Certified Impossibility Results for Byzantine-Tolerant Mobile Robots

We propose a framework to build formal developments for robot networks using the COQ proof assistant, to state and to prove formally various properties. We focus in this paper on impossibility proofs, as it is natural to take advantage of the COQ higher order calculus to reason about algorithms as abstract objects. We present in particular formal proofs of two impossibility results forconvergence of oblivious mobile robots if respectively more than one half and more than one third of the robots exhibit Byzantine failures, starting from the original theorems by Bouzid et al.. Thanks to our formalization, the corresponding COQ developments are quite compact. To our knowledge, these are the first certified (in the sense of formally proved) impossibility results for robot networks

Compilation certifiée de SCADE/LUSTRE

Les langages synchrones sont apparus autour des années quatre-vingt, en réponse à un besoin d avoir un modèle mathématique simple pour implémenter des systèmes temps réel critiques. Dans ce modèle, le temps est découpé en instants discrets durant lesquels tous les composants du système reçoivent et produisent une donnée. Cette modélisation permet des raisonnements beaucoup plus simples en évitant de devoir prendre en compte le temps de calcul de chaque opération. Dans le monde du logiciel critique, la fiabilité du matériel et de son fonctionnement sont primordiaux, et on accepte d être plus lent si on devient plus sûr. Afin d augmenter cette fiabilité, plutôt que de concevoir manuellement tout le système, on utilise des machines qui synthétisent automatiquement le système souhaité à partir d une description la plus concise possible. Dans le cas du logiciel, ce mécanisme s appelle la compilation, et évite des erreurs introduites par l homme par inadvertance. Elle ne garantit cependant pas la bonne correspondance entre le système produit et la description donnée. Des travaux récents menés par une équipe INRIA dirigée par Xavier Leroy ont abouti en 2008 au compilateur CompCert d un sous-ensemble large de C vers l assembleur PowerPC pour lequel il a été prouvé dans l assistant de preuve Coq que le code assembleur produit correspond bien à la description en C du programme source. Un tel compilateur offre des garanties fortes de bonne correspondance entre le système synthétisé et la description donnée. De plus, avec les compilateurs utilisés pour le temps réel critique, la plupart des optimisations sont désactivées afin d éviter les erreurs qui y sont liées. Dans CompCert, des optimisations elles aussi prouvées sont proposées, ce qui pourrait permettre ces passes dans la production de systèmes temps réel critiques sans en compromettre la fiabilité. Le but de cette thèse est d avoir une approche similaire mais spécifique à un langage synchrone, donc plus approprié à la description de systèmes temps réel critiques que ne l est le C. Un langage synchrone flots de données semblable à Lustre, nommé Ls, et un langage impératif semblable au langage C, nommé Obc y sont proposés ainsi que leur sémantique formelle et une chaîne de compilation avec des preuves de préservation de sémantique le long de cette chaîne.Synchronous languages first appeared during the 80 s, in order to provide a mathematical model for safety-critical systems. In this model, time is discrete. At each instant, all components of the system simultaneously receive and produce some data. This model allows simpler reasonning on the behaviour of the system, as it does not involve the time required for each of the operations for every component. In safety-critical systems, safety is the rule, so a poor performance behaviour can be allowed if it improves safety. In order to improve safety, rather than conceiving directly the system, machines are used to automatically design the system from a given concise description. In the case of software, this machine is called a compiler, and avoids issues due to some human inadvertence. But it does not ensure that the produced system and the description specification really show the same behaviour. Some recent work from an INRIA team lead by Xavier Leroy achieved in 2008 the realisation of the CompCert compiler from a large subset of C to PowerPC assembly, for which it was proven inside of the Coq proof assistant that the produced system fits its source description. Such a compiler offers strong guarantees that the produced system and its given description by the programmer really fit. Furthermore, most current compiler s optimizations are disabled when dealing with safety-critical systems in order to avoid tedious compilation errors that optimizations may introduce. Proofs for optimizations may allow their use in this domain without affecting the faith we could place in the compiler. The aim of this thesis is to follow a similar path, but this one on a language which would be more suited for safety-critical systems than the C programming language. Some dataflow synchronous programming language very similar to Lustre, called Ls is described with its formal semantics, as well as an imperative programming language similar to a subset of C called Obc. Furthermore some compilation process is described as well as some proofs that the semantics is preserved during the compilation process.PARIS11-SCD-Bib. électronique (914719901) / SudocSudocFranceF

Certified Impossibility Results for Byzantine-Tolerant Mobile Robots

We propose a framework to build formal developments for robot networks using the COQ proof assistant, to state and to prove formally various properties. We focus in this paper on impossibility proofs, as it is natural to take advantage of the COQ higher order calculus to reason about algorithms as abstract objects. We present in particular formal proofs of two impossibility results forconvergence of oblivious mobile robots if respectively more than one half and more than one third of the robots exhibit Byzantine failures, starting from the original theorems by Bouzid et al.. Thanks to our formalization, the corresponding COQ developments are quite compact. To our knowledge, these are the first certified (in the sense of formally proved) impossibility results for robot networks

