Lecture Notes in Computer Science 5438 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen UniversityofDortmund,Germany MadhuSudan MassachusettsInstituteofTechnology,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Michael Hanus (Ed.) Logic-Based Program Synthesis and Transformation 18th International Symposium, LOPSTR 2008 Valencia, Spain, July 17-18, 2008 Revised Selected Papers 1 3 VolumeEditor MichaelHanus Christian-Albrechts-UniversitätKiel InstitutfürInformatik 24098Kiel,Germany E-mail:[email protected] LibraryofCongressControlNumber:2009921732 CRSubjectClassification(1998):D.2,D.1.6,D.1.1,F.3.1,I.2.2,F.4.1 LNCSSublibrary:SL1–TheoreticalComputerScienceandGeneralIssues ISSN 0302-9743 ISBN-10 3-642-00514-4SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-00514-5SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©Springer-VerlagBerlinHeidelberg2009 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12620142 06/3180 543210 Preface This volume contains a selection of the papers presented at the 18th Interna- tionalSymposiumonLogic-BasedProgramSynthesisandTransformation(LOP- STR 2008) held during July 17–18, 2008 in Valencia, Spain. Information about the conference can be found at http://www.informatik.uni-kiel.de/∼mh/ lopstr08. Previous LOPSTR symposia were held in Lyngby (2007), Venice (2006 and 1999), London (2005 and 2000), Verona (2004), Uppsala (2003), Madrid (2002), Paphos (2001), Manchester (1998, 1992, and 1991), Leuven (1997), Stockholm (1996), Arnhem (1995), Pisa (1994), and Louvain-la-Neuve (1993). The aim of the LOPSTR series is to stimulate and promote international research and collaboration on logic-based program development. LOPSTR tra- ditionally solicits papers in the areas of specification, synthesis, verification, transformation,analysis,optimization,composition,security,reuse,applications andtools,component-basedsoftwaredevelopment,softwarearchitectures,agent- basedsoftwaredevelopment,andprogramrefinement.LOPSTRhasareputation for being a lively,friendly forum for presenting and discussing work in progress. Formalproceedings are producedonly after the symposium so that authors can incorporate feedback in the published papers. I would like to thank all those who submitted contributions to LOPSTR in the categories of full papers and extended abstracts. Each submission was reviewedbyatleastthreeProgramCommitteemembers.Thecommitteedecided to accept three full papers for immediate inclusion in the final post-conference proceedings, and nine papers were accepted after revision and another round of reviewing. In addition to the accepted papers, the program also included an invited talk by Peter O’Hearn (University of London). I am grateful to the ProgramCommittee members who workedhard to pro- duce high-quality reviews for the submitted papers under a tight schedule, as wellasalltheexternalreviewersinvolvedinthepaperselection.Ialsowouldlike to thank Andrei Voronkov for his excellent EasyChair system that automates many of the tasks involved in chairing a conference. LOPSTR 2008 was co-located with SAS 2008, PPDP 2008, and PLID 2008. Manythankstothelocalorganizersoftheseevents,inparticular,toJosepSilva, the LOPSTR 2008 local Organizing Committee Chair. Finally, I gratefully ac- knowledgetheinstitutionsthatsponsoredthisevent:DepartamentodeSistemas Inform´aticos y Computacio´n, EAPLS, ERCIM, Generalitat Valenciana, MEC (Feder) TIN2007-30509-E,and Universidad Polit´ecnica de Valencia. December 2008 Michael Hanus Conference Organization Program Chair Michael Hanus Institut fu¨r Informatik Christian-Albrechts-Universit¨atKiel D-24098 Kiel, Germany Email: [email protected] Local Organization Chair Josep Silva Departamento de Sistemas Inform. y Comp. Universitat Polit`ecnica de Valencia Camino de la Vera s/n E-46022Valencia, Spain Email: [email protected] Program Committee Slim Abdennadher German University Cairo, Egypt Danny De Schreye K.U. Leuven, Belgium Wlodek Drabent Polish Academy of Sciences, Poland / Linko¨ping University, Sweden Gopal Gupta University of Texas at Dallas, USA Michael Hanus University of Kiel, Germany (Chair) Patricia Hill University of Leeds, UK Andy King University of Kent, UK Michael Leuschel University of Du¨sseldorf, Germany