Towards A Shape Analysis for Graph Transformation Systems

Graphs and graph transformation systems are a frequently used modelling technique for a wide range of different domains, cover- ing areas as diverse as refactorings, network topologies or reconfigurable software. Being a formal method, graph transformation systems lend themselves to a formal analysis. This has inspired the development of various verification methods, in particular also model checking tools. In this paper, we present a verification technique for infinite-state graph transformation systems. The technique employs the abstraction principle used in shape analysis of programs, summarising possibly infinitely many nodes thus giving shape graphs. The technique has been implemented using the 3-valued logical foundations of standard shape analysis. We exemplify the approach on an example from the railway domain.

💡 Research Summary

The paper addresses the challenge of verifying graph transformation systems (GTS) that can generate infinitely many states, a situation common in domains such as software refactoring, network topology management, and reconfigurable systems. Traditional model‑checking techniques either assume a finite state space or suffer from severe loss of precision when abstracting infinite structures. To overcome these limitations, the authors adapt the shape‑analysis paradigm originally devised for heap‑manipulating programs. Their approach relies on three‑valued logic (true, false, maybe) to represent graph elements: nodes and edges are annotated with logical predicates, and a summarisation operation collapses arbitrarily many indistinguishable nodes into a single “summary node.” This node carries a “maybe” value for properties that are uncertain due to abstraction.

Transformation rules are expressed as logical pre‑conditions and post‑conditions. During analysis, a rule may fire only if its pre‑condition evaluates to true or maybe under the current three‑valued interpretation, ensuring a conservative over‑approximation of reachable states. When necessary, the analysis can “refine” a summary node by concretising it back into multiple concrete nodes, thereby regaining precision at the cost of increased state space. The authors implement the technique on top of TVLA (Three‑Valued Logic Analyzer), extending it with a parser that translates graph‑transformation specifications into TVLA transition rules and with libraries that manage summarisation, refinement, and caching of abstract states.

The methodology is demonstrated on a railway case study. Tracks are modelled as potentially unbounded linear structures, and trains as moving tokens. By summarising the repetitive track segments, the abstract state space shrinks from millions of concrete configurations to a few thousand abstract ones, yet the safety property “no two trains occupy the same track segment simultaneously” is proved for all possible executions. The case study illustrates both the scalability of the approach and its ability to retain enough detail to verify non‑trivial safety constraints.

In conclusion, the paper contributes a novel, conservative verification technique for infinite‑state GTS that leverages the mature theoretical foundations of shape analysis. It shows that three‑valued abstraction can be effectively applied beyond program heaps to graph‑based models, offering a promising avenue for analyzing dynamic systems in various engineering domains. Future work is suggested on tuning summarisation parameters, integrating the method with other abstraction frameworks, and extending the evaluation to additional domains such as dynamic network reconfiguration and cloud infrastructure management.