Weighted Pushdown Systems with Indexed Weight Domains

The reachability analysis of weighted pushdown systems is a very powerful technique in verification and analysis of recursive programs. Each transition rule of a weighted pushdown system is associated with an element of a bounded semiring representing the weight of the rule. However, we have realized that the restriction of the boundedness is too strict and the formulation of weighted pushdown systems is not general enough for some applications. To generalize weighted pushdown systems, we first introduce the notion of stack signatures that summarize the effect of a computation of a pushdown system and formulate pushdown systems as automata over the monoid of stack signatures. We then generalize weighted pushdown systems by introducing semirings indexed by the monoid and weaken the boundedness to local boundedness

On Reachability Analysis of Pushdown Systems with Transductions: Application to Boolean Programs with Call-by-Reference

Pushdown systems with transductions (TrPDSs) are an extension of pushdown systems (PDSs) by associating each transition rule with a transduction, which allows to inspect and modify the stack content at each step of a transition rule. It was shown by Uezato and Minamide that TrPDSs can model PDSs with checkpoint and discrete-timed PDSs. Moreover, TrPDSs can be simulated by PDSs and the predecessor configurations pre^*(C) of a regular set C of configurations can be computed by a saturation procedure when the closure of the transductions in TrPDSs is finite. In this work, we comprehensively investigate the reachability problem of finite TrPDSs. We propose a novel saturation procedure to compute pre^*(C) for finite TrPDSs. Also, we introduce a saturation procedure to compute the successor configurations post^*(C) of a regular set C of configurations for finite TrPDSs. From these two saturation procedures, we present two efficient implementation algorithms to compute pre^*(C) and post^*(C). Finally, we show how the presence of transductions enables the modeling of Boolean programs with call-by-reference parameter passing. The TrPDS model has finite closure of transductions which results in model-checking approach for Boolean programs with call-by-reference parameter passing against safety properties

Conditional Weighted Pushdown Systems and Applications

Pushdown systems are well understood as abstract models ofprograms with (recursive) procedures. Reps et al. recentlyextended pushdown systems into weighted pushdown systems、 whichserve as a generalized framework for solving certain kinds ofmeet-over-all-path problems in program analysis. In this paper、 weextend weighted pushdown systems to conditional weighted pushdownsystems、 by further specifying conditions under which a pushdowntransition rule can be applied、 and show that model checkingproblems on conditional weighted pushdown systems can be reducedto those on weighted pushdown systems.There are wider applications of conditional weighted pushdownsystems when analyzing programs with objected-oriented features、for which weighted pushdown systems is not precise enough under adirect application. As an example、 we lift a stacking-basedpoints-to analysis for Java designed in the framework of weightedpushdown systems to a more precise counterpart in the framework ofconditional weighted pushdown systems. In addition to thefundamental context-sensitivity in terms of valid paths、 thelifted points-to analysis algorithm further enjoyscontext-sensitivity with respect to objected-oriented features、including call graph construction、 heap abstraction、 and heapaccess. These context-sensitive properties are shown to be crucialto the analysis precision in practice