Calculating predictions for an upper bound of the execution time of real-time tasks in embedded systems is a necessary step in designing such systems. There exist successful analysis methods, based on abstract interpretation and integer linear programming (ILP) for that problem. In [12] it is stated, that model checking is not adequate for this task. The approach presented in this paper shows that model checking is adequate and, furthermore, can improve the results. This is done by defining an automaton based semantic for control flow graphs of programs for abstract and concrete instruction cache analysis. A binary search based bunch of model checker runs is used to calculate the upper bound of execution time.
This paper aims at boosting the level of re-use in embedded system design. A key concept to achieve this goal is given by an appropriate heterogeneous rich component modelcalled HRC -which is (1) expressive enough to cover the complete development cycle from high-level specifications to design models and which (2) addresses both functional and nonfunctional aspects. HRC components are characterized by formal contracts allowing various analysis techniques to validate a design already in early design stages. The described approach has been developed jointly with the partners of the SPEEDS project.
CloseNext 3 http://www.autosar.org/ 4 https://www.decos.at/ 5 http://ptolemy.eecs.berkeley.edu/ 560 Next Prev First Next Prev First C-Sys-2 Assumption AS2: PS1.act_speed == 0 UNLESS PS2.ready Comment: As long as there is no ready signal, the car cannot move, i.e. the speed is zero. Promise PS2: ALWAYS ( PS1.act_speed > 0 IMPLIES PS2.car_locked ) Comment: During a drive all doors are locked. Related Viewpoints: functional behaviorComponent DOOR. The contracts considered for the door component are related to the sending of the EV_DoorOpened} and EV_DoorClosed events. The first one states that these events cannot occur simultaneously.
C-Door-1Assumption AD1: TRUE Promise PD1: NEVER ( P.EV_DoorOpened AND P.EV_DoorClosed ) Comment: The Door will not send two events at the same time.
Related Viewpoints: functional behaviorThe next contract C-Door-2 expresses the fact that the events EV_DoorOpened and EV_DoorClosed can only occur alternately. This means after an EV_DoorOpened event only an 569
Next
Prev FirstEV_DoorClosed event can occur, and vice versa.
C-Door-2Assumption AD1: TRUE Promise PD2:ALWAYS( 0 <= #(P.EV_DoorOpened) -#(P.EV_DoorClosed)<= 1 ) Comment: The Door will not send a closed event without a prior opened event and will not send a second opened event without a close event in between.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.