PLANNER:

A LANGUAGE FOR PROVING THEOREMS IN ROBOTS

Carl Hewitt
P r o j e c t MAC - Massachuse s I n s t i t u t e o f T e c h n o l o g y
Summary
PLANNER i s a l a n g u a g e f o r p r o v i n g t h e o r e m s
and m a n i p u l a t i n g m o d e l s i n a r o b o t .
The
l a n g u a g e i s b u i l t o u t o f a number o f p r o b l e m
solving p r i m i t i v e s together with a h i e r a r c h i c a l
control structure.
S t a t e m e n t s can b e a s s e r t e d
and p e r h a p s l a t e r w i t h d r a w n a s t h e s t a t e o f t h e
w o r l d changes.
C o n c l u s i o n s can be drawn f r o m
t h e s e v a r i o u s changes i n s t a t e .
G o a l s can b e
e s t a b l i s h e d and d i s m i s s e d when t h e y a r e
satisfied.
The d e d u c t i v e s y s t e m o f PLANNER i s
subordinate to the h i e r a r c h i c a l c o n t r o l
s t r u c t u r e i n o r d e r t o make t h e l a n g u a g e
efficient.
The use o f a g e n e r a l p u r p o s e m a t c h i n g
l a n g u a g e makes t h e d e d u c t i v e system more p o w e r f u l .

Preface
PLANNER i s a l a n g u a g e f o r p r o v i n g t h e o r e m s
and m a n i p u l a t i n g m o d e l s i n a r o b o t .
Although
we say t h a t PLANNER is a p r o g r a m m i n g l a n g u a g e ,
w e d o n o t mean t o i m p l y t h a t i t i s a p u r e l y
p r o c e d u r a l l a n g u a g e l i k e t h e lambda c a l c u l u s i n
pure LISP.
PLANNER i s d i f f e r e n t f r o m p u r e L I S P
i n t h a t f u n c t i o n c a l l s can b e made i n d i r e c t l y
t h r o u g h recommendations s p e c i f y i n g t h e form o f
t h e d a t a o n w h i c h t h e f u n c t i o n i s supposed t o
work.
I n such a c a l l t h e a c t u a l name o f t h e
c a l l e d f u n c t i o n i s u s u a l l y unknown.
Many o f
t h e p r i m i t i v e s i n PLANNER a r e c o n c e r n e d w i t h
m a n i p u l a t i n g a data base.
The l a n g u a g e w i l l
be explained by g i v i n g an o v e r - s i m p l i f i e d p i c t u r e and t h e n a t t e m p t i n g t o c o r r e c t any
m i s a p p r e h e n s i o n s t h a t t h e r e a d e r m i g h t have
gathered from the rough o u t l i n e .
The b a s i c
i d e a behind the language is a d u a l i t y t h a t we
f i n d b e t w e e n c e r t a i n i m p e r a t i v e and d e c l a r a t i v e
sentences.
F o r example c o n s i d e r t h e s t a t e m e n t
(implies a b).
As it stands the statement is
a p e r f e c t l y good d e c l a r a t i v e s t a t e m e n t .
It
a l s o has c e r t a i n i m p e r a t i v e uses f o r PLANNER.
F o r example i t says t h a t w e s h o u l d s e t u p a
procedure w h i c h w i l l n o t e whether a i s ever
a s s e r t e d and i f s o t o c o n s i d e r w h e t h e r b s h o u l d
then be asserted.
F u r t h e r m o r e i t says t h a t
we should set up a procedure t h a t w i l l watch
t o see i f i t e v e r i s o u r g o a l t o t r y t o deduce
b and i f s o w h e t h e r i t i s w i s e t o make a s u b g o a l
t o deduce a .
S i m i l a r o b s e r v a t i o n s c a n b e made
about the c o n t r a p o s i t i v e of the statement
(implies a b).
Statements w i t h u n i v e r s a l
quantifiers, conjunctions, disjunctions, etc.
a l s o h a v e b o t h d e c l a r a t i v e and i m p e r a t i v e u s e s .
O f c o u r s e i f what w e have d e s c r i b e d t h u s f a r
w e r e a l l t h e r e was t o t h e l a n g u a g e , t h e n t h e r e
would be no p o i n t .
From t h e above o b s e r v a t i o n s ,
we have c o n s t r u c t e d a language t h a t p e r m i t s
b o t h t h e i m p e r a t i v e and d e c l a r a t i v e a s p e c t s o f
statements to be e a s i l y manipulated.
PLANNER uses a p a t t e r n d i r e c t e d i n f o r m a t i o n

r e t r i e v a l s y s t e m t h a t i s more p o w e r f u l t h a n a
r e t r i e v a l s y s t e m based d i r e c t l y o n a s s o c i a t i o n
lists.
The l a n g u a g e p e r m i t s u s t o s e t u p
p r o c e d u r e s w h i c h w i l l make a s s e r t i o n s and
a u t o m a t i c a l l y draw c o n c l u s i o n s f r o m o t h e r
assertions.
P r o c e d u r e s can make r e c o m m e n d a t i o n s
a s t o w h i c h t h e o r e m s s h o u l d b e used i n t r y i n g
t o draw c o n c l u s i o n s f r o m a n a s s e r t i o n , and
t h e y c a n recommend t h e o r d e r i n w h i c h t h e
theorems should be a p p l i e d .
Goals can be
c r e a t e d and a u t o m a t i c a l l y d i s m i s s e d when t h e y
are s a t i s f i e d .
O b j e c t s can b e f o u n d f r o m
schematic o r p a r t i a l d e s c r i p t i o n s .
Properly
f o r m u l a t e d d e s c r i p t i o n s have t h e i r own
i m p e r a t i v e uses f o r t h e l a n g u a g e .
Provision
i s made f o r t h e f a c t t h a t s t a t e m e n t s t h a t w e r e
once t r u e i n a model may n o l o n g e r b e t r u e a t
some l a t e r t i m e and t h a t consequences must b e
d r a w n f r o m t h e f a c t t h a t t h e s t a t e o f t h e model
has c h a n g e d .
A s s e r t i o n s and g o a l s c r e a t e d
w i t h i n a p r o c e d u r e can b e d y n a m i c a l l y p r o t e c t e d
a g a i n s t i n t e r f e r e n c e from other procedures.
Procedures w r i t t e n i n t h e language a r e e x t e n d a b l e
i n t h a t t h e y can make use o f new k n o w l e d g e
whether i t b e p r i m a r i l y d e c l a r a t i v e o r i m p e r a t i v e
in nature.
The l o g i c a l d e d u c t i v e system used
b y PLANNER i s s u b o r d i n a t e t o t h e h i e r a r c h i c a l
c o n t r o l s t r u c t u r e of the language.
PLANNER has
a s o p h i s t i c a t e d d e d u c t i v e system i n o r d e r t o
g i v e u s g r e a t e r power o v e r t h e d i r e c t i o n o f
the computation.
In several respects the
d e d u c t i v e system i s more p o w e r f u l t h a n t h e
q u a n t i f i c a t i o n a l c a l c u l u s o f o r d e r omega.
Our
c r i t e r i a f o r a n i d e a l d e d u c t i v e system c o n t r a s t
w i t h t h o s e t h a t a r e used t o j u s t i f y r e s o l u t i o n
based s y s t e m s .
Having only a s i n g l e r u l e of
inference, resolution provides a very
parsimonious l o g i c a l system.
W o r k e r s who b u i l d
r e s o l u t i o n systems hope t h a t t h e i r systems can
b e made e f f i c i e n t t h r o u g h a c u t e m a t h e m a t i c a l
a n a l y s i s o f the simple s t r u c t u r e o f t h e i r
d e d u c t i v e system.
We have t r i e d to d e s i g n a
s o p h i s t i c a t e d d e d u c t i v e system t o g e t h e r w i t h
an elaborate c o n t r o l s t r u c t u r e so that lengthy
c o m p u t a t i o n s can b e c a r r i e d o u t w i t h o u t b l o w i n g
up.
O f c o u r s e t h e c o n t r o l s t r u c t u r e can s t i l l
b e used when w e l i m i t o u r s e l v e s t o u s i n g r e s o l u t i o n as the sole r u l e of i n f e r e n c e .
Indeed,
R . B u r s t a l l has s u g g e s t e d t h a t w e m i g h t t r y t o
i m p l e m e n t some o f t h e w e l l known r e s o l u t i o n
s t r a t e g i e s i n PLANNER.
Because o f i t s e x t r e m e
h i e r a r c h i c a l c o n t r o l and i t s a b i l i t y t o make use
o f new i m p e r a t i v e a s w e l l a s d e c l a r a t i v e
knowledge, i t i s f e a s i b l e t o c a r r y out very long
c h a i n s o f i n f e r e n c e i n PLANNER.

MATCHLESS
MATCHLESS i s a p a t t e r n d i r e c t e d p r o g r a m m i n g
l a n g u a g e t h a t i s used i n t h e i m p l e m e n t a t i o n o f
PLANNER.
MATCHLESS i s used b o t h i n t h e i n t e r n a l
w o r k i n g s o f PLANNER and a s a t o o l i n t h e
d e d u c t i v e system i t s e l f .
The most i m p o r t a n t
f u n c t i o n i n MATCHLESS i s a s s i g n ? w h i c h m a t c h e s
i t s f i r s t argument w h i c h i s t r e a t e d a s a p a t t e r n
t o i t s second a r g u m e n t .
The r e a s o n why t h e
a s s i g n m e n t f u n c t i o n i n MATCHLESS i s c a l l e d
a s s i g n ? w i l l b e e x p l a i n e d l a t e r when w e d i s c u s s
f u n c t i o n s t h a t have v a l u e s .
The p r e f i x
operator $_ indicates that the v a r i a b l e which
follows it is to be assigned a value.
The
v a r i o u s t y p e s f o r v a r i a b l e s and t h e i r a b b r e viations are;
p t r f o r p o i n t e r , atom f o r a t o m ,
seg f o r s e g m e n t , f i x f o r f i x e d p o i n t n u m b e r ,
f l o a t f o r f l o a t i n g p o i n t n u m b e r , and e x p r f o r
s-expression.
A segment v a r i a b l e i s a l w a y s
assigned the smallest p o s s i b l e leftmost segment.
B e l o w w e g i v e some e x a m p l e s o f t h e
values o f p a t t e r n v a r i a b l e s a f t e r assignment
s t a t e m e n t s have been e x e c u t e d .
We use t h e
c h a r a c t e r - to d e l i m i t segments.
The c h a r a c t e r s
{ and } a r e u s e d t o d e l i m i t f u n c t i o n c a l l s .
{ p r o g ( ( a p t r ) ( h atom) ( c seg))
{ a s s i g n ? ( $ _ a k $_h $_c) ( ( 1 ) k b 1 a ) } }
a gets the value (1)
h gets the value b
c gets the value -1 a-

f a i l s because

{prog ((a seg))

{ a s s i g n ? ($_a,$?a) ( 1 2 3 2 1 ) } ) f a i l s
because once a is a s s i g n e d a v a l u e , a can o n l y
m a t c h a segment t h a t i s e q u a l t o t h e v a l u e o f
a.
If a p a t t e r n in an assignment statement
c a n n o t m a t c h t h e v a l u e o f t h e second a r g u m e n t
of the assignment statement then the assignment
statement r e t u r n s the value ( ) , otherwise the
value t.
for

(a^>J)}}

{ p r o g ( ( x seg) ( c s e g ) )
{assign? ($_x<disj(3) (2)>$_c) (a,1,2,3,}}
x gets the value -a 1c gets the value - 3 -

there

{prog ((x p t r ) )
{ a s s i g n ? ( < s t a r a > $_x)
x gets the value a

(1 2)

(a a a a ) } ]

P a t t e r n f u n c t i o n s d o not produce v a l u e s .
It
does n o t make any sense t o e v a l u a t e
{ a s s i g n ? < d i s j ( 3 ) ( 2 ) > ( 2 ) } s i n c e a segment
l i k e < d s j (3) (2) > i s never allowed t o stand
alone.
There is a l i b r a r y of p a t t e r n f u n c t i o n s
already defined in the language.
For example
" is quote.
Thus { " s s a ] w i l l o n l y m a t c h $ $ a .
a palindrome is defined to be a l i s t t h a t reads
t h e same b a c k w a r d s and f o r w a r d s .
Thus
(a ( b ) ( b ) a ) , ( ) , and ( ( a b ) (a b ) ) a r e
palindromes.
More f o r m a l l y i n MATCHLESS, a
palindrome can be d e f i n e d as a p a t t e r n f u n c t i o n
of no arguments:

An expression t h a t c o n s i s t s of the p r e f i x
operator $$ followed by a v a r i a b l e w i l l only
match an o b j e c t equal to t h e v a l u e of t h e
variable.
{prog ( ( a seg))
{ a s s i g n ? ($_a$$a) (1,2,3,1,2,3)}}
a gets the value - 1 2 3{ p r o g ( ( a seg) ( b
[ a s s i g n ? ($_a x
a gets the value
b gets the value

{prog ( ( ( a 5) p t r ) )
{ a s s i g n ? $?a 4 ) )
a is i n i t i a l i z e d to 5 on entrance to the
prog.
Consequently t h e assignment statement
fails.

[prog ((a ptr (b ptr) (c p t r ) )

{ a s s i g n ? ( a < c o n j $_a$ b > $ _ c )
a gets t h e v a l u e -1 zb gets the value -1 2c gets the value - 3 -

{ p r o g ( ( f i r s t p t r ) ( m i d d l e seg) ( l a s t p t r ) )
{ a s s i g n ? ( $ _ f i r s t $ _ m i d d l e $ _ l a s t ) (1,2,3,4)}}
f i r s t gets the value 1
middle gets the value -2 3last gets the value 4

{prog ((a atom))

{ a s s i g n ? $_a ( 1 2 ) } }
is not an atom.

{prog ((a p t r ) )
{ a s s i g n ? $?a 3 } ]
a gets the value 3

Examples o f p a t t e r n f u n c t i o n s a r e d i s j
d i s j u n c t i o n , neg f o r n e g a t i o n , c o n j f o r
c o n j u n c t i o n , and s t a r f o r K l e e n e s t a r i n
general regular expressions.
We use t h e
c h a r a c t e r s < and > t o d e l i m i t p a t t e r n
expressions t h a t are to be i n t e r p r e t e d as
segments.

{ p r o g ( ( c seg) ( h a t o m ) ( a p t r ) )
{ a s s i g n ? ( $ _ c $_h k $_a) ( a l b k q ) ) )
c gets the value -a 1h gets the value b
a gets the value q

{prog ((a p t r ) (b p t r ) )
{ a s s i g n ? ($_^$_b) (d) } } f a i l s because
i s o n l y one e l e m e n t i n ( d ) .

An expression that consists of the p r e f i x

o p e r a t o r $? f o l l o w e d by a v a r i a b l e w i l l match
t h e v a l u e o f t h e v a r i a b l e i f i t has one, o t h e r wise the v a r i a b l e is assigned a v a l u e .
We s h a l l
u s e t h e pseudo a t o m NOVALUE t o i n d i c a t e t h a t a
v a r i a b l e does n o t h a v e a v a l u e .

seg))
$$a $ - b ) ( a b x d x a b x d q ) } }
-a b x d-q-

-296-

The f o l l o w i n g three forms are the ones

which are p r e s e n t l y defined in the language f o r
s a t i s f y i n g requests made in the body of
procedures:

(def palindrome
(kappa ( ( ) )
{disj

{block ( ( x p t r ) )

($_x<palindrome>$$x)}]))

(consequent $_declaration $_consequent

$_expression) declares t h a t
$$consequent is
the consequent of the theorem. The theorem can
be used to t r y to e s t a b l i s h goals t h a t match the
p a t t e r n $$consequent. Whether or not the
theorem w i l l a c t u a l l y succeed I n e s t a b l i s h i n g
the goal depends on $$expression. However, no
theorem can be a c t i v a t e d f o r a goal which is
already c u r r e n t l y a c t i v a t e d f o r that g o a l .
The
only way that a theorem that begins w i t h the
atom consequent can be c a l l e d is by the f u n c t i o n
goal.

