A signi cant extension of logic programming by adapting ... - CiteSeerX

A signi cant extension of logic programming by adapting model building rules Ricardo Caferra and Nicolas Peltier LIFIA-IMAG 46, Avenue Felix Viallet 38031 Grenoble Cedex FRANCE [email protected], [email protected]

Abstract. A method by the authors for automated model building is extended and specialized in a natural way in order to increase the possibilities of logic programming. A rather complete, though reasonably short, description of the ideas and technicalities of the former method is given in order to make the paper self-contained. Specialization of several key rules permits to obtain three main theoretical results concerning extensions of logic programming: non-ground negative facts as well as inductive consequences can be deduced from programs. Goals containing negations, quanti cations and logical connectives are allowed. It is proven that the proposed extension is strictly more powerful than SLDNF. Several non-trivial running examples show evidence of the interest of our approach. Last but not least, a nice side eect exploits the model building capabilities of the approach: it is shown on one representative example how the method can be used to detect (and to correct) errors in logic programs. Main lines of future research are given.

1 Introduction Automated Deduction and Logic Programming have numerous and deep connections (see for example [ROB83, ROB92, WM91]). Although each of these two elds has its own speci c aims, they often provides to each other useful ideas and techniques. The aim of this work is to show how a model building method (developed by the authors since 1990 in order to be used in Automated Deduction), can be pro tably used in logic programming in order to extend its usefulness and increase its power. Model building is presently recognized as a very important topic in Automated Deduction. Although the usefulness of model building was recognized since the very beginning in Automated Deduction ([GHL83]), no systematic feasible method was proposed until the nineties (for more details see for example [BCP94]). In 1990 ([CZ90, CZ92]) we proposed a method | called RAMC1 | for simultaneous search for refutations and models for set of clauses. The method relies on the use of constrained clauses i.e. couples noted [ clause : constraints]], instead of standard clauses. The constraints codes the conditions either necessary to the application of the inference rule (resolution, factorization: : :) or sucient to prevent their application. Roughly speaking, the method associates to each inference rule (resolution, factorization: : :) 1 standing for Refutation And Model Construction

its \dis-inference" counterpart (disresolution, disfactorization: : :). Dis-inference rules add to c-clauses the constraints preventing the application of the corresponding inference rule. The use of constraints can be seen as a way to perform meta-reasoning at the object level which allows to generate useful information that cannot be deduced by purely deductive approach (see [CZ92] for more details). To apply our approach to logic programming is a very natural idea: the capabilities of the method could obviously extend the capabilities of logic program interpreters, allowing for example to deduce facts that cannot be deduced by classical approaches. More precisely we show in this work that our method can be specialized in order to be pro tably applied to logic programs. In particular our method allows to deduce non ground negative facts | feature not shared by negation as failure | or fact that are inductive consequences of the program. This can also in many cases prevent the non termination of programs. Moreover we propose a method in order to compute the solution of \complex" goals involving negation, connectives and quanti ers which cause trouble to most other approaches. The rest of the paper is organised as follows: the second section is devoted to a brief | but complete | overview of our model building method. Section 3 shows how this method can be specialized in order to deal with logic programs and present a method to solve \complex" goals i.e. goals including quanti cation, connectives and negation. In section 4 we give several non trivial examples illustrating our approach. Section 5 is devoted to concluding remarks.

2 Simultaneous Search for Refutations and Models The method presented here strongly relies on the use of equational constraints. Before presenting the rules of our method, we have to recall brie y some necessary results from [CL89] concerning equational problems (de nition and decidability).

2.1 Equational Problems Let  be a set of function symbols. We note () the set of ground terms built on the signature  (i.e. the Herbrand universe). x; y : : : (resp. t, s) denotes a vector of variables (resp. terms). V ar(t) denotes the set of free variables of the term (resp. formula, clause: : :) t. Efx ! tg denotes the expression (term,formula:: :) E , obtained by replacing each free occurrence of x by t. An equational formula P is either an equation s = t, where s and t are two terms, ? (false), > (true) or of the form: P _ Q, P ^ Q, :P, 9x:P, 8x:P where P and Q are two equational formula. The free variables x of P are called the unknowns. A substitution  of variables x is said to validate an equational formula P i the formula P  is true in the Herbrand universe. More precisely: A ground substitution  validates an equational formula P i P  is valid. The set of substitutions  that validates P is called the set of solutions of P and is noted Sol(P ).

The decidability of equational formulas has been proven in [CL89], and formerly by Mal'cev [MAL71], where an algorithm is given in order to transform any equational formula into a union of formula in a so-called \de nition with constraints" solved form, from which the solutions of the formula can easily be extracted. This algorithm is given as a set of transformation rules (that are proven sound and terminating) allowing to obtain the solved form of any equational formula.

2.2 Simultaneous search for refutations and models

A constrained clause (or c-clause for short) is a couple noted [ C : P ] where C is a clause (in the standard sense) and P an equational formula, called the constraint. A standard clause is a particular case of a c-clause (with P  >). We consider two dierent kinds of rules: the refutation rules (or rc-rules) and the model building rules (or mc-rules).

Refutation rules. The refutations rules are simply the standard inference rules (resolution and factorization) adapted to c-clauses.

The binary c-resolution: Let c1 : [ :P(t) _ c01 : X ] and c2: [ P(s) _ c02 : Y ] be two c-clauses. The rule of binary c-resolution (abbreviated bc-resolution) on c1 and

c2 upon :P(t) and P(s) is de ned as follows: [ :P(t) _ c01 : X ] [ P(s) _ c02 : Y ] [ c01 _ c02 : X ^ Y ^ t = s]]

The binary c-factorization: The binary c-factorization (abbreviated bc-factorization) of the c-clause c : [ P(t) _ P(s) _ c0 : X ] upon P(t) and P(s) is de ned as follows: [ P(t) _ P(s) _ c0 : X ] [ P(s) _ c0 : X ^ t = s]] In [CZ92] we proved that the bc-resolution and the bc-factorization are sound and refutationally complete.

Model building rules (or dis-inference rules). The model building rules, called also dis-inference rules, aim at building a model of the initial set of cclauses. The unit bc-disresolution: Let S be a satis able set of c-clauses. By the unit

bc-disresolution rule, it is possible to eliminate from the clause of a c-clause of S those literals falsi ed by any model of S. Let c1 : [ :P(t) : X ] be a unit c-clause and c2 : [ P(s) _ c02(y) : Y ] be a cclause: The rule of unit bc-disresolution (abbreviated bc-disresolution) on c2 with c1 upon P(s) is de ned as follows (where x = V ar(X ) [ V ar(:P(t))): [ :P(t) : X ] [ P(s) _ c02(y) : Y ] [ P(s) _ c02 (y) : Y ^ 8x:[:X _ s 6= t]]]

The unit bc-dissubsumption: The unit bc-dissubsumption rule noted DSub(C; D),

computes constraints preventing a c-clause from being subsumed by a unit cclause. It allows the elimination of the c-clauses that are logical consequence of other c-clauses of S (as subsumption does). It is de ned as follows (where x = V ar(X ) [ V ar(P(t))): [ P(t) _ c0 : Y ] [ P(s) : X ] [ P(t) _ c0 : Y ^ 8x:[:X _ s 6= t]]]

Remarks:

1. For the sake of clarity, we do not give explicitly the de nition of the general (non unit) dissubsumption rule. Indeed this rule is more complicated to write and will not be used in this work (the interested reader can consult [CZ92]). 2. If C subsumes D then it is easy to see that DSub(C; D) is equivalent to > (because its constraint is equivalent to ?), and thus can be removed from the set of c-clauses. Hence the subsumption rule is a particular case of the dissubsumption rule. 3. Let E be as set of c-clauses and let C be a c-clause. We note DSub(E; C) the c-clause obtained by applying the unit dissubsumption rule between all the c-clauses of E and C. Similarly, for any set of c-clause S we note DSub(E; S) the set: fDSub(E; C)=C 2 S g.

