Keywords

1 Introduction

Formal reasoning using proof rules is a well-established mechanism for explaining and deriving the truth of statements, both in general-purpose first- and higher-order logics [2, 16] as well as special-purpose logics in arithmetic [5], knowledge discovery [15], program verification [13] etc. Here we are concerned with the problem of proving statements about the local “behaviour” of certain real-valued functions. A proof calculus for such simple statements may be interesting purely for its logical (meta-)properties. There is, however, also a very concrete motivation for this work: digitalisation of experiments in natural sciences in secondary-education classrooms. Studies show how digitalisation can benefit such teaching-learning environments [10, 18], not least by channeling pupils’ interaction through a software tool to enforce better learning [11].

In classes of natural sciences like biology, physics and chemistry, pupils are often taught some background knowledge about particular subjects which they then need to put to the test experimentally. For this, they are given a research question which typically asks them to discover and formulate a particular phenomenon in form of a so-called hypothesis, and to validate its correctness experimentally. Take for instance as an “experiment” in a physics class the standard European alternating current at 230 V 50 Hz. The way that voltage fluctuates over time – in other words: time influences voltage – and voltage induces (resp. influences) a current, forms the background theory, and a research question could for instance be: how does the current change over time? We aim to provide digital technology that can answer such questions automatically in order to give valid feedback to a pupil about their success in this task.

Formal models for processes from natural sciences have been proposed in the literature [19], like Petri nets [6, 12] or hybrid automata [1, 3]. They allow for precise modelling of experiments; the price to pay is that of undecidability of model checking already, let alone validity checking. Moreover, they rely on exact knowledge about the nature of influences in such experiments, and this can often only be described by differential equations. Hence, determining correctness of a hypothesis requires sophisticated algebraic or numerical methods.

Here, we model experiments abstractly as influence schemes, that is sets \(\mathcal {C}\) of statements about certain parts of an influence, allowing them to be built from observations for instance. Correctness of a hypothesis H then is the question of whether H logically follows from \(\mathcal {C}\). We provide the framework for modelling experiments and hypotheses about influences in the form of a simple language of statements, a formal semantics via collections of partial continuous functions, and a proof calculus for logical consequence in this language. We show that it is sound in general, complete for a large and useful class of hypotheses and experiment models, i.e. influence schemes, and that it is polynomial-time decidable.

The completeness proof uses elements that are similar to constructions for general logics. A key ingredient is normalisation, essentially a saturation process comparable to the construction of Hintikka or maximally consistent sets, cf. [7, 17]. Another one is the effective construction of countermodels for such saturated sets, cf. [8, 9, 14]. The details of these constructions are of course tailored to the specifics of the mixed discrete-continuous structures here, dealing with properties of collections of (partial) continuous functions associated with pairs of elements of some underlying finite partial order.

The paper is organised as follows. Section 2 introduces the mathematical basics in terms of functions on the reals, statements, influence schemes, hypotheses etc. Section 3 presents the proof calculus including its soundness. Section 4 begins by showing that the proof calculus is generally incomplete, as the relatively simple statements cannot make assertions capturing certain phenomena arising with functions on the reals. We then develop a restriction on influence schemes and show that completeness does hold in this case. The full proofs of technical lemmas are omitted for reasons of space restriction. Section 5 discusses the computational problem of proof search. Section 6 concludes with remarks on further work.

2 Modelling Influence

Statements and Influence Schemes. In all of the following, \(\mathcal {V}= \{a,b,\ldots \}\) denotes a finite set of variables, and we assume that these are partially ordered by \(\le \) with < denoting its strict subset.

An interval (of reals) is denoted [xy] for \(x,y \in \mathbb {Q}\cup \{-\infty ,\infty \}\) with \(x \le y\). Abusing standard notation, we write, e.g. \([-\infty ,10]\) rather than \((-\infty ,10]\) for the set of all real numbers z with \(z \le 10\), since we only consider intervals that are closed at rational bounds (for purposes of effective representation) and semi-open only at infinities. This provides a common notation for intervals and saves us making case distinctions everywhere, depending on the interval bounds.

A \(\mathcal {V}\)-statement is a 5-tuple \(S = (a,I,q,I',b)\), typically written as , s.t. \(a,b \in \mathcal {V}\) with \(a < b\), and \(I,I'\) are intervals in the sense above. I is called the domain, denoted \( dom (S)\), and required to be a non-singleton interval. \(I'\) is the range, denoted \( rng (S)\). Finally, \(q \in \mathcal {Q}:= \{\mathop {\nearrow },\mathop {\searrow },\mathop {\rightarrow },\mathop {\rightsquigarrow }\}\) is called a behaviour. It describes a gradient of the influence abstractly as either monotonic, antitonic, constant or arbitrary. When the variables ab involved in the statement S are clear from or irrelevant for the context, we also often simply write .

The statement S is used to formalise the assertion “variable ainfluences variable b on the interval I in a way described by q, s.t. varying the value for a in this interval results in b taking values from the interval \(I'\).

A \(\mathcal {V}\)-influence scheme, or simply influence scheme if \(\mathcal {V}\) is clear from the context, is a finite set \(\mathcal {C}\) of \(\mathcal {V}\)-statements. Intuitively, an influence scheme describes the way that certain variables influence each other in an abstract way.

Example 1

We build an influence scheme for the AV-voltage experiment. The relevant variables are t for time, v for voltage and c for current, ordered by \(\textsf{t}<\textsf{v} < \textsf{c}\). A theory of how voltages alternates over time (in the standard European alternating 230 V/50 Hz setting) and how it induces a current at a resistance of 326 \(\varOmega \) can be formalised as follows. Remember that a scheme is a finite set of statements like etc. Each can easily be visualised as a rectangle in the 2-dimensional plane for the pair of involved variables: horizontal and vertical edges determine domain and range, and the behaviour can be shown as a label on the rectangle. A particular influence scheme \(\mathcal {C}\) with 20 statements is shown in Fig. 1 as grey rectangles in this way. The behaviours in the graph in the middle are left out for better visibility; they are all supposed to be \(\mathop {\nearrow }\).

