Change search
Refine search result
12 1 - 50 of 96
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Berhmann, Gerd
    et al.
    Aalborg University, Denmark .
    David, Alexandre
    Aalborg University, Denmark .
    Guldstrand Larsen, Kim
    Aalborg University, Denmark .
    Håkansson, John
    Uppsala University, Sweden .
    Pettersson, Paul
    Uppsala University, Sweden.
    Wang, Yi
    Uppsala University, Sweden.
    Hendriks, Martijn
    Radboud University Nijmegen, Netherlands .
    UPPAAL 4.02006In: Third International Conference on the Quantitative Evaluation of Systems, QEST 2006, 2006, p. 125-126Conference paper (Refereed)
    Abstract [en]

    UPPAAL 4.0 is the result of over two and a half years of development and contains many new features, additions to the modeling language, performance improvements, enhancements and polish to the the easy to use graphical user interface, and is accompanied by several open source libraries. The tool and libraries are available free of charge for academic, educational and evaluation purposes from http://www.uppaal.com/. We describe three of the new features: User defined functions, priorities and symmetry reduction. 

  • 2.
    Berhmann, Gerd
    et al.
    NORDUnet A/S, Copenhagen, Denmark.
    David, Alexandre
    Department of Computer Science, Aalborg University.
    Guldstrand Larsen, Kim
    Department of Computer Science, Aalborg University.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Yi, Wang
    Department of Information Technology, Uppsala University.
    Developing UPPAAL over 15 years2011In: Software - Practice and Experience, ISSN 0038-0644, Vol. 41, no 2, p. 133-142Article in journal (Refereed)
    Abstract [en]

    UPPAAL is a tool suitable for model checking real-time systems described as networks of timed automata communicating by channel synchronizations and extended with integer variables. Its first version was released in 1995 and its development is still very active. It now features an advanced modeling language, a user-friendly graphical interface, and a performant model checker engine. In addition, several flavors of the tool have matured in recent years. In this paper, we present how we managed to maintain the tool during 15 years, its current architecture with its challenges, and we give the future directions of the tool.

  • 3.
    Björnander, Stefan
    et al.
    CrossControl AB.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    A Formal Analysis Framework for AADL2011In: The Journal of Science and Technology, ISSN 0866-708X, Vol. 49, no 5Article in journal (Refereed)
    Abstract [en]

    As system failure of mission-critical embedded systems may result in serious consequences, the development process should include verification techniques already at the architectural design stage, in order to provide evidence that the architecture fulfils its requirements. The Architecture Analysis and Design Language (AADL) is a language designed for modeling embedded systems, and its Behavior Annex defines the behavior of the system. However, even though it is an internationally used industry standard, AADL still lacks a formal semantics and is not executable, which limits the possibility to perform formal verification. In this paper, we introduce a formal analysis framework for a subset of AADL and its Behavior Annex, which includes the following: a denotational semantics, its implementation in Standard ML, and a graphical Eclipse-based tool encapsulating the implementation. We also show how to perform model checking of AADL properties defined in the Computation Tree Logic (CTL).

  • 4.
    Björnander, Stefan
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    ABV: A Verifier for the Architecture Analysis and Description Language (AADL)2011In: 16th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), 2011, 2011, p. 355-360Conference paper (Refereed)
  • 5.
    Björnander, Stefan
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    The Architecture Analysis and Design Language and the Behavior Annex: A Denotational Semantics2011Report (Other academic)
    Abstract [en]

    We present a denotational semantics for the Architecture Analysis and Design Language with Behavior Annex and the Computational Tree logic. We also present tool support as an OSATE plug-in as well as the Production Cell case study.

  • 6.
    Causevic, Adnan
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Distributed energy management case study: A formal approach to analyzing utility functions2014In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, p. 74-87Conference paper (Refereed)
    Abstract [en]

    The service-oriented paradigm has been established to enable quicker development of new applications from already existing services. Service negotiation is a key technique to provide a way of deciding and choosing the most suitable service, out of possibly many services delivering similar functionality but having different response times, resource usages, prices, etc. In this paper, we present a formal approach to the clients-providers negotiation of distributed energy management. The models are described in our recently introduced REMES HDCL language, with timed automata semantics that allows us to apply UPPAALbased tools for model-checking various scenarios of service negotiation. Our target is to compute ways of reaching the price- and reliability-optimal values of the utility function, at the end of the service negotiation.

  • 7.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Analyzing Resource-Usage Impact on Component-Based Systems Performance and Reliability2008In: 2008 International Conference on Computational Intelligence for Modelling Control & Automation, Los Alamitos, CA: IEEE Computer Society , 2008, p. 302-308Conference paper (Refereed)
    Abstract [en]

    An early prediction of resource utilization and its impacton system performance and reliability can reduce theoverall system cost, by allowing early correction of detectedproblems, or changes in development plans with minimizedoverhead. Nowadays, researchers are using both academicand commercial models to predict such attributes, by measuringthem at earliest stages of system development. Inthis paper, we give a short overview of existing predictionmodels for performance and reliability, targeting popularcomponent-based frameworks. Next, we describe our ownapproach for tackling such predictions, through an illustrationon a small example that deals with estimations of energyconsumption.

  • 8.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Algorithmic Computation of Strongest Postconditions of Services as Priced Timed Automata2012Report (Other academic)
    Abstract [en]

    Service-Oriented Systems (SOS) have gained importance in different application domains thanks to their ability to enable reusable functionality provided via well-defined interfaces, and the increased opportunities to compose existing units, called services, into various configurations. Developing applications in such a setup, by reusing existing services, brings some concerns regarding the assurance of the expected Quality-of-Service (QoS), and correctness of the employed services. In this paper, we provide a formal mechanism of computing service guarantees, automatically. We assume service models annotated with pre- and postconditions, their semantics given as Priced Timed Automata (PTA), and the forward analysis method for checking the service correctness w.r.t. given requirements. Under these assumptions, we show how to compute the strongest postcondition of the corresponding automata algorithmically, with respect to the specified precondition. The approach is illustrated on a small example of a service modeled as Priced Timed Automaton (PTAn).

  • 9.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    An Analyzable Model of Automated Service Negotiation2013In: Proceedings - 2013 IEEE 7th International Symposium on Service-Oriented System Engineering, SOSE 2013, 2013, p. 125-136Conference paper (Refereed)
    Abstract [en]

    Negotiation is a key aspect of Service-Oriented Systems, which is rarely supported by formal models and tools for analysis. Often, service negotiation proceeds with timing, cost and resource constraints, under which the users and providers exchange information on their respective goals, until reaching a consensus. Consequently, a mathematically driven technique to analyze various ways to achieve such goals is beneficial. In this paper, we propose an analyzable negotiation model between service clients and providers, in our recently introduced language REMES and its corresponding textual service composition language HDCL. The model can be viewed as a negotiation interface for different negotiation strategies and protocols, which iterates until an agreement is reached. We show how to analyze the negotiation model against timing, cost and utility constraints, by transforming it into the Timed Automata formal framework. We illustrate our approach through an insurance scenario assuming a form of the Contract Net Protocol for web services.

  • 10.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Behavioral Modeling and Refinement of Services2009In: Prodceedings of 21st Nordic Workshop on Programming Theory, NWPT '09, 2009Conference paper (Refereed)
  • 11.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Checking Correctness of Services Modeled as Priced Timed Automata2012In: Lecture Notes in Computer Science, vol. 7610, issue part 2, Springer, 2012, p. 308-322Chapter in book (Refereed)
    Abstract [en]

    Service-Oriented Systems (SOS) have gained importance in different application domains thanks to their ability to enable reusable functionality provided via well-defined interfaces, and the increased opportunities to compose existing units, called services, into various configurations. Developing applications in such a setup, by reusing existing services, brings some concerns regarding the assurance of the expected Quality-of-Service (QoS), and correctness of the employed services. In this paper, we describe a formal mechanism of computing service guarantees, automatically. We assume service models annotated with pre- and postconditions, with their semantics given as Priced Timed Automata (PTA), and the forward analysis method for checking the service correctness w.r.t. given requirements. Under these assumptions, we show how to compute the strongest postcondition of the corresponding automata algorithmically, with respect to the specified precondition. The approach is illustrated on a small example of a service modeled as Priced Timed Automaton (PTAn).

  • 12.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Distributed Energy Management Case Study: A Formal Approach to Analyzing Utility Functions2013Report (Other academic)
    Abstract [en]

    The service-oriented paradigm has been established to enable quicker development of new applications from already existing services. Service negotiation is a key technique to provide a way of deciding and choosing the most suitable service, out of possibly many services delivering similar functionality but having different response times, resource usages, prices, etc. In this paper, we present a formal approach to the clients-providers negotiation of distributed energy management. The models are described in our recently introduced REMES HDCL language, with timed automata semantics that allows us to apply UPPAAL-based tools for model-checking various scenarios of service negotiation. Our target is to compute ways of reaching the price- and reliability-optimal values of the utility function, at the end of the service negotiation.

  • 13.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Formal reasoning of resource-aware services2010Report (Other academic)
    Abstract [en]

    Service-oriented systems have recently emerged as context-independent component-based systems. Unlike components, services can be created, invoked, composed, and destroyed at run-time. Consequently, all services should have a way of advertising their capabilities to the entities that will use them, and service-oriented modeling should cater for various kinds of service composition. In this paper, we show how services can be formally described by the resource-aware timed behavioral language REMES, which we extend with service-specific information, such as type, capacity, time-to-serve, etc., as well as boolean constraints on inputs, and output guarantees. Assuming a Hoare-triple model of service correctness, we show how to check it by using the strongest postcondition semantics. To provide means for connecting REMES services, we propose a hierarchical language for service composition, which allows for verifying the latter’s correctness. The approach is applied on an abstracted version of an intelligent shuttle system, for which we also compute resource-efficient behaviors, and energy-time trade-offs, by model-checking the system’s underlying Priced Timed Automata semantic representation.

  • 14.
    Causevic, Aida
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Modeling and Reasoning about Service Behaviors and their Compositions2010In: Lecture Notes in Computer Science, vol. 6416, Berlin: Springer , 2010, p. 82-96Chapter in book (Refereed)
    Abstract [en]

    Service-oriented systems have recently emerged as context-independent component-based systems. Unlike components, services can be created, invoked, composed, and destroyed at run-time. Consequently, all services need a way of advertising their capabilities to the entities that will use them, and serviceoriented modeling should cater for various kinds of service composition. In this paper, we show how services can be formally described by the resource-aware timed behavioral language REMES, which we extend with service-specific information, such as type, capacity, time-to-serve, etc., as well as boolean constraints on inputs, and output guarantees. Assuming a Hoare-triple model of service correctness, we show how to check it by using the strongest postcondition semantics. To provide means for connecting REMES services, we propose a hierarchical language for service composition, which allows for verifying the latter's correctness. The approach is applied on an abstracted version of an intelligent shuttle system.

  • 15.
    David, A.
    et al.
    Computer Science Department, Aalborg University, Aalborg, Denmark.
    Behrmann, G.
    Computer Science Department, Aalborg University, Aalborg, Denmark.
    Bulychev, P.
    Lomonosov Moscow State University, Moscow, Russian Federation.
    Byg, J.
    Computer Science Department, Aalborg University, Aalborg, Denmark.
    Chatain, T.
    Larsen, K. G.
    Computer Science Department, Aalborg University, Aalborg, Denmark.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Rasmussen, J. I.
    Computer Science Department, Aalborg University, Aalborg, Denmark.
    Srba, J.
    Computer Science Department, Aalborg University, Aalborg, Denmark.
    Yi, W.
    Uppsala University, Uppsala, Sweden.
    Joergensen, K. Y.
    Computer Science Department, Aalborg University, Aalborg, Denmark.
    Lime, D.
    IRCCyN, Ecole Centrale de Nantes, Nantes, France.
    Magnin, M.
    IRCCyN, Ecole Centrale de Nantes, Nantes, France.
    Roux, O. H.
    IRCCyN, University of Nantes, Nantes, France .
    Traonouez, L. -M
    IRCCyN, Ecole Centrale de Nantes, Nantes, France.
    Tools for Model-Checking Timed Systems2013In: Communicating Embedded Systems: Software and Design: Formal Methods, John Wiley & Sons, Inc. , 2013, p. 165-225Chapter in book (Other academic)
  • 16. David, Alexandre
    et al.
    Berhmann, Gerd
    Mälardalen University, School of Innovation, Design and Engineering.
    Guldstrand Larsen, Kim
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Illum Rasmussen, Jacob
    Mälardalen University, School of Innovation, Design and Engineering.
    Yi, Wang
    Mälardalen University, School of Innovation, Design and Engineering.
    Magnin, Morgan
    Outils pour le Model-Checking de Systèmes Temporisés2008In: Approches formelles des systèmes embarqués communicants / [ed] Roux, Olivier H. and Jard, Claude, Paris: Hermès science publications , 2008Chapter in book (Other academic)
  • 17.
    David, Alexandre
    et al.
    Aalborg University, Denmark.
    Håkansson, John
    Mälardalen University, Department of Computer Science and Electronics. Uppsala University, Sweden.
    Guldstrand Larsen, Kim
    Mälardalen University, Department of Computer Science and Electronics. Aalborg University, Denmark.
    Pettersson, Paul
    Mälardalen University, Department of Computer Science and Electronics. Uppsala University, Sweden.
    Model Checking Timed Automata with Priorities using DBM Subtraction2006In: Lecture Notes in Computer Science, vol 4202, 2006, p. 128-142Conference paper (Refereed)
    Abstract [en]

    In this paper we describe an extension of timed automata with priorities, and efficient algorithms to compute subtraction on DBMs (difference bounded matrices), needed in symbolic model-checking of timed automata with priorities. The subtraction is one of the few operations on DBMs that result in a non-convex set needing sets of DBMs for representation. Our subtraction algorithms are efficient in the sense that the number of generated DBMs is significantly reduced compared to a naive algorithm. The overhead in time is compensated by the gain from reducing the number of resulting DBMs since this number affects the performance of symbolic model-checking. The uses of the DBM subtraction operation extend beyond timed automata with priorities. It is also useful for allowing guards on transitions with urgent actions, deadlock checking, and timed games.

  • 18.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Causevic, Adnan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Ostrand, Thomas
    Software Engineering Research Consultant, Västerås, Sweden.
    Weyuker, Elaine
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sundmark, Daniel
    Swedish Institute of Computer Science, Stockholm, Sweden.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Automated Test Generation using Model-Checking: An Industrial Evaluation2016In: International Journal on Software Tools for Technology Transfer (STTT), ISSN 1433-2779, E-ISSN 1433-2787, Vol. 18, no 3, p. 335-353Article in journal (Refereed)
    Abstract [en]

    In software development, testers often focus on functional testing to validate implemented programs against their specifications. In safety critical software development, testers are also required to show that tests exercise, or cover, the structure and logic of the implementation. To achieve different types of logic coverage, various program artifacts such as decisions and conditions are required to be exercised during testing. Use of model-checking for structural test generation has been proposed by several researchers. The limited application to models used in practice and the state-space explosion can, however, impact model-checking and hence the process of deriving tests for logic coverage. Thus, there is a need to validate these approaches against relevant industrial systems such that more knowledge is built on how to efficiently use them in practice. In this paper, we present a tool-supported approach to handle software written in the Function Block Diagram language such that logic coverage criteria can be formalized and used by a model-checker to automatically generate tests. To this end, we conducted a study based on industrial use-case scenarios from Bombardier Transportation AB, showing how our toolbox COMPLETETEST can be applied to generate tests in software systems used in the safety-critical domain. To evaluate the approach, we applied the toolbox to 157 programs and found that it is efficient in terms of time required to generate tests that satisfy logic coverage and scales well for most of the programs.

  • 19.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Causevic, Adnan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sundmark, Daniel
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Swedish Institute of Computer Science, Kista, Sweden.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Controlled Experiment in Testing of Safety-Critical Embedded Software2016In: Proceedings - 2016 IEEE International Conference on Software Testing, Verification and Validation, ICST 2016, 2016, p. 1-11Conference paper (Refereed)
    Abstract [en]

    In engineering of safety critical systems, regulatory standards often put requirements on both traceable specification-based testing, and structural coverage on program units. Automated test generation techniques can be used to generate inputs to cover the structural aspects of a program. However, there is no conclusive evidence on how automated test generation compares to manual test design, or how testing based on the program implementation relates to specification-based testing. In this paper, we investigate specification-and implementation-based testing of embedded software written in the IEC 61131-3 language, a programming standard used in many embedded safety critical software systems. Further, we measure the efficiency and effectiveness in terms of fault detection. For this purpose, a controlled experiment was conducted, comparing tests created by a total of twenty-three software engineering master students. The participants worked individually on manually designing and automatically generating tests for two IEC 61131-3 programs. Tests created by the participants in the experiment were collected and analyzed in terms of mutation score, decision coverage, number of tests, and testing duration. We found that, when compared to implementation-based testing, specification-based testing yields significantly more effective tests in terms of the number of faults detected. Specifically, specification-based tests more effectively detect comparison and value replacement type of faults, compared to implementation-based tests. On the other hand, implementation-based automated test generation leads to fewer tests (up to 85% improvement) created in shorter time than the ones manually created based on the specification.

  • 20.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Daniel, Sundmark
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Causevic, Adnan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Comparative Study of Manual and Automated Testing for Industrial Control Software2017In: Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation, ICST 2017, 2017, p. 412-417, article id 7927994Conference paper (Refereed)
    Abstract [en]

    Automated test generation has been suggested as a way of creating tests at a lower cost. Nonetheless, it is not very well studied how such tests compare to manually written ones in terms of cost and effectiveness. This is particularly true for industrial control software, where strict requirements on both specification-based testing and code coverage typically are met with rigorous manual testing. To address this issue, we conducted a case study in which we compared manually and automatically created tests. We used recently developed real-world industrial programs written in the IEC 61131-3, a popular programming language for developing industrial control systems using programmable logic controllers. The results show that automatically generated tests achieve similar code coverage as manually created tests, but in a fraction of the time (an average improvement of roughly 90%). We also found that the use of an automated test generation tool does not result in better fault detection in terms of mutation score compared to manual testing. Specifically, manual tests more effectively detect logical, timer and negation type of faults, compared to automatically generated tests. The results underscore the need to further study how manual testing is performed in industrial practice and the extent to which automated test generation can be used in the development of reliable systems.

  • 21.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Doganay, Kivanc
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Bohlin, Markus
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sundmark, Daniel
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    MOS: An Integrated Model-based and Search-based Testing Tool for Function Block Diagrams2013In: 2013 1st International Workshop on Combining Modelling and Search-Based Software Engineering, CMSBSE 2013 - Proceedings, 2013, p. 55-60Conference paper (Refereed)
    Abstract [en]

    In this paper we present a new testing tool for safety critical applications described in Function Block Diagram (FBD) language aimed to support both a model and a search-based approach. Many benefits emerge from this tool, including the ability to automatically generate test suites from an FBD program in order to comply to quality requirements such as component testing and specific coverage measurements. Search-based testing methods are used to generate test data based on executable code rather than the FBD program, alleviating any problems that may arise from the ambiguities that occur while creating FBD programs. Test cases generated by both approaches are executed and used as a way of cross validation. In the current work, we describe the architecture of the tool, its workflow process, and a case study in which the tool has been applied in a real industrial setting to test a train control management system.

  • 22.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University.
    Marinescu, Raluca
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Paul, Pettersson
    Mälardalen University, School of Innovation, Design and Engineering.
    ViTAL : A Verification Tool for EAST-ADL Models using UPPAAL PORT2012In: Proceedings of the 17th IEEE International Conference on Engineering of Complex Computer Systems, Paris, France, 2012, p. 328-337Conference paper (Refereed)
    Abstract [en]

    A system’s architecture influence on the functions and other properties of embedded systems makes its high level analysis and verification very desirable. EAST-ADL is an architecture description language dedicated to automotive embedded system design with focus on structural and functional modeling. The behavioral description is not integrated within the execution semantics, which makes it harder to transform, analyze, and verify EAST-ADL models. Model-based techniques help address this issue by enabling automated transformation between different design models, and providing means for simulation and verification. We present a verification tool, called ViTAL, which provides the possibility to express the functional EAST-ADL behavior as timed automata models, which have precise semantics and can be formally verified. The ViTAL tool enables the transformation of EAST-ADL functional models to the UPPAAL PORT tool for model checking. This method improves the verification of functional and timing requirements in EAST-ADL, and makes it possible to identify dependencies and potential conflicts between different vehicle functions before the actual AUTOSAR implementation.

  • 23.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Marinescu, Raluca
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Towards the Analysis and Verification of EAST-ADL Models using UPPAAL PORT2012Report (Other academic)
    Abstract [en]

    A system’s architecture influence on the functions and other properties of embedded systems makes its high level analysis and verification very desirable. EAST-ADL is an architecture description language dedicated to automotive embedded system design with focus on structural and functional modeling. The behavioral description is not integrated within the execution semantics, which makes it harder to transform, analyze, and verify EAST-ADL models. Model-based techniques help address this issue by enabling automated transformation between different design models, and providing means for simulation and verification. We present a verification tool, called ViTAL, which provides the possibility to express the functional EAST-ADL behavior as timed automata models, which have precise semantics and can be formally verified. The ViTAL tool enables the transformation of EAST-ADL functional models to the UPPAAL PORT tool for model checking. This method improves the verification of functional and timing requirements in EAST-ADL, and makes it possible to identify dependencies and potential conflicts between different vehicle functions before the actual AUTOSAR implementation.

  • 24.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sundmark, Daniel
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Causevic, Adnan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Feldt, Robert
    Blekinge Institute of Technology, Sweden.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Mutation-Based Test Generation for PLC Embedded Software using Model Checking2016In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, Vol. 9976, p. 155-171Conference paper (Refereed)
    Abstract [en]

    Testing is an important activity in engineering of industrial embedded software. In certain application domains (e.g., railway industry) engineering software is certified according to safety standards that require extensive software testing procedures to be applied for the development of reliable systems. Mutation analysis is a technique for creating faulty versions of a software for the purpose of examining the fault detection ability of a test suite. Mutation analysis has been used for evaluating existing test suites, but also for generating test suites that detect injected faults (i.e., mutation testing). To support developers in software testing, we propose a technique for producing test cases using an automated test generation approach that operates using mutation testing for software written in IEC 61131-3 language, a programming standard for safety-critical embedded software, commonly used for Programmable Logic Controllers (PLCs). This approach uses the Uppaal model checker and is based on a combined model that contains all the mutants and the original program. We applied this approach in a tool for testing industrial PLC programs and evaluated it in terms of cost and fault detection. For realistic validation we collected industrial experimental evidence on how mutation testing compares with manual testing as well as automated decision-coverage adequate test generation. In the evaluation, we used manually seeded faults provided by four industrial engineers. The results show that even if mutation-based test generation achieves better fault detection than automated decision coverage-based test generation, these mutation-adequate test suites are not better at detecting faults than manual test suites. However, the mutation-based test suites are significantly less costly to create, in terms of testing time, than manually created test suites. Our results suggest that the fault detection scores could be improved by considering some new and improved mutation operators (e.g., Feedback Loop Insertion Operator (FIO)) for PLC programs as well as higher-order mutations.

  • 25.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sundmark, Daniel
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Causevic, Adnan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Comparative Study of Manual and Automated Testing in Industrial Embedded SoftwareManuscript (preprint) (Other (popular science, discussion, etc.))
    Abstract [en]

    Testing is an important activity in engineering of industrial embedded software. In certain application domains (e.g., railway industry) engineering software is certified according to safety standards that require extensive software testing procedures to be applied for the development of reliable systems. Mutation analysis is a technique for creating faulty versions of a software for the purpose of examining the fault detection ability of a test suite. Mutation analysis has been used for evaluating existing test suites, but also for generating test suites that detect injected faults (i.e., mutation testing). To support developers in software testing, we propose a technique for producing test cases using an automated test generation approach that operates using mutation testing for software written in IEC 61131-3 language, a programming standard for safety-critical embedded software, commonly used for Programmable Logic Controllers (PLCs). This approach uses the Uppaal model checker and is based on a combined model that contains all the mutants and the original program. We applied this approach in a tool for testing industrial PLC programs and evaluated it in terms of cost and fault detection. For realistic validation we collected industrial experimental evidence on how mutation testing compares with manual testing as well as automated decision-coverage adequate test generation. In the evaluation, we used manually seeded faults provided by four industrial engineers. The results show that even if mutation-based test generation achieves better fault detection than automated decision coverage-based test generation, these mutation-adequate test suites are not better at detecting faults than manual test suites. However, the mutation-based test suites are significantly less costly to create, in terms of testing time, than manually created test suites. Our results suggest that the fault detection scores could be improved by considering some new and improved mutation operators (e.g., Feedback Loop Insertion Operator (FIO)) for PLC programs as well as higher-order mutations.

  • 26.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sundmark, Daniel
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Model-based test suite generation for function block diagrams using the UPPAAL model checker2013In: Proceedings - IEEE 6th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2013, 2013, p. 158-167Conference paper (Refereed)
    Abstract [en]

    A method for model-based test generation of safety-critical embedded applications using Programmable Logic Controllers and implemented in a programming language such as Function Block Diagram (FBD) is described. The FBD component model is based on the IEC 1131 standard and it is used primarily for embedded systems, in which timeliness is an important property to be tested. Our method involves the transformation of FBD programs with timed annotations into timed automata models which are used to automatically generate test suites. Specifically we demonstrate how to use model transformation for formalization and model checking of FBD programs using the UPPAAL tool. Many benefits emerge from this method, including the ability to automatically generate test suites from a formal model in order to ensure compliance to strict quality requirements including unit testing and specific coverage measurements. The approach is experimentally assessed on a train control system in terms of consumed resources.

  • 27.
    Enoiu, Eduard Paul
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sundmark, Daniel
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Using Logic Coverage to Improve Testing Function Block Diagrams2013In: Testing Software and Systems: Lecture Notes in Computer Science, Volume 8254, Springer Berlin Heidelberg , 2013, p. 1-16Chapter in book (Refereed)
    Abstract [en]

    In model-driven development, testers are often focusing on functional model-level testing, enabling verification of design models against their specifications. In addition, in safety-critical software development, testers are required to show that tests cover the structure of the implementation. Testing cost and time savings could be achieved if the process of deriving test cases for logic coverage is automated and provided test cases are ready to be executed. The logic coverage artifacts, i.e., predicates and clauses, are required for different logic coverage, e.g., MC/DC. One way of dealing with test case generation for ensuring logic coverage is to approach it as a model-checking problem, such that model-checking tools automatically create test cases. We show how logic coverage criteria can be formalized and used by a model-checker to provide test cases for ensuring this coverage on safety-critical software described in the Function Block Diagram programming language. Based on our experiments, this approach, supported by a tool chain, is an applicable and useful way of generating test cases for covering Function Block Diagrams.

