A Theory of Observables for Logic Programs · 2016. 12. 28. · Marco Comini and Giorgio Levi Dipartimento di Informatica, Universita di Pisa, Corso Italia 40, 56125 Pisa, Italy`

Information and Computation169, 23–80 (2001)doi:10.1006/inco.2000.3024, available online at http://www.idealibrary.com on

A Theory of Observables for Logic Programs

Marco Comini and Giorgio Levi

Dipartimento di Informatica, Universita di Pisa, Corso Italia 40, 56125 Pisa, ItalyE-mail: [email protected]; [email protected]

and

Maria Chiara Meo

Dipartimento di Matematica Pura ed Applicata, Universita di L’Aquila, via Vetoio, localita Coppito, 67010 L’Aquila, ItalyE-mail: [email protected]

Received July 1, 1998; revised March 1, 2000; published online

We define a semantic framework to reason about properties of abstractions ofSLD-derivations.The framework allows us to address problems such as the relation between the (top-down) opera-tional semantics and the (bottom-up) denotational semantics, the existence of a denotation for a set ofdefinite clauses and their properties (compositionality w.r.t. various syntactic operators, correctness,minimality, and precision). Using abstract interpretation techniques to model abstraction allows usto state very simple conditions on the observables which guarantee the validity of several generaltheorems. C© 2001 Academic Press

Key Words:SLD-derivations; semantics; compositionality; abstract interpretation.

1. INTRODUCTION

Definite logic programs have a very elegant declarative semantics, i.e., the least Herbrand model.However, some semantics-based techniques (such as program analysis, debugging and transformation)require more traditional semantics which are able to capture computational rather than declarativeproperties. Semantic definitions can be different in style, as in the case of the top-downSLD-resolutionoperational semanticsand the bottom-up fixpointdenotational semantics. They can be different becauseof some of their properties. For example,SLD-resolution isgoal-dependentsince it allows us to computea denotation for a given goal. The fixpoint semantics is insteadgoal-independent, since it provides adenotation for a set of procedure declarations.

Some important properties of a semantics can be described ascompositionalityproperties. Oneexample isOR-compositionality, which tells us that the denotation of a set of clauses can be obtainedby composing the denotations of the clauses. Most of the existing goal-independent semantics, suchas the standard fixpoint semantics, are notOR-compositional. However the most relevant difference isrelated to theobservablethe semantics is intended to model. An observable is any property which can beobserved in anSLD-tree. Some observables model declarative properties. An example is correct answersubstitutions. However, most useful observables model operational properties. Examples are resultants,proof trees, finite failures, computed answer substitutions, partial answers, call patterns, types, andgroundness dependencies.

Several ad-hoc semantics modeling various observables have been defined. These include correct an-swer substitutions [8, 24], computed answer substitutions [23], partial answers [22],OR-compositionalcorrect answers [30],OR-compositional computed answers [6], call patterns [29], proof trees [38, 39],and resultants [28]. In addition there are several semantics specifically designed for static programanalysis, which can handle various observables such as types and groundness dependencies.

A framework where one can define denotations modeling various observables (thus inheriting thebasic constructions and results) was given in [27], by defining the observables by means of equivalencerelations. More general semantic frameworks, which can also take into account approximation, canbe defined by usingabstract interpretation[17, 18], a theory which was developed to reason about

23

0890-5401/01 $35.00Copyright C© 2001 by Academic Press

All rights of reproduction in any form reserved.

24 COMINI, LEVI, AND MEO

the relation among different semantics, including the approximate semantics useful for static programanalysis. This is the approach taken in [10], where an observable is an abstraction according to abstractinterpretation theory, and in [31], where abstract interpretation is used to discuss the relation amongdifferent semantics.

In this paper we push forward the approach in [10] by defining a semantic framework1 whoseingredients are, as in the case of most abstract interpretation frameworks, a concrete semantics and anobservable. Our concrete semantics [15] modelsSLD-trees and is formalized both denotationally andoperationally. Its main properties (see Section 2.2) are

• equivalence between operational semantics and denotational semantics,

• existence of a goal-independent denotation for a set of definite clauses, defined in terms of atransition system, equivalent to the (denotational) fixpoint semantics,

• correctness and minimality (w.r.t.SLD-trees),AND-compositionality, andOR-compositionalityof the goal-independent denotations.

An observable (Section 3) is a Galois insertion between the domain ofSLD-trees and an abstractdomain describing the properties to be modeled. The abstract denotational definition, transition system,and goal-independent denotations are systematically derived from the concrete ones by replacing theconcrete semantic operators with their optimal abstract versions (Section 4).

The next step is the definition of a taxonomy of classes of observables. An observable belongs to aclass if it satisfies a set of conditions relating the concrete semantic operators and the Galois insertion.Once we have shown that an observable belongs to a given class, we know how to automatically derivethe “best” semantics and which are the properties of such a semantics. The properties we considerinclude precision, relation between abstract operational semantics and abstract denotational semantics,existence of a goal-independent denotation for a set of definite clauses, correctness, minimality, andcompositionality w.r.t. various syntactic operators.

The first class we consider is the one ofperfect observables(Section 5). We prove that perfectobservables are precise and have all the properties of the concrete semantics. We show that this classincludes resultants and proof trees.

For the class ofdenotational observables(Section 6), we can obtain the optimal abstract semanticsonly in a denotational way, by taking the optimal abstract version of the semantic operator definingthe denotation of the clauses (roughly speaking, the immediate consequences operator). The abstractoperational semantics is less accurate. We prove that denotational observables have a precise abstractdenotational semantics and that the abstract (goal-independent) denotation is correct, minimal, andAND-compositional. Therefore, by moving from perfect to denotational observables, we lose the precisionof the abstract transition system andOR-compositionality. We show that the class includes computedanswer substitutions and call patterns.

The third class of observables we study is the class ofsemi-denotational observables(Section 7),intended to model some of the properties useful for static program analysis, where we give up preci-sion to achieve termination in the construction of the abstract semantics. The semantics construction ofsemi-denotational observables is the same as that of denotational observables. We just lose the precisionof the abstract denotational semantics (which is in any case more accurate than the operational one). Weformally show that the class includes the domainPOS for groundness analysis and the domaindepth(k).

Finally, we consider the class ofsemi-perfect observables(Section 8) which allow us to handle ap-proximate semantics in an operational way and to model top-down program analysis. These observableshave all the properties of perfect observables apart from precision. In particular, they have equivalent op-erational and denotational semantics, and the (top-down and bottom-up) goal-independent denotationsareAND-compositional andOR-compositional. Let us just note that semi-perfect observables are essen-tially the observables which model top-down abstract interpretation frameworks (for example, [7, 41]).

In Section 9 we show how our results give some new insights into some classical controversial issues,such as top-down analysis versus bottom-up analysis and goal-dependence versus goal-independence.Finally, in Section 10, we discuss some practical applications (in particular to diagnosis and verification)and some extensions of the framework.

1 A preliminary version of the framework is described in [11].

THEORY OF OBSERVABLES FOR LOGIC PROGRAMS 25

2. PRELIMINARIES

In the following sections, we assume familiarity with the standard notions of logic programming asintroduced in [2] and [43].

We denote function composition by the symbol◦ and will often omit it. When clear from the context,the identity function on some domain will be denoted simply byId.

2.1. Logic Programming

Throughout the paper we assume programs and goals being defined on a first order language givenby a signature6 consisting of a finite setF of function symbols, a finite set5 of predicate symbolsand a denumerable setV of variable symbols.T denotes the set of terms built onF andV . Given asyntactic expressionE, var(E) is the set of the (free) variables ofE.

A substitution is a mappingϑ : V → T such that the setdom(ϑ) := {x | ϑ(x) 6= x} (domainof ϑ)is finite. ε is the empty substitution.range(ϑ) denotes the range ofϑ , i.e., the set{y | x 6= ϑ(x), y ∈var(ϑ(x))}. Ifϑ is a substitution andE is a syntactic expression,ϑ |E is the restriction ofϑ to the variablesin var(E). Thecompositionϑσ of the substitutionsϑ andσ is defined as functional composition. Asubstitutionϑ is calledidempotentif ϑϑ = ϑ or, equivalently, ifdom(ϑ)∩ range(ϑ) = ∅. A renamingis a (nonidempotent) substitutionρ for which there exists the inverseρ−1, such thatρρ−1 = ρ−1ρ = ε.

The preordering≤ (more general than) on substitutions is such thatϑ ≤ σ if and only if thereexistsϑ ′ such thatϑϑ ′ = σ . The result of the application of a substitutionϑ to a termt is an in-stanceof t and is denoted bytϑ . We definet ≤ t ′ (t is more general thant ′) if and only if thereexistsϑ such thattϑ = t ′. The relation≤ is a preorder (called subsumption) and by≡ we de-note the associated equivalence relation (variance). A substitutionϑ is a unifier of terms t and t ′

if tϑ = t ′ϑ . If two terms are unifiable then they have an idempotent most general unifier which isunique up to renaming. Thereforemgu(t1, t2) denotes any such an idempotent most general unifierof t1 and t2. All the above definitions can be extended to other syntactic expressions in the obviousway.

We restrict our attention to idempotent substitutions, unless explicitly stated otherwise. The set of allidempotent substitutions is denoted bySubst.

An atom is an object of the formp(t1, . . . , tn) wherep ∈ 5, t1, . . . , tn ∈ T . A goal is a sequence ofatomsA1, . . . , Am. The empty goal is denoted byh. The set of all atoms is denoted byAtomsand theset of all goals is denoted byGoals. We denote byG andB possibly empty sequences of atoms, byt, xtuples of, respectively, terms anddistinctvariables. Moreover, we denote byt both the tuple and the setof corresponding syntactic objects. Letx := x1, . . . , xn andt := t1, . . . , tn; in the following if, for anyi ∈ {1, . . . ,n}, xi 6= ti , then{x/t} denotes the substitution{x1/t1, . . . , xn/tn}. Moreover,B, B′ denotesthe concatenation ofB and B′. An atomic goal is calledpure if it is in the form p(x). By preds(B)we denote the set of predicates occurring inB.

A (definite)clauseis a formula of the formH ← A1, . . . , An with n ≥ 0, whereH (thehead) andA1, . . . , An (thebody) are atoms. “←” and “,” denote logical implication and conjunction respectively,and all variables are universally quantified. If the body is empty the clause is aunit clause. Aprogramisa finite set of (definite) clauses. Aqueryis the union of a goalG with a logic programP, here denotedby the formulaG in P.

Definite clauses have a natural computational reading based on the resolution procedure. The spe-cific resolution strategy calledSLDcan be described as follows. LetG := A1, . . . , Ak be a goal andc := H ← B be a (definite) clause.G′ is derivedfrom G andc by usingϑ if and only if there exists anatom Am, 1 ≤ m ≤ k, such thatϑ = mgu(Am, H ) andG′ = (A1, . . . , Am−1, B, Am+1, . . . , Ak)ϑ .An SLD-derivation (or simply a derivation) of the queryG in P consists of a (possibly infinite)sequence of goalsG0, G1, G2, . . . called resolvents, together with a sequencec1, c2, . . . of vari-ants of clauses inP which arerenamed apart2 and a sequenceϑ1, ϑ2, . . . of idempotentmgussuchthat G0=G and, for i ≥ 1, eachGi is derived fromGi−1 and ci by usingϑi . An SLD-refutationof G in P is a finite SLD-derivation ofG in P which has the empty goalh as the last goal inthe derivation and the composition of all themgus(restricted to the variables ofG) is a computed

2 That is, eachci is such that it does not share any variable withG0, c1, . . . , ci−1.


answer substitutionfor G in P. An SLD-treeof G in P is the prefix tree3 of all SLD-derivations ofGin P.

A selection rule Ris a function which, when applied to a “history” containing the goal, all theclauses and themgusused in the derivationG0,G1, . . . ,Gi , returns an atom inGi . Such an atom isthe selected atom inGi by R. In the following, for the sake of simplicity, we consider the PROLOGleftmost selection rule. All our results can be generalized to skeleton rules [28].

In the followingGϑ1→c1

· · · ϑn→cn

Gn, (n ≥ 0) denotes a (finite)SLD-derivation of goalG via the leftmost

selection rule. The derivation uses the renamed apart clausesc1, . . . , cn andϑ := (ϑ1 · · ·ϑn)|G is its(partial) computed answer substitution. We also denote byG

ϑ→P

∗B a finiteSLD-derivation ofG in Pvia the leftmost selection rule, whereϑ is the computed answer substitution andB is the last resolvent.

Given a derivationd, first(d) andlast(d) (if d is finite) are respectively the first and the last goal ofd. answer(d) is the (partial) computed answer substitution ofd (restricted to the variables offirst(d)).Computed answer substitutions are always restricted to the variables of the goal.length(d) denotes thelength of the derivation andclauses(d) denotes the sequence of clauses ofd. By an abuse of notation,we denote a zero-length derivation ofG by G itself.

In the paper we use standard results on the ordinal powers↑n of continuous functions on completelattices. Namely, given any monotonic operatorT on (C,v), T↑ω := tn<ωT↑n, T↑n+1 := T(T↑n)for n < ω, andT↑0 := ⊥C, where⊥C is the least element andt is thelub operation ofC. Moreover,if T is continuous, its least fixpoint isT↑ω.

We use the lambda notation to denote partial functions by allowing expressions in lambda-terms thatare not always defined. Hence a lambda expressionλx.E denotes a partial function which on inputxtakes the valueE[x] if the expressionE[x] is defined, otherwise it is undefined.g := f [v/x] denotesthe functiong such thatg(x) = v and∀y 6= x·g(y) = f (y). Furthermore⊥⊥ denotes the undefinedelement. For each setSwe assume that⊥⊥ ⊆ S,⊥⊥ ∪ S= Sand∅ 6⊆ ⊥⊥.

2.2. The Basic Semantics

In this section we summarize the main definitions and theorems of theSLD-trees semantics, exten-sively studied in [15]. This semantics is the concrete semantics in our abstraction framework. Thereforeits definition styles (denotational semantics and transition system) will be inherited by all the abstractsemantics. This will also be the case for some of the compositionality and equivalence properties statedat the end of this section.

A set of derivationsS is well-formedif and only if, for anyd in S, any prefix ofd is also inS.We denote byWFSthe complete lattice of well-formed sets of derivations, partially ordered by⊆. Awell-formed setS is apointwise variantof S′ if, for anyd ∈ S, there existsd′ ∈ S′, such thatclauses(d)≡ clauses(d′) and vice versa.

A collection Dis a partial functionGoals⇀WFSsuch that, for everyG ∈Goals, if D(G) is defined,then it is a well-formed set of derivationsall starting from the goalG. Hence a collection is a functionwhich associates to any goalG a (representation of) a partialSLD-tree ofG in P (if the collection ismaximal then theSLD-tree is complete).C is the domain of all the collections ordered byv, whereD v D′ if and only if ∀G. D(G) ⊆ D′(G). The partial order onC formalizes the evolution of thecomputation process. (C,v) is a complete lattice.

In order for the semantics not to depend upon variable names and on the specific unification algorithm,we define theequivalence modulo enhanced variance≡C on collections asD ≡C D′ if and only if, foranyG such thatD(G) is defined, there exists a variantG′ of G such thatD′(G′) is defined andD(G)is a pointwise variant ofD′(G′) and vice versa.

We are interested in defining a concept of interpretation to move syntax into semantics. Thus we haveto abstract from redundant information and variable names in goals.

DEFINITION 2.1. Apure collectionis a collection defined for pure atomic goals only. A pure collectionD is consistentwhen

3 The prefix treeof a set of possibly infinite sequencesW (all starting with the same element) is a tree which has as nodesall the elements of sequences inW (without repetitions) and whose branches link nodes which are consecutive elements of asequence inW.


1. for eachA, A′ ∈ Atomssuch thatA ≡ A′ and D(A), D(A′) are defined,D(A) is a pointwisevariant ofD(A′) and

2. if d, d′ ∈ D(A) andvar(d) ∩ var(d′) 6⊆ var(A) then eitherd is a prefix ofd′ or vice versa.

The set of consistent pure collections will be denoted byCC.

It is necessary to restrict our attention to consistent collections to ensure the correctness of thedefinition of interpretations. Given any pure collection, it is always possible to guarantee Point 2 ofDefinition 2.1, by renaming the local variables so to avoid any form of clash between variable namesinvolved in different derivations (i.e., derivations which are not one the prefix of the other).

DEFINITION 2.2. A consistent pure collectionD is uniform when, for anyA ∈ Atoms, if A′ ≡ Athen D(A) is defined if and only ifD(A′) is defined. We denote byUC the sub-lattice of all uniformconsistent pure collections.

Given any consistent pure collection, it is always possible to transform it in an element ofUC.Namely, for anyA ∈ Atomssuch thatD(A) is defined, we have only to duplicate, for any variantA′ ofA, in D(A′) all the information ofD(A) being careful of renaming the variablesvar(A) accordingly.

An interpretation (C-interpretation) is a uniform consistent pure collection modulo enhanced variance.We denote byIC the set of interpretations and, by abuse of notation, we denote the quotient order onIC by v. (IC,v) is a complete lattice. We denote the equivalence class (modulo enhanced variance)of a collectionσ by σ itself. Moreover, any interpretationI of IC is implicitly considered also as anarbitrary collection obtained by choosing an arbitrary representative (inUC) of I .

All the operators we use on interpretations are independent from the choice of the representative.4

Therefore, we can define any operator onIC in terms of its counterpart defined onUC ⊂ C, indepen-dently from the choice of the representative. Thus all the definitions are independent from the choice ofthe syntactic object. To simplify the notation, we denote the corresponding operators onIC andC bythe same name.

We define the denotational semantics inductively on the syntax5 of logic programs by using somebasic operations on derivations and collections described in the following.

1. Let d1, d2 be derivations such thatlast(d1) = first(d2) andvar(d1) ∩ var(d2) = var( first(d2)).Thend1 :: d2 denotes the concatenation ofd1 andd2.

2. Letd := G′0ϑ1→c1

· · · ϑ′k→

ck

G′k be a derivation andδ be an idempotent substitution such thatvar(G′0δ)∩var(clauses(d)) = ∅. Then∂δ(d) := G0

ϑ1→c1

· · · ϑh→ch

Gh where

• G0 := G′0δ and• for any 0< i ≤ k, if Gi−1 = (A, G) andci = H ← B then (if anmguexists)ϑi := mgu(A, H )

andGi := (B, G)ϑi .

Note that∂δ(d) is the derivation obtained by applying the substitutionδ to first(d) and by buildinga derivation as long as possible (until a failure in findingmgusoccurs) using the same clauses as ind.Thus, in particular,h ≤ k.

3. Letd1 := G′0ϑ1→c1

· · · ϑk→ck

G′k, d2 be derivations such thatG′′0 = first(d2) andvar(d1) ∩ var(d2) =var(G′0) ∩ var(G′′0). Thend1 ∧ d2 is defined as follows:

d1 ∧ d2 :=

(G′0,G

′′0)

ϑ1→c1

· · · ϑk→ck

(G′k,G′′0ϑ1 · · ·ϑk) if G′k 6= h(

(G′0,G′′0)

ϑ1→c1

· · · ϑk→ck

G′′0ϑ1 · · ·ϑk

):: ∂ϑ1···ϑk (d2) otherwise

4 By assuming that we rename local variables of the derivations (of the resulting collection) in order to ensure Point 2 ofDefinition 2.1.

5 QUERY::= GOAL in PROG;GOAL ::= h | ATOM,GOAL;PROG::= ∅ | {CLAUSE} ∪PROG;CLAUSE::= ATOM←GOAL.


Note thatd1 ∧ d2 is the derivation obtained by adding (a suitable instantiation of) the goalfirst(d2) toeach goal ind1 and then (ifd1 is a refutation) building a derivation as long as possible using the sameclauses as ind2.

Let D, D1, D2 be collections inC, G be a goal andA be an atom.The void collectionφ is the collectionλG.⊥⊥, i.e., the undefined function. Theidentity collection IdC

is the collection of zero-length derivations for each goal, i.e.,λG. {G}, while thepureidentity collectionIdI is the collectionλp(x). {p(x)}.6 Moreover, given a fixed goalG, φG denotes the collectionφ[{G}/G],i.e., the restriction ofIdI to the domain{G}.

The instantiationof D with A is

A · D := φ[S/A] whereS := {∂δ(d) | S′ is a renamed apart (fromA) version ofD(A′),

for someA′ ≤ A, d ∈ S′ and there existsδ such thatA = first(d)δ}.

Theproductof D1 andD2 is

D1× D2 := λG. {d1 ∧ d2 | (G1,G2) = G and fori ∈ {1, 2}, di is a renamed

version of an element inDi (Gi ), such thatfirst(di ) = Gi andd1 ∧ d2 is defined}.

The (compatible)extensionof D1 by D2 is

D1 x D2 := λG. D1(G) ∪ {d1 :: d2 | d1 ∈ D1(G),G2 ≡ last(d1) andd2 is a renamed

version of an element inD2(G2), such thatd1 :: d2 is defined}.

The x operator is extensive on the first argument, i.e.,D1 v D1 x D2.Thesumof a class{Dj } j∈J is

∑{Dj } j∈J := λG.⋃

j∈J D j (G) andD1+ D2 denotes∑{D1, D2}.

The treeoperation maps clauses to collections. Indeed every clausec := p(t)← B can be viewedas the “one step” interpretation (collection)

tree(c) := φ[ {

p(x), p(x){x/t}→

cB}/

p(x)],

wherex is a tuple of new distinct variables. Moreovertree can be extended to programs simply astree(P) := 6{tree(c)}c∈P.

Note that, for anyA ∈ AtomsandD, D′ ∈ C such thatD ≡C D′, A · D = A · D′.Now we can introduce the denotational and operational semantics, both defined in terms of the above

operators.

Denotational Semantics.The denotational semantics of queries is defined by induction on thesyntax.7

QvG in Pb := GvGblfpPvPb (1)

GvA,GbI := AvAbI × GvGbI GvhbI := φh (2)

AvAbI := A · I (3)

Pv{c} ∪ PbI := CvcbI + PvPbI Pv∅bI := IdI (4)

CvH ← BbI := tree(H ← B) xGvBbI . (5)

6 Note that when we writeλG.E we denote a total function which is defined onGoals, while withλp(x).E we denote a partialfunction which is defined only for inputs of the formp(x), where p ranges over any predicate letter in5, and is otherwiseundefined.

7 Note thatQv · b : QUERY→ C, Gv · b : GOAL→ (IC → C) · Av · b : ATOM→ (IC → C), Pv · b : PROG→ (IC → IC)andCv · b : CLAUSE→ (IC → IC).


In the following, to simplify the notation, given a pure collectionD, we define the parallel unfoldingpu(D) as

pu(D) :=∑{GvGbD}G∈Goals, (6)

pun(D) := pu(D x pu(D x pu(· · ·)))︸︷︷︸n

.8 (7)

Hence equation (4) can be expressed as

PvPbI = IdI + (tree(P) x pu(I )). (8)

Operational Semantics.The operational semantics of queries can be described in terms of a tran-sition systemT := (C, 7→

P).

D ∈ C, D 6= D x su(tree(P))

D 7→P

D x su(tree(P))

where, for any pure collectionD, the sequential unfoldingsu(D) is defined as

su(D) :=∑{(A · D)× IdC}A∈Atoms,

sun(D) := su(D) x · · ·x su(D)︸︷︷︸n

.9

Since we are interested in theSLD-tree of a queryG in P, we define itsbehavior(operational semantics)BvG in Pb by means of the reflexive and transitive closure7→

P

∗ of 7→P

.

BvG in Pb :=∑{D | φG 7→

P

∗ D}.

The specificity of this transition system is due to the fact thatwe have defined it using the same semanticoperators used in the denotational definition.

Program Denotation. The top-down SLD-trees denotationof a programP is the interpretationOvPb :=∑{Bvp(x) in Pb/≡C}p(x)∈Goals. Thefixpoint denotationof the programP is the interpretationFvPb := lfpPvPb.

Program denotations are strongly related to program equivalences. We define the equivalence≈ oftwo programsP1, P2 as the equivalence of the behaviors of the two programs, i.e.,P1 ≈ P2⇐⇒ ∀G ∈Goals.BvG in P1b = BvG in P2b. LetSvPb be a program denotation and∼ be a program equivalence.ThenSv · b is correctw.r.t.∼, if SvP1b = SvP2b⇒ P1 ∼ P2 andSv · b is minimalw.r.t.∼, if P1 ∼ P2⇒SvP1b = SvP2b. Note that if a semantics is correct and minimal then it is also the most abstract semanticsamong the correct ones.

Throughout the paper we use the following properties proved in [15].

LEMMA 2.1. ·,×, and x distribute over sums in (C,v).

