Section: New Results
ComponentBased Architectures for OntheFly Verification
Compositional Model Checking
Participants : Frédéric Lang, Radu Mateescu.
We have continued our work on partial model checking following the approach proposed in [26] . Given a temporal logic formula $\varphi $ to be evaluated on a set $S$ of concurrent processes, partial model checking consists in transforming $\varphi $ into another equivalent formula ${\varphi}^{\text{'}}$ to be evaluated on a subset of $S$. Formula ${\varphi}^{\text{'}}$ is constructed incrementally by choosing one process $P$ in $S$ and incorporating into $\varphi $ the behavioral information corresponding to $P$ — an operation called quotienting. Simplifications must be applied at each step, so as to maintain formulas at a tractable size.
In 2013, we extended the approach to handle fairness operators of alternation depth two, and we conducted new experiments. This resulted in a new version of the PMC prototype tool (see § 5.4 ) supporting all features of the input language of EXP.OPEN 2.1. An article has been published in an international journal [5] .
OntheFly Test Generation
Participants : Radu Mateescu, Wendelin Serwe.
In the context of the collaboration with STMicroelectronics (see § 6.5.1 and § 7.1 ), we studied techniques for testing if an implementation is conform to a formal model written in LNT. Our approach is inspired by the theory of conformance testing [68] , as implemented for instance in TGV [53] and JTorX [30] .
We developed two prototype tools. The first tool implements a dedicated OPEN/CAESARcompliant compiler for the particular asymmetric synchronous product of the model and the test purpose, and uses slightly extended generic components for graph manipulation ($\tau $compression, $\tau $confluence reduction, determinization) and resolution of Boolean equation systems. The second tool generates the complete test graph, which can be used to extract concrete test cases or to drive the test of the implementation. The principal advantage of our approach compared to existing tools is the use of LNT for test purposes, facilitating the manipulation of data values.
In 2013, we continued the development of these tools, with a focus on reducing execution time. We also implemented a prototype tool to extract from a complete test graph one or all test cases of minimal depth. We experimented with these tools on two casestudies, namely the ACE coherence protocol (see § 6.5.1 ) and the EnergyBus (see § 6.5.5 ).
Equivalence Checking
Participant : Frédéric Lang.
Equivalence relations can be used for verification in two complementary ways: for the minimization of an LTS and the comparison of two LTSs.
In 2013, we worked along the following lines:

We added observational equivalence (following a request from LAASCNRS) as well as divergencesensitive branching bisimulation (together with its stochastic and probabilistic variants) in BCG_MIN.

We improved the speed of BCG_MIN in the case of branching reduction applied to a graph with a high branching factor and many internal transitions, by correcting a function that has a quadratic complexity instead of a linear one.

We added the new tool BCG_CMP, which takes as input two BCG graphs and checks whether they are equivalent modulo a relation chosen among strong and branching bisimulation (and their stochastic and probabilistic variants), divergencesensitive branching bisimulation, or observational equivalence. BCG_CMP checks equivalence using the partitionrefinement algorithm of BCG_MIN. We compared BCG_CMP and BISIMULATOR on the VLTS benchmark suite (http://cadp.inria.fr/resources/vlts ), showing that BCG_CMP is generally slightly less efficient than BISIMULATOR for comparisons yielding a FALSE result, but much more efficient than BISIMULATOR for comparisons yielding a TRUE result.

The new tool BCG_CMP as well as the new equivalence relations added to BCG_MIN have been added to the EUCALYPTUS graphical user interface and to the SVL scripting language.
Other Software Developments
The OPEN/CAESAR environment was enhanced with a new generic library (named CAESAR_CACHE_1) for manipulating hierarchical caches, with 15 builtin replacement strategies and the possibility to define new ones.
We also maintained the CADP toolbox, taking into account the feedback received from numerous users in the world. In addition to fixing 41 bugs, we evolved CADP to support the latest versions of Windows, Cygwin, Mac OS X, and their corresponding C compilers. The documentation for installing CADP has been updated and shortened. Finally, support for Sparc, Itanium, and PowerPC processors was dropped at the end of 2013 based on the observation that these architectures are almost no longer used among the CADP user community.