## Section: New Results

### Formal Methods for Developing and Analyzing Algorithms and Systems

Participants : Marie Duflot-Kremer, Margaux Duroeulx, Souad Kherroubi, Poonam Kumari, Dominique Méry, Stephan Merz, Nicolas Schnepf, Christoph Weidenbach.

#### Making Explicit Domain Knowledge in Formal System Development

Joint work with partners of the IMPEX project.

As explained in the description of the IMPEX project in section 9.1, we advocate that formal modeling languages should explicitly represent the knowledge resulting from an analysis of the application domain, and that ontologies are good candidates for handling explicit domain knowledge. Our objective in doing so is to offer rigorous mechanisms for handling domain knowledge in design models.

We developed the notion of dependency for state-based models. Context-awareness is an important feature in system design. We argue that in proof systems and conceptual modelling this notion should be highlighted precisely. Since we focus on conceptual modelling, understandability and clarity are of high importance. We introduce a new definition [37] for proof context in state-based formalisms with an application to the Event-B modeling language. Furthermore, we introduce a dependency relation between two Event-B models. The contextualization of Event-B models is based on knowledge provided from domains that we classified into constraints, hypotheses and dependencies. The dependency mechanism between two models makes it possible to structure the development of systems models, by organizing phases identified in the analyzed process. These ideas are inspired by work based on the modelling of situations in situation theory that emphasize capabilities of type theory with regard to situation modelling to represent knowledge. Our approach is illustrated on small case studies, and was validated on a development of design patterns for voting protocols.

#### Incremental Development of Systems and Algorithms

Joint work with Manamiary Bruno Andriamiarina, Neeraj Kumar Singh (IRIT, Toulouse), Rosemary Monahan (NUI Maynooth, Ireland), Zheng Cheng (LINA, Nantes), and Mohammed Mosbah (LaBRI, Bordeaux).

The development of distributed algorithms and, more generally, of distributed systems, is a complex, delicate, and challenging process. The approach based on refinement applies a design methodology that starts from the most abstract model and leads, in an incremental way, to a distributed solution. The use of a proof assistant gives a formal guarantee on the conformance of each refinement with the model preceding it.

Our main result during 2017 is the development of a proved-based pattern for integrating the local computation models and the Visidia platform [32].

#### Modeling Network Flows in View of Building Security Chains

Joint work with Rémi Badonnel and Abdelkader Lahmadi of the Madynes team of Inria Nancy – Grand Est.

We are working on the application of formal modeling and verification techniques in the area of network communications, and in particular for constructing security functions in a setting of software-defined networks (SDN). Concretely, Nicolas Schnepf defined an extension of the Pyretic language [58] taking into account both the control and the data planes of SDN controllers and implemented a translation of that extension to the input languages of the nuXmv model checker and of SMT solvers. This work was published at NetSoft 2017 [38].

Extending this approach, we have worked on inferring probabilistic finite-state automata models that represent network flows generated by Android applications. The objective is to exploit this representation for generating security chains that detect significant deviations from the behavior represented by the automata and can initiate protective actions. Comparing our models with automata produced by the state-of-the-art tools Invarimint and Synoptic, we obtain representations that are as succinct as those inferred by Invarimint, and significantly smaller than Synoptic, but that include information about transition probability, which Invarimint does not. This work was accepted for publication at NOMS 2018.

#### Satisfiability Techniques for Reliability Assessment

Joint work with Nicolae Brînzei at *Centre de Recherche en
Automatique de Nancy*.

The reliability of complex systems is typically assessed using probabilistic
methods, based on the probabilities of failures of individual components,
relying on graphical representations such as fault trees or reliability block
diagrams. Mathematically, the dependency of the overall system on the working
status of its components is described by its Boolean-valued *structure
function*, and binary decision diagrams (BDDs) have been used to construct a
succinct representation of that function. We explore the use of modern
satisfiability techniques as an alternative to BDD-based algorithms. In
[30], we develop three different algorithms for
computing minimal tie sets (i.e., component configurations that ensure that
the system is functioning). Our algorithms are based on either conjunctive or
disjunctive normal form representations of the structure function or on the
Hasse diagram representing the configurations. These algorithms have been
prototypically implemented in Python, and we are evaluating them on existing
benchmarks in order to understand which algorithm works best for typical fault
dependencies.

#### Statistical evaluation of the robustness of production schedules

Joint work with Alexis Aubry, Sara Himmiche, Pascale Marangé, and Jean-François Pétin at Centre de Recherche en Automatique de Nancy.

Finding a good schedule for a production system, especially when it is flexible and when several machines can perform the same operation on products, is a challenging and interesting problem. For a long time, operations research has provided state-of-the-art methods for optimizing scheduling problems. However, approaches based on Discrete Event Systems present interesting alternatives, especially when dealing with uncertainties on the demand or the production time. In this particular case, the flexibility of the automata-based modeling approach is really useful. Using probabilistic timed automata, we demonstrated [35] that statistical model checking can be used successfully for evaluating the robustness of a given schedule w.r.t. probabilistic variations of the processing time. We were thus able to compare different schedules based on their level of service (i.e., the probability that the system will complete the production process within a deadline slightly higher that the schedule time) and their sensitivity (the minimal deadline for which the level of service is greater than a given threshold) [42].

An interdisciplinary workshop on this topic was organized jointly with our colleagues of Centre de Recherche en Automatique and funded by Fédération Charles Hermite.

#### Using Cubicle for Verifying TLA^{+} Specifications

Cubicle (http://cubicle.lri.fr) is a model checker for the
verification of parameterized transition systems whose state is described by
arrays of variables indexed by an abstract sort representing processes. During
her internship, Poonam Kumari designed a translation algorithm from a
restricted class of TLA^{+} specifications into the input language of
Cubicle. A prototypical implementation demonstrates the feasibility of the
approach, although more work will be necessary to widen the scope of the
translation. This work will be continued within the PARDI project, described
in section 9.1.