Proving Propertiesof Constraint Logic Programs

by Eliminating Existential Variables

Alberto Pettorossi (Università di Roma “Tor

Vergata”),

Maurizio Proietti (IASI-CNR, Roma),

Valerio Senni (Università di Roma “Tor

Vergata”)CILC2006 – DIB – Università di Bari 26-27 June 2006

• Goal: proving first order properties ofCostraint Logic Programs (CLPs)

• Focus: CLPs on the domain of lists andreal numbers

• Technique: existential quantifiers elimination by meansof program transformation

1. Outline of the work

• Polynomials p ::= a | X | p1 + p2 | a X where a and X Var

• Constraints c ::= p1 = p2 | p1 < p2 | p1 ≤ p2 | c1 c2

• LR-programs

head terms h ::= X | [ ] | [X|L] where X Var and L VarL

body terms b ::= p | Lclauses cl ::= r1(h1,…,hn) c |

r1 (h1,…,hn) c r2 (b1,…,bn) |

r1 (h1,…,hn) c r2 (b1,…,bn)

Goal: given a program P and a property , verify whether or not

M(P)

2. Programs on lists of reals

• start from the pair < P, prop >

• transform the statement prop into a (stratified, finite) set of definitions D1…Dn

• add each of the D1…Dn to the inital program P obtaining at each step a new lr-program without existential variables

• If the transformation process terminates, then the definition of propis propositional(by definition of lr-programs)

3. Proof by transformation

4. An example

• Initial program P

member (X,[Y|L]) X=Y member (X,[Y|L]) member (X,L)

• Property : L U X ( X L X ≤ U )

we want to show that any list of reals has an upper bound

• Two steps :

1. First we transform the statement prop into a set of definitions

D1…Dn

2. By applying the Unfold/Fold rules we transform D1…Dn P into a

new program T such that the definition of prop is propositional

5. Clause-Form Transformation

: L U X ( X L X ≤ U )

prop L U X ( X L X > U )

D4: prop p

D3: p list (L) q (L)

D2: q (L) list (L) r (L,U)

D1: r (L,U) X > U list(L) member (X,L)

p

q

r

• not lr-clauses

• with existential variables

Step 1.

6. Unfold-Fold Transformation

D4 : prop p

D3 : p p1

p1 p1

D2 : q ([]) q ([X|T]) q1(X,T)

q1 (X,[Y|T]) X > Y q1 (X , L)

q1 (X,[Y|T]) X ≤ Y q1 (Y , L)

D1 : r ([X|T],U) X > U list (L) r ([X|T],U) r (T,U)

Step 2.

by repeated applications of the

• unfold, • fold and• constraint replacement

ruleswe obtain the final program

TT

For each initial predicate we have obtained a new definition, made of lr-clauses.

Possibly with the use of some auxiliary predicate (p1, q1)

The unfold/fold transformation is aimed at transforming the clausesobtained after the Step 1 into lr-clauses.

6. Unfold-Fold Transformation

D4 : prop p

D3 : p p1

p1 p1

D2 : q ([]) q ([X|T]) q1(X,T)

q1 (X,[Y|T]) X > Y q1 (X , L)

q1 (X,[Y|T]) X ≤ Y q1 (Y , L)

D1 : r ([X|T],U) X > U list (L) r ([X|T],U) r (T,U)

Step 2.

by repeated applications of the

• unfold, • fold and• constraint replacement

ruleswe obtain the final program

TT

For each initial predicate we have obtained a new definition, made of lr-clauses.

Possibly with the use of some auxiliary predicate (p1, q1)

The unfold/fold transformation is aimed at transforming the clausesobtained after the Step 1 into lr-clauses.

6. Unfold-Fold Transformation

D4 : prop p

D3 : p p1

p1 p1

D2 : q ([]) q ([X|T]) q1(X,T)

q1 (X,[Y|T]) X > Y q1 (X , L)

q1 (X,[Y|T]) X ≤ Y q1 (Y , L)

D1 : r ([X|T],U) X > U list (L) r ([X|T],U) r (T,U)

Step 2.

by repeated applications of the

• unfold, • fold and• constraint replacement

ruleswe obtain the final program

TT

For each initial predicate we have obtained a new definition, made of lr-clauses.

Possibly with the use of some auxiliary predicate (p1, q1)

The unfold/fold transformation is aimed at transforming the clausesobtained after the Step 1 into lr-clauses.

6. Unfold-Fold Transformation

D4 : prop p

D3 : p p1

p1 p1

D2 : q ([]) q ([X|T]) q1(X,T)

q1 (X,[Y|T]) X > Y q1 (X , L)

q1 (X,[Y|T]) X ≤ Y q1 (Y , L)

D1 : r ([X|T],U) X > U list (L) r ([X|T],U) r (T,U)

Step 2.

by repeated applications of the

• unfold, • fold and• constraint replacement

ruleswe obtain the final program

TT

For each initial predicate we have obtained a new definition, made of lr-clauses.

