Structure Formation in Large Theories
SStructure Formation in Large Theories (cid:63)
Serge Autexier and Dieter Hutter
German Research Center for Artificial IntelligenceBibliothekstr. 1, 28359 Bremen, Germany { serge.autexier | dieter.hutter } @dfki.de Abstract.
Structuring theories is one of the main approaches to re-duce the combinatorial explosion associated with reasoning and explor-ing large theories. In the past we developed the notion of developmentgraphs as a means to represent and maintain structured theories. Inthis paper we present a methodology and a resulting implementation toreveal the hidden structure of flat theories by transforming them into de-tailed development graphs. We review our approach using plain TSTP-representations of MIZAR articles obtaining more structured and alsomore concise theories.
It has been long recognized that the modularity of specifications is an indis-pensable prerequisite for an efficient reasoning in complex domains. Algebraicspecification techniques provide appropriate frameworks for structuring complexspecifications and the authors introduced the notion of an development graph[5,1,6] as a technical means to work with and reason about such structuredspecifications. While its use presupposes the development of theories having theintended structures already in mind, there are various applications of FormalMethods in which theories are automatically generated in an entirely unstruc-tured representation. Thus, there is a need for a computer-aided structure for-mation for large theories, which allows for an efficient reasoning in such theories.In this paper we present an initial approach to support structure formationsin large unstructured specifications. The idea is to provide a calculus and a corre-sponding methodology to crystalize intrinsic structures hidden in a specificationand represent them explicitly in terms of development graphs. Step by step, thespecification is split into different nodes resulting in increasingly richer develop-ment graphs. On the opposite, common concepts that are scattered in differentspecifications are identified and unified in a common theory.We start with a discussion on syntactical properties to measure the appropri-ateness of a structuring and specify invariants underlying a structure formationprocess. Based on this general framework we present a calculus (and heuristicsto guide this calculus) to transform development graphs in order to enrich theexplicitly given structure. We review our framework with the help of the MizarMathematical Library ( ) providing hundreds of articleswhich are subject to our structure formation process. (cid:63)
The final publication is available at http://link.springer.com as part of the proceed-ings of the Conference on Intelligent Computer Mathematics 2015. a r X i v : . [ c s . L O ] M a y Serge Autexier and Dieter Hutter
We base our framework on the notions of development graphs (and thus on thenotion of institutions [4]) to specify and reason about structured specifications.Development graphs D are acyclic, directed graphs (cid:104)N , L(cid:105) , the nodes N denoteindividual theories and the links L indicate theory inclusions with respect tosignature morphisms attached to the links. Each node N ∈ N of the graph isa tuple ( sig N , ax N , lem N ) such that sig N is called the local signature of N , ax N a set of local axioms of N , and lem N a set of local lemmas of N . L is a set ofglobal definition links M σ (cid:43) (cid:51) N . Each link imports the mapped theory of M (by the signature morphism σ ) as part of the theory of N . A node N is globallyreachable from a node M via a signature morphism σ , D (cid:96) M (cid:95)(cid:63) σ (cid:43) (cid:51) N for short,iff 1. either M = N and σ = id , or 2. M σ (cid:48) (cid:43) (cid:51) K ∈ L , and D (cid:96) K (cid:95)(cid:63) σ (cid:48)(cid:48) (cid:43) (cid:51) N ,with σ = σ (cid:48)(cid:48) ◦ σ (cid:48) . The global signature (global axioms and global lemmata,respectively) of a node N ∈ N is the union of its local signature (local axiomsand local lemmata) and the mapped global signatures of all nodes from which N is globally reachable. A node is valid if all signature symbols occurring in itsglobal axioms and lemmata are declared in its global signature. A developmentgraph is well-defined, if all its nodes are valid.The maximal nodes (root nodes) (cid:100)D(cid:101) of a graph D are all nodes withoutoutgoing links. Dom D ( N ) := Sig D ( N ) ∪ Ax D ( N ) ∪ Lem D ( N ) is the set of allsignature symbols, axioms and lemmata visible in a node N . The local domain of N , dom N := sig N ∪ ax N ∪ lem N is the set of all local signature symbols,axioms and lemmata of N . The imported domain Imports D ( N ) of N in D isthe set of all signature symbols, axioms and lemmata imported via incomingdefinition links. Dom D = (cid:83) N ∈N Dom D ( N ) is the set of all signature symbols,axioms and lemmata occurring in D . Analogously we define Sig D , Ax D , and Lem D . Dom (cid:100)D(cid:101) = (cid:83) N ∈(cid:100)D(cid:101) Dom D ( N ) is the set of all signature symbols, axiomsand lemmata occurring in the maximal nodes of D .Given a node N ∈ N its associated class Mod D ( N ) of models (or N -modelsfor short) consists of those Sig D ( N )-models n for which (i) n satisfies the localaxioms ax N , and (ii) for each K σ (cid:43) (cid:51) N ∈ S , n | σ is a K -model. In the followingwe denote the class of Σ -models that fulfill the Σ -sentences Ψ by Mod Σ ( Ψ ).Given a signature Σ and Ax , Lem ⊆ Sen ( Σ ), a support mapping Supp forAx and Lem assigns each lemma ϕ ∈ Lem a subset H ⊆ Ax ∪ Lem such that(i)
Mod (cid:104) sym ( H ) ∪ sym ( ϕ ) (cid:105) Σ ( H ) | = ϕ (ii) The relation (cid:64) ⊆ ( Ax ∪ Lem ) × Lem with Φ (cid:64) ϕ ⇔ ( Φ ∈ Supp ( ϕ ) ∨ ∃ ψ.Φ ∈ Supp ( ψ ) ∧ ψ (cid:64) ϕ ) is a well-founded strictpartial order. If D is a development graph, then a support mapping Supp is a support mapping for D iff for all N ∈ D Supp is a support mapping for Ax D ( N )and Lem D ( N ).We will now formalize the requirements on development graphs that reflectour intuition of an appropriate structuring for formal specifications in the fol-lowing principles. where (cid:104) S (cid:105) Σ denotes the smallest valid sub-signature of Σ containing S .tructure Formation in Large Theories 3 The first principle is semantic appropriateness , saying that the structure ofthe development graph should be a syntactical reflection of the relations be-tween the various concepts in our specification. This means that different basicspecifications are located in different nodes of the graph and the links of thegraph reflect the logical relations between these specifications. The second prin-ciple is closure saying, for instance, that deduced knowledge should be locatedclose to the axioms guaranteeing the proofs. Also the specification defined bythe theory of an individual node of a development graph should have a meaningof its own and provide some source of deduced knowledge. The third principleis minimality saying that each concept (or part of it) is only represented oncein the graph. When splitting a monolithic theory into different theories commonfoundations for these theories should be (syntactically) shared between them bybeing located at a unique node of the graph.We now translate these principles into syntactical criteria on developmentgraphs and into procedures of how to transform or refactor development graphs.In a first step we formalize technical requirements to enforce the minimality-principle in terms of development graphs. Technically, we demand that eachsignature symbol, each axiom and each lemma has a unique location in thedevelopment graph. When we enrich a development graph with more structurewe forbid to have multiple copies of the same definition in different nodes. Wetherefore require that we can identify for a given signature entry, axiom or lemmaa minimal theory in a development graph and that this minimal theory is unique.We define:
Definition 1 (Providing Nodes).
Let (cid:104)N , L(cid:105) be a development graph. Anentity e is provided in N ∈ N iff e ∈ Dom (cid:104)N , L(cid:105) ( N ) and ∀ M σ (cid:43) (cid:51) N. e (cid:54)∈
Dom (cid:104)N , L(cid:105) ( M ) . Furthermore,1. e is locally provided in N iff additionally e ∈ dom N holds.2. e is provided by a link l : M σ (cid:43) (cid:51) N iff e is not locally provide in N and ∃ e (cid:48) ∈ Dom (cid:104)N , L(cid:105) ( M ) . σ ( e (cid:48) ) = e holds. In this case we say that l provides e from e (cid:48) . e is exclusively provided by l iff e is not provided by any other link l (cid:48) ∈ L . The closure-principle demands that there are no spurious nodes in the graph notcontributing anything new. We combine these requirements into the notion oflocation mappings:
Definition 2 (Location Mappings).
Let D = (cid:104)N , L(cid:105) be a development graph.A mapping loc D : Dom D → N is a location mapping for D iff1. loc D is surjective (closure)2. ∀ N ∈ N . ∀ e ∈ dom N . loc D ( e ) = N ∀ e ∈ Dom D . loc D ( e ) is the only node providing e (minimality)For a given loc D we define loc − D : N → Dom D byloc − D ( N ) := { e ∈ Dom D | loc D ( e ) = N } .We write loc and loc − instead of loc D and loc − D if D is clear from the context. Based on the notion of location mappings we formalize our intuition of a structuring . The idea is that the notion of being a structuring constitutes the
Serge Autexier and Dieter Hutter invariant of the structure formation process and guarantees both, requirementsimposed by the minimality-principle as well as basic conditions on a developmentgraph to reflect a given formal specification.
Definition 3 (Structuring).
Let D = (cid:104)N , L(cid:105) be a valid development graph,loc : Dom D → N , Σ ∈ | Sign | , Ax , Lem ⊆ Sen ( Σ ) and Supp be a supportmapping for D . Then ( D , loc , Supp ) is a structuring of ( Σ, Ax , Lem ) iff1. loc is a location mapping for D .2. let Dom (cid:100)D(cid:101) = Σ (cid:48) ∪ Ax (cid:48) ∪ Lem (cid:48) then Σ = Σ (cid:48) , Ax = Ax (cid:48) and Lem ⊆ Lem (cid:48) .3. ∀ φ ∈ Lem D . ∀ ψ ∈ Supp ( φ ) . ∃ σ. loc ( ψ ) (cid:95)(cid:63) σ (cid:43) (cid:51) loc ( φ ) ∧ σ ( ψ ) = ψ In the following we present the transformation rules on development graphs thattransform a structuring again into a structuring. Using these rules we are able tostructure the initially trivial development graph consisting of exactly one nodethat comprises all given concepts step by step. This initial development graphconsisting of exactly one node satisfies the condition of a structuring providedthat we have an appropriate support mapping at hand.We define four types of structuring-invariant transformations: (i) horizontalsplitting and merging of development graph nodes, (ii) vertical splitting andmerging of development graph nodes, (iii) factorization and multiplication ofdevelopment graph nodes, and (iv) removal and insertion of specific links. Split-ting and merging as well as factorization and multiplication are dual operations.For lack of space and because we are mainly interested in rules increasing thestructure of a development graph we will omit the formal specification of themerging and multiplication rules here.
Horizontal Split.
The first refactoring rule aims at the separation of specificationsin independent theories. In terms of the development graph a node is replacedby a series of independent nodes; each of them contains a distinct part from apartitioning of the specification of the original node. In order to ensure a validnew development graph, each of the new nodes imports the same theories as theold node and contributes to the same theories as the old node did. To formalizethis rule we need constraints on how to split a specification in different chunkssuch that local lemmata are always located in a node which provides also thenecessary axioms and lemmata to prove it.
Definition 4.
Let S = ( D , loc , Supp ) be a structuring of ( Σ, Ax , Lem ) and N ∈N D . A partitioning P for N is a set { N , . . . , N k } with k > such that 1. sig N = sig N (cid:93) . . . (cid:93) sig N k , ax N = ax N (cid:93) . . . (cid:93) ax N k , lem N = lem N (cid:93) . . . (cid:93) lem N k
2. sig N i ∪ ax N i ∪ lem N i (cid:54) = ∅ for i = 1 , . . . , k . A node N i ∈ P is lemma independent iff Supp ( ψ ) ∩ ( ax N ∪ lem N ) ⊆ ( ax N i ∪ lem N i ) for all ψ ∈ lem N i . Definition 5 (Horizontal Split).
Let S = ( (cid:104)N , L(cid:105) , loc , Supp ) be a structuring of ( Σ, Ax , Lem ) , P = { N , . . . , N k } be a partitioning for some node N ∈ N such tructure Formation in Large Theories 5 N θ θ n . . . σ σ m . . . N N k θ θ n θ θ n . . . σ | Dom N σ m | D o m N σ | D o m N k σ m | Dom Nk . . . . . .Horizontal SplitHorizontal Merge Fig. 1.
Horizontal Split and Merge that each N i ∈ P is lemma independent and loc − ( N ) = dom N . The horizontalsplit of S wrt. N and P is S (cid:48) = ( D (cid:48) , loc (cid:48) , Supp ) with D (cid:48) = (cid:104)N (cid:48) , L (cid:48) (cid:105) where1. N (cid:48) := { N , . . . , N k } (cid:93) ( N \ N ) L (cid:48) := { M σ (cid:43) (cid:51) M (cid:48) ∈ L| M (cid:54) = N ∧ M (cid:48) (cid:54) = N }∪ { M θ (cid:43) (cid:51) N i | M θ (cid:43) (cid:51) N ∈ L , i ∈ { , . . . , k }}∪ { N i τ | Dom Ni (cid:43) (cid:51) M | N τ (cid:43) (cid:51) M ∈ L , i ∈ { , . . . , k }}
3. loc (cid:48) ( e ) := N i if e ∈ dom N i for some i ∈ { , . . . , k } and loc (cid:48) ( e ) := loc ( e ) otherwise.such that Sig D (cid:48) ( N i ) are valid signatures and ax i , lem i ⊆ Sen ( Sig D (cid:48) ( N i )) for i = 1 , . . . , k .Vertical Split. Similar to a horizontal split we introduce a vertical split whichdivides a node into two nodes and locates one node on top of the other. Whileall outgoing links start at the top node, we are free to reallocate incoming linksto either node.
Definition 6 (Vertical Split).
Let S = ( (cid:104)N , L(cid:105) , loc , Supp ) be a structuring of ( Σ, Ax , Lem ) and P = { N , N } be a partitioning for some N ∈ N suchthat N is lemma independent. Then, the vertical split S wrt. N and P is S (cid:48) =( D (cid:48) , loc (cid:48) , Supp ) with D (cid:48) = (cid:104)N (cid:48) , L (cid:48) (cid:105) where N (cid:48) := { N , N } (cid:93) ( N \ N ) L (cid:48) := { M σ (cid:43) (cid:51) M (cid:48) ∈ L| M (cid:54) = N ∧ M (cid:48) (cid:54) = N } ∪ { N id (cid:43) (cid:51) N }∪ { M σ (cid:43) (cid:51) N | M σ (cid:43) (cid:51) N ∈ L} ∪ { N σ (cid:43) (cid:51) M | N σ (cid:43) (cid:51) M ∈ L} loc (cid:48) ( e ) = N if loc ( e ) = N and e ∈ Dom D (cid:48) ( N ) N if loc ( e ) = N and e (cid:54)∈ Dom D (cid:48) ( N ) loc ( e ) otherwisesuch that Sig D (cid:48) ( N i ) , i = 1 , , are valid signatures and ax i , lem i ⊆ Sen ( Sig D (cid:48) ( N i )) , i = 1 , . Conversely, S is a vertical merge of N and N in S (cid:48) . Serge Autexier and Dieter Hutter NM M p σ σ l . . . ρ ρ m . . . N N M M p ρ ρ m . . . idσ σ l . . . Vertical SplitVertical Merge
Fig. 2.
Vertical Split and Merge
Example 1.
We illustrate the horizontal and vertical split rules by considering asingle theory axiomatizing a Field with binary operations + and × consisting ofa Distributivity axiom ( Φ D := ∀ x, y, z.x × ( y + z ) = x × y + x × z ) and the axiomsof an Abelian Group for + and × , respectively ( Φ + AG := ∀ x, y, z . x +( y + z ) =( x + y ) + z, ∀ x, y . x + y = y + x, ∀ x . x + 0 = x, ∀ x . x + -( x ) = 0 and Φ × AG := ∀ x, y, z . x × ( y × z ) = ( x × y ) × z, ∀ x, y . x × y = y × x, ∀ x . x × x, ∀ x . x × inv( x ) =1). Assume axioms are contained in a single node Field , which forms a trivialstructuring. In a first step we can split that node vertically by separating thedistributivity axiom from the other axioms. In a second step we can separatethe Abelian Group axioms for + and × by a horizontal split. This is shown inthe following Figure: Φ D Φ + AG Φ × AG (0) (1)Vertical Split (2)Horizontal Split Φ D Φ + AG , Φ × AG id Φ D Φ + AG Φ × AG id id Factorization.
The factorization rule allows one to merge equivalent specifica-tions into a single generalized specification and then to represent the individualones as instantiations of the generalized specification. A precondition of this ruleis that all individual specifications inherit the same (underlying) theories.
Definition 7 (Factorization).
Let S = ( (cid:104)N , L(cid:105) , loc , Supp ) be a structuring of ( Σ, Ax , Lem ) . Let K , . . . , K n , M , . . . , M p ∈ N with p > such that sig M j ∪ ax M j (cid:54) = ∅ and ∃ σ i,j . K i σ i,j (cid:43) (cid:51) M j ∈ L for i = 1 , . . . , n, j = 1 , . . . , p .Suppose there are sets sig, ax and lem with ( sig ∪ ax ∪ lem ) ∩ Dom D = ∅ andsignature morphisms θ , . . . , θ p and σ , . . . , σ n such that- ∀ e ∈ Dom D ( K i ) . θ j ( σ i ( e )) = σ i,j ( e ) and σ i,j ( e ) = e ∨ σ i,j ( e ) (cid:54)∈ Dom D tructure Formation in Large Theories 7 M M p . . . K K n σ , σ n , σ , p σ n , p . . . . . . ... NK K n N N p . . . θ θ p σ σ n . . . . . . ... Factorization
Fig. 3.
Factorization (with σ i,j := θ j ◦ σ i ) - sig M j ⊆ θ j ( sig ) ⊆ Dom D ( M j ) , ax M j ⊆ θ j ( ax ) ⊆ Dom D ( M j ) - ∀ e ∈ lem holds ∃ l ∈ { , . . . p } . θ l ( e ) ∈ lem M l , θ i ( e ) = θ j ( e ) implies i = j and θ j ( e ) ∈ Dom D implies loc ( θ j ( e )) ∈ M j - there is a support mapping Supp N for ax ∪ (cid:83) i =1 ,...,n σ i ( Dom D ( K i )) and lem.Then S (cid:48) = ( (cid:104)N (cid:48) , L (cid:48) (cid:105) , loc (cid:48) , Supp (cid:48) ) is a factorization of S wrt. M , . . . , M p andSupp N iff N (cid:48) := { N } ∪ { N j | j ∈ { , . . . p }} ∪ N \ { M , . . . M p } with N = (cid:104) sig , ax , lem (cid:105) , N j = (cid:104)∅ , ∅ , lem M j \ θ j ( lem ) (cid:105)L (cid:48) := { K σ (cid:43) (cid:51) K (cid:48) ∈ L| K, K (cid:48) (cid:54)∈ { M , . . . M p }∪ { K i σ i (cid:43) (cid:51) N | K i σ i,j (cid:43) (cid:51) M j , j ∈ { , . . . p } , i ∈ { , . . . n }}∪ { N θ j (cid:43) (cid:51) N j | j ∈ { , . . . p }}∪ { K τ (cid:43) (cid:51) N j | K τ (cid:43) (cid:51) M j ∧ ( ∀ i ∈ { , . . . n } .K (cid:54) = K i ∧ τ (cid:54) = σ i,j ) ∪ { N j τ (cid:43) (cid:51) K | M j τ (cid:43) (cid:51) K ∈ L , j ∈ { , . . . p }} loc (cid:48) ( x ) := N if x ∈ Dom D (cid:48) ( N ) \ (cid:83) i =1 ,...,n Dom D (cid:48) ( K i ) N j if x ∈ Dom D ( N j ) and ∀ K σ (cid:43) (cid:51) N j . x (cid:54)∈ Dom D (cid:48) ( K ) loc ( x ) otherwise.Supp (cid:48) := Supp ∪ Supp N . Example 2.
Consider again our example a Field axioms, which we have trans-formed into the structuring (3) (p. 6). On the last structuring (3) we can ap-ply the factorization rule to extract the general abelian group axioms ( Φ ◦ AG := ∀ x, y, z . x ◦ ( y ◦ z ) = ( x ◦ y ) ◦ z, ∀ x, y . x ◦ y = y ◦ x, ∀ x . x ◦ e = x, ∀ x . x ◦ i( x ) = e )and obtain the respective axioms for + and × by morphisms σ := ◦ (cid:55)→ + , e (cid:55)→ , i (cid:55)→ − and σ := ◦ (cid:55)→ × , e (cid:55)→ , i (cid:55)→ inv. This is illustrated in the followingdiagram and the final structuring contains 5 axioms and the initial structuringcontained 9 axioms. Serge Autexier and Dieter Hutter Φ D Φ + AG Φ × AG id id Φ D ∅ ∅ id idΦ ◦ AG σ σ (3) (4)FactorizationThe factorization rule only covers a sufficient criterion demanding that eachtheory imported by a definition link to one specification is also imported viadefinition links by all other specifications. The more complex case in which atheory is imported via a path of links can be handled by allowing one to shortcuta path in a single global link. This results in the following rule. Definition 8 (Transitive Enrichment).
Let S = ( (cid:104)N , L(cid:105) , loc , Supp ) be astructuring of ( Σ, Ax , Lem ) , K, N ∈ N and there is a path K (cid:95)(cid:63) σ (cid:43) (cid:51) N betweenboth. Then, S (cid:48) = ( (cid:104)N , L ∪ { K σ (cid:43) (cid:51) N }(cid:105) , loc , Supp ) is a transitive enrichmentof D . Definition links in a development graph can be redundant, if there are al-ternatives paths which have the same morphisms or if they are not used in anyreachable node of the target. We formalize these notions as follows:
Definition 9 (Removable Link).
Let S = ( D , loc , Supp ) ( D = (cid:104)N , L(cid:105) ) be astructuring of ( Σ, Ax , Lem ) . Let l ∈ L and D (cid:48) = (cid:104)N , L \ { l }(cid:105) . l is removable from S and S (cid:48) = ( D (cid:48) , loc , Supp ) is a reduction of S iff1. ∀ l (cid:48) : M σ (cid:43) (cid:51) N. if l (cid:48) provides exclusively σ ( e ) from some e ∈ Dom D ( M ) then e ∈ Dom D (cid:48) ( N ) and l (cid:54) = l (cid:48) ;2. ∀ e ∈ Dom D . ∀ M ∈ (cid:100)D(cid:101) . if loc ( e ) (cid:95)(cid:63) σ (cid:43) (cid:51) M then there exists M (cid:48) ∈ (cid:100)D (cid:48) (cid:101) suchthatloc ( e ) (cid:95)(cid:63) σ (cid:43) (cid:51) M (cid:48) ;3. ∀ φ ∈ Lem D . Supp ( φ ) ⊆ Dom D (cid:48) ( N ) and ∀ Sig loc D ( N ) ⊆ Dom D (cid:48) ( N ) . Theorem 1 (Structuring Preservation).
Let S := ( D , loc , Supp ) ( D = (cid:104)N , L(cid:105) )be a structuring of ( Σ, Ax , Lem ) . Then1. every horizontal split of S wrt. some N ∈ N and partitioning P of N ,2. every vertical split of S wrt. some N ∈ N and partitioning P of N ,3. every factorization of S wrt. nodes M , . . . M p ∈ N ,4. every transitive enrichment of S , and5. every reduction of S is a structuring of ( Σ, Ax , Lem ) . The theorem follows from the soundness proofs for each rule given in Appendix 6. tructure Formation in Large Theories 9
In order to evaluate the refactoring rules on real theories we have implementedthe development graphs and the rules in Scala and added support to read for-mulas in TSTP format [9] using the Java parser from [8]. The support mappingis given as an extra datastructure representing the information which formulahas been used in the proof of a theorem. In the case of TSTP we extract thatinformation from the files by using the names of the formulas. Since the TSTPformat does not include signature declarations, we add declarations for all oc-curring symbols in a TSTP file in an initialization step. We used the untypedpart of TSTP and hence the declarations only contain arity information but notypes.The refactoring rules are parameterized over the theories and possibly thesubsets of the local signature, axioms and lemmata to split over. To computethe parametric information we provided some basic heuristic tactics. Using thesupport mapping, we define that an axiom (resp. lemma) depends on a symboldeclaration, if the symbol occurs in the axiom (resp. lemma) and a lemma de-pends on another axiom or lemma, if the latter is in its support mapping. Asymbol declaration is always independent. This dependency relation induces apartial order on the local domain of each node in a development graph. Tactic for horizontal split.
This rule requires the partitioning of the local sig-nature, axioms and lemmas for a given theory into independent parts such thatgiven the same imports than the original node, each part is a valid theory andlemma independent of the other part. We implemented a heuristic that given alocal domain of some node, searches for a largest subset which has a non-emptyintersection of its occurring symbols and supporting axioms and lemmata. Ifsuch a set exists, the largest such set is used to split the theory horizontally intothat set and the rest.
Tactics for vertical split.
The rule requires to find a subset of the local domain,which is independent of the rest and use it as the content of the lower theory.We implemented two heuristics to search for this subset. First, we consider allmaximal elements wrt. the dependency relation and use that as content for thenew upper theory constructed by vertical split. Second, we consider all minimalelements and use it as content for the lower theory constructed by vertical split.These two tactics allow one to incrementally split a theory into layered slices ofthe dependency relation.
Tactic for factorization.
This rule requires to find isomorphic subsets in twodifferent theories to factorize over. The notion of isomorphism between formulasis very strict, as we only search for renamings. Furthermore, we extended theisomorphism to the support mapping such that lemmata can only be identifiedwith isomorphic lemmata which supporting axioms and lemmata are also iso-morphic wrt. the same renaming. Thus, an axiom can never be factorized with a lemma and vice-versa. Even with that strict notion, computation of such subsetsis already expensive. If the entire local domain of a given node is isomorphic tothe local domain of the second node, both nodes are factorized according thedefinition of the factorization rule. If the identified subset in the first node doesnot cover the complete second node, we first try to split the second node toisolate the subset. To this end we first try to split the second node horizontallyusing the identified subset. If that fails, we first try to split vertically using thesubset for the upper part and finally as the lower part. If one of these splittingswas successful, the factorization is applied on the isolated part. Otherwise thefactorization fails.In addition to these main tactics, we have implemented the tactics to deletesuperfluous links as well as deletion of empty nodes which technically correspondsto vertically merging the empty node with their importing theories. Automatic Procedure.
In order to automate the theory formation process we haveimplemented the usual tacticals to describe more complex search behaviors. Thetactic language is defined as follows starting from the basic tactics describedabove: T ::= SplitHorizontal | SplitV erticallyM aximal | SplitV erticallyM inimal | F actorize | RemoveSuperf luousEmptyT heories | T ∗ | T + | T ; T | T onf ail T
The tactics take as argument a structuring and if they could be applied,return a new structuring and otherwise fail. The tacticals for as many as possibleiteration ( ∗ ), as many as possible but at least one (+) and sequencing (;) arestandard. The tactical onf ail executes the second tactic expression only if thefirst failed. Using this language we have implemented the following automaticprocedure. The goal of the procedure is starting from an unstructured graph,i.e. a single theory containing all declarations, axioms and lemmata, to searchfor possibilities to factorize common patterns. Factorization is only possible ifat least one application of the horizontal split rule was possible, which in turnmay require the application of a preparatory vertical split. Following that initialpart, we try to split further vertically using the maximal elements of the theoryand finally removing the superfluous links and empty theories. Hence, the initialphase of the automation consists of inittac ˙ ≡ (( SplitV erticallyM inimalEntries +; SplitHorizontally ∗ ) onf ail SplitHorizontally +); SplitV erticallyM aximalEntries ∗ ; RemoveSuperf luousEmptyT heories ∗ That initialization tactic succeeds only if at least one vertical split or one hori-zontal split could be done. Following that, we start to factorize. If at least onefactorization was possible, we first clean up the structuring by removing super-fluous links and empty theories before trying again to split vertically. The overall tructure Formation in Large Theories 11
Article Axioms Theorems Reduction Timeout binop_2.top.rated
21 / 19 28 / 28 5% yes bintree1.top.rated
62 / 61 16 / 16 2% no cfuncdom.top.rated
25 / 24 40 / 40 2% no ff_siec.top.rated
52 / 51 32 / 32 2% no finsub_1.top.rated
38 / 37 16 / 16 2% no heine.top.rated
96 / 95 13 / 13 1% no membered.top.rated
17 / 17 36 / 16 38% no mssubfam.top.rated
84 / 83 55 / 55 1% no msualg_1.top.rated
49 / 48 13 / 13 2% no power.top.rated
103 / 102 61 / 61 1% yes qc_lang1.top.rated
86 / 85 23 / 23 1% no rsspace.top.rated
46 / 45 20 / 20 2% no setfam_1.top.rated
51 / 48 44 / 44 4% no
Fig. 4.
Factorization results on TSTP versions of the Mizar articles tactic is thus inittac ; (
F actorize +; RemoveSuperf luousEmptyT heories ∗ ; SplitV erticallyM inimalEntries ∗ ) ∗ We have applied the factorization procedure presented in the previous section toTSTP versions of the Mizar library articles , which have been cre-ated by Joseph Urban and are available at . This is a collection of 922 files in TSTP format( ) where theorems are annotated by informa-tion which theorems and axioms have been used in their proofs. The files consistof the axioms and theorems of each article including all directly included articles,but without transitive expansion of all inclusions. Hence, the knowledge in eachfile is already quite tailored to the knowledge necessary to define the additionalmathematical concepts and to enable the proofs of the theorems. We have runthe procedure on all examples with a timeout of 5 minutes each. The environ-ment was a virtual machine with 4 virtual CPUs, 16GB RAM, under openSuSE12.2 64-bit, running on a host with 2 Intel Xeon Westmere E5620 QuadCoreCPUs, 2,4GHz, 96GB RAM and VMware ESXi 4.1.For most articles no factorization has been found. However, there are 13articles where factorization was possible, which are presented in the table Fig. 5.The results are summarized in the following format: for each file we indicatein the
Axioms column the number of axioms in the initial development graphand the final development graph. Analogously, the
Theorems column indicatesthe number of theorems respectively in the initial and the final developmentgraph. The
Reduction column indicates how much the factorization reducedthe overall number of axioms and theorems. The last column indicates if the
Fig. 5.
