Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Sureal
   Methodology and Timing Analysis

                 Innovations Forum
                    23.04.2009

         Dr....
SuReal Development Process
                                    Platform-      High-level
                  Modelling      ...
SuReal Tool Chain
                                              Development         Verification
                     U LM...
Profile Comparison

                                           USTP           MARTE        HIDOORS          SysML
  Pro fi...
SuReal Profile Views

                                So ftw a re                                Ha rd w a re


          ...
Diagram Usage


 View vs.        Design   Topology    Operating     Execution
 Diagram                             Environ...
Stereotypes

                                   Budget Types
                               
       Task Types
   
     ...
Case Study 1 & 2—Design

                        Distance
  SpeedCalculator
   SpeedCalculator                      SpeedC...
Case Study 1—Deployment

                    NXT




SuReal                             9
Case Study 1—Application Map

                           NXT




         SpeedCalculator          SpeedController

      ...
Case Study 2—Deployment

          Controller         NXT




                       Bus




SuReal                       ...
Case Study 2—Application Map

            Controller                 NXT

         SpeedCalculator          SpeedControlle...
Case Study Infrastructure
    Op e ra tin g En v iro n m e n t
       Ca s e 1 — Sin g le Pro c e s s o r
           C ...
Case Study 1—Code

    C Side
       main
       EmergencyBrake_states
       LaneTracking_states
       LoggingTask_...
C as e S tudy 2—Code

    Java Side            C Side
       Controller           main
       EmergencyBrake       S...
Hard Real-Time Systems
                                                                         16




  Controllers in p...
Komplexes System-Zeitverhalten
                   ABS
                                          ASR
                      ...
Methodology
                                                                                                18

  Probabil...
Two Levels of Timing Analysis
                                                       19




  Code level
  ●
             ...
20

   aiT + SymTA/S: Integration with Modeling Tool OpenAmeos




SuReal                                                 ...
Customer benefits

         Capturing realtime behavior systematically
     ●


            Fast identification of bottlen...
Overview on applied Techniques


                           Timing Analyse


                                            S...
23




                                                                            system (ECUs,
                         ...
Workflow and Information Flow

                                                      aiT
           SymTA/S
           Sys...
Integration with AbsInt aiT
  Request – response
  ●


     SymTA/S requests list of core execution times
   ●


         ...
Integration with AbsInt aiT—Results

  Enables verification and quick mapping exploration
  ●




                        ...
Veriflux: Data Flow Analysis

       Extension of control flow analysis
   
       Data values are propagated as well
   ...
DFA Applications

       Worst case execution time analysis
   
       Memory use (stack, heap, etc.)
   
       Coverag...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {
       MySensor s = (MySensor) device.sen...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...                         device != null
     if (device instanceof MyDevice)
     {   ...
Detecting Runtime Errors



     ...                         device != null
     if (device instanceof MyDevice)
     {   ...
Detecting Runtime Errors



     ...                         device != null
     if (device instanceof MyDevice)
     {   ...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
Detecting Runtime Errors



     ...
     if (device instanceof MyDevice)
     {                                 NullP oin...
WCETA for Realtime Java

                                                                             La n g u a g e
   D...
WCETA Process for RTJava

    Process JML annotations
       Transform source
       Compile to bytecode
    Run full ...
Loop Bounds Annotations

    decreases [integer expression]
       While loop
       For loop
       For each loop
   ...
JML Decreases Clause

   d e c re a s e s [in te g e r e xp re s s io n ]          lo o p s
   m e a s u re d _b y [in te ...
While Loop Transform

    @ decreases elements.length – i;
     while (i < elements.length)
     {
       sum += elements...
For Loop Transformation

    @ decreases elements.length – i;
     for (int i = 0; i < elements.length; i++)
     {
     ...
For Each Loop Transform 1

    @ ghost int i = elements.length; decreases i;
     for (int entry: elements)
     {
      ...
For Each Loop Transform 2

   
       for (int entry: elements)
       {
         sum += entry;
       }

   {
         ...
Handeling Dispatch Sets

    Calculated as part of dataflow analysis
    No annotations are necessary
    Veriflux dete...
AIS Annotations