  • 28.
    Ericsson, AnneMarie
    et al.
    University of Skövde.
    Berndtsson, Mikael
    University of Skövde.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Lena
    Volvo Information Technology, Skövde.
    Verification of an industrial rule-based manufacturing system using REX2008In: CEUR Workshop Proceedings, vol 412, 2008Conference paper (Refereed)
    Abstract [en]

    Formal methods are not used in their full potential for enhancing software quality in industry. We argue that seamless support in a high-level specification tool is a viable way to provide system designers with powerful and paradigm specific formal verification techniques. Event condition action (ECA) rules can be used to model and implement reactive behavior in, for example, the semantic web. Independently of target system, the behavior of rule-based systems are known to be hard to analyze. The REX tool is a rule-based front-end to the timed automata CASE-tool Uppaal. The model-checker in Uppaal is used by REX enabling seamless support for model-checking rule-based specifications. This paper presents experiences from modeling and verifying a system of industrial complexity as interacting rules using REX. We conclude that repeatedly performing formal analysis when constructing a system with interacting rules is a viable way of coping with the complexity of the model. Additionally, we present an implemented algorithm for optimizing the model to reduce the effect of state-space explosion.

  • 29.
    Ericsson, AnneMarie
    et al.
    University of Skövde, Sweden .
    Pettersson, Paul
    Mälardalen University, Department of Computer Science and Electronics.
    Berndtsson, Mikael
    University of Skövde, Sweden .
    Seiriö, Marco
    RuleCore, Sweden .
    Seamless Formal Verification of Complex Event Processing Applications2007In: ACM International Conference Proceeding Series, Volume 233, 2007, p. 50-61Conference paper (Refereed)
    Abstract [en]

    Despite proven successful in previous projects, the use of formal methods for enhancing quality of software is still not used in its full potential in industry. We argue that seamless support for formal verification in a high-level specification tool enhances the attractiveness of using a formal approach for increasing software quality.

    Commercial Complex Event Processing (CEP) engines often have support for modelling, debugging and testing CEP applications. However, the possibility of utilizing formal analysis is not considered.

    We argue that using a formal approach for verifying a CEP system can be performed without expertise in formal methods. In this paper, a prototype tool REX is presented with support for specifying both CEP systems and correctness properties of the same application in a high-level graphical language. The specified CEP applications are seamlessly transformed into a timed automata representation together with the high-level properties for automatic verification in the model-checker UPPAAL.

  • 30.
    Fersman, Elena
    et al.
    Uppsala University, Sweden.
    Krcal, Pavel
    Uppsala University, Sweden.
    Pettersson, Paul
    Mälardalen University, Department of Computer Science and Electronics. Uppsala University, Sweden.
    Yi, Wang
    Uppsala University, Sweden.
    Task Automata: Schedulability, Decidability and Undecidability2007In: International Journal of Information and Computation, ISSN 0890-5401, Vol. 205, p. 1149-1172Article in journal (Refereed)
    Abstract [en]

    We present a model, task automata, for real time systems with non-uniformly recurring computation tasks. It is an extended version of timed automata with asynchronous processes that are computation tasks generated (or triggered) by timed events. Compared with classical task models for real time systems, task automata may be used to describe tasks (1) that are generated non-deterministically according to timing constraints in timed automata, (2) that may have interval execution times representing the best case and the worst case execution times, and (3) whose completion times may influence the releases of task instances. We generalize the classical notion of schedulability to task automata. A task automaton is schedulable if there exists a scheduling strategy such that all possible sequences of events generated by the automaton are schedulable in the sense that all associated tasks can be computed within their deadlines. Our first technical result is that the schedulability for a given scheduling strategy can be checked algorithmically for the class of task automata when the best case and the worst case execution times of tasks are equal. The proof is based on a decidable class of suspension automata: timed automata with bounded subtraction in which clocks may be updated by subtractions within a bounded zone. We shall also study the borderline between decidable and undecidable cases. Our second technical result shows that the schedulability checking problem will be undecidable if the following three conditions hold: (1) the execution times of tasks are intervals, (2) the precise finishing time of a task instance may influence new task releases, and (3) a task is allowed to preempt another running task.

  • 31.
    Fersman, Elena
    et al.
    Uppsala University, Sweden.
    Mokrushin, Leonid
    Uppsala University, Sweden.
    Pettersson, Paul
    Uppsala University, Sweden.
    Yi, Wang
    Uppsala University, Sweden.
    Schedulability Analysis of Fixed Priority Systems using Timed Automata2006In: Theoretical Computer Science, ISSN 0304-3975, E-ISSN 1879-2294, Vol. 354, no 2, p. 301-317Article in journal (Refereed)
    Abstract [en]

    In classic scheduling theory, real-time tasks are usually assumed to be periodic, i.e. tasks are released and computed with fixed rates periodically. To relax the stringent constraints on task arrival times, we propose to use timed automata to describe task arrival patterns. In a previous work, it is shown that the general schedulability checking problem for such models is a reachability problem for a decidable class of timed automata extended with subtraction. Unfortunately, the number of clocks needed in the analysis is proportional to the maximal number of schedulable task instances associated with a model, which is in many cases huge. In this paper, we show that for fixed-priority scheduling strategy, the schedulability checking problem can be solved using standard timed automata with two extra clocks in addition to the clocks used in the original model to describe task arrival times. The analysis can be done in a similar manner to response time analysis in classic Rate-Monotonic Analysis (RMA). The result is further extended to systems with data-dependent control, in which the release time of a task may depend on the time-point at which other tasks finish their execution. For the case when the execution times of tasks are constants, we show that the schedulability problem can be solved using n+1 extra clocks, where n is the number of tasks. The presented analysis techniques have been implemented in the Times tool. For systems with only periodic tasks, the performance of the tool is comparable with tools implementing the classic RMA technique based on equation-solving, without suffering from the exponential explosion in the number of tasks.

  • 32.
    Grinchtein, Olga
    et al.
    Uppsala University, Sweden.
    Jonsson, Bengt
    Uppsala University, Sweden.
    Pettersson, Paul
    Uppsala University, Sweden.
    Inference of Event-Recording Automata using Timed Decision Trees2006In: CONCUR 2006 – Concurrency Theory: 17th International Conference, CONCUR 2006, Bonn, Germany, August 27-30, 2006. Proceedings, 2006, p. 435-449Conference paper (Refereed)
    Abstract [en]

    We present an algorithm for inferring a timed-automaton model of a system from information obtained by observing its external behavior. Since timed automata can not in general be determinized, we restrict our attention to systems that can be described by deterministic event-recording automata. In previous work we have presented algorithms for event-recording automata that satisfy the restriction that there is at most one transition per alphabet symbol from each state. This restriction was lifted in subsequent work by an algorithm based on the region graph.

    In this paper, we extend previous work by considering the full class of event-recording automata, while still avoiding to base it on the (usually prohibitively large) region graph. Our construction deviates from previous work on inference of automata in that it first constructs a so called timed decision tree from observations of system behavior, which is thereafter folded into an automaton.

  • 33.
    Gustavsson, Andreas
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Ermedahl, Andreas
    Mälardalen University, School of Innovation, Design and Engineering.
    Lisper, Björn
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Towards WCET Analysis of Multicore Architectures using UPPAAL2010In: OpenAccess Series in Informatics, vol. 15, 2010, 2010, p. 101-112Conference paper (Refereed)
    Abstract [en]

    To take full advantage of the increasingly used shared-memory multicore architectures, software algorithms will need to be parallelized over multiple threads. This means that threads will have to share resources (e.g. some level of cache) and communicate and synchronize with each other. There already exist software libraries (e.g. OpenMP) used to explicitly parallelize available sequential C/C++ and Fortran code, which means that parallel code could be easily obtained. To be able to use parallel software running on multicore architectures in embedded systems with hard real-time constraints, new WCET (Worst-Case Execution Time) analysis methods and tools must be developed. This paper investigates a method based on model-checking a system of timed automata using the UPPAAL tool box. It is found that it is possible to perform WCET analysis on (not too large and complex) parallel systems using UPPAAL. We also show how to model thread synchronization using spinlock-like primitives.

  • 34.
    Hansson, Hans
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Carlson, Jan
    Mälardalen University, School of Innovation, Design and Engineering.
    Isovic, Damir
    Mälardalen University, School of Innovation, Design and Engineering.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Nolte, Thomas
    Mälardalen University, School of Innovation, Design and Engineering.
    Ouimet, Martin
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Real-Time Systems2010Book (Other academic)
    Abstract [en]

    This is a textbook developed for use in the Master Programme Module E-M.6 "Real-Time Systems" as part of the Postgraduate Distance studies organized by Fraunhofer IESE and the Distance and International Studies Center at the Technical University of Kaiserslauten, Germany.

  • 35.
    Hansson, Hans
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Nolte, Thomas
    Mälardalen University, School of Innovation, Design and Engineering.
    Axelsson, Jakob
    Mälardalen University, School of Innovation, Design and Engineering.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering.
    Carlson, Jan
    Mälardalen University, School of Innovation, Design and Engineering.
    Crnkovic, Ivica
    Mälardalen University, School of Innovation, Design and Engineering.
    Lisper, Björn
    Mälardalen University, School of Innovation, Design and Engineering.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Norström, Christer
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering.
    Sjödin, Mikael
    Mälardalen University, School of Innovation, Design and Engineering.
    The PROGRESS Centre for Predictable Embedded Software Systems - Half-time report (edited version)2010Report (Other academic)
    Abstract [en]

    Presentation of the achievements and activities within the PROGRESS national strategic research centre 2006-2008

  • 36.
    Hatvani, Leo
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    David, Alexandre
    Aalborg University, Danmark.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Adaptive Task Automata with Earliest-Deadline-First Scheduling2014Report (Other (popular science, discussion, etc.))
    Abstract [en]

    Adjusting to resource changes, dynamic environmental conditions, or new usage modes are some of the reasons why real-time embedded systems need to be adaptive. This requires a rigorous framework for designing such systems, to ensure that the adaptivity does not result in invalidating the system's real-time constraints.

    To address this need, we have recently introduced adaptive task automata, a framework for modeling, verification, and schedulability analysis in adaptive, hard real-time embedded systems, assuming a fixed-priority scheduler.

    In this work, we extend the adaptive task automata framework to incorporate the earliest-deadline-first scheduling policy, as well as enable implementation of any other dynamic scheduling policy. To prove the decidability of our model, and at the same time maintain a manageable degree of conciseness, we show an encoding of our model as a network of timed automata with clock updates. To support this, we also show that reachability in our class of timed automata with updates is decidable. Our contribution helps to streamline the process of designing safety critical adaptive embedded systems.

  • 37.
    Hatvani, Leo
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    David, Alexandre
    Aalborg University, Danmark.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Adaptive Task Automata with Earliest-Deadline-First Scheduling2014In: Electronic Communications of the EASST, ISSN 1863-2122, E-ISSN 1863-2122, Vol. 70Article in journal (Refereed)
    Abstract [en]

    Adjusting to resource changes, dynamic environmental conditions, or new usage modes are some of the reasons why real-time embedded systems need to be adaptive. This requires a rigorous framework for designing such systems, to ensure that the adaptivity does not result in invalidating the system's real-time constraints.

    To address this need, we have recently introduced adaptive task automata, a framework for modeling, verification, and schedulability analysis in adaptive, hard real-time embedded systems, assuming a fixed-priority scheduler.

    In this work, we extend the adaptive task automata framework to incorporate the earliest-deadline-first scheduling policy, as well as enable implementation of any other dynamic scheduling policy. To prove the decidability of our model, and at the same time maintain a manageable degree of conciseness, we show an encoding of our model as a network of timed automata with clock updates. To support this, we also show that reachability in our class of timed automata with updates is decidable. Our contribution helps to streamline the process of designing safety critical adaptive embedded systems.

  • 38.
    Hatvani, Leo
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Jansen, Anton
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    ABB Corporate Research, Västerås, Sweden.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    An integrated tool for trade-off analysis of quality-of-service attributes2010In: Proceedings of The 2nd International Workshop on the Quality of Service-Oriented Software Systems, New York: ACM , 2010, p. Art no. 2-Conference paper (Refereed)
    Abstract [en]

    In this paper, we present a tool for performing trade-off analysis of Quality-of-Service attributes of design solutions resulted from architectural, behavioral, or deployment changes in service-oriented systems. The tool allows for comparing the performance, reliability, and maintainability of such solutions, in an attempt to compute the optimal one with respect to the weighted sum of the considered quality attributes. Our tool uses the Analytic Hierarchy Process for computing trade-offs, and is integrated into the Quality Impact Prediction for Evolving Service-Oriented Software IDE.

  • 39.
    Hatvani, Leo
    et al.
    Mälardalen University, School of Innovation, Design and Engineering.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering.
    Adaptive task automata: A framework for verifying adaptive embedded systems2012In: Lecture Notes in Computer Science, vol. 7212, Springer, 2012, p. 115-129Chapter in book (Refereed)
    Abstract [en]

    We present a framework for modeling and analysis of adaptive embedded systems, based on the model of timed automata with tasks. The model is extended with primitives allowing modeling of adaptivity, by testing the potential schedulability of a given task, in the context of the set of currently enqueued tasks. This makes it possible to describe adaptive embedded systems, in which decisions to admit further tasks or take other measures of adaptivity is based on available CPU resources, external, or internal events. We show that this model can be encoded in the framework of timed automata, and hence that the problem is decidable. We also validate the framework, by using the Uppaal tool.

  • 40.
    Hatvani, Leo
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Seceleanu, Cristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Modeling and Analysis of Adaptive Embedded Systems using Adaptive Task Automata2013In: SIGBED Rev., ISSN 1551-3688, Vol. 10, no 1, p. 43-47Article in journal (Refereed)
    Abstract [en]

    Most embedded systems need to continually function in unpredictable environments. One way to achieve high dependability is to make the system adaptive to changes, if possible, without sacrificing maintainability. To be able to reason about adaptivity, one needs a modeling and analysis framework suitable for adaptive systems. Recently, we have introduced Adaptive Task Automata, to meet this goal. In this paper, we overview the current functionality implemented in the Adaptive Task Automata framework (ATA), as well as some of the challenges encountered during the development. In the end, we enumerate possible future extensions of ATA.

  • 41.
    Hessel, Anders
    et al.
    Uppsala University.
    Guldstrand Larsen, Kim
    Aalborg University.
    Mikuèionis, Marius
    Aalborg University.
    Nielsen, Brian
    Aalborg University.
    Pettersson, Paul
    Uppsala University.
    Skou, Arne
    Aalborg University.
    Testing Real-time systems using UPPAAL2008In: Formal Methods and Testing: An Outcome of the FORTEST Network, Revised Selected Papers, Springer, 2008, p. 77-117Chapter in book (Other academic)
    Abstract [en]

    This chapter presents principles and techniques for model-based black-box conformance testing of real-time systems using the Uppaal model-checking tool-suite. The basis for testing is given as a network of concurrent timed automata specified by the test engineer. Relativized input/output conformance serves as the notion of implementation correctness, essentially timed trace inclusion taking environment assumptions into account. Test cases can be generated offline and later executed, or they can be generated and executed online. For both approaches this chapter discusses how to specify test objectives, derive test sequences, apply these to the system under test, and assign a verdict.

  • 42.
    Hessel, Anders
    et al.
    Uppsala University, Sweden.
    Pettersson, Paul
    Mälardalen University, Department of Computer Science and Electronics.
    A Global Algorithm for Model-Based Test Suite Generation2007In: Proceedings of the Third Workshop on Model Based Testing (MBT 2007), 2007, p. 47-59Conference paper (Refereed)
    Abstract [en]

    Model-based testing has been proposed as a technique to automatically

    verify that a system conforms to its specification. A popular approach is to

    use a model-checker to produce a set of test cases by formulating the test generation problem as a reachability problem. To guide the selection of test cases, a coverage criterion is often used. A coverage criterion can be seen as a set of items to be covered, called coverage items. We propose an on-the-fly algorithm

    that generates a test suite that covers all feasible coverage items. The algorithm returns a set of traces that includes a path fulfilling each item, without including redundant paths. The reachability algorithm explores a state only if it might increase the total coverage. The decision is global in the sense that it does not only regard each individual local search branch in isolation, but the total coverage in

    all branches together. For simpler coverage criteria as location of edge coverage, this implies that each model state is never explored twice.

    The algorithm presented in this paper has been implemented in the test generation tool UPPAAL CoVer. We present encouraging results from applying the tool to a set of experiments and in an industrial sized case study.

  • 43.
    Hessel, Anders
    et al.
    Uppsala University, Sweden.
    Pettersson, Paul
    Mälardalen University, Department of Computer Science and Electronics. Uppsala University, Sweden.
    Cover - A Test-Case Generation Tool for Timed Systems2007Conference paper (Refereed)
    Abstract [en]

    COVER is a new test-case generation tool for timed systems. It generates test cases from a timed automata model of a system to be tested, and a coverage criteria expressed in an observer language. In this paper, we describe the current architecture of the tool, its input languages, and a case study in which the tool has been applied in an industrial setting to test that a WAP gateway conform to its specification. 

  • 44.
    Hessel, Anders
    et al.
    Uppsala University, Uppsala, Sweden.
    Pettersson, Paul
    Uppsala University, Uppsala, Sweden.
    Model-based Testing of a WAP Gateway: an Industrial Case-Study2006In: Lecture Notes in Computer Science, vol. 4346, 2006, p. 116-131Conference paper (Refereed)
    Abstract [en]

    We present experiences from a case study where a model-based approach to black-box testing is applied to verify that a Wireless Application Protocol (WAP) gateway conforms to its specification. The WAP gateway is developed by Ericsson and used in mobile telephone networks to connect mobile phones with the Internet. We focus on testing the software implementing the session (WSP) and transaction (WTP) layers of the WAP protocol. These layers, and their surrounding environment, are described as a network of timed automata. To model the many sequence numbers (from a large domain) used in the protocol, we introduce an abstraction technique. We believe the suggested abstraction technique will prove useful to model and analyse other similar protocols with sequence numbers, in particular in the context of model-based testing. A complete test bed is presented, which includes generation and execution of test cases. It takes as input a model and a coverage criterion expressed as an observer, and returns a verdict for each test case. The test bed includes existing tools from Ericsson for test-case execution. To generate test suites, we use our own tool COER - a new test-case generation tool based on the real-time model-checker UPPAAL. 

  • 45.
    Håkansson, John
    et al.
    Uppsala University.
    Carlson, Jan
    Mälardalen University, School of Innovation, Design and Engineering.
    Monot, Aurelien
    Ecole des Mines, Nancy, France .
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering.
    Slutej, Davor
    Mälardalen University, School of Innovation, Design and Engineering.
    Component-Based Design and Analysis of Embedded Systems with UPPAAL PORT2008In: Lecture Notes in Computer Science,  Volume 5311, Springer, 2008, p. 252-257Chapter in book (Refereed)
    Abstract [en]

    UPPAAL PORT is a new tool for component-based design and analysis

    of embedded systems. It operates on the hierarchically structured continuous time component modeling language SaveCCM and provides efficient model-checking

    by using partial-order reduction techniques that exploits the structure and the component behavior of the model. UPPAAL PORT is implemented as an extension of the verification engine in the UPPAAL tool. The tool can be used as back-end in to the Eclipse based SaveCCM integrated development environment, which

    supports user friendly editing, simulation, and verification of models.

  • 46.
    Håkansson, John
    et al.
    Uppsala University, Sweden.
    Pettersson, Paul
    Mälardalen University, Department of Computer Science and Electronics.
    Partial Order Reduction for Verification of Real-Time Components2007In: Proceedings of the 5th International Conference on Formal Modelling and Analysis of Timed Systems, Lecture Notes in Computer Science 4763, 2007, p. 211-226Conference paper (Refereed)
    Abstract [en]

    We describe a partial order reduction technique for a real-time component model. Components are described as timed automata with data ports, which can be composed in static structures of unidirectional control and data flow. Compositions can be encapsulated as components and used in other compositions to form hierarchical models. The proposed partial order reduction technique uses a local time semantics for timed automata, in which time may progress independently in parallel automata which are resynchronized when needed. To increase the number of independent transitions and to reduce the problem of re-synchronizing parallel automata we propose, and show how, to use information derived from the composition structure of an analyzed model. Based on these ideas, we present a reachability analysis algorithm that uses an ample set construction to select which symbolic transitions to explore. The algorithm has been implemented as a prototype extension of the real-time model-checker UPPAAL. We report from experiments with the tool that indicate that the technique can achieve substantial reduction in the time and memory needed to analyze a real-time system described in the studied component model

  • 47.
    Johnsen, Andreas
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Dodig-Crnkovic, Gordana
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Hänninen, Kaj
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Risk-based decision-making fallacies: Why present functional safety standards are not enough2017In: Proceedings - 2017 IEEE International Conference on Software Architecture Workshops, ICSAW 2017: Side Track Proceedings, Institute of Electrical and Electronics Engineers Inc. , 2017, p. 153-160Conference paper (Refereed)
    Abstract [en]

    Functional safety of a system is the part of its overall safety that depends on the system operating correctly in response to its inputs. Safety is defined as the absence of unacceptable/unreasonable risk by functional safety standards, which enforce safety requirements in each phase of the development process of safety-critical software and hardware systems. Acceptability of risks is judged within a framework of analysis with contextual and cultural aspects by individuals who may introduce subjectivity and misconceptions in the assessment. While functional safety standards elaborate much on the avoidance of unreasonable risk in the development of safety-critical software and hardware systems, little is addressed on the issue of avoiding unreasonable judgments of risk. Through the studies of common fallacies in risk perception and ethics, we present a moral-psychological analysis of functional safety standards and propose plausible improvements of the involved risk-related decision making processes, with a focus on the notion of an acceptable residual risk. As a functional safety reference model, we use the functional safety standard ISO 26262, which addresses potential hazards caused by malfunctions of software and hardware systems within road vehicles and defines safety measures that are required to achieve an acceptable level of safety. The analysis points out the critical importance of a robust safety culture with developed countermeasures to the common fallacies in risk perception, which are not addressed by contemporary functional safety standards. We argue that functional safety standards should be complemented with the analysis of potential hazards caused by fallacies in risk perception, their countermeasures, and the requirement that residual risks must be explicated, motivated, and accompanied by a plan for their continuous reduction. This approach becomes especially important in contemporary developed autonomous vehicles with increasing computational control by increasingly intelligent software applications.

  • 48.
    Johnsen, Andreas
    et al.
    Mälardalen University, School of Innovation, Design and Engineering. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Kristina, Lundqvist
    Mälardalen University, School of Innovation, Design and Engineering. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Hänninen, Kaj
    Mälardalen University, School of Innovation, Design and Engineering. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Regression verification of AADL models through slicing of system dependence graphs2014In: QoSA 2014 - Proceedings of the 10th International ACM SIGSOFT Conference on Quality of Software Architectures (Part of CompArch 2014), 2014, p. 103-112Conference paper (Refereed)
    Abstract [en]

    Design artifacts of embedded systems are subjected to a number of modifications during the development process. Verified artifacts that subsequently are modified must nec- essarily be re-Verified to ensure that no faults have been introduced in response to the modification. We collectively call this type of verification as regression verification. In this paper, we contribute with a technique for selective regression verification of embedded systems modeled in the Architec- ture Analysis and Design Language (AADL). The technique can be used with any AADL-based verification technique to eficiently perform regression verification by only selecting verification sequences that cover parts that are afiected by the modification for re-execution. This allows for the avoid- ance of unnecessary re-verification, and thereby unnecessary costs. The selection is based on the concept of specification slicing through system dependence graphs (SDGs) such that the efiect of a modification can be identified.

  • 49.
    Johnsen, Andreas
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Hänninen, Kaj
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    AQAT: The Architecture Quality Assurance Tool for Critical Embedded Systems2017In: Proceedings - International Symposium on Software Reliability Engineering, ISSRE, Volume 2017, 2017, p. 260-270, article id 8109092Conference paper (Refereed)
    Abstract [en]

    Architectural engineering of embedded systems comprehensively affects both the development processes and the abilities of the systems. Verification of architectural engineering is consequently essential in the development of safety- and mission-critical embedded system to avoid costly and hazardous faults. In this paper, we present the Architecture Quality Assurance Tool (AQAT), an application program developed to provide a holistic, formal, and automatic verification process for architectural engineering of critical embedded systems. AQAT includes architectural model checking, model-based testing, and selective regression verification features to effectively and efficiently detect design faults, implementation faults, and faults created by maintenance modifications. Furthermore, the tool includes a feature that analyzes architectural dependencies, which in addition to providing essential information for impact analyzes of architectural design changes may be used for hazard analysis, such as the identification of potential error propagations, common cause failures, and single point failures. Overviews of both the graphical user interface and the back-end processes of AQAT are presented with a sensor-to-actuator system example.

  • 50.
    Johnsen, Andreas
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Lundqvist, Kristina
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Hänninen, Kaj
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pettersson, Paul
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Torelm, M.
    Bombardier Transportation Sweden AB, Västerås, Sweden.
    AQAF: An architecture quality assurance framework for systems modeled in AADL2016In: Proceedings - 2016 12th International ACM SIGSOFT Conference on Quality of Software Architectures, QoSA 2016, 2016, p. 31-40Conference paper (Refereed)
    Abstract [en]

    Architecture engineering is essential to achieve dependability of critical embedded systems and affects large parts of the system life cycle. There is consequently little room for faults, which may cause substantial costs and devastating harm. Verification in architecture engineering should therefore be holistically and systematically managed in the development of critical embedded systems, from requirements analysis and design to implementation and maintenance. In this paper, we address this problem by presenting AQAF: an Architecture Quality Assurance Framework for critical embedded systems modeled in the Architecture Analysis and Design Language (AADL). The framework provides a holistic set of verification techniques with a common formalism and semantic domain, architecture flow graphs and timed automata, enabling completely formal and automated verification processes covering virtually the entire life cycle. The effectiveness and efficiency of the framework are validated in a case study comprising a safety-critical train control system. 

12 1 - 50 of 96
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf