Preuves par raffinement de programmes avec pointeurs

Le but de cette thèse est de spécifier et prouver des programmes avec pointeurs, tels que des programmes C, en utilisant des techniques de raffinement. L approche proposée permet de faire un compromis entre les techniques complexes qui existent dans la littérature et ce qui est utilisable dans l industrie, en conciliant légèreté des annotations et restrictions sur les alias. Nous définissons, dans un premier temps, un langage d étude, qui s inspire du langage C, et dans lequel le seul type de données mutable possible est le type des structures, auquel on accède uniquement à travers des pointeurs. Afin de structurer nos programmes, nous munissons notre langage d une notion de module et des concepts issus de la théorie du raffinement tels que les variables abstraites que nous formalisons par des champs modèle, et les invariants de collage. Ceci nous permet d écrire des programmes structurés en composants. L introduction des invariants de données dans notre langage soulève des problématiques liées au partage de pointeurs. En effet, en cas d alias, on risque de ne plus pouvoir garantir la validité de l invariant de données d une structure. Nous interdisons, alors l aliasing (le partage de référence) dans notre langage. Pour contrôler les accès à la mémoire, nous définissons un système de type, basé sur la notion de régions. Cette contribution s inspire de la théorie du raffinement et a pour but, de rendre les programmes les plus modulaires possible et leurs preuves les plus automatiques possible. Nous définissons, sur ce langage, un mécanisme de génération d obligations de preuve en proposant un calcul de plus faible précondition incorporant du raffinement. Nous prouvons ensuite, la correction de ce mécanisme de génération d obligations de preuve par une méthode originale, fondée sur la notion de sémantique bloquante, qui s apparente à une preuve de type soundness et qui consiste donc, à prouver la préservation puis le progrès de ce calcul. Nous étendons, dans un deuxième temps, notre langage en levant partiellement la restriction liée au partage de références. Nous permettons, notamment, le partage de références lorsqu aucun invariant de données n est associé au type structure référencé. De plus, nous introduisons le type des tableaux, ainsi que les variables globales et l affectation qui ne font pas partie du langage noyau. Pour chacune des extensions citées ci-dessus, nous étendons la définition et la preuve de correction du calcul de plus faible précondition en conséquence. Nous proposons enfin, une implantation de cette approche sous forme d un greffon de Frama-C (http://frama-c.com/). Nous expérimentons notre implantation sur des exemples de modules implantant des structures de données complexes, en particulier des défis issus du challenge VACID0 (http://vacid. codeplex.com/), à savoir les tableaux creux (Sparse Array) et les tas binaires.The purpose of this thesis is to specify and prove programs with pointers, such as C programs, using refinement techniques. The proposed approach allows a compromise between the complexe methods that exist in the literature and what is used in industry, reconciling lightness annotations and restrictions on the alias. We define, firstly, a language study, based on the C language, in which the only type of mutable data allowed is the type of structures, which can be accessed only through pointers. In order to structure our programs, we bring our language with a module notion and concepts issue from a refinement theory such as abstract variables that we formalize by model fields and gluing invariants. This allows us to write programs structured by components. Introducing invariants in our language raises issues related to aliasing. Indeed, in presence of alias, we might not be able to guarantee the validity of the invariant data structure. We forbid then the aliasing in our language. To control memory access, we define a type system based on the concept of regions. This contribution is based on the theory and refinement. It aims to make programs as modular as possible and proofs as automatic as possible. We define on this language, a mechanism for generation of proof obligations by proposing a weakest precondition calculus incorporating refinement. Next we prove the correction of this proof obligations generation mechnaism by an original method based on the concept of blocking semantic, which is similar to a proof of type soundness, and consists therefore, to proove the preservation and the progress of the defined calculus. Secondly, we extend our language by, partially, lifting the restrictions related to aliasing. We allow, in particular, sharing when no invariant is associated to the referenced data structure. In addition, we introduce the type of arrays, global variables, and assignment that are not part of the core language. For each of the extensions mentioned above, we extend the definition and correctness proof of the weakest precondition calculus accordingly. Finally, we propose an implementation of this approach as a Frama-C plugin(http ://frama-c.com/). We experimente our implantation on examples of modules implementing complex data structures, especially the challenges from the challenge VACID0 (http ://vacid. Codeplex.com /), namely sparse srrays and binary heaps.PARIS11-SCD-Bib. électronique (914719901) / SudocSudocFranceF

Evaluation of the overflow failure scenario and hydrograph of an embankment dam with a concrete upstream slope protection

The standard procedure in Quebec, Canada, for evaluating the failure of an embankment dam, per the Loi sur la sécurité des barrages, specifies a 30-min-long failure scenario with a breach width equal to four times the maximal height of the dam. We demonstrate a new method for evaluating the flood overtopping failure scenario for embankment dams with concrete upstream slope protection, using Toulnustouc dam for example computations. Our new methodology computes safety factors for a range of potential failure mechanisms taking into account geotechnical, hydraulic, and structural factors. We compile the results of our investigations of the various dam failure mechanisms and compare the corresponding dam failure hydrographs to the current hydrograph specified in the standard analysis procedures. Our investigations tend to invalidate the current standard procedures for evaluating the failure of rock-fill dams with concrete upstream faces, by indicating that the current standard procedures underestimate the peak failure discharge and overestimate the time to the peak discharge

Modélisation probabiliste du débit de rupture par submersion d’un barrage en remblai

Les barrages en remblai, et les barrages en général, sont dimensionnés pour résister aux différents facteurs (météorologique, sismique, humain) qui pourraient causer leur rupture. Cependant, le risque zéro n’existe pas et la probabilité que chaque barrage soit détruit n’est pas nulle. Dans une optique d’optimisation de la sécurisation des zones en aval du barrage, la méthodologie présentée permet de probabiliser la rupture du barrage par submersion, afin de dépasser la simple évaluation de rupture – non rupture. Le calcul de la probabilité de rupture constitue la première étape, les scénarios de rupture étant principalement liés aux occurrences des crues. La deuxième étape est la probabilisation des hydrogrammes de crue au travers de leurs caractéristiques principales, le débit maximal et la durée nécessaire pour atteindre ce débit

Exacerbation of experimental autoimmune encephalomyelitis in prion protein (PrPc)-null mice: evidence for a critical role of the central nervous system

<p>Abstract</p> <p>Background</p> <p>The cellular prion protein (PrPc) is a host-encoded glycoprotein whose transconformation into PrP scrapie (PrPSc) initiates prion diseases. The role of PrPc in health is still obscure, but many candidate functions have been attributed to the protein, both in the immune and the nervous systems. Recent data show that experimental autoimmune encephalomyelitis (EAE) is worsened in mice lacking PrPc. Disease exacerbation has been attributed to T cells that would differentiate into more aggressive effectors when deprived of PrPc. However, alternative interpretations such as reduced resistance of neurons to autoimmune insult and exacerbated gliosis leading to neuronal deficits were not considered.</p> <p>Method</p> <p>To better discriminate the contribution of immune cells versus neural cells, reciprocal bone marrow chimeras with differential expression of PrPc in the lymphoid or in the central nervous system (CNS) were generated. Mice were subsequently challenged with MOG_35-55peptide and clinical disease as well as histopathology were compared in both groups. Furthermore, to test directly the T cell hypothesis, we compared the encephalitogenicity of adoptively transferred PrPc-deficient versus PrPc-sufficient, anti-MOG T cells.</p> <p>Results</p> <p>First, EAE exacerbation in PrPc-deficient mice was confirmed. Irradiation exacerbated EAE in all the chimeras and controls, but disease was more severe in mice with a PrPc-deleted CNS and a normal immune system than in the reciprocal construction. Moreover, there was no indication that anti-MOG responses were different in PrPc-sufficient and PrPc-deficient mice. Paradoxically, PrPc-deficient anti-MOG 2D2 T cells were less pathogenic than PrPc-expressing 2D2 T cells.</p> <p>Conclusions</p> <p>In view of the present data, it can be concluded that the origin of EAE exacerbation in PrPc-ablated mice resides in the absence of the prion protein in the CNS. Furthermore, the absence of PrPc on both neural and immune cells does not synergize for disease worsening. These conclusions highlight the critical role of PrPc in maintaining the integrity of the CNS in situations of stress, especially during a neuroinflammatory insult.</p

Normalised Rewriting and Normalised Completion

We introduce normalised rewriting, a new rewrite relation. It generalises former notions of rewriting modulo E, dropping some conditions on E. For example, E can now be the theory of identity, idempotency, the theory of Abelian groups, the theory of commutative rings. We give a new completion algorithm for normalised rewriting. It contains as an instance the usual AC completion algorithm, but also the wellknown Buchberger&apos;s algorithm for computing standard bases of polynomial ideals. We investigate the particular case of completion of ground equations, In this case we prove by a uniform method that completion modulo E terminates, for some interesting E. As a consequence, we obtain the decidability of the word problem for some classes of equational theories. We give implementation results which shows the efficiency of normalised completion with respect to completion modulo AC. 1 Introduction Equational axioms are very common in most sciences, including computer science. Equations can ..

The Word Problem of ACD-Ground theories is Undecidable

We prove that there exists an ACD-ground theory --- an equational theory defined by a set of ground equations plus the associativity and commutativity of two binary symbols and +, and the distributivity of over + --- for which the word problem is undecidable. 1 Introduction Equations are ubiquitous in mathematics and the sciences. The word problem of a given a set of equations (that is the problem of deciding if an identity is a consequence of the equations), or equivalently of its equational theory, is undecidable in general. But there are known classes of equational theories which have a decidable word problem, in particular, ground equational theories. The most famous examples of theories with undecidable word problem are given by sets of ground equations over word algebras. Such theories can be considered as associative-ground theories over a certain term algebra, whose signature contains only constants besides the binary (associative) symbol. Their word problem is known to be..

Associative-Commutative Reduction Orderings via Head-Preserving Interpretations

We introduce a generic definition of reduction orderings on term algebras containing associative-commutative (hereafter denoted AC) operators. These orderings are compatible with the AC theory hence makes them suitable for use in deduction systems where AC operators are built-in. Furthermore, they have the nice property of being total on AC classes of ground terms, a required property for example to avoid failure in ACcompletion, or to insure completeness of ordered strategies in first-order theorem proving with built-in AC operators. We show that the two definitions already known of such total and AC-compatible orderings [24, 25] are actually instances of our definition. Finally, we find new such orderings which have more properties, first an ordering based on an integer polynomial interpretation, answering positively to a question left open by Narendran and Rusinowitch, and second an ordering which allow to orient the distributivity axiom in the usual way, answering positively to a ..

Étude analytique et numérique du mouvement de saltation de particules sphériques baignées dans un écoulement permanent à surface libre

Description du mouvement de saltation -- Travaux antérieurs -- Analyse du mouvement de saltation -- Modèle mathématique -- Résolution analytique -- Résolution numérique -- Étude des caractéristiques du mouvement de saltation