Stefan Stattelmann’s research while affiliated with FZI Forschungszentrum Informatik and other places

Static code analysis techniques are a well-established tool to improve the efficiency of software developers and for checking the correctness of safety-critical software components. However, their use is often limited to general purpose or 'mainstream' programming languages. For these languages, static code analysis has found its way into many integrated development environments and is available to a large number of software developers. In other domains, e. g., for the programming languages used to develop many industrial control applications, tools supporting sophisticated static code analysis techniques are rarely used. This paper reports on the experience of the authors while adapting static code analysis to a software development environment for engineering the control software of industrial process automation systems. The applicability of static code analysis for industrial controller code is demonstrated by a case study using a real-world control system.

This paper presents optimization techniques for implementing software-based redundancy in industrial control devices. Initially, a brief survey of software-based state replication techniques with a special focus on their applicability in industrial control devices is conducted. The scalability, predictability and low latency of the technique are of particular interest in this case. Based on this survey, an analytic evaluation of different implementation alternatives is performed. As part of this analysis, a novel state replication algorithm is introduced. The approach uses support from the compiler or runtime environment to detect changes in the application state with very low overhead. This information is used to replicate the state of an automation controller in a redundant setup. Lastly, experimental results using a prototype implementation of the presented technique demonstrate that the proposed novel approach is able to perform state replication with constant overhead.

We present an approach to accurately simulate the temporal behavior of binary embedded software based on timing data generated using static analysis. As the timing of an instruction sequence is significantly inuenced by the microarchitecture state prior to its execution, which highly depends on the preceding control ow, a sequence must be separately considered for different control ow paths instead of estimating the inuence of basic blocks or single instructions in isolation. We handle the thereby arising issue of an excessive or even infinite number of different paths by considering different execution contexts instead of control ow paths. Related approaches using context-sensitive cycle counts during simulation are limited to simulating the control ow that could be considered during analysis. We eliminate this limitation by selecting contexts dynamically, picking a suitable one when no predetermined choice is available, thereby enabling a context-sensitive simulation of unmodified binary code of concurrent programs, including asynchronous events such as interrupts. In contrast to other approximate binary simulation techniques, estimates are conservative, yet tight, making our approach reliable when evaluating performance goals. For a multi-threaded application the simulation deviates only by 0.24% from hardware measurements while the average overhead is only 50% compared to a purely functional simulation.

Abstract Consideration of an embedded system’s timing behaviour and power consumption at system-level is an ambitious task. Sophisticated tools and techniques exist for power and timing estimations of individual components such as custom hard- and software as well as IP components. But prediction of the composed system behaviour can hardly be made without considering all system components. In this paper we present an ESL framework for timing and power aware rapid virtual system prototyping of heterogeneous SoCs consisting of software, custom hardware and 3rd party IP components. Our proposed flow combines system-level timing and power estimation techniques with platform-based rapid prototyping. Virtual executable prototypes are generated from a functional C/C ++ description, which then allows to study different platforms, mapping alternatives, and power management strategies. We propose an efficient code annotation technique for timing and power, that enables fast host execution and collection of power traces, based on domain-specific workload scenarios.

G4LTL-ST automatically synthesizes control code for industrial Programmable Logic Controls (PLC) from timed behavioral specifications of input-output signals. These specifications are expressed in a linear temporal logic (LTL) extended with non-linear arithmetic constraints and timing constraints on signals. G4LTL-ST generates code in IEC 61131-3-compatible Structured Text, which is compiled into executable code for a large number of industrial field-level devices. The synthesis algorithm of G4LTL-ST implements pseudo-Boolean abstraction of data constraints and the compilation of timing constraints into LTL, together with a counterstrategy-guided abstraction refinement synthesis loop. Since temporal logic specifications are notoriously difficult to use in practice, G4LTL-ST supports engineers in specifying realizable control problems by suggesting suitable restrictions on the behavior of the control environment from failed synthesis attempts.

G4LTL-ST automatically synthesizes control code for industrial Programmable Logic Controls (PLC) from timed behavioral specifications of input-output signals. These specifications are expressed in a linear temporal logic (LTL) extended with non-linear arithmetic constraints and timing constraints on signals. G4LTL-ST generates code in IEC 61131-3-compatible Structured Text, which is compiled into executable code for a large number of industrial field-level devices. The synthesis algorithm of G4LTL-ST implements pseudo-Boolean abstraction of data constraints and the compilation of timing constraints into LTL, together with a counterstrategy-guided abstraction refinement synthesis loop. Since temporal logic specifications are notoriously difficult to use in practice, G4LTL-ST supports engineers in specifying realizable control problems by suggesting suitable restrictions on the behavior of the control environment from failed synthesis attempts.

Verfügbarkeit ist in der Automation ein nicht zu vernachlässigender Aspekt bei Design und Betrieb von Systemen. Ausfälle können zu unvorhergesehenen Problemen führen und verursachen meist hohe Kosten. Daher werden Redundanzkonzepte häufig in industriellen Applikationen und Systemen angewandt. Um derartige Konzepte entwerfen sowie effizient und effektiv umsetzen zu können, geben die Autoren im Beitrag auf Basis hierarchisch strukturierter Designelemente Leitlinien zur Definition von Anforderungen sowie zu Auswahl und Design eines passenden Redundanzmusters. Am Beispiel von Software-basierter Standby-Redundanz werden außerdem existierende Implementierungsalternativen aufgezeigt und analytisch ausgewertet. Auch hierbei ergeben sich Leitlinien zur Auswahl einer geeigneten Alternative.

Verfugbarkeit ist in der Automation ein nicht zu vernachlassigender Aspekt bei Design und Betrieb von Systemen. Ausfalle konnen zu unvorhergesehenen Problemen fuhren und verursachen meist hohe Kosten. Daher werden Redundanzkonzepte haufig in industriellen Applikationen und Systemen angewandt. Um derartige Konzepte entwerfen sowie effizient und effektiv umsetzen zu konnen, geben die Autoren im Beitrag auf Basis hierarchisch strukturierter Designelemente Leitlinien zur Definition von Anforderungen sowie zu Auswahl und Design eines passenden Redundanzmusters. Am Beispiel von Software-basierter Standby-Redundanz werden auserdem existierende Implementierungsalternativen aufgezeigt und analytisch ausgewertet. Auch hierbei ergeben sich Leitlinien zur Auswahl einer geeigneten Alternative.

Estimating the execution time of software components is often mandatory when evaluating the non-functional properties of software-intensive systems. This particularly holds for real-time embedded systems, e.g., in the context of industrial automation. In practice it is however very hard to obtain reliable execution time estimates which are accurate, but not overly pessimistic with respect to the typical behavior of the software. This article proposes two new concepts to ease the use of execution time analysis for industrial control applications: (1) a method based on recurring occurrences of code sequences for automatically creating a timing model of a given processor and (2) an interactive way to integrate execution time analysis into the development environment, thus making timing analysis results easily accessible for software developers. The proposed methods are validated by an industrial case study, which shows that a significant amount of code reuse is present in a set of representative industrial control applications.

Simulation-based approaches to evaluate the functional and non-functional properties of embedded software are in widespread industrial use for design space exploration and virtual prototyping. As simulation performance is usually the main concern for these tools, they often lack an accurate timing model of the underlying processor. On the other hand, tools aimed at the worst-case execution time (WCET) analysis of embedded software contain accurate models for the timing behavior of embedded processors. Yet, these accurate processor models are only used to determine the worst-case path through the analyzed program. This paper proposes the combination of existing tools from both domains. The combination of an a priori analysis of machine code with a dynamic selection of basic block timing estimates during the execution of the program in a high-speed instruction set simulator (ISS) reduces the simulation overhead for cycle-accurate timing estimation. By keeping track of the execution history during execution of the analyzed software, the full accuracy of the offline performance model can be used without introducing pessimism to the simulation-based performance estimates. As most of the timing estimation is done before the simulation, only a slight decrease in simulation performance of the high-speed ISS can be expected.