[ICO]NameLast modifiedSizeDescription

[   ]dosek.tar.gz2015-04-10 13:23 11M 
[   ]rawdata.tar.gz2015-04-10 14:56 18M 
[   ]fail-mysql-db.sql.gz2015-04-02 17:42 226M 

Cross-Kernel Control-Flow-Graph Analysis
for Event-Driven Real-Time Systems

Christian Dietrich, Martin Hoffmann, Daniel Lohmann

Appeared at LCTES'15

Embedded real-time control systems generally have a dedicated purpose and fixed set of functionalities. This manifests in a large amount of implicit and explicit static knowledge, available already at compile time. Modern compilers can extract and exploit this information to perform extensive whole-program analyses and inter-procedural optimizations. However, these analyses typically end at the application--kernel boundary, thus control-flow transitions between different threads are not covered, yet. This restriction stems from the pessimistic assumption of a probabilistic scheduling policy of the underlying operating system, impeding detailed predictions of the overall system behavior. Real-time operating systems, however, do provide deterministic and exactly specified scheduling decisions, as embedded control systems rely on a timely and precise behavior.

In this paper, we present an approach that incorporates the RTOS semantics into the control-flow analysis, to cross the application--kernel boundary. By combining operating system semantics, the static system configuration and the application logic, we determine a cross-kernel control-flow--graph, that provides a global view on all possible execution paths of a real-time system. Having this knowledge at hand, enables us to tailor the operating system kernel more closely to the particular application scenario. On the example of a real-world safety-critical control system, we present two possible use cases: Run-time optimizations, by means of specialized system calls for each call site, allow to speed up the kernel execution path by 33 percent in our benchmark scenario. An automated generation of OS state assertions on the expected system behavior, targeting transient hardware fault tolerance, leverages significant robustness improvements.


This directory contains several data artifacts, which are needed to reproduce the results from the paper.
dosek.tar.gz
Archive of the dOSEK source code. This archive contains a full git archive with master set to the revision used in the paper. For generating GCFG for a small example, please type:
mkdir build; cd build; ../new_build_env.py --arch posix
make bcc1_task1a; dot -Tpdf app/bcc1/task1/bcc1_task1a/*final* > gcfg.pdf
fail-mysql-db.sql.gz
This is a compressed dump of a MySQL database. It contains the raw result for the FAIL* injection campaign. The data in rawdata.tar.gz:data/results.data is extraced from it.
rawdata.tar.gz
Archive of the rawdata that was used within the text of the paper. It contains all numbers, which were calculated with the versuchung experimentation framework. This archive also contains the binaries, injected with FAIL* and the golden run traces.

@inproceedings{dietrich:15:lctes,
  entrysubtype = {Conference},
  author = {Christian Dietrich and Martin Hoffmann and Daniel Lohmann},
  title = {Cross-Kernel Control-Flow-Graph Analysis for Event-Driven Real-Time Systems},
  booktitle = {2015 ACM SIGPLAN/SIGBED Conf. on Languages, Compilers and Tools for Embedded Systems (LCTES '15)},
  month = jun,
  year = {2015},
  venue = {Portland, Oregon, USA},
  publisher = {ACM},
  address = {New York, NY, USA},
  userd = {LCTES '15},
  category = {os-embedded, L4},
  doi = {10.1145/2670529.2754963},
  keywords = {Static Analysis; Control-Flow Graph; Cross-Kernel Analysis; Real-Time Systems; Optimization; Compiler},
}