# Kim Guldstrand Larsen's research while affiliated with Aalborg University and other places

## Publications (250)

Article
Full-text available
Formal methods and tools have become well established and widely applied to ensure the correctness of fundamental components of industrial critical systems in domains like railways, avionics and automotive. In this Introduction to the special issue, we outline a number of recent achievements concerning the use of formal methods and tools for the sp...
Article
Increasing the penetration of Renewable Energy Sources (RES), e.g. wind and solar, intermittency and volatility of the supply-side are increasing in power systems worldwide. Therefore, the power systems need alternative forms of flexibility potentials to hedge against the intermittent power. District Heating Systems (DHS), especially Heat Pump Syst...
Article
Full-text available
Dependency graphs, invented by Liu and Smolka in 1998, are oriented graphs with hyperedges that represent dependencies among the values of the vertices. Numerous model checking problems are reducible to a computation of the minimum fixed-point vertex assignment. Recent works successfully extended the assignments in dependency graphs from the Boolea...
Chapter
We perform a preliminary security analysis of the initial boot stage for the OpenTitan silicon root of trust, including formalisation and verification of relevant security goals using both bounded model checking and (unbounded) model checking. We further report on a potential vulnerability in the platform and show how it can be reproduced using for...
Article
Increasing the penetration of Renewable Energy Sources (RES), the heat pumps are an alternative solution to facilitate the integration of RES into district heating. To hedge against the intermittency of RES, the flexibility potentials of the thermal inertia of buildings are unlocked and integrated into power systems. This paper suggests a novel str...
Chapter
We introduce Randomized Reachability Analysis – an efficient and highly scalable method for detection of “rare event” states, such as errors. Due to the under-approximate nature of the method, it excels at quick falsification of models and can greatly improve the model-based development process: using lightweight randomized methods early in the dev...
Book
Full-text available
Contents:::: Lech Jozwiak, Radovan Stojanovic, Introduction >>> Ioannis Pitas, Privacy Protection, Ethics, Robustness and Regulatory Issues in Autonomous Systems >>> Lech Jozwiak, Design of Green CPS and IoT>>> Mario Kovac, European Processor Initiative: Cornerstone of European HPC and eHPC strategy >>> Nicola Capodieci, Timing predictability in GP...
Article
In Denmark, the penetration of Renewable Energy Sources (RES) has increased from 44% in 2015 to 55% in 2020 and is scheduled to increase up to 100% by 2050. To overcome the intermittency and volatility of the RES, demand-side flexibility is an alternative solution for the Danish Electricity Market (DEM). In the residential sector, the heat pump is...
Chapter
We design and implement an efficient model checking algorithm for alternating-time temporal logic (ATL) on turn-based multiplayer stochastic games with weighted transitions. This logic allows us to query about the existence of multiplayer strategies that aim to maximize the probability of game runs satisfying resource-bounded next and until logical...
Article
Full-text available
The Attack Defense Tree framework was developed to facilitate abstract reasoning about security issues of complex systems. As such, a zoo of techniques and extensions have emerged in an attempt to extend the simple Boolean logic of Attack Defense Trees with behavioral properties and quantities. In this paper we expand the modeling power of Attack D...
Article
We address the safety verification and synthesis problems for real-time systems. We introduce real-time programs that are made of instructions that can perform assignments to discrete and real-valued variables. They are general enough to capture interesting classes of timed systems such as timed automata, stopwatch automata, time(d) Petri nets and...
Book
Full-text available
This open access two-volume set constitutes the proceedings of the 27th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2021, which was held during March 27 – April 1, 2021, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to tak...
Book
Full-text available
This open access two-volume set constitutes the proceedings of the 27th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2021, which was held during March 27 – April 1, 2021, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to tak...
Article
Increasing the penetration of renewable power in Denmark, demand-side flexibility is offered as a workable solution to hedge against the intermittency and volatility of renewable energy. In the residential sector, heat pumps are economic alternatives for district heating to unlock heat flexibility in response to renewable power availability. This p...
Chapter
To combat the state-space explosion problem and ease system development, we present a new refinement checking (falsification) method for Timed I/O Automata based on random walks. Our memory-less heuristics Random Enabled Transition (RET) and Random Channel First (RCF) provide efficient and highly scalable methods for counterexample detection. Both...
Preprint
Interface theories are powerful frameworks supporting incremental and compositional design of systems through refinements and constructs for conjunction, and parallel composition. In this report we present a first Interface Theor -- |Modal Mixed Interfaces -- for systems exhibiting both non-determinism and randomness in their behaviour. The associa...
Article
Full-text available
We propose an axiomatization for weighted branching bisimulation over a weighted process algebra with positive rational weights including zero and show that this axiomatization is both sound and complete. Our proof of soundness and completeness are inspired by similar results by Milner for strong and weak bisimulation and by van Glabbeek for branch...
