The process requirements that govern the development of high-integrity real-time systems make timing analysis an ineludible concern. Conceptually, the problem space of timing analysis includes the determination of the best, average and worst-case bounds for the execution time of the program parts of interest. As the problem space is vast, as often is the program to analyse, industry seeks tools and methods that can address its need effectively, that is to say, with a decent cost-benefit ratio. Static analysis is widely acknowledged as the most authoritative means to derive safe bounds on the worst-case execution time (WCET). The WCET in turn is the prerequisite input to feasibility analysis. Without WCET, feasibility analysis is just pointless. In terms of cost-benefit ratio, the value of feasibility analysis must be not inferior to the joint cost of obtaining the WCET values, ensuring the compliance of the system (at least in the worst case) to the analysis model, and running the analysis itself. It is not a given that this equation always holds in practice. When it does not, it is important to understand what are the impediments and how they can be slashed. Static WCET analysis is exposed to known fragilities in terms of cost efficiency and value tightness. Yet, the important progress achieved in the research around it suggests that the "WCET problem" is virtually solved, and quite satisfactorily so for simple single-processor architectures. The industrial ground, however, is the sole terrain where the truth of that claim can be ascertained. In this paper we discuss lessons learned from an experiment, massive for size, duration and effort, aimed to the timing analysis of a significant component of the software application embedded onboard a commercial satellite system. We discuss the limitations which we incurred in our application of static WCET analysis, highlighting those which we consider intrinsic to the method itself when confronted with the challenges of industrialscale systems.
On the industrial fitness of WCET analysis
Vardanega T.Supervision
2011
Abstract
The process requirements that govern the development of high-integrity real-time systems make timing analysis an ineludible concern. Conceptually, the problem space of timing analysis includes the determination of the best, average and worst-case bounds for the execution time of the program parts of interest. As the problem space is vast, as often is the program to analyse, industry seeks tools and methods that can address its need effectively, that is to say, with a decent cost-benefit ratio. Static analysis is widely acknowledged as the most authoritative means to derive safe bounds on the worst-case execution time (WCET). The WCET in turn is the prerequisite input to feasibility analysis. Without WCET, feasibility analysis is just pointless. In terms of cost-benefit ratio, the value of feasibility analysis must be not inferior to the joint cost of obtaining the WCET values, ensuring the compliance of the system (at least in the worst case) to the analysis model, and running the analysis itself. It is not a given that this equation always holds in practice. When it does not, it is important to understand what are the impediments and how they can be slashed. Static WCET analysis is exposed to known fragilities in terms of cost efficiency and value tightness. Yet, the important progress achieved in the research around it suggests that the "WCET problem" is virtually solved, and quite satisfactorily so for simple single-processor architectures. The industrial ground, however, is the sole terrain where the truth of that claim can be ascertained. In this paper we discuss lessons learned from an experiment, massive for size, duration and effort, aimed to the timing analysis of a significant component of the software application embedded onboard a commercial satellite system. We discuss the limitations which we incurred in our application of static WCET analysis, highlighting those which we consider intrinsic to the method itself when confronted with the challenges of industrialscale systems.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