Generating Pure Literals: the GPL and GMPL rules. Our method ex-

ploits in one of its key rules the well known notion of pure literal in a set of clauses S, i.e. a literal whose complementary does not appear in clauses of S. It is clear that a pure literal is a model of the clause to which it belongs (it can be evaluated to true independently of the rest of the interpretation). Therefore a natural idea in order to build a model of a set of clauses S is to try to produce for each clause a pure literal in it. The way our method do this is by setting conditions (coded in the constraints), restricting the domain of the variables in a literal P(s) in order to avoid uni cation (disregarding the negation symbol) with a literal :P(t). This generated pure literal is added to S (trivially if L is pure in S then S [ L is satis able i S is satis able). The formal de nition of the GPL rule is: let S be a set of c-clauses and let c : [ P(t) _ c0 : X ] be a c-clause in S. [ P(t) _ c0 : X ] S [ P(t) : Xpure] V where Xpure = [[:P (s )_r :Y ]] 2S 8y::Y _ s 6= t. where y are the variables in V ar([[:P(s) _ r : Y ] ). Engendering independently one pure literal in each clause does not always allow to build models. Consider the formula:

8x:P(x) , Q(x) The corresponding set of c-clauses is:

[ P(x) _ Q(x) : >] [ :P(x) _ :Q(x) : >] Since the two literals in the formula are equivalent, the interpretation of P and Q cannot be chosen independently from each other, but GPL assumes (implicitly) independence between P and Q interpretations. If we apply GPL on this formula, we get the unit c-clause: [ P(x) : 8y:y 6= x]] i.e. [ P(x) : ?] (constraint solving). The resulting c-clause is a tautology (since the constraints of the c-clause have no solution). In [CP95], we have extended the GPL rule in order to generate simultaneously more than one pure literal. The principle of this extension is to compute a satis able set of unit c-clauses E such that all c-clauses in E are pure in DSub(E; S) i.e. they are pure and do not subsume each other (see remark 2 in 2.2).

The underlying semantics. If our procedure searching for refutations and

models (RAMC) stops, giving a set of unit c-clauses, this set is a model of the initial formula. The partial interpretation of the predicates is given by the unit c-clauses produced by the method: each n-ary predicate P is mapped to two subsets I (P)+ and I (P)? of ()n corresponding to the sets of n-tuples of ground terms for which P is respectively evaluated to True and to False. The interpretation is partial because I (P)+ [ I (P)?  ()n . If I (P)+ [ I (P)? = ()n , we have a total interpretation of predicate P 2. Obviously total interpretations are particular cases of partial interpretations. The sets I (P)+ and I (P)? are presently expressed by equational formulas. In section 3, we shall incorporate in the method constraints with more expressive power (see also [PEL99]). Interpretations (models) expressible by equational problems are called equational (or eq-) interpretations (models).

3 Applications to Logic Programming: adapting rules Our method increases the capabilities of resolution and allows in particular to deal with facts that resolution cannot deduce from a set of clauses. Therefore a natural question arises: is it possible to apply these capabilities in order to extend logic programming? This section as well as the rest of the paper is devoted to the presentation of ideas and techniques allowing to answer positively to this obvious question.

3.1 Restricting the GPL rule The models built by RAMC are not minimal in general: indeed, the GPL and GMPL rules introduces c-clauses that are consistent with the initial set of cclauses S, but that are not in general logical consequences of S as explained in 2 Notice that not to be false in a partial model in not equivalent to be true in it.

section 2.2 (see also [CZ92]). If the application of these rules is not restricted, the intended meaning of the logic program | i.e. its minimal model | will not be preserved in general. Example 1. Let P be the following program:

even(0): even(n + 2)

even(n):

The GMPL rule can generate, for example, the fact: 8x:even(x). This fact is consistent with P . (i.e. P ^ 8x:even(x) is satis able), but obviously it does not correspond to the intended meaning of the program P ! In order to apply our method to logic programming, it is necessary to restrict the application of the GPL and GMPL rules in order to ensure that the meaning of the program is preserved by their application, i.e. to ensure that no positive literal is added to the model of the program. The following theorem shows an important result: in order to preserve the meaning of programs we have only to prevent the application of GPL on positive literals.