Resulting DG automatic procedure had terminated within the 5minutes time frame or timeout was reached.While reducing the number of axioms by factor-ization is already interesting in order to reduce thesearch space for automatic provers, reducing thenumber of theorems is more interesting as it meansless theorems to prove. For all but one file wherefactorizations have been found, only axiom factor-ization have been found. However, in the article membered. top.rated obtained from the Mizararticle [10] “On the Sets Inhabited by Numbers”we could factorize 36 theorems into 16 theorems.On closer inspection this is not surprising becauseit concerned theorems about sets of reals, sets ofrationals, sets of integers, sets of naturals and setsof complex numbers, all defined and proved accord-ing to the same schema. The resulting developmentgraph is shown on the right side of Fig. 5, andthe factor theory containing the 5 theorems, fromwhich all others are obtained by renaming, is node9 in gray/orange. The factorization is visible viathe 5 outgoing edges towards node 11 which are annotated with the respectivemorphisms.
Related to the structuring of theories, there is a large work on anti-unification,i.e. computing common generalizations of different formuala or theories (e.g.[2,7,3]). The resulting structuring approach is primarily botton-up and drivenby the pure existence of anti-unifiers. In contrast, our approach is top-down as itintroduces measures for the intended structuring (i.e. semantic appropriateness,closure and minimality) to guide the formation process. For example, we splitup theories in smaller ones but that are still self-contained in the sense thateach theorem of the original theory can be proven in one of the new (smaller)ones. Anti-unification is an important technique to test the applicability of thefactorization rule, for instance, but applicability of a rule is not the driving forceof the formation process.In this paper we were concerned with trying to reveal shared definitions,axiomatizations and theorems in a given formal theory. Based on structurings which extend development graphs with notions to exclude redundancies andinclude dependency information, we presented a set of rules on structurings. Weimplemented the rules with simple heuristics to detect isomorphic subsets whichare sufficient to find simple factorization and applied it to the TSTP formulationsof the Mizar articles. Not surprisingly, not many factorizations could be found,which is due to Mizar’s non-transitive reuse principle of other articles and the fact tructure Formation in Large Theories 13 that these were chosen carefully by the authors of the Mizar article. Moreover,the heuristics to compute isomorphic axioms and theorems was very restricted.However, a few factorizations could be found, and especially one were the numberof theorems could be halved. This indicates that adding theory morphisms to theMizar language may be useful, but that needs to be confirmed by further analysisof larger subsets. On the other hand the non-transitive import mechanisms ofMizar already seems to allow for a good organization of the knowledge. Thatkind of mechanism is typically not implemented in specification languages, butexists in development graphs in form of local axiom links.Future work will consist of analyzing larger subsets of the whole Mizar li-brary, i.e. sets of Mizar articles, for possible factorizations. We also plan toapply it to libraries of other proof assistants assuming we can get the depen-dency information which axioms/theorems have been used in which proof. Alsoother automation tactics and especially heuristics to identify isomorphic formu-las need to be explored, as well as heuristics to identify subsets for horizontal andvertical splits. On a more theoretical level, we will investigate how axioms andtheorems could be identified, in order to allow to factorize alternative axiomati-zations of the same theory without losing information, such as, e.g., alternativeforms to axiomatize groups. Finally, the whole system can be applied to any un-typed first-order subset of TPTP theories to search for redundancies. However,the resulting development graphs cannot be saved as TPTP theories, as it doesnot support renaming. Hence, we propose to extend the TPTP language in thatrespect.
References
1. S. Autexier and D. Hutter. Mind the gap - maintaining formal developments inMAYA. In
Festschrift in Honor of J.H. Siekmann . Springer, LNCS 2605, 2005.2. A. M. Frisch and C. D. P. Jr. Generalization with taxonomic information. In , pages 775–761. AAAI-Press, 1990.3. T. Gauthier and C. Kaliszyk. Matching concepts across HOL libraries. In
Intelli-gent Computer Mathematics , pages 267–281. Springer, LNAI 8543, 2014.4. J. A. Goguen and R. M. Burstall. Institutions: Abstract model theory for speci-fication and programming.
Journal of the Association for Computing Machinery ,39:95–146, 1992. Predecessor in: LNCS 164, 221–256, 1984.5. D. Hutter. Management of change in verification systems. In
Proceedings 15thIEEE International Conference on Automated Software Engineering, ASE-2000 ,pages 23–34. IEEE Computer Society, 2000.6. T. Mossakowski, S. Autexier, and D. Hutter. Development graphs - proof manage-ment for structured specifications.
Journal of Logic and Algebraic Programming,special issue on Algebraic Specification and Development Techniques , 67(1-2):114–145, april 2006.7. I. Normann and M. Kohlhase. Extended formula normalization for (cid:15) -retrievaland sharing of mathematical knowledge. In
Towards Mechanized MathematicalAssistants (Calculemus/MKM) . Springer, LNCS 4573, 2007.8. A. Riazanov and A. Tchaltsev. Reusable tptp parser in java. , 2007.4 Serge Autexier and Dieter Hutter9. G. Sutcliffe. The TPTP World - Infrastructure for Automated Reasoning. InE. Clarke and A. Voronkov, editors,
Proceedings of the 16th International Confer-ence on Logic for Programming Artificial Intelligence and Reasoning , number 6355in LNAI, pages 1–12. Springer-Verlag, 2010.10. A. Trybulec. On the sets inhabited by numbers.
Journal of Formalized Mathemat-ics , 15, 2003. http://mizar.uwb.edu.pl/JFM/Vol15/membered.html . Proof of Theorem 1 (Structure Preservation)
Horizontal Split
It holds trivially that
Dom D = Dom D (cid:48) . – loc (cid:48) is surjective because by construction each N i , i = 1 , . . . , k has a localentity. Furthermore, for each N i and each e ∈ dom N i holds loc (cid:48) ( e ) = N i byconstruction. Furthermore, since loc − ( N ) = dom N , none of the incominglinks into N provided any entity, and consequently none of the incominglinks into N , . . . , N k do. Hence, loc (cid:48)− ( N i ) = dom N i , i = 1 , dom N := dom N (cid:93) . . . (cid:93) dom N k , loc (cid:48) ( e ) is unique for e ∈ dom N . – If N is not a top-level node in D , then Dom (cid:100)D (cid:48) (cid:101) = Dom (cid:100)D(cid:101) = Σ (cid:93) Ax (cid:93) Lem because the domains of nodes reachable from N are not affected by thehorizontal split. If N is a top-level node, then all N i with 1 ≤ i ≤ k aretop-level nodes. Since dom N = dom N (cid:93) . . . (cid:93) dom N k and Imports D ( N ) = Imports D (cid:48) ( N ) = . . . = Imports D (cid:48) ( N k ), it holds Dom D ( N ) = dom N ∪ Imports D ( N ) = dom N ∪ . . . dom N k ∪ Imports D ( N )= dom N ∪ . . . dom N k ∪ Imports D (cid:48) ( N ) ∪ . . . ∪ Imports D (cid:48) ( N k )= dom N ∪ Imports D (cid:48) ( N ) ∪ . . . ∪ dom N k ∪ Imports D (cid:48) ( N k )= Dom D (cid:48) ( N ) ∪ . . . ∪ Dom D (cid:48) ( N k )Thus, Dom (cid:100)D (cid:48) (cid:101) = Dom (cid:100)D(cid:101) = Σ (cid:93) Ax (cid:93) Lem . – Assume φ ∈ Lem D and ψ ∈ Supp ( φ ). If loc D ( ψ ) (cid:54) = N and loc D ( φ ) (cid:54) = N , thenboth loc D ( ψ ) , loc D ( φ ) are in D (cid:48) and we consider p : loc D ( ψ ) (cid:95)(cid:63) σ (cid:43) (cid:51) loc D ( φ ). If N ∈ p then p := [ p , M θ (cid:43) (cid:51) N τ (cid:43) (cid:51) M (cid:48) , p ] and by construction the path[ p , M θ (cid:43) (cid:51) N i τ | Dom Ni (cid:43) (cid:51) M (cid:48) , p ] are in D (cid:48) for 1 ≤ i ≤ k . Since loc D ( ψ ) (cid:54) = N ,each τ | Dom Ni behaves equivalently on the image of ψ imported in N i andhence loc D (cid:48) ( ψ ) (cid:95)(cid:63) σ (cid:48) (cid:43) (cid:51) loc D (cid:48) ( φ ) for some σ (cid:48) such that σ (cid:48) ( ψ ) = σ ( ψ ). If N (cid:54)∈ p ,then p is also a path in D (cid:48) and loc D (cid:48) ( ψ ) (cid:95)(cid:63) σ (cid:43) (cid:51) loc D (cid:48) ( φ ) holds trivially.If loc D ( φ ) = N then since all N i are mutually lemma independent, withoutloss of generality we can assume φ ∈ ax N ∪ lem N and this loc (cid:48)D (cid:48) ( φ ) = N .If loc D ( ψ ) = N , then ψ (cid:48) ∈ ax N ∪ lem N because N is lemma independent.Thus, loc (cid:48)D (cid:48) ( ψ ) = N and loc (cid:48)D (cid:48) ( ψ ) = N (cid:95)(cid:63) id (cid:43) (cid:51) N = loc (cid:48)D (cid:48) ( φ ) holds trivially.Otherwise, loc D ( ψ ) = loc (cid:48)D (cid:48) ( ψ ) and since N was reachable from loc D ( ψ ) byconstruction N is also reachable from loc (cid:48)D (cid:48) ( ψ ). tructure Formation in Large Theories 15 Vertical Split–
First, we have to prove that loc (cid:48) is a location mapping. loc (cid:48) is surjectivebecause by construction each node N i (with i = 1 ,
2) has some local entity e ∈ dom N i . Thus loc (cid:48) ( e ) = N i and N i is in the range of loc (cid:48) . Furthermore, ∀ e ∈ dom N i . loc (cid:48) ( e ) = N i holds by definition. Finally, let e ∈ Dom D (cid:48) = Dom D : loc (cid:48) ( e ) = N i implies loc ( e ) = N and therefore there is no node in N \ { N } which provides e . Furthermore, since N id (cid:43) (cid:51) N ∈ L (cid:48) , N and N cannot provide the same entity e . – By definition ∀ e ∈ dom N i implies loc (cid:48) ( e ) = N i for i = 1 , D (cid:48) . For allother nodes in D (cid:48) \ { N , N } the property is inherited by ( D , loc , Supp ) beinga structuring and loc ( e ) = loc (cid:48) ( e ) if loc ( e ) (cid:54) = N . – Since
Dom D ( N ) = Dom D (cid:48) ( N ) and N (cid:95)(cid:63) σ (cid:43) (cid:51) M ∈ D iff N (cid:95)(cid:63) σ (cid:43) (cid:51) M ∈ D (cid:48) Dom (cid:100)D(cid:101) = Dom (cid:100)D (cid:48) (cid:101) . – Suppose φ ∈ Lem D , ψ ∈ Supp ( φ ) with loc ( φ ) = M and loc ( ψ ) = M (cid:48) . If N (cid:54)∈{ M, M (cid:48) } then loc (cid:48) ( φ ) = M , loc (cid:48) ( ψ ) = M (cid:48) and M (cid:95)(cid:63) σ (cid:43) (cid:51) M (cid:48) in D (cid:48) trivially.If M = N and M (cid:48) (cid:54) = N then loc (cid:48) ( φ ) ∈ { N , N } , and again N i (cid:95)(cid:63) σ (cid:43) (cid:51) M (cid:48) in D (cid:48) . The case of M (cid:54) = N and M (cid:48) = N is proven analogously. We are left withthe case of M = M (cid:48) = N .Since N is independent of N , it holds that for all φ (cid:48) ∈ ax N ∪ lem N . Supp ( φ ) ∩ ( ax N ∪ lem N ) = ∅ .Thus φ ∈ ax N ∪ lem N implies that ψ ∈ ax N ∪ lem N as well and N (cid:95)(cid:63) id (cid:43) (cid:51) N holds trivially. (cid:117)(cid:116) Factorization–
