Dynamic exploration of multi-agent systems with timed periodic tasks

We formalise and study multi-agent timed models MAPTs (Multi-Agent with timed Periodic Tasks), where each agent is associated to a regular timed schema upon which all possibles actions of the agent rely. MAPTs allow for an accelerated semantics and a layered structure of the state space, so that it is possible to explore the latter dynamically and use heuristics to greatly reduce the computation time needed to address reachability problems. We apply MAPTs to explore state spaces of autonomous vehicles and compare it with other approaches in terms of expressivity, abstraction level and computation time

Indefinite waitings in MIRELA systems

MIRELA is a high-level language and a rapid prototyping framework dedicated to systems where virtual and digital objects coexist in the same environment and interact in real time. Its semantics is given in the form of networks of timed automata, which can be checked using symbolic methods. This paper shows how to detect various kinds of indefinite waitings in the components of such systems. The method is experimented using the PRISM model checker.Comment: In Proceedings ESSS 2015, arXiv:1506.0325

Deadlock and temporal properties analysis in mixed reality applications

International audienceMixed reality systems overlay real data with virtual information in order to assist users in their current task, they are used in many fields (surgery, maintenance, entertainment). Such systems generally combine several hardware components operating at different time scales, and software that has to cope with these timing constraints. MIRELA, for Mixed Reality Language, is a framework aimed at modelling, analysing and implementing systems composed of sensors, processing units, shared memories and rendering loops, communicating in a well-defined manner and submitted to timing constraints. The paper describes how harmful software behaviour, which may result in possible hardware deterioration or revert the system's primary goal from user assistance to user impediment, may be detected such as (global and local) deadlocks or starvation features. This also includes a study of temporal properties resulting in a finer understanding of the software timing behaviour, in order to fix it if needed

Modelling and Analysing Mixed Reality Applications

International audienceMixed reality systems overlay real data with virtual information in order to assist users in their current task. They generally combine several hardware components operating at different time scales, and software that has to cope with these timing constraints. MIRELA, for MIxed REality LAnguage, is a framework aimed at modelling, analysing and implementing systems composed of sensors, processing units, shared memories and rendering loops, communicating in a well-defined manner and submitted to timing constraints. The framework is composed of (i) a language allowing a high level, and partially abstract, specification of a concurrent real–time system, (ii) the corresponding semantics, which defines the translation of the system to concrete networks of timed automata, (iii) a methodology for analysing various real-time properties, and (iv) an implementation strategy. We present here a summary of several of our papers about this framework, as well as some recent extensions concerning probability and non–deterministic choices

Conception, modélisation et vérification formelle d’un système temps-réel d’agents coopératifs : application aux véhicules autonomes communicants

