ancestor(X,X).
116 m. PROLOG

c) The same person may appear under more than one name, We know,
for example, from other Biblical passages that eseu is seir. How will
this affect the ancestor and cousin programs? What could you do
(short of editing the data file) to correct for such a situation? Can
you add rules to the database that would take care of this problem
without editing the database? (Examples in the database used for
trying your solution out are finding the grandfather of lotan and the
cousins of bori.)

Runs of Programs Pi - P4

PROGRAM Pl.

?- IbtiaS·
(2) FAIL: r(b,..ll261n>
ph ..U :-
q(J.,B) , (1) IEDO: q(b •• )?>
dJ.,cl. (0 EXIT; q(", ..n>
p(J..J.) ;_
(3) C1LL: r( ... ..ll261l?>
.(U.
(3) FAIL: d .. ,..o26D?>
q(b, .. ) .
q(a,"). (D aEDO: q( ..... )?>
q(l.B) :- (4) C1LL' r( ..,..ll255n>
r(...B) .
(4) FAIL: r< ... ..o265)!>
r(b,A),
(1) FUL; q<"0085 •..o255)?>
.(A) :-

..
(5) CALL, .Cooa5)!>
'l(l.a) .
,
?~ p(I.I),
(6) CALL: q(.1lO85 ...
(6) £IIT: qu.... n>
rr >

I· b_, (5) EXIT: .(1»1>

X. b_; •• (D) ElIT: p(b,b)'!'>

I ... _;
•• (D) 1EDll; p(b,b)?

,.. (Ii)

(6) UDQ,
IliDD: .(b)?>
'l(b •• )?>

,..
1- I... b(fall), (6) JUIT: 'l("''')?>

,..
(&) IUT: .(.)?>
1- .py(p/2).
•• (0) EXIT: p( ..... )?;>
X ... _;
1- pLt,IL
•• (0) REDO; p(.... )? >
•• (0) CALL, P(..llOll& •.ooa5)'l'>
(Iii) l£lIO: .(a)?>
c» CALL, 'l(..D085 •..ll25Sl?>
(6) aEOO, 'l( ••• )'!'>
(1) ElIY; q(b, .. )?>
(7) C1LL: r(a.a)?:>
(2) CALL: r(b •..D26t)1>
('I') FAIL, r(a.a)?>
(2) £lIT, r(b •..ll261)?>
•• (0) DIT: p(b.b)1>
(6) FUL: q(..ooes.a)?>
X • b ..... ; (5) FUL, .C.D08S)?>
•• (0) FJ.Jt., pLOO8S• ..D06S)'!'>
•• (0) 1£00: p(b,b)?>

(2) lEDll, r(b •..ll2G2)?> ••

 2 Implementations: Searching and Backtracking 177

(1) ElIT: q( ••• )?>

1- 1htirlS.
p<.l.A> ,- (2) CALL: r( •• ..o239)?>
qb.Bl. (2) FUL: r( •• "0239)?>
rCl.C) .
(1) IEOO, q( •• aH>
p(l,U :-
I(U. (3) CALL: r{ •• ..o220)?>

q(a.l) . (3) FUL: r( •• ..o220)?>

q<.l.B) :- (U FUL: q(JXlliO.Jl220H>

r(I,B) . (4) CAU: s(.DOIiO>?>
r(b.U. (51 C.1LL: q<..OO50.1)?>
Ib) :- (6) UIT: q(I,.H>

,..
'1.(1,.) .
(4) un, I(.>?'>
.. (0)snr p<-,.>?'>
,.
1- p(l.I:).

.. I • I ......
••
;
(0) JKIHl: p(.,,)?>

,..
!- tnt •. (4) lEllO: s<&)?>
(6) UDO, q(I •• H>

,.-.. hUh (full). (6) CALL: r(a,.>?'>

Hi) rUL: r(.,.)? >

,.-.. (5) FAIL: q(Jl(l60 •• H>

(4) rUL: s{..oo6D)?>
.- ••
ec.».
(0) CALL: p{..D06D,.D05DH>
.. (0) rUL: p(..oo5D • ..ooSDH>

(1) C1LL: q(..oo50 •..o220)?>

••

1- althS'
P(l,l) :_ ,..
q(.1.I) •
r(l.C) . ..
1_

,r-
leub(full).

,..
P(l,l) :_ sPJ(p/2)·
1(1) .

q(I>,.) . !_ p<I.I),
q(I,I>' •• (0) CALL: p(..oo511•..oo611)?>
q(l,l) ,..
(1) caLL' q(.0060,..o220)1>
r(l.ll.
r(l,l) :_
(1) un, q(I>,aH>
(2) CALL; r(l ••..D239H>
r(b .1).
1(1) ;_ (3) CAU' r(I>•..o239)?>

,..
'1(1,.) . (4) ClLL: r(b,..D239H>
(5) CALL' r(b •..D239)?>

!- p{I.X>.
 178 m. PROLOG

PROGRAM Pi.

? 1htbS·
p(A,A) :_ ?- p<x,X>.
ICA) . .. (0) CALL: p(-OOSD• ..oo5D)'l')
pCA,A) :- (1) CALL: a(_005D)?>
qCA,B),
(2) CALL: q(-OOSD,a)?)
rCA,C).
(2) £lIT: q(b,a)?>
q(b,a).
q(a,a) . CD ElIT: ICb)?>
q(A,8) ,_ •• (0) EIIT: pCb,b)!>
rCa,l).
I· b _;
reA,8) ,_
.. (0) lEIlO: p(b.b)!>
r(b,8) •
(1) lEIla: I(b)? >
I(A) :_
q(A.I) . (2) lEDO: q(b,a)!>

,.. (2)

(1) EIIT:
ElIT: q(I,I)?>
I(a)?>
?- p(I,X>.
I • b _, •• (0) £lIT: p(a,a)?>
I • a _;

,..
•• (0) Jt.EJlO: p(a.a)!>

(1) lEIla, I(a)'!'>

,..
?- laaah(:f\llI). (2) UDO: q(a,a)?>

(3) CALL, dl,a)'!' >

,.,
?- ·P,(p/2). (4) CALL: r(b,a)?>

(5) C.lLL: r(b,I)'!'>

3 Controlling the Implementation: Cut

We have seen that the success of an execution of even a semen tlIC ally correct 'on
PROLOG program depends in many ways on the specifics of the implementatlth~
So far, the only control we have had over the path of execution has been case
ordering of clauses in the program. We know, for example, that :h~ base facts
of a recursion should always Precede the inductive case (why?). SllntlarJ~, ~"n
trol
about a Predicate should generally precede the asserted rules. Such heurts. tICS .......'
however, go only so far. At times we might wish to exercise more ~etailed sly" fer
over implementing the searching of the SLD-tree. Sometimes this IS "mere of
the sake of efficiency. At other times there just seems to be no other way cb
getting a program that will run at all. In this section we consider one su
built-in control facility _ cut.

Syntactically
write: cut, written "!", appears to be simply another literal. Thus we
 3 Controlling the Implementation: Cut 179

It does not, however, have any (declarative) semantics. Instead, it alters the
implementation of the program. When the above clause is called in a search of
the SLD-tree, the subgoals ql. Ib, I, lJ3 , q4 are inserted at the beginning of our
currentgoal clause as usual. We try to satisfy ql end Ib in turn, as before. If we
succeed, we skip over the cut and attempt to satisfy qa and q4 . If we succeed
in satisfying qa and qc all continues as if there were no cut. Should we, however,
fail and so by backtracking be returned to the cut, we act as if p has failed and
~ are returned by "deep backtrocking" to the node of the st.n-tree immediately
above that for p, called the parent goal, and try the next branch to the right out
ofthat node. (H none exists, the current search fails as usuel.]

!Jamp1e3.1: Consider the following program:

t,-p.r. (1)
t,-.. (2)
p:- Qllq:z,I,qa,q4. (3)
p:- U, tI. (4)
q,. (5)
q,. (6)
•. (7)
u. (8)

For the goal {-,t} we get the SLD-tree in Figure 42.

When we run the search we travel down the leftmost branch, as usual, going
through the cut until we hit the failure point. (Note that! succeeds by definition
t?e first time through; we simply remove it when reeched.) However, when we
hit the failure node at the end of the leftmost path, control Is passed to the
nodelabeled -,s from which we immediately BUCCeed. The point is that, once the
goal clauses after the cut, ""qa, --.q4,"'"11', have failed, we retUI~not to the parent,
(~,"'r), of the clause with the cut but instead go back to ds parent (-.t). We
then try the next branch to the righ~ (through -,s) and proceed with our search.
The Use of cut in this example merely saved us time in the exec: o~ t::
~ by pruning the ste-eee without cutting ~ffany suc~;cult to' w~ite
of cut are, of course, Innocuous (or safe). It 1S, however, . . In
programs so that the uses of cut are always restricted to such safe~tuat~~IY
:::;ar. the cut can be a source ofbotb incompleteness and UI1SO;';su:titutlons:
n, cut prunes a success path, we may lcee some correct ans 'ght WID· d up

:g
lI'orse t. 1...-
ru . ye, It could prune all the success pat..... n
down an Infinite path - demonstrating the
I this case we lUI
~com:~
bothIII much as in the analysis of depth-firfit searclJin:g· I
1 ness of the sea.rch
it might prune
Y ill answer sno"
aUSuccess paths and all infinite paths. In this case PROLOGod an O",·u-·
"he n . . t can intr uce ..... ~
unse I.D fact P U {G} is unsatisfiable. In this way cu hat P U {G} Is satisfiable.
undness into programs, as a "no" answer means t
180 III. PROLOG

~,
~~
~p,~r ~s

-e..
>
(3) ~

~q2,I, -vs,~q",~r
~
<.
(.) "- «77')
<.
o
(5)1 success

~q2,!,~q3,~q4,-,r
(6))

', ~q3,~q",~r
(~<ll failure

failure
FIGURE 42.

Nonetheless, cut can be very useful if extreme care is taken w h en USlI~ . it Some i
en-
implementations of PROLOG have other facilities for controlli~g the unp ef~ut.
tation of searching. One such is called .!nip. It acts as a restricted form 0 ch
For example, when a clause 11:- 01, q:l:, [!q3, q,,!}, qs is encountered, the:en
progresses normally through the snip (q,,), that is, through the c~uses d . f the
the exclamation POints. Should backtracking return you to the right en .0. at
snip, however, it instead skips over the snip to return to /l2:. Although th15l~
times a convenient tool, we see in the exercises that a snip can always be rep an
by a use of cut. In general, we simply warn the reader- be very careful, cut the
have unexpected consequences. At the very least, uses of cut that subvert. fly
declarative selDantics of the Program should be avoided. We do, however, bne e
consider one important use of cut- defining negation-as a lead-in to sam
other topics.

Although "not" comes as a built-in predicate in PROLOG, we can see ,:",hat~t .,

really means by defining it in terms of cut. Its meaning in PROLOG is dlffere a
from the usual logical meaning of negation. "not(P)" means that we h~ve "
demonstration that P fails (i.e., is not provable). Thus PROLOG answers ~d
to the goal "not(A)" if and only if it 'WOuldanswer "no" to the goal A. We COU
replace uses of "not" by uses of cut by inserting a definition of not(A):

not(A);_ A,!, fail.

not(A).
 3 Controlling the Implementation: Cut 181

We see here that if not(A) is called, PROLOG turns to the first clause defining it
and cells A. If A succeeds, we pass over the cut and hit "fail". "fail" is a built-in
predicate that always fails (and so could be replaced with any other clause that
always fails). Thus, if A succeeds, not(A) fails. On the other hand, if A fails, we
try the second clause defining not(A) and it succeeds.
In fact, the tables can often be tumed. Many uses of cut can and should be
replaced by uses of "not" • We say "should" because "not" can have some declar-
ative sense in PROLOG programs (even though not the classical one) while cut is
much more problematic. We explore the theoretical semantic underpinnings of
PROLOG's use of "not" in §6. In order to do that, however, we first make a start
on dealing with equality in §5.

