Brian Nielsen

• PhD, MSc
• Professor (Associate) at Aalborg University

Digital wireless sensor nodes that monitor the hydraulic state of urban water systems (e.g. sewer and drainage systems) typically need to be deployed and installed in inaccessible areas without electric and wired communication infrastructure and therefore need to operate using batteries and wireless communication. To avoid costly large high-capacit...

This paper presents an approach for schedulability analysis of Distributed Integrated Modular Avionics (DIMA) systems that consist of spatially distributed ARINC-653 multicore modules connected by a unified Avionics Full-Duplex Switched Ethernet (AFDX) network. A multicore DIMA system is modeled as a set of stopwatch automata in uppaal to verify it...

In this paper we review how the Uppaal Tool Suite served in industrial projects and was both driven and improved by them throughout the last 20 years. We show how the need of industry for model-based validation, performance evaluation and synthesis shaped the tool suite and how the tool suite aided the use cases it was applied in. The paper highlig...

In this paper we review 20 years of significant industrial application of the Uppaal Tool Suite for model-based validation, performance evaluation and synthesis. The paper will highlight a number of selected cases, and discuss successes and pitfalls in achieving industrial impact as well as tool sustainability in an academic setting.

This work presents a compositional approach for schedulability analysis of Distributed Integrated Modular Avionics (DIMA) systems that consist of spatially distributed ARINC-653 modules connected by a unified AFDX network. We model a DIMA system as a set of stopwatch automata in UPPAAL to verify its schedulability by model checking. However, direct...

This work presents a compositional approach for schedulability analysis of Distributed Integrated Modular Avionics (DIMA) systems that consist of spatially distributed ARINC-653 modules connected by a unified AFDX network. We model a DIMA system as a set of stopwatch automata in UPPAAL to verify its schedulability by model checking. However, direct...

This paper presents a modeling framework for schedulability analysis of distributed integrated modular avionics (DIMA) systems that consist of spatially distributed ARINC-653 modules connected by a unified AFDX network. We model a DIMA system as a set of stopwatch automata (SWA) in UPPAAL to analyze its schedulability by classical model checking (M...

This paper presents a modeling framework for schedulability analysis of distributed integrated modular avionics (DIMA) systems that consist of spatially distributed ARINC-653 modules connected by a unified AFDX network. We model a DIMA system as a set of stopwatch automata (SWA) in UPPAAL to analyze its schedulability by classical model checking (M...

We propose Pareto optimal reachability analysis to solve multi-objective scheduling and planing problems using real-time model checking techniques. Not only the makespan of a schedule, but also other objectives involving quantities like performance, energy, risk, cost etc., can be optimized simultaneously in balance. We develop the Pareto optimal r...

In this paper we revisit the notion of compositional testing in the setting of real-time systems. In particular, we introduce crucial notions of real-time conformance testing and compositional verification of real-time systems. We illustrate these notions on a Small University example, and show how the tools Uppaal Tron, Uppaal Ecdar and Uppaal SMC...

Probabilistic automata models play an important role in the formal design and analysis of hard- and software systems. In this area of applications, one is often interested in formal model-checking procedures for verifying critical system properties. Since adequate system models are often difficult to design manually, we are interested in learning m...

Time optimal reachability analysis is a novel model based technique for solving scheduling and planning problems. After modeling them as reachability problems using timed automata, a real-time model checker can compute the fastest trace to the goal states which constitutes a time optimal schedule. We propose distributed computing to accelerate time...

Time optimal reachability analysis employs model-checking to compute goal states that can be reached from an initial state with a minimal accumulated time duration. The model-checker may produce a corresponding diagnostic trace which can be interpreted as a feasible schedule for many scheduling and planning problems, response time optimization etc....

Cyber-Physical Systems (CPS) are subject to platform-given resource constraints upon such resources as CPU, memory, and bus, in executing their functionalities. This causes the behavior of a verified application to deviate from its intended timing behavior when the application is integrated on a specific platform. For the same reason, a configurati...

Many safety-concerned standards and regulations for real-time embedded systems, e.g., ISO 26262 for automotive electric/electronic systems, recommends the use of formal techniques to achieve the required safety level. This paper presents a method for formal analysis of real-time embedded systems. The method allows properties to be statistically che...

The continuing pervasion of our society with safety-critical cyber-physical systems not only demands for adequate (risk) analysis, testing and verification techniques, it also generates growing experience on their use, which can be considered as important as the tools themselves for their efficient use. This paper introduces workflow patterns to de...

Efficient and effective verification and validation of complex embedded systems is challenging, and requires the use of various tools and techniques, such as model-based testing and analysis. The aim of this paper is to devise an overall method for how analysis and testing may be used in combination to increase the quality of embedded systems, and...

Constructing an accurate system model for formal model verification can be both resource demanding and time-consuming. To alleviate this shortcoming, algorithms have been proposed for automatically learning system models based on observed system behaviors. In this paper we extend the algorithm on learning probabilistic automata to reactive systems,...

Establishing an accurate model for formal verification of an existing hardware or software system is often a manual process that is both time consuming and resource demanding. In order to ease the model construction phase, methods have recently been proposed for au-tomatically learning accurate system models from data in the form of observations of...

This book constitutes the refereed proceedings of the 24th IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2012, held in Aalborg, Denmark, in November 2012. The 16 revised full papers presented together with 2 invited talks were carefully selected from 48 submissions. The papers are organized in topical sections on testi...

We propose to combine timed automata and linear hybrid automata model checkers for formal testing and monitoring of embedded systems with a hybrid behavior, i.e., where the correctness of the system depends on discrete as well as continuous dynamics. System level testing is considered, where requirements capture abstract behavior and often include...

Obtaining accurate system models for verification is a hard and time consuming process, which is seen by industry as a hindrance to adopt otherwise powerful model driven development techniques and tools. In this paper we pursue an alternative approach where an accurate high-level model can be automatically constructed from observations of a given b...

This article proposes two approaches to tool-supported automatic verification of dense real-time systems against scenario-based requirements, where a system is modeled as a network of timed automata (TAs) or as a set of driving live sequence charts (LSCs), and a requirement is specified as a separate monitored LSC chart. We make timed extensions t...

Model-based testing is a promising technique for improving the quality of testing by automatically generating an efficient set of provably valid test cases from a system model. Testing embedded real-time systems is challenging because it must deal with timing, concurrency, processing and computation of complex mixed discrete and continuous signals,...

We propose a modeling framework for performing schedulability analysis by using Uppaal real-time model-checker [2]. The framework is inspired by a case study where schedulability analysis of a satellite system is performed. The framework assumes a single CPU hardware where a fixed priority preemptive scheduler is used in a combination with two reso...

We propose an automated, tool-supported approach to scenario-based analysis and synthesis of real-time embedded systems. The inter-object behaviors of a system are modeled as a set of live sequence charts (LSCs), and the scenario-based user requirement is specified as a separate LSC. By translating the set of LSC charts into a behavior-equivalent n...

We propose an approach to automatic verification of real-time systems against scenario-based requirements. A real-time system is modeled as a network of Timed Automata (TA), and a scenario-based requirement is specified as a Live Sequence Chart (LSC). We define a trace-based semantics for a kernel subset of the LSC language. By equivalently transla...

This paper studies the problem of model-based testing of real-time systems that are only partially observable. We model the system under test (SUT) using timed game automata (TGA) which has internal actions, uncontrollable outputs and timing uncertainty of outputs. We define the partial observability of SUT using a set of predicates over the TGA st...

This paper deals with targeted testing of timed systems whose models may have uncontrollable behavior. The testing activity is viewed as a game between the tester and the system under test (SUT) towards a given test purpose. The SUT is modeled as Timed Game Automaton and the test purpose is specified in Timed CTL formula. We employ a timed game sol...

This paper presents a game-theoretic approach to the testing of uncontrollable real-time systems. By modelling the systems with Timed I/O Game Automata and specifying the test purposes as Timed CTL formulas, we employ a recently developed timed game solver UPPAAL-TIGA to synthesize winning strategies, and then use these strategies to conduct black-...

This chapter presents principles and techniques for model-based black- box conformance testing of real-time systems using the UPPAALmodel-checking tool-suite. The basis for testing is given as a network of concurrent timed au- tomata specified by thetestengineer. Relativized input/output conformance serves as the notion of implementation correctnes...

Uppaal Tron is an online model-based testing tool for real-time sys-tems. This user-manual documents the implementation features of the tool and could also be used as a reference manual for building test adapters for Tron. The reader should be familiar with Uppaal tutorial [1]. Basic knowledge of process control in a shell and programming in C/C++...

UPPAAL-TRON is a new tool for model based online black-box conformance testing of real-time embedded systems specified as timed automata. In this paper we present our experiences in applying our tool and technique on an industrial case study. We conclude that the tool and technique is applicable to practical systems, and that it has promising error...

We present T-Uppaal — a new tool for online black-box testing of real-time embedded systems from non-deterministic timed automata specifications. We describe a sound and complete randomized online testing algorithm and how to implement it using symbolic state representation and manipulation techniques. We propose the notion of relativized timed inp...

We present a technique for specifying coverage criteria and a method for generating test suites for systems whose behaviours can be described as extended finite state machines (EFSM). To specify coverage criteria we use observer automata with parameters, which monitor and accept traces that cover a given test criterion of an EFSM. The flexibility o...

The goal of testing is to gain confidence in a physical computer based system by means of executing it. More than one third of typical project resources are spent on testing embedded and real-time systems, but still it remains ad-hoc, based on heuristics, and error-prone. Therefore systematic, theoretically well-founded and effective automated real...

In this paper we show how to automatically generate test sequences that are aimed at testing the interconnections of embedded and communicating systems. Our proposal is based on the connectivity fault model proposed by[8], where faults may occur in the interface between the software and its environment rather than in the software implementation. W...

Testing is the primary software validation technique used by industry today, but remains ad hoc, error prone, and very expensive. A promising improvement is to automatically generate test cases from formal models of the system under test. We demonstrate how to automatically generate real-time conformance test cases from timed automata specificatio...

Testing is the primary software validation technique used by industry today, but remains ad hoc, error prone, and very expensive. A promising improvement is to automatically generate test cases from formal models of the system under test. We demonstrate how to automatically generate real-time conformance test cases from timed automata specificatio...

We present TUPPAAL --- a new tool for online black-box testing of real-time embedded systems from non-deterministic timed automata specifications. We describe a sound and complete randomized online testing algorithm, and describe how to implement it using symbolic state representation and manipulation techniques. We propose the notion of relativize...

This report documents the results of the Danfoss EKC trial project on model based development using IAR visualState. We present a formal state-model of a refrigeration controller based on a specification given by Danfoss. We report results on modeling, verification, simulation, and code-generation. It is found that the IAR visualState is a promisin...

In this paper we present a framework, an algorithm and a new tool for online testing of real-time systems based on symbolic techniques used in UPPAAL model checker. We extend UPPAAL timed automata network model to a test specification which is used to generate test primitives and to check the correctness of system responses including the timing asp...

Introduction. The goal of testing is to gain condence in a physical computer based system by means of executing it. More than one third of typical project resources is spent on testing and still it remains ad-hoc, based on heuristics, and error-prone. Moreover, it is estimated that 99% of processors produced today are targeted for embedded applicat...

Abstract The goal of the project is to provide a test toolbox T-UPPAAL together with a sample randomized test algorithm for real time systems. A real time system model checker UPPAAL is an efficient symbolic state estimator and is chosen to be the base platform for the testing extensions. The test setup idea is inspired by the un-timed system testi...

Testing is the primary software validation technique used by industry today, but remains ad hoc, error prone, and very expensive. A promising improvement is to automatically generate test cases from formal models of the system under test.

Testing is the most dominant validation activity used by industry today, and there is an urgent need for improving its effectiveness, both with respect to the time and resources for test generation and execution, and obtained test coverage. We present a new technique for automatic generation of real-time black-box conformance tests for non-determin...

Testing is the primary software validation technique used by industry today, but remains ad hoc, error prone, and very expensive.

Testing is the primary software validation technique used by industry today, but remains ad hoc, error prone, and very expensive. A promising improvement is to automatically generate test cases from formal models of the system under test. We demonstrate how to automatically generate real-time conformance test cases from timed automata specification...

Large and complex real-time systems can benefit significantly from a component-based development approach where new systems are constructed by composing reusable, documented and previously tested concurrent objects. However, reusing objects which execute under real-time constraints is problematic because application specific time and synchronizatio...

Testing is the most dominating validation activity used by industry today, and there is an urgent need for improv- ing its effectiveness, both with respect to the time and re- sources for test generation and execution, and obtained test coverage. We present a new technique for automatic gen- eration of real-time black-box conformance tests for non-...

Generating timed test sequences by hand is error-prone and time consuming, and it is easy to overlook important scenarios. The paper presents a tool based on formal methods that automatically computes a test suite for conformance testing of time critical systems. The generated tests are selected on the basis of a coverage criterion of the specifica...

We present the design and implementation of a high performance software layered video codec, designed for deployment in bandwidth heterogeneous networks. The codec facilitates layered spatial and SNR (signal-to-noise ratio) coding for bit-rate adaption to a wide range of receiver capabilities. The codec uses a wavelet subband decomposition for spat...

We present a coordination language and its semantics for specification and implementation of object-oriented real-time systems. Real-time systems operate under real-time constraints, and our language supports expression thereof. In our language, a system is modeled by two separate but complementary descriptions: A collection of objects define the s...

This report presents the results of a set of performance measurements related to communication of digital video on ATM-networks. High qual-ity video produces large amounts data which m u s t b e c o m m unicated and processed in real-time. Satisfaction of this requirements require knowledge about the available system resources and the nature of the...

We give formal semantics for a distributed concurrent object oriented real time programming language based on a variant of the actor model which includes an extention enabling the specification of time constraints on message invocation. Real time semantics must capture both the qualitative and quantitative aspects of the language, and provide a mea...

18.1 Introduction The Internet Protocol (IP) is expected to become the main carrier of traffic to mobile and wireless nodes. This includes ordinary data traffic like HTTP, FTP and e-mail, as well as voice, video and other time sensitive data. To support mobile users, the basic Internet protocols have been extended with protocols (Mobile IP) for int...

1 Design 1.1 Service speciication We begin by summarizing the services to be provided by the protocol and then describe the overall ideas of how t h e s e a r e t o b e p r o vided. EEcient transfer of datagrams over ATM network. The purpose of the protocol is to transfer datagrams over ATM networks. Simplex communication. The protocol is only to p...