Axiom Pinpointing in General Tableaux

,


Introduction
Description logics (DLs) [2] are a successful family of logic-based knowledge representation formalisms, which can be used to represent the concep-tual knowledge of an application domain in a structured and formally wellunderstood way.They are employed in various application domains, such as natural language processing, configuration, databases, and bio-medical ontologies, but their most notable success so far is the adoption of the DL-based language OWL [12] as standard ontology language for the semantic web.As a consequence of this standardization, several ontology editors support OWL [14,17,13], and ontologies written in OWL are employed in more and more applications.As the size of such ontologies grows, tools that support improving the quality of large DL-based ontologies become more important.Standard DL reasoners [11,9,23] employ tableau-based algorithms [5], which can be used to detect inconsistencies and to infer other implicit consequences, such as subsumption relationships between concepts or instance relationships between individuals and concepts.
For a developer or user of a DL-based ontology, it is often quite hard to understand why a certain consequence holds, 1 and even harder to decide how to change the ontology in case the consequence is unwanted.For example, in the current version of the medical ontology SNOMED [24], the concept Amputation-of-Finger is classified as a subconcept of Amputationof-Arm.Finding the axioms that are responsible for this among the more than 350,000 terminological axioms of SNOMED without support by an automated reasoning tool is not easy.
As a first step towards providing such support, Schlobach and Cornet [21] describe an algorithm for computing all the minimal subsets of a given knowledge base that have a given consequence.To be more precise, the knowledge bases considered in [21] are so-called unfoldable ALC-terminologies, and the unwanted consequences are the unsatisfiability of concepts.The algorithm is an extension of the known tableau-based satisfiability algorithm for ALC [22], where labels keep track of which axioms are responsible for an assertion to be generated during the run of the algorithm.The authors also coin the name "axiom pinpointing" for the task of computing these minimal subsets.Following Reiter's approach for model-based diagnosis [19], Schlobach [20] uses the minimal subsets that have a given consequence together with the computation of Hitting Sets to compute maximal subsets of a given knowledge base that do not have a given (unwanted) consequence. 2Whereas the minimal subsets that have the consequence help the user to comprehend why a certain consequence holds, the maximal subsets that do not have the consequence suggest how to change the knowledge base in a minimal way to get rid of a certain unwanted consequence.
The problem of computing minimal (maximal) subsets of a DL knowledge base that have (do not have) a given consequence was actually considered earlier in the context of extending DLs by default rules.In [4], Baader and Hollunder solve this problem by introducing a labeled extension of the tableau-based consistency algorithm for ALC-ABoxes [10], which is very similar to the one described later in [21].The main difference is that the algorithm described in [4] does not directly compute minimal subsets that have a consequence, but rather a monotone Boolean formula, called clash formula in [4], whose variables correspond to the axioms of the knowledge bases and whose minimal satisfying (maximal unsatisfying) valuations correspond to the minimal (maximal) subsets that have (do not have) a given consequence.
The approach of Schlobach and Cornet [21] was extended by Parsia et al. [18] to more expressive DLs, and the one of Baader and Hollunder [4] was extended by Meyer et al. [16] to the case of ALC-terminologies with general concept inclusions (GCIs), which are no longer unfoldable.The choice of the DL ALC in [4] and [21] was meant to be prototypical, i.e., in both cases the authors assumed that their approach could be easily extended to other DLs and tableau-based algorithms for them.However, the algorithms and proofs are given for ALC only, and it is not clear to which of the known tableau-based algorithms the approaches really generalize.For example, the pinpointing extension described in [16] follows the approach introduced in [4], but since GCIs require the introduction of so-called blocking conditions into the tableau-based algorithm to ensure termination, there are some new problems to be solved.
Thus, one can ask to which DLs and tableau-based algorithms the approaches described in [4,21] apply basically without significant changes, and with no need for a new proof of correctness.This paper is a first step towards answering this question.We develop a general approach for extending a tableau-based algorithm to a pinpointing algorithm, which is based on the the ideas underlying the pinpointing algorithm described in [4].To this purpose, we define a general notion of "tableaux algorithm," which captures many of the known tableau-based algorithms for DLs and Modal Logics, 3 but also other kinds of decision procedures, like the polynomial-time subsumption algorithm for the DL EL [1].This notion is simpler than the tableau systems introduced in [3] in the context of translating tableaux into tree automata, and it is not restricted to tableau-based algorithms that generate tree-like structures.
Axiom pinpointing has also been considered in other research area, though usually not under this name.For example, in the SAT community, people have considered the problem of computing maximally satisfiable and minimally unsatisfiable subsets of a set of propositional formulae.The approaches for computing these sets developed there include special purpose algorithms that call a SAT solver as a black box [15,6], but also algorithms that extend a resolution-based SAT solver directly [7,25].To the best of our knowledge, extensions of tableau-based algorithms have not been considered in this context, and there are no general schemes for extending resolution-based solvers.
In the next section, we define the notions of minimal (maximal) sets having (not having) a given consequence in a general setting, and show some interesting connections between these two notions.In Section 3 we introduce our general notion of a tableaux, and in Section 4 we show how to obtain pinpointing extension of such tableaux.

