Wendelin Serwe

CADP 2006: a toolbox for the construction and analysis of distributed processes

CADP(Construction and Analysis of Distributed Processes) [2,3] is a toolbox for specification, rapid prototyping, verification, testing, and performance evaluation of asynchronous systems (concurrent processes with message-passing communication). The developments of CADP during the last five years led to a new release named CADP 2006 “Edinburgh” (as a tribute to the achievements in concurrency theory of the Laboratory for Foundations of Computer Science) that supersedes the previous version CADP 2001.

CADP 2011: a toolbox for the construction and analysis of distributed processes

CADP (Construction and Analysis of Distributed Processes) is a comprehensive software toolbox that implements the results of concurrency theory. Started in the mid-1980s, CADP has been continuously developed by adding new tools and enhancing existing ones. Today, CADP benefits from a worldwide user community, both in academia and industry. This paper presents the latest release, CADP 2011, which is the result of a considerable development effort spanning the last five years. The paper first describes the theoretical principles and the modular architecture of CADP, which has inspired several other recent model checkers. The paper then reviews the main features of CADP 2011, including compilers for various formal specification languages, equivalence checkers, model checkers, compositional verification tools, performance evaluation tools, and parallel verification tools running on clusters and grids. Finally, the paper surveys some significant case studies.

CADP 2010: a toolbox for the construction and analysis of distributed processes

Cadp (Construction and Analysis of Distributed Processes) is a comprehensive software toolbox that implements the results of concurrency theory. Started in the mid 80s, CADP has been continuously developed by adding new tools and enhancing existing ones. Today, CADP benefits from a worldwide user community, both in academia and industry. This paper presents the latest release CADP 2010, which is the result of a considerable development effort spanning the last four years. The paper first describes the theoretical principles and the modular architecture of CADP, which has inspired several other recent model checkers. The paper then reviews the main features of CADP 2010, including compilers for various formal specification languages, equivalence checkers, model checkers, performance evaluation tools, and parallel verification tools running on clusters and grids.

Towards Performance Prediction of Compositional Models in Industrial GALS Designs

Systems and Networks on Chips (NoCs) are a prime design focus of many hardware manufacturers. In addition to functional verification, which is a difficult necessity, the chip designers are facing extremely demanding performance prediction challenges, such as the need to estimate the latency of memory accesses over the NoC. This paper attacks this problem in the setting of designing globally asynchronous, locally synchronous systems (GALS). We describe foundations and applications of a combination of compositional modeling, model checking, and Markov process theory, to arrive at a viable approach to compute performance quantities directly on industrial, functionally verified GALS models.

Verification of an industrial systemC/TLM model using LOTOS and CADP

SystemC/TLM is a widely used standard for system level descriptions of complex architectures. It is particularly useful for fast simulation, thus allowing early development and testing of the targeted software. In general, formal verification of SystemC/TLM relies on the translation of the complete model into a language accepted by a verification tool. In this paper, we present an approach to the validation of a SystemC/TLM description by translation into LOTOS, reusing as much as possible of the original SystemC/TLM C++ code. To this end, we exploit a feature offered by the formal verification toolbox CADP, namely the import of external C code in a LOTOS model. We report on experiments of our approach on the BDisp, a complex graphical processing unit designed by STMicroelectronics.

Ten years of performance evaluation for concurrent systems using CADP

This article comprehensively surveys the work accomplished during the past decade on an approach to analyze concurrent systems qualitatively and quantitatively, by combining functional verification and performance evaluation. This approach lays its foundations on semantic models, such as IMC (Interactive Markov Chain) and IPC (Interactive Probabilistic Chain), at the crossroads of concurrency theory and mathematical statistics. To support the approach, a number of software tools have been devised and integrated within the CADP (Construction and Analysis of Distributed Processes) toolbox. These tools provide various functionalities, ranging from state space generation (CAESAR and EXP.OPEN), state space minimization (BCG_MIN and DETERMINATOR), numerical analysis (BCG_STEADY and BCG_TRANSIENT), to simulation (CUNCTATOR). Several applications of increasing complexity have been successfully handled using these tools, namely the Hubble telescope lifetime prediction, performance comparison of mutual exclusion protocols, the SCSI-2 bus arbitration protocol, the Send/Receive and Barrier primitives of MPI (Message Passing Interface) implemented on a cache-coherent multiprocessor architecture, and the xSTREAM multiprocessor data-flow architecture for embedded multimedia streaming applications.

Formal Verification of CHP Specifications with CADP Illustration on an Asynchronous Network-on-Chip

Few formal verification techniques are currently available for asynchronous designs. In this paper, we describe a new approach for the formal verification of asynchronous architectures described in the high-level language CHP, by using model checking techniques provided by the CADP toolbox. Our proposal is based on an automatic translation from CHP into LOTOS, the process algebra used in CADP. A translator has been implemented, which handles full CHP including the specific probe operator. The CADP toolbox capabilities allow the designer to verify properties such as deadlock-freedom or protocol correctness on substantial systems. Our approach has been successfully applied to formally verify two complex designs. In this paper, we illustrate our technique on an asynchronous network-on-chip architecture. Its formal verification highlights the need to carefully design systems exhibiting non-deterministic behavior.

State space reduction for process algebra specifications

Data-flow analysis to identify dead variables and reset them to an undefined value is an effective technique for fighting state explosion in the enumerative verification of concurrent systems. Although this technique is well-adapted to imperative languages, it is not directly applicable to value-passing process algebras, in which variables cannot be reset explicitly due to the single-assignment constraints of the functional programming style. This paper addresses this problem by performing data-flow analysis on an intermediate model (Petri nets extended with state variables) into which process algebra specifications can be translated automatically. It also addresses important issues such as avoiding the introduction of useless reset operations and handling shared read-only variables that child processes inherit from their parents.

Abstracting Call-Stacks for Interprocedural Verification of Imperative Programs

We propose a new approach to interprocedural analysis and verification, consisting of deriving an interprocedural analysis method by abstract interpretation of the standard operational semantics of programs. The advantages of this approach are twofold. From a methodological point of view, it provides a direct connection between the concrete semantics of the program and the effective analysis, which facilitates implementation and correctness proofs. This method also integrates two main, distinct methods for interprocedural analysis, namely the call-string and the functional approaches introduced by Sharir and Pnueli. This enables strictly more precise analyses and additional flexibility in the tradeoff between efficiency and precision of the analysis.

Translating hardware process algebras into standard process algebras: illustration with CHP and LOTOS

A natural approach for the description of asynchronous hardware designs are hardware process algebras, such as Martins Chp(Communicating Hardware Processes), Tangram, or Balsa, which are extensions of standard process algebras with particular operators exploiting the implementation of synchronisation using handshake protocols. n nIn this paper, we give a structural operational semantics for value-passing Chp. Compared to existing semantics of Chp defined by translation into Petri nets, our semantics handles value-passing Chp with communication channels open to the environment and is independent of any particular (2- or 4-phase) handshake protocol used for circuit implementation. n nIn a second step, we describe the translation of Chp into the standard process algebra Lotos, in order to allow the application of the Cadp verification toolbox to asynchronous hardware designs. A prototype translator from Chp to Lotos has been successfully used for the compositional veri.cation of the control part of an asynchronous circuit implementing the DES (Data Encryption Standard).