Martin Horauer

Specification and Implementation of the Universal TimeCoordinated Synchronization Unit (UTCSU)

High-accuracy external clock synchronization can only be achieved with adequate hardware support. We analyze the requirements and present the specification and implementation of an ASIC running under the acronym UTCSU dedicated to that purpose. It is built around an elaborated local clock, which is based on an adder driven by a fixed-frequency oscillator. This novel clock design allows a fine grained rate adjustability apt for maintaining both local time with linear continuous amortization and accuracy information as needed in interval-based clock synchronization. Additional features incorporated in our UTCSU are facilities to timestamp clock synchronization data packets, interfaces to couple GPS receivers, some application support as well as sophisticated self-test machinery. Apart from addressing design and engineering issues of the chip, we also provide a basic programming model.

NTI: A Network Time Interface M-module for high-accuracy clock synchronization

This paper provides a description of our Network Time Interface M-Module (NTI) supporting high-accuracy external clock synchronization by hardware. The NTI is built around our custom Universal Time Coordinated Synchronization Unit VLSI chip (UTCSU-ASIC), which contains most of the hardware support required for interval-based clock synchronization: A state and rate adjustable clock device with a high resolution, automatically maintained accuracy intervals, interfaces to GPS receivers, and various timestamping features. Designed for maximum network controller and CPU independence, our NTI provides a turn-key solution for adding synchronized clocks to distributed real-tune systems built upon hardware with M-Module interfaces.

Automated Testing of FlexRay Clusters for System Inconsistencies in Automotive Networks

Most innovations in the automotive domain are nowadays enabled by networked embedded systems. In this context a new communication subsystem termed FlexRay was recently introduced. Relying on the time-triggered paradigm it promises to provide the bandwidth and reliability required for future applications. For building reliable systems with FlexRay, verification and testing are of utmost importance. In this paper a new system test approach that focuses on the communication subsystem is presented. With the help of a dedicated FPGA-based star-coupler we show that inconsistent system states (slightly-off- specification failures) can occur in real life systems, how they can be found using our solution and how one can avoid them.

A structured approach for the systematic test of embedded automotive communication systems

We present a systematic test strategy for the communication subsystem of a distributed automotive system. Key points are (1) system decomposition into layers and services and (2) integration of fault injection and monitoring within this framework

Past time LTL runtime verification for microcontroller binary code

This paper presents a method for runtime verification of microcontroller binary code based on past time linear temporal logic (ptLTL). We show how to implement a framework that, owing to a dedicated hardware unit, does not require code instrumentation, thus, allowing the program under scrutiny to remain unchanged. Furthermore, we demonstrate techniques for synthesizing the hardware and software units required to monitor the validity of ptLTL specifications.

A layer model for the systematic test of time-triggered automotive communication systems

This paper presents a layer model tailored for the test of distributed systems that rely on the time-triggered paradigm, such as the FlexRay protocol that is currently employed in the automotive industry. The presented layer model is applied for the generation of a fault model, aids in the inspection of fault propagation throughout the distributed system under consideration and is used for fault diagnosis of defective electronic control units. To that end, this systematic test and diagnosis approach to provide a solid basis for analyzing and verifying future by-wire systems with respect to their communication properties.

Model checking embedded software of an industrial knitting machine

Model checking is a promising approach for the verification of embedded systems software. The [mc]square approach for verification of binary code provides several improvements compared to other existing methods: the system model is automatically derived from the binary code using dedicated microcontroller simulators and state spaces are reduced by applying automatic abstraction techniques. In this paper, we survey the involved mechanisms and assess the overall approach by conducting an industrial case study – the verification of the embedded software of a monitoring device of a knitting machine.

Refining assembly code static analysis for the Intel MCS-51 microcontroller

Embedded systems are ubiquitous and their software is in most cases the elaborate part of the system. The use of formal verification methods such as model checking was proposed to verify these software systems. One disadvantage of model checking is that it suffers from the state-explosion problem. [mc]square combines model checking and static source code analysis at assembly code level to alleviate this downside. This approach allows considering particular features of the targeted microcontroller. In this paper, a novel data-flow analysis termed register bank analysis is presented. This analysis is an extension of a reaching definitions analysis to cope with register bank switching as performed by the Intel MCS-51 target. An informal and a formal description of the register bank analysis is given and an example to highlight the effectiveness of our approach is presented. Moreover, four remaining challenges in assembly code static analysis are pointed out.

Challenges in embedded model checking — a simulator for the [mc]square model checker

Model checking is considered a promising approach for the verification of software for embedded systems. Generating system models that are close to real-life behavior, however, is challenging. As a result, in some approaches a model can be automatically constructed out of the assembly code along with an appropriate target simulator/debugger. The implementation of the latter is crucial for the entire verification process. To that end, this paper presents requirements and challenges that arise when implementing and verifying such a simulator for the [mc]square model checker from the RWTH Aachen University.

Runtime verification of microcontroller binary code

Runtime verification bridges the gap between formal verification and testing by providing techniques and tools that connect executions of a software to its specification without trying to prove the absence of errors. This article presents a framework for runtime verification of microcontroller binary code, which provides the above mentioned link in a non-intrusive fashion: the framework neither requires code instrumentation nor does it affect the execution of the analyzed program. This is achieved using a dedicated hardware unit that runs on a field programmable gate array in parallel to the analyzed microcontroller program. Different instances of this framework are discussed, with varying degrees of expressiveness of the supported specification languages and complexity in the hardware design. These instances range from invariant checkers for a restricted class of linear template constraints to a programmable processor that supports past-time linear temporal logic with timing constraints.