About
198
Publications
18,856
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,387
Citations
Introduction
Current institution
Additional affiliations
January 2003 - present
Publications
Publications (198)
Model checking is a powerful technique for software verifi-
cation. However, the approach notably suffers from the infamous state
space explosion problem. To tackle this, in this paper, we introduce a
novel symbolic method for encoding Petri net markings. It is based on
the use of generalised intervals on vectors, as opposed to existing meth-
ods b...
Wikidata is a knowledge graph increasingly adopted by many communities for diverse applications. Wikidata statements are annotated with qualifier-value pairs that are used to depict information, such as the validity context of the statement, its causality, provenances, etc. Handling the qualifiers in reasoning is a challenging problem. When definin...
Flow-sensitive type systems offer an elegant way to ensure memory-safety in programming languages. Unfortunately, their adoption in new or existing languages is often hindered by a painful effort to implement or integrate them into compilers. This paper presents early results in our effort to alleviate this task. We introduce Fuel, a type capabilit...
![Depending on δt\documentclass[12pt]{minimal} \usepackage{amsmath}...](publication/344691864/figure/fig3/AS:960356809715741@1605978314471/Depending-on-dtdocumentclass12ptminimal-usepackageamsmath-usepackagewasysym_Q320.jpg)
By bridging the semantic gap, domain-specific language (DSLs) serve an important role in the conquest to allow domain experts to model their systems themselves. In this publication we present a case study of the development of the Continuous REactive SysTems language (CREST), a DSL for hybrid systems modeling. The language focuses on the representa...
Hybrid systems modelling remains a very popular topic within the modelling and simulation community. Its expressiveness allows for the definition of highly complex systems that merge discrete-state-based transitions systems with continuous value-evolutions for variables, so that cyber-physical systems can be modelled in all their intricacies. This...
This book constitutes the proceedings of the 42nd International Conference on Application and Theory of Petri Nets and Concurrency, PETRI NETS 2021, which was held virtually in June 2021.
The 22 full papers presented together with 2 keynote papers in this volume were carefully reviewed and selected from 39 submissions. The focus of the conference i...
Real-time system design involves proving the schedulability of a set of tasks with hard timing and other constraints that should run on one or several cores. When those requirements are known at design time, it is possible to compute a fixed scheduling of tasks before deployment. This approach avoids the overhead induced by an online scheduler and...
The study of concurrent and parallel systems has been a challenging research domain within cyberphysical systems community. This chapter provides a pragmatic introduction to the creation and analysis of such system models using the popular Petri nets formalism. Petri nets is a formalism that convinces through its simplicity and applicability.We off...
Anzen is a multi-paradigm programming language that aims to provide explicit and controllable assignment semantics. It is based on the observation that abstractions over memory management and data representation, as commonly adopted by contemporary programming languages, often transpire relics of the underlying memory model and lead to confusing as...
Despite the plethora of powerful software to spot bugs, identify performance bottlenecks or simply improve the overall quality of code, programming languages remain the first and most important tool of a developer. Therefore, appropriate abstractions, unambiguous syntaxes and intuitive semantics are paramount to convey intent concisely and efficien...
Representing the context of triples and reasoning on contextualized triples is an open problem in the semantic web. In this paper, we present \(OWL^{C}\): a contextual two-dimensional web ontology language. Using the first dimension, we can define contexts-dependent classes, properties, and axioms and using the second dimension, we can express know...
COST IC1404 WG1 Deliverable WG1.1: State-of-the-art on Current Formalisms used in Cyber-Physical Systems Development
Aliasing is a vital concept of programming, but it comes with a plethora of challenging issues, such as the problems related to race safety. This has motivated years of research, and promising solutions such as ownership or linear types have found their way into modern programming languages. Unfortunately, most current approaches are restrictive. I...
This article presents CREST, a novel domain-specific language for the modelling of cyber-physical systems. CREST is designed for the simple and clear modelling, simulation and verification of small-scale systems such as home and office automation, smart gardening systems and similar. The language is designed to model the flow of resources throughou...
Models of small CPS and IoT applications often use approximated values that describe physical system behaviour. Physical resources, such as electricity consumption and heating power, have to be estimated, since many off-the-shelf components lack the required descriptions. Controllers which are based on these approximations can hence use imprecise m...