1. In Exercise 2.4 what would be the effect of inserting a cut, !, between the
two literals in the body of clause (2) on your answer to (b)7
Recall the list notation introduced in Example 11.3.15. Consider the fol-
lowing program APPEND for appending one list to another:
(al) a(lI,Y,Y).
(02) a(lX I y],Z,IX I WI) ,- a(Y,Z,W).

2. What is the advantage of modifying this program to APPEND':

(al) a(1 I,Y,Y) ,- I.

(02) a{(X I y],Z,IX I WI) ,- a(Y,Z,W).
Consider the situation when we have two given lists x and y and we wish
to .find out the result of appending one to the front of the other, that is
consider goals oftbe form 7- a((x, 1/, a], {u, e], Z). Consider also ones of the
form 7- a((x,y,zj, V, W).
3. What problems arise in the implementation of APPEND' (in contrast to that
of APPEND) when considering a goal of the form ?-a(X, Y, [x, y, zJ): C?n-
sider what happens when you try to get more than one answer substitution
for the variables.
4. This question is somewhat open-ended and refers to the database men-
tioned in tbe exercises for U.7--8 and 111.11-12. Can you use cut to t~
advantage of the ordering of clauses in the genealogical database to all~-
ate any of the problems that you had earlier on with the family relatl~n
programs such as grandfather, uncle or cousin? Assume tb~t the ~~aus:~~
the datablLSe reflect births in chronological order. You mi~t eonsr er .
..-.. . . . . rosrem (Wlth cut) to revtSe
."wntmg your programs and wntmg a new P c· . his
the database in some way to prevent such results as someone being own
grandfather.
 182 III. PROLOG

4 Termination Conditions for PROLOG Programs

An important problem in the analysis of programs is that of determining when

programs terminate. Of course, the problem in general is undecidable (Thoorem
8.9 and Corollary 8.10), but it may be manageable for specific programs ofprac-
tical interest. In this section we present a method of analysis that can be used
to abstractly characterize termination of programs running with the stand~
selection rule of always choosing the leftmost literal. The approach presented ts
that of Apt and Pedreschl 11991, 5.4J. They adapted the ideas of Bezem [1989,
5.4} for characterizing termination of all t.n-proofs from a given program and
goal to deal with the situation where the selection rule is fixed as the standard
one.

For the rest of this section P is a PROLOG program and G a goal in a languag~
t: All clauses and resolutions are ordered. We let P' and G' be the set of gro~
instances of P and G, respectively. SLo--proofs mean ones using the stand.
selection rule. The basic property of the program P that we wish to cherecteree
is given in the following definition:

Definition 4.1: P is left-terminating for a goal G if all SLD--proofs from P U{G}

starting with G are finite. P is left-terminating if it is left-terminating for every
ground goal G.

Note that if P is left-terminating for G, then the standard implementati?n;

P In PROLOG (using leftmost selection and depth-first search) will terIDlllu1d
on the goal G. Indeed, as all sLo--proofs starting with G are finite, it wo h
t
'eraunate Witith any search rule. Thus if we can prove left-termma, "Ion forte
oaI I
g c euses 0 f mterest,
i .'
we Willbe . teunder
guaranteed that our programs tamune
the etenderd implementation.

The basic strategy in nearly aU proofs of termination of deductions has twO

Parts. First, one carefully defines a well ordering of clauses or proofs. Then one
~ho~ that ~dividUai deductions (or in our case resolutions) produce
In thIS ordermg. Once we have reached Such a situation
deer::
it is clear that all p .
'
terID.lDateas •
each step represents a decrease in a well ordering. The desc~tpncn
of the well ordering we want begins with the basic notion of a level mappmg.
Definition 4.2:

(;) A I I . . (nfiQitil'C
eve mapptng for P IS a function f from the atomic sentences r-:-teral
ground literals) of r.. to N. We denote the value of this function on ~ lieleer
A by [All, called the level of A with respect to f. If the function / IS
from the context, we Omit the subscript.

(li) If M is a structure for I:. and A = A A. secuence of atomic sen-

1,· .. , 'I ---. • e
tences, we let M(A) be the least i :S n such that M jI!. Ai, if there ISon ,
 4 Termination Conditiom for PROLOG Programs 183

and n it3elf otherwise. If G = {.....

Al> ......... An}, we also write M(G) for
M(A\, ...• An).

(iii) Pis aceeptabk with respect to a level mapping / and a model M 0/ P if for
every B:- A in P, i.e.• every ground instance of a clause in P, IBI > IAil
for each i :5 M (A). P is acceptable if it is acceptable with respect to some
level mapping and model.

To grasp the idea behind this definition. consider first a level mapping without
any mention of a model. It is then clear that. if P is acceptable, every ground
resolution of a goal clause G = {.....
Al •... , .....An} with a clause in P gives a resol-
vent of lower level than G. This modified notion of acceptability corresponds to
the condition that all LD-proofs from P starting with G are finite. (See Exercises
1-2.) The restriction to sr.n-proofa will be captured by the restriction to literals
A; for i :5 M(G) by the right choice of the model M. The basic idea is that, if
A.}. then no st.n-refuteuon starting with G can
there is no SLD-refutatlon of {.....
get beyond Ai. Thus there is no need to consider later literals in an analysis of
the SLD--treefrom G. On the other hand, if there is no SLD-refutation of {..... ~},
there is a model M in which Ai is false. Thus the right choice of model will cut
off the level function precisely at the point at which one need not consider any
moreliterals.
To begin our analysis we define. from a given level mapping / and model M of
P, the required well ordering of clauses. We must consider first the ground goal
clauses and then certain nonground ones.
lefInition4.3:

(i) Let P be acceptable with respect to / and M. We extend / to ground goal

clauses G; -= { .....A••r, ... , .....
Aj,n.} by setting IGjl = HAjJ,I..···, JA',i.l}
where we have listed the literals Ai 1•••. ,Aj,.M(G;) in decreaslDg (although
not necessarily strictly decreasing) order of their level. We order these
tuples by the lexicographic ordering. (Formally. to make this literally an
extension of J we identify each n E N with the one element sequence (n).)
Note that the lexicographic ordering on finite sequences is a well ordenng
by Exercise I.1.S(b).
(ti) A goal dause G is bounded (with respect to f and M) if there is a .maximal
element in {lC-I: cr E a}. (Recall that G' is the set of ground instances
of G.) If G is bounded, we denote this maximal element by IG!.. (No.te ~t
with the identification of n and (n) this agrees with the definitiOn 10 {I} if
G is ground.]

The use of the word bounded is justified by the following lamma,

""7if 4.4, G ~ {~A" ... ,~An} " /xn> ....
til~ is a .tequence T .such that ~ :S T
(wUh ~
/01' every G
to / andoM) ./ and <mi.
E G'.
 184 III. PROLOG

Proof: The "only if" direction is immediate. Suppose then that there is a T as described
in the lemma. Let t be a number larger than any element of 'T. If C- E G1, then
there are at most n elements in the sequence IC-I. By the choice of T and t, each
of these elements is less than t. Thus there are only finitely many sequences of
the form IC-I for G- E G'. As every finite set has a maximum in any ordering
we are done. 0

Our next task is to prove that any acceptable program that starts with a bounded
goal must terminate. As the ordering induced on the goal clauses is a well or-
dering, it suffices to show that resolutions with clauses in P decrease the levelof
the goal cleuse. We begin with ground resolutions.

Lemma 4.5: Let P be aa:eptable lUithrespect to a level mapping / and a model M. Jf

G = {-,AI, .•• , -,An} is a ground goal and H = {-,81, ... , -.sm, -,A2 •... , ..,A~}
is an SLD--re.folvent of G with .fome ground clause C = {B, -,Bt, ... , -,8",} In
P', then IH[ < [G[.

Proof: We proceed by cases. First, suppose that M(G) = 1, t.e., M;! AI and so by
definition ICj "" (IAII). As we resolved G and C, B = At and it is false in M by
assumption. As C E P', it must be true in the model M of P. Thus, Bi must be
false in M for some i ~m and so by definition M(H) ~ m. As IB.I < IAII.for
every i :S m by acceptability, [HI < IGI = IAI) by the definition of the ordenng·
Next suppose that M(G) > 1. In this case H and G succeed in M for the first
time at the same literal, i.e., M(H) = M(G) + m _ 1. Thus the sequence IHI
has the same elements aslGI except that tAtl is replaced by the set of elements
IB;I for 1:S t S m. As jB.1 < IA[ for each i it is clear from the definition oftbe
extension of the level mapping to clauses and the ordering on these sequences
that IH) < IGI as required. 0

We now prove OUt lemma for bounded goals.

Lemma 4.6: Let P be acceptable lUith respect to a level mappi.ng / and a mod~
M. liG = {-,AIt ... ,-,An} is a bounded (lUith 1'e.fpect to f and M) goalll_
H == {-,Bt, ... ,-,B"., ....A2, •••• -,An}8 an SLD-resolvent of G with J011le » c
{B, -,B\, ... , -,Bm} in P, then H is bounded and IHI < IGI.

Proof: Consider any ground instance H.., of H. By extending w if necessary, we :

assume that fJ-y also grounds B. H'Y is then a resolvent of GfJ-yand Cfh E P'
50 ~y Lemma 4.5 IH..,1 < lGB--yI. As G is bounded 108'11 < JGI. As H'1 W3S 8D
arbitrary ground instance of H, H is bounded by Lemma 4.4.
If we now ~
.., so that IH-r[ = IBI we see that IHI < JOI as required.

Theorem 4.7' I' P . '-'Ie . .th _I to

• aceep...
J 16 and G u a goal clause that. is bounded (un reJ'r- if
any level mapping.ant! model slwwing 'that. P is acceptable), then every SLO-prt"l:
from P U {G} beginntng lUith G i.s finite.
 4 Termination Conditions for PROLOGPrograms 185

Proot: Consider any sLD-proof from P U {G} starting with G = Go. Each successive
resolution produces a new goal clause Gn. By Lemma 4.6, the sequence IGnl
is strictly decreasing. As the ordering on goal clauses is 8 well ordering, the
sequenceof resolutions must be finite. 0

Corollary 4.8: Every acceptable program is left~tenninating.

Proo!: The corollary follows from the theorem 88 every ground goal is by definition
bounded. 0

Wenow wish to characterize the left-terminating programs by proving the con-

\/USeto Corollary 4.8. We also want to deal with nonground goals by proving
someform of converse to Theorem 4.7. We begin with the ingredients of our level
mapping.

leanition 4.9: If the stu-tree from P U {G} beginning with G is finite, N(G) is the
DUmberof its nodes; otherwise, N(G) is undefined.

~rem 4.10: If P i! left-tenninating, there is a level mapping f and a model M

"'<h tho.

(i) P is f!t:Uptable with ~t to J and M and

(ti) for every goal clause G G if bounded with re.spet:tto f and M if and only
if every SLD---proof fro':'
P U {G} beginning with G is finite.

~f; Wedefine the required level mapping I and model M by setting IAI = N({:-,A})
for each atomic sentence A of £. and requiring that .M ~ A ~ the~ IS an
SLO--refutationof P U {...,A}. Note that, as we are assuming that IS left- 1'.
terminating,l is well defined. Also by the completeness of SLD--resolutlOD,each
atomic sentence A is true in M if'and only if It is a logical consequence of P.
Wenow prove that I and M have the desired properties.

