Polkadot enhances its security and reliability through the GRANDPA(GHOST-based Recursive Ancestor Deriving Prefix Agreement) finalization protocol, which provides deterministic and irreversible block finalization via structured validator voting rounds. Finality is a fundamental component of consensus, as any failure in this process can compromise the integrity and operational continuity of the entire blockchain. Ensuring the safety and correctness of GRANDPA finalization is therefore crucial to prevent critical failures and maintain network trust. This work presents a formal verification study of the GRANDPA finalization mechanism using model checking techniques. The protocol is first analyzed in detail and represented as structured algorithms encompassing authority updates, Pre-Vote, Pre-Commit, vote aggregation, and finalization phases. A comprehensive Promela model is developed to capture the complete behavior of validators and the interactions across voting phases. Key safety properties, including no conflicting finalization and finality irreversibility, are formalized using Linear Temporal Logic (LTL) and systematically verified using the SPIN model checker. During verification, multiple performance and scalability metrics are analyzed, including total states visited, transitions explored, verification time, memory usage, search depth, and property-specific verification complexity. The analysis identifies properties that significantly influence state-space growth, providing insight into the structural complexity and computational demands of the protocol. This study demonstrates the effectiveness of formal model checking for evaluating blockchain consensus protocols and establishes a foundation for future verification efforts, including liveness properties, extended adversarial scenarios, and verification of more complex consensus configurations within the Polkadot ecosystem.

The increasing trend of utilizing AI-based systems in financial information environments, including insurance underwriting, loan approval, and mortgage approval, demands the need for effective ethical governance. This paper proposes a Governance-Aware Ethical Architecture (GAEA) for financial information environments involving AI-based systems. The framework also incorporates an Ethical Constraint Engine for bias mitigation, a risk scoring system for assessing ethical violations in financial decisions, corrigibility functions for ensuring safe human intervention in AI decisions, and a multi-level audit system for supporting transparency and compliance. Continuous monitoring is also enabled through reinforcement learning from human feedback and formal constraints using linear temporal logic. The framework’s performance is also validated through experiments that demonstrate an ethical compliance rate of 87.3%, an alignment robustness value of 0.92 for Cohen’s κ, and an efficiency value of 94.1% for corrigibility.

Autonomous vehicles must obey the rules of the road to safely participate in road traffic. To enforce these rules during motion planning, they are often formalized in temporal logic. Such formalizations need to be very general to cover all possible traffic situations, resulting in large and complex logic formulas. During motion planning, however, we are usually confronted with a concrete scenario in which parts of the formulas may be irrelevant. Since specification-compliant motion planning under complex specifications is computationally challenging, we aim to simplify the traffic rules by removing these irrelevant parts. To this end, we first present a general algorithm that augments linear temporal logic formulas with scenario-specific knowledge. Then, we provide a method for extracting knowledge from traffic scenarios to augment traffic rules. We can formally guarantee that the augmented specification is equivalent to the original formula in the given scenario. Therefore, subsequent motion planning modules that handle temporal logic specifications need only consider the augmented formulas. We benchmark our approach in recorded real-world scenarios to demonstrate that it can significantly accelerate specification-compliant motion planning.

As social networks continue to expand, smart advertising increasingly depends on machine learning to deliver personalized and effective advertisements. Federated Learning (FL) is a distributed learning paradigm that supports privacy-preserving advertising by training models locally while avoiding direct sharing of raw user data. However, ensuring the correctness, reliability, and operational robustness of FL-driven smart advertising systems remains a significant challenge, particularly in distributed and user-facing environments. In this study, we investigate the use of model checking as a formal verification technique for validating key properties of an FL-based smart advertising workflow in social networks. We combine a structured finite-state modeling approach with Linear Temporal Logic (LTL) specifications and model-checking tools to assess correctness, availability, and baseline privacy requirements. Using controlled simulation-based configurations, we show that, for a setup with 100 users and 20 edge servers, the system delivers advertisements to all users and the global model successfully processes 200 out of 200 requests. We further analyze verification overhead through detection-time measurements, observing an increase in average detection time from 10.05 s to 11.98 s as the number of users rises from 20 to 100. These results indicate that the proposed framework can provide practical assurance for FL-enabled smart advertising workflows, support more reliable deployment in distributed intelligent systems, and improve trustworthiness in real advertising applications.

The large states pace of programs makes their direct verification by model checking difficult or impossible. The presence of symmetry in a program often allows simplifying the model and reducing its state space, leading to significant decrease of verification time. The classical approach consists in detecting a symmetry group and constructing a quotient model based on it — a simplified model for verification purposes. However, not all tools provide support for symmetry, and those that do may still struggle because finding an appropriate symmetry group is computationally complex problem. This work proposes an approach to program development based on explicit symmetry exploitation, which is an alternative to the classical one. In the program, a core is extracted — a coordination center working under consideration of symmetry and responsible for ensuring temporal properties. The core coordinates computations outside itself — those placed in the wrapper surrounding the core. As a result, the core has a small state space, replace the quotient model and allows verification using a model checker without symmetry support. The wrapper cannot interfere in the operation of the verified core and violate its properties. The approach is demonstrated by the example of the development and verification of the Mars rover resource arbiter. The arbiter coordinates access of n processes to m resources where both n and m are natural numbers. Programming languages C/C++ and the Spin model checker tool are used. The behavioral model of the core is automatically extracted by the Spin tool from the C code. Temporal properties expressed via Linear Temporal Logic (LTL) are subject to verification.

Cyber–Physical Systems of Systems (CPSoS) integrate autonomous constituent systems to accomplish complex missions. Nonetheless, decentralized coordination and continuous evolution create intricate dependencies that make behavior difficult to analyze. Current semi-formal modeling approaches, despite being easy to understand and widely accessible, lack semantic precision and are not computationally checkable to guarantee time-critical properties. Furthermore, current formal methods are often fragmented: they analyze behavior either at the individual CPS level or the collective CPSoS level, failing to provide a multi-level specification. To address these limitations, we propose an integrated framework combining SysML and Maude rewriting logic. SysML provides structural and behavioral specification capabilities, while Maude enables rigorous semantics, executable models, and formal verification. First, our approach proposes MM-CPSoS, a meta-model that unifies CPS and CPSoS entities with explicit temporal constraints. Dynamic behavior is captured through evolution patterns governing mission progression across both levels. Then, we encode SysML models into Maude as object-oriented configurations and conditional rewrite rules, enabling linear temporal logic (LTL) model checking of temporal properties. Finally, we demonstrate our approach through a Time-Aware Road Crisis Management System (TaRCiMaS2).

Multiagent hierarchical reinforcement learning (MAHRL) has been studied as an effective means to solve intelligent decision problems in complex and large-scale environments. However, most current MAHRL algorithms follow the traditional way of using reward functions in reinforcement learning (RL), which limits their use to a single task. This study aims to design a multiagent cooperative algorithm with logic reward shaping (LRS), which uses a more flexible way of setting the rewards, allowing for the effective completion of multitasks. LRS uses linear-time temporal logic (LTL) to express the internal logic relation of subtasks within a complex task. Then, it evaluates whether the subformulas of the LTL expressions are satisfied based on a designed reward structure. This helps agents to learn to effectively complete tasks by adhering to the LTL expressions, thus enhancing the interpretability and credibility of their decisions. To enhance coordination and cooperation among multiple agents, a value iteration technique is designed to evaluate the actions taken by each agent. Based on this evaluation, a reward function is shaped for coordination, which enables each agent to evaluate its status and complete the remaining subtasks through experiential learning. Experiments have been conducted on various types of tasks in the Minecraft World and Office World. The results demonstrate that the proposed algorithm can improve the performance of multiagents when learning to complete multitasks.

Abstract We study conditions under which transformers using soft attention can simulate hard attention, that is, effectively focus all attention on a subset of positions. First, we examine several subclasses of languages recognized by hard-attention transformers, which can be defined in variants of linear temporal logic. We demonstrate how soft-attention transformers can compute formulas of these logics using unbounded positional embeddings or temperature scaling. Second, we demonstrate how temperature scaling allows softmax transformers to simulate general hard-attention transformers, using a temperature that depends on the minimum gap between the maximum attention scores and other attention scores.

ABSTRACT Partition scheduling plays a crucial role in ensuring temporal determinism and fault isolation in real‐time operating systems. However, its correctness is difficult to guarantee through traditional testing due to the complexity of timing interactions and the need for exhaustive state exploration. Therefore, a rigorous and systematic verification approach is essential to ensure system design correctness under all execution scenarios.This paper presents a formal modeling and verification methodology for partition scheduling in operating systems, based on timed automata. The proposed model is developed and systematically verified using UPPAAL. It comprises four key components–Partition, Scheduler, TimeSynchronizer, and ErrorHandler–which collectively capture task execution flows, scheduling policies, clock synchronization, and fault‐handling mechanisms. A comprehensive set of verification properties is defined using Linear Temporal Logic (LTL) to formally specify the system's temporal behaviors and safety requirements. The verification results confirm that the proposed approach effectively verifies partition switching correctness, time consistency enforcement, and exception recovery. This method provides a rigorous and practical formal foundation for modeling and analyzing real‐time scheduling systems.

In Human–Robot Interaction (HRI), generating robot trajectories that accurately reflect user intentions while ensuring physical realism remains challenging, especially in unstructured environments. In this study, we develop a multimodal framework that integrates symbolic task reasoning with continuous trajectory generation. The approach employs transformer models and adversarial training to map high-level intent to robotic motion. Information from multiple data sources, such as voice traits, hand and body keypoints, visual observations, and recorded paths, is integrated simultaneously. These signals are mapped into a shared representation that supports interpretable reasoning while enabling smooth and realistic motion generation. Based on this design, two different learning strategies are investigated. In the first step, grammar-constrained Linear Temporal Logic (LTL) expressions are created from multimodal human inputs. These expressions are subsequently decoded into robot trajectories. The second method generates trajectories directly from symbolic intent and linguistic data, bypassing an intermediate logical representation. Transformer encoders combine multiple types of information, and autoregressive transformer decoders generate motion sequences. Adding smoothness and speed limits during training increases the likelihood of physical feasibility. To improve the realism and stability of the generated trajectories during training, an adversarial discriminator is also included to guide them toward the distribution of actual robot motion. Tests on the NATSGLD dataset indicate that the complete system exhibits stable training behaviour and performance. In normalised coordinates, the logic-based pipeline has an Average Displacement Error (ADE) of 0.040 and a Final Displacement Error (FDE) of 0.036. The adversarial generator makes substantially more progress, reducing ADE to 0.021 and FDE to 0.018. Visual examination confirms that the generated trajectories closely align with observed motion patterns while preserving smooth temporal dynamics.

I remember the first time I saw an AI agent go off the rails during a demo at the ISBM College Hackathon—it was supposed to handle a simple refund process but ended up “approving” a fake transaction because it lost track midway through the chat. Moments like that highlight the real issue: as Generative AI shifts from just chatting to actually acting in the world with “Agentic” systems, enterprises face this weird reliability crunch. LLMs are amazing at reasoning, sure, but they’re plagued by this shaky unpredictability I call “Logic Drift”—basically, they start veering away from the rules as conversations drag on. That’s why, in this work, I put together “LogicGuard,” a neurosymbolic setup aimed at fixing these slip-ups. It basically layers a solid, rule-based checker around the fuzzy AI brain, using Linear Temporal Logic on Finite Traces (LTLf) to keep things in line. We turn everyday procedure docs into these neat Deterministic Finite Automata (DFA) machines that enforce the rules no matter what. The whole thing breaks down into three parts: a compiler for the rules, a prober to link words to logic symbols, and a gatekeeper that says yes or no to actions. Testing it out in finance, auth, and logistics scenarios, Logic-Guard held steady at about 95% reliability on those marathon tasks where plain agents tanked to under 50%. It edged out four other safety tools by roughly double in handling tricky attacks. That said, we still hit a 5% snag from fuzzy symbol match-ing—I’ll dive into ablations to break down that neurosymbolic headache.

