Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pushdown processes: games and model-checking
Information and Computation - Special issue on FLOC '96
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bebop: A Symbolic Model Checker for Boolean Programs
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
Exploiting Behavioral Hierarchy for Efficient Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
µcke - Efficient µ-Calculus Model Checking
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
ACM SIGPLAN Conference on Programming Language Design and Implementation 2004
KISS: keep it simple and sequential
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Jedd: a BDD-based relational extension of Java
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Context-sensitive program analysis as database queries
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Analysis of recursive state machines
ACM Transactions on Programming Languages and Systems (TOPLAS)
Iterative context bounding for systematic testing of multithreaded programs
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
The software model checker Blast: Applications to software engineering
International Journal on Software Tools for Technology Transfer (STTT)
Subcubic algorithms for recursive state machines
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Weighted pushdown systems and their application to interprocedural dataflow analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Context-Bounded model checking of concurrent software
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Reducing Context-Bounded Concurrent Reachability to Sequential Reachability
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
The tree width of auxiliary storage
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A decade of software model checking with SLAM
Communications of the ACM
Getting rid of store-buffers in TSO analysis
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Reachability of multistack pushdown systems with scope-bounded matching relations
CONCUR'11 Proceedings of the 22nd international conference on Concurrency theory
On sequentializing concurrent programs
SAS'11 Proceedings of the 18th international conference on Static analysis
The language theory of bounded context-switching
LATIN'10 Proceedings of the 9th Latin American conference on Theoretical Informatics
Model-Checking parameterized concurrent programs using linear interfaces
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Synthesizing software verifiers from proof rules
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
CONCURRIT: testing concurrent programs with programmable state-space exploration
HotPar'12 Proceedings of the 4th USENIX conference on Hot Topics in Parallelism
Synchronisation- and reversal-bounded analysis of multithreaded programs with counters
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Linear-Time model-checking for multithreaded programs under scope-bounding
ATVA'12 Proceedings of the 10th international conference on Automated Technology for Verification and Analysis
Policy analysis for self-administrated role-based access control
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
CONCURRIT: a domain specific language for reproducing concurrency bugs
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
| Hi-index | 0.02 |
We show that recursive programs where variables range over finite domains can be effectively and efficiently analyzed by describing the analysis algorithm using a formula in a fixed-point calculus. In contrast with programming in traditional languages, a fixed-point calculus serves as a high-level programming language to easily, correctly, and succinctly describe model-checking algorithms While there have been declarative high-level formalisms that have been proposed earlier for analysis problems (e.g., Datalog the fixed-point calculus we propose has the salient feature that it also allows algorithmic aspects to be specified. We exhibit two classes of algorithms of symbolic (BDD-based) algorithms written using this framework-- one for checking for errors in sequential recursive Boolean programs, and the other to check for errors reachable within a bounded number of context-switches in a concurrent recursive Boolean program. Our formalization of these otherwise complex algorithms is extremely simple, and spans just a page of fixed-point formulae. Moreover, we implement these algorithms in a tool called Getafix which expresses algorithms as fixed-point formulae and evaluates them efficiently using a symbolic fixed-point solver called Mucke. The resulting model-checking tools are surprisingly efficient and are competitive in performance with mature existing tools that have been fine-tuned for these problems.