Argumentation frameworks with attack classification

Abstract argumentation frameworks (AAFs), introduced by Dung (1995, Artif. Intell. , 228, 321–357), enabled a new way of reasoning with arguments, which does not take into account the internal structure of arguments but only how they are related to each other. The only form of relation considered in AAFs is a binary attack relation on the set of arguments. From the definitions of acceptability semantics of AAFs, it is obvious that attacks actually have a dual role: on the one hand, they generate conflicts; on the other hand, they can defend other arguments from attacks. In this paper, we propose a framework, where the modeller can explicitly specify the role of each attack. For this purpose, we define a set of conflict-generating attacks R C and a set of defending attacks R d , as well as a family of semantics that considers the role of each attack while determining which arguments are attacked, which are defended and which will be included in each extension. We study the formal properties of the proposed framework and semantics, show that our framework is a generalization of AAFs and assess its semantics against a set of principles. Finally, we present a web application that provides an interface for creating custom argumentation frameworks and uses ASP to compute their extensions.


Introduction
Abstract argumentation frameworks (AAFs), introduced by Dung [11], enabled a new way of reasoning with arguments, which does not take into account the internal structure of arguments but only how they are related to each other. The simplicity and intuitiveness of AAFs, along with their ability to capture various types of non-monotonic reasoning, led to their wide adoption by the knowledge representation and reasoning community. The only form of relation considered in AAFs is a binary attack relation on the set of arguments. From the definitions of acceptability semantics of AAFs, which provide a solid mechanism for selecting acceptable sets of arguments (called extensions), it is obvious that attacks actually have a dual role: on the one hand, they generate conf licts, i.e. they disallow two arguments that attack each other to be in the same extension; on the other hand, they can defend other arguments from attacks, thereby allowing arguments to be included in extensions, even if attacked, provided that all attacks are defended by other arguments in the extension.
Based on this observation, in previous work, we considered semantics where (some of the) attacks in the framework could be treated as having one of the two roles only. For example, consider the following exchange of arguments, a, b, followed by one of c 1 , c 2 and c 3 .
a: I will take antibiotic X for my dental infection. It was recommended by my dentist. b: X contains penicillin and you are allergic to it, so better take Y. c 1 : I read in its label that X does not contain penicillin and X is more effective than Y. c 2 : Y has serious and frequent side effects, so I would better avoid it. c 3 : I was allergic to penicillin when I was a child, I think it has now faded away.
It is obvious that b attacks a and each of c 1 , c 2 and c 3 attacks b. However, the nature and effect of each of these attacks is different. If one accepts c 1 , its attack to b should completely invalidate b, and, as a result, a should be accepted. This is captured by all acceptability semantics of AAFs that satisfy admissibility, i.e. they accept arguments that are not in conf lict with any other accepted argument and are defended by the accepted arguments against all attacks. Now, let us consider c 2 , which is also in conf lict with b and, if accepted, b should be rejected. However, c 2 does not defend a from b, in the sense that the information it conveys is not relevant to the attack from b to a (which relies on the claim that the person is allergic to penicillin and X contains penicillin). In other words, the attack from c 2 to b has the single role of invalidating b (creating a conf lict among b and c 2 ).
Finally, the attack from c 3 to b has a different effect. It does not invalidate b but leaves some doubt about it. Given this attack, it would be reasonable to accept c 3 and a and reject b (if one feels that the belief that the allergy has faded away is strong enough to disregard the advice not to take the antibiotic), but it would also be reasonable to accept c 3 and b and reject a (if the belief that the allergy has faded away is not strong enough to disregard the advice not to take the antibiotic).
The effect of the latter two types of attack (e.g. from c 2 or c 3 to b) cannot be captured by any of the existing acceptability semantics of AAFs. To address this aim, we recently proposed a new abstract model of arguments, called multi-attack argumentation frameworks (MAAFs) [21], which allows each attack to be associated with a type, and we defined three types of semantics: firm, restricted and loose. In MAAFs, a set of attack types is considered to have the 'normal' behaviour, i.e. both conf lict generating and defending, whereas the rest are assumed to have only one (for firm or loose semantics), or neither of the two roles (for restricted semantics).
A shortcoming of MAAFs is that conf lict-generating and conf lict-defending attacks cannot coexist. In other words, a MAAF can only support two different 'classes' of attacks: 'normal' and 'abnormal' ones, where the exact behaviour of 'abnormal' attacks is determined by the type of semantics considered (firm, restricted or loose). In this paper, we generalize the idea of [21] by allowing the modeller to specify explicitly, and independently, what will be the role of each attack. For this purpose, we define a set of conf lict-generating attacks R c and a set of defending attacks R d , as well as a family of semantics that takes into account the role of each attack while determining which arguments are attacked, which are defended and which will be included in each extension.
This paper is based on and significantly extends our previous work presented in [21] by providing (i) a more generalized framework that extends MAAF with the capability to explicitly specify the role of each attack; (ii) a principle-based analysis of the semantics of this framework; (iii) a formal study of the properties of the framework and its semantics, including its relation to AAFs; and (iv) a declarative implementation, in the context of a Web App, 1 where a user can develop their own instantiations of the argumentation framework and access the reasoning that our framework offers.
In the remainder of the paper, we define our new proposed framework, called AAFs with attack classification, along with some properties of the framework and its semantics (Section 3). We study the behaviour of the semantics with respect to a standard set of principles proposed for AAFs (Section 4). To better illustrate our approach, we present a use case on argumentation schemes (Section 5). Next, we describe an implementation of the framework based on the language of ASP (Section 6). Finally, we discuss the related work (Section 7) and conclude (Section 8). A detailed introduction to MAAFs (as defined in [21]), proofs of formal properties of the new framework, as well as ASP encodings for the Web App are provided in the appendix.

AAFs with Attack Classification
In this section, we define the notions of conf lict-generating, normal, defending and irrelevant attacks, as well as the notion of classification of attacks for an AAF, and we define the standard extension classes for the new argumentation framework.

Framework
We recall that an argumentation framework is defined as a pair F = A, R , where A is the set of arguments and R ⊆ A × A is the set of attacks.
An attack classification over an AAF is a structure that determines which attacks should be treated as conf lict-generating and which attacks should be treated as defending. DEFINITION 1 Consider an AAF F = A, R . An attack classification over F is a pair R c , R d , such that R c ⊆ R, R d ⊆ R.
An example of an AAF equipped with an attack classification is shown in Figure 1. Note that an attack classification essentially breaks down the attacks into four disjoint classes, or types, as follows.
• Normal attacks, i.e. attacks that behave in the classical manner. Such attacks are both conf lictgenerating and defending and are the ones that belong in R c ∩ R d . In our example, (a, b) is the only such attack.
Note that symmetric attacks between two arguments a and b need not be of the same type, e.g. it is possible that (a, b) ∈ R c and (b, a) ∈ R d . For a given AAF F = A, R , equipped with an attack We extend notation to sets of arguments, and, for B, C ⊆ A, we write B → C if and only if ∃b ∈ B, c ∈ C such that b → c (analogously for B → c C, B → d C). For singleton sets, we often write b → C and B → c instead of {b} → C and B → {c}, respectively (analogously for → c , → d ).

