A PSpace-algorithm for ALCQI-satisfiability

The description logic ALCQI extends the 'standard' description logic ALC by qualifying number restrictions and converse roles. We show that concept satisfiability for this DL is still decidable in polynomial space. The presented algorithm combines techniques from [Tob99] to deal with qualifying number restrictions and from [HST99] to deal with converse roles.

1 The Description Logic ALCQI Qualifying number restrictions HB91] are a common generalisation of both role-quanti cation and standard number restrictions that are present in almost all implementations of DL systems.They provide an expressive means to describe objects by the number of other objects they are related to and are necessary for reasoning with semantic data models CLN94].In Tob99] we have shown that|at least for ALC|number restrictions can be replaced by qualifying number restrictions without increasing the (worst-case) complexity of the satis ability problem.In this section we extend this result to converse roles.
De nition 1 (The DL ALCQI) Let N C be a set of atomic concepts and N R a set of atomic roles.The set of ALCQI-roles N R is N R fR j R 2 N R g. Concepts in ALCQI are built inductively using the following rules: 1. every A 2 N C is an ALCQI-concept, and 2. if C; D 1 ; D 2 are ALCQI-concepts, n 2 N and R 2 N R then :C, D 1 u D 2 , D 1 t D 2 , (> n R C), and (6 n R C) are ALCQI-concepts.For an interpretation I = ( I ; I ), we extend the usual semantics of ALCconcepts to qualifying number restrictions as follows: (> n R C) I := fx 2 I j ]fy j (x; y) 2 R I ; y 2 C I g > ng; (6 n R C) I := fx 2 I j ]fy j (x; y) 2 R I ; y 2 C I g 6 ng; where ] denotes the cardinality of a set.For converse roles we de ne (R ) I := f(y; x) j (x; y) 2 R I g.With ALCQ we denote the fragment of ALCQ which does not contain converse roles.With Sat(ALCQ) and Sat(ALCQI) we denote the set of all satis able ALCQ-, resp., ALCQI-concepts.
In order to avoid considering roles such as R , we de ne a function Inv that returns the inverse of a role by setting

Reasoning for ALCQI
In HB91] a tableaux algorithm is presented that decides Sat(ALCQ) in polynomial space, provided that unary coding of numbers in the input is assumed when calculating the size of the input.In dHR95] it is conjectured that binary coding of numbers would make Sat(ALCQ) ExpTime-complete.Why does the coding of numbers seem to be of such an importance for the problem?The answer lies in the nature of the tableaux algorithms for ALCQ: They decide the satis ability of a concept C by trying to explicitly construct a model for it.For a concept of the form (> n R C), the algorithm in HB91] generates n individuals, and the correctness of the algorithms relies on that fact that they are kept in memory simultaneously.Assuming unary coding of numbers in the input, this is admissible because the number n will consume n bits in the input and hence the amount of memory needed for the n successors is polynomial in the size of the input.This changes if we assume binary coding of numbers: The number n consumes only log 2 n bits in the input, making the amount of memory needed for n successors potentially exponential in the size of the input.
In Tob99] we give an algorithm derived from the one presented in HB91] that is capable of deciding Sat(ALCQ) in PSpace, even if binary coding of numbers in the input is allowed.While still generating n successors for a concept (> n R C), non-deterministic guessing of an assignment of relevant constraints to newly generated nodes is used to be able to generate these one after another re-using space.This exactly determines the complexity of Sat(ALCQ) as PSpace-complete.This rather surprising result shows that augmenting ALC with qualifying number restrictions does not increase the (worst-case) complexity of the satis ability problem.
In this paper we present an extension of the algorithm in Tob99] that can additionally deal with converse roles and runs in polynomial space.This yields that also Sat(ALCQI) is PSpace-complete.The \reset-restart" technique, which is used to deal with concepts moving upwards in the completion tree, has already been used in HST99] to deal with converse roles.
De nition 2 An ALCQI-concept C is in negation normal form (NNF) if negation occurs only in front of atomic concepts; we denote the NNF of :C by C. For a concept C in NNF we de ne clos(C) to be the smallest set of ALCQI-concepts that contains C and is closed under sub-concepts and .
A completion tree for an ALCQI-concept D is a tree where each node x of the tree is labelled with a set L(x) clos(D) and each edge hx; yi is labelled with a role name L(hx; yi) = R for a (possibly inverse) role occurring in clos(D).
Given a completion tree, a node y is called an R-successor of a node x i y is a successor of x and L(hx; yi) = R.A node y is called an R-neighbour of x i y is an R-successor of x, or if x is an Inv(R)-successor of y.Predecessors and ancestors are de ned as usual.
A node x in T is said to contain a clash if, for some atomic concept A, fA; :Ag L(x), or for some concept C, role R, and n 2 N, (6 n R C) 2 L(x) while ]R T (x; C) > n, where R T (x; C) := fy j y is R-neighbour of x in T and C 2 L(y)g.
A completion tree is called clash-free i none of its nodes contains a clash; it is called complete i none of the expansion rules in Figure 2 is applicable. u-rule: 2. there is an R-predecessor y of x with fC; Cg \ L(x) = ; then L(y) !L(y) fEg for some E 2 fC; Cg and delete all descendants of y.

>-rule
x is not blocked and no non-generating rule is applicable to x or any of its ancestors, and 2. ]R T (x; C) < n then create a new node y with L(hx; yi) = R and L(y) = B(y) = fC; E 1 ; : : : ; E n g where fD 1 ; : : : D n g = fD j (./ n R D) 2 L(x)g and E i 2 fD i ; D i g.
Figure 1: Tableaux expansion rules for ALCQI For an ALCQI-concept D, the algorithm starts with a completion tree consisting of a single node x with L(x) = fDg.It applies the expansion rules, stopping when a clash occurs, and answers \D is satis able" i the completion rules can be applied in such a way that they yield a complete and clash-free completion tree.

Correctness of the Algorithm
In order to prove the correctness of the algorithm we have to show termination, soundness, and completeness.
Before we prove termination of the algorithm we will establish a bound on the size of a completion tree generated by the tableaux algorithm that will also be used in the complexity analysis.
Lemma 3 Let D be an ALCQI-concept in NNF and T a completion tree that is generated for D by the tableaux algorithm.2. For a node x we de ne `(x) as the maximum depth of nested number restrictions in L(x).Obviously, for the root x 0 of T, `(x 0 ) jDj holds.Also, if y is a successor of x in T, then `(x) > `(y).Hence each path x 1 ; : : : ; x n in T induces a strictly decreasing sequence `(x 1 ) > `(x 2 ) > > `(x k ) of natural numbers.Thus, the longest path in T starts at x 0 and its length is bounded by jDj. 3. Successors in T are only generated by the >-rule.For a node x this rule will generate at most n successors for each (> n R C) 2 L(x).There are at most ]clos(D) such formulae in L(x).Hence the out-degree of x is bounded by ]clos(D) 2 jDj , where 2 jDj is a limit for the biggest number that may appear in D if binary coding is used.
From this we can follow termination of the algorithm.
Lemma 4 (Termination) For any ALCQI-concept D the tableaux algorithm terminates.
Proof.Termination of the algorithm is a consequence of the following facts: Each node is labelled with a subset of the nite set clos(D).Concepts are never removed from the labels of the nodes.
The size of the tree is bounded by Lemma 3. The rules either add concepts to the label of a node or add nodes to the tree.Whenever a node is deleted from the tree the labels of one of its ancestors grows.
Assume that algorithm does not terminate.Due to the mentioned facts this can only be because of an in nite number of deletions of subtrees.Each node can of course only be deleted once, but the successors of a single node may be deleted several times.The root of the completion tree cannot be deleted because it has no predecessor.Hence there are nodes which are never deleted.Choose one of these nodes x with maximum distance from the root, i.e., which has a maximum number of predecessors.Suppose that x's successors are deleted only nitely many times.This cannot be the case because, after the last deletion of x's successors, the \new" successors were never deleted and thus x would not have maximum distance from the root.Hence x triggers the deletion of its successors in nitely many times.However, the choose-rule is the only rules that leads to a deletion, and it simultaneously leads to an increase of L(x), namely by the missing concept which caused the deletion of x's successors.Since we never remove any concepts from the labels, this implies the existence of an in nitely increasing chain of subsets of clos(D), which is clearly impossible.
Lemma 5 (Soundness) If the expansion rules can be applied to an ALCQIconcept D such that they yield a complete and clash-free completion tree, then D is satis able.
Proof.Let T be such a completion tree for D. A model I = ( I ; I ) for D can be de ned by setting I to be the nodes of T and by de ning: A I = fx j A 2 L(x)g for all concept names A in clos(D) R I = fhx; yi j L(hx; yi) = R or L(hy; xi) = Inv(R)g: Inductively we will show for all x 2 I and all C 2 clos(D) that C 2 L(x) implies x 2 C I .We cannot use induction over the structure of concepts due to the >-rule that adds negated concepts to the tree.Instead we will use the following norm k k of a concept C. The norm kCk for concept in NNF is inductively de ned by: kAk := k:Ak := 0 for A 2 N C kC 1 u C 2 k := kC 1 t C 2 k := 1 + kC 1 k + kC 2 k k(./ n S C)k := 1 + kCk The two base cases of the induction are C = A or C = :A.If A 2 L(x), then by de nition x 2 A I .If :A 2 L(x), then A 6 2 L(x) because T is clash-free and hence x 6 2 A I .For the induction step we have to distinguish several cases: . Hence, by induction, we have x 2 C I 1 and x 2 C I which yields x 2 (C 1 u C 2 ) I .C = C 1 t C 2 .Similar to the previous case.C = (> n R E).For an x with C 2 L(x) we have ]R T (x; E) > n because T is complete.Hence there are n distinct R-neighbours y 1 ; : : : ; y n with E 2 L(y i ) for all i.By induction, we have y i 2 E I and, since, for each R-neighbour y j , hx; y j i 2 R I holds, also x 2 C I .C = (6 n R E).Let x be an individual with C 2 L(x).For any Rneighbour y of x either E 2 L(y) of E 2 L(y).This is guaranteed by the choose-rule (for an R-predecessor of x) and by the >-rule which is suspended until no other rules can applied to x or any predecessor of x together with the reset-restart mechanism that is triggered by concepts \moving upwards" in the tree.
We show that ]R I (x; E) 6 ]R T (x; E): Assume ]R I (x; E) > ]R T (x; E).This implies the existence of some y with hx; yi 2 R I with y 2 E I but E 6 2 L(y).This implies E 2 L(y), which, by induction yields y 2 ( E) I in contradiction to x 2 E I .Since D 2 L(x 0 ) for the root x 0 of T this implies D I 6 = ; and hence I is a model for D.
Lemma 6 (Completeness) Let D be an ALCQI-concept: If D is satisable, then the expansion rules can be applied in such a way that they yield a complete and clash-free completion tree for D.
Proof.Let I = ( I ; I ) be a model for D. We will use this model to guide the application of the non-deterministic completion rules.For this we will incremently de ne a function mapping the nodes in T to elements of I such that at any given stage the following holds: 1: L(x) ) (x) 2 C I 2: if L(hx; yi) = R then h (x); (y)i 2 R I 3: if y; z are two R-neighbours of x then (y) 6 = (z) 9 = ; ( )   Claim: Whenever ( ) holds for a tree T and a function and a rule is applicable to T then it can be applied in a way that maintains ( ).
The u-rule Hence the t-rule can add a concept E 2 fC 1 ; C 2 g to L(x) such that ( ) still holds.
The choose-rule: obviously, either (y) 2 E I or (y) 6 2 E I for any node y of the tree.Since ( E) I = I n E I the rule can always be applied in a way that maintains ( ).Deletion of nodes does not violate ( ) The >-rule: if (> n R C) 2 L(x), then (x) 2 (> n R C) I .This implies ]S I ( (x); C) > n.We claim that there is an element t 2 I such that h (x); ti 2 R I ; t 2 C I ; and t 6 2 f (y) j y is an R-neighbour of x g ( ) We will come back to this claim later.Let D 1 ; : : : ; D n be an enumeration of the set fD j (./ n R D) 2 L(x)g.The >-rule can add a new node y with L(hx; yi) = R and L(y) = fCg fD i j t 2 D I i g f D i j t 6 2 D I i g.If we set 0 := y 7 !t], then the modi ed tree together with 0 satis es ( ).Why does there exists an element t that satis es ( )?It is obvious that there exists an element t with h (x); ti 2 R I and t 2 C I such that t 6 2 f (y) j y is an R-neighbour of x and C 2 L(y)g because ]R T ( (x); C) n > ]R T (x; C).
Assume t appears as an image of an R-neighbour y of x with C 6 2 L(y).This implies C 2 L(y) as follows: Either y is an R-predecessor of x, then in order for the >-rule to be applicable, no non-generating rules and especially the choose-rule is not applicable to x and its ancestor which implies fC; Cg \ L(y) 6 = ;.If y is an R-successor of x then it must have been generated by an application of the >-rule to x.In order for this rule to be applicable no non-generating rule may have been applicable to x or any of its ancestors.This implies that at the time of the generation of y already (> n R C) 2 L(x) held and hence the >-rule ensures fC; Cg \ L(y) 6 = ;.In any case C 2 L(y) holds and together with ( ) this implies t 6 2 C I which contradicts t 2 C I .Hence C 2 L(y) must hold which is a contradiction to the assumption C 6 2 L(y) and thus there must be an element that satis es ( ).
This concludes the proof of the claim.The claim yields the lemma as follows: Obviously, ( ) holds for the initial tree with only a single node x 0 if we set (x 0 ) := s 0 for an element s 0 2 D I (such an element must exist because I is a model for D).The claim yields that whenenver a rule is applicable then it can be applied in a manner that maintains ( ).Lemma 4 yields that each sequence of rule applications must terminate, and also each tree for which ( ) holds is necessarily clash-free.It cannot contain a clash of the form fA; :Ag L(x) because this would imply (x) 2 A I and (x) 6 2 A I .It can neither contain a clash of the form (6 n R C) 2 L(x) and ]R T (x; C) > n because is an injective function on the set of all R-neighbours of y and hence ]R T (x; C) > n implies ]R I (x; C) > n and which cannot be the case since (x) 2 (6 n R C) I .Summing up, from Lemmas 4, 5, and 6 we get the following: Theorem 7 The tableaux algorithm is a non-deterministic decision procedure for ALCQI-satis ability.

Complexity of ALCQI
What remains to show is that the algorithm can be implemented to run in polynomial space.This is stated in the following lemma.
Due to Savitch's theorem Sav70] that states that PSpace coincides with NPSpace we don't have to deal with the non-determinism in the rules.Nevertheless, models for a ALCQI-concept may be required to have exponential size so we have to develop a method that facilitates re-use of space while generating the completion tree.
Lemma 8 The tableaux algorithm can be implemented in PSpace.Proof.Let D be the ALCQI-concept to be tested for satis ability.We can assume D to be in NNF because the transformation of a formula to NNF can be performed in linear time and space.
The key idea for a PSpace implementation is the trace technique SSS91], i.e., it is su cient to keep only a single path (a trace) of T in memory at a given stage if the completion tree is generated in a depth-rst manner.This has already been the key to a PSpace upper bound for the propositional modal logic K m and ALC in Lad77, SSS91, HM92].To do this we need to store the values for ]R T (x; C) for each node x in the path, each R which appears in clos(D) and each C 2 clos(D).By storing these values in binary form, we are able to keep information about exponentially many successors in memory while storing only a single path at any stage.
Consider the algorithm in Fig. 2, where R D denotes the set of role names that appear in clos(D) together with their inverses.It re-uses the space needed to check the satis ability of a successor y of x once the existence of a complete and clash-free \subtree" for the constraints on y has been established.This is admissible since the tableaux rules can delete but will never modify this subtree once is it completed.This deletion is necessary because the choose-rule pushes concepts upwards in the tree which might have an in uence of the subtrees of the e ected node.Since these have already been discarded from memory they have to be regenerated.Constraints in a subtree have no in uence on the completeness or the existence of a clash in the rest of the tree, with the exception that a concept ALCQI SAT(D) := sat(x 0 ; x 0 7 !fDg]) sat(x; L): allocate counters ]R T (x; C) for all R 2 R D and C 2 clos(D).restart: for each counter ]R T (x; C): if x has a predecessor y and L(hy; xi) = Inv(R) and C 2 L(y) then ]R T (x; C) := 1 else ]R T (x; C) := 0 while (the uor the t-rule can be applied at x) and (T is clash-free) do apply the uor the t-rule to x. od if T contains a clash then return \not satis able".if the choose-rule is applicable to x for (./ n R C) 2 L(x) then return \restart with C" while (the >-rule applies to a concept (> n R C) 2 L(x)) do C new := fC; E 1 ; : : : ; E k g where fD 1 ; : : : ; D k g = fD j (./ m R D) 2 L(x), and E i is chosen non-deterministically from fD i ; D i g for each D 2 C new do increase ]R T (x; D) if (6 m R D) 2 L(x) and ]R T (x; D) > m then return \not satis able".result := sat(y; L y 7 !C new ; hx; yi 7 !R]) where y is a fresh node if result = \not satis able" then return \not satis able" if result = \restart with D" then L(x) := L(x) fEg where E is chose non-deterministically from fD; Dg goto restart od remove the counters for x from memory.return \satis able" Figure 2: A NPSpace decision procedure for ALCQI-satis ability.
1. ]clos(D) = O(jDj).2. The length of a path in T is limited by jDj. 3. The out-degree of T is limited by ]clos(D) 2 jDj .Proof. 1.The rst part of this Lemma can easily be proved by observing that for a concept D in NNF clos(D) = sub(D) f C j C 2 sub(D)g holds, where sub(D) denotes the set of all sub-concepts of D. Obviously, ]sub(D) jDj and hence ]clos(D) O(jDj).