@phdthesis{sznajder-phd2009,
author = {Sznajder, Nathalie},
title = {Synth{\e}se de syst{\e}mes distribu{\'e}s ouverts},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2009,
month = nov,
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/NS-these09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/NS-these09.pdf}
}

@article{BKKL-tse09,
publisher = {{IEEE} Computer Society Press},
journal = {IEEE Transactions on Software Engineering},
author = {Bollig, Benedikt and Katoen, Joost-Pieter and Kern, Carsten
and Leucker, Martin},
title = {Learning Communicating Automata from~{MSCs}},
volume = {36},
number = {3},
pages = {390-408},
month = may # {-} # jun,
year = 2010,
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-tse09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-tse09.pdf},
doi = {10.1109/TSE.2009.89},
abstract = {This paper is concerned with bridging the gap between
requirements and distributed systems. Requirements are defined as basic
message sequence charts (MSCs) specifying positive and negative scenarios.
Communicating finite-state machines (CFMs), \textit{i.e.}, finite automata
that communicate via FIFO buffers, act as system realizations. The key
contribution is a generalization of Angluin's learning algorithm for
synthesizing CFMs from MSCs. This approach is exact---the resulting CFM
precisely accepts the set of positive scenarions and rejects all negative
ones---and yields fully asynchronous implementations. The paper
investigates for which classes of MSC languages CFMs can be learned,
presents an optimization technique for learning partial orders, and
provides substantial empirical evidence indicating the practical
feasibility of the approach.}
}

@article{BKKL-cai09,
publisher = {Slovak Academy of Sciences},
journal = {Computing and Informatics},
author = {Bollig, Benedikt and Katoen, Joost-Pieter and Kern, Carsten
and Leucker, Martin},
title = {{SMA}---The Smyle Modeling Approach},
volume = {29},
number = {1},
pages = {45-72},
year = 2010,
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-cai09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-cai09.pdf},
abstract = {This paper introduces the model-based software development
lifecycle model \emph{SMA}---the Smyle \emph{Modeling Approach}---which is
centered around \emph{Smyle}. \emph{Smyle} is a dedicated learning
procedure to support engineers to interactively obtain design models from
requirements, characterized as either being desired (positive) or unwanted
(negative) system behavior. Within \emph{SMA}, the learning approach is
complemented by so-called \emph{scenario patterns} where the engineer can
specify \emph{clearly} desired or unwanted behavior. This way, user
interaction is reduced to the interesting scenarios limiting the design
effort considerably. In~\emph{SMA}, the learning phase is further
complemented by an effective analysis phase that allows for detecting
design flaws at an early design stage. Using learning techniques allows us
to gradually develop and refine requirements, naturally supporting
case anomalous system behavior is detected during analysis, testing, or
maintenance. This paper describes the approach and reports on first
practical experiences.}
}

@article{BCHMMR-ijwsr09,
publisher = {{IGI} Publishing},
journal = {International Journal of Web Services Research},
and Melliti, Tarek and Moreaux, Patrice and Rampacek, Sylvain},
title = {An Integrated Framework for Web Services Orchestration},
volume = 6,
number = 4,
pages = {1-29},
year = 2009,
month = sep,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHMMR-ijwsr09.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHMMR-ijwsr09.pdf},
abstract = {Currently, Web services give place to active research and this
is due both to industrial and theoretical factors. On one hand, Web
services are essential as the design model of applications dedicated to
the electronic business. On the other hand, this model aims to become one
of the major formalisms for the design of distributed and cooperative
authors will focus on two features of Web services. The first one concerns
the interaction problem: given the interaction protocol of a Web service
described in BPEL, how to generate the appropriate client? Their approach
is based on a formal semantics for BPEL via process algebra and yields an
algorithm which decides whether such a client exists and synthesizes the
description of this client as a (timed) automaton. The second one concerns
the design process of a service. They propose a method which proceeds by
two successive refinements: first the service is described via UML, then
refined in a BPEL model and finally enlarged with JAVA code using JCSWL, a
new language that we introduce here. Their solutions are integrated in a
service development framework that will be presented in a synthetic way.}
}

@incollection{HI-petrinet-diaz,
year = 2009,
publisher = {Wiley-ISTE},
editor = {Diaz, Michel},
booktitle = {Petri Nets: Fundamental Models, Verification and Applications},
title = {Symmetry and Temporal Logic},
pages = {435-460},
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html}
}

@incollection{HV-petrinet-diaz-b,
year = 2009,
publisher = {Wiley-ISTE},
editor = {Diaz, Michel},
booktitle = {Petri Nets: Fundamental Models, Verification and Applications},
title = {Verification of Specific Properties},
pages = {349-414},
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html}
}

@incollection{HM-petrinet-diaz-c,
year = 2009,
publisher = {Wiley-ISTE},
editor = {Diaz, Michel},
booktitle = {Petri Nets: Fundamental Models, Verification and Applications},
title = {Tensor Methods and Stochastic {P}etri Nets},
pages = {321-346},
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html}
}

@incollection{HM-petrinet-diaz-b,
year = 2009,
publisher = {Wiley-ISTE},
editor = {Diaz, Michel},
booktitle = {Petri Nets: Fundamental Models, Verification and Applications},
title = {Stochastic Well-formed {P}etri Nets},
pages = {303-320},
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html}
}

@incollection{HM-petrinet-diaz-a,
year = 2009,
publisher = {Wiley-ISTE},
editor = {Diaz, Michel},
booktitle = {Petri Nets: Fundamental Models, Verification and Applications},
title = {Stochastic {P}etri Nets},
pages = {269-302},
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html}
}

@incollection{H-petrinet-diaz,
year = 2009,
publisher = {Wiley-ISTE},
editor = {Diaz, Michel},
booktitle = {Petri Nets: Fundamental Models, Verification and Applications},
title = {Decidability and Complexity of {P}etri Net Problems},
pages = {87-122},
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html}
}

@incollection{HV-petrinet-diaz-a,
year = 2009,
publisher = {Wiley-ISTE},
editor = {Diaz, Michel},
booktitle = {Petri Nets: Fundamental Models, Verification and Applications},
title = {Analysis Methods for {P}etri Nets},
pages = {41-86},
url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html}
}

@inproceedings{ZBH-lads09,
year = 2010,
volume = 6039,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Dastani, Mehdi and El~Fallah Seghrouchni, Amal and Leite, Jo{\~a}o
and Torroni, Paolo},
booktitle = {{R}evised {S}elected {P}apers of the 2nd {W}orkshop on {LA}nguages, methodologies and
{D}evelopment tools for multi-agent system{S} ({LADS}'09)},
title = {Agents Secure Interaction in Data Driven Languages},
pages = {72-91},
doi = {10.1007/978-3-642-13338-1_5},
abstract = {This paper discusses the security issues in data driven
coordination languages. These languages rely on a data space shared by the
agents and used to coordinate their activities. We extend these languages
with a main distinguishing feature, which is the possibility to define
fine-grained security conditions, associated with every datum in the
shared space. Two main ideas makes it possible: the consideration of an
abstraction of agents' states in the form of data at language level and
the introduction of a richer interaction mechanism than state-of-the-art
templates. This novel security mechanism allows both agents and system
designers to prohibit undesirable interactions.}
}

@techreport{LSV:09:16,
title = {Verification on Interrupt Timed Automata},
institution = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
year = {2009},
month = jul,
type = {Research Report},
number = {LSV-09-16},
url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2009-16.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2009-16.pdf},
note = {16~pages},
abstract = {The class of Interrupt Timed Automata (ITA) has been introduced to
model multi-task systems with interruptions in a single processor
environment.  This is a subclass of hybrid automata in which real
valued variables consist of a restricted type of stopwatches
(variables with rate $$0$$ or~$$1$$) organized along levels. While
reachability is undecidable with usual stopwatches, it was proved
that this problem is decidable in ITA and that untimed languages of
ITA are effectively regular. Here we investigate the problem of
model checking timed extensions of CTL over ITA and show in
contrast that this problem is undecidable. On~the other hand, we
prove that model checking is decidable for two relevant fragments of this
timed logic: (1)~the~first one where formula contain only model
clocks and (2)~the~second one where formulas have a single external
clock.}
}

@inproceedings{HMY-msr09,
month = nov,
year = 2009,
number = {7-9},
volume = {43},
series = {Journal Europ{\'e}en des Syst{\e}mes Automatis{\'e}s},
publisher = {Herm{\e}s},
editor = {Lime, Didier and Roux, Olivier H.},
acronym = {{MSR}'09},
booktitle = {{A}ctes du 7{\e}me {C}olloque sur la
{M}od{\'e}lisation des {S}yst{\e}mes
{R}{\'e}actifs
({MSR}'09)},
title = {Bornes du temps de r{\'e}ponse des services Web composites},
pages = {969-983},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HMY-msr09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HMY-msr09.pdf},
abstract = {The quality of service (QoS) of Web services is a key
factor of their success. This requires to design new methods in order to
study~it. Here we propose families of upper bounding models for the
response time of composite Web services for two kinds of composition: the
statical and random {"}fork and merge{"}. In~the first~case, the~complexity of
bounding models belongs to~$$O(n\cdot \sqrt{n})$$ where $$n$$~is the
number of called services whereas the complexity of the exact model
belongs to~$$O(n^2)$$. In~the second~case, the~complexity of bounding
models still belongs to~$$O(n\cdot \sqrt{n})$$ whereas the complexity of
the exact model belongs to~$$O(n^3)$$. Furthermore, having a family of
bounding models allows to choose the bounding model depending on the
parameters of the exact model. The numerical results show the interest of
our approach w.r.t. complexity and accuracy of the bound.}
}

@inproceedings{ACDFR-msr09,
month = nov,
year = 2009,
number = {7-9},
volume = {43},
series = {Journal Europ{\'e}en des Syst{\e}mes Automatis{\'e}s},
publisher = {Herm{\e}s},
editor = {Lime, Didier and Roux, Olivier H.},
acronym = {{MSR}'09},
booktitle = {{A}ctes du 7{\e}me {C}olloque sur la
{M}od{\'e}lisation des {S}yst{\e}mes
{R}{\'e}actifs
({MSR}'09)},
author = {Andr{\'e}, {\'E}tienne and Chatain, {\relax Th}omas and
De{ }Smet, Olivier and Fribourg, Laurent and Ruel, Silvain},
title = {Synth{\e}se de contraintes temporis{\'e}es pour
une architecture d'automatisation en r{\'e}seau},
pages = {1049-1064},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/ACDFR-msr09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/ACDFR-msr09.pdf},
abstract = {We deal with the problem of synthesis of timing constraints for
concurrent systems. Such systems are modeled by networks of timed automata
where some constants, represented as parameters, can be tuned. A suitable
value of these parameters is assumed to be known from a preliminarily
simulation process. We present a method which infers a zone of suitable
points around this reference functioning point. This zone is defined by a
system of linear inequalities over the parameters. This method is applied
to the case study of a networked automation system.}
}

@inproceedings{CDL-adhs09,
month = sep,
year = 2009,
editor = {Giua, Alessandro and Silva, Manuel and Zaytoon, Janan},
booktitle = {{P}roceedings of the 3rd {IFAC} {C}onference on {A}nalysis and
author = {Chatain, {\relax Th}omas and David, Alexandre and Larsen, Kim
G.},
title = {Playing Games with Timed Games},
abstract = {In this paper we focus on property-preserving preorders between
timed game automata and their application to control of partially
observable systems. Following the example of timed simulation between
timed automata, we define timed alternating simulation as a preorder
between timed game automata, which preserves controllability. We define a
method to reduce the timed alternating simulation problem to a safety
game. We show how timed alternating simulation can be used to control
efficiently a partially observable system. This method is illustrated by a
generic case study.}
}

@inproceedings{BCDL-formats09,
month = sep,
year = 2009,
volume = 5813,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Ouaknine, Jo{\"e}l and Vaandrager, Frits},
acronym = {{FORMATS}'09},
booktitle = {{P}roceedings of the 7th {I}nternational {C}onference
on {F}ormal {M}odelling and {A}nalysis of {T}imed
{S}ystems ({FORMATS}'09)},
author = {Bulychev, Peter and Chatain, {\relax Th}omas and David,
Alexandre and Larsen, Kim G.},
title = {Checking simulation relation between timed game automata},
pages = {73-87},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCDL-formats09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCDL-formats09.pdf},
doi = {10.1007/978-3-642-04368-0_8},
abstract = {In this paper we focus on property-preserving preorders between
timed game automata and their application to control of
partially observable systems. We define timed weak
alternating simulation as a preorder between timed game
automata, which preserves controllability. We define the
rules of building a symbolic turn-based two-player game such
that the existence of a winning strategy is equivalent to
the simulation being satisfied. We also propose an
on-the-fly algorithm for solving this game. This simulation
checking method can be applied to the case of
non-alternating or strong simulations as well. We illustrate
our algorithm by a case study and report on results.}
}

@inproceedings{HP-qest09,
month = sep,
year = 2009,
publisher = {{IEEE} Computer Society Press},
acronym = {{QEST}'09},
booktitle = {{P}roceedings of the 6th {I}nternational
{C}onference on {Q}uantitative
{E}valuation of {S}ystems
({QEST}'09)},
title = {Using Stochastic Comparison for Efficient
Model Checking of Uncertain {M}arkov Chains},
pages = {177-186},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HP-qest09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HP-qest09.pdf},
doi = {10.1109/QEST.2009.42},
abstract = {We consider model checking of Discrete Time Markov Chains~(DTMC)
with transition probabilities which are not exactly known but lie in a
given interval. Model checking a Probabilistic Computation Tree
Logic~(PCTL) formula for interval-valued DTMCs~(IMC) has been shown to be
NP hard and co-NP hard. Since the state space of a realistic DTMC is
generally huge, these lower bounds prevent the application of exact
algorithms for such models. Therefore we propose to apply the stochastic
comparison method to check an extended version of PCTL for IMCs. More
precisely, we first design linear time algorithms to quantitatively
analyze IMCs. Then we develop an efficient, semi-decidable PCTL model
checking procedure for IMCs. Furthermore, our procedure returns more
provide useful partial information for modelers in the {"}DON'T~KNOW{"}
case.}
}

@inproceedings{RBH-formats09,
month = sep,
year = 2009,
volume = 5813,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Ouaknine, Jo{\"e}l and Vaandrager, Frits},
acronym = {{FORMATS}'09},
booktitle = {{P}roceedings of the 7th {I}nternational {C}onference
on {F}ormal {M}odelling and {A}nalysis of {T}imed
{S}ystems ({FORMATS}'09)},
author = {Bouillard, Anne and Haar, Stefan and Rosario, Sidney},
title = {Critical paths in the Partial Order Unfolding of a
Stochastic {P}etri Net},
pages = {43-57},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHR-formats09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHR-formats09.pdf},
doi = {10.1007/978-3-642-04368-0_6},
abstract = {In concurrent real-time processes, the speed of individual
components has a double impact: on the one hand, the overall
latency of a compound process is affected by the latency of
its components. But, if the composition has race conditions,
the very outcome of the process will also depend on the
latency of component processes. Using stochastic Petri nets,
we investigate the probability of a transition occurrence
being critical for the entire process, i.e. such that a
small increase or decrease of the duration of the occurrence
entails an increase or decrease of the total duration of the
process. The first stage of the analysis focuses on
occurrence nets, as obtained by partial order unfoldings, to
determine criticality of events; we then lift to workflow
nets to investigate criticality of transitions inside a
workflow.}
}

@inproceedings{LA-ictac09,
month = aug,
year = 2009,
volume = 5684,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Leucker, Martin and Morgan, Carroll},
acronym = {{ICTAC}'09},
booktitle = {{P}roceedings of the 6th {I}nternational {C}olloquium on
{T}heoretical {A}spects of {C}omputing ({ICTAC}'09)},
author = {Longuet, Delphine and Aiguier, Marc},
title = {Integration Testing from Structured First-Order
Specifications via Deduction Modulo},
pages = {261-276},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LA-ictac09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LA-ictac09.pdf},
doi = {10.1007/978-3-642-03466-4_17},
abstract = {Testing from first-order specifications has mainly been studied
for flat specifications, that are specifications of a single software
module. However, the specifications of large software systems are
generally built out of small specifications of individual modules, by
enriching their union. The aim of integration testing is to test the
composition of modules assuming that they have previously been verified,
i.e. assuming their correctness. One of the main method for the selection
of test cases from first-order specifications, called axiom unfolding, is
based on a proof search for the different instances of the property to be
tested, thus allowing the coverage of this property. The idea here is to
use deduction modulo as a proof system for structured first-order
specifications in the context of integration testing, so as to take
advantage of the knowledge of the correctness of the individual modules.}
}

@article{RBHJ-tsc08,
publisher = {{IEEE} Computer Society Press},
journal = {IEEE Transactions on Services Computing},
author = {Rosario, Sidney and Benveniste, Albert and Haar, Stefan and
Jard, Claude},
title = {Probabilistic {Q}o{S} and Soft Contracts for
Transaction-Based Web Services Orchestrations},
pages = {187-200},
volume = 1,
number = 4,
month = oct # {-} # dec,
year = 2008,
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/RBHJ-tsc08.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/RBHJ-tsc08.pdf},
doi = {10.1109/TSC.2008.17},
abstract = {Service level agreements (SLAs), or contracts, have an
important role in web services. They define the obligations
and rights between the provider of a web service and its
client, about the function and the Quality of the service
(QoS). For composite services like orchestrations, contracts
are deduced by a process called QoS contract composition,
based on contracts established between the orchestration and
the called web services. Contracts are typically stated as
hard guarantees (e.g., response time always less than 5
msec). Using hard bounds is not realistic, however, and more
statistical approaches are needed. In this paper we propose
using soft probabilistic contracts instead, which consist of
a probability distribution for the considered QoS
parameter---in this paper, we focus on timing. We show how to
compose such contracts, to yield a global probabilistic
contract for the orchestration. Our approach is implemented
by the TOrQuE tool. Experiments on TOrQuE show that overly
pessimistic contracts can be avoided and significant room
for safe overbooking exists. An essential component of SLA
management is then the continuous monitoring of the
performance of called web services, to check for violations
of the SLA. We propose a statistical technique for run-time
monitoring of soft contracts.}
}

@inproceedings{BRBH-atpn09,
month = jun,
year = 2009,
volume = 5606,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Franceschinis, Giuliana and Wolf, Karsten},
acronym = {{PETRI~NETS}'09},
booktitle = {{P}roceedings of the 30th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'09)},
author = {Bouillard, Anne and Rosario, Sidney and
Benveniste, Albert and Haar, Stefan},
title = {Monotonicity in Service Orchestrations},
pages = {263-282},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BRBH-atpn09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BRBH-atpn09.pdf},
doi = {10.1007/978-3-642-02424-5_16},
abstract = {Web Service orchestrations are compositions of different Web
Services to form a new service. The services called during the orchestration
guarantee a given performance to the orchestrater, usually in the form of
contracts.\par
These contracts can be used by the orchestrater to deduce the contract it
can offer to its own clients, by performing contract composition. An
implicit assumption in contract based QoS management is: {"}the better the
component services perform, the better the orchestration's performance
will~be{"}. Thus, contract based QoS management for Web services
orchestrations implicitly assumes monotony.\par
In some orchestrations, however, monotony can be violated, i.e., the
performance of the orchestration improves when the performance of a
component service degrades. This is highly undesirable since it can render
the process of contract composition inconsistent.\par
In this paper we define monotony for orchestrations modelled by Colored
Occurrence Nets (CO-nets) and we characterize the classes of monotonic
orchestrations. We show that few orchestrations are indeed monotonic,
mostly since latency can be traded for quality of data. We also propose a
sound refinement of monotony, called \emph{conditional monotony}, which
forbids this kind of cheating and show that conditional monotony is widely
satisfied by orchestrations. This finding leads to reconsidering the way
SLAs should be formulated.}
}

@incollection{EFH-tsmaai09,
title = {Interop{\'e}rabilit{\'e} des syst{\e}mes multi-agents
{\a} l'aide des services web},
booktitle = {Technologies des syst{\e}mes multi-agents et
applications industrielles},
editor = {El~Fallah Seghrouchni, Amal and Briot, Jean-Pierre},
publisher = {Herm{\e}s},
year = 2009,
month = apr,
pages = {77-99},
chapter = 3,
url = {http://www.lavoisier.fr/notice/fr2746217850.html},
nops = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/.ps},
nopsgz = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PSGZ/.ps.gz},
futureisbn = {}
}

@inproceedings{HKPPT-acc09,
address = {Saint Louis, Missouri, USA},
month = jun,
year = 2009,
acronym = {{ACC}'09},
booktitle = {{P}roceedings of the 28th {A}merican {C}ontrol
{C}onference ({ACC}'09)},
title = {Efficient State-Based Analysis by Introducing Bags in
{P}etri Nets Color Domains},
pages = {5018-5025},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HKPPT-acc09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HKPPT-acc09.pdf},
doi = {10.1109/ACC.2009.5160020},
abstract = {The use of high-level nets, such as coloured Petri nets, is very
convenient for modelling complex controllable systems in order to have a
compact, readable and structured specification. However, when coming to
the analysis phase, using too elaboratc types becomes a burden.\par
A good trade-off between expressivene and analy is capabilities is then to
have only imple types, which is achieved with symmetric nels. These latter
nels enjoy the possibility of generating a symbolic reachability gralph,
which is much smallcr than the whole state space and still allows for
exhaustive analysis.\par
In this paper, we extend the symmetric net model with bags on arcs. Hence,
variables can be bags of tokens,leading to more flexible models. We show
that symmetric nets with bags also allow for applying the symbolic
reachability graph technique with application to deadlock detection and
more generally for safety properties.}
}

@misc{dots-2.2,
author = {Chatain, {\relax Th}omas and Gastin, Paul and Muscholl, Anca
and Sznajder, Nathalie and Walukiewicz, Igor and
Zeitoun, Marc},
title = {Distributed control for restricted specifications},
howpublished = {Deliverable DOTS~2.2 (ANR-06-SETI-003)},
year = 2009,
month = mar
}

@article{DHS-tose09,
publisher = {{IEEE} Computer Society Press},
journal = {IEEE Transactions on Software Engineering},
title = {Model Checking Timed and Stochastic Properties with {CSL\textsuperscript{TA}}},
volume = 35,
number = 2,
month = mar # {-} # apr,
year = 2009,
pages = {224-240},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DHS-tose09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DHS-tose09.pdf},
doi = {10.1109/TSE.2008.108},
abstract = {Markov chains are a well-known stochastic process that provide
a balance between being able to adequately model the system's behavior and
being able to afford the cost of the model solution. Systems can be
modelled directly as Markov chains, or with a higher-level formalism for
which Markov chains represent the underlying semantics. Markov chains are
widely used to study the performance of computer and telecommunication
systems. The definition of stochastic temporal logics like Continuous
Stochastic Logic~(CSL) and its variant~asCSL, and of their model-checking
algorithms, allows a unified approach to the verification of systems,
allowing the mix of performance evaluation and probabilistic verification.
\par
In this paper we present the stochastic logic CSL\textsuperscript{TA} ,
which is more expressive than CSL and~asCSL, and in which properties can
be specified using automata (more precisely, timed automata with a single
clock). The extension with respect to expressiveness allows the
specification of properties referring to the probability of a finite
sequence of timed events. A~typical example is the responsiveness property
{"}with probability at least~0.75, a~message sent at time~0 by a
system~$$A$$ will be received before time~5 by system~$$B$$ and the
acknowledgment will be back at~$$A$$ before time~7{"}, a property that
cannot be expressed in either CSL or~asCSL. Furthermore, the choice of
using automata rather than the classical temporal operators Next and Until
should help in enlarging the accessibility of model checking to a larger
public. We~also present a model-checking algorithm
for~CSL\textsuperscript{TA}.}
}

@inproceedings{BG-dlt09,
month = jun # {-} # jul,
year = 2009,
volume = {5583},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Diekert, Volker and Nowotka, Dirk},
acronym = {{DLT}'09},
booktitle = {{P}roceedings of the 13th {I}nternational
{C}onference on {D}evelopments in {L}anguage {T}heory
({DLT}'09)},
author = {Bollig, Benedikt and Gastin, Paul},
title = {Weighted versus Probabilistic Logics},
pages = {18-38},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BG-dlt09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BG-dlt09.pdf},
doi = {10.1007/978-3-642-02737-6_2},
abstract = {While a mature theory around logics such as MSO, LTL, and CTL
has been developed in the pure boolean setting of finite automata,
weighted automata lack such a natural connection with (temporal) logic and
related verification algorithms. In this paper, we will identify weighted
versions of MSO and CTL that generalize the classical logics and even
other quantitative extensions such as probabilistic CTL. We establish
expressiveness results on our logics giving translations from weighted and
probabilistic CTL into weighted MSO.}
}

@inproceedings{BHKL-ijcai2009,
month = jul,
year = 2009,
publisher = {AAAI Press},
editor = {Boutilier, Craig},
acronym = {{IJCAI}'09},
booktitle = {{P}roceedings of the 21st {I}nternational {J}oint
{C}onference on {A}rtificial {I}ntelligence
({IJCAI}'09)},
author = {Bollig, Benedikt and Habermehl, Peter and Kern, Carsten and
Leucker, Martin},
title = {Angluin-Style Learning of~{NFA}},
pages = {1004-1009},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHKL-ijcai09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHKL-ijcai09.pdf},
abstract = {We introduce NL$$^{*}$$, a learning algorithm for inferring
non-deterministic finite-state automata using membership and equivalence
queries. More specifically, residual finite-state automata (RFSA) are
learned similarly as in Angluin's popular L$$^{*}$$ algorithm, which,
however, learns deterministic finite-state automata~(DFA). Like in a~DFA,
the~states of an RFSA represent residual languages. Unlike a~DFA, an~RFSA
restricts to prime residual languages, which cannot be described as the
union of other residual languages. In~doing~so, RFSA can be exponentially
more succinct than~DFA. They are, therefore, the preferable choice for
many learning applications. The implementation of our algorithms is
applied to a collection of examples and confirms the expected advantage of
NL$$^{*}$$ over L$$^{*}$$.}
}

@article{LAL-jar09,
publisher = {Springer},
journal = {Journal of Automated Reasoning},
author = {Longuet, Delphine and Aiguier, Marc and Le{~}Gall, Pascale},
title = {Proof-guided test selection from first-order specifications
with equality},
year = {2010},
month = dec,
volume = 45,
number = 4,
pages = {437-473},
nmnote = {special issue on Tests and Proofs},
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LAL-jar09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LAL-jar09.pdf},
ps = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/LAL-jar09.ps},
doi = {10.1007/s10817-009-9128-7},
abstract = {This paper deals with test case selection from axiomatic
specifications whose axioms are quantifier-free first-order formulas with
equality. We first prove the existence of an ideal exhaustive test set to
start the selection from. We then propose an extension of the test
selection method called axiom unfolding, originally defined for algebraic
specifications, to quantifier-free first-order specifications with
equality. This method basically consists of a case analysis of the
property under test (the test purpose) according to the specification
axioms. It is based on a proof search for the different instances of the
test purpose. Since the calculus is sound and complete, this allows us to
provide a full coverage of this property. The generalisation we propose
allows to deal with any kind of predicate (not only equality) and with any
form of axiom and test purpose (not only equations or Horn clauses).
Moreover, it improves our previous works with efficiently dealing with the
equality predicate, thanks to the paramodulation rule.}
}

@article{GSZ-fmsd09,
publisher = {Springer},
journal = {Formal Methods in System Design},
author = {Gastin, Paul and Sznajder, Nathalie and Zeitoun, Marc},
title = {Distributed synthesis for well-connected
architectures},
volume = 34,
number = 3,
pages = {215-237},
month = jun,
year = 2009,
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/GSZ-fmsd09.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/GSZ-fmsd09.pdf},
doi = {10.1007/s10703-008-0064-7},
abstract = {We study the synthesis problem for external linear or branching
specifications and distributed, synchronous architectures with arbitrary
delays on processes. External means that the specification only relates
input and output variables. We introduce the subclass of uniformly
well-connected (UWC) architectures for which there exists a routing
allowing each output process to get the values of all inputs it is
connected to, as soon as possible. We prove that the distributed synthesis
problem is decidable on UWC architectures if and only if the output
variables are totally ordered by their knowledge of input variables. We
also show that if we extend this class by letting the routing depend on
the output process, then the previous decidability result fails. Finally,
we provide a natural restriction on specifications under which the whole
class of UWC architectures is decidable.}
}

@techreport{rr-lsv-10-23,
Rosa{-}Velardo, Fernando},
title = {Comparing Petri Data Nets and Timed Petri Nets},
institution = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
year = {2010},
month = dec,
type = {Research Report},
number = {LSV-10-23},
url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-23.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-23.pdf},
note = {16~pages},
abstract = {Well-Structured Transitions Systems (WSTS) constitute a generic
class of infinite-state systems for which several properties like
coverability remain decidable. The family of coverability languages that
they generate is an appropriate criterium for measuring their
expressiveness. Here we establish that Petri Data nets (PDNs) and Timed
Petri nets (TdPNs), two powerful classes of WSTS are equivalent w.r.t this
criterium.}
}

@article{bbdfh-pe10,
publisher = {Elsevier Science Publishers},
journal = {Performance Evaluation},
author = {Baarir, Souheib and Beccuti, Marco and Dutheillet, Claude and
title = {Lumping partially symmetrical stochastic models},
volume = 76,
nunmber = 1,
month = jan,
pages = {21-44},
year = 2011,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/bbdfh-pe10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/bbdfh-pe10.pdf},
doi = {10.1016/j.peva.2010.09.002},
abstract = {The performance and dependability evaluation of complex systems
by means of dynamic stochastic models (e.g. Markov chains) may be impaired
by the combinatorial explosion of their state space. Among the possible
methods to cope with this problem, symmetry-based ones can be applied to
systems including several similar components. Often however these systems
are only partially symmetric: their behavior is in general symmetric
except for some local situation when the similar components need to be
differentiated.\par
In this paper two methods to efficiently analyze partially symmetrical
models are presented in a general setting and the requirements for their
efficient implementation are discussed. Some case studies are presented to
show the methods' effectiveness and their applicative interest.}
}

@mastersthesis{rodriguez-master,
author = {Rodr{\'\i}guez, C{\'e}sar},
title = {Implementation of a complete prefix unfolder for contextual nets},
school = {{M}aster {P}arisien de {R}echerche en
{I}nformatique, Paris, France},
type = {Rapport de {M}aster},
year = {2010},
month = sep,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-m2.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-m2.pdf}
}

@inproceedings{hmy-bpsc10,
month = sep # {-} # oct,
year = 2010,
volume = {177},
series = {Lecture Notes in Informatics},
publisher = {Gesellschaft f{\"u}r Informatik},
editor = {Abramowicz, Witold and Alt, Rainer and F{\"a}hnrich, Klaus-Peter
and Franczyk, Bogdan and Maciaszek, Leszek A.},
acronym = {{ISSS}{\slash}{BPSC}'10},
booktitle = {{P}roceedings of the 2nd {I}nternational {S}ymposium on {S}ervices
{S}cience and 3rd {I}nternational {C}onference on {B}usiness
{P}rocess and {S}ervices {C}omputing
({ISSS}{\slash}{BPSC}'10)},
title = {Selection of the Best composite Web Service Based on Quality
of Service},
pages = {255-266},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/hmy-bpsc10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hmy-bpsc10.pdf},
abstract = {The paper proposes a general framework to composite Web services
selection based on multicriteria evaluation. The proposed framework
extends the Web services architecture by adding, in the registry, a new
Multicriteria Evaluation Component~(MEC) devoted to multicriteria
evaluation. This additional component takes as input a set of composite
Web services and a set of evaluation criteria and generates a set of
recommended composite Web services. In~addition to the description of the
conceptual architecture of the formwork, the paper also proposes solutions
to construct and evaluate composite web services. In order to show the
feasibility of the proposed architecture, we~have developed a prototype
based on the open source jUDDI registry.}
}

@techreport{rr-lsv-10-17,
Mathieu and Zeitoun, Marc},
title = {Distributed Synthesis with Incomparable Information},
institution = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
year = {2010},
month = oct,
type = {Research Report},
number = {LSV-10-17},
url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-17.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-17.pdf},
note = {20~pages},
abstract = {Given (1)~an architecture defined by processes and communication
channels between them or with the environment, and (2)~a~specification on
the messages transmitted over the channels, distributed synthesis aims at
deciding existence of local programs, one for each process, that together
meet the specification, whatever the environment does. Recent work shows
that this problem can be solved when a \emph{linear preorder} sorts the
agents w.r.t. the information received from the environment.\par
In this paper we show a new decidability result in the case where this
preorder is broken by the addition of noisy agents embedded in a pipeline
architecture. This case cannot be captured by the classical framework.
Besides, this architecture makes it possible to model particular security
threats, known as covert channels, where two users (the sender and the
receiver) manage to communicate via a noisy protocol, and despite
incomparable views over the environment.}
}

@inproceedings{haar-wodes10,
month = aug # {-} # sep,
year = 2010,
publisher = {IFAC},
editor = {Raisch, J{\"o}rg and Giua, Alessandro and Lafortune,
St{\'e}phane and Moor, Thomas},
acronym = {{WODES}'10},
booktitle = {{P}roceedings of the 10th {W}orkshop on {D}iscrete {E}vent {S}ystems
({WODES}'10)},
author = {Haar, Stefan},
title = {What Topology Tells us about Diagnosability in Partial Order Semantics},
pages = {221-226},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/SH-wodes10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SH-wodes10.pdf},
abstract = {From a partial observation of the behaviour of a labeled
Discrete Event System, fault Diagnosis strives to determine whether or not
a given {"}invisible{"} fault event has occurred. The diagnosability problem
can be stated as follows: does the labeling allow for an outside observer
to determine the occurrence of the fault, no later than a bounded number
of events after that unobservable occurrence? In concurrent systems,
partial order semantics adds to the difficulty of the problem, but also
provides a richer and more complex picture of observation and diagnosis.
In particular, it is crucial to clarify the intuitive notion of {"}time
after fault occurrence{"}. To this end, we will use a unifying metric
framework for event structures, providing a general topological
description of diagnosability in both sequential and nonsequential
semantics for Petri nets.}
}

@inproceedings{AGMN-fsttcs10,
month = dec,
year = 2010,
volume = 8,
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Lodaya, Kamal and Mahajan, Meena},
acronym = {{FSTTCS}'10},
booktitle = {{P}roceedings of the 30th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'10)},
author = {Akshay, S. and Gastin, Paul and Mukund, Madhavan and Narayan Kumar, K.},
title = {Model checking  time-constrained scenario-based specifications},
pages = {204-215},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-fsttcs10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-fsttcs10.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2010.204},
abstract = {We consider the problem of model checking message-passing
systems with real-time requirements. As behavioural specifications, we use
message sequence charts (MSCs) annotated with timing constraints. Our
system model is a network of communicating finite state machines with
local clocks, whose global behaviour can be regarded as a timed automaton.
Our goal is to verify that all timed behaviours exhibited by the system
conform to the timing constraints imposed by the specification. In
general, this corresponds to checking inclusion for timed languages, which
is an undecidable problem even for timed regular languages. However, we
show that we can translate regular collections of time-constrained MSCs
into a special class of event-clock automata that can be determinized and
complemented, thus permitting an algorithmic solution to the model
checking problem.}
}

@proceedings{GL-concur10,
author = {Gastin, Paul and Laroussinie, Fran{\c{c}}ois},
editor = {Gastin, Paul and Laroussinie, Fran{\c{c}}ois},
title = {{P}roceedings of the 21st
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'10)},
booktitle = {{P}roceedings of the 21st
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'10)},
year = 2010,
month = aug # {-} # sep,
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = {6269},
doi = {10.1007/978-3-642-15375-4}
}

@phdthesis{akshay-phd2010,
author = {Akshay, S.},
title = {Sp{\'e}cification et v{\'e}rification pour des syst{\e}mes
distribu{\'e}s et temporis{\'e}s},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2010,
month = jul,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/akshay-phd.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/akshay-phd.pdf}
}

@inproceedings{BDF-nsmc10,
month = sep,
year = 2010,
editor = {Benzi, Michele and Dayar, Tugrul},
acronym = {{NSMC}'10},
booktitle = {{P}roceedings of the 6th {I}nternational {M}eeting on the
{N}umerical {S}olution of {M}arkov {C}hain ({NSMC}'10)},
author = {Bu\v{s}i\'{c}, Ana and Djafri, Hilal and Fourneau, Jean-Michel},
title = {Stochastic Bounds for Censored {M}arkov Chains},
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-nsmc10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-nsmc10.pdf},
abstract = {Censored Markov chains~(CMC) allow to represent the conditional
behavior of a system within a subset of observed states. They provide a
theoretical framework to study the truncation of a discrete-time Markov
chain when the generation of the state-space is too hard or when the
number of states is too large. But the stochastic matrix of a CMC may be
difficult to obtain. Dayar \textit{et~al.}~(2006) have proposed an
algorithm, called DPY, that computes a stochastic bounding matrix for a
CMC with a smaller complexity with only a partial knowledge of the chain.
We prove that this algorithm is optimal for the information they take into
account. We also show how some additional knowledge on the chain can
improve stochastic bounds for~CMC.}
}

@inproceedings{CJ-notere10,
month = may # {-} # jun,
year = 2010,
publisher = {{IEEE} Computer Society Press},
noeditor = {},
acronym = {{NOTERE}'10},
booktitle = {{A}ctes de la 10{\e}me {C}onf{\'e}rence {I}nternationale sur les
{NO}uvelles {TE}chnologies de la {R\'E}partition ({NOTERE}'10)},
author = {Chatain, {\relax Th}omas and Jard, Claude},
title = {S{\'e}mantique concurrente symbolique des r{\'e}seaux
de {P}etri saufs et d{\'e}pliages finis des r{\'e}seaux
temporels},
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-notere10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-notere10.pdf},
abstract = {On consid\ere des r\'eseaux de Petri color\'es, \a contraintes
lin\'eaires et pouvant poss\'eder des arcs de lecture. Sur cette classe,
on d\'efinit une s\'emantique concurrente en termes de processus d'ordre
partiel permettant de garder explicite l'ind\'ependance entre des tirs de
transitions. L'ensemble des processus peut \^etre repr\'esent\'e en
utilisant la notion de d\'epliage symbolique. Nous montrons alors comment
les r\'eseaux de Petri temporels peuvent \^etre cod\'es dans ce mod\ele
\a l'aide d'une transformation syntaxique pr\'eservant la concurrence.
Cette transformation permet de d\'efinir la notion de d\'epliage de
r\'eseaux de Petri temporels et d'en donner une repr\'esentation par
pr\'efixe fini.}
}

@inproceedings{BFCH-dsn09,
month = jun # {-} # jul,
year = 2009,
publisher = {{IEEE} Computer Society Press},
noeditor = {},
acronym = {{DSN}'09},
booktitle = {{P}roceedings of the 39th {A}nnual {IEEE}{\slash}{IFIP}
{I}nternational {C}onference on {D}ependable {S}ystems and
{N}etworks ({DSN}'09)},
author = {Beccuti, Marco and Franceschinis, Giuliana and
title = {Parametric {NdRFT} for the derivation of optimal repair
strategies},
pages = {399-408},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-dsn09.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-dsn09.pdf},
doi = {10.1109/DSN.2009.5270312},
abstract = {Non deterministic Repairable Fault Trees~(NdRFT) are a recently
proposed modeling formalism for the study of optimal repair strategies:
they are based on the widely adopted Fault Tree formalism, but in addition
to the failure modes, NdRFTs allow to define possible repair actions. In a
previous pa per the formalism has been introduced together with an
analysis method and a tool allowing to automatically derive the best
repair strategy to be applied in each state. The analysis technique is
based on the generation and solution of a Markov Decision Process. In this
paper we present an extension, ParNdRFT, that allows to exploit the
presence of redundancy to reduce the complexity of the model and of the
analysis. It is based on the translation of the ParNdRFT in to a Markov
Decision Well-Formed Net, i.e. a model specified by means of an High Level
Petri Net formalism. The translated model can be efficiently solved thanks
to existing algorithms that generate a reduced state space automatically
exploiting the model symmetries.}
}

