Static Analysis using Parameterised Boolean Equation Systems

TL;DR

This paper presents a novel static analysis method that combines influence analysis with parameterised boolean equation systems to improve state space exploration in model checking, especially for programs with complex data structures.

Contribution

It introduces a new approach that integrates influence analysis into PBES-based static analysis to automatically generate efficient abstract matching functions for model checking.

Findings

Efficient construction of abstract matching functions using PBES.

Integration of influence analysis with on-the-fly model checking.

Application within the CADP framework for distributed systems verification.

Abstract

The well-known problem of state space explosion in model checking is even more critical when applying this technique to programming languages, mainly due to the presence of complex data structures. One recent and promising approach to deal with this problem is the construction of an abstract and correct representation of the global program state allowing to match visited states during program model exploration. In particular, one powerful method to implement abstract matching is to fill the state vector with a minimal amount of relevant variables for each program point. In this paper, we combine the on-the-fly model-checking approach (incremental construction of the program state space) and the static analysis method called influence analysis (extraction of significant variables for each program point) in order to automatically construct an abstract matching function. Firstly, we describe the problem as an alternation-free value-based mu-calculus formula, whose validity can be checked on the program model expressed as a labeled transition system (LTS). Secondly, we translate the analysis into the local resolution of a parameterised boolean equation system (PBES), whose representation enables a more efficient construction of the resulting abstract matching function. Finally, we show how our proposal may be elegantly integrated into CADP, a generic framework for both the design and analysis of distributed systems and the development of verification tools.