The Design of a Situation-Based Lygon Metainterpreter: I. Simple Changes and Persistence.

Abstract

this report, the author was supported by Project Dynamo, funded by EPSRC. The views expressed in the report are the author's own, and the principal investigators of the project -- John Bell and Wilfred Hodges -- bear no responsibility for them. 5 Two-Sided Resolution 16 6 Implementation 17

Full text

The Design of a Situation-Based
Lygon Metainterpreter:
I. Simple Changes and Persistence.

Dr. G. White
Department of Computer Science
Queen Mary and Westeld College
Mile End Road, London
graham@dcs.qmw.ac.uk
October 18, 1996
:::
all things stedfastness doe hate
And changed be: yet being rightly wayd
They are not changed from their rst estate;
But by their change their being doe dilate:
And turning to themselves at length again,
Doe work their own perfection so by fate;
Then over them Change doth not rule and raigne;
But they rayne over change, and doe their states maintaine.
Spenser
Contents
1 Introduction 2
1.1 Linear Logic
::::::::::::::::::::::::::::::
4
1.2 Pro of Theory and Reality
::::::::::::::::::::::
4
1.3 The Philosophy of State Transitions
: : : : : : : : : : : : : : : :
6
2 Generalities 7
2.1 The Language
:::::::::::::::::::::::::::::
7
2.2 The Predicates
::::::::::::::::::::::::::::
7
3 Logical Form 10
4 Rules 12
4.1 Environment-Splitting Rules
:::::::::::::::::::::
14
4.1.1 The One-Sided Case
:::::::::::::::::::::
14
4.1.2 The Two-sided Case
:::::::::::::::::::::
15

During the comp osition of this report, the author was supported by Project Dynamo,
funded by EPSRC. The views expressed in the report are the author's own, and the principal
investigators of the project { John Bell and Wilfred Hodges { b ear no responsibility for them.
1

5 Two-Sided Resolution 16
6 Implementation 17
6.1 Realisability
::::::::::::::::::::::::::::::
18
6.2 Pro of Search
:::::::::::::::::::::::::::::
24
A Examples 25
A.1 The Yale Shooting Problem
:::::::::::::::::::::
25
A.2 The Stanford Murder Mystery
:::::::::::::::::::
26
A.3 The Russian Shooting Problem
:::::::::::::::::::
26
A.4 The Stolen Car Problem
:::::::::::::::::::::::
28
B How to Fail 29
B.1 Types of Failure
:::::::::::::::::::::::::::
29
B.2 Linear Failures
::::::::::::::::::::::::::::
30
B.3 Quadratic Failures
::::::::::::::::::::::::::
30
B.4 Worse Complexity
::::::::::::::::::::::::::
32
B.5 Timings
::::::::::::::::::::::::::::::::
32
List of Tables
1 A Linear Inference Representing a State Change
: : : : : : : : :
9
2 Situation Calculus Sequent Rules
::::::::::::::::::
13
3 Realisability Conditions
:::::::::::::::::::::::
19
4 A Linear Failure
:::::::::::::::::::::::::::
31
5 A Quadratic Failure
:::::::::::::::::::::::::
31
6 Comparative Timings
::::::::::::::::::::::::
33
1 Introduction
The so-called \frame problem" is concerned with the computational representa-
tion of persistence and change, typically in situations which concern movements
of, and changes in, everyday physical ob jects. There are extended uses of the
term which apply to more general situations of persistence and change; I shall
not be concerned with these.
A solution to the frame problem must, of course, full several criteria, and
there has been a good deal of progress lately in formulating such criteria in
appropriately technical ways. [20, 21] However, we must not forget that these
technical criteria are themselves answerable to less technical intuitions, and
that these intuitions { non-technical though they may b e { make up our basic
understanding of the problem, from which our investigations start. In particular,
the following two questions must always be asked:

Do we understand the mathematics that we are using?

Do we understand why the mathematics solves the problem that we are
addressing?
2

The latter question, in particular, is an awkward one: it can be successfully
answered for at least some areas of mathematics (calculus, for example, is the
area of mathematics which deals with problems of continuity, and it is useful
for solving problems which have to do with continuity; algebraic topology has
to do with the relation between local and global, and is useful for problems in
that area). And even answering the rst question is a little tricky: answering
it involves not merely an ability to reproduce proofs, but to explain why things
are proved in the way they are, to understand why certain things are provable
and certain things are not.
In this respect much current work on the frame problem does not do very
well, even though it has its pages quite impressively adorned with complex
formulae. We can distinguish two distinct approaches. One would be to say
that the frame problem can be solved by \non-monotonic logic", without any
further specication: but this is hardly enough to answer our questions. \Non-
monotonic logic" is not a positive description of an area of logic: it simply denies
that the logic possesses a certain characteristic. And so, not having a positive
characterisation, we cannot give a very informative answer to the questions
above: the reasons for using non-monotonic logic on the frame problem are
simply the reasons for using logic-in-general on the frame problem, which are
more or less the reasons for using logic-in-general on any problem at all. Now
this may be a very wholesome thing to do, and much has been written on why
it is a wholesome thing to do, but none of this (however inspirational it might
be) does much explanation.
The other approach would be to specify some particular brand of non-
monotonic logic, of which there are several. We can eliminate those that are
based on epistemic intuitions, such as Reiter's default logic or Moore's autoepis-
temic logic; [5, Chapters 2 and 3] the frame problem can be posed in a completely
non-epistemic setting, and seems to have, in that setting, all of its essential fea-
tures.
Then there are various approaches based either on circumscription (i.e. min-
imising the extension of predicates by means of a suitable second order formula)
or by using a preference relation on models. [5, Chapters 4 and 5] With all of
this there are two basic problems. The rst is that of accounting for the relevant
concept { minimisation or the preference relation. What do es it
mean
? What
does it have to do with the frame problem? And the second is this: that such
features (especially minimisation) behave extremely badly when combined with
logical functors of mixed variance. For example, to minimise the extension of
P
is to maximise the extension of
:
P
; and how are we to decide on whether
P
or
:
P
is the \real" predicate, which is to be minimised? The two problems
interact here: b ecause we do not understand what minimisation has to do with
the frame problem, we nd it dicult to give principled answers to the question
of what should be minimised. And principled answers are not a luxury; they
are a necessity when we have to deal with genuinely complex situations.
Then there are logics that have to do with classication and taxonomies,
such as inheritance systems. [5, Chapter 8] Although these do seem to b e
principled ways of coping with problems of classication, their relevance for the
frame problem seems limited; so far as we can understand it, it has nothing to
do with taxonomy.
3

1.1 Linear Logic
We are proposing the use of linear logic to solve the frame problem. Linear
logic is based on the idea of a
resource
: a resource is something which, after
you've used it, you don't have it any more. This seems appropriate for the frame
problem; if we consider, for example, the position of a block as a resource, then
we can do nothing to it (in which case we still have it), or we can use it in
an operation which replaces the position with a new p osition. So this seems at
least to b e the beginning of an answer to why linear logic should solve the frame
problem.
The importance of linear logic for handling an analogous problem has been
recognised for some while in the theoretical computer science community. There
has, for a long while (since the 60's, at any rate) been a tendency to divide the
behaviour of a machine into two parts, the
store
and the
environment
; the
environment would consist of (

-calculus like) variable bindings and the store
would consist of rewritable memory locations. Whereas the environment enjoyed
referential transparency and seemed to be amenable to standard mathemati-
cal techniques, the store emphatically could not be handled in a referentially
transparent manner. There was, correspondingly, a tendency to regard it (and
program concepts which used it, such as imperative assignment or objects) as
somehow not susceptible to the usual techniques of mathematical analysis: as
Abelson, Sussman and Sussman write, \no simple model with `nice' mathe-
matical properties can be an adequate framework for dealing with objects and
assignment in programming languages". [1, p. 175]
However, when linear logic was discovered, it became evident that it might
oer remarkable advantages in the analysis of mutable ob jects; by now a good
deal of such analysis has been performed, with some success.
There has not been so much work on applications of linear logic to \real-
world" problems (and, in particular, to the frame problem). However, there has
been some work: as well as direct uses of linear logic, [15] there are two other
approaches, which are each equivalent to linear proof search: [4, 12] the rst uses
Bibel's \connection metho d" with modications to the proof search procedure
which eectively turn it into a theorem prover for (multiplicative) linear logic.
[10, 11] Secondly, there a formulation (again, essentially of multiplicative linear
logic) as an equational theory using a single binary term, which corresponds to
the linear tensor product. [13, 8]
Although this work has shown the computational viability of this approach,
it is still somewhat limited in the fragment of linear logic that it can handle (it
works entirely within the multiplicative fragment). We will extend the treat-
ment to support a much larger fragment of linear logic, which will handle, for
example, the Stolen Car Problem (for which one needs additive connectives).
Furthermore, we can also, by using modal operators, handle ramication in a
principled way (this will be described in a subsequent technical report): previ-
ous work on ramication using linear reasoning has been somewhat
ad hoc
. (Cf.
[24])
1.2 Proof Theory and Reality
There is, however, one possible objection that we will have to deal with. It
can be phrased as follows: that linear logic is naturally conceived in terms of
4

proof-theory, and that, although various semantics for linear logic can be given,
none of them is, on its own, completely satisfactory. Linear logic, although it
can be
assigned
a semantics, is best conceived syntactically. And whereas a
syntactically presented system may have go o d mathematical prop erties, unless
it also has an intuitively meaningful semantics, its connection with reality is
dicult to establish; as Barwise puts it,
I am a grandstudent of Tarski. I grew up believing that seman-
tics comes rst, proof theory afterwards. If my career has been
devoted to anything, it is to that belief. My current work, on se-
mantic theories of information, is still in that direction. Trying to
give an information-theoretic (in the semantic sense of information)
foundation to logic and inference.
So while I love the elegance of Gentzen systems, and did some
work in them years ago, I genuinely have trouble understanding sys-
tems that are not given an intuitively meaningful semantics, whether
formal or not, to motivate the rules of the system. [2]
One can respond to this argument as follows. Although it is tempting to
align proof theory with some sort of purely mental construction, and similarly
to say that semantics is how a theory becomes connected to reality, it is an
alignment which is surprisingly dicult to sustain. Many \semantics" which
are assigned to logical theories are themselves the result of Lindenbaum con-
structions, or term models, or the like { that is, they assign, to the terms of
a theory,
mathematical constructions
rather than directly assigning elements of
reality. It is (perhaps) true that correlations of the terms of a language with
elements of reality will be a semantics in the mathematical sense (or, more pre-
cisely, correlations
of a certain sort
); however, this certainly does not establish
that all mathematical semantics are correlations of the terms of a language with
reality. So one half of the conventional position seems to fail: not all semantics
gives us a connection with reality.
The other half of this position asserts that proof theory cannot be used to
connect us with reality. It can be met by showing how one can view proof
theory (at least in some cases) as establishing a connection between language
and reality. This is, in the general case, a matter of some technical diculty
(a good deal of Girard's work on the geometry of interaction is concerned with
establishing a presentation of proof theory in a suciently \coordinate-free"
way for claims like this to make sense). However, in the simple sort of cases
that we are considering, we can establish some connections.
A good place to start is with Davidson's work on actions. He is concerned
to account for several linguistic phenomena, notably the fact that action sen-
tences can have an arbitrary number of adverbial qualiers (e.g. \Jones buttered
the toast slowly, delib erately, in the bathroom, with a knife, at midnight" [7,
pp. 106]). Davidson argues (on these grounds, and also on the grounds of other
phenomena, such as anaphora), that a correct analysis should be something like
9
x:
buttered
(
Jones
;
the toast
; x
)
^
slowly
(
x
)
^
:::
where the variable
x
will stand for an
action
(of buttering the toast), which
is identied by the rst conjunct
buttered
(
Jones
;
the toast
; x
) and then further
qualied by further conjuncts. Although Davidson does not identify what sort
5

of component of reality such an
x
might be, he do es argue fairly convincingly
that there ought to be such things; there are many linguistic phenomena which
seem to demand them for a proper analysis, and which also seem to show that
such things would be components of reality rather than merely linguistic or
mental entities.
What we should observe is that, if we represent the change from
not buttered
to
buttered
by a linear logic proof (and such a representation can in principle
be constructed using the methods described in this report), then this proof can
well ll in the role that
x
plays in the analysis above; such a proof, that is,
will sp ecify how the toast comes to be buttered, breaking the process down into
constituent actions, and, from such an analysis as the proof p erforms, we can
decide whether each of the adverbial predicates apply to this action or not. In
other words,
actions are the referents of linear logic proofs
; this (if it can be
established with careful enough arguments) will establish the sort of connection
between linear logic and reality that we need. And it should be noted that
proofs
are precisely what we need here, because proofs are intensional; and, as
is clear from the work of Davidson and others, actions are intensional. (See [28,
IV
x
8]) When we describe an action, we describe, not merely the state transition
that took place, but also how it was brought about; and it is precisely this sort
of intensionality that linear proof theory gives us.
1.3 The Philosophy of State Transitions
Von Wright wrote a treatment of \the logic of action" [28] which has become
the basis of much subsequent philosophical work. He rst investigates the logic
of state chance, using expressions like
p T q
to denote the transition from a state
where
p
obtains to a state where
q
obtains [28, Chapter II]; he then adds to this
operators
d
and
f
, where
d
(
p T q
) means that the agent in question
brings about
the state change from
p
to
q
. Similarly,
f
(
p T q
) means that the agent refrains
from bringing ab out the change from
p
to
q
.
This is an imp ortant and very early precursor of the linear logic approach,
so it is worth discussing. On the whole, the formalism is remarkably similar {
we would write
d
(
p T q
) as
p
(
q
{ with the following provisos:

von Wright restricts himself to what could be called
decidable
state de-
scriptions: that is, there is a set of atomic facts, and, for each such fact
and for a given state vector, either
p
or its negation is in the state vector
(where the negation here is not linear negation but some sort of classical
negation operator: a similar formalism is used in [9]). We do not need
this restriction, so our theory is somewhat more general.

von Wright is working with classical modal logic, which means that, in our
terms, he is working with only the additive connectives (except, of course,
for

T

). Although a surprising amount can be done in this framework, it
can become a little awkward, and uses decidability a good deal (see, for
example, the surprisingly clumsy proof by enumeration in [28, I I
x
8]).

von Wright restricts his actions to cases where \the change
:::
does not
happen, as we say, `of itself ',
i.e. independently of the action of the agent
:::
If a door is so constructed that a spring or other mechanism pulls it
open as soon as it has b ecome closed, then there is no such
act
as the act
6

of opening this door". [28, p. 43] This involves talk both of the agent's
doings and of natural happenings in the world; although we could handle
this, we will not do so at this stage.

von Wright has a two-level theory, where one level consists of propositional
descriptions of state changes and the other is generated by the modal
operators
d
(

) and
f
(

) applied to state changes. We also have a two-level
theory, but one level consists of
states
, not state transitions, and on the
other level we have
proofs
of a successor state given an initial state and
an action. We could introduce notation such as von Wright's
d
(
p T q
) to
stand for some sort of primitive action, of course, which would make a
more direct translation possible: for example, equation (4), denes the
action of loading, could equally well dene it as
d
(
unloaded
T
loaded
).
2 Generalities
2.1 The Language
We have argued, then, that linear logic is a natural candidate for reasoning
about the frame problem. We still have to decide how this logic is to be used
computationally; we will use the linear logic programming language Lygon, [14]
for several reasons.
The rst is that logic programming is based on a
relational
, rather than a
functional, paradigm. This is appropriate for our problem: we want to be able
to tackle both temp oral pro jection, reasoning forwards in time, and explanation,
reasoning backwards, and even combinations of the two (the Stanford Murder
Mystery problem
1
requires a combination of prediction and explanation). A
functional language would give us a unidirectional solution. Furthermore, we
want to be able to handle indeterminacy (for example, the Stolen Car Problem
2
does not have a determinate solution). Again, a functional approach would not
handle this cleanly.
Secondly, it is clear from the above discussion that
proofs
are very signi-
cant: they mo del the intensionality of agency. So we might expect a Prolog-like
language such as Lygon, in which execution can be regarded as proof search, to
be appropriate; and this turns out to b e the case.
Thirdly, Lygon allows the use of Prolog code (via the
prolog
(

) predicate).
This will be important for implementation, because we will be dealing with rel-
atively large data structures (we want to be able to cope with mo del \worlds"
of reasonable size, containing, say, a few thousand objects). Although it is
theoretically possible to implement data structures directly in Lygon, it is com-
putationally rather inecient (it overloads the branch p oint stack), and calling
a Prolog implementation turns out to be considerably better.
2.2 The Predicates
We are concerned, then, with developing a metainterpreter, for Lygon, which
will implement something close to the situation calculus (it will not exactly be
the situation calculus because the linear connectives are ner-grained than the
1
See p. 26.
2
See p. 28.
7

classical connectives employed in the situation calculus). We will not use the
characteristic situation calculus notation with a
result
function; instead, we will
have a triadic relation, which we will write
h
X
j
A
`
Y
i
. Here
X
and
Y
can
be thought of as state vectors; that is, they will behave like tensor products of
atomic prop ositions.
A
will be, typically, a linear implication, and will bring
about a state change, erasing some propositions from the \input state",
X
, and
putting others in their place in the \output state",
Y
. Given such a predicate,
we can do a variety of entertaining and useful things; for example, we can
chain state transitions together (by solving
h
X
j
A
`
Y
i
N
h
Y
j
A
`
Z
i
), we
can perform temporal pro jection (by chaining forwards from a known
X
) and
we can perform explanation (by chaining backwards from a known
Y
).
This predicate will, as we have said, implement a metainterpreter for Lygon.
The provability of
h
X
j
A
`
Y
i
(maybe from premises ?) will itself correspond
to the validity of a sequent ?
; X; A
`
Y
. So we have two interpretations of
h
X
j
A
`
Y
i
; one in terms of state changes, and one in terms of linear prov-
ability. If we can show that these two interpretations agree with one another,
this can be viewed as an expression of the principle that linear logic is a logic
of state. In particular, linear logic pro ofs will represent state changes. Thus, if
we have a situation with block
b
1 at p osition
l
1, then this can be represented
by the proposition
at
(
b
1
; l
1), and the action of moving the block from
l
1 to
l
2
can be represented by the inference
at
(
b
1
; l
2)
`
at
(
b
1
; l
2)
at
(
b
1
; l
1)
`
at
(
b
1
; l
1)
(
L;
at
(
b
1
; l
1)
;
at
(
b
1
; l
1)
(
at
(
b
1
; l
2)
`
at
(
b
1
; l
2)
we should also notice that, if we have other, unchanged, elements of the state,
these are handled correctly, as the inference in Table 1 shows.
However, besides wanting this metainterpreter to be logically correct, we
also want it to be computationally ecient. In practice, this will mean the
following. The state changes that are considered in AI are those in which one
can have a large state vector, but in which, at any one time, only a small number
of components of the state vector change: one may have, for example, a large
number of objects in a ro om, but only a small number will change at a particular
time. This seems to be realistic; as Shanahan says, \most uents are unaected
by most actions". [22, p. 20] So we would like a metainterpreter which will do
well in such situations.
This desideratum can be expressed in two ways: in terms of complexity,
and in terms of pro of. We are representing state changes by proofs: the identity
state change ought to correspond to the identity proof. Consider a state change,
represented by the sequent
h
X
j
A
`
Y
i
. Because most of the state vector is
unaected, we can write
X
=
X
0

Z
and
Y
=
Y
0

Z
, where
X
0
and
Y
0
are the
sub-vectors which play a role in the state change. \Restricted to
Z
", our pro of
must b e the identity proof: i.e.
Desideratum 1.
We must have a proof

of
h
X
0
j
A
`
Y
0
i
, and our original
8

at
(
b
1
; l
2)
`
at
(
b
1
; l
2)
at
(
b
1
; l
1)
`
at
(
b
1
; l
1)
(
L
at
(
b
1
; l
1)
;
at
(
b
1
; l
1)
(
at
(
b
1
; l
2)
`
at
(
b
1
; l
2)
at
(
b
2
; l
3)
`
at
(
b
2
; l
3)




at
(
b
3
; l
4)

:::
`
at
(
b
3
; l
4)

:::

R
at
(
b
2
; l
3)
;
at
(
b
3
; l
4)

:::
`
at
(
b
2
; l
3)

at
(
b
3
; l
4)

:::

L
at
(
b
2
; l
3)

at
(
b
3
; l
4)

:::
`
at
(
b
2
; l
3)

at
(
b
3
; l
4)

:::
at
(
b
1
; l
1)
;
at
(
b
2
; l
3)

at
(
b
3
; l
4)

: : : ;
at
(
b
1
; l
1)
(
at
(
b
1
; l
2)
`
at
(
b
1
; l
2)

at
(
b
2
; l
3)

at
(
b
3
; l
4)

:::

L
at
(
b
1
; l
1)

at
(
b
2
; l
3)

at
(
b
3
; l
4)

:::;
at
(
b
1
; l
1)
(
at
(
b
1
; l
2)
`
at
(
b
1
; l
2)

at
(
b
2
; l
3)

at
(
b
3
; l
4)

:::
Table 1: A Linear Inference Representing a State Change
9

proof must be of the form:




X
0
; A
`
Y
0
Z
`
Z

L
Z; X
0
; A
`
Z

Y
0

R
Z

X
0
; A
`
Z

Y
0
(1)
Notice that this is very similar to the deduction in Table 1, except that
we have slightly enlarged our inference system to allow ourselves the identity
sequent on the (p ossibly large) state vector
Z
without having to resolve it into
components.
We can reformulate this using propositional quantication:
Desideratum 2.
Our proof must arise from a proof of
`

Z: Z

X
0
; A
(
Z

Y
0
by substitution for the propositional variable
Z
and a subsequent application
of
(
R.
This leads to the complexity-theoretic form of our desideratum:
Desideratum 3.
Whatever the complexity of the search for the subproof

might be, the search for the \
Z
-component" ought to take constant time: that
is, the size of
Z
ought to play no role in the complexity of proof search.
3 Logical Form
Lygon is based on the idea of uniform proof. This can be describ ed as follows:
we dene recursively two classes of formulae { the denite formulae,
D
, and the
goal formulae,
G
{ and we consider sequents of the form
D ` G
, where
D
is here
a multiset of denite formulae and
G
a multiset of goal formulae. For suitable
choices of
D
and
G
, one can then show that such sequents can always be proved
in a
goal-directed
way; that is, that (with the exception of the so-called
resolution
rules) we can always use sequent calculus rules whose principal connectives are
in
G
. The resolution steps { even though they have principal connectives in
D
{ can be selected by the choice of a formula in
G
. So, in practice, proof
search in Lygon can b e governed by examining the formulae in
G
: that is, it is
goal-directed
. In typical situations this is computationally ecient: that is,
D
is large and xed, and can thus b e considered as a program, whereas
G
is small
and not xed, and can thus be considered as input data.
We should remark here that, because of the duality properties of linear logic,
the fact that we generally write such sequents with
G
on the right and
D
on
the left is merely conventional; pro ofs of a sequent with, let us say, a formula
A
on the right are trivially equivalent to proofs of a sequent with
A
?
on the
left. So the theory of uniform proof would also apply to sequents of the form
` D
?
;
G
, or, for that matter, with some mixture of
G
and
D
?
on the right and
some mixture of
D
and
G
?
on the left. All that matters is that, on each side,
we can divide the formulae into active and passive in such a way that we can
always prove such sequents using a proof search strategy which is directed by
the active formulae.
Given, then, our predicate
h
X
j
A
`
Y
i
, which of its arguments should be
active and which should be passive? We know that
X
and
Y
are typically
10

large, whereas
A
is typically small;
A
, then, should be active, whereas
X
and
Y
should be passive. This is because uniform proof proceeds by selecting principal
connectives in goal formulae; if the goal formulae are small, then this search will
be rapid. At the end of the proof, of course, the proof has to resolve the atomic
components of the goal formulae with the denite formulae; however, if
X
and
Y
are stored in some appropriately indexed data type, then this resolution can
be done eciently, despite the size of
X
and
Y
.
This gives us some restrictions on the logical form of
X
and
Y
. We are
looking, let us remember, at sequents of the form ?
; A; X
`
Y
. For standard
Lygon,
D
and
G
are dened as follows, where

stands for the class of atomic
formulae. (see [17, Denition 2.23]):
D ?!

j
1
j ? j D  D j D
O
D j D
N
D j
G
(

j G
(
? j
^
x
:
D j
!
D
G ?!

j
1
j ? j > j G  G j G
O
G j G
N
G j G  G j
D
(
G j
^
x
:
G j
_
x
:
G j
!
G j
?
G
These are, of course, denitions for
D
on the left of a sequent and
G
on the
right; we may derive from these denitions of the dual classes, i.e.
G
?
{ goal
formulae on the left of a sequent { and
D
?
{ denite formulae on the right.
In the sequent corresponding to
h
X
j
A
`
Y
i
,
X
should be a denite for-
mula, and is on the left of the sequent: that is,
X
should be in
D
. On the
other hand,
Y
is a denite formula on the right, so we have
Y
2 D
?
. How-
ever, we want to be able to chain these sequents (by writing something like
h
X
j
A
`
Y
i
N
h
Y
j
B
`
Z
i
), so that the same formulae ought to be able to
occur in the
X
-position and in the
Y
-position. So
X
and
Y
ought certainly to
be in
D \ D
?
.
However, there are further restrictions. The formulae
A

(
B
O
C
) and (
A

B
)
O
C
both belong to
D \ D
?
; however, we have the valid inference
A
`
A
B
`
C B
`
C
O
L
B
O
C
`
B; C

R
A;
(
B
O
C
)
`
(
A

B
)
; C

L
A

(
B
O
C
)
`
(
A

B
)
; C
O
R
A

(
B
O
C
)
`
(
A

B
)
O
C
(2)
So, if we allowed passive formulae to be of this form, we would have the valid
state change
h
A

(
B
O
C
)
j
1
`
(
A

B
)
O
C
i
without any active formulae at
all. This is problematic, for several reasons.
The rst is that it is inecient computationally. Goal-directed pro of search
would handle such inferences by searching for them whenever the active for-
mula context became empty. (Cf. the rule for an empty context given in [17].)
If the passive formulae were large, this could impose an undue penalty. This
can be thought of as a reformulation of the identity desideratum: the desidera-
tum would say that the sequent
h
X
j
1
`
X
0
i
should only have (at most) one
solution, corresponding to the identity proof with
X
=
X
0
.
11

The second is that, from the point of view of phenomena we are modelling
(that is, state changes against a background of mostly unchanging ob jects),
such inferences would correspond to nondeterministic spontaneous changes in
the background. Although they do genuinely happen (bo okshelves fall over
without provocation, things go bump in the night, and so on), such happenings
tend to be rather deliberately ruled out as part of the idealisation implicit
in the frame problem. Although there has been some work on spontaneous
evolution of the background (Reiter calls such evolution steps \natural actions"
[18]), it is denitely an extension of the frame problem as originally p osed.
Such work is also still rather experimental: indeed, Reiter's treatment only
covers natural actions which \must occur at their predetermined times", rather
than the nonderministic spontaneous actions which inferences such as (2) would
admit. At least as a rst approximation, then, we are probably justied in
ignoring such changes.
3
If we wish to rule out such behaviour, then, we will have to restrict the
syntax of passive formulae: a little thought reveals that they will have to be of
the form
N
i
2
I
A
i
, where the
A
i
are atoms.
The active formula
A
, of course, should come from the class
G
?
; there is no
need to write down a denition of this.
4 Rules
We are now in a position to write down some rules: see Table 2. As we have seen,
proof-theoretic treatments of logic programming have placed the goal formulae
G
on the right of sequents, and the denite formulae
D
on the left. This is not
obligatory: the basic dierence between
G
and
D
is that the former are \active"
{ their principal connectives are selected as the proof is constructed { whereas
the latter are \passive" { their role in the proof is limited to the resolution
and tensor steps, and those steps are actuated by selecting active formulae.
Consequently, if we dualise the rules appropriately, we can allow both active
and passive formulae on either side.
Because of its intended application to the situation calculus, our original
notation {
h
X
j
A
`
Y
i
{ had passive formulae (
X
and
Y
) on both sides, but
an active formula (
A
) only on the left. However, active formulae on the right
may well be introduced in the course of a proof, so that we will have to change
our notation. If we were being pedantic, we could write our sequents with two
regions on each side (something like
h
X
j
A
`
B
j
Y
i
), but this would be un-
necessarily cumbersome; what we really want to keep track of is the fate of
the state vectors
X
and
Y
, so we shall simply write our sequents ?
h
X
`
Y
i
,
where
X
and
Y
are state vectors and where ? and  are the other formulae in
the context.
X
and
Y
are, of course, passive; there may be other passive for-
mulae around (typically exponentiated components of ? which represent \laws
of nature"), but we have simply assumed, when writing down the rules, that
they make sense, i.e. that the non-resolution rules always have active principal
3
And it may be that we can cite Aristotle in support:
ToÜ d pä tÔxhj oÎk êstin âpistmh
di podeÐcewj. oÖte gr ±j nagkaØon oÖq ±j âpÈ tä polÌ tä pä tÔxhj âstin, ll tä
par taÜta ginìmenon;  d pìdeixij qatèrou toÔtwn.
(
Anal. Post.
87
b
19f.) However, the
interpretation of Aristotle's doctrine of chance events is notoriously controversial { see [23] {
so one should probably beware of glib citation.
12

Single Premise Rules:
?
;
h
X
`
Y
i

1
; 
2
;

O
R
?
;
h
X
`
Y
i

1
O

2
;

?
; 
1
; 
2
h
X
`
Y
i


L
?
; 
1


2
h
X
`
Y
i

?
h
X
`
Y
i

1
;


R1
?
h
X
`
Y
i

1


2
;

?
h
X
`
Y
i

2
;


R2
?
h
X
`
Y
i

1


2
;

?
; 
1
h
X
`
Y
i

N
L1
?
; 
1
N

2
h
X
`
Y
i

?
; 
2
h
X
`
Y
i

N
L2
?
; 
1
N

2
h
X
`
Y
i

?
; 
h
X
`
Y
i

?
R
?
h
X
`
Y
i

?
;

?
h
X
`
Y
i
;

?
L
?
; 
?
h
X
`
Y
i

Environment Copying Rules:
?
h
X
`
Y
i

1
;
 ?
h
X
`
Y
i

2
;

N
R
?
h
X
`
Y
i

1
N

2
;

?
; 
1
h
X
`
Y
i
 ?
; 
2
h
X
`
Y
i


L
?
; 
1


2
h
X
`
Y
i

Environment Splitting Rules:
?
1
h
X
1
`
Y
1
i

1
;

1
?
2
h
X
2
`
Y
2
i

2
;

2

R
?
1
;
?
2
h
X
1

X
2
`
Y
1
O
Y
2
i

1


2
;

1
;

2
?
1
; 
1
h
X
1
`
Y
1
i

1
?
2
; 
2
h
X
2
`
Y
2
i

2
O
L
?
1
;
?
2
; 
1
O

2
h
X
1

X
2
`
Y
1
O
Y
2
i

1
;

2
Resolution Rules:
?
1
h
X
`
Y
i

2
!?
2
; y
h
1
`
y
i
?
2
resL
?
1
;
!?
2
; y
h
X
`
Y

y
i

1
;
?
2
resR
!?
h
x
`?i
x;
?
Ax
!?
; x
h
1
`?i
x;
?
Eq
!?
h
X
`
X
i
?
Here the spaces of the predicate
h ` i
can be occupied either by a state vector
or by
?
;
O
of two state vectors is undened, and
Y
1
O
Y
2
is only dened when
at least one of the
Y
's is a
?
.
Table 2: Situation Calculus Sequent Rules
13

formulae. In practice, this does not cause any signicant ambiguity. Similarly,
we will also ignore questions of permutability with passive formulae that are not
represented in
h
X
`
Y
i
; these formulae will be handled as usual by Lygon's
proof search mechanism, and the proofs of p ermutability will go through for
them without change.
The single premise rules, and the environment copying rules, present little
diculty. They are clearly sound { that is, if the premises are valid sequents
(with the intended interpretation of
h ` i
), then so is the conclusion. For
completeness, we need to establish the following:
Proposition 1.
The single premise rules and the environment copying rules
given are sucient for proof search: i.e. if there is a proof whose lowest active
formula rule is a single premise rule or an environment copying rule, and which
has one or more passive formula rules below that rule, then the passive formula
rules can all be permuted above the given rule.
Proof
The only passive formula rules that we are concerned with are

L
and

R; by the table of permutabilities [25, p. 340] this can always be done.

4.1 Environment-Splitting Rules
The environment-splitting rules, however, take a little more consideration. We
will rst review what happens in the one-sided case.
4.1.1 The One-Sided Case
In the one-sided case, goal formulae only occur on the right, and we solely have
to consider right rules; environment splitting, then, only occurs with the rule

R. This rule takes the following form (see [17, p. 192]): we suppose that our
sequent can be written
D
; C
`
G
1

G
2
;
G
(3)
where the left hand side is a multiset of clauses { these will be clausal decom-
positions of denite formulae { including the clause
C
, and the right hand side
is a multiset of goal formulae. The application of the tensor rule will come in
two stages: not all the left rules are permutable with the right tensor rule, so
we must be able to apply a certain number of left rules before we can get round
to

R. We can assume that the formulae in
D
have already been decomposed
to some extent (for example, that any tensor products occurring at the top
level have been expanded); this can be thought of as a sort of \compile-time"
expansion of the denite formulae. The products of this expansion are called
clauses
. However, the necessary expansion cannot all be done at compile time;
the exponentials, for instance, can give rise to an unbounded number of ex-
panded formulae, simply by applying the contraction rule an arbitrary number
of times. Furthermore, if we have a formula in
D
whose principal connective
is
O
, it cannot be split at compile time, since splitting it involves dividing the
environment. So some expansion takes place during pro of search, at \run-time";
Pym and Harland call the products of this expansion
components
. For example,
consider the entailment
(
A

B
)
O
C
`
(
B

A
)
O
C
14

The application of the
O
R rule to the goal gives
(
A

B
)
O
C
`
(
B

A
)
; C
We now have to apply the
O
L rule to the denite formula: this decomposes the
sequent into the components
A; B
`
B

A C
`
C
and from here one merely needs to apply

R.
The general case of the

R rule is very similar. If we are faced with an
entailment of the form (3), we rst decompose the left hand side into clauses
and then the entailment into components, until we arrive at something of the
form:
D
0
;
D
0
0
`
G
1

G
2
;
G
0
;
G
0
0
D
1
` G
1
:::
D
n
` G
n
we then apply

R to the rst sequent, obtaining
D
0
`
G
1
;
G
0
D
0
0
`
G
2
;
G
0
0
D
1
` G
1
:::
D
n
` G
n
4.1.2 The Two-sided Case
By contrast, our case is both simpler and more complex. It is (trivially) more
complex because we want passive and active formulae on both sides. This means
that there are now two environment-splitting rules, and the same considerations
apply to both. However, it is also substantially simpler, because the only denite
formulae that we have to handle explicitly are the state vectors, which are much
simpler than denite formulae in general. (There might be denite formulae in
the environment which are not state vectors, but we can leave it up to Lygon's
usual mechanisms to handle these).
We have, then,
Proposition 2.
By permuting inferences, applications of

R can be put into
the form
?
1
h
X
1
`
Y
i

1
?
2
h
X
2
`?i

2

R
?
1
;
?
2
h
X
1

X
2
`
Y
i

1
;

2
or into the form
?
1
h
X
1
`?i

1
?
2
h
X
2
`
Y
i

2

R
;
?
1
;
?
2
h
X
1

X
2
`
Y
i

1
;

2
and similarly for applications of
O
L.
Proof
We have to examine which passive formula rules are impermutable
with

R (or, respectively,
O
L). Our passive formulae only have

as a con-
nective, so the only passive formula rules that we have to consider are

R and

L.

R can be permuted above anything, whereas

L cannot, in general, be
permuted above environment splitting rules. ([25, p. 340],
mutatis mutandis
.)
After permuting all of the other passive rules above our application of

R to
an active formula, we are left with

L below

R: this gives inferences of the
above form.

15

Notice that none of this requires us to decompose the entailment into com-
ponents; this is b ecause there are no passive environment-splitting rules that
are impermutable with active environment-splitting rules.
Normally, Lygon would this system by decomposing the left-hand state vec-
tor into its atoms at the start of the deduction. However, this would be unac-
ceptably cumbersome due to the size of the state vectors; we do have to apply

L to the the left vector, but we want to do so as little as possible. We have
to apply it once before each environment-splitting rule, but that is all.
5 Two-Sided Resolution
We have now shown that we can transform any proof of one of our sequents into
a form where (apart from the stated exceptions) the passive formula rules all
occur ab ove the active formula rules. We must, then, consider how to deal with
these rules. We can assume that the active formula rules have been applied as
far as possible, i.e. that we have a sequent of the form ?
h
X
`
Y
i
, where ?
and  consist either of atoms or of passive formulae other than state vectors.
Furthermore, we can assume that ? does not contain
1
or
0
, and that  does
not contain
>
or
?
(otherwise the appropriate active formula rules could have
been applied).
First we need:
Lemma 1.
If
!?
0
;
?
h
X
`
Y
i

is provable by means of a sequence of resolution
rules, where
?
and

consist of linear atoms, then it must be one of the following:

!?
0
h
1
`
1
i
,

!?
0
; A
h
1
`?i
A
,

!?
0
; A
h
1
`
A
i

!?
0
; A
1
;:::A
i
h
A
i
+1

:::

A
n
`
A
1

:::

A
n
i
Proof
A trivial induction.

We can now establish:
Proposition 3.
If
?
h
X
`
Y
i

is a provable sequent where
?
and

are either
atoms or are passive, then it has a proof which uses only the resolution rules.
Proof
We proceed by cases, examining the rule applied in the b ottom step
of the proof.
Axiom
The sequent must be of the form !?
0
; A
`
A
, with
A
an atom. There
are four sub cases:

? = !?
0
[ f
A
g
,  =
f
A
g
.

? = !?
0
[ f
A
g
,
Y
=
A
. We apply resL, followed by Eq to close the
left hand branch.

X
=
A
,  =
f
A
g
. We apply resR.

X
=
Y
=
A
. We apply Eq.
16


R or

L
We can conveniently treat these rules together. We may have
several applications of

L with an application of

R above it; after some
manipulation, we can arrive at something of the form

1



!?
0
;
?
1
h
X
1
`
Y
1
i

1

2



!?
0
;
?
2
h
X
2
`
Y
2
i

2
!?
0
;
?
1
;
?
2
h
X
1

X
2
`
Y
1

Y
2
i

1
;

2
where 
1
and 
2
can inductively be assumed to be of the desired form.
Now we use the lemma to establish the possible forms for the two se-
quents !?
0
;
?
1
h
X
1
`
Y
1
i

1
and !?
0
;
?
2
h
X
2
`
Y
2
i

2
; an argument by
cases shows that, for each feasible combination, the original sequent can
be proved using resolution rules.

We have, then, a version of resolution proof for our restricted form of two-
sided sequents, and we have seen that it is sound and complete. We can now
worry about implementation.
6 Implementation
In an implementation, we will represent these dierent collections of formulae
as follows. We will have a two-place Lygon predicate, which we will write
seq
(
X; Y
), where
X
and
Y
are state vectors: this predicate will represent our
h
X
`
Y
i
. It will be executed in an environment containing the elements of ?
and ; the active members of these will b e encoded in the form
left
(

) and
right
(

), respectively. Since it is the elements of ? and  which drive the (goal-
directed) proof-search, this can be simulated in our metainterpreter by giving
suitable clauses for terms in their representations, clauses which match their
principal connectives.
Consider, for example, the term
right
(
A
O
B
). This term will match the rule
right
(
A
O
B
)
right
(
A
)
O
right
(
B
);
the term will thus be replaced by a
O
of terms in the same environment. Now
when we are verifying the correctness of a rule like this, there are two things to
check:
1. that the environments are correct: that is, that each environment has
exactly one clause of the form
h
X
`
Y
i
in it, and that there are the right
number of environments;
2. that the distribution of resources among the environments is correct.
In the case of this rule, these conditions are both easy to verify; if the environ-
ment was correct beforehand (that is, if it had exactly one
seq
(
X; Y
), and if it
had the correct resources), then it will b e correct afterwards, since it remains a
single environment with exactly the same resources, and, according to the rule
O
R, this is how it ought to behave. The same analysis holds for all of the single
premise rules: that is, for
O
R,

L,

R1,

R2,
N
L1,
N
L2,
?
L and
?
R.
17

Consider now the connective
N
on the right. The corresponding clause will
be
right
(
A
N
B
)
right
(
A
)
N
right
(
B
)
:
On execution (and subsequent execution of the external
N
) the original context
will be replaced by two contexts, with exactly the same resources, except for
the replacement of
A
N
B
by
A
in one and
B
in the other. So both criteria are
satised: the environment has been correctly replaced by two environments,
both of them have only one clause of the form
h
X
`
Y
i
in them, and b oth of
them have exactly the same resources as before (apart from the replacement
of
A
N
B
). The same goes for the clause corresponding to

on the left; this
accounts for the rules in the second group.
The problem, however, comes with the rules

