mdh.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 15) Show all publications
Johnsen, A. (2018). Quality Assurance for Dependable Embedded Systems. (Doctoral dissertation). Västerås: Mälardalen University Press
Open this publication in new window or tab >>Quality Assurance for Dependable Embedded Systems
2018 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Architectural engineering of embedded computer systems comprehensively affects both the development processes and the abilities of the systems. Rigorous and holistic verification of architectural engineering is consequently essential in the development of safety-critical and mission-critical embedded systems, such as computer systems within aviation, automotive, and railway transportation, where even minor architectural defects may cause substantial cost and devastating harm. The increasing complexity of embedded systems renders this challenge unmanageable without the support of automated methods of verification, to reduce the cost of labor and the risk of human error.

The contribution of this thesis is an Architecture Quality Assurance Framework (AQAF) and a corresponding tool support, the Architecture Quality Assurance Tool (AQAT). AQAF provides a rigorous, holistic, and automated solution to the verification of critical embedded systems architectural engineering, from requirements analysis and design to implementation and maintenance. A rigorous and automated verification across the development process is achieved through the adaption and integration of formal methods to architectural engineering. The framework includes an architectural model checking technique for the detection of design faults, an architectural model-based test suite generation technique for the detection of implementation faults, and an architectural selective regression verification technique for an efficient detection of faults introduced by maintenance modifications.

An integrated solution provides traceability and coherency between the verification processes and the different artifacts under analysis, which is essential for obtaining reliable results, for meeting certification provisions, and for performing impact analyses of maintenance modifications. The Architecture Quality Assurance Tool (AQAT) implements the theory of AQAF and enables an effortless adoption into industrial practices. Empirical results from an industrial study present a high fault detection rate at both the design level and the implementation level as well as an efficient selective regression verification process. Furthermore, the results of a scalability evaluation show that the solution is scalable to complex many-core embedded systems with multithreading.

Place, publisher, year, edition, pages
Västerås: Mälardalen University Press, 2018
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 252
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-37458 (URN)978-91-7485-372-8 (ISBN)
Public defence
2018-01-26, Gamma, Mälardalens högskola, Västerås, 13:00 (English)
Opponent
Supervisors
Available from: 2017-12-18 Created: 2017-12-15 Last updated: 2018-01-10Bibliographically approved
Johnsen, A., Lundqvist, K., Hänninen, K. & Pettersson, P. (2017). AQAT: The Architecture Quality Assurance Tool for Critical Embedded Systems. In: Proceedings - International Symposium on Software Reliability Engineering, ISSRE, Volume 2017: . Paper presented at 28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017; Toulouse; France; 23 October 2017 through 26 October 2017 (pp. 260-270). , Article ID 8109092.
Open this publication in new window or tab >>AQAT: The Architecture Quality Assurance Tool for Critical Embedded Systems
2017 (English)In: Proceedings - International Symposium on Software Reliability Engineering, ISSRE, Volume 2017, 2017, p. 260-270, article id 8109092Conference paper, Published paper (Refereed)
Abstract [en]

Architectural engineering of embedded systems comprehensively affects both the development processes and the abilities of the systems. Verification of architectural engineering is consequently essential in the development of safety- and mission-critical embedded system to avoid costly and hazardous faults. In this paper, we present the Architecture Quality Assurance Tool (AQAT), an application program developed to provide a holistic, formal, and automatic verification process for architectural engineering of critical embedded systems. AQAT includes architectural model checking, model-based testing, and selective regression verification features to effectively and efficiently detect design faults, implementation faults, and faults created by maintenance modifications. Furthermore, the tool includes a feature that analyzes architectural dependencies, which in addition to providing essential information for impact analyzes of architectural design changes may be used for hazard analysis, such as the identification of potential error propagations, common cause failures, and single point failures. Overviews of both the graphical user interface and the back-end processes of AQAT are presented with a sensor-to-actuator system example.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-37453 (URN)10.1109/ISSRE.2017.32 (DOI)000426939700025 ()2-s2.0-85040780004 (Scopus ID)9781538609415 (ISBN)
Conference
28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017; Toulouse; France; 23 October 2017 through 26 October 2017
Available from: 2017-12-14 Created: 2017-12-14 Last updated: 2018-03-29Bibliographically approved
Johnsen, A., Lundqvist, K., Pettersson, P., Hänninen, K. & Torelm, M. (2017). Experience Report: Evaluating Fault Detection Effectiveness and Resource Efficiency of the Architecture Quality Assurance Framework and Tool. In: Proceedings - International Symposium on Software Reliability Engineering, ISSRE. Volume 2017: . Paper presented at 28th International Symposium on Software Reliability Engineering (ISSRE), Toulouse, France, 2017 (pp. 271-281). , Article ID 8109093.
Open this publication in new window or tab >>Experience Report: Evaluating Fault Detection Effectiveness and Resource Efficiency of the Architecture Quality Assurance Framework and Tool
Show others...
2017 (English)In: Proceedings - International Symposium on Software Reliability Engineering, ISSRE. Volume 2017, 2017, p. 271-281, article id 8109093Conference paper, Published paper (Refereed)
Abstract [en]

The Architecture Quality Assurance Framework (AQAF) is a theory developed to provide a holistic and formal verification process for architectural engineering of critical embedded systems. AQAF encompasses integrated architectural model checking, model-based testing, and selective regression verification techniques to achieve this goal. The Architecture Quality Assurance Tool (AQAT) implements the theory of AQAF and enables automated application of the framework. In this paper, we present an evaluation of AQAT and the underlying AQAF theory by means of an industrial case study, where resource efficiency and fault detection effectiveness are the targeted properties of evaluation. The method of fault injection is utilized to guarantee coverage of fault types and to generate a data sample size adequate for statistical analysis. We discovered important areas of improvement in this study, which required further development of the framework before satisfactory results could be achieved. The final results present a 100% fault detection rate at the design level, a 98.5% fault detection rate at the implementation level, and an average increased efficiency of 6.4% with the aid of the selective regression verification technique.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-37457 (URN)10.1109/ISSRE.2017.31 (DOI)000426939700026 ()2-s2.0-85040780151 (Scopus ID)9781538609415 (ISBN)
Conference
28th International Symposium on Software Reliability Engineering (ISSRE), Toulouse, France, 2017
Available from: 2017-12-14 Created: 2017-12-14 Last updated: 2018-07-25Bibliographically approved
Johnsen, A., Dodig-Crnkovic, G., Lundqvist, K., Hänninen, K. & Pettersson, P. (2017). Risk-based decision-making fallacies: Why present functional safety standards are not enough. In: Proceedings - 2017 IEEE International Conference on Software Architecture Workshops, ICSAW 2017: Side Track Proceedings. Paper presented at 2017 IEEE International Conference on Software Architecture Workshops, ICSAW 2017, 3 April 2017 through 7 April 2017 (pp. 153-160). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Risk-based decision-making fallacies: Why present functional safety standards are not enough
Show others...
2017 (English)In: Proceedings - 2017 IEEE International Conference on Software Architecture Workshops, ICSAW 2017: Side Track Proceedings, Institute of Electrical and Electronics Engineers Inc. , 2017, p. 153-160Conference paper, Published paper (Refereed)
Abstract [en]

Functional safety of a system is the part of its overall safety that depends on the system operating correctly in response to its inputs. Safety is defined as the absence of unacceptable/unreasonable risk by functional safety standards, which enforce safety requirements in each phase of the development process of safety-critical software and hardware systems. Acceptability of risks is judged within a framework of analysis with contextual and cultural aspects by individuals who may introduce subjectivity and misconceptions in the assessment. While functional safety standards elaborate much on the avoidance of unreasonable risk in the development of safety-critical software and hardware systems, little is addressed on the issue of avoiding unreasonable judgments of risk. Through the studies of common fallacies in risk perception and ethics, we present a moral-psychological analysis of functional safety standards and propose plausible improvements of the involved risk-related decision making processes, with a focus on the notion of an acceptable residual risk. As a functional safety reference model, we use the functional safety standard ISO 26262, which addresses potential hazards caused by malfunctions of software and hardware systems within road vehicles and defines safety measures that are required to achieve an acceptable level of safety. The analysis points out the critical importance of a robust safety culture with developed countermeasures to the common fallacies in risk perception, which are not addressed by contemporary functional safety standards. We argue that functional safety standards should be complemented with the analysis of potential hazards caused by fallacies in risk perception, their countermeasures, and the requirement that residual risks must be explicated, motivated, and accompanied by a plan for their continuous reduction. This approach becomes especially important in contemporary developed autonomous vehicles with increasing computational control by increasingly intelligent software applications.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2017
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-36194 (URN)10.1109/ICSAW.2017.50 (DOI)000413089000029 ()2-s2.0-85025634021 (Scopus ID)9781509047932 (ISBN)
Conference
2017 IEEE International Conference on Software Architecture Workshops, ICSAW 2017, 3 April 2017 through 7 April 2017
Available from: 2017-08-10 Created: 2017-08-10 Last updated: 2017-11-02Bibliographically approved
Johnsen, A., Kristina, L., Pettersson, P. & Hänninen, K. (2014). Regression verification of AADL models through slicing of system dependence graphs. In: QoSA 2014 - Proceedings of the 10th International ACM SIGSOFT Conference on Quality of Software Architectures (Part of CompArch 2014): . Paper presented at 10th International ACM SIGSOFT Conference on Quality of Software Architectures, QoSA 2014; Marcq-en-Baroeul; France; 30 June 2014 through 4 July 2014 (pp. 103-112).
Open this publication in new window or tab >>Regression verification of AADL models through slicing of system dependence graphs
2014 (English)In: QoSA 2014 - Proceedings of the 10th International ACM SIGSOFT Conference on Quality of Software Architectures (Part of CompArch 2014), 2014, p. 103-112Conference paper, Published paper (Refereed)
Abstract [en]

Design artifacts of embedded systems are subjected to a number of modifications during the development process. Verified artifacts that subsequently are modified must nec- essarily be re-Verified to ensure that no faults have been introduced in response to the modification. We collectively call this type of verification as regression verification. In this paper, we contribute with a technique for selective regression verification of embedded systems modeled in the Architec- ture Analysis and Design Language (AADL). The technique can be used with any AADL-based verification technique to eficiently perform regression verification by only selecting verification sequences that cover parts that are afiected by the modification for re-execution. This allows for the avoid- ance of unnecessary re-verification, and thereby unnecessary costs. The selection is based on the concept of specification slicing through system dependence graphs (SDGs) such that the efiect of a modification can be identified.

National Category
Computer Systems Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-25739 (URN)10.1145/2602576.2602589 (DOI)2-s2.0-84904459914 (Scopus ID)9781450325769 (ISBN)
Conference
10th International ACM SIGSOFT Conference on Quality of Software Architectures, QoSA 2014; Marcq-en-Baroeul; France; 30 June 2014 through 4 July 2014
Available from: 2014-08-01 Created: 2014-08-01 Last updated: 2018-01-11Bibliographically approved
Johnsen, A. (2013). Architecture-Based Verification of Dependable Embedded Systems. (Licentiate dissertation). Västerås: Mälardalen University
Open this publication in new window or tab >>Architecture-Based Verification of Dependable Embedded Systems
2013 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Quality assurance of dependable embedded systems is becoming increasingly difficult, as developers are required to build more complex systems on tighter budgets. As systems become more complex, system architects must make increasingly complex architecture design decisions. The process of making the architecture design decisions of an intended system is the very first, and the most significant, step of ensuring that the developed system will meet its requirements, including requirements on its ability to tolerate faults. Since the decisions play a key role in the design of a dependable embedded system, they have a comprehensive effect on the development process and the largest impact on the developed system. Any faulty architecture design decision will, consequently, propagate throughout the development process, and is likely to lead to a system not meeting the requirements, an unacceptable level of dependability and costly corrections.

Architecture design decisions are in turn critical with respect to quality and dependability of a system, and the cost of the development process. It is therefore crucial to prevent faulty architecture design decisions and, as early as practicable, detect and remove faulty decisions that have not successfully been prevented. The use of Architecture Description Languages (ADLs) helps developers to cope with the increasing complexity by formal and standardized means of communication and understanding. Furthermore, the availability of a formal description enables automated and formal analysis of the architecture design.

The contribution of this licentiate thesis is an architecture quality assurance framework for safety-critical, performance-critical and mission-critical embedded systems specified by the Architecture Analysis and Design Language (AADL). The framework is developed through the adaption of formal methods, in particular traditional model checking and model-based testing techniques, to AADL, by defining formal verification criteria for AADL, and a formal AADL-semantics. Model checking of AADL models provides evidence of the completeness, consistency and correctness of the model, and allows for automated avoidance of faulty architecture design decisions, costly corrections and threats to quality and dependability. In addition, the framework can automatically generate test suites from AADL models to test a developed system with respect to the architecture design decisions. A successful test suite execution provides evidence that the architecture design has been implemented correctly. Methods for selective regression verification are included in the framework to cost-efficiently re-verify a modified architecture design, such as after a correction of a faulty design decision. 

