**4. Declarative debugging of wrong answers in** *CFLP*(D)

In this section, we present the logical and semantic framework of the declarative diagnosis method of wrong answers for *CFLP*(D) and prove its logical correctness. In what follows, we assume that a constraint domain D and a *CFLP*(D)-program P are given.

#### **4.1 Wrong answers and intended interpretations**

Declarative diagnosis techniques rely on a declarative description of the intended program semantics. We will assume that the user knows (at least to the extent needed for answering queries during the debugging session) a so-called *intended model* I, which is a c-interpretation expected to satisfy I |=<sup>D</sup> P, unless P is incorrect. For instance, *rect*(*X*,*Y*) *LX LY* (*A*, *<sup>B</sup>*) <sup>→</sup> *f alse* ⇐ *<sup>A</sup>* <sup>&</sup>lt; *<sup>X</sup>* <sup>∧</sup> *LX* <sup>&</sup>gt; <sup>0</sup> <sup>∧</sup> *LY* <sup>&</sup>gt; <sup>0</sup> could belong to the intended model I for the program fragment shown in Example 1. As explained in Subsection 3.6, the c-facts belonging to c-interpretations can be non-ground. Nevertheless, the model notion I |=<sup>D</sup> P used here (see Definition 2 above) corresponds to the so-called *weak semantics* from (López et al., 2006), which depends just on the ground c-facts valid in I. Therefore, different presentations of the 10 Will-be-set-by-IN-TECH

*2. The set of solutions of a production e* → *t is a subset Sol*<sup>I</sup> (*<sup>e</sup>* → *<sup>t</sup>*) ⊆ *Val*⊥(D) *defined as Sol*<sup>I</sup> (*<sup>e</sup>* → *<sup>t</sup>*) = {*<sup>η</sup>* ∈ *Val*⊥(D) |I��D *<sup>e</sup><sup>η</sup>* → *<sup>t</sup>η*}*. The set of solutions of a set of productions P is defined as*

*3. The set of solutions of an admissible goal G* : ∃*U*. (*<sup>P</sup>* ✷ <sup>Δ</sup>) *is a subset Sol*<sup>I</sup> (*G*) ⊆ *Val*⊥(D) *defined as follows: Sol*<sup>I</sup> (*G*) = {*<sup>η</sup>* ∈ *Val*⊥(D) | *<sup>η</sup>*� ∈ *Sol*<sup>I</sup> (*P*) ∩ *Sol*<sup>I</sup> (Δ) *for some <sup>η</sup>*� *such that <sup>η</sup>*�

For primitive constraints one can easily check that *Sol*<sup>I</sup> (Π) = *Sol*D(Π). Moreover, we note

**Definition 2. (Model-Theoretic Semantics)** *Let* P *a CFLP*(D)*-program and* I *a c-interpretation.*

*1.* I *is a* **model** *of* P *(in symbols,* I |=<sup>D</sup> P*) iff every constrained program rule* (*ftn* → *<sup>r</sup>* ⇐ <sup>Δ</sup>) ∈ P *is* **valid** *in* I*: for any ground substitution <sup>η</sup>* ∈ *Sub*⊥(U) *and t* ∈ *Pat*⊥(U) *ground such that* (*ftn* → *<sup>r</sup>* ⇐ <sup>Δ</sup>)*<sup>η</sup> is ground,* I ��D <sup>Δ</sup>*<sup>η</sup> and* I ��D *<sup>r</sup><sup>η</sup>* → *t one has* I ��D (*ftn*)*<sup>η</sup>* → *t (or*

*2. A solved form S is a* **semantically valid** *answer for a goal G with respect to a program* P *(in*

In this section, we present the logical and semantic framework of the declarative diagnosis method of wrong answers for *CFLP*(D) and prove its logical correctness. In what follows, we

Declarative diagnosis techniques rely on a declarative description of the intended program semantics. We will assume that the user knows (at least to the extent needed for answering queries during the debugging session) a so-called *intended model* I, which is a c-interpretation expected to satisfy I |=<sup>D</sup> P, unless P is incorrect. For instance, *rect*(*X*,*Y*) *LX LY* (*A*, *<sup>B</sup>*) <sup>→</sup> *f alse* ⇐ *<sup>A</sup>* <sup>&</sup>lt; *<sup>X</sup>* <sup>∧</sup> *LX* <sup>&</sup>gt; <sup>0</sup> <sup>∧</sup> *LY* <sup>&</sup>gt; <sup>0</sup> could belong to the intended model I for the program fragment shown in Example 1. As explained in Subsection 3.6, the c-facts belonging to c-interpretations can be non-ground. Nevertheless, the model notion I |=<sup>D</sup> P used here (see Definition 2 above) corresponds to the so-called *weak semantics* from (López et al., 2006), which depends just on the ground c-facts valid in I. Therefore, different presentations of the

*<sup>i</sup>*∈*<sup>I</sup> Si is a* **logical consequence** *of* <sup>P</sup><sup>−</sup> *iff Sol*<sup>I</sup> (*G*) <sup>⊆</sup>

I *of* P−*. When this happens, we also say that the disjunction of answers*

assume that a constraint domain D and a *CFLP*(D)-program P are given.

<sup>P</sup> : (*<sup>f</sup> Xn* <sup>→</sup> *<sup>Y</sup>* <sup>⇒</sup> *Df )* ∈ P<sup>−</sup> *satisfies Sol*<sup>I</sup> (*<sup>f</sup> Xn* <sup>→</sup> *<sup>Y</sup>*)

<sup>P</sup> *is* **valid** *in* <sup>I</sup>*, or also that f 's definition*

*<sup>i</sup>*∈*<sup>I</sup> Sol*D(*Si*) *for any model*

*<sup>i</sup>*∈*<sup>I</sup> Si is* **complete** *for*

*symbols,* P |=<sup>D</sup> *<sup>G</sup>* ⇐ *S) iff Sol*D(*S*) ⊆ *Sol*<sup>I</sup> (*G*) *for all* I |=<sup>D</sup> P*.*

⊆ *Sol*<sup>I</sup> (*Df*)*. When this inclusion holds, we say that* (*f*)<sup>−</sup>

**4. Declarative debugging of wrong answers in** *CFLP*(D)

*<sup>δ</sup>*∈<sup>Δ</sup> *Sol*<sup>I</sup> (*δ*)*.*

(*X*) =

*(b) Sol*<sup>I</sup> (*δ*) = {*<sup>η</sup>* ∈ *Val*⊥(D) |I��D *δη*}*, for any <sup>δ</sup>* ∈ *DCon*⊥(D) \ *PCon*⊥(D)*. The set of solutions of a set of constraints* <sup>Δ</sup>⊆*DCon*⊥(D) *is defined as Sol*<sup>I</sup> (Δ)=

*Sol*<sup>I</sup> (*P*) =

*4. The aca G* ⇒

*G with respect to* P*.*

*η*(*X*) *for all X* ∈/ *U*}*.*

(*e*→*t*)∈*<sup>P</sup> Sol*<sup>I</sup> (*<sup>e</sup>* <sup>→</sup> *<sup>t</sup>*)*.*

that *Sol*<sup>I</sup> (*S*) = *Sol*D(*S*) for every solved form *<sup>S</sup>*.

*equivalently,* ((*ftn*)*η* → *t*) ∈ I*).*

*3.* I *is a* **model** *of* P<sup>−</sup> *iff every axiom* (*f*)<sup>−</sup>

*as given in* P *is* **complete** *with respect to* I*.*

**4.1 Wrong answers and intended interpretations**

intended model will be equivalent for the purposes of this work, as long as the ground c-facts valid in them are the same.

The aim of declarative diagnosis of wrong answers is to start with an observed *symptom* of erroneous program behavior, and detect some *error* in the program. The proper notions of symptom and error in our setting are as follows:

**Definition 3. (Symptoms and Errors)** *Assume* I *is the intended interpretation for program* P*, and consider a solved form S produced as computed answer for the initial goal G by some goal solving system. We define:*


For instance, the computed answer shown in Example 1 is wrong with respect to the intended model of the program assumed in that example, for the reasons already discussed in Section 2. As illustrated by that example, computed answers typically include constraints on the variables occurring in the initial goal. However, goal solving systems for *CFLP*(D) programs also maintain internal information on constraints related to variables used in intermediate computation steps, but not occurring in the initial goal. Such information is relevant for declarative debugging purposes. Therefore, in the rest of this section we will assume that computed answers *S* include also constraints related to intermediate variables.

#### **4.2 A logical calculus for witnessing computed answers**

Assuming that *S* is a computed answer for an initial goal *G* using a program P, the declarative diagnosis of wrong answers needs a suitable *Computation Tree* (shortly, *CT*) representing the computation. In our setting we will obtain the *CT* from a logical proof P �*CPPC*(D) *<sup>G</sup>* ⇐ *<sup>S</sup>* which derives the statement *G* ⇐ *S* from the program P in the *Constraint Positive Proof Calculus* (shortly *CPPC*(D)) given by the inference rules in Fig. 2. We will say that the *CPPC*(D)-proof *witnesses* the computed answer.

Most of these inference rules have been borrowed from the proof theory of *CRWL*(D), a *Constraint ReWriting Logic* which characterizes the semantics of *CFLP*(D) programs (López et al., 2006). The main novelties in *CPPC*(D) are the addition of rule **EX** (to deal with existential quantifiers in computed answers) and a reformulation of rule **DF**P, which is presented as the consecutive application of two inference steps named **AR***<sup>f</sup>* and **FA***<sup>f</sup>* , which cannot be applied separately. The purpose of this composite inference is to introduce the c-facts *f tn* → *t* ⇐ Π at the conclusion of inference **FA***<sup>f</sup>* , called *boxed c-facts* in the sequel. As we will see, only boxed c-facts will appear at the nodes of *CTs* obtained from *CPPC*(D)-proofs. Therefore, all the queries asked to the user during a declarative debugging session will be about the validity of c-facts in the intended model of the program, which is itself represented as a set of c-facts. We also agree that the premises *<sup>G</sup><sup>σ</sup>* ⇐ <sup>Π</sup> in rule **EX** (resp. <sup>Δ</sup> ⇐ <sup>Π</sup> in rule **DF**P) must be understood as a shorthand for several premises *α* ⇐ Π, one for each atomic *ϕ* in *Gσ* (resp. <sup>Δ</sup>). Moreover, rule **PF** depends on the side condition *Sol*D(Π) ⊆ *Sol*D(*ptn* → *<sup>t</sup>*) which is true iff *<sup>p</sup>*<sup>D</sup> *tn<sup>η</sup>* → *<sup>t</sup><sup>η</sup>* holds for all *<sup>η</sup>* ∈ *Sol*D(Π). Some other inference rules in Fig. 2 have similar conditions.

*intersect* (*head* (*ladder* (20, 20) 50 20)) (*head* (*ladder* (5, 5) 30 40)) (*X*,*Y*) == *R* ⇐ *R* → *true* ✷ *X* ≤ 35 ∧ *X* ≥ 20 ∧ *Y* ≤ 5

*intersect* (*head* (*ladder* (20, 20) 50 20)) (*head* (*ladder* (5, 5) 30 40)) (*X*,*Y*) == *true*

**AR***intersect*

**EX**

<sup>133</sup> A Semantic Framework for the Declarative Debugging

**AC**==

**AR***head* ...

*intersect* (*head* (*ladder* (20, 20) 50 20)) (*head* (*ladder* (5, 5) 30 40)) (*X*,*Y*) → *true* ⇐ Π

of Wrong and Missing Answers in Declarative Constraint Programming

*Sol*D(Π) <sup>⊆</sup> *Sol*D(*true* == *true*)

*rect* (20, 20) 50 20 (*X*,*Y*) → *true* ⇐ Π

...

*true* && *true* → *true* ⇐ Π *true* && *true* → *true* ⇐ Π *true* && *true* → *true* ⇐ Π

...

*head* (*ladder* (20, 20) 50 20) → *rect* (20, 20) 50 20 ⇐ Π

*ladder* (20, 20) 50 20 → [*rect* (20, 20) 50 20 | ⊥] ⇐ Π

**AR***ladder*

...

**FA***ladder*

**DC**

Fig. 3. A Positive Proof Tree in *CPPC*(R)

... ...

*ladder* (20 + 50, 20 + 20) 50 20] → [*rect* (20, 20) 50 20 | ⊥] ⇐ Π

*ladder* (20 + 50, 20 + 20) 50 20 →⊥⇐ Π

**TI**

[*rect* (20, 20) 50 20 |

*rect* (20, 20) 50 20 → *rect* (20, 20) 50 20 ⇐ Π ⇐ *X* ≤ 35 ∧ *X* ≥ 20 ∧ *Y* ≤ 5 Π

*head* (*ladder* (5, 5) 30 40) → *rect* (5, 5) 30 40 ⇐ Π

> *rect* (20, 20) 50 20 → *rect* (20, 20) 50 20 ⇐ Π

...

**FA***head*

*head* ([*rect* (20, 20) 50 20 | ⊥]) → *rect* (20, 20) 50 20 ⇐ Π

*rect* (5, 5) 30 40 (*X*,*Y*) → *true* ⇐ Π

**AR***rect*

**AR***rect*

(*X* ≥ 5) && (*X* ≤ 5 + 30) && (*Y* ≤ 5) && (*Y* ≤ 5 + 40) → *true* ⇐ Π

**FA***rect*

**AR**&&

**FA**&& **FA**&& **FA**&&

Any *CPPC*(D)-derivation P �*CPPC*(D) *<sup>G</sup>* ⇐ *<sup>S</sup>* can be depicted in the form of a *Positive Proof Tree* over D (shortly, *PPT*(D)) with *G* ⇐ *S* at the root and c-statements at the internal nodes, and such that the statement at any node is inferred from the statements at its children using some *CPPC*(D) inference rule. In particular, the statement at the root must be inferred using rule **EX**, which is then applied nowherelse in the proof tree. Fig. 3 shows a *PPT*(R) representing a *CPPC*(R)-derivation which witnesses the computed answer from Example 1, which is wrong with respect to the intended model of the program. We say that a goal solving system is called *CPPC*(D)-*sound* iff for any computed answer *S* obtained for an initial goal *G*

*true* → *true* ⇐ Π *true* → *true* ⇐ Π *true* → *true* ⇐ Π

**DC DC DC**

*true* → *true* ⇐ Π

**DC**

*intersect* (*rect* (20, 20) 50 20) (*rect* (5, 5) 30 40) (*X*,*Y*) → *true* ⇐ Π

(*rect* (20, 20) 50 20) (*X*,*Y*)) && (*rect* (5, 5) 30 40) (*X*,*Y*)) → *true* ⇐ Π

*true* && *true* → *true* ⇐ Π

**AR**&&

**FA**&&

*Sol*D(Π) <sup>⊆</sup> *Sol*D(*<sup>X</sup>* <sup>≥</sup> <sup>5</sup> <sup>∧</sup> *<sup>X</sup>* <sup>≤</sup> <sup>35</sup><sup>∧</sup> *Y* ≤ 5 ∧ *Y* ≤ 45 → *true*)

*true* → *true* ⇐ Π

**DC**

**FA***intersect*

**EX Existential** *Gσ* ⇐ Π *G* ⇐ ∃*U*. (*σ* ✷ Π) if *f var*(*G*) ∩ *U* = ∅. **TI Trivial Inference** *ϕ* if *ϕ* is a trivial c-statement. **RR Restricted Reflexivity** *<sup>t</sup>* <sup>→</sup> *<sup>t</sup>* ⇐ <sup>Π</sup> if *<sup>t</sup>* ∈U∪V. **SP Simple Production** *<sup>s</sup>* <sup>→</sup> *<sup>t</sup>* ⇐ <sup>Π</sup> if *s* ∈ *Pat*⊥(U), *s* ∈ V or *t* ∈ V, and *Sol*D(Π) ⊆ *Sol*D(*s* → *t*). **DC Decomposition** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *em* → *tm* ⇐ Π *hem* → *htm* ⇐ Π **IR Inner Reduction** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *em* → *tm* ⇐ Π *hem* → *X* ⇐ Π if *hem* ∈/ *Pat*⊥(U), *X* ∈ V, and *Sol*D(Π) ⊆ *Sol*D(*htm* → *X*). **PF Primitive Function** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π *p en* → *t* ⇐ Π if *<sup>p</sup>* <sup>∈</sup> *PFn*, *ti* <sup>∈</sup> *Pat*⊥(U) (1 <sup>≤</sup> *<sup>i</sup>* <sup>≤</sup> *<sup>n</sup>*), *Sol*D(Π) <sup>⊆</sup> *Sol*D(*ptn* <sup>→</sup> *<sup>t</sup>*). **DF**<sup>P</sup> P**-Defined Function** Δ ⇐ Π *r* → *t* ⇐ Π **(FA***<sup>f</sup>* **)** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π *ftn* → *t* ⇐ Π *f en* → *t* ⇐ Π **(AR***<sup>f</sup>* **)** Δ ⇐ Π *r* → *s* ⇐ Π **(FA***<sup>f</sup>* **)** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π *ftn* → *s* ⇐ Π *s ak* → *t* ⇐ Π *f enak* → *t* ⇐ Π **(AR***<sup>f</sup>* **)** if *<sup>f</sup>* <sup>∈</sup> *DF<sup>n</sup>* (*<sup>k</sup>* <sup>&</sup>gt; <sup>0</sup>), (*<sup>f</sup> tn* <sup>→</sup> *<sup>r</sup>* ⇐ <sup>Δ</sup>) <sup>∈</sup> [P]<sup>⊥</sup> ≡ {*R<sup>θ</sup>* <sup>|</sup> *<sup>R</sup>* ∈ P, *<sup>θ</sup>* <sup>∈</sup> *Sub*⊥(U)}, and *s* ∈ *Pat*⊥(U). **AC Atomic Constraint** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π *p en* →! *t* ⇐ Π if *<sup>p</sup>* <sup>∈</sup> *PFn*, *ti* <sup>∈</sup> *Pat*⊥(U) (1 <sup>≤</sup> *<sup>i</sup>* <sup>≤</sup> *<sup>n</sup>*), *Sol*D(Π) <sup>⊆</sup> *Sol*D(*ptn* <sup>→</sup>! *<sup>t</sup>*).

Fig. 2. The Constraint Positive Proof Calculus *CPPC*(D)

#### 132 Semantics – Advances in Theories and Mathematical Models A Semantic Framework for the Declarative Debugging of Wrong and Missing Answers in Declarative Constraint Programming <sup>13</sup> <sup>133</sup> A Semantic Framework for the Declarative Debugging of Wrong and Missing Answers in Declarative Constraint Programming

12 Will-be-set-by-IN-TECH

if *ϕ* is a trivial c-statement.

if *f var*(*G*) ∩ *U* = ∅.

**EX Existential** *Gσ* ⇐ Π

**SP Simple Production** *<sup>s</sup>* <sup>→</sup> *<sup>t</sup>* ⇐ <sup>Π</sup>

**TI Trivial Inference**

**DF**<sup>P</sup> P**-Defined Function**

*s* ∈ *Pat*⊥(U).

*G* ⇐ ∃*U*. (*σ* ✷ Π)

*ϕ*

if *s* ∈ *Pat*⊥(U), *s* ∈ V or *t* ∈ V, and *Sol*D(Π) ⊆ *Sol*D(*s* → *t*).

*hem* → *htm* ⇐ Π

*hem* → *X* ⇐ Π

*p en* → *t* ⇐ Π

*e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π *ftn* → *s* ⇐ Π *s ak* → *t* ⇐ Π

if *<sup>f</sup>* <sup>∈</sup> *DF<sup>n</sup>* (*<sup>k</sup>* <sup>&</sup>gt; <sup>0</sup>), (*<sup>f</sup> tn* <sup>→</sup> *<sup>r</sup>* ⇐ <sup>Δ</sup>) <sup>∈</sup> [P]<sup>⊥</sup> ≡ {*R<sup>θ</sup>* <sup>|</sup> *<sup>R</sup>* ∈ P, *<sup>θ</sup>* <sup>∈</sup> *Sub*⊥(U)}, and

*p en* →! *t* ⇐ Π

Δ ⇐ Π *r* → *t* ⇐ Π **(FA***<sup>f</sup>* **)**

Δ ⇐ Π *r* → *s* ⇐ Π **(FA***<sup>f</sup>* **)**

*f enak* → *t* ⇐ Π **(AR***<sup>f</sup>* **)**

**(AR***<sup>f</sup>* **)**

**RR Restricted Reflexivity** *<sup>t</sup>* <sup>→</sup> *<sup>t</sup>* ⇐ <sup>Π</sup> if *<sup>t</sup>* ∈U∪V.

**DC Decomposition** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *em* → *tm* ⇐ Π

**IR Inner Reduction** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *em* → *tm* ⇐ Π

if *hem* ∈/ *Pat*⊥(U), *X* ∈ V, and *Sol*D(Π) ⊆ *Sol*D(*htm* → *X*).

**PF Primitive Function** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π

*e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π *ftn* → *t* ⇐ Π *f en* → *t* ⇐ Π

**AC Atomic Constraint** *e*<sup>1</sup> → *t*<sup>1</sup> ⇐ Π ... *en* → *tn* ⇐ Π

Fig. 2. The Constraint Positive Proof Calculus *CPPC*(D)

if *<sup>p</sup>* <sup>∈</sup> *PFn*, *ti* <sup>∈</sup> *Pat*⊥(U) (1 <sup>≤</sup> *<sup>i</sup>* <sup>≤</sup> *<sup>n</sup>*), *Sol*D(Π) <sup>⊆</sup> *Sol*D(*ptn* <sup>→</sup>! *<sup>t</sup>*).

if *<sup>p</sup>* <sup>∈</sup> *PFn*, *ti* <sup>∈</sup> *Pat*⊥(U) (1 <sup>≤</sup> *<sup>i</sup>* <sup>≤</sup> *<sup>n</sup>*), *Sol*D(Π) <sup>⊆</sup> *Sol*D(*ptn* <sup>→</sup> *<sup>t</sup>*).

Any *CPPC*(D)-derivation P �*CPPC*(D) *<sup>G</sup>* ⇐ *<sup>S</sup>* can be depicted in the form of a *Positive Proof Tree* over D (shortly, *PPT*(D)) with *G* ⇐ *S* at the root and c-statements at the internal nodes, and such that the statement at any node is inferred from the statements at its children using some *CPPC*(D) inference rule. In particular, the statement at the root must be inferred using rule **EX**, which is then applied nowherelse in the proof tree. Fig. 3 shows a *PPT*(R) representing a *CPPC*(R)-derivation which witnesses the computed answer from Example 1, which is wrong with respect to the intended model of the program. We say that a goal solving system is called *CPPC*(D)-*sound* iff for any computed answer *S* obtained for an initial goal *G*

• The rule **FA***<sup>f</sup>* is semantically correct. By definition of [P]⊥, there are (*ft*�

of Wrong and Missing Answers in Declarative Constraint Programming

*<sup>n</sup>* → *r*� ⇐ Δ�

*<sup>n</sup>* → *r*� ⇐ Δ�

��D (*ftn* → *<sup>s</sup>*)*η*, and by Definition 1, we can conclude that *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*ftn* → *<sup>s</sup>*).

model of P such that I |=<sup>D</sup> <sup>Δ</sup> ⇐ <sup>Π</sup> (i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (Δ)) and I |=<sup>D</sup> *<sup>r</sup>* → *<sup>s</sup>* ⇐ <sup>Π</sup> (i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*<sup>r</sup>* → *<sup>s</sup>*)). We prove that I |=<sup>D</sup> *ftn* → *<sup>s</sup>* ⇐ <sup>Π</sup>, i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*ftn* → *<sup>s</sup>*). Let *<sup>η</sup>* ∈ *Sol*D(Π). Then we have *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (Δ), and by Definition 1, I ��D <sup>Δ</sup>*η*, and also,

<sup>135</sup> A Semantic Framework for the Declarative Debugging

*θη*. Analogously, *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*<sup>r</sup>* → *<sup>s</sup>*), and by Definition 1, I ��D *<sup>r</sup><sup>η</sup>* → *<sup>s</sup>η*, and also, I

*<sup>n</sup>* → *r*� ⇐ Δ�

applying the *Conservation Property* (see (López et al., 2006) for details), it is equivalent to I

Now we are ready to present a declarative diagnosis method of wrong answers and to prove its correctness. Our results apply to any *CPPC*(D)-sound goal solving system. First we prove that the observation of an error symptom implies the existence of some error in the program: **Theorem 3. (Wrong Answers Are Caused By Erroneous Program Rules)** *We assume that a CPPC*(D)*-sound goal solving system computes S as an answer for the initial goal G using program* P*. If S is wrong with respect to the user's intended interpretation* I *then some program rule belonging*

*Proof.* Because of *CPPC*(D)-soundness of the goal solving system, we know that P �*CPPC*(D) *<sup>G</sup>* ⇐ *<sup>S</sup>*. Then, from Theorem 2 we obtain P |=<sup>D</sup> *<sup>G</sup>* ⇐ *<sup>S</sup>*, i.e., *Sol*D(*S*) ⊆ *Sol*<sup>J</sup> (*G*) for each model J |=<sup>D</sup> P. Since *<sup>S</sup>* is wrong with respect to the user's intended model I, it must be the case that *Sol*D(*S*) �⊆ *Sol*<sup>I</sup> (*G*) because of Definition 3. Therefore, we can conclude that the intended model I is not a model of P. Then, by Definition 2, some program rule belonging to P is not

The previous theorem does not yet provide a practical method for finding an erroneous program rule. As explained in the Introduction, a declarative diagnosis method is expected to find the erroneous program rule by inspecting a *CT*. We propose to use abbreviated *CPPC*(D) proof trees as *CTs*. Since **DF**<sup>P</sup> is the only inference rule in the *CPPC*(D) calculus that depends on the program, abbreviated proof trees will omit the inference steps related to all the other *CPPC*(D) rules. More precisely, given a *PPT*(D) T , its associated *Abbreviated Positive Proof*

• The children of a node *N* in AT are the closest descendants of *N* in T corresponding to

*<sup>n</sup>*)*θη* → *sη*) ∈ I, i.e., ((*ftn*)*η* → *sη*) ∈ I, or also, (*ftn* → *s*)*η* ∈ I. Finally, by

*θη* → *sη*. Since I is a model of P, by applying Definition 2, we

P and *<sup>θ</sup>* ∈ *Sub*⊥(U) such that (*ft*�

*θη* → *sη*. We have then (*ft*�

*θη* and I ��D *<sup>r</sup>*�

*to* P *is incorrect with respect to* I*.*

• The root of AT is the root of T .

and *<sup>s</sup><sup>η</sup>* ∈ *Pat*⊥(U) ground such that (*ft*�

**4.3 Declarative diagnosis using positive proof trees**

*Tree* over D (shortly, *APPT*(D)) AT is defined as follows:

boxed c-facts introduced by **DF**<sup>P</sup> inference steps.