This thesis is motivated by the questionof the validation of properties in a system composedof several mobile agents individually makingdecisions in real time. Each agent has a perceptionof their own environment and can communicate withother agents nearby. The application that has beenchosen as a case study is that of autonomous vehicles,which because of the large number of variables involvedin the representation of such systems, makesnaive approaches impossible. The issues addressedconcern, on the one hand, the modeling of such asystem, in particular the choice of the formalism andthe level of abstraction of the model, and on the otherhand, the implementation of an evaluation protocol ofdecision making of vehicles. This last point includesthe question of the efficiency of the exploration of thestate space of the model. The thesis presents a set ofworks, which can be complementary, aiming to treatthese problems. First, the system, consisting of autonomousvehicles and their environment, is preciselydefined. It allows in particular to observe the impactof communications between vehicles on their behavior.The VerifCar software framework dedicated todecision-making analysis of communicating autonomousvehicles is then presented. It includes a parametricmodel of timed automata with the ability tocheck temporal logic properties. An analysis methodologyusing these properties is presented. A complementaryapproach is also proposed, which in somecases allows for greater efficiency and greater expressiveness.It is based on the formalism of MAPTs(Multi-Agent with timed Periodic Tasks), which wasdesigned for modeling real-time systems of cooperativeagents. Algorithms allowing a dynamic explorationof the states of this type of model (that is tosay without the state space having to be built beforehand)are presented. Finally, a combined methodcombining simulation and model verification tools tocontrol the level of realism is described and appliedto the case study.Cette thèse est motivée par la questionde la validation de propriétés dans un systèmecomposé de plusieurs agents mobiles prenants individuellementdes décisions en temps réel. Chaqueagent a une perception de l’environnement qui lui estpropre et peut communiquer avec les autres agentsà proximité. L’application qui a été choisie commecas d’étude est celle des véhicules autonomes, quidu fait du large nombre de variables impliquées dansla représentation de tels systèmes, rend impossibledes approches naïves. Les problématiques traitéesconcernent, d’une part, la modélisation d’un tel système,notamment le choix du formalisme et du niveaud’abstraction du modèle, et d’autre part, la mise enplace d’un protocole d’évaluation de la prise de décisiondes véhicules. Ce dernier point inclut la questionde l’efficacité de l’exploration de l’espace d’états dumodèle. La thèse présente un ensemble de travaux,pouvant être complémentaires, visant à traiter cesproblématiques. Tout d’abord, le système, composédes véhicules autonomes et de leur environnement,est défini avec précision. Il permet notamment d’observerl’impact des communications entre véhiculessur leur comportement. Le cadre logiciel VERIFCARdédié à l’analyse de prise de décision de véhiculesautonomes communicants est ensuite présenté.Il inclut un modèle paramétrique d’automates temporisésoffrant la possibilité de vérifier des propriétésde logique temporelle. Une méthodologie d’analyseutilisant ces propriétés est présentée. On proposeégalement une approche complémentaire permettantdans certains cas une meilleure efficacité et une plusgrande expressivité. Elle est fondée sur le formalismedes MAPTs (Multi-Agent with timed Periodic Tasks),qui a été conçu pour la modélisation de systèmestemps réel d’agents coopératifs. Des algorithmes permettantune exploration dynamique des états de cetype de modèles (c’est à dire sans que l’espace d’étatsne doive être préalablement construit) sont présentés.Enfin, une méthode combinée alliant la simulationaux outils de vérification de modèle afin de contrôlerle niveau de réalisme est décrite et appliquée aucas d’étude

Design, formal modeling and verification of a real-time system of cooperative agents : application to communicating autonomous vehicles

Cette thèse est motivée par la question de la validation de propriétés dans un système composé de plusieurs agents mobiles prenants individuellement des décisions en temps réel.Chaque agent a une perception de l'environnement qui lui est propre et peut communiquer avec les autres agents à proximité.L'application qui a été choisie comme cas d'étude est celle des véhicules autonomes, qui du fait du large nombre de variables impliquées dans la représentation de tels systèmes, rend impossible des approches naïves.Les problématiques traitées concernent, d'une part, la modélisation d'un tel système, notamment le choix du formalisme et du niveau d'abstraction du modèle, et d'autre part, la mise en place d'un protocole d'évaluation de la prise de décision des véhicules.Ce dernier point inclut la question de l'efficacité de l'exploration de l'espace d'états du modèle.La thèse présente un ensemble de travaux, pouvant être complémentaires, visant à traiter ces problématiques.Tout d'abord, le système, composé des véhicules autonomes et de leur environnement, est défini avec précision.Il permet notamment d'observer l'impact des communications entre véhicules sur leur comportement.Le cadre logiciel VerifCar dédié à l'analyse de prise de décision de véhicules autonomes communicants est ensuite présenté.Il inclut un modèle paramétrique d'automates temporisés offrant la possibilité de vérifier des propriétés de logique temporelle.Une méthodologie d'analyse utilisant ces propriétés est présentée.On propose également une approche complémentaire permettant dans certains cas une meilleure efficacité et une plus grande expressivité.Elle est fondée sur le formalisme des MAPTs (Multi-Agent with timed Periodic Tasks), qui a été conçu pour la modélisation de systèmes temps réel d'agents coopératifs.Des algorithmes permettant une exploration dynamique des états de ce type de modèles (c'est à dire sans que l'espace d'états ne doive être préalablement construit) sont présentés.Enfin, une méthode combinée alliant la simulation aux outils de vérification de modèle afin de contrôler le niveau de réalisme est décrite et appliquée au cas d'étude.This thesis is motivated by the question of the validation of properties in a system composed of several mobile agents individually making decisions in real time.Each agent has a perception of their own environment and can communicate with other agents nearby.The application that has been chosen as a case study is that of autonomous vehicles, which because of the large number of variables involved in the representation of such systems, makes naive approaches impossible.The issues addressed concern, on the one hand, the modeling of such a system, in particular the choice of the formalism and the level of abstraction of the model, and on the other hand, the implementation of an evaluation protocol of decision making of vehicles.This last point includes the question of the efficiency of the exploration of the state space of the model.The thesis presents a set of works, which can be complementary, aiming to treat these problems.First, the system, consisting of autonomous vehicles and their environment, is precisely defined.It allows in particular to observe the impact of communications between vehicles on their behavior.The VerifCar software framework dedicated to decision-making analysis of communicating autonomous vehicles is then presented.It includes a parametric model of timed automata with the ability to check temporal logic properties.An analysis methodology using these properties is presented.A complementary approach is also proposed, which in some cases allows for greater efficiency and greater expressiveness.It is based on the formalism of MAPTs (Multi-Agent with Timed Periodic Tasks), which was designed for modeling real-time systems of cooperative agents.Algorithms allowing a dynamic exploration of the states of this type of model (that is to say without the state space having to be built beforehand) are presented.Finally, a combined method combining simulation and model verification tools to control the level of realism is described and applied to the case study

Timed automata as a formalism for expressing security: A survey on theory and practice

Timed automata are a common formalism for the verification of concurrent systems subject to timing constraints. They extend finite-state automata with clocks, that constrain the system behavior in locations, and to take transitions. While timed automata were originally designed for safety (in the wide sense of correctness w.r.t. a formal property), they were progressively used in a number of works to guarantee security properties. In this work, we review works studying security properties for timed automata in the last two decades. We notably review theoretical works, with a particular focus on opacity, as well as more practical works, with a particular focus on attack trees and their extensions. We derive main conclusions concerning open perspectives, as well as tool support.Comment: This is the author version of the manuscript of the same name published in ACM Computing Survey

Zone extrapolations in parametric timed automata

Timed automata (TAs) are an efficient formalism to model and verify systems with hard timing constraints, and concurrency. While TAs assume exact timing constants with infinite precision, parametric TAs (PTAs) leverage this limitation and increase their expressiveness, at the cost of undecidability. A practical explanation for the efficiency of TAs is zone extrapolation, where clock valuations beyond a given constant are considered equivalent. This concept cannot be easily extended to PTAs, due to the fact that parameters can be unbounded. In this work, we propose several definitions of extrapolation for PTAs based on the M-extrapolation, and we study their correctness. Our experiments show an overall decrease of the computation time and, most importantly, allow termination of some previously unsolvable benchmarks.Comment: This is the author (and extended) version of the manuscript of the same name published in the proceedings of the 14th NASA Formal Methods Symposium (NFM 2022). This work is partially supported by the ANR-NRF French-Singaporean research program ProMiS (ANR-19-CE25-0015

Zone extrapolations in parametric timed automata

International audienceTimed automata (TAs) are an efficient formalism to model and verify systems with hard timing constraints and concurrency. While TAs assume exact timing constants with infinite precision, parametric timed automata (PTAs) overcome this limitation and increase their expressiveness—at the cost of undecidability of most interesting problems. A practical explanation for the efficiency of nonparametric TAs is zone extrapolation, where clock valuations beyond a given constant are considered equivalent. This concept cannot be easily extended to PTAs, due to the fact that parameters can be unbounded, meaning that the constants compared to the clocks have no upper bound. In this work, we propose several definitions of extrapolation for PTAs, and we study their correctness. Our experiments show an overall decrease of the computation time and, most importantly, allow termination of some previously unsolvable benchmarks

Models for the dynamic exploration of the state spaces of autonomous vehicles

We present multi-agent timed models, called MAPTs, where each agent is associated with a regular timed schema upon which all possible actions of the agent rely. MAPTs allow for a layered structure of the state space, so that it is possible to explore the latter dynamically and use heuristics to greatly reduce the computation time needed to address reachability problems. We then use an available tool for the Petri net implementation of MAPTs, to explore the state space of autonomous vehicle systems and compare this exploration with timed automata-based approaches in terms of expressiveness of available queries and computation time.SCOPUS: cp.pinfo:eu-repo/semantics/publishe