Architecture-Based Verification of Dependable Embedded Systems

Quality assurance of dependable embedded systems is becoming increasingly difficult, as developers are required to build more complex systems on tighter budgets. As systems become more complex, system architects must make increasingly complex architecture design decisions. The process of making the architecture design decisions of an intended system is the very first, and the most significant, step of ensuring that the developed system will meet its requirements, including requirements on its ability to tolerate faults. Since the decisions play a key role in the design of a dependable embedded system, they have a comprehensive effect on the development process and the largest impact on the developed system. Any faulty architecture design decision will, consequently, propagate throughout the development process, and is likely to lead to a system not meeting the requirements, an unacceptable level of dependability, and costly corrections.Architecture design decisions are in turn critical with respect to quality and dependability of a system, and the cost of the development process. It is therefore crucial to prevent faulty architecture design decisions and, as early as practicable, detect and remove faulty decisions that have not been successfully prevented. The use of Architecture Description Languages (ADLs) helps developers to cope with the increasing complexity by formal and standardized means of communication and understanding. Furthermore, the availability of a formal description enables automated and formal analysis of the architecture design.The contribution of this licentiate thesis is an architecture quality assurance framework for safety-critical, performance-critical, and mission-critical embedded systems specified in the Architecture Analysis and Design Language (AADL). The framework is developed through the adaption of formal methods, in particular traditional model-checking and model-based testing techniques, to AADL. This is done by defining both formal verification criteria for AADL, and a formal semantics for AADL. Model-checking of AADL models provides evidence of the completeness, consistency, and correctness of the model, and allows for automated avoidance of faulty architecture design decisions, costly corrections and threats to quality and dependability. In addition, the framework can automatically generate test suites from AADL models to test a developed system with respect to the architecture design decisions. A successful test suite execution provides evidence that the architecture design has been implemented correctly. Methods for selective regression verification are included in the framework to cost-efficiently re-verify a modified architecture design, after e.g., a correction of a faulty design decision.