Semantics
We will now recast the definitions associated with the standard extension classes (already known from the work of Dung [11]) for our setting. In the following, we use shorthands to refer to the various types of semantics. In particular, we use cf for conf lict-free, ad for admissible, co for complete, pr for preferred, gr for grounded and st for stable. We also use σ as a catch-all symbol to indicate any of these extension types.
To define our semantics, following the tradition of Dung [11], we first refine the notion of defense, in a way that takes into account the role of attacks in the attack classification.  Now, we can recast the standard definitions for the different types of semantics given in [11], using the above ideas.

DEFINITION 3
Consider an AAF F = A, R and some attack classification In our running example, {b, d} is a cf-extension; indeed, note that, although b → d, (b, d) is not a conf lict-generating attack.
The same ideas are applied to admissible and complete extensions, whose definition essentially mimics the one typically used in AAFs but considers the attack classification through the alternative notion of defense (Definition 2).

DEFINITION 4
Consider an AAF F = A, R and some attack classification Note that, in the above definition (Definition 5), instead of only requiring that a ∈ E whenever E defends a, we have included the additional requirement that E ∪{a} is cf, thereby deviating somewhat from the definition pattern used in AAFs for co-semantics [11]. This additional requirement is redundant in the AAF setting because it results as a corollary of the weaker definition. However, it is necessary here, for reasons that will be clarified below through an example.
In our running example, {b, d} is an ad-extension because although a → c b, it is also the case that d → d a, so b is defended by {b, d}; and d is not attacked by a conf lict-generating attack. However, {b, d} is not a co-extension because c is defended by {b, d} but not included.
Further, it can be shown that {b, c, d} is a co-extension. Indeed, {b, c, d} is cf, as there is no conf lict-generating attack among its members. Also, it is an ad-extension, as it defends its members, as explained above. Moreover, although a is also defended by {b, c, d} (in a trivial manner, as a is not attacked by a conf lict-generating attack), it is also the case that {a, b, c, d} is not cf; thus, by definition, {b, c, d} is a co-extension. This example also shows why the extra requirement in Definition 5 was necessary (as was also in MAAFs [21]); without the extra requirement, neither {b, c, d} nor {a, b, c, d} would be co-extensions, which would be absurd. Moreover, without this extra requirement, no co-extension would exist in the above example because any such extension should include a, d, and, since d is included, b, c should be included too, leading to a non-cf set.
Grounded and preferred semantics are defined analogously.

DEFINITION 6
Consider an AAFF = A, R and some attack classification In our running example, as already shown above, {b, c, d} is a maximal ad-extension (because {a, b, c, d} is not cf-extension); thus, it is also a pr-extension. Interestingly, {b, c, d} is also a grextension because, we can easily verify that none of its subsets are co-extensions (d is trivially defended and d defends both b and c). Moreover, {a, d} is also a gr-extension. This shows that the gr-extension is not necessarily unique in our setting (as also was the case in MAAFs [21]), in contrast to the standard Dung [11] semantics.
Stable semantics also follow a similar pattern. Note that Definition 8 also deviates somewhat from the definition pattern of st semantics in standard AAFs. In particular, instead of requiring that E is cf, we have required that it is maximally cf. Moreover, we have required that a defending attack against all arguments not in E exists.
This alternative definition is necessary to capture the underlying intuition behind the respective definition in [11], namely that a st-extension attacks all arguments not in the extension; therefore, (i) the addition of any further argument will render it conf licting-thus, it is maximally cf; (ii) it defends itself against any attack from such arguments even if such an attack does not really exist.
This will become clearer if we analyse the examples illustrated in Figure 2. In the left example, {a} is a stable extension in the respective AAF, whereas in the right example it is not, which shows that a stable extension needs to defend itself from all external arguments, even if they do not attack the extension itself. In the setting with the attack classification, this is captured by the requirement that there should exist a defending attack (a, b) to ensure that {a} is stable. In our running example (Figure 1), note that {b, c, d} is a st-extension, but {a, d} is not.

Formal Properties
In this section, we study various properties of AAFs with an attack classification. Most of the results below are reformulations of the respective propositions that apply for AAFs, although there are exceptions. The proofs are given in Section B of the appendix.

Initial results and special cases
We start by showing the analogous of Dung's fundamental lemma (Lemma 10 in [11] Notice that Dung's fundamental lemma is not generally true for AAFs with attack classification, except from the special case where there are no attacks which are defending but not conf lictgenerating (case #2 of Proposition 1).
Using the second bullet of Proposition 1, we can show that Definitions 5 and 8 can be formulated more simply (i.e. using the pattern of [11]), when R d ⊆ R c .

PROPOSITION 2
Consider an AAF F = A, R , some attack classification R c , R d , such that R d ⊆ R c and some E ⊆ A. Then, 1. E is a co-extension if and only if E is an ad-extension and a ∈ E whenever E defends a; 2. E is a st-extension if and only if E is cf and E → d a whenever a / ∈ E.

Reductions of AAFs with an attack classification
The following two propositions show how AAFs with attack classification reduce to standard AAFs [11] and MAAFs [21] for special cases. We omit further details on MAAF here, but the interested reader can see [21] or Subsection A of the appendix in this paper.

PROPOSITION 3
Consider an AAF F = A, R and some attack classification Then, for any σ , E is a σ -extension w.r.t. R c , R d if and only if E is a σ -extension in the AAF F.

PROPOSITION 4
Consider an AAF F = A, R and some attack classification R c , R d . Consider also a MAAF F M = A M , T M , R M and some T 0 ⊆ T M . Then, for any σ -extension, the following hold.

Hierarchy and existence in extensions
Initially, we show that a hierarchy of extensions, similar to the one shown in [11], holds for AAFs with attack classification. Existence results are also analogous to [11]; in particular, for any AAF equipped with an attack classification, all types of extensions exist, except maybe st-extensions. To show this, we will first need an intermediate result, showing that we can 'incrementally' construct minimally complete extensions starting from an ad one. The proof uses an iterative function, similar to the function F AF used by Dung [11]. However, for AAFs with an attack classification, there are two subtleties.
First, F AF (as defined in [11]) adds all acceptable arguments in each iteration. In our case, this could lead to a set that is not cf. For example, consider Figure 1, where we observe that each of the arguments a, b, c is accepted by {d}, and adding any one of them in {d} would result in an adextension; however, adding them all at the same time would result in a set that is not cf (and thus not ad). Therefore, Dung's construction is inappropriate for our purposes, and a more elaborate one is needed.
Second, for infinite frameworks (i.e. argumentation frameworks with an infinite set of arguments), the existence of a minimal fixpoint for F AF (in [11]) is guaranteed by the implicit use of the Knaster-Tarski theorem [18], which requires an order preserving function. Although F AF is order-preserving, our alternative is not.
To overcome these problems, our proof uses a more complex iterative function, employing ordinals. Our proof is analogous to the one employed in [21,Proposition 7]; as a matter of fact, the proof of Proposition 7 in [21] is a special case of our proof here (see also Proposition 4). Importantly, our construction applies also to standard AAFs, so it can be viewed also as an alternative proof for a well-known property of AAFs. Note also that the proof employs the axiom of choice.