Certified compilation of SCADE/LUSTRE

Les langages synchrones sont apparus autour des années quatre-vingt, en réponse à un besoin d’avoir un modèle mathématique simple pour implémenter des systèmes temps réel critiques. Dans ce modèle, le temps est découpé en instants discrets durant lesquels tous les composants du système reçoivent et produisent une donnée. Cette modélisation permet des raisonnements beaucoup plus simples en évitant de devoir prendre en compte le temps de calcul de chaque opération. Dans le monde du logiciel critique, la fiabilité du matériel et de son fonctionnement sont primordiaux, et on accepte d’être plus lent si on devient plus sûr. Afin d’augmenter cette fiabilité, plutôt que de concevoir manuellement tout le système, on utilise des machines qui synthétisent automatiquement le système souhaité à partir d’une description la plus concise possible. Dans le cas du logiciel, ce mécanisme s’appelle la compilation, et évite des erreurs introduites par l’homme par inadvertance. Elle ne garantit cependant pas la bonne correspondance entre le système produit et la description donnée. Des travaux récents menés par une équipe INRIA dirigée par Xavier Leroy ont abouti en 2008 au compilateur CompCert d’un sous-ensemble large de C vers l’assembleur PowerPC pour lequel il a été prouvé dans l’assistant de preuve Coq que le code assembleur produit correspond bien à la description en C du programme source. Un tel compilateur offre des garanties fortes de bonne correspondance entre le système synthétisé et la description donnée. De plus, avec les compilateurs utilisés pour le temps réel critique, la plupart des optimisations sont désactivées afin d’éviter les erreurs qui y sont liées. Dans CompCert, des optimisations elles aussi prouvées sont proposées, ce qui pourrait permettre ces passes dans la production de systèmes temps réel critiques sans en compromettre la fiabilité. Le but de cette thèse est d’avoir une approche similaire mais spécifique à un langage synchrone, donc plus approprié à la description de systèmes temps réel critiques que ne l’est le C. Un langage synchrone flots de données semblable à Lustre, nommé Ls, et un langage impératif semblable au langage C, nommé Obc y sont proposés ainsi que leur sémantique formelle et une chaîne de compilation avec des preuves de préservation de sémantique le long de cette chaîne.Synchronous languages first appeared during the 80’s, in order to provide a mathematical model for safety-critical systems. In this model, time is discrete. At each instant, all components of the system simultaneously receive and produce some data. This model allows simpler reasonning on the behaviour of the system, as it does not involve the time required for each of the operations for every component. In safety-critical systems, safety is the rule, so a poor performance behaviour can be allowed if it improves safety. In order to improve safety, rather than conceiving directly the system, machines are used to automatically design the system from a given concise description. In the case of software, this machine is called a compiler, and avoids issues due to some human inadvertence. But it does not ensure that the produced system and the description specification really show the same behaviour. Some recent work from an INRIA team lead by Xavier Leroy achieved in 2008 the realisation of the CompCert compiler from a large subset of C to PowerPC assembly, for which it was proven inside of the Coq proof assistant that the produced system fits its source description. Such a compiler offers strong guarantees that the produced system and its given description by the programmer really fit. Furthermore, most current compiler’s optimizations are disabled when dealing with safety-critical systems in order to avoid tedious compilation errors that optimizations may introduce. Proofs for optimizations may allow their use in this domain without affecting the faith we could place in the compiler. The aim of this thesis is to follow a similar path, but this one on a language which would be more suited for safety-critical systems than the C programming language. Some dataflow synchronous programming language very similar to Lustre, called Ls is described with its formal semantics, as well as an imperative programming language similar to a subset of C called Obc. Furthermore some compilation process is described as well as some proofs that the semantics is preserved during the compilation process

Geoarcheology and Prehistory of the Saint-Pierre-et-Miquelon archipelago: theoretical issues, methods and first results

International audienceA first heritage approach was initiated in 2017 by the Prefecture of Saint- Pierre and Miquelon and the Ministry of Culture in order to give a temporal depth to a proposal to classify the archipelago as UNESCO World Heritage Site. It also involved intervention on the Amerindian and Paleoeskimo site of Anse-à-Henry, which has been strongly affected by marine erosion. The team gathered around Réginald Auger and Grégor Marchand wished to install this archaeological intervention in a wider reflection on the occupation networks of the entire archipelago before the European occupations, which should lead to an archaeological map. As a matter of principle, it is no longer possible to neglect erosion, which strongly constrains the nature of the «archaeological signal» delivered by the sediments and which damages the heritage. The landscapes of the past and the understanding of the resources available at different times are not possible either without a thorough investigation of geo¬graphical conditions. The archaeological project in Saint-Pierre and Miquelon therefore immediately associates geomorphology and archaeology, in the ser¬vice of a strong societal demand. This paper presents the methods adopted, with an initial state of the archaeological map established after processing LiDAR images in 2018, followed by surveys of prehistoric sites (habitats and volcanic rock extraction workshops). Finally, it focuses on the tools deployed at Anse-à-Henry, to identify habitat areas and propose an erosion model that should lead to recommendations to anticipate its destruction.Une première démarche patrimoniale a été initiée en 2017 par la Préfecture de Saint-Pierre et Miquelon et le Ministère de la Culture afin de donner une profondeur temporelle à une proposition de classement de l’archipel au titre du patrimoine mondial de l’UNESCO. Il s’agissait également d’intervenir sur le site amérindien et paléoesquimau de l’Anse-à-Henry, fortement menacé par l’érosion marine. L’équipe regroupée autour de Réginald Auger et Grégor Marchand a souhaité installer cette intervention archéologique dans une plus ample réflexion sur les réseaux d’occupation de l’archipel en son entier avant les occupations européennes, qui doit mener à une carte archéologique. Par principe, il n’est plus possible de négliger l’érosion, qui contraint fortement la nature du « signal archéologique » livré par les sédiments et qui porte atteinte au patrimoine. Les paysages du passé et la compréhension des ressources disponibles à différentes époques ne se livrent pas non plus sans une enquête poussée des conditions géographiques. Le projet archéologique de Saint-Pierre et Miquelon associe donc d’emblée la géomorphologie et l’archéologie, au service d’une demande sociétale forte

Caractériser les neurorécepteurs de tiques pour le développement de nouveaux acaricides plus spécifiques et durables : le projet Xenobio-Tick

National audienc

Geoarcheology and Prehistory of the St Pierre and Miquelon archipelago: theoretical issues, methods and preliminary results

International audienceThe French overseas territory of St Pierre and Miquelon comprises three main islands and is located approximately 20 km south of the island of Newfoundland (Canada). As part of a UNESCO project to classify maritime heritage, a Franco-Canadian team has begun excavating the coastal site of Anse à Henry, which was occupied from the Maritime Archaic time to the historical period. Integrating multiple scales of analysis, the scientific approach adopted is more global than just a simple excavation. It includes a geomorphological component (monitoring erosion, changes in sea levels) and an archaeological component (inventory of the heritage, dating of the various occupations, reconstruction of occupation networks). The project began in 2018 with a systematic survey of archaeological anomalies using LIDAR data, which led to the identification of 43 areas with high potential for habitat remains. Analyses of the shoreline morphologies of Anse à Henry reveal that different sectors of coastline have been affected either by marine erosion processes (wave action) or by subaerial processes such as runoff, colluviation, etc. The 2019, 2021 excavations uncovered extremely well-preserved Groswater occupations in the low-lying area of the site and demonstrated the extent of the site area; a substantial addition to what was excavated in the early 2000s. The Middle Dorset and First Nations occupations (Recent Tradition) have also left abundant remains, but more scattered over the 3.6-hectare site. Surveys throughout the archipelago led to the discovery of five quarries, including the Bois Brûlé quarry in St Pierre exploited for its rhyolite deposits. Results of the geochemical analyses conducted on the Bois Brulé samples link some of these quarries to objects collected at Anse à Henry

Geoarcheology and Prehistory of the St Pierre and Miquelon archipelago: theoretical issues, methods and preliminary results

International audienceThe French overseas territory of St Pierre and Miquelon comprises three main islands and is located approximately 20 km south of the island of Newfoundland (Canada). As part of a UNESCO project to classify maritime heritage, a Franco-Canadian team has begun excavating the coastal site of Anse à Henry, which was occupied from the Maritime Archaic time to the historical period. Integrating multiple scales of analysis, the scientific approach adopted is more global than just a simple excavation. It includes a geomorphological component (monitoring erosion, changes in sea levels) and an archaeological component (inventory of the heritage, dating of the various occupations, reconstruction of occupation networks). The project began in 2018 with a systematic survey of archaeological anomalies using LIDAR data, which led to the identification of 43 areas with high potential for habitat remains. Analyses of the shoreline morphologies of Anse à Henry reveal that different sectors of coastline have been affected either by marine erosion processes (wave action) or by subaerial processes such as runoff, colluviation, etc. The 2019, 2021 excavations uncovered extremely well-preserved Groswater occupations in the low-lying area of the site and demonstrated the extent of the site area; a substantial addition to what was excavated in the early 2000s. The Middle Dorset and First Nations occupations (Recent Tradition) have also left abundant remains, but more scattered over the 3.6-hectare site. Surveys throughout the archipelago led to the discovery of five quarries, including the Bois Brûlé quarry in St Pierre exploited for its rhyolite deposits. Results of the geochemical analyses conducted on the Bois Brulé samples link some of these quarries to objects collected at Anse à Henry