## Section: New Results

### Control synthesis

#### Controllers for probabilistic systems

Participant : Nathalie Bertrand.

*Partially Observable Markov Decision Processes* (*POMDP* for
short) have been extensively studied in several research communities,
among which AI and model-checking.
In [16] we address the problem of the
*minimal information* a user needs *at runtime* to achieve a
simple goal, modeled as reaching an objective with probability one.
More precisely, to achieve her goal, the user can either choose at
each step to use partial information only, or pay a fixed cost and
receive full information. The natural question is then to minimize the
cost the user needs to fulfill its objective. This optimization
question gives rise to two different problems, whether we consider to
minimize the *worst case cost*, or the *average cost*. On the
one hand, concerning the worst case cost, we show that efficient
techniques from the model checking community can be adapted to compute
the optimal worst case cost and give optimal strategies for the users.
On the other hand, we show that the optimal average price (a question
typically considered in the AI community) cannot be computed in
general, nor can it be approximated in polynomial time even up to a
large approximation factor.

#### Supervisory control for synchronous systems

##### Controller synthesis and programming language

Participant : Hervé Marchand.

In [24] we define a mixed imperative/declarative programming language: declarative contracts are enforced upon imperatively described behaviors. We rely on the notion of Discrete Controller Synthesis (DCS), a formal technique stemming from control theory and the supervisory control of discrete event systems. We target the application domain of adaptive and reconfigurable computing systems: our language can serve programming closed-loop adaptation controllers, enabling flexible execution of functionalities w.r.t. changing resource and environment conditions. We give a synthetic presentation of the language, its semantics and compilation, and we illustrate its use with the example of a robot system.

##### Symbolic supervisory control of infinite transition systems under partial observation using abstract interpretation

Participant : Hervé Marchand.

In [11] , we propose algorithms for the synthesis of state-feedback controllers with partial observation of infinite state discrete event systems modelled by Symbolic Transition Systems. We provide models of safe memoryless controllers both for potentially deadlocking and deadlock free controlled systems. The termination of the algorithms solving these problems is ensured using abstract interpretation techniques which provide an overapproximation of the transitions to disable. We then extend our algorithms to controllers with memory and to online controllers. We also propose improvements in the synthesis of controllers in the finite case which, to our knowledge, provide more permissive solutions than what was previously proposed in the literature. Our tool SMACS gives an empirical validation of our methods by showing their feasibility, usability and efficiency.

##### Decentralized control of infinite systems

Participant : Hervé Marchand.

In [10] we propose algorithms for the synthesis of decentralized state-feedback controllers with partial observation of infinite state systems, which are modeled by Symbolic Transition Systems. We first consider the computation of safe controllers ensuring the avoidance of a set of forbidden states and then extend this result to the deadlock free case. The termination of the algorithms solving these problems is ensured by the use of abstract interpretation techniques, but at the price of overapproximations, in particular, in the computation of the states which must be avoided. We then extend our algorithms to the case where the system to be controlled is given by a collection of subsystems (modules). This structure is exploited to locally compute a controller for each module. Our tool SMACS gives an empirical evaluation of our methods by showing their feasibility, usability and efficiency.

##### Polychronous controller synthesis from MARTE CCSL timing specifications

Participant : Hervé Marchand.

The UML Profile for Modeling and Analysis of Real-Time and Embedded systems (MARTE) defines a mathematically expressive model of time, the Clock Constraint Specification Language (CCSL), to specify timed annotations on UML diagrams and thus provides them with formally defined timed interpretations. Thanks to its expressive capability, the CCSL allows for the specification of static and dynamic properties, of deterministic and non-deterministic behaviors, or of systems with multiple clock domains. Code generation from such multiclocked specifications (for the purpose of synthesizing a simulator, for instance) is known to be a difficult issue. We address it in [23] by using the approach of controller synthesis. In our framework, a timed CCSL specification is regarded as a property whose satisfaction should be enforced for any UML diagram carrying it as annotation. To do so, CCSL statements are first translated into dynamical polynomial systems. Such systems can be manipulated using the model-checker Sigali to synthesize an executable property (a controller) which enforces the satisfaction of the specified timing constraints on the UML diagram with which it is executed.

#### Control of distributed systems

Participant : Hervé Marchand.

In this work, we consider the control of distributed systems composed of subsystems communicating asynchronously; the aim is to build local controllers that restrict the behavior of a distributed system in order to satisfy a global state avoidance property. We model our distributed systems as communicating finite state machines with reliable unbounded FIFO queues between subsystems. Local controllers can only observe the behavior of their local subsystem and do not see the queue contents. To refine their control policy, the controllers can use the FIFO queues to communicate by piggybacking extra information (some timestamps and their state estimates) to the messages sent by the subsystems [21] . We provide an algorithm that computes, for each local subsystem (and thus for each controller), during the execution of the system, an estimate of the current global state of the distributed system. The local estimate is updated at each message reception. We then define synthesis algorithms allowing to compute the local controllers. Our method relies on the computation of (co)reachable states. Since the reachability problem is undecidable in our model, we use abstract interpretation techniques to obtain regular overapproximations of the possible FIFO queue contents, and hence of the possible current global states. An implementation of our algorithms provides an empirical evaluation of our method [22] .