## Program analysis and specialisation using tree automata

Citations: | 1 - 0 self |

### BibTeX

@MISC{Gallagher_programanalysis,

author = {John P. Gallagher},

title = {Program analysis and specialisation using tree automata},

year = {}

}

### OpenURL

### Abstract

Abstract. Static analysis of programs using regular tree grammars has been studied for more than 30 years, the earliest example being Reynolds’ work on automatic derivation of data-type definitions from untyped functional programs. Recently the topic has attracted renewed attention, with applications in program specialisation, data flow analysis, shape analysis, mode and type inference, termination analysis and infinite state model checking. There are several related viewpoints on analysis using regular tree grammars, including set constraints, abstract interpretation over tree automata domain, directed types, regular approximation and regular type inference. The lectures will first summarise the relevant properties of finite tree automata, which provide a common foundation for these different viewpoints. It will then be shown how to construct an abstract interpretation over a domain of finite tree automata. Various program analyses based on this domain will be presented, such as “soft ” type construction, checking of safety properties in infinite state systems, and derivation of term-size measures for termination analysis. The lectures will also cover the construction of static analyses based on a given tree grammar capturing some properties of interest. It will be shown (for logic programs) how to build a precise analysis for a program based on an arbitrary regular tree grammar. This has applications in type and mode inference, binding time analysis for offline partial evaluation, and control of online partial evaluation. 1

### Citations

992 | Depth first search and linear graph algorithms
- Tarjan
- 1972
(Show Context)
Citation Context ..., can be decomposed into a sequence of smaller fixpoint computations, one for each strongly connected component (SCC) of the program’s predicate dependency graph. These can be computed in linear time =-=[44]-=-. In addition to the SCC optimisation, our implementation incorporates a variant of the semi-naive optimisation [46], which makes use of the information about new results on each iteration. A clause b... |

237 |
Principles of Database and
- Ullman
- 1987
(Show Context)
Citation Context ...ration. The essential task in performing an analysis using finite pre-interpretations (complete deterministic tree automata) can be seen as computing the minimal model of a (definite) Datalog program =-=[45]-=-, that is, a definite logic program containing no function symbols with non-zero arity. Such programs have finite models. Although there appear to be function symbols in the definition of the pre-inte... |

228 | M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
- Whaley, Lam
(Show Context)
Citation Context ...are free to choose the best method available. We do not give a detailed account of the various techniques here, but remark only that current techniques allow very large Datalog programs to be handled =-=[49]-=-. Our previous experiments [20] used a Prolog implementation, which though it incorporated many optimisations such as computing SCCs and the semi-naive strategy, did not scale well in certain dimensio... |

148 | Tree automata techniques and applications
- Comon, Dauchet, et al.
- 1997
(Show Context)
Citation Context ...form analyses based on tree automata. – Deriving a tree automaton as an approximation of a program. 1.1 Fundamental Definitions For the most part we use the notation and terminology from Comon et al. =-=[12]-=-. Let Σ be a set of function symbols. Each function symbol in Σ has a rank (arity) which is a natural number. Whenever we write an expression such as f(t1, . . . , tn), we assume that f ∈ Σ and has ar... |

121 |
Deriving descriptions of possible values of program variables by means of abstract interpretation
- Janssens, Bruynooghe
- 1992
(Show Context)
Citation Context ...regular set of terms. This can be defined by several closely related formalisms, such as FTAs, regular tree grammars, RUL programs, and regular form set constraints. To these we could add type graphs =-=[31, 47]-=- which are data structures for tree grammars, having a graphical representation.sPAT 2005 Summer School, Copenhagen: Lecture Notes 11 There is a number of useful operations, decidable properties and c... |

110 |
Foundations of Logic Programming: 2nd Edition
- Lloyd
- 1987
(Show Context)
Citation Context ...ed operationally, through (say) SLD-derivations, or denotationally, using models. The success set of a program P is the set of ground atomic formulas p(t) such that P ∪ {← p(t)} has an SLD-refutation =-=[36]-=-, in other words, the ground goal p(t) succeeds in P . An SLD-refutation of {← p(t)} in an RUL program mirrors a top-down derivation p ∗ → t in the FTA. Hence the success set of an RUL program capture... |

103 |
A flexible approach to interprocedural data flow analysis and programs with recursive data structures
- Jones, Muchnick
- 1982
(Show Context)
Citation Context ...ion [23], planning [5] and verification [7]. The first work in this area was by Reynolds [41]; other earlysPAT 2005 Summer School, Copenhagen: Lecture Notes 23 research was done by Jones and Muchnick =-=[33, 32]-=-. In the past decade two different approaches to deriving set expressions have been followed. One approach is based on abstract interpretation [31, 47, 19, 13, 38], and the other on solving set constr... |

99 | Waal. Fast and precise regular approximations of logic programs
- Gallagher, de
- 1994
(Show Context)
Citation Context ...Notes 23 research was done by Jones and Muchnick [33, 32]. In the past decade two different approaches to deriving set expressions have been followed. One approach is based on abstract interpretation =-=[31, 47, 19, 13, 38]-=-, and the other on solving set constraints derived from the program text [27, 17, 26, 2, 1, 34, 8, 40]. In abstract interpretation the program is executed over an abstract type domain, program variabl... |

95 |
E.: Logic programs as types for logic programs
- Frühwirth, Shapiro, et al.
- 1991
(Show Context)
Citation Context ...ormulation of regular tree languages has another dimension, since the class of RUL programs is equivalent in its expressive power to a wider class of logic programs called proper unary logic programs =-=[17]-=-. A proper unary logic program contains clauses p(t) ← p1(t1), . . . , pn(tn) such that t does not contain repeated variables, and for each ti, 1 ≤ i ≤ n, one of the following holds. 1. ti is a subter... |

94 | A finite presentation theorem for approximating logic programs
- Heintze, Jaffar
- 1990
(Show Context)
Citation Context ...pproaches to deriving set expressions have been followed. One approach is based on abstract interpretation [31, 47, 19, 13, 38], and the other on solving set constraints derived from the program text =-=[27, 17, 26, 2, 1, 34, 8, 40]-=-. In abstract interpretation the program is executed over an abstract type domain, program variables taking on abstract values represented by types rather than standard values. In set-constraint analy... |

91 |
Predicate logic as a computational formalism
- Clark
- 1979
(Show Context)
Citation Context ...V do not occur in the program or goals, but can appear in atoms in the minimal model M HV [P ]. Let C(P ) be the set of all atomic logical consequences of the program P , known as the Clark semantics =-=[9]-=-; that is, C = {A | P |= ∀A}, where A is an atom. Then M HV [P ] is isomorphic to C(P ). More precisely, let Ω be some fixed bijective mapping from V to the variables in L. Let A be an atom; denote by... |

82 |
Implementation of Logical Query Languages for Data Bases
- Ullman
- 1985
(Show Context)
Citation Context ...) of the program’s predicate dependency graph. These can be computed in linear time [44]. In addition to the SCC optimisation, our implementation incorporates a variant of the semi-naive optimisation =-=[46]-=-, which makes use of the information about new results on each iteration. A clause body containing predicates whose models have not changed on some iteration need not be processed on the next iteratio... |

74 |
E.: A type system for logic programs
- Yardeni, Shapiro
- 1990
(Show Context)
Citation Context ... above, along with the new productions one → s(zero) and zero → 0. 1.3 Regular Unary Logic Programs The use of logic programs to represent regular tree languages was introduced by Yardeni and Shapiro =-=[50]-=-. A unary or monadic definite logic program is a logic program in which all predicates are unary. A regular unary logic (RUL) program is one in which every clause is of the form p(f(X1, . . . , Xn)) ←... |

