Section: Overall Objectives
Verifying the safety of infinite state systems is a challenge: nowadays algorithmic techniques only apply to very specific infinite state systems. On the other hand the deductive approaches are good candidates to capture infinite system safety verification but are difficult to bring into operation and require a deep expertise. A solution consists of integrating several verification methods by combining, for example, theorem-proving and model-checking.
The behavior of infinite states systems is expressed in the various models by composing or iterating actions. One of the main problems with algorithmic techniques is to compute the effect of these actions on the initial state. This computation is called reachability analysis . The verification of safety properties as well as the automatic generation of test cases relies heavily on the accuracy of reachability analysis.
The transverse goal is to push away the limitations on the use of formal verification techniques, to ease their applications, and to let them scale-up.
For properties that can be checked by reachability analysis we have proposed models based on regular languages and rational transductions. We have completed them by designing algorithms for verifying a refinement relation between two models and  . This refinement relation when satisfied preserves the safety properties and therefore allows them to be inherited. We shall investigate this approach with other representations.
In order to generate boundary-value functional test cases, we abstract models as constrained states. These constraints are solved by a customized solver, called CLPS. The test cases are derived in two steps  :
partitioning of the formal model and extraction of boundary values,
reachability graph exploration from constrained states in order to reach boundary values and generate state sequences (traces) as test cases with the oracle.
After the generation phase, a concretization is used to produce the test drivers  . Furthermore, the kernel of the engine allows one to perform specification animations in order to validate the model  .
For the safety of infinite state systems we have designed automated deduction tools based on term rewriting (SPIKE , daTac , haRVey ) and an extensible and modular platform for detecting flaws and potential attacks on security protocols (AVISPA ). The tools have been built on the modeling of systems by terms and rewrite rules. Our work with other models based on regular languages of words or trees and of transducers should complement these term rewriting models.
In order to address this challenge, we rely on complementary skills within the project. We believe that each of the three techniques will benefit from concepts and algorithms designed for the two others.