Section: New Results

Component-Based Architectures for On-the-Fly Verification

Compositional Verification

Participants : Hubert Garavel, Frédéric Lang.

The CADP toolbox contains various tools dedicated to compositional verification, among which EXP.OPEN, BCG_MIN, BCG_CMP, and SVL play a central role. EXP.OPEN explores on the fly the graph corresponding to a network of communicating automata (represented as a set of BCG files). BCG_MIN and BCG_CMP respectively minimize and compare behavior graphs modulo strong or branching bisimulation and their stochastic extensions. SVL (Script Verification Language) is both a high-level language for expressing complex verification scenarios and a compiler dedicated to this language.

In 2017, two bugs have been solved in SVL and one bug has been solved in EXP.OPEN. Several improvements have been brought to both tools. In particular:

• EXP.OPEN now has two new options “-prob ” and “-rate ” for handling probabilistic and stochastic transitions, respectively; without these options, probabilistic and stochastic transitions are considered as ordinary transitions (this enables EXP.OPEN to be used for implementing alternative semantics, such as Interactive Probabilistic Chains  [27] where probabilistic transitions are synchronized using a global clock). Consequently, the former “-ratebranching ” option has been replaced by “-rate -branching ”.

  Also, error messages about synchronization vectors have been made more precise and EXP.OPEN performs tighter checks about labels containing only blanks and unexpected synchronization of probabilistic or stochastic transitions. Two bugs have been fixed in EXP.OPEN and style files have been added to bring support for the EXP format by mainstream text editors.

• A new option “-v ” has been added to set SVL variables from the command line (similar to “awk” or “make”). Debugging SVL scripts has been made easier: the “-debug ” option of SVL now stops the execution as soon as a shell command (e.g., a CADP tool or a Unix command) terminates with a non-zero exit status, so that problems are detected as soon as they occur.

  Also, SVL now performs tighter semantic checks, making sure that all partial-order reduction options passed to EXP.OPEN (namely, options explicitly set by the user and options automatically computed by SVL from the context of the EXP composition expression) are not contradictory.

On-the-Fly Test Generation

Participants : Hubert Garavel, Lina Marsso, Radu Mateescu, Wendelin Serwe.

The CADP toolbox provides support for conformance test case generation by means of the TGV tool. Given a formal specification of a system and a test purpose described as an input-output LTS (IOLTS), TGV automatically generates test cases, which assess using black box testing techniques the conformance of a system under test w.r.t. the formal specification. A test purpose describes the goal states to be reached by the test and enables one to indicate parts of the specification that should be ignored during the testing process. TGV does not generate test cases completely on the fly (i.e., online), because it first generates the complete test graph (CTG) and then traverses it backwards to produce controllable test cases.

In 2017, we carried out the following activities:

• We developed the prototype tool TESTOR to extract test cases completely on the fly. Compared to TGV, the new tool TESTOR presents several advantages: (i) it has a more modular architecture, based on generic graph transformation components taken from the OPEN/CAESAR libraries ($\tau$-compression, $\tau$-confluence, $\tau$-closure, determinization, resolution of Boolean equation systems); (ii) it is capable of extracting a test case completely on the fly, by exploiting the diagnostic generation features of the Boolean equation system resolution algorithms; (iii) it enables a more flexible expression of test purposes, taking advantage of the multiway rendezvous, a primitive to express communication and synchronization among a set of distributed processes [15]. We evaluated TESTOR on three published case studies and more than $10000$ examples taken from the non-regression test suites of CADP. A paper describing this work was accepted for publication in an international conference.

• We also revised TGV, which is now by default much less verbose and only displays the most important information, but the former behaviour can still be retained using option “-verbose ”. A new option “-monitor ” allows to follow in real time how the test case generation progresses. Many warning and error messages have been enhanced, various bugs (especially buffer overflows) have been fixed, and memory allocation results are now strictly controlled.

Other Component Developments

Participants : Lian Apostol, Soren Enevoldsen, Hubert Garavel, Frédéric Lang, Radu Mateescu, Wendelin Serwe.

The CAESAR_STANDARD library was enriched with the new CAESAR_TYPE_FORMAT type and its associated primitives, and with two new functions CAESAR_SET_SIGNALS() and CAESAR_RESET_SIGNALS() for handling POSIX signals (including SIGSEGV, i.e., segmentation violation). The CAESAR_GRAPH interface, which remained stable for two decades, has been modified: its two functions CAESAR_FORMAT_STATE() and CAESAR_FORMAT_LABEL() became more powerful, while its two functions CAESAR_MAX_FORMAT_STATE() and CAESAR_MAX_FORMAT_LABEL() have been removed from the interface. The same changes apply as well to all the other similar functions of the OPEN/CAESAR libraries. All the OPEN/CAESAR compilers, application tools, and demo examples have been modified to reflect these changes.

Sustained effort has been made to ensure that CADP works properly on mainstream computing platforms. In particular, the RFL and TST scripts and the documentation have been continuously updated. Changes were brought to CADP to cope with recent C compilers (such as GCC 6 and Clang) and to work around problems with the “indent” command available on Solaris and macOS/Xcode. On Linux, CADP was ported to the latest versions of Centos, Debian 9, and Ubuntu 17.04. The support for the various desktop environments (Gnome, KDE, Mate, etc.) available in Linux distributions has improved. On macOS, support of obsolete versions (from Mac OS X 10.6 “Snow Leopard” to OS X 10.9 “Mavericks” included) was withdrawn and support of macOS 10.13 “High Sierra” was added. Preliminary steps have been made to prepare a 64-bit version of CADP on macOS. On Windows, support of obsolete versions (Windows XP and Vista) was dropped. CADP was also adapted to follow the changes in the Cygwin software regarding pipe management. Many changes were made to CADP so as to support the case where Cygwin is not installed in “C:/ ” but in a different folder. Finally, preliminary steps have been made towards a 64-bit version of CADP for Windows.

In collaboration with Soren Enevoldsen (Aalborg University, Denmark), we studied the applicability of CADP tools for analyzing concurrent systems described using weighted CCS (WCCS) [43], an extension of CCS with an action prefix operator carrying a weight represented as a natural number. We developed a prototype OPEN/CAESAR-compliant compiler for WCCS, which enables to produce, in conjunction with the GENERATOR tool of CADP, the corresponding LTS model in which transitions are labeled with actions and weights. For specifying temporal properties of WCCS systems, we developed a prototype MCL library defining the operators of weighted CTL (WCTL) [43] using MCL fixed point operators parameterized by natural numbers. This library, used in conjunction with the EVALUATOR tool, provides an on-the-fly model checker for WCTL equipped with diagnostic capabilities (counterexamples and witnesses).