THEOREM 2.1. Let A be an atom,G, G1, G2 be goals and P, P′ be programs. Then

1. BvA in Pb = A · OvPb. (the semantics of an atomic goal can be derived from the goal-independent denotation)

2. Bv(A,G) in Pb = BvA in Pb× BvG in Pb. (AND-compositionality)

3. P≈ P′ ⇐⇒ OvPb = OvP′b. (the goal-independent denotation is both correct and minimal)

4. OvPb = FvPb. (equivalence of the top-down and bottom-up goal-independent denotations)

5. BvG in Pb = QvG in Pb. (equivalence of the operational and denotational semantics)

8 Note thatpu1(D) := pu(D). We assume thatpu0(D) := φ.9 Note thatsu1(D) := su(D) and we assume thatsu0(D) := φ.


FIG. 1. The append program.

Property 1 is sometimes referred to ascondensingin the program analysis field. It essentially showsthat the behavior of any (atomic) goal can be derived from the goal-independent denotationOvPb, i.e.,from the behaviors of (finitely many) pure atomic goals. It is the property which allows us to takeOvPbasthesemantics of a program, without being concerned with the behaviors for all possible goals.

By using the extension operator we can define a semantic operator] which computes theOR-composition of two denotations. Namely, givenD1, D2 ∈ UC, D1 ] D2 := [D1+ D2]∗ where [D]∗ isthe least solution of the equation [D]∗ = IdI + ([D]∗ x su(D)), or (equivalently) the least fixpoint ofthe operatorHD(D′) := IdI + (D′ x su(D)).

THEOREM 2.2. Let P1, P2 be programs. ThenOvP1 ∪ P2b = OvP1b ] OvP2b andFvP1 ∪ P2b =FvP1b ] FvP2b. (OR-compositionality)

EXAMPLE 2.1. Consider the (minor modification10 of the well-knownappend) programP of Fig. 1.To simplify the notation, we will denote any functionf of the formφ[r1/v1] · · · [rn/vn ] by

f :=

v1 7→ r1

...vn 7→ rn

If f is justφ[r /v] we will denote it by f := v 7→ r . Furthermore byprefix(d) we denote the set of allSLD-derivations which are prefixes ofd.

We have

tree(P) = ap(x, y, z) 7→{

ap(x, y, z); ap(x, y, z){x/[ ] , y/v, z/v}

ap([ ], v, v)←→h;

ap(x, y, z){x/[l | u], y/t, z/[l | v]}

ap([l | u], t, [l | v]) ← ap(u, t, v)→ap(u, t, v)

}

pu(tree(P)) =

h 7→ {h}

ap([], y, z) 7→{

ap([], y, z); ap([], y, z){y/z, t/z}

ap([], t, t)←→h

}...

ap([], [a], x), ap(x, [] , z) 7→ prefix(ap([ ],[a], x), ap(x, [ ] , z){x/[a], t/[a]}ap([], t, t)←→

ap([a], [ ] , z){r/a, v/[] , y/[] , z/[a |w]}

ap([r | y], v, [r |w]) ← ap(y, v, w)→

ap([], [] , w))

ap([a], [l ], x), ap(x, [h], z) 7→ prefix(ap([a], [l ], x), ap(x, [h], z)

{y/[] , r/a, v/[l ], x/[a |w]}ap([r | y], v, [r |w]) ← ap(y, v, w)

→

ap([], [l ], w), ap([a |w], [h], z))...

10 We just shortened all predicates names to limit the size of the formulas.


su(tree(P)) =

h 7→ {h}

ap([ ], y, z) 7→{

ap([], y, z); ap([], y, z){y/z, t/z}

ap([ ], t, t)←→h

}...

ap([], [a], x), ap(x, [] , z) 7→ prefix(ap([],[a], x), ap(x, [] , z){x/[a], t/[a]}ap([], t, t)←→

ap([a], [] , z))

ap([a], [l ], x), ap(x, [h], z) 7→ prefix(ap([a], [l ], x), ap(x, [h], z)

{y/[ ] , r/a, v/[l ], x/[a |w]}ap([r | y], v, [r |w]) ← ap(y, v, w)

→

ap([ ], [l ], w), ap([a |w], [h], z))...

Consider now the goalG := ap([a], [l ], x), ap(x, [h], z). The denotation ofG in P is

QvG in Pb = GvGblfpPvPb

= Avap([a], [l ], x)blfpPvPb ×Avap(x, [h], z)blfpPvPb × φh

= (ap([a], [l ], x) · lfpPvPb)× (ap(x, [h], z) · lfpPvPb)

Since

PvPbI = IdI + (tree(P) x pu(I )) = tree(P) x (ap(u, t, v) · I )

and

lfpPvPb = ap(x, y, z) 7→{

ap(x, y, z); ap(x, y, z){x/[] , y/v, z/v}

ap([], v, v)←→h;

ap(x, y, z){x/[l | u], y/t, z/[l | v]}

ap([l | u], t, [l | v])← ap(u, t, v)→ap(u, t, v);

ap(x, y, z){x/[l | u], y/t, z/[l | v]}

ap([l | u], t, [l | v]) ← ap(u, t, v)→ap(u, t, v)

{u/[] , t/w, v/w}ap([], w,w)←→h;

. . .

},

then

ap([a], [l ], x) · lfpPvPb = ap([a], [l ], x) 7→ prefix

(ap([a], [l ], x)

{x/[a |w], v/[l ], y/[] , r/a}ap([r | y], v, [r |w]) ← ap(y, v, w)

→ap([], [l ], w){w/[l ], t/[l ]}ap([], t, t)←→h

)ap(x, [h], z) · lfpP[ P] = ap(x, [h], z) 7→ prefix

(ap(x, [h], z)

{x/[] , z/[h], y/[h]}ap([], y, y)← →h

)∪

prefix

(ap(x, [h], z)

{x/[l | y], t/[h], z/[l | v]}ap([l | y], t, [l | v]) ← ap(y, t, v)

→

ap(y, [h], v){y/[] , u/[h], v/[h]}

ap([],u, u)← →h

)∪ . . . .


FIG. 2. TheSLD-trees of Example 2.1.

Thus, the semantics ofG in P is

QvG in Pb = G 7→ prefix

(ap([a], [l ], x), ap(x, [h], z)

{x/[a |w], v/[l ], y/[] , r/a}ap([r | y], v, [r |w]) ← ap(y, v, w)

→

ap([], [l ], w), ap([a |w], [h], z){w/[l ], t/[l ]}ap([ ], t, t)←→

ap([a, l ], [h], z){o/a, v′/[l ], u/[h], z/[a | s]}

ap([o| v′], u, [o | s]) ← ap(v′, u, s)→

ap([l ], [h], s){o′/ l , v′′/[] , u′/[h], s/[l | s′]}

ap([o′ | v′′], u′, [o′ | s′]) ← ap(v′′, u′, s′)→

ap([], [h], s′){t ′/[h], s′/[h]}ap([], t ′, t ′)←→ h

).

See Fig. 2 for anSLD-tree representation.

2.3. Galois Insertions and Abstract Interpretation

Abstract Interpretation [17, 18] is a theory developed to reason about the abstraction relation betweentwo different semantics. The theory requires the two semantics to be defined on domains which arecomplete lattices. (C,v) (the concrete domain) is the domain of the concrete semantics, while (A,≤)(the abstract domain) is the domain of the abstract semantics. The partial order relations reflect anapproximation relation. The two domains are related by a pair of functionsα (abstraction) andγ(concretization), which form a Galois Insertion.

Galois insertions can be defined on preordered sets. However in this paper we restrict our attentionto lattices.

DEFINITION 2.3 ( Galois Insertion). Let (C,v) and (A,≤) be two posets (the concrete and the abstractdomain). AGalois insertion〈α, γ 〉 : (C,v) ⇀↽ (A,≤) is a pair of mapsα : C → A andγ : A→ Csuch that

1. α andγ are monotonic,

2. ∀x ∈ C. x v (γα)(x) and

3. ∀y ∈ A. (αγ )(y) = y.


Property 2 is calledextensivity(of γα), while Property 3 is (obviously) calledidentity(of αγ ). It isimportant to note that, for any Galois insertion〈α, γ 〉, α is surjective andγ is injective.

Given a concrete semantics and a Galois insertion between the concrete and the abstract domain, wewant to define an abstract semantics. The theory requires the concrete semantics to be the least fixpoint ofa semantic functionF : C→ C. An abstract semantic functionF : A→ A iscorrectif ∀x ∈ C.F(x) vγ (F(α(x))). F is in turn defined as composition of “primitive” operators. Letf : Cn→ C be one such anoperator and assume thatf is its abstract counterpart. Thenf is (locally)correctw.r.t. f if ∀x1, . . . , xn ∈C. f (x1, . . . , xn) v γ ( f (α(x1), . . . , α(xn))). The local correctness of all the primitive operators impliesthe global correctness. Hence, we can define an abstract semantics by defining locally correct abstractprimitive semantic functions. An abstract computation is then related to the concrete computation, simplyby replacing the concrete operators by the corresponding abstract operators. According to the theory, inthe presence of a Galois insertion, there is a unique most accurate11 (optimal) abstract counterpartf toany concrete operatorf given by f (y1, . . . , yn) = α( f (γ (y1), . . . , γ (yn))), which is (locally) correctand indeed “minimal” with respect to all locally correct abstractions off . However the composition ofoptimal operators is not necessarily optimal.

The optimal abstract operatorf is precise12 if it commutes with the abstraction, i.e.,

∀x1, . . . , xn ∈ C. α( f (x1, . . . , xn)) = f (α(x1), . . . , α(xn)), (9)

which is equivalent toα( f (x1, . . . , xn)) = α( f ((γα)(x1), . . . , (γα)(xn))).13 Thus the precision of theoptimal abstract operators can be expressed in terms of properties ofα,γ and the corresponding concreteoperator. The above definitions are naturally extended to “primitive” semantic operators from℘(C)to C.

Note that if∑

is thelub operation over (C,v) and〈α, γ 〉 is a Galois insertion, then∑ = α ◦∑ ◦γ

is thelub of (A,≤) and is precise (i.e.,∑ ◦ α = α ◦∑).

3. THE OBSERVABLES

The properties ofOvPb andFvPb in Section 2.2 allow us to claim that we have a good denotationmodelingSLD-trees. Our goal however is to find the same results for the denotations modeling moreabstract observables. We want then to develop a theory according to which the semantic properties ofSLD-trees of Section 2.2 are inherited by the denotations which model abstractions of theSLD-trees.We will model the abstractions by using the Abstract Interpretation theory [18].

An observable property domain is a set of properties of derivations with an ordering relation whichcan be viewed as an approximation structure. An observation consists of looking at anSLD-tree, andthen extracting some property (abstraction). Since anySLD-tree is (isomorphic to) a collection, anobservable is a function fromC to a suitable property domainD, which preserves the approximationstructure. Such a function must be a Galois insertion.

DEFINITION 3.1. Let (D,¹) be a complete lattice. A functionα : WFS→ D is adomain abstractionif there existsγ such that〈α, γ 〉 : (WFS,⊆) ⇀↽ (D,¹) is a Galois insertion.

Given an abstract domainD, we are generally interested in theabstract behaviorof all queries. Werepresent it by means of a partial functionf belonging to a suitable domainA⊆ [Goals⇀D]. Thusthe abstract behavior of a specific queryQ is f (Q). The elements ofA are calledA-collections. ThedomainA is ordered by the pointwise extension≤ of ¹ (the order ofD).

The insertion〈α, γ 〉 : (WFS,⊆) ⇀↽ (D,¹) can be systematicallylifted to collections by defining∀D ∈ C. α?(D) := λG ∈ Goals. α(D(G)),14 A := α?(C) and∀ f ∈ A. γ ?( f ) := λG ∈ Goals.

11 Given two correct abstract semantic functionsF, G : A→ A, F is more accuratethanG if ∀x ∈ A. F(x) ≤ G(x). ThusF is themost accurateif it is more accurate than all correct abstract semantic functions.

12 There is not presently an agreement on a name for what we call precision. For instance: [34] calls it full-completeness; [19,46] use the termα-completeness; while [20] use the termα-optimality for the same notion. We prefer to use the term precision,since completeness may be confused with the completeness of a semantics.

13 It is easy to prove that any abstract operator satisfying (9) is optimal and thus equal tof .


w fG(γ ( f (G))), wherew fG(S) is the greatest well-formed subset of any set of derivationsS, restrictedto the derivations starting fromG only. The pair〈α?, γ ?〉 : (C,v) ⇀↽ (A,≤) is a Galois insertion.Note that the domainA is induced byD andα. In the following, given an abstractionα, we will writeα? : C→ A implicitly referring to the uniquely induced domainA.

DEFINITION 3.2. Let (D,¹) be a complete lattice. The liftingα? of a domain abstractionα : WFS→D is anobservable, if αmaps finite elements ofWFSto finite elements ofD andα? satisfies

∀D, D′ ∈ CC. D ≡C D′ ⇒ (γ ?α?)(D) ≡C (γ ?α?)(D′) (10)

From now on we will often abuse notation and denoteα? byα. Furthermore, if there exists a bijectiveGalois insertion between two domains, we identify them.15

We can define anabstract enhanced variance relation≡A on A-collections as follows: for anyA-collectionsX, X′, X ≡A X′ ⇔ γ (X) ≡C γ (X′). We denote byUA (CA) the sub-latticeα(UC)(α(CC)). Elements ofUA will be called uniform consistent pureA-collections. AnA-interpretationisa uniform consistent pureA-collection modulo≡A. We denote by (IA,≤) the complete lattice ofA-interpretations with the induced quotient order. Equation (10) states that the observation does not dependon the choice of the variable names and on the choice of themgusused in the derivations. Namely, for anyD, D′ ∈ CC, D ≡C D′ impliesα(D) ≡A α(D′). Hence, for anyC-interpretationI , theA-interpretationα(I ) is well defined (is the equivalence class of the abstraction, by means ofα, of any representativeof I ).

Each observableα induces anobservational equivalence≈α on programs. NamelyP1≈α P2 if andonly if, for all G ∈ Goals,

α(BvG in P1b) = α(BvG in P2b), (11)

i.e., if P1 andP2 cannot be distinguished by looking at the abstraction of their concrete behaviors. Notethat the abstract behavior of a query, as defined in Section 4, will in general be less accurate than theabstraction of the concrete behaviorα(BvG in Pb), which is therefore sometimes referred to as themostaccurate abstract behavior.

EXAMPLE 3.1 (Computed Answer Substitutions). In order to define thecomputed answer substitutionobservableξ we must consider the domain (℘(Subst),⊆) and define the domain abstractionξ : WFS→℘(Subst) asξ (S) := {answer(d) | d ∈ S, last(d) = h}. This abstraction can be lifted to the abstractdomainAca⊆ [Goals⇀ ℘(Subst)] obtaining〈ξ, ξγ 〉 : C⇀↽ Aca, where

ξ (D) := λG. {answer(d) | d ∈ D(G), last(d) = h}.ξ γ (X) := λG. {d | first(d) = G, last(d) = h, answer(d) ∈ X(G)} ∪ {d | first(d) = G,

last(d) 6= h}.

ξ is an observable (the proof is in the appendix). Then we can define the abstract enhanced variancerelation≡Aca on Aca as mentioned before. By using the same arguments of the proof thatξ is anobservable, it is easy to check that, for anyX, X′ ∈ CAca, X ≡Aca X′ if and only if, for anyp(x), thereexistsp(y) such that (ifX(p(x)) is defined thenX′(p(y)) is defined and) for anyϑ ∈ X(p(x)), there

14 Remember that ifD(G) is undefined then alsoα(D(G)) is undefined.15 Let (A,≤) be a complete lattice ofA-collections. Each observableα : C→ A satisfies the following properties.

1. α maps finite elements ofC to finite elements ofA;

2. there existsγ : A→ C such that〈α, γ 〉 : (C,v) ⇀↽ (A,≤) is a Galois insertion;

3. (γα)(UC) ⊆ UC;

4. ∀D, D′ ∈UC. D ≡C D′ ⇒ (γα)(D) ≡C (γα)(D′).These conditions can be viewed as a (possibly) weaker definition of observable, since all the observables of Definition 3.2 satisfythem. All the results of the paper actually hold for these weaker assumptions, even if all the sensible observables we can think of(including the ones defined in the examples in the following) are indeed obtained by lifting a domain abstraction. The problemof the equivalence of the two definitions is interesting, yet is beyond of the scope of the present paper.


existsϑ ′ ∈ X′(p(y)) such thatp(x)ϑ ≡ p(y)ϑ ′ and vice versa. ThusP1 ≈ξ P2 if and only if, for anygoalG, G has the same computed answer substitutions inP1 and inP2.

4. FROM THE OBSERVABLES TO THE ABSTRACT SEMANTICS

Once we have an observableα :C→A, we want to systematically derive the abstract semantics. Theidea is to define the optimal abstract versions of the various semantic operators and then check underwhich conditions (on the observable) we obtain the optimal abstract semantics. This will allow us toidentify some interesting classes of observables.

We will start by defining the optimal abstract counterparts of the basic operators defined onC. Hence,∀X, X′, Xi ∈ A,

A · X := α(A · γ (X)), (12)

X × X′ := α(γ (X)× γ (X′)), (13)

X x X′ := α(γ (X) x γ (X′)), (14)∑{Xi }i∈I := α

(∑{γ (Xi )}i∈I

). (15)

Once we have the optimal abstract operators, we can define the corresponding abstract semantics,obtained from the denotational and operational semantics ofSLD-trees by replacing the basic semanticoperators by their optimal abstract versions.

Unfoldings

suα(X) :=∑{(A · X) ×α(IdC)}A∈Atoms (16)

puα(X) :=∑{GαvGbX}G∈Goals (17)

unfkP,α(X) :=

{unfk−1

P,α (X) x suα(α(tree(P))) if k > 0

X otherwise(18)

Denotational Semantics

QαvG in Pb := GαvGblfpPαvPb (19)

GαvA,GbX := AαvAbX ×GαvGbX GαvhbX := α(φh) (20)

AαvAbX := A · X (21)

Pαv{c} ∪ PbX := CαvcbX +PαvPbX Pαv∅bX := α(IdI) (22)

CαvH ← BbX := α(tree(H ← B)) xGαvBbX, (23)

FαvPb := lfpPαvPb. (24)

Operational Semantics

X ∈ A, X 6= X x suα(α(tree(P)))

Xα→P

X x suα(α(tree(P)))(25)

BαvG in Pb :=∑{

X | α(φG)α→P

∗X}

(26)

OαvPb :=∑{

Bαvp(x) in Pb/≡A}

p(x)∈Goals. (27)


Any A-interpretationX of IA is implicitly considered also as an arbitraryA-collection obtained bychoosing an arbitrary representative inUA of X. By the following Lemma 4.1 and a straightforwardstructural induction, all the semantic operators that we have just introduced onA-interpretations areindependent from the choice of the representative. This is the reason why we defined the operators onIA in terms of their counterparts defined onUA, independently from the choice of the representative.

LEMMA 4.1. Let X, X′ ∈ UA. If X ≡A X′ then A· X = A · X′.Proof. X ≡A X′ implies (by definition)γ (X) ≡C γ (X′) and therefore (sinceA · D = A · D′ for

D ≡C D′) A · γ (X) = A · γ (X′). Now (by applyingα) we obtainα(A · γ (X)) = α(A · γ (X′)) whichis the thesis.

Note that, by definition ofunfP,α,α→P

andBαv·b,

BαvG in Pb =∑{

unfkP,α(α(φG))

}k≥ 0 (28)

OαvPb =∑{[∑{

unfkP,α

(α(φP(x)

))}k≥0

]/≡A

}p(x)∈Goals

(29)

We are looking for conditions which guarantee that the abstract definitions of the denotations(Equations (19)–(27)) do not lead to a loss of precision. Depending on these conditions we can char-acterize various classes of observables. Note that these conditions will not be concerned with the sumoperation because it is precise w.r.t. any observable, since for any Galois insertion,

α(∑{Di }i∈I

)= α

(∑{(γα)(Di )}i∈I

). (30)

5. PERFECT OBSERVABLES

The first class of observables we consider is the one for which both the abstract denotational and theabstract operational semantics are precise. As a consequence, we can equivalently compute the abstractsemantics in a top-down and in a bottom-up way, by mimicking the concrete computations.

DEFINITION 5.1. Letα : C→ A be an observable. Thenα is aperfect observableif all the optimalabstract semantic operations ˜· , × and x are precise, i.e.,

α(A · D) = α(A · (γα)D), (31)

α(D1× D2) = α((γα)D1× (γα)D2), (32)

α(D1 x D2) = α((γα)D1 x (γα)D2). (33)

EXAMPLE 5.1 (Computed Resultants). Resultants are formulas of the formG← B, which representthe relation between the initial goal and any intermediate goal in anSLD-derivation. Resultants have beenintroduced to prove the correctness ofSLD-resolution [2]. A semantics based on computed resultantswas defined in [28]. LetResbe the set of resultants. Thecomputed resultantobservableχ : C→ Acr

is defined by the lifting of the domain abstractionλS.{Gϑ ← B | d ∈ S,G = first(d), B = last(d),ϑ = answer(d)} : WFS→ Reswhich is

χ (D) := λG.{Gϑ ← B | d ∈ D(G), B = last(d), ϑ = answer(d)},χγ (X) := λG.w fG({d | Gϑ ← last(d) ∈ X(G), ϑ = answer(d)}).16

The proof thatχ is an observable is analogous to the one given for computed answers in Example 3.1

16 Recall thatw fG(S) is the greatest well-formed subset of any set of derivationsS, restricted to the derivations starting fromG only.


and hence it is omitted. Moreover it can be shown thatχ andχγ satisfy the conditions of Definition 5.1.Hence computed resultants is a perfect observable.

EXAMPLE 5.2 (Partial Proof Trees). Another interesting observable which can be proved to be perfectis the partial proof tree observable. Partial proof trees are used in the construction of the Heytingsemantics [38, 39]. We will give now a brief description of partial proof trees. We refer to [39] forfurther details.

Partial proof trees are represented by terms formed from atoms and consequence functors,6′ :={`,⊥,′ ,′ }. ` is assumed to be binary non-associative, while comma is binary left-associative and⊥ isa constant. To avoid parentheses,` is assumed to bind tighter than comma. LetV∗ be a denumerableset of variables distinct fromV , which range over partial proof trees. TheHeyting base Hgis takento be the lattice completion (with bottom element⊥) of T(6′,V∗∪ Atoms), ordered by instantiation(namelyT ≤ T ′ if T ′ is more general thanT). We denote by∧ and∨ the meet and join operations ofthe lattice. Moreover represents an anonymous distinct variable ofV∗.

Given a partial proof treeT , by open(T) we denote the list of open subtrees ofT , taken from left toright. Furthermore byrepl(T, T ′, T ′′) we denote the tree which is obtained by replacing the subtreeT ′

of T by T ′′. For example, ifT is the partial proof tree (( C, true` D, È) ` A, `B), open(T) =[ `C; È; `B] andrepl(T, È, T ′ ` F) = (( `C, true` D, T ′ ` F) ` A, `B).

In order to define the abstraction on the domainAHg ⊆ [Goals⇀℘(Hg)] of partial proof treecollections we need first to define the abstraction of goals and clauses.

Ht(A1, . . . , An) := ` A1, . . . , ` An

Ht(H ← B) := Ht(B) ` H

where Ht(H←)= true` H . Then we can define the abstractionHt(d) of a derivation d:=G0 c1,...,cn

ϑ−→ Gn by an interative process.17 First of all, letT0 = Ht(G0). Then we build anyTi by usingTi−1 andci as follows,Ti := repl(Ti−1, car(open(Ti−1)),Ht(ci )) ∧ Ti−1, where thecar operator selectsthe first term of a list. The abstraction of the derivationd is thenHt(d) = Tnϑ .

The partial proof treeobservableζ : C → AHg is the lifting of the domain abstractionζ (S) ={Ht(d) | d ∈ S}. The proof thatζ : C → AHg is an observable is analogous to the one given forcomputed answers in Example 3.1 and hence it is omitted. Moreover it can be shown thatζ andζ γ

satisfy the conditions of Definition 5.1. Henceζ is a perfect observable.

Note that there exist observables which are not perfect. For example, the observableξ of Example3.1 is not a perfect observable, since axiom (33) does not hold.18

The following theorem shows that the abstract transition relation of perfect observables is precise.

THEOREM 5.1. Let α :C → A be a perfect observable and P be a program. Then∀D, D′ ∈ C.D 7→

P

∗D′ ⇒ α(D)α7→P

∗α(D′). Moreover,∀X′ ∈ A. α(D)α7→P

∗ X′ ⇒ ∃D′ ∈ C such that X′ = α(D′) and

D 7→P

∗D′.

