Run-Time Guarantees for Real-Time Systems

Wilhelm, Reinhard

doi:10.1007/978-3-540-40903-8_13

Run-Time Guarantees for Real-Time Systems

Reinhard Wilhelm⁶

Conference paper

429 Accesses
2 Citations
1 Altmetric

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2791))

Abstract

Hard Real-Time systems are subject to stringent timing constraints, which result from the interaction with the surrounding physical environment. The provider of the system has to guarantee that all timing constraints will be met. Such a guarantee is typically given by successfully executing a schedulability analysis. A schedulability analysis of a set of tasks requires the worst case execution times (WCET) of the tasks to be known. Since in general the problem of computing WCETs is not decidable, estimations of the WCET in form of upper bounds have to be calculated. The upper bounds always exist, since real-time programs don’t allow unbounded iteration or recursion. These upper bounds are still called the worst case execution times of the tasks. The estimations have to be safe, i.e., they may never underestimate the real execution time. Furthermore, they should be tight, i.e., the overestimation should be as small as possible.

In modern processor architectures, caches, pipelines, and different kinds of speculative execution are key features for improving performance. Unfortunately, they make the prediction of the behaviour of instructions very difficult since this behaviour now depends on the execution history. Therefore, most classical approaches to worst case execution time prediction are not directly applicable or lead to results exceeding the real execution time by orders of magnitude.

We split the analysis into a set of subtasks: Value Analysis, Cache and Pipeline Analysis, and Worst-Case Path Determination. Value analysis attempts to determine the values in registers for each program point in order to statically compute Effective Addresses normally known only at execution time. Effective addresses are needed for the data cache analysis. Cache Analysis predicts the instruction and data cache behaviour of the program, and Pipeline Analysis predicts the pipeline behaviour. These three analyses are all done by Abstract Interpretation.

The essential idea is the following: The execution of an instruction or even a single memory access or a pipeline phase during the execution of an instruction can contribute different costs to the program’s execution time depending on the execution history. All non-optimal executions of an instruction or part of an instruction we will consider as Time Accidents. We then regard Safety Properties being the absence of time accidents at individual instructions. Abstract Interpretation is then used to verify as many of such safety properties as possible. Any verified safety property allows the reduction of the WCET.

The final step of the run-time prediction is Worst-case Path Analysis. It solves an Integer Linear Program (ILP) expressing the program control flow and taking into account the predicted maximum number of machine cycles for each Basic Block of the program. Maximizing an objective function expressing the total number of machine cycles for each program path yields an upper bound of the program’s execution times.

WCET tools have been implemented for several processors and are now being used in the aeronautics and the automotive industries. Benchmarks have shown that very tight bounds on the execution times can be derived by the techniques mentioned above.

Work supported by project IST-2001-34820, Advanced Real-Time Systems (ARTIST)

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Engblom, K.: Processor Pipelines and Static Worst-Case Execution Time Analysis. PhD thesis, Uppsala University (2002)
Google Scholar
Ferdinand, C., Heckmann, R., Langenbach, M., Martin, F., Schmidt, M., Theiling, H., Thesing, S., Wilhelm, R.: WCET Determination for a Real-Life Processor. In: Henzinger, T.A., Kirsch, C.M. (eds.) EMSOFT 2001. LNCS, vol. 2211, pp. 469–485. Springer, Heidelberg (2001)
Chapter Google Scholar
Langenbach, M., Thesing, S., Heckmann, R.: Pipeline Modelling for Timing Analysis. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 294–309. Springer, Heidelberg (2002)
Chapter Google Scholar
Thesing, S., Souyris, J., Heckmann, R., Randimbivololona, F., Langenbach, M., Wilhelm, R., Ferdinand, C.: An abstract interpretation-based timing validation of hard real-time avionics software systems. In: Proceedings of the Performance and Dependability Symposium, San Francisco, CA (June 2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Informatik, Saarland University, Saarbruecken, Germany
Reinhard Wilhelm

Authors

Reinhard Wilhelm
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dept. of Computer Science, Aalborg University, Denmark
Kim Guldstrand Larsen
Laboratoire d’Informatique Fondamentale de Marseille, CMI, 39, rue Joliot Curie, 13453, Marseille Cedex 13, France
Peter Niebert

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wilhelm, R. (2004). Run-Time Guarantees for Real-Time Systems. In: Larsen, K.G., Niebert, P. (eds) Formal Modeling and Analysis of Timed Systems. FORMATS 2003. Lecture Notes in Computer Science, vol 2791. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40903-8_13

Download citation

DOI: https://doi.org/10.1007/978-3-540-40903-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21671-1
Online ISBN: 978-3-540-40903-8
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics