Mark Brörkens and Matthias Köster: Improving the Interoperability of Automotive Tools by Raising the Abstraction from Legacy XML Formats to Standardized Metamodels. Presented at ECMDA-FA 2007. Published in D.H. Akehurst, R. Vogel, and R.F. Paige (Eds.): ECMDA-FA 2007, LNCS 4530, pp. 59–67, Springer-Verlag Berlin Heidelberg 2007.
Automotive system design demands frequent exchange of data between different parties and tools. In order to improve the interoperability, standardization bodies and partnerships have put high effort in defining XML based languages for system descriptions. However, the mere existence of a standardized XML based data exchange format doesn’t guarantee seamless interoperability. The validation possibilities given by XML DTD or Schema are not sufficient. Additionally, the maintenance of XML formats for the growing complexity of today’s systems is an increasing challenge. This paper describes the experiences with the model-driven approach taken by the automotive initiative AUTOSAR. It illustrates the limitations of designing data exchange formats in XML and shows how a higher level of abstraction increases the interoperability between tools. A powerful concept for mapping a metamodel to XML schema allows for integrating legacy XML formats. Furthermore, current activities on improving interoperability by automatically generating a tool framework for AUTOSAR and other automotive tools are explained.


Mike Pagel and Mark Brörkens: Definition and Generation of Data Exchange Formats in AUTOSAR. Presented at ECMDA-FA 2006. Published in A. Rensink and J. Warmer (Eds.): ECMDA-FA 2006, LNCS 4066, pp. 52–65. Springer-Verlag Berlin Heidelberg 2006.
In this paper we present a methodology supporting the definition of data models on basis of a limited set of well-known UML features, thereby allowing these models to be created and discussed by a large group of domain experts. A transformation is then defined from such a platform independent UML model to XML schema, which exceeds the configuration possibilities of comparable approaches like XMI. This enables the generic reproduction of a wide range of existing XML languages and hence supports reverse-engineering legacy schemas and DTDs into well-structured UML models. The overview of an actual implementation of the generic methodology finally demonstrates the practical applicability or our approach. The work described in this paper is part of the AUTOSAR development partnership, an international effort to standardize automotive software infrastructure. The resulting XML schema is used today as the official AUTOSAR XML data exchange format.


Ralf Buschermöhle, Mark Brörkens, Ingo Brückner, Werner Damm, Wilhelm Hasselbring, Christoph Schulte, Thomas Wolf: Model Checking (Grundlagen und Praxiserfahrungen). Informatik Spektrum, 2004
The correct functioning of hard- and software components is often a crucial factor in computer-based system engineering. Particularly, this is the case in the area of „safety critical“ systems, where a system failure can endanger human life. But also in less critical areas the correctness of provided functionality becomes more and more important. Furthermore the complexity of system functionality increases steadily. Therefore manual test and simulation methods can detect many errors only with inaccaptable high effort concerning time and resources. Starting from this background, this article presents the basics of „model checking“, an automatic and complete verification method. Based on this introduction, experience gained with the application of model checking tools in industrial contexts is presented and discussed.


Christoph Schulte, Mark Brörkens, Ingo Brückner, Ralf Buschermöhle, Thomas Wolf: Sicherheit für sicherheitskritische Systeme. In Electronic Embedded Systeme. Elektronik Embedded Systeme, 2003
Mikroprozessoren werden immer häufiger auch in technischen Geräten und vielerlei alltäglichen Konsumgütern eingesetzt. Letztere werden auch als "Embedded Systeme" bezeichnet, das heißt in umgebende technische Systeme wechselseitig integrierte Computersysteme. Die Entwicklung solcher "Eingebetteter Systeme" wird unter anderen aufgrund immer höherer Anforderungen an die Funktionalität und einer wachsenden Anzahl von interagierenden Komponenten immer komplexer. Um diesem Umstand Rechnung zuz tragen, werden in Prozessmodellen und Standards, die insbesondere im Bereich sicherheitskritischer Systeme angewendet werden, bereits seit geraumer Zeit "vollständige" Korrektheitsnachweise gefordert. Ein aussichtsreicher Kandidat in diesem Kontext ist das Model-Checking.


Mark Brörkens, Michael Möller: Dynamic Event Generation for Runtime Checking using the JDI. Electronic Notes in Theoretical Computer Science, 2002
Approaches to runtime checking have to track the execution of a software system and therefore have to deal with generating and processing execution events. Often these techniques are applied at the code level – either by inserting new source code prior to the compilation or by modifying the target code, e.g. Java byte code, before running the program. The jassda framework and tool enable runtime checking of Java programs against a CSP-like specification. For generating events it uses the Java Debug Interface (JDI) and thus no modifications to the code are necessary. Another advantage is that events are generated on demand, i.e. dynamically at runtime it is determined which events to generate for the current debug run without modifying the program itself. This paper shows how this event generation is done by the jassda framework.
Mark Brörkens, Michael Möller: Jassda Trace Assertions, Runtime Checking the Dynamic of Java Programs Systems, International Conference on Testing of Communicating Systems, 2002
Research into runtime checking of programs mainly concentrates on the Design by Contract concept, as proposed by Meyer for the programming language Eiffel. The goal is here to check whether a program fulfills certain conditions in certain states, i.e method entry and exit points. Jass (Java with assertions) tries to extend this to behavioural properties by adding trace assertion for dynamical checking (Jass 2). But the Jass approach is a precompiler attempt, so we cannot handle programs without its source code. jassda, the Jass DebugArchitecture, is also designed to provide a trace assertion facility, but in contrast to the classic Jass 2 trace assertions these assertions are not precompiled into source code but are checked at runtime via the Java Debug Interface (JDI).
Mark Brörkens: Trace- und Zeit- Zusicherungen beim Programmieren mit Vertrag. Masters thesis. University of Oldenburg, Computer Science Department, 2002