The Correctness of Set-Sharing

ion function, generalised to allow for non-idempotent substitutions. We conclude in Section 5. 2 Equations and Substitutions 2.1 Notation For a set S, #S is the cardinality of S, }(S) is the powerset of S, whereas }f(S) is the set of all the nite subsets of S. The symbol Vars denotes a denumerable set of variables, whereas TVars denotes the set of rst-order terms over Vars for some given set of function symbols. The set of variables occurring in a syntactic object o is denoted by vars(o). 2.2 Substitutions If x 2 Vars and s 2 TVars , then x 7! s is called a binding. A substitution is a total function : Vars ! TVars that is the identity almost everywhere; in other words, the domain of , dom( ) def = x 2 Vars (x) 6= x is nite. If t 2 TVars , we write t to denote (t). Substitutions are denoted by the set of their bindings, thus is identi ed with the set x 7! (x) x 2 dom( ) . The composition of substitutions is de ned in the usual way. Thus is the substitution such that, for all terms t, ( )(t) = ( (t)). A substitution is said circular if it has the form fx1 7! x2; : : : ; xn 1 7! xn; xn 7! x1g. A substitution is in rational solved form if it has no circular subset. The set of all substitutions in rational solved form is denoted by Subst . 2.3 Equations An equation is of the form s = t where s; t 2 TVars . Eqs denotes the set of all equations. We are concerned in this paper to keep the results on sharing as general as possible. In particular, we do not want to restrict ourselves to a speci c equality theory. Thus we allow for any equality theory T over TVars that includes the basic axioms denoted by the following schemata. s = s; (1) s = t () t = s; (2) r = s ^ s = t =) r = t; (3) f(s1; : : : ; sn) = f(t1; : : : ; tn) () s1 = t1; : : : ; sn = tn: (4) Of course, T can include other axioms. For example, it is usual in logic programming and most implementations of Prolog to assume an equality theory based on syntactic identity and characterised by the axiom schemata given by Clark [3]. This consists of the basic axioms together with the following: :f(s1; : : : ; sn) = g(t1; : : : ; tm) (5) 8z 2 Vars 8t 2 (TVars nVars) : z 2 vars(t) =) :(z = t): (6) The identity axioms characterised by the schemata 5 ensure the equality theory is Herbrand and depends only on the syntax. Equality theory for a non-Herbrand domain replaces these axioms by ones that depend instead on the semantics of the domain. Axioms characterised by the schemata 6 are called the occur-check axioms and are an essential part of the standard uni cation procedure in SLDresolution. An alternative approach used in some implementations of Prolog, does not require the occur-check axioms. This approach is based on the theory of rational trees [5, 6]. It assumes the basic axioms and the identity axioms together with a set of uniqueness axioms [10, 11]. These state that each equation in rational solved form uniquely de nes a set of trees. Thus, an equation z = t where z 2 vars(t) and t 2 (TVars nVars) denotes the axiom (expressed in terms of the usual rst-order quanti ers [15]): 8x 2 Vars : z = t ^ (x = tfz 7! xg =) z = x) : The basic axioms de ned by schemata 1, 2, 3, and 4, which are all that are required for the results in this paper, are included in both these theories. A substitution may be regarded as a set of equations fx = t j x 7! t 2 g. A set of equations e 2 }f(Eqs) is uni able if there is 2 Subst such that T ` ( =) e). is called a uni er for e. is said to be a relevant uni er of e if vars( ) vars(e). That