**5. A declarative debugging tool of wrong answers in** T OY

Fig. 4 shows the *APPT*(R) associated to the *PPT*(R) of Fig. 3 as displayed by DDT , the debugger tool included in the system T OY. Although in theory all the c-facts in a *PPT*(R) should include the same constraint Π, in practice the tool simplifies Π at each c-fact *f tn* → *t* ⇐ Π, keeping only those atomic constraints related to the variables occurring on *f tn* → *t*. It can be checked that such a simplification does not affect the intended meaning of c-facts.


Fig. 4. The *APPT*(R) corresponding to the *PPT*(R) of Fig. 3

Before starting a *debugging session*, the user may inspect and simplify the tree using several facilities. For instance the user could mark any node corresponding to the infix function && as *trusted*, indicating that the definition of && is surely not erroneous. This makes all the nodes corresponding to && automatically valid. Valid nodes can be removed from the tree safely (the set of buggy nodes doesn't change) by using a suitable menu option.

Next, the user can start a debugging session by selecting one of the two possible strategies included in DDT : the *top-down* or the *divide and query* strategy (see (Caballero & Rodríguez, 16 Will-be-set-by-IN-TECH

A node in an *APPT*(D) is called a *buggy node* iff the c-statement at the node is not valid in the intended interpretation I, while all the c-statements at the children nodes are valid in I. Our last theorem guarantees that declarative diagnosis with *APPT*(D)*s* used as *CTs* leads to the

**Theorem 4** (**Declarative Diagnosis of Wrong Answers).** *Under the assumptions of Theorem 3, any APPT*(D) *witnessing* P �*CPPC*(D) *<sup>G</sup>* ⇐ *S (which must exist due to CPPC*(D)*-soundness of the goal solving system) has some buggy node. Moreover, each buggy node points to a program rule*

Fig. 4 shows the *APPT*(R) associated to the *PPT*(R) of Fig. 3 as displayed by DDT , the debugger tool included in the system T OY. Although in theory all the c-facts in a *PPT*(R) should include the same constraint Π, in practice the tool simplifies Π at each c-fact *f tn* → *t* ⇐ Π, keeping only those atomic constraints related to the variables occurring on *f tn* → *t*. It can be checked that such a simplification does not affect the intended meaning of c-facts.

Before starting a *debugging session*, the user may inspect and simplify the tree using several facilities. For instance the user could mark any node corresponding to the infix function && as *trusted*, indicating that the definition of && is surely not erroneous. This makes all the nodes corresponding to && automatically valid. Valid nodes can be removed from the tree safely

Next, the user can start a debugging session by selecting one of the two possible strategies included in DDT : the *top-down* or the *divide and query* strategy (see (Caballero & Rodríguez,

*belonging to* P *which is incorrect in the user's intended interpretation.*

**5. A declarative debugging tool of wrong answers in** T OY

Fig. 4. The *APPT*(R) corresponding to the *PPT*(R) of Fig. 3

(the set of buggy nodes doesn't change) by using a suitable menu option.

correct detection of program errors.

2004) for a comparative between both strategies in an older version of DDT which did not yet support constraints). After selecting the *divide and query* strategy, which usually leads to shorter sessions, DDT asks about the validity of the following node:


The intended program model corresponds to the intuitions explained in Section 2. Therefore, the question must be understood as: *Is* (*X*,*Y*) *a point in the intersection of the two rectangles for all possible values of X, Y satisfying X* ≤ 35, *X* ≥ 20,*Y* ≤ 5 *is* (*X*,*Y*)*?* The answer is *no*, because with these constraints *Y* can take any value less than 5 and some of these values would yield a pair (*X*,*Y*) out of the intersection for every *X*. Therefore the user marks the cross meaning that the c-fact is non-valid. The next question is:


which is also reported as non-valid by the user. At this point a buggy node is found by the tool, pointing out to the incorrect program rule and ending the debugging session:

The current version of the debugger supports programs using the constraint domain R, which provides arithmetic constraints over the real numbers as well as strict equality and disequality constraints over data values of any type; see Example 3 and (López et al., 2006) for details. The tool is as an extension of older versions which did not yet support constraints over the domain R (Caballero, 2005; Caballero & Rodríguez, 2004), and it is part of the public distribution of the functional-logic programming system T OY, available at http://toy.sourceforge.net. The *APPT*(R) associated to a wrong answer is constructed by means of a suitable program transformation. The yielded tree is then displayed through a graphical debugging interface implemented in Java. More detailed explanations on the practical use of DDT can be found in (Caballero, 2005; Caballero & Rodríguez, 2004).

**6. Declarative debugging of missing answers in** *CFLP*(D)

of Wrong and Missing Answers in Declarative Constraint Programming

*<sup>i</sup>*∈*<sup>I</sup> Sol*D(*Si*)*, meaning that the aca G* <sup>⇒</sup>

system has computed the disjunction of answers *D* =

Formally, assuming *<sup>G</sup>* <sup>=</sup> <sup>∃</sup>*U*. (*<sup>R</sup>* ✷ (<sup>Π</sup> ✷ *<sup>σ</sup>*)) and *<sup>S</sup>*� <sup>=</sup> <sup>∃</sup>*U*�

, and *Sol*D(Π�

other inferences deal with different kinds of atomic goal kernels.

answers for an admissible initial goal *<sup>G</sup>*, one has <sup>P</sup><sup>−</sup> �*CNPC*(D) *<sup>G</sup>* <sup>⇒</sup>

IP*, so that some expected answers are* **missing***.*

*answers* is as follows:

*the axiom* (*f*)−

new goal *G* & *S*�

(*Rσ*� ✷ (Π� ✷ *σ*�

*as Curry or* T OY*.*

) <sup>⊆</sup> *<sup>U</sup>*�

\ *dom*(*σ*�

.

, *σσ*� = *σ*�

1999) are admissible goal solving systems.

*Proof.* A more general result can be proved: If (*R* ∧ *R*�

The declarative debugging of *missing answers* also assumes an intended interpretation IP of the *CFLP*(D)-program P, starts with the observation of an *incompleteness symptom* and ends with an *incompleteness diagnosis*. A more precise definition of this *debugging scenario of missing*

<sup>139</sup> A Semantic Framework for the Declarative Debugging

**Definition 4. (Debugging Scenario of Missing Answers)** *For any given CFLP*(D)*-program* P*: 1. An* **incompleteness symptom** *occurs if the goal solving system computes finitely many solved goals* {*Si*}*i*∈*<sup>I</sup> as answers for an admissible initial goal G, and the programmer judges that Sol*IP (*G*)

*2. An* **incompleteness diagnosis** *is given by pointing to some defined function symbol f such that*

Some concrete debugging scenarios have been discussed in Section 2. Assume now that an incompleteness symptom has been observed by the programmer. Since the goal solving

that the computed answers cover all the solutions of *G* should be derivable from P−. The *Constraint Negative Proof Calculus CNPC*(D) consisting of the inference rules displayed in Fig. 5 has been designed with the aim of enabling logical proofs P<sup>−</sup> �*CNPC*(D) *<sup>G</sup>* ⇒ *<sup>D</sup>* of *aca*s. We use a special operator & in order to express the result of attaching to a given goal *G* a solved goal *S*� resulting from a previous computation, so that computation can continue from the

) ⊆ *Sol*D(Π*σ*�

*R*2) ✷ *S* from *aca*s for goals with kernels of the form *R*<sup>1</sup> ✷ *S* and (*R*<sup>2</sup> & *Si*), respectively; while

Any *CNPC*(D)-derivation <sup>P</sup><sup>−</sup> �*CNPC*(D) *<sup>G</sup>* <sup>⇒</sup> *<sup>D</sup>* can be depicted in the form of a *Negative Proof Tree* over D (shortly, *NPT*) with *aca*s at its nodes, such that the *aca* at any node is inferred from the *acas* at its children using some *CNPC*(D) inference rule. We say that a goal solving system for *CFLP*(D) is *admissible* iff whenever finitely many solved goals {*Si*}*i*∈*<sup>I</sup>* are computed as

witnessing *NPT*. The next theorem is intended to provide some plausibility to the pragmatic assumption that actual *CFLP* systems such as *Curry* (Hanus, 2003) or T OY (López & Sánchez,