Chapter
We propose a framework for monitoring and updating, at run-time, the probabilities of temporal properties of stochastic timed automata. Our method is based on Bayesian networks and can be useful in various real-time applications, such as flight control systems and cardiac pacemakers. The framework has been implemented by exploiting the statistical...
Chapter
Euclidean Markov decision processes are a powerful tool for modeling control problems under uncertainty over continuous domains. Finite state imprecise, Markov decision processes can be used to approximate the behavior of these infinite models. In this paper we address two questions: first, we investigate what kind of approximation guarantees are o...
Preprint
Full-text available
We address the safety verification and synthesis problems for real-time systems. We introduce real-time programs that are made of instructions that can perform assignments to discrete and real-valued variables. They are general enough to capture interesting classes of timed systems such as timed automata, stopwatch automata, time(d) Petri nets and...
Chapter
We investigate the synthesis problem in a quantitative game-theoretic setting with branching-time objectives. The objectives are given in a recursive modal logic with semantics defined over a multi-weighted extension of a Kripke structure where each transition is annotated with multiple nonnegative weights representing quantitative resources such a...
Chapter
We study two-player zero-sum infinite reachability games with strictly alternating moves of the players allowing us to model a race between the two opponents. We develop an algorithm for deciding the winner of the game and suggest a notion of alternating simulation in order to speed up the computation of the winning strategy. The theory is applied...
Preprint
Full-text available
Erroneous behaviour in safety critical real-time systems may inflict serious consequences. In this paper, we show how to synthesize timed shields from timed safety properties given as timed automata. A timed shield enforces the safety of a running system while interfering with the system as little as possible. We present timed post-shields and time...
Preprint
Euclidean Markov decision processes are a powerful tool for modeling control problems under uncertainty over continuous domains. Finite state imprecise, Markov decision processes can be used to approximate the behavior of these infinite models. In this paper we address two questions: first, we investigate what kind of approximation guarantees are o...
Preprint
Robustness of neural networks has recently attracted a great amount of interest. The many investigations in this area lack a precise common foundation of robustness concepts. Therefore, in this paper, we propose a rigorous and flexible framework for defining different types of robustness that also help to explain the interplay between adversarial r...
Article
Full-text available
When modeling concurrent or cyber-physical systems, non-functional requirements such as time are important to consider. In order to improve the timing aspects of a model, it is necessary to have some notion of what it means for a process to be faster than another, which can guide the stepwise refinement of the model. To this end we study a faster-t...
Article
Full-text available
Signalized intersections are the capacity-determining points on roads in cities, and the signal settings are usually based on very primitive algorithms which cause road users to experience a lot of unnecessary delay The work presented in this paper, show the effect of deploying a controller based on the optimization software Uppaal Stratego in four...
Preprint
Full-text available
Partial order reductions have been successfully applied to model checking of concurrent systems and practical applications of the technique show nontrivial reduction in the size of the explored state space. We present a theory of partial order reduction based on stubborn sets in the game-theoretical setting of 2-player games with reachability objec...
Chapter
Formal models of cyber-physical systems, such as priced timed Markov decision processes, require a state space with continuous and discrete components. The problem of controller synthesis for such systems then can be cast as finding optimal strategies for Markov decision processes over a Euclidean state space. We develop two different reinforcement...
Article
Full-text available
Energy systems worldwide are undergoing a major transformation as a consequence of the transition towards the widespread use of clean and sustainable energy sources. The electric power system in a sustainable future will augment the centralized and large-grid-dependent systems of today with distributed, smaller-scale energy generation systems that...
Chapter
Dependency graphs, as introduced more than 20 years ago by Liu and Smolka, are oriented graphs with hyperedges that connect nodes with sets of target nodes in order to represent causal dependencies in the graph. Numerous verification problems can be reduced into the problem of computing a minimum or maximum fixed-point assignment on dependency grap...
Chapter
For hybrid Markov decision processes, Open image in new window Stratego can compute strategies that are safe for a given safety property and (in the limit) optimal for a given cost function. Unfortunately, these strategies cannot be exported easily since they are computed as a very long list. In this paper, we demonstrate methods to learn compact r...
Chapter
We study the problem of analysing Markov reward models (MRMs) in the presence of imprecise or uncertain rewards. Properties of interests for their analysis are (i) probabilistic bisimilarity, and (ii) specifications expressed as probabilistic reward CTL formulae.
Chapter
Model learning has gained increasing interest in recent years. It derives behavioural models from test data of black-box systems. The main advantage offered by such techniques is that they enable model-based analysis without access to the internals of a system. Applications range from fully automated testing over model checking to system understand...
