Analyzing pushdown systems with stack manipulation

Abstract Pushdown systems with transductions (TrPDSs) are an extension of pushdown systems (PDSs) by associating each transition rule with a transduction, which allows to inspect and modify the stack content at each step of a transition rule. In this work, we propose two novel saturation procedures to compute p r e ⁎ ( C ) and p o s t ⁎ ( C ) for finite TrPDSs. From these two saturation procedures, we present two algorithms to compute p r e ⁎ ( C ) and p o s t ⁎ ( C ) that are suitable for implementation. We also show that the algorithms for computing p r e ⁎ ( C ) and p o s t ⁎ ( C ) also work for weak finite TrPDSs, where closure is defined with respect to the underlying PDSs. These results are extended to left contextual TrPDSs, which is an extension of finite TrPDSs. Finally, we show how the presence of transductions enables the modeling of Boolean programs with call-by-reference parameter passing and low-level assembly programs that manipulate the program stack content via a stack pointer.

[1]  C.-H. Luke Ong,et al.  Analysing Mu-Calculus Properties of Pushdown Systems , 2010, SPIN.

[2]  Tomás Brázdil,et al.  On the Decidability of Temporal Properties of Probabilistic Pushdown Automata , 2005, STACS.

[3]  Tayssir Touili,et al.  PuMoC: a CTL model-checker for sequential programs , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[4]  Matthew Might,et al.  Introspective pushdown analysis of higher-order programs , 2012, ICFP.

[5]  Tayssir Touili,et al.  Efficient CTL model-checking for pushdown systems , 2011, Theor. Comput. Sci..

[6]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[7]  Parosh Aziz Abdulla,et al.  The Minimal Cost Reachability Problem in Priced Timed Pushdown Systems , 2012, LATA.

[8]  Yasuhiko Minamide,et al.  Pushdown Systems with Stack Manipulation , 2013, ATVA.

[9]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.

[10]  Luca Breveglieri,et al.  Multi-Push-Down Languages and Grammars , 1996, Int. J. Found. Comput. Sci..

[11]  Barbara König,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2012, Lecture Notes in Computer Science.

[12]  Orna Kupferman,et al.  An Automata-Theoretic Approach to Infinite-State Systems , 2010, Essays in Memory of Amir Pnueli.

[13]  Ahmed Bouajjani,et al.  Analysis of recursively parallel programs , 2012, POPL '12.

[14]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[15]  Parosh Aziz Abdulla,et al.  Dense-Timed Pushdown Automata , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[16]  Tayssir Touili,et al.  Regular Symbolic Analysis of Dynamic Networks of Pushdown Systems , 2005, CONCUR.

[17]  Mizuhito Ogawa,et al.  Well-Structured Pushdown Systems , 2013, CONCUR.

[18]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2003, Sci. Comput. Program..

[19]  Mahesh Viswanathan,et al.  Model Checking Multithreaded Programs with Asynchronous Atomic Methods , 2006, CAV.

[20]  Tayssir Touili,et al.  Pushdown Model Checking for Malware Detection , 2012, TACAS.

[21]  Tayssir Touili,et al.  Model checking dynamic pushdown networks , 2014, Formal Aspects of Computing.

[22]  Tayssir Touili,et al.  Efficient Malware Detection Using Model-Checking , 2012, FM.

[23]  Javier Esparza,et al.  Model-Checking LTL with Regular Valuations for Pushdown Systems , 2001, TACS.

[24]  Didier Caucal,et al.  On infinite transition graphs having a decidable monadic theory , 1996, Theor. Comput. Sci..

[25]  Somesh Jha,et al.  A semantics-based approach to malware detection , 2008, TOPL.

[26]  Stefan Katzenbeisser,et al.  Detecting Malicious Code by Model Checking , 2005, DIMVA.

[27]  Javier Esparza,et al.  A BDD-Based Model Checker for Recursive Programs , 2001, CAV.

[28]  Guoqiang Li,et al.  Nested Timed Automata , 2013, FORMATS.

[29]  Orna Kupferman,et al.  Model Checking Linear Properties of Prefix-Recognizable Systems , 2002, CAV.

[30]  Min Zhang,et al.  On Reachability Analysis of Pushdown Systems with Transductions: Application to Boolean Programs with Call-by-Reference , 2015, CONCUR.

[31]  Orna Kupferman,et al.  An Automata-Theoretic Approach to Reasoning about Infinite-State Systems , 2000, CAV.

[32]  Vineet Kahlon,et al.  Reasoning About Threads Communicating via Locks , 2005, CAV.

[33]  Mizuhito Ogawa,et al.  Well-Structured Pushdown System: Case of Dense Timed Pushdown Automata , 2014, FLOPS.

[34]  Mizuhito Ogawa,et al.  Conditional weighted pushdown systems and applications , 2010, PEPM '10.

[35]  Yasuhiko Minamide,et al.  Weighted Pushdown Systems with Indexed Weight Domains , 2013, TACAS.

[36]  Pierre Wolper,et al.  A direct symbolic approach to model checking pushdown systems , 1997, INFINITY.

[37]  J. Esparza,et al.  Model checking probabilistic pushdown automata , 2004, LICS 2004.

[38]  Shunsuke Mori,et al.  Reachability Analysis of the HTML5 Parser Specification and Its Application to Compatibility Testing , 2012, FM.

[39]  Zhong Shao,et al.  Programming Languages and Systems , 2013, Lecture Notes in Computer Science.

[40]  Thomas W. Reps,et al.  Extended Weighted Pushdown Systems , 2005, CAV.

[41]  Klaus Havelund,et al.  SPIN Model Checking and Software Verification , 2000, Lecture Notes in Computer Science.