The orange lines in the graphs of Fig. 1 represent a so-called influence experiment, as it will be explained below. At this point, it can be used to show that influence schemes as formal models of experiments can be obtained through data sampling. Note how the borders of the rectangles in the scheme \(\mathcal {C}\) coincide with values of the functions represented by the orange lines in most cases.

Note that the scheme \(\mathcal {C}\) shown in Fig. 1 contains no statements for the pair \((\textsf{t},\textsf{c})\) of variables. This does not mean that time does not influence current in this scheme: clearly, if time influences voltage, and voltage influences current, then time executes some influence on current. Hence, a valid question asks whether the statement H shown as a blue rectangle follows logically from the scheme \(\mathcal {C}\) in the sense that whenever time influences voltage and voltage influences current in the way described by \(\mathcal {C}\), does time then also influence current in the way described by H? We use the letter H for such a statement as it plays the role of a hypothesis: in logical terms it is just a statement, but from an application point of view it is special in that it signifies an implicit question after its truth with respect to a scheme.

Fig. 1.
figure 1

An influence scheme (grey rectangles), a hypothesis (blue dashed rectangle) and an influence experiment (orange lines) between time, voltage and current. (Color figure online)

Full size image

A Formal Semantics. In order to give a well-defined meaning to the question whether H follows from \(\mathcal {C}\) for a given scheme \(\mathcal {C}\) and hypothesis H, we introduce a formal interpretation of statements in so-called influence experiments. We need to recall and define a few technicalities about functions over the reals.

An influence is a function \(f: \mathbb {R}\mathbin {\rightharpoonup }\mathbb {R}\) s.t. \( dom (f)\) is a non-singleton interval in the sense above, and f is continuous on its domain in the usual sense. We write \(f(x) = \bot \) if \(x \not \in dom (f)\). When composing partial functions we assume undefined values to be absorbing, i.e. \(g(f(x)) = \bot \) if \(f(x) = \bot \).

An influence f is called monotonic, antitonic or constant on \([x,y] \subseteq dom (f)\), if for all \(z,z' \in [x,y]\) with \(z \le z'\) we have \(f(z) \le f(z')\), respectively \(f(z) \ge f(z')\) and \(f(z) =f(z')\). It satisfies the statement , written \(f \models S\), if the following two conditions are met.

  1. 1.

    \(f(z) \in [x',y']\) for all \(z \in [x,y]\).

  2. 2.

    \(q = \mathop {\nearrow }\) and f is monotonic on [xy], or \(q = \mathop {\searrow }\) and f is antitonic on [xy], or \(q = \mathop {\rightarrow }\) and f is constant on [xy], or \(q = \mathop {\rightsquigarrow }\).

Since every constant function is monotonic and antitonic, and each of these is also an arbitrary one, we naturally obtain a partial order \(\preceq \) on behaviours that features unique infima and suprema, shown in Fig. 3. Note that, whenever and \(q \preceq q'\) then also .

We are now ready to define the formal semantics of influence schemes.

Definition 1

Let \(\mathcal {V}\) be as above. A \(\mathcal {V}\)-influence experiment is a collection \(\mathcal {F}\) of influences, namely one function \(\mathcal {F}_{a,b}\) for each pair (ab) s.t. \(a < b\), altogether satisfying the following coherence property (CP).

  • For all \(a,b,c \in V\) s.t. \(a < b\), \(b < c\) and all \(x \in \mathbb {R}\): \(\mathcal {F}_{a,c}(x) = \mathcal {F}_{b,c}(\mathcal {F}_{a,b}(x))\).

\(\mathcal {F}\) satisfies the \(\mathcal {V}\)-statement , written \(\mathcal {F}\models S\), if . \(\mathcal {F}\) satisfies the \(\mathcal {V}\)-influence scheme \(\mathcal {C}\), written \(\mathcal {F}\models \mathcal {C}\), if \(\mathcal {F}\models S\) for all \(S \in \mathcal {C}\).

CP together with the absorption of \(\bot \) in function composition is the reason for demanding the variables to be partially ordered: \(\mathcal {F}_{a,a}\), for any variable a would have to be the total identity function to satisfy CP. And then we would have \(\mathcal {F}_{b,a} = \mathcal {F}_{a,b}^{-1}\) for any ab. Thus, by demanding that \(\mathcal {F}_{a,b}\) is only defined whenever \(a < b\) we avoid problems arising with non-invertible functions.

Example 2

Figure 1 shows a particular time-voltage-current experiment \(\mathcal {F}\) as three influences drawn as orange graphs. It represents the way that voltage alternates in time along a sine curve with amplitude \(230 \cdot \sqrt{2} \approx 326\) V and frequency 50 Hz. Electric current depends linearly on voltage in this experiment, with a factor of \(\frac{1}{326}\) used here suggesting an electrical resistance of 326 \(\varOmega \). The coherence property then demands a third influence \(\mathcal {F}_{\textsf{t},\textsf{c}}\) as their composition on the domain of \(\mathcal {F}_{\textsf{t},\textsf{v}} = [0,\infty ]\) which is also a sine curve.

Let \(\mathcal {C}\) be the influence scheme shown in Fig. 1 and introduced in Example 1. Clearly \(\mathcal {F}\not \models \mathcal {C}\) because \(\mathcal {F}\) does not satisfy the second (degenerate) rectangle representing the statement and neither the fifth representing . This is because \(\mathcal {F}_{\textsf{t},\textsf{v}}\) is neither constant on [3, 7] nor antitonic on [12, 16], and because it assumes values outside of the statements’ ranges on these domains, e.g. \(\mathcal {F}_{\textsf{t},\textsf{v}}(5) = 326 \not \in [264,264]\) and \(\mathcal {F}_{\textsf{t},\textsf{v}}(15) = -326 \not \in [-310,-192]\).

Note that satisfaction of a statement S by an influence f means that the graph of f enters the rectangle representing S through its left edge and leaves it only through its right edge, and within this rectangle it displays the behaviour stated in S. This is the case for instance for the hypothesis H drawn as a blue rectangle: \(\mathcal {F}\models H\) indeed. But this does not allow any conclusion to be drawn about whether H follows from \(\mathcal {C}\) in any way.

The interpretation of an influence scheme through influence experiments naturally gives rise to a notion of logical consequence: we say that the \(\mathcal {V}\)-statement H follows from the \(\mathcal {V}\)-influence scheme \(\mathcal {C}\), written \(\mathcal {C}\models H\), if \(\mathcal {F}\models H\) for all \(\mathcal {V}\)-influence experiments s.t. \(\mathcal {F}\models \mathcal {C}\). Thus, an influence scheme \(\mathcal {C}\) can be seen as a finite representation of an (uncountable) number of \(\mathcal {V}\)-experiments, which yields the abstract nature of these schemes as mentioned in the introduction.

The semantics also gives rise to a natural notion of equivalence between schemes: \(\mathcal {C}\) and \(\mathcal {C}'\) are equivalent, written \(\mathcal {C}\equiv \mathcal {C}'\), if for all \(\mathcal {F}\) we have \(\mathcal {F}\models \mathcal {C}\) iff \(\mathcal {F}\models \mathcal {C}'\). Note that this is the case iff for all hypotheses H we have \(\mathcal {C}\models H\) iff \(\mathcal {C}' \models H\). Equivalent schemes can therefore be seen as (possibly different) descriptions of the same experimental setup, up to a certain amount of imprecision determined by the description of the experimental setup through discrete statements.

3 The Calculus of Influence

The concept of consequence between a scheme and a hypothesis provides the foundations for a logical approach to modelling experimental setups and correctness of hypotheses w.r.t. them. Ideally, the consequence relation \(\models \) would be decidable, since this would provide a way to automatically check the correctness of a hypothesis w.r.t. a given scheme. In this section we develop a proof-theoretic characterisation of \(\models \) in terms of a provability predicate \(\vdash \). Ideally, \(\vdash \) would be sound and complete w.r.t. \(\models \), i.e. a statement would follow from an influence scheme iff it is provably derivable from it. Then decidability of \(\vdash \) (cf. Sect. 5) would yield the basis for automatic reasoning about influence in experimental setups.

Fig. 2.
figure 2

Proof rules for correctness of a statement w.r.t. an influence scheme \(\mathcal {C}\). See Fig. 3 for the definitions of \(\preceq \) and \(\otimes \).

Full size image

Henceforth, let \(\mathcal {V}\) and a \(\mathcal {V}\)-influence scheme \(\mathcal {C}\) be fixed. We say that a \(\mathcal {V}\)-statement H is provable w.r.t. \(\mathcal {C}\), written \(\mathcal {C}\vdash H\), if there is a finite proof for H in the proof system whose rules are shown in Fig. 2.

We will briefly explain the intuition behind each of them. The rule \((\textsf{F})\), which serves as an axiom, essentially states that any statement which is part of the scheme, follows from it. \((\textsf{G})\) expresses the fact that experiments are comprised of potentially partial functions whose domain is always some interval. It states that any function \(\mathcal {F}_{a,b}\) which shows some certain behaviour on the interval [xy], and some certain behaviour on the interval \([x',y']\) where \(y < x'\), must also be defined on the interval \([y',x]\). However, we cannot determine better bounds than infinities on its values, nor a non-arbitrary behaviour there.

Rule \((\textsf{T})\) expresses the transitivity principle laid out in the coherence property of \(\mathcal {V}\)-experiments: when a influences b s.t. a-values in I lead to b-values in \(I_1\), and \(I_1 \subseteq I_2\), and b-values in \(I_2\) lead to c-values in \(I'\), then a-values in I lead to c-values in \(I'\). Moreover, the behaviour of the influence from a to c can be derived from the ones from a to b and from b to c via the multiplication table for \(\otimes \) shown in Fig. 3.

Rule \((\textsf{I}^-)\) expresses weakening of statements w.r.t. the involved intervals. Any function which maps values from \(I_1\) to values in \(I_2\) must also do so for values from a subset of \(I_1\), and their range is naturally limited by any superset of \(I_2\). On the other hand, \((\textsf{I}^+)\) represents an important strengthening principle: any function that maps values from \(I_1\) to \(I_1'\) and values from \(I_2\) to \(I_2'\) must map values from \(I_1 \cap I_1'\) to \(I_2 \cap I_2'\). Note that the rule is only (meaningfully) applicable if \(I_1 \cap I'_1 \ne \emptyset \). Moreover, the behaviour on the intersection can be determined from those on the two involved intervals. For instance, if \(\mathcal {F}_{a,b}\) is monotonic on \(I_1\) and antitonic on \(I'_1\) then it must be both monotonic and antitonic on \(I_1 \cap I'_1\), hence, it must in fact be constant there.

Rules \((\textsf{L}^+_{\mathop {\nearrow }})\)\((\textsf{R}^+_{\mathop {\searrow }})\) express further strengthening principles which are applicable in situations where two statements are made about the behaviour of a function on adjacent intervals. Suppose for instance, that \(\mathcal {F}_{a,b}\) maps values from [xy] monotonically into [lu], and values from [yz] somehow into \([l',u']\). In particular, we have \(\mathcal {F}_{a,b}(y) \le u\) since \(y \in [x,y]\), and \(\mathcal {F}_{a,b}(y) \le u'\) since \(y \in [y,z]\), i.e. \(\mathcal {F}_{a,b}(y) \le \min (u,u')\). By monotonicity, for all \(z'\) with \(x \le z' \le y\) we must have \(\mathcal {F}_{a,b}(z') \le \min (u,u')\) as well. Hence, from the knowledge about the monotonic behaviour of \(\mathcal {F}_{a,b}\) on [xy] and the upper bound on an adjacent interval to the right of it, we can possibly infer a tighter upper bound on the values of \(\mathcal {F}_{a,b}\) on [xy]. This is what rule \((\textsf{L}^+_{\mathop {\nearrow }})\) does. The other three rules \((\textsf{L}^+_{\mathop {\searrow }})\), \((\textsf{R}^+_{\mathop {\nearrow }})\) and \((\textsf{R}^+_{\mathop {\searrow }})\) cover the analogous cases of the behaviour being antitonic or the adjacent statement being on the other side.

Fig. 3.
figure 3

Order \(\preceq \) (left) and multiplication \(\otimes \) (right) on behaviours.

Full size image

Rule \((\textsf{J})\) can be used to infer statements about the behaviour of a function on parts of its domain which are comprised of several intervals. If \(\mathcal {F}_{a,b}\) maps values from [xy] into \(I_1\) with behaviour q, and values from [yz] into \(I_2\) with behaviour \(q'\), then it maps values from [xz] into \(I_1 \cup I_2\), provided that this is an interval. Moreover, the behaviour on the larger interval can be determined from q and \(q'\) by simply taking the supremum w.r.t \(\preceq \). This is obviously associative, which allows us to write \(\sup _\preceq (q_1,\dotsc ,q_n)\) without ambiguity.

Note that \((\textsf{J})\) is also a weakening rule: for instance, from and we can infer , describing any influence \(\mathcal {F}_{a,b}\) that maps values from [0, 2] to [0, 2], for instance \(\mathcal {F}_{a,b}(x) = 2-x\). I.e. we have \(\mathcal {F}\models S\), but \(\mathcal {F}\not \models S_1\) and \(\mathcal {F}\not \models S_2\). Likewise, \((\textsf{Q}^-)\) allows the weakening of behaviours. It states that a function which possesses a certain behaviour on an interval also possesses any weaker behaviour on this interval.

At last, rule \((\textsf{C})\) expresses a simple principle: an influence of variable a onto b whose values can be bounded by a singleton interval, is of constant behaviour.

Fig. 4.
figure 4

Proof of the hypothesis H from the scheme \(\mathcal {C}\) in Example 1.

Full size image

Example 3

A proof of \(\mathcal {C}\vdash H\) for the scheme \(\mathcal {C}\) and the hypothesis shown in Fig. 1 (cf. Example 1) is given in Fig. 4. The subtrees that are abbreviated by vertical dots are very similar to their siblings and therefore omitted in order to keep the tree small.

The following theorem then guarantees that \(\mathcal {C}\models H\) holds, too.

Theorem 1

(Soundness). Let \(\mathcal {C}\) be an influence scheme and S be a statement. If \(\mathcal {C}\vdash S\) then \(\mathcal {C}\models S\).

Proof

First we observe that all the rules are sound in the sense that if \(\mathcal {C}\models T\) for all premises T of some rule, then \(\mathcal {C}\models S\) for its conclusion S. This is trivial for rule \((\textsf{F}) \) and can be easily be shown by contradiction for the other 11 rules. The theorem can then easily be shown by induction on the height of a proof tree for \(\mathcal {C}\vdash S\).    \(\square \)

4 Completeness for Elementary Diamond-Free Schemes

General Incompleteness. We remark that the calculus of influence is not complete in general. Consider the variable order \(a< b < c\) and the scheme \(\mathcal {C}\) (in grey) and hypothesis H (in dashed blue) represented by the following rectangles.

figure o

It seems that H does not follow from \(\mathcal {C}\) because it demands constant behaviour of an influence \(\mathcal {F}_{b,c}\) on the interval [1, 2] while \(\mathcal {C}\) only prescribes monotonic behaviour there. However, we have \(\mathcal {C}\models H\) indeed for the following reason: the combination of with yields . Together with we get , i.e. we must have that \(\mathcal {F}_{a,c}\) is constant on [1, 2] for any \(\mathcal {F}\) with \(\mathcal {F}\models \mathcal {C}\). Since \(\mathcal {F}_{a,c} = \mathcal {F}_{b,c} \circ \mathcal {F}_{a,b}\) and \(\mathcal {F}_{a,b}\) cannot be constant on [1, 2] because of the two statements neighbouring \(S_1\), we must indeed have that \(\mathcal {F}_{b,c}\) is constant on [1, 2]. Thus, \(\mathcal {C}\models H\) but the rules do not support this kind of backwards reasoning (from (ac) to (bc)). Hence, we have \(\mathcal {C}\not \vdash H\).

There are two principal ways to go from here: either extend the calculus by rules formalising this kind of reasoning, or try to achieve completeness for a restricted class of schemes and hypotheses only. We do the latter; the former would require a significant extension of the machinery as the example above shows: backwards reasoning introduces nondeterminism, and in order to resolve it one needs to take contexts of statements into account. This suggests that general completeness may only be achieved through a general extension of the format of rules. Note also that completeness cannot hold for a class of schemes containing inconsistent ones, where \(\mathcal {C}\) is said to be consistent if there is some \(\mathcal {F}\) s.t. \(\mathcal {F}\models \mathcal {C}\). The reason is that we have \(\mathcal {C}\models H\) for any H whenever \(\mathcal {C}\) is inconsistent, even when H makes an assertion about variables not occurring in \(\mathcal {C}\) in which case it is clear that H cannot be derived from \(\mathcal {C}\).

