Christian Dietrich
Abstract
Cyber--physical systems typically target a dedicated purpose; their embedded real-time control system, such as an automotive control unit, is designed with a well-defined set of functionalities. On the software side, this results in a large amount of implicit and explicit static knowledge about the system and its behavior already at compile time. Compilers have become increasingly better at extracting and exploiting such static knowledge. For instance, many optimizations have been lifted up to the interprocedural or even to the whole-program level. However, whole-program optimizations generally stop at the application--kernel boundary: control-flow transitions between different threads are not yet analyzed.
In this article, we cross the application--kernel boundary by combining the semantics of a real-time operating system (RTOS) with deterministic fixed-priority scheduling (e.g., OSEK/AUTOSAR, ARINC 653, μITRON, POSIX.4) and the explicit application knowledge to enable system-wide, flow-sensitive compiler optimizations. We present two methods to extract a cross-kernel, control-flow--graph that provides a global view on all possible execution paths of a real-time system. Having this knowledge at hand, we tailor the operating system kernel more closely to the particular application scenario. For the example of a real-world safety-critical control system, we present three possible use cases. (1) Runtime optimizations, by means of specialized system calls for each call site, allow one speed up the kernel execution path by 28% in our benchmark scenario. Furthermore, we target transient hardware fault tolerance with two automated software-based countermeasures: (2) generation of OS state assertions on the expected system behavior, and (3) a system-wide dominator-region based control-flow error detection, both of which leverage significant robustness improvements.
- Airlines Electronic Engineering Committee (AEEC). 2003. Avionics Application Software Standard Interface (ARINC Specification 653-1).Google Scholar
- Z. Alkhalifa, V. S. S. Nair, N. Krishnamurthy, and J. A. Abraham. 1999. Design and evaluation of system-level checks for on-line control flow error detection. IEEE Trans. Parallel Distrib. Syst. 10, 6 (June 1999), 627--641. DOI:http://dx.doi.org/10.1109/71.774911 Google ScholarDigital Library
- Frances E. Allen. 1970. Control flow analysis. SIGPLAN Not. 5, 7 (July 1970), 1--19. DOI:http://dx.doi.org/10.1145/390013.808479 Google ScholarDigital Library
- AUTOSAR. 2013. Specification of Operating System (Version 5.1.0). Technical Report. Automotive Open System Architecture GbR.Google Scholar
- Volker Barthelmann. 2002. Inter-task register-allocation for static operating systems. In Proceedings of the Joint Conference on Languages, Compilers and Tools for Embedded Systems (LCTES/SCOPES’02). ACM, New York, 149--154. DOI:http://dx.doi.org/10.1145/513829.513855 Google ScholarDigital Library
- A. Benso, S. Di Carlo, G. Di Natale, P. Prinetto, and L. Tagliaferri. 2001. Control-flow checking via regular expressions. In Proceedings of the 10th Asian Test Symposium 2001 (ATS’01). IEEE, Washington, DC, 299--303. DOI:http://dx.doi.org/10.1109/ATS.2001.990300 Google ScholarCross Ref
- Ramon Bertran, Marisa Gil, Javier Cabezas, Victor Jimenez, Lluis Vilanova, Enric Morancho, and Nacho Navarro. 2006. Building a global system view for optimization purposes. In 2nd W’shop on the Interaction between Operating Systems and Computer Architecture (WIOSCA’06). IEEE, Washington, DC.Google Scholar
- Manfred Broy. 2006. Challenges in automotive software engineering. In Proceedings of the 28th International Conference on Software Engineering (ICSE’06). ACM, New York. 33--42. DOI:http://dx.doi.org/10.1145/1134285.1134292 Google ScholarDigital Library
- Jim Cooling. 2003. Software Engineering for Real-Time Systems. Addison Wesley.Google Scholar
