Section: New Results
Case Studies and Practical Applications
Participants : David Champelovier, Hubert Garavel, Frédéric Lang, Radu Mateescu, Gwen Salaün, Wendelin Serwe.
In 2005, the Vasy team also worked on the following case studies:

We continued our collaboration with Antonella Chirichiello (University ``La Sapienza'', Rome) on the use of process algebras as a convenient design formalism for Web services. This led to a new publication [24] on the use of Cadp for the verification of an ebusiness application specified in the standard orchestration language Bpel and translated to Lotos .

In the context of the Inria/Leti collaboration (see § 8.1 ), we pursued the study (undertaken in 2004) of an asynchronous circuit, designed by the Leti and Tima laboratories, which implements the Des ( Data Encryption Standard ). We applied our Chp2Lotos translator (see § 6.2.3 ) to a description of this circuit given in the Chp process algebra ( 1, 700 lines) and the translator produced a Lotos description of 3, 800 lines.
Because of the high degree of concurrency in this circuit (25 concurrent processes), direct generation of the state space was not appropriate (more than 17 million states and 139 million transitions). However, the compositional verification techniques of Cadp (see § 6.1.5 ) allowed to generate a smaller, yet equivalent state space ( 16, 910 states and 85, 840 transitions) in 8 minutes, on which we verified several properties (absence of deadlocks, correct number of iterations, correct synchronisation between iterations).

Also in the context of the Inria/Leti collaboration, we started working on another circuit developed by the Leti laboratory, namely the asynchronous communication interconnect of a NoC ( Network on Chip ) described in Chp [41] . Our first results are encouraging: using our Chp2Lotos translator, we were able to find several small mistakes in the Chp description.

We continued the work undertaken in collaboration with Grégory Batt, Hidde de Jong, and Delphine Ropers ( Helix team of Inria RhôneAlpes) for connecting the Gna ( Genetic Network Analyzer ) tool developed by Helix with Cadp in order to verify temporal properties of genetic regulatory networks.
Gna provides a simulator of qualitative models of genetic regulatory networks in the form of piecewiselinear differential equations. The output of the simulator is a Kripke structure, i.e., a statetransition graph in which the relevant information is associated to states. We defined a translation from Kripke structures to labeled transition systems (the graphs used by Cadp ) that preserves strong bisimulation and is succinct, i.e., the produced labeled transition system has the same number of states and transitions as the Kripke structure. This translation was implemented as a backend of the Gna simulator, which became in this way directly connected to Cadp .
We also defined a translation from propositional calculus to modal calculus (the temporal logics used to express properties on Kripke structures and labeled transition systems, respectively) that preserves the truth of formulas. In conjunction with the translation between Kripke structures and labeled transition systems, this enabled to use the model checkers Xtl and Evaluator 3.5 of Cadp for verifying various temporal properties of genetic regulatory networks. It is worth noticing that certain properties (e.g., the presence of oscillations of protein concentrations), expressible in the calculus fragment of alternation depth 2 but not in Ctl , could not be verified using the nuSMV model checker, but were handled successfully using Xtl . These activities led to two publications [22] , [18] .
A number of casestudies tackled by Vasy during the past years have been finalized and properly integrated in Cadp , which makes them available widely:

a randomized binary distributed consensus protocol,

a computer integrated manufacturing architecture,

a distributed summation algorithm,

a distributed Erathostene's sieve,

a trader process for open distributed processing,

a turntable system for drilling products, and

an asynchronous circuit implementing the Des encryption standard.
Other teams also used the Cadp toolbox for various case studies. To cite only recent work, we can mention:

the verification of a reliable large scale multipoint transmission protocol combining terrestrial transmission with transmission via satellites [45] ,

the analysis of an industrial manufacturing system [42] ,

the behavioural verification of service composition [38] ,

the modeling and verification of hierarchical components [39] , [40] ,

the generation of conformance tests for radiotherapy accelerators [60] , and

the use of Lotos for constraint solving [56] .
Other research teams took advantage of the software components provided by Cadp (e.g., the Bcg and Open/Cæsar environments) to build their own research software. We can mention the following developments:

the Chp2If tool, developed by Menouer Boubekeur ( Tima laboratory, Grenoble), which allows the verification of asynchronous hardware via a translation of Chp descriptions to networks of communicating automata.

the Ttool tool, developed by Ludovic Apvrille ( Enst , LabSoC laboratory, SophiaAntipolis), which allows the verification of reachability graphs of Uml diagrams using the Turtle Uml realtime profile.