Quirks and Challenges in the Design and Verification of Efficient, High-Load Real-Time Software Systems

International audienceExisting concepts for ensuring the correctness of the timing behavior of real-time systems are often based on schedulability analysis methods using exact proofs. Due to the complexity of the scheduling problem, today typically worst case approximations are used to judge the reliability of the timing behavior in software systems. In industrial practice, however, this leads to large safety margins in the design of products which are commercially unacceptable in many application domains. For such highly-efficient systems, schedulability analysis methods that are too pessimistic are of limited benefit. As a consequence, penetration of real-time analysis is suboptimal in the industrial software development, which possibly leads to insufficient quality of the developed products. Therefore, new approaches are needed to support the design and validation of high-load real-time systems with an average CPU load of 90% or above to improve the situation

Mitigating Software-Instrumentation Cache Effects in Measurement-Based Timing Analysis

Measurement-based timing analysis (MBTA) is often used to determine the timing behaviour of software programs embedded in safety-aware real-time systems deployed in various industrial domains including automotive and railway. MBTA methods rely on some form of instrumentation, either at hardware or software level, of the target program or fragments thereof to collect execution-time measurement data. A known drawback of software-level instrumentation is that instrumentation itself does affect the timing and functional behaviour of a program, resulting in the so-called probe effect: leaving the instrumentation code in the final executable can negatively affect average performance and could not be even admissible under stringent industrial qualification and certification standards; removing it before operation jeopardizes the results of timing analysis as the WCET estimates on the instrumented version of the program cannot be valid any more due, for example, to the timing effects incurred by different cache alignments. In this paper, we present a novel approach to mitigate the impact of instrumentation code on cache behaviour by reducing the instrumentation overhead while at the same time preserving and consolidating the results of timing analysis

parMERASA Multi-Core Execution of Parallelised Hard Real-Time Applications Supporting Analysability

International audienceEngineers who design hard real-time embedded systems express a need for several times the performance available today while keeping safety as major criterion. A breakthrough in performance is expected by parallelizing hard real-time applications and running them on an embedded multi-core processor, which enables combining the requirements for high-performance with timing-predictable execution. parMERASA will provide a timing analyzable system of parallel hard real-time applications running on a scalable multicore processor. parMERASA goes one step beyond mixed criticality demands: It targets future complex control algorithms by parallelizing hard real-time programs to run on predictable multi-/many-core processors. We aim to achieve a breakthrough in techniques for parallelization of industrial hard real-time programs, provide hard real-time support in system software, WCET analysis and verification tools for multi-cores, and techniques for predictable multi-core designs with up to 64 cores

Re-verification of a Lip Synchronization Algorithm using robust reachability

The timed automata formalism is an important model for specifying and analysing real-time systems. Robustness is the correctness of the model in the presence of small drifts on clocks or imprecision in testing guards. A symbolic algorithm for the analysis of the robustness of timed automata has been implemented. In this paper we re-analyse an industrial case lip synchronization protocol using the new robust reachability algorithm.This lip synchronization protocol is an interesting case because timing aspect are crucial for the correctness of the protocol. Several versions of the model are considered, with an ideal video stream, with anchored jitter, and with non-anchored jitter

Re-verification of a Lip Synchronization Protocol using Robust Reachability

The timed automata formalism is an important model for specifying and analysing real-time systems. Robustness is the correctness of the model in the presence of small drifts on clocks or imprecision in testing guards. A symbolic algorithm for the analysis of the robustness of timed automata has been implemented. In this paper, we re-analyse an industrial case lip synchronization protocol using the new robust reachability algorithm. This lip synchronization protocol is an interesting case because timing aspects are crucial for the correctness of the protocol. Several versions of the model are considered: with an ideal video stream, with anchored jitter, and with non-anchored jitter

Supporting Early Modeling and End-to-end Timing Analysis of Vehicular Distributed Real-Time Applications

REACTION 2012. 1st International workshop on Real-time and distributed computing in emerging applications. December 4th, 2012, San Juan, Puerto Rico.The current model- and component-based development approaches for automotive distributed real-time systems have non-existing, or limited, support for modeling network traffic originating from outside the vehicle, i.e., vehicle-tovehicle, vehicle-to-infrastructure, and cloud-based applications. We present novel modeling and analysis techniques to allow early end-to-end timing analysis of distributed applications based on their models and simple models of network traffic that originates from outside of the model. As a proof of concept, we implement these techniques in the existing industrial tool suite Rubus- ICE which is used for the development of software for vehicular embedded systems by several international companies. We also conduct an application-case study to validate our techniques.This work is supported by the Swedish Knowledge Foundation (KKS) within the project FEMMVA. We thank the industrial partners Arcticus Systems, BAE Systems Hägglunds and Volvo Construction Equipment (VCE), Sweden

Time Triggered Scheduling Analysis for Real-Time Applications on Multicore Platforms

REACTION 2014. 3rd International Workshop on Real-time and Distributed Computing in Emerging Applications. Rome, Italy. December 2nd, 2014.Scheduling of real-time applications for multicore platforms has become an important research topic. For analyzing the timing satisfactions of real-time tasks, most researches in the literature assume independent tasks. However, industrial applications are usually with fully tangled dependencies among the tasks. Independence of the tasks provides a very nice abstraction, whereas dependent structures due to the tangled executions of the tasks are closer to the real systems. This paper studies the scheduling policies and the schedulabil-ity analysis based on independent tasks by hiding the execution dependencies with additional timing parameters. Our scheduling policy relates to the well-known periodic task model, but in contrast, tasks are able to communicate with each other. A feasible task set requires an analysis for each core and the communication infrastructure, which can be performed indi-vidually by decoupling computation from communication in a distributed system. By using a Time-Triggered Constant Phase (TTCP) scheduler, each task receives certain time-slots in the hyper-period of the task set, which ensures a time-predictable communication impact. In this paper, we provide several algorithms to derive the time-slot for each task. Further, we found a fast heuristic algorithm to calculate the time-slot for each task, which is capable to reach a core utilization of 90% by considering typical industrial applications. Finally, experiments show the effectiveness of our heuristic and the performance in different settings.Publicad

A confidence assessment of WCET estimates for software time randomized caches

Obtaining Worst-Case Execution Time (WCET) estimates is a required step in real-time embedded systems during software verification. Measurement-Based Probabilistic Timing Analysis (MBPTA) aims at obtaining WCET estimates for industrial-size software running upon hardware platforms comprising high-performance features. MBPTA relies on the randomization of timing behavior (functional behavior is left unchanged) of hard-to-predict events like the location of objects in memory — and hence their associated cache behavior — that significantly impact software's WCET estimates. Software time-randomized caches (sTRc) have been recently proposed to enable MBPTA on top of Commercial off-the-shelf (COTS) caches (e.g. modulo placement). However, some random events may challenge MBPTA reliability on top of sTRc. In this paper, for sTRc and programs with homogeneously accessed addresses, we determine whether the number of observations taken at analysis, as part of the normal MBPTA application process, captures the cache events significantly impacting execution time and WCET. If this is not the case, our techniques provide the user with the number of extra runs to perform to guarantee that cache events are captured for a reliable application of MBPTA. Our techniques are evaluated with synthetic benchmarks and an avionics application.The research leading to these results has received funding from the European Community’s Seventh Framework Programme [FP7/2007-2013] under the PROXIMA Project (www.proxima-project.eu), grant agreement no 611085. This work has also been partially supported by the Spanish Ministry of Science and Innovation under grant TIN2015-65316, the HiPEAC Network of Excellence, and COST Action IC1202: Timing Analysis On Code-Level (TACLe). Jaume Abella has been partially supported by the Ministry of Economy and Competitiveness under Ramon y Cajal postdoctoral fellowship number RYC-2013-14717.Peer ReviewedPostprint (author's final draft