I ��D <sup>Δ</sup>�

I ��D <sup>Δ</sup>�

obtain ((*ft*�

��D *r*�

valid in I.

*<sup>n</sup>* → *r*� ⇐ Δ�

)*θ* ≡ (*ftn* → *r* ⇐ Δ). Let I be an arbitrary

) ∈ P, *θη* ∈ *Sub*⊥(U) ground substitution

)*θη* ≡ (*ftn* → *r* ⇐ Δ)*η* is ground,

) ∈

using program <sup>P</sup> there is some witnessing *CPPC*(D)-proof P �*CPPC*(D) *<sup>G</sup>* ⇐ *<sup>S</sup>*. The next result shows that *CPPC*(D)-sound goal solving systems exist:

**Theorem 1. (Existence of** *CPPC*(D)**-Sound Goal Solving Systems)** *The goal solving calculus CDNC*(D) *given in (López et al., 2004) is CPPC*(D)*-sound.*

*Proof.* Straightforward adaptation of the soundness theorem for *CDNC*(D) presented in (López et al., 2004).

In addition to the goal solving calculus *CDNC*(D), other formal goal solving calculi known for *CFLP*(D) are also *CPPC*(D)-sound. Moreover, it is also reasonable to assume *CPPC*(D)-soundness for implemented goal solving systems such as *Curry* (Hanus, 2003) and T OY (López & Sánchez, 1999) whose computation model is based on constrained lazy narrowing. Moreover, any *CPPC*(D)-sound goal solving system is semantically sound in the sense of item 2 in Definition 2:

**Theorem 2. (Semantic Correctness of the** *CPPC*(D) **Calculus)** *If G is an initial goal for* P *and S is a solved goal s.t.* P �*CPPC*(D) *<sup>G</sup>* ⇐ *S then* P |=<sup>D</sup> *<sup>G</sup>* ⇐ *S.*

*Proof.* For each of the inference rules **EX**, **AR***<sup>f</sup>* , and **FA***<sup>f</sup>* , we prove that an arbitrary model I |=<sup>D</sup> P such that the premises of the rule are valid in I, also verifies that the conclusion of the rule is valid in I. Similar proofs for the other inference rules in *CFLP*(D) can be found in (López et al., 2006).


14 Will-be-set-by-IN-TECH

using program <sup>P</sup> there is some witnessing *CPPC*(D)-proof P �*CPPC*(D) *<sup>G</sup>* ⇐ *<sup>S</sup>*. The next

**Theorem 1. (Existence of** *CPPC*(D)**-Sound Goal Solving Systems)** *The goal solving calculus*

*Proof.* Straightforward adaptation of the soundness theorem for *CDNC*(D) presented in

In addition to the goal solving calculus *CDNC*(D), other formal goal solving calculi known for *CFLP*(D) are also *CPPC*(D)-sound. Moreover, it is also reasonable to assume *CPPC*(D)-soundness for implemented goal solving systems such as *Curry* (Hanus, 2003) and T OY (López & Sánchez, 1999) whose computation model is based on constrained lazy narrowing. Moreover, any *CPPC*(D)-sound goal solving system is semantically sound in the

**Theorem 2. (Semantic Correctness of the** *CPPC*(D) **Calculus)** *If G is an initial goal for* P *and*

*Proof.* For each of the inference rules **EX**, **AR***<sup>f</sup>* , and **FA***<sup>f</sup>* , we prove that an arbitrary model I |=<sup>D</sup> P such that the premises of the rule are valid in I, also verifies that the conclusion of the rule is valid in I. Similar proofs for the other inference rules in *CFLP*(D) can be found in

• The rule **EX** is semantically correct. Let I be an arbitrary model of P such that I |=<sup>D</sup> *<sup>G</sup><sup>σ</sup>* ⇐ <sup>Π</sup>, i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*Gσ*). We prove that I |=<sup>D</sup> *<sup>G</sup>* ⇐ ∃*U*. (*<sup>σ</sup>* ✷ <sup>Π</sup>), i.e., *Sol*D(∃*U*. (*<sup>σ</sup>* ✷ <sup>Π</sup>)) ⊆ *Sol*<sup>I</sup> (*G*). Let *<sup>η</sup>* ∈ *Sol*D(∃*U*. (*<sup>σ</sup>* ✷ <sup>Π</sup>)). By the syntactic form of solved goals, *<sup>η</sup>* ∈ *Sol*D(∃*U*. (*Xn* → *tn* ∧ *sm* → *Ym* ✷ <sup>Π</sup>)) and *<sup>η</sup>* ∈ *Sol*D(∃ *<sup>U</sup>*. (*Xn* = *tn* ∧ *Ym* = *sm* ✷ <sup>Π</sup>)). By applying Definition 1, there exists *<sup>η</sup>*� <sup>∈</sup> *Val*⊥(D) such that *<sup>η</sup>*� <sup>=</sup>\*<sup>U</sup> <sup>η</sup>* <sup>y</sup> *<sup>η</sup>*� <sup>∈</sup> *Sol*D(*Xn* <sup>=</sup> *tn* <sup>∧</sup> *Ym* = *sm* ✷ <sup>Π</sup>), and therefore, *<sup>η</sup>*� ∈ *Sol*D(*Xn* = *tn* ∧ *Ym* = *sm*) (i.e., *<sup>η</sup>*� ∈ *Sol*D(*σ*)) and *<sup>η</sup>*� ∈ *Sol*D(Π). Since by *induction hypothesis Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*Gσ*), it follows that *<sup>η</sup>*� ∈ *Sol*<sup>I</sup> (*Gσ*). Moreover, since *<sup>η</sup>*� ∈ *Sol*D(*σ*), we obtain *<sup>η</sup>*� ∈ *Sol*<sup>I</sup> (*G*). In consequence, there exists *<sup>η</sup>*� ∈ *Val*⊥(D) such that *<sup>η</sup>*� <sup>=</sup>\*<sup>U</sup> <sup>η</sup>* and *<sup>η</sup>*� <sup>∈</sup> *Sol*<sup>I</sup> (*G*). Finally, using the condition of applicability

