Luca Di Stefano

I have joined the FMCAD'26 Program Committee.

Mon, 11 May 2026 10:32:29 +0200

I have joined the FMCAD'26 Program Committee.

From the conference’s Web site:

FMCAD 2026 is the twenty-sixth in a series of conferences on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing.

Our paper “Sweap: Reactive Synthesis for Infinite-State Integer Problems” has been accepted to CAV 2026.

Sat, 18 Apr 2026 10:37:59 +0200

Our paper “Sweap: Reactive Synthesis for Infinite-State Integer Problems” has been accepted to CAV 2026.

Abstract:

Recent years have seen a significant increase in the interest in reactive synthesis from specifications that relate to infinite state spaces. We present sweap, a tool for synthesis of infinite-state Linear Integer Arithmetic reactive systems. sweap implements a CEGAR approach, relying on state-of-the-art finite-state synthesis tools as black boxes to solve abstract synthesis problems. sweap supports most common input formalisms for infinite-state reactive-synthesis problems: Temporal Stream Logic Modulo Theories, Reactive Program Games, the bespoke input of the Issy tool, and our own bespoke input. We present a mature version of sweap with novel features: a dual abstraction approach that improves its capabilities in proving unrealisability, support for nondeterministic and unbounded updates, more general initialization of variables, and equirealisable reductions for optimisation. Experimental evaluation shows that sweap outperforms its only competitor in this domain.

Our paper “A Compositional Semantics for Reconfigurable Multi-Mode Interaction in R-CHECK” has been accepted for publication in the International Journal of Software Tools for Technology Transfer (STTT).

Wed, 18 Feb 2026 11:17:01 +0100

Our paper “A Compositional Semantics for Reconfigurable Multi-Mode Interaction in R-CHECK” has been accepted for publication in the International Journal of Software Tools for Technology Transfer (STTT).

Abstract:

Autonomous multi-agent systems use different modes of communication to support their autonomy and ease of interaction. In order to enable modelling and reasoning about such systems, we need frameworks that combine many forms of communication. R-CHECK is a modelling, simulation, and verification environment supporting the development of multi-agent systems, providing attributed channelled broadcast and multicast communication. Another common communication mode is point-to-point, wherein agents communicate with each other directly. Capturing point-to-point through R-CHECK’s multicast and broadcast is possible, but cumbersome and prone to interference. Here, we extend R-CHECK (and its underlying formal calculus ReCiPe) with bidirectional attributed point-to-point communication, which can be established based on identity or properties of participants. Moreover, we provide a compositional semantics that clearly describes how different modes of interaction co-exist without interference. We also support model-checking of point-to-point {interactions} by extending linear temporal logic with observation descriptors related to the participants in this communication mode. We argue that these extensions simplify the design, and demonstrate their benefits by means of an illustrative case study.

I have joined the ASQAP 2026 program committee.

Fri, 30 Jan 2026 12:04:50 +0100

I have joined the ASQAP 2026 program committee.

ASQAP'25 is the First International Workshop on Autonomous System Quality Assurance and Prediction with Digital Twins. It will be co-located with FSE 2026 in Montreal, QC, Canada. Please consider submitting your work!

From the workshop’s Web page:

Using digital twins in autonomous systems is crucial for ensuring quality assurance and enhancing predictive capabilities. This technology enables real-time monitoring and simulation of system behavior, providing a detailed virtual replica that facilitates advanced testing and the correction of potential faults before physical production. Digital twins also support optimization of design and operational processes, reducing development times and enhancing overall efficiency. Moreover, by analyzing large datasets and simulating complex scenarios, digital twins aid in developing advanced algorithms and predictive resource management, improving system resilience and adaptability.
However, several challenges emerge in realizing a digital twin. This process involves creating detailed models of the system and its environment, which must remain aligned with both the environment’s dynamic and open nature and the hardware status of the physical twin. This poses a significant challenge, as both autonomous systems and their digital twins must continually adjust to changes to maintain accuracy and functionality. Runtime techniques are therefore required to verify and adapt both autonomous systems and their digital twins.
Despite the great interest in enhancing autonomous systems’ quality assurance and prediction through digital twins, no common methodologies, model-based techniques, or formal aspects have been fully established. ASQAP 2026 aims to provide a forum for sharing and discussing innovative contributions to both formal and practical approaches in the analysis and development of methodologies, including digital twins, for the quality assurance of autonomous systems.

I have joined the VMCAI'26 artifact evaluation committee.

Thu, 25 Sep 2025 10:59:35 +0200

I have joined the VMCAI'26 artifact evaluation committee.

From the conference’s call for papers:

VMCAI provides a forum for researchers from the communities of Verification, Model Checking, and Abstract Interpretation, facilitating interaction, cross-fertilization, and advancement of hybrid methods that combine these and related areas.

From the call for artifacts:

VMCAI 2026 makes available the option to submit an artifact along with a paper. Artifacts are any additional material that substantiates the claims made in the paper, and ideally makes them fully replicable. For some papers, these artifacts are as important as the paper itself because they provide crucial evidence for the quality of the results. The goal of artifact evaluation is twofold. On the one hand, we want to encourage authors to provide more substantial evidence to their papers and to reward authors who create artifacts. On the other hand, we want to simplify the independent replication of results presented in the paper and to ease future comparison with existing approaches.

On September 15, 2025 I will give a talk on “Full LTL Synthesis over Infinite-state Arenas” at the VASSAL Workshop in Graz, Austria.

Fri, 15 Aug 2025 12:18:10 +0200

On September 15, 2025 I will give a talk on “Full LTL Synthesis over Infinite-state Arenas” at the VASSAL Workshop in Graz, Austria.

The talk will present our recent CAV paper. The workshop is co-located with RV 2025. About the workshop (from its website):

The VASSAL project is a collaboration between Brno University of Technology (Czechia), CEA-List (France), and TU Wien (Austria), with associated partner Honeywell (Czechia). The project focuses on advancing the safety, security, and resilience of software systems by integrating model-based design, formal methods, and runtime verification techniques.
The workshop objective is to showcase the project’s recent scientific contributions and encourage discussions on emerging issues and research directions in safety of verification and analysis. The workshop program will feature invited talks from leading experts, presentations from VASSAL researchers, and selected contributions from the runtime verification community.

My paper “Execution and monitoring of HOA automata with HOAX” has been accepted to RV 2025 (tool track).

Mon, 14 Jul 2025 09:53:54 +0200

My paper “Execution and monitoring of HOA automata with HOAX” has been accepted to RV 2025 (tool track).

Abstract:

We present a tool called HOAX for the execution of ω-automata expressed in the popular HOA format. The tool leverages the notion of trap sets to enable runtime monitoring of any (non-parity) acceptance condition supported by the format. When the automaton is not monitorable, the tool may still be able to recognise so-called ugly prefixes, and determine that no further observation will ever lead to a conclusive verdict. The tool is open-source and highly configurable. We present its formal foundations, its design, and compare it against the trace analyser PyContract on a lock acquisition scenario.

I have joined the EMSOFT'25 Artifact Evaluation Committee.

Mon, 07 Jul 2025 16:27:59 +0200

I have joined the EMSOFT'25 Artifact Evaluation Committee.

From the conference Web page:

The ACM SIGBED International Conference on Embedded Software (EMSOFT) brings together researchers and developers from academia, industry, and government to advance the science, engineering, and technology of embedded software development. Since 2001, EMSOFT has been the premier venue for cutting-edge research in the design and analysis of software that interacts with physical processes, with a long-standing tradition for results on cyber-physical systems, which compose computation, networking, and physical dynamics.

I have joined the RV'25 program committee.

Wed, 11 Jun 2025 13:24:51 +0200

I have joined the RV'25 program committee.

The 25th International Conference on Runtime Verification (RV'25) will take place in Graz, Austria from September 15 to September 19, 2025.

From the conference’s Web page:

Runtime verification is concerned with the monitoring and analysis of the runtime behavior of software and hardware systems. Runtime verification techniques are crucial for system correctness, reliability, and robustness; they provide an additional level of rigor and effectiveness compared to conventional testing and are generally more practical than exhaustive formal verification. Runtime verification can be used prior to deployment, for testing, verification, and debugging purposes, and after deployment for ensuring reliability, safety, and security and for providing fault containment and recovery as well as online system repair.

The final preprint of our CAV'25 paper is now available on ArXiv.

Thu, 29 May 2025 13:34:32 +0200

The final preprint of our CAV'25 paper is now available on ArXiv.

I am also happy to report that the paper’s software artifact was awarded a Reusable badge by the artifact evaluation committee.

A full list of submission that have been accepted to CAV is available here.

Abstract:

Recently, interest has increased in applying reactive synthesis to richer-than-Boolean domains. A major (undecidable) challenge in this area is to establish when certain repeating behaviour terminates in a desired state when the number of steps is unbounded. Existing approaches struggle with this problem, or can handle at most deterministic games with Büchi goals. This work goes beyond by contributing the first effectual approach to synthesis with full LTL objectives, based on Boolean abstractions that encode both safety and liveness properties of the underlying infinite arena. We take a CEGAR approach: attempting synthesis on the Boolean abstraction, checking spuriousness of abstract counterstrategies through invariant checking, and refining the abstraction based on counterexamples. We reduce the complexity, when restricted to predicates, of abstracting and synthesising by an exponential through an efficient binary encoding. This also allows us to eagerly identify useful fairness properties. Our discrete synthesis tool outperforms the state-of-the-art on linear integer arithmetic (LIA) benchmarks from literature, solving almost double as many syntesis problems as the current state-of-the-art. It also solves slightly more problems than the second-best realisability checker, in one-third of the time. We also introduce benchmarks with richer objectives that other approaches cannot handle, and evaluate our tool on them.

Our paper “Full LTL Synthesis over Infinite-state Arenas” has been accepted to CAV 2025.

Thu, 03 Apr 2025 09:55:23 +0200

Our paper “Full LTL Synthesis over Infinite-state Arenas” has been accepted to CAV 2025.

A previous version of the paper is available on ArXiv. We are working hard on the final version! A repository of Dockerfiles to try out our synthesis tool is on GitHub.

Abstract:

Recently, interest has increased in applying reactive synthesis to richer-than-Boolean domains. A major (undecidable) challenge in this area is to establish when certain repeating behaviour terminates in a desired state when the number of steps is unbounded. Existing ap- proaches struggle with this problem, or can handle at most deterministic games with Büchi goals.
This work goes beyond by contributing the first effectual approach to synthesis with full LTL objectives, based on Boolean abstractions that encode both safety and liveness properties of the underlying infinite arena. We take a CEGAR approach: attempting synthesis on the Boolean abstraction, checking spuriousness of abstract counterstrategies through invariant checking, and refining the abstraction based on counterexamples. We reduce the complexity, when restricted to predicates, of abstracting and synthesising by an exponen- tial through an efficient binary encoding. This also allows us to eagerly identify useful fairness properties.
Our discrete synthesis tool outperforms the state-of-the-art on linear integer arithmetic (LIA) benchmarks from literature, solving thrice as many problems as the current state-of-the-art and roughly 1.5 times as many as the second-best realisability checker. We also introduce benchmarks with richer objectives than other approaches can handle, and evaluate our tool on them.

I have joined the FMICS'25 Program Committee.

Tue, 28 Jan 2025 15:46:52 +0100

I have joined the FMICS'25 Program Committee.

From the Web site of the conference:

The aim of the FMICS conference series is to provide a forum for researchers and practitioners who are interested in the development and application of formal methods in industry. FMICS brings together scientists and engineers who are active in the area of formal methods and interested in exchanging their experiences in the industrial usage of these methods. The FMICS conference series also strives to promote research and development for the improvement of formal methods and tools for industrial applications.

On Dec 9, 2024 I will be giving an invited seminar at University of Parma, Italy.

Thu, 07 Nov 2024 14:04:18 +0100

On Dec 9, 2024 I will be giving an invited seminar at University of Parma, Italy.

Abstract of the seminar:

Model checking is a formal technique to assess the correctness of systems by exhaustively searching its state space for “bad” executions. If no such execution is found, the system is safe. Otherwise, the execution is called a counterexample and shown to the user, who may use it to debug the system (or refine their definition of “bad”). Today, model checking is routinely used in hardware design, and has seen increasing adoption in the software domain as well. This required a number of theoretical breakthroughs, due to the large state spaces that even modest programs exhibit. This seminar will provide an overview of model checking approaches to software verification. We will start from the basics and then discuss a few more advanced procedures that have been devised to tackle programs with large (or infinite) state spaces. Lastly, we show how these solutions may also enable automated reasoning on “complex adaptive systems”. These are collections of autonomous, interacting agents which may display emergent collective behaviour (think about flocks of birds or colonies of ants).

I have joined the ASQAP 2025 program committee.

Thu, 26 Sep 2024 21:46:19 +0200

I have joined the ASQAP 2025 program committee.

ASQAP'25 is the First International Workshop on Autonomous System Quality Assurance and Prediction with Digital Twins. It will be co-located with ETAPS 2020 in Hamilton, Canada.

From the workshop’s Web page:

Using digital twins in autonomous systems is crucial for ensuring quality assurance and enhancing predictive capabilities. This technology enables real-time monitoring and simulation of system behavior, providing a detailed virtual replica that facilitates advanced testing and the correction of potential faults before physical production. Digital twins also support optimization of design and operational processes, reducing development times and enhancing overall efficiency. Moreover, by analyzing large datasets and simulating complex scenarios, digital twins aid in developing advanced algorithms and predictive resource management, improving system resilience and adaptability.
However, several challenges emerge in realizing a digital twin. This process involves creating detailed models of the system and its environment, which must remain aligned with both the environment’s dynamic and open nature and the hardware status of the physical twin. This poses a significant challenge, as both autonomous systems and their digital twins must continually adjust to changes to maintain accuracy and functionality. Runtime techniques are therefore required to verify and adapt both autonomous systems and their digital twins.
Despite the great interest in enhancing autonomous systems’ quality assurance and prediction through digital twins, no common methodologies, model-based techniques, or formal aspects have been fully established.
ASQAP 2025 aims to provide a forum for sharing and discussing innovative contributions to both formal and practical approaches in the analysis and development of methodologies, including digital twins, for the quality assurance of autonomous systems.

Omar Inverso confirmed as keynote speaker at FTfJP'24.

Tue, 06 Aug 2024 09:57:51 +0200

Omar Inverso confirmed as keynote speaker at FTfJP'24.

Abstract:

As software systems become more and more pervasive and sophisticated, their vulnerabilities are exploited at increasingly worrisome speeds. Static analysis can detect a variety of flaws, including different security-related issues, at an early stage in the software development process.
We introduce the topic by discussing different perspectives, from increased lawmaker awareness and upcoming bureaucratic regulations, to coding standards and vulnerability databases.
We then focus on the problem of data race detection with a novel static technique for C programs with POSIX threads. The key element of the technique is a reduction to reachability that can be combined with bounded model checking and context-bounded analysis for great detection accuracy. This talk includes joint work with Emerson Sales, Emilio Tuosto, and Rocco De Nicola.

I have joined the NSAD 2024 program committee.

Mon, 22 Jul 2024 09:46:19 +0200

I have joined the NSAD 2024 program committee.

NSAD'24 is the 10th International Workshop on Numerical and Symbolic Abstract Domains. It will be part of SPLASH 2024 and will be held in Pasadena, CA, USA.

From the workshop’s Web page:

Abstraction is an essential part of many program verification and validation (V&V) methods, making tractable computational problems that are usually too complex —and very often undecidable if considered in their original (not abstracted) formulation. Such abstraction is modeled using an abstract representation of data and abstract operations, yielding an Abstract Domain. Abstract Domains embed the semantic choices, data structures, algorithmic aspects, and implementation decisions related to the abstraction process, and, as such, they play a central role in V&V, with applications to abstract interpretation-based static analysis, model-checking, and symbolic execution, to name a few examples.
Many Abstract Domains have been designed so far: numerical domains (e.g., intervals, congruences, polyhedra, polynomials), symbolic domains (e.g., shape domains, trees) —but also domain operators (e.g., products, powersets, completions), and have been applied to several kinds of V&V problems (e.g., program safety, termination, reachability) on a variety of systems (e.g., hardware, software, neural networks).
The goal of the NSAD workshop is to discuss work in progress, recent advances, novel ideas, and experiences in the theory, practice, application, implementation, and experimentation connected to Abstract Domains. This year, contributions related and/or applied to neural networks, dynamic/hybrid systems, distributed systems, quantum software, and blockchain software (e.g., smart-contracts), as well as partial and modular program analysis, are particularly welcome.

Papers “Emerging Synchrony in Applauding Audiences: Formal Analysis and Specification” and “Attributed Point-to-point Communication in R-Check” accepted to ISoLA'24.

Wed, 03 Jul 2024 10:30:38 +0200

Papers “Emerging Synchrony in Applauding Audiences: Formal Analysis and Specification” and “Attributed Point-to-point Communication in R-Check” accepted to ISoLA'24.

The paper “Emerging Synchrony in Applauding Audiences: Formal Analysis and Specification”, co-authored with Omar Inverso, will be part of a Colloquium to celebrate Rocco De Nicola’s 70th birthday.

Abstract:

Applause is an ancient, widespread collective behaviour whereby an audience expresses appreciation at the conclusion of a collective event such as an artistic performance or a public ceremony. In some cultures, it is possible to observe a spontaneous transition from an initially incoherent to a surprisingly synchronised form of applause. Such kind of emergent behaviour has long since fascinated researchers from different disciplines. This paper shows a possible application of formal methods to study similar phenomena. The key idea is to model the audience as a concurrent system, where each person is a separate process that follows the same, simple behaviour. The model can then be automatically analysed to study the possible evolutions of the system as a whole, and in particular to assess the likelihood of emerging synchronisation.

Deadline extension for FTfJP'24.

Mon, 17 Jun 2024 10:51:49 +0200

Deadline extension for FTfJP'24.

The deadline for FTfJP has been exended to June 26 (AoE)! Please consider submitting your manuscripts. From our Call for Papers:

The workshop has a broad PL theme; the most important criterion is that submissions will generate interesting discussions within this community. The term ‘Java-like’ is somewhat historic and should be interpreted broadly: FTfJP solicits and welcomes submission relating to programming languages in general, beyond Java. Past editions of FTfJP have featured work on C++, JavaScript, Rust, and other languages and calculi. The term ‘formal techniques’ has a similarly broad interpretation.

I will chair the FTfJP'24 workshop at ECOOP'24.

Mon, 15 Apr 2024 10:07:38 +0200

I will chair the FTfJP'24 workshop at ECOOP'24.

(From ftfjp.github.io): The Formal Techniques for Java-like Programs (FTfJP) workshop aims to bring together people working on formal techniques and tool support for Java, or closely related languages such as C# or Scala, either with the aim to describe, analyse, and verify aspects and properties of these programming languages themselves (type systems, semantics, bytecode verification, etc.), or of programs written in these languages. Java-like languages provide a good platform to bridge the gap between formal techniques and practical program development, because of the reasonably clear semantics and standardised libraries.

From March 2024 I will join the Cyber Physical Systems research unit at TU Wien, Vienna, Austria.

Fri, 16 Feb 2024 15:33:40 +0200

From March 2024 I will join the Cyber Physical Systems research unit at TU Wien, Vienna, Austria.

I am truly thankful to Nir for my stay at GU/Chalmers and wish all my colleagues at CSE enduring success in their research endeavours.

I have joined the FMICS'24 Program Committee.

Tue, 23 Jan 2024 15:28:29 +0200

I have joined the FMICS'24 Program Committee.