Content uploaded by Nicola Olivetti
Author content
All content in this area was uploaded by Nicola Olivetti on Jun 18, 2015
Content may be subject to copyright.
A Language for Handling
Hypothetical Updates and
Inconsistency
DovM.Gabbay,
Department of Computing, Imperial College, 180
Queen's Gate, London SW7 2BZ, UK. E-mail: dg@doc.ic.ac.uk.
Laura Giordano, Alberto Martelli and Nicola Olivetti,
Dipartimento di
Informatica, Universita di Torino, Torino, Italy.
E-mail:
f
laura,mrt,olivetti
g
@di.unito.it.
Abstract
In this paper we propose a logic programming language whichsupportshypothetical updates together
with integrity constraints. The language makes use of a revision mechanism, which is needed to
restore consistency when an update violates some integrity constraint. The revision policy adopted
is based on the simple idea that more recent information is preferred to earlier one. We show
how this language can be used to represent and perform several types of defeasible reasoning. We
develop a logical characterization of the language in a three-valued conditional logic, byintro ducing
a completion construction. Weshowthatthe op erational semantics is sound and complete with
respect to the completion construction.
1 Introduction
In this work we propose a conditional extension of conventional logic programming,
which supports hypothetical updates together with integrity constraints. The basic
motivations and principles of our proposal are the same as those presented in 9]. In
that work, we dened a logic programming language, called
CondLP
(
Conditional
Logic Programming
), which is an extension of NProlog 8, 7]. As in NProlog and in
other similar logic programming languages 20,19], Horn clause logic is extended to
allowembedded implications b oth in goals and in clause bodies.
Operationally, in NProlog an embedded implication
D
)
G
,where Gis agoal
and D is a set of clauses, succeeds from a program P if G succeeds from the enlarged
program
P
D
. Hence, D can b e regarded as an
update
to the current program, which
only aects the proof of G.
In
CondLP
we have atomic updates, that is we allow embedded implications of
the form
A
)
G
, where
A
is an atomic formula. Moreover, a program maycontain
integrity constraints of the form
G
!?
, where
G
is a goal and
?
is a distinguished
symbol denoting falsity, and whose meaning is that G must not succeed. For instance:
male
^
f emale
!?
:
The violation of an integrity constraint of this restricted form may be caused bythe
presence
in the database of conicting information, and to restore consistency, we
havetoremove some data.
385
J. of the IGPL
,Vol. 4 No. 3, pp. 385{416 1996
c
IGPL
386
A Language for Handling Hypothetical Updates and Inconsistency
In contrast to NProlog, when an implication goal
A
)
G
hastobeproved,
A
may
be inconsistent with the current program P, that is adding
A
to P may produce the
violation of one or more constraints. When this happens, a
revision
of the program
is needed in order to restore consistency.
In
CondLP
a program consists of a protected part and a removable part. All clauses
and integrity constraints belong to the protected part so that they cannot be removed
to restore consistency. Only facts in the removable part of the program can be deleted.
Furthermore, we record the order in which facts have been introduced in the program,
and wemake the assumption that older facts are more likely to be removed than more
recent facts. Since we assume that the set of removable facts is totally ordered (bya
time ordering), we can always obtain a uniquely revised program. The choice of the
revision policy is motivated by some application in planning and in non-monotonic
and counter-factual reasoning. In principle, however, this choice mightbe dierent
and the operational semantics of the language can be thought of as being parametric
with respect to it.
The problem of maintaining consistency in face of new contradictory information
has been widely studied in belief revision 12]and in database theory (see 24]for
a survey) in the context of view updates 6, 5, 23] and, more specically, con-
cerning logical databases in 16,21,11]. In particular, 21] provides a pro cedure for
reasoning with inconsistent data, with the aim of supporting temporal, hypothetical
and counter-factual queries. As in 21]we adopt the idea that earlier information is
superseded by later information. In contrast to 21]in
CondLP
we provide update
operations in the language itself, by making use of embedded implications. Hence,
our proposal is along the same line as 16, 17, 1, 2], which provide up date opera-
tions within the language. In 9] we also dene a model-theoretic semantics for this
language and wepoint out some connections with b elief revision.
In
CondLP
each time an update is performed during the proof of a given goal, the
consistency of the new database is checked, and, when an inconsistency arises, the
database is modied by deleting some facts. It is worth noting that
CondLP
makes
useoftwo dierent proof pro cedures: the one to derive a goal from a given program,
and the other to check the consistency of the database when an update is p erformed.
An alternative approach, which has been pursued in 3, 21], is to keep all possibly
inconsistent information, so that the proof procedure itself maintains the consistency
of logical consequences of the database according to the priority among facts.
In this paper, we follow the approach we have just described and we show that,
unlike
CondLP
,we can perform b oth top-level deduction and consistency checks by
a single goal-directed proof pro cedure.
Our approach is similar to that one presented in 17], where a logic with a mo dal
operator
assumeL]
(where
L
is a literal) is dened, representing addition and deletion
of atomic formulas. However, unlike17] where a mo del-based approach to revision
is adopted, here we want to keep close to
CondLP
and to follow a
formula-based
approach
, so that the semantics of an update depends on the syntax of the formulas
present in the programs (see 24]).
