Section: New Results

New Formal Languages and their Implementations

LNT is a next generation formal description language for asynchronous concurrent systems, which attempts to combine the best features of imperative programming languages and value-passing process algebras. LNT is increasingly used by CONVECS for industrial case studies and applications (see §  6.5 ) and serves also in university courses on concurrency, in particular at ENSIMAG (Grenoble) and at Saarland University.

Translation from LNT to LOTOS

Participants : Hubert Garavel, Frédéric Lang, Wendelin Serwe.

The LNT2LOTOS, LNT.OPEN, and LPP tools convert LNT code to LOTOS, thus allowing the use of CADP to verify LNT descriptions. These tools have been used successfully for many different systems (see §  6.5 and §  9.1 ).

In 2013, in addition to 15 bug fixes, the following enhancements have been brought to these tools:

• The list of predefined functions that can be generated automatically for list and set types has been enriched, so as to include all operations commonly found in programming languages.

• A new “sorted set” type was added to LNT, where the automatically generated insertion function preserves the invariant that all elements in the set are sorted in ascending order and have a single occurrence.

• The use of range and predicate types has been facilitated, by translating explicit type annotations by type conversions if necessary.

• An implicit type conversion is applied by assignments to a variable; this helps the type-checker to solve overloaded definitions.

• The generated LOTOS and C code has been modified to avoid spurious warning messages from the LOTOS and C compilers.

• The demo examples demo_19, demo_30, and demo_35 have been enhanced with an LNT version.

Translation from LOTOS to Petri nets and C

Participants : Hubert Garavel, Wendelin Serwe.

The LOTOS compilers CAESAR and CAESAR.ADT, which were once the flagship of CADP, now play a more discrete role since LNT (rather than LOTOS) has become the recommended specification language of CADP. Thus, CAESAR and CAESAR.ADT are mostly used as back-end translators for LOTOS programs automatically generated from LNT or other formalisms such as Fiacre, and are only modified when this appears to be strictly necessary.

In 2013, in addition to fixing four bugs, the type checking algorithm of CAESAR and CAESAR.ADT was entirely revised to display less and better messages in case of typing errors, avoiding cascading error messages, e.g., when an undefined variable or constant is used, or when an overloaded function is improperly used in a context where a unique type is expected.

Also, the CAESAR compiler found a new usefulness as a means to easily produce large-size, realistic Petri nets that can be used as benchmarks by the Petri net community. To make this possible, a new option was added to CAESAR to export the BPN (Basic Petri Net) file generated from a LOTOS specification. The definition of the BPN format was made more precise by adding semantic constraints. The CAESAR.BDD tool of CADP was enhanced with two new options, one that checks whether a BPN file satisfies all semantic constraints, and another one that converts a BPN file into PNML (Petri Net Markup Language) format.

This work has been done in coordination with Fabrice Kordon and Lom-Messan Hillah (UPMC/LIP6, Paris, France) for the MCC (Model Checking Contest) workshop (http://mcc.lip6.fr ). H. Garavel was in charge of redesigning the model forms used for this contest. One Petri net generated using CAESAR was selected as a benchmark for MCC'2013 and five Petri nets generated using CAESAR have been submitted to MCC'2014.

Translation from an Applied Pi-Calculus to LNT

Participants : Radu Mateescu, Gwen Salaün.

The $\pi$-calculus is a process algebra defined by Milner, Parrow, and Walker two decades ago for describing concurrent mobile processes. Despite a substantial body of theoretical work in this area, only a few verification tools have been designed for analysing $\pi$-calculus specifications automatically. Our objective is to provide analysis features for the $\pi$-calculus by reusing the verification technology available for process algebras without mobility. For this purpose, we extended the original polyadic $\pi$-calculus with the data types and functions of LNT. This yields a general-purpose applied $\pi$-calculus, which is suitable for specifying mobile value-passing concurrent systems belonging to various application domains. Our approach is based on a novel translation from the finite control fragment of $\pi$-calculus to LNT, making possible the analysis of applied $\pi$-calculus specifications using all verification tools of CADP. This translation is fully automated by the PIC2LNT translator (see §  5.3 ).

In 2013, we continued our work on the applied $\pi$-calculus and its translation to LNT. This resulted in a new version PIC2LNT 3.0 of the tool, which fixes several bugs and brings the following improvements:

• A bounded replication operator was added to the language, which expresses the parallel execution of a fixed number of $\pi$-calculus agents. This operator is translated into LNT by instantiating the appropriate number of corresponding processes.

• A type Chan representing channel names was implemented, which can be freely combined with ordinary data types. This increases the versatility of the language by allowing, e.g., the definition of agents parametrized by sets of channel names.

• Several options were added to the tool for enhancing its ergonomy and tuning the state space generation (specify the set of private channels that can be created, generate the state space of a particular agent).

A paper describing this work has been published in an international conference [16] .

Translation from EB3 to LNT

Participants : Frédéric Lang, Radu Mateescu.

In collaboration with Dimitris Vekris (University Paris-Est Créteil), we considered a translation from the EB3 language  [39] for information systems to LNT. EB3 has a process algebraic flavor, but has the particularity to contain so-called attribute functions, whose semantics depend on the history of events. We have proposed a formal translation scheme, which ensures the strong equivalence between the LTSs corresponding to an EB3 specification and to the LNT code generated. A prototype translator has been developed at University Paris-Est Créteil, which enables EB3 specifications to be formally verified using CADP.

In 2013, a paper has been published in an international conference [19] .

Coverage Analysis for LNT

Participants : Gwen Salaün, Lina Ye.

In the classic verification setting, the designer has a specification of a system in a value-passing process algebra, a set of temporal properties to be verified on the corresponding LTS model, and a data set of examples (test cases) for validation purposes. At this stage, building the set of validation examples and debugging the specification is a complicated task, in particular for non-experts.

In 2013, we proposed a new framework for debugging value-passing process algebraic specifications by means of coverage analysis and we illustrated our approach with LNT. We define several coverage notions before showing how to instrument the specification without affecting its original behavior. Our approach helps the specifier to find dead code, ill-formed conditional structures, and other errors in the specification, but also to improve the quality of a data set of examples used for validation purposes. We have implemented a prototype tool, named CAL, for automating the verification of coverage analysis, and we applied it to several real-world case studies in different application areas. A paper has been submitted to an international conference.

Other Compiler Developments

Participants : Soraya Arias, Hubert Garavel, Frédéric Lang, Wendelin Serwe.

• In co-operation with Jérôme Hugues (ISAE, Toulouse), we investigated the translation of AADL (Architecture Analysis and Design Language) into LNT. An AADL example was manually tackled, leading to the conclusion that LNT could be a suitable target language for translating a large fragment of AADL.

  In co-operation with Holger Hermanns (Saarland University, Germany) and Joost-Pieter Katoen (RWTH Aachen, Germany), we prepared a contribution for the AADL standardization committee to detail semantics issues of the GSPN (Generalized Stochastic Petri Nets) model.

• We continued our work on the FLAC tool, which translates the Fiacre intermediate language into LOTOS to enable verification using CADP. In 2013, we eliminated spurious compilation warnings, we removed the definitions of integer operations div and mod, which have been added to a standard LOTOS library, and we improved the encoding of integer numbers. These changes have led to revisions 76 to 79 of the FLAC code, which is available on the development forge dedicated to Fiacre compilers (http://gforge.enseeiht.fr/projects/fiacre-compil ).

• In co-operation with Holger Hermanns, we started studying the PseuCo language that is being defined and implemented at Saarland University. Developed from an educational perspective as a means to teach concurrency theory to bachelor students, PseuCo combines features from Java and Go, the language promoted by Google for concurrent programming. PseuCo supports both message-passing and shared-memory concurrency in a way that is easy to use and that can readily be transferred to Java, Go, or other mainstream languages. PseuCo has been awarded with the 2013 German national “Preis des Fakultätentages Informatik” for its innovative role in undergraduate education.

  In 2013, we undertook the manual translation of various PseuCo sample programs into LNT and started enhancing LNT with features that would enable automated PseuCo-to-LNT translation. We also reviewed a PseuCo-to-CCS translator recently developed at Saarland University and wrote an evaluation report for this software.