• Contribution to an IEC 60848 GRAFCET-based formal development process of control code. • Literature-based collection of properties relevant for verification. • Novel static analysis approach of GRAFCET using abstract interpretation. • Comparison of a model checking and a static analysis approach. Within the area of industrial control design, the standardized, graphical modeling language GRAFCET (IEC 60848) can be used not only for the specification of controllers, but also for model-driven development of control code. To this end, syntactical and semantic correctness of the model specified in GRAFCET is critical in order to obtain programs for PLCs that behave accordingly. To achieve this goal, this paper summarizes results of a research project investigating a tool chain for the formal verification of GRAFCET. This paper summarizes relevant properties to ensure correctness and two ways of inspecting the behavior of GRAFCET instances in order to check for these semantic properties are presented: one using static analysis techniques and one employing model checking, while discussing new details regarding static analysis techniques of concurrent elements in the models. By evaluating and comparing these two approaches, their respective strengths and weaknesses are assessed.

Micro-ultrasound (micro-US; 29-MHz) offers real-time, high-resolution prostate imaging, but its stand-alone diagnostic accuracy remains uncertain. We synthesized prospective evidence to evaluate micro-US for classifying clinically significant prostate cancer (csPCa) using histopathology as the reference standard. We searched PubMed, Embase, Scopus, and Web of Science (inception-20 May 2025) for prospective studies assessing micro-US as an index test on a diagnostic pathway. Data were pooled using random-effects models on logit-transformed sensitivity and specificity, with an HSROC representation and model diagnostics. Subgroup and meta-regression analyses explored heterogeneity, including threshold (PRI-MUS) and spectrum effects. Clinical utility was appraised using Fagan nomograms and a likelihood-ratio scatter. Small-study effects were evaluated with Deeks' test. Five prospective studies met criteria. Pooled sensitivity was 0.84 (95% CI 0.65-0.94) and pooled specificity was 0.41 (95% CI 0.25-0.59), indicating moderate discrimination on HSROC. Secondary metrics were concordant (PLR 1.45, 95% CI 1.17-1.80; NLR 0.37, 95% CI 0.23-0.61; DOR 3.95, 95% CI 2.48-6.30). On a 25% pre-test probability, the Fagan nomogram showed modest shifts (~ 33% after a positive test; ~11% after a negative), supporting a triage/rule-out role. Heterogeneity was substantial and strongly influenced by threshold and clinical spectrum differences; subgroup and meta-regression suggested that spectrum-related factors were associated with lower specificity, whereas no covariate robustly altered sensitivity (exploratory given small k). Model checks were acceptable, and Deeks' test showed no evidence of small-study effects (p ≈ 0.70). As a stand-alone index test for csPCa classification, micro-US demonstrates high sensitivity but low specificity, yielding modest impact on post-test probability. These findings support micro-US as a complementary/triage (rule-out) adjunct, particularly when mpMRI is unavailable, contraindicated, or delayed, while highlighting the need for standardized PRI-MUS thresholds, reader training, and larger multicenter studies to refine specificity and clarify integration with MRI-based pathways.

• Introduces a novel methodological framework that integrates CBS-based multi-agent path finding with probabilistic model checking. • Employs an MDP model to represent multi-agent path execution process, refines model by proposed adjustment solutions, and leverages PRISM for formal verification. • Evaluate the reliability of multi-agent path execution and the robustness of adjustment solutions under stochastic environments. Multi-agent pathfinding and its reliable execution in stochastic environments represent a critical challenge for real-world applications, demanding both the planning of efficient paths and the formal assurance of safe, conflict-free operation. This paper introduces a novel methodology framework to address this dual requirement. To maximize operational efficiency, we introduce a strategy for optimal goal allocation for team collaboration, integrating it with the conflict-based search algorithm to minimize the total move counts required for mission completion. The second component is an integrated verification process grounded in probabilistic model checking. We model the multi-agent path execution process under stochastic uncertainties using a Markov decision process. By leveraging the probabilistic model checker and probabilistic computation tree logic, the framework formally verifies critical safety properties, ensuring conflict-free and deadlock-free path execution. Furthermore, it evaluates the effectiveness of proposed behavioral constraints designed to mitigate stochastic delays, thereby verifying the overall system safety. By fusing multi-agent planning, probabilistic reasoning, and formal logic-based verification, the proposed framework establishes a foundation amenable to natural extension for addressing multi-agent decision-making and uncertainty estimation. Case study results demonstrate that our methodology effectively selects the pathfinding solution with the minimum move count while significantly enhancing overall system safety through these formally verified behavioral constraints.

This paper presents a portion of recent research outcomes from the LoLiPoP-IoT Chips JU project, which focuses on developing sustainable, long-life IoT platforms by integrating advanced energy harvesting, intelligent energy management strategies, and low-power HW/SW co-design techniques to optimize battery longevity with the intention of reducing the economic and ecological impacts of frequent battery replacements. The main objective of this research is to investigate how integrated energy harvesting, adaptive power management, and efficient data-processing techniques can significantly extend battery lifetime while maintaining performance and usability in real IoT deployments. Unlike many existing studies that address isolated aspects of low-power IoT design, this work provides a comprehensive and practical approach that combines energy harvesting dimensioning, including simulation of the deployment environment, real HW power profiling, adaptive energy planning algorithms, predictive maintenance modeling, and their deployment on resource-constrained devices. The holistic integration of available technologies with newly designed approaches, such as dynamic energy scheduling, enables improvements in the overall IoT experience and a more sustainable usage. Experimental results demonstrate several outcomes. The proposed dynamic energy planning framework, particularly the “Slope” algorithm, can extend battery lifetime by up to five times compared to baseline operation. If full energy autonomy is required, the photovoltaic panel area can be reduced by approximately 77 %. Our developed simulation toolkit enables accurate estimation of energy consumption and optimal sizing of photovoltaic harvesters, while predictive maintenance models based on statistical model checking enable forecasting fault probabilities of factory equipment based on collected data. Furthermore, we conducted experiments to confirm that optimized machine-learning models can achieve high accuracy with reduced memory footprint and inference time on embedded IoT platforms.

Inspired by recommendations commonly encountered in introductory statistics classes to perform model checking and make modeling decisions based on visual inspections of diagnostic plots, we implemented and administered a survey on interpretation of a variety of diagnostic plots across multiple settings. We summarize the patterns in the answers provided by more than 300 undergraduate and graduate students enrolled in statistic courses via a mixed effects model exploring the impact of different data-generating settings and various plot features. Notably, we find that the students surveyed here are comparable to random chance at making the correct decisions on the basis of the plots they were shown. The implications of this uncertainty and the lack of reproducibility introduced by the model checking/model selection process are explored in depth in one of the settings presented to demonstrate the consequences of using subjective and frequently sub-optimal human judgments to make modeling choices.

Polkadot enhances its security and reliability through the GRANDPA(GHOST-based Recursive Ancestor Deriving Prefix Agreement) finalization protocol, which provides deterministic and irreversible block finalization via structured validator voting rounds. Finality is a fundamental component of consensus, as any failure in this process can compromise the integrity and operational continuity of the entire blockchain. Ensuring the safety and correctness of GRANDPA finalization is therefore crucial to prevent critical failures and maintain network trust. This work presents a formal verification study of the GRANDPA finalization mechanism using model checking techniques. The protocol is first analyzed in detail and represented as structured algorithms encompassing authority updates, Pre-Vote, Pre-Commit, vote aggregation, and finalization phases. A comprehensive Promela model is developed to capture the complete behavior of validators and the interactions across voting phases. Key safety properties, including no conflicting finalization and finality irreversibility, are formalized using Linear Temporal Logic (LTL) and systematically verified using the SPIN model checker. During verification, multiple performance and scalability metrics are analyzed, including total states visited, transitions explored, verification time, memory usage, search depth, and property-specific verification complexity. The analysis identifies properties that significantly influence state-space growth, providing insight into the structural complexity and computational demands of the protocol. This study demonstrates the effectiveness of formal model checking for evaluating blockchain consensus protocols and establishes a foundation for future verification efforts, including liveness properties, extended adversarial scenarios, and verification of more complex consensus configurations within the Polkadot ecosystem.