Normalisation. We develop some general machinery that is useful for obtaining completeness in a restricted case. For a scheme \(\mathcal {C}\) and variables ab with \(a < b\) we write \(\mathcal {C}_{a,b}\) for the set of statements \(S \in \mathcal {C}\) s.t. for some \(I,q,I'\).

Definition 2

We call a scheme \(\mathcal {C}\) separated if for all \(a,b \in \mathcal {V}\) with \(a < b\) there are \(n \in \mathbb {N}\) and \(x_1< \ldots < x_{n+1} \in \mathbb {Q} \cup \{-\infty ,\infty \}\), behaviours \(q_1,\ldots ,q_n\) and intervals \([l_1,u_1],\ldots ,[l_n,u_n]\) s.t.

figure v

This induces a natural notion of left and right neighbour of a statement T in a separated scheme, denoted \( lnb (T)\) and \( rnb (T)\) when they exist.

We say that such a separated \(\mathcal {C}\) is minimal if for all \(i=1,\ldots ,n\) we have

  1. a)

    if \(q_i = \mathop {\nearrow }\) then \(u_i \le u_{i+1}\) and \(l_{i-1} \le l_i\),

  2. b)

    if \(q_i = \mathop {\searrow }\) then \(l_i \ge l_{i+1}\) and \(u_{i-1} \ge u_i\)i

  3. c)

    if \(q_i = \mathop {\rightarrow }\) then \(u_i \le \min (u_{i-1},u_{i+1})\) and \(l_i \ge \max (l_{i-1},l_{i+1})\),

where we set \(l_0 = l_{n+1} := -\infty \) and \(u_0 = u_{n+1} := \infty \) to avoid case distinctions.

\(\mathcal {C}\) is called transitive if for all \(a,b,c \in \mathcal {V}\) with \(a< b < c\) and all \(x,y \in \mathbb {R}\) we have the following: if \(x \in I_1\), \(y \in I_2\) for some statement , and \(y \in I_3\) for some statement , then there is a statement s.t. \(x \in I_5\) and \(I_6 \subseteq I_4\).

\(\mathcal {C}\) is called normalised if it is separated, minimal and transitive.

So, intuitively, separation and minimality predict that the statements in a normalised scheme can be arranged as a sequence of horizontally adjacent rectangles, for each pair of variables ab, with no gaps in between, and no statement can be strengthened further because of its left or right neighbours (compare this to the strengthening rules \((\textsf{L}^+_{\mathop {\nearrow }})\)\((\textsf{R}^+_{\mathop {\searrow }})\)). Transitivity means that \(\mathcal {C}\) is complete in the sense that whenever it allows \(\mathcal {F}_{a,b}(x) = y\) and \(\mathcal {F}_{b,c}(y) = z\) for some xyz, then it must also predict the possibility of \(\mathcal {F}_{a,c}(x) = z\).

Lemma 1

(Normalisation Lemma). Let \(\mathcal {C}\) be a consistent scheme. There is a normalised scheme \(\mathcal {C}^*\) s.t. \(\mathcal {C}^* \equiv \mathcal {C}\) and for all \(T \in \mathcal {C}^*\) we have \(\mathcal {C}\vdash T\).

Proof

(Sketch) We successively transform \(\mathcal {C}\) into \(\mathcal {C}^*\) using operations that follow rule applications. \((\textsf{G})\), \((\textsf{I}^+)\) and \((\textsf{I}^-)\) (in restricted form) can be used to obtain separation, \((\textsf{L}^+_{\mathop {\nearrow }})\)\((\textsf{R}^+_{\mathop {\searrow }})\) to ensure minimality, and \((\textsf{T})\) together with \((\textsf{J})\) to ensure transitivity. The trick is then to arrange the process of saturating \(\mathcal {C}\) by adding new statements and replacing some with others in a terminating way.

In the following, we will write \(\mathcal {C}^*\) to denote a normalised scheme obtained from \(\mathcal {C}\) that satisfies the conditions of this lemma. Note that \(\mathcal {C}^*\) is not necessarily unique; for example statements with adjacent domains and equal ranges and behaviours can be merged using rule \((\textsf{J})\) or statements can be split w.r.t. to their domain using \((\textsf{I}^-)\) without breaking the conditions of the lemma.

Fig. 5.
figure 5

A normalisation \(\mathcal {C}^*\) (red) of the influence scheme \(\mathcal {C}\) from Example 1 (Color figure online) (grey).

Full size image

Example 4

Figure 5 shows the result of normalising the scheme \(\mathcal {C}\) from Example 1 (grey rectangles) as a scheme \(\mathcal {C}^*\) with 11+25+11=47 statements shown as red rectangles. It should be clear that the hypothesis H, also depicted here as a blue rectangle, does indeed follow from \(\mathcal {C}^*\): intuitively, it is impossible to draw an influence experiment into these diagrams as three functions that traverse through the red rectangles in the prescribed ways without also traversing through the blue rectangle correctly.

Figure 5 suggests the use of the normalisation process for proof construction: a close inspection of the example proof in Fig. 4 allows the origin of the red rectangles touched by the hypothesis H to be traced back to the grey ones from the original scheme.

Countermodel Construction. The following two lemmas contain one of the main ingredients for obtaining a completeness result: they show how to construct influences on a particular statement in a normalised scheme piecewise to one that satisfies all the statements for the same variables in this scheme. Note that this does not construct an influence experiment (yet) as it does not show how to construct influences for other pairs of variables.