Basic definitions
Before we can define our general notion of a tableaux algorithm, we need to define the general form of inputs to which these algorithms are applied, and the decision problems they are supposed to solve.
Definition 1 (Axiomatized input, c-property) Let I be a set, called the set of inputs, and T be a set, called the set of axioms.An axiomatized input over these sets is of the form (I, T ) where I ∈ I and T ∈ P f in (T) is a finite subset of T. A consequence property (c-property) is a set P ⊆ I × P f in (T) such that (I, T ) ∈ P implies (I, T ′ ) ∈ P for every T ′ ⊇ T .
Intuitively, c-properties on axiomatized inputs are supposed to model consequence relations in logic, i.e., the c-property P holds if the input I "follows" from the axioms in T .The monotonicity requirement on c-properties corresponds to the fact that we want to restrict the attention to consequence relations induced by monotonic logics.In fact, for nonmonotonic logics, looking at minimal sets of axioms that have a given consequence does not make much sense.
To illustrate Definition 1, assume that I is a countably infinite set of propositional variables, and that T consists of all Horn clauses over these variables, i.e., implications of the form p 1 ∧ . . .∧ p n → q for n ≥ 0 and p 1 , . . ., p n , q ∈ I. Then the following is a c-property according to the above definition: P := {(p, T ) | T |= p}, where T |= q means that all valuations satisfying all implications in T also satisfy q.As as concrete example, consider Γ := (p, T ) where T consists of the following implications: It is easy to see that Γ ∈ P. Note that Definition 1 also captures the following variation of the above example, where I ′ consist of tuples (p, T 1 ) ∈ I×P f in (T) and the c-property is defined as For example, if we take the axiomatized input Γ ′ := ((p, {ax 3 , ax 4 }), {ax Note that the notions of MinA and MaNA are only interesting in the case where Γ ∈ P. In fact, otherwise the monotonicity property satisfied by P implies that MIN P(Γ) = ∅ and MAX P(Γ) = {T }.In the above example, where we have Γ ∈ P, it is easy to see that MIN P(Γ) = {{ax 1 , ax 2 , ax 4 }, {ax 2 , ax 3 , ax 4 }}.In the variant of the example where only subsets of the facts {ax 1 , ax 2 } can be taken, we have MIN P ′ (Γ ′ ) = {{ax 2 }}.
The set MAX P(Γ) can be obtained from MIN P(Γ) by computing the minimal hitting sets of MIN P(Γ) , and then complementing these sets [21,15].A set S ⊆ T is a minimal hitting set of MIN P(Γ) if it has a nonempty intersection with every element of MIN P(Γ) , and no strict subset of S has this property.In our example, the minimal hitting sets of MIN P(Γ) are {ax 1 , ax 3 }, {ax 2 }, {ax 4 }, and thus MAX P(Γ) = {{ax 2 , ax 4 }, {ax 1 , ax 3 , ax 4 }, {ax 1 , ax 2 , ax 3 }}.Intuitively, to get a set of axioms that does not have the consequence, we must remove from T at least one axiom for every MinA, and thus the minimal hitting sets give us the minimal sets to be removed.
The reduction we have just sketched shows that it is enough to design an algorithm for computing all MinA, since the MaNA can then be obtained by a hitting set computation.It should be noted, however, that this reduction is not polynomial: there may be exponentially many hitting sets of a given collection of sets, and even deciding whether such a collection has a hitting set of cardinality ≤ n is an NP-complete problem [8].Also note that there is a similar reduction involving hitting sets for computing the MinA from all MaNA.
Instead of computing MinA or MaNA, one can also compute the pinpointing formula. 4To define the pinpointing formula, we assume that every axiom t ∈ T is labeled with a unique propositional variable, lab(t).Let lab(T ) be the set of all propositional variables labeling an axiom in T .A monotone Boolean formula over lab(T ) is a Boolean formula using (some of) the variables in lab(T ) and only the connectives conjunction and disjunction.As usual, we identify a propositional valuation with the set of propositional variables it makes true.For a valuation V ⊆ lab(T ), let Definition 3 (pinpointing formula) Given a c-property P and an axiomatized input Γ = (I, T ), a monotone Boolean formula φ over lab(T ) is called a pinpointing formula for P and Γ if the following holds for every valuation V ⊆ lab(T ): (I, T V ) ∈ P iff V satisfies φ.
In our example, we can take lab(T ) = {ax 1 , . . ., ax 4 } as set of propositional variables.It is easy to see that (ax 1 ∨ax 3 ) ∧ax 2 ∧ax 4 is a pinpointing formula for P and Γ.
Valuations can be ordered by set inclusion.The following is an immediate consequence of the definition of a pinpointing formula [4].
Lemma 1 Let P be a c-property, Γ = (I, T ) an axiomatized input, and φ a pinpointing formula for P and Γ.Then This shows that it is enough to design an algorithm for computing a pinpointing formula to obtain all MinA and MaNA.However, like the previous reduction from computing MaNA from MinA, the reduction suggested by the lemma is not polynomial.For example, to obtain MIN P(Γ) from φ, one can bring φ into disjunctive normal form and then remove disjuncts implying other disjuncts.It is well-know that this can cause an exponential blowup.Conversely, however, the set MIN P(Γ) can directly be translated into the pinpointing formula In our example, the pinpointing formula obtained from

A general notion of tableaux
Before introducing our general notion of a tableau-based decision procedure, we want to motivate it by first modelling a simple decision procedure for the property P introduced in the Horn clause example from the previous section, and then sketching extensions to the model that are needed to treat more complex tableau-based decision procedures.

Motivating examples
To decide whether (p, T ) ∈ P, we start with the set A := {¬p}, and then use the rule to extend A until it is saturated, i.e., it can no longer be extended with the above rule.It is easy to see that (p, T ) ∈ P (i.e., T |= p) iff this saturated set contains both p and ¬p.For example, for the axioms in (1), one can first add s using ax 2 , then q using ax 3 , and finally p using ax 4 .This yields the saturated set {¬p, p, q, s}.
Abstracting from particularities, we can say that we have an algorithm that works on a set of assertions (in the example, assertion are propositional variables and their negation), and uses rules to extend this set.A rule is of the form (B 0 , S) → B 1 where B 0 , B 1 are finite sets of assertions, and S is a finite set of axioms (in the example, axioms are Horn clauses).Given a set of axioms T and a set of assertions A, this rule is applicable if B 0 ⊆ A, S ⊆ T , and B 1 ⊆ A. Its application then extends A to A ∪ B 1 . 5Our simple Horn clause algorithm always terminates in the sense that any sequence of rule applications is finite (since only right-hand sides of implications in T can be added).After termination, we have a saturated set of assertions, i.e., one to which no rule applies.The algorithm accepts the input (i.e., says that it belongs to P) iff this saturated set contains a clash (in the example, this is the presence of p and ¬p in the saturated set).
The model of a tableau-based decision procedure introduced until now is too simplistic since it does not capture two important phenomena that can be found in tableau algorithms for description and modal logics: nondeterminism and assertions with an internal structure.Regarding non-determinism, assume that instead of Horn clauses we have more general implications of the form p 1 ∧ . . .∧ p n → q 1 ∨ . . .∨ q m in T .Then, if {p 1 , . . ., p n } ⊆ A, we need to choose (don't know non-deterministically) with which of the propositional variables q j to extend A. In our formal model, the right-hand side of a nondeterministic rule consists of a finite set of sets of assertions rather than a single set of assertions, i.e., non-deterministic rules are of the more general form (B 0 , S) → {B 1 , . . ., B m } where B 0 , B 1 , . . ., B m are finite sets of assertions and S is a finite set of axioms.Instead of working on a single set of assertions, the non-deterministic algorithm thus works on a finite set M of sets of assertions.The non-deterministic rule (B 0 , S) → {B 1 , . . ., B m } is applicable to A ∈ M if B 0 ⊆ A and S ⊆ T , and its application replaces A ∈ M by the finitely many sets A ∪ B 1 , . . ., A ∪ B m provided that each of these sets really extends A. For example, if we replace ax 1 and ax 2 in (1) by ax 5 : → p ∨ s, then starting with {{¬p}}, we first get {{¬p, p}, {¬p, s}} using ax 5 , then {{¬p, p}, {¬p, s, q}} using ax 3 , and finally {{¬p, p}, {¬p, s, q, p}} using ax 4 .Since each of these sets contains a clash, the input is accepted.
Regarding the structure of assertions, in general it is not enough to use propositional variables.Tableau-based decision procedures in description and modal logic try to build finite models, and thus assertions must be able to describe the relational structure of such models.For example, assertions in tableau algorithms for description logics [5] are of the form r(a, b) and C(a), where r is a role name, C is a concept description, and a, b are individual names.Again abstracting from particularities, a structured assertion is thus of the form P (a 1 , . . ., a k ) where P is a k-ary predicate and a 1 , . . ., a k are constants.As an example of the kind of rules employed by tableaubased algorithms for description logics, consider the rule treating existential restrictions: The variables x, y in this rule are place-holders for constants, i.e., to apply the rule to a set of assertions, we must first replace the variables by appropriate constants.Note that y occurs only on the right-hand side of the rule.We will call such a variable a fresh variable.Fresh variables must be replaced by new constants, i.e., a constant not occurring in the current set of assertions.For example, let A := {(∃r.C)(a), r(a, b)}.If we apply the substitution σ := {x → a, y → c} that replaces x by a and y by the new constant c, then the above rule is applicable with σ since (∃r.C)(a) ∈ A. Its application yields the set of assertions A ′ = A∪{r(a, c), C(c)}.Of course, we do not want the rule to be still applicable to A ′ .However, to prevent this it is not enough to require that the right-hand side (after applying the substitution) is not contained in the current set of assertions.In fact, this would not prevent us from applying the rule to A ′ with another new constant, say c ′ .For this reason, the applicability condition for rules needs to check whether the assertions obtained from the right-hand side by replacing the fresh variables by existing constants yields assertions that are already contained in the current set of assertions.