PROPOSITION 6
Consider an AAF F = A, R , some attack classification R c , R d and some E * ⊆ A such that E * is an ad-extension. Then, there exists some E such that E ⊇ E * , and the following hold: 1. E is a co-extension; 2. for any E such that E * ⊆ E ⊂ E, there exists a ∈ E \ E which is defended by E and E ∪ {a} is cf; 3. for any E such that E * ⊆ E ⊂ E, E is not a co-extension.

PROPOSITION 7
Consider an AAF F = A, R and some attack classification R c , R d . Then, for any σ ∈ {cf, ad, co, gr, pr}, there exists a σ -extension.
The fact that st-extensions are not guaranteed to exist is an obvious corollary of the fact that AAFs are special cases of AAFs equipped with an attack classification (see Proposition 3). Propositions 5 and 7 are summarized in Figure 3.
In AAFs, a gr-extension is unique. The counter-example of Figure 1 shows that this is not the case here. However, in the special case where R d ⊆ R c , the uniqueness of gr-extensions is guaranteed.

PROPOSITION 8
Consider an AAF F = A, R and some attack classification R c , R d , such that R d ⊆ R c . Then, there exists a unique gr-extension.

Studying the effect of attack classifications
We will now show some results considering the effect of the attack classification on the various extensions. Our first result shows that, as expected, irrelevant attacks (i.e. those that are neither conf lict-generating nor defending) have no effect.

PROPOSITION 9 Consider two AAFs
Then, for any σ ∈ {cf, ad, co, pr, gr, st} and any Another relevant question is what happens if we change the status of some attacks, e.g. if a 'normal' attack becomes conf lict-generating or if a defending attack becomes 'normal'. Towards this, a series of results can be shown, summarized in the following proposition.

PROPOSITION 10
Consider an AAF F = A, R and two attack classifications Then, for any E ⊆ A, the following hold.
Some comments regarding Proposition 10 are in line here. First, it is interesting to note how the direction of the implication changes depending on the semantics considered. Moreover, in most cases, additional assumptions are needed, i.e. the fact that E is a co-extension in one of the attack classifications does not necessarily imply that it is also a co-extensions w.r.t. the other. Also, notice that More importantly, gr-extensions are missing from Proposition 10. As a matter of fact, no similar condition can be devised for gr-extensions. In particular, if a set is a gr-extension under one attack classification and a co-extension under the other, this is not enough to guarantee that it is also a grextension under both. More formally, we will consider the following two conditions (both of which turn out to be false).
The first condition is shown to be false via Figure 4. In that figure, we observe the same AAF, with two different attack classifications ( shown in the left and right parts of the figure respectively), where Let us now consider the AAF in Figure 4 from the perspective of R 1 c , R 1 d . We observe that {a, b, c} is a gr-extension. Indeed, it is a co-extension because it defends all its members, and the addition of any extra argument would render the set non-cf. Now, let us consider its subclasses: ∅, {b}, {c} and {b, c} are not co-extensions (because they defend a and if we add a in the respective set we get a cf one); {a} and {a, c} are not co-extensions (because they defend a and if we add a in the respective set we get a cf one); finally, {a, b} is not an ad-extension (due to the attack c → c b).  Now, let us consider the same AAF, but from the perspective of R 2 c , R 2 d . Here, we observe that {a, b, c} is again a co-extension (as can be easily verified), but {a, b} is also a co-extension, since the conf lict-generating attack (c , c) is missing in The second condition is shown to be false via the counter example of Figure 5. There, we depict the same AAF under two different attack classifications ( shown in the left and right parts of the figure, respectively), where On the other hand, {b} is a gr-extension from the perspective of R 2 c , R 2 d , as can be easily verified.  Table 1 provies an overview of the results and highlights the differences with AAFs. We adopt the standard definition of isomorphic argumentation frameworks.

DEFINITION 9
(Isomorphic) Two argumentation frameworks F 1 = A 1 , R 1 and F 2 = A 2 , R 2 are isomorphic if and only if there exists a bijective function m: We introduce the notion of isomorphic attack classifications to describe isomorphic argumentation frameworks whose attacks are classified in the same way.

DEFINITION 10 (Isomorphic with classification) Two argumentation frameworks
The language independence principle holds for the semantics that only take into account the topology of the argumentation graph and the classification of the attacks and not the names of the arguments. We have extended its original definition [3], to take into account the classification of the attacks.

DEFINITION 11 (Language independence) A semantics σ satisfies the language independence principle if and only if for every two argumentation frameworks
In the following and all other propositions that appear in this section, the mentioned semantics refer to the semantics of AAFs with attack classification, as defined in Section 2.2. The proofs of all propositions are presented in the appendix.

PROPOSITION 11
Language independence is satisfied by co, gr, pr and st semantics.
Dung [11] introduced the notion of conf lict freeness, which was later stated as a principle by [3]. Here, we extend the original definition to take into account the classification of attacks.

PROPOSITION 12
Conf lict freeness is satisfied by co, gr, pr and st semantics.
Defense and admissibility were also proposed as principles by Baroni and Giacomin [3]. Here, we adjust their definitions to take into account the classification of attacks. DEFINITION 13 (Defense) A semantics σ satisfies the defense principle if and only if for every argumentation framework F, for every classification of its attacks R c , R d , for every σ -extension E of F with respect to R c , R d and for every argument a ∈ E, E defends a with respect to R c , R d .

PROPOSITION 13
Defense and admissibility are satisfied by co, gr, pr and st semantics.
Baroni and Giacomin [3] introduced the notions of strong defense and strong admissibility. In our framework, these are defined as follows. Strong admissibility is satisfied by the grounded semantics of AAFs, but this does not hold for AAFs with attack classification. This is the first difference we observe between the two frameworks.

PROPOSITION 14
Strong admissibility is not satisfied by any of co, gr, pr and st semantics.
Van der Torre and Vesic [20] proposed the principle of naivety, which we redefine as follows.

PROPOSITION 15
Naivety is satisfied by st semantics, but not by co, gr or pr.
Coste-Marquis et al. [10] introduced the notion of indirect conf licts, which they defined as follows. The indirect conf lict-freeness principle is then defined as follows.

PROPOSITION 16
Indirect conf lict freeness is not satisfied by any of co, gr, pr and st semantics.
Another principle proposed by Baroni and Giacomin [3] was reinstatement, according to which an extension must contain all the arguments it defends. DEFINITION 20 (Reinstatement) A semantics σ satisfies the reinstatement principle if and only if for every argumentation framework F, for every classification of its attacks R c , R d , for every σ -extension Interestingly, in contrast with AAFs, reinstatement is not satisfied by any of the semantics of AAFs with attack classification. PROPOSITION 17 Reinstatement is not satisfied by any of co, pr, gr and st semantics. Baroni and Giacomin [3] studied another similar principle called weak reinstatement, which has the following definition.
As shown in the following proposition, weak reinstatement is also not satisfied by any of the semantics of AAFs with attack classification, signifying another important difference with AAFs.

PROPOSITION 18
Weak reinstatement is not satisfied by any of co, gr, pr and st semantics.
Another similar principle introduced by Baroni and Giacomin [3] is CF-reinstatement. Here, this principle can be defined as follows.
DEFINITION 22 (CF-reinstatement) A semantics σ satisfies the CF-reinstatement principle if and only if for every argumentation framework F, for every classification of its attacks R c , R d , for every σ -extension E of F with respect to R c , R d and for every a ∈ A it holds that if E defends a with respect to R c , R d and E ∪ {a} is conf lict-free, then a ∈ E.
While AAFs and AAFs with attack classification behave totally differently with respect to the two other forms of reinstatement, their behaviour is exactly the same with respect to CF-reinstatement.

PROPOSITION 19
CF-reinstatement is satisfied by co, gr, pr and st semantics.
The principle of I-maximality, originally proposed in [3] states that an extension cannot contain another extension.
DEFINITION 23 (I-maximality) A semantics σ satisfies the I-maximality principle if and only if for every argumentation framework F, for every classification of its attacks R c , R d and for every σ - PROPOSITION 20 I-maximality is satisfied by gr, pr and st semantics, but not by co.
We next consider the allowing abstention principle, introduced by [1] and defined as follows.
DEFINITION 24 (Allowing abstention) A semantics σ satisfies the allowing abstention principle if and only if for every argumentation framework F, for every classification of its attacks R c , R d , for every a ∈ A, if there exist two σ -extensions E 1 , E 2 of F with respect to R c , R d , such that a ∈ E 1 and E 2 → c a then there exists an extension E 3 such that a / ∈ E 3 and E 3 does not attack (with a conf lict-generating attack) a.
AAFs and AAFs with attack classification behave differently with respect to this principle for the complete and grounded semantics.

PROPOSITION 21
Allowing abstention is not satisfied by any of co, gr, pr and st semantics.
In order to define crash resistance [8] in our framework, we first need to introduce the following two definitions.

PROPOSITION 22
Crash resistance is satisfied by co, gr and pr semantics but not by st.
Crash resistance forbids only the most extreme form of interferences between disjoint subgraphs. A stronger property, non-interference, was defined by Caminada et al. [8]. We first need to define a notion of isolated set, i.e. a set that neither attacks outside arguments nor is attacked by them.

PROPOSITION 23
Non-interference is satisfied by co, pr and gr semantics but not by st.
The previous principle can be made even stronger by considering the case when the set S is not attacked by the rest of the framework but can attack the rest of the framework with any attack. Such sets are called unattacked and are defined as follows.
DEFINITION 30 (Unattacked) Given an argumentation framework F = A, R with a classification of attacks R c , R d , a set of arguments U ⊆ A is unattacked if and only if a ∈ A \ U such that a attacks U. The set of unattacked sets in F is denoted by US(F).
Using the notion of unattacked sets, the principle of directionality, introduced by Baroni and Giacomin [3], is defined as follows. While AAFs and AAFs with attack classification behave in the same way with respect to crash resistance and non-interference, their behaviour is different for the complete, preferred and grounded semantics with respect to directionality.

PROPOSITION 24
Directionality is not satisfied by any of co, gr, pr and st semantics.
We now consider two variants of directionality, called weak directionality and semi-directionality, originally defined in [20]. Similar to directionality, AAFs with attack classification demonstrate a different behaviour from AAFs with respect to weak directionality and semi-directionality for the complete, grounded and preferred semantics.

PROPOSITION 25
Weak directionality is satisfied by st semantics but not by co, gr or pr.

PROPOSITION 26
Semi-directionality is not satisfied by any of co, gr, pr and st semantics. Table 1 provides an overview of the principles that are satisfied or violated by each of the semantics of AAFs with attack classification, highlighting the differences with AAFs. As expected, AAFs with attack classification satisfy a subset of the principles satisfied by AAFs. This is because AAFs are a special case of AAFs with attack classification, as shown in Proposition 3. Some notable findings are (i) the two frameworks behave in the same way with respect to most of the principles; (ii) the grounded semantics does not satisfy strong admissibility; (iii) while none of the semantics satisfy reinstatement or weak reinstatement, they all satisfy CF-reinstatement; (iv) allowing abstention is not satisfied by any of the semantics; and (v) with respect to all directionality principles, AAFs with attack classification behave in the same way with AAFs for the stable semantics, but, in contrast with AAFs, they violate these principles for the complete, grounded and preferred semantics.

Use Case: Argumentation Schemes
Argumentation schemes are patterns of arguments used in everyday conversational argumentation [23]. Each scheme is informally described in terms of a set of defeasible premises and a conclusion and is associated with a set of critical questions, which are possible ways to undermine an argument matching the scheme. For example, the scheme for arguments from position to know is described as follows.

Conclusion: A is true (false).
The critical questions associated with this scheme are as follows.
CQ 1 : Is a in a position to know whether A is true (false)? CQ 2 : Is a an honest (trustworthy, reliable) source? CQ 3 : Did a assert that A is true (false)?
A formal model of argumentation schemes, which is still missing, would enable evaluating arguments matching the schemes using computational methods. Here, we show how they can be formalized as AAFs equipped with an attack classification. Our approach consists of the following steps (for an example, see Figure 6).
1. Model the argument matching a scheme, each critical question associated with the scheme, and each response to a critical question as arguments in an AAF. 2. Add a normal attack from each critical question to the main argument. By modelling the attack from the response to the critical question as a normal attack, we make sure that the attack from the critical question to the argument is ineffective. If all critical questions are attacked with a normal attack, and if there are no other counter-arguments, the argument becomes sceptically accepted. On the other hand, by modelling the attack to the critical question as defending, we leave some doubt regarding the acceptability of the argument. If there are no other counterarguments, the argument is not rejected but is included in some of the extensions of the framework.
To illustrate this behaviour, we use the classic example of a dialogue in which a tourist, wandering around in a foreign city, asks a stranger where the Central Station can be found. The stranger says that the station is behind building X, so the tourist believes that the station is there (a). The three questions that could then be asked are the following. Is the stranger in position to know where the station is (cq 1 )? Is the stranger a reliable source (cq 2 )? Did the stranger indeed say that the Central Station is located behind building X (cq 3 )? Consider the following responses to these questions. The stranger said she works at the station, she is therefore in position to know (r 1 ). She was wearing a uniform, so she is a reliable source (r 2 ). Her English was great, so I am sure she said that the station is located behind building X (r 3 ).
We can model this dialogue as an AAF as described above and as shown in Figure 6. Considering the responses to the critical questions as adequate, we model the attacks to the arguments representing the critical questions as normal. This framework has only one (complete, grounded, preferred, stable) extension, which contains the argument concluding that the Central Station is behind building X.
Consider now the case that the response to cq 3 is the following: 'There was too much noise and I couldn't hear what the stranger was saying, but I could read her lips' (r 3 ). Obviously, such a response would leave a doubt about whether the station is indeed located behind building X. To capture this case, we model the attack from r 3 to cq 3 as a defending attack. The framework then has two complete extensions, one in which a is accepted ({r 1 , r 2 , r 3 , a}) and another in which a is not accepted ({r 1 , r 2 , r 3 , cq 3 }). While there might be other ways to end up with the same extensions by using standard AAFs and by adding additional arguments or attacks, our approach offers a standard and intuitive way of modelling argumentation schemes, with critical questions attacking the main argument and responses attacking the critical questions. Following this approach, the acceptability of the main argument depends only on characterizing the attack to the critical question.

A Declarative Implementation
The proposed framework has been implemented as a Web App, 2 through which users can write their own AAFs with attack classification and request the computation of all/one of the σ -extensions, where σ ∈ {cf, ad, co, st, pr, gr}. For each request, the app returns the number of σ -extensions (if the user requests all σ -extensions), the σ -extension(s) and the time that the solver needed to compute the extensions.
The various semantics have been encoded in the language of Answer Set Programming (ASP), a declarative, non-monotonic formalism suitable for solving combinatorial and optimization problems. The Web App uses the Clingo 3 and Asprin ASP reasoners 4 to execute the logic programs. Asprin is applied when optimizations, such as subset/superset relations, are needed.
The main components and the workf low of our implementation are shown in Figure 7. The wrapper and the ASP code are available in our GitHub repository. 5 The ASP encoding of the different semantics is also shown in Subsection C of the appendix.
In brief, the system receives an ASP program representing an AAF with attack classifications, along with the user's choice of semantics to compute. Through a GUI, the user can specify the type of extensions she is interested in and also if she wishes one or all extensions (Step 1 in Figure 7). Then, the system computes the corresponding extensions by applying the associated (to the selected semantics) ASP code. It uses Clingo to compute the cf, ad and co extensions and Asprin to compute the gr, pr and st extensions, taking advantage of its capability to compute maximal or minimal Next, we discuss the rationale of our ASP encoding with the help of an example. Consider the framework shown in Figure 8, containing the arguments {a, b, c}, a conf lict-generating attack from argument a to c, a defending attack from argument b to c and a normal attack from a to b. The encoding of this input in ASP, according to our implementation, is as follows: The first rule defines the available arguments of the framework, and then all attack relations are specified by means of the attacks/3 predicate.
The ASP program for cf begins by generating combinations of arguments that may comprise a possible answer.
The above so-called choice rule generates every possible subset of the set of arguments, and for each subset, it instantiates the cf _extension/1 predicate with every argument it contains. In our example, a program having this rule alone would generate 8 answer sets, each containing instances of cf-extension with arguments from each of the following sets: {}, {a}, {b}, {c}, {a, b}, {a, c}, {b, c},  {a, b, c}. Apparently, not all of these answer sets are valid cf-extensions for the given framework. In order to compute the valid conf lict-free sets, an appropriate constraint needs to be applied: The above constraint eliminates any answer where an internal conf lict-generating attack among arguments exists. In our running example, when this constraint is applied, together with the choice rule and the input, it will generate 5 answer sets, one for each of the following sets: The same rationale is applied to the other extensions. For instance, for computing the ad extensions, we initially consider all cf extensions, and we start pruning any answer set that does not satisfy the following constraint.
The following rules specify the cases that the defendedByExtension/1 predicate is true: The first rule represents the case that an argument does not receive a conf lict-generating attack. The second rule describes the case that the argument is defended against conf lict-generating attacks by a conf lict-free set. The third rule is used to describe arguments receiving a conf lict-generating attack. These rules implement the conditions of admissibility as described in Definition 4. In our running example, these rules will generate two ad answer sets: {}, {a}.
The computation of pr and gr extensions is trivial with Asprin. We first compute all the ad and co answer sets, respectively, for pr and gr, and then we find the maximal (for pr) or minimal (for gr) sets among them. For the pr answer sets, the rules that compute the maximal w.r.t. subset relation ad answer sets are The first line is a preference predicate with name p1 and type superset for the atom ad_extension/1. In the second line, we ask to optimize p1. Eventually, Asprin will compute the maximal subsets for the atom ad_extension/1. If more than one maximal answer sets exist, all of them will be returned.
Similar is the case for gr. With the following rules, we find the minimal w.r.t. subset relation co answer sets.
In our running example, the gr, pr and co answer sets are the same: {a}.
For the st semantics, we use a similar set of rules to compute the maximal conf lict-free sets. We then use the following two rules to find the arguments attacked (with a defending attack) by these sets and to prune the answers that contain arguments that are neither contained nor attacked by these sets: In our running example, there is no st extension.

Related Work
The need to further refine the notion of attack in argumentation frameworks has led to several different extensions of AAFs. For example, AAFs with recursive attacks (AFRAs) [2] and extended argumentation frameworks (EAFs) [17] extended the definition of attack, allowing attacks to be directed not only to arguments but also to other attacks. The difference between the two is that, while in EAFs only attacks whose target is an argument can be attacked, in AFRA, any attack can be attacked. This idea is orthogonal to our approach that considers a classification of attacks, which are, however, all directed to arguments, and studying the combination of these two approaches, e.g. by allowing different types of attack that can be directed to either arguments or attacks is an interesting research direction.
Commonsense argumentation frameworks [22], on the other hand, included two types of attacks, which differ in the type of arguments they are directed to, i.e. deductive arguments or commonsense arguments. In our framework, all arguments are of the same type and attacks are not characterized by the arguments they are directed to, but by the role that the modeller would like them to have in the process that selects an acceptable set of arguments.
Bipolar argumentation frameworks (BAFs) [9] introduced support as a new kind of interaction among arguments in abstract argumentation. The definition and role of direct defeats is the same as that of attacks in AAFs, while the role of support is to help arguments establish their rationality. A combination of supports and defeats in a chain of arguments can lead to different types of defeat among arguments such as indirect and supported defeats. The main difference with our approach is that such types of interaction are not primitive but result from the combination of the pairwise interactions in a chain of arguments. Another important difference is that all types of defeat in BAFs have the same dual role with the attacks in AAFs, i.e. to generate conf licts and to defend other arguments.
Some other studies have introduced weights or preferences on attacks following quantitative or qualitative approaches. For example, weighted argumentation systems [13] assign weights to attacks as a way to describe their strength, and use the idea of an inconsistency budget as a way to disregard attacks up to a certain weight. The idea of weighted attacks is also used in [14], where the acceptability of arguments is not defined in terms of the standard Dung-style extensions, but in terms of numerical values derived from a set of equations describing the arguments and the attacks. weighted argumentation systems are also presented in [6]. The main difference with our approach is that our aim is not to capture the strength of attacks, but the different roles that attacks may have in an argumentation framework. These two ideas are orthogonal, and combining them to develop a weighted argumentation framework with attack classification would be an interesting future research direction. While social networks is indeed a domain where numerical weights can be derived from the reactions of the users, in many other domains, such types of data may not be available.
A qualitative approach to represent preferences among attacks was proposed in [16]. Similarly to our approach, the authors defined a framework with (an arbitrary number of) types of attack. These are partially ordered and each attack is assigned one of these types. This allows for a finergrained definition of defense (compared with AAFs), which can roughly be described as follows: an argument is defended against an attack from a counter-argument, if the latter receives a stronger attack from another argument. It also allows for a finer definition of acceptability semantics, which take into account the relative difference of strength between defensive and offensive attacks.
All such preference-based approaches and many others, such as [7,15], which use either numerical values or priorities to represent the (relative) strength of attacks, have a common aim: to capture the (absolute or relative) strength of arguments and to resolve conf licts by comparing the conf licting arguments according to their strength. Our aim, on the other hand, is to capture the different roles that attacks may have in an argumentation framework. These two ideas are orthogonal, and combining them to develop a weighted or preference-based argumentation framework with attack classification would be an interesting future research direction.
Similarly to our approach, [19] considers different types of attack (or attack relations) among arguments. Their approach is based on the intuition that each attack relation can represent a different criterion according to which the arguments can be evaluated one against another. The evaluation of arguments is based on the aggregation of the different attack relations using methods from social choice theory, such as majority voting, and the use of the standard acceptability semantics of AAFs in the aggregate argumentation framework. They do not, therefore, provide ways to treat certain criteria differently than others, which is one of the main characteristics of the AAFs with attack classification where conf lict-generating and defending attacks have different effects on the acceptability of the arguments they attack or defend.
Deductive argumentation [5] also supports different types of attack, which depend on the underlying logic. For example, choosing classical logic as the base logic provides seven different types of attack. The different types of attack in such frameworks are associated with the internal structure of arguments and cannot therefore be directly compared with our framework where arguments are abstract. Extending those frameworks with the ability to explicitly represent the role of attacks, as in our framework, would enable alternative ways to reason with structured arguments, which might be useful in some domains.
AAFs with attack classification generalize AAFs in a way that cannot be captured by any of the other extensions of AAFs discussed in this section. As shown in Proposition 3, the framework we propose preserves compatibility with AAFs retaining many of its nice properties (see Section 4). This also makes it possible to extend AAFs with attack classification with additional features of other frameworks (e.g. preferences, weights on arguments or attacks, etc.), which are also compatible with AAFs, resulting in even more expressive argumentation models. The study of such potential extensions is among our plans for future work.

Conclusion
Motivated by the observation, we made in [21] on the dual role of attacks in AAFs, in this paper, we introduce a new abstract model of arguments called AAFs with attack classification. Its main characteristic is that it allows specifying the role of each attack in a given argumentation graph. Specifically, it allows classifying attacks into four disjoint sets: normal attacks, which are equivalent to the standard attacks of AAFs; conf lict-generating attacks, which generate conf licts, but cannot defend against one; defending attacks, which can defend other arguments, but do not generate conf licts; and irrelevant attacks, which are neither conf lict-generating nor defending and are, therefore, ignored. This classification allows our framework to more accurately model realworld dialogues where different responses to the same argument may have a different effect on its acceptability. We recast the definitions of conf lict-free, admissible, complete, preferred, grounded and stable extension-based semantics to account for the attack classification that we introduced to AAFs. To examine the behaviour of the new framework and its semantics, we studied their properties and their relation with the semantics of AAFs, and we assessed the different semantics against a set of standard principles. Finally, to enable testing our framework, we developed a Web App that supports the creation of argumentation frameworks with attack classification and the computation of their extensions.
As we explain in Section 7, the attack classification that we extend AAFs with, is orthogonal to other extensions that previous studies have proposed. The combination of different extensions can, therefore, lead to more expressive frameworks that introduce preferences or weights on different types of attack, or apply the proposed classification to other types of attack such as the second-order attacks of EAFs [17], the high-order attacks of AFRA [2] or the structure-aware attacks of structured argumentation frameworks.
Our plans for future work include extending both the theoretical and the practical results we present in this paper. In terms of theory, we plan to define alternative semantics for our framework (e.g. semi-stable, eager, ideal) based on their corresponding definitions for AAFs. We also want to extend our principle-based analysis with other principles that are related to the notion of skepticism, such as skepticism adequacy and resolution adequacy [3] or to expressiveness, such as tightness, conf lict-sensitiveness and com-closure [12]. Such an analysis will help us better understand the advantages and limitations of our approach and its differences with AAFs. We also plan to define new principles, which will be specific to AAFs with attack classification. This will help further analyse the behaviour of this framework and may also lead to the definition of new semantics, tailored to its distinctive features.
Another possible theoretical extension of our work would be to make the 'defending' property attack-specific. In particular, one could argue that a defending attack from argument a to argument b may be defending some (but not all) of the conf lict-generating attacks originating from b. To support this, we could consider a formalism, where the 'characterization' of the attack as defending would also include the (conf lict-generating) attacks that it can be used to defend other arguments from. This would, of course, result in a more complex formalism but also a more expressive one.
In terms of practical work, we want to evaluate and refine the Web App in terms of performance and usability. We also want to explore potential applications of our framework in domains where the proposed classification of attacks fits well with the types of information they use, such as persuasion dialogues or debates in web forums and social media.

A Appendix
A multi-attack argumentation framework In this section, we provide the background material which refers to multi-attack argumentation frameworks (MAAFs) and their semantics, originally defined in [21]. An MAAF is an argumentation framework where attacks are of multiple types.

DEFINITION 34
An MAAF is a tuple A, T , R , such that • A is a set of arguments; • T is a set of attack types; • R ⊆ A × A × T is a set of type-annotated attacks among arguments.
Note that A and/or T can be infinite, so R can be infinite too. Intuitively an attack (a, b, τ ) ∈ R represents that a attacks b and that the attack is of type τ . Note that the same two arguments may be related with attacks of different types, in which case each attack type is represented as a different triple in R.
For any given set of types T 0 ⊆ T , we say that a attacks b w.r.t. T 0 (denoted by a → T 0 b) if there exists τ ∈ T 0 , such that (a, b, τ ) ∈ R. For simplicity, we often write → τ to denote → {τ } and → to denote → T . We extend notation to sets of arguments, and, for B, C ⊆ A, we write B → T 0 C if and only if ∃b ∈ B, c ∈ C such that b → T 0 c. For singleton sets, we often write b → T 0 C and B → T 0 c instead of {b} → T 0 C and B → T 0 {c}, respectively.
The restriction of an MAAF to a specific set of types T 0 is the AAF that is generated from the MAAF by considering only the attacks in T 0 . Formally, given an MAAF A, T , R , the restriction To define MAAF extensions, we introduce three new classes of semantics: firm, restricted and loose. For each type of semantics defined in [11] (e.g. admissible, complete, etc.), we define its counterpart for each class (e.g. firmly admissible, restrictively stable, loosely complete, etc.). The three classes differ in how certain types of attack are considered. As already mentioned, the idea behind our semantics is the treatment of certain types of attacks as being conf lict-generators only or attackers only. To do this, we consider a certain set of types, say T 0 , which are treated in the 'normal' manner. Different types of semantics can now result depending on the exact behaviour of the attacks in T \ T 0 . In particular: 1. Firm semantics (e.g. admissible, complete) w.r.t. a certain set of attack types (say T 0 ) requires a candidate extension to be defended against all types of attacks, and an attack can be defended only by attacks from T 0 . In other words, attacks in T 0 have the standard behaviour, but attacks in T \ T 0 act as conf lict-generators only, not as defenders. We call them firm because, while they allow any type of argument to unleash offensive attacks, they only allow certain types of attack (those in T 0 ) to defend an argument, making its defense more difficult. 2. Restricted semantics (e.g. admissible, complete) w.r.t. a certain set of attack types (say T 0 ) require a candidate extension to be defended against attacks from T 0 only, and an attack can be defended only by attacks from T 0 . Thus, restricted semantics essentially consider only the attacks in T 0 , both for the attacks and for defending against them, i.e. attacks in T \ T 0 are totally ignored. 3. Loose semantics (e.g. admissible, complete) w.r.t. a certain set of attack types (say T 0 ) are the most 'relaxed' ones, as they require a candidate extension to be defended only against attacks from T 0 , while defense can happen by any type of attack. In other words, in loose semantics, attacks in T \ T 0 are treated as defenders only and cannot generate attacks. Loose semantics allows attacks to be ignored, so they may result to extensions that are not defended against all attacks, specifically against attacks that are of types not in T 0 .
In the following, we use shorthands to refer to the various types and classes of semantics. In particular, for the three classes of semantics, we use fr for firm, re for restricted and lo for loose semantics. We also use θ as a catch-all variable that refers to any of these classes. Similarly, for types of extensions, we use cf for conf lict-free, ad for admissible, co for complete, pr for preferred, gr for grounded and st for stable. We also use σ as a catch-all variable to indicate any of these extension types. For example, we write fr-co-extension to refer to a firmly complete extension, and θ − σ -extension to refer to an extension of class θ and the type denoted by σ .
The definitions for the above semantics in MAAFs follow.

DEFINITION 35
Consider an MAAF A, T , R , some T 0 ⊆ T , some a ∈ A and some set E ⊆ A. We define the notion of defense for the different classes of semantics as follows: • B Proofs for formal properties PROOF OF PROPOSITION 1. Case #1 of the proposition is obvious by the fact that E defends all its elements, as well as a and thus it defends all elements of E ∪{a}. Also, E ∪{a} is cf, by the hypothesis. For case #2, again, we observe that E ∪ {a} defends all its elements, so it suffices to show that E ∪ {a} is cf. We note 4 different cases.
• If E → c E, then we get a contradiction because E is cf.  Again, the result follows trivially from the respective definitions a → T 0 b. PROOF OF PROPOSITION 5. #1, #2 and #3 are obvious by the respective definitions. For #4, it suffices to show that if σ defends a and E ∪ {a} is cf, then a ∈ σ . Indeed, we observe that, under the above assumptions E ∪ {a} is an ad-extension, so if a / ∈ σ , then E ∪ {a} ⊃ E, a contradiction by the fact that E is a maximal ad-extension. For #5, note that if E is a st-extension, then it is cf and also defends itself against all external attacks; thus, it is ad. Furthermore, it is maximally ad, since it is maximally cf. Therefore, E is a pr-extension.
PROOF OF PROPOSITION 6. We will prove the result constructively. First, we will describe a construction over F, and then we will show that this construction generates some E with the properties required. The proof is broken down in steps, represented as claims proved individually below; the last claim (Claim 6) shows the result. Construction. We assume a well-order ≺ over A (its existence is guaranteed by the axiom of choice). For a given set E ⊆ A, we denote by min ≺ E the minimal element of E according to ≺. Moreover, for E ⊆ A, set E = {a ∈ A \ E | E: defends a, E ∪ {a} is cf }, i.e. the arguments that are defended by E and do not conf lict with E. We define the function: φ : 2 A → 2 A as follows: Finally, we define a function G recursively on the ordinals as follows: , when β is a successor ordinal G(β) = {G(γ ) | γ < β} , when β is a limit ordinal. CLAIM 1. For two ordinals β, γ , if β < γ , then G(β) ⊆ G(γ ). We will use transfinite induction on γ . If γ = 0, then the result holds trivially as there is no β for which β < γ . Suppose that the result holds for all γ < δ; we will show that it holds for γ = δ. If δ is a successor ordinal, then there exists some δ − such that δ = δ − + 1. Clearly, by the definition of G and φ, G(δ) ⊇ G(δ − ). Furthermore, by the inductive hypothesis, G(δ − ) ⊇ G(β), which shows the result. If δ is a limit ordinal, then the result follows directly by the definition of G. CLAIM 2. For any ordinals β, G(β) ⊇ E * . If β = 0 the result follows by the definition of G. If β > 0, the result follows by Claim 6. CLAIM 3 For any ordinal β, G(β) is an ad-extension.
By Claim 6, we conclude that G is an increasing function from the ordinals into 2 A . It cannot be strictly increasing, as if it were we would have an injective function from the ordinals into a set, violating Hartogs' lemma. Therefore, the function must be eventually constant, so for some β, G(β) = G(β + 1). CLAIM 5. There exists some E such that E ⊇ E * , and the following hold.
1. E is a co-extension.

