## Section: New Results

Keywords : Symbolic Transition Systems, Determinisation, Diagnosis, Fault Model, Data Flow Analysis, Logic, Proof, Type Theory.

### Transversal Results

#### Determinisation of Symbolic Automata

Participants : Thierry Jéron, Hervé Marchand, Vlad Rusu.

We define a symbolic determinisation procedure for a class of infinite-state systems, which consists of automata extended with symbolic variables that may be infinite-state. The subclass of extended automata for which the procedure terminates is characterised as bounded lookahead extended automata. It corresponds to automata for which, in any location, the observation of a bounded-length trace is enough to infer the first transition actually taken. We discuss applications of the algorithm to the verification, testing, and diagnosis of infinite-state systems [26] , [20] .

#### Supervision Patterns for the Diagnosis of Discrete Event Systems

Participants : Thierry Jéron, Hervé Marchand.

In this work, we are interested in the diagnosis of discrete event systems modeled by finite transition systems. We propose a model of supervision patterns general enough to capture past occurrences of particular trajectories of the system. Modeling the diagnosis objective by supervision patterns allows us to generalize the properties to be diagnosed and to render them independent of the description of the system. We first formally define the diagnosis problem in this context. We then derive techniques for the construction of a diagnoser and for the verification of the diagnosability based on standard operations on transition systems. We show that these techniques are general enough to express and solve in a unified way a broad class of diagnosis problems found in the literature, e.g. diagnosing permanent faults, multiple faults, fault sequences and some problems of intermittent faults [18] , [25] ,[19] . This work has been done in cooperation with Marie-Odile Cordier (Dream project-team) and Sophie Pinchinat (S4 project-team).

Our aim is now to extend these results to infinite state systems as well as to non permanent patterns, and to apply these techniques to the automatic generation of passive testers (intruder detection systems) in order to test on-line whether an implementation respects a given security policy.

#### Verifying an ATM Protocol Using a Combination of Formal Techniques

Participant : Vlad Rusu.

In this work, we describe a methodology and a case study in formal verification. The case study is the SSCOP protocol, a member of the ATM adaptation layer whose main role is to perform a reliable data transfer over an unreliable communication medium. The methodology involves: (1) simulation for initial debugging; (2) partial-order abstraction that preserves the properties of interest; and (3) compositional verification of the properties at the abstract level using the PVS theorem prover. Steps (2) and (3) guarantee that the properties still hold on the whole (composed, concrete) system. The value of the approach lies in adapting and integrating several existing formal techniques into a new verification methodology that is able to deal with real case studies [9] .

#### Defining and reasoning about recursive functions: a practical tool for the Coq proof assistant

Participant : Vlad Rusu.

We present a practical tool for defining and proving properties of recursive functions in the Coq proof assistant. The tool proceeds by generating from pseudo-code (Coq functions that need not be total nor terminating) the graph of the intended function as an inductive relation, and then proves that the relation actually represents a function, which is by construction the function that we are trying to define. Then, we generate induction and inversion principles, and a fixpoint equation for proving other properties of the function. Our tool builds upon state-of-the-art techniques for defining recursive functions, and can also be used to generate executable functions from inductive descriptions of their graph. We illustrate the benefits of our tool on two case studies [15] .