## Section: New Results

### Controller Synthesis and Game Theory

#### Stochastic games with partial information

Participant : Nathalie Bertrand.

In [15] , we consider the standard model of finite two-person zero-sum stochastic games with signals. We are interested in the existence of almost-surely winning or positively winning strategies, under reachability, safety, Büchi or co-Büchi winning objectives. We prove two qualitative determinacy results. First, in a reachability game either player 1 can achieve almost-surely the reachability objective, or player 2 can ensure surely the complementary safety objective, or both players have positively winning strategies. Second, in a Büchi game if player 1 cannot achieve almost-surely the Büchi objective, then player 2 can ensure positively the complementary co-Büchi objective. We prove that players only need strategies with finite-memory, whose sizes range from no memory at all to doubly-exponential number of states, with matching lower bounds. Together with the qualitative determinacy results, we also provide fix-point algorithms for deciding which player has an almost-surely winning or a positively winning strategy and for computing the finite memory strategy. Complexity ranges from EXPTIME to 2-EXPTIME with matching lower bounds, and better complexity can be achieved for some special cases where one of the players is better informed than her opponent. This work was done in collaboration with B. Genest (Distribcom EPI) and H. Gimbert (Labri).

#### Control of Infinite Symbolic Transitions Systems under Partial Observation

Participant : Hervé Marchand.

We provide models of safe controllers both for potentially blocking and non blocking controlled systems. To obtain algorithms for these problems, we make the use of abstract interpretation techniques which provide over-approximations of the transitions set to be disabled. To our knowledge, with the hypotheses taken, the improved version of our algorithm provides a better solution than what was previously proposed in the literature. Our tool SMACS allowed us to make an empirical validation of our methods to show their feasibility and usability [22] . This work has been extended to the case of decentralized control in [27] . Finally, on the same model, but assuming that the system is finite, we have studied the computational complexity of several decision and optimization control problems arising in partially observed discrete event systems [21] . This work has been done in cooperation with T. Massart, G. Kalyon and T. Le Gall (Université libre de Bruxelles).

#### Discrete controller synthesis for modular reactive systems

Participant : Hervé Marchand.

Following preliminaries results [12] , we have been interested in the extension of a reactive programming language with a behavioral contract construct [31] . It is particularly dedicated to the programming of reactive control of applications in embedded systems, and involves principles of the supervisory control of discrete event systems. Our contribution is in a language approach where modular discrete controller synthesis (DCS) is integrated, and it is concretized in the encapsulation of DCS into a compilation process. From transition system specifications of possible behaviors, DCS automatically produces controllers that make the controlled system satisfy the property given as objective. Our language features and compiling technique hence provide correctness-by-construction in that sense, and enhance reliability and verifiability. An application domain particularly targeted at is that of adaptive and reconfigurable systems: closed-loop adaptation mechanisms enable flexible execution of functionalities w.r.t. changing resource and environment conditions. This language can serve programming such adaption controllers. This work has been done in cooperation with E. Rutten and G. Delaval (INRIA Grenoble).

#### Opacity Enforcing Control Synthesis

Participants : Jérémy Dubreil, Hervé Marchand.

In the field of computer security, a problem that received little
attention so far is the enforcement of confidentiality properties by
supervisory control. Given a critical system G that may leak
confidential information (a secret), the problem consists in designing
a controller C , possibly disabling occurrences of a fixed subset of
events of G , so that the closed-loop system G/C does not leak
confidential information. We consider this problem in the case where
G is a finite transition system with set of events and an
inquisitive user, called the adversary, observes a subset _{a}
of . When the secret can be disclosed. We present an
effective algorithm for computing the most permissive controller C
such that S is opaque w.r.t. G/C and _{a} . This algorithm
subsumes two earlier algorithms presented in [40] working
under the strong assumption that the alphabet _{a} of the
adversary and the set of events that the controller can disable are
comparable. This work publised as a research report ([32] )
has been accepted for publication in 2010 in IEEE Transaction
Automatic and Control [9] . This work has been done in
cooperation with Ph. Darondeau (S4 EPI).

In [18] , we followed a different approach. We introduced the notion dynamic partial observability where the set of events the user can observe changes over time. We have shown how to check that a system is opaque w.r.t. to a dynamic observer and also addressed the corresponding synthesis problem: given a system G and secret states S, compute the set of dynamic observers under which S is opaque. It turned out that this problem can be reduced to a two-players safety game and that the set of such observers can be finitely represented and can be computed in EXPTIME. This work has been done in cooperation with F. Cassez (IRCCyN).