S4 S4 System Synthesis and Supervision, Scenarios Benoît Caillaud 20 March 2012

Objectives since last evaluation Embedded system design: foundations & applications Interfaces for reactive components Methodology: Contract-based design Modeling: Interface theories, modal specifications and their timed and stochastic extensions Composing: Compositional reasoning methods Algorithms & tools: Modal interfaces, contract-based design Supervisory control Opacity: control of information flow in open systems Petri-Net theory Synthesis: synthesis of concurrent/distributed systems 21 March 2012 Benoît Caillaud – S4- 2

People & competences 21 March 2012 Benoît Caillaud – S4- 3 Eric Badouel Models of concurrency & Petri nets, Supervisory Control, Timed systems Albert Benveniste Probability & statistics, Hybrid modeling Benoit Caillaud Models of concurrency & Petri nets, Probability & statistics, Supervisory Control, Hybrid modeling, Tool Development Philippe Darondeau Models of concurrency & Petri nets, Supervisory Control, Timed systems Axel Legay Probability & statistics, Timed systems Sophie Pinchinat Logics & Games, Supervisory Control, Timed systems

Topics and major results Contract-based design and interface theories Modal interfaces as an algorithmic foundation of contract-based reasoning (residuation of modal specifications) Quantitative interfaces: Timed modal specifications, Timed I/O automata, probabilistic contracts, constraint Markov chains Mica: Modal interface compositional analysis Ocaml library Supervisory control Opacity: optimal control of information flow in open systems Supervisory control of modal specifications of services Solution to the quasi-static scheduling problem Residuation of tropical power series Hybrid modeling (Synchronics LSIA) Non-standard semantics of hybrid systems Synchronous dataflow hybrid modeling language Petri-net theory PN-based synthesis of distributed controllers Decomposition theory for persistent PN 21 March 2012 Benoît Caillaud – S4- 4

Modal Interfaces Benoît Caillaud21 March 2012

Subsystem C Component E 21 March 2012 Benoît Caillaud – S4- 6 Modal Interfaces: algorithmic foundation of (A,G) contracts Specification algebra supporting: Specification algebra supporting: Contract-based design Contract-based design Independent implementability Independent implementability Multiple viewpoints Multiple viewpoints Compositional reasoning Compositional reasoning Efficient algorithms Efficient algorithms System A Subsystem B Component D × × × × << << << << << Cont ract B4 Cont ract B4 Cont ract B3 Cont ract B3 Cont ract B2 Cont ract B2 Cont ract E1 Cont ract E1 Cont ract B4 Cont ract B4 Cont ract B3 Cont ract B3 Cont ract B2 Cont ract B2 Cont ract D1 Cont ract D1 Cont ract B1 Cont ract B1 Cont ract B1 Cont ract B1 Cont ract B1 Cont ract B1 Cont ract C1 Cont ract C1 Cont ract B4 Cont ract B4 Cont ract B3 Cont ract B3 Cont ract B2 Cont ract B2 Cont ract B1 Cont ract B1 Cont ract B4 Cont ract B4 Cont ract B3 Cont ract B3 Cont ract B2 Cont ract B2 Cont ract A1 Cont ract A1 ? ?

Modal Interfaces Deterministic I/O modal transition system: transitions are given a label may or/and must may transitions are dashed must transitions are solid implementation: must everywhere refinement: simulation rel. strengthening must and weakening may extend Interface Automata, ~ conjunctive fragment μ-calculus, polynomial complexity (unlike μ-calculus) prototype tool Mica 21 March 2012 Benoît Caillaud – S4- 7 ab nack! ack! sent?nack! sent? ack! f A sent?, overload? overload?

Modal Interfaces: algebraic properties 21 March 2012 Benoît Caillaud – S4- 8

Opacity control Benoît Caillaud21 March 2012

Supervisory control for opacity in open systems 21 March 2012 Benoît Caillaud – S4- 10

Concurrent Secrets 21 March 2012 Benoît Caillaud – S4- 11

Hybrid Modeling Benoît Caillaud21 March 2012

The non-standard semantics of hybrid systems 21 March 2012 Benoît Caillaud – S4- 13 Programming/modeling language perspective: discrete synchronous real-time programming: solid foundations (constructive semantics,…) for languages and commercial tools (SCADE) hybrid modeling: commercial tools (Simulink, Dymola), however foundations are not as solid Better understand the combination of discrete and continuous components: non-standard semantics of hybrid systems: constructive semantics based on non-standard real analysis synchronization between continuous and discrete parts: zero-crossings compilation of a SDF hybrid language: type-checking & code-generation

The non-standard semantics of hybrid systems 21 March 2012 Benoît Caillaud – S4- 14

Industrial ties, impact, competition & future Benoît Caillaud21 March 2012

Industrial ties & impact Topic Contract-based design Hybrid modeling Impact Airbus/EADS, IAI 2 Pilot projects on Airbus applications (part of the SPEEDS and CESAR projects) Dassault Systems, Modelica Consortium Contribution to Modelica design meetings Discussions with DS 21 March 2012 Benoît Caillaud – S4- 16

Competition & Cooperation Topic Contract-/interface-based design Opacity control PN synthesis & applications Hybrid modeling Community / Applications Formal methods in computer science ……...(AA) System engineering…………………………….(A) DES control……………………….…………...(AA) Formal methods in computer science ……(AAA) Process mining…………………….……………(A) System / control engineering……………….....(A) 21 March 2012 Benoît Caillaud – S4- 17

Future plans S4 is not expected to continue after New team proposal is under construction with researchers from Vertecs/S4/Distribcom, led by Eric Fabre. Objective: modeling, analysis & management of distributed heterogeneous systems distribution = modularity, composition, concurrency heterogeneity = quantitative aspects, as time, probabilities, costs, performance… analysis = verification, test management = control, diagnosis, planning, optimization… Challenges: scale up to large / complex systems by abstractions, approximate analysis, parameterization… handle reconfigurable, partially known, open systems design distributed/modular management methods: modularity, multi-agent, games Applications: (large) open reconfigurable software (from embedded systems to web-services and distributed active documents) (very) large structured systems: SoS, telecommunication network management 21 March 2012 Benoît Caillaud – S4- 18

Future plans (Petri-net theory: complete handbook on Petri-net synthesis: 01/2013) Hybrid modeling: Synchronics LSIA & Parkas team Non-standard semantics, type system and modular compilation of a semi-explicit / algebraic synchronous hybrid modeling language Causality based partitioning of hybrid models; coupling numerical solvers Contributing to the synchronous extension of the Modelica language (Modrio & Sys2soft collab. projects) Modal interfaces: (Complete survey for The Proc. of the IEEE: 06/2012) increase expressivity while preserving tractability. from natural language requirements to executable models. 21 March 2012 Benoît Caillaud – S4- 19 High-level summary of research topics inherited from S4

Future plans Data-centric workflow management systems: Opacity in documents Distributed active documents Applications to e-learning (LIRIMA) Control & Games: Imperfect information cooperative game theory: tractable abstractions of large distributed systems. Adversarial game theory: attack-defense trees synthesis for security issues, control for privacy objectives in open systems (eg. social graphs). Logical foundations, automata-theoretical approaches, equilibria, … 21 March 2012 Benoît Caillaud – S4- 20

Thank you