BCS © 2017
Formal Aspects of Computing (2017) 29: 777-803
On partial state matching
and Jan Kofro
Charles University, Faculty of Mathematics and Physics, Malostranske namesti 25, 118 00, Praha 1, Czech Republic.
Abstract. During explicit software model checking, the tools spend a lot of time in state matching. This is implied
not only by processing a huge number of states, but also by the fact that state representation is usually not small
either. In this article, we present two dead variable analyses; applying them during the code-model-checking
process results in size reduction of both state representation and explored state space itself. We implemented the
analyses inside Java PathFinder and evaluate their impact in terms of memory and time reduction using several
Keywords: Explicit model checking, dead variable analysis, optimization, performance.
In explicit software model checking, the model checkers spend a lot of time in the state matching process. During
the state space traversal, state matching identiﬁes equivalent states to avoid multiple exploration of the same parts
of the state space. This usually implies computing a state representation for each reached state that is easy to
compare and store, and trying to ﬁnd the state being currently explored in the set of states visited earlier. Many
optimizations, such as Partial Order Reduction [Dor93] and thread symmetry [VHB
03], have been introduced
to reduce the number of states that need to be explored. At the same time, since the state representation in case of
software model checking is usually not of negligible size, its reduction can signiﬁcantly speed up the state matching
process as well. The related optimization techniques in this case focus on fast compression of state representation,
such as those in [Huf52, rle], hashing, and identiﬁcation of unimportant parts of states [SM07, LJ06, BFG99],
e.g., the environment variables being the same over the entire program run, to be excluded.
While most of the optimizations are easy and fast to compute and apply if information about entire state
space is available (e.g., for partial order reduction, it is clear which traces end up in the same state and what are the
potential successors of the states along them), they become challenging if the state space is generated on-the-ﬂy;
this is the typical case of today’s tools. Then, conservative simpliﬁcations have to be made to preserve correctness
of the model checking results.
This work was partially supported by the Grant Agency of the Czech Republic Project 14-11384S.
Correspondence and offprint requests to:J.Kofro
n, Email: email@example.com