Joseph Sifakis

Joseph Sifakis
Université Grenoble Alpes · Verimag

PhD

About

310
Publications
46,728
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
18,915
Citations

Publications

Publications (310)
Preprint
Full-text available
With the proliferation of the Large Language Model (LLM), the concept of World Models (WM) has recently attracted a great deal of attention in the AI research community, especially in the context of AI agents. It is arguably evolving into an essential foundation for building AI agent systems. A WM is intended to help the agent predict the future ev...
Preprint
Full-text available
Simulation-based testing remains the main approach for validating Autonomous Driving Systems. We propose a rigorous test method based on breaking down scenarios into simple ones, taking into account the fact that autopilots make decisions according to traffic rules whose application depends on local knowledge and context. This leads us to consider...
Preprint
Full-text available
Developing safe autonomous driving systems is a major scientific and technical challenge. Existing AI-based end-to-end solutions do not offer the necessary safety guarantees, while traditional systems engineering approaches are defeated by the complexity of the problem. Currently, there is an increasing interest in hybrid design solutions, integrat...
Article
Full-text available
The paper proposes a method for the correct by design coordination of autonomous driving systems (ADS). It builds on previous results on collision avoidance policies and the modeling of ADS by combining descriptions of their static environment in the form of maps, and the dynamic behavior of their vehicles. An ADS is modeled as a dynamic system inv...
Preprint
We discuss the adequacy of tests for intelligent systems and practical problems raised by their implementation. We propose the replacement test as the ability of a system to replace successfully another system performing a task in a given context. We show how it can characterize salient aspects of human intelligence that cannot be taken into accoun...
Preprint
Full-text available
Simulation is essential to validate autonomous driving systems. However, a simple simulation, even for an extremely high number of simulated miles or hours, is not sufficient. We need well-founded criteria showing that simulation does indeed cover a large fraction of the relevant real-world situations. In addition, the validation must concern not o...
Chapter
Autonomous Driving Systems (ADS) are critical dynamic reconfigurable agent systems whose specification and validation raises extremely challenging problems. The paper presents a multilevel semantic framework for the specification of ADS and discusses associated validation problems. The framework relies on a formal definition of maps modeling the ph...
Chapter
The paper proposes a method for the correct by design coordination of autonomous driving systems (ADS). It builds on previous results on collision avoidance policies and the modeling of ADS by combining descriptions of their static environment in the form of maps, and the dynamic behavior of their vehicles.An ADS is modeled as a dynamic system invo...
Article
We study a sound verification method for parametric component-based systems. The method uses a resource logic, a new formal specification language for distributed systems consisting of a finite yet unbounded number of components. The logic allows the description of architecture configurations coordinating instances of a finite number of types of co...
Article
Autonomous systems emerge from the need to progressively replace human operators by autonomous agents in a wide variety of application areas. We offer an analysis of the state of art in developing autonomous systems, focusing on design and validation, and showing that the multi-faceted challenges involved go well beyond the limits of weak AI. We ar...
Preprint
Full-text available
We study a sound verification method for parametric component-based systems. The method uses a resource logic, a new formal specification language for distributed systems consisting of a finite yet unbounded number of components. The logic allows the description of architecture configurations coordinating instances of a finite number of types of co...
Article
Full-text available
DR-BIP is an extension of the BIP component framework intended for programming reconfigurable systems encompassing various aspects of dynamism. It relies on architectural motifs to structure the architecture of a system and to coordinate its reconfiguration at runtime. An architectural motif defines a set of interacting components that evolve accor...
Preprint
Full-text available
Autonomous Driving Systems (ADS) are critical dynamic reconfigurable agent systems whose specification and validation raises extremely challenging problems. The paper presents a multilevel semantic framework for the specification of ADS and discusses associated validation problems. The framework relies on a formal definition of maps modeling the ph...
Article
We study a framework for the specification and validation of dynamic reconfigurable systems. The framework is based on configuration logic for the description of architecture styles which are families of architectures sharing common connectivity features. We express specifications in the Temporal Configuration Logic (TCL), a linear time temporal lo...
Article
We propose an automated method for computing inductive invariants used to proving deadlock freedom of parametric component-based systems. The method generalizes the approach for computing structural trap invariants from bounded to parametric systems with general architectures. It symbolically extracts trap invariants from interaction formulae defin...
Chapter
Full-text available
Reconfigurable systems are emerging in many application domains as reconfiguration can be used to cope with unpredictable system environments and adapt by delivering new functionality. The Dynamic Reconfigurable BIP (DR-BIP) framework is an extension of the BIP component framework enriched with dynamic exogenous reconfiguration primitives, intended...
Article
Full-text available
Modern systems evolve in unpredictable environments and have to continuously adapt their behaviour to changing conditions. The “DReAM” (Dynamic Reconfigurable Architecture Modelling) framework has been designed for modelling reconfigurable dynamic systems. It provides a rule-based language, inspired from Interaction Logic, which is expressive and e...
Chapter
Full-text available
We consider parameterized concurrent systems consisting of a finite but unknown number of components, obtained by replicating a given set of finite state automata.
Preprint
Full-text available
We consider parameterized concurrent systems consisting of a finite but unknown number of components, obtained by replicating a given set of finite state automata. Components communicate by executing atomic interactions whose participants update their states simultaneously. We introduce an interaction logic to specify both the type of interactions...
Chapter
Software systems have reached a level of complexity that demands new approaches to software design in order to support continuous adaptation to the changes in their internal and external environment. This implies the capability of capturing at design-time the dynamic features of systems that are composed of large numbers of interacting components i...
Preprint
We introduce a logical framework for the specification and verification of component-based systems, in which finitely many component instances are active, but the bound on their number is not known. Besides specifying and verifying parametric systems, we consider the aspect of dynamic reconfiguration, in which components can migrate at runtime on a...
Chapter
The concept of autonomy is key to the IoT vision promising increasing integration of smart services and systems minimizing human intervention. This vision challenges our capability to build complex open trustworthy autonomous systems. We lack a rigorous common semantic framework for autonomous systems. It is remarkable that the debate about autonom...
Chapter
Full-text available
We propose an automated method for computing inductive invariants used to proving deadlock freedom of parametric component-based systems. The method generalizes the approach for computing structural trap invariants from bounded to parametric systems with general architectures. It symbolically extracts trap invariants from interaction formulae defin...
Preprint
We consider concurrent systems consisting of a finite but unknown number of components, that are replicated instances of a given set of finite state automata. The components communicate by executing interactions which are simultaneous atomic state changes of a set of components. We specify both the type of interactions (e.g.\ rendez-vous, broadcast...
Chapter
Modern systems evolve in unpredictable environments and have to continuously adapt their behavior to changing conditions. The “DReAM” (Dynamic Reconfigurable Architecture Modeling) framework, has been designed for modeling reconfigurable dynamic systems. It provides a rule-based language, inspired from Interaction Logic, expressive and easy to use,...
Chapter
Full-text available
DR-BIP is an extension of the BIP component framework intended for programming reconfigurable systems encompassing various aspects of dynamism. A system is built from instances of types of components characterized by their interfaces. The latter consist of sets of ports through which data can be exchanged when interactions take place. DR-BIP allows...
Chapter
Full-text available
DR-BIP is an extension of the BIP component framework intended for programming reconfigurable systems encompassing various aspects of dynamism. It relies on architectural motifs to structure the architecture of a system and to coordinate its reconfiguration at runtime. An architectural motif defines a set of interacting components that evolve accor...
Article
Full-text available
The early validation of requirements aims to reduce the need for the high-cost validation testing and corrective measures at late development stages. This work introduces a systematic process for the unambiguous specification of system requirements and the guided derivation of formal properties, which should be implied by the system 's structure an...
Preprint
Full-text available
The Behavior-Interaction-Priority (BIP) framework, rooted in rigorous semantics, allows the construction of systems that are correct-by-design. BIP has been effectively used for the construction and analysis of large systems such as robot controllers and satellite on-board software. Nevertheless, the specification of BIP models is done in a purely...
