Abstract diagnosis

ELSEVIER The Journal of Logic Programming 39 (1999) 43-93

iHE.K~,JRNLA L ~ LOC~" P~OGRAMMING

Abstract diagnosis M a r c o C o m i n i a.*, G iorg io Levi ~, Maria Chiara M e o b

Giu l iana Vit ie l lo c ,t Dipartimc~to di ln hJrmath'a. Unirt, rsitt'~ di Pisa. Corso Italia 40. 1-56125 Pisa. I taly

h Diparthnento di l~latematica Ptu'a ed :lpplicata. UnicersitFt eli L'rlquiht. via I"t, toh~. iot'alitgt (.'~Jp,~ito. 6701t~ L'Aquila. l ta i r

¢ Diparthnento tfi b!/brt;utth'a ed ,-tpplica:ionL Unirer.vith tfi Salt,rno. Baroni.v.xi (Salerno) . i taly

Received 10 February 1997; received in revised form 1 September 1998: accepted 10 September 1998

Abstrac t

W e s h o w h o w d e c l a r a t i v e d i a g n o s i s t e c h n i q u e s can be e x t e n d e d to c o p e wi th ve r i f i ca t ion o f o p e r a t i o n a l p rope r t i e s , such as c o m p u t e d a n d c o r r e c t a n s w e r s , a n d o f a b s t r a c t p rope r t i e s , such as d e p t h ( k ) a n s w e r s a n d g r o u n d n e s s d e p e n d e n c i e s . T h e e x t e n s i o n is a c h i e v e d by usir, g a s imp le s e m a n t i c f r a m e w o r k , ba sed ¢~n a b s t r a c t i n t e r p r e t a t i o n . T h e resu l t ing t e c h n i q u e ( a b s t r a c t d iagnos is ) l eads to e l egan t b o t t o m - u p a n d top-dowr~ ver i f ica t ion m e t h o d s , w h i c h d o no t r e q u i r e to d e t e r m i n e the s y m p t o m s in a d v a n c e , a n d w h i c h a r e effective in t h e case o f a b s t r a c t p r o p e r t i e s d e s c r i b e d by finite d o m a i n s . © 1999 Elsevier Sc ience Inc. All r i sh t s rese rved .

K e y w o r d . w Log ic p r o g r a m m 2 u g ; D e c l a r a t i v e d i agnos i s : Ver i f ica t ion : Seman t i c s : D e b u g g i n g

1. Introduction

1.1. D e c l a r a t i v e d e b u g g i n g , p : - o g r a m v e r i f i c a t i o n a n d abs t : ' t~c t d i a g n o s i s

Declaratire debugging [43,35,28] is a t e c h n i q u e which , g iven a p r o g r a m P a n d a spec i f i ca t ion . f o f the intended d e c l a r a t i v e s ema n t i c s o f P, a l lows o n e to d e t e r m i n e program bugs, when the actual semantics .yT[[p] and the ~pecification .J are different. Declarat ive debugging algori thms are based on a thet3ry which requires f to be specified extensionaily, However , since - f is in general infinite, practical debugging algorithms are driven by symptoms (a toms on which .yT[[p~ and .9 do not agree}, which are determined by using testing techniques. C~racles are used to model the acquisit ion (from the user) o f the subset o f J which is relevant to a symptom, Given a symptom, the algorithms query the oracles to locate the actual sources o f errors.

"Corresponding author. Tel.: +39 050 887248: fax: +39 050 887226: e-mail: comini~i, t~di.unipi.it.

0743-1066/99/S - see front matter © 1999 Elsevier Science Inc. All rights reserved. Pll: S 0 7 4 3 - 1 0 6 6 ( 9 8 ) I 013 ~ ;3-X

44 M. Combli et al. I J. Logic Programming 39 (1999) 43-93

One s t ronger a l ternat ive to symptom-di rec ted declarat ive debugging can be obtained by extending the under lying t h e o ~ to the case where the specification J¢ is a finite represe, l ta t ion o f the intended behavior. This is essentially the approach o f p r o g r a m verification [24,6,3,2], where the specification is a finite ( intensional) repre- sentat ion o f a p rog ram proper ty . The p roper ty is any abs t rac t ion o f the semantics, including the semantics itself. The goal o f p rog ram verification is to prove tha t the p rogram is part ial ly correct , i.e., that it satisfies the specification. It is wor th not ing Hint in p rog ram verification a specification is usual ly a pair o f pre- and post-condi- tions. The p roper ty specified by the post -condi t ion has to be satisfied only by those goals which satisfy tile pre-condit ion. In addi t ion the part ial correctness cri teria might require all the p rocedure calls (call pat terns) to satisfy their pre-condit ions.

The aim o f ab.s,'ract diagnosis is to extend declarat ive debugging to the case where SlC, eci~cations are finite and define a p rog ram p rope r ty ra ther than its semantics. In order to be consistent with t radi t ional declarat ive debugging, specifications are as- sumed to consist o f pos t -condi t ions only. However the results can be generalized to the case o f pre- and post -condi t ions (see Section 9). Finite specifications lead to the systematic der ivat ion o f the diagnosis a lgor i thms from the under ly ing theory with no need for s y m p t o m detection. Moreover , the theoretical results on part ial correctness, completeness and bug der ivat ion are valid for the diagnosis a lgor i thms too. The a p p r o a c h o f abs t rac t diagnosis is s trongly related to the idea o f using assert ions as finite specifications o f an approx ima t ion o f the in tended declarat ive semantics in Ref. [25] and to the concept o f an abst ract oracle, in t roduced in Ref. [34] to specify a superset o f the intended p rog ram behavior , in the case of concur ren t logic programs.

L2. Program propert ies and abstract interpretat ion

Program propert ies are lbrmulas in a logical theory. They can be viewed as ab- s t ract ions of a suitable semantics. Their" relation to the semantics can be formalized within abs t rac t in terpre ta t ion theory [22,23]. However , abs t rac t in terpre ta t ion suggests ano the r way of looking at p rog ram propert ies , where the logical theory is replaced by a finite (or noether ian) model (the abs t rac t domain) . The relevant feature o f abs t rac t in terpre ta t ion is that , once the p roper ty has been modeled by an abs t rac t domain , we have a me thodo logy to systematical ly derive an abs t rac t semantics , which in tu rn allows us to effectively compute a (correct) app rox ima t ion o f the proper ty . By using this approach , most o f the theorem-proving, in the logical theory involved in p rog ram verification, boils down to comput ing on the abst ract domain . This is obta ined in general at the expense o f precision.

In p rog ram analysis, abs t rac t in terpreta t ion theory is often used to establish the correctness o f specific analysis a lgor i thms and abst rac t domains . We are more concerned instead in its appl icat ion to the systematic der ivat ion o f the (opt imal) abs t rac t semantics f rom the abs t rac t domain . Recent results on domain refinement opera tors (see, for example, Refs. [30,42]) show that (opt imal) abs t rac t domains can systematically be derived from the proper ty to be proved.

1.3. The semant ic f r a m e w o r k

Program propert ies we are interested in are opera t ional propert ies and nol necessarily declarat ive properties. The aim of the resulting method is therefore closer to

3el. Comini el al. I J. Logic Programming 39 (1999) 43-93 45

the goal o f ra t iona l debugging [40] than to the goal o f dec lara t ive debugging. This also means tha t we canno t base the abs t rac t ion f r amework on the declara t ive semantics, since it is too abs t rac t to a l low us to reason abou t some opera t iona l propert ies , such as g roundness o f variables.

Some pre l iminary vers ions o f abs t rac t diagnosis [17,19] were based on a more concre te semant ic f r a m e wor k [I 3-15], whose collect ing semant ics is a trace semantics [20]. In this pape r we are only concerned with proper t ies which are abs t rac- t ions o f the c o m p u t e d answers semantics . We will therefore in t roduce in Section 3 a simplified vers ion o f the semant ic f ramework , where the collecting semant ics is the s-semantics [27,7], given for a CLP- l ike version o f posi t ive logic programs.

P r o g r a m proper t ies are observab les , i.e., Galo is inser t ions between the concre te d o m a i n (the semant ic d o m a i n o f the col lect ing semantics) and the abstrac~ d o m a i n chosen to model the p roper ty . The abs t rac t semant ics (abs t rac t t rans i t ion sys tem and abs t rac t deno ta t i ona l semant ics) are sys temat ica l ly der ived f rom the collect ing ser.~anfics and the observable . We cons ider two classes o f observables , c o m p l e t e and a p p r o x i m a t e . For every comple te o r a p p r o x i m a t e observable , the abs t rac t oper- a t ional semant ics and the abs t rac t deno ta t i ona l semant ics are equivalent . This will a l low us to define equiva lent t o p - d o w n and b o t t o m - u p diagnosis a lgor i thms. The above equivalence p r o p e r t y requires the observable to be condens ing . Condens ing is a compos i t iona l i ty p r o p e r t y which tells us that the abs t rac t semant ics r~f a proce- dure call can be der ived (wi thout losing precision) f rom the abs t rac t semant ics o f the p rocedure dec lara t ion . This p rope r ty is needed in abs t rac t d iagnosis where the specification is a pos t -condi t ion descr ibing a (goa l - independent ) p rope r ty o f a set o f pro- cedure declara t ions . It is wor th not ing that the observables co r r e spond ing to the declara t ive semant ics are co,~densing and tha t the declara t ive semant ics do ,ndeed charac ter ize p rocedure declara t ions . N o t e also tha t several observables used in pro- g r a m analys is (for mode , type and g roundness analysis) are also condens ing and tha t a non-condens ing observab le can sys temat ica l ly be t r ans fo rmed into a (more concrete) condens ing observable , by using d o m a i n refinement ope ra to r s (see, for exam- pie, how the condens ing d o m a i n .~tr, ~/, for g roundness analys is can be der ived [42] f rom the non-condens ing d o m a i n ~ , ~ - ) . The results of the diagnosis for approxi - mate observables are also valid for non-condens ing domains , which are somet imes conven ien t to use in pract ice for efficiency reasons.

As expected f rom abs t rac t in te rpre ta t ion theory , the difference between comple te and a p p r o x i m a t e observables is related to precision. Namely , the abs t rac t semant ics coincides with the abs t r ac t ion o f the collecting semantics , in the case o f comple te observables, while it is jus t a correct app rox ima t ion , in the case o f app rox ima te observables. On the o the r side, a p p r o x i m a t e observables co r respond to noe ther ian domains . Hence their abs t rac t semant ics is finite, while (in general) it is infinite for comple te observables . We show tha t the class o f comple te observables includes the observables g r o u n d instances o f c o m p u t e d answers and correct answers which al low us to recons t ruc t the declara t ive semant ics used in declara t ive debugging, i.e., the least H e r b r a n d model used in Ref. [43] and the least term model (a tomic logical con- sequences o r c-semantics) used in Ref. [28]. On the o ther hand, the class o f app rox- imate observables includes d e p t k ( k ) [41] and several d o m a i n s p roposed for type, m o d e and g roundness analysis (we will jus t consider the doma in ~ r ; 9 ~ [38] for g roundness analysis).

46 M. Contini et al. I J. Logk" Programming 39 (1999) 43.-93

1.4. A b s t r a c t d iagnosis

In Section 4 we give the basic definitions of abstract diagnosis, which are a s t ra ight forward adap ta t ion of those given for declarative debugging. A prel iminary version (without proofs) o f abstract diagnosis can be found in [17, ! 9, i 6]. Part ia l c o t rectness and cotr~pleteness of P w.r.t, the observable proper ty ~ are defined by com- paring the abstract specification of the in tended behavior (of P w.r.t. ~) ,¢~ and the abstract ion ~(.~-[[P~) of the concrete semantics . ~ P ] ] . It is worth noting that ~(.T[[P~) is in general more precise than the abstract __-muntics . ~ [ P ~ , in the case of approximate observables.

The diagnosis is based on the detection of incortx, ct clauses and uncovered ele- men t s , which have both a bo t tom-up definition (in terms o f one application of the "abs t rac t immediate consequence opera to r" to the abst ract specification, see Sec- tion 4.1) and a top-down definition (in terms of "'oracle s imala t ion" , see Sec- t ion4 .2) . It is wor th not ing that both the definitions use the (possibly approximate) computa t ion vn the abstract domain , and that no fixpoint computa- tion is required, since the abst~ae~ semantics does not need to be computed. An im- plementat ion of the diagnosis a lgor i thms (parametr ic w.r.t, the observable) by means of P R O L O G meta-programs is described in Ref. [12].

In Section 5 we give the diagnosis theorems for complete observables, which provide rather s t rong results. Namely, e absence of incorrect clauses implies partial correctness, • absence of uncovered elements implies completeness, for a large class of p rograms

~,,cceptable programs) , • incorrect clauses and uncovered elements always correspond to a bug in the pro-

grum. The results generalize to any complete observable lhe results given for declarative debugging and allow us to reconstruct the theory of declarative debugging as an instance o f abstract diagnosis. In addi t ion we have some new stronger results on the diagnosis of completeness. However, since abstract specifications are often infinite in the case of complete observables, these results have ~ purely theoretical interest and can be viewed as a foundat ion for the effective diagnosis methods considered in the following sections.

The first effective diagnosis method Q~artial diagnosis) is described in Section 6. Partial diagnosis (originally introduced in Rel: [18]) can be applied to make the diagnosis effective in the case of complete observables. A specification consists o f a finite set of elements which are in the intended behavior and a finite set o f elements which are not in the intended behavior. The diagnosis is based on the detection of p-incorrect clauses and p-uncovered elements, which generalize the definitions of incorrect clause and uncovered element to the case of partial specifications. The results we obtain are of course weaker. Namely, • p- inconect clauses always correspond to bugs in the program, • absence of p-uncovered elements implies completeness (w.r.t. the positive specifi-

cation) for a large class of programs, • a p-uncovered element is a warning about a possible incompleteness bug. We show that partial diagnosis can be viewed as a theoretical foundat ion of symptom-directed oracle-based debugging algori thms t~.sed in declarative debugging.

~[. Comini et ai. I J Logic PrtLgramm#~g 39 (1999) ,13-03 47

T h e second effective d i a g n o s i s m e t h o d can be a p p l i e d i f the p r o p e r t y c a n be m o d - eled by a p p r o x i m a t e obse rvab le s . F o r e x a m p l e , o n e c a n c h o o s e to a p p r o x i m a t e the c o m p l e t e o b s e r v a b l e c o m p u t e d a n s w e r s by the ( a p p r o x i m a t e ) o b s e r v a b l e dep th (k ) answers , w h i c h lead~ to f ini te ab s t r ac t spec i f ica t ions . U s i n g abs t r ac t d i a g n o s i s w.r.t , a p p r o x i m a t e o b s e r v a b l e s one c a n effectively p rove p rope r t i e s re la ted to m o d e s , types a n d g r o u n d n e s s dependenc i e s . T h e resul ts for a p p r o x i m a t e o b s e r v a b l e s a re given in Sec t ion 7. A g a i n , the resul ts a re w e a k e r t h a n those for c o m p l e t e o b s e r v a b l e s (because o f a p p r o x i m a t i o n ) . N a m e l y , • a b s e n c e o f incor rec t c lauses imp l i e s pa r t i a l cor rec tness , • an u n c o v e r e d e l e m e n t a h r a y s c o r r e s p o n d s to a bug in the p r o g r a m , • all the inco r rec tness bugs a re c a p t u r e d by incor rec t c lauses , • a n incor rec t c l ause is a warning a b o u t a poss ib l e i nco r rec tnes s bug. It is w o r t h n o t i n g tha t there exists a d u a l i t y be tween the resul t s for pa r t i a l d i a g n o s i s a n d those for a p p r o x i m a t e obse rvab le s . T h i s is d u .~ , to the fact tha t a pa r t i a l specif i- c a t i on is a subse t o f the full spec i f ica t ion , wh i l e a n a b s t r a c t spec i f i ca t ion c o r r e s p o n d - ing to a n a p p r o x i m a t e o b s e r v a b l e r ep resen t s ( t h r o u g h the c o n c r e t i z a t i o n func t i on ) a superse t o f the conc re t e full spec i f ica t ion .

W e c e m p a r e the resul ts o f ab s t r ac t d i a g n o s i s w.r. t , a p p r o x i m a t e o b s e r v a b l e s to those o f p r o g r a m ver i f i ca t ion (wi th p o s t - c o n d i t i o n s only) . It t u rn s ou t the t the resul ts a re s i m i l a r for pa r t i a l co r rec tness a n d comple t enes s . A b s t r a c t d i a g n o s ~ is m o r e useful for d e b u g g i n g pu rposes , s ince it p rov ides useful i n f o r m a t i o n on " . : og ram bags .

i n Sec t ion 8 we cons ide r the p r o b l e m o f m o d u l a r d i a g n o s i s a n d we f o r m a l l y p r o v e tha t the d i a g n o s i s m e t h o d does not need to be e x t e n d e d to p e r f o r m the d i a g n o s i s in a m o d u l a r way . T h i s is d u e to tl~,e fact tha t b o t h the t o p - d o w n a n d the b o t t o m - u p di- a g n o s i s a l g o r i t h m s are es,:.enti::lly ba sed on the a p p l i c a t i o n o f the " ' abs t rac t i m m e d i - ate c o n s e q u e n c e o p e r a t o r " whicla is i n t r in s i ca l ly c o m p o s i t i o n a l . T h i s p r o p e r t y s h o w s tha t we c a n ve r i ly a n d d e b u g i n c o m p l e t e p r o g r a m s , once we h a v e the spec i f i ca t ions for the m i s s i n g p r o g r a m c o m p o n e n t s .

F i n a l l y Sect ion 9 is devo ted to s o m e conc lus ive r emarks .

2. Preliminaries

In the f o l l o w i n g sect ions , we a s s u m e L lmi l i a r i ty wi th the s t a n d a r d n o t i o n s o f logic p r o g r a m m i n g as i n t r o d u c e d in Refs . [1,36].

2.1. Log ic p r o g r a m m i n g

T h r o u g h o u t the p a p e r we a s s u m e p r o g r a m s a n d goa l s be ing de f ined on a first or- de r l a n g u a g e g iven by a s i gna tu r e Z" cons i s t i ng o f a f inite set F o f J i m c t i o n s_rmbols, a f ini te set H o f pred ica te s y m b o l s a n d a d e n u m e r a b l e set V o f rariable symbols . T deno tes the set o f t e rms bui l t on F a n d II.

A s u b s t i t u t i o n is a m a p p i n g 0 : V ~ T such tha t the set dora(i)) ::= {x I tg(x) ~ x} (domain o f 0) is finite. A s u b s t i t u t i o n t9 is i dempo ten t i f ~h9 ~- ~9. A re . taming is a ( n o n - i d e m p o t e n t ) subst . i tu i ion p for wh ich there exis ts the inverse p-~, such tha t p p - i __ p - t p ._ id. T h e p r e o r d e r i n g ~< ( m o r e genera l t han ) on s u b s t i t u t i o n s is such tha t 0 <~ a i f a n d on ly i f there exis ts tg' such tha t ~')0' = tr. T h e resul t o f the a p p l i c a t i o n o f a s u b s t i t u t i o n ~') to a t e rm t is a n htstance o f t a n d is d e n o t e d by tO. T w o t e rms t

48 AL Comini et al. I J. Logir Program~ni;zg 39 (1999) 43-93

a n d t' a re variants (t ~ Y) i f there exists a r e n a m i n g p such tha t t = Yp. A subs t i tu t ion /) is a unt'fier o f t e rms t a n d t' if tz? = t '0. I f two t e rms a re unif iable then they have an i d e m p o t e n t m o s t genera l unifier which is un ique up to r enaming . T h e r e f o r e mgu(t~, t,.) deno tes such an i d e m p o t e n t mos t gene ra l unif ier oft~ a n d t_,. All the a b o v e def in i t ions can be ex tended to o the r syn tac t ic express ions in the obv ious way.

A n a t o m is an object o f the f o r m p(t l , . . . , t , ) where p E / 7 , t , , . . . , t,, E T. A goal is a sequence o f a t o m s A~ . . . . . A,,. The e m p t y goa l is d e n o t e d by Q. We deno te by G a n d B poss ib ly e m p t y sequences o f a t o m s , by t , x tuples of, respect ively, t e rms a n d distinc't var iab les . M o r e o v e r we d e n o t e by t b o t h the tuple a n d the set o f corre- s p o n d i n g syn tac t i c objects . B, B' deno te s the c o n c a t e n a t i o n o f B a n d B'. A n a t o m is cal led pure if it is in the f o r m p(.~-ir, while a goa l is cal led pv,'e if it con t a in s on ly pure a t o m s which do no t s h a r e var iables .

A (de[ in#e) clause is a f o r m u l a o f the f o r m H *-- A i . . . . . A,, with n >t 0, where H (the head) a n d A~ . . . . . ,4, ( the body) are a t o m s . ~-- a n d , d e n o t e logical impl ica t ion and c o n j u n c t i o n respect ively, a n d all va r i ab les a re universa l ly quant i f ied . A program is a finite set o f (defini te) clauses.

In the p a p e r we use s t a n d a r d r e suhs on the o rd ina l p o w e r s T o f c o n t i n u o u s func- t ions on comple t e latt ices. N a m e l y , given a n y m o n o t o n i c o p e r a t o r T on (C, ~<), TT, :=-l-c., TII,, ~t~ := T(TI,,) for n < ~o, a n d TT,,, := u,,<,,,Tb,, where -t-c a n d t_J d e n o t e the least e lement and the lub o p e r a t i o n o f C, respect ively. M o r e o v e r if T is con t in - uous its least f ixpoint is TT .... W e d e n o t e the least fi.vpohat o f T by / J jo T a n d the great- t .st .[ixpohtt o f T by g/~o T, if they exist.

In o r d e r to use pa r t i a l func t ions we use l a m b d a n o t a t i o n by a d m i t t i n g no t a l w a y s def ined express ions . Hence a l a m b d a express ion ,;.x. E deno t e s a pa r t i a l func t ion which on input x a s s u m e s the va lue E[x] i f the express ion E[x] is def ined, o the rwise it is undef ined .

In the tb l lowing , we will o f ten use f in i t e - suppor t pa r t i a l func t ions . Hence , to s im- plify the n o t a t i o n , by

l ' I ~ r I ,

we will deno te (by cases) a n y func t ion f which a s s u m e s on inpu t ~,= . . . . . v,, o u t p u t r~ . . . . . t;,. respect ively, a n d is o the rwise undef ined . F u r t h e r m o r e , if the s u p p o r t o f f is jus t the s ingle ton {~,}, we will deno te f by f := l, ~-~ r.

2. 2. Propert ies o f subst i tu t ions and equations

G i v e n a set o f e q u a t i o n s E := {sl = t, . . . . . s,, = t,,}. a (mos t genera l ) unifier o f E is a (mos t general~ unifier o f (sl . . . . s,,) a n d (tl . . . . . t,,). A unif iable set o f e q u a t i o n s ( te rms) has an i d e m p o t e n t mgu. A n y unifier 0 for E is cal led sohaion i fEO is va r i ab le free. A set E is so lvable if it has so lu t ions . The p r e o r d e r i n g <~ ,. on e q u a t ! o n s sets is such tha t E ~< ,. E' if a n d only if the so lu t ions o f E a re a lso so lu t ions o r E ' . T w o sets E, E' are cal led equiralent (deno ted by E ~,. E') i f they have the s ame solut ions .

A (poss ib ly e m p t y ) e q u a t i o n set is in soh;ed j b r m i f it has the f o r m {t ' t = t~ . . . . . t',, = t,,} a n d the ~,; a re dis t inct var iab les which do not occur in the r ight

I~[. Comini et al. I J. Logic Programming 39 (1999) 43-93 49

h a n d side o f any equa t ion . T h e var iables v, a re said to be eliminable. T h e set {v~, . . . . v,} is deno ted by el im(E). In the fol lowing, given a set o f solved form equa- t ion sets .~, by el im(~) we deno te [-Je~e, elim(E). I f a set E is solvable then it has an equiva lent solved form which is unique up to renaming . There exists an a lgo r i thm [3 l] which t r ans fo rms any solvable equa t ion set into an equiva len t solved fo rm equa- t ion set.

The latt ice s t ruc ture on i d e m p o t e n t subs t i tu t ions [26] is i somorph ic to the latt ice s t ruc ture on equa t ions ~ntroduced in Ref. [3 l]. The re fo re we can indifferently use id- e m p o t e n t mgus or equat ions . A n equational goal is an object o f the fo rm 6 , B where B is a pure goal and d is a finite set o f solved form equa t ion sets such tha t e l im(d) c t, ar(B) . {0}, B will be deno ted by B. An equa t iona l c lause is a f o r m u l a o f the form H ~-- E, B, where (H, B) is a pure goal and E is a solved fo rm equa t ion set such tha t e l i m ( E ) C ~'ar(H,B). In the fol lowing, given any p r o g r a m clause p( t )* - ' -p l ( t l ) . . . . ,p,,(t,,) we will ahvays cons ider its equa t iona l fo rm p(x)~- - E, p l ( x l ) , . .. ,p,(x, ,) where E = {x = t, xj = tl . . . . . x,, = t,,} (x, xj . . . x , , are new dis- t inct variables) .

2.3. Galois insertions attd abstract interpretation

Abs t rac t in te rp re ta t ion [22,23] is a theory deve!, .ped to reason a b o u t the abs t rac - t ion rela t ion between two different semantics . The theo ry requires the two semant ics to be defined on d o m a i n s which are comple te lattices. (C, ___) (the concre te d o m a i n ) is the d o m a i n o f the concre te semantics , while (A, ~< ) ( the abs t r ac t d o m a i n ) is the doma in o f the abs t rac t semantics. The par t ia l o rde r re la t ions reflect an a p p r o x i m a t i o n relat ion. T h e two d o m a i n s are related by a pai r o f func t ions ~t {abstraction) and ~, (concreti:otion), which form a Galo is insertiolt .

Ga lo i s inser t ions can be defined on p reordered sets. H o w e v e r in this paper we re- strict o u r a t t en t ion to lattices.

Definition i (Galois insertion). Let (C, ~ ) be the concre te d o m a i n and (A, ~< ) be the abs t r ac t doma in . A Ga lo i s insert ion (:t, 7)- (C,-<) ~-- (.4, <~ ) is a pair o f m a p s ~t : C ---, A and 7 : A --, C such that l. ~t and 7 are mono ton ic , 2. Vx E C. x _-_< (7 o ~)(x) and 3. 7'y e A. (cz o 7)(Y) -- Y-

Given a concre te semant ics and a Ga lo i s insert ion between the concre te and the abs t rac t doma in , we want to define an abs t rac t semantics. Tile concre te semant ics is the least f ixpoint o f a semant ic func t ion F : C -* C. The abs t rac t semant ic func- t ion P : A --~ ,4 is correct if Vx C C. F(x) "< 7(/7(~t(x))).

F is in tu rn defined as compos i t i on o f " p r i m i t i v e " opera to rs . Let f : C" ---, C be one such an o p e r a t o r and assume that f is its abs t rac t coun te rpa r t . T h e n f is (locally) correc t w.r.t , f i f V x l , . . . ,x , E C . . f ( x l , . . . , x , ) -< ~.(/~(o~(xj),... ,~t(x,))). The local correctness o f all the pr imit ive ope ra to r s implies the global correctness. Hence, we can define an abs t rac t semant ics by defining locally correc t abs t rac t pr imit ive seman- tic funct ions. An abs t rac t c o m p u t a t i o n is then related to the concre te c o m p u t a t i o n , s imply by replacing the concre te ope ra to r s by the co r r e spond ing abs t rac t opera to rs .

50 M. Comini et al. I J. Logic Programming 39 (1999) 43-93

A c c o r d i n g to the theory , for each o p e r a t o r f , there exists an o p t i m a l (most precise) local ly correct abs t r ac t o p e r a t o r . f def ined as . P 0 ' I , . . . ,3 ' , , ) := ~ ( f ( 7 0 ' l ) . . . . . ,'(Y,,))). H o w e v e r the c o m p o s i t i o n o f o p t i m a l ope ra to r s is not necessar i ly op t imal .

T h e abs t r ac t o p e r a t o r f is p r e c i s e i f V.v~ . . . . . x,, E C . ~.(l'(x~ . . . . ,x , , )) = f ( ~ ( x t ) . . . . . ~(x, ,)) . Hence the o p t i m a l abs t rac t o p e r a t o r f is precise if a n d on ly i f 7 . ( f ( x l , . . . . x , , ) ) = ~(./((7 o ~)(.rt ) , . . . , (7 o ~)(x,,))). T h e prec is ion o f the o p t i m a l ab- s tract ope ra to r s can be r e fo rmu la t ed in te rms o f p roper t i es o f ~. 7 a n d the corre- s p o n d i n g concre te opera to r . T h e above def in i t ions are na tu ra l l y ex tended to " ' p r imi t ive" s eman t i c ope ra to r s f rom s.~(C) to C.

No te that i f u is the l ub ope ra t i on over (C,___) and (~., ') is a G a l o i s inser t ion then u = z t o u o 7 is the l ub o f (A. ~<) a n d m o r e o v e r for each S C C ~(I I S ) = ~(u(;. o ~)S).

3. T h e semant ic f ramework

As a l r e a d y m e n t i o n e d in the in t roduc t ion , the f r a m e w o r k i.~ a s impl i f i ca t ion o f the s e m a n t i c f r a m e w o r k def ined in Refs. [13-15]. which takes as col lec t ing s eman t i c s a c o m p u t e d answers seman t i c s ins tead o f a (more concre te) s eman t i c s m o d e l i n g SLD- t r ee s [20].

All the p roofs o f the ~heorems o f this sect ion can be f o u n d in A p p e n d i x A.

3.1. T h e c o n c r e t e coli~,cting s e m a n t i c s

W e deno te by E the c o m p l e t e latt ice o f sets o f finite solved fo rm e q u a t i o n sets, par- l ia l ly o rdered by c_. We define a va r i ance equ iva l ence on E as fol lows. F o r any ¢~.~' c IF a n d for a n y tuple o f va r i ab les x, g~ =-:x g~' i f - rod on ly i f for each E E :, there exists E' E ¢~' such that x mgu (E) = x mgu (E') a n d v i :e versa. ! A collt, t 'liolt C is a par t ia l func t ion G o a l s ~ E such that , for every G E G o a l s , i f C ( G ) is def ined, then it is a re levant set o f e q u a t i o n sets, i.e., VE E C(G) . e l ' r e ( E ) c_ car (G) . C is the do- m a i n o f all the co l lec t ions o rdered by E_, ,,,,'here C E_ C' i f a n d on ly if V G . C ( G ) c_ C ' (G) . T h e par t ia l o rder on C fo rmal izes the evo lu t ion o f the c o m p u t a - t ion process. (C, E) is a comple t e lattice. M a n d LI will d e n o t e the g l b a n d i ub o f C. A pure col lec t ion is a col lec t ion def ined for pure a t o m i c goals .

W e def ine the equi~;alence m o d t d o et~httnced l~ariance ~,,~ on col lec t ions as follows. C _--_-_~:: C' i f a n d on ly if, for any G, there exists a r e n a m i n g p such that , i f C (G) is de- f ined, the., C ' ( G p ) is def ined a n d C ( G ) -,,,,-la~ ( C ' ( G P ) ) p -I a n d vice versa. A n inter- p re ta t ion .;/ is a pure co l lec t ion m o d u l o e n h a n c e d var iance . W e deno te by ilc the set o f in te rp re ta t ions . (I]~:.E_) is a comple t e lattice. W e deno te the equ iva lence class ( m o d u l o e n h a n c e d var iance) o f a col lec t ion a by tr i t se l f Moreover , a n y in te rpre ta t - ion .¢ o f 0~: is impl ic i t ly cons ide red also as a col lec t ion o b t a i n e d by choos ing an ar- b i t ra ry represen ta t ive o f .¢. All the ope ra to r s tha t we use on in t e rp re t a t ions are i n d e p e n d e n t f rom the choice o f the representa t ive . The re fo re we can def ine any op- e ra to r on 0: in t e rms o f its c o u n t e r p a r t def ined on C, i n d e p e n d e n t l y f rom the choice

i Nole that l\~r any solved l\~rm equation set E, mgu(E) can be "trivially" computed. Moreover the delinilion of -~ is independent from the choice of the mgu, since this is unique up to renaming.

,~1. Comini et al. i J. Logic Programming 39 (1999) 43-93 51

o f the rep resen ta t ive . Al l the de f in i t i ons a re i n d e p e n d e n t f r o m the cho ice o f the syn- tac t ic object . T o s imp l i fy the n o t a t i o n , we d e n o t e the c o r r e s p o n d i n g o p e r a t o r s on ~c a n d C by the s a m e n a m e .

O u r s e m a n t i c de f in i t i ons use two bas i c o p e r a t i o n s on e q u a t i o n sets. 1. Let d:~, ~,,2 E H:. T h e n d~ ®j~. ~2 d e n o t e s the set

{ E I Et E all, E" is a r e n a m e d ve r s ion o f E2 E ~2. o b t a i n e d by r e n a m i n g

a p a r t ( f r o m El , x a n d y) all the v a r i a b l e s in ( v a r ( E l ) U {x}) \ {y},

E, t_J E; is s o l v a b l e a n d E is a so lved f o r m o f El t_J E" }.

W e a s s u m e ®.~. to be left-associati 've. In the f o l l o w i n g to s imp l i fy the n o t a t i o n , for a n y ~'l, ~-~ we d e n o t e ¢~t ¢~t ~. ~_, s i m p l y by ~ ® ~,-,. 2. Let E be a n e q u a t i o n set. T h e n EI~ d e n o t e s the set {x -- t E E [ x occurs in x} . T h e

[x o p e r a t i o n c a n be t r iv ia l ly e x t e n d e d to a n y g C EE in the f o l l o w i n g way.

l,[~ := {Elx [ E is a so lved f o r m o f E' E l , } .

F i n a l l y n o t e tha t , for a n y cho ice o f so lved l b r m . the resul ts a re e q u i v a l e n t m o d u l o va r i ance .

3.1.1. D e n o t a t i o n a l s e m a n t i c s T h e d e n o t a t i o n a l s e m a n t i c s . ~ P ] o f a p r o g r a m P is de f ined as the least f ixpo in t o f

the f o l l o w i n g m o n o t o n i c " ' i m m e d i a t e c o n s e q u e n c e " o p e r a t o r .¢[[P]] : tic ~ lc , i.e.,

,~ [ [P~(J ) : = ,;.p(x). I,..J { ~ I c = p ( x ) - E,.4, . . . . . ,4,, i s a r e n a m e d

c l ause o f P. z :-: r a t ( c ) , for i E [1. n], Yi = var (A i ) ,

z = ({El %:., .¢(A,) ~ . _ . . . ~ . , . ¢ ( ~ , , ) ) l ~ } -

T h i s o p e r a t o r is i s o m o r p h i c to the i m m e d i a t e c o n s e q u e n c e o p e r a t o r o f the s - s e m a n - tics. I n d e e d it is easy to see tha t ,:t is j u s t a m a t t e r o f r ep re sen t a t i on . In the s - s e m a n - t ics case, the s u b s t i t u t i o n is s i m p l y a p p l i e d to the pu re a t o m , whi le in o u r case, g iven the pu re a t o m , the c o r r e s p o n d i n g e q u a t i o n a l ve r s ion o f the s u b s t i t u t i o n is r e tu rned .

E x a m p l e 2. C o n s i d e r the p r o g r a m P o f Fig. 1, w h i c h is a " ' s u m " p r o g r a m . Its ( concre te ) d e n o t a t i o n a l s e m a n t i c s is

.~--l~e~ = s,, , , ,( .~,y. : ) ~ { {x -- o . _ :-: y } . {x = s ( O ) . : = s ( y ) } . . . . .

{x = ~ ,"(0) , - = s " ( y ) } , . . . }.

3. ! .2 . O p e r a t i o n a l s e m a n t i c s Def in i t e c l auses h a v e a n a t u r a l c o m p u t a t i o n a l r e a d i n g b a s e d on the r e so lu t ion

p rocedure . T h e specific r e so lu t ion s t ra tegy, ca l led (cquatior~al) S L D - d e r i v a t i o n , is de sc r ibed in the fo l lowing . F o r the sake o f s impl i c i ty we presen t it u s ing the l e f tmos t

e l : s u m ( O , X , X ) . c 2 : s u m ( s ( X ) , Y , s ( Z ) ) : - s u m ( X , Y , Z ) .

Fig. I. The sum program of Examples 2 and 46.

52 M. Coenini et al. I J. LogR" Programming 39 (1999) 43-93

selection rule, but all the results h~ld for any selection rule, since computed answers are independent from the se".~-'ction rule. Let 17 := o ~,p(x), B be an (equational) goal and c := p ( x ) ~-- E, B' be a clause, such that var(c) N var (G) = x and ~ ® {E} ~ l ~ . Then we have an (equational) derivation step

{E),n' , n.

A derivation of a goal 17 in a program P, G "q ,* 6;' is a finite sequence of derivation e q

steps 17 . . . . ---, t7', where e l , . . . ,c~. ar~ renamed clauses of P such that ~"1 ¢"/~

Vi, j E [l,k], j < i, ci = p(x i ) ~-- G~ and var(ci) N (var (G) Uvar (c j ) ) -- xi. The behavior (set o f computed answers) of the goal d ~, B in P is

.~[[~,B in P~ := U {~'l,.,~(n)16~,B eq.e ~,Q}. The top-down (goal- independent) denotat ion of a program P is the interpretation obtained by collecting the behaviors for all pure atomic goals, i.e..

e[[P]] :--= (2p(x)..~¢~o(x) in P ~ ) / - ~ .

The main properties of the concrete semantics are summarized by the following the- o r e . r ~ .

Theorem 3. Let P be a program. G := ~,,41 . . . . . A , be a g o a l Yi := var(Ai) ( /or i E [i, n]) and z : : var(d I . . . . . A , ) . Then 1 . . ~ G in P~ = (~ ®~, t '~P~(A,) ®~......®~. e [1P]](A,))I:. 2 . . ~ P ~ is continuotts on tic (and therefore .~'~P] : . ~ P ~ 1",.,),

=

Property 1 is usually called AND-compos i t i ona l i t y and is sometimes referred to as c,,ndensing in the program analysis field. It essentially shows that the behavior of any (conjunctive) goal can be derived from the goal-independent denotat ion ~P] ] , i.e., from the behaviors of (finitely many) pure atomic goals. It is the property which allows us to take (( [[Pl] as the semantics of a program, without being concerned with the behaviors for all possible goals. The validity of the condensing property is relevant to diagnosis, since it allows us to compare the expected and actual goal-independent behaviors, i.e., the specification is the intended ¢Y~[[P]].

Properties 2 and 3 show that the goal-independent denotat ion can equivalently be computed in a bo t tom-up way as least fixpoint of the immediate consequence operator. This is again very important for the diagnosis problem, since the basic diagnosis algori thm requires the existence of an immediate consequence operator (see Section 5). Moreover, the equivalence of the top-down and the bot tom-up definitions of the denotat ion will allow us to define (see Section 4.2) equivalent top-down diagnosis algorithms, based on oracle simulation.

3.2. The observables and the abstract semant ics

We model the abstractions by using abstract interpretation theory [22,23]. An observable property domain is a set of properties of computed answers with an order-

M. Comini et al. I J. Logic Progranuning 39 (1999) 43-93 53

ing r e l a t i on w h i c h c a n be v iewed as a n a p p r o x i m a t i o n s t ruc tu re . A n o b s e r v a t i o n c o n - sists o f l o o k i n g a t a c o m p u t e d a n s w e r (a r e l evan t so lved f o r m e q u a t i o n set) , a n d t h e n e x t r a c t i n g s o m e p r o p e r t y ( a b s t r a c t i o n ) .

Def ini t ion 4. Le t ( D , ~ ) be a comple~,e lat t ice. A f u n c t i o n ~t : IF --, D is a n o b s e r v a b l e i f it m a p s finite e l emen t s o f ~ in to finite e l emen t s " o f D and there exis ts 7 such t ha t 1. (~t,y>: (IE, c_) ~ ( D , ~< ) is a G a l o i s inse r t ion , 2. V~, d ' ~ E, V finite x such t h a t e l im(~) O el im(~' ) C x C var(d) U var(df'),

.~ =~ ~ ~,(~(~')) - . , ~,(~(~')) , 3. V~ E IF, VD E D a n d fo r a n y r e n a m i n g 3 p, :~(~p) = (~t ($))p a n d ?(Dp) = (),(D))p.

O n c e we h a v e a n o b s e r v a b l e 0~ : IF -~ D, we w a n t to s y s t e m a t i c a l l y der ive the a b - s t r ac t s eman t i c s . T h e idea is to def ine the o p t i m a l a b s t r a c t ve r s ions o f the v a r i o u s s e m a n t i c o p e r a t o r s a n d then check u n d e r wh ich c o n d i t i o n s ( o n the o b s e r v a b l e ) we o b t a i n the o p t i m a l a b s t r a c t s eman t i c s . Th i s will a l low us to iden t i fy s o m e in t e re s t ing c lasses o f o b s e r v a b l e s .

W e s t a r t by de f in ing the o p : i m a l a b s t r a c t c o u n t e r p a r t s o f the bas ic o p e r a t o r s de- f ined on E. T h e n , fo r a n y D, D' , Di E D, I. D _ ~ x D' := cz(},(D) ~ 7(D')), (D ~ D' := ~(7(D) ~ 7(D'))), 2. Qlx : = ~x((7(D))lx), 3. UlD, } ,e , : = ct(U{~,(D,)},d ). For all C e C and G e Goals, let = ' ( C ) : = 2 6 . ~t(C(6))/,..,(~). 4 Then A := ct" (C) c_ [Goals ---- D] is a complete lattice o f functions f rom Goals to the abstract d o m a i n D, o r d e r e d by the t r ivial ex t ens ion to f u n c t i o n s o f ~<, which , by a b u s e o f n o t a t i o n , is d e n o t e d a l so by ~<. N o t e t h a t in the fo l l owing we d e n o t e by I~ a n d the lub a n d glb o f A respect ive ly .

W e call A-co l l ec t i on a n y e l emen t o f A . T h e in se r t i on <~, 7) can be l if ted *o <a*, ~,') : C ~,~ ~ by def in ing , fo r all S ~. ~ a n d G E Goals, ,,'*(S) : : AG(3,(S(G)))[,,,,(~. F r o m n o w on we will o f t en a b u s e n o t a t i o n a n d d e n o t e ~t" by :t ( a n d 7" by 7)- N o t e t h a t in the lot . lowing i f t he re exists a bi ject ive G a l o i s inse r t ion b e t w e e n t w o d o m a i n s , we iden t i fy t hem. A p u r e A-co l l ec t i on is a n e l emen t S E A w h i c h is unde f ined fo r eve ry n o n - p u r e a t o m .

C o n d i t i o n 2 o f De f in i t i on 4 s t a t e s t h a t the o b s e r v a t i o n d o e s no t d e p e n d o n the cho ice o f the h idden v a r i a b l e n a m e s a n d on the cho ice o f t he so lved f o r m o f t he e q u a t i o n s used in the c o m p u t a t i o n . H e n c e we can def ine a n a b s t r a c t e n h a n c e d var i - a n c e r e l a t ion ------a on p u r e A-co l l ec t i ons as fol lows: f o r a n y p u r e A-co l l ec t i on S ,S ' , S --a S' .,!----> ? (S) - -c 7(S ' ) . A n A-interpretation is a p u r e A-co l l ec t i on m o d u l o ------a. S ince (by C o n d i t i o n 2) D---=c D ' impl ies 0e(D) ----A ~t(D'), t hen the A - i n t e r p r e t a t i o n ~( I ) is well def ined , fo r a n y C - i n t e r p r e t a t i o n I . F u r t h e r m o r e , C o n d i t i o n 3 s t a t e s t h a t the o b s e r v a t i o n d o e s n o t d e p e n d u p o n a p a r t i c u l a r cho ice o f the va r i ab l e n a m e s . W e

z We assume that the elements of the domain D can be represented by means of a syntactic expression built over the (free) variables which appear in the corresponding equations in ~. Byfinite element of D we mean any element which is finitely representable in the domain D.

~ Note that the renaming operation has to be applied to the syntactic representation of the abstract object.

4 Remember that if C(G) is undefined then also :t(C(G)) is undefined.

54 ,~1. Comini et aLI J. Logic Programmbtg 39 (1999) 43-93

d e n o t e by (II~,, ~< ) the c o m p l e t e la t t ice o f A - i n t e r p r e t a t i o n s . A n y A - i n t e r p r e t a t i o n . ¢ , o f 0~, is impl ic i t ly c o n s i d e r e d a lso as a n a r b i t r a r y ~ - e o l l e c t i o n o b t a i n e d by c h o o s - ing a n a r b i t r a r y r e p r e s e n t a t i v e of.~¢, . All the s e m a n t i c o p e r a t o r s t ha t we use on A - i n t e r p r e t a t i o n s a r e i n d e p e n d e n t f r o m the cho ice o f the r ep re sen t a t i ve . T h e r e f o r e we can def ine a n y o p e r a t o r on Ila in t e r m s .of its c o u n t e r p a r t de f ined on ~ , i n d e p e n d e n t - ly f r o m the cho ice o f the r ep re sen t a t i ve .

O n c e we h a v e the o p t i m a l a b s t r a c t o p e r a t o r s , we can def ine the c o r r e s p o n d i n g ab - s t r ac t s e m a n t i c s , o b t a i n e d f r o m the d e n o t a t i o n a l a n d o p e r a t i o n a l s e m a n t i c s o f c o m - p u t e d a n s w e r s by r e p l a c i n g the c o n c r e t e s e m a n t i c o p e r a t o r s by the i r o p t i m a l a b s t r a c t ve rs ions .

3.2.1. A b s t r a c t deno ta t iona l semant i c s A n a b s t r a c t goa l is an ob jec t o f the f o r m D. B w h e r e B is a p u r e goa l a n d D E ID is

a finite a b s t r a c t c o n s t r a i n t , such tha t D<~ DT,,,r~n ~ (i.e.. D is r e l evan t fo r B). : , ({0}) . B will be s imply d e n o t e d by B.

T h e a b s t r a c t d e n o t a t i o n a l s e m a n t i c s o f a p r o g r a m P is def ined as the leas t f ixpoin t o f the fo l lowing m o n o t o n i c " ' abs t r ac t i m m e d i a t e c o n s e q u e n c e " o p e r a t o r .~,llP~ : 0,~ ---+ 0~, i.e., .~~[~P~ : = /J~o .¢~[[P~.

• ~ [ P ~ ( . ¢ ~ ) :=, : .p(x) . 0 { D i c = p ( x ) ---- E , A , . . . . . .4,, is a r e n a m e d

c lause o f P. z = ra t ( c ) , for i E [!, n] ,y i = rar(Ai) ,

• .-3 ~ ~ . | . • )

3.2.2. Abs t rac t opera t ional sentant ics Let G := D . p ( x ) . B be a n a b s t r a c t goa l a n d c "= p ( x ) .--- E. B' be a c lause , such

tha t v a t ( c ) A t , a r ( G ) = x a n d D ~ ~({E}) is a finite e l emen t o f let) d i f ferent f r o m 5 -l-r~. T h e n we h a v e a n abs t rac t derivat ion s tep

G "--~---~" o -~ ~ ( { E } ) , B'. B.

A d e r i v a t i o n o f a goa l G in a p r o g r a m P. G "-¢t]" G ' is a finite s equence o f d e r i v a t i o n - e q x - . e q P

s teps G . . . . . G ' , w h e r e c~ . . . . . c~ a re r e n a m e d c lauses o f P such t h a t c I ( '~

V i . j E [ l . k ] , j < i. c~ = p(x~) ~ G, a n d var(c~) n ( v a t ( G ) U t a r ( c , ) ) = x, .

T h e abs:, 'act b, ,havior o f the a b s t r a c t goa l D. B in P is

• ~[ID, B in Pj~ U { I D, B O} / "

a n d the abs t rac t top-¢h)u'n denota t ion o f a p r o g r a m P is the i n t e r p r e t a t i o n

f ~[~P]] := ( 2 t , ( x ) . . ~ , ~ p ( x ) in P ~ ) / ~ .

A s a l r e a d y d i scussed in the i n t r o d u c t i o n , the s e m a n t i c p r o p e r t i e s w h i c h a re re levan t to the d i a g n o s i s p r o b l e m are the c o n d e n s i n g p r o p e r t y a n d the e q u i v a l e n c e be tween the t o p - d o w n a n d the b o t t o m - u p def in i t ions o f the d e n o t a t i o n . A n a d d i t i o n a l r e l evan t is-

~ Note that in the fotlowmg we will guarantee that the :~; operation will map finite arguments to finite results. For complete observables (Section 3.3) this will be consequence of the precision, while for approximate observables this will be consequence of the noetherianity of the domain.

~kl. Comini et al. I J. Logic Programm#tg 39 (1999) 43 -93 55

sue is precision, i.e., the relation between the abstract semantics and the abstract ion of the concrete semantics. We will then identify two interesting classes of observables (complete and approximate) . All the observables in both classes are condensing and lead to equivalent top-down and bo t tom-up definitions. Complete observables are also precise, i.e., ~ ( .~P] ] ) = .~,,~P]], while approximate observables (intended to be used for p rogram analysis) lead to approx imated abst ract semantics, i.e.. ~(,~,~[P~) ~ . ~ P ~ . Note that there exist observables, which are interesting for program analysis and which are not even approximate (for example, the domain of groundness dependencies ¢_~.~ [5] is not condensing). However, as a l ready mentioned in the introduction, there is evidence that non-condensing observab!es can systematically be t ransformed into condensing observables, by using domain refinement operators.

3.3. C o m p l e t e observables

First o f all recall that any observable is precise w.r.t, the union operat ion since, for any Galois insertion,

= e,, = ~ ( , ' o : O ( a , ) = U , ~ :~(a,) . ( l )

D e f i n i t i o n 5 . L e t =L : ~: --, O be an observable. Then ~ is a complete observable if

2. 7(=(~1.,)) =~ ~(((7 ° :e)~)l.,).

Note that, for any finite D, l Y E D, D ~ D' is finite since (by additivity of ~) there exist two finite elements ~, ~ ' ~ [E such that D = ~(~,), D' = ~(¢g') and then (by Con- dition l) ~ (~ '~(g)~ 7~(~,')) is finite.

Theorem 6. Let ~ : IF ~ D be a comple t e observable. G := D, AI . . . . . A , be an abs t rac t g o a l P be a program, z :-- rar(AI . . . . . A , ) a n d y i := t 'ar(Ai) (for i E [l.n]). Then I. ~ (e~e~) = e~[It'L 2. ~,&[[~ m P] = (D+.=,,, e,~p]](A,)& L . . . . ,~.~.:,.,, e~{[P~(.~.))i:.. 3. ot(.#[~ P~] (,s¢ ) ) = .~:~ [[ P~ ( o~(.¢" ) ), 4. ;~a ~p~ ,;s cont imtous on 0~ (and thereJore . ~ P ~ = .'J',~P~ ]',,,),

Theorem 6 shows that complete observables satis~: all the properties o f the concrete semantics. In particular, they are condensing (Point 2) and the abstract top- down and bo t tom-up semantics are equivalent (Point 6). In addit ion, complete observables are precise (Points 1 and 5). The class o f complete observables includes computed answers 6 and the observables correct answers and ground instances of computed answers, whose semantics are the atomic logical consequence observables (c-semantics) and the least Herbrand model, respectively.

6 It can be simply defined as ~.,¢. {mgu(E) I E ~ E, }.

56 M. Comini et al. i J. Logic Programmhig 39 (1909) 43-93

3.3.1 . T h e cor rec t a n s w e r o b s e r v a b l e We show how to obtain a semantics which models correct answers and is isomor-

phic to the c-semantics [9,27]. A similar construct ion can be used to define ground correct answers leading to the least Herbrand model semantics.

Correct answers are closed under instantiat ion. This proper ty corresponds to the downward closure of the cor respcnding equat ion sets. These sets can be (efficiently) handled with maximal equat ion sets w.r.t. ~ ~..

First o f all consider equat ion sets modulo ~,,. Any ~ ' E ~/~.. is n o n - r e d u n d a n t (w.r.t. ~ ~) if and only if VE, E ' E ~ . E ~ E ' implies E ~ , , E ' . We denote by p-] the non- redundancy operator , i.e., [g] := { E I E ~ ~ , V E ' E g . E ~ E' ~ E ~ , £ ' } . Any downward closed ~ E n: can be (uniquely) represented by [~1. Hence we can represent any set o f correct answers by a non- redundant equat ion set. Fur thermore , since the set o f correct answer~ is any instance of some computed answers, given an equation set ~ of computed answers, P~] is the representative of the equat ion set o f correct answers.

Let D , := ([IE/.~<], C/~<.) de~:ioie the complete lattice o f non- redundant sets o f (equivalence classes of) finite solved form equat ion sets, part ial ly ordered by C_/~.,.. Hence the c o r r e c t a n s w e r o b s e r v a b l e ~ : ~ --, ~ is

~,(~) := r~l.

By applying the definitions, the ",',bstract opera tors are ~ i ~ _ - : [~l ®?;.,], ~ l ~ . - = r~l c~ ~ , ] , ~,tie,_~ = pc,, u e,_,] and ~'i.~ = Fe, l.,]. Note that ~ and t] are the g l b and l ub of D 0, respectively.

q~ is a complete observable and its immediate consequence opera tor is

= ; . , ( x ) .

3.4. A p p r o x # n a t e o b s e r v a b l e s

Approx imate observables are intended to model domains where we cannot require the precision property. We therefore relax the axioms of complete observables to ad- mit non-precise ~ and / operators . However, as already argued in the introduct ion, we still want to guarantee that the condensing and equivalence properties are satisfied. This can be achieved by imposing the following abstract versions of the basic propert ies used in Theorem 3 to guarantee condensing and equivalence in the concrete case.

Definition 7. Let ~ : IF --~ D be an observable. Then ~t is an approximate observable if D is noetherian and 1. ~ ( ~ ( e , ) ~ ~ ' ) = ~(e, ~ 7~(,,~')) = ~(7~(~) ~ 7~(e,')). 2. ] is additive on (D, <~ ). 3. var( ~( { 0 } )) = 0. 4. For any x , ) , , z such that x , y c_ z, ( D l ~ . D2)/: = (D,/, ~.]. D:)], and (DI ~ . D2)[x =

(Dr &g. D21,.)I~. 5. Let x C_z and n>~ 1. If, for any i E [l,n], r a r ( D ~ ) n ( d a r ( D ) U z ) C _ x then

D ~ ) ( D , ~ , . . . ~¢D,,) = D ~ x ( D , , : ~ . . - ~D,,).

M. Comini et aL ! J. Logic Programming 39 (1999) 43 03 57

6. Let x c_ z a n d n >t 1. If, for any i E [ l ,n] , var(D) f ' ) ( c a r ( D i ) U z ) C x then ( D l ~ - " . ~ D , , ) ~ D = l D , ~ . . . ~ D , , ) ~ D.

7. The noe thor ian i ty o f D is used to ensure the finiteness o f ~ .

No te that , differently f rom the case o f comple te observables , the class o f approximate observab les is also chara~:terized in te rms o f some proper t ies o f the abs t rac t operators . A n equiva len t charac te r iza t ion , given in te rms o f ~, 7 a n d the concrete operators , is pos,~ibl¢ but would be ha rde r to unders tand .

Theorem 8. Let ~ : [E---, D be an a p p r o x i m a t e observable. P be a program, 6: := D , , 4 1 , . . . ,,4n be an abs t rac t g o a l z := var(d! . . . . . An) a n d Yi : l _ var(,4i) (for i E [[, n]). Then

2. a=~6: in P~ = (D~] . , t c~p] (A l )~] , , . - • - ~ . C~P~P])iA,,))],,

3. :~=[P] is cont inuous on OA (and there fore : ~ , [ P ] = ~#,[P] T ,,,),

T h e o r e m 8 shows that a p p r o x i m a t e observab les are condens ing (Point 2) and tha t the abs t rac t top -down a n d b o t t o m - u p semant ics are equiva len t (Point 6). However , the deno ta t ions are jus t correct a p p r o x i m a t i o n s , yet they are not precise (Points 1 a n d 5). No te that the above charac te r iza t ion o f a p p r o x i m a t e observables guaran tees the op t ima l i ty o f the abs t rac t i m m e d i a t e consequence opera to r (see Poin t 4).

3. 4.1. The .~t f .9 ~ observable f o r groundness dependencies o f c o m p u t e d answers We show now how to mode l the d o m a i n :#t;eA/', des igned for the groundness anal-

y s i s o f logic p r o g r a m s [21,38]. ~tr~9 " is a d o m a i n o f equiva lence classes o f proposi - t iona l fo rmulas , buil t using the logical connect ives ~-% A a n d v, a n d ordered by impl ica t ion . T h e p ropos i t iona l fo rmulas represent g roundness dependenc ies a m o n g var iables . The d o m a i n .~e~,9 ° for two var iables is shown in Fig. 2.

Firs t o f all we have to define the abs t rac t ion F(t ) of a concrete term t. I f var(t) = { x l , . . . ,xn} then r ( t ) := xt ^ - . - A x , . T h e in tu i t ion is that , in order for t to be g round , all its var iab les :q . . . . . x, must be ground.

We can extend F to solved t b rm equa t ion sets to ob ta in abs t rac t fo rmulas as follows. F ( E ) := A,=,~E(x ~ r ( t ) ) , where r(0) := tl~ze. Abst rac t fo rmula s are proposi - t ional fo rmulas which express the g roundness dependenc ies a m o n g the e l iminab le var iab les a n d the o ther var iables o f the concrete solved fo rm equa t ion set. T h e groundness dependencies observable ~r : IF --, .~#d%~' is

~r(8) := V r(E), EE¢~

where ~ r ( 0 ) : = f a l s e . By app ly ing the defini t ion, the abs t rac t opera tors turn out to be

58 M. Com#K et ai. l J. Log&" Programming 39 (1999) 43-93

t r u e

Y - - o X X - - - r Y

X Y

) ,

false

Fig. 2. The domain ,'/'(' .'t' for two variables X. Y.

F,~,F_, = F , A ~ ,

- -

F[., = { F if car (F) C {x}.

(Fb ' ~ true] v F b ' ~ fidse])i., for s o m e y ~ ,,a,'(F) \ {x}.

where FLy ,~ E] is ob ta ined by replacing each occurrence o f the var iable v in F by E. No te that the abs t rac t not ion o[ restr ict ion o f an abs t rac t formula co r re sponds to SchrSder ' s edimination principle.

The ~ ope ra t ion is pe r fo rmed by first r enaming the second a rgumen t and then c o m p u t i n g the conjunc t ion . We omit its formal defini t ion because it is not needed to define the semantics , since, in any express ion we use, it col lapses to ~ .

~r is an a p p r o x i m a t e observable . The abs t rac t immedia te consequence o p e r a t o r . ~ , ~P~ is

( ) • ~,-~[P~("/, , ) = :.P(~). V ~,,.(1 E l ) ,,, A . ¢ , , . ( A , ) [.,. p ( x ) ~ F . . - I | . . . . . . .t,, i . . l

r e n a m e d ~.'l:D.use ol" P

N o t e that .¢~, [[P]~ is defined only in terms o f abs t rac t restr ic t ion i and o f the iub and g lb opera to r s on .¢(' if ' (A and v , respectively).

Example 9. Cons ide r the p r o g r a m P o f Fig. 3 and the g roundness dependencies observable . The abs t rac t deno ta t i on o f P is

_ [ p ( .v , ) ' ) ~--~x Vy,

I . r ( x , y ) ~ x A v .

which tmn~ out to be precise since . ~ - , , [[P]] = ~tf(JT~P~]). No te that , if we choose to represent g roundness dependencies using the d o m a i n ~ ? , . T , which does not con ta in dis juvct ive fo rmulas (and whose co r re spond ing observable is not approx imate ) , we

:Vl. Comini et aLI J. Logic Programming 39 (1999) 43-93 59

r ( X , ~) : - p ( X , Y ) , q ( X , Y ) . p ( a , Y ) . p ( X , b ) . q ( X , X ) .

Fig. 3. The program of Examples 9. 44 and 50.

w o u l d o b t a i n a less precise a b s t r a c t s eman t i c s , w h e r e the s e m a n t i c s o f p ( x , y ) w o u l d be true a n d the s e m a n t i c s o f r(x,y) w o u l d be x ~ ),.

3.4.2. The depth(k) observable W e s h o w n o w h o w to a p p r o x i m a t e a n infini te set o f c o m p u t e d a n s w e r s by m e a n s

o f a depth(k) cut , i.e., by cu t t i ng t e r m s which h a v e a d e p t h g r e a t e r t h a n k. T e r m s a re cu t by r e p l a c i n g each s u b - t e r m r o o t e d a t d e p t h k wi th a n e w v a r i a b l e t a k e n f r o m a set I? (d is jo in t f r o m V). A depth(k) t e r m r ep re sen t s all the t e r m s o b t a i n e d by i n s t a n t i a t - ing the v a r i a b l e s o f f" wi th t e r m s bui l t o v e r V.

F i r s t o f all we have to def ine the a b s t r a c t i o n t& as the depth(k) r e d u c t i o n o f the c o n c r e t e t e r m t. We can ex t end kk to so lved f o r m e q u a t i o n sets to o b t a i n a b s t r a c t for - m u l a s as fo l lows. Ekk : = {x = t& ] x = t E E}. W e a s s u m e tha t , fo l a n y e q u a t i o n in E, a n y cu t is p e r f o r m e d by us ing d is t inc t va r i ab l e s o f It'. W e d e n o t e by IF,~ the set o f so lved f o r m e q u a t i o n sets wi th depth(k) t e r m s a n d e l iminab le va r i ab l e s in V. T h e depth(k) o b s e r v a b l e r~ : E ~ IF~.~. is

,:~(e,) : = { E ~ I E c e,}. In the fo l l owing we a s s u m e tha t , f o r a n y exp re s s ion . T ~ ; . T ' , we r e n a m e va r i ab l e s in V a n d I? wi th va r i ab l e s still in F a n d V respect ively . F u r t h e r m o r e we c o n s i d e r on ly solved f o r m s wi th e l iminab le va r i ab l e s in V. U n d e r these a s s u m p t i o n s , by a p p l y i n g the def in i t ion , the a b s t r a c t o p e r a t o r s t u rn ou t to be

JZ"

= =

r~ is an a p p r o x i m : ~ e o b s e r v a b l e . T h e a b s t r a c t i m m e d i a t e c o n s e q u e n c e o p e r a t o r :~',, [[P]] is

{-.~ I , " = p ( - , : ) - E , . . 4 , . . . . . ~,, is a r e n a m e d c , a u s e o f P, z -- rat(c), fo r i E [i , n ] , ) ' i -~- t~cll'(.4i),

= (({E'}~,, o,., .J,'~,(A,) o.~._~ ....~.~..¢,,(.~,,))~,01.,}.

E x a m p l e 1O. C o n s i d e r the p r o g r a n a / ' o f Fig. 4 a n d the depth(2) o b s e r v a b l e . T h e a b s t r a c t d e n o t a t i o n o f P is

= , . ( x ) - = / ( . . = ) } .

60 lid. CombH et al. I J. Logh" Programming 39 (1999) 43-93

r(X). rCf(X)) :- r(X).

Fig. 4. The program o f Example 10.

4. Abstract diagnos~

In the fo l lowing , the o b s e r v a b l e ~ will a l w a y s be a s s u m e d to be at least a p p r o x i - ma te , s ince we k n o w tha t for these o b s e r v a b l e s the ac tua l a n d the i n t e n d e d b e h a v i o r s for all the goa l s o f a p r o g r a m are mf ique ly d e t e r m i n e d by the b e h a v i o r s for p u r e a t o m i c goals . T h e f o l l o w i n g Def in i t i on 11 ex t ends to a b s t r a c t d i a g n o s i s the defiz~i- t ions g iven in Refs . [43,28,35] for d~c la ra t ive d i agnos i s , i n the f o l l o w i n g : ~ is the spec i f i ca t ion o f the i n t e n d e d b e h a v i o r o f a p r o g r a m for pu re a t o m s w.r.t , the nbse rv - ab le ~t.

Def in i t ion 11. Let P be a p r o g r a m a n d 2 be an o b s e r v a b l e . !. P is pa r t i a l l y cor rec t w . r . t . . / i f ~t ( .~P]]) ~< ./~. 2. P is c o m p l e t e w . r . t . . / i f ¢ <~ :t(.~~P~,. 3. P is to t a l ly cor rec t w . r . t . . / , i f :~(.F~P~) = .¢~.

It is w o r t h n o t i n g tha t the a b o v e de f in i t i on is g iven in t e rms o f the abstr~,.ction o f the conc re t e s e m a n t i c s ~(.~n-P]]) a n d nt, t in t e rms o f the (poss ib ly less precise) ab- s t rac t s e m a n t i c s .~-~I[P~. T h i s me:,.,~s tha t .¢~ is the a bst , ,~ction o f the i n t e n d e d t;on- crete s e m a n t i c s o f P. In o t h e r words , the specif ier c a n on ly reason in t e rms o f the p rope r t i e s o f the expec ted conc re t e s e m a n t i c s w i t h o u t be ing c o n c e r n e d wi th {approx- ima te ) a b s t r a c t c o m p u t a t i o n s .

N o t e a lso tha t o u r n o t i o n o f to ta l co r r ec tnes s does no t c o n c e r n t e r m i n a t i o n . W e c a n n o t a d d r e s s t e r m i n a t i o n issues here, s ince the conc re t e s e m a n t i c s we use is too a b - s t ract .

I f P is no t to ta l ly correc t , we are left wi th the p r o b l e m o f d e t e r m i n i n g the er rors , w h i c h a re re la ted to the s i ' m p t o m s . S y m p t o m s a r e ~ - e h ' m e n t s , a c c o r d i n g to the fol- lowint , de f in i t ion .

Def in i t ion 12. A n & - e l e m e n t tr is a n & - i n t e r p r e t a t i o n def ined for a pu re a t o m A o n l y ( a n d is o the rwi se undef ined) . F u r t h e r m o r e i f the images o f the e l e m e n t s o f A (wh ich a re f u n c t i o n s ) a re s t r u c t u r e d as a set, then 0-(,4) mus t a lso be a sin$1eton.

By a b u s e o f n o t a t i o n , in the fo l l owing .4 ~ {E} will be d e n o t e d s i m p l y by A ~-~ E.

Def in i t ion 13. Let P be a p r o g r a m a n d :t be an o b s e r v a b l e . T h e n 1. A n inco r r ec tnes s s y m p t o m is a n ~ - e l e m e n t tr such tha t tr <~ ~t(.~[[P]]) a n d tr ;~ . /~. 2. A n i n c o m p l e t e n e s s s y m p t o m is a n A - e l e m e n t tr such tha t tr <~ . / a n d tr g~ ~t(.~[[P]]).

N o t e tha t a to ta l ly cor rec t p r o g r a m h a s no inco r rec tnes s a n d no i n c o m p l e t e n e s s s y m p t o m s . O u r i n c o m p l e t e n e s s s y m p t o m s a re re la ted to the insuf f ic iency s y m p t o m s

AI. Comini et aL I J. Logic Programming 39 (1990) 43-93 61

c l : q (X) : - p ( X ) . c2 : p ( a ) .

Fig. 5. -I'be program of Examples 14 and 17.

in Re['. [28], wh ich a re def ined by t a k i n g g f p .~ ,P~ i n s t ead o f - ~ P ] -- I f p .~,~P~ as p r o g r a m seman t i c s . T h e t w o def in i t ions , even if different , t u r n o u t to be the s a m e fo r the class o f a c c e p t a b l e p r o g r a m s (see Sec t ion 5.1 ). F e r r a n d ' s cho ice is m o t i v a t e d by the fac t t h a t g/jo .#[[P]] is re la ted to finite fa i lures . T h e a p p r o a c h o f us ing two dif- fe rent s e m a n t i c s for r e a s o n i n g a b o u t i n c o r r e c t n e s s a n d i n c o m p l e t e n e s s h a s been p u r - sued in Ref . [29], l ead ing to an e legan t u n i f o r m (yet non-ef fec t ive) c h a r a c t e r i z a t i o n o f c o r r e c t n e s s a n d comple t enes s .

It is s t r a i g h t f o r w a r d to real ize t ha t an A - e l e m e n t m a y s o m e t i m e s be an incor rec t - ness o r i n c o m p l e t e n e s s s y m p t o m , jus t b e c a u s e o f a n o t h e r s y m p t o m .

E x a m p l e 14. C o n s i d e r the p r o g r a m P o f Fig. 5. the fo l lowing spec i f ica t ion a n d a b s t r a c t s e m a n t i c s o f P. respect ive ly , w.r . : , the c o m p u t e d a n s w e r o b s e r v a b l e .

.¢ : = J" p ( x ) ~ O.

I, q (x) ~ O. S p ( x ) ~ {x = , ,} .

"t q(x ) ~ b~ = a} .

H e n c e or, : = p(x) ~-~ {x = a} a n d tr, := q(x) ~ {x = a} a re b o t h i nco r r ec tnes s sy.,.,:p- t o m s bu t tr, is j u s t a c o n s e q u e n c e o f a t -

C o n s i d e r now. the spec i f ica t ion ..¢' := q(x) ,-- {x -= a} . T h e r e exis ts on ly a n incor - rec tness s y m p t o m , i.e.. tr : ~ p(x) ~-, {x --- a} . I f we fix ti~is bug (by r e m o v i n g the sec- o n d c lause) , we get an i n c o m p l e t e n e s s s y m p t o m , since for the modi f i ed p r o g r a m Q, ..~[[Q]~(q(x)) ---- 13.

T h e diagnosis d e t e r m i n e s the " ' bas i c " s y m p t o m s a n d , in the case o f incor rec tness , the re levan t c l ause in the p r o g r a m . Th i s is c a p t u r e d by the def in i t ions o f hworrec t clquse and tutt'over¢'d/~-eh, ment . which a re re la ted to i n c o r r e c t n e s s a n d i n c o m p l e t e - nesz s y m p t o m s , respect ively . As we will s h o w in the next t w o subsec t ions , incor rec t c lauses .and u n c o v e r e d A - e l e m e n t s can e q u i v a l e n t l y be c h a r a c t e r i z e d in a b o t t o m - u p a n d t o p - d o w n way .

4.1. B o t t o m - u p diagnosis

T h e b o t t o m - u p d i agnos i s is based on the a p p l i c a t i o n o f the abstract immed ia te t'onseqt~, nce operator .~,~[P].

Defini t ion 15. Let P be a p r o g r a m . I f there exis ts an A - e l e m e n t ~ such tha t tr ~ . /~ a n d tr <~ . ~ [ [ { c } ] ( . q ~ ) . 7 then the c lause c E P is incor rec t on tr.

7 Note that .g~{ c}~ is the operator associated to the program {c}. consisting of the clause c ,)nl).

62 3~1. Comitti et aLI J. Logic Prvgramming 39 (1999) 43-93

I n f o r m a l l y , c is incorrec t on a, i f it der ives a w r o n g A - e l e m e n t f rom the i n t ended semant ics .

Defini t ion 16. Let P be a p r o g r a m . A n A - e l e m e n t a is uncovered i f a ~< , i~ a n d o- :~ .~= [[P~ ( . ~ ) .

I n f o r m a l l y , o- is uncove red i f there are no c lauses de r iv ing it f r om the i n t ended seman t i c s .

E x a m p l e 17. C o n s i d e r (again) the p r o g r a m o f Fig. 5 w.r.t, the obse rvab l e c o m p u t e d answers a n d the spec i f ica t ion ..9" o f E x a m p l e 14. It shows that ¢rj := p(x) ~ {x = a} a n d a2 := q(x) ~-, {x = a} are bo th incor rec tness s y m p t o m s (even i f a2 is jus t a c o n s e q u e n c e o f a l ) . By a p p l y i n g Def in i t ion 15 we o b t a i n

.~[[-{cl}]]( .F)-- q(x) ~-~ ~, ,~[[{e2}~(,g') : p ( x ) ~ {.v ----- a}.

H e n c e we detect one b u g only , i.e., tha t the c lause e 2 is incorrec t on at . C o n s i d e r n o w the speci f ica t ion J ' o f E x a m p l e 14. It shows one incor rec tness

s y m p t o m only , i.e., a : = p(x) ~ {x = a}. By a p p l y i n g Def in i t ions 15 and 16 we f ind ou t tha t the c lause e 2 is incorrec t on tr and , in add i t ion , tha t a ' := q[x) ~-~ {x = a} is uncovered . T h i s is exac t ly w h a t we wou ld o b t a i n once we fix the incor rec tness bug.

N o t e tha t (since ,~/'~< , ~ P ~ ) the p r o g r a m is c o m p l e t e (i.e., there are no i ncom- ple teness s y m p t o m s ) even i f there is an uncove red A-e lemen t .

It is wor th n o t i n g tha t c h e c k i n g the c o n d i t i o n s o f Def in i t i ons 15 a n d 16 requi res one a p p l i c a t i o n o f ; ~ P ~ to .~'~, whi le the de tec t ion o f s y m p t o m s (Def in i t ion 13) w o u l d requi re the cons t ruc t i on o f :~(.~[P]]) a n d the re fore a f ixpoint c o m p u t a t i o n . T h e a b o v e e x a m p l e s suggest tha t bugs m i g h t be c a p t u r e d by incorrec t c lauses a u d uncove red A - e l e m e n t s m u c h bet ter t h a n by s y m p t o m s . Th i s will be f o r m a l l y p roved in Sec t ions 5 a n d 7 for c o m p l e t e a n d a p p r o x i m a t e o b s e r v a b l e s separa te ly . However , we will n o w first look at an a l t e rna t ive cha rac t e r i z a t i on o f incorrect c lauses a n d uncovered A-e lements .

4.2. Top-down diagnosis

T h e " b o t t o m - u p ' " d i a g n o s i s is based on Def in i t i ons ! 5 a n d 16 a n d requi res the ap- p l i ca t ion o f .~[P-~ to the speci f ica t ion ,f~. In the t o p - d o w n d iagnos i s , ,~=~ can m o r e n a t u r a l l y be v iewed as a n abstract oracle, i.e., it c an be i m p l e m e n t e d by q u e r y i n g the user. Several o rac les have been used in dec la ra t ive d e b u g g i n g (see the d i scuss ion in Ref. [39]). T h e abs t r ac t o rac le i m p l e m e n t a t i o n o f ,t~ can be m o d e l e d as a func t ion wh ich , wheneve r a p p l i e d to a pure a t o m (the q u e r y to the user), r e tu rns the abs t rac - t ion o f the set o f all the i n t ended c o m p u t e d answers .

O n c e we have the oracle , we can def ine tile abstract oracle s#nulation, fo l lowing [43]. T h e orac le s i m u l a t i o n a l lows us to express in a c o m p a c t w a y new t o p - d o w n diagnos i s cond i t ions . T h e orac le s i m u l a t i o n p e r f o r m s o n e s tep o f abs t r ac t goal rewrit- ing by us ing the p r o g r a m c lauses a n d then gets the abs t r ac t answers for the resu l t ing abs t r ac t goal f r o m the oracle .

~I. Comini et aLI J. L .~g&' Programming 39 (1999.) 43-93 63

Definition 18. Let P be a program. Then the abstract oracle simulation of P is

~!:.~P]] :=,;.p(x). 0 { D ~p(x) ~ , D', A t , . . . , A,,, c is a renamed clause o f P,

z = ear(c), tbr i ~ [1,n], y~ = ear(At),

O = ' ~: - - - (=({E})~->c.',,,.:..,(A,)"~. z ~.:),,,,:~,(A,,)IT=). The following two theorems justify the top-down diagnosis.

Theorem 19. Le t ~ be either a complete or at: approx imate observable. A clause c E P is incorrect on the ~ - e l e m e n t ~r i f and only ~t'a ~ ~"5 /~{c}~ and ¢r~ . /~.

Proof. Let p ( x ) be the (only) goal on which tr is defined ant~ ~: be a clause. Then, by Definition ~ 8,

C : : x ~ { c } ~ ( p ( x ) ) =il o I ?(.,-) ..... A,,. ~.r • -

c' = p ( x ) *--- E. A t . . . . . A , is a renamed version of c,

z = ear(c'), for i E [l,n], y, = ear(A,),

= . . . . D

Foe any complete and approximate observable (:z( { 0})~=( { E}) ),~,D' = :~( { E}),~LY and (ce({O})~D')[ x = D[ x.

# [[{c}~(.¢=)(p(x)) (:::/~=[[{c}n(p(x)) and there- Hence. by definition o f , =~- ]], ,~'~ = tore o<~ e : : t '~{c}~ ~ a ~ , # ~ { c } ~ ( . / ~ ) . []

Note that the proof of Theorem 19 is clearly based on the properties of our semantics, which relate fixpoint bot tom-up computat ions to top-down refutations for pure atomic goals. By similar arguments we can prove the following theorem.

Theorem 20. An /~-element ~r L~ uncovered ( ( a n d only i f ¢r <~ J= and ¢r ~ (5,~ ~ P ~ .

The top-down diagnosis definitions are particularly important , since they can natu- rally be implemented by meta-interpreters. Showing our recta-interpreters, which are parametric w.r.t, the observable, is out the scope of this paper. They are described in Re(. [12] and the sources can be retrieved at Re(. [1 1]. For our purposes, it is enough to say that the meta-interpreters are parametric w.r.t, the observable, whose opera- tions have to be specilied in a suitable module. Apar t from being generic, they are very similar to those described in the most relevant papers on declarative diagnosis (see Re(. [39] for a comprehensive description). The main difference is that they do not need to start from symptoms. In fact, as expected from the definitions in Sec- tion 4.2, the oracle simulation just needs to be applied to finitely many pure atomic goals. If the oracle returns finitely many answers to each query (i.e., if ./~ is finite), the recta-interpreters systematically derive all the incorrect clauses and uncovered A- elements.

64 M. Comini et ai. I J. Logic Programmhtg 39 (1990) 43 -93

4.3. T o w a r d s the di~tgnosis theorems

We have now a diagnosis method (detection o7 incorrect clauses and uncovered A-elements), which can equivalently be implemented in a bo t tom-up and in a top- down way. We ar.. left with the problem of formally establishing the properties o f the diagnosis method, i.e., o f proving which is the relation between incorrect clauses and uncovered A-elements on one side, and correctness and completeness, on the other side.

It is worth noting that correctness and completeness are defined in terms of =(.T~P~), i.e., in terms of abstract ion of the concrete semantics. On the other hand, incorrect clauses and uncovered A-elements are defined directly in terms of abstract computa t ions (the abstract immediate consequence opera tor .~,~P~] in the bo t tom-up character izat ion and the abstract oracle simulat ion in the top-down characteriza- tion). The issut: - o f the precision of the abstract semantics becomes therefore relevant in establishir~g the relation between the two concepts. This is why the results for complete and approximate observables are different and will be show~n separately. In particular, we have weaker results for approximate observables, because of the approx imat ion of abstract computat ions .

We will first consider the case of complete observables in Section 5. We will later consider approximate observables in Section 7.

5. Abstract diagnosis w.r.t, complete observables

First o f all. we would like to recall that computed answers, correct answers and ground correct answers are all complete observables. Hence, the results o f this section apply to the diagnosis w.r.t, computed answers [i 8] and to the declarative diag- noses in Refs. [43,28].

In this section ~ will always denote a complete observable and P a program. The first theorem shows the relation between partial correctness (Point ! o f Def-

inition i !) and absence of incorrect clauses (Definition 15).

Theorem 21. I f there are no in('orre('t clauses in P, then P is par t ia l ly ('orreet w.r.t. ~. The ('.,_~p.t,er~e does not hoM.

Proof. By hypothesis, Vc E P..¢~[[{,'} I~(.~¢~) <~ .;¢~. Hence .¢~[P~(.Jx) ~< .~¢~, i.e.,-¢~, is a pre-fixpoint of .~*~[[P~. Since x( .~P~]) = . ~ P ~ ] = /j~o .~[[P~I (see Section 3.2.1), by Tar~ki 's theorem x(.T[[P~) ~< .g'~.

Conversely, let P = {p(s (x ) , x) ~-- r(x. x) . }, ~b be the complete observable "'correct answers" (Section 3.3.1) and .¢~,, be the specification

p ( x . y ) ~ 0

"¢*:= r(x,y)~- .{x=0,y=0}.

P is part ial ly correct w.r.t. .~'0 since ~b( .~P~) (p (x .3 , ) ) = ~(.~-~.P]])(,'(x,y)) = ~ ~< .~r~,. However, the only clause in P ~,s incorrect on the A-element a = p ( x , y ) , - - + { x = s ( O ) , y = O } , since ¢r~<.~,[[P~[(.J~,) and ¢r~.~¢~. []

M. Comini et a L I J. Logic Programming 39 (1999) 43-93 65

Note that the second part o f Theorem 21 asserts that there might be incorrect clauses even if there are no incorrectness symptoms. In other words, if we just look at the semantics ~ f the program, some incorrectness bugs can be " 'hidden" (because of an incompleteness bug). However, if there are no incompleteness bugs, all the incorrect clauses identify incorrectness symptoms, as shown by the following theorem.

Theorem 22. Let P be complete w.r.t. , /~. I f there exis ts an incorrect clau.ve in P on the l~-element or, then ¢r is an incortx, ctness s ymp tom (and therefore P is not part ial ly correct).

Proof. By completeness of P and Theorem 6, .:~ ~< x ( . ~ [ [ P ~ ) ~ - ~ [ [ e ] ] . Then, by monotonic i ty of .~'~.~P~, .~'~P~(./~)<<, # ~ P ] ( . ~ P ~ ) = . ~ P ~ . Thus, a ~ .Jcx and a<~.#~{r:}~(~/~) implies a ~ J ¢ ~ and a<<_.~-~P~ = ~ ( . ~ P ~ ) . []

As in the case of declarative diagnosis, handling completeness turns out to be more complex, since some incompletenesses cannot be detected by compar ing ,a'x and .~P]](~-~'~). The following example shows that we cannot base the diagnosis o f incompleteness on the detection of uncovered A-elements.

Example 23. Consider the program P --- {p :- p} and the specification ./= p ~, w.r.t, the computed answer observable. Then .~P]] ( . / ) = . / , while .~ ~P]] =2p(x) . 0. Hence 1. there are no uncovered /~-elements in P, 2. P is not complete w.r . t . . / (i.e., there exists an incompleteness symptom).

The problem shown by the above example is that ./ is a fixpoint o f .#[P~ different from the least fixpoint. The following theorem shows that the diagnosis o f incompleteness can be based on Definition 16, if the opera tor , # ~ P ] has a unique fixpoint.

Theorem 24. Assmne .#x~P~ has a unique ./ixpoint. I f there are no uncovered A - elements, then P is complete w.r.t. .:~. The convert : does not hold.

Proof . Absence of uncovered A-elements implies .:~ < . : , ~ P ~ ( . / ~ ) . Hence, ,:~ is a post-fixpoint o f =#~P] and, by Tarski ' s theorem, .F~<~gfp[ .#~P~). Since, by Theorem 6, 0 t ( ,~~P~)= .~ ,~P~ = l / ' p . ~ P ~ and, by hypothesis, ~ / ' p ( . ~ l P ~ ) = lfp(.~#x~P]), the program P is complete.

The converse does not hold, as shown by Example i 7. [_7

Note that, if~[[P]] has a unique fixpoint, Ifp .#~P~ = g/'p ,~P!J. Hence, under this hypothesis, our incompleteness symptoms are exactly the insufficier~cy symptoms in Ref. [28].

Note that the second part o f Theorem 24 asserts thai there might be uncovered A- elements even if there are no incompleteness symptoms. This is essentially due to the fact that, if we ,just look at the semantics of the program, some incompleteness bugs

66 • ,$1. Comi t t i e t al. I J. Log i c P r o g r a m n t # t g 39 ( 1 9 9 9 ) 4 3 - 9 3

can be "h idden" , because of an incorrectness bug (note the symmetry w.r.t, the case of incorrectness diagnosis). However, if there are no incorrectness bugs, all the uncovered A-elements identify incompleteness symptoms. In such a case, uncovered A-elements are meaningful , as shown by the following theorem.

Theorem 25. Le t P be par t ia l l y correct w . r t. . f~. I f there ex i s t s an uncorered A - e lement tr. then a is an incomple teness s y m p t o m (and there jbre P is not complete) .

Proof. By Theorem 6 and partial correctness o f P, . ~ P ~ = :~(.~P~)~<_¢:,. By monotonic i ty o f . ~ P ~ , ~(.~[[P]]) = . ? ~ P ~ ( . ~ F ~ ) ~ < , ~ : , ~ P ~ ( . ~ ' ~ ) . Tl;us, a<~ .,¢~ and tr ~ . ~ [ [ P ~ ( . ~ ) implies a ~< .9"~ and a ~ ~(.~,7~p~). []

By combining Theorems 21 and 24, we can characterize total correctness, as shown by the following corollary.

Corollary 26. A s s u m e . ~ P ~ has a unique.[i.vpoint. Then P is to tal ly correct w.r.t. .¢:~, ( f a t a l on ly i[" there arc' no incorre~'t clauses a n d no uncocered &-elements .

5.1. Accep tab le p r o g r a m s

The requirement on .~[[P]] in the hypotheses o f Theorem 24 seems to be very strong. However, this proper ty holds for a large class o f programs, i.e., for acceptable p r o g r a m s as defined in Ref. [4]. Acceptable p rograms are the iel ' t-termimuing programs, i.e.,those p rograms for which the SLD-der iva t ions o f g round goals (via the leflmost selection rule) are finite.

Definition 27 [4]. Let P be a p rogram and Bp be its Herbrand base. A level mapping for P is a function I • I : Bp --, ~1 (from ground a toms to natural numbers) . Let [ - [ be a level mapping3 for P and .~¢ be a (not necessarily Herbrand) model o f P. P is acceptable w.r. , , ]. ] and ,g, if for every clause A *--- BI . . . . ,B,, in Ground (P) the following implication holds, for i E [l, hi:

i - - |

"~ t= A B, ~ IAI > la, I. k=l

Most interesting p rograms are acceptable (all the pure P R O L O G programs in Ref. [44] are reported in Ref. [4] to be acceptable). The same propert2~ holds for the wrong versions o f acceptable programs provided that the errors d~ not affect the left- termination property. One relevant technical proper ty of acceptable programs is that the ground immediate consequence opera tor has a unique fixpoint [4]. In the following we show tha~ the same proper ty holds for all the immediate consequence opera tors .#~!~P][, corresponding to complete ob~rvables . Before giv- ing the lbrmal p roof o f the theorem, some addit ional definitions and lemmata are needed.

We need to extend the level mapping definition to the domain o f interpretat ions 0c o f our collecting semantics.

AL Cmnini et aL ! .L Logic Programming 39 (1999)43--93 67

Def in i t i on 28. A n o r m f o r a p r o g r a m P o n fl.z is a f u n c t i o n [] • l[ : ~c --~ N s u c h t h a t . f o r e v e r y n. t h e set { C E ~c I [lOll - n } is f ini te . A p r o g r a m P is L c - a c c e p t a b l e . i f t h e r e ex i s t s a n o r m s u c h t h a t . f o r e v e r y c ~ P a n d all f in i te 8 j¢ ~ ~c.

tl,~T{c}~](-~)ll > il ¢1t.

L e m m a 29. Every acceptable progtx tm P is fie-acceptable.

P r o o f . W e j u s t n e e d to d e f i n e IlCll : = m a x { l { E } - BI* I E ~ C ( B ) } , w:.~erc: f o r a n y B ' a n d X s u c h t h a t e l i m ( X ) c var(B ' ) , IX, B'I ~ is d e f i n e d a s m i n { i B ' 9 1 : J is a s o l u t i o n o f , ' ( } a n d [ - I is t h e level m a p p i n g o f P ( D e f i n i t i o n 27). [ ]

N o t e t h a t t he n o r m II • II f o r P is o b t a i n e d b y t h e level m a p p i n g I " l- W e will use imp l i c i t l y th i s d e r i v e d n o r m in t he f o l l o w i n g . F o r a n y c o m p l e t e o b s e r v a b l e ~ a n d f o r e a c h n we c a n de f ine a " ' p r o j e c t i o n " f u n c t i o n n ~ - - : ~ o n,, o ;,. w h e r e n , ( C ) = ~ { c ' _E c I l lc ' l l - , ,}. T h e f u n c t i o n s n,~ a r e p r ec i s e i f :z is a c o m p l e t e o b s e r v a b l e .

L e m m a 30 . Le t P be an ~c-acceptahle program. Then

P r o o f . F o r e v e r y n. e v e r y J a n d f o r al l m / > n, t h e f i m c t i o n s (re,, o . ~ P ~ o n , , ) ( . / ) a r e u n d e f i n e d , b e c a u s e [I.~'~P~(-¢)[I > II sell by h y p o t h e s i s . T h u s n,, o .#~P.~ --- rt,, o . #~P~o Y~.;<,, rci. T h e n (by p r e c i s i o n o f n~). i b r e v e r y :~.

[ "1"1

----- :~ o re,, o . # ~ P ~ o 7

= :x o ~:,, o 7 0 :~ o . e E t ' ~ o 7 ° :~ o ~ ( , ~ , o ,,) i < n

, ; < n

i<t t

w h i c h is t h e c l a i m . [ ]

T h e o r e m 31 . L e t P be an Uc-acceptable prep(ram. T h e n / / ' p . # ~ P ~ is the uniqu, f i x p o i n t o/,~P~.

s .~ is finite if its support and image are finite.

68 3'!. Comini et ai. i J. Logic Programming 39 (1999) 43-93

P r o o f . Clear ly l fp/~:,[[P]] is a f ixpoint . N o w as sume tha t ~d" a n d ~ are fixpoints. We prove (by ~nduction on n) tha t Vn. 7r,,(.~) = 7r~(:~). Hence

( n ~- o ) n~, ( .~) = ( ~ , o :~1[ ,%~)( :~) = ( ~ , o . ~ [ [ P l l ) ( - c ~ ) = (n,~ o ~ , ~ [ [ e ~ ) ( r ) = ~ , ( r ) . (n i> 0) By induct ive hypothes is , Vi < n. ~tT(Jtr ) ----- 7t~'(.~). Then , by L e m m a 30,

n , , ( . t ) = (n,, o

= (~,~, o . ~ P ] ] ) ( ~ v )

= ~,~(¢~'). [ ]

N o t e tha t this result appl ies to dec lara t ive d iagnos i s as well, since the least H e r b r a n d mode l a n d the c -semant ics are based on observables which are comple te .

E x a m p l e 32. T h e e x a m p l e is in tended to show the relatio~i a m o n g the var ious concep t s involved in the d iagnosis . Cons ide r the acceptab',= ~ r o g r a m P o f Fig. 6 (which is an " ' ances to r" p r o g r a m with a w r o n g c lause a n d n-%sing d a t a b a s e tuples) and the fo l lowing in tended in te rp re ta t ion w.r.t , the c o m p u t e d answer ob,,.:er~,able.

Since

j ,

a n c e s t o r ( x , y ) ~-, ~ {x = t e r a c h , y = a b r a h a m } ,

{x = t e r a c h , y = isaac},

,. {x---- a b r a h a m , y = i s a a c ) } ,

p a r e n t ( x , y ) ~-~ ( ( x = t e r a c h , y -- a b r a h a m ,

{x = a b r a h a m , y = isaac} }.

, : ~ P ~ ( . / ) = ances to r (x ,y ) ~-, ( { x = a b r a h a m , y = terach},

{x = t e r a c h , y = isaac},

{x = isaac, v -~ a b r a h a m } },

the d iagnos i s del ivers the | o l lowing result. T h e clause e 2 is incorrect on I. ances te r (x ,y ) ~-, {x = a b r a h a m , y =: terach} and 2. ances to r (x ,y ) ~-, {x = isaac, y = a b r a h a m } . F u r t h e r m o r e the fo l lowing ¢~-elements are uncovered. ~ l. p a r e n t ( x , y ) ~-* {x = terach, y = a b r a h a m } , 2. p a r e n t ( x , y ) ~ {x = a b r a h a m , y --- isaac}, -~ 3. ances to r (x ,y ) ~ {x = terach, y = a b r a h a m } and

A[. Comini et aL / J . Logw Programming 39 (1999) 43-93 69

c1: a n c e s t o r ( X , Y ) : - p a r e n t ( Z , Y ) , a n c e s t o r ( X , Z ) . c2: a n c e s t o r ( X , Y ) : - p a r e n t ( Y , X ) .

Fig. 6. The wrong acceptable program of Example 32.

4. ancestor(~:,y) ~-, {x = abraham, y = isaac}. Note that .g:~P]]----,;.p(.,c). q). Hence there are no incorrectness symptoms, even if there is an incorrect clause. Note also that the ~-e lement ancestor(x.y)~-~ {x = terach, y = isaac} is not u~covered, even if it is an incomplc~;,ness symptom.

5.2. Discussion on complete observables

It is worth not ing that the above diagnosis is not effective, unless the specification of the intended behavior is finite. In fact, if this is not the case, the bo t tom-up diagnosis is unfeasible, since .q, is infinite, while the top-down diagnosis is unfeasible, since the oracle may return infinite answers to some queries. Hence the results on complete observables have no practical interest. However, they are the theoretical foundat ion of the effective diagnosis methods, which will be discussed in Sections 6 and 7. In order to tackle the effectivity problem, ave need to be able to handle finite specifications. There exist three p~ssible solutions.

Assertions. A specification can intentionally be defined by assertions, in the style o f p rogram verification as first suggested by Ref. [25]. We will not consider assertions in this paper. Let us just mention that the results in Re['. [33] can provide the basis for extending diagnosis to assertions.

Partial specifications. A specification is a finite subset .~r* of tile intended semantics, plus a finite subset .;¢- o f the complement of the intended semantics. The resulting diagnosis technique (partial diagnosis) is discussed in Section 6 and can be viewed as a formalizat ion o f sy~laptom-based declarative debuggers. Just think o f J ÷ as the union o f the {finite) set o f incompleteness symptoms and the (finite) set o f ~'positive'" answers of the oracle. And think o f ,~'~ as the union o f the (finite) set o f incorrectness symptoms and the (finite) set o f " 'negative" answers of the oracle.

Approximate obs¢,rcables. A specification is simply an abstract ion o f the intended semantics. If the abstract ion corresponds to an approximate observable, the specification is finite and the diagnosis method is effectice. The diagnosis w.r.t, approximate observables, described in Section 7, will al(ow us to handle program properties such as modes, types, depth(k) approximat ions and groundness dependencies, which can indeed be handled by approximate observables.

It ~s worth noting that the intended semantics is approximated by a subset in partial diagnosis, while it is approximated by a superset (the concretizat ion o f the abstract specification) in diagnosis w.r.t, approximate observables. This will be reflected by the diagnosis theorems of Sections 6 and 7.

6. Partial diagnosis

In this section we propose one solution to the effectiveness problem, by approxi- mating the intended behavior o f a p rogram (w.r.t. a complete observable) by a

70 AI. Comini ctal. t J. Logic Programming 39 (1999) 43-93

(finite) partial specification. Given a complete observable ~t, the specification of the intended behavior .J¢~ is approximated by a partial specification, which is a pair ( J +, o¢'~- ), where e J + is the (positive) partial specification o f the intended behavior o f P w.r.t, x (all

the A-elements in J ~ should be computed by P), e .j¢~- is the (negative) partial specification of the intended behavior o f P w.r.t.

(none o f the A-elements in .~¢~- should be computod by P). The (obvious) condi t ion on ( J + , .Y'~-) is tL ~t J ~ fh.t~- =_1_~.

Definition 33. Let (.,r~, .,a-~-) be a partial specification. A specification . ~ is consistent with (,~¢~+, .jr~-) if ..¢+ ~< ..¢~ and ,.¢~-I=1..¢~ =_l_z~.

The idea is that a partial specification (.~'+,.,,¢~,) s tands for all possible specifica- ¢-+ t ions-¢~ which are consist,~nt with (, ,,,~¢~-).

Positive and negative specifications have been used in Ref. [29]. for the correct answer observable ~,, with the aim of separately model ing the behavior w.r.t, incorrectness and incompleteness. However , , f~ and ,¢~ are not partial specifications, rather they are specifications o f the (complete) intended l fp( :~o~P~) and of the (complete) intended complement o f g f p ( . ~ [ P ~ ) . The derived definitions and results are com- pletely different f rom ours. in part icular , the complement of,¢~, is used for complete-

+ is used for correctness. ness and ,~¢~ The following definitions, given in terms o f the , ~ P ] operator , generalize the def-

initions o f incorrect clause and uncovered A-element to the case o f partia! specifications.

Definition 34. Let P be a program. If there exists an A-element tr such that a ~< , f~ and tr ~ :~[[{c}~](J+) , then the clause c E P is p-incorrect on tr.

Definition 35. Let P be 'a p rogram. An A-e lemer t a is p-uncovered if a <~ .f~+ and

The following l emma is a s t ra ightforward consequence o f Definition 34. It asserts that p-incorrect clauses are meaningful .

Lemma 36. I r a clause c is p - incorrec t on tr, then c is incorrect on tr w.r.L a n y spec(f ication consis tent wi th ( . f +, . f ~- ).

F r o m the previous len~ma and Theorem 22 we have the following theorem.

Theorem 37. L e t P be a p r o g r a m and ( . ~ r ~ , j ~ ) be a par t ia l speci f icat ion w.r.t, a comple te observable ~. A vsume that P is comple t e ~ : r t. a speci f icat ion . f~ conMstent wi th (,J¢~, ,¢-~). I f a clattse c E P is p- incorrec t on tr, then tr is an incorrectness symptom.

It is wor[ti not ing that the diagnosis o f partial correctness w.r.t, any specification .¢~ consistent with (.¢~*..¢~,-) cannot always be based on the detection o f p-incorrect clauses, as shown by the following example.

AI. Comini et at. l d. Logic Programmb~g 39 (19~9) 43-93 71

Example 38. Cons ider the p r o g r a m in Fig. 6 a n d the c o m p u t e d answer observable. Assume tha t the fol lowing par t ia l specification is given

"~+ : - /

t ¢

ances tor (x ,y) ~ ~ {x -: t e r ach ,y = a b r a h a m } ,

{x = terach, y = isaac},

-- a b r a h a m , y = isaac} }, {x 1

paren t (x ,y ) ~ {x = a b r a h a m , y = isaac}

J - = ances tor (x ,y) ~-+ {{x = a b r a h a m , y = terach},

{x = i saac ,y = t e rach}} .

The clause e 2 is incorrect on ~r = ances tor (x , y )~ -~{x : a b r a h a m , y = terach} w.r.t . the specification given in Example 32 (which is consis tent with ( . ~ , .S - ) ) , bu t it is not p- incorrec t on a.

Let us cons ider now the dh~gnosis o f completeness . The fol lowing l e m m a shows that the diagnosis based on the detect ion o f p -uncovered A-e lements restricted to the specification J ~ is sound.

L e m m a 39. L e t P be a p r o g r a m and ~'+ (, ~, . ~ ) be its par t ia l speci f icat ion tt~ r.t. a comple t e observable ~. I f there are no p-uncot ' ered [~-elementv, then no A - e l e m e n t in ¢+ is uncovered w.r.t, art)' speci f icat ion 3¢z consis tent wi th ( J+ , ,¢~- ) .

Proof. By hypothesis , J~+ ~<;~a~[[PH(.J~). Since .¢+ ~<.¢~, it follows (by ~ P ~ monoton ic i ty ) that . ~ < ~,[[P]]( . i~) . []

As was the case for comple te specifications, the diagnosis o f completeness can be based on ,¢~[[P]], only if the ope ra to r ~ [ [ P ~ has a unique fixpoint. The fol lowing the- o rem is a direct consequence o f the previous l emma and T h e o r e m 24.

Theorem 40. L e t P be a p r o g r a m a n d + ( J ~ , J~- ) be its par t ia l .s~pecification w.r.t . a comlde te observable ~. A s s u m e :#x~P~ has a unique f i xpo in t . I f there are no p - u n c o r e r e d A -e l emen t s . then P is comple t e w.r . t . .¢ +.

i t is wor th no t ing tha t the existence o f a p-uncovered A-e lement does not necessarily mean tha t there is someth ing missing From the p rogram. As expected, if an A- e lement is uncovered w.r.t, the par t ia l specification, it might be covered w.r.t, a consistent comple te specification. In fact, an A-e lement in .f~+ might no t be in ; ~ [ P ] ] ( J ~ ) jus t because J ~ is partial , i.e., ~ canraot be der ived by . ~ P ~ because some o f the correct premises are missing i r o m J~+. This is shown by the fol lowing example.

Example 41. Cons ider the p r o g r a m in Fig. 6 and the fol lowing part ial specification w.r.t, the c o m p u t e d answer observable.

72 M1. Comini et aLI J. Logic Programming 39 (1999) 43-93

t'| ances to r (x ,y ) v-~ { {x = t e r a c h , y = a b r a h a m } ,

{x = t e r a c h , y = isaac}, g ~

m~

{x = a b r a h a m , y = isaac} } ' ~a

p a r e n t ( x , y ) ~ {x = t e r a c h , y = a b r a h a m }

J - = ances to r (x ,y ) ~ { {x = a b r a h a m , y = te rach} ,

{x -- isaac,) , : : teracb} }.

The A-e lement a = ances to r (x ,y ) ~-~ {x = t e r a c h , y = isaac} is p -uncovered , bu t it is no t uncovered w.r . t , the comple te specif icat ion given in E x a m p l e 32 (which is consistent wi th (.~¢+, J - ) ) .

Example 4 l C o n s i d e r the p r o g r a m P o f Fig. 7, which is a " ' reverse" p r o g r a m where the clause e 4 is wrong , and the fol lowing par t ia l specif icat ion w.r.t , the c o m p u t e d answer observable .

"f+ ::= r e v ( x , y ) ~ { x = [ ] , y = [ ] } , { x = [ i ~ ] , y = [v]} ,

. a" := append(x,y,z) ~ {x = [v],y = z}.

Since {append(x,y,z) ~-~ ,~ {x = [ ] ,y = :} , {x = [r] ,y = z.} },

i "

i .

, -ev(x,y) ~ [ t { x = [ 1,~, = [ ]1 , {x = [vl,y = [~,]}}

the d iagnos i s del ivers the fo l lowing results: 1. there are no p -uncovered A-e lements , hence the p r o g r a m is comple te w.r. t .

2. the clause c 4 is p- incorrec t (and then incorrect) on append(x,y.z) { x = [ v i . y = z } .

It is easy to p rove that , if the par t ia l specif icat ion is it, deed comple te , we ob ta in ex- act ly the results or" Sect ion 5.

6.1. Discussion on partial diagnosis

T h e overal l results for par t ia l d iagnos is are:

c1:

c2:

c3:

c4:

rev ( [], [] ). rev([XIXs] ,Ys) :- rev(Xs,Zs), append(Zs, IX] ,Ys). append ( [] . Xs, Xs) . append([XlXs],Ys,Zs) :- append(Xs,Ys,Zs).

Fig, 7. The wrong reverse program of Example 42.

AI. Comini et al. I J. Logic Programming 39 (1999) 43-93 73

. p- incorrec t clauses a lways co r re spond to errors , w.r.t , any 3r~ consis tent with

o if there are no p-uncovered A-e lements (and if.~=[[P]] has a un ique fixpoint) no A- e lement o f o¢~ + is an incomple teness s y m p t o m . The results are weaker t h a n those o f Section 5, because absence o f p- incorrec t

clauses does not imply par t ia l correc tness and p -uncovered .&-elements do no t nec- essari ly co r r e spond to incomple teness errors .

As a l r eady men~.ioned, these results can l~c: appl ied to pract ica l dec lara t ive debuggers, where (some) e r rors are detected s tar t ing f rom a finite set o f incorrectness and incomple teness s y m p t o m s . The first resul t justifies the process o f de te rmin ing incorrect clauses f rom incorrectness s y m p t o m s a nd tells us tha t incorrect clauses do always co r r e spond to errors . Symptom-d i r ec t ed debuggers are o f course no t concerned wi th the p rob l em o f deciding par t ia l correctness .

On the o the r side, symptom-d i r ec t ed debuggers der ive p -uncovered A-e lement s tar t ing f rom an incomple teness symptoh : . O u r negat ive result on p -uncovered A-elements zhows tha t the uncovered A-e lement does no t a lways co r r e spond to an incomple teness erros ~, unless the oracle can re turn infinite answers.

7. Abstract diagnosis w.r.t approximate observables,

We finally tu rn to the case o f a p p r o x i m a t e observables , which can be used bo th to m a k e the d iagnosis effective, as in the case o f depth(k), and for pe r fo rming the diagnosis w.r. t , abs t rac t proper t ies , such as g roundness dependencies .

Theorem 43. Le t :t be an approx imate observable. I f there are tto incorrect clauses in P, then P is part ial ly correct w.r, t. ~. The converse does not hold.

Proof. Since g is an a p p r o x i m a t e observable , ~(~[[P]])~< ,9~:~[[P]] (by T h e o r e m 8). F r o m the first pa r t o f T h e o r e m 21 it fol lows that , ~f there are no incorrect clauses in P, then ,~'~[[P] ~< J ~ . Hence P tu rns ou t to be par t ia l ly correct .

Converse ly , let P = {p(s(x) , x) ,-- r ( x , x ) } and cons ider the fol lowing specification and op t ima l abs t rac t semantics , respectively, w.r.t , the ~tr a p p r o x i m a t e observable .

( p(x, y) ~--~ f a l s e , ~ p(x, y ) ~--~ f a l s e , ' ~ " : = r (x , y ) ~ x ^ y ~ r ( ~ - ~ P ] l ) = , ' ( x , y ) ~ fa l se .

Since ~tr(,~[P])<~ , f ,~ , P is par t ia l ly correc t w.r.t . , f~, . However , the only clause in P is incorrect on the A-e lement t r - - p ( x , y ) ~ x A y , since a < ~ . ~ , r [ P ] ( J , r ) a n d o" :~ " f~r- [ ]

Example 44. Cons ide r the p r o g r a m o f Fig. 3 and the fol lowing specification w.r.t , the ~r observable .

p(x, y ) ~-~ true,

. f . , . := q(x, y) ~--~ x *-, y ,

r(x, y) ~-, x *-~ y.

By apply ing the 5~,~p~ opg,~ator to ,f~r we have

74 J1£ Comini et al. I J. Logh" Programmhtg 39 t1999) 43-93

p(x , y ) ~-> x V y,,

:~,.,.~P~(J~, ) = q (x , y ) ~ x ~ 3,

r(x, y) ~-~ x ~ y.

S ince .?'~ [[P~(.¢~ ) ~< .~¢:,, the re a re no incor rec t c lauses . T h e n (by a p p l y i n g T h e o r e m 43) P t u rns ou t to be p a r t i a l l y cor rec t w . r . t . . J~ r -

In the case o f c o m p l e t e obse rvab l e s . T h e o r e m 22 tells us tha t i f the p r o g r a m is c o m p l e t e , t hen al l the incor rec t c l auses do i n d e e d iden t i fy i nco r r ec tnes s bugs . T h i s resul t does no t h o l d for a p p r o x i m a t e obse rvab l e s , b e c a u s e the a b s t r a c t i m m e d i a t e c o n s e q u e n c e o p e r a t o r is in gene ra l no t precise. This is s h o w n by the fo l l owing e x a m p l e .

E x a m p l e 45. C o n s i d e r the p r o g r a m P o f Fig. 8, the fo l l owing a b s t r a c t spec i f i ca t ion a n d a b s t r a c t s e m a n t i c s , respec t ive ly , w.r. t , the ~r o b s e r v a b l e .

s(x, y ) ~ y,

p (x ) ~ x, . ; r : = q(x) ~ x,

r(x) ~ f a l s e .

{ s ( x , y ) ~--+x v y .

p (x ) ~-~ x, . ~ - ~ , f P ] ] = ,1(- ,) ~ x .

r ( x ) ~ x .

T h e a b s t r a c t i o n o f the conc re t e d e n o t a t i o n a l s e m a n t i c s is

{ s(x,y) ~ y.

~(.~IPI) =-" p(x) ~ x, q(x).~x, r(x) ~-+.false.

T h e a b s t r a c t s e m a n t i c s is n o t precise, i.e., .~-~, [[P]~ ~ ~ r ( . ~ P ] ] ) - T h e p r o g r a m P tu rns ou t to be to ta l ly cor rec t w.r . t . .¢~, . . H o w e v e r the c l a u s e c 5 t u rns out to be incor rec t ,~n the d - e l e m e n t tr = r(x) ~-+ x, s ince .¢~,.1{e5}~(.¢~, ) = r(x) ~ x. T h i s is d u e to the a p p r o x i m a t i o n i n t r o d u c e d by the . ~ , . ~ . ]] ope ra to r .

T h e a b o v e e x a m p l e s h o w s tha t incor rec t c lauses a re in gene ra l j u s t a h in t a b o u t a poss ib l e source o f e r rors .

O n c e a n incor rec t c l ause is de tec ted , o n e h a s to check on the a b s t r a c t i o n o f the conc re t e s e m a n t i c s i f there is i n d e e d a bug. T h i s is o f ten the case as s h o w n b y the f o l l o w i n g e x a m p l e .

e l : p ( f ( X ) ) : - q ( X ) . C2: q ( a ) . c 3 : r ( X ) : - p ( 8 ( X ) ) . c 4 : s ( X , V ) : - r ( X ) . c5: s ( X , a ) .

Fig. 8. Tile program of Example 45.

AI. Comini et al. i J. Logic Progranuning 39 (1999) 43-93 75

Example 46. Consider the program P o f Fig. I and the specification "~¢~r := s u m ( x ~ y , z ) ~-~ x A y A z w.r.t, the :~r observable. We expect all the arguments of the sum relation to be ground. The abstract denota t ion o f P is

~ r ( , ~ P ~ ) = s u m ( x , y , z ) ~-~ x A y ~ z.

By applying the . ~ , [[ • ~ opera tor to "g~r we have

~ , , H o Z I ] ] C J ' , , ) = .~,--(.~, y, : ) ~ i ~ / , ) , ~ _-.

• :~,,.~{e2}.~(.f~,.) = s u m ( x , y , z ) ~-~ x A y A : .

The abstract diagnosis shows that e 1 is an incorrect clause and that, therefore, there might be a bug, as it is actually the case, since the second and the third a rgument are not necessarily ground.

The relevant fact, however, is that all the clauses in the p rogram which are actually wrong, turn out to be incorrect clauses. This can easily be proved by using the following definition o f a c t u a l l y im 'orrec t c lause. Actually incorrect clauses are defined by using the abstract ion of the concrete immediate consequence operator . As a consequence, the relation between actually incorrect clauses and symptoms, is exactly the one between incorrect clauses and symptoms for complete observables. Namely, actually incorrect clauses always correspond to incorrectness errors.

Definition 47. Let P be a program, .~" be a concrete specification and .~r be the corresponding abstract specification (i.e., ,~¢~ = ~(,J¢)). I f there exists an A-element tr such that tr ;~ .~'~ and a <~ ~(.~t[{c}~(J)) , then the clause c E P is actually incorrect on or.

The following theorem simws that if the program has an actually incorrect clause it is also an h~eorrect clause.

Theorem 48. A~O, a c t u a l l y incotwect c lause is an incorrec t clause.

Proof. Since ,~<7( .¢~ ) and by Point 4 o f Theorem 8, ~(.~'~[{c}~(.~))~< ~(.~[[{c}]](7(J~))) ~<.~[[{c}]](J~). Now, if c is actually incorrect on ~- (i.e., tr;~ .J¢~ and tr~<~(.~[[{c}]](J))), then c is incorrect on tr (since tr;~-J~ and tr~<

In the case o f approximate observables we can no longer base the d~agnosis o f incompleteness on the detection o f uncovered A-elements. In fact the absence o f uncovered A-elements, even under the unique fixpoint assumption, does not imply program completeness. Incompleteness bugs might be hidden by the approximat ion o f the abstract semantics.

Uncovered A-elements within a partially correct p rogram are instead meaningful even in the case of approximate observables, as shown by the following theorem.

Theorem 49. L e t ~ be an a p p r o x i m a t e o&vervable a n d P be p a r t i a l l y cor rec t w . r . t . .~ r . I f there e x i s t s an u n c o v e r e d A - e l e m e n t ¢r, then ~ is an i n c o m p l e t e n e s s s j v n p t o m ( a n d thereJbre P is no t comp&t¢: )

76 M. Comini et aL ! J. Logic Programnling 39 [1999) 43-93

Proof . Since ~t is app rox ima te , by T h e o r e m 8 ,~[[P~ is jus t an a p p r o x i m a t i o n o f • ~ o ,~a~p~ o 7, i . e . , .~x[[P]~ /> 0e o , ~ [ P ] I o 7- H e n c e , : # ~ P ~ ooe >t ~ o .#~P]] o 7 0 x. But (since id E ~ZT) ~z o .#[[P~ o 7 o ~z >t o~ o ;~[[P] and then

Hence,

~z(,~[[P]]) = [smce .~-~P]] is a fixpoint]

~(,~[[P~(.~[[P]])) <~ [by Eq. (2)]

. ~ P ] ] ( ~ z ( . ~ ' ~ P ~ ) ) <~ [by m o n o t o n i c i t y o f ,~[[P]] and by par t ia l correc tness o f P]

.~P~(J~).

Now, if a is an uncovered A-e lement (i.e., a~<,g' , and a ~ , # , ~ P ~ ( J ~ ) ) , then a ~ ~ ( , ~ P ~ ) , i.e., it is a a incomple teness s y m p t o m . []

Example 50. Cons ide r the p r o g r a m o f Fig. 3 and the in tended specif icat ion o f Example 44 w.r.t , the =~r observable . "lhe p r o g r a m P tu rns out to the par t ia l ly correct . The incomple teness diagnosis delivers the fol lowing results. !. The &-e lement a~ = p ( x , y ) ~ t rue is uncovered and therefore it is an incomple te-

ness s y m p t o m . 2. The &-element a_, = r ( x , y ) ~ x ~ y is also incomple teness s y m p t o m but it is no t

uncovered .

We will now show an example o f how the d iagnos is w.r. t , d e p t h ( k ) answers can be used to a p p r o x i m a t e the (unfeasible) d iagnosis w.r. t , c o m p u t e d answers.

Example 51. The p r o g r a m in Fig. 9 is a wrong vcrs ion o f an a u t o m a t o n which recognizes the language L = {(ah) n I n >, 0} U { ( a b ) ' a [ n t> 0}. Let us cons ider the fol lowing specification w.r.t , the d e p t h ( 2 ) answer obse rvab le (z.-, see Sect ion 3.4.2)

{ accept(X)~--~ ({X = []}, {X = [a]}, {X = [a,/~IX']}},

,t,_, := ace(X) ~ {X = [ ]}, {X = [h]}, {X = [b, &IX]} }.

By app ly ing the .~,, ~[P~ o p e r a t o r we find r,,ut that P is par t ia l ly correct and tha t the A-e lement acc(x) ~-, {x = []} is uncovered .

Let us finally note tha t several interest ing abs t rac t p r o g r a m proper t ies , such as modes and var ious no t ions o f types ( including p o l y m o r p h i c types) can be hand led by a p p r o x i m a t e observables .

c 1 : a c c e p t ( [ a l X s ] ) : - acc(Xs). c2 : a c c ( [ b I X s ] ) : - a c c e p t ( X s ) . c3 : a c c e p t ( [ ] ) .

Fig. 9. The program of Example 51.

AI. Comini et al. I J. Log&" Programmi~.~. 39 (1999) 43-93

7.1. D i s c u s s i o n on a p p r o x i m a t e o b s e r v a b l e s

77

The diagnosis w,r.t, approximate observables is abvays effective, because the abstract specification is finite. As expected, the results are weaker than those o f complete observables, just because of approximat ion. Namely . e absence of incorrect clauses implies partial correctness, e every incorrectness error is identified by an incorrect clause: however an incorrect

clause does not always correspond to a bug, • uncovered A-elements always correspond to incompleteness bugs. e there exists no sufficient condit ion for completeness. The results, even if weaker, are useful and comparable to those obtained by verification techniques (see, for example, Refs. [3,2]). In fact, i t we consider the case where specifications consist o f post-condit ions onIy, both abstract diagnosis and verification provide a su.[fici¢,ttt c o m l i t i o n ,[br p a r t i a l cor rec tnes s , which is well-assertedrtess in the case o f verification and absence of incorrect clauses in abstract ttiagnosis. F o r both techniques there is no sufficient condit ion for completeness. In order to ver- ify completeness, we have to rely on a fixpoint (the model o f a t ransformed program or the abstract ion o f the concrete semantics), which, in general, cannot be computed in a finite number of steps. As expected, abstract diagnosis {whose aim is locat~n3 bugs rather than just proving correctness) gives us also informat ion weful for debugging, by means o f incorrect clauses and uncovered A-elements.

Let us finally note that approximate observables can have all the propert ies o f c o m - pete observables, for suitable classes of programs. A character izat ion o f these classes o f programs, would make the stronger results for complete observables applicable (in an effective way). Namely, we would obtain, a sufficient condit ion for completeness and all the incorrect clauses would indeed correspond to incorrectness bugs.

As already mentioned, the approx imat ion given by approximate observables is somewhat dual o f the one given by partial diagnosis. This is reflected by the duali ty o f the results. In fact, in partial diagnosis we have a sufficient condit ion for complete- hess instead o f a sufficient condit ion for partial correctness. Moreover p-incorrect clauses always correspond to bugs, while this is not the case for p-uncovered A-elements.

This suggests that we might improve our results on com, pleteness by taking an under -approximat ion as abstract ion. O f course, if we want to preserve the results on partial correctness, we need to keep also the s tandard over-approximat ion. This would lead us to a theory o f abstract diagnosis, where two different abstract ions are used at the same time. This would in turn require a specification consisting o f a pair o f abstract ions of the intended concrete semantics. This is an interesting idea for fur ther research that might build upon the already mentioned ~pproach by Fer- rand [29], which works with pairs o f specifications.

8. Modular abstract diagnosis

In modular abstract diagnosis we art, concerned with programs composed of sep- arate modules. The idea is that o f performing the diagnosis in a modular way, i.e., module by module. Modula r analysis is usually based on an OR-composi t ional semantics. Fo r examp!e, the modular analysis f ramework in Ret: [lO] is based on

78 M. Ctunini et aL I d. Logic Prt~grttmming 39 (1999) 43-~3

the O R - c o r , , p o s i t i o n a l ve r s ion o f the s - s e m a n t i c s [8]. O u r conc re t e s e m a n t i c s is no t O R - c o m p e s i t i o n a | a n d this is o b v i o u s l y t rue for al l i ts a b s t r a c t i o n s . H o w e v e r , we c a n no te t ha t a b s t r a c t d i a g n o s i s does no t r equ i r e to a c t u a l l y c o m p u t e the a b s t r a c t s e m a n t i c s , s ince it is s i m p l y b a s e d o n o n e a p p l i c a t i o n o f the a b s t r a c t i m m e d i a t e con- s e q u e n c e o p e r a t o r to the spec i f ica t ion . T h e s - s e m a n t i c s inamedia te c o n s e q u e n c e op- e r a t o r is k n o w n to be O R - c o m p o s i t i o n a l (see, for e x a m p l e , Ref . [37]). T h e s a m e resul t h o l d s (by de f in i t i on ) for all the a b s t r a c t i m m e d i a t e c o n s e q u e n c e o p e r a t o r cor- r e s p o n d i n g to c o m p l e t e a n d a p p r o x i m a t e obse rvab l e s . T h e c o n c l u s i o n is t ha t o u r t h e o r y o f a b s t r a c t d i a g n o s i s c a n d i rec t ly be a p p l i e d to m o d u l a r d i agnos i s , as we will f o r m a l l y s h o w in the fo l lowing .

W e a s s u m e a p r o g r a m P to be p a r t i t i o n e d in to predicate-di, gioint m o d u l e s [10], such tha t each p r e d i c a t e s y m b o l is c o m p l e t e l y de f ined b y a s ing le m o d u l e . N a m e l y ,

Def in i t ion 52. A p r o g r a m p a r t i t i o n i n g Pt . . . . ,P,, is p r e d i c a t e - d i s j o i n t i f Vi # j . PVedshef(Pi) nPreds'Def(Pj) -- 0, whe re t~'edsDe/'(P) = {p I p ( t ) ~-- a E P}.

Spec i f i ca t ions .a'l~, . . . , .Y"~ are a s soc ia t ed to m o d u l e s ,°1 . . . . , P,,. S ince the pa r i J t i on is p r ed i ca t e -d i s jo in t , a n y .J¢'~ is u n d e f i n e d for al l the p u r e a t o m s w i th p r ed i ca t e no t in t~'edsDef(Pi) a n d then Vi # j. dom(.zci~) n dom(.t j) = 0. It is w o r t h n o t i n g t ha t o u r d e f i n i t i o n o f p a r t i t i o n i n g does n o t r equ i re a hiermx'hical decomposition, s ince m u t u a l r e cu r s ion b e t w e e n mod i f i e s is poss ib le .

T h e overa l l spec i f i ca t ion is ~r t - t] ¢" = .9"!_f A m o d u l e P~ does no t necessa r i ly need to use all the o t h e r m o d u l e s . T h e o p e r a t o r use gives those spec i f i ca t ions w h i c h a re relevant to a m o d u l e P,, i.e., use(P,)= { . f t I m o d u l e P, uses (Le., c l ause bod ies c o n t a i n ) p r e d i c a t e s w h i c h a re de f ined by Pi}. 9 ~ is a bas i c m o d u l e i f it does not use o t h e r m o d u l e s , i.e., i f ,lse(P~) = 0.

T h e d e c o m p o s i t i o n in to m o d u l e s a l lows us to def ine incor rec t c l auses a n d uncovered A - e l e m e n t s in a ( m o r e eff icient) m o d u l a r way .

Def in i t ion 53. Let Pt . . . . . P,, be a p r o g r a m p a r t i t i o n i n g a n d c be a c l ause in P,., for s o m e 1 <~i.<.n.___ I f there exists a n / ~ e l e m e n t .-r such tha t a ~ J ~ a n d try< • ~x[[{c}]](J~uLiuse(P,-)) , t hen the cktuse c E P is m - i n c o r r e c t on o. <. is m - i n c o r r e c t o n a i f it der ives , f r o m the ( re levan t par t o f the) i n t e n d e d s eman t i c s , a n ~ - e l e m e n t wh ich is no t ~n the m o d u l e ' s i n t e n d e d s eman t i c s .

Def in i t ion 54. Let Pi . . . . . P,, be a p r o g r a m p a r t i t i o n i n g a n d o = p(x) ~-~ D be a n A- e l e m e n t such t ha t p ~ PvedsDef(Pi), for s o m e I ~ i ~< n. o is m - u n c o v e r e d i f a ~< .,¢i a n d o" ~ ,#x~Pi~(.a'i,C_lLjuse(Pi)).

A n & - e l e m e n t in the i n t e n d e d s e m a n t i c s o f a m o d u l e is m - u n c o v e r e d i f the re a re no c l auses in the m o d u l e d e r i v i n g it f r o m the ( re levan t pa r t o f the) i n t e n d e d seman t i c s .

'J N o t e t h a t [I u~e(P,)<..;~, o n d t h a t dotn(['l use(P,)) n ,Iom(.~" x) =- 0. N o t e a l s o t h a t

AI. Comini et a L I J. Logic Programmit~g 39 (1099) 43-93 79

It is worth not ing that, in the above definitions o f m-incorrect clauses and m-uncovered A-elements, we compare two denota t ions which give a meaning only to those predicates which are defined inside the module a..d ihat we are only concerned with the specifications used by the modvle .

The following theorems show that the general results on complete and approximate observables o f abstract diagnosis do apply to modu la r abstract diagnosis.

Theorem 55. L e t P = P, LJ . . . u P,,. i f there arc" no m-htcorrec t c lauses #t an)" m o d d e P~, then P is par t ia l ly correct w.r.t. ~t.

Proof. By hypothesis, for any i, Vc~Pi. , iP~.{c}]]( . ,C' iU[_]use(Pi))<~J i. Hence Vi. ~[[P,]](,::~)~< .~¢~. Now, by definition o f .¢:,[[P]](.¢~), ~ [~U~( .¢ :~ ) -<_ t_l. ~ = J ~ . Hence ~ is a pre-fixpoint o f .~#:~P~ and then. since 7 ( .T~P~)~<. f~P] ] = lj)9 : ~ [ P ~ , by Tarski ' s theorem :~(.f[~P~) ~< .f~. []

Theorem 56. L e t ~ be a comple te obserrabk" atut P = P~ LJ . . . u P,, be a comple te p r o g r a m w.r.t. ,P'~. I f J o t s o m e i there e.x'i.s'ts tm m-htcorrecl c;~tuse in Pi. then P is not par t ia l ly correct.

Proof. By completeness o f P and Theorem 6, .J~ ~< ~ ( - ~ P ~ ) = ~x~P~. Then, by monotonic i ty o f , # ~ 1 ~ , , # ~ P ~ ( , ¢ ~ ) < ~ : # ~ P ~ ( . ~ P ~ ) = . ~ P ~ . Thus, a ~ J i and a ~ . ~ / ~ K { c ' } ~ ( , ~ x ) = ~#~!i{c}~(.~¢~t-t~.J ttse(~.)) implies rr ~ .u~ and a <~ . ~ P ~ = ~(, f=~P~), which means that P is not partially correct.

Theorem 57. L e t P = P l t 3 . . • t_J P, , be par t ia l ly correct w . r . t . J ~ . I f there exist., an m -

u n c o v e r e d A-e lement . then P is no t comph'te.

Proof. Let o- ---: p ( x ) ~ D with p E t~ 'edsDef(Pi) , for some l ~ i ~< n. By Theorem 6 and partial correctness o f P, ~.~[~P]] = ~(.~-~P]])~< .~¢~. By monotonic i ty o f ~¢~P]],

(3)

Now, a.<_..f~ and a ~__ ;~[[P~]](. /~)= .~',F[P~(.zr*/Jiluse(P,)) implies (since the other modules cannot define predicate p) a.<. ~r~ and a ;~ ~[[P]](J~) . . Thus a~< .a'~ ~<-¢~ and. by Eq. (3). a ~ ~¢(3-[[P~), which means that P is not complete. []

"[heorem 58. L e t ~ be a comple te observable, P = P, U . . . LJ P,, be a p r o g r a m a n d a s s u m e ~ P ~ has a tmique f i xpo in t . I f there are no m-uncovered A - d e m e n t s , the~ P ts comple te w.r.t. .J¢ ~.

Proof. Absence o f m-uncovered A-elements imolies k/i. ,ri ;~#~P,.~(.¢~U~tt.e(P~)). Hence, J~ . : # :~P~( . J¢~ ) , i.e., , t z is a post-fixpo;.nt o f .~:,[[P~ and, by Tarski ' s theorem, , ¢ ~ . g f p ( , ~ P ~ ) . Since, by Theorem 6, ~ ( d ~ P ~ ) = . ~ P ~ = l f p . # ~ P ~ and, by hypothesis, g f p ( . : ' ~ P ~ ) ---- lfp(.#~.~P~), the p rogram P is complete. L--/

Example 59. The program in Fig. 10 is a wrong version o f a p rogram verifying satisfiability o f boolean formalas (built with or and neg constructors) which has a

80 M. CotnOli et a L I J. Logit. Prograntmit~g 39 (1999) 43-93

Module "sa t i s f iable" s a t ( t r u e ) .

s a t ( o r ( X , Y ) ) : - s a t ( X ) . s a Z ( n e g ( X ) ) : - i n v ( X ) .

Module " inwl i ( l " , th is m o d u l e is no t supp l ied to the d iagnoscr . inv (false). inv(neg(X)) :- sat(X). inv(or(X,Y)) :- inv(X),inv(Y).

F i g . 10. The program o f Example 59.

miss ing clause. Cons ide r the specifications o f the modu les " 'sat" and " inva l id" , respectively, w.r.t, the a p p r o x i m a t e observable depth(2) answers (z.,, see Section 3.4.2).

.~',2 := sat(x) ~ { {x = tr, te}, {x ---- or(y , t rue)} , {x -- or( true, y ) } ,

{x ---- or(neg( ,~) ,y) }, {x -- or(y . ,eg( .@))} ,

{x = negChd:;e) }, {x = neg(,eg(.@) ) },

{ x = neg( or(.L # ) ) }, { x = or(y, or(S:, ) ) ) } ,

{x = o,-(o,-(x-, i'), y) } },

.Xe':_. := i . v ( x ) ~ { {x = f a l s e } . {x = o, 'Cf . tse, f a t s e ) }, {x = . e . g ( . ' . e ) },

{x = .ez(.eg(.~) ) }. {x = .eg(o,-(.~-, y,)) }, {x = or ( £alse, neg(.~) ) }, {x = or (n~(YD, faL~e) },

{x = o,'(false, o,'(.L p)) }, {x = or(or(.L p)..f.lse) } }.

By a p p l y i n g the def ini t ions , we find out that there are no m- incor rec t clauses a n d then (by T h e o r e m 55) the p r o g r a m is par t ia l ly correct. F u r t h e r m o r e , since the/A-element tr ----- sat(x) ~-~ {x = or(),, true)} is m-uncovered then (by T h e o r e m 57) the pro- g r am is not complete .

The above results show that , i f we split the p r o g r a m a n d the specif icat ion into modules , we can de t e rmine incorrect c lauses a n d uncovered /A-elements by means o f (more efficient) m o d u l a r a lgor i thms. We will now turn to the case where we consider a single m o d u l e (all the o ther modu les m a y be not i m p l e m e n t e d yet), a n d we want to debug it, unde r tim a s s u m p t i o n that all the o ther miss ing modu le s do satisfy their specif icat iops (i.e., are total ly correct). The d iagnos is will still be based on Def- in i t ions 53 and 54. However we have to in t roduce a new def in i t ion o f par t ia l correctness and comple teness for a single module . The new def in i t ions are o f course given in te rms o f the conc le te semant ics o f a modu le P~, which can be de t e rmined f rom the clauses in P~ and f rom the concrete semant ics o f the (missing) modu les used by P~. Since these modu les have not been i m p l e m e n t e d yet, we have only their abs t rac t

M. Comini et aLI J. Logic Programmb~g 39 (1999) 43-93 81

specifications. In o rder to reason a b o u t the correc tness and comple teness o f P~ we need a concre te specification. T h u s we assume tha t the concre te semant ics o f the missing modu les is s imply the concre t iza t ion o f the abs t rac t specif icat ions ~o. Th i s is achieved by first defining the fol lowing concre te ( i f : a u g m e n t e d ) immedia te consequence opera to r :

= u U 7(-.,,,(P,))). Since this o p e r a t o r is con t inuous , the concre te semant ics o f a p r o g r a m modu le P,+ can be then defined as .~~'[[P,]~ ~ .~'[[P~]] 1",,,. This leads to the new no t ions o f par t ia l correctness and comple teness o f a modu le w.r.t , the in tended abs t rac t semant ics o f the whole p rog ram.

Definition 60. Let / : ' l , . . . ,P , be a p r o g r a m par t i t ion ing , ~ be an observable , and ~ , . . . , ~¢~ be an in tended modu les semant ics . A modu le P / i s 1. m-par t ia l ly correc t w.r.t . ~ l , . /~ if ~(~-+~ITP~]])~< , : i 2. m-comple te w . r . t . . / ~ , . . . , J ~ if o¢~ ~< ~(.:+:' ~P,-~). 3. P is m- to ta l ly cer rec t w . r . t . . / ~ . . . . .-¢~, if ~¢(.~+~[[P~]]) = . /~.

T he p r o o f o f the theo rems uses the fol lowing (con t inuous) abs t rac t (+~'~-augment- ed) immedia te conseqaence o p e r a t o r and its fixpoint.

Theorem 61. I f there are no m-hteorrec t c lauses in P~-, then P~. is m-par t ia l l y correct , , , . r . t . . . . . .

Proof. By hypothes is , for a ny clause c in P/, . ;~[{c}] ( .¢ i f lL juse (Pi ) )<~ j i . Hence ~ P ~ ( ~ ¢ ~ ) <~ o¢~. Now, by defini t ion, ~~'~[[P,]I(.:~) = . ~ [ P ~ ( - / ~ ) and then . : / is a pre-f ixpoint o f : ~ ' ~ P ~ . Then, since ~ ( . ~ " ~ P ~ ) ~< 5/---~'[[P,]] = ! f p ( , ~ P , . ~ ) .<..,¢;, P, is m-par t i a l ly correc t w.r.t. J ~ , . . . . . :~". El

Theorem 62. L e t ~ be a comple te observable a n d P~ be an m - c o m p l e t e m m h d e w.r.t. .fr~ . . . . , Y ~ , :for s o m e 1 <<. i ~ n. I f there ex i s t s an m- incorrec t clause in Pi, then Pi is no t m-par t ia l l y correct.

Proof. By m-completeness of Pi, J~ ~< ~(,W/'[~P/I]) = 5~'.[P/]]. By monotonicity of ~ [P/I, ,#~ [ [ P / ] ( J ~ ) - . ~ [[P,-](.#x ~P , - ] ) - . ~ ' ~ P , - ] . On the o the r hand . by del ini t ion. ; ~ ' [ [ P ~ ] ( . / ~ , ) = ~#~I[P/]](,/~). Thus, a;gJ~ and a~<.~{c}]}( ,~ '~) implies ~r ~ . ~ and a ~< ;~ '~P~]] i.e., P~ is no t m-par t ia l ly correct . []

Theorem 63. L e t Pi be m-par t ia! ly correct w . r . t . , f ~, . . . ,+ ~ r ~ , j b r s o m e I <~ i ~ n . I f there ex i s t s an m - u n c o v e r e d ~ - e l e m e n t in Pi, then P~ is not m-conwle te .

Proof . Since ~ is approx ima te ,

to Note that the concretization ;,(./x) of the abstract specification .~¢~ is the maximal of all possible concrete specifications .~' which ,~ represents. Indeed, for any .Y such that ~(,¢) = . / ~ . . / _ 7(.Y~).

8 2 AL Comini et al. I J. Logic Prt~gramm#tg 39 (1999) 4 3 - 9 3

:.,I '~'~ ( . % ~P,~ o ~)(ar) -~

~z o .~P/]](~,~(.Zg') U (Uv(use(P~.)))) o,~[P/]](,.Y{" U (U 7(use(P~)))) 1>

(~ o . ~ " f[e,.]])(.x,").

Hence,

[by definition]

[ s ince~[[ - ]] is correct]

[since 7~ _ id] [by definition]

~(.~,7 ",', [[p,~]) = [since --~"'[[P~]I is a f ixpoint o f =~"I[P~]]] ~(.~e" ~P/~(X~"" [[P~.~)) ~< [by the previous result]

2 ; . . 9 " ~ ,.¢~'[[P~(0~(,~-e'[[P,.]])) ~< [by mono ton ic i ty o f :~/'~ [[P~]] and m-par t ia l correctness o f P~]

,2, - ¢ : , i , ~ [[P~][(.¢~) = [by definition] , ~P ,~ ( .¢~ ) .

Now, if ,r is an m-uncovered A-e lement (i.e., tr <~.f; and a f_ ~"[~P~]I(J/~)), then a~< ,/~ and t r ~ ~( ,~/ '~-P~) , i.e., P~ is no t m-comple te .

Theorem 64. Let ~ be a complete observable and assume that .~" [[P,.~ has a unique .[iAy~oint ( J b r some 1 <~ i ( n ) . I f there are no m-uncovered /~ -e l emen t s in Pi, then P~ is ,ol-contplele w.r.t..1:1 , / n

Proof. Absence of m-uncovered A-e lements in P,- implies .¢~ <~ . ~ P d t ( . ¢ ~ ) . Since, by .), ~¢, i • i • definit ion, ,~~[[P,.~](.¢~) - - ~ P , ~ ( . f x ) . - ¢ ~ ~< , ~ ~P~(.f~), Le., .¢~ ~s a post-f ixpoint

~'~"~P~ and. by Ta r sk i ' s t h e o r e m . . ¢ ~ <~gl 'p( ,~ '~P~.) . Now, by hypothesis , o f ~ gfo(,~ '[[P~]]) = /.Ij~(.¢~'[[P~]) = ,~ '~P~]] . Thus , J ~ ~< ,~'~'[[P~]], i.e., P~ is m-comple te

t. ! n w . r . t . . ] ~ , . . . , . f ~ . []

Example 65. The p r o g r a m Pace in Fig. I 1 is a wrong version o f a module o f an a u t o m a t o n which recognizes the language L -- {(ab)" ! n >f 0} O {(ab)"a I n .>t 0}, The comple te p r o g r a m is in Fig. 9, and the comple te d iagnosis is in Example 51. Its specification and the one o f the o ther module w.r.t, the depth(2) answer observable (z2) are, respectively,

. ~ , : - a , . c ( x ) ~ { { x - [ 1}, { x -- [bl}, { x : [b, al.~l} },

• #"r_. := accep t (X) ~ {{X = []}, {X -- [a]}, {X -- [a,/~[.i']}}.

Let .¢, := .¢~.t5.#"~2. By applying the m o d u l a r diagnosis

, : : ' E e . , , j ( . / ~ ) = , , ~ . , . ( x ) ~ { { x = [b]}, { x = [b, alx-l} } 2 ~ 2 *

Hence we find out tha t P,,,~ is m-par t ia l ly correct (wi thout actual ly c o m p u t i n g ..~ *" [[P,,,,:]]) and that the A-e lement a c e ( x ) ~ { x - - [ ] } is m-uncovered and then

acc ( [b I Xs]) : - accept (Xs) .

F i g . I I . T h e p r o g r a m o f E x a m p l e 6 5 .

?d. Comini et aL i J. Logic Programm#*.g 3~ (1999) 43-93 83

(by Theorem 63) the module is not m-c~mplete (and the entire p rogram is ~ot complete).

Theorem 66. L e t P = Pt U . - - U P , . I f a l l the m o d u l e s P,. are m - p a r t i a l l y con ' ec t w.r. t . .~;~ . . . . , .~r~. then P is p a r t i a l l y correc t w.r.t.J~. M o r e m ' e r . i f P has a un ique f i x p o i n t an t i a l l the m o d t d e s Pi are m - c o m p l e t e w.r . t .J l~ . . . . . .gn then P is c o m p l e t e w.r.t . .J¢,.

Proof. We prove the two points separately. P a r t i a l cor recmess : Let JF = U~ "~'~- For any i,

Thus L]~ :~'~[P~]](.,'g ") >/ .o[P~( .~ ' ) and the following facts hold.

~(.~I[P~) -~ [by the previous result], ~(L]~~" [P/~) = [by additivity],

i

U i e ( . ~ " [Pi~) ~ [by m-part ial correetness],

LJr ' : ~ = "~" Comple t enes s . First of all note that, if the hole program P Ires a unique fixpoint,

than also any module P, must have a tmique fixpoint and tii-~/; e" [[P~]~ E .~[[P~. Thus the following facts hold.

.J¢~ - H jci

i

[by m-partial completeness], [by additivity], [by the fixpoint uniqueness ofP],

9. Conclusions and future developments

We have introduc,,'d several effective techniques to perform the diagnosis o f pure logic programs. Partial diagnosi,~ can be used whenever we h a v e a (finite) partial knowledge about the intended behavior. This knowledge can be derived from symptoms detection (performed using testing techniques) and symptom-directed queries to the user, as in the symptom-directed debuggers. One might think of other partial knowledge acquisition techniques,

Diagnosis w.r,t, approximate observables is instead useful when one wants to perform the diagnosis w.r,t, propei-ties which can be modeled by approximate observables. This is interesting, because several useful properties are modeled by approximate observables or by observables which can be systematically refined to approximate observables.

More general properties (such as those used in p rogram verification) can only be handled through assertions in a suitable formal language. We ate currently looking into the problem of modeling these properties using abstract interpretat ion techniques, with the goal o f handling them as approximate observables. This would make our results applicable to the more general case.

Abstract diagnosis can be turned into a more practical tool by extending it to the case of real-life logic languages, e.g. P R O L O G . It is worth noting that this can easily

84 M. Com#l i et ai. ! J. Logic Programnling 39 (1999) 43 -93

be done, once we have a semantics f ramework for P R O L O G gimilar to the one we have used here for pure logic programs. Such a f ramework has indeed already been defined [32]. It handles almost all the impure features o f P R O L O G (including cut). The collecting semantics has all the propert ies which are relevant to diagnosis, namely the condensing proper ty and the equivalence between operat ional and denotat io~- al denotat ions.

Ano the r relevant issue is related to the abst ract opera t ions associated to an observable. In this paper we have considered the case where the abstract operat ions are systematically derived from the concrete ones and are optimal. Our results are still valid if the opt imal abst ract opera t ions are replaced by (correct) non-opt imal operat ions, as one does in most practical abstract interpretat ion f rameworks . Since this leads to a fur ther loss o f precision, the accuracy of the diagnosis me~hod will o f course be affect- ed. The same arguments apply to the case o f non-condensing observables.

Finally, let us mention that some recent results on the reconstruct ion o f verifica- t ion techniques by abst ract interpretat ion [33] show that it is quite easy to extend abstract diagr, gsis to specifications consisting of pre- and post-condit ions. Handl ing pre-condit ions simply requires the choice of a more concrete co lec t ing semantics, model ing call pa t terns in addi t ion to computed answers.

Appendix A. Proofs of Section 3

First o f all observe that the operat ions @, @~. and I satisfy the following properties. These propert ies are the ones we use to define approx imate observables, and will Ill- low us to reuse the p r o o f o f the theorems for complete observables in the corresponding theorems for approx imate observables. Let d , di E rE.

ca,'({O}) = q). (A. I ) ®, ®~. and I are addit ive on E. ® is associative, while @=._ ~. is associative in the following sense. I f {y} c_ {z'} _c {z} then

(l.:, ®i' d2) ®~. e3 = S, @i' (<12 @~; F~.~). (A.2)

F o r any x , y , z. and v.

(e;~ ~y.(. {I}) ®i e,_, = .e;, ~.©i g_-, (iO}®e;,)l==~l=, (A.3)

F o r any x , y , z such that x . y C z.

(e,, ~>~. e,2)l.. = (e,',l: ®~. e,.-)l, and

(~, ®~. ~.-)1= = (~, ~ . ~21,.)1=. (A.5) Let x C_ z and n ~. 1. If for any i E [l,n]. car(d,~)n ( v a t ( d , ) u z) c_ x then

~ ® (~, ® "'" ® ~',,) = ~:~:x (~', ® --- ® d,,,) (A.6)

and if (or any i E [i,n]. var(~) f7 (var(¢5~) U z) c_ x then

~6'i ® ' " ® d,,) @ ~/-- (dr @ . . . @ E,,,) @:~ ~. (A.7)

Now, we can prove the theorems.

Preof of Theorem 3. Point 1. We prove the two inclusions separately.

AI. Comini et al. / J. Log&" Progra~uning 39 (1999) 43-93 s5

( c ) The proof is by induction on the number n of atoms in ~,,At . . . . . A~. (n = 1) Assume that E E ~ [ ~ , p ( x ) in P][. Then, by definition of ~ ~. ], there ex-

ists a derivation of length k

~,~,(x) ~ ~ ® ~ , B ~ ~ - . . ':'---L ~ ( ( ~ ® ~ z ) - - - ) ~ # , ~ , ~ P P P

such that E E (((d ®~1) . . . )®~)~) [ , . By associativity of ,3} and by Eq. (A.4), • J ¢~'P E ~ (~ ® E,')i x = (d '® ({0} ® ~ ))Ix, where = d'~ ®- - - ® $'k. Moreover. by defini-

tion of derivation, for any i ~ [l,k]. v a r ( c ~ i ) n v a r ( E , ) C {x} and the~'efore by Eq. (A.6), ,f;@ [{0} ® ~') = ~, @~ ({~} @ ~'). Then, by the previous results and by Eq. (A.5), ~ E ($'®~ ({q)} ®,~")lx)l~. Moreover, by definition of derivation, by Eq. (A.5) and by associativity o f®, {{~},p(x) --~* {0} @ ~ ' , O and therefore, by definition of ~c,~p]], ({0} @ ~')lx ~ C~P~(p(x ) ) .

fhese results, together with the additivity of @~ imply that E ~ (~ ®~ ~ [[P]](p(x)))[ x and complete the proof of the base case.

(n > 1) To simplify the notation, let us denote by z, z' and y~, for i ~ [l,n], the variables v a r ( A i , . . . , A , ) , t , a r (At , . . . ,A ,_ l ) and t ,ar(Ai), resoectively. Assume that E E .#~' ,A~ . . . . A,, in P]}. By definition of .~,/~-]], there exists a derivation

. . . . . . % - - ~ c~ .~ such that E e ~'[:. Then. by definition of derivation, by Eqs. (A.I) an~ (A.4) and by associativity of ®, there exist two derivations {0},A~,.o. ,A,_~ -~L ~ e {¢)} ® ~ ' , O and (0)},A,, -~q* {0} ® $ " , O such that

= ~ ® ~,' @ ~" = d @ ( { 0 } ® ~,') @ ( { 6 } @ ,~"), ( A . 8 )

where the last equality follows by Eq. (A.4). Then, by definition of ~IT "], ({0} @ ~')1:, c ,~[[.4~ . . . . . A,,_~ in P]j and therefore, by inductive hypothesis,

({o} ® , , )1~., c (A.9)

Moreover, by definition of tY'[[ - ]],

(i0} ® ~,")I,.o c_ e~e)j(,~,,). (A.10) blow observe that, by definition of derivation, by associativity of~. and by Eq. (A.6),

e, @ ( {0} .~ ~ ' ) @ ({t0} ® e,") = (e, ® ( {0 } ® e,')) ®.~., ( {0 } ® ~,")

and

e ,® ( {e } ® ~ ' ) = e, ®::, ( {O} ® ,~').

Then by Eqs. (A.8)-(A.10), by using repeatedly Eq. {A.5) and by additivity of ®.

gl= = (~ ®i ' ({t,~} ® e,")l~., ®.~. ({O} ® ~")l,..)l= c_ (d; ®~, ( {0 } ®~1, t ' i [e~(~, ) - - - ) I - , ®.~;, ~'?I[P]i(A,,))I=

= (~ ®', { e l ®~.' ,'rkl[P]J(A,) @.~._. • -- ®.~. #[[P~(A,,))I:. Then, by using repeatedly Eq. (A.2),

~1: c_ (e, ®~, {0} ®~., e~P~(A,)®~.., . . .®£ e ~P~(A,,))I: and therefore, by Eq. (A.3),

all: c_ (er ®.~., e l [ e l ( a , ) ®.~.. • .- ®£ e:l[P]](A,,))l=. This completes the proof of the first inclusion.

86 M. Comb~i etal. i J. Logic Programming 39 (1999, 43-93

(_D D) Let us denote by z and j,i the variables car(A, . . . . ~¢) and var(Ai), for i ~ [1, n], respectively. Assume that E E (~®~., d~P~(At)@~....@.~;e~P~(A,,))'i:. Then, by addit ivity o f ®. for any i E [I.n], there exists Ei E 6~P~(Ai) such that

E ~ (e:, ®~., { E , } <~.~.: . . . . ~.,, {E, ,})I . . ( A . l l )

By definition o f C~P~, by Eq. (A. ! ) and by associativity o f @ this means that, for any i G [l n], there exists a derivation {0} ®A~ :-~q" {0} @ g~.el, such that

L * p •

E; E ({0} @ ~,)lj., and therefore, by additivity of0-~ and by Eq. (A.I 1),

where the last equali ty follows by Eq. (A.3). Now observe that , by definition of @.~., we can assume that for any i , j ~ [I,n], i C j . var($)Near(d~) C. var(Ai) and t ' a r (d ; i ) N rar(~i ) = 0. Then. by definition of derivation and since ® is associative,

6 ~ . A ~ . . . . , .4, :--~q ~ ~ ® g; n, A_, . . . . , ,4,, ~'..-L" r7 @ 61 7>~ -- - @ ~ ,,, O P P

and therefore

( ~ ® ~'t @ . . . . ~ rT,,)l, c_ .~[[~. ,4t . . . . . A, in P~. ( A . 1 3 )

By the previous observat ion on variables and by Eqs. (A.5) and (A.7), (g;, :.;~ ~ ~ • 6:_ . . . . @ g],,)l= = (?' '~"-.r, ~t!j,. @:~ ~... " "" @;.," ?;,,l,.,. ) This. together with Eqs. {A.13) and (A.12), implies that E E .¢/[~E;,AI . . . . ,A,, in P~ and completes the proof.

Pohtt 2 The p roo f that .:~0[[p]] is cont inuous on ~: is s t ra ightforward by observing that @.~. and I are additive on (~, c ) .

Point 3. We prove the two inclusions separately. (___) By definition o f -~ [P i ' ] and by cont inui ty o f .~P~._~. for any a tom p(x) ,

. ~ P ~ ( p ( x ) ) = Uh ~o( '~P~ Th)(P(X)) - Then we have only to show that. for any h. • ~[~P~ l"t, ~- C ~P~. The p r o o f is by induction on h.

(h ----- 0) S t ra ight forward , since . ~ P ~ T0=2.~: ___ ~' ~P]]. ( h > 0 ) Assume that E ' E (,~0~pj] b,)(p(x)) . By definition o f /:~P]I, there

exists a renamed clau~e of P, c----p(x) ,-- E,A~ . . . . . . L,. such that E' ({g} :;~., (.¢~P]] ] ' h_~) (At )@~. , " '~ . , (.¢I[P~ r,,_,)(A.~)I~, where z = v a r ( c ) and for i q [1,~} l, y~ = rar(A~). By a~lditivit~ 7 o f :-~: and [, for any i G [l ,n], there exists E~ (,¢~P~ b,-t)(A~) such that

E' e ( { E } @'~ .,., {E, } @~., • • - %.~ {E,,})I.,. ( A . 1 4 ) N o w observe that, by definition of ~ . , we can assume for any i , j ~ [l ,n], i # j . rar(E) f3 rar(E,) C .t'i and t,ar(Ei) Cl car(E~) = q).

By inductive hypothesis, l o t any i ~ [I ,n].E~66[[P,~(A~). Then Point 1 nmphes that there exnsts a derivation {O}.A~ . . . . . A , , - "{E },12l. such th'4t {E }1-,---- ( ~ } ~;., {E~} @;... " ' " ~ . , {/~,,})1-,,. ~qwhere ~---- rar~'A: . . . . . A,,). Moreover , by using the renamed clause c. ~0} .p(x) - -~{0} ® {E}.At . . . . . A,,. Then, by using the previous two derivations, by our hypothesis on variables, by Eq. (A.4) and by associativity o f ~ , we obtain the derivation

10},p(x) ~-~ ~0} ~ ~ } , A , , . . . , A , , ~'--~'" l~:} ~ {E"},O p

and, by definition o f (: ~F~,

~ . Com#ti et aL ! J. Log&" Progrtumr;;tg 30 (1099) 43-93 8 7

({E} ® {E"})lx c_ e::~P~(p(x)). (A.15)

Moreover , by definition o f derivation, by Eqs. (A.6) and (A.5)

({E} ® {E"})lx = ({E} ®~, {E"})lx = ({E} ®~, {E"}I.~)i~. Then, by definition of E", by Eqs. (A.2) and (A.3), ({E} ® {E"})[x = ({E}®~., {E,}~.~. ---®~. {E,,})[,, and therefore, by E q s . ( A . 1 4 ) and (A.15), E' E C:~P](p(x)) 'and tl{en the thesis.

( 2 ) Assume that E E 6~P~(p (x ) ) . By definition o f C[[P~ there exists a derivation {0},p(x) '? >* d. O o f length h > 0 such that E E ~[x- We prove by induction on h p •

that E E (.#~P~ ]h)(p(x)). e q

(/I ---- I) I f there exists a derivat ion {q)} ,p(x) --z-~" {0} ® { E ' } , O o f length 1 then p ( x ) E ' , O is a renamed clause o f ~ v ~- /~ and hence, by definition of .#~P]] and by Eq. (A.3), ({0} ® {E'})I~ ----- {E'}tx E ( #~P~ Ti)(p(x)) and then the thesis.

(h > 11) Assume that there exists a derivation ~-~.! ¢ q

{0},p(x) - -~ {0} ~ {E ' } ,A , . . . . . A , , - - ,~ ,~ .O p p

o f length h > I and let y~ = var(A~), for any i E [1, ~l]. By definition, since ® is associative and by Eq. (A.I ) , there exists a derivation

c q

{0},At . . . . . .4,, ---** {0} ® d, ' .O whose length is h - 1 Then. by associativity o f ;~:, and by Eq. (A.4),

d = {E'} ,~ d ' = {E'} ,~. {(3} ~ d ' . (A.16) c q Moreover . since the length o f the derivation {O} .Ai . . . . . A,, ---~" {(3} Q d,'. Q is h -- I,

the same a rgument used in the p roo f of Point I shows thatefor any j ~ [1. n], there exists a deriv,.,tion {0}. A1 ----~*e [0} Q ~/, O. whose length is I, ~ h - I. such that

{0} ~:~ d ' = {0} ® ~, ~,~ . - . ® d,, (A.I 7) and, for any i,.i ~ [!, n], i # j ,

(va r ({E '} )U { x } ) N v a r ( d i ) C_.l'i and

(['a,'(~'i) U { S } ) n [ " ' " ( ~l ] ) = ~ .

The definition of d~-PJ], (A.3), the inductive hypothesis and the monotonic i ty o f ~#[[P] imply that d,;[~, c (,4~'~P~[h_t)(A~), for any i ~ [l ,n]. Moreover , since by by- p o r t ' s i s there exist.~ the derivation o(x) _L~ t ~'~.A, " A. o f length l, thcrc cxis'ts a renamed clause o f P, c - - p ( x ) ,----E",AI~ . . . . .4,,, such that {E'} = {0} ® {E"}.

Then. by Eq. (A.4). by definition of .#~P1]T~, and by the additivity o f ®. ({E"}®~,, ~,I.)', ~ . . - - , . ~ , . ~,I,. )Ix = ({E'} ®~ ~ , I , o ~ . . . . ®~ ~,,l. )I., c (:#,~P~b))(p(x)) where z = var(c) . Now, analogously to the p roof o f Point 1. by our h3pothesis on variables, ({E'} ®~. title,, ®~. --.®~. d,l~;,)lx = ({E'} ,~d,t ® - - - ~ e ~ , ) [ x . These re- suits, together witla Eqs. (A~."i6) aricl (A.17). imply that ~"[, c_ (.#~p~ ln)(p(x)) and then the thesis. []

P r o o f o f Theorem 6. First o f all observe that, by Definition 5 and by defin'.'tion of and J, ~ is associative, ~, and T are additive and for any , ~ , d l , . . . , $ , , E E the following facts hold.

(7~(d,[x)) =~ ;'(m(d,))t x) and (A.18)

~(dl ® ' ' - ® d,,) = ~ ( d l ) ~ - - - ~ ( d , , ) . (A.19)

88 AI. Comini et al. ! J. Logk" Programc:htg 39 (1999) 43-93

N o w observe tha t by definit ion o f :~[ - i], and since i is addi t ive and idempc\tent, tor any goal ,6,, G,

.~ [~ , G in P]] = (.~116", G in P]])I,.,,,(a)). ( A . 2 0 )

Analogous ly , for any .¢ ~ fie,

(.~2[[P]](.,c)(p(x)))l.~ = :~[P](.~)(j~(x)). (A.21)

Moreover , by Eq. (A. ! 8), for any C ~ C,

~ ( c ) = ~.6.(~(c((;)))L, , . (~) = ~.6.~((c(~))1,,,,.,~)). (A.22)

Then, by definit ion o f ® and since for any C ~ C and any goal G, C(G) c_ (C(G))I,.,,,.I6) and (C(G))I,.,,,{a) is the se$ o f all solved forms o f all the e lements in C(G) (restricted to var(G)), for a~y ~, ~ E,

~.. (c(cO)l , . , , . ( , ; ) = e; ®~,. c(a) .

";'hen, by using Eq. (A. 19), we can prove

(A.23)

D~;(~(C)(~)) = o ~ ; . ~ ( c ( ~ ) ) .

Moreover , by definit ion o f Galo is insertion, for any C~ ~ C,

(A.24)

(u) ( u ) - C, = ~ ((7o:0(C,)) = H:~(C,). (A.25)

Now wc can prove the theorem.

Point I. First ofall observe thd, since :~: IE --, D is a complete observable, then it is a congruence w.r.t, renaming. Then (by using an inductive argument), from any deriva-

tion ~,G Yq, ~:',O we can build (a variant of) an abstract derivation ~(~). :~--eq ' t P - - ~ e(d, ), O which uses suitable var ian ts o f all the clauses in the concrete deriwt- e

tion. Similarly for any D' ~ D there exists $ ' E [ such that D' = ~(,~,') and f rom ~(N), G ~ EY, B we can build (a v a r i a m of} the der iva t ion ~, G ~q, N ' ,B. Since .~ [ - ]] (anc~ .c/~[ • ]])collects any var iant o f the [abstract} der iva t ions then the fol lowing facts hold.