Theorem 1. Let S be a nite set of c-clauses. Let C : [ :L(s) : X ] be a negative c-clause obtained from S by applying the GPL rule. If S [ fC g has a minimal model M, then M is also the minimal model of S . Proof. M is the minimal model of S [fC g, hence for all positive ground literals

P(t) 2 M, we have: S [fC g j= P(t), i.e. S [fC; :P(t)g is unsatis able. By refutational completeness of resolution, there exists a refutation of S [ fC; :P(t)g. But :L(s) is pure in S [ fC; :P(t)g (since C is pure in S and C is negative). Hence there exists a refutation from S [ f:P(t)g, and P(t) is a logical consequence of S. M is the minimal model of S. Since all the other rules of RAMC are sound (in the classical sense, i.e. any c-clause deduced from S is a logical consequence of S), it is easy to see that if we build a model M of S without applying the GPL rule on positive literals then M is the minimal model of S. We shall write GPL? when GPL is applied only on negative literals. This rule adds to a negative literal L constraints preventing the uni cation of L with the head of a c-clause of the program. Our method can be used to extend logic programming as shown in the following sections.

3.2 Computing inductive consequences Analysis of the following program S (with  = fa; f g) motivates the extension of the method proposed in this section. [ ?P(x) _ P(f(x)) : >] [ P(a) : >]

Terms of the Herbrand universe of S are of the form f n (a) (with n 2 N). It is easy to see that for each ground term t, P(t) can be deduced from S. Nevertheless P(x) cannot be deduced from S using resolution, since P(x) is not a logical consequence of S. (P(x) is an inductive consequence of S). The c-clause [ P(x) : >] can be generated by RAMC by using the GPL or GMPL rules (see 2.2 and for details [CP95]), applied on the positive literal P(f(x)). Nevertheless, it is no more possible with GPL? (since P(f(x)) is not a positive literal). In this section, we give a rule permitting to detect this kind of inductive de nition, in order to enlarge the capabilities of our method. First, we recall the notion of inductive consequence: Let M be the initial model of a set of formulas S. A formula F is an inductive consequence of S (noted S j=ind F) i M j= F.

Theorem2. Let S be a set fC ; : : :Cng of Horn c-clauses. Ci is of the form: 1

[

m _ i

j =1

:Lij (tij ) _ Pi(si ) : Yi ]

Let P : [ P(s) : X ] be a unit c-clause. Let S 0 be the set fCijCi 2 S ^ Pi = P g. If the following conditions hold: 1. For all Ci 2 S , for all j , P j= [ Lij (tij ) : Yi ] 2. For all Ci 2 S such that Pi = P , for all j , tij < si (where < denote a well founded ordering Von terms, such as the recursive path ordering: : : ) 3. The formula X ^ C 2S (8y i :Yi _ si 6= s) has no solution. (where y i denotes the variables of Ci ) i

0

Then, P is an inductive consequence of S . Proof. The proof is by induction on the set of ground terms (with the order ^ : stable(S ) Choose a r-rule or a mc-rule  Modify S according to  Normalize S . Sol := Sol [ Sol(+ M (F )) M :=Unit(S ) end while return Sol end f Extended Interpreter g

Unit(S) denotes the set of unit c-clauses of S. The procedure stable(S) returns true i S is stable by RAMC (i.e. S does not change by application of RAMC rules). The procedure Normalize consists in applying while possible the rules of dissubsumption, factorization, disfactorization, distautology, unit disresolution and the constraints simpli cation rules on S (it is easy to see that the non deterministic application of the rules always terminates). The procedure stops if (+M (F ) _ ?M (F ))  > (i.e. if all the solutions has been computed) or if stable(S) (i.e. all the information has been extracted from the program). 3.5 Comparison with Negation as Failure

As well known, negative facts cannot be deduced from logic programs by SLDresolution (see for example [LLO87]). The most widespread solution to this problem is to use the negation as failure rule [CLA78], i.e. if P is not provable after exhaustive unsuccessful search, then :P is inferred. Otherwise stated \:" means \fail to prove". In this section we show that our approach gives a more powerful method in order to deduce negative information. The next theorem shows that our method is strictly more powerful than the negation as failure rule.

Theorem 4 (completeness). Let L be a literal and S a logic program. If L has a SLDNF refutation then the procedure Extended Interpreter generate a solution  of L. Proof. (sketch)

We can prove, by induction on n the following property: if L has a SLDNFrefutation of length n or a nitely failed tree of height n then Extended Interpreter terminates on L.

This theorem implies that all completeness results proven for SLDNF resolution also hold for our approach.

