In the increasingly networked world, reliability of applications becomes ever more critical as the number of users of, e.g., communication systems, web services, transportation etc., grows steadily. Management of networked systems, in a very general sense of the term, therefore is a crucial task, but also a difficult one.

*MExICo* strives to
take advantage of distribution by orchestrating cooperation between different agents that observe local subsystems,
and interact in a localized fashion.

The need for applying formal methods in the analysis and management of complex systems has long been recognized. It is with much less unanimity that the scientific community embraces methods based on asynchronous and distributed models. Centralized and sequential modeling still prevails.

However, we observe that crucial applications have increasing numbers of
users, that networks providing services grow fast both in the number of
participants and the physical size and degree of spatial distribution.
Moreover, traditional *isolated* and *proprietary* software
products for local systems are no longer typical for emerging applications.

In contrast to traditional centralized and sequential machinery for which purely functional specifications are efficient, we have to account for applications being provided from diverse and non-coordinated sources. Their distribution (e.g. over the Web) must change the way we verify and manage them. In particular, one cannot ignore the impact of quantitative features such as delays or failure likelihoods on the functionalities of composite services in distributed systems.

We thus identify three main characteristics of complex distributed systems that constitute research challenges:

*Concurrency* of behavior;

*Interaction* of diverse and semi-transparent components; and

management of *Quantitative* aspects of behavior.

The increasing size and the networked nature of communication systems,
controls, distributed services, etc. confront us with an ever higher degree
of parallelism between local processes. This field of application for
our work includes telecommunication systems and composite web
services. The challenge is to provide sound theoretical foundations and
efficient algorithms for management of such systems, ranging from
controller synthesis and fault diagnosis to integration and adaptation.
While these tasks have received considerable attention in the
*sequential* setting, managing *non-sequential* behavior requires
profound modifications for existing approaches, and often the development
of new approaches altogether. We see concurrency in distributed systems as
an opportunity rather than a nuisance. Our goal is to *exploit*
asynchronicity and distribution as an advantage. Clever use of adequate
models, in particular *partial order semantics* (ranging from
Mazurkiewicz traces to event structures to MSCs) actually helps in
practice. In fact, the partial order vision allows us to make causal
precedence relations explicit, and to perform diagnosis and test for the
dependency between events. This is a conceptual advantage that
interleaving-based approaches cannot match. The two key features of our
work will be *(i)* the exploitation of concurrency by using
asynchronous models with partial order semantics, and *(ii)*
distribution of the agents performing management tasks.

Systems and services exhibit non-trivial *interaction* between
specialized and heterogeneous components. A coordinated interplay of several
components is required; this is challenging since each of them has only a limited, partial view of the
system's configuration. We refer to this problem as *distributed
synthesis* or *distributed control*. An aggravating factor is that
the structure of a component might be semi-transparent, which requires a
form of *grey box management*.

Besides the logical functionalities of programs, the *quantitative*
aspects of component behavior and interaction play an increasingly
important role.

*Real-time* properties cannot be neglected even if time is not
an explicit functional issue, since transmission delays, parallelism,
etc, can lead to time-outs striking, and thus change even the logical
course of processes. Again, this phenomenon arises in telecommunications
and web services, but also in transport systems.

In the same contexts, *probabilities* need to be taken into
account, for many diverse reasons such as unpredictable functionalities,
or because the outcome of a computation may be governed by race
conditions.

Last but not least, constraints on *cost* cannot be ignored,
be it in terms of money or any other limited resource, such as memory
space or available CPU time.

Since the creation of *MExICo*, the weight of *quantitative* aspects in
all parts of our activities has grown, be it in terms of the models considered
(weighted automata and logics), be it in transforming verification or diagnosis verdict
into probabilistic statements (probabilistic diagnosis, statistical model checking),
or within the recently started SystemX cooperation on supervision in
multi-modal transport systems.
This trend is certain to continue over the next couple of years, along with
the growing importance of diagnosis and control issues.

In another development, the theory and use of partial order semantics has gained momentum in the past four years, and we intend to further strengthen our efforts and contacts in this domain to further develop and apply partial-order based deduction methods.

When no complete model of the underlying dynamic system is available, the analysis
of logs may allow to reconstruct such a model, or at least to infer some properties of interest; this activity,
which has emerged over the past 10 years on the international level, is referred to as **process mining**. In this emerging activity, we
have contributed to unfolding-based process discovery [CI-146], and the study of process alignments
[CI-121, CI-96, CI-83, CI-60, CI-33].

Finally, over the past years *biological* challenges have come to the center of our work, in two different directions:

**(Re-)programming in discrete concurrent models.**
Cellular regulatory networks exhibit highly complex
concurrent behaviours that is influenced by a high number of perturbations such as mutations. We are in particular
investigating discrete models, both in the form of boolean networks and of Petri nets, to harness this
complexity, and to obtain viable methods for two interconnected and central challenges:

find *attractors*, i.e. long-run stable states or sets of states, that indicate possible phenotypes of the
organism under study, and

determine *reprogramming* strategies that apply perturbations in such a way as to steer the
cellâs long-run behaviour into some desired phenotype, or away from an undesired one.

**Distributed Algorithms in wild or synthetic biological systems.**
Since the arrival of Matthias Fuegger in the team, we also work, on the multi-cell level, with a
distributed algorithmsâ view on microbiological systems, both with the goal to model and analyze existing
microbiological systems as distributed systems, and to design and implement distributed algorithms in
synthesized microbiological systems. Major long-term goals are drug production and medical treatment via synthesized bacterial colonies.

Concurrency; Semantics; Automatic Control ; Diagnosis ; Verification

Property of systems allowing some interacting processes to be executed in parallel.

The process of deducing from a
partial observation of a system aspects of the internal states or events of that system; in particular, *fault diagnosis* aims
at determining whether or not some non-observable fault event has
occurred.

Feeding dedicated input into an implemented system

It is well known that, whatever the intended form of analysis or control, a
*global* view of the system state leads to overwhelming numbers of
states and transitions, thus slowing down algorithms that need to explore
the state space. Worse yet, it often blurs the mechanics that are at work
rather than exhibiting them. Conversely, respecting concurrency relations
avoids exhaustive enumeration of interleavings. It allows us to focus on
`essential' properties of non-sequential processes, which are expressible
with causal precedence relations. These precedence relations are usually
called causal (partial) orders. Concurrency is the explicit absence of
such a precedence between actions that do not have to wait for one another.
Both causal orders and concurrency are in fact essential elements of a
specification. This is especially true when the specification is
constructed in a distributed and modular way. Making these ordering
relations explicit requires to leave the framework of state/interleaving
based semantics. Therefore, we need to develop new dedicated algorithms
for tasks such as conformance testing, fault diagnosis, or control for
distributed discrete systems. Existing solutions for these problems often
rely on centralized sequential models which do not scale up well.

*Fault Diagnosis* for discrete event systems is a crucial task in
automatic control. Our focus is on *event oriented* (as opposed to
*state oriented*) model-based diagnosis, asking e.g. the following
questions:

given a - potentially large - *alarm pattern*
formed of observations,

what are the possible *fault scenarios* in the system that
*explain* the pattern ?

Based on the observations, can we deduce whether or not a certain - invisible - fault has actually occurred ?

Model-based diagnosis starts from a discrete event model of the observed system - or rather, its relevant aspects, such as possible fault propagations, abstracting away other dimensions. From this model, an extraction or unfolding process, guided by the observation, produces recursively the explanation candidates.

In asynchronous partial-order based diagnosis with Petri nets
, , , one unfolds the
*labelled product* of a Petri net model *(configurations)* that explain *exactly*

Diagnosis algorithms have to operate in contexts with low observability,
i.e., in systems where many events are invisible to the supervisor.
Checking *observability* and *diagnosability* for the
supervised systems is therefore a crucial and non-trivial task in its own
right. Analysis of the relational structure of occurrence nets allows us
to check whether the system exhibits sufficient visibility to allow
diagnosis. Developing efficient methods for both verification of
*diagnosability checking* under concurrency, and the *diagnosis*
itself for distributed, composite and asynchronous systems, is an important
field for *MExICo*. In 2019,
a new property, manifestability, weaker than diagnosability (dual in some sense to opacity) has been studied in the context of automata and timed automata.

Distributed computation of unfoldings allows one to factor the unfolding of
the global system into smaller *local* unfoldings, by local
supervisors associated with sub-networks and communicating among each other.
In , , elements of a methodology for distributed computation of unfoldings between several supervisors, underwritten by algebraic
properties of the category of Petri nets have been developed. Generalizations, in particular
to Graph Grammars, are still do be done.

Computing diagnosis in a distributed way is only one aspect of a much
vaster topic, that of *distributed diagnosis* (see
, ). In fact, it involves a
more abstract and often indirect reasoning to conclude whether or not some
given invisible fault has occurred. Combination of local scenarios is in
general not sufficient: the global system may have behaviors that do not
reveal themselves as faulty (or, dually, non-faulty) on any local
supervisor's domain (compare , ).
Rather, the local
diagnosers have to join all *information* that is available to them
locally, and then deduce collectively further information from the
combination of their views. In particular, even the *absence* of
fault evidence on all peers may allow to deduce fault occurrence jointly, see
, .
Automatizing such procedures for the supervision and management of
distributed and locally monitored asynchronous systems is a long-term goal
to which *MExICo* hopes to contribute.

Hybrid systems constitute a model for cyber-physical systems which integrates continuous-time dynamics (modes) governed by differential equations, and discrete transitions which switch instantaneously from one mode to another. Thanks to their ease of programming, hybrid systems have been integrated to power electronics systems, and more generally in cyber-physical systems. In order to guarantee that such systems meet their specifications, classical methods consist in finitely abstracting the systems by discretization of the (infinite) state space, and deriving automatically the appropriate mode control from the specification using standard graph techniques.

Diagnosability of hybrid systems has also been studied through an abstraction / refinement process in terms of timed automata.

Assuring the correctness of concurrent systems is notoriously difficult due to the many unforeseeable ways in which the components may interact and the resulting state-space explosion. A well-established approach to alleviate this problem is to model concurrent systems as Petri nets and analyse their unfoldings, essentially an acyclic version of the Petri net whose simpler structure permits easier analysis .

However, Petri nets are inadequate to model concurrent read accesses to the same resource. Such situations often arise naturally, for instance in concurrent databases or in asynchronous circuits. The encoding tricks typically used to model these cases in Petri nets make the unfolding technique inefficient. Contextual nets, which explicitly do model concurrent read accesses, address this problem. Their accurate representation of concurrency makes contextual unfoldings up to exponentially smaller in certain situations. An abstract algorithm for contextual unfoldings was first given in . In recent work, we further studied this subject from a theoretical and practical perspective, allowing us to develop concrete, efficient data structures and algorithms and a tool (Cunf) that improves upon existing state of the art. This work led to the PhD thesis of César Rodríguez in 2014 .

Contextual unfoldings deal well with two sources of state-space explosion:
concurrency and shared resources. Recently, we proposed an improved data
structure, called *contextual merged processes* (CMP) to deal with
a third source of state-space explosion, i.e. sequences of choices.
The work on CMP is currently at an abstract level.
In the short term, we want to put this work into practice, requiring some
theoretical groundwork, as well as programming and experimentation.

Another well-known approach to verifying concurrent systems is
*partial-order reduction*, exemplified by the tool SPIN.
Although it is known that both partial-order reduction and unfoldings
have their respective strengths and weaknesses, we are not aware of any
conclusive comparison between the two techniques. Spin comes
with a high-level modeling language having an explicit notion of processes,
communication channels, and variables. Indeed, the reduction techniques
implemented in Spin exploit the specific properties of these features.
On the other side, while there exist highly efficient tools for unfoldings,
Petri nets are a relatively general low-level formalism, so these techniques
do not exploit properties of higher language features. Our work on contextual
unfoldings and CMPs represents a first step to make unfoldings exploit
richer models. In the long run, we wish raise the unfolding technique to a
suitable high-level modelling language and develop appropriate tool support.

Besides the logical functionalities of programs, the *quantitative*
aspects of component behavior and interaction play an increasingly
important role.

*Real-time* properties cannot be neglected even if time is not
an explicit functional issue, since transmission delays, parallelism,
etc, can lead to time-outs striking, and thus change even the logical
course of processes. Again, this phenomenon arises in telecommunications
and web services, but also in transport systems.

In the same contexts, *probabilities* need to be taken into
account, for many diverse reasons such as unpredictable functionalities,
or because the outcome of a computation may be governed by race
conditions.

Last but not least, constraints on *cost* cannot be ignored,
be it in terms of money or any other limited resource, such as memory
space or available CPU time.

Traditional mainframe systems were proprietary and (essentially) localized;
therefore, impact of delays, unforeseen failures, etc. could be considered
under the control of the system manager. It was therefore natural, in
verification and control of systems, to focus on *functional*
behavior entirely.

With the increase in size of computing system and the growing degree of compositionality and distribution, quantitative factors enter the stage:

calling remote services and transmitting data over the web creates *delays*;

remote or non-proprietary components are not “deterministic”, in the sense that their behavior is uncertain.

*Time* and *probability* are thus parameters
that management of distributed systems must
be able to handle; along with both, the *cost* of operations is often subject to restrictions,
or its minimization is at least desired.
The mathematical treatment of these features in
distributed systems is an important challenge,
which *MExICo* is addressing; the following describes our activities concerning probabilistic and
timed systems. Note that cost optimization is not a current activity but enters the picture in several intended activities.

Practical fault diagnosis requires to select explanations
of *maximal likelihood*. For partial-order based diagnosis,
this leads therefore to the question what the
probability of a given partially ordered execution is.
In Benveniste et al. , , we presented a model of stochastic processes, whose trajectories are partially ordered, based on local branching in Petri net unfoldings;
an alternative and complementary model based on
Markov fields is developed in ,
which takes a different view on the semantics
and overcomes the first model's restrictions on applicability.

Both approaches
abstract away from real time progress and randomize choices in *logical* time. On the other hand, the relative speed - and thus, indirectly, the real-time behavior of the system's local processes - are crucial factors determining the outcome of probabilistic choices, even if
non-determinism is absent from the system.

Distributed systems featuring non-deterministic and probabilistic aspects are usually hard to analyze and, more specifically, to optimize. Furthermore, high complexity theoretical lower bounds have been established for models like partially observed Markovian decision processes and distributed partially observed Markovian decision processes. We believe that these negative results are consequences of the choice of the models rather than the intrinsic complexity of problems to be solved. Thus we plan to introduce new models in which the associated optimization problems can be solved in a more efficient way. More precisely, we start by studying connection protocols weighted by costs and we look for online and offline strategies for optimizing the mean cost to achieve the protocol. We have been cooperating on this subject with the SUMO team at Inria Rennes; in the joint work ; there, we strive to synthesize for a given MDP a control so as to guarantee a specific stationary behavior, rather than - as is usually done - so as to maximize some reward.

Addressing large-scale probabilistic systems requires to face state explosion, due to both the discrete part and the probabilistic part of the model. In order to deal with such systems, different approaches have been proposed:

Restricting the synchronization between the components as in queuing networks allows to express the steady-state distribution of the model by an analytical formula called a product-form .