Abstract [sv]

Kvalitetssäkring av tillförlitliga inbyggda system är en ständigt växande utmaning då utvecklare av sådana system är tvungna att bygga allt mer komplexa system inom allt mer begränsade budgetar. Då komplexiteten av systemen ökar måste systemarkitekter göra allt mera komplicerade beslut om systemens arkitekturdesign. Processen att besluta arkitekturdesignen av ett tilltänkt system är det allra första, och det mest signifikanta, steget att försäkra att det utvecklade systemet kommer uppnå dess krav, inklusive krav på dess möjlighet att tolerera defekter. Då dessa designbeslut dessutom har en nyckelroll i designen av ett tillförlitligt inbyggt system har de en omfattande effekt på utvecklingsprocessen samt den största påverkan på det utvecklade systemet. På grund av detta kommer ett felaktigt beslut om arkitekturdesignen propagera igenom hela utvecklingsprocessen och sannolikt resultera i ett system som inte uppnår kraven, får en oacceptabel tillförlitlighetsnivå, och kostsamma korrigeringar. De är därmed kritiska med hänsyn till kvaliteten och tillförlitligheten av ett inbyggt system, och kostnaden av utvecklingsprocessen. Således är det kritiskt att förhindra felaktiga beslut om arkitekturdesign och, så tidigt som möjligt, detektera och avlägsna felaktiga beslut som inte har lyckats att förhindras.

Användningen av språk för arkitekturbeskrivning hjälper utvecklare att hantera den ökande komplexiteten genom standardiserade kommunikationsmedel och förståelsemedel. Dessutom möjliggör en formell beskrivning automatiserad och formell analys av arkitekturdesignen.

Bidraget av denna licentiatavhandling är ett formellt kvalitetssäkringsramverk för säkerhetskritiska, prestandakritiska och uppdragskritiska inbyggda system specificerade i arkitekturbeskrivningsspråket ”Architecture Analysis and Design Language” (AADL). Ramverket är utvecklat genom adaptionen av formella metoder, i synnerhet traditionella modellkontrolltekniker och modellbaserad testningstekniker, till AADL, med hjälp av att definiera formella verifikationskriterier för AADL och en formell AADL-semantik. Modellkontroll av AADL-modeller analyserar modellens fullständighet, konsistens och korrekthet och möjliggör automatisk undvikande av felaktiga arkitekturdesignbeslut, kostsamma korrigeringar och hot mot kvalitet och tillförlitlighet. Därutöver kan ramverket automatiskt generera testsviter från AADL-modeller för att testa ett utvecklat system mot den bestämda arkitekturdesignen. En lyckad testsvitexekvering garanterar att arkitekturdesignen är korrekt implementerad. Metoder för selektiv regressionsverifiering är inkluderade i ramverket för att på ett kostnadseffektivt tillvägagångssätt verifiera en, tidigare verifierad, arkitekturdesign som har blivit modifierad, såsom efter en korrigering av ett felaktigt designbeslut.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2013
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 168
Keywords
architecture-based verification, dependable embedded systems, AADL, architecture quality assurance, UPPAAL
National Category
Computer Sciences Embedded Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-18993 (URN)978-91-7485-112-0 (ISBN)
Presentation
2013-06-12, Gamma, Mälardalen University, Västerås, 10:15 (English)
Opponent
Supervisors
Available from: 2013-05-16 Created: 2013-05-14 Last updated: 2018-01-11Bibliographically approved
Zhou, J., Johnsen, A. & Lundqvist, K. (2013). Formal Execution Semantics for Asynchronous Constructs of AADL. In: MODELS 2012 Innsbruck - Proceedings of the 5th International Workshop on Model Based Architecting and Construction of Embedded Systems, ACES-MB 2012: . Paper presented at 5th International Workshop on Model Based Architecting and Construction of Embedded Systems, September 30th, 2012, Innsbruck, Austria (pp. 43-48).
Open this publication in new window or tab >>Formal Execution Semantics for Asynchronous Constructs of AADL
2013 (English)In: MODELS 2012 Innsbruck - Proceedings of the 5th International Workshop on Model Based Architecting and Construction of Embedded Systems, ACES-MB 2012, 2013, p. 43-48Conference paper, Published paper (Refereed)
Abstract [en]

The Architecture Analysis and Design Language (AADL) has been widely accepted to support the development process of Distributed Real-time and Embedded (DRE) systems and ease the tension of analyzing the systems’ non-functional properties. The AADL standard prescribes the dispatching and scheduling semantics for the thread components in the system using natural language. The lack of formal semantics limits the possibility to perform formal verification of AADL specifications. The main contribution of this paper is a mapping from a substantial asynchronous subset of AADL into the TASM language, allowing us to perform resource consumption and schedulability analysis of AADL models. A small case study is presented as a validation of the usefulness of this work.

