Worst-Case Execution Time Analysis from UML-based RT/E Applications - - PowerPoint PPT Presentation

Dtsi/SOL/L-LSP

1 Lisbon, October 11 2004 SVERTS 2004

Worst-Case Execution Time Analysis from UML-based RT/E Applications

Chokri Mraidha, Sébastien Gérard, François Terrier, David Lugato Chokri.Mraidha@cea.fr

Dtsi/SOL/L-LSP

2 Lisbon, October 11 2004 SVERTS 2004

Introduction PhD student in the Software for Process Safety Laboratory in the French Atomic Energy Agency (CEA)

Director: Judith Benzakki Advisor: Sébastien Gérard

PhD topic

Optimized software synthesis in model driven development of real-time embedded systems Quantitative analysis of models

Execution time

Dtsi/SOL/L-LSP

3 Lisbon, October 11 2004 SVERTS 2004

Plan of the presentation Context Related works on WCET analysis methods A hybrid method for WCET estimation An analysis-based method for WCET estimation Conclusions and perspectives

Dtsi/SOL/L-LSP

4 Lisbon, October 11 2004 SVERTS 2004

Context

Domain: Distributed Real-time and Embedded Systems (DRES) Accord/UML An MDD approach for DRES

• Based on the UML
• RTE profile specializing the SPT profile
• Set of modeling rules for RT applications development

Accord/UML tool support

• Implementation of the Accord/UML profile
• Accord framework

» Kernel and virtual machine (UNIX, Linux, VxWorks)

Dtsi/SOL/L-LSP

5 Lisbon, October 11 2004 SVERTS 2004

Highlight: an execution model based on RTOs RTO: An autonomous computing entity!

Global scheduling policy

aRealTimeObject

External interface

Message processing & attribute access control O p e r a t i

• n

c a l l s

Operation calls Attributes Method code

• peration 1
• peration 2

...

Tasks

method_1 method_2 method_1

Dtsi/SOL/L-LSP

6 Lisbon, October 11 2004 SVERTS 2004

Communication mechanisms and task model

Two main schemes of communication Synchronous or asynchronous

Task 1 with RTF Task 2 with RTF

Task 2 creation

Accord/UML tasking model underlying Real-Time Object concept General computational model:

One task per operation call Real-time features

TimeRef, Deadline, ready time, period and period number

Scheduling policy

EDF

Dtsi/SOL/L-LSP

7 Lisbon, October 11 2004 SVERTS 2004

Schedulability analysis on UML models

Accord/UML-models with RT specification Adaptated application models

+ all required RT specification

for schedulability analysis

1

P 3 1 8 36 3 7 7 3 9 4 8 7 9 8 8 3 5 2 3 3 P

’

Q

’

4 9 7 9

3

Real-time symbolic execution tree of the application

Formal behavioral analyser tool (AGATHA)

2

Mapping between UML models and AGATHA’ formal language with clear modelling of the scheduling policy If not schedulable system: Model correction Real-time constraints adaptation

4

Task model calculus & schedulability analysis

Need the Worst Case Execution Time of each operation (~ task)

Dtsi/SOL/L-LSP

8 Lisbon, October 11 2004 SVERTS 2004

Plan of the presentation Context Related works on WCET analysis methods A hybrid method for WCET estimation An analysis-based method for WCET estimation Conclusions and perspectives

Dtsi/SOL/L-LSP

9 Lisbon, October 11 2004 SVERTS 2004

Analysis-based methods (static)

No execution of the program A two-phases process

High-level analysis: computes all execution paths Low-level analysis: estimates execution time of these paths

Requires

Task specification Timing model of the microprocessor

Result

An upper bound of the WCET: safe

Main issues

Avoid overestimation of the WCET Requires an elaborated timing model of the microprocessor Not easily retargetable (timing model)

Dtsi/SOL/L-LSP

10 Lisbon, October 11 2004 SVERTS 2004

Measurement-based methods (dynamic)

Measurement of the execution time at runtime

Find input values having the longest execution time

A two-phases process

Find input values covering all execution paths Measure execution time for every input value at runtime

Requires

A set of input values A binary of the task to measure its execution time

Result

A lower-bound of the WCET

Main issues

Find all input values for measurement

Impossible for infinite domains

Dtsi/SOL/L-LSP

11 Lisbon, October 11 2004 SVERTS 2004

Outcome

Analysis-based approaches Measurement-based approaches

++

High-level analysis: execution path computing exhaustive Execution time measurement for given input values more precise results than analysis ones

• -

Low-level analysis: execution time estimation

• verestimations

Find input values for measurement how to find input values covering all execution paths?

