Electronic Notes in Theoretical Computer Science 44 No. 3 (2003) URL: http://www.elsevier.nl/locate/entcs/volume44.html 22 pages

A graphical approach to relational reasoning1

Andrea Formisano 2

Dipartimento di Matematica e Informática, Universita di Perugia

Eugenio G. Omodeo 3

Dipartimento di Matematica e Pura ed Applicata, Universita di L'Aquila

Marta Simeoni4

Dipartimento di Informatica, Universita Ca' Foscari di Venezia

Abstract

Relational reasoning is concerned with relations over an unspecified domain of discourse. Two limitations to which it is customarily subject are: only dyadic relations are taken into account; all formulas are equations, having the same expressive power as first-order sentences in three variables. The relational formalism inherits from the Peirce-Schroder tradition, through contributions of Tarski and many others.

Algebraic manipulation of relational expressions (equations in particular) is much less natural than developing inferences in first-order logic; it may in fact appear to be overly machine-oriented for direct hand-based exploitation.

The situation radically changes when one resorts to a convenient representation of relations based on labeled graphs. The paper provides details of this representation, which abstracts w.r.t. inessential features of expressions.

Formal techniques illustrating three uses of the graph representation of relations are discussed: one technique deals with translating first-order specifications into the calculus of relations; another one, with inferring equalities within this calculus with the aid of convenient diagram-rewriting rules; a third one with checking, in the specialized framework of set theory, the definability of particular set operations. Examples of use of these techniques are produced; moreover, a promising approach to mechanization of graphical relational reasoning is outlined.

Key words: Formalized reasoning, algebra of dyadic relations, labeled multi-graphs, Peircean existential diagrams, graph transformation.

©2003 Published by Elsevier Science B. V.

1 Background

The graphs, he wrote, "put before us moving pictures of thought." They render the structure "literally visible before one's very eyes." In doing this they free the structure from all the "puerilities about words" with which so many English logical works are strewn. "Often not merely strewn with them," he adds, "but buried so deep in them, as by a great snowstorm, as to obstruct the reader's passage and render it fatiguing in the extreme." ( From [20],5 p.56)

Refined designs of the arithmetic of dyadic relations and related research, constitute the most traditional and lasting effort to bridge first-order predicate reasoning with purely equational reasoning [39,41].

Several axiomatizations of the algebra of relations are available (see, among others, [9,28,36,35,38]); our own, shown in Fig. 1, is conceived with the aim of providing support to theorem-proving activities based on a state-of-the-art proof assistant. These axioms will be left 'behind the scene' after this section, because the authors envision a diagrammatic approach to relational reasoning in place of a merely logical or algebraic symbolic manipulation system. 6

The equalities in the fixed initial endowment of axioms, describing the full variety of dyadic relations over a generic domain U of discourse, are called logical axioms.

Further axioms, added to the logical ones, lead to algebraic characterizations of specific domains and data structures: at varying degrees of mathematical abstraction, one has general classes and sets, hereditarily finite sets, trees, nested or flat lists, lines subjected to editing, etc.—cf. [6,18]. These, which are called proper axioms, state the properties of context-specific relations, e.g., car and cdr in the case of lists, and membership, e, in the case of sets. Typically, proper axioms are ground, i.e. devoid of the variables that occur in the logical axioms; 7 usually they involve, in addition to the standard constructs of relation algebra, the symbol(s) characteristic of the application, e.g. £.

The intended meaning of the axioms in Fig. 1 is as follows: one refers to a nonempty domain U, and thinks that the variables (P, Q, and R) occurring

1 This research was partially funded by the Italian CNR (coordinated project log(SETA)); by MURST PGR-2000; by the EC TMR Network GETGRATS; and by Esprit Working Group APPLIGRAPH.

2 Email:formis@dipmat.unipg.it

3 Email:omodeo@univaq.it

4 Email:simeoni@dsi.unive.it

5 The author quoted by Martin Gardner is the American philosopher Charles Sanders Peirce (1839-1914), whose work on existential graphs (cf. [26,24]) is likely to have a kinship with ours, presented in this paper and in [6,8].

6 Due to space limitations, the authors had to indulge to 'puerilities about words' much more in drawing up the article than in the paper-and-pencil preparatory work.

7 A non-ground axiom could be the algebraic rendering of what would be an axiom scheme in a specification based on first-order predicate logic.

symbol : = C x T I e n A - - — U

degree : 2 2 0 0 0 0 2 2 2 1 1 2 2

priority : 1 1 5 3 6 7 2 2

P U Q =Def (P A Q) A (P n Q) P — Q =Def P A (P n Q )

P =Def P =Def P A T P C Q =Def P n Q = P

funcPart( P) =Def P — (P ; I) tOt( P ) =Def P A P ; T

Func( P) =Def funcPart( P) = P Total(P) =Def P;T = T

P n Q = QnP

(P n (Q A R)) A (P n Q) = PnR

(P *i Q) *i R = P *1 (Q *1 R)

I; P = P

P-- = P

(P *2 Q r = Q- *2 P-

(P U Q ); R = (Q ; R) U (P; R)

( P- ; ( R —( P;Q ))) n Q = x

★i G {A, n,;} and *2 G |n,;} Figure 1. Operators and axioms for relation algebras.

in the axioms range over all subsets of the Cartesian square U2 =Def UxW. The following designation rules recursively extend an interpretation 3 from the immediate subexpressions of a given expression to the expression itself:

x3 =Def 0, T3 =Def U2, I3 =Def {[a, a]: a in U};

(QnR)3 =Def { [a, b] in U2 : aQ3 b and aR3 b };

(QAR)3 =Def { [a, b] in U2 : aQ3 b if and only if not aR3 b };

(Q;R)3 =Def { [a, b] in U2 : there exist cs in U for which aQ3c and cR3b};

(Q-)3 =Def { [b, a] in U2 : aQ3b} .