The formal definition
In the following, V denotes a countably infinite set of variables, and D a countably infinite set of constants.A signature Σ is a set of predicate symbols, where each predicate P ∈ Σ is equipped with an arity.A Σassertion is of the form P (a 1 , . . ., a n ) where P ∈ Σ is an n-ary predicate and a 1 , . . ., a n ∈ D. Likewise, a Σ-pattern is of the form P (x 1 , . . ., x n ) where P ∈ Σ is an n-ary predicate and x 1 , . . ., x n ∈ V.If the signature is clear from the context, we will often just say pattern (assertion).For a set of assertions A (patterns B), cons(A) (var(B)) denotes the set of constants (variables) occurring in A (B).
A substitution is a mapping σ : V → D, where V is a finite set of variables.If B is a set of patterns such that var(B) ⊆ V , then Bσ denotes the set of assertions obtained from B by replacing each variable by its σ-image.We say that σ : Intuitively, on input (I, T ), we start with the initial set M = (I, T ) S of S-states, and then use the rules in R to modify this set.Each rule application picks an S-state S from M and replaces it by finitely many new S-states S 1 , . . ., S m that extend the first component of S. If M is saturated, i.e., no more rules are applicable to M, then we check whether all the elements of M contain a clash.If yes, then the input is accepted; otherwise, it is rejected.
Definition 5 (rule application, saturated, clash) Given an S-state S = (A, T ), a rule R : (B 0 , S) → {B 1 , . . ., B m }, and a substitution ρ on var(B 0 ), this rule is applicable to S with ρ if (i) S ⊆ T , (ii) B 0 ρ ⊆ A, and (iii) for every i, 1 ≤ i ≤ m, and every substitution ρ ′ on var(B 0 ∪ B i ) extending ρ we have Given a set of S-states M and an S-state S = (A, T ) ∈ M to which the rule R is applicable with substitution ρ, the application of R to S with ρ in M yields the new set where σ is a substitution on the variables occurring in R that extends ρ and maps the fresh variables of R to distinct new constants, i.e., constants not occurring in B 0 .
If M ′ is obtained from M by the application of R, then we write M → R M ′ , or simply M → S M ′ if it is not relevant which of the rules of the tableau S was applied.As usual, the reflexive-transitive closure of → S is denoted by * The S-state S = (A, T ) contains a clash if there is a C ∈ C and a substitution ρ on var(C) such that Cρ ⊆ A, and the set of S-states M is full of clashes if all its elements contain a clash.
We can now define under what conditions a tableau S is correct for a cproperty.
Definition 6 (correctness) Let P be a c-property on axiomatized inputs over I and T, and S a tableau for I and T. Then S is correct for P if the following holds for every axiomatized input Γ = (I, T ) over I and T: 1. S terminates on Γ, i.e., there is no infinite chain of rule applications 2. For every chain of rule applications M 0 → S . . .→ S M n such that M 0 = Γ S and M n is saturated we have Γ ∈ P iff M n is full of clashes.
The simple decision procedure sketched in our Horn clause example is a correct tableau in the sense of this definition.More precisely, it is a tableau with unstructured assertions (i.e., the signature contains only nullary predicate symbols) and deterministic rules.It is easy to see that also the polynomialtime subsumption algorithm for the DL EL and its extensions introduced in [1] can be viewed as a correct deterministic tableau with unstructured assertions.The standard tableau-based decision procedure for concept unsatisfiability in the DL ALC [22] is a correct tableau that uses structured assertions and has a non-deterministic rule.In 2. of Definition 6, we require that the algorithm gives the same answer independent of what terminating chain of rule applications is considered.Thus, the choice of which rule to apply next is don't care non-deterministic in a correct tableau.This is important since a need for backtracking over these choices would render a tableau algorithm completely impractical.However, in our framework this is not really an extra requirement on correct tableaux: it is built into our definition of rules and clashes.
Proposition 1 Let Γ be an axiomatized input and M 0 := Γ S .If M and M ′ are saturated sets of S-states such that This proposition is a special case of Lemma 8 which will proven at the end of this paper.A proof for this particular case would be almost identical to the one given for that lemma.

Pinpointing extensions of general tableaux
Given a correct tableau, we show how it can be extended to an algorithm that computes a pinpointing formula.As shown in Section 2, all minimal axiom sets (maximal non-axiom sets) can be derived from the pinpointing formula φ by computing all minimal (maximal) valuations satisfying (falsifying) φ.Recall that, in the definition of the pinpointing formula, we assume that every axiom t ∈ T is labeled with a unique propositional variable, lab(t).The set of all propositional variables labeling an axiom in T is denoted by lab(T ).In the following, we assume that the symbol ⊤, which always evaluates to true, also belongs to lab(T ).The pinpointing formula is a monotone Boolean formula over lab(T ), i.e., a Boolean formula built from lab(T ) using conjunction and disjunction only.