Proof. In the following the notationD 7→P

n D′ (Xα7→P

n X′) means that the collectionD(X) results in

the collectionD′(X′) with at most ntransition steps7→P

(α7→P

). We prove the thesis by induction onn.

Base Case. Straightforward sinceD 7→P

0 D′ if and only if D = D′ andα(D)α7→P

0X′ if and only ifX′ = α(D).

Inductive Case. First of all observe that, sinceα is a perfect observable, for anyD′′ ∈ C,

α(D′′ x su(tree(P))) = α(D′′) x suα(α(tree(P))). (34)

17 Partial proof trees are independent from the selection rule. However, since we obtain them by abstractingSLD-trees via theleftmost selection rule, we will construct partial proof trees only from left to right.

18 Indeed considerD1 = φp(x) and D2 = q(y) 7→ {q(y),q(y) {y/a}q(a)→h}. We have ξ(D1 x D2) = p(x) 7→ ∅. The set((ξγ ξ )D1)(p(x)) contains all the derivationsd s.t. last(d)=q(y). Thusξ ((ξγ ξ )D1 x (ξγ ξ )D2) = p(x) 7→ {θ | dom(θ) ⊆ {x}}.


Now we prove the implication⇐. The proof of the other implication is analogous and hence it isomitted.

Assume thatD 7→P

n D′, with n > 0. Then, by definition of7→P

n, there existsD′′ ∈ C, such that

D 7→P

n−1D′′ 7→P

1D′′ x su(tree(P)). By inductive hypothesisα(D)α7→P

n−1α(D′′). Therefore, by definition

ofα7→P

1 and (34),α(D)α7→P

nα(D′′ x su(tree(P))).

We can now show that the operational semantics and the top-down denotation are indeed precise.

COROLLARY 5.1. Letα : C→ A be a perfect observable,G be a goal and P be a program. Then

1. α(B[[G in P]]) = Bα[[G in P]] ,

2. α(O[[ P]]) = Oα[[ P]] .

Proof. We prove the points separately.Point 1.

α(BvG in Pb [by definition ofBv · b and (30)]

= α(∑{

γα(D) | φG 7→P

∗ D})

[by Theorem 5.1]

= α(∑{

γ (X) | α(φG)α7→P

∗ X})

[by definition of∑

andBαv · b]

= BαvG in Pb.

Point 2.

α(OvPb) [by definition ofOv · b and (30)]

= α(∑{γα(B)vp(x) in Pb/≡C )}p(x)∈Goals

)[by (10)]

= α(∑{(γα(B)vp(x) in Pb))/≡C}p(x)∈Goals

)[by definition of≡A]

= α(∑{γ (α(Bvp(x) in Pb)/≡A )}p(x)∈Goals

)[by defintion of

∑and Point 1]

=∑{Bαvp(x) in Pb/≡A}p(x)∈Goals [by definition ofOαv · b]

= OαvPb.

We show now that all the properties ofSLD-trees stated in [15] hold for the abstract top-downdenotation for any perfect observable as well.

COROLLARY 5.2. Letα : C→ A be a perfect observable, A be an atom, G, G′ be goals and P, P′

be programs. Then

1. BαvA in Pb = A ·OαvPb,2. Bαv(G,G′) in Pb = BαvG in Pb ×BαvG′ in Pb,3. P≈α P′ ⇔ OαvPb = OαvP′b.

Proof. We prove the points separately.Point 1.

BvA in Pb [by Point 1 of Corollary 5.1]

= α(BvA in Pb [by Point 1 of Theorem 2.1 and (31)]

= α(A · γα(OvPb)) [by Point 2 of Corollary 5.1]

= α(A · γ (OαvPb)) [by definition of ·]= A · OαvPb.


Point 2. Analogous to the previous one and hence omitted.Point 3. By (11) and Point 1 of Corollary 5.1,

P ≈α P′ ⇐⇒ ∀G ∈ Goals. α(BvG in Pb) = α(BvG in P′b)⇐⇒∀G ∈ Goals.BαvG in Pb = BαvG in P′b.

Now the proof is analogous to the one of Corollary 12 in [15].19 By definition ofOαv · b, the minimality istrivial. The proof of the converse is by contradiction, by using Points 1 and 2 and by structural inductionon the goalG, such thatBαvG in Pb 6= BαvG in P′b. j

In order to express the abstractOR-compositionality we have to define the abstract version] of the]operator. GivenX1, X2 ∈ UA, X1 ] X2 := [X1 + X2]∗α, where [X]∗α is the least solution of the equation[X]∗α = α(IdI) + ( [X]∗α x suα(X)), or (equivalently) the least fixpoint of the continuous operator

HX(X′) := α(IdI) + (X′ x suα(X)). (35)

First we must establish the precision of [·]∗ w.r.t.α.

LEMMA 5.1. Letα : C→ A be a perfect observable and D∈ UC. Then[α(D)]∗α = α([D]∗).

Proof. Let X ∈ UA. Now we prove thatHα(D) ◦ α = α ◦HD.

Hα(D)(α(D′)) [by definition ofHα(D)]

= α(IdI) + (α(D′) x suα(α(D))) [by definition of+, x and sincesuα =α ◦ su◦ γ ]

= α(γα(IdI)+ γα(γα(D′) x γα(su(γα(D))))) [by Definition 5.1]

= α(IdI)+ (D′ x su(D))) [by definition ofHD]

= α(HD(D′)).

Now, since⊥A= α(⊥C) and by a straightforward inductive argument, for anyn ≥ 0,Hα(D)↑n =α(HD↑n). Then [α(D)]∗α = lfpAHα(D) = α(lfpCHD) = α([D]∗). j

COROLLARY 5.3. Letα : C→ Abe a perfect observable and P1, P2 be programs. ThenOαvP1∪P2b =OαvP1b ]Oα[ P2].

Proof. The following equivalences hold.

OαvP1b ]OαvP2b [by definition of]]

= [OαvP1b +OαvP2b]∗α [by Corollary 5.1 and by (30)]

= [α(OvP1b+OvP2b)]∗α [by Lemma 5.1]

= α([OvP1b+OvP2b]∗) [by definition of]]

= α(OvP1b ]OvP2b) [by Theorem 2.2]

= α(OvP1 ∪ P2b) [by Corollary 5.1]

= OαvP1 ∪ P2b. j

The following theorem shows that the abstract denotational semantics and the bottom-up denotationare precise.

THEOREM5.2. Letα : C→ A be a perfect observable, I ∈ IC, c be a clause, A be an atom, G be agoal and P be a program. Then

1. α(AvAbI ) = AαvAbα(I ),

2. α(GvGbI ) = GαvGbα(I ),

19 Corollary 12 in [15] states that, for any programP1 andP2, P1 ≈ P2⇐⇒ OvP1b = OvP2b.


3. α(CvcbI ) = Cαvcbα(I ),

4. α(PvPbI ) = PαvPbα(I ),

5. PαvPb is continuous onA andFαvPb = PαvPb↑ω,6. α(FvPb) = FαvPb,7. α(QvG in Pb) = QαvG in Pb.

Proof. We prove the points separately.

Point 1. By definition ofAv · b, ·,Aαv · b and by (31),α(AvAbI ) = α(A · I ) = α(A · γα(I )) =A · α(I ) = AαvAbα(I ).

Point 2. The proof is by induction onG. If G = h, by definition ofGv · b andGαv · b, α(GvhbI ) =α(φh) = Gαvhbα(I ). Otherwise letG = (A,G′). The following equivalences hold.

α(Gv(A,G′)bI ) [by definition ofGv · b]= α(AvAbI × GvG′bI ) [by (32)]

= α(γα(AvAbI )× γα(GvG′bI )) [by definition of×]

= α(AvAbI ) ×α(GvG′bI ) [by Point 1 and by inductive hypothesis]

= AαvAbα(I ) ×GαvG′bα(I ) [by definition ofGαv · b]= Gαv(A,G′)bα(I ).

Point 3. Let c = H ← B. Then

α(CvcbI ) [by definition ofCv · b]= α(tree(c) xGvBbI ) [by (33)]

= α(γα(tree(c)) x γα(GvBbI )) [by definition ofx]

= α(tree(c)) xα(GvBbI ) [by Point 2 and by definition ofCαv · b]= Cαvcbα(I ).

Point 4. Immediate by definition ofPv · b,Pαv · b and by Point 3.Point 5. Let {Xi }i∈I ⊆ A be a chain. Since

∑is thelub operation onA, we have to prove that∑{PαvPbXi

}i∈I = PαvPb∑{Xi }i∈I.

∑{PαvPbXi

}i∈I [by definition of∑

]

= α(∑{γ (PαvPbXi

)}i∈I

)[sinceXi = αγ (Xi ) and by Point 4]

= α(∑{

γα(PvPbγ (Xi )

)}i∈I

)[by (30)]

= α(∑{

PvPbγ (Xi )

}i∈I

)[sincePvPb is continuous]

= α(PvPb∑{γ (Xi )}i∈I) [by Point 4 and definition of

∑]

= PαvPb∑{Xi }i∈I.

Then apply Tarski’s theorem.Point 6. First of all note that, since (A,≤) is a complete lattice, there exists a bottom element

⊥A. Moreover, sinceα is monotonic andφ is the bottom element ofC, for any D ∈ C, α(φ) ≤ α(D)and then, sinceα is surjective,α(φ) =⊥A. Then, by Point 3 and a straightforward inductive argument,for anyn ≥ 0, α(PvPb↑n) = PαvPb↑n. Therefore, since

∑is thelub operation onC and

∑is thelub


operation onA,

α(FvPb) [by definition ofF v·b]= α(PvPb↑ω) [sincePvPb is continuous]

= α(∑

{PvPb↑n}n≥0

)[by (30) and definition of

∑]

=∑{α(PvPb↑n)}n≥0 [by the previous observation]

=∑{PαvPb↑n}n≥0 [by Point 5]

= FαvPb.

Point 7. By definition ofQv · b,Qαv · b and by Points 2 and 6,α(QvG in Pb) = α(GvGblfpP[[ P]] ) =GαvGbα(lfpP[[ P]]) = GαvGblfpPα [[ P]] = QαvG in Pb.

Finally, by using Theorem 5.2 and Corollaries 5.2 and 5.1, we can prove the equivalences betweenthe denotational and the operational semantics on one side, and between the top-down and bottom-updenotations on the other side.

COROLLARY 5.4. Letα : C→ A be a perfect observable,G be a goal and P,P′ be programs. Then

1. OαvPb = FαvPb,2. QαvG in Pb = BαvG in Pb,3. P≈α P′ ⇐⇒ FαvPb = FαvP′b.

There are several examples of interesting observables for whichx is not precise (for example—asalready mentioned—computed answers). Due to the imprecision of the low level operations, we can stilltry to define a more accurate semantics by choosing the optimal abstractions for a high level semanticoperation. In the denotational semantics, the operatorx is used only to define the semantic functionCv · b. In Section 6 we obtain a new class of observables by taking its optimal abstractionCv · b.

Now we make an assumption to simplify the notation of the following subsections. Consider a goalA1, . . . , An, an (abstract) interpretationX ∈ IA and an expression involvingX(A1), . . . , X(An). In thefollowing we assume that, for any occurrence ofX(Ai ), all the variables invar(X(Ai ))\var(Ai ) arerenamed apart from all the variables in any otherX(Aj ) in the expression. This can always be obtainedby choosing a suitable representative ofX.

5.1. Computed Resultant Semantics

We show now how to reconstruct the semantics modeling computed resultants (defined in [28]) bymeans of the observableχ of Example 5.1. In the appendix we prove that, by applying (12), (13), (14)and (15) the ˜·, x and× operations are

A · X = φ[R/A] whereR := {(A← B′)ϑ | R′ is a renamed apart (fromA) version ofX(A′),for someA′ ≤ A, H ′ ← B′ ∈ R′ andϑ = mgu(A, H ′)},

X1×X2 = λG. {((G1,G2)← B)ϑ | (G1,G2) = G, ∀i ∈ {1, 2}, ri = G′i ← Bi is a renamedversion of an element inXi (Gi ), via a renamingρi s.t. ρi |Gi= ε,var(G1, r1) ∩ var(G2, r2) ⊆ var(G1) ∩ var(G2),G1ϑ1 = G′1 and if B1 6= h thenϑ = ϑ1|G1, B = (B1,G2) elseB = B2, ϑ = ϑ1|G1 ◦mgu(G2ϑ1|G1,G

′2)},

X1 x X2 = λG. X1(G) ∪ {(G′ ← G3)ϑ | r1 = G′ ← G1 ∈ X1(G),G1 ≡ G2, r2 = G′2← G3

is a renamed version of an element inX2(G2), via a renamingρ s.t.G2ρ = G1,var(G, r1) ∩ var(r2) ⊆ var(G1),G1ϑ = G′2 anddom(ϑ) ⊆ var(G1)},


while the optimal∑

operation turns out to be point-wise union. The abstract semantic function is

Cvp(t)← BbX = λp(x). {p(x)← p(x)} ∪ {p(x)ϑ ← (Bk, B′′) | B = (B′, B′′), x are newvariables,∃k s.t.∀i < k. Ai ← h ∈ X(pi (xi )), Ak ← Bk ∈ X(pk(xk)),X(pj (x j )) is defined for anypj ∈ preds(B′′), ϑ := {x/t} ◦ ϑ ′,ϑ ′ := mgu(B′, (A1, . . . , Ak))}.

The abstract top-down denotation is

Oχ vPb = λp(x).{

p(x)ϑ ← B | p(x)ϑ→P

∗ B}/≡Acr

and coincides with the abstract bottom-up denotation and the abstraction of the top-down denotation,i.e.,Oχ vPb = Fχ vPb = χ (OvPb).

5.2. The Partial Proof Tree Semantics

We show now how to obtain the semantics modeling partial proof trees, by means of the observableζ of Example 5.2.

We first need to introduce some notation to get a compact presentation of the operations. Given a treeT , we denote by〈T〉nm the tree obtained by addingn anonymous tree variables to the left ofT andmanonymous tree variables to the right.

By applying (12), (13), (14) and (15), the ˜·, x and× operations are

A · X = φ[S/A] whereS := {T | T 6= ⊥, T = ( ` A) ∧ T ′ andT ′ is a renamedapart (fromA) version of an element inX(A′), for someA′ ≤ A},

X1 × X2 = λG.{T | T 6= ⊥, (G1,G2) = G, ∀i ∈ {1, 2},

Ti is a renamed version of an element inXi (Gi ), via a renamingρi s.t.ρi |Gi= ε,var(G1, T1) ∩ var(G2, T2) ⊆ var(G1) ∩ var(G2),G1 = A1, . . . , An,

G2 = B1, . . . , Bm and ifopen(T1) 6= nil thenT = Ht(G) ∧ 〈T1〉0m elseT = Ht(G) ∧ 〈T1〉0m ∧ 〈T2〉n0

},

X1 x X2 = λG. X1(G) ∪{

T | T 6= ⊥, T = T ′ ∧∧1≤i≤n repl(T ′, ` Ai , Ti ), T ′ ∈ X1(G),

open(T ′) = ` A1, . . . , ` An, X′2 is a renamed apart version ofX2 such that(T1, . . . , Tn) ∈ X′2(A1, . . . , An) and

var(G, T ′) ∩ var(T1, . . . , Tn) ⊆ var(A1, . . . , An)},

while the optimal∑

operation turns out to be point-wise union.The abstract semantic function is

Pζ vPbX = λp(x).{` p(x)

}∪{

T | c = p(t)← B1, . . . , Bn ∈ P, T = (T ′ ` p(t)) ∧ Ht(c),

T 6= ⊥, x are new variables,∃k s.t.∀i ≤ k. Ti ∈ X(pi (xi )),∀ j < k. open(Tj ) = nil, X(ph(xh)) 6= ∅ is defined for any

ph ∈ preds(Bk+1, . . . , Bn) andT ′ =Ht(B1, . . . , Bn) ∧∧1≤i≤k〈Ti 〉i−1n−i

}.

Sinceζ is perfect, the abstract bottom-up denotationFζ vPb, the abstract top-down denotationOζ vPband the abstraction of the top-down denotationζ (OvPb) coincide.

Let us finally note that theHeyting semantics[38, 39] can be obtained by collecting fromOζ vPb allcomplete proof trees (trees which do not contain anonymous tree variables). An observableα whichmodels complete proof trees can be easily defined using a construction analogous to this one, but it isno longer perfect, yet it is denotational (denotational observables are introduced in the next section).It turns out that itsPαvPb operator is isomorphic to theHgTP operator of [39] and that the bottom-updenotationFαvPb models the Heyting semantics ofP.


6. DENOTATIONAL OBSERVABLES

We relax the optimality condition of axiom (33) and admit ax operator which is not necessarilyprecise.

DEFINITION 6.1. Letα : C→ A be an observable. Thenα is adenotational observableif

α(A · D) = α(A · (γα)D), (36)

α(D × D′) = α((γα)D × (γα)D′), (37)

α(D x D′) = α(D x (γα)D′). (38)

The following theorems show that, under these conditions, we can just replaceCαv · b by the optimalabstractionCv · b of Cv · b to make the semantic definition precise.20

Cvcb := α ◦ Cvcb ◦ γ. (39)

With this new semantic operator we can define a more accurate denotational semantics, simply byreplacing equation (22) withPαv{c} ∪ PbX := CvcbX +PαvPbX. Then, if we replaceCαv · b by Cv · b inits statement, Theorem 5.2 also holds for denotational observables.

THEOREM 6.1. Letα : C→ A be a denotational observable,I ∈ IC, c be a clause,A be an atom,G be a goal and P be a program. Then

1. α(AvAbI ) = AαvAbα(I ),

2. α(GvGbI ) = GαvGbα(I ),

3. α(CvcbI ) = Cvcbα(I ),

4. α(PvPbI ) = PαvPbα(I ),

5. PαvPb is continuous onA andFαvPb = PαvPb↑ω,6. α(FvPb) = FαvPb andα(QvG in Pb) = QαvG in Pb.

Proof. We prove only Point 3. The proof of the other statements is analogous to those of Theorem5.2 (by using Definition 6.1 and the definition ofCv · b instead of Definition 5.1 and the definition ofCαv · b, respectively) and therefore it is omitted. Letc be the clauseH ← B. Then

α(CvcbI ) [by definition ofCv · b and by (38)]

= α(tree(c) x γα(GvBbI )) [by Point 2]

= α(tree(c) x γ (GαvBbα(I ))) [sinceα(I ) = αγα(I ) and by Point 2]

= α(tree(c) x γα(GvBbγα(I ))) [by (38) and by definition ofCv · b]= Cvcbα(I ). j

As a consequence of the above theorem, the abstract denotational semantics and the bottom-up de-notation are precise. In particular, sinceFαvPb = α(FvPb),Fαv · b is correct and minimal w.r.t.α.Remember that theAND-compositionality property ofQαv · b follows by construction.

COROLLARY 6.1. Let α : C → A be a denotational observable and P,P′ be programs. ThenP ≈α P′ ⇐⇒ FαvPb = FαvP′b.

Proof. By (11), Point 5 of Theorem 2.1 and Point 6 of Theorem 6.1,

P ≈α P′ ⇐⇒ ∀G ∈ Goals. α(BvG in Pb) = α(BvG in P′b)⇐⇒∀G ∈ Goals. α(QvG in Pb) = α(QvG in P′b)⇐⇒∀G ∈ Goals.QαvG in Pb = QαvG in P′b.

20 Note that if a denotational observableα is also perfect, thenCv · b = Cα v · b.


Now the proof is analogous to the one of Corollary 12 in [15], by usingQα[[ ·]] and Fα[[ ·]] insteadof Bα[[ ·]] andOα[[ ·]], respectively. By definition ofFα[[ ·]], the minimality is trivial. The proof of theconverse is by contradiction, by using theAND-compositionality property ofQα[[ ·]] and by structuralinduction on the goalG, such thatQα[[G in P]] 6= Qα[[G in P′]].

THEOREM 6.2. Letα be a denotational observable. Then

1. FαvPb ≤ OαvPb;2. QαvG in Pb ≤ BαvG in Pb.


Point 1. First of all observe that, by Point 4 of Theorem 6.1,α(FvPb) = FαvPb and, by Point 4of Theorem 2.1,OvPb = FvPb. Then the proof follows by observing that, sinceOαvPb is correct,α(OvPb) ≤ OαvPb.

Point 2. First of all observe that by Point 6 of Theorem 6.1,α(QvG in Pb) = QαvG in Pb andby Point 5 of Theorem 2.1,QvG in Pb = BvG in Pb. Then the proof follows by observing that, sinceBαvG in Pb is correct,α(BvG in Pb) ≤ BαvG in Pb. j

6.1. The Computed Answer Observable and the s-Semantics

We show now how to reconstruct thes-semantics [23, 5] by means of the observableξ of Example3.1. We can prove thatξ is indeed a denotational observable. By using a simplifcation of the argumentsof Example 5.1, it can be proved that the abstract operation

∑turns out to be point-wise union while ˜·

and× are

A · X = φ[2/A

]where2 := {ϑ | 〈H,2′〉 is a renamed apart (fromA) version of

〈A′, X(A′)〉, for someA′ ≤ A, ϑ ′ ∈ 2′ andϑ = mgu(A, Hϑ ′) |A},X1 × X2 = λG. {ϑ | (G1,G2) = G, for i ∈ {1, 2}, ϑi is a renamed version of an

element inXi (Gi ), via a renamingρi s.t.ρi |Gi= ε,

var(G1, ϑ1) ∩ var (G2, ϑ2) ⊆ var(G1) ∩ var(G2)ϑ := (ϑ1 ◦ mgu(G2ϑ1,G2ϑ2))|G}.

The optimal abstract semantic functionC[[ ·]] is

Cvp(t)← BbX = λp(x). {ϑ | x are new variables,ϑi ∈ X(pi (xi )) andϑ := ({x/t} ◦mgu(B, (p1(x1)ϑ1, . . . , pn(xn)ϑn))) |x}.

The abstraction of the top-down denotation is

ξ (OvPb) = λp(x).{ϑ | p(x)

v→P

∗h

}/≡Aca

= Fξ vPb

and is isomorphic to the top-down definition of thes-semantics. Indeed it is easy to see that it is justa matter of representation. In thes-semantics case, the substitution is simply applied to the pure atom,while in our case, given the pure atom, the corresponding substitution is returned. The same isomorphismholds between the abstract semantic function

Pξ vPbX = λp(x). {ϑ | p(t)← B ∈ P, x are new variables,ϑi ∈ X(pi (xi )) andϑ = ({x/t} ◦ mgu(B, (p1(x1)ϑ1, . . . , pn(xn)ϑn)))|x}

and the immediate consequences operator of thes-semantics. From Theorem 6.1 we can derive theusual properties of thes-semantics, namely thatFξ vPb is correct and minimal w.r.t. computed answers


and that the answers computed for any goal can be obtained from the answers computed for pure atomicgoals.

6.2. Call Pattern Semantics

The call patterns (with state) of a programP for a goalG are the atoms selected in anySLD-derivation ofG in P, together with the corresponding partial computed answer substitution. A callpattern semantics was defined in [27] and used as a basis of call pattern analysis in [26]. We consider thedomainCp := ℘(Atoms× Subst). For anyX ∈ Cp, the interpretation of〈C, ϑ〉 ∈ X is “the executiongenerates a procedure callC with state (partial computed answer substitution)ϑ”. Note thatC can beh. The (lifting of the) abstraction which allows us to obtain the call patterns is

η(D) := λG. {〈C, ϑ〉 | d ∈ D(G), last(d) = (C, B), ϑ = answer(d) andB 6= h⇒ C 6= h}.ηγ (X) := λG. wfG({d | last(d) = (C, B), 〈C, answer(d)〉 ∈ X(G) andB 6= h⇒ C 6= h}).

The axioms (36), (37), (38) are satisfied, henceη is a denotational observable. The operation∑

turnsout to be point-wise union while ˜· and× are:

A · X = φ[R/A] whereR := {〈Cϑ, ϑ |A〉 | 〈H, R′〉 is a renamed apart (fromA) version of〈A′, X(A′)〉, for someA′ ≤ A, 〈C, ϑ ′〉 ∈ R′, ϑ := mgu(A, Hϑ ′)},

X1×X2 = λG. {〈C, ϑ〉 | (G1,G2) = G, for i ∈ {1, 2}, ri = 〈Ci , ϑi 〉 is a renamedversion of an element inXi (Gi ) via a renamingρi s.t.ρi |Gi = ε,var(G1, r1) ∩ var(G2, r2) ⊆ var(G1) ∩ var(G2) and ifC1 6= h then〈C, ϑ〉 := 〈C1, ϑ1〉 elseϑ := (ϑ1 ◦mgu(G2ϑ1,G2ϑ2))|G,C := C2ϑ}.