National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-17435 (URN)10.1145/2432631.2432639 (DOI)000395805800008 ()2-s2.0-84874136949 (Scopus ID)
Conference
5th International Workshop on Model Based Architecting and Construction of Embedded Systems, September 30th, 2012, Innsbruck, Austria
Available from: 2012-12-20 Created: 2012-12-20 Last updated: 2019-06-26Bibliographically approved
Johnsen, A., Lundqvist, K., Pettersson, P. & Jaradat, O. (2012). Automated Verification of AADL-Specifications Using UPPAAL. In: Proceedings of the 14th IEEE International Symposium on High Assurance Systems Engineering (HASE). Paper presented at IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), 25-27 Oct. 2012, Omaha, NE, USA (pp. 130-138).
Open this publication in new window or tab >>Automated Verification of AADL-Specifications Using UPPAAL
2012 (English)In: Proceedings of the 14th IEEE International Symposium on High Assurance Systems Engineering (HASE), 2012, p. 130-138Conference paper, Published paper (Refereed)
Abstract [en]

The Architecture Analysis and Design Language (AADL) is used to represent architecture design decisions of safety-critical and real-time embedded systems. Due to the far-reaching effects these decisions have on the development process, an architecture design fault is likely to have a significant deteriorating impact through the complete process. Automated fault avoidance of architecture design decisions therefore has the potential to significantly reduce the cost of the development while increasing the dependability of the end product. To provide means for automated fault avoidance when developing systems specified in AADL, a formal verification technique has been developed to ensure completeness and consistency of an AADL specification as well as its conformity with the end product. The approach requires the semantics of AADL to be formalized and implemented. We use the methodology of semantic anchoring to contribute with a formal and implemented semantics of a subset of AADL through a set of transformation rules to timed automata constructs. In addition, the verification technique, including the transformation rules, is validated using a case study of a safety-critical fuel-level system developed by a major vehicle manufacturer.

National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-17372 (URN)10.1109/HASE.2012.22 (DOI)2-s2.0-84871966304 (Scopus ID)978-1-4673-4742-6 (ISBN)
Conference
IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), 25-27 Oct. 2012, Omaha, NE, USA
Available from: 2012-12-20 Created: 2012-12-20 Last updated: 2017-12-15Bibliographically approved
Johnsen, A. (2012). Fixed-Priority Preemptive Scheduling Semantics of AADL in UPPAAL Timed Automata. Västerås: School of Innovation, Design and Engineering, Mälardalen University
Open this publication in new window or tab >>Fixed-Priority Preemptive Scheduling Semantics of AADL in UPPAAL Timed Automata
2012 (English)Report (Other academic)
Place, publisher, year, edition, pages
Västerås: School of Innovation, Design and Engineering, Mälardalen University, 2012
Series
MRTC Technical Report
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-17325 (URN)
Available from: 2012-12-20 Created: 2012-12-20 Last updated: 2013-12-03Bibliographically approved
Dardar, R., Gallina, B., Johnsen, A., Lundqvist, K. & Nyberg, M. (2012). Industrial Experiences of Building a Safety Case in Compliance with ISO 26262. In: 23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2012): . Paper presented at 23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2012), Nov 27, 2012 - Nov 30, 2012, Dallas USA (pp. 349-354).
Open this publication in new window or tab >>Industrial Experiences of Building a Safety Case in Compliance with ISO 26262
Show others...
2012 (English)In: 23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2012), 2012, p. 349-354Conference paper, Published paper (Refereed)
Abstract [en]

The ISO 26262 functional safety standard provides appropriate development processes, requirements and safety integrity levels specific for the automotive domain. One crucial requirement consists of the creation of a safety case, a structured argument, which inter-relates evidence and claims, needed to show that safety-critical systems are acceptably safe. The standard is currently not mandatory to be applied to safety critical systems installed in heavy trucks; however, this is likely to be changed by 2016. This paper describes the experience gathered by applying the standard to the Fuel Level Estimation and Display System, a subsystem that together with other subsystems plays a significant role in terms of global system safety for heavy trucks manufactured by Scania. More specifically, exploratory and laborious work related to the creation of a safety case in compliance with ISO 26262 in an inexperienced industrial setting is described, and the paper ends with presenting some lessons learned together with guidelines to facilitate the adoption of ISO 26262.

National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-17419 (URN)10.1109/ISSREW.2012.86 (DOI)000318043300077 ()2-s2.0-84873369553 (Scopus ID)978-0-7695-4928-6 (ISBN)
Conference
23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2012), Nov 27, 2012 - Nov 30, 2012, Dallas USA
Available from: 2012-12-20 Created: 2012-12-20 Last updated: 2018-01-03Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-1844-7874

Search in DiVA

Show all publications