Previous | 
Home
Section: New Results
Analysis and Verification of Quantitative Systems
Verification of Concurrent Timed Systems
Participants : Éric Fabre, Loïc Hélouët, Karim Kecir
Combining Free Choice and Time in Petri Nets
Time Petri nets (TPNs) are a classical extension of Petri nets with timing constraints attached to transitions, for which most verification problems are undecidable. In [3], We consider TPNs under a strong semantics with multiple enablings of transitions. We focus on a structural subclass of unbounded TPNs, where the underlying untimed net is free choice, and show that it enjoys nice properties in the timed setting under a multi-enabling semantics. In particular, we show that the questions of firability (whether a chosen transition can fire), and termination (whether the net has a non-terminating run) are decidable for this class. Next, we consider the problem of robustness under guard enlargement and guard shrinking, i.e., whether a given property is preserved even if the system is implemented on an architecture with imprecise time measurement. For unbounded free choice TPNs with a multi-enabling semantics, we show decidability of robustness of firability and of termination under both guard enlargement and shrinking.
Production Systems with Concurrent Tasks
The work in [7] considers the realizability of expected schedules by production systems
with concurrent tasks, bounded resources that have to be shared among tasks,
and random behaviors and durations. Schedules are high level views of desired
executions of systems represented as partial orders decorated with timing constraints. Production systems (production cells, train networks... ) are modeled
as stochastic time Petri nets STPNs with an elementary (1-bounded) semantics.
We first propose a notion of time processes to give a partial order semantics
to STPNs. We then consider boolean realizability: a schedule S is realizable by
a net N if S embeds in a time process of N that satisfies all its constraints.
However, with continuous time domains, the probability of a time process with
exact dates is null. We hence consider probabilistic realizability up to
Testing of Timed Systems
Participants : Léo Henry, Thierry Jéron, Nicolas Markey
Partial observability and controllability are two well-known issues in test-case synthesis for interactive systems. In [25], we address the problem of partial control in the synthesis of test cases from timed-automata specifications. Building on the tioco timed testing framework, we extend a previous game interpretation of the test-synthesis problem from the untimed to the timed setting. This extension requires a deep reworking of the models, game interpretation and test-synthesis algorithms. We exhibit strategies of a game that tries to minimize both control losses and distance to the satisfaction of a test purpose, and prove they are winning under some fairness assumptions. This entails that when turning those strategies into test cases, we get properties such as soundness and exhaustiveness of the test synthesis method.
Analysis of Stochastic Systems
Participants : Nathalie Bertrand
A decade ago, Abdulla, Ben Henda and Mayr introduced the elegant concept of
decisiveness for denumerable Markov chains. Roughly speaking, decisiveness
allows one to lift most good properties from finite Markov chains to denumerable
ones, and therefore to adapt existing verification algorithms to infinite-state
models. Decisive Markov chains however do not encompass stochastic real-time
systems, and general stochastic transition systems (STSs for short) are needed.
In [4], we provide a framework to perform both the
qualitative and the quantitative analysis of STSs. First, we define various
notions of decisiveness, notions of fairness and of attractors for STSs, and
make explicit the relationships between them. Then, we define a notion of
abstraction, together with natural concepts of soundness and completeness, and
we give general transfer properties, which will be central to several
verification algorithms on STSs. We further design a generic construction which
will be useful for the analysis of
Opacity for Quantitative Systems
Participants : Loïc Hélouët, Hervé Marchand
Quantitative Opacity
The work in [26] considers quantitative approaches for opacity. A system satisfies opacity if its secret behaviors cannot be detected by any user of the system. Opacity of distributed systems was originally set as a boolean predicate before being quantified as measures in a probabilistic setting. This paper considers a different quantitative approach that measures the efforts that a malicious user has to make to detect a secret. This effort is measured as a distance w.r.t a regular profile specifying a normal behavior. This leads to several notions of quantitative opacity. When attackers are passive that is, when they just observe the system, quantitative opacity is brought back to a language inclusion problem, and is PSPACE-complete. When attackers are active, that is, interact with the system in order to detect secret behaviors within a finite depth observation, quantitative opacity turns out to be a two-player finite-state quantitative game of partial observation. A winning strategy for an attacker is a sequence of interactions with the system leading to a secret detection without exceeding some profile deviation measure threshold. In this active setting, the complexity of opacity is EXPTIME-complete.
Opacity with Powerful Attackers
In [27], we consider state-based opacity in a setting where attackers of a secret have additional observation capabilities allowing them to know which inputs are allowed by a system. This capability allows attackers of a system to partially disambiguate the possible set of states the system might be in, and increases the power of an attacker. We show that regular opacity (opacity of a property described by a regular language) is decidable in this setting. We then address the question of controlling a system so that it becomes opaque, and solve this question by recasting the problem in a game setting.
Diagnosis of Quantitative Systems
Participants : Blaise Genest, Éric Fabre, Hugo Bazille, Nicolas Markey
Diagnosis for Timed Automata
In [20], we consider the problems of efficiently diagnosing and predicting what did (or will) happen in a partially-observable one-clock timed automaton. We introduce timed sets as a formalism to keep track of the evolution of the reachable configurations over time, and build a candidate diagnoser for our timed automaton. We report on our implementation of this approach compared to the algorithm of Tripakis, Fault diagnosis for timed automata, 2002.
Quantitative Diagnosis for Stochastic Systems
For stochastic systems, several diagnosability properties have been defined. The simplest one, also called A-diagnosability, characterizes the fact that after each fault, detection will almost surely occur. We have considered quantitative versions of the problem in [17]. We are interested in quantifying how fast the diagnosability can be performed. For that, we give an algorithm to compute in polynomial time any moment of the distribution of the detection delay. This allows one to approximate the distribution of detection delay, and to provide lower bounds on the probability that detection takes place at most T events after the fault.
One problem with A-diagnosability is that in the worst case, a subset construction needs to be performed, leading to an exponential blow-up in the number of states. To mitigate this, we proposed in [16] different techniques that avoid this blow-up in a large number of cases.