An Algebraic Approach to Sharing Analysis of Logic Programs

Terms and Atoms Syntactically, we assume a set of variables V and an underlying alphabet = f ; ;g consisting of a single binary function symbol which \glues" elements together and a single constant symbol ; to represent the empty set. Abstract terms, or set expressions, are elements of the term algebra T ( ;V) modulo an equality theory consisting of the following axioms: (x y) z = x (y z) (associativity) x y = y x (commutativity) x x = x (idempotence) x ; = x (unit element) This equality theory is sometimes referred to as ACI1 and the corresponding equivalence relation on terms denoted =ACI1. This notion of equivalence suggests that abstract terms can be viewed as at sets of variables. For example, the terms x1 x2 x3, x1 x2 x3 ;, and x1 x2 x3 x2 can each be viewed as representing the set fx1; x2; x3g of three variables. In the following we do not distinguish between set expressions and sets of variables, often referring to the set of variables in a term as a set expression. Abstract atoms are entities of the form p( 1; : : : ; n) where p=n 2 and 1; : : : ; n are abstract terms. Abstract Substitutions Abstract substitutions, or set substitutions, are substitutions which map variables of V to abstract terms from T ( ;V). We denote the set of idempotent abstract substitutions by Sub . The application of an abstract substitution to an abstract term is de ned as usual by replacing occurrences of each variable x in by the abstract term x . The standard operations on abstract substitutions such as projection and composition are also de ned just as for usual substitutions. Abstract independent-range substitutions and a corresponding partial order on abstract terms, atoms and substitutions are de ned as in the concrete case. Namely, an abstract substitution is said to be independent-range if it satis es the condition of Equation (6). For abstract atoms 1 and 2, we say that 1 ir 2 if there exists an abstract independent-range substitution on the variables of 2 such that 1 = 2 . Similarly, for abstract substitutions 1 and 2 such that D = dom( 1) = dom( 2), 1 ir 2, if there exists an independent-range substitution on the range of 2 such that 1 = ( 2 )j D. 11 These preorders induce corresponding equivalence relations on abstract atoms and substitutions and partial orders on the equivalence classes. We say that the abstract atoms (or substitutions) 1 and 2 are ir-equivalent, denoted by 1 ir 2 if 1 ir 2 and 2 ir 1. Note that similar to the case of concrete syntactic objects, abstract substitutions considered together with predicate names are equivalent to abstract atoms. In Section 6 we use this property for establishing an isomorphism between our domain for sharing analysis (based on atoms) and the domain of Jacobs and Langen (based on substitutions). The set of abstract atoms modulo ir-equivalence is denoted [B V ] ir . We often write by abuse of notation B V instead of [B V ] ir and denote the equivalence class [ ] ir by . We also denote the equivalence of abstract atoms 1 ir 2 by equality 1 = 2 because the corresponding equivalence classes [ 1] ir and [ 2] ir are identical in this case. Intuitively, the orders ir on abstract atoms and substitutions re ect a notion of \less sharing" similar to the corresponding orders on concrete objects described in Section 2. In fact, it is straightforward to apply the de nitions of set-sharing and the results of Lemma 2.1 from Section 2 also to abstract atoms and substitutions. Observation 1 The statements of Lemma 2.1 apply also to abstract atoms and substitutions. When constructing the abstract domains a stronger result will be obtained: 1 ir 2 implies that the concrete objects described by 1 contain less sharing than the concrete objects described by 2. However, this is better delayed until the appropriate de nitions have been introduced. Example 3 Consider the following abstract atoms: 1 = p(fA;Bg; fB;Cg; fA;B;Dg); 2 = p(fXg; fX;Y g; fX;Zg); 3 = p(fUg; fV g; fU;Wg) 4 = p(fFg; ;; fFg) The rst and the third arguments of 1 share through A, while all three arguments share through B. The second and third arguments of 1 contain independent variables (C and D respectively) which are not shared with other arguments. In 2 all three arguments share through X, and in 3 the rst and the third arguments share. In 4 also the rst and the third arguments share, however in contrast to 3 the third argument contains no independent variables and the second argument is ground. Thus, 1 contains more set-sharing than each of 2, 3 and 4. In our 12 domain this is captured as 2 ir 1, 3 ir 1 and 4 ir 1. This is because 2 = 1 1, 3 = 1 2 and 4 = 1 3 where: 1 = A 7! ;; B 7! X; C 7! Y; D 7! Z ; 2 = A 7! U; B 7! ;; C 7! V; D 7!W ; 3 = A 7! F; B 7! ;; C 7! ;; D 7! ; Note also that 4 ir 3 with 4 = 3 4 where 4 = U 7! F; V 7! ;; W 7! ; : The following observation considers the case when 1 ir 2 and 1 6 ir 2. It follows that there exists a ground (abstract) substitution such that 1 = 2 . Observation 2 For abstract atoms 1 and 2 such that 1 6 ir 2 and 1 ir 2 there exists a variable z in vars( 2) such that 1 ir 2 n z 7! ; o. This is because the variables are meant to represent possible alising of the atom arguments. If 1 and 2 belong to di erent ir-equivalence classes, and 1 ir 2, then 2 represents more sharing than 1. Therefore, 2 has at least one variable more than 1. By grounding this variable 2 may still represent more sharing, or the same sharing than 1. A similar result holds for abstract substitutions and implies that if 1 6 ir 2 and 1 ir 2 then there exists a variable z in range( 2) such that 1 ir 2 n z 7! ; o j D, assuming dom( 1) = dom( 2) = D. Example 4 Figure 1 depicts the lattice of abstract atoms constructed using a predicate symbol p=2 2 , ordered by the ir relation. Note that p(fA;Bg; fA;Cg) is the most general atom (with respect to this ordering) in the lattice, and not p(fBg; fCg). This fact re ects the main di erence between ir-ordering and the standard ordering of syntactic objects. In the ir-ordering an atom containing all possible set-sharing is the most general among all comparable atoms. Note that for each pair of abstract atoms connected by an edge, the lower atom can be obtained by applying a ground substitution (which binds a single variable to ;) to the upper atom. It is important for the sharing analysis and interesting on its own right that the equivalence of abstract atoms partitions B V into a nite number of equivalence classes (assuming of course a nite set ). This result guarantees nite approximations and terminating analyses in our domain as we will see in the following. Theorem 3.1 [B V ] ir is nite. 13 HHHHHHH p(fA;Bg; fA;Cg) p(fBg; fCg) p(fAg; fA;Cg) p(fA;Bg; fAg) HHHHHHH H H H H H H H H H H H H H H p(;; ;) p(fAg; fAg) p(fBg; ;) p(;; fCg) Figure 1: Abstract atoms constructed using p=2 2 ordered by ir. Proof. It su ces to prove that for any predicate symbol p=n the number of associated equivalence classes of abstract atoms [p( 1; : : : ; n)] ir is nite. We prove the claim by demonstrating that each equivalence class of the form [p( 1; : : : ; n)] ir has a representative containing at most 2n 1 variables. Assume an atom has more than 2n 1 distinct variables. Then there are at least two variables x and y occurring in exactly the same set of argument positions of . Consider the atom 0 = fx 7! ;; y 7! zg where z is a fresh variable. By construction we have 0 ir and it is easy to see that ir 0 with = 0 fz 7! x yg. Thus, and 0 are in the same equivalence class and jvars( 0)j = jvars( )j 1. It follows that for any atom having two or more variables in the same set of argument positions we can nd an equivalent atom with a smaller set of variables. So, for any atom constructed using p=n there exists an equivalent atom with all variables occurring in distinct subsets of argument positions, i.e., an atom with at most 2n 1 variables. 2 Theorem 3.1 demonstrates that for any equivalence class of abstract atoms there exists a \minimal" representative with a bound number of abstract variables. This representative is canonical upto renaming of abstract variables. In the following we assume that such a canonical representative of the corresponding equivalence class is considered. Example 5 Note that p(X Y Xs; Y s; X Y Z) ir p(X 0 Xs; Y s; X 0 Z) where the equivalence is provided by the pair of independent-range substitutions: 14 ir = fX 0 7! X Y g and ir = fY 7! ;; X 7! X 0g. Note that the rst and third arguments share through X and Y , as well as through X 0 alone. This is redundant, since the variables are meant to represent possible aliasing of the arguments, regardless of the number of variables shared (and of the particular variables shared). Therefore, the atom p(X 0 Xs; Y s; X 0 Z) (modulo renaming) will be considered the minimal canonical representative of its class. Intuitively, this is so because the set-sharing represented by all atoms in such a class is already present in the above atom, and it has the minimal number of variables. 