To motivate our pinpointing extension of general tableaux, we first describe such an extension of the simple decision procedure sketched for our Horn clause example.The main idea is that assertions are also labeled with monotone Boolean formulae.In the example, where T consists of the axioms of (1) and the axiomatized input is (p, T ), the initial set of assertions consists of ¬p.The label of this initial assertion is ⊤ since its presence depends only on the input p, and not on any of the axioms.By applying the rule (2) using axiom ax 2 , we can add the assertion s.Since the addition of this assertion depends on the presence of ax 2 , it receives label ax 2 .Then we can use ax 3 to add q.Since this addition depends on the presence of ax 3 and of the assertion s, which has label ax 2 , the label of this new assertion is ax 2 ∧ ax 3 .There is, however, also another possibility to generate the assertion q: apply the rule (2) using axiom ax 1 .In a "normal" run of the tableau algorithm, the rule would not be applicable since it would add an assertion that is already there.However, in the pinpointing extension we need to register this alternative way of generating q.Therefore, the rule is applicable using ax 1 , and its application changes the label of the assertion q from ax 2 ∧ ax 3 to ax 1 ∨ (ax 2 ∧ ax 3 ).Finally, we can use ax 4 to add the assertion p.The label of this assertion is ax 4 ∧ ax 2 ∧ (ax 1 ∨ (ax 2 ∧ ax 3 )) since the application of the rule depends on the presence of ax 4 as well as the assertions s and q.The presence of both p and ¬p gives us a clash, which receives label ⊤ ∧ ax 4 ∧ ax 2 ∧ (ax 1 ∨ (ax 2 ∧ ax 3 )).This so-called clash formula is the output of the extended algorithm.Obviously, it is equivalent to the pinpointing formula (ax 1 ∨ ax 3 ) ∧ ax 2 ∧ ax 4 that we have constructed by hand in Section 2.

The formal definition
Given a tableau S = (Σ, • S , R, C) that is correct for the c-property P, we show how the algorithm for deciding P induced by S can be modified to an algorithm that computes a pinpointing formula for P. Given an axiomatized input Γ = (I, T ), the modified algorithm also works on sets of S-states, but now every assertion a occurring in the assertion component of an S-state is equipped with a label lab(a), which is a monotone Boolean formula over lab(T ).We call such S-states labeled S-states.In the initial set of S-states M = (I, T ) S , every assertion is labeled with ⊤.
The definition of rule application must take the labels of assertions and axioms into account.Let A be a set of labeled assertions and ψ a monotone Boolean formula.We say that the assertion a is ψ-insertable into A if (i) either a / ∈ A, or (ii) a ∈ A, but ψ |= lab(a).Given a set B of assertions and a set A of labeled assertions, the set of ψ-insertable elements of B into A is defined as ins ψ (B, A) := {b ∈ B | b is ψ-insertable into A}.By ψ-inserting these insertable elements into A, we obtain the following new set of labeled assertions: A ⋒ ψ B := A ∪ ins ψ (B, A), where each assertion a ∈ A \ ins ψ (B, A) keeps its old label lab(a), each assertion in ins ψ (B, A) \ A gets label ψ, and each assertion b ∈ A ∩ ins ψ (B, A) gets the new label ψ ∨ lab(b).
Given a set of labeled S-states M and a labeled S-state S ∈ M to which the rule R is pinpointing applicable with substitution ρ, the pinpointing application of R to S with ρ in M yields the new set M ′ = (M \ {S}) ∪ {(A ⋒ ψ B i σ, T ) | i = 1, . . ., m}, where the formula ψ is defined as above and σ is a substitution on the variables occurring in R that extends ρ and maps the fresh variables of R to distinct new constants.
If M ′ is obtained from M by the pinpointing application of R, then we write M → R pin M ′ , or simply M → S pin M ′ if it is not relevant which of the rules of the tableau S was applied.As before, the reflexive-transitive closure of → S pin is denoted by To illustrate the definition of rule application, let us look back at the example from the beginning of this section.There, we have looked at a situation where the current set of assertions is A := {¬p, s, q} where lab(¬p) = ⊤, lab(s) = ax 2 , and lab(q) = ax 2 ∧ ax 3 .In this situation, the rule ( 1) is pinpointing applicable using ax 1 .In fact, in this case the formula ψ is simply ax 1 .Since this formula does not imply lab(q) = ax 2 ∧ ax 3 , the assertion q is ψ-insertable into A. Its insertion changes the label of q to ax 1 ∨ (ax 2 ∧ ax 3 ).
Consider a chain of pinpointing rule applications M 0 → S pin . . .→ S pin M n such that M 0 = Γ S for an axiomatized input Γ and M n is pinpointing saturated.The label of an assertion in M n expresses which axioms are needed to obtain this assertion.A clash in an S-state of M n depends on the joint presence of certain assertions.Thus, we define the label of the clash as the conjunction of the labels of these assertions.Since it is enough to have just one clash per S-state S, the labels of different clashes in S are combined disjunctively.Finally, since we need a clash in every S-state of M n , the formulae obtained from the single S-states are again conjoined.Definition 8 (clash set, clash formula) Let S = (A, T ) be a labeled Sstate and A ′ ⊆ A. Then A ′ is a clash set in S if there is a clash C ∈ C and a substitution ρ on var(C) such that A ′ = Cρ.The label of this clash set is Let M = {S 1 , . . ., S n } be a set of labeled S-states.The clash formula induced by M is defined as Recall that, given a set T of labeled axioms, a propositional valuation V induces the subset T V := {t ∈ T | lab(t) ∈ V} of T .Similarly, for a set A of labeled assertions, the valuation V induces the subset A V := {a ∈ A | V satisfies lab(a)}.Given a labeled S-state S = (A, T ) we define its V-projection as V(S) := (A V , T V ).The notion of a projection is extended to sets of S-states M in the obvious way: V(M) := {V(S) | S ∈ M}.The following lemma is an easy consequence of the definition of the clash formula: Lemma 2 Let M be a finite set of labeled S-states and V a propositional valuation.Then we have that V satisfies ψ M iff V(M) is full of clashes.
Proof.If V(M) is full of clashes, then for every S-state S i ∈ M, V(S i ) contains a clash.Thus, there is a clash set A ′ in S i such that the labels lab(a) are satisfied by V, for every a ∈ A ′ .This implies that the V satisfies the label ψ A ′ of this clash set.Hence, V satisfies the formula Since this is true for every S i ∈ M, then V satisfies the clash formula ψ M .
Conversely, if there is a S ∈ M such that V(S) does not contain a clash, it must be the case that for every clash set A ′ in S, there is an assertion a ∈ A ′ such that V doesn't satisfy lab(a).This means that V does not satisfy the label of any of the clash sets ψ A ′ .Hence, this valuation cannot satisfy the disjunction of such labels, nor the clash formula.
There is also a close connection between pinpointing saturatedness of a set of labeled S-states and saturatedness of its projection: Lemma 3 Let M be a finite set of labeled S-states and V a propositional valuation.If M is pinpointing saturated, then V(M) is saturated.
Proof.Suppose that there is a S-state S = (A, T ) ∈ M, and a rule R : (B 0 , S) → {B 1 , . . ., B m } such that R is applicable to V(S) with a substitution ρ.By definition of applicability, it holds then that S ⊆ T V , B 0 ρ ⊆ A V , and for every i, 1 ≤ i ≤ m and every substitution ρ Suppose now that R is not pinpointing applicable to S with the same substitution ρ.Since S ⊆ T V ⊆ T and B 0 ρ ⊆ A V ⊆ A, there must be an i and a substitution ρ ′ on var(B 0 ∪ B i ) extending ρ such that ins ψ (B i ρ ′ , A) = ∅, where ψ := b∈B 0 lab(bρ) ∧ s∈S lab(s).Then, for every b ∈ B i it holds that bρ ′ ∈ A and ψ |= lab(bρ ′ ).But we know that V satisfies ψ; thus, it must also satisfy lab(bρ ′ ), and thus bρ ′ ∈ A V , contradicting the fact the Given a tableau that is correct for a property P, its pinpointing extension is correct in the sense that the clash formula induced by the pinpointing saturated set computed by a terminating chain of pinpointing rule applications is indeed a pinpointing formula for P and the input.
Theorem 1 (correctness of pinpointing) Let P be a c-property on axiomatized inputs over I and T, and S a correct tableau for P. Then the following holds for every axiomatized input Γ = (I, T ) over I and T: For every chain of rule applications M 0 → S pin . . .→ S pin M n such that M 0 = Γ S and M n is pinpointing saturated, the clash formula ψ Mn induced by M n is a pinpointing formula for P and Γ.
To prove this theorem, we want to consider projections of chains of pinpointing rule applications to chains of "normal" rule applications.Unfortunately, things are not as simple as one might hope for since in general M → S pin M ′ does not imply V(M) → S V(M ′ ).First, the assertions and axioms to which the pinpointing rule was applied in M may not be present in the projection V(M) since V does not satisfy their labels.Thus, we may also have V(M) = V(M ′ ).Second, a pinpointing application of a rule may change the projection (i.e., V(M) = V(M ′ )), although this change does not correspond to a normal application of this rule to V(M).For example, consider the tableau rule (3) treating existential restrictions in description logics, and assume that we have the assertions (∃r.C)(a) with label ax 1 and r(a, b), C(b) with label ax 2 .Then the rule (3) is pinpointing applicable, and its application adds the new assertions r(a, c), C(c) with label ax 1 , where c is a new constant.If V is a valuation that makes ax 1 and ax 2 true, then the V projection of our set of assertions contains (∃r.C)(a), r(a, b), C(b).Thus rule (3) is not applicable, and no new individual c is introduced.To overcome this second problem, we define a modified version of rule application, where the applicability condition (iii) from Definition 5 is removed.Definition 9 (modified rule application) Given an S-state S = (A, T ), a rule R : (B 0 , S) → {B 1 , . . ., B m }, and a substitution ρ on var(B 0 ), this rule is m-applicable to S with ρ if (i) S ⊆ T and (ii) B 0 ρ ⊆ A. In this case, we write M → S m M ′ if S ∈ M and M ′ = (M \ {S}) ∪ {(A ∪ B i σ, T ) | i = 1, . . ., m}, where σ is a substitution on the variables occurring in R that extends ρ and maps the fresh variables of R to distinct new constants.
The next lemma relates modified rule application with "normal" rule application, on the one hand, and pinpointing rule application on the other hand.Note that "saturated" in the formulation of the first part of the lemma means saturated w.r.t.→ S , as introduced in Definition 5. 2. Assume that M and M ′ are finite sets of labeled S-states, and that V is a propositional valuation.Then Proof.Part 1 of this lemma is a corollary to Lemma 8, which will be proven later in this section.
