## Interprocedural analysis of concurrent programs under a context bound (2007)

Venue: | In TACAS |

Citations: | 27 - 6 self |

### BibTeX

@TECHREPORT{Lal07interproceduralanalysis,

author = {Akash Lal and Tayssir Touili and Nicholas Kidd and Thomas Reps},

title = {Interprocedural analysis of concurrent programs under a context bound},

institution = {In TACAS},

year = {2007}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. Analysis of recursive programs in the presence of concurrency and shared memory is undecidable. In previous work, Qadeer and Rehof [23] showed that context-bounded analysis is decidable for recursive programs under a finite-state abstraction of program data. In this paper, we show that context-bounded analysis is decidable for certain families of infinite-state abstractions, and also provide a new symbolic algorithm for the finite-state case. 1

### Citations

3836 |
J.D.: Introduction to automata theory, languages, and computation
- Hopcroft, Motwani, et al.
(Show Context)
Citation Context ...at its language is the image of L(A) under L(τ1), i.e., the set {u ∈ Σ ∗ | ∃u ′ ∈ L(A), (u ′ , u) ∈ L(τ1)}. Both of these constructions are carried out in a manner similar to intersection of automata =-=[13]-=-. One can also take the union of transducers (union of their languages) in a manner similar to union of automata. In the case of CBA with a finite-state data abstraction, each thread is represented us... |

527 | Principles of Program Analysis
- Nielson, Nielson, et al.
- 1999
(Show Context)
Citation Context ...e automata. The techniques in this paper are for taking the product any number of times (provided STPs exist). Tensor products have been used previously in program analysis for combining abstractions =-=[21]-=-. We use them in a different context and for a different purpose. In particular, previous work has used them for combining abstractions that are performed in lock-step; in contrast, we use them to sti... |

393 | S.K.: Automatic predicate abstraction of c programs
- Ball, Majumdar, et al.
- 2001
(Show Context)
Citation Context ...rrent programs with shared-memory and interleaving semantics. Such an analysis for recursive programs is, in general, undecidable, even with a finite-state abstraction of data (e.g., Boolean Programs =-=[1]-=-). As a consequence, to deal with concurrency soundly (i.e., capture all concurrent behaviors), some analyses give up precise handling of procedure call/return semantics. Alternatively, tools use inli... |

369 | Precise interprocedural dataflow analysis via graph reachability
- Reps, Horwitz, et al.
- 1995
(Show Context)
Citation Context ...[27,4]. Such semirings are powerful enough to encode finite-state data abstractions, as used in bitvector dataflow analysis, Boolean program verification [1], and the IFDS dataflow-analysis framework =-=[26]-=-, as well as infinite-state data abstractions, such as linear-constant propagation and affine-relation analysis [19]. We review some of this here; see also [27]. Weights encode the effect that each st... |

291 | Partial-Order Methods for the Verification of Concurrent Systems - An Approach to the State-Explosion Problem
- Godefroid
- 1996
(Show Context)
Citation Context ... 3], however, these also require enumeration of states at a context switch, and cannot handle infinite-state abstractions like affine-relation analysis. The goal of partial-order reduction techniques =-=[12]-=- for concurrent programs is to avoid explicit enumeration of all interleavings. Our work is in similar spirit, however, we use symbolic techniques to avoid explicitly considering all interleavings. In... |

289 | Reachability Analysis of Pushdown Automata: Application to ModelChecking
- Bouajjani, Esparza, et al.
- 1997
(Show Context)
Citation Context ...cept u when started in the state p. A set of configurations is regular if it is the language of some P-automaton. For a regular set of configurations C, both post ∗ (C) and pre ∗ (C) are also regular =-=[2, 7,11]-=-. The algorithms for computing post ∗ and pre ∗ , called poststar and prestar, respectively, take a P-automaton A as input, and if C is the set of configurations accepted by A, produce P-automata Apos... |

146 | Efficient algorithms for model checking pushdown systems
- Esparza, Hansel, et al.
- 2000
(Show Context)
Citation Context ...ar, respectively, take a P-automaton A as input, and if C is the set of configurations accepted by A, produce P-automata Apost ∗ and Apre ∗ that accept the sets post ∗ (C) and pre ∗ (C), respectively =-=[2,10,11]-=-. 3 A New Approach Using Thread Summarization Between consecutive context switches only one thread is executing, and a concurrent program acts like a sequential program. However, a recursive thread ca... |

124 |
Iterative context bounding for systematic testing of multithreaded programs
- Musuvathi, Qadeer
- 2007
(Show Context)
Citation Context ...ch is not sound because it does not capture all of the behaviors of a program; however, it has proven to be useful in tools for bug-finding because many bugs can be found after a few context switches =-=[24,23,20]-=-. For example, KISS [24] is a verification tool that analyzes programs for only up to two context switches; it was able to find a number of bugs in device drivers. We call the analysis of recursive, c... |

112 | A direct symbolic approach to model checking pushdown systems
- Finkel, Willems, et al.
- 1997
(Show Context)
Citation Context ...cept u when started in the state p. A set of configurations is regular if it is the language of some P-automaton. For a regular set of configurations C, both post ∗ (C) and pre ∗ (C) are also regular =-=[2, 7,11]-=-. The algorithms for computing post ∗ and pre ∗ , called poststar and prestar, respectively, take a P-automaton A as input, and if C is the set of configurations accepted by A, produce P-automata Apos... |

103 | Context-bounded model checking of concurrent software
- Qadeer, Rehof
- 2005
(Show Context)
Citation Context ...uili@liafa.jussieu.fr 3 GrammaTech, Inc.; Ithaca, NY; USA. Abstract. Analysis of recursive programs in the presence of concurrency and shared memory is undecidable. In previous work, Qadeer and Rehof =-=[23]-=- showed that context-bounded analysis is decidable for recursive programs under a finite-state abstraction of program data. In this paper, we show that context-bounded analysis is decidable for certai... |

103 | KISS: Keep it simple and sequential - Qadeer, Wu - 2004 |

103 | Weighted pushdown systems and their application to interprocedural dataflow analysis
- Reps, Schwoon, et al.
- 2005
(Show Context)
Citation Context .... This requires the construction (§5) and composition (§6) of weighted transducers. 4 Weighted Pushdown Systems (WPDSs) A WPDS is a PDS augmented with weights drawn from a bounded idempotent semiring =-=[27,4]-=-. Such semirings are powerful enough to encode finite-state data abstractions, as used in bitvector dataflow analysis, Boolean program verification [1], and the IFDS dataflow-analysis framework [26], ... |

97 | The Design Principles of a Weighted Finite-State Transducer
- Mohri, Pereira, et al.
- 2000
(Show Context)
Citation Context ...ead. – We give precise algorithms for composing weighted transducers (§6), when tensor products exist for the weights. This generalizes previous work on manipulating weighted automata and transducers =-=[17,18]-=-. The remainder of the paper is organized as follows. §2 introduces some terminology and notation. §3 sketches an alternative to the QR algorithm for finitestate abstractions; the rest of the paper ge... |

87 | On the Regular Structure of Prefix Rewriting
- Caucal
- 1992
(Show Context)
Citation Context ...ontext bound). – We show that the reachability relation of a weighted pushdown system (WPDS) can be encoded using a weighted transducer (§5), which generalizes a previous result for (unweighted) PDSs =-=[8]-=-. We use WPDSs to model each thread of the concurrent program, and the transducers can be understood as summarizing the (sequential) execution of a thread. – We give precise algorithms for composing w... |

85 | Context-sensitive synchronization-sensitive analysis is undecidable
- Ramalingam
- 2000
(Show Context)
Citation Context ...ysis (CBA) considers a set of concurrent threads that communicate via global variables. Synchronization is easily implementable usingsglobal variables as locks. Analysis of such models is undecidable =-=[25]-=-, i.e., it is not possible, in general, to determine whether or not a given configuration is reachable. Let n be the number of threads and let t1, t2, · · · , tn denote the threads. We do not consider... |

80 | Weighted automata in text and speech processing
- Mohri, Pereira, et al.
- 1996
(Show Context)
Citation Context ...ping an algorithm for CBA with infinite-state data abstractions. Composing transducers. There is a large body of work on weighted automata and weighted transducers in the speech-recognition community =-=[17,18]-=-. However, the weights in their applications usually satisfy many more properties than those of a semiring, including (i) the existence of an inverse, and (ii) commutativity of extend. We refrain from... |

74 | A generic approach to the static analysis of concurrent programs with procedures
- Bouajjani, Esparza, et al.
- 2003
(Show Context)
Citation Context .... This requires the construction (§5) and composition (§6) of weighted transducers. 4 Weighted Pushdown Systems (WPDSs) A WPDS is a PDS augmented with weights drawn from a bounded idempotent semiring =-=[27,4]-=-. Such semirings are powerful enough to encode finite-state data abstractions, as used in bitvector dataflow analysis, Boolean program verification [1], and the IFDS dataflow-analysis framework [26], ... |

67 |
Moped - A Model-Checker for Pushdown Systems
- Kiefer, Schwoon, et al.
(Show Context)
Citation Context ..., which are just backward and forward reachability under the transition relation ⇒. Without loss of generality, we restrict the pushdown rules to have at most two stack symbols on the right-hand side =-=[28]-=-. PDSs can encode recursive programs with a finite-state data abstraction [28]: the data values get tracked by the PDS state, and recursion gets handled by the PDS stack. In this case, a PDS configura... |

