(* Goal verification framework - Mental States *) \ \This theory introduces mental states and mental state formulas. The syntax and semantics of mental state formulas is defined. A proof system for mental state formulas is proved sound.\ theory Gvf_Mental_States imports Gvf_PL begin section \Properties of mental states\ \ \We set up a type for mental states.\ type_synonym mental_state = \(\\<^sub>L set \ \\<^sub>L set)\ \ \A mental state is a tuple of sets of propositional logic formulas.\ \ \The definition filters those elements that are 'tuples of sets of propositional logic formulas'. Not all elements of this type are in fact mental states: a number of restrictions apply.\ definition is_mental_state :: \mental_state \ bool\ (\\\) where \\ M \ let (\, \) = M in \ \Pattern matching to have variables for belief and goal base.\ \ \ \\<^sub>L \\<^sub>L \ \\ is consistent.\ \ (\\\\. \ \for all goals \ \ \:\ \ \ \\<^sub>L \ \ \(i) \ is not entailed by the agent's beliefs,\ \ \ {} \\<^sub>L \<^bold>\ \)\ \ \(ii) \ is consistent.\ \ \Note that the subgoal property for goals is missing. It will be defined in the semantics.\ \ \If \' is weaker than a consistent formula \, it must itself be consistent.\ lemma \\ {} \\<^sub>L \<^bold>\ \ \ {} \\<^sub>L \ \<^bold>\ \' \ \ {} \\<^sub>L \<^bold>\ \'\ by force \ \Every member (of the goal set) must be weaker than \, but not weaker than any belief \.\ lemma \\ (\, \) \ (\\\\. {} \\<^sub>L \\<^sub>L \<^bold>\ \ \ \ (\\\\. {} \\<^sub>L \ \<^bold>\ \))\ unfolding is_mental_state_def by fastforce section \Syntax of mental state formulas\ \ \Atoms are now the special belief and goal modalities.\ datatype Atoms\<^sub>M = Bl \\<^sub>L | Gl \\<^sub>L \ \We now use a more complex type for atoms compared to simply natural numbers. Bl and Gl are the constructors taking a propositional logic formula as input. We will introduce a nicer syntax below that hides the nested constructors.\ \ \We set up a type for mental state formulas.\ type_synonym \\<^sub>M = \Atoms\<^sub>M \\<^sub>P\ \ \We instantiate the general logic parsing the type for atoms.\ \ \We introduce syntax translations that hide the nesting in the notation.\ syntax "_G" :: \\\<^sub>L \ \\<^sub>M\ (\G _\ 55) "_B" :: \\\<^sub>L \ \\<^sub>M\ (\B _\ 55) translations "G \" \ "(Gvf_Logic.Atom (Atoms\<^sub>M.Gl \))" "B \" \ "(Gvf_Logic.Atom (Atoms\<^sub>M.Bl \))" \ \Again truth and falsity are defined for this instance of the logic from a simple tautology.\ abbreviation Truth\<^sub>M :: \\\<^sub>M\ (\\\<^sub>M\) where \\\<^sub>M \ \<^bold>\ (B (Atom 0)) \<^bold>\ (B (Atom 0))\ abbreviation Falsity\<^sub>L :: \\\<^sub>M\ (\\\<^sub>M\) where \\\<^sub>M \ \<^bold>\ \\<^sub>M\ section \Semantics\ \ \Semantics of atoms for mental state formulas is derived given a mental state.\ fun semantics\<^sub>M' :: \mental_state \ Atoms\<^sub>M \ bool\ where \ \Does the belief base entail \?\ \semantics\<^sub>M' (\, _) (Bl \) = (\ \\<^sub>L \)\ | \ \Is \ not entailed by the belief base and a (sub)goal?\ \semantics\<^sub>M' (\, \) (Gl \) = (\ \ \\<^sub>L \ \ (\\\\. {} \\<^sub>L \ \<^bold>\ \))\ \ \Semantics of formulas.\ abbreviation semantics\<^sub>M :: \mental_state \ \\<^sub>M \ bool\ (infix \\\<^sub>M\ 50) where \M \\<^sub>M \ \ semantics\<^sub>P (semantics\<^sub>M' M) \\ \ \The semantics for atoms, given a mental state, matches the type for an interpretation. The curried function is parsed on to the general semantics as an interpretation which allows reuse of the existing definition.