Verifying non-functional real-time properties by static analysis

International audienceStatic analyzers based on abstract interpretation are tools aiming at the automatic detection of run-time properties by analyzing the source, assembly or binary code of a program. From Airbus' point of view, the first interesting properties covered by static analyzers available on the market, or as prototypes coming from research, are absence of run-time errors, maximum stack usage and Worst-Case Execution Time (WCET). This paper will focus on the two latter

Safe and Precise WCET Determination by Abstract Interpretation of Pipeline Models

Failure of computer software in a hard real-time system leads to severe consequences and must be avoided by proving the correctness of the systems software. A prerequisite for this is the determination of an upper bound for the worst-case execution times (WCET) of the tasks in the system. We show that for modern CPUs, WCETs can be obtained by static program analysis methods even for CPUs with execution history sensitives components like caches and pipelines. This is the first time that complex CPU features (out-of-order execution, speculation, etc) have been included in a comprehensive and safe analysis. The approach presented in this thesis is able to handle the analysis of very complex architectures (PowerPC 755) by first modeling the CPU and peripherals of the system and then using abstractions on some components of the system to obtain an analysis. The analysis computes WCET for the basic blocks of the program by simulating the abstract system model. The correctness of the approach is shown. A tool has been built based on this approach, which was evaluated under reallife industry conditions by Airbus France in the course of the DAEDALUS project, showing the practical applicability of the methodology.Fehlverhalten der Computersoftware eines harten Echtzeitsystems kann katastrophale Folgen haben. Um ein solches Verhalten zu verhindern, muss die Korrektheit der Programme des Systems vorher nachgewiesen werden. Eine Voraussetzung hierf®ur ist die Kenntniss von oberen Schranken f®ur die Ausf®uhrungszeit der Programme (WCET). F®ur moderne CPUs k®onnen solche Schranken effektiv nur durch statische Analysemethoden verl®asslich gewonnen werden, da die Laufzeiten stark von kontextsensitiven Komponenten (Caches, Pipelines) abh®angen. Bisher galten komplexe Merkmale moderner CPUs (out-of-order Ausf®uhrung, Spekulation) als nicht efzient statisch analysierbar. Die vorliegende Arbeit pr®asentiert einen Ansatz, der in der Lage ist, sehr komplexe Architekturen (etwa den PowerPC 755) zu behandeln. Hierbei wird zuerst ein Modell des Prozessors und der Peripherie des Systems erstellt, dessen Komponenten dann geeignet abstrahiert werden k®onnen, um eine Analyse zu erhalten. Die Analyse berechnet WCET f®ur die Basisbl®ocke eines Programmes durch Simulation des abstrahierten Prozessormodells. Die Korrektheit der Analyse wird durch die Verwendung der Theorie der abstrakten Interpretation garantiert. Mit diesem Ansatz wurde ein Werkzeug entwickelt, welches unter Industriebedingungen von Airbus France im Verlauf des DAEDALUS Projektes evaluiert wurde. Dabei konnte die praktische Anwendbarkeit des vorgestellten Ansatzes klar demonstriert werden

Development of PCI Embedded Card Useful for Microcontroller Trainer

Not availabl

Control flow graphs for real-time systems analysis: reconstruction from binary executables and usage in ILP-based path analysis

Real-time systems have to complete their actions w.r.t. given timing constraints. In order to validate that these constraints are met, static timing analysis is usually performed to compute an upper bound of the worst-case execution times (WCET) of all the involved tasks. This thesis identifies the requirements of real-time system analysis on the control flow graph that the static analyses work on. A novel approach is presented that extracts a control flow graph from binary executables, which are typically used when performing WCET analysis of real-time systems. Timing analysis can be split into two steps: a) the analysis of the behaviour of the hardware components, b) finding the worst-case path. A novel approach to path analysis is described in this thesis that introduces sophisticated interprocedural analysis techniques that were not available before.Echtzeitsysteme müssen ihre Aufgaben innerhalb vorgegebener Zeitschranken abwickeln. Um die Einhaltung der Zeitschranken zu überprüfen, sind für gewöhnlich statische Analysen der schlimmsten Ausführzeiten der Teilprogramme des Echtzeitsystems nötig. Diese Arbeit stellt die Anforderungen von Echtzeitsystem an den Kontrollflussgraphen vor, auf dem die statischen Analysen arbeiten. Ein neuartiger Ansatz zur Rückberechnung von Kontrollflußgraphen aus Maschinenprogrammen, die häufig die Grundlage der WCET-Analyse von Echtzeitsystemen bilden, wird vorgestellt. WCET-Analysen können in zwei Teile zerlegt werden: a) die Analyse des Verhaltens der Hardwarebausteine, b) die Suche nach dem schlimmsten Ausführpfad. In dieser Arbeit wird ein neuartiger Ansatz der Pfadanalyse vorgestellt, der für ausgefeilte interprozedurale Analysemethoden ausgelegt ist, die vorher hier nicht verfügbar waren

Control flow graphs for real-time systems analysis: reconstruction from binary executables and usage in ILP-based path analysis

Real-time systems have to complete their actions w.r.t. given timing constraints. In order to validate that these constraints are met, static timing analysis is usually performed to compute an upper bound of the worst-case execution times (WCET) of all the involved tasks. This thesis identifies the requirements of real-time system analysis on the control flow graph that the static analyses work on. A novel approach is presented that extracts a control flow graph from binary executables, which are typically used when performing WCET analysis of real-time systems. Timing analysis can be split into two steps: a) the analysis of the behaviour of the hardware components, b) finding the worst-case path. A novel approach to path analysis is described in this thesis that introduces sophisticated interprocedural analysis techniques that were not available before.Echtzeitsysteme müssen ihre Aufgaben innerhalb vorgegebener Zeitschranken abwickeln. Um die Einhaltung der Zeitschranken zu überprüfen, sind für gewöhnlich statische Analysen der schlimmsten Ausführzeiten der Teilprogramme des Echtzeitsystems nötig. Diese Arbeit stellt die Anforderungen von Echtzeitsystem an den Kontrollflussgraphen vor, auf dem die statischen Analysen arbeiten. Ein neuartiger Ansatz zur Rückberechnung von Kontrollflußgraphen aus Maschinenprogrammen, die häufig die Grundlage der WCET-Analyse von Echtzeitsystemen bilden, wird vorgestellt. WCET-Analysen können in zwei Teile zerlegt werden: a) die Analyse des Verhaltens der Hardwarebausteine, b) die Suche nach dem schlimmsten Ausführpfad. In dieser Arbeit wird ein neuartiger Ansatz der Pfadanalyse vorgestellt, der für ausgefeilte interprozedurale Analysemethoden ausgelegt ist, die vorher hier nicht verfügbar waren

Immune System Based Control and Intelligent Agent Design for Power System Applications

The National Academy of Engineering has selected the US Electric Power Grid as the supreme engineering achievement of the 20th century. Yet, this same grid is struggling to keep up with the increasing demand for electricity, its quality and cost. A growing recognition of the need to modernize the grid to meet future challenges has found articulation in the vision of a Smart Grid in using new control strategies that are intelligent, distributed, and adaptive. The objective of this work is to develop smart control systems inspired from the biological Human Immune System to better manage the power grid at the both generation and distribution levels. The work is divided into three main sections. In the first section, we addressed the problem of Automatic Generation Control design. The Clonal Selection theory is successfully applied as an optimization technique to obtain decentralized control gains that minimize a performance index based on Area Control Errors. Then the Immune Network theory is used to design adaptive controllers in order to diminish the excess maneuvering of the units and help the control areas comply with the North American Electric Reliability Corporation\u27s standards set to insure good quality of service and equitable mutual assistance by the interconnected energy balancing areas. The second section of this work addresses the design and deployment of Multi Agent Systems on both terrestrial and shipboard power systems self-healing using a novel approach based on the Immune Multi-Agent System (IMAS). The Immune System is viewed as a highly organized and distributed Multi-Cell System that strives to heal the body by working together and communicating to get rid of the pathogens. In this work both simulation and hardware design and deployment of the MAS are addressed. The third section of this work consists in developing a small scale smart circuit by modifying and upgrading the existing Analog Power Simulator to demonstrate the effectiveness of the developed technologies. We showed how to develop smart Agents hardware along with a wireless communication platform and the electronic switches. After putting together the different designed pieces, the resulting Multi Agent System is integrated into the Power Simulator Hardware. The multi Agent System developed is tested for fault isolation, reconfiguration, and restoration problems by simulating a permanent three phase fault on one of the feeder lines. The experimental results show that the Multi Agent System hardware developed performed effectively and in a timely manner which confirms that this technology is very promising and a very good candidate for Smart Grid control applications

2-wire time independent asynchronous communications

Communications both to and between low end microprocessors represents a real cost in a number of industrial and consumer products. This thesis starts by examining the properties of protocols that help to minimize these expenses and comes to the conclusion that the derived set of properties define a new category of communications protocol : Time Independent Asynchronous ( TIA) communications. To show the utility of the TIA category we develop a novel TIA protocol that uses only 2-wires and general IO pins on each host. The protocol is analyzed using the Petri net based STG ( Signal Transition Graph) which is widely use to model asynchronous logic. It is shown that STGs do not accurately model the behavior of software driven systems and so a modified form called STG-FT ( STG For Threads) is developed to better model software systems. A simulator is created to take an STG-FT model and perform a full reachability tree analysis to prove correctness and analyze livelock and deadlock properties. The simulator can also examine the full reachability tree for every possible system state ( the cross product of all sub-system states), and analyze deadlock and livelock issues related to unexpected inputs and unusual situations. Reachability pruning algorithms are developed which decrease the search tree by a factor of approximately 250 million. The 2-wire protocol is implemented between a PC and an Atmel Tiny26 microprocessor, there is also a variant that works between microprocessors. Testing verifies the simulation results including an avoidable livelock condition with data throughput peaking at a useful 50 kilobits/second in both directions. The first practical application of 2-wire TIA is part of a novel debugger for the Atmel Tiny26 microprocessor. The approach can be extended to any microprocessor with general IO pins. TIA communications, developed in this thesis, is a serious contender whenever low end microprocessors must communicate with other processors. Consumer and industrial products may be able to achieve cost saving by using this new protocol