## Abstract Interpretation based Verification of Logic Programs (2000)

Venue: | SCIENCE OF COMPUTER PROGRAMMING |

Citations: | 12 - 6 self |

### BibTeX

@INPROCEEDINGS{Comini00abstractinterpretation,

author = {Marco Comini and Roberta Gori and Giorgio Levi and Paolo Volpe},

title = {Abstract Interpretation based Verification of Logic Programs},

booktitle = {SCIENCE OF COMPUTER PROGRAMMING},

year = {2000},

pages = {2000},

publisher = {}

}

### Years of Citing Articles

### OpenURL

### Abstract

This paper is an overview of our results on the application of abstract interpretation concepts to various problems related to the verification of logic programs. These include the systematic design of semantics modeling various proof methods and the characterization of assertions as abstract domains.

### Citations

1880 |
Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...nclude the systematic design of semantics modeling various proof methods and the characterization of assertions as abstract domains. 1 Abstract Interpretation and Verification Abstract interpretation =-=[14,15]-=- is a general theory for approximating the semantics of discrete dynamic systems, originally developed by Patrick and Radhia Cousot, in the late 70’s, as a unifying framework for specifying and valida... |

1093 | Proof-carrying code
- Necula
- 1997
(Show Context)
Citation Context ...amming languages semantics and formal methods is the verification of code coming from untrusted sources. One promising solution to the above problem is the approach known as Proof Carrying Code (PCC) =-=[37]-=-. According to the PCC approach, mobile code is supplied with a formal proof that it satisfies a specification defined by the host system, which will then simply check the proof, to ensure that the co... |

631 | Systematic Design of Program Analysis Frameworks
- Cousot, Cousot
- 1979
(Show Context)
Citation Context ...nclude the systematic design of semantics modeling various proof methods and the characterization of assertions as abstract domains. 1 Abstract Interpretation and Verification Abstract interpretation =-=[14,15]-=- is a general theory for approximating the semantics of discrete dynamic systems, originally developed by Patrick and Radhia Cousot, in the late 70’s, as a unifying framework for specifying and valida... |

470 |
Algorithmic Program DeBugging
- Shapiro
- 1983
(Show Context)
Citation Context ...erification methods As already mentioned, the sufficient condition (2) (in the case of logic programs) was initially used in abstract diagnosis [10,8], a technique which extends declarative debugging =-=[39,21]-=- to a debugging framework, which is parametric w.r.t. the abstraction. Abstract diagnosis considers properties which are abstractions of computed answers. The corresponding specifications can then be ... |

238 | Abstract interpretation frameworks
- Cousot, Cousot
- 1992
(Show Context)
Citation Context ..., which allow us to systematically improve the precision of the domain. Abstract interpretation was originally intended as a method for automatically generating program invariants. Even more recently =-=[16,17,13]-=-, it was shown to be very useful to understand, organize and synthesize proof methods for program verification. In particular, we are interested in one specific approach to the generation of abstract ... |

116 | The -semantics Approach: Theory and Applications
- Bossi, Gabbrielli, et al.
- 1994
(Show Context)
Citation Context ...ethods can be viewed as the basis for the systematic development of complete proof methods. 3 Designing semantics by abstract interpretation The aim of the approach to semantics, known as s-semantics =-=[3,24]-=-, was the definition of denotations modeling various operational properties (observables) in a compositional way, to be used as the semantic basis of analysis, verification and transformation methods.... |

98 | Constructive design of a hierarchy of semantics of a transition system by abstract interpretation
- Cousot
(Show Context)
Citation Context ..., which allow us to systematically improve the precision of the domain. Abstract interpretation was originally intended as a method for automatically generating program invariants. Even more recently =-=[16,17,13]-=-, it was shown to be very useful to understand, organize and synthesize proof methods for program verification. In particular, we are interested in one specific approach to the generation of abstract ... |

94 |
Inductive definitions, semantics and abstract interpretation
- Cousot, Cousot
- 1992
(Show Context)
Citation Context ..., which allow us to systematically improve the precision of the domain. Abstract interpretation was originally intended as a method for automatically generating program invariants. Even more recently =-=[16,17,13]-=-, it was shown to be very useful to understand, organize and synthesize proof methods for program verification. In particular, we are interested in one specific approach to the generation of abstract ... |

93 |
Abstract debugging of higher-order imperative languages
- Bourdoncle
- 1993
(Show Context)
Citation Context ...ram verification. In particular, we are interested in one specific approach to the generation of abstract interpretation-based partial correctness conditions, which is used also in abstract debugging =-=[4,10,6]-=-. The ideas behind this approach are the following: Preprint submitted to Elsevier Preprint May 9, 2001s• The concrete semantics [P ] of a program P is defined as the least fixpoint of a semantic eval... |

91 |
Predicate logic as a computational formalism
- Clark
- 1979
(Show Context)
Citation Context ... only. The right (denotational) observable is correct answers. The verification condition, obtained by unfolding (2) with the correct answers T α P , is essentially the same as those defined by Clark =-=[7]-=- and by Deransart [18]. The method is complete, 1 The clause c2 has ‘a’ instead of ‘b’ and the clause accept([]). is missing. 6ssince the observable is precise. I/O correctness. Specifications are pai... |

80 | Reasoning about Prolog programs: from modes through types to assertions
- Apt, Marchiori
- 1994
(Show Context)
Citation Context ...d abstraction step, properties closed under instantiation, we reconstruct the Bossi-Cocco condition [2], and, by further abstractions (modes, types, etc.), the hierarchy of verification conditions in =-=[1]-=-. As already mentioned, the second abstraction step is concerned with the choice of an abstract domain to model the property. Here we can make available to program verification all the abstract domain... |

55 | Inductive Assertion Method for Logic Programs
- Drabent, Maluszynski
- 1988
(Show Context)
Citation Context ... patterns. The method is complete. The verification condition, obtained by unfolding (2) with the call patterns T α P , is a slight generalization of the one defined by the Drabent-Maluszynski method =-=[20]-=-. If we consider, in the second abstraction step, properties closed under instantiation, we reconstruct the Bossi-Cocco condition [2], and, by further abstractions (modes, types, etc.), the hierarchy ... |

47 |
A unifying view of abstract domain design
- Filé, Giacobazzi, et al.
- 1996
(Show Context)
Citation Context ...ally derive “optimal” abstract semantics from the abstract domain. The systematic design aspect can be pushed forward, by using suitable abstract domain design methodologies (e.g. domain refinements) =-=[23,25,27]-=-, which allow us to systematically improve the precision of the domain. Abstract interpretation was originally intended as a method for automatically generating program invariants. Even more recently ... |

46 |
Error diagnosis in logic programming, an adaptation of E.Y. Shapiro's method
- Ferrand
- 1987
(Show Context)
Citation Context ...erification methods As already mentioned, the sufficient condition (2) (in the case of logic programs) was initially used in abstract diagnosis [10,8], a technique which extends declarative debugging =-=[39,21]-=- to a debugging framework, which is parametric w.r.t. the abstraction. Abstract diagnosis considers properties which are abstractions of computed answers. The corresponding specifications can then be ... |

40 |
Verifying correctness of logic programs
- Bossi, Cocco
- 1989
(Show Context)
Citation Context ...neralization of the one defined by the Drabent-Maluszynski method [20]. If we consider, in the second abstraction step, properties closed under instantiation, we reconstruct the Bossi-Cocco condition =-=[2]-=-, and, by further abstractions (modes, types, etc.), the hierarchy of verification conditions in [1]. As already mentioned, the second abstraction step is concerned with the choice of an abstract doma... |

39 | Abstract diagnosis
- Comini, Levi, et al.
- 1999
(Show Context)
Citation Context ...ram verification. In particular, we are interested in one specific approach to the generation of abstract interpretation-based partial correctness conditions, which is used also in abstract debugging =-=[4,10,6]-=-. The ideas behind this approach are the following: Preprint submitted to Elsevier Preprint May 9, 2001s• The concrete semantics [P ] of a program P is defined as the least fixpoint of a semantic eval... |

35 | On the Role of Semantic Approximations in Validation and Diagnosis of Constraint Logic Programs
- Bueno, Deransart, et al.
- 1997
(Show Context)
Citation Context ...ram verification. In particular, we are interested in one specific approach to the generation of abstract interpretation-based partial correctness conditions, which is used also in abstract debugging =-=[4,10,6]-=-. The ideas behind this approach are the following: Preprint submitted to Elsevier Preprint May 9, 2001s• The concrete semantics [P ] of a program P is defined as the least fixpoint of a semantic eval... |

27 |
Proof methods of declarative properties of definite programs
- Deransart
- 1993
(Show Context)
Citation Context ...otational) observable is correct answers. The verification condition, obtained by unfolding (2) with the correct answers T α P , is essentially the same as those defined by Clark [7] and by Deransart =-=[18]-=-. The method is complete, 1 The clause c2 has ‘a’ instead of ‘b’ and the clause accept([]). is missing. 6ssince the observable is precise. I/O correctness. Specifications are pairs of pre- and post-co... |

16 | Functional dependencies and Moore-set completions of abstract interpretations and semantics
- Giacobazzi, Ranzato
- 1995
(Show Context)
Citation Context ...ally derive “optimal” abstract semantics from the abstract domain. The systematic design aspect can be pushed forward, by using suitable abstract domain design methodologies (e.g. domain refinements) =-=[23,25,27]-=-, which allow us to systematically improve the precision of the domain. Abstract interpretation was originally intended as a method for automatically generating program invariants. Even more recently ... |

14 |
The Notions of Symptom and Error in Declarative Diagnosis of Logic Programs
- Ferrand
- 1993
(Show Context)
Citation Context ...ailure, we can use the standard condition (2) as a sufficient condition for the correctness w.r.t. finite failure. In [30], stronger verification conditions are generated, by using Ferrand’s approach =-=[22]-=-, based on two specifications. Ferrand uses the standard ground immediate consequences operator T P , while the specifications are S, intended lfp(T P ), and S ′ , intended gfp(T P ). The standard suf... |

12 | Completeness in Abstract Interpretation: A Domain Perspective. Pages 231–245 of: M. Johnson (ed
- Giacobazzi, Ranzato
- 1997
(Show Context)
Citation Context ...(R) ⊑ R). Note that precision of abstract interpretation can be quite difficult to prove. A sufficient condition for precision, generally easier to check, is full precision, that is α◦ TP = T α P ◦α. =-=[26]-=- contains some methods which allow us to systematically enrich a domain of properties so as to obtain an abstraction which is fully precise with respect to a given function. These methods can be viewe... |

12 | Logical optimality of groundness analysis
- Scozzari
- 2002
(Show Context)
Citation Context ...ed denotationally is as precise as the operational one, i.e. ∀G, P. B α [G in P ] = Q α [G in P ]. The class includes the domain depth(k), the domain POS for groundness analysis, proved to be optimal =-=[38]-=-, by using the theory of refinement operators, and other optimal domains (such as the type domain in [33], designed by using the same operators). It is worth stressing the importance of the AND-compos... |

11 | Detecting unsolvable queries for definitive logic programs
- Bruynooghe, Vandecasteele, et al.
- 1998
(Show Context)
Citation Context ... case of finite failure, the complement of T ff P ↓ ω has a very interesting characterization as the set of (possibly non-ground) atoms which do not have a successful derivation (called unsolvable in =-=[5]-=-) We can then provide a specification S ′ of the complement of the set of atoms which are intended to succeed and derive another meaningful sufficient condition S ′ ⊆ T ff P (S′ ), which guarantees th... |

11 | A theory of observables for logic programs
- Comini, Levi, et al.
(Show Context)
Citation Context ... verification and transformation methods. All the semantics proposed by this approach have been reconstructed (and systematically derived) as instances of a framework based on abstract interpretation =-=[9,8]-=-. The framework is based on a concrete semantics [11], which models SLD-trees and is formalized both denotationally and operationally. Let us introduce some notation. • B [G in P ] is the operational ... |

11 | Compositionality properties of SLD-derivations
- Comini, Meo
- 1999
(Show Context)
Citation Context ...ntics proposed by this approach have been reconstructed (and systematically derived) as instances of a framework based on abstract interpretation [9,8]. The framework is based on a concrete semantics =-=[11]-=-, which models SLD-trees and is formalized both denotationally and operationally. Let us introduce some notation. • B [G in P ] is the operational semantics of goal G in program P (roughly speaking, t... |

10 | Observable behaviors and equivalences of logic programs
- Gabbrielli, Levi, et al.
- 1995
(Show Context)
Citation Context ...ethods can be viewed as the basis for the systematic development of complete proof methods. 3 Designing semantics by abstract interpretation The aim of the approach to semantics, known as s-semantics =-=[3,24]-=-, was the definition of denotations modeling various operational properties (observables) in a compositional way, to be used as the semantic basis of analysis, verification and transformation methods.... |

9 | Intuitionistic Implication in Abstract interpretation
- Giacobazzi, Scozzari
- 1997
(Show Context)
Citation Context ...ally derive “optimal” abstract semantics from the abstract domain. The systematic design aspect can be pushed forward, by using suitable abstract domain design methodologies (e.g. domain refinements) =-=[23,25,27]-=-, which allow us to systematically improve the precision of the domain. Abstract interpretation was originally intended as a method for automatically generating program invariants. Even more recently ... |

8 | Specification-based automatic verification of Prolog programs
- Cortesi, Charlier, et al.
- 1997
(Show Context)
Citation Context ...der assertions in a suitable specification language, as we will do in Section 5. There exist other approaches to verification of logic programs, using abstract interpretation techniques. For example, =-=[12,31]-=- define a verification method for Prolog, which applies to specifications related to properties such as termination, and size-cardinality relations between inputs and outputs. 2 The issue of completen... |

7 | An experiment in domain refinement: Type domains and type representations for logic programs
- Levi, Spoto
- 1998
(Show Context)
Citation Context ...ass includes the domain depth(k), the domain POS for groundness analysis, proved to be optimal [38], by using the theory of refinement operators, and other optimal domains (such as the type domain in =-=[33]-=-, designed by using the same operators). It is worth stressing the importance of the AND-compositionality property, which guarantees that we can be as precise as possible (even in the case of approxim... |

7 |
Derivation of Proof Methods by Abstract Interpretation
- Levi, Volpe
- 1998
(Show Context)
Citation Context ...ver, if the method is complete, then when our program is correct with respect to specification S, there exists a property R, stronger than S, which verifies the verification condition. We have proved =-=[34,41]-=- that, for verification conditions which have the form of condition (2) for a suitable α, the derived method is complete if and only if the abstraction is precise with respect to T P , that is if α(lf... |

5 |
An abstract interpretation framework for Semantics and Diagnosis of logic programs
- Comini
- 1998
(Show Context)
Citation Context ... verification and transformation methods. All the semantics proposed by this approach have been reconstructed (and systematically derived) as instances of a framework based on abstract interpretation =-=[9,8]-=-. The framework is based on a concrete semantics [11], which models SLD-trees and is formalized both denotationally and operationally. Let us introduce some notation. • B [G in P ] is the operational ... |

5 | Finite failure is and-compositional
- Gori, Levi
- 1997
(Show Context)
Citation Context ...successful derivations. Hence we cannot handle properties such as finite failure. Finite failure was shown to have some of the properties which are relevant to verification, e.g. AND-compositionality =-=[29]-=-. However, a fixpoint semantics correctly modeling finite failure in an AND-compositional way did not exist. Our approach is to derive such a semantics, by starting from a concrete traces semantics [2... |