**Theorem 5. (Existence of Admissible Goal Solving Calculi)** *There is an admissible Goal Solving Calculus GSC*(D) *which formalizes the goal solving methods underlying actual CFLP systems such*

developed search space of finite size *p* built using the program P, a *Goal Solving Calculus*

*<sup>Y</sup>*) �⊆ *Sol*IP (*Df*)*, showing that f 's definition as given in* P *is* **incomplete** *w.r.t.* IP*.*

<sup>P</sup> : (*<sup>f</sup> Xn* <sup>→</sup> *<sup>Y</sup>* <sup>⇒</sup> *Df ) for f in* <sup>P</sup><sup>−</sup> *is not valid in* IP*, which means Sol*IP (*<sup>f</sup> Xn* <sup>→</sup>

. (Π� ✷ *σ*�

) & *<sup>S</sup>* �∼*<sup>p</sup>*

)). The inference rule **CJ** infers an *aca* for a goal with composed kernel (*R*<sup>1</sup> ∧

*<sup>i</sup>*∈*<sup>I</sup> Si is not valid in the intended interpretation*

*<sup>i</sup>*∈*<sup>I</sup> Si*, the *aca G* ⇒ *<sup>D</sup>* asserting

) a solved goal such that *U*

*<sup>i</sup>*∈*<sup>I</sup> Si* with some

<sup>P</sup>,*GSC*(D) *<sup>D</sup>* (with a partially

.