Dtsi/SOL/L-LSP

12 Lisbon, October 11 2004 SVERTS 2004

Plan of the presentation Context Related works on WCET analysis methods A hybrid method for WCET estimation An analysis-based method for WCET estimation Conclusions and perspectives

Dtsi/SOL/L-LSP

13 Lisbon, October 11 2004 SVERTS 2004

A hybrid method for WCET estimation A two-phases approach A static analysis phase

High-level analysis of static analysis methods

Automatic test cases generation » Tests covering all possible execution paths » Analysis techniques: model checking, constraint- based techniques, symbolic execution…

A measurement-based phase

Runtime measurement

Measurement using tests of the previous phase

Dtsi/SOL/L-LSP

14 Lisbon, October 11 2004 SVERTS 2004

Set of automata communicating by rendezvous

Hybrid approach overview

AGATHA

• Application

Code Generation & Compiling

¬ (Vit < 100 ) ∧ ( dist < 200) (Reg = true) ∧ (Vit ≥ 50) … ¬ (Vit < 100 ) ∧ ( dist < 200) (Reg = true) ∧ (Vit ≥ 50) …

Path Conditions

Code generation with timing measurement routines Measurement of execution time

J1 = (Vit=120, dist=150) J2 = (Reg=true, Vit=55) … J1 = (Vit=120, dist=150) J2 = (Reg=true, Vit=55) …

Constraints solver

Path Conditions for every execution path (equivalence class of tests for each path) One test for every path (one representant of the equivalence class)

Dtsi/SOL/L-LSP

15 Lisbon, October 11 2004 SVERTS 2004

Advantages and limitations of the approach

Advantages Automatic process

No code or model annotation required from the user Integrated into a development toolchain

No timing model required

Easily retargetable to new sw/hw components

Good scalability with symbolic execution Limitations First order logic models (Presburger arithmetic)

Limitation due to the Agatha tool Ongoing work to compute more complex models

Possible scalability improvements

Explore the longest path first execution tree prunning Test selection criteria Apply the method to sub models iterative process

Gives only a lower bound of the WCET (measurement)!

Dtsi/SOL/L-LSP

16 Lisbon, October 11 2004 SVERTS 2004

Plan of the presentation Context Related works on WCET analysis methods A hybrid method for WCET estimation An analysis-based method for WCET estimation Conclusions and perspectives

Dtsi/SOL/L-LSP

17 Lisbon, October 11 2004 SVERTS 2004

Model-based WCET static analysis overview

AGATHA

• Model

Transformation

Accord/UML task model Infeasible paths removal Optimized task model WCET analysis model with symbolic WCETs

Path analysis with symbolic execution (optimization phase)

Infeasible paths removal execution tree prunning

Model transformation (computation phase)

Assign symbolic WCET values to primitive actions of the action langage WCET_ReadAction; WCET_WriteAction; WCET_AddAction… Compute symbolic WCET for every execution path

WCET is obtained by replacing symbolic values by numerical values

Dtsi/SOL/L-LSP

18 Lisbon, October 11 2004 SVERTS 2004

Illustration with an example

x := a x := x+a x := b

[x <= 10] [x > 10]

Model transformation to add symbolic timing values

• f elementary actions

x := a

WCET := WCET_ReadAction + WCET_WriteAction

[x > 10]

x := b

WCET := 2* WCET_ReadAction +..

[x <= 10]

WCET := WCET_ReadAction + WCET_WriteAction + WCET_TestAction

x := x+a

WCET := WCET_AddAction + 2*WCET_ReadAction + 2* WCET_WriteAction + WCET_TestAction WCET := WCET_ReadAction + WCET_WriteAction + WCET_TestAction

Dtsi/SOL/L-LSP

19 Lisbon, October 11 2004 SVERTS 2004

Results

Advantages Good results for systems using simple microprocessors

Sequential execution: no pipeline No cache Systems where architectural mechanisms harming time predictability are switched off (critical systems)

Drawback Overestimated WCET for systems using these architectural features (increasingly frequent) Need to take into account architectural features to reduce

• verestimation

Pipeline Cache Branch predictors Out of order execution

Dtsi/SOL/L-LSP

20 Lisbon, October 11 2004 SVERTS 2004

Perspectives: improvements How to take into account architectural features? Timing models of microprocessors

Implement this model in a static analysis tool (Agatha in our case)

Not interesting because not flexible, not portable…

Extract architectural elements timing properties in a dedicated model

Platform Real-time Description Model

What should this model contain?

Timing properties of architectural elements

pipeline, cache…

Accuracy of results increases with number of modeled elements Stay at a some level of abstraction in order to be usable by tools

Dtsi/SOL/L-LSP

21 Lisbon, October 11 2004 SVERTS 2004

Perspectives: Model-driven WCET analysis

• Apply Model Driven Engineering tenets

for WCET analysis Task model Platform RT Description Model Model transformations to map the platform model on the task model WCET Analysis Model

• Benefits

Portability Reusablity Maintainability Model-level automated process

Model transformations We can analyse WCET for several platforms and choose the best suited one before implementation

Dtsi/SOL/L-LSP

22 Lisbon, October 11 2004 SVERTS 2004

Example: a simple pipelined architecture

Instruction Cache

IF

• Instr. Fetch

ID

• Instr. Decode

RR Read Registers EX Execution WR Write Registers

Registers

No memory, no data cache All operands are in registers or in the instruction itself (constants) No branch prediction mechanisms No out of order execution No short-circuit mechanisms A data dependency costs a pipeline stall of 2 cycles Only RAW (Read After Write) data dependencies are possible

Occurs when instrn+1 needs to read data processed by instrn

Dtsi/SOL/L-LSP

23 Lisbon, October 11 2004 SVERTS 2004

Example: a simple pipelined architecture (cont.)

1 2 3 4 5 6 7 8 9 10

• WCET

The cycle number of WR unit of the last instruction

• Model transformation rules

Computes cycle of WR for every instruction WRn: cycle of WR of instruction n WRn = WRn-1 + 1 = WRn-1 + 1 + ∆RAW if RAW(n-1, n) IF EX RR WR ID IF EX RR WR ID IF EX RR WR ID IF EX RR WR ID x:=a y:=x+2 z:=x+3 t:=x+4 stall stall stall stall

Dtsi/SOL/L-LSP

24 Lisbon, October 11 2004 SVERTS 2004

Model transformation

x := a y := x+2 z := x+3 t := x+4 x := a y := x+2 z := x+3 t := x+4 WCET := 5 WCET := 8 WCET := 9 WCET := 10

Without taking into account the pipeline: sequential execution WCET = 4 x 5 = 20 cycles A saving of 50% For 4 instructions only! For a very simple architecture Taking into account the architecture improves accuracy! Model transformation:

WRn = WRn-1 + 1 = WRn-1 + 1 + ∆RAW if RAW(n-1, n)

Dtsi/SOL/L-LSP

25 Lisbon, October 11 2004 SVERTS 2004

Plan of the presentation Context Worst-Case Execution Time methods A hybrid method for WCET estimation An analysis-based method for WCET estimation Conclusions and perspectives

Dtsi/SOL/L-LSP

26 Lisbon, October 11 2004 SVERTS 2004

Conclusions

Estimation of WCET from UML-based RT models A hybrid approach

Provides lower-bound of WCET Precise results useful for soft real-time systems

An analysis approach

Safe bounds Model-driven analysis technique

Task model + Platform RT Description model WCET analysis model » Flexible, portable technique Model Transformation process The architecture becomes a parameter of the analysis (SoC)

Perspectives Take into account more architectural features

Refine the model transformation rules by taking into account the data cache