Formal Techniques for Distributed Objects, Components, and Systems: 40th IFIP WG 6.1 International Conference, FORTE 2020, Held as Part of the 15th International Federated Conference on Distributed Computing Techniques, DisCoTec 2020, Valletta, Malta, June 15–19, 2020, Proceedings

Moving block railway systems are the next generation signalling systems currently under development as part of the Shift2Rail European initiative, including autonomous driving technologies. In this paper, we model a suitable abstraction of a moving block signalling system with autonomous driving as a stochastic priced timed game. We then synthesise safe and optimal driving strategies for the model by applying advanced techniques that combine statistical model checking with reinforcement learning as provided by Uppaal Stratego. Hence, we show the applicability of Uppaal Stratego in this concrete case study.

[1]  Rocco De Nicola,et al.  Revisiting Trace and Testing Equivalences for Nondeterministic and Probabilistic Processes , 2012, Log. Methods Comput. Sci..

[2]  Bernardo Toninho,et al.  Manifest Deadlock-Freedom for Shared Session Types , 2019, ESOP.

[3]  Achour Mostéfaoui,et al.  Evaluating the condition-based approach to solve consensus , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[4]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[5]  Rachid Guerraoui,et al.  Non-blocking atomic commit in asynchronous distributed systems with failure detectors , 2002, Distributed Computing.

[6]  Robert Givan,et al.  Bounded-parameter Markov decision processes , 2000, Artif. Intell..

[7]  Stratis Viglas,et al.  ATOM: Atomic Durability in Non-volatile Memory through Hardware Logging , 2017, 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[8]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[9]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[10]  Michel Raynal A case study of agreement problems in distributed systems: non-blocking atomic commitment , 1997, Proceedings 1997 High-Assurance Engineering Workshop.

[11]  Albert Benveniste,et al.  programmi language and its , 2001 .

[12]  Nir Shavit,et al.  Transactional Locking II , 2006, DISC.

[13]  Axel Legay,et al.  Statistical abstraction and model-checking of large heterogeneous systems , 2010, International Journal on Software Tools for Technology Transfer.

[14]  Lijun Zhang,et al.  Probabilistic bisimulation for realistic schedulers , 2018, Acta Informatica.

[15]  Gethin Norman,et al.  Model checking for probabilistic timed automata , 2012, Formal Methods in System Design.

[16]  Nobuko Yoshida,et al.  Multiparty asynchronous session types , 2008, POPL '08.

[17]  Rajesh K. Gupta,et al.  NV-Heaps: making persistent objects fast and safe with next-generation, non-volatile memories , 2011, ASPLOS XVI.

[18]  Helmut Veith,et al.  Tutorial on Parameterized Model Checking of Fault-Tolerant Distributed Algorithms , 2014, SFM.

[19]  T. Henzinger,et al.  Model-Checking ω-Regular Properties of Interval Markov Chains , 2008 .

[20]  Mahesh Viswanathan,et al.  Model-Checking Markov Chains in the Presence of Uncertainties , 2006, TACAS.

[21]  Mark Moir,et al.  Towards formally specifying and verifying transactional memory , 2009, Formal Aspects of Computing.

[22]  Davide Ancona,et al.  Behavioral Types in Programming Languages , 2016, Found. Trends Program. Lang..

[23]  Jos C. M. Baeten,et al.  A Congruence Theorem for Structured Operational Semantics with Predicates , 1993, CONCUR.

[24]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[25]  Pedro R. D'Argenio,et al.  On the Expressive Power of Schedulers in Distributed Probabilistic Systems , 2009, Electron. Notes Theor. Comput. Sci..

[26]  Kiraku Minami,et al.  Trace Equivalence and Epistemic Logic to Express Security Properties , 2019, FORTE.

[27]  Patrick Lincoln,et al.  A formally verified algorithm for interactive consistency under a hybrid fault model , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[28]  Adam Shimi,et al.  Derivation of Heard-of Predicates from Elementary Behavioral Patterns , 2020, FORTE.

[29]  Vasco Thudichum Vasconcelos,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 1998, SecReT@ICALP.

[30]  Ranjit Jhala,et al.  Verifying distributed programs via canonical sequentialization , 2017, Proc. ACM Program. Lang..

[31]  Bernd Finkbeiner,et al.  Temporal Logics for Hyperproperties , 2013, POST.

[32]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[33]  Limin Jia,et al.  Monitors and blame assignment for higher-order session types , 2016, POPL.

[34]  Dimitrios Kouzapas,et al.  Typechecking protocols with Mungo and StMungo: A session type toolchain for Java , 2017, Sci. Comput. Program..

[35]  Éric Tanter,et al.  Foundations of Typestate-Oriented Programming , 2014, ACM Trans. Program. Lang. Syst..

[36]  Kim G. Larsen,et al.  Timed Automata Can Always Be Made Implementable , 2011, CONCUR.

[37]  Igor Konnov,et al.  Tutorial: Parameterized Verification with Byzantine Model Checker , 2020, FORTE.

[38]  John Derrick,et al.  Verifying Opacity of a Transactional Mutex Lock , 2015, FM.

[39]  Bernd Westphal,et al.  Optimizing guard time for TDMA in a wireless sensor network - Case study , 2014, 39th Annual IEEE Conference on Local Computer Networks Workshops.

[40]  Gary Brown,et al.  Scribbling Interactions with a Formal Foundation , 2011, ICDCIT.

[41]  Houssam Abbas,et al.  WiP abstract: Conformance testing as falsification for cyber-physical systems , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[42]  Rami Gökhan Kici,et al.  Pretend Synchrony , 2018 .

[43]  Borzoo Bonakdarpour,et al.  Runtime Verification of k-Safety Hyperproperties in HyperLTL , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[44]  Nobuko Yoshida,et al.  Hybrid Session Verification Through Endpoint API Generation , 2016, FASE.

[45]  Sam Toueg,et al.  Simulating authenticated broadcasts to derive simple fault-tolerant algorithms , 1987, Distributed Computing.

[46]  Joseph Sifakis,et al.  Model-Based Implementation of Parallel Real-Time Systems , 2013, FASE.

[47]  Saikat Guha,et al.  Bootstrapping Privacy Compliance in Big Data Systems , 2014, 2014 IEEE Symposium on Security and Privacy.

[48]  Bernd Finkbeiner,et al.  Facets of Software Doping , 2016, ISoLA.

[49]  Ethan Buchman,et al.  Tendermint: Byzantine Fault Tolerance in the Age of Blockchains , 2016 .

[50]  Guy E. Blelloch,et al.  Delay-Free Concurrency on Faulty Persistent Memory , 2018, SPAA.

[51]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[52]  Kohei Honda,et al.  An Interaction-based Language and its Typing System , 1994, PARLE.

[53]  Mathieu Cunche,et al.  A Generic Information and Consent Framework for the IoT , 2019, 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[54]  Andrew G. Barto,et al.  Learning to Act Using Real-Time Dynamic Programming , 1995, Artif. Intell..

[55]  Sebastian Junges,et al.  Alternating Weak Automata from Universal Trees , 2019, CONCUR.

[56]  Bernd Westphal,et al.  Formal approach to guard time optimization for TDMA , 2013, RTNS '13.

[57]  Jan Krcál,et al.  Probabilistic Bisimulations for PCTL Model Checking of Interval MDPs (extended version) , 2014, SynCoP.

[58]  Nobuko Yoshida,et al.  A Linear Decomposition of Multiparty Sessions for Safe Distributed Programming , 2017, ECOOP.

[59]  David Anthony Parker,et al.  Implementation of symbolic model checking for probabilistic systems , 2003 .

[60]  Jeremy Sproston Qualitative Reachability for Open Interval Markov Chains , 2018, RP.

[61]  Nobuko Yoshida,et al.  Let it recover: multiparty protocol-induced recovery , 2017, CC.

[62]  Álvaro Araujo,et al.  A Methodology for Choosing Time Synchronization Strategies for Wireless IoT Networks , 2019, Sensors.

[63]  Einar Broch Johnsen,et al.  An Asynchronous Communication Model for Distributed Concurrent Objects , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[64]  Josef Widder,et al.  Communication-Closed Asynchronous Protocols , 2019, CAV.

[65]  Nobuko Yoshida,et al.  Lightweight Session Programming in Scala (Artifact) , 2016, Dagstuhl Artifacts Ser..

[66]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[67]  Andreas Podelski,et al.  Ready for testing: ensuring conformance to industrial standards through formal verification , 2016, Formal Aspects of Computing.

[68]  Bas Luttik,et al.  Modelling and Analysing ERTMS Hybrid Level 3 with the mCRL2 Toolset , 2018, FMICS.

[69]  Matthew Wicker,et al.  Feature-Guided Black-Box Safety Testing of Deep Neural Networks , 2017, TACAS.

[70]  Axel Legay,et al.  Verification of Interlocking Systems Using Statistical Model Checking , 2016, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[71]  Matthias Hein,et al.  Provable Robustness of ReLU networks via Maximization of Linear Regions , 2018, AISTATS.

[72]  Éric Tanter,et al.  Gradual Typestate , 2011, ECOOP.

[73]  M. Okamoto Some inequalities relating to the partial sum of binomial probabilities , 1959 .

[74]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[75]  Ulrich Schmid,et al.  Topological Characterization of Consensus under General Message Adversaries , 2019, PODC.

[76]  George J. Pappas,et al.  Robustness of temporal logic specifications for continuous-time signals , 2009, Theor. Comput. Sci..

[77]  Thomas A. Henzinger,et al.  Giotto: a time-triggered language for embedded programming , 2001, Proc. IEEE.

[78]  Olaf Müller,et al.  I/O Automata and Beyond: Temporal Logic and Abstraction in Isabelle , 1998, TPHOLs.

[79]  Ken Mano,et al.  On compositional reasoning about anonymity and privacy in epistemic logic , 2016, Annals of Mathematics and Artificial Intelligence.

[80]  Luca Padovani,et al.  A simple library implementation of binary sessions* , 2016, Journal of Functional Programming.

[81]  Jasper Berendsen,et al.  Compositional Abstraction in Real-Time Model Checking , 2008, FORMATS.

[82]  Davide Sangiorgi,et al.  Session types revisited , 2012, PPDP.

[83]  Kim G. Larsen,et al.  Time for Statistical Model Checking of Real-Time Systems , 2011, CAV.

[84]  Jean Yang,et al.  Preventing information leaks with policy-agnostic programming , 2015 .

[85]  Augusto Sampaio,et al.  Multi-objective Search for Effective Testing of Cyber-Physical Systems , 2019, SEFM.

[86]  Claudia V. Goldman,et al.  Fault-Tolerant Planning under Uncertainty , 2013, IJCAI.

[87]  Annabelle McIver,et al.  Automated Analysis of AODV Using UPPAAL , 2012, TACAS.

[88]  Ufuk Topcu,et al.  Synthesis of Human-in-the-Loop Control Protocols for Autonomous Systems , 2016, IEEE Transactions on Automation Science and Engineering.

[89]  John Derrick,et al.  Verifying Correctness of Persistent Concurrent Data Structures , 2019, FM.

[90]  Roberto Segala,et al.  A Compositional Trace-Based Semantics for Probabilistic Automata , 1995, CONCUR.

[91]  Kohei Honda,et al.  Types for Dyadic Interaction , 1993, CONCUR.

[92]  Piotr Berman,et al.  Towards Optimal Distributed Consensus (Extended Abstract) , 1989, FOCS 1989.

[93]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[94]  Maurice H. ter Beek,et al.  Formal methods for transport systems , 2018, International Journal on Software Tools for Technology Transfer.

[95]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[96]  Ross Horne,et al.  A Bisimilarity Congruence for the Applied pi-Calculus Sufficiently Coarse to Verify Privacy Properties , 2018, ArXiv.

[97]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[98]  Görel Hedin An Introductory Tutorial on JastAdd Attribute Grammars , 2009, GTTSE.

[99]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[100]  Joseph Sifakis,et al.  Modeling Heterogeneous Real-time Components in BIP , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[101]  Dimitrios Kouzapas,et al.  Typechecking protocols with Mungo and StMungo , 2016, PPDP.

[102]  John Derrick,et al.  Verifying Linearisability , 2015, ACM Comput. Surv..

[103]  Igor Konnov,et al.  Verification of randomized consensus algorithms under round-rigid adversaries , 2019, International Journal on Software Tools for Technology Transfer.

[104]  Joseph Sifakis,et al.  Rigorous implementation of real-time systems – from theory to application , 2013, Mathematical Structures in Computer Science.

[105]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[106]  Christel Baier,et al.  Stochastic Timed Automata , 2014, Log. Methods Comput. Sci..

[107]  Eli Gafni,et al.  Round-by-round fault detectors (extended abstract): unifying synchrony and asynchrony , 1998, PODC '98.

[108]  Benoît Delahaye,et al.  Parametric Statistical Model Checking of UAV Flight Plan , 2019, FORTE.

[109]  Ondrej Lhoták,et al.  Adding trace matching with free variables to AspectJ , 2005, OOPSLA '05.

[110]  Thomas A. Henzinger,et al.  Synchronizing the Asynchronous , 2018, CONCUR.

[111]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[112]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[113]  Stephan Merz,et al.  Formal Verification of Consensus Algorithms Tolerating Malicious Faults , 2011, SSS.

[114]  Laura Bocchi,et al.  Monitoring Networks through Multiparty Session Types , 2013, FMOODS/FORTE.

[115]  Bernd Westphal,et al.  Parameterized Verification of Track Topology Aggregation Protocols , 2013, FMOODS/FORTE.

[116]  Torvald Riegel,et al.  Dynamic performance tuning of word-based software transactional memory , 2008, PPoPP.

[117]  Patricia Bouyer,et al.  Stochastic Timed Games Revisited , 2016, MFCS.

[118]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[119]  Nathalie Bertrand,et al.  Performance Evaluation of Metro Regulations Using Probabilistic Model-Checking , 2019, RSSRail.

[120]  Laura Carnevali,et al.  Performability evaluation of the ERTMS/ETCS – Level 3 , 2017 .

[121]  Paolo Arcaini,et al.  Modelling the Hybrid ERTMS/ETCS Level 3 Case Study in Spin , 2018, ABZ.

[122]  Blai Bonet,et al.  Labeled RTDP: Improving the Convergence of Real-Time Dynamic Programming , 2003, ICAPS.