*f var*(*G*) ∩ *<sup>U</sup>* = <sup>∅</sup> associated to the rule **EX**, we can conclude that *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*G*).

*<sup>f</sup>*(*enη*)(*akη*) → *<sup>t</sup>η*. From Definition 1, we obtain finally *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*fenak* → *<sup>t</sup>*).

• The rule **AR***<sup>f</sup>* is semantically correct. Let I be an arbitrary model of P such that I |=<sup>D</sup> *ei* → *ti* ⇐ <sup>Π</sup> for each 1 ≤ *<sup>i</sup>* ≤ *<sup>n</sup>* (i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*ei* → *ti*) for each 1 ≤ *<sup>i</sup>* ≤ *<sup>n</sup>*), I |=<sup>D</sup> *ftn* → *<sup>s</sup>* ⇐ <sup>Π</sup> (i.e., *Sol*D(Π) ⊆ *Sol*D(*ftn* → *<sup>s</sup>*)) and I |=<sup>D</sup> *sak* → *<sup>s</sup>* ⇐ <sup>Π</sup> (i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*sak* → *<sup>t</sup>*)). We prove that I |=<sup>D</sup> *fenak* → *<sup>t</sup>* ⇐ <sup>Π</sup>, i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*fenak* → *<sup>t</sup>*). Let *<sup>η</sup>* ∈ *Sol*D(Π). We have then *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*ei* → *ti*) for each 1 ≤ *<sup>i</sup>* ≤ *<sup>n</sup>*, and by Definition 1, I ��D *ei<sup>η</sup>* → *ti<sup>η</sup>* for each 1 ≤ *<sup>i</sup>* ≤ *<sup>n</sup>*. Analogously, *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*ftn* → *<sup>s</sup>*), by Definition 1, I ��D *ftnη* → *sη*, and by the *Conservation Property* (see (López et al., 2006) for details), (*ftnη* → *<sup>s</sup>η*) ∈ I. Analogously, *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*sak* → *<sup>t</sup>*) and by Definition 1, I ��D (*sη*)(*akη*) → *<sup>t</sup>η*. But then, by applying of the rule **DF**<sup>I</sup> (see (López et al., 2006) for details), we have that I ��D

result shows that *CPPC*(D)-sound goal solving systems exist:

*CDNC*(D) *given in (López et al., 2004) is CPPC*(D)*-sound.*

*S is a solved goal s.t.* P �*CPPC*(D) *<sup>G</sup>* ⇐ *S then* P |=<sup>D</sup> *<sup>G</sup>* ⇐ *S.*

(López et al., 2004).

(López et al., 2006).

sense of item 2 in Definition 2:

• The rule **FA***<sup>f</sup>* is semantically correct. By definition of [P]⊥, there are (*ft*� *<sup>n</sup>* → *r*� ⇐ Δ� ) ∈ P and *<sup>θ</sup>* ∈ *Sub*⊥(U) such that (*ft*� *<sup>n</sup>* → *r*� ⇐ Δ� )*θ* ≡ (*ftn* → *r* ⇐ Δ). Let I be an arbitrary model of P such that I |=<sup>D</sup> <sup>Δ</sup> ⇐ <sup>Π</sup> (i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (Δ)) and I |=<sup>D</sup> *<sup>r</sup>* → *<sup>s</sup>* ⇐ <sup>Π</sup> (i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*<sup>r</sup>* → *<sup>s</sup>*)). We prove that I |=<sup>D</sup> *ftn* → *<sup>s</sup>* ⇐ <sup>Π</sup>, i.e., *Sol*D(Π) ⊆ *Sol*<sup>I</sup> (*ftn* → *<sup>s</sup>*). Let *<sup>η</sup>* ∈ *Sol*D(Π). Then we have *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (Δ), and by Definition 1, I ��D <sup>Δ</sup>*η*, and also, I ��D <sup>Δ</sup>� *θη*. Analogously, *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*<sup>r</sup>* → *<sup>s</sup>*), and by Definition 1, I ��D *<sup>r</sup><sup>η</sup>* → *<sup>s</sup>η*, and also, I ��D *r*� *θη* → *sη*. We have then (*ft*� *<sup>n</sup>* → *r*� ⇐ Δ� ) ∈ P, *θη* ∈ *Sub*⊥(U) ground substitution and *<sup>s</sup><sup>η</sup>* ∈ *Pat*⊥(U) ground such that (*ft*� *<sup>n</sup>* → *r*� ⇐ Δ� )*θη* ≡ (*ftn* → *r* ⇐ Δ)*η* is ground, I ��D <sup>Δ</sup>� *θη* and I ��D *<sup>r</sup>*� *θη* → *sη*. Since I is a model of P, by applying Definition 2, we obtain ((*ft*� *<sup>n</sup>*)*θη* → *sη*) ∈ I, i.e., ((*ftn*)*η* → *sη*) ∈ I, or also, (*ftn* → *s*)*η* ∈ I. Finally, by applying the *Conservation Property* (see (López et al., 2006) for details), it is equivalent to I ��D (*ftn* → *<sup>s</sup>*)*η*, and by Definition 1, we can conclude that *<sup>η</sup>* ∈ *Sol*<sup>I</sup> (*ftn* → *<sup>s</sup>*).

