Results 1  10
of
40
Efficient algorithms for model checking pushdown systems
 Proc. of CAV'2000
, 2000
"... We study model checking problems for pushdown systems and linear time logics. We show that the global model checking problem (computing the set of configurations, reachable or not, that violate the formula) can be solved in O(gP 3 ..."
Abstract

Cited by 145 (25 self)
 Add to MetaCart
We study model checking problems for pushdown systems and linear time logics. We show that the global model checking problem (computing the set of configurations, reachable or not, that violate the formula) can be solved in O(gP 3
Weighted pushdown systems and their application to interprocedural dataflow analysis
 Sci. of Comp. Prog
, 2003
"... Abstract. Recently, pushdown systems (PDSs) have been extended to weighted PDSs, in which each transition is labeled with a value, and the goal is to determine the meetoverallpaths value (for paths that meet a certain criterion). This paper shows how weighted PDSs yield new algorithms for certain ..."
Abstract

Cited by 106 (35 self)
 Add to MetaCart
Abstract. Recently, pushdown systems (PDSs) have been extended to weighted PDSs, in which each transition is labeled with a value, and the goal is to determine the meetoverallpaths value (for paths that meet a certain criterion). This paper shows how weighted PDSs yield new algorithms for certain classes of interprocedural dataflowanalysis problems. 1
A Generic Approach to the Static Analysis of Concurrent Programs with Procedures
, 2003
"... We present a generic aproach to the static analysis of concurrent programs with procedures. We model programs as communicating pushdown systems. It is known that typical dataow problems for this model are undecidable, because the emptiness problem for the intersection of contextfree languages, w ..."
Abstract

Cited by 77 (16 self)
 Add to MetaCart
We present a generic aproach to the static analysis of concurrent programs with procedures. We model programs as communicating pushdown systems. It is known that typical dataow problems for this model are undecidable, because the emptiness problem for the intersection of contextfree languages, which is undecidable, can be reduced to them. In this paper we propose an algebraic framework for de ning abstractions (upper approximations) of contextfree languages. We consider two classes of abstractions: nitechain abstractions, which are abstractions whose domains do not contain any in nite chains, and commutative abstractions corresponding to classes of languages that contain a word if and only if they contain all its permutations. We show how to compute such approximations by combining automata theoretic techniques with algorithms for solving systems of polynomial inequations in Kleene algebras.
ModelChecking LTL with Regular Valuations for Pushdown Systems
, 2002
"... Recent works have proposed... In this paper we consider LTL with regular valuations: the set of configurations satisfying an atomic proposition can be an arbitrary regular language. The modelchecking problem is solved via two different techniques, with an eye on efficiency. The resulting algorithms ..."
Abstract

Cited by 65 (10 self)
 Add to MetaCart
Recent works have proposed... In this paper we consider LTL with regular valuations: the set of configurations satisfying an atomic proposition can be an arbitrary regular language. The modelchecking problem is solved via two different techniques, with an eye on efficiency. The resulting algorithms are polynomial in certain measures of the...
Regular Symbolic Analysis of Dynamic Networks of Pushdown Processes
, 2005
"... Abstract. We introduce two abstract models for multithreaded programs based on dynamic networks of pushdown systems. We address the problem of symbolic reachability analysis for these models. More precisely, we consider the problem of computing effective representations of their reachability sets us ..."
Abstract

Cited by 48 (19 self)
 Add to MetaCart
Abstract. We introduce two abstract models for multithreaded programs based on dynamic networks of pushdown systems. We address the problem of symbolic reachability analysis for these models. More precisely, we consider the problem of computing effective representations of their reachability sets using finitestate automata. We show that, while forward reachability sets are not regular in general, backward reachability sets starting from regular sets of configurations are always regular. We provide algorithms for computing backward reachability sets using word/tree automata, and show how these algorithms can be applied for flow analysis of multithreaded programs. 1
The Regular Viewpoint on PAProcesses
 Theoretical Computer Science
, 1999
"... PA is the process algebra allowing nondeterminism, sequential and parallel compositions, and recursion. We suggest viewing PAprocesses as trees, and using treeautomata techniques for verification problems on PA. Our main result is that the set of iterated predecessors of a regular set of PAproce ..."
Abstract

