Rewriting Models of Boolean Programs

  • Ahmed Bouajjani
  • Javier Esparza
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4098)


We show that rewrite systems can be used to give semantics to imperative programs with boolean variables, a class of programs used in software model-checking as over- or underapproximations of real programs. We study the classes of rewrite systems induced by programs with different features like procedures, concurrency, or dynamic thread creation, and survey a number of results on their word problem and their symbolic reachability problem.


Model Check Word Problem Global Variable Concurrent Program Tree Automaton 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdulla, P.A., Cerans, K., Jonsson, B., Tsay, Y.-K.: General decidability theorems for infinite-state systems. In: LICS, pp. 313–321 (1996)Google Scholar
  2. 2.
    Bouajjani, A., Esparza, J., Maler, O.: Reachability analysis of pushdown automata: Application to model-checking. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 135–150. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Bouajjani, A., Esparza, J., Schwoon, S., Strejcek, J.: Reachability analysis of multithreaded software with asynchronous communication. In: Ramanujam, R., Sen, S. (eds.) FSTTCS 2005. LNCS, vol. 3821, pp. 348–359. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. Int. J. Found. Comput. Sci. 14(4), 551–582 (2003)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Bouajjani, A., Esparza, J., Touili, T.: Reachability analysis of synchronized pa systems. Electr. Notes Theor. Comput. Sci. 138(3), 153–178 (2005)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Bouajjani, A., Müller-Olm, M., Touili, T.: Regular symbolic analysis of dynamic networks of pushdown systems. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 473–487. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Bouajjani, A., Touili, T.: Reachability analysis of process rewrite systems. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 74–87. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Bouajjani, A., Touili, T.: On computing reachability sets of process rewrite systems. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 484–499. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Büchi, J.R.: Regular canonical systems. Arch. Math. Logik Grundlag. 6, 91–111 (1964)MATHCrossRefGoogle Scholar
  10. 10.
    Büchi, J.R.: The collected works of J. Richard Büchi. Springer, New-York (1990)MATHGoogle Scholar
  11. 11.
    Burkart, O., Caucal, D., Moller, F., Steffen, B.: Verification on Infinite Structures. In: Handbook of Process Algebra. North-Holland, Elsevier (2001)Google Scholar
  12. 12.
    Caucal, D.: On the regular structure of prefix rewriting. Theor. Comput. Sci. 106(1), 61–86 (1992)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: ACM Conference on Computer and Communications Security, pp. 235–244 (2002)Google Scholar
  14. 14.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)Google Scholar
  16. 16.
    Delzanno, G., Raskin, J.-F., Van Begin, L.: Towards the automated verification of multithreaded java programs. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 173–187. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Esparza, J.: Petri nets, commutative context-free grammars, and basic parallel processes. Fundam. Inform. 31(1), 13–25 (1997)MATHMathSciNetGoogle Scholar
  18. 18.
    Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model checking pushdown systems. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 232–247. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Esparza, J., Podelski, A.: Efficient algorithms for pre* and post* on interprocedural parallel flow graphs. In: POPL, pp. 1–11 (2000)Google Scholar
  20. 20.
    Finkel, A., Schnoebelen, Ph.: Well-structured transition systems everywhere! Theor. Comput. Sci. 256(1–2), 63–92 (2001)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Finkel, A., Willems, B., Wolper, P.: A direct symbolic approach to model checking pushdown systems. Electr. Notes Theor. Comput. Sci. 9 (1997)Google Scholar
  22. 22.
    Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)Google Scholar
  23. 23.
    Hopcroft, J.E., Pansiot, J.-J.: On the reachability problem for 5-dimensional vector addition systems. Theor. Comput. Sci. 8, 135–159 (1979)MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Huynh, D.T.: Commutative grammars: The complexity of uniform word problems. Information and Control 57(1), 21–39 (1983)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Kosaraju, S.R.: Decidability of reachability in vector addition systems (preliminary version). In: STOC, pp. 267–281. ACM, New York (1982)Google Scholar
  26. 26.
    Lipton, R.: The Reachability Problem Requires Exponential Space. Technical Report 62, Yale University (1976)Google Scholar
  27. 27.
    Lugiez, D.: Counting and Equality Constraints for Multitree Automata. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 328–342. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Lugiez, D., Schnoebelen, P.: The Regular Viewpoint on PA-Processes. In: Sangiorgi, D., de Simone, R. (eds.) CONCUR 1998. LNCS, vol. 1466, pp. 50–66. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  29. 29.
    Mayr, E.W.: An algorithm for the general Petri net reachability problem. In: STOC, pp. 238–246. ACM, New York (1981)Google Scholar
  30. 30.
    Mayr, R.: Decidability and Complexity of Model Checking Problems for Infinite-State Systems. PhD thesis, Technische Universität München (1998)Google Scholar
  31. 31.
    Mayr, R.: Process rewrite systems. Inf. Comput. 156(1–2), 264–286 (2000)MATHCrossRefMathSciNetGoogle Scholar
  32. 32.
    Qadeer, S., Rehof, J.: Context-bounded model checking of concurrent software. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 93–107. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Seidl, H., Schwentick, T., Muscholl, A.: Numerical Document Queries. In: PODS 2003. ACM press, New York (2003)Google Scholar
  34. 34.
    Suwimonteerabuth, D., Schwoon, S., Esparza, J.: jMoped: A Java bytecode checker based on Moped. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 541–545. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ahmed Bouajjani
    • 1
  • Javier Esparza
    • 2
  1. 1.LIAFAUniversity of Paris 7 
  2. 2.IFMCSUniversity of Stuttgart 

Personalised recommendations