Comparison of Different Semantics for Time Petri Nets

International audienceIn this paper we study the model of Time Petri Nets (TPNs) where a time interval is associated with the firing of a transition, but we extend it by considering general intervals rather than closed ones. A key feature of timed models is the memory policy, i.e. which timing informations are kept when a transition is fired. The original model selects an \emphintermediate semantics where the transitions disabled after consuming the tokens, as well as the firing transition, are reinitialised. However this semantics is not appropriate for some applications. So we consider here two alternative semantics: the \emphatomic and the \emphpersistent atomic ones. First we present relevant patterns of discrete event systems which show the interest of these semantics. Then we compare the expressiveness of the three semantics w.r.t. the weak time bisimilarity establishing inclusion results in the general case. Furthermore we show that some inclusions are strict with unrestricted intervals even when nets are bounded. Then we focus on bounded TPNs with upper-closed intervals and we prove that the semantics are equivalent. Finally taking into account both the practical and the theoretical issues, we conclude that persistent atomic semantics should be preferred

Formal verification of Mobile Robot Protocols

Mobile robot networks emerged in the past few years as a promising distributed computing model. Existing work in the literature typically ensures the correctness of mobile robot protocols via \emph{ad hoc} handwritten proofs, which, in the case of asynchronous execution models, are both cumbersome and error-prone. In this paper, we propose the first formal model and general verification (by model-checking) methodology for mobile robot protocols operating in a discrete space (that is, the set of possible robot positions is finite). Our contribution is threefold. First, we formally model using synchronized automata a network of mobile robots operating under various synchrony (or asynchrony) assumptions. Then, we use this formal model as input model for the DiVinE model-checker and prove the equivalence of the two models. Third, we verify using DiVinE two known protocols for variants of the ring exploration in an asynchronous setting (exploration with stop and perpetual exclusive exploration). The exploration with stop we verify was manually proved correct only when the number of robots is $k>17$, and $n$ (the ring size) and $k$ are co-prime. As the necessity of this bound was not proved in the original paper, our methodology demonstrates that for several instances of $k$ and $n$ \emph{not covered} in the original paper, the algorithm remains correct. In the case of the perpetual exclusive exploration protocol, our methodology exhibits a counter-example in the completely asynchronous setting where safety is violated, which is used to correct the original protocol

Méthodes qualitatives et quantitatives pour la détection d'information cachée

Les systèmes informatiques sont devenus omniprésents et sont utilisés au quotidien pour gérer toujours plus d'information. Ces informations sont de plus en plus souvent confidentielles: informations stratégiques militaires ou financières, données personnelles. La fuite de ces informations peut ainsi avoir des conséquences graves telles que des pertes humaines, financières, des violations de la vie privée ou de l'usurpation d'identité. Les contributions de cette thèse se découpent en trois parties. Tout d'abord, nous étudions le problème de synthèse d'un canal de communication dans un système décrit par un transducteur. Malgré les limites imposées par ce modèle, nous montrons que le problème de synthèse est indécidable en général. Cependant, lorsque le système est fonctionnel, c'est-à-dire que son fonctionnement externe est toujours le même, le problème devient décidable. Nous généralisons ensuite le concept d'opacité aux systèmes probabilistes, en donnant des mesures groupées en deux familles. Lorsque le système est opaque, nous évaluons la robustesse de cette opacité vis-à-vis des informations données par les lois de probabilités du système. Lorsque le système n'est pas opaque, nous évaluons la taille de la faille de sécurité induite par cette non opacité. Enfin, nous étudions le modèle des automates temporisés à interruptions (ITA) où les informations sur l'écoulement du temps sont organisées en niveaux comparables à des niveaux d'accréditation. Nous étudions les propriétés de régularité et de clôture des langages temporisés générés par ces automates et proposons des algorithmes de model-checking pour des fragments de logiques temporelles temporisées.PARIS-BIUSJ-Mathématiques rech (751052111) / SudocSudocFranceF

Vérification des propriétés temporisées des automates programmables industriels

De nombreux sytèmes critiques comportent des aspects temporisés, où interviennent de manière cruciale des contraintes quantitatives sur les délais séparant certaines actions. Un automate programmable industriel (API) constitue un composant fondamental d'un système souvent critique destiné à réagir et à communiquer en temps réel avec son environnement. Ma thèse se situe dans le contexte de la vérification de propriétés temporisées des APIS. Plus précisement, on propose une sémantique formelle à base d'automates temporisés pour la modélisation d'une sous classe de programmes Ladder comportant des blocs TON. On fournie une logique temporisée dont la sémantique permet de considérer seulement les événements "signifcatifs" (c'est à dire les événements qui durent suffisamment longtemps). On propose deux sémantiques différentes pour cette logique: sémantique "locale" et sémantique "globale". Pour la sémantique "locale", on a obtenu plusieurs résultats d'expressivité et grâce à une nouvelle relation d'équivalence, on montre que son model checking reste décidable sans modifier la complexité théorique. En revanche, pour la sémantique "globale", le model checking devient indécidable.Vérification of PLC (Programmable Logic Controller) programs is important when these programs are to control critical applications for reactive systems. This context has already been study for untimed programs. In this thesis, We are interested to timed properties and programs. More precisely, we give a formal semantics to (partial) Ladder diagrams and TON blocks, with timed automata. We also propose a timed logic in order to abstract transient events, where transient properties is parameterized by an integer k. We compare thé expressive power of its modalities and we prove that thé model checking for this new logic is decidable. We propose also to interpret thé modalities of this logic with a global semantics which is more natural for specifying reactive system, and we show that model checking becomes undecidable.CACHAN-ENS (940162301) / SudocSudocFranceF

Hierarchy is Good For Discrete Time: a Compositional Approach to Discrete Time Verification

International audienceModel checking is now widely used as an automatic and exhaustive way to verify complex systems. However, this approach suffers from an intrinsic combinatorial explosion, due to both a high number of synchronized components and a high level of expressivity in these components. With respect to the expressivity issue, we consider the particular problem of introducing explicit time constraints in the components of a system. In this modeling step, the choice of a time domain is important, impacting on the size of the resulting model, the class of properties which can be verified and the performances of the verification. In this presentation, we show that hierarchical encoding of elementary com- ponents encapsulating labeled transition systems (LTS), synchronized by means of public transitions, is an efficient way to encode discrete time

The Expressive Power of Time Petri Nets

International audienc

The Expressive Power of Time Petri Nets

International audienc

Channel Synthesis for Finite Transducers

International audienceno abstrac

Verification of a timed multitask system with UPPAAL

Since it is an important issue for users and system designers, verification of PLC programs has already been studied in various contexts, mostly for untimed programs. More recently, timed features were introduced and modeled with timed automata. In this case study, we consider a part of the so-called MSS (Mecatronic Standard System) platform from Bosh Group, a framework where time aspects are combined with multitask programming. Our model for station 2 of the MSS platform is a network of timed automata, including automata for the operative part and for the control program, written in Ladder Diagram. This model is constrained with atomicity hypotheses concerning program execution and model checking of a reaction time property is performed with the tool UPPAAL