While the language we are going to dene formally provides only addition opera-
tions, deletion can be represented implicitly,by making use of constraints. By adding
afact
p
we implicitly delete all other facts inconsistent with it.
As an example of program in our language, consider the following one, adapted
2. THE OPERATIONAL SEMANTICS
387
from 8], containing the set of clauses and constraints:
british citizen
(
X T
)
born in UK
(
X
)
^
f ather
(
X Y
)
^
(
alive
(
Y T
)
)
british citizen
(
Y T
))
british citizen
(
Z T
2
)
british citizen
(
Z T
1
)
^
less than
(
T
1
T
2
)
^
alive
(
Z T
2
)
dead
(
X T
)
^
alive
(
X T
)
!?
,
and the list of facts:
L
=
born in UK
(
bob
)
f ather
(
bob tom
)
br itish citizen
(
tom
1950)
dead
(
tom
1984)
less than
(1950
1984)
:
The reading of the rst rule is "One is a British citizen at a certain time if (a) (s)he
is born in UK and (b) if his/her father were alive at that time, then he would have
been a British citizen." The reading of the second rule and of the integrity constraint
is obvious.
Consider the goal
G
=
british citizen
(
bob
1984).
The goal
G
succeeds from the program
P
consisting of the set of clauses and con-
straints above and the list of facts
L
. In fact, the subgoals
born in UK
(
bob
)and
f ather
(
bob tom
) succeed from P. The subgoal
alive
(
tom
1984)
)
british citizen
(
tom
,
1984) succeeds from
P
since
british citizen
(
tom
1984) succeeds from the revised pro-
gram obtained from P by adding
alive
(
tom
1984). Notice that the query
alive
(
tom
1984)
)
dead
(
tom
1984)
fails from
P
,since
dead
(
tom
1984) is overridden by the addition of
alive(tom,
1984
)
.
2 The Operational Semantics
In this section we dene the syntax of the language and its operational semantics.
We will deal only with the propositional case.
Let
true
and
?
1
be distinguished prop ositions and let
a
denote atomic propositions
dierent from
?
. The syntax of the language is the following:
G::=
true
j
a
j
G
1
^
G
2
j
a
)
G
D::=
G
!
a
I::=
G
!?
.
In this denition
G
stands for a goal,
D
for a clause and
I
for an integrity constraint.
Notice that, in a clause
G
!
a
and in a constraint
G
!?
,Gcancontain embedded
implications, as in the formulas:
(
a
)
(
b
)
a
))
^
(
b
)
c
)
!
d
1
Although,
?
is the traditional symbol for falsity,we will regard
?
as a constant without any special properties,
since we will use
?
to record integrity constraints in the program, and wedonotwanttoderiveeverything from
the violation of some integrity constraint.
388
A Language for Handling Hypothetical Updates and Inconsistency
and
(
a
)
c
)
^
f
!?
:
The syntax of the language, as given above, is an abstract syntax. To make the
interpretation of formulas non ambiguous, we will assume that the connectives
^
and
)
have higher priority with respect to
!
.Moreover, we will make use of parentheses,
when needed. To simplify notation, we assume that
)
is right associative, so that we
will write
a
1
)
a
2
)
:::
)
a
n
, instead of
a
1
)
(
a
2
:::
)
a
n
)
:::
). Moreover, wewill
write
p
instead of
true
!
p
.
A
program P
is dened as a set of clauses, a set of integrity constraints, and a
list of (removable) facts:
P
=
j
L
, where =
S
IC
is a set of clauses (
S
)and
integrity constraints (
IC
), and
L
=
a
1
:::a
n
is alist of facts. While the clauses
and constraints in cannot be removed, i.e., they are
protected
, the facts in L are
revisable
: each fact
a
i
in
L
can be used in a proof unless it is inconsistent with some
subsequent facts
a
j
(with
j>i
) in the list. Hence, there is a total ordering among
the atoms in the list
L
, and each
a
i
is less preferable than
a
i
+1
.
The computation of a goal proceeds in a similar way to standard logic programming
computations with two dierences:
when the goal is hypothetical, that is, it has the form
a
)
G
, we modify the
database, by inserting
a
at the top of the removable part. The atom
a
will have
the highest preference, being the last one in the list
L
.
when one of the atoms in the removable part, say
h
, (but not the last one) is needed
in a derivation, weverify that
h
is not inconsistent with the more preferable atoms,
i.e. weverify that, assuming
h
,we do not get an inconsistency from the permanent
database and the list of preferred atoms. The atom
h
is assumed to be true in the
context determined by the sequence of subsequent updates. The atom
h
plays the
role of a temporary (or local) hypothesis.
We use the following notation for temporary hypotheses:
j
a
1
:::a
n
h
]
:
The meaning is that, among the states determined by the sequence of updates
a
1
:::a
n
(and ), we are considering those in which
h
is true. A temporary hypothesis
h
must
not be confused with an update. Tocontrast:
j
a
1
:::a
n
h
means that
h
is an update which comes after
a
1
:::a
n
, and transform the every state
determined by the sequence
a
:::a
n
into a new state determined by
a
1
:::a
n
h
.