4 Examples We give in this section ve examples illustrating our approach.

4.1 The method at work A rst detailed very simple example illustrates how the extended interpreter works. Example 2. Let P be the following program:

append([ajx]; y; [ajz]) append(nil; y; y): Let the goal be:

append(x; y; z):

8y; z::append([z]; y; x)

The corresponding set of c-clauses is: 1 [] [[ append([a|x],y,[a|z]) | -append(x,y,z) : TRUE ]]. 2 [] [[ append(nil,y,y) : TRUE ]].

The extended interpreter (RAMC) gives: 3 [gmpl] [[ -append([a|x],y,z) : z != [a|z'] ]]. 4 [resolution,1,2] [[ append([a],y,[a|y]) : TRUE ]].

At this step the partial model generated (say M ) is: 2 [] [[ append(nil,y,y) : TRUE ]]. 3 [gmpl] [[ -append([a|x],y,z) : z != [a|z'] ]]. 4 [resolution,1,2] [[ append([a],y,[a|y]) : TRUE ]].

The reader can easily verify that the corresponding formula +M (G) is: +M(8y; z::append([z]; y; x))  8y; z:9a1 ; x1; y1; z1 ; z10 ([z] = [a1jx1]^y = y1 ^x = z1 ^z1 6= [a1jz10 ]) Constraint solving rules (see [CL89, CZ92] for more details) gives: +M (8y; z::append([z]; y; x))  (x = nil) Moreover we have: ?M (8y; z::append([z]; y; x))  (9y; z:(9y1 :[z] = nil ^ y = y1 ^ x = y1 ) _(9a1 ; y1:[z] = [a1 ] ^ y = y1 ^ x = [a1jy1])) i.e. ?M (8y; z::append([z]; y; x))  (9[a1jy1 ]:x = [a1jy1]) Therefore: ?M (G) _ +M(G)  (x = nil _ 9a1; y1 :x = [a1jy1 ]) hence: ?M (G) _ +M (G)  >. Therefore the procedure stops and return: fx = nilg.

4.2 Inferring negative facts The example below shows that by using our method it is possible to infer negative literals denoting in nitely many negative ground facts. The following program is taken from [LUG89]. As pointed out in [LUG89], the SLDNF resolution as well as most other methods cannot deal with this example. The deduction procedure (called ENF-deduction in [LUG89], for Extended Negation as Failure) presented is able to enumerate all the solutions of the program. Nevertheless, ENF-deduction cannot terminate, since there exists an in nite number of solutions. We show how our approach allows to deduce directly the negative fact 8x 6= 0::p(x). Example 3. Let  = f0; sg, and the program:

r(s(s(x))) r(x) p(x) q(x; y) p(x) r(x) q(0; 0)

Let the goal be: :p(x). The problem is to nd the solution of this goal, i.e. to nd the terms x such that p(x) is false in the minimal model of the program. The corresponding set of c-clauses is: 1 2 3 4

[] [] [] []

[[ [[ [[ [[

r(s(s(x))) | -r(x) : TRUE ]]. p(x) | -q(x,y) : TRUE ]]. p(x) | -r(x) : TRUE ]]. q(0,0) : TRUE ]].

Our method gives: 5 [gmpl] [[ -q(x,y) : x != 0 | y != 0 ]]. 6 [dissubsumption,5,2] [[ p(0) | -q(0,0) : TRUE ]]. 7 [disresolution,4,6] [[ p(0) | -q(0,0) : FALSE ]]. 8 [disresolution,4,6] [[ p(0) : TRUE ]]. clause #6 is deleted. 9 [gmpl] [[ -r(x) : TRUE ]]. clause #1 is deleted. clause #3 is deleted. 10 [gmpl] [[ -p(x) : x != 0 ]].

c-clause 10 shows that P(x) is false for all x such that x 6= 0. Clause 8 shows that P(0) is true. Hence these two c-clauses give the interpretation of P, and gives the answer of the initial goal. Remark: in contrast to the method in [LUG89], our method does not try to enumerate all the solutions, but stops and gives the answer to the goal :p(x). A standard question when introducing a new method is to ask if it can be simulated by other existing methods. The rest of this section underlines interesting features of RAMC that cannot be simulated by some other existing approaches. The following example shows that our method cannot be simulated by the ENF-deduction method presented in [LUG89]. Example 4. Let S be the following (deliberately simple) logic program: P(s(x); y) P(x; y) P(a; a) Let F be the goal: 8x::P(x; y) Our method gives: 1 2 3 4 5

[] [[ P(s(x),y) | -P(x,y) : TRUE ]]. [] [[ P(a,a) : TRUE ]]. [gmpl] [[ -P(x,y) : y != a ]]. [dissubsumption,3,1] [[ P(s(x),a) | -P(x,a) : TRUE ]]. [ind] [[ P(x,a) : TRUE ]].

c-clauses 3 and 5 give the interpretation of P. The formula +M (F) is: 8x:(9x0; y0 :x0 = x ^ y0 = y ^ y0 6= a) i.e.: y 6= a Hence the solution of the goal 8y:P(x; y), is: y 6= a. It is easy to see that ENF deduction is not even able to enumerate the solutions of such a formula. Indeed when applying the ENF-deduction on the formula: 8x::P(x; y), we get:

8x::P(x; y) ! 8x:(x 6= a _ y 6= a) ^ (8x0; y0 :x 6= s(x0 ) _ y 6= y0 _ :P(x0; y0 )) ! 8x:y = 6 a ^ (8x0 :x = 6 s(x0 ) ^ :P(x0; y)) 0 !y= 6 a ^ (8x ::P(x0; y)) We obtain a formula that contains the initial one, hence ENF deduction will loop, without generating any solution, whereas our method can solve this problem in a natural way.

4.3 Application in program veri cation and correction

One of the most useful and convincing ways to detect wrong reasoning has always been to exhibit counter-examples. The ability of building counter-examples is particularly relevant to the activity of programming. An extremely important feature of counter-examples (seldom exploited) is that they can help to correct wrong reasoning. We propose to apply our method to detect errors in logic programs and to help the programmer to correct them. The idea is to use our method in order to simplify the initial program by preserving its meaning (i.e. the minimal model of the initial set of clauses and the simpli ed one are the same), in order to show evidence that it is not correct. The fundamentals of the method (i.e. model building) allows to point out errors and suggest the way of correcting programs wrong w.r.t. formal as well as informal speci cation.4 . In the best case, we shall obtain a eq-model of the whole program. In cases in which the model cannot be represented by equational problems, the method builds a partial model of the program giving in general enough information to detect that the program is wrong and to understand why it is not correct, which obviously helps to correct it. The following example shows how our method can be used in order to detect errors in a logic program. The method proves that the program is not correct (i.e. that it does not implement its | in this case informal | speci cation) and build a counterexample, providing enough information in order to correct the program. Example 5. The following (wrong) program is intended to compute the depth of a term (represented as a couple (function symbol; arguments)). depth((c:[]); 0): depth((c:[xjl]); z) depth(l; z 0) ^ depth(x; z 00) ^ max(z 0 ; z 00; z): max(x; 0; x): max(0; y; y): max(succ(x); succ(y); succ(z)) max(x; y; z): Our method gives:

4 We further investigate this subject in [CP99]

1 [] [[ depth((c.[]),0) : TRUE ]]. 2 [] [[ depth((c.[x|l]),z) | -depth(l,z') | -depth(x,z'') | -max(z',z'',z) : TRUE ]]. 3 [] [[ max(x,0,x) : TRUE ]]. 4 [] [[ max(0,y,y) : TRUE ]]. 5 [] [[ max(succ(x),succ(y),succ(z)) | -max(x,y,z) : TRUE ]]. 6 [gmpl] [[ -max(0,x,y) : y != 0 ]]. 7 [dissubsumption,6,2] [[ depth((c.[x|l]),z) | -depth(l,z') | -depth(x,z'') | -max(z',z'',z) : (z' != 0) | (z = 0) ]]. 8 [resolution,7,4] [[ depth((c.[x|l]),0) | -depth(l,0) | -depth(x,0) : TRUE ]]. 9 [disresolution,7,4] [[ depth((c.[x|l]),z) | -depth(l,z') | -depth(x,z'') | -max(z',z'',z) : z' != 0 ]]. 10 [gmpl] [[ -depth(t,z) : l != 0 ]]. 11 [dissubsumption,9,10] [[ depth((c.[x|l]),z) | -depth(l,z') | -depth(x,z'') | -max(z',z'',z) : FALSE ]]. clause #11 is deleted. 12 [induction] [[ depth(t,0) : TRUE ]].

clauses 10-12 shows that the value of depth is always 0 for all term t, which gives evidence that the program is not correct. The model building process does not only detect the error but identi es clauses causing trouble. The term succ(z) should replace the variable z in the head of the second clause.