The development and validation of language translators (e.g. port programs, language preprocessors, high-level software language compilers, etc.) are time-consuming and error-prone: language engineers need to master both the source and target languages’ syntactic constructs; and most importantly their semantics. In this paper, we present an innovat...
CREST is a novel modelling language for the definition of Continuous-time, REactive SysTems. This domain-specific language (DSL) targets small cyber-physical systems (CPS) such as home automation systems. While CREST is a graphical language and its systems can be visualised as CREST diagrams, the main form of use is as internal DSL for the Python g...
This paper introduces mcc4mcc, the Model Checker Collection for the Model Checking Contest, a tool that wraps multiple model checking solutions, and applies the most appropriate one based on the characteristics of the model it is given.
It leverages machine learning algorithms to carry out this selection,
based on the results gathered from the 2017...
Petri nets are a family of formalisms dedicated to the representation of concurrent systems. Their strength is the compact modeling of complex behaviors using very simple rules. Despite this simplicity, many teachers observe that students often require a lot of exposure and numerous exercises to truly understand the semantics of Petri nets. In orde...
Testing has become an indispensable activity of software development, yet writing good and relevant tests remains a quite challenging task. One well-known problem is that it often is impossible or unrealistic to test for every outcome, as the input and/or output of a program component can represent incredbly large, unless infinite domains. A common...
Symbolic execution is well-known for its capability to produce high-coverage test suites for software source code. So far, most tools are created to support a specific language. This
paper elaborates on performing language independent symbolic execution and three ways to achieve it. We describe the use of one approach to perform dynamic symbolic ex...
The advance of cyber-physical systems in everyday life requires powerful modeling capabilities. Existing formalisms often have severe limitations and require complicated notations. In this paper we introduce CREST, a domain-specific language for modeling entity behavior and resource transfers in CPS. CREST aims to support CPS architects through cla...
Due to the increase of their complexity, currently engineered systems cannot be developed by one individual, but are a product of a collaboration between multiple stakeholders who develop the system from different domain-specific views. Inconsistencies between views, however, hinder collaboration and therefore, must be managed. Since the encountere...
Over the last decade code-based test case generation techniques such as combinatorial testing or dynamic symbolic execution have seen growing research popularity. Most algorithms and tool implementations are based on finding assignments for input parameter values in order to maximise the execution branch coverage. In this paper we first present ITE...
Over the past few years, numerous real-time and embedded systems have been adopting multi-core architectures for either better performances, or energy efficiency. For the case of real-time applications, where tasks can have critical deadlines, it is desirable to ensure the schedulability of the application statically, taking into account the possib...
Occupational exposure models vary significantly in their complexity, purpose, and the level of expertise required from the user. Different parameters in the same model may lead to different exposure estimates for the same exposure situation. This paper presents a tool developed to deal with this concern—TREXMO or TRanslation of EXposure MOdels. TRE...
Modeling cyber-physical systems is often seen as a highly multi-disciplinary activity. Therefore, efficient methodologies are required to be able to represent environment, plant and control models using the most appropriate formalisms. On the one hand, the Petri net formalism is appropriate to model the environment of a complex cyber-physical syste...
Petri nets have proved their effectiveness in modeling and formal verification of a large number of applications: control systems, communication protocols, application workflows, hardware design, etc. In the present days, one important focus of computer science is on security and secure communications. The use of Petri nets for verifying security p...
Over the last decade code-based test case generation techniques such as combinatorial testing or dynamic symbolic execution have seen growing research popularity. Most algorithms and tool implementations are based on finding assignments for input parameter values in order to maximise the execution branch coverage. Only few of them consider dependen...
Qualitative formal verification, that seeks boolean answers about the
behavior of a system, is often insufficient for practical purposes. Observing
quantitative information is of interest, e.g. for the proper calibration of a
battery or a real-time scheduler. Historically, the focus has been on
quantities in a continuous domain, but recent years sh...
Modularity is a mandatory principle to apply Petri nets to real world-sized systems. Modular extensions of Petri nets allow to create complex models by combining smaller entities. They facilitate the modeling and verification of large systems by applying a divide and conquer approach and promoting reuse. Modularity includes a wide range of notions...
The obvious growth of complexity in embedded and cyber physical systems requires from developers to be innovative in the way they carry out the verification process. To increase the amount of information available from a system, software instrumentation has been previously used in these domains, therefore solving the problem of observability. In ad...
In this paperwe present the strategy generic extensible modelchecker (StrataGEM), a tool aimed at the analysis of Petri nets and other models of concurrency by means of symbolic model-checking techniques. StrataGEM marries the well know concepts of term rewriting (TR) to the efficiency of decision diagrams (DDs). TR systems are a great way to descr...
Petri nets have proved their effectiveness in modeling and formal verification of a large number of applications: control systems, communication protocols, application workflows, hardware design, etc. In the present days, one important focus of computer science is on security and secure communications. The use of Petri nets for verifying security p...
Ad hoc networks represent a very modern technology for providing communication between devices without the need of any prior infrastructure set up, and thus in an “on the spot” manner. But there is a catch: so far there isn't any security scheme that would suit the ad hoc properties of this type of networks and that would also accomplish the needed...
Modeling and verifying the security protocols for ad hoc networks is a very complex task, because this type of networks is very complex. In this paper we present a new approach: the use of algebraic Petri nets as implemented by AlPiNA tool to model ad hoc networks and to verify some of the security properties of ARAN ad hoc secure routing protocol....
So far, model checkers cannot be used to verify the properties of complex systems, because of the state space explosion. Such systems are for instance the security protocols designed for ad hoc networks. But by limiting the parameters that are taken into consideration for the systems, the model checkers can be used as testing tools of the construct...
This document presents the results of the Model Checking Contest held at
Petri Nets 2013 in Milano. This contest aimed at a fair and experimental
evaluation of the performances of model checking techniques applied to Petri
nets. This is the third edition after two successful editions in 2011 and 2012.
The participating tools were compared on severa...
Modularity is a mandatory principle to apply Petri nets to real world-sized systems. Modular extensions of Petri nets allow to create complex models by combining smaller entities. They facilitate the modeling and verification of large systems by applying a divide and conquer approach and promoting reuse. Modularity includes a wide range of notions...
This article presents the results of the Model Checking Contest held at Petri
Nets 2012 in Hambourg. This contest aimed at a fair and experimental evaluation
of the performances of model checking techniques applied to Petri nets. This is
the second edition after a successful one in 2011.
The participating tools were compared on several examinations...
Systems biology and synthetic biology can be considered as model-driven methodologies. In this context, models are used to discover emergent properties arising from the complex interactions between components. Most available tools propose simulation frameworks to study models of biological systems. Simulation only explores a limited number of behav...
The resilience of a software system can be guaranteed, among other techniques, by model checking. In that setting, it consists in exploring every execution of the system to detect violations of resilience properties. One approach is to automatically transform the program into a model. To harness the system complexity and the state space explosion,...
Most available tools propose simulation frameworks to study models of
biological systems, but simulation only explores a few of the most probable
behaviours of the system. On the contrary, techniques such as model checking,
coming from IT-systems analysis, explore all the possible behaviours of the
modelled systems, thus helping to identify emergen...
Chemical and biological systems have similarities with IT-systems as they can be observed as sequences of events. Most avail-able tools propose simulation frameworks to explore biological pathways (i.e., sequences of events). Simulation only explores a few of the most probable pathways in the system. On the contrary, techniques such as model checki...
Although model checking is heavily used in the hardware domain, it did not take off in software engineering yet. One of the possible reasons is that software models are very complex. They integrate many dimensions such as data types and concurrency, leading to the infamous state space explosion problem. This article introduces the Algebraic Petri N...
Most researchers use Petri nets as a formal notation with mathematically defined semantics. Their graphical part is usually only seen as a notation, that does not carry semantics. Contrary to this tradition, we show in this article that, when created by a human, there is inherent semantics in the positions of places, transitions and arcs. We propos...
Designing a DSML implies binding the syntactical concepts of the problem domain with the semantics of a solution domain. Previous work presented a formal framework for language composition where language syntactical patterns (expressed by metamodels) along with their semantics (ex-pressed by transformation models) are combined as small reusable bui...
AlPiNA is a symbolic model checker for High Level Petri nets. It is comprised of two independent modules: a GUI plugin for
Eclipse and an underlying model checking engine. AlPiNA’s objective is to perform efficient and user-friendly, easy to use
model checking of large software systems. This is achieved by separating the model and its properties fr...