For the second part of the lemma, let S = (A, T ) ∈ M and R : (B 0 , S) → {B 1 , . . ., B m } be such that R is pinpointing applicable to S with substitution ρ.
where σ and ψ are as in the definition of pinpointing application.
Take one of the newly added S-states S i = (A ⋒ ψ B i σ, T ) ∈ M ′ .By the definition of ψ-insertion, we know that every assertion a ∈ A \ ins ψ (B i σ, A) keeps its old label lab(a), each assertion in ins ψ (B i σ, A) \ A gets a label ψ and each assertion b ∈ A ∩ ins ψ (B i σ, A) gets the new label ψ ∨ lab(b).Thus, if V satisfies ψ, it holds that (A ⋒ ψ B i σ) V = A V ∪ B i σ, because all the newly added and modified labels will be satisfied by V.This implies that V(M) → S m V(M ′ ).
On the other hand, if V does not satisfy ψ, then (A ⋒ ψ B i σ) V = A V , since none of the newly added labels will be satisfied by V, and modifying a previously existing one by disjoining it with ψ does not change its satisfiability under V.In this case, V(M) = V(M ′ ).
We are now ready to prove Theorem 1.Let Γ = (I, T ) be an axiomatized input, and assume that M 0 → S pin . . .→ S pin M n such that M 0 = Γ S and M n is pinpointing saturated.We must show that the clash formula ψ := ψ Mn is a pinpointing formula for the property P.This is an immediate consequence of the next two lemmas.
Lemma 5 If (I, T V ) ∈ P then V satisfies ψ.
Proof.Let N 0 := (I, T V ) S .Since S terminates on every input, there is a saturated set N such that N 0 * − → S N .Since S is correct for P and (I, T V ) ∈ P, we know that N is full of clashes.
By 2. of Lemma 4, In addition, we know that V(M 0 ) = N 0 , and Lemma 3 implies that V(M n ) is saturated.Thus, 1. of Lemma 4, together with the fact that N is full of clashes, implies that V(M n ) is full of clashes.
By Lemma 2, this implies that V satisfies ψ = ψ Mn .
Lemma 6 If V satisfies ψ then (I, T V ) ∈ P.
Proof.Consider again a chain of rule applications N 0 = (I, T V ) S * − → S N where N is saturated.We have (I, T V ) ∈ P if we can show that N is full of clashes.
As in the proof of the previous lemma, we have that By 1. of Lemma 4, this implies that N is full of clashes.
To complete the proof of Theorem 1, it remains to show the first part of Lemma 4. Before proving this result, we will introduce the concept of substate.Intuitively, a S-state S is a substate of a S-state S ′ if every assertion and axiom in S is also part of S ′ .In our case, we want to make this notion more general, allowing for different constants to appear in both S-states, as long as there is a "renaming" from the constants of S into the ones of S ′ .Definition 10 (substate) A S-state S = (A, T ) is a substate of S ′ = (A ′ , T ′ ), denoted as S S ′ , if it holds that T ⊆ T ′ and there exists a renaming function f : cons(A) → cons(A ′ ) such that if the assertion P (a 1 , . . ., a k ) is in A, then P (f (a 1 ), . .
It is important to notice that for every pair of S-states S = (A, T ) and S ′ = (A ′ , T ′ ) such that S S ′ , if there is a set B of patterns and a substitution ρ on var(B) such that Bρ ⊆ A, then there is also a substitution, namely ρ ′ = ρ • f where f is the renaming function, with Bρ ′ ⊆ A ′ .In particular, this implies that if S contains a clash, then S ′ contains a clash too.
Lemma 7 Let N and N 0 be two sets of S-states, where N 0 is saturated.If there exist S ∈ N and S 0 ∈ N 0 such that S S 0 , then for every N → R m N ′ there is a S ′ ∈ N ′ such that S ′ S 0 .
Figure 1: Rules of a terminating tableau a tableau S does not imply termination of its pinpointing extension.This is the case since a rule may be pinpointing applicable in cases where it is not applicable in the normal sense (see the discussion above Definition 9).Intuitively, one could think that whenever this happens, the rule generates assertions with a label that does not imply the labels of the existing assertions that blocked the normal application of the rule.Termination of pinpointing rule application should follow from the fact that this can happen only finitely often since lab(T ) is finite, and thus there are only finitely many monotone Boolean formulae over lab(T ).We will now show with a counterexample that this intuition is not correct.
Consider a tableau S where the function • S maps every input I ∈ I to the singleton set I S = {{P 1 (a), P 2 (a)}} and R contains only the three rules shown in Figure 1.Suppose that the tableau algorithm is executed over an input of the form Γ = (I, {ax 1 , ax 2 }).This execution begins with the singleton set of S-states Γ S = {({P 1 (a), P 2 (a)}, {ax 1 , ax 2 })}.At this point, any of the rules R 1 or R 2 is applicable, but not R 3 since there is no assertion of the form P (d) with d a constant.For simplicity, on the following we will represent every S-state by showing only the set of assertions it contains; the set of axioms is always the same, namely {ax 1 , ax 2 }.