(ilCo' retder any clause C of the form A:- BlI···. Bm lD . pi Letnbethe

• A} begi .
number M(B, B l There is an SLD-proof from P U {""' h ~Dlng
.• ···'m· fini'ofMtere1SaD
wIth {...,A} and & resolution with C. By the de tiODach' ' The SLD-
SLD-refutation of PU {...B.} beginning with ..,B. for e , < ;~o-tree for
he
search tree for each such refutation is clearly a subtree of ttree lor B is
{'A}. AA each eucb search for ,. < n su~. .1_ r the SUr .....n
refutations of all of the
attached to the end of each successful search to.
~Bi for i < n. Thus the see-vee for. ~-.A}
r {....B;} for every i::; n. The definitlOD of
cofn=t:~
ies of the SLD-tree
us that IAI .> IB,I

for each i :$ n as required.

 186 III. PROLOG

[Ii] Let G be a bounded goal clause. Suppose, for the sake of a contradic~,
that there is a nonterminating SLD-proof (Go, Co), (Gl,Cd, ... starting
with G = Go. For any n, we can (starting with (Gn, e..))find a substitution
othat grounds all theclaWleS of (Go, Co), (CI• C1) •••• , (o...e ..). Thisgive;
an SLD-proof beginning with the ground instance GO of G of length n. As
n was arbitrary, this contradicts the assumption that G is bounded.

Finally, suppose that every SLD-proof beginning with G terminates. Notice that
the sun-tree from My goal clause is finitely branching: Each immediate su~
of a fixed node corresponds to a clause in the finite program P. Thus, by Komgs
lemma (Theorem 1.1.4) the SLD-tree for G is finite. Suppose it has n nod~.
Again, as every SLD-tree has branchings of at most the number of clauses III
P, there can be st.o-teeee from ground instances of G with arbitrarily ~
numbers of nodes only if there are ones of arbitrarily large depth. Thus, if G IS
not bounded, there is an SLD-proof beginning with a ground instance of G of
length n + 1. The lifting lemma for SLD-proofs (Exercise 1.6) then lifts such a
proof to one of l~~ n ~ 1 beginning with G. &. this proo.f ~ust be a patb o~
the SLD-tree begmmng WIth G we have the desired contradiction.

Corollary 4.11: P iJ If:jt-terminating if and only if it is acceptable.

As an example we show that the program PERM for deciding if one list is 8. ~r.
mutation of another is left-terminating. The language of our program ~o~
of a constant r] for the empty list and the binary list combining functi~ .
of Example 11.3.15. We also use the alternate notations and abbreviations mtro-
duced th~e 8~ch 88 [a] llb,c,d] for [a,b,c,d]. The set of ground terms ~j
language, r.e., Its Herbrand universe H, consists of the closure of the coast !
under the 1i5t combining operation. The program for PERM includes a progralll
APPEND (consisting of (a1) and (82) below) for appending one list to another as
well as two clauses (pI) and (p2) defining PERM from APPEND:
(a1) a(l], Y, Y).
(a2) a(lXIYj,Z,IXIW)) r-. aWZ W).
(PI) P([I, Ii). ' ,
(p2) p(X, /Y, ZJ) ,- .(w, !YIV),X),.(w, V,U),p(U, Z).
Now not all LD-proofs from PERM starting with a ground goal are finite (.Exe::;
3) but we show that PERM is acceptable and so all stu-proofs startiJl.g
ground goals terminate.

Theorem 4.12: PERM it acceptable (and "'0 left-terminating).

Proof We first let 1 1 be
h . rse H.
• x t e length of x for any list x in the Herbrand UDIYe ,.
~hus, ~r example, 11l/lv]1 = Ivl + 1 for all y, v E H. We define a level IIla:a~
w: "'tl~Zh')1 ~ Izl + 1,1+ 1 and la(z",z)1 ~ mJn{lzl,Izll. As oU'lWbe'
thanv . . t e Intended interpretations for p and a on B (Exercise 6). > to
verifying the semantic COrrectness of the program, however, it is e&Sief
 4 Termination Conditions for PROLOGPrograms 187

createan artificial model that embodies just enough to cut off the resolutions
when needed. We define M with universe H by saying that p(x,y) holds for
every x, 31 E H and that 0.(3:,31, e} holds iff Ixl + Iyl = [e]. It is obvious from the
definitions that M is a model of PERM. We prove that, with this choice of level
mapping and model, PERM is acceptable.
We only have to check ground instances of Clauses (&2) and (p2). For (82) just
notethat,for any x, 31 E H, 1311 < Hxlyll by definition. Thus for any x,y, z, wE H,

la(.,x, w)1 ~ min{I.I, Iwll < la([xi.], a, (xlw}) ~ min{llxi.lI, IIxlwll)

as required. Now consider any ground instance of (p2):

p(x, I., x}) ,- a(w, (.Ivl,x), a(w, v, a), p(a, e}.

It is clear that

I»(x, (., xl)l ~ Ixl + 1I.lxll + I> la(w, 1.lvl,x)1 ~ min{lwl, Ixl)·
If Iwl + 1[3111111'" lxi, then we are done by our choice of M and the definition
of acceptability. Suppose then that Iwl + 111I1vll = Ixl and so Iwl :::; Ixl· Thus
Ip(x, (.,x})1 = Ixl + 1I.lxll + I > iwl ~ la(w, v, 0)1. Once again we are done anIess
Iwl+ial = lal .. well.ln this , ... , 101< [e] and ec i»(x, [.,,})I ~ Ixl+II.lxll+1 >
luI + l[ylzll + 1 = ]p(u,z)1 as required to complete the proof of acceptability. 0
As acceptability implies left-termination, we have shown that PERM running with
the standard implementation of PROLOG will terminate on any ground clause.
As the logical consequences of PERM are the intended ones by Exercise 5, PERM
will terminate with a correct answer on any ground goal. Thus we have a proven
method for checking if one list is a permutation of another. More interestingly,
we can use the characterization of termination In terms of boundedness to prove
that it can do much more. For example, by starting with a goal of the form
'! = {""p(x, X)} we would hope to be able to find all the permutations of a given
list x. To see this, it suffices to prove that G is bounded. We prove much more.

Theorem. 4.13: For all ternu t, tI, ... tn of r., l!!tIl!!ryyoal G {-.p([tl
I tnl,t)} is
l •• ·'

bounded (with respect to the ~vd mopping and model oj the proof oj Theorem
'.12).
Proof: For any ground instance 0'1 of G, 10'11 = n + m + 1 where m = It"}'l· As the
length of t")' is constant for any ground substitution rt, G is bounded. 0

Many other types of goal clauses can be proven bounded for PERM. See, for
example, Exercise 7.
188 III. PROLOG

Exercises

Deftnition :

(i) P is terminating for a goal 0 if all t.n-procfs from P U {O} starting with
G are finite. P is terminating jf it is terminating for every ground goal G.
(ii) P is recummt with respect to a level mapping f if, for every da~
A:- Ab.·.,An. in P, IAI > IAil for each 1:5 i:5 n. Pis recumntif
it is recurrent with respect to some level mapping.

1. Prove that if P is recurrent it is terminating.

2. Prove that if P is terminating it is recurrent.

3. Prove that PERM is not terminating.

4. Prove that APPEND is recurrent.

5. Prove that the logical consequences of PERM of the form p(x,y) for :t,Y E B
are the intended ones.

6. Prove that one could use the intended interpretation of p and a on B as

the model in the proof of Theorem 4.12.

7. Suppose G 0::: { ..... A1, .•• , .....A,.,}. Prove that, if each A. is bounded (with
respect to some level mapping and model), then so is G.

5 Equality

Until. now, we ha,:: ignored the whole question of mathematical equ~ity. (~~
that in PROLOG, t1 = ta" is used to mean that t1 and t~can be umfied.)
t'
une l._~ • • tedeed 8
uc.:l come to at least face the problem of "true" equality for It IS 1

prob~m for ~RO~. Syntactically, we introduce a special (reserved)

pre<hcate wrutee mfix 85 J: = y. (The use of = for equality is too wldesp
~P:::
to give it up in our exposition simply because PROLOG syntax took it for so::
other use. In all contexts other than PROLOG programs we use "=" for .
equality relation.) We must now expand our deduction methods and se1IlantlCS
for predicate calculus to deal with this new special predicate.

The basic Propenies of equality (in a language C) are captured by the follo~
Definition 5.1: The equality axiom$ for c.
 5 Equality 189

(1) x ~ x.
(2) Xl = Yl A ... 1\ Xn == !In ...... f(%1>'" .Xn) ::=:f(Yl •. ··• Yn) for each n-ary
function symbol f of I:.. •
(3) Xl =YlA ... AXn::=:!ln ......(P(Xl •... 'Xn) ......P(Yl, ... ,Yn» for each n-ary
predicate symbol P of 1:, (including the binary one "=").

Reflexivity of "=" is guaranteed by (1). The other usual properties of equality

(symmetry and transitivity) follow from (3) by taking P to be = (Exercise 4).

We can now think of these axioms as being added to any set of sentences we
are dealing with under any proof system. Thus. by a tableau refutation proof of
a sentence S with "=" in its language. we mean one from the set of sentences
S. where S· is S plus the universal closures of (1)-(3) for all the function and
predicate symbols of S. Similarly. a resolution refutation of S is one from S·.
Unfortunately, simply adding in these clauses makes for a very inefficient proce-
dure. We return to this point shortly when we consider more specialized methods
such as paramodule.tion.
The next step is to decide on the intended semantics for equality. Here there
are two choices. We can treat equality as we did all other predicates and simply
require that the interpretation of "=" be a two-place relation that satisfies all the
~uality axioms. From the proof-theoretic. and so the PRoLOG point of view, this
18 the only approach on which we have any real handle, and within the confines of
a fixed language, it is all we can say about equality. On the other hand. from an
abstract mathematical point of view we would like to require that "=" always
be interpreted as true equality. •

We can. in fact. require this of our interpretations and still prove all the basic
theorems of 11.7 as before: soundness. completeness. compactness. etc. The only
problem arises in the proof of the completeness theorem. In the proof of Theorem
I~.7.3. our construction via the CST gives us a structure in which the interpreta-
tion of "=" satisfies all the above axioms but this does not guarantee that it is
true equality. The solution is to divide out by the equivalence relation induced
by "=" . To be precise, let A be the structure determined by a noncontradictory
path on the CST for a given set of sentence S. The elements of A. we recall.
are the ground terms t of a language £; . We define a relation E on them by:
t1 :: t ¢> A 1= tl ::=:t2. Using the equality axioms. it is easy to see that E is an
2
equivalence relation [i.e., t E t for every t; if h E ta, then h E tl and if tl E t2
and t2 =: ea, then tl := t3)' We then define a structure B for 1:, on the equivalence
classes of :=. That is the elements of 8 are the sets of the form [t 11 = {e] t E t I}
for each h E A. The functions and relations are defined on B by choosing rep-
resentatives and referring to .A : 8 1= p([th [tnD # A F P(h,· .. ,4.) (for P
I' •••

other than u=") and f8([th •... , (tnJ) == If.A(tb'·· .tn)}· Of course "=" is ~ter·
preted as true equality in B. At this point, one must check: that these delinitlOllS
 190 Ill. PROLOG

are independent of the choice of representatives (that is, the elements ti chooen
from the sets {til). The final step is to show by induction, as we did for A, thai
B agrees with every signed statement on the path used to construct A. Thus B
is the required model for 5 in which "=" is interpreted as true equality.

