Sandie Balaguer scite author profile

2011

Abstract-Occurrence nets are a well known partial order model for the concurrent behavior of Petri nets. The causality and conflict relations between events, which are explicitly represented in occurrence nets, induce logical dependencies between event occurrences: the occurrence of an event e in a run implies that all its causal predecessors also occur, and that no event in conflict with e occurs. But these structural relations do not express all the logical dependencies between event occurrences in maximal runs: in particular, the occurrence of e in any maximal run may imply the occurrence of another event that is not a causal predecessor of e, in that run. The reveals relation has been introduced in [1] to express this dependency between two events. Here we generalize the reveals relation to express more general dependencies, involving more than two events, and we introduce ERL logic to express them as boolean formulas. Finally we answer the synthesis problem that arises: given an ERL formula ϕ, is there an occurrence net N such that ϕ describes exactly the dependencies between the events of N ?

Scenario-based verification of real-time systems using Uppaal

Li¹,

Balaguer²,

David³

et al. 2010

Form Methods Syst Des

This article proposes two approaches to tool-supported automatic verification of dense real-time systems against scenario-based requirements, where a system is modeled as a network of timed automata (TAs) or as a set of driving live sequence charts (LSCs), and a requirement is specified as a separate monitored LSC chart.We make timed extensions to a kernel subset of the LSC language and define a tracebased semantics. By translating a monitored LSC chart to a behavior-equivalent observer TA and then non-intrusively composing this observer with the original TA-modeled realtime system, the problems of scenario-based verification reduce to computation tree logic (CTL) real-time model checking problems. When the real-time system is modeled as a set of driving LSC charts, we translate these driving charts and the monitored chart into a behaviorequivalent network of TAs by using a "one-TA-per-instance line" approach, and then reduce the problems of scenario-based verification also to CTL real-time model checking problems. We show how we exploit the expressivity of the TA formalism and the CTL query language Form Methods Syst Des (2010) 37: 200-264 201 of the real-time model checker UPPAAL to accomplish these tasks. The proposed two approaches are implemented in the UPPAAL tool and built as a tool chain, respectively. We carry out a number of experiments with both verification approaches, and the results indicate that these methods are viable, computationally feasible, and the tools are effective.

A concurrency-preserving translation from time Petri nets to networks of timed automata

2012

Form Methods Syst Des

Building Occurrence Nets from Reveals Relations

2013

Occurrence nets are a well known partial order model for the concurrent behavior of Petri nets. The causality and conflict relations between events, which are explicitly represented in occurrence nets, induce logical dependencies between event occurrences: the occurrence of an event e in a run implies that all its causal predecessors also occur, and that no event in conflict with e occurs. But these structural relations do not express all the logical dependencies between event occurrences in maximal runs: in particular, the occurrence of e in any maximal run may imply the occurrence of another event that is not a causal predecessor of e, in that run. The reveals relation has been introduced to express this dependency between two events. Here we generalize the reveals relation to express more general dependencies, involving more than two events, and we introduce ERL logic to express them as boolean formulas. Finally we answer the synthesis problem that arises: given an ERL formula ϕ, is there an occurrence net N such that ϕ describes exactly the dependencies between the events of N ? S. Balaguer et al. / Building Occurrence Nets from Reveals Relationsfor the partial order semantics referred to as unfoldings; they are nets in which all transitions, called events, are executable and the flow relation induced by the arcs is acyclic. Paths between events represent causality.The representation of all runs of a Petri net as an unfolding [15,23] allows one to avoid the statespace explosion due to interleavings when exploring the runs of a Petri net. Unfoldings are infinite in general, but can be represented efficiently by a finite complete prefix [16,21], for instance to check LTL formulas [19].The structure of an occurrence net induces three relations over its events, causality, concurrency and conflict, thus generating a prime event structure [23]. Causality represents the partial ordering of events due to the progress of the run. When two events may occur in the same run, but are not related by causality, they are concurrent. The last possibility is that two events never occur in the same run; then they are in conflict. The causality and conflict relations induce logical dependencies between event occurrences: the occurrence of an event e in a run implies that all its causal predecessors also occur, and that no event in conflict with e ever occurs.Here, we focus on a particular setting where weak fairness [25] is assumed, i.e. any enabled event has to occur or to be disabled, and when we consider these maximal runs, the structural relations do not express all the logical dependencies between event occurrences. Indeed, in this context, concurrency does not necessarily mean logical independency: it is possible that the occurrence of an event implies the eventual occurrence of another one, which is structurally concurrent. This happens with events a and c in Fig. 2(a): we have to observe that a is in conflict with b and that any maximal run contains either b or c. Therefore, if a occurs in a maximal run, then b does not ...

A Concurrency-Preserving Translation from Time Petri Nets to Networks of Timed Automata

2010

Avoiding Shared Clocks in Networks of Timed Automata

2013

Abstract. Networks of timed automata (NTA) are widely used to model distributed real-time systems. Quite often in the literature, the automata are allowed to share clocks, i.e. transitions of one automaton may be guarded by conditions on the value of clocks reset by another automaton. This is a problem when one considers implementing such model in a distributed architecture, since reading clocks a priori requires communications which are not explicitly described in the model. We focus on the following question: given an NTA A1 A2 where A2 reads some clocks reset by A1, does there exist an NTA Awithout shared clocks with the same behavior as the initial NTA? For this, we allow the automata to exchange information during synchronizations only, in particular by copying the value of their neighbor's clocks. We discuss a formalization of the problem and define an appropriate behavioural equivalence. Then we give a criterion using the notion of contextual timed transition system, which represents the behavior of A2 when in parallel with A1. Finally, we effectively build A

Avoiding Shared Clocks in Networks of Timed Automata

2012