Any non-logical symbol, such as 6, in the language of the algebra of relations, is not constrained in the least by the above rules. One must hence assign explicitly an interpretation to each such symbol (e.g., a value 63 C U2, in short G, must be given to the sign 6), before the relation on U that corresponds to each ground expression of the language becomes uniquely determined.

The proper axioms that one adds to the logical axioms are to reflect one's conception of the meaning of the non-logical symbols (e.g., in the case of 6

they must state that U is a hierarchy of nested sets over which e behaves as membership).

Remark 1.1 The law, 8_ P"; ( R A R n P;Q) n Q = X, is closely related to the law P"; P;Q U Q = Q known from the work of Peirce and Schroder (see, for instance, [36,41]). Our adoption of a different set of primitive constructs motivated the introduction of this law which, moreover, permits a concise characterization of the constant X by means of a single axiom.

2 A graphical representation for dyadic relations

It is useful (cf. [5]) to represent a relational expression P, an identity P = T or, more generally, an existentially quantified conjunction ^ of literals, by a so-called existential graph, which is a directed multi-graph whose edges are labeled by expressions of the algebra of relations. To see the most immediate way of doing this, let us assume that ^ is composed by atoms of the form xPy, where x and y are individual variables (ranging over the domain U of discourse), and P is a relation of the kind discussed in Sec. 1. (Equality atoms Q = R have been rewritten already in the form xT;( QAR);Ty, negative literals in the form xQy; moreover, free variables may occur in ^ intermixed with existentially quantified variables.) A directed multi-graph Gv representing ^ is built up so that:

1) Gv has a node vx for each distinct variable x occurring in

2) for each literal xPy in the conjunction there is a labeled edge [vx, P, vy] leading from node vx to node vy; and

3) the nodes of Gv are subdivided into two sets: the ones that correspond to the existential variables in called bound nodes, and all remaining nodes.

A chain of transformations can then be applied to any graph obtained in this standard fashion, by the following rules, which manifestly preserve the meaning of the graph (these rules are graphically shown in Fig. 2 where we used black circles to represent bound nodes, and white circles to represent the remaining ones):

(1) An edge [v, T, v'] can be removed or created between nodes v, v'.

(2) An edge [v, P, v'] can be converted into [v', Q, v] where either P = Q" or Q = P" or P = Q = I. 9

8 We are now getting rid of redundant parentheses by exploiting the conventions on priority introduced in Fig. 1. The priorities we adopt for the Boolean constructs reflect the (abstract) algebraic traditional approach, where A and n act as additive and multiplicative operators of Boolean algebras, respectively (cf. [27], pp.208-211). On the other hand, w.r.t. Peircean constructs, we inherit the well established convention adopted, for instance, in [21]

9 Primarily, this 'conversion' is intended as an edge-replacement rule; however, it could also be intended in the sense that [v',Q,v] is added to the graph without [v, P, v'] being removed.

(3) Two edges [v, P, v'] and [v, Q, v'] can be replaced by the single edge [v, PnQ, v'] and conversely.

(4) If [v, P, v'] and [v', Q, v''] are the only edges involving the bound node v', then they can be replaced by the single edge [v, P;Q, v'']; conversely, an edge [v, P;Q, v''] can be replaced by two edges [v, P, v'] and [v', Q, v''] where v' is a new bound node.

(5) An edge [v, I, v'], where either v' is a bound node with degree 1,10 or v' = v, can be deleted; conversely, an edge [v, I, v'] where either v' is a new bound node or v' = v can be created.

(6) An edge [v', Q, v] (respectively, [v, Q, v']) can be replaced by an edge [v', Q, v''] (resp., [v'',Q,v']) when there is an edge [v, I,v''] distinct from [v',Q,v] (resp., from [v, Q,v']).

(7) An isolated bound node can be deleted or created.

(1) o o ^ o—1—-o

(2) o—-—-o ^ o-—-—o

(3) cxT^^^To ^ o^—-o

(4) o-^ •-g-o & o—^—-o

Figure 2. Some simple rewriting rules

These basic actions can be packaged into relatively complex transformation rules, tactics, and even algorithms of some sophistication, which preserve the meaning of the representation. At the lowest level one may place, e.g.: a rule that shifts, in a single move, several edges attached to one extreme of an edge labeled Pnl to the other extreme; a rule that converts [v, Pnl, v] (resp., [v, P;I,v']) into [v, P, v] (resp., [v, P, v']); one that converts [v, P;Q",v] into [v, PnQ, v'] where v' is new and bound; etc.

At a slightly higher level, one can eliminate multiple labeled edges [v, P, v'] sharing the same two endpoints v, v', through systematic use of action 3, thus reducing the multi-graph to a graph proper. At the same level, one can eliminate all loop-edges [v, P, v] by introducing, for each of them, a new bound node v' along with an edge [v, PnI, v'].

Example 2.1 Consider the following graphs:

As usual, the degree of a node is the number of edges incident on it.

^^ z n^^ # z n %

(a) (b) (c)

The graph (a) can be transformed first into the loop-free multi-graph (b) and then into the graph (c). □

A further level up, one has an algorithm for associating a planar (multi-)graph G to a given expression P of the calculus of relations. Two designated nodes s0 and s1, named source and sink, will represent the two arguments of P, and every node distinct from these two will be regarded as being bound.

Algorithm. (Graph fattening) Given P, one proceeds non-deterministically to construct G, s0, s1, as follows: either

• G consists of a single edge, labeled P, leading from s0 to s1; or

• P has the form Q-, and G, s1, s0 (with source and sink interchanged) represents Q; or

• P is of the form Q;R, the disjoint graphs G', s0, s'2 and G", s'2', s1 represent Q and R respectively, and one obtains G by combination of G' with G'' by 'gluing' s2' onto s'2 to form a single node; or

• P is of the form QnR, the disjoint graphs G', s0, s/1 and G'', s0', s'1' represent Q and R respectively, and one obtains G from G' and G'' by gluing s0' onto s0 to form s0 and by gluing s1' onto s1 to form s1.

(The name of this algorithm refers to the possible choice of resorting to the first alternative only when no other alternative is viable, so that the 'fattest' possible graph is obtained.) □

As an additional convention related to this algorithm, one can either 11

VV: label both s0 and s1 by V, to convert a representation G, s0, s1 of P into a representation of the equality P = T (which corresponds to the first-order sentence (Vx)(Vy)(xPy)); or

V3: label the source by V and the sink by 3, to represent the statement Total(P), which is a short for P;T = T (i.e., (Vx)(3y)(xPy)); or

33: label both s0 and s1 by 3, to represent the inequality P = X, which is a short for the equality Total(T;P) (i.e., (3x)(3y)(xPy)); or

—33: label the source by —3 and the sink by 3, to represent the equality P = X (i.e., —(3x)(3y)(xPy)).

11 Graphs with source and sink labeled 3 and V respectively will not be treated, and they do not seem to fit well in our framework. Currently, we see them as unstable structures that immediately decay into V3-graphs (by interchange of the source with the sink), with considerable loss of information.

Thus, for example, the following graph states that f fulfills both I C f;f and f HI =

(V) 1 ......•-^-* 0)

As the example shows, we represent bound nodes by black circles. An edge is usually represented in drawings by a solid arrow, with the label written next to it. When the arrow is dotted, the associated label P is denoted simply as P. Simple graph-rewriting rules related to this convention are:

w O---" O ^ O...........p.........^O

(2) o—-—-O ^ O...........13.........^o

Remark 2.2 Obvious rules enabling one to displace source and sink are:

- In a graph of type 33 or —33, the roles of source and sink can indifferently be played by any two distinct nodes;

- in a graph of type W, source and sink can swap their roles;

- in a graph of type V3, the role of sink can be played by any node distinct from the source, e.g.,

The above discussion does not address issues related to the operators A and U. Concerning these constructs, we only marginally mention two rules to which it will at times useful to resort (perhaps tacitly):

(8) Suppose there is an edge [v, P, v']. Then any edge [v, P, v''] with v' ^ v'' can be replaced by [v, tot( P ),v"], i.e. by [v, PAP;T,v"], and conversely.

(9) If [v', PUQ, v], [v, R, v"] are the only edges involving the bound node v, they can be replaced by an edge [v', P;RUQ;R, v'']; and conversely.

3 Translating first-order logic into the calculus of relations

As is well known (cf. [41]), a sentence a of dyadic first-order logic can be translated into a ground (relational) equation if and only if a is logically equivalent to a sentence involving at most three distinct variables. This characterization of translatable sentences is, alas, not very useful in practice: establishing whether a given a belongs to this collection is in fact an undecidable problem (cf. [33]). Notwithstanding, conservative translation techniques can be de-

vised to partially solve the problem. One such technique, originally described in [18], is recalled here for ease of the reader:

Algorithm. (Graph thinning) An existentially quantified conjunction ^ of literals of the form xPy is given (cf. Sec. 2). The goal is to find a quantifier-free conjunction —or simply an atom, if there are at most two free variables in ^— equivalent to Initially, a directed and labeled multi-graph Gv representing ^ by the usual conventions is built up, then it is normalized by elimination of loop-edges, and finally it is rendered a graph by fusion of multiple edges between the same nodes (cf. Example 2.1).

This Gv and its labels will be manipulated as stated below, with the aim of eliminating as many bound nodes as possible. This elimination (which represents the elimination of existential quantifiers from is performed by repeatedly applying two graph-transformation rules (see also Fig. 3):

bypass rule. Let v be a bound node with degree 2 and let [v', P, v] and [v, Q, v''] be the edges adjacent to it, suitably re-oriented (by rule 2. of Sec. 2) so that the former enters and the latter leaves v. Then the node v and its edges are removed, and a new labeled edge, [v',P;Q, v''], takes their place in the graph. If an edge with endpoints v', v'' existed already, then, after being re-oriented to comply with the orientation [v',v''], it gets fused with the new edge by the rule 3 of Sec. 2.

bigamy rule. The rule applies to a bound node v having just one adjacent edge. Let v, v' be the endpoints of this edge, and assume there exist a node v'' ^ v and an edge with endpoints v', v''. Then, the bigamy rule behaves as if there were an edge [v, T, v''] labeled T, performing bypass of the node v.

The bypass rule:

O^.^.o * o—-o

The bigamy rule:

O rn-^O * O T"QnR—-O

Figure 3. The bypass rule and the bigamy rule

The process ends when no further applications of the above rules can be carried out. If the resulting graph has no bound nodes of degree greater than 1, the sought conjunction can be directly read off the graph, else we have a failure. □

It has been proved that this algorithm has complexity 0(|N^| log |N^|)

(where N is the set of all nodes of G^), and that a crucial confluence property holds: the order in which bypass and bigamy actions are performed is immaterial [6].

In Sec. 6 we will briefly report on a 'graphical' implementation of this algorithm.

Let us see through two examples how the above-outlined algorithm works:

• the first example will refer to the theory of natural numbers with successor operation s (cf. [15,18]).

• the other example will refer to a theory of nested sets.

