@phdthesis{sznajder-phd2009, author = {Sznajder, Nathalie}, title = {Synth{\`e}se de syst{\`e}mes distribu{\'e}s ouverts}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2009, month = nov, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/NS-these09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/NS-these09.pdf} }

@article{BKKL-tse09, publisher = {{IEEE} Computer Society Press}, journal = {IEEE Transactions on Software Engineering}, author = {Bollig, Benedikt and Katoen, Joost-Pieter and Kern, Carsten and Leucker, Martin}, title = {Learning Communicating Automata from~{MSCs}}, volume = {36}, number = {3}, pages = {390-408}, month = may # {-} # jun, year = 2010, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-tse09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-tse09.pdf}, doi = {10.1109/TSE.2009.89}, abstract = {This paper is concerned with bridging the gap between requirements and distributed systems. Requirements are defined as basic message sequence charts (MSCs) specifying positive and negative scenarios. Communicating finite-state machines (CFMs), \textit{i.e.}, finite automata that communicate via FIFO buffers, act as system realizations. The key contribution is a generalization of Angluin's learning algorithm for synthesizing CFMs from MSCs. This approach is exact---the resulting CFM precisely accepts the set of positive scenarions and rejects all negative ones---and yields fully asynchronous implementations. The paper investigates for which classes of MSC languages CFMs can be learned, presents an optimization technique for learning partial orders, and provides substantial empirical evidence indicating the practical feasibility of the approach.} }

@article{BKKL-cai09, publisher = {Slovak Academy of Sciences}, journal = {Computing and Informatics}, author = {Bollig, Benedikt and Katoen, Joost-Pieter and Kern, Carsten and Leucker, Martin}, title = {{SMA}---The Smyle Modeling Approach}, volume = {29}, number = {1}, pages = {45-72}, year = 2010, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-cai09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BKKL-cai09.pdf}, abstract = {This paper introduces the model-based software development lifecycle model \emph{SMA}---the Smyle \emph{Modeling Approach}---which is centered around \emph{Smyle}. \emph{Smyle} is a dedicated learning procedure to support engineers to interactively obtain design models from requirements, characterized as either being desired (positive) or unwanted (negative) system behavior. Within \emph{SMA}, the learning approach is complemented by so-called \emph{scenario patterns} where the engineer can specify \emph{clearly} desired or unwanted behavior. This way, user interaction is reduced to the interesting scenarios limiting the design effort considerably. In~\emph{SMA}, the learning phase is further complemented by an effective analysis phase that allows for detecting design flaws at an early design stage. Using learning techniques allows us to gradually develop and refine requirements, naturally supporting evolving requirements, and allows for a rather inexpensive redesign in case anomalous system behavior is detected during analysis, testing, or maintenance. This paper describes the approach and reports on first practical experiences.} }

@article{BCHMMR-ijwsr09, publisher = {{IGI} Publishing}, journal = {International Journal of Web Services Research}, author = {Boutrous{-}Saab, C{\'e}line and Coulibaly, Demba and Haddad, Serge and Melliti, Tarek and Moreaux, Patrice and Rampacek, Sylvain}, title = {An Integrated Framework for Web Services Orchestration}, volume = 6, number = 4, pages = {1-29}, year = 2009, month = sep, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHMMR-ijwsr09.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHMMR-ijwsr09.pdf}, abstract = {Currently, Web services give place to active research and this is due both to industrial and theoretical factors. On one hand, Web services are essential as the design model of applications dedicated to the electronic business. On the other hand, this model aims to become one of the major formalisms for the design of distributed and cooperative applications in an open environment (the Internet). In this article, the authors will focus on two features of Web services. The first one concerns the interaction problem: given the interaction protocol of a Web service described in BPEL, how to generate the appropriate client? Their approach is based on a formal semantics for BPEL via process algebra and yields an algorithm which decides whether such a client exists and synthesizes the description of this client as a (timed) automaton. The second one concerns the design process of a service. They propose a method which proceeds by two successive refinements: first the service is described via UML, then refined in a BPEL model and finally enlarged with JAVA code using JCSWL, a new language that we introduce here. Their solutions are integrated in a service development framework that will be presented in a synthetic way.} }

@incollection{HI-petrinet-diaz, year = 2009, publisher = {Wiley-ISTE}, editor = {Diaz, Michel}, booktitle = {Petri Nets: Fundamental Models, Verification and Applications}, author = {Haddad, Serge and Ili{\'e}, Jean-Michel}, title = {Symmetry and Temporal Logic}, pages = {435-460}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html} }

@incollection{HV-petrinet-diaz-b, year = 2009, publisher = {Wiley-ISTE}, editor = {Diaz, Michel}, booktitle = {Petri Nets: Fundamental Models, Verification and Applications}, author = {Haddad, Serge and Vernadat, Fran{\c{c}}ois}, title = {Verification of Specific Properties}, pages = {349-414}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html} }

@incollection{HM-petrinet-diaz-c, year = 2009, publisher = {Wiley-ISTE}, editor = {Diaz, Michel}, booktitle = {Petri Nets: Fundamental Models, Verification and Applications}, author = {Haddad, Serge and Moreaux, Patrice}, title = {Tensor Methods and Stochastic {P}etri Nets}, pages = {321-346}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html} }

@incollection{HM-petrinet-diaz-b, year = 2009, publisher = {Wiley-ISTE}, editor = {Diaz, Michel}, booktitle = {Petri Nets: Fundamental Models, Verification and Applications}, author = {Haddad, Serge and Moreaux, Patrice}, title = {Stochastic Well-formed {P}etri Nets}, pages = {303-320}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html} }

@incollection{HM-petrinet-diaz-a, year = 2009, publisher = {Wiley-ISTE}, editor = {Diaz, Michel}, booktitle = {Petri Nets: Fundamental Models, Verification and Applications}, author = {Haddad, Serge and Moreaux, Patrice}, title = {Stochastic {P}etri Nets}, pages = {269-302}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html} }

@incollection{H-petrinet-diaz, year = 2009, publisher = {Wiley-ISTE}, editor = {Diaz, Michel}, booktitle = {Petri Nets: Fundamental Models, Verification and Applications}, author = {Haddad, Serge}, title = {Decidability and Complexity of {P}etri Net Problems}, pages = {87-122}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html} }

@incollection{HV-petrinet-diaz-a, year = 2009, publisher = {Wiley-ISTE}, editor = {Diaz, Michel}, booktitle = {Petri Nets: Fundamental Models, Verification and Applications}, author = {Haddad, Serge and Vernadat, Fran{\c{c}}ois}, title = {Analysis Methods for {P}etri Nets}, pages = {41-86}, url = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1848210795.html} }

@inproceedings{ZBH-lads09, address = {Turin, Italy}, year = 2010, volume = 6039, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Dastani, Mehdi and El~Fallah Seghrouchni, Amal and Leite, Jo{\~a}o and Torroni, Paolo}, acronym = {{LADS}'09}, booktitle = {{R}evised {S}elected {P}apers of the 2nd {W}orkshop on {LA}nguages, methodologies and {D}evelopment tools for multi-agent system{S} ({LADS}'09)}, author = {Zargayouna, Mahdi and Balbo, Flavien and Haddad, Serge}, title = {Agents Secure Interaction in Data Driven Languages}, pages = {72-91}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/ZBH-lads09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/ZBH-lads09.pdf}, doi = {10.1007/978-3-642-13338-1_5}, abstract = {This paper discusses the security issues in data driven coordination languages. These languages rely on a data space shared by the agents and used to coordinate their activities. We extend these languages with a main distinguishing feature, which is the possibility to define fine-grained security conditions, associated with every datum in the shared space. Two main ideas makes it possible: the consideration of an abstraction of agents' states in the form of data at language level and the introduction of a richer interaction mechanism than state-of-the-art templates. This novel security mechanism allows both agents and system designers to prohibit undesirable interactions.} }

@techreport{LSV:09:16, author = {B{\'e}rard, B{\'e}atrice and Haddad, Serge and Sassolas, Mathieu}, title = {Verification on Interrupt Timed Automata}, institution = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, year = {2009}, month = jul, type = {Research Report}, number = {LSV-09-16}, url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2009-16.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2009-16.pdf}, note = {16~pages}, abstract = {The class of Interrupt Timed Automata (ITA) has been introduced to model multi-task systems with interruptions in a single processor environment. This is a subclass of hybrid automata in which real valued variables consist of a restricted type of stopwatches (variables with rate \(0\) or~\(1\)) organized along levels. While reachability is undecidable with usual stopwatches, it was proved that this problem is decidable in ITA and that untimed languages of ITA are effectively regular. Here we investigate the problem of model checking timed extensions of CTL over ITA and show in contrast that this problem is undecidable. On~the other hand, we prove that model checking is decidable for two relevant fragments of this timed logic: (1)~the~first one where formula contain only model clocks and (2)~the~second one where formulas have a single external clock.} }

@inproceedings{HMY-msr09, address = {Nantes, France}, month = nov, year = 2009, number = {7-9}, volume = {43}, series = {Journal Europ{\'e}en des Syst{\`e}mes Automatis{\'e}s}, publisher = {Herm{\`e}s}, editor = {Lime, Didier and Roux, Olivier H.}, acronym = {{MSR}'09}, booktitle = {{A}ctes du 7{\`e}me {C}olloque sur la {M}od{\'e}lisation des {S}yst{\`e}mes {R}{\'e}actifs ({MSR}'09)}, author = {Haddad, Serge and Mokdad, Lynda and Youcef, Samir}, title = {Bornes du temps de r{\'e}ponse des services Web composites}, pages = {969-983}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HMY-msr09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HMY-msr09.pdf}, abstract = {The quality of service (QoS) of Web services is a key factor of their success. This requires to design new methods in order to study~it. Here we propose families of upper bounding models for the response time of composite Web services for two kinds of composition: the statical and random {"}fork and merge{"}. In~the first~case, the~complexity of bounding models belongs to~\(O(n\cdot \sqrt{n})\) where \(n\)~is the number of called services whereas the complexity of the exact model belongs to~\(O(n^2)\). In~the second~case, the~complexity of bounding models still belongs to~\(O(n\cdot \sqrt{n})\) whereas the complexity of the exact model belongs to~\(O(n^3)\). Furthermore, having a family of bounding models allows to choose the bounding model depending on the parameters of the exact model. The numerical results show the interest of our approach w.r.t. complexity and accuracy of the bound.} }

@inproceedings{ACDFR-msr09, address = {Nantes, France}, month = nov, year = 2009, number = {7-9}, volume = {43}, series = {Journal Europ{\'e}en des Syst{\`e}mes Automatis{\'e}s}, publisher = {Herm{\`e}s}, editor = {Lime, Didier and Roux, Olivier H.}, acronym = {{MSR}'09}, booktitle = {{A}ctes du 7{\`e}me {C}olloque sur la {M}od{\'e}lisation des {S}yst{\`e}mes {R}{\'e}actifs ({MSR}'09)}, author = {Andr{\'e}, {\'E}tienne and Chatain, {\relax Th}omas and De{ }Smet, Olivier and Fribourg, Laurent and Ruel, Silvain}, title = {Synth{\`e}se de contraintes temporis{\'e}es pour une architecture d'automatisation en r{\'e}seau}, pages = {1049-1064}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/ACDFR-msr09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/ACDFR-msr09.pdf}, abstract = {We deal with the problem of synthesis of timing constraints for concurrent systems. Such systems are modeled by networks of timed automata where some constants, represented as parameters, can be tuned. A suitable value of these parameters is assumed to be known from a preliminarily simulation process. We present a method which infers a zone of suitable points around this reference functioning point. This zone is defined by a system of linear inequalities over the parameters. This method is applied to the case study of a networked automation system.} }

@inproceedings{CDL-adhs09, address = {Zaragoza, Spain}, month = sep, year = 2009, editor = {Giua, Alessandro and Silva, Manuel and Zaytoon, Janan}, acronym = {{ADHS}'09}, booktitle = {{P}roceedings of the 3rd {IFAC} {C}onference on {A}nalysis and {D}esign of {H}ybrid {S}ystems ({ADHS}'09)}, author = {Chatain, {\relax Th}omas and David, Alexandre and Larsen, Kim G.}, title = {Playing Games with Timed Games}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CDL-adhs09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CDL-adhs09.pdf}, abstract = {In this paper we focus on property-preserving preorders between timed game automata and their application to control of partially observable systems. Following the example of timed simulation between timed automata, we define timed alternating simulation as a preorder between timed game automata, which preserves controllability. We define a method to reduce the timed alternating simulation problem to a safety game. We show how timed alternating simulation can be used to control efficiently a partially observable system. This method is illustrated by a generic case study.} }

@inproceedings{BCDL-formats09, address = {Budapest, Hungary}, month = sep, year = 2009, volume = 5813, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Ouaknine, Jo{\"e}l and Vaandrager, Frits}, acronym = {{FORMATS}'09}, booktitle = {{P}roceedings of the 7th {I}nternational {C}onference on {F}ormal {M}odelling and {A}nalysis of {T}imed {S}ystems ({FORMATS}'09)}, author = {Bulychev, Peter and Chatain, {\relax Th}omas and David, Alexandre and Larsen, Kim G.}, title = {Checking simulation relation between timed game automata}, pages = {73-87}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCDL-formats09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCDL-formats09.pdf}, doi = {10.1007/978-3-642-04368-0_8}, abstract = {In this paper we focus on property-preserving preorders between timed game automata and their application to control of partially observable systems. We define timed weak alternating simulation as a preorder between timed game automata, which preserves controllability. We define the rules of building a symbolic turn-based two-player game such that the existence of a winning strategy is equivalent to the simulation being satisfied. We also propose an on-the-fly algorithm for solving this game. This simulation checking method can be applied to the case of non-alternating or strong simulations as well. We illustrate our algorithm by a case study and report on results.} }

@inproceedings{HP-qest09, address = {Budapest, Hungary}, month = sep, year = 2009, publisher = {{IEEE} Computer Society Press}, acronym = {{QEST}'09}, booktitle = {{P}roceedings of the 6th {I}nternational {C}onference on {Q}uantitative {E}valuation of {S}ystems ({QEST}'09)}, author = {Haddad, Serge and Pekergin, Nihal}, title = {Using Stochastic Comparison for Efficient Model Checking of Uncertain {M}arkov Chains}, pages = {177-186}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HP-qest09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HP-qest09.pdf}, doi = {10.1109/QEST.2009.42}, abstract = {We consider model checking of Discrete Time Markov Chains~(DTMC) with transition probabilities which are not exactly known but lie in a given interval. Model checking a Probabilistic Computation Tree Logic~(PCTL) formula for interval-valued DTMCs~(IMC) has been shown to be NP hard and co-NP hard. Since the state space of a realistic DTMC is generally huge, these lower bounds prevent the application of exact algorithms for such models. Therefore we propose to apply the stochastic comparison method to check an extended version of PCTL for IMCs. More precisely, we first design linear time algorithms to quantitatively analyze IMCs. Then we develop an efficient, semi-decidable PCTL model checking procedure for IMCs. Furthermore, our procedure returns more refined answers than traditional ones: YES, NO, DON'T~KNOW. Thus we may provide useful partial information for modelers in the {"}DON'T~KNOW{"} case.} }

@inproceedings{RBH-formats09, address = {Budapest, Hungary}, month = sep, year = 2009, volume = 5813, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Ouaknine, Jo{\"e}l and Vaandrager, Frits}, acronym = {{FORMATS}'09}, booktitle = {{P}roceedings of the 7th {I}nternational {C}onference on {F}ormal {M}odelling and {A}nalysis of {T}imed {S}ystems ({FORMATS}'09)}, author = {Bouillard, Anne and Haar, Stefan and Rosario, Sidney}, title = {Critical paths in the Partial Order Unfolding of a Stochastic {P}etri Net}, pages = {43-57}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHR-formats09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHR-formats09.pdf}, doi = {10.1007/978-3-642-04368-0_6}, abstract = {In concurrent real-time processes, the speed of individual components has a double impact: on the one hand, the overall latency of a compound process is affected by the latency of its components. But, if the composition has race conditions, the very outcome of the process will also depend on the latency of component processes. Using stochastic Petri nets, we investigate the probability of a transition occurrence being critical for the entire process, i.e. such that a small increase or decrease of the duration of the occurrence entails an increase or decrease of the total duration of the process. The first stage of the analysis focuses on occurrence nets, as obtained by partial order unfoldings, to determine criticality of events; we then lift to workflow nets to investigate criticality of transitions inside a workflow.} }

@inproceedings{LA-ictac09, address = {Kuala Lumpur, Malaysia}, month = aug, year = 2009, volume = 5684, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Leucker, Martin and Morgan, Carroll}, acronym = {{ICTAC}'09}, booktitle = {{P}roceedings of the 6th {I}nternational {C}olloquium on {T}heoretical {A}spects of {C}omputing ({ICTAC}'09)}, author = {Longuet, Delphine and Aiguier, Marc}, title = {Integration Testing from Structured First-Order Specifications via Deduction Modulo}, pages = {261-276}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LA-ictac09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LA-ictac09.pdf}, doi = {10.1007/978-3-642-03466-4_17}, abstract = {Testing from first-order specifications has mainly been studied for flat specifications, that are specifications of a single software module. However, the specifications of large software systems are generally built out of small specifications of individual modules, by enriching their union. The aim of integration testing is to test the composition of modules assuming that they have previously been verified, i.e. assuming their correctness. One of the main method for the selection of test cases from first-order specifications, called axiom unfolding, is based on a proof search for the different instances of the property to be tested, thus allowing the coverage of this property. The idea here is to use deduction modulo as a proof system for structured first-order specifications in the context of integration testing, so as to take advantage of the knowledge of the correctness of the individual modules.} }

@article{RBHJ-tsc08, publisher = {{IEEE} Computer Society Press}, journal = {IEEE Transactions on Services Computing}, author = {Rosario, Sidney and Benveniste, Albert and Haar, Stefan and Jard, Claude}, title = {Probabilistic {Q}o{S} and Soft Contracts for Transaction-Based Web Services Orchestrations}, pages = {187-200}, volume = 1, number = 4, month = oct # {-} # dec, year = 2008, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/RBHJ-tsc08.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/RBHJ-tsc08.pdf}, doi = {10.1109/TSC.2008.17}, abstract = {Service level agreements (SLAs), or contracts, have an important role in web services. They define the obligations and rights between the provider of a web service and its client, about the function and the Quality of the service (QoS). For composite services like orchestrations, contracts are deduced by a process called QoS contract composition, based on contracts established between the orchestration and the called web services. Contracts are typically stated as hard guarantees (e.g., response time always less than 5 msec). Using hard bounds is not realistic, however, and more statistical approaches are needed. In this paper we propose using soft probabilistic contracts instead, which consist of a probability distribution for the considered QoS parameter---in this paper, we focus on timing. We show how to compose such contracts, to yield a global probabilistic contract for the orchestration. Our approach is implemented by the TOrQuE tool. Experiments on TOrQuE show that overly pessimistic contracts can be avoided and significant room for safe overbooking exists. An essential component of SLA management is then the continuous monitoring of the performance of called web services, to check for violations of the SLA. We propose a statistical technique for run-time monitoring of soft contracts.} }

@inproceedings{BRBH-atpn09, address = {Paris, France}, month = jun, year = 2009, volume = 5606, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Franceschinis, Giuliana and Wolf, Karsten}, acronym = {{PETRI~NETS}'09}, booktitle = {{P}roceedings of the 30th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'09)}, author = {Bouillard, Anne and Rosario, Sidney and Benveniste, Albert and Haar, Stefan}, title = {Monotonicity in Service Orchestrations}, pages = {263-282}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BRBH-atpn09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BRBH-atpn09.pdf}, doi = {10.1007/978-3-642-02424-5_16}, abstract = {Web Service orchestrations are compositions of different Web Services to form a new service. The services called during the orchestration guarantee a given performance to the orchestrater, usually in the form of contracts.\par These contracts can be used by the orchestrater to deduce the contract it can offer to its own clients, by performing contract composition. An implicit assumption in contract based QoS management is: {"}the better the component services perform, the better the orchestration's performance will~be{"}. Thus, contract based QoS management for Web services orchestrations implicitly assumes monotony.\par In some orchestrations, however, monotony can be violated, i.e., the performance of the orchestration improves when the performance of a component service degrades. This is highly undesirable since it can render the process of contract composition inconsistent.\par In this paper we define monotony for orchestrations modelled by Colored Occurrence Nets (CO-nets) and we characterize the classes of monotonic orchestrations. We show that few orchestrations are indeed monotonic, mostly since latency can be traded for quality of data. We also propose a sound refinement of monotony, called \emph{conditional monotony}, which forbids this kind of cheating and show that conditional monotony is widely satisfied by orchestrations. This finding leads to reconsidering the way SLAs should be formulated.} }

@incollection{EFH-tsmaai09, author = {El~Fallah Seghrouchni, Amal and Haddad, Serge}, title = {Interop{\'e}rabilit{\'e} des syst{\`e}mes multi-agents {\`a} l'aide des services web}, booktitle = {Technologies des syst{\`e}mes multi-agents et applications industrielles}, editor = {El~Fallah Seghrouchni, Amal and Briot, Jean-Pierre}, publisher = {Herm{\`e}s}, year = 2009, month = apr, pages = {77-99}, chapter = 3, url = {http://www.lavoisier.fr/notice/fr2746217850.html}, nops = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/.ps}, nopsgz = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PSGZ/.ps.gz}, futureisbn = {} }

@inproceedings{HKPPT-acc09, address = {Saint Louis, Missouri, USA}, month = jun, year = 2009, acronym = {{ACC}'09}, booktitle = {{P}roceedings of the 28th {A}merican {C}ontrol {C}onference ({ACC}'09)}, author = {Haddad, Serge and Kordon, Fabrice and Petrucci, Laure and Pradat{-}Peyre, Jean-Fran{\c{c}}ois and Tr{\`e}ves, Nicolas}, title = {Efficient State-Based Analysis by Introducing Bags in {P}etri Nets Color Domains}, pages = {5018-5025}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HKPPT-acc09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/HKPPT-acc09.pdf}, doi = {10.1109/ACC.2009.5160020}, abstract = {The use of high-level nets, such as coloured Petri nets, is very convenient for modelling complex controllable systems in order to have a compact, readable and structured specification. However, when coming to the analysis phase, using too elaboratc types becomes a burden.\par A good trade-off between expressivene and analy is capabilities is then to have only imple types, which is achieved with symmetric nels. These latter nels enjoy the possibility of generating a symbolic reachability gralph, which is much smallcr than the whole state space and still allows for exhaustive analysis.\par In this paper, we extend the symmetric net model with bags on arcs. Hence, variables can be bags of tokens,leading to more flexible models. We show that symmetric nets with bags also allow for applying the symbolic reachability graph technique with application to deadlock detection and more generally for safety properties.} }

@misc{dots-2.2, author = {Chatain, {\relax Th}omas and Gastin, Paul and Muscholl, Anca and Sznajder, Nathalie and Walukiewicz, Igor and Zeitoun, Marc}, title = {Distributed control for restricted specifications}, howpublished = {Deliverable DOTS~2.2 (ANR-06-SETI-003)}, year = 2009, month = mar }

@article{DHS-tose09, publisher = {{IEEE} Computer Society Press}, journal = {IEEE Transactions on Software Engineering}, author = {Donatelli, Susanna and Haddad, Serge and Sproston, Jeremy}, title = {Model Checking Timed and Stochastic Properties with {CSL\textsuperscript{TA}}}, volume = 35, number = 2, month = mar # {-} # apr, year = 2009, pages = {224-240}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DHS-tose09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DHS-tose09.pdf}, doi = {10.1109/TSE.2008.108}, abstract = {Markov chains are a well-known stochastic process that provide a balance between being able to adequately model the system's behavior and being able to afford the cost of the model solution. Systems can be modelled directly as Markov chains, or with a higher-level formalism for which Markov chains represent the underlying semantics. Markov chains are widely used to study the performance of computer and telecommunication systems. The definition of stochastic temporal logics like Continuous Stochastic Logic~(CSL) and its variant~asCSL, and of their model-checking algorithms, allows a unified approach to the verification of systems, allowing the mix of performance evaluation and probabilistic verification. \par In this paper we present the stochastic logic CSL\textsuperscript{TA} , which is more expressive than CSL and~asCSL, and in which properties can be specified using automata (more precisely, timed automata with a single clock). The extension with respect to expressiveness allows the specification of properties referring to the probability of a finite sequence of timed events. A~typical example is the responsiveness property {"}with probability at least~0.75, a~message sent at time~0 by a system~\(A\) will be received before time~5 by system~\(B\) and the acknowledgment will be back at~\(A\) before time~7{"}, a property that cannot be expressed in either CSL or~asCSL. Furthermore, the choice of using automata rather than the classical temporal operators Next and Until should help in enlarging the accessibility of model checking to a larger public. We~also present a model-checking algorithm for~CSL\textsuperscript{TA}.} }

@inproceedings{BG-dlt09, address = {Stuttgart, Germany}, month = jun # {-} # jul, year = 2009, volume = {5583}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Diekert, Volker and Nowotka, Dirk}, acronym = {{DLT}'09}, booktitle = {{P}roceedings of the 13th {I}nternational {C}onference on {D}evelopments in {L}anguage {T}heory ({DLT}'09)}, author = {Bollig, Benedikt and Gastin, Paul}, title = {Weighted versus Probabilistic Logics}, pages = {18-38}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BG-dlt09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BG-dlt09.pdf}, doi = {10.1007/978-3-642-02737-6_2}, abstract = {While a mature theory around logics such as MSO, LTL, and CTL has been developed in the pure boolean setting of finite automata, weighted automata lack such a natural connection with (temporal) logic and related verification algorithms. In this paper, we will identify weighted versions of MSO and CTL that generalize the classical logics and even other quantitative extensions such as probabilistic CTL. We establish expressiveness results on our logics giving translations from weighted and probabilistic CTL into weighted MSO.} }

@inproceedings{BHKL-ijcai2009, address = {Pasadena, California, USA}, month = jul, year = 2009, publisher = {AAAI Press}, editor = {Boutilier, Craig}, acronym = {{IJCAI}'09}, booktitle = {{P}roceedings of the 21st {I}nternational {J}oint {C}onference on {A}rtificial {I}ntelligence ({IJCAI}'09)}, author = {Bollig, Benedikt and Habermehl, Peter and Kern, Carsten and Leucker, Martin}, title = {Angluin-Style Learning of~{NFA}}, pages = {1004-1009}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHKL-ijcai09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BHKL-ijcai09.pdf}, abstract = {We introduce NL\(^{*}\), a learning algorithm for inferring non-deterministic finite-state automata using membership and equivalence queries. More specifically, residual finite-state automata (RFSA) are learned similarly as in Angluin's popular L\(^{*}\) algorithm, which, however, learns deterministic finite-state automata~(DFA). Like in a~DFA, the~states of an RFSA represent residual languages. Unlike a~DFA, an~RFSA restricts to prime residual languages, which cannot be described as the union of other residual languages. In~doing~so, RFSA can be exponentially more succinct than~DFA. They are, therefore, the preferable choice for many learning applications. The implementation of our algorithms is applied to a collection of examples and confirms the expected advantage of NL\(^{*}\) over L\(^{*}\).} }

@article{LAL-jar09, publisher = {Springer}, journal = {Journal of Automated Reasoning}, author = {Longuet, Delphine and Aiguier, Marc and Le{~}Gall, Pascale}, title = {Proof-guided test selection from first-order specifications with equality}, year = {2010}, month = dec, volume = 45, number = 4, pages = {437-473}, nmnote = {special issue on Tests and Proofs}, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LAL-jar09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/LAL-jar09.pdf}, ps = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/LAL-jar09.ps}, doi = {10.1007/s10817-009-9128-7}, abstract = {This paper deals with test case selection from axiomatic specifications whose axioms are quantifier-free first-order formulas with equality. We first prove the existence of an ideal exhaustive test set to start the selection from. We then propose an extension of the test selection method called axiom unfolding, originally defined for algebraic specifications, to quantifier-free first-order specifications with equality. This method basically consists of a case analysis of the property under test (the test purpose) according to the specification axioms. It is based on a proof search for the different instances of the test purpose. Since the calculus is sound and complete, this allows us to provide a full coverage of this property. The generalisation we propose allows to deal with any kind of predicate (not only equality) and with any form of axiom and test purpose (not only equations or Horn clauses). Moreover, it improves our previous works with efficiently dealing with the equality predicate, thanks to the paramodulation rule.} }

@article{GSZ-fmsd09, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {Gastin, Paul and Sznajder, Nathalie and Zeitoun, Marc}, title = {Distributed synthesis for well-connected architectures}, volume = 34, number = 3, pages = {215-237}, month = jun, year = 2009, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/GSZ-fmsd09.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/GSZ-fmsd09.pdf}, doi = {10.1007/s10703-008-0064-7}, abstract = {We study the synthesis problem for external linear or branching specifications and distributed, synchronous architectures with arbitrary delays on processes. External means that the specification only relates input and output variables. We introduce the subclass of uniformly well-connected (UWC) architectures for which there exists a routing allowing each output process to get the values of all inputs it is connected to, as soon as possible. We prove that the distributed synthesis problem is decidable on UWC architectures if and only if the output variables are totally ordered by their knowledge of input variables. We also show that if we extend this class by letting the routing depend on the output process, then the previous decidability result fails. Finally, we provide a natural restriction on specifications under which the whole class of UWC architectures is decidable.} }

@techreport{rr-lsv-10-23, author = {Bonnet, R{\'e}mi and Finkel, Alain and Haddad, Serge and Rosa{-}Velardo, Fernando}, title = {Comparing Petri Data Nets and Timed Petri Nets}, institution = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, year = {2010}, month = dec, type = {Research Report}, number = {LSV-10-23}, url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-23.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-23.pdf}, note = {16~pages}, abstract = {Well-Structured Transitions Systems (WSTS) constitute a generic class of infinite-state systems for which several properties like coverability remain decidable. The family of coverability languages that they generate is an appropriate criterium for measuring their expressiveness. Here we establish that Petri Data nets (PDNs) and Timed Petri nets (TdPNs), two powerful classes of WSTS are equivalent w.r.t this criterium.} }

@article{bbdfh-pe10, publisher = {Elsevier Science Publishers}, journal = {Performance Evaluation}, author = {Baarir, Souheib and Beccuti, Marco and Dutheillet, Claude and Franceschinis, Giuliana and Haddad, Serge}, title = {Lumping partially symmetrical stochastic models}, volume = 76, nunmber = 1, month = jan, pages = {21-44}, year = 2011, url = {http://www.lsv.fr/Publis/PAPERS/PDF/bbdfh-pe10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/bbdfh-pe10.pdf}, doi = {10.1016/j.peva.2010.09.002}, abstract = {The performance and dependability evaluation of complex systems by means of dynamic stochastic models (e.g. Markov chains) may be impaired by the combinatorial explosion of their state space. Among the possible methods to cope with this problem, symmetry-based ones can be applied to systems including several similar components. Often however these systems are only partially symmetric: their behavior is in general symmetric except for some local situation when the similar components need to be differentiated.\par In this paper two methods to efficiently analyze partially symmetrical models are presented in a general setting and the requirements for their efficient implementation are discussed. Some case studies are presented to show the methods' effectiveness and their applicative interest.} }

@mastersthesis{rodriguez-master, author = {Rodr{\'\i}guez, C{\'e}sar}, title = {Implementation of a complete prefix unfolder for contextual nets}, school = {{M}aster {P}arisien de {R}echerche en {I}nformatique, Paris, France}, type = {Rapport de {M}aster}, year = {2010}, month = sep, url = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-m2.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-m2.pdf} }

@inproceedings{hmy-bpsc10, address = {Leipzig, Germany}, month = sep # {-} # oct, year = 2010, volume = {177}, series = {Lecture Notes in Informatics}, publisher = {Gesellschaft f{\"u}r Informatik}, editor = {Abramowicz, Witold and Alt, Rainer and F{\"a}hnrich, Klaus-Peter and Franczyk, Bogdan and Maciaszek, Leszek A.}, acronym = {{ISSS}{\slash}{BPSC}'10}, booktitle = {{P}roceedings of the 2nd {I}nternational {S}ymposium on {S}ervices {S}cience and 3rd {I}nternational {C}onference on {B}usiness {P}rocess and {S}ervices {C}omputing ({ISSS}{\slash}{BPSC}'10)}, author = {Haddad, Serge and Mokdad, Lynda and Youcef, Samir}, title = {Selection of the Best composite Web Service Based on Quality of Service}, pages = {255-266}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/hmy-bpsc10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hmy-bpsc10.pdf}, abstract = {The paper proposes a general framework to composite Web services selection based on multicriteria evaluation. The proposed framework extends the Web services architecture by adding, in the registry, a new Multicriteria Evaluation Component~(MEC) devoted to multicriteria evaluation. This additional component takes as input a set of composite Web services and a set of evaluation criteria and generates a set of recommended composite Web services. In~addition to the description of the conceptual architecture of the formwork, the paper also proposes solutions to construct and evaluate composite web services. In order to show the feasibility of the proposed architecture, we~have developed a prototype based on the open source jUDDI registry.} }

@techreport{rr-lsv-10-17, author = {B{\'e}rard, B{\'e}atrice and Haddad, Serge and Sassolas, Mathieu and Zeitoun, Marc}, title = {Distributed Synthesis with Incomparable Information}, institution = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, year = {2010}, month = oct, type = {Research Report}, number = {LSV-10-17}, url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-17.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2010-17.pdf}, note = {20~pages}, abstract = {Given (1)~an architecture defined by processes and communication channels between them or with the environment, and (2)~a~specification on the messages transmitted over the channels, distributed synthesis aims at deciding existence of local programs, one for each process, that together meet the specification, whatever the environment does. Recent work shows that this problem can be solved when a \emph{linear preorder} sorts the agents w.r.t. the information received from the environment.\par In this paper we show a new decidability result in the case where this preorder is broken by the addition of noisy agents embedded in a pipeline architecture. This case cannot be captured by the classical framework. Besides, this architecture makes it possible to model particular security threats, known as covert channels, where two users (the sender and the receiver) manage to communicate via a noisy protocol, and despite incomparable views over the environment.} }

@inproceedings{haar-wodes10, address = {Berlin, Germany}, month = aug # {-} # sep, year = 2010, publisher = {IFAC}, editor = {Raisch, J{\"o}rg and Giua, Alessandro and Lafortune, St{\'e}phane and Moor, Thomas}, acronym = {{WODES}'10}, booktitle = {{P}roceedings of the 10th {W}orkshop on {D}iscrete {E}vent {S}ystems ({WODES}'10)}, author = {Haar, Stefan}, title = {What Topology Tells us about Diagnosability in Partial Order Semantics}, pages = {221-226}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/SH-wodes10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SH-wodes10.pdf}, abstract = {From a partial observation of the behaviour of a labeled Discrete Event System, fault Diagnosis strives to determine whether or not a given {"}invisible{"} fault event has occurred. The diagnosability problem can be stated as follows: does the labeling allow for an outside observer to determine the occurrence of the fault, no later than a bounded number of events after that unobservable occurrence? In concurrent systems, partial order semantics adds to the difficulty of the problem, but also provides a richer and more complex picture of observation and diagnosis. In particular, it is crucial to clarify the intuitive notion of {"}time after fault occurrence{"}. To this end, we will use a unifying metric framework for event structures, providing a general topological description of diagnosability in both sequential and nonsequential semantics for Petri nets.} }

@inproceedings{AGMN-fsttcs10, address = {Chennai, India}, month = dec, year = 2010, volume = 8, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Lodaya, Kamal and Mahajan, Meena}, acronym = {{FSTTCS}'10}, booktitle = {{P}roceedings of the 30th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'10)}, author = {Akshay, S. and Gastin, Paul and Mukund, Madhavan and Narayan Kumar, K.}, title = {Model checking time-constrained scenario-based specifications}, pages = {204-215}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-fsttcs10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-fsttcs10.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2010.204}, abstract = {We consider the problem of model checking message-passing systems with real-time requirements. As behavioural specifications, we use message sequence charts (MSCs) annotated with timing constraints. Our system model is a network of communicating finite state machines with local clocks, whose global behaviour can be regarded as a timed automaton. Our goal is to verify that all timed behaviours exhibited by the system conform to the timing constraints imposed by the specification. In general, this corresponds to checking inclusion for timed languages, which is an undecidable problem even for timed regular languages. However, we show that we can translate regular collections of time-constrained MSCs into a special class of event-clock automata that can be determinized and complemented, thus permitting an algorithmic solution to the model checking problem.} }

@proceedings{GL-concur10, author = {Gastin, Paul and Laroussinie, Fran{\c{c}}ois}, editor = {Gastin, Paul and Laroussinie, Fran{\c{c}}ois}, title = {{P}roceedings of the 21st {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'10)}, booktitle = {{P}roceedings of the 21st {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'10)}, year = 2010, month = aug # {-} # sep, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {6269}, url = {http://www.springerlink.com/content/978-3-642-15374-7}, doi = {10.1007/978-3-642-15375-4} }

@phdthesis{akshay-phd2010, author = {Akshay, S.}, title = {Sp{\'e}cification et v{\'e}rification pour des syst{\`e}mes distribu{\'e}s et temporis{\'e}s}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2010, month = jul, url = {http://www.lsv.fr/Publis/PAPERS/PDF/akshay-phd.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/akshay-phd.pdf} }

@inproceedings{BDF-nsmc10, address = {Williamsburg, Virginia, USA}, month = sep, year = 2010, editor = {Benzi, Michele and Dayar, Tugrul}, acronym = {{NSMC}'10}, booktitle = {{P}roceedings of the 6th {I}nternational {M}eeting on the {N}umerical {S}olution of {M}arkov {C}hain ({NSMC}'10)}, author = {Bu\v{s}i\'{c}, Ana and Djafri, Hilal and Fourneau, Jean-Michel}, title = {Stochastic Bounds for Censored {M}arkov Chains}, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-nsmc10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-nsmc10.pdf}, abstract = {Censored Markov chains~(CMC) allow to represent the conditional behavior of a system within a subset of observed states. They provide a theoretical framework to study the truncation of a discrete-time Markov chain when the generation of the state-space is too hard or when the number of states is too large. But the stochastic matrix of a CMC may be difficult to obtain. Dayar \textit{et~al.}~(2006) have proposed an algorithm, called DPY, that computes a stochastic bounding matrix for a CMC with a smaller complexity with only a partial knowledge of the chain. We prove that this algorithm is optimal for the information they take into account. We also show how some additional knowledge on the chain can improve stochastic bounds for~CMC.} }

@inproceedings{CJ-notere10, address = {Tozeur, Tunisia}, month = may # {-} # jun, year = 2010, publisher = {{IEEE} Computer Society Press}, noeditor = {}, acronym = {{NOTERE}'10}, booktitle = {{A}ctes de la 10{\`e}me {C}onf{\'e}rence {I}nternationale sur les {NO}uvelles {TE}chnologies de la {R\'E}partition ({NOTERE}'10)}, author = {Chatain, {\relax Th}omas and Jard, Claude}, title = {S{\'e}mantique concurrente symbolique des r{\'e}seaux de {P}etri saufs et d{\'e}pliages finis des r{\'e}seaux temporels}, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-notere10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-notere10.pdf}, abstract = {On consid\`ere des r\'eseaux de Petri color\'es, \`a contraintes lin\'eaires et pouvant poss\'eder des arcs de lecture. Sur cette classe, on d\'efinit une s\'emantique concurrente en termes de processus d'ordre partiel permettant de garder explicite l'ind\'ependance entre des tirs de transitions. L'ensemble des processus peut \^etre repr\'esent\'e en utilisant la notion de d\'epliage symbolique. Nous montrons alors comment les r\'eseaux de Petri temporels peuvent \^etre cod\'es dans ce mod\`ele \`a l'aide d'une transformation syntaxique pr\'eservant la concurrence. Cette transformation permet de d\'efinir la notion de d\'epliage de r\'eseaux de Petri temporels et d'en donner une repr\'esentation par pr\'efixe fini.} }

@inproceedings{BFCH-dsn09, address = {Estoril, Portugal}, month = jun # {-} # jul, year = 2009, publisher = {{IEEE} Computer Society Press}, noeditor = {}, acronym = {{DSN}'09}, booktitle = {{P}roceedings of the 39th {A}nnual {IEEE}{\slash}{IFIP} {I}nternational {C}onference on {D}ependable {S}ystems and {N}etworks ({DSN}'09)}, author = {Beccuti, Marco and Franceschinis, Giuliana and Codetta{-}Raiteri, Daniele and Haddad, Serge}, title = {Parametric {NdRFT} for the derivation of optimal repair strategies}, pages = {399-408}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-dsn09.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-dsn09.pdf}, doi = {10.1109/DSN.2009.5270312}, abstract = {Non deterministic Repairable Fault Trees~(NdRFT) are a recently proposed modeling formalism for the study of optimal repair strategies: they are based on the widely adopted Fault Tree formalism, but in addition to the failure modes, NdRFTs allow to define possible repair actions. In a previous pa per the formalism has been introduced together with an analysis method and a tool allowing to automatically derive the best repair strategy to be applied in each state. The analysis technique is based on the generation and solution of a Markov Decision Process. In this paper we present an extension, ParNdRFT, that allows to exploit the presence of redundancy to reduce the complexity of the model and of the analysis. It is based on the translation of the ParNdRFT in to a Markov Decision Well-Formed Net, i.e. a model specified by means of an High Level Petri Net formalism. The translated model can be efficiently solved thanks to existing algorithms that generate a reduced state space automatically exploiting the model symmetries.} }

@inproceedings{EHH-apnoc10, address = {Braga, Portugal}, month = jun, year = 2010, editor = {Sidorova, Natalia and Serebrenik, Alexander}, acronym = {{APNOC}'10}, booktitle = {{P}roceedings of the 2nd {I}nternational {W}orkshop on {A}bstractions for {P}etri {N}ets and {O}ther {M}odels of {C}oncurrency ({APNOC}'10)}, author = {El{~}Hog{-}Benzina, Dorsaf and Haddad, Serge and Hennicker, Rolf}, title = {Process Refinement and Asynchronous Composition with Modalities}, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/EHH-apnoc10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/EHH-apnoc10.pdf}, abstract = {We propose a framework for the specification of infinite state systems based on Petri nets with distinguished may- and must-transitions (called modalities) which specify the allowed and the required behavior of refinements and hence of implementations. Formally, refinements are defined by relating the modal language specifications generated by two modal Petri nets according to the refinement relation for modal language specifications. We show that this refinement relation is decidable if the underlying modal Petri nets are weakly deterministic. We also show that the membership problem for the class of weakly deterministic modal Petri nets is decidable. As an important application of our approach we consider I/O-Petri nets which are obtained by asynchronous composition and thus exhibit inherently an infinite behavior.} }

@inproceedings{BCH-time10, address = {Paris, France}, month = sep, year = 2010, publisher = {{IEEE} Computer Society Press}, editor = {Markey, Nicolas and Wijsen, Jef}, acronym = {{TIME}'10}, booktitle = {{P}roceedings of the 17th {I}nternational {S}ymposium on {T}emporal {R}epresentation and {R}easoning ({TIME}'10)}, author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan}, title = {A~Concurrency-Preserving Translation from Time {P}etri Nets to Networks of Timed Automata}, pages = {77-84}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-time10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-time10.pdf}, doi = {10.1109/TIME.2010.12}, abstract = {Real-time distributed systems may be modeled in different formalisms such as time Petri nets~(TPN) and networks of timed automata~(NTA). This paper focuses on translating a \(1\)-bounded TPN into an NTA and considers an equivalence which takes the distribution of actions into account. This translation is extensible to bounded~TPNs. We~first use \(S\)-invariants to decompose the net into components that give the structure of the automata, then we add clocks to provide the timing information. Although we have to use an extended syntax in the timed automata, this is a novel approach since the other transformations and comparisons of these models did not consider the preservation of concurrency.} }

@inproceedings{BHS-time10, address = {Paris, France}, month = sep, year = 2010, publisher = {{IEEE} Computer Society Press}, editor = {Markey, Nicolas and Wijsen, Jef}, acronym = {{TIME}'10}, booktitle = {{P}roceedings of the 17th {I}nternational {S}ymposium on {T}emporal {R}epresentation and {R}easoning ({TIME}'10)}, author = {B{\'e}rard, B{\'e}atrice and Haddad, Serge and Sassolas, Mathieu}, title = {Real Time Properties for Interrupt Timed Automata}, pages = {69-76}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-time10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-time10.pdf}, doi = {10.1109/TIME.2010.11}, abstract = {Interrupt Timed Automata (ITA) have been introduced to model multi-task systems with interruptions. They form a~subclass of stopwatch automata, where the real valued variables (with rate \(0\) or~\(1\)) are organized along priority levels. While reachability is undecidable with usual stopwatches, the problem was proved decidable for~ITA. In~this work, after giving answers to some questions left open about expressiveness, closure, and complexity for~ITA, our~main purpose is to investigate the verification of real time properties over~ITA. While we prove that model checking a variant of the timed logic TCTL is undecidable, we nevertheless give model checking procedures for two relevant fragments of this logic: one where formulas contain only model clocks and another one where formulas have a single external clock.} }

@inproceedings{HMY-iscc10, address = {Riccione, Italy}, month = jun, year = 2010, publisher = {{IEEE} Computer Society Press}, noeditor = {}, acronym = {{ISCC}'10}, booktitle = {{P}roceedings of the 15th {IEEE} {S}ymposium on {C}omputers and {C}ommunications ({ISCC}'10)}, author = {Haddad, Serge and Mokdad, Lynda and Youcef, Samir}, title = {Response time of {BPEL4WS} constructors}, pages = {695-700}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-iscc10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-iscc10.pdf}, doi = {10.1109/ISCC.2010.5546538}, abstract = {Response time is an important factor for every software system and it becomes more salient when it is associated with introducing novel technologies, such as Web services. Most performance evaluation of Web services are focused toward composite Web services and their response time. One important limitation of existing work is in the fact that only constant or service exponential time distribution are considered. However, experimental results have shown that the Web services response times is typically heavy-tailed, in particulary, if there are heterogeneous. So, heavy-tailed response times should be considered in the dimensioning Web services. In this study, we propose analytical formulas for mean response times for structured BPEL constructors such as \emph{sequence}, \emph{flow} and \emph{switch} constructors,~etc. The difference with previous studies in the literature, is that we consider heterogenous servers, the number of invoked elementary Web services can be variable and the elementary Web services response times are heavy-tailed.} }

@article{BKM-lmcs10, journal = {Logical Methods in Computer Science}, author = {Bollig, Benedikt and Kuske, Dietrich and Meinecke, Ingmar}, title = {Propositional Dynamic Logic for Message-Passing Systems}, year = 2010, month = sep, volume = 6, number = {3:16}, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lmcs10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lmcs10.pdf}, doi = {10.2168/LMCS-6(3:16)2010}, abstract = {We examine a bidirectional propositional dynamic logic~(PDL) for finite and infinite message sequence charts~(MSCs) extending \(\textsf{LTL}\) and \(\textsf{TLC}^{-}\). By~this kind of multi-modal logic we can express properties both in the entire future and in the past of an event. Path expressions strengthen the classical until operator of temporal logic. For every formula defining an MSC language, we construct a communicating finite-state machine~(CFM) accepting the same language. The CFM obtained has size exponential in the size of the formula. This synthesis problem is solved in full generality, \textit{i.e.}, also for MSCs with unbounded channels. The model checking problem for CFMs and HMSCs turns out to be in PSPACE for existentially bounded MSCs. Finally, we show that, for PDL with intersection, the semantics of a formula cannot be captured by a CFM anymore.} }

@inproceedings{BH-monterey2008, address = {Budapest, Hungary}, month = apr, year = 2010, volume = 6028, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Choppy, {\relax Ch}ristine and Sokolsky, Oleg}, acronym = {{MONTEREY}'08}, booktitle = {{R}evised {S}elected {P}apers of the 15th {M}onterey {W}orkshop on {F}oundations of {C}omputer {S}oftware ({MONTEREY}'08)}, author = {Ben{ }Hmida, Mehdi and Haddad, Serge}, title = {Client Synthesis for Aspect Oriented Web Services}, pages = {24-42}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-monterey08.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-monterey08.pdf}, doi = {10.1007/978-3-642-12566-9_2}, abstract = {Client synthesis for complex Web services is a critical and still open topic as it will enable more flexibility in the deployment of such services. In previous works, our team has developed a theoretical framework based on process algebra that has led to algorithms and tools for the client interaction. Here, we show how to generalise our approach for aspect oriented Web services.} }

@inproceedings{BGMZ-icalp10, address = {Bordeaux, France}, month = jul, year = 2010, volume = 6199, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Abramsky, Samson and Meyer{ }auf{ }der{ }Heide, Friedhelm and Spirakis, Paul}, acronym = {{ICALP}'10}, booktitle = {{P}roceedings of the 37th {I}nternational {C}olloquium on {A}utomata, {L}anguages and {P}rogramming ({ICALP}'10)~-- {P}art~{II}}, author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and Zeitoun, Marc}, title = {Pebble weighted automata and transitive closure logics}, pages = {587-598}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-icalp10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-icalp10.pdf}, doi = {10.1007/978-3-642-14162-1_49}, abstract = {We introduce new classes of weighted automata on words. Equipped with pebbles and a two-way mechanism, they go beyond the class of recognizable formal power series, but capture a weighted version of first-order logic with bounded transitive closure. In contrast to previous work, this logic allows for unrestricted use of universal quantification. Our main result states that pebble weighted automata, nested weighted automata, and this weighted logic are expressively equivalent. We also give new logical characterizations of the recognizable series.} }

@inproceedings{BKKLNP-cav10, address = {Edinburgh, Scotland, UK}, month = jul, year = 2010, volume = {6174}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Cook, Byron and Jackson, Paul and Touili, Tayssir}, acronym = {{CAV}'10}, booktitle = {{P}roceedings of the 22nd {I}nternational {C}onference on {C}omputer {A}ided {V}erification ({CAV}'10)}, author = {Bollig, Benedikt and Katoen, Joost-Pieter and Kern, Carsten and Leucker, Martin and Neider, Daniel and Piegdon, David R.}, title = {libalf: the Automata Learning Framework}, pages = {360-364}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BKKLNP-cav10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BKKLNP-cav10.pdf}, doi = {10.1007/978-3-642-14295-6_32}, abstract = {This paper presents \texttt{libalf}, a comprehensive, open-source library for learning formal languages. \texttt{libalf} covers various well-known learning techniques for finite automata (e.g. Angluin's~\(\textsf{L}^*\), \textsf{Biermann}, \textsf{RPNI},~etc.) as well as novel learning algorithms (such as for NFA and visibly one-counter automata). \texttt{libalf}~is flexible and allows facilely interchanging learning algorithms and combining domain-specific features in a plug-and-play fashion. Its modular design and C++ implementation make it a suitable platform for adding and engineering further learning algorithms for new target models (\textit{e.g.}, B{\"u}chi automata).} }

@article{RHS-ijfcs09, publisher = {World Scientific}, journal = {International Journal of Foundations of Computer Science}, author = {Recalde, Laura and Haddad, Serge and Silva, Manuel}, title = {Continuous {P}etri Nets: Expressive Power and Decidability Issues}, volume = 21, number = 2, pages = {235-256}, year = 2010, month = apr, doi = {10.1142/S0129054110007222}, abstract = {State explosion is a fundamental problem in the analysis and synthesis of discrete event systems. Continuous Petri nets can be seen as a relaxation of the corresponding discrete model. The expected gains are twofold: improvements in complexity and in decidability. In the case of autonomous nets we prove that liveness or deadlock-freeness remain decidable and can be checked more efficiently than in Petri nets. Then we introduce time in the model which now behaves as a dynamical system driven by differential equations and we study it w.r.t. expressiveness and decidability issues. On the one hand, we prove that this model is equivalent to timed differential Petri nets which are a slight extension of systems driven by linear differential equations~(LDE). On~the other hand, (contrary to the systems driven by~LDEs) we show that continuous timed Petri nets are able to simulate Turing machines and thus that basic properties become undecidable.} }

@inproceedings{CF-pn10, address = {Braga, Portugal}, month = jun, year = 2010, volume = 6128, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Lilius, Johan and Penczek, Wojciech}, acronym = {{PETRI~NETS}'10}, booktitle = {{P}roceedings of the 31st {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'10)}, author = {Chatain, {\relax Th}omas and Fabre, {\'E}ric}, title = {Factorization Properties of Symbolic Unfoldings of Colored {P}etri Nets}, pages = {165-184}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CF-pn10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CF-pn10.pdf}, doi = {10.1007/978-3-642-13675-7_11}, abstract = {The unfolding technique is an efficient tool to explore the runs of a Petri net in a true concurrency semantics, \textit{i.e.}, without constructing all the interleavings of concurrent actions. But even small real systems are never modeled directly as ordinary Petri nets: they use many high-level features that were designed as extensions of Petri nets. We focus here on two such features: colors and compositionality. We show that the symbolic unfolding of a product of colored Petri nets can be expressed as the product of the symbolic unfoldings of these nets. This is a necessary result in view of distributed computations based on symbolic unfoldings, as they have been developed already for standard unfoldings, to design modular verification techniques, or modular diagnosis procedures, for example. The factorization property of symbolic unfoldings is valid for several classes of colored or high-level nets. We derive it here for a class of (high-level) open nets, for which the composition is performed by connecting places rather than transitions.} }

@article{GK-icomp10, publisher = {Elsevier Science Publishers}, journal = {Information and Computation}, author = {Gastin, Paul and Kuske, Dietrich}, title = {Uniform satisfiability problem for local temporal logics over {M}azurkiewicz traces}, volume = 208, number = 7, month = jul, year = 2010, pages = {797-816}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GK-icomp10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GK-icomp10.pdf}, doi = {10.1016/j.ic.2009.12.003}, abstract = {We continue our study of the complexity of MSO-definable local temporal logics over concurrent systems that can be described by Mazurkiewicz traces. In previous papers, we showed that the satisfiability problem for any such logic is in PSPACE (provided the dependence alphabet is fixed) and remains in PSPACE for all classical local temporal logics even if the dependence alphabet is part of the input. In~this paper, we consider the uniform satisfiability problem for arbitrary MSO-definable local temporal logics. For this problem, we prove multi-exponential lower and upper bounds that depend on the number of alternations of set quantifiers present in the chosen MSO-modalities.} }

@article{Haar-tac10, publisher = {{IEEE} Computer Society Press}, journal = {IEEE Transactions on Automatic Control}, author = {Haar, Stefan}, title = {Types of Asynchronous Diagnosability and the {\emph{Reveals}}-Relation in Occurrence Nets}, volume = 55, number = 10, month = oct, year = 2010, pages = {2310-2320}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-tac10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-tac10.pdf}, doi = {10.1109/TAC.2010.2063490}, abstract = {We consider asynchronous diagnosis in (safe) Petri net models of distributed systems, using the partial order semantics of occurrence net unfoldings. Both the observability and diagnosability properties will appear in two different forms, depending on the semantics chosen: \emph{strong} observability and diagnosability are the classical notions from the state machine model and correspond to interleaving semantics in Petri nets. By contrast, the \emph{weak} form is linked to characteristics of nonsequential processes, and requires an asynchronous \emph{progress} assumption on those processes. We give algebraic characterizations for both types, and give verification methods. The study of weak diagnosability leads us to the analysis of a relation in occurrence nets, first presented in~[S.~Haar~(2007): \textit{Unfold and Cover: Qualitative Diagnosability for Petri Nets.}]: given the occurrence of some event~\(a\) that \emph{reveals}~\(b\), the occurrence of~\(b\) is inevitable. Then \(b\) may already have occurred, be concurrent to, or even in the future of~\(a\). We show that the \emph{reveals}-relation can be effectively computed recursively---for each pair, a suitable finite prefix of bounded depth is sufficient---and show its use in asynchronous diagnosis. Based on this relation, a~decomposition of the Petri net unfolding into \emph{facets} is defined, yielding an abstraction technique that preserves and reflects maximal partially ordered runs.} }

@inproceedings{BH-csr10, address = {Kazan, Russia}, month = jun, year = 2010, volume = 6072, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Mayr, Ernst W.}, acronym = {{CSR}'10}, booktitle = {{P}roceedings of the 5th {I}nternational {C}omputer {S}cience {S}ymposium in {R}ussia ({CSR}'10)}, author = {Bollig, Benedikt and H{\'e}lou{\"e}t, Lo{\"\i}c}, title = {Realizability of Dynamic {MSC} Languages}, pages = {48-59}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-csr10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-csr10.pdf}, doi = {10.1007/978-3-642-13182-0_5}, abstract = {We introduce dynamic communicating automata~(DCA), an~extension of communicating finite-state machines that allows for dynamic creation of processes. Their behavior can be described as sets of message sequence charts~(MSCs). We~consider the realizability problem for DCA: given a dynamic MSC grammar (a~high-level MSC specification), is there a DCA defining the same set of MSCs? We~show that this problem is decidable in doubly exponential time, and identify a class of realizable grammars that can be implemented by \emph{finite} DCA.} }

@incollection{DBBetal-CES09, author = {David, Alexandre and Behrmann, Gerd and Bulychev, Peter and Byg, Joakin and Chatain, {\relax Th}omas and Larsen, Kim G. and Pettersson, Paul and Rasmussen, Jacob Illum and Srba, Ji{\v{r}}{\'\i} and Yi, Wang and Joergensen, Kenneth Y. and Lime, Didier and Magnin, Morgan and Roux, Olivier H. and Traonouez, Louis-Marie}, title = {Tools for Model-Checking Timed Systems}, booktitle = {Communicating Embedded Systems~-- Software and Design}, editor = {Jard, Claude and Roux, Olivier H.}, publisher = {Wiley-ISTE}, year = 2009, month = oct, pages = {165-225}, chapter = 6, url = {http://www.iste.co.uk/index.php?f=x&ACTION=View&id=288}, nops = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/.ps}, nopsgz = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PSGZ/.ps.gz}, isbn = {9781848211438} }

@article{BCHK-icomp10, publisher = {Elsevier Science Publishers}, journal = {Information and Computation}, author = {Baldan, Paolo and Chatain, {\relax Th}omas and Haar, Stefan and K{\"o}nig, Barbara}, title = {Unfolding-based Diagnosis of Systems with an Evolving Topology}, volume = 208, number = 10, pages = {1169-1192}, year = 2010, month = oct, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHK-icomp10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHK-icomp10.pdf}, doi = {10.1016/j.ic.2009.11.009}, abstract = {We propose a framework for model-based diagnosis of systems with mobility and variable topologies, modelled as graph transformation systems. Generally speaking, model-based diagnosis is aimed at constructing explanations of observed faulty behaviours on the basis of a given model of the system. Since the number of possible explanations may be huge, we exploit the unfolding as a compact data structure to store them, along the lines of previous work dealing with Petri net models. Given a model of a system and an observation, the explanations can be constructed by unfolding the model constrained by the observation, and then removing incomplete explanations in a pruning phase. The theory is formalised in a general categorical setting: constraining the system by the observation corresponds to taking a product in the chosen category of graph grammars, so that the correctness of the procedure can be proved by using the fact that the unfolding is a right adjoint and thus it preserves products. The theory should hence be easily applicable to a wide class of system models, including graph grammars and Petri nets.} }

@inproceedings{haar-cdcccc09, address = {Shanghai, China}, month = dec, year = 2009, publisher = {{IEEE} Control System Society}, acronym = {{CDC/CCC}'09}, booktitle = {{P}roceedings of the Joint 48th {IEEE} {C}onference on {D}ecision and {C}ontrol ({CDC}'09) and 28th {C}hinese {C}ontrol {C}onference ({CCC}'09)}, author = {Haar, Stefan}, title = {Qualitative Diagnosability of Labeled {P}etri Nets Revisited}, pages = {1248-1253}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-cdc09.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-cdc09.pdf}, doi = {10.1109/CDC.2009.5400917}, abstract = {In recent years, classical discrete event fault diagnosis techniques have been extended to Petri Net system models under partial order semantics. In~a recent paper, we showed how to take further advantage of the partial order representation of concurrent processes, by decomposing the unfolding into 'facets', formed by subnets whose events either all occur eventually, or none of them occurs. A~notion of \emph{q(ualitative)}-diagnosability was proposed based on this decomposition. The present paper corrects the definition of q-diagnosability and develops its properties. Sufficient and necessary criteria, on the transition labeling, for q-diagnosability are shown; for their verification, and diagnosis itself, compact data structures are sufficient.} }

@mastersthesis{monmege-master, author = {Monmege, Benjamin}, title = {Propri{\'e}t{\'e}s quantitatives des mots et des arbres~-- Applications aux langages~{XML}}, school = {{M}aster {P}arisien de {R}echerche en {I}nformatique, Paris, France}, type = {Rapport de {M}aster}, year = {2010}, month = sep, url = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-m2.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-m2.pdf} }

@inproceedings{BHP-tacas12, address = {Tallinn, Estonia}, month = mar, year = 2012, volume = {7214}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Flanagan, Cormac and K{\"o}nig, Barbara}, acronym = {{TACAS}'12}, booktitle = {{P}roceedings of the 18th {I}nternational {C}onference on {T}ools and {A}lgorithms for {C}onstruction and {A}nalysis of {S}ystems ({TACAS}'12)}, author = {Barbot, Beno{\^\i}t and Haddad, Serge and Picaronny, Claudine}, title = {Coupling and Importance Sampling for Statistical Model Checking}, pages = {331-346}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-tacas12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-tacas12.pdf}, doi = {10.1007/978-3-642-28756-5_23}, abstract = {Statistical model-checking is an alternative verification technique applied on stochastic systems whose size is beyond numerical analysis ability. Given a model (most often a Markov chain) and a formula, it provides a confidence interval for the probability that the model satisfies the formula. One of the main limitations of the statistical approach is the computation time explosion triggered by the evaluation of very small probabilities. In order to solve this problem we develop a new approach based on importance sampling and coupling. The corresponding algorithms have been implemented in our tool cosmos. We present experimentation on several relevant systems, with estimated time reductions reaching a factor of~\(10^{120}\).} }

@inproceedings{BCGK-fossacs12, address = {Tallinn, Estonia}, month = mar, year = 2012, volume = 7213, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Birkedal, Lars}, acronym = {{FoSSaCS}'12}, booktitle = {{P}roceedings of the 15th {I}nternational {C}onference on {F}oundations of {S}oftware {S}cience and {C}omputation {S}tructures ({FoSSaCS}'12)}, author = {Bollig, Benedikt and Cyriac, Aiswarya and Gastin, Paul and Narayan Kumar, K.}, title = {Model Checking Languages of Data Words}, pages = {391-405}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGK-fossacs12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGK-fossacs12.pdf}, doi = {10.1007/978-3-642-28729-9_26}, abstract = {We consider the model-checking problem for data multi-pushdown automata (DMPA). DMPA generate data words, i.e, strings enriched with values from an infinite domain. The latter can be used to represent an unbounded number of process identifiers so that DMPA are suitable to model concurrent programs with dynamic process creation. To specify properties of data words, we use monadic second-order (MSO) logic, which comes with a predicate to test two word positions for data equality. While satisfiability for MSO logic is undecidable (even for weaker fragments such as first-order logic), our main result states that one can decide if all words generated by a DMPA satisfy a given formula from the full MSO logic.} }

@article{haar-deds11, publisher = {Springer}, journal = {Discrete Event Dynamic Systems: Theory and Applications}, author = {Haar, Stefan}, title = {What topology tells us about diagnosability in partial order semantics}, pages = {383-402}, volume = 22, number = 4, year = {2012}, month = dec, url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-deds11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-deds11.pdf}, doi = {10.1007/s10626-011-0121-z}, abstract = {From a partial observation of the behaviour of a labeled Discrete Event System, \emph{fault diagnosis} strives to determine whether or not a given {"}invisible{"} fault event has occurred. The \emph{diagnosability problem} can be stated as follows: does the labeling allow for an outside observer to determine the occurrence of the fault, no later than a bounded number of events after that unobservable occurrence? When this problem is investigated in the context of concurrent systems, partial order semantics adds to the difficulty of the problem, but also provides a richer and more complex picture of observation and diagnosis. In particular, it is crucial to clarify the intuitive notion of {"}\emph{time after fault occurrence}{"}. To this end, we will use a unifying metric framework for event structures, providing a general topological description of diagnosability in both sequential and nonsequential semantics for Petri nets.} }

@inproceedings{SR-dcfs11, address = {Limburg, Germany}, month = jul, year = 2011, volume = {6808}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Holzer, Markus and Kutrib, Martin and Pighizzini, Giovanni}, acronym = {{DCFS}'11}, booktitle = {{P}roceedings of the 13th {I}nternational {W}orkshop on {D}escriptional {C}omplexity of {F}ormal {S}ystems ({DCFS}'11)}, author = {Schwoon, Stefan and Rodr{\'\i}guez, C{\'e}sar}, title = {Construction and {SAT}-based verification of Contextual Unfoldings}, pages = {34-42}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/SR-dcfs11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SR-dcfs11.pdf}, doi = {10.1007/978-3-642-22600-7_3}, nonote = {Invited paper}, abstract = {Unfoldings succinctly represent the set of reachable markings of a Petri net. Here, we shall consider the case of contextual nets, which extend Petri nets with read arcs, and which are more suitable to represent the case of concurrent read access. We discuss the problem of (efficiently) constructing unfoldings of such nets. On the basis of these unfoldings, various verification problems can be encoded as satisfiability problems in propositional logic.} }

@inproceedings{HKS-gandalf11, address = {Minori, Italy}, month = jun, year = 2011, volume = 54, series = {Electronic Proceedings in Theoretical Computer Science}, editor = {D'Agostino, Giovanna and La{~}Torre, Salvatore}, acronym = {{GandALF}'11}, booktitle = {{P}roceedings of the 2nd {I}nternational {S}ymposium on {G}ames, {A}utomata, {L}ogics, and {F}ormal {V}erification ({GandALF}'11)}, author = {Haar, Stefan and Kern, Christian and Schwoon, Stefan}, title = {Computing the Reveals Relation in Occurrence Nets}, pages = {31-44}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-gandalf11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-gandalf11.pdf}, doi = {10.4204/EPTCS.54.3}, abstract = {Petri net unfoldings are a useful tool to tackle state-space explosion in verification and related tasks. Moreover, their structure allows to access directly the relations of causal precedence, concurrency, and conflict between events. Here, we explore the data structure further, to determine the following relation: event~\(a\) is said to reveal event~\(b\) iff the occurrence of~\(a\) implies that~\(b\) inevitably occurs, too, be it before, after, or concurrently with~\(a\). Knowledge of reveals facilitates in particular the analysis of partially observable systems, in the context of diagnosis, testing, or verification; it can also be used to generate more concise representations of behaviours via abstractions. The reveals relation was previously introduced in the context of fault diagnosis, where it was shown that the reveals relation was decidable: for a given pair~\(a,b\) in the unfolding~\(U\) of a safe Petri net~\(N\), a finite prefix~\(P\) of~\(U\) is sufficient to decide whether or not \(a\) reveals~\(b\). In this paper, we first considerably improve the bound on~\(|P|\). We then show that there exists an efficient algorithm for computing the relation on a given prefix. We have implemented the algorithm and report on experiments.} }

@inproceedings{bbcks-icgt10, address = {Enschede, The Netherlands}, month = sep # {-} # oct, year = 2010, volume = 6372, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Ehrig, Hartmut and Rensink, Arend and Rozenberg, Grzegorz and Sch{\"u}rr, Andy}, acronym = {{ICGT}'10}, booktitle = {{P}roceedings of the 5th {I}nternational {C}onference on {G}raph {T}ransformations ({ICGT}'10)}, author = {Baldan, Paolo and Bruni, Alessandro and Corradini, Andrea and K{\"o}nig, Barbara and Schwoon, Stefan}, title = {On the Computation of {M}c{M}illan's Prefix for Contextual Nets and Graph Grammars}, pages = {91-106}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/bbcks-icgt10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/bbcks-icgt10.pdf}, doi = {10.1007/978-3-642-15928-2_7}, abstract = {In recent years, a research thread focused on the use of the unfolding semantics for verification purposes. This started with a paper by McMillan, which devises an algorithm for constructing a finite complete prefix of the unfolding of a safe Petri net, providing a compact representation of the reachability graph. The extension to contextual nets and graph transformation systems is far from being trivial because events can have multiple causal histories. Recently, we proposed an abstract algorithm that generalizes McMillan's construction to bounded contextual nets without resorting to an encoding into plain P\slash T nets. Here, we provide a more explicit construction that renders the algorithm effective. To allow for an inductive definition of concurrency, missing in the original proposal and essential for an efficient unfolding procedure, the key intuition is to associate histories not only with events, but also with places. Additionally, we outline how the proposed algorithm can be extended to graph transformation systems, for which previous algorithms based on the encoding of read arcs would not be applicable.} }

@incollection{haddad-DS11b, author = {Haddad, Serge}, title = {Introduction to Verification}, booktitle = {Models and Analysis in Distributed Systems}, editor = {Haddad, Serge and Kordon, Fabrice and Pautet, Laurent and Petrucci, Laure}, publisher = {John Wiley \& Sons, Ltd.}, chapter = 6, pages = {137-154}, year = 2011 }

@book{HKPP-DS11a, editor = {Haddad, Serge and Kordon, Fabrice and Pautet, Laurent and Petrucci, Laure}, title = {Distributed Systems Design and Algorithms}, publisher = {John Wiley \& Sons, Ltd.}, year = {2011}, url = {http://www.iste.co.uk/index.php?f=a&ACTION=View&id=415} }

@book{HKPP-DS11b, editor = {Haddad, Serge and Kordon, Fabrice and Pautet, Laurent and Petrucci, Laure}, title = {Models and Analysis in Distributed Systems}, publisher = {John Wiley \& Sons, Ltd.}, year = {2011}, url = {http://www.iste.co.uk/index.php?f=a&ACTION=View&id=416} }

@inproceedings{BHP-msr11, address = {Lille, France}, month = nov, year = 2011, number = {1-3}, volume = {45}, series = {Journal Europ{\'e}en des Syst{\`e}mes Automatis{\'e}s}, publisher = {Herm{\`e}s}, editor = {Craye, {\'E}tienne and Gamati{\'e}, Abdoulaye}, acronym = {{MSR}'11}, booktitle = {{A}ctes du 8{\`e}me {C}olloque sur la {M}od{\'e}lisation des {S}yst{\`e}mes {R}{\'e}actifs ({MSR}'11)}, author = {Barbot, Beno{\^\i}t and Haddad, Serge and Picaronny, Claudine}, title = {{\'E}chantillonnage pr{\'e}f{\'e}rentiel pour le model checking statistique}, pages = {237-252}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BMS-msr11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BMS-msr11.pdf}, doi = {10.3166/jesa.45.237-252}, abstract = {The statistical model checking can be usefully substituted for numerical model checking when the models to be studied are huge. However the statistical approach cannot evaluate too small probabilities. In order to solve the problem, we develop here a new approach based on importance sampling. While most of the techniques related to importance sampling are based on heuristics, we establish theoretical results under some hypotheses. These results ensure a reduction of the variance during application of importance sampling. We also characterize situations that fulfill the hypotheses and we extend our approach for handling other situations but then without theoretical guarantee. We have implemented this approach with the tool \textsc{Cosmos} after some extensions. At~last we have evaluated this approach for two examples and analysed the experimentations.} }

@inproceedings{BCGZ-mfcs11, address = {Warsaw, Poland}, month = aug, year = 2011, volume = 6907, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Murlak, Filip and Sankowski, Piotr}, acronym = {{MFCS}'11}, booktitle = {{P}roceedings of the 36th {I}nternational {S}ymposium on {M}athematical {F}oundations of {C}omputer {S}cience ({MFCS}'11)}, author = {Bollig, Benedikt and Cyriac, Aiswarya and Gastin, Paul and Zeitoun, Marc}, title = {Temporal Logics for Concurrent Recursive Programs: Satisfiability and Model Checking}, pages = {132-144}, url = {http://hal.archives-ouvertes.fr/hal-00591139/en/}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGZ-mfcs11.pdf}, doi = {10.1007/978-3-642-22993-0_15}, abstract = {We develop a general framework for the design of temporal logics for concurrent recursive programs. A program execution is modeled as a partial order with multiple nesting relations. To specify properties of executions, we consider any temporal logic whose modalities are definable in monadic second-order logic and that, in addition, allows PDL-like path expressions. This captures, in a unifying framework, a wide range of logics defined for trees, nested words, and Mazurkiewicz traces that have been studied separately. We show that satisfiability and model checking are decidable in EXPTIME and 2EXPTIME, depending on the precise path modalities.} }

@inproceedings{BDDHP-case11, address = {Trieste, Italy}, month = aug, year = 2011, publisher = {{IEEE} Robotics \& Automation Society}, noeditor = {}, acronym = {{CASE}'11}, booktitle = {{P}roceedings of the 7th {IEEE} {C}onference on {A}utomation {S}cience and {E}ngineering ({CASE}'11)}, author = {Ballarini, Paolo and Djafri, Hilal and Duflot, Marie and Haddad, Serge and Pekergin, Nihal}, title = {{P}etri Nets Compositional Modeling and Verification of Flexible Manufacturing Systems}, pages = {588-593}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-case11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-case11.pdf}, doi = {10.1109/CASE.2011.6042488}, abstract = {Flexible Manufacturing Systems (FMS) are amongst the most studied types of systems, however due to their increasing complexity, there is still room for improvement in their modeling and analysis. In this paper we consider the design and the analysis of stochastic models of FMS in two complementary respects. First we describe a (stochastic) Petri Nets based compositional framework which enables to model an FMS by combination of an arbitrary number of basic components. Second we demonstrate how classical transient-analysis of manufacturing systems, including reliability and performability analysis, can be enriched by application of a novel, sophisticated stochastic logic, namely the Hybrid Automata Stochastic Logic (HASL). We demonstrate the proposed methodology on an FMS example.} }

@inproceedings{BDDHP-qest11, address = {Aachen, Germany}, month = sep, year = 2011, publisher = {{IEEE} Computer Society Press}, acronym = {{QEST}'11}, booktitle = {{P}roceedings of the 8th {I}nternational {C}onference on {Q}uantitative {E}valuation of {S}ystems ({QEST}'11)}, author = {Ballarini, Paolo and Djafri, Hilal and Duflot, Marie and Haddad, Serge and Pekergin, Nihal}, title = {{COSMOS}: a~Statistical Model Checker for the Hybrid Automata Stochastic Logic}, pages = {143-144}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-qest11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-qest11.pdf}, doi = {10.1109/QEST.2011.24}, abstract = {This tool paper introduces COSMOS, a statistical model checker for the Hybrid Automata Stochastic Logic (HASL). HASL employs Linear Hybrid Automata (LHA), a generalization of Deterministic Timed Automata (DTA), to describe accepting execution paths of a Discrete Event Stochastic Process (DESP), a class of stochastic models which includes, but is not limited to, Markov chains. As a result HASL verification turns out to be a unifying framework where sophisticated temporal reasoning is naturally blended with elaborate reward-based analysis. COSMOS takes as input a DESP (described in terms of a Generalized Stochastic Petri Net), an LHA and an expression~\(Z\) representing the quantity to be estimated. It returns a confidence interval estimation of~\(Z\). COSMOS is written in C++ and is freely available to the research community.} }

@article{BFH-ijpe11, publisher = {RAMS Consultants}, journal = {International Journal of Performability Engineering}, author = {Beccuti, Marco and Franceschinis, Giuliana and Haddad, Serge}, title = {{MDWN}solver: A~Framework to Design and Solve {M}arkov Decision {P}etri Nets}, year = {2011}, month = sep, volume = 7, number = 5, pages = {417-428}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFH-ijpe11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFH-ijpe11.pdf}, abstract = {MDWNsolver is a framework for system modeling and optimization of performability measures based on Markov Decision Petri Net (MDPN) and Markov Decision Well-formed Net (MDWN) formalisms, two Petri Net extensions for high level specification of Markov Decision Processes (MDP). It is integrated in the GreatSPN suite which provides a GUI to design MDPN/MDWN models. From the analysis point of view, MDWNsolver uses efficient algorithms that take advantage of system symmetries, thus reducing the analysis complexity. In this paper the MDWNsolver framework features and architecture are presented, and some application examples are discussed.} }

@inproceedings{Bol-concur11, address = {Aachen, Germany}, month = sep, year = 2011, volume = 6901, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Katoen, Joost-Pieter and K{\"o}nig, Barbara}, acronym = {{CONCUR}'11}, booktitle = {{P}roceedings of the 22nd {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'11)}, author = {Bollig, Benedikt}, title = {An automaton over data words that captures {EMSO} logic}, pages = {171-186}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/B-concur11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/B-concur11.pdf}, doi = {10.1007/978-3-642-23217-6_12}, abstract = {We develop a general framework for the specification and implementation of systems whose executions are words, or partial orders, over an infinite alphabet. As a model of an implementation, we introduce class register automata, a one-way automata model over words with multiple data values. Our model combines register automata and class memory automata. It has natural interpretations. In particular, it captures communicating automata with an unbounded number of processes, whose semantics can be described as a set of (dynamic) message sequence charts. On the specification side, we provide a local existential monadic second-order logic that does not impose any restriction on the number of variables. We study the realizability problem and show that every formula from that logic can be effectively, and in elementary time, translated into an equivalent class register automaton.} }

@inproceedings{RSB-concur11, address = {Aachen, Germany}, month = sep, year = 2011, volume = 6901, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Katoen, Joost-Pieter and K{\"o}nig, Barbara}, acronym = {{CONCUR}'11}, booktitle = {{P}roceedings of the 22nd {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'11)}, author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan and Baldan, Paolo}, title = {Efficient contextual unfolding}, pages = {342-357}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/RSB-concur11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RSB-concur11.pdf}, doi = {10.1007/978-3-642-23217-6_23}, abstract = {A~contextual net is a Petri net extended with read arcs, which allow transitions to check for tokens without consuming them. Contextual nets allow for better modelling of concurrent read access than Petri nets, and their unfoldings can be exponentially more compact than those of a corresponding Petri net. A~constructive but abstract procedure for generating those unfoldings was proposed in earlier work; however, no concrete implementation existed. Here, we~close this gap providing two concrete methods for computing contextual unfoldings, with a view to efficiency. We report on experiments carried out on a number of benchmarks. These show that not only are contextual unfoldings more compact than Petri net unfoldings, but they can be computed with the same or better efficiency, in~particular with respect to the place-replication encoding of contextual nets into Petri nets.} }

@techreport{rr-lsv-11-08, author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and Zeitoun, Marc}, title = {Weighted Expressions and {DFS} Tree Automata}, institution = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, year = {2011}, month = apr, type = {Research Report}, number = {LSV-11-08}, url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2011-08.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2011-08.pdf}, note = {32~pages}, abstract = {We introduce weighted expressions, a~calculus to express quantitative properties over unranked trees. They involve products and sums from a semiring as well as classical boolean formulas. We~show that weighted expressions are expressively equivalent to a new class of weighted tree-walking automata. This new automata model is equipped with pebbles, and follows a depth-first-search policy in the tree.} }

@inproceedings{BCH-acsd11, address = {Newcastle upon Tyne, UK}, month = jun, year = 2011, publisher = {{IEEE} Computer Society Press}, editor = {Caillaud, Beno{\^\i}t and Carmona, Josep}, acronym = {{ACSD}'11}, booktitle = {{P}roceedings of the 11th {I}nternational {C}onference on {A}pplication of {C}oncurrency to {S}ystem {D}esign ({ACSD}'11)}, author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan}, title = {Building Tight Occurrence Nets from Reveals Relations}, pages = {44-53}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-acsd11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-acsd11.pdf}, doi = {10.1109/ACSD.2011.16}, abstract = {Occurrence nets are a well known partial order model for the concurrent behavior of Petri nets. The causality and conflict relations between events, which are explicitly represented in occurrence nets, induce logical dependencies between event occurrences: the occurrence of an event~\(e\) in a run implies that all its causal predecessors also occur, and that no event in conflict with \(e\) occurs. But these structural relations do not express all the logical dependencies between event occurrences in maximal runs: in particular, the occurrence of~\(e\) in any maximal run may imply the occurrence of another event that is not a causal predecessor of~\(e\), in that run. The \emph{reveals} relation has been introduced in~[Haar, IEEE TAC 55(10):2310-2320, 2010] to express this dependency between two events. Here we generalize the reveals relation to express more general dependencies, involving more than two events, and we introduce ERL logic to express them as boolean formulas. Finally we answer the synthesis problem that arises: given an ERL formula~\(\varphi\), is there an occurrence net~\(\mathcal{N}\) such that \(\varphi\) describes exactly the dependencies between the events of~\(\mathcal{N}\)?} }

@inproceedings{HMN-atpn11, address = {Newcastle upon Tyne, UK}, month = jun, year = 2011, volume = {6709}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Kristensen, Lars M. and Petrucci, Laure}, acronym = {{PETRI~NETS}'11}, booktitle = {{P}roceedings of the 32nd {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'11)}, author = {Haddad, Serge and Mairesse, Jean and Nguyen, Hoang-Thach}, title = {Synthesis and Analysis of Product-form {P}etri Nets}, pages = {288-307}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-atpn11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-atpn11.pdf}, doi = {10.1007/978-3-642-21834-7_16}, abstract = {For a large Markovian model, a {"}product form{"} is an explicit description of the steady-state behaviour which is otherwise generally untractable. Being first introduced in queueing networks, it has been adapted to Markovian Petri nets. Here we address three relevant issues for product-form Petri nets which were left fully or partially open: (1)~we~provide a sound and complete set of rules for the synthesis; (2)~we~characterise the exact complexity of classical problems like reachability; (3)~we~introduce a new subclass for which the normalising constant (a crucial value for product-form expression) can be efficiently computed.} }

@article{LBDLNP-fmsd2010, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {Li, Shuhao and Balaguer, Sandie and David, Alexandre and Larsen, Kim G. and Nielsen, Brian and Pusinskas, Saulius}, title = {Scenario-based verification of real-time systems using {\textsc{Uppaal}}}, year = {2010}, month = nov, volume = {37}, number = {2-3}, pages = {200-264}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/LBDLNP-fmsd2010.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LBDLNP-fmsd2010.pdf}, doi = {10.1007/s10703-010-0103-z}, abstract = {This article proposes two approaches to tool-supported automatic verification of dense real-time systems against scenario-based requirements, where a system is modeled as a network of timed automata (TAs) or as a set of driving live sequence charts (LSCs), and a requirement is specified as a separate monitored LSC chart. We make timed extensions to a kernel subset of the LSC language and define a trace-based semantics. By translating a monitored LSC chart to a behavior-equivalent observer TA and then non-intrusively composing this observer with the original TA-modeled real-time system, the problems of scenario-based verification reduce to computation tree logic (CTL) real-time model checking problems. When the real-time system is modeled as a set of driving LSC charts, we translate these driving charts and the monitored chart into a behavior-equivalent network of TAs by using a {"}one-TA-per-instance line{"} approach, and then reduce the problems of scenario-based verification also to CTL real-time model checking problems. We show how we exploit the expressivity of the TA formalism and the CTL query language of the real-time model checker Uppaal to accomplish these tasks. The proposed two approaches are implemented in the Uppaal tool and built as a tool chain, respectively. We carry out a number of experiments with both verification approaches, and the results indicate that these methods are viable, computationally feasible, and the tools are effective.} }

@inproceedings{BDDHP-valuetools11, address = {Cachan, France}, month = may, year = 2011, acronym = {{VALUETOOLS}'11}, booktitle = {{P}roceedings of the 5th {I}nternational {C}onference on {P}erformance {E}valuation {M}ethodologies and {T}ools ({VALUETOOLS}'11)}, author = {Ballarini, Paolo and Djafri, Hilal and Duflot, Marie and Haddad, Serge and Pekergin, Nihal}, title = {{HASL}: An~Expressive Language for Statistical Verification of Stochastic Models}, pages = {306-315}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-valuetools11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDDHP-valuetools11.pdf}, abstract = {We introduce the Hybrid Automata Stochastic Logic (HASL), a new temporal logic formalism for the verification of discrete event stochastic processes (DESP). HASL employs Linear Hybrid Automata (LHA) as machineries to select prefixes of relevant execution paths of a DESP~\(\mathcal{D}\). The advantage with LHA is that rather elaborate information can be collected \emph{on-the-fly} during path selection, providing the user with a powerful means to express sophisticated measures. A formula of HASL consists of an LHA~\(\mathcal{A}\) and an expression~\(Z\) referring to moments of \emph{path random variables}. A~simulation-based statistical engine is employed to obtained a confidence-interval estimate of the expected value of~\(Z\). In essence HASL provide a unifying verification framework where sophisticated temporal reasoning is naturally blended with elabo- rate reward-based analysis. We illustrate the HASL approach by means of some examples and a discussion about its expressivity. We also provide empirical evidence obtained through COSMOS, a prototype software tool for HASL verification.} }

@inproceedings{BFHR-fossacs11, address = {Saarbr{\"u}cken, Germany}, month = mar # {-} # apr, year = 2011, volume = {6604}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Hofmann, Martin}, acronym = {{FoSSaCS}'11}, booktitle = {{P}roceedings of the 14th {I}nternational {C}onference on {F}oundations of {S}oftware {S}cience and {C}omputation {S}tructures ({FoSSaCS}'11)}, author = {Bonnet, R{\'e}mi and Finkel, Alain and Haddad, Serge and Rosa{-}Velardo, Fernando}, title = {Ordinal Theory for Expressiveness of Well Structured Transition Systems}, pages = {153-167}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-fossacs11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-fossacs11.pdf}, doi = {10.1007/978-3-642-19805-2_11} }

@incollection{DG-iis09, author = {Demri, St{\'e}phane and Gastin, Paul}, title = {Specification and Verification using Temporal Logics}, booktitle = {Modern applications of automata theory}, editor = {D'Souza, Deepak and Shankar, Priti}, series = {IISc Research Monographs}, volume = 2, publisher = {World Scientific}, chapter = 15, pages = {457-494}, year = 2012, month = jul, url = {http://www.lsv.fr/Publis/PAPERS/PDF/DG-iis09.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/DG-iis09.pdf}, abstract = {This chapter illustrates two aspects of automata theory related to linear-time temporal logic LTL used for the verification of computer systems. First, we present a translation from LTL formulae to B{\"u}chi automata. The aim is to design an elementary translation which is reasonably efficient and produces small automata so that it can be easily taught and used by hand on real examples. Our translation is in the spirit of the classical tableau constructions but is optimized in several ways. Secondly, we recall how temporal operators can be defined from regular languages and we explain why adding even a single operator definable by a context-free language can lead to undecidability.} }

@mastersthesis{cyriac-master, author = {Cyriac, Aiswarya}, title = {Temporal Logics for Concurrent Recursive Programs}, school = {{M}aster {P}arisien de {R}echerche en {I}nformatique, Paris, France}, type = {Rapport de {M}aster}, year = {2010}, month = sep, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-m2.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-m2.pdf} }

@inproceedings{AC-clodem10, address = {Edinburgh, Scotland, UK}, month = jul, year = 2010, acronym = {{CL}o{D}e{M}'10}, booktitle = {{P}roceedings of the {W}orkshop on {C}omparing {L}ogical {D}ecision {M}ethods ({CL}o{D}e{M}'10)}, author = {Cyriac, Aiswarya}, title = {A~New Version of Focus Games for {LTL} Satisfiability}, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-clodem10.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ac-clodem10.pdf} }

@phdthesis{balaguer-phd2012, author = {Balaguer, Sandie}, title = {La concurrence dans les syst{\`e}mes distribu{\'e}s temps-r{\'e}el}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2012, month = dec, url = {http://www.lsv.fr/Publis/PAPERS/PDF/balaguer-these12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/balaguer-these12.pdf} }

@article{BFHR-icomp13, publisher = {Elsevier Science Publishers}, journal = {Information and Computation}, author = {Bonnet, R{\'e}mi and Finkel, Alain and Haddad, Serge and Rosa{-}Velardo, Fernando}, title = {Ordinal Theory for Expressiveness of Well-Structured Transition Systems}, year = 2013, month = mar, volume = 224, pages = {1-22}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-icomp12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHR-icomp12.pdf}, doi = {10.1016/j.ic.2012.11.003}, abstract = {We characterize the importance of resources (like counters, channels, or alphabets) when measuring the expressiveness of Well-Structured Transition Systems~(WSTS). We establish, for usual classes of well partial orders, the equivalence between the existence of order reflections (non-monotonic order embeddings) and the simulations with respect to coverability languages. We show that the non-existence of order reflections can be proved by the computation of order types. This allows us to extend the current classification of WSTS, in particular solving some open problems, and to unify the existing proofs.} }

@article{BCHLR-tcs13, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {B{\'e}rard, B{\'e}atrice and Cassez, Franck and Haddad, Serge and Lime, Didier and Roux, Olivier~H.}, title = {The Expressive Power of Time {P}etri Nets}, year = 2013, month = feb, volume = 474, ftturenumber = {}, pages = {1-20}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHLR-tcs12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHLR-tcs12.pdf}, doi = {10.1016/j.tcs.2012.12.005}, abstract = {We investigate expressiveness questions for time Petri nets (TPNs) and some their most usefull extensions. We first introduce generalised time Petri nets (GTPNs) as an abstract model that encompasses variants of TPNs such as self modifications and read, reset and inhibitor arcs.\par We give a syntactical translation from bounded GTPNs to timed automata (TA) that generates isomorphic transition systems. We prove that the class of bounded GTPNs is stricly less expressive than TA w.r.t. weak timed bisimilarity. We prove that bounded GTPNs, bounded TPNs and TA are equally expressive w.r.t. timed language acceptance. Finally, we characterise a syntactical subclass of TA that is equally expressive to bounded GTPNs {"}\`a~la Merlin{"} w.r.t. weak timed bisimilarity. These results provide a unified comparison of the expressiveness of many variants of timed models often used in practice. It leads to new important results for TPNs. Among them are: 1-safe TPNs and bounded-TPNs are equally expressive; \(\epsilon\)-transitions strictly increase the expressive power of TPNs; self modifying nets as well as read, inhibitor and reset arcs do not add expressiveness to bounded TPNs.} }

@article{ABG-fmsd12, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {Akshay, S. and Bollig, Benedikt and Gastin, Paul}, title = {Event-clock Message Passing Automata: A~Logical Characterization and an Emptiness-Checking Algorithm}, year = 2013, month = jun, volume = 42, number = {3}, pages = {262-300}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-fmsd12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-fmsd12.pdf}, doi = {10.1007/s10703-012-0179-8}, abstract = {We are interested in modeling behaviors and verifying properties of systems in which time and concurrency play a crucial role. We introduce a model of distributed automata which are equipped with event clocks as in [Alur, Fix, Henzinger. Event-clock automata: A~determinizable class of timed automata. TCS 211(1-2):253-273, 1999.], which we call Event Clock Message Passing Automata (ECMPA). To describe the behaviors of such systems we use timed partial orders (modeled as message sequence charts with timing).\par Our first goal is to extend the classical B{\"u}chi-Elgot-Trakhtenbrot equivalence to the timed and distributed setting, by showing an equivalence between ECMPA and a timed extension of monadic second-order (MSO) logic. We obtain such a constructive equivalence in two different ways: (1)~by~restricting the semantics by bounding the set of timed partial orders (2)~by~restricting the timed MSO logic to its existential fragment. We next consider the emptiness problem for ECMPA, which asks if a given ECMPA has some valid timed execution. In general this problem is undecidable and we show that by considering only bounded timed executions, we can obtain decidability. We do this by constructing a timed automaton which accepts all bounded timed executions of the ECMPA and checking emptiness of this timed automaton.} }

@article{BCH-fi12, publisher = {{IOS} Press}, journal = {Fundamenta Informaticae}, author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan}, title = {Building Occurrence Nets from Reveals Relations}, year = 2013, month = may, volume = 123, number = 3, pages = {245-272}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fi12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fi12.pdf}, doi = {10.3233/FI-2013-809}, abstract = {Occurrence nets are a well known partial order model for the concurrent behavior of Petri nets. The causality and conflict relations between events, which are explicitly represented in occurrence nets, induce logical dependencies between event occurrences: the occurrence of an event~\(e\) in a run implies that all its causal predecessors also occur, and that no event in conflict with~\(e\) occurs. But these structural relations do not express all the logical dependencies between event occurrences in maximal runs: in particular, the occurrence of~\(e\) in any maximal run may imply the occurrence of another event that is not a causal predecessor of~\(e\), in that run. The \emph{reveals} relation has been introduced to express this dependency between two events. Here we generalize the reveals relation to express more general dependencies, involving more than two events, and we introduce ERL logic to express them as boolean formulas. Finally we answer the synthesis problem that arises: given an ERL formula~\(\varphi\), is there an occurrence net~\(\mathcal{N}\) such that \(\varphi\)~describes exactly the dependencies between the events of~\(\mathcal{N}\)?} }

@inproceedings{BHP-simul12, address = {Lisbon, Portugal}, month = nov, year = 2012, publisher = {XPS}, editor = {Dini, Petre and Lorenz, Pascal}, acronym = {{SIMUL}'12}, booktitle = {{P}roceedings of the 4th {I}nternational {C}onference on {A}dvances in {S}ystem {S}imulation ({SIMUL}'12)}, author = {Barbot, Beno{\^\i}t and Haddad, Serge and Picaronny, Claudine}, title = {Importance Sampling for Model Checking of Continuous Time {M}arkov Chains}, pages = {30-35}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-simul12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHP-simul12.pdf}, abstract = {Model checking real time properties on probabilistic systems requires computing transient probabilities on continuous time Markov chains. Beyond numerical analysis ability, a probabilistic framing can only be obtained using simulation. This statistical approach fails when directly applied to the estimation of very small probabilities. Here combining the uniformization technique and extending our previous results, we design a method which applies to continuous time Markov chains and formulas of a timed temporal logic. The corresponding algorithm has been implemented in our tool \textsc{cosmos}. We present experimentations on a relevant system, with drastic time reductions with respect to standard statistical model checking.} }

@misc{impro-D4.1, author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan}, title = {Concurrent semantics for timed distributed systems}, howpublished = {Deliverable ImpRo D~4.1 (ANR-2010-BLAN-0317)}, year = 2012, month = mar, url = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d41.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d41.pdf} }

@misc{impro-D2.1, author = {Akshay, S. and B{\'e}rard, B{\'e}atrice and Bouyer, Patricia and Haar, Stefan and Haddad, Serge and Jard, Claude and Lime, Didier and Markey, Nicolas and Reynier, Pierre-Alain and Sankur, Ocan and Thierry-Mieg, Yann}, title = {Overview of Robustness in Timed Systems}, howpublished = {Deliverable ImpRo D~2.1 (ANR-2010-BLAN-0317)}, year = 2012, month = jan, url = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d21.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d21.pdf} }

@proceedings{atpn2012-HP, title = {{P}roceedings of the 33rd {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({ICATPN}'12)}, booktitle = {{P}roceedings of the 33rd {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({ICATPN}'12)}, acronym = {{ICATPN}'12}, editor = {Haddad, Serge and Pomello, Lucia}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = 7347, year = 2012, month = jun, address = {Hamburg, Germany}, doi = {10.1007/978-3-642-31131-4}, url = {http://www.springer.com/978-3-642-31131-4} }

@article{bbckrs-tcs12, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {Baldan, Paolo and Bruni, Alessandro and Corradini, Andrea and K{\"o}nig, Barbara and Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan}, title = {Efficient unfolding of contextual {P}etri nets}, volume = 449, number = 1, year = 2012, month = aug, pages = {2-22}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/bbckrs-tcs12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/bbckrs-tcs12.pdf}, doi = {10.1016/j.tcs.2012.04.046}, abstract = {A contextual net is a Petri net extended with read arcs, which allows transitions to check for tokens without consuming them. Contextual nets allow for better modelling of concurrent read access than Petri nets, and their unfoldings can be exponentially more compact than those of a corresponding Petri net. A constructive but abstract procedure for generating those unfoldings was proposed in previous work. However, it remained unclear whether the approach was useful in practice and which data structures and algorithms would be appropriate to implement it. Here, we address this question. We provide two concrete methods for computing contextual unfoldings, with a view to efficiency. We report on experiments carried out on a number of benchmarks. These show that not only are contextual unfoldings more compact than Petri net unfoldings, but they can be computed with the same or better efficiency, in particular with respect to alternative approaches based on encodings of contextual nets into Petri nets.} }

@article{GS-tocl12, publisher = {ACM Press}, journal = {ACM Transactions on Computational Logic}, author = {Gastin, Paul and Sznajder, Nathalie}, title = {Fair Synthesis for Asynchronous Distributed Systems}, nopages = {}, volume = 14, number = {2:9}, month = jun, year = 2013, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-tocl12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-tocl12.pdf}, doi = {10.1145/2480759.2480761}, abstract = {We study the synthesis problem in an asynchronous distributed setting: a finite set of processes interact locally with an uncontrollable environment and communicate with each other by sending signals---actions controlled by a sender process and that are immediately received by the target process. The fair synthesis problem is to come up with a local strategy for each process such that the resulting fair behaviors of the system meet a given specification. We consider external specifications satisfying some natural closure properties related to the architecture. We present this new setting for studying the fair synthesis problem for distributed systems, and give decidability results for the subclass of networks where communications happen through a strongly connected graph. We claim that this framework for distributed synthesis is natural, convenient and avoids most of the usual sources of undecidability for the synthesis problem. Hence, it may open the way to a decidable theory of distributed synthesis.} }

@article{GS-ipl12, publisher = {Elsevier Science Publishers}, journal = {Information Processing Letters}, author = {Gastin, Paul and Sznajder, Nathalie}, title = {Decidability of well-connectedness for distributed synthesis}, pages = {963-968}, volume = {112}, number = {24}, month = dec, year = 2012, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-ipl12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GS-ipl12.pdf}, doi = {10.1016/j.ipl.2012.08.018}, abstract = {Although the synthesis problem is often undecidable for distributed, synchronous systems, it becomes decidable for the subclass of uniformly well-connected (UWC) architectures, provided that only robust specifications are considered. It is then an important issue to be able to decide whether a given architecture falls in this class. This is the problem addressed in this paper: we establish the decidability and precise complexity of checking this property. This problem is in EXPSPACE and NP-hard in the general case, but falls into PSPACE when restricted to a natural subclass of architectures.} }

@incollection{HM-lncis433, author = {Haar, Stefan and Masopust, Tom{\'a}{\v{s}}}, title = {Languages, Decidability, and Complexity}, booktitle = {Control of Discrete-Event Systems~-- Automata and {P}etri Net Perspectives}, editor = {Seatzu, Carla and Silva, Manuel and van Schuppen, Jan H.}, year = {2013}, pages = {23-43}, publisher = {Springer}, series = {Lecture Notes in Control and Information Sciences}, volume = 433, doi = {10.1007/978-1-4471-4276-8_2}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HM-lncis433.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HM-lncis433.pdf} }

@incollection{HS-lncis433, author = {Haar, Stefan and Fabre, {\'E}ric}, title = {Diagnosis with {P}etri Net Unfoldings}, booktitle = {Control of Discrete-Event Systems~-- Automata and {P}etri Net Perspectives}, editor = {Seatzu, Carla and Silva, Manuel and van Schuppen, Jan H.}, year = {2013}, pages = {301-318}, publisher = {Springer}, series = {Lecture Notes in Control and Information Sciences}, volume = 433, doi = {10.1007/978-1-4471-4276-8_15}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HS-lncis433.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HS-lncis433.pdf} }

@inproceedings{BDF-cdc12, address = {Maui, Hawaii, USA}, month = dec, year = 2012, publisher = {{IEEE} Control System Society}, acronym = {{CDC}'12}, booktitle = {{P}roceedings of the 51st {IEEE} {C}onference on {D}ecision and {C}ontrol ({CDC}'12)}, author = {Bu{\v{s}}i{\'c}, Ana and Djafri, Hilal and Fourneau, Jean-Michel}, title = {Bounded state space truncation and censored {M}arkov chains}, pages = {5828-5833}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-cdc12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDF-cdc12.pdf}, doi = {10.1109/CDC.2012.6426156}, abstract = {Censored Markov chains (CMC) allow to represent the conditional behavior of a system within a subset of observed states. They provide a theoretical framework to study the truncation of a discrete-time Markov chain when the generation of the state-space is too hard or when the number of states is too large. However, the stochastic matrix of a CMC may be difficult to obtain. Dayar \emph{et~al.} (2006) have proposed an algorithm, called DPY, that computes a stochastic bounding matrix for a CMC with a smaller complexity with only a partial knowledge of the chain. We prove that this algorithm is optimal for the information they take into account. We also show how some additional knowledge on the chain can improve stochastic bounds for~CMC.} }

@inproceedings{GM-ciaa12, address = {Porto, Portugal}, month = jul, year = 2012, volume = {7381}, series = {Lecture Notes in Computer Science}, publisher = {Springer-Verlag}, editor = {Moreira, Nelma and Reis, Rog{\'e}rio}, acronym = {{CIAA}'12}, booktitle = {{P}roceedings of the 17th {I}nternational {C}onference on {I}mplementation and {A}pplication of {A}utomata ({CIAA}'12)}, author = {Gastin, Paul and Monmege, Benjamin}, title = {Adding Pebbles to Weighted Automata}, pages = {28-51}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-ciaa12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-ciaa12.pdf}, doi = {10.1007/978-3-642-31606-7_4}, abstract = {We extend weighted automata and weighted rational expressions with 2-way moves and (reusable) pebbles. We show with examples from natural language modeling and quantitative model-checking that weighted expressions and automata with pebbles are more expressive and allow much more natural and intuitive specifications than classical ones.\par We extend Kleene-Sch{\"u}tzenberger theorem showing that weighted expressions and automata with pebbles have the same expressive power. We focus on an efficient translation from expressions to automata.\par We also prove that the evaluation problem for weighted automata can be done very efficiently if the number of (reusable) pebbles is low.} }

@inproceedings{BGMZ-atva12, address = {Thiruvananthapuram, India}, month = oct, year = {2012}, volume = {7561}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Mukund, Madhavan and Chakraborty, Supratik}, acronym = {{ATVA}'12}, booktitle = {{P}roceedings of the 10th {I}nternational {S}ymposium on {A}utomated {T}echnology for {V}erification and {A}nalysis ({ATVA}'12)}, author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and Zeitoun, Marc}, title = {A Probabilistic {K}leene Theorem}, pages = {400-415}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-atva12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-atva12.pdf}, doi = {10.1007/978-3-642-33386-6_31}, abstract = {We provide a Kleene Theorem for (Rabin) probabilistic automata over finite words. Probabilistic automata generalize deterministic finite automata and assign to a word an acceptance probability. We provide probabilistic expressions with probabilistic choice, guarded choice, concatenation, and a star operator. We prove that probabilistic expressions and probabilistic automata are expressively equivalent. Our result actually extends to two-way probabilistic automata with pebbles and corresponding expressions.} }

@phdthesis{djafri-phd2011, author = {Djafri, Hilal}, title = {Approches num{\'e}riques et statistiques pour le model checking des processus stochastiques}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2012, month = jun, url = {http://www.lsv.fr/Publis/PAPERS/PDF/djafri-these11.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/djafri-these11.pdf} }

@inproceedings{PHL-tap12, address = {Prague, Czech Republic}, month = may # {-} # jun, year = 2012, volume = 7305, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Brucker, Achim D. and Julliand, Jacques}, acronym = {{TAP}'12}, booktitle = {{P}roceedings of the 6th {I}nternational {C}onference on {T}ests and {P}roofs ({TAP}'12)}, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and Longuet, Delphine}, title = {Conformance Relations for Labeled Event Structures}, pages = {83-98}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-tap12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-tap12.pdf}, doi = {10.1007/978-3-642-30473-6_8}, abstract = {We propose a theoretical framework for testing concurrent systems from true concurrency models like Petri nets or networks of automata. The underlying model of computation of such formalisms are labeled event structures, which allow to represent concurrency explicitly. The activity of testing relies on the definition of a conformance relation that depends on the observable behaviors on the system under test, which is given for sequential systems by ioco type relations. However, these relations are not capable of capturing and exploiting concurrency of non sequential behavior. We~study different conformance relations for labeled event structures, relying on different notions of observation, and investigate their properties and connections.} }

@inproceedings{HSS-lics2012, address = {Dubrovnik, Croatia}, month = jun, year = 2012, publisher = {{IEEE} Computer Society Press}, acronym = {{LICS}'12}, booktitle = {{P}roceedings of the 27th {A}nnual {IEEE} {S}ymposium on {L}ogic in {C}omputer {S}cience ({LICS}'12)}, author = {Haddad, Serge and Schmitz, Sylvain and Schnoebelen, {\relax Ph}ilippe}, title = {The Ordinal-Recursive Complexity of Timed-Arc {P}etri Nets, Data Nets, and Other Enriched Nets}, pages = {355-364}, url = {http://hal.archives-ouvertes.fr/hal-00793811}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HSS-lics12.pdf}, doi = {10.1109/LICS.2012.46}, abstract = {We show how to reliably compute fast-growing functions with timed-arc Petri nets and data nets. This construction provides ordinal-recursive lower bounds on the complexity of the main decidable properties (safety, termination, regular simulation,~etc.) of these models. Since these new lower bounds match the upper bounds that one can derive from wqo theory, they precisely characterise the computational power of these so-called {"}enriched{"} nets.} }

@inproceedings{RS-concur12, address = {Newcastle, UK}, month = sep, year = 2012, volume = 7454, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Koutny, Maciej and Ulidowski, Irek}, acronym = {{CONCUR}'12}, booktitle = {{P}roceedings of the 23rd {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'12)}, author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan}, title = {Verification of {P}etri Nets with Read Arcs}, pages = {471-485}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-concur12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-concur12.pdf}, doi = {10.1007/978-3-642-32940-1_33}, abstract = {Recent work studied the unfolding construction for contextual nets, i.e. nets with read arcs. Such unfoldings are more concise and can usually be constructed more efficiently than for Petri nets. However, concrete verification algorithms exploiting these advantages were lacking so far. We address this question and propose SAT-based verification algorithms for deadlock and reachability of contextual nets. Moreover, we study optimizations of the SAT encoding and report on experiments.} }

@inproceedings{CGN-concur12, address = {Newcastle, UK}, month = sep, year = 2012, volume = 7454, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Koutny, Maciej and Ulidowski, Irek}, acronym = {{CONCUR}'12}, booktitle = {{P}roceedings of the 23rd {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'12)}, author = {Cyriac, Aiswarya and Gastin, Paul and Narayan Kumar, K.}, title = {{MSO} Decidability of Multi-Pushdown Systems via Split-Width}, pages = {547-561}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CGN-concur12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CGN-concur12.pdf}, doi = {10.1007/978-3-642-32940-1_38}, abstract = {Multi-threaded programs with recursion are naturally modeled as multi-pushdown systems. The behaviors are represented as multiply nested words (MNWs), which are words enriched with additional binary relations for each stack matching a push operation with the corresponding pop operation. Any MNW can be decomposed by two basic and natural operations: shuffle of two sequences of factors and merge of consecutive factors of a sequence. We say that the split-width of a MNW is~\(k\) if it admits a decomposition where the number of factors in each sequence is at most~\(k\). The MSO theory of MNWs with split-width~\(k\) is decidable. We introduce two very general classes of MNWs that strictly generalize known decidable classes and prove their MSO decidability via their split-width and obtain comparable or better bounds of tree-width of known classes.} }

@inproceedings{BHSS-concur12, address = {Newcastle, UK}, month = sep, year = 2012, volume = 7454, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Koutny, Maciej and Ulidowski, Irek}, acronym = {{CONCUR}'12}, booktitle = {{P}roceedings of the 23rd {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'12)}, author = {B{\'e}rard, B{\'e}atrice and Haddad, Serge and Sassolas, Mathieu and Sznajder, Nathalie}, title = {Concurrent Games on~{VASS} with Inhibition}, pages = {39-52}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHSS-CONCUR12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHSS-CONCUR12.pdf}, doi = {10.1007/978-3-642-32940-1_5}, abstract = {We propose to study concurrent games on a new extension of Vector Addition Systems with States, where inhibition conditions are added for modeling purposes. Games are a well-suited framework to solve control problems, and concurrent semantics reflect realistic situations where the environment can always produce a move before the controller, although it is never required to do so. This is in contrast with previous works, which focused mainly on turn-based semantics. Moreover, we consider asymmetric games, where environment and controller do not have the same capabilities, although they both have restricted power. In this setting, we investigate reachability and safety objectives, which are not dual to each other anymore, and we prove that (i)~reachability games are undecidable for finite targets, (ii)~they are 2-EXPTIME-complete for upward-closed targets and (iii)~safety games are co-NP-complete for finite, upward-closed and semi-linear targets. Moreover, for the decidable cases, we build a finite representation of the corresponding controllers.} }

@inproceedings{BC-concur12, address = {Newcastle, UK}, month = sep, year = 2012, volume = 7454, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Koutny, Maciej and Ulidowski, Irek}, acronym = {{CONCUR}'12}, booktitle = {{P}roceedings of the 23rd {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'12)}, author = {Balaguer, Sandie and Chatain, {\relax Th}omas}, title = {Avoiding Shared Clocks in Networks of Timed Automata}, pages = {100-114}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-concur12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-concur12.pdf}, doi = {10.1007/978-3-642-32940-1_9}, abstract = {Networks of timed automata~(NTA) are widely used to model distributed real-time systems. Quite often in the literature, the automata are allowed to share clocks. This is a problem when one considers implementing such model in a distributed architecture, since reading clocks a priori requires communications which are not explicitly described in the model. We focus on the following question: given a NTA \(A_{1} \parallel A_{2}\) where \(A_{2}\) reads some clocks reset by~\(A_{1}\), does there exist a NTA \(A'_{1} \parallel A'_{2}\) without shared clocks with the same behavior as the initial NTA? For this, we allow the automata to exchange information during synchronizations only. We discuss a formalization of the problem and give a criterion using the notion of contextual timed transition system, which represents the behavior of~\(A_{2}\) when in parallel with~\(A_{1}\). Finally, we effectively build \(A'_{1} \parallel A'_{2}\) when it exists.} }

@inproceedings{AMH-safep12, address = {Mexico City, Mexico}, month = aug, year = 2012, publisher = {IFAC}, acronym = {{SAFEPROCESS}'12}, booktitle = {{P}roceedings of the 8th {IFAC} {S}ymposium on {F}ault {D}etection, {S}upervision and {S}afety for {T}echnical {P}rocesses ({SAFEPROCESS}'12)}, author = {Agarwal, Anoopam and Madalinski, Agnes and Haar, Stefan}, title = {Effective Verification of Weak Diagnosability}, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/AMH-safep12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AMH-safep12.pdf}, doi = {10.3182/20120829-3-MX-2028.00083}, abstract = {The \emph{diagnosability} problem can be stated as follows: does a given labeled Discrete Event System allow for an outside observer to determine the occurrence of the {"}invisible{"} fault, no later than a bounded number of events after that unobservable occurrence, and based on the partial observation of the behaviour? When this problem is investigated in the context of concurrent systems, partial order semantics induces a separation between classical or strong diagnosability on the one hand, and \emph{weak diagnosability} on the other hand. The present paper presents the first solution for checking weak diagnosability, via a \emph{verifier} construction.} }

@inproceedings{BDL-tase12, address = {Beijing, China}, month = jul, year = 2012, publisher = {{IEEE} Computer Society Press}, noeditor = {}, acronym = {{TASE}'12}, booktitle = {{P}roceedings of the 6th {I}nternational {S}ymposium on {T}heoretical {A}spects of {S}oftware {E}ngineering ({TASE}'12)}, author = {Bollig, Benedikt and Decker, Normann and Leucker, Martin}, title = {Frequency Linear-time Temporal Logic}, pages = {85-92}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BDL-tase12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BDL-tase12.pdf}, doi = {10.1109/TASE.2012.43}, abstract = {We propose fLTL, an extension to linear-time temporal logic (LTL) that allows for expressing relative frequencies by a generalization of temporal operators. This facilitates the specification of requirements such as the deadlines in a real-time system must be met in at least~\(95\%\) of all cases. For our novel logic, we establish an undecidability result regarding the satisfiability problem but identify a decidable fragment which strictly increases the expressiveness of LTL by allowing, e.g., to express non-context-free properties.} }

@incollection{topnoc12-ehh, year = 2012, volume = 6900, series = {Lecture Notes in Computer Science}, editor = {Jensen, Kurt and Donatelli, Susanna and Kleijn, Jetty}, publisher = {Springer}, booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{V}}, author = {El{~}Hog{-}Benzina, Dorsaf and Haddad, Serge and Hennicker, Rolf}, title = {Refinement and Asynchronous Composition of Modal {P}etri Nets}, pages = {96-120}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc12-ehh.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc12-ehh.pdf}, doi = {10.1007/978-3-642-29072-5_4}, abstract = {We propose a framework for the specification of infinite state systems based on Petri nets with distinguished \emph{may}- and \emph{must}-transitions (called modalities) which specify the allowed and the required behavior of refinements and hence of implementations. For any modal Petri net, we define its generated modal language specification which abstracts away silent transitions. On this basis we consider refinements of modal Petri nets by relating their generated modal language specifications. We show that this refinement relation is decidable if the underlying modal Petri nets are weakly deterministic. We also show that the membership problem for the class of weakly deterministic modal Petri nets is decidable. As an important application scenario of our approach we consider I/O-Petri nets and their asynchronous composition which typically leads to an infinite state system.} }

@article{BCH-fmsd12, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {Balaguer, Sandie and Chatain, {\relax Th}omas and Haar, Stefan}, title = {A~Concurrency-Preserving Translation from Time {P}etri Nets to Networks of Timed Automata}, year = 2012, month = jun, volume = 40, number = 3, pages = {330-355}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fmsd12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCH-fmsd12.pdf}, doi = {10.1007/s10703-012-0146-4}, abstract = {Several formalisms to model distributed real-time systems coexist in the literature. This naturally induces a need to compare their expressiveness and to translate models from one formalism to another when possible. The first formal comparisons of the expressiveness of these models focused on the preservation of the sequential behavior of the models, using notions like timed language equivalence or timed bisimilarity. They do not consider preservation of concurrency. In~this paper we define timed traces as a partial order representation of executions of our models for real-time distributed systems. Timed traces provide an alternative to timed words, and take the distribution of actions into account. We propose a translation between two popular formalisms that describe timed concurrent systems: \(1\)-bounded time Petri nets~(TPN) and networks of timed automata~(NTA). Our translation preserves the distribution of actions, that is we require that if the TPN represents the product of several components (called processes), then each process should have its counterpart as one timed automaton in the resulting~NTA.} }

@article{BHS-fmsd2012, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {B{\'e}rard, B{\'e}atrice and Haddad, Serge and Sassolas, Mathieu}, title = {Interrupt Timed Automata: Verification and Expressiveness}, year = {2012}, month = feb, volume = {40}, number = {1}, pages = {41-87}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-fmsd12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHS-fmsd12.pdf}, doi = {10.1007/s10703-011-0140-2}, abstract = {We introduce the class of Interrupt Timed Automata (ITA), a subclass of hybrid automata well suited to the description of timed multi-task systems with interruptions in a single processor environment.\par While the reachability problem is undecidable for hybrid automata we show that it is decidable for ITA. More precisely we prove that the untimed language of an ITA is regular, by building a finite automaton as a generalized class graph. We then establish that the reachability problem for ITA is in NEXPTIME and in PTIME when the number of clocks is fixed. To prove the first result, we define a subclass ITA\(_{-}\) of ITA, and show that (1)~any ITA can be reduced to a language-equivalent automaton in ITA\(_{-}\) and (2)~the reachability problem in this subclass is in NEXPTIME (without any class graph).\par In the next step, we investigate the verification of real time properties over ITA. We prove that model checking SCL, a fragment of a timed linear time logic, is undecidable. On the other hand, we give model checking procedures for two fragments of timed branching time logic.\par We also compare the expressive power of classical timed automata and ITA and prove that the corresponding families of accepted languages are incomparable. The result also holds for languages accepted by controlled real-time automata (CRTA), that extend timed automata. We finally combine ITA with CRTA, in a model which encompasses both classes and show that the reachability problem is still decidable. Additionally we show that the languages of ITA are neither closed under complementation nor under intersection.} }

@article{BK-jal12, publisher = {Elsevier Science Publishers}, journal = {Journal of Applied Logic}, author = {Bollig, Benedikt and Kuske, Dietrich}, title = {An optimal construction of {H}anf sentences}, year = {2012}, month = jun, volume = {10}, number = {2}, pages = {179-186}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BK-jal12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BK-jal12.pdf}, doi = {10.1016/j.jal.2012.01.002}, abstract = {We give a new construction of formulas in Hanf normal form that are equivalent to first-order formulas over structures of bounded degree. This is the first algorithm whose running time is shown to be elementary. The triply exponential upper bound is complemented by a matching lower bound.} }

@article{GMM-fmsd2012, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {Ganty, Pierre and Majumdar, Rupak and Monmege, Benjamin}, title = {Bounded underapproximations}, year = {2012}, month = apr, volume = {40}, number = {2}, pages = {206-231}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GMM-fmsd12.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GMM-fmsd12.pdf}, doi = {10.1007/s10703-011-0136-y}, abstract = {We show a new and constructive proof of the following language-theoretic result: for every context-free language~\(L\), there is a bounded context-free language \(L'\subseteq L\) which has the same Parikh (commutative) image as~\(L\). Bounded languages, introduced by Ginsburg and Spanier, are subsets of regular languages of the form \(w_{1}^{*}w_{2}^{*}\cdots w_{m}^{*}\) for some \(w_1,\cdots,w_{m}\in \Sigma^{*}\). In particular bounded context-free languages have nice structural and decidability properties. Our proof proceeds in two parts. First, we give a new construction that shows that each context free language~\(L\) has a subset~\(L_{N}\) that has the same Parikh image as~\(L\) and that can be represented as a sequence of substitutions on a linear language. Second, we inductively construct a Parikh-equivalent bounded context-free subset of~\(L_{N}\).\par We show two applications of this result in model checking: to underapproximate the reachable state space of multithreaded procedural programs and to underapproximate the reachable state space of recursive counter programs. The bounded language constructed above provides a decidable underapproximation for the original problems. By iterating the construction, we get a semi-algorithm for the original problems that constructs a sequence of underapproximations such that no two underapproximations of the sequence can be compared. This provides a progress guarantee: every word~\(w\in L\) is in some underapproximation of the sequence, and hence, a program bug is guaranteed to be found. In particular, we show that verification with bounded languages generalizes context-bounded reachability for multithreaded programs.} }

@phdthesis{chatain-HDR13, author = {Chatain, {\relax Th}omas}, title = {Concurrency in Real-Time Distributed Systems, from Unfoldings to Implementability}, year = 2013, month = dec, type = {M{\'e}moire d'habilitation}, school = {{\'E}cole Normale Sup{\'e}rieure de Cachan, France}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-chatain13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-chatain13.pdf} }

@phdthesis{crodriguez-phd2013, author = {Rodr{\'\i}guez, C{\'e}sar}, title = {Verification Based on Unfoldings of {P}etri Nets with Read Arcs}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2013, month = dec, url = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-phd13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/cr-phd13.pdf} }

@misc{impro-D51, author = {Bouyer, Patricia and Faucou, S{\'e}bastien and Haar, Stefan and Jovanivi{\'c}, Aleksandra and Lime, Didier and Markey, Nicolas and Roux, Olivier H. and Sankur, Ocan}, title = {Control tasks for Timed System; Robustness issues}, howpublished = {Deliverable ImpRo~5.1, (ANR-10-BLAN-0317)}, month = jan, year = {2013}, note = {34~pages}, type = {Contract Report}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d51.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/impro-d51.pdf} }

@phdthesis{schwoon-HDR13, author = {Schwoon, Stefan}, title = {Efficient verification of sequential and concurrent systems}, year = 2013, month = dec, type = {M{\'e}moire d'habilitation}, school = {{\'E}cole Normale Sup{\'e}rieure de Cachan, France}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-schwoon13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-schwoon13.pdf} }

@article{BC-lmcs13, journal = {Logical Methods in Computer Science}, author = {Balaguer, Sandie and Chatain, {\relax Th}omas}, title = {Avoiding Shared Clocks in Networks of Timed Automata}, volume = 9, number = {4:13}, nopages = {}, year = 2013, month = nov, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-lmcs13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BC-lmcs13.pdf}, doi = {10.2168/LMCS-9(4:13)2013}, abstract = {Networks of timed automata~(NTA) are widely used to model distributed real-time systems. Quite often in the literature, the automata are allowed to share clocks. This is a problem when one considers implementing such model in a distributed architecture, since reading clocks a priori requires communications which are not explicitly described in the model. We focus on the following question: given a NTA \(A_{1} \parallel A_{2}\) where \(A_{2}\) reads some clocks reset by~\(A_{1}\), does there exist a NTA \(A'_{1} \parallel A'_{2}\) without shared clocks with the same behavior as the initial NTA? For this, we allow the automata to exchange information during synchronizations only. We discuss a formalization of the problem and give a criterion using the notion of contextual timed transition system, which represents the behavior of~\(A_{2}\) when in parallel with~\(A_{1}\). Finally, we effectively build \(A'_{1} \parallel A'_{2}\) when it exists.} }

@phdthesis{monmege-phd2013, author = {Monmege, Benjamin}, title = {Sp{\'e}cification et v{\'e}rification de propri{\'e}t{\'e}s quantitatives~: expressions, logiques, et automates}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2013, month = oct, url = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-phd13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/monmege-phd13.pdf} }

@inproceedings{HHMS-fsttcs13, address = {Guwahati, India}, month = dec, year = 2013, volume = {24}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Seth, Anil and Vishnoi, Nisheeth}, acronym = {{FSTTCS}'13}, booktitle = {{P}roceedings of the 33rd {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'13)}, author = {Haar, Stefan and Haddad, Serge and Melliti, Tarek and Schwoon, Stefan}, title = {Optimal Constructions for Active Diagnosis}, pages = {527-539}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HHMS13-fsttcs.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHMS13-fsttcs.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2013.527}, abstract = {The task of diagnosis consists in detecting, without ambiguity, occurrence of faults in a partially observed system. Depending on the degree of observability, a discrete event system may be diagnosable or not. Active diagnosis aims at controlling the system in order to make it diagnosable. Solutions have already been proposed for the active diagnosis problem, but their complexity remains to be improved. We solve here the active diagnosability decision problem and the active diagnoser synthesis problem, proving that (1)~our procedures are optimal w.r.t. to computational complexity, and (2)~the memory required for the active diagnoser produced by the synthesis is minimal. Furthermore, focusing on the minimal delay before detection, we establish that the memory required for any active diagnoser achieving this delay may be highly greater than the previous one. So we refine our construction to build with the same complexity and memory requirement an active diagnoser that realizes a delay bounded by twice the minimal delay.} }

@inproceedings{EJS-fsttcs13, address = {Guwahati, India}, month = dec, year = 2013, volume = {24}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Seth, Anil and Vishnoi, Nisheeth}, acronym = {{FSTTCS}'13}, booktitle = {{P}roceedings of the 33rd {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'13)}, author = {Esparza, Javier and Jezequel, Lo{\"\i}g and Schwoon, Stefan}, title = {Computation of summaries using net unfoldings}, pages = {225-236}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/EJS-fsttcs13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/EJS-fsttcs13.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2013.225}, abstract = {We study the following summarization problem: given a parallel composition \(A = A_1\Vert\cdots\Vert A_n\) of labelled transition systems communicating with the environment through a distinguished component \(A_i\), efficiently compute a summary~\(S_i\) such that \(E\Vert A\) and \(E\Vert S_i\) are trace-equivalent for every environment~\(E\). While \(S_i\) can be computed using elementary automata theory, the resulting algorithm suffers from the state-explosion problem. We present a new, simple but subtle algorithm based on net unfoldings, a partial-order semantics, give some experimental results using an implementation on top of Mole, and show that our algorithm can handle divergences and compute weighted summaries with minor modifications.} }

@inproceedings{RS-fsfma13, address = {Singapore}, month = jul, year = 2013, volume = 31, series = {Open Access Series in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Choppy, {\relax Ch}ristine and Sun, Jun}, acronym = {{FSFMA}'13}, booktitle = {{P}roceedings of the 1st {F}rench-{S}ingaporean {W}orkshop on {F}ormal {M}ethods and {A}pplications ({FSFMA}'13)}, author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan}, title = {An Improved Construction of {P}etri Net Unfoldings}, pages = {47-52}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-fsfma13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-fsfma13.pdf}, doi = {10.4230/OASIcs.FSFMA.2013.47}, abstract = {Petri nets are a well-known model language for concurrent systems. The unfolding of a Petri net is an acyclic net bisimilar to the original one. Because it is acyclic, it admits simpler decision problems though it is in general larger than the net. In this paper, we revisit the problem of efficiently constructing an unfolding. We propose a new method that avoids computing the concurrency relation and therefore uses less memory than some other methods but still represents a good time-space tradeoff. We implemented the approach and report on experiments.} }

@article{HMY-jocs13, publisher = {Elsevier Science Publishers}, journal = {Journal of Computational Science}, author = {Haddad, Serge and Mokdad, Lynda and Youcef, Samir}, title = {Bounding models families for performance evaluation in composite Web services}, volume = {4}, number = {4}, year = {2013}, pages = {232-241}, month = jul, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-jocs13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMY-jocs13.pdf}, doi = {10.1016/j.jocs.2011.11.003}, abstract = {One challenge of composite Web service architectures is the guarantee of the Quality of Service~(QoS). Performance evaluation of these architectures is essential but complex due to synchronizations inside the orchestration of services. We propose methods to automatically derive from the original model a family of bounding models for the composite Web response time. These models allow to find the appropriate trade-off between accuracy of the bounds and the computational complexity. The numerical results show the interest of our approach w.r.t. complexity and accuracy of the response time bounds.} }

@inproceedings{CH-pnse13, address = {Milano, Italy}, month = jun, year = 2013, volume = 969, series = {CEUR Workshop Proceedings}, publisher = {RWTH Aachen, Germany}, editor = {Moldt, Daniel and R{\"o}lke, Heiko}, acronym = {{PNSE}'13}, booktitle = {{P}roceedings of the 7th {I}nternational {W}orkshop on {P}etri {N}ets and {S}oftware {E}ngineering ({PNSE}'13)}, author = {Chatain, {\relax Th}omas and Haar, Stefan}, title = {A~Canonical Contraction for Safe {P}etri Nets}, pages = {25-39}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CH-pnse13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CH-pnse13.pdf}, abstract = {Under maximal semantics, the occurrence of an event~\(a\) in a concurrent run of an occurrence net may imply the occurrence of other events, not causally related to~\(a\), in the same run. In recent works, we have formalized this phenomenon as the \emph{reveals} relation, and used it to obtain a contraction of sets of events called \emph{facets} in the context of occurrence nets. Here, we extend this idea to propose a canonical contraction of general safe Petri nets into pieces of partial-order behaviour which can be seen as {"}macro-transitions{"} since all their events must occur together in maximal semantics. On occurrence nets, our construction coincides with the facets abstraction. Our contraction preserves the maximal semantics in the sense that the maximal processes of the contracted net are in bijection with those of the original net.} }

@inproceedings{PHL-ictss13, address = {Istanbul, Turkey}, month = nov, year = 2013, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Yenig{\"u}n, H{\"u}sn{\"u} and Yilmaz, Cemal and Ulrich, Andreas}, acronym = {{ICTSS}'13}, booktitle = {{P}roceedings of the 25th {IFIP} {I}nternational {C}onference on {T}esting {S}oftware and {S}ystems ({ICTSS}'13)}, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and Longuet, Delphine}, title = {Unfolding-based Test Selection for Concurrent Conformance}, pages = {98-113}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictss13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictss13.pdf}, doi = {10.1007/978-3-642-41707-8_7}, abstract = {Model-based testing has mainly focused on models where currency is interpreted as interleaving (like the ioco theory for labeled transition systems), which may be too coarse when one wants concurrency to be preserved in the implementation. In order to test such concurrent systems, we choose to use Petri nets as specifications and define a concurrent conformance relation named co-ioco. We propose a test generation algorithm based on Petri net unfolding able to build a complete test suite w.r.t our co-ioco conformance relation. In addition we propose a coverage criterion based on a dedicated notion of complete prefixes that selects a manageable test suite.} }

@inproceedings{PBB-dx13, address = {Jerusalem, Israel}, month = oct, year = 2013, editor = {Kalech, Meir and Feldman, Alexander and Provan, Gregory}, acronym = {{DX}'13}, booktitle = {{P}roceedings of the 24th {I}nternational {W}orkshop on {P}rinciples of {D}iagnosis ({DX}'13)}, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Bonigo, Gonzalo and Brand{\'a}n{ }Briones, Laura}, title = {Distributed Analysis of Diagnosability in Concurrent Systems}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/PBB-dx13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PBB-dx13.pdf}, abstract = {Complex systems often exhibit unexpected faults that are difficult to handle. Such systems are desirable to be diagnosable, i.e. faults can be automatically detected as they occur (or shortly afterwards), enabling the system to handle the fault or recover. A system is diagnosable if it is possible to detect every fault, in a finite time after they occurred, by only observing the available information from the system. Complex systems are usually built from simpler components running concurrently. We study how to infer the diagnosability property of a complex system (distributed and with multiple faults) from a parallelized analysis of the diagnosability of each of its components synchronizing with fault free versions of the others. In this paper we make the following contributions: (1)~we~address the diagnosability problem of concurrent systems with arbitrary faults occurring freely in each component. (2)~We~distribute the diagnosability analysis and illustrate our approach with examples. Moreover, (3)~we~present a prototype tool that implements our techniques showing promising results.} }

@inproceedings{ABDHHKLP-icfem13, address = {Queenstown, New~Zealand}, month = oct # {-} # nov, year = 2013, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Groves, Lindsay and Sub, Jing}, acronym = {{ICFEM}'13}, booktitle = {{P}roceedings of the 15th {I}nternational {C}onference on {F}ormal {E}ngineering {M}ethods ({ICFEM}'13)}, author = {Andr{\'e}, {\'E}tienne and Barbot, Beno{\^\i}t and D{\'e}moulins, Cl{\'e}ment and Hillah, Lom Messan and Hulin{-}Hubard, Francis and Kordon, Fabrice and Linard, Alban and Petrucci, Laure}, title = {A Modular Approach for Reusing Formalisms in Verification Tools of Concurrent Systems}, pages = {199-214}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABDHHKLP-icfem13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABDHHKLP-icfem13.pdf}, doi = {10.1007/978-3-642-41202-8_14}, abstract = {Over the past two decades, numerous verification tools have been successfully used for verifying complex concurrent systems, modelled using various formalisms. However, it is still hard to coordinate these tools since they rely on such a large number of formalisms. Having a proper syntactical mechanism to interrelate them through variability would increase the capability of effective integrated formal methods. In this paper, we propose a modular approach for defining new formalisms by reusing existing ones and adding new features and/or constraints. Our approach relies on standard XML technologies; their use provides the capability of rapidly and automatically obtaining tools for representing and validating models. It thus enables fast iterations in developing and testing complex formalisms. As a case study, we applied our modular definition approach on families of Petri nets and timed automata.} }

@inproceedings{AHHKLLP-iceccs13, address = {Singapore}, month = jul, year = 2013, publisher = {{IEEE} Computer Society Press}, editor = {Liu, Yang and Martin, Andrew}, acronym = {{ICECCS}'13}, booktitle = {{P}roceedings of the 18th {IEEE} {I}nternational {C}onference on {E}ngineering of {C}omplex {C}omputer {S}ystems ({ICECCS}'13)}, author = {Andr{\'e}, {\'E}tienne and Hillah, Lom Messan and Hulin{-}Hubard, Francis and Kordon, Fabrice and Lembachar, Yousra and Linard, Alban and Petrucci, Laure}, title = {{C}osy{V}erif: An~Open Source Extensible Verification Environment}, pages = {33-36}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/AHHKLLP-iceccs13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AHHKLLP-iceccs13.pdf}, doi = {10.1109/ICECCS.2013.15}, abstract = {CosyVerif aims at gathering within a common framework various existing tools for specification and verification. It has been designed in order to 1)~support different formalisms with the ability to easily create new ones, 2)~provide a graphical user interface for every formalism, 3)~include verification tools called via the graphical interface or via an API as a Web service, and 4)~offer the possibility for a developer to integrate his/her own tool without much effort, also allowing it to interact with the other tools. Several tools have already been integrated for the formal verification of (extensions~of) Petri nets and timed automata.} }

@inproceedings{RS-atva13, address = {Hanoi, Vietnam}, month = oct, year = {2013}, volume = {8172}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Dang{-}Van, Hung and Ogawa, Mizuhito}, acronym = {{ATVA}'13}, booktitle = {{P}roceedings of the 11th {I}nternational {S}ymposium on {A}utomated {T}echnology for {V}erification and {A}nalysis ({ATVA}'13)}, author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan}, title = {Cunf: A~Tool for Unfolding and Verifying Petri Nets with Read Arcs}, pages = {492-495}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-atva13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RS-atva13.pdf}, doi = {10.1007/978-3-319-02444-8_42}, abstract = {Cunf is a tool for building and analyzing unfoldings of Petri nets with read arcs. An unfolding represents the behaviour of a net by a partial order, effectively coping with the state-explosion problem stemming from the interleaving of concurrent actions. C-net unfoldings can be up to exponentially smaller than Petri net unfoldings, and recent work proposed algorithms for their construction and verification. Cunf is the first implementation of these techniques, it has been carefully engineered and optimized to ensure that the theoretical gains are put into practice.} }

@inproceedings{HRS-acsd13, address = {Barcelona, Spain}, month = jul, year = 2013, publisher = {{IEEE} Computer Society Press}, editor = {Pietkiewicz{-}Koutny, Marta and Lazarescu, Mihai Teodor}, acronym = {{ACSD}'13}, booktitle = {{P}roceedings of the 13th {I}nternational {C}onference on {A}pplication of {C}oncurrency to {S}ystem {D}esign ({ACSD}'13)}, author = {Haar, Stefan and Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan}, title = {Reveal Your Faults: It's Only Fair!}, pages = {120-129}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HRS-acsd13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HRS-acsd13.pdf}, doi = {10.1109/ACSD.2013.15}, abstract = {We present a methodology for fault diagnosis in concurrent, partially observable systems with additional fairness constraints. In this weak diagnosis, one asks whether a concurrent chronicle of observed events allows to determine that a non-observable fault will inevitably occur, sooner or later, on any maximal system run compatible with the observation. The approach builds on strengths and techniques of unfoldings of safe Petri nets, striving to compute a compact prefix of the unfolding that carries sufficient information for the diagnosis algorithm. Our work extends and generalizes the unfolding-based diagnosis approaches by Benveniste \textit{et~al.} as well as Esparza and Kern. Both of these focused mostly on the use of sequential observations, in particular did not exploit the capacity of unfoldings to reveal inevitable occurrences of concurrent or future events studied by Balaguer \textit{et~al.}. Our diagnosis method captures such indirect, revealed dependencies. We~develop theoretical foundations and an algorithmic solution to the diagnosis problem, and present a SAT solving method for practical diagnosis with our approach.} }

@article{HKS-tcs13, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {Haar, Stefan and Kern, Christian and Schwoon, Stefan}, title = {Computing the Reveals Relation in Occurrence Nets}, year = 2013, month = jul, volume = 493, pages = {66-79}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-tcs13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HKS-tcs13.pdf}, doi = {10.1016/j.tcs.2013.04.028}, abstract = {Petri net unfoldings are a useful tool to tackle state-space explosion in verification and related tasks. Moreover, their structure allows to access directly the relations of causal precedence, concurrency, and conflict between events. Here, we explore the data structure further, to determine the following relation: event~\(a\) is said to reveal event~\(b\) iff the occurrence of~\(a\) implies that~\(b\) inevitably occurs, too, be it before, after, or concurrently with~\(a\). Knowledge of reveals facilitates in particular the analysis of partially observable systems, in the context of diagnosis, testing, or verification; it can also be used to generate more concise representations of behaviours via abstractions. The reveals relation was previously introduced in the context of fault diagnosis, where it was shown that the reveals relation was decidable: for a given pair~\(a,b\) in the unfolding~\(U\) of a safe Petri net~\(N\), a finite prefix~\(P\) of~\(U\) is sufficient to decide whether or not \(a\) reveals~\(b\). In this paper, we first considerably improve the bound on~\(|P|\). We then show that there exists an efficient algorithm for computing the relation on a given prefix. We have implemented the algorithm and report on experiments.} }

@inproceedings{ABHH-qest13, address = {Buenos Aires, Argentina}, month = aug, year = 2013, publisher = {{IEEE} Computer Society Press}, acronym = {{QEST}'13}, booktitle = {{P}roceedings of the 10th {I}nternational {C}onference on {Q}uantitative {E}valuation of {S}ystems ({QEST}'13)}, author = {Akshay, S. and Bertrand, Nathalie and Haddad, Serge and H{\'e}lou{\"e}t, Lo{\"\i}c}, title = {The steady-state control problem for Markov decision processes}, pages = {290-304}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABHH-qest13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABHH-qest13.pdf}, doi = {10.1007/978-3-642-40196-1_26}, abstract = {This paper addresses a control problem for probabilistic models in the setting of Markov decision processes~(MDP). We~are interested in the steady-state control problem which asks, given an ergodic MDP~\(M\) and a distribution~\(\delta_{\text{goal}}\), whether there exists a (history-dependent randomized) policy \(\pi\) ensuring that the steady-state distribution of~\(M\) under~\(\pi\) is exactly~\(\delta_{\text{goal}}\). We~first show that stationary randomized policies suffice to achieve a given steady-state distribution. Then we infer that the steady-state control problem is decidable for~MDP, and can be represented as a linear program which is solvable in PTIME. This decidability result extends to labeled MDP (LMDP) where the objective is a steady-state distribution on labels carried by the states, and we provide a PSPACE algorithm. We also show that a related steady-state language inclusion problem is decidable in EXPTIME for LMDP. Finally, we prove that if we consider MDP under partial observation (POMDP), the steady-state control problem becomes undecidable.} }

@inproceedings{CJ-formats13, address = {Buenos Aires, Argentina}, month = aug, year = 2013, volume = 8053, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Braberman, V{\'\i}ctor and Fribourg, Laurent}, acronym = {{FORMATS}'13}, booktitle = {{P}roceedings of the 11th {I}nternational {C}onference on {F}ormal {M}odelling and {A}nalysis of {T}imed {S}ystems ({FORMATS}'13)}, author = {Chatain, {\relax Th}omas and Jard, Claude}, title = {Back in Time {P}etri Nets}, pages = {91-105}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-formats13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CJ-formats13.pdf}, doi = {10.1007/978-3-642-40229-6_7}, abstract = {The time progress assumption is at the core of the semantics of real-time formalisms. It is also the major obstacle to the development of partial-order techniques for real-time distributed systems since the events are ordered both by causality and by their occurrence in time. Anyway, extended free choice safe time Petri nets (TPNs) were already identified as a class where partial order semantics behaves well. We show that, for this class, the time progress assumption can even be dropped (time may go back in case of concurrency), which establishes a nice relation between partial-order semantics and time progress assumption.} }

@inproceedings{BKM-lics13, address = {New-Orleans, Louisiana, USA}, month = jun, year = 2013, publisher = {{IEEE} Computer Society Press}, acronym = {{LICS}'13}, booktitle = {{P}roceedings of the 28th {A}nnual {IEEE} {S}ymposium on {L}ogic in {C}omputer {S}cience ({LICS}'13)}, author = {Bollig, Benedikt and Kuske, Dietrich and Mennicke, Roy}, title = {The Complexity of Model Checking Multi-Stack Systems}, pages = {163-170}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lics13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BKM-lics13.pdf}, doi = {10.1109/LICS.2013.22}, abstract = {We consider the linear-time model-checking problem for boolean concurrent programs with recursive procedure calls. While sequential recursive programs are usually modeled as pushdown automata, concurrent recursive programs involve several processes and can be naturally abstracted as pushdown automata with multiple stacks. Their behavior can be understood as words with multiple nesting relations, each relation connecting a procedure call with its corresponding return. To reason about multiply nested words, we consider the class of all temporal logics as defined in the book by Gabbay, Hodkinson, and Reynolds~(1994). The unifying feature of these temporal logics is that their modalities are defined in monadic second-order~(MSO) logic. In particular, this captures numerous temporal logics over concurrent and/or recursive programs that have been defined so far. Since the general model checking problem is undecidable, we restrict attention to phase bounded executions as proposed by La~Torre, Madhusudan, and Parlato (LICS~2007). While the MSO model checking problem in this case is non-elementary, our main result states that the model checking (and satisfiability) problem for all MSO-definable temporal logics is decidable in elementary time. More precisely, it is solvable in \((n+2)\)-EXPTIME where \(n\) is the maximal level of the MSO modalities in the monadic quantifier alternation hierarchy. We complement this result and provide, for each level~\(n\), a~temporal logic whose model checking problem is \(n\)-EXPSPACE-hard.} }

@inproceedings{ABBDF-pads13, address = {Montreal, Canada}, month = may, year = 2013, publisher = {ACM Press}, editor = {Wainer, Gabriel A.}, acronym = {{PADS}'13}, booktitle = {{P}roceedings of the 1st {ACM} {SIGSIM} {C}onference on {P}rinciples of {A}dvanced {D}iscrete {S}imulation ({PADS}'13)}, author = {Amparore, Elvio Gilberto and Barbot, Beno{\^\i}t and Beccuti, Marco and Donatelli, Susanna and Franceschinis, Giuliana}, title = {Simulation-based Verification of Hybrid Automata Stochastic Logic Formulas for Stochastic Symmetric Nets}, pages = {253-264}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABBDF-pads13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABBDF-pads13.pdf}, doi = {10.1145/2486092.2486124}, abstract = {The Hybrid Automata Stochastic Logic (HASL) has been recently defined as a flexible way to express classical performance measures as well as more complex, path-based ones (generically called {"}HASL formulas{"}). The considered paths are executions of Generalized Stochastic Petri Nets (GSPN), which are an extension of the basic Petri net formalism to define discrete event stochastic processes. The computation of the HASL formulas for a GSPN model is demanded to the COSMOS tool, that applies simulation techniques to the formula computation. Stochastic Symmetric Nets (SSN) are an high level Petri net formalism, of the \emph{colored} type, in which tokens can have an identity, and it is well known that colored Petri nets allow one to describe systems in a more compact and parametric form than basic (uncolored) Petri nets. In this paper we propose to extend HASL and COSMOS to support colors, so that performance formulas for SSN can be easily defined and evaluated. This requires a new definition of the logic, to ensure that colors are taken into account in a correct and useful manner, and a significant extension of the COSMOS tool.} }

@inproceedings{BHLM-dlt13, address = {Marne-la-Vall{\'e}e, France}, month = jun, year = 2013, volume = {7907}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {B{\'e}al, Marie-Pierre and Carton, Olivier}, acronym = {{DLT}'13}, booktitle = {{P}roceedings of the 17th {I}nternational {C}onference on {D}evelopments in {L}anguage {T}heory ({DLT}'13)}, author = {Bollig, Benedikt and Habermehl, Peter and Leucker, Martin and Monmege, Benjamin}, title = {A~Fresh Approach to Learning Register Automata}, pages = {118-130}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHLM-dlt13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHLM-dlt13.pdf}, doi = {10.1007/978-3-642-38771-5_12}, abstract = {This paper provides an Angluin-style learning algorithm for a class of register automata supporting the notion of \emph{fresh} data values. More specifically, we introduce \emph{session automata} which are well suited for modeling protocols in which sessions using fresh values are of major interest, like in security protocols or ad-hoc networks. We show that session automata (i)~have an expressiveness partly extending, partly reducing that of register automata, (ii)~admit a symbolic regular representation, and (iii)~have a decidable equivalence and model-checking problem (unlike register automata). Using these results, we establish a learning algorithm to infer session automata through membership and equivalence queries. Finally, we strengthen the robustness of our automaton by its characterization in monadic second-order logic.} }

@inproceedings{BCHKS-lata13, address = {Bilbao, Spain}, month = apr, year = 2013, volume = {7810}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Dediu, Adrian Horia and Mart{\'\i}n-Vide, Carlos and Truthe, Bianca}, acronym = {{LATA}'13}, booktitle = {{P}roceedings of the 7th {I}nternational {C}onference on {L}anguage and {A}utomata {T}heory and {A}pplications ({LATA}'13)}, author = {Bollig, Benedikt and Cyriac, Aiswarya and H{\'e}lou{\"e}t, Lo{\"\i}c and Kara, Ahmet and Schwentick, {\relax Th}omas}, title = {Dynamic Communicating Automata and Branching High-Level {MSC}s}, pages = {177-189}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHKS-lata13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCHKS-lata13.pdf}, doi = {10.1109/REVET.2012.6195253}, abstract = {We study dynamic communicating automata~(DCA), an~extension of classical communicating finite-state machines that allows for dynamic creation of processes. The behavior of a DCA can be described as a set of message sequence charts~(MSCs). While DCA serve as a model of an implementation, we propose branching high-level MSCs~(bHMSCs) on the specification side. Our focus is on the implementability problem: given a bHMSC, can one construct an equivalent DCA? As this problem is undecidable, we introduce the notion of executability, a decidable necessary criterion for implementability. We show that executability of bHMSCs is EXPTIME-complete. We~then identify a class of bHMSCs for which executability effectively implies implementability.} }

@inproceedings{RSK-pn13, address = {Milano, Italy}, month = jun, year = 2013, volume = {7927}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Colom, Jos{\'e}-Manuel and Desel, J{\"o}rg}, acronym = {{PETRI~NETS}'13}, booktitle = {{P}roceedings of the 34th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'13)}, author = {Rodr{\'\i}guez, C{\'e}sar and Schwoon, Stefan and Khomenko, Victor}, title = {Contextual Merged Processes}, pages = {29-48}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/RSK-atpn13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/RSK-atpn13.pdf}, doi = {10.1007/978-3-642-38697-8_3}, abstract = {We integrate two compact data structures for representing state spaces of Petri nets: merged processes and contextual prefixes. The resulting data structure, called contextual merged processes (CMP), combines the advantages of the original ones and copes with several important sources of state space explosion: concurrency, sequences of choices, and concurrent read accesses to shared resources. In particular, we demonstrate on a number of benchmarks that CMPs are more compact than either of the original data structures. Moreover, we sketch a polynomial (in the CMP size) encoding into SAT of the model-checking problem for reachability properties.} }

@inproceedings{FH-pn13, address = {Milano, Italy}, month = jun, year = 2013, volume = {7927}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Colom, Jos{\'e}-Manuel and Desel, J{\"o}rg}, acronym = {{PETRI~NETS}'13}, booktitle = {{P}roceedings of the 34th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'13)}, author = {Fraca, Est{\'\i}baliz and Haddad, Serge}, title = { Complexity Analysis of Continuous {P}etri Nets}, pages = {170-189}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-pn13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-pn13.pdf}, doi = {10.1007/978-3-642-38697-8_10}, abstract = {At the end of the eighties, continuous Petri nets were introduced for: (1)~alleviating the combinatory explosion triggered by discrete Petri nets and, (2)~modelling the behaviour of physical systems whose state is composed of continuous variables. Since then several works have established that the computational complexity of deciding some standard behavioural properties of Petri nets is reduced in this framework. Here we first establish the decidability of additional properties like boundedness and reachability set inclusion. We also design new decision procedures for the reachability and lim-reachability problems with a better computational complexity. Finally we provide lower bounds characterising the exact complexity class of the boundedness, the reachability, the deadlock freeness and the liveness problems.} }

@inproceedings{HHM-pn13, address = {Milano, Italy}, month = jun, year = 2013, volume = {7927}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Colom, Jos{\'e}-Manuel and Desel, J{\"o}rg}, acronym = {{PETRI~NETS}'13}, booktitle = {{P}roceedings of the 34th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'13)}, author = {Haddad, Serge and Hennicker, Rolf and M{\o}ller, Mikael H.}, title = {Channel Properties of Asynchronously Composed {P}etri~Nets}, pages = {369-388}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-pn13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-pn13.pdf}, doi = {10.1007/978-3-642-38697-8_20}, abstract = {We consider asynchronously composed I/O-Petri nets (AIOPNs) with built-in communication channels. They are equipped with a compositional semantics in terms of asynchronous I/O-transition systems (AIOTSs) admitting infinite state spaces. We study various channel properties that deal with the production and consumption of messages exchanged via the communication channels and establish useful relationships between them. In order to support incremental design we show that the channel properties considered in this work are preserved by asynchronous composition, i.e. they are compositional. As a crucial result we prove that the channel properties are decidable for AIOPNs.} }

@article{HMN-fi13, publisher = {{IOS} Press}, journal = {Fundamenta Informaticae}, author = {Haddad, Serge and Mairesse, Jean and Nguyen, Hoang-Thach}, title = {Synthesis and Analysis of Product-form {P}etri Nets}, year = {2013}, volume = {122}, number = {1-2}, pages = {147-172}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-fi13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HMN-fi13.pdf}, doi = {10.3233/FI-2013-786}, abstract = {For a large Markovian model, a {"}product form{"} is an explicit description of the steady-state behaviour which is otherwise generally untractable. Being first introduced in queueing networks, it has been adapted to Markovian Petri nets. Here we address three relevant issues for product-form Petri nets which were left fully or partially open: (1)~we~provide a sound and complete set of rules for the synthesis; (2)~we~characterise the exact complexity of classical problems like reachability; (3)~we~introduce a new subclass for which the normalising constant (a~crucial value for product-form expression) can be efficiently computed.} }

@inproceedings{BGM-fossacs13, address = {Rome, Italy}, month = mar, year = 2013, volume = {7794}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Pfenning, Frank}, acronym = {{FoSSaCS}'13}, booktitle = {{P}roceedings of the 16th {I}nternational {C}onference on {F}oundations of {S}oftware {S}cience and {C}omputation {S}tructures ({FoSSaCS}'13)}, author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin}, title = {Weighted Specifications over Nested Words}, pages = {385-400}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGM-fossacs13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGM-fossacs13.pdf}, doi = {10.1007/978-3-642-37075-5_25}, abstract = {This paper studies several formalisms to specify quantitative properties of finite nested words (or~equivalently finite unranked trees). These can be used for XML documents or recursive programs: for~instance, counting how often a given entry occurs in an XML document, or~computing the memory required for a recursive program execution. Our main interest is to translate these properties, as efficiently as possible, into an automaton, and to use this computational device to decide problems related to the properties (e.g.,~emptiness, model checking, simulation) or to compute the value of a quantitative specification over a given nested word. The specification formalisms are weighted regular expressions (with forward and backward moves following linear edges or call-return edges), weighted first-order logic, and weighted temporal logics. We~introduce weighted automata walking in nested words, possibly dropping\slash lifting (reusable) pebbles during the traversal. We prove that the evaluation problem for such automata can be done very efficiently if the number of pebble names is small, and we also consider the emptiness problem.} }

@article{BFCH-compj14, publisher = {Oxford University Press}, journal = {The Computer Journal}, author = {Beccuti, Marco and Franceschinis, Giuliana and Codetta{-}Raiteri, Daniele and Haddad, Serge}, title = {Computing Optimal Repair Strategies by Means of NdRFT Modeling and Analysis}, volume = 57, number = 12, month = dec, year = 2014, pages = {1870-1892}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-compj14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFCH-compj14.pdf}, doi = {10.1093/comjnl/bxt134}, abstract = {In this paper, the \emph{Non-deterministic Repairable Fault Tree}~(NdRFT) formalism is proposed: it allows the modeling of failures of complex systems in addition to their repair processes. Its originality with respect to other Fault Tree extensions allows us to address repair strategy optimization problems: in an NdRFT model, the decision as to whether to start or not a given repair action is non-deterministic, so that all the possibilities are left open. The formalism is rather powerful, it allows: the specification of self-revealing events, the representation of components degradation, the choice among local repair, global repair, preventive maintenance, and the specification of the resources needed to start a repair action. The optimal repair strategy with respect to some relevant system state function, e.g. system unavailability, can then be computed by solving an optimization problem on a Markov Decision Process derived from the NdRFT. Such derivation is obtained by converting the NdRFT model into an intermediate formalism called Markov Decision Petri Net~(MDPN). In the paper, the NdRFT syntax and semantics are formally described, together with the conversion rules to derive from the NdRFT the corresponding MDPN model. The application of NdRFT is illustrated through examples.} }

@phdthesis{ponce-phd2014, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n}, title = {Testing Concurrent Systems Through Event Structures}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2014, month = nov, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ponce-phd14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ponce-phd14.pdf} }

@phdthesis{barbot-phd2014, author = {Barbot, Beno{\^\i}t}, title = {Acceleration for Statistical Model Checking}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2014, month = nov, url = {http://www.lsv.fr/Publis/PAPERS/PDF/barbot-phd14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/barbot-phd14.pdf} }

@article{BHLM-lmcs14, journal = {Logical Methods in Computer Science}, author = {Bollig, Benedikt and Habermehl, Peter and Leucker, Martin and Monmege, Benjamin}, title = {A~Robust Class of Data Languages and an Application to Learning}, year = {2014}, month = dec, volume = 10, number = {4:19}, nopages = {}, url = {http://arxiv.org/abs/1411.6646}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHLM-lmcs14.pdf}, doi = {10.2168/LMCS-10(4:19)2014}, abstract = {We~introduce session automata, an automata model to process data words, i.e., words over an infinite alphabet. Session automata support the notion of fresh data values, which are well suited for modeling protocols in which sessions using fresh values are of major interest, like in security protocols or ad-hoc networks. Session automata have an expressiveness partly extending, partly reducing that of classical register automata. We~show that, unlike register automata and their various extensions, session automata are robust: They (i)~are closed under intersection, union, and (resource-sensitive) complementation, (ii)~admit a symbolic regular representation, (iii)~have a decidable inclusion problem (unlike register automata), and (iv)~enjoy logical characterizations. Using these results, we establish a learning algorithm to infer session automata through membership and equivalence queries.} }

@article{PHL-sttt14, publisher = {Springer}, journal = {International Journal on Software Tools for Technology Transfer}, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and Longuet, Delphine}, title = {Model-based Testing for Concurrent Systems: Unfolding-based Test Selection}, volume = {18}, number = 3, year = {2016}, month = jun, pages = {305-318}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-sttt14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-sttt14.pdf}, doi = {10.1007/s10009-014-0353-y}, abstract = {Model-based testing has mainly focused on models where concurrency is interpreted as interleaving (like the ioco theory for labeled transition systems), which may be too coarse when one wants concurrency to be preserved in the implementation. In order to test such concurrent systems, we choose to use Petri nets as specifications and define a concurrent conformance relation named co-ioco. We present a test generation algorithm based on Petri net unfolding able to build a complete test suite w.r.t our co-ioco conformance relation. In addition we propose several coverage criteria that allow to select finite prefixes of an unfolding in order to build manageable test suites.} }

@inproceedings{AG-fsttcs14, address = {New~Dehli, India}, month = dec, year = 2014, volume = {29}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Raman, Venkatesh and Suresh, S.~P.}, acronym = {{FSTTCS}'14}, booktitle = {{P}roceedings of the 34th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'14)}, author = {Aiswarya, C. and Gastin, Paul}, title = {Reasoning about distributed systems: {WYSIWYG}}, pages = {11-30}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/AG-fsttcs14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AG-fsttcs14.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2014.11}, abstract = {There are two schools of thought on reasoning about distributed systems: one~following interleaving based semantics, and one following partial-order{{\slash}}graph based semantics. This paper compares these two approaches and argues in favour of the latter. An~introductory treatment of the split-width technique is also provided.} }

@article{haar-mvlsc15, publisher = {Old City Publishing}, journal = {Journal of Multiple-Valued Logic and Soft Computing}, author = {Haar, Stefan}, title = {Cyclic Ordering through Partial Orders}, volume = {27}, number = {2-3}, year = 2016, month = sep, pages = {209-228}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-mvlsc16.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/haar-mvlsc16.pdf}, abstract = {The orientation problem for ternary cyclic order relations has been attacked in the literature from combinatorial perspectives, through rotations, and by connection with Petri nets. We propose here a two-fold characterization of orientable cyclic orders in terms of symmetries of partial orders as well as in terms of separating sets (cuts). The results are inspired by properties of non-sequential discrete processeses, but also apply to dense structures of any cardinality.} }

@article{BFHP-fi14, publisher = {{IOS} Press}, journal = {Fundamenta Informaticae}, author = {Bernardinello, Luca and Ferigato, Carlo and Haar, Stefan and Pomello, Lucia}, title = {Closed Sets in Occurrence Nets with Conflicts}, volume = 133, number = 4, year = 2014, pages = {323-344}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHP-fi14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHP-fi14.pdf}, doi = {10.3233/FI-2014-1079}, abstract = {The semantics of concurrent processes can be defined in terms of partially ordered sets. Occurrence nets, which belong to the family of Petri nets, model concurrent processes as partially ordered sets of occurrences of local states and local events. On the basis of the associated concurrency relation, a closure operator can be defined, giving rise to a lattice of closed sets. Extending previous results along this line, the present paper studies occurrence nets with forward conflicts, modelling families of processes. It is shown that the lattice of closed sets is orthomodular, and the relations between closed sets and some particular substructures of an occurrence net are studied. In particular, the paper deals with runs, modelling concurrent histories, and trails, corresponding to possible histories of sequential components. A~second closure operator is then defined by means of an iterative procedure. The~corresponding closed sets, here called 'dynamically closed', are shown to form a complete lattice, which in general is not orthocomplemented. Finally, it is shown that, if an occurrence net satisfies a property called B-density, which essentially says that any antichain meets any trail, then the two notions of closed set coincide, and they form a complete, algebraic orthomodular lattice.} }

@inproceedings{BHL-fsttcs14, address = {New~Dehli, India}, month = dec, year = 2014, volume = {29}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Raman, Venkatesh and Suresh, S.~P.}, acronym = {{FSTTCS}'14}, booktitle = {{P}roceedings of the 34th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'14)}, author = {Bertrand, Nathalie and Haddad, Serge and Lefaucheux, Engel}, title = {Foundation of Diagnosis and Predictability in Probabilistic Systems}, pages = {417-429}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-fsttcs14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-fsttcs14.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2014.417}, abstract = {In discrete event systems prone to unobservable faults, a diagnoser must eventually detect fault occurrences. The diagnosability problem consists in deciding whether such a diagnoser exists. Here we investigate diagnosis for probabilistic systems modelled by partially observed Markov chains also called probabilistic labeled transition systems (pLTS). First we study different specifications of diagnosability and establish their relations both in finite and infinite pLTS. Then we analyze the complexity of the diagnosability problem for finite pLTS: we show that the polynomial time procedure earlier proposed is erroneous and that in fact for all considered specifications, the problem is PSPACE-complete. We also establish tight bounds for the size of diagnosers. Afterwards we consider the dual notion of predictability which consists in predicting that in a safe run, a fault will eventually occur. Predictability is an easier problem than diagnosability: it is NLOGSPACE-complete. Yet the predictor synthesis is as hard as the diagnoser synthesis. Finally we introduce and study the more flexible notion of prediagnosability that generalizes predictability and diagnosability.} }

@inproceedings{BGK-fsttcs14, address = {New~Dehli, India}, month = dec, year = 2014, volume = {29}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Raman, Venkatesh and Suresh, S.~P.}, acronym = {{FSTTCS}'14}, booktitle = {{P}roceedings of the 34th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'14)}, author = {Bollig, Benedikt and Gastin, Paul and Kumar, Akshay}, title = {Parameterized Communicating Automata: Complementation and Model Checking}, pages = {625-637}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGK-fsttcs14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGK-fsttcs14.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2014.625}, abstract = {We study the language-theoretical aspects of parameterized communicating automata (PCAs), in which processes communicate via rendez-vous. A given PCA can be run on any topology of bounded degree such as pipelines, rings, ranked trees, and grids. We show that, under a context bound, which restricts the local behavior of each process, PCAs are effectively complementable. Complementability is considered a key aspect of robust automata models and can, in particular, be exploited for verification. In this paper, we use it to obtain a characterization of context-bounded PCAs in terms of monadic second-order (MSO) logic. As the emptiness problem for context-bounded PCAs is decidable for the classes of pipelines, rings, and trees, their model-checking problem wrt. MSO properties also becomes decidable. While previous work on model checking parameterized systems typically uses temporal logics without next operator, our MSO logic allows one to express several natural next modalities.} }

@inproceedings{CMS-fsttcs14, address = {New~Dehli, India}, month = dec, year = 2014, volume = {29}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Raman, Venkatesh and Suresh, S.~P.}, acronym = {{FSTTCS}'14}, booktitle = {{P}roceedings of the 34th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'14)}, author = {Chadha, Rohit and Mathur, Umang and Schwoon, Stefan}, title = {Computing Information Flow Using Symbolic Model-Checking}, pages = {505-516}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CMS-fsttcs14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CMS-fsttcs14.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2014.505}, abstract = {Several measures have been proposed in literature for quantifying the information leaked by the public outputs of a program with secret inputs. We consider the problem of computing information leaked by a deterministic or probabilistic program when the measure of information is based on (a)~min-entropy and (b)~Shannon entropy. The key challenge in computing these measures is that we need the total number of possible outputs and, for each possible output, the number of inputs that lead to it. A direct computation of these quantities is infeasible because of the state-explosion problem. We therefore propose symbolic algorithms based on binary decision diagrams (BDDs). The advantage of our approach is that these symbolic algorithms can be easily implemented in any BDD-based model-checking tool that checks for reachability in deterministic non-recursive programs by computing program summaries. We demonstrate the validity of our approach by implementing these algorithms in a tool Moped-QLeak, which is built upon Moped, a model checker for Boolean programs. Finally, we show how this symbolic approach extends to probabilistic programs.} }

@article{BCGZ-jal14, publisher = {Elsevier Science Publishers}, journal = {Journal of Applied Logic}, author = {Bollig, Benedikt and Cyriac, Aiswarya and Gastin, Paul and Zeitoun, Marc}, title = {Temporal logics for concurrent recursive programs: Satisfiability and model checking}, volume = 12, number = 4, pages = {395-416}, month = dec, year = 2014, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGZ-jal14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BCGZ-jal14.pdf}, doi = {10.1016/j.jal.2014.05.001}, abstract = {We develop a general framework for the design of temporal logics for concurrent recursive programs. A program execution is modeled as a partial order with multiple nesting relations. To specify properties of executions, we consider any temporal logic whose modalities are definable in monadic second-order logic and which, in addition, allows PDL-like path expressions. This captures, in a unifying framework, a wide range of logics defined for ranked and unranked trees, nested words, and Mazurkiewicz traces that have been studied separately. We show that satisfiability and model checking are decidable in EXPTIME and 2EXPTIME, depending on the precise path modalities.} }

@proceedings{KHY-topnoc2014, editor = {Koutny, Maciej and Haddad, Serge and Yakovlev, Alex}, title = {Transactions on {P}etri Nets and Other Models of Concurrency~{IX}}, booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{IX}}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = 8910, year = {2014}, noaddress = {}, url = {http://www.springer.com/978-3-662-45729-0} }

@incollection{topnoc14-CH, year = 2014, volume = {8910}, series = {Lecture Notes in Computer Science}, editor = {Koutny, Maciej and Haddad, Serge and Yakovlev, Alex}, publisher = {Springer}, booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{IX}}, author = {Chatain, {\relax Th}omas and Haar, Stefan}, title = {A Canonical Contraction for Safe {P}etri Nets}, pages = {83-98}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc14-CH.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/topnoc14-CH.pdf}, doi = {10.1007/978-3-662-45730-6_5}, abstract = {Under maximal semantics, the occurrence of an event~\(a\) in a concurrent run of an occurrence net may imply the occurrence of other events, not causally related to~\(a\), in the same run. In recent works, we have formalized this phenomenon as the reveals relation, and used it to obtain a contraction of sets of events called facets in the context of occurrence nets. Here, we extend this idea to propose a canonical contraction of general safe Petri nets into pieces of partial-order behaviour which can be seen as {"}macro-transitions{"} since all their events must occur together in maximal semantics. On occurrence nets, our construction coincides with the facets abstraction. Our contraction preserves the maximal semantics in the sense that the maximal processes of the contracted net are in bijection with those of the original net.} }

@inproceedings{CHJPS-cmsb14, address = {Manchester, UK}, month = nov, year = 2014, volume = {8859}, series = {Lecture Notes in Bioinformatics}, publisher = {Springer-Verlag}, editor = {Mendes, Pedro}, acronym = {{CMSB}'14}, booktitle = {{P}roceedings of the 12th {C}onference on {C}omputational {M}ethods in {S}ystem {B}iology ({CMSB}'14)}, author = {Chatain, {\relax Th}omas and Haar, Stefan and Jezequel, Lo{\"\i}g and Paulev{\'e}, Lo{\"\i}c and Schwoon, Stefan}, title = {Characterization of Reachable Attractors Using {P}etri Net Unfoldings}, pages = {129-142}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CHJPS-cmsb14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CHJPS-cmsb14.pdf}, doi = {10.1007/978-3-319-12982-2_10}, abstract = {Attractors of network dynamics represent the long-term behaviours of the modelled system. Their characterization is therefore crucial for understanding the response and differentiation capabilities of a dynamical system. In the scope of qualitative models of interaction networks, the computation of attractors reachable from a given state of the network faces combinatorial issues due to the state space explosion. In this paper, we present a new algorithm that exploits the concurrency between transitions of parallel acting components in order to reduce the search space. The algorithm relies on Petri net unfoldings that can be used to compute a compact representation of the dynamics. We illustrate the applicability of the algorithm with Petri net models of cell signalling and regulation networks, Boolean and multi-valued. The proposed approach aims at being complementary to existing methods for deriving the attractors of Boolean models, while being generic since they apply to any safe Petri net.} }

@inproceedings{BHHP-simul14, address = {Nice, France}, month = oct, year = 2014, publisher = {XPS}, editor = {Arisha, Amr and Bobashev, Georgiy}, acronym = {{SIMUL}'14}, booktitle = {{P}roceedings of the 6th {I}nternational {C}onference on {A}dvances in {S}ystem {S}imulation ({SIMUL}'14)}, author = {Barbot, Beno{\^\i}t and Haddad, Serge and Heiner, Monika and Picaronny, Claudine}, title = {Rare Event Handling in Signalling Cascades}, pages = {126-131}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-simul14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-simul14.pdf}, abstract = {Signalling cascades are a recurrent pattern of biological regulatory systems whose analysis has deserved a lot of attention. It has been shown that stochastic Petri nets are appropriate to model such systems and evaluate the probabilities of specific properties. Such an evaluation can be done numerically when the combinatorial state space explosion is manageable or statistically otherwise. However, when the probabilities to be evaluated are too small, random simulation requires more sophisticated techniques for the handling of rare events. In this paper, we show how such involved methods can be successfully applied for signalling cascades. More precisely, we study three relevant properties of a signalling cascade with the help of the Cosmos tool. Our experiments point out interesting dependencies between quantitative parameters of the regulatory system and its transient behaviour. In addition, they demonstrate that we can go beyond the capabilities of Marcie which provides one of the most efficient numerical solvers.} }

@inproceedings{BGS-rp14, address = {Oxford, UK}, month = sep, year = 2014, volume = {8762}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Ouaknine, Jo{\"e}l and Potapov, Igor and Worrell, James}, acronym = {{RP}'14}, booktitle = {{P}roceedings of the 8th {W}orkshop on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'14)}, author = {Bollig, Benedikt and Gastin, Paul and Schubert, Jana}, title = {Parameterized Verification of Communicating Automata under Context Bounds}, pages = {45-57}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGS-rp14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGS-rp14.pdf}, doi = {10.1007/978-3-319-11439-2_4}, abstract = {We study the verification problem for parameterized communicating automata~(PCA), in which processes synchronize via message passing. A~given PCA can be run on any topology of bounded degree (such as pipelines, rings, or ranked trees), and communication may take place between any two processes that are adjacent in the topology. Parameterized verification asks if there is a topology from a given topology class that allows for an accepting run of the given PCA. In general, this problem is undecidable even for synchronous communication and simple pipeline topologies. We therefore consider context-bounded verification, which restricts the behavior of each single process. For several variants of context bounds, we show that parameterized verification over pipelines, rings, and ranked trees is decidable. Our approach is automata-theoretic and uniform. We introduce a notion of graph acceptor that identifies those topologies allowing for an accepting run. Depending on the given topology class, the topology acceptor can then be restricted, or adjusted, so that the verification problem reduces to checking emptiness of finite automata or tree automata.} }

@inproceedings{HM-rp14, address = {Oxford, UK}, month = sep, year = 2014, volume = {8762}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Ouaknine, Jo{\"e}l and Potapov, Igor and Worrell, James}, acronym = {{RP}'14}, booktitle = {{P}roceedings of the 8th {W}orkshop on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'14)}, author = {Haddad, Serge and Monmege, Benjamin}, title = {Reachability in {MDP}s: Refining Convergence of Value Iteration}, pages = {125-137}, url = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2014-07.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/PDF/rr-lsv-2014-07.pdf}, doi = {10.1007/978-3-319-11439-2_10}, abstract = {Markov Decision Processes (MDP) are a widely used model including both non-deterministic and probabilistic choices. Minimal and maximal probabilities to reach a target set of states, with respect to a policy resolving non-determinism, may be computed by several methods including value iteration. This algorithm, easy to implement and efficient in terms of space complexity, consists in iteratively finding the probabilities of paths of increasing length. However, it raises three issues: (1)~defining a stopping criterion ensuring a bound on the approximation, (2)~analyzing the rate of convergence, and (3)~specifying an additional procedure to obtain the exact values once a sufficient number of iterations has been performed. The first two issues are still open and for the third one a {"}crude{"} upper bound on the number of iterations has been proposed. Based on a graph analysis and transformation of MDPs, we address these problems. First we introduce an interval iteration algorithm, for which the stopping criterion is straightforward. Then we exhibit convergence rate. Finally we significantly improve the bound on the number of iterations required to get the exact values.} }

@article{PHL-stvr14, publisher = {John Wiley \& Sons, Ltd.}, journal = {Software Testing, Verification and Reliability}, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and Longuet, Delphine}, title = {Model-Based Testing for Concurrent Systems with Labeled Event Structures}, volume = 24, number = 7, year = {2014}, month = nov, pages = {558-590}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-stvr14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-stvr14.pdf}, doi = {10.1002/stvr.1543}, abstract = {We propose a theoretical testing framework and a test generation algorithm for concurrent systems specified with true concurrency models, such as Petri nets or networks of automata. The semantic model of computation of such formalisms are labeled event structures, which allow to represent concurrency explicitly. We introduce the notions of strong and weak concurrency: strongly concurrent events must be concurrent in the implementation, while weakly concurrent ones may eventually be ordered. The ioco type conformance relations for sequential systems rely on the observation of sequences of actions and blockings, thus they are not capable of capturing and exploiting concurrency of non sequential behaviors. We propose an extension of \textbf{ioco} for labeled event structures, named \textbf{co-ioco}, allowing to deal with strong and weak concurrency. We~extend the notions of test cases and test execution to labeled event structures, and give a test generation algorithm building a complete test suite for \textbf{co-ioco}.} }

@inproceedings{BMP-dx14, address = {Graz, Austria}, month = sep, year = 2014, editor = {Abreu, Rui and Pill, Ingo and Wotawa, Franz}, acronym = {{DX}'14}, booktitle = {{P}roceedings of the 25th {I}nternational {W}orkshop on {P}rinciples of {D}iagnosis ({DX}'14)}, author = {Brand{\'a}n{ }Briones, Laura and Madalinski, Agnes and Ponce{ }de{~}Le{\'o}n, Hern{\'a}n}, title = {Distributed Diagnosability Analysis with {P}etri Nets}, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BMP-dx14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BMP-dx14.pdf}, abstract = {We propose a framework to distributed diagnosability analysis of concurrent systems modeled with Petri nets as a collection of components synchronizing on common observable transitions, where faults can occur in several components. The diagnosability analysis of the entire system is done in parallel by verifying the interaction of each component with the fault free versions of the other components. Furthermore, we use existing efficient methods and tools, in particular parallel LTL-X model checking based on unfoldings, for diagnosability verification.} }

@inproceedings{AGN-atva14, address = {Sydney, Australia}, month = nov, year = {2014}, volume = 8837, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Cassez, Franck and Raskin, Jean-Fran{\c{c}}ois}, acronym = {{ATVA}'14}, booktitle = {{P}roceedings of the 12th {I}nternational {S}ymposium on {A}utomated {T}echnology for {V}erification and {A}nalysis ({ATVA}'14)}, author = {Aiswarya, C. and Gastin, Paul and Narayan Kumar, K.}, title = {Verifying Communicating Multi-pushdown Systems via Split-width}, pages = {1-17}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/AGN-atva14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGN-atva14.pdf}, doi = {10.1007/978-3-319-11936-6_1}, abstract = {Communicating multi-pushdown systems model networks of multi-threaded recursive programs communicating via reliable FIFO channels. We extend the notion of split-width to this setting, improving and simplifying the earlier definition. Split-width, while having the same power of clique-{{\slash}}tree-width, gives a divide-and-conquer technique to prove the bound of a class, thanks to the two basic operations, shuffle and merge, of the split-width algebra. We illustrate this technique on examples. We also obtain simple, uniform and optimal decision procedures for various verification problems parametrised by split-width.} }

@inproceedings{CGK-concur14, address = {Rome, Italy}, month = sep, year = 2014, volume = 8704, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Baldan, Paolo and Gorla, Daniele}, acronym = {{CONCUR}'14}, booktitle = {{P}roceedings of the 25th {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'14)}, author = {Cyriac, Aiswarya and Gastin, Paul and Narayan Kumar, K.}, title = {Controllers for the Verification of Communicating Multi-Pushdown Systems}, pages = {297-311}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CGK-concur14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CGK-concur14.pdf}, doi = {10.1007/978-3-662-44584-6_21}, abstract = {Multi-pushdowns communicating via queues are formal models of multi-threaded programs communicating via channels. They are turing powerful and much of the work on their verification has focussed on under-approximation techniques. Any error detected in the under-approximation implies an error in the system. However the successful verification of the under-approximation is not as useful if the system exhibits unverified behaviours. Our aim is to design controllers that observe/restrict the system so that it stays within the verified under-approximation. We identify some important properties that a good controller should satisfy. We consider an extensive under-approximation class, construct a distributed controller with the desired properties and also establish the decidability of verification problems for this class.} }

@inproceedings{PHL-ictac14, address = {Bucharest, Romania}, month = sep, year = 2014, volume = 8687, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Ciobanu, Gabriel and M{\'e}ry, Dominique}, acronym = {{ICTAC}'14}, booktitle = {{P}roceedings of the 11th {I}nternational {C}olloquium on {T}heoretical {A}spects of {C}omputing ({ICTAC}'14)}, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Haar, Stefan and Longuet, Delphine}, title = {Distributed testing of concurrent systems: vector clocks to the rescue}, pages = {369-387}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictac14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PHL-ictac14.pdf}, doi = {10.1007/978-3-319-10882-7_22}, abstract = {The ioco relation has become a standard in model-based conformance testing. The co-ioco conformance relation is an extension of this relation to concurrent systems specified with true-concurrency models. This relation assumes a global control and observation of the system under test, which is not usually realistic in the case of physically distributed systems. Such systems can be partially observed at each of their points of control and observation by the sequences of inputs and outputs exchanged with their environment. Unfortunately, in general, global observation cannot be reconstructed from local ones, so global conformance cannot be decided with local tests. We propose to append time stamps to the observable actions of the system under test in order to regain global conformance from local testing.} }

@inproceedings{KH-acsd14, address = {Tunis, Tunisia}, month = jun, year = 2014, publisher = {{IEEE} Computer Society Press}, acronym = {{ACSD}'14}, booktitle = {{P}roceedings of the 14th {I}nternational {C}onference on {A}pplication of {C}oncurrency to {S}ystem {D}esign ({ACSD}'14)}, author = {Kordon, Fabrice and Hulin{-}Hubard, Francis}, title = {BenchKit, a Tool for Massive Concurrent Benchmarking}, pages = {159-165}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/KH-acsd14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/KH-acsd14.pdf}, doi = {10.1109/ACSD.2014.12}, abstract = {Benchmarking numerous programs in a reasonable time requires the use of several (potentially multicore) computers. We experimented such a situation in the context of the MCC (Model Checking Contest @ Petri net) where we had to operate more than 52000 runs for the 2013 edition. This paper presents BenchKit, a tool to operate programs on sets of potentially parallel machines and to gather monitoring information like CPU or memory usage. It also samples such data over the execution time. BenchKit has been elaborated in the context of the MCC and will be used for the 2014 edition.} }

@inproceedings{GHKS-acsd14, address = {Tunis, Tunisia}, month = jun, year = 2014, publisher = {{IEEE} Computer Society Press}, acronym = {{ACSD}'14}, booktitle = {{P}roceedings of the 14th {I}nternational {C}onference on {A}pplication of {C}oncurrency to {S}ystem {D}esign ({ACSD}'14)}, author = {Germanos, Vasileios and Haar, Stefan and Khomenko, Victor and Schwoon, Stefan}, title = {Diagnosability under Weak Fairness}, pages = {132-141}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-acsd14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-acsd14.pdf}, doi = {10.1109/ACSD.2014.9}, abstract = {In partially observed Petri nets, diagnosis is the task of detecting whether or not the given sequence of observed labels indicates that some unobservable fault has occurred. Diagnosability is an associated property of the Petri net, stating that in any possible execution an occurrence of a fault can eventually be diagnosed.\par In this paper we consider diagnosability under the weak fairness (WF) assumption, which intuitively states that no transition from a given set can stay enabled forever---it~must eventually either fire or be disabled. We show that a previous approach to WF-diagnosability in the literature has a major flaw, and present a corrected notion. Moreover, we present an efficient method for verifying WF-diagnosability based on a reduction to LTL-X model checking. An important advantage of this method is that the LTL-X formula is fixed---in~particular, the WF assumption does not have to be expressed as a part of it (which would make the formula length proportional to the size of the specification), but rather the ability of existing model checkers to handle weak fairness directly is exploited.} }

@inproceedings{BGMZ-csllics14, address = {Vienna, Austria}, month = jul, year = 2014, publisher = {ACM Press}, acronym = {{CSL\slash LICS}'14}, booktitle = {{P}roceedings of the Joint Meeting of the 23rd {EACSL} {A}nnual {C}onference on {C}omputer {S}cience {L}ogic and the 29th {A}nnual {ACM\slash IEEE} {S}ymposium on {L}ogic {I}n {C}omputer {S}cience ({CSL\slash LICS}'14)}, author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and Zeitoun, Marc}, title = {Logical Characterization of Weighted Pebble Walking Automata}, nopages = {}, chapter = 19, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-csllics14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-csllics14.pdf}, doi = {10.1145/2603088.2603118}, abstract = {Weighted automata are a conservative quantitative extension of finite automata that enjoys applications, e.g., in language processing and speech recognition. Their expressive power, however, appears to be limited, especially when they are applied to more general structures than words, such as graphs. To address this drawback, weighted automata have recently been generalized to weighted pebble walking automata, which proved useful as a tool for the specification and evaluation of quantitative properties over words and nested words. In this paper, we establish the expressive power of weighted pebble walking automata in terms of transitive closure logic, lifting a similar result by Engelfriet and Hoogeboom from the Boolean case to a quantitative setting. This result applies to general classes of graphs, including all the aforementioned classes.} }

@inproceedings{BB-csllics14, address = {Vienna, Austria}, month = jul, year = 2014, publisher = {ACM Press}, acronym = {{CSL\slash LICS}'14}, booktitle = {{P}roceedings of the Joint Meeting of the 23rd {EACSL} {A}nnual {C}onference on {C}omputer {S}cience {L}ogic and the 29th {A}nnual {ACM\slash IEEE} {S}ymposium on {L}ogic {I}n {C}omputer {S}cience ({CSL\slash LICS}'14)}, author = {Bollig, Benedikt}, title = {Logic for Communicating Automata with Parameterized Topology}, nopages = {}, chapter = 18, exturl = {http://hal.inria.fr/hal-00872807/}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BB-csllics14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BB-csllics14.pdf}, doi = {10.1145/2603088.2603093}, abstract = {We introduce parameterized communicating automata~(PCA) as a model of systems where finite-state processes communicate through FIFO channels. Unlike classical communicating automata, a given PCA can be run on any network topology of bounded degree. The topology is thus a parameter of the system. We provide various B{\"u}chi-Elgot-Trakhtenbrot theorems for~PCA, which roughly read as follows: Given a logical specification~\(\phi\) and a class of topologies~\(T\), there is a~PCA that is equivalent to~\(\phi\) on all topologies from~\(T\). We~give uniform constructions which allow us to instantiate~\(T\) with concrete classes such as pipelines, ranked trees, grids, rings,~etc. The proofs build on a locality theorem for first-order logic due to Schwentick and Barthelmann, and they exploit concepts from the non-parameterized case, notably a result by Genest, Kuske, and Muscholl.} }

@article{CFM-ijfcs13, publisher = {World Scientific}, journal = {International Journal of Foundations of Computer Science}, author = {Cadilhac, Micha{\"e}l and Finkel, Alain and McKenzie, Pierre}, title = {Unambiguous Contrained Automata}, volume = 24, number = 7, month = nov, year = 2013, pages = {1099-1116}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CFM-ijfcs13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CFM-ijfcs13.pdf}, doi = {10.1142/S0129054113400339}, abstract = {The class of languages captured by Constrained Automata~(CA) that are unambiguous is shown to possess more closure properties than the provably weaker class captured by deterministic~CA. Problems decidable for deterministic CA are nonetheless shown to remain decidable for unambiguous~CA, and testing for regularity is added to this set of decidable problems. Unambiguous CA~are then shown incomparable with deterministic reversal-bounded machines in terms of expressivity, and a deterministic model equivalent to unambiguous~CA is identified.} }

@phdthesis{cyriac-phd2014, author = {Cyriac, Aiswarya}, title = {Verification of Communicating Recursive Programs via Split-width}, school = {Laboratoire Sp{\'e}cification et V{\'e}rification, ENS Cachan, France}, type = {Th{\`e}se de doctorat}, year = 2014, month = jan, url = {http://www.lsv.fr/Publis/PAPERS/PDF/cyriac-phd14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/cyriac-phd14.pdf} }

@inproceedings{BFHHH-fossacs14, address = {Grenoble, France}, month = apr, year = 2014, volume = {8412}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Muscholl, Anca}, acronym = {{FoSSaCS}'14}, booktitle = {{P}roceedings of the 17th {I}nternational {C}onference on {F}oundations of {S}oftware {S}cience and {C}omputation {S}tructures ({FoSSaCS}'14)}, author = {Bertrand, Nathalie and Fabre, {\'E}ric and Haar, Stefan and Haddad, Serge and H{\'e}lou{\"e}t, Lo{\"\i}c}, title = {Active diagnosis for probabilistic systems}, pages = {29-42}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHHH-fossacs14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHHH-fossacs14.pdf}, doi = {10.1007/978-3-642-54830-7_4}, abstract = {The diagnosis problem amounts to deciding whether some specific {"}fault{"} event occurred or not in a system, given the observations collected on a run of this system. This system is then diagnosable if the fault can always be detected, and the active diagnosis problem consists in controlling the system in order to ensure its diagnosability. We consider here a stochastic framework for this problem: once a control is selected, the system becomes a stochastic process. In this setting, the active diagnosis problem consists in deciding whether there exists some observation-based strategy that makes the system diagnosable with probability one. We prove that this problem is EXPTIME-complete, and that the active diagnosis strategies are belief-based. The safe active diagnosis problem is similar, but aims at enforcing diagnosability while preserving a positive probability to non faulty runs, i.e. without enforcing the occurrence of a fault. We prove that this problem requires non belief-based strategies, and that it is undecidable. However, it belongs to NEXPTIME when restricted to belief-based strategies. Our work also refines the decidability/undecidability frontier for verification problems on partially observed Markov decision processes.} }

@article{ABGMN-fi13, publisher = {{IOS} Press}, journal = {Fundamenta Informaticae}, author = {Akshay, S. and Bollig, Benedikt and Gastin, Paul and Mukund, Madhavan and Narayan Kumar, K.}, title = {Distributed Timed Automata with Independently Evolving Clocks}, volume = {130}, number = {4}, month = apr, year = 2014, pages = {377-407}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABGMN-fi13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABGMN-fi13.pdf}, doi = {10.3233/FI-2014-996}, abstract = {We propose a model of distributed timed systems where each component is a timed automaton with a set of local clocks that evolve at a rate independent of the clocks of the other components. A~clock can be read by any component in the system, but it can only be reset by the automaton it belongs~to.\par There are two natural semantics for such systems. The \emph{universal} semantics captures behaviors that hold under any choice of clock rates for the individual components. This is a natural choice when checking that a system always satisfies a positive specification. To check if a system avoids a negative specification, it is better to use the \emph{existential} semantics—the set of behaviors that the system can possibly exhibit under some choice of clock rates.\par We show that the existential semantics always describes a regular set of behaviors. However, in the case of universal semantics, checking emptiness or universality turns out to be undecidable. As an alternative to the universal semantics, we propose a \emph{reactive} semantics that allows us to check positive specifications and yet describes a regular set of behaviors.} }

@article{BGMZ-tocl13, publisher = {ACM Press}, journal = {ACM Transactions on Computational Logic}, author = {Bollig, Benedikt and Gastin, Paul and Monmege, Benjamin and Zeitoun, Marc}, title = {Pebble Weighted Automata and Weighted Logics}, volume = 15, number = {2:15}, month = apr, year = 2014, nopages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-tocl13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGMZ-tocl13.pdf}, doi = {10.1145/2579819}, abstract = {We introduce new classes of weighted automata on words. Equipped with pebbles, they go beyond the class of recognizable formal power series: they capture weighted first-order logic enriched with a quantitative version of transitive closure. In contrast to previous work, this calculus allows for unrestricted use of existential and universal quantifications over positions of the input word. We actually consider both two-way and one-way pebble weighted automata. The latter class constrains the head of the automaton to walk left-to-right, resetting it each time a pebble is dropped. Such automata have already been considered in the Boolean setting, in the context of data words. Our main result states that two-way pebble weighted automata, one-way pebble weighted automata, and our weighted logic are expressively equivalent. We also give new logical characterizations of standard recognizable series.} }

@article{GM-tcs14, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {Gastin, Paul and Monmege, Benjamin}, title = {Adding Pebbles to Weighted Automata~-- Easy Specification {\&} Efficient Evaluation}, volume = {534}, month = may, year = 2014, pages = {24-44}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-tcs14.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GM-tcs14.pdf}, doi = {10.1016/j.tcs.2014.02.034}, abstract = {We extend weighted automata and weighted rational expressions with 2-way moves and reusable pebbles. We show with examples from natural language modeling and quantitative model-checking that weighted expressions and automata with pebbles are more expressive and allow much more natural and intuitive specifications than classical ones. We extend Kleene-Sch{\"u}tzenberger theorem showing that weighted expressions and automata with pebbles have the same expressive power. We focus on an efficient translation from expressions to automata. We also prove that the evaluation problem for weighted automata can be done very efficiently if the number of reusable pebbles is low.} }

@inproceedings{HHM-tgc13, address = {Buenos Aires, Argentina}, month = mar, year = 2014, volume = {8358}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Abadi, Mart{\'\i}n and Lluch{ }Lafuente, Alberto}, acronym = {{TGC}'13}, booktitle = {{R}evised {S}elected {P}apers of the 8th {S}ymposium on {T}rustworthy {G}lobal {C}omputing ({TGC}'13)}, author = {Haddad, Serge and Hennicker, Rolf and M{\o}ller, Mikael H.}, title = {Specification of Asynchronous Component Systems with Modal {I}{{\slash}}{O}-{P}etri Nets}, pages = {219-234}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-tgc13.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHM-tgc13.pdf}, doi = {10.1007/978-3-319-05119-2_13}, abstract = {We consider Petri nets with distinguished labels for inputs, outputs, internal communications and silent actions and with {"}must{"} and {"}may{"} modalities for transitions. The input\slash output labels show the interaction capabilities of a net to the outside used to build larger nets by asynchronous composition via communication channels. The modalities express constraints for Petri net refinement taking into account observational abstraction from silent transitions. Modal I\slash O-Petri nets are equipped with a modal transition system semantics. We show that refinement is preserved by asynchronous composition and by hiding of communication channels. We study conformance properties which express communication requirements for composed systems and we show that those properties are preserved by refinement. On this basis we propose a methodology for the specification of distributed systems in terms of modal I\slash O-Petri nets which supports incremental design, encapsulation of components and stepwise refinement. Finally we show that our communication properties are decidable.} }

@proceedings{KDH-topnoc2015, editor = {Koutny, Maciej and Desel, J{\"o}rg and Haddad, Serge}, title = {Transactions on {P}etri Nets and Other Models of Concurrency~{X}}, booktitle = {Transactions on {P}etri Nets and Other Models of Concurrency~{X}}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = 9410, year = {2015}, noaddress = {}, url = {http://www.springer.com/978-3-662-48649-8} }

@article{BHJL-fi15, publisher = {{IOS} Press}, journal = {Fundamenta Informaticae}, author = {B{\'e}rard, B{\'e}atrice and Haddad, Serge and Jovanovi{\'c}, Aleksandra and Lime, Didier}, title = {Interrupt Timed Automata with Auxiliary Clocks and Parameters}, volume = {143}, number = {3-4}, pages = {235-259}, month = mar, year = 2016, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHJL-fi15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHJL-fi15.pdf}, doi = {10.3233/FI-2016-1313}, abstract = {Interrupt Timed Automata (ITA) are an expressive timed model, introduced to take into account interruptions according to levels. Due to this feature, this formalism is incomparable with Timed Automata.\par However several decidability results related to reachability and model checking have been obtained. We add auxiliary clocks to ITA, thereby extending its expressive power while preserving decidability of reachability. Moreover, we define a parametrized version of ITA, with polynomials of parameters appearing in guards and updates. While parametric reasoning is particularly relevant for timed models, it very often leads to undecidability results. We prove that various reachability problems, including robust reachability, are decidable for this model, and we give complexity upper bounds for a fixed or variable number of clocks, levels and parameters.} }

@article{GHKS-tecs15, publisher = {ACM Press}, journal = {ACM Transactions in Embedded Computing Systems}, author = {Germanos, Vasileios and Haar, Stefan and Khomenko, Victor and Schwoon, Stefan}, title = {Diagnosability under Weak Fairness}, volume = 14, number = {4:69}, nopages = {}, month = dec, year = 2015, url = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-tecs15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GHKS-tecs15.pdf}, doi = {10.1145/2832910}, abstract = {In partially observed Petri nets, diagnosis is the task of detecting whether or not the given sequence of observed labels indicates that some unobservable fault has occurred. Diagnosability is an associated property of the Petri net, stating that in any possible execution an occurrence of a fault can eventually be diagnosed.\par In this paper we consider diagnosability under the weak fairness (WF) assumption, which intuitively states that no transition from a given set can stay enabled forever---it~must eventually either fire or be disabled. We show that a previous approach to WF-diagnosability in the literature has a major flaw, and present a corrected notion. Moreover, we present an efficient method for verifying WF-diagnosability based on a reduction to LTL-X model checking. An~important advantage of this method is that the LTL-X formula is fixed---in~particular, the WF assumption does not have to be expressed as a part of it (which would make the formula length proportional to the size of the specification), but rather the ability of existing model checkers to handle weak fairness directly is exploited.} }

@inproceedings{BGHLM-fsttcs15, address = {Bangalore, India}, month = dec, year = 2015, volume = {45}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Harsha, Prahladh and Ramalingam, G.}, acronym = {{FSTTCS}'15}, booktitle = {{P}roceedings of the 35th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'15)}, author = {Brihaye, {\relax Th}omas and Geeraerts, Gilles and Haddad, Axel and Lefaucheux, Engel and Monmege, Benjamin}, title = {Simple Priced Timed Games Are Not That Simple}, pages = {278-292}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BGHLM-fsttcs15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BGHLM-fsttcs15.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2015.278}, abstract = {Priced timed games are two-player zero-sum games played on priced timed automata (whose locations and transitions are labeled by weights modeling the costs of spending time in a state and executing an action, respectively). The goals of the players are to minimise and maximise the cost to reach a target location, respectively. We consider priced timed games with one clock and arbitrary (positive and negative) weights and show that, for an important subclass of theirs (the so-called simple priced timed games), one can compute, in exponential time, the optimal values that the players can achieve, with their associated optimal strategies. As side results, we also show that one-clock priced timed games are determined and that we can use our result on simple priced timed games to solve the more general class of so-called reset-acyclic priced timed games (with arbitrary weights and one-clock).} }

@inproceedings{MLBHB-vecos15, address = {Bucharest, Romania}, month = sep, year = 2015, volume = {1431}, series = {CEUR Workshop Proceedings}, publisher = {RWTH Aachen, Germany}, editor = {Ben{~}Hedia, Belgacem and Popentiu{ }Vladicescu, Florin}, acronym = {{VECoS}'15}, booktitle = {{P}roceedings of the 9th {W}orkshop on {V}erification and {E}valuation of {C}omputer and {C}ommunication {S}ystems({VECoS}'15)}, author = {Methni, Amira and Lemerre, Matthieu and Ben{~}Hedia, Belgacem and Haddad, Serge and Barkaoui, Kamel}, title = {State Space Reduction Strategie for Model Checking Concurrent {C}~Programs}, pages = {65-76}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-vecos15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-vecos15.pdf}, abstract = {Model checking is an effective technique for uncovering subtle errors in concurrent systems. Unfortunately, the state space explosion is the main bottleneck in model checking tools. Here we propose a state space reduction technique for model checking concurrent programs written in~C. The reduction technique consists in an analysis phase, which defines an approximate agglomeration predicate. This latter states whether a statement can be agglomerated or~not. We~implement this predicate using a syntactic analysis, as well as a semantic analysis based on abstract interpretation. We show the usefulness of using agglomeration technique to reduce the state space, as well as to generate an abstract TLA+ specification from a~C~program.} }

@inproceedings{BHHHS-cdc15, address = {Osaka, Japan}, month = dec, year = 2015, publisher = {{IEEE} Control System Society}, noeditor = {}, acronym = {{CDC}'15}, booktitle = {{P}roceedings of the 54th {IEEE} {C}onference on {D}ecision and {C}ontrol ({CDC}'15)}, author = {B{\"o}hm, Stanislav and Haar, Stefan and Haddad, Serge and Hofman, Piotr and Schwoon, Stefan}, title = {Active Diagnosis with Observable Quiescence}, pages = {1663-1668}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHHS-cdc15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHHS-cdc15.pdf}, doi = {10.1109/CDC.2015.7402449}, abstract = {Active diagnosis of a discrete-event system consists in controlling the system such that faults can be detected. Here we extend the framework of active diagnosis by introducing modalities for actions and states and a new capability for the controller, namely observing that the system is quiescent. We design a game-based construction for both the decision and the synthesis problems that is computationally optimal. Furthermore we prove that the size and the delay provided by the active diagnoser (when it exists) are almost optimal.} }

@article{AGMN-tcs15, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {Akshay, S. and Gastin, Paul and Mukund, Madhavan and Kumar, K. Narayan}, title = {Checking conformance for time-constrained scenario-based specifications}, volume = {594}, pages = {24-43}, month = aug, year = {2015}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-tcs15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGMN-tcs15.pdf}, doi = {10.1016/j.tcs.2015.03.030}, abstract = {We consider the problem of model checking message-passing systems with real-time requirements. As behavioral specifications, we use message sequence charts (MSCs) annotated with timing constraints. Our system model is a network of communicating finite state machines with local clocks, whose global behavior can be regarded as a timed automaton. Our goal is to verify that all timed behaviors exhibited by the system conform to the timing constraints imposed by the specification. In general, this corresponds to checking inclusion for timed languages, which is an undecidable problem even for timed regular languages. However, we show that we can translate regular collections of time-constrained MSCs into a special class of event-clock automata that can be determinized and complemented, thus permitting an algorithmic solution to the model checking/conformance problem.} }

@inproceedings{adhs15-HT, address = {Atlanta, Georgia, USA}, month = oct, year = 2015, number = 27, volume = 48, series = {IFAC-PapersOnLine}, publisher = {Elsevier Science Publishers}, editor = {Lennartson, Bengt and Tabuada, Paulo}, acronym = {{ADHS}'15}, booktitle = {{P}roceedings of the 5th {IFAC} {C}onference on {A}nalysis and {D}esign of {H}ybrid {S}ystems ({ADHS}'15)}, author = {Haar, Stefan and Theissing, Simon}, title = {A~Hybrid-Dynamical Model for Passenger-flow in Transportation Systems}, pages = {236-241}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/adhs15-HT.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/adhs15-HT.pdf}, doi = {10.1016/j.ifacol.2015.11.181}, abstract = {In a network with different transportation modes, or multimodal public transportation system (MPTS), modes are linked among one another not by resources or infrastructure elements---which are not shared, e.g., between different metro lines---but by the flow of passengers between them. Now, the movements of passengers are steered by the destinations that individual passengers have, and by which they can be grouped into trip profiles. To use the strength of fluid dynamics, we therefore introduce a multiphase hybrid Petri net model, in which the vehicle dynamics is rendered by individual tokens moving in an infrastructure net, while passenger quantities are given as vectors---whose components correspond to trip profiles---and evolve at stations according to fluid dynamics. This model is intended as a building block for obtaining supervisory control, via transport operator actions, to mitigate congestion.} }

@inproceedings{BHPSS-rp15, address = {Warsaw, Poland}, month = sep, year = 2015, volume = {9328}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Boja{\'n}czyk, Miko{\l}aj and Lasota, S{\l}awomir and Potapov, Igor}, acronym = {{RP}'15}, booktitle = {{P}roceedings of the 9th {W}orkshop on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'15)}, author = {B{\'e}rard, B{\'e}atrice and Haddad, Serge and Picaronny, Claudine and Safey{ }El{~}Din, Mohab and Sassolas, Mathieu}, title = {Polynomial Interrupt Timed Automata}, pages = {20-32}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHPSS-rp15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHPSS-rp15.pdf}, doi = {10.1007/978-3-319-24537-9_3}, abstract = {Interrupt Timed Automata (ITA) form a subclass of stopwatch automata where reachability and some variants of timed model checking are decidable even in presence of parameters. They are well suited to model and analyze real-time operating systems. Here we extend ITA with polynomial guards and updates, leading to the class of polynomial ITA (PolITA). We prove that reachability is decidable in 2EXPTIME on PolITA, using an adaptation of the cylindrical decomposition method for the first-order theory of reals. Compared to previous approaches, our procedure handles parameters and clocks in a unified way. We also obtain decidability for the model checking of a timed version of CTL and for reachability in several extensions of PolITA.} }

@inproceedings{B-time15, address = {Kassel, Germany}, month = sep, year = 2015, publisher = {{IEEE} Computer Society Press}, editor = {Grandi, Fabio and Lange, Martin and Lomuscio, Alessio}, acronym = {{TIME}'15}, booktitle = {{P}roceedings of the 22nd {I}nternational {S}ymposium on {T}emporal {R}epresentation and {R}easoning ({TIME}'15)}, author = {Bollig, Benedikt}, title = {Towards Formal Verification of Distributed Algorithms}, pages = {3}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/B-time15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/B-time15.pdf}, doi = {10.1109/TIME.2015.23} }

@inproceedings{B-ciaa15, address = {Ume{\aa}, Sweden}, month = aug, year = 2015, volume = {9223}, series = {Lecture Notes in Computer Science}, publisher = {Springer-Verlag}, editor = {Drewes, Frank}, acronym = {{CIAA}'15}, booktitle = {{P}roceedings of the 20th {I}nternational {C}onference on {I}mplementation and {A}pplication of {A}utomata ({CIAA}'15)}, author = {Bollig, Benedikt}, title = {Automata and Logics for Concurrent Systems: Five Models in Five Pages}, pages = {3-12}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/B-ciaa15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/B-ciaa15.pdf}, doi = {10.1007/978-3-319-22360-5_1}, abstract = {We~survey various automata models of concurrent systems and their connection with monadic second-order logic: finite automata, class memory automata, nested-word automata, asynchronous automata, and message-passing automata.} }

@inproceedings{PRCHH-atva15, address = {Shanghai, China}, month = oct, year = {2015}, volume = {9364}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Finkbeiner, Bernd and Pu, Geguang and Zhang, Lijun}, acronym = {{ATVA}'15}, booktitle = {{P}roceedings of the 13th {I}nternational {S}ymposium on {A}utomated {T}echnology for {V}erification and {A}nalysis ({ATVA}'15)}, author = {Ponce{ }de{~}Le{\'o}n, Hern{\'a}n and Rodr{\'\i}guez, C{\'e}sar and Carmona, Josep and Heljanko, Keijo and Haar, Stefan}, title = {Unfolding-Based Process Discovery}, pages = {}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/PRCHH-atva15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/PRCHH-atva15.pdf}, doi = {10.1007/978-3-319-24953-7_4}, abstract = {This paper presents a novel technique for process discovery. In contrast to the current trend, which only considers an event log for discovering a process model, we assume two additional inputs: an independence relation on the set of logged activities, and a collection of negative traces. After deriving an intermediate net unfolding from them, we perform a controlled folding giving rise to a Petri net which contains both the input log and all independence-equivalent traces arising from~it. Remarkably, the derived Petri net cannot execute any trace from the negative collection. The entire chain of transformations is fully automated. A tool has been developed and experimental results are provided that witness the significance of the contribution of this paper.} }

@inproceedings{HPRV-ppdp15, address = {Siena, Italy}, month = jul, year = 2015, publisher = {ACM Press}, editor = {Albert, Elvira}, acronym = {{PPDP}'15}, booktitle = {{P}roceedings of the 17th {I}nternational {C}onference on {P}rinciples and {P}ractice of {D}eclarative {P}rogramming ({PPDP}'15)}, author = {Haar, Stefan and Perchy, Salim and Rueda, Camilo and Valencia, Franck}, title = {An Algebraic View of Space{{\slash}}Belief and Extrusion{{\slash}}Utterance for Concurrency{{\slash}}Epistemic Logic}, pages = {161-172}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/HPRV-ppdp15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HPRV-ppdp15.pdf}, doi = {10.1007/978-3-319-19488-2_6}, abstract = {We enrich spatial constraint systems with operators to specify information and processes moving from a space to another. We shall refer to these news structures as spatial constraint systems with extrusion. We shall investigate the properties of this new family of constraint systems and illustrate their applications. From a computational point of view the new operators provide for process\slash information extrusion, a central concept in formalisms for mobile communication. From an epistemic point of view extrusion corresponds to a notion we shall call utterance; a~piece of information that an agent communicates to others but that may be inconsistent with the agent's beliefs. Utterances can then be used to express instances of epistemic notions, which are common place in social media, such as hoaxes or intentional lies. Spatial constraint systems with extrusion can be seen as complete Heyting algebras equipped with maps to account for spatial and epistemic specifications.} }

@inproceedings{ABG-concur15, address = {Madrid, Spain}, month = sep, year = 2015, volume = {42}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Aceto, Luca and de Frutos-Escrig, David}, acronym = {{CONCUR}'15}, booktitle = {{P}roceedings of the 26th {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'15)}, author = {Aiswarya, C. and Bollig, Benedikt and Gastin, Paul}, title = {An Automata-Theoretic Approach to the Verification of Distributed Algorithms}, pages = {340-353}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-concur15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ABG-concur15.pdf}, doi = {10.4230/LIPIcs.CONCUR.2015.340}, abstract = {We introduce an automata-theoretic method for the verification of distributed algorithms running on ring networks. In a distributed algorithm, an arbitrary number of processes cooperate to achieve a common goal (e.g., elect a leader). Processes have unique identifiers (pids) from an infinite, totally ordered domain. An algorithm proceeds in synchronous rounds, each round allowing a process to perform a bounded sequence of actions such as send or receive a pid, store it in some register, and compare register contents wrt. the associated total order. An algorithm is supposed to be correct independently of the number of processes. To specify correctness properties, we introduce a logic that can reason about processes and pids. Referring to leader election, it may say that, at the end of an execution, each process stores the maximum pid in some dedicated register. Since the verification of distributed algorithms is undecidable, we propose an underapproximation technique, which bounds the number of rounds. This is an appealing approach, as the number of rounds needed by a distributed algorithm to conclude is often exponentially smaller than the number of processes. We provide an automata-theoretic solution, reducing model checking to emptiness for alternating two-way automata on words. Overall, we show that round-bounded verification of distributed algorithms over rings is PSPACE-complete.} }

@phdthesis{bollig-HDR15, author = {Bollig, Benedikt}, title = {Automata and Logics for Concurrent Systems: Realizability and Verification}, year = 2015, month = jun, type = {M{\'e}moire d'habilitation}, school = {{\'E}cole Normale Sup{\'e}rieure de Cachan, France}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-bollig15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/hdr-bollig15.pdf} }

@inproceedings{MLBHB-ftscs15, address = {Luxembourg}, optnmonth = 11, optmonth = nov, year = 2015, volume = {476}, series = {Communications in Computer and Information Science}, publisher = {Springer}, editor = {Artho, Cyrille and {\"O}lveczky, Peter Csaba}, acronym = {{FTSCS}'14}, booktitle = {{P}roceedings of the 3rd {I}nternational {W}orkshop on {F}ormal {T}echniques for {S}afety-{C}ritical {S}ystems, Nov. 2014 ({FTSCS}'14)}, author = {Methni, Amira and Lemerre, Matthieu and Ben{~}Hedia, Belgacem and Haddad, Serge and Barkaoui, Kamel}, title = {Specifying and Verifying Concurrent {C}~Programs with {TLA+}}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-ftscs15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/MLBHB-ftscs15.pdf}, doi = {10.1007/978-3-319-17581-2_14}, pages = {206-222}, nonote = {17~pages}, abstract = {Verifying software systems automatically from their source code rather than modelling them in a dedicated language gives more confidence in establishing their properties. Here we propose a formal specification and verification approach for concurrent C programs directly based on the semantics of~C. We define a set of translation rules and implement it in a tool~(C2TLA+) that automatically translates C code into a TLA+ specification. The~TLC model checker can use this specification to generate a model, allowing to check the absence of runtime errors and dead code in the C program in a given configuration. In addition, we show how translated specifications interact with manually written ones~to: check the C code against safety or liveness properties; provide concurrency primitives or model hardware that cannot be expressed in~C; and use abstract versions of translated C functions to address the state explosion problem. All these verifications have been conducted on an industrial case study, which is a part of the microkernel of the PharOS real-time system.} }

@article{FH-fundi15, publisher = {{IOS} Press}, journal = {Fundamenta Informaticae}, author = {Fraca, Est{\'\i}baliz and Haddad, Serge}, title = {Complexity Analysis of Continuous Petri Nets}, volume = 137, number = {1}, pages = {1-28}, year = 2015, url = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-fundi15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FH-fundi15.pdf}, doi = {10.3233/FI-2015-1168}, abstract = {At the end of the eighties, continuous Petri nets were introduced for: (1)~alleviating the combinatory explosion triggered by discrete Petri nets (i.e. usual Petri nets) and, (2)~modelling the behaviour of physical systems whose state is composed of continuous variables. Since then several works have established that the computational complexity of deciding some standard behavioural properties of Petri nets is reduced in this framework. Here we first establish the decidability of additional properties like coverability, boundedness and reachability set inclusion. We also design new decision procedures for reachability and lim-reachability problems with a better computational complexity. Finally we provide lower bounds characterising the exact complexity class of the reachability, the coverability, the boundedness, the deadlock freeness and the liveness problems. A~small case study is introduced and analysed with these new procedures.} }

@article{BHHP-ijasm15, publisher = {IARIA}, journal = {International Journal on Advances in Systems and Measurements}, author = {Barbot, Beno{\^\i}t and Haddad, Serge and Heiner, Monika and Picaronny, Claudine}, title = {Rare Event Handling in Signalling Cascades}, volume = 8, number = {1-2}, pages = {69-79}, year = 2015, month = jun, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-ijasm15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHHP-ijasm15.pdf}, abstract = {Signalling cascades are a recurrent pattern of biological regulatory systems whose analysis has deserved a lot of attention. It has been shown that stochastic Petri nets are appropriate to model such systems and evaluate the probabilities of specific properties. Such an evaluation can be done numerically when the combinatorial state space explosion is manageable or statistically otherwise. However, when the probabilities to be evaluated are too small, random simulation requires more sophisticated techniques for the handling of rare events. In this paper, we show how such involved methods can be successfully applied for signalling cascades. More precisely, we study three relevant properties of a signalling cascade with the help of the COSMOS tool. Our experiments point out interesting dependencies between quantitative parameters of the regulatory system and its transient behaviour. In addition, they demonstrate that we can go beyond the capabilities of MARCIE, which provides one of the most efficient numerical solvers.} }

@inproceedings{ACR-acsd15, address = {Brussels, Belgium}, month = jun, year = 2015, publisher = {{IEEE} Computer Society Press}, editor = {Haar, Stefan and Meyer, Roland}, acronym = {{ACSD}'15}, booktitle = {{P}roceedings of the 15th {I}nternational {C}onference on {A}pplication of {C}oncurrency to {S}ystem {D}esign ({ACSD}'15)}, author = {Andr{\'e}, {\'E}tienne and Chatain, {\relax Th}omas and Rodr{\'\i}guez, C{\'e}sar}, title = {Preserving Partial Order Runs in Parametric Time {P}etri Nets}, pages = {120-129}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/ACR-acsd15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ACR-acsd15.pdf}, doi = {10.1109/ACSD.2015.16}, abstract = {Parameter synthesis for timed systems aims at deriving parameter valuations satisfying a given property. In this paper we target concurrent systems; it is well known that concurrency is a source of state-space explosion, and partial order techniques were defined to cope with this problem. Here we use partial order semantics for parametric time Petri nets as a way to significantly enhance the result of an existing synthesis algorithm. Given a reference parameter valuation, our approach synthesizes other valuations preserving, up to interleaving, the behavior of the reference parameter valuation. We show the applicability of our approach using acyclic asynchronous circuits.} }

@inproceedings{CHKS-pn15, address = {Brussels, Belgium}, month = jun, year = 2015, volume = {9115}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Devillers, Raymond and Valmari, Antti}, acronym = {{PETRI~NETS}'15}, booktitle = {{P}roceedings of the 36th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'15)}, author = {Chatain, {\relax Th}omas and Haar, Stefan and Koutny, Maciej and Schwoon, Stefan}, title = {Non-Atomic Transition Firing in Contextual Nets}, pages = {117-136}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CHKS-pn15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CHKS-pn15.pdf}, doi = {10.1007/978-3-319-19488-2_6}, abstract = {The firing rule for Petri nets assumes instantaneous and simultaneous consumption and creation of tokens. In the context of ordinary Petri nets, this poses no particular problem because of the system's asynchronicity, even if token creation occurs later than token consumption in the firing. With read arcs, the situation changes, and several different choices of semantics are possible. The step semantics introduced by Janicki and Koutny can be seen as imposing a two-phase firing scheme: first, the presence of the required tokens is checked, then consumption and production of tokens happens. Pursuing this approach further, we develop a more general framework based on explicitly splitting the phases of firing, allowing to synthesize coherent steps. This turns out to define a more general non-atomic semantics, which has important potential for safety as it allows to detect errors that were missed by the previous semantics. Then we study the characterization of partial-order processes feasible under one or the other semantics.} }

@incollection{BH-im15, year = 2015, publisher = {CNRS \'Editions}, editor = {Ollinger, Nicolas}, booktitle = {Informatique Math{\'e}matique. Une~photographie en~2015}, author = {Bertrand, Nathalie and Haddad, Serge}, title = {Contr{\^o}le, probabilit{\'e}s et observation partielle}, chapter = 5, pages = {177-227}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-im15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BH-im15.pdf} }

@article{BBDHP-peva15, publisher = {Elsevier Science Publishers}, journal = {Performance Evaluation}, author = {Ballarini, Paolo and Barbot, Beno{\^\i}t and Duflot, Marie and Haddad, Serge and Pekergin, Nihal}, title = {{HASL}: A~New Approach for Performance Evaluation and Model Checking from Concepts to Experimentation}, year = {2015}, month = aug, volume = 90, pages = {53-77}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/rr-lsv-2015-04.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/rr-lsv-2015-04.pdf}, doi = {10.1016/j.peva.2015.04.003}, abstract = {We introduce the Hybrid Automata Stochastic Language (HASL), a new temporal logic formalism for the verification of Discrete Event Stochastic Processes (DESP). HASL employs a Linear Hybrid Automaton (LHA) to select prefixes of relevant execution paths of a DESP. LHA allows rather elaborate information to be collected \emph{on-the-fly} during path selection, providing the user with powerful means to express sophisticated measures. A~formula of HASL consists of an LHA and an expression~\(Z\) referring to moments of \emph{path random variables}. A~simulation-based statistical engine is employed to obtain a confidence interval estimate of the expected value of~\(Z\). In~essence, HASL~provides a unifying verification framework where temporal reasoning is naturally blended with elaborate reward-based analysis. Moreover, we have implemented a tool, named COSMOS, for performing analysis of HASL formula for DESP modelled by Petri nets. Using this tool we have developed two detailed case studies: a flexible manufacturing system and a genetic oscillator.} }

@misc{qcover16, author = {Blondin, Michael and Finkel, Alain and Haase, Christoph and Haddad, Serge}, title = {{QCover: an efficient coverability verifier for discrete and continuous Petri nets}}, url = {https://github.com/blondimi/qcover}, year = {2016} }

@mastersthesis{m2-lehaut, author = {Lehaut, Mathieu}, title = {PDL on infinite alphabet}, school = {{M}aster {P}arisien de {R}echerche en {I}nformatique, Paris, France}, type = {Rapport de {M}aster}, year = {2016}, month = aug, url = {http://www.lsv.fr/Publis/PAPERS/PDF/m2-lehaut.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/m2-lehaut.pdf}, note = {19~pages} }

@article{HHMS-jcss16, publisher = {Elsevier Science Publishers}, journal = {Journal of Computer and System Sciences}, author = {Stefan Haar and Serge Haddad and Tarek Melliti and Stefan Schwoon}, title = {Optimal constructions for active diagnosis}, pages = {101-120}, volume = {83}, number = {1}, year = {2017}, doi = {10.1016/j.jcss.2016.04.007}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HHMS-jcss16.pdf}, abstract = {Diagnosis is the task of detecting fault occurrences in a partially observed sys- tem. Depending on the possible observations, a discrete-event system may be diagnosable or not. Active diagnosis aims at controlling the system to render it diagnosable. Past research has proposed solutions for this problem, but their complexity remains to be improved. Here, we solve the decision and synthesis problems for active diagnosability, proving that (1) our procedures are optimal with respect to computational complexity, and (2) the memory required for our diagnoser is minimal. We then study the delay between a fault occurrence and its detection by the diagnoser. We construct a memory-optimal diagnoser whose delay is at most twice the minimal delay, whereas the memory required to achieve optimal delay may be highly greater. We also provide a solution for parametrized active diagnosis, where we automatically construct the most permissive controller respecting a given delay.} }

@article{BKM-tocs17, publisher = {Springer}, journal = {Theory of Computing Systems}, author = {Bollig, Benedikt and Kuske, Dietrich and Mennicke, Roy}, title = {The Complexity of Model Checking Multi-Stack Systems}, volume = {60}, number = {4}, pages = {695-736}, year = {2017}, url = {http://link.springer.com/article/10.1007/s00224-016-9700-6?wt_mc=Internal.Event.1.SEM.ArticleAuthorOnlineFirst}, doi = {10.1007/s00224-016-9700-6}, abstract = {We study the linear-time model checking problem for boolean concurrent programs with recursive procedure calls. While sequential recursive programs are usually modeled as pushdown automata, concurrent recursive programs involve several processes and can be naturally abstracted as pushdown automata with multiple stacks. Their behavior can be understood as words with multiple nesting relations, each relation connecting a procedure call with its corresponding return. To reason about multiply nested words, we consider the class of all temporal logics as defined in the book by Gabbay, Hodkinson, and Reynolds. The unifying feature of these temporal logics is that their modalities are defined in monadic second-order (MSO) logic. In particular, this captures numerous temporal logics over concurrent and/or recursive programs that have been defined so far. Since the general model checking problem is undecidable, we restrict attention to phase bounded executions as proposed by La Torre, Madhusudan, and Parlato. While the MSO model checking problem in this case is non-elementary, our main result states that the model checking (and satisfiability) problem for all MSO-definable temporal logics is decidable in elementary time. More precisely, it is solvable in time exponential in the formula and (n+2)-fold exponential in the number of phases where n is the maximal level of the MSO modalities in the monadic quantifier alternation hierarchy (which is a vast improvement over the conference version of this paper from LICS 2013 where the space was also (n+2)-fold exponential in the size of the temporal formula). We complement this result and provide, for each level n, a temporal logic whose model checking problem is n-EXPSPACE-hard.} }

@inproceedings{vDCC-EMISA16, address = {Vienna, Austria}, month = oct, publisher = {{CEUR-WS.org}}, volume = {1701}, series = {{CEUR} Workshop Proceedings}, editor = {Rinderle-Ma, Stefanie and Mendling, Jan}, acronym = {{EMISA}'16}, booktitle = {{P}roceedings of the 7th {I}nt. {W}orkshop on {E}nterprise {M}odelling and {I}nformation {S}ystems {A}rchitectures ({EMISA}'16)}, author = {van Dongen, Boudewijn and Carmona, Josep and Chatain, {\relax Th}omas}, title = {{Alignment-based Quality Metrics in Conformance Checking}}, pages = {87-90}, year = {2016}, doi = {}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/vanDongen-EMISA16.pdf}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/vanDongen-EMISA16.pdf}, abstract = {The holy grail in process mining is a process discovery algorithm that, given an event log, produces fitting, precise, properly generalizing and simple process models. Within the field of process mining, conformance checking is considered to be anything where observed behaviour, e.g., in the form of event logs or event streams, needs to be related to already modelled behaviour. In the conformance checking domain, the relation between an event log and a model is typically quantified using fitness, precision and generalization. In this paper, we present metrics for fitness, precision and generalization, based on alignments and the newer concept named anti-alignments.} }

@inproceedings{MHP-HSB16, address = {Grenoble France}, month = oct, optvolume = 9957, series = {Lecture Notes in Computer Science}, publisher = {Springer}, opteditor = {Cinquemani, Eugenio and Donz{\'{e}, Alexandre}}, acronym = {{HSB}'16}, booktitle = {{P}roceedings of the 5th {I}nternational {W}orkshop on {H}ybrid {S}ystems {B}iology}, author = {Mandon, Hugues and Haar, Stefan and Paulev{\'e}, Lo{\"i}c}, title = {{Relationship between the Reprogramming Determinants of Boolean Networks and their Interaction Graph}}, pages = {113-127}, year = {2016}, doi = {10.1007/978-3-319-47151-8_8}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/MHP-HSB16.pdf}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/MHP-HSB16.pdf}, abstract = {In this paper, we address the formal characterization of tar- gets triggering cellular trans-differentiation in the scope of Boolean net- works with asynchronous dynamics. Given two fixed points of a Boolean network, we are interested in all the combinations of mutations which allow to switch from one fixed point to the other, either possibly, or in- evitably. In the case of existential reachability, we prove that the set of nodes to (permanently) flip are only and necessarily in certain connected components of the interaction graph. In the case of inevitable reachabil- ity, we provide an algorithm to identify a subset of possible solutions.} }

@inproceedings{KSHP-sasb16, address = {Edinburgh, UK}, month = sep, missingnumber = {2}, missingvolume = {}, series = {Electronic Notes in Theoretical Computer Science}, publisher = {Elsevier Science Publishers}, acronym = {{SASB}'16}, booktitle = {{P}roceedings of {T}he {S}eventh {I}nternational {W}orkshop on {S}tatic {A}nalysis and {S}ystems {B}iology (SASB 2016)}, title = {{Unfolding of Parametric Logical Regulatory Networks}}, author = {Kolc{\'a}k, Juraj and {\v S}afr{\'a}nek, David and Haar, Stefan and Paulev{\'e}, Lo{\"i}c}, year = {2016}, note = {To appear}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/KSHP-SASB16.pdf}, url = {https://hal.archives-ouvertes.fr/hal-01354109}, abstract = {In systems biology, models of cellular regulatory processes such as gene regulatory networks or signalling pathways are crucial to understanding the behaviour of living cells. Available biological data are however often insufficient for full model specification. In this paper, we focus on partially specified models where the missing information is abstracted in the form of parameters. We introduce a novel approach to analysis of parametric logical regulatory networks addressing both sources of combinatoric explosion native to the model. First, we introduce a new compact representation of admissible parameters using Boolean lattices. Then, we define the unfolding of parametric regulatory networks. The resulting structure provides a partial- order reduction of concurrent transitions, and factorises the common transitions among the concrete models. A comparison is performed against state-of-the-art approaches to parametric model analysis.} }

@article{KGHPAJRHH-tpnomc2016, publisher = {Springer}, journal = {Transactions on Petri Nets and Other Models of Concurrency}, author = {Kordon, Fabrice and Garavel, Hubert and Hillah, Lom{-}Messan and Paviot{-}Adet, Emmanuel and Jezequel, Lo{\"{\i}}g and Rodr{\'{\i}}guez, C{\'{e}}sar and Hulin{-}Hubard, Francis }, title = {{MCC}'2015 - {T}he {F}ifth {M}odel {C}hecking {C}ontest}, volume = {11}, pages = {262-273}, year = {2016}, url = {http://dx.doi.org/10.1007/978-3-662-53401-4_12}, doi = {10.1007/978-3-662-53401-4_12}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/KGHPAJRHH-tpnomc2016.pdf} }

@inproceedings{Bollig-fsttcs16, address = {Chennai, India}, month = dec, year = 2016, volume = {65}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {S. Akshay and Akash Lal and Saket Saurabh and Sandeep Sen}, acronym = {{FSTTCS}'16}, booktitle = {{P}roceedings of the 36th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'16)}, author = {Bollig, Benedikt}, title = {One-Counter Automata with Counter Observability}, pages = {20:1-20:14}, url = {http://drops.dagstuhl.de/opus/volltexte/2016/6855/}, doi = {10.4230/LIPIcs.FSTTCS.2016.20}, abstract = {In a one-counter automaton (OCA), one can produce a letter from some finite alphabet, increment and decrement the counter by one, or compare it with constants up to some threshold. It is well-known that universality and language inclusion for OCAs are undecidable. In this paper, we consider OCAs with counter observability: Whenever the automaton produces a letter, it outputs the current counter value along with it. Hence, its language is now a set of words over an infinite alphabet. We show that universality and inclusion for that model are PSPACE-complete, thus no harder than the corresponding problems for finite automata. In fact, by establishing a link with visibly one-counter automata, we show that OCAs with counter observability are effectively determinizable and closed under all boolean operations. Moreover, it turns out that they are expressively equivalent to strong automata, in which transitions are guarded by MSO formulas over the natural numbers with successor.} }

@inproceedings{HT-pasm16, address = {M{\"u}nster, Germany}, month = apr, year = 2016, volume = {327}, series = {Electronic Notes in Theoretical Computer Science}, publisher = {Elsevier Science Publishers}, editor = {Haverkort, Boudewijn and Knottenbelt, William and Remke, Anne and Thomas, Nigel}, booktitle = {{P}roceedings of the 8th {I}nternational {W}orkshop on {P}ractical {A}pplications of {S}tochastic {M}odelling ({PASM}'16)}, author = {Haar, Stefan and Theissing, Simon}, title = {Forecasting Passenger Loads in Transportation Networks}, pages = {49-69}, url = {https://hal.inria.fr/hal-01259585}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-pasm16.pdf}, doi = {10.1016/j.entcs.2016.09.023}, abstract = {This work is part of an ongoing effort to understand the dynamics of passenger loads in modern, multimodal transportation networks (TNs) and to mitigate the impact of perturbations. The challenge is that the percentage of passengers at any given point of the TN that have a certain destination, i.e. their distribution over different trip profiles, is unknown. We introduce a stochastic hybrid automaton model for multimodal TNs that allows to compute how such probabilistic load vectors are propagated through the TN, and develop a computation strategy for forecasting the network's load a certain time into the future.} }

@techreport{HT-hal16, author = {Haar, Stefan and Theissing, Simon}, title = {A~Passenger-centric Multi-agent System Model for Multimodal Public Transportation}, institution = {HAL-inria}, number = {hal-01322956}, month = may, year = {2016}, type = {Research Report}, url = {https://hal.inria.fr/hal-01322956}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-hal16.pdf}, note = {12~pages}, abstract = {If we want to understand how perturbations spread across a multi-modal public transportation system, we have to include passenger flows into the model and the analysis. Indeed, in general no two different lines in such a system are physically connected directly, or share tracks or other resources. Rather, they are connected by passengers changing lines and thus transmit perturbations from one line or mode to another. We present a formal passenger-centric multi-agent system model that can capture (i)~individual and possibly multi-modal trip profiles with branches resulting from different decision outcomes, (ii)~the~movement of fixed-route operated transportation means, and (iii)~in-vehicle and in-station capacity constraints. The model is based on a nets-within-nets approach with Petri nets as the basic building entities. Thus, it has a convenient graphical representation, and the possibility of execution.} }

@inproceedings{HT-qest16, address = {Qu{\'e}bec City, Canada}, month = aug, year = 2016, volume = {9826}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Agha, Gul and Van{~}Houdt, Benny}, acronym = {{QEST}'16}, booktitle = {{P}roceedings of the 13th {I}nternational {C}onference on {Q}uantitative {E}valuation of {S}ystems ({QEST}'16)}, author = {Haar, Stefan and Theissing, Simon}, title = {Decoupling Passenger Flows for Improved Load Prediction}, pages = {364-379}, url = {https://hal.inria.fr/hal-01330136}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-qest16.pdf}, doi = {10.1007/978-3-319-43425-4_24}, abstract = {This paper continues our work on perturbation analysis of multimodal transportation networks~(TNs) by means of a stochastic hybrid automaton~(SHA) model. We focus here on the approximate computation , in particular on the major bottleneck consisting in the high dimensionality of systems of stochastic differential balance equations (SDEs) that define the continuous passenger-flow dynamics in the different modes of the SHA model. In fact, for every pair of a mode and a station, one system of coupled SDEs relates the passenger loads of all discrete points such as platforms considered in this station, and all vehicles docked to it, to the passenger flows in between. In general, such an SDE system has many dimensions, which makes its numerical computation and thus the approximate computation of the SHA model intractable. We show how these systems can be canonically replaced by lower-dimensional ones, by decoupling the passenger flows inside every mode from one another. We prove that the resulting approximating passenger-flow dynamics converges to the original one, if the replacing set of balance equations set up for all decoupled passenger flows communicate their results among each other in vanishing time intervals.} }

@inproceedings{HT-acc16, address = {Boston, Massachusetts, USA}, month = jul, year = 2016, publisher = {{IEEE} Control System Society}, acronym = {{ACC}'16}, booktitle = {{P}roceedings of the 35th {A}merican {C}ontrol {C}onference ({ACC}'16)}, author = {Haar, Stefan and Theissing, Simon}, title = {Predicting Traffic Load in Public Transportation Networks}, pages = {821-826}, url = {https://hal.inria.fr/hal-01329632}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HT-acc16.pdf}, doi = {10.1109/ACC.2016.7525015}, abstract = {This work is part of an ongoing effort to understand the dynamics of passenger loads in modern, multimodal transportation networks (TNs) and to mitigate the impact of perturbations, under the restrictions that the precise number of passengers in some point of the TN that intend to reach a certain destination (i.e. their distribution over different trip profiles) is unknown. We introduce an approach based on a stochastic hybrid automaton model for a TN that allows to compute how such probabilistic load vectors are propagated through the TN, and develop a computation strategy for forecasting the network's load a certain time in the future.} }

@inproceedings{FHLM-wodes16, address = {Xi'an, China}, month = may # {-} # jun, year = 2016, publisher = {{IEEE} Control System Society}, editor = {Cassandras, Christos G. and Giua, Alessandro}, acronym = {{WODES}'16}, booktitle = {{P}roceedings of the 13th {W}orkshop on {D}iscrete {E}vent {S}ystems ({WODES}'16)}, author = {Fabre, {\'E}ric and H{\'e}lou{\"e}t, Lo{\"i}c and Lefaucheux, Engel and Marchand, Herv{\'e}}, title = {Diagnosability of Repairable Faults}, pages = {230-236}, url = {https://hal.inria.fr/hal-01302562}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FHLM-wodes16.pdf}, doi = {10.1109/WODES.2016.7497853}, abstract = {The diagnosis problem for discrete event systems consists in deciding whether some fault event occurred or not in the system, given partial observations on the run of that system. Diagnosability checks whether a correct diagnosis can be issued in bounded time after a fault, for all faulty runs of that system. This problem appeared two decades ago and numerous facets of it have been explored, mostly for permanent faults. It is known for example that diagnosability of a system can be checked in polynomial time, while the construction of a diagnoser is exponential. The present paper examines the case of transient faults, that can appear and be repaired. Diagnosability in this setting means that the occurrence of a fault should always be detected in bounded time, but also before the fault is repaired. Checking this notion of diagnosability is proved to be PSPACE-complete. It is also shown that faults can be reliably counted provided the system is diagnosable for faults and for repairs.} }

@inproceedings{vDCC-bpm16, address = {Rio de Janeiro, Brazil}, month = sep, year = 2016, volume = {9850}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {La{~}Rosa, Marcello and Loos, Peter and Pastor, Oscar}, acronym = {{BPM}'16}, booktitle = {{P}roceedings of the 14th {I}nternational {C}onference on {B}usiness {P}rocess {M}anagement ({BPM}'16)}, author = {van Dongen, Boudewijn F. and Carmona, Josep and Chatain, {\relax Th}omas}, title = {A Unified Approach for Measuring Precision and Generalization Based on Anti-Alignments}, pages = {39-56}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/vDCC-bpm16.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/vDCC-bpm16.pdf}, doi = {10.1007/978-3-319-45348-4_3}, abstract = {The holy grail in process mining is an algorithm that, given an event log, produces fitting, precise, properly generalizing and simple process models. While there is consensus on the existence of solid metrics for fitness and simplicity, current metrics for precision and generalization have important flaws, which hamper their applicability in a general setting. In this paper, a novel approach to measure precision and generalization is presented, which relies on the notion of anti-alignments. An anti-alignment describes highly deviating model traces with respect to observed behavior. We propose metrics for precision and generalization that resemble the leave-one-out cross-validation techniques, where individual traces of the log are removed and the computed anti-alignment assess the model's capability to describe precisely or generalize the observed behavior.} }

@inproceedings{AGS-concur16, address = {Qu{\'e}bec City, Canada}, month = aug, year = 2016, volume = {59}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Desharnais, Jos{\'e}e and Jagadeesan, Radha}, acronym = {{CONCUR}'16}, booktitle = {{P}roceedings of the 27th {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'16)}, author = {Akshay, S. and Paul Gastin and Krishna, Shankara Narayanan}, title = {Analyzing Timed Systems Using Tree Automata}, pages = {27:1-27:14}, url = {http://arxiv.org/abs/1604.08443}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AGS-concur16.pdf}, doi = {10.4230/LIPIcs.CONCUR.2016.27}, abstract = {Timed systems, such as timed automata, are usually analyzed using their operational semantics on timed words. The classical region abstraction for timed automata reduces them to (untimed) finite state automata with the same time-abstract properties, such as state reachability. We propose a new technique to analyze such timed systems using finite tree automata instead of finite word automata. The main idea is to consider timed behaviors as graphs with matching edges capturing timing constraints. Such graphs can be interpreted in trees opening the way to tree automata based techniques which are more powerful than analysis based on word automata. The technique is quite general and applies to many timed systems. In this paper, as an example, we develop the technique on timed pushdown systems, which have recently received considerable attention. Further, we also demonstrate how we can use it on timed automata and timed multi-stack pushdown systems (with boundedness restrictions).} }

@inproceedings{BHL-concur16, address = {Qu{\'e}bec City, Canada}, month = aug, year = 2016, volume = {59}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Desharnais, Jos{\'e}e and Jagadeesan, Radha}, acronym = {{CONCUR}'16}, booktitle = {{P}roceedings of the 27th {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'16)}, author = {Nathalie Bertrand and Serge Haddad and Engel Lefaucheux}, title = {Diagnosis in Infinite-State Probabilistic Systems}, pages = {37:1-37:15}, url = {https://hal.inria.fr/hal-01334218}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-concur16.pdf}, doi = {10.4230/LIPIcs.CONCUR.2016.37}, abstract = {In a recent work, we introduced four variants of diagnosability (\textsf{FA}, \textsf{IA}, \textsf{FF},~\textsf{IF}) in (finite) probabilistic systems (pLTS) depending whether one considers (1)~finite or infinite runs and (2)~faulty or all runs. We studied their relationship and established that the corresponding decision problems are PSPACE-complete. A~key ingredient of the decision procedures was a characterisation of diagnosability by the fact that a random run almost surely lies in an open set whose specification only depends on the qualitative behaviour of the pLTS. Here we investigate similar issues for infinite pLTS. We~first show that this characterisation still holds for \textsf{FF}-diagnosability but with a~\(G_{\delta}\) set instead of an open set and also for \textsf{IF}-and \textsf{IA}-diagnosability when pLTS are finitely branching. We also prove that surprisingly \textsf{FA}-diagnosability cannot be characterised in this way even in the finitely branching case. Then we apply our characterisations for a partially observable probabilistic extension of visibly pushdown automata (POpVPA), yielding EXPSPACE procedures for solving diagnosability problems. In~addition, we~establish some computational lower bounds and show that slight extensions of POpVPA lead to undecidability.} }

@inproceedings{CC-pn16, address = {Tor{\'u}n, Poland}, month = jun, year = 2016, volume = {9698}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Kordon, Fabrice and Moldt, Daniel}, acronym = {{PETRI~NETS}'16}, booktitle = {{P}roceedings of the 37th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'16)}, author = {Carmona, Josep and Chatain, {\relax Th}omas}, title = {Anti-Alignments in Conformance Checking~-- The~Dark Side of Process Models}, pages = {240-258}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/CC-pn16.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CC-pn16.pdf}, doi = {10.1007/978-3-319-39086-4_15}, abstract = {Conformance checking techniques asses the suitability of a process model in representing an underlying process, observed through a collection of real executions. These techniques suffer from the well-known state space explosion problem, hence handling process models exhibiting large or even infinite state spaces remains a challenge. One important metric in conformance checking is to asses the precision of the model with respect to the observed executions, i.e., characterize the ability of the model to produce behavior unrelated to the one observed. By~avoiding the computation of the full state space of a model, current techniques only provide estimations of the precision metric, which in some situations tend to be very optimistic, thus hiding real problems a process model may have. In this paper we present the notion of anti-alignment as a concept to help unveiling traces in the model that may deviate significantly from the observed behavior. Using anti-alignments, current estimations can be improved, e.g., in precision checking. We show how to express the problem of finding anti-alignments as the satisfiability of a Boolean formula, and provide a tool which can deal with large models efficiently.} }

@comment{{B-arxiv16, author = Bollig, Benedikt, affiliation = aff-LSVmexico, title = One-Counter Automata with Counter Visibility, institution = Computing Research Repository, number = 1602.05940, month = feb, nmonth = 2, year = 2016, type = RR, axeLSV = mexico, NOcontrat = "", url = http://arxiv.org/abs/1602.05940, PDF = "http://www.lsv.fr/Publis/PAPERS/PDF/B-arxiv16.pdf", lsvdate-new = 20160222, lsvdate-upd = 20160222, lsvdate-pub = 20160222, lsv-category = "rapl", wwwpublic = "public and ccsb", note = 18~pages, abstract = "In a one-counter automaton (OCA), one can read a letter from some finite alphabet, increment and decrement the counter by one, or test it for zero. It is well-known that universality and language inclusion for OCAs are undecidable. We consider here OCAs with counter visibility: Whenever the automaton produces a letter, it outputs the current counter value along with~it. Hence, its language is now a set of words over an infinite alphabet. We show that universality and inclusion for that model are in PSPACE, thus no harder than the corresponding problems for finite automata, which can actually be considered as a special case. In fact, we show that OCAs with counter visibility are effectively determinizable and closed under all boolean operations. As~a~strict generalization, we subsequently extend our model by registers. The general nonemptiness problem being undecidable, we impose a bound on the number of register comparisons and show that the corresponding nonemptiness problem is NP-complete.", }}

@proceedings{HM-acsd2015, editor = {Haar, Stefan and Meyer, Roland}, title = {{P}roceedings of the 15th {I}nternational {C}onference on {A}pplication of {C}oncurrency to {S}ystem {D}esign ({ACSD}'15)}, booktitle = {{P}roceedings of the 15th {I}nternational {C}onference on {A}pplication of {C}oncurrency to {S}ystem {D}esign ({ACSD}'15)}, acronym = {{ACSD}'15}, publisher = {{IEEE} Computer Society Press}, year = 2015, month = jun, address = {Brussels, Belgium}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7352411} }

@inproceedings{FG-fossacs16, address = {Eindhoven, The~Netherlands}, month = apr, year = 2016, volume = {9634}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Jacobs, Bart and L{\"o}ding, Christof}, acronym = {{FoSSaCS}'16}, booktitle = {{P}roceedings of the 19th {I}nternational {C}onference on {F}oundations of {S}oftware {S}cience and {C}omputation {S}tructures ({FoSSaCS}'16)}, author = {Fortin, Marie and Gastin, Paul}, title = {Verification of parameterized communicating automata via split-width}, pages = {197-213}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/FG-fossacs16.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FG-fossacs16.pdf}, doi = {10.1007/978-3-662-49630-5_12}, abstract = {We~study verification problems for distributed systems communicating via unbounded FIFO channels. The number of processes of the system as well as the communication topology are not fixed a~priori. Systems are given by parameterized communicating automata (PCAs) which can be run on any communication topology of bounded degree, with arbitrarily many processes. Such systems are Turing powerful so we concentrate on under-approximate verification. We extend the notion of split-width to behaviors of PCAs. We show that emptiness, reachability and model-checking problems of PCAs are decidable when restricted to behaviors of bounded split-width. Reachability and emptiness are EXPTIME-complete, but only polynomial in the size of the PCA. We also describe several concrete classes of bounded split-width, for which we prove similar results.} }

@inproceedings{tacas16-BFHH, address = {Eindhoven, The Netherlands}, month = apr, year = 2016, volume = {9636}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Chechik, Marsha and Raskin, Jean-Fran{\c{c}}ois}, acronym = {{TACAS}'16}, booktitle = {{P}roceedings of the 22th {I}nternational {C}onference on {T}ools and {A}lgorithms for {C}onstruction and {A}nalysis of {S}ystems ({TACAS}'16)}, author = {Blondin, Michael and Finkel, Alain and Haase, Christoph and Haddad, Serge}, title = {Approaching the Coverability Problem Continuously}, pages = {480-496}, url = {http://arxiv.org/abs/1510.05724}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/arxiv15-BFHH.pdf}, doi = {10.1007/978-3-662-49674-9_28}, abstract = {The coverability problem for Petri nets plays a central role in the verification of concurrent shared-memory programs. However, its high EXPSPACE-complete complexity poses a challenge when encountered in real-world instances. In this paper, we develop a new approach to this problem which is primarily based on applying forward coverability in continuous Petri nets as a pruning criterion inside a backward coverability framework. A cornerstone of our approach is the efficient encoding of a recently developed polynomial-time algorithm for reachability in continuous Petri nets into SMT. We demonstrate the effectiveness of our approach on standard benchmarks from the literature, which shows that our approach decides significantly more instances than any existing tool and is in addition often much faster, in particular on large instances.} }

@inproceedings{APS-tap15, address = {L'Aquila, Italy}, month = jul, year = 2015, volume = 9154, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = { Blanchette, Jasmin Christian and Kosmatov, Nikolai}, acronym = {{TAP}'15}, booktitle = {{P}roceedings of the 9th {I}nternational {C}onference on {T}ests and {P}roofs ({TAP}'15)}, author = {Athanasiou, Konstantinos and Ponce{ }de{~}Le{\'o}n, Hern\'an and Schwoon, Stefan}, title = {Test Case Generation for Concurrent Systems Using Event Structures}, pages = {19-37}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/APS-tap15.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/APS-tap15.pdf}, doi = {10.1007/978-3-319-21215-9_2}, abstract = {This paper deals with the test-case generation problem for concurrent systems that are specified by true-concurrency models such as Petri nets. We show that using true-concurrency models reduces both the size and the number of test cases needed for achieving certain coverage criteria. We present a test-case generation algorithm based on Petri net unfoldings and a SAT encoding for solving controllability problems in test cases. Finally, we evaluate our algorithm against traditional test-case generation methods under interleaving semantics.} }

@inproceedings{BHL-lata16, address = {Prague, Czech Republic}, month = mar, year = 2016, volume = {9618}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Mart{\'\i}n-Vide, Carlos}, acronym = {{LATA}'16}, booktitle = {{P}roceedings of the 10th {I}nternational {C}onference on {L}anguage and {A}utomata {T}heory and {A}pplications ({LATA}'16)}, author = {Bertrand, Nathalie and Haddad, Serge and Lefaucheux, Engel}, title = {Accurate Approximate Diagnosability of Stochastic Systems}, pages = {549-561}, url = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-lata16.pdf}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-lata16.pdf}, doi = {10.1007/978-3-319-30000-9_42}, abstract = {Diagnosis of partially observable stochastic systems prone to faults was introduced in the late nineties. Diagnosability, i.e. the existence of a diagnoser, may be specified in different ways: (1)~exact diagnosability (called A-diagnosability) requires that almost surely a fault is detected and that no fault is erroneously claimed while (2)~approximate diagnosability (called \(\varepsilon\)-diagnosability) allows a small probability of error when claiming a fault and (3)~accurate approximate diagnosability (called AA-diagnosability) requires that this error threshold may be chosen arbitrarily small. Here we mainly focus on approximate diagnoses. We first refine the almost sure requirement about finite delay introducing a uniform version and showing that while it does not discriminate between the two versions of exact diagnosability this is no more the case in approximate diagnosis. Then we establish a complete picture for the decidability status of the diagnosability problems: (uniform) \(\varepsilon\)-diagnosability and uniform AA-diagnosability are undecidable while AA-diagnosability is decidable in PTIME, answering a longstanding open question.} }

@inproceedings{BFG-stacs18, address = {Caen, France}, month = feb, volume = {96}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Niedermeier, Rolf and Vall{\'e}e, Brigitte}, acronym = {{STACS}'18}, booktitle = {{P}roceedings of the 35th {A}nnual {S}ymposium on {T}heoretical {A}spects of {C}omputer {S}cience ({STACS}'18)}, author = {Bollig, Benedikt and Fortin, Marie and Gastin, Paul}, title = {Communicating Finite-State Machines and Two-Variable Logic}, pages = {17:1-17:14}, year = {2018}, doi = {10.4230/LIPIcs.STACS.2018.17}, pdf = {http://drops.dagstuhl.de/opus/volltexte/2018/8529/pdf/LIPIcs-STACS-2018-17.pdf}, url = {http://drops.dagstuhl.de/opus/frontdoor.php?source_opus=8529}, abstract = {Communicating finite-state machines are a fundamental, well-studied model of finite-state processes that communicate via unbounded first-in first-out channels. We show that they are expressively equivalent to existential MSO logic with two first-order variables and the order relation.} }

@inproceedings{MHP-cmsb17, address = {Darmstadt, Germany}, month = sep, year = 2017, volume = {10545}, series = {Lecture Notes in Bioinformatics}, publisher = {Springer-Verlag}, editor = {Feret, J{\'e}r{\^o}me and Koeppl, Heinz}, acronym = {{CMSB}'17}, booktitle = {{P}roceedings of the 15th {C}onference on {C}omputational {M}ethods in {S}ystem {B}iology ({CMSB}'17)}, author = {Mandon, Hugues and Haar, Stefan and Paulev{\'e}, Lo{\"i}c}, title = {{Temporal Reprogramming of Boolean Networks}}, pages = {179-195}, pdf = {https://hal.inria.fr/hal-01589251/document}, doi = {10.1007/978-3-319-67471-1\_11}, abstract = {Cellular reprogramming, a technique that opens huge opportunities in modern and regenerative medicine, heavily relies on identifying key genes to perturb. Most of computational methods focus on finding mutations to apply to the initial state in order to control which attractor the cell will reach. However, it has been shown, and is proved in this article, that waiting between the perturbations and using the transient dynamics of the system allow new reprogramming strategies. To identify these temporal perturbations, we consider a qualitative model of regulatory networks, and rely on Petri nets to model their dynamics and the putative perturbations. Our method establishes a complete characterization of temporal perturbations, whether permanent (mutations) or only temporary, to achieve the existential or inevitable reachability of an arbitrary state of the system. We apply a prototype implementation on small models from the literature and show that we are able to derive temporal perturbations to achieve trans-differentiation.} }

@inproceedings{TFL-async17, address = {San Diego, California, USA}, month = may, publisher = {{IEEE} Computer Society}, editor = {Beign{\'e}, Edith and Stevens, Ken}, acronym = {{ASYNC}'17}, booktitle = {{P}roceedings of the 23rd {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'17)}, author = {Ghaith Tarawneh and Matthias F{\"u}gger and Christoph Lenzen}, title = {Metastability Tolerant Computing}, pages = {25-32}, year = {2017}, doi = {10.1109/ASYNC.2017.9}, pdf = {http://www.lsv.fr/~mfuegger/papers/TFL17_async.pdf}, url = {http://ieeexplore.ieee.org/abstract/document/8097381/}, abstract = {Synchronization using flip-flop chains imposes a latency of a few clock cycles when transferring data and control signals between clock domains. We propose a design scheme that avoids this latency by performing synchronization as part of state/data computations while guaranteeing that metastability is contained and its effects tolerated (with an acceptable failure probability). We present a theoretical framework for modeling synchronous state machines in the presence of metastability and use it to prove properties that guarantee some form of reliability. Specifically, we show that the inevitable state/data corruption resulting from propagating metastable states can be confined to a subset of computations. Applications that can tolerate certain failures can exploit this property to leverage low-latency and quasi-reliable operation simultaneously. We demonstrate the approach by designing a Network-on-Chip router with zero- latency asynchronous ports and show via simulation that it outperforms a variant with two flip-flop synchronizers at a negligible cost in packet transfer reliability.} }

@inproceedings{FKLP-async17, address = {San Diego, California, USA}, month = may, publisher = {{IEEE} Computer Society}, editor = {Beign{\'e}, Edith and Stevens, Ken}, acronym = {{ASYNC}'17}, booktitle = {{P}roceedings of the 23rd {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'17)}, author = {Matthias F{\"u}gger and Attila Kinali and Christoph Lenzen and Thomas Polzer}, title = {Metastability-Aware Memory-Efficient Time-to-Digital Converter}, pages = {49-56}, year = {2017}, doi = {10.1109/ASYNC.2017.12}, pdf = {http://www.lsv.fr/~mfuegger/pub/FKLP17.pdf}, url = {https://doi.org/10.1109/ASYNC.2017.12}, abstract = {We propose a novel method for transforming delay- line time-to-digital converters (TDCs) into TDCs that output Gray code without relying on synchronizers. We formally prove that the inevitable metastable memory upsets (Marino, TC'81) do not induce an additional time resolution error. Our modified design provides suitable inputs to the recent metastability-containing sorting networks by Lenzen and Medina (ASYNC'16) and Bund et al. (DATE'17). In contrast, employing existing TDCs would require using thermometer code at the TDC output (followed by conversion to Gray code) or resolving metastability inside the TDC. The former is too restrictive w.r.t. the dynamic range of the TDCs, while the latter loses the advantage of enabling (accordingly much faster) computation without having to first resolve metastability.\par Our all-digital designs are also of interest in their own right: they support high sample rates and large measuring ranges at nearly optimal bit-width of the output, yet maintain the original delay-line?s time resolution. No previous approach unifies all these properties in a single device.} }

@inproceedings{FNS-disc17, address = {Vienna, Austria}, month = oct, year = 2017, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Richa, Andr{\'e}a}, acronym = {{DISC}'17}, booktitle = {{P}roceedings of the 31st {I}nternational {S}ymposium on {D}istributed {C}omputing ({DISC}'17)}, author = {Matthias F{\"u}gger and {\relax Th}omas Nowak and Manfred Schwarz}, title = {Brief Announcement: Lower Bounds for Asymptotic Consensus in Dynamic Networks}, pages = {51:1-51:3}, url = {http://drops.dagstuhl.de/opus/volltexte/2017/7992/}, pdf = {http://drops.dagstuhl.de/opus/volltexte/2017/7992/pdf/LIPIcs-DISC-2017-51.pdf}, doi = {10.4230/LIPIcs.DISC.2017.51}, abstract = {In this work we study the performance of asymptotic and approximate consensus algorithms in dynamic networks. The asymptotic consensus problem requires a set of agents to repeatedly set their outputs such that the outputs converge to a common value within the convex hull of initial values. This problem, and the related approximate consensus problem, are fundamental building blocks in distributed systems where exact consensus among agents is not required, e.g., man- made distributed control systems, and have applications in the analysis of natural distributed systems, such as flocking and opinion dynamics. We prove new nontrivial lower bounds on the contraction rates of asymptotic consensus algorithms, from which we deduce lower bounds on the time complexity of approximate consensus algorithms. In particular, the obtained bounds show optimality of asymptotic and approximate consensus algorithms presented in [Charron-Bost et al., ICALP’16] for certain classes of networks that include classical failure assumptions, and confine the search for optimal bounds in the general case. Central to our lower bound proofs is an extended notion of valency, the set of reachable limits of an asymptotic consensus algorithm starting from a given configuration. We further relate topological properties of valencies to the solvability of exact consensus, shedding some light on the relation of these three fundamental problems in dynamic networks.} }

@inproceedings{CCV-er17, address = {Valencia, Spain}, month = nov, volume = 10650, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Mayr, Heinrich C. and Guizzardi, Giancarlo and Ma, Hui and Pastor, Oscar}, booktitle = {{P}roceedings of the 36th {I}nternational {C}onference on {C}onceptual {M}odeling ({ER}'17)}, author = {Chatain, {\relax Th}omas and Carmona, Josep and van Dongen, Boudewijn}, title = {Alignment-Based Trace Clustering}, pages = {295-308}, year = {2017}, doi = {10.1007/978-3-319-69904-2_24}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/CCV-er17.pdf}, url = {https://doi.org/10.1007/978-3-319-69904-2_24}, abstract = {A novel method to cluster event log traces is presented in this paper. In contrast to the approaches in the literature, the clustering approach of this paper assumes an additional input: a process model that describes the current process. The core idea of the algorithm is to use model traces as centroids of the clusters detected, computed from a generalization of the notion of alignment. This way, model explanations of observed behavior are the driving force to compute the clusters, instead of current model agnostic approaches, e.g., which group log traces merely on their vector-space similarity. We believe alignment-based trace clustering provides results more useful for stakeholders. Moreover, in case of log incompleteness, noisy logs or concept drift, they can be more robust for dealing with highly deviating traces. The technique of this paper can be combined with any clustering technique to provide model explanations to the clusters computed. The proposed technique relies on encoding the individual alignment problems into the (pseudo-)Boolean domain, and has been implemented in our tool DarkSider that uses an open-source solver.}, note = {To appear} }

@inproceedings{LDCF-snr17, address = {Uppsala, Sweden}, month = apr, year = 2017, volume = 247, series = {Electronic Proceedings in Theoretical Computer Science}, editor = {Erika {\'{A}}brah{\'{a}}m and Sergiy Bogomolov}, acronym = {{SNR}'17}, booktitle = {{P}roceedings of the 3rd {I}nternational {W}orkshop on {S}ymbolic and {N}umerical {M}ethods for {R}eachability {A}nalysis ({SNR}'17)}, author = {Adrien Le{ }Co{\"e}nt and Florian De{ }Vuyst and Ludovic Chamoin and Laurent Fribourg}, title = {Control Synthesis of Nonlinear Sampled Switched Systems using Euler's Method}, pages = {18-33}, url = {https://arxiv.org/abs/1704.03102v1}, pdf = {https://arxiv.org/pdf/1704.03102v1.pdf}, doi = {10.4204/EPTCS.247.2}, abstract = {In this paper, we propose a symbolic control synthesis method for nonlinear sampled switched systems whose vector fields are one-sided Lipschitz. The main idea is to use an approximate model obtained from the forward Euler method to build a guaranteed control. The benefit of this method is that the error introduced by symbolic modeling is bounded by choosing suitable time and space discretizations. The method is implemented in the interpreted language Octave. Several examples of the literature are performed and the results are compared with results obtained with a previous method based on the Runge-Kutta integration method.} }

@inproceedings{F-formats17, address = {Berlin, Germany}, month = sep, year = 2017, volume = {10419}, futureseries = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Abate, Alessandro and Geeraerts, Gilles}, acronym = {{FORMATS}'17}, booktitle = {{P}roceedings of the 15th {I}nternational {C}onference on {F}ormal {M}odelling and {A}nalysis of {T}imed {S}ystems ({FORMATS}'17)}, author = {Fribourg, Laurent}, title = {Euler's Method Applied to the Control of Switched Systems}, pages = {3-21}, url = {https://doi.org/10.1007/978-3-319-65765-3_1}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/F-formats17.pdf}, doi = {10.1007/978-3-319-65765-3_1}, abstract = {Hybrid systems are a powerful formalism for modeling and reasoning about cyber-physical systems. They mix the continuous and discrete natures of the evolution of computerized systems. Switched systems are a special kind of hybrid systems, with restricted discrete behaviours: those systems only have finitely many different modes of (continuous) evolution, with isolated switches between modes. Such systems provide a good balance between expressiveness and controllability, and are thus in widespread use in large branches of industry such as power electronics and automotive control. The control law for a switched system defines the way of selecting the modes during the run of the system. Controllability is the problem of (automatically) synthesizing a control law in order to satisfy a desired property, such as safety (maintaining the variables within a given zone) or stabilisation (confinement of the variables in a close neighborhood around an objective point). In order to compute the control of a switched system, we need to compute the solutions of the differential equations governing the modes. Euler's method is the most basic technique for approximating such solutions. We present here an estimation of the Euler's method local error, using the notion of ''one-sided Lispchitz constant'' for modes. This yields a general control synthesis approach which can encompass several features such as bounded disturbance and compositionality.} }

@inproceedings{LACFDC-rp17, address = {London, UK}, month = sep, year = 2017, volume = {10506}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Matthew Hague and Igor Potapov}, acronym = {{RP}'17}, booktitle = {{P}roceedings of the 11th {W}orkshop on {R}eachability {P}roblems in {C}omputational {M}odels ({RP}'17)}, author = {Adrien Le{ }Co{\"{e}}nt and Julien {Alexandre dit Sandretto} and Alexandre Chapoutot and Laurent Fribourg and Florian De{ }Vuyst and Ludovic Chamoin}, title = {Distributed Control Synthesis Using Euler's Method}, pages = {118-131}, url = {https://link.springer.com/chapter/10.1007/978-3-319-67089-8_9}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LACFDC-rp17.pdf}, doi = {10.1007/978-3-319-67089-8_9}, abstract = {In a previous work, we explained how Euler's method for computing approximate solutions of systems of ordinary differential equations can be used to synthesize safety controllers for sampled switched systems. We continue here this line of research by showing how Euler's method can also be used for synthesizing safety controllers in a distributed manner. The global system is seen as an interconnection of two (or more) sub-systems where, for each component, the sub-state corresponding to the other component is seen as an ?input?; the method exploits (a variant of) the notions of incremental input-to-state stability (\(\delta\)-ISS) and ISS Lyapunov function. We illustrate this distributed control synthesis method on a building ventilation example.} }

@article{HM-tcs17, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {Haddad, Serge and Monmege, Benjamin}, title = {Interval iteration algorithm for {MDP}s and {IMDP}s}, volume = {735}, year = {2018}, pages = {111-131}, month = jul, doi = {10.1016/j.tcs.2016.12.003}, url = {http://authors.elsevier.com/sd/article/S0304397516307095}, abstract = {Markov Decision Processes (MDP) are a widely used model including both non-deterministic and probabilistic choices. Minimal and maximal probabilities to reach a target set of states, with respect to a policy resolving non-determinism, may be computed by several methods including value iteration. This algorithm, easy to implement and efficient in terms of space complexity, iteratively computes the probabilities of paths of increasing length. However, it raises three issues: (1) defining a stopping criterion ensuring a bound on the approximation, (2) analysing the rate of convergence, and (3) specifying an additional procedure to obtain the exact values once a sufficient number of iterations has been performed. The first two issues are still open and, for the third one, an upper bound on the number of iterations has been proposed. Based on a graph analysis and transformation of MDPs, we address these problems. First we introduce an interval iteration algorithm, for which the stopping criterion is straightforward. Then we exhibit its convergence rate. Finally we significantly improve the upper bound on the number of iterations required to get the exact values. We extend our approach to also deal with Interval Markov Decision Processes (IMDP) that can be seen as symbolic representations of MDPs.} }

@article{FHLM-deds17, publisher = {Springer}, journal = {Discrete Event Dynamic Systems: Theory and Applications}, author = {{\'E}ric Fabre and Lo{\"i}c H{\'e}lou{\"e}t and Engel Lefaucheux and Herv{\'e} Marchand}, title = {Diagnosability of Repairable Faults}, volume = {28}, number = {2}, month = jun, year = {2018}, pages = {183-213}, doi = {10.1007/s10626-017-0255-8}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/FHLM-deds17.pdf}, abstract = {The diagnosis problem for discrete event systems consists in deciding whether some fault event occurred or not in the system, given partial observations on the run of that system. Diagnosability checks whether a correct diagnosis can be issued in bounded time after a fault, for all faulty runs of that system. This problem appeared two decades ago and numerous facets of it have been explored, mostly for permanent faults. It is known for example that diagnosability of a system can be checked in polynomial time, while the construction of a diagnoser is exponential. The present paper examines the case of transient faults, that can appear and be repaired. Diagnosability in this setting means that the occurrence of a fault should always be detected in bounded time, but also before the fault is repaired, in order to prepare for the detection of the next fault or to take corrective measures while they are needed. Checking this notion of diagnosability is proved to be PSPACE-complete. It is also shown that faults can be reliably counted provided the system is diagnosable for faults and for repairs.} }

@inproceedings{BHL-msr17, address = {Marseille, France}, month = nov, year = 2017, futureseries = {Journal Europ{\'e}en des Syst{\`e}mes Automatis{\'e}s}, publisher = {HAL}, editor = {Demongodin, Isabel and Reynier, Pierre-Alain}, acronym = {{MSR}'17}, booktitle = {{A}ctes du 11{\`e}me {C}olloque sur la {M}od{\'e}lisation des {S}yst{\`e}mes {R}{\'e}actifs ({MSR}'17)}, author = {Nathalie Bertrand and Serge Haddad and Engel Lefaucheux}, title = {Diagnostic et contr{\^o}le de la d{\'e}gradation des syst{\`e}mes probabilistes}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-msr17.pdf}, abstract = {Le diagnostic actif est op{\'e}r{\'e} par un contr{\^o}leur en vue de rendre un syst{\`e}me diagnosticable. Afin d'{\'e}viter que le contr{\^o}leur ne d{\'e}grade trop fortement le syst{`e}me, on lui affecte g{\'e}n{\'e}ralement un second objectif en termes de qualit{\'e} de service. Dans le cadre des syst{\`e}mes probabilistes, une sp{\'e}cification possible consiste {\`a} assurer une probabilit{\'e} positive qu'une ex{\'e}cution infinie soit correcte, ce qu'on appelle le diagnostic actif s{\^u}r. Nous introduisons ici deux sp{\'e}cifications alternatives. La gamma-correction du syst{\`e}me affecte {\`a} une ex{\'e}cution une valeur de correction d{\'e}pendant d'un facteur de d{\'e}cote gamma et le contr{\^o}leur doit assurer une valeur moyenne sup{\'e}rieure {\`a} un seuil fix{\'e}. La alpha-d{\'e}gradation requiert qu'asymptotiquement, {\`a} chaque unit{\'e} de temps une proportion sup{\'e}rieure {\`a} alpha des ex{\'e}cutions jusqu'alors correctes le demeure. D'un point de vue s{\'e}mantique, nous explicitons des liens significatifs entre les diff{\'e}rentes notions. Algorithmiquement, nous {\'e}tablissons la fronti{\`e}re entre d{\'e}cidabilit{\'e} et ind{\'e}cidabilit{\'e} des probl{\`e}mes et dans le cas positif nous exhibons la complexit{\'e} pr{\'e}cise ainsi qu'une synth{\`e}se, potentiellement {\`a} m{\'e}moire infinie.} }

@inproceedings{BHL-fsttcs17, address = {Kanpur, India}, month = dec, year = 2017, volume = {93}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Satya Lokam and R. Ramanujam}, acronym = {{FSTTCS}'17}, booktitle = {{P}roceedings of the 37th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'17)}, author = {B{\'e}atrice B{\'e}rard and Serge Haddad and Engel Lefaucheux}, title = {Probabilistic Disclosure: Maximisation vs. Minimisation}, pages = {13:1-13:14}, url = {http://drops.dagstuhl.de/opus/frontdoor.php?source_opus=8384}, pdf = {http://drops.dagstuhl.de/opus/volltexte/2018/8384/pdf/LIPIcs-FSTTCS-2017-13.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2017.13}, abstract = {We consider opacity questions where an observation function provides to an external attacker a view of the states along executions and secret executions are those visiting some state from a fixed subset. Disclosure occurs when the observer can deduce from a finite observation that the execution is secret, the epsilon-disclosure variant corresponding to the execution being secret with probability greater than 1 - epsilon. In a probabilistic and non deterministic setting, where an internal agent can choose between actions, there are two points of view, depending on the status of this agent: the successive choices can either help the attacker trying to disclose the secret, if the system has been corrupted, or they can prevent disclosure as much as possible if these choices are part of the system design. In the former situation, corresponding to a worst case, the disclosure value is the supremum over the strategies of the probability to disclose the secret (maximisation), whereas in the latter case, the disclosure is the infimum (minimisation). We address quantitative problems (comparing the optimal value with a threshold) and qualitative ones (when the threshold is zero or one) related to both forms of disclosure for a fixed or finite horizon. For all problems, we characterise their decidability status and their complexity. We discover a surprising asymmetry: on the one hand optimal strategies may be chosen among deterministic ones in maximisation problems, while it is not the case for minimisation. On the other hand, for the questions addressed here, more minimisation problems than maximisation ones are decidable.} }

@techreport{Haddad-hal17, author = {Haddad, Serge}, title = {Memoryless Determinacy of Finite Parity Games: Another Simple Proof}, institution = {HAL-inria}, number = {hal-01541508}, month = jun, year = {2017}, type = {Research Report}, url = {https://hal.inria.fr/hal-01541508}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/Haddad-hal17.pdf}, note = {7~pages}, abstract = {Memoryless determinacy of (infinite) parity games is an important result with numerous applications. It was first independently established by Emerson and Jutla [1] and Mostowski [2] but their proofs involve elaborate developments. The elegant and simpler proof of Zielonka [3] still requires a nested induction on the finite number of priorities and on ordinals for sets of vertices. There are other proofs for finite games like the one of Bj{\"o}rklund, Sandberg and Vorobyovin [4] that relies on relating infinite and finite duration games. We present here another simple proof that finite parity games are determined with memoryless strategies using induction on the number of relevant states. The closest proof that relies on induction over non absorbing states is the one of Graedel [5]. However instead of focusing on a single appropriate vertex for induction as we do here, he considers two reduced games per vertex, for all the vertices of the game. The idea of reasoning about a single state has been inspired to me by the analysis of finite stochastic priority games by Karelovic and Zielonka [6].} }

@inproceedings{CP-concur17, address = {Berlin, Germany}, month = sep, year = 2017, volume = {85}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Meyer, Roland and Nestmann, Uwe}, acronym = {{CONCUR}'17}, booktitle = {{P}roceedings of the 28th {I}nternational {C}onference on {C}oncurrency {T}heory ({CONCUR}'17)}, author = {Chatain, {\relax Th}omas and Paulev{\'e}, Lo{\"i}c}, title = {Goal-Driven Unfolding of {P}etri Nets}, pages = {18:1-18:16}, url = {http://drops.dagstuhl.de/opus/volltexte/2017/7773}, pdf = {http://drops.dagstuhl.de/opus/volltexte/2017/7773/pdf/LIPIcs-CONCUR-2017-18.pdf}, doi = {10.4230/LIPIcs.CONCUR.2017.18}, abstract = {Unfoldings provide an efficient way to avoid the state-space explosion due to interleavings of concurrent transitions when exploring the runs of a Petri net. The theory of adequate orders allows one to define finite prefixes of unfoldings which contain all the reachable markings. In this paper we are interested in reachability of a single given marking, called the goal. We propose an algorithm for computing a finite prefix of the unfolding of a 1-safe Petri net that preserves all minimal configurations reaching this goal. Our algorithm combines the unfolding technique with on-the-fly model reduction by static analysis aiming at avoiding the exploration of branches which are not needed for reaching the goal. We present some experimental results.} }

@article{BGH-fmsd17, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {Bollig, Benedikt and Grindei, Manuela-Lidia and Habermehl, Peter}, title = {Realizability of Concurrent Recursive Programs}, year = {2018}, abstract = {We study the realizability problem for concurrent recursive programs: Given a distributed system architecture and a sequential specification over words, find a distributed automata implementation that is equivalent to the specification. This problem is well-studied as far as finite-state processes are concerned, and it has a solution in terms of Zielonka's Theorem. We lift Zielonka's Theorem to the case where processes are recursive and modeled as visibly pushdown (or, equivalently, nested-word) automata. However, contrarily to the finite-state case, it is undecidable whether a specification is realizable or not. Therefore, we also consider suitable underapproximation techniques from the literature developed for multi-pushdown systems, and we show that they lead to a realizability framework with effective algorithms. }, note = {To appear} }

@article{BFHH-tocl17, publisher = {ACM Press}, journal = {ACM Transactions on Computational Logic}, author = {Blondin, Michael and Finkel, Alain and Haase, Christoph and Haddad, Serge}, title = {The Logical View on Continuous {P}etri Nets}, volume = {18}, number = {3}, year = {2017}, pages = {24:1--24:28}, url = {http://doi.acm.org/10.1145/3105908}, doi = {10.1145/3105908}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BFHH-tocl17.pdf}, abstract = {Continuous Petri nets are a relaxation of classical discrete Petri nets in which transitions can be fired a fractional number of times, and consequently places may contain a fractional number of tokens. Such continuous Petri nets are an appealing object to study since they over approximate the set of reachable configurations of their discrete counterparts, and their reachability problem is known to be decidable in polynomial time. The starting point of this paper is to show that the reachability relation for continuous Petri nets is definable by a sentence of linear size in the existential theory of the rationals with addition and order. Using this characterization, we obtain decidability and complexity results for a number of classical decision problems for continuous Petri nets. In particular, we settle the open problem about the precise complexity of reachability set inclusion. Finally, we show how continuous Petri nets can be incorporated inside the classical backward coverability algorithm for discrete Petri nets as a pruning heuristic in order to tackle the symbolic state explosion problem. The cornerstone of the approach we present is that our logical characterization enables us to leverage the power of modern SMT-solvers in order to yield a highly performant and robust decision procedure for coverability in Petri nets. We demonstrate the applicability of our approach on a set of standard benchmarks from the literature.} }

@inproceedings{HPV-icsc17, address = {San Diego, CA, USA}, month = jan, volume = 11, series = {IEEE ICSC}, publisher = {{IEEE} Press}, todoeditor = {D?Auria, Daniela and Liu, Jianquan and Pilato, Giovanni}, acronym = {{ICSC}'17}, booktitle = {{P}roceedings of the 11th International Conference on Semantic Computing ({ICSC}'17)}, author = {Haar, Stefan and Perchy, Salim and Valencia, Frank}, title = {{D-SPACES: Implementing Declarative Semantics for Spatially Structured Information}}, pages = {227-233}, year = {2017}, doi = {10.1109/ICSC.2017.34}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/HPV-icsc17.pdf}, url = {https://hal.inria.fr/hal-01328189}, abstract = {We introduce in this paper D-SPACES, an implementation of constraint systems with space and extrusion operators. Constraint systems are algebraic models that allow for a semantic language-like representation of information in systems where the concept of space is a primary structural feature. We give this information mainly an epistemic interpretation and consider various agents as entities acting upon it. D-SPACES is coded as a c++11 library providing implementations for constraint systems, space functions and extrusion functions. The interfaces to access each implementation are minimal and thoroughly documented. D-SPACES also provides property-checking methods as well as an implementation of a specific type of constraint systems (a boolean algebra). This last implementation serves as an entry point for quick access and proof of concept when using these models. Furthermore, we offer an illustrative example in the form of a small social network where users post their beliefs and utter their opinions.} }

@article{GHPRV-jlamp17, publisher = {Elsevier Science Publishers}, journal = {Journal of Logic and Algebraic Methods in Programming}, author = {Guzm{\'a}n, Michell and Haar, Stefan and Perchy, Salim and Rueda, Camilo and Valencia, Frank}, title = {{Belief, Knowledge, Lies and Other Utterances in an Algebra for Space and Extrusion}}, volume = {86}, number = {1}, year = {2017}, pages = {107-133}, doi = {10.1016/j.jlamp.2016.09.001}, month = jan, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/GHPRV-jlamp17.pdf}, url = {https://hal.inria.fr/hal-01257113}, abstract = {The notion of constraint system (cs) is central to declarative formalisms from concurrency theory such as process calculi for concurrent constraint programming (ccp). Constraint systems are often represented as lattices: their elements, called constraints, represent partial information and their order corresponds to entailment. Recently a notion of n-agent spatial cs was introduced to represent information in concurrent constraint programs for spatially distributed multi-agent systems. From a computational point of view a spatial constraint system can be used to specify partial information holding in a given agent's space (local information). From an epistemic point of view a spatial cs can be used to specify information that a given agent considers true (beliefs). Spatial constraint systems, however, do not provide a mechanism for specifying the mobility of information/processes from one space to another. Information mobility is a fundamental aspect of concurrent systems. In this article we develop the theory of spatial constraint systems with operators to specify information and processes moving from a space to another. We shall investigate the properties of this new family of constraint systems and illustrate their applications. From a computational point of view the new operators provide for process/information extrusion, a central concept in formalisms for mobile communication. From an epistemic point of view extrusion corresponds I to a notion we shall call utterance; a piece of information that an agent communicate to others but that may be inconsistent with the agent's beliefs. Utterances can then be used to express instances of epistemic notions such as hoaxes or intentional lies which are common place in social media. Spatial constraint system can express the epistemic notion of belief by means of space functions that specify local information. We shall also show that spatial constraint can also express the epistemic notion of knowledge by means of a derived spatial operator that specifies global information.} }

@inproceedings{VCCT-caise17, address = {Essen, Germany}, month = jun, volume = 10253, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Dubois, Eric and Pohl, Klaus}, acronym = {{CAiSE}'17}, booktitle = {{P}roceedings of the 29th {I}nternational {C}onference on {A}dvanced {I}nformation {S}ystems {E}ngineering ({CAiSE}'17)}, author = {{van Dongen}, Boudewijn and Carmona, Josep and Chatain, {\relax Th}omas and Taymouri, Farbod}, title = {Aligning Modeled and Observed Behavior: A Compromise Between Complexity and Quality}, pages = {94-109}, year = {2017}, doi = {10.1007/978-3-319-59536-8_7}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/VCCT-caise17.pdf}, abstract = {Certifying that a process model is aligned with the real process executions is perhaps the most desired feature a process model may have: aligned process models are crucial for organizations, since strategic decisions can be made easier on models instead of on plain data. In spite of its importance, the current algorithmic support for computing alignments is limited: either techniques that explicitly explore the model behavior (which may be worst-case exponential with respect to the model size), or heuristic approaches that cannot guarantee a solution, are the only alternatives. In this paper we propose a solution that sits right in the middle in the complexity spectrum of alignment techniques; it can always guarantee a solution, whose quality depends on the exploration depth used and local decisions taken at each step. We use linear algebraic techniques in combination with an iterative search which focuses on progressing towards a solution. The experiments show a clear reduction in the time required for reaching a solution, without sacrificing significantly the quality of the alignment obtained.} }

@inproceedings{BBDH-sia17, address = {Montigny-le-Bretonneux, France}, month = mar, editor = {{Di Valentin}, Laurent and Landel, Eric}, acronym = {SIA Simulation Num{\'e}rique}, booktitle = {SIA Simulation Num{\'e}rique}, author = {Barbot, Beno{\^i}t and B{\'e}rard, B{\'e}atrice and Duplouy, Yann and Haddad, Serge}, title = {Statistical Model-Checking for Autonomous Vehicle Safety Validation}, todopages = {}, year = {2017}, todolsvdate-pub = 20170320, tododoi = {}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BBDH-sia17.pdf}, url = {https://hal.archives-ouvertes.fr/hal-01491064}, abstract = {We present an application of statistical model-checking to the verification of an autonomous vehicle controller. Our goal is to check safety properties in various traffic situations. More specifically, we focus on a traffic jam situation.\par The controller is specified by a C++ program. Using sensors, it registers positions and velocities of nearby vehicles and modifies the position and velocity of the controlled vehicle to avoid collisions. We model the environment using a stochastic high level Petri net, where random behaviors of other vehicles can be described. We use HASL, a quantitative variant of linear temporal logic, to express the desired properties. A large family of performance indicators can be specified in HASL and we target in particular the expectation of travelled distance or the collision probability.\par We evaluate the properties of this model using COSMOS1. This simulation tool implements numerous statistical techniques such as sequential hypothesis testing and most confidence range computation methods. Its efficiency allowed us to conduct several experiments with success.} }

@inproceedings{BHSS-pn17, address = {Zaragoza, Spain}, month = jun, volume = {10258}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {van der Aalst, Wifred and Best, Eike}, acronym = {{PETRI~NETS}'17}, booktitle = {{P}roceedings of the 38th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'17)}, author = {B{\'e}rard, B{\'e}atrice and Haar, Stefan and Schmitz, Sylvain and Schwoon, Stefan}, title = {The Complexity of Diagnosability and Opacity Verification for {P}etri Nets}, pages = {200-220}, year = {2017}, doi = {10.1007/978-3-319-57861-3_13}, url = {https://hal.inria.fr/hal-01484476}, abstract = {Diagnosability and opacity are two well-studied problems in discrete-event systems. We revisit these two problems with respect to expressiveness and complexity issues. We first relate different notions of diagnosability and opacity. We consider in particular fairness issues and extend the definition of Germanos et al. [ACM TECS, 2015] of weakly fair diagnosability for safe Petri nets to general Petri nets and to opacity questions. Second, we provide a global picture of complexity results for the verification of diagnosability and opacity. We show that diagnosability is NL-complete for finite state systems, PSPACE-complete for safe Petri nets (even with fairness), and EXPSPACE-complete for general Petri nets without fairness, while non diagnosability is inter-reducible with reachability when fault events are not weakly fair. Opacity is ESPACE-complete for safe Petri nets (even with fairness) and undecidable for general Petri nets already without fairness.} }

@article{ACR-tecs17, publisher = {ACM Press}, journal = {ACM Transactions in Embedded Computing Systems}, author = {Andr{\'e}, {\'E}tienne and Chatain, {\relax Th}omas and Rodr{\'\i}guez, C{\'e}sar}, title = {Preserving Partial-Order Runs in Parametric Time {P}etri Nets}, volume = {16}, number = {2}, year = {2017}, pages = {43:1-43:26}, doi = {10.1145/3012283}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/ACR-tecs17.pdf}, abstract = {Parameter synthesis for timed systems aims at deriving parameter valuations satisfying a given property. In this article, we target concurrent systems. We use partial-order semantics for parametric time Petri nets as a way to both cope with the well-known state-space explosion due to concurrency and significantly enhance the result of an existing synthesis algorithm. Given a reference parameter valuation, our approach synthesizes other valuations preserving the partial-order executions of the reference parameter valuation. We show the applicability of our approach using a tool applied to asynchronous circuits.} }

@inproceedings{CHKP-valuetools17, address = {Venice, Italy}, month = dec, year = 2017, acronym = {{VALUETOOLS}'17}, booktitle = {{P}roceedings of the 11th {I}nternational {C}onference on {P}erformance {E}valuation {M}ethodologies and {T}ools ({VALUETOOLS}'17)}, author = {Chatzikokolakis, Kostas and Haddad, Serge and Kassem, Ali and Palamidessi, Catuscia}, title = {{Trading Optimality for Performance in Location Privacy}}, pages = {221-222}, url = {https://arxiv.org/abs/1710.05524}, pdf = {https://arxiv.org/pdf/1710.05524.pdf}, doi = {10.1145/3150928.3150962}, abstract = {Location-Based Services (LBSs) provide invaluable aid in the everyday activities of many individuals, however they also pose serious threats to the user' privacy. There is, therefore, a growing interest in the development of mechanisms to protect location privacy during the use of LBSs. Nowadays, the most popular methods are probabilistic, and the so-called optimal method achieves an optimal trade-off between privacy and utility by using linear optimization techniques. Unfortunately, due to the complexity of linear programming, the method is unfeasible for a large number n of locations, because the constraints are \(O(n^3)\). In this paper, we propose a technique to reduce the number of constraints to \(O(n^2)\), at the price of renouncing to perfect optimality. We show however that on practical situations the utility loss is quite acceptable, while the gain in performance is significant.} }

@inproceedings{AFMS-vmcai2019, address = {Cascais/Lisbon, Portugal}, month = jan, year = 2019, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Enea, Constantin and Piskac, Ruzica}, acronym = {{VMCAI}'19}, booktitle = {{P}roceedings of the 20th {I}nternational {C}onference on {V}erification, {M}odel {C}hecking and {A}bstract {I}nterpretation ({VMCAI}'19)}, author = {Andr{\'e}, {\'E}tienne and Fribourg, Laurent and Mota, Jean-Marc and Soulat, Romain}, title = {Verification of an industrial asynchronous leader election algorithm using abstractions and parametric model checking}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/AFMS-vmcai19.pdf}, abstract = {The election of a leader in a network is a challenging task, especially when the processes are asynchronous, i.e., execute an algorithm with time-varying periods. Thales developed an industrial election algorithm with an arbitrary number of processes, that can possibly fail. In this work, we prove the correctness of a variant of this industrial algorithm. We use a method combining abstraction, the SafeProver solver, and a parametric timed model-checker. This allows us to prove the correctness of the algorithm for a large number \(p\) of processes (\(p = 5000\)).}, note = {To appear} }

@inproceedings{HKP-vmcai2019, address = {Cascais/Lisbon, Portugal}, month = jan, year = 2019, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Enea, Constantin and Piskac, Ruzica}, acronym = {{VMCAI}'19}, booktitle = {{P}roceedings of the 20th {I}nternational {C}onference on {V}erification, {M}odel {C}hecking and {A}bstract {I}nterpretation ({VMCAI}'19)}, author = {Haar, Stefan and Kolc{\'a}k, Juraj and Paulev{\'e}, Lo{\"i}c}, title = {{Combining Refinement of Parametric Models with Goal-Oriented Reduction of Dynamics}}, url = {https://hal.archives-ouvertes.fr/hal-01940174/}, pdf = {https://hal.archives-ouvertes.fr/hal-01940174/file/manuscript.pdf}, abstract = {Parametric models abstract part of the specification of dynamical models by integral parameters. They are for example used in computational systems biology, notably with parametric regulatory networks, which specify the global architecture (interactions) of the networks, while parameterising the precise rules for drawing the possible temporal evolutions of the states of the components. A key challenge is then to identify the discrete parameters corresponding to concrete models with desired dynamical properties. This paper addresses the restriction of the abstract execution of parametric regulatory (discrete) networks by the means of static analysis of reachability properties (goal states). Initially defined at the level of concrete parameterised models, the goal-oriented reduction of dynamics is lifted to parametric networks, and is proven to preserve all the minimal traces to the specified goal states. It results that one can jointly perform the refinement of parametric networks (restriction of domain of parameters) while reducing the necessary transitions to explore and preserving reachability properties of interest.}, note = {To appear} }

@phdthesis{duplouy-phd2018, author = {Duplouy, Yann}, title = {{Applying Formal Methods to Autonomous Vehicle Control}}, school = {{\'E}cole Normale Sup{\'e}rieure Paris-Saclay, France}, type = {Th{\`e}se de doctorat}, year = 2018, month = nov, url = {http://www.lsv.fr/~duplouy/defence/} }

@techreport{CHKTP-hal18, author = {Chatain, {\relax Th}omas and Haar, Stefan and Kolc{\'a}k, Juraj and Thakkar, Aalok and Paulev{\'e}, Lo{\"i}c}, institution = {HAL}, month = oct, note = {33~pages}, number = {hal-01893106}, type = {Research Report}, title = {{Concurrency in Boolean networks}}, year = {2018}, url = {https://hal.inria.fr/hal-01893106}, pdf = {https://hal.inria.fr/hal-01893106/document}, abstract = {Boolean networks (BNs) are widely used to model the qualitative dynamics of biological systems. Besides the logical rules determining the evolution of each component with respect to the state of its regulators, the scheduling of components updates can have a dramatic impact on the predicted behaviours. In this paper, we explore the use of Contextual Petri Nets (CPNs) to study dynamics of BNs with a concurrency theory perspective. After showing bi-directional translations between CPNs and BNs and analogies between results on synchronism sensitivies, we illustrate that usual updating modes for BNs can miss plausible behaviours, i.e., incorrectly conclude on the absence/impossibility of reaching specific configurations. Taking advantage of CPN semantics enabling more behaviour than the generalized asynchronous updating mode, we propose an encoding of BNs ensuring a correct abstraction of any multivalued refinement, as one may expect to achieve when modelling biological systems with no assumption on its time features.} }

@phdthesis{Lefaucheux-phd2018, author = {Lefaucheux, Engel}, title = {Controlling Information in Probabilistic Systems}, school = {Universit{\'e} Rennes~1, Rennes, France}, type = {Th{\`e}se de doctorat}, year = 2018, month = sep, url = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/lefaucheux-phd18.pdf}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/lefaucheux-phd18.pdf} }

@inproceedings{BHL-fsttcs18, address = {Ahmedabad, India}, month = dec, year = 2018, volume = {122}, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Sumit Ganguly and Paritosh Pandya}, acronym = {{FSTTCS}'18}, booktitle = {{P}roceedings of the 38th {C}onference on {F}oundations of {S}oftware {T}echnology and {T}heoretical {C}omputer {S}cience ({FSTTCS}'18)}, author = {B{\'e}atrice B{\'e}rard and Stefan Haar and Lo{\"i}c H{\'e}lou{\"e}t}, title = {Hyper Partial Order Logic}, pages = {20:1-20:21}, url = {http://drops.dagstuhl.de/opus/frontdoor.php?source_opus=9919}, pdf = {http://drops.dagstuhl.de/opus/volltexte/2018/9919/pdf/LIPIcs-FSTTCS-2018-20.pdf}, doi = {10.4230/LIPIcs.FSTTCS.2018.20}, abstract = {We define HyPOL, a local hyper logic for partial order models, expressing properties of sets of runs. These properties depict shapes of causal dependencies in sets of partially ordered executions, with similarity relations defined as isomorphisms of past observations. Unsurprisingly, since comparison of projections are included, satisfiability of this logic is undecidable. We then address model checking of HyPOL and show that, already for safe Petri nets, the problem is undecidable. Fortunately, sensible restrictions of observations and nets allow us to bring back model checking of HyPOL to a decidable problem, namely model checking of MSO on graphs of bounded treewidth.} }

@techreport{CHP-arxiv18, author = {Chatain, {\relax Th}omas and Haar, Stefan and Paulev{\'e}, Lo{\"i}c}, institution = {Computing Research Repository}, month = aug, note = {15~pages}, number = {1808.10240}, type = {Research Report}, title = {Most Permissive Semantics of Boolean Networks}, year = {2018}, url = {https://arxiv.org/abs/1808.10240}, pdf = {https://arxiv.org/pdf/1808.10240v1.pdf}, abstract = {As shown in [3], the usual update modes of Boolean networks (BNs), including synchronous and (generalized) asynchronous, fail to capture behaviours introduced by multivalued refinements. Thus, update modes do not allow a correct abstract reasoning on dynamics of biological systems, as they may lead to reject valid BN models.\par We introduce a new semantics for interpreting BNs which meets with a correct abstraction of any multivalued refinements, with any update mode. This semantics subsumes all the usual updating modes, while enabling new behaviours achievable by more concrete models. Moreover, it appears that classical dynamical analyses of reachability and attractors have a simpler computational complexity: \begin{itemize} \item reachability can be assessed in a polynomial number of iterations (instead of being PSPACE-complete with update modes); \item attractors are hypercubes, and deciding the existence of attractors with a given upper-bounded dimension is in NP (instead of PSPACE-complete with update modes). \end{itemize} The computation of iterations is in NP in the very general case, and is linear when local functions are monotonic, or with some usual representations of functions of BNs (binary decision diagrams, Petri nets, automata networks, etc.).\par In brief, the most permissive semantics of BNs enables a correct abstract reasoning on dynamics of BNs, with a greater tractability than previously introduced update modes.\par This technical report lists the main definitions and properties of the most permissive semantics of BNs, and draw some remaining open questions.} }

@inproceedings{FN-disc18, address = {New Orleans, USA}, month = oct, series = {Leibniz International Proceedings in Informatics}, publisher = {Leibniz-Zentrum f{\"u}r Informatik}, editor = {Ulrich Schmid}, acronym = {{DISC}'18}, booktitle = {{P}roceedings of the 32nd {I}nternational {S}ymposium on {D}istributed {C}omputing ({DISC}'18)}, author = {F{\"u}gger, Matthias and Nowak, {\relax Th}omas}, title = {Fast Multidimensional Asymptotic and Approximate Consensus}, pages = {27:1-27:15}, year = {2018}, url = {https://arxiv.org/abs/1805.04923} }

@inproceedings{FNS-podc18, address = {Egham, UK}, month = jul, publisher = {ACM Press}, editor = {Keidar, Idit}, acronym = {{PODC}'18}, booktitle = {Proceedings of the {ACM} Symposium on Principles of Distributed Computing ({PODC}'18)}, author = {F{\"u}gger, Matthias and Nowak, {\relax Th}omas and Schwarz, Manfred}, title = {Tight Bounds for Asymptotic and Approximate Consensus}, pages = {325-334}, year = {2018}, doi = {10.1145/3212734.3212762}, url = {https://arxiv.org/abs/1705.02898}, abstract = {In this work we study the performance of asymptotic and approximate consensus algorithms in dynamic networks. The asymptotic consensus problem requires a set of agents to repeatedly set their outputs such that the outputs converge to a common value within the convex hull of initial values. This problem, and the related approximate consensus problem, are fundamental building blocks in distributed systems where exact consensus among agents is not required, e.g., man-made distributed control systems, and have applications in the analysis of natural distributed systems, such as flocking and opinion dynamics. We prove new nontrivial lower bounds on the contraction rates of asymptotic consensus algorithms, from which we deduce lower bounds on the time complexity of approximate consensus algorithms. In particular, the obtained bounds show optimality of asymptotic and approximate consensus algorithms presented in [Charron-Bost et al., ICALP'16] for certain classes of networks that include classical failure assumptions, and confine the search for optimal bounds in the general case. \par Central to our lower bound proofs is an extended notion of valency, the set of reachable limits of an asymptotic consensus algorithm starting from a given configuration. We further relate topological properties of valencies to the solvability of exact consensus, shedding some light on the relation of these three fundamental problems in dynamic networks.} }

@article{BHL-icomp18, publisher = {Elsevier Science Publishers}, journal = {Information and Computation}, author = {Nathalie Bertrand and Serge Haddad and Engel Lefaucheux}, title = {{A Tale of Two Diagnoses in Probabilistic Systems}}, year = {2018}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/BHL-icomp18.pdf}, abstract = {Diagnosis of partially observable stochastic systems prone to faults was introduced in the late nineties. Diagnosability, i.e. the existence of a diagnoser, may be specified in different ways: exact diagnosability requires that almost surely a fault is detected and that no fault is erroneously claimed; approximate diagnosability tolerates a small error probability when claiming a fault; last, accurate approximate diagnosability guarantees that the error probability can be chosen arbitrarily small. In this article, we first refine the specification of diagnosability by identifying three criteria: (1) detecting faulty runs or providing information for all runs (2) considering finite or infinite runs, and (3) requiring or not a uniform detection delay. We then give a complete picture of relations between the different diagnosability specifications for probabilistic systems and establish characterisations for most of them in the finite-state case. Based on these characterisations, we develop decision procedures, study their complexity and prove their optimality. We also design synthesis algorithms to construct diagnosers and we analyse their memory requirements. Finally we establish undecidability of the diagnosability problems for which we provided no characterisation.}, note = {To appear} }

@inproceedings{SGF-hscc18, address = {Porto, Portugal}, month = apr, publisher = {ACM Press}, editor = {Prandini, Maria and Deshmukh, Jyotirmoy V.}, acronym = {{HSCC}'18}, booktitle = {{P}roceedings of the 21st {ACM} {I}nternational {C}onference on {H}ybrid {S}ystems: {C}omputation and {C}ontrol ({HSCC}'18)}, author = {Saoud, Adnane and Girard, Antoine and Fribourg, Laurent}, title = {Contract based Design of Symbolic Controllers for Vehicle Platooning}, pages = {277-278}, year = {2018}, doi = {10.1145/3178126.3187001}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SGF-hscc18.pdf}, abstract = {In this work, we present an application of symbolic control and contract based design techniques to vehicle platooning. We use a compositional approach based on continuous-time assume-guarantee contracts. Each vehicle in the platoon is assigned an assumeguarantee contract; and a controller is synthesized using symbolic control to enforce the satisfaction of this contract. The assumeguarantee framework makes it possible to deal with different types of vehicles and asynchronous controllers (i.e controllers with different sampling periods). Numerical results illustrate the effectiveness of the approach.}, note = {Poster} }

@inproceedings{FMNNS-date18, address = {Dresden, Germany}, month = mar, publisher = {{IEEE} Computer Society Press}, acronym = {{DATE}'18}, booktitle = {{P}roceedings of the {C}onference on {D}esign, {A}utomation and {T}est in {E}urope (DATE'18)}, author = {Matthias F{\"u}gger and J{\"u}rgen Maier and Robert Najvirt and {\relax Th}omas Nowak and Ulrich Schmid}, title = {A Faithful Binary Circuit Model with Adversarial Noise}, pages = {1327-1332}, year = {2018}, doi = {10.23919/DATE.2018.8342219}, pdf = {http://www.lsv.fr/~mfuegger/papers/FMNNS18_date.pdf}, url = {https://doi.org/10.23919/DATE.2018.8342219}, abstract = {Accurate delay models are important for static and dynamic timing analysis of digital circuits, and mandatory for formal verification. However, F{\"u}gger et al. [IEEE TC 2016] proved that pure and inertial delays, which are employed for dynamic timing analysis in state-of-the-art tools like ModelSim, NC-Sim and VCS, do not yield faithful digital circuit models. Involution delays, which are based on delay functions that are mathematical involutions depending on the previous-output-to- input time offset, were introduced by F{\"u}gger et al. [DATE'15] as a faithful alternative (that can easily be used with existing tools). Although involution delays were shown to predict real signal traces reasonably accurately, any model with a deterministic delay function is naturally limited in its modeling power. \par In this paper, we thus extend the involution model, by adding non-deterministic delay variations (random or even adversarial), and prove analytically that faithfulness is not impaired by this generalization. Albeit the amount of non-determinism must be considerably restricted to ensure this property, the result is surprising: the involution model differs from non-faithful models mainly in handling fast glitch trains, where small delay shifts have large effects. This originally suggested that adding even small variations should break the faithfulness of the model, which turned out not to be the case. Moreover, the results of our simulations also confirm that this generalized involution model has larger modeling power and, hence, applicability.} }

@article{FFL-toc18, publisher = {{IEEE} Computer Society Press}, journal = {IEEE Transactions on Computers}, author = {Stephan Friedrichs and Matthias F{\"u}gger and Christoph Lenzen}, title = {Metastability-Containing Circuits}, volume = {67}, number = {8}, pages = {1167-1183}, year = {2018}, month = aug, doi = {10.1109/TC.2018.2808185}, url = {https://ieeexplore.ieee.org/document/8314764/}, abstract = {In digital circuits, metastability can cause deteriorated signals that neither are logical 0 nor logical 1, breaking the abstraction of Boolean logic. Synchronizers, the only traditional countermeasure, exponentially decrease the odds of maintained metastability over time. We propose a fundamentally different approach: It is possible to deterministically contain metastability by fine-grained logical masking so that it cannot infect the entire circuit. At the heart of our approach lies a time- and value-discrete model for metastability in synchronous clocked digital circuits, in which metastability is propagated in a worst-case fashion. The proposed model permits positive results and passes the test of reproducing Marino's impossibility results. We fully classify which functions can be computed by circuits with standard registers. Regarding masking registers, we show that more functions become computable with each clock cycle, and that masking registers permit exponentially smaller circuits for some tasks. Demonstrating the applicability of our approach, we present the first fault-tolerant distributed clock synchronization algorithm that deterministically guarantees correct behavior in the presence of metastability. As a consequence, clock domains can be synchronized without using synchronizers, enabling metastability-free communication between them.} }

@article{CFN-dam17, publisher = {Elsevier Science Publishers}, journal = {Discrete Applied Mathematics}, author = {Bernadette {Charron-Bost} and Matthias F{\"u}gger and {\relax Th}omas Nowak and Manfred Schwarz}, title = {New transience bounds for max-plus linear systems}, volume = {219}, pages = {83-99}, year = {2017}, month = mar, doi = {10.1016/j.dam.2016.11.003}, pdf = {http://www.lsv.fr/~mfuegger/papers/CFN17_dam.pdf}, url = {https://doi.org/10.1016/j.dam.2016.11.003}, abstract = {Linear max-plus systems describe the behavior of a large variety of complex systems. It is known that these systems show a periodic behavior after an initial transient phase. Assessment of the length of this transient phase provides important information on complexity measures of such systems, and so is crucial in system design. We identify relevant parameters in a graph representation of these systems and propose a modular strategy to derive new upper bounds on the length of the transient phase. By that we are the first to give asymptotically tight and potentially subquadratic transience bounds. We use our bounds to derive new complexity results, in particular in distributed computing.} }

@inproceedings{FKLW-async18, address = {Vienna, Austria}, month = may, publisher = {{IEEE} Computer Society}, editor = {Krstic, Milos and Jones, {Ian W.}}, acronym = {{ASYNC}'18}, booktitle = {{P}roceedings of the 24th {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'18)}, author = {Matthias F{\"u}gger and Attila Kinali and Christoph Lenzen and Ben Wiederhake}, title = {Fast All-Digital Clock Frequency Adaptation Circuit for Voltage Droop Tolerance}, pages = {68-77}, year = {2018}, doi = {10.1109/ASYNC.2018.00025}, url = {https://hal.inria.fr/hal-01936403}, abstract = {Naive handling of supply voltage droops in synchronous circuits results in conservative bounds on clock speeds, resulting in poor performance even if droops are rare. Adaptive strategies detect such potentially hazardous events and either initiate a rollback to a previous state or proactively reduce clock speed in order to prevent timing violations. The performance of such solutions critically depends on a very fast response to droops. However, state-of-the-art solutions incur synchronization delay to avoid that the clock signal is affected by metastability. Addressing the challenges discussed by Keith Bowman in his ASYNC 2017 keynote talk, we present an all-digital circuit that can respond to droops within a fraction of a clock cycle. This is achieved by delaying clock signals based on measurement values while they undergo synchronization simultaneously. We verify our solution by formally proving correctness, complemented by VHDL and Spice simulations of a 65 nm ASIC design confirming the theoretically obtained results.} }

@article{KSHP-tcs19, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {Kolc{\'a}k, Juraj and {\v S}afr{\'a}nek, David and Haar, Stefan and Paulev{\'e}, Lo{\"i}c}, title = {{Parameter Space Abstraction and Unfolding Semantics of Discrete Regulatory Networks}}, volume = {765}, year = {2019}, pages = {120-144}, doi = {10.1016/j.tcs.2018.03.009}, pdf = {https://hal.archives-ouvertes.fr/hal-01734805/document}, url = {https://hal.archives-ouvertes.fr/hal-01734805/}, abstract = {The modelling of discrete regulatory networks combines a graph specifying the pairwise influences between the variables of the system, and a parametrisation from which can be derived a discrete transition system. Given the influence graph only, the exploration of admissible parametrisations and the behaviours they enable is computationally demanding due to the combinatorial explosions of both parametrisation and reachable state space. This article introduces an abstraction of the parametrisation space and its refinement to account for the existence of given transitions, and for constraints on the sign and observability of influences. The abstraction uses a convex sub-lattice containing the concrete parametrisation space specified by its infimum and supremum parametrisations. It is shown that the computed abstractions are optimal, i.e., no smaller convex sublattice exists. Although the abstraction may introduce over-approximation, it has been proven to be conservative with respect to reachability of states. Then, an unfolding semantics for Parametric Regulatory Networks is defined, taking advantage of concurrency between transitions to provide a compact representation of reachable transitions. A prototype implementation is provided: it has been applied to several examples of Boolean and multi-valued networks, showing its tractability for networks with numerous components.} }

@inproceedings{JMS-wodes18, address = {Sorrento Coast, Italy}, month = may # {-} # jun, year = 2018, volume = {51(7)}, series = {IFAC-PapersOnLine}, publisher = {Elsevier Science Publishers}, editor = {Chris Hadjicostis and Jan Komenda}, acronym = {{WODES}'18}, booktitle = {{P}roceedings of the 14th {W}orkshop on {D}iscrete {E}vent {S}ystems ({WODES}'18)}, author = {Lo{\"i}g Jezequel and Agnes Madalinski and Stefan Schwoon}, title = {{Distributed computation of vector clocks in Petri nets unfolding for test selection}}, pages = {106-111}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/JMS-wodes18.pdf}, abstract = {It has been shown that annotating Petri net unfoldings with time stamps allows for building distributed testers for distributed systems. However, the construction of the annotated unfolding of a distributed system currently remains a centralized task. In this paper we extend a distributed unfolding technique in order to annotate the resulting unfolding with time stamps. This allows for distributed construction of distributed testers for distributed systems.} }

@article{BHSS-fi18, publisher = {{IOS} Press}, journal = {Fundamenta Informaticae}, author = {B{\'e}atrice B{\'e}rard and Stefan Haar and Sylvain Schmitz and Stefan Schwoon}, title = {{The Complexity of Diagnosability and Opacity Verification for Petri Nets}}, volume = 161, number = 4, year = 2018, pages = {317-349}, doi = {10.3233/FI-2018-1706}, url = {https://hal.inria.fr/hal-01852119}, abstract = {Diagnosability and opacity are two well-studied problems in discrete-event systems. We revisit these two problems with respect to expressiveness and complexity issues. \par We first relate different notions of diagnosability and opacity. We consider in particular fairness issues and extend the definition of Germanos et al. [ACM TECS, 2015] of weakly fair diagnosability for safe Petri nets to general Petri nets and to opacity questions. \par Second, we provide a global picture of complexity results for the verification of diagnosability and opacity. We show that diagnosability is NL-complete for finite state systems, PSPACE-complete for safe convergent Petri nets (even with fairness), and EXPSPACE-complete for general Petri nets without fairness, while non diagnosability is inter-reducible with reachability when fault events are not weakly fair. Opacity is ESPACE-complete for safe Petri nets (even with fairness) and undecidable for general Petri nets already without fairness.} }

@inproceedings{CHP-automata18, address = {Ghent, Belgium}, month = jun, year = 2018, volume = 10875, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Jan Baetens and Martin Kutrib}, acronym = {{AUTOMATA}'18}, booktitle = {{P}roceedings of the 24th Annual International Workshop on Cellular Automata and Discrete Complex Systems ({AUTOMATA}'18)}, author = {Chatain, {\relax Th}omas and Haar, Stefan and Paulev{\'e}, Lo{\"i}c}, title = {{Boolean Networks: Beyond Generalized Asynchronicity}}, pages = {29-42}, url = {https://hal.inria.fr/hal-01768359v2}, doi = {10.1007/978-3-319-92675-9\_3}, abstract = {Boolean networks are commonly used in systems biology to model dynamics of biochemical networks by abstracting away many (and often unknown) parameters related to speed and species activity thresholds. It is then expected that Boolean networks produce an over-approximation of behaviours (reachable configurations), and that subsequent refinements would only prune some impossible transitions. However, we show that even generalized asynchronous updating of Boolean networks, which subsumes the usual updating modes including synchronous and fully asynchronous, does not capture all transitions doable in a multi-valued or timed refinement. We define a structural model transformation which takes a Boolean network as input and outputs a new Boolean network whose asynchronous updating simulates both synchronous and asynchronous updating of the original network, and exhibits even more behaviours than the generalized asynchronous updating. We argue that these new behaviours should not be ignored when analyzing Boolean networks, unless some knowledge about the characteristics of the system explicitly allows one to restrict its behaviour.} }

@inproceedings{LGS-atpn18, address = {Bratislava, Slovakia}, month = jun, year = 2018, volume = {10877}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Victor Khomenko and {Olivier H.} Roux}, acronym = {{PETRI~NETS}'18}, booktitle = {{P}roceedings of the 39th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'18)}, author = {Engel Lefaucheux and Alessandro Giua and Carla Seatzu}, title = {{Basis Coverability Graph for Partially Observable Petri Nets with Application to Diagnosability Analysis}}, pages = {164-183}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LGS-atpn18.pdf}, abstract = {Petri nets have been proposed as a fundamental model for discrete-event systems in a wide variety of applications and have been an asset to reduce the computational complexity involved in solving a series of problems, such as control, state estimation, fault diagnosis, etc. Many of those problems require an analysis of the reachability graph of the Petri net. The basis reachability graph is a condensed version of the reachability graph that was introduced to efficiently solve problems linked to partial observation. It was in particular used for diagnosis which consists in deciding whether some fault events occurred or not in the system, given partial observations on the run of the system. However this method is, with very specific exceptions, limited to bounded Petri nets. In this paper, we introduce the notion of basis coverability graph to remove this requirement. We then establish the relationship between the coverability graph and the basis coverability graph. Finally, we focus on the diagnosability problem: we show how the basis coverability graph can be used to get an efficient algorithm.} }

@inproceedings{BBDH-atpn18, address = {Bratislava, Slovakia}, month = jun, year = 2018, volume = {10877}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Victor Khomenko and {Olivier H.} Roux}, acronym = {{PETRI~NETS}'18}, booktitle = {{P}roceedings of the 39th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'18)}, author = {Barbot, Beno{\^i}t and B{\'e}rard, B{\'e}atrice and Duplouy, Yann and Haddad, Serge}, title = {{Integrating Simulink Models into the Model Checker Cosmos}}, pages = {363-373}, url = {https://hal.archives-ouvertes.fr/hal-01725835/}, pdf = {https://hal.archives-ouvertes.fr/hal-01725835/document}, doi = {10.1007/978-3-319-91268-4_19}, abstract = {We present an implementation for Simulink model executions in the statistical model-checker Cosmos. We take profit of this implementation for an hybrid modeling combining Petri nets and Simulink models.} }

@inproceedings{LFV-adhs18, address = {Oxford, UK}, month = jul, year = 2018, number = 16, volume = 51, series = {IFAC-PapersOnLine}, publisher = {Elsevier Science Publishers}, editor = {Alessandro Abate and Antoine Girard and Maurice Heemels}, acronym = {{ADHS}'18}, booktitle = {{P}roceedings of the 6th {IFAC} {C}onference on {A}nalysis and {D}esign of {H}ybrid {S}ystems ({ADHS}'18)}, author = {Adrien Le{ }Co{\"e}nt and Laurent Fribourg and Jonathan Vacher}, title = {Control Synthesis for Stochastic Switched Systems using the Tamed Euler Method}, pages = {259-264}, url = {https://doi.org/10.1016/j.ifacol.2018.08.044}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LFV-adhs18.pdf}, doi = {10.1016/j.ifacol.2018.08.044}, abstract = {In this paper, we explain how, under the one-sided Lipschitz (OSL) hypothesis, one can find an error bound for a variant of the Euler-Maruyama approximation method for stochastic switched systems. We then explain how this bound can be used to control stochastic switched switched system in order to stabilize them in a given region. The method is illustrated on several examples of the literature.} }

@inproceedings{SGF-ecc18, address = {Limassol, Cyprus}, month = jun, year = 2018, publisher = {{IEEE} Press}, editor = {Thomas Parisini}, acronym = {{ECC}'18}, booktitle = {{P}roceedings of the 16th European Control Conference ({ECC}'18)}, author = {Adnane Saoud and Antoine Girard and Laurent Fribourg}, title = {On the Composition of Discrete and Continuous-time Assume-Guarantee Contracts for Invariance}, pages = {435-440}, url = {https://ieeexplore.ieee.org/document/8550622}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/SGF-ecc18.pdf}, doi = {10.23919/ECC.2018.8550622}, abstract = {Many techniques for verifying invariance prop- erties are limited to systems of moderate size. In this paper, we propose an approach based on assume-guarantee contracts and compositional reasoning for verifying invariance properties of a broad class of discrete-time and continuous-time systems consisting of interconnected components. The notion of assume- guarantee contracts makes it possible to divide responsibil- ities among the system components: a contract specifies an invariance property that a component must fulfill under some assumptions on the behavior of its environment (i.e. of the other components). We define weak and strong semantics of assume- guarantee contracts for both discrete-time and continuous-time systems. We then establish a certain number of results for compositional reasoning, which allow us to show that a global invariance property of the whole system is satisfied when all components satisfy their own contract. Interestingly, we show that the weak satisfaction of the contract is sufficient to deal with cascade compositions, while strong satisfaction is needed to reason about feedback composition. Specific results for systems described by differential inclusions are then developed. Throughout the paper, the main results are illustrated using simple examples.} }

@article{LFMDC-tcs18, publisher = {Elsevier Science Publishers}, journal = {Theoretical Computer Science}, author = {Adrien Le{ }Co{\"e}nt and Laurent Fribourg and Nicolas Markey and Florian De{ }Vuyst and Ludovic Chamoin}, title = {Compositional synthesis of state-dependent switching control}, volume = {750}, year = {2018}, pages = {53-68}, doi = {10.1016/j.tcs.2018.01.021}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LFMDC-tcs18.pdf}, url = {https://doi.org/10.1016/j.tcs.2018.01.021}, abstract = {We present a correct-by-design method of state-dependent control synthesis for sampled switching systems. Given a target region R of the state space, our method builds a capture set S and a control that steers any element of S into R. The method works by iterated backward reachability from R. The method is also used to synthesize a recurrence control that makes any state of R return to R infinitely often. We explain how the synthesis method can be performed in a compositional manner, and apply it to the synthesis of a compositional control of a concrete floor-heating system with 11 rooms and up to 2^11=2048 toswitching modes.} }

@inproceedings{DLM-pnse16, address = {Torun, Poland}, month = jun, year = 2016, volume = 1591, series = {CEUR Workshop Proceedings}, publisher = {CEUR-WS.org}, editor = {Lawrence Cabac and Lars Michael Kristensen and Heiko R{\"o}lke:}, acronym = {{PNSE}'16}, booktitle = {{P}roceedings of the 10th {I}nternational {W}orkshop on {P}etri {N}ets and {S}oftware {E}ngineering ({PNSE}'16)}, author = {Alban Linard and Beno{\^{\i}}t Barbot and Didier Buchs and Maximilien Colange and Cl{\'{e}}ment D{\'{e}}moulins and Lom{-}Messan Hillah and Alexis Martin}, title = {Layered Data: {A} Modular Formal Definition without Formalisms}, pages = {287-306}, url = {http://ceur-ws.org/Vol-1591/}, pdf = {http://ceur-ws.org/Vol-1591/paper19.pdf}, abstract = {Defining formalisms and models in a modular way is a painful task. Metamodeling tools and languages have usually not been created with this goal in mind. This article proposes a data structure, called layered data, that allows defining easily modular abstract syntax for for- malisms and models. It also shows its use through an exhaustive example. As a side effect, this article discusses the notion of formalism, and asserts that they do not exist as standalone objects, but rather as relations between models.} }

@article{LACF-fmsd18, publisher = {Springer}, journal = {Formal Methods in System Design}, author = {Adrien Le{ }Co{\"{e}}nt and Julien {Alexandre dit Sandretto} and Alexandre Chapoutot and Laurent Fribourg}, title = {An improved algorithm for the control synthesis of nonlinear sampled switched systems}, volume = {53}, number = {3}, year = {2018}, pages = {363-383}, doi = {10.1007/s10703-017-0305-8}, pdf = {http://www.lsv.fr/Publis/PAPERS/PDF/LACF-fmsd18.pdf}, url = {https://link.springer.com/article/10.1007/s10703-017-0305-8}, abstract = {A novel algorithm for the control synthesis for nonlinear switched systems is presented in this paper. Based on an existing procedure of state-space bisection and made available for nonlinear systems with the help of guaranteed integration, the algorithm has been improved to be able to consider longer patterns of modes with a better pruning approach. Moreover, the use of guaranteed integration also permits to take bounded perturbations and varying parameters into account. It is particularly interesting for safety critical applications, such as in aeronautical, military or medical fields. The whole approach is entirely guaranteed and the induced controllers are correct-by-design. Some experimentations are performed to show the important gain of the new algorithm.} }

@article{H-ipl18, publisher = {Elsevier Science Publishers}, journal = {Information Processing Letters}, author = {Haddad, Serge}, title = {{Memoryless determinacy of finite parity games: Another simple proof}}, volume = {132}, pages = {19-21}, month = apr, year = {2018}, pdf = {https://hal.inria.fr/hal-01541508/document}, doi = {10.1016/j.ipl.2017.11.012}, abstract = {Memoryless determinacy of (infinite) parity games is an important result with numerous applications. It was first independently established by Emerson and Jutla [1] and Mostowski [2] but their proofs involve elaborate developments. The elegant and simpler proof of Zielonka [3] still requires a nested induction on the finite number of priorities and on ordinals for sets of vertices. There are other proofs for finite games like the one of Björklund, Sandberg and Vorobyovin [4] that relies on relating infinite and finite duration games. We present here another simple proof that finite parity games are determined with memoryless strategies using induction on the number of relevant states. The closest proof that relies on induction over non absorbing states is the one of Grädel [5]. However instead of focusing on a single appropriate vertex for induction as we do here, he considers two reduced games per vertex, for all the vertices of the game. The idea of reasoning about a single state has been inspired to me by the analysis of finite stochastic priority games by Karelovic and Zielonka [6].} }

@inproceedings{CCDJR-lata18, address = {Bar-Ilan, Israel}, month = apr, year = 2018, volume = {10792}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Mart{\'\i}n-Vide, Carlos}, acronym = {{LATA}'18}, booktitle = {{P}roceedings of the 12th {I}nternational {C}onference on {L}anguage and {A}utomata {T}heory and {A}pplications ({LATA}'18)}, author = {Chatain, {\relax Th}omas and Comlan, Maurice and Delfieu, David and Jezequel, Lo{\"i}g and Roux, Olivier H.}, title = {Pomsets and Unfolding of Reset Petri Nets}, pages = {258-270}, url = {https://doi.org/10.1007/978-3-319-77313-1_20}, doi = {10.1007/978-3-319-77313-1_20}, abstract = {Reset Petri nets are a particular class of Petri nets where transition firings can remove all tokens from a place without checking if this place actually holds tokens or not. In this paper we look at partial order semantics of such nets. In particular, we propose a pomset bisimulation for comparing their concurrent behaviours. Building on this pomset bisimulation we then propose a generalization of the standard finite complete prefixes of unfolding to the class of safe reset Petri nets.} }

@inproceedings{MSHPP-cmsb19, address = {Trieste, Italy}, month = sep, volume = {11773}, series = {Lecture Notes in Bioinformatics}, publisher = {Springer-Verlag}, editor = {Luca Bortolussi and Guido Sanguinetti}, acronym = {{CMSB}'19}, booktitle = {{P}roceedings of the 17th {C}onference on {C}omputational {M}ethods in {S}ystem {B}iology ({CMSB}'19)}, author = {Mandon, Hugues and Su, Cui and Haar, Stefan and Pang, Jun and Paulev{\'e}, Lo{\"i}c}, title = {Sequential Reprogramming of Boolean Networks Made Practical}, pages = {3-19}, doi = {10.1007/978-3-030-31304-3_1}, year = 2019, abstract = {We address the sequential reprogramming of gene regulatory networks modelled as Boolean networks. We develop an attractor-based sequential reprogramming method to compute all sequential reprogramming paths from a source attractor to a target attractor, where only attractors of the network are used as intermediates. Our method is more practical than existing reprogramming methods as it incorporates several practical constraints: (1) only biologically observable states, viz. attractors, can act as intermediates; (2) certain attractors, such as apoptosis, can be avoided as intermediates; (3) certain nodes can be avoided to perturb as they may be essential for cell survival or difficult to perturb with biomolecular techniques; and (4) given a threshold \(k\), all sequential reprogramming paths with no more than \(k\) perturbations are computed. We compare our method with the minimal one-step reprogramming and the minimal sequential reprogramming on a variety of biological networks. The results show that our method can greatly reduce the number of perturbations compared to the one-step reprogramming, while having comparable results with the minimal sequential reprogramming. Moreover, our implementation is scalable for networks of more than 60 nodes.} }

@techreport{DH-hal19, author = {Donatelli, Susanna and Haddad, Serge}, institution = {HAL}, month = oct, note = {23~pages}, number = {hal-02306021}, type = {Research Report}, title = {{Autonomous Transitions Enhance CSLTA Expressiveness and Conciseness}}, year = {2019}, url = {https://hal.inria.fr/hal-02306021}, pdf = {https://hal.inria.fr/hal-02306021/document}, abstract = {CSLTA is a stochastic temporal logic for continuous-time Markov chains (CTMC) where formulas similarly to those of CTL* are inductively defined by nesting of timed path formulas and state formulas. In particular a timed path formula of CSLTA is specified by a single-clock Deterministic Timed Automaton (DTA). Such a DTA features two kinds of transitions: synchronizing transitions triggered by CTMC transitions and autonomous transitions triggered by time elapsing that change the location of the DTA when the clock reaches a given threshold. It has already been shown that CSLTA strictly includes stochastic logics like CSL and asCSL. An interesting variant of CSLTA consists in equipping transitions rather than locations by boolean formulas. Here we answer the following question: do autonomous transitions and/or boolean guards on transitions enhance expressiveness and/or conciseness of DTAs? We show that this is indeed the case. In establishing our main results we also identify an accurate syntactical characterization of DTAs for which the autonomous transitions do not add expressive power but lead to exponentially more concise DTAs.} }

@article{CHKPT-nc19, publisher = {Springer}, journal = {Natural Computing}, author = {Chatain, {\relax Th}omas and Haar, Stefan and Kolc{\'a}k, Juraj and Paulev{\'e}, Lo{\"i}c and Thakkar, Aalok}, title = {Concurrency in {Boolean} networks}, year = 2019, note = {To appear}, pdf = {https://hal.inria.fr/hal-01893106v2/document}, url = {https://link.springer.com/article/10.1007/s11047-019-09748-4}, abstract = {Boolean networks (BNs) are widely used to model the qualitative dynamics of biological systems. Besides the logical rules determining the evolution of each component with respect to the state of its regulators, the scheduling of component updates can have a dramatic impact on the predicted behaviours. In this paper, we explore the use of Read (contextual) Petri Nets (RPNs) to study dynamics of BNs from a concurrency theory perspective. After showing bi-directional translations between RPNs and BNs and analogies between results on synchronism sensitivity, we illustrate that usual updating modes for BNs can miss plausible behaviours, i.e., incorrectly conclude on the absence/impossibility of reaching specific configurations. We propose an encoding of BNs capitalizing on the RPN semantics enabling more behaviour than the generalized asynchronous updating mode. The proposed encoding ensures a correct abstraction of any multivalued refinement, as one may expect to achieve when modelling biological systems with no assumption on its time features.} }

@inproceedings{BCC-atpn19, address = {Aachen, Germany}, month = jun, year = 2019, volume = {11522}, series = {Lecture Notes in Computer Science}, publisher = {Springer}, editor = {Susanna Donatelli and Stefan Haar}, acronym = {{PETRI~NETS}'19}, booktitle = {{P}roceedings of the 40th {I}nternational {C}onference on {A}pplications and {T}heory of {P}etri {N}ets ({PETRI~NETS}'19)}, author = {Mathilde Boltenhagen and Thomas Chatain and Josep Carmona}, title = {Generalized Alignment-Based Trace Clustering of Process Behavior}, pages = {237-257}, url = {https://link.springer.com/chapter/10.1007/978-3-030-21571-2_14}, pdf = {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCC-atpn19.pdf}, doi = {10.1007/978-3-030-21571-2_14}, abstract = {Process mining techniques use event logs containing real process executions in order to mine, align and extend process models. The partition of an event log into trace variants facilitates the understanding and analysis of traces, so it is a common pre-processing in process mining environments. Trace clustering automates this partition; traditionally it has been applied without taking into consideration the availability of a process model. In this paper we extend our previous work on process model based trace clustering, by allowing cluster centroids to have a complex structure, that can range from a partial order, down to a subnet of the initial process model. This way, the new clustering framework presented in this paper is able to cluster together traces that are distant only due to concurrency or loop constructs in process models. We show the complexity analysis of the different instantiations of the trace clustering framework, and have implemented it in a prototype tool that has been tested on different datasets.} }

@article{MSPPHP-ipl19, publisher = {ACM Press}, journal = {IEEE/ACM Transaction on Computational Biology and Bioinformatics}, author = {Mandon, Hugues and Su, Cui and Pang, Jun and Paul, Soumya and Haar, Stefan and Paulev{\'e}, Lo{\"i}c}, title = {Algorithms for the Sequential Reprogramming of Boolean Networks}, year = 2019, note = {To appear}, pdf = {https://hal.archives-ouvertes.fr/hal-02113864/file/main.pdf}, url = {https://hal.archives-ouvertes.fr/hal-02113864} }

@inproceedings{MFNS-async19, address = {Hirosaki, Japan}, month = may, publisher = {{IEEE} Computer Society}, editor = {Marly Roncken and Andrey Mokhov}, acronym = {{ASYNC}'19}, booktitle = {{P}roceedings of the 25th {IEEE} {I}nternational {S}ymposium on {A}synchronous {C}ircuits and {S}ystems ({ASYNC}'19)}, author = {J{\"u}rgen Maier and Matthias F{\"u}gger and Thomas Nowak and Ulrich Schmid}, title = {Transistor-Level Analysis of Dynamic Delay Models}, pages = {76-85}, year = {2019}, doi = {10.1109/ASYNC.2019.00019}, abstract = {Delay estimation is a crucial task in digital circuit design as it provides the possibility to assure the desired functionality, but also prevents undesired behavior very early. For this purpose elaborate delay models like the Degradation Delay Model (DDM) and the Involution Delay Model (IDM) have been proposed in the past, which facilitate accurate dynamic timing analysis: Both use delay functions that determine the delay of the current input transition based on the time difference T to the previous output one. Currently, however, extensive analog simulations are necessary to determine the (parameters of the) delay function, which is a very time-consuming and cumbersome task and thus limits the applicability of these models. In this paper, we therefore thoroughly investigate the characterization procedures of a CMOS inverter on the transistor level in order to derive analytical expressions for the delay functions. Based on reasonably simple transistor models we identify three operation regions, each described by a different estimation function. Using simulations with two independent technologies, we show that our predictions are not only accurate but also reasonably robust w.r.t. variations. Our results furthermore indicate that the exponential fitting proposed for DDM is actually only partially valid, while our analytic approach can be applied on the whole range. Even the more complex IDM is predicted reasonably accurate.} }

*This file was generated by
bibtex2html 1.98.*