CO2 model checker

We address the problem of modelling and verifying contract-oriented systems, wherein distributed agents may advertise and stipulate contracts, but - differently to most other approaches to distributed agents - are not assumed to always behave "honestly".

We describe an executable specification in Maude of the semantics of CO2, a calculus for contract-oriented systems. The honesty property characterises those agents which always respect their contracts, in all possible execution contexts. Since there is an infinite number of such contexts, honesty cannot be directly verified by model-checking the state space of an agent (indeed, honesty is an undecidable property in general).

The main contribution is a sound verification technique for honesty. To do that, we safely over-approximate the honesty property by abstracting from the actual contexts a process may be engaged with. Then, we develop a model-checking technique for this abstraction, we describe an implementation in Maude, and we discuss some experiments with it.

Publications and downloads

Some of the publications below are accompanied by a CO2 implementation in Maude. In order to use the latter, simply extract the .tar.gz file: the resulting directory contains a README with instructions for running the examples and tests.


This research has been partially supported by the following projects:

  • Autonomous Region of Sardinia grant L.R.7/2007 CRP-17285 TRICS
  • Autonomous Region of Sardinia P.I.A. 2010 Social Glue
  • MIUR PRIN 2010-11 project Security Horizons
  • EU COST Action IC1201 "Behavioural Types for Reliable Large-Scale Software Systems"(BETTY).