We present an automated abstract verification method for infinite-state systems specified by logic programs (which are a uniform and intermediate layer to which diverse formalisms such as transition systems, pushdown processes and while programs can be mapped). We establish connections between: logic program semantics and CTL properties, set-based program analysis and pushdown processes, and also between model checking and constraint solving, viz. theorem proving. We show that set-based analysis can be used to compute supersets of the values of program variables in the states that satisfy a given CTL property.

We present a method for approximating the semantics of probabilistic programs to the purpose of constructing semantics-based analyses of such programs. The method resembles the one based on Galois connection as developed in the Cousot framework for abstract interpretation. The main difference between our approach and the standard theory of abstract interpretation is the choice of linear space structures instead of order-theoretic ones as semantical (concrete and abstract) domains. We show that our method generates "best approximations" according to an appropriate notion of precision defined in terms of a norm. Moreover, if re-casted in a order-theoretic setting these approximations are correct in the sense of classical abstract interpretation theory. We use Concurrent ...

In this paper we generalize the notion of compositional semantics to cope with trans nite reductions of a transition system. Standard denotational and predicate transformer semantics, even though compositional, provide inadequate models for some known program manipulation techniques. We are interested in the systematic design of extended compositional semantics, observing possible trans - nite computations, i.e. computations that may occur after a given number of in nite loops. This generalization is necessary to deal with program manipulation techniques modifying the termination status of programs, such as program slicing. We include the trans nite generalization of semantics in the hierarchy developed in 1997 by P. Cousot, where semantics at dierent levels of abstraction are related with each other by abstract interpretation. We prove that a specular hierarchy of non-standard semantics modeling trans nite computations of programs can be speci ed in such a way that the standard hierarchy can be derived by abstract interpretation. We prove that non-standard trans nite denotational and predicate transformer semantics can be both systematically derived as solutions of simple abstract domain equations involving the basic operation of reduced power of abstract domains. This allows us to prove the optimality of these semantics, i.e. they are the most abstract semantics in the hierarchy which are compositional and observe respectively the terminating and initial states of trans nite computations, providing an adequate mathematical model for program manipulation.

In a recent paper, Peyton Jones et al. proposed a design for imprecise exceptions in the lazy functional programming language Haskell [PJRH + 99]. The main contribution of the design was that it allowed the language to continue to enjoy its current rich algebra of transformations. However, the denotational semantics used to formalise the design does not combine easily with other extensions, most notably that of concurrency. We present an alternative semantics for a lazy functional language with imprecise exceptions which is entirely operational in nature, and combines well with other extensions, such as I/O and concurrency. The semantics is based upon a convergence relation, which describes evaluation, and an exceptional convergence relation, which describes the raising of exceptions. Convergence and exceptional convergence lead naturally to a simple notion of renement, where a term M is re- ned by N whenever they have identical convergent behaviour, and any exception raised by N c...

interpretation concepts to the problem of verification of programs. We consider the theory of abstract verification as proposed in [5] and we show how it is possible to transform static analyzers with some suitable properties to obtain automatic verification tools based on sufficient verification conditions. We prove that the approach is general and flexible by showing three different verification tools based on different domains of types for functional, logic and CLP programming. The verifier for functional programs is obtained from a static analyzer which implements one of the polymorphic type domains introduced by Cousot [8]. The one for logic programs is obtained from a static analyzer on a type domain designed by Codish and Lagoon [3], while the verifier for CLP programs is obtained from the type analyzer described in [15]. 1 Abstract Interpretation and Verification Abstract interpretation [9,10] is a general theory for approximating the semantics

We characterize the symmetric structure of Cousot's hierarchy of semantics in terms of a purely algebraic manipulation of abstract domains. We consider domain complementation in abstract interpretation as a formal method for systematically deriving complementary semantics of programming languages. We prove that under suitable hypothesis the semantics abstraction commutes with respect to domain complementation. This result allows us to prove that angelic and demonic/innite semantics are complementary and provide a minimal decomposition of all natural-style trace-based, relational, denotational, Dijkstra's predicate transformer and Hoare's axiomatic semantics. We apply this construction to the case of concurrent constraint programming, characterizing well known semantics as abstract interpretation of maximal traces of constraints. Categories and Subject Descriptors D.3 [Programming languages]: Formal denitions and theory|Semantics; F.3 [Logics and meanings of programs ]: Semantics of...

We present a natural semantics for the untyped lazy -calculus plus McCarthy's amb, a nondeterministic choice operator. The natural semantics includes rules for both convergent behaviour (dened inductively) and divergent behaviour (dened co-inductively). This semantics is equivalent to a small step reduction semantics that corresponds closely to our operational intuitions about McCarthy's amb. We present equivalences for convergent and divergent behaviour based on the natural semantics and prove a Context Lemma for the convergence equivalence. We then give a -theory l 8 , based on the equivalences for convergent and divergent behaviour. Since it is able to distinguish between programs that dier only in their divergent behaviour, the -theory is more discriminating than equational theories based on current domain-theoretic models. It is therefore more suitable for reasoning about functional programs containing McCarthy's amb. Contents 1 Introduction 2 2 Related Work 3 3 ...

This paper describes an experiment in the definition of tools for type inference and type verification of ML-like functional languages, using abstract interpretation techniques. We first show that by extending the Damas-Milner type inference algorithm, with a (bounded) fixpoint computation (as suggested by the abstract interpretation view, i.e. by a slight variation of one of the type abstract semantics in [7]), we succeed in getting a better precision and solving some problems of the ML type inference algorithm without resorting to more complex type systems (e.g.

Interpretation [25], Modalities in Analysis and Verification [30], and Enhanced Operational Semantics [35]. Each section below begins with a presentation of our view of the state-of-the-art within the area, and ends with a brief explanation of how the papers in these proceedings enhance our knowledge of the area. Integration of Programming Paradigms Programming notions can be expressed in many di erent paradigms - imperative, object-oriented, concurrent, functional, logic-programming, constraint, etc. It is widely agreed that each programming paradigm has its own merits and is particularly appropriate for expressing certain classes of computation, thus the choice of paradigm can greatly affect the ease of programming. Traditionally, when constructing large scale systems, in particular distributed systems, it is often necessary to use multiple programming styles with disparate programming models, and very often it is necessary to resolve conflicts by low level methods reverting to the lowest...

In this paper we propose a fully semantic-based framework for performance evaluation. This framework is intended to be used in early stages of system design, as a tool for taking decision. More exactly, the idea is to sketch the system in a prototyping language, as pi-calculus and then to use our framework to derive its performance, parameterized by the architecture. This can be very useful when a choice between two equivalent systems must be taken, and which one is the most performing is not so evident. Keywords: Abstract interpretation, Markov chains, Performance evaluation, - calculus, RAD 1 This work was partially supported by Scuola Normale Superiore of Pisa and by the RTD project IST-1999-20527 \DAEDALUS" of the European FP5 programme 1