Section: New Results
Static analysis and abstract interpretation
Combining control and data abstraction for the verification of hybrid systems
We have studied the verification of hybrid systems built as the composition of a discrete software controller interacting with a physical environment exhibiting a continuous behavior. Our goal is to tackle the problem of the combinatorial explosion of discrete states that may happen when a complex software controller is considered. We propose to extend an existing abstract interpretation technique, namely dynamic partitioning, to hybrid systems. Dynamic partitioning, which shares some common principles with predicate abstraction, allows us to finely tune the tradeoff between precision and efficiency in the analysis.
We have extended the NBac tool (Section 5.1 ) according to these principle, and showed the efficiency of the approach by a case study that combines a non trivial controller specified in the synchronous dataflow programming language Lustre with its physical environment  . A journal version is in preparation.
We are also working on the definition of a synchronous hybrid language for the design, simulation, and verification of discrete-continuous hybrid systems. This is the topic of the PhD of Peter Schrammel, co-advised by A. Girault and B. Jeannet, and funded by Synchronics .
A relational approach to interprocedural shape analysis
This work addresses the verification of properties of imperative programs with recursive procedure calls, heap-allocated storage, and destructive updating of pointer-valued fields, i.e., interprocedural shape analysis. It presents a way to apply some previously known approaches to interprocedural dataflow analysis — which in past work have been applied only to a much less rich setting — so that they can be applied to programs that use heap-allocated storage and perform destructive updating.
Our submission to ACM TOPLAS, accepted in october 2008 has been revised this year and should be published in 2010  . This work has been done in collaboration with T. Reps (Univ. of Madison-Wisconsin), M. Sagiv (Univ. of Tel-Aviv) and A. Loginov (GrammaTech).
Relational interprocedural analysis of concurrent programs
We have studied the extension of the relational approach to interprocedural analysis of sequential programs to concurrent programs, composed of a fixed number of threads  .
In the relational approach, a sequential program is analyzed by computing summaries of procedures, and by propagating reachability information using these summaries. We propose an extension to concurrent programs, which is technically based on an instrumentation of the standard operational semantics, followed by an abstraction of tuple of call-stacks into sets. This approach allows us to extend relational interprocedural analysis to concurrent programs. We have implemented it for programs with scalar variables, in the ConcurInterproc online analyzer (see § 5.5.3 ).
We have experimented several classical synchronisation protocols in order to investigate the precision of our technique, but also to analyze the approximations it performs.
We are also working on modular analyzes of concurrent programs with abstract interpretation techniques. This is the topic of the PhD of Lies Lakhdar-Chaouch, co-advised by A. Girault and B. Jeannet, and funded by OpenTLM .
Distributed controller synthesis using static analysis of FIFO channels
As explained in previous section, controller synthesis aims at modifying an existing specification/system in order to make it satisfy a property. We study this problem in the particular case of distributed systems modeled as a set of sequential machines communicating via unbounded FIFO channels, for which we want to ensure safety properties.
The static analysis of stacks and FIFO queues was the topic of the PhD of Tristan Le Gall, defended in June 2008. We proposed in  a new abstract domain for languages on infinite alphabets, which acts as a functor taking an abstract domain for a concrete alphabet, and lifts it to an abstract domain for words on this alphabet.
We studied this year the application of this technique to the controller synthesis of a set of sequential machines communicating via unbounded FIFO channels, for which we consider simple state-avoidance properties. It is well-known that there exists no optimal (most permissive) controller in such a context, so our ambition is to propose a technique for computing “permissive-enough” controller. Our approach is based on the computation of global controller, which is then projected on local sites so as to obtain a controller per site in the controlled distributed system. We exploit the abstract domain mentioned above in the fixpoint computations involved in the computation of a correct controller, and we take into account the following partial observation constraints: the global controller cannot observe the contents of the FIFO channels to take its decisions (they model communication links), and the projected local controller has a knowledge only on their local state.
This work is conducted in collaboration with H. Marchand and T. Le Gall (Vertecs team from Inria Rennes).
Several man/month efforts have been devoted to the developpement of libraries and tools (see 5.5.3 ). This year has been more particularly devoted to the BDDApron library, which has been publicy released as a deliverable of the ASOPT project (§ 8.2.2 ), and the FIXPOINT library.(http://pop-art.inrialpes.fr/~bjeannet/bjeannet-forge/bddapron/index.html , http://pop-art.inrialpes.fr/~bjeannet/bjeannet-forge/fixpoint/index.html ) We have published a tool paper (6 pages) on the now mature Apron library  . We also plan to submit in 2010 research and tool paper(s) on these libraries.