Quirks and Challenges in the Design and Verification of Efficient, High-Load Real-Time Software Systems

International audienceExisting concepts for ensuring the correctness of the timing behavior of real-time systems are often based on schedulability analysis methods using exact proofs. Due to the complexity of the scheduling problem, today typically worst case approximations are used to judge the reliability of the timing behavior in software systems. In industrial practice, however, this leads to large safety margins in the design of products which are commercially unacceptable in many application domains. For such highly-efficient systems, schedulability analysis methods that are too pessimistic are of limited benefit. As a consequence, penetration of real-time analysis is suboptimal in the industrial software development, which possibly leads to insufficient quality of the developed products. Therefore, new approaches are needed to support the design and validation of high-load real-time systems with an average CPU load of 90% or above to improve the situation

Deterministic Execution Sequence in Component Based Multi-Contributor Powertrain Control Systems

International audienceModern complex control applications, e.g. engine management systems, typically are built using a component based architecture, enabling the reuse of components and allowing to manage the complexity of the application in terms of functional content, size and interfaces. This approach of independently developed components is supported by the concepts available in AUTOSAR and therefore can be expected to gain increasing importance. However, due to the nature of the task of control applications there still is a strong coupling between individual parts of the components resulting in signal chains and consequently in sequencing requirements. The challenge to get such execution sequences implemented correctly is increased, as often the components are delivered by different and external parties. Our approach extends the idea of functional partitioning of the application into the time domain by defining a system of phases with a fixed sequence and a defined content. This allows to design components right from the beginning into this sequencing frame like they are designed today into the component partitioning frame and to define a system sequencing across different suppliers

Testing the Implementation of Concurrent AUTOSAR Drivers Against Architecture Decisions

Concurrent software based on a shared-memory model is predominant in industrial applications that cannot afford to execute complex message-passing libraries. However, direct access to shared memory creates implicit dependencies between concurrently executing components. Therefore, the development and maintenance of such software is hard. In this paper, we argue the need to manage, at the architectural level, the implicitly high coupling between concurrent components that share memory. We suggest an approach that verifies architectural specifications against the implementation and finds potential mismatches. While static analysis approaches can be complete and verify all possible mismatches, they are often imprecise, leading to a large number of false warnings, especially in concurrent software. Instead, we built our approach, using dynamic analysis, on top of one of the most well-known algorithms for detecting data races, Eraser Lockset, and extended its model to support features required for the verification process. Since Lockset operates on the execution traces, test cases that produce these traces must ensure proper coverage. Therefore, we argue the need to use test cases conforming to the strict modified condi-tion/decision coverage criteria (MC/DC). Our version of Lockset takes advantage of the fact that possible shared memory locations are known in advance. We further improved its precision by considering atomic operations as a synchronization mechanism. The approach was evaluated on industrial AUTOSAR drivers that execute concurrently