60 | Precise interprocedural analysis through linear algebra
- Müller-Olm, Seidl
- 2004
(Show Context)
Citation Context ... with those abstractions. These include finite-state abstractions, such as the ones used for verification of Boolean programs, as well as infinite-state abstractions, such as affine-relation analysis =-=[19]-=-. Our results are achieved using techniques that are quite different from the ones used in the Qadeer and Rehof (QR) algorithm [23]. In particular, to explore all possible interleavings, the QR algori... |

48 | Regular symbolic analysis of dynamic networks of pushdown systems
- Bouajjani, Müller-Olm, et al.
- 2005
(Show Context)
Citation Context ...s of the program, whereas here we compute underapproximations of the reachable configurations. Analysis under restricted communication policies (in contrast to shared memory) has also been considered =-=[6,14]-=-. The basic technique of Qadeer and Rehof has been generalized to handle more abstractions in [5, 3], however, these also require enumeration of states at a context switch, and cannot handle infinite-... |

31 | Verifying concurrent message-passing C programs with recursive calls
- Chaki, Clarke, et al.
- 1999
(Show Context)
Citation Context ...eight A(t) gives the net transformation in data state in going from S to t (0 if t is not reachable). 7 Related Work Reachability analysis of concurrent recursive programs has also been considered in =-=[4,22,9]-=-. These consider the problem by computing overapproximations of thesexecution paths of the program, whereas here we compute underapproximations of the reachable configurations. Analysis under restrict... |

28 | Reachability analysis of multithreaded software with asynchronous communication
- Bouajjani, Esparza, et al.
- 2005
(Show Context)
Citation Context ...sis under restricted communication policies (in contrast to shared memory) has also been considered [6,14]. The basic technique of Qadeer and Rehof has been generalized to handle more abstractions in =-=[5, 3]-=-, however, these also require enumeration of states at a context switch, and cannot handle infinite-state abstractions like affine-relation analysis. The goal of partial-order reduction techniques [12... |

26 |
Finite Automata, their Algebras and Grammars
- Büchi
- 1988
(Show Context)
Citation Context ...cept u when started in the state p. A set of configurations is regular if it is the language of some P-automaton. For a regular set of configurations C, both post ∗ (C) and pre ∗ (C) are also regular =-=[2, 7,11]-=-. The algorithms for computing post ∗ and pre ∗ , called poststar and prestar, respectively, take a P-automaton A as input, and if C is the set of configurations accepted by A, produce P-automata Apos... |

17 |
On the analysis of interacting pushdown systems
- Kahlon, Gupta
(Show Context)
Citation Context ...s of the program, whereas here we compute underapproximations of the reachable configurations. Analysis under restricted communication policies (in contrast to shared memory) has also been considered =-=[6,14]-=-. The basic technique of Qadeer and Rehof has been generalized to handle more abstractions in [5, 3], however, these also require enumeration of states at a context switch, and cannot handle infinite-... |

14 | Context-bounded analysis of multithreaded programs with dynamic linked structures
- Bouajjani, Fratani, et al.
(Show Context)
Citation Context ...sis under restricted communication policies (in contrast to shared memory) has also been considered [6,14]. The basic technique of Qadeer and Rehof has been generalized to handle more abstractions in =-=[5, 3]-=-, however, these also require enumeration of states at a context switch, and cannot handle infinite-state abstractions like affine-relation analysis. The goal of partial-order reduction techniques [12... |

9 | Abstract error projection
- Lal, Kidd, et al.
- 2007
(Show Context)
Citation Context ..., including (i) the existence of an inverse, and (ii) commutativity of extend. We refrain from making such assumptions. The sequential product of weighted automata on semirings was also considered in =-=[15]-=-. However, that algorithm handles only the special case of taking one product of a forwards automaton with a backwards one. It cannot take the product of three or more automata. The techniques in this... |

9 |
SPADE: Verification of multithreaded dynamic and recursive programs. Http://www.liafa.jussieu.fr/˜touili/spade.html
- Patin, Sighireanu, et al.
(Show Context)
Citation Context ...eight A(t) gives the net transformation in data state in going from S to t (0 if t is not reachable). 7 Related Work Reachability analysis of concurrent recursive programs has also been considered in =-=[4,22,9]-=-. These consider the problem by computing overapproximations of thesexecution paths of the program, whereas here we compute underapproximations of the reachable configurations. Analysis under restrict... |

1 |
An Introduction to the Specification Language Spec
- unknown authors
- 1990
(Show Context)
Citation Context ...ive. The advantage of looking at weights as matrices is that it gives us essential structure to manipulate for constructing the STP. We need the following operation on matrices: the Kronecker product =-=[29]-=- of two matrices A and B, of sizes n1 × n2 and n3 × n4, respectively, is the matrix C of size (n1 n3) × (n2 n4) such that C(i, j) = A(i div n3, j div n4) ⊗ B(i mod n3, j mod n4), where matrix indices ... |