Papers
Topics
Authors
Recent
Search
2000 character limit reached

Operational CQA: Executable Repair Semantics

Updated 8 July 2026
  • Operational CQA is a framework that computes consistent query answers by intersecting results from various repairs generated via justified operations.
  • It employs concrete methods such as first-order rewritings, SAT/ASP reductions, and fixpoint programs to transform abstract repair semantics into executable procedures.
  • The approach addresses challenges in query complexity and approximation, supporting incremental updates and domain-specific adaptations like spatial and SHACL repairs.

Operational consistent query answering (CQA) is the study of how repair-based semantics for inconsistent data can be turned into executable query-answering procedures. In the classical formulation, the consistent answers to a query are the tuples that belong to the intersection of the query answers over all repairs of the input instance; in a narrower recent usage, operational CQA also denotes frameworks in which repairs are produced by sequences of justified operations, such as fact deletions, and queries are evaluated relative to the induced space of operational repairs or repairing sequences (Dixit et al., 2019, Calautti et al., 2022, Calautti et al., 2023). Across these usages, the common objective is to replace abstract universal quantification over repairs by concrete mechanisms such as first-order rewritings, fixpoint programs, SAT or ASP encodings, canonical cores, or randomized approximation schemes.

1. Semantic foundations

At its core, CQA starts from an inconsistent instance II, a fixed set of integrity constraints Σ\Sigma, and a query qq. A tuple is a consistent answer when it is returned in every repair of II; for Boolean queries, this becomes the decision problem asking whether qq holds in every repair. One standard formulation writes the consistent answers as

$\Cons{q, I, \Sigma} = \bigcap\{q(J): \mbox{%%%%0%%%% is a repair of %%%%1%%%% w.r.t. %%%%2%%%%}\},$

which captures the familiar “intersection over all repairs” semantics (Dixit et al., 2019).

The phrase “operational CQA” is used in two related senses. In a broad sense, it refers to executable CQA: the compilation of repair-based semantics into ordinary query evaluation, solver calls, logic programs, or other concrete procedures. In a narrower sense, introduced in work on operational and uniform operational CQA, repairs are not defined only as minimal consistent instances; they are generated by complete sequences of justified operations. In that framework, one starts from an inconsistent database DD, repeatedly applies justified operations, and stops when a consistent database is reached. The resulting database is an operational repair, and the repairing process itself becomes part of the semantics (Calautti et al., 2022, Calautti et al., 2023).

This distinction matters because the operational viewpoint changes what is measured and what is computable. Classical CQA usually asks whether an answer is true in all repairs. Operational CQA may instead ask for the probability that an answer is entailed, once a probability distribution has been assigned to operational repairs, complete repairing sequences, or available operations. The literature summarized here therefore treats “operational” both as an implementation goal and as a specific semantics of repair generation.

2. Repair models and operational semantics

Operational CQA is inseparable from the repair semantics being operationalized. Under primary keys and denial constraints, many systems adopt subset repairs: repairs are maximal consistent subinstances obtained by tuple deletion only. This is the semantics used by CAvSAT and by several complexity classifications for primary-key CQA (Dixit et al., 2019, Koutris et al., 2023, Koutris et al., 2023). Under mixed primary-key and unary-foreign-key constraints, subset repairs are no longer adequate, because referential-integrity violations may require tuple insertion. For that setting, symmetric-difference repairs are used: rdbsiffdbΔrdbΔs,r \leq_{db} s \quad \text{iff} \quad db \,\Delta\, r \subseteq db \,\Delta\, s, and an \oplus-repair is a consistent instance that is minimal under this preorder (Hannula et al., 2022).

Other operationalizations change the repair order itself. Cardinality-based repairs minimize Δ(D,D)|\Delta(D,D')|, rather than inclusion of the symmetric difference, and become especially important in incremental settings, where the size of a minimal repair can be tied to update size (Lopatenko et al., 2016). Attribute-based repairs minimize value changes rather than tuple deletions, while spatial CQA introduces geometry-based repairs in which tuple identity is preserved and only spatial attributes are shrunk, with distance measured by changed area (Rodríguez et al., 2011). In closed-predicate CQA for existential rules, repairs are again subset-maximal consistent subdatabases, because the closed-world assumption forbids adding tuples on database predicates (Marconi et al., 2024). In SHACL, repairs are pairs Σ\Sigma0 with Σ\Sigma1 and Σ\Sigma2, so the repaired graph is Σ\Sigma3, where additions are restricted to a bounded hypothesis graph Σ\Sigma4 (Ahmetaj et al., 2024).

The narrow operational framework makes the repair process itself explicit. A Σ\Sigma5-operation has the form Σ\Sigma6, meaning deletion of a nonempty set Σ\Sigma7; an operation is justified at a current instance Σ\Sigma8 if Σ\Sigma9 is contained in a conflicting pair of facts in qq0. A complete repairing sequence is a finite sequence of justified operations whose result is consistent, and an operational repair is the result of some complete repairing sequence (Calautti et al., 2022, Calautti et al., 2023). This yields two characteristic uniform frequencies: qq1 and

qq2

corresponding, respectively, to the percentage of operational repairs and of complete repairing sequences that entail the answer (Calautti et al., 2023).

A recurrent operational lesson is that repair semantics determines locality. Key-only repairs decompose cleanly into blockwise choices. Unary foreign keys introduce insertion and chase-like propagation. Cardinality semantics favors update-local maintenance. Spatial repairs depend on domain-specific geometric operators. SHACL repairs combine bounded additions and deletions, with minimality over edit pairs. Consequently, “operational CQA” is not a single algorithmic technique, but a family of execution models indexed by the underlying notion of repair.

3. Compilation and rewriting

A central operational strategy is to compile CQA into ordinary query evaluation. For primary keys plus unary foreign keys, a precise first-order rewritability dichotomy is known for self-join-free Boolean conjunctive queries with foreign keys “about” the query. In that setting, qq3 is in qq4 exactly when the attack graph of qq5 is acyclic and qq6 has no block-interference; if so, a consistent first-order rewriting can be effectively constructed (Hannula et al., 2022). The attack graph captures the key-only obstruction, while block-interference captures the new foreign-key obstruction produced by insertions and cross-block propagation.

For acyclic self-join-free primary-key queries, LinCQA identifies the subclass admitting a pair-pruning join tree (PPJT). If a Boolean query qq7 has a PPJT, then qq8 admits an FO rewriting, and there is an algorithm running in time qq9 on a database of size II0. For non-Boolean queries in the same class, consistent answers can be computed in time II1, and for full CQs in time II2 (Fan et al., 2022). The rewriting is executable both as SQL and as non-recursive Datalog and is explicitly presented as a generalization of Yannakakis’s algorithm from ordinary acyclic joins to inconsistent data.

Primary-key CQA on richer query classes exhibits multiple operational regimes. For Boolean path queries with self-joins, the query syntax determines a tetrachotomy between II3, II4-complete, II5-complete, and II6-complete, and the applicable case is decidable in polynomial time in the size of the query (Koutris et al., 2023). For rooted tree queries, the classification becomes II7, II8-hard II9 qq0, or qq1-complete, again with polynomial-time query analysis (Koutris et al., 2023). The rooted-tree result is operationally notable because it replaces path automata by a context-free-grammar view of repair-invariant tree matches, yielding a least-fixpoint evaluation procedure.

Closed-predicate existential rules yield another compilation frontier. For disjunctive embedded dependencies with inequalities, repair checking, instance checking, and IAR/AR query answering admit tractable and often FO-rewritable fragments. In particular, every set of acyclic+full, full+linear, and full+sticky dependencies is CQ-FO-rewritable, and several associated repair-checking and IAR tasks are in qq2 (Marconi et al., 2024). This places repair-based CQA for existential rules into the same operational landscape as relational CQA: some fragments compile into FO, others require PTIME procedures, and unrestricted fragments rise to coNP or qq3.

The significance of these results is that operational CQA becomes query-compiler design. Query syntax and constraint structure determine whether a system can emit a single FO/SQL query, a recursive fixpoint program, or must defer to more expensive reasoning.

4. Solver reductions and logic-programming implementations

A second major operational lineage compiles CQA into generic reasoning backends. CAvSAT reduces the complement of CQA to SAT and Weighted MaxSAT under subset-repair semantics. For key constraints and Boolean CQs, it introduces Boolean variables for facts, clauses enforcing one fact per key-equal group, and clauses breaking every minimal witness of the query. For UCQs under arbitrary denial constraints, the encoding uses minimal violations, near-violations, and additional variables to express repair maximality. A tuple is output exactly when no satisfying assignment exists that witnesses a counterexample repair. The implementation uses SQL-based preprocessing in PostgreSQL, propositional encoding, and MaxHS v3.0 as Weighted MaxSAT solver; experiments include synthetic databases with up to 1 million tuples per relation (Dixit et al., 2019).

ASP-based operationalization appears prominently in data integration. An integrated global database may violate global denial constraints and inclusion dependencies, and the repair semantics may be CM-complete, loosely-sound, or loosely-exact. The ASP encoding introduces cancellation predicates and repaired predicates, uses disjunctive rules for denial-constraint violations, and either propagates deletions along inclusion dependencies or compiles them into perfect query rewritings. Consistent answers are then obtained as cautious consequences of the resulting program. The same work adds query-driven optimizations that project repairs to relevant attributes, eliminate irrelevant relations, and avoid disjunction where possible (Manna et al., 2011).

Repair programs also support a logic-of-repairs view. Under universal integrity constraints, repairs can be specified by disjunctive logic programs under stable-model semantics, then translated into second-order theories using the Ferraris–Lee–Lifschitz characterization of stable models. In favorable FD cases, second-order quantifier elimination yields an equivalent first-order theory and even recovers standard FO rewritings, such as

qq4

for the single-FD example analyzed in detail (Bertossi, 2021).

These approaches demonstrate that operational CQA does not require one execution substrate. SAT/MaxSAT, ASP, and second-order specifications all implement the same semantic pattern—reasoning over minimally changed consistent instances—but expose different trade-offs. Notably, the literature also shows that solver-based operationalization is not automatically dominated by rewritings: CAvSAT was reported to significantly outperform KW-FO rewritings, with PostgreSQL timing out after two hours even on databases as small as 100K tuples per relation, while remaining comparable to ConQuer on some FO-rewritable workloads (Dixit et al., 2019).

5. Complexity, approximation, and incremental behavior

Operational CQA has a distinct approximation theory once repairs are generated procedurally. Under uniform operational CQA, three natural distributions are studied: uniform over operational repairs, uniform over complete repairing sequences, and uniform over currently available operations. Exact computation remains qq5-hard already under primary keys and conjunctive queries, but the approximation picture is substantially better. For primary keys and CQs in data complexity, all three uniform semantics admit FPRASes; for arbitrary keys, uniform operations admits an FPRAS; and for arbitrary FDs, uniform operations with singleton deletions only also admits an FPRAS (Calautti et al., 2022).

The combined-complexity frontier is sharper. For self-join-free conjunctive queries of bounded generalized hypertreewidth, the uniform repair and sequence frequencies remain efficiently approximable when the query is part of the input. The proof introduces the counting class SpanTL, shows that every problem in SpanTL has an FPRAS via reductions to approximate counting for nondeterministic finite tree automata, and places the relevant counting problems for operational repairs and complete repairing sequences in SpanTL. At the same time, unless qq6, there is no FPRAS if either self-join-freeness or bounded generalized hypertreewidth is dropped (Calautti et al., 2023).

Incremental CQA produces a different operational boundary. For cardinality-based repairs, static CQA under denial constraints can be qq7-complete even for conjunctions of ground literals, but the incremental setting—starting from a consistent database and applying a short update sequence—admits PTIME data complexity for first-order Boolean queries under denial constraints. Parameterized by update sequence, incremental CQA is in FPT for FDs and for denial constraints. In contrast, incremental CQA under set-inclusion repairs is coNP-hard for conjunctive queries under denial constraints (Lopatenko et al., 2016). This reversal shows that the “best” repair semantics depends on whether the system is static or update-driven.

The operational significance of these results is twofold. First, operational CQA admits approximate semantics with explicit error guarantees that are unavailable or unlikely for analogous classical frequency notions beyond primary keys. Second, update-aware repair semantics can turn globally difficult problems into local ones, especially when repair cost is bounded by the size of the update rather than by the size of the entire inconsistent instance.

6. Domain-specific extensions, limits, and open directions

Operational CQA has also been adapted to domains where repairs are not ordinary tuple deletions. In spatial databases, inconsistencies are defined by spatial semantic integrity constraints over geometries, and operational repairs are generated by shrinking geometries with operators such as Difference and Buffer. Minimality is measured by changed area, not by tuple difference. For basic spatial range and join queries under restricted SICs, all minimal operational repairs can be summarized by a single core instance, and consistent answers can be computed by querying that core directly in polynomial time, specifically quadratic in data complexity (Rodríguez et al., 2011).

In SHACL-constrained RDF, repairs are edit pairs qq8 relative to a bounded hypothesis graph, semantics may be brave, AR, or IAR, and queries may be BGPs or well-designed SPARQL with OPTIONAL. All considered variants are intractable, with complexities ranging from the first to the third level of the polynomial hierarchy (Ahmetaj et al., 2024). This makes SHACL a strong negative benchmark for operational CQA: the semantics are precise, but unrestricted implementation is unlikely to be efficient without substantial fragmentation or approximation.

Several boundaries remain explicit. For mixed keys and foreign keys, the established dichotomy is limited to self-join-free Boolean conjunctive queries and unary foreign keys “about” the query; composite foreign keys and general self-joins remain outside scope (Hannula et al., 2022). For path and rooted-tree queries under primary keys, the available trichotomy and tetrachotomy results are stepping stones toward a general classification for all Boolean conjunctive queries, but the broad conjecture that every qq9 is either in PTIME or coNP-complete remains open (Koutris et al., 2023, Koutris et al., 2023). For operational approximation, the positive combined-complexity frontier currently requires both self-join-freeness and bounded generalized hypertreewidth (Calautti et al., 2023). For uniform operational CQA under full FDs, unrestricted uniform-operations approximation remains unresolved, while the available FPRAS requires singleton deletions (Calautti et al., 2022).

Taken together, these results place operational CQA at the intersection of database theory, logic programming, solver technology, and domain-specific repair design. Its defining question is not only what a consistent answer means, but how repair semantics can be compiled, approximated, or executed under realistic constraints. In that sense, operational CQA is both a semantic program and a systems program: it studies the expressive frontier of repair-based querying and the execution architectures capable of realizing it.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Operational Consistent Query Answering (CQA).