Agostino Cortesi

Type analysis of prolog using type graphs

Abstract Type analysis of Prolog is of primary importance for high-performance compilers since type information may lead to better indexing and to sophisticated specializations of unification and built-in predicates, to name a few. However, these optimization often require a sophisticated type inference system capable of inferring disjunctive and recursive types, and hence expensive in computation time. The purpose of this paper is to describe a type analysis system for Prolog based on abstract interpretation and type graphs (i.e., disjunctive rational trees) with this functionality. The system (about 15,000 lines of C) consists of the combination of a generic fixpoint algorithm, a generic pattern domain, and a type graph domain. The main contribution of the paper is to show that this approach can be engineered to be practical for medium-sized programs without sacrificing accuracy. The main technical contribution to achieve this result is a novel widening operator for type graphs which appears to be accurate and effective in keeping the sizes of the graphs, and hence the computation time, reasonably small.

Prop revisited: propositional formula as abstract domain for groundness analysis

The abstract domain Prop for analyzing variable groundness in logic programs is considered. This domain consists of (equivalence classes of) propositional formulas whose propositional variables correspond to program variables with truth assignments indicating which program variables are ground. Some ambiguity remains about precisely which formula should be included in Prop so that all interesting sets of program execution states (substitutions) have a unique representation. This ambiguity is clarified by characterizing, both semantically and syntactically, the appropriate definition of Prop. The use of propositional formulas for representing properties of substitutions of a different type than groundness, such as freeness and independence of variables, is discussed.<<ETX>>

Complementation in abstract interpretation

Reduced product of abstract domains is a rather well-known operation for domain composition in abstract interpretation. In this article, we study its inverse operation, introducing a notion of domain complementation in abstract interpretation. Complementation provides as systematic way to design new abstract domains, and it allows to systematically decompose domains. Also, such an operation allows to simplify domain verification problems, and it yields space-saving representations for complex domains. We show that the complement exists in most coses, and we apply complementation to three well-know abstract domains, notably to Cousot and Cousots interval domain for integer variable analysis, to Cousot and Cousots domain for comportment analysis of functional languages, and to the domain Sharing for aliasing analysis of logic languages.

Combinations of abstract domains for logic programming

Abstract interpretation [7] is a systematic methodology to designstatic program analysis which has been studied extensively in the logicprogramming community, because of the potential for optimizations inlogic programming compilers and the sophistication of the analyses whichrequire conceptual support. With the emergence of efficient genericabstract interpretation algorithms for logic programming, the mainburden in building an analysis is the abstract domain which gives a safeapproximation of the concrete domain of computation. However, accurateabstract domains for logic programming are often complex because of thevariety of analyses to perform their interdependence, and the need tomaintain structural information. The purpose of this paper is to proposeconceptual and software support for the design of abstract domains. Itcontains two main contributions: the notion of open product and ageneric pattern domain. The <?Pub Fmt italic>openproduct<?Pub Fmt /italic> is a new way of combining abstract domainsallowing each combined domain to benefit from information from the othercomponents through the notions of queries and open operations. The openproduct is general-purpose and can be used for other programmingparadigms as well. <?Pub Fmt italic>The generic patterndomain<?Pub Fmt /italic> Pat (<inline-equation><f><ge>R</ge></f> </inline-equation>)automatically upgrades a domain D with structuralinformation yielding a more accurate domain Pat (D) without additionaldesign or implementation cost. The two contributions are orthogonal andcan be combined in various ways to obtain sophisticated domains whileimposing minimal requirements on the designer. Both contributions arecharacterized theoretically and experimentally and were used to designvery complex abstract domains such as PAT(OProp<inline-equation><f>⊗</f></inline-equation>OMode<inline-equation><f>⊗</f><?Pub Caret></inline-equation>OPS) which would be very difficult todesign otherwise. On this last domain, designers need only contributeabout 20% (about 3,400 lines) of the complete system (about 17,700lines).

Optimal groundness analysis using propositional logic

It is well known that propositional formulas form a useful and computationally efficient abstract interpretation for different data-flow analyses of logic programs and, in particular, for groundness analysis. This article gives a complete and precise description of an abstract interpretation, called Prop, composed of a domain of positive, propositional formulas and three operations: abstract unification, least upper bound, and abstract projection. All three abstract operations are known to be correct. They are shown to be optimal in the classical sense. Two alternative stronger notions of optimality of abstract operations are introduced, which characterize very precise analyses. We determine whether the operations of Prop also satisfy these stronger forms of optimality.

Evaluation of the domain PROP

Abstract The domain Prop [11, 30] is a conceptually simple and elegant abstract domain to compute groundness information for Prolog programs, where abstract substitutions are represented by Boolean functions. Prop has raised much theoretical interest recently, but little is known about the practical accuracy and efficiency of this domain. Experimental evaluation of Prop is particularly important since Prop theoretically needs to solve a co-NP-Complete problem. However, this complexity issue may not matter much in practice because the size of the abstract substitutions is bounded since Prop would only work on the clause variables in many frameworks. The purpose of this paper is to study the performance of domain Prop . Its first contribution is to describe an implementation of the domain Prop and to use it to instantiate a generic abstract interpretation algorithm [17, 23, 27]. A key feature of the implementation is the use of ordered binary decision graphs to provide a compact representation of many Boolean functions. Its second contribution is to describe the design and implementation of a new domain, Pat(Prop) , combining the domain Prop with structural information about the subterms. This new domain may significantly improve the accuracy of the domain Prop on programs manipulating difference-lists. Both implementations (resp. 6000 and 12,000 lines of C) have been evaluated systematically, and their efficiency and accuracy for groundness inference have been compared with several other abstract domains. The interest of Pat(Prop) and Prop for on-line analysis is also investigated.

The quotient of an abstract interpretation

Abstract Within the abstract interpretation framework, abstract domains are used to represent interesting properties of the concrete domain. For instance, properties that enhance the optimization of the analyzed programs. An abstract domain D expresses, in general, several properties of the concrete domain. We describe a method for identifying, for any abstract domain D and for each property P expressed by D, the subset of D that is useful for computing P-information. We call it the quotient of D with respect to P. We also give a necessary and sufficient condition for having that the quotient is an abstraction of D. This property seems essential for applications such as that described below. As an illustration of the usefulness of the notion of quotient, we show that rather sophisticated comparisons between domains, can be carried out using it. Assume to have two abstract domains that both compute some property P, but that also express distinct properties and thus are incomparable as a whole. Such domains can be compared with respect to the precision with which they compute P-information, by comparing their quotients with respect to P. Using this method, two well-known abstract domains for Prolog programs, Prop and Sharing, are compared with respect to the precision with which they compute groundness information.

Comparison of Abstract Interpretations

The central idea of the technique of Abstract Interpretation is that the analysis of a program consists of executing it on a special (abstract) domain D of values in which each operation μ, used during the normal execution, is interpreted as a corresponding operation μ D on D. More formally, an (abstract) domain is a complete lattice that enjoys a Galois insertion into the concrete domain. An interpretation consists of a domain and a collection of monotone operations over that domain. Due to the success of the technique, several interpretations with similar purposes have been proposed. In the classical theory of abstract interpretation, the only way we have to compare two interpretations is to show that one abstracts the other. The weakness of this type of comparison is that it does not allow us to compare various interpretations with respect to some, but not all, of the information they express. This paper presents new notions that enable us to make such precise comparisons. These notions are applicable to the comparison of abstract interpretations for all kinds of programming languages and with all sorts of analysis frameworks. We show that our new notions form a natural extension to the existing notion of one interpretation abstracting another. We demonstrate the utility of our technique by using it to compare abstract interpretations for analysis of logic programs with respect to their ability to infer variable groundness.

Distinctness and Sharing Domains for Static Analysis of Java Programs

The application field of static analysis techniques for objectoriented programming is getting broader, ranging from compiler optimizations to security issues. This leads to the need of methodologies that support reusability not only at the code level but also at higher (semantic) levels, in order to minimize the effort of proving correctness of the analyses. Abstract interpretation may be the most appropriate approach in that respect. This paper is a contribution towards the design of a general framework for abstract interpretation of Java programs. We introduce two generic abstract domains that express type, structural, and sharing information about dynamically created objects. These generic domains can be instantiated to get specific analyses either for optimization or verification issues. The semantics of the domains are precisely defined by means of concretization functions based on mappings between concrete and abstract locations. The main abstract operations, i.e., upper bound and assignment, are discussed. An application of the domains to source-to-source program specialization is sketched to illustrate the effectiveness of the analysis.

Static analysis of string values

In this paper we propose a unifying approach for the static analysis of string values based on abstract interpretation, and we present several abstract domains that track different types of information. In this way, the analysis can be tuned at different levels of precision and efficiency, and it can address specific properties.