AlPiNA is a graphical editor and model checker for a class of high-level Petri nets called Algebraic Petri Nets. Its main purpose is to perform reachability checks on complex models. It performs symbolic model checking based on ΣDD, an efficient evolution in the Decision Diagrams field, using novel techniques such as algebraic clustering and algebr...
Decision Diagrams are now widely used in model checking as extremely compact representations of state spaces. Many Decision Diagram categories have been developed over the past twenty years based on the same principles. Each one targets a specific domain with its own characteristics. Moreover, each one provides its own definition. It prevents shari...
With the increasing interest in metamodeling techniques for Domain Specific Modeling Languages (DSML) definition, there is a strong need to improve the language modeling process. One of the problems to solve is language evolution. Possible solutions include maximizing the reuse of metamodel patterns, composing them to form new, more expressive DSML...
We will present a methodology and a tool to generate test cases from a model expressed in Business Process models and a set
of test intentions for choosing a particular kind of tests. In order to do this we transform the Business Process models in an intermediate
format called Algebraic Petri Nets. We then use model checking techniques (e.g. Decisi...
The BATIC 3 S project 5 (Building Adaptive Three-dimensional Interfaces for Controlling Complex Control Systems) proposes a method-ology to prototype adaptive graphical user interfaces (GUI) for control systems. We present a domain specific language for the control systems domain, including useful and understandable abstractions for domain ex-perts...
Domain specific languages (DSL) which describe reactive systems generally have a need for systematic generation of tests for their models. During the design of a DSL there is a lack of support for its integration with existing model based test generation tools. In this paper, we show how this integration can be conceptualized and systematized. We i...
The BATIC3S project (Building Adaptive Three-dimensional Interfaces for Controlling Complex Control Systems) proposes a methodology to prototype adaptive graphical user interfaces (GUI) for control systems. We present a domain specific language for the control systems domain, including useful and understandable abstractions for domain experts. This...
Developing in a domain specific environment introduces all the advantages of thinking at the same abstraction level of the problem under consideration. The gap between the real problem and the mental model is reduced with respect to the generic approach of using General Purpose Languages. In this article we consider that Domain Specific Modeling La...
This report is a presentation of the contributions to the workshop on Models, Formalisms and Methods for Object-Oriented Distributed
Computing. The goal of the workshop was to bring together researchers interested in the the foundations and in the practice
of concurrent and distributed object-oriented computing. Two main directions of concurrent sy...
Implementing Graphical User Interfaces (GUIs) for complex control systems (CS) implies many development challenges, especially for prototyping and refining. We propose to improve current practices by introducing a model-based, domain specific approach to GUI develop- ment. Our methodology is founded on the assumption that most information to be use...
A work-in-progress domain-specific language and methodology for modeling complex control systems GUIs is presented. MDA techniques are applied for language design and verification, simulation and prototyping.
CoopnBuilder is an integrated development environment (IDE) for Concurrent Object Oriented Petri Nets (COOPN). It comes with a complete set of tools enabling the user to view, edit, check, simulate and generate code from CO-OPN specifications. The Code Generation tool allows the user to develop applications in an open way: the produced code can be...
Mapping domain-specific languages' core concepts into the concurrent object-oriented Petri nets formal specification language provides users with the semantics necessary for developing prototypes for these DSLs. Different knowledge domains demand different types of support from software languages. Domain engineers often use domain-specific language...
RISE 2006 constituted an international forum for researchers and practitioners interestedintheadvancementandrapidapplicationofnovel,integrated,orpr- ticalsoftwareengineeringapproaches,beingpartofamethodologicalframework, that apply to the development of either new or evolving applications and s- tems. It provided a good opportunity to present and d...
In many industries, such as finance and insurance, business processes represent products which need to be rolled out to customers within a strict deadline, e.g. new insurance policies. The products are also supposed to be modifiable during their period of service and should be verified and tested before being placed in service. In these industries,...
Using Domain Specific Modeling (DSM) allows solutions to be expressed in the idiom and at the level of abstraction of the problem domain. However, this does not imply that prototypes can be easily and rapidly generated. In reality, Domain Specific Languages (DSLs) are difficult to design, implement and maintain, and usually there is a potential los...
