Bounded Underapproximations

We show a new and constructive proof of the following language-theoretic result: for every context-free language L, there is a bounded context-free language L’ included in L which has the same Parikh (commutative) image as L. Bounded languages, introduced by Ginsburg and Spanier, are subsets of regular languages of the form w1w2…wk* for some finite words w1,…,wk. In particular bounded subsets of context-free languages have nice structural and decidability properties. Our proof proceeds in two parts. First, using Newton’s iterations on the language semiring, we construct a context-free subset Ls of L that can be represented as a sequence of substitutions on a linear language and has the same Parikh image as L. Second, we inductively construct a Parikh-equivalent bounded context-free subset of Ls. We show two applications of this result in model checking: to underapproximate the reachable state space of multithreaded procedural programs and to underapproximate the reachable state space of recursive counter programs. The bounded language constructed above provides a decidable underapproximation for the original problems. By iterating the construction, we get a semi-algorithm for the original problems that constructs a sequence of underapproximations such that no two underapproximations of the sequence can be compared. This provides a progress guarantee: every word w in L is in some underapproximation of the sequence. In addition, we show that our approach subsumes context-bounded reachability for multithreaded programs.

💡 Research Summary

The paper establishes a constructive proof of a classic language‑theoretic result: for every context‑free language (CFL) L there exists a bounded CFL L′ such that L′ ⊆ L and Parikh(L′) = Parikh(L). Bounded languages, originally defined by Ginsburg and Spanier, are subsets of regular languages of the form w₁* w₂* … w_k* for a finite list of words w₁,…,w_k. Because bounded languages enjoy strong closure and decidability properties, finding a bounded sublanguage that preserves the Parikh image of a CFL provides a powerful under‑approximation technique for verification problems that involve infinite state spaces.

The proof proceeds in two main stages. In the first stage the authors work in the language semiring (union, concatenation, and Kleene star) and apply a Newton‑iteration scheme originally devised for solving fixed‑point equations over numerical domains. By interpreting language equations as elements of this semiring, the Newton iteration yields a sequence of language approximants that converge to a fixed point with the same Parikh image as L. The limit of this process is a sublanguage L_s ⊆ L that can be expressed as a finite sequence of substitutions applied to a linear language. Linear languages are a restricted subclass of CFLs where each production contains at most one non‑terminal; this structural restriction makes L_s amenable to the second stage of the construction.

In the second stage the authors inductively build a bounded language that is Parikh‑equivalent to L_s. They select a finite set of words {w₁,…,w_k} and associate with each a natural exponent e_i, forming the language w₁^{e₁} w₂^{e₂} … w_k^{e_k}*. By carefully designing the substitution rules, they guarantee that every word of L_s can be rewritten as a concatenation of the chosen w_i’s with appropriate repetitions, and that the multiset of symbols (the Parikh vector) is unchanged. The result is a bounded CFL L′ that is included in the original language L and shares its Parikh image.

The authors then demonstrate two concrete applications in model checking. First, they consider multithreaded procedural programs where each thread’s call stack can be modeled by a CFL. By replacing the original stack language with the bounded sublanguage L′, the potentially unbounded recursion is captured by a finite repetition pattern, yielding a decidable under‑approximation of the reachable state space. Second, they address recursive counter programs that combine a push‑down stack with integer counters. The stack component is again abstracted by a bounded CFL, while the counter updates are represented by regular languages; the combined system becomes amenable to reachability analysis because the bounded component eliminates the source of infinite branching.

A key insight is that the bounded‑language construction subsumes the well‑known context‑bounded reachability technique for multithreaded programs. Context‑bounded analysis corresponds to a particular choice of bounded language where each w_i encodes a context switch. By allowing arbitrary bounded patterns, the authors obtain a strictly more general under‑approximation that can capture behaviors beyond any fixed context bound.

Finally, the paper proposes an iterative refinement scheme. Starting from the initial bounded under‑approximation, the construction can be reapplied to generate a sequence {L₁, L₂, …} of bounded CFLs, each incomparable with the others under set inclusion. The sequence enjoys a progress guarantee: every word w ∈ L will appear in some L_i. Consequently, the method yields a semi‑algorithm for the original reachability problems: it may never terminate, but if a word is reachable it will eventually be discovered in one of the approximations.

In summary, the work bridges a deep result from formal language theory—Parikh‑preserving bounded sublanguages of CFLs—with practical verification of infinite‑state systems. By exploiting Newton iteration on the language semiring and an inductive bounded‑language construction, the authors provide a systematic way to obtain decidable under‑approximations, extend existing context‑bounded techniques, and guarantee eventual coverage of all reachable behaviors. This contribution opens new avenues for applying algebraic language methods to automated reasoning about programs with recursion, concurrency, and unbounded data.