is, does not introduce any new variables. is a most general uni er for e if, for every uni er 0 of e, T ` ( 0 =) ). An mgu, if it exists, is unique up to the renaming of variables. In this paper, mgu(e) always denotes a relevant uni er of e. 3 Variable-Idempotence It is usual in papers on sharing analysis to assume that all the substitutions are idempotent. Note that a substitution is idempotent if, for all t 2 TVars , t = t . However, the sharing domain is just concerned with the variables. So, to allow for substitutions representing rational trees, we generalise idempotence to variable-idempotence. De nition 1. A substitution is variable-idempotent if 8t 2 TVars : vars(t ) = vars(t ): The set of all variable-idempotent substitutions is denoted by VSubst. It is convenient to use the following alternative characterisation of variableidempotence: A substitution is variable-idempotent if and only if, 8(x 7! t) 2 : vars(t ) = vars(t): Thus any substitution consisting of a single binding is variable-idempotent. Moreover, all idempotent substitutions are also variable-idempotent. Example 1. The substitution x 7! f(x) is not idempotent but is variableidempotent. Also, x 7! f(y); y 7! z is not idempotent or variable-idempotent but is equivalent (with respect to some equality theory T ) to x 7! f(z); y 7! z , which is idempotent. We de ne the transformation S 7 ! Subst Subst, called S-transformation, as follows: (x 7! t) 2 (y 7! s) 2 x 6= y S 7 ! n fy 7! sg [ fy 7! s[x=t]g Any substitution can be transformed to a variable-idempotent substitution 0 for by a nite sequence of S-transformations. Furthermore, if the substitutions and 0 are regarded as equations, then they are equivalent with respect to any equality theory that includes the basic equality axioms. These two statements are direct consequences of Lemmas 1 and 2, respectively. Lemma 1. Let T be an equality theory that satis es the basic equality axioms. Suppose that and 0 are substitutions such that S 7 ! 0. Then, regarding and 0 as sets of equations, T ` ( () 0). Proof. Suppose that (x 7! t); (y 7! s) 2 where x 6= y and suppose also 0 = n fy 7! sg [ fy 7! s[x=t]g. We rst show by induction on the depth of the term s that x = t =) s = s[x=t]: Suppose s has depth 1. If s is x, then s[x=t] = t and the result is trivial. If s is a variable distinct from x or a constant, then s[x=t] = s and the result follows from equality Axiom 1. Suppose now that s = f(s1; : : : ; sn) and the result holds for all terms of depth less than that of s. Then, by the inductive hypothesis, for each i = 1, : : : , n, x = t =) si = si[x=t]: Hence, by Axiom 4, x = t =) f(s1; : : : ; sn) = f s1[x=t]; : : : ; sn[x=t] and hence x = t =) f(s1; : : : ; sn) = f(s1; : : : ; sn)[x=t]: Thus, combining this result with Axiom 3, we have fx = t; y = sg =) x = t; y = s; s = s[x=t] =) x = t; y = s[x=t] : Similarly, combining this result with Axioms 2 and 3, x = t; y = s[x=t] =) x = t; y = s[x=t]; s = s[x=t] =) fx = t; y = sg: ut Note that the condition x 6= y in Lemma1 is necessary. For example, suppose = x 7! f(x) and 0 = x 7! f(f(x)) . Then we do not have 0 =) . Lemma 2. Suppose that, for each j = 0, : : : , n: j = fx1 7! t1;j ; : : : ; xn 7! tn;jg; where tj;j = tj;j 1 and if j > 0, for each i = 1, : : : , n, where i 6= j, ti;j = ti;j 1[xj=tj;j 1]. Then, for each j = 0, : : : , n, j = fx1 7! t1;j ; : : : ; xj 7! tj;jg is variable-idempotent and, if j > 0, j can be obtained from j 1 by a sequence of S-transformations. Proof. The proof is by induction on j. Since 0 is empty, the base case when j = 