research-article

Open access

Software model checking using languages of nested trees

Authors:

Swarat Chaudhuri,

P. MadhusudanAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 33, Issue 5

Article No.: 15, Pages 1 - 45

https://doi.org/10.1145/2039346.2039347

Published: 23 November 2011 Publication History

Abstract

While model checking of pushdown systems is by now an established technique in software verification, temporal logics and automata traditionally used in this area are unattractive on two counts. First, logics and automata traditionally used in model checking cannot express requirements such as pre/post-conditions that are basic to analysis of software. Second, unlike in the finite-state world, where the μ-calculus has a symbolic model-checking algorithm and serves as an “assembly language” to which temporal logics can be compiled, there is no common formalism—either fixpoint-based or automata-theoretic—to model-check requirements on pushdown models. In this article, we introduce a new theory of temporal logics and automata that addresses the above issues, and provides a unified foundation for the verification of pushdown systems.

The key idea here is to view a program as a generator of structures known as nested trees as opposed to trees. A fixpoint logic (called NT-μ) and a class of automata (called nested tree automata) interpreted on languages of these structures are now defined, and branching-time model-checking is phrased as language inclusion and membership problems for these languages. We show that NT-μ and nested tree automata allow the specification of a new frontier of requirements usable in software verification. At the same time, their model checking problem has the same worst-case complexity as their traditional analogs, and can be solved symbolically using a fixpoint computation that generalizes, and includes as a special case, “summary”-based computations traditionally used in interprocedural program analysis. We also show that our logics and automata define a robust class of languages—in particular, just as the μ-calculus is equivalent to alternating parity automata on trees, NT-μ is equivalent to alternating parity automata on nested trees.

References

[1]

Abadi, M. and Fournet, C. 2003. Access control based on execution history. In Proceedings of the Network and IT Security Conference (NDSS).

[2]

Alur, R., Benedikt, M., Etessami, K., Godefroid, P., Reps, T., and Yannakakis, M. 2005. Analysis of recursive state machines. ACM Trans. Prog. Lang. Syst. 27, 4, 786--818.

Digital Library

[3]

Alur, R., Chaudhuri, S., and Madhusudan, P. 2006a. A fixpoint calculus for local and global program flows. In Proceedings of the 33rd Annual ACM Symposium on Principles of Programming Languages.

Digital Library

[4]

Alur, R., Chaudhuri, S., and Madhusudan, P. 2006b. Languages of nested trees. In Proceedings of the Symposium on Computer-Aided Verification (CAV'06).

Digital Library

[5]

Alur, R., Etessami, K., and Madhusudan, P. 2004. A temporal logic of nested calls and returns. In Proceedings of the 10th International Conference on Tools and Algorithms for the Construction and Analysis of Software. Lecture Notes in Computer Science, vol. 2988. Springer, 467--481.

[6]

Alur, R. and Madhusudan, P. 2004. Visibly pushdown languages. In Proceedings of the 36th ACM Symposium on Theory of Computing. 202--211.

Digital Library

[7]

Alur, R. and Madhusudan, P. 2006. Adding nesting structure to words. In Proceedings of the Symposium on Developments in Language Theory.

Digital Library

[8]

Alur, R. and Madhusudan, P. 2009. Adding nesting structure to words. J. ACM 56, 3.

Digital Library

[9]

Ball, T. and Rajamani, S. 2000. Bebop: A symbolic model checker for boolean programs. In Proceedings of the Workshop on Model Checking of Software. Lecture Notes in Computer Science, vol. 1885. Springer, 113--130.

Digital Library

[10]

Ball, T. and Rajamani, S. 2001. The SLAM toolkit. In Proceedings of the 13th International Conference on Computer Aided Verification.

Digital Library

[11]

Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G., Leino, R., and Poll, E. 2003. An overview of JML tools and applications. In Proceedings of the 8th International Workshop on Formal Methods for Industrial Critical Systems. 75--89.

[12]

Burkart, O. and Steffen, B. 1999. Model checking the full modal mu-calculus for infinite sequential processes. Theoret. Comput. Sci. 221, 251--270.