We have to prove that loc (cid:48) is a location mapping. First, we prove that loc (cid:48) is surjective. For any node K ∈ N (cid:48) \ { N, N , . . . N p } loc − ( K ) = loc − ( K )holds. Since sig N ∪ ax N (cid:54) = ∅ but ( sig N ∪ ax N ) ∩ Dom D = ∅ it holds that sig N ∪ ax N ⊆ loc (cid:48)− ( N ). Furthermore, sig M j ∪ ax M j ⊆ loc (cid:48)− ( N j ) since sig M j ∪ ax M j ⊆ θ j ( sig N ∪ ax N ) and θ j ( sig N ∪ ax N ) ∩ ( sig N ∪ ax N ) = ∅ .Second we have to prove ∀ K ∈ N (cid:48) . ∀ e ∈ dom K . loc (cid:48) ( e ) = K holds. If K (cid:54)∈ { N, N , . . . N p } then loc (cid:48) ( e ) = loc ( e ) = K . If K = N then dom N ∈ Dom D (cid:48) ( N ) and dom N (cid:54)∈ Dom D ( K i ) for i = 1 , . . . , n because dom N ∩ Dom D = ∅ . Thus ∀ e ∈ dom N . loc (cid:48) D (cid:48) ( e ) = N . Finally, if K = N j then dom N j = lem M j \ θ j ( lem ) In particular, dom N j ∩ Dom D (cid:48) ( N ) = ∅ implyingthat loc (cid:48) D (cid:48) ( e ) = N j for all e ∈ dom N j .Third, we prove that all e ∈ Dom DG (cid:48) are provided by a unique node. Theonly interesting case is that e is provided by N or some N j . In case of N both dom N and also entries provided by some link from K i are by definition notin Dom D and thus not provided by any node already in D but by definitionalso not provided by N j . It remains the case that an entry e is provided bytwo nodes N i and N j . Since all e ∈ Dom DG were provided by a unique node,this implies that e has to be a mapped lemma of N but that violates theprecondition that each θ i has to map e into a different entity. – Next we prove that D and D (cid:48) coincide in the entities they provide at theirmaximal nodes. Since N is not a maximal node, it is sufficient to prove that N j and M j coincide in their provided entities: Dom D (cid:48) ( N j ) = lem M j \ θ j ( lem ) ∪ (cid:91) { σ ( Dom D (cid:48) ( K )) | K σ (cid:43) (cid:51) N j } = lem M j \ θ j ( lem ) ∪ (cid:91) { σ ( Dom D (cid:48) ( K )) | K σ (cid:43) (cid:51) N j , K (cid:54) = N }∪ θ j ( sig ) ∪ θ j ( ax ) ∪ θ j ( lem ) ∪ (cid:91) { σ i,j ( Dom D ( K i,j )) | i = 1 ...n } = lem M j ∪ sig M j ∪ ax M j ∪ (cid:91) { σ ( Dom D ( K )) | K σ (cid:43) (cid:51) M j , K (cid:54) = K i , σ (cid:54) = σ i,j }∪ (cid:91) { σ i,j ( Dom D ( K i,j )) | i = 1 ...n } ∪ θ j ( lem )= Dom D ( M j ) ∪ θ j ( lem ) . – Suppose φ ∈ Lem D (cid:48) and ψ ∈ Supp D (cid:48) ( φ ). If loc (cid:48) ( φ ) , loc (cid:48) ( ψ ) (cid:54)∈ { N, N , . . . N p } then loc (cid:48) ( φ ) = loc ( φ ) and loc (cid:48) ( ψ ) = loc ( ψ ) and therefore, ∃ σ. loc ( ψ ) (cid:95)(cid:63) σ (cid:43) (cid:51) loc ( φ )with σ ( ψ ) = ψ in D . Since D (cid:48) inherits all links away from M , . . . M p andpaths travesing some K i and M j can be mapped to paths traversing K i , N , and N j . ∃ σ. loc (cid:48) ( ψ ) (cid:95)(cid:63) σ (cid:43) (cid:51) loc (cid:48) ( φ ) with σ ( ψ ) = ψ also in D (cid:48) - Next, let loc (cid:48) ( φ ) = N j : by definition we know that φ ∈ M j and Supp ( φ ) ⊆ Dom D ( M j ).Since Dom D ( M j ) ⊆ Dom D (cid:48) ( N j ) we know that Supp (cid:48) ( φ ) = Supp ( φ ) ⊆ Dom D (cid:48) ( N j ) and thus ∀ ψ ∈ Supp (cid:48) ( φ ) . loc (cid:48) ( ψ ) (cid:95)(cid:63) σ (cid:43) (cid:51) N j with σ ( ψ ) = ψ . Fi-nally, let loc (cid:48) ( φ ) = N . Then Supp N ⊆ Supp (cid:48) is a support mapping for φ inparticular. Transitive enrichment
Obviously, the inclusion of the global link does not affect the visibility (e.g.
Dom ) of any node in N nor the local entities provided by the individual nodes(i.e. dom ). Hence, all properties of a structuring are trivially forwarded to theenriched structuring. Removable link–
We have to prove that loc is also a location mapping for D (cid:48) . It holds that ∀ N ∈ N . loc D ( N ) = loc D (cid:48) ( N ) since dom ( N ) remains unchanged and alsoall e ∈ loc D ( N ) that are exclusively provided by some link in D are stillprovided exclusively in D (cid:48) . Thus, loc is also surjective in D (cid:48) , also ∀ N ∈N . ∀ e ∈ dom N . loc D (cid:48) ( e ) = loc D ( e ) = N and ∀ e ∈ Dom D (cid:48) . loc D (cid:48) ( e ) is theonly node providing e . – D (cid:48) and D (cid:48) coincide in the entities they provide at their maximal nodes, whichis an immediate consequence of condition (2) of Def. 9. – Also ∀ φ ∈ Lem D (cid:48) . ∀ ψ ∈ Supp ( φ ) . ∃ σ. loc ( ψ ) (cid:95)(cid:63) σ (cid:43) (cid:51) loc ( φ ) ∧ σ ( ψ ) = ψ isimplied by condition (3) of Def. 9.isimplied by condition (3) of Def. 9.