), the operation *<sup>G</sup>* & *<sup>S</sup>*� is defined as <sup>∃</sup>*U*�

**SF Solved Form** *<sup>R</sup>* ✷ *<sup>S</sup>* <sup>⇒</sup> *<sup>D</sup>* if *Sol*D(*S*) <sup>⊆</sup> *Sol*D(*D*). **CJ Conjunction** *<sup>R</sup>*<sup>1</sup> ✷ *<sup>S</sup>* ⇒ *<sup>i</sup>*∈*<sup>I</sup>* <sup>∃</sup>*Zi*. *Si* ...(*R*<sup>2</sup> & *Si*) <sup>⇒</sup> *<sup>j</sup>*∈*Ji* ∃*Zij*. *Sij* ... (*<sup>i</sup>* ∈ *<sup>I</sup>*) (*R*<sup>1</sup> ∧ *<sup>R</sup>*2) ✷ *<sup>S</sup>* ⇒ *i*∈*I <sup>j</sup>*∈*Ji* ∃*Zi*, *Zij*. *Sij* if *Zi* ∈/ *var*((*R*<sup>1</sup> ∧ *R*2) ✷ *S*), *Zij* ∈/ *var*((*R*<sup>1</sup> ∧ *R*2) ✷ *S*) ∪ *Zi*, for all *i* ∈ *I*, *j* ∈ *Ji*. **TS Trivial Statement** *<sup>ϕ</sup>* : *<sup>G</sup>* <sup>⇒</sup> *<sup>D</sup>* if *Sol*(*G*) <sup>⊆</sup> *Sol*D(*D*). **DC DeComposition** *em* → *tm* ✷ *S* ⇒ *D hem* → *htm* ✷ *S* ⇒ *D* if *hem* is not a pattern. **IM IMitation** *em* <sup>→</sup> *Xm* ✷ (*<sup>S</sup>* <sup>∧</sup> *hXm* <sup>→</sup> *<sup>X</sup>*) <sup>⇒</sup> *<sup>i</sup>*∈*<sup>I</sup>* ∃*Zi*. *Si hem* → *<sup>X</sup>* ✷ *<sup>S</sup>* ⇒ *<sup>i</sup>*∈*<sup>I</sup>* ∃*Xm*, *Zi*. *Si* if *hem* is not a pattern, *X* ∈ V, and *Xm* ∈/ *var*(*hem* → *X* ✷ *S*). **(AR)***<sup>p</sup>* **Argument Reduction for Primitive Functions** *en* → *Xn* ✷ (*<sup>S</sup>* ∧ *pXn* →! *<sup>t</sup>*) ⇒ *<sup>i</sup>*∈*<sup>I</sup>* ∃*Zi*. *Si pen* <sup>→</sup>? *<sup>t</sup>* ✷ *<sup>S</sup>* <sup>⇒</sup> (*<sup>S</sup>* ∧⊥→ *<sup>t</sup>*) <sup>∨</sup> ( *<sup>i</sup>*∈*<sup>I</sup>* ∃*Xn*, ∃*Zi*. *Si*) if *<sup>p</sup>* <sup>∈</sup> *PFn*, *Xn* <sup>∈</sup>/ *var*(*pen* <sup>→</sup>? *<sup>t</sup>* ✷ *<sup>S</sup>*), <sup>→</sup>?≡→ (*production*)∪→! (*constraint*). **(AR)***<sup>f</sup>* **Argument Reduction for Defined Functions** (*en* → *Xn* ∧ *<sup>f</sup> Xn* → *<sup>Y</sup>* ∧ *Yak* → *<sup>t</sup>*) ✷ *<sup>S</sup>* ⇒ *<sup>i</sup>*∈*<sup>I</sup>* ∃*Zi*. *Si fenak* → *<sup>t</sup>* ✷ *<sup>S</sup>* ⇒ *<sup>i</sup>*∈*<sup>I</sup>* ∃*Xn*,*Y*, *Zi*. *Si* if *<sup>f</sup>* <sup>∈</sup> *DF<sup>n</sup>* (*<sup>k</sup>* <sup>&</sup>gt; <sup>0</sup>), and *Xn*,*<sup>Y</sup>* <sup>∈</sup>/ *var*(*fenak* <sup>→</sup> *<sup>t</sup>* ✷ *<sup>S</sup>*). **(DF)***<sup>f</sup>* **Defined Function** ... *Ri*[*Xn* �→ *tn*,*<sup>Y</sup>* �→ *<sup>t</sup>*] ✷ *<sup>S</sup>* ⇒ *Di* ... (*<sup>i</sup>* ∈ *<sup>I</sup>*) *ftn* → *t* ✷ *S* ⇒ (*S* ∧⊥→ *t*) ∨ ( *<sup>i</sup>*∈*<sup>I</sup> Di*) if *<sup>f</sup>* <sup>∈</sup> *DFn*, *Xn*,*<sup>Y</sup>* <sup>∈</sup>/ *var*(*ftn* <sup>→</sup> *<sup>t</sup>* ✷ *<sup>S</sup>*), and (*<sup>f</sup> Xn* <sup>→</sup> *<sup>Y</sup>* <sup>⇒</sup> *<sup>i</sup>*∈*<sup>I</sup> Ri*) ∈ P−.

Fig. 5. The Constraint Negative Proof Calculus *CNPC*(D)

18 Will-be-set-by-IN-TECH

*<sup>j</sup>*∈*Ji* ∃*Zi*, *Zij*. *Sij*

*<sup>j</sup>*∈*Ji* ∃*Zij*. *Sij* ... (*<sup>i</sup>* ∈ *<sup>I</sup>*)

if *hem* is not a pattern.

*<sup>i</sup>*∈*<sup>I</sup>* ∃*Xm*, *Zi*. *Si*

*<sup>i</sup>*∈*<sup>I</sup>* ∃*Zi*. *Si*

*<sup>i</sup>*∈*<sup>I</sup>* ∃*Xn*, ∃*Zi*. *Si*)

*<sup>i</sup>*∈*<sup>I</sup>* ∃*Zi*. *Si*

 *<sup>i</sup>*∈*<sup>I</sup> Di*)

*<sup>i</sup>*∈*<sup>I</sup> Ri*) ∈ P−.

*<sup>i</sup>*∈*<sup>I</sup>* ∃*Xn*,*Y*, *Zi*. *Si*

*ftn* → *t* ✷ *S* ⇒ (*S* ∧⊥→ *t*) ∨ (

*<sup>i</sup>*∈*<sup>I</sup>* ∃*Zi*. *Si*

**SF Solved Form** *<sup>R</sup>* ✷ *<sup>S</sup>* <sup>⇒</sup> *<sup>D</sup>* if *Sol*D(*S*) <sup>⊆</sup> *Sol*D(*D*).

*<sup>i</sup>*∈*<sup>I</sup>* <sup>∃</sup>*Zi*. *Si* ...(*R*<sup>2</sup> & *Si*) <sup>⇒</sup>

*i*∈*I* 

*<sup>ϕ</sup>* : *<sup>G</sup>* <sup>⇒</sup> *<sup>D</sup>* if *Sol*(*G*) <sup>⊆</sup> *Sol*D(*D*).

if *Zi* ∈/ *var*((*R*<sup>1</sup> ∧ *R*2) ✷ *S*), *Zij* ∈/ *var*((*R*<sup>1</sup> ∧ *R*2) ✷ *S*) ∪ *Zi*, for all *i* ∈ *I*, *j* ∈ *Ji*.

*hem* → *htm* ✷ *S* ⇒ *D*

*hem* → *<sup>X</sup>* ✷ *<sup>S</sup>* ⇒

**IM IMitation** *em* <sup>→</sup> *Xm* ✷ (*<sup>S</sup>* <sup>∧</sup> *hXm* <sup>→</sup> *<sup>X</sup>*) <sup>⇒</sup>

**(AR)***<sup>p</sup>* **Argument Reduction for Primitive Functions**

*pen* <sup>→</sup>? *<sup>t</sup>* ✷ *<sup>S</sup>* <sup>⇒</sup> (*<sup>S</sup>* ∧⊥→ *<sup>t</sup>*) <sup>∨</sup> (

**(AR)***<sup>f</sup>* **Argument Reduction for Defined Functions**

if *<sup>f</sup>* <sup>∈</sup> *DF<sup>n</sup>* (*<sup>k</sup>* <sup>&</sup>gt; <sup>0</sup>), and *Xn*,*<sup>Y</sup>* <sup>∈</sup>/ *var*(*fenak* <sup>→</sup> *<sup>t</sup>* ✷ *<sup>S</sup>*).

if *hem* is not a pattern, *X* ∈ V, and *Xm* ∈/ *var*(*hem* → *X* ✷ *S*).

*en* → *Xn* ✷ (*<sup>S</sup>* ∧ *pXn* →! *<sup>t</sup>*) ⇒

(*en* → *Xn* ∧ *<sup>f</sup> Xn* → *<sup>Y</sup>* ∧ *Yak* → *<sup>t</sup>*) ✷ *<sup>S</sup>* ⇒

*fenak* → *<sup>t</sup>* ✷ *<sup>S</sup>* ⇒

if *<sup>f</sup>* <sup>∈</sup> *DFn*, *Xn*,*<sup>Y</sup>* <sup>∈</sup>/ *var*(*ftn* <sup>→</sup> *<sup>t</sup>* ✷ *<sup>S</sup>*), and (*<sup>f</sup> Xn* <sup>→</sup> *<sup>Y</sup>* <sup>⇒</sup>

Fig. 5. The Constraint Negative Proof Calculus *CNPC*(D)

if *<sup>p</sup>* <sup>∈</sup> *PFn*, *Xn* <sup>∈</sup>/ *var*(*pen* <sup>→</sup>? *<sup>t</sup>* ✷ *<sup>S</sup>*), <sup>→</sup>?≡→ (*production*)∪→! (*constraint*).

**(DF)***<sup>f</sup>* **Defined Function** ... *Ri*[*Xn* �→ *tn*,*<sup>Y</sup>* �→ *<sup>t</sup>*] ✷ *<sup>S</sup>* ⇒ *Di* ... (*<sup>i</sup>* ∈ *<sup>I</sup>*)

(*R*<sup>1</sup> ∧ *<sup>R</sup>*2) ✷ *<sup>S</sup>* ⇒

**DC DeComposition** *em* → *tm* ✷ *S* ⇒ *D*

**CJ Conjunction**

*<sup>R</sup>*<sup>1</sup> ✷ *<sup>S</sup>* ⇒

**TS Trivial Statement**