## **4.3 Declarative diagnosis using positive proof trees**

Now we are ready to present a declarative diagnosis method of wrong answers and to prove its correctness. Our results apply to any *CPPC*(D)-sound goal solving system. First we prove that the observation of an error symptom implies the existence of some error in the program:

**Theorem 3. (Wrong Answers Are Caused By Erroneous Program Rules)** *We assume that a CPPC*(D)*-sound goal solving system computes S as an answer for the initial goal G using program* P*. If S is wrong with respect to the user's intended interpretation* I *then some program rule belonging to* P *is incorrect with respect to* I*.*

*Proof.* Because of *CPPC*(D)-soundness of the goal solving system, we know that P �*CPPC*(D) *<sup>G</sup>* ⇐ *<sup>S</sup>*. Then, from Theorem 2 we obtain P |=<sup>D</sup> *<sup>G</sup>* ⇐ *<sup>S</sup>*, i.e., *Sol*D(*S*) ⊆ *Sol*<sup>J</sup> (*G*) for each model J |=<sup>D</sup> P. Since *<sup>S</sup>* is wrong with respect to the user's intended model I, it must be the case that *Sol*D(*S*) �⊆ *Sol*<sup>I</sup> (*G*) because of Definition 3. Therefore, we can conclude that the intended model I is not a model of P. Then, by Definition 2, some program rule belonging to P is not valid in I.

The previous theorem does not yet provide a practical method for finding an erroneous program rule. As explained in the Introduction, a declarative diagnosis method is expected to find the erroneous program rule by inspecting a *CT*. We propose to use abbreviated *CPPC*(D) proof trees as *CTs*. Since **DF**<sup>P</sup> is the only inference rule in the *CPPC*(D) calculus that depends on the program, abbreviated proof trees will omit the inference steps related to all the other *CPPC*(D) rules. More precisely, given a *PPT*(D) T , its associated *Abbreviated Positive Proof Tree* over D (shortly, *APPT*(D)) AT is defined as follows:


2004) for a comparative between both strategies in an older version of DDT which did not yet support constraints). After selecting the *divide and query* strategy, which usually leads to

<sup>137</sup> A Semantic Framework for the Declarative Debugging

The intended program model corresponds to the intuitions explained in Section 2. Therefore, the question must be understood as: *Is* (*X*,*Y*) *a point in the intersection of the two rectangles for all possible values of X, Y satisfying X* ≤ 35, *X* ≥ 20,*Y* ≤ 5 *is* (*X*,*Y*)*?* The answer is *no*, because with these constraints *Y* can take any value less than 5 and some of these values would yield a pair (*X*,*Y*) out of the intersection for every *X*. Therefore the user marks the cross meaning

which is also reported as non-valid by the user. At this point a buggy node is found by the

The current version of the debugger supports programs using the constraint domain R, which provides arithmetic constraints over the real numbers as well as strict equality and disequality constraints over data values of any type; see Example 3 and (López et al., 2006) for details. The tool is as an extension of older versions which did not yet support constraints over the domain R (Caballero, 2005; Caballero & Rodríguez, 2004), and it is part of the public distribution of the functional-logic programming system T OY, available at http://toy.sourceforge.net. The *APPT*(R) associated to a wrong answer is constructed by means of a suitable program transformation. The yielded tree is then displayed through a graphical debugging interface implemented in Java. More detailed explanations on the practical use of DDT can be found

tool, pointing out to the incorrect program rule and ending the debugging session:

shorter sessions, DDT asks about the validity of the following node:

of Wrong and Missing Answers in Declarative Constraint Programming

that the c-fact is non-valid. The next question is:

in (Caballero, 2005; Caballero & Rodríguez, 2004).

A node in an *APPT*(D) is called a *buggy node* iff the c-statement at the node is not valid in the intended interpretation I, while all the c-statements at the children nodes are valid in I. Our last theorem guarantees that declarative diagnosis with *APPT*(D)*s* used as *CTs* leads to the correct detection of program errors.

**Theorem 4** (**Declarative Diagnosis of Wrong Answers).** *Under the assumptions of Theorem 3, any APPT*(D) *witnessing* P �*CPPC*(D) *<sup>G</sup>* ⇐ *S (which must exist due to CPPC*(D)*-soundness of the goal solving system) has some buggy node. Moreover, each buggy node points to a program rule belonging to* P *which is incorrect in the user's intended interpretation.*