Methods for constructing mental models of intelligent system decisions based on integration of neural network and symbolic components are considered. A method for constructing neurosymbolic representation of mental model has been developed, based on dual-layer neurosymbolic architecture with capability for latent feature identification, significant feature selection, and neural-symbolic transformation mechanism for mapping hidden representations to symbolic concepts. The method includes stages of latent feature extraction, attention-based feature selection, neural-symbolic transformation, directed acyclic graph construction for causal structure representation, and causality verification using linear temporal logic. The method creates conditions for automated identification of individual user mental models with capabilities for their interpretation according to domain specifics, as well as construction of personalized explanations in explainable artificial intelligence systems

This paper explores the construction of an efficient sequent calculus for a selected fragment of porpositional linear temporal logic (PLTL), extending the ideas of classical calculi discussed in [1], and builds upon previous investigations into the issue of loops in PLTL. Unary fragment of PLTL is identified in which formulas can contain at most one outermost ☐ (``always'') operator. Fragments are typically analyzed with the aim of defining more efficient calculi for formulas belonging to the fragment, especially when such an approach is not feasible for the full logic (such a strategy is employed in [3,4]). New or-type rule (⊦ ☐L*) is introduced by the authors. Authors propose newly developed sequent calculus PLTL – F1 for this fragment, which eliminates the need for loop axioms while improving derivation efficiency. Furthermore, the authors also introduce a totally loop-check free sequent calculus PLTL – F3. Elimination of loops was achieved by proving restrictions on the applications of the (⊦ ☐) and (∘) rules.

This article continues the series of works on the development and verification of control programs based on LTL (linear temporal logic) specifications of a special type. Previously, a declarative LTL specification was proposed, which allows describing the behavior of control programs and building program code based on it in the imperative ST language for programmable logic controllers (PLCs). This LTL specification can be directly verified for compliance with specified temporal properties by the model checking method using the nuXmv symbolic verification tool. In general, it is not required to translate the LTL formulas of the specification into another formalism—an SMV specification (code in the input language of the nuXmv tool). The aim of this study is to explore alternative ways of representing the behavioral model of a program that conforms to a declarative LTL specification during its verification using the nuXmv tool. In this article, we transform the declarative LTL specification into various SMV specifications with accompanying changes of formulation of the verification problem, which leads to a significant reduction in time costs when checking temporal properties by using the nuXmv tool. The acceleration of verification is due to the reduction of the state space of the model being verified. The SMV specifications obtained as a result of the proposed transformations specify identical or bisimulational-equivalent transition systems, ensuring the same verification results when replacing one SMV specification with another.

In Consensus layer of Ethereum, the Beacon Chain is the main component that maintains details related to validator status, attestations, penalties, and rewards according to the behavior of validators. A large amount of Ethers (ETH, Ethereum cryptocurrency) of different validators are at stake in Consensus layer of Ethereum right now and any change in ETH value due to slashing or rewards is managed by the Beacon Chain. Beacon Chain is a safety-critical system and any error or bug in it can affect the complete network of Consensus layer of Ethereum. A single mistake can cause a huge loss of ETH on stake and problems such as invalid block insertion and security attacks. The reference implementation of Beacon Chain developed by the Ethereum Foundation gives a complete operational description of the Beacon Chain. In this work, we focus on the formal modeling and verification of reference implementation of the epoch processing of Beacon Chain to ensure that the Beacon Chain epoch mechanism is designed correctly and robustly and that there exists very little chance of any bug. To achieve this goal, we utilize model checking, the most effective technique based on formal methods that is used to ensure the correctness of safety-critical systems. In this work, formal modeling is done for the epoch processing operations of the Beacon Chain using Process Meta Language (PROMELA). For verification purposes, safety properties are defined for each epoch processing operation of the Beacon Chain, and we formalize these properties using Linear Temporal Logic (LTL). Formal models and LTL formulas are given as input to the model checker to check whether these formal models satisfy LTL formulas. The SPIN model checker is utilized for the formal verification of the Beacon Chain.

A context-aware system is a system that adapts its behaviours in response to changes in the system’s environment (i.e., context). Ensuring the correctness of such a system is difficult because the state of the environment changes frequently in an unpredictable manner according to the laws of physics. Hence, formal verification techniques like model-checking and theorem proving do not work in many cases. Runtime Verification (RV) is a lightweight formal verification technique that consists of checking at runtime whether the execution of the system violates the requirements of the system. The Calculus of Context-aware Ambients (CCA) is a process calculus for modelling context-aware systems and reasoning about their behaviours. This paper proposes an RV tool for CCA, called ccaRV. Given a model of a system in CCA and a property of the system written in LTL (Linear Temporal Logic), ccaRV verifies automatically at runtime if the execution of the system violates the property. We propose a semantic approach to RV, where the RV mechanism is defined at the semantics level and not as an add-on. A consequence of this is that there is no need for generating a monitor from the property specification nor for the instrumentation of a system during verification. We define a labelled reduction relation for CCA, where the labels are used to capture the execution traces at the semantics level. Then we extend LTL with spatial operators and context expressions in order to formulate properties about the system context. We use a case study of the MQTT (Message Queue Telemetry Transport) protocol to evaluate the proposed RV approach. The results show that the ccaRV tool is scalable and its decisions are accurate.