    Unevaluated Method (know not to be called)
     snippet quot;jamaica_throwNullquot; is not analyzed
...
Realtime Java WCET Results

    SpeedCalculator.handleAsynchEvent()
     328678 cycles = 0.83 ms

    LaneTracking.handl...
Veriflux with aiT




SuReal                       56
Conclusion

    Complete development process
       Capturing realtime behavior systematically
       From Model to Exe...
Nächste SlideShare
Wird geladen in …5
×

Sureal Methodology and Timing Analysis Innovations Forum

926 Aufrufe

Veröffentlicht am

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Sureal Methodology and Timing Analysis Innovations Forum

  1. 1. Sureal Methodology and Timing Analysis Innovations Forum 23.04.2009 Dr. James J. Hunt and Nico Feiertag aicas GmbH SYMTA VISION SuReal 1
  2. 2. SuReal Development Process Platform- High-level Modelling independent Timing Requirements Model Verification Platform Refinement Platform- Scheduling specific Model Verification Code Generation and Extension Technical / Annotated Functional Source Code Verification Compilation Code Executable Code Verification SuReal 2
  3. 3. SuReal Tool Chain Development Verification U LM de l Mo UP AAL U L Ed ito r M Sc h e d u lin g Model C hecker FIBEX (Am e o s ) (Sym TA/S) DF KI A n n o tate d M de l o Ve rific a tio n XI M VS E Ge n e ra to r M de l o Mo d e l Co d e Ge n e ra to r (Ameos ) An n o ta te d Co n s tra in ts Ja v a Co d e Pa rs e r/Ed ito r J av a C o d e Au g m e n te d ja v a c Ja v a Co d e •Verifica tion of J a va C ode Da ta Flo w Cla s s File s B y te C o d e (Ve riflu x) •High Level WC E T Ana lys is Bu ild e r De riv e d (Ja m a ic a Bu ild e r) An n o ta tio n s Mac h in e WCET An a lyze r Exe c u ta b le (a iT) C o de SuReal 3
  4. 4. Profile Comparison USTP MARTE HIDOORS SysML Pro file Light weight Light weight Light weight Light weight An n o ta tio n s ✔ ✔ ✔ ✘ Sc h e d u la b ility ✔ ✔ ✔ ✔ Pe rfo rm a n c e An a lys is ✔ ✔ ✘ ✘ Qua lity o f Se rv ic e ✘ ✔ ✘ ✔ Su p p o rts De fin in g M tric s e ✘ ✔ ✘ ✘ Fa u lt To le ra n c e ✘ ✘ ✘ Fo rm a l Se m a n tic s p a rtia l ✘ ✔ ✔ ✘ Em b e d d e d Sys te m s ✔ ✔ ✔ ✘ Re a ltim e Sys te m s ✘ ✔ ✘ ✔ Re q uire m e n ts En g in e e rin g ✘ ✔ ✔ ✔ Su p p o rts MDA ✘ ✔ ✘ ✔ U L 2 .0 Co m p a tib ility M ✘ ✔ ✘ ✔ OCL 2 .0 Co m p a tib ility ✘ ✘ ✘ ✘ Nonlinear Refinement SuReal 4
  5. 5. SuReal Profile Views So ftw a re Ha rd w a re Applica tion Ap p lic a tio n De s ig n To p o lo g y Ma pping Arc hite ctu re Ma pping n io t ra pe g in O p ap M Co m p u ta tio n a l Op e ra tin g I fra s tru c tu re n En v iro n m e n t En v iro n m e n t SuReal 5
  6. 6. Diagram Usage View vs. Design Topology Operating Execution Diagram Environment Environment Class Diagram X State Diagram X Sequence X Diagram Composite X X X X Structure Diagram SuReal 6
  7. 7. Stereotypes Budget Types  Task Types   «SRExecutionBudget»  «SRTask»  «SRReleaseBudget»  «SRPeriodicTask»  «SRMessageBudget»  «SRSporadicTask» Object Types   «SRTriggeredTask» Structural Types  «SRDataStructure»   «SRFrame»  «SRLink»  «SRMailbox»  «SRPath»  «SRMailboxGet»  «SRCall»  «SRMailboxSet»  «SRNode» Other Types   «SRProcessor»  «SROperationSystem»  «SRNetworkSegment»  «SRBusProtocol»  «SRPrioritySchedulerParameters» SuReal 7
  8. 8. Case Study 1 & 2—Design Distance SpeedCalculator SpeedCalculator SpeedController LeftLight LeftMotorSpeed LaneTracking RightLight SensorWatcher RightMotorSpeed EmergencyBreak Stop SteeringController SteeringAngle SuReal 8
  9. 9. Case Study 1—Deployment NXT SuReal 9
  10. 10. Case Study 1—Application Map NXT SpeedCalculator SpeedController LaneTracking SensorWatcher EmergencyBreak SteeringController SuReal 10
  11. 11. Case Study 2—Deployment Controller NXT Bus SuReal 11
  12. 12. Case Study 2—Application Map Controller NXT SpeedCalculator SpeedController LaneTracking SensorWatcher EmergencyBreak SteeringController Bus FrameHost2NXT FrameNXT2Host LeftMotorSpeed LeftLight RightMotorSpeed RightLight SteeringAngle Distance Stop SuReal 12
  13. 13. Case Study Infrastructure  Op e ra tin g En v iro n m e n t  Ca s e 1 — Sin g le Pro c e s s o r  C Co d e u n d e r NX TOs e k  Ca s e 2 — Tw o Pro c e s s o rs  Re a ltim e Ja v a u n d e r VxWo rk s 6 .5 RTP  C Co d e u n d e r NX TOs e k  Exe c u tio n En v iro n m e n t  Ca s e 1 — Sin g le Pro c e s s o r  NX ArmT  Ca s e 2 — Tw o Pro c e s s o rs  Po w e rPC 6 0 3  NX ArmT SuReal 13
  14. 14. Case Study 1—Code  C Side  main  EmergencyBrake_states  LaneTracking_states  LoggingTask_states  SensorWatcher_states  SpeedCalculator_states  SpeedController_states  SteeringController_states SuReal 14
  15. 15. C as e S tudy 2—Code  Java Side  C Side  Controller  main  EmergencyBrake  SensorWatcher_states  LaneTracking  SpeedController_states  LoggingTask  SteeringController_states  SpeedCalculator  SlaveTransferTask_states  MasterTransferTask  FrameHost2NXT  FrameNXT2Host  NxtUsbDriver SuReal 15
  16. 16. Hard Real-Time Systems 16  Controllers in planes, cars, plants, … are expected to finish their tasks within reliable time bounds.  It is essential that an upper bound on the execution times of all tasks is known : Commonly called Worst-Case Execution Time.  WCET prerequisite for system-level schedulability analysis. SuReal 16
  17. 17. Komplexes System-Zeitverhalten ABS ASR ESP ACC SIG signal register SEND/ COM layer tasks RCV or interrupts INT driver interrupt MO message object (HW buffer) SWC 3 SWC 1 engine SWC 2 SWC 4 powertrain control control RTE SIG SIG SIG SIG SIG Frame generation timing (cyclic and/or event+driven) SEND CAN RECV BSW Buffering strategy Queue (FIFO, priority ordered, hybrid) INT INT Nachrichten Objekte CAN HW MO MO MO MO (hardware buffers) SuReal 17
  18. 18. Methodology 18 Probability Unsafe: Safe worst-case Best-case execution time execution time measurement estimate execution time Exact worst-case execution time Execution time SuReal 18
  19. 19. Two Levels of Timing Analysis 19 Code level ● aiT Single process, task, ISR ● (AbsInt) Focus on ● Control flow ● Processor architecture ● with pipelines and caches System level ● Multiple functions or tasks ● Focus on ● Integration and scheduling ● Periodic or event-driven ● activation, blocking End-to-end timing ● SymTA/S (Symtavision) SuReal 19
  20. 20. 20 aiT + SymTA/S: Integration with Modeling Tool OpenAmeos SuReal 20
  21. 21. Customer benefits Capturing realtime behavior systematically ● Fast identification of bottlenecks ● Preventing integration problems ● Planning timing early ● Predict resource requirements ● Optimal dimensioning ● Optimized development process ● Reduced number of prototypes ● Reduced testing effort ● Reliable prediction of extendibility ● SuReal 21
  22. 22. Overview on applied Techniques Timing Analyse Scheduling Statische Code- Analyse Analyse SuReal 22
  23. 23. 23 system (ECUs, Symtavision (SymTA/S) buses) Application of Tools ECU task granularity runnable AbsInt (aiT) function basic block assembler SuReal instruction
  24. 24. Workflow and Information Flow aiT SymTA/S System model (tasks, activations, scheduling) WCET/Stack Additional Info Request WCET/Stack Analysis Refinement (single task) WCET/Stack Response Scheduling Analysis (WCRT) System Stack Analysis SuReal 24
  25. 25. Integration with AbsInt aiT Request – response ● SymTA/S requests list of core execution times ● Different runnables ● Different modes ● Different processors ● aiT returns results ● 3 1 2 SuReal 25
  26. 26. Integration with AbsInt aiT—Results Enables verification and quick mapping exploration ● 4 SuReal 26
  27. 27. Veriflux: Data Flow Analysis Extension of control flow analysis  Data values are propagated as well  Fixed point algorithm  Necessary extension for OO Languages   Method dispatch is data dependent  More precise than considering all possible subclasses at each call point SuReal 27
  28. 28. DFA Applications Worst case execution time analysis  Memory use (stack, heap, etc.)  Coverage and reachability  Exception checking  Shared object detection  Synchronization (deadlocks)  SuReal 28
  29. 29. Detecting Runtime Errors ... if (device instanceof MyDevice) { MySensor s = (MySensor) device.sensor; int value = s.reading(); ... } ... SuReal 29
  30. 30. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; int value = s.reading(); ... } ... SuReal 30
  31. 31. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); ... } ... SuReal 31
  32. 32. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); NullP ointerE xception ... } ... SuReal 32
  33. 33. Detecting Runtime Errors ... device != null if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); NullP ointerE xception ... } ... SuReal 33
  34. 34. Detecting Runtime Errors ... device != null if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); NullP ointerE xception ... } ... SuReal 34
  35. 35. Detecting Runtime Errors ... device != null if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); NullP ointerE xception ... } ... SuReal 35
  36. 36. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); NullP ointerE xception ... } ... SuReal 36
  37. 37. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; values (MyDevice.s ens or) C las s C as tE xception contains only MyS ens or int value = s.reading(); NullP ointerE xception ... } ... SuReal 37
  38. 38. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; values (MyDevice.s ens or) C las s C as tE xception contains only MyS ens or int value = s.reading(); NullP ointerE xception ... } ... SuReal 38
  39. 39. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; values (MyDevice.s ens or) C las s C as tE xception contains only MyS ens or int value = s.reading(); NullP ointerE xception ... } ... SuReal 39
  40. 40. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); NullP ointerE xception ... } ... SuReal 40
  41. 41. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception null ∉ values (MyDevice.s ens or) int value = s.reading(); NullP ointerE xception ... } ... SuReal 41
  42. 42. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception null ∉ values (MyDevice.s ens or) int value = s.reading(); NullP ointerE xception ... } ... SuReal 42
  43. 43. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception null ∉ values (MyDevice.s ens or) int value = s.reading(); NullP ointerE xception ... } ... SuReal 43
  44. 44. Detecting Runtime Errors ... if (device instanceof MyDevice) { NullP ointerE xception MySensor s = (MySensor) device.sensor; C las s C as tE xception int value = s.reading(); NullP ointerE xception ... } ... SuReal 44
  45. 45. WCETA for Realtime Java La n g u a g e  Da ta flo w g ra p h c o n s tru c tio n d e pe nd a nt  Pa th a n a lys is ph a s e e .g ., d e te rm in in g m e th o d c a ll s e ts a n d lo o p b o u n d s  Ba s ic b lo c k tim in g a n a lys is M c h in e a  Ca c h e a n a lys is m o d u le d e pe nd a nt ph a s e  Pip e lin e a n a lys is m o d u le  Bra n c h p re d ic tio n m o d u le  Wo rs t c a s e e xe c u tio n p a th d is c o v e ry SuReal 45
  46. 46. WCETA Process for RTJava  Process JML annotations  Transform source  Compile to bytecode  Run full program dataflow analysis  Generate low level WCETA tool annotations for critical methods  Compile bytecode to machine code  Run low level WCETA tool SuReal 46
  47. 47. Loop Bounds Annotations  decreases [integer expression]  While loop  For loop  For each loop  measured_by [integer expression]  Recursion  Invariant [boolean expression]  Unbound variables SuReal 47
  48. 48. JML Decreases Clause d e c re a s e s [in te g e r e xp re s s io n ] lo o p s m e a s u re d _b y [in te g e r e xp re s s io n ] re c u rs io n ⇒ [in te g e r e xp re s s io n ]  0 [in te g e r e xp re s s io n ]in itia l [in te g e r e xp re s s io n ] fo r e a c h ite ra tio n i: [in te g e r e xp re s s io n ]i  [in te g e r e xp re s s io n ]i+1 +1 SuReal 48
  49. 49. While Loop Transform  @ decreases elements.length – i; while (i < elements.length) { sum += elements[i++]; } { DFAHelper.captureBounds(elements.length – i); } while (i < elements.length) { sum += elements[i++]; } SuReal 49
  50. 50. For Loop Transformation  @ decreases elements.length – i; for (int i = 0; i < elements.length; i++) { sum += elements[i]; } { int i = 0; DFAHelper.captureBounds(elements.length – i); } for (int i = 0; i < elements.length; i++) { sum += elements[i]; } SuReal 50
  51. 51. For Each Loop Transform 1  @ ghost int i = elements.length; decreases i; for (int entry: elements) { sum += entry; @ set i--; } { int i = elements.length; DFAHelper.captureBounds(i); } for (int entry: elements) { sum += entry; } SuReal 51
  52. 52. For Each Loop Transform 2  for (int entry: elements) { sum += entry; } { DFAHelper.captureBounds(elements.length); } for (int entry: elements) { sum += entry; } SuReal 52
  53. 53. Handeling Dispatch Sets  Calculated as part of dataflow analysis  No annotations are necessary  Veriflux determines two sets of values  Set of all invocations  Set of referenced values  Call sets are determined for invocation sites, not just for each method.  Different invocation may have totally different call sets. SuReal 53
  54. 54. AIS Annotations  Unevaluated Method (know not to be called) snippet quot;jamaica_throwNullquot; is not analyzed and is never executed and takes exactly 0 cycles and uses exactly 0 bytes of stack and removes exactly 0 bytes of stack;  Dynamic Dispath instruction quot;L1259_53_run@labelquot; + 1 unpredictable calls jam_comp_javax_realtime_RealtLogic_48_run1, jam_comp_javax_realtime_Asyncndler_8_run16, jam_comp_javax_realtime_AEHTh00241_3_run1, jam_comp_javax_realtime_List_bject_23_run1;  Loop loop file 'SpeedCalculator.java' line 180 max 10; SuReal 54
  55. 55. Realtime Java WCET Results  SpeedCalculator.handleAsynchEvent() 328678 cycles = 0.83 ms  LaneTracking.handleAsynchEvent() 133925 cycles = 0.339 ms  EmergencyBreak.handleAsynchEvent() 100454 cycles = 0.254 ms  MasterTransferTask.handleAsynchEvent() 39059 cycles = 98.634 us SuReal 55
  56. 56. Veriflux with aiT SuReal 56
  57. 57. Conclusion  Complete development process  Capturing realtime behavior systematically  From Model to Executable  Full timing and schedulability analysis  Supports Object-Oriented Development  Realtime Java  Static compilation and GC  Improved development fexibility  Up front model checking  Separation of Concerns SuReal 57

×