Article

Program analysis using weighted pushdown systems

Authors:

Nick KiddAuthors Info & Claims

FSTTCS'07: Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science

Pages 23 - 51

Published: 12 December 2007 Publication History

Abstract

Pushdown systems (PDSs) are an automata-theoretic formalism for specifying a class of infinite-state transition systems. Infiniteness comes from the fact that each configuration 〈p,S〉 in the state space consists of a (formal) "control location" p coupled with a stack S of unbounded size. PDSs can model program paths that have matching calls and returns, and automaton-based representations allow analysis algorithms to account for the infinite control state space of recursive programs.

Weighted pushdown systems (WPDSs) are a generalization of PDSs that add a general "black-box" abstraction for program data (through weights). WPDSs also generalize other frameworks for interprocedural analysis, such as the Sharir-Pnueli functional approach.

This paper surveys recent work in this area, and establishes a few new connections with existing work.

References

[1]

Balakrishnan, G.: WYSINWYX: What You See Is Not What You eXecute. PhD thesis, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI, August 2007, Tech. Rep. 1603.

Digital Library

[2]

Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Comp. Construct., pp. 5-23 (2004).

[3]

Balakrishnan, G., Reps, T., Kidd, N., Lal, A., Lim, J., Melski, D., Gruian, R., Yong, S., Chen, C.-H., Teitelbaum, T.: Model checking x86 executables with CodeSurfer/x86 and WPDS++. In: Computer Aided Verif. (2005).

Digital Library

[4]

Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for Boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN Model Checking and Software Verification. LNCS, vol. 1885, pp. 113-130. Springer, Heidelberg (2000).

Digital Library

[5]

Ball, T., Rajamani, S.K.: Bebop: A path-sensitive interprocedural dataflow engine. In: Prog. Analysis for Softw. Tools and Eng., 97-103 (June 2001).

Digital Library

[6]

Bouajjani, A., Esparza, J., Maler, O.: Reachability analysis of pushdown automata: Application to model checking. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 135-150. Springer, Heidelberg (1997).

Digital Library

[7]

Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. In: Princ. of Prog. Lang., pp. 62-73 (2003).

Digital Library

[8]

Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. on Comp. C-35(6), 677-691 (1986).

Digital Library

[9]

Büchi, J.R.: Finite Automata, their Algebras and Grammars. In: Siefkes, D. (ed.), Springer, Heidelberg (1988).

[10]

Burkart, O., Steffen, B.: Model checking for context-free processes. In: Cleaveland, W.R. (ed.) CONCUR 1992. LNCS, vol. 630, pp. 123-137. Springer, Heidelberg (1992).

Digital Library

[11]

Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. In: Int. Conf. on Softw. Eng. (2003).

Digital Library

[12]

Chaki, S., Clarke, E., Kidd, N., Reps, T., Touili, T.: Verifying concurrent messagepassing C programs with recursive calls. Tools and Algs. for the Construct. and Anal. of Syst. (2006).

Digital Library

[13]

Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixed points. In: Princ. of Prog. Lang., pp. 238-252 (1977).

Digital Library

[14]

Cousot, P., Cousot, R.: Static determination of dynamic properties of recursive procedures. In: Neuhold, E.J. (ed.) Formal Descriptions of Programming Concepts, IFIP WG 2.2, St. Andrews, Canada, August 1977, pp. 237-277. North-Holland, Amsterdam (1978).

[15]

Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Princ. of Prog. Lang., pp. 269-282 (1979).

Digital Library

[16]

Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: Princ. of Prog. Lang., pp. 84-96 (1978).

Digital Library

[17]

Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model checking pushdown systems. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 232-247. Springer, Heidelberg (2000).

Digital Library

[18]

Finkel, A., Willems, B., Wolper, P.: A direct symbolic approach to model checking pushdown systems. Elec. Notes in Theor. Comp. Sci. 9 (1997).

[19]

Gopan, D.: Numeric program analysis techniques with applications to array analysis and library summarization. PhD thesis, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI, August 2007. Tech. Rep. 1602.

Digital Library

[20]

Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72-83. Springer, Heidelberg (1997).

Digital Library

[21]

Gulwani, S., Necula, G.C.: Precise interprocedural analysis using random interpretation. In: Princ. of Prog. Lang. (2005).