Digital Library

[13]

Clarke, E., Grumberg, O., and Peled, D. 1999. Model Checking. MIT Press. CLA e 99:1 1.Ex.

Digital Library

[14]

Emerson, E. and Clarke, E. 1982. Using branching-time temporal logic to synthesize synchronization skeletons. Sci. Comput. Prog. 2, 241--266.

[15]

Emerson, E. and Jutla, C. 1991. Tree automata, mu-calculus, and determinacy. In Proceedings of the 32nd IEEE Symposium on Foundations of Computer Science. 368--377.

Digital Library

[16]

Emerson, E. and Lei, C. 1985. Modalities for model-checking: Branching time logic strikes back. In Proceedings of the 12th ACM Symposium on Principles of Programming Languages. 84--96.

Digital Library

[17]

Esparza, J., Kucera, A., and Schwoon, S. S. 2003. Model-checking LTL with regular valuations for pushdown systems. Inf. Computation 186, 2, 355--376.

Digital Library

[18]

Grädel, E., Thomas, W., and Wilke, T., Eds. 2002. Automata, Logics, and Infinite Games: A Guide to Current Research. Lecture Notes in Computer Science, vol. 2500. Springer.

[19]

Hoare, C. 1969. An axiomatic basis for computer programming. Comm. ACM 12, 10, 576--580.

Digital Library

[20]

Hopcroft, J. and Ullman, J. 1979. Introduction to Automata Theory, Languages, and Computation. Addison-Wesley.

Digital Library

[21]

Jensen, T., Metayer, D. L., and Thorn, T. 1999. Verification of control flow based security properties. In Proceedings of the IEEE Symposium on Security and Privacy. 89--103.

[22]

Kozen, D. 1983. Results on the propositional mu-calculus. Theoret. Comput. Sci. 27, 333--354.

[23]

Kupferman, O., Piterman, N., and Vardi, M. 2002. Pushdown specifications. In Proceedings of the 9th International Conference on Logics for Programming, Artifical Intelligence, and Reasoning. Lecture Notes in Computer Science, vol. 2514. Springer, 262--277.

Digital Library

[24]

Kupferman, O., Vardi, M., and Wolper, P. 2000. An automata-theoretic approach to branching-time model checking. J. ACM 47, 2, 312--360.

Digital Library

[25]

Reps, T. 1998. Program analysis via graph reachability. Inf. Softw. Tech. 40, 11-12, 701--726.

[26]

Reps, T., Horwitz, S., and Sagiv, S. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the ACM Symposium on Principles of Programming Languages. 49--61.

Digital Library

[27]

Schmidt, D. 1998. Data flow analysis is model checking of abstract interpretations. In Proceedings of the 25th Annual ACM Symposium on Principles of Programming Languages. 68--78.

Digital Library

[28]

Sharir, M. and Pnueli, A. 1981. Two approaches to interprocedural dataflow analysis. In Program Flow Analysis: Theory and Applications, 189--234.

[29]

Steffen, B. 1991. Data flow analysis as model checking. In Proceedings of the Symposium on Theoretical Aspects of Computer Software (TACS'91). Lecture Notes in Computer Science, vol. 526. 346--365.

Digital Library

[30]

Wallach, D. S. and Felten, E. W. 1998. Understanding Java stack inspection. In Proceedings of the IEEE Symposium on Security and Privacy. 52--63.

[31]

Walukiewicz, I. 2001. Pushdown processes: Games and model-checking. Inf. Comput. 164, 2, 234--263.

Digital Library

Cited By

Chiari MMandrioli DPontiggia FPradella M(2023)A Model Checker for Operator Precedence LanguagesACM Transactions on Programming Languages and Systems10.1145/360844345:3(1-66)Online publication date: 23-Sep-2023
https://dl.acm.org/doi/10.1145/3608443
Baumann PGanardi MMajumdar RThinniyam RZetzsche G(2023)Context-Bounded Verification of Context-Free SpecificationsProceedings of the ACM on Programming Languages10.1145/35712667:POPL(2141-2170)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571266
Alur RFisman D(2021)Colored nested wordsFormal Methods in System Design10.1007/s10703-021-00384-258:3(347-374)Online publication date: 1-Nov-2021
https://dl.acm.org/doi/10.1007/s10703-021-00384-2
Show More Cited By

