Maurizio Proietti

A Comparative Revisitation of Some Program Transformation Techniques

We revisit the main techniques of program transformation which are used in partial evaluation, mixed computation, supercompilation, generalized partial computation, rule-based program derivation, program specialization, compiling control, and the like. We present a methodology which underlines these techniques as a ‘common pattern of reasoning’ and explains the various correspondences which can be established among them. This methodology consists of three steps: i) symbolic computation, ii) search for regularities, and iii) program extraction. We also discuss some control issues which occur when performing these steps.

Program verification via iterated specialization

We present a method for verifying properties of imperative programs by using techniques based on the specialization of constraint logic programs (CLP). We consider a class of imperative programs with integer variables and we focus our attention on safety properties, stating that no error configuration can be reached from any initial configuration. We introduce a CLP program I that encodes the interpreter of the language and defines a predicate unsafe equivalent to the negation of the safety property to be verified. Then, we specialize the CLP program I with respect to the given imperative program and the given initial and error configurations, with the objective of deriving a new CLP program Isp that either contains the fact unsafe (and in this case the imperative program is proved unsafe) or contains no clauses with head unsafe (and in this case the imperative program is proved safe). If Isp enjoys neither of these properties, we iterate the specialization process with the objective of deriving a CLP program where we can prove unsafety or safety. During the various specializations we may apply di erent strategies for propagating information (either propagating forward from an initial configuration to an error configuration, or propagating backward from an error configuration to an initial configuration) and di erent operators (such as the widening and the convex hull operators) for generalizing predicate definitions. Each specialization step is guaranteed to terminate, but due to the undecidability of program safety, the iterated specialization process may not terminate. By an experimental evaluation carried out on a significant set of examples taken from the literature, we show that our method improves the precision of program verification with respect to state-of-the-art software model checkers.

Rules and Strategies for Program Transformation

We present an overview of the program transformation methodology, focusing our attention on the so-called ‘rules + strategies’ approach in the case of functional and logic programs. The paper is intended to offer an introduction to the subject; it is not a complete account of the work in the area.

Semantics-based generation of verification conditions by program specialization

We present a method for automatically generating verification conditions for a class of imperative programs and safety properties. Our method is parametric with respect to the semantics of the imperative programming language, as it specializes, by using unfold/fold transformation rules, a Horn clause interpreter that encodes that semantics. We define a multi-step operational semantics for a fragment of the C language and compare the verification conditions obtained by using this semantics with those obtained by using a more traditional small-step semantics. The flexibility of the approach is further demonstrated by showing that it is possible to easily take into account alternative operational semantics definitions for modeling new language features. Finally, we provide an experimental evaluation of the method by generating verification conditions using the multi-step and the small-step semantics for a few hundreds of programs taken from various publicly available benchmarks, and by checking the satisfiability of these verification conditions by using state-of-the-art Horn clause solvers. These experiments show that automated verification of programs from a formal definition of the operational semantics is indeed feasible in practice.

Semantics-based generation of verification conditions via program specialization ☆

Abstract We present a method for automatically generating verification conditions for a class of imperative programs and safety properties. Our method is parametric with respect to the semantics of the imperative programming language, as it generates the verification conditions by specializing, using unfold/fold transformation rules, a Horn clause interpreter that encodes that semantics. We define a multi-step operational semantics for a fragment of the C language and compare the verification conditions obtained by using this semantics with those obtained by using a more traditional small-step semantics. The flexibility of the approach is further demonstrated by showing that it is possible to easily take into account alternative operational semantics definitions for modeling additional language features. We have proved that the verification condition generation takes a number of transformation steps that is linear with respect to the size of the imperative program to be verified. Also the size of the verification conditions is linear with respect to the size of the imperative program. Besides the theoretical computational complexity analysis, we also provide an experimental evaluation of the method by generating verification conditions using the multi-step and the small-step semantics for a few hundreds of programs taken from various publicly available benchmarks, and by checking the satisfiability of these verification conditions by using state-of-the-art Horn clause solvers. These experiments show that automated verification of programs from a formal definition of the operational semantics is indeed feasible in practice.

Program Derivation = Rules + Strategies

In a seminal paper [38] Prof. Robert Kowalski advocated the paradigm Algorithm = Logic + Control which was intended to characterize program executions. Here we want to illustrate the corresponding paradigm Program Derivation = Rules + Strategies which is intended to characterize program derivations, rather than executions. During program execution, the Logic component guarantees that the computed results are correct, that is, they are true facts in the intended model of the given program, while the Control component ensures that those facts are derived in an efficient way. Likewise, during program derivation, the Rules component guarantees that the derived programs are correct and the Strategies component ensures that the derived programs are efficient. In this chapter we will consider the case of logic programs with locally stratified negation and we will focus on the following three important methodologies for program derivation: program transformation, program synthesis, and program verification. Based upon the Rules + Strategies approach, we will propose a unified method for applying these three programming methodologies. In particular, we will present: (i) a set of rules for program transformation which preserve the perfect model semantics and (ii) a general strategy for applying the transformation rules. We will also show that we can synthesize correct and efficient programs from first order specifications by: (i) converting an arbitrary first order formula into a logic program with locally stratified negation by using a variant of the Lloyd-Topor transformation, and then (ii) applying our transformation rules according to our general strategy. Finally, we will demonstrate that the rules and the strategy for program transformation and program synthesis can also be used for program verification, that is, for proving first order properties of systems described by logic programs with locally stratified negation.

Automatic Proofs of Protocols via Program Transformation

We propose a method for the specification and the automated verification of temporal properties of protocols which regulate the activities of multiagent systems. The set of states of those systems may be infinite so that, in general, the verification of a property of a multiagent system cannot be performed by an exhaustive inspection. We specify a given multiagent system by means of a constraint logic program P with locally stratified negation, and we specify a given temporal property to be verified by means of an atomic formula A. In order to verify that the given temporal property holds, we transform the program P into an equivalent program T such that the fact A ← belongs to T. Our transformation method consists of a set of rules and an automatic strategy that guides the application of the rules. Our method is sound for verifying properties of protocols that are expressible in the CTL logic [5]. Although our method is incomplete for proving properties of infinite state systems, it is able to verify important properties of several protocols which are used in practice.

The Use of the Tupling Strategy in the Development of Parallel Programs

We present a technique for developing efficient functional programs by using optimal synchronizations among function calls. This technique is based on the application of the tupling strategy and it works for a wide class of functions defined by recursive equations. The derived programs are shown to have minimal redundancy, in the sense that repeated computations of identical recursive calls are never performed and identical subexpressions may be recomputed a number of times which is linearly bounded w.r.t. the depth of the recursion. The derived programs also have minimal spatial synchronization, in the sense that only a minimal number of computations are synchronized together, without increasing the parallel computation time.

An Automatic Transformation Strategy for Avoiding Unnecessary Variables in Logic Programs

When writing programs one uses variables for storing input and output data. They can be considered as necessary variables, because they are needed for expressing the meaning of programs. Often one also uses variables which are unnecessary, in the sense that they are not required for describing the input-output relation. Unnecessary variables are used by the programmer because they often allow for a more transparent way of writing programs or an easier proof of their correctness.