Embed Size (px)
Citation preview
Workshop - November 2011 - Toulouse
Verification of software properties: scheduling analysis and worst case execution time
Jean BERTRAND, Jérémie POULY – CNESAxel BONESS, François BERTRAND – CEA LETI
Workshop - November 2011 2
OtawaOtawa computes Worst Case Execution Time (WCET)
Uses Linear Programming (LP) methods to maximize cost function (processing time)
Supports several CPU architecturesPowerPc, M68HCS, ARM, LEON
Workshop - November 2011 3
OTAWA in our use caseSWARM CPU implements numerous tasks
Validation of our real-time application is therefore complex and painful
The need for tools easing WCET computation is obvious
OTAWA is not intrusive therefore can be used even late in the project
Workshop - November 2011 4
Otawa system footprintDisk usage : 280Mo
Our configurationPortable Dell D630Virtual machine 512Mo RAM / 5Go diskUbuntu 9.10
May function anywhere
Ligthweight
Workshop - November 2011 5
SpeedCode size is irrelevantBranches are relevantIt means:
Computation intensive code is easy to analyseDecisional code is harder to analyse
Nevertheless:Computing WCET on hundreds of branches is
computationally immediate
Workshop - November 2011 6
GUIWell structured GUI
Workshop - November 2011 7
Assembler view
Workshop - November 2011 8
Cordic 32 bits analysis
User specifiedUser specified
MultiplierMultiplier
selectionselection
ArchitectureArchitecture
tuningtuning
Workshop - November 2011 9
Limitations (branches)Tricky WCET
Same functionnality
Nevertheless WCET computed is a correct bound
/* * cette fonction n'appelle qu'une fois heavyWeight mais le WCET ne peut être calculé * correctement par otawa qui ne peut pas déterminer qu’il n’y a qu’un appel * 2410 cycles */ void tricky1(int condition) { int param = 1; if (condition) { heavyWeight(param); } if (! condition) { heavyWeight(param); } // en sortie heavyweight n’a été appelé qu’une fois }
/* * cette fonction équivalente à tricky1 a un WCET plus faible * 1225 cycles */ void notTricky1(int condition) { int param = 1; if (condition) { heavyWeight(param); } else { heavyWeight(param); } // otawa a bien vu qu’heavyweight n’avait été appelé qu’une fois }
Workshop - November 2011 10
Limitations (indirect call)typedef void (*ptFunction) (int); ptFunction myFunc = &heavyWeight; void tricky1(int condition) { myFunc(2); }
void tricky1(int condition) { 40001288: 9d e3 bf 98 save %sp, -104, %sp 4000128c: f0 27 a0 44 st %i0, [ %fp + 0x44 ] myFunc(2); 40001290: 03 10 01 15 sethi %hi(0x40045400), %g1 40001294: 82 10 62 b8 or %g1, 0x2b8, %g1 ! 400456b8 <myFunc> 40001298: c2 00 40 00 ld [ %g1 ], %g1 4000129c: 90 10 20 02 mov 2, %o0 400012a0: 9f c0 40 00 call %g1 400012a4: 01 00 00 00 nop } 400012a8: 81 e8 00 00 restore 400012ac: 81 c3 e0 08 retl 400012b0: 01 00 00 00 nop
Workshop - November 2011 11
Limitations (impact)Indirect call present in:
Function table IO managment Event managment
C++ polymorphismLimited impact on actual real time software WCET
computationMeaning of WCET including IO or eventConsider C++ polymorphism in RT system !!!
Workshop - November 2011 12
ConclusionTool is user friendly
FreeEasy usageGUILightweight
Computed WCET are reliableOTAWA is non-intrusiveRoadmap identifies technical breakthrough
Workshop - November 2011 13
Questions
Please ask
