Efficient CTL Model-Checking for Pushdown Systems

Pushdown systems (PDS) are well adapted to model sequential programs with (possibly recursive) procedure calls. Therefore, it is important to have efficient model checking algorithms for PDSs. We consider in this paper CTL model checking for PDSs. We consider the "standard" CTL model checking problem where whether a configuration of a PDS satisfies an atomic proposition or not depends only on the control state of the configuration. We consider also CTL model checking with regular valuations, where the set of configurations in which an atomic proposition holds is a regular language. We reduce these problems to the emptiness problem in Alternating Buchi Pushdown Systems, and we give an algorithm to solve this emptiness problem. Our algorithms are more efficient than the other existing algorithms for CTL model checking for PDSs in the literature. We implemented our techniques in a tool, and we applied it to different case studies. Our results are encouraging. In particular, we were able to find bugs in linux source code.

[1]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[2]  Laura Bozzelli,et al.  Complexity results on branching-time pushdown model checking , 2006, Theor. Comput. Sci..

[3]  Javier Esparza,et al.  A BDD-Based Model Checker for Recursive Programs , 2001, CAV.

[4]  Stefan Schwoon,et al.  Model checking pushdown systems , 2002 .

[5]  Thierry Cachat Symbolic Strategy Synthesis for Games on Pushdown Graphs , 2002, ICALP.

[6]  Tayssir Touili,et al.  PuMoC: a CTL model-checker for sequential programs , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[7]  Igor Walukiewicz,et al.  Pushdown Processes: Games and Model-Checking , 1996, Inf. Comput..

[8]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.

[9]  Bernhard Steffen,et al.  Model Checking the Full Modal Mu-Calculus for Infinite Sequential Processes , 1997, ICALP.

[10]  Rajeev Alur,et al.  Analysis of recursive state machines , 2001, TOPL.

[11]  C.-H. Luke Ong,et al.  Analysing Mu-Calculus Properties of Pushdown Systems , 2010, SPIN.

[12]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[13]  C.-H. Luke Ong,et al.  A saturation method for the modal μ-calculus over pushdown systems , 2011, Inf. Comput..

[14]  Moshe Y. Vardi,et al.  Global Model-Checking of Infinite-State Systems , 2004, CAV.

[15]  Javier Esparza,et al.  Efficient Algorithms for Alternating Pushdown Systems with an Application to the Computation of Certificate Chains , 2006, ATVA.

[16]  Aniello Murano,et al.  Pushdown module checking , 2005, Formal Methods Syst. Des..

[17]  Orna Kupferman,et al.  An Automata-Theoretic Approach to Infinite-State Systems , 2010, Essays in Memory of Amir Pnueli.

[18]  Orna Kupferman,et al.  An Automata-Theoretic Approach to Reasoning about Infinite-State Systems , 2000, CAV.

[19]  Igor Walukiewicz Model Checking CTL Properties of Pushdown Systems , 2000, FSTTCS.

[20]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[21]  David Harel,et al.  Deciding Emptiness for Stack Automata on Infinite Trees , 1994, Inf. Comput..

[22]  Thierry Cachat,et al.  Uniform Solution of Parity Games on Prefix-Recognizable Graphs , 2003, INFINITY.

[23]  Olivier Serre Note on winning positions on pushdown games with [omega]-regular conditions , 2003, Inf. Process. Lett..

[24]  Pierre Wolper,et al.  A direct symbolic approach to model checking pushdown systems , 1997, INFINITY.

[25]  Javier Esparza,et al.  Model-Checking LTL with Regular Valuations for Pushdown Systems , 2001, TACS.

[26]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[27]  Bernhard Steffen,et al.  Composition, Decomposition and Model Checking of Pushdown Processes , 1995, Nord. J. Comput..

[28]  Jens Knoop,et al.  An Automata-Theoretic Approach to Interprocedural Data-Flow Analysis , 1999, FoSSaCS.