Section: New Results
Languages and Compilation Techniques
Compilation of LOTOS
The Cadp toolbox contains several tools dedicated to the Lotos language, namely: the Cæsar.adt compiler  for the data type part of Lotos , the Cæsar compiler  for the process part of Lotos , and the Cæsar.Indent pretty-printer.
In 2005, we performed maintenance activities for these tools (1 bug fixed in Cæsar.adt , 1 bug fixed in Cæsar , and 3 bugs fixed in Cæsar.Indent ) and we improved the C code generated by Cæsar and Cæsar.adt to avoid warnings emitted by the most recent C compilers. We also enhanced the Cæsar compiler in two ways:
In the framework of the FormalFame Plus contract (see § 7.2 ), we simplified the use of the Exec/Cæsar environment  . Exec/Cæsar allows to interconnect, on the one hand, the C code generated by Cæsar from the Lotos description of a system and, on the other hand, the ``real'' environment with which this system interacts. This interconnection is implemented as a collection of C functions, one per visible gate declared in the Lotos specification, which have to be written by hand.
The new version of Cæsar greatly automates this task by generating automatically, for each function, a C code skeleton that implements appropriate pattern-matching actions for checking gate parameters — since, in Lotos , the same gate can be overloaded with several parameter lists that differ in number, types and direction (input or output) — as well as logging actions to trace the execution of these functions.
We pursued our study of state space reduction techniques, our goal being to decrease the size of the graphs generated by Cæsar , still preserving strong bisimulation between the original and reduced graphs.
Our previous work on state space reduction based on live variable analysis  led to an improved version of Cæsar (named Cæsar.New ), which became part of Cadp in April 2005. A journal paper was also accepted for publication  .
Additionally, W. Serwe experimented further uses of data-flow analysis so as to reduce memory requirements for enumerative verification.
Compilation of E-LOTOS
As regards the E-Lotos language — and, more specifically, its Lotos NT variant elaborated by the Vasy team — we worked in two directions:
We continued to improve the Traian compiler (see § 5.2 ), which generates C code from Lotos NT data type and function definitions. Traian is distributed on the Internet (see § 9.1 ) and used intensively within the Vasy team as a development tool for compiler construction  .
In 2005, we released a new version 2.5 of Traian . It corrects four bugs and makes the C code generated by Traian compatible with the latest versions of Gcc and Intel's Icc compilers. In addition, the Traian libraries and shell-scripts have been ported to the Itanium 64-bit platform running the Linux operating system.
In the framework of the FormalFame Plus contract (see § 7.2 ), we undertook the development of a translator from Lotos NT to Lotos , so as to ease the development of large specifications by Bull and to reuse the existing Lotos tools for analyzing concurrent systems described in Lotos NT .
In 2005, a first version of this translator was delivered to Bull . It consists of a Lotos preprocessing tool named Lpp ( 1, 280 lines of C code) and a translation tool named Lnt2Lotos developed using the aforementioned Syntax / Traian technology (760 lines of Syntax code, 1, 920 lines of Lotos NT code, and 980 lines of C code). A reference manual was written  .
Source-Level Translations between Process Algebras
Although process algebras are, from a technical point of view, the best formalism to describe concurrent systems, they are not used as widely as they could be. Besides the steep learning curve of process algebras, which is traditionally mentioned as the main reason for this situation, it seems also that the process algebra community scattered its efforts by developing too many languages, similar in concept but incompatible in practice. Even the advent of two international standards, such as Lotos (in 1989) and E-Lotos (in 2001), did not remedy this fragmentation.
To address this problem, we started investigating source-level translators from various process algebras into Lotos , so as to widen the applicability of the Cadp tools. One first example is the aforementioned translator from Lotos NT to Lotos (see § 6.2.2 ). In 2005, we have also been studying translators for two other process algebras:
We considered the process algebra Fsp ( Finite State Processes ) defined in a popular textbook on concurrency  . For the ``basic Fsp '' fragment (i.e., Fsp without its data part), a prototype translator to Lotos (700 lines of Syntax code, 2, 300 lines of Lotos NT code, and 300 lines of C code) was developed. While extending this translator to ``full Fsp '', ambiguities were found in the reference Fsp grammar. A collaboration with Jeff Kramer and Jeff Magee (Imperial College, London) was initiated to handle these issues.
In the framework of the Inria/Leti collaboration (see § 8.1 ), we focused on the process algebra Chp ( Communicating Hardware Processes ) for which the Tima laboratory has developed a circuit synthesis tool named Tast  and which is used by the Leti laboratory to describe complex, asynchronous circuits at a high abstraction level. The goal is to integrate formal verification into the design flow of complex microelectronic circuits.
First, we defined a structural operational semantics for Chp , which so far lacked a formal semantics. In particular, our semantics gives an unambiguous meaning to the hardware-specific ``probe'' operator of Chp , the semantics of which has been debated for long beforehand.
We then proposed a translation scheme from Chp to Lotos for a fragment of Chp restricted to simple data types (booleans and natural numbers) and to one single probe operator in boolean guards. For this fragment we developed a prototype translator named Chp2Lotos , which we used successfully to verify an asynchronous circuit implementing the Des encryption standard (see § 6.3 ). The operational semantics and the translation scheme for this Chp fragment led to an international publication  .
We then revised our translation scheme to handle all the data types of Chp (including vectors, arrays, and enumerated types of arbitrary size) and to allow boolean guards containing several probe operators. The Chp2Lotos translator was extended accordingly (currently, 2, 100 lines of Syntax code, 11, 500 lines of Lotos NT code, and 4, 000 lines of C code) and started to be applied to an asynchronous NoC ( Network on Chip ) circuit under design at the Leti laboratory (see § 6.3 ).