ScienceDirect - Information and Computation : Pair-independence and freeness analysis through linear refinement

Information and Computation
Volume 182, Issue 1, 10 April 2003, Pages 14-52

Font Size:

Article - selected

Figures/Tables

References

PDF (415 K)

Thumbnails - selected | Full-Size Images

E-mail Article

Add to my Quick Links

Bookmark and share in 2collab (opens in new window)

Request permission to reuse this article

Cited By in Scopus (0)

Related Articles in ScienceDirect

Optimality and condensing of information flow through l...
Theoretical Computer Science

View More Related Articles

View Record in Scopus

doi:10.1016/S0890-5401(02)00048-2

Pair-independence and freeness analysis through linear refinement

Giorgio Levi^,^a and Fausto Spoto ^,^,^b

^a Dipartimento di Informatica, Via F. Buonarroti 2, 56127, Pisa, Italy ^b Dipartimento di Informatica, Strada Le Grazie, 15, 37134 Ca’ Vignal, Verona, Italy

Received 29 May 2001.

Available online 25 February 2003.

Abstract

Linear refinement is a technique for systematically constructing more precise abstract domains for program analysis starting from the basic domain which represents just the property of interest. We use here linear refinement to construct a domain for pair-independence and freeness analysis of logic programs which is strictly more precise than Jacobs and Langen’s domain for sharing analysis endowed with freeness information. Moreover, it can be used for abstract compilation, while Jacobs and Langen’s domain can only be used for abstract interpretation. We provide an approximate representation of our domain and algorithms for the abstract operations. We describe an implementation of an analyser which uses abstract compilation over our domain and its evaluation over a set of benchmarks. This shows that its precision is comparable to that of a traditional sharing and freeness analysis performed through abstract interpretation. To the best of our knowledge, this is the first implementation of a sharing analysis based on abstract compilation, as well as the first implementation of a static analysis based on a new domain developed through linear refinement.

Article Outline

1. Introduction
2. Related work
3. Preliminaries 3.1. Terms, substitutions, and Herbrand constraints 3.2. The s-semantics 3.3. Abstract interpretation 3.4. Abstract compilation 3.5. Goal-independence 3.6. Linear refinement
4. Pair-independence analysis
5. Freeness analysis
6. Linear refinement revisited
7. Pair-independence and freeness
8. A representation 8.1. The data structure 8.2. The abstract operators
9. Abstraction 9.1. The abstraction of a single binding 9.2. The abstraction of a set of bindings
10. Implementation 10.1. Normalisation 10.2. Abstraction 10.3. Fixpoint computation 10.4. Reduction rules 10.5. Improving the efficiency 10.6. The result of the analysis
11. Experimental evaluation
12. Conclusions
Acknowledgements
Appendix A. Proofs of Section 4
Appendix B. Proofs of Section 8
Appendix C. Proofs of Section 9
Appendix D. Proofs of Section 10
References

1. Introduction

This paper is concerned with the systematic design, by means of linear refinement, of a new abstract domain for two important properties of logic programs, i.e., pair-independence and freeness. Pair-independence analysis [4 and 38] is concerned with determining at compile-time a superset of the set of pairs of variables which, in a given program point, can be bound at run-time to two terms which share some variable. It is a particular case of set-(in)dependence analysis, also called sharing analysis [6, 7, 28, 29, 30, 31 and 36]. In set-independence analysis, not only pairs but sets of variables are considered. (In)dependence analysis is useful for avoiding occur-check [38] and for automatic program parallelisation [28 and 36]. As stressed in [4], pair-(in)dependence information is actually needed in program analysis and transformation, and set-(in)dependence information is redundant w.r.t. pair-(in)dependence information.

Freeness analysis [6, 7, 10, 11, 27, 30 and 36] is concerned with determining at compile-time a subset of variables which are guaranteed to be bound at run-time to some variable in a given program point. Freeness analysis is useful for optimising unification, for goal reordering, for avoiding type checking and, again, in automatic program parallelisation. It is well known that performing sharing and freeness analysis in conjunction improves the precision of both [28 and 36].

Linear refinement [24] is a technique for systematically constructing abstract domains for program analysis. Given a basic abstract domain representing just the property of interest and a concrete operation (which, since we are considering logic programs, is usually unification) a new more accurate domain is constructed. The new domain leads to more precise abstract operations.

The first contribution of this paper is the definition, through abstract interpretation [16 and 17] and linear refinement, of a new domain for pair-independence and freeness. The use of linear refinement for the definition of our domain, differently from the Sharing×Free domain [28 and 36], leads to simple and general definitions and proofs. It is worth noting that the original correctness proof for the domain Sharing is very complex and uses a large part of Langen’s PhD thesis [31]. We also show, within the linear refinement framework, why and how independence information interacts with freeness information. An important feature of our domain is that it can be used for abstract compilation [22 and 26], which is an application of abstract interpretation where, rather than computing the abstract denotation of a program by executing its concrete code over abstract data, the code itself is abstracted and replaced by abstract code, where concrete data structures are replaced by their abstraction. As a consequence, the computation of the abstract denotation can be achieved by the same algorithm used in the concrete computation.

The second contribution is the design of a computationally feasible representation of our domain, together with algorithms for computing an approximation of the concrete operations. Since this approximation can reduce the theoretical precision of our domain, we describe a prototypical analyser for pair-independence and freeness, based on abstract compilation and a fixpoint semantics. The use of a fixpoint semantics results in a goal-independent analysis. This means that the program is analysed for the most general goals only. More instantiated goals are analysed by using the analysis of the most general goals. We evaluate our analyser over a set of benchmarks. Although it is just a prototype, our evaluation shows that it is efficient enough for practical use on small benchmarks. Its precision is shown to be comparable to that of a traditional goal-dependent analysis.

To the best of our knowledge, this is the first implementation of a goal-independent sharing analysis based on abstract compilation, as well as the first implementation of a static analysis based on a new domain developed through linear refinement.

This paper is organised as follows. Section 2 discusses related works. Section 3 introduces preliminary definitions. 4 and 5 introduce two basic domains for pair-independence and freeness analysis, respectively, and show that their linear refinement does not lead to useful domains. In Section 6 we justify this result and in Section 7 we show why it is useful to combine the two analyses by using a domain which is defined as the linear refinement of the reduced product of the basic domains for pair-independence and for freeness. This domain is shown to be more precise than the domain of [28 and 36]. Section 8 defines a data structure which can be used as an approximate representation for our new domain, together with algorithms for the abstract operations. Section 9 shows an algorithm for computing the abstraction map. Section 10 describes the implementation of a prototypical analyser, and Section 11 reports its evaluation over a set of benchmarks. Finally, Section 12 draws some conclusions. Most of the proofs are kept in a separate appendix, for the convenience of the reader.

Preliminary and partial versions of this paper appeared in [1 and 33].

2. Related work

Almost all the domains developed for sharing analysis are not amenable to abstract compilation [6, 28, 29, 30, 31 and 36]. Moreover, they have been developed without using any systematic technique like linear refinement.

To the best of our knowledge, only [7 and 13] provide abstract domains for sharing analysis which can be used for abstract compilation. The domain in [13] is isomorphic to the Sharing domain of [28 and 31]. This means that, when used for abstract compilation, in order to obtain a useful precision, it must be coupled with a domain expressing further information, like freeness or linearity. This domain must in turn be amenable to abstract compilation. We do not know of any prototypical analyser implemented through their domain. The domain in [7] models sharing, freeness and groundness, but it is not developed through abstract interpretation. Instead, it uses pre-interpretations.

In the context of logic languages, linear refinement has been already used for reconstructing the domain Pos for groundness analysis [37]. Moreover, it has been used to develop new domains for type [32] and freeness analysis [27].

3. Preliminaries

3.1. Terms, substitutions, and Herbrand constraints

We denote by Weierstrass p (S) the powerset of a set S, by #S its cardinality and by _f(S) the set of all subsets of S of finite cardinality.

In this paper, we assume that is an infinite set of variables, and Σ is a set of function symbols with associated arity, containing at least a symbol of arity 0. We define terms(Σ,V) as the minimal set of terms built from V and Σ as: V subset of or equal to terms(Σ,V) and if t₁,…,t_n set membership, variant terms(Σ,V) and has arity n greater-or-equal, slanted 0, then . Let tterms(Σ,V). By vars(t) we denote the set of variables which occur in t. If vars(t)= empty set , then t is ground. It is linear if every vV occurs at most once in t. If and then V union or logical sum x means V{x} and V -45 degree rule x means V{x}. Syntactical substitution in t of x with t^′ set membership, variant terms(Σ,V) is denoted by t[x maps to t^′].