5 | Finite Failure and
- Gori, Levi
- 1999
(Show Context)
Citation Context ...lure and is AND-compositional. Once we have a fixpoint semantics modeling finite failure, we can use the standard condition (2) as a sufficient condition for the correctness w.r.t. finite failure. In =-=[30]-=-, stronger verification conditions are generated, by using Ferrand’s approach [22], based on two specifications. Ferrand uses the standard ground immediate consequences operator T P , while the specif... |

4 | Proving properties of programs defined over recursive data structure
- Metayer
- 1995
(Show Context)
Citation Context ... polymorphic types, is described in [40]. Another example of a decidable specification language, oriented to the verification of functional programs (in a simple first order language) can be found in =-=[32]-=-. 9sExample 5.2 Let us consider the following naive sort, where we assume the procedure leq(X, Y ), which is successful if X and Y are numbers and X ≤ Y , and the procedure, perm(Xs, Ys), which return... |

4 | A first-order language for expressing aliasing and type properties of logic programs
- Volpe
- 2000
(Show Context)
Citation Context ..., freeness and sharing of terms. [35] contains also a decidable axiomatization for a fragment of the language. A decidable extension of the same language, including polymorphic types, is described in =-=[40]-=-. Another example of a decidable specification language, oriented to the verification of functional programs (in a simple first order language) can be found in [32]. 9sExample 5.2 Let us consider the ... |

2 |
It is declarative
- Drabent
- 1999
(Show Context)
Citation Context ...rs (s-semantics). The method is complete. It boils down to the previous method, whenever the properties, considered in the second abstraction step, are closed under instantiation (as, for example, in =-=[19]-=-). I/O and call correctness. Specifications are still pairs of pre- and postconditions. However, we prove also that the pre-conditions are satisfied by all the procedure calls. The right (denotational... |

2 | A fixpoint semantics for reasoning about finite failure
- Gori
- 1999
(Show Context)
Citation Context ...9]. However, a fixpoint semantics correctly modeling finite failure in an AND-compositional way did not exist. Our approach is to derive such a semantics, by starting from a concrete traces semantics =-=[28]-=-, which extends with infinite computations the traces semantics in [11], and by defining an abstract domain D ff , chosen so as to model finite failure and to make the abstract operator T ff P precise... |

2 | A Logic for Variable Aliasing in Logic Programs
- Marchiori
- 1994
(Show Context)
Citation Context ... verification method proposed by Deransart [18]. If the relation |= is decidable, we have an effective test to check the conditions. As an example, we can take the language of properties by Marchiori =-=[35,36]-=-, which allows us to express groundness, freeness and sharing of terms. [35] contains also a decidable axiomatization for a fragment of the language. A decidable extension of the same language, includ... |

2 |
Derivation of proof methods for logic programs by abstract interpretation
- Volpe
- 1998
(Show Context)
Citation Context ...ver, if the method is complete, then when our program is correct with respect to specification S, there exists a property R, stronger than S, which verifies the verification condition. We have proved =-=[34,41]-=- that, for verification conditions which have the form of condition (2) for a suitable α, the derived method is complete if and only if the abstraction is precise with respect to T P , that is if α(lf... |

1 |
Automatic verification of behavioral properties of prolog programs
- Charlier, Leclère, et al.
- 1997
(Show Context)
Citation Context ...der assertions in a suitable specification language, as we will do in Section 5. There exist other approaches to verification of logic programs, using abstract interpretation techniques. For example, =-=[12,31]-=- define a verification method for Prolog, which applies to specifications related to properties such as termination, and size-cardinality relations between inputs and outputs. 2 The issue of completen... |

1 | Design of Abstract Domains using First-order Logic
- Marchiori
- 1996
(Show Context)
Citation Context ... verification method proposed by Deransart [18]. If the relation |= is decidable, we have an effective test to check the conditions. As an example, we can take the language of properties by Marchiori =-=[35,36]-=-, which allows us to express groundness, freeness and sharing of terms. [35] contains also a decidable axiomatization for a fragment of the language. A decidable extension of the same language, includ... |