Formal verification using temporal logics such as computation tree logic (CTL) is essential for validating safety and correctness in complex systems. However, traditional model-checking techniques face severe scalability limitations due to the state explosion problem and their reliance on exhaustive symbolic traversal. Moreover, existing learning-based verification methods often lack formal guarantees and interpretability. These challenges create a pressing need for scalable, learning-based verification methods that preserve verification reliability while improving computational efficiency. This article introduces a novel deep reinforcement learning (DRL)-based model checking framework that learns to verify CTL formulas directly through interaction with system models. Unlike traditional symbolic model checkers such as NuSMV, the proposed DRL-CTL checker trained using proximal policy optimization (PPO) interprets CTL semantics over system models represented as Kripke structures without performing symbolic state-space traversal at inference time. Reward functions are designed for individual CTL operators, and fixed-point reasoning is incorporated to handle global temporal properties such as $AG(\phi)$ and $EG(\phi)$ . Experimental results show that the proposed method achieves near-constant inference time of approximately 2 ms per formula on an Intel Core i9-13900K CPU (24 cores, 3.0 GHz), 64 GB RAM, NVIDIA RTX 4090 GPU (24 GB VRAM), reduces verification time by up to 90% compared with traditional model checkers, and scales to models with more than $10^{1192}$ reachable states. The framework also produces witnesses and counterexamples and yields verification outcomes identical to those of symbolic checkers in our experiments. These results highlight the potential of DRL to serve as a scalable, efficient, and explainable alternative to classical CTL model checking.

Enterprise architecture (EA) principles provide normative guidance for architectural evolution, yet validating whether EA models comply with such principles is typically performed manually and does not scale to continuous governance. This paper presents an ontology-based validation approach that enables automated compliance checking of ArchiMate models against EA principles. The approach (i) creates ontology-native representations of ArchiMate models grounded in an enterprise knowledge graph, (ii) structures natural-language principles using SBVR Structured English to reduce ambiguity and support traceability, (iii) enriches the resulting knowledge graph with inferred architectural relations through derivation rules, and (iv) operationalizes validation using SHACL constraints and SPARQL queries that produce explainable violation reports linked to concrete model elements. The approach is developed following Design Science Research and evaluated in three case studies (two real-world organizational settings and one controlled educational setting). The evaluation demonstrates that the approach supports repeatable execution of principle checks on evolving models, improves traceability of violations for architecture review and decision-making, and reduces manual effort by shifting substantial parts of compliance checking from human interpretation to automated constraint validation.

Effective test case generation is crucial for ensuring software correctness, whereas generating high-coverage test suites efficiently remains a challenge. Graph transformations provide a formal way to specify and analyse software systems by modeling system operations as transformation rules and constructing a state-based representation of system behavior. Model-based testing (MBT) often uses model checking over this representation to discover execution paths that satisfy certain test requirements. However, such approaches suffer from severe scalability issues due to the rapid growth of the state space and the high computational cost of exhaustive exploration. While optimization-based approaches mitigate these issues by exploring a reduced portion of the state space, they still struggle to scale effectively. MBT approaches using graph transformation faces the same scalability and often face additional challenges due to the richer structural complexity of graph-based models. However, apart from the behavioral information derived from state transitions, graph transformation systems also encode explicit structural relationships between states and transformation rules. These structural characteristics can be used to define and evaluate test objectives. To exploit this, we propose a novel approach based on deep reinforcement learning to generate test suites for systems specified through graph transformations. We use the reward/penalty mechanism of reinforcement learning to optimize the selection of moves within the state space, enabling the generation of test cases based on prior decisions. Our goal is to achieve greater coverage of test objectives while minimizing the size of the test cases. The method has been implemented in GROOVE, an open-source toolset for designing and model checking graph transformation systems. Experimental results on well-known case studies demonstrate that our approach achieves higher coverage with reduced computational cost compared to state-of-the-art techniques.

As social networks continue to expand, smart advertising increasingly depends on machine learning to deliver personalized and effective advertisements. Federated Learning (FL) is a distributed learning paradigm that supports privacy-preserving advertising by training models locally while avoiding direct sharing of raw user data. However, ensuring the correctness, reliability, and operational robustness of FL-driven smart advertising systems remains a significant challenge, particularly in distributed and user-facing environments. In this study, we investigate the use of model checking as a formal verification technique for validating key properties of an FL-based smart advertising workflow in social networks. We combine a structured finite-state modeling approach with Linear Temporal Logic (LTL) specifications and model-checking tools to assess correctness, availability, and baseline privacy requirements. Using controlled simulation-based configurations, we show that, for a setup with 100 users and 20 edge servers, the system delivers advertisements to all users and the global model successfully processes 200 out of 200 requests. We further analyze verification overhead through detection-time measurements, observing an increase in average detection time from 10.05 s to 11.98 s as the number of users rises from 20 to 100. These results indicate that the proposed framework can provide practical assurance for FL-enabled smart advertising workflows, support more reliable deployment in distributed intelligent systems, and improve trustworthiness in real advertising applications.

The large states pace of programs makes their direct verification by model checking difficult or impossible. The presence of symmetry in a program often allows simplifying the model and reducing its state space, leading to significant decrease of verification time. The classical approach consists in detecting a symmetry group and constructing a quotient model based on it — a simplified model for verification purposes. However, not all tools provide support for symmetry, and those that do may still struggle because finding an appropriate symmetry group is computationally complex problem. This work proposes an approach to program development based on explicit symmetry exploitation, which is an alternative to the classical one. In the program, a core is extracted — a coordination center working under consideration of symmetry and responsible for ensuring temporal properties. The core coordinates computations outside itself — those placed in the wrapper surrounding the core. As a result, the core has a small state space, replace the quotient model and allows verification using a model checker without symmetry support. The wrapper cannot interfere in the operation of the verified core and violate its properties. The approach is demonstrated by the example of the development and verification of the Mars rover resource arbiter. The arbiter coordinates access of n processes to m resources where both n and m are natural numbers. Programming languages C/C++ and the Spin model checker tool are used. The behavioral model of the core is automatically extracted by the Spin tool from the C code. Temporal properties expressed via Linear Temporal Logic (LTL) are subject to verification.

In this paper, considers the relationships between digital financial services in particular, account ownership, saving, and borrowing and three sustainable development goals: poverty (SDG 1), income inequality (SDG 10), and CO2 emissions (SDG 13). It analyzes the relationships between 25 developing Asian nations between 2011 and 2021 and uses structural equation modeling (SEM) and subsequent regression-based robustness checking to determine both direct and indirect relationships with account ownership, saving, and borrowing being the mediating channels of financial inclusion. The results suggest that high utilization of the digital payments correlates with reduced income inequality and increased consumption spending in households, especially in the environment with a wider access to financial services. Meanwhile, the use of digital payments has a positive correlation with CO2 emissions, which is in line with the rise in energy consumption associated with digital infrastructure. Nonetheless, the channels of financial inclusion account ownership, saving and borrowing are mediated by these environmental pressures to a certain degree and are related to more sustainable patterns of consumption and investment. To the best of our knowledge, this study is among the first to jointly examine these multidimensional direct and indirect associations between digital finance, inequality, poverty-related outcomes, and environmental sustainability in developing Asia. The results underscore the relevance of integrated financial inclusion and environmental responsibility policies and may inform the design of targeted interventions such as support for low-income digital users and incentives for green financial products aimed at aligning digital finance with equitable and sustainable development objectives.