Wecannow dene a goal directed proof procedure for the language. A
query
has
the form
j
a
1
:::a
n
h
]
`
?
G:
The atom
h
represents a temporary hypothesis, whichischecked for consistency. Here
are the rules for establishing the success of a query.
1.
j
a
1
:::a
n
h
]
`
?
true
succeeds
2.
j
a
1
:::a
n
h
]
`
?
G
1
^
G
2
succeeds if
j
a
1
:::a
n
h
]
`
?
G
1
succeeds and
j
a
1
:::a
n
h
]
`
?
G
2
succeeds
2. THE OPERATIONAL SEMANTICS
389
3.
j
a
1
:::a
n
h
]
`
?
a
)
G
succeeds if
j
a
1
:::a
n
a
true
]
`
?
G
succeeds
4.
j
a
1
:::a
n
h
]
`
?
a
(including the case
a
=
?
)if
(i) there is a clause
G
!
a
2
suchthat
j
a
1
:::a
n
h
]
`
?
G
,or
(ii)
a
=
a
n
or
a
=
h
,or
(iii)
a
=
a
i
(
i
=1
:::n
;
1) and
j
a
i
+1
:::a
n
a
]
`
?
?
fails.
A natural choice in a logic programming context is to consider failure (i.e. "non-
provability") in the last item of rule (4) as
nite
failure to prove. Hence, we can
interpret the last item of 4 as: "
?
nitely fails
from
j
a
i
+1
:::a
n
a
]"
2
. Notice
that the operational semantics forces the following behaviour in case of inconsistency
of the protected part of the database: given a database
j
a
1
:::a
n
,if
`
?
?
succeeds, no atom
a
i
,
i
=1
:::n
;
1 can be used in any derivation.
We say that a goal
G
is derivable from a program
P
=
j
a
1
:::a
n
if
j
a
1
:::a
n
true
]
`
?
G
. Since assuming
true
is the same as assuming nothing, we
will often write
j
a
1
:::a
n
]
`
?
G
instead of the above notation.
The operational semantics dened abovemakes use of a notion of nite failure and,
as expected, is non-monotonic. Let us consider the following example.
Example 1
Let
P
be the program with =
and
L
=
. The query
a
)
b
)
a
succeeds from
P
. >From the initial query,we proceed as follows:
j
]
`
?
a
)
b
)
a
,
j
a
]
`
?
b
)
a
,by rule (3),
j
a b
]
`
?
a
,by rule (3),
failure check of
j
b
a
]
`
?
?
,by rule 4(iii)
We must check that the last query fails. This is straightforward, as there are no
constraints in to derive
?
. Hence, the query fails, and the initial query succeeds.
On the other hand, the query
a
)
b
)
a
fails form the program
P
0
=
0
, obtained
from
P
by adding the constraint
a
^
b
!?
.
0
j
]
`
?
a
)
b
)
a
,
0
j
a
]
`
?
b
)
a
,by rule (3),
0
j
a b
]
`
?
a
,by rule (3),
failure check of
0
j
b
a
]
`
?
?
,by rule 4(iii).
Call
Q
the last query. Wemust check that
Q
fails.
0
j
b
a
]
`
?
?
,
0
j
b
a
]
`
?
a
^
b
,
0
j
b
a
]
`
?
a
and
0
j
b
a
]
`
?
b
,
both
a
and
b
succeed by rule 4(ii). Thus,
Q
succeeds, and hence the initial query fails.
We can observe that if we add constraint
b
^
c
!?
to
P
0
,we get a new program
P
00
from which the goal
a
)
b
)
a
fails, but the goal
a
)
b
)
c
)
a
succeeds.
Indeed, since
b
is overridden by
c
which is preferred,
a
becomes again visible after the
update by
c
. The behaviour wehave just described is dierent from that one of the
operational semantics of
CondLP
given in 9]. In that case, the consistency checkis
2
From nowon,by
failure
we will always mean
nite failure
.
390
A Language for Handling Hypothetical Updates and Inconsistency
done after each update, and the less preferred atoms resp onsible for inconsistencies
are permanently removed. Hence, the goal
a
)
b
)
c
)
a
fails in
CondLP
, since,
after the update of
b
,
a
is removed from the current program.
2.1 An explicit denition of nite failure
The op erational semantics given above makes use of a notion of nite failure, we
have not explicitly dened. In this section we rene the proof procedure above, by
providing a mutual inductive denition of success and failure, as in conventional logic
programming. This formulation of the proof procedure will b e useful in section 4.1,
to prove soundness of the pro of procedure with resp ect to the completion semantics.
We directly dene what are the successful and failed queries, rather than going into
details of the structure of proof-trees and derivations. However, to each successful
and failed query we assign a pair of parameters (
m k
), called its
rank
,which in some
sense provide some information on the complexity of the relative derivations. The
mutual denition of successful and failed query is also a denition by induction on
such pairs, lexicographically ordered.
