Our contribution. A whole set of theories, methods and tools of analysis has been developed separately for TPNs and NTA. Yet we know that these mod- els are very close, but nevertheless have subtle differences that have prevented until now to actually factorize research and development of associated technolo- gies. The objective of the paper is to introduce an intermediate model capable of modeling both TPNs and NTA. This intermediate model is inspired from Clocked **Transition** **Systems** [12] but with only integer variables and with high level functions, its semantics is a Timed **Transition** **Systems** [13] and we called it Clock **Transition** System (CTS for short). Clock **Transition** System is designed to incorporate the advantages of the structure of Petri nets, while introducing explicitly the concept of clocks. Transitions in the network can be guarded by an expression on the clocks and reset a subset of them as in timed automata. The urgency may be introduced by a separate description of invariants. These are associated with a marking of the Clock **Transition** System, which plays the same role as the state in a timed automaton. Armed with these merits, the Clock **Transition** System models seems a good candidate to serve as an intermediate model to factor out the upcoming theoretical and practical developments in the TPNs and the NTA scientific communities.

En savoir plus
Keywords: Input Output Symbolic **Transition** **Systems**, Functions sum- maries, Symbolic Execution, **Transition** coverage.
1 Introduction
Many testing theories and algorithms use Symbolic Execution (SE) techniques [10]. In the last decade, it has received much attention and has been incorporated in several testing tools such as NASA’s Symbolic (Java) PathFinder [29], UIUC’s CUTE and jCUTE [21], UC Berkeley’s CREST [13], and the CEA’s PathCrawler [28] and DIVERSITY tools [15]. In particular, for the latter one, SE has been adapted for models using variants of abstract labeled **transition** **systems**, namely Input Output Symbolic **Transition** **Systems** (IOSTS) [17]. Symbolic trees representing all possible execution paths of the model (up to some coverage goals) are com- puted by executing the model with variables instead of concrete values. For a particular path, a constraint on these variables, called path condition, charac- terizes concrete values ensuring its execution. Sequences of concrete test inputs

En savoir plus
Event algebra for **transition** **systems** composition application to timed automata
Elie Fares 1 • Jean-Paul Bodeveix1G) · Mamoun Filali 2
Abstract Formal specification languages bave a lot of notions in common. They ail intro duce entities usually called processes, offer similar operators, and most importantly define tbeir operational semantics based on labelled **transition** **systems** (LTS). However, eacb lan guage defines specific syncbronizing and/or memory structures. For instance, in CSP, the syncbronization is defined between identical events, while in CCS and in syncbronization vectors-based views it is defined respectively between complementary events or between possibly different events. In tbis paper, we aim at capturing some similarities of specification languages by defining a label-based formai framework for reasoning on LTS, their seman-tics and related properties. Firstly, we define a higb-level synchronization mechanism in the form of an abstract label structure and identify some properties. Theo, we introduce oper-ators for composing and transforrning label structures, study tbeir intrinsic properties and explore bow label structure properties propagate. Secondly, we introduce a LTS-based bebav-ioral framework. We tben lift the label structure composition and transformation operators to the LTS level and establish LTS-related properties derived from tbose of tbeir underlying labelled structures. Thirdly, we consider extended **transition** **systems**, more specifically timed automata, as LTS built on top of specific labelled structures. Tbeir semantics is reconstructed by applying operators of our framework on the syntactic LTS, whicb allows the direct proof of some semantic properties such as compositionality.

En savoir plus
This paper focuses on **systems** whose **transition** relation is expressed in Presburger arithmetic. Integer Numerical **Transition** **Systems**, (denoted INTS throughout this pa- per), also known as counter automata, counter **systems**, or counter machines, are an infinite-state extension of the model of finite-state boolean **transition** **systems**, a model extensively used in the area of software verification [10]. The interest for INTS comes from the fact that they can encode various classes of **systems** with unbounded (or very large) data domains, such as hardware circuits, cache memories, or software **systems** with variables of non-primitive types, such as integer arrays, pointers and/or recursive data structures.

En savoir plus
Until then, the clock calculus on ccsl specification was performed step by step up to a predefined number of steps. This work is an attempt to support exhaustive analysis of ccsl specification. When ccsl operators are represented as **transition** **systems**, their composition is the synchronized product of the tran- sition **systems**. However, this causes termination problems when the **transition** **systems** have an infinite number of states. In this paper, an algorithm for the parallel execution of automata representing ccsl operators is proposed. It has been implemented in a prototype tool. This algorithm supports ccsl unbounded operators. The infinite data structure is unfolded on demand using a lazy evalua- tion technique. This is a significant evolution on previous verification techniques for ccsl [5,6] that were only considering a subset of operators a priori bounded.