If rule R 1 is applied, then the rule R 2 is still applicable in the S-state obtained from such application, but R 3 is still not applicable because, although the assertion P (a) can be found there, it also contains the assertion Q 1 (a), violating this way the applicability conditions.Further applying the rule R 2 to the resulting S-state leads to a saturated S-state.Analogously, if one starts by applying R 2 , then the only further applicable rule is R 1 , leading to a saturated S-state. Figure 2 shows the tree of possible rule applications for all sets of S-states reachable from Γ S .In the figure, only a series of assertions are shown, since every set of S-states that is reached is a singleton.The left branch shows an application of rule R 1 followed by R 2 while the right branch shows the inverse ordering.
This shows that, regardless of the ordering chosen, the execution of the tableau will reach a saturated set of states after finitely many rule appli-P 1 (a), P 2 (a) Figure 2: The complete choice tree for rule application of the tableau using as axioms ax 1 and ax 2 .The tree shows only the assertions that are added to the parent S-state after an application of the rule.cations.Notice that the rule R 3 is never applicable.The reason for this is that at the beginning, Condition (ii) of the definition of applicability is not fulfilled, and whenever a rule application adds the assertion required for satisfying it, it adds also more assertions that contradict Condition (iii) of the same definition.
We can now try to apply the modified algorithm for pinpointing over this input.For this, we will begin with the set of labeled S-states given by {{P 1 (a), P 2 (a)}}, where the label of both assertions is set to ⊤.An application of the rule R 1 on the only S-state substitutes it with another one having two additional assertions P (a), Q 1 (a), labeled with ax 1 .A pinpointing application of rule R 2 to the resulting S-state adds the assertion: Q 2 (a) with label ax 2 , and modifies lab(P (a)) to the formula ax 1 ∨ ax 2 .
We then have an assertion P (a) in this labeled S-state, and although the assertions Q 1 (a) and Q 2 (a) are also there, their labels are such that lab(P (a)) |= lab(Q 1 (a)) and lab(P (a)) |= lab(Q 2 (a)).Thus, rule R 3 is pinpointing applicable to this S-state.Applying it leads to the set of labeled S-states defined by: In fact, the last two sets define the same state, which is the same defined by A.
For the first of those S-states, the rule R 3 is again applicable, substituting it by three more S-states, one of which contains an extra assertion of the form P (c) for which the same rule is again applicable.The same rule can be applied once and again, and hence the modified algorithm never reaches a pinpointing saturated set of S-states.This example shows that the termination of a tableau S does not necessarily imply the termination of its pinpointing example.The reason in this case is that a rule that can never be applied with the "normal" applicability conditions produces a non-terminating cycle of addition of new constants to the S-states.Despite our efforts, we have not been able to fully characterize the tableaux for which this is not the case, nor any other conditions ensuring the transfer of termination from a tableau to its pinpointing extension.

Conclusion
We have introduced a general notion of tableaux, and have shown that tableaux that are correct for a consequence property can be extended such that a terminating run of the extended procedure computes a pinpointing formula.From this formula, minimal axiom sets and maximal non-axiom sets can be derived.
The most important topic for future research is to solve the termination issue: fully characterize the conditions under which tableau termination is transfered to its pinpointing extension.In addition, our current framework has two restrictions that we will try to overcome in future work.First, our tableaux rules always extend the current set of assertions.We do not allow for rules that can modify existing assertions.Thus, tableau-based algorithms that identify constants, like the rule treating at-most number restrictions in description logics (see, e.g., [5]), cannot be modelled.A similar problem occurs for the tableau systems introduced in [3].There, it was solved by modifying the applicability condition of rules by allowing rules that introduce new individuals (in our notation: rules with fresh variables) to reuse existing individuals.However, this makes such rules intrinsically non-deterministic.In our setting, we believe that we can solve this problem more elegantly by introducing equality and inequality predicates.
Second, our approach currently assumes that a correct tableaux always terminates, without considering additional blocking conditions.As shown in [16], extending a tableau with blocking to a pinpointing algorithm requires some additional effort.Solving this for the case of general tableaux will be a second important direction for future research.

Definition 4 (
Tableau) Let I be a set of inputs and T a set of axioms.A tableau for I and T is a tuple S = (Σ, • S , R, C) where • Σ is a signature;• • S is a function that maps every I ∈ I to a finite set of finite sets of Σ-assertions;• R is a set of rules of the form (B 0 , S) → {B 1 , . . ., B m } where B 0 , . . ., B m are finite sets of Σ-patterns and S is a finite set of axioms;• C is a set of finite sets of Σ-patterns, called clashes.Given a rule R : (B 0 , S) → {B 1 , . . ., B m }, the variable y is a fresh variable in R if it occurs in one of the sets B 1 , . . ., B m , but not in B 0 .An S-state is a pair S = (A, T ) where A is a finite set of assertions and T a finite set of axioms.We extend the function • S to axiomatized inputs by defining (I, T ) S := {(A, T ) | A ∈ I S }.

Lemma 4
Let Γ = (I, T ) be an axiomatized input and M 0 = Γ S .1. Assume that M 0 * − → S M and M 0 * − → S m M ′ and that M and M ′ are saturated finite sets of S-states.Then M is full of clashes iff M ′ is full of clashes.