Example 3.1 Rules for evaluating 2U = V and 2 U = V in the theory of

successor are: _

twoTo(0, s 0)

twice(sX,ssY) ^ twice(X,Y) twice(0,0)

twoTo(s X,V) ^ twoTo(X, Z), twice(Z, V)

We begin by rectifying (cf. [42]) these Horn clauses into U twoTo V ^ U z W, U s V U twoTo V ^ X s U, X twoTo Z, Z twice V U twice V ^ U z V

U twice V ^ X s U, Y s W, W s V, X twice Y where z represents the predicate {[0, 0]}.

Through graph-thinning, one easily obtains corresponding inclusions: z ; T H s C twoTo, z C twice,

s" ; twoTo ; twice C twoTo, s" ; twice ; s ; s C twice, Fig. 4 zooms in on the details of the translation of the two clauses regarding twoTo.

Then we can condense the inclusions into equalities:

twoTo = z ; T H s A s" ; twoTo ; twice;

twice = z A s" ; twice ; s ; s.

(We are replacing, e.g., the inclusion z ; T H s U s"; twoTo ; twice C twoTo by the former equality by the closed-world assumption [40] and by virtue of the disjointness of the operands of U.) □

Example 3.2 In set theory, the possibility to build the pair

{ Y\{X}, Y U{X} }

(0): directly from the clause body

(0'): transient between

(0) and (1) O

(1): by applying bigamy to (0)

(a): directly from

the clause body vJ

z;Tfls

(b): by applying bypass twice

s" ; twoTo a twice

s" ; twoTo : * W ; twice

Figure 4. Steps of the translation of the clauses defining twoTo (cf. Example 3.1) out of given sets X and Y can be formulated by the sentence (1) 3 d (V GdAV u ( u = X ^3 v 3 w (uGvGdAuGwGd ))) .

This statement is rendered by the graph

1:toggles........ +_G_(V)

Joggle^-^

inside which one has the following 'grafting' of toggles:

.......G.................^^

Here the expressions on the dotted edges must be complemented, so that two bypass actions give us that toggles = Def G;GHG;G. Then the translation of (1) turns out to be (toggles — I; toggles) ; G" = T. □

4 Inferring equalities within the calculus of relations

Deriving new equalities from proper axioms, and from laws already known, can to a large extent be viewed as a graph-rewriting activity. W.l.o.g. (cf. Fig. 5(1),(2)), let us assume momentarily that only existential graphs of the two types VV and —33, respectively called positive and negative graphs, are exploited to represent premises and conclusions, known laws, theses, etc.

From this perspective, inference mechanisms are seen as graph-rewriting rules and techniques: in forward reasoning, they are used to transform premises into conclusions; in backward reasoning, to reduce theses —'goals', as they are often called— into simpler goals and, ultimately, into known and perhaps ob-

vious facts.

As a basic principle, it is legitimate to replace a positive goal by a more demanding one, and a negative goal by one less demanding. E.g., new labeled edges can be added at will to a positive goal, whereas edges can be removed from a negative goal. Solving the new goal, although not necessarily equivalent to solving the previous goal, will in fact suffice for the purpose. Quite often a negative premise represents an inclusion P C Q; therefore, if a subgraph of a positive goal matches the part of the premise which represents Q, then it can be replaced by the part representing P; in a negative goal, on the opposite, Q may replace P (cf. Fig. 5(6)).

The following rule is conceived of in the same frame of mind:

• Let a VV-premise G be fully decomposable into subgraphs G0, Gi such that the source v is an articulation node between the two, and the sink v' belongs to G1. Then one can infer any V3-graph obtained from G by gluing the sink v' onto any node of G0 (even onto v), and by choosing as new sink any node distinct from the source (cf., e.g., Fig. 5(5)).

Without entering into further detail on such generalities, we limit ourselves to specifying a few inference rules in the form of graph-rewriting rules in Fig. 5 (cf. also Figures 6 and 7).

Example 4.1 The authors assessed the power of the above-proposed approach by means of a thorough set-theoretic case-study (cf. [7]): under weak set-theoretic axioms, including (1) of Example 3.2 and the extensionality axiom — £";£ C I (stating that 'sets are the same whose elements are the same'), they proved that specific relations A, p designate conjugated 'quasi-projections', in the sense which will be clarified in Sec. 5. The proof was certified by an automated (first-order) theorem-prover whose autonomy was not so high as to exempt the authors from providing many hints. The graphical approach was consistently and quite effectively exploited to obtain the proof outline needed to guide the prover. As a matter of fact, heuristic insight in devising proofs within the calculus of relations played a crucial role. □

5 Defining operations over sets

Set-abstraction terms are, by common usage, expressions of the form {t | ^ }, where t and ^ are a term and a formula in a first-order language suitable for the formalization of set theories. To simplify matters, let us assume here that t be a variable u, and that at most one variable x distinct from u may occur free in

Suppose the only basic constructs available (in addition to the standard first-order endowment of logical symbols, inclusive of =) are the membership relator £ and two monadic function symbols A, p. At the very least, the set-theoretic axioms must to ensure that the four laws

W ®—-—*© ^

(2) ^ (3) ®...........-.............^

Figure 5. Graphic representation of various inference macros

(Pair) A p = T, Func( A), Func( p), = T.

hold, where 3 =Def £". (We may summarize (Pair)123 by saying that A, p are conjugated quasi-projections.) Further axioms of the Zermelo-Fraenkel theory ZF (cf. [32]), such as extensionality (cf. Example 4.1), will be brought into play as the opportunity will arise.

The meaning of {u| is conveyed by the double implication u£{u| ^

generalizable into s£{u|^} ^ ^[s/u]. One cannot admit that { u always designates a set; e.g., by assuming that {u| u£u} exists, one would incur the well-known Russell's antinomy

{u| u£u}G{u| u£u} ^ {u| u£u}£{u| u£u}. On the other hand, one can peacefully assume that {u|u£xA-0} always designates a set.