A substitution θ is a map from variables to terms. Its domain is denoted by dom(θ) and the set of variables in its range by rng(θ). The set of idempotent substitutions θ such that dom(θ) union or logical sum rng(θ) subset of or equal to V and dom(θ)∩rng(θ)= empty set is denoted by Θ_V. We write θ set membership, variant Θ_V extensionally as θ={v₁ maps to t₁,…,v_n maps to t_n}, meaning that dom(θ)={v₁,…,v_n} and θ(v_i)=t_i for every i=1,…,n. Let θΘ_V and RV. We define θ|_R(x)=θ(x) if xR and θ|_R(x)=x if xV -45 degree rule R. If tterms(Σ,V) then tθterms(Σ,V) is the term obtained by replacing every variable x in t by θ(x). Composition of substitutions θ,σ set membership, variant Θ_V is defined as (θσ)(x)=θ(x)σ for every xV. We recall that it is associative, the empty substitution var epsilon is the neutral element and, for each term t, we have t(θσ)=(tθ)σ.

The set C_V of finite sets of Herbrand equations is

C_V=

_f({t¹=t² | t¹,t² set membership, variant

terms(Σ,V)}).

Every substitution can be seen as a set of Herbrand equations. The embedding map is Eq(θ)={v=θ(v) | v set membership, variant

dom(θ)}. We hence assume that Θ_V subset of or equal to

C_V. Let c set membership, variant

C_V. We say that cθ is true if t¹θ is syntactically equal to t²θ for every (t¹=t²) set membership, variant

c. We know [35] that if there exists θ set membership, variant

Θ_V such that cθ is true, then c can be put in the normal form mgu(c) set membership, variant

Θ_V which is such that cθ is true if and only if mgu(c)θ is true. If no θ set membership, variant

Θ_V exists such that cθ is true, then mgu(c) is undefined. Note that c set membership, variant

C_V in normal form can be seen as a substitution, and hence the notations c(x) and tc are defined.

Let be an infinite set of variables disjoint from . We define the set

of existential Herbrand constraints. Here,

are called the program variables and

the existential variables. Existential variables are the unnamed variables of Prolog. For instance, the most general solution of the following Prolog clause:

is the existential Herbrand constraint

We define

sol_V(

_Wc)={θ|_V | θ set membership, variant

Θ_VW, rng(θ) subset of or equal to

V and cθ istrue}.

Hence sol_V( there exists

_Wc)=sol_V( there exists

_Wmgu(c)). For instance, if V={X,Z}, then

Full-size image

A constraint there exists _Wc is in normal form if c is in normal form. It is consistent if sol_V(_Wc)≠ empty set . Two constraints h₁,h₂ set membership, variant H_V are equivalent if sol_V(h₁)=sol_V(h₂). For instance, the constraints and are equivalent. In the following, a constraint will stand for its equivalence class. Since, as shown above, every consistent existential Herbrand constraint has an equivalent normal form, in the following we will consider only normal existential Herbrand constraints.

3.2. The s-semantics

We use H_V as the computational domain of programs. Since we will later define abstractions of H_V (Section 8), we decorate the following definitions with H_V. Once an abstraction will be defined, we just substitute it instead of H_V.

Definition 1. Let Π be a finite set of predicate symbols with associated arity. A logic program over H is a finite set of clauses

(1)

where

with n

0, {X₁,…,X_n} subset of or equal to

V are distinct and for every i=1,…,m we have G_i set membership, variant

H_V or

with

and {Y₁,…,Y_l} subset of or equal to

V distinct. The left-hand side of (1) is the head of the clause, the right-hand side is its tail. We say that the clause (1) defines the predicate p. Every predicate must be defined by at least one clause of P. If more clauses of P define the same predicate, they must use the same variables X₁,…,X_n in (1).

The s-semantics of logic programs [5] is based on a fixpoint definition over interpretations. Interpretations work over the collecting version [17] of H_V, i.e., over the lattice left angle bracket Weierstrass p (H_V),∩, union or logical sum ,H_V, empty set right-pointing angle bracket .

Definition 2. An interpretation over H is a function I which maps every to (H_{{X₁,…,X_n}}), where {X₁,…,X_n} are the variables in the head of the clauses which define p (Definition 1). The set of interpretations over H is denoted by .

Four operations over H_V, called conjunction, restriction, expansion, and renaming, respectively, are used to define the s-semantics. They are defined in Definition 3. The operation star, filled ^H_V computes the conjunction of two constraints through the normalisation procedure. The restrict and expand operations remove a variable from and add a variable to a constraint, respectively. Note that expand is not the identity function but an embedding, as its signature shows. The operation rename gives a new name to a variable.

Definition 3. We define

^H_V:H_V×H_V maps to

H_V,

restrict_x^H_V:H_V maps to

H_Vx with x set membership, variant

expand_x^H_V:H_V maps to

H_Vx with x negated set membership

rename_x→n^H_V:H_V maps to

H_(Vx)n with x set membership, variant

V and n

as¹

expand_x^H_V( there exists

_Wc)=

_Wc,

rename_x→n^H_V( there exists

_Wc)=

_W(c[x

n]).

The operations of Definition 3 are pointwise extended to Weierstrass p (H_V). For instance, if S₁,S₂ subset of or equal to H_V, then S₁ star, filled ^H_VS₂={h₁^H_Vh₂ | h₁ set membership, variant S₁, h₂S₂ and h₁^H_Vh₂ isdefined} and there exists ^(H_V)_xS={^H_V_xh | hS}. On the collecting domain (H_V) a new operation union or logical sum ^H_V is defined as ^H_V(S₁,S₂)=S₁S₂.

We abuse notation and we use the operations of Definition 3 with sets of variables instead of single variables. For instance, restrict_{{x₁,…,x_n}}^H_V stands for the composition restrict^H_V_x₁ cdots, three dots, centered restrict^H_V_{x_n} and expand^H_V_{x₁,…,x_m→n₁,…,n_m} for the composition expand^H_V_x₁→n₁expand^H_V_{x_m→n_m}.

The s-semantics of a program is the least fixpoint of its immediate consequence operator.

Definition 4. Let P be a program over H. Its immediate consequence operator is such that

for every

, where the denotation [[G]]I of G in I is

[[G₁,…,G_m]]I=[[G₁]]I star, filled

^H_V

^H_V[[G_m]]I

[[h]]I={h} if h set membership, variant

H_V,

As one can see from Definition 4, the denotation of the tail of a clause is computed by using the conjunction operator star, filled ^H_V applied to the denotations of the components of the tail. The operator T_P then projects (restrict^H_V) this denotation over the variables that occur in the head of the clause. The denotation of a predicate q in the tail of a clause is computed by fetching its current interpretation, by renaming (rename^H_V) its variables in order to reflect its calling context and by enlarging (expand^H_V) the set of variables in order to cover the entire set V.

3.3. Abstract interpretation

Abstract interpretation [16 and 17] allows us to reason about the abstraction relation between two different domains (the concrete and the abstract domain).

We recall that a complete lattice L is a partially ordered set where least upper bound (or join, denoted by square cup ) and greatest lower bound (or meet, denoted by square intersection ) exist for every subset of L. A Moore family M of C is a topped completely meet-closed subset of C, i.e., M contains the top element of C and is closed w.r.t. arbitrary meets. The Moore (_C) closure of a set A subset of or equal to C is denoted by c(A).

Definition 5. Let left angle bracket C, less-than-or-equals, slant right-pointing angle bracket and A, not precedes, equals be two complete lattices (the concrete and the abstract domain). A Galois connection from C to A is a pair of monotonic maps α:C→A (abstraction) and γ:A→C (concretisation) such that for each x set membership, variant C we have x less-than-or-equals, slant γα(x) and for each yA we have αγ(y) not precedes, equals y. A Galois insertion is a Galois connection where αγ is the identity map on A.

The composition of Galois connections is a Galois connection. The composition of Galois insertions is a Galois insertion. A Galois connection is a Galois insertion if and only if γ is one-to-one or, equivalently, if and only if α is onto. In a Galois insertion, the abstraction map uniquely identifies the concretisation map and vice versa. It is well known [16] that the set of Galois insertions from C to A is isomorphic to the set of the Moore families of C. This means that every Moore family M subset of or equal to C is an abstract domain whose concretisation map is the identity map. This way of looking at abstract domains allows us to distinguish the property of a domain from the properties of its representations.

Let f:Cⁿ→C be a concrete operator and let . Then is a correct approximation of f if for all y₁,…,y_n set membership, variant A we have

Full-size image

. For each operator f, there exists a best correct or optimal approximation

defined as

Full-size image

. The composition of correct approximations is a correct approximation but the composition of optimal approximations is not necessarily an optimal approximation. When f is clear from the context, we just say that

is correct (optimal). The abstract domain A is called condensing w.r.t.

if for every x,y set membership, variant

A we have

[31 and 34].

Every abstract domain A, with abstraction function α^A, allows us to compute the corresponding abstract s-semantics of a logic program, by substituting A instead of H in Definitions 1–4Definitions 1–4Definitions 1–4Definitions 1–4. The denotation of a Herbrand constraint becomes its abstraction. Hence, we modify Definition 4 with [[h]]I=α^A(h). The precision of the abstract semantics (analysis) depends on the precision of the abstract domain.

3.4. Abstract compilation

As we said at the end of the previous section, we can compute the abstract s-semantics of a program by using its same definition instantiated over the abstract domain A. However, this requires to abstract the concrete constraints in the program at every iteration of the immediate consequence operator (Definition 4). It is hence natural to optimise the fixpoint computation by abstracting the logic program once and for all into an abstract logic program, and by then computing its s-semantics without using the abstraction function anymore. In such a case, Definition 4 can be instantiated to the abstract domain A without the modification described at the end of the previous section. This technique is called abstract compilation [12 and 26].

Example 6. The computation over A of the abstract s-semantics of the following logic program:

proceeds as follows. We first substitute the concrete constraints with their abstraction. Let and . The compiled program is

We then compute the fixpoint of the T_P^A operator (Definition 4).

Note that abstract compilation can be used only if all the abstract operations are defined over elements of the abstract domain only, which is what we assume when we instantiate Definition 3 over the abstract domain A. Instead, the conjunction operation of the domain Sharing of [31] is defined between a concrete element and an abstract one. This does not allow us to use abstract compilation for that domain. Actually, even Definition 4 must be modified to fit that domain.

3.5. Goal-independence

By goal-independence we mean that the (abstract) semantics of a program is computed for the most general goals only. The semantics of the other goals is derived from that of the most general goals by instantiation and without using the text of the program. Hence the semantics of the most general goals must contain all the information needed to derive the semantics of the other goals.

The advantage of goal-independence is that the analysis becomes naturally modular, since it cannot look at the text of other modules, but only at the summary information gained from them. Another advantage of goal-independence is that, once a module has been analysed, its source code can be kept secret. Thus the analysis can be applied also when the code cannot be publicly divulged for copyright reasons.

A typical example of a goal-independent analysis is that obtained through the computation of an abstract s-semantics (Section 3.2). Since only the most general goals are analysed, the analysis of a goal like is derived from the analysis of the most general goal through its conjunction with the abstraction of .

In has been shown that, in general, a goal-independent analysis is less precise than a goal-dependent analysis computed by using the same abstract domain, and that, for domains which are condensing w.r.t. conjunction, both analyses have the same precision [25].

Note that our notion of goal-independence is different from that used in [9 and 18], where the program is still needed to derive the goal-dependent information from the (so-called) goal-independent analysis of the same program. Hence, our notion is in our opinion more correct.

3.6. Linear refinement

Given an abstract domain A subset of or equal to C, a domain refinement operator R yields an abstract domain R(A)C which is more precise than A, i.e., which contains A [19 and 23]. A classical domain refinement operator is the reduced product A square intersection B of two domains A and B, both contained in another domain C [16]. It is isomorphic to the Cartesian product of A and B, modulo the equivalence relation left angle bracket a₁,b₁ right-pointing angle bracket ≡a₂,b₂ if and only if a₁b₁=a₂b₂. Hence pairs with the same meaning are identified.

Linear refinement [24] is a slight generalisation of Cousot’s reduced power operation [16]. It allows us to include in a domain the information related to the propagation of the abstract property of interest before and after the application of a partial operator over C. We consider here just the case when C= Weierstrass p (H_V) and the operator is the pointwise extension of conjunction (Definition 3).

Let a,b set membership, variant Weierstrass p (H_V). We define the linear refinement of a w.r.t. b as

(2)

a→b={h

H_V | if a star, filled

^H_Vh isdefinedthen a star, filled

^H_Vh

b}.

The set a→b contains exactly those existential Herbrand constraints which, upon conjunction with a constraint in a, become a constraint in b. If a and b are sets of constraints satisfying some property, you can view a→b as the set of constraints which transform the property a into the property b upon conjunction. An arrow a→b is called tautological when it coincides with H_V.

Example 7. For every v set membership, variant

V, let v={ there exists

_Wc

H_V | vars(c(v))= empty set

}. The set v is the set of constraints which bind v to a ground term. Let x,y set membership, variant

V. Eq. (2) becomes in this case

This means that every h set membership, variant

x→y is such that in all its instantiations if x is ground then y is ground. Equivalently, you can say that h transforms the groundness of x into the groundness of y upon conjunction. For instance, we have

and

. But

. Note that, since groundness cannot be lost, x→x=H_V. Hence x→x is a tautological arrow.

Given an abstract domain L subset of or equal to H_V, we define

(3)

L=c{a→b | a,b set membership, variant

L}.

The set L

L is then the collection of all possible intersections of arrows which can be built from elements of L. Note that l→(a square intersection

b)=(l→a)

(l→b).

The linear refinement L→L of L is the domain

(4)

L→L=L

L).

If L

L, i.e., if the properties in L are (degenerate) cases of intersections of arrows, (4) can be simplified into

(5)

L→L=L

This simplification is relevant since it allows a simpler representation and simpler operations for L→L. Indeed, we need to represent elements and operations over L