Manoj G. Dixit

Schedulability and end-to-end latency in distributed ECU networks: formal modeling and precise estimation

Embedded control systems in automobiles are typically implemented by a set of tasks deployed on multiple Electronic Control Units (ECUs) communicating via one or more buses like CAN or FlexRay. In the case of safety-critical systems, there are hard real-time bounds on the (i) response times of tasks/messages, and (ii) end-to-end latencies of certain task/message chains. These depend on various factors like the number of tasks (and messages) involved in the processing (and communication) sequence, parameters of these tasks/messages, scheduling policies, communication protocols, clock drifts, etc. Moreover, since the data transfer among tasks/messages is typically via asynchronous buffers that are overwritable and sticky, multiple semantics are possible for end-to-end latency. Hence, precise estimation of response times and end-to-end latencies in embedded systems is a non-trivial problem. In this paper, we propose a model-checking based technique to compute worst-case response times and end-to-end latencies. We consider a distributed system made of preemptively scheduled tasks and non-preemptively scheduled messages. Given a chain in the system, we estimate two different end-to-end latencies --LIFO and LILO-- which are important in automotive domain. From a system description, we automatically synthesize a formal model based on a discrete event simulation formalism called Calendar Automata. It is then model-checked to compute response times and end-to-end latencies. Our technique is more scalable than the existing formal methods based techniques. We have illustrated this technique on reasonably large case-studies from the automotive domain.

Time-budgeting: a component based development methodology for real-time embedded systems

The design of a complex embedded control system involves integration of large number of components. These components need to interact in a timely fashion to achieve the system level end-to-end requirements. In practice, the component level timing specification consists of design attributes like component task mapping, task period and schedule definition but often lack details on their real-time (functional) requirements. As we observe, there is no systematic methodology in place for decomposing the feature level timing requirements into component level timing requirements. This paper proposes an early stage time-budgeting methodology to bridge the above gap. A salient proposal of this methodology is to consider parameterized component timing-requirements. A key step in the methodology involves computing a set of constraints by relating component requirements with feature requirements. This enables the separation of timing constraints from functionality decomposition, and facilitates early optimization of the component time-budget for a complex component based embedded system. This paper formalizes the proposed methodology by using Parametric Temporal Logic. A case study involving two advanced features from the automotive domain, namely Adaptive Cruise Control and Collision Mitigation is given to demonstrate the methodology.

Taming the component timing : a CBD methodology for real-time embedded systems

The growing trend towards using component based design approach in embedded system development requires addressing newer system engineering challenges. These systems are usually time critical and require timing guarantees from components. The articulation of a desirable response bounds for the components is often ad-hoc and happens late in development. In this work, we present a formal methods based methodology for an early stage design space exploration. We focus on real-time response of a component as a basis for exploration and allow the developer model it using constant values or parameters. To quantify the parameters, we propose a novel constraint synthesis technique to correlate response times of interacting components. Finally, for system integration, we introduce a new notion of timing layout to specify time-budgeting for each component. The selection of a suitable layout can be made based on system optimization criteria. We have demonstrated our methodology on an automotive Adaptive Cruise Control feature.

Formal Requirements Analysis Techniques for Software-Intensive Automotive Electronic Control Systems

The ever increasing number and complexity of software-controlled features in todays automotive vehicles mandate the use of numerous techniques and tools for ensuring the absence of any kind of defects in them. In this connection, one of the key areas of applied research today involves the identification, development and use of various analyses on Feature Requirements so that any defects can be caught early in the system development lifecycle. In this paper, the following aspects will be covered: 1) an overview of various analyses available within current commercial requirements tools, 2) a discussion on what additional analyses at the requirements level would be desirable to help various stakeholders in the system development lifecycle, 3) an overview of what GM R&D has been developing/have developed to-date in order to identify or help identify various kinds of defects and thereby improve the requirements, 4) some key results and experiences in utilizing such analyses in one/more pilot applications and 5) a discussion of how the benefits of both current and new techniques and tools can be made use of in the development of new software -based automotive electronic control systems.

Some results on Parametric Temporal Logic

Parametric Temporal Logic extends linear temporal logic by allowing the temporal operators to additionally specify quantitative and parametric bounds on event occurrences. In this paper, we revisit and provide improved solutions to the four important problems of emptiness, universality, finiteness and construction considered in the literature for this logic.

Early Time-Budgeting for Component-Based Embedded Control Systems

One of the challenging steps in the development of component based embedded control systems involves decomposition of feature or system level timing requirements into component level timing requirements. Often it is observed that the timing is introduced at a later stage in the development cycle and ad hoc estimates are made which lead to costly and multiple design iterations. This chapter proposes a methodology that addresses this problem using a simple but powerful idea of using parametric specification. A key step in the methodology is component time-budgeting, which involves identifying a set of parametric timing requirements for the components realizing a feature functionality. This is followed by a verification step which computes a set of constraints on the parameters such that any valuation of the parameters satisfying the constraints achieves the feature requirements. This avoids the ad hoc time estimates and the consequent design iteration. The methodology is formalized using Parametric Temporal Logic and illustrated on a reasonably sized automotive case study.

Scalable model-checking for precise end-to-end latency computation

Correct functionality of automotive embedded control systems often requires that the end-to-end latencies of data items traversing through specified task/message chains from sensors to actuators are within specified bounds. Hence, accurate estimation of the worst-case end-to-end latency has significant impact on the design of system architectures. Model-checking based techniques can provide accurate estimates of worst-case end-to-end latency, as they are based on exhaustive state-space exploration. However, state-space explosion may limit their applicability to small and medium sized systems. In this paper, we present an abstract system model that can be used for model-checking based latency computation, leading to a major increase in scalability. This is achieved by on-the-fly generation of abstract models for task activations, based on a proposed variant of the Joseph-Pandya equation.