2.
For any E such that E * ⊆ E ⊂ E, there exists a ∈ E \ E which is defended by E and E ∪ {a} is cf. 3. For any E such that E * ⊆ E ⊂ E, E is not a co-extension.
PROOF OF PROPOSITION 13. Admissibility follows directly from the definitions of co, gr and pr semantics, according to which every co, gr or pr extension must be ad. According to the definition of st semantics, every st-extension is cf and defends itself against all arguments it does not contain; it is, therefore, ad. Since admissibility is a special case of defense, defense is also satisfied by co, gr, pr and st semantics.
We introduce the following lemma to simplify the proofs of some of the remaining propositions.
LEMMA 1 Any principle that is not satisfied by the σ -semantics of AAF is not also satisfied by the σ -semantics of AAFs with attack classification. PROOF OF LEMMA 1. Consider a semantics of AAFs σ and a principle p not satisfied by σ . This means that there is an AAF, F = A, R and a σ -extension of it E not satisfying the requirements of p. From Proposition 3, E is also a σ -extension of F = A, R with attack classification R c , R d , where R c = R d = R. Since E does not satisfy the requirements of p, the σ semantics of AAFs with attack classification violate p. PROOF OF PROPOSITION 14. As shown in [3], strong admissibility is not satisfied by the co, pr and st semantics of AAFs. By Lemma 1, it is also not satisfied by the co, pr and st semantics of AAFs with attack classification. For the gr semantics, consider an AAF F = A, R with attack classification R c , R d , where A = {a, b, c}, R c = {(a, b), (a, c)} and R d = {(c, a)}. Its grounded extensions are E 1 = {a} and E 2 = {b, c} and E 2 does not strongly defend c. Therefore, strong admissibility is not satisfied by gr semantics either. PROOF OF PROPOSITION 15. As shown in [20], naivety is not satisfied by the co, gr and pr semantics of AAFs. By Lemma 1, it is also not satisfied by the co, gr and pr semantics of AAFs with attack classification. For the st semantics, naivety follows directly from its definition. PROOF OF PROPOSITION 16. As shown in [10], indirect conf lict-freeness is not satisfied by any of co, gr, pr and st semantics of AAFs. By Lemma 1, it is also not satisfied by any of co, gr, pr and st semantics of AAFs with attack classification. PROOF OF PROPOSITION 17. Consider the AAF shown in Figure 1. {b, c, d} is a complete, grounded, preferred and stable extension, which defends a but does not contain it. Therefore, reinstatement is not satisfied by any of co, gr, pr and st semantics. PROOF OF PROPOSITION 18. In the AAF shown in Figure 1, {b, c, d} strongly defends a but does not contain it. Therefore, weak reinstatement is not satisfied by any of co, gr, pr and st semantics.
PROOF OF PROPOSITION 19. CF-Reinstatement follows directly from the definitions of co, gr and pr semantics. For the st semantics: suppose there is a st extension E and an argument a such that E ∪ {a} is conf lict-free and a does not belong to E. This cannot be the case because E would not be maximally cf. Therefore, CF-reinstatement is also satisfied by the st semantics. PROOF OF PROPOSITION 20. As shown in [3], I-maximality is not satisfied by the co semantics of AAFs. By Lemma 1, it is also not satisfied by the co semantics of AAFs with attack classification. I-Maximality follows directly from the definitions of gr, pr and st semantics. PROOF OF PROPOSITION 21. Consider the AAF shown in Figure 1. {b, c, d} and {a, d} are co, gr and pr extensions. Argument b is contained in {b, c, d} and attacked by {a, d} and there is no other (co, gr or pr) extension. The non-satisfiability of allowing abstention by the st semantics follows directly from its definition, which requires that every st extension must be maximally cf.
The following lemma has been proved for AAFs in [1]. We will prove that this result holds also for AAFs with attack classification. This lemma will be used for proving the remaining propositions.
LEMMA 2 For all semantics of AAFs with attack classification: (i) directionality implies non-interference and (ii) non-interference implies crash resistance.
PROOF OF LEMMA 2.(i) follows directly from Definitions 28 and 30, according to which every isolated set is also an unattacked set.
For (ii), suppose that for a semantics σ that satisfies non-interference, there is a contaminating argumentation framework F * = (A * , R * ). Then, for any framework F = A, R disjoint from F * , it holds that σ (F * ) = σ (F * ∪F). However, σ satisfies non-interference and A is isolated in F * ∪F, thus: σ ((F * ∪ F) ↓A ) = {E ∩ A|E ∈ σ (F * ∪ F)}. F * = (A * , R * ) and F = (A, R) are disjoint; therefore, σ ((F * ∪ F) ↓A ) = σ (F) and by the initial supposition, F * and F have the same set of σ -extensions. Therefore, the previous equation implies: σ (F) = {E ∩ A|E ∈ σ (F * )}, and, since F * and F are disjoint, σ (F) = σ (F * ). This is obviously a contradiction, unless σ returns only the empty set as an extension for any framework, which is not the case for any of the semantics that we study.
PROOF OF PROPOSITION 22. By Proposition 23 and Lemma 2, co, gr and pr semantics satisfy crash resistance. As shown in [8], crash resistance is not satisfied by the st semantics of AAFs. By Lemma 1, it is also not satisfied by the st semantics of AAFs with attack classification. PROOF OF PROPOSITION 23. We show that for σ = co, for any argumentation framework F = A, R with any classification of attacks R c , R d and for any isolated set S ⊆ A: σ (F ↓S ) = {E ∩S|E ∈ σ (F)}. Let S 1 an isolated set of F and E 1 a co-extension of F ↓S 1 . Then S 2 = A\S 1 should also be isolated, since it does not attack or receive any attacks from S 1 . Let E 2 be a co-extension of F ↓S 2 . For both E 1 and E 2 , it holds that they are conf lict-free and they defend all arguments they contain from attacks from S 1 (resp. S 2 ). Since there are no attacks between S 1 and S 2 , both E 1 and E 2 defend all arguments they contain from attacks from A and E = E 1 ∪ E 2 is conf lict-free. E is, therefore, admissible in F. Furthermore, E 1 (resp. E 2 ) cannot defend any argument in S 2 (resp. S 1 ). Therefore, E contains all arguments in A that it defends from attacks from A.Itis, therefore, aco − extensionof F andE 1 = E ∩ S 1 . Since this holds for any extension of S 1 , co(F ↓S 1 ) ⊆ {E ∩ S 1 |E ∈ co(F)}.
Consider now any co-extension of F, E , such that E 1 = E ∩ S 1 . E is conf lict-free and defends all arguments it contains from attacks from A; therefore, given that there are no attacks between S 1 and S 2 = A \ S 1 , E 1 is conf lict-free and defends all arguments it contains from attacks from S 1 . This means that E 1 is admissible in F ↓S 1 ] . Since E is complete, there is no argument a 1 in A \ E and therefore also in S 1 \ E 1 , such that E defends a 1 and E ∪ {a 1 } is conf lict free. Given that there are no attacks between S 1 and S 2 , this means that there is no argument a 1 ∈ S 1 \ E 1 such that E 1 defends a 1 and E 1 ∪ {a 1 } is conf lict free. E 1 is, therefore, a co-extension of F ↓S 1 . Since this holds for any co-extension of F, co(F ↓S 1 ) ⊇ {E ∩ S 1 |E ∈ co(F)}. The co semantics, therefore, satisfies non-interference.