Is it important to explain a theorem? A case study in UML and ALCQI

Is It Important to Explain a Theorem?
A Case Study on UML and ALCQI

Edward Hermann Haeusler Alexandre Rademaker

Departamento de Informática - PUC-Rio - Brasil

Ethecom 2009

Conceptual Modelling from a Logical Point of View
Main Steps

Additional Observations

Main Steps

1. Observe the “World”.


Main Steps

2. Determine what is relevant.


Main Steps

3. Choose/Deﬁne your terminology (non-logical linguistic terms).


Main Steps

4. Write down the main laws governing your “World” (Axioms).


Main Steps


5. Verify the correctness (sometimes completeness too) of your set
of Laws.


Main Steps


of Laws.


Steps 1 and 2 may be facilitated by the use of an informal
notation (UML, ER, FlowCharts, etc) and their respective
methodology, but it is essentially “Black Art” (cf. Maibaum).

Main Steps


of Laws.


Step 5 full-ﬁlling demands quite a lot of knowledge of the Model.

Main Steps


of Laws.


Step 5 full-filling demands quite a lot of knowledge of the Model.
Step 5 essentially provides finitely many tests as support for the
correctness of an infinite quantification.

The Validation Cycle

Figure: Reﬁnements and Cascaded Validation

Validation of (Formal?) Speciﬁcations

The Scientiﬁc Basis of our approach



Results/analysis of the philosophy of science are compared to
software validation [Haeberer98, Maibaum01, Cengarle98, C.
George05, etc].



George05, etc].
Formal Speciﬁcations as Scientiﬁc Theories ⇒ Observable
terms, Theoretical terms, Evidences, Refutations, False
Negatives, False positives, etc.



George05, etc].
Popper’s Falseability Principle drives (formal) validation analysis.



George05, etc].
Correctness ⇔ Positives and False Positives.



George05, etc].
Correctness ⇔ Positives and False Positives.
Completeness ⇔ Negatives and False Negatives.

Positives, False Negatives, False Positives
Is anything true about Truth ??

Is anything wrong with the Truth ??

Is anything true about Falsity ??


M |= φ and Spec(M) φ.




Why is φ truth ?? Provide me a proof of φ.






M |= φ, but Spec(M) |= φ.





A counter-model is found. Why is this a counter-model ??





Model-Checking based reasoning is of great help !!





Explanations from counter-examples.







M |= φ, but Spec(M) φ.






M |= φ, but Spec(M) φ.
Why does this false proposition hold ?? Provide me a proof of φ.

Existing Deductive Systems Paradigms

1. Aristotle’s Syllogisms (300 B.C.)
2. Axiomatic (Frege1879, Hilbert, Russell).
3. Natural Deduction (Jaskowski1929,Gentzen1934-5,
Prawitz1965)
4. Sequent Calculus (Gentzen1934-5)
5. Tableaux (Beth 1955, Smullyan1964)
6. Resolution-Based (A.Robinson1965)

Conceptual Modelling: Some motivation on explaining a theorem

Consider an ontology/KB containing:

(Quad ∧ PissOnFireHydrant) → Dog


Consider an ontology/KB containing:

(Quad ∧ PissOnFireHydrant) → Dog

This KB draws

(Quad → Dog) ∨ (PissOnFireHidrant → Dog)


Verifying this using Tableaux: V Quad ∧ PoFH → Dog

F (Quad → Dog) ∨ (PoFH → Dog)

F (Quad → Dog)

F PoFH → Dog

V Quad

F Dog

V PoFH

F Dog

F Quad ∧ PoFH V Dog

F Quad F PoFH


Another tableaux proof of Quad ∧ PoFH → Dog (Quad → Dog) ∨ (PoFH → Dog):

V Quad ∧ PoFH → Dog


F (Quad → Dog) ∨ (PoFH → Dog) F (Quad → Dog) ∨ (PoFH → Dog)

F (Quad → Dog) F (Quad → Dog)

