Proving theorems by program transformation

In this paper we present an overview of the unfold/fold proof method, a method for proving theorems about programs, based on program transformation. As a metalanguage for specifying programs and program properties we adopt constraint logic programming (CLP), and we present a set of transformation rules (including the familiar unfolding and folding rules) which preserve the semantics of CLP programs. Then, we show how program transformation strategies can be used, similarly to theorem proving tactics, for guiding the application of the transformation rules and inferring the properties to be proved. We work out three examples: (i) the proof of predicate equivalences, applied to the verification of equality between CCS processes, (ii) the proof of first order formulas via an extension of the quantifier elimination method, and (iii) the proof of temporal properties of infinite state concurrent systems, by using a transformation strategy that performs program specialization

Constrained Query Answering

Traditional answering methods evaluate queries only against positive and definite knowledge expressed by means of facts and deduction rules. They do not make use of negative, disjunctive or existential information. Negative or indefinite knowledge is however often available in knowledge base systems, either as design requirements, or as observed properties. Such knowledge can serve to rule out unproductive subexpressions during query answering. In this article, we propose an approach for constraining any conventional query answering procedure with general, possibly negative or indefinite formulas, so as to discard impossible cases and to avoid redundant evaluations. This approach does not impose additional conditions on the positive and definite knowledge, nor does it assume any particular semantics for negation. It adopts that of the conventional query answering procedure it constrains. This is achieved by relying on meta-interpretation for specifying the constraining process. The soundness, completeness, and termination of the underlying query answering procedure are not compromised. Constrained query answering can be applied for answering queries more efficiently as well as for generating more informative, intensional answers

Program transformation for development, verification, and synthesis of programs

This paper briefly describes the use of the program transformation methodology for the development of correct and efficient programs. In particular, we will refer to the case of constraint logic programs and, through some examples, we will show how by program transformation, one can improve, synthesize, and verify programs

Folding Transformation Rules for Constraint Logic Programs

We consider the folding transformation rule for constraint logic programs. We propose an algorithm for applying the folding rule in the case where the constraints are linear equations and inequations over the rational or the real numbers. Basically, our algorithm consists in reducing a rule application to the solution of one or more systems of linear equations and inequations. We also introduce two variants of the folding transformation rule. The first variant combines the folding rule with the clause splitting rule, and the second variant eliminates the existential variables of a clause, that is, those variables which occur in the body of the clause and not in its head. Finally, we present the algorithms for applying these variants of the folding rule

Transformational Verification of Linear Temporal Logic

We present a new method for verifying Linear Temporal Logic (LTL) properties of finite state reactive systems based on logic programming and program transformation. We encode a finite state system and an LTL property which we want to verify as a logic program on infinite lists. Then we apply a verification method consisting of two steps. In the first step we transform the logic program that encodes the given system and the given property into a new program belonging to the class of the so-called linear monadic !-programs (which are stratified, linear recursive programs defining nullary predicates or unary predicates on infinite lists). This transformation is performed by applying rules that preserve correctness. In the second step we verify the property of interest by using suitable proof rules for linear monadic !-programs. These proof rules can be encoded as a logic program which always terminates, if evaluated by using tabled resolution. Although our method uses standard program transformation techniques, the computational complexity of the derived verification algorithm is essentially the same as the one of the Lichtenstein-Pnueli algorithm [9], which uses sophisticated ad-hoc techniques

Synthesizing Short-Circuiting Validation of Data Structure Invariants

This paper presents incremental verification-validation, a novel approach for checking rich data structure invariants expressed as separation logic assertions. Incremental verification-validation combines static verification of separation properties with efficient, short-circuiting dynamic validation of arbitrarily rich data constraints. A data structure invariant checker is an inductive predicate in separation logic with an executable interpretation; a short-circuiting checker is an invariant checker that stops checking whenever it detects at run time that an assertion for some sub-structure has been fully proven statically. At a high level, our approach does two things: it statically proves the separation properties of data structure invariants using a static shape analysis in a standard way but then leverages this proof in a novel manner to synthesize short-circuiting dynamic validation of the data properties. As a consequence, we enable dynamic validation to make up for imprecision in sound static analysis while simultaneously leveraging the static verification to make the remaining dynamic validation efficient. We show empirically that short-circuiting can yield asymptotic improvements in dynamic validation, with low overhead over no validation, even in cases where static verification is incomplete