Abstract Linear Temporal Logic (LTL) offers a formal way of specifying complex objectives for Cyber-Physical Systems (CPS). In the presence of uncertain dynamics, the planning for an LTL objective can be solved by model-free reinforcement learning (RL). Surrogate rewards for LTL objectives are commonly utilized in model-free RL for LTL objectives. In a widely adopted surrogate reward approach, two discount factors are used to ensure that the expected return (i.e., the cumulative reward) approximates the satisfaction probability of the LTL objective. The expected return then can be estimated by methods using the Bellman updates such as RL. However, the uniqueness of the solution to the Bellman equation with two discount factors has not been explicitly discussed. We demonstrate, through an example, that when one of the discount factors is set to one, as allowed in many previous works, the Bellman equation may have multiple solutions, leading to an inaccurate evaluation of the expected return. To address this issue, we propose a condition that ensures the Bellman equation has the expected return as its unique solution. Specifically, we require that the solutions for states within rejecting bottom strongly connected components (BSCCs) be zero. We prove that this condition guarantees the uniqueness of the solution, first for recurrent states (i.e., states within a BSCC) and then for transient states. Finally, we numerically validate our results through case studies.

We study planning for temporally extended goals expressed in Pure-Past Linear Temporal Logic ( ppltl ) in the context of deterministic (i.e., classical) and fully observable nondeterministic (FOND) domains. ppltl is the variant of Linear-time Temporal Logic on finite traces ( ltl f ) that refers to the past rather than the future. Although ppltl is as expressive as ltl f , we show that it is computationally much more effective for planning. In particular, we show that checking the validity of a plan for a ppltl formula is Markovian. This is achieved by introducing a linear number of additional propositional variables that capture the validity of the entire formula in a modular fashion. The solution encoding introduces only a linear number of new fluents proportional to the size of the ppltl goal and does not require any additional spurious action. We implement our solution technique in a system called Plan4Past , which can be used alongside state-of-the-art classical and FOND planners. Our empirical analysis demonstrates the practical effectiveness of Plan4Past in both classical and FOND problems, showing that the resulting planner performs overall better than other planning approaches for ltl f goals.

This article presents an architectural framework for a runtime-reconfigurable workflow engine capable of live instance migration with preserved temporal integrity. The proposed system enables seamless evolution of workflow definitions while maintaining continuity for in-flight process instances, addressing critical limitations in current Java-based engines. Through a version-aware execution model and graph-based representation, the architecture supports differential analysis between workflow versions and implements sophisticated migration mechanisms. Temporal validation using linear temporal logic ensures that time-based constraints remain valid during transitions, while comprehensive audit capabilities maintain compliance in regulated environments. The framework integrates with existing Java enterprise ecosystems through standardized interfaces and implements optimized storage strategies to minimize performance overhead. Evaluation through an insurance claims case study demonstrates the practical viability of the approach for handling regulatory changes without business disruption. Despite challenges related to semantic gaps and temporal drift, the architecture establishes a foundation for more intelligent workflow evolution through formal modeling and AI-assisted transformation techniques.

Abstract Explainability is emerging as a key requirement for autonomous systems. While many works have focused on what constitutes a valid explanation, few have considered formalizing explainability as a system property. In this work, we approach this problem from the perspective of hyperproperties. We start with a combination of three prominent flavors of modal logic and show how they can be used for specifying and verifying counterfactual explainability in multi-agent systems: With Lewis’ counterfactuals, linear-time temporal logic, and a knowledge modality, we can reason about whether agents know why a specific observation occurs, i.e., whether that observation is explainable to them. We use this logic to formalize multiple notions of explainability on the system level. We then show how this logic can be embedded into a hyperlogic. Notably, from this analysis we conclude that the model-checking problem of our logic is decidable, which paves the way for the automated verification of explainability requirements.