Quadratic Zonotopes:An extension of Zonotopes to Quadratic Arithmetics

Affine forms are a common way to represent convex sets of $\mathbb{R}$ using a base of error terms $\epsilon \in [-1, 1]^m$. Quadratic forms are an extension of affine forms enabling the use of quadratic error terms $\epsilon_i \epsilon_j$. In static analysis, the zonotope domain, a relational abstract domain based on affine forms has been used in a wide set of settings, e.g. set-based simulation for hybrid systems, or floating point analysis, providing relational abstraction of functions with a cost linear in the number of errors terms. In this paper, we propose a quadratic version of zonotopes. We also present a new algorithm based on semi-definite programming to project a quadratic zonotope, and therefore quadratic forms, to intervals. All presented material has been implemented and applied on representative examples.Comment: 17 pages, 5 figures, 1 tabl

A Sums-of-Squares Extension of Policy Iterations

In order to address the imprecision often introduced by widening operators in static analysis, policy iteration based on min-computations amounts to considering the characterization of reachable value set of a program as an iterative computation of policies, starting from a post-fixpoint. Computing each policy and the associated invariant relies on a sequence of numerical optimizations. While the early research efforts relied on linear programming (LP) to address linear properties of linear programs, the current state of the art is still limited to the analysis of linear programs with at most quadratic invariants, relying on semidefinite programming (SDP) solvers to compute policies, and LP solvers to refine invariants. We propose here to extend the class of programs considered through the use of Sums-of-Squares (SOS) based optimization. Our approach enables the precise analysis of switched systems with polynomial updates and guards. The analysis presented has been implemented in Matlab and applied on existing programs coming from the system control literature, improving both the range of analyzable systems and the precision of previously handled ones.Comment: 29 pages, 4 figure

Analyse statique d'un calcul d'acteurs par interprétation abstraite

The Actor model, introduced by HEWITT and AGHA in the late 80s, describes a concurrent communicating system as a set of autonomous agents, with non uniform interfaces and communicating by the use of labeled messages. The CAP process calculus, proposed by COLAÇO, is based on this model and allows to describe non trivial realistic systems, without the need of complex encodings. CAP is a higher-order calculus: messages can carry actor behaviors. Multiple works address the analysis of CAP properties, mainly by the use of inference-based type systems using behavioral types and sub-typing. Otherwise, more recent works, by VENET and later FERET, propose the use of abstract interpretation to analyze process calculi. These approaches allow to compute non-uniform properties. For example, they are able to differentiate recursive instances of the same thread. This thesis is at the crossroad of these two approaches, applying abstract interpretation to the analysis of CAP. Following the framework of FERET, CAP is firstly expressed in a non standard form, easing its analysis. The set of reachable states is then over-approximated via a sound by construction representation within existing abstract domains. New general abstract domains are then introduced in order to improve the accuracy of existing analyses or to represent local properties. CAP specific properties such as the linearity of terms or the absence of orphan messages, are then considered in this framework. Specific abstract domains are defined and used to check these properties. The proposed framework is able to relax any existing restriction of previous analyses such as constraints on the shape of terms or limitation in the use of CAP behavior passing. The whole analyses have been implemented in a prototype.Le modèle des Acteurs, introduit par HEWITT et AGHA à la fin des années 80, décrit un système concurrent comme un ensemble d'agents autonomes au comportement non uniforme et communiquant de façon point-à-point par l'envoi de messages étiquetés. Le calcul CAP, proposé par COLAÇO, est un calcul de processus basé sur ce modèle qui permet de décrire sans encodage complexe des systèmes réalistes non triviaux. Ce calcul permet, entre autre, la communication de comportements via les messages et est, en ce sens, un calcul d'ordre supérieur. L'analyse de propriétés sur ce calcul a déjà fait l'objet de plusieurs travaux, essentiellement par inférence de type en utilisant des types comportementaux et du sous-typage. Par ailleurs, des travaux plus récents, effectués par VENET puis FERET, proposent une utilisation de l'interprétation abstraite pour l'analyse de calculs de processus. Ces approches permettent de calculer des propriétés non uniformes : elles permettent, par exemple, de différencier les instances récursives d'un même processus. Cette thèse s'inscrit donc dans la suite de ces deux approches, en appliquant l'interprétation abstraite à l'analyse de CAP. Suivant le cadre proposé par FERET, CAP est, tout d'abord, exprimé dans une forme non standard facilitant les analyses. L'ensemble des configurations atteignables est ensuite sur-approximé via une représentation, correcte par construction, dans des domaines abstraits. Des domaines abstraits généraux sont ensuite introduits afin d'améliorer les analyses existantes ou de représenter des propriétés locales à un sous-terme. Des propriétés spécifiques à CAP, la linéarité des termes et l'absence de messages orphelins, sont alors étudiées dans ce cadre. Des domaines spécifiques sont définis et utilisés pour vérifier ces propriétés. Le cadre présenté permet de lever toutes les restrictions existantes des analyses précédentes quant à la forme des termes ou l'utilisation du passage de comportement. L'intégralité des analyses présentées a été implantée dans un prototype

A Framework to Formalise the MDE Foundations

International audienceDomain-Specific Language (DSL) are getting more and more popular and are being used in critical systems like aerospace and car industries. Methods for simulating and validating DSL models are now necessary in order to make the new software generation more reliable and less costly. Developing analysis tools for DSL requires the definition of models semantics. In this paper, we propose a framework to give a formal foundation of the Model-Driven Engineering (MDE) approach. We separate the usually common notions of models and modelling languages associating to each of them a different goal. In order to prove the consistency of our proposal we express a subset of EMOF, its static semantics and validate its meta-circularity

Essay on Semantics Definition in MDE. An Instrumented Approach for Model Verification

International audienceIn the context of MDE (Model-Driven Engineering), our objective is to define the semantics for a given DSL (Domain Specific Language) either to simulate its models or to check properties on them using model-checking techniques. In both cases, the purpose is to formalize the DSL semantics as it is known by the DSL designer but often in an informal way. After several experiments to define operational semantics on the one hand, and translational semantics on the other hand, we discuss both approaches and we specify in which cases these semantics seem to be judicious. As a second step, we introduce a pragmatic and instrumented approach to define a translational semantics and to validate it against a reference operational semantics expressed by the DSL designer. We apply this approach to the xSPEM process description language in order to verify process models

Reducing Collision Risk in Multi-Agent Path Planning: Application to Air traffic Management

To minimize collision risks in the multi-agent path planning problem with stochastic transition dynamics, we formulate a Markov decision process congestion game with a multi-linear congestion cost. Players within the game complete individual tasks while minimizing their own collision risks. We show that the set of Nash equilibria coincides with the first-order KKT points of a non-convex optimization problem. Our game is applied to a historical flight plan over France to reduce collision risks between commercial aircraft.Comment: 6 pages, 2 figure

A Property-Driven Approach to Formal Verification of Process Models

Enterprise Information Systems, 9th International Conference, ICEIS 2007, Funchal, Madeira, June 12-16, 2007, Revised Selected PapersInternational audienceMore and more, models, through Domain Specific Languages (DSL), tend to be the solution to define complex systems. Expressing properties specific to these metamodels, and checking them, appear as an urgent need. Until now, the only complete industrial solutions that are available consider structural properties such as the ones that could be expressed in OCL. There are although some attempts on behavioural properties for DSL. This paper addresses a method to specify and then check temporal properties over models. The case study is SimplePDL, a process metamodel. We propose a way to use a temporal extension of OCL, TOCL, to express properties. We specify a models transformation to Petri Nets and LTL formulae for both the process model and its associated temporal properties. We check these properties using a model checker and enrich the model with the analysis results. This work is a first step towards a generic framework to specify and effectively check temporal properties over arbitrary models

Set-based value operators for non-stationary Markovian environments

This paper analyzes finite state Markov Decision Processes (MDPs) with uncertain parameters in compact sets and re-examines results from robust MDP via set-based fixed point theory. To this end, we generalize the Bellman and policy evaluation operators to contracting operators on the value function space and denote them as \emph{value operators}. We lift these value operators to act on \emph{sets} of value functions and denote them as \emph{set-based value operators}. We prove that the set-based value operators are \emph{contractions} in the space of compact value function sets. Leveraging insights from set theory, we generalize the rectangularity condition in classic robust MDP literature to a containment condition for all value operators, which is weaker and can be applied to a larger set of parameter-uncertain MDPs and contracting operators in dynamic programming. We prove that both the rectangularity condition and the containment condition sufficiently ensure that the set-based value operator's fixed point set contains its own extrema elements. For convex and compact sets of uncertain MDP parameters, we show equivalence between the classic robust value function and the supremum of the fixed point set of the set-based Bellman operator. Under dynamically changing MDP parameters in compact sets, we prove a set convergence result for value iteration, which otherwise may not converge to a single value function. Finally, we derive novel guarantees for probabilistic path-planning problems in planet exploration and stratospheric station-keeping.Comment: 17 pages, 11 figures, 1 tabl