Intuitively, the computation process can be describ ed as follows: when wewantto
show that
Q
succeeds we start a derivation tree for
Q
. The leaves of this tree are
queries which immediately succeed, or require showing that some other queries fail
(byrule4(iii)). For each query of the latter type a new derivation tree (for proving
failure) is started. The leaves of this tree are queries which immediately fail, or require
showing that some other queries succeeds (by rule 4 (iii) again). For each query of the
latter type a new derivation tree for proving success is started, and so on. Given this
picture, the rank (
m k
) of a query can be interpreted as follows: the rst parameter
m
bounds the depth of nested (alternating) calls for success and failure, the second
parameter
k
bounds the height of a derivation tree (both for success and failure).
Given a query
Q
=
j
a
1
:::a
n
h
]
`
?
G
wesaythat:
s(0,0)
]
Q
succeeds with rank (0
0) if
G
=
true
,or
G
=
a
n
,or
G
=
h
.
s(m+1,0)
]
Q
succeeds rank with (
m
+1
0) if
G
=
a
i
,and1
i<n
and
j
a
i
+1
:::a
n
a
i
]
`
?
?
fails with (
m k
0
) for an arbitrary
k
0
.
s(m,k+1), i
]
Q
succeeds with rank (
m k
+1) if
G
=
G
1
^
G
2
and
j
a
1
:::a
n
h
]
`
?
G
1
succeeds with rank (
m
1
k
1
)
j
a
1
:::a
n
h
]
`
?
G
2
succeeds with rank (
m
2
k
2
)
for some
m
1
m
2
k
1
k
2
,and
m
=
max
f
m
1
m
2
g
,
k
=
max
f
k
1
k
2
g
.
s(m,k+1),ii
]
Q
succeeds with rank (
m k
+1) if
G
=
a
)
G
1
and
j
a
1
:::a
n
a
true
]
`
?
G
1
succeeds with rank (
m k
)
s(m,k+1),iii
]
Q
succeeds with (
m k
+1) if
G
=
p
and there is a clause
G
0
!
p
2
such that
j
a
1
:::a
n
h
]
`
?
G
0
succeeds with rank (
m k
)
:
2. THE OPERATIONAL SEMANTICS
391
f(0,0)
]
Q
fails with rank (0
0) if
G
=
p
is an atom and
p
6
=
a
i
(for all
i
),
p
6
=
h
,and
for all
G
0
!
q
2
,
q
6
=
p
.
f(m, k+1), i
]
Q
fails with rank (
m k
+1) if
G
=
G
1
^
G
2
and
j
a
1
:::a
n
h
]
`
?
G
1
fails with rank (
m k
), or
j
a
1
:::a
n
h
]
`
?
G
2
fails with rank (
m k
)
:
f(m, k+1), ii
]
Q
fails with rank (
m k
+1) if
G
=
a
)
G
1
and
j
a
1
:::a
n
a
true
]
`
?
G
1
fails with rank (
m k
)
f(m,k), iii
]
Q
fails with (
m k
)if
G
=
p
and
p
6
=
a
n
h
,and
1. for all clauses
G
1
!
p:::G
t
!
t
2
j
a
1
:::a
n
h
]
`
?
G
j
fails with rank (
m
j
k
j
)
and
k
=
max
f
k
1
:::k
t
g
+1,
2. if
p
=
a
i
, (with 1
i<n
), then
j
a
i
+1
:::a
n
a
i
]
`
?
?
succeeds with rank (
m
0
k
0
) for some
m
0
k
0
,
3. if (2.) applies, then
m
=
max
f
m
1
:::m
t
m
0
+1
g
, otherwise
m
=
max
f
m
1
:::m
t
g
.
The last item
f
(
m k
)
iii
covers several cases (it may also be
k
= 0). An atom fails if
it cannot be proved by means of the program clauses and, whenever it is in the list
of the removable atoms, it cannot be consistently assumed. Thus, this case is dual to
s
(
m
+1
0) and
s
(
m k
+1)
iii
. In particular, if there are no clauses with head
p
,and
p
=
a
i
(for some
i
,1
i<n
), and
j
a
i
+1
:::a
n
a
i
]
`
?
?
, succeeds with rank
(
m
0
k
0
) for some
m
0
k
0
,then
Q
fails with rank (
m
0
+1
0).
It is clear that if
Q
succeeds (fails), then there exist a pair (
m k
), suchthat
Q
succeed (fails) with rank (
m k
).
Example 2
Let =
f
a
^
b
!?
b
^
c
!?g
. Then
j
c
b
]
`
?
b
succeeds with rank (0
0),
j
c
b
]
`
?
c
succeeds with rank (0
0),
j
c
b
]
`
?
b
^
c
succeeds with rank (0
1),
j
c
b
]
`
?
?
succeeds with rank (0
2),
j
b c
a
]
`
?
b
fails with rank (1
0),
j
b c
a
]
`
?
a
^
b
fails with rank (1
1),
j
b c
a
]
`
?
b
^
c
fails with rank (1
1),
j
b c
a
]
`
?
?
fails with rank (1
2),
j
a b c
]
`
?
a
succeeds with rank (2
0),
j
a b
]
`
?
c
)
a
succeeds with rank (2
1).
To conclude this section we state the following
monotonicity
,and
cut
properties of
the operational semantics. They will be useful to prove the completeness of the proof
procedure.
392
A Language for Handling Hypothetical Updates and Inconsistency
Proposition 1
If
j
x
]
`
?
G
succeeds, then also,
j
x
]
`
?
G
succeeds.
If
j
x
]
`
?
G
fails, then also,
j
x
]
`
?
G
fails.
Proof
By induction on the rank, the proof is easy, but tedious we omit the details.
2
Proposition 2
(a) If
(a1)
j
p
]
`
?
G
succeeds, and
(a2)
j
q
]
`
?
p
succeeds,
then
j
q
]
`
?
G
succeeds.
(b) If
(b1)
j
p
]
`
?
G
succeeds, and
(b2)
j
q
]
`
?
G
fails,
then
j
q
]
`
?
p
fails.
(c) If
(c1)
j
p
]
`
?
q
succeeds, and
(c2)
j
p
]
`
?
G
fails,
then
j
q
]
`
?
G
fails.
Proof
(sketch) First notice that the properties concern only local hypothesis, which
are removed when we change context, that is, in the case of the evaluation of a
conditional, and in the case of atoms requiring a consistency check.
(a) If the local hypothesis
p
is actually used in any successful derivation
D
of (a1),
it must be exactly in a node in which
p
itself is the asked goal, that is
(
)
j
p
]
`
?
p:
To obtain a derivation
D
0
of
j
q
]
`
?
G
we proceed as in
D
we replace every
node of the form (*) by the query
j
q
]
`
?
p
, and we append a successful
derivation of (a2).
(b) Suppose that the claim does not hold, and let
D
be a non-failed derivation of
j
q
]
`
?
p
. Then, we can turn any successful derivation
D
0
of (b1) into a
non-failed derivation
D
00
of (b2), by appending
D
under anynode(ifany) in which
p
is called in
D
00
(that is of the form
j
q
]
`
?
p
). Wehave a contradiction.
(c) Similar to (b).
2
3 Applications
In this section we show some examples of usage of our language. We begin with a
very simple instance of default reasoning
3
.
Example 3
Let
P
=
j
normal
bird
be a program with protected part
=
f
bird
^
normal
bird
!
fly
.
bird
.
3
For an overview of default logic we refer to 22].
3. APPLICATIONS
393
penguin
!
notf ly
.
fly
^
notf ly
!?
:
g
Both the goals
G
1
=
fly
and
G
2
=
penguin
)
notf ly
succeed from
P
. On the other
hand, the goal
G
3
=
penguin
)
fly
fails.
The language provides the notion of preference among assumptions as a basic fea-
ture. Hence, it allows to represent in a natural way inheritance with exceptions and
instances of default reasoning in which some assumptions are preferred with respect
to others.
Example 4
Consider the following four mo dules
person
,
unemployed
,
tom
and
paul
(the example is adapted from 13]).
person
=
f
taxpayer
g
unemployed
=
f
not rich
!
not taxpayer
g
tom
=
f
not rich
g
paul
=
fg
.
Suppose that in addition there is the constraint:
taxpayer
^
not taxpayer
!?
.
The module
unemployed
is more specic than
person
in the inheritance hierarchy.
Let us assume that
tom
is unemployed, i.e., the module
tom
is lower in the hierarchy
than
unemployed
, while
paul
is simply more specic than
person
. We want more
specic modules to inherit from the more general ones. Moreover, we wantmore
specic information to override more general one, in case of conict.
Since our language does not allow to specify priorities among clauses, but only
among atomic formulas, and the database is a whole unstructured set of clauses, we
will regard the specication above as a shorthand for the following set of clauses :
person
!
taxpayer
unemployed
^
not rich
!
not taxpayer
tom
!
not rich
taxpayer
^
not taxpayer
!?
where the atoms
person
,
unemployed
,
tom
occurring in the body of the clauses are
used to represent their priorities. If we want to prove the goal
taxpayer
in the
hierarchy of modules
<
person, unemployed, tom
>
then we need to ask the query:
person
)
unemployed
)
tom
)
taxpayer
. This query fails, since the assumption
unemployed
overrides the assumption
person
, so that the more sp ecic rule is pre-
ferred. On the other hand the goal
person
)
unemployed
)
tom
)
not taxpayer
succeeds, and the same does the goal
person
)
paul
)
taxpayer
.
As it is clear from the examples above, the most straightforward way to represent
defaults in our language is to make use of the underlying belief revision machinery,
and to regard atoms in the revisable list as normal defaults without prerequisite. For
instance, in Example 3 wehave encoded the default rule
:
normal
bird
=normal
bird
394
A Language for Handling Hypothetical Updates and Inconsistency
by adding the atom
normal
bird
to the list. In this waywecan naturally represent
normal defaults. Notice that, if there is more than one default rule (and hence several
assumptions in the program list) the operational semantics forces a priority among
them, when they are mutually inconsistent.
Let us assume that we are given a set of normal default rules of the form
S
=
f
:
d
1
=d
1
:::
:
d
n
=d
n
g
,
together with some background knowledge
P
(a set of clauses and integrity con-
straints). If wewant to compute a goal
G
from
P
and the set
S
of default rules, we
can call the query:
d
1
)
d
2
)
:::d
n
)
G
,
where the
d
i
's are removable atoms. The goal
G
will be proved in the database
resulting from the addition of the default assumptions
d
1
,
d
2
,...,
d
n
in that order.
Therefore, default rules are applied before issuing the goal
G
and a priority is forced
among them (
d
n
has the highest priorityand
d
1
the lowest one). In this way, a total
ordering is dened among default rules, so that there is always a unique extension. We
can adopt a similar encoding of default rules for normal default rules
with
prerequisite
22]. A default rule of the kind:
:
=
can be represented by making use of the clause
^
M
!
where
M
is a new default assumption the priority of the default rule will be given
by the priority associated with
M
.
Example 5
Consider the following normal default theory (
D W
), with
W
=
f
unistudent
(
paul
)
adul t
(
john
)
g
and
D
as follows:
unistudent
(
X
):
:
employed
(
X
)
=
:
employed
(
X
)
adult
(
X
):
employed
(
X
)
=employed
(
X
)
unistudent
(
X
):
adult
(
X
)
=adult
(
X
).
Typically,wewanttogive preference to the rst default with respect to the second
one, if both of them are applicable. Moreover, wewanttogive the maximal preference
to the third default. This default theory can be represented by the program containing
the following clauses in its protected part :
unistudent
(
X
)
^
M unemployed
(
X
)
!
unemployed
(
X
)
adult
(
X
)
^
Memployed
(
X
)
!
employed
(
X
)
unistudent
(
X
)
^
M adult
(
X
)
!
adult
(
X
)
unistudent
(
paul
)
adult
(
john
)
unemployed
(
X
)
^
employed
(
X
)
!?
3. APPLICATIONS
395
Proving the goal
employed
(
paul
) from the default theory corresponds to asking for
the goal
M empl oy ed
(
paul
)
)
Munemployed
(
paul
)
)
Madult
(
paul
)
)
employed
(
paul
),
where the atoms
M unemployed
,
Memployed
and
Madult
are regarded as remov-
able. This goal fails from the program, since the three assumptions are inconsistent
with each other and the assumption
Memployed
(
paul
)is givenalower prioritythan
the assumption
M unempl oy ed
(
paul
), and hence it is removed. On the contrary the
goal
M empl oy ed
(
john
)
)
Munemployed
(
john
)
)
M adult
(
john
)
)
employed
(
john
)
succeeds, since the assumptions
M employed
(
john
),
M unemployed
(
john
),
M adul t
(
john
)
are consistent.
The update mechanism of our language is suitable for dealing with the
frame
prob-
lem. In 9] and 10], we have shown in some detail how planning problems can be
formulated in our language by representing the state changes caused by an action as
an update. The revision mechanism of the language makes true in the new state all
facts that held in the previous state and are consistentwiththechanges.
3.1 Representing negation as failure (in normal programs)
To conclude this section we mention that in our language, we can easily represent
conventional logic programs with negation as failure (NAF), i.e.,
normal
programs.
For this class of programs we are able to model exactly SLDNF resolution 15].
Our way of representing NAF is similar to its abductive reconstruction 4]. In-
formally, the idea is to introduce, for eachatom
q
, a new atom
q
and to add the
constraint
q
^
q
!?
Let us denote by
not
q
the negation by failure of
q
, so that wehave
`
not
q
i
6`
q
Hence, by the constraintabovewehave:
6`
q
i
f
q
g
is consistent.
That is, asking whether
not
q
succeeds is equivalent to ask whether
q
can be consis-
tently assumed. The point is that we can represent in our language the query: Is
q
consistent with ? by asking whether an initial update by
q
persists after an empty
update (say,anupdateby
true
) from . In few words, we represent the query ab out
the consistency of
q
by the goal
q
)
true
)
q
.
More precisely, a normal program
P
,(i.e. containing NAF, but not embedded
implications, nor constraints), can be represented in our language by a program
P
containing:
the clauses obtained from those of
P
by replacing each negative goal
not
q
with
the goal
q
)
true
)
q
, and
for each new symbol
q
, the constraint
q
^
q
!?
:
396
A Language for Handling Hypothetical Updates and Inconsistency
Hence, the program
P
=
P
j
contains only permanent clauses and constraints,
and no removable atoms. Let us see how the goal
q
)
true
)
q
is proved from
P
:
P
j
]
`
?
q
)
true
)
q
, (*)
P
j
q
]
`
?
true
)
q
P
j
q true
]
`
?
q
failure check of
P
j
true
q
]
`
?
?
Wemust check that
P
j
true
q
]
`
?