Index Terms

Software model checking using languages of nested trees

Recommendations

A fixpoint calculus for local and global program flows
POPL '06: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

We define a new fixpoint modal logic, the visibly pushdown μ-calculus (VP-μ), as an extension of the modal μ-calculus. The models of this logic are execution trees of structured programs where the procedure calls and returns are made visible. This new ...
A fixpoint calculus for local and global program flows
Proceedings of the 2006 POPL Conference

We define a new fixpoint modal logic, the visibly pushdown μ-calculus (VP-μ), as an extension of the modal μ-calculus. The models of this logic are execution trees of structured programs where the procedure calls and returns are made visible. This new ...
Visibly pushdown languages
STOC '04: Proceedings of the thirty-sixth annual ACM symposium on Theory of computing

We propose the class of visibly pushdown languages as embeddings of context-free languages that is rich enough to model program analysis questions and yet is tractable and robust like the class of regular languages. In our definition, the input symbol ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Programming Languages and Systems

ACM Transactions on Programming Languages and Systems Volume 33, Issue 5

November 2011

115 pages

ISSN:0164-0925

EISSN:1558-4593

DOI:10.1145/2039346

Issue’s Table of Contents

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 November 2011

Accepted: 01 April 2011

Received: 01 November 2010

Published in TOPLAS Volume 33, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
584
Total Downloads

Downloads (Last 12 months)71
Downloads (Last 6 weeks)11

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chiari MMandrioli DPontiggia FPradella M(2023)A Model Checker for Operator Precedence LanguagesACM Transactions on Programming Languages and Systems10.1145/360844345:3(1-66)Online publication date: 23-Sep-2023
https://dl.acm.org/doi/10.1145/3608443
Baumann PGanardi MMajumdar RThinniyam RZetzsche G(2023)Context-Bounded Verification of Context-Free SpecificationsProceedings of the ACM on Programming Languages10.1145/35712667:POPL(2141-2170)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571266
Alur RFisman D(2021)Colored nested wordsFormal Methods in System Design10.1007/s10703-021-00384-258:3(347-374)Online publication date: 1-Nov-2021
https://dl.acm.org/doi/10.1007/s10703-021-00384-2
Chiari MMandrioli DPradella M(2021)Model-Checking Structured Context-Free LanguagesComputer Aided Verification10.1007/978-3-030-81688-9_18(387-410)Online publication date: 20-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-81688-9_18
Chiari MMandrioli DPradella M(2020)Operator precedence temporal logic and model checkingTheoretical Computer Science10.1016/j.tcs.2020.08.034848(47-81)Online publication date: Dec-2020
https://doi.org/10.1016/j.tcs.2020.08.034
Mandrioli DPradella MCrespi Reghizzi S(2020)Star-Freeness, First-Order Definability and Aperiodicity of Structured Context-Free LanguagesTheoretical Aspects of Computing – ICTAC 202010.1007/978-3-030-64276-1_9(161-180)Online publication date: 30-Nov-2020
https://dl.acm.org/doi/10.1007/978-3-030-64276-1_9
Chiari MMandrioli DPradella M(2018)Temporal Logic and Model Checking for Operator Precedence LanguagesElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.277.12277(161-175)Online publication date: 7-Sep-2018
https://doi.org/10.4204/EPTCS.277.12
Nguyen HTouili T(2018)Branching Temporal Logic of Calls and Returns for Pushdown SystemsIntegrated Formal Methods10.1007/978-3-319-98938-9_19(326-345)Online publication date: 9-Aug-2018
https://doi.org/10.1007/978-3-319-98938-9_19
Chatterjee KHenzinger TOtop J(2017)Nested Weighted AutomataACM Transactions on Computational Logic10.1145/315276918:4(1-44)Online publication date: 14-Dec-2017
https://dl.acm.org/doi/10.1145/3152769
Song FTouili T(2016)Model-checking software library API usage rulesSoftware and Systems Modeling (SoSyM)10.1007/s10270-015-0473-115:4(961-985)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1007/s10270-015-0473-1
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents