## About

99

Publications

3,264

Reads

**How we measure 'reads'**

A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more

721

Citations

Citations since 2016

Introduction

## Publications

Publications (99)

Model checking for Halpern and Shoham's interval temporal logic HS has been recently investigated in a systematic way, and it is known to be decidable under three distinct semantics. Here, we focus on the trace-based semantics, where the infinite execution paths (traces) of the given (finite) Kripke structure are the main semantic entities. In this...

Hyperproperties are properties of systems that relate different executions traces, with many applications from security to symmetry, consistency models of concurrency, etc. In recent years, different linear-time logics for specifying asynchronous hyperproperties have been investigated. Though model checking of these logics is undecidable, useful de...

Hyperproperties are properties of systems that relate different executions traces, with many applications from security to symmetry, consistency models of concurrency, etc. In recent years, different linear-time logics for specifying asynchronous hyperproperties have been investigated. Though model checking of these logics is undecidable, useful de...

A classic result by Stockmeyer gives a non-elementary lower bound to the emptiness problem for star-free generalized regular expressions. This result is intimately connected to the satisfiability problem for interval temporal logic, notably for formulas that make use of the so-called chop operator. Such an operator can indeed be interpreted as the...

The expressive power of interval temporal logics (ITLs) makes them one of the
most natural choices in a number of application domains, ranging from the
specification and verification of complex reactive systems to automated
planning. However, for a long time, because of their high computational
complexity, they were considered not suitable for prac...

The problem of timeline-based planning (TP) over dense temporal domains is known to be undecidable in the general case. We first prove that the restriction to the future semantics does not suffice to recover decidability. Then, we introduce two semantic variants of TP, called strong minimal and weak minimal semantics, and show that they allow one t...

In this paper, we establish Pspace-completeness of the finite satisfiability and model checking problems for the fragment of Halpern and Shoham interval logic with modality ⟨E⟩, for the "suffix" relation on pairs of intervals, and modality ⟨D⟩, for the "sub-interval" relation, under the homogeneity assumption. The result significantly improves the...

The choice of the right trade-off between expressiveness and complexity is the main issue in interval temporal logic. In their seminal paper, Halpern and Shoham showed that the satisfiability problem for HS (the temporal logic of Allen's relations) is highly undecidable over any reasonable class of linear orders. In order to recover decidability, o...

Hyperproperties are a modern specification paradigm that extends trace properties to express properties of sets of traces. Temporal logics for hyperproperties studied in the literature, including HyperLTL, assume a synchronous semantics and enjoy a decidable model checking problem. In this paper, we introduce two asynchronous and orthogonal extensi...

Hyperproperties are a modern specification paradigm that extends trace properties to express properties of sets of traces. Temporal logics for hyperproperties studied in the literature, including HyperLTL, assume a synchronous semantics and enjoy a decidable model checking problem. In this paper, we introduce two asynchronous and orthogonal extensi...

The present work focuses on timeline-based planning over dense temporal domains. In automated planning, the temporal domain is commonly assumed to be discrete, the dense case being dealt with by resorting to some form of discretization. In the last years, the planning problem over dense temporal domains has been finally addressed both in the timeli...

Cost-parity games are a fundamental tool in system design for the analysis of reactive and distributed systems that recently have received a lot of attention from the formal methods research community. They allow to reason about the time delay on the requests granted by systems, with a bounded consumption of resources, in their executions.
In this...

The paper focuses on automata and linear temporal logics for real-time pushdown reactive systems bridging tractable formalisms specialized for expressing separately dense-time real-time properties and context-free properties though preserving tractability. As for automata, we introduce Event-Clock Nested Automata (ECNA), a formalism that combines E...

The model checking (MC) problem for Halpern and Shoham's interval temporal logic HS has been recently investigated in a systematic way, and it is known to be decidable. An intriguing open question is the exact complexity of the problem for full HS: it is at least EXPSPACE-hard, and the only known upper bound, which has been obtained by exploiting a...

A classic result by Stockmeyer [16] gives a non-elementary lower bound to the emptiness problem for star-free generalized regular expressions. This result is intimately connected to the satisfiability problem for interval temporal logic, notably for formulas that make use of the so-called chop operator. Such an operator can indeed be interpreted as...

In this paper, we investigate the module-checking problem of pushdown multi-agent systems (PMS) against ATL and ATL* specifications. We establish that for ATL, module checking of PMS is 2EXPTIME-complete, which is the same complexity as pushdown module-checking for CTL. On the other hand, we show that ATL* module-checking of PMS turns out to be 4EX...

The expressive power of interval temporal logics (ITLs) makes them really fascinating, and one of the most natural choices as specification and planning language. However, for a long time, due to their high computational complexity, they were considered not suitable for practical purposes. The recent discovery of several computationally well-behave...

Planning is one of the most studied problems in computer science. In this paper, we focus on the timeline-based approach, where the domain is modeled by a set of independent, but interacting, components, each one represented by a number of state variables, whose behavior over time (timelines) is governed by a set of temporal constraints (transition...

In this paper, we investigate the module-checking problem of pushdown multi-agent systems (PMS) against ATL and ATL* specifications. We establish that for ATL, module checking of PMS is 2EXPTIME-complete, which is the same complexity as pushdown module-checking for CTL. On the other hand, we show that ATL* module-checking of PMS turns out to be 4EX...

In this paper, we introduce and investigate an extension of Halpern and Shoham's interval temporal logic HS for the specification and verification of branching-time context-free requirements of pushdown systems under a state-based semantics over Kripke structures. Both homogeneity and visibility are assumed. The proposed logic, called nested BHS, s...

In this paper, we introduce an automaton-theoretic approach to model checking linear time properties of timeline-based systems over dense temporal domains. The system under consideration is specified by means of (a decidable fragment of) timeline structures, timelines for short, which are a formal setting proposed in the literature to model plannin...

The problem of timeline-based planning (TP) over dense temporal domains is known to be undecidable. In this paper, we introduce two semantic variants of TP, called strong minimal and weak minimal semantics, which allow to express meaningful properties. Both semantics are based on the minimality in the time distances of the existentially-quantified...

In this paper, we investigate the model checking (MC) problem for Halpern and Shoham's modal logic of time intervals (HS) and its fragments, where labeling of intervals is defined by regular expressions. The MC problem for HS has recently emerged as a viable alternative to the traditional (point-based) temporal logic MC. Most expressiveness and com...

We investigate the succinctness gap between two known equally-expressive and different linear-past extensions of standard ATL⁎. We establish by formal non-trivial arguments that the ‘memoryful’ linear-past extension (the history leading to the current state is taken into account) can be exponentially more succinct than the standard ‘local’ linear-p...

We establish the precise complexity of the model checking problem for the main logics of knowledge and time. While this problem was known to be non-elementary for agents with perfect recall, with a number of exponentials that increases with the alternation of knowledge operators, the precise complexity of the problem when the maximum alternation is...

Planning is one of the most studied problems in computer science. In this paper, we consider the timeline-based approach, where the domain is modeled by a set of independent, but interacting, components, identified by a set of state variables, whose behavior over time (timelines) is governed by a set of temporal constraints (synchronization rules)....

We investigate the succinctness gap between two known equally-expressive and different linear-past extensions of standard CTL* and ATL*. We establish by formal non-trivial arguments that the 'memoryful' linear-past extension (the history leading to the current state is taken into account) can be exponentially more succinct than the standard 'local'...

The paper is focused on temporal logics for the description of the behaviour of real-time pushdown reactive systems. The paper is motivated to bridge tractable logics specialized for expressing separately dense-time real-time properties and context-free properties by ensuring decidability and tractability in the combined setting. To this end we int...

In this paper, we address complexity issues for timeline-based planning over dense temporal domains. The planning problem is modeled by means of a set of independent, but interacting, components, each one represented by a number of state variables, whose behavior over time (timelines) is governed by a set of temporal constraints (synchronization ru...

Some temporal properties of reactive systems, such as actions with duration and temporal aggregations, which are inherently interval-based, can not be properly expressed by the standard, point-based temporal logics LTL, CTL and CTL⁎, as they give a state-by-state account of system evolution. Conversely, interval temporal logics—which feature interv...

The paper is focused on temporal logics for the description of the behaviour of real-time pushdown reactive systems. The paper is motivated to bridge tractable logics specialized for expressing separately dense-time real-time properties and context-free properties by ensuring decidability and tractability in the combined setting. To this end we int...

The paper is focused on temporal logics for the description of the behaviour of real-time pushdown reactive systems. The paper is motivated to bridge tractable logics specialized for expressing separately dense-time real-time properties and context-free properties by ensuring decidability and tractability in the combined setting. To this end we int...

Since the 80s, model checking (MC) has been applied to the automatic verification of hardware/software systems. Point-based temporal logics, such as LTL, CTL, CTL⁎, and the like, are commonly used in MC as the specification language; however, there are some inherently interval-based properties of computations, e.g., temporal aggregations and durati...

We introduce Visibly Linear Temporal Logic (VLTL), a linear-time temporal logic that captures the full class of Visibly Pushdown Languages over infinite words. The novel logic avoids fix points and instead provides natural temporal operators with simple and intuitive semantics. We prove that the complexities of the satisfiability and visibly pushdo...

In recent years, model checking with interval temporal logics is emerging as a viable alternative to model checking with standard point-based temporal logics, such as LTL, CTL, CTL*, and the like. The behavior of the system is modeled by means of (finite) Kripke structures, as usual. However, while temporal logics which are interpreted “point-w...

In this paper we introduce and study Event-Clock Nested Automata (ECNA), a formalism that combines Event Clock Automata (ECA) and Visibly Pushdown Automata (VPA). ECNA allow to express real-time properties over non-regular patterns of recursive programs. We prove that ECNA retain the same closure and decidability properties of ECA and VPA being clo...

Cost-parity games are a fundamental tool in system design for the analysis of reactive and distributed systems that recently have received a lot of attention from the formal methods research community.
They allow to reason about the time delay on the requests granted by systems, with a bounded consumption of resources, in their executions.
In this...

In this paper, we investigate the model checking (MC) problem for Halpern and Shoham's interval temporal logic HS. In the last years, interval temporal logic MC has received an increasing attention as a viable alternative to the traditional (point-based) temporal logic MC, which can be recovered as a special case. Most results have been obtained un...

Module checking has been introduced in late 1990s to verify open systems, i.e., systems whose behavior depends on the continuous interaction with the environment. Classically, module checking has been investigated with respect to specifications given as CTL and CTL* formulas. Recently, it has been shown that CTL (resp., CTL*) module checking offers...

In the last years, the model checking (MC) problem for interval temporal logic (ITL) has received an increasing attention as a viable alternative to the traditional (point-based) temporal logic MC, which can be recovered as a special case. Most results have been obtained by imposing suitable restrictions on interval labeling. In this paper, we over...

In this paper, we investigate the finite satisfiability and model checking problems for the logic D of the sub-interval relation under the homogeneity assumption, that constrains a proposition letter to hold over an interval if and only if it holds over all its points. First, we prove that the satisfiability problem for D, over finite linear orders...

We investigate expressiveness issues of Temporal Equilibrium Logic (TEL), a promising nonmonotonic logical framework for temporal reasoning. TEL shares the syntax of standard linear temporal logic LTL, but its semantics is an orthogonal combination of the LTL semantics with the nonmonotonic semantics of Equilibrium Logic. We establish that TEL is m...

In the plethora of fragments of Halpern and Shoham's modal logic of time intervals (HS), the logic AB of Allen's relations Meets and Started-by is at a central position. Statements that may be true at certain intervals, but at no sub-interval of them, such as accomplishments, as well as metric constraints about the length of intervals, that force,...

The model checking problem has thoroughly been explored in the context of standard point-based temporal logics, such as LTL, CTL, and CTL\(^{*}\), whereas model checking for interval temporal logics has been brought to the attention only very recently.
In this paper, we prove that the model checking problem for the logic of Allen’s relations starte...

Stream runtime verification (SRV), pioneered by the tool LOLA, is a declarative formalism to specify synchronous monitors. In SRV, monitors are described by specifying dependencies between output streams of values and input streams of values. The declarative nature of SRV enables a separation between the evaluation algorithms, and the monitor stora...

A general concept of uniform strategies has recently been proposed as a relevant notion in game theory for computer science, which subsumes various notions from the literature. It relies on properties involving sets of plays in two-player turn-based arenas equipped with arbitrary binary relations between plays; these properties are expressed in a l...

Temporal Equilibrium Logic (TEL) is a promising framework that extends the
knowledge representation and reasoning capabilities of Answer Set Programming
with temporal operators in the style of LTL. To our knowledge it is the first
nonmonotonic logic that accommodates fully the syntax of a standard temporal
logic (specifically LTL) without requiring...

Stream runtime verification (SRV), pioneered by the tool LOLA, is a declarative approach to specify synchronous monitors. In SRV, monitors are described by specifying dependencies between output streams of values and input streams of values. The declarative nature of SRV enables a separation between (1) the evaluation algorithms, and (2) the monito...

In the literature, two powerful temporal logic formalisms have been proposed
for expressing information flow security requirements, that in general, go
beyond regular properties. One is classic, based on the knowledge modalities of
epistemic logic. The other one, the so called hyper logic, is more recent and
subsumes many proposals from the literat...

We introduce a robust and tractable temporal logic, we call visibly linear temporal logic (VLTL), which captures the full class of visibly pushdown languages. The novel logic avoids fix points and provides instead natural temporal operators with simple and intuitive semantics. We prove that the complexities of the satisfiability and visibly pushdow...

We investigate the complexity of satisfiability for one-agent refinement modal logic (RML), an extension of basic modal logic (ML) obtained by adding refinement quantifiers on structures. RML is known to have the same expressiveness as ML, but the translation of RML into ML is of nonelementary complexity, and RML is at least doubly exponentially mo...

We investigate uniformity properties of strategies. These properties involve
sets of plays in order to express useful constraints on strategies that are not
\mu-calculus definable. Typically, we can state that a strategy is
observation-based. We propose a formal language to specify uniformity
properties, interpreted over two-player turn-based arena...

We investigate the complexity of satisfiability for one-agent Refinement Modal Logic (\(\text{\sffamily RML}\)), a known extension of basic modal logic (\(\text{\sffamily ML}\)) obtained by adding refinement quantifiers on structures. It is known that \(\text{\sffamily RML}\) has the same expressiveness as \(\text{\sffamily ML}\), but the translati...

We address termination analysis for the class of gap-order constraint systems (GCS), an (infinitely-branching) abstract model of counter machines recently introduced in [8], in which constraints (over ℤ) between the variables of the source state and the target state of a transition are gap-order constraints (GC) [18]. GCS extend monotonicity constr...

In this paper we present refinement modal logic. A refinement is like a
bisimulation, except that from the three relational requirements only 'atoms'
and 'back' need to be satisfied. Our logic contains a new operator 'forall' in
additional to the standard modalities 'Box' for each agent. The operator
'forall' acts as a quantifier over the set of al...

We investigate verification problems for gap-order constraint systems (GCSGCS), an (infinitely-branching) abstract model of counter machines, in which constraints (over ZZ) between the variables of the source state and the target state of a transition are gap-order constraints (GCGC) [32]. GCSGCS extend monotonicity constraint systems [7], integral...

Regular expressions (RE) are an algebraic formalism for expressing regular languages, widely used in string search and as a specification language in verification. In this paper, we introduce and investigate visibly rational expressions (VRE), an extension of RE for the class of visibly pushdown languages (VPL). We show that VRE capture precisely t...

By using the known lower and upper complexity bounds of the coverability problem for vass, we characterize the complexity of the classical backward algorithm for vass coverability, and provide optimal bounds on the size of the symbolic representation it computes.

We investigate the hybrid extension of CaRet, denoted HyCaRet, obtained by adding the standard existential binder operator ∃. We show that the one variable fragment 1-HyCaRet of HyCaRet is expressively complete for the first-order logic FO
μ
which extends FO over words with a binary matching predicate. While all the known FO
μ
-complete and element...

We study in depth the class of games with opacity condition, which are
two-player games with imperfect information in which one of the players only
has imperfect information, and where the winning condition relies on the
information he has along the play. Those games are relevant for security
aspects of computing systems: a play is opaque whenever...

Model checking of open pushdown systems (OPD) w.r.t. standard branching
temporal logics (pushdown module checking or PMC) has been recently
investigated in the literature, both in the context of environments with
perfect and imperfect information about the system (in the last case, the
environment has only a partial view of the system's control sta...

We investigate the complexity of preorder checking when the specification is a flat finite-state system whereas the implementation
is either a non-flat finite-state system or a standard timed automaton. In both cases, we show that simulation checking is
Exptime-hard, and for the case of a non-flat implementation, the result holds even if there is n...

Model checking is a useful method to verify automatically the correctness of a system with respect to a desired behavior, by checking whether a mathematical model of the system satisfies a formal specification of this behavior. Many systems of interest are open, in the sense that their behavior depends on the interaction with their environment. The...

Full linear-time hybrid logic (HL) is a non-elementary and equally expressive extension of standard LTL + past obtained by adding the well-known binder operators ↓ and ∃. We investigate complexity and succinctness issues for HL in terms of the number of variables and nesting depth of binder modalities. First, we present direct automata-theoretic de...

We address the problem of alternating simulation refinement for concurrent timed games (TG). We show that checking timed alternating simulation between TG is EXPTIME-complete, and provide a logical characterization of this preorder in terms of a meaningful fragment of a new logic, TAMTL∗. TAMTL∗ is an action-based timed extension of standard altern...

We study the extension of the full logic CaRet with the unary regular modality N (which reads “from now on”) which allows to model forgettable past. For such an extension, denoted NCaRet, we show the following: (1) NCaRet is expressively complete for the first-order fragment of MSOμ, which extend MSO over words with a binary matching predicate, (2)...

We establish a decidability boundary of the model checking problem for infinite-state
systems defined by Process Rewrite Systems (PRS) or weakly extended Process Rewrite Systems (wPRS), and properties described by basic fragments of action-based Linear Temporal Logic (LTL) with both future and past operators. It is known that the problem for genera...

We establish a decidability boundary of the model checking problem for infinite-state systems defined by Process Rewrite Systems (PRS) or weakly extended Process Rewrite Systems (wPRS), and properties described by basic fragments of action-based Linear Temporal Logic (LTL) with both future and past operators. It is known that the problem for genera...

Full linear-time hybrid logic (HL) is a non-elementary and equally expressive extension of standard LTL + past obtained by adding the well-known binder operators ↓ and ∃. We investigate complexity and succinctness issues for
HL in terms of the number of variables and nesting depth of binder modalities. First, we present direct automata-theoretic de...

.We investigate the complexity of satisfiability and pushdown model-checking of the extension of the logic CaRet with the binary regular modality 'Chop'. We present automata-theoretic decision procedures based on a direct and compositional construction, which for finite (resp., infinite) words require time of exponential height equal to the nesting...

We investigate the complexity of satisfiability and finite-state model-checking problems for the branching-time logic CTL
*lp^*_{lp}
, an extension of CTL* with past-time operators, where past is linear, finite, and cumulative. It is well-known that CTL
*lp^*_{lp}
has the same expressiveness as standard CTL*, but the translation of CTL
*lp^*_{lp}
i...