73 | Automatic Mode Inference for Logic Programs
- Debray, Warren
- 1988
(Show Context)
Citation Context ...aphic protocols come from [24], [25] and [39]. 5 Complexity and Scalability 5.1 Abstract Compilation of a Pre-Interpretation The idea of abstract compilation was introduced first by Debray and Warren =-=[16]-=-. Operations on the abstract domain are coded as logic programs and added directly to the target program, which is then executed according to standard concrete semantics. The reason for this technique... |

73 |
H.: Bottom-up abstract interpretation of logic programs
- Marriott, Søndergaard
- 1988
(Show Context)
Citation Context ...hus, by defining pre-interpretations and computing the corresponding least model, we obtain safe approximations of the concrete semantics. Condensing Domains The property of being a condensing domain =-=[37]-=- has to do with precision of goal-dependent and goal-independent analyses (top-down and bottom-up) over that domain. Goal-independent analysis over a condensing domain loses no precision compared with... |

71 | Formal language, grammar and set-constraint-based program analysis by abstract interpretation
- Cousot, Cousot
- 1995
(Show Context)
Citation Context ...Notes 23 research was done by Jones and Muchnick [33, 32]. In the past decade two different approaches to deriving set expressions have been followed. One approach is based on abstract interpretation =-=[31, 47, 19, 13, 38]-=-, and the other on solving set constraints derived from the program text [27, 17, 26, 2, 1, 34, 8, 40]. In abstract interpretation the program is executed over an abstract type domain, program variabl... |

69 | Set Constraints: Results, Applications, and Future Directions
- Aiken
- 1994
(Show Context)
Citation Context ...ted below as Horn clauses). In the examples below, the properties are then determinised and used to construct an analysis domain. Infinite-State Model Checking The following example is from [42]. gen(=-=[0, 1]-=-). trans1([0, 1|T ], [1, 0|T ]). trans(X, Y ) ← gen([0|X]) ← gen(X). trans1([H|T ], [H|T 1]) ← trans1(X, Y ). reachable(X) ← trans1(T, T 1). trans([1|X], [0|Y ]) ← gen(X). trans2([0], [1]). trans2(T, ... |

67 | Practical program analysis using general purpose logic programming systems—a case study - Dawson, Ramakrishnan, et al. - 1996 |

54 | Abstracting Cryptographic Protocols with Tree Automata
- Monniaux
- 1999
(Show Context)
Citation Context ...ot have to associate types with particular argument positions. Further examples of the use of tree automata for expressing and analysing properties of cryptographic protocols come from [24], [25] and =-=[39]-=-. 5 Complexity and Scalability 5.1 Abstract Compilation of a Pre-Interpretation The idea of abstract compilation was introduced first by Debray and Warren [16]. Operations on the abstract domain are c... |

39 | A method for automatic cryptographic protocol verification
- Goubault-Larrecq
- 2000
(Show Context)
Citation Context ...er does not have to associate types with particular argument positions. Further examples of the use of tree automata for expressing and analysing properties of cryptographic protocols come from [24], =-=[25]-=- and [39]. 5 Complexity and Scalability 5.1 Abstract Compilation of a Pre-Interpretation The idea of abstract compilation was introduced first by Debray and Warren [16]. Operations on the abstract dom... |

37 | Program Analysis, Debugging and Optimization Using the Ciao System Preprocessor
- Hermenegildo, Bueno, et al.
- 1999
(Show Context)
Citation Context ...e are concerned with deriving such descriptions statically, rather than prescribing them. Derivation of set expressions such as these has many applications including type inference [17, 7], debugging =-=[28]-=-, assisting compiler optimisations [31, 47], optimising a theorem prover [15], program specialisation [23], planning [5] and verification [7]. The first work in this area was by Reynolds [41]; other e... |

32 |
The applicability of logic program analysis and transformation to theorem proving
- Waal, Gallagher
- 1994
(Show Context)
Citation Context ...ribing them. Derivation of set expressions such as these has many applications including type inference [17, 7], debugging [28], assisting compiler optimisations [31, 47], optimising a theorem prover =-=[15]-=-, program specialisation [23], planning [5] and verification [7]. The first work in this area was by Reynolds [41]; other earlysPAT 2005 Summer School, Copenhagen: Lecture Notes 23 research was done b... |

31 | Solving systems of set constraints (extended abstract
- Aiken, Wimmers
- 1992
(Show Context)
Citation Context ...pproaches to deriving set expressions have been followed. One approach is based on abstract interpretation [31, 47, 19, 13, 38], and the other on solving set constraints derived from the program text =-=[27, 17, 26, 2, 1, 34, 8, 40]-=-. In abstract interpretation the program is executed over an abstract type domain, program variables taking on abstract values represented by types rather than standard values. In set-constraint analy... |

29 | Abstract Interpretation over Non-deterministic Finite Tree Automata for Set-Based Analysis of Logic Programs
- Gallagher, Puebla
- 2002
(Show Context)
Citation Context ... of terms accepted by R {q1,q2} is the product of R {q1} and R {q2}. 6.3 Outline of Abstract Interpretation A summary of the abstract interpretation proceeds as follows. A full description appears in =-=[22]-=-. The least automaton, namely the automaton with zero transitions, is the initial approximation. On each iteration, the body of each clause is solved with respect to the current approximation, yieldin... |

29 |
Le Charlier B. Type analysis of prolog using type graphs. In: SIGPLAN conference on programming language design and implementation
- Hentenryck, Cortesi
- 1994
(Show Context)
Citation Context ...regular set of terms. This can be defined by several closely related formalisms, such as FTAs, regular tree grammars, RUL programs, and regular form set constraints. To these we could add type graphs =-=[31, 47]-=- which are data structures for tree grammars, having a graphical representation.sPAT 2005 Summer School, Copenhagen: Lecture Notes 11 There is a number of useful operations, decidable properties and c... |

28 | Practical model-based static analysis for definite logic programs - Gallagher, Boulanger, et al. - 1995 |

27 | Set-based analysis of reactive infinite-state systems
- Charatonik, Podelski
- 1998
(Show Context)
Citation Context ...but in this paper we are concerned with deriving such descriptions statically, rather than prescribing them. Derivation of set expressions such as these has many applications including type inference =-=[17, 7]-=-, debugging [28], assisting compiler optimisations [31, 47], optimising a theorem prover [15], program specialisation [23], planning [5] and verification [7]. The first work in this area was by Reynol... |

22 | Practical aspects of set based analysis
- Heintze
- 1992
(Show Context)
Citation Context ...pproaches to deriving set expressions have been followed. One approach is based on abstract interpretation [31, 47, 19, 13, 38], and the other on solving set constraints derived from the program text =-=[27, 17, 26, 2, 1, 34, 8, 40]-=-. In abstract interpretation the program is executed over an abstract type domain, program variables taking on abstract values represented by types rather than standard values. In set-constraint analy... |

21 |
B.: Analysing logic programs using “Prop”-ositional logic programs and a magic wand
- Codish, Demoen
- 1993
(Show Context)
Citation Context ...pes can be computed from the abstract model over the resulting pre-interpretation, for example using a query-answer transformation (magic sets). This is a standard approach to deriving call patterns; =-=[11]-=- gives a clear account and implementation strategy. Let P be the following program for transposing a matrix. transpose(Xs, []) ← makerow([], [], []). nullrows(Xs). makerow([[X|Xs]|Y s], [X|Xs1], [Xs|Z... |

21 | S.A.: Verification of parameterized systems using logic program transformations
- Roychoudhury, Kumar, et al.
- 2000
(Show Context)
Citation Context ... (represented below as Horn clauses). In the examples below, the properties are then determinised and used to construct an analysis domain. Infinite-State Model Checking The following example is from =-=[42]-=-. gen([0, 1]). trans1([0, 1|T ], [1, 0|T ]). trans(X, Y ) ← gen([0|X]) ← gen(X). trans1([H|T ], [H|T 1]) ← trans1(X, Y ). reachable(X) ← trans1(T, T 1). trans([1|X], [0|Y ]) ← gen(X). trans2([0], [1])... |

16 |
M.: A systematic construction of abstract domains
- Boulanger, Bruynooghe
- 1994
(Show Context)
Citation Context ...del) of a program. The standard, or concrete semantics is based on the Herbrand pre-interpretation. The theoretical basis of this approach to static analysis of definite logic programs was set out in =-=[4, 3]-=- and [18]. We follow standard notation for logic programs [36]. Let P be a definite program and Σ the signature of its underlying language L. A pre-interpretation of L consists of 1. a non-empty domai... |

16 | Set constraints and logic programming
- Kozen
- 1994
(Show Context)
Citation Context |

14 | Abstract domains based on regular types
- Gallagher, Henriksen
- 2004
(Show Context)
Citation Context ...hod available. We do not give a detailed account of the various techniques here, but remark only that current techniques allow very large Datalog programs to be handled [49]. Our previous experiments =-=[20]-=- used a Prolog implementation, which though it incorporated many optimisations such as computing SCCs and the semi-naive strategy, did not scale well in certain dimensions. In particular, programs con... |

14 |
Regular tree languages as an abstract domain in program specialisation
- Gallagher, Peralta
(Show Context)
Citation Context ...rms can be approximated arbitrarily closely by some FTA. – The finite-height domain is determined by syntactic factors in the source program. For some applications (e.g. online program specialisation =-=[21]-=-) the program itself is being unfolded or otherwise transformed. The widening approach adapts more flexibly to such dynamic applications. 6.5 Deriving an FTA Approximation by Solving Constraints As ou... |

13 |
M.: Abstracting s-semantics using a model-theoretic approach
- Boulanger, Bruynooghe, et al.
- 1994
(Show Context)
Citation Context ...del) of a program. The standard, or concrete semantics is based on the Herbrand pre-interpretation. The theoretical basis of this approach to static analysis of definite logic programs was set out in =-=[4, 3]-=- and [18]. We follow standard notation for logic programs [36]. Let P be a definite program and Σ the signature of its underlying language L. A pre-interpretation of L consists of 1. a non-empty domai... |

13 | Using regular approximations for generalisation during partial evaluation
- Gallagher, Peralta
- 2000
(Show Context)
Citation Context ...t expressions such as these has many applications including type inference [17, 7], debugging [28], assisting compiler optimisations [31, 47], optimising a theorem prover [15], program specialisation =-=[23]-=-, planning [5] and verification [7]. The first work in this area was by Reynolds [41]; other earlysPAT 2005 Summer School, Copenhagen: Lecture Notes 23 research was done by Jones and Muchnick [33, 32]... |

12 |
A Binary Decision Diagram Package. http://www.itu.dk/research/buddy
- BuDDy
(Show Context)
Citation Context ...rying Datalog programs. It is written in Java and can link to established BDD libraries using the Java Native Interface (JNI). Our experiments were conducted using bddbddb linked to the BuDDy package =-=[35]-=-. We wrote a front end to translate our abstract logic programs and pre-interpretations into the form required by bddbddb. The possibility of using Boolean functions to represent finite relations was ... |

12 |
Type Domains for Abstract Interpretation: A Critical Study
- Mildner
- 1999
(Show Context)
Citation Context ...Notes 23 research was done by Jones and Muchnick [33, 32]. In the past decade two different approaches to deriving set expressions have been followed. One approach is based on abstract interpretation =-=[31, 47, 19, 13, 38]-=-, and the other on solving set constraints derived from the program text [27, 17, 26, 2, 1, 34, 8, 40]. In abstract interpretation the program is executed over an abstract type domain, program variabl... |

11 | Detecting unsolvable queries for definitive logic programs
- Bruynooghe, Vandecasteele, et al.
- 1998
(Show Context)
Citation Context ...uch as these has many applications including type inference [17, 7], debugging [28], assisting compiler optimisations [31, 47], optimising a theorem prover [15], program specialisation [23], planning =-=[5]-=- and verification [7]. The first work in this area was by Reynolds [41]; other earlysPAT 2005 Summer School, Copenhagen: Lecture Notes 23 research was done by Jones and Muchnick [33, 32]. In the past ... |

11 |
Flow analysis of lazy higher order functional programs
- Jones
- 1987
(Show Context)
Citation Context ...ion [23], planning [5] and verification [7]. The first work in this area was by Reynolds [41]; other earlysPAT 2005 Summer School, Copenhagen: Lecture Notes 23 research was done by Jones and Muchnick =-=[33, 32]-=-. In the past decade two different approaches to deriving set expressions have been followed. One approach is based on abstract interpretation [31, 47, 19, 13, 38], and the other on solving set constr... |

10 |
A bdd-based deductive database for program analysis. http://bddbddb.sourceforge.net
- Whaley, Unkel, et al.
- 2004
(Show Context)
Citation Context ...roved representations of finite relations was a key factor in scaling up to larger domains. Computing Datalog models using BDDs. Our current work uses the BDD-based solver bddbddb developed by Whaley =-=[48]-=-. This tool computes the model of a Datalog program, and provides facilities for querying Datalog programs. It is written in Java and can link to established BDD libraries using the Java Native Interf... |

9 | Paths vs. trees in set-based program analysis
- Charatonik, Podelski, et al.
- 2000
(Show Context)
Citation Context |

8 | Directional type checking for logic programs: Beyond discriminative types
- Charatonik
(Show Context)
Citation Context ...nce the number of processes (the length of the lists) is unbounded. Hence finite model checking techniques do notsPAT 2005 Summer School, Copenhagen: Lecture Notes 17 suffice. The example was used in =-=[6]-=- to illustrate directional type inference for infinite-state model checking. We define simple regular types defining the states. The set of “good” states in which there is exactly one 1 is goodlist. T... |

7 |
Val#rie Viet Triem Tong. Reachability Analysis of Term Rewriting Systems with timbuk
- Genet
- 2001
(Show Context)
Citation Context ...ogrammer does not have to associate types with particular argument positions. Further examples of the use of tree automata for expressing and analysing properties of cryptographic protocols come from =-=[24]-=-, [25] and [39]. 5 Complexity and Scalability 5.1 Abstract Compilation of a Pre-Interpretation The idea of abstract compilation was introduced first by Debray and Warren [16]. Operations on the abstra... |

7 | Positive Boolean Functions as Multiheaded Clauses
- Howe, King
- 2001
(Show Context)
Citation Context ...search field and there are other techniques besides BDDs that are competitive. In logic20 program analyses, multi-headed clauses have demonstrated good performance when compared to BDDs, for example =-=[29]-=-. 5.3 An Algorithm for Determinisation Product representation sets of transitions. The determinisation algorithm described below generates an automaton whose transitions are represented in product for... |

6 | Set-based failure analysis for logic programs and concurrent constraint programs
- Podelski, Charatonik, et al.
- 1999
(Show Context)
Citation Context |

5 | Constrained regular approximation of logic programs
- Saglam, Gallagher
- 1998
(Show Context)
Citation Context ...nder intersection, union and complementation, and decidability properties such as emptiness, are retained under this extension. This provides an approach to extending the expressiveness of FTAs [12], =-=[43]-=-. 1.4 Definite Set Constraints A different approach to defining regular sets of terms was developed by Heintze and Jaffar, building on earlier work by Reynolds, Jones and Muchnick, and Mishra. This ap... |

3 |
Automatic construction of data set definitions
- Reynolds
- 1996
(Show Context)
Citation Context ...ebugging [28], assisting compiler optimisations [31, 47], optimising a theorem prover [15], program specialisation [23], planning [5] and verification [7]. The first work in this area was by Reynolds =-=[41]-=-; other earlysPAT 2005 Summer School, Copenhagen: Lecture Notes 23 research was done by Jones and Muchnick [33, 32]. In the past decade two different approaches to deriving set expressions have been f... |