automated verification of prolog programs
TRANSCRIPT
ELSEVIER The Journal of Logic Programming 39 ~ 1999) 3.-42
ii
1 H E ]OI. ~ R,"~,~t L ( . ~
LC,~q~. ~ A MMING
A u t o m a t e d verif ication o f Pro log programs
Baudouin Le Charlier *, Christophe Lecl~re, Sabina Rossi, Agostino Cortesi
lns t i tu t d ' l n t o r m a t i q u e . Fat'. L )aic. de Namztr ( F. ~: N .D .P . ). R u e G r a n d g a ~ m l g e 21. B -5000 :X'tomlr. B e l g i u m
Received 6 March 1997: received in revised lbrm 22 December 1997: accepted 11 Septella:,cr 1998
Abstract
Al though Prolog is (still) the most widely vsed logic language, it suffers from a number o f d rawbacks which prevent it 1¥om being truely declarative. The nondeclara t ive features such a', the depth-first search rule are nevertheless necessary to make Prolog reasonably efficient. Sev- eral au thors have proposed methodo log ies to reconcile declarat ive p r o g r a m m i n g with the al- gor i thmic features o f Proiog. The idea is to unalyse the logic p rogram with respect to a set o f propert ies such as modes, types, sharing, te rminat ion, and the like in order to ensure that the opera t ional behav iour of the Prolog p rogram complies with its logic meaning. Such analyses are tedious to per form by hand and cap. t~e a u t o m a t e d to sor te extent. This paper presents a state-of-the-art analyser which allows one to integrate many individual analyses previously p roposed in the l,i;.erature as well as new ones. Conceptual iy , the analyser is based on the no- t ion o f abstract sequence which makes it possible to collect all kkn6s o f desirable ~rffozl-aation, including relat ions between the input and ou tpu t sizes o f terms, multiplicity, an~ t,zrmina- tion. © 1999 Elsevier Science Inc. All rights reserved.
K e v w o r d s : Abstract interpretat ion: A u t o m a t e d verification: Logic programs: Prolog
I. Introduction
D e c l a r a t i v e a n d log ic l a n g u a g e s a l l o w t h e p r o g r a m m e r to c o n c e n t r a t e o n t h e d e - s c r i p t i o n o f t h e p r o b l e m to be s o l v e d a n d t o i g n o r e l o w level i m p l e m e n t a t i o n de t a i l s . N e v e r t h e l e s s , t h e i r i m p l e m e n t a t i o n r e m a i n s a d e l i c a t e i ssue: s i nce e f f ic iency is a m a - j o r c o n c e r n fo r m o s t a p p l i c a t i o n s , "~real'" d e c l a r a t i v e l a n g u a g e s o f t e n d e v i a t e f r o m t h e d e c l a r a t i v e p a r a d i g m a n d i n c l u d e a d d i t i o n a l " ' i m p u r e " f e a t u r e s , w h i c h a r e in- t e n d e d to i m p r o v e t he e f f ic iency o f t h e l a n g u a g e b u t o f t e n ru in its d e c l a r a t i v e n a t u r e . T h i s is w h a t h a p p e n s in log ic p r o g r a m m i n g w i t h P r o l o g , w h i c h is c h a r a c t e r i z e d by a n i n c o m p l e t e ( d e p t h - f i r s t ) s e a r c h ru le , a n o n l o g i c a l n e g a t i o n (by fa i lu re ) , a n d a n u m b e r o f n o n i o g i c a l o p e r a t i o n s s u c h as t h e tes t p r e d i c a t e s (e .g . , - e a r ) a n d t he cu t . In o r d e r
"Corresponding author. Tel,: 32 81 724977: fax: 32 81 724967: e-mail: [email protected]
0743-1066/99/S -- see front matter © 1999 Elsevier Science Inc, All rights reserved, Pil: S 0 7 4 3 - i 0 6 6 ( 9 8 ) 1 0 0 3 2 - 8
B. Le Charlier et al. I J. Logic Programming 39 (1999) 3-42
to improve on this s i tua t ion different app roaches have been invest igated in the recent years. In par t icular : + stat ic analyses , ma in ly based on abs t rac t in te rpre ta t ion , have been developed aim-
ing at op t imiz ing Pro log p rog rams , relieving the p r o g r a m m e r f rom using impure con t ro l features [47,56];
• new languages have been defined, like M e r c u ry [61], tha t improve on declara t ive- ness; efficiency is kept by asking the p r t ~ r a m m e r to specialize its code wi th m o d e and type declara t ions . In this paper , we look at the p rob l em f rom a different perspective. Ins tead o f been
targeted towards op t imiza t ions , we follow the a p p r o a c h depicted in Ref. [54] and we show how Prolog p r o g r a m verif ication (a very d e m a n d i n g s o f t ~ a r e engineer ing task) m a y benefit f rom techniques o f static anal'+.'sis [19], as recent ly poin ted out in a more abs t rac t set t ing also by Ref. [36,50].
The aim o f this work is to in t roduce a tool to verify tha t a nondec la ra t ive imple- m e n t a t i o n o f a p r o g r a m (a Pro log code) in fact behaves accord ing to its declara t ive mean ing (a declara t ive specification given by the user). This verif ication process can be used also to t r ans fo rm a first (declarat ively but no t ope ra t iona l ly correct) version o f a p r o g r a m into a bo th declara t ive ly and ope ra t iona l ly correc t version.
In o rde r to define such a verifier, we great ly benefit f rom works on static analysis o f P ro log p rograms . The ana lyse r presented here is general enough to in tegrate mos t a u t o m a t a b l e ana lyses previous ly descr ibed in the l i terature. T!~e design o f the analys- er is based on the m e t h o d o l o g y o f abs t rac t in te rp re ta t ion , where i n fo rma t ion provid- ed by the user is used ins tead o f pe r fo rming a f ixpoint c o m p u t a t i o n . It could be in tegra ted in a p r o g r a m m i n g e nv i r onm e n t to check the correc tness o f P ro log pro- g rams a n d / o r to der ive efficiezlt Pro log p r o g r a m s f rom pure ly logic descr ip t ions [37]. Moreove r , since the i n fo rma t ion p rov ided by the user is certified by the system, it can be also used by a compi le r to opt imize the object code. Even t h o u g h the same ideas m a y be appl ied to any o the r declara t ive language, it is clear tha t the cur ren t p roposa l specifically appl ies to Prolog, which is +~de f ac to" the s t anda rd language o f the logic p r o g r a m m i n g pa rad igm. This makes somehow incomparab le ou r contr i - bu t ion with respect to works tha t follow a comple te ly different ph i losophy , like the ones on M e r c u r y [61 ].
In o rde r to put ou r con t r ibu t ion in perspective, we first discuss the ma in require- men t s for a unified (abs t rac t ) semant ic f ramework .
1.1. A c o m p l e x analys i s , b a s e d on a n u m b e r o f a b s t r a c t d o m a i n s
T he na tu re o f the i n fo rma t ion useful for the var ious appl ica t ions o f logic and Pro- log p r o g r a m analyses is n o w a d a y s well identified. Nevertheless , no previous f rame- work was able to i nco rpo ra t e all k inds o f i n fo rma t ion in a single analysis. A l t h o u g h some a u t h o r s prefer to decompose a complex analysis into a series o f s impler and independen t ones [3], we follow the spirit o f [ 16] where the benefits o f combin ing do- mains are p roper ly discussed. Let us summar ize the i n fo rma t ion the mos t re levant for logic p r o g r a m s tha t is in tegra ted in o u r analyser . , D e t e r m i n a t 3 , a n d c a r d i n a l i t y i n fo rma t ion models the n u m b e r o f so lu t ions to a pro-
cedure and is useful for opt imiza t ions , like dead code e l iminat ion , and a u t o m a t i c complex i ty analys is [29].
R Le Charlier ctai. I J. Logic Programming 39 (1999) 3-42
, ,~#ode informat ion describes the instantiat ion level of p rogram variables at some program point. Groandness ("is a variable bound to a ground term?") and free- heSS ("is a variable either uninstant iated or an alias of other variables?") are the most interesting situations to detect .,ince ti~ey allow for various forms o f unifica- tion specialization. Groundness is also essential for ensuring a safe use of negation by failure and is instrumental for determinac]¢ analysis. Freeness is useful to detect sure success of unification, which is required by some optimizing t:-ansformations and improves the precision of a cardinali ty analysis.
• S h a r i n g informat ion expresses that the terms bound to different p rogram variables may (or may not) contain occurrences of the same (free) variable. This kind o f in- format ion is needed to ensure that unification is occur-check free, and to improve the precision o f mode analysis. T e r m s i ze i n f o r m a t i o n states relationships between the size o f the terms bound to different p rogram variables. It is useful for terminat ion analysis.
• T y p e informat ion defines an approximat ion to the set o f terms that can be bound to a p rogram variable. It allows one to refine most analyses and opt imizat ions based on modes. In a verification context, type informat ion is inferred to ensure that procedures are correctly called and/or produce well-typed results. Type infor- mat ion is instrumental for term size analysis. Mode, sharing, term size, and type informat ion can easily be expressed within
classical abstract interpretat ion f rameworks based on the abstract substi tution no- t ion such as {10,47,48]. Other kinds of informat ion cannot be expressed within clas- sical abstrac~ interpretat ion f rameworks because the latter ignore impor tan t operat ional re:peers of Prolog such as the depth-first search rule and the J 'fference between fail,are and nonterminat ion. Thus, for instance, informat ion about deter- minacy and terminat ion is in general derived within specific f rameworks more direct- ly based on the operat ional semantics o f Prolog. Nevertheless, such analyses may benefit f rom mode, term size, :rod type informat ion and thus often assume that a pre- l iminary analysis based on abstract interpretat ion has been performed.
F r o m the previous discussion it should be clear that a complete analyser o f Prolog programs should be based on an integrated f ramework. This is precisely what we propose in this paper.
1.2. C o n t r i b u t i o n ~" this p a p e r
The main contr ibut ions of this paper can be summarized as follows. 1. We introduce a novel notion of abstract sequence which models sets o f pairs o f
the foi'm (0, S), where 0 and S denote an (input) subst i tut ion and the sequence of an- swer substi tut ions resulting from executing a clause, a goal, or a procedure with this input. Abst rac t sequences make it possible to relate the number of solutions and the size of ou tpu t terms to the size o f input terms in full generality. Fo r instance, we can relate the input and ouput size~ of the s a m e term (i.e., bound to the same program variable) wit~o~t requiring any invariance under instantiat ion. To the best o f our knowledge, such generality was not available in previous f rameworks fur term size analysis.
2. We provide a complete description of an analyser o f Prolog procedures which integrates all previously mentioned analyses in a single, more powerful, one. The an- alyser does not perform a fixpoint computa t ion but instead it verifies the correctness
B. Le Charlier et aLI J. Logic Programming 39 (1999) 3-42
of the p rogram with respect to a set o f abstract descriptions provided by the user. Such descriptions are called behaviours and consist o f abstract s~quences and size ex- pressions which must strictly decrease through recursive calls (the analyser only ac- cepts terminat ing procedures). For the sake of simplifying the presentat ion, we only consider a single built-in operat ion, namely unification, and we do not treat the cut nor the negation. We explain in the concl~sion of the paper how to overcame these simplifications.
3. VCe describe a generic domain of abstract sequences whose elements have the form (fli,,, fir,./, fi,,.,,, E~,./_,,,,,, E~ol), where fl,.,, describes a set o f input substi tutions, fl,.r is a refinement of fli, modell ing the inpLt subst i tut ions leading to a successful execu- tion, fl,,,t describes the set o f ou tpu t substi tutions, E,.,.r_~,,, is a set of constraints be- tv ~.en the size of the terms in fl~,.r and the size o f the terms in ft,,,. E,.,,, is a set o f constraints between the size of terms in fl~,:/, and the number of solution. T.he introduc- tion o f fl,.,:/, allows us to improve the accuracy o f E,.,~t_,,,, and E.,ot, as con'straints have only to deal with successful executions. Note that abstract sequences can be seen as a way to abstract a trace-based semantics into relations, in the spirit o f Rei" [22].
4. We instantiate the generic domain by fixing a part icular domain of abstract subst i tut ions (for the fl's) and a part icular domain o f constraints (for the E's). The domain of abstract subst i tut ion is an improvement o f the domain P a t t e r n [47,55] extended with a type component . The domain of constraints consists o f sets o f integer linear equalities and inequalities. Notice that we only consid~ r integer lin- ear expressions for size expressions. Based on this instantiat ion, we describe the (high level) implementat ion of the main abstract operat ions.
1.3. Plan o f the paper
The rest o f the paper is organized as follows: Section 2 provides an overview of the functionalit ies o f the analyser on a simple example. Section 3 contains a com- plete description of our domain of abstract sequences. The analyser is described in Section 4. Section 5 details the implementat ion of two main operat ions of the ana- lyser in the context of the chosen abstract domain. Section 6 discusses related works. Section 7 concludes.
2. Informal overview: A sample analysis
2. I. Specification o f operational properties o / 'a procedm'e
Consider the procedure s e l e c t / 3 of which both the usual Prolog code and its normai:zed version are depicted in Fig. I; the- latter is the one to which the analyser actually applies and is annota ted by its p rogram points for the sake of the presenta- tion. Declaratively, the procedure s e l e c t / 3 defines a r,:lation select(X, L, LS), be-
select(X, [X[T], T):- l.[st(T). select(X, [HJT], [HITS]):- select(X, T, TS). sele, c t ( X , L , L S ) : - I L = [ H I T ] ,2 H--X,3 LS -T ,4 l i s t ( T ) 5 -6 select(X, L, LS):-7 L=[H[T] ,a LS=[HITS] ,9 select(X, T, TS)to -,l
Fig. I. The procedure s e l e c t / 3 and its (annotated) normalized version.
B. Le t'7.harlier et ai. i J. Logic Programming 39 (1999) 3-42
s e l e c t ( i n ( X : v a r , L : g r o u n d , L S : v a r ) , r e f ( _ , [ _ l l i s t ] , _ ) , out(ground,_,ground list), srel(L_ref = LS_out + 1, sol = L_ref), sexpr(L))
list(in(L: ground), ref(list), srel(sol = 1), sexpr(L))
Fig. 2. Specifications for select/3 and list/l.
tween th ree t e rms , t h a t ho lds i f a n d on ly i f the t e r m s L a n d LS a r e lists a n d LS is o b t a i n e d by r e m o v i n g o n e o c c u r r e n c e o f X f r o m L. N o t e tha t , dec l a ra t ive ly , the t y p e c h e c k i n g l i teral 1 i s t ( T ) is n e e d e d to exp re s s t h a t the r e l a t ion d o e s n o t ho ld i f L a n d LS a r e n o t lists. O u r a n a l y s e r checks a n u m b e r o f o p e r a t i o n a l p r o p e r t i e s w h i c h e n s u r e t h a t P r o l o g ac tua i l y c o m p u t e s the specif ied re la t ion , a s s u m i n g t h a t the p r o c e - d u r e is " d e c l a r a t i v e l y ' " co r rec t . In fact , it is n o t the case t h a t the p r o c e d u r e is c o r r e c t fo r all poss ib le calls. So, we res t r ic t o u r a t t e n t i o n to o n e p a r t i c u l a r a n d r e a s o n a b l e c lass o f calls , i.e., cal ls such t h a t X a n d LS a r e d i s t i n c t v a r i a b l e s a n d L is a n y g r o u n d t e r m (no t necessar i ly a listJ, t F o r th is c lass o f calls , t he use r ha s to p r o v i d e a descr ip - t ion o f the expec t ed b e h a v i o u r o f the p r o c e d u r e by m e a n s o f the l b r m a l spec i f ica t ion dep ic t ed in Fig. 2. In o r d e r to exp la in the m e a n i n g o f such a speci f ica t ion , we v iew the ( conc re t e ) s e m a n t i c s o f the p r o c e d u r e s e l e e t / 3 as a ( to ta l ) f unc t i on t h a t m a p s eve ry ( i npu t ) s u b s t i t u t i o n 0 such t h a t dora(O) = {X, L, LS} to a s e q u e n c e S o f ( o u t p u t ) s u b s t i t u t i o n s o v e r the s a m e d o m a i n . A c c o r d i n g t e this v i ewpo in t , t he f o r m a l speci- f ica t ion desc r ibes ( ! ) the set o f all i n p u t s u b s t i t u t i o n s 0 c o n s i d e r e d a c c e p t a b l e (i.e., the class o f cal ls to be a n a l y s e d ) a n d (2) ( an o v e r - a p p r o x i m a t i o n of) the set o f all pa i r s <0, S) such t h a t 0 is a n a c c e p t a b l e i n p u t s u b s t i t u t i o n a n d S is the c o r r e s p o n d i n g s equence o f o u t p u t subs t i t u t i ons .
T h e i n p a r t o f the f o r m a l spec i f ica t ion o f select/3 s t a t e s t h a t the a c c e p t a b l e i npu t s u b s t i t u t i o n s 0 a r e exac t ly t hose such t h a t X0 a n d L S 0 -" a re d i s t inc t v a r i a b l e s a n d L0 is a n y g r o u n d t e rm. T h e fac t t ha t X a n d LS a r e d i s t inc t is exp re s sed by the a b s e n c e o f a n y poss ib le s h a r i n g i n f o r m a t i o n in the in pa r t .
T h e r e f p a r t o f the spec i f ica t ion is a r e f i n e m e n t o f the i n p a r t ; it g ives p r o p e r t i e s s h a r e d b y all a c c e p t a b l e i npu t s u b s t i t u t i o n s 0 t h a t lead to a t leas t o n e resul t , i.e., such t h a t S h a s a t least one e lement . In th is case , the r e f p a r t ind ica tes t h a t the e x e c u t i o n succeeds a t leas t once on ly i f L is a n o n e m p t y list. T h e i n f o r m a t i o n p r o v i d e d by th'~s p a r t is essent ia l b o t h to s impl i fy the ana ly s i s o f a p r o c e d u r e a n d to i m p r o v e its p re- cis ion: we c a n t r ea t s e p a r a t e l y execu t i ons t h a t fai ls a n d t h u s give m o r e prec ise in fo r - m a t i o n be tween ~he i n p u t a n d o u t p u t s u b s t i t u t i o n s fo r e x e c u t i o n s t h a t succeed . 3 O c c u r r e n c e s o f the s y m b o l " ' " in this p a r t o f the spec i f ica t ion m e a n s t h a t the in fo r - m a t i o n a b o u t the c o r r e s p o n d i n g a r g u m e n t c a n n o t be ref ined wi th respec t to the i n
' Operationally, the literal I i s t ( T ) could be removed ifwe further restrict the class ofcalis by requiring that L is a ground list. This fact can be deduced automatically by our analyser. However, for the sake of demonstrating the functionalities of the analyser, it is interesting to consider a more general ch~s~ of calls where L is any ground term.
2 To simplify the not~.tions, we abusively det~ote X0, L0, and LS0 by X, L and LS. -x In fact, the re f part does not always describe exactly the set of inputs that succeed, sit~ce this would
require to solve an undecidable problem. But it does when the s r e l part ensures that there is at least one solution, which is the case for s e l e c t / 3 .
B. Le Charlier et al. I J. Logic Programming 39 (1999) 3-42
part . M o r e genera l ly , the user is a l lowed to omi t f r om the speci f ica t ion all pieces o f i n f o r m a t i o n which can be infer rcd f rom a n o t h e r part .
T h e o u t par t o f the specif icat ion p rov ides i n f o r m a t i o n a b o u t ou tpu t subs t i t u t ions (i.e., the e l emen t s o f S). In this case, it ind ica tes tha t X will b e c o m e a g r o u n d t e rm a n d tha t LS will b e c o m e a g r o u n d list.
T h e s r e l a n d s e x p r par t s o f thc speci f ica t ion are useful to p rove t e r m i n a t i o n a n d to predic t the n u m b e r o f so lu t ions to a call. T h e m e a n i n g o f these par t s p resup- poses the n o t i o n o f size o f a term. In this paper , we a s s u m e tha t it is g iven by the list- length n~zcrn, which is def ined by [l[t, tt,,][t = 1 + IIt_,tl a n d Ilt[l = 0 i f t is not o f t h e fo rm It, It2]. 4
Based on this n o r m , the s e x p r par t o f the spec i f ica t ion descr ibes a posi t ive inte- ger l inear f unc t i on o f the inpu t t e rms sizes, wh ich mus t decrease t h r o u g h recurs ive calls. In this case, it is j u s t the size o f L. Th i s i n f o r m a t i o n is used to p rove tha t the execu t ion t e r m i n a t e s for all cal ls descr ibed by the i n part . Moreove r , the s r e l par t o f the speci f ica t ion desc r ibes a re la t ion be tween the sizes o f i npu t t e rms a n d the sizes o f ou tpu t t e rms a n d a re la t ion be tween the si: es o f i npu t t e rms a n d the n u m b e r o f so lu t ions to the call. In this case, it says that the i npu t size o f L is a lways equa l to the o u t p u t size o f LS p lus 1 a n d tha t the n u m b e r o f so lu t ions (i.e., the length o f S) is equa l to the inpu t size o f L. T w o po in t s are wor th to be clar i f ied here. Fi rs t , we can see tha t the r e f par t a l lows us to s ta te precise in fo rma ,~on a b o u t the n u m b e r o f so- lu t ions . ( I f L is a g r o u n d te rm bu t not a list, the n u m b e r o f so lu t ions is 0. T h u s wi th- ou t the ref ined i n f o r m a t i o n a b o u t successful inputs , we cou ld on ly s ta te O<=sol<--L_~ n , since we on ly cons ide r l inear ( i n )equa t ions be tween the sizes o f terms.) Second, let us stress tha t the s r e l par t does not descr ibe a so-cal led inter- a r g u m e n t re la t ion (as, e.g., in Ref. [30]) bu t a re la t ion be tween the sizes o f i n p u t a n d o u t p u t terms. In this example , b o t h a p p r o a c h e s a re equ iva l en t since L is in i t ia l ly g round . In genera l however , ou r a p p r o a c h is m o r e power fu l because we do no t need to restr ict to rigid t e rms 0.e., whose size is i nva r i an t u n d e r i n s t an t i a t i on ) as we dif- fe rent ia te the i n p u t a n d ou tpu t sizes o f the terms. H o w e v e r o u r a p p r o a c h is a lso ¢ o m p u t a t i o n a l l y m o r e expens ive s ince it po ten t i a l ly d o u b l e s the n u m b e r o f va r i ab les in the ( in )equa t ions .
2.2. Abstract sequences
Techn ica l ly , the first four par ts o f a speci f ica t ion def ine a m a t h e m a t i c a l obiect ca l led an abstract sequence. "l'hc seman t i c s o f abs t r ac t sequences is def ined in Sec- t ion 3.3.2. In o rde r to give an i n f o r m a l overv iew o f ou r ana lyse r , we present the ab- s t ract sequences c o r r e s p o n d i n g to the speci f ica t ions o f s e l e c t / 3 a n d l i s t / l , as they are p r in ted out by the ana lyser , in Fig. 3. Abs t r ac t sequences c o n t a i n the s a m e i n f o r m a t i o n as the c o r r e s p o n d i n g speci f ica t ions but the i n f o r m a t i o n is expressed in a f o r m bet te r sui ted for def in ing a n d i m p l e m e n t i n g abs t r ac t opera t ions . W e use abs t r ac t subs t i t u t ions f rom the gener ic d o m a i n P a t (,~) [ 16,47] in s t an t i a t ed to mode , type, a n d poss ib le s h a r i n g i n f o r m a t i o n . In this abs t r ac t d o m a i n , the i n f o r m a t i o n is
4 T h : s cho i ce is r a t h e r res t r i c t ive a n d re la ted to the fact t h a t we c o n c e n t r a t e o n lists m a n i p u l a t i n g p r o g r a m s . Neve r the l e s s , the p r e s e n t a t i o n o f the a n a l y s e r in the rest o f the p a p e r is la rge ly gener ic . T h u s , it will b e c o m e c lear l a t e r on t ha t m o r e gene ra l size n o t i o n s can be used.
Bo Le Charlier et al. I J. Logic Programming 39 (1999) 3-42
B_select
beta_in: sv = {X->I,L->2,LS->3}; frm = {}
mo = {l->var,2->ground,S->var}
ty = {1->eu~ylist,2->any,S->anylist}
p s = {(l,l),(S,S)}
beta_ref: sv = {X->I,L->2,LS->3}; frm = {2->[415]}
mo =
ty =
ps =
beta_out: sv =
mo =
ty =
{1->va~,2->ground,S->var,4->ground,5->ground}
{l->aDylist,2->list,3->anylist,4->any,5->list}
{(1, I), (3,3)}
{X->I,L->2,LS->S}; ~rm = {2->[415]}
{l->ground,2->ground,S->ground,4->ground,5->ground}
{l->any,2->list,S->list,4->any,5->list}
ps = 4}
in_tel = 41->1,2->2,3->3,4->4,5->5}
in_out = 41->6,2->7,3->8,4->9,5->10}
E_ref_out = {sz(8)fsz(5)}
E_sol = {sol=sz(5)+l}
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = B_list
beta_in:
sv = {L->I}
frm = {}
mo = {1->ground}
ty = {1->any}
ps = 4}
E_ref_out = 4}
E_sol = {sol=l}
beta_ref:
sv = {L->I}
frm ~ {}
mo = {t->ground}
ty = {l->list}
ps = {}
Fig. 3. Abstrao sequences for s e l e c t / 3 and l i s t / 1 .
beta_out :
sv = {L->I}
f r m = 4} mo = { 1 - > g r o u n d } ty = {1->list}
ps = {}
expressed o n i nd i ce s , n o t d i r ec t ly o n the p r o c e d u r e va r iab les . Ind ices r ep re sen t t e r ms b o u n d to the p r o g r a m va r i ab le s o r s u b t e r m s o f t hose te rms. F o r in s t ance , the ab- s t rac t s u b s t i t u t i o n b e t a _ r e f o f the a b s t r a c t s,~quence B _ s e 1 e e t c h a r a c t e r i z e s a set o f s u b s t i t u t i o n s 0 as fo l lows: the s v c o m p o n e n t b i n d s the p r o g r a m va r i a b l e s X, L, a n d LS to the indices 1 , 2, a n d 3, w h i c h rep, e sen t t he t e rms t , , t2, a n d t3 respec- t ively b o u n d to X, L, a n d LS in 0. T h e f r m c o m p o n e n t s ta tes t h a t the t e r m t2 is o f the f o r m [t4[ts]. T h e mo( d e ) c o m p o n e n t s ta tes t h a t tt a n d t3 a re va r i a b l e s a n d t h a t t2, t4, a n d ts a re g r o u n d te rms. T h e t y ( p e ) c o m p o n e n t p r o v i d e s i n f o r m a t i o n a b o u t the types o f t e rms . In this pape r , we t r ea t types in a r a t h e r s impl i f ied w a y as we c o n s i d e r o n l y t h r ee types , n a m e l y 1 i s t (lists), a n y l i s t (all t e r ms w h i c h c a n bc i n s t a n t i a t e d to a list), a n d a n y (all te rms) . T h i s res t r i c ted " ' type s y s t e m " is sufficient to dea l w i th s imple lists m a n i p u l a t i n g p r o g r a m s . T h e t e rms t, a n d t3 h a v e type a n y l i s t because they are var iab les . T h e p s c o m p o n e n t cons i s t s o f the pa i r s o f indices o f t e rms t h a t m a y sha re a va r iab le . Since the pail" ( 1 , 3) does n o t b e l o n g .~,o p s , tl a n d t3 a re dis- t inc t va r iab les . Let us n o w t u r n to the c o m p o n e n t s E _ r e f _ o u t a n d E _ s o l o f the a b s t r a c t sequence . T h e first o n e re la tes the sizes o f t e rms in a n i n p u t s u b s t i t u t i o n to the sizes o f t e rms in the c o r r e s p o n d i n g o u t p u t subs t i tu :~oas . T e r m s a re r e p r e se n t e d by indices , bu t as the s ame indices c a n be used in b e t a _ r e f a n d b e t a _ o u t , we express the r e l a t i o n o n the " d i s j o i n t u n i o n " o f the t w o sets. T h e f u n c t i o n s Z n _ r e f
10 B. Le ClutrHer et al. I J. L,,gic Programming 39 (1909) 3-42
a n d in_cut m a p s the or ig inal indices to their image in the dis joint union . M a n y equa l i ty constra ; .nts be tween t e rms can be der ived f r o m the c o m p o n e n t s mo a n d f r m o f b e t a _ r e f a n d b e t a _ o u t a n d f rom the c o r r e s p o n d e n c e be tween the indi- ces. T h o s e c o n s t r a i n t s a re no t r epresen ted in E _ r e f _ o u t . O n l y " e s s e n t i a l " con- s t r a in t s a re represented . In this case, it is sufficient to s ta te tha t s z ( 8 ) = s z ( 5 ) which m e a n s t ha t the o u t p u t size o f LS is equa l to the inpu t size o f the tail o f L. Fi- nal ly, the c o m p o n e n t E _ s o l defines the c o n s t r a i n t s on the n u m b e r o f solut ions . As for the p rev ious c o m p o n e n t we choose to express the c o n s t r a i n t s in t e rms o f the "el - e m e n t a r y ' " indices, w h o s e pr inc ipa l f u n c t o r is u n k n o w n .
2.3. D e s c r i p t i o n o f a succes.~'ftd ana i j ' s i s
-Fhe ana lys i s o f the p r o c e d u r e select/5 a c c o r d i n g to the a b o v e specif icat ion w o r k s on the n o r m a l i z e d vers ion o f the p r o c e d u r e given in the second pa r t o f Fig. 1. W e have a n n o t a t e d the p r o c e d u r e with na tu r a l n u m b e r s ident i fy ing its " p r o - g r a m p o i n t s . " The first w o r k o f the a n a l y s e r precisely consis ts o f a t t a c h i n g an ab- s t rac t sequence B i to every p r o g r a m poin t g. We n o w prov ide a t race o f ~he execut ion . -~ T o u n d e r s t a n d the t race, it is w o r t h po in t ing ou t tha t every a b s t r a c t se- quence B_i descr ibes (poss ib ly an o v e r - a p p r o x i m a t i o n of) the set o f pa i rs (0, S) such tha t 0 is desc r ibed by b e t a _ i n a n d S is the set o f o u t p u t subs t i tu t ions p r o d u c e d by the l i terals o f the c lause before the p r o g r a m po in t ~. The ana lys i s ignores the next lit- e ra ls in the c lause a n d is thus c o m p o s i t i o n a l ( c o n t r a r y to S L D - r e s o l u t i o n ) . The first a b s t r a c t sequence is the fo l lowing:
B_I
beta_tel: sv = {X->I,L->2,LS->3}; frm = {}
mo = {l->var,2->ground,3->var}
ty = {l->anylist,2->any,3->anylist}
ps = {(I,i),(3,3)}
beta_out: sv= {X->I,L->2,LS->3,H->4,T->5}; frm = {}
mo = {l->var,2->ground,3->var,4->var,5->var}
ty = {l->anylist,2->any,3->anylist,4->anylis~,5->anylist}
ps = {(I,I),(3,3),(4,4),(5,5)}
E_ref_out = {}
E_sol = {sol=l}
The abs t r ac t subs t i tu t ion beta_re f is ident ical to beta_in because the head o f the c lause is unif iable wi th a n y call since it c o n t a i n s dis t inct var iab les . Similar ly , b e t a _ o u t is o b t a i n e d by ex tend ing b e t a _ i n with i n f o r m a t i o n a b o u t the local
5 For space reasons, only essential changes are depicted. The hidden parts of every abstract sequence are thus identical to those of the abstract sequence relative to the preceding program point. For instance, no abstract substitution b e t a _ i n is depicted, since it is the same in all abstract sequences.
B. Le Charlier et ai. i J. LtLgic Programming 39 (1999) 3-42
v a r i a b l e s H a n d T. Since they a r e b r a n d - n e w , the i r m o d e , type , a n d s h a r i n g i n f o r m a - t ion is o b v i o u s l y oh zained. All size c o n s t r a i n t s b e t w e e n t e r m s can be in fe r r ed by es- t ab l i sh ing a c o r r e s p o n d e n c e be tween the indices o f b e t a _ r e f a n d those o f b e t a _ o u t , t h u s the c o m p o n e n t E _ r e f _ o u t is e m p t y since we on ly dep ic t essent ia l c o n s t r a i n t s . F ina l ly , the c o m p o n e n t E s o l expresses t ha t the un i f i ca t ion o f the h e a d o f the c l ause succeeds exac t ly once .
T h e first th ree lite~als in the c lause a re ,~ ~if icat ions. T h e y resul t in the fo l l owing a b s t r a c t sequences :
beta_ref:
beta_out:
beta_out :
beta_out :
B _ 2
frm = {2->[4j5]}
mo = { .... 4->ground, 5->ground}
ty = { .... 4->any,5->a~ly}
frm = {2-> [415]}
mo = {... , 4->ground, 5->ground}
ty = { .... 4->any,5->any}
B_3 sv= {X->I ..... H->I,T->4}; frm = {2->[I]4]}
mo = {l->ground ..... 4->ground}
ty = {l->any,... ,4->any}
p s = ~ ; ( 3 , 3 ) }
B_4 s v = { . . . , L S - > S , . . . , T - > S } ; f r m = { 2 - > [ 1 1 3 ] } mo = {... ,3->ground}
ty = { .... 3->any} p s = {}
T h e first un i f ica t ion L ---- [ H ! T ] succeeds i f a n d on ly i f L is a g r o u n d t e r m o f the f o r m [tlt'] b ecause H a n d T a re d i s t inc t v a r i a b l e s as specified by the c o m p o n e n t s mo a n d p s o f B _ l . T h u s , in B 2, the a n a l y s e r u p d a t e s the f r m c o m p o n e n t o f b e t a _ r e f a n d b e t a o u t wi th the s t r u c t u r a l i n f o r m a t i o n a b o u t L. I m p o r t a n t l y , the c o m p o n e n t E _ s o l is , o r modi f i ed b e c a u s e un i f ica t ion succeeds fo r a l l t e r m s L o f the f o r m [tit' ]. T h e next two un i f i ca t ions H = X a n d LS----T b o t h sure ly succeed b e c a u s e X a n d LS a re d is t inc t va r i ab l e s as i nd i ca t ed by the c o m p o n e n t s mo a n d p s o f B _ 2 . T h e resul t o f the un i f ica t ion is r e c o r d e d by m a p p i n g c o r r e s p o n d i n g va r i ab l e s to the s a m e index , in ~he s v c o m p o n e n t .
T h e l i teral 1 ± ~ t ( T ) is then a n a l y s e d by m e a n s o f the a b s t r a c t s equence B _ I i s t (see Fig. 3). Since T is n o w a g r o u n d t e r m , the call is c o m p a t i b l e wi th the c o m p o n e n t b e t a _ i n o f the a b s t r a c t sequence . T h u s , the a n a l y s e r infers t h a t the call succeeds i f a n d on ly if T is a list, a n d t h a t it succeeds exac t ly once. Th i s info~ 'mat ion is r e c o r d e d in ]3_5 as fol lows:
= B _ 5
beta_ref: ty = { .... 2->list ..... 5->list}
beta_out : ty = { .... 2->list,S->list}
12 B. Le Charlier et al. I J. Logic Programmblg 39 (1999) 3-42
The final abst ract sequence for the first clause is obta ined by removing the local vari- ables form the s v component . The abstract sequence B_6 is thus:
B_6 beta_ref: sv = {X->I,L->2,LS->3}; frm = {2->[415]}
mo= 4 l->var, 9-->ground, 3->vat, 4->ground, 5->ground} ty = {1->anylist,2->list,3->anylist,4->any,5->list}
ps = 4(1,1), (a,a)} beta_out: sv= {X->I,L->2,LS->3}; frm = 42->[I13]}
mo = {l->ground, 2->ground,3->ground}
ty = {l->any,2->list,3->list}
ps = 4}
E_ref_out = {}
E_sol = {sol=l}
We now consider the second clause. Since the t reatment of the first two unifica- tions is similar to the t rea tment of unifications in the first clause, we directly provide the abstract sequence B_9 corresponding to the p rogram point just before the recur- sive call:
B_9 beta_ref: sv = {X->I,L->2,LS->3}; frm = {2->[415]}
mo = { 1->var, 2- >ground, 3->vat, 4->gr¢.und, 5->ground}
ty = { 1->anyl ist, 2->any, 3->anyl ist, 4->any, 5->any}
ps = {(1,1),(3,3)}
beta_out: sv= {X->I,L->2,LS->3,H->4,T->5,TS->6} frm = {2-> [415], 3-> [416] }
mo = { l->var, 2->ground, 3->ngv ,4->ground, 5->ground, 6->var}
ty = {l->anylist,2->any,3->anylist,4->~ny,5->any,
6->anylist}
ps = {(1,1),(3,3),(6,6)} E_ref_out = {}
E_sol = {sol=l}
Since we want to prove terminat ion of the procedure, the analyser first checks that the size expression (provided by the s e x p r par t o f the specification) is smaller for the recursive call than for the initial call, i.e., that the size of T is smaller than the initial size o f L. This can be deduced from the " impl ic i t" constraints o f E _ r e f _ o u t obtained by mapping the indices of b e t a _ r e f to those o f b e t a _ o u t and by rea- soning on the structural informat ion and the modes. Next, the analyser checks that the informat ion given by b e t a _ o u t about the actual parameters X, T, and TS is compat ible with the componen t b e t a _ i n of B _ s e l e c t , which is the case, since X and TS are distinct variables and T is a ground term. Thus, the analyser may use the informat ion f rom B _ s e l e e t to update B_9. The following abstract sequence is obtained:
B. Le Charfier et al. I J. Logic Programming 39 (1999) 3-42
=============================== B_IO
beta_ref: frm = {...,5->[617]}
mo = {... ,6->ground,7->ground}
ty = {... ,2->list .... ,5->list,6->any,7->list}
beta_out: frm = { .... 5->[718]}
mo= { 1->ground ..... 3- >ground ..... 6->ground, Y->ground, 8->ground}
ty = {1->any,2->list,3->list ..... 5->list,6->list,7->any,
8->list}
ps = {} in_ref = {1->1,2->9-,3->3,4->4,5->5,6->6.7->7} in_out = {I->8,2->9,3->I0,4->11,5->12,6->13,7->14,~->15}
E_ref_out = {sz (13) =sz (7) }
E_sol = {sol=sz (7) +l}
13
It is in tui t ively clear that all the i n f o r m a t i o n con ta ined in B_IO can be deduced by m a p p i n g the indices o f the c o m p o n e n t s o f B 9 to those o f :13 s e 1 e e t a n d reexpress- ing the i n f o r m a t i o n in B s e l e c t on the indices o r B 9. Technica l ly , this is done by means o f ope ra t ions cal led constraint mappings, which are descr ibed in Section 5.2.1. The final abs t rac t sequence for the second clause is ob t a ined by r emov ing the local var iables f rom the c o m p o n e n t s v :
B_11 b e t a _ r e f : sv = { X - > I , L - > 2 , L S - > 3 } ; f r m = { 2 - > [ 4 1 5 ] , 5 - > [ 6 [ 7 ] }
mo = { 1 - > v a r , 2 - > g r o u n d , 3 - > v a r , 4 - > g r o u n d , 5 - > g r o u n d , 6 - > g r o u n d , 7 - > g r o u n d }
t y = { 1 - > a n y l i s t , 2 - > l i s t , 3 - > a n y l i s t , 4 - > a n y , 5 - > l i s t , 6 - > a n y ,
7 - > l i s t } ps = { ( 1 , 1 ) , ( 3 , 3 ) }
b e t a _ o u t : sv= { X - > I , L - > 2 , L S - > 3 } ; f r m = { 2 - > [ 4 1 5 ] , 3 - > [ 4 1 6 ] , 5 - > [ 7 1 8 ] } mo = { 1 - > g r o u n d , 2 - > E r o u n d , 3 - > g r o u n d , 4 - > g r o u n d , 5 - > g r o u n d ,
6->ground, 7->ground, 8->ground} ty = {1->any ,2->list ,3->list, 4->any, 5->list ,6->list ,7->any,
8->list}
ps = {}
in_ref = {1->1,2->2,3->3,4->4,5->5,6->6,7->7}
in_out = {1->8,2->9,3->10,4->11,5->12,6->13,7->14,8->15}
E_ref_out = {sz(13)=sz(7)} E_sol = {sol=sz (7) +1}
The next task o f the ana lyse r is to c o m b i n e the abs t rac t sequences B_6 a n d B_II to c o m p u t e an abs t rac t sequence B _ f i n a l d e s c r i b i , g the g lobal b e h a v i o u r o f the pro- cedure. 6 Its c o m p o n e n t s b e t a _ r e f and b e t a _ o u t are c o m p u t e d f rom those o f
6 It happens thai the abstract sequence B_final is identical to B_select in this case. Thus the reader should look at Fig. 3 to understand the next steps o f the discussion.
14 B. Le Charlier et al. I J. Logic" Programmbzg 39 (1999) 3-42
B 6 a n d B _ l l by a least u p p e r b o u n d o p e r a t i o n (wh ich is c lass ica l for th is k i n d o f a b s t r a c t subs t i t u t i ons , see Refs . [16,47]).
T h e f inal c o m p o n e n t E _ r e f _ o u t is c o m p u t e d in two steps: first, the ( i n ) equa - t ions o f the c o m p o n e n t s E _ r e £ _ o u t o f B _ 6 a n d B _ l l a re r eexpressed in t e rms o f the ind ices o f B _ f i n a l ; second , the least u p p e r b o u n d (i.e., g eome t r i c a l l y , the con- vex hul l ) o f the two sets o f ( i n ) e q u a t i o n s is c o m p u t e d . In the first step, b o t h impl i c i t a n d essen t ia l ( i n ) e q u a t i o n s o f B 6 a n d B _ l l m u s t be t a k e n in to a c c o u n t because pa r t o f the s t ruc tu ra l i n f o r m a t i o n c o n t a i n e d in B _ 6 a n d B _ l l is r e m o v e d f r o m B _ f i n a l . As a c o n s e q u e n c e , p r e v i o u s l y impl i c i t e q u a t i o n s can b e c o m e essent ia l in B f i n a l . F o r ins tance , we o b t a i n two essen t ia l e q u a t i o n s f r o m B_6: s z ( 4 ) = s z ( 6 ) a n d s z ( 5 ) = s z ( 8 ) . T h e s e e q u a t i o n s expreJs tha t the f inal va lue o f X (i.e., t6) a n d LS (i.e., t8) h a v e the s a m e size as the first e l e m e n t (i.e., t4) a n d the tai l (i.e., ts) o f L. T h e i n f o r m a t i o n tha t we ac tua l l y h a v e t4 = t6 a n d t5 = t8 is lost d u e to the w e a k e r s t r u c t u r a l i n f o r m a t i o n o f B _ f i n a l . F r o m the a b s t r a c t s e q u e n c e B _ l l , we o b t a i n the essen t ia l ( i n ) e q u a t i o n s s z ( 5 ) = s z ( 8 ) a n d s z ( 5 ) > = l . In the s e c o n d step, it is m o r e efficient to c o m p u t e the least u p p e r b o u n d on the es- sen t ia l ( i n ) e q u a t i o n s only , s ince the c o n v e x hul l is a c o m p u t a t i o n a l l y e x p e n s i v e op- e r a t i on . In this case, we o b t a i n a s ingle e q u a t i o n : s z ( 5 ) = s z ( 8 ) .
T h e f inal c o m p o n e n t E _ s o l is a lso a n u p p e r b o u n d o f two sys t ems o f l i nea r ( i n ) e q u a t i o n s reexpressed on the ind ices o f the c o m p o n e n t b e t a _ r e f o f B _ f i n a l . T h e first sys t em c o r r e s p o n d s to the case w h e r e b o t h c lauses succeed, i.e., the case w h e r e L c o n t a i n s at least two e l emen t s . I n t r o d u c i n g two n e w s y m b o l s to d e n o t e the n u m b e r o f s o l u t i o n s o f the two c lauses , we o b t a i n the sys tem:
sol =soll + sol2, soll = I, sol2 = sz(5), sz(5) >= I.
E l i m i n a t i n g soll a n d sol2, the sy s t em reduces to
sol ---- sz(5) + I, sz(5) >---- I.
T h e second sys t em c o r r e s p o n d s to the case w h e r e on ly the first c l ause succeeds . It can be d e d u c e d by c o m p a r i n g the c o m p o n e n t s b e t a r e f o f B _ 6 a n d B _ l l tha t this is poss ib le on ly i f L cons i s t s o f a s ingle e l emen t . T h e c o r r e s p o n d i n g sys tem is:
sol = I, sz(5) = O.
O b v i o u s l y , the c o n v e x hul l o f the two sys t ems is g iven by the s ingle e q u a t i o n s o l = s z ( 5 ) + l ( impl ic i t ly , al l sizes a re g rea te r or e q u a l to 0).
T h e very last s tep o f the a n a l y s i s cons i s t s o f ve r i fy ing tha t the i n f o r m a t i o n con- t a ined in the a b s t r a c t s e q u e n c e B _ f i n a l impl i e s (is at least as precise as) the infor - m a t i o n c o n t a i n e d in the f o r m a l spec i f i ca t ion (i.e., in B f i n a l ) . In this case, the ve r i f i ca t ion is i m m e d i a t e s ince the two a re equa l .
2.4. A n unsuct'es,iJkd at talvs is
It s h o u l d be c lea r f r o m the p r ev ious e x p l a n a t i o n s tha t al l the i n f o r m a t i o n g iven in the spec i f i ca t ions a n d r eco rded in ',he abs t r ac t sequences is essen t ia l a n d m u s t be ful- ly exp lo i t ed to o b t a i n a successfu l ana lys i s . F o r ins tance , let us r e m o v e the c o n d i t i o n tha t X a n d LS in i t i a l ly a re d i s t inc t va r iab les . T h i s s h o u l d be expressed by a d d i n g the i n f o r m a t i o n p s : (X, L S ) in the i n pa r t o f the spec i f ica t ion . T h e c o m p o n e n t p s o f b e t a _ i n thus b e c o m e s { ( I , 1 ) , (1 ,3 ) , (3 ,3 ) } . In the first c lause , the un i f i ca t i on H = X still sure ly succeeds bu t s ince the ind ices 1 a n d 3 " m a y s h a r e " , it g ives the m o d e
B. Le Charlier et al. I J. Logic Programmhlg 39 (1999) 3-42 15
g v ( g r o u n d o r va r i ab l e ) to the index 5. N o w , s ince LS is poss ib ly g r o u n d , the s y s t e m is u n a b l e to p r o v e t h a t the un i f i ca t ion Y.,S = T sure ly succeeds . T h e c o m p o n e n t E _ s o 3 - o f B _ 4 is t h u s { s o l < = 3-) ins tead o f { s o l = 3.) . A s a c o n s e q u e n c e , the a n a l y s e r is g loba l ly u n a b l e to p r o v e t h a t the n u m b e r o f so lu t ions is e q u a l to the size o f L. It is h o w e v e r poss ib le to o b t a i n a successfu l ana ly s i s by r e l ax ing the s r e J_ p a r t o f the spec i f ica t ion to
srel (L_ref~L$ out+l, sol<=L ref).
3. Abstract domains
In this sec t ion , we p r e sen t a s implif ied d e s c r i p t i o n o f the a b s t r a c t d o m a i n s used b y o u r a n a l y s e r (a m o r e c o m p l e t e p r e s e n t a t i o n c a n be f o u n d in Ref . [43]). Sec t ion 3.2 desc r ibes o u r d o m a i n o f a b s t r a c t subs t i t u t i ons . T h i s p a r t is c lassical . Sec t ion 3.3 is novel : it p r e sen t s o u r d o m a i n o f a b s t r a c t sequel~ces. F ina l ly , Sec t ion 3.4 def ines the n o t i o n o f b e h a v i o u r , w h i c h f o r m a l i z e s the n o t i o n o f f o r m a l spec i f ica t ion in t ro - d u c e d in Sec t ion 2, i.e., the full p a c k a g e o f i n f o r m a t i o n p r o v i d e d ( fo r ve r i f i ca t ion) by the use r to the sys tem.
3.1. Prelimblaries
T h e r e a d e r is a s s u m e d to be f a m i l i a r wi th the bas ic c o n c e p t s o f logic p r o g r a m m i n g a n d a b s t r a c t i n t e r p r e t a t i o n (see Refs . [21,51]).
Terms. indices and norms. W e d e n o t e by . 7 the set o f all t e rms , a n d by I ()3ossibly s u b s c r i p t e d o r s u p e r s c r i p t e d ) a set o f indices; in p a r t i c u l a r , we a s s u m e tha t t" is a fi- n i te subse t o f N . . ¢ - t is the set o f all tup les o f t e r m s (t~)j¢l a n d .~-; is the set o f all " f r a m e s " o f the forrn f ( i l , • . . , i , ) w h e r e f is a f u n c t o r o f a r i t y n a n d i~ . . . . . i , E I . A size m e a s u r e , o r n o r m , is a f u n c t i o n fl • Ft : -~ --~ N, see Ret~. [8,26,65]. In this p a - per , we a l w a y s re fer to the l i s t - length m e a s u r e p r e sen t ed in Sec t ion 2.
Substi tut ions. A program substi tut ion 0 is a finite set { X , , / h , . . . ,.Yi,,/t,,} w h e r e X,~,. . . , ,V~, a r e d is t inc t p r o g r a m va r i ab l e s a n d the t / s a r e t e rms . V a r i a b l e s o c c u r r i n g in t t , . . •, 4 a re t a k e n f r o m the set o f s tandard cariablt:~" w h i c h is d i s jo in t f r o m the set o f p r o g r a m var iab les . T h e d o m a i n o f 0, d e n o t e d by dora(O), is the ~e, o f va r i ab l e s {X/~ . . . . . X~,, }. A s tandard substi tut ion tr is a s u b s t i t u t i o n in the usua l sense w h i c h on ly uues s t a n d a r d var iab les . T h e a p p l i c a t i o n o f a s t a n d a r d s u b s t i t u t i o n a to a p r o g r a m s u b s t i t u t i o n 0 = {X, , / t , . . . . . X~,,/t,,} is the p r o g r a m s u b s t i t u t i o n 0 a = { X i , / h t r ; . . . ,Xi,,/t,,a}. W e say t h a t 01 is more general (o r less precise) t h a n 0_~, n o t e d 0, ~< 0, , iff there exis ts tr such tha t 0, ----- 0~ tr. W e d e n o t e the set o f s t a n d a r d subs t i t u - tion.,: t h a t a r e a m o s t gene ra l unif ier o f h a n d t~ by mgu(h , t2). T h e restriction o f / ) to a set o f va r i ab l e s D C_ dom(O), d e n o t e d by 0/o, is such tha t d o m ( O / o ) = D a n d X~0 = X~(0/o), fo r all X~ ~ D.
Subst i tut ion sequences. A program substitrttion sequence S is a f in i te sequence (0t . . . . . 0,,) (n 1> 0) w h e r e the 0~ a re p r o g r a m s u b s t i t u t i o n s wi th the s a m e d o m a i n D. D is a l so the d o m a i n o f S, d e n o t e d by dora(S). W e d e n o t e by ( ) the e m p t y se- quence . Subst(S) is the set o f all s u b s t i t u t i o n s wh ich a r e e l emen t s o f S. SSeq is the set o f all p r o g r a m s u b s t i t u t i o n sequences . T h e restriction o f S to D C dora(S), d e n o t - ed by S/o, is the s equence o b t a i n e d by res t r ic t ing each 0 E Subst(S) to D. T h e s y m b o l : : d e n o t e s s equence c o n c a t e n a t i o n .
16 B. Le Charlier et al. I J. Logic Programming 39 (1999) 3-42
3. 2. Abstract substi tutions
The d o m a i n o f abs t rac t subs t i tu t ions we cons ider is a s imple extens ion (with type i n fo rma t ion ) of the d o m a i n P a t t e r n presented in Ref. [47]. It can be viewed as an instant±at±on to modes , types and possible shar ing o f the generic abs t rac t d o m a i n P a t ( : ~ ) descr ibed in Refs. [15,16].
3.2.1. Modes We cons ider the set o f modes Modes = {_k, ground, var, ngv, novar, gv,
noground, any}, sat is fying the o rder ing re la t ionsh ip impl ied by the d i a g r a m depicted in Fig. 4, where an arc between M~ and M2 with M~ above M2 m e a n s that Mi > M,. The semant ics o f modes can be given by the fo l lowing concre t iza t ion funct ion:
c ~ ( ± ) = 0
Ce(ground) -- { t i t is a g r o u n d term}:
Cc(var) = {t l t is a var iable};
Ce(ngv) : { t l t is nei ther a var iab le nor a g ro tmd term};
Cc( lub(M, . M,) ) = Ce(M, ) LJ Ce(M~).
For any set o f indices 1, .re denote by Modest the set o f all funct ions f rom I to Modes a u g m e n t e d with 1. T h e semant ics o f an e lement mo E Modest is given by the follow- ing concre t iza t ion funct ion Cc. If mo = ± then Cc(mo) = q}, o therwise Cc(mo) is the set {(ti),ct ~ .Y-tl v i e / : t , ~ co(too(i))}.
3.2.2. Types A s imple type d o m a i n for lists is considered: T)7~'s = {_1_, list, anylist, any}, or-
dered by: L ~. list <~ anylist <~ an),. The semant ics o f types is as follows:
c o ( ± ) = O;
Cc(iist) -- { t i t is a list};
Cc(anylist) = { t i t is a term that can be ins tan t ia ted to a list}"
Co(any) = { t i t is any term}.
For any set o f indices I, we denote by Typest the set o f all funct ions f rom I to Types a u g m e n t e d with i . The semant ics of an e lement tv E Typest is given by the fo l lowing concre t iza t ion funct ion Co. If O ' - - ± then C c ( t y ) = 0, o therwise Cc(ty) is the set {(ti)i~, E .Ytl Vi E t:ti E Cc(ty(i))} .
any
n o v a r ~ noground
g r o u n d ~ v a r
_k Fig. 4, Modes.
B. Le Cllarlier et aLI J. Logic Programming 39 (1999) 3-42 17
3.2.3. PSharing This domain [62] specifies possible variable sharing between terms. Fo r any set o f
indices I, we denote by PSharingt the ~;et o f all b inary and symmetrical relations ps c 1 x I augmented with ,1_. The semantics of an element ps E t~i , aringt is given by the following eoncretization function. I f ps =_1_ then C c ( p s ) = 0, otherwise Cc(ps) is the set { {t,)iet E .g-t] Vi, j E I: Var(t,) fq Var(tj) 7A 0 ::*. ( i , j ) E ps}.
3.2.4. Abstract tuples The component of abstract subst i tut ions that gives informat ion about the modes,
types and possible sharing of the terms is called the abstract tuple.
Definition 3.1 (Abstract tuple). An abstract tuple :z over a set o f indices 1 is either _L or a triplet o f the form (too, ty, ps) where mo E Modest, ty E Typest and ps E PSharingt, with too, ty, ps #_1_ and for all i E 1, rno(i), ty(i) #2-.
Definition 3.2 (Semantics o f ah abstract tuple). The semantics o f an abstract tuple over I is given by the following concretization function. If ~ =_1_ then Cc(m) = O, otherwise Cc(~) = Cc(mo) fl Cc(O') fq Cc(ps).
3.2.5. Abstract substitutions We are now in posit ion to introduce the not ion of abstract subst i tut ion in a for-
mal way. We first int roduce a pseudo-version of this abstract object which is simpler and easier to manipulate. The corresponding (strict) version is endowed with fur ther condit ions to prevent from incorrect and redundant representation. The distinction between pseudo-objects and strict-objects is useful because in many cases it is more convenient to work with " imperfec t" descriptions which are easier to compute. A normal izat ion operat ion (preserving the semantics) allows us to compute a strict ob- ject f rom a pseudo-object. Strict objects can be seen as approximate implementat ions of the reduced product [20] of their components .
An abstract subst i tut ion fl over variables X i , . . . ,X , is a triplet (sv, f rm, ~t) where sv is a function f rom {Xt . . . . . X, } to a set o f ind ices / , finn is a partial function l¥om I to J ~ , and ~t describes propert ies concerning modes, types and possible sharing o f some terms. It represents a set o f p rogram substi tut ions of the form { A t / h , . . . , X , / t , } . The main idea behind this abstract domain is that an abstract subst i tut ion fl can provide informat ion not only about terms h , . - . , t,, but also about subterms o f them. If t~ is a term of the form f ( t ~ , . . . , ti ,), then fl is expected to represent informat ion relative to t h . . . . . t~,. Each term described in fl is denoted by the corresponding index.
Let us describe the three components of fl = (sv, f rm , ~t). The same-value compo- nent st, is responsible for mapping each variable Xj to the index i corresponding to the term ti. In particular, it may express equali ty constraints between two variables X~ and Xj, when sv(X~) = sv(Xi). The f rame (or pattern) component f r m is a part ial function that provides information relative to the structure of terms. The value of f rm(i) , when it is defined, is equal to a term of the form f ( i t , . . . , i , ) , meaning that t, is o f the form f ( t i , , . . . , ti,). Finally, the abstract tuple ~ provides information about modes, types and possible sharing of the: terms t/s. It is defined in terms of the ele- mentary domains Modes, Types and PSharing described above.
18 13. Le Charli,,r ct al. I J. Logic Programming 39 ( 19991 3-.42
Defin i t ion 3 .3 ( P s e t t d o - a b s t r a c t s u b s t i t u t i o n ) . A p s e u d o - a b s n ' a c t s u b s t i t u t i o n fl o v e r a set o f ind ices I is e i t h e r _L o r a t r ip le t o f the f o r m ( s t , . f r m . z~) w h e r e the s a m e - c a h t e c o m p o n e n t sc is a f u n c t i o n , st': {XI . . . . . X,,} --+ 1; the f r a m e c o m p o n e n t f i 'm is a p a r t i a l f u n c t i o n , j r m : 1 . ~ (we d e v o t e the fac t t h a t no f r a m e is a s s o c i a t e d wi th i by . / "re( i ) = u n d e f ) : a n d ~ is an a b s t r a c t t u p l e o v e r I . T h e set o f v a r i a b l e s {Xi . . . . . X,,} is c~i!ed t he d o m a i n o f [jr a n d is d e n o t e d by d o m ( f l ) .
Def in i t ion 3 .4 ( S t . m a n t i c s o f a p s e u d o - a b . s t r a c t s u b s t i t u t i o n ) . T h e s e m a n t i c w o f a
p s e u d o - a b s t r a c t s u b s t i t u t i o n fl o v e r I is g iven by the f o l l o w i n g c o n c r e t i z a t i o n f u n c t i o n Co. i f fl =_1_ then C c ( f l ) - : O. o t h e r w i s e
Cc( f l ) = {O l dom(O) = d o m ( f l ) a n d 3 (t~),~ E .u-t:
V X E d o m ( f l ) , X O = t.,i.v~:
Vi E 1..Dwl(i) = . / ' ( i l . . . . . i,,) ::> t, = . [ ' ( t , t . . . . . t,.);
(t,)..~, E c~.(:~) }. S o m e a u x i l i a r y n o t a t i o r is n e c e s s a r y fo r de f in ing (s t r ic t - ) a b s t r a c t s u b s t i t u t i o n s .
Def in i t ion 3.5. Let 1 be a set o f indices , sv : {Xi . . . . . A;,}-----/ be a f u n c t i o n a n d J?'m: I.Y-~ be a p a r t i a l f u n c t i o n . C o n s i d e r the f o l l o w i n g r e l a t i o n b e t w e e n the ind ices o f I : i -<#,,, j h o l d s iff f r m ( i ) = . f ( i l . . . . . i , , ) a n d i~ = j fo r s o m e k 6 { ! . . . . . m}. W e d e n o t e by -<<t~.,, the t r a n s i t i v e c l o s u r e o f -<m,, a n d by -<<m,, the ref lexive a n d t r a n s i t i v e c l o s u r e o f '<t~-,,,- W e say t h a t !hm is c i rcu i t - /~ ' ee iff t he re exis ts n o index i E / such t h a t i -<</~,,, i. A n index i E / is r e a c h a b l e tW st" a n d .l)'m iff t he re exis t s a v a r i a b l e A'~. ( 1 ~< k <~ n) such t h a t s c ( X x ) "<<t;-,,, i.
Def in i t ion 3 .6 ( (S t r i c t - ) a b s t r a c t s u h s t i t t t t i o n ) . A ( s t r i c t - ) a b s t r a c t s u b s t i t u t i o n fl o v e r ' is a p s e u d o - a b s t r a c t s u b s t i t u t i o n ( s r . f r m , zt) o v e r I s u c h t h a t ~t ~_1_: f r m is c i rcu i t - f ree : all i E / a r e r e a c h a b l e by st" a n d .lbnr, a n d fo r till i , j E I such t h a t . f r m ( i ) = . l ' ( i l . . . . . i,,) a n d C/. ik ) E ps for s o m e k E {1 . . . . . n}, (j . i ) E ps.
E x a m p l e 3.1 T h e a b s t r a c t s u b s t i t u t i o n fl,.,.r, w h i c h is p a r t o f t he f o r m a l spec i f i ca t ion o f s e l e c t / 3 , g iven in Fig . 3, is r e p r e s e n t e d by /~,.,:t. = (sr , . , , r . frm, . , , t . z t , . , , r ) , w h e r e :~,'et = (mO, vt . t);. ,v, psr,tr) wi th
sr,.,+: X ~-- 1 .l~'nt,.,.,: L ~ - - 2 LS--5
p s , . , . t = { ( i . 1 ) . ( 3 . 3 ) } .
1 ~ "~ mo,.,,t: 1 ~- car O;,.t: 1 ~-. anviLst 2 - - [415] 2 ~ ground 2 ~ list 3 ~ "' 3 ~-. rm" 3 ~-. anvlist 4 ,-~ ? 4 ~-. ground 4 ,--, ato" 5 ~ ": 5 ~ ground 5 ~ list
T h i s s u b s t i t u t i o n r e q u i r e s L to be a n o n e m p t y ( g r o u n d } list. T h e r e f o r e , the s t r u c t u r e o f the t e r m a s s o c i a t e d wi th the index 2 ( r e p r e s e n t i n g L) is k n o w n : the m a i n f u n e t o r o f th is t e r m is [.I-]. M o r e o v e r , its first s u b t e r m ( a s s o c i a t e d wi th 4), s h o u l d be g r o u n d a n d its s e c o n d s u b t e r m {assoc ia t ed wi th 5), s h o u l d be a g r o u n d list.
G i v e n o n e p a r t i c u l a r s u b s t i t u t i o n 0 wi th d o m a i n {X~ . . . . . X,,} a n d r e p r e s e n t e d by a n a b s t r a c t s u b s t i t u t i o n [/ o v e r 1. the c G r r e s p o n d e n c e b e t w e e n indices in I a n d ( s u b ) t e r m s in X~ 0 . . . . . A,,0 is m a d e expl ic i t by the f u n c t i o n D E 0 0 M P de f ined be-
B. Le Charlier et al. I J. Logic Programmi~g 39 (1999) 3-42 19
low. Th i s o p e r a t i o n c o m p u t e s a se: :/" o f t e r m tuples . E a c h o f t~iem is a d e c o m p o s i t i o n o f O w i t h r e s p e c t to t h e ( p s e u d o - ) a b s t r a c t s u b s t i t u t i o n [3.
O p e r a t i o n 3.1. D~.OOIdP(0. fl) = ,9" S p e c i f i c a t i o n : Let 0 be a s u b s t i t u t i o n a n d [3 = (st, : {Xi . . . . . X, } ~ l . f r m , ~) be a
( p s e u d o ) a b s t r a c t s u b s t i t u t i o n o v e r I such tha t 0 ~ Cc([3). D~'.C0MP(0,[3) r e t u r n s the set .'/' c .~-t o f t e r m tuptes such t h a t fo r all (t~)~e~ E .V' the fo l lowing p r o p e r t i e s hold :
0 = {Xn/t,,.tx~, . . . . A,,./t,,.~.~;,~}: • V i ~ l . j ' r m ( i ) = . / ( i l . . . . . i , ) ~ li = .]'(ti, . . . . . 1,,,);
N o t i c e t ha t i f [3 is a str ict a b s t r a c t s u b s t i t u t i o n , then the set DECOMP(0. fl) is a s ingle- ton , i.e.. it c o n t a i n s exac t ly o n e t e r m tuple .
3.3. , 4 b s t r a c t s e q u e n c e s
W e n o w f o r m a l i z e the n o t i o n o f a b s t r a c t s equence i n t r o d u c e d in Sec t ion 2.
3.3. i . S i z e s F o r a n y set o f indices 1, w e d e n o t e by S i ze s t a n y set o f e l emen t s e n d o w e d wi th a
c o n c r e t i z a t i o n func t i on Cc : S i ze s t --~ s J(Ni) . In this p a p e r , 7 we a s s u m e S i zes ! to be the set o f all sy s t ems o f l inear e q u a t i o n s a n d i n e q u a t i o n s o v e r E x p / ( t h e set o f all lin- e a r exp re s s ions ~,~th in teger ceeff ic ients on the indices o f I ) , e x t e n d e d wi th the special s y m b o l 2_. A n e l emen t s e ~ Ex~{v, ...... x;,,~ c a n a l so be seen as a f unc t i on f r o m N'" to N. as size e x p r e s s i o n s a re pos i t ive . T n e w d u e o f s e ( { n l . . . . . it,,,)) is o b t a i n e d by e v a l u a t - ing the e x p r e s s i o n s e w h e r e e a c h X, is r ep laced by n,. N o t i c e t ha t a n y sys tem o f l inear e q u a t i o n s a n d i n e q u a t i o n s o v e r Expt def ines a p o l y h e d r o n in a space w h o s e d i m e n - s ion is the c a r d i n a l i t y o f I.
In o r d e r to d i s t ingu i sh indices o f 1. c o n s i d e r e d as va r i ab les , f r o m in teger coeffi- cient a u d c o n s t a n t s w h e n wr i t i ng e l emen t s o f Exp t , we w r a p up each e l emen t i o f I in to the s y m b o l s z ( i ) .
T h e c o n c r e t i z a t i o n f u n c t i o n Cc is as fol lows. F o r all E E Si.7est. i f E =2_ then Co(E) = ~. o the rwise . C c ( E ) = {(n~),ci ~ Nt[ (ni),~t is a so lu t i on o f E}.
In the fo l lowing , ( i n ) e q u a t i o n s will be wr i t t en b e t w e e n d o u b l e b racke ,~ ~ - - - ~ . m e a n i n g tha t they a r e syn tac t i c objec ts , no t s e m a n t i c re la t ions . I f f is a f u n c t i o n f r o m o n e set o f indices to a n o t h e r one . such tha t f ( i ) =- i' a n d f ( j ) = j ' . the expres - s ion I [ s z ( f ( i ) ) = s z ( f ( j ) ) + 1~ has to be r e a d as the syn t ac t i ca l e q u a t i o n s z ( i ' ) = s z ( _ / ' ) + !. As indices f r o m dif ferent a b s t r a c t s u b s t i t u t i o n s can o c c u r in these ( i n ) e q u a t i o n s (e.g., we use indices f i 'om [~,.,./ a n d [I,,,,, to c o m p a r e the stze o f the t e r m s b e f o r e a n d a f t e r the execu t i on o f a p r o c e d u r e ) , we h a v e to i n t r o d u c e a no- t ion a l l o w i n g us to " ' m e r g e " t w o sets o f indices in to o n e set. in such a way tha t ele- m e n t s f r o m b o t h sets r e m a i n d i s t inc t ( the indices t h a t a r e p re sen t in b o t h a b s t r a c t s u b s t i t u t i o n s s h o u l d r e m a i n dis t inct , as they refer to di f ferent term:.:;). ! et A a n d B be t w o (poss ib ly n o n d i s j o i n t ) sets. T h e d i~ jo# t t t# l ion o f d a n d B is a n a r b i t r a r i l y c h o - sen set, d e n o t e d by ,4 + B. e q u i p p e d wi th t w o in jec t ions f u n c t i o n s in.4 a n d inB sat(s-
7 By the generality of tile definition of Sizest. other domains representing tuples of natural nv.rnbers may also fit in the cu:rent framew:~rk (e.g.. arbitrar) arithmetic constraints).
20 B. Le Charlier et aL ! J. Logic ProgranmKng 39 (1999) 3--42
fy ing the fo l lowing p rope r ty : for a n y set C a n d for a n y pa i r o f func t ions fA : A ~ C a n d fB : B ~ C. the re exists a un ique f u n c t i o n f : A + B ----, C such tha t f~ = f o in~ a n d )ca = f o ins (where the s y m b o l o i~ the usual f u n c t i o n c o m p o s i t i o n ) . Since the f u n c t i o n f is u n i q u e l y def ined, we can express it in t e rms o[ ' fa a nd f a . In the fo l low- ing. it is d e n o t e d by .fA + f s .
3.3.2. A b s t r a c t sequences We are n o w in a pos i t i on to def ine abs t r ac t sequences in a fo rma l way. As usual ,
we i n t r o d u c e the n o t i o n o f p s e u d o - a b s t r a c t sequence first. T h e symbo l so l is used to d e n o t e a special index rep resen t ing the n u m b e r o f s u b s t i t u t i o n s b e l o n g i n g to the ap- p r o x i m a t e d sequences .
Def ini t ion 3.7 (Pseudo -abs t rac t sequence) . A p seudo -abs t rac t sequence B is e i the r _1_ o r a tup le o f the fo rm <[ti,,. fl~ef, [:lo,,, E,'et_o,,, E,.ot) where /$i,, is a p s e u d o - a b s t r a c t subs t i t u t i on over It,; fl,.,:f is a p s e u d o - a b s t r a c : s u b s t i t u t i o n over L,:r wi th dolrl(lSref)=--:do#ll([ii ,1); [iou , is a p s e u d o - a b s t r a c t . s u b s t i t u t i o n over 1,,,, with dom(f lo , , ) D_ dom(f l i , ) ; E,.,:t-_~,,, 6 Sizes~t,.,+l..,,,); a n d E,,,t e Sizestt..,+{.,.,,i}~.
W e will refer ~to [I,,, a n d fl,,,, also as hrput(B) a n d ou tpu t (B) , respect ively. M o r e o v e r . we, def ine do,;x,~,. (B) ---: dom(fli, ,) and dom,, , , (B) = dom(fl,,,,,).
Defini t ion 3.8 ( S e m a n t i c s o f a p seu d o - a b s t ra c t sequence) . T h e seman t i c s o f a pseudo- abs t rac t sequence B is given by the fo l lowing c o n c r e t i z a t i o n func t ion : if B =.L then Cc(B) ---: 0. o the rwi se 8
c o ( s ) = { <o.s> ; o ,~ cc([ i , , , ) . s e SSeg, Subst(S) c_ Co(It,,,,,),
( s ¢ < ~ =~. o ~ Co(ft , . , . )) ,
( Y E Sttbst( Y), (t,),etr.., e DECOMP(O, I1,,.r), (s,),E,..., e DECOMP(O',[J,,,,)
<ltt, ll>,~,.., + <tls, tt>,~,. .... ~ Cc(Er..,_~,,,)).
(ti),e,... 6 PECOMP(O,[I,.,. r)
:~ <ll,~lt>,~,~.., + { s o g ~ l S I } e Cc(E,,, ,))}.
T h e first cor td[ t ion on (0 ,3) expresses tha t all the s u b s t i t u t i o n s 0 t ha t a re no t de- scr ibed by [1~,. r lead to unsuccessful calls; the second a n d th i rd ones ensures tha t the r e l a t ions expressed by E~et_o,, (be tween the te rms o f the i npu t subs t i t u t i on a n d those o f the o u t p u t subs t i t u t i on ) a n d by E~ot (be tween the te rms o f the i npu t subst i- t u t i o n and the n u m b e r o f so lu t ions , i.e.. the n u m b e r o f subs t i t u t i ons in S) are respected.
A d d i t i o n a l c o n d i t i o n s a re i n t r o d u c e d to avo id (at least pa:rtially) mul t ip le repre- s e n t a t i o n s o f the same set o f subs t i t u t i on sequences . A (strict-) abs t r ac t sequence is def ined as fol lows.
Notice that the + operator t,sed b¢lo~ is the one that applies to functions, as defined in Section 3.3.1. since tuples (lltiil)iet actually are functions.
B. Le Charlier et ai. I J. Logic Programming 39 (1999) 3-42 21
Def in i t ion 3 ,9 ( ( S t r i c t ) a b s t r a c t s e q u e n c e ) . A ( s t r i c t - ) a b s t r a c t s e q u e n c e B is a p s e u d o - a b s t r a c t s e q u e n c e (flin, fl,.~f , flo,t, E~¢f _o~t, E.~ot) such t h a t flin. f l r e f , flOUt are a b s t r a c t s u b s t i t u t i o n s : fl,,, #_k; flr~f <~ fli~ 9 fo r all 0' ~ Ce(flo,, t) , 3 0 E Cc( f l re f ) such t h a t O~/d,,mtl~,,.,~ ~< 0; and , i f e i t he r fl~,;f or flot,t o r E~f.~,,,t o r E~ot is e q u a l to _k, t h e n t he y a re all equa l to _L.
E x a m p l e 3.2. C o n s i d e r once a g a i n the a b s t r a c t s e q u e n c e B fo r s e l e c 1 : / 3 d e p i c t e d in Fig. 3, w h e r e I~,./ --/,,,,~ ----- { l , 2, 3, 4 . 5} . T h e c o m p o n e n t E~e/_out is expressed o n the d i s jo in t u n i o n t,.,:f + Your -- { i . 2, 3 .4 , 3, 6, 7 . 8 . 9 , 10}, w h e r e the in j ec t ion f u n c t i o n s a re inr~:t: L~:f --~ Ir~:f ~- L}u, a n d ino,,~: lo,,t -~ Iref d- [our, a l so dep i c t ed in Fig. 3. A c c o r d - ing to the n o t a t i o n s i n t r o d u c e d a b o v e , it c o u l d be r e w r i t t e n i n t o E~er_o,,t = [ [sz(5) ---- sz(8)]] a n d E,,,t c o u l d be r ewr i t t en i n t o E.~,,i --- ~so l ---- s z ( 5 ) + 1]].
3.4. B e h a v i o u r s
A b e h a v i o u r for a p r o c e d u r e is a f o r m a l i z a t i o n o f the spec i f i ca t ion o f b e h a v i o u r a l p r o p e r t i e s p r o v i d e d by the user.
Def in i t ion 3 .10 ( B e h a v i o u r ) . A h e h a v i o u r Behp for a p r o c e d u r e n a m e p E .=~ o f a r i t y n is a f ini te set o f pa i r s { ( B t , s e l ) . . . . . (B , , , Se ,u ) } w he r e B I , . . . . B , , , arc a b s t r a c t s equences such t ha t domi , , (Bk) - - dom, ,u , (Bk) ---- { X i , . . . , X,, } ( ! <~ k <<. m): a n d se l . . . . ,sere are pos i t ive l i nea r exp res s ions i0 f r o m Exp{x~ ..... ~.}.
E a c h pa i r o f the f o r m (B t , sek) will be ca l led a behaviou~ 'a l pa i r (or , i f n o c o n f u s i o n is poss ib le , a b e h a v i o u r ) . T h e pos i t ive l i nea r e x p r e s s i o n s e is r e qu i r e d to s t r ic t ly de- c rease in recurs ive cal ls o f the desc r ibed p r o c e d u r e t o e n su r e t e r m i n a t i o n .
E x a m p l e 3.3. Let B be the abstrr .~t s equence o f E x a m p l e 3.2. T h e b e h a v i o u r fo r s e : l . e e t / 3 desc r ibed in Sc~:'~on 2 can be r ep re sen t ed by {(/~,L)}.
4. Des~'iption of the analyser
In this sec t ion , we desc r ibe the ana ly se r , a n d we discuss h o w it executes a p r o g r a m at the a b s t r a c t level. I f the a n a l y s e r succeeds, the g iven b e h a v i o u r s co r rec t ly desc r ibe the e x e c u t i o n o f the a n a l y s e d p r o g r a m . In pa r t i c u l a r , every p r o c e d u r e call ( a l l o w e d by these b e h a v i o u r s ) t e rmina t e s . I f the a n a l y s e r d o e s n o t succeed, then , e i t he r the p r o g r a m d o e s n o t t e r m i n a t e o r is n o t c o n s i s t e n t w i th the b e h a v i o u r s g iven by the us- er, o r t he i n f o r m a t i o n g iven in the b e h a v i o u r s is no t suff icent fo r the a n a l y s e r to de- d u c e t h a t the p r o g r a m is cons i s t en t a n d t e rmina t e s .
For the sake of brevity, we omit the definition of this ordering. A formal definition may be found in Ref. 147l .
~o In fact, it is possible to use more general linear expressions, possibly involving negative coefficient, and to prove that such expressions actually are positive at each procedure call. However, for simplicity, we only cons,.'der positive linear expressions in the rest of the paper.
22 B Le Charlier et al. I ,I. Logh' Progratnm#tg 39 (1999) 3-42
To s impl i fy the p re sen ta t ion , we a s s u m e tha t the p r o g r a m we w a n t to ana lyse con- ta ins no m u t u a l l y recurs ive p rocedures . M o r e o v e r , we a s s u m e tha t each recurs ive subcal l occu r r i ng in tbe execut ion o f a call desc r ibed by s o m e b e h a v i o u r (Bq,seq) can a lso be descr ibed by this behav iou r . W e expla in h o w these s impl i f ica t ions can be r e m o v e d in Sect ion 4.3. F o r space reasons , we omi t the cor rec tness p r o o f o f the ana lyse r ; it can be f o u n d in Ref. [43].
4. !. Concre t e s e m a n t i c s
The r e a s o n i n g unde r ly ing the des ign o f o u r a n a l y s e r is based on the in tu i t ion tha t a P r o l o g p r o c e d u r e is a func t ion m a p p i n g every input subs t i tu t ion to a sequence o f ( answer ) subs t i tu t ions . P rov ing the co r rec tness o f o u r a n a l y s e r thus requi res a (con- cre te) s eman t i c s which fo rmal izes this in tu i t ion ( and yet is equ iva len t to P r o l o g op- e r a t i ona l semant ics ) . In pract ice , we use the conc re t e semant i c s p resen ted in Ref. [46]. It has been p r o v e n equ iva len t to P r o l o g o p e r a t i o n a l seman t i c s in Ref. [44]. Ac- tual ly , the co r rec tness p r o o f o f the a n a l y s e r uses a s implif ied s eman t i c c h a r a c t e r i z a - t ion for t e rm~aa t ing execut ions , a lso given in Ref. [43]. Th i s c h a r a c t e r i z a t i o n is s imple r because it has only to deal wi th finite sequences o f subs t i tu t ions while the seman t i c s in Ref. [46] has also to cons ide r infinite a n d (so-cal led) i ncomple t e se- quences . O b s e r v e tha t there is no vic ious circle c rea t ed by a s s u m i n g tha t the p r o g r a m te~ ;~inates because the co r rec tnes s p r o o f o f o u r a n a l y s e r uses an inductior" on a well- f o u n d e d re la t ion over p r o c e d u r e calls; so we can a l w a y s a s s u m e tha t the sub-cal ls ter- mina te , i.e., tha t o u r s~,.~plified c h a r a c t e r i z a t i o n appl ies .
