# François Laroussinie's research while affiliated with Paris Diderot University and other places

**What is this page?**

This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

## Publications (82)

Quantified CTL (QCTL) extends the temporal logic CTL with quantifications over atomic propositions. This extension is known to be very expressive: QCTL allows us to express complex properties over Kripke structures (it is as expressive as MSO). Several semantics exist for the quantifications: here, we work with the structure semantics, where the ex...

Quantified CTL (QCTL) extends the temporal logic CTL with quantifications over atomic propositions. This extension is known to be very expressive: QCTL allows us to express complex properties over Kripke structures (it is as expressive as MSO). Several semantics exist for the quantifications: here, we work with the structure semantics, where the ex...

We consider the problem of synthesizing distributed algorithms working on a specific execution context. We show it is possible to use the linear time temporal logic in order to both specify the correctness of algorithms and their execution contexts. We then provide a method allowing to reduce the synthesis problem of finite state algorithms to some...

QCTL extends the temporal logic CTL with quantifications over atomic propositions. This extension is known to be very expressive: QCTL allows us to express complex properties over Kripke structures (it is as expressive as MSO). Several semantics exist for the quantifications: here, we work with the structure semantics, where the extra propositions...

Since the early 1990’s, classical temporal logics have been extended with timing constraints. While temporal logics only express contraints on the order of events, their timed extensions can add quantitative constraints on delays between those events. We survey expressiveness and algorithmic results on those logics, and discuss semantic choices tha...

Alternating-time temporal logic with strategy contexts (ATLsc) is a powerful
formalism for expressing properties of multi-agent systems: it extends CTL with
strategy quantifiers, offering a convenient way of expressing both
collaboration and antagonism between several agents. Incomplete observation of
the state space is a desirable feature in such...

We study the extension of the alternating-time temporal logic (ATL) with strategy contexts: contrary to the original semantics, in this semantics the strategy quantifiers do not reset the previously selected strategies.We show that our extension ATLsc is very expressive, but that its decision problems are quite hard: model checking is k-EXPTIME-com...

While it was defined long ago, the extension of CTL with quantification over
atomic propositions has never been studied extensively. Considering two
different semantics (depending whether propositional quantification refers to
the Kripke structure or to its unwinding tree), we study its expressiveness
(showing in particular that QCTL coincides with...

Various extensions of the temporal logic ATL have recently been introduced to
express rich properties of multi-agent systems. Among these, ATLsc extends ATL
with strategy contexts, while Strategy Logic has first-order quantification
over strategies. There is a price to pay for the rich expressiveness of these
logics: model-checking is non-elementar...

http://drops.dagstuhl.de/opus/volltexte/2013/4174/

This paper presents a range of quantitative extensions for the temporal logic
CTL. We enhance temporal modalities with the ability to constrain the number of
states satisfying certain sub-formulas along paths. By selecting the
combinations of Boolean and arithmetic operations allowed in constraints, one
obtains several distinct logics generalizing...

While it was defined long ago, the extension of CTL with quantification over atomic propositions has never been studied extensively. Considering two different semantics (depending whether propositional quantification refers to the Kripke structure or to its unwinding tree), we study its expressiveness (showing in particular that QCTL coincides with...

The timed modal logic L ν has been proposed in order to express timed properties over real-time systems modeled as (composi-tions of) timed automata. In this paper, we present a short survey of results about L ν : complexity of model checking, expressivity, composi-tional methods, relationship with strong timed bisimulation etc. We also show how L...

We study the alternating-time temporal logics ATL and ATL ? extended with strategy contexts: these make agents commit to their strategies during the evaluation of formulas, contrary to plain ATL and ATL ? where strategy quantifiers reset previously selected strategies. We illustrate the important expressive power of strategy contexts by proving tha...

This paper presents a quantitative extension for the linear-time temporal logic LTL allowing to specify the number of states satisfying certain sub-formulas along paths. We give decision procedures for the satisfiability and model checking of this new temporal logic and study the complexity of the corresponding problems. Furthermore we show that th...

Modelling based on probabilistic inference can be used to estimate the quality of information delivered by a military sensor network. Different modelling tools have complementary characteristics that can be leveraged to create an accurate model open ...

Introduction Timed automata Decision procedure for checking reachability Other verification problems Some extensions of timed automata Subclasses of timed automata Algorithms for timed verification The model-checking tool Uppaal Bibliography

In this paper, a timed modal logic L
c
is presented for the specification and verification of real-time systems. Several important results for L
c
are discussed. First we address the model checking problem and we show that it is an EXPTIME-complete problem. Secondly we consider expressiveness and we explain how to express strong timed bisimilarity...

We extend the alternating-time temporal logics ATL and ATL* with strategy contexts and memory constraints: the first extension makes strategy quantifiers to not “forget” the strategies being executed by the other players. The second
extension allows strategy quantifiers to restrict to memoryless or bounded-memory strategies.
We first consider expr...

Probabilistic timed automata are an extension of timed automata with discrete
probability distributions. We consider model-checking algorithms for the
subclasses of probabilistic timed automata which have one or two clocks.
Firstly, we show that PCTL probabilistic model-checking problems (such as
determining whether a set of target states can be re...

ATL is a temporal logic geared towards the specification and verification of properties in multi-agents systems. It allows to reason on the existence of strategies for coalitions of agents in order to enforce a given property. In this paper, we first precisely characterize the complexity of ATL model-checking over Alternating Transition Systems and...

We propose a new model for timed games, based on concurrent game structures (CGSs). Compared to the classical timed game automata of Asarin et al. [8], our timed CGSs are “more concurrent”, in the sense that they always allow all the agents to act on the system, independently of the delay they want to elapse before their action. Timed CGSs weaken t...

This paper studies the structural complexity of model checking for (variations on) the specification formalisms used in the
tools CMC and Uppaal, and fragments of a timed alternation-free μ-calculus. For each of the logics we study, we characterize the computational complexity of model checking, as well as its
specification and program complexity,...

Probabilistic timed automata are an extension of timed automata with discrete probability distributions. We consider model-checking
algorithms for the subclasses of probabilistic timed automata which have one or two clocks. Firstly, we show that Pctl probabilistic model-checking problems (such as determining whether a set of target states can be re...

We show that the problem of reaching a state set with probability 1 in probabilistic- nondeterministic systems operating in parallel is EXPTIME-complete. We then show that this probabilistic reachability problem is EXPTIME-complete also for probabilistic timed automata.

Among the branching-time temporal logics used for the specification and verification of systems, CTL+, FCTL and ECTL+ are the most notable logics for which the precise computational complexity of model checking is not known. We answer this
longstanding open problem and show that model checking these (and some related) logics is Δ
Stackp
stack2-com...

LNCS 4218, http://dx.doi.org/10.1007/11901914_26 In previous work, the timed logic TCTL was extended with an “almost everywhere” Until modality which abstracts negligible sets of positions (i.e. with a null duration) along a run of a timed automaton. We propose here an extension of this logic with more powerful modalities, in order to specify prope...

In model checking, the state-explosion problem occurs when one checks a nonflat system, i.e., a system implicitly described as a synchronized product of elementary subsystems. In this paper, we investigate the complexity of a wide variety of model-checking problems for nonflat systems under the light of parameterized complexity, taking the number o...

In this paper, we apply a compositional proof technique to an automatic verification of the correctness of Fischer's mutual exclusion protocol. It is demonstrated that the technique may avoid the stateexplosion problem. Our compositional technique has recently been implemented in a tool CMC 5, which verifies the protocol for 50 processes within 172...

We consider model checking of timed temporal formulae in durational transition graphs (DTGs), i.e., Kripke structures where transitions have integer durations. Two semantics for DTGs are presented and motivated. We consider timed versions of CTL where subscripts put quantitative constraints on the time it takes before a property is satisfied.We exh...

We present a compositional model checking technique for networks of timed automata. This method is based on the same idea as the recent method proposed by Andersen [4] for untimed case. We present a quotient construction, which allows timed automata components to be gradually moved from the network expression into the specification. The intermediat...

Timed automata (TA) are a widely used model for real-time systems. Several tools are dedicated to this model, and they mostly implement a forward analysis for checking reachability properties. Though diagonal constraints do not add expressive power to classical TA, the standard forward analysis algorithm is not correct for this model. In this paper...

LNCS 3653, http://dx.doi.org/10.1007/11539452_12 The context of this study is timed temporal logics for timed automata. In this paper, we propose an extension of the classical logic TCTL with a new Until modality, called “Until almost everywhere”. In the extended logic, it is possible, for instance, to express that a property is true at all positio...

In this paper we use the timed modal logic L
v
to specify control objectives for timed plants. We show that the control problem for a large class of objectives can be reduced to a model-checking problem for an extension (\(L^{cont}_v\)) of the logic L
v
with a new modality.
More precisely we define a fragment of L
v
, namely \(L^{det}_v\), such tha...

We consider model-checking algorithms for durational probabilistic systems, which are systems exhibiting nondeterministic, probabilistic and discrete-timed behaviour. We present two semantics for durational probabilistic systems, and show how formulae of the probabilistic and timed temporal logic PTCTL can be verified on such systems. We also addre...

We consider model-checking algorithms for durational probabilistic systems, which are systems exhibiting nondeterministic, probabilistic and discrete-timed behaviour. We present two semantics for durational probabilistic systems, and show how formulae of the probabilistic and timed temporal logic PTCTL can be verified on such systems. We also addre...

In this paper, we study model checking of timed automata (TAs), and more precisely we aim at finding efficient model checking
for subclasses of TAs. For this, we consider model checking TCTL and TCTL ≤,≥ over TAs with one clock or two clocks.
First we show that the reachability problem is NLOGSPACE-complete for one clock TAs (i.e. as complex as re...

We consider quantitative model checking in durational Kripke structures (Kripke structures where transitions have integer durations) with timed temporal logics where subscripts put quantitative
constraints on the time it takes before a property is satisfied.
We investigate the conditions that allow polynomial-time model checking algorithms for tim...

In model checking, the state explosion problem occurs when one verifies a non-flat system, i.e. a system described implicitly as a synchronized product of elementary subsystems. In this paper, we investigate the
complexity of a wide variety of model checking problems for non-flat systems under the light of parameterized complexity, taking the numbe...

We investigate NLTL, a linear-time temporal logic with forgettable past. NLTL can be exponentially more succinct than LTL+Past (which in turn can be more succinct than LTL). We study satisfiability and model checking for NLTL and provide optimal automata-theoretic algorithms for these EXPSPACE-complete problems.

We consider quantitative model checking in durational Kripke structures (Kripke structures where transitions have integer du- rations) with timed temporal logics where subscripts put quantitative constraints on the time it takes before a property is satised. We investigate the conditions that allow polynomial-time model check- ing algorithms for ti...

One of the most successful techniques for automatic verification is that
of model checking. For finite automata there exist since long extremely
efficient model-checking algorithms, and in the last few years these algorithms have been made applicable to the verification of real-time automata using the region-techniques of Alur and Dill.
In this pap...

Spin is a tool mainly developed by G. J. Holzmann at Bell Labs, Murray Hill, New Jersey, USA. SPIN was designed for simulation and verification of distributed algorithms It is freely available via Internet 1.

Examples abound: “any request will ultimately be satisfied” (L1), or “by keeping on trying, one will eventually succeed” (L2), or “if we call on the elevator, it is bound to arrive eventually” (L3), or “the light will turn green” (L4), or finally “after the rain, the sunshine” (L5).

Examples abound in practice: “we can obtain n < 0” (R1), “we can enter a critical section” (R2).

Generally speaking, symbolic model checking refers to any model checking method which would attempt to represent symbolically (as opposed to “explicitly”) the states and transitions of an automaton targeted for verification. We often use this term, as well, to refer to a particular symbolic method in which Binary Decision Diagrams (BDD) are used to...

Again here examples abound: “the gate will be raised infinitely often” (F1), “if access to a critical section is infinitely often requested, then access will be granted infinitely often” (F2), etc. Remember that (F2) did not hold for the printer manager from section 1.3.

In this chapter we describe the principles underlying the algorithms used for model checking, that is, the algorithms which can find out whether a given automaton satisfies a given temporal formula.

By “abstraction methods” we mean a family of techniques which are used to simplify automata. The term abstraction refers to the nature of the simplifications performed, which generally consist in ignoring some aspects of the automaton involved.

Deadlock-freeness is a special property, stating that the system can never be in a situation in which no progress is possible. This is a correctness property relevant for systems that are supposed to run indefinitely. In a more general framework, a set of properly identified final states will be required to be deadlock-free.

Kronos allows us to analyze timed automata. It is developed at VERIMAG 1 by S. Yovine, A. Olivero, C. Daws and S. Tripakis, and is available on the Internet 2.

SMV has been developed by K. L. McMillan under the guidance of E. M. Clarke at Carnegie-Mellon University (Pittsburgh, PA, USA). It performs (BDD-based) symbolic model checking of CTL formulae on networks of automata with shared variables. The tool is available via the Internet 1.

As mentioned in the foreword, model checking consists in verifying some properties of the model of a system. Before any checking can begin, one is thus confronted with the task of modeling the system under study. To be honest, we stress that this modeling step is difficult, and yet crucial to the relevance of the results subsequently obtained. No u...

HyTech allows one to analyze linear hybrid automata. It was developed by T. A. Henzinger, P.-H. Ho and H. Wong-Toi, at Cornell University, and improvements were added at the University of California, Berkeley, and is available on the Internet1.

Design/CPN was initially developed by Meta Software Corp., Cambridge MA, USA, and the Cpn
Group at the University of Århus, Denmark. Now, distributed and maintained by the Cpn
Group, the tool is free of charge and used by more than six hundred organizations, (a hundred of which are industrial) in fifty countries. It is available on the Internet 1.

Motivation. Let us return to the elevator example. Suppose that the requirements of the elevator includes the following properties:
any elevator request must ultimately be satisfied;
the elevator never traverses a floor for which a request is pending without satisfying this request.

Uppaal is being developed jointly by the Basic Research in Computer Science laboratory at Aalborg University in Denmark and the Department of Computer Systems at Uppsala University in Sweden, mainly by W. Yi, K. G. Larsen and P. Pettersson. Uppaal is an integrated tool environment for modeling, simulating and verifying real-time systems. It is free...

As we have seen in chapter 1, classical automata can model the sequencing of the actions in a network, for example “trigger the alarm action upon detection of a problem”. This temporal sequencing conveys no quantitative information on the delay between two actions. It is therefore not possible to directly model the triggering of an alarm less than...

Examples are everywhere, most often without conditions: “both processes will never be in their critical section simultaneously 1” (S1), or “memory overflow will never occur” (S2), or “the situation.. is impossible” (S3). An example of safety with condition is “as long as the key is not in the ignition position, the car won’t start” (S4).

In this paper we present a semi-algorithm to do compositional model-checking for hybrid systems. We first define a modal logic L h which is expressively complete for linear hybrid automata. We then show that it is possible to extend the result on compositional modelchecking for parallel compositions of finite automata and networks of timed automata...

In this paper we present a semi-algorithm to do compositional model-checking for hybrid systems. We first define a modal logic $L_nu$ which is expressively complete for linear hybrid automata. We then show that it is possible to extend the result on compositional model-checking for parallel compositions of finite automata and networks of timed auto...

We show that any relation between the simulation preorder and bisimilarity is EXPTIME-hard when systems are given as networks
of finite state systems (or equivalently as automata with boolean variables, etc.). We also show that any relation between
trace inclusion and ready trace equivalence or possible-futures equivalence is EXPSPACE-hard for thes...

We investigate extensions of CTL allowing to express quantitative requirements about an abstract notion of time in a simple discrete-time framework, and study the expressive power of several relevant logics. When only subscripted modalities are used, polynomial-time model checking is possible even for the largest logic we consider, while the introd...

This paper studies the structural complexity of model checking for several timed modal logics presented in the literature. More precisely, we consider (variations on) the specification formalisms used in the tools CMC and Uppaal, and fragments of a timed μ-calculus. For each of the logics, we characterize the computational complexity of model check...

In this paper we present a tool (CMC) for compositional modelchecking of real-time systems. CMC is based on a completely different method compared to existing real-time verification tools (HYTECH, KRONOS, UPPAAL) . After a description of the method, we illustrate its efficiency by considering two examples : the Fischer's mutual exclusion protocol a...

. In this paper, we apply a compositional proof technique to an automatic verification of the correctness of Fischer's mutual exclusion protocol. It is demonstrated that the technique may avoid the state-- explosion problem. Our compositional technique has recently been implemented in a tool CMC 5 , which verifies the protocol for 50 processes with...

A major problem in applying model checking to finite-state systems
is the potential combinatorial explosion of the state space arising from
parallel composition. Solutions of this problem have been attempted for
practical applications using a variety of techniques. Recent work by Andersen
[And95] proposes a very promising compositional model checki...

We present a new and quite surprising result about theexpressive power of the 9 U and 8 U combinators inCTL.1 The CTL logicCTL, the Computation Tree Logic proposed in [2] hasbeen widely considered in literature for the specificationof reactive systems [6, 5]. CTL is paradigmatic inthe field of branching-time temporal logic because it admitsefficien...

We propose meaning-preserving translations between LB, LU and Lsb (three modal logics in full agreement with branching bisimulation), thus proving that they all have the same expressivity. The translations can be implemented and have potential applications in the automated analysis of reactive systems. In this work the main difficulty is that LB us...

We extend the classical hierarchy of branching-time temporal logics between UB and CTL
* by studying which additional expressive power (if any) stems from the incorporation of past-time modalities. In addition, we propose a new temporal combinator, N for Now, that brings new and interesting expressive power. In several situations, non-trivial trans...

Modal logics are an important tool in the analysis, specification and verification of reactive systems [12]. Among many other applications, logics like HML have been used as a benchmark for semantic equivalences [9], as the specification language used in model checking tools [1], and as a language in which to explain why two systems are not semanti...

We extend the framework of ATL model-checking to “simply timed” concurrent game structures, i.e., multi-agent structures where each transition carry an integral duration (or interval thereof). While the case of single durations
is easily handled from the semantics point of view, intervals of durations raise several interesting questions. Moreover s...

In this paper, we define a timed logic L
v
which is sufficiently expressive that we for any timed automaton may construct a single characteristic L
v
formula uniquely characterizing the automaton up to timed bisimilarity.
Also, we prove decidability of the satisfiability problem for L
v
with respect to given bounds on the number of clocks and const...

In this paper, we consider priced (or weighted) timed au-tomata, and prove various decidability results when the au-tomaton has only one clock: we prove that model check-ing of WCTL is decidable and that optimal costs in priced timed games are computable. In contrast, it has recently been proved that these problems are undecidable for this model as...

This paper introduces some background on (propositional) temporal logics, as well as some of the expressiveness results that will be presented during the course. The material used during the lecture is available at http://www.lsv.ens-cachan.fr/ markey/ESSLLI06/.

## Citations

... A transition between any two states will be influenced by the satisfaction of clock constraints in the respective states. There has been significant work in the formulation of timed temporal logic frameworks [33]. Metric interval temporal logic (MITL) [11] is one such fragment that allows for the specification of formulas that explicitly depend on time. ...

... But, among of the ways, there are three main three approaches such as Model-checking, simulation and mathematical approaches. Model check approaches [13] only can provide possible end-toend delay which is not exact of the real-world. Simulation [14] is more convenient approaches for end-to-end delay analysis but it has only one restriction which is worst-case end-to-end delay calculation. ...

... HyTECH is recommended for verification of mission critical systems. However, the tool is limited to verification of small systems [41] and linear hybrid systems [42]. Some of the limitations have been overcome by HyTECH+ tool [42] which is an extension to the classical HyTECH. ...

... It is based on the theory of timed automata [21]. Interested readers are referred to [20,22] for more details on UPPAAL. Every UPPAAL model is characterized by: ...

... SPIN [33], COSPAN [34], SMV [35]). Of these languages, FSMs are most extensively used in SMV, which provides case/switch constructs for low-level description of finite automata [36]. It also provides the ability to create networks of communicating state machines. ...

... Formal languages for expressing strategic abilities of rational agents have witnessed a steady growth in recent years [1,2,3]. Among the most significant contributions we mention Alternating-time Temporal Logic [4,5], (possibly enriched with strategy contexts [6]), Strategy Logic [7,8], and Coalition Logic [9]. These languages allow to express that a group of agents has a strategy to enforce a certain outcome, regardless of the behavior of the other agents. ...

... Among the works putting together temporal logic and asynchronous systems, a prominent line is represented by the works on ATL, already introduced in Sec. 4. After its introduction in [9], many authors proposed extensions for it, by providing interpretation of this logic with bounded or no memory (imperfect recall), and partial observability (imperfect information) [5,11,16]. Complexity and decidability results were proved for these semantics [5,17], and some heuristics where proposed to improve the performances of the algorithms in practice [18]. ATL is interpreted over concurrent game structures ( [9,5]), or interleaved interpreted systems ( [19,10]). ...

... On trees (i.e. QCTL t ), the problem is Tower-complete [29]. Consequently, it is natural to ask ourselves why the additional features made the problem harder. ...

... Our work builds on a prototype of a FOL/LTL contract formalism [30], which we extend by providing a full-fledged language (as opposed to a stitching of two statements) with a sound verification algorithm and a plugin system. Logics, Satisfiability, Model Checking This paper is related to quantified Computation Tree Logic (QCTL) [31] and well-researched combinations of firstorder logic (FOL) [32] and linear temporal logic (LTL) [33], going back to the seminal work of Manna and Pnueli [34] on first-order LTL, which has been instantiated in many contexts [35,36]. Typically, such work focuses classical properties of logics and algorithms, such as decidability and complexity.We, instead, focus on expressiveness and modularity -practical concerns for CPS. ...

... Even though an execution trace is always a sequence containing information on the execution of a model, it appears that there is a large number of kinds of execution traces. In the context of state-based model checking, Baier et al. [5] defines an execution as an alternating sequence of states and actions, and a trace as a sequence of sets of valid atomic propositions -each set corresponding to a given state. This formal definition hence considers that a trace only contains a subset of the information that defines an execution. ...