Section: New Results
Verification and Abstract Interpretation
Analysis of probabilistic systems
Probabilistic Acceptors for Languages over Infinite Words
Participant : Nathalie Bertrand.
Probabilistic omega-automata are variants of nondeterministic automata for infinite words where all choices are resolved by probabilistic distributions. Acceptance of an infinite input word requires that the probability for the accepting runs is positive. In [14] and [34] , we provide a summary of the fundamental properties of probabilistic omega-automata concerning expressiveness, efficiency, compositionality and decision problems.
Probabilistic graph grammars
Participants : Nathalie Bertrand, Christophe Morvan.
We currently study a probabilistic extension of regular graphs (i.e. graphs generated by deterministic graph grammars). These graphs form a structural extension of configuration graphs of pushdown systems whose probabilistic version has already been studied by Esparza et al [41] . We propose an algorithm to perform on probabilistic regular graphs the approximate verification of quantitative formulae expressed in the probabilistic logic PCTL. Moreover, we prove that the exact model-checking problem for PCTL on probabilistic regular graphs is undecidable, unless if we restrict to qualitative properties. Our results generalise [41] using similar methods combined with techniques of graph grammars.
Analysis of Timed systems
Participant : Nathalie Bertrand.
Modal Specifications for Timed Systems
On the one hand, modal specifications are classic, convenient, and expressive mathematical objects to represent interfaces of component-based systems. On the other hand, time is a crucial aspect of systems for practical applications, e.g. in the area of embedded systems. And yet, only few results exist on the design of timed component-based systems. In [17] , we remedy this lack and define timed modal specifications, an automata-based formalism combining modal and timed aspects, as a stepping stone to compositional approaches of timed systems. We define the notions of refinement and consistency, and establish their decidability. This work, in collaboration with S. Pinchinat (S4 EPI) and J-B. Raclet (Pop-Art EPI) has been continued in [16] together with A. Legay (S4 EPI).
Based on the previous paper [17] , we propose a timed extension of modal specifications, together with fundamental operations (conjunction, product, and quotient) that enable to reason in a compositional way about timed system. The specifications are given as modal event-clock automata, where clock resets are easy to handle. We develop an entire theory that promotes efficient incremental design techniques.
When are timed automata determinizable?
In [13] , we propose an abstract procedure which, given a timed automaton, produces a language-equivalent deterministic infinite timed tree. We prove that under a certain boundedness condition, the infinite timed tree can be reduced into a classical deterministic timed automaton. The boundedness condition is satisfied by several subclasses of timed automata, some of them were known to be determinizable (event-clock timed automata, automata with integer resets), but some others were not. We prove for instance that strongly non-Zeno timed automata can be determinized. As a corollary of those constructions, we get for those classes the decidability of the universality and of the inclusion problems, and compute their complexities (the inclusion problem is for instance EXPSPACE-complete for strongly non-Zeno timed automata). This work was done in collaboration with C. Baier (Universität Dresden), P. Bouyer (LSV) and Th. Brihaye (Université de Mons).
Characterization and Analysis of infinite systems
On external presentations of infinite graphs
Participant : Christophe Morvan.
The vertices of a finite state system are usually a subset of the natural numbers. Most algorithms relative to these systems only use this fact to select vertices.
For infinite state systems, however, the situation is different: in particular, for such systems having a finite description, each state of the system is a configuration of some machine. Then most algorithmic approaches rely on the structure of these configurations. Such characterisations are said internal . In order to apply algorithms detecting a structural property (like identifying connected components) one may have first to transform the system in order to fit the description needed for the algorithm. The problem of internal characterisation is that it hides structural properties, and each solution becomes ad hoc relatively to the form of the configurations. On the contrary, external characterisations avoid explicit naming of the vertices. Such characterisation are mostly defined via graph transformations. In [24] , we present two kind of external characterisations: deterministic graph rewriting, which in turn characterise regular graphs, deterministic context-free languages, and rational graphs. Inverse substitution from a generator (like the complete binary tree) provides characterisation for prefix-recognizable graphs, the Caucal Hierarchy and rational graphs. We illustrate how these characterisation provide an efficient tool for the representation of infinite state systems.
Finally, deterministic graph grammars generate a family of infinite graphs which characterize context-free (word) languages. In [33] , we presents a context-sensitive extension of these grammars. We achieve a characterization of context-sensitive (word) languages. It is shown that this characterization is not straightforward and that unless having some rigorous restrictions, contextual graph grammars generate non-recursive graphs.
Opacity and Abstraction
Participant : Jérémy Dubreil.
The opacity property characterizes the absence of confidential information flow towards inquisitive attackers. Verifying opacity is well established for finite automata but is known to be not decidable for more expressive models like Turing machines or Petri nets. As a consequence, for a system dealing with confidential information, certifying its confidentiality may be impossible, but attackers can infer confidential information by approximating systems' behaviours. Taking such attackers into account, we investigate the verification of opacity using abstraction techniques to compute executable counterexamples (attack scenarios). Considering a system and a predicate over its executions, attackers are modeled as semi-conservative decision process determining from observed traces the truth of that predicate. Moreover, we show that the most precise the abstraction is, the most accurate (and then dangerous) the corresponding class of attackers will be. Consequently, when no attack scenario is detected on an approximate analysis, we know that this system is safe against all “less precise” attackers. This can therefore be used to provide a level of certification relative to the precision of abstractions.
Equational Approximations for Tree Automata Completion
Participant : Vlad Rusu.
In [11] , we deal with the verification of safety properties of infinite-state systems modeled by term-rewriting systems. An over-approximation of the set of reachable terms of a term-rewriting system R is obtained by automatically constructing a finite tree automaton. The construction is parameterized by a set E of equations on terms, and we also show that the approximating automata recognize at most the set of R/E -reachable terms. Finally, we perform some experiments carried out with the implementation of our algorithm. In particular, we show how some approximations from the literature can be defined using equational approximations. This work was done in collaboration with Th. Genest (Celtique EPI).
Verifying Invariants of Rewriting Specifications
Participant : Vlad Rusu.
In [29] ,[26] , we present an approach based on inductive theorem proving for verifying invariants of dynamic systems specified in rewriting logic, a formal specification language implemented in the Maude system. An invariant is a property that holds on all the states that are reachable from a given class of initial states. Our approach consists in encoding the semantic aspects that are relevant for our task (namely, verifying invariance properties of the specified systems) in membership equational logic, a sublogic of rewriting logic. The invariance properties are then formalized over the encoded rewrite theories and are proved using an inductive theorem prover for membership equational logic also implemented in the Maude system using its reflective capabilities. We illustrate our approach by verifying mutual exclusion in an n-process Bakery algorithm. This work was done in collaboration with M. Clavel (University of Madrid).
