skip to main content
10.1145/1111037.1111051acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
Article

A fixpoint calculus for local and global program flows

Published:11 January 2006Publication History

ABSTRACT

We define a new fixpoint modal logic, the visibly pushdown μ-calculus (VP-μ), as an extension of the modal μ-calculus. The models of this logic are execution trees of structured programs where the procedure calls and returns are made visible. This new logic can express pushdown specifications on the model that its classical counterpart cannot, and is motivated by recent work on visibly pushdown languages [4]. We show that our logic naturally captures several interesting program specifications in program verification and dataflow analysis. This includes a variety of program specifications such as computing combinations of local and global program flows, pre/post conditions of procedures, security properties involving the context stack, and interprocedural dataflow analysis properties. The logic can capture flow-sensitive and inter-procedural analysis, and it has constructs that allow skipping procedure calls so that local flows in a procedure can also be tracked. The logic generalizes the semantics of the modal μ-calculus by considering summaries instead of nodes as first-class objects, with appropriate constructs for concatenating summaries, and naturally captures the way in which pushdown models are model-checked. The main result of the paper is that the model-checking problem for VP-μ is effectively solvable against pushdown models with no more effort than that required for weaker logics such as CTL. We also investigate the expressive power of the logic VP-μ: we show that it encompasses all properties expressed by a corresponding pushdown temporal logic on linear structures (caret [2]) as well as by the classical μ-calculus. This makes VP-μ the most expressive known program logic for which algorithmic software model checking is feasible. In fact, the decidability of most known program logics (μ-calculus, temporal logics LTL and CTL, caret, etc.) can be understood by their interpretation in the monadic second-order logic over trees. This is not true for the logic VP-μ, making it a new powerful tractable program logic.

References

  1. R. Alur, S. Chaudhuri, and P. Madhusudan. Visibly pushdown tree languages. http://www.cis.upenn.edu/~swarat/pubs/vptl.ps+.]]Google ScholarGoogle Scholar
  2. R. Alur, K. Etessami, and P. Madhusudan. A temporal logic of nested calls and returns. In 10th Int. Conf. on Tools and Algorithms for the Const. and Analysis of Software, LNCS 2988, pages 467--481, 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  3. R. Alur, K. Etessami, and M. Yannakakis. Analysis of recursive state machines. In Proc. of the 13th International Conference on Computer Aided Verification, LNCS 2102, pages 207--220. Springer, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. R. Alur and P. Madhusudan. Visibly pushdown languages. In Proc. of the 36th STOC, pages 202--211, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000 Workshop on Model Checking of Software, LNCS 1885, pages 113--130. Springer, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. T. Ball and S. Rajamani. The SLAM project: debugging system software via static analysis. In Proc. of the 29th ACM Symposium on Principles of Programming Languages, pages 1--3, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Benedikt, P. Godefroid, and T. Reps. Model checking of unrestricted hierarchical state machines. In 28th ICALP, volume LNCS 2076, pages 652--666. Springer, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. J.R. Burch, E.M. Clarke, D.L. Dill, L.J. Hwang, and K.L. McMillan. Symbolic model checking: $10^20$ states and beyond. Information and Computation, 98(2):142--170, 1992.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. L. Burdy, Y. Cheon, D. Cok, M. Ernst, J. Kiniry, G.T. Leavens, R. Leino, and E. Poll. An overview of JML tools and applications. In Proceedings of the 8th International Workshop on Formal Methods for Industrial Critical Systems, pages 75--89, 2003.]]Google ScholarGoogle Scholar
  10. O. Burkart and B. Steffen. Model checking the full modal mu-calculus for infinite sequential processes. Theoretical Computer Science, 221:251--270, 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. K. Chatterjee, D. Ma, R. Majumdar, T. Zhao, T.A. Henzinger, and J. Palsberg. Stack size analysis for interrupt driven programs. In Proceedings of the 10th International Symposium on Static Analysis, volume LNCS 2694, pages 109--126, 2003.]]Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. H. Chen and D. Wagner. Mops: an infrastructure for examining security properties of software. In Proceedings of ACM Conference on Computer and Communications Security, pages 235--244, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. E.A. Emerson. Temporal and modal logic. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, volume B, pages 995--1072. Elsevier Science Publishers, 1990.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. E.A. Emerson and C.S. Jutla. Tree automata, mu-calculus, and determinacy. In Proceedings of the 32nd IEEE Symposium on Foundations of Computer Science, pages 368--377, 1991.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Esparza, A. Kucera, and S. Schwoon. Model-checking LTL with regular valuations for pushdown systems. Information and Computation, 186(2):355--376, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. E. Grädel, W. Thomas, and T. Wilke, editors. Automata, Logics, and Infinite Games: A Guide to Current Research {outcome of a Dagstuhl seminar, February 2001}, volume 2500 of Lecture Notes in Computer Science. Springer, 2002.]]Google ScholarGoogle Scholar
  17. T.A. Henzinger, R. Jhala, R. Majumdar, G.C. Necula, G. Sutre, and W. Weimer. Temporal-safety proofs for systems code. In Proc. of 14th CAV Conference, LNCS 2404, pp. 526--538, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. D. Janin and I. Walukiewicz. On the expressive completeness of the propositional mu-calculus with respect to monadic second order logic. In CONCUR'96: Seventh International Conference on Concurrency Theory, LNCS 1119, pages 263--277. Springer-Verlag, 1996.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. T. Jensen, D. Le Metayer, and T. Thorn. Verification of control flow based security properties. In Proceedings of the IEEE Symposium on Security and Privacy, pages 89--103, 1999.]]Google ScholarGoogle ScholarCross RefCross Ref
  20. D. Kozen. Results on the propositional mu-calculus. Theoretical Computer Science, 27:333--354, 1983.]]Google ScholarGoogle Scholar
  21. K.L. McMillan. Symbolic model checking: an approach to the state explosion problem. Kluwer Academic Publishers, 1993.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. T. Reps, S. Horwitz, and S. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proc. of the ACM Symposium on Principles of Programming Languages, pages 49--61, 1995.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D.A. Schmidt. Data flow analysis is model checking of abstract interpretations. In Proceedings of the 25th Annual ACM Symposium on Principles of Programming Languages, pages 68--78, 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. B. Steffen. Data flow analysis as model checking. In Theoretical Aspects of Computer Software, LNCS 526, pages 346--365, 1991.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. C.S. Stirling. Modal and temporal logic. In Handbook of Logic in Computer Science, pages 477--563. Oxford University Press, 1991.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. I. Walukiewicz. Pushdown processes: Games and model-checking. Information and Computation, 164(2):234--263, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A fixpoint calculus for local and global program flows

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!