Towards Timing Predictability and Composability

Proceedings of the 1st IEEE/ACM/IFIP …, 2003

Current methods cannot synthesize real-time embedded software applications when the global deadline of a task is shorter than the total of all local deadlines along a critical path in the task. This creates unnecessary modeling limitations which directly affect the types ...

International Workshop on Modeling in Software Engineering (MISE'07: ICSE Workshop 2007), 2007

In this paper, we present some of the issues encountered when trying to apply model-driven approaches to the engineering of real-time systems. In real-time systems, quantitative values of time, as reflected through the duration of actions, are central to the system's correctness. We review basic time concepts and explain how time is handled in different modeling languages. We expose the inherent paradox of incorporating quantitative time-dependent behavior in high-level models. High-level models are typically built before the system is implemented, which makes quantitative time metrics difficult to predict since these metrics depend heavily on implementation details. We provide some possible answers to this paradox and explain how the Timed Abstract State Machine (TASM) language helps address some of these issues.

ACM Transactions on Software Engineering and Methodology, 2007

Embedded real-time systems consist of hardware and software that controls the behavior of a device or plant. They are ubiquitous in today's technological landscape and found in domains such as telecommunications, nuclear power, avionics, and medical technology. These systems are difficult to design and build because they must satisfy both functional and timing requirements to work correctly in their intended environment. Furthermore, embedded systems are often critical systems, where failure can lead to loss of life, loss of mission, or serious financial consequences. Because of the difficulty in creating these systems and the consequences of failure, they require rigorous and reliable design approaches. The synchronous approach is one possible answer to this demand. Its mathematical basis provides formal concepts that favor the trusted design of embedded real-time systems. The multiclock or polychronous model stands out from other synchronous specification models by its capabil...

Embedded and Real-Time Computing …, 2006

Real-time logic (RTL) is useful for the verification of a safety assertion SA with respect to the specification SP of a real-time system. Since the satisfiability problem for RTL is undecidable, there were many efforts to find proper heuristics for proving that SP → SA holds. However, none of such heuristics necessarily finds an "optimal implication". After verifying SP → SA, and the system implementing SP is deployed, performance changes as a result of power-saving, faulty components, and cost-saving in the processing platform for the tasks specified in SP affect the computation times of the specified tasks. This leads to a different but related SP , which would violate the original SP → SA theorem if SA remains the same. It is desirable, therefore, to determine an optimal SP with the slowest possible computation times for its tasks such that the SA is still guaranteed. This is clearly a fundamental issue in the design and implementation of highly dependable real-time/embedded systems. This paper tackles this fundamental issue by describing a new method for relaxing SP and tightening SA such that SP → SA is still a theorem. Experimental results show that only about 10% of the running time of the heuristic for the verification of SP → SA is needed to find an optimal theorem.

A large class of embedded systems is distinguished from general-purpose computing systems by the need to satisfy strict requirements on timing, often under constraints on available resources. Predictable system design is concerned with the challenge of building systems for which timing requirements can be guaranteed a priori.

2013

High-level modeling languages and standards, such as Simulink, SysML, MARTE and AADL (Architecture Analysis & Design Language), are increasingly adopted in the design of embedded systems so that system-level analysis, verification and validation (V&V) and architecture exploration are carried out as early as possible. This paper presents our main contribution in this aim by considering embedded systems architectural modeling in AADL and functional modeling in Simulink; an original clock-based timing analysis and validation of the overall system is achieved via a formal polychronous/multi-clock model of computation. In order to avoid semantics ambiguities of AADL and Simulink, their features related to real-time and logical time properties are first studied. We then endue them with a semantics in the polychronous model of computation. We use this model of computation to jointly analyze the non-functional real-time and logical-time properties of the system (by means of logical and affine clock relations). Our approach demonstrates, through several case-studies conducted with Airbus and C-S Toulouse in the European projects CESAR and OPEES, how to cope with the system-level timing verification and validation of high-level AADL and Simulink components in the framework of Polychrony, a synchronous modeling framework dedicated to the design of safety-critical embedded systems.

2008

This paper discusses why the extensive scientific results on predicting embedded systems temporal behavior never, or very seldom, reaches the industrial community. We also point out the main issues that the scientific community should focus on in order to facilitate industrial-strength timing predictions. The core problem is that the scientific community uses too simplistic or research oriented timing models. The models stemming from academy do not fit well with the structure of real systems. Thus, extracting a timing model that is amenable for analysis may prove prohibitively difficult. And even if a model can be extracted, it may not capture real system scenarios well. Thus, results from analyzing these models do not reflect real system behavior, leading to unnecessary pessimistic timing predictions. In recent years, response-time analysis has matured to a degree where models can express complex system behaviors and analysis results are relatively tight with respect to real system behavior. However, in order to fully reach its potential, and be accepted by industry, several improvements of the technique are needed. First, behaviors that are commonly used in industrial systems (such as message passing and client/server-patterns) must be adequately captured by the timing models. Second, unnecessary pessimism in the analysis must be removed (i.e. the analysis results must correlate well with actual system behavior by providing minimal overestimation). Third, correlated behaviors of different parts of the systems must be accounted for (i.e. not all tasks will experience the worst case execution times at the same time).

ACM SIGBED Review, 2012

Often, component-based real-time systems are modeled with trigger and data chains. The end-to-end timing requirements on trigger chains are different from those on data chains. For a trigger chain, the interest lies in the calculation of holistic response time and its comparison with end-to-end deadline. Whereas, the schedulability of a data chain requires a comparison between its end-to-end latencies and corresponding deadlines. We discuss the problem of translating end-to-end timing requirements unambiguously from component-based real-time systems into timing analysis models which are required as input by the analysis tools. We also provide preliminary guidelines for such translations in the existing industrial tool suite.

Computational Analysis, Synthesis, & Design Dynamic Systems, 2012

Most of the existing modeling methods and tools for embedded application development use levels of abstraction where execution and communication times of computational tasks are not adequately captured. Thus, properties such as time and value determinism, which are crucial for safety-critical real-time systems, cannot be guaranteed when refining the model to move it closer to a target platform. In many cases, the link between the abstract model and its implementation is broken during the refinement process. An additional problem is that the resulting software components are often not portable and composable. The Logical Execution Time (LET) abstraction has been proposed to deal with these issues and to offer a correct-by-construction development that formally guarantees time and value determinism and that delivers portable embedded software components. LET allows the explicit, platform-independent specification of execution times. This chapter deals with the modeling and simulation of safety-critical embedded applications where timing requirements are specified in the Timing Definition Language (TDL) which supports the LET abstraction. TDL provides a programming model for both the time-triggered paradigm and the event-triggered paradigm. TDL components can be automatically deployed to large-scale distributed systems. We present a selection of TDL constructs and sketch the 2 seamless integration of TDL with two simulation environments, the MATLAB ® /Simulink ® [31] products from MathWorks ® and the open-source Ptolemy framework from the University of California, Berkeley.

In this paper we present a timing Petri net extension based o fuzzy set theory to perform timing analysis of software systems. A modular timing analysis is defined by using a structure tool named G-Net. Finally, we make some considerations about the integration of this timing extension and G-CPN, an object-based Petri net.