4 An Abstract Domain for Sharing Analysis We propose set logic programs as a formal basis for studying sharing properties of logic programs. The sets of variables in the arguments of an abstract atom represent possible set-sharing between corresponding concrete arguments. Abstraction of Terms, Atoms and Substitutions The formal relation between concrete and abstract atoms is given in terms of an abstraction function on atoms which replaces the concrete terms in an atom by the set of variables it contains. : T ( ;V)! T ( ;V) (t) = ( ; if vars(t) = ; x1 xn if vars(t) = fx1; : : : ; xng; n > 0 (7) The abstraction of atoms is obtained by considering the term abstraction separately for each argument of the atom: : BV ! B V (p(t1; : : : ; tn)) = p( (t1); : : : ; (tn)) (8) Example 6 Consider the concrete atom p([X;Y jXs]; f(Y s); g(X;Y; Z)). Its abstraction is: (p([X;Y jXs]; f(Y s); g(X;Y; Z)) = p(X Y Xs; Y s; X Y Z): Observe that p(X Y Xs; Y s; X Y Z) ir p(X 0 Xs; Y s; X 0 Z) as explained in Example 5. We say that an abstract atom describes a concrete atom a, denoted / a, if (a) ir . Observe that / a implies that contains more set-sharing than a. 15 Lemma 4.1 Let and a be abstract and concrete atoms such that / a. Then, contains more set-sharing than a. Proof. First note that by Observation 1 the results of Lemma 2.1 apply also to abstract atoms. If / a then by de nition (a) ir which implies that A0( (a)) A0( ). However, note that A0( (a)) = A0(a) which implies the claim. 2 A substitution is abstracted by abstracting the terms in its range2: : Sub! Sub ( ) = n x 7! (x )  x 2 dom( ) o : (9) We say that an abstract substitution describes a concrete substitution , denoted / , if ( ) ir . The following lemma establishes the relation between the abstraction of atoms and substitutions. Lemma 4.2 For any atom b and substitution : (b ) = (b) ( ). Proof. Assume that b is of the form p(t1; : : : ; tn). For each argument ti we have vars(ti ) = vars( (ti )) = vars( (ti) ( )) since the abstractions de ned in Equations (7) and (9) preserve the original variables of t and . Thus, (ti ) = (ti) ( ) for each ti, which implies the statement for atoms. 2The Lattice of Abstract Atoms The domain [B V ] ir of abstract atoms forms a lattice w.r.t. the (induced) ir ordering. The least upper bound of abstract atoms 1 and 2 (with respect to ir) is denoted 1 t 2 and can also be characterized by the following theorem. Theorem 4.3 (least upper bound of abstract atoms) Let 1 = p( 1; : : : ; n) and 2 = p( 0 1; : : : ; 0 n) be (representatives of equivalence classes of) abstract atoms which are renamed apart. Then, 1 t 2 = p( 1 0 1; : : : ; n 0 n): 2To simplify notation, we denote by the abstraction functions for terms, atoms, and substitutions. The intended use will always be clear from the context. 16 Proof. Let = p( 1 0 1; : : : ; n 0 n). Observe that is indeed an upper bound of 1 and 2. To demonstrate this we construct an ir-substitution which maps all variables of 1 to ;. Clearly, = 2 and thus 2 ir . Similarly 1 ir . Now, let us prove that is a least upper bound of 1 and 2. Consider an upper bound 0 of 1 and 2 such that 0 ir . By contradiction, if 0 6= , then by Observation 2 there exists at least one variable z in such that 0 ir n z 7! ; o. By construction of there exists at least one variable z0 which occurs in 1 or 2 in the same argument positions as z occurs in . At the same time 0 does not contain a variable occuring in the same argument positions as z occurs in . Thus, either 1 6 ir 0 or 2 6 ir 0 which means that 0 is not an upper bound of 1 and 2. The contradiction implies that is a least upper bound of 1 and 2. 2 The notion of least upper bound extends to sets of abstract atoms with the same predicate symbol in the natural way and to arbitrary sets by combining all of the atoms with the same predicate symbol. Let I B V , then t I = n tfp( 1; : : : ; n) 2 Ig  p=n 2 o : (10) Abstract Interpretations An abstract domain for sharing analysis is obtained by considering sets of abstract atoms modulo a suitable notion of equivalence. We view sets of abstract atoms as being downwards-closed with respect to ir : if a 2 I B V and a0 ir a then a0 2 I. To do this we impose the following ordering on sets of abstract atoms: I1 I2 , 8 1 2 tI1 9 2 2 tI2 : 1 ir 2: (11) This ordering can be lifted up to the quotient of the corresponding equivalence relation: I1 I2 , (I1 I2)^ (I2 I1): (12) The domain of abstract interpretations is thus the lower powerdomain, or Hoare powerdomain, of (closed sets of elements of) [B V ] ir with the ordering. This domain is the quotient [}([B V ] ir)] of the equivalence relation of Equation 12, which is denoted in the following by an abuse of notation as }(B V ). It is worth noting that for any set I of abstract atoms, tI is 17 an abstract interpretation with minimal cardinality among those equivalent to I (w.r.t. ), containing at most one abstract atom for each predicate symbol in . These are the canonical representatives of the corresponding equivalence classes. Lemma 4.4 h}(B V ); i is a complete lattice. Proof. If L is a set of downwards-closed sets then \L and tL are downwards-closed, therefore lub(L) tL and glb(L) \L. 2 The relation between concrete and abstract interpretations is formalized as usual in terms of a pair of abstraction and concretization functions lifted from the abstraction function on atoms in the standard way: : }(BV)! }(B V ) : }(B V )! }(BV) (I) = n (a)  a 2 I o (I) = Sn I (I) I o (13) Theorem 4.5 h}(BV); ; }(B V ); i is a Galois insertion. Proof. It follows immediately from the de nitions that and are monotonic. Moreover: 8I 2 }(BV) : ( (I)) = Sn I 0 (I 0) (I) o I, since I 2 n I 0 (I 0) (I) o; 8I 2 }(B V ) : ( (I)) = Sn I (I) I o Sn (I)  (I) I o I 2 5 Abstract Operations for Sharing Analysis When constructing a semantic based program analysis for logic programs several main operations must be de ned: abstract uni cation, abstract composition, application of abstract substitutions (or projection) and least upper bound. The concrete atoms and substitutions encountered during a computation are described by corresponding abstract atoms and substitutions. Given descriptions of concrete syntactic objects the abstract operations describe the possible results of all corresponding concrete operations. 18 In our case all of these operations, except for uni cation, have already been de ned and it is straightforward to prove that they are correct and optimal in the context of sharing analysis. These proofs can be found in Appendix A. This section focuses on the de nition of abstract uni cation for sharing analyses. We distinguish between the uni cation of abstract terms and that of abstract atoms. For abstract terms we rely on the well-studied notion of ACI1-uni cation [2]. Intuitively, ACI1-uni cation provides the basis for the uni cation of sets of objects. This allows us to formalize in a concise manner the intuition that, upon uni cation, any variable in one term might match any subset of the variables in the other term. Recall that an ACI1 uni er of two terms 1 and 2 is a substitution such that 1 =ACI1 2 . In the general case, ACI1-uni cation is nitary. Namely, the uni cation of 1 and 2 admits a nite number of \most general" uni ers (in contrast to standard uni cation which is \unitary", i.e., admits at most one most general uni er). In the general case the decision problem for ACI1-uni cation |whether two terms 1 and 2 are uni able | is NPcomplete. This can be shown by reducing the ACI-matching problem (which is shown to be NP-complete in [23]) to ACI1-uni cation as shown in [24]. In our domain we consider a restricted alphabet for ACI1-expressions and consequently, ACI1-uni cation is far simpler. In our domain there is only one binary function symbol and only one constant. As a consequence, two abstract terms are always uni able and the underlying decision problem is trivial. Indeed, for any two abstract terms 1 and 2 the substitution binding the variables of both terms to ; is always a uni er. It turns out that in our case any two abstract terms always have exactly one most general uni er. There is another important di erence between general ACI1-uni cation and the abstract uni cation of terms in our domain: we are not