On-the-Fly Data Flow Analysis Based on Verification Technology

The combination of static and dynamic software analysis, such as data flow analysis (Dfa) and model checking, provides benefits for both disciplines. On the one hand, the information extracted by Dfas about program data may be utilized by model checkers to optimize the state space representation. On the other hand, the expressiveness of logic formulas allows us to consider model checkers as generic data flow analyzers. Following this second approach, we propose in this paper an algorithm to calculate Dfas using on-the-fly resolution of boolean equation systems (Bess). The overall framework includes the abstraction of the input program into an implicit labeled transition system (Lts), independent of the program specification language. Moreover, using Bess as an intermediate representation allowed us to reformulate classical Dfas encountered in the literature, which were previously encoded in terms of @m-calculus formulas with forward and backward modalities. Our work was implemented and integrated into the widespread verification platform Cadp, and experimented on real examples.

[1]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[2]  María-del-Mar Gallardo,et al.  Implementing Influence Analysis Using Parameterised Boolean Equation Systems , 2006, Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (isola 2006).

[3]  Tiziana Margaria,et al.  Data-Flow Analysis as Model Checking Within the jABC , 2006, CC.

[4]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[5]  Radu Mateescu,et al.  An overview of CADP 2001 , 2001 .

[6]  Hubert Garavel,et al.  OPEN/CÆSAR: An OPen Software Architecture for Verification, Simulation, and Testing , 1998, TACAS.

[7]  Angelika Mader,et al.  Verification of modal properties using Boolean equation systems , 1997 .

[8]  Radu Mateescu,et al.  CAESAR_SOLVE: A generic library for on-the-fly resolution of alternation-free Boolean equation systems , 2006, International Journal on Software Tools for Technology Transfer.

[9]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[10]  María-del-Mar Gallardo,et al.  Abstract Matching for Software Model Checking , 2006, SPIN.

[11]  María-del-Mar Gallardo,et al.  Towards Model Checking C Code with OPEN/CÆSAR , 2006, MSVVEIS.

[12]  Radu Mateescu,et al.  Local Model-Checking of an Alternation-Free Value-Based Modal Mu-Calculus , 1998 .

[13]  Hubert Garavel,et al.  State space reduction for process algebra specifications , 2006, Theor. Comput. Sci..

[14]  Bernhard Steffen,et al.  Data Flow Analysis as Model Checking , 1990, TACS.

[15]  Pedro de la Cámara,et al.  Model checking software with well-defined APIs: the socket case , 2005, FMICS '05.

[16]  Bernhard Steffen,et al.  Generating Data Flow Analysis Algorithms from Modal Specifications , 1993, Sci. Comput. Program..

[17]  Henrik Reif Andersen Model Checking and Boolean Graphs , 1992, ESOP.

[18]  Radu Mateescu,et al.  Distributed On-the-Fly Model Checking and Test Case Generation , 2006, SPIN.