The abstract semantic function is

Cvp(t)← BbX = λp(x).{〈p(x), ε〉} ∪ {〈Cϑ ′, ϑ〉|B = (B′, B′′), x are new variables,∃k s.t.∀i < k. 〈h, ϑi 〉 ∈ X(pi (xi )), 〈C, ϑk〉 ∈ X(pk(xk)), X(pj (x j )) 6= ∅ is definedfor any pj ∈ preds(B′′), ϑ := ({x/t} ◦ ϑ ′)|x,ϑ ′ := mgu(B′, (p1(x1)ϑ1, . . . , pk(xk)ϑk)) andB′′ 6= h⇒ C 6= h}.

The proof thanη : C→ Acp is an observable and that the operations are those defined is analogous tothat one given for the previous observables and therefore it is omitted.

7. SEMI-DENOTATIONAL OBSERVABLES

Semi-denotational observables are intended to model some of the properties useful for static programanalysis, where approximation plays a major role and we are forced to give up precision to achievetermination in the construction of the abstract semantics. The concrete semantics and most abstractsemantics cannot in general be effectively computed, since the least fixpoint can only be reached inω

steps. If the abstract domain is noetherian, the least fixpoint can be reached in finitely many steps. Theresulting abstract semantics can therefore effectively be used for static program analysis. This is usuallypossible only if we use approximations of (generally undecidable) properties.

This topic is very relevant to machine-oriented validation and diagnosis. Abstract diagnosis is con-cerned with the task of verifying a program (and possibly finding bugs) w.r.t. computations over anabstract domain. This operation is generally unfeasible on a generic domain, since we can have non-termination. Following our approach we can approximate the desired property by using a simplerobservable which is defined on a suitable noetherian domain, where the operations become feasible.Thus our approach to approximate semantics can be used as a tool to bring techniques, which are typicalof the program analysis field, into the debugging and verification fields.


In order to deal with approximation, we relax the optimality conditions of denotational observablesaxioms to admit non-precise ˜· , × and x operators. However, we guarantee that weak21 (compo-sitionality) properties are still satisfied. Hence every denotational observable is a semi-denotationalobservable, but the converse does not hold.

DEFINITION 7.1. An observableα : C → A is semi-denotationalif, for any A ∈ Atoms,D′, D′′ ∈C, D ∈UC,G ∈ Goalsand chain{Dj } j∈J ⊆ UC the following properties hold.

· and × distribute over∑, (40)

α(A · γα(IdI)) = α(A · IdI) = α(φA), (41)

α(γα(D′) x γα(IdC)) = α(D′ x IdC) = α(D′), (42)

α(γα(D′)× γα(φG)) = α(D′ × φG), (43)

α(γα(D′) x γα(su(γα(D)))) = α(γα(D′) x su(γα(D))), (44)

α(

D x pu(γα

(∑{Dj } j∈J

)))= α

(D x pu

(∑{γα(Dj )} j∈J

)), (45)

α(γα(D′)× γα(γα(D′′) x su(γα(D)))) = α(γα(D′)× (γα(D′′) x su(γα(D)))), (46)

α(A · γα(γα(D′) x su(γα(D)))) = α(A · (γα(D′) x su(γα(D)))), (47)

α(γα(D′) x γα(γα(D′′) x su(γα(D)))) = α(γα(D′) x (γα(D′′) x su(γα(D)))). (48)

The intuition behind the axioms of this definition is that once the closureγα has been applied, all theexpressions involving it and the concrete operators are insensible to further closures. This also meansthat the precision is lost in the first closure step only.

This definition is quite involved because it uses the weakest version of the axioms we can think of,although there are lots of possible strongest conditions which are easier to check, as is the case in ourexamples.

The following theorem shows that under these conditions (as in the denotational case) we can justreplaceCαv · b by the optimal abstract versionCv · b of Cv · b (see (39)) to make the definition of theabstract denotational semantics as accurate as possible (and definitely more accurate than the operationalversion).

THEOREM 7.1. Letα : C→ A be a semi-denotational observable and X∈ UA. Then

1. PαvPbX = α(PvPbγ (X))

2. PαvPb is continuous onA andFαvPb = PαvPb↑ω.


Point 1. The proof is straightforward by definition ofCv · b, by (30) and by definition ofPαv · band hence is omitted.

Point 2. Let {Xi }i ∈ I ⊆ UA be a chain. Since∑

is thelub operation onUA, we have to provethat

∑{PαvPbXi}i∈I = PαvPb∑{Xi }i∈I

. The following equalities hold.

∑{PαvPbXi

}i∈I [by definition of

∑and Point 1]

= α(∑{

γα(PvPbγ (Xi )

)}i∈I

)[by (30)]

= α(∑{

PvPbγ (Xi )

}i∈I

)[sincePvPb is continuous]

= α(PvPb∑{γ (Xi )}i∈I

)[by (8) and (30)]

21 By weak properties we mean that we cannot ensure the precise properties of Sections 5 and 6, but we can ensure theirapproximated formulation, where we replace the equality symbol by inequality. For example,α(F [[ P]]) = Fα [[ P]] becomesα(F [[ P]]) ≤ Fα [[ P]].


= α(IdI + γα

(tree(P) x pu

(∑{γ (Xi )}i∈I

)))[by (45) and sinceαγ = Id]

= α(IdI + γα

(tree(P) x pu

(γα

(∑{γ (Xi )}i∈I

)))[by (30) and (8)]

= α(PvPbγα(∑{γ (Xi )}i∈I )

)[by Point 1]

= PαvPbα(∑{γ (Xi )}i∈I )

)[by definition of

∑]

= PαvPb∑{Xi }i∈I.

Then apply Tarski’s theorem.j

LEMMA 7.1. Letα : C→ A be a semi-denotational observable,X ∈ A and D′ ∈ C.

1. α(γα(D′)× γα(IdC)) = α(D′ × IdC),

2. suα(X) = α(su(γ(X))),

3. α(su(γα(IdI))) ≤ α(IdI).


Point 1.

α(γα(D′)× γα(IdC)) [by definition ofIdC and (30)]

= α(D′) ×∑{α(φG)}G∈Goals [by (40)]

=∑{α(D′) ×α(φG)}G∈Goals [by definition of × and (43)]

=∑{α(D′ × φG)}G∈Goals [by definition of

∑and (30)]

= α(∑{D′ × φG}G∈Goals

)[by Lemma 2.1]

= α(

D′ ×∑{φG}G∈Goals

)[by definition ofIdC]

= α(D′ × IdC).

Point 2.

suα(X) [by definition ofsuα]

=∑{(A · X) ×α(IdC)}A∈Atoms [by definition of

∑, · and ×]

= α(∑{γα(γα(A · γ (X))× γα(IdC))}A∈Atoms

)[by Point 1]

= α(∑{γα((A · γ (X))× IdC)}A∈Atoms

)[by (30)]

= α(∑{(A · γ (X))× IdC}A∈Atoms

)[by definition ofsu]

= α(su(γ(X))).

Point 3.

α(su(γα(IdI))) [by definition ofsuand (30)]

= α(∑{γα((A · γα(IdI))× IdC)}A∈Atoms

)[by Point 1 and (41)]

= α(∑{γα(γα(A · IdI)× γα(IdC))}A∈Atoms

)[by Point 1 and (30)]

= α(∑{(A · IdI)× IdC}A∈Atoms

)[by definition ofIdC]

≤ α(IdC). j


LEMMA 7.2. Letα : C→ A be a semi-denotational observable,X ∈ A and k, n ≥ 0.

1. α(su(γunfkP,α(α(IdI)))) ≤ unfk

P,α(α(IdC)),

2. X x unfkP,α(α(IdC)) ≤ unfk

P,α(X),

3. sun(γunfkP,α(α(IdI))) v γ (unfkn

P,α(α(IdC))).


Point 1. The proof is by induction onk. Fork = 0 the proof is immediate by definition ofunf0P,α

and by Point 3 of Lemma 7.1. Forn > 0 the following facts hold.

α(su(γunfk

P,α(α(IdI))))

[by definition ofunfkP,α]

= α(su(γ(unfk−1

P,α (α(IdI)) x suα(α(tree(P))))))

[by definition ofsu]

= α(∑{(

A · γ (unfk−1P,α (α(IdI)) x suα(α(tree(P)))

))× IdC}

A∈Atoms

)[by definition of x , by Point 2 of Lemma 7.1, and by (44)]

= α(∑{(

A · γα(γunfk−1P,α (α(IdI)) x su(γα(tree(P)))

))× IdC}

A∈Atoms

)[by Point 1 of Lemma 7.1 and (30)]

= α(∑{

γα(γα(A · γα(γunfk−1

P,α (α(IdI)) x su(γα(tree(P)))))× IdC

)}A∈Atoms

)[by (47)]

= α(∑{

γα(γα(A · (γunfk−1

P,α (α(IdI)) x su(γα(tree(P)))))× IdC

)}A∈Atoms

)[by (30), Point 1 of Lemma 7.1, and definition ofsu]

= α(su(γ(unfk−1

P,α (α(IdI)))

x su(γα(tree(P)))))

[by Lemma 13 in [15] and sinceα is monotonic]

≤ α(su(γ(unfk−1

P,α (α(IdI))))

x su(γα(tree(P))))

[by inductive hypothesis, by Point 2 of Lemma 7.1, and sinceγα is extensive]

≤ unfk−1P,α (α(IdC)) x suα(α(tree(P)))


= unfkP,α(α(IdC)).


Point 2. The proof is by induction onk. Fork = 0 the proof is immediate by definition ofunf0P,α

and by (42). Forn > 0 the following facts hold.

X x unfkP,α(α(IdC))


= X x(unfk−1

P,α (α(IdC)) x suα(α(tree(P))))

[by definition of x and Point 2 of Lemma 7.1]

= α(γ (X) x γα(γ(unfk−1

P,α (α(IdC)))

x γα(su(γα(tree(P))))))

[by (44) and (48)]

= α(γ (X) x(γ(unfk−1

P,α (α(IdC)))

x su(γα(tree(P)))))

[by using the same argument of the proof of Lemma 6 in [15] and sinceα is monotonic]

≤ α((γ (X) x γ(unfk−1

P,α (α(IdI))))

x su(γα(tree(P))))

[by inductive hypothesis, by definition ofx and sinceγα is extensive]

≤ α(γ (unfk−1P,α (X)

)x su(γα(tree(P)))

)[by definition of x and by Point 2 of Lemma 7.1]

≤ unfk−1P,α (X) x suα(α(tree(P)))


= unfkP,α(X).

Point 3. The proof is by induction onn. For n = 0 the proof is immediate by defintion ofsu0.For n > 0 the following facts hold.

sun(γunfk

P,α(α(IdI)))

[by definition ofsun]

= sun−1(γunfk

P,α(α(IdI)))

x su(γunfk

P,α(α(IdI)))

[by inductive hypothesis, by Point 1, sinceγ is monotonic andγα is extensive]

v γ (unfk(n−1)P,α (α(IdC))

)x γ

(unfk

P,α(α(IdC)))

[sinceγα is extensive and by definition ofx]

v γ (unfk(n−1)P,α (α(IdC)) x unfk

P,α(α(IdC)))

[by Point 2 and sinceγ is monotonic]

v γ (unfkP,α

(unfk(n−1)

P,α (α(IdC))))



= γ (unfknP,α(α(IdC))

). j

LEMMA 7.3. Letα : C→ A be a semi-denotational observable. Then

α(OvPb) ≤ FαvPb ≤ OαvPb.

Proof. The proof of the first inequality is straightforward by correctness ofFαvPb and by Point 4 ofTheorem 2.1. For the second inequality we prove, by induction onn, that∀n ≥ 0.PαvPb↑n ≤ OαvPb.Then the thesis follows by continuity ofPαvPb and by definition ofFαvPb.

First of all observe that sincex is monotonic and∑

is the lub operation onA, for any Xi , X ∈A,∑{Xi x X}i∈I ≤

∑{Xi }i∈I x X. Then, by a straightforward inductive argument and by (29),

OαvPb ≤[∑{

unfkP,α(α(IdI))

}k≥0

]/≡A. (49)

Now, we can prove that∀n ≥ 0.PαvPb↑n ≤ OαvPb.

(n = 0) Straightforward, since by definition of↑0,PαvPb↑0= ⊥A.(n > 0) The following facts hold.

PαvPb↑n

[by definition of·↑n]

= PαvPbPα [[ P]]↑n−1

[by Point 1 of Theorem 7.1 and by (8)]

= α(IdI + (tree(P) x pu(γ(PαvPb↑n−1))))

[by inductive hypothesis and by (49)]

≤ α(IdI +

(tree(P) x pu

(γ∑{

unfkP,α(α(IdI))

}k≥0

)))[by definition of

∑and by (45)]

= α(IdI +

(tree(P) x pu

(∑{γ(unfk

P,α(α(IdI)))}

k≥0

)))[by Lemma 2.1]

= α(∑{

IdI +(tree(P) x pu

(γ(unfk

P,α(α(IdI)))))}

k≥0

)[by definition of x andIdI and sincex is extensive]

= α(∑{

(IdI x su(tree(P))) x pu(γ(unfk

P,α(α(IdI))))}

k≥0

)[by Point 2 of Lemma 18 in [15]]

≤ α(∑{

(IdI x su(tree(P))) x

(IdC +

∑{sun(γ(unfk

P,α(α(IdI))))}

n≥0

)}k≥0

)[by definition of x and by Lemma 2.1]

= α(∑{

(IdI x su(tree(P))) x sun(γ(unfk

P,α(α(IdI))))}

n,k≥0

)[by Point 3 of Lemma 7.2 and sinceα and x are monotonic]

≤ α(∑{

(IdI x su(tree(P))) x γ(unfkn

P,α(α(IdC)))}

k,n≥0

)


[by definition ofIdI, by Lemma 2.1 and by set-theoretic properties]

≤ α(∑{

(φp(x) x su(tree(P))) x γ(unfk

P,α(α(IdC)))}

k≥0,p(x)∈Goals

)[by definition of x and sinceγα is extensive]

≤ α(∑{

γ((α(φp(x)

)x suα(α(tree(P)))

)x unfk

P,α(α(IdC)))}

k≥0,p(x)∈Goals

)[by Point 2 of Lemma 7.2]

≤ α(∑{

γ(unfk

P,α

(α(φp(x)

)x suα(α(tree(P)))

))}k≥0,p(x)∈Goals

)[by definition ofunfk

P,α and sinceγα is extensive]

≤ α(∑{

γα(∑{

γ(unfk

P,α

(α(φp(x)

)))}k≥0

)}p(x)∈Goals

)

[by definition of∑

]

=∑{[∑{

unfkP,α

(α(φp(x)

))}k≥0

]/≡A

}p(x)∈Goals

[by (29)]

= OαvPb. j

PROPOSITION7.1. Let α : C → A be a semi-denotational observable,X ∈ UA, X′, X′′ ∈ A, A ∈Atoms andG ∈ Goals. Then the following properties hold.

1. A · (X′ x suα(X)) ≤ (A · X′) x suα(X),

2. (X′ x suα(X)) ×α(φG)) ≤ (X′ ×α(φG)) x suα(X),

3. X′ × (X′′ x suα(X)) ≤ (X′ × X′′) x suα(X).

Proof. We prove only Point 3, essentially using Point 3 of Lemma 8 in [15].22 The proof of the otherpoints is analogus, by using Points 1 and 2 of the above mentioned lemma and (47) and (43) (insteadof (46)).

First of all note that in the proof of Point 3 of Lemma 8 in [15] the hypothesisD′ x su(D) = D′ isnot used to prove the inclusionD′ × (D′′ x su(D)) v (D′ × D′′) x su(D) and hence we can concludethat

γ (X′)× (γ (X′′) x su(γ(X))) v (γ (X′)× γ (X′′)) x su(γ(X)). (50)

Moreover, by Point 2 of Lemma 7.1, by definition ofx and × and by (46) and (44),

suα(X) = α(su(γ (X))) (51)

22 Lemma 8 in [15] states that, for any atomA, anyD ∈ UC, anyD′, D′′ ∈ C, and any goalG,

(1) A · (D′ x su(D)) = (A · D′) x su(D),

(2) (D′ x su(D))× φG v (D′ × φG) x su(D), and

(3) if D′ x su(D) = D′ then (D′ × D′′) x su(D) = D′ × (D′′ x su(D)).


and

X′ × (X′′ x suα(X)) = α(γ (X′)× (γ (X′′)) x su(γ(X)))). (52)

Then the following facts hold.

X′ × (X′′ x suα(X)) [by (52)]

= α(γ (X′)× (γ (X′′) x su(γ(X)))) [by (50) and sinceα is monotonic]

≤ α((γ (X′)× γ (X′′)) x su(γ(X))) [sinceγα is extensive]

≤ α(γα(γ (X′)× γ (X′′)) x γα(su(γ(X)))) [by (51)]

= α(γα(γ (X′)× γ (X′′)) x γ (suα(X))) [by definition of × and x]

= (X′ × X′′) x suα(X). j

THEOREM 7.2. Letα : C→ A be a semi-denotational observable, A be an atom, G1, G2 be goalsand P be a program. Then

1. A ·OαvPb ≤ BαvA in Pb,2. BαvG1 in Pb ×BαvG2 in Pb ≤ Bαv(G1,G2) in Pb.


Point 1. Analogously to Lemma 7.3,

OαvPb ≤[∑{

unfkP,α(α(IdI))

}k≥0

]/≡A. (53)

Then the following facts hold.

A ·OαvPb [by (53)]

≤ A ·[∑{

unfkP,α(α(IdI))

}k≥0

]/≡A

[by (40)]

=∑{

A · unfkP,α(α(IdI))

}k≥0 [by using repeatedly Point 1 of Proposition 7.1]

≤∑{

unfkP,α(A ·α(IdI))

}k≥0 [by (41) and definition of ˜· ]

=∑{

unfkP,α(α(φA))

}k≥0 [by (28)]

= BαvA in Pb.

Point 2.

BαvG1 in Pb ×BαvG2 in Pb

[by (28) and (40)]

=∑{

unfkP,α

(α(φG1

)) × unfhP,α

(α(φG2

))}h,k≥0

[by using repeatedly Point 3 of Proposition 7.1]

≤∑{

unfhP,α

(unfk

P,α

(α(φG1

)) ×α(φG2

))}h,k≥0

[by using repeatedly Point 2 of Proposition 7.1]

≤∑{

unfhP,α

(unfk

P,α

(α(φG1

) ×α(φG2

)))}h,k≥0


[by defintion ofunfp,α]

=∑{

unfkP,α

(α(φG2

) ×α(φG2

))}k≥0

[by definition of× and×, by (43) and (28)]

= Bαv(G1,G2) in Pb. j

COROLLARY 7.1. Letα be a semi-denotational observable. Then

α(BvG in Pb) ≤ QαvG in Pb ≤ Bα[G in Pb.

Proof. The proof of the first inequality is straightforward by correctness ofQαvG in Pb and byPoint 5 of Theorem 2.1. For the second inequality, the proof is by structural induction onG.

(G=h)Qαvh in Pb = GαvhbFα vPb = α(φh) = Bαvh in Pb, by the defintion ofQαv · b,Gαv · b, andBαv · b.

(G = A,G′) The following facts hold.

QαvG in Pb [by definition ofQαv · b andFαv · b]= Gαv(A,G′)bFα [[ P]] [by definition ofGαv · b andQαv · b]= AαvAbFα [[ P]] ×QαvG′ in Pb [by inductive hypothesis]

≤ AαvAbFα [[ P]] ×BαvG′ in Pb [by definition ofAαv · b]= (A ·FαvPb) ×BαvG′ in Pb [by Lemma 7.3]

≤ (A ·OαvPb) ×BαvG′ in Pb [by Point 1 of Theorem 7.2]

≤ BαvA in Pb ×BαvG′ in Pb [by Point 2 of Theorem 7.2]

≤ BαvG in Pb. j

7.1. The Observableψ for Groundness Analysis of Computed Answers

We show now how to obtainGroundness analysis of computed answersfor pure logic programs [3,44, 16] by applying our scheme. In order to define the abstract domain we have to do several smallsteps. We will use propositional formulas to represent the groundness dependencies of variables. Inparticular, we will use the domainPOS [3] of positive propositional formulas classes modulo logicalequivalence, built using↔,∧ and∨, ordered by logical implication.

First of all we have to define the abstraction0(t) of a concrete termt . If var(t) = {x1, . . . , xn} then0(t) := x1 ∧ · · · ∧ xn, while if t is ground0(t) := true. The formula intuitively suggests that in orderfor t to be ground, all its variablesx1, . . . , xn must be ground.

We can extend0 to substitutions to obtain abstract substitutions as0(ϑ) := ∧x/t∈ϑ x ↔ 0(t)

where0(ε) := true. Abstract substitutions are propositional formulas which express thegroundnessdependenciesbetween the variables of the domain and the ones of the range of the concrete substitution.

We must define the abstract notion of restriction of an abstract substitution w.r.t. a set of variables.Namely, by usingSchroder’s elimination principle,

F |x :={

F if var(F) ⊆ {x}(F [y 7→ true]∨ F [y 7→ false])|x for somey ∈ var(F)\{x}

where the formulaF [y 7→ E] is obtained by replacing each occurrence of the variabley in F by E.Let Agr ⊆ [Goals ⇀ POS]. We can obtain the desired abstractionψ by further abstraction of

computed answer substitutions. Namelyτ0 : Aca→ Agr is defined as

τ0(X) := λG.∨

ϑ∈X(G)

0(ϑ) |var (G), (54)


where ∨∅ := false

(henceτ0(φ[∅/G]) = φ[false/G]).The groundness dependency for computed answers observableψ : C → Agr is ψ := τ0 ◦ ξ. By

applying the definition the abstract operators are

A · X = φ[F/A] whereF :=∨{F ′′ | 〈H, F ′〉 is a renamed apart (w.r.t.A) version of

〈A′, X(A′)〉, for someA′ ≤ A, there existsδ s.t. A = Hδ, dom(δ) ⊆ var(H ) andF ′′ = (F ′ ∧ 0(δ))|var(A)}

X1 × X2 = λG.∨{X1(G1) ∧ X2(G2) | (G1,G2) = G andX1(G1) andX2(G2) are defined}∑

{Xi }i∈I = λG.∨{Xi (G)}i∈I .

23

In the appendix we prove thatψ is semi-denotational and that the optimal operatorCv ·b is

Cvp(t)← p1(t1), . . . , pn(tn)bx = λp(x).

(x↔ 0(t) ∧

n∧i=1

(xi ↔ 0(t i ) ∧ X(pi (xi )))

)|x

where,∀i ∈ {1, n}, x, xi are new distinct variables,X(pi (xi )) is defined and the formulay ↔ 0(s)denotes

∧mi=1(yi ↔ 0(si )) (given thaty = y1, . . . , ym ands = s1, . . . , sm), which is equivalent to

0({y/s}).

7.2. Thedepth(k) Observable

Now we show how to approximate an infinite set of computed answers by means of adepth(k) cut[50], i.e., by cutting terms which have a depth greater thank. Terms are cut by replacing each sub-termrooted at depthk with a new variable taken from a setV (disjoint fromV).24 depth(k) terms representeach term obtained by instantiating the variables ofV with terms built overV .

First of all we have to define the abstractiont k as thedepth(k) reduction of the concrete termt .

We can extendk to substitutions to obtain abstract substitutions asϑ k := {x/t k | x/t ∈ ϑ}. Weassume that for any binding inϑ the cut is performed by using distinct variables ofV . We denote bySubstk the set of substitutionsV → T k, whereT k is the set ofdepth(k) terms.

LetAk

⊆ [Goals⇀ ℘(Substk)]. As in Section 7.1 we can obtain thedepth(k) answerobservable

κ by further abstraction of computed answer substitutions. Namelyτk : Aca→ Ak

is defined as

τk(X) := λG.{ϑ k | ϑ ∈ X(G)}. (55)

Thedepth(k) computed answer observableκ : C→ Ak

isκ := τk◦ξ . For simplicity in the followingwe assume that for any syntactic expression we rename variables inV andV with variables still inVandV respectively. Then, by applying the definition, the abstract operators turn out to be

A · X = φ[2/A] where2 := {ϑ k|〈H,2′〉 is a renamed apart (fromA) version of〈A′, X(A′)〉, for someA′ ≤ A, ϑ ′ ∈ 2′, ϑ = mgu(A, Hϑ ′)|A},

X1×X2 = λG.{ϑ k|(G1,G2) = G, for i ∈ {1, 2}, ϑi is a renamed version of anelement inXi (Gi ), via a renamingρi s.t.ρi |Gi = ε,var(G1, ϑ1) ∩ var(G2, ϑ2) ⊆ var(G1) ∩ var(G2) andϑ = (ϑ1 ◦mgu(G2ϑ1,G2ϑ2))|G}.25

23 In the appendix we show how the abstract operations ofψ can be defined in terms ofτ0 and the abstract operators ofξ .24 Thedepth(1) cut of the termf (a, x, x, y, g(z)) is f (x1, . . . , x5).25 In the appendix we show how the abstract operations ofκ can be defined in terms ofτk and the abstract operators ofξ .