- Christian Dietrich, Martin Hoffmann, and Daniel Lohmann. 2015a. Back to the roots: Implementing the RTOS as a specialized state machine. In Proceedings of the 11th Annual Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT’15). 7--12.Google Scholar
- Christian Dietrich, Martin Hoffmann, and Daniel Lohmann. 2015b. Cross-kernel control-flow-graph analysis for event-driven real-time systems. In Proceedings of the 2015 ACM SIGPLAN/SIGBED Conference on Languages, Compilers and Tools for Embedded Systems (LCTES’15). ACM, New York. DOI:http://dx.doi.org/10.1145/2670529.2754963 Google ScholarDigital Library
- Christoph Erhardt, Michael Stilkerich, Daniel Lohmann, and Wolfgang Schröder-Preikschat. 2011. Exploiting static application knowledge in a Java compiler for embedded systems: A case study. In Proceedings of the 9th International Workshop on Java Technologies for Real-time 8 Embedded Systems. ACM, New York, 96--105. DOI:http://dx.doi.org/10.1145/2043910.2043927 Google ScholarDigital Library
- O. Goloubeva, M. Rebaudengo, M. S. Reorda, and M. Violante. 2003. Soft-error detection using control flow assertions. In Proceedings. of the18th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems. 581--588. DOI:http://dx.doi.org/10.1109/DFTVS.2003.1250158 Google ScholarCross Ref
- Martin Hoffmann, Florian Lukas, Christian Dietrich, and Daniel Lohmann. 2015. dOSEK: The design and implementation of a dependability-oriented static embedded kernel. In Proceedings of the 21st IEEE International Symposium on Real-Time and Embedded Technology and Applications (RTAS’15). IEEE, Washington, DC, 259--270. DOI:http://dx.doi.org/10.1109/RTAS.2015.7108449 Google ScholarCross Ref
- Yanhong Huang, Yongxin Zhao, Longfei Zhu, Qin Li, Huibiao Zhu, and Jianqi Shi. 2011. Modeling and verifying the code-level OSEK/VDX operating system with CSP. In Proceedings of the 5th International Symposium on Theoretical Aspects of Software Engineering (TASE’11). IEEE, Washington, DC, 142--149. DOI:http://dx.doi.org/10.1109/TASE.2011.11 Google ScholarDigital Library
- ISO 26262-4. 2011. ISO 26262-4:2011: Road vehicles -- Functional safety -- Part 4: Product Development at the System Level. ISO, Geneva, Switzerland.Google Scholar
- Richard Johnson, David Pearson, and Keshav Pingali. 1994. The program structure tree: Computing control regions in linear time. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’94). ACM, New York, 171--185. DOI:http://dx.doi.org/10.1145/178243.178258 Google ScholarDigital Library
- Kevin P. Lawton. 1996. Bochs: A portable PC emulator for Unix/X. Linux Journal 1996, 29es (1996), 7.Google ScholarDigital Library
- Thomas Lengauer and Robert Endre Tarjan. 1979. A fast algorithm for finding dominators in a flowgraph. ACM Trans. Program. Lang. Syst. 1, 1 (1979), 121--141. DOI:http://dx.doi.org/10.1145/357062.357071 Google ScholarDigital Library
- Peter Marwedel. 2006. Embedded System Design. Springer, Heidelberg, Germany.Google ScholarDigital Library
- Dylan McNamee, Jonathan Walpole, Calton Pu, Crispin Cowan, Charles Krasic, Ashvin Goel, Perry Wagle, Charles Consel, Gilles Muller, and Renauld Marlet. 2001. Specialization tools and techniques for systematic optimization of system software. ACM 19, 2 (May 2001), 217--251. DOI:http://dx.doi.org/10.1145/377769.377778 Google ScholarDigital Library
- MISRA. 2004. Guidelines for the Use of the C Language in Critical Systems. ISBN 0 9524156 2 3.Google Scholar
- N. Oh, P. P. Shirvani, and E. J. McCluskey. 2002. Control-flow checking by software signatures. IEEE Transactions on Reliability 51, 1 (2002), 111--122. DOI:http://dx.doi.org/10.1109/24.994926 Google ScholarCross Ref
- OSEK/VDX Group. 2004. OSEK Implementation Language Specification 2.5. Technical Report. OSEK/VDX Group. Retrieved from http://portal.osek-vdx.org/files/pdf/specs/oil25.pdf.Google Scholar
- OSEK/VDX Group. 2005. Operating System Specification 2.2.3. Technical Report. OSEK/VDX Group. Retrieved from http://portal.osek-vdx.org/files/pdf/specs/os223.pdf.Google Scholar
- Reese T. Prosser. 1959. Applications of Boolean matrices to the analysis of flow diagrams. In Papers Presented at the December 1-3, 1959, Eastern Joint IRE-AIEE-ACM Computer Conference (IRE-AIEE-ACM’59 (Eastern)). ACM, New York, 133--138. DOI:http://dx.doi.org/10.1145/1460299.1460314 Google ScholarDigital Library
- Calton Pu, Henry Massalin, and John Ioannidis. 1988. The synthesis kernel. Computing Systems 1, 1 (1988), 11--32.Google Scholar
- Fabian Scheler and Wolfgang Schröder-Preikschat. 2010. The RTSC: Leveraging the migration from event-triggered to time-triggered systems. In EDCC IEEE International Symposium on OO Real-Time Distributed Computing (ISORC’10). IEEE, Washington, DC, 34--41. DOI:http://dx.doi.org/10.1109/ISORC.2010.11 Google ScholarDigital Library
- Horst Schirmeier, Martin Hoffmann, Christian Dietrich, Michael Lenz, Daniel Lohmann, and Olaf Spinczyk. 2015. FAIL*: An open and versatile fault-injection framework for the assessment of software-implemented hardware fault tolerance. In Proceedings of the 11th European Dependable Computing Conference (EDCC’15), Pierre Sens (Ed.). 245--255. Google ScholarDigital Library
- O. Shivers. 1988. Control flow analysis in scheme. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’88). ACM, New York, 164--174. DOI:http://dx.doi.org/10.1145/53990.54007 Google ScholarDigital Library
- Hiroaki Takada and Ken Sakamura. 1995. μITRON for small-scale embedded systems. IEEE Micro 15, 6 (1995), 46--54. DOI:http://dx.doi.org/10.1109/40.476258 Google ScholarDigital Library
- Peter Ulbrich, Rüdiger Kapitza, Christian Harkort, Reiner Schmid, and Wolfgang Schröder-Preikschat. 2011. I4Copter: An adaptable and modular quadrotor platform. In Proceedings of the 26th ACM Symposium on Applied Computing (SAC’11). ACM, New York, 380--396. Google ScholarDigital Library
- R. Vemu and J. A. Abraham. 2008. Budget-dependent control-flow error detection. In Proceedings of the 14th IEEE International On-Line Testing Symposium (OLTS’08). 73--78. DOI:http://dx.doi.org/10.1109/IOLTS.2008.52 Google ScholarDigital Library
- Libor Waszniowski and Zdenĕk Hanzálek. 2008. Formal verification of multitasking applications based on timed automata model. Real-Time Systems 38, 1 (Jan. 2008), 39--65. DOI:http://dx.doi.org/10.1007/s11241-007-9036-z Google ScholarDigital Library
- S. S. Yau and Fu-Chung Chen. 1980. An approach to concurrent control flow checking. IEEE TOSE SE-6, 2 (Mar 1980), 126--137. DOI:http://dx.doi.org/10.1109/TSE.1980.234478 Google ScholarDigital Library
Index Terms
- Global Optimization of Fixed-Priority Real-Time Systems by RTOS-Aware Control-Flow Analysis
Recommendations
Cross-Kernel Control-Flow--Graph Analysis for Event-Driven Real-Time Systems
LCTES'15: Proceedings of the 16th ACM SIGPLAN/SIGBED Conference on Languages, Compilers and Tools for Embedded Systems 2015 CD-ROMEmbedded real-time control systems generally have a dedicated purpose and fixed set of functionalities. This manifests in a large amount of implicit and explicit static knowledge, available already at compile time. Modern compilers can extract and ...
Cross-Kernel Control-Flow--Graph Analysis for Event-Driven Real-Time Systems
LCTES '15Embedded real-time control systems generally have a dedicated purpose and fixed set of functionalities. This manifests in a large amount of implicit and explicit static knowledge, available already at compile time. Modern compilers can extract and ...
Pushdown control-flow analysis for free
POPL '16Traditional control-flow analysis (CFA) for higher-order languages introduces spurious connections between callers and callees, and different invocations of a function may pollute each other's return flows. Recently, three distinct approaches have been ...
Comments