5.5 Critical Embedded Systems

Date: Wednesday 11 March 2015
Time: 08:30 - 10:00
Location / Room: Meije

Chair:
Lothar Thiele, Swiss Federal Institute of Technology Zurich, CH

Co-Chair:
Iain Bate, University of York, GB

The papers in this session focus on design concerns for safety-critical embedded systems. Topics include scheduling for engine-control tasks, fault tolerance, real-time communication, and safety and security in embedded systems.

Time	Label	Presentation Title Authors
08:30	5.5.1	(Best Paper Award Candidate) SUFFICIENT RESPONSE TIME ANALYSIS CONSIDERING DEPENDENCIES BETWEEN RATE-DEPENDENT TASKS Speakers: Timo Feld¹ and Frank Slomka² ¹Institute of Embedded Systems / Real-Time Systems Ulm University, DE; ²Ulm University, DE Abstract In automotive embedded real-time systems, such as the engine control unit (ECU), some tasks are activated whenever the engine arrives at a specific angular position. In consequence, the frequency at which this task is activated changes with the speed of the engine i. e. angular velocity. Additionally, these tasks have worst case execution times and deadlines that also depends on the angular velocity. Such tasks exhibit rate-dependent behaviour. In recently published works analytical methods for tasks with this rate-dependent behaviour were introduced. Though those methods do not consider dependencies between tasks. For instance one event might be displaced a certain angular position after an event of another task. In this paper, a sufficient analysis will be introduced, which considers those dependencies to improve the accuracy of existing methods. Download Paper (PDF; Only available from the DATE venue WiFi)
09:00	5.5.2	ENGINE CONTROL: TASK MODELLING AND ANALYSIS Speakers: Alessandro Biondi and Giorgio Buttazzo, Scuola Superiore Sant'Anna, IT Abstract Engine control is characterized by computational activities that are triggered by specific crankshaft rotation angles and are designed to adapt their functionality based on the angular velocity of the engine. Although a few models have been proposed in the literature to handle such tasks, most of them are quite simplistic and do not allow expressing features that are presently used by the automotive industry. This paper proposes a new task model for expressing realistic features of engine control tasks and presents a real-time analysis for applications consisting of multiple engine control tasks and classical periodic tasks. Download Paper (PDF; Only available from the DATE venue WiFi)
09:30	5.5.3	EVALUATION OF DIVERSE COMPILING FOR SOFTWARE-FAULT TOLERANCE Speakers: Andrea Höller¹, Nermin Kajtazovic², Tobias Rauter², Kay Römer² and Christian Kreiner² ¹TU Graz, AT; ²Graz University of Technology, AT Abstract Although software fault prevention techniques improve continually, faults remain in every complex software system. Thus safety-critical embedded systems need mechanisms to tolerate software faults. Typically, these systems use static redundancy to detect hardware faults during operation. However, the reliability of a redundant system not only depends on the reliability of each version, but also on the dissimilarity between them. Thus, researchers have investigated ways to automatically add cost-efficient diversity to software to increase the efficiency of redundancy strategies. One of these automated software diversification methods is diverse compiling, which exploits the diversity introduced by different compilers and different optimization flags. Today, diverse compiling is used to improve the hardware fault tolerance and to avoid common defects from compilers. However, in this paper we show that diverse compiling also enhances the software fault tolerance by increasing the chance of finding defects in the source code of the executed software during runtime. More precisely, the memory is organized differently, when using different compilers and compiler flags. This enhances the chance of detecting memory-related software bugs, such as missing memory initialization, during runtime. Here we experimentally quantify the efficiency of diverse compiling for software fault tolerance and we show that diverse compiling can help to detect up to about 70% of memory-related software bugs. Download Paper (PDF; Only available from the DATE venue WiFi)
