Towards Distributed Software Model-Checking Using Decision Diagrams ⋆ Maximilien Colange 1 , Souheib Baarir 2 , Fabrice Kordon 1 , and Yann Thierry-Mieg 1 1 LIP6, CNRS UMR 7606, Université P. & M. Curie – Paris 6 4, Place Jussieu, F-75252 Paris Cedex 05, France 2 LIP6, CNRS UMR 7606 and Université Paris Ouest Nanterre La Défense 200, avenue de la République, F-92001 Nanterre Cedex, France first.last@lip6.fr Abstract. Symbolic data structures such as Decision Diagrams have proved suc- cessful for model-checking. For high-level specifications such as those used in programming languages, especially when manipulating pointers or arrays, build- ing and evaluating the transition is a challenging problem that limits wider appli- cability of symbolic methods. We propose a new symbolic algorithm, EquivSplit, allowing an efficient and fully symbolic manipulation of transition relations on Data Decision Diagrams. It allows to work with equivalence classes of states rather than individual states. Experimental evidence on the concurrent software oriented benchmark BEEM shows that this approach is competitive. 1 Introduction Model-checking of concurrent software faces state space explosion. To address this is- sue, many algorithms and data structures have been proposed, one of the most success- ful being symbolic shared data structures such as Binary Decision Diagrams (BDD). While BDD allow in many cases to cope with very large state spaces, expressing algorithms symbolically to take full advantage of the data structure is tricky. Symbolic evaluation algorithms that are aware of the data structure itself such as saturation-style algorithms [6,11] can be orders of magnitude better than naive evaluation in a breadth- first search manner. The transition relation of a system of k boolean variables, can be seen as a function B k → 2 B k and is usually built and stored as a second decision diagram N, with two variables “before” and “after” for each variable of the system. A specific operation between any subset of the state space S encoded as a decision diagram and the transition relation N yields a decision diagram S ′ = N(S) representing immediate successors of S. Let us define statements as (sequences of) assignments of expressions to variables. The support of a statement is the set of variables it reads or writes to. This notion of locality is heavily exploited, to limit the representation of transitions to the effect they have on variables of their support. For each transition with k ′ Boolean support variables, ⋆ This work has been supported by a grant from the Délégation Générale pour l’Armement and by the project ImpRo/ANR-2010-BLAN-0317. N. Sharygina and H. Veith (Eds.): CAV 2013, LNCS 8044, pp. 830–845, 2013. © Springer-Verlag Berlin Heidelberg 2013