0 is trivial. Suppose, therefore that 1 j n and the hypothesis holds for j 1 and j 1. By the de nition of j , we have j = fxj 7! tj;j 1g j 1. Consider an arbitrary i, 1 i j. We will show that vars(ti;j j) = vars(ti;j). Suppose rst that i = j. Then since tj;j = tj;j 1, tj;j 1 = tj;0 j 1 and, by the inductive hypothesis, vars(tj;0 j 1 j 1) = vars(tj;0 j 1), we have vars(tj;j j) = vars tj;0 j 1 j 1fxj 7! tj;jg = vars tj;0 j 1fxj 7! tj;jg = vars tj;jfxj 7! tj;jg = vars(tj;j): Suppose now that i 6= j. Then, vars(ti;j) = vars ti;j 1fxj 7! tj;j 1g : and, by the inductive hypothesis, vars(ti;j 1 j 1) = vars(ti;j 1). If xj = 2 vars(ti;j 1), then vars(ti;j j 1) = vars ti;j 1fxj 7! tj;j 1g j 1 = vars(ti;j 1 j 1) = vars(ti;j): On the other hand, if xj 2 vars(ti;j 1), then vars(ti;j j 1) = vars ti;j 1fxj 7! tj;j 1g j 1 = vars(ti;j 1 j 1) n fxjg [ vars(tj;j 1 j 1) = vars(ti;j 1) n fxjg [ vars(tj;j 1) = vars ti;j 1fxj 7! tj;j 1g = vars(ti;j): Thus, in both cases, vars(ti;j j) = vars ti;j j 1fxj 7! tj;j 1g = vars ti;jfxj 7! tj;j 1g = vars(ti;j 1fxj 7! tj;j 1gfxj 7! tj;j 1g : However, a substitution consisting of a single binding is variable-idempotent. Thus vars(ti;j j) = vars ti;j 1fxj 7! tj;j 1g = vars(ti;j): Therefore, for each i = 1, : : : , j, vars(ti;j j) = vars(ti;j). It then follows (using the alternative characterisation of variable-idempotence) that j is variableidempotent. ut Example 2. Let 0 = x1 7! f(x2); x2 7! g(x3; x4); x3 7! x1 : Then 1 = x1 7! f(x2); x2 7! g(x3; x4); x3 7! f(x2) ; 2 = x1 7! f(g(x3; x4)); x2 7! g(x3; x4); x3 7! f(g(x3; x4)) ; 3 = x1 7! f(g(f(g(x3; x4)); x4)); x2 7! g(f(g(x3; x4)); x4); x3 7! f(g(x3; x4)) : Note that 3 is variable-idempotent and that T ` 0 () 3. 4 Set-Sharing 4.1 The Sharing Domain The Sharing domain is due to Jacobs and Langen [8]. However, we use the de nition as presented in [1]. De nition 2. (The set-sharing lattice.) Let SG def = S 2 }f(Vars) S 6= ? and let SH def = }(SG). The set-sharing lattice is given by the set SS def = (sh ; U) sh 2 SH ; U 2 }f(Vars);8S 2 sh : S U [ f?;>g ordered by SS de ned as follows, for each d; (sh1; U1); (sh2; U2) 2 SS: ? SS d; d SS >; (sh1; U1) SS (sh2; U2) () (U1 = U2) ^ (sh1 sh2): It is straightforward to see that every subset of SS has a least upper bound with respect to SS . Hence SS is a complete lattice.1 An element sh of SH abstracts the property of sharing in a substitution . That is, if is idempotent, two variables x; y must be in the same set in sh if some variable, say v occurs in both x and y . In fact, this is also true for variable-idempotent substitutions although it is shown below that this needs to be generalised for substitutions that are not variable-idempotent. Thus, the definition of the abstraction function for sharing, requires an ancillary de nition for the notion of occurrence. De nition 3. (Occurrence.) For each n 2 N, occi : Subst Vars ! }f(Vars) is de ned for each 2 Subst and each v 2 Vars: occ0( ; v) def = fvg; if v = v ; occ0( ; v) def = ?; if v 6= v ; occn( ; v) def = y 2 Vars x 2 vars(y ) \ occn 1( ; v) ; if n > 0. It follows that, for xed values of and v, occn( ; v) is monotonic and extensive with respect to the index n. Hence, as the range of occn( ; v) is restricted to the nite set of variables in , there is an ` = `( ; v) 2 N such that occ`( ; v) = occn( ; v)) for all n `. Letocc!( ; v) def = occ`( ; v): Note that if is variable-idempotent, then occ!( ; v) = occ1( ; v). Note also that if v 6= v , then occ!( ; v) = ?. Previous de nitions for an occurrence operator such as that for sg in [8] have all been for idempotent substitutions. However, when is an idempotent substitution, occ!