F PoFH → Dog F PoFH → Dog

V Quad V Quad

F Dog F Dog
V PoFH

F Dog

F Quad F PoFH


One more tableaux proof of Quad ∧ PoFH → Dog (Quad → Dog) ∨ (PoFH → Dog):

V Quad ∧ PoFH → Dog



F (Quad → Dog)
F Quad F PoFH
F PoFH → Dog
F (Quad → Dog) ∨ (PoFH → Dog) F (Quad → Dog) ∨ (PoFH → Dog)
V Quad
F (Quad → Dog) F (Quad → Dog)
F Dog
F PoFH → Dog F PoFH → Dog

V Quad V PoFH

F Dog F Dog


Yet another Tableaux: V Quad ∧ PoFH → Dog and many more.....


F (Quad → Dog)

F PoFH → Dog


V Quad
F Quad F PoFH

V Quad F Dog
V Quad
F Dog
F Dog

V PoFH

F Dog

In Sequent Calculus

A proof that KB (Quad → Dog) ∨ (PoFH → Dog)

Quad ⇒ Quad PoFH ⇒ PoFH
Quad, PoFH ⇒ Quad Quad, PoFH ⇒ PoFH
Quad, PoFH ⇒ Quad ∧ PoFH Dog ⇒ Dog
Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog
Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog, Dog
KB ⇒ PoFH ∧ Quad → Dog PoFH, PoFH ∧ Quad → Dog ⇒ (Quad → Dog), Dog
PoFH, KB ⇒ (Quad → Dog), Dog
KB ⇒ (Quad → Dog), (PoFH → Dog)
KB ⇒ (Quad → Dog) ∨ (PoFH → Dog)

In Sequent Calculus

Other proof that KB (Quad → Dog) ∨ (PoFH → Dog)

KB ⇒ PoFH ∧ Quad → Dog Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog
KB, Quad, PoFH ⇒ Dog
KB, Quad, PoFH ⇒ Dog, Dog
KB, PoFH ⇒ (Quad → Dog), Dog

In Sequent Calculus

One more proof that KB (Quad → Dog) ∨ (PoFH → Dog)

KB ⇒ PoFH ∧ Quad → Dog Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog
KB, Quad, PoFH ⇒ Dog
KB, PoFH ⇒ (Quad → Dog)

In Sequent Calculus

Yet another proof that KB (Quad → Dog) ∨ (PoFH → Dog)

Quad, PoFH ⇒ Quad Quad, PoFH ⇒ PoFH Dog ⇒ Dog
Quad, PoFH ⇒ Quad ∧ PoFH Dog ⇒ Dog, Dog
KB ⇒ PoFH ∧ Quad → Dog Quad, PoFH, PoFH ∧ Quad → Dog ⇒ Dog, Dog
KB, Quad, PoFH ⇒ Dog, Dog

and many more...

In Natural Deduction

A (normal) proof

[Quad]a [PoFH]b
Quad ∧ PoFH Quad ∧ PoFH → Dog
Dog
b
PoFH → Dog
(Quad → Dog) ∨ (PoFH → Dog) [¬((Quad → Dog) ∨ (PoFH → Dog))]c
⊥
a
[Quad]d ¬Quad
⊥
Dog
d
Quad → Dog
⊥
c
(Quad → Dog) ∨ (PoFH → Dog)

In Natural Deduction

THE other (normal) proof

[Quad]a [PoFH]b
Quad ∧ PoFH Quad ∧ PoFH → Dog
Dog
b
PoFH → Dog
⊥
Dog
a
Quad → Dog
⊥
c
(Quad → Dog) ∨ (PoFH → Dog)

Fundamental facts on Automating S.C. and N.D.

Analyticity

Every proof of Γ α has only occurrences of sub-formulas
of Γ and α (Sub-formula Principle SFP).


Analyticity

Cut-Elimination in S.C entails SFP. Haupsatz


Analyticity


Normalization in N.D. entails SFP. Normalization


Analyticity


Normalization in N.D. entails SFP. Normalization

Strongly related to analytic Tableaux based procedures.

Arguments in favour of Natural Deduction as a basis for theorem explanation

Common Sense and Intuitive reasons

Technical reasons


“Fewer” proofs of a proposition when compared to other
Deductive Systems.

Technical reasons
Natural Deduction reveals the computational content of a
proof. CH-Isomorphism


Deductive Systems.
“More” structure and existence of speciﬁc patterns to help
paragraph construction in NL.

Technical reasons
The prover can choose the pattern it wants the proof
should have. Seldin Prawitz


Deductive Systems.
“More” structure and existence of speciﬁc patterns to help
paragraph construction in NL.
Working hypothesis: “Optimal explanations should be
tailored from well-known proof patterns”

Technical reasons
The prover can choose the pattern it wants the proof
should have. Seldin Prawitz

Conceptual Modelling in UML and ER

The Informal Side

The Logical Side


The Informal Side
Graphical notations seem to be adequate to the human
being understanding and manipulation.

The Logical Side


The Informal Side
Lacking of a formal consistency checking.

The Logical Side


The Informal Side

The Logical Side

FOL cannot provide checking of KB consistency.


The Informal Side

The Logical Side

FOL cannot provide checking of KB consistency.
Decidable logics seems to be more adequate.

Explaining Theorems on the Conceptual Modelling Domain

A Case Study in UML


A Case Study in UML

1. Why UML ? ⇒ It is complex (UML consistency is
EXPTIME-Complete), useful and popular.


A Case Study in UML

2. What do we need ?


A Case Study in UML

A Logical Language to express properties and their proofs
(ALCQI)


A Case Study in UML

(ALCQI)
A Good (Normalizable) Natural Deduction for ALCQI


A Case Study in UML

(ALCQI)
A Good (Normalizable) Natural Deduction for ALCQI
Proof Patterns that yield good explanation (to come...)

ALCQI KB related to UML Class Diagram [BerCalvGiac2005]
D. Berardi et al. / Artiﬁcial Intelligence 168 (2005) 70–118 81

Fig. 12. UML class diagram of Example 2.5.

2.4. General constraints
Origin ∀place.String
Origin ∃place. (≤ 1 place)
Origin ∃call.PhoneCall (≤ 1 call) ∃from.Phone (≤ 1 from)
Disjointness and covering constraints are 1call) ∃from.CellPhone commonly used con-
MobileOrigin ∃call.MobileCall (≤ in practice the most (≤ 1 from)
straints in UML class diagrams. However, UML allows for other forms of constraints,
PhoneCall (≥ 1 call− .Origin) (≤ 1 call− .Origin)
−
specifying class identiﬁers, ∀reference .PhoneBill ∀reference.PhoneCall
functional dependencies for associations, and, more generally
PhoneBill (≥ 1 reference− )
through the use of OCL [8], any form of (≤ 1 reference)
PhoneCall (≥ 1 reference) constraint expressible in FOL. Note that, due
to their expressive power, OCL constraints could in fact be used to express the semantics
MobileCall PhoneCall
of the standard UML class Origin
MobileOrigin
CellPhone
diagram constructs. This is an indication that a liberal use of
Phone
OCL constraints can actually compromise the understandability of the diagram. Hence,
FixedPhone Phone
CellPhone ¬FixedPhone
the use of constraints is typically limited. Also, unrestricted use of OCL constraints makes
Phone CellPhone FixedPhone
reasoning on a class diagram undecidable, since it amounts to full FOL reasoning. In the
following, we will not consider general constraints.

Towards a Natural Deduction for ALCQI

A Sequent Calculus for ALC (EDOC2007, AOW2007, etc)
A Proof Theory for ALC (Sequent Calculus
[RadeHaeuPere2008,2009])
A Deterministic Sequent Calculus for ALC
[RadeHaeuSBIA2008]
Maude Implementations of S.C. Provers for ALC and ALCQI
[Rade2009]
A Good Natural Deduction for ALC [RadeHaeu2008-9]
A Natural Deduction for ALCQI [RadeHaeu2009]

ALC, ALCQI and further DLs

ALC

C ::= ⊥ | | A | ¬C | C1 C2 | C1 C2 | ∃R.C | ∀R.C

ALCQI

C ::= ⊥ | A | ¬C | C1 C2 | C1 C2 | ∃R.C | ∀R.C |≤ nR.C |≥ nR.C
R ::= P | P −

UML with OCL constraints
SecureUML needs ID(C) role for each concept C for specifying
uniqueness of a default in a concept. [BragaHaeu2009]

∀ID( ).A ∃ID( ).A A ≡ (= 1isdefault.(= 1isdefault − .Role))

Labeling formulas of ALC

Labeling Grammar:

LL ::= R, LL | ∅
LR ::= R, LR | R(LL ), LR | ∅
C ::= LL C LR

The ALC formula:
∃R2 .∀Q2 .∃R1 .∀Q1 .α
is represented by the labeled formula:

Q2 ,Q1
αR1 (Q2 ),R2

A Natural Deduction to ALC

L L L L1
(α β) α β αL2
-e -i Gen
L L R,L1
α (α β) αL 2

[αL ] [β L ]
. .
. .
. .
. . αL βL
(α β)L γ γ -i -i
γ -e (α β) L
(α β)L

[L1 αL2 ]
.
.
.
.
L2 L1 ⊥
L1
L1 L2
α L1 ¬α L2 L2 L1
¬-i ∃R.αL2
¬-e ∃-e
L1
⊥ L1 ¬α L2 αR(L1 ),L2

L1 R(L1 ),L2 L1
α ∀R.αL2 L1 ,R
αL 2
∃-i ∀-e ∀-i
L1
∃R.αL2 L1 ,R
αL 2 L1
∀R.αL2

L2 L1
[L1 αL2 ]
. [ L1 ¬α L2 ]
. .
. .
. .
L1 .
αL2 L1 L2
α M1 M2
β M1 M2
β ⊥
-e -i ⊥c
M1 M2 L1
β αL2 M1 M2
β L1 L2
α

Main properties of NALC
Theorem
NALCQI is complete regarding the standard semantics of ALC.

Theorem
NALCQI is sound regarding the standard semantics of ALC.
if Ω γ then Ω |= γ.

Fact
The NALCQI -rules and ∃-rules are derived in ALCQI − { , ∃} .

Lemma (Moving ⊥c downwards on branches)
If Ω α in ALCQI − { , ∃} then there is a deduction Π of α from Ω,
such that, each branch in Π has at most one application of ⊥c -rule,
which is the last rule in it.

Theorem (Eliminating maximal -formulas)
If Π is a deduction of α from Ω, in the restricted system, then
reductions

there is a deduction Π of α from Ω without any maximal formulas.

Fact
SFP holds in ALC.

Example : A Negative Testing

An (incorrect) generalization (a CellPhone is a
FixedPhone) is introduced in the KB.


CellPhone FixedPhone is added to KB.


CellPhone FixedPhone is added to KB.
CellPhone is empty (inconsistent)
.
Cell ¬Fixed [Cell]1 Cell Fixed [Cell]1
¬Fixed Fixed
⊥ 1
Cell ⊥

Example: A False Positive in the new KB

In the modiﬁed diagram, Phone ≡ FixedPhone can be drawn.
This is not directly proved from the inconsistency of CellPhone.


It is shown that Phone FixedPhone since
FixedPhone Phone is already an axiom of KB.


It is shown that Phone FixedPhone since
FixedPhone Phone is already an axiom of KB.
Proof:
[Phone]1 Phone Cell Fixed [Cell] Cell Fixed
Cell Fixed Fixed [Fixed]
Fixed
1
Phone Fixed

Example: A False Positive yielding a reﬁning of KB


MobileCall participates on the association MobileOrigin
with multiplicity 0..1, instead of the 0..* presented in the UML
diagram


MobileCall participates on the association MobileOrigin
with multiplicity 0..1, instead of the 0..* presented in the UML
diagram
Proof: [MC]1 MC PC
MO O PC PC ≥ 1 c− .O ≤ 1 c− .O
− 2 − − − −
[≥ 2 c .MO] ≥ 2 c .MO ≥ 2 c .O ≥ 1 c .O ≤ 1 c .O
≥ 2 c− .O ≤ 1 c− .O
⊥
2
¬ ≥ 2 c− .MO
1
MC ¬ ≥ 2 c− .MO
Sequent

Conclusions

Yes !! It is Important to explain a theorem !!!

Advices

Conclusions

Proof explanations provide good and adequate support for
formal validation of KB. It is as important as Model Checking
based explanations.

Advices

Conclusions

based explanations.
Under our Working Hyp., N.D. provides the adequate basis for
explanation generation from formal proofs.

Advices

Conclusions

based explanations.
N.D. for DLs is an important step towards good explanations in
Conceptual Modeling. NALCQI provides a good basis regarding
UML and ER reasoning explanation.

Advices

Conclusions

based explanations.

Advices

Conceptual Modeling in UML is not tractable
(EXPTIME-complete)

Conclusions

based explanations.

Advices

Conceptual Modeling in UML is not tractable
(EXPTIME-complete)
Unless CoNP = NP, proofs can be really huge !!! Introducing
Cuts/Maximal formulas cannot reduce always the size of a proof.

Curry-Howard Isomorphism

The computational content of Intuitionistic Proofs
Any Proof of α from γ1 , . . . , γn in IL corresponds to an
algorithm that yields values of type α from any list of n values of
types γ1 , . . . , γn , respectively
IntuitionisticLogic

Technically:
Any proof π of α from γ1 , . . . , γn corresponds to a typed λ-term
t(x1 , . . . , xn ) : α[x1 : γ1 , . . . , xn : γn ], such that any evaluation in t
corresponds a normalization step in π, and vice-versa.
return

Seldin’s strategy to normalize Classical Proofs

Moving the Classical Absurdity Rule towards the Conclusion of the
proof
Given any Classical derivation Π of α from Γ, one can transform Π
into a derivation Π1 of α from Γ of the following form:

Γ, [¬α]a
Π1
a ⊥ α
where Π1 is intuitionistic. reductions

return

Prawitz’s strategy to normalize Classical Proofs
Moving the Classical Absurdity Rule towards atomic conclusions in
the proof
Given any Classical derivation Π of α from Γ, one can transform Π
into a derivation Π1 of α from Γ where the Classical-⊥ has only
atomic conclusions
[¬(α ∧ β)]a
Π
⊥
a
α∧β

Transforms into

[α ∧ β]c
[α ∧ β]a
α [¬α] b β [¬β]d
⊥ ⊥
a c
¬(α ∧ β) ¬(α ∧ β)

Π Π
⊥ ⊥
b d
α β
α∧β

return

Example of reduction

[¬α]a [¬β]b
Π1 Π2
⊥ ⊥
a b
α α
α∧β

Transforms into

[α]a [β]b
α∧β [¬(α ∧ β)]c
⊥
a
¬α
Π1
⊥
b
¬β
Π2
⊥
c
α∧β

other

Normalizing reductions

-reduction ∀-reduction
Π1 Π2 Π1
L
α Lβ L1 ,R
αL2
L
(α β) Π1 L1
∀R.αL2 Π1
L L L1 ,R L2 L1 ,R
α α α αL2
¬-reduction -reduction
L2 L1
L1
¬α L2
[α]
Π2
Π1 L2 L1 Π2 Π1
⊥ Π2 L1
¬α L2
β
L2 L1 Π1 [α]
L1 L2
α L1
¬α L2
Π1 α α β Π2
⊥ ⊥ β β

return

MC ¬ ≥ 2 c− .MO in Sequent Calculus

MO ⇒ O MC ⇒ PC PC ⇒ ≥ 1 call− .O ≤ 1 call− .O
≥ 2 call− .MO ⇒ ≥ 2 call− .O MC ⇒ ≥ 1 call− .O ≤ 1 call− .O
MC, ≥ 2 call− .MO ⇒ ≥ 2 call− .O MC, ≥ 2 call− .MO ⇒ ≥ 1 call− .O ≤ 1call− .O
− − − −
MC, ≥ 2 call .MO ⇒ ≥ 1 call .O ≤ 1call .O ≥ 2call .O
MC, ≥ 2 call− .MO ⇒ ⊥
MC ⇒ ¬ ≥ 2 call− .MO

return

The Haupsatz

The cut rule:

Γ1 ⇒ ∆ 1 , α α, Γ2 ⇒ ∆2
Γ1 , Γ2 ⇒ ∆1 , ∆2

return

The Haupsatz

The cut rule:

Γ1 ⇒ ∆ 1 , α α, Γ2 ⇒ ∆2
Γ1 , Γ2 ⇒ ∆1 , ∆2
Every proof of Γ ⇒ ∆ can be rewritten without the cut-rule.

return

The Haupsatz

The cut rule:

Γ1 ⇒ ∆ 1 , α α, Γ2 ⇒ ∆2
Γ1 , Γ2 ⇒ ∆1 , ∆2
Corollary: Every formula in a proof of Γ ⇒ ∆ is subformula from
at least one formula of Γ ∪ ∆.

return

The Haupsatz

The cut rule:

Γ1 ⇒ ∆ 1 , α α, Γ2 ⇒ ∆2
Γ1 , Γ2 ⇒ ∆1 , ∆2
Corollary: If the Haupsatz holds for a logic/theory L then this
logic is consistent. (There is no proof of the empty sequent).

return

The Haupsatz

The cut rule:

Γ1 ⇒ ∆ 1 , α α, Γ2 ⇒ ∆2
Γ1 , Γ2 ⇒ ∆1 , ∆2
Corollary: If the Haupsatz holds for a logic/theory L then this
logic is consistent. (There is no proof of the empty sequent).
Gentzen proved that PA is consistent by means of Haupsatz.

return

Normalization and Normal Proofs

A → B is maximal formula in a ND proof:
[A]
Π2
Π1 B
A A→B
B

reduces to

Π1
[A]
Π2
B

return


[A]
Π2
Π1 B
A A→B
B

reduces to

Π1
[A]
Π2
B

Normalization: Every derivation of α from ∆ can be transformed
into a Normal derivation (without maximal formulas) of α from ∆
(∆ ⊆ ∆)

return


[A]
Π2
Π1 B
A A→B
B

reduces to

Π1
[A]
Π2
B

Normalization: Every derivation of α from ∆ can be transformed
into a Normal derivation (without maximal formulas) of α from ∆
(∆ ⊆ ∆)
Corollary: Every formula in a proof of α from Γ is subformula of Γ
or α.

return

Moving the ⊥ towards the conclusion of a derivation [Seldin1977]

[¬A]a
Π1
Π2
a ⊥
A B
A∧B

reduces to

Π2
a
[A] B
A∧B [¬(A ∧ B)]b
a ⊥
¬A
Π1
⊥
b
A∧B
return

Classical Logic × Intuitionistic Logic

Theorem
There are a, b ∈ R − Q, such that, ab ∈ Q

A Classical Proof (Math Folklore)
√
Consider a = b = 2. Then, either ab ∈ Q or ab ∈ √ In the ﬁrst case
Q.
√ 2 √
we are done. In the second case, consider a = 2 and b = 2,
hence, ab = 2 ∈ Q.

An Intuitionistic (constructive) proof (E. Bishop)
√
Consider a = 2 and b = 2log2 (3). We have a, b ∈ Q and
ab = 3 ∈ Q
return

Is it important to explain a theorem? A case study in UML and ALCQI

More Related Content

Viewers also liked (8)

Similar to Is it important to explain a theorem? A case study in UML and ALCQI (20)

More from Alexandre Rademaker (12)

Recently uploaded (20)

Is it important to explain a theorem? A case study in UML and ALCQI