## About

86

Publications

11,250

Reads

**How we measure 'reads'**

A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more

4,886

Citations

Introduction

Additional affiliations

March 2012 - August 2015

October 2008 - February 2012

## Publications

Publications (86)

Falsification has garnered much interest recently as a way to validate complex CPS designs with respect to a specification expressed via temporal logics. Using their quantitative semantics, the falsification problem can be formulated as a robustness minimization problem.

Cyber-physical systems (CPS), such as automotive systems, are starting to include sophisticated machine learning (ML) components. Their correctness, therefore, depends on properties of the inner ML modules. While learning algorithms aim to generalize from examples, they are only as good as the examples provided, and recent efforts have shown that t...

Cyber-physical system applications such as autonomous vehicles, wearable devices, and avionic systems generate a large volume of time-series data. Designers often look for tools to help classify and categorize the data. Traditional machine learning techniques for time-series data offer several solutions to solve these problems; however, the artifac...

Safety and security are major concerns in the development of Cyber-Physical Systems (CPS). Signal temporal logic (STL) was proposed as a language to specify and monitor the correctness of CPS relative to formalized requirements. Incorporating STL into a development process enables designers to automatically monitor and diagnose traces, compute robu...

The term Cyber-Physical Systems (CPS) typically refers to engineered, physical and biological systems monitored and/or controlled by an embedded computational core. The behaviour of a CPS over time is generally characterised by the evolution of physical quantities, and discrete software and hardware states. In general, these can be mathematically m...

Signal temporal logic (STL) is a formalism used to rigorously specify requirements of cyberphysical systems (CPS), i.e., systems mixing digital or discrete components in interaction with a continuous environment or analog components. STL is naturally equipped with a quantitative semantics which can be used for various purposes: from assessing the r...

Many industrial cyber-physical system (CPS) designs are too complex to formally verify system-level properties. A practical approach for testing and debugging these system designs is falsification, wherein the user provides a temporal logic specification of correct system behaviors, and some technique for selecting test cases is used to identify be...

We formalize and analyze a new problem in formal language theory termed control improvisation. Given a specification language, the problem is to produce an improviser, a probabilistic algorithm that randomly generates words in the language, subject to two additional constraints: the satisfaction of a quantitative soft constraint, and the exhibition...

Cyber-physical systems (CPS), such as automotive systems, are starting to include sophisticated machine learning (ML) components. Their correctness, therefore, depends on properties of the inner ML modules. While learning algorithms aim to generalize from examples, they are only as good as the examples provided, and recent efforts have shown that t...

We present a mathematical programming-based method for model predictive control of cyber-physical systems subject to signal temporal logic (STL) specifications. We describe the use of STL to specify a wide range of properties of these systems, including safety, response and bounded liveness. For synthesis, we encode STL specifications as mixed inte...

Cyber-physical systems (CPS), such as automotive systems, are starting to include sophisticated machine learning (ML) components. Their correctness, therefore, depends on properties of the inner ML modules. While learning algorithms aim to generalize from examples, they are only as good as the examples provided, and recent efforts have shown that t...

We address the problem of mining musical specifications from a training set of songs and using these specifications in a machine improvisation system capable of generating improvisations imitating a given style of music. Our inspiration comes from control improvisation, which combines learning and synthesis from formal specifications. We mine speci...

We address the problem of diagnosing and repairing specifications for hybrid systems, formalized in signal temporal logic (STL). Our focus is on automatic synthesis of controllers from specifications using model predictive control. We build on recent approaches that reduce the controller synthesis problem to solving one or more mixed integer linear...

We consider the problem of generating randomized control sequences for
complex networked systems typically actuated by human agents. Our approach
leverages a concept known as control improvisation, which is based on a
combination of data-driven learning and controller synthesis from formal
specifications. We learn from existing data a generative mo...

We address the problem of diagnosing and repairing specifications for hybrid systems formalized in signal temporal logic (STL). Our focus is on the setting of automatic synthesis of controllers in a model predictive control (MPC) framework. We build on recent approaches that reduce the controller synthesis problem to solving one or more mixed integ...

This book constitutes the refereed proceedings of the 5th International Workshop on Hybrid Systems Biology, HSB 2016, held in Grenoble, France, in October 2016.
The 11 full papers presented in this book were carefully reviewed and selected from 26 submissions. They were organized and presented in 4 thematic sessions also reflected in this book: mod...

We formalize and analyze a new automata-theoretic problem termed control improvisation. Given an automaton, the problem is to produce an improviser, a probabilistic algorithm that randomly generates words in its language, subject to two additional constraints: the satisfaction of an admissibility predicate, and the exhibition of a specified amount...

Hybrid systems represent an important and powerful formalism for modeling real-world applications such as embedded systems. A verification tool like SpaceEx is based on the exploration of a symbolic search space (the region space). As a verification tool, it is typically optimized towards proving the absence of errors. In some settings, e.g., when...

Signal Temporal Logic (STL) is a formalism used to rigorously specify
requirements of cyberphysical systems (CPS), i.e., systems mixing digital or
discrete components in interaction with a continuous environment or analog com-
ponents. STL is naturally equipped with a quantitative semantics which can be
used for various purposes: from assessing the...

Techniques for testing cyberphysical systems (CPS) currently use a combination of automatic directed test generation and random testing to find undesirable behaviors. Existing techniques can fail to efficiently identify bugs because they do not adequately explore the space of system behaviors. In this paper, we present an approach that uses the rap...

We present a counterexample-guided inductive synthesis approach to controller synthesis for cyber-physical systems sub- ject to signal temporal logic (STL) specifications, operating in potentially adversarial nondeterministic environments. We encode STL specifications as mixed integer-linear constraints on the variables of a discrete-time model of...

In this work, we propose and evaluate an active learning algorithm in context of CPSGrader, an automatic grading and feedback generation tool for laboratory-based courses in the area of cyber-physical systems. CPSGrader detects the presence of certain classes of mistakes using test benches that are generated in part via machine learning from soluti...

We present a mathematical programming-based method for model predictive control of discrete-time cyber-physical systems subject to signal temporal logic (STL) speci-fications. We describe the use of STL to specify a wide range of properties of these systems, including safety, response and bounded liveness. For synthesis, we encode STL specification...

Energy-efficient control mechanisms are necessary to manage the ever increasing energy demand. Recently several tools for building energy consumption control have been proposed for small (e.g. homes) [8] and large (e.g. offices) buildings [3][6][1]. The mechanism each tool uses is different, e.g. HVAC control [3] and appliance rescheduling [8], but...

Multi-methods are functions whose calls at runtime are resolved depending on the dynamic types of more than one argument. They are useful for common programming problems. However, while many languages provide different mechanisms to implement them in one way or another, there is still, to the best of our knowledge, no library or language feature th...

This paper describes current work on framing the model predictive control (MPC) of cyber-physical systems as synthesis from signal temporal logic (STL) specifications. We provide a case study using a simplified power grid model with uncertain demand and generation; the model-predictive control problem here is that of the ancillary service power flo...

As with virtually all biologically essential transition metals, but probably in a more acute way than most, iron excess and deficiency underlie a range of pathological conditions in animals. Accordingly, regulatory systems maintain the proper iron amount to fulfill the needs of the whole body and of each individual cell, while avoiding deleterious...

We consider the problem of designing an automatic grader for a laboratory in the area of cyber-physical systems. The goal of this laboratory is to program a robot for specified navigation tasks. Given a candidate student solution (control program for the robot), our grader first checks whether the robot performs the task correctly under a represent...

In an aircraft electric power system, one or more supervisory control units actuate a set of electromechanical switches to dynamically distribute power from generators to loads, while satisfying safety, reliability, and real-time performance requirements. To reduce expensive redesign steps, this control problem is generally addressed by minor incre...