P r o g r a m s are a s s u m e d to be n o r m a l i z e d as fol lows. A n o r m a l i z e d p r o g r a m P is a n o n e m p t y set o f p r o c e d u r e s pr . A p r o c e d u r e is a n o n e m p t y sequence o f c lauses c. Each c lause has the f o r m h :- g where the head h is o f the f o r m p(Xj . . . . . X,,) a n d p is a p red ica t e s y m b o l o f a r i ty n, whe rea s the b o d y g is a poss ibly e m p t y sequence o f l i terals. A literal I is e:.ther a buil t - in o f the fo rm A',, = X,_,, o r a bui l t - in o f the fo rm X~t = . I ' (X, : . . . . . X,,,) where f is a f u n c t o r o f a r i ty n - ! , o r a p r o c e d u r e call p(X,~ . . . . . ,V,,,). n, The va r i ab les o c c u r r i n g in a literal a re all dis t inct ; all c lauses o f a p r o c e d u r e have exac t ly the s ame head; if a c lause uses m different var iab les , these va r i ab les are X~ . . . . . X,,,. W e d e n o t e by .¢ the set o f all p red ica t e s y m b o l s o c c u r r i n g in the p r o g r a m P. Var iab les used in the c lauses a re cal led p r o g r a m t'arittbh, s a n d a re d e n o t e d by Xi . . . . . X,. . . . . Obse r , , e tha t all p r o g r a m s can be rewr i t t en in to equ iva len t n o r m a l i z e d p r o g r a m s .
T h e conc re t e s eman t i c s assoc ia tes wi th every p r o g r a m P a to ta l func t ion f r o m the set o f pa i r s tO.p) , where p is a p red ica t e s y m b o l occu r r i ng in P a n d dora(O) = {-'Yt . . . . . X,,}, whe re n is the a r i ty o f p , to the set o f subs t i tu t ion sequences . In the res~ o f this sect ion, we only cons ide r inpu t pa i rs tO, p) such tha t the execu t ion o f the call p(XI . . . . . A;,)0 t e r m i n a t e s a n d p r o d u c e s the (finite) sequence o f a n s w e r subs t i t u t i ons S. This fact is deno t ed by (O.p)~- .S in o u r concre te semant ics . W e
, i For the sake of silrnplicity, once again, we do not explicitly consider other built-ins such as v a t or ± ~. nor negated literals, nor the cut. It is relatively straightforward to incorpocate such operations to our analyser (see the conclusion).
B. Le Charlier et ai. I J. Logic Programming 39 (19993 3~42 23
use similar nota t ions for describing the execution o i ' a procedure pr, a clause c and a prefix of the body of a clause, denoted by (g, c).
4.2. Abstract execution o f a Prolog program
Our analyser is based on a s tandard verification technique: for a given pro- gram, it analyses each procedure; for a given procedure, it analyses each clause; for a given clause, it analyses each atom. If an a tom in the body of a clause is a procedure call, the analyser looks at the given behaviours to infer informat ion about its execution. The analyser succeeds if, for each procedure and each behav- iour describing this procedure, the analysis o f the procedure yields results tbat are covered by the considered behaviour.
In this section, we describe how our analyser executes at the abstract level the clauses and the procedures of a given Prolog program. In the following, SBeh is a family of behaviours SBeh -- (Beht,)t,~ ,, containing exactly one behaviour Behp for each procedure name p E .~ (where .~ is the set o f all procedure names occurring in the analysed program).
4.2.1. Specification ~[" the abstract operations
This section contains the specifications of the operat ions used for the abstract execution of a procedure. We suggest the reader to skip it at a first reading, and to refer to it whenever one o f these operat ions occurs in the next (sub)sections. In Section 5, the interested reader may find a detailed description of two main ab- stract operat ions in the context o f the abstract domain of Section 3, namely UNIP_VAR and CONC.
• EXTC(,",fl)--/iP is an operat ion that ~:v.lends the domain of fl to the set o f all variables occurring in the clause c. The result is an abstract sequence B such that V0 E Cc(fl): (O,S)E Cc(B), where S is the sequence whose only element is the extension of the substi tut ion 0 to the set o f all variables o f c.
- RESTRC(c, B) = B' is an operat ion that restricts the output domain of B (which is assumed to be the set o f all variables occurring in the clause c) to the vari- ables occurring in the head of c. The abstract sequence B' must satisfy V(O,S) E Cc(B): (O,S ' )E Cc(B'), where S' is the seque:,++.ce obtained by restricting the subst i tut ions of S to the variables of the head of c.
• R E S T R G ( I , B ) = fl is tin operat ion that restricts the output domain of B to (a renaming of) the variables occurring in the literal /. The result is an abstract subst i tut ion fl satisfying V(O, S) E Cc(B), VO' E Subst(S): lY' E Cc([I). where try ' is a substi tut ion obtained from tY in two steps: b.-= first restricting 0' to the vari- ables X,. t .... ,X~, of the literal I and then by renaming those variables to the s tandard ones (At ..... X,) in order to allow the execution o f the procedure the literal is a call oil
B. L e Charlier et a L I J. Logic Progranoning 39 (1999) 3 - 4 2
• EXTG(I, BI ,B2) = B is a n o p e r a t i o n c o m p u t i n g the effect o f the execu t i on o f the l i te ra l l ( w h i c h is give~l b y the a b s t r a c t s e q u e n c e B2) o n the a b s t r a c t s equence B~. I n ~ L u v e l y , the effect o f the execu t i on o f the l i t te ra l 1 on 8t c a n be c o m p u t - ed as a n i n s t a n t i a t i o n b3' s o m e subs t i t u t i on , w h i c h y ie lds B2 ( w h e n a p p l i e d on RESTRG(I ,B~)) . T h e o p e r a t ; ~ n EXTG e x t e n d s the effect o f the i n s t a n t i a t i o n on the w h o l e s e q u e n c e BI ( t a k i n g in to a c c o u n t neces sa ry r e n a m i n g to a v o i d n a m e c lashes) .
• LOOKUP(fl,p, S B e h ) = (success, Bo,t) is an o p e r a t i o n s e a r c h i n g Behp for a n ab- s t rac t s e q u e n c e B E Behp w h o s e i n p u t s u b s t i t u t i o n is a t least as gene ra l as ft. I f such a n a b s t r a c t s e q u e n c e exists , th is o p e r a t i o n r e t u r n s success = true a n d th is a b s t r a c t sequence . O the rwi se , it r e t u r n s success = f a l s e , a n d the va lue o f 8o,, is u n d e | m e d . T h e spec i f i ca t ion o f LOOKUP c a n be wr i t t en as success =:> 3se [ (B, se> 6 8ehp A fl <. input(B).
. CHECK_TERM(I,B, s e ) - - t e r m is a n o p e r a t i o n c h e c k i n g i f the size ( a c c o r d i n g to se) o f the a r g u m e n t s o f a recurs ive cal l g iven by the o u t p u t substi0tution o f 8 is s m a l l e r t h a n the size o f the a r g u m e n t s o f the h e a d cal l . I f the va lue term is t rue a n d the l i tera l ! is p(X~, . . . . ,X¢) , then V ( O , S ) 6 Cc(B).VO' 6 S u b s t ( S ) , se ( ( l lX , , t r l [ , . - . , II-~L0'll>) < se((llX, OII,..., liX,,01[>).
- UNIF_VAR(f l ) = B execu tes the u n i f i c a t i o n X~ = X_, on the a b s t r a c t s u b s t i t u t i o n ft. T h e a b s t r a c t s e q u e n c e 8 is such tha t , for al l 0 6 Cc(fl). a n d for all i r e mgu(XtO, X,_O), the tup le (0 , (0tr)) b e l o n g s to Cc (8 ) ; m o r e o v e r , the tup le (0, ( ) ) b e l o n g s to Cc(B) w h e n e v e r Xi 0 a n d 2(,_0 are not un i f i ab le . A n i m p l e m e n - t a t i o n o f this o p e r a t i o n will be d e s c r i b e d in Sec t ion 5.
• UNIF_FUNC(fl, f)= 8 execu tes the un i f i ca t i on Xt = f ( X , . . . . . X,) on the ab - s t rac t s u b s t i t u t i o n fl, w h e r e n - 1 is the a r i ty o f . f . Its spec i f i ca t ion is s i m i l a r to the p r e v i o u s one .
- C O N C ( B I , B 2 ) = B c o n c a t e n a t e s the a b s t r a c t sequence~ Bt a n d B2 w h i c h m u s t h a v e the s a m e i n p u t a b s t r a c t s u b s t i t u t i o n a n d the s a m e o u t p u t d o m a i n . T h e a b s t r a c t s e q u e n c e B m u s t sa t i s fy V(0, St) 6 Cc(BI) , V(O, S~_) 6 Cc(B2), (0, St: : $2)
Cc(B). A n i m p l e m e n t a t i o n o f this o p e r a t i o n is g iven in Sec t ion 5.
4.2.2. ,4bstract execut ion o f a clause
Let
c =-- p ( X I , . . . , X , ) : - lj . . . . . I~
be a c lause o f the p r o g r a m P a n d (B, se) be a n e l e m e n t o f Behp. Let a lso fl~, = i ,pu t (B) be the i n p u t a b s t r a c t s u b s t i t u t i o n o f B. T h e execu t i on o f the c lause c for the i n p u t a b s t r a c t s u b s t i t u t i o n fl~, m a y be c o m p u t e d as dep ic t ed be low.
B. Le Charlier et at I J. Logic Programming 39 (i909) 3-42 25
( # . , ) p ( x , , . . . , x . ) : - (Bo) t , , ( B , ) . . . , ( B k - , ) lk, (B~) . . . . ( B . - ~ ) t. (B , , ) . (Bo, . , )
g : : - - < >
B ' -- EXTC(c, t im ) R1 : R 2 :
( f l , . , g, c ) , > B'
C;:-- h: --g ( ~ , . , . . c) ~ B '
B" --" RESTRC(c, B') ( f l i . , c) ~ B "
g : : = g ' , l l : : = X i , = X i~
( , ~ , . , g ' , c ) , > B '
#mter - - RRSTRG(I, B ' ) Bau= -- UBIF-VAR(f /mter) B " = EXTG(/, B ' , Bau=)
R 3 : R4 : ( f l , . , g , c ) , ~ B"
g : : = g ' , l ! : := X i , = f ( X i ~ . . . . , X i . )
( ~ m , g ' , c ) : > B ' ~/=.tcr = RESTRG(I, B ' )
Baux = UNZF-FgNC(~tnter, f ) B " == EXTG(I, B ' , Bat,= )
(t~,., g, c) : . - ~ B "
g ::-- g ' , l 1 : : = q ( X i , , . • . , X i . )
q ~t p, w h e r e p is t h e p r e d i c a t e o f c
~ m t ~ = ~ S T a a ( t , B ' ) (true, Bau= ) = L00KOP(flmte~, q, SBeh )
B" = EXTG(I, B', Bauz) R5 : R 5 ' :
(~ , . , g,c ) • ; B "
g ::__ gl, l ! ::=p(Xi,,..., Xi.)
p is t h e p r e d i c a t e o f c ( ~ , . , a ' , c ) - .~B'
fl~.,... = mZSTRG(I, B ' )
CHECK_TERM(I, B ' , se) -- t r ue B " : EXTG(I, B ' , B )
( f l . = , g . c ) , > B "
Let us n o w brief ly desc r ibe the rules dep i c t ed a b o v e . R u l e R! in i t ia tes the a b s t r a c t execu t ion o f the c lause by e x t e n d i n g the i n p u t sub-
s t i t u t ion fli. to the set o f all va r i ab l e s in c. R u l e s R3, R4, R5 a n d R5' a re used for ex- e cu t i ng the l i terals o f the c lause . O b s e r v e t ha t , fo r each l i teral , on ly o n e rule a m o n g s t t hose m a y app ly .
F i rs t , Ru le R3 t akes c a r e o f the un i f i ca t ions o f the type "X~, = Xc.". In o r d e r to o b t a i n the a b s t r a c t s equence B". a s s o c i a t e d to the p r o g r a m po in t j u s t a f t e r the uni - f ica t ion , [ ' rom B". a s s o c i a t e d to the p r o g r a m p o i n t ju s t be fo re it. we use th ree a b s t r a c t o p e r a t i o n s : RESTRG to o b t a i n a n a b s t r a c t s u b s t i t u t i o n fli.t,.r w h o s e d o m a i n is {Xt,X2} ( c o m p u t e d f r o m the a b s t r a c t s equence B'); LTN£F_VAR to c o m p u t e the uni- f ica t ion on fli,.cr; a n d EXTG to e x t e n d the effect o f the un i f ica t ion on the w h o l e
26 B. L e C h a r l i e r e t e~ I J. L o g i c P r o g r a m m i n g 3 9 ( 1 0 9 9 ) 3 ~ 1 2
a b s t r a c t s equence B'. Th i s las t s tep g u a r a n t e e s t h a t all t he v a r i a b l e s (in the subs t i tu - t ion o f B') w h o s e i n s t a n t i a t i o n sha re s a va r i ab l e wi th the i n s t a n t i a t i o n o f X~. o r X~, will be co r r ec t l y t r ea t ed . Ru le R4 fo l lows a ve ry s imi la r p roces s to execu te f u n c t i o n un i f i ca t ion .
R u l e R5 a n d R5' execu te p r o c e d u r e cal ls (e i ther n o n r e c u r s i v e o r recurs ive) . In the case o f R5 ( n o n r e c u r s i v e call) , the effect o f the p r o c e d u r e call is o b t a i n e d by s e a r c h i n g SBeh for a d e s c r i p t i o n o f the p r o c e d u r e q. In the case o f r ecurs ive calls, we i m p o s e t h a t two c o n d i t i o n s a re sat isf ied: first, we on ly a l low recurs ive cal ls t h a t c a n be de.- sc r ibed by the b e h a v i o u r c u r r e n t l y a n a l y s e d ([1~,,,,.,..< fl~,,) a n d second , we r equ i r e the recurs ive call to be s t r ic t ly sma l l e r ( a c c o r d i n g to the size exp re s s ion given in the b e h a v i o u r ) t h a n the init ial call ( th is c o n d i t i o n is verified by CHECK T~IRM). I f t hose two a s s u m p t i o n s ho ld . we s i m u l a t e the execm,t_,n o f the recurs ive cal l by the i n f o r m a t i o n given in the b e h a v i o u r c u r r e n t l y a n a l y s e d . I f a n y o f those tests fails. we give up the a n a l y s i s as we d o no t possess e n o u g h i n f o r m a t i o n to go on safely.
F ina l ly , R u l e R2 c o m p l e t e s the e x e c u t i o n o f the c l ause c by res t r i c t ing the o u t p u t s u b s t i t u t i o n s d e s c r i b e d by B' to the va r i ab l e s o c c u r r i n g in the h e a d o f c.
4.2.3. A b s t r a c t e x e c u t i o n o.f a proce th t re Let p r --= ,-'~ . . . . . c,. be a p r o c e d u r e w h o s e n a m e is p. I ts a b s t r a c t execu t ion c a n be
s u m m a r i z e d by the fo l l owing g r a p h a n d rules.
( f J . , ) cl (B1)
(~in) ck (Bk) Bo.,
( /~., , ) c~ (B~)
R 6 :
R T :
pit" . . : i C
(/3.., c ) , ~ B ' (LT,n, p r ) ~ - ~ B '
p r : : " - C, p r t
( lT i . . c) , ~ B ' (sJ.,, p r ' ) , > B "
C0NC(B', B " ) = B " ' (/Ji . , p r ) , ~ 13"'
Rules R6 a n d R7 s imp ly asse r t t ha t , in o r d e r to c o m p u t e the a b s t r a c t e x e c u t i o n o f a w h o l e p r o c e d u r e , it suffices to c o m p u t e the a b s t r a c t s e q u e n c e s given by each o f its c lauses a n d to ( a b s t r a c t l y ) c o n c a t e n a t e t hose resul ts .
In o r d e r to check t h a t the g iven set o f b e h a v i o u r s SBeh cor rec t ly desc r ibes the ex- e cu t i on o f a p r o g r a m P , the a n a l y s e r s imply verifies tha t , fo r each b e h a v i o u r a l pa i r (B, se) a t t a c h e d to a p r o c e d u r e p, it is poss ib le to d e d u c e f r o m Rules RI to R7 t h a t <fli,,,pr)~-,B', w h e r e fli,, is the i npu t s u b s t i t u t i o n o f B a n d p r is the text cons i s t i ng o f all the c l auses de sc r i b ing the p r o c e d u r e p, a n d t h a t the a b s t r a c t s equence B' is m o r e pre- cise t h a n B.
4.3. R e m o v h t g the r e s t r i c t h m s o f the atutl3'ser
W e c o n c l u d e this sec t ion by exp l a in ing h o w the simpii t~ ' ing h y p o t h e s e s a b o u t the f o r m o f the p r o g r a m c a n be r e m o v e d . W e d o no t d i scuss the t r e a t m e n t o f a d d i t i o n a l
B. Le Charlier et al. i J. Logic" Pr~Lgramming 39 (1999) 3-42 27
bui l t - ins , such as test p r e d i c a t e s a n d the cut , n o r the t r e a t m e n t o f n e g a t i o n , s ince these issues ai 'e a d d r e s s e d in the conc lus ion . Here , we c o n c e n t r a t e on h o w to dea l wi th m u t u a l r e cu r s ion a n d wi th recurs ive cal ls us ing o t h e r b e h a v i o u r s t h a n the one t h a t is c u r r e n t l y a n a l y s e d .
P r o c e d u r e s wi th recurs ive subca l l s t ha t m a y no t be d e s c r i b e d by the a b s t r a c t se- q u e n c e used fo r the i n p u t call a re in fac t ve ry s imi l a r (a t the a b s t r a c t level) to m u t u - al ly r ecurs ive p r o c e d u r e s . I n d e e d , w h e n such p r o c e d u r e s p a r e d e c o m p o s e d in to severa l proce~-'l ures pl . . . . . p~ (wi th di f ferent n a m e s bu t - n e a r l y - the s a m e def in i t ion as p ) each o f t h e m assG:.:iated wi th o n e o f the a b s t r a c t s equences o f Behp, these p r o - c edu re s p , , . . . , p, a r e m u t u a l l y recurs ive .
T h e r e f o r e , we first exp l a in h o w to t r ea t m u t u a l r e cu r s ion a n d , a f t e r w a r d s , we ex- plicit h o w ~o r ep lace p : ' ocedures wi th subca l l s t h a t c a n n o t be desc r ibed by the a b - s t r ac t s equence o f the il~put call by m u t u a l l y recurs ive p r o c e d u r e s .
M u t u a l recur~ion. I f m u t u a l r e c u r s i o n is a l lowed , we h a v e to a d d a t e r m i n a t i o n test b a s e d on the size e x p r e s s i o n s o f all p r o c e d u r e s c o n c e r n e d by m u t u a l r e c u r s i o n ( above , we on ly used such a te:~t fo r recurs ive p r o c e d u r e s ) . So, i f p a n d q a r e m u t u a l l y recurs ive p r o c e d u r e s , i f ( B r , s e p ) E Behp a n d i f th~ e x e c u t i o n o f {O,p), w h e r e 0 E Cc(input(B~,)), uses a subca l l {O',q), w h e r e O' c a n be desc r ibed by (Bq, se,t) E Beh, t, we h a v e to check (a t the a b s t r a c t level) t h a t se~(<llo~x~[I . . . . , I t 0 ' x . , l l ) ) <se.(<lIOX, II . . . . , t i 0X, , [ l ) ) , w h e r e n a n d m a re respec t ive ly the ar i t ies o f p a n d q. Th i s test en su re s t ha t the m u t u a l l y recurs ive p r o c e d u r e s will no t l o o p infinitely.
In o r d e r to use this m e t h o d , we m u s t a n a l y s e the p r o g r a m to find o u t all m u t u a l l y recurs ive p r o c e d u r e s or , m o r e precisely, all p a i r s o f t r ip le ts ((p, B;,, set,), (q, B, t, Seq)) (wi th (Bp, sep) E Beh t, a n d (B, t, Seq) E B e h q ) d e s c r i b i n g p r o c e d u r e cal ls t h a t m a y use subca l l s d e s c r i b e d by the o t h e r one . T h e t e r m i n a t i o n test s h o u l d be rea l ized o n l y w h e n the t r ip le t s a s s o c i a t e d wi th the subca l l a n d the h e a d call a r e " ' m u t u a l l y r ecu r - s i r e " .
Procedi~res with subcalls that cannot be described b), the abstract sequence o f the hi- pu t call. O n c e the res t r i c t ion a b o u t m u t u a l r ecurs iv i ty has been r e m o v e d , it is qu i t e ea sy to a l low recurs ive cal ls t ha t c a n n o t be de sc r i bed by the a b s t r a c t s equence used fo r the h e a d call by c r e a t i n g severa l cop ies o f the p r o c e d u r e wi th d i f ferent n a m e s ( o n e c o p y fo r e a c h a b s t r a c t s equence given in SBeh) a n d r ep l ac ing the recurs ive cal ls by cal ls to o n e o f these n e w p r o c e d u r e s .
M o r e precisely , let p be the n a m e o f a p r o c e d u r e a n d (Bi, se~) . . . . . (B~, se~) be the e l emen t s o f Behp. In o r d e r to s impl i fy the p r e s e n t a t i o n , we a s s u m e tha t the def in i t ion o f p c o n t a i n s o n l y one recurs ive call . W e first c o m p u t e (us ing the a b s t r a c t e x e c u t i o n p rocess de sc r i bed p rev ious ly ) , fo r each ( inpu t ) a b s t r a c t s e q u e n c e Bk, w h i c h a b s t r a c t s equence By, c a n be used to solve the recurs ive call . A f t e r w a r d s , we c rea te s p r o c e - d u r e s n a m e d p~ . . . . . p~ (we a s s u m e t h a t these n a m e s a r e n o t used) , o n e fo r each a b - s t r ac t s equence in Behp. E a c h pr, '~cedure p~ is def ined by the s a m e text as p bu t the recurs ive call p(Xi~ . . . . . X~,,), f o u n d in the def in i t ion o f p , is r ep l aced by Pi~ (X~, . . . . ,X~,) in the def in i t ion o f Pk. T h e n , we r e m o v e Beh e f r o m SBeh a n d a d d Behp~ . . . . . Behp~, w h e r e Behp~ = (Bk, sex.).
So, ins tead o f a n a l y s i n g a single p r o c e d u r e w h e r e recurs ive cal ls a r e desc r ibed by a b s t r a c t s equences di f ferent f r o m the o n e used as inpu t , we a n a l y s e severa l (poss ib ly m u t u a l l y recurs ive) p r o c e d u r e s . O n c e all " m u t u a l l y recurs ive '" t r ip le ts h a v e been listed, we m a y be ab le to r e m o v e s o m e t e r m i n a t i o n tests fo r the ( s imply ) r ecurs ive p r o c e d u r e
28 B. Le Charlier et al. I J. Logic Programming 39 (1999) 3-42
that has been replaced and, thereby, extend the applicabili ty of the analyser. Fo r ex- ample, if the execution of all calls described by the triplet t = (p, B, se) leads to subcalls that may be described by t' = (p, B', se') and if the execution o f calls described by t' never uses subcalls o f t, we may remove the terminat ion test for t.
5. Abstract operations
The last ste~ ~o achieve in order to obtain an implementable analyser is to provide a pJ'actical definition o f all abstract operat ions used by the analyser. In this section we explain how we deal with a couple of operat ions. The same methodology can be applied to construct the whole operat ion set systematically. More specifically, we describe in details two main abst ract operat ions, namely UNIF eAR and C0NC. Cor- rectness of their implementat ion has been proved in Ref. [43]. No te that these imple- menta t ions reuse (old) abst ract operat ions from G A I A (see mainly [46,47}). We recall the specifications o f these operat ions but we omit their implementat ion.
5.1. Unification o f two variables
The opera t ion UNIF_VAR executes the built-ins X~ : Xj at the abstract level. The implementat ion is as follows: first, wc (re)use the old version of the operat ion, here called UNII~_VAR,,ta. to compute an abstract subst i tut ion if,,,, describing the result o f X~ = X~ called with an abstract input subsutu t ion ft. Then, in order to refine fl to the set o f 0 6 Cc(fl) for which the unification succeeds, we establish a mapping (called structural mapping since it respects the structure o f the f rame component ) between the indices o f fl and the indices o f ff~,,,, representing the corresponding terms. This al- lows us to refine the informat ion on modes, types, and pat terns provided by fl, pro- ducing first" This is realized by operat ion REF,,:r. Finally. we derive constraints between the size of terms in fl'ref and if,,,,, as well as constra ints on the number of so- lutions.
5.1.1. S tructural mapping A :structural mapping between two abstract subst i tut ions is a mapping on the cor-
responding indices preserving same-value and frame.
Definition 5.1 (S truc tural ,napping). Let fl --- ( sv , f rm, ~) and f f -- ( sv ' , f r , n', ~') be two abstract subst i tut iens over I and I ' , respectively. A structural mapping between fl and ff (if it exists) is a function tr: 1 ~ 1' such that • V X e dom(fl) , t r ( sv (X) ) -~ sv ' (X); • k/i E 1. f rm( i ) = f ( i , , . . . , i , ) =:> f rm ' ( t r ( i ) ) ---- f ( t r ( i ] ) , . . . , t r ( i , ) ) .
5.1.2. Old operations The operat ion UNI F_VAR is defined in terms of the operat ion UNI F_VARotd which
is a slight generalization of the operat ion UNI F VAR defined in Ref. [47]. Hereafter, we recall the specification of UNIF_VAR,aa.
Operat ion 5.2. Lr~fF_VARotd(fl) = (i f , ss, s f , a', U). This operat ioq unifies )(tO and X20 for all 0 6 Cc([J). We do not provide an implementat ion for it since it is similar
B. Le Charlier et aLI J. Logic Programming 39 (1999) 3-42 29
to Ref. [47] whose extension is discussed in Ref. [46]. The only novel ty is tha t we ex- plicitly re turn the s t ruc tura l m a p p i n g tr and the set o f indices U. M o r e precisely this ope ra t ion re turns an abs t rac t subs t i tu t ion fl', two boo lean values ss and s f specifying whe ther sure success or sure failure can be inferred at the abs t rac t level, a s t ruc tura l m a p p i n g tr between fl and i f , and a set o f indices U represent ing the set o f te rms in 0 whose n o r m is no t affected by the ins tan t ia t ion . The la t ter will al low us to es tabl ish precise cons t ra in t s between the size o f te rms in ff~,~j and fro,,-
Specif ication: Let fl be an abs t rac t subs t i tu t ion over I with dom(fl) -- {XI,X2}. D-~IP_FARotd(Fl) re turns a pseudo abs t rac t subs t i tu t ion ff over I ' , two boolean values ss and s f , a s t ruc tura l mapp: 'ng tr : I --. I ' and U C_ 1 such that :
0 e Cc(B) ) f Oa e Cc(ff) tr 6 mgu(XlO, X20) <t,),~, q DECOMP(O, fl) I ~ ~ V i e U , It',l[ = Ilt:~l] (si)i~l, 6 DECOMP(Oa, i f ) Vi q !, td; = - S t r ( i ) :
ss = true =~ (VO e Cc (g ) :X lO and A~0 are unifiable); s f = o'ue ==v (VO E Cc( f l ) :XtO and X_,0 are not unifiable) .
5.! .3. Re f inemen t operat ions The ope ra t ion REFr¢r refines the input a t s t r a c t subs t i tu t ion fl in to fl',~S" It is de-
fined in terms o f ope ra t ions REFtv,, (which focuses on the f rame c o m p o n e n t ) and REF, (which refines the ~ componen t ) . The three opera t ions respect the same spec- ification given below for REFr,~r.
Opera t ion 5.3. REF,.r(f l t , 13,_,t,'L:) = (if, tr ') . ThL'; ope ra t ion refines the abs t rac t subs t i tu t ion fl~ by keeping subs t i tu t ions in Co(ill) tha t have at least an ins tance in Cc(&).
Spe'cifieation: Let fll and fl, be two abs t rac t subs t i tu t ions over Il a n d / 2 , respective- ly, with do,,~.(fll) = dom(f l , ) and tri._, : Ii --~ ~ be a s t ruc tura l m a p p i n g between fll and f12- RE~'~f(fli, f12, try.2) p roduces an abs t rac t subs t i tu t ion ff over I ' and a struc- tural m a p p i n g t r ' : l ' - - , I , between ff and f12 such tha t d o m ( f f ) = d o r a ( i l k ) ( k = 1 ,2 ) , f f~<f l l and
0k e c o ( & ) (I, = I 2) 02 <~ O, ' ~ O, e C c ( f f ) .
J
The imp lemen ta t ion o f the three REI~ ope ra t ions uses four s impler ope ra t ions on modes and ' : , r~s tha t we present first. The implemen ta t ion o f the first one has been described in Ref. [47].
Opera t ion 5.4. EXTRM0r, M) = ( M l , . . . , M , ) . This ope ra t ion compu tes the mos t precise modes o f t e rms h , . . . , t,, when we know tha t the m o d e o f / ( t l . . . . . t , ) is M.
Specification: Let f be a funct ion symbol o f ar i ty n and M 6 Modes.
f ( h , . . . , t , ) E C c ( M ) =~ ti E Cc(Mi) (l <~ i ( n).
Opera t ion 5.5. EXTRT(f , T) = < T l , . . . , T,). It is ana logous to the previous one; it compu te s types instead o f modes .
Opera t ion 5.6. UNIST,, , ,(M) = M'. It a p p r o ' d m a t e s the set o f te rms ~-hat can .be in- s tan t ia ted to a te rm t e C c ( M ) .
30 B. L e C h a r l i e r e t aL I J. L o g i c P r o g r a m m i n g 3 9 ( 1 9 9 9 ) 3--42
Spec i f i ca t ion: Let M , M ' E &lodes. T h e f o l l o w i n g r e l a t i on holds :
t E C o ( M ) t = tt~r f
l m p l e m e ; : ¢~ation:
=¢, t' E C c ( M ' ) .
M , = var i f M = v a r n o g r o u n d i f M E {ngv , n o g r o u n d } 3_ i f M =3_ a n y otherwise .
Operatior~ 5.7. UNISTo,(T ) = T'. It as the s a m e spec i f i ca t ion as the p r ev ious oper - a t i o n w h e r e T, T' E Types.
b n p l e m e n t a t i o n :
T' = any l i s t i f T E { l i s t , artyl is t} 3_ i f T =_1_ a n y o the rwise .
G p e r a t i o n 5.8. REP/~m(fl l , f12, trl,2) : (/3', t / ) . It ref ines the a b s t r a c t s u b s t i t u t i o n fll o n l y u s i n g the f r a m e c o m p o n e n t of/12.
h n p l e m e n t a t i o n : C o n s t r u c t the s equence o f i n t e r m e d i a t e a b s t r a c t subs t i tu t io . . . [fl . . . . f t . . . a n d s t r u c t u r a l m a p p i n g s tr ° . . . . . t t J , . . , as fo l lows. 1. fl0 __ fll a n d tr 0 = l r l , 2.
2. A s s u m e given fli a n d the s*ructura l m a p p i n g tr': I i -~ 12- S u p p o s e tha t there exists .i E I i such tha t m o i ( j ) <. novar , f r m i ( j ) = u n d e r a n d j) 'm2(tr/(j ' )) - - f ( k t , . . . , k , ) . T h e n f f+l a n d tt ~+l are de f ined by:
. I i + l = I i U { j l , . . . . j , } w h e r e j l , . . . . j , are d i s t i n c t n e w ind ices ; o SUi-I I : .~,oi
" j i m i+! = ~ ' m i U {j~'--~.f(.i'! . . . . . j , , ) } ; • tr i+i =: tr i U {jl~-*kl . . . . . j,,~-*k,,}; • mo~+l( j ") = r o d ( j ) for all j E P a n d (moi+l(J ' l ) . . . . . m o i + t ( j . ) ) =
E X T R M ( f , moi ( j ) ); • ty i+! ( j ) = tyiCi) for all i E 1 i a n d • ( t y i + t ( j ' l ) , . . . , t y ' ' ( ] , , ) ) =: EXTRT( f , t y ( j ) ) ; • ps ~+l = p s ~ U { O ' l , k ) l I ~ {1 . . . . . n J , m o i + l ( j t ) # g r o z o l d , ( j ' , k ) E p s i } .
3. O t h e r w i s e , fl' = f f a n d tr' = tP.
O p e r a t i o n 5 .9 . RE~' , ( f l t , f l~_, tr l . ,_)= ( f f , t r ' ) . It ref ines fit on ly c o n s i d e r i n g the ~t c o m p o n e n t o f [I 2 .
l m p l e n w n t a t i o n : T h e implementat '_.on is as fol lows:
[ p - - I I
SU 1 - - SV I
f r m ' = f r m l mo ' ( i ) -- tool (i) D1UNTST(mo2( t r i .2 ( i ) ) ) t ) / ( i ) = ty l ( i ) Fq U N I S T ( t y 2 ( t r l . 2 ( i ) ) ) ps' -- ps i t / - - trÁ 2.
for a l l i E l ' for al l i E I '
B. Le Charlier et aLI J. Logic t'rogramming 39 (1999) 3--42 31
Opera t ion 5.10. REFret'(fl, , f12, trL2) -- ( i f , I t ' ) . It combines the two ref inement op- e ra t ions defined above.
Implementa t ion:
(f13, tr3.2) -- REFtv,, (fl I , fl2, trl.2) (fl',t,~> = Rmv~(/~3, fl2,,~.~2).
5.1.4. Unif icat ion o f two varmbles We are now in pos i t ion to define UNIF VAR.
Opera t ion 5.11. UNII~_VAR(fl) = B' Specif icat ion: Let fl be an abs t rac t subs t i tu t ion such tha t d o m ( f l ) - - { X t , X 2 } .
UNIF_VAR(fl) compu te s a pseudo abs t rac t sequence B' such that :
o ~ Cc(fl) } tr E mgu(XtO, X~O) => (0, < Oa >) 6 Cc(B ' )
o ~ Ce(fl) } . .gu(X,O.X20) = 0 ~ (0 , < >> e Cc(a') .
hnp lemen ta t ion : Let (fl,,,,, tr, ss, s f , U) = ONIF_VAR,, td(f l ) . The pseudo abs t rac t se- quence B' = (if/,,, ff,.,.r, fl,;,,,,E'~+.r-,,,,,E',+,t) is defined by
f / n - - f l
K . , -- ~,,,., (fl'r,:r, tr~.:r_o.,) = (ffii,,, tr) if" ss
(A_, u n d e f ) if s f REF~,:t (#~,,, fl,;,,,, tr) if -~ss and -~sf
E~'..q_~,,, = _1_ if s f {~-~z(inr,:r(i) ) -- sz(ino,,(tr~,:f_o.,(i)) )]]: i E D~,,_r,q(U) } o therwise
E',,, = {~sot = l ] ]} i f ss _1_ if s f {[[0 ~< s o i l , ~sol ~< 1 ~} if -~ss and --,sf,
where the s t ruc tura l m a p p i n g tro,_~,:f is a canonica l inclusion. The fol lowing c o m m u - tative d i ag ram is satisfied by tr+ . . . . :r, trr,.r_o,, and the injections inr,i and ino,,.
UC_I=I'. trin_rey Itre f trrey_out . I~,++.
inout
1" 4 + I'.~
R e m a r k 5.1. The precision o f opera t ion UNII~_VAR can be improved with a reexecut ion s t ra tegy (see. e.g.. [48]): in the case where ss and # ' a r e bo th false, we can reapply the unif icat ion opera t ion to the abs t rac t subs t i tu t ion ff,,f c o m p u t e d by REFr~.I. It m a y hapgen tha t the new abs t rac t unif icat ion surely succeeds, a l lowing us
37 B. Le Charlier et al. ! J. Logic Programming 39 (1999) 3-42
to der ive be t te r i n f o r m a t i o n on the n u m b e r o f solut ions. This i m p r o v e m e n t is needed to ob t a in op t ima l precision on the example o f Sect ion 2.
5.2. Conca tena t ion o f two abs trac t sequences
The second ope ra t i on we p resen t is the c o n c a t e n a t i o n ope ra t ion 00N0. It is the c o u n t e r p a r t for abs t r ac t sequences o f the ope ra t i on lJNr01q, used in Re['. [47], which s imply collects the i n f o r m a t i o n p rov ided by two abs t rac t subs t i tu t ions in to a single one. In fact, the ope ra t i on 00N0 is s imilar to IJNIOIq for all but one c o m p o n e n t , n a m e l y E.,.ot; this is because the n u m b e r o f so lu t ions o f a p rocedure is the sum o f the n u m b e r s o f so lu t ions o f its clauses, no t an " u p p e r b o u n d " o f them. To ob ta in a g o o d precis ion in the c o m p u t a t i o n o f Esol, it is i m p o r t a n t to detect m u t u a l exclu- sion o f clauses [9,46]. In o u r implemen ta t ion , we general ize this idea. First , we com- pu te the grea tes t lower b o u n d o f the fl~,.s c o m p o n e n t o f the two abs t rac t sequences. Then , we c o m p u t e the sum o f the n u m b e r s o f so lu t ions for this grea tes t lower b o u n d only. In par t icu la r , when the grea tes t lower b o u n d is equa l to _1_, the clauses are ex- clusive, and no sum is compu ted : we only collect the n u m b e r s o f so lu t ions o f the two clauses.
The i m p l e m e n t a t i o n o f 00Iq0 is complex bu t can be expla ined in a concise way t h r o u g h the use 07 special ope ra t ions cal led cons t r a ined m a p p i n g s tha t we present first. Some auxi l ia ry ope ra t i ons are also described.
5.2.1. Cons t ra ined mapp ings C o n s t r a i n e d m a p p i n g s have been in t roduced in Ref. [49] as a fo rmal i sm to man ip -
ulate indices. We give below a general def ini t ion o f cons t r a ined mapp ings . Th is is a re laxa t ion o f the no t ion p r o p o s e d in Ref. [49]. The reader can find the implementa - t ion for the size d o m a i n in Ref. [43].
Definit ion 5.2 ( C o n s t r a i n e d mappings) . Let I and I ' be two finite sets o f indices and tr : 1 ---* I ' be a funct ion . The concrete cons t ra ined m a p p i n g o f tr is the pai r o f dua l funct ions , tr>,: g~(,~-t) __~ ~j(.~--r) and r <" gj(,~,-r t , . )---, ~:~(.~-i) defined below. F o r all
~:~'! ! ' ~;t E ga(,.~ ) and ')".!' E ~a(,Y- ),
t, . .>(~:,) : {(s,>,~,, ~ .~-"13<t,>,~, ~ x , : v i ~ l .s,~,~ : t , } ,
tr<. (Yv ,) = { ( t i ) i s , E .~-'13<si)ie,, E Z t , : V i E l , t , = s,~t,)}.
Let At and At, be t v o abs t rac t d o m a i n s a p p r o x i m a t i n g o(/~ -t) an,~._ ~. .... ,-t ~ t ' ) , respective- ly, wi th concre t i za t ion func t ions Cc. A n (abs tract ) cons t ra ined m a p p i n g is any s o u n d a p p r o x i m a t i o n tr >: A/ ---* At, and tr <: At, ---* At o f a concre te one, i.e.,
VOlt E At, ' t r~(Cc(oq)) C_ Cc(tr>(ott)),
Vat, At,, tr. ,Cc(Tt,) C Cc( t r < (at,)).
5.2.2. Aux i l i a ry operat ions
Let us in t roduce some auxi l iary opera t ions . Opera t ion 5.12. LIJB(fl I, fl:) = (if , trl, tr2). This ope ra t ions re tu rns a pseudo-ab-
s t ract subs t i tu t ion ff = fl~ u fl,_ and two structura~ m a p p i n g s tr~ between ff and ilk, i.e., trk : 1' ---* Ik (k = 1,2).
B. L e Charl ier et al. i Jr. Log ic Program,nb tg 39 ( 1 9 9 9 ) 3 - 4 2 33
O p e r a t i o n 5.13. EXT_LUB(# I, f12) = ( i f , tr , , t r2 ,s t ) . I t r e t u r n s i f , tr , , tr2 as a b o v e a n d a b o o l e a n va lue , st, such t h a t st = true impl ies t h a t f f is .a s t r ic t u n i o n , i .e . , c~(f f) = c~(#,) u c~(#2).
O p e r a t i o n 5.14. GLB(/~I , #2) = ( i f , trl,tt~). This o p e r a t i o n s r e t u r n s a p s e u d o - a b - s t r ac t s u b s t i t u t i o n # ' = / ~ t m #2 a n d t w o s t r u c t u r a l f u n c t i o n s tr~ be tween #k a n d # ' , i .e . , tr~ : I~ --* I' (k = I, 2) .
O p e r a t i o n 5.15. SUM~,,,(E~, E , ) = E' . T h i s o p e r a t i o n is used to expres s the l eng th o f a s equence o b t a i n e d by c o n c a t e n a t i n g t w o o t h e r sequences .
Speci f icat ion: Let I be a set o f indices a n d Ek E Sizest+(,,,n (k -- 1 ,2) . SUM, o , ( E I , E , ) r e t u r n s E' E Sizest+l, , t! such t h a t
(m ),.~,+~o,j e Cc(E~) ( k = 1,2) I "~ " .~ = n7 = m(, e I) ~ (n~),~,+I,.o, j 6 Cc(E').
I nsot = n sot + n~.ol
I m p l e m e n t a t i o n : Let sol , a n d $012 be tWO new var iab les .
e ' = t ~ o t ( e , [ ~ o t ~ s o t , ] O ~ [ s o t ~ s o t , _ ] U {~sot = so t , + so t ,A} ).
w h e r e tr.,ot : I + { so l } --* I + { s o l , so l i ,sol._} is the c a n o n i c a l in jec t ion, a n d E~[sol~--~sol~] is the set o f ( i n ) e q u a t i o n s o b t a i n e d by syn tac t i ca l ly r e p l a c i n g eve ry oc- c u r r e n c e o f s o l by sol~ in E~.
5.2..3. C o n c a t e n a t i o n o f two abs t rac t s equences W e a re n o w in pos i t i on to desc r ibe in de ta i l s the c o n c a t e n a t i o n o p e r a t i o n OONO. O p e r a t i o n 5.16. OONC(B,, B_.) -- B'. Th i s o p e r a t i o n is used to c o n c a t e n a t e the ( ab -
s t r ac t ) resu l t s o b t a i n e d f r o m the execu t ion o f a p r o c e d u r e a n d a c lause . Speci f ica t ion: Let Bk -- (fit,,, t~.t , ~o,,,,,, E~<t_o.,, E'.,~t) (k = 1,2) be t w o a b s t r a c t
s equences w i th dom, , , , , (B t )= domo.,(B._). CONC(BI,B._) r e t u r n s a p s e u d o a b s t r a c t s e q u e n c e B' = (~,, , ff..r, l~,.,,,E'.~t. ,,.,,E~,,t) such t h a t dom~,,(B') = dom~,,(B~). dom,, , , (B') = domo,,t(B~) (k = I, 2) a n d
(O,S,> e Cc(B,) } S_,) ~ Cc(B') (0. $2) e Cc(B..) -~ <0, S,: :
hnplernen ta t ion: T h e i m p l e m e n t a t i o n is def ined as fo l lows:
g tr~" gzl¢g
-- [3i. = EXT_T.tm(#L,.. # ' . , ) = uTB(#L, , # i , )
. , tr,',,.) < E I ~ ~ )< ", = (tr;et + (ret-~,,,,) t_l (07,. t + ,~,,, (Er~t_,,.,)
(tr',~, + { so t~so t } ) < (EL , )u q, . <
(t,7~, + {sol.- .sol}) (E;,,,)u
(try,,, + {sol~sol})<(SUr&o,(-~,,,.~",,.,)) (trY.. t + { so l~so t } )<(Ei , )u (t~¢, + { s o l ~ s o l } ) < (E~,,,)U
< --I --'~ (tr,,,, + {so/~-~sol}) (SUm,,,(Ejo,,E~,~,,,))U
tr#o,(~sot = o~)
i f st
i f - 'st ,
34 R Le Charlier et al. I J. Logic Programmh,g 39 (1909) 3-42
where
(/~,,,, tr],,,, o;,,,)~ - -GLB (/J~'~:r' ]~-',:t ) ]"
lz,,,,-" ---- (tr],,, + {sob- - , so l} )> (E~,,t)
E?,,~ -- ( t~, , + { s o l ~ s o i } ) ( Z ,~ )
and tr,,,t : { so l } ---, I ' T + { so l } is the canonica l injection. The s t ruc tura l mapp ings tr ~-,.er, o~,,, (i~ = 1 ,2 ) and o;-,,, satisfy the fol lowing c o m m u t a t i v e d iagram:
I 1 trite ,'el tr~, ,
/ tr int I~ 4 ~ l , . t
-2 Ire f
T he least upper b o u n d o p e r a t o r LA between ( in)equat ion systems is implemented as convex union (see Ref. [69]).
6. Related works
Logic p r o g r a m analysis has a t t rac ted so m a n y researchers in the last decade that it is not possible to give a comprehens ive account o f all interest ing works related to ours. We focus on some o f them, which can be in tegra ted (at least par t ia l ly) in an imp lemen ta t ion o f ou r analyser .
6.1. L o g i c p r o g r a m cons t ruc t ion a n d trerification wi th Pro log
A m e t h o d o l o g y to verify the correc tness o f Pro log p r o g r a m s based on the theory o f logic p r o g r a m m i n g and a n u m b e r o f add i t iona l a rgumen t s has been p roposed by K.R. Apt in Ref. [3]. The emphas i s is on elegant me thods which are not fully a u t o m a t a b l e but can be appl ied s t r a igh t fo rward ly "'by h a n d " . T e r m i n a t i o n proofs for logic p r o g r a m s execut ing using the Pro log search rule is a prerequis i te for the o the r aspects o f the m e t h o d o l o g y but we delay the discussion o f this topic to the next sect ion entirely devoted to termi.nation. A s s u m i n g t e rmina t ion , o the r desirable p rop- erties such as (par t ia l ) correctness , occur-check f reedom, absence o f run- t ime errors (for a r i thmet ic predicates) , and absence o f f lounder ing (for negated a toms) are es tab- lished: occur-check f reedom and absence o f f lounder ing can be verified by a syntact ic analysis es tabl ishing tha t the p r o g r a m is well m o d e d (or a l ternat ively , but for occur- check only, nice ly moded) . Occur-check f reedom and absence o f f lounder ing can be verified by our ana lyser thanks mainly to the mode and possible shar ing compo- nents. ~2 Howevec, still be t ter results could be ob ta ined by enhanc ing the d o m a i n with a l ineari ty c o m p o n e n t . Genera l ly speaking, our a p p r o a c h is more powerful t han the syntact ic charac te r iza t ions given by well m o d e d and nicely m o d e d p rog rams be-
i_, Other components may improve the precision of mode and sharing information.
B. Le Charlier et al. I J. Logic Programming 39 (1999) 3-42 35
cause we can reason "'inside'" the terms bound to program variables. Absence of run- time errors is verified in Apt ' s approach by resorting to (a limited form of) direction- al ;ypes [1]. The same informat ion can be det'.~ved by our analyser if the type compo- nent o f the abstract domain is extended with information about numbers and ground ari thmetic expressions.
Ano the r methodology for Prolog program construct ion based on the logic pro- g ramming paradigm has been proposed by Dcviile in Ref. [32]. This m e t h o d o l o ~ consists o f three main steps: e laborat ion of a specification, construct ion of a logic description, and derivation of a Prolog procedure. The third step of the methodology involves a number of checks relative to the modes and the types of the arguments , the number of solutions to the procedure, and termination. Our analyser is s trongly connected to Deville~s proposal since our notion o f abstract sequence is able to ex- press the mode and multiplicity informat ion of Deville's specification scheme Our proposal eve~i imprtwes on Deville's by allowing us to specify structural and sharing information. Our treatment of types and terminat ion is however not able to suppor t the methodology in full generali ty because, in Deville's approach, types are a rb i t ra ry sets of terms and terminat ion proofs may use arbi t rary well-founded relations. Pre- vious a t tempts to partially au tomate Deville's methodology have been made in the project F O L O N [37]. The analyser described here can be viewed as an improvement of the F O L O N analysers presented in Refs. [23,24], which are only based on the ab- stract subst i tut ion notion and are unable to deal with terminat ion, multiplicity, and term size relations. A more refined analyser, which includes multiplicity and termi- nat ion analysis, has finally been presented in Ref. [14]. It can be seen as a preliminary version o f the analyser proposed in this paper.
6.2. Termhta t ion a m d y s & o f h~gic p r o g r a m s
Terminat ion analysis o f logic programs has received a lot o f a t tent ion in the last few years (see Rel: [25] for a detailed survey). So, once again, we restrict our discus- sion to a few selected works.
The most general approach to proving terminat ion o f Prolog programs is proiaa- bly the one of Deville [32]. It basically consists o f proving that recursive calls to a procedure are strictly decreasing with respect to some well-founded relation. A draw- back of this approach is that it can be cumbersome to apply it "'by hand , " because it requires to explicitly reason about the execution of the procedure, according to Pro- log operat ional semantics.
Thus, simpler methods have been investigated, the most fundamental o f which are due to Apt, Bezem, and Pedreschi [2,4-6]. They noticeably introduce the classes of acceptable and ~emi-acceptable programs which are guaranteed to terminate accord- ing to Prolog search rule, for a large class o f queries (i.e., bounded queries). Such programs are characterized through the existence of a level mapp ing , which maps lit- erals to natural numbers, and of a model I such that (roughly speaking) the level mapping of literals resnecting the model decreases through embedded procedure calls. The simplicity of the method comes from the considerat ion o f a model which relieves us of reasonil,d about Prolog operat ional semantics. The limitation to bounded queries (i.e., queries whose level mapping is bounded under ground instant- iation) has been relaxed by Bossi, Cocco, and Fabris, who reason on terms that are rigid, i .e • w h o ~ norm is invariant under any instantiat ion [7,8],
36 B. Le Charlier et ai. ! J. Logic Programming 39 (1999) 3--42
The previous methods cannot be fully automated since they involve finding a model and a level mapping for the program. Nevertheless, several (incomplete) au- tomatic methods have been shown able to prove the termination of interesting class- es of programs. The methods proposed ~y Ullman and Van (3elder [63], Pliimer [58- 60], and De Schreye and Verschaet~c [65-67] amounts to derive an in terargument re- lation on the sizes of the arguments o f a procedure and to using it to prove, that the size of some argument decreases through recursive calls. In these methods, the inter- argument relation can be seen as a model of the procedure and can be inferred by means of bo t tom-up abstract interpretation. The size of arguments is however fixed by an a priori given norm. Fur ther works by Decorte, De Schreye, and Fabris have addressed the issue of inferring norms automatical ly [30,31].
The analyser that we presented in this paper can be seen as a partial implementa- tion of Deville's approach because we use size relations between input and output terms without requiring term rigidity or similar conditions. For instance, our analys- er can prove the termination o f the following impure Prolog procedure, for any pos- sible input:
close(X): - vat(X), X = [ ] . close(X): - nonvaz(X), X: [HIT], close(T).
Nevertheless, our use of norms is less general than Deville's use of arbi t rary well- founded relations.
6.3. Abs t rac t interpretat ion and logic p r o g r a m analysis
The design of our analyser is based on the methodology o f abstract interpretation [10,18,20]. More specifically, we reuse the approach (and actually part o f the code) of the system G A I A [47]. There are however ~wo major differences be~,'een our anatyaer and G A I A . First, an analysis with G A I A (or with other similar systems (e.g., P L A I [56]) based on abstract interpretation frameworks such as [10,41,52,53,57]) operates on a complete program P and an (abstract) description of a top level goal. The sys- tem then explores the whole code of P and performs fixpoint computat ions to handle recursive calls. On the contrary, our analyser deals with each procedure o f the pro- gram separately and exploits user-provided information to "solve" the literals of a clause (except unification and other built-in predicates). Second, the notion of ab- stract sequence that we use is more elaborated than the abstract substitution notion used in the various applications of G A I A (e.g., [16,17,47,48,64]). A simpler notion c f abstract sequence has been introduced in G A I A recently [9,45,46] but it is less con- venient than ours to express relations between input terms, output terms, and the number of solutions to a goal as well as to detect mutual exclusion of clauses.
The abstract domain for substitutions that we use in this paper is related to the abstract equat ion system (AES) introduced in Ref. [40] by 3anssens, Bruynooghe, and lVlt~lkers. ~3 The structural description of the terms associated with the program variables is equivalent in both domains: in P a t ( ~ ) , it is expressed by the same-value and frame components while, in the domain AES, abstract equations associating ev- ery program variable with an " 'abstract" term are used. A noticeable conceptual dif-
,3 Note however that the first definition of Pattern [55] is anterior to the definition of AES.
R Le Charlier et al. t J. Logic Programming 39 (1999) 3~42 37
ference between the two d o m a i n s lies in the in terac t ion between the s t ruc tura l de- scr ipt ion and the in fo rma t ion given by the o the r componen t s : in the d o m a i n AES, such i n to rma t ion is given only for the " ' leaves" (i.e., the abs t rac t variables, represent- ing the sub te rms whoee s t ruc ture is no t known) , while, in P a t ( ~ ) , the part,,:cular c o m p o n e n t describes all indices (i.e., all sub te rms o f the te rms o f the subst i tu t ions) . Keeping in fo rma t ion a bou t all indices eases the cons t ruc t ion ~ f abs t rac t ope ra t ions [16] and , for some domains , increases the precision o f the abstract ior . . 14 Moreover , if all it, dices are described, the "Genera l i se ' " ope ra t ion o f the d o m a i n AES reduces to an inverse cons t ra in t m a p p i n g (as it is no longer necessary to p r o p a g a t e this infor- ma t ion to all indices). The generic d o m a i n Pe t t ( :~ ) is thus based on a represen ta t ion that is closer to the implemen ta t ion (of the abs t rac t domain) : ope ra t ions on this do- ma in can be easily t rans la ted to a lgor i thms, the reby s implifying the correc tness p r o o f o f an implemented system. Final ly, if the cost is too high to keep in fo rma t ion a b o u t all indices, or ff it does not improve the precision o f the in fo rmat ion , it is possible to work only with leaves and to c o m p u t e descr ip t ions for all indices on ly when it is needed (e.g., before app ly ing cons t ra in t mappings) .
A s imilar i ty can also be seen between ou r work and the type, mode, and de te rmin- ism system encapsu la ted in the p r o g r a m m i n g language Mercu ry [61]. In fact, as al- ready men t ioned in the in t roduc t ion , i n fo rma t ion like modes and types is crucial in every logic p r o g r a m analys is and a l anguage a iming a t i nco rpora t ing op t imiza t ion needs to deal with them. In practice, ou r pa t t e rn and type c o m p o n e n t s are less ex- pressive than Mercu r y type sys tem but , conversely, de te rmin i sm in Mercu ry does not benefit f rom size re la t ions which results in an a priori less precise mul t ip l ic i ty analysis . T h u s an ana lyse r s imilar to ours could be in tegra ted to Mercu ry cond i t iona l to a (subs tant ia l ) improvemen t o f the type c o m p o n e n t . (Techniques s imilar to Ref. [17] could be appl ied.) Such an ana lyser should then o u t p e r f o r m the cur ren t M e r c u r y ana lyse r bo th for de t e rminacy analysis and ~ermination. Fu r t~e rmore , ou r ana lyse r could a l te rnat ive ly be used to t r ans fo rm pure un typed logic p r o g r a m s into Mercu ry p r o g r a m s (not into Prolog).
A n o t h e r interest ing re la t ion can be seen with papers on declara t ive debugging [13] and even more with recent p roposa l s on in tegra t ing verif ication and abs t rac t inter- p re t a t ion techniques in a un i form, more general sett ing [36,50], All these p roposa l s are main ly based on the asser t ion ( p r e c ond i t i on -pos t cond i t i on ) a p p r o a c h by Dra- bent and Malusz insky [33]. The novel ty o f ou r a p n r o a c h is tha t the no t ion o f ab- s t ract sequences al lows us to charac ter ize "success "" input subs t i tu t ions (by means o f ~-~r) and to deal with global i n fo rma t ion relat ing input and o u t p u t subs t i tu t ions (e.g., size relat ions) explicitly.
6.4. A u t o m a t i c c o m p l e x i t y analys is o f logic p r o g r a m s
Automatic, complex i ty analys is [27] is useful for ~ t t tomat ica l ly tun ing the task g ranu la r i t y in parallel execut ions o f logic p r o g r a m s [28]. It can be used also to select the mos t efficient Prolog version o f a logic p rocedure [!4]. O u r ana iyser is able to ver- ify precise re la t ions between the sizes o f the a r g u m e n t s and the n u m b e r o f so lu t ions
t4 E.g., it is not possible to deduce information about the linearity of terms of the form f ( t l , t2) from the sole assertion that t~ and t2 are linear terms.
38 B. Le Charlier et al. I J. Logic" Programming 39 f1990) 3-42
to a Pro log procedure . T h u s it can be used as a basis for an au toma t i c complex i ty ana lys i s s imi lar to Ref. [27]. The work in Ref. [27] is not based on abs t rac t in terpr- e ta t ion but ins tead it exploi ts general knowledge a b o u t logic p rograms; different size no t ions are used co r r e spond ing to different types (e.g., lists, integers) and the re la t ion between the n u m b e r o f so lut ions a n d the size o f te rms is expressed by m e a n s o f dif- ference equa t ions ; finally, this work assumes a n u m b e r o f p r e l imina ry analyses. In our app roach , all ana lyses are pe r fo rmed at the same t ime a n d m a y interact, which theoret ica l ly a l lows more precise analyses . However , in order to compe te with [27], our abs t rac t d o m a i n needs to be improved fur ther to deal wi th mul t ip le n o r m s and difference equa t ions .
7. Conc lus ion and future works
In this paper , we have presented a generic ana lyser for pure Prolog, designed ac- co rd ing to a ver if icat ion app roach . The ana lyse r is based on a no t ion o f abs t rac t se- quence, which is expressive enough to model mos t semant ic proper t ies o f t e rmina t ing Prolog p rograms . Add i t i ona l l y to the descr ip t ion o f the analyser , a comple te d o m a i n o f abs t rac t sequences has been presented. This d o m a i n a l lows us to der ive all k inds o f i n f o r m a t i o n that are useful for Prolog p r o g r a m verif icat ion, in a single analysis : modes , types, shar ing, sizes, de te rminacy , and mul t ip l ic i ty . The d o m a i n has never- theless some l imi ta t ions , m a i n l y with re:,pect to types. W e also have descr ibed the im- p l emen ta t i on o f two m a i n opera t ions over the d o m a i n in order to d e m o n s t r a t e how such ope ra t ions can be designed. Final ly , we have c o m p a r e d our a p p r o a c h to a num- ber o f o ther works relative to Pro log p r o g r a m verif icat ion a n d cons t ruc t ion , termi- na t i on ana lys is o f logic p rograms , abs t rac t in te rpre ta t ion and abs t rac t doma ins , a u t o m a t i c complex i ty analysis , as well as to the ana lyse r o f the new logic language Mercury . Thus , in our op in ion , this paper con ta ins suffic;.ent mate r ia l to a l low an im- p l emen to r bu i ld ing a pract ical system in which s ta te-of- the-ar t t echniques o f Prolog p r o g r a m ver i f icat ion can be integrated.
A l t h o u g h our ana lyse r has been presented for pure Prolog, it can be readi ly ex- tended to deal with mos t n o n pure features o f Prolog. W e have inc identa l ly m e n t ioned how this can be done in the previous sectior~s. Now, we s u m m a r i z e this issue. Ar i thme t i c buil t - ins , such as i s and <, and test predicates, such as v a r and g r o u n d , can be h a n d l e d wi thout add i t iona l cod ing by p rov id ing behav iours captur - ing their ope ra t iona l semant ics . (Uni f ica t ion could also be h a n d l e d by m e a n s o f a set o f behav iour s but, due to the ub iqu i tous charac te r o f this opera t ion , such a treat- men t would be inaccurate . ) The t rea tment o f the cut requires to e n h a n c e the concrete a n d abs t rac t d o m a i n s with so-called "'cut i n f o r m a t i o n " in the style o f Refs. [9,45,46]; such a t r ea tment can be in tegra ted in our ana lyser , since it is based on the same con- crete semant ics . F u r t h e r m o r e , as nega t ion by fai lure is easy mode led t h r o u g h the cut, it can also be h a n d l e d s imply. Some Prolog systems include a " 'non f lounder ing" test to ensure that negated a toms are executed safely. So;oh a test can be pe r fo rmed stat- ically in our ana lyse r t h a n k s to the mode a n d possible sha r ing componen t s . T h e oc- cur-check can be t reated by the same means . Nevertheless , o ther aspects o f some Prolog systems such as the " 'dynamic predica tes" assert a n d retract canno t be h a n d l e d by our ana lyser ; ne i ther can other t r ea tments o f negat ion such as delay-
B. Le Charlier et al. I J. Logic Programming 39 (1999) 3 - 4 2 39
ing non g r o u n d negated a toms. We are aware o f no r igorous me thods to verify pro- g rams using these features, however .
We are cur ren t ly comple t ing an implemen ta t ion o f the ana lyse r based on the do- main presented in this paper . In fact, we have been able to reuse mos t o,f the code o f GAIA [47] but we still have to implement the opera t ions on the size c o m p o n e n t s based on the p o l y h e d r o n l ibrary o f Wilde [69]. Our next task will be to app ly the an- alyser to the verification o f a significant n u m b e r o f Pro log p rograms . A fur ther s tep will be to extend the ana lyse r with more powerful abs t rac t d o m a i n s for types [17,39], shar ing [38], and l inear i ty [62].
In add i t ion to the imp lemen ta t ion o f a comple te analyser , va r ious appl ica t ions o f it will be invest igated. First , we will go back to the p rob lem o f der iving correc t Pro- log imp lemen ta t ions o f pure ly declara t ive descr ipt ions . M o r e specifically, we will in- vest igate va r ious logic descr ip t ion (or p r o g r a m ) classes which can be ob ta ined by induct ive [34] or deduct ive [1 !,35,42,68] synthesis . Fo l lowing the general idea o f Ref. [32], we will invest igate how our ana lyse r can be used to p rove tha t some Pro log t rans la t ion o f such logic descr ip t ions correc t ly implements the in tended mean ing o f the descr ip t ions accord ing to the correc tness cr i ter ia p roposed by the a u t h o r s o f Refs. [34,35], respectively. This will require to in tegra te the cor rec tness cr i ter ia and ou r behav iour no t ion into a convenien t specification schema s imilar to Ref. [32]. Sec- ond, we will extend ou r ana lyse r to pe r fo rm an a u t o m a t i c complex i ty analys is in the spirit o f Re['. [27]. Such an analys is can be seen as a relat ively s t r a igh t fo rward by- p roduc t o f ou r analysis o f the n u m b e r o f solut ion to a procedure . Best-case and wors t -case analyses are bo th ob ta inab le since ou r c o m p o n e n t E~,,t provides lower and upper b o u n d s to the n u m b e r o f solutions. Final ly, ou r u l t imate goal will be to derive the most efficient version o f a Pro iog p rocedure au toma t i ca l ly t h a n k s to the results o f the complex i ty analysis.
Acknowledgements
We wish to thank the referees for their much useful c o m m e n t s and suggest ions for improvement s . Sabina Rossi and Agos t ino Cortesi are par t ia l ly suppor t ed by the I ta l ian M U R S T pre jec t N. 9701248444-044: Tecnichejbrmali per la specifica, l'anal- isL la ~rerifica, la sintesi e la trasjbrma:ione di sistemi software. Baudou in Le Char l i a r and Chr i s tophe Lecl~re are par t ia l ly suppor t ed by the H C M project A B I L E N. E R B C H R X C T 9 4 0 6 2 4 : ,4bstract b~terpretation o f Declarative Languages.
References
[1] A. Aiken, T.K. Lakshman, Directional type checking o f logic programs, in: B. Le Charlier fed.) , First International Static Analysis Symposium. Namur , Belgium, September 1994, LNCS vol. 864. Springer, Berlin, 1994, pp. 43-60.
[2] K.R. Apt, D. Pedreschl, Studies in pure prolog: Terminat ion, in: J.W. Lloyd (Ed.L Proceedings o f the Sympos ium on C,~mputationai Logic, volume I o f Basic Research Series. Springer, Berlin, 1990. pp. ! 5 0 - ! 7 6 .
[3] K.R. Apt, F r o m Logic Programming to Prolog. Prentice-Hall, Englewood C~iffs, ~!J, 1997. [4] K.R. Apt, D. Pedreschi, Proving terminat ion o f general prolog programs, iu: Prt:ceedings o f the
Internat ional Conference on Theoretical Aspects o f C o m p u t e r Science, Sendal, Japar~. 1991.
B. L e Charlier et al. I J. Logic Programming 39 (1999) 3 - 4 2 4O
[5] K .P . Apt, D. Pedreschi, Modu la r Terminat ion Proofs For Logic And Pure Prolog Programs, Technical Repor t 6/93, Dipar t imento di lnformatica, Universit'h di Pisa, 1993.
[6] M. Bezem, Characterizing terminat ion o f logic programs with level mappings, J. Logic P rogramming 15 (1/2) (1992) 79-98.
[7] A. Bossi, N. Cocco, M. Fabris, Typed norms, in: B. Krieg-Brueckner (Ed.), Proc. ESOP'92, LNCS col. 582. Springer, Berlin, 1992, pp. 73-92.
[8] A. Bossi, N. Cocco, M. Fabris, Norms on terms and their use in proving universal terminat ion o f a logic program, Theoret . Compu t . Sci. I24 (2) (1994) 297-328.
[9] C. Braem, B. Le CharGer, S. Modard , P. Van Hentenryck, Cardinali ty analysis o f prolog, in: M. Bruynooghe (Ed.), Proceedings o f the Internat ional Logic P rog ramming Sympos ium (ILPS'94), M I T Press. Ithaca. NY, USA," November 1994.
[10] M. Bruynooghe, A practical f ramework for the abstract interpretat ion o f logic programs, J. Logic P rogramming 10 (2) (1991) 91-124.
[I 1] A. Bundy, A. Smaill, G. Wiggins, The synthesis o f logic programs from inductive proofs, in: J.W. Lloyd (Ed.), Compu ta t i ona l Logic, Esprit Basic Research Series, 1990.
[12] M. Codish, A. Mulkers, M. Bruynooghe, M. Garcia de la Banda, M. Hermenegildo, Improving abstract interpretat ions by combining domains , in: Proceedings o f the A C M S I G P L A N Sympos ium on Partial Evaluat ion and Semantics-Based Program Manipula t ion , A C M Press, 1993, pp. 194-205.
[13] M. Comini , G. Levi, M.C. Meo, G. Vitiello, Proving propert ies o f logic p rograms by abstract diagnosis, in: Mads D a m (Ed.). Proceedings o f the Fifth W o r k s h o p on Analysis and Verification o f Mult iple-Agent Languages ( L ( ) M A P S ' 9 6 ) , June 1996, LNCS col. 1192, Springer, Berlin, 1996.
[14] A. Cortesi, B. Le Charlier, S. Rossi. Specification-based au tomat ic verification o f logic programs, in: Logic Program Synthesis and Transformat ion . Proceedings o f the Sixth Internat ional Workshop , LOPSTR'96 , August 1996, LNCS col. 1207, Springer, Berlin. 1996.
[15] A. Cortesi, B. Le Charlier, P. Van Hentenryck, Conceptual and software suppor t for abstract domain design: Generic structural domain and open product , Technical Report , Institute o f C o m p u t e r Science, University o f Namur , Belgium, (also Brown University), Namur , Belgium, 1993.
[16] A. Cortesi, B. Le Charlier, P. Van Hentenryck, Combina t ion o f abstract domains for logic programming, in: Proceedings o f the 21th ACM S I G P L A N - S I G A C T Sympos ium on Principles o f P rog ramming Languages (POPL'94), Port land, Oregon, January 1994.
[17] A. Cortesi , B. Le Charlier, P. Van Hentenryck, Type analysis o f prolog using type graphs, J. Logic P rogramming 23 (3) (1995) 237-278.
[18] P. Cousot , R. Cousot , Abstract interpretation: A unified lattice model for static analysis o f p rograms by const ruct ion or approximat ion o f fixpoints, in: Conference Record o f Four th A C M Sympos ium on Programming Languages (POPL'77), Los Angeles, California, January 1977, pp. 238-252.
[19] P. Cousot , R. Cousot , Automat ic synthesis o f opt imal invariant assertions: Mathemat ica l foundat ion . in: Proceedings o f the A C M Sympos ium on Artiiicial Intelligence and P rog ramming Languages, S I G P L A N Notices, 1977, pp. !-12.
[20] P. Cousot , R. Cousot , Abstract interpretat ion and applicat ion to logic programs, J. Logic P rogramming 13 (2-.3) (1992).
[21] P. Cousot , R. Cousot . Ab3tract interptc!at ion frameworks, J. Logic and C o m p u l a t i o u 2 (4)(1992) 511-547.
[22] P. ( 'ousot , R. Couso t (Eds.). Inductive detinitions, ~emantics and abstract interpretat ion, in: Conference P, ecord o f th= ~gth ACM S I G A C T - S I G M O D - S I G A R T Sympos ium on Principles o f P rog ramming Languages= ACM Picss, New York. August 1992, pp. 83-94.
[23] P. De Boeck. B. Le Charlier, Static type ar.alysis o f prolog procedures for ensuring correctness, in: Proceedings o f P rogramming Language Implementa t ion and Logic P rog ramming PLILP'90, Link6ping, Sweden, Springer, August 1990, L?-,~CS col. 456, Springer, Berlin, 1990, pp. 222-237.
[24] P, De Boeck, B. Le Charlier, Mechanical translbrma,,,.'on o f logic deliniticms augmented with type informat ion into proiog procedures: Some experiments, in: Proceedings o f LOPSTR'93 , Workshops in C o m p u t e r Science. Springer, July 1993.
[25] D. De Schreye, S. Decorte, Terminat ion of logic programs: The never-ending story, J. Logic P rogramming Special anniversary edition, accepted for publication.
[26] D. De Schreye, K. Verschaetse, M. Bruynooghe, A f ramework for analysing the terminat ion o f definite logic p rograms with respect to call patterns, in: Proceedings o f the FGCS'92, ICOT Tokyo , 1992. ICOT, pp. 481-488.
l). Le Charlier et al. i J. Logic Pr,~gramming 39 (1999) 3--42 41
[27] S.K. Debray, N.W. Lin, Cost analysis of logic programs, A C M Trans. Programming Langx:ages and Systems 15 (5)(1993) 826-875.
[28] S.K. Debray, N.W. Lin, M. Hermenegildo, Task granularity analysis in logic programs, in: Proceedings ACM SIGPLAN'90 conference on programming language design and implementation, June ~ 990, pp. i 74- ! 88.
[29] S.K. Debray, D.S, Warren, Functional computat ions in logic programs, A C M Transactions on Programming Languages and Systems (TOPLAS) i I (3) (1989)451-481.
[30] S. Oecorte, D. De Schreye, M. Fabris, Exploiting the power of typed norms in automatic inference of interargument relations, Technical Report, Department of Computer Science, K.U.Leuven, Belgium, i 994.
[31] S. Decorte, D. De Schreye, M. Fabris, Automatic inference of norms: A missing link in automatic termination analysis, in: D. Miller (Ed.), Proceedings ILPS'93, Vancouver, Canada, 1993, pp. 420- 436.
[32] Y. Deville, Logic Programming: Systematic Program Development, MIT Press, Cambridge, 1990. [33] W. Drabent , J. Maluszyfiski, Inductive assertion method for logic programs, Theoret. Comput . Sci.
59 (1988) 133-155. [34] P. Flener, Y. Deville, Logic program synthesis from incomplete specifications, Journal o f Symbolic
Computat ion: Special Issue on Automatic Programming, 1993. [35] P. Flener, K.-K. Lau, Program schemas as steadfast programs, Technical Report BU-CEIS-97,
Bilkent University, Department of Computer Science, 1997. [36] M. Gallardo, P. Merino, J.M. Troya, Relating abstract interpretation with logic program verification,
in: A. Bossi (Ed.), ILPS'97 Post-Conference Workshop on Verification, Model-Checking and Abstract Interpretation, Port Jefferson, USA, 1997.
[37] J. Henrard, B. Le Charlicr, FOLON: An environment for declarative construction of logic programs (extended abstract), in: M. Bruynooghe, M. Wirsing (Eds.), Proceedings of the Four th International Workshop on Programming Language Implementation and Logic Programming (PLILP'92), August 1992, LNCS vol. 631. Springer, Berlin, 1992.
[38] D. Jacobs, A. Langen, Accurate and efficient approximation of variable aliasing in logic programs, in: E.L. Lusk, R.A. Overbeek (Eds.), Proceedings of the North American Conference on Logic Programming (NACLP'89), Cleveland, Ohio, October 1989. MIT Press, Cambridge, pp. 154-165.
[39] (3. Janssens, M. Bruynooghe, Deriving descriptions of possible values of program variables by means of abstract interpretation, J, Logic Programming 13 (~3) (1992) 205-258.
[40] G. Janssens, M. Bruynooghe, A. Mulkers, Abstract equation systems: Description and insights, Report CW217, Department of Comput ing Science, K.U.Leaven, November ! 995.
[41] N.D. Jones, H. Sondergaard, A semantic-based framework for the abstract interpretation of prolog, in: S. Abramsky, C. Hankin (Eds.), Abstract Interpretation of Declarative Languages, Ch. 6, Ellis Horwood, Chichester, 1987, pp. 123-142.
[42] K.K. Lau, S.D. Prestwich, Top-down synthesis o f roeursive logic procedures from first-order logic specifications, in: D.H.D. Warren, P. Szeredi (Eds,), Prec, Sevemh lnt ' l Conf. on Logic Program- ming, The MIT Press, Cambridge, MA, I990, pp. 66%684.
[43] B. Le Charlier, C, Leel~re, S, Rossi, A. Cortesi, Automated verification of prolog programs, Research Paper RP-98-002, Institute of Computer Science, University of Namur, Belgium, 1998.
[,44] B. Le Charlier, S. Rossi, Sequence-based abstract semantics of prolog, Technical Report RR-96-001, Facultds Universitaires Notre-Dame de ia Paix, lnstitut d ' lnformatique, February 1996.
[45] B. Le Chartier, S. Ro.~si, P. Van Hentenryck, An abstract interpretation framework which accurately handles prolog search-rule and the cu~ in: M. Bruynooghe (Ed.), Proceedings o f the International Logic Programming Symposium (iLPS'94), MIT Press, Ithaca NY, USA, November 1994.
[46] B. Le Charlier, S. Rossi, P. Van Hentenryck, Sequence-based abstract interpretation of prolog, Technical Report RR-97-001, Facult6s Universitaires Notre-Dame de la Paix, lnstitut d ' Informati- que, January 1997,
[47] B. Le Charlier, P. Van Hentenryck, Experiment~,l evaluation of a generic abstract interpretation algorithm for prolog, ACM Transactions on Programming Languages and Systems (TOPLAS) 16 (I) (1994) 35-101.
[48] B. Le Charlier, P. Van Hentenryck, Reexecution in abstract interpretation of prolog, Acta informatica 32 (1995) 209-253,
42
[491
[581
[591
[601
[611
[a2l
B. Le CharIier et al. I J. Logic Programming 39 (1999) 3-42
C. Lecl~rc, B. Le Charlier, Two dual abstract operations to duplicate, eliminate, equalize, introduce and rename place-holders occurring inside abstract descriptions, Research Paper RP-96-028, University of Namur, Belgium, September 1996.
[50] G. Levi. P. Volpe, A reconstruction of verification techniques by abstract interpretation, in: A. Bossi (Ed.), 1LPS'97 Post-Conference Workshop on Verification, Model-Checking and Abstract Interpr- etation. Port Jefferson, USA, 1997.
[51] .I.W. Lloyd, Foundat ions o f Logic Programming. Springer Series: Symbolic Computation-Artificial Intelligence, 2nd ed. Springer, Berlin. 1987.
[52] K. Marriott, H. Sondergaard, Semantics-based dataflow analysis of logic programs, in: G. Ritter (Ed.), 11~formation Processing'g9, San Fransisco, California. 1989, pp. 601 606.
[53] C.S. Mellish, Abstract interpretation o f prolog programs, in: S. Abramsky, C. Hankin (Eds.), Abstract Interpretation of Declarative Languages, Ch. 8, Ellis Horwood. Chichester, 1987, pp. 181- I98.
[54] Daniel Le Mdlayer, Program analysis for software engineering: New applications, new requirements, new tools. ACM Computing Surveys. 28 (4es) { 1996} 167-167.
[55] K. Musumbu, lnterprdtation Abstraite de Programmes Prolog. Ph.D. Thesis, Institute of Computer Science, University of Namur, Belgium, September 1990 (in French).
[56] K. Muthukumar , M. Hermenegildo, Compile-time derivation of variable dependency using abstract interpretation. J. Logic Programming 13 (2/3) (199"?,) 315- 347.
[57] U. Niisson, Systematic semantic approximations of logic programs, in: P. Deransart, J. Maluszyfiski (Eds.), Proceedings of the International Workshop on Programming Language Implementation and Logic Programming (PLILP'90), Link/Aping, Sweden, August 1990, LNCS vol. 456, Springer, Berlin, 1990. pp. 293-306. L. Pliimer, Termination proofs for logic programs based on predicate inequalities, in: Proceedings ICLP'90, Jerusalem. MIT Press. Cambridge, June 1990, pp. 634-648. L. Pli, imer, Atttomatic termination proofs for proiog programs operating on nonground terms, in" Proceedings ILPS'91, San Diego, MIT Press, Cambridge, October 19t)l, pp. 503-517. L. PlOmer, Automatic verification o fGHC-programs: Termin:ition, in: Proceedings FGCS'92, Tokyo, 1992. Z. Somogyi. F. Henderson. T. Conway, The execution algorithm of mercury, an etticient purely declarative logic programming language, J. Logic Progr~mming 29 (! 3){ 1996) 17~64. H. Sondergaard, An application of abstract interpretation o f logic programs: Occur check reduction, in: B. Robinet, R. Wilhehn (Eds.), Proceedings of the European Symposium on Programming (ESOP'86), Saarbruecken, Germany, March 1986, LNCS vol. 213, Springer, Berlin, 1986, pp. 327- 338.
[63] J.D. UIlman. A. Van Gelder, Ett]cient test~ for top-down termination of logical rules, J. ACM 35 ~2) 1988) 345-373.
[64] P. Van Hentenryck, A. Cortesi, B. Le Charlier, Evaluation of Prop, J. Logic Programming 23 (3) (1995) 237-278.
[65] K. Verschaetse, Static termination analysis for definite Horn clause programs, Ph.D. Thesis, Department of Computer Science, K.U. Lew;en, 1992.
[66] b'. Verschaetse, D. De Schreye, Deriving termination proofs for togic programs, using abstract procedures, in: Proceedings ICLP'91. Paris, MIT Press, Cambridge, MA, June 1991, pp. 301-315.
[67] K. Verschaetse, S. Decorte, D. De Schreye, Automatic termination analysis, in: Proceedings LOPSTR'92. LNCS vol. 883, Springer, Berlin. I993.
[68] G.A. Wiggins. Synthesis and transformation o f logic programs in the Whelk proof development system, in: Proc. of the 1992 Joint International Conference and Symposium on Logic Programming. The MIT Press, Cambridge, MA, 1992.
[691 D.K. Wilde. A library tbr doing polyhedral operations. Technical Report No. 785. IRISA-lnstitut de Recherche en Informatique et Syst/:mes Ait~atoires, Rennes, France, 1993.