?
fails. Since
P
only contains constraints of the form
p
^
p
!?
and no atom
p
is dened in
P
, the only rule applicable to derive
?
is
q
^
q
!?
:
Hence, (*) succeeds if
P
j
true
q
]
`
?
q
^
q
fails, that is, if
P
j
true
q
]
`
?
q
fails. Since (a)
q
can only occur in conditional goals (of the form
q
)
true
)
q
), (b)
the evaluation of
any
conditional goal wipes out the local assumption
q
, and (c) the
initial update
true
is irrelevant, we obtain that the query above fails if and only if
P
`
?
q
fails.
Notice that the transformation performed on a program
P
to obtain a program
P
,
can be performed on goals to o. Namely, in the following proposition we apply the
transformation to anypair(
P G
), obtaining a pair (
P
G
), byby replacing also each
negative goal
not
q
in
G
with the goal
q
)
true
)
q
, and adding the constraint
q
^
q
!?
to
P
. We can prove the following proposition.
Proposition 3
For all normal programs
P
and normal goals
G
,
G
succeeds for
P
in SLDNF i
P
`
?
G
succeeds
G
fails for
P
in SLDNF i
P
`
?
G
fails.
Although we are able to represent negation as failure in normal programs (without
updates and constraints) bytheabove encoding, we are not able to model negation
as failure in general (i.e., when embedded implications are present). We will come
back to this matter in the last section of the paper.
4. LOGICAL CHARACTERIZATION OF THE LANGUAGE
397
4 Logical Characterization of the Language
In this section, we develop a logical characterization of our non-monotonic language
in two steps. First, weintroduce a three-valued conditional logic which describes the
monotonic component of the language. Then, we dene a completion construction
in that logic, which is a standard way of representing a non-monotonic consequence
relation within a monotonic logic. Weprove the soundness and completeness of our
procedural semantics with respect to such a completion construction. Before present-
ing the technical details, let us intuitively motivate our approach.
The use of a conditional logic is supported by our intuition: the evaluation of a
conditional
A
)
B
requires us to move from the current state, to a new state in which
A
holds and it is as "close as possible" to the current one. Here closeness is intended
as "everything that held in the older state and is consistentinthenewonemust still
hold in the new one". Standard p ossible-world semantics for conditional logics makes
use of a world-selection function
f
as follows: given a formula
A
and world
w
,
f
(
A w
)
is intended as the set of the closest worlds to
w
which satisfy
A
and so to evaluate a
conditional
A
)
B
in a world
w
,wehavetocheck whether
B
holds in all worlds in
f
(
A w
).
Moreover, we have to reason hypothetically about sequences of updates and we
havechosen to privilege more recent information in case of conict (inconsistency).
We will need specic conditions or axioms to force the persistence of a fact whichis
consistent with the entire sequence of subsequent updates.
Our conditional logic is three-valued. This is motivated by the fact that our op-
erational semantics involves the notion of nite failure, and we wanttodistinguish
between general unprovability and nite failure. Three-valued logic is perhaps the
simplest machinery to this purpose and its use is in semantics of logic programming
is widespread and well understood. The three values intuitively correspond to the
possible results of a computation: success (true), failure (false), and lo op (undened).
The language of our logic, we call 3C, contains
)
and
2
(necessary) in addition to
the usual propositional connectives (
:
,
^
,
!
). We present the logic 3C semantically.
We restrict the language so that the antecedent of a conditional mayonlybeanatom.
The language is then dened according to the following abstract syntax:
F
::=
true
j
p
j
F
^
F
j:
F
j
a
)
F
j
F
!
F
j
2
F:
Wenowgive the semantics of the language
Denition 1
A structure
M
for 3C is a triple (
WfV
)where
W
is a non empty
set of worlds,
f
is a function of type
Atoms
W
!
Pow
(
W
) and
V
,theevaluation
function is of type
Atoms
W
!f
t
f
u
g
.The evaluation function can be extended
to all formulas as follows:
V
(
true w
) =
t
V
(
A
^
B w
) =
8
<
:
t
if
V
(
A w
)=
V
(
B w
)=
t
f
if
V
(
A w
)=
f
or
V
(
B w
)=
f
u
otherwise
V
(
A
!
B w
) =
8
<
:
t
if
V
(
A w
)=
f
or
V
(
B w
)=
t
or
V
(
A w
)=
V
(
B w
)
f
if
V
(
A w
)=
t
and
V
(
B w
)=
f
u
otherwise
398
A Language for Handling Hypothetical Updates and Inconsistency
V
(
:
A w
) =
8
<
:
t
if
V
(
A w
)=
f
f
if
V
(
A w
)=
t
u
otherwise
V
(
a
)
B w
) =
8
<
:
t
if
8
w
0
2
f
(
a w
)
V
(
B w
0
)=
t
f
if
9
w
0
2
f
(
a w
)
V
(
B w
0
)=
f
u
otherwise
V
(
2
B w
) =
8
<
:
t
if
8
w
0
2
W V
(
B w
0
)=
t
f
if
9
w
0
2
W V
(
B w
0
)=
f
u
otherwise
We dene also equivalence
A
$
B
as (
A
!