5 Conclusion and future work A powerful extension of logic programming based on a specialization of our prior method for simultaneous search for refutations and models [CZ90, CZ92, BCP94] has been presented. The main theoretical properties of the extension have been proven (in particular that it is strictly more powerful than the negation as failure rule). The method described in [CZ90, CZ92, BCP94] has been implemented as an extension of OTTER [BCP94]. The examples presented in this paper run (partially, the new rules are not fully implemented) on it. These non trivial examples advocate the interest of our approach. It has been also shown on a representative example an original application of the model building capabilities of our method: how to detect (and help to correct) errors in logic programs. The main lines of future work are the following: { Extend the expressive power of constraints (as in [PEL99]) in order to increase the capabilities of our method. { Generalize our approach to more general programs: for example programs involving universal quanti ers or disjunctions. { Study the interest of our approach in logic program veri cation, and/or synthesis, in particular by deepening the ideas in section 5. { Adapt the implementation of extended OTTER [BCP94] to logic programming and incorporate into it the extensions presented in this paper. { Experiment extensively the method in order to evaluate its complexity in practice.

References [BCP94] Christophe BOURELY, Ricardo CAFERRA, and Nicolas PELTIER. A method for building models automatically. Experiments with an extension of OTTER. In Proc. of CADE-12, pages 72{86. Springer-Verlag, 1994. LNAI 814. [CL89] Hubert COMON and Pierre LESCANNE. Equational problems and disuni cation. Journal of Symbolic Computation, 7:371{475, 1989. [CLA78] Keith L. CLARK. Negation as Failure. In Herve Gallaire and Jack Minker, editors, Logic and Data Bases, pages 293{322. Plenum Press, 1978. [CP99] Ricardo CAFERRA and Nicolas PELTIER. Verifying and correcting a large class of logic programs. Submitted, 199? [CP95] Ricardo CAFERRA and Nicolas PELTIER. Model building and interactive theory discovery. In Proceeding of Tableaux'95, LNAI 918, pages 154{168. Springer-Verlag, 1995. [CZ90] Ricardo CAFERRA and Nicolas ZABEL. Extending resolution for model construction. In Logics in AI, JELIA'90, pages 153{169. Springer-Verlag, LNAI 478, 1990. [CZ92] Ricardo CAFERRA and Nicolas ZABEL. A method for simultaneous search for refutations and models by equational constraint solving. Journal of Symbolic Computation, 13:613{641, 1992. [GHL83] H. GELERNTER, J.R. HANSEN, and D.W. LOVELAND. Empirical explorations of the geometry theorem-proving machine. In Jorg Siekmann and Graham Wrightson, editors, Automation of Reasoning, vol. 1, pages 140{150. Springer-Verlag, 1983. Originally published in 1960. [LLO87] John W. LLOYD. Foundations of Logic Programming. Springer-Verlag, second edition, 1987. [LUG89] Denis LUGIEZ. A deduction procedure for rst order programs. In F. Levi and M. Martelli, editors, Proceedings of the sixth International Conference on Logic Programming, pages 585{599. The MIT Press, July 1989. [MAL71] A.I. MAL'CEV. The Metamathematics of Algebraic Systems: Collected Papers 1936{1967, chapter Axiomatizable classes of locally free algebra of various type. Benjamin Franklin Wells III editor, North Holland, 1971. chapter 23. [PEL99] Nicolas PELTIER. Increasing the capabilities of model building by constraint solving with terms with integer exponents. To appear, 199? [ROB83] J.A. ROBINSON. Logic Programming -past, present and future-. New Generation Computing, 1:107{124, 1983. [ROB92] J.A. ROBINSON. Logic and Logic Programming. Communications of the ACM, 35(3):40{65, March 1992. [WM91] Larry WOS and William McCUNE. Automated theorem proving and logic programming: a natural symbiosis. Journal of Logic Programming, 11(1):1{ 53, july 1991.

This article was processed using the LaTEX macro package with LLNCS style