Theorem 5.2 (Completeness): IJ S if any set oj sentences tIult inclwks the ~

atioms for the language of 5, then either there is a tableau proof of 0 from S M
there is a model Jar 5 in which = iJ interpreted as tnle equality.
As our main concern now is with the proof-theoretic, i.e., resolution method,
point of view we leave the details of this construction and the proof of the
appropriate compactness theorem for such interpretations as exercises. From
now on we use "=" simply as a reserved predicate symbol.

Definition 5.3: An equality structure ior a language £ with "=" is any structure
for C that satisfies the equality axioms. Similarly, an equality model of a $et 1)/
sentencu S of £ is an equality structure for £ in which all sentences of S are
true. An equality resolution (or tableau) proof from S is then one from SpillS
the equality axioms.

The soundness, completeness and compactness theorems for resolution (or teb-
leaux) are then by definition true for equality interpretations and proofs. In terDlS
of actually carrying out equality resolutions with any sort of efficiency, however,
we are considerably worse off than in the original case. There are simply too
many new rules. At this point we give one revised resolution rule to handle
equ&lity that goes a long way towards alleviating the problem.
!he inference scheme (paramodulation) we want will take the place of the equal-
Ity ~ioms ~2) and (3). That is, we want a rule (like resolution) which, whe~
combined With resolution, will be complete for equality interpretations: If {~
e} E S and S has no equality model, then 0 is derivable from S using resolut~
and paramodulation. (The point here is that S may mention "=:" but cont8Ul
no eqUali~ axio~ other than x = x.) The basic idea is that if we have a e'::,

fr:
1
0 COntaining a hteral L(t, ... ) in which a term t occurs and a clause C2 (
no V&l'iablesin common with Cd containing t = s, then we can conclud~
1 2
and O not only C) U C2 but also the modification of GI U C2 in whIch .
0 ep1ace
Lr t by s in L(t, ... ). Of course we need not replace t by s everywhe~ L"
. Thus we want to co id ._--. r'bysln .
. ' llSJ er replaCement of a single occurrence 0 he
(O~v)IO~IY, multiple replacements can then be generated by repeated uses of t of
t'"b' ysmL.. e use L[t/sJ to represent the result of replacing some one occurrence

Example 5.4. "om C - { P( ) Q(b)} I de (~p(bl,

Q(b) R(b)} N ) - -. Q, and C2 = {a = b,R(b)} cone u . it
has ~-~ ..~._.. ote that we also drop a = b from the result. As in resolution,
UQlO ....."... and absorbed.

Of course as in resolut' cad by uni-

fications. JOn, we must consider the possibilities introdu
 5 Equality 191

Example5.5: From Ct =< {-.P(x),Q(x)} and C2 = {b = b,R(b)} we can conclude

(...,P(b),Q(b), R(b)}. This is simply instantiation via unification.

More generally we should consider the following:

Enmpl.5.6, From C, ~ (~P(f(g(x))),Q(x)} and C, ~ (g(h(e)) ~ a,R(e)} we can

conclude (-,P(f(a)), Q(h(c», R(c)}. Here g(x) is the tenn t being considered.
We unified it with g(h(c» by the substitution (x/h(e)}. After applying this
substitution to C. to get (--.P(Jgh(c»,Q(h(c)}} we replaced the occurrence-of
gh(c) by a as allowed by gh(c) = a of C2 and combined to get our result.

As with resolution, we may also collapse literals via unification before applying
the substitution. Here it is necessary to separate these operations.

Ileflni.tion5.1: Suppose we can rename the variables of C1 and C:l so that they have
no variables in common and Ct is of the form {L(h), ... , L(tn)} ue{ and C2 is
of the form {rt = 8), ...• rm = 8m}UC~.IfO'"t is an mgu for {L(tt), ... ,L(tn)},
/12one for {rl = 81>"" rm = 8m} and o one for {ttO'J, rt0'2}, then any clause of
the form
{L O'tO'[tIO'"lO'" / 8l0'20'"]}U Cf (/10' U C20'"20'"
is a parnmodtdant of Cl and C2•

Together with resolution. this rule is complete for equality interpretations. In

fact, as with resolution, a linear version is also complete.
Theorem 5.8: If {x = x} E S, C E Sand S - {C} ha.s an equality, inte~tatw.n
but s daes not, then there if a linear proof of 0 Jrom S starting 'WIth C 1IW
~olulion and parnmodulation. (As you would expect, such a linear pro;:>f.is a
sell,uence(Co. Bo), ... , (Cn,Bn) in which Co C. Cn+l =
0, each Bi ~ m S =
or 15a C; for i < i and each CHI follows from Ci and Bi via one resolution or
P&rantodulation step.)

The proof is very much like that for resolution alone and we omit it. The general
P~lem of dealing with just equality is quite complicated. It. is a we~-develo~
subject on its own that of rewrite rules. The problems of mtegrating equa.h~
~th PROLOGor more general theorem provers is an as yet underdeveloped toprc
of current research that lies beyond the scope of this book.

I P ali . is sound for the class

. rove that the tableau method with equ ty &X10IDS •
of lnterpretations in which := is interpreted as true equality.
, G' th for tableau proofs (from
. the
rve a complete
. . p.roof of the compJet;eneSS
I=ty'eorem
terpretatioD (Theorem 5.2 ) .
equality axioms] with the true eQUl'U In
192 III. PROLOG

3. Prove the compactness theorem (a set of sentences is satisfiable iff every

finite subset is) for the true equality interpretation.

4. Prove that the symmetry and transitivity of ~="follow from (1)-(3) of

Definition 5.1. (Hint: For the first let Xl = X, X2 = X, Yl = y and !h "" %
in (3). For the second let XI = X, X2 = y, YI = x and %2 = e.}

6 Negation as Failure

PROLOG,as we have described it so far, has no way to derive negative informatio?

(The Herbrand structure for a PROLOGprogram P in which every ground atomic
formula is true is obviousJy a model of P.) Nonetheless, it is often the ~ase .that
we want to conclude that certain facts do not hold. In PROLOG dertveuoes.
negation is implemented in terms of failure, i.e., the goal .....A. often writ~
"not(A)", succeeds if and only if PROLOG would return uno" to the g?a1 ..
There are a number of ways of understanding negation which are used to Justify
this implementation. The two earliest are the closed world assumptwn (CWA) and
the oompleted database (ens) view. The first falls outside the scope of predicate
logic so we explain it fairly brie8y; we give a more detailed treatment of th~
second, These two approaches also apply to a more general implementation?
negation as failure which allows arbitrary clauses in the program as well as In
the goal,
I
In the next section we describe a more recent approach to negation, that of s~a.ble
models. The characterization of such models also goes beyond predicate logic- It
is closely related to nonmonotonic logic which we also describe in §7.

The CWA arises naturally in the context of databases. If we are given a data~
of grades for students in the math department, we may have reason to bebeYe
that it is a correct and complete list. Thus if the fact that Jones got an A
· M a th ...,."
In
'00 d "
oes not appear. we may reasonably . 1~'
assume that It IS ':"l~", The

extension of this principle to a setting such as PROLOG with rules as well as data
leads to the CWA for a program P: If a ground atomic formula (positive literal)
A is not a logical consequence of P, then we may infer .....
A.

The .lirst thing to note here is that the CWA deals with the abstract notion of log-
'a\. ~
IC consequence or, eqUJvalently, provability in some complete proof systems
predicate logic. By the undecidability of provability in predicate logic (Coronae:
8.10), however, we Cannot hope to implement such a rule even in theory· Th
closest we can expect to COmeis to conclude ..... A when we have a proof that A
· t I '--'
IS no a cgrcar consequence of P. For a PROLOG-like system such a prOO rrug
f 101M
reasonably cons~ of a finite si-n-tree starting with the goal .....A in which even:
branch
· ends a failure. In this case we know that there is no sLD-refutation stefl
·hthe·' _
mg Wit gwen goal. The completeness theorem for sr.n-rerutenons (Thellr
 6 Negation as Failure 193

1.8) then tells us that A Is not a logical consequence of P. Such a tree is called
a finitely failed SLD-tree for P U {A}.
The usual Implementations of PROLOG only check for a finitely failed SLD--tree
via the standard selection rule. For theoretical analyses, however, we are better
olf considering a more general definition which has a clearer semantic content.
To this end, we have to consider refutation search procedures that do not follow
the standard rule or even any selection rule that always chooses the same literal
from a given goal. (See Exercise 2.)
We begin with a generalized notion of a selection rule that makes its choice of
literal at any step based on the entire history of the proof up to that point rather
than on just the current goal clause.

lellnition 6.1:

(i) A generalized selection rule R is a function that, given any r.n-proof

(Go, Co), ... , (G", C,,), chooses a literal from G".
(ti) An LD--proof {Go, Co), ... , (Gn, C,,) is a proof via a generalized selection
rule R if the literal resolved on at each step i,0 :$ i < n is the one chosen
by R from the proof {Go, Co}, ... , (G.. Cj) up to that point.

We now give the formal definition of the sun-tree associated with a given goal,
program and generalized selection rule.
),llnit'Ion 6.2: Let P be PROLOG program, G a gcel clause and R a generalized
selection rule. The associated sr.o-eee (from P starting with G via R) is a
finitely branching tree T labeled with goal clauses such that each path of T is
associated with an SLD proof via R. We define T by induction. The root node
of T is labeled with G. If any node a of T is labeled with a goal clause G'
and the generalized selection rule R chooses the literal ...,A from G' given the
proof associated with the path through T leading to G', then the Immediate
successors of o correspond to the clauses Ci of P which can be resolved with G'
on ..,A. These nodes are labeled with the results of resolving G' on ....A with the
corresponding clause Ci of P. (The proof associated with the path to a successor
of G' is the one associated with the path to G' followed by the appropriate
resolutjcn.]
Note that, in general the stu-tree associated with some P, G and R may be in-
finite. Some paths m;y succeed, t.e., end with 0 (success) and so be (necessarily)
finite refutations of G from P. Others may be failed, Le., there is no clause of
P with which the final goal can be resolved on the selected literal. Other paths,
however, may never terminate.
We can now approximate the set of literals A that are not logical co~uences
of a program P by considering those for which the search for a refutation of A
fails in a finite and hence observable way.
 194 III. PROLOG

Definition 6.3:

(i) The sun-tree associated with P, G and R is finitely failed if it is finite and
every path ends because of a failure to find a clause of P with which the
selected literal can be resolved. (In particular no path ends with success,
i.e., D.)

(ii) The SLD finite failure set of a PROLOG program P is the set of ground
atoms A such that there is a generalized selection rule R such tha.t the
SLD-tree associated with P, {..,A} and R is finitely failed.

Re<:aJ1 the contrast between breadth-first and depth-first searches of sto-uee

in terms of completeness. In this setting, there are generalized selection rules R
which guarantee that if A is in the finite failure set of P then the suo-tree via
R is finitely failed and there are others which do not have this property.

Definition 6.4: An si.o-prcot (via R) is fair if it is either finite (and so either failed
or a successful refutation) or, for every occurrence of a literal Q in the proof (say
in Gi), either R selects Q at step i or there is a stage j > i at which Q8i ... 8j_1
is selected by R, where 8" is the mgu used at step k of the proof. A generalized
selection rule R is fair if every SLD-proof via R is fair.

It is not hard to design a fair generalized. selection rule R. However, no ordinary

selection rule can be fair. (See Exercises 1-2.) The following result says that we
can restrict our attention to any fair generalized selection rule.