Ada offers several mechanisms for expressing concurrency, like tasks and protected types. The use of concurrency can introduce significant problems which are inherent in the program's interactions or can require some particular properties. Amongst these problems or necessary properties, we can mention deadlocks, fairness and particular temporal cha...
In this paper we will explain our approach for generating test cases for a UML system model. Despite the fact that UML authors claim that UML semantics are precise enough to define non-ambiguous models, we find that the overlap of the different views makes it difficult to explore and make deductions on the state space of the modeled system in order...
The work described in this article presents how we use COOPN in the context of the MDA (Model Driven Architecture) philosophy
for prototyping Domain Specific Languages. With this principle we increase the abstraction of COOPN language representation
enabling standard data interchange with other applications that use the same approach. In particular...
Business process modeling, validation and verification are complex tasks due to the frequent change of requirements in the
social environment to which the process contributes. In particular, transactional business processes need more attention in
stages of modeling and verification because of their additional complexities in managing the specific b...
In this paper we propose a test language that allows expressing test intentions for CO-OPN (concurrent object-oriented Petri nets) specifications - a formal specification language designed to handle large complex concurrent systems. Our test language is based on temporal logic formulas for expressing graphs of input/output pairs - the inputs corres...
Because of the increase in workplace automation and the diversification of industrial processes, workplaces have become more and more complex. The classical approaches used to address workplace hazard concerns, such as checklists or sequence models, are, therefore, of limited use in such complex systems. Moreover, because of the multifaceted nature...
In this paper we will present a survey on the test case generation process and tools we are currently developing. It will reflect the new ideas that we’re pursuing while keeping in mind our previous work on formal specification languages and theory of test case generation.
The model based test case generation method we propose is based on a subset...
Modeling software systems is one of the most obvious uses of a formal specification language. A software prototype, automatically generated from the specification, enables the developer to validate the system in a real environment. However, real software systems are seldom developed from scratch, but rather built using existing libraries. In this p...
Modelling complex concurrent systems is often difficult and error-prone, in particular when new concepts coming from advanced practical applications are considered. These new application domains include dynamicity, mobility, security, and localization dependent computing. In order to fully model and prototype such systems we propose to use several...
This paper will discuss the current uses and application perspectives of Petri Nets (PNs) in the fields of risk analysis and accident modelling. Severe time and combinatory limitations are encountered when trying to model complex events sequences with classical methods. Due to their large calculation capabilities and the development of recent tools...
CoopnBuilder is an integrated development environment (IDE) for Concurrent Object Oriented Petri Nets (COOPN). It comes with a complete set of tools enabling the user to view, edit, check, simulate and generate code from CO-OPN specifications. The Code Generation tool allows the user to develop applications in an open way: the produced code can be...
This paper defines the MORM Model (Man-Machine Occupational Risk modeling) which is devised for modeling risk in wide-scaled industrial systems. We introduce the basic principles of the human-machine interaction model based on a dynamic approach. This approach consists of two features. First, the extended Cognitive Reliability and Error Analysis Me...
this paper is that of substitutability: given a system containing a component A,wewantto able to tell if we can "safely" replace component A by a new component B. By "safely", we mean that weneedto preserve some set of properties for the new resulting system. So wetackle the problem by first modelling the system and its components with a component/...
This paper presents the combination of two well established principles: the CO-OPN synchronisation mechanism, and the Merlin
and Farber time Petri nets. Real-time synchronised Petri nets systems are then defined such that a Petri net is an object
that can ask to be synchronised with another net, and whose transition firing is constrained by relativ...
Modeling software systems is one of the most obvious uses of a formal specification language. A software prototype, automatically generated from the specification, enables the developer to validate the system in real environment. However, real software systems are seldom developed from scratch, but rather built using existing libraries. In this pap...
The aim of this Chapter is to present an example of incremental modelling in CO-OPN that allows easier verification. We show how to build the crossroads specification by “cleanly” integrating physical and logical modelling of the system by means of the CO-OPN component and context notions. We take the example of the crossroads controller, and proce...
In the first part of this paper we present a new general component-oriented formalism, which has, among others, the following features: Concurrency, atomicity, synchronization between and inside components, and modularity. We give the inference rules which may be used to inductively build the semantics of composed components. The second part of the...