The issue which will be addressed in this section is: given a formula ^ (within which x generally occurs free, along with u) how can one recognize that an abstraction term {u|^} designates a set, for every x? Otherwise stated: how can one establish, for such a given the totality of the relation holding between x and y iff V u(^ ^ u£y)? When this relation is total, then by extensionality there will be exactly one y corresponding to each x, and hence the 'abstractor' {u|^} will define an operation over the universe of all sets: this is why the question we have raised deserves some interest (see also [22], and [2]).

We find it comfortable to address the question in the framework of our calculus, where the role of abstraction terms will be played by relational expressions of the form

F(P) =Def d(P) — P;£, 164

in which d(P) =DBf P¡g. Thus we have

x F(P) y ^ (Vu (xPu ^ uGy) A Vu (uGy ^ xPu)) ^ { u | xP u }=y.

Tricks to prove the totality of relations

By studying numerous cases, we have discovered the following fundamental tactic rules to obtain equalities of the form Total( T), i.e. T¡T = T, from the axioms of Fig. 1 enhanced by the split rule12 P = X V T;P¡T = T and by proper axioms—set-theoretic axioms in our privileged scenario of case-studies.

T0: tot(T), i.e. TAT¡T, is total for any relational expression T.

T1: If there is a Q such that both Q—T = X and Total( Q) are derivable, then Total(T) holds.

T2: If there is a Q such that Total(T;Q) is derivable, then Total(T) holds.

T3: If there are P, Q, Ro,Ri such that T = P;RonQ;Ri, Total( P), Total( Q), and R0;Ri = T are derivable, one can conclude that Total(T).

T4: It can be assumed that either Total(P) or Total(T;P") holds, for any relational expression P. □

These rules, depicted in Fig. 6, with the aid of similar ones related to inclusion —see Fig. 7—, easily yield additional tactic rules, e.g.,

T0': Both T and I are total.

T3': By singling out P, R such that T = P;R, Total( P), and Total( R) are derivable, one can conclude that Total(T).

T4': Either Total( Q) or Total( Q") can be assumed, for any relational expression Q.

T5': When TnT" = X is known to hold, one can conclude that Total(T).

"-■■■... T D 'k V

T2: /TT\ T m Q ^ ® T , P)

vD • " liU 1 yJ

* viy vO * P

T3: ®x )© Ri

Figure 6. Inference rules for totality of relations

12 Although inessential, the split rule plays at times a useful technical role.

Examples 5.1

(i) To obtain Total( £ ) from (Pair), we reduce it to Total( £;T) through T2, then to Total( £;3) through T1, in view of the obvious equality £;3 — £;T = X. Since £;3 = T holds by (Pair)4, we conclude as desired with T0'.

(ii) To obtain Total(d( PUQ)) from Func( P), Func( Q), and £;3 = T, we reduce it to Total(tot( P );£ Htot( Q );£ ) through T1, after verifying the inclusion tot( P );£Htot( Q );£ — d(PUQ) = X. Since both Total(tot( P)) and Total( tot( Q)) hold by T0, the desired goal is reached through T4, by £;3 = T. As a special case, we get Total(d( AUp)) from (Pair)2 3 4.

(iii) To derive Total(d(A;3Up)) from (Pair) taken along with the sum-set axiom of ZF, which is statable as Total( d( 33)) (cf. [17]), we reduce it to Total((tot( A);£Htot( p);£;£ );d( 3;3 )) through T1, after verifying the inclusion (tot( A );£Htot( p);£;£ );d( 3;3 )—d(A;3Up) = X. Since Total(tot( A)) and Total(tot( p)) hold by T0, and Total( £ ) holds (by (1) above), we get Total( tot( p);£ ) by T3', and hence

Total(tot( A);£Htot( p);£;£ ), thanks to T3 and to £;3 = T. We can conclude as desired, by T3'.

(iv) If we assume P and F( T) to be total, then from the axiom (Pair) 1 we get the totality of (P;A"Hp" );F( T) by exploiting the known fact p" = I;p" and resorting to T0', T3, and T3'.

(v) To see how T4' is derived from earlier tactics, we can proceed as follows. We know from T4 that either Total( Q) or Total ( T;Q ) holds. If it is

the latter alternative that holds, then I;Q holds by T1, thanks to the

easily verified inclusion T;R—I;R = X. Since I;Q = Q = Q" = Q", we conclude with T4'.

(vi) To see how T5' is derived from earlier tactics, notice that either Total(T) or Total(T") holds by T4'. If it is the latter alternative that holds, the tactic T1 gives us the totality of T anyhow, from the assumption THT" = X which yields T"—T = X. As a special case, we get the totality of £ in ZF, by the consequence £H3 = X of the postulated well-foundedness of membership. □

A strategy to define operations on sets

Let us now focus on the following subset axioms (also known as 'separation' axiom scheme) of ZF:

(S) Total( F( A;3Hp;S)).

This states that for every ordered pair x = (x0,x1) there exists a set { u£x0 | x1 Su}. We will discuss in the ongoing a versatile proof strategy for verifying theses of the form Total(F( R)). The strategy consists in singling

Figure 7. Five axioms and four inference rules for inclusion of relations

out relational expressions P, Q such that both of

Total( P ) and F( R ) = ( P¡A~np~) ; F( Aenp;Q ) are equalities easily derivable from the axioms. Graphically, the decomposition of F( R ) together of the totality thesis involved in it, can be rendered as follows:

The soundness of this strategy under (S) ensues from the analysis carried out in Example 5.1(iv).

For the choice of Q, in tuning the strategy to different situations, we will adopt one of the tactic rules below. One of them (the most obvious, and first in the list that follows) turns out to work in the totality of cases; the others —when applicable— are syntactically simpler:

Qro : Put Q = R.

Q1: If R = T0HT1, and P is fixed so as to fulfill P;3-T0 = X, put Q = T1.

Q2: If R = To;3HT1, and a P of the form tot( To ) is taken, put Q = To;THT1.

When no specific indication is given on the tactic for choosing Q, the choice Q^ is understood.

Let us now come to tactic rules for choosing P in our proof strategy re-

garding 'equalities' of the form Total( F( R)).

P1: Single out a (total) P such that the equality PnR;£ = X, or (equiva-lently) RnP¡9 = X is derivable.

P2: Single out a P and a T such that the equalities Total( P), P—d(T) = X and R—T = X are derivable.

(The explanation why this works is that Total(d(T)), and hence that d(T)nR;£ = X, follows from Total( P); thus we fall under the tactic P1).

Specializations of the latter tactic, simply consist in either

P2.a: taking a P = d( T) such that the equalities Total( d(T)) and R—T = X both are derivable; or

P2.b: taking a P = F( T) such that the equalities Total( F( T)) and R—T = X both are derivable.

Examples 5.2

(i) The existence of the null set (i.e., devoid of elements) can be stated as Total( F( X)). This can be proved without any particular strategy— indeed, (S) with S = X directly supplies the desired thesis.

(ii) The totality, Total( F( I)), of the operation x ^ {x}, can be proved by taking P = £ (cf. Example 5.1(i)) by the tactic P1: in fact £nl;£ = X obviously holds.

(iii) In order to prove that Total( F( funcPart( Z );9nT)) holds, it suffices to exploit the tactic Q2 by taking P = tot( funcPart( Z)) and Q = funcPart( Z );TnT.

(iv) Let us postulate that both Total( d( 9*9 )) and Total( d( )) hold. These are weak formulations of the sum-set axiom and of the power-set axiom. By virtue of (S), their stronger versions can be proved by the tactic P2.a (by taking T = and T = 9£) which yields Total( F( )) and Total( F( )), respectively.

Clearly, this argument can be applied whenever it is the case that Total( d( R)) holds and we want to prove that Total( F( R)) holds too.

(v) Any attempt to prove that Total( F( T)), i.e., the existence of a set comprising every set as a member, must fail. In fact, from the existence of this omnicomprehensive set, the existence of the antinomic Russell's set would follow: the latter could, in fact, be decomposed as

F( T( I — 9 )) = ( F( T );A"np") ; F( A;9nT;( I — 9 )) ,

where the totality of the third F( ■) ensues from the example in (3) above.

% -M [AGG VI .3.51!; □ X File Edit Edit Modes Transform EJEBUG Help

Node Type • O | Edge Type — |

G ra G ra s < * bypass of GraphThinning

<5> tSG) GraphTiiin TwoToEx IfiHRl sypass |L-R| invert |L-R| bigamy jggjg iimplel iL»R| -evByg < 1 11» jtht 4

\B=varx/ Esp = R \B=varY/ /2- \ Esp = (new MapStringO).bypass(P,Q,R) \

\B=varX/ \B=varY/

<1 ft:

FwoToExample of GraphThinning

Esp = "z" { X Esp = "s" f \ \B = 0/ \B = O/ 4 | | ►

itzxzm

Figure 8. The AGG user-interface displaying the 'graph thinning' grammar

6 Towards a graphical relational reasoner

In this section we outline current activity aimed at putting to trial simple graphical techniques for relational reasoning. A more detailed description of this approach is provided in [19] by means of a number of worked examples.

The main goal of ours is implementing the graphical techniques described so far on top of an automated tool for algebraic transformation developed at the TU Berlin, namely AGG (Attributed Graph Grammar, see [16] for a detailed description).

Applications based on graph-transformations are described by Agg graphgrammars; the latter consist of a start graph (initializing the system) and a set of graph-rewriting rules describing the transformations which can be performed. The Agg environment supports visual manipulation of such graphs and rules. The start graph, as well as the graphs of the rules, may be attributed by Java objects (i.e., instances of Java classes, either loaded from standard libraries or user-defined) and expressions which are evaluated during rule applications. This allows for a powerful combination of visual and textual programming.

Agg has a formal foundation based on the single-pushout approach to graph transformation as introduced in [34]. The approach owes its name to the algebraic construction used to define the basic derivation step, which is modeled by a pushout in the category of graphs and partial graph morphisms (cf. [14]).

The user interacts with the Agg environment through a graphical user interface which provides several visual editors, and an interpreter: the graphtransformation machine. Fig. 8 shows the main window of the Agg userinterface. On the left, the current graph-grammar is visualized: the user can

browse and inspect the rules and the start graph. The selected graph or rule is shown in the corresponding editor window, on the right: the upper editor displays the left- and right-hand sides of the rule, while the lower one displays the graph. A special attribute editor pops up whenever an object is selected for attribution.

Once a graph grammar has been formalized, Agg allows one to apply the graph transformation rules by providing two basic mechanisms: a) the user can select and apply one-by-one the rules; or b) Agg itself can perform automatically a complete run of transformations. In the latter case, the rules are selected following their order in the grammar; each single rule is repeatedly applied to the current graph, as much as possible, before the next one is taken into consideration.

The graph thinning algorithm has been implemented on top of Agg by specifying the graph grammar described in Sec. 3. In particular, Fig. 8 shows the Agg formalization of the bypass rule (cf. Fig. 3) and the start graph corresponding to the graph (0) in Fig. 4. The status of being a bound node is rendered in Agg by means of an attribute of the nodes (here, B=1 means that the corresponding node is bound). Attribution of arcs is exploited to manage labeling by relational expressions (the name of the attribute is Esp, in Fig. 8, while expressions are represented by Java strings).

Consider the left-hand side of the displayed rule. Whenever the value of an attribute has to be accessed for further use —e.g. to perform further elaboration in order to instantiate the attributes of the right-hand side during rule application— a variable is employed (in our example the variables are varX, varY, P, Q, and R). Notice that the value of Esp in the right-hand side of the bypass rule is obtained by calling a suitable Java method.

Our implementation of the graph thinning algorithm works well in practice. Actually, the translations described in Sec. 3 were among those obtained by exploiting Agg.

At the present time, Agg can be employed profitably as a proof-assistant or just as a semi-automated theorem prover for graphical reasoning. This is so because the default strategy provided for rule selection/application does not permit easy implementation of the standard search methods commonly exploited in theorem proving. As a matter of fact, the realization of a depth-first iterative deepening strategy combined with a best-first heuristic search (see [31]) is one of the challenging goals of our current research.

We plan to accomplish this intent also in collaboration with the research group that developed Agg, which is currently implementing a parser for Agg graph grammars.

7 Related work

Several approaches to the automation of relational reasoning have been proposed. Various tools supporting algebraic logic exist already. We would like to mention, at least, RALF, Libra, and RELVIEW. RALF is basically a graphical interactive proof assistant and proof checker: it allows the user to manipulate relation-algebraic formulas mainly by using substitution of equals for equals, weakening and strengthening (cf. [25]). The RELVIEW system (cf. [1]) offers a support for relational computation: assuming finiteness of domains and relations, it offers explicit and extensional representation of concrete relations and provides efficient implementation of the basic relational constructs. The Libra language (Lazy Interpreter of Binary Relational Algebra [13]) is a generalpurpose programming language based on the algebra of dyadic relations that offers immediate support to program specification.

A few graphical approaches to relational calculus have been proposed too. For instance, relational methods are exploited in [3,4] to tame the problem of circuit design. This goal is achieved by developing a pictorial representation of relational terms and by providing a (relational) semantics for pictures. Highlevel operations on pictures/circuits are rendered by transformation rules that ultimately correspond to the axioms/laws of the calculus.

In [12,23], a graphical representation by means of diagrams is proposed for all term-expressions of an equational theory of dyadic relations which does not involve complementation. A notion of reduction is given in terms of mor-phisms between diagrams. Normalization and decidability properties for this graphical framework are also provided.

Another graphical calculus for representation of and visual reasoning on mathematical formulas is proposed in [11]. In this approach the treatment of n and ; essentially coincides with ours; moreover, [11] introduces a set of graphical tranformation rules which turns out to have a large overlap with the rules exploited in our Graph-fattening algorithm; however, [11] does not deal explicitly with complementation and adopts a different treatment of inclusion.

The work of Kahl (cf. [29,30]) provides a more general approach to the graphical calculi of relations introduced by [3] and [11], by resorting to algebraic graph-rewriting techniques and concepts [10,14,34].

Acknowledgments

We are grateful to Olga Runge, Gabriele Taentzer, and Thorsten Schultzke for useful discussions and suggestions about the Agg system. We would like to thank Andrea Corradini, Wolfram Kahl, James Lipton, and Antonino Salibra for giving us many suggestions and useful references.

References

[1] Behnke, R., R. Berghammer and P. Schneider, Machine support of relational computations: The Kiel RELVIEW system, Tech. Rep. Bericht Nr. 9711, Institut fur Informatik und Praktische Mathematik, Christian-Albrechts-Universitat Kiel, Kiel, Germany (1997).

[2] Belinfante, J. G. F., Computer proofs in Godel's class theory with equational definitions for composite and cross, Journal of Automated Reasoning 22 (1999), pp. 311-339.

[3] Brown, C. and G. Hutton, Categories, allegories and circuit design, in: Proceedings, Ninth Annual IEEE Symposium on Logic in Computer Science, IEEE Computer Society Press, Paris, France, 1994, pp. 372-381.

[4] Brown, C. and A. Jeffrey, Allegories of circuits, in: Proc. Logic For Computer-Science (1994), pp. 56-68.

[5] Cantone, D., A. Cavarra and E. G. Omodeo, On existentially quantified conjunctions of atomic formulae of L+, in: M. P. Bonacina and U. Furbach, editors, Proceedings of the FTP97 International workshop on first-order theorem proving, 1997, pp. 45-52, RISC-Linz Report Series No.97-50.

[6] Cantone, D., A. Formisano, E. G. Omodeo and C. G. Zarba, Compiling dyadic first-order specifications into map algebra, in: Proceedings, of the 16th Twente Workshop on Language Technology—2nd AMAST Workshop Algebraic Methods in Language Processing (AMILP 2000), TWLT 16, University of Twente, 2000.

[7] Chiacchiaretta, A., A. Formisano and E. G. Omodeo, Benchmark #1 for equational set theory, in: Giornata "Analisi Sperimentale di Algoritmi per l'Intelligenza Artificiale", Roma, 1999.

[8] Chiacchiaretta, A., A. Formisano and E. G. Omodeo, Map reasoning through existential multigraphs, Tech. Rep. 05/00, Dipartimento di Matematica Pura ed Applicata, Universita di L'Aquila (2000).

[9] Chin, L. H. and A. Tarski, Distributive and modular laws in relation algebras, University of California Publications in Mathematics 1 (1951), pp. 341-384, new series.

[10] Corradini, A., U. Montanari, F. Rossi, H. Ehrig, R. Heckel and M. Lowe, Algebraic approaches to graph transformation I: Basic concepts and double pushout approach, in: Rozenberg [37] pp. 163-246.

[11] Curtis, S. and G. Lowe, Proofs with graphs, Science of Computer Programming 26 (1996), pp. 197-216, mathematics of program construction, Kloster Irsee, 1995.

