validation and verification of decision making rules

Download PDF
0 downloads 0 Views 4MB Size Report
Comment
A methodolggy for ttre validation and verification (V&V) of decision making rules ... The decision making process that an organization carries out can often be ...
May 1995

G M U / C 3 1 -1 5 7 - P

VALIDATION AND VERIFICATION OF DECISION MAKING RULES-

Abbas K. Zaidr Alexander H. Levis

ABSTRACT A methodolggy for ttrevalidationandverification(V&V) of decisionmakingrules is proposed. The methodologyaddressesthe general problem of deiecting problematiccasesin a setof rules. The rules areexpressed as statements in formal logic.Thedefinitionof decisionrulesin formal logic makesthe problemgeneralin tems of applicationdomains,and also providesan analytical-base foi defining gryors.lhe lpprgach is basedon viewing a rule base as an organizationoT informationthatflows from oneprocess(rule)to another.SincePetri-Netsprovide a powerful modeling and analysis tool for information flow sffucturbs,tlre methodologytransformsa set of decisionrules into an equivalentPeri Net representation. The static anddynamicpropertiesof ttre graph are shown to reveal patternsof Petri Net structuresthatcorrespondto the problematiccases.The tools presented andtechniqu-es in this paperare basedon theory and are supportedby softwaretools..

C3I Center GeorgeMason University Fairfax, Virginia 22066

.

Theresearchwasconductedwith supportprovidedby theOffice of Naval Researchundercontractnumbers N00014-90-J-1680 andN00014-93-1-0912. Paperto appearin Automntica,Vol. 33, No. 2, February1997.

VALIDATION AND VERIFICATION OF DECISION MAKING RULESX Abbas K. Zaidi** Alexander H. Levis** ABSTRACT A methodologyfor the validation and verification of decisionmaking rules is presented. The methodologyaddressesthe generalproblem of detectingproblematiccasesin a set of rules expressedas statementsin formal logic. This representationof the decision rules makesthe problem general in terms of applicationdomains, and also provides an analytical basefor defining errors.The approachis basedon viewing a rule base as an organizationof information that flows from one process(rule) to another. The key step in the methodology is the transformationofthe set of decision rules into an equivalent Petri Net. The static and dynamic properties of the resulting Petri Net are shown to reveal patternsof structuresthat correspond to the problematic cases. The techniques presentedin this paper are basedon theory and are supportedby software tools. Keywords:DecisionMaking, Rule-basedSystems,Petri Nets Running Title: V&V of Rule Bases l.INTRODUCTION The decision making process that an organizationcarries out can often be representedby a set of rules. An example of such an organizationcould be one that obtains inputs from a set of sensors, identifies a task based on these inputs and, on the basis of attributes of the task, determinesa response. The set of decision rules may have been derived from a theory (normative or prescriptive) or they may have been obtained from empirical studies (descriptive) including knowledge elicitation from domain experts. The problem of dynamic task allocation in team decision making requiresthe partitioning of theserules acrossthe individual decision makers in the organization.The mannerin which theserules are obtainedand the processof partitioning the rule base across decision making entities (human and machine) can introduce inconsistencies, incompleteness,redundancies,as well as problems in coordination. Consequently,there is a clear need for the Validation and Verification (V&V) of rule bases. The following example illustrates theseissues. *

This work was supportedby the Office of Naval Researchunder contract no. N0fi)14 -g3-l-0912.

*r'

School of Information Technology and Engineering, George Mason University, Fairfax, VA 22030. The correspondingauthor is A. H. Levis. This paper was presentedat the 6th IFAC^FIP/IFORS/IEA Symposium on Analysis, Design and Evaluation of Man-Machine Systems, MIT, Cambridge, MA, USA, June 27-29, 1995. It will appear in Automatica in the Februarv. 1997 issue.

A generic naval Tactical Command Center (TCC) (Levis et al., 1995) provides an example of an organizationwhere severaldecisionmakersare requiredto make certaindecisionsbefore an overall response of the system can be executed. Suppose the following five decision makers, with correspondingresponsibilities,constitutea hypotheticalTCC (Table 1).

Table1.Responsibilities of DecisionMakers Decision Maker Kadar uperator, KU

Responsibilities Monitors air and surfacethreats

SonarUperator,SU Anti-Air WarfareCommander AAWC

Morutorssurtaceanclsubsurlace threats uontrolsmlssllesagamstar andsurtace threats Antl-sub/surtace w artarecommander Controlsdepth-charges, andtorpedoesagainst ASWC surfaceandsubsurface threats uommancer Receivesdatafrom RO andSO,andsends CC commands to AAWC andASWC The organizationreceives sensoryinputsfrom a radarand a sonarsensor,and non-sensoryinputs from certaindatabases and intelligencereports/updates. The following alphabetsrepresentthese sourcesof inputs. Radar: {rl, 12, 13}, Database: {db1, db2, ...},

{pl, p2, p3l Intel:{intell,intel2,...} Sonar:

The decisionprocessof TCC canbe modeledas a set of rules that mapscombinationsof these inputsto theoutputresponses. Output:{Fire-SSM,Fire-SAM,Fire-Torpedo, Fire-Depth-Charge, No-Action,...} The followingis anexampleof a decisionrulethatcouldapplyduringa trainingexercise(much morecomplexrulesapplyin peacetime) : (R/) IF theinputfrom radaris rl and the input from sonarsensoris p2 and theintelligence updateis intel4 and thedatabase informationis db2 THEN the incomingobjectis anenemyvessel and Fire Torpedo The task allocation requiresthat rule R1 be assignedto a decisionmaker who not only has accessto all the inputs of R1 but should also has the capability to carry out the output response-fire torpedo. The rule requires four inputs: 11 and p2 are sensory information from RO and SO, v

2

)

respectively, while intel4 and db2 are inputs availableonly to the commander(CC). On the other hand, the output response 'Fire-Torpedo' can only be carried out by the ASWC. In the TCC organization,where different decisionmakershave accessto different information sourcesand can executedifferent responses,a rule like R1 can not be assignedto a single decision maker. Instead, R1 has to be decomposedinto severalsmallerrule sets with the samecumulative effect as R/, and then each smaller rule set is assigned to a different decision. A possible decomposition and assignmentof R1 is as follows: (Ruleassignedto RO)

(Rl,)

IF the input from radaris rl THEN the assessedinformation R1 sentto the CC (Rlr)

(Rule assignedto SO)

IF the input from sonarsensoris p2 THEN the assessedinformationP2 sentto the CC (R1r) (Rule assignedto CC) IF and and and THEN and (RI )

assessedinformation from RO is Rl assessedinformation from SO is P2 the intelligenceupdateis intel4 the databaseinformation is db2 the incoming object is an enemyvessel ASWC is commandedto attack

(RuIe assignedto ASWC)

IF ASWC is commandedto attack THEN Fire Torpedo In this illustrative example, the decompositionof R1 adds severalnew rules to the organization's rule base. These added rules do not affect the functionality of the decision process, instead, they facilitate the team decisionmaking by incorporatingthe coordination requirementsamong the team members. (One can also think of decompositionas the process where a complex and difficult problem is solved by solving several smaller and easier problems.) Although the decomposition presentedseemsfeasible,it has introduceda potential sourceof enor in the organization's decision process: consider the decompositionof another similar rule, and a consequent addition of the following two more rules to the rule base. (R2r) (Rule assignedto CC) IF and and and v

assessedinformation from RO is R2 assessedinformation from SO is P3 the intelligenceupdateis intel4 the databaseinformation is db3 2

3

THEN the incoming object is an enemy submarine and ASWC is commandedto attack (R2o) (Rule assigned to ASWC) IF ASWC is commandedto attack THEN Fire Depth-Charge

The potential error introduced as a result now becomesapparentsince the two rules RI o and R2n pose an ambiguity to the ASWC as to what weapon system to fire once a command-to-attackis receivedfrom the CC. The sourceof error is the incompleteinformation conveyedto the ASWC by the CC. This example illustrates how a rule which is not effoneous, may suddenly become incomplete, ambiguous, and/or inconsistent in the presence of other rules. In a TCC such effoneous cases may result in the execution of the wrong response with possibly catastrophic consequences,i.e., friendly fire, firing wrong weapon, no action against a threat, etc.. More generally, even if the physical and coordination structures of an organization are feasible, the presenceof such problems in the set of rules assignedto decisionmaking entitiescan result in poor performanceand unreliable systemresponse. Severaltechniquesand methodsfor the validation and verification of rule baseshave been reported in the literature, especially by the Expert Systems (ES) community. Ire and O'Keete (1994) classifiedrecently developedV&V tools and techniquesinto severalcategoriesdependingupon the approach taken, i.e., analytical modeling, human support, running of test cases against set standards,etc.. However, a majority of the V&V tools are basedon running test casesthrough a system and comparingresults againstknown results or expert opinion. (O'Keefe et al., 1987) Examples of this simple approachrange from MYCIN's early validation (Yu et al., 1979) to the recently reported validation tool SAVES (Smith and Kandel, 1993). On the other hand, a very small number of reported validation techniques are available that use quantitative validation (Lehner, 1989; Smith and Kandel, 1993). The quantitative validation approach uses statistical methodsto compareexpert system'sperformanceagainsteither test casesor human expert. In addition to theseapproaches,a number of researchershave proposed severaltools that verify a system'scorrectness(defined differently for different systems)by detectingand identifying logical and structural errors hidden in the expert system. A number of techniques are based on transforming the elements of an expert system into another analytically sound domain, i.e., Predicate/Transitionnets (Zisman, 1978; Giordana and Saitta, 19851'Zhang and Nguyen, 1989, 1992;Lirl and Dillon, 1991:Agarwal and Tanniru, 1992),graph models (Lim et al., 1986; Wilkins and Buchanan1986),decisiontablesand dependencycharts(Cragunand Steudel,1987;Nguyen et al.,1987), KB-reduction (Ginsberg,1988), Booleantechniques(Charlesand Dubois, 1991), etc. v

2

4

The mathematicaltools available for the domain are then applied to this transformed expert system to uncover hidden erroneousand problematiccases.In addition, a number of other V&V tools and techniquesare also reported(Davis, 1976; van Melle, 1981; Suwa et al., 1985; Stachowitzand Comb, 1987;Stickel, 1988;Ayel and Laurent,1991;De Raedtet al., 1991; Smith and Kandel, 1993) in the literature. However, all the reported cases have at least one of the following weaknesses: a) Based on running test cases; b) Restricted in terms of implementation, representation of rules, types of problems handled, and constraining requirements for the applicability of the approach;c) Errors defined betweenpairs of rules or among rules in a subset of the entire rule base;d) combinatorialenumerationrequiredto solve problems. Boehm (1984), ke and O'Keefe (1994), and Zudi (1994) providedcondensedbibliographiesof the relatedwork in verification and validation of expert systems.A collection of some of the recent approachesin V&V of expert systemsis compiled in (Gupta, 1991;and Ayel and Laurent, l99l). A new approachto the generalproblem of detectingproblematicand erroneous cases in a set of rules is proposedthat overcomesthe limitations of the existing methods.The methodology requires that the rules be expressedas statementsin formal logic. An algorithm is then used to transform these conditional statementsto an equivalentPetri Net (PN) representation.The transformation is based on a mapping between the logical operationsof conjunction (n), disjunction (v), and implication and the notions of synchronization,concuffency,choice, etc., of Petri Net theory. This visualization of a rule base in terms of an organizationof interactingprocessesopens a wealth of analytical tools and techniquesthat have been developedby researchersand system analysts to perform structural and dynamic analyseson PNs. Once a rule base is transformed into a PN, the solution to the problem becomesa direct applicationof these analyticaltools of Petri Net theory. The V&V of the rule base is done first by exploiting the structural properties of the Petri Net representationand then by constructing the Occurrence Graph directly from the Petri Net representation. In the next section, the problem of task allocationis presentedby first considering a hierarchical organizationof five Decision Makers (DM).An initially "correct" rule baseis then decomposedand partitioned so that the rules can be assignedto the individual DMs. The type of problems that can find their way into the decomposedrule base are introduced in the following section. The decomposedrule baseis then checkedfor inconsistencies,incompleteness,and redundanciesby the proposedmethodology.The Petri Net transformationof the rule baseis presentedin Section4. The resultsof the static and dynamic analysesperformedon the Petri Net representationare presentedin Sections5 and 6, respectively.

v2

2. PROBLEM DEFINITION The example set of organizationaldecision rules illustrated in this section was motivated by the "MessagePuzzleTask (MPT)" of Wessonand Hayes-Roth(1980).The MPT involved a game-like environment in which words and phrasesmove about in a two-dimensional grid that resemblesa puzzle board. A group of players,each of whom can see a portion of the grid, must communicate among themselvesto identify the moving items and eventually solve the puzzle.In the illustration presentedin this section, a 4x3 grid (consisting of 12 cells) representingthe puzzle board is considered(Fig. 1). Contrary to the MPT experiment,the messageson the grid do not move but appear on certain cells in the grid. The messagesconsist of letters from an input alphabet of integers, where each integer representsan event. Based on the appearanceof these messagesin certain cells, the set of rules infers a sequenceof eventsout of a possible three sequencesin which theseeventscan occur.

Fig. I An Instanceof the Grid The set of all eventsis given as: E = {1, 2, 3, 4, 5,6}, where each integerrepresentsthe occurence of an event.The appearanceof an integer (from set E) in one of the cells of the grid is considered as the basic input to the set of decision rules. The following 12 basic inputs are

identified:

u - {Pl, P2,P3,...,PIzl

(l)

wherethe propositionsymbolsP1-Pl2 representthe following informationfrom the grid: Pl: Integer I in Sector1 P2: Integer 2 in Sector2 P3: Integer3 in Sector3 P4: Integer I in Sector4 P5: Integer2 in Sector5 P6: Integer3 in Sector6 P'7: Integer4 in Sector7 P8: Integer4 in Sector8 P9: Integer5 in Sector9 Pl0: Integer6 in Sector10 P11: Integer5 in Sector11 P12: Integer6 in Sector12 Based on these inputs, the rule base RB1 tries to interpret the inputs in terms of three possible outcomes(sequenceof events),which are characterizedas the main conceptsof the rule base: v

2

6

Y = {A,8,C}

(2)

where A Sequence of Eventsis 4, 5, 6,3,2, I B : S e qu e n ce o f E ve n ts i s 1 ,2 ,3 ,4, 5,6 C: Sequence of Eventsis 6, 5, 4,3,2, I Rule Base, RBI Rulel: Rule2: Rule3: Rule4: Rule5: Rule6: Rule7: Rule8: Rule9: RulelO: Rulel1:

Pl nP2nP3+Q1 Pl nP2nP6nP7+R2 P4nP5+Q3 P3nQ3+R3 P4nP5nP9nPl2+R3 R2nR4-+C P7nP9nP10+Q2 R3nRl nP8nP9-+A P 8 n P l 1 n P 1 2 +R 4 Ql nQ2+B P 6 n P 7 +R l

where of Eventsis 1,2, 3 Q 1: PartialSequence of Eventsis 4, 5, 6 Q2: PartialSequence of Eventsis 2, I Q3: PartialSequence Rl: PartialSequence of Eventsis 4,3 R2: PartialSequence of Eventsis 4,3,2, 1 R3: PartialSequence of Eventsis3,2, I R4: PartialSequence of Eventsis 6, 5 The objectiveof theorganization designproblemis to decompose RBl into five (possiblydisjoint) setsof rules, whereeachset can be assignedto a decisionmaker (DM) in the organizational hierarchypresentedin Fig. 2, which also shows the possibleinteractionsamongDMs. It is assumedthat the physicalarchitecture providestheseDMs with the meansto of the organization communicate with erch otherwheneverrequiredby therules.At first, thedecomposition of therule baseis donein avertical manner(Mesarovicet al., 1970);the decisionrules aredecomposed into threelayersof sub-rulesof increasingcomplexity.In the decomposed rule baseRB2 rules of the form "Ri nRj n ...+ -" represent the rulesassigned to DMl. The Ri's represent the responses of the lower level decisionmakerscommunicated to DMl. Similarly,the set of rules definedat the v

2

j

intermediatelayer is assignedto DM2, where the rules are of the form "QinQin...+_'r.

Finally,

the set of rules at the lowest layer of the rule base is further decomposedhorizontal/y (partitioned) into three setsand is assignedto three decision makers, DM3, DM4, DM5, where the rules are of the form

"PinPj A...--) -". The decompositionof the original rule base is done by taking into

accountthe fact that the set of basicconceptsU can be divided into the following three subsets(not necessarily disjoint), where each set represents information from a different sector (area of awareness)assignedto a decisionmaker (DM3, DM5, and DM4 respectively).

U t = { P l, P 2 , P 3 P , 4 ,P 5 } UZ = { P6 ,P 7 ,P 8 ,P 9 ,P l 0 } U: - { P8 ,P 9 ,P 1 0 ,P l l ,P l z}

(3) Level0

Level 1

Level 2

Fig. 2 Organizational Hierarchy The rules in RB2 correspondto the decomposition of the following rules rn RBI: Rule2, Rule3, and Rule4in RB2 correspondto the decomposition performedon Rule2 of RBI; Rule6, Rule7, andRuleSin RB2represent decomposition of Rule4of RBI1, Rule8,Rule9,Rule10,andRule11in RB2 conespond to Rule5of RBI: Rulel4, Rulel5, Rulel6, and Rulel7 in RB2 conespondto Rule8of RBI; Rulel8,Rulel9,andRule2Oin RB2represent decomposition of Rulegof RBl; and finally,Rule2l andRule22of RB2correspond to RulelOof RBI. The restof the rulesareleft as theywere;Rule1,Rule5,Rule12,Rule13,andRule23in RB2correspond to Rule1,.Rule3, Rule6, Rule7,andRulel I in RBl, respectively. From now on, anyreferenceto therulesimpliestherulesin RB2unlessotherwisestated. Rule Base, RB2 v

2

8

Rulel: Rule2: Rule3: Rule4: Rule5: Rule6: Rule7: RuleS: Rule9: Rule10: Rulel1: Rule12: Rulel3: Rule14: Rulel5: Rulel6: Rule17: Rule18: Rulel9: Rule2O: Rule2l: Rule22: Rule23:

P1nP2nP3+Ql P1nP2+-Q1 P6nP7-+Q4 -Q1 n Q4 +R 2 P4nP5+Q3 P3-+Q10 Q10nQ3+R3 P4nP5+Q3 P9nPl2+Q5 P9+Q6 Q3nQ5+R3 R2nR4+C P7nP9nPl0+Q2 P8nP9+Q5 R l n R 3 +Q3 Q3nQ5+R5 R5+A Pl1nP12+Q2 P8+Q8 @nQ8+R4 Ql nQ2+R6 R6-+B P6nP7+Rl

where of Eventsis 4, 3 Q4: PartialSequence of Eventsis 5, 6 Q5: PartialSequence Q6: P9 Observed Q8:P8Observed Ql0: P3 Observed R5: Sequence of Eventsis 4, 5, 6,3,2, I R6: Sequence of Eventsis l, 2,3,4, 5,6 For illustrationpurposes,the following two sets of mutuallyexclusivepropositionsare also defined: p 1 = { P 8 ,P 1 0 } p 2 = { Rl , R 5 }

v2

(4)

The decompositionprocessby no meansensuresthe fact that the addition of new rules representing the replacedones has not introducedeffors. The effect of thesenew rules on the rest of the rule basecan not be determinedunlessthey are checkedagainstthe entire set of rules. This is where the methodology for the detectionof problematic and effoneous cases is needed:one started with a correct rule base, decomposedit and assigneddifferent rules to different decision makers in the organization, and as part of this process the resulting rule base no longer holds the property of being correct (at leastit can not be claimed as correct.). Since problematiccasesmay involve rules acrossrules assignedto individual DMs, the rule baseRB2 is consideredas a whole.

3. PROBLEMATICCASES A descriptionof problematicanderroneous casesthatneedto be identifiedin a setof decisionrules is presented in this section.Formaldescriptions of thenotionsof incompleteness, inconsistency, andredundancy aregiven. 3.1Redundant Rules Redundancy in a rule baserefersto thepresence of multiplecopiesof thesamerule or the presence of setsof ruleswhichhavethe sameeffect(output)wheninitiated. A trivial exampleof redundant rulesis givenbelow. The two rulesareidenticalexceptfor the fact that their predicates in the antecedent areaffangeddifferently,makingit difficult to identify such casesby directinspection or pattemmatching. (pl ^ p2 +A) (p2 n pl +A) Anothernon trivial exampleof redundantcasesis presentedbelow where the last three rules togetherhavethe sameeffectasthefirst one.Suchcasesareverydifficult to detectespeciallywhen theserulesarespreadout in a largerule base. ( q l n q 2 n q 3 n q 4 +A ) (ql ^ q2 +pl) (q3 ,..q4 + p2) (pl ^ p2 +A) 3.2Subsumed Rules

v2

l0

A rule base may contain two rules with identicalconclusions where the antecedentconditions of one rule are a subsetof the antecedentconditions of another. The first rule is said to subsumethe secondrule, since all the casescoveredby the second rule are already covered by the first one. Following is an exampleof sucha case. Considerthe following two rules: (pl -+ A) (pl n p2 -+ A) The first rule subsumesthe secondone and makesit inactive. The definition of subsumedrules can be extendedto two setsof rules whereone setof rules subsumesthe other. 3.3 Inconsistent(Conflicting) Rules Definition Consistency(Zhang& Nquyen, 1989) A rule base is defined to be consistentif and only if there is no way of reaching contradictory assertionsfromvalid input data. A number of inconsistent cases have been reported in the literature (Nguyen et al., 1981: Stachowitzand Combs, 1987;Zhangand Nguyen, 1989, 1992).However, in this paper, only the conflictingrules areconsideredas inconsistent.In somereferences(Suwa et al., 1982; Nguyen et al.,1987;Zhang and Nguyen, 1989, 1992),subsumedand redundantrules are also consideredas inconsistent.The following threecasesof inconsistentrulesareconsidered: CaseI: Direct Contradiction A set of rules is inconsistentif, by applying theserules, one could reach from a predicatep an assertionq, wherep and q belongto a setof mutually exclusivepredicates. In this illustration a set of mutually exclusive predicates is denoted by p. A generalized representation of suchan inconsistencyis:

(a -+ 0)

wherea,9ep

(s)

The set p can be defined syntactically,i.e., F = -61, or semanticallyby an expert. This definition of the set p makesinconsistencya more stringentproblem than the one in formal logic. (Ginsberg, 1990) Example vz ll

(ql ,. q2 + pl) (q3 ^ q4 +p2) (pl ^ p2 +--q1) CaseII: Contradictionin Conclusion Rulesareconflictingif theirantecedents arethesame,but theconclusions aremutuallyexclusive.A generalized representation of sucha caseis shownbelow: (a+F) (c + t)

where0, t.

p

(6)

Example ( p l n p 2 +p 3 ) (p3np4+A) (pl^p2np4+--.A) CaseIII: Contradictionin Input Rules are conflictingif an assertioncan be madethrough conflictingpremises.The following expression presentsthecase:

(crnB+t)

wherea,9ep

(7)

Example (pl ^ p2 +p3) (p3n-'pl+A)

Onefinal noteis thatthe semantically definedmutuallyexclusiveconceptscannot be identifiedby the systemunlessspecifiedexplicitlyby theuser. 3.4CircularRules This problemrefersto the caseof circulararguments.The following exampleillustratesthe cases thatareconsidered circular. Example v

2

n

(pl -+ p2) (p2 -+ p3) ( p 3 -+ p l ) Circularrulesmayresultin aninfiniteexecutionof rulesunlessan exit conditionis alsoprovided. Anothercaseof circularrulesis sivenasfollows: (pl +p2 ^ p3) (p2 n p4 -+ p5) (p3 n p5 -+ p4) In casepl is givenas the input, the abovesetof rulesresultsin a situationwherethe secondrule p4 is obtainedthroughtheexecutionof thethird rule,which in turn cannot executeunlessassertion requiresexecutionof the secondrule for theinputconditionp5 - a deadlocked situation. 3.5Incompleteness (Levesque, Definition Incompleterzess 1984) A knowledgebaseis incomplete whenit doesnot havethe informationnecessary to answera question(appropriately)of interestto thesystem. The following two typesof incompleteness arereportedin theliterature(Zhang& Nguyen,1992). A . Ruleswith AmbiguousConditions(Ambiguous Rules) A rule baseis incompleteif, given a valid input, the systemcan not interpretit in terms of applicableconditionsin orderto arrive at a conclusion.A causeof such incompleteness is the presence of at leastone complexconceptin the premisewhich cannot be explainedor definedin termsof thebasicconcepts, U. (A n pl +R) A is not the basic concept and there exist no rules that explain the assertion A in terms of basic concepts,i.e., p2, p3 + A , wherep2, p3 e U.

B. Rules with UselessConclusions (UselessRules) The main conceptof a rule base can consist of a number of decision attributesthat are derived by the rules. Given an input, if the conclusion derived is not the main concept or some or all of its attributes can not be concluded from the rule base, the set of rules applicable to this input is incomplete.The main conceptis domain dependentand requiresexplicit definition. v2 13

(pl ^ p2 -+ R) R is not the main concept and there is no rule going from R to an assertionct, where cr e Y. C. Isolated Rules A rule is an isolatedrule if and only if ' All the propositions in its premise are complex conceptsthat can not be explained in terms of the basicconcepts,U, and ' its conclusionR is neither the main conceptnor thereexist(s)rule(s) taking R to an assertioncr where a e Y. 4. PETRI NET REPRESENTATION OF RULES An individual rule of the form "Pl nP2 ... nPn+Q" is transformedto a PN with a single transition with n input places, each representing a single input proposition Pi, and an output place representingthe assertion Q (For a general and more detailed description of this technique, see Zaidi, 1994).The labelsof the placesand transitionscorrespondto the propositions and rules they represent.The rule of inferenceis implementedby the executionmechanismof PN theory. A token in a place representsthe truth assignmentof a proposition. If all the places in the preset of a transition representingthe premise of a rule being satisfied are marked, the rule (transition) is enabledand can execute(fire) making all the consequents(output places)valid (marked).The entire set of decision rules is then obtainedby unifiing all the individual rules. The processrepresentsthe causal relationship among the rules and the facts of the knowledge base. This method unifies the rules by merging all the places with identical labels (proposition symbols) into a single place. The PN obtained as a result of applying this techniqueto KB2 is shown in Fig. 3 where the basic inputs and main conceptsdefined for the rule base are shown aggregatedinto virnml inputs and outputs, Pin and Psu1,with transitionsTin and T6ut, respectively.The parts of the net in the figure that are drawn by a broken line representthis aggregationand do not representany rule in the rule base.

v2

l4

Fig. 3 Petri Net Representationof the Rule Base It can be observed in Fig. 3 that the Petri Net representationof a rule base does not provide an explicit relation betweena predicatep and its negation-p. This lack of syntacticrelation between predicatesand their negationsresults in the absenceof an implicit representationof the following axiom (tautology). v2 15

((o -->F) + (-0 + -'cr))

(8)

formulae whereu andp arewell-formed of Propositional Calculus. An obvious solution to this problem is to include all the implications of the decision rules in RB2, before transforming it to an equivalentPetri Net representation.The advantageof putting all the implications in the set of decisionrules is that it will make the analysesindependentof the form of the original rule base. The conesponding Petri Net will be called Enhanced Petri Net (EPN). However, such an approachwill double the size of the rule base, and increasethe size of the Petri Net representation(not necessarilywith the same ratio). Zaidi (1994) presented a graph-based approachthat normalizesthe EPN by removing certain unnecessarynodes presentin the net. The parts of the EPN which help reveal the problematiccasesare the only structuresrequired and the rest of the net can be consideredunnecessary.The algorithm that normalizesthe EPN requires the use of two algorithms called FPSO and FP^SI,two variants of an earlier FindPath algorithm (Jin, 1986).The FPSO(p) algorithm, when applied to a node p in a PN, collects all the nodes that have directedpathsto p and returns a subnet whose nodes are the ones collectedby the algorithm. The FPS(p)algorithm, on the other hand, collects all the nodes to which p has a directed path and returns a subnet composedof those nodes. Tables 2 and 3 presentthe formal descriptions of the two algorithms. The notation x->)p, usedin the tables,representsthe binary relation that a directed path exists from node x to node p. The ordinary Petri Net PN is defined by the fourtuple (P, T, I, O) where P is the set of places, T the set of transitions, while I and O are the input and output relationsthat define the arcs.

Table 2 FindPath-to-Sources(FPSO) Algorithm

fPSO(p) = (S, PN') where S = {xl *-"p} PN'= (P',T', I', O') PN: PN' P=P' T:: T' I=I'

v2

t6

Table 3 FindPath-to-Sinks (FPSI) Algorithm Of a 1,N = (l,,

l,

I,

P€V(=PuT) fPS(p) - (S, PN') where S={xlp-rx} PN'= (P',T', I', O') PN : PN' P:P' T:T' I =I' O : O' andP'u T'= S

The normalizedEPNrepresents thatpartof the rule basethat is influencedby the valid inputsand influencesthe outputof the system.Therulesin the rest of the net areconsideredunnecessary for theobviousreason.Thenetpresented in Fig. 3 is a normalized net. 5. STATIC ANALYSIS 5.1 Detection of IncompleteRules The incompleteness,as defined in this paper,is determinedby the lack of certain connectionsin the PN representation. The isolatedrules can be easily detectedby a mere inspectionof the normalizedEPN; a rule in RB2 will be an Isolatedrule if the transition t, representingthe rule, and the transition t', representingthe implication obtainedthrough expression(5) are both absentin the net in Fig. 3. In the illustration, no isolatedrules are found. On the other hand, some of the obvious incompletecasescan be detectedby simply searchingthe net for danglingplaces- placesthat haveeitheronly inputs(sources)or only outputs (sinks). The following

algorithms provide a comprehensive approach to detecting and identifying incompleteness.

Algorithmfor AmbiguousRules ' Apply FPSI to Pin, and comparethe output of FPS(Pifl with the original net. Those places of the original net that do not appearin the output of FPS(P1fl identify ambiguousrules.

v

2

f

i

Algorithm for UselessRules . Apply FPSO to Ps\1, and compare the output of FPSO(P9u) with the original net. Those placesof the original net that do not appearin the output of FPSO(Psud identify uselessrules. The applicationof thesealgorithmsresultedin Rulel0 being identifiedas a uselessrule, since Q6 (P9 Observed)appearedas a dangling place with only input arcs (a sink). The transition in the presetof this assertionidentifiesthe correspondinguselessrule; the rule's consequentrepresentthe assertionthat the system might infer (from the basic inputs to the system) but can not interpret in terms of the required outputs. 5.2 S-lnvariantAnalysis The S-invariant analysislooks at all the directedpathsin the PN and searchesthem for problematic cases.The analysisis shown to reveal certainpatternsof PNs that correspondto circular and inconsistentrules. Before a detailed description of the analysis is presented,the following definitions are in order: Definition: S-Invariant GivenanincidencematrixCofaPN,anS-invariantisa n x I non-negative integervectorX of the kernelof CT, i.e.,

(9)

cTx=o Definition: Support of S-Invariant

If X is an S-invariant,the set of places whose correspondingcomponentsin X are strictly positive is the Support of the invariant,noted. The supportof an S-invariantis said tobe minimal if and only if it does not containthe support of anotherS-invariantbut itself and the empty set. Definition: S-component The S-component associatedwith an S-invariantX of a Petri Net is the subnet whose places are the places of and whose transitions are the input and output transitions of the places of

. By extension,aminimal S-componentrs the S-componentof a minimal supportS-invariant. Definition: Marked Graph Amarked graph is a connectedPetri Net in which eachplace hasexactly one input and one output transition.

v2

l8

The minimal S-invariantsof the PN are calculatedafter it is transformedto an equivalentMarked graph representation.The algorithm to convert a PN into a Marked graph Petri Net (MPN) is given as follows: ' Merge the virtual input and output places,Pin and Psu1,into a single externalplace Ps. .