Some methods that tackle with the combinatory explosion for discrete-event systems can be generalized to stochastic systems using an appropriate theory. For instance symmetry based methods have been generalized to stochastic systems with the help of aggregation theory .

At last simulation, which works as soon as a stochastic operational semantic is defined, has been adapted to perform statistical model checking. Roughly speaking, it consists to produce a confidence interval for the probability that a random path fulfills a formula of some temporal logic .

We want to contribute to these three axes: (1) we are looking for product-forms related to systems where synchronization are more involved (like in Petri nets ); (2) we want to adapt methods for discrete-event systems that require some theoretical developments in the stochastic framework and, (3) we plan to address some important limitations of statistical model checking like the expressiveness of the associated logic and the handling of rare events.

Nowadays, software systems largely depend on complex timing constraints and usually consist of many interacting local components. Among them, railway crossings, traffic control units, mobile phones, computer servers, and many more safety-critical systems are subject to particular quality standards. It is therefore becoming increasingly important to look at networks of timed systems, which allow real-time systems to operate in a distributed manner.

Timed automata are a well-studied formalism to describe reactive systems that come with timing constraints. For modeling distributed real-time systems, networks of timed automata have been considered, where the local clocks of the processes usually evolve at the same rate . It is, however, not always adequate to assume that distributed components of a system obey a global time. Actually, there is generally no reason to assume that different timed systems in the networks refer to the same time or evolve at the same rate. Any component is rather determined by local influences such as temperature and workload.

This was one of the tasks of the ANR ImpRo.

Formal models for real-time systems, like timed automata and time Petri nets, have been extensively studied and have proved their interest for the verification of real-time systems. On the other hand, the question of using these models as specifications for designing real-time systems raises some difficulties. One of those comes from the fact that the real-time constraints introduce some artifacts and because of them some syntactically correct models have a formal semantics that is clearly unrealistic. One famous situation is the case of Zeno executions, where the formal semantics allows the system to do infinitely many actions in finite time. But there are other problems, and some of them are related to the distributed nature of the system. These are the ones we address here.

One approach to implementability problems is to formalize either syntactical or behavioral requirements about what should be considered as a reasonable model, and reject other models. Another approach is to adapt the formal semantics such that only realistic behaviors are considered.

These techniques are preliminaries for dealing with the problem of implementability of models. Indeed implementing a model may be possible at the cost of some transformation, which make it suitable for the target device. By the way these transformations may be of interest for the designer who can now use high-level features in a model of a system or protocol, and rely on the transformation to make it implementable.

We aim at formalizing and automating translations that preserve
both the timed semantics and the concurrent semantics. This effort is crucial
for extending concurrency-oriented methods for logical time, in particular for
exploiting partial order properties. In fact, validation and management - in a
broad sense - of distributed systems is not realistic *in general* without
understanding and control of their real-time dependent features; the link
between real-time and logical-time behaviors is thus crucial for many aspects of
*MExICo*'s work.

MExICo’s research is motivated by problems of system management in several domains, such as:

In the domain of service oriented computing, it is often necessary to insert some Web service into an existing orchestrated business process, e.g. to replace another component after failures. This requires to ensure, often actively, conformance to the interaction protocol. One therefore needs to synthesize adaptators for every component in order to steer its interaction with the surrounding processes.

Still in the domain of telecommunications, the supervision of a network tends to move from out- of-band technology, with a fixed dedicated supervision infrastructure, to in-band supervision where the supervision process uses the supervised network itself. This new setting requires to revisit the existing supervision techniques using control and diagnosis tools.

Currently, we have no active cooperation on these subjects.

We have begun in 2014 to examine concurrency issues in systems biology, and are currently enlarging the scope of our research’s applications in this direction. To see the context, note that in recent years, a considerable shift of biologists’ interest can be observed, from the mapping of static genotypes to gene expression, i.e. the processes in which genetic information is used in producing functional products. These processes are far from being uniquely determined by the gene itself, or even jointly with static properties of the environment; rather, regulation occurs throughout the expression processes, with specific mechanisms increasing or decreasing the production of various products, and thus modulating the outcome. These regulations are central in understanding cell fate (how does the cell differenciate ? Do mutations occur ? etc), and progress there hinges on our capacity to analyse, predict, monitor and control complex and variegated processes. We have applied Petri net unfolding techniques for the efficient computation of attractors in a regulatory network; that is, to identify strongly connected reachability components that correspond to stable evolutions, e.g. of a cell that differentiates into a specific functionality (or mutation). This constitutes the starting point of a broader research with Petri net unfolding techniques in regulation. In fact, the use of ordinary Petri nets for capturing regulatory network (RN) dynamics overcomes the limitations of traditional RN models : those impose e.g. Monotonicity properties in the influence that one factor had upon another, i.e. always increasing or always decreasing, and were thus unable to cover all actual behaviours. Rather, we follow the more refined model of boolean networks of automata, where the local states of the different factors jointly detemine which state transitions are possible. For these connectors, ordinary PNs constitute a first approximation, improving greatly over the literature but leaving room for improvement in terms of introducing more refined logical connectors. Future work thus involves transcending this class of PN models. Via unfoldings, one has access – provided efficient techniques are available – to all behaviours of the model, rather than over-or under-approximations as previously. This opens the way to efficiently searching in particular for determinants of the cell fate : which attractors are reachable from a given stage, and what are the factors that decide in favor of one or the other attractor, etc. Our current research focusses cellular reprogramming on the one hand, and distributed algorithms in wild or synthetic biological systems on the other. The latter is a distributed algorithms’ view on microbiological systems, both with the goal to model and analyze existing microbiological systems as distributed systems, and to design and implement distributed algorithms in synthesized microbiological systems. Envisioned major long-term goals are drug production and medical treatment via synthesized bacterial colonies. We are approaching our goal of a distributed algorithm’s view of microbiological systems from several directions: (i) Timing plays a crucial role in microbiological systems. Similar to modern VLSI circuits, dominating loading effects and noise render classical delay models unfeasible. In previous work we showed limitations of current delay models and presented a class of new delay models, so called involution channels. In [26] we showed that involution channels are still in accordance with Newtonian physics, even in presence of noise. (ii) In [7] we analyzed metastability in circuits by a three-valued Kleene logic, presented a general technique to build circuits that can tolerate a certain degree of metastability at its inputs, and showed the presence of a computational hierarchy. Again, we expect metastability to play a crucial role in microbiological systems, as similar to modern VLSI circuits, loading effects are pronounced. (iii) We studied agreement problems in highly dynamic networks without stability guarantees [28], [27]. We expect such networks to occur in bacterial cultures where bacteria communicate by producing and sensing small signal molecules like AHL. Both works also have theoretically relevant implications: The work in [27] presents the first approximate agreement protocol in a multidimensional space with time complexity independent of the dimension, working also in presence of Byzantine faults. In [28] we proved a tight lower bound on convergence rates and time complexity of asymptotic and approximate agreement in dynamic and classical static fault models. (iv) We are currently working with Manish Kushwaha (INRA), and Thomas Nowak (LRI) on biological infection models for E. coli colonies and M13 phages.

Analysis of metabolic networks in presence of biological (thermodynamical, kinetic, gene regulatory) constraints has been studied achieving a complete mathematical characterization of the solutions space at steady state (generalization of the elementary flux modes) and investigating related computing methods.

**Autonomous Vehicles.**
The validation of safety properties is a crucial concern for the design of computer guided systems, in
particular for automated transport systems. Our approach consists in analyzing the interactions of a randomized
environment (roads, cross-sections, etc.) with a vehicle controller.

**Multimodal Transport Networks.** We are interested in predicting and harnessing the propagation of perturbations across different transportation modes.

The article *Manifestability Verification of Discrete Event Systems* *Best Paper Award* of the
*30th International Workshop on Principles of Diagnosis DX'19*, Klagenfurt/Austria, November 2019.

The article *Sequential Reprogramming of Boolean Networks Made Practical* *Best Paper Award* of the conference on *Computational Models in Systems Biology* (CMSB 2019), Trieste/Italy, September 18-20, 2019.

Keyword: Model Checker

Functional Description: COSMOS is a statistical model checker for the Hybrid Automata Stochastic Logic (HASL). HASL employs Linear Hybrid Automata (LHA), a generalization of Deterministic Timed Automata (DTA), to describe accepting execution paths of a Discrete Event Stochastic Process (DESP), a class of stochastic models which includes, but is not limited to, Markov chains. As a result HASL verification turns out to be a unifying framework where sophisticated temporal reasoning is naturally blended with elaborate reward-based analysis. COSMOS takes as input a DESP (described in terms of a Generalized Stochastic Petri Net), an LHA and an expression Z representing the quantity to be estimated. It returns a confidence interval estimation of Z, recently, it has been equipped with functionalities for rare event analysis.

It is easy to generate and use a C code for discrete Simulink models (using only discrete blocks, which are sampled at fixed intervals) using MathWorks tools. However, it limits the expressivity of the models. In order to use more diverse Simulink models and control the flow of a multi-model simulation (with Discrete Event Stochastic Processes) we developed a Simulink Simulation Engine embedded into Cosmos.

COSMOS is written in C++

Participants: Benoît Barbot, Hilal Djafri, Marie Duflot-Kremer, Paolo Ballarini and Serge Haddad

Contact: Benoît Barbot

Functional Description: CosyVerif is a platform dedicated to the formal specification and verification of dynamic systems. It allows to specify systems using several formalisms (such as automata and Petri nets), and to run verification tools on these models.

Participants: Alban Linard, Fabrice Kordon, Laure Petrucci and Serge Haddad

Partners: LIP6 - LSV - LIPN (Laboratoire d'Informatique de l'Université Paris Nord)

Contact: Serge Haddad

Functional Description: Mole computes, given a safe Petri net, a finite prefix of its unfolding. It is designed to be compatible with other tools, such as PEP and the Model-Checking Kit, which are using the resulting unfolding for reachability checking and other analyses. The tool Mole arose out of earlier work on Petri nets.

