Section: New Results

Languages and Compilation Techniques

Compilation of LOTOS

Participants : Hubert Garavel, Wendelin Serwe.

The Cadp toolbox contains several tools dedicated to the Lotos language, namely the Cæsar.adt compiler [3] for the data type part of Lotos , the Cæsar compiler [11] for the process part of Lotos , and the Cæsar.indent pretty-printer.

In 2011, in addition to fixing four bugs in the Cæsar and Cæsar.adt compilers, we improved the Lotos -dedicated tools of Cadp as follows:

• We revised the predefined type libraries and C code generated by Cæsar and Cæsar.adt to suppress warnings emitted by recent versions of Gcc .

• We enhanced the format in which values of singleton and tuple types are displayed to end users.

• We modified the predefined libraries for natural (unsigned) and integer (signed) types so that users can now indicate the precise number of bits (between 1 and 64) to be used for the machine representation of these types, and can also determine the precise range (lower and upper bound) to be used for values of these types.

• We further modified these two libraries to enable (optional) overflow and underflow checking during arithmetic operations on the natural and integer types.

Compilation of LOTOS NT

Participants : Hubert Garavel, Frédéric Lang, Christine McKinty, Vincent Powazny, Wendelin Serwe.

Regarding the Lotos NT language — a variant of E-Lotos created by the Vasy project team — we worked along two directions:

• We continued enhancing the Traian compiler (see §  5.2 ), which generates C code from Lotos NT data type and function definitions. Traian is distributed on the Internet and used intensively within the Vasy project team as a development tool for compiler construction [8] .

  In 2011, Traian was essentially in maintenance mode. We updated its documentation and added to its predefined library a conversion function that was missing.

• The Lnt2Lotos , Lnt.Open , and Lpp tools convert Lotos NT code to Lotos , thus allowing the use of Cadp to verify Lotos NT descriptions. These tools are officially part of Cadp since 2010 and have been used successfully for many different systems (see §  6.3.1 , §  6.3.2 , §  6.3.5 , §  6.3.5 , and §  6.3.3 ).

  In 2011, we continued enhancing these tools, of which we delivered four new releases. In addition to 13 bug fixes, the following enhancements have been brought:

  • The Lotos NT language was extended with range types (which are interval subtypes of character, integer, or natural types) and predicate types (which are subtypes of existing types, a boolean predicate being used to determine the domain of each subtype).

  • The Lotos NT language was enriched with the concept of “module pragmas”, which specify implementation constraints for predefined types such as naturals, integers, and strings. Also, the predefined operations “first” and “last” have been added for enumerated types.

  • The Lnt2Lotos translator was made semantically stricter by adding checks for overflow and underflow when doing natural and integer arithmetics, checking that range type bounds and array type bounds belong to the domain of admissible values for their parent types, and adding additional checks for type pragmas.

  • The Lotos code generated by the Lnt2Lotos translator was optimized by handling equation premises (in the data part) and boolean guards (in the behavior part) that are always false or always true. Other optimizations have been added for process definitions whose bodies are empty or only contain a call to another process, for “case” statements that are followed by no instruction or only a “null” instruction, and for “while” loops with an empty body.

  • The speed of processing Lotos NT specifications containing several modules has been made between two and three times faster.

  • The error and warning messages issued by the Lotos NT tools have been enhanced.

  • The reference manual has been corrected, reorganized and comprehensively edited. Two new appendices have been added, one that lists all the predefined functions, and another one (20 pages) giving the formal semantics of Lotos NT .

Source-Level Translations between Concurrent Languages

Participants : Hubert Garavel, Rémi Hérilier, Frédéric Lang, Radu Mateescu, Gwen Salaün, Wendelin Serwe, Damien Thivolle.

Although process algebras are, from a technical point of view, the best formalism to describe concurrent systems, they are not used as widely as they could be [2] . Besides the steep learning curve of process algebras, which is traditionally mentioned as the main reason for this situation, it seems also that the process algebra community scattered its efforts by developing too many languages, similar in concept but incompatible in practice. Even the advent of two international standards, such as Lotos (in 1989) and E-Lotos (in 2001), did not remedy this fragmentation. To address this problem, we started investigating source-level translators from various process algebras into Lotos or Lotos NT , so as to widen the applicability of the Cadp tools.

In 2011, in addition to the Lnt.Open tool suite (see §  6.2.2 ), we worked on the following translators:

• We continued our work on the Flac tool, which translates a Fiacre program into a Lotos program automatically, for verification using Cadp . In 2011, 2 bugs reported by users of Flac were corrected. Those corrections led to revisions 74 and 75 of the Flac code, which is available on the development forge dedicated to Fiacre compilers (http://gforge.enseeiht.fr/projects/fiacre-compil ). We collected new examples of Fiacre code to enhance our test suite, which now comprises 79 examples.

• Bpel (Business Process Execution Language)  [61] is a language inspired by the $\pi$-calculus  [67] and standardized by the Oasis consortium (led by Ibm and Microsoft) to describe the orchestrations of Web services. Bpel depends on other W3c standard Xml -related languages: Xml Schema for data types, XPath for data expressions, and Wsdl for declaring the interfaces (communication links and link functions) of a Web service.

  Following interest expressed by research teams at Mit and the Polytechnic University of Bucharest, we designed translation rules from Bpel to Lotos NT in order to formally verify Bpel services with Cadp . We began to develop an automated translator.

  In 2011, following a remark by Charles Pecheur (Université Catholique de Louvain, Belgium) who spotted an error in the translation of Bpel processes into Lotos NT , we corrected the translation of exception handling so that it no longer interferes with the atomicity mechanism. The complete translation algorithm is given in Damien Thivolle's PhD thesis [23] . We pursued the implementation of our Bpel to Lotos NT translator and finalized the translation of Xml Schema types and Wsdl definitions.

• We considered the $\pi$-calculus  [67] , a process algebra based on mobile communication. We proposed a general method for translating the finite control fragment of the $\pi$-calculus (obtained by forbidding recursive invocations of an agent through parallel composition operators) into Lotos NT . The mobile communication is encoded using the data types of Lotos NT , each channel name being represented as a value of an enumerated data type. The binary synchronization of $\pi$-calculus is enforced by associating a Lotos NT gate to each parallel composition operator present in the $\pi$-calculus specification and by tagging each synchronization with the unique identifiers of the sender and receiver agents. The translation preserves the operational semantics by mapping each transition of a $\pi$-calculus agent to a single transition of the resulting Lotos NT term.

  In 2011, we have extended the $\pi$-calculus with data-handling features, with the goal of widening its possible application domains. This was done by extending the language grammar and the translation to support typed variables and data expressions. As language for describing data, we chose Lotos NT : indeed, the data types and functions used in the $\pi$-calculus specification can be described in Lotos NT and directly incorporated to the Lotos NT code produced by translation. This results in an applied $\pi$-calculus, such as the variant of the calculus proposed in  [45] for the verification of security properties.

  The Pic2Lnt translator was extended accordingly. It now consists of $2,100$ lines of Syntax code, $3,100$ lines of Lotos NT code, and 500 lines of C code. The tool was tested on 234 examples of $\pi$-calculus specifications, including most of the examples provided in the Mobility Workbench distribution.