The form kappa is l i k e the lambda of LISP except

t h a t it is used in p a t t e r n f u n c t i o n s .
The above
d e f i n i t i o n reads "a palindrome is a l i s t such
t h a t i t i s ( ) o r i t i s a l i s t which begins and
ends w i t h x w i t h a palindrome in between." The
p a t t e r n f u n c t i o n block causes the v a r i a b l e x
to rebound to the pseudo-atom NOVALUE every
time t h a t palindrome is c a l l e d . The f u n c t i o n
reverse is defined to be such t h a t {assign?
{reverse $$x} $$y} is t r u e only if the value of
x is the reverse of the value of y.
The
d e f i n i t i o n o f reverse i s
(def reverse
(kappa ( ( ( x p t r ) ) )
(fatomicJ$$x)

(UJ

{block ( ( f i r s t - o f - x p t r ) ( r e s t - o f - x seg))
{assign? ( $ _ f i r s t - o f - x $ r e s t - o f - x ) $ $ x }
(reverse ($$rest-of-x)>$$first-of-x) ]) }))

(antecedent $_declaration $ antecedent

$_expression) declares that $$antecedent is the
antecedent of the theorem. The theorem can be
used to t r y to deduce consequences from the f a c t
that a statement that matches $$antecedent has
been a s s e r t e d . The only way that a theorem
that begins w i t h the atom antecedent can be
c a l l e d is by the f u n c t i o n s assert and concludef rom.
(erasing $_declaration $_statement $_expression) can be used to t r y to deduce consequences
from the f a c t that a statement that matches
$$statement has been erased. The only way t h a t
a theorem t h a t begins w i t h the atom erasing can
be c a l l e d is by the f u n c t i o n erase.

The above d e f i n i t i o n says t h a t an expression y is

the reverse of x if whenever y is an atom then it
is equal to x, otherwise l e t f i r s t - o f - x by the
f i r s t member of x and r e s t - o f - x be the r e s t of
x and the p a t t e r n (<reverse ( $ $ r e s t - o f - x ) >
$ $ f i r s t - o f - x ) must match y.
E s s e n t i a l l y a l l the
ideas for the p a t t e r n f u n c t i o n s come from Post
p r o d u c t i o n s , general r e g u l a r expressions,
CONVERT, and LISP.
PLANNER
Now t h a t we have described MATCHLESS, we are
in a p o s i t i o n to begin a d e t a i l e d d e s c r i p t i o n of
PLANNER.
Consider a statement that w i l l match
the p a t t e r n ( i m p l i e s $ a $_b). The statement has
s e v e r a l imperative uses.
x l : If we can deduce $$a, then we can deduce $$b.
In PLANNER the statement xl would be expressed as
( a n t e c e d e n t ( O ) $$a {assert $$b}) which means
t h a t $$a Is declared to be the antecedent of a
theorem such t h a t if $$a is ever asserted in such
a way as to a l l o w the theorem to become a c t i v a t e d
then $$b w i l l be a s s e r t e d .
x 2 : If we want to deduce $$b, then e s t a b l i s h
a subgoal to f i r s t deduce $$a.
In PLANNER the statement x2 would be expressed as
(consequent ( ( ) ) $$b {thprog ()
(goal $$a}
{assert-consequent}})
which means t h a t $$b is
declared to be the consequent of a theorem such
t h a t if the subgoal $$a can be e s t a b l i s h e d using
any theorem then the consequent $$b w i l l be
a s s e r t e d . We o b t a i n two more PLANNER statements
analogous to the above by considering the
c o n t r a p o s i t i v e of ( i m p l i e s $$a $$b) which is
( i m p l i e s (not $$b) (not $ $ a ) ) .

Some of the f u n c t i o n s in PLANNER are l i s t e d

below together w i t h b r i e f explanations o f t h e i r
function.
Examples of t h e i r use w i l l be given
immediately a f t e r the d e f i n i t i o n o f the p r i m i t ives below. The p r i m i t i v e s probably cannot be
understood w i t h o u t t r y i n g to understand the
examples since the language is h i g h l y r e c u r s i v e .
In general PLANNER w i l l t r y to remember everyt h i n g t h a t I t i s doing o n a l l l e v e l s unless there
is some reason to f o r g e t some part of t h i s
information.
In the Implementation of the
language s p e c i a l measures must be taken to
ensure t h a t v a r i a b l e s receive t h e i r c o r r e c t
b i n d i n g s . The most e f f i c i e n t way to implement
the language is to put p o i n t e r s on the stack
back to the place where the c o r r e c t bindings a r e .
Value c e l l s do not provide an e f f i c i e n t means
of Implementing the language. The d e f a u l t
response of the language when a simple f a i l u r e
occurs is to back t r a c k to the l a s t d e c i s i o n
t h a t i t made and t r y t o f i x i t up.
{ { " t h v a l } $ _ e x p r e s s i o n $_bindlngs $ s t a t e }
w i l l evaluate the value o f
$$expression w i t h
b i n d i n g s which are the v a l u j of $$bindings and
l o c a l s t a t e which Is the va'ue of $$state. At
any g i v e n time PLANNER expressions are being
evaluated i n a l o c a l s t a t e . This l o c a l s t a t e
determines what changes have been made to the
data base i . e . , what erasures and a s s e r t i o n s
have been made.

-297-

{ { " s t a t e } } r e t u r n s a s i t s value the c u r r e n t

local state.

{ { " temporary-assert}
$_statement
{recommendation}) i s l i k e assert except t h a t
$$statement w i l l b e withdrawn i f e v e r y t h i n g
works o u t .
In other words, $$statement is a
temporary r e s u l t t h a t w i l l go away a f t e r we
solve our c u r r e n t problem.

{ { " update} $_state} w i l l update the data

base according to the s t a t e which is the value
of $ $ s t a t e .
{ { " a s s e r t } $_statement

{recommendation})

{ { " erase} $_statement {recommendation} )

If there is a statment t h a t matches $$statement,
then it is erased and then the recommendation is
f o l l o w e d . Otherwise, the f u n c t i o n erase generates a simple f a i l u r e .
If a simple f a i l u r e
backs up to the f u n c t i o n erase, then the s t a t e ment t h a t was o r i g i n a l l y erased is r e s t o r e d
and the whole process repeats w i t h another
statement t h a t has been proved. The f u n c t i o n
erase i s a p a r t i a l l e f t inverse o f the f u n c t i o n
assert.

where
(def recommendation
(disj

(kappa ( ( ) )

0
?

(or <star {recommendation}>)

(and <star {recommendation}>)
(subset <star{recommendation}>)
(sequence <star (recommendation}>)}))

{ { " proved?} $_statement} t e s t s to see if a

statement t h a t matches $$statement has already
been a s s e r t e d .
If t h e r e is such a statement,
then the v a r i a b l e s i n the p a t t e r n $$statement
are bound to the a p p r o p r i a t e v a l u e s .
If t h e r e
Is no such statement, then a simple f a i l u r e is
generated.
If a simple f a i l u r e backs up to the
f u n c t i o n proved?, then the v a r i a b l e s t h a t were
bound to the elements of the statement t h a t was
found f i r s t are unbound and the whole process
repeats w i t h another statement t h a t has been
proved. PLANNER is designed so t h a t the time it
takes to determine whether a statement t h a t
matches $$statement is in the data base or not is
e s s e n t i a l l y independent of the number of i r r e l evant statements t h a t have already been a s s e r t e d .
When an s-expression is asserted PLANNER remembers the p o s i t i o n of every atom t h a t occurs in
the s - e x p r e s s i o n . Two expressions are s i m i l a r
on r e t r i e v a l o n l y to the extent t h a t they have
the same atoms in the same p o s i t i o n .
If
MATCHLESS had an e f f i c i e n t p a r a l l e l processing
c a p a b i l i t y then the r e t r i e v a l could be even
f a s t e r since we would do the look-ups on atoms
by position in p a r a l l e l .

If the statement $$statement has already been

asserted then the f u n c t i o n a s s e r t acts as the
null instruction.
Otherwise, the f u n c t i o n
assert causes the statement $$statement to be
asserted w i t h a recommendation as to how to t r y
to draw some conclusions from the f a c t t h a t
$$statement has been a s s e r t e d . The () recommendation means t h a t we should take no a c t i o n .
The recommendation ? excludes no theorem from
c o n s i d e r a t i o n in t r y i n g to deduce consequences
from the value of $$statement.
The d i s j u n c t i o n
of a l i s t of recommendations r e q u i r e s t h a t each
recommendation be t r i e d in t u r n u n t i l one works.
The c o n j u n c t i o n of a l i s t of recommendations
r e q u i r e s t h a t they a l l work i n the order i n which
they appear in the c o n j u c t i o n .
In a sequence of
recommendations, PLANNER w i l l t r y each recommendation in t u r n regardless of whether any
g i v e n one succeeds or n o t .
The subset of a l i s t
o f recommendations t r y s a l l the s u b l i s t s o f the
l i s t i n a l l possible orders.
I f the recommendation of an a s s e r t i o n statement f a i l s or
if a lower l e v e l f a i l u r e backs up to the a s s e r t i o n then the a s s e r t i o n t h a t $$statement holds
i s withdrawn.

{ { " proven}$__pattern} w i l l r e t u r n a s value

a l i s t whose f i r s t element is the number of
remaining elements in the l i s t and such t h a t the
remaining elements of the l i s t are statements
t h a t have been asserted and match the p a t t e r n
$$pattern.

{ { " conclude-from} $_statement

{recommendation}) w i l l cause PLANNER to t r y to
draw conclusions from the statement $$statement
u s i n g the recommendation.
{ { " assert-consequent} {recommendation})
causes the consequent in which the f u n c t i o n
assert-consequent appears to be a s s e r t e d . The
f u n c t i o n should be used o n l y in theorems t h a t
begin w i t h the atom consequent. A f t e r the
f u n c t i o n assert-consequent has been e v a l u a t e d ,
e x e c u t i o n w i l l cease i n the theorem i n which the
f u n c t i o n appears.

