Saturation algorithms for model-checking pushdown systems

@inproceedings{Carayol2014SaturationAF,
  title={Saturation algorithms for model-checking pushdown systems},
  author={Arnaud Carayol and Matthew Hague},
  booktitle={AFL},
  year={2014}
}
Pushdown systems have, over the past 15 years, been popular with the software verification community. Their stack can be used to model the call stack of a first-order recursive program, with the control state holding valuations of the program’s global variables, and stack characters encoding the local variable valuations. As such the control flow of first-order recursive programs (such as C and Java programs) can be accurately modelled [29]. Pushdown systems have played a key role in the… 

Global Model Checking on Pushdown Multi-Agent Systems

TLDR
An exponential-time global model checking algorithm is proposed which extends similar algorithms for pushdown systems and modal mu-calculus, and admits a matching lower bound, which holds even for the alternation-free fragment and ATL.

Verifying Pushdown Multi-Agent Systems against Strategy Logics

TLDR
This paper investigates model checking algorithms for variants of strategy logic over pushdown multi-agent systems, modeled by pushdown game structures (PGSs), and shows that the model checking problems on PGSs for SL[CG], SL[DG] and SL[1G] are 3EXTIME-complete, which are not harder than the problem for the subsumed logic ATL*.

Ordered Tree-Pushdown Systems

TLDR
A new class of pushdown systems where the pushdown is a tree instead of a word is defined, and it is shown that the resulting class enjoys a decidable reachability problem.

Subcubic certificates for CFL reachability

TLDR
It is shown that there cannot be a fine-grained reduction from SAT to CFL reachability for a conditional lower bound stronger than nω, unless the nondeterministic strong exponential time hypothesis (NSETH) fails.

Reachability Analysis of First-order Definable Pushdown Systems

TLDR
The reachability analysis can be addressed with the well-known saturation technique for the wide class of oligomorphic structures and the technique is able to give concrete complexity upper bounds for the more restrictive homogeneous structures.

Back in Black: Towards Formal, Black Box Analysis of Sanitizers and Filters

TLDR
The first algorithm that infers symbolic representations of automata in the standard membership/equivalence query model is developed, which provides an improvement of x15 times in the number of queries required to learn real life XSS and SQL filters of popular web application firewall systems such as mod-security and PHPIDS.

Good-for-games ω-Pushdown Automata

TLDR
These are automata whose nondeterminism can be resolved based on the run constructed thus far and it follows that the universality problem for ω-GFG-PDA is in EXPTIME as well.

A Bit of Nondeterminism Makes Pushdown Automata Expressive and Succinct

TLDR
It is proved that GFG-PDA recognise more languages than deterministic PDA (DPDA) but not all context-free languages (CFL) and this class is orthogonal to unambiguous CFL.

On the Complexity of Multi-Pushdown Games

TLDR
This work shows that k-context games are b-EXPTIME-complete, where b = max{k−2, 1}.

Summaries for Context-Free Games

TLDR
A new algorithm to decide the winning player and to compute her strategy is proposed, based on a novel representation of all plays starting in a non-terminal, that has optimal time complexity, compatible with recent antichain optimizations, and that it admits a lazy evaluation strategy.

References

SHOWING 1-10 OF 63 REFERENCES

Model checking pushdown systems

TLDR
The thesis examines model-checking problems for pushdown systems, improving previously known algorithms in terms of both asymptotic complexity and practical usability, and investigates several optimizations which served to improve the efficiency of the checker.

Reachability of Multistack Pushdown Systems with Scope-Bounded Matching Relations

TLDR
This paper proposes a restriction of the semantics of the general model such that a symbol that is pushed onto a stack can be popped only within a bounded number of context-switches.

Efficient CTL model-checking for pushdown systems

Model checking dynamic pushdown networks

TLDR
This work considers in this work model checking DPNs against single-indexed LTL and CTL properties of the form $${\bigwedge f_i}$$⋀fi such that fi is a LTL/CTL formula over the PDS i.r.t. and shows that these model checking problems are decidable.

C-SHORe: a collapsible approach to higher-order verification

TLDR
This paper introduces the first practical model-checking algorithm that acts on a generalisation of pushdown automata equi-expressive with HORS called collapsible pushdown systems (CPDS), and offers significantly improved performance over the only previously published tool of which it is aware that also enjoys this property.

Reachability Analysis of Pushdown Automata: Application to Model-Checking

TLDR
This work considers the more general class of alternating pushdown systems and uses alternating finite-state automata as a representation structure for sets of their configurations and gives a simple and natural procedure to compute sets of predecessors using this representation structure.

A direct symbolic approach to model checking pushdown systems

Analysing Mu-Calculus Properties of Pushdown Systems

TLDR
This work provides a tool (PDSolver) implementing an algorithm for computing the winning regions of a pushdown parity game and its adaptation to the direct computation of modal µ-calculus properties over pushdown systems.

PuMoC: a CTL model-checker for sequential programs

  • Fu SongTayssir Touili
  • Computer Science
    2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
  • 2012
TLDR
PuMoC is presented, a CTL model checker for Pushdown systems (PDSs) and sequential C/C++ and Java programs and results show the efficiency and the applicability of the tool.

Saturation-Based Model Checking of Higher-Order Recursion Schemes

TLDR
A new model checking algorithm for HORS is proposed, which combines two previous, independent approaches to higher-order model checking, and often outperforms TRECS and CSHORe, the state-of-the-art model checkers for Horseshoe recursion schemes.
...