Efficient Algorithms for Model Checking Pushdown Systems

  • Javier Esparza
  • David Hansel
  • Peter Rossmanith
  • Stefan Schwoon
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1855)

Abstract

We study model checking problems for pushdown systems and linear time logics. We show that the global model checking problem (computing the set of configurations, reachable or not, that violate the formula) can be solved in \(O({g_{\cal P}}{g_{\cal P}}^3{g_{\cal B}}{g_{\cal B}}^3)\) time and \(O({g_{\cal P}}{g_{\cal P}}^2{g_{\cal B}}{g_{\cal B}}^2)\) space, where \({g_{\cal P}}{g_{\cal P}}\) and \({g_{\cal B}}{g_{\cal B}}\) are the size of the pushdown system and the size of a Büchi automaton for the negation of the formula. The global model checking problem for reachable configurations can be solved in \(O({g_{\cal P}}{g_{\cal P}}^4{g_{\cal B}}{g_{\cal B}}^3)\) time and \(O({g_{\cal P}}{g_{\cal P}}^4{g_{\cal B}}{g_{\cal B}}^2)\) space. In the case of pushdown systems with constant number of control states (relevant for our application), the complexity becomes \(O({g_{\cal P}}{g_{\cal P}}{g_{\cal B}}{g_{\cal B}}^3)\) time and \(O({g_{\cal P}}{g_{\cal P}}{g_{\cal B}}{g_{\cal B}}^2)\) space and \(O({g_{\cal P}}{g_{\cal P}}^2{g_{\cal B}}{g_{\cal B}}^3)\) time and \(O({g_{\cal P}}{g_{\cal P}}^2{g_{\cal B}}{g_{\cal B}}^2)\) space, respectively. We show applications of these results in the area of program analysis and present some experimental results.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bouajjani, A., Esparza, J., Maler, O.: Reachability analysis of pushdown automata: Application to model-checking. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 135–150. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Burkart, O., Steffen, B.: Composition, decomposition and model checking of pushdown processes. Nordic Journal of Computing 2(2), 89–125 (1995)MATHMathSciNetGoogle Scholar
  3. 3.
    Burkart, O., Steffen, B.: Model-checking the full-modal mu-calculus for infinite sequential processes. In: Degano, P., Gorrieri, R., Marchetti-Spaccamela, A. (eds.) ICALP 1997. LNCS, vol. 1256, pp. 419–429. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model checking pushdown systems. Technical Report TUM-I0002, Technische Universität München, Department of Computer Science (February 2000)Google Scholar
  5. 5.
    Esparza, J., Knoop, J.: An automata-theoretic approach to interprocedural data-flow analysis. In: Thomas, W. (ed.) FOSSACS 1999. LNCS, vol. 1578, pp. 14–30. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Esparza, J., Podelski, A.: Efficient algorithms for pre* and post* on interprocedural parallel flow graphs. In: Proceedings of POPL 2000 (2000)Google Scholar
  7. 7.
    Finkel, A., Willems, B., Wolper, P.: A direct symbolic approach to model checking pushdown systems. Electronic Notes in Theoretical Computer Science 9 (1997)Google Scholar
  8. 8.
    Jensen, T., Le Métayer, D., Thorn, T.: Verification of control flow based security properties. Technical Report 1210, IRISA (1998)Google Scholar
  9. 9.
    Schmidt, D., Steffen, B.: Program analysis as model checking of abstract interpretations. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 351–380. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Tarjan, R.E.: Depth first search and linear graph algorithms. In: SICOMP, vol. 1, pp. 146–160 (1972)Google Scholar
  11. 11.
    Walukiewicz, I.: Pushdown Processes: Games and Model Checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Javier Esparza
    • 1
  • David Hansel
    • 1
  • Peter Rossmanith
    • 1
  • Stefan Schwoon
    • 1
  1. 1.Technische Universität MünchenMünchenGermany

Personalised recommendations