B
)
^
(
B
!
A
)We can observe that the
truth conditions for propositional connectives are the same as in Lukasiewicz three-
valued logic. In the above denition, nothing is assumed about the interpretation of
the atom
?
in particular it is possible that
V
(
?
w
)=
t
for some
w
4
.
Furthermore, we restrict our consideration to structures
M
whose the selection
function
f
satises some special conditions. Let us denote by
F
]
M
=
f
w
2
W
:
V
(
F w
)=
t
g
:
Then we stipulate that:
C1
f
(
a w
)
a
]
M
C2 if
w
0
w
00
2
f
(
a w
), then
8
b: f
(
b w
0
)=
f
(
b w
00
)
C3 if
b
6
=
?
, then
f
(
a w
)
\
b
]
M
6
=
The rst condition ensures that an hypothetical update is always successful, that is
for all
w
,
V
(
a
)
a w
)=
t
.
The second condition expresses the behaviour of conditionals we intuitively expect
by the operational semantics: the value of a conditional
a
)
B
in aworld
w
, only
depends on the sequence of up dates whichleadsto
w
, and do es not depend on what
atoms hold in
w
.
The last condition is needed by our interpretation of local hypotheses and incon-
sistency it says that if
b
6
=
?
, then there is always a world w' in
f
(
a w
)whichmakes
b
true. Intuitively, when wecheck the consistency of
b
after an update
a
,we assume
that
b
is true after the update
a
and we check whether
?
is derivable under this
assumption, that is we check whether
a
)
(
b
!?
)holds. Thus, we must be able
to assume that
b
is true in some world in
f
(
a w
), otherwise we would have that
b
trivially implies everything, and hence
?
, after the update
a
.
We dene validity and entailment for logic 3C as usual. Wesaythat
A
is valid in
a structure
M
(denoted by
M
j
=
A
) , if for all
w
2
W V
(
A w
)=
t
. This denition
4
This interpretation of
?
may seem unnatural at a rst sight, but is what wewant in order to representintegrity
constraints. The pointisthatwe do not wanttobeabletoderiveeverything from the violation of an integrity
constraint, since the inconsistency might be no more than a temporary state, and successive updates might recover
consistency.For example let be
a
!?
wehave that both the goals
a
)
b
)
a
and
a
)
b
)
c
fail. The rst one
fails by the fact that
a
gives an inconsistency and hence at the next step is ruled out by
b
the second one bythe
fact that there is no way to deduce
c
,oncethat
a
and
b
have been inserted into the database. If weinterpreted the
constraint
a
!?
as
a
is always false (
2
:
a
), wewould havethat
a
implies everything and hence both the above
goals would have to succeed.
4. LOGICAL CHARACTERIZATION OF THE LANGUAGE
399
extends to arbitrary sets of formulas
S
:
M
j
=
S
if
M
j
=
B
for every
B
2
S
. Given a
setofformulas
S
and a formula
A
wesay that
S
entails
A
if for every
M
,if
M
j
=
S
then
M
j
=
A
. Wesaythat
A
is valid if
j
=
A
.
Below, we list some valid formulas and inference rules. The problem of a complete
axiomatization of our logic will be treated elsewhere.
(a1)
a
)
a
(a2)
:
(
a
):
(
b
)
F
))
!
(
a
)
b
)
F
)
(a3) if
b
6
=
?
,then
:
(
a
):
b
)
(a4)
2
B
!
(
c
)
2
B
)
(a5)
2
(
A
!
B
)
!
(
2
A
!
2
B
)
(a6) (
a
)
F
^
G
)
$
(
a
)
F
)
^
(
a
)
G
)
(a7)
2
(
A
!
B
)
!
2
(
c
1
)
:::c
k
)
(
D
!
A
))
!
2
(
c
1
)
:::c
k
)
(
D
!
B
))
Axioms (a1) - (a3) follows from conditions (c1) - (c3). Axiom (a4) accounts for the in-
teraction between conditionals and modality. Axiom (a5) is the standard distribution
axiom of normal modal logics. Then, wehave the Necessitation Rule:
j
=
A
j
=
2
A
and a standard conditional rule (RCK)
j
=
A
!
B
j
=(
c
)
A
)
!
(
c
)
B
)
and Modus p onens
j
=
A
!
B
j
=
A
j
=
B
The following proposition shows that local hypotheses do not matter in the evaluation
of conditionals.
Proposition 4
Let
a
,
b
and
h
, (with
h
6
=
?
) be atoms and
F
be an arbitrary formula.
j
=
a
)
(
h
!
(
b
)
F
))
$
(
a
)
b
)
F
)
Proof
One direction (right to left) is trivial. Weprovethat
j
=
a
)
(
h
!
(
b
)
F
))
!
(
a
)
b
)
F
)
:
Let
M
=(
WfV
)beany structure and
w
2
W
,weshow that that
V
(
a
)
(
h
!
(
b
)
F
))
!
(
a
)
b
)
F
)
w
)=