Article
Full-text available
The Behavior-Interaction-Priority (BIP) framework, rooted in rigorous semantics, allows the construction of systems that are correct-by-design. BIP has been effectively used for the construction and analysis of large systems such as robot controllers and satellite on-board software. Nevertheless, the specification of BIP models is done in a purely...
Article
Full-text available
The advent of IoT is a great opportunity to reinvigorate Computing by focusing on autonomous system design. This certainly raises technology questions but, more importantly, it requires building new foundation that will systematically integrate the innovative results needed to face increasing environment and mission complexity. A key idea is to co...
Technical Report
Full-text available
DR-BIP is an extension of the BIP component framework intended for programming reconfigurable systems encompassing various aspects of dynamism. A system is built from instances of types of components characterized by their interfaces. The latter consist of sets of ports through which data can be exchanged when interactions take place. DR-BIP allows...
Preprint
We propose an automated method for computing inductive invariants applied to check deadlock-freedom for parametric component-based systems. The method generalizes the approach for computing structural trap invariants from bounded to parametric systems with general architectures. It symbolically extracts trap invariants from a monadic interaction fo...
Preprint
Full-text available
The Behavior-Interaction-Priority (BIP) framework, rooted in rigorous semantics, allows the construction of systems that are correct-by-design. BIP has been effectively used for the construction and analysis of large systems such as robot controllers and satellite on-board software. Nevertheless, the specification of BIP models is done in a purely...
Preprint
Modern systems evolve in unpredictable environments and have to continuously adapt their behavior to changing conditions. The "DReAM" (Dynamic Reconfigurable Architecture Modeling) framework, has been designed for modeling reconfigurable dynamic systems. It provides a rule-based language, inspired from Interaction Logic, which is expressive and eas...
Technical Report
Full-text available
The paper introduces DR-BIP, a formal framework for programming dynamic re-configurable systems. DR-BIP relies on architectural motifs to structure the architecture of a system and to coordinate its reconfiguration at runtime. An architectural motif defines a set of interacting components that evolve according to reconfiguration rules. With DR-BIP,...
Article
Full-text available
We present a criterion for checking local and global deadlock freedom of finite state systems expressed in BIP: a component-based framework for constructing complex distributed systems. Our criterion is evaluated by model-checking a set of subsystems of the overall large system. If satisfied in small subsystems, it implies deadlock-freedom of the o...
Article
Full-text available
This paper presents a theoretical foundation for functional language implementations of Behaviour–Interaction–Priority (BIP). We introduce a set of connector combinators describing synchronisation, data transfer, priorities and dynamicity in a principled way. A static type system ensures the soundness of connector semantics. Based on this foundati...
Poster
Full-text available
We have developed a design studio for modeling, analyzing, and generating Java code with BIP [1]. BIP is a framework for component-based design correct-by-construction applications. BIP is supported by a simple, yet powerful modular language with rigorous operational semantics. Additionally BIP is supported by a dedicated tool-set including code-ge...
Presentation
Full-text available
We present the WebGME-BIP design studio developed using the WebGME tool for the specification of architecture diagrams, which is a graphical language that describes architecture styles with rigorous semantics. WebGME is a novel, web- and cloud-based, collaborative, scalable (meta)modeling tool that supports the design of Domain Specific Modeling La...
Technical Report
Full-text available
In this case study, we apply the architecture-based design approach to the control software of the CubETH satellite. Architectures are a means for ensuring global coordination properties and thus, achieving correctness of complex systems by construction. The design approach comprises three main steps: 1) definition of a domain-specific taxonomy of...
Conference Paper
Full-text available
In this case study, we apply the architecture-based design approach to the control software of the CubETH satellite. Architectures are a means for ensuring global coordination properties and thus, achieving correctness of complex systems by construction. We illustrate the following three steps of the design approach: 1) definition of a domain-speci...
Conference Paper
Full-text available
BIP is a component-based framework for system design built on three pillars: behavior, interaction, and priority. In this paper, we introduce first-order interaction logic (FOIL) that extends BIP without priorities to systems parameterized in the number of components. We show that FOIL captures classical parameterized architectures such as token-pa...
Conference Paper
Full-text available
Architecture styles characterise families of architectures sharing common characteristics. We have recently proposed configuration logics for architecture style specification. In this paper, we study a graphical notation to enhance readability and easiness of expression. We study simple architecture diagrams and a more expressive extension, interva...
Technical Report
Full-text available
Architecture styles characterise not a single architecture but a family of architectures sharing common characteristics. We have recently proposed configuration logics for the description of architecture styles. In this paper, we define a graphical notation for architecture style specification to enhance readability and easiness of expression. Our...
Article
Full-text available
We study a framework for the specification of architecture styles as families of architectures involving a common set of types of components and coordination mechanisms. The framework combines two logics: 1) interaction logics for the specification of architectures as generic coordination schemes involving a configuration of interactions between ty...
Conference Paper
Full-text available
We study a framework for the specification of architecture styles as families of architectures involving a common set of types of components and coordination mechanisms. The framework combines two logics: (1) interaction logics for the specification of architectures as generic coordination schemes involving a configuration of interactions between t...
Article
Full-text available
Architectures depict design principles: paradigms that can be understood by all, allow thinking on a higher plane and avoiding low-level mistakes. They provide means for ensuring correctness by construction by enforcing global properties characterizing the coordination between components. An architecture can be considered as an operator A that, app...
Article
Electronic design automation (EDA) has enabled the integrated circuit industry to sustain exponentially increasing product complexity growth until today, while maintaining consistent product development timeline and costs. We argue that the success of EDA-based design relies on the application of four interrelated principles: 1) separation of conce...
Conference Paper
Full-text available
The aim of the paper is to present a theory agenda for component-based design based on results that motivated the development of the BIP component framework, to identify open problems and discuss further research directions. The focus is on proposing a semantically sound theoretical and general framework for modelling component-based systems and th...
Article
Full-text available
We advocate rigorous system design as a coherent and accountable model-based process leading from requirements to implementations. We present the state of the art in system design, discuss its current limitations, and identify possible avenues for overcoming them. A rigorous system design flow [3] is defined as a formal accountable and iterative pr...
Conference Paper
Full-text available
We consider two approaches for building component-based systems, which we call respectively architecture-based and architecture-agnostic. The former consists in describing coordination constraints in a purely declarative manner through parametrizable glue operators; it provides higher abstraction level and, consequently, stronger correctness by con...
Article
Full-text available
We propose invariant-based techniques for the efficient verification of safety and deadlock-freedom properties of component-based systems. Components and their interactions are described in the BIP language. Global invariants of composite components are obtained by combining local invariants of their constituent components with interaction invarian...
Article
Design is a universal concept. It links the immaterial world of concepts to the physical world. It is an essential area of human experience, expertise, and knowledge, which deals with our ability to mold our environment to satisfy material and spiritual needs. Design has two different connotations. One is simply a plan or a pattern for assembling...
Article
Using high level coordination primitives allows enhanced expressiveness of component-based frameworks to cope with the inherent complexity of present-day systems designs. Nonetheless, their distributed implementation raises multiple issues, regarding both the correctness and the runtime performance of the final implementation. We propose a novel ap...
Article
Full-text available
The correct and efficient implementation of general real-time applications remains very much an open problem. A key issue is meeting timing constraints whose satisfaction depends on features of the execution platform, in particular its speed. Existing rigorous implementation techniques are applicable to specific classes of systems, for example, wit...
Article
Full-text available
We present a sound but incomplete criterion for checking deadlock freedom of finite state systems expressed in BIP: a component-based framework for the construction of complex distributed systems. Since deciding deadlock-freedom for finite-state concurrent systems is PSPACE-complete, our criterion gives up completeness in return for tractability of...
Conference Paper
One of the main challenges in the design of real-time systems is how to derive correct and efficient implementations from platform-independent specifications. We present a general implementation method in which the application is represented by an abstract model consisting of a set of interacting components. The abstract model executes sequentially...
Article
One very important challenge in the field of multimedia is the implementation of fast and detailed Object Detection and Recognition systems. In particular, in the current state-of-the-art mobile multimedia systems, it is highly desirable to detect and ...
Article
Full-text available
Although distributed systems are widely used nowadays, their implementation and deployment are still time-consuming, error-prone, and hardly predictable tasks. In this paper, we propose a method for producing automatically efficient and correct-by-construction distributed implementations from a model of the application software in Behavior, Interac...
Article
The 2010 CAV (Computer-Aided Verification) award was awarded to Kenneth L. McMillan of Cadence Research Laboratories for a series of fundamental contributions resulting in significant advances in scalability of model checking tools. The annual award recognizes a specific fundamental contribution or a series of outstanding contributions to the CAV f...
Conference Paper
Cyber-physical systems (CPS) break with traditional systems such as desktop computers and servers, in various ways: (1) they are instrumented in order to interact with physical environments; (2) they are interconnected to allow interaction between people and objects in entirely new modes; (3) they must be smart to ensure predictability of events an...
Article
More than any other area in computer science, the interaction and boundary between science and engineering is blurred in the systems area, with cross fertilization from both directions. The systems panel will explore the past, present and future relationship between systems research and engineering practice. They will discuss the relationship betwe...
Article
Full-text available
Distributed decentralized implementation of systems of com-municating processes raises non-trivial problems. Correct execution of multiparty interactions, subject to priority rules, requires sophisticated mechanisms for runtime conflict detection and resolution. We propose a method for detection of false conflicts which combines partial observation...
Conference Paper
Full-text available
Dynamic architectures in which interactions between components can evolve during execution, are essential for modern computing systems such as web-based systems, reconfigurable middleware, wireless sensor networks and fault-tolerant systems. Currently, we lack rigorous frameworks for their modeling, development and implementation. We propose Dy-BIP...
Conference Paper
Rigorous system design requires the use of a single powerful component framework allowing the representation of the designed system at different levels of detail, from application software to its implementation. This is essential for ensuring the overall coherency and correctness. The paper introduces a rigorous design flow based on the BIP (Behavi...
Conference Paper
Rigorous system design requires the use of a single powerful component framework allowing the representation of the designed system at different levels of detail, from application software to its implementation. This is essential for ensuring the overall coherency and correctness. The paper introduces a rigorous design flow based on the BIP (Behavi...
Conference Paper
Full-text available
Embedded systems must interact with their real-time environment in a timely and dependable fashion. Most embedded-systems architectures and design processes consider "non-functional" properties such as time, energy, and reliability as an afterthought, when functional correctness has (hopefully) been achieved. As a result, embedded systems are often...
Article
Full-text available
We present a component-based software design flow for building parallel applications running on top of manycore platforms. The flow is based on the BIP - Behaviour, Interaction, Priority - component framework and its associated toolbox. It provides full support for modeling of application software, validation of its functional correctness, modeling...
Conference Paper
Full-text available
A grand challenge in complex embedded systems design is developing methods and tools for modeling and analyzing the behavior of an application software running on multicore or distributed platforms. We propose a rigorous method and a tool chain that allows to obtain a faithful model representing the behavior of a mixed hardware/software system from...
Article
Full-text available
Rigorous system design requires the use of a single powerful component framework allowing the representation of the designed system at different detail levels, from application software to its implementation. A single framework allows the maintenance of the overall coherency and correctness by comparing different architectural solutions and their p...
Conference Paper
Full-text available
We study glue operators used in component-based frameworks to obtain systems as the composition of atomic components described as labeled transition systems (LTS). Glue operators map tuples of LTS into LTS. They restrict the behavior of their arguments by performing memoryless coordination. In a previous paper, we have proposed a simple format for...
Article
Full-text available
Rigorous system design requires the use of a single powerful component framework allowing the representation of the designed system at different detail levels, from application software to its implementation. A single framework allows the maintenance of the overall coherency and correctness by comparing different architectural solutions and their p...