article

Open access

Analysis of recursive state machines

Authors:

Michael Benedikt,

Kousha Etessami,

Patrice Godefroid,

Mihalis YannakakisAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 27, Issue 4

Pages 786 - 818

https://doi.org/10.1145/1075382.1075387

Published: 01 July 2005 Publication History

Abstract

Recursive state machines (RSMs) enhance the power of ordinary state machines by allowing vertices to correspond either to ordinary states or to potentially recursive invocations of other state machines. RSMs can model the control flow in sequential imperative programs containing recursive procedure calls. They can be viewed as a visual notation extending Statecharts-like hierarchical state machines, where concurrency is disallowed but recursion is allowed. They are also related to various models of pushdown systems studied in the verification and program analysis communities.After introducing RSMs and comparing their expressiveness with other models, we focus on whether verification can be efficiently performed for RSMs. Our first goal is to examine the verification of linear time properties of RSMs. We begin this study by dealing with two key components for algorithmic analysis and model checking, namely, reachability (Is a target state reachable from initial states?) and cycle detection (Is there a reachable cycle containing an accepting state?). We show that both these problems can be solved in time O(nθ²) and space O(nθ), where n is the size of the recursive machine and θ is the maximum, over all component state machines, of the minimum of the number of entries and the number of exits of each component. From this, we easily derive algorithms for linear time temporal logic model checking with the same complexity in the model. We then turn to properties in the branching time logic CTL*, and again demonstrate a bound linear in the size of the state machine, but only for the case of RSMs with a single exit node.

References

[1]

Alur, R., Etessami, K., and Madhusudan, P. 2004. A temporal logic of nested calls and returns. In Proceedings of the 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'04), volume 2988 of LNCS, pages 467--481. Springer.]]

[2]

Alur, R., Etessami, K., and Yannakakis, M. 2001. Analysis of recursive state machines. In CAV 2001, pages 207--220.]]

[3]

Alur, R., Torre, S. L., and Madhusudan, P. 2003a. Modular strategies for recursive game graphs. In Proceedings of TACAS, volume 2619 of LNCS, pages 363--378.]]

[4]

Alur, R., Torre, S. L., and Madhusudan, P. 2003b. Modular strategies for infinite games on recursive graphs. In Proceedings of CAV'03, volume 2725 of LNCS, pages 67--79.]]

[5]

Alur, R. and Yannakakis, M. 2001. Model checking of hierarchical state machines. ACM Trans. Prog. Lang. Syst. 23, 3, pages 273--303.]]

[6]

Andersen, H. 1994. Model checking and boolean graphs. Theoret. Comput. Sci.126, 1, 3--30.]]

[7]

Ball, T. and Rajamani, S. 2000. Bebop: A symbolic model checker for boolean programs. In SPIN '2000, volume 1885 of LNCS, pages 113--130.]]

[8]

Benedikt, M., Godefroid, P., and Reps, T. 2001. Model checking of unrestricted hierarchical state machines. In ICALP'2001, pages 652--666.]]

[9]

Booch, G., Jacobson, J., and Rumbaugh, J. 1997. The Unified Modeling Language User Guide. Addison Wesley.]]

[10]

Bouajjani, A., Esparza, J., and Maler, O. 1997. Reachability analysis of pushdown automata: Applications to model checking. In CONCUR'97, pages 135--150.]]

[11]

Bouajjani, A., Esparza, J., and Touili, T. 2003. A generic approach to the static analysis of concurrent programs with procedures. In POPL '03, pages 62--73.]]

[12]

Balakrishnan, G. and Reps, T. 2004. Analyzing memory accesses in x86 executables. In Proceedings of the International Conference on Compiler Construction (CC'04), volume 2985 of LNCS, pages 5--23. Springer.]]

[13]

Burkart, O. and Steffen, B. 1992. Model checking and context-free processes. In CONCUR '92, pages 122--137.]]

[14]

Burkart, O. and Steffen, B. 1999. Model checking the full modal mu-calculus for infinite sequential processes. Theoret. Comput. Sci. 221, 251--270.]]

[15]

Chatterjee, K., Ma, D., Majumdar, R., Zhao, T., Henzinger, T. A., and Palsberg, J. 2003. Stack size analysis for interrupt-driven programs. In Proceedings of the 10th Static Analysis Symposium, pages 109--126.]]

[16]

Chen, H. and Wagner, D. 2002. MOPS: An infrastructure for examining security properties of software. In Proceedings of the Conference on Computer and Communication Section.]]

[17]

Cousot, P. and Cousot, R. 1977. Static determination of dynamic properties of recursive procedures. In IFIP Conference on Formal Description of Programming Concepts, St-Andrews, N.B., CA, E.J. Neuhold (Ed.), pages 237--277, St-Andrews, N.B., Canada.]]

[18]

Caucal, B. and Monfort, R. 1990. On the transition graphs of automata and grammars. In Graph Theoretic Concepts in Computer Science, Springer LNCS 484, pages 311--337.]]

[19]

Emerson, A. 1990. Modal and temporal logic. In Handbook of Theoretical Computer Science, Volume B, pages 995--1072, MIT Press.]]

[20]

Emerson, A. and Lei, C. 1986. Efficient model-checking in fragments of the propositional mu-calculus. In LICS 98, pages 267--278.]]

[21]

Esparza, J., Hansel, D., Rossmanith, P., and Schwoon, S. 2000. Efficient algorithms for model checking pushdown systems. In Computer Aided Verification, 12th International Conference, volume 1855 of LNCS, pages 232--247. Springer.]]

[22]

Etessami, K. 2004. Analysis of recursive game graphs using data flow equations. In 5th International Conference on Verification, Model Checking, and Abstract Interpretation, volume 2937 of LNCS, pages 282--296. Springer.]]

[23]

Finkel, A., Willems, B., and Wolper, P. 1997. A direct symbolic approach to model checking pushdown systems. In Infinity'97 Workshop, volume 9 of Electronic Notes in Theoretical Computer Science.]]

[24]

GrammaTech, Inc. 2000. CodeSurfer System. “http://www.grammatech.com/products/ codesurfer/”.]]

[25]

Harel, D. 1987. Statecharts: A visual formalism for complex systems. Sci. Comput. Prog. 8, 231--274.]]

[26]

Heintze, N. and McAllester, D. A. 1997. On the cubic bottleneck in subtyping and flow analysis. In Proceedings of Logic in Computer Science, pages 342--351.]]

[27]

Horwitz, S., Reps, T., and Binkley, D. 1990. Interprocedural slicing using dependence graphs. In Trans. Prog. Lang. Syst. 12, 1, 26--60.]]

[28]

Horwitz, S., Reps, T., Bricker, T., and Rosay, G. 1997. Wisconsin Program-Slicing Tool. “http://www.cs.wisc.edu/wpis/slicing_tool/”.]]

[29]

Horwitz, S., Reps, T., Sagiv, M., and Rosay, G. 1994. Speeding up slicing. In Proceedings of the 2nd ACM Symposium on Foundation of Software Engineering, pages 11--20.]]

[30]

Melski, D. and Reps, T. 1999. Interprocedural path profiling. In Proceedings of the 8th Internatinal Conference on Compiler Construction, pages 47--62.]]

[31]

Melski, D. and Reps, T. 2000. Interconvertibility of a class of set constraints and context-free-language reachability. Theoret. Comput. Sci., 248(1--2), 29--98.]]

[32]

Reps, T. 1998. Program analysis via graph reachability. Info. Soft. Tech. 40(11--12), 701--726.]]

[33]

Reps, T., Horwitz, S., and Sagiv, S. 1995. Precise interprocedural dataflow analysis via graph reachability. In POPL, pages 49--61.]]

[34]

Reps, T. and Rosay, G. 1995. Precise interprocedural chopping. In Proceedings of the 3rd ACM Symposium on Foundation of Software Engineering, pages 41--52.]]

[35]

Reps, T., Schwoon, S., and Jha, S. 2003. Weighted pushdown systems and their application to interprocedural dataflow analysis. In Proceedings of the 10th Static Analysis Symposium, pages 189--213.]]

[36]

Sagiv, M., Reps, T., and Horwitz, S. 1996. Precise interprocedural dataflow analysis with applications to constant propagation. Theoret. Comput. Sci. 167(1--2), 131--170.]]

[37]

Schwoon, S. 2002. Moped System. “http://www.fmi.uni-stuttgart.de/szs/tools/moped/”.]]

[38]

Schwoon, S., Reps, T., and Jha, S. 2003. Weighted PDS Library. “http://www.fmi. uni-stuttgart.de/szs/tools/wpds/”.]]

[39]

Schwoon, S., Jha, S., Reps, T., and Stubblebine, S. 2003. On generalized authorization problems. In Proceedings of the 16th Computer Section Foundations Workshop, pages 202--218.]]

[40]

Ball, T. and Rajamani, S. 2000. SLAM Toolkit. “http://research.microsoft.com/slam/”.]]

[41]

Sharir, M. and Pnueli, A. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, S.S. Muchnick and N.D. Jones (eds.), Prentice-Hall, Englewood Cliffs, NJ, pages 189--234.]]

[42]

Ullman, J. D. 1988. Principles of Database and Knowledge-base systems. Computer Science Press.]]

[43]

Valiant, L. G. 1975. General context-free recognition in less than cubic time. J. Comput. Syst. Sci. 10, 308--315.]]

[44]

Vardi, M. and Wolper, P. 1986. Automata-theoretic techniques for modal logics of programs. J. Comput. Syst. Softw. 32, 2, 183--221.]]

[45]

Walukiewicz, I. 2001. Pushdown processes: Games and model-checking. Information and Computation 164, 2, 234--263.]]

[46]

Yannakakis, M. 1990. Graph-theoretic methods in database theory. In Proceedings of the 9th ACM Symposium on Principles of Database Systems, pages 230--242.]]

[47]

Woods, W. A. 1970. Transition network grammars for natural language analysis. Commun. ACM 13, 10, 591--606.]]

[48]

WPDS++: 2004. A C++ Library for Weighted Pushdown Systems, University of Wisconsin.]]

Cited By

Sistla MChaudhuri SReps T(2024)Weighted Context-Free-Language Ordered Binary Decision DiagramsProceedings of the ACM on Programming Languages10.1145/36897608:OOPSLA2(1390-1419)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689760
Sistla MChaudhuri SReps T(2024)CFLOBDDs: Context-Free-Language Ordered Binary Decision DiagramsACM Transactions on Programming Languages and Systems10.1145/365115746:2(1-82)Online publication date: 2-May-2024
https://dl.acm.org/doi/10.1145/3651157
Balasubramanian AMajumdar RThinniyam RZetzsche G(2024)Reachability in Continuous Pushdown VASSProceedings of the ACM on Programming Languages10.1145/36332798:POPL(90-114)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3633279
Show More Cited By

Index Terms

Analysis of recursive state machines
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods
    2. Software system structures
      1. Software system models
        State systems
2. Theory of computation

Recommendations

Visibly pushdown languages
STOC '04: Proceedings of the thirty-sixth annual ACM symposium on Theory of computing

We propose the class of visibly pushdown languages as embeddings of context-free languages that is rich enough to model program analysis questions and yet is tractable and robust like the class of regular languages. In our definition, the input symbol ...
Lazy model checking for recursive state machines
Abstract
Recursive state machines (RSMs) are state-based models for procedural programs with wide-ranging applications in program verification and interprocedural analysis. Model-checking algorithms for RSMs and related formalisms have been intensively ...
Subcubic algorithms for recursive state machines
POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

We show that the reachability problem for recursive state machines (or equivalently, pushdown systems), believed for long to have cubic worst-case complexity, can be solved in slightly subcubic time. All that is necessary for the new bound is a simple ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Programming Languages and Systems

ACM Transactions on Programming Languages and Systems Volume 27, Issue 4

July 2005

236 pages

ISSN:0164-0925

EISSN:1558-4593

DOI:10.1145/1075382

Issue’s Table of Contents

Copyright © 2005 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2005

Published in TOPLAS Volume 27, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

170
Total Citations
View Citations
1,691
Total Downloads

Downloads (Last 12 months)134
Downloads (Last 6 weeks)21

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sistla MChaudhuri SReps T(2024)Weighted Context-Free-Language Ordered Binary Decision DiagramsProceedings of the ACM on Programming Languages10.1145/36897608:OOPSLA2(1390-1419)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689760
Sistla MChaudhuri SReps T(2024)CFLOBDDs: Context-Free-Language Ordered Binary Decision DiagramsACM Transactions on Programming Languages and Systems10.1145/365115746:2(1-82)Online publication date: 2-May-2024
https://dl.acm.org/doi/10.1145/3651157
Balasubramanian AMajumdar RThinniyam RZetzsche G(2024)Reachability in Continuous Pushdown VASSProceedings of the ACM on Programming Languages10.1145/36332798:POPL(90-114)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3633279
Shi CLi HSui YLu JLi LXue J(2024)Pearl: A Multi-Derivation Approach to Efficient CFL-Reachability SolvingIEEE Transactions on Software Engineering10.1109/TSE.2024.343768450:9(2379-2397)Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3437684
Dubslaff CWienhöft PFehnker A(2024)Lazy model checking for recursive state machinesSoftware and Systems Modeling (SoSyM)10.1007/s10270-024-01159-z23:2(369-401)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10270-024-01159-z
Chiari MMandrioli DPontiggia FPradella M(2023)A Model Checker for Operator Precedence LanguagesACM Transactions on Programming Languages and Systems10.1145/360844345:3(1-66)Online publication date: 23-Sep-2023
https://dl.acm.org/doi/10.1145/3608443
Lei YSui YTan SZhang Q(2023)Recursive State Machine Guided Graph Folding for Context-Free Language ReachabilityProceedings of the ACM on Programming Languages10.1145/35912337:PLDI(318-342)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591233
Ferrando AMalvone VMurano AStranieri S(2023)HYASM: A Tool to Verify Hierarchical Systems2023 IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)10.1109/WETICE57085.2023.10477788(1-6)Online publication date: 14-Dec-2023
https://doi.org/10.1109/WETICE57085.2023.10477788
Shi CLi HSui YLu JLi LXue J(2023)Two Birds with One Stone: Multi-Derivation for Fast Context-Free Language Reachability Analysis2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE56229.2023.00118(624-636)Online publication date: 11-Sep-2023
https://doi.org/10.1109/ASE56229.2023.00118
Sistla MChaudhuri SReps T(2023)Symbolic Quantum Simulation with QuasimodoComputer Aided Verification10.1007/978-3-031-37709-9_11(213-225)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-37709-9_11
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents