Robust Cause-Effect Chains with Bounded Execution Time and System-Level Logical Execution Time

Abstract

In automotive and industrial real-time software systems, the primary timing constraints relate to cause-effect chains. A cause-effect chain is a sequence of linked tasks and it typically implements the process of reading sensor data, computing algorithms, and driving actuators. The classic timing analysis computes the maximum end-to-end latency of a given cause-effect chain to verify that its end-to-end deadline can be satisfied in all cases. This information is useful but not sufficient in practice: Software is usually evolving and updates may always alter the maximum end-to-end latency. It would be desirable to judge the quality of a software design a priori by quantifying how robust the timing of a given cause-effect chain will be in the presence of software updates. In this article, we derive robustness margins which guarantee that if software extensions stay within certain bounds, then the end-to-end deadline of a cause-effect chain can still be satisfied. Robustness margins are also useful to know if the system model has uncertain parameters. A robust system design can tolerate bounded deviations from the nominal system model without violating timing constraints. The results are applicable to both the bounded execution time programming model and the (system-level) logical execution time programming model. In this article, we study both an industrial use case from the automotive industry and analyze synthetically generated experiments with our open-source tool TORO.