[123]  Roy T. Fielding,et al.  Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing , 2014, RFC.

[124]  Mohammad Reza Mousavi,et al.  Conformance-Based Doping Detection for Cyber-Physical Systems , 2020, FORTE.

[125]  Thomas A. Henzinger,et al.  A Logic-Based Framework for Verifying Consensus Algorithms , 2014, VMCAI.

[126]  Kim G. Larsen,et al.  Efficient On-the-Fly Algorithms for the Analysis of Timed Games , 2005, CONCUR.

[127]  Thomas A. Henzinger,et al.  PSync: a partially synchronous language for fault-tolerant distributed algorithms , 2016, POPL.

[128]  Nobuko Yoshida,et al.  Practical interruptible conversations: distributed dynamic verification with multiparty session types and Python , 2015, Formal Methods Syst. Des..

[129]  Brijesh Dongol,et al.  Modularising Opacity Verification for Hybrid Transactional Memory , 2017, FORTE.

[130]  Subrahmanyam Kalyanasundaram,et al.  Coordinated Intelligent Traffic Lights using Uppaal Stratego , 2019, 2019 11th International Conference on Communication Systems & Networks (COMSNETS).

[131]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[132]  John Derrick,et al.  Mechanized proofs of opacity: a comparison of two techniques , 2018, Formal Aspects of Computing.

[133]  Helmut Veith,et al.  On the completeness of bounded model checking for threshold-based distributed algorithms: Reachability , 2014, Inf. Comput..

[134]  Ken Mano,et al.  Formal Specification and Verification of Anonymity and Privacy , 2013 .

[135]  Maciej Koutny,et al.  Reversible computation vs. reversibility in Petri nets , 2016, Sci. Comput. Program..

[136]  Joseph Sifakis,et al.  Model-based implementation of real-time applications , 2010, EMSOFT '10.

[137]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[138]  Constantin Enea,et al.  On the Completeness of Verifying Message Passing Programs under Bounded Asynchrony , 2018, CAV.

[139]  Luca Aceto,et al.  On Runtime Enforcement via Suppressions , 2018, CONCUR.

[140]  Jonathan Aldrich,et al.  Aliasing control with view-based typestate , 2010, FTfJP@ECOOP.

[141]  Jesper Öqvist ExtendJ: extensible Java compiler , 2018, Programming.

[142]  Peter G. Harrison,et al.  Turning back time in Markovian process algebra , 2003, Theor. Comput. Sci..

[143]  Martijn Hendriks Translating Uppaal to Not Quite C , 2001 .

[144]  Rupak Majumdar,et al.  Quantifying Conformance Using the Skorokhod Metric , 2015, CAV.

[145]  Luca Padovani,et al.  Typing Copyless Message Passing , 2012, Log. Methods Comput. Sci..

[146]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[147]  James R. Jackson,et al.  Jobshop-Like Queueing Systems , 2004, Manag. Sci..

[148]  Alexandre Donzé,et al.  Breach, A Toolbox for Verification and Parameter Synthesis of Hybrid Systems , 2010, CAV.

[149]  Martin Biely,et al.  Synchronous consensus under hybrid process and link failures , 2011, Theor. Comput. Sci..

[150]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[151]  Ivan Lanese,et al.  Foundations of Session Types and Behavioural Contracts , 2016, ACM Comput. Surv..

[152]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[153]  R. J. vanGlabbeek The linear time - branching time spectrum , 1990 .

[154]  Kim Guldstrand Larsen,et al.  Specification and refinement of probabilistic processes , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[155]  Joost-Pieter Katoen,et al.  Model Checking of Open Interval Markov Chains , 2015, ASMTA.

[156]  Sebastian Junges,et al.  JANI: Quantitative Model and Tool Interaction , 2017, TACAS.

[157]  Xi Wang,et al.  Verdi: a framework for implementing and formally verifying distributed systems , 2015, PLDI.

[158]  Bernd Finkbeiner,et al.  Deciding Hyperproperties , 2016, CONCUR.

[159]  Christopher Frost,et al.  Spanner: Google's Globally-Distributed Database , 2012, OSDI.

[160]  Igor Konnov,et al.  Reachability in Parameterized Systems: All Flavors of Threshold Automata , 2018, CONCUR.

[161]  Benjamin Monmege,et al.  Interval iteration algorithm for MDPs and IMDPs , 2017, Theor. Comput. Sci..

[162]  Hagit Attiya,et al.  Safety of Live Transactions in Transactional Memory: TMS is Necessary and Sufficient , 2014, DISC.

[163]  Eric Bodden,et al.  The Clara framework for hybrid typestate analysis , 2010, International Journal on Software Tools for Technology Transfer.

[164]  Marcos K. Aguilera,et al.  The correctness proof of Ben-Or’s randomized consensus algorithm , 2012, Distributed Computing.

[165]  Kim G. Larsen,et al.  Model Checking One-clock Priced Timed Automata , 2007, Log. Methods Comput. Sci..

[166]  Martin L. Puterman,et al.  Markov Decision Processes: Discrete Stochastic Dynamic Programming , 1994 .

[167]  Raymond Hu Programming Using Java APIs Generated from Session Types , 2017 .

[168]  Ilya Sergey,et al.  Programming and proving with distributed protocols , 2017, Proc. ACM Program. Lang..

[169]  Laurent El Ghaoui,et al.  Robust Control of Markov Decision Processes with Uncertain Transition Matrices , 2005, Oper. Res..

[170]  Luca Aceto,et al.  An Operational Guide to Monitorability , 2019, SEFM.

[171]  Ilankaikone Senthooran,et al.  On Generating Soft Real-Time Programs for Non-Real-Time Environments , 2013 .

[172]  Nathalie Bertrand,et al.  Deciding the Value 1 Problem for Reachability in 1-Clock Decision Stochastic Timed Automata , 2014, QEST.

[173]  Ivan Lanese,et al.  Causal-Consistent Reversible Debugging , 2014, FASE.

[174]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[175]  Matthias Függer,et al.  Approximate Consensus in Highly Dynamic Networks: The Role of Averaging Algorithms , 2014, ICALP.

[176]  Mário S. Alvim,et al.  Safe Equivalences for Security Properties , 2010, IFIP TCS.

[177]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[178]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[179]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[180]  Nobuko Yoshida,et al.  Lightweight Session Programming in Scala , 2016, ECOOP.

[181]  Jonathan Aldrich,et al.  Practical API Protocol Checking with Access Permissions , 2009, ECOOP.

[182]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[183]  Achour Mostéfaoui,et al.  Randomized k-set agreement in crash-prone and Byzantine asynchronous systems , 2018, Theor. Comput. Sci..

[184]  Anuj Puri Dynamical Properties of Timed Automata , 2000, Discret. Event Dyn. Syst..

[185]  Daniel Le Métayer,et al.  Analysis of Privacy Policies to Enhance Informed Consent (Extended Version) , 2019, DBSec.

[186]  Lijun Zhang,et al.  Synthesis for PCTL in Parametric Markov Decision Processes , 2011, NASA Formal Methods.

[187]  Fredrik Bajers Automatic Translation from UPPAAL to C , 2005 .

[188]  Olaf Owe,et al.  Language-Based Mechanisms for Privacy-by-Design , 2019, Privacy and Identity Management.

[189]  Taolue Chen,et al.  On the complexity of model checking interval-valued discrete time Markov chains , 2013, Inf. Process. Lett..

[190]  Shlomo Zilberstein,et al.  Planning Under Uncertainty Using Reduced Models: Revisiting Determinization , 2014, ICAPS.

[191]  Jane Hillston,et al.  A compositional approach to performance modelling , 1996 .

[192]  Helmut Veith,et al.  SMT and POR Beat Counter Abstraction: Parameterized Model Checking of Threshold-Based Distributed Algorithms , 2015, CAV.

[193]  James R. Larus,et al.  Language support for fast and reliable message-based communication in singularity OS , 2006, EuroSys.

[194]  Helmut Veith,et al.  A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms , 2016, POPL.

[195]  Maurice H. ter Beek,et al.  On the Industrial Uptake of Formal Methods in the Railway Domain - A Survey with Stakeholders , 2018, IFM.

[196]  Rami G. Melhem,et al.  RideSharing: Fault Tolerant Aggregation in Sensor Networks Using Corrective Actions , 2006, 2006 3rd Annual IEEE Communications Society on Sensor and Ad Hoc Communications and Networks.

[197]  Luca Aceto,et al.  Monitorability for the Hennessy–Milner logic with recursion , 2017, Formal Methods Syst. Des..

[198]  Catuscia Palamidessi,et al.  Making Random Choices Invisible to the Scheduler , 2007, CONCUR.

[199]  Ernst-Rüdiger Olderog,et al.  Real-time systems - formal specification and automatic verification , 2008 .

[200]  Ulrich Berger,et al.  Verification of the European Rail Traffic Management System in Real-Time Maude , 2017, Sci. Comput. Program..

[201]  Armando Solar-Lezama,et al.  A language for automatically enforcing privacy policies , 2012, POPL '12.

[202]  N. Lynch,et al.  Forward and backward simulations , 1993 .

[203]  Daniele Varacca,et al.  A Compositional Semantics for the Reversible p-Calculus , 2013, 2013 28th Annual ACM/IEEE Symposium on Logic in Computer Science.

[204]  Wang Yi,et al.  Synthesis of ada code from graph-based task models , 2017, SAC.

[205]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[206]  Nobuko Yoshida,et al.  A session type provider: compile-time API generation of distributed protocols with refinements in F# , 2018, CC.

[207]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[208]  Marta Z. Kwiatkowska,et al.  Automated Verification Techniques for Probabilistic Systems , 2011, SFM.