R and
O
L; that is, the rules
which split environments. The rst problem that we shall face is this: what form
do the sequent calculus rules take for our two-sided calculus? Having decided
this, we will have to decide how to implement those rules in our metainterpreter.
The answer to the rst question is clear. An environment-splitting rule such
as
?
1
h
X
1
`
Y
1
i

1
;

1
?
2
h
X
2
`
Y
2
i

2
;

2

R
?
1
;
?
2
h
X
1

X
2
`
Y
1
O
Y
2
i

1


2
;

1
;

2
can be simulated by a Lygon clause
(
seq
(
X
1

X
2
; Y
1
O
Y
2
)
O
right
(
A

B
))
(
seq
(
X
1
; Y
1
)
O
right
(
A
))

(
seq
(
X
2
; Y
2
)
O
right
(
B
))
:
If there are other propositions in the environment, then they will be split cor-
rectly by Lygon's handling of the top-level

s in the above rule and others like
it.
However, there is one thing we have ignored; that is, the splitting of the
state formulae
X
and
Y
.
6.1 Realisability
Suppose, then, that we consider the initial
X
and
Y
as global ob jects. As we
have said, they will in practice be large tensor products of atoms, and they can
thus be regarded as large vectors. Correspondingly, let such an atom be called a
component
of the corresponding vector. Consider one of the components of one
of these vectors { a component of
X
, let us say. If we follow it up from the ro ot of
the proof tree, it will go one way or the other at the environment splitting rules,
it will be duplicated at the environment copying rules, and otherwise it will be
unaected. It will thus correspond to a subtree of the proof tree, which forks
only at the environment copying rules. Similarly, the whole vector
Y
will go one
way or another at the environment splitting rules and the environment copying
rules, and will be split up at the left resolution rules. We thus have a pair of
functions, from the components of
X
(respectively
Y
) to the set of subtrees
of the proof tree. These functions, of course, must satisfy certain conditions,
namely those in Table 3. The advantage of this viewpoint is that
X
and
Y
(together with the tra jectories of their components) are now global ob jects: we
18

Single Premise Rules:
?
;
h
f
`

g
i

1
; 
2
;

O
R
?
;
h
f
`

g
i

1
O

2
;

?
; 
1
; 
2
h
f
`

g
i


L
?
; 
1


2
h
f
`

g
i

?
h
f
`

g
i

1
;


R1
?
h
f
`

g
i

1


2
;

?
h
f
`

g
i

2
;


R2
?
h
f
`

g
i

1


2
;

?
; 
1
h
f
`

g
i

N
L1
?
; 
1
N

2
h
f
`

g
i

?
; 
2
h
f
`

g
i

N
L2
?
; 
1
N

2
h
f
`

g
i

?
; 
h
f
`

g
i

?
R
?
h
f
`

g
i

?
;

?
h
f
`

g
i
;

?
L
?
; 
?
h
f
`

g
i

Environment Copying Rules:
?
h
f
l
`


l
g
l
i

1
;
 ?
h
f
r
`


r
g
r
i

2
;

N
R
?
h
f
l
N

f
r
`

g
l
N

g
r
i

1
N

2
;

?
; 
1
h
f
l
`


l
g
l
i
 ?
; 
2
h
f
r
`


r
g
r
i


L
?
; 
1


2
h
f
l
N

f
r
`

g
l
N

g
r
i

Environment Splitting Rules:
?
1
h
f
l
`


l
g
l
i

1
;

1
?
2
?
; 
2
h
f
r
`


r
g
r
i

2
;

2

R
?
1
;
?
2
h
f
l


f
r
`

g
l
O

g
r
i

1


2
;

1
;

2
?
1
; 
1
h
f
l
`


l
g
l
i

1
?
2
; 
2
h
f
r
`


r
g
r
i

2
O
L
?
1
;
?
2
; 
1
O

2
h
f
l


f
r
`

g
l
O

g
r
i

1
;

2
Passive Formula Rules:
?
h
f
`


l
g
i

resL
?
; A
i
h
f
`

g


(
i
7!


r
)
i

resR
!?
h
(
i
7!

)
`

?i
A
i
;
?
Ax
!?
; A
h
1
`

?i
A;
?
Eq
!?
h
f
`

f
i
?
In the rules

R and
O
L, the right-hand argument place of
h
X
`

Y
i
can be
occupied either by a function or by
?
;
O
of two such items is only dened if at
least one of them is
?
.
Table 3: Realisability Conditions
19

do not have to make any decisions about splitting
X
or
Y
when we apply active
rules { what we rather have to do is to make appropriate decisions ab out the fate
of the components of
X
and
Y
when we apply resolution and axiom rules, and,
using these decisions, we can synthesise trajectories for all of the components of
X
and
Y
. The evaluation of the constraints on such decisions, and the synthesis
of the resulting functions, can be carried out, lazily and deterministically, using
global variables in Lygon.
Table 3 uses some notation, which is dened as follows. We label sequents
(i.e. nodes of the pro of tree) by tags, which are dened thus:
Denition 1.
A
tag
is a string over the alphabet
f
l; r
g
. The empty string is
written [], and singleton strings are written [
l
] and [
r
]. If

1
and

2
are tags,
their concatenation is written

1


2
. Tags such as [
t
1
]

[
t
2
]

[
t
3
]
:::
are written
[
t
1
; t
2
; t
3
:::
]. By abuse of notation,


[
t
] is written


t
.
Tags are attached to sequents according to the following rules:
Denition 2.
The root of a proof tree is tagged with []. Single premise rules
are tagged thus:
?
0
`


0
?
`


Twin-premise rules are tagged thus:
?
0
`


l

0
?
00
`


r

00
?
`


We can thus tag a proof-tree inductively, starting from the root. Notice
that, if two sequents are separated by single-premise rules, they have the same
tag; it is easy to check that this non-uniqueness does not aect our uses of tags
(i.e. any functions which we dene with domain the set of tags are genuinely
single-valued).
Components of
X
and
Y
are lab elled with
trajectories
, which are dened as
follows.
Denition 3.
A
trajectory
is a binary tree whose edges and root are labelled
with tags.
We will draw trajectories thus, with the root at the bottom (here
T
l
and
T
r
are subtrees):
T
=
T
l


l
T
r

r
Here

will be called the
root tag
,

l
will be called the
left tag
, and

r
the
right
tag
. The tree
T
l
, lab elled at its root with

l
, will be called the
left subtrajectory
;
the tree
T
r
, labelled at its root with

r
, will b e called the
right subtrajectory
. If
we are only interested in the root tag, we can write our trajectories
T
=
T

.
We dene the following constructors:
20

Denition 4.
The
initial trajectory
is the tree consisting of a single node, la-
belled with []. Call the initial tra jectory
I
.
Denition 5.
If

is a tag and
T
is a trajectory, we dene


T
by


T

0
=
T



0
.
Denition 6.
If
T
1
and
T
2
are two tra jectories, then
T
1
+
T
2
is dened by
T
1

1
+
T
2

2
=
T
1
[]

1
T
2

2
.
Now we dene the relation
/
as follows:
Denition 7.
For trajectories
T
;
T
l
and
T
r
, and tags

and

0
, we have:
1.
 /
I
i

= [];
2.



0
/ 

T
i

0
/
T
;
3.
l

 /
T
l
+
T
r
i
 /
T
l
;
4.
r

 /
T
l
+
T
r
i
 /
T
r
.
In pictures,
/
looks like this:

 /
T



0
;



l


0
/
T
l


l
T
r

r
i

0
/
T
l

l
;



r


0
/
T
l


l
T
r

r
i

0
/
T
r

r
.
Thus,

lies on
T
i we use it up in dening a path on
T
, starting at the root
label, using initial segments to traverse edges with those labels, and, whenever
we come to a node, using the head element (either
l
or
r
) to branch appropri-
ately. Notice that the tags

behave like queues: as we build the prooftree, we
push elements onto the back of the tags involved, whereas, when we follow the
trajectory of a proposition in a completed proof-tree, we pop elements o the
front of a tag.
Example 1.
Consider the following tra jectory:
 

[
l;r;l;l;r
][
l;r;r;r
]

[
l; r
]
[
r
] [
l;l;l
]
If we call this trajectory
T
, then we have [
l
]
/
T
, [
l; r; r; l; l
]
/
T
, [
l; r; r; l; r
]
6
/
T
,
[
l:r; l; r; r; l
]
/
T
, [
l; r; l; r; r; r
]
6
/
T
, [
l; r; l; r; r; l; l; l ; l
]
6
/
T
.
21

We will use trajectories to mark the paths of components of the state vectors
during a pro of. More precisely:
Denition 8.
Let
?!
A
=
N
i
2I
A
i
be a \state vector", let
f
be a partial function
dened on
I
with values in the space of trajectories, and let

be a arbitrary
tag. Then let

(
I
; f
)
(

=
f
i
2 I j
 / f
(
i
)
g
, and let

(
?!
A ; f
)
(

=
N
i
2
(
I
;f
)
(

A
i
.
We will be considering state vectors together with such partial functions; for
a node

in a pro oftree,
?!
A
(

will be the subvector of
A
that takes part in the
sequent

. Now we want to show how we can synthesise functions like
f
from
their restrictions
f
(

, where

is a leaf of the pro oftree.
First we dene a couple of initial functions:
Denition 9.

1
is the everywhere undened partial function on
I
. (We
write it
1
because it represents the nullary tensor product, i.e.
1
.)

If
i
2
I
and if

is a tra jectory, then
i
7!

is the function which maps
i
to

and is elsewhere undened.
Then we dene the following operations on functions:
Denition 10.
Let
f
and
g
be partial functions dened on
I
. Then

f


g
is dened i
{
there is no
i
for which both
f
(
i
) and
g
(
i
) are dened, and
{
if
f
(
i
) is dened, then
f
(
i
) =


l

f
0
(
i
), for some
f
0
(
i
), and
{
if
g
(
i
) is dened, then
g
(
i
) =


r

g
0
(
i
) for some
g
0
(
i
).
In this case, we let
f


g
(
i
) =
f
(
i
) or
g
(
i
) whenever either one of them
makes sense.

f
N

g
is dened i
{
for all
i
,
f
(
i
) is dened i
g
(
i
) is dened,
{
if
f
(
i
) is dened, then
f
(
i
) =


l

f
0
(
i
), and
{
if
g
(
i
) is dened, then
g
(
i
) =


r

g
0
(
i
).
In this case, we let
f
N

g
(
i
) =


(
f
0
(
i
) +
g
0
(
i
)) whenever this makes sense.
We now have
Proposition 4.
1.
(
?!
A ;
1
)
(

=
1
;
2.
(
?!
A ; i
7!

)
(

=
A
i
;
3. If
f


g
is dened, then
(
?!
A ; f


g
)
(

= ((
?!
A ; f
)
(


l
)

((
?!
A ; g
)
(


r
)
;
4. if
f
N

g
is dened, then
(
?!
A ; f
N

g
)
(

= ((
?!
A ; f
)
(


l
) = ((
?!
A ; g
)
(


r
)
.
22

Proof
The rst two are obvious. For the third, we need to show that (
I
; f


g
)
(

= ((
I
; f
)
(


l
)
`
((
I
; g
)
(


r
), where
`
is multiset union or disjoint union,
depending on taste.
4
For this, we have to show that, for each
i
,
 / f


g
(
i
)
i


l / f
(
i
) or


r / g
(
i
), but never both. However, whenever it is dened,
f
(
i
) =


l

f
0
(
i
), so whenever
f
(
i
) is dened,


l / f
(
i
); similarly for
g
and
f


g
. But, by the preconditions for the denition of


,
f


g
(
i
) is dened i
f
(
i
) or
g
(
i
) are dened, and the latter two are never true simultaneously. The
fourth is similar.

The purpose of this machinery is to be able to handle the passive components
of sequents by synthesising them starting from the leaves of a proof tree. We
have seen (p. 16) that the proof tree can be restructured so that its leaves are
instances of the passive formula rules; the corresponding rules in Table 3 show
how to assign functions to these rules. We can then use the other rules in the
table to assign functions to the rest of the nodes of the prooftree. From these
functions, we can use the
(
operation to recover the appropriate state vectors,
X
and
Y
, for each sequent in the tree.
This is still a little cumbersome, however; we have to work with a multiplicity
of functions. We can avoid this by using the following stability properties:
Proposition 5.
Let
f
and
g
be the functions attached to a node

, and let
f
0
and
g
0
be the fuctions attached to

0
, where

0
is an ancestor of

(i.e.

=

0


00
,
for some

00
. Then
(
?!
X ; f
)
(

= (
?!
X ; f
0
)
(

, and similarly for
Y
,
g
and
g
0
.
Proof
We prove this by induction on the length of

00
, so we can assume that

=

0

l
or

=

0

r
. Then the uppermost no de labelled with

must be the
conclusion of a two-premise rule; if it is an environment copying rule, then
f
0
must be obtained from
f
and another function by means of
N

0
, whereas if it is
an environment splitting rule (or resL) then
f
0
must be obtained from
f
and
another function by means of


0
. These are the only two-premise rules, so it
suces to verify the proposition in each of these cases.
Consider, for example, the case when

=

0

l
and where
f
0
=
f
N

0
h
.
We have to show that, for all
i
,
 / f
(
i
) i
 / f
0
(
i
). Since
f
N

0
h
is dened,
we must have
f
0
(
i
) is dened i
f
(
i
) is dened i
h
(
i
) is dened. These are
the only values of
i
we need consider. Fix one such, and let
f
(
i
) =


l

T
1
,
h
(
i
) =


r

T
2
; they must have this form since
f
N

0
h
is dened. So clearly
 / f
(
i
) and
 / f
0
(
i
). The other cases are similar.

We can, then, work with only one
f
and one
g
, namely those attached to
the ro ot of the pro of tree. Given a resolution proof, we have a global ob ject,
consisting of the two state vectors
X
and
Y
, and the two functions
f
and
g
;
these can be considered as a realiser of the original Lygon query (i.e. the active
formulae of the original sequent). That is, for each connective, we have clauses
of the form
R
realises
A

B
i
R
0
realises
A
and
R
00
realises
B;
for
R
recursively dened in terms of
R
0
and
R
00
, and we also have suitable
clauses giving the realisers for atoms.
4
This depends on whether we allow the indexing item
I
to be a set or a multiset; nothing
hangs on it.
23

6.2 Proof Search
We have a proof search algorithm, as follows:
Denition 11.
A realisability proof search will proceed as follows:
1. apply active rules until no more compound active formulae are left;
2. apply resL to the active atoms on the left-hand side of the sequent until
no more atoms are left;
3. assign functions to the leaves;
4. assign functions inductively to the rest of the tree until we assign a pair
of functions
f
and
g
to the root.
Notice that this pro cedure may fail at any stage after the rst: we may
not be able to apply resL to a left active atom because there may not be a
corresponding atom in
Y
, the leaves may not be axiom sequents so we may not
be able to assign functions to them, and the functions we assign may not satisfy
the preconditions for


and
N

to be dened.
However, we can prove that this procedure is sound and complete.
Theorem 1 (Soundness).
If the above procedure assigns a tree, together with
a pair of functions
f
and
g
, to our original sequent, then the sequent is valid.
Proof
Assign, to a node of the tree labelled with

, the vectors (
X; f
)
(

and (
Y; g
)
(

. We will show that the resulting tree is a resolution proof of the
sequent. We have to show that each node is the correct application of one of
the sequent calculus rules, and that all of the leaves correspond to axioms.
The leaves can only be assigned functions by the rules resR, Ax, and Eq,
and, after the leaves are assigned state vectors, these all become instances of
axiom rules.
As for the other nodes, it is clear that the single premises are correct ap-
plications of the rules. What is necessary for correctness is that these rules
should have the same state vectors assigned to premises and conclusion; how-
ever, the vectors only depend on the tags, and for single premise rules, premise
and conclusion have the same tags.
For the environment copying rules, suppose that the conclusion of such a
rule has tag

; the premises will then b e tagged with


l
and


r
. Let the
corresponding vectors be
X

,
X


l
, and so on; we have to show that
X

=
X


l
=
X


r
, and similarly for the
Y
's. Our functions
f
and
g
were built
up inductively over the tree; let
f
0
l
be the function constructed at the node


l
,
f
0
r
the function at the node


r
, and
f
0
be the function at the node

. By denition, we have
f
0
=
f
0
l
N

f
0
r
, and so, by Proposition 4, we have
(
X; f
0
)
(

= (
X; f
0
l
)
(


l
= (
X; f
0

r
)
(


r
. However, by Prop osition 5,
(
X; f
0
)
(

= (
X; f
)
(

, (
X; f
0
l
)
(


l
= (
X; f
)
(


l
, (
X; f
0
r
)
(


r
= (
X; f
)
(


r
,
which establishes what we want; the proof for the
Y
's is similar.
The proof for the environment splitting rules is exactly the same.

24

Theorem 2 (Completeness).
The above proof search algorithm is complete:
if there is a proof of the sequent
?
0
;
?
h
X
`
Y
i

, then the algorithm will nd
it.
Proof
Suppose that there is a proof of the sequent; we will permute inferences
in the proof so that it attains the desired form. We rst use Proposition 2 to
permute applications of the passive formula rules above the active formula rules,
apart from instances of

L o ccurring just b efore an environment-splitting rule.
The rst stage of the algorithm will then nd this part of the proof tree. The
sequents remaining when all of the active formula rules have been applied will
have (at most) active linear atoms on both sides; since the sequent is provable,
these sequents must have one of the forms given in Lemma 1. These sequents
can all be proved by applying resL rst and then using the other resolution
rules. Our algorithm will correctly nd a pro of tree of the desired shape; we
now show (by induction over the tree) that the assignment of functions to the
nodes is successful, and that, when we assign corresponding state vectors to the
nodes, we get a correct proof tree.

We have, then, a sound and complete proof search pro cedure which can deal
with situation calculus proofs in a computationally ecient way.
A Examples
This section contains several standard AI examples, handled using the formalism
that we have developed. Since this level of the formalism deals only with simple
changes and persistence, we will only b e dealing with examples that can b e
solved in this way (in particular, there will be no ramication). The examples
are mostly from John Bell's compilation [3].
A.1 The Yale Shooting Problem
The scenario is:
At time 1 a gun is loaded and pointed at Fred. Nothing relevant
happens at time 2. At time 3 the gun is red. [3, Example 3.4]
This can be solved by the following Lygon code. The program (i.e. !?
0
) consists
of the following background laws, which dene the eects of the two actions
(loading and sho oting):
!(
load
unloaded
?
O
loaded
) (4)
!(
shoot
(
alive

loaded
)
?
O
(
dead

unloaded
)) (5)
With this !?
0
(together with the code for the metainterpreter) we solve the goal
(cf. [14]):
h
alive

unloaded
j
load
`
X
i
N
h
X
j
1
`
Y
i
N
h
Y
j
shoot
`
Z
i
and we nd the following solution:
X
=
alive

loaded
Y
=
alive

loaded
Z
=
dead

unloaded
:
There are no other solutions.
25

A.2 The Stanford Murder Mystery
The scenario is:
In this variation of the Y[ale] S[hooting] P[roblem], Fred is alive at
time 1. A shoot action occurs at time 1. Nothing is known to happen
at time 2. Fred is known to be dead at time 3. When did Fred die,
and was the gun loaded initially? [3, Example 4.5]
We use the same code as for the Yale Shooting Problem, and solve the goal
h
alive

X
j
shoot
`
Y
i
N
h
Y
j
1
`
dead

Z
i
and we nd the solution
X
=
loaded
Y
=
dead

unloaded
Z
=
unloaded
:
There are no other solutions.
Notice the extent of code re-use between the Yale Shooting Problem; not
only is this economical, but it is intuitively satisfying (it makes clear that pre-
diction and explanation are applications of the same theory with a dierent
temporal direction; by contrast, Bell [3, Section 4] has to use dierent theories
for prediction and explanation, and has no way of coming to terms with the
intuition that prediction and explanation must use the same knowledge of the
world.)
A.3 The Russian Sho oting Problem
The scenario is
Fred plays Russian Roulette. He loads the revolver with a single
bullet, spins the magazine, puts the gun to his head and shoots. Is
he dead as a result?
It is important to be sensitive to language here: `shoots' cannot be right, because
it is what Ryle calls a \success word", that is, it is an action word whose use
presupposes the success of the action referred to.
There is another class of episodic words which, for our purposes,
merit special attention, namely the class of episodic words which
I have elsewhere labelled `achievement words', `success words' or
`got it words', together with their antitheses the `failure words' or
`missed it words'. These are genuine episodic words, for it is cer-
tainly proper to say of someone that he scored a goal at a particular
moment, repeatedly solved anagrams, or was quick to see the joke or
nd the thimble. Some words of this class signify more or less sud-
den climaxes or denouments; others signify more or less protracted
proceedings.
:::
The verbs with which we ordinarily express these gettings and
keepings are active verbs, such as `win', `unearth', `nd', `cure', `con-
vince', `prove', `cheat', `unlock', `safeguard' and `conceal'; and this
26

grammatical fact has tended to make people, with the exception of
Aristotle, oblivious to the dierences of logical b ehaviour between
verbs of this class and other verbs of activity or process. The dif-
ferences, for example, between kicking and scoring, treating and
healing, hunting and nding, clutching and holding fast, listening
and hearing, looking and seeing, travelling and arriving, have been
construed, if they have been noticed at all, as dierences between
co-ordinate species of activity or process, when in fact the dierences
are of another kind.
:::
One big dierence between the logical force of a task verb and
that of a corresponding achievement verb is that in applying an
achievement verb we are asserting that some state of aairs obtains
over and above that which consists in the performance, if any, of
the subservient task activity. For a runner to win, not only must
he run but also his rivals must be at the tape later than he; for a
doctor to eect a cure, his patient must both be treated and be well
again; for the searcher to nd the thimble, there must be a thimble
in the place he indicates at the moment he indicates it; and for the
mathematician to prove a theorem, the theorem must be true and
follow from the premises from which he tries to show that it follows.
An autobiographical account of the agent's exertions and feelings
does not by itself tell whether he has brought o what he was trying
to bring o.
:::
That is why we can signicantly say that someone has aimed in
vain or successfully, but not that he has hit the target in vain or
successfully; that he has treated the patient assiduously or unassid-
uously, but not that he has cured him assiduously or unassiduously.
[19, pp. 149.]
Thus,
shoot
, which was analysed above (5) as
!(
shoot
(
alive

loaded
)
?
O
(
dead

unloaded
))
cannot be part of a deduction unless we have
loaded
at the appropriate stage for
it to consume. (It also presupposes that the victim is alive beforehand; strictly
speaking, this is an analysis of the success word `sho ot dead'. We cannot shoot
dead someone who is already dead.
5
) This was appropriate for the stories we
used it in.
However, in this case the appropriate concept is not
shooting
, but
trying to
shoot
(or, arguably, something like
aiming and pul ling the trigger
): an action
which results in a shooting when the preconditions are satised, but not other-
wise. It is, in Ryle's terminology, the task verb which underlies the achievement
verb `to shoot'. The analysis of the task verb is
!(
try shoot
((
alive

loaded
)
?
O
(
dead

unloaded
))
N
(
unloaded
?
O
unloaded
))
We add to this a clause for spinning the magazine
!(
spin
1
N
(
loaded
?
O
unloaded
))
5
Cf. [28, p. 43]: \Only when the door
is
closed can it become opened. One cannot open
an open door."
27

(so that spinning the magazine will nondeterministically unload the gun or leave
it loaded). We then solve the goal
h
alive

unloaded
j
load
`
X
i
N
h
X
j
spin
`
Y
i
N
h
Y
j
try shoot
`
Z
i
and we get nondeterministically the two solutions:
X
=
alive

loaded
Y
=
alive

loaded
Z
=
dead

unloaded
and
X
=
alive

loaded
Y
=
alive

unloaded
Z
=
alive

unloaded
:
What should b e noticed here is the close correspondence between the philosoph-
ical analysis and the logic: the exacting nature of linear logic means that we
must analyse the scenario more sensitively, in order to nd a formalism that
works.
A.4 The Stolen Car Problem
The scenario is
You park your car in the lot at time 1. You discover that it is gone
at time 3. You conclude that it could have been stolen at any time
in between.
We analyse
steal
as
!(
steal
have
?
O
not have
)
and then we solve the goal
h
have
j
steal
N
1
`
X
i
N
h
X
j
steal
N
1
`
not have
i
:
This has two solutions:
X
=
not have
and
X
=
have
corresponding to thefts at time 1 or time 2, resp ectively.
Note that the clauses
steal
N
1
will each nondeterministically be replaced by
either
steal
or
1
, using the rules
N
L1 and
N
L2. Thus,
prima facie
we have four
possibilities; however, one of them (two successive thefts) is ruled out because
we have analysed
steal
as a success word, and one cannot steal a car which has
already been stolen, whereas another (two successive non-thefts) is ruled out
because it does not produce the correct nal state.
28

B How to Fail
Let us return to Desideratum 1. There are two ways of not fullling this desider-
atum, and they can be demonstrated on a variety of dierent implementations.
Although we have been working proof-theoretically, the desideratum makes
sense in a wider context; one needs some sort of concept of a transformation
between situations, and one also wants to know what the identity transforma-
tions are. Furthermore, one needs some sort of \product" (corresp onding to
the linear

) for composing situations. The desideratum will then state that,
if the state vector, or part of the state vector, is unchanged by an event, then
that subvector should be represented by the identity transformation; a general
transformation should b e the product of the identity on the unchanged part of
the state and some other transformation on the changed part.
In any event, once we have such an analysis, and if it satises the desider-
atum, then we can use this to design an ecient implementation: identities in
the model can be implemented by identities, that is, we can do a great deal
of structure sharing between the original state vector and its changed version.
This is especially relevant for languages like Prolog, since Prolog interpreters
(or a majority of them) perform a great deal of structure sharing; [16, pp. 73.]
indeed, the introduction of this approach was one of the things which made
Prolog into a workable programming language.
This applies to proof-theoretic formulations, using the Curry-Howard iso-
morphism (formulae are objects of a suitable category, proofs its morphisms);
but the same sort of analysis can also b e used with mo del-based algorithms such
as we shall be discussing in this section. These algorithms are given a theory
T
consisting of Horn clauses, and, starting with a model at
t
, they compute a
model at
t
+ 1 which

extends the model at
t
,

satises the theory in the sense that, if the antecedent of a sentence of the
theory is satised by the model at
t
, the consequent must b e satised by
the theory at
t
+ 1, and

is minimal subject to these conditions.
We can consider the models to be objects of our category, and theories to be the
morphisms. The \pro duct" will b e union of mo dels; if we dene our morphisms
suitably, the product will actually be direct sum in our category, but not much
hangs on this.
B.1 Types of Failure
The desideratum, then, can fail in several ways. One is to nd a proof { or,
more generally, a morphism { which is genuinely of the above form, that is,
which treats separately the transformed and the untransformed parts of the
state vector, but not to use the identity proof for
Z
!
Z
. We may further
classify the failures by the complexity of applying the inference to
Z
.
There is one notable source for such failures: it comes from approaches (such
as the model-building approach) where we consider state changes as deductions,
but use classical logic (or slight modications thereof, such as Kleene's three-
valued logic). Suppose we have a proposition
P
which is true on Monday,
29

but false on Tuesday. If our theory has a proposition (call it
A
) which yields
:
P
, given
P
, then { because of the monotonicity of classical logic {
A
and
P
entail both
P
and
:
P
. In order to avoid this contradiction, one generally
works, not with bare propositions such as
P
, but with propositions indexed
either by situations or by times. But now we have lost any chance of having
a deduction of the form we want: even if a proposition
Q
has the same truth
value on Monday and Tuesday,
Q
(
Tuesday
) and
Q
(
Monday
) are now
dierent
propositions, and the deduction of one from the other will contribute to the
complexity of the deduction. We do not share anything between the state at
t
and
t
+ 1: a new copy must be made. The whole world must be created anew
with each new instant. Although this approach may b e amusingly reminiscent
of the philosophies of ibn Rushd and of Malebranche, as a programming strategy
it is daft beyond belief. (Cf. [11], [13, p. 2])
B.2 Linear Failures
The theory given in Table 4 exhibits the usual sort of failure, and, for typical
problems (that is, those with the state vector large and with a small number of
simultaneous movements) the time complexity is linear in the size of the state
vector, regardless of the size of the state changes. Notice that, although it uses
non-identity transformations for the unchanged part, they are essentially given
by the inferences
holds
(
s
)(
t
)
^ 
aected
(
s
)(
t
)
!
holds
(
s
)(
t
+ 1); (6)
that is, they only involve propositions which are directly related to the state. If
there is no change, then the proposition
aected
(
s
)(
t
) has truth-value
?
, and
thus doesn't occur in the model. The transformation between two states, then,
can be decomposed into the transformation between the changed parts and the
application of (6) to the unchanged part. The latter application accounts for
the linear component of the complexity.
B.3 Quadratic Failures
It is possible, however, to do substantially worse than merely a linear failure of
Desideratum 1. The implementation in Table 5 do es that; the maps between
the unchanged parts of the state are handled by the inferences
uent
(
s
)
^
s
(
t
)
^ 
s
(
t
+ 1)
!
s
(
t
+ 1)
:
Now in order for these to p erform correctly (and in particular to avoid incorrectly
applying identity inferences to the positions of moved blocks) we have to add, to
the state description, propositions of the form
:
at
(
b; l
), which say that a given
block is not at a given position; these can then be used to blo ck the application
of the persistence rule. However, the presence of these extra propositions means
that the size of the state description is now quadratic in the size of the situation
(more precisely, it is linear in the number of objects and linear in the number
of positions).
Notice that, by contrast with the merely linear failure, this failure exhibits
some sort of failure of decomposability. The state description for the imple-
mentation of Table 4 consists only of propositions of the form
at
(
b; l
), one for
30

involves
(
moved
(
b; l
1
; l
2)
;
at
(
b; l
1))
holds
(
f
)(
t
)
^
occurs
(
e
)(
t
)
^
involves
(
e; f
)
!
aected
(
f
)(
t
)
postconds
(
moved
(
b; l
1
; l
2)(
t
)
!
holds
(
at
(
b; l
2)(
t
)
holds
(
s
)(
t
)
^ 
aected
(
s
)(
t
)
!
holds
(
s
)(
t
+ 1)
holds
(
at
(
b; l
1))(
t
)
!
preconds
(
moved
(
b; l
1
; l
2))(
t
)
preconds
(
e
)(
t
)
^
occurs
(
e
)(
t
)
^
qualied
(
e
)(
t
)
!
postconds
(
e
)(
t
+ 1)
This theory updates the positions of blocks (given by propositions such
as
holds
(
at
(
b; l
1))(
t
)) after movements (given by propositions such as
occurs
(
moved
(
b; l
1
; l
2))(
t
)). Propositions are temporally indexed, and the de-
ductive system is that given by Kleene's three-valued logic together with the
additional connectives

and

whose truth tables are given by:
P

P

P
T F T
?
T T
F T T
The pro cedure is model-based rather than pro of-theoretic: that is, a state at
time
t
is given by those elements of a model of the theory which have temporal
index
t
. Given a state at
t
, the corresponding state at
t
+ 1 can be found by
forward chaining using the theory.
Table 4: A Linear Failure
uent
(
at
(
x; y
)))
postconds
(
moved
(
b; l
1
; l
2))(
t
)
!
at
(
b; l
2)(
t
)
at
(
b; l
1)(
t
)
^
unequal
(
l
1
; l
2)
! :
at
(
b; l
2)(
t
)
uent
(
s
)
^
s
(
t
)
^ 
s
(
t
+ 1)
!
s
(
t
+ 1)
at
(
b; l
1)(
t
)
!
preconds
(
moved
(
b; l
1
; l
2))(
t
)
preconds
(
e
)(
t
)
^
occurs
(
e
)(
t
)
^
qualied
(
e
)(
t
)
!
postconds
(
e
)(
t
+ 1)
This theory solves the block movement problem, using the same deductive sys-
tem as that in Table 4.
Table 5: A Quadratic Failure
31

each block. The total set of p ositions is not represented explicitly (provided we
have a p osition for each blo ck). Correspondingly, there is only one meaningful
decomposition of the situation, that is, by taking apart the set of blocks; tensor
product is, quite simply, union of the corresponding state descriptions. And
our state transformations, though they do not actually have the form (1), can
nevertheless b e represented as a tensor product of mappings applied to atomic
situations, i.e. situations which consist of a single proposition
at
(
b; l
). Although
these mappings are not the identity, they are nevertheless quite straightforward,
and the cost is linear.
However, the situation is otherwise with the implementation in Table 5.
Although we can take state descriptions apart by decomposing the set of ob jects,
we are still left with irreducible state descriptions of the form
at
(
b; l
1
)
:
at
(
b; l
2
)
:
at
(
b; l
3
)
.
.
.
(7)
which, although they contain appreciable structure (and can be quite large),
nevertheless cannot be decomposed. We are, of course, tacitly putting some
restriction here on what might count as a component situation and what might
not (we don't want just any subset of the state description). However, if we
want to apply this analysis to the situation, whatever we count as a component
situation must be sucient, of itself, to correctly decide on questions of per-
sistence. That is, if we have a component, the morphism, when applied to the
component, must produce the same result as when applied to the full mo del.
Thus, for the theory of Table 5, a situation must at least contain, for each block
that it deals with, a full list of the form (7).
B.4 Worse Complexity
It is worth observing that, in at least one situation, maximal indecompos-
ability goes with extremely bad complexity. When, that is, we have a non-
monotonic logic described simply by model preference and where we are com-
pelled to search among models, sp ecied globally, then that search has com-
plexity 
p
2
= co-NP
NP
[6, Section 6.1], which is as bad as non-monotonic logic
gets. This connection seems quite signicant, since such a search among irre-
ducible models can be directly represented by a quantied Boolean formula, and
these formula are a standard way of nding problems which are complete for
complexity classes such as 
p
2
.
B.5 Timings
We can, in any case, give some comparative results which show that these things
make a dierence. Table 6 shows the dierences between the implementations we
have been discussing, when applied to instances of the blo ck movement problem.
They are all specied by three parameters: the number of blocks, the number
of locations, and the number of blocks which are moved. The various settings
(which correspond to, as it were, domestic situations, and which therefore ought
to be AI problems of realistic size) are:
32

Lygon Table 4 Table 5
Chess 8.35 650 16876.6
Backgammon 65.6 991.7 10867.0
(easy)
Backgammon 614 1683.4 19513.4
(hard)
Kitchen 114.56 28418.3 2200000
a
All times in milliseconds.
a
Estimated value.
Table 6: Comparative Timings
Chess
The problem of moving one piece on a chessboard; that is, there are 32
blocks, 64 lo cations, and one block is moved.
Backgammon (easy)
A backgammon b oard has 24 les, and there are 30
pieces. A varying number of pieces is moved; on average, about 5 are
moved at once. It's rather arbitrary how many locations we assign, but if
we assign two locations per le, this seems realistic. So we get 30 pieces,
48 lo cations, and 5 pieces moved.
Backgammon (hard)
One could theoretically move all 15 of one's pieces at
once, though this is unlikely. In this case, we would have 30 pieces, 48
locations, and 15 pieces moved.
A Kitchen
My kitchen has (at a rough count) 500 objects in it, of which about
10 would be used in a typical cooking op eration. So we can consider this
problem to have 500 pieces, 550 locations, and 10 pieces moved.
The results, then, bear out the analysis. We should notice that these problem
situations are by no means excessively large or complex: they have the same
sort of size as many everyday situations. Nevertheless, approaches which have
been seriously recommended in AI p erform extremely badly on problems of this
size; by contrast, the Lygon metainterpreter performs well, and its p erformance
scales well to large situations.
References
[1] Harold Ab elson and Gerald Jay Sussman with Julie Sussman,
Structure
and Interpretation of Computer Programs
, Cambridge MA: MIT Press
1985.
[2] Jon Barwise, email message to the
linear
mailing-list, 4 Febru-
ary 1992; available at
http://www.csl.sri.com/linear/
mailing-list- traffic/www/07/mail_2.html
[3] John Bell, \Prediction Theories and Explanation Theories", preprint.
[4] Wolfgang Bibel and Michael Thielscher, \Deductive Plan Generation", in
Setsuo Arikawa and Klaus P. Jantke (eds.),
Algorithmic Learning Theory
33

(The 4th International Workshop on Analogical and Inductive Inference
AII 94, The 5th International Workshop on Algorithmic Learning Theory,
ALT 94)
Lecture Notes in Articial Intel ligence
872, Berlin: Springer
1994, pp. 2{5.
[5] Gerhard Brewka,
Non-Monotonic Reasoning
, Cambridge: Cambridge Uni-
versity Press 1991.
[6] Marco Cadoli and Marco Schaerf, \A Survey on Complexity Results
for Non-Monotonic Logics",
Journal of Logic Programming
17 (1993),
pp. 127{166.
[7] Donald Davidson, \The Logical Form of Action Sentences", in Davidson,
Essays on Actions and Events
, Oxford: Clarendon 1980, pp. 105{122.
[8] Kerstin Eder, Steen Holldobler and Michael Thielscher, \An Abstract
Machine for Reasoning about Situations, Actions, and Causality", in Roy
Dyckho, Heinrich Herre, and Peter Schroeder-Heister (eds.),
Extensions
of Logic Programming
(5th International Workshop, ELP 96),
Lecture
Notes in Articial Intel ligence
1050, Berlin: Springer 1996, pp. 137{151.
[9] Christoph Fouquere and Jacqueline Vauzeilles, \Linear Logic and Excep-
tions",
Journal of Logic and Computation
4 (1994), 859{875.
[10] Bertram Fronhofer, \Linear Pro ofs and Linear Logic", in D. Pearce and
G. Wagner (eds),
Logics in AI
(European Workshop JELIA 92),
Lecture
Notes in Articial Intel ligence
633, Berlin: Springer 1992, pp. 106{125.
[11] Bertram Fronhofer, \Situation Calculus, Linear Connection Pro ofs and
Strips
-like Planning: An Experimental Comparison", in P. Miglioli,
U. Moscato, D. Mundici and M. Ornaghi (eds.),
Theorem Proving with
Analytic Tableaux and Related Methods
(5th International Workshop,
Tableaux
96),
Lecture Notes in Computer Science
1071, Berlin: Springer
1996, pp. 193{209.
[12] Gerd Grosse, Steen Holldobler and Josef Schneeberger, \Linear Deduc-
tive Planning",
Journal of Logic and Computation
6 (1996), pp. 232{262.
[13] Steen Holldobler and Michael Thielscher, \Properties
versus
Resources:
Solving Simple Frame Problems", Technische Hochschule Darmstadt
Forschungsbericht
Aida
{96{03 (1996).
[14] The Lygon home page,
http://www.cs.mu.oz.au/~winikoff/lygon/
lygon.html
[15] M. Masseron, C. Tollu and J. Vauzeilles, \Generating Plans in Linear
Logic", in K.V. Nori and C.E. Veni Madhavan (eds.),
Foundations of
Software Technology and Theoretical Computer Science
(Tenth Confer-
ence, Bangalore, India),
Lecture Notes in Computer Science
472, Berlin:
Springer 1990, pp. 63{75.
[16] Richard A. O'Keefe,
The Craft of Prolog
, Cambridge, MA: MIT 1990.
34

[17] David J. Pym and James A. Harland, \A Uniform Pro of-Theoretic Investi-
gation of Linear Logic Programming",
Journal of Logic and Computation
4 (1994), 175{207.
[18] Ray Reiter, \Natural Actions, Concurrency and Continuous Time in the
Situation Calculus",
Principles of Knowledge Representation and Reason-
ing: Proceedings of the Fifth International Conference (KR'96)
, Cam-
bridge MA., November 5-8, 1996.
[19] Gilb ert Ryle,
The Concept of Mind
, London: Hutchinson 1949.
[20] Erik Sandewall, \The Range of Applicability of some Non-Monotonic Log-
ics for Strict Inertia",
Journal of Logic and Computation
4 (1994), 581{
615.
[21] Erik Sandewall,
Features and Fluents
, Oxford: Oxford University Press
1994.
[22] Murray Shanahan,
Solving the Frame Problem
(unpublished MS).
[23] Richard Sorab ji,
Necessity, Cause, and Blame: Perspectives on Aristotle's
Theory
, London: Duckworth 1980.
[24] Michael Thielscher, \Computing Ramications by Postprocessing", IJCAI
1995 pp. 1994{2000.
[25] A.S. Tro elstra, \Tutorial on Linear Logic" in Peter Schroeder-Heister
and Kosta Dosen (eds),
Substructural Logics
, Oxford: Clarendon 1993,
pp. 327{355.
[26] Michael Winiko and James A. Harland, \Implementing the Linear Logic
Programming Language Lygon", preprint.
[27] Michael Winiko and James A. Harland,
Deterministic Resource Man-
agement for the Linear Logic Programming Language Lygon
, Technical
Report 94/23, Department of Computer Science, University of Melb ourne
(1994).
[28] Georg Henrik von Wright,
Norm and Action: A Logical Enquiry
, London:
Routledge and Kegan Paul, 1963.
35