09:45	5.5.4	WORST-CASE COMMUNICATION TIME ANALYSIS OF NETWORKS-ON-CHIP WITH SHARED VIRTUAL CHANNELS Speakers: Eberle A Rambo and Rolf Ernst, TU Braunschweig, DE Abstract Network-on-Chip (NoC) based multi- and many-core architectures show high potential for use in real-time applications due to their superior efficiency. In real-time systems, it is necessary to guarantee that the application's timing requirements are met through the analysis of the worst-case behavior. A typical approach to guarantee real-time is the exclusive assignment of virtual channels to tasks or cores. Virtual channels, however, are a limited resource in NoCs. In future systems, there will be more tasks than virtual channels (VCs) in the network. In this paper, we propose a worst-case communication analysis of wormhole-switched best-effort NoCs (no special QoS mechanism) with SLIP arbitration and support to shared VCs. The approach is based on Compositional Performance Analysis, which enables non-symmetrical guarantees for the streams. The analysis is evaluated experimentally and compared with simulation and related work. Download Paper (PDF; Only available from the DATE venue WiFi)
10:00	IP2-9, 778	OPENMP AND TIMING PREDICTABILITY: A POSSIBLE UNION? Speakers: Roberto Vargas¹, Eduardo Quinones² and Andrea Marongiu³ ¹Barcelona Supercomputing Center (BSC) and Technical University of Catalonia (UPC), ES; ²Barcelona Supercomputing Center (BSC), ES; ³Swiss Federal Institute of Technology in Zurich (ETHZ), CH Abstract Next-generation many-core embedded platforms have the chance of intercepting a converging need for high performance and predictability. Programming methodologies for such platforms will have to promote predictability as a first-class design constraint, along with features for massive parallelism exploitation. OpenMP, increasingly adopted in the embedded systems domain, has recently evolved to deal with the programmability of heterogeneous many-cores, with mature support for fine-grained task parallelism. While tasking is potentially very convenient for coding real-time applications modeled as periodic task graphs, OpenMP adopts an execution model completely agnostic to any timing requirement that the target application may have. In this position paper we reason about the suitability of the current OpenMP v4 specification and execution model to provide timing guarantees in many-cores. Download Paper (PDF; Only available from the DATE venue WiFi)
10:01	IP2-10, 622	(Best Paper Award Candidate) SAHARA: A SECURITY-AWARE HAZARD AND RISK ANALYSIS METHOD Speakers: Georg Macher¹, Harald Sporer¹, Reinhard Berlach¹, Eric Armengaud² and Christian Kreiner¹ ¹Graz University of Technology, AT; ²AVL List GmbH, AT Abstract Safety and Security appear to be two contradicting overall system features, which challenge researchers for decades. Traditionally, these two features have been treated separately, but due to increasing awareness of mutual impacts, cross domain knowledge and fine grasp of commonalities becomes more important. Due to increasing interlacing of systems (such as Car2x in the automotive domain) it is no longer acceptable to assume safety systems immune from security risks and vice versa. Future automotive systems require appropriate systematic approaches to support security aware safety development. Therefore, this paper presents a combined approach of the automotive HARA (hazard analysis and risk assessment) with the security domain STRIDE approach to trace impacts of security issues on safety concepts on system level. We present an approach to classify the probability of security threats to determine the appropriate amount of countermeasures to be considered. Furthermore, we analyze the impact of these security threats on safety analysis of automotive systems. The paper describes how such a method has been developed based on the HARA approach and how a safety-critical contribution of successful security attacks can be quantified and proceeded. Download Paper (PDF; Only available from the DATE venue WiFi)
10:00		End of session Coffee Break in Exhibition Area Coffee Break in Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area. Lunch Break On Tuesday and Wednesday, lunch boxes will be served in front of the session room Salle Oisans and in the exhibition area for fully registered delegates (a voucher will be given upon registration on-site). On Thursday, lunch will be served in Room Les Ecrins (for fully registered conference delegates only). Tuesday, March 10, 2015 Coffee Break 10:30 - 11:30 Lunch Break 13:00 - 14:30; Keynote session from 13:20 - 14:20 (Room Oisans) sponsored by Mentor Graphics Coffee Break 16:00 - 17:00 Wednesday, March 11, 2015 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:30, Keynote lectures from 12:50 - 14:20 (Room Oisans) Coffee Break 16:00 - 17:00 Thursday, March 12, 2015 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:00, Keynote lecture from 13:20 - 13:50 Coffee Break 15:30 - 16:00