Cited by 40 (1 self)
 Add to MetaCart
PA is the process algebra allowing nondeterminism, sequential and parallel compositions, and recursion. We suggest viewing PAprocesses as trees, and using treeautomata techniques for verification problems on PA. Our main result is that the set of iterated predecessors of a regular set of PAprocesses is a regular tree language, and similarly for iterated successors. Furthermore, the corresponding treeautomata can be built effectively in polynomialtime. This has many immediate applications to verification problems for PAprocesses, among which a simple and general modelchecking algorithm.
Verifying concurrent messagepassing C programs with recursive calls
 In TACAS
, 2006
"... Abstract. We consider the modelchecking problem for C programs with (1) data ranging over very large domains, (2) (recursive) procedure calls, and (3) concurrent parallel components that communicate via synchronizing actions. We model such programs using communicating pushdown systems, and reduce t ..."
Abstract

Cited by 32 (15 self)
 Add to MetaCart
Abstract. We consider the modelchecking problem for C programs with (1) data ranging over very large domains, (2) (recursive) procedure calls, and (3) concurrent parallel components that communicate via synchronizing actions. We model such programs using communicating pushdown systems, and reduce the reachability problem for this model to deciding the emptiness of the intersection of two contextfree languages L1 and L2. We tackle this undecidable problem using a CounterExample Guided Abstraction Refinement (CEGAR) scheme. We implemented our technique in the model checker MAGIC and found a previously unknown bug in a version of a Windows NT Bluetooth driver. 1
On the decidability of temporal properties of probabilistic pushdown automata
 In Proc. of STACS’05
, 2005
"... Abstract. We consider qualitative and quantitative modelchecking problems for probabilistic pushdown automata (pPDA) and various temporal logics. We prove that the qualitative and quantitative modelchecking problem for ωregular properties and pPDA is in 2EXPSPACE and 3EXPTIME, respectively. We ..."
Abstract

Cited by 30 (9 self)
 Add to MetaCart
Abstract. We consider qualitative and quantitative modelchecking problems for probabilistic pushdown automata (pPDA) and various temporal logics. We prove that the qualitative and quantitative modelchecking problem for ωregular properties and pPDA is in 2EXPSPACE and 3EXPTIME, respectively. We also prove that modelchecking the qualitative fragment of the logic PECTL ∗ for pPDA is in 2EXPSPACE, and modelchecking the qualitative fragment of PCTL for pPDA is in EXPSPACE. Furthermore, modelchecking the qualitative fragment of PCTL is shown to be EXPTIMEhard even for stateless pPDA. Finally, we show that PCTL modelchecking is undecidable for pPDA, and PCTL + modelchecking is undecidable even for stateless pPDA. 1
Extrapolating Tree Transformations
, 2002
"... We consider the framework of regular tree model checking where sets of configurations of a system are represented by regular tree languages and its dynamics is modeled by a term rewriting system (or a regular tree transducer). We focus on the computation of the reachability set R # (L) where R i ..."
Abstract

Cited by 25 (6 self)
 Add to MetaCart
We consider the framework of regular tree model checking where sets of configurations of a system are represented by regular tree languages and its dynamics is modeled by a term rewriting system (or a regular tree transducer). We focus on the computation of the reachability set R # (L) where R is a regular tree transducer and L is a regular tree language. The construction
ConstraintBased InterProcedural Analysis of Parallel Programs
, 2000
"... We provide a uniform framework for the analysis of programs with procedures and explicit, unbounded, fork/join parallelism covering not only bitvector problems like reaching definitions or live variables but also nonbitvector problems like strong copy constant propagation. Due to their structural s ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
We provide a uniform framework for the analysis of programs with procedures and explicit, unbounded, fork/join parallelism covering not only bitvector problems like reaching definitions or live variables but also nonbitvector problems like strong copy constant propagation. Due to their structural similarity to the sequential case, the resulting algorithms are as efficient as their widely accepted sequential counterparts, and they can easily be integrated in existing program analysis environments like e.g. MetaFrame or PAG. We are therefore convinced that our method will soon find its way into industrialscale computer systems.