Cyber–Physical Systems of Systems (CPSoS) integrate autonomous constituent systems to accomplish complex missions. Nonetheless, decentralized coordination and continuous evolution create intricate dependencies that make behavior difficult to analyze. Current semi-formal modeling approaches, despite being easy to understand and widely accessible, lack semantic precision and are not computationally checkable to guarantee time-critical properties. Furthermore, current formal methods are often fragmented: they analyze behavior either at the individual CPS level or the collective CPSoS level, failing to provide a multi-level specification. To address these limitations, we propose an integrated framework combining SysML and Maude rewriting logic. SysML provides structural and behavioral specification capabilities, while Maude enables rigorous semantics, executable models, and formal verification. First, our approach proposes MM-CPSoS, a meta-model that unifies CPS and CPSoS entities with explicit temporal constraints. Dynamic behavior is captured through evolution patterns governing mission progression across both levels. Then, we encode SysML models into Maude as object-oriented configurations and conditional rewrite rules, enabling linear temporal logic (LTL) model checking of temporal properties. Finally, we demonstrate our approach through a Time-Aware Road Crisis Management System (TaRCiMaS2).

ABSTRACT Bayesian belief networks (BBNs) are increasingly applied in tourism research to model complex systems with uncertainty and interdependence. BBNs support two distinct modes of inference: observational inference, which updates beliefs based on observed evidence, and interventional inference, which estimates the consequences of deliberate actions. Conflating these inferential modes risks misinterpretation of model outputs and undermines the policy relevance of research findings. By situating BBNs within Bayesian epistemology and causal inference and drawing on Pearl’s causal framework, this paper clarifies the philosophical, conceptual, and methodological foundations of these two forms of inference and emphasises that valid interpretation of BBN outputs requires explicit assumptions about the data-generating process, not probabilistic associations alone. Using an illustrative example, we demonstrate that observational and interventional probabilities can diverge because of spurious associations due to confounding and collider bias and outline principles that enable causal reasoning to avoid these biases. To support responsible and replicable application, we propose a structured conceptual workflow for BBN-based inference that integrates problem formulation, causal structure specification, parameterisation with model checking, causal intervention, and transparent reporting. A review of a published tourism study illustrates how departures from this workflow can lead to observational results being misinterpreted as causal effects.

Abstract Model checking undiscounted reachability and expected-reward properties on Markov decision processes (MDPs) are key for the verification of systems that act under uncertainty. Popular algorithms are policy iteration and variants of value iteration; in tool competitions, most participants rely on the latter. These algorithms generally need worst-case exponential time. However, the problem can equally be formulated as a linear programme, solvable in polynomial time. In this paper, we give a detailed overview of today’s state-of-the-art algorithms for MDP model checking with a focus on performance and correctness. We highlight their fundamental differences, and describe various optimizations and implementation variants. We experimentally compare floating-point and exact-arithmetic implementations of all algorithms on three benchmark sets using two probabilistic model checkers. Our results show that (optimistic) value iteration is a sensible default, but other algorithms are preferable in specific settings. This paper thereby provides a guide for MDP verification practitioners—tool builders and users alike.

Quantum computing exploits the principles of quantum mechanics to perform computation. Information is stored in qubits and processed with a sequence of quantum gates arranged as circuits. Verifying the correctness of quantum circuits is becoming essential as hardware scales in qubit count and architectural complexity. Traditional testing and naive simulation do not scale and quickly become computationally infeasible because the state space grows exponentially. This creates a strong need for more powerful and scalable verification techniques. Formal methods offer a viable solution by providing mathematically rigorous and scalable verification techniques that address these scalability challenges through abstraction, symbolic reasoning, and probabilistic guarantees. This study examines how formal methods are applied to quantum-circuit verification. Specifically, four families of formal techniques: barrier certificates, abstract interpretation, model checking, and theorem proving are examined, along with the theoretical foundations and practical applications of these techniques. Finally, the study highlights open challenges and identifies promising directions for future research. An extensive set of references is included to support further study and exploration.

DM-Check: Verifying invariants of concurrent systems by deductive model checking

Static analysis is a critical methodology for ensuring the quality, security, and safety of embedded, cyber-physical, and electronic software systems, particularly as such systems become increasingly complex and tightly coupled with hardware and real-time constraints. Through a systematic study of the literature, this paper summarizes the State-of-the-Art in static program analysis. We develop a comprehensive taxonomy of fundamental techniques, including model checking, abstract interpretation, data-flow analysis, and symbolic execution, and examine their application in modern analysis tools used in electronic and safety-critical systems. The survey thoroughly reviews applications across key domains, including vulnerability detection, automotive and embedded software verification, smart contract auditing, and AI-enabled electronic systems. We also critically analyze persistent challenges, including tool integration, scalability limitations, and the trade-off between analysis precision and soundness. Finally, by discussing emerging trends and future research directions—such as machine-learning-enhanced analysis and hybrid static–dynamic techniques—this work provides a structured framework to guide future research and industrial practice in the development of reliable electronic systems.

Smart contracts are self-executing programs deployed on blockchain platforms that facilitateautomated and decentralized transactions. However, once deployed, they become immutable, makingthem vulnerable to catastrophic exploits, such as reentrancy, access control misconfiguration, integeroverflow, and front-running. The need for proof and verification is urgent, as evidenced by other highprofile,capital-draining incidents, such as the DAO attack and Parity wallet vulnerabilities. Abstract:We present ContractFuzzer, a systematic fuzzer for detecting vulnerabilities in Ethereum smartcontracts. Existing tools are based on static analysis, symbolic execution, or heuristic detection, andthus typically impose high false positives, low completeness, and limited formal verification. In thispaper, we introduce SmartScan, a formal verification framework that systematically checks smartcontract security by integrating FSM modeling and CTL-based model checking in nuXmv. Ourmethodology performs automatic parsing of Solidity code, automated generation of FSM and BIPmodels, conversion to the SMV format, and verification of CTL security properties. It responds todetected violations with automated counterexample generation to assist in debugging and iterative reverification.For validation, SmartScan will be tested on 10 different types of Solidity contracts thataddress 14 critical vulnerabilities. Our experimental results show 95.4% detection accuracy, 3.2% falsepositive rate, and 2.8% false negative rate, with 100% verification coverage, and average verificationtime of 3–7 seconds for each property, outperforming state-of-the-art tools in both coverage andprecision. SmartScan: SmartScan has a wide-ranging practical utility in discovering and diagnosingvulnerabilities such as reentrancy and access control issues, which it has been applied in, such as in acase study of a DeFi Lending contract. SmartScan provides a scalable, precise, and developer-centricapproach to improve the confidence and reliability of blockchain applications by combining exhaustiveformal verification of smart contracts with automated counterexample generation.

Bone remodeling is a tightly regulated process influenced by various cellular mechanisms, including circadian rhythm and autophagy. Circadian rhythm governs multiple physiological processes, including bone remodeling, by modulating key signaling pathways. Similarly, autophagy plays a crucial role in maintaining cellular homeostasis and regulating bone turnover. In this study, we constructed a biological regulatory network to investigate the cross-talk between circadian rhythm and autophagy in bone remodeling. Then, a verified set of parameters was obtained through model checking by modeling biological observations in Computational Tree Logic (CTL). Based on the Biological Regulatory Network (BRN) and the deduced set of parameters, a qualitative model was developed in the GINsim tool. The analysis of the qualitative model shows the cyclic behavior of the circadian rhythm, which does not have a stable state. This model was then exported to Hybrid Petri Net (HPN) for quantitative simulation to investigate the cross-talk between circadian rhythm and autophagy in bone remodeling. The results show that in a normal sleep/wake cycle, Per/Cry and Reverb inhibit osteoclast differentiation, whereas Clock/Bmal inhibits osteoblast differentiation. Moreover, the simulation results predict that dysregulation of Per/Cry, Reverb, Clock/Bmal due to shift work or sleep restriction, changes the expression level of Atgs and Rankl that may lead to bone related disorders. Thus, maintaining a normal circadian rhythm is crucial for bone homeostasis. Furthermore, our results show that Rankl is up-regulated during daytime and down-regulated in night. On the contrary, Atgs are up-regulated at night and down-regulated in the daytime, so time is a crucial factor while considering therapeutic targets. We validated these simulation results on real-time data using statistical z-tests and multiple linear regression, whose outcomes align with the simulation results. In conclusion, this study suggests that factors influencing circadian rhythm, such as adequate sleep, regular sunlight exposure, and balanced diet, play a crucial role in supporting bone homeostasis and are particularly beneficial for patients suffering from osteoporosis.