[209]  Vincent Danos,et al.  Transactions in RCCS , 2005, CONCUR.

[210]  Arnold Pears,et al.  Ad Hoc Routing Protocol Verification Through Broadcast Abstraction , 2005, FORTE.

[211]  Florian Zuleger,et al.  Verifying safety of synchronous fault-tolerant algorithms by bounded model checking , 2019, International Journal on Software Tools for Technology Transfer.

[212]  Nissim Francez,et al.  Decomposition of Distributed Programs into Communication-Closed Layers , 1982, Sci. Comput. Program..

[213]  Kim G. Larsen,et al.  Partial Order Reduction for Reachability Games , 2019, CONCUR.

[214]  Axel Legay,et al.  Modelling and Analysing ERTMS L3 Moving Block Railway Signalling with Simulink and Uppaal SMC , 2019, FMICS.

[215]  Stefan Savage,et al.  How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[216]  ROBIN MILNER,et al.  Edinburgh Research Explorer A Calculus of Mobile Processes, I , 2003 .

[217]  Teck Ping Khoo Model Based Testing of Cyber-Physical Systems , 2018, ICFEM.

[218]  Javier Esparza,et al.  Decidability of model checking for infinite-state concurrent systems , 1997, Acta Informatica.

[219]  Sriram Sankaranarayanan,et al.  S-TaLiRo: A Tool for Temporal Logic Falsification for Hybrid Systems , 2011, TACAS.

[220]  Sam Toueg,et al.  Optimal clock synchronization , 1985, PODC '85.

[221]  Martín Abadi,et al.  The Applied Pi Calculus , 2016, J. ACM.

[222]  Ulrich Fahrenberg,et al.  Higher-Dimensional Timed Automata , 2018, ADHS.

[223]  Michael L. Scott,et al.  Linearizability of Persistent Memory Objects Under a Full-System-Crash Failure Model , 2016, DISC.

[224]  Emmanuel Godard,et al.  A characterization of oblivious message adversaries for which Consensus is solvable , 2015, Theor. Comput. Sci..

[225]  Bernd Westphal,et al.  On Global Scheduling Independency in Networks of Timed Automata , 2017, FORMATS.

[226]  Daniel Le Métayer,et al.  Formal Methods as a Link between Software Code and Legal Rules , 2011, SEFM.

[227]  Jonathan Aldrich,et al.  Verifying correct usage of atomic blocks and typestate , 2008, OOPSLA.

[228]  Peter Robinson,et al.  Gracefully Degrading Consensus and k-Set Agreement in Directed Dynamic Networks , 2015, NETYS.

[229]  Luca Padovani Deadlock-Free Typestate-Oriented Programming , 2018, Art Sci. Eng. Program..

[230]  Nancy A. Lynch,et al.  Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[231]  Martín Abadi,et al.  Deciding knowledge in security protocols under equational theories , 2004, Theor. Comput. Sci..

[232]  Holger Hermanns,et al.  Partial Order Methods for Statistical Model Checking and Simulation , 2011, FMOODS/FORTE.

[233]  Martín Abadi,et al.  Computing symbolic models for verifying cryptographic protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[234]  Ken Mano,et al.  Role Interchange for Anonymity and Privacy of Voting , 2010, J. Log. Comput..

[235]  John Derrick,et al.  Proving Opacity of a Pessimistic STM , 2016, OPODIS.

[236]  Søren Debois,et al.  On Purpose and by Necessity: Compliance Under the GDPR , 2018, Financial Cryptography.

[237]  Helmut Veith,et al.  Para\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$^2$$\end{document}2: parameterized path reduction, acceleration, a , 2017, Formal Methods in System Design.

[238]  Daniel Le Métayer,et al.  A Formal Privacy Management Framework , 2009, Formal Aspects in Security and Trust.

[239]  R. Landauer,et al.  Irreversibility and heat generation in the computing process , 1961, IBM J. Res. Dev..

[240]  Philippe Schnoebelen,et al.  Model Checking Timed Automata with One or Two Clocks , 2004, CONCUR.

[241]  Nobuko Yoshida,et al.  The Scribble Protocol Language , 2013, TGC.

[242]  Éric Tanter,et al.  First-class state change in plaid , 2011, OOPSLA '11.

[243]  Nir Shavit,et al.  Transactional Mutex Locks , 2010, Euro-Par.

[244]  Ernst Moritz Hahn,et al.  Model checking stochastic hybrid systems , 2012 .

[245]  Ilaria Castellani,et al.  Information flow safety in multiparty sessions , 2016, Math. Struct. Comput. Sci..

[246]  Danny Dolev,et al.  On the minimal synchronism needed for distributed consensus , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[247]  Sharon Shoham,et al.  Verification of Threshold-Based Distributed Algorithms by Decomposition to Decidable Logics , 2019, CAV.

[248]  P. Buchholz Exact and ordinary lumpability in finite Markov chains , 1994, Journal of Applied Probability.

[249]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[250]  Ezio Bartocci,et al.  Introduction to Runtime Verification , 2018, Lectures on Runtime Verification.

[251]  Helmut Veith,et al.  Counter Attack on Byzantine Generals: Parameterized Model Checking of Fault-tolerant Distributed Algorithms , 2012, ArXiv.

[252]  Marcin Jurdzinski,et al.  Model Checking Probabilistic Timed Automata with One or Two Clocks , 2007, Log. Methods Comput. Sci..

[253]  Umair Siddique,et al.  Rewriting-Based Runtime Verification for Alternation-Free HyperLTL , 2017, TACAS.

[254]  Helmut Veith,et al.  Parameterized model checking of fault-tolerant distributed algorithms by abstraction , 2013, 2013 Formal Methods in Computer-Aided Design.

[255]  Maurice H. ter Beek,et al.  Adopting Formal Methods in an Industrial Setting: The Railways Case , 2019, FM.

[256]  Holger Hermanns,et al.  Cyber-Physical Doping Tests , 2018, 2018 IEEE Workshop on Monitoring and Testing of Cyber-Physical Systems (MT-CPS).

[257]  André Schiper,et al.  The Heard-Of model: computing in distributed systems with benign faults , 2009, Distributed Computing.

[258]  Michael M. Swift,et al.  An Analysis of Persistent Memory Use with WHISPER , 2017, ASPLOS.

[259]  Robbert van Renesse,et al.  Bosco: One-Step Byzantine Asynchronous Consensus , 2008, DISC.

[260]  Oscar Nierstrasz,et al.  A Tour of Hybrid A Language for Programming with Active Objects , 1992 .

[261]  Helmut Veith,et al.  What You Always Wanted to Know About Model Checking of Fault-Tolerant Distributed Algorithms , 2015, Ershov Memorial Conference.

[262]  Jeremy Sproston,et al.  Probabilistic Timed Automata with One Clock and Initialised Clock-Dependent Probabilities , 2020, FORTE.

[263]  Vincent Cheval,et al.  DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[264]  S. Wittevrongel,et al.  Queueing systems , 2019, Autom..

[265]  Gul A. Agha,et al.  A Survey of Statistical Model Checking , 2018, ACM Trans. Model. Comput. Simul..

[266]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[267]  Holger Hermanns,et al.  Doping Tests for Cyber-physical Systems , 2019, QEST.

[268]  M. Lesani Putting Opacity in its Place , 2012 .

[269]  Brijesh Dongol,et al.  Proving Opacity via Linearizability: A Sound and Complete Method , 2017, FORTE.

[270]  Rachid Guerraoui,et al.  On the correctness of transactional memory , 2008, PPoPP.

[271]  Jeremy Sproston Probabilistic Timed Automata with Clock-Dependent Probabilities , 2017, RP.

[272]  Kenneth L. McMillan,et al.  Ivy: safety verification by interactive generalization , 2016, PLDI.

[273]  Kedar S. Namjoshi,et al.  Reasoning about rings , 1995, POPL '95.

[274]  Pranav Garg,et al.  Natural proofs for asynchronous programs using almost-synchronous reductions , 2014, OOPSLA 2014.

[275]  Sam Toueg,et al.  Fault-tolerant broadcasts and related problems , 1993 .

[276]  Lars-Henrik Eriksson,et al.  Modal Logics for Nominal Transition Systems , 2019, CONCUR.

[277]  Hans-Juergen Boehm,et al.  Atlas: leveraging locks for non-volatile memory consistency , 2014, OOPSLA.

[278]  Alberto L. Sangiovanni-Vincentelli,et al.  Polynomial-Time Verification of PCTL Properties of MDPs with Convex Uncertainties , 2013, CAV.

[279]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[280]  Augusto Sampaio,et al.  Sound conformance testing for cyber-physical systems: Theory and implementation , 2017, Sci. Comput. Program..

[281]  Prakash Panangaden,et al.  Combining Epistemic Logic and Hennessy-Milner Logic , 2012, Logic and Program Semantics.

[282]  Sean Sedwards,et al.  A Statistical Model Checker for Nondeterminism and Rare Events , 2018, TACAS.

[283]  Christian Decker,et al.  Bitcoin meets strong consistency , 2014, ICDCN.

[284]  Nancy A. Lynch,et al.  Tight bounds for k-set agreement , 2000, J. ACM.

[285]  Dan Dobre,et al.  One-step Consensus with Zero-Degradation , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[286]  Marta Z. Kwiatkowska,et al.  Automatic verification of real-time systems with discrete probability distributions , 1999, Theor. Comput. Sci..

[287]  Gérard Le Lann,et al.  Distributed Systems - Towards a Formal Approach , 1977, IFIP Congress.

[288]  Youyou Lu,et al.  Loose-Ordering Consistency for persistent memory , 2014, 2014 IEEE 32nd International Conference on Computer Design (ICCD).

[289]  Di Wu,et al.  Reachability analysis of uncertain systems using bounded-parameter Markov decision processes , 2008, Artif. Intell..

[290]  J. Murphy The General Data Protection Regulation (GDPR) , 2018, Irish medical journal.

[291]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[292]  Vincenzo Ciancia,et al.  Statistical Model Checking of a Moving Block Railway Signalling Scenario with Uppaal SMC - Experience and Outlook , 2018, ISoLA.

[293]  Demis Hassabis,et al.  A general reinforcement learning algorithm that masters chess, shogi, and Go through self-play , 2018, Science.

[294]  Kim G. Larsen,et al.  UPPAAL-Tiga: Time for Playing Games! , 2007, CAV.

[295]  Helmut Veith,et al.  Parameterized model checking of fault-tolerant distributed algorithms by abstraction , 2013, FMCAD 2013.

[296]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[297]  Joël Ouaknine,et al.  Model-Checking for Real-Time Systems , 1995, FCT.

[298]  Jonathan Aldrich,et al.  Modular typestate checking of aliased objects , 2007, OOPSLA.

[299]  J. Hillston The nature of synchronisation , 1994 .

[300]  Ran Canetti,et al.  Task-structured probabilistic I/O automata , 2006, J. Comput. Syst. Sci..

[301]  Houssam Abbas,et al.  Formal property verification in a conformance testing framework , 2014, 2014 Twelfth ACM/IEEE Conference on Formal Methods and Models for Codesign (MEMOCODE).

[302]  Luca Padovani,et al.  The chemical approach to typestate-oriented programming , 2015, OOPSLA.

[303]  Aurélie Hurault,et al.  Characterizing Asynchronous Message-Passing Models Through Rounds , 2018, OPODIS.

[304]  Nobuko Yoshida,et al.  Distributed programming using role-parametric session types in go: statically-typed endpoint APIs for dynamically-instantiated communication structures , 2019, Proc. ACM Program. Lang..

[305]  Ichiro Suzuki,et al.  Proving Properties of a Ring of Finite-State Machines , 1988, Inf. Process. Lett..

[306]  R. Khan,et al.  Sequential Tests of Statistical Hypotheses. , 1972 .

[307]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[308]  Frank D. Valencia,et al.  Spatial and Epistemic Modalities in Constraint-Based Process Calculi , 2012, CONCUR.

[309]  Igor Konnov,et al.  Synthesis of Distributed Algorithms with Parameterized Threshold Guards , 2018, OPODIS.

[310]  Bernardo Toninho,et al.  A Spatial-Epistemic Logic for Reasoning about Security Protocols , 2010, SecCo.

[311]  Mahyar R. Malekpour,et al.  Comments on the "Byzantine Self-Stabilizing Pulse Synchronization" Protocol: Counter-examples , 2006 .

[312]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[313]  Nobuko Yoshida,et al.  A Linear Decomposition of Multiparty Sessions for Safe Distributed Programming (Artifact) , 2017, Dagstuhl Artifacts Ser..

[314]  John N. Tsitsiklis,et al.  The Complexity of Markov Decision Processes , 1987, Math. Oper. Res..

[315]  Jonathan Aldrich,et al.  Typestate-oriented programming , 2009, OOPSLA Companion.

[316]  Vincent Cheval,et al.  Deciding equivalence-based properties using constraint solving , 2013, Theor. Comput. Sci..

[317]  Nicola Santoro,et al.  Time is Not a Healer , 1989, STACS.

[318]  Rohit Chadha,et al.  Epistemic Logic for the Applied Pi Calculus , 2009, FMOODS/FORTE.

[319]  Terence Kelly,et al.  Failure-Atomic Persistent Memory Updates via JUSTDO Logging , 2016, ASPLOS.

[320]  Wang Yi,et al.  Code Synthesis for Timed Automata , 2003 .

[321]  Kartik Nayak,et al.  Solidus: An Incentive-compatible Cryptocurrency Based on Permissionless Byzantine Consensus , 2016, ArXiv.

[322]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[323]  David A. Basin,et al.  Cutoff Bounds for Consensus Algorithms , 2017, CAV.

[324]  Stratis Viglas,et al.  DHTM: Durable Hardware Transactional Memory , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[325]  Igor Konnov,et al.  TLA+ model checking made symbolic , 2019, Proc. ACM Program. Lang..

[326]  Nobuko Yoshida,et al.  Structured Interactional Exceptions in Session Types , 2008, CONCUR.

[327]  Alessandra Flammini,et al.  Clock Synchronization of Distributed, Real-Time, Industrial Data Acquisition Systems , 2010 .

[328]  Martín Abadi,et al.  Language-Based Enforcement of Privacy Policies , 2004, Privacy Enhancing Technologies.

[329]  Dimitrios Kouzapas,et al.  14 Mungo and StMungo: Tools for Typechecking Protocols in Java , 2017 .