V p s o t h a t l ' p l = m ( > l ) a n d l p ' l = n ( > l ) , c r e a t e m x n c o p i e s op f , denotedbp y i , w h e r ei

= \,2,..., m x n. Createnlinks fromeach of m transitions,ti e 'p, to all of the n transitions,tj e p' , through thesecopies of the place p. The processwill createm x n links betweenthe input and output transitionsof placep. (Fig. 4 illustratesthe process.) MPN

PN I

-L( P, I

2

ffi

)

?ql ic^

3

4

\n,,^.-)

,;-( I Pi

Fig.4 Processof Convertinga PN to MPN A place p is said to constitutea link from a transitionti to anothertransition tj if 'p = {ti} and p' = {tj }. The processof converting a PN to a MPN preservesthe connectivity of the original PN in the sensethat if two nodes are directly connectedin PN, they will remain connectedin the MPN.The net in Fig.4 is converted to an equivalentMPN representation,and the S-invariants are calculated for it. (Table 4 lists the Supports of the calculatedminimal S-invariants.) The following theorem characterizesthe S-componentscorrespondingto the minimal Support S-invariantsof the MPN. Definition Directed Circuit A directed circuit is a directedpath from one nodeback to itself. A directed elementarycircuit is a directedcircuit in which only one node appearsmore than once. Theorem I (Hillion, 1986) The minimal S-componentsof a Marked graph Petri Net are exactly its directed elementary circuits.

v2

19

Table 4

Minimal Supports Corresponding to S-invariants of the MPN

I 2 3 4 5 6 8 9 10

n t2 13 t4 l5 16 t7 18 t9 20 2l 22 23 24 25 26 27 28 29 30 3l 32 aa JJ

34 35 36 5t

38 39 40 4l 42 43

Support of S-invariant { Q 3 1R, 3 l } m2} {Q32, q { P eP , l 1 , l , R 6 ,B 1 {Pe,Plz,-Ql,R2,C} lPe,P2l,Ql, R6,Bl lPe,P22,-Ql, R2,Cl {Pe,P3l,Ql, R6,B} R3l,e33,R5,A) lPe,P3z,eto, q34, R31,e33,R5,A} {Pe,P4l, P4l, {Pe, e35,R5,A} q36, R32,e33,R5,A} {Pe,P41, (Pe,P42,q37, R3l,e33,R5,A) R5,A} {Pe,P42,e38, q39, lPe,P42, R32,e33,R5,Al {Pe,P51,q34,R3l, e33,R5,A} {Pe,P5l,e35,R5,A} q36,R32,e33,R5,A} P5l, {Pe, {Pe,P52,q37,R3l, e33,R5,A} {Pe,P52,e38,R5,A} {Pe,P52,q39,R32,e33,R5,A} {Pe,P6l,Q4,R2,C} {Pe,P62,Rl, Q33,R5,A} {Pe,P7l,Q4,R2,C} {Pe,P72,Rl, Q33,R5,A} {Pe,P73,e2l, R6,B} {Pe,P73,Qz2,R4,Cl {Pe,P8l,Q5l,R5,A} q52,R32,e33,R5,A} P81, {Pe, {Pe,P82,e8, R4,c} {Pe,P9l,Q5l,R5,A} {Pe,P9l,q52,R32,e33,R5,A} {Pe,P92,Q53,R5,A} R32,e33,R5,A) lPe,P92,q54, P93, {Pe, e21,R6,B} {Pe,P93,Q22,R4,c} {Pe,Pl0,Q21,R6,B} {Pe,PlO,Q22,R4,C} {Pe,Pl2l, Q53,R5,A} q54,R32,e33,R5,A} PI21, {Pe, 6 ,B } { P e , P 1 2 2 , QR 21 R4,cl lPe,Pl22,Q22, { P eP , l 1 ,Q 2 1R , 6 ,B } {Pe.Pl1.O22.R4.Cl

v2

20

Basedon the resultsfrom Theorem1,thefollowingPropositioncharacterizes two differenttypes of circuitsin theMPN. Proposition1 Let betheminimalSupportof thecalculated S-invariantXi; ' If containstheexternalplacePs,thentheS-component associated with