\ \ \Examples.\ lemma \({ \ }, {}) \\<^sub>M B \\ by simp lemma \({ Atom 0 }, { Atom 2 }) \\<^sub>M G (Atom 1 \<^bold>\ Atom 2)\ (is \({ ?R }, { ?Q }) \\<^sub>M G (?P \<^bold>\ ?Q)\) proof - have \?R \ ?Q\ by simp have \\ { ?R } \\<^sub>P ?P \<^bold>\ ?Q\ proof assume \{ ?R } \\<^sub>P ?P \<^bold>\ ?Q\ then have \\f. semantics\<^sub>P f ?R \ semantics\<^sub>P f (?P \<^bold>\ ?Q)\ by auto moreover have \\f. \ (semantics\<^sub>P f ?R \ semantics\<^sub>P f (?P \<^bold>\ ?Q))\ proof let ?f = \(\_. True)((0::nat) := True, 1 := True, 2 := False)\ show \\ (semantics\<^sub>P ?f ?R \ semantics\<^sub>P ?f (?P \<^bold>\ ?Q))\ by simp qed ultimately show False by auto qed then have \\ { Atom 0 } \\<^sub>L (Atom 1 \<^bold>\ Atom 2)\ by simp moreover have \{} \\<^sub>L Atom 2 \<^bold>\ (Atom 1 \<^bold>\ Atom 2)\ by simp then have \\\\{ Atom 2 }. {} \\<^sub>L \ \<^bold>\ (Atom 1 \<^bold>\ Atom 2)\ by simp ultimately show ?thesis by simp qed section \Various proofs\ \ \An agent cannot have a goal to achieve a tautology.\ lemma \\ M \ \ M \\<^sub>M G \\<^sub>L\ unfolding is_mental_state_def by auto \ \An agent does not have inconsistent beliefs/goals.\ lemma not_modal_False: \\ M \ M \\<^sub>M \<^bold>\ (B \\<^sub>L)\ \\ M \ M \\<^sub>M \<^bold>\ (G \\<^sub>L)\ unfolding is_mental_state_def by fastforce+ \ \Properties of the goal modality.\ lemma G_properties: shows \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \ \<^bold>\ \) \<^bold>\ (G \) \<^bold>\ (G \))\ and \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \ \<^bold>\ (\ \<^bold>\ \)) \<^bold>\ (G \))\ and \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \) \<^bold>\ (G \) \<^bold>\ (G \ \<^bold>\ \))\ and \{} \\<^sub>L \ \<^bold>\ \ \ \ (\, \) \ (\, \) \\<^sub>M (G \) \<^bold>\ (G \)\ proof - let ?\ = \Atom 0\ and ?\ = \Atom 1\ show \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G (\ \<^bold>\ \)) \<^bold>\ (G \) \<^bold>\ (G \))\ proof assume *: \\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \ \<^bold>\ \) \<^bold>\ (G \) \<^bold>\ (G \)\ \ \Counter example.\ let ?\ = \{}\ and ?\ = \{ ?\ \<^bold>\ ?\, ?\ }\ have \\ (?\, ?\) \\<^sub>M (G ?\ \<^bold>\ ?\) \<^bold>\ (G ?\) \<^bold>\ (G ?\)\ by auto moreover have \\ (?\, ?\)\ unfolding is_mental_state_def by auto ultimately show False using * by blast qed show \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \ \<^bold>\ (\ \<^bold>\ \)) \<^bold>\ (G \))\ proof assume *: \\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \ \<^bold>\ (\ \<^bold>\ \)) \<^bold>\ (G \)\ \ \Counter example.\ let ?\ = \{ ?\ }\ and ?\ = \{ ?\ \<^bold>\ (?\ \<^bold>\ ?\) }\ have \\ (?\, ?\) \\<^sub>M (G ?\ \<^bold>\ (?\ \<^bold>\ ?\)) \<^bold>\ (G ?\)\ by auto moreover have \\ (?\, ?\)\ unfolding is_mental_state_def by auto ultimately show False using * by blast qed show \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \) \<^bold>\ (G \) \<^bold>\ (G \ \<^bold>\ \))\ proof assume *: \\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \) \<^bold>\ (G \) \<^bold>\ (G \ \<^bold>\ \)\ \ \Counter example.\ let ?\ = \{}\ and ?\ = \{ ?\, ?\ }\ have \\ (?\, ?\) \\<^sub>M (G ?\) \<^bold>\ (G ?\) \<^bold>\ (G ?\ \<^bold>\ ?\)\ by auto moreover have \\ (?\, ?\)\ unfolding is_mental_state_def by auto ultimately show False using * by blast qed show \{} \\<^sub>L \ \<^bold>\ \ \ \ (\, \) \ (\, \) \\<^sub>M (G \) \<^bold>\ (G \)\ by simp qed section \Provability\ \ \A proof system for mental state formulas.\ inductive derive\<^sub>M :: \\\<^sub>M \ bool\ (\\\<^sub>M _\ 40) where \ \Derive classical tautologies.\ R1: \\\<^sub>P \ \ \\<^sub>M \\ | \ \Properties of beliefs.\ R2: \\\<^sub>P \ \ \\<^sub>M (B \)\ | A1: \\\<^sub>M ((B \ \<^bold>\ \) \<^bold>\ (B \) \<^bold>\ (B \))\ | A2: \\\<^sub>M (\<^bold>\ (B \\<^sub>L))\ | \ \Properties of goals.\ A3: \\\<^sub>M (\<^bold>\ (G \\<^sub>L))\ | A4: \\\<^sub>M ((B \) \<^bold>\ (\<^bold>\ (G \)))\ | A5: \\\<^sub>P (\ \<^bold>\ \) \ \\<^sub>M ((\<^bold>\ (B \)) \<^bold>\ (G \) \<^bold>\ (G \))\ \ \The original definition uses semantic arguments in e.g. A5. Since we have soundness, but not completeness (yet), it may be an idea to switch back. Initially I preferred to keep semantics arguments out of the proof system.\ \ \Example.\ lemma \\\<^sub>M (B \) \<^bold>\ (\<^bold>\ (B \))\ (is \\\<^sub>M ?P \<^bold>\ \<^bold>\ ?P\) proof from R_Or have \\\<^sub>P ?P \<^bold>\ \<^bold>\ ?P\ if \{#} \\<^sub>P# {#} + {# ?P, \<^bold>\ ?P #}\ using that by auto with R_Neg have \\\<^sub>P ?P \<^bold>\ \<^bold>\ ?P\ if \{# ?P #} \\<^sub>P# {# ?P #}\ using that by (metis add_mset_add_single empty_neutral(1) union_commute) (* Multiset is giving some problems with single stepping it seems... *) with Axiom show \\\<^sub>P ?P \<^bold>\ \<^bold>\ ?P\ by auto qed section \Soundness\ \ \For the soundness theorem we assume the mental state properties for M.\ theorem soundness\<^sub>M: assumes \\ M\ shows \\\<^sub>M \ \ M \\<^sub>M \\ proof (induct rule: derive\<^sub>M.induct) case (R1 \) with soundness\<^sub>P show ?case by fastforce next case (R2 \) with soundness\<^sub>P show ?case by (cases M) fastforce next case (A1 \ \) then show ?case by (cases M) auto next case A2 from not_modal_False(1) show ?case using \\ M\ .. next case A3 from not_modal_False(2) show ?case using \\ M\ .. next case (A4 \) with \\ M\ show ?case unfolding is_mental_state_def by auto next case (A5 \ \) with soundness\<^sub>P have \{} \\<^sub>L \ \<^bold>\ \\ by fastforce show ?case proof - have \M \\<^sub>M \<^bold>\ (B \) \ M \\<^sub>M (G \) \ M \\<^sub>M G \\ proof (cases M) case (Pair \ \) have \(\, \) \\<^sub>M \<^bold>\ (B \) \ (\, \) \\<^sub>M (G \) \ (\, \) \\<^sub>M G \\ proof assume \(\, \) \\<^sub>M \<^bold>\ (B \)\ then have \\\ \\<^sub>L \\ by simp show \(\, \) \\<^sub>M (G \) \ (\, \) \\<^sub>M G \\ proof assume \(\, \) \\<^sub>M G \\ then have \\\\ \ \\ \\<^sub>L \ \ (\\\\. {} \\<^sub>L \ \<^bold>\ \)\ by simp then show \(\, \) \\<^sub>M G \\ proof assume \\ \ \\ with \{} \\<^sub>L \ \<^bold>\ \\ have \(\\\\. {} \\<^sub>L \ \<^bold>\ \)\ by auto with \\\ \\<^sub>L \\ show ?thesis by simp next assume \\ \ \\<^sub>L \ \ (\\\\. {} \\<^sub>L \ \<^bold>\ \)\ then have \\ \ \\<^sub>L \\ \(\\\\. {} \\<^sub>L \ \<^bold>\ \)\ by simp+ from \(\\\\. {} \\<^sub>L \ \<^bold>\ \)\ have \(\\\\. {} \\<^sub>L \ \<^bold>\ \)\ using \{} \\<^sub>L \ \<^bold>\ \\ by auto with \\ \ \\<^sub>L \\ show ?thesis by simp qed qed qed with \M = (\, \) \ show ?thesis by simp qed then show ?thesis by simp qed qed end