( ; v) and sg( ; v) are the same for all v 2 Vars . We base the de nition of abstraction on the occurrence operator, occ!. 1 Notice that the only reason we have > 2 SS is in order to turn SS into a lattice rather than a CPO. De nition 4. (Abstraction.) The concrete domain Subst is related to SS by means of the abstraction function : }(Subst) }f(Vars)! SS. For each 2 }(Subst) and each U 2 }f(Vars), ( ;U) def = G 2 ( ; U); where : Subst }f(Vars) ! SS is de ned, for each 2 Subst and each U 2 }f(Vars), by ( ; U) def = occ!( ; v) \ U v 2 Vars n f?g; U : The following result states that the abstraction for a substitution is the same as the abstraction for a variable-idempotent substitution for . Lemma 3. Let be a substitution, 0 a substitution obtained from by a sequence of S-transformations, U a set of variables and v 2 Vars. Then v = v () v = v 0; occ!( ; v) = occ!( 0; v); and ( ; U) = ( 0; U): Proof. Suppose rst that 0 is obtained from by a single S-transformation. Thus we can assume that x 7! t and y 7! s are in where x 2 vars(s) and that 0 = n fy 7! sg [ y 7! s[x=t] : It follows that, since is in rational solved form, has no circular subset and hence v = v () v = v 0. Thus, if v 6= v , then we have v 6= v 0 and occ!( ; v) = occ!( 0; v) = ?. We now assume that v = v = v 0 and prove that occm( ; v) occ!( 0; v): The proof is by induction on m. By De nition 3, occ0( ; v) = occ0( 0; v) = fvg, so that the result holds for m = 0. Suppose then that m > 0 and that vm 2 occm( ; v). By De nition 3, there exists vm 1 2 vars(vm ) where vm 1 2 occm 1( ; v). Hence, by the inductive hypothesis, vm 1 2 occ!( 0; v). If vm 1 2 vars(vm 0), then, by De nition 3, vm 2 occ!( 0; v) . On the other hand, if vm 1 = 2 vars(vm 0), then vm = y, vm 1 = x, and x 2 vars(s) (so that vars(t) vars(s[x=t])). However, by hypothesis, v = v , so that x 6= v and m > 1. Thus, by De nition 3, there exists vm 2 2 vars(t) such that vm 2 2 occm 2( ; v). By the inductive hypothesis, vm 2 2 occ!( 0; v). Since y 7! s[x=t] 2 0, and vm 2 2 vars(s[x=t]), vm 2 2 vars(y 0). Thus, by De nition 3, y 2 occ!( 0; v). Conversely, we now prove that, for all m, occm( 0; v) occ!( ; v): The proof is again by induction on m. As in the previous case, occ0( 0; v) = occ0( ; v) = fvg, so that the result holds form = 0. Suppose then thatm > 0 and that vm 2 occm( 0; v). By De nition 3, there exists vm 1 2 vars(vm 0) where vm 1 2 occm 1( 0; v). Hence, by the inductive hypothesis, vm 1 2 occ!( ; v). If vm 2 occ( ; vm 1), then, by De nition 3, vm 2 occ!( ; v). On the other hand, if vm 1 = 2 vars(vm ), then vm = y, vm 1 2 vars(t) and x 2 vars(s). Thus, as y 7! s 2 , y 2 vars(x ). However, since x 7! t 2 , vm 1 2 vars(x ) so that, by De nition 3, x 2 occ!( ; v). Thus, again by De nition 3, y 2 occ!( ; v). Thus, if 0 is obtained from by a single S-transformation, we have the required results: v = v () v = v 0, occ!( ; v) = occ!( 0; v), and ( ; U) = ( 0; U). Suppose now that there is a sequence = 1, : : : , n = 0 such that, for i = 2, : : : , n, i is obtained from i 1 by a single S-step. If n = 1, then = 0. If n > 1, we have by the rst part of the proof that, for each i = 2, : : : , n, v = v i 1 () v = v i, occ!( i 1; v) = occ!( i; v), and ( i 1; U) = ( i; U), and hence the required results. ut Example 3. Consider again Example 2. Then occ1( 0; x4) = fx2; x4g; occ2( 0; x4) = fx1; x2; x4g; occ3( 0; x4) = fx1; x2; x3; x4g = occ!( 0; x4); and occ1( 3; x4) = fx1; x2; x3; x4g = occ!( 3; x4): Thus, if V = fx1; x2; x3; x4g, ( 0; V ) = ( 3; V ) = fx1; x2; x3; x4g : 4.2 Abstract Operations for Sharing Sets We are concerned in this paper in establishing results for the abstract operation aunify which is de ned for arbitrary sets of equations. However, by building the de nition of aunify in three steps via the de nitions of amgu (for sharing sets) and Amgu (for sharing domains) and stating corresponding results for each of them, we provide an outline for the overall method of proof for the aunify results. Details of all proofs are available in [7]. In order to de ne the abstract operation amgu we need some ancillary de nitions. De nition 5. (Auxiliary functions.) The closure under union function (also called star-union), ( )? : SH ! SH , is, for each sh 2 SH , sh? def = S 2 SG 9n 1 : 9T1; : : : ; Tn 2 sh : S = T1 [ [ Tn : For each sh 2 SH and each T 2 }f(Vars), the extraction of the relevant component of sh with respect to T is encoded by the function rel : }f(Vars) SH ! SH de ned as rel(T; sh) def = fS 2 sh j S \ T 6= ? g: For each sh1; sh2 2 SH , the binary union function bin : SH SH ! SH is given by bin(sh1; sh2) def = fS1 [ S2 j S1 2 sh1; S2 2 sh2 g: The function proj: SH }f(Vars)! SH projects an element of SH onto a set of variables of interest: if sh 2 SH and V 2 }f(Vars), then proj(sh ; V ) def = fS \ V j S 2 sh; S \ V 6= ? g: De nition 6. (amgu.) The function amgu captures the e ects of a binding x 7! t on an SH element. Let x be a variable and t a term. Let also sh 2 SH and A def = rel fxg; sh ; B def = rel vars(t); sh : Then amgu(sh ; x 7! t) def = sh n (A [ B) [ bin(A?; B?): Then we have the following soundness result for amgu. Lemma 4. Let (sh ; U) 2 SS and fx 7! tg; ; 2 Subst such that is a relevant uni er of fx = t g and vars(x); vars(t); vars( ) U . Then ( ; U) SS (sh ; U) =) ( ; U) SS (amgu(sh ; x 7! t); U): To prove this, observe that, by Lemma 2, if is not variable-idempotent, it can be transformed to a variable-idempotent substitution 0. Hence, by Lemma 3, ( ; U) = ( 0; U). Therefore, the proof, which is given in [7], deals primarily with the case when is variable-idempotent. Since a relevant uni er of e is a relevant uni er of any other set e0 equivalent to e wrt to the equality theory T , this lemma shows that it is safe for the analyser to perform part or all of the concrete uni cation algorithm before computing amgu. The following lemmas, proved in [7], show that amgu is commutative and idempotent. Lemma 5. Let sh 2 SH and fx 7! rg 2 Subst. Then amgu(sh ; x 7! r) = amgu amgu(sh ; x 7! r); x 7! r : Lemma 6. Let sh 2 SH and fx 7! rg; fy 7! tg 2 Subst. Then amgu amgu(sh ; x 7! r); y 7! t = amgu amgu(sh ; y 7! t); x 7! r : 4.3 Abstract Operations for Sharing Domains The de nitions and results of Subsection 4.2 can be lifted to apply to sharing domains. De nition 7. (Amgu.) The operation Amgu: SS Subst ! SS extends the SS description it takes as an argument, to the set of variables occurring in the binding it is given as the second argument. Then it applies amgu: Amgu (sh ; U); x 7! t def = amgu sh [ fug u 2 vars(x 7! t) n U ; x 7! t ; U [ vars(x 7! t) : The results for amgu can easily be extended to apply to Amgu. De nition 8. (aunify.) The function aunify : SS Eqs! SS generalises Amgu to a set of equations e: If (sh ; U) 2 SS, x is a variable, r is a term, s = f(s1; : : : ; sn) and t = f(t1; : : : ; tn) are non-variable terms, and s = t denote the set of equations fs1 = t1; : : : ; sn = tng, then aunify((sh ; U);?) def = (sh ; U); if e 2 }f(Eqs) is uni able, aunify (sh ; U); e [ fx = rg def = aunify Amgu(sh ; U); x 7! r); e n fx = rg ; aunify (sh ; U); e [ fs = xg def = aunify (sh ; U); (e n fs = xg) [ fx = sg ; aunify (sh ; U); e [ fs = tg def = aunify (sh ; U); (e n fs = tg) [ s = t ; and, if e is not uni able, aunify((sh ; U); e) def = ?: For the distinguished elements ? and > of SS aunify ?; e def = ?; aunify >; e def = >: As a consequence of this and the generalisation of Lemmas 4, 5 and 6 to Amgu, we have the following soundness, commutativity and idempotence results required for aunify to be sound and well-de ned. As before, the proofs of these results are in [7]. Theorem 1. Let (sh ; U) 2 SS, ; 2 Subst, and e 2 }f(Eqs) be such that vars( ) U and is a relevant uni er of e. Then ( ; U) SS (sh ; U) =) ( ; U) SS aunify((sh ; U); e): Theorem 2. Let (sh ; U) 2 SS and e 2 }f(Eqs). Then aunify (sh ; U); e = aunify aunify (sh ; U); e ; e : Theorem 3. Let (sh ; U) 2 SS and e1; e2 2 }f(Eqs). Then aunify aunify (sh ; U); e1 ; e2 = aunify aunify (sh ; U); e2 ; e1 : 5 Discussion The SS domain which was rst de ned by Langen [14] and published by Jacobs and Langen [8] is an important domain for sharing analysis. In this paper, we have provided a framework for analysing non-idempotent substitutions and presented results for soundness, idempotence and commutativity of aunify. In fact, most researchers concerned with analysing sharing and related properties using the SS domain, assume these properties hold. Why therefore are the results in this paper necessary? Let us consider each of the above properties one at a time. 5.1 Soundness We have shown that, for any substitution over a set of variables U , the abstraction ( ; U) = (sh ; U) is unique (Lemma 3) and the aunify operation is sound (Theorem 1). Note that, in Theorem 1, there are no restrictions on ; it can be non-idempotent, possibly including cyclic bindings (that is, bindings where the domain variable occurs in its co-domain). Thus this result is widely applicable. Previous results on sharing have assumed that substitutions are idempotent. This is true if equality is syntactic identity and the implementation uses a uni cation algorithm based on that of Robinson [17] which includes the occur-check. With such algorithms, the resulting uni er is both unique and idempotent. Unfortunately, this is not what is implemented by most Prolog systems. In particular, if the algorithm is as described in [11] and used in Prolog III [5], then the resulting uni er is in rational solved form. This algorithm does not generate idempotent or even variable-idempotent substitutions even when the occur-check would never have succeeded. However, it has been shown that the substitution obtained in this way uniquely de nes a system of rational trees [5]. Thus our results show that its abstraction using , as de ned in this paper, is also unique and that aunify is sound. Alternatively, if, as in most commercial Prolog systems, the uni cation algorithm is based on the Martelli-Montanari algorithm, but omits the occur check step, then the resulting substitution may not be idempotent. Consider the following example. Suppose we are given as input the equation p(z; f(x; y)) = p(f(z; y); z) with an initial substitution that is empty. We apply the steps in Martelli-Montanari procedure but without the occur-check: equationssubstitution1 p(z; f(x; y)) = p(f(z; y); z) ?2 z = f(z; y); f(x; y) = z?3 f(x; y) = f(z; y)fz 7! f(z; y)g4 x = z; y = yfz 7! f(z; y)g5 y = yfz 7! f(z; y); x 7! zg6 ?fz 7! f(z; y); x 7! zgNote that we have used three kinds of steps here. In lines 1 and 3, neitherargument of the selected equation is a variable. In this case, the outer non-variable symbols (when, as in this example, they are the same) are removedand new equations are formed between the corresponding arguments. In lines2 and 4, the selected equation has the form v = t, where v is a variable andt is not identical to v, then every occurrence of v is replaced by t in all theremaining equations and the range of the substitution. v 7! t is then added tothe substitution. In line 5, the identity is removed.Let = fz 7! f(z; y); x 7! zg, be the computed substitution. Then, we havevars(x ) = vars(z) = fzg;vars(x 2) = vars(f(z; y)) = fy; zg:Hence is not variable-idempotent.We conjecture that the resulting substitution is still unique (up to variablerenaming). In this case our results can be applied so that its abstraction using, as de ned in this paper, is also unique and aunify is sound.5.2 IdempotenceDe nition 8 de nes aunify inductively over a set of equations, so that it is im-portant for this de nition that aunify is both idempotent and commutative.The only previous result concerning the idempotence of aunify is given inthesis of Langen [14, Theorem 32]. However, the de nition of aunify in [14]includes the renaming and projection operations and, in this case, only a weakform of idempotence holds. In fact, for the basic aunify operation as de nedhere and without projection and renaming, idempotence has never before beenproven.5.3 CommutativityIn the thesis of Langen the \proof" of commutativity of amguhas a number ofomissions and errors [14, Lemma 30]. We highlight here, one error which we wereunable to correct in the context of the given proof.To make it easier to compare, we adapt our notation and, de ne amge onlyin the case that a is a variable:amge(a; b; sh) def= amgu(sh ; a 7! b): To prove the lemma, it has to show that:amge(a2; b2 amge(a1; b1; sh)) = amge(a1; b1; amge(a2; b2; sh)):holds when a1 and a2 are variables. This corresponds to \the second base case"of the proof. We use Langen's terminology:{ A set of variables X is at a term t i var(t) \X 6= ?.{ A set of variables X is at i i X is at ai or bi.{ A union X [i Y is of Type i i X is at ai and Y is at bi.Let lhs def= amge(a2; b2; amge(a1; b1; S)), and rhs def= amge(a1; b1; amge(a2; b2; S)).Let also Z 2 lhs and T def= aunify(a1; b1; S). Consider the case whenZ = X [2 Y where X 2 rel(a2; T ); Y 2 rel(b2; T );X = U [1 V where U 2 rel(a1; sh); V 2 rel(b1; sh)and U \ (vars(a2) [ vars(b2)) = ? (that is, U is not at 2). Then the followingquote [14, page 53, line 23] applies:In this case (U [1 V )[2 Y = U [1 (V [2 Y ). By the inductive assumptionV [2 Y is in the rhs and therefore so is Z.We give a counter-example to the statement \V [2 Y is in the rhs".Suppose a1; b1; a2; b2 are variables. We let each of a1; b1; a2; b2 denote boththe actual variable and the singleton set containing that variable. Suppose sh =fa1; b1a2; b2g: Then, from the de nition of amge,lhs = fa1b1a2b2g;rhs = fa1b1a2b2g; T = fa1b1a2; b2g:Let Z = a1b1a2b2; X = a1b1a2; Y = b2; U = a1; V = b1a2: All the aboveconditions. However V [2 Y = b1a2b2 and this is not in fa1b1a2b2g.References1. R. Bagnara, P. M. Hill, and E. Za anella. Set-sharing is redundant for pair-sharing.In P. Van Hentenryck, editor, Static Analysis: Proceedings of the 4th InternationalSymposium, volume 1302 of Lecture Notes in Computer Science, pages 53{67, Paris,France, 1997. Springer-Verlag, Berlin.2. M. Bruynooghe and M. Codish. Freeness, sharing, linearity and correctness |All at once. In P. Cousot, M. Falaschi, G. File, and A. Rauzy, editors, StaticAnalysis, Proceedings of the Third International Workshop, volume 724 of LectureNotes in Computer Science, pages 153{164, Padova, Italy, 1993. Springer-Verlag,Berlin. An extended version is available as Technical Report CW 179, Departmentof Computer Science, K.U. Leuven, September 1993.3. K. L. Clark. Negation as failure. In H. Gallaire and J. Minker, editors, Logic andDatabases, pages 293{322, Toulouse, France, 1978. Plenum Press. 4. M. Codish, D. Dams, G. File, and M. Bruynooghe. Freeness analysis for logicprograms-and correctness? In D. S. Warren, editor, Logic Programming: Proceed-ings of the Tenth International Conference on Logic Programming, MIT Press Se-ries in Logic Programming, pages 116{131, Budapest, Hungary, 1993. The MITPress. An extended version is available as Technical Report CW 161, Departmentof Computer Science, K.U. Leuven, December 1992.5. A. Colmerauer. Prolog and In nite Trees. In K. L. Clark and S. A. Tarnlund,editors, Logic Programming, APIC Studies in Data Processing, volume 16, pages231{251. Academic Press, New York, 1982.6. A. Colmerauer. Equations and inequations on nite and in nite trees. In Pro-ceedings of the International Conference on Fifth Generation Computer Systems(FGCS'84), pages 85{99, Tokyo, Japan, 1984. ICOT.7. P. M. Hill, R. Bagnara, and E. Za anella. The correctness of set-sharing. TechnicalReport 98.03, School of Computer Studies, University of Leeds, 1998.8. D. Jacobs and A. Langen. Accurate and e cient approximation of variable aliasingin logic programs. In E. L. Lusk and R. A. Overbeek, editors, Logic Programming:Proceedings of the North American Conference, MIT Press Series in Logic Pro-gramming, pages 154{165, Cleveland, Ohio, USA, 1989. The MIT Press.9. D. Jacobs and A. Langen. Static analysis of logic programs for independent ANDparallelism. Journal of Logic Programming, 13(2&3):291{314, 1992.10. J. Ja ar, J-L. Lassez, and M. J. Maher. Prolog-II as an instance of the logicprogramming scheme. In M. Wirsing, editor, Formal Descriptions of ProgrammingConcepts III, pages 275{299. North Holland, 1987.11. T. Keisu. Tree Constraints. PhD thesis, The Royal Institute of Technology, Stock-holm, Sweden, May 1994. Also available in the SICS Dissertation Series: SICS/D{16{SE.12. A. King. A synergistic analysis for sharing and groundness which traces linearity. InD. Sannella, editor, Proceedings of the Fifth European Symposium on Programming,volume 788 of Lecture Notes in Computer Science, pages 363{378, Edinburgh, UK,1994. Springer-Verlag, Berlin.13. A. King and P. Soper. Depth-k sharing and freeness. In P. Van Hentenryck,editor, Logic Programming: Proceedings of the Eleventh International Conferenceon Logic Programming, MIT Press Series in Logic Programming, pages 553{568,Santa Margherita Ligure, Italy, 1994. The MIT Press.14. A. Langen. Static Analysis for Independent And-Parallelism in Logic Programs.PhD thesis, Computer Science Department, University of Southern California,1990. Printed as Report TR 91-05.15. M. J. Maher. Complete axiomatizations of the algebras of nite, rational andin nite trees. In Proceedings, Third Annual Symposium on Logic in ComputerScience, pages 348{357, Edinburgh, Scotland, 1988. IEEE Computer Society.16. K. Muthukumar and M. Hermenegildo. Compile-time derivation of variable depen-dency using abstract interpretation. Journal of Logic Programming, 13(2&3):315{347, 1992.17. J. A. Robinson. A machine-oriented logic based on the resolution principle. Journalof the ACM, 12(1):23{41, 1965.