Theore~ 6.5: For a progrom P and ground atomic formula A, A is in the SLD-fi~itf
failun: set of P iff the SLD-tree for A via R is failed for every fair gene~ed
selution rule R. Thus, there is a finitely failed SLD-tree for A wing any seledWfl
role if and only if the SLD-tree fOT A is finitely failed for any fair generatizd
"elution rule.

Proof: The "if" direction is immediate from the definition of the finite failure ~.
Suppose, therefore, that A is in the finite failure set of P and R is allY fll1f
g~eralized selection rule. We wish to prove that the suo-tree via R starling
With {.,A} is finitely failed. We prove a stronger lemma by induction. 0

Lemma 6.6: Let P be a PROLOG program and R a fair generalized seledion nJe·
II'!.agooJ.clause .G = {..,At, ... , ...,Am} haJ a finitely failed SLO-trU of depth ~
": any ~enertW:ed selection role) and (Go, Co), ... , (On, Cn) is an SLD~
fro P tIIa R with Gn = G, then every path on the SLD-tree via R that h
(Go, Co), ... , (Gn, Cn) a.s an initial "egrnent is finitely failed.

Proof: We P~oceed b! induction on k. Suppose k = 1 and A. is the literal sel~~

from G In the grven failed SLD--tree S of depth 1. By the definition of a. WW'
Sl.D--tree, no clause in P has a head that will unify with A •. NoW"consider 8ll~
path Q on the Sl.D-tree T via R start;..
-~ WI
ieb (G 0, C.)0 •... , (G n, C).
n '" R
 6 Negation as Failure 19S

fair there is a node on Q at which R chooses A.9 for some substitution 9. By our
assumption about A., no clause of P has a head that can be unified with A.9.
Thus the path Q terminates with a failure at this point. As Q was an arbitrary
path on T with the specified initial segment, T is finitely failed below this point.
For the induction step, let A. be the literal chosen at the first level of the given
finitely failed sun-tree S of depth k + 1. The first level of S then consists of all
the resolvents of all re;olutions on A. with clauses in P, Each node at this level
then has the form

where 9 is the mgu associated with the appropriate resolution and clause C of
P. Note that H has a finitely £ailed stn-eree of depth k.
Now let Q be any path on the sto-eree T via H starting with (Go, Co},·'"
{Gn.,C } with Gn. = G. Again, by the fairness of H, there is some level, say
m -1, n of Q at which we first select a literal of the form A.t/J coming from A. in
G. Let (Go, Co}, ... , (Gm,Cm) be the path up to the point at which we have
performed the resolution on A.t/J. The last resolution on this path was with some
C E P whose head unified with A.t/J and so with A •. The proof of the switching
lemma (Lemma 1.11) shows that Gm is a renaming of the clause H on the
first level of S that corresponds to Cm-I' As starting a finitely failed sco-eee
is obviously invariant under renamings, Om starts a finitely failed sr.n-cree mof
depth k and we can apply the induction hypothesis to (Go, Co},··" (G" .. C )
to conclude that Q is finitely £ailed. 0
In. view of Theorem 6.5, we may assume that we have specified any fair gener-
alized selection rule R to define our SLo-trees. It is now reasonably clear how
a PROLOG-type system equipped with an implementation of a. fair R should
a~taek a question 6Sking for negative as well 6S positive conclusions. We start
With a clause G oontaining both positive and negative literals. We then carry
out an sto-proot via R except that when we select a positive literal A we try
to COnstruct a finitely failed SLD-tree via R starting with A. If we succeed, we
eliminate the literal A and continue. If we fail, the attempt a.t refutation of G
f~ls as well. We formali2e this procedure as SLDNF-re£utations (SLo-refutations
With negation 6S failure).

Deftnition 6.7:

(i) A general goal clau.!e G is simply an arbitrary clause.

(ii) Let P be a pROLOG program. An SLDNF-proo!tlia Rfrom P beginning ~th
G is a sequence (G••C. ) of general goal clauses Gi and clauses c, E p. With
Go = G and Gn+1 = 0 which is generated as follows: If R(Gi)' th~ literal
chosen by R, is negative, then GHI is a resolvent of 0; and C. V18 mgu
6. on literal R(G.). If R(Gi) is positive, it must be a ground literal A. In
196 111. PROLOG

this ease, there must be a finitely failed sun-tree (via R) starting with the
goal ...,A. We then have G'+i equal to G. with A deleted, C. plays no role
and (}i is the identity.

As usual, the composition sequence of mgu's 80 ... 8i = 8 for such a proof is

called its answer substitution.
The definition of the SLONF-tree from P starting with G via R is the same as
that of the corresponding SLD-tree (Definition 6.2), modulo the modification in
(ii). A path on the tree is just an attempt to construct such an SLDNF-refutation.
The path .wcceeds if the attempt eventually produces O. SUPP06f! at some point
on such a path we encounter an sun-tree T starting with some ...,R(Gi) where
R(G,:) is a positive ground literal. 1fT has 0 on one of its paths, T is not finitely
failed. In this case, we say that this attempt at finding an SLDNF-refutation fails.
(Of course, even if the SLDNF-tree is not finitely failed, we may never discover
this fact and the proof procedure may simply fall into an infinite seerch.) If
R(G;) is positive but not ground, we say that the proof flounders at this point.
Warning: We allow the SLDNF-refutation to proceed when R chooses a positive
literal only if it is ground. Such a choice is called safe. This restriction is essential
as we are interpreting the success of -e as the failure of q. If q has a free variable
X, this is clearly unfounded. A question IJ.?_ -.q(X)." asks for a c such that ...,q(~)
holds while IJ.?_ q(X)." asks for a d such that q(d) holds. Clearly neither one IS
the negation or failure of the other. Unfortunately, most PROLOG systems do not
bother to check that a positive literal is ground before applying the negation as
failure procedure. This can lead to unexpected (and indeed false) results.

Before describing the relationship between negation as failure and the CWA, we
introduce a more general. approach in terms of "compkted databases" (CO.B).
The idea here is that, when one specifies the conditions under which sometbmg
occurs, one specifies them all. In terms of a particular program P, suppose we
consider one n-ary predicate r and all the clauses of P with r in their heads:

r(tt,I, ... ,ti, ..):- qi,l> ... ,ql, .. ,'

r(tk,l!'" ,t.l:,.. ) :- qi:,l>"" q.l:,n.'

list as a complete description of when r(Xh ... ,Xn) holds (for

If we vi~w this
new vanables Xi), then we can express this view by the sentence

r(Xil ... ,Xn) .....ql V ... Vq/e.

where Yl, ... , YPi are the variables in q. • q. X X are new variables
and . 3Y 0, , ••• , .n" i,···, ...... ( )
qilS r, ... ,Yp;(Xt=l.otA ... AX ""'t· 'Aq. A Aq' ). The 1J.jf" ......
direction in. these equivalen~ is simpl; t~·':.sse~~o~· ~f given tb:' prograJD'
The "only if" (..... ) direction say, that we have completely specified r by the
 6 Negation as Failure 197

program clauses. Comp(P). tM completion 01 P, includes such an axiom for

each predicate r appearing in P. If r does not occur in the head of any clause
r(X) in Comp(P). In the absence of equality,
of P, we include the axiom VX .....
Comp(P) consists of these axioms and no others.

To deal with equality, we include in Comp(P) the basic equality axioms (1)-(3)
of§5 for the language of P. In addition, the database point of view dictates that
distinct terms (names) represent distinct objects. We incorporate this point of
view (to the extent possible in first order logic) by including the following axioms
in Comp(P) as well:

(4) I(X1o ... , x,,) 1:- 9(Y1o ... , y",,) for each distinct pair of function symbols 1
and 9 of arities n • m ~ O. respectively.
(5) t(x) f x for each term t(x) (other than x itself) in which x occurs.

(6) l(xlt ... ,x,,) = I(Yl •... , y,,) -t Xl = til 1\ ••• 1\ x" = 11" for each n-ary
function symbol I-
This completes the construction of Comp(P) from P. Every clause in P is clearly
a consequence of Comp(P) and so Comp(P) 1= P. Moreover, if P is a PROLOG
~rogram, Comp(P) is consistent. (Again, the Herbrend structure in which "="
15 interpreted as true equality and every other ground atomic formula is true is
a model.) We can now use Comp(P) to prove soundness and completeness the-
orems "justifying" the negation as failure rule. We begin with a lemma relating
unification and the equality axioms (1)-{6).

Lemma 6.8: Le t S = {81 = tl' ...• S" = t..}.

(i) 11 S is unifiable and 8 = {Xl/rlt ... ,xm/rm} is the mgu given by n
the
unification algorithm (ll.12.3). then (1)-(6) 1= (81 =
t) 1\ .•• 1\ 8
n
t ) -t =
(Xl =rll\ .. · I\xm = rm)·
(ii) If S is not unifiable, then (1)-(6) 1= (81 = t) /I. ••• A 8n = t,,) -t A A .....A for
any sentence A.

Proof: Consider the unification algorithm as applied to S. It produces a sequence

of substitutions 80,810 ... ,8 ... Let {Xl/rlo,I,'·· .Xm!n;,m} be the ~mposit~on
8 •.• 810.One proves by induction on k that, for each k up to the potce at which
0
the algorithm terminates. (1)-(6) F (Sl = tl".··" lIJ" = tn)60· .. 810-to (Xl ::=
Tk,l " •.. 1\ X := rlo,m)' U it terminates with a unifier, we have proved (1). If It
m
terminates with the announcement that S is not unifiable, it is easy to see that
(1)-(6) prove that no tnsteece of (Sl "'" h 1\ ••• 1\ s.. = tn)80··· 8. ~an b~ true,
as is required for (ii). We leave the details of the induction and verificatlors as
Exercise 3. 0
198 III. PROLOG

Theorem 6.9 (Soundness of sLoNF-refutation): Let P be a PROLOG program.

(i) If the SLONF-tl'Y!evia Rfrom P beginning with a general goal G afthe/orm

{LI, ... , Lm} is finitely failed, then Camp(P) ~ L, V ... V Lm.

(ii) If there is a success path, s.e., an SLDNF-refutation of G /rom P, on the

tree with answer .tubstitution 8, then Camp(P) F (""£1 A ... A -.Lm)8.

Proof: (i) We proceed by induction on the depth of the finitely failed SLONF-tree
starting with G. We begin with the case that the tree is finitely failed at its first
level.

If R(G) is a negative literal L = -.r(sl"",Sn), then there is no c1auseCEP

with whose head we can unify r(si,"" sn). If there is no clause in P with r
in its head, then Comp(P) includes the axiom \IX ...,r(X) and so Comp(P) F
-.r(st, ... , sn). Otherwise, with the notation as in the definition of Comp(P), we
see that Camp(P) ~ r(sl, ... , 5n) v{3Yt ... 3Yp, (51 = t':,t 1\ ... A Sn = ti,n /I
qi,l A ... A q;,n, )Ii :5 k}. As r(.t" , sn) does not unify with any r(t,:,,,, .. ,t;,~),
by assumption, the falsity of each of the disjuncts follows from the equality
axioms by Lemma 6.8(ii). Thus Comp(P) ~ -.r(sl, ... , sn) and so Camp(P) 1= C
as required.

If R( G) is a positive literal L. it must be ground (or the proof would fto~nd~

rather than fail) and the SLD--tree starting with -.L must have a path endmg III
D. Thus, by the soundness OfSLD-refutations (Theorem 1.9), P F L as requi~.
(Note that as L is ground, the answer substitution given by the sLD--refutation
is irrelevant.)