En savoir plus
This problem has been the motivation for the development of a theory of en- hancements, summarised in [18]. Expressed in the general fixed-point theory on complete lattices, this theory has been fully developed for both strong and weak bisimilarity, in the case of first-order labelled **transition** **systems** (LTSs) where transitions represent pure synchronisations among processes. In this framework, up-to techniques are represented using compatible functions, whose class enjoys nice algebraic properties. This allows one to derive complex up-to techniques al- gebraically, by composing simpler techniques by means of a few operators.

En savoir plus
Fig. 2: An implementation of the simple email system in Fig. 1 in which we explicitly model two distinct types of email pre-processing.
organized by Joseph Sifakis in Grenoble, 3
was aiming at providing a behavioral compositional speciﬁcation formalism for reactive **systems**. At the time of the introduction of MTS, there were two predominant approaches to speciﬁcations formalisms and veriﬁcation methods for reactive and concurrent **systems**: logical approaches where a speciﬁcation is a set of properties of implementations (labeled **transition** **systems**), and graphical approaches promoted by the various process algebras, where implementations and speciﬁcations are **systems** of the same kind – namely labeled **transition** **systems**, and veriﬁcation amounts to compare such

En savoir plus
Denmark {crt,kgl}@cs.aau.dk
We develop a general framework for reasoning about distances between **transition** **systems** with quan- titative information. Taking as starting point an arbitrary distance on system traces, we show how this leads to natural definitions of a linear and a branching distance on states of such a **transition** system. We show that our framework generalizes and unifies a large variety of previously considered system distances, and we develop some general properties of our distances. We also show that if the trace distance admits a recursive characterization, then the corresponding branching distance can be obtained as a least fixed point to a similar recursive characterization. The central tool in our work is a theory of infinite path-building games with quantitative objectives.

En savoir plus
Prominent among specification theories is the one of modal **transition** **systems** [30– 32, 36, 40], which are labeled **transition** **systems** equipped with two types of transi- tions: must transitions that are mandatory for any implementation, and may tran- sitions which are optional. In recent work [7, 8, 10, 35], modal **transition** **systems** have been extended by adding richer information to the usual discrete label set of **transition** **systems**, permitting to reason about quantitative aspects of models and specifications. These quantitative labels can be used to model and analyze e.g. tim- ing [19, 34], resource usage [8, 42], or energy consumption [15, 25].

En savoir plus
Abstract
Simulation distances are essentially an approximation of simulation which provide a measure of the extent by which behaviors in **systems** are inequiv- alent. In this paper, we consider the general quantitative model of weighted **transition** **systems**, where transitions are labeled with elements of a ﬁnite metric space. We study the so-called point-wise and accumulating simula- tion distances which provide extensions to the well-know Boolean notion of simulation on labeled **transition** **systems**.

Low Level timed models. In [11], the authors introduce the abstract notion of timed **transition** **systems** allowing to give the formal semantics of a real-time system as a set of timed execution sequences. They incorporate time into classical **transition** **systems** by assuming that all discrete transitions happen instan- taneously while real time constraints restrict the times at which discrete **transition** may occur. Timed **transition** **systems** (TTS) are defined in [15] as a basic semantical model for real-time **systems** which is a labelled **transition** system with two type of labels: atomics actions and delay actions (i.e. positive reals) representing discrete and continuous changes of real-time **systems**.

En savoir plus
Korrigan speciﬁcation language. This ADL enables one to describe component architectures formally, at a good abstraction level, using expressive interaction structuring mechanisms based on modal logic. Both operations, their semantics and the behaviours of components are taken into account thanks to the use of Symbolic **Transition** **Systems** (STS), a mixed speciﬁcation model supporting the integration of fully formal data types into behaviours. We also addressed the veriﬁcation of component architectures through analysis techniques dedicated to the use of STS in the context of interacting components. This enables one to avoid the well-known state explosion problem arising when verifying behavioural protocols integrating data types into lower level formal models such as Labelled **Transition** **Systems** (LTS).

En savoir plus
Keywords: Input Output Symbolic **Transition** **Systems**, Program Con- tracts, Model-based Testing, Symbolic Execution, Feasibility.
1 Introduction
Symbolic **transition** **systems**, such as Input Output Symbolic **Transition** **Systems** (IOSTS) [11] are a classical reference modeling framework for model-based test- ing of reactive **systems**. They provide a convenient abstraction of the behaviors of such **systems** by modeling system state evolution using variable assignments. The symbolic execution tree of an IOSTS characterizes the different classes of numeric executions. Each path defines a sequence of symbolic inputs and out- puts, and a path condition which is a formula constraining the values exchanged (inputs or outputs) with the environment of the system. It is possible to use such paths as reference symbolic behaviors to be tested (i.e. as test purposes). In [11], we have proposed a framework to analyze IOSTS both to extract such

En savoir plus
Keywords: Input Output Symbolic **Transition** **Systems**, Program Con- tracts, Model-based Testing, Symbolic Execution, Feasibility.
1 Introduction
Symbolic **transition** **systems**, such as Input Output Symbolic **Transition** **Systems** (IOSTS) [11] are a classical reference modeling framework for model-based test- ing of reactive **systems**. They provide a convenient abstraction of the behaviors of such **systems** by modeling system state evolution using variable assignments. The symbolic execution tree of an IOSTS characterizes the different classes of numeric executions. Each path defines a sequence of symbolic inputs and out- puts, and a path condition which is a formula constraining the values exchanged (inputs or outputs) with the environment of the system. It is possible to use such paths as reference symbolic behaviors to be tested (i.e. as test purposes). In [11], we have proposed a framework to analyze IOSTS both to extract such

En savoir plus
Rapport de recherche INRIA-HAL nb inria-00402942 — October 16, 2013 — 32 pages
Abstract
Linear implication can represent state transitions, but real **transition** **systems** operate under temporal, stochastic or probabilistic constraints that are not directly representable in ordinary linear logic. We propose a general modal extension of intuitionistic linear logic where logical truth is indexed by constraints and hybrid connectives combine constraint reasoning with logical reasoning. The logic has a focused cut- free sequent calculus that can be used to internalize the rules of particular constrained **transition** **systems**; we illustrate this with an adequate encoding of the synchronous stochastic pi-calculus. We also present some preliminary experiments of direct encoding of biological **systems** in the logic.

En savoir plus
I. I NTRODUCTION
For the past three decades, specification languages such as CSP [17], CCS [16], LOTOS [10], Altarica [5], and BIP [6] have proven valuable in the specification and design of concurrent and distributed **systems**. The behavioral aspects of these languages share a common base since they all define their operational semantics in terms of labeled **transition** **systems** (LTS). Yet, the difference lies in the synchronizing structure of the labels of these **systems**. For example in CSP the synchronization is defined between two identical events, while in CCS and in synchronization vectors-based views, it is defined respectively between complementary events or between possibly different events. Through the years, the basic versions of some of these languages have been extended by time, memory, and priority notions. Accordingly, other for- malisms have emerged in order to model the semantics of these extensions. For example, we can cite Alur and Dill’s timed au- tomata [3] and Henzinger et al’s timed **transition** **systems** [11] that both capture the time addition or the semantic model of [19] used to model the priorities. However, even though the rules of the composition operations of these formalisms are the same in nature (synchronous and asynchronous rules), they are well distinguished in reality, maybe because of the specific attributes that come with each formalism. A distinct composition operation is then introduced for each defined formalism.

En savoir plus
VI. C ONCLUSION
We have presented a formal semantic framework for study- ing, defining, and manipulating the composition of extended **transition** **systems** based on the composition of their labels. The framework is based on the idea of defining a label structure containing a composition operator. Depending on the language in question, a different label structure is defined and thus different composition laws are integrated. The label structure is then used as a parameter of labeled **transition** **systems** which describe the common semantic domain of the considered languages. We believe that the suggested parametrization of the behavioral framework is a promising work and may represent, especially with the perspectives we have, the first step towards giving a unified formal semantic framework for different process algebras and specification languages.

En savoir plus
In this section, we show how the previous semantic constructions could be generalized by attaching behaviors to label structures. Up to now, a label structure defines how labels are composed and consequently how labelled **transition** **systems** are composed. The attached LTS, acting as a controller, is used to build the semantics of a LTS. We apply the same methodology as for timed automata: starting from a syntactic LTS built on a product label structure L S u ⊗ LS m (user and medium label structures), its semantics will be defined over a label structure L S u ⊗ LS m !? ⊕ LS c through a composition with a contoller over L S u ⊕ LS c . As before, we give two semantics, one called standard, the other called revised to keep the same vocabulary as for timed automata.

En savoir plus
Implementations can also be represented within the modal **transition** system for- malism, simply as specifications without may transitions. Hence any implementation choice has been resolved, and implementations are plain labeled **transition** **systems**. Formally, for a labeled **transition** system to be an implementation of a given spec- ification, we require that the states of the two objects are related by a refinement relation with the property that all behavior required (must) by the specification has been implemented, and that any implementation behavior was permitted (may) in the specification. Figure 2 shows an implementation of our email specification with two different checks, leading to distinct processing states. Note that a simple system without any check at all, hence only able to receive and deliver email, is also an implementation of the specification.

En savoir plus
Albeit the extensions mentioned above allow for a quantitative treatment of au- tomata behaviors, the operations on weighted modal **transition** **systems** remain quali- tative. Especially, the refinement relation of modal **transition** **systems** is qualitative in nature, i.e. an implementation does, or does not, refine a specification. Such a view may be fragile in the sense that the inevitable approximation of **systems** by models, com- bined with the fundamental unpredictability of hardware platforms, make difficult to transfer conclusions about the behavior to the actual system. Hence, this approach is arguably unsuited for modern software **systems**. In [5], the first quantitative extension of modal automata was proposed. This model allows to capture quantitative aspects during the refinement and implementation process, thus leveraging the problems of the qualitative setting.

En savoir plus