Digital Library

[22]

Kam, J.B., Ullman, J.D.: Monotone data flow analysis frameworks. Acta Inf. 7(3), 305-318 (1977).

Digital Library

[23]

Karr, M.: Affine relationship among variables of a program. Acta Inf. 6, 133-151 (1976).

Digital Library

[24]

Kidd, N., Reps, T., Melski, D., Lal, A.: WPDS++: AC++ library for weighted pushdown systems (2004), http://www.cs.wisc.edu/wpis/wpds++/

[25]

Kildall, G.A.: A unified approach to global program optimization. In: Princ. of Prog. Lang., pp. 194-206 (1973).

Digital Library

[26]

Knoop, J., Steffen, B.: The interprocedural coincidence theorem. In: Comp. Construct., pp. 125-140 (1992).

Digital Library

[27]

Kodumal, J., Aiken, A.: Banshee: A scalable constraint-based analysis toolkit. In: Static Analysis Symp. (2005).

Digital Library

[28]

Lal, A., Lim, J., Polishchuk, M., Liblit, B.: Path optimization in programs and its application to debugging. In: European Symp. on Programming (2006).

Digital Library

[29]

Lal, A., Reps, T.: Improving pushdown system model checking. In: Computer Aided Verif. (2006).

Digital Library

[30]

Lal, A., Reps, T., Balakrishnan, G.: Extended weighted pushdown systems. In: Computer Aided Verif. (2005).

Digital Library

[31]

Lal, A., Touili, T., Kidd, N., Reps, T.: Interprocedural analysis of concurrent programs under a context bound. Tech. Rep. TR-1598, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI (July 2007).

[32]

Landi, W., Ryder, B.G.: Pointer induced aliasing: A problem classification. In: Princ. of Prog. Lang., January 1991, pp. 93-103 (1991).

Digital Library

[33]

Martin, F.: PAG - An efficient program analyzer generator. Softw. Tools for Tech. Transfer (1998).

[34]

Müller-Olm, M., Seidl, H.: Precise interprocedural analysis through linear algebra. In: Princ. of Prog. Lang. (2004).

Digital Library

[35]

Müller-Olm, M., Seidl, H.: Analysis of modular arithmetic. In: European Symp. on Programming (2005).

Digital Library

[36]

Musuvathi, M., Qadeer, S.: Iterative context bounding for systematic testing of multithreaded programs. In: Prog. Lang. Design and Impl. (2007).

Digital Library

[37]

Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999).

Digital Library

[38]

Qadeer, S., Rehof, J.: Context-bounded model checking of concurrent software. In: Tools and Algs. for the Construct. and Anal. of Syst. (2005).

[39]

Qadeer, S., Wu, D.: KISS: Keep it simple and sequential. In: Prog. Lang. Design and Impl. (2004).

Digital Library

[40]

Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: Princ. of Prog. Lang., pp. 49-61 (1995).

Digital Library

[41]

Reps, T., Schwoon, S., Jha, S.: Weighted pushdown systems and their application to interprocedural dataflow analysis. In: Static Analysis Symp., pp. 189-213 (2003).

Digital Library

[42]

Reps, T., Schwoon, S., Jha, S., Melski, D.: Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci. of Comp. Prog. 58(1-2), 206- 263 (2005).

Digital Library

[43]

Sagiv, M., Reps, T., Horwitz, S.: Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comp. Sci. 167, 131-170 (1996).

Digital Library

[44]

Schwoon, S.: Model-Checking Pushdown Systems. PhD thesis, Technical Univ. of Munich, Munich, Germany (July 2002).

[45]

Schwoon, S.: WPDS: A library for weighted pushdown systems (2003), http:// www.fmi.uni-stuttgart.de/szs/tools/wpds/

[46]

Schwoon, S., Jha, S., Reps, T., Stubblebine, S.: On generalized authorization problems. In: Comp. Sec. Found. Workshop (2003).

[47]

Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, (ch. 7), pp. 189-234. Prentice-Hall, Englewood Cliffs, NJ (1981).

[48]

Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using Datalog with Binary Decision Diagrams for program analysis. In: Asian Symp. on Prog. Lang. and Systems (2005).

Digital Library

Cited By

Facchinetti LPalmer ZSmith S(2019)Higher-order Demand-driven Program AnalysisACM Transactions on Programming Languages and Systems10.1145/331034041:3(1-53)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3310340
Späth JAli KBodden E(2019)Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systemsProceedings of the ACM on Programming Languages10.1145/32903613:POPL(1-29)Online publication date: 2-Jan-2019
https://dl.acm.org/doi/10.1145/3290361
Reps TTuretsky EPrabhu P(2017)Newtonian Program Analysis via Tensor ProductACM Transactions on Programming Languages and Systems10.1145/302408439:2(1-72)Online publication date: 21-Mar-2017
https://dl.acm.org/doi/10.1145/3024084
Show More Cited By

Program analysis using weighted pushdown systems
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning

Recommendations

Weighted restarting automata and pushdown relations

Weighted restarting automata have been introduced to study quantitative aspects of computations of restarting automata. Here we study the special case that words over a given (output) alphabet are assigned as weights to the transitions of a restarting ...
Flip-pushdown automata: nondeterminism is better than determinism
DLT'03: Proceedings of the 7th international conference on Developments in language theory

Flip-pushdown automata are pushdown automata with the additional ability to flip or reverse its pushdown. We investigate deterministic and nondeterministic flip-pushdown automata accepting by final state or empty pushdown. In particular, for ...
Reversible pushdown automata

Reversible pushdown automata are deterministic pushdown automata that are also backward deterministic. Therefore, they have the property that any configuration occurring in any computation has exactly one predecessor. In this paper, the computational ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

FSTTCS'07: Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science

December 2007

558 pages

ISBN:3540770496

Editors:
V. Arvind
The Institute of Mathematical Sciences, Chennai, India
,
Sanjiva Prasad
Indian Institute of Technology Delhi, New Delhi, India

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 12 December 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
1
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Facchinetti LPalmer ZSmith S(2019)Higher-order Demand-driven Program AnalysisACM Transactions on Programming Languages and Systems10.1145/331034041:3(1-53)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3310340
Späth JAli KBodden E(2019)Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systemsProceedings of the ACM on Programming Languages10.1145/32903613:POPL(1-29)Online publication date: 2-Jan-2019
https://dl.acm.org/doi/10.1145/3290361
Reps TTuretsky EPrabhu P(2017)Newtonian Program Analysis via Tensor ProductACM Transactions on Programming Languages and Systems10.1145/302408439:2(1-72)Online publication date: 21-Mar-2017
https://dl.acm.org/doi/10.1145/3024084
Reps TTuretsky EPrabhu P(2016)Newtonian program analysis via tensor productACM SIGPLAN Notices10.1145/2914770.283765951:1(663-677)Online publication date: 11-Jan-2016
https://dl.acm.org/doi/10.1145/2914770.2837659
Reps TTuretsky EPrabhu PBodik RMajumdar R(2016)Newtonian program analysis via tensor productProceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages10.1145/2837614.2837659(663-677)Online publication date: 11-Jan-2016
https://dl.acm.org/doi/10.1145/2837614.2837659
Song FTouili T(2016)Model-checking software library API usage rulesSoftware and Systems Modeling (SoSyM)10.1007/s10270-015-0473-115:4(961-985)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1007/s10270-015-0473-1
Chatterjee KIbsen-Jensen RPavlogiannis AGoyal P(2015)Faster Algorithms for Algebraic Path Properties in Recursive State Machines with Constant TreewidthACM SIGPLAN Notices10.1145/2775051.267697950:1(97-109)Online publication date: 14-Jan-2015
https://dl.acm.org/doi/10.1145/2775051.2676979
Chatterjee KPavlogiannis AVelner Y(2015)Quantitative Interprocedural AnalysisACM SIGPLAN Notices10.1145/2775051.267696850:1(539-551)Online publication date: 14-Jan-2015
https://dl.acm.org/doi/10.1145/2775051.2676968
Chatterjee KIbsen-Jensen RPavlogiannis AGoyal PRajamani SWalker D(2015)Faster Algorithms for Algebraic Path Properties in Recursive State Machines with Constant TreewidthProceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages10.1145/2676726.2676979(97-109)Online publication date: 14-Jan-2015
https://dl.acm.org/doi/10.1145/2676726.2676979
Chatterjee KPavlogiannis AVelner YRajamani SWalker D(2015)Quantitative Interprocedural AnalysisProceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages10.1145/2676726.2676968(539-551)Online publication date: 14-Jan-2015
https://dl.acm.org/doi/10.1145/2676726.2676968
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents