1,604 research outputs found
A Tighter Bound for the Determinization of Visibly Pushdown Automata
Visibly pushdown automata (VPA), introduced by Alur and Madhusuan in 2004, is
a subclass of pushdown automata whose stack behavior is completely determined
by the input symbol according to a fixed partition of the input alphabet. Since
its introduce, VPAs have been shown to be useful in various context, e.g., as
specification formalism for verification and as automaton model for processing
XML streams. Due to high complexity, however, implementation of formal
verification based on VPA framework is a challenge. In this paper we consider
the problem of implementing VPA-based model checking algorithms. For doing so,
we first present an improvement on upper bound for determinization of VPA.
Next, we propose simple on-the-fly algorithms to check universality and
inclusion problems of this automata class. Then, we implement the proposed
algorithms in a prototype tool. Finally, we conduct experiments on randomly
generated VPAs. The experimental results show that the proposed algorithms are
considerably faster than the standard ones
Beyond Language Equivalence on Visibly Pushdown Automata
We study (bi)simulation-like preorder/equivalence checking on the class of
visibly pushdown automata and its natural subclasses visibly BPA (Basic Process
Algebra) and visibly one-counter automata. We describe generic methods for
proving complexity upper and lower bounds for a number of studied preorders and
equivalences like simulation, completed simulation, ready simulation, 2-nested
simulation preorders/equivalences and bisimulation equivalence. Our main
results are that all the mentioned equivalences and preorders are
EXPTIME-complete on visibly pushdown automata, PSPACE-complete on visibly
one-counter automata and P-complete on visibly BPA. Our PSPACE lower bound for
visibly one-counter automata improves also the previously known DP-hardness
results for ordinary one-counter automata and one-counter nets. Finally, we
study regularity checking problems for visibly pushdown automata and show that
they can be decided in polynomial time.Comment: Final version of paper, accepted by LMC
Revisiting Underapproximate Reachability for Multipushdown Systems
Boolean programs with multiple recursive threads can be captured as pushdown
automata with multiple stacks. This model is Turing complete, and hence, one is
often interested in analyzing a restricted class that still captures useful
behaviors. In this paper, we propose a new class of bounded under
approximations for multi-pushdown systems, which subsumes most existing
classes. We develop an efficient algorithm for solving the under-approximate
reachability problem, which is based on efficient fix-point computations. We
implement it in our tool BHIM and illustrate its applicability by generating a
set of relevant benchmarks and examining its performance. As an additional
takeaway, BHIM solves the binary reachability problem in pushdown automata. To
show the versatility of our approach, we then extend our algorithm to the timed
setting and provide the first implementation that can handle timed
multi-pushdown automata with closed guards.Comment: 52 pages, Conference TACAS 202
Pushdown Control-Flow Analysis of Higher-Order Programs
Context-free approaches to static analysis gain precision over classical
approaches by perfectly matching returns to call sites---a property that
eliminates spurious interprocedural paths. Vardoulakis and Shivers's recent
formulation of CFA2 showed that it is possible (if expensive) to apply
context-free methods to higher-order languages and gain the same boost in
precision achieved over first-order programs.
To this young body of work on context-free analysis of higher-order programs,
we contribute a pushdown control-flow analysis framework, which we derive as an
abstract interpretation of a CESK machine with an unbounded stack. One
instantiation of this framework marks the first polyvariant pushdown analysis
of higher-order programs; another marks the first polynomial-time analysis. In
the end, we arrive at a framework for control-flow analysis that can
efficiently compute pushdown generalizations of classical control-flow
analyses.Comment: The 2010 Workshop on Scheme and Functional Programmin
Faster Algorithms for Weighted Recursive State Machines
Pushdown systems (PDSs) and recursive state machines (RSMs), which are
linearly equivalent, are standard models for interprocedural analysis. Yet RSMs
are more convenient as they (a) explicitly model function calls and returns,
and (b) specify many natural parameters for algorithmic analysis, e.g., the
number of entries and exits. We consider a general framework where RSM
transitions are labeled from a semiring and path properties are algebraic with
semiring operations, which can model, e.g., interprocedural reachability and
dataflow analysis problems.
Our main contributions are new algorithms for several fundamental problems.
As compared to a direct translation of RSMs to PDSs and the best-known existing
bounds of PDSs, our analysis algorithm improves the complexity for
finite-height semirings (that subsumes reachability and standard dataflow
properties). We further consider the problem of extracting distance values from
the representation structures computed by our algorithm, and give efficient
algorithms that distinguish the complexity of a one-time preprocessing from the
complexity of each individual query. Another advantage of our algorithm is that
our improvements carry over to the concurrent setting, where we improve the
best-known complexity for the context-bounded analysis of concurrent RSMs.
Finally, we provide a prototype implementation that gives a significant
speed-up on several benchmarks from the SLAM/SDV project
Unified Analysis of Collapsible and Ordered Pushdown Automata via Term Rewriting
We model collapsible and ordered pushdown systems with term rewriting, by
encoding higher-order stacks and multiple stacks into trees. We show a uniform
inverse preservation of recognizability result for the resulting class of term
rewriting systems, which is obtained by extending the classic saturation-based
approach. This result subsumes and unifies similar analyses on collapsible and
ordered pushdown systems. Despite the rich literature on inverse preservation
of recognizability for term rewrite systems, our result does not seem to follow
from any previous study.Comment: in Proc. of FRE
An Experiment in Ping-Pong Protocol Verification by Nondeterministic Pushdown Automata
An experiment is described that confirms the security of a well-studied class
of cryptographic protocols (Dolev-Yao intruder model) can be verified by
two-way nondeterministic pushdown automata (2NPDA). A nondeterministic pushdown
program checks whether the intersection of a regular language (the protocol to
verify) and a given Dyck language containing all canceling words is empty. If
it is not, an intruder can reveal secret messages sent between trusted users.
The verification is guaranteed to terminate in cubic time at most on a
2NPDA-simulator. The interpretive approach used in this experiment simplifies
the verification, by separating the nondeterministic pushdown logic and program
control, and makes it more predictable. We describe the interpretive approach
and the known transformational solutions, and show they share interesting
features. Also noteworthy is how abstract results from automata theory can
solve practical problems by programming language means.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866
- …