Chapter
We present a method for synthesising control strategies for continuous dynamical systems. We use Uppaal Tiga for the synthesis in combination with a set-based Euler method for guaranteeing that the synthesis is safe. We present both a general method and a method which provides tighter bounds for monotone systems. As a case-study, we synthesize a gu...
Preprint
Full-text available
For hybrid Markov decision processes, UPPAAL Stratego can compute strategies that are safe for a given safety property and (in the limit) optimal for a given cost function. Unfortunately, these strategies cannot be exported easily since they are computed as a very long list. In this paper, we demonstrate methods to learn compact representations of...
Chapter
We present a global and local algorithm for model checking a weighted variant of PCTL with upper-bound weight constraints, on probabilistic weighted Kripke structures where the weights are vectors with non-zero magnitude. Both algorithms under- and over approximate a fixed-point over a symbolic dependency graph, until sufficient evidence to prove o...
Chapter
Dependency graphs, invented by Liu and Smolka in 1998, are oriented graphs with hyperedges that represent dependencies among the values of the vertices. Numerous model checking problems are reducible to a computation of the minimum fixed-point vertex assignment. Recent works successfully extended the assignments in dependency graphs from the Boolea...
Book
This book constitutes the proceedings of the 24th International Conference on Formal Methods for Industrial Critical Systems, FMICS 2019, held in Amsterdam, The Netherlands, in August 2019. The 9 regular papers presented in this volume were carefully reviewed and selected from 15 submissions. The conference also featured invited talks by Jaco van d...
Chapter
This short note introduces statistical model checking and gives a brief overview of the Statistical Model Checking, past present and future session at Isola 2018. This is the fourth edition of the track at Isola.
Article
Full-text available
Automatic strategy synthesis for a given control objective can be used to generate correct-by-construction controllers of real-time reactive systems. The existing symbolic approach for continuous timed game is a computationally hard task and current tools like UPPAAL TiGa often scale poorly with the model complexity. We suggest an explicit approach...
Preprint
Model learning has gained increasing interest in recent years. It derives behavioural models from test data of black-box systems. The main advantage offered by such techniques is that they enable model-based analysis without access to the internals of a system. Applications range from testing to model checking and system understanding. Current work...
Chapter
Partial order reduction for timed systems is a challenging topic due to the dependencies among events induced by time acting as a global synchronization mechanism. So far, there has only been a limited success in finding practically applicable solutions yielding significant state space reductions. We suggest a working and efficient method to facili...
Chapter
In this paper we review 20 years of significant industrial application of the Uppaal Tool Suite for model-based validation, performance evaluation and synthesis. The paper will highlight a number of selected cases, and discuss successes and pitfalls in achieving industrial impact as well as tool sustainability in an academic setting.
Chapter
In this paper, we propose a novel framework for the synthesis of robust and optimal energy-aware controllers. The framework is based on energy timed automata, allowing for easy expression of timing constraints and variable energy rates. We prove decidability of the energy-constrained infinite-run problem in settings with both certainty and uncertai...
Chapter
This chapter surveys timed automata as a formalism for model checking real-time systems. We begin with introducing the model, as an extension of finite-state automata with real-valued variables for measuring time. We then present the main model-checking results in this framework, and give a hint about some recent extensions (namely weighted timed a...
Article
When working with space systems the keyword is resources. For a satellite in orbit all resources are sparse and the most critical resource of all is power. It is therefore crucial to have detailed knowledge on how much power is available for an energy harvesting satellite in orbit at every time – especially when in eclipse, where it draws its power...
Article
Full-text available
We propose a complete axiomatization for the total variation distance of finite labelled Markov chains. Our axiomatization is given in the form of a quantitative deduction system, a framework recently proposed by Mardare, Panangaden, and Plotkin (LICS 2016) to extend classical equational deduction systems by means of inferences of equality relation...
Article
Full-text available
In this paper, we develop and study two recursive weighted logics (RWLs) $$\mathcal {L}^w$$ and $$\mathcal {L}^t$$, which are multi-modal logics that express qualitative and quantitative properties of labelled weighted transition systems (LWSs). LWSs are transition systems describing systems with quantitative aspects. They have labels with both act...
Chapter
We study model checking of LTL properties by means of random walks, improving on the efficiency of previous results. Using a randomized algorithm to detect accepting paths makes it feasible to check extremely large models, however a naive approach may encounter many non-accepting paths or require the storage of many explicit states, making it ineff...
Article
Semi-Markov processes are Markovian processes in which the firing time of the transitions is modelled by probabilistic distributions over positive reals interpreted as the probability of firing a transition at a certain moment in time. In this paper we consider the trace-based semantics of semi-Markov processes, and investigate the question of how...
Conference Paper
Full-text available
Conference Paper
We propose Pareto optimal reachability analysis to solve multi-objective scheduling and planing problems using real-time model checking techniques. Not only the makespan of a schedule, but also other objectives involving quantities like performance, energy, risk, cost etc., can be optimized simultaneously in balance. We develop the Pareto optimal r...
Conference Paper
Sets and their efficient implementation are fundamental in all of computer science, including model checking, where sets are used as the basic data structure for storing (encodings of) states during a state-space exploration. In the quest for fast and memory efficient methods for manipulating large sets, we present a novel data structure called PTr...
Conference Paper
Full-text available
Real-time programs are made of instructions that can perform assignments to discrete and real-valued variables. They are general enough to capture interesting classes of timed systems such as timed automata, stopwatch automata, time(d) Petri nets and hybrid automata. We propose a semi-algorithm using refinement of trace abstractions to solve both t...
Conference Paper
We consider the problem of model-checking a subset of probabilistic CTL, interpreted over (discrete-time) Markov reward models, allowing the specification of lower bounds on the probability of the set of paths satisfying a cost-bounded path formula. We first consider a reduction to fixed-point computations on a graph structure that encodes a divisi...
Conference Paper
Metric Temporal Logic MTL0,â is a timed extension of linear temporal logic, LTL, with time intervals whose left endpoints are zero or whose right endpoints are infinity. Whereas the satisfiability and model-checking problems for MTL0,â are both decidable, we note that the controller synthesis problem for MTL0,â is unfortunately undecidable. A...
Conference Paper
The growing complexity of Cyber-Physical Systems increasingly challenges existing methods and techniques. What is needed is a new generation of scalable tools for model-based learning, analysis, synthesis and optimization based on a mathematical sound foundation, that enables trade-offs between functional safety and quantitative performance. In pap...
Article
We propose a way of reasoning about minimal and maximal values of the weights of transitions in a weighted transition system (WTS). This perspective induces a notion of bisimulation that is coarser than the classic bisimulation: it relates states that exhibit transitions to bisimulation classes with the weights within the same boundaries. We propos...
Conference Paper
Cyber-Physical Systems (CPS) describe systems combining computing elements with dedicated hardware and software having to monitor and control a particular physical environment.
Book
This book constitutes the proceedings of the Third International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, SETTA 2017, held in Changsha, China, in October 2017. The 19 full papers presented together with 3 invited talks were carefully reviewed and selected from 31 submissions. The aim of the symposium is to br...
Chapter
Trace partitioning is a technique for retaining precision in abstract interpretation, by partitioning all traces into a number of classes and computing an invariant for each class. In this work we present an automata-based approach to trace partitioning, by augmenting the finite automaton given by the control-flow graph with abstract transformers o...
Conference Paper
Dependency graph is an abstract mathematical structure for representing complex causal dependencies among its vertices. Several equivalence and model checking questions, boolean equation systems and other problems can be reduced to fixed-point computations on dependency graphs. We develop a novel distributed algorithm for computing such fixed point...
Conference Paper
We propose a way of reasoning about minimal and maximal values of the weights of transitions in a weighted transition system (WTS). This perspective induces a notion of bisimulation that is coarser than the classic bisimulation: it relates states that exhibit transitions to bisimulation classes with the weights within the same boundaries. We propos...
Article
Full-text available
We study which standard operators of probabilistic process calculi allow for compositional reasoning with respect to bisimulation metric semantics. We argue that uniform continuity (generalizing the earlier proposed property of non-expansiveness) captures the essential nature of compositional reasoning and allows now also to reason compositionally...
Article
Full-text available
Bitflips, or single-event upsets (SEUs) as they are more formally known, may occur for instance when a high-energy particle such as a proton strikes a CPU and thereby corrupting the contents of an on-chip register, e.g., by randomly flipping one or more bits in that register. Such random changes in central registers may lead to critical failure in...
Conference Paper
Timed automata and games, priced timed automata and energy automata have emerged as useful formalisms for modelingreal-time and energy-aware systems as found in several embedded and cyber-physical systems. Within the last 20 years thevarious components of the UPPAAL tool-suite has been developed to support various types of analysis of these formali...
Conference Paper
Over the years, schedulability of Cyber-Physical Systems (CPS) has mainly been performed by analytical methods. Those techniques are known to be effective but limited to a few classes of scheduling policies. In a series of recent work, we have shown that schedulability analysis of CPS could be performed with a model-based approach and extensions of...
Conference Paper
Performing a thorough security risk assessment of an organisation has always been challenging, but with the increased reliance on outsourced and off-site third-party services, i.e., “cloud services”, combined with internal (legacy) IT-infrastructure and -services, it has become a very difficult and time-consuming task. One of the traditional tools...
Article
This paper concerns branching simulation for weighted Kripke structures with parametric weights. Concretely, we consider a weighted extension of branching simulation where a single transitions can be matched by a sequence of transitions while preserving the branching behavior. We relax this notion to allow for a small degree of deviation in the mat...