We first make an observation about the possibility to satisfy statements in a normalised scheme by particular influences. A sequence \(S_1,\dotsc ,S_m\) of statements is called connected if \(y_i = x_{i+1}\), i.e. \(S_{i+1} = rnb (S_i)\) for all \(i < n\). A connector for \(S_1,\dotsc ,S_n\) is an influence f s.t. \( dom (f) = [x_1,y_n]\) and, for all \(i \le n\), we have that . Such a connector f is strict if, additionally, for all \(i \le n\) we have for any \(q' \prec q_i\). It is range-covering if there are \(x,y \in [x_1,y_n]\) such that \(f(x) = \min \{x'_1,\dotsc ,x'_n\}\) and \(f(y) = \max \{ y'_1,\dotsc , y'_n\}\). Sometimes, we will need to construct connectors for single statements S which are simply sequences of length 1 only.

Lemma 2

(Connectors Lemma). Let \(\mathcal {C}\) be consistent and normalised and .

  1. a)

    Suppose \(x'',y'' \in \mathbb {R}\) are given s.t. \(x< x'' < x'\) and \(y \le y'' \le y'\). Then there is a connector f for S s.t. \(f(x'') = y''\).

  2. b)

    Suppose \(y'' \in rng ( lnb (S)) \cap rng (S)\) is given. Then there is a connector f for S s.t. \(f(x) = y''\).

  3. c)

    Suppose \(y'' \in rng (S) \cap rng ( rnb (S))\) is given. Then there is a connector f for S s.t. \(f(x') = y''\).

  4. d)

    Let \(S_1,\dotsc ,S_n\) be connected s.t. the behaviour of \(S_i\) is not \(\mathop {\rightarrow }\) for some i. Then there is a strict, range-covering connector for \(S_1,\dotsc ,S_n\).

Proof

(Sketch) Parts (a)–(c) essentially boil down to a case distinction, depending on the behaviour q. However, it is relatively easy to observe that the requirements in all three cases are always satisfiable by a function that is either linear or composed of two linear functions on the interval \([x,x']\), making use of the intuitive fact that in a rectangle, with two points given on the left and right edge and one in the middle, it is always possible to draw a (straight) line within this rectangle from the left point to the middle one, and then continue it to the right one. Part (d) requires a decomposition of the sequence \(S_1,\dotsc ,S_n\) according to their behaviours.

An immediate consequence of this is the possibility to build influences for not just a single statement in a normalised scheme, but in fact for all the statements concerning the same pair of variables. This crucially relies on parts (b) and (c) of Lemma 2.

Lemma 3

(Small Extension Lemma). Let \(\mathcal {V}\) be a partially ordered set of variables, \(a,b \in \mathcal {V}\) s.t. \(a < b\), and \(\mathcal {C}\) be a consistent and normalised \(\mathcal {V}\)-influence scheme s.t.

figure ad

Let \(1 \le j \le k \le n\) and \(f'\) be a connector for \(T_j,\dotsc ,T_k\). Then there is an influence f s.t. \( dom (f) = [x_1,x_{n+1}]\), \(f \models T_j\) for all \(j=1,\ldots ,n\), and \(f(x) = f'(x)\) for all \(x \in [x_j,x_{k+1}]\).

Completeness for Elementary Schemes over Diamond-Free Orders. Let \(\mathfrak {C}\) be a class of pairs of schemes and statements. We say that the calculus of influence is complete for \(\mathfrak {C}\) if for all \((\mathcal {C},S) \in \mathfrak {C}\) we have: if \(\mathcal {C}\models S\) then \(\mathcal {C}\vdash S\). We now concentrate on a class that allows for a construction proving completeness, and which still captures a large class of experiments and hypotheses occurring in natural sciences, cf. the concluding section for a discussion on that.

We call a pair (ab) of variables elementary if \(a < b\) and there is no c s.t. \(a< c < b\). Any finite partial order is the (reflexive-)transitive closure of a finite set of elementary pairs. A statement is called elementary if (ab) is elementary. A scheme \(\mathcal {C}\) is called elementary if all \(T \in \mathcal {C}\) are elementary.

We say that the partial order \(\le \) is diamond-free if for all abcd: if \(a \le b \le d\) and \(a \le c \le d\) then \(b \le c\) or \(c \le b\). In a finite diamond-free partial order, for every pair (ab) with \(a < b\) there is a unique sequence \(c_1,\ldots ,c_n\) for some \(n \ge 0\) s.t. \((a,c_1), (c_n,b)\) and \((c_i,c_{i+1})\) for \(i=1,\ldots ,n-1\) are all elementary.

In a diamond-free elementary scheme, all derivable non-elementary statements can be traced back to applications of the transitivity rule \((\textsf{T})\). Moreover, in any normalisation of a diamond-free elementary scheme obtained as in Lemma 1, all non-elementary statements can be traced back to an application of rule \((\textsf{T})\).

Lemma 4

(Decomposition Lemma). Let \(\mathcal {C}\) be an elementary scheme over a diamond-free partial order and \(\mathcal {C}^*\) be a normalisation of \(\mathcal {C}\) obtained via Lemma 1. Suppose such that (ac) is non-elementary. Then there is b with \(a< b < c\) and and \(S'_1,\dotsc ,S'_n\) such that \(S, S'_1,\dotsc ,S'_n \in \mathcal {C}^*\), joining \(S'_1,\dotsc ,S'_n\) via \((\textsf{J})\) yields , and \(q = q_1 \otimes q_2\), \(I_1 \subseteq I_2\).

The key ingredients are that all non-elementary statements in \(\mathcal {C}^*\) are derivable in \(\mathcal {C}\), and the fact that \(\mathcal {C}^*\) is normalised, whence a derivation of T in \(\mathcal {C}\) can be used to generate a derivation of T in \(\mathcal {C}^*\). Note that w.l.o.g. we can assume that \(I_1 = I_2\) in the above lemma.

Now let \(\mathcal {C}\) be an elementary diamond-free scheme. We observe that any influence experiment that satisfies all statements in \(\mathcal {C}\) on elementary relations automatically satisfies all derivable statements on non-elementary relations due to correctness of the rules in the calculus of influence, in particular their observance of the coherence principle. This yields the following.

Lemma 5

(Sufficiency Lemma). Let \(\mathcal {C}\) be an elementary and diamond-free scheme, and let \(\mathcal {C}^*\) be a normalisation of \(\mathcal {C}\) obtained via Lemma 1. Then any influence experiment that satisfies all elementary statements in \(\mathcal {C}^*\) satisfies all statements of \(\mathcal {C}^*\).

The next lemma then contains the heart of the completeness proof. It shows how to construct counterexamples, in the form of specific influence experiments, for normalised schemes and hypotheses that appear to state something different to what is contained in the normalised scheme.

Lemma 6

(Counterexample Lemma). Let \(\mathcal {C}\) be a consistent, elementary scheme over a diamond-free partial order and \(\mathcal {C}^*\) be a normalisation of \(\mathcal {C}\) obtained via Lemma 1. Let \(a,b \in \mathcal {V}\) s.t. \(a < b\) and

figure ai

Let . If one of the following conditions holds, then there is an influence experiment \(\mathcal {F}\) s.t. \(\mathcal {F}\models \mathcal {C}^*\) but \(\mathcal {F}\not \models H\).

  1. a)

    \(x_0 < x_1\) or \(y_0 > x_{n+1}\).

  2. b)

    (i) \(\bigcup _{h=i}^j [l_h,u_h] \not \subseteq [l,u]\) or (ii) \(\sup _\preceq (q_i,\dotsc ,q_j) \not \preceq q\) holds, where i and j are the (necessarily unique) indices s.t. \(x_0 \in [x_i,x_{i+1}]\) and \(y_0 \in [x_j,x_{j+1}]\).

Proof

(Sketch) We give a high-level, intuitive idea of the construction. If (ab) is elementary, it suffices to find an \(\mathcal {F}_{a,b}\) such that \(\mathcal {F}_{a,b} \models \mathcal {C}^*_{a,b}\) but \(\mathcal {F}_{a,b} \not \models J\). The functions for the other elementary relations can be interpreted in an arbitrary fashion such that \(\mathcal {F}_{c,d}\) satisfies \(\mathcal {C}^*_{c,d}\) for all (cd). This is always possible since \(\mathcal {C}\), and hence \(\mathcal {C}^*\) is consistent. The interpretations of the non-elementary relations are then obtained automatically via the coherence principle; note that this always satisfies any statements on the respective non-elementary relations due to Lemma 5.

Case (a) is the simpler one. Here, \([x_0,y_0] \subsetneq [x_1,x_{n+1}]\). Hence, it suffices to construct an experiment \(\mathcal {F}\) s.t. \( dom (\mathcal {F}_{a,b}) = [x_1,x_{n+1}]\), whence \(\mathcal {F}\not \models H\). We need to ensure \(\mathcal {F}\models \mathcal {C}\) by simply truncating the domain of any influence experiment that satisfies \(\mathcal {C}\). Such an experiment exists since \(\mathcal {C}\) is consistent.

For case (b), H disagrees with the statements in \(\mathcal {C}^*_{a,b}\) in at least one of two ways: (i) it restricts the values of an experiment at some point x more than the unique statement \(T_i\) in the sequence in \(\mathcal {C}^*_{a,b}\) covering x does. Then we pick a value y that is covered by the vertical interval in \(T_i\) but not in H, use Lemma 2 (a) to obtain a connector that runs through this point (xy) and extend it to an influence using Lemma 3 to ensure \(\mathcal {F}\models \mathcal {C}\) but \(\mathcal {F}\not \models H\). Or (ii) the behaviour stated in H is strictly stronger than those in the corresponding statements in \(\mathcal {C}^*_{a,b}\). Then we obtain a strict connector for these statements using Lemma 2 (d) and extend it accordingly using Lemma 3. Strictness ensures that the influence \(\mathcal {F}_{a,b}\) has the behaviours required by \(\mathcal {C}^*\) but not by H, hence \(\mathcal {F}\not \models H\) as well.

If (ab) is not elementary, by the decomposition lemma (Lemma 4) there is a sequence \(a = c_1,\ldots ,c_n = b\) of elementary relations and a sequence \(S_1,\ldots ,S_{n-1}\) of statements derivable in \(\mathcal {C}^*\) that satisfy the requirements of Lemma 4. We omit case (a). If we are in case (b) (i), again we pick a point (xy) not covered by H, but by the statements in \(\mathcal {C}^*_{a,b}\). We then generate a sequence of points \((x_i, y_i)\) for \(i\le n\) such that \(x = x_1\) and \(y_i = x_{i+1}\) for all \(i < n\) and \(y_n = y\). It then suffices to invoke Lemma 2 (a) and Lemma 3 to complete the individual relations \(\mathcal {F}_{c_i, c_{i+1}}\) such that they go through the point \((x_i, y_i)\).

For the case (b) (ii), it suffices to build interpretations of the \(\mathcal {F}_{c_i,c_{i+1}}\) that are strict w.r.t. \(S_i\). However, for \(i>1\), the statement \(T_i\) might not exist in \(\mathcal {C}^*\), but may only be derivable via \((\textsf{J})\). We use Lemma 2 (d) to obtain a strict, range-covering connector for the sequence of statements that derive \(S_i\) and, again, use Lemma 3 to complete it into an influence for \(\mathcal {F}_{c_i,c_{i+1}}\). Since these connectors are range-covering, we obtain a strict interpretation for \(\mathcal {F}_{a,b}\) from these intermediate \(\mathcal {F}_{c_i, c_{i+1}}\), which is the desired contradiction.    \(\square \)

Theorem 2

(Completeness for Elementary Diamond-Free Schemes).

The calculus of influence is complete for the class of consistent and elementary schemes over diamond-free partial orders, and arbitrary hypotheses.

Proof

Let \(\mathcal {C}\) be consistent and elementary, its underlying partial order \(\le \) be diamond-free. Let \(\mathcal {C}^*\) be a normalisation of \(\mathcal {C}\) obtained via Lemma 1. Hence, \(\mathcal {C}^*\) is also consistent. Let s.t. \(a < b\) and suppose that

figure al

Moreover, by Lemma 1 we have \(\mathcal {C}\vdash T_i\) for all \(i=1,\ldots ,n\).

If \(x<x_1\) or \(y>x_{n+1}\) then Lemma 6 (a) would yield a contradiction to the assumption that \(\mathcal {C}^* \models H\). Thus, there are i and j s.t. \(x \in [x_i,x_{i+1}]\) and \(y \in [x_j,x_{j+1}]\). Now we must have \(\bigcup _{h=i}^j I_h \subseteq I\) and \(\sup _\preceq (q_i,\dotsc ,q_j) \preceq q\) for otherwise Lemma 6 (b) would yield a contradiction to the assumption that \(\mathcal {C}^* \models H\).

Let . By repeated applications of rule \((\textsf{J})\), T is provable from \(T_i,\ldots ,T_j\), whence \(\mathcal {C}\vdash T\). Moreover, H is provable from T by at most one application of rule \((\textsf{I}^-)\) and \((\textsf{Q}^-)\) each. So \(\mathcal {C}\vdash H\) as well.    \(\square \)

The completeness proof shows that for any consistent scheme there is always a satisfying experiment that is comprised of stepwise linear functions. One may argue that this does not capture the heart of functional behaviour in natural sciences. It is possible, though, to require influences not only to be continuous but even differentiable (on their domains). To fulfil this requirement, one could simply use splines of order 3 in the proof of Lemma 2 with their first derivative being 0 at the left and right edges of each rectangle.

5 Proof Search and Empirical Results

We observe that the consequence relation \(\vdash \) between influence schemes and hypotheses is in fact polynomial-time decidable, using a bottom-up approach.

Theorem 3

The problem of deciding, given a scheme \(\mathcal {C}\) and a hypothesis H, whether or not \(\mathcal {C}\vdash H\) holds, is decidable in time \(|\mathcal {C}|^{\mathcal {O}(1)}\).

Proof

A close inspection of the proof rules shows that rule \((\textsf{I}^-)\) can always be pushed downwards in a proof and successive applications of it can be shortened to a single one, s.t. \(C \vdash H\) iff there is some \(H'\) which is provable from \(\mathcal {C}\) without using rule \((\textsf{I}^-)\), but H can be derived from \(H'\) by a single application of \((\textsf{I}^-)\).

Next we observe that all rules except \((\textsf{I}^-)\) have the following property: the bounds of domain and range of the conclusion are bounds of the domain or range of some premise. This guarantees termination of a simple bottom-up procedure for proof search: saturate \(\mathcal {C}\) by applications of all rules other than \((\textsf{I}^-)\). The number of different statements created this way is bounded by \(4 \cdot v^2 \cdot b^4 = \mathcal {O}(|\mathcal {C}|^6)\) where v is the number of variables occurring in \(\mathcal {C}\), and b is the number of different interval bounds occurring in it. For each of these statements, check whether H can be derived using \((\textsf{I}^-)\). This can be done in time polynomial in \(|\mathcal {C}|\).   \(\square \)

An implementation of a proof search tool, written in Python, is publicly available.Footnote 1 The repository also contains formalisations of some influence schemes and examples of statements whose derivability can be checked using the tool. A deeper look at the implementation details is beyond the scope of this paper and deferred for space considerations. It uses a more sophisticated top-down proof search that constructs only the relevant part of the normalisation of a scheme, i.e. only “around” those statements that can occur in a proof for the given hypothesis H. This can not only contain statements about other variables due to rule \((\textsf{T})\) but also statements further away from H because rules \((\textsf{L}^+_{\mathop {\nearrow }})\)\((\textsf{R}^+_{\mathop {\searrow }})\) can transmit requirements on underlying influence experiments along the horizontal axis.

6 Conclusion

We presented a simple language for statements about the behaviour of functions in a collection that can be interpreted as a way that different entities influence one another. We gave it a formal semantics and devised a proof calculus to characterise the (uncountable) notion of logical consequence that is generally sound and complete for a large class of schemes that covers typical cases occurring in the formal modelling of experimental setups from natural science classes.

It remains to be seen whether the calculus can be extended logically (by further rules for instance) to completely capture a larger class of influence schemes.

Future work will also comprise a number of extensions of the calculus for the purpose of obtaining higher expressiveness. Some experimental setups are inherently temporal in the sense that the influence which a asserts on b depends on a value range of a and a point in time, as in “Yeast grows at temperatures between 15 and 40\(^\circ \)during the next five minutes.” We have made a proposal to incorporate time in [4]. It also incorporates the ability to make refined assertions about the behaviour of an influence, as in “Voltage increase is at most \(65.4~V msec ^{-1}\).” This replaces the abstract behaviours \(\mathop {\nearrow }\) etc. by intervals like [0, 65.4], and the geometric interpretation of a statement becomes a trapezoid.

Formal statements could also include a third interval denoting time points, and influence experiments become collections of binary real-valued functions which interpret cuboids in three-dimensional real spaces. This would also be an approach to model the combined effect of several variables on another variable, even if the modeling of time as a special variable is not desired.