In view of the growing complexity of modern software architectures, formal models are
increasingly used to understand why a system works the way it does, opposed to simply …

Temporal hyperproperties are system properties that relate multiple execution traces. For
(finite-state) hardware, temporal hyperproperties are supported by model checking …

In this paper we study the problem of realizability of reactive specifications written in LTL T,
which is the extension of LTL where atomic propositions can be literals from a first-order …

Counterfactual reasoning is an approach to infer what causes an observed effect by
analyzing the hypothetical scenarios where a suspected cause is not present. The seminal …

Lewis' theory of counterfactuals is the foundation of many contemporary notions of causality.
In this paper, we extend this theory in the temporal direction to enable symbolic …

Solving reachability games is a fundamental problem for the analysis, verification, and
synthesis of reactive systems. We consider logical reachability games modulo theories (in …

Hyperproperties specify the behavior of a system across multiple executions, and are an
important extension of regular temporal properties. So far, such properties have resisted …

Temporal causality describes what concrete input behavior is responsible for some
observed output behavior on a trace of a reactive system, and can be used to, eg, generate …

Necessity and sufficiency are well-established notions in logic and causality analysis, but
have barely received attention in the formal methods community. In this paper, we present …

Investigations of causality in operational systems aim at providing human-understandable
explanations of why a system behaves as it does. There is, in particular, a demand to …