{ { " f o r - p r o v e d } $ _ d e c l a r a t i o n $__pattern
$__body) where body is of type seg w i l l attempt
to excecute $$body once f o r every proved s t a t e ment t h a t matches the p a t t e r n $ p a t t e r n .
{ { " proveable} $_pattern { g o a l recommendation}} w i l l r e t u r n a s i t s value a l i s t
whose f i r s t element is the number of remaining
elements in the l i s t and such t h a t the remaining
elements of the l i s t are the proveable statements
t h a t match the p a t t e r n $$pattern and can be
proved using the recommendation.
Note t h a t if
t h e r e are an i n f i n i t e number of proveable s t a t e ments t h a t match the p a t t e r n $ $ p a t t e r n then the

{ { " permanent-assert} $_statement

{recommendation}) i s l i k e the f u n c t i o n a s s e r t
except t h a t $$statement continues to hold even
if a f a i l u r e backs up to the c a l l to permanentassert.

-298-

f u n c t i o n proveable w i l l not converge.

where

the one immediately a f t e r the c a l l t o f i n a l i z e from.

{ { " g o a l } $_statement (goal-recommendation}}

{ { " t h f i n a l i z e } } causes a l l a c t i o n s t h a t
have been taken in the current theorem to be
finalized.

(def goal-recommendation (kappa ( ( ) )

{block
( ( t h e o r e m l i s t seg))
(disj
( f i r s t $_theoremlist)
(only $ _ t h e o r e m l i s t ) } } ) )

{ { " b l k f i n a l i z e } } causes a l l a c t i o n s that

have been taken in the c u r r e n t b l o c k to be
finalized.

A goal-recommendation of ( f i r s t $_theoremlist)
means t h a t the theorems on $$theoremlist are the
f i r s t to be used to t r y to achieve the goal which
is the value of $$statement. On the other hand
a goal recommendation of (only $_theoremlist)
means t h a t the theorems on $$theoremlist in the
order given are the only ones to be used to t r y
to achieve the g o a l . The f i r s t t h i n g t h a t the
f u n c t i o n goal does is to evaluate {proved?
$$statement}.
If the e v a l u a t i o n produces a
f a i l u r e then the goal recommendation is followed
to t r y to f i n d a theorem t h a t can e s t a b l i s h
$$statement.

{ { " thprog} $ _ v a r i a b l e l i s t $__progbody}

where progbody is of type seg is l i k e the LISP
f u n c t i o n prog except t h a t it can handle the
mechanism of f a i l u r e .

{ { " goals} $_pattern} r e t u r n s a s i t s value

a l i s t o f the c u r r e n t l y a c t i v e g o a l s .

{ { " thand} $__conjuncts} where conjucts is

of type seg is l i k e the LISP f u n c t i o n and.

{ { " g e n f a i l } ) causes a simple f a i l u r e to be

reported above.

{ { " t h o r } $ _ d i s j u n c t s } where d i s j u n c t s i s
of type seg is l i k e the LISP f u n c t i o n o r .

{ { " g e n f a i l } $_message) causes a f a i l u r e

to be reported above w i t h the message the value
of $$message.

{ { " t h r p l a c a } $_a $_b} is l i k e the LISP

f u n c t i o n r p l a c a except t h a t the o l d value of
$$a is remembered so t h a t it can be r e s t o r e d
In case of f a i l u r e .

{ { " d e f t h } $_theorem-name $__theorem}

defines $$theorem-name to be the name of the
theorem $$theorem.
{ { " thcond} $__clauselist } where c l a u s e l i s t
if of type seg is l i k e the LISP f u n c t i o n cond
except that i t t r e a t s a simple f a i l u r e i n the
f i r s t element of a clause l i k e a ( ) .

{ { " f a i l ? } $__expr $ _ f a i l c l a u s e s } where

f a i l c l a u s e s is of type seg evaluates $$expr.
If the e v a l u a t i o n does not produce a f a i l u r e ,
then the value of $$expr is the value of the
function f a i l ? .
I f the message o f the f a i l u r e
matches the f i r s t element of a clause then the
r e s t of the elements of the clause are evaluated.
Otherwise, the f a i l u r e continues to propagate
upward.

Suppose t h a t we know t h a t (subset a

(subset a d ) , (subset b c ) , and ( f o r - a l l
( i m p l i e s (and (subset x y) (subset y z ) )
x z ) ) ) are t r u e . How can we get PLANNER
prove t h a t (subset a c) holds? We would
the system the f o l l o w i n g theorems.

(subset a b)
(subset a d)
(subset b c)
( d e f t h backward
(consequent ( ( ( x p t r ) ( z p t r ) ) )
(subset $?x $?z)
{thprog ( ( y p t r ) )
{ g o a l (subset $?x $?y) ( f i r s t backward)}
{goal (subset $$y $?z) (only backward)}
{aasert-consequent}}))

{ { " f a i l t o } $_tag} causes f a i l u r e t o the

tag $$tag which must p r e v i o u s l y have been passed
over.
{ { M b l k f a i l } } causes the c u r r e n t block to
fail.
{{" thfail}}

b),
(x y z)
(subset
to
give

causes the current theorem t o

fail.

Now we ask PLANNER to evaluate {goal (subset a c)}

then i t looks f o r a theorem t h a t i t can a c t i v a t e
to work on the g o a l . It f i n d s backward and binds
x to a and z to c. Then it makes (subset a $?y)
a subgoal w i t h the recommendation t h a t backward
should be used f i r s t to t r y to achieve the subg o a l . The system n o t i c e s t h a t y might be d, so
it binds y to d. Next (subset d c) is made a
subgoal w i t h the recommendation t h a t only backward be used to t r y to achieve i t . Thus backward is c a l l e d r e c u r s i v e l y , x is bound to d, and
z is bound to c. The subgoal (subset d $?y) Is
e s t a b l i s h e d causing backward to again be c a l l e d

{ { " end}} causes the c u r r e n t theorem to

cease e x e c u t i o n .
{ { " g o a l - e n d } } causes execution to cease
on the c u r r e n t theorem and the c u r r e n t goal to be
dismissed w i t h o u t being a s s e r t e d .
{ { " f i n a l i z e - f r o m } $_tag} causes a l l a c t i o n s
t h a t have been taken since the l a s t time that the
tag $$tag was passed over to be f i n a l i z e d .
F i n a l i z e statements are mainly used to save
s t o r a g e . The next statement to be executed is
-299-

r e c u r s i v e l y w i t h x bound to d and z determined

to be the same as what the o l d value of y ever
t u r n s out to be.
But now the system f i n d s t h a t
i t i s i n t r o u b l e because the new subgoal
(subset d $?y) is the same as a subgoal on
which i t i s already w o r k i n g .
S o i t decides
t h a t it was a mistake to t r y to prove (subset
d c)
in the f i r s t p l a c e .
Thus y is bound to
b instead of d. Now the system sets up the
subgoal (subset b c) which is e s t a b l i s h e d
immediately. We use the above example o n l y
to show how the r u l e s of the language work
in a t r i v i a l case.
If we were s e r i o u s l y
i n t e r e s t e d in p r o v i n g theorems in PLANNER
about the l a t t i c e of s e t s , then we would
c o n s t r u c t a f i n i t e l a t t i c e as a model and
use i t t o guide u s i n f i n d i n g the p r o o f .
Suppose we give PLANNER the f o l l o w i n g
theorems i n a d d i t i o n t o backward:
(subset d b)
(subset a b)
( d e f t h forward
(antecedent
( ( ( y Ptr) (z p t r ) ) )
subset $_y $_z)
thprog ((x p t r ) )
{ g o a l (subset $?x $$y)}
{ a s s e r t (subset $$x $$z) (or forward ? ) } ) ) )
Now if PLANNER is asked to evaluate {assert
(subset b e ) ? } , i t w i l l look around f o r a
theorem which w i l l enable i t t o deduce consequences of (subset b c ) .
The system w i l l b i n d
y to b and z to c in f o r w a r d , and then generate
the subgoal (subset $?x b ) . The subgoal (subset
a b ) is e a s i l y e s t a b l i s h e d . Thus we a s s e r t
(subset a c) as a f a c t and are unable to deduce
any consequences from (subset a c ) .
Theorems in PLANNER can be proved in much
the same way used f o r o r d i n a r y theorems.
For example suppose t h a t we has the f o l l o w i n g
two theorems:
( d e f t h t h 4 (consequent
(((a ptr) (c p t r ) ) )
subset $?a $?c)
t h p r o g ()
{thprog ( ( ( x { a r b i t r a r y } ) p t r ) )
{ h y p o t h e t i c a l (element $$x $?a)
(element $$x $ ? c ) } }
{assert-consequent ? } } ) )
On entrance to the inner t h p r o g the v a r i a b l e x
w i l l be bound to a f r e s h l y created symbol. The
f u n c t i o n h y p o t h e t i c a l w i l l v e r i f y t h a t (element
$$x $?c) can be proved from (element $$x $?a).
The above theorem is the c o n s t r u c t i v e analogue
o f ( f o r - a l l ( a c ) ( i m p l i e s ( f o r - a l l (x) ( i m p l i e s
(element x a) (element x c ) ) ) (subset a c ) ) ) .
( d e f t h th3 (consequent ( ( ( x p t r ) ( s p t r ) ) )
element $?x $?s)
thprog ( ( r p t r ) )
f g o a l (element $?x $ ? r j }
{ g o a l (subset $?r $?s)J
{assert-consequent ? } } ) )
The above theorem is the c o n s t r u c t i v e analogue
for ( f o r - a l l (x s) {implies (there-exist (r)
(and (element x r) (subset r s ) ) ) (element x s ) ) ) .
From the above two theorems we can now prove the
-300-

f o l l o w i n g theorem:
(consequent ( ( ( a p t r ) ( c p t r ) ) )
subset $?a $?c)
thprog ( ( b p t r ) )
goal (subset $?a $?b))
goal (subset $$b $?c)J
{assert-consequent ? } } )
The above theorem is the c o n s t r u c t i v e analogue
f o r ( f o r - a l l (a b c) ( i m p l i e s (and (subset a b)
(subset b e ) ) (subset a c ) ) . One way in which
the theorem can be e s t a b l i s h e d is by showing
t h a t the e v a l u a t i o n o f the f o l l o w i n g expression
w i l l not r e s u l t i n a f a i l u r e :
{thprog
(((a {arbitrary}) ptr)
((b { a r b i t r a r y ] ) ptr)
((c {arbitrary}) ptr)
a s s e r t (subset $$a $$b)}
a s s e r t (subset $$b $$c)}
{ g o a l (subset $$a $$c)}J
The above example shows how it is sometimes
convenient f o r PLANNER to regard the statement
of a theorem simply as an a b b r e v i a t i o n f o r the
proof of the theorem. We would l i k e to be able
to prove PLANNER theorems w i t h loops in them.
I n order t o d o t h i s i t i s necessary t o know
the i n t e n t i o n s o f the i n t e r n a l s t r u c t u r e o f the
theorem.

Conclusion

Acknowledgements

The most n a t u r a l way to do a proof by

c o n t r a d i c t i o n . Another type of problem t h a t
PLANNER w i l l not solve very n a t u r a l l y is to
n o n c o n s t r u c t i v e l y show t h a t there is some
o b j e c t x such t h a t (p x) is t r u e . We s h a l l
c a l l the l o g i s t i c system based purely on the
p r i m i t i v e s of PLANNER "robot l o g i c " .
Robot
l o g i c is a k i n d of h y b r i d between the c l a s s i c a l
l o g i c s such as the q u a n t i f i c a t i o n a l c a l c u l u s
and i n t u i t i o n i s m , and the r e c u r s i v e f u n c t i o n s
as represented by the lambda c a l c u l u s and Post
productions.
The semantical d e f i n i t i o n of
t r u t h in robot l o g i c complicated by the
existence of the p r i m i t i v e erase. There are
i n t e r e s t i n g p a r a l l e l s between theorem proving
and a l g e b r a i c m a n i p u l a t i o n . The two f i e l d s
face s i m i l a r problems on the issues of
s i m p l i f i c a t i o n , equivalence o f expressions,
i n t e r m e d i a t e expression b u l g e , and man-machine
interaction.
In any p a r t i c u l a r case, the
theorems need not a l l o w PLANNER to lapse i n t o
i t s default conditions.
I t w i l l sometimes
happen t h a t the h e u r i s t i c s f o r a problem are
very good and t h a t the proof proceeds smoothly
u n t i l almost the very end. At the point the
program gets stuck and lapses i n t o d e f a u l t
c o n d i t i o n s to t r y to push through the proof.
On the other hand the program might grope f o r a
w h i l e t r y i n g to get s t a r t e d and then l a t c h
onto a theorem t h a t knows how to p o l i s h o f f the
problem in a lengthy but f o o l p r o o f computation.
PLANNER is designed f o r use where one has great
number of i n t e r r e l a t e d procedures (theorems)
t h a t might be of use in s o l v i n g some problem
along w i t h a general plan f o r the s o l u t i o n of
the problem. The language helps to select
procedures to r e f i n e the plan and to sequence
through these procedures in a f l e x i b l e way in
case e v e r y t h i n g doesn f t go e x a c t l y according to
p l a n . The f a c t t h a t PLANNER is phrased in the
form of a language forces us to t h i n k more
s y s t e m a t i c a l l y about the p r i m i t i v e s needed f o r
problem s o l v i n g . We do not b e l i e v e t h a t
computers w i l l be able to prove deep mathem a t i c a l theorems w i t h o u t the use of a
h i e r a r c h i c a l c o n t r o l s t r u c t u r e . Nor do we
b e l i e v e t h a t computers can solve d i f f i c u l t
problems where t h e i r domain dependent knowledge
is limited to f i n i t e - s t a t e difference tables
of connections between goals and methods.

The preceeding is a r e p o r t on some of the

work t h a t I have done as a graduate student
at P r o j e c t MAC.
Reproduction in f u l l or in
part is permitted f o r any purpose of the
United States government. We would l i k e to
thank the various system "hackers" t h a t have
made t h i s work p o s s i b l e : D. East l a k e , R.
G r e e n b l a t t , J. Holloway, T. K n i g h t , G. M i t c h e l l ,
S. Nelson, and J. White. We had several
u s e f u l discussions w i t h H. V. Mcintosh and A.
Guzman on the subject of p a t t e r n matching.
S. Papert and T. Winograd made suggestions f o r
improving the p r e s e n t a t i o n o f the m a t e r i a l i n
t h i s paper.
Bibliography
1 Black, F. A Deductive Question Answering
System, d o c t o r a l d i s s e r t a t i o n , Harvard.
2 Green, C. C. and Raphael, B. The Use of
Theorem-proving Techniques in Question-answering
Systems. Proceedings of 23rd N a t i o n a l Conf. ACM.
3 Guzman, A. and Mcintosh, H. V . , Convert,
Communications of ACM, Aug. 1966.
4 H e w i t t , C. , PLANNER: A Language for* Proving
Theorems, A. I. memo 137, J u l y 1967.
5 McCarthy, J . ; Abrahams, P. W.; Edwards D. J . ;
H a r t , T. P.; and L e v i n , Michael I. L i s p 1.5
Programmers Manual.
6 McCarthy, J. and Hayes, P., Some P h i l o s o p h i c a l
Problems from the Standpoint of A r t i f i c i a l
I n t e l l i g e n c e . Stanford A. I. Memo 73.
7 Newell, A . , Shaw, J. C., and Simon, H. A . ,
1959. Report on a General Problem-solving Program,
Proceedings of the I n t e r n a t i o n a l Conference
on I n f o r m a t i o n Processing, P a r i s : UNESCO House.
8 S l a g l e , J. Experiments w i t h a Deductive Quest i o n - a n s w e r i n g Program, Communications of ACM
December 1965.

-301-