[12] Dougherty, D. and C. Gutierrez, Normal forms and reduction for theories of binary relations, in: L. Bachmair, editor, Rewriting Techniques and Applications, 11th International Conference, RTA2000, Norwich, UK, July 2000, Proc., LNCS 1833 (2000), pp. 95-109.

[13] Dwyer, B., LIBRA: a Lazy Interpreter of Binary Relational Algebra, Tech. Rep. 95-10, Department of Computer Science University of Adelaide, (1995).

[14] Ehrig, H., R. Heckel, M. Korff, M. Lowe, L. Ribeiro, A. Wagner and A. Corradini, Algebraic approaches to graph transformation II: Single pushout approach and comparison with double pushout approach, in: Rozenberg [37] pp. 247-312.

[15] Enderton, H. B., "A Mathematical Introduction to Logic," Academic Press, New York and London, 1972.

[16] Ermel, C., M. Rudolf and G. Taentzer, The agg approach: Language and environment, in: H. Ehrig, G. Engels, H.-J. Kreowski and G. Rozenberg, editors, Handbook of Graph Grammars and Computing by Graph Transformation, vol. 2: Applications, Languages and Tools, World Scientific, Singapore, 1999 .

[17] Formisano, A. and E. G. Omodeo, An equational re-engineering of set theories, in: R. Caferra and G. Salzer, editors, Automated Deduction in Classical and Non-Classical Logics, LNCS 1761 (LNAI) (2000), pp. 175-190.

[18] Formisano, A., E. G. Omodeo and M. Temperini, Goals and benchmarks for automated map reasoning, Journal of Symbolic Computation 29 (2000), special issue. M.-P. Bonacina and U. Furbach, editors.

[19] Formisano, A. and M. Simeoni, Graphs and maps: rewriting techniques at work, Tech. Rep. TU-Berlin 2001-01, Technische Universitat Berlin, (2001).

[20] Gardner, M., "Logic machines and diagrams," The Harvester Press, 1982, 2nd edition edition.

[21] Givant, S., Tarski's Development of Logic and Mathematics based on the Calculus of Relations, in H. Andreka, J. D. Monk, and I. Nemeti editors, Algebraic Logic, Colloquia Mathematica Societatis Janos Bolyai, vol. 54, pp. 189-216, North Holland, 1991.

[22] Godel, K., "The Consistency of the Axiom of Choice and of the Generalized Continuum-Hypothesis with the Axioms of Set Theory," Princeton University Press, Princeton, New Jersey, 1940.

[23] Gutierrez, C., "The arithmetic and geometry of allegories," Ph.D. thesis, Wesleyan University, Middletown, CT (1999).

[24] Hammer, E. M., Peirce's Logic (1999), in: E. N. Zalta, C. Allen, and U. Nodelman, editors, Stanford Encyclopedia of Philosophy, Stanford University, World Wide Web URL: http://plato.stanford.edu/.

[25] Hattensperger, C., R. Berghammer and G. Schmidt, RALF - A relation-algebraic formula manipulation system and proof checker. Notes to a system demonstration, in: M. Nivat, C. Rattray, T. Rus and G. Scollo, editors, AMAST '93, Workshops in Computing (1994), pp. 405-406.

[26] Houser, N., D. D. Roberts and J. V. Evra, editors, "Studies in the Logic of Charles Sanders Peirce," Indiana University Press, 1997.

[27] Jacobson, N., "Lectures in abstract algebra: I. basic concepts," The University series in Higher Mathematics, Van Nostrand, 1951.

[28] Jonsson, B., Varieties of relation algebras, Algebra Universalis 15 (1982), pp. 273-298.

[29] Kahl, W., Algebraic graph derivations for graphical calculi, in: F. d'Amore, P. G. Franciosa and A. Marchetti-Spaccamela, editors, Graph Theoretic Concepts in Computer Science, WG '96, LNCS 1197 (1997), pp. 224-238.

[30] Kahl, W., ReJational matching for graphical calculi of relations, Information Sciences 119 (1999), pp. 253-273.

[31] Korf, R. E., Depth-first iterative-deepening: An optimal admissible tree search, Artificial Intelligence 27 (1985), pp. 97-109.

[32] Krivine, J.-L., "Introduction to axiomatic set theory," Reidel, Dordrecht. Holland, 1971.

[33] Kwatinetz, M. K., "Problems of expressibility in finite languages," Ph.D. thesis, University of California, Berkeley (1981).

[34] Lowe, M., Algebraic approach to single-pushout graph transformation, Theoretical Computer Science 109 (1993), pp. 181-224.

[35] Maddux, R. D., The origin of relation algebras in the development and axiomatization of the calculus of relations, Studia Logica 50 (1991), pp. 421-455.

[36] Maddux, R. D., Relation-algebraic semantics, Theoretical Computer Science 160 (1996), pp. 1-85.

[37] Rozenberg, G., editor, "Handbook of Graph Grammars and Computing by Graph Transformation. vol. I: Foundations," World Scientific, 1997.

[38] Schmidt, G. and T. Ströhlein, "Relations and graphs," Monographs on Theoretical Computer Science, Springer-Verlag, Berlin, 1993.

[39] Schröder, E., "Vorlesungen öber die Algebra der Logik (exakte Logik), vol.1-3" B. Teubner, Leipzig, 1891-95, [Reprinted by Chelsea Publishing Co., New York, 1966.].

[40] Shepherdson, J. C., Negation as failure: A comparison of Clark's completed data base and Reiter's closed world assumption, Journal of Logic Programming 1 (1984), pp. 51-79.

[41] Tarski, A. and S. Givant, "A formalization of Set Theory without variables," Colloquium Publications 41, American Mathematical Society, 1987.

[42] Ullman, J. D., "Database and Knowledge-base Systems, vol.1," Principles of Computer Science 49, Computer Science Press, Stanford University, 1988.