## Section: New Results

### Fundamental results and algorithms: communication with messages and senarios

Participants : Loïc Hélouët, Rouwaida Abdallah, Claude Jard, Blaise Genest.

In this paragraph, we collect our fundamental results regarding the models and algorithms we use for communicating systems, and in particular, scenarios.

A major challenge with models communicating with messages (e.g.: scenarios) is to *exhibit good classes of models*
allowing users to *specify easily complex distributed systems* while *preserving the decidability* of some key problems, such as diagnosis, equality and intersection.
Furthermore, when these problems are decidable for the designed
models, the second challenge is to design algorithms to keep the *complexity low enough* to allow *implementation in real cases*.

This year, we have considered analysis for a timed extension of scenarios called Time-constrained MSCs and implementation techniques that take scenarios as an input model and output an equivalent distributed implementation.

The first part of our work is the study of Time-Constrained MSC graphs (TC-MSGS for short). Time-constrained MSCs (TC-MSCs) are simply MSCs decorated with constraints on the respective occurrence dates of events. The semantics of a TC-MSC $T$ is a dated MSC, that is a MSC where events are associated with an occurrence date. For a given TC-MSC, there can be an infinite set $L\left(T\right)$ of dated MSCs satisfying its constraints. Note however that some time-constraints in a TC-MSC may not be satisfiable, and hence $L\left(T\right)$ can simply be empty. TC-MSCs can be extended by composition mechanisms such as TC-MSC graphs. TC-MSC graphs are simply automata labeled by TC-MSC. Each path $\rho $ of a TC-MSC $G$ is associated with a TC-MSC ${T}_{\rho}$ obtained by concatenation of TC-MSC along $\rho $. The language $L\left(G\right)={\bigcup}_{\rho \phantom{\rule{3.33333pt}{0ex}}\mathrm{path}\phantom{\rule{3.33333pt}{0ex}}\mathrm{of}\phantom{\rule{3.33333pt}{0ex}}G}L\left({T}_{\rho}\right)$ of a TC-MSC Graph is then the union of all dated MSCs associated to paths of $G$. Because of inconsistent timing constraints, some path may have no possible realization (i.e $L({T}_{\rho}=\varnothing )$). One can even design a MSC Graph G such that $L\left(G\right)=\varnothing $ - such TC-MSC graph is clearly inconsistent-. It has been shown [64] that checking whether $L\left(G\right)=\varnothing )$ is an undecidable problem in general, but can be decided for the restricted subclass of regular TC-MSC graphs (that have the expressive power of event-count timed automata). We have proposed two restrictions allowing for the decision of emptiness. The first one is $K$-drift boundedness, which imposes for a fixed integer $K$ that for every ${T}_{\rho}$ there exists one dated realization such that for every pair of events $e,f$ appearing in the same transition of $G$, the dates of $e$ and $f$ differ by at most $K$. We have shown that $K$-drift boundedness is decidable in a symbolic and efficient way, and that for $K-$drift bounded TC-MSC graphs, emptiness is decidable [52] . This extends decidability results beyond regular specifications. The second restriction is $K$-non-zenoness, which imposes that for a fixed $K$, for every path $\rho $ of $G$, there exists one realization such that at every date $d$, at most $K$ events occur between date $d$ and $d+1$. When a TC-MSC graph is $A$-drift-bounded and $B$-non-zeno, then $L\left(G\right)$ has a regular set of representants, which opens the way for more involved model-checking applications [51] .

The second part of our work is the study of realistic implementation of scenarios. The main idea is to propose distributed implementation (communicating state machines) of High-level MSCs that do not contain deadlocks, and behave exactly as the original specification. It is well known that a simple projection of a HMSC on each of its process to obtain communicating finite state machines results in an implementation with more behaviors than the original specification. An implementation of a HMSC $H$ is considered as consistent if and only if is exhibits the same prefix closed set of behaviors as $H$. We have studied how such projection with additional local controlers allows the distributed synthesized behavior to remain consistent with the original specification. This work has been implemented in our scenario prototype (see the Software section). As usually for scenarios, the synthesis algorithm works for a particular syntactic class of scenarios, namely the class of local HMSCs. Roughly speaking, in local HMSC, a decision to behave according to a scenario or another is always taken by a single participant. The deciding process need not be the same at each choice. This class is a sensible restriction of HMSCs, as distributed choices can not be implemented without additional synchronization among processes [53] .

Last, we have extended existing results on diagnosis from scenarios [15] . We have shown that when a distributed implementation is instrumented with software probes that publish their observations while the system is running, and when the system is modeled as a High-level MSC, then diagnosis can be expressed as a new HMSC the executions of which are all explanations of the observation. The construction of diagnosis can be performed offline or online, and we have considered the conditions under which online diagnosis can run with finite memory.