Possibly with the use of some auxiliary predicate (p1, q1)

The unfold/fold transformation is aimed at transforming the clausesobtained after the Step 1 into lr-clauses.

prop

7. The Unfold-Fold Strategy

A general Unfold/Fold strategy

Input: an lr-program P and a hierarchy <D1,...,Dn> of clauses

Output: an lr-program T

unfold +

replace-constraints *

define-fold *

for all D1,...,Dn :

Di

NewDefs =

i > n

noyes

no

yesT

the finalprogram

i := i + 1

8. The Unfold-Fold Strategy at work

start from clause D1 :

r (L,U) X > U list(L) member (X,L)

Unfold : r ([X|T],U) X > U list(T) r ([X|T],U) Y > U list(T) member (Y,T)

Fold : 1. r ([X|T],U) X > U list(T)

2. r ([X|T],U) r (T,U)

8. The Unfold-Fold Strategy at work

start from clause D1 :

r (L,U) X > U list(L) member (X,L)

Unfold : r ([X|T],U) X > U list(T) r ([X|T],U) Y > U list(T) member (Y,T)

Fold : 1. r ([X|T],U) X > U list(T)

2. r ([X|T],U) r (T,U)

We go on with the following definitions D2, D3, and D4

• lr-clauses

• without existential variables

9. Introduction of new Definitions

we cannot fold

clause D2 :

q (L) list (L) r (L,U)

Unfold : q ([ ]) q ([X|T]) X ≤ U list (T) r (T,U)

9. Introduction of new Definitions

clause D2 :

q (L) list (L) r (L,U)

Unfold : q ([ ]) q ([X|T]) X ≤ U list (T) r (T,U)

Define : q1(X,T) X ≤ U list (T) r (T,U)

Fold : 3. q ([ ]) 4. q ([X|T]) q1(X,T)

Continue to apply the transformation rules to the new definition

Unfold : q1(X,[ ])

q1(X,[Y|T]) X ≤ U Y ≤ U list (T) r (T,U)

we cannot fold

9. Introduction of new Definitions

need for newdefinitions

reduce theoccurrences of existential variables

clause D2 :

q (L) list (L) r (L,U)

Unfold : q ([ ]) q ([X|T]) X ≤ U list (T) r (T,U)

Define : q1(X,T) X ≤ U list (T) r (T,U)

Fold : 3. q ([ ]) 4. q ([X|T]) q1(X,T)

Continue to apply the transformation rules to the new definition

Unfold : q1(X,[ ])

q1(X,[Y|T]) X ≤ U Y ≤ U list (T) r (T,U)

we cannot fold

10. Constraint Replacement

: q1 (X,[Y|T]) X ≤ U Y ≤ U list (T) r (T,U)

U

X YX ≤ U Y ≤ U

U

X

Y

U

Y

X

X > Y X ≤ U X ≤ Y Y ≤ U

10. Constraint Replacement

: q1 (X,[Y|T]) X ≤ U Y ≤ U list (T) r (T,U)

We substitute the clause for and

: q1 (X,[Y|T]) X > Y X ≤ U list (T) r (T,U)

: q1 (X,[Y|T]) X ≤ Y Y ≤ U list (T) r (T,U)

U

X YX ≤ U Y ≤ U

U

X

Y

U

Y

X

X > Y X ≤ U X ≤ Y Y ≤ U

10. Constraint Replacement

: q1 (X,[Y|T]) X ≤ U Y ≤ U list (T) r (T,U)

We substitute the clause for and

: q1 (X,[Y|T]) X > Y X ≤ U list (T) r (T,U)

: q1 (X,[Y|T]) X ≤ Y Y ≤ U list (T) r (T,U)

after folding we obtain :

5. q1 (X,[Y|T]) X > Y q1 (X,T)

6. q1 (X,[Y|T]) X ≤ Y q1 (Y,T)

U

X YX ≤ U Y ≤ U

U

X

Y

U

Y

X

X > Y X ≤ U X ≤ Y Y ≤ U

which allowfor folding

11. Last part of the Trasformation

clause D3 : p list (L) q (L)

Unfold : p list(T) q1 (X,T)

Define : p1 list(T) q1 (X,T)

Fold : 7. p p1

Unfold : p1 X > Y list(T) q1

(X,T) p1 X ≤ Y list(T) q1

(Y,T)

ConstraintReplace : p1 list(T) q1 (Y,T)

Fold : 8. p1 p1

project theseconstraints out

12. Final Program

At the end of the transformation we obtain the following program:

1. r ([X|T],U) X > U list(T)

2. r ([X|T],U) r (T,U)3. q ([ ]) 4. q ([X|T]) newp1(X,T)

5. q1 (X,[Y|T]) X > Y q1 (X,T)

6. q1 (X,[Y|T]) X ≤ Y q1 (Y,T)

7. p p1

8. p1 p1

9. prop p

T :

By simple inspection of the program T we can decide that the property prop is true

13. Termination

A brief note on termination:

unfold +

replace-constraints *

define-fold *

for all D1,...,Dn :

Di

NewDefs =

i > n

noyes

no

yesT

the finalprogram

i := i + 1

13. Termination

A brief note on termination:

The only source for nontermination is the possibleintroduction of infinitely many new definitions

unfold +

replace-constraints *

define-fold *

for all D1,...,Dn :

Di

NewDefs =

i > n

noyes

no

yesT

the finalprogram

i := i + 1

14. Experimental results

We have run some experiments on the MAP system that implements

the Unfold/Fold transformation strategy.

• constraints handling: clp(r) module of SICStus prolog(implementing a variant of the Fourier-Motzkin algorithm for existential variables elimination)

• theorems in the theory of linear orders, lists, and sum

Property Time

L U Y ( YL Y U ) 140 ms

L Y ( (sumlist(L,Y) Y > 0) X (XL X > 0) ) 170 ms

L M N ( (ord(L) ord(M) sumzip(L,M,N)) ord(N) ) 160 ms

L M X Y ( (leqlist(L,M) sumlist(L,X) sumlist(M,Y)) X Y )

50 ms

15. Future work

• identify some theories of interest for which this strategy succeeds

• experiment on different data structures (e.g. trees) anddomains with a linear order and closed under projection

• investigate phenomena that lead to nontermination

• generalization techniques that allow for folding