@inproceedings{EHH-apnoc10,
month = jun,
year = 2010,
editor = {Sidorova, Natalia and Serebrenik, Alexander},
acronym = {{APNOC}'10},
booktitle = {{P}roceedings of the 2nd {I}nternational {W}orkshop on
{A}bstractions for {P}etri {N}ets and {O}ther {M}odels of
{C}oncurrency ({APNOC}'10)},
title = {Process Refinement and Asynchronous Composition with Modalities},
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/EHH-apnoc10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/EHH-apnoc10.pdf},
abstract = {We propose a framework for the specification of infinite state
systems based on Petri nets with distinguished may- and must-transitions
(called modalities) which specify the allowed and the required behavior of
refinements and hence of implementations. Formally, refinements are
defined by relating the modal language specifications generated by two
modal Petri nets according to the refinement relation for modal language
specifications. We show that this refinement relation is decidable if the
underlying modal Petri nets are weakly deterministic. We also show that
the membership problem for the class of weakly deterministic modal Petri
nets is decidable. As an important application of our approach we consider
I/O-Petri nets which are obtained by asynchronous composition and thus
exhibit inherently an infinite behavior.}
}

@inproceedings{BCH-time10,
month = sep,
year = 2010,
publisher = {{IEEE} Computer Society Press},
editor = {Markey, Nicolas and Wijsen, Jef},
acronym = {{TIME}'10},
booktitle = {{P}roceedings of the 17th {I}nternational {S}ymposium on
{T}emporal {R}epresentation and {R}easoning
({TIME}'10)},
author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan},
title = {A~Concurrency-Preserving Translation from Time {P}etri Nets to Networks of Timed
Automata},
pages = {77-84},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-time10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-time10.pdf},
doi = {10.1109/TIME.2010.12},
abstract = {Real-time distributed systems may be modeled in different
formalisms such as time Petri nets~(TPN) and networks of timed
automata~(NTA). This paper focuses on translating a $$1$$-bounded TPN into
an NTA and considers an equivalence which takes the distribution of
actions into account. This translation is extensible to bounded~TPNs.
We~first use $$S$$-invariants to decompose the net into components that
give the structure of the automata, then we add clocks to provide the
timing information. Although we have to use an extended syntax in the
timed automata, this is a novel approach since the other transformations
and comparisons of these models did not consider the preservation of
concurrency.}
}

@inproceedings{BHS-time10,
month = sep,
year = 2010,
publisher = {{IEEE} Computer Society Press},
editor = {Markey, Nicolas and Wijsen, Jef},
acronym = {{TIME}'10},
booktitle = {{P}roceedings of the 17th {I}nternational {S}ymposium on
{T}emporal {R}epresentation and {R}easoning
({TIME}'10)},
title = {Real Time Properties for Interrupt Timed Automata},
pages = {69-76},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-time10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-time10.pdf},
doi = {10.1109/TIME.2010.11},
abstract = {Interrupt Timed Automata (ITA) have been introduced to model
multi-task systems with interruptions. They form a~subclass of stopwatch
automata, where the real valued variables (with rate $$0$$ or~$$1$$) are
organized along priority levels. While reachability is undecidable with
usual stopwatches, the problem was proved decidable for~ITA. In~this work,
closure, and complexity for~ITA, our~main purpose is to investigate the
verification of real time properties over~ITA. While we prove that model
checking a variant of the timed logic TCTL is undecidable, we nevertheless
give model checking procedures for two relevant fragments of this logic:
one where formulas contain only model clocks and another one where
formulas have a single external clock.}
}

@inproceedings{HMY-iscc10,
month = jun,
year = 2010,
publisher = {{IEEE} Computer Society Press},
noeditor = {},
acronym = {{ISCC}'10},
booktitle = {{P}roceedings of the 15th {IEEE} {S}ymposium on {C}omputers and
{C}ommunications ({ISCC}'10)},
title = {Response time of {BPEL4WS} constructors},
pages = {695-700},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-iscc10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-iscc10.pdf},
doi = {10.1109/ISCC.2010.5546538},
abstract = {Response time is an important factor for every software system
and it becomes more salient when it is associated with introducing novel
technologies, such as Web services. Most performance evaluation of Web
services are focused toward composite Web services and their response
time. One important limitation of existing work is in the fact that only
constant or service exponential time distribution are considered. However,
experimental results have shown that the Web services response times is
typically heavy-tailed, in particulary, if there are heterogeneous. So,
heavy-tailed response times should be considered in the dimensioning Web
services. In this study, we propose analytical formulas for mean response
times for structured BPEL constructors such as \emph{sequence},
\emph{flow} and \emph{switch} constructors,~etc. The difference with
previous studies in the literature, is that we consider heterogenous
servers, the number of invoked elementary Web services can be variable and
the elementary Web services response times are heavy-tailed.}
}

@article{BKM-lmcs10,
journal = {Logical Methods in Computer Science},
author = {Bollig, Benedikt and Kuske, Dietrich and Meinecke, Ingmar},
title = {Propositional Dynamic Logic for Message-Passing Systems},
year = 2010,
month = sep,
volume = 6,
number = {3:16},
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lmcs10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lmcs10.pdf},
doi = {10.2168/LMCS-6(3:16)2010},
abstract = {We examine a bidirectional propositional dynamic logic~(PDL) for
finite and infinite message sequence charts~(MSCs) extending
$$\textsf{LTL}$$ and $$\textsf{TLC}^{-}$$. By~this kind of multi-modal
logic we can express properties both in the entire future and in the past
of an event. Path expressions strengthen the classical until operator of
temporal logic. For every formula defining an MSC language, we construct a
communicating finite-state machine~(CFM) accepting the same language. The
CFM obtained has size exponential in the size of the formula. This
synthesis problem is solved in full generality, \textit{i.e.}, also for
MSCs with unbounded channels. The model checking problem for CFMs and
HMSCs turns out to be in PSPACE for existentially bounded MSCs. Finally,
we show that, for PDL with intersection, the semantics of a formula cannot
be captured by a CFM anymore.}
}

@inproceedings{BH-monterey2008,
month = apr,
year = 2010,
volume = 6028,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Choppy, {\relax Ch}ristine and Sokolsky, Oleg},
acronym = {{MONTEREY}'08},
booktitle = {{R}evised {S}elected {P}apers of the 15th {M}onterey
{W}orkshop on {F}oundations
of {C}omputer {S}oftware ({MONTEREY}'08)},
title = {Client Synthesis for Aspect Oriented Web Services},
pages = {24-42},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-monterey08.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-monterey08.pdf},
doi = {10.1007/978-3-642-12566-9_2},
abstract = {Client synthesis for complex Web services is a critical and
still open topic as it will enable more flexibility in the
deployment of such services. In previous works, our team has
developed a theoretical framework based on process algebra
that has led to algorithms and tools for the client
interaction. Here, we show how to generalise our approach
for aspect oriented Web services.}
}

@inproceedings{BGMZ-icalp10,
month = jul,
year = 2010,
volume = 6199,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Abramsky, Samson and Meyer{ }auf{ }der{ }Heide, Friedhelm
and Spirakis, Paul},
acronym = {{ICALP}'10},
booktitle = {{P}roceedings of the 37th {I}nternational
{C}olloquium on {A}utomata, {L}anguages and
{P}rogramming ({ICALP}'10)~-- {P}art~{II}},
author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin
and Zeitoun, Marc},
title = {Pebble weighted automata and transitive closure logics},
pages = {587-598},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-icalp10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-icalp10.pdf},
doi = {10.1007/978-3-642-14162-1_49},
abstract = {We introduce new classes of weighted automata on words. Equipped
with pebbles and a two-way mechanism, they go beyond the class of
recognizable formal power series, but capture a weighted version of
first-order logic with bounded transitive closure. In contrast to previous
work, this logic allows for unrestricted use of universal quantification.
Our main result states that pebble weighted automata, nested weighted
automata, and this weighted logic are expressively equivalent. We also
give new logical characterizations of the recognizable series.}
}

@inproceedings{BKKLNP-cav10,
month = jul,
year = 2010,
volume = {6174},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Cook, Byron and Jackson, Paul and Touili, Tayssir},
acronym = {{CAV}'10},
booktitle = {{P}roceedings of the 22nd
{I}nternational {C}onference on
{C}omputer {A}ided {V}erification
({CAV}'10)},
author = {Bollig, Benedikt and Katoen, Joost-Pieter and Kern, Carsten
and Leucker, Martin and Neider, Daniel and Piegdon,  David R.},
title = {libalf: the Automata Learning Framework},
pages = {360-364},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BKKLNP-cav10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BKKLNP-cav10.pdf},
doi = {10.1007/978-3-642-14295-6_32},
abstract = {This paper presents \texttt{libalf}, a comprehensive,
open-source library for learning formal languages. \texttt{libalf} covers
various well-known learning techniques for finite automata (e.g.
Angluin's~$$\textsf{L}^*$$, \textsf{Biermann}, \textsf{RPNI},~etc.) as
well as novel learning algorithms (such as for NFA and visibly one-counter
automata). \texttt{libalf}~is flexible and allows facilely interchanging
learning algorithms and combining domain-specific features in a
plug-and-play fashion. Its modular design and C++ implementation make it a
suitable platform for adding and engineering further learning algorithms
for new target models (\textit{e.g.}, B{\"u}chi automata).}
}

@article{RHS-ijfcs09,
publisher = {World Scientific},
journal = {International Journal of Foundations of Computer Science},
title = {Continuous {P}etri Nets: Expressive Power and Decidability Issues},
volume = 21,
number = 2,
pages = {235-256},
year = 2010,
month = apr,
doi = {10.1142/S0129054110007222},
abstract = {State explosion is a fundamental problem in the analysis and
synthesis of discrete event systems. Continuous Petri nets can be seen as
a relaxation of the corresponding discrete model. The expected gains are
twofold: improvements in complexity and in decidability. In the case of
autonomous nets we prove that liveness or deadlock-freeness remain
decidable and can be checked more efficiently than in Petri nets. Then we
introduce time in the model which now behaves as a dynamical system driven
by differential equations and we study it w.r.t. expressiveness and
decidability issues. On the one hand, we prove that this model is
equivalent to timed differential Petri nets which are a slight extension
of systems driven by linear differential equations~(LDE). On~the other
hand, (contrary to the systems driven by~LDEs) we show that continuous
timed Petri nets are able to simulate Turing machines and thus that basic
properties become undecidable.}
}

@inproceedings{CF-pn10,
month = jun,
year = 2010,
volume = 6128,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Lilius, Johan and Penczek, Wojciech},
acronym = {{PETRI~NETS}'10},
booktitle = {{P}roceedings of the 31st
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'10)},
author = {Chatain, {\relax Th}omas and Fabre, {\'E}ric},
title = {Factorization Properties of Symbolic Unfoldings of Colored
{P}etri Nets},
pages = {165-184},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CF-pn10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CF-pn10.pdf},
doi = {10.1007/978-3-642-13675-7_11},
abstract = {The unfolding technique is an efficient tool to explore the runs
of a Petri net in a true concurrency semantics, \textit{i.e.}, without
constructing all the interleavings of concurrent actions. But even small
real systems are never modeled directly as ordinary Petri nets: they use
many high-level features that were designed as extensions of Petri nets.
We focus here on two such features: colors and compositionality. We show
that the symbolic unfolding of a product of colored Petri nets can be
expressed as the product of the symbolic unfoldings of these nets. This is
a necessary result in view of distributed computations based on symbolic
unfoldings, as they have been developed already for standard unfoldings,
to design modular verification techniques, or modular diagnosis
procedures, for example. The factorization property of symbolic unfoldings
is valid for several classes of colored or high-level nets. We derive it
here for a class of (high-level) open nets, for which the composition is
performed by connecting places rather than transitions.}
}

@article{GK-icomp10,
publisher = {Elsevier Science Publishers},
journal = {Information and Computation},
author = {Gastin, Paul and Kuske, Dietrich},
title = {Uniform satisfiability problem for local temporal logics over
{M}azurkiewicz traces},
volume = 208,
number = 7,
month = jul,
year = 2010,
pages = {797-816},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GK-icomp10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GK-icomp10.pdf},
doi = {10.1016/j.ic.2009.12.003},
abstract = {We continue our study of the complexity of MSO-definable local
temporal logics over concurrent systems that can be described by
Mazurkiewicz traces. In previous papers, we showed that the satisfiability
problem for any such logic is in PSPACE (provided the dependence alphabet
is fixed) and remains in PSPACE for all classical local temporal logics
even if the dependence alphabet is part of the input. In~this paper, we
consider the uniform satisfiability problem for arbitrary MSO-definable
local temporal logics. For this problem, we prove multi-exponential lower
and upper bounds that depend on the number of alternations of set
quantifiers present in the chosen MSO-modalities.}
}

@article{Haar-tac10,
publisher = {{IEEE} Computer Society Press},
journal = {IEEE Transactions on Automatic Control},
author = {Haar, Stefan},
title = {Types of Asynchronous Diagnosability and
the {\emph{Reveals}}-Relation in Occurrence Nets},
volume = 55,
number = 10,
month = oct,
year = 2010,
pages = {2310-2320},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-tac10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-tac10.pdf},
doi = {10.1109/TAC.2010.2063490},
abstract = {We consider asynchronous diagnosis in (safe) Petri net models of
distributed systems, using the partial order semantics of occurrence net
unfoldings. Both the observability and diagnosability properties will
appear in two different forms, depending on the semantics chosen:
\emph{strong} observability and diagnosability are the classical notions
from the state machine model and correspond to interleaving semantics in
Petri nets. By contrast, the \emph{weak} form is linked to characteristics
of nonsequential processes, and requires an asynchronous \emph{progress}
assumption on those processes. We give algebraic characterizations for
both types, and give verification methods. The study of weak
diagnosability leads us to the analysis of a relation in occurrence nets,
first presented in~[S.~Haar~(2007): \textit{Unfold and Cover: Qualitative
Diagnosability for Petri Nets.}]: given the occurrence of some event~$$a$$
that \emph{reveals}~$$b$$, the occurrence of~$$b$$ is inevitable. Then
$$b$$ may already have occurred, be concurrent to, or even in the future
of~$$a$$. We show that the \emph{reveals}-relation can be effectively
computed recursively---for each pair, a suitable finite prefix of bounded
depth is sufficient---and show its use in asynchronous diagnosis. Based on
this relation, a~decomposition of the Petri net unfolding into
\emph{facets} is defined, yielding an abstraction technique that preserves
and reflects maximal partially ordered runs.}
}

@inproceedings{BH-csr10,
month = jun,
year = 2010,
volume = 6072,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Mayr, Ernst W.},
acronym = {{CSR}'10},
booktitle = {{P}roceedings of the 5th {I}nternational {C}omputer {S}cience
{S}ymposium in {R}ussia ({CSR}'10)},
author = {Bollig, Benedikt and H{\'e}lou{\"e}t, Lo{\"\i}c},
title = {Realizability of Dynamic {MSC} Languages},
pages = {48-59},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-csr10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-csr10.pdf},
doi = {10.1007/978-3-642-13182-0_5},
abstract = {We introduce dynamic communicating automata~(DCA), an~extension
of communicating finite-state machines that allows for dynamic creation of
processes. Their behavior can be described as sets of message sequence
charts~(MSCs). We~consider the realizability problem for DCA: given a
dynamic MSC grammar (a~high-level MSC specification), is there a DCA
defining the same set of MSCs? We~show that this problem is decidable in
doubly exponential time, and identify a class of realizable grammars that
can be implemented by \emph{finite} DCA.}
}

@incollection{DBBetal-CES09,
author = {David, Alexandre and Behrmann, Gerd and Bulychev, Peter and
Byg, Joakin and Chatain, {\relax Th}omas and Larsen, Kim G.
and
Pettersson, Paul and Rasmussen, Jacob Illum and
Srba, Ji{\v{r}}{\'\i} and
Yi, Wang and Joergensen, Kenneth Y. and Lime, Didier and
Magnin, Morgan and Roux, Olivier H. and Traonouez, Louis-Marie},
title = {Tools for Model-Checking Timed Systems},
booktitle = {Communicating Embedded Systems~-- Software and Design},
editor = {Jard, Claude and Roux, Olivier H.},
publisher = {Wiley-ISTE},
year = 2009,
month = oct,
pages = {165-225},
chapter = 6,
url = {http://www.iste.co.uk/index.php?f=x&ACTION=View&id=288},
nops = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/.ps},
nopsgz = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PSGZ/.ps.gz},
isbn = {9781848211438}
}

@article{BCHK-icomp10,
publisher = {Elsevier Science Publishers},
journal = {Information and Computation},
author = {Baldan, Paolo and Chatain, {\relax Th}omas and Haar, Stefan and
K{\"o}nig, Barbara},
title = {Unfolding-based Diagnosis of Systems with an Evolving Topology},
volume = 208,
number = 10,
pages = {1169-1192},
year = 2010,
month = oct,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHK-icomp10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHK-icomp10.pdf},
doi = {10.1016/j.ic.2009.11.009},
abstract = {We propose a framework for model-based diagnosis of systems with
mobility and variable topologies, modelled as graph transformation
systems. Generally speaking, model-based diagnosis is aimed at
constructing explanations of observed faulty behaviours on the basis of a
given model of the system. Since the number of possible explanations may
be huge, we exploit the unfolding as a compact data structure to store
them, along the lines of previous work dealing with Petri net models.
Given a model of a system and an observation, the explanations can be
constructed by unfolding the model constrained by the observation, and
then removing incomplete explanations in a pruning phase. The theory is
formalised in a general categorical setting: constraining the system by
the observation corresponds to taking a product in the chosen category of
graph grammars, so that the correctness of the procedure can be proved by
using the fact that the unfolding is a right adjoint and thus it preserves
products. The theory should hence be easily applicable to a wide class of
system models, including graph grammars and Petri nets.}
}

@inproceedings{haar-cdcccc09,
month = dec,
year = 2009,
publisher = {{IEEE} Control System Society},
acronym = {{CDC/CCC}'09},
booktitle = {{P}roceedings of the Joint 48th {IEEE} {C}onference on {D}ecision
and {C}ontrol ({CDC}'09) and 28th {C}hinese {C}ontrol {C}onference ({CCC}'09)},
author = {Haar, Stefan},
title = {Qualitative Diagnosability of Labeled {P}etri Nets Revisited},
pages = {1248-1253},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-cdc09.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-cdc09.pdf},
doi = {10.1109/CDC.2009.5400917},
abstract = {In recent years, classical discrete event fault diagnosis
techniques have been extended to Petri Net system models under partial
order semantics. In~a recent paper, we showed how to take further
advantage of the partial order representation of concurrent processes, by
decomposing the unfolding into 'facets', formed by subnets whose events
either all occur eventually, or none of them occurs. A~notion of
\emph{q(ualitative)}-diagnosability was proposed based on this
decomposition. The present paper corrects the definition of
q-diagnosability and develops its properties. Sufficient and necessary
criteria, on the transition labeling, for q-diagnosability are shown; for
their verification, and diagnosis itself, compact data structures are
sufficient.}
}

@mastersthesis{monmege-master,
author = {Monmege, Benjamin},
title = {Propri{\'e}t{\'e}s quantitatives des mots et des arbres~--
Applications aux langages~{XML}},
school = {{M}aster {P}arisien de {R}echerche en
{I}nformatique, Paris, France},
type = {Rapport de {M}aster},
year = {2010},
month = sep,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-m2.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-m2.pdf}
}

@inproceedings{BHP-tacas12,
month = mar,
year = 2012,
volume = {7214},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Flanagan, Cormac and K{\"o}nig, Barbara},
acronym = {{TACAS}'12},
booktitle = {{P}roceedings of the 18th {I}nternational
{C}onference on {T}ools and {A}lgorithms for
{C}onstruction and {A}nalysis of {S}ystems
({TACAS}'12)},
title = {Coupling and Importance Sampling for Statistical Model Checking},
pages = {331-346},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-tacas12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-tacas12.pdf},
doi = {10.1007/978-3-642-28756-5_23},
abstract = {Statistical model-checking is an alternative verification
technique applied on stochastic systems whose size is beyond numerical
analysis ability. Given a model (most often a Markov chain) and a formula,
it provides a confidence interval for the probability that the model
satisfies the formula. One of the main limitations of the statistical
approach is the computation time explosion triggered by the evaluation of
very small probabilities. In order to solve this problem we develop a new
approach based on importance sampling and coupling. The corresponding
algorithms have been implemented in our tool cosmos. We present
experimentation on several relevant systems, with estimated time
reductions reaching a factor of~$$10^{120}$$.}
}

@inproceedings{BCGK-fossacs12,
month = mar,
year = 2012,
volume = 7213,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Birkedal, Lars},
acronym = {{FoSSaCS}'12},
booktitle = {{P}roceedings of the 15th {I}nternational
{C}onference on {F}oundations of {S}oftware {S}cience
and {C}omputation {S}tructures
({FoSSaCS}'12)},
author = {Bollig, Benedikt and Cyriac, Aiswarya and Gastin, Paul and
Narayan Kumar, K.},
title = {Model Checking Languages of Data Words},
pages = {391-405},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGK-fossacs12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGK-fossacs12.pdf},
doi = {10.1007/978-3-642-28729-9_26},
abstract = {We consider the model-checking problem for data multi-pushdown
automata (DMPA). DMPA generate data words, i.e, strings enriched with
values from an infinite domain. The latter can be used to represent an
unbounded number of process identifiers so that DMPA are suitable to model
concurrent programs with dynamic process creation. To specify properties
of data words, we use monadic second-order (MSO) logic, which comes with a
predicate to test two word positions for data equality. While
satisfiability for MSO logic is undecidable (even for weaker fragments
such as first-order logic), our main result states that one can decide if
all words generated by a DMPA satisfy a given formula from the full MSO
logic.}
}

@article{haar-deds11,
publisher = {Springer},
journal = {Discrete Event Dynamic Systems: Theory and Applications},
author = {Haar, Stefan},
title = {What topology tells us about diagnosability in partial order semantics},
pages = {383-402},
volume = 22,
number = 4,
year = {2012},
month = dec,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-deds11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-deds11.pdf},
doi = {10.1007/s10626-011-0121-z},
abstract = {From a partial observation of the behaviour of a labeled
Discrete Event System, \emph{fault diagnosis} strives to determine whether
or not a given {"}invisible{"} fault event has occurred. The
\emph{diagnosability problem} can be stated as follows: does the labeling
allow for an outside observer to determine the occurrence of the fault, no
later than a bounded number of events after that unobservable occurrence?
When this problem is investigated in the context of concurrent systems,
partial order semantics adds to the difficulty of the problem, but also
provides a richer and more complex picture of observation and diagnosis.
In particular, it is crucial to clarify the intuitive notion of
{"}\emph{time after fault occurrence}{"}. To this end, we will use a
unifying metric framework for event structures, providing a general
topological description of diagnosability in both sequential and
nonsequential semantics for Petri nets.}
}

@inproceedings{SR-dcfs11,
month = jul,
year = 2011,
volume = {6808},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Holzer, Markus and Kutrib, Martin and Pighizzini, Giovanni},
acronym = {{DCFS}'11},
booktitle = {{P}roceedings of the 13th {I}nternational {W}orkshop on
{D}escriptional {C}omplexity of {F}ormal {S}ystems ({DCFS}'11)},
author = {Schwoon, Stefan and Rodr{\'\i}guez, C{\'e}sar},
title = {Construction and {SAT}-based verification
of Contextual Unfoldings},
pages = {34-42},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/SR-dcfs11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SR-dcfs11.pdf},
doi = {10.1007/978-3-642-22600-7_3},
nonote = {Invited paper},
abstract = {Unfoldings succinctly represent the set of reachable markings of
a Petri net. Here, we shall consider the case of contextual nets, which
extend Petri nets with read arcs, and which are more suitable to represent
the case of concurrent read access. We discuss the problem of
(efficiently) constructing unfoldings of such nets. On the basis of these
unfoldings, various verification problems can be encoded as satisfiability
problems in propositional logic.}
}

@inproceedings{HKS-gandalf11,
month = jun,
year = 2011,
volume = 54,
series = {Electronic Proceedings in Theoretical Computer Science},
editor = {D'Agostino, Giovanna and La{~}Torre, Salvatore},
acronym = {{GandALF}'11},
booktitle = {{P}roceedings of the 2nd {I}nternational {S}ymposium
on {G}ames, {A}utomata, {L}ogics, and {F}ormal {V}erification
({GandALF}'11)},
author = {Haar, Stefan and Kern, Christian and Schwoon, Stefan},
title = {Computing the Reveals Relation in Occurrence Nets},
pages = {31-44},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-gandalf11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-gandalf11.pdf},
doi = {10.4204/EPTCS.54.3},
abstract = {Petri net unfoldings are a useful tool to tackle state-space
explosion in verification and related tasks. Moreover, their structure
allows to access directly the relations of causal precedence, concurrency,
and conflict between events. Here, we explore the data structure further,
to determine the following relation: event~$$a$$ is said to reveal
event~$$b$$ iff the occurrence of~$$a$$ implies that~$$b$$ inevitably
occurs, too, be it before, after, or concurrently with~$$a$$. Knowledge of
reveals facilitates in particular the analysis of partially observable
systems, in the context of diagnosis, testing, or verification; it can
also be used to generate more concise representations of behaviours via
abstractions. The reveals relation was previously introduced in the
context of fault diagnosis, where it was shown that the reveals relation
was decidable: for a given pair~$$a,b$$ in the unfolding~$$U$$ of a safe
Petri net~$$N$$, a finite prefix~$$P$$ of~$$U$$ is sufficient to decide
whether or not $$a$$ reveals~$$b$$. In this paper, we first considerably
improve the bound on~$$|P|$$. We then show that there exists an efficient
algorithm for computing the relation on a given prefix. We have
implemented the algorithm and report on experiments.}
}

@inproceedings{bbcks-icgt10,
month = sep # {-} # oct,
year = 2010,
volume = 6372,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Ehrig, Hartmut and Rensink, Arend
and Rozenberg, Grzegorz and Sch{\"u}rr, Andy},
acronym = {{ICGT}'10},
booktitle = {{P}roceedings of the 5th {I}nternational {C}onference on {G}raph
{T}ransformations ({ICGT}'10)},
author = {Baldan, Paolo and Bruni, Alessandro and Corradini, Andrea
and K{\"o}nig, Barbara and Schwoon, Stefan},
title = {On the Computation of {M}c{M}illan's Prefix for Contextual Nets
and Graph Grammars},
pages = {91-106},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/bbcks-icgt10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/bbcks-icgt10.pdf},
doi = {10.1007/978-3-642-15928-2_7},
abstract = {In recent years, a research thread focused on the use of the
unfolding semantics for verification purposes. This started with a paper
by McMillan, which devises an algorithm for constructing a finite complete
prefix of the unfolding of a safe Petri net, providing a compact
representation of the reachability graph. The extension to contextual nets
and graph transformation systems is far from being trivial because events
can have multiple causal histories. Recently, we proposed an abstract
algorithm that generalizes McMillan's construction to bounded contextual
nets without resorting to an encoding into plain P\slash T nets. Here, we
provide a more explicit construction that renders the algorithm effective.
To allow for an inductive definition of concurrency, missing in the
original proposal and essential for an efficient unfolding procedure, the
key intuition is to associate histories not only with events, but also
with places. Additionally, we outline how the proposed algorithm can be
extended to graph transformation systems, for which previous algorithms
based on the encoding of read arcs would not be applicable.}
}

@incollection{haddad-DS11b,
title = {Introduction to Verification},
booktitle = {Models and Analysis in Distributed Systems},
Petrucci, Laure},
publisher = {John Wiley \& Sons, Ltd.},
chapter = 6,
pages = {137-154},
year = 2011
}

@book{HKPP-DS11a,
Petrucci, Laure},
title = {Distributed Systems Design and Algorithms},
publisher = {John Wiley \& Sons, Ltd.},
year = {2011},
url = {http://www.iste.co.uk/index.php?f=a&ACTION=View&id=415}
}

@book{HKPP-DS11b,
Petrucci, Laure},
title = {Models and Analysis in Distributed Systems},
publisher = {John Wiley \& Sons, Ltd.},
year = {2011},
url = {http://www.iste.co.uk/index.php?f=a&ACTION=View&id=416}
}

@inproceedings{BHP-msr11,
month = nov,
year = 2011,
number = {1-3},
volume = {45},
series = {Journal Europ{\'e}en des Syst{\e}mes Automatis{\'e}s},
publisher = {Herm{\e}s},
editor = {Craye, {\'E}tienne and Gamati{\'e}, Abdoulaye},
acronym = {{MSR}'11},
booktitle = {{A}ctes du 8{\e}me {C}olloque sur la
{M}od{\'e}lisation des {S}yst{\e}mes
{R}{\'e}actifs
({MSR}'11)},
title = {{\'E}chantillonnage pr{\'e}f{\'e}rentiel pour le model checking statistique},
pages = {237-252},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BMS-msr11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BMS-msr11.pdf},
doi = {10.3166/jesa.45.237-252},
abstract = {The statistical model checking can be usefully substituted for
numerical model checking when the models to be studied are huge. However
the statistical approach cannot evaluate too small probabilities. In order
to solve the problem, we develop here a new approach based on importance
sampling. While most of the techniques related to importance sampling are
based on heuristics, we establish theoretical results under some
hypotheses. These results ensure a reduction of the variance during
application of importance sampling. We also characterize situations that
fulfill the hypotheses and we extend our approach for handling other
situations but then without theoretical guarantee. We have implemented
this approach with the tool \textsc{Cosmos} after some extensions. At~last
we have evaluated this approach for two examples and analysed the
experimentations.}
}

@inproceedings{BCGZ-mfcs11,
month = aug,
year = 2011,
volume = 6907,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Murlak, Filip and Sankowski, Piotr},
acronym = {{MFCS}'11},
booktitle = {{P}roceedings of the 36th
{I}nternational {S}ymposium on
{M}athematical {F}oundations of
{C}omputer {S}cience
({MFCS}'11)},
author = {Bollig, Benedikt and Cyriac, Aiswarya and Gastin, Paul and Zeitoun, Marc},
title = {Temporal Logics for Concurrent Recursive Programs: Satisfiability
and Model Checking},
pages = {132-144},
url = {http://hal.archives-ouvertes.fr/hal-00591139/en/},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGZ-mfcs11.pdf},
doi = {10.1007/978-3-642-22993-0_15},
abstract = {We develop a general framework for the design of temporal logics
for concurrent recursive programs. A program execution is modeled as a
partial order with multiple nesting relations. To specify properties of
executions, we consider any temporal logic whose modalities are definable
expressions. This captures, in a unifying framework, a wide range of
logics defined for trees, nested words, and Mazurkiewicz traces that have
been studied separately. We show that satisfiability and model checking
are decidable in EXPTIME and 2EXPTIME, depending on the precise path
modalities.}
}

@inproceedings{BDDHP-case11,
month = aug,
year = 2011,
publisher = {{IEEE} Robotics \& Automation Society},
noeditor = {},
acronym = {{CASE}'11},
booktitle = {{P}roceedings of the 7th {IEEE} {C}onference on {A}utomation
{S}cience and {E}ngineering ({CASE}'11)},
author = {Ballarini, Paolo and Djafri, Hilal and Duflot, Marie and
title = {{P}etri Nets Compositional Modeling and Verification
of Flexible Manufacturing Systems},
pages = {588-593},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-case11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-case11.pdf},
doi = {10.1109/CASE.2011.6042488},
abstract = {Flexible Manufacturing Systems (FMS) are amongst the
most studied types of systems, however due to their
increasing complexity, there is still room for
improvement in their modeling and analysis. In this
paper we consider the design and the analysis of
stochastic models of FMS in two complementary
respects.  First we describe a (stochastic) Petri
Nets based compositional framework which enables to
model an FMS by combination of an arbitrary number
of basic components. Second we demonstrate how
classical transient-analysis of manufacturing
systems, including reliability and performability
analysis, can be enriched by application of a novel,
sophisticated stochastic logic, namely the Hybrid
Automata Stochastic Logic (HASL). We demonstrate the
proposed methodology on an FMS example.}
}

@inproceedings{BDDHP-qest11,
month = sep,
year = 2011,
publisher = {{IEEE} Computer Society Press},
acronym = {{QEST}'11},
booktitle = {{P}roceedings of the 8th {I}nternational
{C}onference on {Q}uantitative
{E}valuation of {S}ystems
({QEST}'11)},
author = {Ballarini, Paolo and Djafri, Hilal and Duflot, Marie and
title = {{COSMOS}: a~Statistical Model Checker for the
Hybrid Automata Stochastic Logic},
pages = {143-144},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-qest11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-qest11.pdf},
doi = {10.1109/QEST.2011.24},
abstract = {This tool paper introduces COSMOS, a statistical model
checker for the Hybrid Automata Stochastic Logic
(HASL). HASL employs Linear Hybrid Automata (LHA), a
generalization of Deterministic Timed Automata
(DTA), to describe accepting execution paths of a
Discrete Event Stochastic Process (DESP), a class of
stochastic models which includes, but is not limited
to, Markov chains. As a result HASL verification
turns out to be a unifying framework where
sophisticated temporal reasoning is naturally
blended with elaborate reward-based analysis. COSMOS
takes as input a DESP (described in terms of a
Generalized Stochastic Petri Net), an LHA and an
expression~$$Z$$ representing the quantity to be
estimated. It returns a confidence interval
estimation of~$$Z$$. COSMOS is written in C++ and is
freely available to the research community.}
}

@article{BFH-ijpe11,
publisher = {RAMS Consultants},
journal = {International Journal of Performability Engineering},
title = {{MDWN}solver: A~Framework to Design and Solve {M}arkov Decision {P}etri Nets},
year = {2011},
month = sep,
volume = 7,
number = 5,
pages = {417-428},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFH-ijpe11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFH-ijpe11.pdf},
abstract = {MDWNsolver is a framework for system modeling and optimization
of performability measures based on Markov Decision Petri Net (MDPN) and
Markov Decision Well-formed Net (MDWN) formalisms, two Petri Net
extensions for high level specification of Markov Decision Processes
(MDP). It is integrated in the GreatSPN suite which provides a GUI to
design MDPN/MDWN models. From the analysis point of view, MDWNsolver uses
efficient algorithms that take advantage of system symmetries, thus
reducing the analysis complexity. In this paper the MDWNsolver framework
features and architecture are presented, and some application examples are
discussed.}
}

@inproceedings{Bol-concur11,
month = sep,
year = 2011,
volume = 6901,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Katoen, Joost-Pieter and K{\"o}nig, Barbara},
acronym = {{CONCUR}'11},
booktitle = {{P}roceedings of the 22nd
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'11)},
author = {Bollig, Benedikt},
title = {An automaton over data words that captures {EMSO} logic},
pages = {171-186},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/B-concur11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/B-concur11.pdf},
doi = {10.1007/978-3-642-23217-6_12},
abstract = {We develop a general framework for the specification and
implementation of systems whose executions are words, or partial orders,
over an infinite alphabet. As a model of an implementation, we introduce
class register automata, a one-way automata model over words with multiple
data values. Our model combines register automata and class memory
automata. It has natural interpretations. In particular, it captures
communicating automata with an unbounded number of processes, whose
semantics can be described as a set of (dynamic) message sequence charts.
On the specification side, we provide a local existential monadic
second-order logic that does not impose any restriction on the number of
variables. We study the realizability problem and show that every formula
from that logic can be effectively, and in elementary time, translated
into an equivalent class register automaton.}
}

@inproceedings{RSB-concur11,
month = sep,
year = 2011,
volume = 6901,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Katoen, Joost-Pieter and K{\"o}nig, Barbara},
acronym = {{CONCUR}'11},
booktitle = {{P}roceedings of the 22nd
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'11)},
author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan and Baldan, Paolo},
title = {Efficient contextual unfolding},
pages = {342-357},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/RSB-concur11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RSB-concur11.pdf},
doi = {10.1007/978-3-642-23217-6_23},
abstract = {A~contextual net is a Petri net extended with read arcs, which
allow transitions to check for tokens without consuming them. Contextual
nets allow for better modelling of concurrent read access than Petri nets,
and their unfoldings can be exponentially more compact than those of a
corresponding Petri net. A~constructive but abstract procedure for
generating those unfoldings was proposed in earlier work; however, no
concrete implementation existed. Here, we~close this gap providing two
concrete methods for computing contextual unfoldings, with a view to
efficiency. We report on experiments carried out on a number of
benchmarks. These show that not only are contextual unfoldings more
compact than Petri net unfoldings, but they can be computed with the same
or better efficiency, in~particular with respect to the place-replication
encoding of contextual nets into Petri nets.}
}

@techreport{rr-lsv-11-08,
author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and
Zeitoun, Marc},
title = {Weighted Expressions and {DFS} Tree Automata},
institution = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
year = {2011},
month = apr,
type = {Research Report},
number = {LSV-11-08},
url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2011-08.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2011-08.pdf},
note = {32~pages},
abstract = {We introduce weighted expressions, a~calculus to express
quantitative properties over unranked trees. They involve products and
sums from a semiring as well as classical boolean formulas. We~show that
weighted expressions are expressively equivalent to a new class of
weighted tree-walking automata. This new automata model is equipped with
pebbles, and follows a depth-first-search policy in the tree.}
}

@inproceedings{BCH-acsd11,
address = {Newcastle upon Tyne, UK},
month = jun,
year = 2011,
publisher = {{IEEE} Computer Society Press},
editor = {Caillaud, Beno{\^\i}t and Carmona, Josep},
acronym = {{ACSD}'11},
booktitle = {{P}roceedings of the 11th {I}nternational
{C}onference on {A}pplication of {C}oncurrency
to {S}ystem {D}esign
({ACSD}'11)},
author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan},
title = {Building Tight Occurrence Nets from Reveals Relations},
pages = {44-53},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-acsd11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-acsd11.pdf},
doi = {10.1109/ACSD.2011.16},
abstract = {Occurrence nets are a well known partial order model for the
concurrent behavior of Petri nets. The causality and conflict relations
between events, which are explicitly represented in occurrence nets,
induce logical dependencies between event occurrences: the occurrence of
an event~$$e$$ in a run implies that all its causal predecessors also
occur, and that no event in conflict with $$e$$ occurs. But these
structural relations do not express all the logical dependencies between
event occurrences in maximal runs: in particular, the occurrence of~$$e$$
in any maximal run may imply the occurrence of another event that is not a
causal predecessor of~$$e$$, in that run. The \emph{reveals} relation has
been introduced in~[Haar, IEEE TAC 55(10):2310-2320, 2010] to express this
dependency between two events. Here we generalize the reveals relation to
express more general dependencies, involving more than two events, and we
introduce ERL logic to express them as boolean formulas. Finally we answer
the synthesis problem that arises: given an ERL formula~$$\varphi$$, is
there an occurrence net~$$\mathcal{N}$$ such that $$\varphi$$ describes
exactly the dependencies between the events of~$$\mathcal{N}$$?}
}

@inproceedings{HMN-atpn11,
address = {Newcastle upon Tyne, UK},
month = jun,
year = 2011,
volume = {6709},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Kristensen, Lars M. and Petrucci, Laure},
acronym = {{PETRI~NETS}'11},
booktitle = {{P}roceedings of the 32nd
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'11)},
title = {Synthesis and Analysis of Product-form {P}etri Nets},
pages = {288-307},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-atpn11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-atpn11.pdf},
doi = {10.1007/978-3-642-21834-7_16},
abstract = {For a large Markovian model, a {"}product form{"} is an explicit
description of the steady-state behaviour which is otherwise generally
untractable. Being first introduced in queueing networks, it has been
adapted to Markovian Petri nets. Here we address three relevant issues for
product-form Petri nets which were left fully or partially open:
(1)~we~provide a sound and complete set of rules for the synthesis;
(2)~we~characterise the exact complexity of classical problems like
reachability; (3)~we~introduce a new subclass for which the normalising
constant (a crucial value for product-form expression) can be efficiently
computed.}
}

@article{LBDLNP-fmsd2010,
publisher = {Springer},
journal = {Formal Methods in System Design},
author = {Li, Shuhao and Balaguer, Sandie and David, Alexandre and Larsen,
Kim G. and Nielsen, Brian and Pusinskas, Saulius},
title = {Scenario-based verification of real-time systems using {\textsc{Uppaal}}},
year = {2010},
month = nov,
volume = {37},
number = {2-3},
pages = {200-264},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/LBDLNP-fmsd2010.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LBDLNP-fmsd2010.pdf},
doi = {10.1007/s10703-010-0103-z},
verification of dense real-time systems against scenario-based
requirements, where a system is modeled as a network of timed automata
(TAs) or as a set of driving live sequence charts (LSCs), and a
requirement is specified as a separate monitored LSC chart. We make timed
extensions to a kernel subset of the LSC language and define a trace-based
semantics. By translating a monitored LSC chart to a behavior-equivalent
observer TA and then non-intrusively composing this observer with the
original TA-modeled real-time system, the problems of scenario-based
verification reduce to computation tree logic (CTL) real-time model
checking problems. When the real-time system is modeled as a set of
driving LSC charts, we translate these driving charts and the monitored
chart into a behavior-equivalent network of TAs by using a
{"}one-TA-per-instance line{"} approach, and then reduce the problems of
scenario-based verification also to CTL real-time model checking problems.
We show how we exploit the expressivity of the TA formalism and the CTL
query language of the real-time model checker Uppaal to accomplish these
tasks. The proposed two approaches are implemented in the Uppaal tool and
built as a tool chain, respectively. We carry out a number of experiments
with both verification approaches, and the results indicate that these
methods are viable, computationally feasible, and the tools are effective.}
}

@inproceedings{BDDHP-valuetools11,
month = may,
year = 2011,
acronym = {{VALUETOOLS}'11},
booktitle = {{P}roceedings of the 5th {I}nternational {C}onference
on {P}erformance {E}valuation {M}ethodologies and {T}ools
({VALUETOOLS}'11)},
author = {Ballarini, Paolo and Djafri, Hilal and Duflot, Marie and
title = {{HASL}: An~Expressive Language for Statistical Verification
of Stochastic Models},
pages = {306-315},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-valuetools11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-valuetools11.pdf},
abstract = {We introduce the Hybrid Automata Stochastic Logic (HASL), a new
temporal logic formalism for the verification of discrete event stochastic
processes (DESP). HASL employs Linear Hybrid Automata (LHA) as machineries
to select prefixes of relevant execution paths of a DESP~$$\mathcal{D}$$.
The advantage with LHA is that rather elaborate information can be
collected \emph{on-the-fly} during path selection, providing the user with
a powerful means to express sophisticated measures. A formula of HASL
consists of an LHA~$$\mathcal{A}$$ and an expression~$$Z$$ referring to
moments of \emph{path random variables}. A~simulation-based statistical
engine is employed to obtained a confidence-interval estimate of the
expected value of~$$Z$$. In essence HASL provide a unifying verification
framework where sophisticated temporal reasoning is naturally blended with
elabo- rate reward-based analysis. We illustrate the HASL approach by
means of some examples and a discussion about its expressivity. We also
provide empirical evidence obtained through COSMOS, a prototype software
tool for HASL verification.}
}

@inproceedings{BFHR-fossacs11,
month = mar # {-} # apr,
year = 2011,
volume = {6604},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Hofmann, Martin},
acronym = {{FoSSaCS}'11},
booktitle = {{P}roceedings of the 14th {I}nternational
{C}onference on {F}oundations of {S}oftware {S}cience
and {C}omputation {S}tructures
({FoSSaCS}'11)},
Rosa{-}Velardo, Fernando},
title = {Ordinal Theory for Expressiveness of Well Structured Transition Systems},
pages = {153-167},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-fossacs11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-fossacs11.pdf},
doi = {10.1007/978-3-642-19805-2_11}
}

@incollection{DG-iis09,
author = {Demri, St{\'e}phane and Gastin, Paul},
title = {Specification and Verification using Temporal Logics},
booktitle = {Modern applications of automata theory},
editor = {D'Souza, Deepak and Shankar, Priti},
series = {IISc Research Monographs},
volume = 2,
publisher = {World Scientific},
chapter = 15,
pages = {457-494},
year = 2012,
month = jul,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/DG-iis09.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/DG-iis09.pdf},
abstract = {This chapter illustrates two aspects of automata theory related
to linear-time temporal logic LTL used for the verification of computer
systems. First, we present a translation from LTL formulae to B{\"u}chi
automata. The aim is to design an elementary translation which is
reasonably efficient and produces small automata so that it can be easily
taught and used by hand on real examples. Our translation is in the spirit
of the classical tableau constructions but is optimized in several ways.
Secondly, we recall how temporal operators can be defined from regular
languages and we explain why adding even a single operator definable by a
context-free language can lead to undecidability.}
}

@mastersthesis{cyriac-master,
author = {Cyriac, Aiswarya},
title = {Temporal Logics for Concurrent Recursive Programs},
school = {{M}aster {P}arisien de {R}echerche en
{I}nformatique, Paris, France},
type = {Rapport de {M}aster},
year = {2010},
month = sep,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-m2.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-m2.pdf}
}

@inproceedings{AC-clodem10,
month = jul,
year = 2010,
acronym = {{CL}o{D}e{M}'10},
booktitle = {{P}roceedings of the {W}orkshop on {C}omparing {L}ogical {D}ecision
{M}ethods ({CL}o{D}e{M}'10)},
author = {Cyriac, Aiswarya},
title = {A~New Version of Focus Games for {LTL} Satisfiability},
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-clodem10.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-clodem10.pdf}
}

@phdthesis{balaguer-phd2012,
author = {Balaguer, Sandie},
title = {La concurrence dans les syst{\e}mes distribu{\'e}s temps-r{\'e}el},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2012,
month = dec,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/balaguer-these12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/balaguer-these12.pdf}
}

@article{BFHR-icomp13,
publisher = {Elsevier Science Publishers},
journal = {Information and Computation},
Rosa{-}Velardo, Fernando},
title = {Ordinal Theory for Expressiveness of Well-Structured
Transition Systems},
year = 2013,
month = mar,
volume = 224,
pages = {1-22},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-icomp12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-icomp12.pdf},
doi = {10.1016/j.ic.2012.11.003},
abstract = {We characterize the importance of resources (like counters,
channels, or alphabets) when measuring the expressiveness of
Well-Structured Transition Systems~(WSTS). We establish, for usual classes
of well partial orders, the equivalence between the existence of order
reflections (non-monotonic order embeddings) and the simulations with
respect to coverability languages. We show that the non-existence of order
reflections can be proved by the computation of order types. This allows
us to extend the current classification of WSTS, in particular solving
some open problems, and to unify the existing proofs.}
}

@article{BCHLR-tcs13,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
and Lime, Didier and Roux, Olivier~H.},
title = {The Expressive Power of Time {P}etri Nets},
year = 2013,
month = feb,
volume = 474,
ftturenumber = {},
pages = {1-20},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHLR-tcs12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHLR-tcs12.pdf},
doi = {10.1016/j.tcs.2012.12.005},
abstract = {We investigate expressiveness questions for time Petri nets
(TPNs) and some their most usefull extensions. We first introduce
generalised time Petri nets (GTPNs) as an abstract model that encompasses
variants of TPNs such as self modifications and read, reset and inhibitor
arcs.\par
We give a syntactical translation from bounded GTPNs to timed automata
(TA) that generates isomorphic transition systems. We prove that the class
of bounded GTPNs is stricly less expressive than TA w.r.t. weak timed
bisimilarity. We prove that bounded GTPNs, bounded TPNs and TA are equally
expressive w.r.t. timed language acceptance. Finally, we characterise a
syntactical subclass of TA that is equally expressive to bounded GTPNs
{"}\a~la Merlin{"} w.r.t. weak timed bisimilarity. These results provide
a unified comparison of the expressiveness of many variants of timed
models often used in practice. It leads to new important results for TPNs.
Among them are: 1-safe TPNs and bounded-TPNs are equally expressive;
$$\epsilon$$-transitions strictly increase the expressive power of TPNs;
self modifying nets as well as read, inhibitor and reset arcs do not add
expressiveness to bounded TPNs.}
}

@article{ABG-fmsd12,
publisher = {Springer},
journal = {Formal Methods in System Design},
author = {Akshay, S. and Bollig, Benedikt and Gastin, Paul},
title = {Event-clock Message Passing Automata: A~Logical
Characterization and an Emptiness-Checking Algorithm},
year = 2013,
month = jun,
volume = 42,
number = {3},
pages = {262-300},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-fmsd12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-fmsd12.pdf},
doi = {10.1007/s10703-012-0179-8},
abstract = {We are interested in modeling behaviors and verifying
properties of systems in which time and concurrency play a crucial
role. We introduce a model of distributed automata which are
equipped with event clocks as in [Alur, Fix,
Henzinger. Event-clock automata: A~determinizable class of timed
automata. TCS 211(1-2):253-273, 1999.], which we call Event Clock
Message Passing Automata (ECMPA). To describe the behaviors of
such systems we use timed partial orders (modeled as message
sequence charts with timing).\par
Our first goal is to extend the classical
B{\"u}chi-Elgot-Trakhtenbrot equivalence to the timed and
distributed setting, by showing an equivalence between ECMPA and a
timed extension of monadic second-order (MSO) logic. We obtain
such a constructive equivalence in two different ways:
(1)~by~restricting the semantics by bounding the set of timed
partial orders (2)~by~restricting the timed MSO logic to its
existential fragment. We next consider the emptiness problem for
ECMPA, which asks if a given ECMPA has some valid timed
execution. In general this problem is undecidable and we show that
by considering only bounded timed executions, we can obtain
decidability. We do this by constructing a timed automaton which
accepts all bounded timed executions of the ECMPA and checking
emptiness of this timed automaton.}
}

@article{BCH-fi12,
publisher = {{IOS} Press},
journal = {Fundamenta Informaticae},
author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan},
title = {Building Occurrence Nets from Reveals Relations},
year = 2013,
month = may,
volume = 123,
number = 3,
pages = {245-272},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fi12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fi12.pdf},
doi = {10.3233/FI-2013-809},
abstract = {Occurrence nets are a well known partial order model for the
concurrent behavior of Petri nets. The causality and conflict relations
between events, which are explicitly represented in occurrence nets,
induce logical dependencies between event occurrences: the occurrence of
an event~$$e$$ in a run implies that all its causal predecessors also
occur, and that no event in conflict with~$$e$$ occurs. But these
structural relations do not express all the logical dependencies between
event occurrences in maximal runs: in particular, the occurrence of~$$e$$
in any maximal run may imply the occurrence of another event that is not a
causal predecessor of~$$e$$, in that run. The \emph{reveals} relation has
been introduced to express this dependency between two events. Here we
generalize the reveals relation to express more general dependencies,
involving more than two events, and we introduce ERL logic to express them
as boolean formulas. Finally we answer the synthesis problem that arises:
given an ERL formula~$$\varphi$$, is there an occurrence
net~$$\mathcal{N}$$ such that $$\varphi$$~describes exactly the
dependencies between the events of~$$\mathcal{N}$$?}
}

@inproceedings{BHP-simul12,
month = nov,
year = 2012,
publisher = {XPS},
editor = {Dini, Petre and Lorenz, Pascal},
acronym = {{SIMUL}'12},
booktitle = {{P}roceedings of the 4th {I}nternational {C}onference on {A}dvances in
{S}ystem {S}imulation ({SIMUL}'12)},
title = {Importance Sampling for Model Checking of Continuous Time
{M}arkov Chains},
pages = {30-35},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-simul12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-simul12.pdf},
abstract = {Model checking real time properties on probabilistic systems
requires computing transient probabilities on continuous time Markov
chains. Beyond numerical analysis ability, a probabilistic framing can
only be obtained using simulation. This statistical approach fails when
directly applied to the estimation of very small probabilities. Here
combining the uniformization technique and extending our previous results,
we design a method which applies to continuous time Markov chains and
formulas of a timed temporal logic. The corresponding algorithm has been
implemented in our tool \textsc{cosmos}. We present experimentations on a
relevant system, with drastic time reductions with respect to standard
statistical model checking.}
}

@misc{impro-D4.1,
author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan},
title = {Concurrent semantics for timed distributed systems},
howpublished = {Deliverable ImpRo D~4.1 (ANR-2010-BLAN-0317)},
year = 2012,
month = mar,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d41.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d41.pdf}
}

@misc{impro-D2.1,
author = {Akshay, S. and B{\'e}rard, B{\'e}atrice and Bouyer, Patricia
Lime, Didier and Markey, Nicolas and Reynier, Pierre-Alain
and Sankur, Ocan and Thierry-Mieg, Yann},
title = {Overview of Robustness in Timed Systems},
howpublished = {Deliverable ImpRo D~2.1 (ANR-2010-BLAN-0317)},
year = 2012,
month = jan,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d21.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d21.pdf}
}

@proceedings{atpn2012-HP,
title = {{P}roceedings of the 33rd
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({ICATPN}'12)},
booktitle = {{P}roceedings of the 33rd
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({ICATPN}'12)},
acronym = {{ICATPN}'12},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = 7347,
year = 2012,
month = jun,
doi = {10.1007/978-3-642-31131-4},
url = {http://www.springer.com/978-3-642-31131-4}
}

@article{bbckrs-tcs12,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
author = {Baldan, Paolo and Bruni, Alessandro and Corradini, Andrea
and K{\"o}nig, Barbara and Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan},
title = {Efficient unfolding of contextual {P}etri nets},
volume = 449,
number = 1,
year = 2012,
month = aug,
pages = {2-22},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/bbckrs-tcs12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/bbckrs-tcs12.pdf},
doi = {10.1016/j.tcs.2012.04.046},
abstract = {A contextual net is a Petri net extended with read arcs, which
allows transitions to check for tokens without consuming them. Contextual
nets allow for better modelling of concurrent read access than Petri nets,
and their unfoldings can be exponentially more compact than those of a
corresponding Petri net. A constructive but abstract procedure for
generating those unfoldings was proposed in previous work. However, it
remained unclear whether the approach was useful in practice and which data
structures and algorithms would be appropriate to implement it. Here, we
address this question. We provide two concrete methods for computing
contextual unfoldings, with a view to efficiency. We report on experiments
carried out on a number of benchmarks. These show that not only are
contextual unfoldings more compact than Petri net unfoldings, but they can
be computed with the same or better efficiency, in particular with respect
to alternative approaches based on encodings of contextual nets into Petri
nets.}
}

@article{GS-tocl12,
publisher = {ACM Press},
journal = {ACM Transactions on Computational Logic},
author = {Gastin, Paul and Sznajder, Nathalie},
title = {Fair Synthesis for Asynchronous Distributed Systems},
nopages = {},
volume = 14,
number = {2:9},
month = jun,
year = 2013,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-tocl12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-tocl12.pdf},
doi = {10.1145/2480759.2480761},
abstract = {We study the synthesis problem in an asynchronous distributed
setting: a finite set of processes interact locally with an uncontrollable
environment and communicate with each other by sending signals---actions
controlled by a sender process and that are immediately received by the
target process. The fair synthesis problem is to come up with a local
strategy for each process such that the resulting fair behaviors of the
system meet a given specification. We consider external specifications
satisfying some natural closure properties related to the architecture. We
present this new setting for studying the fair synthesis problem for
distributed systems, and give decidability results for the subclass of
networks where communications happen through a strongly connected graph.
We claim that this framework for distributed synthesis is natural,
convenient and avoids most of the usual sources of undecidability for the
synthesis problem. Hence, it may open the way to a decidable theory of
distributed synthesis.}
}

@article{GS-ipl12,
publisher = {Elsevier Science Publishers},
journal = {Information Processing Letters},
author = {Gastin, Paul and Sznajder, Nathalie},
title = {Decidability of well-connectedness for distributed synthesis},
pages = {963-968},
volume = {112},
number = {24},
month = dec,
year = 2012,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-ipl12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-ipl12.pdf},
doi = {10.1016/j.ipl.2012.08.018},
abstract = {Although the synthesis problem is often undecidable for
distributed, synchronous systems, it becomes decidable for the subclass of
uniformly well-connected (UWC) architectures, provided that only robust
specifications are considered. It is then an important issue to be able to
decide whether a given architecture falls in this class. This is the
problem addressed in this paper: we establish the decidability and precise
complexity of checking this property. This problem is in EXPSPACE and
NP-hard in the general case, but falls into PSPACE when restricted to a
natural subclass of architectures.}
}

@incollection{HM-lncis433,
author = {Haar, Stefan and Masopust, Tom{\'a}{\v{s}}},
title = {Languages, Decidability, and Complexity},
booktitle = {Control of Discrete-Event Systems~-- Automata and {P}etri Net Perspectives},
editor = {Seatzu, Carla and Silva, Manuel and van Schuppen, Jan H.},
year = {2013},
pages = {23-43},
publisher = {Springer},
series = {Lecture Notes in Control and Information Sciences},
volume = 433,
doi = {10.1007/978-1-4471-4276-8_2},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HM-lncis433.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HM-lncis433.pdf}
}

@incollection{HS-lncis433,
author = {Haar, Stefan and Fabre, {\'E}ric},
title = {Diagnosis with {P}etri Net Unfoldings},
booktitle = {Control of Discrete-Event Systems~-- Automata and {P}etri Net Perspectives},
editor = {Seatzu, Carla and Silva, Manuel and van Schuppen, Jan H.},
year = {2013},
pages = {301-318},
publisher = {Springer},
series = {Lecture Notes in Control and Information Sciences},
volume = 433,
doi = {10.1007/978-1-4471-4276-8_15},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HS-lncis433.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HS-lncis433.pdf}
}

@inproceedings{BDF-cdc12,
month = dec,
year = 2012,
publisher = {{IEEE} Control System Society},
acronym = {{CDC}'12},
booktitle = {{P}roceedings of the 51st {IEEE} {C}onference on
{D}ecision and {C}ontrol ({CDC}'12)},
author = {Bu{\v{s}}i{\'c}, Ana and Djafri, Hilal and Fourneau,
Jean-Michel},
title = {Bounded state space truncation and censored {M}arkov chains},
pages = {5828-5833},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-cdc12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-cdc12.pdf},
doi = {10.1109/CDC.2012.6426156},
abstract = {Censored Markov chains (CMC) allow to represent the conditional
behavior of a system within a subset of observed states. They provide a
theoretical framework to study the truncation of a discrete-time Markov
chain when the generation of the state-space is too hard or when the
number of states is too large. However, the stochastic matrix of a CMC may
be difficult to obtain. Dayar \emph{et~al.} (2006) have proposed an
algorithm, called DPY, that computes a stochastic bounding matrix for a
CMC with a smaller complexity with only a partial knowledge of the chain.
We prove that this algorithm is optimal for the information they take into
account. We also show how some additional knowledge on the chain can
improve stochastic bounds for~CMC.}
}

@inproceedings{GM-ciaa12,
month = jul,
year = 2012,
volume = {7381},
series = {Lecture Notes in Computer Science},
publisher = {Springer-Verlag},
editor = {Moreira, Nelma and Reis, Rog{\'e}rio},
acronym = {{CIAA}'12},
booktitle = {{P}roceedings of the 17th {I}nternational
{C}onference on {I}mplementation and
{A}pplication of {A}utomata
({CIAA}'12)},
author = {Gastin, Paul and Monmege, Benjamin},
title = {Adding Pebbles to Weighted Automata},
pages = {28-51},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-ciaa12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-ciaa12.pdf},
doi = {10.1007/978-3-642-31606-7_4},
abstract = {We extend weighted automata and weighted rational expressions
with 2-way moves and (reusable) pebbles. We show with examples from
natural language modeling and quantitative model-checking that weighted
expressions and automata with pebbles are more expressive and allow much
more natural and intuitive specifications than classical ones.\par
We extend Kleene-Sch{\"u}tzenberger theorem showing that weighted
expressions and automata with pebbles have the same expressive power. We
focus on an efficient translation from expressions to automata.\par
We also prove that the evaluation problem for weighted automata can be
done very efficiently if the number of (reusable) pebbles is low.}
}

@inproceedings{BGMZ-atva12,
month = oct,
year = {2012},
volume = {7561},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Mukund, Madhavan and Chakraborty, Supratik},
acronym = {{ATVA}'12},
booktitle = {{P}roceedings of the 10th {I}nternational
{S}ymposium on {A}utomated {T}echnology
for {V}erification and {A}nalysis
({ATVA}'12)},
author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and
Zeitoun, Marc},
title = {A Probabilistic {K}leene Theorem},
pages = {400-415},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-atva12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-atva12.pdf},
doi = {10.1007/978-3-642-33386-6_31},
abstract = {We provide a Kleene Theorem for (Rabin) probabilistic automata
over finite words. Probabilistic automata generalize deterministic finite
automata and assign to a word an acceptance probability. We provide
probabilistic expressions with probabilistic choice, guarded choice,
concatenation, and a star operator. We prove that probabilistic
expressions and probabilistic automata are expressively equivalent. Our
result actually extends to two-way probabilistic automata with pebbles and
corresponding expressions.}
}

@phdthesis{djafri-phd2011,
author = {Djafri, Hilal},
title = {Approches num{\'e}riques et statistiques pour le model checking
des processus stochastiques},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2012,
month = jun,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/djafri-these11.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/djafri-these11.pdf}
}

@inproceedings{PHL-tap12,
month = may # {-} # jun,
year = 2012,
volume = 7305,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Brucker, Achim D. and Julliand, Jacques},
acronym = {{TAP}'12},
booktitle = {{P}roceedings of the 6th {I}nternational {C}onference
on {T}ests and {P}roofs ({TAP}'12)},
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and Longuet, Delphine},
title = {Conformance Relations for Labeled Event Structures},
pages = {83-98},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-tap12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-tap12.pdf},
doi = {10.1007/978-3-642-30473-6_8},
abstract = {We propose a theoretical framework for testing concurrent
systems from true concurrency models like Petri nets or networks of
automata. The underlying model of computation of such formalisms are
labeled event structures, which allow to represent concurrency explicitly.
The activity of testing relies on the definition of a conformance relation
that depends on the observable behaviors on the system under test, which
is given for sequential systems by ioco type relations. However, these
relations are not capable of capturing and exploiting concurrency of non
sequential behavior. We~study different conformance relations for labeled
event structures, relying on different notions of observation, and
investigate their properties and connections.}
}

@inproceedings{HSS-lics2012,
month = jun,
year = 2012,
publisher = {{IEEE} Computer Society Press},
acronym = {{LICS}'12},
booktitle = {{P}roceedings of the 27th
{A}nnual {IEEE} {S}ymposium on
{L}ogic in {C}omputer {S}cience
({LICS}'12)},
title = {The Ordinal-Recursive Complexity of Timed-Arc {P}etri
Nets, Data Nets, and Other Enriched Nets},
pages = {355-364},
url = {http://hal.archives-ouvertes.fr/hal-00793811},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HSS-lics12.pdf},
doi = {10.1109/LICS.2012.46},
abstract = {We show how to reliably compute fast-growing functions
with timed-arc Petri nets and data nets. This
construction provides ordinal-recursive lower bounds
on the complexity of the main decidable properties
(safety, termination, regular simulation,~etc.) of
these models. Since these new lower bounds match the
upper bounds that one can derive from wqo theory,
they precisely characterise the computational power
of these so-called {"}enriched{"} nets.}
}

@inproceedings{RS-concur12,
month = sep,
year = 2012,
volume = 7454,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Koutny, Maciej and Ulidowski, Irek},
acronym = {{CONCUR}'12},
booktitle = {{P}roceedings of the 23rd
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'12)},
author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan},
title = {Verification of {P}etri Nets with Read Arcs},
pages = {471-485},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-concur12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-concur12.pdf},
doi = {10.1007/978-3-642-32940-1_33},
abstract = {Recent work studied the unfolding construction for contextual
nets, i.e. nets with read arcs. Such unfoldings are more concise and can
usually be constructed more efficiently than for Petri nets. However,
concrete verification algorithms exploiting these advantages were lacking
so far. We address this question and propose SAT-based verification
algorithms for deadlock and reachability of contextual nets. Moreover, we
study optimizations of the SAT encoding and report on experiments.}
}

@inproceedings{CGN-concur12,
month = sep,
year = 2012,
volume = 7454,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Koutny, Maciej and Ulidowski, Irek},
acronym = {{CONCUR}'12},
booktitle = {{P}roceedings of the 23rd
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'12)},
author = {Cyriac, Aiswarya and Gastin, Paul and Narayan Kumar, K.},
title = {{MSO} Decidability of Multi-Pushdown Systems via Split-Width},
pages = {547-561},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CGN-concur12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CGN-concur12.pdf},
doi = {10.1007/978-3-642-32940-1_38},
abstract = {Multi-threaded programs with recursion are naturally modeled as
multi-pushdown systems. The behaviors are represented as multiply nested
words (MNWs), which are words enriched with additional binary relations
for each stack matching a push operation with the corresponding pop
operation. Any MNW can be decomposed by two basic and natural operations:
shuffle of two sequences of factors and merge of consecutive factors of a
sequence. We say that the split-width of a MNW is~$$k$$ if it admits a
decomposition where the number of factors in each sequence is at most~$$k$$.
The MSO theory of MNWs with split-width~$$k$$ is decidable. We introduce two
very general classes of MNWs that strictly generalize known decidable
classes and prove their MSO decidability via their split-width and obtain
comparable or better bounds of tree-width of known classes.}
}

@inproceedings{BHSS-concur12,
month = sep,
year = 2012,
volume = 7454,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Koutny, Maciej and Ulidowski, Irek},
acronym = {{CONCUR}'12},
booktitle = {{P}roceedings of the 23rd
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'12)},
Mathieu and Sznajder, Nathalie},
title = {Concurrent Games on~{VASS} with Inhibition},
pages = {39-52},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHSS-CONCUR12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHSS-CONCUR12.pdf},
doi = {10.1007/978-3-642-32940-1_5},
abstract = {We propose to study concurrent games on a new extension of
for modeling purposes. Games are a well-suited framework to solve control
problems, and concurrent semantics reflect realistic situations where the
environment can always produce a move before the controller, although it
is never required to do so. This is in contrast with previous works, which
focused mainly on turn-based semantics. Moreover, we consider asymmetric
games, where environment and controller do not have the same capabilities,
although they both have restricted power. In this setting, we investigate
reachability and safety objectives, which are not dual to each other
anymore, and we prove that (i)~reachability games are undecidable for
finite targets, (ii)~they are 2-EXPTIME-complete for upward-closed targets
and (iii)~safety games are co-NP-complete for finite, upward-closed and
semi-linear targets. Moreover, for the decidable cases, we build a finite
representation of the corresponding controllers.}
}

@inproceedings{BC-concur12,
month = sep,
year = 2012,
volume = 7454,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Koutny, Maciej and Ulidowski, Irek},
acronym = {{CONCUR}'12},
booktitle = {{P}roceedings of the 23rd
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'12)},
author = {Balaguer, Sandie and Chatain, {\relax Th}omas},
title = {Avoiding Shared Clocks in Networks of Timed Automata},
pages = {100-114},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-concur12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-concur12.pdf},
doi = {10.1007/978-3-642-32940-1_9},
abstract = {Networks of timed automata~(NTA) are widely used to model
distributed real-time systems. Quite often in the literature, the automata
are allowed to share clocks. This is a problem when one considers
implementing such model in a distributed architecture, since reading
clocks a priori requires communications which are not explicitly described
in the model. We focus on the following question: given a NTA $$A_{1} \parallel A_{2}$$ where $$A_{2}$$ reads some clocks reset by~$$A_{1}$$,
does there exist a NTA $$A'_{1} \parallel A'_{2}$$ without shared clocks
with the same behavior as the initial NTA? For this, we allow the automata
to exchange information during synchronizations only. We discuss a
formalization of the problem and give a criterion using the notion of
contextual timed transition system, which represents the behavior
of~$$A_{2}$$ when in parallel with~$$A_{1}$$. Finally, we effectively
build $$A'_{1} \parallel A'_{2}$$ when it exists.}
}

@inproceedings{AMH-safep12,
month = aug,
year = 2012,
publisher = {IFAC},
acronym = {{SAFEPROCESS}'12},
booktitle = {{P}roceedings of the 8th {IFAC} {S}ymposium on {F}ault {D}etection,
{S}upervision and {S}afety for {T}echnical {P}rocesses ({SAFEPROCESS}'12)},
author = {Agarwal, Anoopam and Madalinski, Agnes and Haar, Stefan},
title = {Effective Verification of Weak Diagnosability},
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/AMH-safep12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AMH-safep12.pdf},
doi = {10.3182/20120829-3-MX-2028.00083},
abstract = {The \emph{diagnosability} problem can be stated as follows: does
a given labeled Discrete Event System allow for an outside observer to
determine the occurrence of the {"}invisible{"} fault, no later than a
bounded number of events after that unobservable occurrence, and based on
the partial observation of the behaviour? When this problem is
investigated in the context of concurrent systems, partial order semantics
induces a separation between classical or strong diagnosability on the one
hand, and \emph{weak diagnosability} on the other hand. The present paper
presents the first solution for checking weak diagnosability, via a
\emph{verifier} construction.}
}

@inproceedings{BDL-tase12,
month = jul,
year = 2012,
publisher = {{IEEE} Computer Society Press},
noeditor = {},
acronym = {{TASE}'12},
booktitle = {{P}roceedings of the 6th {I}nternational {S}ymposium
on {T}heoretical {A}spects of {S}oftware {E}ngineering
({TASE}'12)},
author = {Bollig, Benedikt and Decker, Normann and Leucker, Martin},
title = {Frequency Linear-time Temporal Logic},
pages = {85-92},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDL-tase12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDL-tase12.pdf},
doi = {10.1109/TASE.2012.43},
abstract = {We propose fLTL, an extension to linear-time temporal logic
(LTL) that allows for expressing relative frequencies by a generalization
of temporal operators. This facilitates the specification of requirements
such as the deadlines in a real-time system must be met in at least~$$95\%$$
of all cases. For our novel logic, we establish an undecidability result
regarding the satisfiability problem but identify a decidable fragment
which strictly increases the expressiveness of LTL by allowing, e.g., to
express non-context-free properties.}
}

@incollection{topnoc12-ehh,
year = 2012,
volume = 6900,
series = {Lecture Notes in Computer Science},
editor = {Jensen, Kurt and Donatelli, Susanna and Kleijn, Jetty},
publisher = {Springer},
booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{V}},
title = {Refinement and Asynchronous Composition of Modal {P}etri Nets},
pages = {96-120},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc12-ehh.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc12-ehh.pdf},
doi = {10.1007/978-3-642-29072-5_4},
abstract = {We propose a framework for the specification of infinite state
systems based on Petri nets with distinguished \emph{may}- and
\emph{must}-transitions (called modalities) which specify the allowed and
the required behavior of refinements and hence of implementations. For any
modal Petri net, we define its generated modal language specification
which abstracts away silent transitions. On this basis we consider
refinements of modal Petri nets by relating their generated modal language
specifications. We show that this refinement relation is decidable if the
underlying modal Petri nets are weakly deterministic. We also show that
the membership problem for the class of weakly deterministic modal Petri
nets is decidable. As an important application scenario of our approach we
consider I/O-Petri nets and their asynchronous composition which typically
leads to an infinite state system.}
}

@article{BCH-fmsd12,
publisher = {Springer},
journal = {Formal Methods in System Design},
author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar,
Stefan},
title = {A~Concurrency-Preserving Translation from Time {P}etri Nets to
Networks of Timed Automata},
year = 2012,
month = jun,
volume = 40,
number = 3,
pages = {330-355},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fmsd12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fmsd12.pdf},
doi = {10.1007/s10703-012-0146-4},
abstract = {Several formalisms to model distributed real-time systems
coexist in the literature. This naturally induces a need to compare their
expressiveness and to translate models from one formalism to another when
possible. The first formal comparisons of the expressiveness of these
models focused on the preservation of the sequential behavior of the
models, using notions like timed language equivalence or timed
bisimilarity. They do not consider preservation of concurrency. In~this
paper we define timed traces as a partial order representation of
executions of our models for real-time distributed systems. Timed traces
provide an alternative to timed words, and take the distribution of
actions into account. We propose a translation between two popular
formalisms that describe timed concurrent systems: $$1$$-bounded time Petri
nets~(TPN) and networks of timed automata~(NTA). Our translation preserves
the distribution of actions, that is we require that if the TPN represents
the product of several components (called processes), then each process
should have its counterpart as one timed automaton in the resulting~NTA.}
}

@article{BHS-fmsd2012,
publisher = {Springer},
journal = {Formal Methods in System Design},
title = {Interrupt Timed Automata: Verification and Expressiveness},
year = {2012},
month = feb,
volume = {40},
number = {1},
pages = {41-87},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-fmsd12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-fmsd12.pdf},
doi = {10.1007/s10703-011-0140-2},
abstract = {We introduce the class of Interrupt Timed Automata (ITA), a
subclass of hybrid automata well suited to the description of timed
multi-task systems with interruptions in a single processor environment.\par
While the reachability problem is undecidable for hybrid automata we show
that it is decidable for ITA. More precisely we prove that the untimed
language of an ITA is regular, by building a finite automaton as a
generalized class graph. We then establish that the reachability problem
for ITA is in NEXPTIME and in PTIME when the number of clocks is fixed. To
prove the first result, we define a subclass ITA$$_{-}$$ of ITA, and show
that (1)~any ITA can be reduced to a language-equivalent automaton in
ITA$$_{-}$$ and (2)~the reachability problem in this subclass is in NEXPTIME
(without any class graph).\par
In the next step, we investigate the verification of real time properties
over ITA. We prove that model checking SCL, a fragment of a timed linear
time logic, is undecidable. On the other hand, we give model checking
procedures for two fragments of timed branching time logic.\par
We also compare the expressive power of classical timed automata and ITA
and prove that the corresponding families of accepted languages are
incomparable. The result also holds for languages accepted by controlled
real-time automata (CRTA), that extend timed automata. We finally combine
ITA with CRTA, in a model which encompasses both classes and show that the
reachability problem is still decidable. Additionally we show that the
languages of ITA are neither closed under complementation nor under
intersection.}
}

@article{BK-jal12,
publisher = {Elsevier Science Publishers},
journal = {Journal of Applied Logic},
author = {Bollig, Benedikt and Kuske, Dietrich},
title = {An optimal construction of {H}anf sentences},
year = {2012},
month = jun,
volume = {10},
number = {2},
pages = {179-186},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BK-jal12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BK-jal12.pdf},
doi = {10.1016/j.jal.2012.01.002},
abstract = {We give a new construction of formulas in Hanf normal form that
are equivalent to first-order formulas over structures of bounded degree.
This is the first algorithm whose running time is shown to be elementary.
The triply exponential upper bound is complemented by a matching lower
bound.}
}

@article{GMM-fmsd2012,
publisher = {Springer},
journal = {Formal Methods in System Design},
author = {Ganty, Pierre and Majumdar, Rupak and Monmege, Benjamin},
title = {Bounded underapproximations},
year = {2012},
month = apr,
volume = {40},
number = {2},
pages = {206-231},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GMM-fmsd12.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GMM-fmsd12.pdf},
doi = {10.1007/s10703-011-0136-y},
abstract = {We show a new and constructive proof of the following
language-theoretic result: for every context-free language~$$L$$, there is
a bounded context-free language $$L'\subseteq L$$ which has the same
Parikh (commutative) image as~$$L$$. Bounded languages, introduced by
Ginsburg and Spanier, are subsets of regular languages of the form
$$w_{1}^{*}w_{2}^{*}\cdots w_{m}^{*}$$ for some $$w_1,\cdots,w_{m}\in \Sigma^{*}$$. In particular bounded context-free languages have nice
structural and decidability properties. Our proof proceeds in two parts.
First, we give a new construction that shows that each context free
language~$$L$$ has a subset~$$L_{N}$$ that has the same Parikh image
as~$$L$$ and that can be represented as a sequence of substitutions on a
linear language. Second, we inductively construct a Parikh-equivalent
bounded context-free subset of~$$L_{N}$$.\par
We show two applications of this result in model checking: to
underapproximate the reachable state space of multithreaded procedural
programs and to underapproximate the reachable state space of recursive
counter programs. The bounded language constructed above provides a
decidable underapproximation for the original problems. By iterating the
construction, we get a semi-algorithm for the original problems that
constructs a sequence of underapproximations such that no two
underapproximations of the sequence can be compared. This provides a
progress guarantee: every word~$$w\in L$$ is in some underapproximation of
the sequence, and hence, a program bug is guaranteed to be found. In
particular, we show that verification with bounded languages generalizes
}

@phdthesis{chatain-HDR13,
author = {Chatain, {\relax Th}omas},
title = {Concurrency in Real-Time Distributed Systems, from Unfoldings
to Implementability},
year = 2013,
month = dec,
type = {M{\'e}moire d'habilitation},
school = {{\'E}cole Normale Sup{\'e}rieure de Cachan, France},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-chatain13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-chatain13.pdf}
}

@phdthesis{crodriguez-phd2013,
author = {Rodr{\'\i}guez, C{\'e}sar},
title = {Verification Based on Unfoldings of {P}etri Nets with Read Arcs},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2013,
month = dec,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-phd13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-phd13.pdf}
}

@misc{impro-D51,
author = {Bouyer, Patricia and Faucou, S{\'e}bastien and Haar, Stefan and
Jovanivi{\'c}, Aleksandra and Lime, Didier and Markey, Nicolas and
Roux, Olivier H. and Sankur, Ocan},
title = {Control tasks for Timed System; Robustness issues},
howpublished = {Deliverable ImpRo~5.1, (ANR-10-BLAN-0317)},
month = jan,
year = {2013},
note = {34~pages},
type = {Contract Report},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d51.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d51.pdf}
}

@phdthesis{schwoon-HDR13,
author = {Schwoon, Stefan},
title = {Efficient verification of sequential and concurrent systems},
year = 2013,
month = dec,
type = {M{\'e}moire d'habilitation},
school = {{\'E}cole Normale Sup{\'e}rieure de Cachan, France},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-schwoon13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-schwoon13.pdf}
}

@article{BC-lmcs13,
journal = {Logical Methods in Computer Science},
author = {Balaguer, Sandie and Chatain, {\relax Th}omas},
title = {Avoiding Shared Clocks in Networks of Timed Automata},
volume = 9,
number = {4:13},
nopages = {},
year = 2013,
month = nov,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-lmcs13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-lmcs13.pdf},
doi = {10.2168/LMCS-9(4:13)2013},
abstract = {Networks of timed automata~(NTA) are widely used to model
distributed real-time systems. Quite often in the literature, the automata
are allowed to share clocks. This is a problem when one considers
implementing such model in a distributed architecture, since reading
clocks a priori requires communications which are not explicitly described
in the model. We focus on the following question: given a NTA $$A_{1} \parallel A_{2}$$ where $$A_{2}$$ reads some clocks reset by~$$A_{1}$$,
does there exist a NTA $$A'_{1} \parallel A'_{2}$$ without shared clocks
with the same behavior as the initial NTA? For this, we allow the automata
to exchange information during synchronizations only. We discuss a
formalization of the problem and give a criterion using the notion of
contextual timed transition system, which represents the behavior
of~$$A_{2}$$ when in parallel with~$$A_{1}$$. Finally, we effectively
build $$A'_{1} \parallel A'_{2}$$ when it exists.}
}

@phdthesis{monmege-phd2013,
author = {Monmege, Benjamin},
title = {Sp{\'e}cification et v{\'e}rification de propri{\'e}t{\'e}s
quantitatives~: expressions, logiques, et automates},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2013,
month = oct,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-phd13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-phd13.pdf}
}

@inproceedings{HHMS-fsttcs13,
month = dec,
year = 2013,
volume = {24},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Seth, Anil and Vishnoi, Nisheeth},
acronym = {{FSTTCS}'13},
booktitle = {{P}roceedings of the 33rd {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'13)},
author = {Haar, Stefan and Haddad, Serge and Melliti, Tarek and Schwoon,
Stefan},
title = {Optimal Constructions for Active Diagnosis},
pages = {527-539},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HHMS13-fsttcs.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHMS13-fsttcs.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2013.527},
abstract = {The task of diagnosis consists in detecting, without ambiguity,
occurrence of faults in a partially observed system. Depending on the
degree of observability, a discrete event system may be diagnosable or
not. Active diagnosis aims at controlling the system in order to make it
diagnosable. Solutions have already been proposed for the active diagnosis
problem, but their complexity remains to be improved. We solve here the
active diagnosability decision problem and the active diagnoser synthesis
problem, proving that (1)~our procedures are optimal w.r.t. to
computational complexity, and (2)~the memory required for the active
diagnoser produced by the synthesis is minimal. Furthermore, focusing on
the minimal delay before detection, we establish that the memory required
for any active diagnoser achieving this delay may be highly greater than
the previous one. So we refine our construction to build with the same
complexity and memory requirement an active diagnoser that realizes a
delay bounded by twice the minimal delay.}
}

@inproceedings{EJS-fsttcs13,
month = dec,
year = 2013,
volume = {24},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Seth, Anil and Vishnoi, Nisheeth},
acronym = {{FSTTCS}'13},
booktitle = {{P}roceedings of the 33rd {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'13)},
author = {Esparza, Javier and Jezequel, Lo{\"\i}g and Schwoon, Stefan},
title = {Computation of summaries using net unfoldings},
pages = {225-236},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/EJS-fsttcs13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/EJS-fsttcs13.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2013.225},
abstract = {We study the following summarization problem: given a parallel
composition $$A = A_1\Vert\cdots\Vert A_n$$ of labelled transition systems
communicating with the environment through a distinguished component
$$A_i$$, efficiently compute a summary~$$S_i$$ such that $$E\Vert A$$ and
$$E\Vert S_i$$ are trace-equivalent for every environment~$$E$$. While $$S_i$$
can be computed using elementary automata theory, the resulting algorithm
suffers from the state-explosion problem. We present a new, simple but
subtle algorithm based on net unfoldings, a partial-order semantics, give
some experimental results using an implementation on top of Mole, and show
that our algorithm can handle divergences and compute weighted summaries
with minor modifications.}
}

@inproceedings{RS-fsfma13,
month = jul,
year = 2013,
volume = 31,
series = {Open Access Series in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Choppy, {\relax Ch}ristine and Sun, Jun},
acronym = {{FSFMA}'13},
booktitle = {{P}roceedings of the 1st {F}rench-{S}ingaporean {W}orkshop
on {F}ormal {M}ethods and {A}pplications ({FSFMA}'13)},
author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan},
title = {An Improved Construction of {P}etri Net Unfoldings},
pages = {47-52},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-fsfma13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-fsfma13.pdf},
doi = {10.4230/OASIcs.FSFMA.2013.47},
abstract = {Petri nets are a well-known model language for concurrent
systems. The unfolding of a Petri net is an acyclic net bisimilar to the
original one. Because it is acyclic, it admits simpler decision problems
though it is in general larger than the net. In this paper, we revisit the
problem of efficiently constructing an unfolding. We propose a new method
that avoids computing the concurrency relation and therefore uses less
memory than some other methods but still represents a good time-space
tradeoff. We implemented the approach and report on experiments.}
}

@article{HMY-jocs13,
publisher = {Elsevier Science Publishers},
journal = {Journal of Computational Science},
title = {Bounding models families for performance evaluation in composite
Web services},
volume = {4},
number = {4},
year = {2013},
pages = {232-241},
month = jul,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-jocs13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-jocs13.pdf},
doi = {10.1016/j.jocs.2011.11.003},
abstract = {One challenge of composite Web service architectures is the
guarantee of the Quality of Service~(QoS). Performance evaluation of these
architectures is essential but complex due to synchronizations inside the
orchestration of services. We propose methods to automatically derive from
the original model a family of bounding models for the composite Web
response time. These models allow to find the appropriate trade-off
between accuracy of the bounds and the computational complexity. The
numerical results show the interest of our approach w.r.t. complexity and
accuracy of the response time bounds.}
}

@inproceedings{CH-pnse13,
month = jun,
year = 2013,
volume = 969,
series = {CEUR Workshop Proceedings},
publisher = {RWTH Aachen, Germany},
editor = {Moldt, Daniel and R{\"o}lke, Heiko},
acronym = {{PNSE}'13},
booktitle = {{P}roceedings of the 7th {I}nternational {W}orkshop on {P}etri
{N}ets and {S}oftware {E}ngineering ({PNSE}'13)},
author = {Chatain, {\relax Th}omas and Haar, Stefan},
title = {A~Canonical Contraction for Safe {P}etri Nets},
pages = {25-39},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CH-pnse13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CH-pnse13.pdf},
abstract = {Under maximal semantics, the occurrence of an event~$$a$$ in a
concurrent run of an occurrence net may imply the occurrence of other
events, not causally related to~$$a$$, in the same run. In recent works, we
have formalized this phenomenon as the \emph{reveals} relation, and used
it to obtain a contraction of sets of events called \emph{facets} in the
context of occurrence nets. Here, we extend this idea to propose a
canonical contraction of general safe Petri nets into pieces of
partial-order behaviour which can be seen as {"}macro-transitions{"} since
all their events must occur together in maximal semantics. On occurrence
nets, our construction coincides with the facets abstraction. Our
contraction preserves the maximal semantics in the sense that the maximal
processes of the contracted net are in bijection with those of the
original net.}
}

@inproceedings{PHL-ictss13,
month = nov,
year = 2013,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Yenig{\"u}n, H{\"u}sn{\"u} and Yilmaz, Cemal and Ulrich, Andreas},
acronym = {{ICTSS}'13},
booktitle = {{P}roceedings of the 25th {IFIP} {I}nternational {C}onference on
{T}esting {S}oftware and {S}ystems ({ICTSS}'13)},
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and
Longuet, Delphine},
title = {Unfolding-based Test Selection for Concurrent Conformance},
pages = {98-113},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictss13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictss13.pdf},
doi = {10.1007/978-3-642-41707-8_7},
abstract = {Model-based testing has mainly focused on models where currency
is interpreted as interleaving (like the ioco theory for labeled
transition systems), which may be too coarse when one wants concurrency to
be preserved in the implementation. In order to test such concurrent
systems, we choose to use Petri nets as specifications and define a
concurrent conformance relation named co-ioco. We propose a test
generation algorithm based on Petri net unfolding able to build a complete
test suite w.r.t our co-ioco conformance relation. In addition we propose
a coverage criterion based on a dedicated notion of complete prefixes that
selects a manageable test suite.}
}

@inproceedings{PBB-dx13,
month = oct,
year = 2013,
editor = {Kalech, Meir and Feldman, Alexander and Provan, Gregory},
acronym = {{DX}'13},
booktitle = {{P}roceedings of the 24th {I}nternational {W}orkshop on
{P}rinciples of {D}iagnosis ({DX}'13)},
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Bonigo, Gonzalo and
Brand{\'a}n{ }Briones, Laura},
title = {Distributed Analysis of Diagnosability in Concurrent Systems},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/PBB-dx13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PBB-dx13.pdf},
abstract = {Complex systems often exhibit unexpected faults that are
difficult to handle. Such systems are desirable to be diagnosable, i.e.
faults can be automatically detected as they occur (or shortly
afterwards), enabling the system to handle the fault or recover. A system
is diagnosable if it is possible to detect every fault, in a finite time
after they occurred, by only observing the available information from the
system. Complex systems are usually built from simpler components running
concurrently. We study how to infer the diagnosability property of a
complex system (distributed and with multiple faults) from a parallelized
analysis of the diagnosability of each of its components synchronizing
with fault free versions of the others. In this paper we make the
following contributions: (1)~we~address the diagnosability problem of
concurrent systems with arbitrary faults occurring freely in each
component. (2)~We~distribute the diagnosability analysis and illustrate
our approach with examples. Moreover, (3)~we~present a prototype tool that
implements our techniques showing promising results.}
}

@inproceedings{ABDHHKLP-icfem13,
month = oct # {-} # nov,
year = 2013,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Groves, Lindsay and Sub, Jing},
acronym = {{ICFEM}'13},
booktitle = {{P}roceedings of the 15th {I}nternational
{C}onference on {F}ormal {E}ngineering
{M}ethods
({ICFEM}'13)},
author = {Andr{\'e}, {\'E}tienne and Barbot, Beno{\^\i}t and
D{\'e}moulins, Cl{\'e}ment and Hillah, Lom Messan and
Hulin{-}Hubard, Francis and Kordon, Fabrice and Linard, Alban
and Petrucci, Laure},
title = {A Modular Approach for Reusing Formalisms in Verification
Tools of Concurrent Systems},
pages = {199-214},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABDHHKLP-icfem13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABDHHKLP-icfem13.pdf},
doi = {10.1007/978-3-642-41202-8_14},
abstract = {Over the past two decades, numerous verification tools have been
successfully used for verifying complex concurrent systems, modelled using
various formalisms. However, it is still hard to coordinate these tools
since they rely on such a large number of formalisms. Having a proper
syntactical mechanism to interrelate them through variability would
increase the capability of effective integrated formal methods. In this
paper, we propose a modular approach for defining new formalisms by
reusing existing ones and adding new features and/or constraints. Our
approach relies on standard XML technologies; their use provides the
capability of rapidly and automatically obtaining tools for representing
and validating models. It thus enables fast iterations in developing and
testing complex formalisms. As a case study, we applied our modular
definition approach on families of Petri nets and timed automata.}
}

@inproceedings{AHHKLLP-iceccs13,
month = jul,
year = 2013,
publisher = {{IEEE} Computer Society Press},
editor = {Liu, Yang and Martin, Andrew},
acronym = {{ICECCS}'13},
booktitle = {{P}roceedings of the 18th {IEEE} {I}nternational {C}onference on {E}ngineering of
{C}omplex {C}omputer {S}ystems ({ICECCS}'13)},
author = {Andr{\'e}, {\'E}tienne and Hillah, Lom Messan and Hulin{-}Hubard,
Francis and Kordon, Fabrice and Lembachar, Yousra and Linard, Alban
and Petrucci, Laure},
title = {{C}osy{V}erif: An~Open Source Extensible Verification
Environment},
pages = {33-36},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/AHHKLLP-iceccs13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AHHKLLP-iceccs13.pdf},
doi = {10.1109/ICECCS.2013.15},
abstract = {CosyVerif aims at gathering within a common framework various
existing tools for specification and verification. It has been designed in
order to 1)~support different formalisms with the ability to easily create
new ones, 2)~provide a graphical user interface for every formalism,
3)~include verification tools called via the graphical interface or via an
API as a Web service, and 4)~offer the possibility for a developer to
integrate his/her own tool without much effort, also allowing it to
interact with the other tools. Several tools have already been integrated
for the formal verification of (extensions~of) Petri nets and timed
automata.}
}

@inproceedings{RS-atva13,
month = oct,
year = {2013},
volume = {8172},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Dang{-}Van, Hung and Ogawa, Mizuhito},
acronym = {{ATVA}'13},
booktitle = {{P}roceedings of the 11th {I}nternational
{S}ymposium on {A}utomated {T}echnology
for {V}erification and {A}nalysis
({ATVA}'13)},
author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan},
title = {Cunf: A~Tool for Unfolding and Verifying Petri Nets with Read
Arcs},
pages = {492-495},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-atva13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-atva13.pdf},
doi = {10.1007/978-3-319-02444-8_42},
abstract = {Cunf is a tool for building and analyzing unfoldings of Petri
nets with read arcs. An unfolding represents the behaviour of a net by a
partial order, effectively coping with the state-explosion problem
stemming from the interleaving of concurrent actions. C-net unfoldings can
be up to exponentially smaller than Petri net unfoldings, and recent work
proposed algorithms for their construction and verification. Cunf is the
first implementation of these techniques, it has been carefully engineered
and optimized to ensure that the theoretical gains are put into
practice.}
}

@inproceedings{HRS-acsd13,
month = jul,
year = 2013,
publisher = {{IEEE} Computer Society Press},
editor = {Pietkiewicz{-}Koutny, Marta and Lazarescu, Mihai Teodor},
acronym = {{ACSD}'13},
booktitle = {{P}roceedings of the 13th {I}nternational
{C}onference on {A}pplication of {C}oncurrency
to {S}ystem {D}esign
({ACSD}'13)},
author = {Haar, Stefan and Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan},
title = {Reveal Your Faults: It's Only Fair!},
pages = {120-129},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HRS-acsd13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HRS-acsd13.pdf},
doi = {10.1109/ACSD.2013.15},
abstract = {We present a methodology for fault diagnosis in
concurrent, partially observable systems with additional fairness
constraints. In this weak diagnosis, one asks whether a concurrent
chronicle of observed events allows to determine that a
non-observable fault will inevitably occur, sooner or later, on
any maximal system run compatible with the observation. The
approach builds on strengths and techniques of unfoldings of safe
Petri nets, striving to compute a compact prefix of the unfolding
that carries sufficient information for the diagnosis
algorithm. Our work extends and generalizes the unfolding-based
diagnosis approaches by Benveniste \textit{et~al.} as well as
Esparza and Kern. Both of these focused mostly on the use of
sequential observations, in particular did not exploit the
capacity of unfoldings to reveal inevitable occurrences of
concurrent or future events studied by Balaguer
\textit{et~al.}. Our diagnosis method captures such indirect,
revealed dependencies. We~develop theoretical foundations and an
algorithmic solution to the diagnosis problem, and present a SAT
solving method for practical diagnosis with our approach.}
}

@article{HKS-tcs13,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
author = {Haar, Stefan and Kern, Christian and Schwoon, Stefan},
title = {Computing the Reveals Relation in Occurrence Nets},
year = 2013,
month = jul,
volume = 493,
pages = {66-79},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-tcs13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-tcs13.pdf},
doi = {10.1016/j.tcs.2013.04.028},
abstract = {Petri net unfoldings are a useful tool to tackle state-space
explosion in verification and related tasks. Moreover, their structure
allows to access directly the relations of causal precedence, concurrency,
and conflict between events. Here, we explore the data structure further,
to determine the following relation: event~$$a$$ is said to reveal
event~$$b$$ iff the occurrence of~$$a$$ implies that~$$b$$ inevitably
occurs, too, be it before, after, or concurrently with~$$a$$. Knowledge of
reveals facilitates in particular the analysis of partially observable
systems, in the context of diagnosis, testing, or verification; it can
also be used to generate more concise representations of behaviours via
abstractions. The reveals relation was previously introduced in the
context of fault diagnosis, where it was shown that the reveals relation
was decidable: for a given pair~$$a,b$$ in the unfolding~$$U$$ of a safe
Petri net~$$N$$, a finite prefix~$$P$$ of~$$U$$ is sufficient to decide
whether or not $$a$$ reveals~$$b$$. In this paper, we first considerably
improve the bound on~$$|P|$$. We then show that there exists an efficient
algorithm for computing the relation on a given prefix. We have
implemented the algorithm and report on experiments.}
}

@inproceedings{ABHH-qest13,
month = aug,
year = 2013,
publisher = {{IEEE} Computer Society Press},
acronym = {{QEST}'13},
booktitle = {{P}roceedings of the 10th {I}nternational
{C}onference on {Q}uantitative
{E}valuation of {S}ystems
({QEST}'13)},
H{\'e}lou{\"e}t, Lo{\"\i}c},
title = {The steady-state control problem for Markov decision processes},
pages = {290-304},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABHH-qest13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABHH-qest13.pdf},
doi = {10.1007/978-3-642-40196-1_26},
abstract = {This paper addresses a control problem for probabilistic models
in the setting of Markov decision processes~(MDP). We~are interested in
the steady-state control problem which asks, given an ergodic MDP~$$M$$
and a distribution~$$\delta_{\text{goal}}$$, whether there exists a
(history-dependent randomized) policy $$\pi$$ ensuring that the
steady-state distribution of~$$M$$ under~$$\pi$$ is
exactly~$$\delta_{\text{goal}}$$. We~first show that stationary randomized
policies suffice to achieve a given steady-state distribution. Then we
infer that the steady-state control problem is decidable for~MDP, and can
be represented as a linear program which is solvable in PTIME. This
decidability result extends to labeled MDP (LMDP) where the objective is a
steady-state distribution on labels carried by the states, and we provide
a PSPACE algorithm. We also show that a related steady-state language
inclusion problem is decidable in EXPTIME for LMDP. Finally, we prove that
if we consider MDP under partial observation (POMDP), the steady-state
control problem becomes undecidable.}
}

@inproceedings{CJ-formats13,
month = aug,
year = 2013,
volume = 8053,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Braberman, V{\'\i}ctor and Fribourg, Laurent},
acronym = {{FORMATS}'13},
booktitle = {{P}roceedings of the 11th {I}nternational {C}onference
on {F}ormal {M}odelling and {A}nalysis of {T}imed
{S}ystems ({FORMATS}'13)},
author = {Chatain, {\relax Th}omas and Jard, Claude},
title = {Back in Time {P}etri Nets},
pages = {91-105},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-formats13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-formats13.pdf},
doi = {10.1007/978-3-642-40229-6_7},
abstract = {The time progress assumption is at the core of the semantics of
real-time formalisms. It is also the major obstacle to the development of
partial-order techniques for real-time distributed systems since the
events are ordered both by causality and by their occurrence in time.
Anyway, extended free choice safe time Petri nets (TPNs) were already
identified as a class where partial order semantics behaves well. We show
that, for this class, the time progress assumption can even be dropped
(time may go back in case of concurrency), which establishes a nice
relation between partial-order semantics and time progress assumption.}
}

@inproceedings{BKM-lics13,
month = jun,
year = 2013,
publisher = {{IEEE} Computer Society Press},
acronym = {{LICS}'13},
booktitle = {{P}roceedings of the 28th
{A}nnual {IEEE} {S}ymposium on
{L}ogic in {C}omputer {S}cience
({LICS}'13)},
author = {Bollig, Benedikt and Kuske, Dietrich and Mennicke, Roy},
title = {The Complexity of Model Checking Multi-Stack Systems},
pages = {163-170},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lics13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lics13.pdf},
doi = {10.1109/LICS.2013.22},
abstract = {We consider the linear-time model-checking problem for boolean
concurrent programs with recursive procedure calls. While sequential
recursive programs are usually modeled as pushdown automata, concurrent
recursive programs involve several processes and can be naturally
abstracted as pushdown automata with multiple stacks. Their behavior can
be understood as words with multiple nesting relations, each relation
connecting a procedure call with its corresponding return. To reason about
multiply nested words, we consider the class of all temporal logics as
defined in the book by Gabbay, Hodkinson, and Reynolds~(1994). The
unifying feature of these temporal logics is that their modalities are
defined in monadic second-order~(MSO) logic. In particular, this captures
numerous temporal logics over concurrent and/or recursive programs that
have been defined so far. Since the general model checking problem is
undecidable, we restrict attention to phase bounded executions as proposed
by La~Torre, Madhusudan, and Parlato (LICS~2007). While the MSO model
checking problem in this case is non-elementary, our main result states
that the model checking (and satisfiability) problem for all MSO-definable
temporal logics is decidable in elementary time. More precisely, it is
solvable in $$(n+2)$$-EXPTIME where $$n$$ is the maximal level of the MSO
modalities in the monadic quantifier alternation hierarchy. We complement
this result and provide, for each level~$$n$$, a~temporal logic whose
model checking problem is $$n$$-EXPSPACE-hard.}
}

@inproceedings{ABBDF-pads13,
month = may,
year = 2013,
publisher = {ACM Press},
editor = {Wainer, Gabriel A.},
booktitle = {{P}roceedings of the 1st {ACM} {SIGSIM} {C}onference on {P}rinciples of
author = {Amparore, Elvio Gilberto and Barbot, Beno{\^\i}t and Beccuti,
Marco and Donatelli, Susanna and Franceschinis, Giuliana},
title = {Simulation-based Verification of Hybrid Automata Stochastic
Logic Formulas for Stochastic Symmetric Nets},
pages = {253-264},
doi = {10.1145/2486092.2486124},
abstract = {The Hybrid Automata Stochastic Logic (HASL) has been recently
defined as a flexible way to express classical performance measures as well
as more complex, path-based ones (generically called {"}HASL formulas{"}).
The considered paths are executions of Generalized Stochastic Petri Nets
(GSPN), which are an extension of the basic Petri net formalism to define
discrete event stochastic processes. The computation of the HASL formulas
for a GSPN model is demanded to the COSMOS tool, that applies simulation
techniques to the formula computation. Stochastic Symmetric Nets (SSN) are
an high level Petri net formalism, of the \emph{colored} type, in which tokens can
have an identity, and it is well known that colored Petri nets allow one to
describe systems in a more compact and parametric form than basic
(uncolored) Petri nets. In this paper we propose to extend HASL and COSMOS
to support colors, so that performance formulas for SSN can be easily
defined and evaluated. This requires a new definition of the logic, to
ensure that colors are taken into account in a correct and useful manner,
and a significant extension of the COSMOS tool.}
}

@inproceedings{BHLM-dlt13,
month = jun,
year = 2013,
volume = {7907},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {B{\'e}al, Marie-Pierre and Carton, Olivier},
acronym = {{DLT}'13},
booktitle = {{P}roceedings of the 17th {I}nternational
{C}onference on {D}evelopments in {L}anguage {T}heory
({DLT}'13)},
author = {Bollig, Benedikt and Habermehl, Peter and Leucker, Martin and
Monmege, Benjamin},
title = {A~Fresh Approach to Learning Register Automata},
pages = {118-130},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHLM-dlt13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHLM-dlt13.pdf},
doi = {10.1007/978-3-642-38771-5_12},
abstract = {This paper provides an Angluin-style learning algorithm for a
class of register automata supporting the notion of \emph{fresh} data values.
More specifically, we introduce \emph{session automata} which are well suited for
modeling protocols in which sessions using fresh values are of major
interest, like in security protocols or ad-hoc networks. We show that
session automata (i)~have an expressiveness partly extending, partly
reducing that of register automata, (ii)~admit a symbolic regular
representation, and (iii)~have a decidable equivalence and model-checking
problem (unlike register automata). Using these results, we establish a
learning algorithm to infer session automata through membership and
equivalence queries. Finally, we strengthen the robustness of our
automaton by its characterization in monadic second-order logic.}
}

@inproceedings{BCHKS-lata13,
month = apr,
year = 2013,
volume = {7810},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Dediu, Adrian Horia and Mart{\'\i}n-Vide, Carlos and Truthe, Bianca},
acronym = {{LATA}'13},
booktitle = {{P}roceedings of the 7th {I}nternational {C}onference on {L}anguage
and {A}utomata {T}heory and {A}pplications ({LATA}'13)},
author = {Bollig, Benedikt and Cyriac, Aiswarya and H{\'e}lou{\"e}t,
Lo{\"\i}c and Kara, Ahmet and Schwentick, {\relax Th}omas},
title = {Dynamic Communicating Automata and Branching High-Level {MSC}s},
pages = {177-189},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHKS-lata13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHKS-lata13.pdf},
doi = {10.1109/REVET.2012.6195253},
abstract = {We study dynamic communicating automata~(DCA), an~extension of
classical communicating finite-state machines that allows for dynamic
creation of processes. The behavior of a DCA can be described as a set of
message sequence charts~(MSCs). While DCA serve as a model of an
implementation, we propose branching high-level MSCs~(bHMSCs) on the
specification side. Our focus is on the implementability problem: given a
bHMSC, can one construct an equivalent DCA? As this problem is
undecidable, we introduce the notion of executability, a decidable
necessary criterion for implementability. We show that executability of
bHMSCs is EXPTIME-complete. We~then identify a class of bHMSCs for which
executability effectively implies implementability.}
}

@inproceedings{RSK-pn13,
month = jun,
year = 2013,
volume = {7927},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Colom, Jos{\'e}-Manuel and Desel, J{\"o}rg},
acronym = {{PETRI~NETS}'13},
booktitle = {{P}roceedings of the 34th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'13)},
author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan and Khomenko,
Victor},
title = {Contextual Merged Processes},
pages = {29-48},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/RSK-atpn13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RSK-atpn13.pdf},
doi = {10.1007/978-3-642-38697-8_3},
abstract = {We integrate two compact data structures for
representing state spaces of Petri nets: merged processes and
contextual prefixes.  The resulting data structure, called
contextual merged processes (CMP), combines the advantages of the
original ones and copes with several important sources of state
space explosion: concurrency, sequences of choices, and concurrent
read accesses to shared resources. In particular, we demonstrate
on a number of benchmarks that CMPs are more compact than either
of the original data structures. Moreover, we sketch a polynomial
(in the CMP size) encoding into SAT of the model-checking problem
for reachability properties.}
}

@inproceedings{FH-pn13,
month = jun,
year = 2013,
volume = {7927},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Colom, Jos{\'e}-Manuel and Desel, J{\"o}rg},
acronym = {{PETRI~NETS}'13},
booktitle = {{P}roceedings of the 34th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'13)},
title = { Complexity Analysis of Continuous {P}etri Nets},
pages = {170-189},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-pn13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-pn13.pdf},
doi = {10.1007/978-3-642-38697-8_10},
abstract = {At the end of the eighties, continuous Petri nets were
introduced for: (1)~alleviating the combinatory explosion triggered by
discrete Petri nets and, (2)~modelling the behaviour of physical systems
whose state is composed of continuous variables. Since then several works
have established that the computational complexity of deciding some
standard behavioural properties of Petri nets is reduced in this
framework. Here we first establish the decidability of additional
properties like boundedness and reachability set inclusion. We also design
new decision procedures for the reachability and lim-reachability problems
with a better computational complexity. Finally we provide lower bounds
characterising the exact complexity class of the boundedness, the
reachability, the deadlock freeness and the liveness problems.}
}

@inproceedings{HHM-pn13,
month = jun,
year = 2013,
volume = {7927},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Colom, Jos{\'e}-Manuel and Desel, J{\"o}rg},
acronym = {{PETRI~NETS}'13},
booktitle = {{P}roceedings of the 34th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'13)},
title = {Channel Properties of Asynchronously Composed {P}etri~Nets},
pages = {369-388},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-pn13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-pn13.pdf},
doi = {10.1007/978-3-642-38697-8_20},
abstract = {We consider asynchronously composed I/O-Petri nets (AIOPNs) with
built-in communication channels. They are equipped with a compositional
semantics in terms of asynchronous I/O-transition systems (AIOTSs)
admitting infinite state spaces. We study various channel properties that
deal with the production and consumption of messages exchanged via the
communication channels and establish useful relationships between them. In
order to support incremental design we show that the channel properties
considered in this work are preserved by asynchronous composition, i.e.
they are compositional. As a crucial result we prove that the channel
properties are decidable for AIOPNs.}
}

@article{HMN-fi13,
publisher = {{IOS} Press},
journal = {Fundamenta Informaticae},
title = {Synthesis and Analysis of Product-form {P}etri Nets},
year = {2013},
volume = {122},
number = {1-2},
pages = {147-172},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-fi13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-fi13.pdf},
doi = {10.3233/FI-2013-786},
abstract = {For a large Markovian model, a {"}product form{"} is an explicit
description of the steady-state behaviour which is otherwise generally
untractable. Being first introduced in queueing networks, it has been
adapted to Markovian Petri nets. Here we address three relevant issues for
product-form Petri nets which were left fully or partially open:
(1)~we~provide a sound and complete set of rules for the synthesis;
(2)~we~characterise the exact complexity of classical problems like
reachability; (3)~we~introduce a new subclass for which the normalising
constant (a~crucial value for product-form expression) can be efficiently
computed.}
}

@inproceedings{BGM-fossacs13,
month = mar,
year = 2013,
volume = {7794},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Pfenning, Frank},
acronym = {{FoSSaCS}'13},
booktitle = {{P}roceedings of the 16th {I}nternational
{C}onference on {F}oundations of {S}oftware {S}cience
and {C}omputation {S}tructures
({FoSSaCS}'13)},
author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin},
title = {Weighted Specifications over Nested Words},
pages = {385-400},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGM-fossacs13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGM-fossacs13.pdf},
doi = {10.1007/978-3-642-37075-5_25},
abstract = {This paper studies several formalisms to specify quantitative
properties of finite nested words (or~equivalently finite unranked trees).
These can be used for XML documents or recursive programs: for~instance,
counting how often a given entry occurs in an XML document, or~computing
the memory required for a recursive program execution. Our main interest
is to translate these properties, as efficiently as possible, into an
automaton, and to use this computational device to decide problems related
to the properties (e.g.,~emptiness, model checking, simulation) or to
compute the value of a quantitative specification over a given nested
word. The specification formalisms are weighted regular expressions (with
forward and backward moves following linear edges or call-return edges),
weighted first-order logic, and weighted temporal logics. We~introduce
weighted automata walking in nested words, possibly dropping\slash lifting
(reusable) pebbles during the traversal. We prove that the evaluation
problem for such automata can be done very efficiently if the number of
pebble names is small, and we also consider the emptiness problem.}
}

@article{BFCH-compj14,
publisher = {Oxford University Press},
journal = {The Computer Journal},
author = {Beccuti, Marco and Franceschinis, Giuliana and
title = {Computing Optimal Repair Strategies by Means of NdRFT
Modeling and Analysis},
volume = 57,
number = 12,
month = dec,
year = 2014,
pages = {1870-1892},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-compj14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-compj14.pdf},
doi = {10.1093/comjnl/bxt134},
abstract = {In this paper, the \emph{Non-deterministic Repairable Fault
Tree}~(NdRFT) formalism is proposed: it allows the modeling of failures of
complex systems in addition to their repair processes. Its originality
with respect to other Fault Tree extensions allows us to address repair
strategy optimization problems: in an NdRFT model, the decision as to
whether to start or not a given repair action is non-deterministic, so
that all the possibilities are left open. The formalism is rather
powerful, it allows: the specification of self-revealing events, the
representation of components degradation, the choice among local repair,
global repair, preventive maintenance, and the specification of the
resources needed to start a repair action. The optimal repair strategy
with respect to some relevant system state function, e.g. system
unavailability, can then be computed by solving an optimization problem on
a Markov Decision Process derived from the NdRFT. Such derivation is
obtained by converting the NdRFT model into an intermediate formalism
called Markov Decision Petri Net~(MDPN). In the paper, the NdRFT syntax
and semantics are formally described, together with the conversion rules
to derive from the NdRFT the corresponding MDPN model. The application of
NdRFT is illustrated through examples.}
}

@phdthesis{ponce-phd2014,
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n},
title = {Testing Concurrent Systems Through Event Structures},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2014,
month = nov,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ponce-phd14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ponce-phd14.pdf}
}

@phdthesis{barbot-phd2014,
author = {Barbot, Beno{\^\i}t},
title = {Acceleration for Statistical Model Checking},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2014,
month = nov,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/barbot-phd14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/barbot-phd14.pdf}
}

@article{BHLM-lmcs14,
journal = {Logical Methods in Computer Science},
author = {Bollig, Benedikt and Habermehl, Peter and Leucker, Martin
and Monmege, Benjamin},
title = {A~Robust Class of Data Languages and an Application to Learning},
year = {2014},
month = dec,
volume = 10,
number = {4:19},
nopages = {},
url = {http://arxiv.org/abs/1411.6646},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHLM-lmcs14.pdf},
doi = {10.2168/LMCS-10(4:19)2014},
abstract = {We~introduce session automata, an automata model to process data
words, i.e., words over an infinite alphabet. Session automata support the
notion of fresh data values, which are well suited for modeling protocols
in which sessions using fresh values are of major interest, like in
security protocols or ad-hoc networks. Session automata have an
expressiveness partly extending, partly reducing that of classical
register automata. We~show that, unlike register automata and their
various extensions, session automata are robust: They (i)~are closed under
intersection, union, and (resource-sensitive) complementation, (ii)~admit
a symbolic regular representation, (iii)~have a decidable inclusion
problem (unlike register automata), and (iv)~enjoy logical
characterizations. Using these results, we establish a learning algorithm
to infer session automata through membership and equivalence queries.}
}

@article{PHL-sttt14,
publisher = {Springer},
journal = {International Journal on Software Tools
for Technology Transfer},
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and
Longuet, Delphine},
title = {Model-based Testing for Concurrent Systems: Unfolding-based Test Selection},
volume = {18},
number = 3,
year = {2016},
month = jun,
pages = {305-318},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-sttt14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-sttt14.pdf},
doi = {10.1007/s10009-014-0353-y},
abstract = {Model-based testing has mainly focused on models where
concurrency is interpreted as interleaving (like the ioco theory for
labeled transition systems), which may be too coarse when one wants
concurrency to be preserved in the implementation. In order to test such
concurrent systems, we choose to use Petri nets as specifications and
define a concurrent conformance relation named co-ioco. We present a test
generation algorithm based on Petri net unfolding able to build a complete
test suite w.r.t our co-ioco conformance relation. In addition we propose
several coverage criteria that allow to select finite prefixes of an
unfolding in order to build manageable test suites.}
}

@inproceedings{AG-fsttcs14,
month = dec,
year = 2014,
volume = {29},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Raman, Venkatesh and Suresh, S.~P.},
acronym = {{FSTTCS}'14},
booktitle = {{P}roceedings of the 34th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'14)},
author = {Aiswarya, C. and Gastin, Paul},
title = {Reasoning about distributed systems: {WYSIWYG}},
pages = {11-30},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/AG-fsttcs14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AG-fsttcs14.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2014.11},
abstract = {There are two schools of thought on reasoning about distributed
systems: one~following interleaving based semantics, and one following
partial-order{{\slash}}graph based semantics. This paper compares these two
approaches and argues in favour of the latter. An~introductory treatment
of the split-width technique is also provided.}
}

@article{haar-mvlsc15,
publisher = {Old City Publishing},
journal = {Journal of Multiple-Valued Logic and Soft Computing},
author = {Haar, Stefan},
title = {Cyclic Ordering through Partial Orders},
volume = {27},
number = {2-3},
year = 2016,
month = sep,
pages = {209-228},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-mvlsc16.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-mvlsc16.pdf},
abstract = {The orientation problem for ternary cyclic order relations has
been attacked in the literature from combinatorial perspectives, through
rotations, and by connection with Petri nets. We propose here a two-fold
characterization of orientable cyclic orders in terms of symmetries of
partial orders as well as in terms of separating sets (cuts). The results
are inspired by properties of non-sequential discrete processeses, but
also apply to dense structures of any cardinality.}
}

@article{BFHP-fi14,
publisher = {{IOS} Press},
journal = {Fundamenta Informaticae},
author = {Bernardinello, Luca and Ferigato, Carlo and
Haar, Stefan and Pomello, Lucia},
title = {Closed Sets in Occurrence Nets with Conflicts},
volume = 133,
number = 4,
year = 2014,
pages = {323-344},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHP-fi14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHP-fi14.pdf},
doi = {10.3233/FI-2014-1079},
abstract = {The semantics of concurrent processes can be defined in terms of
partially ordered sets. Occurrence nets, which belong to the family of
Petri nets, model concurrent processes as partially ordered sets of
occurrences of local states and local events. On the basis of the
associated concurrency relation, a closure operator can be defined, giving
rise to a lattice of closed sets. Extending previous results along this
line, the present paper studies occurrence nets with forward conflicts,
modelling families of processes. It is shown that the lattice of closed
sets is orthomodular, and the relations between closed sets and some
particular substructures of an occurrence net are studied. In particular,
the paper deals with runs, modelling concurrent histories, and trails,
corresponding to possible histories of sequential components. A~second
closure operator is then defined by means of an iterative procedure.
The~corresponding closed sets, here called 'dynamically closed', are shown
to form a complete lattice, which in general is not orthocomplemented.
Finally, it is shown that, if an occurrence net satisfies a property
called B-density, which essentially says that any antichain meets any
trail, then the two notions of closed set coincide, and they form a
complete, algebraic orthomodular lattice.}
}

@inproceedings{BHL-fsttcs14,
month = dec,
year = 2014,
volume = {29},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Raman, Venkatesh and Suresh, S.~P.},
acronym = {{FSTTCS}'14},
booktitle = {{P}roceedings of the 34th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'14)},
title = {Foundation of Diagnosis and Predictability in Probabilistic
Systems},
pages = {417-429},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-fsttcs14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-fsttcs14.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2014.417},
abstract = {In discrete event systems prone to unobservable faults, a
diagnoser must eventually detect fault occurrences. The diagnosability
problem consists in deciding whether such a diagnoser exists. Here we
investigate diagnosis for probabilistic systems modelled by partially
observed Markov chains also called probabilistic labeled transition
systems (pLTS). First we study different specifications of diagnosability
and establish their relations both in finite and infinite pLTS. Then we
analyze the complexity of the diagnosability problem for finite pLTS: we
show that the polynomial time procedure earlier proposed is erroneous and
that in fact for all considered specifications, the problem is
PSPACE-complete. We also establish tight bounds for the size of
diagnosers. Afterwards we consider the dual notion of predictability which
consists in predicting that in a safe run, a fault will eventually occur.
Predictability is an easier problem than diagnosability: it is
NLOGSPACE-complete. Yet the predictor synthesis is as hard as the
diagnoser synthesis. Finally we introduce and study the more flexible
notion of prediagnosability that generalizes predictability and
diagnosability.}
}

@inproceedings{BGK-fsttcs14,
month = dec,
year = 2014,
volume = {29},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Raman, Venkatesh and Suresh, S.~P.},
acronym = {{FSTTCS}'14},
booktitle = {{P}roceedings of the 34th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'14)},
author = {Bollig, Benedikt and Gastin, Paul and Kumar, Akshay},
title = {Parameterized Communicating Automata: Complementation and
Model Checking},
pages = {625-637},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGK-fsttcs14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGK-fsttcs14.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2014.625},
abstract = {We study the language-theoretical aspects of parameterized
communicating automata (PCAs), in which processes communicate via
rendez-vous. A given PCA can be run on any topology of bounded degree such
as pipelines, rings, ranked trees, and grids. We show that, under a
context bound, which restricts the local behavior of each process, PCAs
are effectively complementable. Complementability is considered a key
aspect of robust automata models and can, in particular, be exploited for
verification. In this paper, we use it to obtain a characterization of
context-bounded PCAs in terms of monadic second-order (MSO) logic. As the
emptiness problem for context-bounded PCAs is decidable for the classes of
pipelines, rings, and trees, their model-checking problem wrt. MSO
properties also becomes decidable. While previous work on model checking
parameterized systems typically uses temporal logics without next
operator, our MSO logic allows one to express several natural next
modalities.}
}

@inproceedings{CMS-fsttcs14,
month = dec,
year = 2014,
volume = {29},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Raman, Venkatesh and Suresh, S.~P.},
acronym = {{FSTTCS}'14},
booktitle = {{P}roceedings of the 34th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'14)},
author = {Chadha, Rohit and Mathur, Umang and Schwoon, Stefan},
title = {Computing Information Flow Using Symbolic Model-Checking},
pages = {505-516},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CMS-fsttcs14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CMS-fsttcs14.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2014.505},
abstract = {Several measures have been proposed in literature for
quantifying the information leaked by the public outputs of a program with
secret inputs. We consider the problem of computing information leaked by
a deterministic or probabilistic program when the measure of information
is based on (a)~min-entropy and (b)~Shannon entropy. The key challenge in
computing these measures is that we need the total number of possible
outputs and, for each possible output, the number of inputs that lead to
it. A direct computation of these quantities is infeasible because of the
state-explosion problem. We therefore propose symbolic algorithms based on
binary decision diagrams (BDDs). The advantage of our approach is that
these symbolic algorithms can be easily implemented in any BDD-based
model-checking tool that checks for reachability in deterministic
non-recursive programs by computing program summaries. We demonstrate the
validity of our approach by implementing these algorithms in a tool
Moped-QLeak, which is built upon Moped, a model checker for Boolean
programs. Finally, we show how this symbolic approach extends to
probabilistic programs.}
}

@article{BCGZ-jal14,
publisher = {Elsevier Science Publishers},
journal = {Journal of Applied Logic},
author = {Bollig, Benedikt and Cyriac, Aiswarya and Gastin, Paul and
Zeitoun, Marc},
title = {Temporal logics for concurrent recursive programs:
Satisfiability and model checking},
volume = 12,
number = 4,
pages = {395-416},
month = dec,
year = 2014,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGZ-jal14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGZ-jal14.pdf},
doi = {10.1016/j.jal.2014.05.001},
abstract = {We develop a general framework for the design of temporal logics
for concurrent recursive programs. A program execution is modeled as a
partial order with multiple nesting relations. To specify properties of
executions, we consider any temporal logic whose modalities are definable
expressions. This captures, in a unifying framework, a wide range of
logics defined for ranked and unranked trees, nested words, and
Mazurkiewicz traces that have been studied separately. We show that
satisfiability and model checking are decidable in EXPTIME and 2EXPTIME,
depending on the precise path modalities.}
}

@proceedings{KHY-topnoc2014,
title = {Transactions on {P}etri Nets and Other Models of Concurrency~{IX}},
booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{IX}},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = 8910,
year = {2014},
url = {http://www.springer.com/978-3-662-45729-0}
}

@incollection{topnoc14-CH,
year = 2014,
volume = {8910},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{IX}},
author = {Chatain, {\relax Th}omas and Haar, Stefan},
title = {A Canonical Contraction for Safe {P}etri Nets},
pages = {83-98},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc14-CH.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc14-CH.pdf},
doi = {10.1007/978-3-662-45730-6_5},
abstract = {Under maximal semantics, the occurrence of an event~$$a$$ in a
concurrent run of an occurrence net may imply the occurrence of other
events, not causally related to~$$a$$, in the same run. In recent works,
we have formalized this phenomenon as the reveals relation, and used it to
obtain a contraction of sets of events called facets in the context of
occurrence nets. Here, we extend this idea to propose a canonical
contraction of general safe Petri nets into pieces of partial-order
behaviour which can be seen as {"}macro-transitions{"} since all their
events must occur together in maximal semantics. On occurrence nets, our
construction coincides with the facets abstraction. Our contraction
preserves the maximal semantics in the sense that the maximal processes of
the contracted net are in bijection with those of the original net.}
}

@inproceedings{CHJPS-cmsb14,
month = nov,
year = 2014,
volume = {8859},
series = {Lecture Notes in Bioinformatics},
publisher = {Springer-Verlag},
editor = {Mendes, Pedro},
acronym = {{CMSB}'14},
booktitle = {{P}roceedings of the 12th
{C}onference on
{C}omputational {M}ethods in {S}ystem {B}iology
({CMSB}'14)},
author = {Chatain, {\relax Th}omas and Haar, Stefan and Jezequel,
Lo{\"\i}g and Paulev{\'e}, Lo{\"\i}c and Schwoon, Stefan},
title = {Characterization of Reachable Attractors Using {P}etri Net
Unfoldings},
pages = {129-142},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CHJPS-cmsb14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CHJPS-cmsb14.pdf},
doi = {10.1007/978-3-319-12982-2_10},
abstract = {Attractors of network dynamics represent the long-term
behaviours of the modelled system. Their characterization is therefore
crucial for understanding the response and differentiation capabilities of
a dynamical system. In the scope of qualitative models of interaction
networks, the computation of attractors reachable from a given state of
the network faces combinatorial issues due to the state space explosion.
In this paper, we present a new algorithm that exploits the concurrency
between transitions of parallel acting components in order to reduce the
search space. The algorithm relies on Petri net unfoldings that can be
used to compute a compact representation of the dynamics. We illustrate
the applicability of the algorithm with Petri net models of cell
signalling and regulation networks, Boolean and multi-valued. The proposed
approach aims at being complementary to existing methods for deriving the
attractors of Boolean models, while being generic since they apply to any
safe Petri net.}
}

@inproceedings{BHHP-simul14,
month = oct,
year = 2014,
publisher = {XPS},
editor = {Arisha, Amr and Bobashev, Georgiy},
acronym = {{SIMUL}'14},
booktitle = {{P}roceedings of the 6th {I}nternational {C}onference on {A}dvances in
{S}ystem {S}imulation ({SIMUL}'14)},
and Picaronny, Claudine},
title = {Rare Event Handling in Signalling Cascades},
pages = {126-131},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-simul14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-simul14.pdf},
abstract = {Signalling cascades are a recurrent pattern of biological
regulatory systems whose analysis has deserved a lot of attention. It has
been shown that stochastic Petri nets are appropriate to model such
systems and evaluate the probabilities of specific properties. Such an
evaluation can be done numerically when the combinatorial state space
explosion is manageable or statistically otherwise. However, when the
probabilities to be evaluated are too small, random simulation requires
more sophisticated techniques for the handling of rare events. In this
paper, we show how such involved methods can be successfully applied for
signalling cascades. More precisely, we study three relevant properties of
a signalling cascade with the help of the Cosmos tool. Our experiments
point out interesting dependencies between quantitative parameters of the
regulatory system and its transient behaviour. In addition, they
demonstrate that we can go beyond the capabilities of Marcie which
provides one of the most efficient numerical solvers.}
}

@inproceedings{BGS-rp14,
month = sep,
year = 2014,
volume = {8762},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Ouaknine, Jo{\"e}l and Potapov, Igor and Worrell, James},
acronym = {{RP}'14},
booktitle = {{P}roceedings of the 8th {W}orkshop
on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'14)},
author = {Bollig, Benedikt and Gastin, Paul and Schubert, Jana},
title = {Parameterized Verification of Communicating Automata under Context Bounds},
pages = {45-57},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGS-rp14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGS-rp14.pdf},
doi = {10.1007/978-3-319-11439-2_4},
abstract = {We study the verification problem for parameterized
communicating automata~(PCA), in which processes synchronize via message
passing. A~given PCA can be run on any topology of bounded degree (such as
pipelines, rings, or ranked trees), and communication may take place
between any two processes that are adjacent in the topology. Parameterized
verification asks if there is a topology from a given topology class that
allows for an accepting run of the given PCA. In general, this problem is
undecidable even for synchronous communication and simple pipeline
topologies. We therefore consider context-bounded verification, which
restricts the behavior of each single process. For several variants of
context bounds, we show that parameterized verification over pipelines,
rings, and ranked trees is decidable. Our approach is automata-theoretic
and uniform. We introduce a notion of graph acceptor that identifies those
topologies allowing for an accepting run. Depending on the given topology
class, the topology acceptor can then be restricted, or adjusted, so that
the verification problem reduces to checking emptiness of finite automata
or tree automata.}
}

@inproceedings{HM-rp14,
month = sep,
year = 2014,
volume = {8762},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Ouaknine, Jo{\"e}l and Potapov, Igor and Worrell, James},
acronym = {{RP}'14},
booktitle = {{P}roceedings of the 8th {W}orkshop
on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'14)},
title = {Reachability in {MDP}s: Refining Convergence of Value Iteration},
pages = {125-137},
url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2014-07.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2014-07.pdf},
doi = {10.1007/978-3-319-11439-2_10},
abstract = {Markov Decision Processes (MDP) are a widely used model
including both non-deterministic and probabilistic choices. Minimal and
maximal probabilities to reach a target set of states, with respect to a
policy resolving non-determinism, may be computed by several methods
including value iteration. This algorithm, easy to implement and efficient
in terms of space complexity, consists in iteratively finding the
probabilities of paths of increasing length. However, it raises three
issues: (1)~defining a stopping criterion ensuring a bound on the
approximation, (2)~analyzing the rate of convergence, and (3)~specifying
an additional procedure to obtain the exact values once a sufficient
number of iterations has been performed. The first two issues are still
open and for the third one a {"}crude{"} upper bound on the number of
iterations has been proposed. Based on a graph analysis and transformation
of MDPs, we address these problems. First we introduce an interval
iteration algorithm, for which the stopping criterion is straightforward.
Then we exhibit convergence rate. Finally we significantly improve the
bound on the number of iterations required to get the exact values.}
}

@article{PHL-stvr14,
publisher = {John Wiley \& Sons, Ltd.},
journal = {Software Testing, Verification and Reliability},
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and
Longuet, Delphine},
title = {Model-Based Testing for Concurrent Systems with Labeled Event
Structures},
volume = 24,
number = 7,
year = {2014},
month = nov,
pages = {558-590},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-stvr14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-stvr14.pdf},
doi = {10.1002/stvr.1543},
abstract = {We propose a theoretical testing framework and a test generation
algorithm for concurrent systems specified with true concurrency models,
such as Petri nets or networks of automata. The semantic model of
computation of such formalisms are labeled event structures, which allow
to represent concurrency explicitly. We introduce the notions of strong
and weak concurrency: strongly concurrent events must be concurrent in the
implementation, while weakly concurrent ones may eventually be ordered.
The ioco type conformance relations for sequential systems rely on the
observation of sequences of actions and blockings, thus they are not
capable of capturing and exploiting concurrency of non sequential
behaviors. We propose an extension of \textbf{ioco} for labeled event
structures, named \textbf{co-ioco}, allowing to deal with strong and weak
concurrency. We~extend the notions of test cases and test execution to
labeled event structures, and give a test generation algorithm building a
complete test suite for \textbf{co-ioco}.}
}

@inproceedings{BMP-dx14,
month = sep,
year = 2014,
editor = {Abreu, Rui and Pill, Ingo and Wotawa, Franz},
acronym = {{DX}'14},
booktitle = {{P}roceedings of the 25th {I}nternational {W}orkshop on
{P}rinciples of {D}iagnosis ({DX}'14)},
author = {Brand{\'a}n{ }Briones, Laura and Madalinski, Agnes and Ponce{ }de{~}Le{\'o}n, Hern{\'a}n},
title = {Distributed Diagnosability Analysis with {P}etri Nets},
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BMP-dx14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BMP-dx14.pdf},
abstract = {We propose a framework to distributed diagnosability analysis of
concurrent systems modeled with Petri nets as a collection of components
synchronizing on common observable transitions, where faults can occur in
several components. The diagnosability analysis of the entire system is
done in parallel by verifying the interaction of each component with the
fault free versions of the other components. Furthermore, we use existing
efficient methods and tools, in particular parallel LTL-X model checking
based on unfoldings, for diagnosability verification.}
}

@inproceedings{AGN-atva14,
month = nov,
year = {2014},
volume = 8837,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Cassez, Franck and Raskin, Jean-Fran{\c{c}}ois},
acronym = {{ATVA}'14},
booktitle = {{P}roceedings of the 12th {I}nternational
{S}ymposium on {A}utomated {T}echnology
for {V}erification and {A}nalysis
({ATVA}'14)},
author = {Aiswarya, C. and Gastin, Paul and Narayan Kumar, K.},
title = {Verifying Communicating Multi-pushdown Systems via Split-width},
pages = {1-17},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/AGN-atva14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGN-atva14.pdf},
doi = {10.1007/978-3-319-11936-6_1},
abstract = {Communicating multi-pushdown systems model networks of
multi-threaded recursive programs communicating via reliable FIFO
channels. We extend the notion of split-width to this setting, improving
and simplifying the earlier definition. Split-width, while having the same
power of clique-{{\slash}}tree-width, gives a divide-and-conquer technique
to prove the bound of a class, thanks to the two basic operations, shuffle
and merge, of the split-width algebra. We illustrate this technique on
examples. We also obtain simple, uniform and optimal decision procedures
for various verification problems parametrised by split-width.}
}

@inproceedings{CGK-concur14,
month = sep,
year = 2014,
volume = 8704,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Baldan, Paolo and Gorla, Daniele},
acronym = {{CONCUR}'14},
booktitle = {{P}roceedings of the 25th
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'14)},
author = {Cyriac, Aiswarya and Gastin, Paul and Narayan Kumar, K.},
title = {Controllers for the Verification of Communicating Multi-Pushdown Systems},
pages = {297-311},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CGK-concur14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CGK-concur14.pdf},
doi = {10.1007/978-3-662-44584-6_21},
abstract = {Multi-pushdowns communicating via queues are formal models of
multi-threaded programs communicating via channels. They are turing
powerful and much of the work on their verification has focussed on
under-approximation techniques. Any error detected in the
under-approximation implies an error in the system. However the successful
verification of the under-approximation is not as useful if the system
exhibits unverified behaviours. Our aim is to design controllers that
observe/restrict the system so that it stays within the verified
under-approximation. We identify some important properties that a good
controller should satisfy. We consider an extensive under-approximation
class, construct a distributed controller with the desired properties and
also establish the decidability of verification problems for this class.}
}

@inproceedings{PHL-ictac14,
month = sep,
year = 2014,
volume = 8687,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Ciobanu, Gabriel and M{\'e}ry, Dominique},
acronym = {{ICTAC}'14},
booktitle = {{P}roceedings of the 11th {I}nternational {C}olloquium on
{T}heoretical {A}spects of {C}omputing ({ICTAC}'14)},
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and
Longuet, Delphine},
title = {Distributed testing of concurrent systems: vector clocks to
the rescue},
pages = {369-387},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictac14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictac14.pdf},
doi = {10.1007/978-3-319-10882-7_22},
abstract = {The ioco relation has become a standard in model-based
conformance testing. The co-ioco conformance relation is an extension of
this relation to concurrent systems specified with true-concurrency
models. This relation assumes a global control and observation of the
system under test, which is not usually realistic in the case of
physically distributed systems. Such systems can be partially observed at
each of their points of control and observation by the sequences of inputs
and outputs exchanged with their environment. Unfortunately, in general,
global observation cannot be reconstructed from local ones, so global
conformance cannot be decided with local tests. We propose to append time
stamps to the observable actions of the system under test in order to
regain global conformance from local testing.}
}

@inproceedings{KH-acsd14,
month = jun,
year = 2014,
publisher = {{IEEE} Computer Society Press},
acronym = {{ACSD}'14},
booktitle = {{P}roceedings of the 14th {I}nternational
{C}onference on {A}pplication of {C}oncurrency
to {S}ystem {D}esign
({ACSD}'14)},
author = {Kordon, Fabrice and Hulin{-}Hubard, Francis},
title = {BenchKit, a Tool for Massive Concurrent Benchmarking},
pages = {159-165},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/KH-acsd14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/KH-acsd14.pdf},
doi = {10.1109/ACSD.2014.12},
abstract = {Benchmarking numerous programs in a reasonable time requires the
use of several (potentially multicore) computers. We experimented such a
situation in the context of the MCC (Model Checking Contest @ Petri net)
where we had to operate more than 52000 runs for the 2013 edition. This
paper presents BenchKit, a tool to operate programs on sets of potentially
parallel machines and to gather monitoring information like CPU or memory
usage. It also samples such data over the execution time. BenchKit has
been elaborated in the context of the MCC and will be used for the 2014
edition.}
}

@inproceedings{GHKS-acsd14,
month = jun,
year = 2014,
publisher = {{IEEE} Computer Society Press},
acronym = {{ACSD}'14},
booktitle = {{P}roceedings of the 14th {I}nternational
{C}onference on {A}pplication of {C}oncurrency
to {S}ystem {D}esign
({ACSD}'14)},
author = {Germanos, Vasileios and Haar, Stefan
and Khomenko, Victor and Schwoon, Stefan},
title = {Diagnosability under Weak Fairness},
pages = {132-141},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-acsd14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-acsd14.pdf},
doi = {10.1109/ACSD.2014.9},
abstract = {In partially observed Petri nets, diagnosis is the
task of detecting whether or not the given sequence of
observed labels indicates that some unobservable fault
has occurred. Diagnosability is an associated property of
the Petri net, stating that in any possible execution an
occurrence of a fault can eventually be diagnosed.\par In this
paper we consider diagnosability under the weak fairness (WF)
assumption, which intuitively states that no transition from
a given set can stay enabled forever---it~must eventually
either fire or be disabled. We show that a previous approach
to WF-diagnosability in the literature has a major flaw, and
present a corrected notion. Moreover, we present an efficient
method for verifying WF-diagnosability based on a reduction
to LTL-X model checking. An important advantage of this
method is that the LTL-X formula is fixed---in~particular,
the WF assumption does not have to be expressed as a part of
it (which would make the formula length proportional to the
size of the specification), but rather the ability of existing
model checkers to handle weak fairness directly is exploited.}
}

@inproceedings{BGMZ-csllics14,
month = jul,
year = 2014,
publisher = {ACM Press},
acronym = {{CSL\slash LICS}'14},
booktitle = {{P}roceedings of the Joint Meeting of the 23rd {EACSL} {A}nnual {C}onference on
{C}omputer {S}cience {L}ogic and the 29th {A}nnual {ACM\slash
IEEE} {S}ymposium on {L}ogic {I}n {C}omputer {S}cience ({CSL\slash LICS}'14)},
author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and
Zeitoun, Marc},
title = {Logical Characterization of Weighted Pebble Walking Automata},
nopages = {},
chapter = 19,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-csllics14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-csllics14.pdf},
doi = {10.1145/2603088.2603118},
abstract = {Weighted automata are a conservative quantitative extension of
finite automata that enjoys applications, e.g., in language processing and
speech recognition. Their expressive power, however, appears to be
limited, especially when they are applied to more general structures than
words, such as graphs. To address this drawback, weighted automata have
recently been generalized to weighted pebble walking automata, which
proved useful as a tool for the specification and evaluation of
quantitative properties over words and nested words. In this paper, we
establish the expressive power of weighted pebble walking automata in
terms of transitive closure logic, lifting a similar result by Engelfriet
and Hoogeboom from the Boolean case to a quantitative setting. This result
applies to general classes of graphs, including all the aforementioned
classes.}
}

@inproceedings{BB-csllics14,
month = jul,
year = 2014,
publisher = {ACM Press},
acronym = {{CSL\slash LICS}'14},
booktitle = {{P}roceedings of the Joint Meeting of the 23rd {EACSL} {A}nnual {C}onference on
{C}omputer {S}cience {L}ogic and the 29th {A}nnual {ACM\slash
IEEE} {S}ymposium on {L}ogic {I}n {C}omputer {S}cience ({CSL\slash LICS}'14)},
author = {Bollig, Benedikt},
title = {Logic for Communicating Automata with Parameterized Topology},
nopages = {},
chapter = 18,
exturl = {http://hal.inria.fr/hal-00872807/},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BB-csllics14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BB-csllics14.pdf},
doi = {10.1145/2603088.2603093},
abstract = {We introduce parameterized communicating automata~(PCA) as a
model of systems where finite-state processes communicate through FIFO
channels. Unlike classical communicating automata, a given PCA can be run
on any network topology of bounded degree. The topology is thus a
parameter of the system. We provide various B{\"u}chi-Elgot-Trakhtenbrot
theorems for~PCA, which roughly read as follows: Given a logical
specification~$$\phi$$ and a class of topologies~$$T$$, there is a~PCA that is
equivalent to~$$\phi$$ on all topologies from~$$T$$. We~give uniform constructions
which allow us to instantiate~$$T$$ with concrete classes such as pipelines,
ranked trees, grids, rings,~etc. The proofs build on a locality theorem
for first-order logic due to Schwentick and Barthelmann, and they exploit
concepts from the non-parameterized case, notably a result by Genest,
Kuske, and Muscholl.}
}

@article{CFM-ijfcs13,
publisher = {World Scientific},
journal = {International Journal of Foundations of Computer Science},
author = {Cadilhac, Micha{\"e}l and Finkel, Alain and McKenzie, Pierre},
title = {Unambiguous Contrained Automata},
volume = 24,
number = 7,
month = nov,
year = 2013,
pages = {1099-1116},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CFM-ijfcs13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CFM-ijfcs13.pdf},
doi = {10.1142/S0129054113400339},
abstract = {The class of languages captured by Constrained Automata~(CA)
that are unambiguous is shown to possess more closure properties than the
provably weaker class captured by deterministic~CA. Problems decidable for
deterministic CA are nonetheless shown to remain decidable for
unambiguous~CA, and testing for regularity is added to this set of
decidable problems. Unambiguous CA~are then shown incomparable with
deterministic reversal-bounded machines in terms of expressivity, and a
deterministic model equivalent to unambiguous~CA is identified.}
}

@phdthesis{cyriac-phd2014,
author = {Cyriac, Aiswarya},
title = {Verification of Communicating Recursive Programs via Split-width},
school = {Laboratoire Sp{\'e}cification et V{\'e}rification,
ENS Cachan, France},
type = {Th{\e}se de doctorat},
year = 2014,
month = jan,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/cyriac-phd14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/cyriac-phd14.pdf}
}

@inproceedings{BFHHH-fossacs14,
month = apr,
year = 2014,
volume = {8412},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Muscholl, Anca},
acronym = {{FoSSaCS}'14},
booktitle = {{P}roceedings of the 17th {I}nternational
{C}onference on {F}oundations of {S}oftware {S}cience
and {C}omputation {S}tructures
({FoSSaCS}'14)},
author = {Bertrand, Nathalie and Fabre, {\'E}ric and Haar, Stefan and
title = {Active diagnosis for probabilistic systems},
pages = {29-42},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHHH-fossacs14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHHH-fossacs14.pdf},
doi = {10.1007/978-3-642-54830-7_4},
abstract = {The diagnosis problem amounts to deciding whether some specific
{"}fault{"} event occurred or not in a system, given the observations
collected on a run of this system. This system is then diagnosable if the
fault can always be detected, and the active diagnosis problem consists in
controlling the system in order to ensure its diagnosability. We consider
here a stochastic framework for this problem: once a control is selected,
the system becomes a stochastic process. In this setting, the active
diagnosis problem consists in deciding whether there exists some
observation-based strategy that makes the system diagnosable with
probability one. We prove that this problem is EXPTIME-complete, and that
the active diagnosis strategies are belief-based. The safe active
diagnosis problem is similar, but aims at enforcing diagnosability while
preserving a positive probability to non faulty runs, i.e. without
enforcing the occurrence of a fault. We prove that this problem requires
non belief-based strategies, and that it is undecidable. However, it
belongs to NEXPTIME when restricted to belief-based strategies. Our work
also refines the decidability/undecidability frontier for verification
problems on partially observed Markov decision processes.}
}

@article{ABGMN-fi13,
publisher = {{IOS} Press},
journal = {Fundamenta Informaticae},
author = {Akshay, S. and Bollig, Benedikt and Gastin, Paul and
Mukund, Madhavan and Narayan Kumar, K.},
title = {Distributed Timed Automata with Independently Evolving Clocks},
volume = {130},
number = {4},
month = apr,
year = 2014,
pages = {377-407},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABGMN-fi13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABGMN-fi13.pdf},
doi = {10.3233/FI-2014-996},
abstract = {We propose a model of distributed timed systems where each
component is a timed automaton with a set of local clocks that evolve at a
rate independent of the clocks of the other components. A~clock can be
read by any component in the system, but it can only be reset by the
automaton it belongs~to.\par
There are two natural semantics for such systems. The \emph{universal}
semantics captures behaviors that hold under any choice of clock rates for
the individual components. This is a natural choice when checking that a
system always satisfies a positive specification. To check if a system
avoids a negative specification, it is better to use the
\emph{existential} semantics—the set of behaviors that the system
can possibly exhibit under some choice of clock rates.\par
We show that the existential semantics always describes a regular set of
behaviors. However, in the case of universal semantics, checking emptiness
or universality turns out to be undecidable. As an alternative to the
universal semantics, we propose a \emph{reactive} semantics that allows us
to check positive specifications and yet describes a regular set of
behaviors.}
}

@article{BGMZ-tocl13,
publisher = {ACM Press},
journal = {ACM Transactions on Computational Logic},
author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and Zeitoun, Marc},
title = {Pebble Weighted Automata and Weighted Logics},
volume = 15,
number = {2:15},
month = apr,
year = 2014,
nopages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-tocl13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-tocl13.pdf},
doi = {10.1145/2579819},
abstract = {We introduce new classes of weighted automata on words. Equipped
with pebbles, they go beyond the class of recognizable formal power
series: they capture weighted first-order logic enriched with a
quantitative version of transitive closure. In contrast to previous work,
this calculus allows for unrestricted use of existential and universal
quantifications over positions of the input word. We actually consider
both two-way and one-way pebble weighted automata. The latter class
constrains the head of the automaton to walk left-to-right, resetting it
each time a pebble is dropped. Such automata have already been considered
in the Boolean setting, in the context of data words. Our main result
states that two-way pebble weighted automata, one-way pebble weighted
automata, and our weighted logic are expressively equivalent. We also give
new logical characterizations of standard recognizable series.}
}

@article{GM-tcs14,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
author = {Gastin, Paul and Monmege, Benjamin},
title = {Adding Pebbles to Weighted Automata~-- Easy Specification
{\&} Efficient Evaluation},
volume = {534},
month = may,
year = 2014,
pages = {24-44},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-tcs14.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-tcs14.pdf},
doi = {10.1016/j.tcs.2014.02.034},
abstract = {We extend weighted automata and weighted rational expressions
with 2-way moves and reusable pebbles. We show with examples from natural
language modeling and quantitative model-checking that weighted
expressions and automata with pebbles are more expressive and allow much
more natural and intuitive specifications than classical ones. We extend
Kleene-Sch{\"u}tzenberger theorem showing that weighted expressions and
automata with pebbles have the same expressive power. We focus on an
efficient translation from expressions to automata. We also prove that the
evaluation problem for weighted automata can be done very efficiently if
the number of reusable pebbles is low.}
}

@inproceedings{HHM-tgc13,
month = mar,
year = 2014,
volume = {8358},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Abadi, Mart{\'\i}n and Lluch{ }Lafuente, Alberto},
acronym = {{TGC}'13},
booktitle = {{R}evised {S}elected {P}apers of the 8th {S}ymposium on {T}rustworthy {G}lobal
{C}omputing ({TGC}'13)},
title = {Specification of Asynchronous Component Systems with
Modal {I}{{\slash}}{O}-{P}etri Nets},
pages = {219-234},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-tgc13.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-tgc13.pdf},
doi = {10.1007/978-3-319-05119-2_13},
abstract = {We consider Petri nets with distinguished labels for
inputs, outputs, internal communications and silent actions and
with {"}must{"} and {"}may{"} modalities for transitions. The
input\slash output labels show the interaction capabilities of a
net to the outside used to build larger nets by asynchronous
composition via communication channels.  The modalities express
constraints for Petri net refinement taking into account
observational abstraction from silent transitions.  Modal
I\slash O-Petri nets are equipped with a modal transition system
semantics.  We show that refinement is preserved by asynchronous
composition and by hiding of communication channels.  We study
conformance properties which express communication requirements
for composed systems and we show that those properties are
preserved by refinement.  On this basis we propose a methodology
for the specification of distributed systems in terms of modal
I\slash O-Petri nets which supports incremental design, encapsulation of
components and stepwise refinement.  Finally we show that our
communication properties are decidable.}
}

@proceedings{KDH-topnoc2015,
title = {Transactions on {P}etri Nets and Other Models of Concurrency~{X}},
booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{X}},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = 9410,
year = {2015},
url = {http://www.springer.com/978-3-662-48649-8}
}

@article{BHJL-fi15,
publisher = {{IOS} Press},
journal = {Fundamenta Informaticae},
Aleksandra and Lime, Didier},
title = {Interrupt Timed Automata with Auxiliary Clocks and Parameters},
volume = {143},
number = {3-4},
pages = {235-259},
month = mar,
year = 2016,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHJL-fi15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHJL-fi15.pdf},
doi = {10.3233/FI-2016-1313},
abstract = {Interrupt Timed Automata (ITA) are an expressive timed model,
introduced to take into account interruptions according to levels. Due to
this feature, this formalism is incomparable with Timed Automata.\par
However several decidability results related to reachability and model
checking have been obtained. We add auxiliary clocks to ITA, thereby
extending its expressive power while preserving decidability of
reachability. Moreover, we define a parametrized version of ITA, with
polynomials of parameters appearing in guards and updates. While
parametric reasoning is particularly relevant for timed models, it very
often leads to undecidability results. We prove that various reachability
problems, including robust reachability, are decidable for this model, and
we give complexity upper bounds for a fixed or variable number of clocks,
levels and parameters.}
}

@article{GHKS-tecs15,
publisher = {ACM Press},
journal = {ACM Transactions in Embedded Computing Systems},
author = {Germanos, Vasileios and Haar, Stefan
and Khomenko, Victor and Schwoon, Stefan},
title = {Diagnosability under Weak Fairness},
volume = 14,
number = {4:69},
nopages = {},
month = dec,
year = 2015,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-tecs15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-tecs15.pdf},
doi = {10.1145/2832910},
abstract = {In partially observed Petri nets, diagnosis is the task of
detecting whether or not the given sequence of observed labels indicates
that some unobservable fault has occurred. Diagnosability is an associated
property of the Petri net, stating that in any possible execution an
occurrence of a fault can eventually be diagnosed.\par
In this paper we consider diagnosability under the weak fairness (WF)
assumption, which intuitively states that no transition from a given set
can stay enabled forever---it~must eventually either fire or be disabled.
We show that a previous approach to WF-diagnosability in the literature
has a major flaw, and present a corrected notion. Moreover, we present an
efficient method for verifying WF-diagnosability based on a reduction to
LTL-X model checking. An~important advantage of this method is that the
LTL-X formula is fixed---in~particular, the WF assumption does not have to
be expressed as a part of it (which would make the formula length
proportional to the size of the specification), but rather the ability of
existing model checkers to handle weak fairness directly is exploited.}
}

@inproceedings{BGHLM-fsttcs15,
month = dec,
year = 2015,
volume = {45},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Harsha, Prahladh and Ramalingam, G.},
acronym = {{FSTTCS}'15},
booktitle = {{P}roceedings of the 35th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'15)},
Axel and Lefaucheux, Engel and Monmege, Benjamin},
title = {Simple Priced Timed Games Are Not That Simple},
pages = {278-292},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGHLM-fsttcs15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGHLM-fsttcs15.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2015.278},
abstract = {Priced timed games are two-player zero-sum games played on
priced timed automata (whose locations and transitions are labeled by
weights modeling the costs of spending time in a state and executing an
action, respectively). The goals of the players are to minimise and
maximise the cost to reach a target location, respectively. We consider
priced timed games with one clock and arbitrary (positive and negative)
weights and show that, for an important subclass of theirs (the so-called
simple priced timed games), one can compute, in exponential time, the
optimal values that the players can achieve, with their associated optimal
strategies. As side results, we also show that one-clock priced timed
games are determined and that we can use our result on simple priced timed
games to solve the more general class of so-called reset-acyclic priced
timed games (with arbitrary weights and one-clock).}
}

@inproceedings{MLBHB-vecos15,
month = sep,
year = 2015,
volume = {1431},
series = {CEUR Workshop Proceedings},
publisher = {RWTH Aachen, Germany},
editor = {Ben{~}Hedia, Belgacem and Popentiu{ }Vladicescu, Florin},
acronym = {{VECoS}'15},
booktitle = {{P}roceedings of the 9th {W}orkshop on {V}erification and
{E}valuation of {C}omputer and {C}ommunication
{S}ystems({VECoS}'15)},
author = {Methni, Amira and Lemerre, Matthieu and Ben{~}Hedia,
title = {State Space Reduction Strategie for Model Checking
Concurrent {C}~Programs},
pages = {65-76},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-vecos15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-vecos15.pdf},
abstract = {Model checking is an effective technique for uncovering subtle
errors in concurrent systems. Unfortunately, the state space explosion is
the main bottleneck in model checking tools. Here we propose a state space
reduction technique for model checking concurrent programs written in~C.
The reduction technique consists in an analysis phase, which defines an
approximate agglomeration predicate. This latter states whether a
statement can be agglomerated or~not. We~implement this predicate using a
syntactic analysis, as well as a semantic analysis based on abstract
interpretation. We show the usefulness of using agglomeration technique to
reduce the state space, as well as to generate an abstract TLA+
specification from a~C~program.}
}

@inproceedings{BHHHS-cdc15,
month = dec,
year = 2015,
publisher = {{IEEE} Control System Society},
noeditor = {},
acronym = {{CDC}'15},
booktitle = {{P}roceedings of the 54th {IEEE} {C}onference on
{D}ecision and {C}ontrol ({CDC}'15)},
Hofman, Piotr and Schwoon, Stefan},
title = {Active Diagnosis with Observable Quiescence},
pages = {1663-1668},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHHS-cdc15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHHS-cdc15.pdf},
doi = {10.1109/CDC.2015.7402449},
abstract = {Active diagnosis of a discrete-event system consists in
controlling the system such that faults can be detected. Here we extend
the framework of active diagnosis by introducing modalities for actions
and states and a new capability for the controller, namely observing that
the system is quiescent. We design a game-based construction for both the
decision and the synthesis problems that is computationally optimal.
Furthermore we prove that the size and the delay provided by the active
diagnoser (when it exists) are almost optimal.}
}

@article{AGMN-tcs15,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
author = {Akshay, S. and Gastin, Paul and Mukund,
title = {Checking conformance for time-constrained scenario-based specifications},
volume = {594},
pages = {24-43},
month = aug,
year = {2015},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-tcs15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-tcs15.pdf},
doi = {10.1016/j.tcs.2015.03.030},
abstract = {We consider the problem of model checking message-passing
systems with real-time requirements. As behavioral specifications, we use
message sequence charts (MSCs) annotated with timing constraints. Our
system model is a network of communicating finite state machines with
local clocks, whose global behavior can be regarded as a timed automaton.
Our goal is to verify that all timed behaviors exhibited by the system
conform to the timing constraints imposed by the specification. In
general, this corresponds to checking inclusion for timed languages, which
is an undecidable problem even for timed regular languages. However, we
show that we can translate regular collections of time-constrained MSCs
into a special class of event-clock automata that can be determinized and
complemented, thus permitting an algorithmic solution to the model
checking/conformance problem.}
}

@inproceedings{adhs15-HT,
month = oct,
year = 2015,
number = 27,
volume = 48,
series = {IFAC-PapersOnLine},
publisher = {Elsevier Science Publishers},
editor = {Lennartson, Bengt and Tabuada, Paulo},
booktitle = {{P}roceedings of the 5th {IFAC} {C}onference on {A}nalysis and
author = {Haar, Stefan and Theissing, Simon},
title = {A~Hybrid-Dynamical Model for Passenger-flow in Transportation
Systems},
pages = {236-241},
doi = {10.1016/j.ifacol.2015.11.181},
abstract = {In a network with different transportation modes, or multimodal
public transportation system (MPTS), modes are linked among one another
not by resources or infrastructure elements---which are not shared, e.g.,
between different metro lines---but by the flow of passengers between
them. Now, the movements of passengers are steered by the destinations
that individual passengers have, and by which they can be grouped into
trip profiles. To use the strength of fluid dynamics, we therefore
introduce a multiphase hybrid Petri net model, in which the vehicle
dynamics is rendered by individual tokens moving in an infrastructure net,
while passenger quantities are given as vectors---whose components
correspond to trip profiles---and evolve at stations according to fluid
dynamics. This model is intended as a building block for obtaining
supervisory control, via transport operator actions, to mitigate
congestion.}
}

@inproceedings{BHPSS-rp15,
month = sep,
year = 2015,
volume = {9328},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Boja{\'n}czyk, Miko{\l}aj and Lasota, S{\l}awomir and Potapov, Igor},
acronym = {{RP}'15},
booktitle = {{P}roceedings of the 9th {W}orkshop
on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'15)},
Claudine and Safey{ }El{~}Din, Mohab and Sassolas, Mathieu},
title = {Polynomial Interrupt Timed Automata},
pages = {20-32},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHPSS-rp15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHPSS-rp15.pdf},
doi = {10.1007/978-3-319-24537-9_3},
abstract = {Interrupt Timed Automata (ITA) form a subclass of stopwatch
automata where reachability and some variants of timed model checking are
decidable even in presence of parameters. They are well suited to model
and analyze real-time operating systems. Here we extend ITA with
(PolITA). We prove that reachability is decidable in 2EXPTIME on PolITA,
using an adaptation of the cylindrical decomposition method for the
first-order theory of reals. Compared to previous approaches, our
procedure handles parameters and clocks in a unified way. We also obtain
decidability for the model checking of a timed version of CTL and for
reachability in several extensions of PolITA.}
}

@inproceedings{B-time15,
month = sep,
year = 2015,
publisher = {{IEEE} Computer Society Press},
editor = {Grandi, Fabio and Lange, Martin and Lomuscio, Alessio},
acronym = {{TIME}'15},
booktitle = {{P}roceedings of the 22nd {I}nternational {S}ymposium on
{T}emporal {R}epresentation and {R}easoning
({TIME}'15)},
author = {Bollig, Benedikt},
title = {Towards Formal Verification of Distributed Algorithms},
pages = {3},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/B-time15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/B-time15.pdf},
doi = {10.1109/TIME.2015.23}
}

@inproceedings{B-ciaa15,
month = aug,
year = 2015,
volume = {9223},
series = {Lecture Notes in Computer Science},
publisher = {Springer-Verlag},
editor = {Drewes, Frank},
acronym = {{CIAA}'15},
booktitle = {{P}roceedings of the 20th {I}nternational
{C}onference on {I}mplementation and
{A}pplication of {A}utomata
({CIAA}'15)},
author = {Bollig, Benedikt},
title = {Automata and Logics for Concurrent Systems: Five Models in Five
Pages},
pages = {3-12},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/B-ciaa15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/B-ciaa15.pdf},
doi = {10.1007/978-3-319-22360-5_1},
abstract = {We~survey various automata models of concurrent systems and
their connection with monadic second-order logic: finite automata, class
memory automata, nested-word automata, asynchronous automata, and
message-passing automata.}
}

@inproceedings{PRCHH-atva15,
month = oct,
year = {2015},
volume = {9364},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Finkbeiner, Bernd and Pu, Geguang and Zhang, Lijun},
acronym = {{ATVA}'15},
booktitle = {{P}roceedings of the 13th {I}nternational
{S}ymposium on {A}utomated {T}echnology
for {V}erification and {A}nalysis
({ATVA}'15)},
author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Rodr{\'\i}guez,
C{\'e}sar and Carmona, Josep and Heljanko, Keijo and Haar, Stefan},
title = {Unfolding-Based Process Discovery},
pages = {},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/PRCHH-atva15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PRCHH-atva15.pdf},
doi = {10.1007/978-3-319-24953-7_4},
abstract = {This paper presents a novel technique for process discovery. In
contrast to the current trend, which only considers an event log for
discovering a process model, we assume two additional inputs: an
independence relation on the set of logged activities, and a collection of
negative traces. After deriving an intermediate net unfolding from them,
we perform a controlled folding giving rise to a Petri net which contains
both the input log and all independence-equivalent traces arising from~it.
Remarkably, the derived Petri net cannot execute any trace from the
negative collection. The entire chain of transformations is fully
automated. A tool has been developed and experimental results are provided
that witness the significance of the contribution of this paper.}
}

@inproceedings{HPRV-ppdp15,
month = jul,
year = 2015,
publisher = {ACM Press},
editor = {Albert, Elvira},
acronym = {{PPDP}'15},
booktitle = {{P}roceedings of the 17th {I}nternational
{C}onference on {P}rinciples and {P}ractice of {D}eclarative
{P}rogramming ({PPDP}'15)},
author = {Haar, Stefan and Perchy, Salim and Rueda, Camilo and
Valencia, Franck},
title = {An Algebraic View of Space{{\slash}}Belief and
Extrusion{{\slash}}Utterance for
Concurrency{{\slash}}Epistemic Logic},
pages = {161-172},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/HPRV-ppdp15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HPRV-ppdp15.pdf},
doi = {10.1007/978-3-319-19488-2_6},
abstract = {We enrich spatial constraint systems with operators to specify
information and processes moving from a space to another. We shall refer
to these news structures as spatial constraint systems with extrusion. We
shall investigate the properties of this new family of constraint systems
and illustrate their applications. From a computational point of view the
new operators provide for process\slash information extrusion, a central
concept in formalisms for mobile communication. From an epistemic point of
view extrusion corresponds to a notion we shall call utterance; a~piece of
information that an agent communicates to others but that may be
inconsistent with the agent's beliefs. Utterances can then be used to
express instances of epistemic notions, which are common place in social
media, such as hoaxes or intentional lies. Spatial constraint systems with
extrusion can be seen as complete Heyting algebras equipped with maps to
account for spatial and epistemic specifications.}
}