~ ( . : ~ , ~ in el) =

,,, ~ , . G-.-~-' ~- , 4 U { , I , . , , .~ ~ ~ . ,~ ,o}) = P

t :q - n

p

; ' ( (~ (~ ))1,.,,,.,;~)I & G ~-q,~'.oF) = x, i 1~$ i , P

p :t - e q

O{Dl:,,,,(a~ I ~ (~ ) -a - - - - , ' , o ,O } = P

[by defini t ion o f .~[[. ~ ] [by (l)] [by (A.I8)]

[by the previous obaervation]

[by defini t ion o f U]

[by defini t ion o f , ~ . ~]

and therefore

Ag. Comini et ai. / J. Logic Programmit~g 39 (1999) 43-93

~(~ ,~ ,~) =

~((2p(x). .~[~r)(x) in P]])/~.~: ) -- (u(2p(x).~[[p(~-) in P]~))/-_.. = ( 2 p ( x ) . u ( . ~ ) ~ ( x ) in e]]))l__-., = ( 2 , ( x ) . . # ~ p ( x ) in P ] ) /= . . --

[by def in i t ion o f C~P~] [by def in i t ion o f --~] [by Eqs. (A.22) a n d (A.20)] [by the p rev ious result] [by def in i t ion o f ~%~-P]]]

89

Po#~t 2. Let z a n d .)'~ be the va r i ab les c a r ( A ~ , . . . . A n ) a n d var(Ai) for i ~ [1,n], respect ively. Fi rs t o f all n o t e tha t since D is finite a n d re levan t w.r. t , z (by :~ add i t iv i ty ) there m u s t be a finite a n d re levan t (w.r. t . z) e l emen t o# ~ ~ such t h a t :~(g) = D. H e n c e o #, A~ . . . . , A,, is an e q u a t i o n a l goa l a n d then the fo l lowing facts hold .

,¢):,[[D,A~,... ,A,, in P]] --

~ ( , ¢ 3 ~ , A i , . . . ,A , in P ] ) =

~ ( ( d ®~., C[[P]](A,) ®~... " '" @:y,, c r [P~(A,)) I : ) --

(D@~., ~( C~P~(A, ) )@~.. . . . @~.,,~( ~/[[P]] (A,,)))I; =

(O@~., (u( ([< ~P]])(A, ) )@~.- . . @~., (:t((" ~P]]) (A,,)))[: :

(o~,, e~e]lCA~ ),~.~., . . . . 5~.,;, e ~ ~P]l(a,,))~:.

Poin t 3. T h e fo l lowing facts hold .

[by Pt. 1]

[by Pt. 1 o f T h e o r e m 3]

[by Eqs. (A.18) a n d (A.19)]

[by Eq. (A.24)]

[by e t . 1]

~( :~[[P]](J)) = [by def in i t ion o f .~[~P~]

~t(2p(x). U { ~ t c = p ( x ) +-- E,+fl . . . . ,d, , is a r e n a m e d c lause o f P,

z = t ,ar(c), for i E [l,n],.t ' i : car(Ai) , -- ({E} @~.~ J ( A ~ ) @:_.).. --- ®~." .9~(A,,))I~}) = [by Eq. (A.21)]

2p(x ) . ~ ( U { d l c ----- p{x) ~-- E , A , . . . . ,A,, is a r e n a m e d c lause o f F.

Z = ~,ar(c), for i E [1, n],y, = car(A~),

8 ' - - ({E}@~., . / { A , ) .._.y.'.~: . . .®~, , .~:(A,))Ix}) ----- [by Eq. (1)]

2p(x) . ~ ( U { 7 ( D ) I c = p ( x ) +- E , A , . . . . ,A,, is a r e n a m e d c lause o f P,

Z -- ~'ar(c), for i E [ l , n ] ,y , = var(Ai) ,

D = ~(({E} ®]., .~'(A,) ®~. . . . . ~ . J (A, , ) ) [x)} ) -- [by Eqs. (A.18) a n d (A.19)]

2p(x ) . ce(U{3,(D) [ c = p ( x ) ,-- E . A , . . . . . A,, is a r e n a m e d c lause o f P,

z -- var(c) , for i ~ [l ,n], .v, ---- t, ar (A, ) ,

D = (z({E})@~.~(.¢(A~))@]. ._.- - ~ , ~(.9"(A,,)))[.,}) = [by Eq. (A.24)]

2p(x ) . ~ ( L J { 7 ( D ) I c : p ( x ) +- E , A , . . . . . A,, is a r e n a m e d c lause o f P,

z = car(c) , for i E [1, n ] ,y i -- var(A~),

D - = (~({E})@~.L (~(J)(Ai))@]._. - - - ~ . ( : t ( . t ) (A , ) ) ) [ .~} )= [by def in i t ion o f O ]

90 M. C o m i n i et al. I J. Log i c P r o g r a m m i n g "39 ( 1 9 9 9 ) 43 93

2p(x) . U { D [ c = p ( x ) ,--- E, A n , . . . , A,, is a r e n a m e d clause o f P.

z = vat(c) , for i C [1. i l ] . J , i = var(Ai).

D = ( ~ ( { E } ) ~ . ; ( : t ( . ¢ ) ( A , ) ) ~ . . _ - " ~ . , , ( ~ ( . ¢ ) ( A , , ) ) ) ] x } = [by def ini t ion o f . ~ P ] ] ]

.¢~/P~(~(.¢)) .

F y i ~___ Point 4. Let {.Y,,};~-; C_ B~, be a chain, kVe prove tha t U{.~,i[P~](. ~)};~; Z ~ f g , ' i . .¢:, l [P]](u{. :, },~,)

. z j ; [ ' U{-P,~P] ] ( . ,) }i~,,

~ (U{ 7(.¢~, EP~(.Y~) ) } ,< , ) =

:~(u{ ; '~( -~I [P~ ( ; ( . % ) ) ) },~, ) = ,.4, " . i :~ (U {-~I].P]] ( ; ( .Y , ) ) },c:, ) =

~ (.~[[P]~ ( u { ;,(.¢'~, ) } ,~, ) ) =

.¢~, [[P]] (~(U{','(.Y'~,) } i~, ) ) =

.~, ,~P]](G{.% },~,).

[by de~n i t ion o f LJ] - .

[by Pt. 3 and since ~,' = ' id]

[by Eq. (A.25)]

[since .~[P~] is contint lous]

[by Pt. 33

[by aef in i t ion o f u]

Pohtt 5. Firs t o f all observe that . by Point 4 and a s t r a i g h t f o r w a r d induct ive ar- gumen t , V,, >i O. x(.¢~P~ L,) = .¢,~P~ [,,. Therefore .

a(.~i[P]]) =

~ ( . ~ P ~ r , . , ) =

~(u{ . '~e] l 1,,},, ~ , , ) = :~(U{:,'~(.¢I[P]] 1,,) },, ~ . ) =

tA{:z(.¢~P~ [,,)},,-..,, =

IS-I{-~:~t~PJ] [,, },, >~ ,, --=-

.~':,I[P]} L., =

.~~,l[e]].

[ by def in i t ion o f . ~ P ] j ] .

[.¢[[P~ is cont inuous] .

[by Eq. (A.25)],

[by def ini t ion o f l_TJ].

[by the previous observat ion] .

[ . ~ P ~ is cont inuous] .

[by def ini t ion o f .~r [[p]~].

Point 6. S t r a i g h t f o r w a r d by Point 3 o f T h e o r e m 3 and by Points 1 and 5. []

P r o o f of Theorem 8. Fi rs t o f all note that a more general p rope r ty o f Eq. (A.5) holds. N a m e l y . for any x . y , z such that x U) ' ~ z.

(6", 6~.~. 6"2)1., = (dlb: ~:.~.~. e~z)l.,. (A.26)

We prove Point 4. ~( .~P~(; ' ( .~ '~))) = [by def in i t ion o f ~]

;.p(x). (~(-¢~P~(;(-¢~))))i.~ = [by def in i t ion o f . ~ - ~]

; .p(x) . ( :x( U {,,~ [ c = p(x)*--- E . A , . . . . . . 4, is a r e n a m e d clause o f P . z = var(c).

for i ~ [ l .n] . y ; = z'ar(Ai),

6" = ({E} ~.~., 7(- t~)(A,) ~ : - ,.. . . . . -'~-~,. 7( -y ~)(A,,))lx } ) ) [ ~ = [by def ini t ion o f 7]

AI. Combl i ('t at. ! J . Logic P r o g r a m m i n g 39 (1999 ) 4 3 - 0 3 9 1

) . p ( x ) . ( ~ ( U { ~ " [ c = p (x )~ - - E . A ! . . . . . A,, is a r e n a m e d clause o f P . z = r a t ( c ) .

for i E [ l ,n] . y , = c a r ( A , ) ,

= [sinceyi t_J x C_ z. by (A.26) and (A.5)]

( z t ( L J {~5- i c = p(x) . - - - E . A , . . . . . A,, is a r e n a m e d clause o f P . z = r a r ( c ) . 2p(x) .

for i E [I. ,1]. 3', = r a t ( A , ) .

= ({E} :~:. 7(-J.(A,)).+,.,._,"~': . . . . *':. ,,7('~'~('4")))1~ } ) ) i . = [by ( 1 ) a n d

by def in i t ion o f t3]

2p( r ) . 0 { D [ e = p ( x ) . - - E . A , . . . . . A,, is a r e n a m e d clause o f P . z = r a t ( c ) .

for i ~ [1 n]. y , = r a , ' ( A , ) . D x(({E} .... : : ' ( .g~(A ))"~': . . . . v : ; . ( . j , A,,)))I~)}j " = ' ~ " J h 1 ~ ' ) ' _ , .... y , , x

= [since ].~ d i s t r ibu tes over sums]

2p(x) . 0 { D I c = p(x)~-- E . A , . . . . . .4,, is a r e n a m e d ch, use o f P . z = r a r ( c ) .

for i C [ l .n] , .I,; : ra, ' (A,).

: ; ' ( . ¢ , ( A , ) ) - ' : - . - < . ' : ;'(.¢~ .4,,)))i~))i_~} t ) = (~(({E} ~ , . ~ , _ , . , .... . , .

= [Point 7 o f Def in i t ion 7]

2 p ( x ) . C J { o [ c = p ( x ) ~-- E . A I . . . . . A , is a r e n a m e d clause o f P . z = r a t ( c ) .

f o r / G [ l .n] . Yi = car (A , ) .

D = (x({E} ~-'.,:., ; ' ( . ¢ , (A~) )S ;~ . . . .~ . , ; ' ( . . ¢~ (A,))))-].,:} = [using r epea ted ly Po in t i

o f Def in i t ion 7 and Z~ def in i t ion ]

2 p ( x ) . U{D I c= p(x) - - E . .4 , . . . . . A . is a r e n a m e d clause o f P . z = r a t ( e ) .

for i E [!. n t, y, = vat(A,) .

D = (zt({E},~.,.;/,(.4,),t~;¢._ •-- .';> :.....,.,, J , (A, , ) ))[ .~} = [by .~ ,~ . ~ defini t ion]

Po in t s I a n d 5 are a s t r a i g h t f o r w a r d consequence o f cor rec tness (extensi,~ity) o f the inser t ion ~t : E ~ E~.

F o r the o t h e r points , first o f all no te tha t Poin t i o f Def in i t ion 7 impl~.es ,~., ~% addi t iv i ty . ~ assoc ia t iv i ty a n d the abs t r ac t c o u n t e r p a r t s o f E q s . (A.2}- (A.4) o f the p r o o f o f T h e o r e m 3. Poin t 2 ensures abs t r ac t add i t iv i ty o f l-

F u r t h e r m o r e no te tha t . by Po in t 1 o f Def in i t ion 7 ( t ak ing x = V) a n d by def ini t ion o f the abs t r ac t ope ra t i on .

(:~({(h})~D)T~ = DT~. (A.27)

92 M. ComOti ct el. / ,I. Logic Programm#tg 39 (1999) 42-93

P o i n t s 3 - 6 ( o f D e f i n i t i o n 7) a n d E q . ( A . 2 7 ) a r e t h e a b s t r a c t v e r s i o n s o f E q s . ( A . I ) , ( A . 5 ) ~ A . 7 ) a n d ( A . 3 ) , r e s p e c t i v e l y . M o r e o v e r , ~ a n d 7 a r e c o n g r u e n c e s w . r . t . r e n a m i n g . H e n c e t h e p r o o f o f t h i s t h e o r e m is t h e s a m e a s t h e p r o o f o f T h e o r e m 3. [ ]

References

[I] K.R. Apt, Introduct ion to logic programming, it:: J. van Leeuwen ted.) , Handbook of Theoretical Compu te r Science, vol. B: Formal Models and Semantics, Elsevier./ MIT Press, Amsterdam./ Cambridge, MA. 1990. pp. 495-574_

[2] K.R. Apt, F rom Logic Programming to Proiog. Prentice-Hall, Englewood Cliffs, NJ, 1997. [3] K.R. Apt, E. Marchiori, Reasoning about Prolog programs: From modes through types to assertions,

Formal Aspects o f Comput ing 6 (6A) (1994) 743-765. [4] K.R. Apt. D. Pedreschi. Reasoning about termination o f pure P R O L O G programs, Information and

Computa t ion 106 ( l ) (1993) 109-157. [5] T. Armstrong. K. Marriott . P. Schaehte. H. Sondergaard, Boolean functions l'or dependency analysts:

Algebraic properties and efficient representation, in: B. Le Charlier (Ed.). Proc. Static Analysis Symposium, SAS'94, Lecture Notes in Compute r Science, ~ol. 864, Springer, Berlin, 1994, pp. 266~280.

[6] A. Bossi, N. Cocco, Verifying correctness o f logic programs, in: J. Diaz, F. Orejas (Eds.), Proc. TAPSOFT'89 , 1989, pp. 96-I 10.

[7] A. Bossi, M. Gabbrielli. G. Levi, M. Martelli, The s-semantics approach: Theory and applications. Journal o f Logic Programming 19/20 (1994) 149-197.

[8] A. Bossi, M. Gabbrielli. G. Levi, M.C. Meo, A composit ional semantics for logic programs, Theoretical Compute r Science 122 (!/2) (1994) 3-47.

[9] K.L. Clark, Predicate logic as a computat ional formalism, Res. Report DOC 79159, Imperial College, Depar tment o f Comput ing. London, 1979.

[10] M. Codish, S.K. Debray, R. Giacobazzi, Composi t ional analysis o f modular logic programs, in: Proceedings of the 20th Annual ACM Symposium on Principles o f Programmin 3 ! :mguages, ACM Press, New York, 1993. pp. 451-464.

[11] M. Comini, Sources of the abstract diagnosis meta-interpreters, Available at http://www.di.unipi.it/ ,-,comini/Projects/.

[12] M. Comini, An abstract interpretation lYamework for semantics and diagnosis of logic programs, Ph.D. thesis, Dipart imento di lnformatica, Universir/t di Pisa. 1998,

[13] M. Comini, G. Le,, a. An algebraic theory of observables, in: M. Bruynooghe (Ed.), Proceedings t~S the 1994 International Symposium on Logic Programming. MIT Press, Cambridge. MA. 1994, pp. 172- 186.

[14.t M. Comini , G. Levi, M.C. Meo. Composit ionali ty o f SLD-derivations and their abstractions, in: J. Lloyd (Ed.), Proceedings of the 1995 International Symposium on Logic Programming, MIT Press, Cambridge, MA, 1995, pp. 561-575.

[15] M. Comini , G. Levi, M.C. Meo, A theory of observables for logic programs, http:l/www.di.unipi.itl --~comini/Papers/, 1996 (submitted).

[16] M. Comini , G. Levi, M.C. Meo, G. Vitiello, Proving p~operties o f logic programs by abstract diagnosis, in: M. Dams (Ed.), Analysis and Verificat~¢~a of Multiple-Agent Languages, 5th LOMAPS Workshop, Lecture Notes in Compute r Science, vol. ! 192 Springer, Berlin, 1996, pp. 22--50.

II7] M. Comini, G. Levi, G. Vitiello, Abstract debugging o f it~gic programs, in: L. Fribourg, F. Turini (Eds.), Proc. Logic Program Synthesis and Transformatio~l and Metapro~ramm~ng in Logic 1994, Lecture Notes in Compute r Science, vol. 883. Springer, Berlin. 1994. pp. 440--450.

[18] M. Comini, G. Levi, G. Vitietlo, Declarative diagnosis revisited, in: J. Lloyd (Ed.), Proceedings of the 1995 international Symposium on Logic Programming. MIT Press, Cambridge, MA, I995, pp. 275- 287.

[19] M. Comini, G. Levi. G. Vitiello, Elticient detection of incompleteness errors in the abstra, ct debugging o f logic programs, in: M. Ducass6 (Ed.), Proceedings of the S ~ o n d International Workshop on Automated and Algorithmic Debugging, AADEBUG'95 , 1995.

[20] M. Comini, M.C. Meo, Composit ionali ty properties of SLD-derivations, Theoretical Compute r Science, 211 (1999) 275~309.

~1I. Coot#li et al. I J. Logic Programmhtg 39 { 1990: . t3 -93 93

[21] A. Cortesi , G. Fil~. W. Winsbo rough , Prop revisited: Proposi t ional formula as abstract d o m a i n for g roundness analysis, in: Proceedings o f the Sixth IEEE Sympos;,,~m on Logic In C o m p u t e r S~.ience. IEEE C o m p u t e r So¢. Press, Silver Spring, M D , 1991. pp. 322-327.

[22] P. Couso t . R. Couso t , Abs t rac t interpretat ion: A unified lattice model for static analysis o f p rograms by cons t ruc t ion or ~lpproximation o f fixpoints, in: Proceedings o f the F o u r t h A C M S y m p o s i u m on Principles o f P rogramming Languages. 1977. pp. 238-252.

[23] P. Couso t , R. Couso t , Systemat ic design o f p rogram analysis lYameworks, in: Proceedings o f the Sixth A C M Syaaposium on Principles o f P rog ramming Languages . 1979, pp. 269-282.

[24] W. Drabent , J. Maluszynski . Induct ive assert ion m e t h o d for logic program~. Theoret ical C o m p u t e r Science 59 (1) (1988) 133 155.

[25] W. Draben t , S. Nadjm-Tehran i . J. Maluszynski , Algor i thmic debugging with assert ions, in: H. Abr~mson . M.H . Rogers (Eds.). M e t a - P r o g r a m m i n g in Logic Programming . M IT Press. Cambr idge . MA, 1989, pp. 383 398.

[26 t E. Eder. Propert ies of subs t i tu t ions and unilication, Journa l o f Symbol ic C o m p u t a t i o n ! (1985) 31- 46.

[27] M. Falaschi. G. Levi, M. Martelli. C. Palamidessi , Declarat ive model ing o f the opera t iona l behav ior o f logic ~',n~tages.~. _ " Theoret ical C o m p u t e r Science 69 (3) (I 989) 289-3 lB.

[28] G. Ferral~d. Error diagnosis in logic p rogramming , an adap ta t ion o!" E.Y. Shapi ro ' s method . Journa l or Logic P rog ramming 4 (1987) i 77 198.

[29] G. Ferrand, The not ions o f s y m p t o m and error in declarat ive diagnosis o f logic programs, in: P.A. Fri tzson (Ed.). A u t o m a t e d and Algor i thmic Debugging. Proe. A A D E B U G "93. Lecture No tes in C o m p u t e r Science. ~ol. 749, Springer, Berlin. 1993. pp. 40 57.

[30] R. Giacobazzi . F. Scozzari, lntui t ionist ic inlplication in abstrz~ct ,nterpretat ion. in: H. Glaser . P. Hartel . t~i. Kuchen (Eds.). Proceedi,~gs o f the Ninth Internat ional S y m p o s i u m on P rog ramming Languages , Implementa t ions , Logics and Prograr~:, PLILP '97 . ! -~cture Notes in C o m p u t e r Science. Springer, col. 1292, Berlin. 1997. pp. 175 189.

[31] J . k Lassez, M.J. Maher . IK. Marr io t t . Unificat ion revisited, in: J. M m k e r IEd.). Founda t i ons o f Deduc t ive Da tabases and Logic Programming. Morga~ Kaulhaann, Los Altos. Ca. 1988. pp. 587-625.

[32] G. Levi, F. Spo to . A denota t iona l semantics lk~r prolog, in: M. Falaschi. M. Navar ro . A. Policriti (Eds. }. P_-oceedings o f the A P P I A - G U L P - P R O D E ' 9 7 Joint Conl}rence on Declara t ive Programming, 1997, pp. 201 212.

[33] G. Levi, P. Volpe, A reconstruct ion o f verification techniques by abstract ~nterpretation. in: ILPS'97. W o r k s h o p on Verification. Model Checking and Abs t rac t Interpretat ion. 1997.

[34] Y. Lichtenstein. E.Y. Shapiro, Abst rac t a lgor i thmic debugging, in: R.A. Kowaiski . K.A. Bowen (Eds.}. Proceedings o f the FiOh Internat ional Confe rence and S y m p o s i u m on Logic Progr~mmming. Seattle. 1988. pp. 5 ! 2 -53 I.

[35] J .W. Lloyd. Declarat ive error diagnosis . New Genera t ion C o m p u t i n g 5 12) (1987} 133 154. [36| J .W. Lloyd, F o u n d a t i o n s o f Logic Programming, 2nd ed.. Springer. Berlin, 1987. [37] P. Mancarel la . D. Pedreschi. An algebra o f logic programs, in: R.A. Ko~vuiski. K.A. Bo~ven IEds.).

Proceedings o f the FiOh Internat ional Conference on Logic Programming . M IT Press. Cambr idge , MA, 1988. pp. 1006 !t~23.

[38] K. Marr io t t . H. Sondergaard . Precise and efficient groundness analysis for logic programs. A C M Letters on Prognmrming Languages .'rod Systems 2 i 1 4) (1903} 181- 196.

[39 t L. Naish. Declarat ive diagnosis o f missing answers, New Genera t ion C o m p a t i n g 10 11991 ) 255 285. [40] L.M. Pereira. Ra t iona l debugging in logic programming, in: E.Y. Shapi ro (Ed.]. Proceedings o f ~,he

Third Internat ional Confe rence on Logic Prognimming. Lecture Notes in Con: f, uter Sci,:nce.. col. 225. Springer. 13,~.rlin. 1986. pp. 203-210.

[41] T. S-kto. lI. Tamaki . Enumera t ion o f success pat terns in logic programs. Tbe,~rctic: ~ C o m p u t e r Science 3~1 (1984) 227 24{I.

[42] F. Scozzari. Logical opt imal i ty o f g roundness analysis, in: P. Van l tentenrycL led . ) . Proceedings o f Internat ional Static Analysis Sympos ium, SAS'97, Lecture No~es in C o m p u t e r Scioace. col. 1302, Springer. Berlin. 1997. pp. 83-97.

[431 E.Y. Shapiro. Algor i thmic p rogram debugging, in: Proceedings o f the Ninth Annucl A C M Sympos ium on Principles o f P rog ramming Languages. A C M Press, New York, 1982, pp. 412m531.

[441 L. S ter l ing E.Y. Shapiro. The Art o f Prolog. M I T Press. Cambr idge . MA, 1986.

Documents

Abstract diagnosis