Overall Objectives
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities
Inria / Raweb 2004
Project: VASY

Project : vasy

Section: New Results

Models and Verification Techniques

The OPEN/CÆSAR Libraries

Participants : Nicolas Descoubes, Hubert Garavel, Wendelin Serwe.

The Open/Cæsar libraries [3] are useful modules for on the fly verification, such as state tables, stacks, bitmap tables, etc. These libraries play a discrete, yet central role in the Cadp toolbox.

In 2004, we improved the Open/Cæsar libraries in various ways:


Participant : Radu Mateescu.

Cæsar_Solve is a generic software library for solving boolean equation systems of alternation depth 1 (i.e., without mutual recursion between minimal and maximal fixed point equations) on the fly. This library is at the core of several Cadp verification tools, namely the equivalence checker Bisimulator (see §  6.1.3), the model checker Evaluator 4.0, and the $ \tau$-confluence reduction tool. The resolution method is based on boolean graphs, which provide an intuitive representation of dependencies between boolean variables; boolean graphs are handled implicitly in a way similar to the Open/Cæsar interface.

The Cæsar_Solve library provides four different resolution algorithms: A1 and A2 are general algorithms based upon depth-first, respectively breadth-first, traversals of boolean graphs; A3 and A4 are optimized for the case of acyclic, respectively disjunctive/conjunctive, boolean graphs; they are based upon memory-efficient depth-first traversals of boolean graphs. All these algorithms can generate diagnostics explaining why a result is true or false (examples and counterexamples).

In 2004, the Cæsar_Solve library (9, 640 lines of C code) was extended and improved as follows:

A paper about the Cæsar_Solve library was accepted for publication [17].


Participants : Damien Bergamini, Nicolas Descoubes, Radu Mateescu.

Bisimulator is an equivalence checker, which takes as input two graphs to be compared (one represented implicitly using the Open/Cæsar environment, the other represented explicitly as a Bcg file) and determines whether they are equivalent (modulo a given equivalence relation) or whether one of them is included in the other (modulo a given preorder relation).

Bisimulator works on the fly, meaning that only those parts of the implicit graph pertinent to verification are explored. Thanks to the use of Open/Cæsar, Bisimulator can be applied directly to descriptions written in high level languages (for instance, Lotos). This is a significant improvement compared to older tools (such as Aldébaran and Fc2Implicit) which only accept lower level models (networks of communicating automata).

Bisimulator works by reformulating the graph comparison problem in terms of a boolean equation system, which is solved using the Cæsar_Solve library (see §  6.1.2). A useful functionality of Bisimulator is the generation of diagnostics (counterexamples), which explain why two graphs are not equivalent (or not included one in the other). The counterexamples generated by Bisimulator are directed acyclic graphs and usually much smaller than those generated by other tools (such as Aldébaran) that can only generate counterexamples restricted to sets of traces.

In 2004, we continued the development of the Bisimulator tool (11, 700 lines of C code):

The Bisimulator tool was subject to an accepted publication [19].

The AAL Tool

Participants : Damien Bergamini, David Champelovier, Nicolas Descoubes, Hubert Garavel, Radu Mateescu, Wendelin Serwe.

In the framework of the ArchWare project (see §  7.1), we focus on the analysis of software architectures.

Aal (Architecture Analysis Language) is the language defined by ArchWare for expressing properties of software architectures and architectural styles. Aal contains operators borrowed from first-order logic and modal $ \mu$-calculus, extended with predicates specific to architectural descriptions. It allows to specify both style-related structural properties (e.g., connectivity between components, cardinality, etc.) and architecture-related behavioral properties (e.g., safety, liveness, fairness).

Aaf-Mc (Architecture Analysis Formalism for Model Checking) is the fragment of Aal containing properties to be verified using model checking. A large number of property patterns relevant to software architectures are available as libraries defined in Aaf-Mc, and several fragments of Aaf-Mc, compatible with usual equivalence relations (e.g., strong, branching, observational, and safety equivalences) are identified.

Aaf-Mc is equipped with a model checker that translates the temporal formulas expressed in Aaf-Mc into boolean equation systems. The analysis methodology adopted by ArchWare consists in using the Aaf-Mc model checker to verify correctness properties on execution traces generated during the simulation of an architectural description [20].

In 2004, we continued the development of the Aaf-Mc model checker (16, 400 lines of code):

The Aaf-Mc model checker is described in two ArchWare deliverables [27][28]. R. Mateescu gave a keynote presentation about this model checker at Vveis'2004 (see §  9.3).

Compositional Verification Tools

Participant : Frédéric Lang.

The Cadp toolbox contains various tools dedicated to compositional verification, among which Projector 2.0, Exp.Open 2.0, and Svl play a central role.

Projector 2.0 is a tool (totally rewritten in 2002) that implements behaviour abstraction [47][52], by taking into account interface constraints. In 2004, we improved Projector 2.0 by adding options to hide and rename labels on the fly, based on the Cæsar_Mask library, and we corrected a few bugs. A manual page was written for Projector 2.0 [37] and the tool became part of Cadp in December 2004.

Exp.Open 2.0 is a tool that explores on the fly the graph corresponding to a network of communicating automata (represented as a set of Bcg files). These automata are composed together in parallel using either algebraic operators (as in Ccs, Csp, Lotos, and μCrl), ``graphical'' operators (as in E-Lotos[50] and Lotos NT), or synchronization vectors (as in the Mec and Fc2 tools). Additional operators are available to hide and/or rename labels (using regular expressions) and to cut certain transitions. In 2004, we enhanced Exp.Open 2.0 along the following lines:

In 2004, we enhanced the Svl language and compiler along the following lines:

Parallel and Distributed Verification Tools

Participants : Damien Bergamini, Nicolas Descoubes, Hubert Garavel, Christophe Joubert, Radu Mateescu.

Enumerative verification algorithms need to explore and store very large graphs and, thus, are often limited by the capabilities of current sequential machines. To push forward the limits, we are studying parallel and distributed algorithms adapted to the clusters of Pcs and networks of workstations available in most research laboratories.

Our initial efforts focused on parallelizing the graph construction algorithm [8], which is a bottleneck for verification as it requires a considerable amount of memory to store all reachable states. In this respect, we developed the following software:

In 2004, we improved the distributed model checking tools as follows:

Three papers on distributed model checking were either published or accepted for publication [23][24][19].

Performance Evaluation Tools

Participants : Damien Bergamini, David Champelovier, Hubert Garavel, Christophe Joubert, Frédéric Lang, Radu Mateescu.

In addition to its verification capabilities, the Cadp toolbox contains several tools dedicated to performance evaluation, namely Bcg_Min, Bcg_Steady, Bcg_Transient, and Determinator. Contrary to most Cadp tools that operate on labeled transition systems, these tools operate on probabilistic/stochastic models derived from discrete-time and continuous-time Markov chains.

In 2004, these tools have progressed as follows:

Other Tool Developments

Participants : David Champelovier, Damien Bergamini, Nicolas Descoubes, Hubert Garavel, Frédéric Lang, Radu Mateescu, Wendelin Serwe.

We also improved the following Cadp tools and libraries:

We pursued our continous work of adapting Cadp to the latest computing platforms:

We enhanced our software engineering environment used to develop and maintain Cadp: