Grace Tsai

Specification and Timing Analysis of Real-Time Systems

The correctness of hard real-time systems depends not only on the correct functional behavior but also on the correct temporal behavior. That is, the designed hard real-time system should meet all its functional and timing requirements even in the worst case. By performing timing analysis in early stages of the system life cycle, it is possible to reduce the overall development costs. This is due to the fact that the detection of the deadline violation in hard real-time systems will often lead to a complete redesign. Therefore the integration of system specification and timing analysis will be very helpful in the design of hard real-time systems. In this paper a method is proposed which supports both functional and timing verification of the specified system. The method integrates the extended specification and description language (SDL) and message sequence chart (MSC) specifications with the task allocation and schedulability analysis algorithms. The extensions of SDL and MSC are annotations in form of embedded comments in the original languages. They are used to describe the timing requirements of the specified system. The usability of the proposed method is illustrated through a case study.

Statically safe speculative execution for real-time systems

Deterministic worst-case execution for satisfying hard-real-time constraints, and speculative execution with rollback for improving average-case throughput, appear to lie on opposite ends of a spectrum of performance requirements and strategies. Nonetheless, we show that there are situations in which speculative execution can improve the performance of a hard real-time system, either by enhancing average performance while not affecting the worst-case, or by actually decreasing the worst-case execution time. The paper proposes a set of compiler transformation rules to identify opportunities for speculative execution and transform the code. Moreover, we have conducted an extensive experiment using simulation of randomly generated real-time programs to evaluate applicability and profitability of speculative execution. The simulation results indicate that speculative execution improves average execution time and program timeliness. Finally, a prototype implementation is described in which these transformations have been evaluated for realistic applications.

Constructing an Interval Temporal Logic for Real-Time System

Abstract This paper presents a modal logic, Interval Temporal Logic, built upon a classical predicate logic L. In the logic system, we consider formulas that can be used to reason about timing properties of systems, in particular, interval formulas and responsiveness assertions. These formulas can be used to describe timing constraints of a system. Hence they can be used to ensure satisfaction of system behavior provided that they are not violated at run-time. A decision procedure is presented to evaluate these formulas. A railroad crossing example is used to illustrate run-time evaluation of interval formulas and responsiveness assertions.

Using speculative execution for fault tolerance in a real-time system

Achieving fault-tolerance using a primary-backup approach involves overhead of recovery such as activating the backup and propagating execution states, which may affect the timeliness properties of real-time systems. We propose a semi-passive architecture for fault-tolerance and show that speculative execution can enhance overall performance and hence shorten the recovery time in the presence of failure. The compiler is used to detect speculative execution, to insert check-points and to construct the updated messages. Simulation results are reported to show the contribution of speculative execution under the proposed architecture.

Formal Verification of Compiler Transformations for Speculative Real-Time Execution

There have been a number of successes in the past few years in use of formal methods for verification of real-time systems, and also in source-to-source transformation of these systems for improved analysis, performance, and schedulability. What has been lacking are formal proofs that these transformations preserve, or establish program properties. We have previously developed a set of compiler transformation rules for safe and profitable speculative execution in real-time systems. In this paper, we present formal proofs that our transformations preserve both the semantic and the timeliness properties of programs. Our approach uses temporal logic, enhanced with a denotational-semantics-like representation of program stores. While the paper focuses on the speculative execution transformations, the approach is applicable to other real-time compiler-based transformations and code optimization.

Using Program Transformations to Provide Safety Properties for Real-Time Systems

The process of showing that a program satisfies some particular properties with respect to its specification is called program verification. Axiomatic semantics is a verification method that makes assertions describing properties about the states of a program. There exists a transformation from the assertions of a programs verification proof to executable assertions. The latter may be embedded in the program to make it fault tolerant. An axiomatic proof system for concurrent programs is applied to generate executable assertions in a real time distributed environment. A train set example is used as modelproblem.

Checking the Temporal Behaviour of Distributed and Parallel Embedded Systems

An independent test facility is described, which simulates the environments of distributed and parallel embedded real time systems with special emphasis on the exact modeling of the prevailing time conditions. Its main application areas are software verification and safety licensing. Following the black box approach, just by providing worst case oriented input patterns to integrated hardware/software systems and monitoring the corresponding outputs, the time behaviour of such systems can precisely be determined. High accuracy time information is provided by employing a hardware supported timer synchronised with legal time, viz., Universal Time Co-ordinated, as received via GPS satellites.

Deriving a Fault Tolerant Real Time Program using Program Verification

ABSTRACT The process of showing that a program satisfies some particular properties with respect to its specification is called program verification. Axiomatic semantics is a verification method that makes assertions describing properties about the states of a program. There exists a transformation from the assertions of a programs verification proof to executable assertions. The latter may be embedded in the program to make it fault tolerant. An axiomatic proof system for concurrent programs is applied to generate executable assertions in a real time distributed environment. A train set example is used as model problem.

Safety Related Real Time Programming

Abstract Programs employed for purposes of safety critical control must be verified rigorously, i.e., subjected to formal safety licensing, which constitutes a very difficult and hitherto not satisfactorily solved problem. The essential issues and fundamental principles of safety related programs and computer applications are elaborated, and the importance of the human element in their development process is pointed out. At any time, utmost simplicity should be strived for, and self-discipline should be exercised. To each of the four safety integrity levels as defined by 1EC 61508-1 is assigned, respectively, a set of static and inherently safe language constructs, as well as a typical programming language or method, whose syntax enforces observation of the prevailing restrictions and rules. This is done in accordance with simplicity and comprehensibility of the verification methods available for the selected programming paradigms to meet the requirements of the individual safety integrity levels and, thus, the trustworthiness of the corresponding results. The programming methods cause/effect tables and function block diagrams on the basis of verified libraries assigned to the two upper safety integrity levels SIL 4 and SIL 3 are the only ones so far allowing, at the present state of the art, to verify automation software, which has to meet high safety requirements, in easy and economic ways. For the lower safety integrity levels, textual languages are introduced, viz., for SIL 2 a partial language enabling formal program verification, and for SIL 1 a static language with safe constructs for asynchronous multitasking. To formulate sequential function charts, an inherently safe language is defined.

Building Re-Usable Components Using Formal Specifications for Complex Evolving Systems

Abstract A complex evolving (evolutionary) system is one which must adapt to changes in the environments during development and after deployment. A key to success in building an evolving system lies in the construction of the manager for the evolving system, i.e., the repository and its search engine. An approach to identify software components with semantic and syntactic similarity is presented as a key step in constructing such a repository. We then define levels of semantic matches for use in retrieval and re-use of software components; these can then be used to construct a hierarchy of components in the repository. Finally, initial steps toward an integrated set of formal methods tools for developing and maintaining evolving system managers is suggested.