In the appendix we prove thatκ is semi-denotational and that the abstract semantic function is

Cvp(t)← BbX = λp(x).{ϑ k | x are new variables, ϑi ∈ X(pi (xi )) and

ϑ = ({x/t} ◦mgu(B, (p1(x1)ϑ1, . . . , pn(xn)ϑn)))|x}.

8. SEMI-PERFECT OBSERVABLES

The relation between operational and denotational definitions that we have noticed for precise (perfectand denotational) observables holds for nonprecise observables too. However, since for nonpreciseobservables we only have a good denotational definition (semi-denotational observables), we shouldintroduce a further class (semi-perfect observables). Semi-perfect observables have all the properties ofperfect observables apart from precision. In particular, they have equivalent operational and denotationalsemantics, and the (top-down and bottom-up) goal-independent denotations areAND-compositional andOR-compositional. Let us just note that semi-perfect observables are essentially the observables whichmodel top-down abstract interpretation frameworks (see, for example, [7]).

We relax the optimality conditions of perfect observables axioms to admit nonprecise. ˜·, ×, andx

operators. However, we guarantee that weak (compositionality) properties are still satisfied. Hence everyperfect observable is a semi-perfect observable, but the converse does not hold.

DEFINITION 8.1. Letα : C → A be an observable. Thenα is asemi-perfectobservable if, for anyA ∈ Atoms, D′, D′′ ∈ C, D ∈ UC, andG∈Goalsthe following properties hold.

·, ×, andx distribute over∑

, (56)

α(A · γα(IdI)) = α(A · IdI) = α(φA), (57)

α(γα(D′) x γα(IdC)) = α(D′ x IdC) = α(D′), (58)

α(γα(D′)× γα(φG)) = α(D′ × φG), (59)

α(γα(D′) x γα(su(γα(D)))) = α(D′ x su(γα(D))), (60)

α(γα(D′) x γα(GvGbγα(D))) = α(D′ xGvGbγα(D)

), (61)

α(γα(A · γα(D′))× γα(GvGbγα(D)

)) = α((A · γα(D′))× GvGbγα(D)

), (62)

α(γα(D′)× γα(γα(D′′) x su(γα(D)))) = α(γα(D′)× (γα(D′′) x su(γα(D)))), (63)

α(γα(D′) x γα(γα(D′′) x su(γα(D)))) = α(γα(D′) x (γα(D′′) x su(γα(D)))), (64)

α(A · γα(γα(D′) x su(γα(D)))) = α(A · (γα(D′) x su(γα(D)))). (65)

As was the case for semi-denotational observables (Definition 7.1), the intuition behind the axiomsof this definition is that the precision is lost in the first closure step only.

First of all, we prove that every semi-perfect observable is also semi-denotational. By Definitions8.1 and 7.1, we have only to show that equation (45) holds, namelyα(D x pu(γα(

∑{Dj } j∈J))) =α(D x pu(

∑{γα(Dj )} j∈J)), for anyD ∈ C and every chain{Dj } j∈J ⊆ UC.

THEOREM 8.1. Let α : C → A be a semi-perfect observable,X ∈ UA, D′ ∈ C, D ∈ UC,G be agoal, {Xi }i∈I ⊆ UA and{Dj } j∈J ⊆ UC be chains. Then

1. GαvGbX = α(GvGbγ (X)

),

2. GαvGb6{Xi }i∈I= ∑{GαvGbXi

}i∈I ,

3. α(D′ x pu(γα(∑{Dj } j∈J))) = α(D′ x pu(

∑{γα(Dj )} j∈J)),

4. α(D′ x pu(γα(D))) = α(γα(D′) x pu(γα(D))).



Point 1. The proof is by induction onG. If G = u, by definition ofGv·b andGαv·b, GαvubX =α(φu) = α(Gvubγ (X)). Otherwise letG = (A,G′). The following facts hold.

Gαv(A,G′)bX [by definition ofGαv·b]= AαvAbX ×GαvG′bX [by definition ofAαv·b and inductive hypothesis]= (A · X)×α(GvG′bγ (X)

)[by definition of · and×]

= α(γα(A · γ (X))× γα(GvG′bγ (X)

))[by (62)]

= α((A · γ (X))× GvG′bγ (X)

)[by definition ofGv·b]

= α(Gv(A,G′)bγ (X)

).

Point 2. The proof is by induction onG. If G = u, by definition ofGαv·b,Gαvub6{Xi }i∈I= α(φu) =∑{GαvubXi

}i∈I . Otherwise letG = (A,G′). The following equivalences hold.

Gαv(A,G′)b6{Xi }i∈I[by definition ofGαv·b]

= AαvAb6{Xi }i∈I×GαvG′b6{Xi }i∈I

[by definition ofAαv·b and inductive hypothesis]

=(

A ·∑{Xi }i∈I

)×∑{GαvG′bXi

}i∈I [by (56)]

=∑{(A · X j ) ×GαvG′bXi

}i, j∈I [since{Xi }i∈I is a chain]

=∑{(A · Xi ) ×GαvG′bXi

}i∈I [by definition ofAαv·b andGαv·b]=∑{Gαv(A,G′)bXi

}i∈I .

Point 3. The following equivalences hold.

α(

D′ x pu(γα

(∑{Dj } j∈J

)))[by definition ofpuand Lemma 2.1]

= α(∑{

D′ xGvGbγα(6{Dj } j∈J )

}G∈Goals

)[by (30) and (61)]

= α(∑{

γα(γα(D′) x γα

(GvGbγα(6{γα(Dj )} j∈J )

))}G∈Goals

)[by definition of the abstract operators]

=∑{

α(D′) xα(GvGbγ (6{α(Dj )} j∈J )

)}G∈Goals

[by Point 1]

=∑{

α(D′) xGαvGb6{α(D j )} j∈J

}G∈Goals

[by Point 2 and (56)]

=∑{∑{

α(D′) xGαvGbα(Dj )

}j∈J

}G∈Goals

[by definition of the abstract operators and Point 1]

= α(∑{

γα(∑{

γα(γα(D′) x γα

(GvGbγα(Dj )

))}j∈J

)}G∈Goals

)


[by (61) and (30)]

= α(∑{∑{

D′ xGvGbγα(Dj )

}j∈J

}G∈Goals

)[by Lemma 2.1 and since{Dj } j∈J is a chain]

= α(

D′ x∑{

GvGb6{γα(Dj )} j∈J

}G∈Goals

)[by definition ofpu]

= α(

D′ x pu(∑{γα(Dj )} j∈J

)).

Point 4. The proof is straightforward, by definition ofpu, Lemma 2.1 and (61).

COROLLARY 8.1. Let α : C→A be a semi-perfect observable. Thenα is a semi-denotational ob-servable.

LEMMA 8.1. Letα : C→A be a semi-perfect observable,X ∈ UA and{X j } j∈ j ⊆ UA be a chain.

1. suα(X) = α(su(γ(X))),

2. α(sun(γ (∑{X j } j∈J))) = α(

∑{sun(γ (X j ))} j∈J).

Proof.

Point 1. The proof follows by Corollary 8.1 and Point 2 of Lemma 7.1.Point 2. We prove the two inclusions separately.

(≥) Straightforward, since·,×,∑ andα are monotonic,γ (X j ) v γ (∑{X j } j∈J), for any j ∈ J,

and∑

is thelub operation onC.(≤) The proof is by induction onn. For n= 0 the proof is immediate, by definition ofsu0.

Now observe that

su(γ(∑{X j } j∈J

))[sinceγα is extensive and by Point 1]

≤ γ(suα

(∑{X j } j∈J

))[by (56)]

= γ(∑{suα(X j } j∈J)

)[by Point 1, by the definition of

∑, and by (30)]

= γα(∑{su(γ(X j ))} j∈J

).

Then, forn > 0 the following equivalences hold.

α(sun

(γ(∑{X j } j∈J

)))[by definition ofsun]

= α(sun−1

(γ(∑{X j } j∈J

))x su

(γ(∑{X j } j∈J

)))


[by inductive hypothesis, by the previous result and sinceγα is extensive]

≤ α(γα

(∑{sun−1(γ (X j ))} j∈J

)x γα

(∑{su(γ(X j ))} j∈J

))[by definition of

∑and x and by (30)]

=∑{α(sun−1(γ (X j )))} j∈J x

∑{α(su(γ(X j )))} j∈J

[by (56) and since{X j } j∈J ⊆ UA is a chain]

=∑{α(sun−1(γ (X j ))) xα(su(γ(X j )))} j∈J

[by definition of the abstract operators]

= α(∑{γα(γα(sun−1(γ (X j ))) x γα(su(γ(X j ))))} j∈J

)[by (60) and (30)]

= α(∑{sun−1(γ (X j )) x su(γ(X j ))} j∈J

)[by definition ofsun]

= α(∑{sun(γ (X j ))} j∈J

).

LEMMA 8.2. Letα : C→ A be a semi-perfect observable,P be a program andG be a goal. Then

1. BαvG in Pb = α(φG x∑{sun(γα(tree(P)))}n≥0).

2. OαvPb = (α(IdI x∑{sun(γα(tree(P)))}n≥0))/≡A .


Point 1. First of all, we prove thatunfnP,α(α(φG)) = α(φG x sun(γα(tree(P)))). The proof is by

induction onn ≥ 0. Forn = 0, by definition,unf0P,α(α(φG)) = α(φG) = α(φG x su0(γα(tree(P)))).

For n > 0, the following equivalences hold.

unfnP,α(α(φG))

[by definition ofunfnP,α]

= unfn−1P,α (α(φG)) x suα(α(tree(P)))

[by inductive hypothesis, definition ofx and Point 1 of Lemma 8.1]

= α(γα(φG x sun−1(γα(tree(P)))) x γα(su(γα(tree(P)))))

[by (60)]

= α((φG x sun−1(γα(tree(P)))) x su(γα(tree(P))))

[by Point 2 of Lemma 6 in [15]]

= α(φG x sun(γα(tree(P)))).


Therefore, the following equivalences hold.

BαvG in Pb [by (28)]

=∑{

unfkP,α(α(φG))

}k≥0 [by the previous result and (30)]

= α(∑{φG x sun(γα(tree(P)))}n≥0

)[by Lemma 2.1]

= α(φG x

∑{sun(γα(tree(P)))}n≥0

).

Point 2. The following facts hold.

OαvPb [by definition]

=∑{Bαvp(x) in Pb/≡A}p(x)∈Goals [by definition of ≡A and∑]

=(∑{Bαvp(x) in Pb}p(x)∈Goals

)/≡A

[by the previous result]

=(∑{

α(φp(x) x


)}p(x)∈Goals

)/≡A

[by (30) and definition of∑]

=(α

(∑{φp(x) x


}p(x)∈Goals

))/≡A

[by Lemma 2.1]

=(α(∑{

φp(x)}

p(x)∈Goalsx


))/≡A

[by definition ofIdI]

=(α(IdI x


))/≡A.

We can always reconstruct the abstract behavior of a generic (non-pure and non-atomic) goal formthe abstract behavior of pure atoms. Therefore, all the properties ofSLD-trees stated in [15] hold forthe abstract top-down denotation for any semi-perfect observable as well.

THEOREM8.2. Letα : C→ A be a semi-perfect observable, A be an atom,G,G′ be goals and P bea program. Then

1. BαvA in Pb = A ·OαvPb,2. Bαv(G,G′) in Pb = BαvG in Pb ×BαvG′ in Pb.

Proof.

Point 1. We prove the two inclusions separately.

(≤) By Lemma 8.2, by definition of ˜· and since≡A is a congruence w.r.t. ˜·, we have to provethat

α(φA x


)≤ α

(A · γα

(IdI x


)).

By using the same arguments of Point 1 of Theorem 11 in [15], we can prove that

A ·(IdI x


)= φA x

∑{sun(γα(tree(P)))}n≥0.

Now the thesis follows by extensivity ofγα and by monotonicity ofα and of·.(≥) The proof follows by Corollary 8.1 and Point 1 of Theorem 7.2.

Point 2. We prove the two inclusions separately.

(≤) By Point 1 of Lemma 8.2,Bαv(G,G′) in Pb = α(φ(G,G′) x∑{sun(γα(tree(P)))}n≥0).


Then, by using the same arguments of Point 2 of Theorem 11 in [15], we can prove that

φ(G,G′) x


=(φG x


)×(φG′ x


).

The thesis follows byγα extensivity, Point 1 of Lemma 8.2 and definition of×.

(≥) The proof follows by Corollary 8.1 and by Point 2 of Theorem 7.2.

From Theorem 8.2 we can immediately derive that, for any atomA, goalG and programP,

Bαvh in Pb = φh, (66)

Bαv(A,G) in Pb = (A · OαvPb) × BαvG in Pb. (67)

Now we prove the abstractOR-compositionality for semi-perfect observables. First of all, by definitionof ], we have to prove that the functionHX is continuous (see (35)). Then, by construction, the leastfixpoint of the functionHX is the least solution of the equation [X]∗α = α(IdI) + ([X]∗α x suα(X)).

LEMMA 8.3. Let X ∈ UA and letα be a semi-perfect observable.

1. HX ◦ α = α ◦Hγ (X),

2. HX is continuous,

3. [X]∗α = lfpAHx = α(lfpCHγ (X)) = α([γ (X)]∗).


Point 1. Let D ∈ C. The following equivalences hold.

HX(α(D)) [by definition ofHX]= α(IdI) + (α(D) x suα(X)) [by Point 1 of Lemma 8.1]= α(IdI) + (α(D) x α(su(γ (X)))) [by definition ofx and+]= α(γα(IdI)+ γα(γα(D) x γα(su(γ (X))))) [by (60) and (30)]= α(IdI + (D x su(γ (X)))) [by definition ofHγ (X)]= α(Hγ (X)(D)).

Point 2. Let {Xi }i∈I ⊆ UA be a chain. Since∑


∑{HX(Xi )}i∈I = HX(∑{Xi }i∈I

). The following equalities hold.

HX

(∑{Xi }i∈I

)[by definition of

∑and Point 1]

= α(IdI +

(∑{γ (Xi )}i∈I x su(γ (X))

))[by Lemma 2.1 and (30)]

= α(∑{γα(IdI + (γ (Xi ) x su(γ (X))))}i∈I

)[by Point 1 and sinceαγ = Id ]

= α(∑{γ (HX(Xi ))}i∈I

)[by definition of

∑]

=∑{HX(Xi )}i∈I .

Point 3. First of all we prove that, for anyn ≥ 0,HX↑n = α(Hγ (X)↑n). The proof is by inductiononn. Forn = 0 the proof is straightforward by observing thatHX↑0 =⊥A= α(⊥C) = α(Hγ (X)↑0). For


n > 0 the following equivalences hold.

HX↑n [by definition of·↑n]

= HX(HX↑n−1) [by inductive hypothesis]

= HX(α(Hγ (X)↑n−1

))[by Point 1]

= α (Hγ (X)(Hγ (X)↑n−1

))[by definition of· ↑n]

= α (Hγ (X)↑n).

Finally

[X]∗α [by construction]

= lfpAHX [by Point 2]

=∑{HX↑n}n≥0 [by the previous result]

=∑{

α(Hγ (X)↑n

) }n≥0 [by (30)]

= α(∑{

Hγ (X)↑n}

n≥0

)[by continuity ofHγ (X)]

= α(lfpCHγ (X))

[by construction]

= α([γ (X)]∗).

COROLLARY 8.2. Let α : C → A be a semi-perfect observable and P1, P2 be programs. ThenOαvP1 ∪ P2b = OαvP1b ] OαvP2b.

Proof. First of all we prove that

OαvP1b ] OαvP2b = α(IdI x

∑{sun(γ (OαvP1b +OαvP2b))}n≥0

). (68)

The following equivalences hold.

OαvP1b ] OαvP2b (by definition of])

= [OαvP1b + OαvP2b]∗α (by Point 3 of Lemma 8.3)

= α([γ (OαvP1b + OαvP2b)]∗) (by the proof of Theorem 15 in [15])

= α(IdI x

∑{sun(γ (OαvP1b + OαvP2b))}n≥0

).

Now, we can prove the two inclusions separately.(≤) By (68) and Point 2 of Lemma 8.2, we have to prove that

α(IdI x

∑{sun(γα(tree(P1 ∪ P2)))}n≥0

)≤ α

(IdI x

∑{sun(γ (OαvP1b + OαvP2b))}n≥0

).

We prove that, for anyn ≥ 0, sun(γα(tree(P1 ∪ P2))) v sun(γ (OαvP1b + OαvP2b)). Then the thesisfollows by monotonicity ofx andα. Observe that, since (for any programP) tree(P) is a pure collection,γα(tree(P)) v IdI x su(γα(tree(P))) v γ (OαvPb). Then, by definition oftree and+ and by (30),γα(tree(P1 ∪ P2)) = γ (α(tree(P1)) + α(tree(P2))) v γ (OαvP1b + OαvP2b) and therefore, since· and× are monotonic,su(γα(tree(P1∪ P2))) v su(γ(OαvP1b +OαvP2b)). Then, sincex is also monotonic,for anyn ≥ 0, sun(γα(tree(P1 ∪ P2))) v sun(γ (OαvP1b + OαvP2b)).

(≥) First of all observe that, for anyi ∈ {1, 2},OαvPi b ≤ OαvP1 ∪ P2b and therefore, since+ isthe lub operation onA, OαvP1b + OαvP2b ≤ OαvP1 ∪ P2b. Then, sinceγ , · and× are monotonic, for


anyn ≥ 0,

sun(γ (OαvP1b + OαvP2b)) v sun(γ (OαvP1 ∪ P2b)). (69)

Now the following statements hold.

sun(γ (OαvP1 ∪ P2b))

[by Point 2 of Lemma 8.2]

= sun

(γα

(IdI x

∑{sun(γα(tree(P1 ∪ P2)))}n≥0

))[by definition of the abstract operators and Lemma 2.1]

v sun

(γ(∑ {

unfkP1∪P2,α

(α(IdI))}

k≥0

))[by Point 2 of Lemma 8.1 and sinceγα is extensive]

v γα(∑{

sun(γ(unfk

P1∪P2,α(α(IdI))

))}k≥0

)[by Point 3 of Lemma 7.2 and Corollary 8.1]

v γα(∑{

γ(unfkn

P1∪P2,α(α(IdC))

)}k≥0

)[by set-theoretic properties]

= γα(∑{

γ(unfk

P1∪P2,α(α(IdC))

)}k≥0

). (70)

Moreover, by (29) and (56),Oα[[ P]] = [∑{unfk

P,α(α(IdI))}k≥0]/≡A . Therefore

Oα[[ P1]] ]Oα[[ P2]]

[by (68)]

= α(IdI �

∑{sun(γ (Oα[[ P1]] +Oα[[ P2]]))}n≥0

)[by (69), (70), and sinceα is monotonic]

≤ α(IdI � γα

(∑{γ (unfk

P1∪P2,α(α(IdC)))

}k≥0

))[by definition of the abstract operators, sinceγα is extensive and by (56)]

≤∑{

α(IdI) � unfkP1∪P2,α

(α(IdC))}

k≥0

[by Point 2 of Lemma 7.2 and Corollary 8.1]

≤∑{

unfkP1∪P2,α

(α(IdI))}

k≥0

[by the previous observation]

= Oα[[ P1 ∪ P2]] . ¥


In Corollary 8.3 we will prove that the abstract top-down and the abstract bottom-up denotations areindeed equivalent, which implies (by Theorem 8.2) the equivalence between the denotational and theoperational semantics.

THEOREM 8.3. Let α : C → A be a semi-perfect observable, c be a clause, X ∈ CA and P be aprogram. Then

1. Cα[[c]] X = α(C[[c]] γ (X)),

2. Pα[[ P]] X = α(P[[ P]] γ (X)),

3. Pα[[ P]] is continuous onA andFα[[ P]] = Pα[[ P]]↑ω.


Point 1. Letc = H ← B. The following equalities hold.

Cα[[c]] X [by definition ofCα[[ ·]]]=α(tree(c)) �Gα[[ B]] X [by Point 1 of Theorem 8.1]

=α(tree(c))

�α(G[[ B]] γ (X)

)[by definition of�]

=α(γα(tree(c)) � γα(G[[ B]] γ (X)

))[by (61)]

=α(tree(c) �G[[ B]] γ (X)

)[by definition ofC[[ ·]]]

=α(C[[c]] γ (X)

).

Point 2. The proof is straightforward by Point 1, (30) and definition ofPα[[ P]].

Point 3. Let {Xi }i∈I ⊆ UA be a chain. Since∑


∑{Pα[[ P]] Xi}i∈I = Pα[[ P]] ∑{Xi }i∈I

. First of all, note that the following equalities hold.

Cα[[c]] ∑{Xi }i∈I[by definition ofCα[[ ·]]]

=α(tree(c)) �Gα[[ B]] ∑{Xi }i∈I[by Point 2 of Theorem 8.1]

=α(tree(c)) �∑{Gα[[ B]] Xi

}i∈I [by (56)]

= ∑{α(tree(c)) �Gα[[ B]] Xi

}i∈I

[by definition ofCα[[ ·]]]= ∑{

Cα[[c]] Xi

}i∈I .

Now the proof is straightforward by definition ofPα[[ P]]. ¥

Finally, by using Theorems 8.3 and 8.2, we can prove the equivalences between the denotational andthe operational semantics on one side, and between the top-down and bottom-up denotations on theother side.

COROLLARY 8.3. Let α : C → A be a semi-perfect observable,G be a goal and P be a program.Then

1. Oα[[ P]] = Fα[[ P]] ,

2. Qα[[G in P]] = Bα[[G in P]] .

Proof.Point 1. We prove the two inclusions separately

(≤) First of all, we prove that, for anyn ≥ 1,Pα[[ P]]↑n≥α((IdI + γα(tree(P))) � pun−1(IdI +γα(tree(P)))). The proof is by induction onn. For n= 1 the thesis is straightforward, since


Pα[[ P]]↑1 [by Point 2 of Theorem 8.3, (8),and definition of·↑1]

=α(IdI + (tree(P) � pu(γα(⊥A)))) [since � is extensive]

≥α(IdI + tree(P)) [by (30)]

=α(IdI + γα(tree(P))) [by definition of pu0]

=α((IdI + γα(tree(P))) � pu0(IdI + γα(tree(P)))).

For n > 1 the following statements hold.

Pα[[ P]]↑n

[by definition of·↑n and sincePα[[ P]]↑n−1 ≤ Pα[[ P]]↑n]

= Pα[[ P]](Pα[[ P]]↑n−1) +Pα[[ P]]↑n−1

[by Point 2 of Theorem 8.3 and (8)]

=α(IdI + (tree(P) � pu(γ (Pα[[ P]]↑n−1)))) +Pα[[ P]]↑n−1

[by (30) and Point 4 of Theorem 8.1]

= α(IdI + γα(γα(tree(P)) � pu(γ (Pα[[ P]]↑n−1)))) +Pα[[ P]]↑n−1

[by definition of + ]

= α(γα(tree(P)) � pu(γ (Pα[[ P]]↑n−1))) + (α(IdI) +Pα[[ P]]↑n−1)

[by (30) and definition of+]

= α((γα(tree(P)) � pu(γ (Pα[[ P]]↑n−1)))+ (IdI + γ (Pα[[ P]]↑n−1)))

[sinceIdI + D = IdI � pu(D), for anyD ∈ UC]

= α((γα(tree(P)) � pu(γ (Pα[[ P]]↑n−1)))+ (IdI � pu(γ (Pα[[ P]]↑n−1))))

[by Lemma 2.1]

= α((IdI + γα(tree(P))) � pu(γ (Pα[[ P]]↑n−1)))

[by inductive hypothesis]

≥ α((IdI + γα(tree(P))) � pu(γα((IdI + γα(tree(P))) � pun−2(IdI + γα(tree(P))))))

[sinceγα is extensive and by definition ofpun−1]

= α((IdI + γα(tree(P))) � pun−1(IdI + γα(tree(P)))).

Now, sincePα[[ P]] is continuous onA, by Lemma 2.1 and (30),Fα[[ P]] = ∑{Pα[[ P]]↑n}n≥0 ≥∑{α((IdI+ γα(tree(P))) � pun(IdI+ γα(tree(P))))}n≥0≥α(IdI �∑{pun(γα(tree(P)))}n≥0). Then,

by Corollary 19 in [15], sinceα is monotonic and by Lemma 8.2,Fα[[ P]] ≥ α(IdI �∑{sun(γα(tree

(P)))}n≥0)=Oα[[ P]].

(≥) Since (by Corollary 8.1) any semi-perfect observable is also semi-denotational, the proof isthe same of Lemma 7.3, by using Point 2 of Theorem 8.3 instead of Point 1 of Theorem 7.1.

Point 2. The proof is straightforward by Point 1 and by Theorem 8.2.¥


8.1. SLD-Trees withPOSWe show now how to obtaingroundness analysis of SLD-treesby applyig our scheme. We will obtain

abstract computations on the abstract domainPOS by extending the0 abstraction of Section 7.1 toderivations. First of all we need to define abstract versions of atoms, goals, clauses and programs.

0(t1, . . . , tn) := 0(t1), . . . , 0(tn)

0(p(t)) := p(0(t))

0(A1, . . . , An) := 0(A1), . . . , 0(An)

0(H ← B) := 0(H )← 0(B)

0({c1, . . . , cn}) := {0(c1), . . . , 0(cn)}

Now we can extend0 to derivations. We callPOS-derivation the result of this abstraction, since itrepresents an abstract derivation on the domainPOS.

0

(G0

ϑ1→c1

· · · ϑn→cn

Gn

):= 0(G0)

0(ϑ1)−−−→0(c1)· · · 0(ϑn)−−−→

0(cn)0(Gn)

Let WFSPOS be the set of well formed sets ofPOS-derivations.The groundness dependencies ofSLD-treeobservable9 : C→ ASldPosis the lifting of0 : WFS→WFSPOS, which is

9(D) := λG.{0(d) | d ∈ D(G)}.

It can be proved that the observable9 is a semi-perfect observable. Hence the abstract transition relation97→P

is as accurate as possible w.r.t. the concrete one. In order to present it in a compact form, we introduce

the following notation. LetA := p(F1, . . . , Fn) andB := q(E1, . . . , Em) be abstract atoms. Ifp = q,then A ↔ B denotes

∧1≤i≤n Fi ↔ Ei , otherwise it denotesfalse. Thus, by applying the definition

of the abstract transition system, if for someX ∈ ASldPosthere exist a goalG, an abstract derivationG

F1→c1

· · · Fn→cn

(B,C) ∈ X(G) and a renamed apart abstract abstract clauseH← D ∈ 0(P) such that

(B↔ H ) 6= false, then we can do the derivation step

X97→PλG.X(G) ∪

{G

F1→c1

· · · Fn→cn

(B,C)B↔H−−−→H←D

(D,C)

∣∣∣∣H ← D renamed apart element in0(P),

GF1→c1

· · · Fn→cn

(B,C) ∈ X(G), (B↔ H ) 6= false

}.

Since9 is semi-perfect, the abstract top-down denotationO9 [[ P]] and the abstract bottom-up denotationF9 [[ P]] coincide and are less accurate than the abstraction of the top-down denotation9(O[[ P]]).

Let us finally note that we can obtain the observableψ (see Section 7.1) by collecting the results ofPOS-refutations provided by9. Namely,ψ = π ◦9, where

π (X) := λG.{

(F1 ∧ · · · ∧ Fn)|var(G)

∣∣∣∣0(G)F1→c1

· · · Fn→cn

¤ ∈ X(G)

}.

Sinceψ is semi-denotational its transition system is too inaccurate. That’s why to perform top-downanalysis over the domainPOS we have to use the (more concrete) transition system of9 and thencollect (at the end) the abstract computer answers.


9. DISCUSSION OF THE RESULTS

Our results allow us to derive in a systematic way several known semantics, together with theirproperties. Perfect observables allow us to reconstruct the resultants semantics in [28] and the Heytingsemantics in [39]. The results on denotational observables apply to the least Herbrand model, the atomiclogical consequence semantics [8], thes-semantics [23, 5], the partial answer semantics [22] and thecall pattern semantics [29]. The results on semi-denotational observables apply to bottom-up abstractinterpretation frameworks, such as those whose collecting semantics is the computed answer semantics[4, 9], the correct answers semantics [32] and the call pattern semantics [26]. Finally, the results onsemi-perfect observables apply to top-down abstract interpretation frameworks [7].

There is something more we can learn from our theory of observables on the relation between deno-tational and operational definitions and the relation between goal-independence and goal-dependence.Denotational definitions are usually more abstract than operational definitions. This is not really nec-essary, since we have shown that denotational definitions do exist for all sensible observables (seethe discussion below on operational observables). In particular, for those observables which have aprecise operational semantics (i.e., perfect observables, such asSLD-trees, resultants and proof trees),there exists a fully equivalent denotational definition. The difference between an operational and de-notational definition is not a matter of level of abstraction of the semantic domains (which can be“very operational” as in the case ofSLD-trees). It is rather a matter of style, namely the denotationaldefinition is compositional (and, in the case of procedure definition and procedure call, this leads togoal-independence).

However, it is often the case that a denotational definition is compared to an operational definitionmodeling a different observable. For example, when one is concerned with computed answers (or theirground instances),

• the operational semantics is usually defined bySLD-resolution, i.e., by a transition system forthe observableSLD-trees. Computed answers (or their ground instances) are then obtained by abstractingthe final result;

• the denotational semantics is defined directly on the abstract domain by taking the least fixpointof thes-semantics immediate consequence operator (or of the standard groundTP operator).

This can easily be explained in our framework. In fact, computed answers and their ground instancesare denotational, and can therefore be computed operationally only by taking a more concrete (perfect)observable. As a consequence, the operational semantics is “more expressive” and yet contains moreinformation. For example, from this operational semantics designed for computed answers, we canobtain information about call patterns, since both computed answers and call patterns are abstractionsof the observable we are indeed modeling.

It is worth noting that in principle there might exist observables which can only be computed opera-tionally. We just need to define another class, which satisfies axioms (36) and (37) and an axiom on theextension operator symmetric w.r.t. Axiom (38), i.e.,

α(D � D′) = α((γα)D � D′).

This class (operational observables) has been studied in [1] and seems to include no interesting observ-ables.

The relation between operational and denotational definitions that we have noticed for precise ob-servables, holds for approximate observables too. Consider now the case of groundness analysis, basedon the abstract domainPOS. As in the case of precise observables, the operational and denotationaldefinitions, use different observables. Namely,

• the (top-down) abstract operational semantics models a semi-perfect observable (the one ofSection 8.1). Observations (i.e., groundness dependencies for computed answers) are then obtained byabstracting the result;

• the (bottom-up) abstract denotational semantics models directly a semi-denotational observable(the one of Section 7.1).


As in the case of precise observables, the two definitions are equivalent from the viewpoint of preci-sion. However, since the top-down abstract semantics is more concrete, it allows one to derive moreinformation (e.g. groundness dependencies of call patterns).

It is worth noting that all the observables we have considered areAND-compositional.AND-compositionality implies goal-independence; i.e., there is no loss of precision in deriving the behaviorof a specific goal from the goal-independent denotation (this property is sometimes called “condens-ing” in abstract interpretation). However there exist abstract domains used in the static analysis oflogic programs, for which this property does not hold. One example is the domainDEF [3], whichis a domain of propositional formulas (less accurate thanPOS) used for groundness analysis. It iseasy to realize thatDEF is not semi-denotational since it does not satisfy Axiom (40). In the caseof non-AND-compositional observables, the denotational definition (which isAND-compositional byconstruction) will in general deliver results which are less accurate than those that could be obtainedby goal-dependent operational definitions (defined for the “corresponding” more concrete observable).This is the only case where goal-dependent top-down abstract interpretation is more accurate thangoal-independent bottom-up abstract interpretation.

Our final remark is about goal-independence. Goal-dependence is usually associated to top-downoperational definitions. One example isSLD-resolution, which given a goal, returns the meaning of thegoal. On the other side, goal-independence is usually associated to bottom-up denotational definitions.For example, the fixpoint semantics gives a meaning to a set of procedure declarations. Our frameworkshows that this is not always the case. In particular, one can get the meaning of a goal in a denotationalway (see definitions (1) and (19) for the four classes of observables we have considered). However, themeaning of a goal is compositionally derived from the (goal-independent) meaning of the clauses. Asalready noted, if the observable isAND-compositional, the denotational semantics of a goal is precise. Onthe other hand, goal-independent denotations can be defined also in terms of the operational semantics,if the observable is perfect or semi-perfect, by taking the behaviors for pure atomic goals. This showsthat top-down does not necessarily imply goal-dependence and bottom-up does not necessarily implygoal-independence.

10. APPLICATIONS AND FUTURE DEVELOPMENTS

Our framework was explicitly defined as a tool for the reconstruction of existing semantics, forthe systematic design of new semantics and for static program analysis. One additional application isabstract diagnosis[14, 12, 13], a generalization of declarative debugging, which allows us to provewhether a program satisfies an abstract specification and to locate the bugs associated with the givenobservable, when the program is not correct. This operation is generally unfeasible on a generic domain,but if we choose a suitable noetherian domain it becomes feasible. Abstract diagnosis is based on asemantic framework [13] which is a simplified version of our framework. The diagnosis algorithmsexplicitly exploit the properties of denotational and semi-denotational observables. The framework hasbeen further extended in [51, 42], to deal with semantics which allow one to systematically reconstructvarious inductive verification methods. Verification techniques inherit the nice features of abstractinterpretation. Namely, the verification framework is parametric with respect to the (abstract) propertywe want to model. Given a specific property, the corresponding verification conditions are systematicallyderived from the framework and guaranteed to be indeed sufficient partial correctness conditions. Theverification method is guaranteed to be complete, if the abstraction is precise. This proves that ourapproach to approximate semantics can be used as a tool to bring techniques, which are typical of theprogram analysis field, into the debugging and verification fields.

Another application which is currently under study is the design of observables with specific se-mantic properties. The problem can be stated as follows. We want to model the observableα, by asemantics which has some property (such as being precise,AND-compositional,OR-compositional,goal-independent, or top-down). Ifα belongs to a class which does not enjoy that property, we need todetermine another observableβ which is more concrete thanα (and therefore is correct w.r.t. it) andwhich has the required property.

Consider, for example, the case where one wants to model computed answers by anOR-compositionalsemantics (because one needs to reason in a modular way). Computed answers are denotational and


not perfect and therefore they are notOR-compositional. AnOR-compositional semantics, correctw.r.t. computed answers, was defined in [6]. It turns out to be exactly the semantics for the observablecomputed resultants, which is indeed perfect and thereforeOR-compositional.

As another example, assume one wants to model groundness dependencies of computed answers byanAND-compositional (goal-independent) semantics. The simple “groundness” observable is not evensemi-denotational. On the other hand,POS is correct w.r.t. groundness dependencies of computedanswers and is semi-denotational (and thereforeAND-compositional).

The theory of abstract interpretation provides tools for the systematic construction of “more concrete”observables, i.e.,refinement operators(see [25] for a recent survey). Examples of refinement operatorsare reduced product, disjunctive completion, functional dependencies and Heyting completion. Theabove mentioned examples can be handled by these techniques. In particular [33] shows that the resul-tants semantics can be obtained by refining the domain of thes-semantics by functional dependencies,while [35, 47] reconstructPOS from the “groundness” observable by Heyting completion. Within ourframework, one can handle the problem of establishing general results about the properties of a classof observables and those of their refinements. Initial results for precise observables can be found in [1].

The framework has recently been extended to other properties of pure logic programs and to extendedlogic languages. [36, 37] extend the framework with infinite computations, thus dealing with finitefailure and termination. [48, 49] extend the framework to Prolog with cut. [45] extends the frameworkto Concurrent Constraints.

As a final remark, we want to point out that our approach can be generalized to other paradigms.We just need to define a denotational and operational semantics on the same semantic domain. Thecompositionality properties will be of course different and related to the language syntactic operators.

APPENDIX: PROOFS OF EXAMPLES

We present here the proofs of the properties stated in the examples. We first need some technicalresults on properties of substitutions. Given a set of equationsE := {s1 =e t1, . . . , sn =e tn}, a (mostgeneral) unifier ofE is a (most general) unifier of (s1, . . . , sn) and (t1, . . . , tn). Any ϑ unifier for E iscalledsolutionof E if Eϑ is variable free. Two sets of equationsE1, E2 are calledequivalent(denoted byE1 ≈e E2) if they have the same solutions. A unifiable set of equations (terms) has an idempotentmgu.

The lattice structure on idempotent substitutions [21] is isomorphic to the lattice structure on equationsintroduced in [40]. Therefore we can indifferently use equations or idempotentmgus. The followingresults show the connections between the two notions that we will use in the following. Given asubstitutionϑ := {x1/t1, . . . , xn/tn} we defineeqn(ϑ) := {x1 =e t1, . . . , xn =e tn}. If ϑ is anidempotentmguof E, eqn(ϑ) is called the solved form ofE [40]. Finally, observe that for any idempotentsubstitutionθ , ϑ = mgu(eqn(ϑ)).

In the following we will always implicitly consider a nontrivial Herbrand universe (i.e., it containsat least two elements).

LEMMA A.1. [5] Let E1, E2 be sets of equations. Then there existsβ = mgu(E1 ∪ E2) if and only ifthere existϑ = mgu(E1) andδ = mgu(E2ϑ), such thatβ = ϑδ.

LEMMA A.2. [28] Let E be a set of equations andϑ := mgu(E). Then,for any substitutionβ,mgu(Eβ) = mgu(eqn(ϑ)β).

COROLLARY A.1. Let E be a set of equations andϑ := mgu(E). Given a renamingρ, let δ :={xρ/tρ | x/t ∈ ϑ}. Then the following facts hold.

1. δ = mgu(Eρ),

2. ρδρ−1 = ϑ (and thereforeδ = ρ−1ϑρ).


Point 1. By Lemma A.2 we have only to prove thatδ = mgu(eqn(ϑ)ρ). Then it is sufficient toobserve thatδ is an idempotent substitution andeqn(ϑ)ρ = eqn(δ).

Point 2. Let z be a variable. By definition ofδ, ρδρ−1(z) = ρρ−1(ϑ(z)) = ϑ(z). j


In order to prove several of the following results let us consider now an equational version ofSLD-derivation, denoted by

eq→c

, which uses equations instead of idempotentmgus[52]. The equivalencebetween these two different versions ofSLD-derivation can be easily proved by using the previouslymentioned isomorphism.

More precisely, let us callequationalgoal a conjunctionE, G whereE is a conjunction of equationsandG is a conjunction of non-equational atoms. We also assume that the equational part of queries isnever taken into account by the selection rule (i.e., the selection rule as a function does not have theequational parts of resolvents neither in its domain nor in its range). Hence, for example, the leftmostrule selects the atomp(a) in the goals=e t, p(a).

Equational derivations (via the leftmost selection rule) are formally defined as follows. Let us considerthe equational goalE, A1, . . . , An and letc := H ← B be a renamed apart clause such thatE′ := E∪{A1 =e H} is unifiable. Then we have anequational derivation step E, A1, . . . ,An

eq→c

E′, B, A2, . . . , An.

Equational derivations are obtained fromderivationsteps in the usual way. A successful equationalderivation is a finite one which has only equational atoms in the last resolvent.

As pointed out in [52], anySLD-derivation can be transformed in an equivalent equational one, whichuses the same clauses. Ifϑ is the idempotentmguof E, then the (idempotent)mguϑ ′ of E′ϑ is thecomputed substitution corresponding to the same step of the originalSLD-derivation. The equivalence

is formally stated by the following Lemma A.3. In the following, to simplify the notationG0ϑ−−−→

c1,...,cn

Gn

will represent the derivationd = G0ϑ1→c1

· · · ϑn→cn

Gn such thatϑ = ϑ1 · · ·ϑn and E0,G0

eq−−−→c1,...,cn

En,Gn

will represent the equational derivationE0,G0eq→c1

· · · eq→cn

En,Gn.

LEMMA A.3. [28] Let G be a goal. There exists a derivationGϑ−−−→

c1,...,cn

A if and only if there exists an

equational derivationGeq−−−→

c1,...,cn

E, B such thatϑ = mgu(E) and A = Bϑ .

The proof of the following lemma is essentially the same of that given for Lemma 2.2 in [28], exceptfor a minor difference in the notation.

LEMMA A.4. Let G be a goal and letδ be an idempotent substitution.

1. If there exists a derivationGδϑ−−−→

c1,...,cm

Gm such that var(c1, . . . , cm) ∩ var(G) = ∅, then there

exist a derivationGϑ ′−−−→

c1,...,cm

G′m and a substitutionδ′ = mgu(Gδ,Gϑ ′), such thatδ|Gϑ = ϑ ′δ′ and

Gm = G′mδ′.

2. Conversely,if there exists a derivationGϑ ′−−−→

c1,...,cm

G′m such thatGδ and Gϑ ′ are unifiable

and var(c1, . . . , cm) ∩ var(Gδ) = ∅, then there exist a derivationGδϑ−−−→

c1,...,cm

Gm and a substitution

δ′ = mgu(Gδ,Gϑ ′), such thatδ|Gϑ = ϑ ′δ′ andGm = G′mδ′.

In the following, to simplify the notation, byres(d) := G0ϑ ← Gn we will denote the resultant

associated to the derivationd := G0ϑ−−−→

c1,...,cn

Gn.

LEMMA A.5. Let d := Gϑ ′−−−→

c1,...,cm

G′m be a derivation andδ be an idempotent substitution such that

var(Gδ)∩ var(clauses(d)) = ∅. Then there existsϑ such that∂δ(d) = Gδϑ−−−→

c1,...,cm

Gm, if and only if

there existsδ′ = mgu(Gδ,Gϑ ′), such that res(∂δ(d)) = res(d)δ′.

Proof. First of all observe that by definition of derivation and of the∂ operation,var(clauses(d))∩(var(Gδ) ∪ var(G)) = ∅ andδ is an idempotent substitution. Then, by Lemma A.4 and by observingthatϑ ′δ′ = δ|Gϑ,Gδϑ ← Gm = (Gϑ ′ ← G′m)δ′ and thusres(∂δ(d)) = res(d)δ′. ¥


LEMMA A.6. Letd1 := G1ϑ−−−→

c1,...,cn

B1 andd2 := G2σ−−−−−→

cn+1,...,cn+m

B2 be derivations such that var(d1)∩var(d2) = var(G1) ∩ var(G2). Then the following facts hold.

1. If B1 6= ¤ then d1∧d2 = (G1,G2)ϑ−−−→

c1,...,cn

(B1,G2ϑ) and, furthermore,res(d1∧d2) =((G1,G2)← (B1,G2))ϑ .

2. If B1 = ¤ then there existsϑ ′ such thatd1∧d2 = (G1,G2)ϑϑ ′−−−−→

c1,...,cn+m

B if and only if there

existsδ′ = mgu(G2ϑ,G2σ ) such that res(d1∧d2) = ((G1,G2)← B2)ϑδ′.


Point 1. The proof follows by definition of∧, by a straightforward inductive argument and byobserving that (since we use only idempotentmgus)B1ϑ = B1.

Point 2. By definition of∧,d1 ∧ d2 = d1∧G2 :: ∂ϑ (d2), whered1∧ G2 = (G1,G2)ϑ−−−→

c1,...,cn

G2ϑ . By Lemma A.5 there existsϑ ′ such that∂ϑ (d2) = G2ϑϑ ′−−−−−→

cn+1,...,cn+m

B if and only if there exists

δ′ = mgu(G2ϑ,G2σ ), such thatG2ϑϑ′ ← B = (G2σ ← B2)δ′ = (G2ϑ ← B2)δ′, where the last

equality follows sinceδ′ = mgu(G2ϑ,G2σ ). Sinceres(d1∧d2) = (G1,G2)ϑϑ ′ ← B we are left toprove the following.

(G1ϑϑ′ = G1ϑδ

′) It suffices to prove that, for anyx ∈ var(G1), xϑϑ ′ = xϑδ′. Let y ∈ var(xϑ).We have two posibilities.

(y∈ var(G2ϑ)) SinceG2ϑϑ′ = G2ϑδ

′, yϑ ′ = yδ′.(y∈ var(G2ϑ)) First of all observe that, sinceϑ is idempotent andy∈ var(xϑ), y /∈ dom(ϑ)

and thereforey /∈ var(G2), sincey /∈ var(G2ϑ). Moreover, by hypothesis,var(d1)∩var(clauses(d2)) =∅. Then, by definition of derivation,y /∈ var(σ) (sincey /∈ var(G2)) andy /∈ var(ϑ′) (sincey /∈ var(G2ϑ)).Then, sinceδ′ = mgu(G2ϑ,G2σ ) and (by the previous observations)y /∈ var(G2ϑ) ∪ var(G2σ ), y /∈var(δ′). Thenyϑ ′ = y = yδ′.

(B2ϑδ′ = B2δ

′) First of all recall that in a derivation only idempotentmgusand renamed apartclauses are used. Then it is easy to check, by a straightforward inductive argument, thatσ is idem-potent andB2σ = B2. If suffices to prove that, for anyx ∈ var(B2), xϑδ′ = xδ′. We have twocases.

(x ∈ var(G2)) Sinceδ′ = mgu(G2ϑ,G2σ ), by the previous observation,xϑδ′ = xσδ′ = xδ′.(x /∈ var(G2)) Since by hypothesisvar(d1)∩ var(d2) ⊆ var(G2) andvar(ϑ) ⊆ var(d1), x /∈

dom(ϑ) and thereforexϑδ′ = xδ′. j

Now we can prove the properties stated in the examples.

Proof of Example 3.1. By definition,ξ maps finite elements to finite elements. We have to provethat it satisfies (10).

Let D, D′ ∈ CC and D ≡C D′. First of all note that by definition ofξ and sinceD is a purecollection,ξγ ξ (D) is also a pure collection. Then it is sufficient to prove that, for any goalp(x) suchthat ξγ ξ (D)(p(x)) is defined, there exists a renamingρ such thatξγ ξ (D′)(p(x)ρ) is defined and is apointwise variant ofξγ ξ (D)(p(x)). The thesis follows then by symmetry.

Assume thatξγ ξ (D)(p(x)) is defined. By definition ofξ, D(p(x)) is also defined. Then, since (byhypothesis)D ≡C D′, there exists a renamingρ such thatD′(p(x)ρ) is defined and is a pointwisevariant of D(p(x)). Moreover, by definition ofξ and sinceD′(p(x)ρ) is defined,ξγ ξ (D′)(p(x)ρ) isalso defined. Now letd ∈ ξγ ξ (D)(p(x)). We are left to prove that there existsd′ ∈ ξγ ξ (D′)(p(x)ρ)such thatclauses(d)≡ clauses(d′). Two cases arise.

(last(d) 6= ¤) note thatlast(dρ) 6= ¤. In this case, by definition ofξ and sinceD′(p(x)ρ) isdefined,dρ ∈ ξγ ξ (D′)(p(x)ρ) and then the thesis.

(last(d) = ¤) By definition ofξ , there existsd ∈ D(p(x)) such thatanswer(d) = answer ¯(d).Then, since (by hypothesis)D ≡C D′, there existsd′ ∈ D′(p(x)ρ) such thatclauses(d) ≡ clauses(d′).

By Lemma A.3 there exists an equational derivationp(x)eq−−−→

c1,...,cn

E,¤ corresponding tod such thatϑ =mgu(E) andanswer(d) = answer(d) = ϑ |x. Moreover, by Lemma A.3 again and sinceclauses¯(d) ≡


clauses(d′), there exists an equational derivationp(x)ρeq−−−−→

c1ρ,...,cnρEρ, ¤ corresponding tod′ such that

ϑ ′ = mgu(Eρ) andanswer ¯(d′) = ϑ ′|xρ .Sincex is a sequence of distinct variables, there exists a solved form ofE, E|x ∪ E|−x, where

E|x ≈e {x =e t} and for anyi, j ∈ {1, . . . ,n} if xi /∈ dom(ϑ) thenti is a variable and ifi 6= j andxi , xj /∈ dom(ϑ) thenti 6= t j . By Lemma A.1, there exitsδ = mgu(E|x) andσ = mgu(E|−x δ) such thatϑ = δσ . Moreover, sinceE|x ∪ E|−x is a solved form, we can chooseδ andσ such thatE|−x δ = E|−x

anddom(σ ) ∩ var(δ) = ∅. Therforeϑ |x = δ|x.Analogously, there exists a solved form ofEρ, Eρ|xρ ∪ Eρ|−xρ , whereEρ|xρ ≈e {xρ =e tρ} and,

by Lemma A.1, there existδ′ = mgu(Eρ|xρ) andσ ′ = mgu(Eρ|−xρ δ′) such thatϑ ′ = δ′σ ′, Eρ|−xρ δ′ =Eρ|−xρ anddom(σ ′) ∩ var(δ′) = ∅. Therefore,

answer(d′) = ϑ ′|xρ = δ′|xρ. (A.1)

Now, sinced ∈ ξγ ξ (D)(p(x)), by lemma A.3 there exists an equational derivationp(x)eq−−−→

c1,...,ck

E, ¤

corresponding tod such thatϑ = mgu(E) and, sinceanswer(d) = answer(d), ϑ |x = ϑ |x.Then, analogously to the previous cases, there exists a solved form ofE, E|x ∪ E|−x, whereE|x ≈e

{x =e t ′}, such thatδ = mgu(E|x), σ = mgu(E|−xδ) andϑ = δσ, ϑ |x = δ|x = δ|x. Moreover forany i, j ∈ {1, . . . ,n} if xi /∈ dom(ϑ) = dom(ϑ) thent ′i is a variable and ifi 6= j andxi , xj /∈ dom(ϑ)then t ′i 6= t ′j . ThereforeE|x ≡ E|x and then there exists a renamingρ ′ such thatρ ′(x) = ρ(x) and(E|x)ρ ′ = (E|x)ρ = Eρ|xρ .

Then, by definition of equational derivation, it is easy to check that there exists an equational derivation

p(x)ρeq−−−−−→

c1ρ ′,...,ckρ ′Eρ ′,¤ (A.2)

and, analogously to the previous cases, there exists a solved formEρ|xρ ∪ Eρ ′|−xρ such thatδ′ =mgu(Eρ|xρ), σ ′ = mgu(Eρ ′|−xρ), ϑ ′ = mgu(Eρ) = δ′σ ′ andϑ |xρ = δ′|xρ .

Therefore, by (A.1)

ϑ ′|xρ = ϑ ′|xρ. (A.3)

By Lemma A.3 and by (A.2), there exists a derivationd′ = p(x)ρϑ ′−−−−−→

c1ρ ′,...,ckρ ′¤. Moreover, sinced′ ∈

D′(p(x)ρ), by (A.3) and definition ofξ,d′ ∈ ξγ ξ (D′)(p(x)ρ). Finally, by construction,clauses(d)≡clauses(d′) and then the thesis.¥

Proof of Section 5.1. We prove that the three abstract operations are correctly defined.

(· operation) By definition of∂, given a derivationd and an idempotent substitutionδ such that∂δ(d) is defined,length(∂δ(d)) ≤ length(d). Then there exists a derivationd′ which is a prefix ofd suchthat∂δ(d) = ∂δ(d′) andlength(∂δ(d′)) = length(d′).

Now observe that, by definition of collection, for anyD ∈ C and anyG∈Goals, if D(G) is definedthenD(G) is a well-formed set of derivations and, therefore, for anyd ∈ D(G), if d′ is a prefix ofdthend′ ∈ D(G). By the previous observations, given an atomA and a collectionD,

A · D = φ[S/A] where S = {∂δ(d′) | S′ is renamed apart (fromA) version of D(A′), for someA′ ≤ A,d′ ∈ S′, there existsδ s.t. A = first(d′)δ, ∂δ(d′) is defined andlength(∂δ(d′))=length(d′)}.

Then, by Lemma A.5, there existsd ∈ (A · D)(A) if and only if there exists a substitutionδ such thatd = ∂δ(d′), whered′ ∈ S′, S′ is renamed apart (fromA) version ofD(A′), for someA′ ≤ A, H =first(d′), A = Hδ, res(d′) = H ′ ← B′, there existsϑ = mgu(A, H ′) andres(d) = res(d′)ϑ . Moreoverobserve that, ifA′ ≤ A andH is a renamed apart (fromA) version ofA′, then there exists a substitution


δ such thatA = Hδ. Then the following equivalences hold.

A · X[by definition of · andχ ]

= λG. {res(d) | d ∈ (A · χγ (X))(G)}[by the previous results]

= φ[R/A] whereR= {(H ′ ← B′)ϑ | S′ is renamed apart (fromA) version ofχγ (X)(A′), for someA′ ≤ A, d′ ∈ S′, res(d′) = H ′ ← B′ andϑ = mgu(A, H ′)}

[by definition ofχγ and sinceϑ = mgu(A, H ′)]

= φ[R/A] whereR= {(A← B′)ϑ | R′ is renamed apart (fromA) version ofX(A′), for someA′ ≤ A,H ′ ← B′ ∈ R′ andϑ = mgu(A, H ′)}.

(× operation) By definition of ∧, if d1,d2 are derivations andd1∧d2 is defined thenlength(d1∧d2)≤ length(d1) + length(d2). Therefore, by definition of∧, there existsd′2 which isa prefix ofd2 such thatd1∧d2=d1∧d′2 andlength(d1∧d′2) = length(d1)+ length(d′2).

Then, analogously to the previous operation, by properties of collections,

D1 × D2= λG.{d1∧d2 | (G1,G2)=G and fori ∈ {1, 2},di is a renamed version of an element inDi (Gi ) s.t.Gi = first(di ),d1∧d2 is defined andlength(d1∧d2) = length(d1)+ length(d2)}.

Then, by Lemma A.6, there existsd ∈ (D1 × D2)(G) if and only if d = d1∧d2, (G1,G2) = Gand for i ∈ {1, 2},di is a renamed version of an element inDi (Gi ) such thatGi = first (di ), Bi =last(di ), ϑi = answer(di ), var (d1)∩ var (d2) = var (G1)∩ var (G2) and the following equivalenceshold

• eitherB1 6= ¤ andres(d) = ((G1,G2)← (B1,G2))ϑ1 or

• B1 = ¤ and there existsσ = mgu(G2ϑ1,G2ϑ2) such thatres(d) = ((G1,G2)← B2)ϑ1σ .

Then the following equivalences hold.

X1×X2

[by definition of × andχ ]

= λG.{res(d) |d ∈ (χγ(X1)×χγ (X2))(G)}[by the previous result]

= λG.{((G1,G2)← B)ϑ | (G1,G2) = G,∀i ∈ {1, 2},di is a renamed version of an element in

χγ (Xi )(Gi ) s.t. Gi = first(di ), ϑi = answer(di ),Bi = last(di ), var(d1) ∩ var(d2) = var(G1) ∩var(G2) and ifB1 6=¤ thenϑ =ϑ1 andB= (B1,G2) elseϑ =ϑ1 ◦mgu(G2ϑ1,G2ϑ2) andB=B2}

[by definition ofχγ ]

= λG.{((G1,G2)← B)ϑ | (G1,G2) = G,∀i ∈ {1, 2}, ri = G′i ← Bi is a renamed version of an

element inXi (Gi ), via a renamingρi s.t. ρi |Gi = ε, var(G1, r1)∩ var(G2, r2)⊆ var(G1)∩ var(G2),

G1ϑ1 = G′1 and ifB1 6= ¤ thenϑ = ϑ1|G1,B = (B1,G2) elseB = B2, ϑ = ϑ1|G1 ◦mgu(G2ϑ1|G1,G

′2)},

where the last equality follows since we can assume without loss of generality, that for any pair ofderivationsd1 andd2, the variables invar(d1)\var(G1, res(d1)) are renamed apart fromd2. Analogouslyfor var(d2)\var(G2, res(d2)).


x operation) Letd1,d2 be derivations such thatd1 :: d2 is defined,G := first(d1), B := last(d2) and(for i ∈ {1, 2}) ϑi := answer(di ). By definition of ::,res(d1 :: d2) = Gϑ1ϑ2← B.

Now observe that, by definition of ::, all the clauses used in the derivationd2 are renamed apartw.r.t. G andfirst(d2). Moreover we assumed that only idempotenymgusare used. Thenϑ1 andϑ2 areidempotent substitutions and, by definition of derivation and by a straightforward inductive argument,Bϑ1ϑ2 = Bϑ2 = B.

Then, by definition ofx, there existsd ∈ (D1 x D2)(G) if and only if eitherd ∈ D1(G) or d=d1 :: d2,d1∈ D1(G),G2≡ last(d1) andd2 is a renamed version of an element inD2(G2) such thatlast(d1) = first(d2), var(d1) ∩ var(d2) = var(first(d2)),B = last(d2), for i ∈ {1, 2}, ϑi = answer(di )andres(d) = (G← B2)ϑ1ϑ2. Then the following equivalences hold.

X1 x X2

[by definition ofx andχ ]

= λG.{res(d) | d ∈ (χγ (X1) xχγ (X2))(G)}[by the previous result]

= λG.{(G← B)ϑ | eitherd ∈ χγ (X1)(G),answer(d) = ϑ andlast(d) = B or d = d1 :: d2,where

d1 ∈ χγ (X1)(G),G2 ≡ last(d1) andd2 is a renamed version of an element inχγ (X2)(G2) s.t.

last(d1) = first(d2), var(d1) ∩ var(d2) = var(first(d2)), ϑ = answer(d1) ◦ answer(d2) and

B = last(d2)}[by definition ofχγ ]

= λG.X1(G)∪ {(G′ ← G3)ϑ | r1 = G′ ← G1 ∈ X1(G),G1 ≡ G2, r2 = G′2← G3 is a renamed

version of an element inX2(G2), via a renamingρ s.t.G2ρ = G1, var(G,r1) ∩ var(r2) ⊆ var(G1),

G1ϑ = G′2 anddom(ϑ) ⊆ var(G1)}.

In the following we need a technical result on the substitution abstraction0.

LEMMA A.7. Let G be a goal andϑ, ϑ ′ be idempotent substitutions such thatGϑ≡Gϑ′. Then(0(ϑ))|var(G) = (0(ϑ ′))|var(G).

Proof. First of all observe that, for any idempotent substitutionϑ and sequence of variablesx,(0(ϑ))|x = (0(ϑ |x))|x. Then we can assume that (dom(ϑ) ∪ dom(ϑ′)) ⊆ var (G).

Now the proof is by induction onn = card(dom(ϑ)\dom(ϑ′))+ card(dom(ϑ′)\dom(ϑ)).

(n= 0) Assume thatϑ 6=ϑ ′. Then there existsx ∈ var(G) such thatxϑ 6= xϑ ′. Since (by hypoth-esis)Gϑ ≡ Gϑ′, xϑ is a variant ofxϑ ′ and therefore we can assume thatxϑ = f (y, t2, . . . , tk),xϑ ′ = f (y′, t ′2, . . . , t

′k) andy 6= y′. The extension to the general case is obvious. We have to distinguish

the following cases.(y∈ var(G)and y′ /∈ var(G)) In this case we have a contradiction. In fact sinceϑ is idempotent

and (by hypothesis)y ∈ range(ϑ), y /∈ dom(ϑ) and therefore, sincedom(ϑ) = dom(ϑ′), y /∈ dom(ϑ′).Then it is easy to check thatGϑ 6≡ Gϑ′.

(y /∈ var(G)and y′ ∈ var(G)) The same as the previous case.(y ∈ var(G) and y′ ∈ var(G)) Analogously to the first case,y, y′ /∈ dom(ϑ) ∪ dom(ϑ′). Then

we prove by contradiction thatGϑ 6≡ Gϑ′. By definition of variance, there exists a renamingρ suchthat Gϑρ = Gϑ ′. Thus (ϑρ)|G = ϑ ′|G. By our hypothesis onϑ andϑ ′, {y/y′} ⊆ ρ and then, sincey′ /∈ dom(ϑ) andy ∈ var(G),{y/y′} ⊆ (ϑρ)|G = ϑ ′|G. This contradicts the fact thaty /∈ dom(ϑ′).

(y /∈ var(G)and y′ /∈ var(G)) Note that the name of the variables not invar(G) is irrelevant, sinceif y /∈ var(G) andy′ /∈ var(G) then (0(ϑ))|var(G) = (0(ϑ{y/y′, y′/y}))|var(G). Therefore (0(ϑ))var(G) =(0(ϑ ′))|var(G).

(n > 0) Without loss of generality, we can assume that there existsx ∈ dom(ϑ)\dom(ϑ′). Since(by hypothesis)dom(ϑ) ⊆ var(G),x ∈ var(G) and, sinceGϑ ≡ Gϑ′, there exists a variabley such that{x/y} ⊆ ϑ . Then we have two possibilities.


(y /∈ var(G)) In this case, by definition of0, (0(ϑ))|var(G)= ((x↔ y)∧0(ϑ |dom(ϑ)\{x}))|var(G) andthen, by definition of logical equivalence,

(0(ϑ))|var(G) = ((x↔ y) ∧ ((0(ϑ |dom(ϑ)\{x}))[y 7→ x]))|var(G). (A.4)

Now observe that (0(ϑ |dom(ϑ)\{x}))[y 7→ x] is the formula0(ϑ ′′), associated to the idempotent substitu-tion ϑ ′′, obtained by replacing the occurrences of the variabley with x in the substitutionϑ |dom(ϑ)\{x}.Moreover, by (A.4),

(0(ϑ))|var(G) = (((x↔ true)∧ 0(ϑ ′′)) ∨ ((x↔ false)∧ 0(ϑ ′′)))|var(G) = (0(ϑ ′′))|var(G). (A.5)

By constructionGϑ ≡ Gϑ′′ and thereforeGϑ′′ ≡ Gϑ′. Moreover, sincex 6∈ dom(ϑ′) ∪ dom(ϑ′′) anddom(ϑ′′) = dom(ϑ)\{x}, card(dom(ϑ′)\dom(ϑ′′))+card(dom(ϑ′′)\dom(ϑ′)) = n−1. Then, by induc-tive hypothesis, (0(ϑ ′))|var(G) = (0(ϑ ′′))|var(G) and therefore, by (A.5), (0(ϑ))|var(G) = (0(ϑ ′))|var(G).

(y∈ var(G)) SinceGϑ≡Gϑ′, there exists a renamingρ such thatGϑρ=Gϑ ′ and, sinceϑ ′ isidempotent, (ϑρ)|G is also idempotent. Now observe that, sincex ∈ dom(ϑ)\dom(ϑ′), (ϑρ)|G=ϑ ′ andby definition of composition,{y/x}⊆ (ϑρ)|G = ϑ ′.Let ϑ ′′ :={y/x}ϑ , whereϑ is obtained by replacing by occurrence ofy with x in the substitutionϑ |dom(ϑ)\{x}. By definition of0,

0(ϑ) = (x↔ y) ∧ 0(ϑ |dom(ϑ)\{x})

= (x↔ y) ∧ ((0(ϑ |dom(ϑ)\{x}))[y 7→ x])

= (x↔ y) ∧ 0(ϑ) = 0(ϑ ′′). (A.6)

By constructionGϑ ≡ Gϑ′′ and thenGϑ′′ ≡ Gϑ′. Moreover, by definition ofϑ ′′, dom(ϑ′′) = (dom(ϑ)∪{y})\{x} and thencard(dom(ϑ′)\dom(ϑ′′)) + card(dom(ϑ′′)\dom(ϑ′)) = n − 2. Then, by inductivehypothesis, (0(ϑ ′))|var(G) = (0(ϑ ′′))|var(G) and therefore, by (A.6), (0(ϑ))|var(G) = (0(ϑ ′))|var(G).

Proof of Section 7.1. We have to prove several facts.(ψ is an observable) The proof that there existsτ γ0 such that〈τ0, τ γ0 〉 :Aca↽⇀Agr is a Galois

insertion, is straightforward by definition ofτ0. Then, we can defineψγ : Agr→ C asψγ = ξγ ◦ τ γ0 .It is easy to check thatψ is the lifting of the domain abstraction0. Moreover0 maps finite elements tofinite elements.

Now, let D, D′ ∈ CC and D ≡C D′. By definition,ψ = τ0ξ and, by the proof thatξ satisfies(10) (see proof of Example 3.1),ξγ ξ (D) ≡C ξγ ξ (D′), which (by definition of≡Aca) is equivalent toξ (D) ≡Aca ξ (D′). Then it suffices to prove (by takingX = ξ (D) andX′ = ξ (D′)) that, for any pair ofpureA-collectionsX, X′ ∈ CAca, X ≡Aca X′ ⇒ τ

γ

0 τ0(X) ≡Aca τγ

0 τ0(X′).First of all observe that the following equivalences hold.

1. By definition ofτ0, for any goalG and for any idempotent substitutionϑ such thatdom(ϑ)⊆var(G), ϑ∈ τ γ0 τ0(X)(G)⇐⇒ (0(ϑ))|var(G)→ τ0(X)(G), where→ denotes the logical implication.

2. By Corollary A.1, for any substitutionϑ such thatdom(ϑ)⊆ x and for any renamingρ,ρ−1ϑρ = {xρ/tρ | x/t ∈ ϑ}. Then0(ρ−1ϑρ) = 0(ϑ)ρ and therefore

(0(ρ−1ϑρ))|xρ = ((0(ϑ))|x)ρ. (A.7)

3. By using the same arguments of the proof of Example 3.1, for any pair of pureA-collectionsX, X′ ∈ CAca, X ≡Aca X′ if an only if for any p(x)∈Goals, there exists a renamingρ such that, ifX(p(x)) is defined, thenX′(p(x)ρ) is defined and, for anyϑ ∈ X(p(x)), there existsϑ ′ ∈ X′(p(x)ρ)such thatp(x)ϑ ≡ p(x)ρϑ ′ and vice versa. Then, by definition of renaming,p(x)ρρ−1ϑρ ≡ p(x)ρϑ ′

and therefore, by Lemma A.7 and by (A.7), (0(ϑ ′))|xρ = (0(ρ−1ϑρ))|xρ = ((0(ϑ))|x)ρ. Then, bydefinition ofτ0, X ≡Aca X′ implies that, for anyp(x) ∈ Goalsthere exists a renamingρ such that, ifX(p(x)) is defined, thenX′(p(x)ρ) is defined andτ0(X′)(p(x)ρ) = (τ0(X)(p(x))))ρ.

Now let X, X′ ∈ CAca be two pureA-collections such thatX ≡Aca X′. By definition of≡Aca andby Point 3, it is sufficient to prove that, for any goalp(x) such thatτ γ0 τ0(X)(p(x)) is defined, there


exists a renamingρ such thatτ γ0 τ0(X′)(p(x)ρ) is defined and, for anyϑ ∈ τ γ0 τ0(X)(p(x)), there existsϑ ′ ∈ τ γ0 τ0(X′)(p(x)ρ) such thatp(x)ϑ ≡ p(x)ρϑ ′. Then the thesis follows by symmetry.

Let p(x) ∈ Goalssuch thatτ γ0 τ0(X)(p(x)) is defined. By definition ofτ0, X(p(x)) is also defined.Then, by Point 3 and since (by hypothesis)X ≡Aca X′, there exist a renamingρ such thatX′(p(x)ρ) isdefined and

τ0(X′)(p(x)ρ) = (τ0(X)(p(x)))ρ. (A.8)

By definition of τ0 and since X′(p(x)ρ) is defined, τ γ0 τ0(X′)(p(x)ρ) is also defined. ByCorollary A.1, ρ−1ϑρ is idempotent and, sinceϑ ∈ τ γ0 τ0(X)(p(x)), dom(ρ−1ϑρ)= dom(ϑ)ρ⊆var(p(x)ρ). Then to prove the thesis it is sufficient to prove thatρ−1ϑρ ∈ τ γ0 τ0(X′)(p(x)ρ).

By Point 1 and sinceϑ ∈ τ γ0 τ0(X)(p(x)), (0(ϑ))|x→ τ0(X)(p(x)) and therefore, by Point 2 and(A.8), (0(ρ−1ϑρ))|xρ = ((0(ϑ))|x)ρ → (τ0(X)(p(x)))ρ = τ0(X′)(p(x)ρ). Then, by Point 1,ρ−1ϑρ ∈τγ

0 τ0(X′)(p(x)ρ) and then the thesis.(abstract operations) Let·ξ be the abstract instantiation operation corresponding to theξ observ-

able. The abstract instantiation w.r.t.ψ can be defined in terms ofτ0 and·ξ sinceA · X=ψ(A ·ψγ (X)) =τ0ξ (A · ξγ τ γ0 (X)) = τ0(A ·ξ τ γ0 (X)). Hence the definition of the abstract operation can be computed interms of the corresponding operations onAca, which have been already computed in Section 6.1. Thesame holds for

∑, × andx.

We prove only the correctness of ˜·. The proof of the correctness of× is analogous, while the proofof the correctness of

∑is straightforward.

First of all note that the following facts hold.

1. By definition of τ0, a substitutionσ ∈ τ γ0 (X)(A′) if and only if dom(σ)⊆ var(A′) and(0(σ ))|var(A′) → X(A′). Then, since (by definition ofτ0) var(X(A′)) ⊆ var(A′), 〈H,2′〉 is a renamedversion of〈A′, τ γ0 (X)(A′)〉 if and only if 〈H, F ′〉 is a renamed version of〈A′, X(A′)〉 andϑ ′ ∈ 2′ if andonly if dom(ϑ′) ⊆ var(H ) and (0(ϑ ′))|var(H ) → F ′. Moreover, ifF1→ F ′ andvar(F1) ⊆ var(H ), thenthere exists a substitutionϑ ′ such that (0(ϑ ′))|var(H ) = F1 and therefore, by definition ofτ γ0 , ϑ

′ ∈ 2′.2. LetH be an atom andδ, ϑ ′ be idempotent substitutions such thatdom(δ)⊆ var(H ), var(Hδ)∩

var(Hϑ ′)=∅ and there existsϑ = (mgu(Hδ, Hϑ ′))|Hδ. Then, by definition of0, (0(ϑ))|var(Hδ)=((0(ϑ ′))|var(H) ∧ 0(δ))|var(Hδ).

3. Let x be variables and{Fi }i∈I be a set of formulas such that⋃

i∈I (var(Fi )) is a finite set ofvariables. Then, by a straightforward inductive argument oncard(

⋃i∈I (var(Fi ))\{x}),

∨i∈I (Fi |x) =

(∨

i∈I Fi )|x.Now we can prove that the ˜· operation is correctly defined.

A · X[by the first observation and by definition ofτ0]

= φ[F/

A]

whereF =∨{(0(ϑ))|var(A) | 〈H,2′〉 is renamed apart (fromA) version of

〈A′, τ γ0 (X)(A′)〉,for someA′ ≤ A, ϑ ′ ∈2′, there existsδ s.t. A= Hδ andϑ = (mgu(A, Hϑ ′))|var(A)},

[by points 1 and 2 and sinceA = Hδ]

= φ[F/

A]

whereF =∨{F ′′|〈H, F ′〉 is renamed apart (fromA) version of〈A′, X(A′)〉, for some

A′ ≤ A, Fi → F ′, var(Fi ) ⊆ var(H ), there existsδ s.t. A = Hδ, dom(δ) ⊆ var(H ) andF ′′ =(Fi ∧ 0(δ))|var(A)},

[by logic properties]

= φ[F/

A]

whereF =∨{F ′′ | 〈H, F ′〉 is renamed apart (fromA) version of〈A′, X(A′)〉, for some

A′ ≤ A, there existsδ s.t. A = Hδ, dom(δ) ⊆ var(H ) andF ′′ =∨Fi→F ′,var(Fi )⊆var(H )(Fi

∧0(δ))|var(A)},


[by Point 3 and since∧ is distributive on∨]

= φ[F/

A]

whereF =∨{F ′′ | 〈H, F ′〉 is renamed apart (fromA) version of〈A′, X(A′)〉, for some

A′ ≤ A, there existsδ s.t. A = Hδ, dom(δ) ⊆ var(H ) andF ′′ = ((∨

Fi→F ′,var(Fi )⊆var(H ) Fi )

∧0(δ))|var(A)},[sincevar(F ′) ⊆ var(H ) and by logical properties]

= φ[F/

A]

whereF =∨{F ′′|〈H, F ′〉 is renamed apart (fromA) version of〈A′, X(A′)〉, for some

A′ ≤ A, there existsδ s.t. A = Hδ, dom(δ) ⊆ var(H ) andF ′′ = (F ′ ∧ 0(δ))|var(A)}.

(ψ is a semi-denotational observable) Let A ∈ Atoms,D′, D′′ ∈ C, D ∈ UC,G ∈ Goalsandlet {D j } j∈J ⊆ UC be a chain. First of all note that, for any goalG,

ψ(IdI) = λp(x). falseandψ(φG) = φ[ false/

G

]. (A.9)


Axiom (40). The proof is straightforward by observing that∧ is left/right distributiveon∨.

Axiom (41). By (A.9) and by definition of abstract operators,ψ(A · ψγψ(IdI)) = A · ψ(IdI) =ψ(φA) = ψ(A · IdI).

Axioms (42), (44),and(48). We prove thatψ(ψγψ(D′) xψγψ(D′′)) = ψ(ψγψ(D′) x D′′). Wehave two cases.∃B ∈ Goals,d′′ ∈ D′′(B). B 6= ¤ and last (d′′) = ¤) First of all observe that for any goal

G, ψ(ψγψ(D′) xψγψ(D′′))(G) is defined if and only ifψ(ψγψ(D′) x D′′)(G) is defined if and onlyif D′(G) is defined.

