Papers by Kristina Lundqvist
Springer eBooks, 2011
Dependable software-intensive systems, such as embedded systems for avionics and vehicles are oft... more Dependable software-intensive systems, such as embedded systems for avionics and vehicles are often developed under severe quality, schedule and budget constraints. As the size and complexity of these systems dramatically increases, the architecture design phase becomes more and more significant in order to meet these constraints. The use of Architecture Description Languages (ADLs) provides an important basis for mutual communication, analysis and evaluation activities. Hence, selecting an ADL suitable for such activities is of great importance. In this paper we compare and investigate the two ADLs-AADL and EAST-ADL. The level of support provided to developers of dependable softwareintensive systems is compared, and several critical areas of the ADLs are highlighted. Results of using an extended comparison framework showed many similarities, but also one clear distinction between the languages regarding the perspectives and the levels of abstraction in which systems are modeled.
Zenodo (CERN European Organization for Nuclear Research), Jun 28, 2008
The Architecture Quality Assurance Framework (AQAF) is a theory developed to provide a holistic a... more The Architecture Quality Assurance Framework (AQAF) is a theory developed to provide a holistic and formal verification process for architectural engineering of critical embedded systems. AQAF encompasses integrated architectural model checking, model-based testing, and selective regression verification techniques to achieve this goal. The Architecture Quality Assurance Tool (AQAT) implements the theory of AQAF and enables automated application of the framework. In this paper, we present an evaluation of AQAT and the underlying AQAF theory by means of an industrial case study, where resource efficiency and fault detection effectiveness are the targeted properties of evaluation. The method of fault injection is utilized to guarantee coverage of fault types and to generate a data sample size adequate for statistical analysis. We discovered important areas of improvement in this study, which required further development of the framework before satisfactory results could be achieved. The final results present a 100% fault detection rate at the design level, a 98.5% fault detection rate at the implementation level, and an average increased efficiency of 6.4% with the aid of the selective regression verification technique.
AQAF: An Architecture Quality Assurance Framework for Systems Modeled in AADL
Architecture engineering is essential to achieve dependability of critical embedded systems and a... more Architecture engineering is essential to achieve dependability of critical embedded systems and affects large parts of the system life cycle. There is consequently little room for faults, which may cause substantial costs and devastating harm. Verification in architecture engineering should therefore be holistically and systematically managed in the development of critical embedded systems, from requirements analysis and design to implementation and maintenance. In this paper, we address this problem by presenting AQAF: an Architecture Quality Assurance Framework for critical embedded systems modeled in the Architecture Analysis and Design Language (AADL). The framework provides a holistic set of verification techniques with a common formalism and semantic domain, architecture flow graphs and timed automata, enabling completely formal and automated verification processes covering virtually the entire life cycle. The effectiveness and efficiency of the framework are validated in a case study comprising a safety-critical train control system.
The definition of the Ravenscar Tasking Profile for Ada 95 provides a definition of a tasking run... more The definition of the Ravenscar Tasking Profile for Ada 95 provides a definition of a tasking runtime system with deterministic behaviour and low enough complexity to permit a formal description and verification of the model. A complete run-time system is being modeled using the real-time model checker UPPAAL, and this work describes the handling of delay until Since scheduling is not yet modelled a simple non-preemptive scheduler has been used when verifying the delay queue. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires wior specific permission and/or a fee.
The Timed Abstract State Machine Language: An Executable Specification Language for Reactive Real-Time Systems
The Timed Abstract State Machine Language: An Executable Specification Language for Reactive Real... more The Timed Abstract State Machine Language: An Executable Specification Language for Reactive Real-Time Systems Martin Ouimet, Kristina Lundqvist, and Mikael Nolin Embedded Systems Laboratory Massachusetts Institute of Technology Cambridge, MA, 02139, USA {mouimet, ...
The Production Cell System
A Hazard Domain Ontology for Preliminary Hazard Analysis in Reuse Scenarios
The Gurkh Framework : an Industrial Case Study and Certification Issues for Safety Critical Software
The Gurkh Framework : an Industrial Case Study and Certification Issues for Safety Critical Software
Ada letters, Dec 1, 2000
The Ravenscar pmfde for high integrity systems using Ada 95/s we//defined in all real.6me aspects... more The Ravenscar pmfde for high integrity systems using Ada 95/s we//defined in all real.6me aspects. The complen~ of the run-time system has been reduced to allow full utilimt~on of formai methods for applicationx using the Ravenscar pro]ile. In the Mana project a tool set is being developed including a formal model of a Ravenscar compl~,a run-~ne system, a gnat compa~ie run-time system, and an ASIS based tool to allow for the verification of a system including both COTS and code that is reused.
The fast development of sensing devices and radios enables more powerful and flexible remote heal... more The fast development of sensing devices and radios enables more powerful and flexible remote health monitoring systems. Considering the future vision of the Internet of Things (IoT), many requirements and challenges rise to the design and implementation of such systems. Bridging the gap between sensor nodes on the human body and the Internet becomes a challenging task in terms of reliable communications. Additionally, the systems will not only have to provide functionality, but also be highly secure. In this paper, we provide a survey on existing communication protocols and security issues related to pervasive health monitoring, describing their limitations, challenges, and possible solutions. We propose a generic protocol stack design as a first step toward handling interoperability in heterogeneous low-power wireless body area networks.
The readability of formal requirements specification languages is hypothesized as a limiting fact... more The readability of formal requirements specification languages is hypothesized as a limiting factor in the acceptance of formal methods by the industrial community. An empirical study was conducted to determine how various factors of state-based requirements specification language design affect readability using aerospace applications. Six factors were tested in all, including the representation of the overall state machine structure, the expression of triggering conditions, the use of macros, the use of internal broadcast events, the use of hierarchies, and transition perspective (going-to or coming-from). Subjects included computer scientists as well as aerospace engineers in an effort to determine whether background affects notational preferences. Because so little previous experimentation on this topic exists on which to build hypotheses, the study was designed as a preliminary exploration of what factors are most important with respect to readability. It can serve as a starting point for more thorough and carefully controlled experimentation in specification language readability.
Correctness-guaranteed strategy synthesis and compression for multi-agent autonomous systems
Science of Computer Programming
2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), 2017
Architectural engineering of embedded systems comprehensively affects both the development proces... more Architectural engineering of embedded systems comprehensively affects both the development processes and the abilities of the systems. Verification of architectural engineering is consequently essential in the development of safety-and missioncritical embedded system to avoid costly and hazardous faults. In this paper, we present the Architecture Quality Assurance Tool (AQAT), an application program developed to provide a holistic, formal, and automatic verification process for architectural engineering of critical embedded systems. AQAT includes architectural model checking, model-based testing, and selective regression verification features to effectively and efficiently detect design faults, implementation faults, and faults created by maintenance modifications. Furthermore, the tool includes a feature that analyzes architectural dependencies, which in addition to providing essential information for impact analyzes of architectural design changes may be used for hazard analysis, such as the identification of potential error propagations, common cause failures, and single point failures. Overviews of both the graphical user interface and the back-end processes of AQAT are presented with a sensor-to-actuator system example.
International Journal on Software Tools for Technology Transfer, 2022
Path planning and task scheduling are two challenging problems in the design of multiple autonomo... more Path planning and task scheduling are two challenging problems in the design of multiple autonomous agents. Both problems can be solved by the use of exhaustive search techniques such as model checking and algorithmic game theory. However, model checking suffers from the infamous state-space explosion problem that makes it inefficient at solving the problems when the number of agents is large, which is often the case in realistic scenarios. In this paper, we propose a new version of our novel approach called MCRL that integrates model checking and reinforcement learning to alleviate this scalability limitation. We apply this new technique to synthesize path planning and task scheduling strategies for multiple autonomous agents. Our method is capable of handling a larger number of agents if compared to what is feasibly handled by the model-checking technique alone. Additionally, MCRL also guarantees the correctness of the synthesis results via post-verification. The method is impleme...
Assured Cloud Platforms for Industrial Cyber-Physical Systems: The ACICS Approach
7th Conference on the Engineering of Computer Based Systems, 2021
With the emergence of “Industry 4.0”, the integration of cloud technologies and industrial cyber-... more With the emergence of “Industry 4.0”, the integration of cloud technologies and industrial cyber-physical systems becomes increasingly important to boost productivity. The industrial cyber-physical systems infrastructures and their fusion with the cloud lead to massive amounts of data acquired for controlling particular processes, but also for supporting decision-making. Although cloud-assisted systems are increasingly important in many domains, and ensuring their dependability is crucial, existing platforms do not provide satisfactory support to meet the dependability demands of industrial applications. The overall goal of the ACICS project is to provide models, methods and tools that facilitate a substantial increase of dependability of cloud-based platforms for industrial cyber-physical applications, with respect to consistency, security and interoperability of data, timing predictability of using shared virtual resources, together with a framework of guaranteeing quality-of-service enforcement by formal analysis and verification. In this paper, we present the main conceptual ideas behind the ACICS approach.
2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), 2017
The Architecture Quality Assurance Framework (AQAF) is a theory developed to provide a holistic a... more The Architecture Quality Assurance Framework (AQAF) is a theory developed to provide a holistic and formal verification process for architectural engineering of critical embedded systems. AQAF encompasses integrated architectural model checking, model-based testing, and selective regression verification techniques to achieve this goal. The Architecture Quality Assurance Tool (AQAT) implements the theory of AQAF and enables automated application of the framework. In this paper, we present an evaluation of AQAT and the underlying AQAF theory by means of an industrial case study, where resource efficiency and fault detection effectiveness are the targeted properties of evaluation. The method of fault injection is utilized to guarantee coverage of fault types and to generate a data sample size adequate for statistical analysis. We discovered important areas of improvement in this study, which required further development of the framework before satisfactory results could be achieved. Th...
The problem of mission planning for multiple autonomous agents, including path planning and task ... more The problem of mission planning for multiple autonomous agents, including path planning and task scheduling, is often complex. Recent efforts aiming at solving this problem have explored ways of us ...
Lecture Notes in Computer Science, 2019
Uploads
Papers by Kristina Lundqvist