interested in the most general ACI1 uni er with respect to the standard instantiation ordering but rather in the most general ACI1 uni er with respect to ir. We denote by ir-mguACI1( 1; 2) the most general ACI1 uni er of 1 and 2 with respect to this ordering. Note that ir-mguACI1( 1; 2) is not necessarily an independent-range substitution. It only has to be the most general with respect to ir . Moreover, usually this uni er is not an independent-range substitution since it uni es the terms, thus, binding more than one original variable to the same set of variables.19 Example 7 Consider the ACI1-uni cation of A B and X. ir-mguACI1(A B;X) = A 7! Z1 Z2; B 7! Z2 Z3; X 7! Z1 Z2 Z3 : Note that this uni er is more general than the uni er = A 7! Y1; B 7! Y2; X 7! Y1 Y2 since there is an independent-range substitution = Z1 7! Y1; Z2 7! ;; Z3 7! Y2 such that = (ir-mguACI1(A B;X) )j dom( ) . Note that the abstract substitution A 7! ;; B 7! ;; X 7! ; is also a uni er of these terms. This is the \least general" uni er. The following lemma establishes the uniqueness of ir-mguACI1 for abstract terms. Lemma 5.1 Two abstract terms 1; 2 2 T ( ;V) always have a unique ir-mguACI1. Proof. Since 1 and 2 always unify there always exists at least one most general uni er. Let us show that it is unique. Assume by contradiction that there exist at least two maximal uni ers of 1 and 2 denoted by 1 and 2 respectively. Assume without loss of generality that dom( 1) = dom( 2) and that the terms in range( 1) are renamed apart from the terms in range( 2). Consider the substitution = x:(x 1 x 2). Observe that is also a uni er of 1 and 2 since 1 = 1 1 1 2 = 2 1 2 2 = 2 . Moreover, 1 ir and 2 ir since the independentrange substitutions mapping variables of dom( 1) or variables of dom( 2) to ; are obvious. Thus, is a more general uni er than 1 and 2 which contradicts with the assumption that 1 and 2 are maximal uni ers of 1 and 2. 2 Figure 2 describes a simple algorithm to compute the ir-mguACI1 of a pair of abstract terms. The uni cation procedure consists of two phases. The set S computed in the rst phase consists of sets of variables representing all possible sharing in a corresponding uni cation. The second phase converts S into an abstract substitution by mapping each variable to a set of labels corresponding to those sets of S in which it appears. 20 ir-mguACI1( 1; 2) : v1 = vars( 1) v2 = vars( 2) if (v1 = ;)_ (v2 = ;) then return x 2 (v1 [ v2): ; else S = n s (v1 [ v2)  s \ v1 6= ;; s \ v2 6= ; o let S =fs1, : : : , skg Z =fz1, : : : , zkg // fresh variables return x 2 (v1 [ v2): x2si zi Figure 2: ACI1-uni cation of abstract terms Theorem 5.2 The algorithm depicted in Figure 2 computes a most general ACI1 uni er of 1; 2 2 T ( ;V) with respect to the ir-ordering. Proof. The claim is straightforward for the cases when v1 or v2 is empty. Consider the situation when v1 6= ; and v2 6= ;. Denote the output of the algorithm shown on Figure 2 by . Clearly is a uni er of 1 and 2 because 1 = 2 = z1 : : : zk. Let us show that is a most general uni er. Assume by contradiction that there exists an ACI1 uni er 0 of 1 and 2 which is strictly more general than , i.e., ir 0 and 6= 0. Assume without loss of generality that dom( ) = dom( 0) = v1 [ v2 = D. Then by Observation 2 there exists a variable z 2 vars(range( 0)) such that ir 0 n z 7! ; o j D. Variable z occurs in 0 through some subset of variables from D. Namely, occs( 0; z) = n x 2 v1 [ v2 z 2 vars(x 0) o. Assume occs( 0; z) = sk, for sk 2 S as computed by the algorithm. Consider the substitution k = n zi 7! ; i 6= k o. This substitution maps all variables of sk to zk and all other variables of dom( ) to ;. Clearly, k ir , and thus by our initial assumption k ir n z 7! ; o. However, variables of sk are not mapped by n z 7! ; o to any common variable and thus, there is no ir-instance of n z 7! ; o having a projection on D equal to k. If occs( 0; z) 6= si for any i then either occs( 0; z)\v1 = ; or occs( 0; z)\ 21 v2 = ;. In both cases z occurs in only one term of either 1 0 or 2 0, and thus, 0 is not a uni er of 1 and 2. In any case, the contradiction implies that there is no uni er of 1 and 2 which is more general than . 2 The following example demonstrates the algorithm for ACI1-uni cation of abstract terms. Example 8 Consider the evaluation of ir-mguACI1(A B; Y ). In the rst step, the algorithm computes the non-empty sets of variables v1 = A;B and v2 = Y . In the next step, S = fA; Y g; fB; Y g ; fA;B; Y g and the fresh variables Z = Z1; Z2; Z3 are associated with the corresponding elements of S. The nal step computes the uni er, by mapping each variable from v1[v2 to a term constructed from the corresponding fresh variables from the set Z. For instance, for A the corresponding variables are Z1 and Z3 since A appears in the rst and the third set of S. Thus, for A the resulting binding is A 7! Z1 Z3. The result of the uni cation is: ir-mguACI1(A B; Y ) = A 7! Z1 Z3; B 7! Z2 Z3; Y 7! Z1 Z2 Z3 : In the following we justify the special role that ACI1-uni cation plays in the formalization of an abstract uni cation algorithm for sharing analysis. We rst discuss the relation between the standard uni cation of two terms t1, t2 and the ACI1-uni cation of their abstractions (t1), (t2). The following two lemmata state that ACI1-uni cation provides a correct and optimal description of the corresponding concrete uni cation. It is important to note that there is a technical di culty in stating this argument as we have not given a formal notion of description for terms (but only for other syntactic objects, such as atoms and substitutions). It is inappropriate to do so, because the idea of the description relation is based on the sharing of variables between the terms in a syntactic object and formalized in terms of an appropriate equivalence relation. Observe that an abstract term has no \meaning" on its own. It is only in the context of a more complex syntactic object that the notion of sharing has a meaning. The following example illustrates this point. Example 9 Consider the abstract atom = p(A B;B) and abstract term = A B. The abstract atom represents a concrete atom of the form p(f(A;B); g(B)) or of the form p([W;X; Y; Z]; [X;Y; Z]) in which there are some variables in common in the two arguments. But we can not say that describes the concrete terms f(A;B) or [W;X; Y; Z]. 22 The following lemma states that the uni cation of concrete terms is approximated by the ACI1-uni cation of their abstractions. The correctness of ACI1-uni cation in this special case is used below to establish correctness of ACI1-uni cation of terms within a given context, i.e., within atoms. Lemma 5.3 (ACI1-uni cation of abstract terms is correct) For the concrete terms t1 and t2: ir-mguACI1( (t1); (t2)) / mgu(t1; t2) Proof. Let = mgu(t1; t2) and = ir-mguACI1( (t1); (t2)). Since is a uni er of t1 and t2 and by Lemma 4.2 we have (t1 ) = (t2 ) = (t1) ( ) = (t2) ( ). Thus, ( ) is an ACI1 uni er of (t1) and (t2). Since is a most general ACI1 uni er of (t1) and (t2) we have ( ) ir , or equivalently, / . 2 Lemma 5.4 (ACI1-uni cation of abstract terms is optimal) For abstract terms 1 and 2 and abstract uni er = ir-mguACI1( 1; 2), and for any 0 which is (strictly) less general than , there exist concrete terms t1 and t2 such that (t1) = 1, (t2) = 2, and 0 6/ mgu(t1; t2). Proof. The proof is technical and can be found in Appendix A. 2 Now let us consider the correctness of ACI1-uni cation of abstract terms for sharing analysis. We now have to consider the context in which the terms occur, i.e., as arguments of abstract atoms. Consider a pair of abstract atoms = p( 1; : : : ; n) and 0 = p( 0 1; : : : ; 0 n). We argue that an appropriate (correct and optimal) abstract uni cation for sharing analysis is obtained by considering the ACI1-uni cation of the corresponding pairs of abstract terms i and 0 i . To argue correctness and optimality, each such uni cation must be considered in the context of the entire set of equations n 1 = 0 1; : : : ; n = 0 n o. Lemma 5.5 (ACI1-uni cation of abstract terms is correct) Let = p( 1; : : : ; n), 0 = p( 0 1; : : : ; 0 n), a = p(t1; : : : ; tn) and a0 = p(t01; : : : ; t0n) such that / a and 0 / a0. Then for i, 1 i n: ir-mguACI1( i; 0 i) / a mgu(ti; t0i): Proof. See Appendix A. 2 23 Now consider the abstract uni cation of a pair of abstract atoms. The abstract uni er of atoms 1 and 2, denoted mguA( 1; 2), is de ned in terms of the set of equations between the terms in the corresponding argument positions: mguA(E) = 8><>: " if E = ; mguA(E 0 ) if E = f : = 0g [ E 0 and = ir-mguACI1( ; 0) (14) Abstract uni cation is thus de ned much the same as in the concrete case. It is parameterized by abstract uni cation of terms and abstract composition of substitutions. It is interesting to note that it is possible to de ne the abstract uni cation for abstract atoms, similar to the case of abstract terms, as the most general ACI1 uni er of the atoms (with respect to ir). However, this results in a very imprecise (although correct) abstract uni cation operation for sharing analysis. Indeed, we shall see thatmguA as de ned in Equation (14) is both correct and optimal for our domain. Example 10 Consider the uni cation of the abstract atoms p(A;B) and p(X;Y ). The most general ACI1 uni er (with respect to ir) for these atoms is = A 7! Z1 Z2; B 7! Z2 Z3; X 7! Z1 Z2; Y 7! Z2 Z3 This uni er is correct for sharing analysis since it approximates all possibilities of uni cation of two atoms with independent arguments. However, is imprecise since it introduces (through Z2) the possibility that all four arguments (of both atoms) be aliased. Obviously, the concrete uni cation of atoms with independent arguments does not introduce such an aliasing. Consider now the abstract uni cation mguA(p(A;B); p(X;Y )) which is computed by solving the set of equations A = X; B = Y . The ACI1-uni cation for the rst equation results in ir-mgu(A;X) = A 7! Z; X 7! Z . Applying this result to the rest of the equations gives B = Y . Now, ir-mguACI1(B; Y ) = B 7!W; Y 7!W and nally = mguA( A = X; B = Y ) = A 7! Z; B 7!W; X 7! Z; Y 7!W : This uni er indeed correctly approximates the result of unifying two atoms with independent arguments. Note also that ir provided by = ( )j dom( ) where is the independent-range substitution = Z1 7! Z; Z2 7! ;; Z3 7!W . The following illustrates a more complex example of abstract uni cation. 24 Example 11 Consider the uni cation of the abstract atoms: 1 = p(A;A B;B) and 2 = p(X;Y; Z). The uni er mguA( 1; 2) is computed as de ned by Equation 14 by solving the set of equations A = X; A B = Y; B = Z . In each iteration we apply the ir-mguACI1 of the rst (upper) equation in the set to the other equations. We also assume that on each iteration the resulting substitution is projected on the set of variables of the original equations, i.e. on the domain of variables of interest. mguA0@8<: A = X; A B = Y; B = Z 9=;1A = A 7! Z1; X 7! Z1 mguA Z1 B = Y; B = Z = A 7! Z1; X 7! Z1 8<: Y 7! Z2 Z3 W; Z1 7! Z3 W; B 7! Z2 W 9=; mguA Z2 W = Z = = A 7! Z1; X 7! Z1 8<: Y 7! Z2 Z3 W; Z1 7! Z3 W; B 7! Z2 W 9=; 8<: Z 7! Z4 Z5 W 0; Z2 7! Z4 W 0; W 7! Z5 W 0 9=; : The nal result is thus: mguA( 1; 2) = X 7! Z3 Z5; Y 7! Z3 Z4 Z5; Z 7! Z4 Z5; A 7! Z3 Z5; B 7! Z4 Z5 in which W 0 collapses to Z5 because of equivalence. Notice that mguA( 1; 2) indicates the possibility of simultaneous sharing between all variables of the initial atoms (expressed by Z5) as justi ed for example by considering the uni cation of the concrete atoms p(A; f(A;B); B) with p(X; f(Y; Y ); Z). Correctness and optimality of abstract uni cation now follow from the correctness and optimality results of the \atomic" operations used to de ne the abstract uni cation of tuples of abstract terms in Equation (14). Theorem 5.6 (abstract uni cation is correct for set-sharing) Let a and a0 be concrete atoms such that mgu(a; a0) = . Let and 0 be abstract atoms such that / a and 0 / a0. Let = mguA( ; 0). Then / a . Proof. Let = p( 1; : : : ; n), 0 = p( 0 1; : : : ; 0 n), a = p(t1; : : : ; tn) and a0 = p(t01; : : : ; t0n). Let i = ir-mgu( i ( 1 : : : i 1); 0 i ( 1 : : : i 1)) and i = mgu(ti ( 1 : : : i 1); t0i ( 1 : : : i 1)), for i = 1; : : : ; n, and i = i = " for i = 0. We prove that ( 1 i) / a ( 1 i) is an invariant of the uni cation process implied by Equation (14). 25 It trivially holds at the beginning of the process, since i = 0 implies that the invariant is equivalent to / a. If it holds for i = k then, applying Lemma 5.5, it also holds for i = k + 1. Finally, for i = n it implies that ( 1 n) / a ( 1 n), i.e., mguA( ; 0) / a mgu(a; a0). 2 Theorem 5.7 (abstract uni cation is optimal for set-sharing) Let E be a set of abstract equations and denote = mguA(E). There is no uni er 0 for E which is more precise than , i.e., such that 0 ir and 6 ir 0, which is also correct for set-sharing. Proof. See Appendix A. 2 The reader might have noticed that although abstract uni cation is dened as solving sets of equations, the examples actually consider sequences of equations. The following result, which is a consequence of Theorem 5.7 justi es this. Corollary 5.8 (abstract uni cation is con uent) An abstract uni er for a set of abstract equations is independent of the order in which the equations are solved. The results of Theorems 5.6 and 5.7 make one of the main points in our presentation. They show that there is a natural ordering (based on independent-range substitutions) for set-sharing analysis for which abstract uni cation is de ned simply by solving a set of equations just as in the concrete case. Correctness and optimality of the abstract operations is a clear consequence of the \algebraic" nature of the abstract domain. 6 Set Logic Programs and Set-Sharing This section illustrates that the abstract domain based on set logic programs is isomorphic to the well-known Sharing domain of Jacobs and Langen [22]. Recall the original de nition of the Sharing domain which consists of sets of sets of program variables ordered by set inclusion. Sharing information is characterized using the notion of variable occurrences through a substitution, as speci ed by Equation (1). The elements of the Sharing domain are abstract substitutions which are sets of sets of variables and hence we denote Sharing = }(}(V)). A set of variables S in an abstract substitution indicates the possibility of sharing between these variables. Namely, the possibility that the variables 26 in S occur in a substitution described by through some variable. Concrete substitutions are abstracted to elements of the Sharing domain using the function A : Sub ! }(}(V)) given in Equation (2). The abstraction and concretization functions for the sharing domain are de ned as follows: Sh : }(Sub) ! Sharing Sh : Sharing ! }(Sub) Sh( ) = S A( ) 2 Sh( ) = 2 Sub A( ) (15) and a Galois insertion is then constructed. The following example illustrates the description of concrete substitutions by Sharing substitutions. Example 12 Let = fA;Bg; fB;Cg; fAg; fBg; fCg;; be an abstract substitution in the Sharing domain. The substitutions 1 = fA 7! f(X;Y ); B 7! g(Y; Z); C 7! f(Z; V )g and 2 = fA 7! f(X); B 7! g(Y ); C 7! f(Z)g are described by : In 1, X occurs through fAg, Y occurs through fA;Bg, Z occurs through fB;Cg and V occurs through fCg, and in 2 there are variables which occur through fAg, fBg and fCg| and these occurrences are all speci ed in . Note that the domain of an abstract substitution 2 Sharing must be explicitly speci ed, as any variable of interest not occurring in is considered ground. In contrast, the variables of interest for a set substitution are those in its domain. In principle the domain based on set logic programs is formalized in terms of a Galois insertion of abstract atoms while the Sharing domain is based on a Galois insertion of abstract substitutions. The reader should notice that in fact set-sharing analyses, such as those used in [22, 28], are actually based on pairs consisting of a concrete atom of the form p(x1; : : : ; xn) together with an abstract substitution. Note however, that Sharing substitutions cannot be applied to atoms, since they are in fact an encoding of sharing information rather than \true" substitutions. Similarly, an abstract atom p( 1; : : : ; n) in our domain can also be viewed as a pair hp( x); i, where x is a vector of n variables and is a set substitution in the form fx1 7! 1; : : : ; xn 7! ng. To facilitate the proof of isomorphism we provide an equivalent de nition for our abstract domain de ning it as a domain of abstract substitutions: : }(Sub) ! Sub : Sub ! }(Sub) ( ) = Fir ( ) 2 ( ) = 2 Sub ( ) ir ; (16) where Fir denotes a least upper bound of two or more set substitutions with respect to the ir-ordering. The formal construction of a Galois insertion is analogous to that given in Equation (13) and Theorem 4.5. The following theorem establishes the isomorphism of two representations of sharing information. Namely, that each element in the set Sub corresponds to an element in Sharing and vice versa. 27 Lemma 6.1 There exists a set isomorphism between Sub and Sharing. Proof. Note that the abstraction function A : Sub ! Sharing extends naturally to a function A : Sub ! Sharing viewing sets of variables as ordinary terms. Hence, we prove the lemma demonstrating that A : Sub ! Sharing is a bijective function for which an inverse function A 1 : Sharing ! Sub can be provided. Let = fS1; : : : ; Sng be an element of the Sharing domain de ned for a set D of variables of interest. Assume without loss of generality that the domain of substitutions in Sub is D. Let fz1; : : : ; zng be a set of fresh variables, one for each Si in . The inverse function yielding the set substitution which corresponds to is de ned by: A 1 : Sharing! Sub A 1( ) = x 7! x2Si zi x 2 D : It is straightforward to see that A A 1 and A 1 A correspond to identity functions in Sub and Sharing respectively. 2 Example 13 Recall the abstract substitution of Example 12. Consider the set substitution, = fA 7! fX;Ug; B 7! fX;Y; V g; C 7! fY;Wgg. We have that A( ) = fA;Bg; fB;Cg; fAg; fBg; fCg;; = and that A 1( ) = fA 7! fX 0; U 0g; B 7! fX 0; Y 0; V 0g; C 7! fY 0;W 0gg ir . The following lemma establishes the relation between the ordering of set substitutions and the ordering in the Sharing domain. Namely the fact that the orders of elements in these abstract domains are isomorphic. Lemma 6.2 (order embedding) There is an order embedding between hSub ; iri and hSharing; i. Proof. Let 1 and 2 be two abstract substitutions and let D be the set of variables of interest. Assume without loss of generality that dom( 1) = dom( 2) = D. We prove that 1 ir 2 , A( 1) A( 2): ()) The proof of (1) in Lemma 2.1 applies. (() Given A( 1) A( 2) we construct an independent-range substitution as follows: = x: ; if occs( 2; x) 2 (A( 2) n A( 1)) x otherwise 28 The substitution maps to ; all variables of 2 which make the setsharing of 2 di erent to that of 1. Thus, A( 2 ) = A( 1) and consequently, by Lemma 6.1, 1 = ( 2 )j dom( 1). 2 Thus, set substitutions of Sub and abstract substitutions of Sharing form isomorphic partial orders. Considering the relation of these partial orders to the concrete domain we establish the following result: Theorem 6.3 (domain isomorphism) h}(Sub); Sh; Sharing; Shi = h}(Sub); ; Sub ; i Proof. Lemma 6.1 and Lemma 6.2 prove that the underlying posets hSharing; i and hSub ; iri are isomorphic partial orders. It remains to demonstrate that Sh Sh and are equivalent closure operators. Sh Sh = 2 }(Sub): n A( ) FSh n A( ) 2 o o The isomorphism of partial orders hSharing; i and hSub ; iri implies also the isomorphic behavior of tSh and tir. Thus, the former expression is equivalent to 2 }(Sub): n ( ) ir Fir n ( )  2 o o = : 2 The following example illustrates the isomorphism of the two representations of sharing information. Example 14 Recall the abstract substitution and the concrete substitutions 1 and 2 of Example 12. Consider the set substitution of Example 13, = fA 7! fX;Ug; B 7! fX;Y; V g; C 7! fY;Wgg, which is isomorphic to . The substitutions 1 and 2 are described by : X indicates the possible aliasing of A and B, Y indicates that of B and C, and U , V and W the possible presence in A, B and C of variables not shared with other variables. The abstract substitution and the set substitution also describe the substitutions 3 = fA 7! f(X); B 7! g(X)g and 4 = fA 7! f(X;Y ); B 7! g(X;Y ); C 7! Zg. Observe that the above Theorem 6.3 implies also that the domain of abstract interpretations, i.e., subsets of B V ordered by ir describe the same sharing information as the elements of Sharing. 29 7 Sharing Analysis with Set Logic Programs The abstract operations de ned in Section 4 (uni cation, application, least upper bound) provide the building blocks to construct an abstract semantics for the sharing analysis of logic programs. Several sharing analyses have been described using these techniques: A bottom-up approach is described in [10]. A top-down approach based on tabulation using XSB is described in [8]. In this section we illustrate as an example a simple bottom-up approach based on an abstract immediate consequences operator TP : }(B V ) ! }(B V ) for set logic programs. For a logic program P the least xed point of T (P ) provides the sharing analysis for P . TP(I) = h c h b1; : : : ; bn 2 P; a1; : : : ; an <>><>>>>: ; if vars(t) = ; fjx1 : : : xnjg if vars(t) = fx1; : : : ; xng and linear(t) fx1 : : : xng if vars(t) = fx1; : : : ; xng and not linear(t) (19) This de nition is the straightforward extension of Equation (7) enhanced to specify the linearity information in a concrete term. The abstraction for substitutions is de ned in the similar way. Example 20 (1) ([X;XjXs]) = fX;Xsg; (3) (X) = fjXjg; (2) (tree(X;Left;Right)) = fjX;Left;Rightjg; (4) ([ ]) = ;: We say that an abstract atom (or substitution) describes an atom (or a substitution) a, denoted / a if (a) lin . Example 21 1. p(fjXjg; fjY jg; fX;Y g) / p([X1; X2]; Y s; [X1; X2jY s]) and p(fjXjg; fjY jg; fX;Y g) / p([ ]; Y s; Y s), but p(fjXjg; fjY jg; fX;Y g) 6/ p([X1; X1]; Y s; [X1; X1jY s]) since the rst argument is not linear; 2. p(fXg) / p(X) and p(fXg) / p(a); 3. p(fjXjg) / p(X) and p(fjXjg) / p(a); 4. p(;) / p(a) but p(;) 6/ p(X). 34 The operations on abstract atoms and substitutions with linearity information are straightforward extensions of the de nitions in Section 5. For the operations of application, projection, composition and lub, this involves a straightforward case analysis. We only present here the de nition for abstract lub. Least Upper Bound: The least upper bound of two abstract atoms is based on the notion of union of two abstract terms. Let 1 and 2 be two abstract terms with 1 and 2 being the corresponding ACI1-expressions, i.e., i = fj ijg or i = f ig for i = 1; 2. The union of 1 and 2, denoted by 1 [ 2 is de ned as: 1 [ 2 = 8<: ; if 1 = ; and 2 = ; fj 1 2jg if linear( 1) and linear( 2) f 1 2g otherwise (20) Example 22 1: fA;Bg [ fjA;Cjg= fA;B;Cg 2: fjA;Bjg [ fjCjg [ ; = fjA;B;Cjg The least upper bound for atoms (with respect to lin) can be characterized by the following result, the proof of which is similar to that of Theorem 4.3. Theorem 8.1 For the abstract atoms 1 = p( 1; : : : ; n) and 2 = p( 0 1; : : : ; 0 n): 1 t 2 = p( 1 [ 0 1; : : : ; n [ 0 n): Example 23 1. 1 = p(fAg; fjBjg; fA;Bg) 2 = p(fjY jg; fjY jg; fjY jg) 1 t 2= p(fA; Y g; fjB; Y jg; fA;B; Y g) 2. 1 = app( ;; fjY jg; fjY jg) 2 = app(fAg; fjBjg; fA;Bg) 1 t 2= app(fAg; fjB; Y jg; fA;B; Y g): Observe that app(fAg; fjB; Y jg; fA;B; Y g) lin app(fAg; fjBjg; fA;Bg). Abstract Uni cation: As illustrated by Example 15 abstract uni cation can give more precise results for set-sharing when linearity information is present. To formalize this we recall Lemma 2.3 which imposes additional constraints about linearity information for concrete uni cation problems. In 35 particular, we recall that the most general uni er of two terms t1 and t2 is guaranteed to have a linear projection on the co-linear variables of t1 and t2. As a consequence, the abstract uni er for a pair of (annotated) abstract terms 1 and 2 can safely be chosen as their most general ACI1 uni er (with respect to lin) which has a linear projection on their co-linear variables. Observe that if neither 1 nor 2 is annotated as linear then this boils down to the de nition of ir-mguACI1 from Section 5. The algorithm depicted in Figure 4 computes the most general abstract uni er of two annotated abstract terms. It is based on the algorithm of ACI1-uni cation (Figure 2). For the cases when one term is linear the algorithm computes an annotated most general (with respect to lin) ACI1 uni er with a linear projection on the second term. If two abstract terms are linear then the algorithm computes a most general ACI1 uni er with two linear projections. The case of uni cation of two non-linear terms is analogous to the uni cation performed in the algorithm of Figure 2. The set S computed in a rst phase consists of sets of variables representing all possible sharing in a corresponding (concrete) uni cation. Correctness of this algorithm is based on Theorem 5.2 with the additional restrictions on linearity provided by Lemma 2.3. Its optimality can also be proven, using the same principle as in the proof of Lemma 5.4; the complete proof can be found in Appendix A. Example 24 Let us demonstrate how the uni cation algorithm shown in Figure 4 is applied to compute a precise uni er for the abstract terms from Example 15. In this example we assumed the Y represents only linear terms, which means that in the annotated domain we consider the uni cation of fjY jg with fA;Bg. Since both abstract terms are non-empty and have no variables in common, the set S computed by the algorithm is S = fA; Y g; fB; Y g . The members of S are labeled by fresh variables Z1 and Z2 respectively. Thus, the uni er computed by the algorithm is = A 7! fjZ1jg; B 7! fjZ2jg; Y 7! fZ1; Z2g . Note that does not introduce aliasing between A and B, which indeed cannot occur in the uni cation of corresponding concrete terms as discussed in Example 15. Uni cation of abstract atoms is de ned as usual by incremental uni cation of corresponding abstract terms. mguAlin(E) = 8><>: " if E = ; mguAlin(E 0 ) if E = f = 0g [ E 0 and = lin-mguACI1( ; 0) (21) Example 25 In the following examples, adapted from [6], we solve at each step the rst (upper) equation in the set and apply the result to the other equations: 36 lin-mguACI1( 1; 2) : v1 = vars( 1) v2 = vars( 2) if (v1 = ;)_ (v2 = ;) then return x 2 (v1 [ v2): ; else if 1 is linear and 2 is linear and v1 \ v2 = ; then S = n fu; vg  u 2 v1; v 2 v2 o else if 1 is linear and v1 \ v2 = ; then S = n fvg [ s v 2 v2; s v1; s 6= ; o else if 2 is linear and v1 \ v2 = ; then S = n fvg [ s v 2 v1; s v2; s 6= ; o else S = n s (v1 [ v2)  s \ v1 6= ;; s \ v2 6= ; o let S =fs1, : : : , skg Z =fz1, : : : , zkg // fresh variables return x 2 (v1 [ v2):8<: fj x2sizijg if x is co-linear f x2sizig otherwise Figure 4: Abstract uni cation of annotated terms 1. Consider the uni cation of abstract atoms: 1 = p(fjAjg; fjA;Bjg; fjBjg) and 2 = p(fXg; fjY jg; fZg). mguAlin0@8<: fjAjg = fXg; fjA;Bjg = fjY jg; fjBjg = fZg 9=;1A = = A 7! fZ1g; X 7! fjZ1jg mguAlin fZ1; Bg = fjY jg; fjBjg = fZg = = A 7! fZ1g; X 7! fjZ1jg 8<: B 7! fjZ2jg; Y 7! fZ2; Z3g; Z1 7! fjZ3jg 9=; mguAlin(fjZ2jg = fZg) = 37 = A 7! fZ1g; X 7! fjZ1jg 8<: B 7! fjZ2jg; Y 7! fZ2; Z3g; Z1 7! fjZ3jg 9=; Z 7! fjZ4jg; Z2 7! fZ4g which gives: mguA( 1; 2) = X 7! fjZ3jg; Y 7! fZ4; Z3g; Z 7! fjZ4jg A 7! fZ3g; B 7! fZ4g : Notice that there is no aliasing between A and B and that X and Z are bound to linear terms. 2. Consider the uni cation of abstract atoms: 1 = p(fjAjg; fjA;Bjg; fjBjg) and 2 = p(fXg; fY g; fZg). mguAlin0@8<: fjAjg = fXg; fjA;Bjg = fY g; fjBjg = fZg 9=;1A = = A 7! fjZ1jg; X 7! fZ1g mguAlin fZ1; Bg = fY g; fjBjg = fZg = A 7! fjZ1jg; X 7! fZ1g 8<: Y 7! fZ2; Z3;Wg; Z1 7! fZ3;Wg; B 7! fZ2;Wg 9=; mguAlin (fZ2;Wg=fZg) = = A 7! fjZ1jg; X 7! fZ1g 8<: Y 7! fZ2; Z3;Wg; Z1 7! fZ3;Wg; B 7! fZ2;Wg 9=; 8<: Z 7! fZ4; Z5;W 0g; Z2 7! fZ4;W 0g; W 7! fZ5;W 0g 9=; which gives: mguAlin( 1; 2) = X 7! fZ3; Z5g; Y 7! fZ3; Z4; Z5g; Z 7! fZ4; Z5g; A 7! fZ3; Z5g; B 7! fZ4; Z5g in which W 0 collapses to Z5 because of equivalence. Notice that there is (possible) aliasing between A and B and that X and Z are bound to nonlinear terms. Again, the correctness and optimality (and con uence) of the abstract uni cation for sharing analysis follow naturally. The proofs are similar to those of theorems 5.6 and 5.7. 38 9 Conclusion We have described an algebraic approach for the sharing analysis of logic programs based on an abstract domain of set logic programs . The main advantage of this approach is that the speci cation of the abstract uni cation algorithm relies on the well-studied notion of ACI1-uni cation. The justi cation of the abstract operations needed to de ne a sharing analysis all follow a clear and intuitive argument based on simple algebraic properties of set substitutions and set-based atoms. We have given full proofs of correctness and optimality for these operations and we have proven that the well-known set-sharing domain of Jacobs and Langen is isomorphic to our domain. We do not know if the abstract operations de ned by Jacobs and Langen are optimal (the authors have not proven this). But, in case they are not, then this paper provides optimal abstract operations for the set-sharing domain via the domain isomorphism. Another advantage of our approach is the simplicity in which it is extended with linearity information. It is interesting to note that the algebraic framework demonstrated in this paper could be cast in terms of a generalized constraint system, following [19]. This is for example the approach in [30], where (groundness and type) analyses are designed as constraint solving. Finally we note that the approach described in this paper facilitates implementation based on abstract compilation | be it in a top-down or in a bottom-up approach. 39 Appendix A: Proofs We rst discuss the operations of abstract application, composition and lub. The role of abstract application is to extract the sharing information expressed by an abstract substitution which is relevant for a given (abstract) atom or other syntactic object. Lemma A.1 (application of an abstract substitution is correct) Let a, , and be concrete and abstract atoms and substitutions such that / a and / . Then / a . Proof. (a ) = [by Lemma 4.2] (a) ( ) ir [because / ] (a) ir [because / a] ) [by de nition of /] / a 2 Lemma A.2 (application of an abstract substitution is optimal) Let a and be concrete and abstract atoms such that (a) = , and and be concrete and abstract substitutions such that ( ) = . There is no abstract atom 0 (not equivalent to ) such that 0 / a and 0 ir . Proof. By Lemma 4.2 we have (a ) = (a) ( ) = . If 0 / a then (a ) ir 0, and therefore ir 0. 2 Correctness and optimality of composition for abstract substitutions are implied by the corresponding results for abstract application as established by the following two lemmata. Lemma A.3 (composition of abstract substitutions is correct) Let 1 and 2 be concrete substitutions, and 1 and 2 abstract substitutions such that 1 / 1 and 2 / 2. Then assuming dom( 1) = dom( 1) and dom( 2) = dom( 2), ( 1 2) / ( 1 2). Proof. Let x be a tuple of variables of interest. Lemma A.1 implies that x 1 / x 1 and ( x 1) 2 / ( x 1) 2. Thus x ( 1 2) / x ( 1 2), which implies the lemma statement. 2 Lemma A.4 (composition of abstract substitutions is optimal) Let 1 and 2 be concrete substitutions, and 1 and 2 abstract substitutions such that 1 / 1 and 2 / 2. There is no abstract substitution 0 (not equivalent to 1 2) such that 0 / ( 1 2) and 0 ir ( 1 2). Proof. Follows from the optimality of abstract application established by Lemma A.1 similarly as the correctness of abstract composition (Lemma A.3) follows from the correctness of abstract application. 2 40 Lemma A.5 (abstract lub is correct) For abstract atoms 1 and 2 and concrete atoms a1 and a2, ( 1 / a1) ^ ( 2 / a2) ) (( 1 t 2) / a1) ^ (( 1 t 2) / a2): Proof. Since 1 t 2 is an upper bound of 1 and 2 with respect to ir we have 1 ir ( 1 t 2) and 2 ir ( 1 t 2). Because 1 / a1 and 2 / a2 we have (a1) ir 1 and (a2) ir 2. Thus, (a1) ir ( 1 t 2) and (a2) ir ( 1 t 2), i.e., 1 t 2 / a1 and 1 t 2 / a2. 2 Lemma A.6 (abstract lub is optimal) For abstract atoms 1 and 2 and concrete atoms a1 and a2, such that 1 / a1 and 2 / a2, there is no abstract atom 0 (not equivalent to 1 t 2) such that 0 / a1, 0 / a2, and 0 ir 1 t 2. Proof. Straightforward since 1 t 2 is a least upper bound of 1 and 2 with respect to as established by Theorem 4.3. 2 Similar results for the operations on abstract atoms and substitutions with linearity information can be obtained. The above proofs are on the whole easy to enhance for this purpose. To justify correctness and optimality we have only to focus on the added linearity information, which involves a straightforward case analysis, which we omit here. We now consider abstract uni cation. We rst claim that ACI1-uni cation of a single equation in a context (of a set of equations for the uni cation of atoms) is well de ned. Namely, that it does not depend on the particular representative element. Observation A.7 Consider abstract terms 1, 2, 1, and 2, such that vars( 1) vars( 1) and vars( 2) vars( 2), and denote = ir-mguACI1( 1; 2) and 0 = ir-mguACI1( 1; 2). Consider the abstract substitutions and ': = x 7! ; x 2 (vars( 1) n vars( 1)) [ (vars( 2) n vars( 2)) ; ' = x 7! ; 9y 2 range( 0): (y' = ;) ^ (x 2 vars(y 0)) : Then, 0 ' is a renamed instance of . To justify this observation, let us consider the case when 1 = 1 z (where z is a fresh variable) and 2 = 2. So = z 7! ; and ' = x 7! ; x 2 vars(z 0) : Consider the set S in the evaluation of 0 following the algorithm of Figure 2. The variables in z 0 are the labels for the sets in S which contain z. Thus, 0' is the same as except that it maps z to ;. In other words, 0 ' is a renamed instance of . 41 Lemma A.8 (uni cation of abstract terms is well de ned) Let E be an equivalence class of abstract equations with representative elements Ê = h 1 = 0 1; : : : ; n = 0 ni and ~ E = h 1 = 01; : : : ; n = 0ni such that Ê ir ~ E . Then Ê ir-mguACI1( i; 0 i) ir ~ E ir-mguACI1( i; 0i): Proof. We may assume without loss of generality that Ê is a \minimal" context for the abstract uni cation, i.e., a context constructed from two tuples of abstract terms minimized as in the proof of Theorem 3.1. Since the lemma trivially holds for contexts which are renamed instances of one another, we may assume that vars( i) vars( i) and vars( 0 i ) vars( 0i) for any i and that variables from vars( i) n vars( i) and from vars( 0i) n vars( 0 i ) do not occur in Ê . Thus, a ground substitution providing Ê = ~ E' is: = x 7! ; x 2 (vars( i) n vars( i)) [ (vars( 0i) n vars( 0 i )) : Let us denote ir-mguACI1( i; 0 i) by ̂ and ir-mguACI1( i; 0i) by ~ . Then ~ E ~ = [because ~ E ir Ê and vars(Ê) vars( ~ E)] Ê ~ ir [because E has no occurences of variables in dom( )] Ê ~ ir [by Observation A.7] Ê ̂ ir [because E has no occurences of variables of dom( )] Ê ̂ 2 We now prove the correctness of ACI1-uni cation of abstract terms in the context of a set of equations between abstract terms. Observation A.9 Consider abstract terms 1, 2, 1, and 2, such that vars( 1) vars( 1) and vars( 2) vars( 2), and denote = ir-mguACI1( 1; 2) and 0 = ir-mguACI1( 1; 2). Consider the abstract substitution: = x 7! ; x 2 (vars( 1) n vars( 1)) [ (vars( 2) n vars( 2)) : Then 0 is equivalent to . To justify this consider again the uni cation of 1 = 1 z with 2 = 2, as in Observation A.7. It is easy to see that the same variable sets share in 0 and in , except for the occurrence of variable z. Since 0 z 7! ; makes z ground |and thus it cannot share through any variable|, then the set-sharing of and 0 z 7! ; is the same, i.e., A( 0 z 7! ; ) = A( ), and consequently, by Lemma 6.1, 0 z 7! ; ir . 42 Lemma 5.5 (ACI1-uni cation of abstract terms is safe) Let = p( 1; : : : ; n), 0 = p( 0 1; : : : ; 0 n), a = p(t1; : : : ; tn) and a0 = p(t01; : : : ; t0n) such that / a and 0 / a0. Then for i, 1 i n: ir-mguACI1( i; 0 i) / a mgu(ti; t0i): Proof. Assume without loss of generality that and 0 are representative elements such that vars( i) vars(ti), vars( 0 i ) vars(t0i), and variables from vars( i) n vars(ti) and from vars( 0 i ) n vars(t0i) do not occur in a. Let = ir-mguACI1( (ti); (t0i)), = ir-mguACI1( i; 0 i), and = mgu(ti; t0i). From Observation A.9 there is a ground substitution such that ir . Also, from Lemma 5.3, (a ) ir (a) . Since / a we have (a) ir , and therefore, (a) ir . Since ir we have (a) ( ) ir . Since variables of dom( ) do not occur in a we get (a) ir . Since (a ) ir (a) , and by transitivity of ir, it follows (a ) ir . 2 As we have seen, the above result is instrumental in the proof of correctness of abstract uni cation for set-sharing analysis (Theorem 5.6). The above proof can be easily enhanced for the case of including linearity information. The corresponding lemma leads us to a correctness result for sharing analysis of the abstract uni cation with linearity, in the same way as that of Theorem 5.6. We now turn our attention to optimality. Lemma 5.4 (ACI1-uni cation of abstract terms is optimal) For abstract terms 1 and 2 and abstract uni er = ir-mguACI1( 1; 2), and for any 0 which is (strictly) less general than , there exist concrete terms t1 and t2 such that (t1) = 1, (t2) = 2, and 0 6/ mgu(t1; t2). Proof. If at least one of 1 and 2 equals to ; then binds all variables found in 1 and 2 to ;, thus, precisely approximating the result of concrete uni cation when one or both terms are ground. For this case is trivially optimal. Now consider the case when both 1 and 2 have variables. Assume by contradiction that there exists 0 which is more precise than such that 0 / mgu(t1; t2). Hence, 0 ir and 6= 0, and by Observation 2, there exists a variable z 2 vars(range( )) such that 0 z 7! ; . We assume without loss of generality that z is a fresh variable not occuring in 1 and 2. Let (w/o.l.o.g.) occs( ; z)\vars( 1) = fx1; : : : ; xmg and occs( ; z)\vars( 2) = fy1; : : : ; ypg. Since is a uni er these sets are surely nonempty. Denote the variables in 1 which are not in occs( ; z) by fxm+1; : : : ; xng and the variables in 2 which are not in occs( ; z) by fyp+1; : : : ; yqg. Let us construct the following concrete terms: t1 = s(e(x1; : : : ; xm);f(x1; : : : ; x1);g(xm+1; : : : ; xn); h(a; : : : ; a) ) t2 = s( e(y1; : : : ; y1); f(y1; : : : ; yp); g(a; : : : ; a); h(yp+1; : : : ; yq)): 43 Clearly, (t1) = 1 and (t2) = 2. Note that: mgu(t1; t2) = x1 7! w; : : : ; xm 7! w; y1 7! w; : : : ; yp 7! w; xm+1 7! a; : : : ; xn 7! a; yp+1 7! a; : : : ; yq 7! a and (mgu(t1; t2)) = x1 7! w; : : : ; xm 7! w; y1 7! w; : : : ; yp 7! w; xm+1 7! ;; : : : ; xn 7! ;; yp+1 7! ;; : : : ; yq 7! ; : It is easy to see that / , or equivalently = ( ) with the following independent-range substitution: = x:nw if x = z ; otherwise. Let us demonstrate now that 0 6/ . Assume that there exists an independentrange substitution 0 satisfying 0 0 = ( ). This substitution is of the form: 0 = x:nw if x = y ; otherwise for some variable y 2 range( 0). Note that since 0 is an independent-range substitution, only one variable in the range of 0 can be mapped by 0 to w. We may assume that both and 0 are in their \minimal" form, i.e., each variable in these substitutions occurs in a distinct set of terms in their ranges. Consequently, 0 has no variable z0 such that occs( ; z) = occs( 0; z0). It follows that for any choice of y in the above 0, the uni ers and 0 0 are di erent. Thus, for any independent-range substitutiton 0, 0 0 6= ( ). Therefore, 0 is not a correct abstract uni er. The contradiction implies that is a most precise abstract uni er of 1 and 2. 2 Theorem 5.7 (abstract uni cation is optimal for set-sharing) Let E be a set of abstract equations and denote = mguA(E). There is no uni er 0 for E which is more precise than , i.e., such that 0 ir and 6 ir 0, which is also correct for set-sharing. Proof. Assume by contradiction that there exists another uni er 0 for E such that 0 ir and 6 ir 0. Thus, by Observation 2 there exists a variable z 2 vars(range( )) such that 0 ir z 7! ; . Let E = e1; : : : ; en . By Equation (14), = 1 2 n, where 1 = ir-mguACI1(e1) and i = ir-mguACI1(ei i 1), and i 1 = 1 2 i 1, for i = 2; : : : ; n. Let k be the rst substitution such that z 2 vars(range( k)). Let Ek = ek+1; : : : ; en . Thus, on step k of the resolution in Equation (14) we have = k 1 k mguA Ek k 1 k . Note that z appears in the range of and thus, the steps from k + 1 to n do not compute any bindings for z. Therefore, applying the substitution z 7! ; to at step k is equivalent to applying it at the end of the resolution process. Since 0 ir Z 7! ; , there must hold one of the following possibilities: 44 1. 0 ir k 1 k z 7! ; mguA Ek k z 7! ; , if z 7! ; is applied to ir-mgu(ek), i.e., to k; 2. 0 ir k 1 k mguA (Ek k) z 7! ; , if z 7! ; is applied to the result of application of k to Ek; 3. 0 ir k 1 k z 7! ; mgu(Ek k), if z 7! ; is applied to the result of the composition of k 1 with k. If one of these possibilities holds then the corresponding \atomic" operation on step k, i.e., ACI1-uni cation, application, or composition, admits a more precise result. But this contradicts one of the Lemmas 5.4, A.2 and A.4 establishing the optimality of all operations used in the abstract uni cation. 2 Again, for the case of including linearity similar optimality results are obtained. We include here the prove of the lemma for the optimality of abstract uni cation of terms (with linearity). A result similar to Theorem 5.7 for abstract uni cation of atoms is obtained using this lemma, much in the same way as in the case of Theorem 5.7. Lemma A.10 (optimality of lin-mguACI1) For abstract terms 1 and 2 and abstract uni er = lin-mguACI1( 1; 2), and for any 0 which is (strictly) less general than , there exist concrete terms t1 and t2 such that (t1) = 1, (t2) = 2, and 0 6/ mgu(t1; t2). Proof. First we consider whether the terms being uni ed have variables in common or not. If they have, we have seen in Example 8 that any possible set-sharing can appear during the uni cation of these terms. In this case lin-mguACI1 defaults to ir-mguACI1, and therefore the proof is a case of Lemma 5.4, except for the annotation of terms in the range of the uni er. Moreover, the terms variables in this case can be bound to non-linear terms, which is also demonstrated in Example 8. But this is exactly what lin-mguACI1 does in this case. If the terms do not have variables in common then either (1) they are both non-linear, (2) one of them is linear but the other is not, or (3) both are linear. If both are non-linear lin-mguACI1 defaults again to ir-mguACI1, and the claim follows directly from Lemma 5.4. Let us now prove the optimality of uni cation of abstract terms for the cases when lin-mguACI1 is more precise than ir-mguACI1, i.e., (2) and (3). We prove (2); the prove of (3) is similar. Assume without loss of generality that 1 is non-linear and 2 is linear. Let = lin-mguACI1( 1; 2) and = mgu(t1; t2). Assume by contradiction that there exists a more precise uni er 0 of 1 and 2 such that 0 / . The substitution 0 can be more precise than if it exhibits less set-sharing and/or more linearity than . Let us consider linearity rst. The projection of on variables of 2 is a linear substitution (since by lin-mguACI1 is linear, and 2 also is). Observe 45 that if the projection of 0 on the variables of 2 is a non-linear substitution thenlinearity( ) linearity( 0) and thus, 0 is not more precise than . Thus, bothprojections of and 0 on the variables of 2 are linear substitutions. Because ofthis, w.r.t. linearity only 1 needs be considered.If linearity( 0) linearity( ) then 0 maps some variables of 1 to linearterms. In this situation a contradiction is easily obtained by constructing a linearconcrete term t1 and a non-linear term t2 such that (t1) = 1, (t2) = 2, and theuni cation of t1 with t2 binds all variables of t1 to non-linear terms. It follows thatif 0 is a correct uni er then linearity( ) linearity( 0) and consequently, if 0 isan optimal uni er then linearity( ) = linearity( 0).Now let us consider the case when 0 is more precise than because it introducesless set-sharing. In this case there exists at least one variable z in the domain ofsuch that 0 linz 7! ; . Assume that1 = x1 : : : xn;2 = y1 : : : yp;such that (without loss of generality) occs( ; z) \ vars( 1) = fx1; : : : ; xmg, m n,and occs( ; z) = fy1g (recall that according to lin-mguACI1 on Figure 4 only onevariable of 2 occurs through each variable in the range of ). Consider the followingconcrete terms:t1 = f(x1; : : : ; xm; g; : : : ; g xm+1; : : : ; xn)t2 = f(y1; : : : ; y1; y2; : : : ; yp; g; : : : ; g):As we can see, (t1) = 1, (t2) = 2 and t1 is linear. The uni er of t1 and t2binds all variables x1; : : : ; xm to some variable w and binds all other variables toground terms. It is easy to see that / , observing that= ( ) where= x: fjwjg if x = z;otherwise.The rest of the proof is the same as for Lemma 5.4. We demonstrate that 0 6/by showing that there is no linear substitution 0 for which ( ) = 0 0, andthus, 0 is not a correct uni er. From this contradiction we conclude that is anoptimal abstract uni er of 1 and 2.246 References[1] K. R. Apt. Introduction to Logic Programming. In J. van Leeuwen, editor,Handbook of Theoretical Computer Science, volume B: Formal Models and Se-mantics, pages 495{574. Elsevier, Amsterdam and The MIT Press, Cambridge,1990.[2] F. Baader and J. Siekmann. Uni cation theory. In C. Hogger D. Gabbay andJ. Robinson, editors, Handbook of Logic in Arti cial Intelligence and LogicProgramming, volume 2, pages 41{126. Oxford Science Publications, 1994.[3] M. Bruynooghe and M. Codish. Freeness, Sharing, Linearity and Correctness| all at Once. In P. Cousot, M. Falaschi, G. Fil e, and A. Rauzy, editors, ThirdInternational Workshop on Static Analysis WSA'93 (Padova), volume 724 ofLecture Notes in Computer Science, pages 153{164, Padova, Italy, September1993. Springer Verlag.[4] M. Codish, D. Dams, G. Fil e, and M. Bruynooghe. Freeness Analysis for LogicPrograms { and Correctness ? In David S. Warren, editor, Proceedings of theTenth International Conference on Logic Programming, pages 116{131, Bu-dapest, Hungary, June 1993. The MIT Press. also Report CW 161, December1992, at KUL.[5] M. Codish, D. Dams, G. File, and M. Bruynooghe. On the design of a correctfreeness analysis for logic programs. Journal of Logic Programming, 28(3):181{206, September 1996.[6] M. Codish, D. Dams, and E. Yardeni. Derivation and Safety of an AbstractUni cation Algorithm for Groundness and Aliasing Analysis. In Furukawa[17], pages 79{93.[7] M. Codish and B. Demoen. Analyzing logic programs using \PROP"-ositionallogic programs and a magic wand. Journal of Logic Programming, 25(3):249{274, December 1995.[8] M. Codish, B. Demoen, and K. Sagonas. General purpose semantic basedanalysis using XSB. Technical report, Ben-Gurion University of the Negev,January 1997. ftp://ftp.cs.bgu.ac.il/pub/people/codish/absxsb.ps.[9] M. Codish and V. Lagoon. Type dependencies for logic programs using ACI-uni cation. In Journal of Theoretical Computer Science. (accepted for publi-cation).[10] M. Codish, V. Lagoon, and F. Bueno. An algebraic approach to sharing analy-sis of logic programs. In P. Van Hentenryck, editor, Proceedings of the FourthInternational Static Analysis Symposium, volume 1302 of Lecture Notes inComputer Science, pages 68{82. Springer Verlag, sep 1997.47 [11] M. Codish, A. Mulkers, M. Bruynooghe, M. Garc a de la Banda, andM. Hermenegildo. Improving Abstract Interpretations by CombiningDomains.ACM Transactions on Programming Languages and Systems (TOPLAS),17(1):28{44, January 1995.[12] P. Codognet and G. Fil e. Computations, Abstractions and Constraints. InProc. Fourth IEEE Int'l Conference on Computer Languages. IEEE Press,1992.[13] A. Cortesi and G. Fil e. Abstract Interpretation of Logic Programs: an Ab-stract Domain for Groundness, Sharing, Freeness and Compoundness Analy-sis. In P. Hudak and N. D. Jones, editors, Proceedings of the ACM SIGPLANSymposium on partial evaluation and semantics based program manipulation,PEPM'91, number 26 in Sigplan notices, pages 52{61, 1991.[14] P. Cousot and R. Cousot. Abstract interpretation: A uni ed lattice modelfor static analysis of programs by construction or approximation of xpoints.In Proc., Fourth ACM Symp. on Principles of Programming Languages, pages238{252. ACM Press, January 1977.[15] P. Cousot and R. Cousot. Systematic Design of ProgramAnalysis Frameworks.In Proc. Sixth ACM Symp. Principles of Programming Languages, pages 269{282, 1979.[16] T. Fruhwirth, E. Shapiro, M. Vardi, and E. Yardeni. Logic programs as typesfor logic programs. In Proceedings of Sixth Annual IEEE Symposium on Logicin Computer Science, pages 300{309. IEEE Computer Society Press, July 1991.[17] Koichi Furukawa, editor. Proceedings of the Eighth International Conferenceon Logic Programming, Paris, France, 1991. The MIT Press.[18] J. Gallagher and D. A. de Waal. Fast and Precise Regular Approxima-tion of Logic Programs. In Pascal Van Hentenryck, editor, Proceedings ofthe Eleventh International Conference on Logic Programming, pages 599{613,Santa Margherita Ligure, Italy, 1994. The MIT Press. ISBN 0-262-72022-1.[19] R. Giacobazzi, S. Debray, and G. Levi. Generalized Semantics and AbstractInterpretation for Constraint Logic Programs. Journal of Logic Programming,25(3):191{248, 1995.[20] M. V. Hermenegildo and K. J. Greene. &-Prolog and its performance: Ex-ploiting independent And-Parallelism. In David H. D. Warren and Peter Sz-eredi, editors, Proceedings of the Seventh International Conference on LogicProgramming, pages 253{268, Jerusalem, 1990. The MIT Press.[21] M. V. Hermenegildo, R. Warren, and S. K. Debray. Global ow analysis asa practical compilation tool. Journal of Logic Programming, 13(4):349{366,August 1992.48 [22] D. Jacobs and A. Langen. Static Analysis of Logic Programs for Independentand Parallelism. Journal of Logic Programming, 13(1, 2, 3 and 4):291{314,1992.[23] D. Kapur and P. Narendran. Complexity of uni cation problems withassociative-commutative operators. Journal of Automated Reasoning,9(2):261{288, October 1992.[24] V. Lagoon. Logic program analysis using set logic programs. Master's thesis,Ben-Gurion University of the Negev (Israel), 1998.[25] P. Lincoln and J. Christian. Adventures in associative-commutative uni ca-tion. Journal of Symbolic Computation, 8:217{240, 1989. Also appears inUni cation, edited by Claude Kirchner (Academic, 1990), pages 393{416.[26] J. W. Lloyd. Foundations of Logic Programming. Springer-Verlag, Berlin,1987. Second edition.[27] K. Muthukumar and M. Hermenegildo. Combined Determination of Shar-ing and Freeness of Program Variables through Abstract Interpretation. InFurukawa [17], pages 49{63.[28] K. Muthukumar and M. Hermenegildo. Compile-time Derivation of VariableDependency Using Abstract Interpretation. Journal of Logic Programming,13(1, 2, 3 and 4):315{347, 1992.[29] D. A. Plaisted. The occur-chack problem in Prolog. In International Sympo-sium on Logic Programming, pages 272{280. IEEE, Computer Society Press,1984.[30] C. Ramakrishnan, I. Ramakrishnan, and R. Sekar. A symbolic constraintsolving framework for analysis of logic programs. In Proceedings of the ACMSIGPLAN Symposium on Partial Evaluation and Semantics-Based ProgramManipulation, pages 12{23. ACM Press, 1995. New York, USA.[31] H. S ndergaard. An Application of Abstract Interpretation of Logic Programs:Occur Check Reduction. In Proc. ESOP'86, number 213 in LNCS, pages 327{338, 1986.49