Participant: Stefan Schwoon

Contact: Stefan Schwoon

Process mining techniques use event logs containing real process executions in order to mine, align and extend process models. The partition of an event log into trace variants facilitates the understanding and analysis of traces, so it is a common pre-processing in process mining environments. Trace clustering automates this partition; traditionally it has been applied without taking into consideration the availability of a process model. In this paper we extend our previous work on process model based trace clustering, by allowing cluster centroids to have a complex structure, that can range from a partial order, down to a subnet of the initial process model. This way, the new clustering framework presented in is able to cluster together traces that are distant only due to concurrency or loop constructs in process models. We show the complexity analysis of the different instantiations of the trace clustering framework, and have implemented it in a prototype tool that has been tested on different datasets.

Delay estimation is a crucial task in digital circuit design as it provides the possibility to assure the desired func-tionality, but also prevents undesired behavior very early. For this purpose elaborate delay models like the Degradation Delay Model (DDM) and the Involution Delay Model (IDM) have been proposed in the past, which facilitate accurate dynamic timing analysis: Both use delay functions that determine the delay of the current input transition based on the time difference

[Fuegger et al., IEEE TC 2016] proved that no existing digital circuit model, including those based on pure and inertial delay channels, faithfully captures glitch propagation: For the Short-Pulse Filtration (SPF) problem similar to that of building a one-shot inertial delay, they showed that every member of the broad class of bounded single-history channels either contradicts the unsolvability of SPF in bounded time or the solvability of SPF in unbounded time in physical circuits. In , we propose binary circuit models based on novel involution channels that do not suffer from this deficiency. Namely, in sharp contrast to bounded single-history channels, SPF cannot be solved in bounded time with involution channels, whereas it is easy to provide an unbounded SPF implementation. Hence, binary-valued circuit models based on involution channels allow to solve SPF precisely when this is possible in physical circuits. Additionally, using both Spice simulations and physical measurements of an inverter chain instrumented by high-speed analog amplifiers, we demonstrate that our model provides good modeling accuracy with respect to real circuits as well. Consequently , our involution channel model is not only a promising basis for sound formal verification, but also allows to seamlessly improve existing dynamic timing analysis.

Boolean networks (BNs) are widely used to model the qualitative dynamics of biological systems. Besides the logical rules determining the evolution of each component with respect to the state of its regulators, the scheduling of component updates can have a dramatic impact on the predicted behaviours. In , we explore the use of Read (contextual) Petri Nets (RPNs) to study dynamics of BNs from a concurrency theory perspective. After showing bi-directional translations between RPNs and BNs and analogies between results on synchronism sensitivity, we illustrate that usual updating modes for BNs can miss plausible behaviours, i.e., incorrectly conclude on the absence/impossibility of reaching specific configurations. We propose an encoding of BNs capitalizing on the RPN semantics enabling more behaviour than the generalized asynchronous updating mode. The proposed encoding ensures a correct abstraction of any multivalued refinement, as one may expect to achieve when modelling biological systems with no assumption on its time features.

We address the sequential reprogramming of gene regulatory networks modelled as Boolean networks.

Cellular reprogramming, a technique that opens huge opportunities in modern and regenerative medicine, heavily relies on identifying key genes to perturb. Most of the existing computational methods for controlling which attractor (steady state) the cell will reach focus on finding mutations to apply to the initial state. However, it has been shown, and is proved in our article , that waiting between perturbations so that the update dynamics of the system prepares the ground, allows for new reprogramming strategies. To identify such sequential perturbations, we consider a qualitative model of regulatory networks, and rely on Binary Decision Diagrams to model their dynamics and the putative perturbations. Our method establishes a set identification of sequential perturbations, whether permanent (mutations) or only temporary, to achieve the existential or inevitable reachability of an arbitrary state of the system. We apply an implementation for temporary perturbations on models from the literature, illustrating that we are able to derive sequential perturbations to achieve trans-differentiation.

The modelling of discrete regulatory networks combines a graph specifying the pairwise influences between the variables of the system, and a parametrisation from which can be derived a discrete transition system. Given the influence graph only, the exploration of admissible parametrisations and the behaviours they enable is computationally demanding due to the combinatorial explosions of both parametrisation and reachable state space. In , we introduce an abstraction of the parametrisation space and its refinement to account for the existence of given transitions, and for constraints on the sign and observability of influences. The abstraction uses a convex sub-lattice containing the concrete parametrisation space specified by its infimum and supremum parametrisations. It is shown that the computed abstractions are optimal, i.e., no smaller convex sublattice exists. Although the abstraction may introduce over-approximation, it has been proven to be conservative with respect to reachability of states. Then, an unfolding semantics for Parametric Regulatory Networks is defined, taking advantage of concurrency between transitions to provide a compact representation of reachable transitions. A prototype implementation is provided: it has been applied to several examples of Boolean and multi-valued networks, showing its tractability for networks with numerous components.

Parametric models abstract part of the specification of dynamical models by integral parameters. They are for example used in computational systems biology, notably with parametric regulatory networks, which specify the global architecture (interactions) of the networks, while parameterising the precise rules for drawing the possible temporal evolutions of the states of the components. A key challenge is then to identify the discrete parameters corresponding to concrete models with desired dynamical properties. Our work addresses the restriction of the abstract execution of parametric regulatory (discrete) networks by the means of static analysis of reachability properties (goal states). Initially defined at the level of concrete parameterised models, the goal-oriented reduction of dynamics is lifted to parametric networks, and is proven to preserve all the minimal traces to the specified goal states. It results that one can jointly perform the refinement of parametric networks (restriction of domain of parameters) while reducing the necessary transitions to explore and preserving reachability properties of interest.

CSLTA is a stochastic temporal logic for continuous-time Markov chains (CTMC) where formulas similarly to those of CTL* are inductively defined by nesting of timed path formulas and state formulas. In particular a timed path formula of CSLTA is specified by a single-clock Deterministic Timed Automaton (DTA). Such a DTA features two kinds of transitions: synchronizing transitions triggered by CTMC transitions and autonomous transitions triggered by time elapsing that change the location of the DTA when the clock reaches a given threshold. It has already been shown that CSLTA strictly includes stochastic logics like CSL and asCSL. An interesting variant of CSLTA consists in equipping transitions rather than locations by boolean formulas. In , we answer the following question: do autonomous transitions and/or boolean guards on transitions enhance expressiveness and/or conciseness of DTAs? We show that this is indeed the case. In establishing our main results we also identify an accurate syntactical characterization of DTAs for which the autonomous transitions do not add expressive power but lead to exponentially more concise DTAs.

In the early two-thousands, Recursive Petri nets have been introduced in order to model distributed planning of multi-agent systems for which counters and recursivity were necessary. Although Recursive Petri nets strictly extend Petri nets and stack automata, most of the usual property problems are solvable but using non primitive recursive algorithms, even for coverability and termination. For almost all other extended Petri nets models containing a stack the complexity of coverability and termination are unknown or strictly larger than EXPSPACE. In contrast, we establish in that for Recursive Petri nets, the coverability and termination problems are EXPSPACE-complete as for Petri nets. From an expressiveness point of view, we show that coverability languages of Recursive Petri nets strictly include the union of coverability languages of Petri nets and context-free languages. Thus we get for free a more powerful model than Petri net.

Matthias Fuegger is co-leading the Digicosme working group *HicDiesMeus* on *Highly Constrained Discrete Agents for Modeling Natural Systems*.

Stefan Haar is co-leading the Digicosme working group *TheoBioR* on *Computational methods for modelling and analysing biological networks*.

Thomas Chatain, Stefan Haar, Serge Haddad and Stefan Schwoon are participating in the ANR Project ALGORECELL.

Matthias Függer participates in the ANR project FREDDA on verification and synthesis of distributed algorithms.

Susanna Donatelli was invited professor of ENS Paris-Saclay during one month in January, working with Serge Haddad on the expressiveness and conciseness of temporal logic for Markov chains. This work was also coninued durin a visit of Serge Haddad at the university of Torino in March. Their joint work has led to a publication to appear in the international conference LATA 2020 at Milano.

Sven Dziadek, Sep-Nov 2019 (PhD student, Univ. Leipzig)

Juraj Kolc̆ák visited the SDM group of Hasuo Ichiro at NII Tokyo from August 2018 to February 2019, working in particular on differential logics.

Serge Haddad is a member of the stering committee of the International Conference on Application and Theory of Petri Nets and Concurrency.

Philippe Dague co-organized with Franck Delaplace the conference on *Computational Systems Biology for Complex Diseases*
on November 28-29, 2019 at ENS Paris-Saclay, which gathered around 80 participants.

Philippe Dague, as responsible of the working group BIOSS-IA (Systemic Symbolic Biology and Artificial Intelligence) of the GDR IA, organized the 2019 Day at Orléans on May 27.

Matthias Fuegger co-organized the CELLS workshop at DISC'19. The workshop covers topics from computing among a consortium of cells.

Stefan Haar co-directed with Benedikt Bollig the scientific and logistic organisation of the ForMal workshop at ENS Paris-Saclay on cross-fertilization between formal methods and machine learning.

Stefan Haar was co-chair and Serge Haddad was a member of the Scientific Committee (including organisational issues)
of the Digicosme Spring School on Formal Methods and Machine Learning held in June at Cachan *(ForMaL)*.

Stefan Haar was co-chair of program committee for the *40th International Conference on Application and Theory of Petri Nets and Concurrency*, Aachen, Germany, June 23-28, 2019.

Serge Haddad was a member of the PC of

the workshop PNSE associated with ATPN 2019, Aachen, Germany, and

the 12th International Conference on Performance Evaluation Methodologies and Tools (VALUETOOLS 2019), Palma de Mallorca, Spain.

Philippe Dague was a member of the program committee of the *30th International Workshop on Principles of Diagnosis DX'19*, Klagenfurt/Austria, November 2019.

Stefan Haar was

a member of the programm committee of
the *19th International Conference on Applications of Concurrency to Systems Design* *(ACSD 2019)*, Aachen, Germany, June 23-28, 2019, and

a member of the program committee of the *Workshop Algorithms & Theories for the Analysis of Event Data 2019*
(ATAED 2019).

Matthias Fuegger was

Steering commitee member of IEEE ASYNC'19 and

PC member of IEEE ASYNC'19 and IEEE DDECS'19.

Thomas Chatain was

a member of the programm committee of
the *19th International Conference on Applications of Concurrency to Systems Design* *(ACSD 2019)*, Aachen, Germany, June 23-28, 2019, and

a member of the program committee of the *1st International Conference on Process Mining (ICPM 2019)*

Lina Ye was a member of the program committee of the *17th International Workshop on Coordination and Self-adaptativeness of Software Applications*
(FOCLASA 2019).

Stefan Schwoon acted as reviewer for MFCS 2019, FSTTCS 2019, FOSSACS 2019,, TACAS 2019, and STACS 2020.

Lina Ye was

a reviewer of the *58th Conference on Decision and Control*
(CDC 2019), and

a reviewer of the *the 30th International Workshop on Principles of Diagnosis*
(DX 2019).

Stefan Haar is an associate editor for *Journal of Discrete Events Dynamic Systems: Theory and Application* (JDEDS).

Serge Haddad was a reviewer for the following journals:

Journal of Logical and Algebraic Methods in Programming,

Innovations in Systems and Software Engineering, and

Transactions on Petri Nets and Other Models of Concurrency.

Thomas Chatain was a reviewer for journals *Journal of Discrete Events Dynamic Systems: Theory and Application* (JDEDS) and Fundamenta Informaticae.

Stefan Schwoon was a reviewer for *Journal of Discrete Event Dynamic Systems* (JDEDS), *Transactions on Software Engineering* (TSE), *Petri Nets and Other Models of Concurrency* (ToPNoC), and Transactions on Programming Languages and Systems (TOPLAS).

Lina Ye is a reviewer for *Journal of IEEE Access* (IEEE Access).

Stefan Schwoon gave a talk in the Sybila seminar of Masaryk University, Brno, on *Diagnosis and Opacity in Partially Observable Systems*.

Serge Haddad is a member of the scientific and administrative council (CSA) of Labex CIMI of Toulouse and a member of the scientific orientation council (COS) of LIS of Marseille (UMR 7020).

Serge Haddad is Head of the Computer Science Department of ENS Paris-Saclay.

Stefan Haar is the president of Inria’s COST-GTRI.

Mathias Fuegger,

Master :

*Initiation à la recherche*¸ 10 h EQTD, M1, ENS Paris-Saclay, France

Stefan Haar,

Licence :
*Langages Formels*, EQTD, L3, ENS Paris-Saclay, France;

Master :

*Analyse de la dynamique des systèmes biologiques*¸ 10 h EQTD, M1, Université PAris-Saclay, France

*Initiation à la recherche*¸ 10 h EQTD, M1, ENS Paris-Saclay, France

*Module SPECIF* , 12 h EQTD, M1, UPMC, France.

Serge Haddad is head of the Computer Science department of ENS Paris-Saclay. He teaches basic and advanced algorithmics (L3) and probabilistic features of computer science (M1).

Stefan Schwoon

Responsable L3 Informatique, ENS Paris-Saclay

Enseignement au M1 MPRI : cours *Initiation à la Vérification* (22,5h)

Enseignement au L3 Info : cours *Architecture et Système* (45h), projet *Programmation orienté objet* (15h), TD *Langages Formels* (22,5h)

Enseignement à l'Aggrétation Maths Option Informatique: cours *Algorithmique* (22,5h)

Serge Haddad is supervising with Alain Finkel the PhD thesis of Igor Khmelnitsky on Verification of infinite-state systems and machine learning.

Stefan Haar has been supervising, with Co-superviser Loic Paulevé at LABRI, the PhD theses of

Hugues Mandon, *Models and Algorithms for cellular reprogramming strategies prediction*, ENS Paris-Saclay, defended on Nov. 19, 2019, and

Juraj Kolc̆ák, *Parametric Logical Regulatory Networks*, PhD research started in March 2017.

Thomas Chatain has been supervising, with co-superviser Josep
Carmona at Universitat Politècnica de Catalunya (Barcelona, Spain), the PhD
thesis of Mathilde Boltenhagen, *Optimization Techniques for
Conformance Checking and Model Repair in Process Mining*, PhD research
started in November 2018.

Lina Ye has been supervising, with Co-superviser Philippe Dague at LRI, the PhD these of Lulu He, *Robustness Analysis of Real-Time Systems*, PhD research started in February 2019.

Philippe Dague was *garant* and member of the HdR jury of Sabine Peres, and a member of the HdR jury of Jean-Marie Lagniez.

Serge Haddad was the president of the PhD committee of Mauricio Gonzalez defended at ENS Paris-Saclay in November.

Thomas Chatain has been a jury member for the PhD defense of Samy Jaziri (supervisers Patricia Bouyer-Decitre et Nicolas Markey) at Université Paris-Saclay in September 2019.

Thomas Chatain has been a jury member for the SIF PhD award (Prix de thèse Gilles Kahn 2019).

Stefan Haar has been the president of COST-GTRI.