Skip to main content
SpringerLink
Log in

Program Analysis Using Weighted Pushdown Systems

  • Conference paper
FSTTCS 2007: Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2007)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4855))

Abstract

Pushdown systems (PDSs) are an automata-theoretic formalism for specifying a class of infinite-state transition systems. Infiniteness comes from the fact that each configuration \(\langle{p,S}\rangle\) in the state space consists of a (formal) “control location” p coupled with a stack S of unbounded size. PDSs can model program paths that have matching calls and returns, and automaton-based representations allow analysis algorithms to account for the infinite control state space of recursive programs.

Weighted pushdown systems (WPDSs) are a generalization of PDSs that add a general “black-box” abstraction for program data (through weights). WPDSs also generalize other frameworks for interprocedural analysis, such as the Sharir-Pnueli functional approach.

This paper surveys recent work in this area, and establishes a few new connections with existing work.

Supported by ONR under grant N00014-01-1-0796 and by NSF under grants CCF-0540955 and CCF-0524051.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Balakrishnan, G.: WYSINWYX: What You See Is Not What You eXecute. PhD thesis, Comp. Sci. Dept. Univ. of Wisconsin, Madison, WI, August 2007, Tech. Rep. 1603

    Google Scholar 

  2. Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Comp. Construct., pp. 5–23 (2004)

    Google Scholar 

  3. Balakrishnan, G., Reps, T., Kidd, N., Lal, A., Lim, J., Melski, D., Gruian, R., Yong, S., Chen, C.-H., Teitelbaum, T.: Model checking x86 executables with CodeSurfer/x86 and WPDS++. In: Computer Aided Verif. (2005)

    Google Scholar 

  4. Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for Boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN Model Checking and Software Verification. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  5. Ball, T., Rajamani, S.K.: Bebop: A path-sensitive interprocedural dataflow engine. In: Prog. Analysis for Softw. Tools and Eng., 97–103 (June 2001)

    Google Scholar 

  6. Bouajjani, A., Esparza, J., Maler, O.: Reachability analysis of pushdown automata: Application to model checking. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 135–150. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  7. Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. In: Princ. of Prog. Lang., pp. 62–73 (2003)

    Google Scholar 

  8. Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. on Comp. C-35(6), 677–691 (1986)

    Article  Google Scholar 

  9. Büchi, J.R.: Finite Automata, their Algebras and Grammars. In: Siefkes, D. (ed.), Springer, Heidelberg (1988)

    Google Scholar 

  10. Burkart, O., Steffen, B.: Model checking for context-free processes. In: Cleaveland, W.R. (ed.) CONCUR 1992. LNCS, vol. 630, pp. 123–137. Springer, Heidelberg (1992)

    Chapter  Google Scholar 

  11. Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. In: Int. Conf. on Softw. Eng. (2003)

    Google Scholar 

  12. Chaki, S., Clarke, E., Kidd, N., Reps, T., Touili, T.: Verifying concurrent message-passing C programs with recursive calls. Tools and Algs. for the Construct. and Anal. of Syst. (2006)

    Google Scholar 

  13. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixed points. In: Princ. of Prog. Lang., pp. 238–252 (1977)

    Google Scholar 

  14. Cousot, P., Cousot, R.: Static determination of dynamic properties of recursive procedures. In: Neuhold, E.J. (ed.) Formal Descriptions of Programming Concepts, IFIP WG 2.2, St. Andrews, Canada, August 1977, pp. 237–277. North-Holland, Amsterdam (1978)

    Google Scholar 

  15. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Princ. of Prog. Lang., pp. 269–282 (1979)

    Google Scholar 

  16. Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: Princ. of Prog. Lang., pp. 84–96 (1978)

    Google Scholar 

  17. Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model checking pushdown systems. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 232–247. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  18. Finkel, A., Willems, B., Wolper, P.: A direct symbolic approach to model checking pushdown systems. Elec. Notes in Theor. Comp. Sci. 9 (1997)

    Google Scholar 

  19. Gopan, D.: Numeric program analysis techniques with applications to array analysis and library summarization. PhD thesis, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI, August 2007. Tech. Rep. 1602

    Google Scholar 

  20. Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  21. Gulwani, S., Necula, G.C.: Precise interprocedural analysis using random interpretation. In: Princ. of Prog. Lang. (2005)

    Google Scholar 

  22. Kam, J.B., Ullman, J.D.: Monotone data flow analysis frameworks. Acta Inf. 7(3), 305–318 (1977)

    Article  MathSciNet  MATH  Google Scholar 

  23. Karr, M.: Affine relationship among variables of a program. Acta Inf. 6, 133–151 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  24. Kidd, N., Reps, T., Melski, D., Lal, A.: WPDS++: AC++ library for weighted pushdown systems (2004), http://www.cs.wisc.edu/wpis/wpds++/

  25. Kildall, G.A.: A unified approach to global program optimization. In: Princ. of Prog. Lang., pp. 194–206 (1973)

    Google Scholar 

  26. Knoop, J., Steffen, B.: The interprocedural coincidence theorem. In: Comp. Construct., pp. 125–140 (1992)

    Google Scholar 

  27. Kodumal, J., Aiken, A.: Banshee: A scalable constraint-based analysis toolkit. In: Static Analysis Symp. (2005)

    Google Scholar 

  28. Lal, A., Lim, J., Polishchuk, M., Liblit, B.: Path optimization in programs and its application to debugging. In: European Symp. on Programming (2006)

    Google Scholar 

  29. Lal, A., Reps, T.: Improving pushdown system model checking. In: Computer Aided Verif. (2006)

    Google Scholar 

  30. Lal, A., Reps, T., Balakrishnan, G.: Extended weighted pushdown systems. In: Computer Aided Verif. (2005)

    Google Scholar 

  31. Lal, A.,Touili, T., Kidd, N., Reps, T.: Interprocedural analysis of concurrent programs under a context bound. Tech. Rep. TR-1598, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI (July 2007)

    Google Scholar 

  32. Landi, W., Ryder, B.G.: Pointer induced aliasing: A problem classification. In: Princ. of Prog. Lang., January 1991, pp. 93–103 (1991)

    Google Scholar 

  33. Martin, F.: PAG – An efficient program analyzer generator. Softw. Tools for Tech. Transfer (1998)

    Google Scholar 

  34. Müller-Olm, M., Seidl, H.: Precise interprocedural analysis through linear algebra. In: Princ. of Prog. Lang. (2004)

    Google Scholar 

  35. Müller-Olm, M., Seidl, H.: Analysis of modular arithmetic. In: European Symp. on Programming (2005)

    Google Scholar 

  36. Musuvathi, M., Qadeer, S.: Iterative context bounding for systematic testing of multithreaded programs. In: Prog. Lang. Design and Impl. (2007)

    Google Scholar 

  37. Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)

    MATH  Google Scholar 

  38. Qadeer, S., Rehof, J.: Context-bounded model checking of concurrent software. In: Tools and Algs. for the Construct. and Anal. of Syst. (2005)

    Google Scholar 

  39. Qadeer, S., Wu, D.: KISS: Keep it simple and sequential. In: Prog. Lang. Design and Impl. (2004)

    Google Scholar 

  40. Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: Princ. of Prog. Lang., pp. 49–61 (1995)

    Google Scholar 

  41. Reps, T., Schwoon, S., Jha, S.: Weighted pushdown systems and their application to interprocedural dataflow analysis. In: Static Analysis Symp., pp. 189–213 (2003)

    Google Scholar 

  42. Reps, T., Schwoon, S., Jha, S., Melski, D.: Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci. of Comp. Prog. 58(1–2), 206–263 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  43. Sagiv, M., Reps, T., Horwitz, S.: Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comp. Sci. 167, 131–170 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  44. Schwoon, S.: Model-Checking Pushdown Systems. PhD thesis, Technical Univ. of Munich, Munich, Germany (July 2002)

    Google Scholar 

  45. Schwoon, S.: WPDS: A library for weighted pushdown systems (2003), http://www.fmi.uni-stuttgart.de/szs/tools/wpds/

  46. Schwoon, S., Jha, S., Reps, T., Stubblebine, S.: On generalized authorization problems. In: Comp. Sec. Found. Workshop (2003)

    Google Scholar 

  47. Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, (ch. 7), pp. 189–234. Prentice-Hall, Englewood Cliffs, NJ (1981)

    Google Scholar 

  48. Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using Datalog with Binary Decision Diagrams for program analysis. In: Asian Symp. on Prog. Lang. and Systems (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Comp. Sci. Dept., University of Wisconsin, USA

    Thomas Reps, Akash Lal & Nick Kidd

Authors
  1. Thomas Reps
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akash Lal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nick Kidd
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

V. Arvind Sanjiva Prasad

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Reps, T., Lal, A., Kidd, N. (2007). Program Analysis Using Weighted Pushdown Systems. In: Arvind, V., Prasad, S. (eds) FSTTCS 2007: Foundations of Software Technology and Theoretical Computer Science. FSTTCS 2007. Lecture Notes in Computer Science, vol 4855. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77050-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77050-3_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77049-7

  • Online ISBN: 978-3-540-77050-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation