Results 1  10
of
45
Interprocedural Slicing Using Dependence Graphs
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1990
"... ... This paper concerns the problem of interprocedural slicinggenerating a slice of an entire program, where the slice crosses the boundaries of procedure calls. To solve this problem, we introduce a new kind of graph to represent programs, called a system dependence graph, which extends previou ..."
Abstract

Cited by 701 (79 self)
 Add to MetaCart
... This paper concerns the problem of interprocedural slicinggenerating a slice of an entire program, where the slice crosses the boundaries of procedure calls. To solve this problem, we introduce a new kind of graph to represent programs, called a system dependence graph, which extends previous dependence representations to incorporate collections of procedures (with procedure calls) rather than just monolithic programs. Our main result is an algorithm for interprocedural slicing that uses the new representation. (It should be noted that our work concerns a somewhat restricted kind of slice: Rather than permitting a program to be sliced with respect to program point p and an arbitrary variable, a slice must be taken with respect to a variable that is defined or used at p.) The chief
Analysis of Recursive State Machines
 In Proceedings of CAV 2001
, 2001
"... . Recursive state machines (RSMs) enhance the power of ordinary state machines by allowing vertices to correspond either to ordinary states or to potentially recursive invocations of other state machines. RSMs can model the control flow in sequential imperative programs containing recursive proc ..."
Abstract

Cited by 112 (21 self)
 Add to MetaCart
. Recursive state machines (RSMs) enhance the power of ordinary state machines by allowing vertices to correspond either to ordinary states or to potentially recursive invocations of other state machines. RSMs can model the control flow in sequential imperative programs containing recursive procedure calls. They can be viewed as a visual notation extending Statechartslike hierarchical state machines, where concurrency is disallowed but recursion is allowed. They are also related to various models of pushdown systems studied in the verification and program analysis communities. After introducing RSMs, we focus on whether statespace analysis can be performed efficiently for RSMs. We consider the two central problems for algorithmic analysis and model checking, namely, reachability (is a target state reachable from initial states) and cycle detection (is there a reachable cycle containing an accepting state). We show that both these problems can be solved in time O(n` 2 ) and space O(n`), where n is the size of the recursive machine and ` is the maximum, over all component state machines, of the minimum of the number of entries and the number of exits of each component. We also study the precise relationship between RSMs and closely related models. 1
Recursive Markov chains, stochastic grammars, and monotone systems of nonlinear equations
 IN STACS
, 2005
"... We define Recursive Markov Chains (RMCs), a class of finitely presented denumerable Markov chains, and we study algorithms for their analysis. Informally, an RMC consists of a collection of finitestate Markov chains with the ability to invoke each other in a potentially recursive manner. RMCs offer ..."
Abstract

Cited by 68 (11 self)
 Add to MetaCart
We define Recursive Markov Chains (RMCs), a class of finitely presented denumerable Markov chains, and we study algorithms for their analysis. Informally, an RMC consists of a collection of finitestate Markov chains with the ability to invoke each other in a potentially recursive manner. RMCs offer a natural abstract model for probabilistic programs with procedures. They generalize, in a precise sense, a number of well studied stochastic models, including Stochastic ContextFree Grammars (SCFG) and MultiType Branching Processes (MTBP). We focus on algorithms for reachability and termination analysis for RMCs: what is the probability that an RMC started from a given state reaches another target state, or that it terminates? These probabilities are in general irrational, and they arise as (least) fixed point solutions to certain (monotone) systems of nonlinear equations associated with RMCs. We address both the qualitative problem of determining whether the probabilities are 0, 1 or inbetween, and
A Temporal Logic of Nested Calls and Returns
, 2004
"... Model checking of linear temporal logic (LTL) speci cations with respect to pushdown systems has been shown to be a useful tool for analysis of programs with potentially recursive procedures. LTL, however, can specify only regular properties, and properties such as correctness of procedures wit ..."
Abstract

Cited by 54 (11 self)
 Add to MetaCart
Model checking of linear temporal logic (LTL) speci cations with respect to pushdown systems has been shown to be a useful tool for analysis of programs with potentially recursive procedures. LTL, however, can specify only regular properties, and properties such as correctness of procedures with respect to pre and post conditions, that require matching of calls and returns, are not regular. We introduce a temporal logic of calls and returns (CaRet) for speci cation and algorithmic veri cation of correctness requirements of structured programs. The formulas of CaRet are interpreted over sequences of propositional valuations tagged with special symbols call and ret. Besides the standard global temporal modalities, CaRet admits the abstractnext operator that allows a path to jump from a call to the matching return. This operator can be used to specify a variety of nonregular properties such as partial and total correctness of program blocks with respect to pre and post conditions. The abstract versions of the other temporal modalities can be used to specify regular properties of local paths within a procedure that skip over calls to other procedures. CaRet also admits the caller modality that jumps to the most recent pending call, and such caller modalities allow speci cation of a variety of security properties that involve inspection of the callstack. Even though verifying contextfree properties of pushdown systems is undecidable, we show that model checking CaRet formulas against a pushdown model is decidable. We present a tableau construction that reduces our model checking problem to the emptiness problem for a Buchi pushdown system. The complexity of model checking CaRet formulas is the same as that of checking LTL formulas, namely, ...
Algorithmic verification of recursive probabilistic state machines
 In Proc. 11th TACAS
, 2005
"... Abstract. Recursive Markov Chains (RMCs) ([EY04]) are a natural abstract model of procedural probabilistic programs and related systems involving recursion and probability. They succinctly define a class of denumerable Markov chains that generalize multitype branching (stochastic) processes. In thi ..."
Abstract

Cited by 37 (7 self)
 Add to MetaCart
Abstract. Recursive Markov Chains (RMCs) ([EY04]) are a natural abstract model of procedural probabilistic programs and related systems involving recursion and probability. They succinctly define a class of denumerable Markov chains that generalize multitype branching (stochastic) processes. In this paper, we study the problem of model checking an RMC against a given ωregular specification. Namely, given an RMC A and a Büchi automaton B, we wish to know the probability that an execution of A is accepted by B. We establish a number of strong upper bounds, as well as lower bounds, both for qualitative problems (is the probability = 1, or = 0?), and for quantitative problems (is the probability ≥ p?, or, approximate the probability to within a desired precision). Among these, we show that qualitative model checking for general RMCs can be decided in PSPACE in A  and EXPTIME in B, and when A is either a singleexit RMC or when the total number of entries and exits in A is bounded, it can be decided in polynomial time in A. We then show that quantitative model checking can also be done in PSPACE in A, and in EXPSPACE in B. When B is deterministic, all our complexities in B  come down by one exponential. For lower bounds, we show that the qualitative model checking problem, even for a fixed RMC, is already EXPTIMEcomplete. On the other hand, even for simple reachability analysis, we showed in [EY04] that our PSPACE upper bounds in A can not be improved upon without a breakthrough on a wellknown open problem in the complexity of numerical computation. 1
DemandDriven Alias Analysis for C
, 2007
"... This paper presents a demanddriven, flowinsensitive analysis algorithm for answering mayalias queries. We formulate the computation of alias queries as a CFLreachability problem, and use this formulation to derive a demanddriven analysis algorithm. The analysis uses a worklist algorithm that gr ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
This paper presents a demanddriven, flowinsensitive analysis algorithm for answering mayalias queries. We formulate the computation of alias queries as a CFLreachability problem, and use this formulation to derive a demanddriven analysis algorithm. The analysis uses a worklist algorithm that gradually explores the program structure and stops as soon as enough evidence is gathered to answer the query. Unlike existing techniques, our approach does not require building or intersecting pointsto sets. Experiments show that our technique is effective at answering alias queries accurately and efficiently in a demanddriven fashion. For a set of alias queries from the SPEC2000 benchmarks, our analysis is able to accurately answer 97 % of the queries in less than 1 millisecond per query. Compared to a demanddriven pointsto analysis that constructs and intersects pointsto sets onthefly, our alias analysis is more than two times faster. 1
Incremental algorithms for interprocedural analysis of safety properties
, 2005
"... Automatonbased static program analysis has proved to be an effective tool for bug finding. Current tools generally reanalyze a program from scratch in response to a change in the code, which can result in much duplicated effort. We present an interprocedural algorithm that analyzes incrementally ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
Automatonbased static program analysis has proved to be an effective tool for bug finding. Current tools generally reanalyze a program from scratch in response to a change in the code, which can result in much duplicated effort. We present an interprocedural algorithm that analyzes incrementally in response to program changes and present experiments for a nullpointer dereference analysis. It shows a substantial speedup over reanalysis from scratch, with a manageable amount of disk space used to store information between analysis runs.
On generalized authorization problems
 In
, 2003
"... This paper defines a framework in which one can formalize a variety of authorization and policy issues that arise in access control of shared computing resources. Instantiations of the framework address such issues as privacy, recency, validity, and trust. The paper presents an efficient algorithm f ..."
Abstract

Cited by 18 (10 self)
 Add to MetaCart
This paper defines a framework in which one can formalize a variety of authorization and policy issues that arise in access control of shared computing resources. Instantiations of the framework address such issues as privacy, recency, validity, and trust. The paper presents an efficient algorithm for solving all authorization problems in the framework; this approach yields new algorithms for a number of specific authorization problems. 1
Analysis of SPKI/SDSI certificates using model checking
 In IEEE Comp. Sec. Found. Workshop (CSFW). IEEE Computer
, 2002
"... Abstract SPKI/SDSI is a framework for expressing naming andauthorization issues that arise in a distributedcomputing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/SDSItoPDS connection provides a fr ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
Abstract SPKI/SDSI is a framework for expressing naming andauthorization issues that arise in a distributedcomputing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/SDSItoPDS connection provides a framework for formalizing a variety of certificateanalysis problems. Moreover, the connection hascomputational significance: Many analysis problems can be solved efficiently (i.e., in time polynomial in the sizeof the certificate set) using existing algorithms for model checking pushdown systems. Keywords: SPKI/SDSI, model checking, pushdown system, naming, authorization, certificatechain discovery, certificateset analysis.
Modelling Recursive Calls with UML State Diagrams
 PROC. 6 TH INT. CONF. FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING (FASE’03). VOLUME 2621 OF LECT. NOTES COMP. SCI
, 2003
"... One of the principal uses of UML is the modelling of synchronous objectoriented software systems, in which the behaviour of each of several classes is modelled using a state diagram. UML permits a transition of the state diagram to show both the event which causes the transition (typically, the fa ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
One of the principal uses of UML is the modelling of synchronous objectoriented software systems, in which the behaviour of each of several classes is modelled using a state diagram. UML permits a transition of the state diagram to show both the event which causes the transition (typically, the fact that the object receives a message) and the object’s reaction (typically, the fact that the object sends a message). UML’s semantics for state diagrams is “run to completion”. We show that this can lead to anomalous behaviour, and in particular that it is not possible to model recursive calls, in which an object receives a second message whilst still in the process of reacting to the first. Drawing on both ongoing work by the UML2.0 submitters and recent theoretical work [1,6], we propose a solution to this problem using state diagrams in two complementary ways.