Results

**1 - 8**of**8**### Partial Model Checking using Networks of Labelled Transition Systems and Boolean Equation Systems

- In Proceedings of the 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems TACAS
, 2012

"... Vol. 9(4:1)2013, pp. 1–32 ..."

### Convecs team, Inria Grenoble – Rhône-Alpes and Lig (Laboratoire d’Informatique de Grenoble),

, 2013

"... Abstract. Partial model checking was proposed by Andersen in 1995 to verify a temporal logic formula compositionally on a composition of processes. It consists in incrementally incorporating into the formula the behavioural information taken from one process — an operation called quotienting — to ob ..."

Abstract
- Add to MetaCart

Abstract. Partial model checking was proposed by Andersen in 1995 to verify a temporal logic formula compositionally on a composition of processes. It consists in incrementally incorporating into the formula the behavioural information taken from one process — an operation called quotienting — to obtain a new formula that can be verified on a smaller composition from which the incorporated process has been removed. Simplifications of the formula must be applied at each step, so as to maintain the formula at a tractable size. In this paper, we revisit partial model checking. First, we extend quotienting to the network of labelled transition systems model, which subsumes most parallel composition operators, including m-among-n synchronisation and parallel composition using synchronisation interfaces, available in the E-Lotos standard. Second, we reformulate quotienting in terms of a simple synchronous product between a graph representation of the formula (called formula graph) and a process, thus enabling quotienting to be implemented efficiently and easily, by reusing existing tools dedicated to graph compositions. Third, we propose simplifications of the formula as a combination of bisimulations and reductions using Boolean equation systems applied directly to the formula graph, thus enabling formula simplifications also to be implemented efficiently. Finally, we describe an implementation in the Cadp (Construction and Analysis of Distributed Processes) toolbox and present some experimental results in which partial model checking uses hundreds of times less memory than on-the-fly model checking. 1.

### Author manuscript, published in "Formal Methods for Industrial Critical Systems (2011)" Model Checking and Co-simulation of a Dynamic Task Dispatcher Circuit using CADP ⋆

, 2011

"... Abstract. The complexity of multiprocessor architectures for mobile multi-media applications renders their validation challenging. In addition, to provide the necessary flexibility, a part of the functionality is realized by software. Thus, a formal model has to take into account both hardware and s ..."

Abstract
- Add to MetaCart

(Show Context)
Abstract. The complexity of multiprocessor architectures for mobile multi-media applications renders their validation challenging. In addition, to provide the necessary flexibility, a part of the functionality is realized by software. Thus, a formal model has to take into account both hardware and software. In this paper we report on the use of LOTOS NT and CADP for the formal modeling and analysis of the DTD (Dynamic Task Dispatcher), a complex hardware block of an industrial hardware architecture developed by STMicroelectronics. Using LOTOS NT facilitated exploration of alternative design choices and increased the confidence in the DTD, by, on the one hand, automatic analysis of formal models easily understood by the architect of the DTD, and, on the other hand, co-simulation of the formal model with the implementation used for synthesis. 1

### Reusable Requirements in Automated Verification of Distributed Systems

"... The growing popularity of infrastructure-as-a-service cloud computing, software-defined networking, and related technologies have enabled the rapid creation of complex, largescale distributed systems. Many of these systems are used by applications with stricter requirements than those covered by SLA ..."

Abstract
- Add to MetaCart

(Show Context)
The growing popularity of infrastructure-as-a-service cloud computing, software-defined networking, and related technologies have enabled the rapid creation of complex, largescale distributed systems. Many of these systems are used by applications with stricter requirements than those covered by SLAs, such as those used by the financial, healthcare, and industrial sectors. Mathematical methods exist which can be used to formally verify many of these safety, liveness, and security properties, but are rarely used by system designers. In this paper, we identify brittle requirements as one of the problems which impede the use of formal methods in distributed system design, and propose a solution based on the decomposition of a formal model into a user-defined component and one or more domain abstractions. This decomposition enables reusable requirements, which can be shared across models without requiring redefinition or remapping of variable bindings. We provide a network-based example of domain abstraction, and define reusable requirements over this abstraction in several well-known logics. We concretely implement model decomposition with VML, a lightweight modeling language based on labeled transition systems. VML models can be used to rapidly prototype new distributed systems by utilizing domain abstractions with reusable requirements. To demonstrate, we create two examples using imperative and symbolic VML models. 1.

### Author manuscript, published in "Science of Computer Programming (2013)" DOI: 10.1016/j.scico.2013.01.003 Formal Analysis of a Hardware Dynamic Task Dispatcher

, 2013

"... The complexity of multiprocessor architectures for mobile multimedia applications renders their validation challenging. In addition, to provide the necessary flexibility, a part of the functionality is realized by software. Thus, a formal model has to take into account both hardware and software. In ..."

Abstract
- Add to MetaCart

(Show Context)
The complexity of multiprocessor architectures for mobile multimedia applications renders their validation challenging. In addition, to provide the necessary flexibility, a part of the functionality is realized by software. Thus, a formal model has to take into account both hardware and software. In this article we report on the use of the CADP toolbox for the formal modeling and analysis of the DTD (Dynamic Task Dispatcher), a complex hardware block of an industrial hardware architecture developed by STMicroelectronics. The formal LNT model developed by an industry engineer was appropriate to discuss implementation details with the architect and enabled model-checking temporal properties expressed in MCL, which discovered a possible problem. We investigated the existence of the problem in the architect’s C++ model using co-simulation of the C++ and the formal LNT models.