## Section: New Results

### Verification and Abstract Interpretation

#### Analysis of probabilistic systems

##### Probabilistic Acceptors for Languages over Infinite Words

Participant : Nathalie Bertrand.

Probabilistic omega-automata are variants of nondeterministic automata for infinite words where all choices are resolved by probabilistic distributions. Acceptance of an infinite input word requires that the probability for the accepting runs is positive. In [14] and [34] , we provide a summary of the fundamental properties of probabilistic omega-automata concerning expressiveness, efficiency, compositionality and decision problems.

##### Probabilistic graph grammars

Participants : Nathalie Bertrand, Christophe Morvan.

We currently study a probabilistic extension of regular graphs
(i.e. graphs generated by deterministic graph grammars). These graphs
form a structural extension of configuration graphs of pushdown
systems whose probabilistic version has already been studied by
Esparza *et al* [41] .
We propose an algorithm to perform
on probabilistic regular graphs the approximate verification of
quantitative formulae expressed in the probabilistic logic
PCTL. Moreover, we prove that the exact model-checking problem for
PCTL on probabilistic regular graphs is undecidable, unless if we
restrict to qualitative properties. Our results
generalise [41] using similar methods combined with techniques
of graph grammars.

#### Analysis of Timed systems

Participant : Nathalie Bertrand.

##### Modal Specifications for Timed Systems

On the one hand, modal specifications are classic, convenient, and expressive mathematical objects to represent interfaces of component-based systems. On the other hand, time is a crucial aspect of systems for practical applications, e.g. in the area of embedded systems. And yet, only few results exist on the design of timed component-based systems. In [17] , we remedy this lack and define timed modal specifications, an automata-based formalism combining modal and timed aspects, as a stepping stone to compositional approaches of timed systems. We define the notions of refinement and consistency, and establish their decidability. This work, in collaboration with S. Pinchinat (S4 EPI) and J-B. Raclet (Pop-Art EPI) has been continued in [16] together with A. Legay (S4 EPI).

Based on the previous paper [17] , we propose a timed extension of modal specifications, together with fundamental operations (conjunction, product, and quotient) that enable to reason in a compositional way about timed system. The specifications are given as modal event-clock automata, where clock resets are easy to handle. We develop an entire theory that promotes efficient incremental design techniques.

##### When are timed automata determinizable?

In [13] , we propose an abstract procedure which, given a timed automaton, produces a language-equivalent deterministic infinite timed tree. We prove that under a certain boundedness condition, the infinite timed tree can be reduced into a classical deterministic timed automaton. The boundedness condition is satisfied by several subclasses of timed automata, some of them were known to be determinizable (event-clock timed automata, automata with integer resets), but some others were not. We prove for instance that strongly non-Zeno timed automata can be determinized. As a corollary of those constructions, we get for those classes the decidability of the universality and of the inclusion problems, and compute their complexities (the inclusion problem is for instance EXPSPACE-complete for strongly non-Zeno timed automata). This work was done in collaboration with C. Baier (Universität Dresden), P. Bouyer (LSV) and Th. Brihaye (Université de Mons).

#### Characterization and Analysis of infinite systems

##### On external presentations of infinite graphs

Participant : Christophe Morvan.

The vertices of a finite state system are usually a subset of the natural numbers. Most algorithms relative to these systems only use this fact to select vertices.

For infinite state systems, however, the situation is different: in
particular, for such systems having a finite description, each state
of the system is a configuration of some machine. Then most
algorithmic approaches rely on the structure of these
configurations. Such characterisations are said *internal* . In
order to apply algorithms detecting a structural property (like
identifying connected components) one may have first to transform
the system in order to fit the description needed for the algorithm.
The problem of internal characterisation is that it hides
structural properties, and each solution becomes *ad hoc* relatively
to the form of the configurations.
On the contrary, *external* characterisations avoid explicit
naming of the vertices. Such characterisation are mostly defined via
graph transformations.
In [24] , we present two kind of external
characterisations: deterministic graph rewriting, which in turn
characterise regular graphs, deterministic context-free languages,
and rational graphs. Inverse substitution from a generator (like the
complete binary tree) provides characterisation for
prefix-recognizable graphs, the Caucal Hierarchy and rational
graphs. We illustrate how these characterisation provide an efficient
tool for the representation of infinite state systems.

Finally, deterministic graph grammars generate a family of infinite graphs which characterize context-free (word) languages. In [33] , we presents a context-sensitive extension of these grammars. We achieve a characterization of context-sensitive (word) languages. It is shown that this characterization is not straightforward and that unless having some rigorous restrictions, contextual graph grammars generate non-recursive graphs.

##### Opacity and Abstraction

Participant : Jérémy Dubreil.

The opacity property characterizes the absence of confidential information flow towards inquisitive attackers. Verifying opacity is well established for finite automata but is known to be not decidable for more expressive models like Turing machines or Petri nets. As a consequence, for a system dealing with confidential information, certifying its confidentiality may be impossible, but attackers can infer confidential information by approximating systems' behaviours. Taking such attackers into account, we investigate the verification of opacity using abstraction techniques to compute executable counterexamples (attack scenarios). Considering a system and a predicate over its executions, attackers are modeled as semi-conservative decision process determining from observed traces the truth of that predicate. Moreover, we show that the most precise the abstraction is, the most accurate (and then dangerous) the corresponding class of attackers will be. Consequently, when no attack scenario is detected on an approximate analysis, we know that this system is safe against all “less precise” attackers. This can therefore be used to provide a level of certification relative to the precision of abstractions.

#### Equational Approximations for Tree Automata Completion

Participant : Vlad Rusu.

In [11] , we deal with the verification of safety properties of infinite-state systems modeled by term-rewriting systems. An over-approximation of the set of reachable terms of a term-rewriting system R is obtained by automatically constructing a finite tree automaton. The construction is parameterized by a set E of equations on terms, and we also show that the approximating automata recognize at most the set of R/E -reachable terms. Finally, we perform some experiments carried out with the implementation of our algorithm. In particular, we show how some approximations from the literature can be defined using equational approximations. This work was done in collaboration with Th. Genest (Celtique EPI).

#### Verifying Invariants of Rewriting Specifications

Participant : Vlad Rusu.

In [29] ,[26] , we present an approach based on inductive theorem proving for verifying invariants of dynamic systems specified in rewriting logic, a formal specification language implemented in the Maude system. An invariant is a property that holds on all the states that are reachable from a given class of initial states. Our approach consists in encoding the semantic aspects that are relevant for our task (namely, verifying invariance properties of the specified systems) in membership equational logic, a sublogic of rewriting logic. The invariance properties are then formalized over the encoded rewrite theories and are proved using an inductive theorem prover for membership equational logic also implemented in the Maude system using its reflective capabilities. We illustrate our approach by verifying mutual exclusion in an n-process Bakery algorithm. This work was done in collaboration with M. Clavel (University of Madrid).