Torben Mogensen DIKU, University of Copenhagen, Denmark Mario Ornaghi Universita` degli Studi di Milano, Italy E´tienne Payet Universit´e de La R´eunion, France Alberto Pettorossi University of Rome Tor Vergata, Italy Germ´an Puebla Technical University of Madrid, Spain C.R. Ramakrishnan SUNY at Stony Brook, USA Sabina Rossi Universita` Ca’ Foscari di Venezia, Italy Chiaki Sakama Wakayama University, Japan Josep Silva Technical University of Valencia, Spain Wim Vanhoof University of Namur, Belgium Eelco Visser Delft University of Technology, The Netherlands VIII Conference Organization Organizing Committee Beatriz Alarco´n Gustavo Arroyo Antonio Bella Aristides Dasso Santiago Escobar Vicent Estruch Marco Feliu C´esar Ferri Ana Funes Carlos Herrero Salvador Lucas Rau´l Guti´errez Jos´e Hern´andez Jos´e Iborra Christophe Joubert Alexei Lescaylle Marisa Llorens Rafael Navarro Pedro Ojeda Javier Oliver Mar´ıa Jos´e Ram´ırez Daniel Romero Josep Silva (Chair) Salvador Tamarit Alicia Villanueva External Reviewers Javier A´lvez Rafael Caballero Franc¸ois Degrave Samir Genaim Miguel Go´mez-Zamalloa Roberta Gori Gerda Janssens Christophe Joubert Adam Koprowski Kenneth MacKenzie Matteo Maffei Isabella Mastroeni Alberto Momigliano Frank Pfenning Pawel Pietrzak Paolo Pilozzi Maurizio Proietti Jan-Georg Smaus Son Tran Germa´n Vidal Dean Voets Damiano Zanardini Table of Contents Space Invading Systems Code (Invited Talk) ........................ 1 Cristiano Calcagno, Dino Distefano, Peter O’Hearn, and Hongseok Yang Test Data Generation of Bytecode by CLP Partial Evaluation ......... 4 Elvira Albert, Miguel Go´mez-Zamalloa, and Germa´n Puebla A Modular Equational Generalization Algorithm .................... 24 Mar´ıa Alpuente, Santiago Escobar, Jos´e Meseguer, and Pedro Ojeda A Transformational Approach to Polyvariant BTA of Higher-Order Functional Programs ............................................. 40 Gustavo Arroyo, J. Guadalupe Ramos, Salvador Tamarit, and Germa´n Vidal Analysis of Linear Hybrid Systems in CLP .......................... 55 Gourinath Banda and John P. Gallagher Automatic Generation of Test Inputs for Mercury.................... 71 Franc¸ois Degrave, Tom Schrijvers, and Wim Vanhoof Analytical Inductive Functional Programming ....................... 87 Emanuel Kitzelmann The MEB and CEB Static Analysis for CSP Specifications ............ 103 Michael Leuschel, Marisa Llorens, Javier Oliver, Josep Silva, and Salvador Tamarit Fast Offline Partial Evaluation of Large Logic Programs .............. 119 Michael Leuschel and Germa´n Vidal An Inference Algorithm for Guaranteeing Safe Destruction ............ 135 Manuel Montenegro, Ricardo Pen˜a, and Clara Segura From Monomorphic to Polymorphic Well-Typings and Beyond......... 152 Tom Schrijvers, Maurice Bruynooghe, and John P. Gallagher On Negative Unfolding in the Answer Set Semantics.................. 168 Hirohisa Seki Author Index.................................................. 185 Space Invading Systems Code Cristiano Calcagno2, Dino Distefano1, Peter O’Hearn1, and Hongseok Yang1 1 Queen Mary University of London 2 Imperial College 1 Introduction Space Invader is a static analysistool that aims to perform accurate,automatic verificationofthewaythatprogramsusepointers.Itusesseparationlogicasser- tions [10,11] to describe states, and works by performing a proof search, using abstract interpretation to enable convergence. As well as having roots in sepa- ration logic, Invader draws on the fundamental work of Sagiv et. al. on shape analysis [12]. It is complementary to other tools – e.g., SLAM [1], Blast [8], ASTRE´E [6] – that use abstract interpretation for verification, but that use coarse or limited models of the heap. SpaceInvaderbeganlifeasatheoreticalprototypeworkingonatoylanguage [7], which was itself an outgrowth of a previous toy-language tool [3]. Then, in May of 2006, spurred by discussions with Byron Cook, we decided to move beyondourtoylanguagesandchallengeprograms,andtestourideasagainstreal- worldsystemscode,startingwithaWindowsdevicedriver,andthenmovingon to various open-source programs.(Some of our work has been done jointly with JoshBerdineandCookatMicrosoftResearchCambridge,andarelatedanalysis tool, SLAyer, is in development there.) As of the summer of 2008, Space Invader has proven pointer safety (no null or dangling pointer dereferences, or leaks) in several entire industrial programs ofupto 10KLOC,andmorepartialpropertiesoflargercodes.Therehavebeen three key innovations drivenby the problems encounteredwith real-worldcode. – Adaptive analysis. Device driversusecomplexvariationsonlinkedlists–for example, multiple circular lists sharing a common header, several of which have nested sublists – and these variations are different in different drivers. Intheadaptiveanalysispredicatesarediscoveredbyscrutinizingthelinking structureoftheheap,andthenfedtoahigher-orderpredicatethatdescribes linkedlists.Thisallowsforthedescriptionofcomplex,nested(thoughlinear) data structures, as well as for adapting to the varied data structures found in different programs [2]. – Near-perfect Join. The adaptive analysis allowed several driver routines to beverified,butittimedoutonothers.Thelimitwasaround1KLOC,when given a nested data structure and a procedure with non-trivial control flow (severalloopsandconditionals).Theproblemwasthattherewerethousands of nodes at some program points in the analysis, representing huge disjunc- tions. In response, we discovered a partial join operator which lost enough M.Hanus(Ed.):LOPSTR2008,LNCS5438,pp.1–3,2009. (cid:2)c Springer-VerlagBerlinHeidelberg2009 2 C. Calcagno et al. information to, in many cases (though crucially, not always), leave us with only one heap. The join operator is partial because, although it is often de- fined, ajoin whichalways collapsestwo nodes into onewill be too imprecise to verify the drivers:it willhave false alarms.Ourgoalwasto prove pointer safetyofthedrivers,sotodischargeeven99.9%oftheheapdereferencesites was considered a failure: not to have found a proof. The mere idea of a join is of course standard: The real contribution is existence of a partial join operator that leads to speed-ups which allow en- tire drivers to be analyzed, while retaining enough precision for the goal of proving pointer safety with zero false alarms [9]. – Compositionality. The version of Space Invader with adaptation and join was a top-down, whole-program analysis (like all previous heap verification methods).Thismeanttheuserhadtoeithersupplypreconditionsmanually, orprovidea“fakemainprogram”(i.e.,supply anenvironment).Practically, the consequence was that it was time-consuming to even get started to ap- ply the analysis to a new piece of code, or to large codes. We discovered a method of inferring a preconditon and postcondition for a procedure, with- out knowing its calling context: the method aims to find the “footprint” of the code [4], a description of the cells it accesses. The technique – which involves the use of abductive inference to infer assertions describing miss- ing portions of heap – leads to a compositional analysis which has been applied to larger programs, such as a complete linux distribution of 2.5M LOC [5]. The compositional and adaptive verification techniques fit together particu- larlywell.Ifyouwanttoautomatically findaspecofthedatastructureusagein aprocedureinsomeprogramyoudon’tknow,withouthavingthecallingcontext of the procedure, you really need an analysis method that will find heap predi- cates for you, without requiring you (the human) to supply those predicates on a case-by-casebasis. Of course, the adaptive analysis selects its predicates from some pre-determined stock, and is ultimately limited by that, but the adaptive capability is handy to have, nonetheless. We emphasize that the results of the compositional version of Space Invader (code name: Abductor) are partial: it is able to prove some procedures, but it might fail to prove others; in linux it finds Hoare triples for around 60,000 procedures,while leaving unprovensome 40,000others1. This, though, is one of the benefits of compositional methods. It is possible to get accurate results on parts of a large codebase, without waiting for the “magical abstract domain” that can automatically prove all of the procedures in all of the code we would want to consider. 1 Warning:therearecaveatsconcerningAbductor’slimitations,suchashowitignores concurrency.These are detailed in [5].