Now consider the inductive step. Suppose that G has a finitely failed SLDNF-t~ee
of depth k + 1. If R(G) is a positive ground literal L, then the sr.o-eree starting
with -.L is finitely failed and Gt is G _ {L}. It has a finitely failed SLONF-tree of
depth k and so by induction, Comp(P) F Gt• AB G contains G), Comp(P) F G
as well.

Finally, s~ppoae R(G) is a negative literal L = -,r( St. ... ,sn). (Again we adopt
the notation of the definition of Comp(P).) Each immediate successor Hi ~fG
on level 1 of th~ given failed SLONF-tree is the result of applying the approp~3te
mgu 8,: to G with L replaced. by -eo. ... ,-.q':,n; (for i ~k). Each has 3.failed
SLDNF-tree of depth 5: k and so, by induction, Comp(P) F Hi for each 1 -= ~.
It thus suffices to prove that Comp(P) F AH,: -4 vxc. To see this, it suffices m
turn to prove that

Comp(P) ~ /\{(-.q,:,l V ... V -.q'':,n.)8ili ~ k} __ -,r(sl, .. ' ,Sn)'

Now by the definition of Comp(P). -.r(sl, ... , sn) can fail to hold only if 3YI' S·
3~p,
(.tl = ti,1A ... /\ sn = t,:,n A qi,t/\ . " 1\ q':,n;) for some i ~k. By LeU:i11136.,
this can happen only if there is a Y that unifies Sj and t.,; for each j ~n as well
 6 Negation as Failure 199

as witness q;,1A ... A qi,n;' As 9; is the mgu for this unification, the assumption
that (~i,1 V ... V --.qi,nJ9; implies that there are no such Y as required. 0

(ii) We proceed by induction on the length of the sLDNF~refutation. Suppose

first that the refutation has length 1 and so G contains only one literal L. If L is
positive, it is ground and there is a finitely failed suo-tree starting with ....L. By
(i), Comp(P) F -.L as required. If L is negative, say ...,r(s), ... , sn), then there
is a clause of the form r(tl,"" tn) in P that can be unified with L by some 9.
Thus -.L9 is a consequence of P and hence of Comp(P) as required.
~ext, consider an sLDNF-refutation of G of length k + 1. If R( G) is a positive
literal L;, then L, is ground, 90 is the identity and Gl which is of the form
{LI, ... , L;_1> Li+1,"" L ... } has an sLDNF-refutation of length k with mgu's
6, ••• 91e• As in the base case, Comp(P) F ....L;; by the induction hypothesis
Comp(P) F (-.L1 A 1\ ....L;_1 A ...,LHI A ••. A -.L ...)91"· 91e. Thus we see that
Comp(P) 1=(..... Ll A A -.L,")9091 .. , 91e as required.
Finally, suppose R(G) is a negative literal L. == -.r(s" ... ,Sn)' and G1 ==
{Ll, ... , L;_l, -.qj,I, ' -.qj,n. ,L;+I,'" ,L }80· By induction, Comp(P)1= {-.Ll
A.. ." A -.L;_1 Aqj,l A Aqj,n. A -.L;+l A A .....Lm}90··· 91<+1' Now by the defi-
runon of Comp(P), the fact that 90 unifies r(si>"" Sn) and r(tj,I,"" tj,n) and
Lemma 6.8(i), Comp(P) F (qj,1 A .. , A qj,nj)90 _ r(sl>'" ,sn)80· Thus we see
that Comp(P) F ....L.80 ••• 81e as required to complete the induction step. 0

Theorem 6.10 (Completeness of SLDNF-refutation): If P is a PROLOG program,

G = {-.A , ••• , -.AIe} an onlinar'll goal clause, R a fair generalized selection rule
1
AIe, then there is a finitely failed stn-eee from P
and Comp(P) 1=-.Al V .. , v .....
via R beginning with. G.
Proof: The idea of the proof is much like that for the proof of completeness of
the tableau method (11.7) as modified to handle equality in §5. If the sLD--tree
beginning with G is not finitely failed, then it has a (possibly infinite) path Q. We
use the terms and formulas appearing on Q to define a model M ofComp(P) such
that M t= 3X(A A ... 1\ Ale)' (X lists the free variables of G.) The construction
I
of M then establishes the contrapositive of the desired theorem.
Let GO,Gl, ... and 80,81,'" be the goals and the mgu's appearing in the SLD--
proof associated with Q. As in §5, the elements of M are equivalence classes of
terms of the language and the function symbols operate on them in the obvious
way defined there. The eeuclaJ new idea here is to use the sequence of mgu's to
define the equivalence relation OD the terms. We say that two terms S and t are
equivalent, S :: t, if they are eventually identified by the sequence of ~'s, i:e.,
there is an m such that s80 ••• 8on == tOo ..• 9m. It is easy to see that this relancn
is, in fact, an equivaJence relation (Exercise 4). We denote the equivalence class
of a term t by (tl and let the universe M of our intended model ~ the set of
these equivalence classes. It is now easy to see that the equality 8Xloms (1)-(6)
of Cornp(P) are satisfied in M when:::::: is interpreted as true equality on the
equivalence classes (Exercises 5).
 --------"':']

200 III. PROLOG

As the first step in defining the set of atomic formulas true in M, we declare
r([tl}, ... , (t,,]) true if there are Si E (til such that .....
r(sl •...• Sn) appears as a
literal in one of the goal clauses G.... Note that this immediately makes M I:
3X(A1 A ... A A.) (as the (classes of the) terms in G provide the witnesses).
Our next, and most critical, claim is that the set S of atomic facts declared
true so far satisfies the "only if" direction of the axioms for predicate letters
in Comp(P}. Suppose ....r(,flJ ... , ,f,,) first appears as a literal in the goal cla~
Gm. By the fairness of R. there is au> m at which ....r(sl,.", s")8,,,.,. 8~IS
selected, Note that ....r(sl •... , s")8 ... ,,. (Ju = ..... r(s),., . ,9n)80'" 8" by the usual
convention on the choice of variables and mgu'a. At that step it is replaced by the
literals (....qi,l, ...• "q;, .. ;}8u+1 (= (.....
qi,t. ... , -,qi,n;}(JO ' , ,6,,+d from the body of
the appropriate clause of P. As 8"+1 is an mgu for this resolution, each q..lb+1
is in S. So by Lemma 6.8(i) we have the desired. witnesses for the disjunct qi of
the instance of the axiom of Comp(P) associated with r(fs1]"'" [s"D.
We now have to extend 8 so as to make M a model of the "if" direction of the
axioms, i.e., of P, without losing the "only if" direction. Let P' be the set of
ground substitution instances of clauses of P by elements of M and let S'.~
the set of resolution consequences of 8 UP', Let M be such that 8' is the set
atomic facts true in M. We claim that M is the desired model of Comp(P). As
it is obVi~u.s1ya model of P, we only have to check that the "only if",direc.tiO~
~fthe ,a:ooms for each predicate r have been preserved 85 well, This ~laim
Imme(hate by induction on the length of the resolution deduction puttmg any
r(tl •... , tOll into 8'; It can be deduced only if some appropriate instances of the
qi,t.· .. ,qi,,,; in one of the clauses of P with T in its head have already ~
deduced.

The definition of Comp(P) formalizes the intuition behind the COB approach·
Analogously, CWA{P) is the set of all sentences that should be associated with P
~rding to the CWA (closed world assumption), The basic intuition of the c~
is that, for any positive ground literal L, if P Y L then we should infer .,L. e
can thus view it as adjoining to P the fOllowing clauses:

(0) {...,L} for each ground positive literal L such that Pit L.

While the CWA shares with cos the view that the domain of discourse is correctly
caPt~ b~ the ground terms, the CWA takes it even further. In addition to ~he
eqU~ty 8.XIOms (1)-(6) described above, it asserts that the universe co~
PI"eC1Sely of the ground te:rms. This assertion cannot however, be guaranteed
a formula of Predicate I.....: [Exer -) , . aI nsaquence
... ra ther t han
(") &UJ!>'C
bili e-xercise 6 . If we consider only logiC co '.m""
- Jini-'
I prova ty. we can express this requirement by an ID
cause, DCA, the domain closure lUiom:

(7) x=t,V ... Vx=t .. V .. ,

 6 Negation as Failure 201

where (t;) a list of all the ground terms.

We now write CWA(P) to denote the extension of P by (0)-(7). Note that any
modelfor CWA(P) is an Herbrand model for P. AB the adjunction of (0) gueran-
teestbat the truth of every ground literal is determined by CWA(P), there can be
a.tmost one such model. Indeed for any PROLOG program P, CWA(P) is always
satisfiable and its only model is the minimal Herbrand model for P (Exercise 7).
As this model is also one of Comp(P) (Exercise 8), the soundness results (The--
orem 6.9) proved for negation as failure and Comp(P) hold automatically for
CWA(P) as well. There can, however, be no completeness theorem comparable to
Theorem 6.10 for CWA(P). Indeed, no effective procedure (such as searching for
an sLDNF-refutation) can list all the logical consequences of CWA(P) for every
p (Exercise 8.6).
In addition to sometimes wanting to derive negative information, the PROLOG
programmer might lib to use such expressions in the program as well. This leads
ution
to the notion of general programs and general SLDNy-resol .

loftnir~on 6.11: A geneml program cl411Je is one that contains at least one positive
teral (but perhaps more). A general progmm is a set of general program clauses.

~ any given general program clause {R,Lt. ... ,L,,} we single out one posi-
tive literal, R, as the head and consider all others as the body of the clause.
We then write the clause in PROLOG notation (with ...) as R:- Lt. .. ·, L".
(Unf?rtuna.tely, the interpretation and analysis depend on which positive lit-
~ralIS chosen as the beed.) In the 68JDe vein, we write general goal clauses
In the form {...Ll,"" -.L,,}; however, as before the hope here is to show that
p ~ 3X .•. X",(L A ... A L,,)9 by deriving 0 (via some form of resolution)
1 1
from P U {G} with mgu's 90" .9. = 8 .
~e cannow extend the definition of SLDNF-refutations to general prograll18 by
mtroducfng a recursion at the point at which we search for a finitely failed tree.
~e now look for a finitely failed SLDNF-tree. The extensions of a general program
to CWA(P) and Comp(P) are defined as before. Soundness results such as
those of Theorems 6.8, 6.9 can be proved in this general setting as well. The
~pleteness result of Theorem 6.10 no longer holds. Indeed. the completeness
heorem cannot be extended to general goal clauses even for all pROLOGprograms
(Exercise 9). Weaker forms that deal only with the cases in which every branch
of the SLDNF-tree ends in success or failure do hold. Under these conditions, it is
pceeible to show that the SLDNF-tree gives, in some sense, "all" the answen that
are consequences of CWA(P) or Comp{P). We refer the reader to Shepher~
[1992, 5.4J for a treatment of CWA(P) and to Chapter 3 of Lloyd [1987, 5.4J for
a thorough discussion of the COB approach and Comp(P),

The crucial caveat in the setting of general programs P is that it may t~rn out
that CWA(P) or Comp{P) or both are unsatisfiab1e even though P is satisfiable
202 III. PROLOG

(Exercises 1()"-12).Conditions such as those of recurrence and acceptability c0n-

sidered in §4 can, however, be used to guarantee the consistency of Comp(P)
and to produce a completeness theorem for SLDNF-refutations with respect to
the semlUltics given by Comp(P). (Again we refer the reader to Lloyd [1987,
5.4}.)

Exercises
1. Show that no selection rule that always chooses the same literal from each
goal clause can be fair,
(Hint; Consider the program P with three clauses;

(1) ,,- p,q. (2) p ,- p. (3) q ,- q.).

2. Describe a fair generalized selection rule and prove that it is fair.

(Hint; Always choose the first literal to appear in the proof so far that bas
not yet been chosen.)

3. Complete the proof of Lemma 6.8.

4. Verify that the relation == defined in the proof of Theorem 6.10 is an equfv-
alence relation.

5. Verify that the equality axioms (1)-(6) are satisfied in the set M defined
in the proof of Tbeorem 6.10 when "=" is interpreted as true equality of
equivalence classes.

6. Prove that no set of sentences of predicate logic can imply axiom (7) of
CWA. (Hint: Use the compactness theorem.)

7. Prove that the unique model for CWA(P) for a PROLOG program P is the
minimal Herbrand model for P.

8. Prove tbat the minimal Herbrand model for a PROLOG program P is alSO
a model of Camp(?).

9. Give a counterexample to the generalization of Theorem 6.10 to general

goal clauses. (Hint: Write a short program and choose a general goal such
that every attempted SLDNF-refutation flounders.)

10. Give an example of a general program P such that Camp(P) (and hence
P) is satisfiable but CWA(P) is not.

11. ~ive ~ example of a general program P such that CWA(P) (and hence P)
IS satISfiable but Comp(p) is not.

12. Give an example of a satisfiable general program P such that neither

Camp(P) nor CWA is Ilatisfiable.
 7 Negation and Nonmonotonic Logic 203

7 Negationand Nonmonotonic Logic

The general procedure of implementing negation as failure described in the last
section is both useful and important. Nonetheless, it violates one of the most
~c tenets of mathematical reasoning. In mathematical reasoning (and indeed
In all the systems we consider elsewhere in this book) a conclusion drawn from
a. set of premises can be also be drawn from any larger set of premises. More
information or axioms cannot invalidate deductions already made. This property
of monotonicity of inferences is basic to standard ma.thematical reasoning, yet it
is violated by many real life procedures as well as by the negation as failure rule.
In the absence of evidence to the contrary, we typically take consistency with
the rest of our general belief system to provide grounds for a belief. The classic
example concerns Tweety the bird. At some stage in the development of our
knowledge we observe and learn about various birds. Based on this information
we conclude that birds fly. One day we are told about Tweety the bird and
n~turally assume that he can fly. When we are later introduced to Tweety, we
dISCoverthat he is a pet ostrich and can no more fly than we can. We reject our
previous belief that all birds fiy and revise our conclusions about Tweety. We
now face the world with a new set of beliefs from which we continue to make
?eductions until new evidence once again proves our beliefs false. Such a process
18 ~ical of the growth of knowledge in almost all subjects except mathematics.
Bebefs and conclusions are often based on a lack of evidence to the contrary.
A ~milar approach is embodied in the notion of negation as failure. If we have no
evidence to the contrary (Le., 8. deduction of L), we assume that L is false. This
procedure clearly embodies a nonmonotonic system of ressoning. Minsky [1915,
5.5] .was the first to propose such systems and beginning with McCarthy's study
of cucumecnpuon [1980, 5.51 various researchers have proposed and studied a
large Dumber of nonmonotonic systems which have been suggested by various
prob~ems in computer science and AI. 'Ib list just a few: Hintikka's theory of
multiple believers, Doyle's truth maintenance system, Reiter's default logic and
Moore's eutoepietemlc logic as well as various versions of negation as failure in
extensions of PROLOG by Apt, Clark and others.
We now briefiy present a new a.pproach to an abstract view of nonmonotonic
systems as given in Marek Nerode and Remmel!l990, 5.51· It seems to capture
th ~ common content of many' of the systems mentioned. The literature has dealt
prllDarily with the propositional case and we restrict ourselves to it as well.
For negation in PROWG, this means that we are always looking at the set of
ground instances of a given program in the appropriate Herbrand universe. After
describing the general system we connect it to one interesting way of picking
out a distinguished Herbrand model that captures many aspects of negation in
PROLOG (although it is not precisely the same as the negation as failure rules of
§6): the stable model semantics of Gelfond and Lifschitz {1988, 5.41·
We present the idea of nonmonotonic systems in the form of rules of inference
such as resolution or the one given for classical monotonic logic in I.7. In such
204 III. PROLOG

a setting, a rule of inference is specified by giving a list of hypotheses and a

conclusion that may be drawn from them. The standard rule of modus ponens
(I.7.2) concludes fJ from the hypotheses 0' and 0 ......{3. An appropriate style for
describing this rule is to write the hypotheses in a list above the line and the
conclusion below:
0,0 .....{3

(a_(p_a)) .
The crucial extension of such a system to nonmonotonic logic is to add restraints
to the deduction. In addition to knowing each proposition in the set of hypothe-
ses, it may be necessary to not know (believe, have a proof of, have already
established, etc.] each of some other collection of propositions in order to draw
the conclusion permitted by a given rule. The notation for this situation is to list
the usual kind of premises first and then, separated by a colon, follow them with
the list of restraints. The restraints are the propositions that the rule requires
us not to know (believe, etc.]. Thus we read the rule

,
01"·',O'n:131,···,13m

as saying that if 01," ., On are known (proven, established) and 131,' .. , 13mare
not, then we may conclude that we know (can prove or establish) 'Y'

Definition 7.1 (Nonmonotonic fonnal systems): Let U be a set (of propositional

letters).

(i) A nonmonotonic rule of jnference is a triple (P, G, lp) where P = {Ok .. ,

On} and G = {.81>"".Bm} are finite lists of elements of U and!P E U.
Each such rule is written in the form

r = 0'1> ... ,O'n: P1>···,13",

We can 0'1, •.. , O'n

'"
the premises of the rule r and PI, ... , /3.". its 1tstnrints·
Note that either P or G or both may be empty.

(ii) If P = G = 0, then the rule r is called an axiom.

(iii) A nonmcnoto~~ fonnal system is a pair (U, N) where U is a noneJIlPt}'

set (of PfOpDSltlOnailetter:s) and N is a set of nonmonotonic rules·

(iv) A subset S of U is deductively clo.!ed in the system (U, N) if, for each ~~
r oftv. such that all the premises QI, ••. ,On of T are in S and none of I
restraints 131,... ,13m are in S, the conclusion rp of r is in S.
 7 Negation and Nonmonotonic Logic 205

The essence of the nonmonotonicity of a formal system is that the deductively

closed sets are not in general closed under arbitrary intersections. Thus there is,
in general, no deductive closure of a set I of propositional letters, Le., no least set
S ;2 I which is deductively closed. The intersection of a decreasing sequence of
deductively closed sets is, however, deductively closed (Exercise 1) and so there
is always (at least one) minimal deductively closed subset of U (Exercise 2).
The deductively closed sets containing I can be viewed as the rational points of
view possible in a given system when one assumes all the elements of I to be
true. Each one expresses a set of beliefs that is closed under all the rules. There
may, however, be many such points of view that are mutually contradictory. The
intersection of all deductively closed sets containing I represents the information
common to all such rational points of view. It is often called the set of secured
consequences of I or the skeptieLJl reasoning associated with the system and 1.

_pie 7.2, Let U ~ {a,p,,} and let

Tl=-
a
a:{3
r2=--
p

(I) Let Nt = {TItT2}' There is only one minimal deductively closed set for
(U, Nl) : S = {a,P}. S is then the set of secured consequences of (U, N1)·

(ii) Let N2 = {rl,Ta,r ..}. There are two minimal deductively closed. sets for
(U,N2) : 81 = {a,p} and ~ = {o,1}. S = {a} is then the set ofsc<:ured
COnsequences of (U, N'J). In this case the set of secured consequences is
not deductively closed.

The analog in nonmonotonic logic of a classical deduction from premises I In-

volves a parameter S for the set of propositions we are 885Uming we do not know.
We use this notion of deduction to characterize the extensions of a nonmonotonic
system that are analogous to the set of consequences of a monotonic system.

DeOnit'IOn 7.3: Let (U,N) be a nonmonotonic formal system and let 8,1 ~ U. An
S-deduction oj rp from 1 in (U,N) is a finite sequence rplt···,rpl< such that
'P :: rpl<and, for ell i :5 k, rpi is either in 1, an axiom of ( U, N) or the conclusion
of a rule r E N all of whose premises are included among rpl,···,rp;-I and
all of whose restraints are contained in U - S. In this situation rp is called an
S-comequence oj I and we denote by Cs(1) the set of all s--consequences,:.,f 1.

Note that the role of S in the above definitklDS is to prevent applications of rules
with any restraint in S' it does not contribute any members of U directly to
Cs(I). Indeed, Cs(I) m~y not contaln S and may not be deductively closed.
206 III. PROLOG

Example 1.4: With the notation as in Example 7.2, define a system ( U, N) by setting:
N = {rr, T3}. If S = {O}, then Cs(0) = {o] is not deductively closed as it does
not contain..., in violation of rule T3·

Proposition 7.5: IJ S <;;; Cs(I), then Cs(I) is dedudively closed.

Proof: Suppose all the premises of a rule T with conclusion lP are in Cs(!) and all
of r's restraints are outside it. By the definition of Cs(I), we can produce an
S-deduction containing all the premises of r . All of the restraints in r are outside
S by hypothesis. We can thus extend the S-deduction to one of 'P by applying
r to get 'P E Cs(I) as desired. 0

Definition 7.6: S <;;; U is an exten.sion oj I if Cs(I) = s. S is an extension if it is an

extension of the empty set 0.

The extensions S of I are the analogs for nonmonotonic systems of the logical
consequences of I. Every member of an extension is deducible from I and all the
S--consequences of I are in fact in S. We give some basic properties of extensions
in Exercises 3--5.
It turns out that extensions capture many procedures in mathematics and com-
puter science. We give some mathematical examples in Exercises 8-9. Nowwe
return to PROLOG programs with negation and their connection to extensions
through the notion of stable models.
From our current point of view, it is natural to try to consider the negation lIS
failure as a nonmonotonic system. The underlying idea of negation as failurelIS
presented in the last section is that we may assert ...,p when we do not knoW
(cannot deduce) p. This suggests a natural translation of a general PROLOG
program into a nonmonotonic formal system.
Recall from Definition 6.11 that a general program clause has the form p:- qt,
... ,q",""sl,···,,,,,sm wherep,q; and Sj are atoms.
Remember also that we are in the propositional case. Thus, if a prograD1of
interest .has variables, we consider instead all ground instances of the progcllll1
clauses ID the Herbrand universe. We can now easily translate a general ~
gram P containing only ground atoms into a nonmonotonic formal systelJl III a
natural way. We consider each ground atom as a propositional letter. TheSe
atoms constitute our universe U. Each program clause C of P of the (oflll
p:- qt,···, q", --';51,··., ""Sm is translated into a rule tr(C) :

The n~nmonotonic system is then specified by letting its set of rules N be the
COllection {"(C) .. C E P} 0 f translatlons
. of clauses of P.
Definition 7.7:
l .
Let P be a general program with only ground cleusee- tr(P),settheof
fran" anon oj P, is the nonmonotonic system (U, N) where U is the
 7 Negation and Nonmonotonic Logic 207

atoms appearing in P and N = {tr( C) : C E P} is the set of translations of

clauses of P.
It turns out that it is precisely the extensions of tr(P) which are the stable
models of P introduced by Gelfond and Lifschitz {19BB, 5.4) to capture a strong
notion of semantics for general programs with negation as failure.

Definition 7.8: If U is the set of atoms appearing in a ground general program

P and M ~ U, then PM is the program obtained from P by deleting each
clause that has in its body a negative literal ':'S with s E M and also deleting
all negative literals in the bodies of the remaining clauses. As PM is clearly a
PROLOG program (it has no negative literals), it has a unique minimal Herbrand
model by Exercise 11.10.3. A stable model of P is an M ~ U such that M is the
unique minimal Hebrand model of PM·
This terminology is justified by the following theorem which shows that stable
models of P are in fact models of P.

Theorem 7.9: Eve"" stable model of P is a minimal f1UKlelof P.

Proof: Suppose M is a stable model of P. Consider a clause C of P of the form

p:_ qlt ... ,q....""'S1> •.• , ....,sm. If some s; E M. then M trivially satisfies C. If
none of the s; are in M, thenp:- ql, ...• q... is in PM' AsM is a model of PM,
P E M if qt. ... ,q...E M. Thus M satisfies C in this case as well and so M is a
model of P.
'Ib see that M is a minimal model of P, consider any M' ~ M which is also
a model of P. We need to show that M = M'. By the definition of a stable
model, it suffices to show that M' is a model of PM. Now any clause 0' of PM
comes from some C In P as above with s; ~ M for 1 :::;j :::; m. It is then of the
form p> q}, ... , q". Suppose then that qIo ...• q" EM'. We need to show that
P EM'. AJ:. M' ~ M, !I; ¢. M' for every 1 :s; j :5 m. Thus, as M' is a. model of
C E P, p E M' as required. 0

Example 7.10: Let Q be the £ollowing general program of Gelfand and Lifschitz
{1988, 5.41'
p(1,2).
q(x) ,- p(x,y),-v,(y).

Q haa two minimal Herbrand model!: Ml = (P(1,2).q(1)} and M'l = {P(1.2),

q(2)} (Exercise 6). The usual negation as failure rule applied to this program
answers "no" to the question "1- q(2)." but "yes" to the question "1- q(I)."
Thus we should prefer the first model over the second.
Now consider the possible subsets of the Herbrand universe as candidates for
stable models of the ground instanOOl!l of this program. First, the program itself
is trans£ormed into the following ground version P:
 �----- -- ~

208 III. PROLOG

p(I,2).
,(1) ,- p(l, 1), -,(1).
,(1) ,- p(l, 2), -q(2).
,(2) ,- p(2, I), -q(I).
,(2) ,- p(2, 2), -,(2).

We now consider the subset M = {q(l)} of the Herbrand universe. PM is then

p(I,2).
,(1) ,- p(I,2).
,(2) ,- p(2,2).

The minimal Herbrand model of PM is {p(l,2),q(1)} :f M. Thus, M is not;

stable model of P. Indeed, any set M not containing p(l, 2) is not 8. model of
and so by Theorem 7.9 not a stable model of P.
Next, we consider the two minimal Herbrand models M, and M2 of the original
program Q. We claim that M1 is stable but not M2' First, PM, is

p(I,2).
,(1) ,- p(I,2).
,(2) ,- p(2,2).

The minimal model of this program is clearly M1 which is therefore stable. On

the other hand, PM3 is

p(I,2).
,(1) ,- p(l, I).
,(2) ,- p(2, 1).

Its minimal model is {p(l,2)} "I M2• Thus M'J is not stable.
In fact, M1 is the only stable model of P (Exercise 7) and so the stable model
is the "right" one from the viewpoint of negation as failure.

A dir~t an~ precise connection of stable models with nonmonoto?ic ~ormalu~

terns IS provided by the Theorem 7.12. We continue with the notation tntrod
above and begin with a lemma.

Lemma 7.11: If M' is a model of PM, then M';2 CM(0).

Proof: Sup~ that M' is a model of PM. We prove by induction on the l~ngth
M--deductlOns that every member of CM(0) is contained in M'. Consider
a::p
M--deduction V'l, ... ,I/!It.,p (from 0) and suppose the rule applied at the last ~te
of this deduction to conclude p is tr(C) for some cteuee C in P. By in~uct~:f
we m~y ~u,?e that .I/!~ E M' for every 1 :5 i :5 k and 80 every P~~M~
tr(C) IS m M . As this IS an M--deduction, no restraint $; of tr(C) IS ID
By
 7 Negation and Nonmonotonic Logic 209

definition then, p:_ ql,'" .qn is one of the clauses of PM' As M' is a model of
PM, p E M' as required. 0

Theorem7.12: A subset M ofU is II stable model oj P if and only iJit is an extension

oft.(P),
Proof: Suppose that M is an extension of (U.tr(P»). First. we claim that M is a model
of PM. Consider any clause p:_ ql,'" .qn in PM such that ql,"" qn EM. By
' e eIeuse C =p:_qlt ... 'qn .....Slt· .. ,Smm' P wt'th
the definition of P 104, th ere ts
no $; in M. Thus there is 8 rule tr(C) in tr(P) with all its premises in M and
none of its restraints in M. As extensions are deductively closed by Proposition
:.5, q E M as required. Next. we must prove that no M' strictly contained in M
IS a model of PM. As M = cM(0). this is immediate from Lemma 7.11.

For the converse, suppose that M is a minimal Herbrand model of PM' We first
~ote that, by Lemma 7.11, M:2 C",(0). By the minlmality assumption on M,
It sUf6.~ to prove that CM(0) is a model of PM to conclude that M = CM(0)
~ required. Consider, therefore, any clause p:- ql,"" qn in PM with all the q.
ill CM(0). There is then an M-deduction !Ph'" ,!pI< containing all of the qt· By
definltlion of PM, there is a clause C = p:- qh ... 'qn'-.Slt .. ·, ..... ' P With
Sm m '
none of the s; in M and so a rule tree) in tr(P) with all its premises in CM(0).
We may thus form an M-dedue:tion with p as the consequence. So P E Cu(0) as
required. 0
Ge1fond and Lifschitz show that certain classes of programs with properties such
as those considered in §4 have unique stable models and propose the term stable
~odel semantics for such programs. The special case of a unique stable model
18 certainly of particular interest. From the viewpoint of nonmonotonic logic,
however, all the extensions of tT(P) are equally good candidates for models of
the system.

Exercises
1. Let $1 :2 $2 :2 ... be a. nested sequence of deductively closed sets for a
nonmonotonic system (U,N). Prove that nS. is deductively closed.
2. A version of Zorn's lemma (see Theorem VI.10.2 and Exercise VI.10.2)
states that any nonempty family of sets dosed under the intersection of
downwardly nested sequences has a minimal element. Use it and Exercise 1
to prove that every nonmonotonic formal system has a minimal deductively
closed subset.
3. Prove that the operation Cs(l) is monotonic in I and antimonotonic in 5,
that is if I s J, then Cs(l) ~ Cs(J) and if s~
T. then Cs(l):2 GT(I).

4. Prove that, if $ is an extension of I, then $ is a minimal deductively closed

superset of 1 and for every J such that 1 ~ J ~ S we have Cs(J) = S.
210 III. PROLOG

5. If S and T are extensions of I and S <; T, then S = T.

6. Prove that the minimal Herbrand models of programs P and Q of Exampl!

7.10 are the sets M. and M2 given there.

7. Prove that M1 is the only stable model of P in Example 7.10.

(Hint: To begin the analysis note that any candidate must contain P(1,2)to
be a model of P but will not contain any other instance of P by minimalilJ'
ccnelderencns.)

Refer to Exercises 1.6.7-8 for the basic terminology about graphs and partial
orderings used below.

8. Let n be a natural number and G be a locally finite graph, i.e., a. graph

in which, for each node x there are at most finitely many nodes 11 SU(h
that {x,y} is an edge of G. We define a nonmonotonic fonnal ~
(U{G),N(G)} by first setting U(G) = {Cxil x is a node of G end I ~nJ.
We then put into N(G), for each node x of G and j :$ n, the rule

: Cxl, ... ,Cx(j - 1), Cx(] + 1), ... ,Cxn.

Cxj
~inally, we put into N(G), for each pair X,lI of distinct nodes of 0, eadl
1:$ n and each rp e U(G), the rule

Cxi,Cyi
~
Pr~ that S £; U(G) is an extension for (U(G), N(G») if
colonng each node x of G with color i iff Cxi e S produces 8Jl
ofG.
8Jl::~
11
J

9. Let P be a partial ordering of width n. We define a nonmonotoni~:::

(U(P),N(P» by /in;t "'tting U(P) = {ex'ix E P and i $ n].
x E P we put into N(P) the rule

: Cxl, ... ,Cx(] _ 1),Cx(j + 1), ... ,Cx~.

Cxj
Fi all fa .el orderiP'
ID y, r each x end 11 in P that are incomparable in the partE
we put into N(P) the rule
Cxi,Cyi
~
:~ove{Cthat S ~ ~ is an extension of (U(P), N(P)} ~f
{or Ie:1"; 1,E ..•S}., eft} IS a collection of disjoint chains covering
an~:~ a lit
a~
 8 Computability and Undecidability 211

8 Computability and Undecidability

One of the major tasks of the logicians of the 308 and 40s was the formal-
i1.a.tionof the basic intuitive notion of an algorithm or an effective procedure.
(For convenience we consider procedures on the natural numbers.) Many seem-
ingly different definitions were proposed by a number of researchers including
Church, Gooel, Herbrand, Kleene, Markov and Post. They suggested schemes
involving recursion, equational deduction systems, idealized models of comput-
ing machines and others. Perhaps the philooophically most convincing proposal
was that of Turing. He gave what Is undoubtedly now the best known definition
in terms of a simple machine model of computation: the Turing machine.
Every function calculable by any of these models was dearly effective. As inves-
tigations progressed, It became evident that any function that was intuitively
computable could be calculated in any of the systems. Indeed, over a number of
years all these proposals were proven equivalent, that Is, the class of functions
computable in anyone model is the same as that computable in any other. These
functions are now called the m:ursive Junction.!. Early results along these lines
led Church to formulate what is now known as Church's thuis: the effectively
calculable functions are precisely the recursive ones. The weight of the evidence
bas by now produced an almost universal acceptance ofthls thesis. Thus, to prove
that any computation scheme is universal in the sense that it computes every
effectivefunction, it suffices to prove that it computes every function computable
by any of the schemes known to define the class of recursive functions.
!t Is not difficult to model almost any of the standard definitions by deducti~n
m Predicate logic: for each recursive function [, we can write down axioms ill
a language for arithmetic which includes a term n for each natural number n
and a two-place predicate symbol PI such that fen) "'"m iff P/(n, m).1s a I?gica!
oo~uence of the axioms. (We restrict our attention to unary functiOns simply
to aVOidstrings of variables. Everything we do will 'WOrkjust 88 well for functiOns
of any specified arity m by simply replacing the single variable Xl by a sequence
of variables XI,X2, ••• ,xm.) For the most part, these representat~ons ca;: be
naturally expressed in the form of PROLOG programs. (See ExerctseS 1- ... for
~ example.) Thus, any sound and complete Implementation of PROu,x; [e.g.,
l¥ith ~readth-first searching) will correctly compute all recursive funct~ns. By
~lDg the right model of computation (Shepherdson's register machmes. as
. nbed in Definition 8.1) and exercising some cleverness in the tr~lat~n
into PROLOG(Definition 8.4), we prove that the standard implementation Vl&
the leftmost literal selection rule and depth.ftrst searching of the sec-vee ~
n
SUfficesto compute alI recursive functions. (In fact, the "right programs Will
run correctly with essentially any selection rule and search procedure.) Thus
Pil.OLOcIs a Universal computing machine model (Corollaries 8.6-8.7).
O~ One has an agreed-upon mathematical definition of an algorithm or. the
c of effectively computable functions one can hope to prove that varIOUS
prOCedures(or decisions) cannot be carried out (made) by any algorithm or that