@inproceedings{ABG-concur15,
month = sep,
year = 2015,
volume = {42},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Aceto, Luca and de Frutos-Escrig, David},
acronym = {{CONCUR}'15},
booktitle = {{P}roceedings of the 26th
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'15)},
author = {Aiswarya, C. and Bollig, Benedikt and Gastin, Paul},
title = {An Automata-Theoretic Approach to the Verification of Distributed Algorithms},
pages = {340-353},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-concur15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-concur15.pdf},
doi = {10.4230/LIPIcs.CONCUR.2015.340},
abstract = {We introduce an automata-theoretic method for the verification
of distributed algorithms running on ring networks. In a distributed
algorithm, an arbitrary number of processes cooperate to achieve a common
goal (e.g., elect a leader). Processes have unique identifiers (pids) from
an infinite, totally ordered domain. An algorithm proceeds in synchronous
rounds, each round allowing a process to perform a bounded sequence of
actions such as send or receive a pid, store it in some register, and
compare register contents wrt. the associated total order. An algorithm is
supposed to be correct independently of the number of processes. To
specify correctness properties, we introduce a logic that can reason about
processes and pids. Referring to leader election, it may say that, at the
end of an execution, each process stores the maximum pid in some dedicated
register. Since the verification of distributed algorithms is undecidable,
we propose an underapproximation technique, which bounds the number of
rounds. This is an appealing approach, as the number of rounds needed by a
distributed algorithm to conclude is often exponentially smaller than the
number of processes. We provide an automata-theoretic solution, reducing
model checking to emptiness for alternating two-way automata on words.
Overall, we show that round-bounded verification of distributed algorithms
over rings is PSPACE-complete.}
}

@phdthesis{bollig-HDR15,
author = {Bollig, Benedikt},
title = {Automata and Logics for Concurrent Systems: Realizability and Verification},
year = 2015,
month = jun,
type = {M{\'e}moire d'habilitation},
school = {{\'E}cole Normale Sup{\'e}rieure de Cachan, France},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-bollig15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-bollig15.pdf}
}

@inproceedings{MLBHB-ftscs15,
optnmonth = 11,
optmonth = nov,
year = 2015,
volume = {476},
series = {Communications in Computer and Information Science},
publisher = {Springer},
editor = {Artho, Cyrille and {\"O}lveczky, Peter Csaba},
acronym = {{FTSCS}'14},
booktitle = {{P}roceedings of the 3rd {I}nternational {W}orkshop on {F}ormal {T}echniques for
{S}afety-{C}ritical {S}ystems, Nov. 2014 ({FTSCS}'14)},
author = {Methni, Amira and Lemerre, Matthieu and Ben{~}Hedia, Belgacem and
title = {Specifying and Verifying Concurrent {C}~Programs with {TLA+}},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-ftscs15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-ftscs15.pdf},
doi = {10.1007/978-3-319-17581-2_14},
pages = {206-222},
nonote = {17~pages},
abstract = {Verifying software systems automatically from their source code
rather than modelling them in a dedicated language gives more confidence
in establishing their properties. Here we propose a formal specification
and verification approach for concurrent C programs directly based on the
semantics of~C. We define a set of translation rules and implement it in a
tool~(C2TLA+) that automatically translates C code into a TLA+
specification. The~TLC model checker can use this specification to
generate a model, allowing to check the absence of runtime errors and dead
code in the C program in a given configuration. In addition, we show how
translated specifications interact with manually written ones~to: check
the C code against safety or liveness properties; provide concurrency
primitives or model hardware that cannot be expressed in~C; and use
abstract versions of translated C functions to address the state explosion
problem. All these verifications have been conducted on an industrial case
study, which is a part of the microkernel of the PharOS real-time
system.}
}

@article{FH-fundi15,
publisher = {{IOS} Press},
journal = {Fundamenta Informaticae},
title = {Complexity Analysis of Continuous Petri Nets},
volume = 137,
number = {1},
pages = {1-28},
year = 2015,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-fundi15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-fundi15.pdf},
doi = {10.3233/FI-2015-1168},
abstract = {At the end of the eighties, continuous Petri nets were
introduced for: (1)~alleviating the combinatory explosion triggered by
discrete Petri nets (i.e. usual Petri nets) and, (2)~modelling the
behaviour of physical systems whose state is composed of continuous
variables. Since then several works have established that the
computational complexity of deciding some standard behavioural properties
of Petri nets is reduced in this framework. Here we first establish the
decidability of additional properties like coverability, boundedness and
reachability set inclusion. We also design new decision procedures for
reachability and lim-reachability problems with a better computational
complexity. Finally we provide lower bounds characterising the exact
complexity class of the reachability, the coverability, the boundedness,
the deadlock freeness and the liveness problems. A~small case study is
introduced and analysed with these new procedures.}
}

@article{BHHP-ijasm15,
publisher = {IARIA},
journal = {International Journal on Advances in Systems and Measurements},
Picaronny, Claudine},
title = {Rare Event Handling in Signalling Cascades},
volume = 8,
number = {1-2},
pages = {69-79},
year = 2015,
month = jun,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-ijasm15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-ijasm15.pdf},
abstract = {Signalling cascades are a recurrent pattern of biological
regulatory systems whose analysis has deserved a lot of attention. It has
been shown that stochastic Petri nets are appropriate to model such
systems and evaluate the probabilities of specific properties. Such an
evaluation can be done numerically when the combinatorial state space
explosion is manageable or statistically otherwise. However, when the
probabilities to be evaluated are too small, random simulation requires
more sophisticated techniques for the handling of rare events. In this
paper, we show how such involved methods can be successfully applied for
signalling cascades. More precisely, we study three relevant properties of
a signalling cascade with the help of the COSMOS tool. Our experiments
point out interesting dependencies between quantitative parameters of the
regulatory system and its transient behaviour. In addition, they
demonstrate that we can go beyond the capabilities of MARCIE, which
provides one of the most efficient numerical solvers.}
}

@inproceedings{ACR-acsd15,
month = jun,
year = 2015,
publisher = {{IEEE} Computer Society Press},
editor = {Haar, Stefan and Meyer, Roland},
acronym = {{ACSD}'15},
booktitle = {{P}roceedings of the 15th {I}nternational
{C}onference on {A}pplication of {C}oncurrency
to {S}ystem {D}esign
({ACSD}'15)},
author = {Andr{\'e}, {\'E}tienne and Chatain, {\relax Th}omas and
Rodr{\'\i}guez, C{\'e}sar},
title = {Preserving Partial Order Runs in Parametric Time {P}etri Nets},
pages = {120-129},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/ACR-acsd15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ACR-acsd15.pdf},
doi = {10.1109/ACSD.2015.16},
abstract = {Parameter synthesis for timed systems aims at deriving parameter
valuations satisfying a given property. In this paper we target concurrent
systems; it is well known that concurrency is a source of state-space
explosion, and partial order techniques were defined to cope with this
problem. Here we use partial order semantics for parametric time Petri
nets as a way to significantly enhance the result of an existing synthesis
algorithm. Given a reference parameter valuation, our approach synthesizes
other valuations preserving, up to interleaving, the behavior of the
reference parameter valuation. We show the applicability of our approach
using acyclic asynchronous circuits.}
}

@inproceedings{CHKS-pn15,
month = jun,
year = 2015,
volume = {9115},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Devillers, Raymond and Valmari, Antti},
acronym = {{PETRI~NETS}'15},
booktitle = {{P}roceedings of the 36th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'15)},
author = {Chatain, {\relax Th}omas and Haar, Stefan and Koutny,
Maciej and Schwoon, Stefan},
title = {Non-Atomic Transition Firing in Contextual Nets},
pages = {117-136},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CHKS-pn15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CHKS-pn15.pdf},
doi = {10.1007/978-3-319-19488-2_6},
abstract = {The firing rule for Petri nets assumes instantaneous and
simultaneous consumption and creation of tokens. In the context of
ordinary Petri nets, this poses no particular problem because of the
system's asynchronicity, even if token creation occurs later than token
consumption in the firing. With read arcs, the situation changes, and
several different choices of semantics are possible. The step semantics
introduced by Janicki and Koutny can be seen as imposing a two-phase
firing scheme: first, the presence of the required tokens is checked, then
consumption and production of tokens happens. Pursuing this approach
further, we develop a more general framework based on explicitly splitting
the phases of firing, allowing to synthesize coherent steps. This turns
out to define a more general non-atomic semantics, which has important
potential for safety as it allows to detect errors that were missed by the
previous semantics. Then we study the characterization of partial-order
processes feasible under one or the other semantics.}
}

@incollection{BH-im15,
year = 2015,
publisher = {CNRS \'Editions},
editor = {Ollinger, Nicolas},
booktitle = {Informatique Math{\'e}matique. Une~photographie en~2015},
title = {Contr{\^o}le, probabilit{\'e}s et observation partielle},
chapter = 5,
pages = {177-227},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-im15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-im15.pdf}
}

@article{BBDHP-peva15,
publisher = {Elsevier Science Publishers},
journal = {Performance Evaluation},
author = {Ballarini, Paolo and Barbot, Beno{\^\i}t and Duflot, Marie and
title = {{HASL}: A~New Approach for Performance Evaluation and Model
Checking from Concepts to Experimentation},
year = {2015},
month = aug,
volume = 90,
pages = {53-77},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/rr-lsv-2015-04.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/rr-lsv-2015-04.pdf},
doi = {10.1016/j.peva.2015.04.003},
abstract = {We introduce the Hybrid Automata Stochastic Language (HASL), a
new temporal logic formalism for the verification of Discrete Event
Stochastic Processes (DESP). HASL employs a Linear Hybrid Automaton (LHA)
to select prefixes of relevant execution paths of a DESP. LHA allows
rather elaborate information to be collected \emph{on-the-fly} during path
selection, providing the user with powerful means to express sophisticated
measures. A~formula of HASL consists of an LHA and an expression~$$Z$$
referring to moments of \emph{path random variables}. A~simulation-based
statistical engine is employed to obtain a confidence interval estimate
of the expected value of~$$Z$$. In~essence, HASL~provides a unifying
verification framework where temporal reasoning is naturally blended with
elaborate reward-based analysis. Moreover, we have implemented a tool,
named COSMOS, for performing analysis of HASL formula for DESP modelled by
Petri nets. Using this tool we have developed two detailed case studies: a
flexible manufacturing system and a genetic oscillator.}
}

@misc{qcover16,
author = {Blondin, Michael and Finkel, Alain and Haase, Christoph and Haddad, Serge},
title = {{QCover: an efficient coverability verifier for discrete and continuous Petri nets}},
url = {https://github.com/blondimi/qcover},
year = {2016}
}

@mastersthesis{m2-lehaut,
author = {Lehaut, Mathieu},
title = {PDL on infinite alphabet},
school = {{M}aster {P}arisien de {R}echerche en
{I}nformatique, Paris, France},
type = {Rapport de {M}aster},
year = {2016},
month = aug,
url = {http://www.lsv.fr/Publis/PAPERS/PDF/m2-lehaut.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/m2-lehaut.pdf},
note = {19~pages}
}

@article{HHMS-jcss16,
publisher = {Elsevier Science Publishers},
journal = {Journal of Computer and System Sciences},
author = {Stefan Haar and
Tarek Melliti and
Stefan Schwoon},
title = {Optimal constructions for active diagnosis},
pages = {101-120},
volume = {83},
number = {1},
year = {2017},
doi = {10.1016/j.jcss.2016.04.007},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHMS-jcss16.pdf},
abstract = {Diagnosis is the task of detecting fault occurrences in a partially observed sys- tem. Depending on the possible observations, a discrete-event system may be diagnosable or not. Active diagnosis aims at controlling the system to render it diagnosable. Past research has proposed solutions for this problem, but their complexity remains to be improved. Here, we solve the decision and synthesis problems for active diagnosability, proving that (1) our procedures are optimal with respect to computational complexity, and (2) the memory required for our diagnoser is minimal. We then study the delay between a fault occurrence and its detection by the diagnoser. We construct a memory-optimal diagnoser whose delay is at most twice the minimal delay, whereas the memory required to achieve optimal delay may be highly greater. We also provide a solution for parametrized active diagnosis, where we automatically construct the most permissive controller respecting a given delay.}
}

@article{BKM-tocs17,
publisher = {Springer},
journal = {Theory of Computing Systems},
author = {Bollig, Benedikt and
Kuske, Dietrich and
Mennicke, Roy},
title = {The Complexity of Model Checking Multi-Stack Systems},
volume = {60},
number = {4},
pages = {695-736},
year = {2017},
doi = {10.1007/s00224-016-9700-6},
abstract = {We study the linear-time model checking problem for boolean concurrent programs with recursive procedure calls. While sequential recursive programs are usually modeled as pushdown automata, concurrent recursive programs involve several processes and can be naturally abstracted as pushdown automata with multiple stacks. Their behavior can be understood as words with multiple nesting relations, each relation connecting a procedure call with its corresponding return. To reason about multiply nested words, we consider the class of all temporal logics as defined in the book by Gabbay, Hodkinson, and Reynolds. The unifying feature of these temporal logics is that their modalities are defined in monadic second-order (MSO) logic. In particular, this captures numerous temporal logics over concurrent and/or recursive programs that have been defined so far. Since the general model checking problem is undecidable, we restrict attention to phase bounded executions as proposed by La Torre, Madhusudan, and Parlato. While the MSO model checking problem in this case is non-elementary, our main result states that the model checking (and satisfiability) problem for all MSO-definable temporal logics is decidable in elementary time. More precisely, it is solvable in time exponential in the formula and (n+2)-fold exponential in the number of phases where n is the maximal level of the MSO modalities in the monadic quantifier alternation hierarchy (which is a vast improvement over the conference version of this paper from LICS 2013 where the space was also (n+2)-fold exponential in the size of the temporal formula). We complement this result and provide, for each level n, a temporal logic whose model checking problem is n-EXPSPACE-hard.}
}

@inproceedings{vDCC-EMISA16,
month = oct,
publisher = {{CEUR-WS.org}},
volume = {1701},
series = {{CEUR} Workshop Proceedings},
editor = {Rinderle-Ma, Stefanie and Mendling, Jan},
acronym = {{EMISA}'16},
booktitle = {{P}roceedings of the 7th {I}nt. {W}orkshop on {E}nterprise {M}odelling and {I}nformation {S}ystems {A}rchitectures
({EMISA}'16)},
author = {van Dongen, Boudewijn and Carmona, Josep and Chatain, {\relax Th}omas},
title = {{Alignment-based Quality Metrics in Conformance Checking}},
pages = {87-90},
year = {2016},
doi = {},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/vanDongen-EMISA16.pdf},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/vanDongen-EMISA16.pdf},
abstract = {The holy grail in process mining is a process discovery algorithm that, given an event
log, produces fitting, precise, properly generalizing and simple process models. Within the field of
process mining, conformance checking is considered to be anything where observed behaviour, e.g.,
in the form of event logs or event streams, needs to be related to already modelled behaviour.
In the conformance checking domain, the relation between an event log and a model is typically
quantified using fitness, precision and generalization. In this paper, we present metrics for fitness,
precision and generalization, based on alignments and the newer concept named anti-alignments.}
}

@inproceedings{MHP-HSB16,
month = oct,
optvolume = 9957,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
opteditor = {Cinquemani, Eugenio and
Donz{\'{e}, Alexandre}},
acronym = {{HSB}'16},
booktitle = {{P}roceedings of the 5th
{I}nternational {W}orkshop on
{H}ybrid {S}ystems {B}iology},
author = {Mandon, Hugues and Haar, Stefan and Paulev{\'e}, Lo{\"i}c},
title = {{Relationship between the Reprogramming Determinants of Boolean Networks and their Interaction Graph}},
pages = {113-127},
year = {2016},
doi = {10.1007/978-3-319-47151-8_8},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/MHP-HSB16.pdf},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/MHP-HSB16.pdf},
abstract = {In this paper, we address the formal characterization of tar- gets triggering cellular trans-differentiation in the scope of Boolean net- works with asynchronous dynamics. Given two fixed points of a Boolean network, we are interested in all the combinations of mutations which allow to switch from one fixed point to the other, either possibly, or in- evitably. In the case of existential reachability, we prove that the set of nodes to (permanently) flip are only and necessarily in certain connected components of the interaction graph. In the case of inevitable reachabil- ity, we provide an algorithm to identify a subset of possible solutions.}
}

@inproceedings{KSHP-sasb16,
month = sep,
missingnumber = {2},
missingvolume = {},
series = {Electronic Notes in Theoretical Computer Science},
publisher = {Elsevier Science Publishers},
acronym = {{SASB}'16},
booktitle = {{P}roceedings of {T}he {S}eventh {I}nternational {W}orkshop on {S}tatic {A}nalysis and {S}ystems {B}iology (SASB 2016)},
title = {{Unfolding of Parametric Logical Regulatory Networks}},
author = {Kolc{\'a}k, Juraj and {\v S}afr{\'a}nek, David and Haar, Stefan and Paulev{\'e}, Lo{\"i}c},
year = {2016},
note = {To appear},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/KSHP-SASB16.pdf},
url = {https://hal.archives-ouvertes.fr/hal-01354109},
abstract = {In systems biology, models of cellular regulatory processes such as gene regulatory networks or signalling pathways are crucial to understanding the behaviour of living cells. Available biological data are however often insufficient for full model specification. In this paper, we focus on partially specified models where the missing information is abstracted in the form of parameters. We introduce a novel approach to analysis of parametric logical regulatory networks addressing both sources of combinatoric explosion native to the model. First, we introduce a new compact representation of admissible parameters using Boolean lattices. Then, we define the unfolding of parametric regulatory networks. The resulting structure provides a partial- order reduction of concurrent transitions, and factorises the common transitions among the concrete models. A comparison is performed against state-of-the-art approaches to parametric model analysis.}
}

@article{KGHPAJRHH-tpnomc2016,
publisher = {Springer},
journal = {Transactions on Petri Nets and Other Models of Concurrency},
author = {Kordon, Fabrice  and
Garavel, Hubert  and
Hillah,  Lom{-}Messan and
Jezequel, Lo{\"{\i}}g and
Rodr{\'{\i}}guez, C{\'{e}}sar  and
Hulin{-}Hubard, Francis },
title = {{MCC}'2015 - {T}he {F}ifth {M}odel {C}hecking {C}ontest},
volume = {11},
pages = {262-273},
year = {2016},
url = {http://dx.doi.org/10.1007/978-3-662-53401-4_12},
doi = {10.1007/978-3-662-53401-4_12},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/KGHPAJRHH-tpnomc2016.pdf}
}

@inproceedings{Bollig-fsttcs16,
month = dec,
year = 2016,
volume = {65},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {S. Akshay and Akash Lal and Saket Saurabh and Sandeep Sen},
acronym = {{FSTTCS}'16},
booktitle = {{P}roceedings of the 36th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'16)},
author = {Bollig, Benedikt},
title = {One-Counter Automata with Counter Observability},
pages = {20:1-20:14},
url = {http://drops.dagstuhl.de/opus/volltexte/2016/6855/},
doi = {10.4230/LIPIcs.FSTTCS.2016.20},
abstract = {In a one-counter automaton (OCA), one can produce a letter from some finite alphabet, increment and decrement the counter by one, or compare it with constants up to some threshold. It is well-known that universality and language inclusion for OCAs are undecidable. In this paper, we consider OCAs with counter observability: Whenever the automaton produces a letter, it outputs the current counter value along with it. Hence, its language is now a set of words over an infinite alphabet. We show that universality and inclusion for that model are PSPACE-complete, thus no harder than the corresponding problems for finite automata. In fact, by establishing a link with visibly one-counter automata, we show that OCAs with counter observability are effectively determinizable and closed under all boolean operations. Moreover, it turns out that they are expressively equivalent to strong automata, in which transitions are guarded by MSO formulas over the natural numbers with successor.}
}

@inproceedings{HT-pasm16,
month = apr,
year = 2016,
volume = {327},
series = {Electronic Notes in Theoretical Computer Science},
publisher = {Elsevier Science Publishers},
editor = {Haverkort, Boudewijn and Knottenbelt, William and Remke, Anne and Thomas, Nigel},
booktitle = {{P}roceedings of the 8th {I}nternational {W}orkshop on {P}ractical
{A}pplications of {S}tochastic {M}odelling ({PASM}'16)},
author = {Haar, Stefan and Theissing, Simon},
title = {Forecasting Passenger Loads in Transportation Networks},
pages = {49-69},
url = {https://hal.inria.fr/hal-01259585},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-pasm16.pdf},
doi = {10.1016/j.entcs.2016.09.023},
abstract = {This work is part of an ongoing effort to understand the
dynamics of passenger loads in modern, multimodal transportation
networks (TNs) and to mitigate the impact of perturbations. The
challenge is that the percentage of passengers at any given point of
the TN that have a certain destination, i.e. their distribution over
different trip profiles, is unknown. We introduce a stochastic
hybrid automaton model for multimodal TNs that allows to compute how
such probabilistic load vectors are propagated through the TN, and
develop a computation strategy for forecasting the network's load a
certain time into the future.}
}

@techreport{HT-hal16,
author = {Haar, Stefan and Theissing, Simon},
title = {A~Passenger-centric Multi-agent System Model for
Multimodal Public Transportation},
institution = {HAL-inria},
number = {hal-01322956},
month = may,
year = {2016},
type = {Research Report},
url = {https://hal.inria.fr/hal-01322956},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-hal16.pdf},
note = {12~pages},
abstract = {If we want to understand how perturbations spread across a
multi-modal public transportation system, we have to include
passenger flows into the model and the analysis. Indeed, in general
no two different lines in such a system are physically connected
directly, or share tracks or other resources. Rather, they are
connected by passengers changing lines and thus transmit
perturbations from one line or mode to another. We present a formal
passenger-centric multi-agent system model that can capture
(i)~individual and possibly multi-modal trip profiles with branches
resulting from different decision outcomes, (ii)~the~movement of
fixed-route operated transportation means, and (iii)~in-vehicle and
in-station capacity constraints. The model is based on a
nets-within-nets approach with Petri nets as the basic building
entities. Thus, it has a convenient graphical representation, and
the possibility of execution.}
}

@inproceedings{HT-qest16,
month = aug,
year = 2016,
volume = {9826},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Agha, Gul and Van{~}Houdt, Benny},
acronym = {{QEST}'16},
booktitle = {{P}roceedings of the 13th {I}nternational
{C}onference on {Q}uantitative
{E}valuation of {S}ystems
({QEST}'16)},
author = {Haar, Stefan and Theissing, Simon},
title = {Decoupling Passenger Flows for Improved Load Prediction},
pages = {364-379},
url = {https://hal.inria.fr/hal-01330136},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-qest16.pdf},
doi = {10.1007/978-3-319-43425-4_24},
abstract = {This paper continues our work on perturbation analysis of
multimodal transportation networks~(TNs) by means of a stochastic
hybrid automaton~(SHA) model. We focus here on the approximate
computation , in particular on the major bottleneck consisting in
the high dimensionality of systems of stochastic differential
balance equations (SDEs) that define the continuous passenger-flow
dynamics in the different modes of the SHA model. In fact, for every
pair of a mode and a station, one system of coupled SDEs relates the
passenger loads of all discrete points such as platforms considered
in this station, and all vehicles docked to it, to the passenger
flows in between. In general, such an SDE system has many
dimensions, which makes its numerical computation and thus the
approximate computation of the SHA model intractable. We show how
these systems can be canonically replaced by lower-dimensional ones,
by decoupling the passenger flows inside every mode from one
another. We prove that the resulting approximating passenger-flow
dynamics converges to the original one, if the replacing set of
balance equations set up for all decoupled passenger flows
communicate their results among each other in vanishing time
intervals.}
}

@inproceedings{HT-acc16,
month = jul,
year = 2016,
publisher = {{IEEE} Control System Society},
acronym = {{ACC}'16},
booktitle = {{P}roceedings of the 35th {A}merican {C}ontrol
{C}onference ({ACC}'16)},
author = {Haar, Stefan and Theissing, Simon},
title = {Predicting Traffic Load in Public Transportation Networks},
pages = {821-826},
url = {https://hal.inria.fr/hal-01329632},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-acc16.pdf},
doi = {10.1109/ACC.2016.7525015},
abstract = {This work is part of an ongoing effort to understand the
dynamics of passenger loads in modern, multimodal transportation
networks (TNs) and to mitigate the impact of perturbations, under
the restrictions that the precise number of passengers in some point
of the TN that intend to reach a certain destination (i.e. their
distribution over different trip profiles) is unknown. We introduce
an approach based on a stochastic hybrid automaton model for a TN
that allows to compute how such probabilistic load vectors are
propagated through the TN, and develop a computation strategy for
forecasting the network's load a certain time in the future.}
}

@inproceedings{FHLM-wodes16,
month = may # {-} # jun,
year = 2016,
publisher = {{IEEE} Control System Society},
editor = {Cassandras, Christos G. and Giua, Alessandro},
acronym = {{WODES}'16},
booktitle = {{P}roceedings of the 13th {W}orkshop on {D}iscrete {E}vent {S}ystems
({WODES}'16)},
author = {Fabre, {\'E}ric and H{\'e}lou{\"e}t, Lo{\"i}c and
Lefaucheux, Engel and Marchand, Herv{\'e}},
title = {Diagnosability of Repairable Faults},
pages = {230-236},
url = {https://hal.inria.fr/hal-01302562},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FHLM-wodes16.pdf},
doi = {10.1109/WODES.2016.7497853},
abstract = {The diagnosis problem for discrete event systems consists
in deciding whether some fault event occurred or not in the system,
given partial observations on the run of that system. Diagnosability
checks whether a correct diagnosis can be issued in bounded time
after a fault, for all faulty runs of that system. This problem
appeared two decades ago and numerous facets of it have been
explored, mostly for permanent faults. It is known for example that
diagnosability of a system can be checked in polynomial time, while
the construction of a diagnoser is exponential. The present paper
examines the case of transient faults, that can appear and be
repaired. Diagnosability in this setting means that the occurrence
of a fault should always be detected in bounded time, but also
before the fault is repaired. Checking this notion of diagnosability
is proved to be PSPACE-complete. It is also shown that faults can be
reliably counted provided the system is diagnosable for faults and
for repairs.}
}

@inproceedings{vDCC-bpm16,
address = {Rio de Janeiro, Brazil},
month = sep,
year = 2016,
volume = {9850},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {La{~}Rosa, Marcello and Loos, Peter and Pastor, Oscar},
acronym = {{BPM}'16},
booktitle = {{P}roceedings of the 14th {I}nternational {C}onference on
{B}usiness {P}rocess {M}anagement ({BPM}'16)},
author = {van Dongen, Boudewijn F. and Carmona, Josep and Chatain,
{\relax Th}omas},
title = {A Unified Approach for Measuring Precision and
Generalization Based on Anti-Alignments},
pages = {39-56},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/vDCC-bpm16.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/vDCC-bpm16.pdf},
doi = {10.1007/978-3-319-45348-4_3},
abstract = {The holy grail in process mining is an algorithm that, given an
event log, produces fitting, precise, properly generalizing and simple
process models. While there is consensus on the existence of solid metrics
for fitness and simplicity, current metrics for precision and
generalization have important flaws, which hamper their applicability in a
general setting. In this paper, a novel approach to measure precision and
generalization is presented, which relies on the notion of
anti-alignments. An anti-alignment describes highly deviating model traces
with respect to observed behavior. We propose metrics for precision and
generalization that resemble the leave-one-out cross-validation
techniques, where individual traces of the log are removed and the
computed anti-alignment assess the model's capability to describe
precisely or generalize the observed behavior.}
}

@inproceedings{AGS-concur16,
month = aug,
year = 2016,
volume = {59},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
acronym = {{CONCUR}'16},
booktitle = {{P}roceedings of the 27th
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'16)},
author = {Akshay, S. and Paul Gastin and Krishna, Shankara Narayanan},
title = {Analyzing Timed Systems Using Tree Automata},
pages = {27:1-27:14},
url = {http://arxiv.org/abs/1604.08443},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGS-concur16.pdf},
doi = {10.4230/LIPIcs.CONCUR.2016.27},
abstract = {Timed systems, such as timed automata, are usually analyzed
using their operational semantics on timed words. The classical region
abstraction for timed automata reduces them to (untimed) finite state
automata with the same time-abstract properties, such as state
reachability. We propose a new technique to analyze such timed systems
using finite tree automata instead of finite word automata. The main idea
is to consider timed behaviors as graphs with matching edges capturing
timing constraints. Such graphs can be interpreted in trees opening the
way to tree automata based techniques which are more powerful than
analysis based on word automata. The technique is quite general and
applies to many timed systems. In this paper, as an example, we develop
the technique on timed pushdown systems, which have recently received
considerable attention. Further, we also demonstrate how we can use it on
timed automata and timed multi-stack pushdown systems (with boundedness
restrictions).}
}

@inproceedings{BHL-concur16,
month = aug,
year = 2016,
volume = {59},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
acronym = {{CONCUR}'16},
booktitle = {{P}roceedings of the 27th
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'16)},
title = {Diagnosis in Infinite-State Probabilistic Systems},
pages = {37:1-37:15},
url = {https://hal.inria.fr/hal-01334218},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-concur16.pdf},
doi = {10.4230/LIPIcs.CONCUR.2016.37},
abstract = {In a recent work, we introduced four variants of
diagnosability (\textsf{FA}, \textsf{IA}, \textsf{FF},~\textsf{IF})
in (finite) probabilistic systems (pLTS) depending whether one
considers (1)~finite or infinite runs and (2)~faulty or all runs. We
studied their relationship and established that the corresponding
decision problems are PSPACE-complete. A~key ingredient of the
decision procedures was a characterisation of diagnosability by the
fact that a random run almost surely lies in an open set whose
specification only depends on the qualitative behaviour of the pLTS.
Here we investigate similar issues for infinite pLTS. We~first show
that this characterisation still holds for
\textsf{FF}-diagnosability but with a~$$G_{\delta}$$ set instead of
an open set and also for \textsf{IF}-and \textsf{IA}-diagnosability
when pLTS are finitely branching. We also prove that surprisingly
\textsf{FA}-diagnosability cannot be characterised in this way even
in the finitely branching case. Then we apply our characterisations
for a partially observable probabilistic extension of visibly
pushdown automata (POpVPA), yielding EXPSPACE procedures for solving
computational lower bounds and show that slight extensions of POpVPA
}

@inproceedings{CC-pn16,
month = jun,
year = 2016,
volume = {9698},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Kordon, Fabrice and Moldt, Daniel},
acronym = {{PETRI~NETS}'16},
booktitle = {{P}roceedings of the 37th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'16)},
author = {Carmona, Josep and Chatain, {\relax Th}omas},
title = {Anti-Alignments in Conformance Checking~-- The~Dark Side of Process Models},
pages = {240-258},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/CC-pn16.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CC-pn16.pdf},
doi = {10.1007/978-3-319-39086-4_15},
abstract = {Conformance checking techniques asses the suitability of a
process model in representing an underlying process, observed
through a collection of real executions. These techniques suffer
from the well-known state space explosion problem, hence handling
process models exhibiting large or even infinite state spaces
remains a challenge. One important metric in conformance checking is
to asses the precision of the model with respect to the observed
executions, i.e., characterize the ability of the model to produce
behavior unrelated to the one observed. By~avoiding the computation
of the full state space of a model, current techniques only provide
estimations of the precision metric, which in some situations tend
to be very optimistic, thus hiding real problems a process model may
have. In this paper we present the notion of anti-alignment as a
concept to help unveiling traces in the model that may deviate
significantly from the observed behavior. Using anti-alignments,
current estimations can be improved, e.g., in precision checking. We
show how to express the problem of finding anti-alignments as the
satisfiability of a Boolean formula, and provide a tool which can
deal with large models efficiently.}
}

@comment{{B-arxiv16,
author =		Bollig, Benedikt,
affiliation = 	aff-LSVmexico,
title =    		One-Counter Automata with Counter Visibility,
institution = 	Computing Research Repository,
number =    		1602.05940,
month = 		feb,
nmonth =     		2,
year = 		2016,
type = 		RR,
axeLSV = 		mexico,
NOcontrat = 		"",

url =			http://arxiv.org/abs/1602.05940,
PDF =			"http://www.lsv.fr/Publis/PAPERS/PDF/B-arxiv16.pdf",
lsvdate-new =  	20160222,
lsvdate-upd =  	20160222,
lsvdate-pub =  	20160222,
lsv-category = 	"rapl",
wwwpublic =    	"public and ccsb",
note = 		18~pages,

abstract = "In a one-counter automaton (OCA), one can read a letter
from some finite alphabet, increment and decrement the counter by
one, or test it for zero. It is well-known that universality and
language inclusion for OCAs are undecidable. We consider here OCAs
with counter visibility: Whenever the automaton produces a letter,
it outputs the current counter value along with~it. Hence, its
language is now a set of words over an infinite alphabet. We show
that universality and inclusion for that model are in PSPACE, thus
no harder than the corresponding problems for finite automata, which
can actually be considered as a special case. In fact, we show that
OCAs with counter visibility are effectively determinizable and
closed under all boolean operations. As~a~strict generalization, we
subsequently extend our model by registers. The general nonemptiness
problem being undecidable, we impose a bound on the number of
register comparisons and show that the corresponding nonemptiness
problem is NP-complete.",
}}

@proceedings{HM-acsd2015,
editor = {Haar, Stefan and Meyer, Roland},
title = {{P}roceedings of the 15th {I}nternational
{C}onference on {A}pplication of {C}oncurrency
to {S}ystem {D}esign
({ACSD}'15)},
booktitle = {{P}roceedings of the 15th {I}nternational
{C}onference on {A}pplication of {C}oncurrency
to {S}ystem {D}esign
({ACSD}'15)},
acronym = {{ACSD}'15},
publisher = {{IEEE} Computer Society Press},
year = 2015,
month = jun,
url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7352411}
}

@inproceedings{FG-fossacs16,
month = apr,
year = 2016,
volume = {9634},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Jacobs, Bart and L{\"o}ding, Christof},
acronym = {{FoSSaCS}'16},
booktitle = {{P}roceedings of the 19th {I}nternational
{C}onference on {F}oundations of {S}oftware {S}cience
and {C}omputation {S}tructures
({FoSSaCS}'16)},
author = {Fortin, Marie and Gastin, Paul},
title = {Verification of parameterized communicating automata via split-width},
pages = {197-213},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/FG-fossacs16.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FG-fossacs16.pdf},
doi = {10.1007/978-3-662-49630-5_12},
abstract = {We~study verification problems for distributed systems
communicating via unbounded FIFO channels. The number of processes
of the system as well as the communication topology are not fixed
a~priori. Systems are given by parameterized communicating automata
(PCAs) which can be run on any communication topology of bounded
degree, with arbitrarily many processes. Such systems are Turing
powerful so we concentrate on under-approximate verification. We
extend the notion of split-width to behaviors of PCAs. We show that
emptiness, reachability and model-checking problems of PCAs are
decidable when restricted to behaviors of bounded split-width.
Reachability and emptiness are EXPTIME-complete, but only polynomial
in the size of the PCA. We also describe several concrete classes of
bounded split-width, for which we prove similar results.}
}

@inproceedings{tacas16-BFHH,
month = apr,
year = 2016,
volume = {9636},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Chechik, Marsha and Raskin, Jean-Fran{\c{c}}ois},
acronym = {{TACAS}'16},
booktitle = {{P}roceedings of the 22th {I}nternational
{C}onference on {T}ools and {A}lgorithms for
{C}onstruction and {A}nalysis of {S}ystems
({TACAS}'16)},
author = {Blondin, Michael and Finkel, Alain and Haase, Christoph and
title = {Approaching the Coverability Problem Continuously},
pages = {480-496},
url = {http://arxiv.org/abs/1510.05724},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/arxiv15-BFHH.pdf},
doi = {10.1007/978-3-662-49674-9_28},
abstract = {The coverability problem for Petri nets plays a central role in
the verification of concurrent shared-memory programs. However, its high
EXPSPACE-complete complexity poses a challenge when encountered in
real-world instances. In this paper, we develop a new approach to this
problem which is primarily based on applying forward coverability in
continuous Petri nets as a pruning criterion inside a backward
coverability framework. A cornerstone of our approach is the efficient
encoding of a recently developed polynomial-time algorithm for
reachability in continuous Petri nets into SMT. We demonstrate the
effectiveness of our approach on standard benchmarks from the literature,
which shows that our approach decides significantly more instances than
any existing tool and is in addition often much faster, in particular on
large instances.}
}

@inproceedings{APS-tap15,
month = jul,
year = 2015,
volume = 9154,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = { Blanchette, Jasmin Christian and Kosmatov, Nikolai},
acronym = {{TAP}'15},
booktitle = {{P}roceedings of the 9th {I}nternational {C}onference
on {T}ests and {P}roofs ({TAP}'15)},
author = {Athanasiou, Konstantinos and Ponce{ }de{~}Le{\'o}n, Hern\'an
and Schwoon, Stefan},
title = {Test Case Generation for Concurrent Systems
Using Event Structures},
pages = {19-37},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/APS-tap15.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/APS-tap15.pdf},
doi = {10.1007/978-3-319-21215-9_2},
abstract = {This paper deals with the test-case generation problem for
concurrent systems that are specified by true-concurrency models such as
Petri nets. We show that using true-concurrency models reduces both the
size and the number of test cases needed for achieving certain coverage
criteria. We present a test-case generation algorithm based on Petri net
unfoldings and a SAT encoding for solving controllability problems in test
cases. Finally, we evaluate our algorithm against traditional test-case
generation methods under interleaving semantics.}
}

@inproceedings{BHL-lata16,
month = mar,
year = 2016,
volume = {9618},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Mart{\'\i}n-Vide, Carlos},
acronym = {{LATA}'16},
booktitle = {{P}roceedings of the 10th {I}nternational {C}onference on {L}anguage
and {A}utomata {T}heory and {A}pplications ({LATA}'16)},
title = {Accurate Approximate Diagnosability of Stochastic Systems},
pages = {549-561},
url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-lata16.pdf},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-lata16.pdf},
doi = {10.1007/978-3-319-30000-9_42},
abstract = {Diagnosis of partially observable stochastic systems prone to
faults was introduced in the late nineties. Diagnosability, i.e. the
existence of a diagnoser, may be specified in different ways: (1)~exact
diagnosability (called A-diagnosability) requires that almost surely a
fault is detected and that no fault is erroneously claimed while
(2)~approximate diagnosability (called $$\varepsilon$$-diagnosability)
allows a small probability of error when claiming a fault and (3)~accurate
approximate diagnosability (called AA-diagnosability) requires that this
error threshold may be chosen arbitrarily small. Here we mainly focus on
approximate diagnoses. We first refine the almost sure requirement about
finite delay introducing a uniform version and showing that while it does
not discriminate between the two versions of exact diagnosability this is
no more the case in approximate diagnosis. Then we establish a complete
picture for the decidability status of the diagnosability problems:
(uniform) $$\varepsilon$$-diagnosability and uniform AA-diagnosability are
undecidable while AA-diagnosability is decidable in PTIME, answering a
longstanding open question.}
}

@inproceedings{BFG-stacs18,
month = feb,
volume = {96},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Niedermeier, Rolf and Vall{\'e}e, Brigitte},
acronym = {{STACS}'18},
booktitle = {{P}roceedings of the 35th {A}nnual
{S}ymposium on {T}heoretical {A}spects of
{C}omputer {S}cience
({STACS}'18)},
author = {Bollig, Benedikt and Fortin, Marie and Gastin, Paul},
title = {Communicating Finite-State Machines and Two-Variable Logic},
pages = {17:1-17:14},
year = {2018},
doi = {10.4230/LIPIcs.STACS.2018.17},
pdf = {http://drops.dagstuhl.de/opus/volltexte/2018/8529/pdf/LIPIcs-STACS-2018-17.pdf},
url = {http://drops.dagstuhl.de/opus/frontdoor.php?source_opus=8529},
abstract = {Communicating finite-state machines are a fundamental, well-studied model of finite-state processes that communicate via unbounded first-in first-out channels. We show that they are expressively equivalent to existential MSO logic with two first-order variables and the order relation.}
}

@inproceedings{MHP-cmsb17,
month = sep,
year = 2017,
volume = {10545},
series = {Lecture Notes in Bioinformatics},
publisher = {Springer-Verlag},
editor = {Feret, J{\'e}r{\^o}me and Koeppl, Heinz},
acronym = {{CMSB}'17},
booktitle = {{P}roceedings of the 15th
{C}onference on
{C}omputational {M}ethods in {S}ystem {B}iology
({CMSB}'17)},
author = {Mandon, Hugues and Haar, Stefan and Paulev{\'e}, Lo{\"i}c},
title = {{Temporal Reprogramming of Boolean Networks}},
pages = {179-195},
pdf = {https://hal.inria.fr/hal-01589251/document},
doi = {10.1007/978-3-319-67471-1\_11},
abstract = {Cellular reprogramming, a technique that opens huge opportunities in modern and regenerative medicine, heavily relies on identifying key genes to perturb. Most of computational methods focus on finding mutations to apply to the initial state in order to control which attractor the cell will reach. However, it has been shown, and is proved in this article, that waiting between the perturbations and using the transient dynamics of the system allow new reprogramming strategies. To identify these temporal perturbations, we consider a qualitative model of regulatory networks, and rely on Petri nets to model their dynamics and the putative perturbations. Our method establishes a complete characterization of temporal perturbations, whether permanent (mutations) or only temporary, to achieve the existential or inevitable reachability of an arbitrary state of the system. We apply a prototype implementation on small models from the literature and show that we are able to derive temporal perturbations to achieve trans-differentiation.}
}

@inproceedings{TFL-async17,
address = {San Diego, California, USA},
month = may,
publisher = {{IEEE} Computer Society},
editor = {Beign{\'e}, Edith and Stevens, Ken},
acronym = {{ASYNC}'17},
booktitle = {{P}roceedings of the 23rd {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'17)},
author = {Ghaith Tarawneh and Matthias F{\"u}gger and Christoph Lenzen},
title = {Metastability Tolerant Computing},
pages = {25-32},
year = {2017},
doi = {10.1109/ASYNC.2017.9},
pdf = {http://www.lsv.fr/~mfuegger/papers/TFL17_async.pdf},
url = {http://ieeexplore.ieee.org/abstract/document/8097381/},
abstract = {Synchronization using flip-flop chains imposes a latency of a few clock cycles when transferring data and control signals between clock domains. We propose a design scheme that avoids this latency by performing synchronization as part of state/data computations while guaranteeing that metastability is contained and its effects tolerated (with an acceptable failure probability). We present a theoretical framework for modeling synchronous state machines in the presence of metastability and use it to prove properties that guarantee some form of reliability. Specifically, we show that the inevitable state/data corruption resulting from propagating metastable states can be confined to a subset of computations. Applications that can tolerate certain failures can exploit this property to leverage low-latency and quasi-reliable operation simultaneously. We demonstrate the approach by designing a Network-on-Chip router with zero- latency asynchronous ports and show via simulation that it outperforms a variant with two flip-flop synchronizers at a negligible cost in packet transfer reliability.}
}

@inproceedings{FKLP-async17,
address = {San Diego, California, USA},
month = may,
publisher = {{IEEE} Computer Society},
editor = {Beign{\'e}, Edith and Stevens, Ken},
acronym = {{ASYNC}'17},
booktitle = {{P}roceedings of the 23rd {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'17)},
author = {Matthias F{\"u}gger and Attila Kinali and Christoph Lenzen and Thomas Polzer},
title = {Metastability-Aware Memory-Efficient Time-to-Digital Converter},
pages = {49-56},
year = {2017},
doi = {10.1109/ASYNC.2017.12},
pdf = {http://www.lsv.fr/~mfuegger/pub/FKLP17.pdf},
url = {https://doi.org/10.1109/ASYNC.2017.12},
abstract = {We propose a novel method for transforming delay- line time-to-digital converters (TDCs) into TDCs that output Gray code without relying on synchronizers. We formally prove that the inevitable metastable memory upsets (Marino, TC'81) do not induce an additional time resolution error. Our modified design provides suitable inputs to the recent metastability-containing sorting networks by Lenzen and Medina (ASYNC'16) and Bund et al. (DATE'17). In contrast, employing existing TDCs would require using thermometer code at the TDC output (followed by conversion to Gray code) or resolving metastability inside the TDC. The former is too restrictive w.r.t. the dynamic range of the TDCs, while the latter loses the advantage of enabling (accordingly much faster) computation without having to first resolve metastability.\par
Our all-digital designs are also of interest in their own right: they support high sample rates and large measuring ranges at nearly optimal bit-width of the output, yet maintain the original delay-line?s time resolution. No previous approach unifies all these properties in a single device.}
}

@inproceedings{FNS-disc17,
month = oct,
year = 2017,
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Richa, Andr{\'e}a},
acronym = {{DISC}'17},
booktitle = {{P}roceedings of the 31st {I}nternational
{S}ymposium on {D}istributed {C}omputing
({DISC}'17)},
author = {Matthias F{\"u}gger and {\relax Th}omas Nowak and Manfred Schwarz},
title = {Brief Announcement: Lower Bounds for Asymptotic Consensus in Dynamic Networks},
pages = {51:1-51:3},
url = {http://drops.dagstuhl.de/opus/volltexte/2017/7992/},
pdf = {http://drops.dagstuhl.de/opus/volltexte/2017/7992/pdf/LIPIcs-DISC-2017-51.pdf},
doi = {10.4230/LIPIcs.DISC.2017.51},
abstract = {In this work we study the performance of asymptotic and approximate consensus algorithms in dynamic networks. The asymptotic consensus problem requires a set of agents to repeatedly set their outputs such that the outputs converge to a common value within the convex hull of initial values. This problem, and the related approximate consensus problem, are fundamental building blocks in distributed systems where exact consensus among agents is not required, e.g., man- made distributed control systems, and have applications in the analysis of natural distributed systems, such as flocking and opinion dynamics. We prove new nontrivial lower bounds on the contraction rates of asymptotic consensus algorithms, from which we deduce lower bounds on the time complexity of approximate consensus algorithms. In particular, the obtained bounds show optimality of asymptotic and approximate consensus algorithms presented in [Charron-Bost et al., ICALPâ€™16] for certain classes of networks that include classical failure assumptions, and confine the search for optimal bounds in the general case.
Central to our lower bound proofs is an extended notion of valency, the set of reachable limits of an asymptotic consensus algorithm starting from a given configuration. We further relate topological properties of valencies to the solvability of exact consensus, shedding some light on the relation of these three fundamental problems in dynamic networks.}
}

@inproceedings{CCV-er17,
month = nov,
volume = 10650,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Mayr, Heinrich C. and Guizzardi, Giancarlo and Ma, Hui and Pastor, Oscar},
booktitle = {{P}roceedings of the 36th {I}nternational {C}onference on {C}onceptual {M}odeling ({ER}'17)},
author = {Chatain, {\relax Th}omas and Carmona, Josep and van Dongen, Boudewijn},
title = {Alignment-Based Trace Clustering},
pages = {295-308},
year = {2017},
doi = {10.1007/978-3-319-69904-2_24},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CCV-er17.pdf},
url = {https://doi.org/10.1007/978-3-319-69904-2_24},
abstract = {A novel method to cluster event log traces is presented in this paper. In contrast to the approaches in the literature, the clustering approach of this paper assumes an additional input: a process model that describes the current process. The core idea of the algorithm is to use model traces as centroids of the clusters detected, computed from a generalization of the notion of alignment. This way, model explanations of observed behavior are the driving force to compute the clusters, instead of current model agnostic approaches, e.g., which group log traces merely on their vector-space similarity. We believe alignment-based trace clustering provides results more useful for stakeholders. Moreover, in case of log incompleteness, noisy logs or concept drift, they can be more robust for dealing with highly deviating traces. The technique of this paper can be combined with any clustering technique to provide model explanations to the clusters computed. The proposed technique relies on encoding the individual alignment problems into the (pseudo-)Boolean domain, and has been implemented in our tool DarkSider that uses an open-source solver.},
note = {To appear}
}

@inproceedings{LDCF-snr17,
month = apr,
year = 2017,
volume = 247,
series = {Electronic Proceedings in Theoretical Computer Science},
editor = {Erika {\'{A}}brah{\'{a}}m and Sergiy Bogomolov},
acronym = {{SNR}'17},
booktitle = {{P}roceedings of the 3rd {I}nternational {W}orkshop
on {S}ymbolic and {N}umerical {M}ethods for
{R}eachability {A}nalysis ({SNR}'17)},
author = {Adrien Le{ }Co{\"e}nt and
Florian De{ }Vuyst and
Ludovic Chamoin and
Laurent Fribourg},
title = {Control Synthesis of Nonlinear Sampled Switched Systems using Euler's Method},
pages = {18-33},
url = {https://arxiv.org/abs/1704.03102v1},
pdf = {https://arxiv.org/pdf/1704.03102v1.pdf},
doi = {10.4204/EPTCS.247.2},
abstract = {In this paper, we propose a symbolic control synthesis method for nonlinear sampled switched systems whose vector fields are one-sided Lipschitz. The main idea is to use an approximate model obtained from the forward Euler method to build a guaranteed control. The benefit of this method is that the error introduced by symbolic modeling is bounded by choosing suitable time and space discretizations. The method is implemented in the interpreted language Octave. Several examples of the literature are performed and the results are compared with results obtained with a previous method based on the Runge-Kutta integration method.}
}

@inproceedings{F-formats17,
month = sep,
year = 2017,
volume = {10419},
futureseries = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Abate, Alessandro and Geeraerts, Gilles},
acronym = {{FORMATS}'17},
booktitle = {{P}roceedings of the 15th {I}nternational {C}onference
on {F}ormal {M}odelling and {A}nalysis of {T}imed
{S}ystems ({FORMATS}'17)},
author = {Fribourg, Laurent},
title = {Euler's Method Applied to the Control of Switched Systems},
pages = {3-21},
url = {https://doi.org/10.1007/978-3-319-65765-3_1},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/F-formats17.pdf},
doi = {10.1007/978-3-319-65765-3_1},
abstract = {Hybrid systems are a powerful formalism for modeling and reasoning about cyber-physical systems. They mix the continuous and discrete natures of the evolution of computerized systems. Switched systems are a special kind of hybrid systems, with restricted discrete behaviours: those systems only have finitely many different modes of (continuous) evolution, with isolated switches between modes. Such systems provide a good balance between expressiveness and controllability, and are thus in widespread use in large branches of industry such as power electronics and automotive control. The control law for a switched system defines the way of selecting the modes during the run of the system. Controllability is the problem of (automatically) synthesizing a control law in order to satisfy a desired property, such as safety (maintaining the variables within a given zone) or stabilisation (confinement of the variables in a close neighborhood around an objective point). In order to compute the control of a switched system, we need to compute the solutions of the differential equations governing the modes. Euler's method is the most basic technique for approximating such solutions. We present here an estimation of the Euler's method local error, using the notion of ''one-sided Lispchitz constant'' for modes. This yields a general control synthesis approach which can encompass several features such as bounded disturbance and compositionality.}
}

@inproceedings{LACFDC-rp17,
month = sep,
year = 2017,
volume = {10506},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Matthew Hague and Igor Potapov},
acronym = {{RP}'17},
booktitle = {{P}roceedings of the 11th {W}orkshop
on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'17)},
author = {Adrien Le{ }Co{\"{e}}nt and
Julien {Alexandre dit Sandretto} and
Alexandre Chapoutot and
Laurent Fribourg and
Florian De{ }Vuyst and
Ludovic Chamoin},
title = {Distributed Control Synthesis Using Euler's Method},
pages = {118-131},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LACFDC-rp17.pdf},
doi = {10.1007/978-3-319-67089-8_9},
abstract = {In a previous work, we explained how Euler's method for computing approximate solutions of systems of ordinary differential equations can be used to synthesize safety controllers for sampled switched systems. We continue here this line of research by showing how Euler's method can also be used for synthesizing safety controllers in a distributed manner. The global system is seen as an interconnection of two (or more) sub-systems where, for each component, the sub-state corresponding to the other component is seen as an ?input?; the method exploits (a variant of) the notions of incremental input-to-state stability ($$\delta$$-ISS) and ISS Lyapunov function. We illustrate this distributed control synthesis method on a building ventilation example.}
}

@article{HM-tcs17,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
title = {Interval iteration algorithm for {MDP}s and {IMDP}s},
volume = {735},
year = {2018},
pages = {111-131},
month = jul,
doi = {10.1016/j.tcs.2016.12.003},
url = {http://authors.elsevier.com/sd/article/S0304397516307095},
abstract = {Markov Decision Processes (MDP) are a widely used model including both non-deterministic and probabilistic choices. Minimal and maximal probabilities to reach a target set of states, with respect to a policy resolving non-determinism, may be computed by several methods including value iteration. This algorithm, easy to implement and efficient in terms of space complexity, iteratively computes the probabilities of paths of increasing length. However, it raises three issues: (1) defining a stopping criterion ensuring a bound on the approximation, (2) analysing the rate of convergence, and (3) specifying an additional procedure to obtain the exact values once a sufficient number of iterations has been performed. The first two issues are still open and, for the third one, an upper bound on the number of iterations has been proposed. Based on a graph analysis and transformation of MDPs, we address these problems. First we introduce an interval iteration algorithm, for which the stopping criterion is straightforward. Then we exhibit its convergence rate. Finally we significantly improve the upper bound on the number of iterations required to get the exact values. We extend our approach to also deal with Interval Markov Decision Processes (IMDP) that can be seen as symbolic representations of MDPs.}
}

@article{FHLM-deds17,
publisher = {Springer},
journal = {Discrete Event Dynamic Systems: Theory and Applications},
author = {{\'E}ric Fabre and Lo{\"i}c H{\'e}lou{\"e}t and Engel Lefaucheux and Herv{\'e} Marchand},
title = {Diagnosability of Repairable Faults},
volume = {28},
number = {2},
month = jun,
year = {2018},
pages = {183-213},
doi = {10.1007/s10626-017-0255-8},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FHLM-deds17.pdf},
abstract = {The diagnosis problem for discrete event systems consists in deciding whether some fault event occurred or not in the system, given partial observations on the run of that system. Diagnosability checks whether a correct diagnosis can be issued in bounded time after a fault, for all faulty runs of that system. This problem appeared two decades ago and numerous facets of it have been explored, mostly for permanent faults. It is known for example that diagnosability of a system can be checked in polynomial time, while the construction of a diagnoser is exponential. The present paper examines the case of transient faults, that can appear and be repaired. Diagnosability in this setting means that the occurrence of a fault should always be detected in bounded time, but also before the fault is repaired, in order to prepare for the detection of the next fault or to take corrective measures while they are needed. Checking this notion of diagnosability is proved to be PSPACE-complete. It is also shown that faults can be reliably counted provided the system is diagnosable for faults and for repairs.}
}

@inproceedings{BHL-msr17,
month = nov,
year = 2017,
futureseries = {Journal Europ{\'e}en des Syst{\e}mes Automatis{\'e}s},
publisher = {HAL},
editor = {Demongodin, Isabel and Reynier, Pierre-Alain},
acronym = {{MSR}'17},
booktitle = {{A}ctes du 11{\e}me {C}olloque sur la
{M}od{\'e}lisation des {S}yst{\e}mes
{R}{\'e}actifs
({MSR}'17)},
title = {Diagnostic et contr{\^o}le de la d{\'e}gradation des syst{\e}mes probabilistes},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-msr17.pdf},
abstract = {Le diagnostic actif est op{\'e}r{\'e} par un contr{\^o}leur en vue de rendre un syst{\e}me diagnosticable. Afin d'{\'e}viter que le contr{\^o}leur ne d{\'e}grade trop fortement le syst{e}me, on lui affecte g{\'e}n{\'e}ralement un second objectif en termes de qualit{\'e} de service. Dans le cadre des syst{\e}mes probabilistes, une sp{\'e}cification possible consiste {\a} assurer une probabilit{\'e} positive qu'une ex{\'e}cution infinie soit correcte, ce qu'on appelle le diagnostic
actif s{\^u}r. Nous introduisons ici deux sp{\'e}cifications alternatives. La gamma-correction du syst{\e}me affecte {\a} une ex{\'e}cution une valeur de correction d{\'e}pendant d'un facteur de d{\'e}cote gamma et le contr{\^o}leur doit assurer une valeur moyenne sup{\'e}rieure {\a} un seuil fix{\'e}. La alpha-d{\'e}gradation requiert qu'asymptotiquement, {\a} chaque unit{\'e} de temps une proportion sup{\'e}rieure {\a} alpha des ex{\'e}cutions jusqu'alors correctes le demeure. D'un point de vue s{\'e}mantique, nous explicitons des liens significatifs entre les diff{\'e}rentes notions. Algorithmiquement, nous {\'e}tablissons la fronti{\e}re entre d{\'e}cidabilit{\'e} et ind{\'e}cidabilit{\'e} des probl{\e}mes et dans le cas positif nous exhibons la complexit{\'e} pr{\'e}cise ainsi qu'une synth{\e}se, potentiellement {\a} m{\'e}moire infinie.}
}

@inproceedings{BHL-fsttcs17,
month = dec,
year = 2017,
volume = {93},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Satya Lokam and R. Ramanujam},
acronym = {{FSTTCS}'17},
booktitle = {{P}roceedings of the 37th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'17)},
title = {Probabilistic Disclosure: Maximisation vs. Minimisation},
pages = {13:1-13:14},
url = {http://drops.dagstuhl.de/opus/frontdoor.php?source_opus=8384},
pdf = {http://drops.dagstuhl.de/opus/volltexte/2018/8384/pdf/LIPIcs-FSTTCS-2017-13.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2017.13},
abstract = {We consider opacity questions where an observation function provides to an external attacker a view of the states along executions and secret executions are those visiting some state from a fixed subset. Disclosure occurs when the observer can deduce from a finite observation that the execution is secret, the epsilon-disclosure variant corresponding to the execution being secret with probability greater than 1 - epsilon. In a probabilistic and non deterministic setting, where an internal agent can choose between actions, there are two points of view, depending on the status of this agent: the successive choices can either help the attacker trying to disclose the secret, if the system has been corrupted, or they can prevent disclosure as much as possible if these choices are part of the system design. In the former situation, corresponding to a worst case, the disclosure value is the supremum over the strategies of the probability to disclose the secret (maximisation), whereas in the latter case, the disclosure is the infimum (minimisation). We address quantitative problems (comparing the optimal value with a threshold) and qualitative ones (when the threshold is zero or one) related to both forms of disclosure for a fixed or finite horizon. For all problems, we characterise their decidability status and their complexity. We discover a surprising asymmetry: on the one hand optimal strategies may be chosen among deterministic ones in maximisation problems, while it is not the case for minimisation. On the other hand, for the questions addressed here, more minimisation problems than maximisation ones are decidable.}
}

@techreport{Haddad-hal17,
title = {Memoryless Determinacy of Finite Parity Games: Another Simple Proof},
institution = {HAL-inria},
number = {hal-01541508},
month = jun,
year = {2017},
type = {Research Report},
url = {https://hal.inria.fr/hal-01541508},
note = {7~pages},
abstract = {Memoryless determinacy of (infinite) parity games is an important result with numerous applications. It was first independently established by Emerson and Jutla [1] and Mostowski [2] but their proofs involve elaborate developments. The elegant and simpler proof of Zielonka [3] still requires a nested induction on the finite number of priorities and on ordinals for sets of vertices. There are other proofs for finite games like the one of Bj{\"o}rklund, Sandberg and Vorobyovin [4] that relies on relating infinite and finite duration games. We present here another simple proof that finite parity games are determined with memoryless strategies using induction on the number of relevant states. The closest proof that relies on induction over non absorbing states is the one of Graedel [5]. However instead of focusing on a single appropriate vertex for induction as we do here, he considers two reduced games per vertex, for all the vertices of the game. The idea of reasoning about a single state has been inspired to me by the analysis of finite stochastic priority games by Karelovic and Zielonka [6].}
}

@inproceedings{CP-concur17,
month = sep,
year = 2017,
volume = {85},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Meyer, Roland and Nestmann, Uwe},
acronym = {{CONCUR}'17},
booktitle = {{P}roceedings of the 28th
{I}nternational {C}onference on
{C}oncurrency {T}heory
({CONCUR}'17)},
author = {Chatain, {\relax Th}omas and Paulev{\'e}, Lo{\"i}c},
title = {Goal-Driven Unfolding of {P}etri Nets},
pages = {18:1-18:16},
url = {http://drops.dagstuhl.de/opus/volltexte/2017/7773},
pdf = {http://drops.dagstuhl.de/opus/volltexte/2017/7773/pdf/LIPIcs-CONCUR-2017-18.pdf},
doi = {10.4230/LIPIcs.CONCUR.2017.18},
abstract = {Unfoldings provide an efficient way to avoid the state-space explosion due to interleavings of concurrent transitions when exploring the runs of a Petri net. The theory of adequate orders allows one to define finite prefixes of unfoldings which contain all the reachable markings. In this paper we are interested in reachability of a single given marking, called the goal. We propose an algorithm for computing a finite prefix of the unfolding of a 1-safe Petri net that preserves all minimal configurations reaching this goal. Our algorithm combines the unfolding technique with on-the-fly model reduction by static analysis aiming at avoiding the exploration of branches which are not needed for reaching the goal. We present some experimental results.}
}

@article{BGH-fmsd17,
publisher = {Springer},
journal = {Formal Methods in System Design},
author = {Bollig, Benedikt and Grindei, Manuela-Lidia and Habermehl, Peter},
title = {Realizability of Concurrent Recursive Programs},
volume = {53},
number = {3},
year = {2018},
pages = {339-362},
doi = {10.1007/s10703-017-0282-y},
abstract = {We study the realizability problem for concurrent recursive programs: Given a distributed system architecture and a sequential specification over words, find a distributed automata implementation that is equivalent to the specification. This problem is well-studied as far as finite-state processes are concerned, and it has a solution in terms of Zielonka's Theorem. We lift Zielonka's Theorem to the case where processes are recursive and modeled as visibly pushdown (or, equivalently, nested-word) automata. However, contrarily to the finite-state case, it is undecidable whether a specification is realizable or not. Therefore, we also consider suitable underapproximation techniques from the literature developed for multi-pushdown systems, and we show that they lead to a realizability framework with effective algorithms.
}
}

@article{BFHH-tocl17,
publisher = {ACM Press},
journal = {ACM Transactions on Computational Logic},
author = {Blondin, Michael and Finkel, Alain and Haase, Christoph and
title = {The Logical View on Continuous {P}etri Nets},
volume = {18},
number = {3},
year = {2017},
pages = {24:1--24:28},
url = {http://doi.acm.org/10.1145/3105908},
doi = {10.1145/3105908},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHH-tocl17.pdf},
abstract = {Continuous Petri nets are a relaxation of classical discrete Petri nets in which transitions can be fired a fractional number of times, and consequently places may contain a fractional number of tokens. Such continuous Petri nets are an appealing object to study since they over approximate the set of reachable configurations of their discrete counterparts, and their reachability problem is known to be decidable in polynomial time. The starting point of this paper is to show that the reachability relation for continuous Petri nets is definable by a sentence of linear size in the existential theory of the rationals with addition and order. Using this characterization, we obtain decidability and complexity results for a number of classical decision problems for continuous Petri nets. In particular, we settle the open problem about the precise complexity of reachability set inclusion. Finally, we show how continuous Petri nets can be incorporated inside the classical backward coverability algorithm for discrete Petri nets as a pruning heuristic in order to tackle the symbolic state explosion problem. The cornerstone of the approach we present is that our logical characterization enables us to leverage the power of modern SMT-solvers in order to yield a highly performant and robust decision procedure for coverability in Petri nets. We demonstrate the applicability of our approach on a set of standard benchmarks from the literature.}
}

@inproceedings{HPV-icsc17,
address = {San Diego, CA, USA},
month = jan,
volume = 11,
series = {IEEE ICSC},
publisher = {{IEEE} Press},
todoeditor = {D?Auria, Daniela and Liu, Jianquan and Pilato, Giovanni},
acronym = {{ICSC}'17},
booktitle = {{P}roceedings of the 11th International Conference on Semantic Computing	({ICSC}'17)},
author = {Haar, Stefan and Perchy, Salim and Valencia, Frank},
title = {{D-SPACES: Implementing Declarative Semantics for Spatially Structured Information}},
pages = {227-233},
year = {2017},
doi = {10.1109/ICSC.2017.34},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HPV-icsc17.pdf},
url = {https://hal.inria.fr/hal-01328189},
abstract = {We introduce in this paper D-SPACES, an implementation of constraint systems with space and extrusion operators. Constraint systems are algebraic models that allow for a semantic language-like representation of information in systems where the concept of space is a primary structural feature. We give this information mainly an epistemic interpretation and consider various agents as entities acting upon it. D-SPACES is coded as a c++11 library providing implementations for constraint systems, space functions and extrusion functions. The interfaces to access each implementation are minimal and thoroughly documented. D-SPACES also provides property-checking methods as well as an implementation of a specific type of constraint systems (a boolean algebra). This last implementation serves as an entry point for quick access and proof of concept when using these models. Furthermore, we offer an illustrative example in the form of a small social network where users post their beliefs and utter their opinions.}
}

@article{GHPRV-jlamp17,
publisher = {Elsevier Science Publishers},
journal = {Journal of Logic and Algebraic Methods in Programming},
author = {Guzm{\'a}n, Michell and Haar, Stefan and Perchy, Salim and Rueda, Camilo and Valencia, Frank},
title = {{Belief, Knowledge, Lies and Other Utterances in an Algebra for Space and Extrusion}},
volume = {86},
number = {1},
year = {2017},
pages = {107-133},
doi = {10.1016/j.jlamp.2016.09.001},
month = jan,
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GHPRV-jlamp17.pdf},
url = {https://hal.inria.fr/hal-01257113},
abstract = {The notion of constraint system (cs) is central to declarative formalisms from concurrency theory such as process calculi for concurrent constraint programming (ccp). Constraint systems are often represented as lattices: their elements, called constraints, represent partial information and their order corresponds to entailment. Recently a notion of n-agent spatial cs was introduced to represent information in concurrent constraint programs for spatially distributed multi-agent systems. From a computational point of view a spatial constraint system can be used to specify partial information holding in a given agent's space (local information). From an epistemic point of view a spatial cs can be used to specify information that a given agent considers true (beliefs). Spatial constraint systems, however, do not provide a mechanism for specifying the mobility of information/processes from one space to another. Information mobility is a fundamental aspect of concurrent systems. In this article we develop the theory of spatial constraint systems with operators to specify information and processes moving from a space to another. We shall investigate the properties of this new family of constraint systems and illustrate their applications. From a computational point of view the new operators provide for process/information extrusion, a central concept in formalisms for mobile communication. From an epistemic point of view extrusion corresponds I to a notion we shall call utterance; a piece of information that an agent communicate to others but that may be inconsistent with the agent's beliefs. Utterances can then be used to express instances of epistemic notions such as hoaxes or intentional lies which are common place in social media. Spatial constraint system can express the epistemic notion of belief by means of space functions that specify local information. We shall also show that spatial constraint can also express the epistemic notion of knowledge by means of a derived spatial operator that specifies global information.}
}

@inproceedings{VCCT-caise17,
month = jun,
volume = 10253,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Dubois, Eric and Pohl, Klaus},
acronym = {{CAiSE}'17},
booktitle = {{P}roceedings of the 29th {I}nternational {C}onference on {A}dvanced {I}nformation {S}ystems {E}ngineering ({CAiSE}'17)},
author = {{van Dongen}, Boudewijn and  Carmona, Josep and Chatain, {\relax Th}omas and Taymouri, Farbod},
title = {Aligning Modeled and Observed Behavior: A Compromise Between Complexity and Quality},
pages = {94-109},
year = {2017},
doi = {10.1007/978-3-319-59536-8_7},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/VCCT-caise17.pdf},
abstract = {Certifying that a process model is aligned with the real process executions is perhaps the most desired feature a process model may have: aligned process models are crucial for organizations, since strategic decisions can be made easier on models instead of on plain data. In spite of its importance, the current algorithmic support for computing alignments is limited: either techniques that explicitly explore the model behavior (which may be worst-case exponential with respect to the model size), or heuristic approaches that cannot guarantee a solution, are the only alternatives. In this paper we propose a solution that sits right in the middle in the complexity spectrum of alignment techniques; it can always guarantee a solution, whose quality depends on the exploration depth used and local decisions taken at each step. We use linear algebraic techniques in combination with an iterative search which focuses on progressing towards a solution. The experiments show a clear reduction in the time required for reaching a solution, without sacrificing significantly the quality of the alignment obtained.}
}

@inproceedings{BBDH-sia17,
month = mar,
editor = {{Di Valentin}, Laurent and Landel, Eric},
acronym = {SIA Simulation Num{\'e}rique},
booktitle = {SIA Simulation Num{\'e}rique},
author = {Barbot, Beno{\^i}t and B{\'e}rard, B{\'e}atrice and Duplouy, Yann and Haddad, Serge},
title = {Statistical Model-Checking for Autonomous Vehicle Safety Validation},
todopages = {},
year = {2017},
todolsvdate-pub = 20170320,
tododoi = {},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BBDH-sia17.pdf},
url = {https://hal.archives-ouvertes.fr/hal-01491064},
abstract = {We present an application of statistical
model-checking to the verification of an autonomous
vehicle controller. Our goal is to check safety properties
in various traffic situations. More specifically, we
focus on a traffic jam situation.\par
The controller is specified by a C++ program. Using
sensors, it registers positions and velocities of nearby
vehicles and modifies the position and velocity of the
controlled vehicle to avoid collisions. We model the environment
using a stochastic high level Petri net, where
random behaviors of other vehicles can be described.
We use HASL, a quantitative variant of linear temporal
logic, to express the desired properties. A large family
of performance indicators can be specified in HASL
and we target in particular the expectation of travelled
distance or the collision probability.\par
We evaluate the properties of this model using COSMOS1.
This simulation tool implements numerous statistical
techniques such as sequential hypothesis testing
and most confidence range computation methods.
Its efficiency allowed us to conduct several experiments
with success.}
}

@inproceedings{BHSS-pn17,
month = jun,
volume = {10258},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {van der Aalst, Wifred and Best, Eike},
acronym = {{PETRI~NETS}'17},
booktitle = {{P}roceedings of the 38th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'17)},
author = {B{\'e}rard, B{\'e}atrice and Haar, Stefan and
Schmitz, Sylvain and Schwoon, Stefan},
title = {The Complexity of Diagnosability and Opacity
Verification for {P}etri Nets},
pages = {200-220},
year = {2017},
doi = {10.1007/978-3-319-57861-3_13},
url = {https://hal.inria.fr/hal-01484476},
abstract = {Diagnosability and opacity are two well-studied problems in discrete-event systems.  We revisit these two problems with respect to expressiveness and complexity issues.  We first relate different notions of diagnosability and opacity.  We consider in particular fairness issues and extend the definition of Germanos et al. [ACM TECS, 2015] of weakly fair diagnosability for safe Petri nets to general Petri nets and to opacity questions.  Second, we provide a global picture of complexity results for the verification of diagnosability and opacity.  We show that diagnosability is NL-complete for finite state systems, PSPACE-complete for safe Petri nets (even with fairness), and EXPSPACE-complete for general Petri nets without fairness, while non diagnosability is inter-reducible with reachability when fault events are not weakly fair.  Opacity is ESPACE-complete for safe Petri nets (even with fairness) and undecidable for general Petri nets already without fairness.}
}

@article{ACR-tecs17,
publisher = {ACM Press},
journal = {ACM Transactions in Embedded Computing Systems},
author = {Andr{\'e}, {\'E}tienne and Chatain, {\relax Th}omas and Rodr{\'\i}guez, C{\'e}sar},
title = {Preserving Partial-Order Runs in Parametric Time {P}etri Nets},
volume = {16},
number = {2},
year = {2017},
pages = {43:1-43:26},
doi = {10.1145/3012283},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ACR-tecs17.pdf},
abstract = {Parameter synthesis for timed systems aims at deriving parameter valuations satisfying a given property. In this article, we target concurrent systems. We use partial-order semantics for parametric time Petri nets as a way to both cope with the well-known state-space explosion due to concurrency and significantly enhance the result of an existing synthesis algorithm. Given a reference parameter valuation, our approach synthesizes other valuations preserving the partial-order executions of the reference parameter valuation. We show the applicability of our approach using a tool applied to asynchronous circuits.}
}

@inproceedings{CHKP-valuetools17,
month = dec,
year = 2017,
acronym = {{VALUETOOLS}'17},
booktitle = {{P}roceedings of the 11th {I}nternational {C}onference
on {P}erformance {E}valuation {M}ethodologies and {T}ools
({VALUETOOLS}'17)},
author = {Chatzikokolakis, Kostas and Haddad, Serge and Kassem, Ali and Palamidessi, Catuscia},
title = {{Trading Optimality for Performance in Location Privacy}},
pages = {221-222},
url = {https://arxiv.org/abs/1710.05524},
pdf = {https://arxiv.org/pdf/1710.05524.pdf},
doi = {10.1145/3150928.3150962},
abstract = {Location-Based Services (LBSs) provide invaluable aid in the everyday activities of many individuals, however they also pose serious threats to the user' privacy. There is, therefore, a growing interest in the development of mechanisms to protect location privacy during the use of LBSs. Nowadays, the most popular methods are probabilistic, and the so-called optimal method achieves an optimal trade-off between privacy and utility by using linear optimization techniques. Unfortunately, due to the complexity of linear programming, the method is unfeasible for a large number n of locations, because the constraints are $$O(n^3)$$. In this paper, we propose a technique to reduce the number of constraints to $$O(n^2)$$, at the price of renouncing to perfect optimality. We show however that on practical situations the utility loss is quite acceptable, while the gain in performance is significant.}
}

@inproceedings{AFMS-vmcai2019,
month = jan,
year = 2019,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Enea, Constantin and Piskac, Ruzica},
acronym = {{VMCAI}'19},
booktitle = {{P}roceedings of the 20th {I}nternational {C}onference on
{V}erification, {M}odel {C}hecking and {A}bstract {I}nterpretation
({VMCAI}'19)},
author = {Andr{\'e}, {\'E}tienne and Fribourg, Laurent and Mota, Jean-Marc and Soulat, Romain},
title = {Verification of an industrial asynchronous leader election algorithm using abstractions and parametric model checking},
pages = {409-424},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AFMS-vmcai19.pdf},
abstract = {The election of a leader in a network is a challenging task, especially when the processes are asynchronous, i.e., execute an algorithm with time-varying periods. Thales developed an industrial election algorithm with an arbitrary number of processes, that can possibly fail. In this work, we prove the correctness of a variant of this industrial algorithm. We use a method combining abstraction, the SafeProver solver, and a parametric timed model-checker. This allows us to prove the correctness of the algorithm for a large number $$p$$ of processes ($$p = 5000$$).}
}

@inproceedings{HKP-vmcai2019,
month = jan,
year = 2019,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Enea, Constantin and Piskac, Ruzica},
acronym = {{VMCAI}'19},
booktitle = {{P}roceedings of the 20th {I}nternational {C}onference on
{V}erification, {M}odel {C}hecking and {A}bstract {I}nterpretation
({VMCAI}'19)},
author = {Haar, Stefan and Kolc{\'a}k, Juraj and Paulev{\'e}, Lo{\"i}c},
title = {{Combining Refinement of Parametric Models with Goal-Oriented Reduction of Dynamics}},
pages = {555-576},
url = {https://hal.archives-ouvertes.fr/hal-01940174/},
pdf = {https://hal.archives-ouvertes.fr/hal-01940174/file/manuscript.pdf},
abstract = {Parametric models abstract part of the specification of dynamical models by integral parameters. They are for example used in computational systems biology, notably with parametric regulatory networks, which specify the global architecture (interactions) of the networks, while parameterising the precise rules for drawing the possible temporal evolutions of the states of the components. A key challenge is then to identify the discrete parameters corresponding to concrete models with desired dynamical properties. This paper addresses the restriction of the abstract execution of parametric regulatory (discrete) networks by the means of static analysis of reachability properties (goal states). Initially defined at the level of concrete parameterised models, the goal-oriented reduction of dynamics is lifted to parametric networks, and is proven to preserve all the minimal traces to the specified goal states. It results that one can jointly perform the refinement of parametric networks (restriction of domain of parameters) while reducing the necessary transitions to explore and preserving reachability properties of interest.}
}

@phdthesis{duplouy-phd2018,
author = {Duplouy, Yann},
title = {{Applying Formal Methods to Autonomous Vehicle Control}},
school = {{\'E}cole Normale Sup{\'e}rieure Paris-Saclay, France},
type = {Th{\e}se de doctorat},
year = 2018,
month = nov,
url = {http://www.lsv.fr/~duplouy/defence/}
}

@techreport{CHKTP-hal18,
author = {Chatain, {\relax Th}omas and Haar, Stefan and Kolc{\'a}k, Juraj and Thakkar, Aalok and Paulev{\'e}, Lo{\"i}c},
institution = {HAL},
month = oct,
note = {33~pages},
number = {hal-01893106},
type = {Research Report},
title = {{Concurrency in Boolean networks}},
year = {2018},
url = {https://hal.inria.fr/hal-01893106},
pdf = {https://hal.inria.fr/hal-01893106/document},
abstract = {Boolean networks (BNs) are widely used to model the qualitative dynamics of biological systems. Besides the logical rules determining the evolution of each component with respect to the state of its regulators, the scheduling of components updates can have a dramatic impact on the predicted behaviours. In this paper, we explore the use of Contextual Petri Nets (CPNs) to study dynamics of BNs with a concurrency theory perspective. After showing bi-directional translations between CPNs and BNs and analogies between results on synchronism sensitivies, we illustrate that usual updating modes for BNs can miss plausible behaviours, i.e., incorrectly conclude on the absence/impossibility of reaching specific configurations. Taking advantage of CPN semantics enabling more behaviour than the generalized asynchronous updating mode, we propose an encoding of BNs ensuring a correct abstraction of any multivalued refinement, as one may expect to achieve when modelling biological systems with no assumption on its time features.}
}

@phdthesis{Lefaucheux-phd2018,
author = {Lefaucheux, Engel},
title = {Controlling Information in Probabilistic Systems},
school = {Universit{\'e} Rennes~1, Rennes, France},
type = {Th{\e}se de doctorat},
year = 2018,
month = sep,
url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/lefaucheux-phd18.pdf},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/lefaucheux-phd18.pdf}
}

@inproceedings{BHL-fsttcs18,
month = dec,
year = 2018,
volume = {122},
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Sumit Ganguly and Paritosh Pandya},
acronym = {{FSTTCS}'18},
booktitle = {{P}roceedings of the 38th {C}onference on
{F}oundations of {S}oftware {T}echnology and
{T}heoretical {C}omputer {S}cience
({FSTTCS}'18)},
author = {B{\'e}atrice B{\'e}rard and Stefan Haar and Lo{\"i}c H{\'e}lou{\"e}t},
title = {Hyper Partial Order Logic},
pages = {20:1-20:21},
url = {http://drops.dagstuhl.de/opus/frontdoor.php?source_opus=9919},
pdf = {http://drops.dagstuhl.de/opus/volltexte/2018/9919/pdf/LIPIcs-FSTTCS-2018-20.pdf},
doi = {10.4230/LIPIcs.FSTTCS.2018.20},
abstract = {We define HyPOL, a local hyper logic for partial order models, expressing properties of sets of runs. These properties depict shapes of causal dependencies in sets of partially ordered executions, with similarity relations defined as isomorphisms of past observations. Unsurprisingly, since comparison of projections are included, satisfiability of this logic is undecidable. We then address model checking of HyPOL and show that, already for safe Petri nets, the problem is undecidable. Fortunately, sensible restrictions of observations and nets allow us to bring back model checking of HyPOL to a decidable problem, namely model checking of MSO on graphs of bounded treewidth.}
}

@techreport{CHP-arxiv18,
author = {Chatain, {\relax Th}omas and Haar, Stefan and Paulev{\'e}, Lo{\"i}c},
institution = {Computing Research Repository},
month = aug,
note = {15~pages},
number = {1808.10240},
type = {Research Report},
title = {Most Permissive Semantics of Boolean Networks},
year = {2018},
url = {https://arxiv.org/abs/1808.10240},
pdf = {https://arxiv.org/pdf/1808.10240v1.pdf},
abstract = {As shown in [3], the usual update modes of
Boolean networks (BNs), including synchronous and (generalized)
asynchronous, fail to capture behaviours introduced by multivalued
refinements. Thus, update modes do not allow a correct abstract
reasoning on dynamics of biological systems, as they may lead to reject
valid BN models.\par
We introduce a new semantics for interpreting BNs which meets with a
correct abstraction of any multivalued refinements, with any update
mode. This semantics subsumes all the usual updating modes, while
enabling new behaviours achievable by more concrete models. Moreover, it
appears that classical dynamical analyses of reachability and
attractors have a simpler computational complexity:
\begin{itemize}
\item reachability can be assessed in a polynomial number of iterations
(instead of being PSPACE-complete with update modes);
\item attractors are hypercubes, and deciding the existence of attractors
with a given upper-bounded dimension is in NP (instead of
PSPACE-complete with update modes).
\end{itemize}
The computation of iterations is in NP in the very general case, and is
linear when local functions are monotonic, or with some usual
representations of functions of BNs (binary decision diagrams, Petri
nets, automata networks, etc.).\par
In brief, the most permissive semantics of BNs enables a correct
abstract reasoning on dynamics of BNs, with a greater tractability than
previously introduced update modes.\par
This technical report lists the main
definitions and properties of the most permissive semantics of BNs, and
draw some remaining open questions.}
}

@inproceedings{FN-disc18,
month = oct,
series = {Leibniz International Proceedings in Informatics},
publisher = {Leibniz-Zentrum f{\"u}r Informatik},
editor = {Ulrich Schmid},
acronym = {{DISC}'18},
booktitle = {{P}roceedings of the 32nd {I}nternational
{S}ymposium on {D}istributed {C}omputing
({DISC}'18)},
author = {F{\"u}gger, Matthias and Nowak, {\relax Th}omas},
title = {Fast Multidimensional Asymptotic and Approximate Consensus},
pages = {27:1-27:15},
year = {2018},
url = {https://arxiv.org/abs/1805.04923}
}

@inproceedings{FNS-podc18,
month = jul,
publisher = {ACM Press},
editor = {Keidar, Idit},
acronym = {{PODC}'18},
booktitle = {Proceedings of the {ACM} Symposium on Principles of Distributed Computing ({PODC}'18)},
author = {F{\"u}gger, Matthias and Nowak, {\relax Th}omas and Schwarz, Manfred},
title = {Tight Bounds for Asymptotic and Approximate Consensus},
pages = {325-334},
year = {2018},
doi = {10.1145/3212734.3212762},
url = {https://arxiv.org/abs/1705.02898},
abstract = {In this work we study the performance of asymptotic and approximate consensus algorithms in dynamic networks. The asymptotic consensus problem requires a set of agents to repeatedly set their outputs such that the outputs converge to a common value within the convex hull of initial values. This problem, and the related approximate consensus problem, are fundamental building blocks in distributed systems where exact consensus among agents is not required, e.g., man-made distributed control systems, and have applications in the analysis of natural distributed systems, such as flocking and opinion dynamics. We prove new nontrivial lower bounds on the contraction rates of asymptotic consensus algorithms, from which we deduce lower bounds on the time complexity of approximate consensus algorithms. In particular, the obtained bounds show optimality of asymptotic and approximate consensus algorithms presented in [Charron-Bost et al., ICALP'16] for certain classes of networks that include classical failure assumptions, and confine the search for optimal bounds in the general case.
\par
Central to our lower bound proofs is an extended notion of valency, the set of reachable limits of an asymptotic consensus algorithm starting from a given configuration. We further relate topological properties of valencies to the solvability of exact consensus, shedding some light on the relation of these three fundamental problems in dynamic networks.}
}

@article{BHL-icomp19,
publisher = {Elsevier Science Publishers},
journal = {Information and Computation},
title = {{A Tale of Two Diagnoses in Probabilistic Systems}},
volume = {269},
year = {2019},
month = dec,
doi = {10.1016/j.ic.2019.104441},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-icomp18.pdf},
abstract = {Diagnosis of partially observable stochastic systems prone to faults was introduced
in the late nineties. Diagnosability, i.e. the existence of a diagnoser, may be specified in different ways: exact diagnosability requires that almost surely a fault is detected and that no fault is erroneously claimed; approximate diagnosability tolerates a small error probability when claiming a fault; last, accurate approximate diagnosability guarantees that the error probability can be chosen arbitrarily small. In this article, we  first refine the specification of diagnosability by identifying three criteria: (1) detecting faulty runs or providing information
for all runs (2) considering finite or infinite runs, and (3) requiring or not a uniform detection delay. We then give a complete picture of relations between the different diagnosability specifications for probabilistic systems and establish characterisations for most of them in the finite-state case. Based on these characterisations, we develop decision procedures, study their complexity and prove their optimality. We also design synthesis algorithms to construct diagnosers
and we analyse their memory requirements. Finally we establish undecidability of the diagnosability problems for which we provided no characterisation.}
}

@inproceedings{SGF-hscc18,
month = apr,
publisher = {ACM Press},
editor = {Prandini, Maria and Deshmukh, Jyotirmoy V.},
acronym = {{HSCC}'18},
booktitle = {{P}roceedings of the 21st {ACM} {I}nternational {C}onference
on {H}ybrid {S}ystems: {C}omputation and {C}ontrol
({HSCC}'18)},
author = {Saoud, Adnane and Girard, Antoine and Fribourg, Laurent},
title = {Contract based Design of Symbolic Controllers for Vehicle Platooning},
pages = {277-278},
year = {2018},
doi = {10.1145/3178126.3187001},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SGF-hscc18.pdf},
abstract = {In this work, we present an application of symbolic control and contract
based design techniques to vehicle platooning. We use a compositional approach based on continuous-time assume-guarantee contracts. Each vehicle in the platoon is assigned an assumeguarantee contract; and a controller is synthesized using symbolic control to enforce the satisfaction of this contract. The assumeguarantee framework makes it possible to deal with different types of vehicles and asynchronous controllers (i.e controllers with different
sampling periods). Numerical results illustrate the effectiveness of the approach.},
note = {Poster}
}

@inproceedings{FMNNS-date18,
month = mar,
publisher = {{IEEE} Computer Society Press},
acronym = {{DATE}'18},
booktitle = {{P}roceedings of the {C}onference on {D}esign, {A}utomation and {T}est in
{E}urope (DATE'18)},
author = {Matthias F{\"u}gger and
J{\"u}rgen Maier and
Robert Najvirt and
{\relax Th}omas Nowak and
Ulrich Schmid},
title = {A Faithful Binary Circuit Model with Adversarial Noise},
pages = {1327-1332},
year = {2018},
doi = {10.23919/DATE.2018.8342219},
pdf = {http://www.lsv.fr/~mfuegger/papers/FMNNS18_date.pdf},
url = {https://doi.org/10.23919/DATE.2018.8342219},
abstract = {Accurate delay models are important for static and dynamic timing analysis of digital circuits, and mandatory for formal verification. However, F{\"u}gger et al. [IEEE TC 2016] proved that pure and inertial delays, which are employed for dynamic timing analysis in state-of-the-art tools like ModelSim, NC-Sim and VCS, do not yield faithful digital circuit models. Involution delays, which are based on delay functions that are mathematical involutions depending on the previous-output-to- input time offset, were introduced by F{\"u}gger et al. [DATE'15] as a faithful alternative (that can easily be used with existing tools). Although involution delays were shown to predict real signal traces reasonably accurately, any model with a deterministic delay function is naturally limited in its modeling power.
\par
In this paper, we thus extend the involution model, by adding non-deterministic delay variations (random or even adversarial), and prove analytically that faithfulness is not impaired by this generalization. Albeit the amount of non-determinism must be considerably restricted to ensure this property, the result is surprising: the involution model differs from non-faithful models mainly in handling fast glitch trains, where small delay shifts have large effects. This originally suggested that adding even small variations should break the faithfulness of the model, which turned out not to be the case. Moreover, the results of our simulations also confirm that this generalized involution model has larger modeling power and, hence, applicability.}
}

@article{FFL-toc18,
publisher = {{IEEE} Computer Society Press},
journal = {IEEE Transactions on Computers},
author = {Stephan Friedrichs and Matthias F{\"u}gger and Christoph Lenzen},
title = {Metastability-Containing Circuits},
volume = {67},
number = {8},
pages = {1167-1183},
year = {2018},
month = aug,
doi = {10.1109/TC.2018.2808185},
url = {https://ieeexplore.ieee.org/document/8314764/},
abstract = {In digital circuits, metastability can cause deteriorated signals that neither are logical 0 nor logical 1, breaking the abstraction of Boolean logic. Synchronizers, the only traditional countermeasure, exponentially decrease the odds of maintained metastability over time. We propose a fundamentally different approach: It is possible to deterministically contain metastability by fine-grained logical masking so that it cannot infect the entire circuit. At the heart of our approach lies a time- and value-discrete model for metastability in synchronous clocked digital circuits, in which metastability is propagated in a worst-case fashion. The proposed model permits positive results and passes the test of reproducing Marino's impossibility results. We fully classify which functions can be computed by circuits with standard registers. Regarding masking registers, we show that more functions become computable with each clock cycle, and that masking registers permit exponentially smaller circuits for some tasks. Demonstrating the applicability of our approach, we present the first fault-tolerant distributed clock synchronization algorithm that deterministically guarantees correct behavior in the presence of metastability. As a consequence, clock domains can be synchronized without using synchronizers, enabling metastability-free communication between them.}
}

@article{CFN-dam17,
publisher = {Elsevier Science Publishers},
journal = {Discrete Applied Mathematics},
author = {Bernadette {Charron-Bost} and Matthias F{\"u}gger and {\relax Th}omas Nowak and Manfred Schwarz},
title = {New transience bounds for max-plus linear systems},
volume = {219},
pages = {83-99},
year = {2017},
month = mar,
doi = {10.1016/j.dam.2016.11.003},
pdf = {http://www.lsv.fr/~mfuegger/papers/CFN17_dam.pdf},
url = {https://doi.org/10.1016/j.dam.2016.11.003},
abstract = {Linear max-plus systems describe the behavior of a large variety of complex systems. It is known that these systems show a periodic behavior after an initial transient phase. Assessment of the length of this transient phase provides important information on complexity measures of such systems, and so is crucial in system design. We identify relevant parameters in a graph representation of these systems and propose a modular strategy to derive new upper bounds on the length of the transient phase. By that we are the first to give asymptotically tight and potentially subquadratic transience bounds. We use our bounds to derive new complexity results, in particular in distributed computing.}
}

@inproceedings{FKLW-async18,
month = may,
publisher = {{IEEE} Computer Society},
editor = {Krstic, Milos and Jones, {Ian W.}},
acronym = {{ASYNC}'18},
booktitle = {{P}roceedings of the 24th {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'18)},
author = {Matthias F{\"u}gger and Attila Kinali and Christoph Lenzen and Ben Wiederhake},
title = {Fast All-Digital Clock Frequency Adaptation Circuit for Voltage Droop Tolerance},
pages = {68-77},
year = {2018},
doi = {10.1109/ASYNC.2018.00025},
url = {https://hal.inria.fr/hal-01936403},
abstract = {Naive handling of supply voltage droops in synchronous circuits results in conservative bounds on clock speeds, resulting in poor performance even if droops are rare. Adaptive strategies detect such potentially hazardous events and either initiate a rollback to a previous state or proactively reduce clock speed in order to prevent timing violations. The performance of such solutions critically depends on a very fast response to droops. However, state-of-the-art solutions incur synchronization delay to avoid that the clock signal is affected by metastability. Addressing the challenges discussed by Keith Bowman in his ASYNC 2017 keynote talk, we present an all-digital circuit that can respond to droops within a fraction of a clock cycle. This is achieved by delaying clock signals based on measurement values while they undergo synchronization simultaneously. We verify our solution by formally proving correctness, complemented by VHDL and Spice simulations of a 65 nm ASIC design confirming the theoretically obtained results.}
}

@article{KSHP-tcs19,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
author = {Kolc{\'a}k, Juraj and {\v S}afr{\'a}nek, David and Haar, Stefan and Paulev{\'e}, Lo{\"i}c},
title = {{Parameter Space Abstraction and Unfolding Semantics of Discrete Regulatory Networks}},
volume = {765},
year = {2019},
pages = {120-144},
doi = {10.1016/j.tcs.2018.03.009},
pdf = {https://hal.archives-ouvertes.fr/hal-01734805/document},
url = {https://hal.archives-ouvertes.fr/hal-01734805/},
abstract = {The modelling of discrete regulatory networks combines a graph specifying the pairwise influences between the variables of the system, and a parametrisation from which can be derived a discrete transition system. Given the influence graph only, the exploration of admissible parametrisations and the behaviours they enable is computationally demanding due to the combinatorial explosions of both parametrisation and reachable state space. This article introduces an abstraction of the parametrisation space and its refinement to account for the existence of given transitions, and for constraints on the sign and observability of influences. The abstraction uses a convex sub-lattice containing the concrete parametrisation space specified by its infimum and supremum parametrisations. It is shown that the computed abstractions are optimal, i.e., no smaller convex sublattice exists. Although the abstraction may introduce over-approximation, it has been proven to be conservative with respect to reachability of states. Then, an unfolding semantics for Parametric Regulatory Networks is defined, taking advantage of concurrency between transitions to provide a compact representation of reachable transitions. A prototype implementation is provided: it has been applied to several examples of Boolean and multi-valued networks, showing its tractability for networks with numerous components.}
}

@inproceedings{JMS-wodes18,
month = may # {-} # jun,
year = 2018,
volume = {51(7)},
series = {IFAC-PapersOnLine},
publisher = {Elsevier Science Publishers},
editor = {Chris Hadjicostis and Jan Komenda},
acronym = {{WODES}'18},
booktitle = {{P}roceedings of the 14th {W}orkshop on {D}iscrete {E}vent {S}ystems
({WODES}'18)},
author = {Lo{\"i}g Jezequel and Agnes Madalinski and Stefan Schwoon},
title = {{Distributed computation of vector clocks in Petri nets unfolding for test selection}},
pages = {106-111},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/JMS-wodes18.pdf},
abstract = {It has been shown that annotating Petri net unfoldings with time stamps allows for
building distributed testers for distributed systems. However, the construction of the annotated
unfolding of a distributed system currently remains a centralized task. In this paper we extend
a distributed unfolding technique in order to annotate the resulting unfolding with time stamps.
This allows for distributed construction of distributed testers for distributed systems.}
}

@article{BHSS-fi18,
publisher = {{IOS} Press},
journal = {Fundamenta Informaticae},
author = {B{\'e}atrice B{\'e}rard and Stefan Haar and Sylvain Schmitz and Stefan Schwoon},
title = {{The Complexity of Diagnosability and Opacity Verification for Petri Nets}},
volume = 161,
number = 4,
year = 2018,
pages = {317-349},
doi = {10.3233/FI-2018-1706},
url = {https://hal.inria.fr/hal-01852119},
abstract = {Diagnosability and opacity are two well-studied problems in discrete-event systems. We revisit these two problems with respect to expressiveness and complexity issues.
\par
We first relate different notions of diagnosability and opacity. We consider in particular fairness issues and extend the definition of Germanos et al. [ACM TECS, 2015] of weakly fair diagnosability for safe Petri nets to general Petri nets and to opacity questions.
\par
Second, we provide a global picture of complexity results for the verification of diagnosability and opacity. We show that diagnosability is NL-complete for finite state systems, PSPACE-complete for safe convergent Petri nets (even with fairness), and EXPSPACE-complete for general Petri nets without fairness, while non diagnosability is inter-reducible with reachability when fault events are not weakly fair. Opacity is ESPACE-complete for safe Petri nets (even with fairness) and undecidable for general Petri nets already without fairness.}
}

@inproceedings{CHP-automata18,
month = jun,
year = 2018,
volume = 10875,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Jan Baetens and Martin Kutrib},
acronym = {{AUTOMATA}'18},
booktitle = {{P}roceedings of the 24th Annual International Workshop on Cellular Automata and Discrete Complex Systems ({AUTOMATA}'18)},
author = {Chatain, {\relax Th}omas and Haar, Stefan and Paulev{\'e}, Lo{\"i}c},
title = {{Boolean Networks: Beyond Generalized Asynchronicity}},
pages = {29-42},
url = {https://hal.inria.fr/hal-01768359v2},
doi = {10.1007/978-3-319-92675-9\_3},
abstract = {Boolean networks are commonly used in systems biology to model dynamics of biochemical networks by abstracting away many (and often unknown) parameters related to speed and species activity thresholds. It is then expected that Boolean networks produce an over-approximation of behaviours (reachable configurations), and that subsequent refinements would only prune some impossible transitions. However, we show that even generalized asynchronous updating of Boolean networks, which subsumes the usual updating modes including synchronous and fully asynchronous, does not capture all transitions doable in a multi-valued or timed refinement. We define a structural model transformation which takes a Boolean network as input and outputs a new Boolean network whose asynchronous updating simulates both synchronous and asynchronous updating of the original network, and exhibits even more behaviours than the generalized asynchronous updating. We argue that these new behaviours should not be ignored when analyzing Boolean networks, unless some knowledge about the characteristics of the system explicitly allows one to restrict its behaviour.}
}

@inproceedings{LGS-atpn18,
month = jun,
year = 2018,
volume = {10877},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Victor Khomenko and {Olivier H.} Roux},
acronym = {{PETRI~NETS}'18},
booktitle = {{P}roceedings of the 39th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'18)},
author = {Engel Lefaucheux and Alessandro Giua and Carla Seatzu},
title = {{Basis Coverability Graph for Partially Observable Petri Nets with Application to Diagnosability Analysis}},
pages = {164-183},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LGS-atpn18.pdf},
abstract = {Petri nets have been proposed as a fundamental model for
discrete-event systems in a wide variety of applications and have been
an asset to reduce the computational complexity involved in solving a
series of problems, such as control, state estimation, fault diagnosis, etc.
Many of those problems require an analysis of the reachability graph
of the Petri net. The basis reachability graph is a condensed version of
the reachability graph that was introduced to efficiently solve problems
linked to partial observation. It was in particular used for diagnosis which
consists in deciding whether some fault events occurred or not in the
system, given partial observations on the run of the system. However
this method is, with very specific exceptions, limited to bounded Petri
nets. In this paper, we introduce the notion of basis coverability graph
to remove this requirement. We then establish the relationship between
the coverability graph and the basis coverability graph. Finally, we focus
on the diagnosability problem: we show how the basis coverability graph
can be used to get an efficient algorithm.}
}

@inproceedings{BBDH-atpn18,
month = jun,
year = 2018,
volume = {10877},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Victor Khomenko and {Olivier H.} Roux},
acronym = {{PETRI~NETS}'18},
booktitle = {{P}roceedings of the 39th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'18)},
author = {Barbot, Beno{\^i}t and B{\'e}rard, B{\'e}atrice and Duplouy, Yann and Haddad, Serge},
title = {{Integrating Simulink Models into the Model Checker Cosmos}},
pages = {363-373},
url = {https://hal.archives-ouvertes.fr/hal-01725835/},
pdf = {https://hal.archives-ouvertes.fr/hal-01725835/document},
doi = {10.1007/978-3-319-91268-4_19},
abstract = {We present an implementation for Simulink model executions in the statistical model-checker Cosmos. We take profit of this implementation for an hybrid modeling combining Petri nets and Simulink models.}
}

@inproceedings{LFV-adhs18,
month = jul,
year = 2018,
number = 16,
volume = 51,
series = {IFAC-PapersOnLine},
publisher = {Elsevier Science Publishers},
editor = {Alessandro Abate and Antoine Girard and Maurice Heemels},
booktitle = {{P}roceedings of the 6th {IFAC} {C}onference on {A}nalysis and
author = {Adrien Le{ }Co{\"e}nt and Laurent Fribourg and Jonathan Vacher},
title = {Control Synthesis for Stochastic Switched Systems using the Tamed Euler Method},
pages = {259-264},
url = {https://doi.org/10.1016/j.ifacol.2018.08.044},
doi = {10.1016/j.ifacol.2018.08.044},
abstract = {In this paper, we explain how, under the one-sided Lipschitz (OSL) hypothesis, one can find an error bound for a variant of the Euler-Maruyama approximation method for stochastic switched systems. We then explain how this bound can be used to control stochastic switched switched system in order to stabilize them in a given region. The method is illustrated on several examples of the literature.}
}

@inproceedings{SGF-ecc18,
month = jun,
year = 2018,
publisher = {{IEEE} Press},
editor = {Thomas Parisini},
acronym = {{ECC}'18},
booktitle = {{P}roceedings of the 16th European Control Conference ({ECC}'18)},
author = {Adnane Saoud and Antoine Girard and Laurent Fribourg},
title = {On the Composition of Discrete and Continuous-time Assume-Guarantee Contracts for Invariance},
pages = {435-440},
url = {https://ieeexplore.ieee.org/document/8550622},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SGF-ecc18.pdf},
doi = {10.23919/ECC.2018.8550622},
abstract = {Many techniques for verifying invariance prop- erties are limited to systems of moderate size. In this paper, we propose an approach based on assume-guarantee contracts and compositional reasoning for verifying invariance properties of a broad class of discrete-time and continuous-time systems consisting of interconnected components. The notion of assume- guarantee contracts makes it possible to divide responsibil- ities among the system components: a contract specifies an invariance property that a component must fulfill under some assumptions on the behavior of its environment (i.e. of the other components). We define weak and strong semantics of assume- guarantee contracts for both discrete-time and continuous-time systems. We then establish a certain number of results for compositional reasoning, which allow us to show that a global invariance property of the whole system is satisfied when all components satisfy their own contract. Interestingly, we show that the weak satisfaction of the contract is sufficient to deal with cascade compositions, while strong satisfaction is needed to reason about feedback composition. Specific results for systems described by differential inclusions are then developed. Throughout the paper, the main results are illustrated using simple examples.}
}

@article{LFMDC-tcs18,
publisher = {Elsevier Science Publishers},
journal = {Theoretical Computer Science},
author = {Adrien Le{ }Co{\"e}nt and
Laurent Fribourg and
Nicolas Markey and
Florian De{ }Vuyst and
Ludovic Chamoin},
title = {Compositional synthesis of state-dependent switching control},
volume = {750},
year = {2018},
pages = {53-68},
doi = {10.1016/j.tcs.2018.01.021},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LFMDC-tcs18.pdf},
url = {https://doi.org/10.1016/j.tcs.2018.01.021},
abstract = {We present a correct-by-design method of state-dependent control synthesis for sampled switching systems. Given a target region R of the state space, our method builds a capture set S and a control that steers any element of S into R. The method works by iterated backward reachability from R. The method is also used to synthesize a recurrence control that makes any state of R return to R infinitely often. We explain how the synthesis method can be performed in a compositional manner, and apply it to the synthesis of a compositional control of a concrete floor-heating system with 11 rooms and up to 2^11=2048 toswitching modes.}
}

@inproceedings{DLM-pnse16,
month = jun,
year = 2016,
volume = 1591,
series = {CEUR Workshop Proceedings},
publisher = {CEUR-WS.org},
editor = {Lawrence Cabac and Lars Michael Kristensen and Heiko R{\"o}lke:},
acronym = {{PNSE}'16},
booktitle = {{P}roceedings of the 10th {I}nternational {W}orkshop on {P}etri
{N}ets and {S}oftware {E}ngineering ({PNSE}'16)},
author = {Alban Linard and
Beno{\^{\i}}t Barbot and
Didier Buchs and
Maximilien Colange and
Cl{\'{e}}ment D{\'{e}}moulins and
Lom{-}Messan Hillah and
Alexis Martin},
title = {Layered Data: {A} Modular Formal Definition without Formalisms},
pages = {287-306},
url = {http://ceur-ws.org/Vol-1591/},
pdf = {http://ceur-ws.org/Vol-1591/paper19.pdf},
abstract = {Defining formalisms and models in a modular way is a painful task. Metamodeling tools and languages have usually not been created with this goal in mind. This article proposes a data structure, called layered data, that allows defining easily modular abstract syntax for for- malisms and models. It also shows its use through an exhaustive example. As a side effect, this article discusses the notion of formalism, and asserts that they do not exist as standalone objects, but rather as relations between models.}
}

@article{LACF-fmsd18,
publisher = {Springer},
journal = {Formal Methods in System Design},
author = {Adrien Le{ }Co{\"{e}}nt and
Julien {Alexandre dit Sandretto} and
Alexandre Chapoutot and
Laurent Fribourg},
title = {An improved algorithm for the control synthesis of nonlinear sampled switched systems},
volume = {53},
number = {3},
year = {2018},
pages = {363-383},
doi = {10.1007/s10703-017-0305-8},
pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LACF-fmsd18.pdf},
abstract = {A novel algorithm for the control synthesis for nonlinear switched systems is presented in this paper. Based on an existing procedure of state-space bisection and made available for nonlinear systems with the help of guaranteed integration, the algorithm has been improved to be able to consider longer patterns of modes with a better pruning approach. Moreover, the use of guaranteed integration also permits to take bounded perturbations and varying parameters into account. It is particularly interesting for safety critical applications, such as in aeronautical, military or medical fields. The whole approach is entirely guaranteed and the induced controllers are correct-by-design. Some experimentations are performed to show the important gain of the new algorithm.}
}

@article{H-ipl18,
publisher = {Elsevier Science Publishers},
journal = {Information Processing Letters},
title = {{Memoryless determinacy of finite parity games: Another simple proof}},
volume = {132},
pages = {19-21},
month = apr,
year = {2018},
pdf = {https://hal.inria.fr/hal-01541508/document},
doi = {10.1016/j.ipl.2017.11.012},
abstract = {Memoryless determinacy of (infinite) parity games is an important result with numerous applications. It was first independently established by Emerson and Jutla [1] and Mostowski [2] but their proofs involve elaborate developments. The elegant and simpler proof of Zielonka [3] still requires a nested induction on the finite number of priorities and on ordinals for sets of vertices. There are other proofs for finite games like the one of BjÃ¶rklund, Sandberg and Vorobyovin [4] that relies on relating infinite and finite duration games. We present here another simple proof that finite parity games are determined with memoryless strategies using induction on the number of relevant states. The closest proof that relies on induction over non absorbing states is the one of GrÃ¤del [5]. However instead of focusing on a single appropriate vertex for induction as we do here, he considers two reduced games per vertex, for all the vertices of the game. The idea of reasoning about a single state has been inspired to me by the analysis of finite stochastic priority games by Karelovic and Zielonka [6].}
}

@inproceedings{CCDJR-lata18,
month = apr,
year = 2018,
volume = {10792},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Mart{\'\i}n-Vide, Carlos},
acronym = {{LATA}'18},
booktitle = {{P}roceedings of the 12th {I}nternational {C}onference on {L}anguage
and {A}utomata {T}heory and {A}pplications ({LATA}'18)},
author = {Chatain, {\relax Th}omas and Comlan, Maurice and Delfieu, David and Jezequel, Lo{\"i}g and Roux, Olivier H.},
title = {Pomsets and Unfolding of Reset Petri Nets},
pages = {258-270},
url = {https://doi.org/10.1007/978-3-319-77313-1_20},
doi = {10.1007/978-3-319-77313-1_20},
abstract = {Reset Petri nets are a particular class of Petri nets where transition firings can remove all tokens from a place without checking if this place actually holds tokens or not. In this paper we look at partial order semantics of such nets. In particular, we propose a pomset bisimulation for comparing their concurrent behaviours. Building on this pomset bisimulation we then propose a generalization of the standard finite complete prefixes of unfolding to the class of safe reset Petri nets.}
}

@inproceedings{MSHPP-cmsb19,
month = sep,
volume = {11773},
series = {Lecture Notes in Bioinformatics},
publisher = {Springer-Verlag},
editor = {Luca Bortolussi and Guido Sanguinetti},
acronym = {{CMSB}'19},
booktitle = {{P}roceedings of the 17th
{C}onference on
{C}omputational {M}ethods in {S}ystem {B}iology
({CMSB}'19)},
author = {Mandon, Hugues and Su, Cui and Haar, Stefan and Pang, Jun and Paulev{\'e}, Lo{\"i}c},
title = {Sequential Reprogramming of Boolean Networks Made Practical},
pages = {3-19},
doi = {10.1007/978-3-030-31304-3_1},
year = 2019,
abstract = {We address the sequential reprogramming of gene regulatory networks modelled as Boolean networks. We develop an attractor-based sequential reprogramming method to compute all sequential reprogramming paths from a source attractor to a target attractor, where only attractors of the network are used as intermediates. Our method is more practical than existing reprogramming methods as it incorporates several practical constraints: (1) only biologically observable states, viz. attractors, can act as intermediates; (2) certain attractors, such as apoptosis, can be avoided as intermediates; (3) certain nodes can be avoided to perturb as they may be essential for cell survival or difficult to perturb with biomolecular techniques; and (4) given a threshold $$k$$, all sequential reprogramming paths with no more than $$k$$ perturbations are computed. We compare our method with the minimal one-step reprogramming and the minimal sequential reprogramming on a variety of biological networks. The results show that our method can greatly reduce the number of perturbations compared to the one-step reprogramming, while having comparable results with the minimal sequential reprogramming. Moreover, our implementation is scalable for networks of more than 60 nodes.}
}

@techreport{DH-hal19,
institution = {HAL},
month = oct,
note = {23~pages},
number = {hal-02306021},
type = {Research Report},
title = {{Autonomous Transitions Enhance CSLTA Expressiveness and Conciseness}},
year = {2019},
url = {https://hal.inria.fr/hal-02306021},
pdf = {https://hal.inria.fr/hal-02306021/document},
abstract = {CSLTA is a stochastic temporal logic for continuous-time Markov chains (CTMC) where formulas similarly to those of CTL* are inductively defined by nesting of timed path formulas and state formulas. In particular a timed path formula of CSLTA is specified by a single-clock Deterministic Timed Automaton (DTA). Such a DTA features two kinds of transitions: synchronizing transitions triggered by CTMC transitions and autonomous transitions triggered by time elapsing that change the location of the DTA when the clock reaches a given threshold. It has already been shown that CSLTA strictly includes stochastic logics like CSL and asCSL. An interesting variant of CSLTA consists in equipping transitions rather than locations by boolean formulas. Here we answer the following question: do autonomous transitions and/or boolean guards on transitions enhance expressiveness and/or conciseness of DTAs? We show that this is indeed the case. In establishing our main results we also identify an accurate syntactical characterization of DTAs for which the autonomous transitions do not add expressive power but lead to exponentially more concise DTAs.}
}

@article{CHKPT-nc19,
publisher = {Springer},
journal = {Natural Computing},
author = {Chatain, {\relax Th}omas and Haar, Stefan and Kolc{\'a}k, Juraj and Paulev{\'e}, Lo{\"i}c and Thakkar, Aalok},
title = {Concurrency in {Boolean} networks},
volume = {19},
pages = {91--109},
year = 2020,
pdf = {https://hal.inria.fr/hal-01893106v2/document},
abstract = {Boolean networks (BNs) are widely used to model the qualitative dynamics
of biological systems. Besides the logical rules determining the evolution of each
component with respect to the state of its regulators, the scheduling of component
updates can have a dramatic impact on the predicted behaviours. In this paper, we
explore the use of Read (contextual) Petri Nets (RPNs) to study dynamics of BNs from
a concurrency theory perspective. After showing bi-directional translations between
RPNs and BNs and analogies between results on synchronism sensitivity, we illustrate
that usual updating modes for BNs can miss plausible behaviours, i.e., incorrectly
conclude on the absence/impossibility of reaching specific configurations. We propose
an encoding of BNs capitalizing on the RPN semantics enabling more behaviour than the
generalized asynchronous updating mode. The proposed encoding ensures a correct
abstraction of any multivalued refinement, as one may expect to achieve when modelling
biological systems with no assumption on its time features.}
}

@inproceedings{BCC-atpn19,
month = jun,
year = 2019,
volume = {11522},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Susanna Donatelli and Stefan Haar},
acronym = {{PETRI~NETS}'19},
booktitle = {{P}roceedings of the 40th
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'19)},
author = {Mathilde Boltenhagen and Thomas Chatain and Josep Carmona},
title = {Generalized Alignment-Based Trace Clustering of Process Behavior},
pages = {237-257},
pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCC-atpn19.pdf},
doi = {10.1007/978-3-030-21571-2_14},
abstract = {Process mining techniques use event logs containing real process executions in order to mine, align and extend process models. The partition of an event log into trace variants facilitates the understanding and analysis of traces, so it is a common pre-processing in process mining environments. Trace clustering automates this partition; traditionally it has been applied without taking into consideration the availability of a process model. In this paper we extend our previous work on process model based trace clustering, by allowing cluster centroids to have a complex structure, that can range from a partial order, down to a subnet of the initial process model. This way, the new clustering framework presented in this paper is able to cluster together traces that are distant only due to concurrency or loop constructs in process models. We show the complexity analysis of the different instantiations of the trace clustering framework, and have implemented it in a prototype tool that has been tested on different datasets.}
}

@article{MSPPHP-ipl19,
publisher = {ACM Press},
journal = {IEEE/ACM Transaction on Computational Biology and Bioinformatics},
author = {Mandon, Hugues and Su, Cui and Pang, Jun and Paul, Soumya and Haar, Stefan and Paulev{\'e}, Lo{\"i}c},
title = {Algorithms for the Sequential Reprogramming of Boolean Networks},
volume = {16},
number = {5},
pages = {1610--1619},
year = 2019,
pdf = {https://hal.archives-ouvertes.fr/hal-02113864/file/main.pdf},
url = {https://hal.archives-ouvertes.fr/hal-02113864}
}

@inproceedings{MFNS-async19,
month = may,
publisher = {{IEEE} Computer Society},
editor = {Marly Roncken and Andrey Mokhov},
acronym = {{ASYNC}'19},
booktitle = {{P}roceedings of the 25th {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'19)},
author = {J{\"u}rgen Maier and
Matthias F{\"u}gger and
Thomas Nowak and
Ulrich Schmid},
title = {Transistor-Level Analysis of Dynamic Delay Models},
pages = {76-85},
year = {2019},
doi = {10.1109/ASYNC.2019.00019},
abstract = {Delay estimation is a crucial task in digital circuit design as it provides the possibility to assure the desired functionality, but also prevents undesired behavior very early. For this purpose elaborate delay models like the Degradation Delay Model (DDM) and the Involution Delay Model (IDM) have been proposed in the past, which facilitate accurate dynamic timing analysis: Both use delay functions that determine the delay of the current input transition based on the time difference T to the previous output one. Currently, however, extensive analog simulations are necessary to determine the (parameters of the) delay function, which is a very time-consuming and cumbersome task and thus limits the applicability of these models. In this paper, we therefore thoroughly investigate the characterization procedures of a CMOS inverter on the transistor level in order to derive analytical expressions for the delay functions. Based on reasonably simple transistor models we identify three operation regions, each described by a different estimation function. Using simulations with two independent technologies, we show that our predictions are not only accurate but also reasonably robust w.r.t. variations. Our results furthermore indicate that the exponential fitting proposed for DDM is actually only partially valid, while our analytic approach can be applied on the whole range. Even the more complex IDM is predicted reasonably accurate.}
}

@proceedings{DH-pn2019,
author = {Susanna Donatelli and Stefan Haar},
editor = {Susanna Donatelli and Stefan Haar},
title = {Proceedings of the 40th International Conference on Application and Theory of Petri Nets and Concurrency ({PETRI NETS}'19)},
booktitle = {Proceedings of the 40th International Conference on Application and Theory of Petri Nets and Concurrency ({Petri Nets}'19)},
month = jun,
series = {Lecture Notes in Computer Science},
volume = {11522},
publisher = {Springer},
year = {2019},
url = {https://doi.org/10.1007/978-3-030-21571-2},
doi = {10.1007/978-3-030-21571-2}
}

@inproceedings{OMFS-patmos19,
month = jul,
publisher = {{IEEE} Press},
acronym = {{PATMOS}'19},
booktitle = {{P}roceedings of the 29th {I}nternational {S}ymposium on {P}ower and {T}iming {M}odeling, {O}ptimization
and {S}imulation ({PATMOS}'19)},
author = {Daniel {\"O}hlinger and J{\"u}rgen Maier and Matthias F{\"u}gger and Ulrich Schmid},
title = {The Involution Tool for Accurate Digital Timingand Power Analysis},
pages = {1-8},
year = {2019},
doi = {10.1109/PATMOS.2019.8862165},
url = {https://doi.org/10.1109/PATMOS.2019.8862165}
}

@incollection{FKN-AiSB2020,
publisher = {Springer},
booktitle = {Advances in Synthetic Biology},
editor = {Vijai Singh},
author = {Matthias F{\"u}gger and Manish Kushwaha and Thomas Nowak},
title = {Digital Circuit Design for Biological and Silicon Computers},
year = 2020,
note = {To appear}
}

@inproceedings{BFLMR-async20,
month = may,
publisher = {{IEEE} Computer Society},
editor = {Andreas Steininger and Matheus T. Moreira},
acronym = {{ASYNC}'20},
booktitle = {{P}roceedings of the 26th {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'20)},
author = {Johannes Bund and Matthias F{\"u}gger and Christoph Lenzen and Moti Medina and Will Rosenbaum},
title = {{PALS: Plesiochronous and Locally Synchronous Systems}},
year = {2020},
pdf = {https://arxiv.org/pdf/2003.05542.pdf}
}

@techreport{BBBFS-arxiv20,
author = {B{\'e}atrice B{\'e}rard and
Benedikt Bollig and
Patricia Bouyer and
Matthias F{\"u}gger and
Nathalie Sznajder},
institution = {Computing Research Repository},
month = feb,
title = {Synthesis in Presence of Dynamic Links},
number = {arXiv:2002.07545},
year = {2020},
url = {https://arxiv.org/abs/2002.07545},
pdf = {https://arxiv.org/pdf/2002.07545.pdf},
abstract = {The problem of distributed synthesis is to automatically generate
a distributed algorithm, given a target communication network and a
specification of the algorithm's correct behavior. Previous work has
focused on static networks with an apriori fixed message size. This
approach has two shortcomings: Recent work in distributed computing
is shifting towards dynamically changing communication networks rather
than static ones, and an important class of distributed algorithms are
so-called full-information protocols, where nodes piggy-pack previously
received messages onto current messages. In this work we consider the
synthesis problem for a system of two nodes communicating in rounds over
a dynamic link whose message size is not bounded. Given a network model,
i.e., a set of link directions, in each round of the execution, the
adversary choses a link from the network model, restricted only by the
specification, and delivers messages according to the current link's
directions. Motivated by communication buses with direct acknowledge
mechanisms we further assume that nodes are aware of which messages
have been delivered. We show that the synthesis problem is decidable
for a network model if and only if it does not contain the empty link
that dismisses both nodes' messages.}
}

@inproceedings{HK-atpn20,
month = jun,
futureseries = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {{\'E}tienne Andr{\'e} and Laure Petrucci},
acronym = {{PETRI~NETS}'20},
booktitle = {{P}roceedings of the 41st
{I}nternational {C}onference on
{A}pplications and {T}heory of {P}etri {N}ets
({PETRI~NETS}'20)},
title = {{D}ynamic {R}ecursive {P}etri {N}ets},
year = 2020,
url = {https://hal.inria.fr/hal-02511321}
}

@inproceedings{DH-lata2020,
month = mar,
volume = {12038},
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Alberto Leporati and
Carlos Mart{\'{\i}}n{-}Vide and
Dana Shapira and
Claudio Zandron},
acronym = {{LATA}'20},
booktitle = {{P}roceedings of the 14th {I}nternational {C}onference on {L}anguage
and {A}utomata {T}heory and {A}pplications ({LATA}'20)},
title = {Expressiveness and Conciseness of Timed Automata for the Verification of Stochastic Models},
pages = {170-183},
year = 2020
}

@inproceedings{KDHKSY-tacas2020,
month = apr,
series = {Lecture Notes in Computer Science},
publisher = {Springer},
editor = {Armin Biere and David Parker},
acronym = {{TACAS}'20},
booktitle = {{P}roceedings of the 26th {I}nternational
{C}onference on {T}ools and {A}lgorithms for
{C}onstruction and {A}nalysis of {S}ystems
({TACAS}'20)},
author = {Juraj Kolc{\'a}k and Jér{'e}my Dubut and Ichiro Hasuo and Shin-Ya Katsumata and David Sprunger and Akihisa Yamada},
title = {Relational Differential Dynamic Logic},
pages = {191--208},
year = 2020
}


This file was generated by bibtex2html 1.98.