Now, let us consider a goalG = p1(t1), . . . , pn(tn) such thatD′(G) is defined. By definition ofψ ,

the derivationd = G{x1/t1}−−−→p1(x1)

· · · {xn/tn}−−−−→pn(xn)←B′

B′ ∈ ψγψ(D′), whereB′ is a renamed version ofB, such that

var(B′) ∩ var(G) = ∅.Then, by definition ofx, the derivationd :: d′ ∈ (ψγψ(D′) x D′′)(G), whered′ is a renamed apart(w.r.t. d) version ofd′′, and it is easy to check thatlast(d :: d′) = ¤ andanswer(d :: d′) = ε. More-over, sinceD′′ v ψγψ(D′′),d :: d′ ∈ (ψγψ(D′) xψγψ(D′′))(G).

Then, by definition ofψ , for anyG ∈ Goalssuch thatD′(G) is defined,ψ(ψγψ(D′) xψγψ(D′′))(G) = true= ψ(ψγψ(D′) x D′′)(G) and then the thesis.∀B ∈ Goals.6 ∃d′′ ∈ D′′(B). B 6= ¤and last(d′′) = ¤) By definition ofψ , for any B ∈ Goals

there is nod′ ∈ ψγψ(D′′)(B) such thatlast(d′) = ¤. Then, by definition ofψ,ψ(ψγψ(D′) xψγψ

(D′′)) = ψ(D′) = ψ(ψγψ(D′) x D′′).

Axiom (43). By (A.9) and by definition ofψ,ψ(ψγψ(D′)×ψγψ(φG)) = ψ(D′) ×ψ(φG) = λG′.falsewhereG′ = (G1,G) andψ(D′)(G1) is defined. Now, the proof is straightforward by definition of×, ψ and×.

Axiom (45). We prove thatψγψ(∑{Dj } j∈J) = ∑{ψγψ(Dj )} j∈J . The proof of the inequal-

ity w is straightforward by (30) and sinceψγψ is extensive. Now, we prove the other inequal-ity. Let G ∈ Goals such thatψγψ(

∑{Dj } j∈J)(G) is defined. By definition ofψ and∑

and by(30), ψ(

∑{Dj } j∈J)(G) = ∨{ψ(Dj )(G)} j∈J . Now observe that, by definition ofψ , for any j ∈J, var(ψ(Dj )(G)) ⊆ var(G) and thereforeψ(Dj )(G) is (equivalent to) a finite formula. Moreover,since{Dj } j∈J is a chain,{ψ(Dj )(G)} j∈J is also a chain (ordered by logical implication). Since for anyj ∈ J, var(ψ(Dj )(G)) ⊆ var(G), the chain{ψ(Dj )(G)} j∈J is finite and therefore, there existsi ∈ Jsuch thatψ(Di )(G) =∨{ψ(Dj )(G)} j∈J . Since the previous result holds for anyG ∈ Goals, the thesisfollows by definition of

∑andψγ .

Other Axioms. The proof thatψ satisfies Axioms (46) and (47) is analogous to the proof of Axioms(42), (44) and (48). By using the same argument,ψ(ψγ ψ(D′′) x su(ψγψ(D)))= ψ(ψγψ(D′′) xψγψ


(su(ψγψ(D)))) = ψ(D′′) xψ(su(ψγψ(D))), where the last equality follows by definition of abstractoperators. Now, by defintion ofψ ,

ψ(D′′) xψ(su(ψγψ(D))) ={λG. true |D′′(G) def if ∃G′,d′ ∈ su(ψγψ(D))(G′). last(d′) = ¤ψ(D′′) otherwise

whereλG. true |D′′(G)def denotes the function which, on inputG, assumes the valuetrue if D′′(G) isdefined and is otherwise undefined. Moreover,

ψγψ(D′′) x su(ψγψ(D)) ={λG. SG|D′′(G) def if ∃G′,d′ ∈ su(ψγψ(D))(G′). last(d′) = ¤ψγψ(D′′) otherwise

where, for anyG, there existsd ∈ SG, such thatlast (d) = ¤ andanswer(d) = ε.Now, the proof follows by definition of the abstract operators andψ . ¥

Proof of Section 7.2. We have to prove several facts.(κ is an observable) The proof that there existsτ γκ (X) := λG. {(ϑσ )|G|ϑ ∈ X(G), σ ∈

Subst(V → T)} such that〈τk, τγ

k 〉 : Aca ↽⇀ Ak

is a Galois insertion, is straightforward by definition

of τk. Then, we can defineκγ : Ak

→ C asκγ = ξγ ◦ τ γk . It is easy to check thatκ is the lifting of the

domain abstractionκ. Moreoverκ maps finite elements to finite elements.As was the case for Section 7.1 we have only to prove that, for any pair of pureA-collections

X, X′ ∈ CAca, X ≡Aca X′ =⇒ τγ

k τk(X) ≡Aca τγ

k τk(X′), i.e., that, for anyϑ ∈ τ γk τk(X)(p(x)), thereexistsϑ ′ ∈ τ γk τk(X′)(p(y)) such thatp(x)ϑ ≡ p(y)ϑ ′. By τ γk , τk definition there must be a substitutionϑ ∈ X(p(x)) identical toϑ except for any sub-term rooted at depthk. Moreover (by hypothesis)there must be a substitutionϑ ′ ∈ X′(p(y)) such thatp(x)ϑ ≡ p(y)ϑ ′. Now we can easily build asubstitutionϑ ′ ∈ τ γk τk(X′)(p(y)), identical toϑ ′ except for any sub-term rooted at depthk, such thatp(x)ϑ ≡ p(y)ϑ ′.

(abstract operations) As was the case for Section 7.1 the definition of the abstract operations canbe computed in terms of the corresponding operations onAca, which have been already computed inSection 6.1.

Consider the ˜· operation and letX′ := φ[2/A], where2 := {ϑ k | 〈H,2′〉 is a renamed apart (fromA) version of〈A′, X(A′)〉, for someA′ ≤ A, ϑ ′ ∈ 2′, ϑ = mgu(A, Hϑ ′)|A}. It suffices to prove thatX′ = τk(A ·ξ τ γk (X)), sinceA · X = τk(A ·ξ τ γk (X)) = κ(A · κγ (X)).

The inclusionX′ ⊆ τk(A ·ξ τ γk (X)) is straightforward, since we can map eachdepth(k) substitution toa concrete one by mapping each variable ofV with a fresh variable ofV . To prove the other inclusion,let 〈H,2′′〉 be a renamed apart (fromA) version of〈A′, τ γk (X)(A′)〉 andϑ ′′ ∈ 2′′ such that there existsmgu(A, Hϑ ′′). Then there exists〈H,2′′′〉, renamed apart (fromA) version of〈A′, X(A′)〉, ϑ ′′′ ∈ 2′′andσ : V → T such thatϑ ′′ = (ϑ ′′′σ )|A and there existsmgu(A, Hϑ ′′′). By the properties ofk,

(mgu(A, Hϑ ′′′)|A) k = (mgu(A, Hϑ ′′′σ )|A) k = (mgu(A, Hϑ ′′)|A) k. Hence, (mgu(A, Hϑ ′′′)|A) k ∈X′, because themguconstruction can build substitutions with domain inV ∪ V , but the restriction onthe variables ofA confinesdom(ϑ) in V .

An analogous argumentation holds for the× operation and the substitutionϑ = (ϑ1 ◦ mgu(G2ϑ1,

G2ϑ2))|G.(κ is a semi-denotational observable) Let A ∈ Atoms,D′, D′′ ∈ C, D ∈ UC,G ∈ Goalsand

{D j } j∈J ⊆ UC be a chain. In the following we denote bySubst|G ⊆ Subst(Substk|G ⊆ Substk) theset of all the substitutionϑ , such thatdom(ϑ) ⊆ var (G).

First of all note that, for any goalG,

κ(IdI) = λp(x). ∅ andκ(φG) = φ[∅/G]. (A.10)


Axiom (40). Immediate.


Axiom (41). By (A.10) and by definition of abstract operators,κ(A · κγ κ(IdI)) = A · κ(IdI) =κ(φA) = κ(A · IdI).

Axioms(42), (44),and (48). We prove thatκ(κγ κ(D′) x κγ κ(D′′)) = κ(κγ κ(D′) x D′′). We havetwo cases.∃B ∈ Goals,d′′ ∈ D′′(B). B 6= ¤and last(d′′) = ¤) First of all observe that for any goal

G, κ(κγ κ(D′) x κγ κ(D′′))(G) is defined if any only ifκ(κγ κ(D′) x D′′)(G) is defined if and only ifD′(G) is defined.

Now, let us consider a goalG such thatD′(G) is defined. By definition ofκ, for any substitutionϑ ∈ Subst|G, there exists a derivationd ∈ κγ κ(D′), such thatlast(d) = B′, answer(d) = ϑ andB′ isa renamed version ofB, such thatvar(B′) ∩ var(G) = ∅. Then, by definition ofx, for any substitutionϑ ∈ Subst|G, there exists a derivationd :: d′ ∈ (κγ κ(D′) x D′′)(G), whered′ is a renamed apart (w.r.t.d)version ofd′′, such thatanswer(d :: d′)=ϑ andlast(d :: d′)=¤. Moreover, sinceD′′ v κγ κ(D′′),d ::d′ ∈ (κγ κ(D′) x κγ κ(D′′))(G)

Then, by definition ofκ, for anyG ∈Goalssuch thatD′(G) is defined,κ(κγ κ(D′) x κγ κ(D′′))(G) =Substk|G = κ(κγ κ(D′) x D′′) and then the thesis.∀B ∈ Goals. 6 ∃d′′ ∈ D′′(B) . B 6=¤and last(d′′)=¤). By definition ofκ, for anyB∈Goalsthere is

nod′ ∈ κγ κ(D′′)(B) such thatlast(d′)=¤. Then, by definition ofκ, κ(κγ κ(D′) x κγ κ(D′′)) = κ(D′) =κ(κγ κ(D′) x D′′).

Axiom(43). By (A.10) and by definition ofκ, κ(κγ κ(D′) × κγ κ(φG)) = κ(D′) × κ(φG) = λG′.φ whereG′ = (G1,G) andκ(D′)(G1) is defined. Now, the proof is straightforward by definition of×, κ and×.

Axiom(45). We prove thatκγ κ(∑{Dj } j∈J) = ∑{κγ κ(Dj )} j∈J . The proof of the inequalityw is

straightforward by (30) and sinceκγ κ is extensive. Now we prove the other inequality. LetG ∈ Goalssuch thatκγ κ(

∑{Dj } j∈J)(G) is defined. By definition ofκ and of∑

and by (30),

κ(∑{Dj } j∈J

)(G) =

⋃{κ(Dj )(G)} j∈J .

Now, observe that, by definition of⋃

, for anyϑ ∈ κ(∑{Dj } j∈J)(G) there existsi ∈ J such that

ϑ ∈ κ(Di )(G). Since the previous result holds for anyG∈Goals, the thesis follows by definition of∑

andκγ .

Other Axioms. The proof thatκ satisfies Axioms (46) and (47) is analogous to the proof ofAxioms (42), (44) and (48). By using the same argument, we have thatκ(κγ κ(D′′) x su(κγ κ(D)))=κ(κ(D′′) x κγ κ(su(κγ κ(D)))) = κ(D′′) x κ(su(κγ κ(D))), where the last equality follows by definitionof abstract operators. Now, by definition ofκ,

κ(D′′) x κ(su(κγ κ(D))) ={λG. (Substk|G)|D′′(G) def if ∃G′,d′ ∈ su(κγ κ(D))(G′). last(d′) = ¤κ(D′′) otherwise

whereλG. S|X(G) def denotes the function which, on inputG, assumes the valueS if X(G) is definedand is otherwise undefined. Moreover,

κγ κ(D′′) x su(κγ κ(D)) ={λG. (Subst|G)|D′′(G)def if ∃G′,d′ ∈ su(κγ κ(D))(G′). last(d′) = ¤κγ κ(D′′) otherwise

Now, the proof follows by definition of abstract operators and ofκ. ¥

ACKNOWLEDGMENTS

We thank Paolo Volpe for his help in finding and solving some tricky errors in a preliminary version of the paper. We alsothank one of the referees for his suggestions, which helped clarify some properties and the presentation of the paper.


REFERENCES

1. Amato, G., and Levi, G. (1997), Properties of the lattice of observables in logic programming,in “Proceedings of theAPPIA-GULP-PRODE’97 Joint Conference on Declarative Programming” (M. Falaschi and M. Navarro, Eds.).

2. Apt, K. R. (1990), Introduction to logic programming,in “Handbook of Theoretical Computer Science,” Vol. B, “FormalModels and Semantics” (J. van Leeuwen, Ed.), pp. 495–574, Elsevier MIT Press, Cambridge, MA.

3. Armstrong, T., Marriott, K., Schachte, P., and Søndergaard, H. (1994), Boolean functions for dependency analysis: Algebraicproperties and efficient representation,in “Proceedings of Static Analysis Symposium, SAS’94” (B. Le Charlier, Ed.), LectureNotes in Computer Science, Vol. 864, pp. 266–280, Springer-Verlag, New York/Berlin.

4. Barbuti, R., Giacobazzi, R., and Levi, G. (1993), A general framework for semantics-based bottom-up abstract interpretationof logic programs,ACM Trans. Programming Languages and Systems15(1), 133–181.

5. Bossi, A., Gabbrielli, M., Levi, G., and Martelli, M. (1994), Thes-semantics approach: Theory and applications,J. LogicProgramming19/20, 149–197.

6. Bossi, A., Gabbrielli, M., Levi, G., and Meo, M. C. (1994), A compositional semantics for logic programs,Theoret. Comput.Sci.122(1/2), 3–47.

7. Bruynooghe, M. (1991), A practical framework for the abstract interpretation of logic programs,J. Logic Programming10(2),91–124. [Revised version of K.U.L. Tech. Rep. CW-62, 1987].

8. Clark, K. L. (1979), Predicate logic as a computational formalism, Res. Rep. DOC 79/59, Imperial College, Dept. ofComputing, London.

9. Codish, M., Dams, D., and Yardeni, E. (1994), Bottom-up abstract interpretation of logic Porgrams,Theoret. Comput. Sci.124(1), 93–125.

10. Comini, M., and Levi, G. (1994), An algebraic theory of observables,in “Proceedings of the 1994 International Symposiumon Logic Programming,” (M. Bruynooghe, Ed.), pp. 172–186, The MIT Press, Cambridge, MA.

11. Comini, M., Levi, G., and Meo, M. C. (1995), Compositionality of SLD-derivations and their abstractions,in “Proceedingsof the 1995 International Symposium on Logic Programming” (J. Lloyd, Ed.), pp. 561–575, The MIT Press, Cambridge.

12. Comini, M., Levi, G., Meo, M. C., and Vitiello, G. (1996), Proving properties of logic programs by abstract diagnosis,in “Analysis and Verification of Multiple-Agent Languages, 5th LOMAPS Workshop” (M. Dams, Ed.), Lecture Notes inComputer Science, Vol. 1192, pp. 22–50, Springer-Verlag, New York/Berlin.

13. Comini, M., Levi, G., Meo, M. C., and Vitiello, G. (1999), Abstract diagnosis,J. Logic Programming39(1–3), 43–93.14. Comini, M., Levi, G., and Vitiello, G. (1995), Declarative diagnosis revisited,in “Proceedings of the 1995 International

Symposium on Logic Programming” (J. Lloyd, Ed.), pp. 275–287, The MIT Press, Cambridge.15. Comini, M., and Meo, M. C. (1999), Compositionality properties of SLD-derivations,Theoret. Comput. Sci.211(1/2), 275–

309.16. Cortesi, A., File, G., and Winsborough, W., Prop revisited: Propositional formula as abstract domain for groundness analysis,

in “Proceedings of Sixth IEEE Symposium on Logic in Computer Sciences,” pp. 322–327, IEEE Computer Society Press,1991.

17. Cousot, P., and Cousot, R. (1977), Abstract interpretation: A unified lattice model for static analysis of programs by construc-tion or approximation of fixpoints,in “Proceedings of Fourth ACM Symposium on Principles of Programming Languages,”pp. 238–252, ACM.

18. Cousot, P., and Cousot, R. (1979), Systematic design of program analysis frameworks,in “Proceedings of Sixth ACMSymposium on Principles of Programming Languages,” pp. 269–282, ACM.

19. Cousot, P., and Cousot, R. (1994), Higher-order abstract interpretation (and application to comportment analysis generalizingstrictness, termination, projection and PER analysis of functional languages),in “Proceedings of the IEEE InternationalConference on Computer Languages (ICCL’94),” pp. 95–112, IEEE Computer Society Press.

20. Dams, D., Gerth, R., and Grumberg, O. (1997), Abstract interpretation of reactive systems,ACM Trans. ProgrammingLanguages and Systems19(2), 253–291.

21. Eder, E. (1985), Properties of substitutions and unification,J. Symbolic Comput.1, 31–46.22. Falaschi, M., and Levi, G. (1990), Finite failures and partial computations in concurrent logic languages,Theoret. Comput.

Sci.75, 45–66.23. Falaschi, M., Levi, G., Martelli, M., and Palamidessi, C. (1989), Declarative mdoeling of the operational behavior of logic

languages,Theoret. Comput. Sci.69(3), 289–318.24. Ferrand, G. (1987), Error diagnosis in logic programming, an adaptation of E. Y. Shapiro’s method,J. Logic Programming

4, 177–198.25. File, G., Giacobazzi, R., and Ranzato, F. (1996), A unifying view on abstract domain design,ACM Computing Surveys28(2),

333–336.26. Gabbrielli, M., and Giacobazzi, R. (1994), Goal independency and call patterns in the analysis of logic programs,in “Pro-

ceedings of the Ninth ACM Symposium on Applied Computing,” (F. Deaton, D. Oppenheim, J. Urban, and H. Berghel, Eds.),pp. 394–399, ACM Press.

27. Gabbrielli, M., Levi, G., and Meo, M. C. (1995), Observable behaviors and equivalences of logic programs,Inform. andComput.122(1), 1–29.

28. Gabbrielli, M., Levi, G., and Meo, M. C. (1996), Resultants semantics for PROLOG,J. Logic and Comput.6(4), 491–521.29. Gabbrielli, M., and Meo, M. C. (1992), Fixpoint semantics for partial computed answer substitutions and call patterns,in

“Algebraic and Logic Programming, Proceedings of the Third International Conference” (H. Kirchner and G. Levi, Eds.),Lecture Notes in Computer Science, Vol. 632, pp. 84–99, Springer-Verlag, New York/Berlin.

30. Gaifman, H., and Shapiro, E. (1989), Fully abstract compositional semantics for logic programs,in “Proceedings of SixteenthAnnual ACM Symposium on Principles of Programming Languages,” pp. 134–142, ACM Press.


31. Giacobazzi, R. (1996), “Optimal” collecting semantics for analysis in a hierarchy of logic program semantics,in “Proceedingsof 13th International Symposium on Theoretical Aspects of Computer Science (STACS’96),” (C. Puech and R. Reischuk,Eds.), Lecture Notes in Computer Science, Vol. 1046, pp. 503–514, Springer-Verlag, New York/Berlin.

32. Giacobazzi, R., Debray, S. K., and Levi, G. (1995), Generalized semantics and abstract interpretation for constraint logicprograms,J. Logic Programming25(3), 191–247.

33. Giacobazzi, R., and Ranzato, F. (1995), Functional dependencies and Moore-set completions of abstract interpretationsand semantics,in “Proceedings of the 1995 International Symposium on Logic Programming (ILPS’95)” (J. Lloyd, Ed.),pp. 321–335, The MIT Press, Cambridge, MA.

34. Giacobazzi, R., Ranzato, F., and Scozzari, F. (2000), Making abstract interpretations complete,J. Assoc. Comput. Mach.47(2), 361–416.

35. Giacobazzi, R., and Scozzari, F. (1997), Intuitionistic implication in abstract interpretation,in “Proceedings of Ninth Inter-national Symposium on Programming Languages, Implementations, Logics and Programs PLILP’97” (H. Glaser, P. Hartel,and H. Kuchen, Eds.), Lecture Notes in Computer Science, Vol. 1292, pp. 175–189, Springer-Verlag, New York/Berlin.

36. Gori, R. (1999), A fixpoint semantics for reasoning about finite failure,in “Proceedings of 6th International Conference onLogic for Programming and Automated Reasoning” (H. Ganzinger, D. McAllester, and A. Voronkov, Eds.), Lecture Notesin Artificial Intelligence, Vol. 1705, pp. 238–257, Springer-Verlag, New York/Berlin.

37. Gori, R., and Levi, G. (1999), On the verification of finite failure,in “Proceedings of the International Conference onPrinciples and Practice of Declarative Programming” Lecture Notes in Computer Science, pp. 311–327, Springer-Verlag,New York/Berlin.

38. Kemp, R. S., and Ringwood, G. A. (1990), An algebraic framework for the abstract interpretation of logic programs,in“Proceedings of North American Conference on Logic Programming’90” (S. K. Debray and M. Hermenegildo, Eds.), pp.506–520, The MIT Press, Cambridge, MA.

39. Kemp, R. S., and Ringwood, G. A. (1994), Reynolds base, clark models and heyting semantics of logic programs,in “ICLP’94Post-conference Workshop on Proof-Theoretical Extensions of Logic Programming” (R. Momiglianoet al., Ed.).

40. Lassez, J. L., Maher, M. J., and Marriott, K. (1988), Unification revisited, in “Foundations of Deductive Databases and LogicProgramming” (J. Minker, Ed.), pp. 587–625, Morgan Kaufmann, Los Altos, CA.

41. Le Charlier, B., Rossi, S., and Van Hentenryck, P. (1994), An abstract interpretation framework which accurately handlesPROLOG search rule and the cut,in “Proceedings of the 1994 International Symposium on Logic Programming” (M.Bruynooghe, Ed.), pp. 157–171, The MIT Press, Cambridge MA.

42. Levi, G., and Volpe, P. (1998) Derivation of proof methods by abstract interpretation,in “Principles of Declarative Pro-gramming. 10th International Symposium, PLILP’98” (C. Palamidessi, H. Glaser, and K. Meinke, Eds.), Lecture Notes inComputer Science, Vol. 1490, pp. 102–117, Springer-Verlag, New York/Berlin.

43. Lloyd, J. W. (1987), “Foundations of Logic Programming,” New York/Berlin, 2nd Ed., Springer-Verlag.44. Marriott, K., and Søndergaard, H. (1993), Precise and efficient groundness analysis for logic porgrams,ACM Lett. Program-

ming Languages and Systems2(1–4), 181–196.45. Moreno, R. (1999), Abstracting properties in concurrent constraint programming,in “Logic for Programming and Automated

Reasoning. Proceedings of the 6th Intenational Conference LPAR’99” (H. Ganziger, D. McAllester, and A. Voronkov, Eds.),Lecture Notes in Artificial Intelligence, Vol. 1705, pp. 223–237, Springer-Verlag, New York/Berlin.

46. Mycroft, A. (1993), Completeness and predicate-based abstract interpretation,in “Proceedings of the ACM Symposium onPartial Evaluation and Program Manipulation (PEPM’93),” pp. 179–185, ACM Press, New York.

47. Scozzari, F. (1997), Logical optimality of groundness analysis,in “Proceedings of International Static Analysis Sympo-sium, SAS’97” (P. Van Hentenryck, Ed.), Lecture Notes in Computer Science, Vol. 1302, pp. 83–97, Springer-Verlag, NewYork/Berlin.

48. Spoto, F. (2000), Operational and goal-independent denotational semantics for PROLOG with cut,J. Logic Programming42(1), 1–46.

49. Spoto, F., and Levi, G. (1999), Abstract interpretation of PROLOG programs,in “Proceedings of the 7th InternationalConference on Algebraic Methodology and Software Technology, AMAST’98” (A. M. Haeberer, Ed.), Lecture Notes inComputer Science, Vol. 1548, pp. 455–470, Springer-Verlag, New York/Berlin.

50. Tamaki, H., and Sato, T. (1984), Unfold/fold transformations of logic programs,in “Proceedings of Second InternationalConference on Logic Proramming” (S.-A. Tarnlund, Ed.), pp. 127–139.

51. Volpe, P. (1998), A first-order language for expressing aliasing and type properties of logic programs,in “Static Analysis,Proceedings of the 5th International Symposium, SAS’98” (G. Levi, Ed.), Lecture Notes in Computer Sciences, Vol. 1503,pp. 184–199, Springer-Verlag, New York/Berlin.

52. Wolfram, D. A., Maher, M. J., and Lassez, J. L. (1984), A unified treatmente of resolution strategies for logic programs,in“Proceedings of Second International Conference on Logic Programming” (S.-A. Tarnlund, Ed.), pp. 263–276.

Documents

A Theory of Observables for Logic Programs · 2016. 12. 28. · Marco Comini and Giorgio Levi Dipartimento di Informatica, Universita di Pisa, Corso Italia 40, 56125 Pisa, Italy`