skip to main content
research-article
Free Access

Software model checking using languages of nested trees

Published:23 November 2011Publication History
Skip Abstract Section

Abstract

While model checking of pushdown systems is by now an established technique in software verification, temporal logics and automata traditionally used in this area are unattractive on two counts. First, logics and automata traditionally used in model checking cannot express requirements such as pre/post-conditions that are basic to analysis of software. Second, unlike in the finite-state world, where the μ-calculus has a symbolic model-checking algorithm and serves as an “assembly language” to which temporal logics can be compiled, there is no common formalism—either fixpoint-based or automata-theoretic—to model-check requirements on pushdown models. In this article, we introduce a new theory of temporal logics and automata that addresses the above issues, and provides a unified foundation for the verification of pushdown systems.

The key idea here is to view a program as a generator of structures known as nested trees as opposed to trees. A fixpoint logic (called NT-μ) and a class of automata (called nested tree automata) interpreted on languages of these structures are now defined, and branching-time model-checking is phrased as language inclusion and membership problems for these languages. We show that NT-μ and nested tree automata allow the specification of a new frontier of requirements usable in software verification. At the same time, their model checking problem has the same worst-case complexity as their traditional analogs, and can be solved symbolically using a fixpoint computation that generalizes, and includes as a special case, “summary”-based computations traditionally used in interprocedural program analysis. We also show that our logics and automata define a robust class of languages—in particular, just as the μ-calculus is equivalent to alternating parity automata on trees, NT-μ is equivalent to alternating parity automata on nested trees.

References

  1. Abadi, M. and Fournet, C. 2003. Access control based on execution history. In Proceedings of the Network and IT Security Conference (NDSS).Google ScholarGoogle Scholar
  2. Alur, R., Benedikt, M., Etessami, K., Godefroid, P., Reps, T., and Yannakakis, M. 2005. Analysis of recursive state machines. ACM Trans. Prog. Lang. Syst. 27, 4, 786--818. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Alur, R., Chaudhuri, S., and Madhusudan, P. 2006a. A fixpoint calculus for local and global program flows. In Proceedings of the 33rd Annual ACM Symposium on Principles of Programming Languages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Alur, R., Chaudhuri, S., and Madhusudan, P. 2006b. Languages of nested trees. In Proceedings of the Symposium on Computer-Aided Verification (CAV'06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Alur, R., Etessami, K., and Madhusudan, P. 2004. A temporal logic of nested calls and returns. In Proceedings of the 10th International Conference on Tools and Algorithms for the Construction and Analysis of Software. Lecture Notes in Computer Science, vol. 2988. Springer, 467--481.Google ScholarGoogle Scholar
  6. Alur, R. and Madhusudan, P. 2004. Visibly pushdown languages. In Proceedings of the 36th ACM Symposium on Theory of Computing. 202--211. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Alur, R. and Madhusudan, P. 2006. Adding nesting structure to words. In Proceedings of the Symposium on Developments in Language Theory. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Alur, R. and Madhusudan, P. 2009. Adding nesting structure to words. J. ACM 56, 3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Ball, T. and Rajamani, S. 2000. Bebop: A symbolic model checker for boolean programs. In Proceedings of the Workshop on Model Checking of Software. Lecture Notes in Computer Science, vol. 1885. Springer, 113--130. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Ball, T. and Rajamani, S. 2001. The SLAM toolkit. In Proceedings of the 13th International Conference on Computer Aided Verification. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G., Leino, R., and Poll, E. 2003. An overview of JML tools and applications. In Proceedings of the 8th International Workshop on Formal Methods for Industrial Critical Systems. 75--89.Google ScholarGoogle Scholar
  12. Burkart, O. and Steffen, B. 1999. Model checking the full modal mu-calculus for infinite sequential processes. Theoret. Comput. Sci. 221, 251--270. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Clarke, E., Grumberg, O., and Peled, D. 1999. Model Checking. MIT Press. CLA e 99:1 1.Ex. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Emerson, E. and Clarke, E. 1982. Using branching-time temporal logic to synthesize synchronization skeletons. Sci. Comput. Prog. 2, 241--266.Google ScholarGoogle ScholarCross RefCross Ref
  15. Emerson, E. and Jutla, C. 1991. Tree automata, mu-calculus, and determinacy. In Proceedings of the 32nd IEEE Symposium on Foundations of Computer Science. 368--377. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Emerson, E. and Lei, C. 1985. Modalities for model-checking: Branching time logic strikes back. In Proceedings of the 12th ACM Symposium on Principles of Programming Languages. 84--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Esparza, J., Kucera, A., and Schwoon, S. S. 2003. Model-checking LTL with regular valuations for pushdown systems. Inf. Computation 186, 2, 355--376. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Grädel, E., Thomas, W., and Wilke, T., Eds. 2002. Automata, Logics, and Infinite Games: A Guide to Current Research. Lecture Notes in Computer Science, vol. 2500. Springer.Google ScholarGoogle Scholar
  19. Hoare, C. 1969. An axiomatic basis for computer programming. Comm. ACM 12, 10, 576--580. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Hopcroft, J. and Ullman, J. 1979. Introduction to Automata Theory, Languages, and Computation. Addison-Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Jensen, T., Metayer, D. L., and Thorn, T. 1999. Verification of control flow based security properties. In Proceedings of the IEEE Symposium on Security and Privacy. 89--103.Google ScholarGoogle Scholar
  22. Kozen, D. 1983. Results on the propositional mu-calculus. Theoret. Comput. Sci. 27, 333--354.Google ScholarGoogle ScholarCross RefCross Ref
  23. Kupferman, O., Piterman, N., and Vardi, M. 2002. Pushdown specifications. In Proceedings of the 9th International Conference on Logics for Programming, Artifical Intelligence, and Reasoning. Lecture Notes in Computer Science, vol. 2514. Springer, 262--277. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Kupferman, O., Vardi, M., and Wolper, P. 2000. An automata-theoretic approach to branching-time model checking. J. ACM 47, 2, 312--360. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Reps, T. 1998. Program analysis via graph reachability. Inf. Softw. Tech. 40, 11-12, 701--726.Google ScholarGoogle ScholarCross RefCross Ref
  26. Reps, T., Horwitz, S., and Sagiv, S. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the ACM Symposium on Principles of Programming Languages. 49--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Schmidt, D. 1998. Data flow analysis is model checking of abstract interpretations. In Proceedings of the 25th Annual ACM Symposium on Principles of Programming Languages. 68--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Sharir, M. and Pnueli, A. 1981. Two approaches to interprocedural dataflow analysis. In Program Flow Analysis: Theory and Applications, 189--234.Google ScholarGoogle Scholar
  29. Steffen, B. 1991. Data flow analysis as model checking. In Proceedings of the Symposium on Theoretical Aspects of Computer Software (TACS'91). Lecture Notes in Computer Science, vol. 526. 346--365. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Wallach, D. S. and Felten, E. W. 1998. Understanding Java stack inspection. In Proceedings of the IEEE Symposium on Security and Privacy. 52--63.Google ScholarGoogle Scholar
  31. Walukiewicz, I. 2001. Pushdown processes: Games and model-checking. Inf. Comput. 164, 2, 234--263. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Software model checking using languages of nested trees

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!