Temporal Logic (TL) is a popular formalism, introduced into systems design [Pnu77] as a language for specifying acceptable behaviors of reactive systems. Traditionally, it has been used for formal verification, either by deductive methods [MP95], or algorithmic methods (Model Checking [CGP99,QS82]). In this framework, the behaviors in question are...

This paper presents a method for modeling biological systems which combines
formal techniques on intervals, numerical simulations and satisfaction of
Signal Temporal Logic (STL) formulas. The main modeling challenge addressed by
this approach is the large uncertainty in the values of the parameters due to
the experimental difficulties of getting ac...

Monitoring transient behaviors of real-time systems plays an important role in model-based systems design. Signal Temporal Logic (STL) emerges as a convenient and powerful formalism for continuous and hybrid systems. This paper presents an e�fficient algorithm for computing the robustness degree in which a piecewise-continuous signal satisfi�es or...

The Hybrid I/O-automaton (HIOA) is a rigorous formal model designed for the analysis of complex hybrid (discrete-continuous) dynamical systems. The use of the HIOA formalism renders compositional reasoning possible, in the sense that once a property has been established for an automaton, it still holds if the automaton is composed with other automa...

Hybrid systems represent an important and powerful formalism for modeling real-world applications that require both discrete and continuous behavior. A verification tool such as SpaceEx is based on the exploration of a symbolic search space (the region space). As a verification tool, it is typically optimized towards proving the absence of errors....

Population statistics for Property 1, 2 and 3, computed with new parameter values. (see Table S1) This data should be compared with Figure 4, 5 (right), and 6 (right). The new parameter values allow resolving the inconsistencies found for SKW6.4, OEBcl2 SKW6.4 cells for Property 2, and for ΔXIAP HCT116 cells for Property 3. T47D cells still do not...

Syntax and semantics of STL [48]. The syntax of STL formulas is defined inductively. Here, are STL formulas, is an equality of type , with f a real-valued function on the state x, and [a,b] is a time interval. The real-valued semantics of an STL formula φ at time t is interpreted on a real-valued signal x(t) defined on a time interval [0,Tf], where...

Formula robustness. Number of matches between predicted and observed satisfaction values for Properties 1–3 in all HCT116 and SKW6.4 cell lines (Figure 7) as a function of the PARP-related threshold, α, defining the alive property, of the Apaf-related threshold, β, defining the MOMP occurrence and of the caspase-related threshold, γ, defining caspa...

Computation of STL diagrams using Breach [33]. The archive contains the freely-distributed Matlab tool Breach, an implementation of EARM1.4 in Breach, initial conditions for each of 12 cell lines used in this article, and example scripts illustrating how to generate STL phase diagrams.
(ZIP)

XIAP/capsase-3 STL diagrams for all properties and using HCT116, SKW6.4 or T47D as reference cell line. Diagrams representing the values of the STL properties p1 (A–C), p2 (D–F) and p3 (G–H) computed using HCT116 (A,D,G), SKW6.4 (B,E,H), or T47D (C,F,I) nominal protein concentrations. Bcl2 is overexpressed in Property 1 diagrams. In most cases, for...

XIAP/Capsase-3 STL diagrams computed with new parameter values for all properties and using HCT116 or SKW6.4 as reference cell lines. Diagrams representing the values of the STL properties p1 (A–B), p2 (C–D) and p3 (E–F), computed using HCT116 (A,C,E) or SKW6.4 (B,D,F) nominal protein concentrations.
(TIF)

FLIP/Capsase-8 STL diagrams computed with new parameter values for all properties and using HCT116 or SKW6.4 as reference cell lines. Diagrams representing the values of the STL properties p1 (A–B), p2 (C–D) and p3 (E–F), computed using HCT116 (A,C,E) or SKW6.4 (B,D,F) nominal protein concentrations.
(TIF)

Valid parameters. List of minimal parameter set leading to Property1–3 satisfaction for all but T47D cells, together with their new and original values, and the corresponding fold change.
(TIF)

Comparison between DLE and Property 1 STL diagrams. Diagrams representing the values of the DLE computed at time T (A,C) and of the STL Property: = always[0-T](cPARP/PARPtotal<0.5) (B,D) for T = 6 h (A–B) and T = 4 h (C–D). Strikingly, for the two time instants the separatrix is exactly at the same position, revealing that DLE and Property 1 captur...

STL property values across all cell lines for Properties 1–3 for the EARM1.4. For each property, plots indicate the nominal cell value (top), the distribution (middle), and the percentage of satisfaction (bottom) of the property values for populations of cells of different cell lines. Notations are identical to those used in Figure 4.
(TIF)

Extrinsic apoptosis is a programmed cell death triggered by external ligands, such as the TNF-related apoptosis inducing ligand (TRAIL). Depending on the cell line, the specific molecular mechanisms leading to cell death may significantly differ. Precise characterization of these differences is crucial for understanding and exploiting extrinsic apo...

Introduction: Use of iron resources and variations of the redox balance are processes involved in cell proliferation and differentiation. They participate to normal hematopoiesis and their disturbance may have an oncogenic role. Hematological neoplasia, such as acute myeloid leukemia (AML), provide clinical evidence of the link between iron regulat...

A significant challenge to the formal validation of software-based industrial control systems is that system requirements are often imprecise, non-modular, evolving, or even simply unknown. We propose a framework for mining requirements from the closed-loop model of an industrial-scale control system, such as one specified in the Simulink modeling...

We present Time-Frequency Logic (TFL), a new specification formalism for real-valued signals that combines temporal logic proper-ties in the time domain with frequency-domain properties. We provide a property checking framework for this formalism and demonstrate its ex-pressive power to the recognition of musical pieces. Like hybrid automata and th...

This paper presents a novel framework for the modeling of biological
networks. It makes use of recent tools analyzing the robust satisfaction of
properties of (hybrid) dynamical systems. The main challenge of this approach
as applied to biological systems is to get access to the relevant parameter
sets despite gaps in the available knowledge. An in...

We present a scalable reachability algorithm for hybrid systems with piecewise affine, non-deterministic dynamics. It combines polyhedra and support function representations of continuous sets to compute an over-approximation of the reachable states. The algorithm improves over previous work by using variable time steps to guarantee a given local e...

Given a dense-time real-valued signal and a parameterized temporal logic formula with both magnitude and timing parameters, we compute the subset of the parameter space that renders the formula satisfied by the trace. We provide two preliminary implementations, one which follows the exact semantics and attempts to compute the validity domain by qua...

Implementation: the breach toolbox.
(TXT)

Note on computing local sensitivity for satisfaction function.
(PDF)

Characterizing the behavior and robustness of enzymatic networks with numerous variables and unknown parameter values is a major challenge in biology, especially when some enzymes have counter-intuitive properties or switch-like behavior between activation and inhibition. In this paper, we propose new methodological and tool-supported contributions...

We present a scalable reachability algorithm for hybrid systems with piecewise affine, non-deterministic dynamics. It combines
polyhedra and support function representations of continuous sets to compute an over-approximation of the reachable states.
The algorithm improves over previous work by using variable time steps to guarantee a given local e...

We consider temporal logic formulae specifying constraints in contin- uous time and space on the behaviors of continuous and hybrid dynamical system admitting uncertain parameters. We present several variants of robustness mea- sures that indicate how far a given trajectory stands, in space and time, from sat- isfying or violating a property. We pr...

We describe Breach, a Matlab/C++ toolbox providing a coherent set of simulation-based techniques aimed at the analysis of deterministic models
of hybrid dynamical systems. The primary feature of Breach is to facilitate the computation and the property investigation of large sets of trajectories. It relies on an efficient
numerical solver of ordinar...

In this paper, we consider verifying properties of mixed-signal circuits, i.e., circuits for which there is an interaction
between analog (continuous) and digital (discrete) values. We use a simulation-based approach that consists of evaluating
the property on a representative subset of behaviors and answering the question of whether the circuit sa...