Enabling Timing Analysis of Complex Embedded Software Systems

(1)

Mälardalen University Press Dissertations No. 84

ENABLING TIMING ANALYSIS OF COMPLEX EMBEDDED

SOFTWARE SYSTEMS

Johan Kraft

2010

(2)

ISBN 978-91-86135-76-8

(3)

Mälardalen University Press Dissertations No. 84

ENABLING TIMING ANALYSIS OF COMPLEX EMBEDDED SOFTWARE SYSTEMS

Johan Kraft

Akademisk avhandling

som för avläggande av teknologie doktorsexamen i datavetenskap vid Akademin för innovation, design och teknik kommer att offentligen försvaras fredagen den 27

augusti, 2010, 13.15 i Gamma, Mälardalens högskola, Västerås.

Fakultetsopponent: Dr. Ian Broster, Rapita Systems Ltd., UK

ISSN 1651-4238

ISBN 978-91-86135-76-8

(4)

Abstract

Cars, trains, trucks, telecom networks and industrial robots are examples of products relying on complex embedded software systems, running on embedded computers. Such systems may consist of millions of lines of program code developed by hundreds of engineers over many years, often decades.

Over the long life-cycle of such systems, the main part of the product development costs is typically not the initial development, but the software maintenance, i.e., improvements and corrections of defects, over the years. Of the maintenance costs, a major cost is the verification of the system after changes has been applied, which often requires a huge amount of testing. However, today's techniques are not sufficient, as defects often are found post-release, by the customers. This area is therefore of high relevance for industry.

Complex embedded systems often control machinery where timing is crucial for accuracy and safety. Such systems therefore have important requirements on timing, such as maximum response times. However, when maintaining complex embedded software systems, it is difficult to predict how changes may impact the system's run-time behavior and timing, e.g., response times. Analytical and formal methods for timing analysis exist, but are often hard to apply in practice on complex embedded systems, for several reasons. As a result, the industrial practice in deciding the suitability of a proposed change, with respect to its run-time impact, is to rely on the subjective judgment of experienced developers and architects. This is a risky and inefficient, trial-and-error approach, which may waste large amounts of person-hours on implementing unsuitable software designs, with potential timing- or performance problems. This can generally not be detected at all until late stages of testing, when the updated software system can be tested on system level, under realistic conditions. Even then, it is easy to miss such problems. If products are released containing software with latent timing errors, it may cause huge costs, such as car recalls, or even accidents. Even when such problems are found using testing, they necessitate design changes late in the development project, which cause delays and increases the costs.

This thesis presents an approach for impact analysis with respect to run-time behavior such as timing and performance for complex embedded systems. The impact analysis is performed through optimizing simulation, where the simulation models are automatically generated from the system implementation. This approach allows for predicting the consequences of proposed designs, for new or modified features, by prototyping the change in the simulation model on a high level of abstraction, e.g., by increasing the execution time for a particular task. Thereby, designs leading to timing-, performance-, or resource usage problems can be identified early, before implementation, and a late redesigns are thereby avoided, which improves development efficiency and predictability, as well as software quality.

The contributions presented in this thesis is within four areas related to simulation-based analysis of complex embedded systems: (1) simulation and simulation optimization techniques, (2) automated model extraction of simulation models from source code, (3) methods for validation of such simulation models and (4) run-time recording techniques for model extraction, impact analysis and model validation purposes. Several tools has been developed during this work, of which two are in

commercialization in the spin-off company Percepio AB. Note that the Katana approach, in area (2), is subject for a recent patent application - patent pending.

ISSN 1651-4238

ISBN 978-91-86135-76-8

Abstract

Cars, trains, trucks, telecom networks and industrial robots are examples of products relying on complex embedded software systems, running on embed-ded computers. Such systems may consist of millions of lines of program code developed by hundreds of engineers over many years, often decades.

Over the long life-cycle of such systems, the main part of the product de-velopment costs is typically not the initial dede-velopment, but the software

main-tenance, i.e., improvements and corrections of defects, over the years. Of the

maintenance costs, a major cost is the veriﬁcation of the system after changes has been applied, which often requires a huge amount of testing. However, to-day’s techniques are not sufﬁcient, as defects often are found post-release, by the customers. This area is therefore of high relevance for industry.

Complex embedded systems often control machinery where timing is cru-cial for accuracy and safety. Such systems therefore have important require-ments on timing, such as maximum response times to different events. How-ever, when maintaining complex embedded software systems, it is difﬁcult to predict how changes may impact the system’s run-time behavior and timing, e.g., response times. Analytical and formal methods for timing analysis ex-ist, but are often hard to apply in practice on complex embedded systems, for several reasons. As a result, the industrial practice in deciding the suitability of a proposed change, with respect to its run-time impact, is to rely on the subjective judgment of experienced developers and architects. This is a risky and inefﬁcient, trial-and-error approach, which may waste large amounts of person-hours on implementing unsuitable software designs, with potential tim-ing or performance problems. This can generally not be detected at all until late stages of testing, when the updated software system can be tested on sys-tem level, under realistic conditions. Even then, it is easy to miss such prob-lems. If products are released containing software with latent timing errors, it may cause huge costs, such as car recalls, or even accidents. Even when such

(5)

Abstract

Cars, trains, trucks, telecom networks and industrial robots are examples of products relying on complex embedded software systems, running on embedded computers. Such systems may consist of millions of lines of program code developed by hundreds of engineers over many years, often decades.

Over the long life-cycle of such systems, the main part of the product development costs is typically not the initial development, but the software maintenance, i.e., improvements and corrections of defects, over the years. Of the maintenance costs, a major cost is the verification of the system after changes has been applied, which often requires a huge amount of testing. However, today's techniques are not sufficient, as defects often are found post-release, by the customers. This area is therefore of high relevance for industry.

Complex embedded systems often control machinery where timing is crucial for accuracy and safety. Such systems therefore have important requirements on timing, such as maximum response times. However, when maintaining complex embedded software systems, it is difficult to predict how changes may impact the system's run-time behavior and timing, e.g., response times. Analytical and formal methods for timing analysis exist, but are often hard to apply in practice on complex embedded systems, for several reasons. As a result, the industrial practice in deciding the suitability of a proposed change, with respect to its run-time impact, is to rely on the subjective judgment of experienced developers and architects. This is a risky and inefficient, trial-and-error approach, which may waste large amounts of person-hours on implementing unsuitable software designs, with potential timing- or performance problems. This can generally not be detected at all until late stages of testing, when the updated software system can be tested on system level, under realistic conditions. Even then, it is easy to miss such problems. If products are released containing software with latent timing errors, it may cause huge costs, such as car recalls, or even accidents. Even when such problems are found using testing, they necessitate design changes late in the development project, which cause delays and increases the costs.

This thesis presents an approach for impact analysis with respect to run-time behavior such as timing and performance for complex embedded systems. The impact analysis is performed through optimizing simulation, where the simulation models are automatically generated from the system implementation. This approach allows for predicting the consequences of proposed designs, for new or modified features, by prototyping the change in the simulation model on a high level of abstraction, e.g., by increasing the execution time for a particular task. Thereby, designs leading to timing-, performance-, or resource usage problems can be identified early, before implementation, and a late redesigns are thereby avoided, which improves development efficiency and predictability, as well as software quality.

The contributions presented in this thesis is within four areas related to simulation-based analysis of complex embedded systems: (1) simulation and simulation optimization techniques, (2) automated model extraction of simulation models from source code, (3) methods for validation of such simulation models and (4) run-time recording techniques for model extraction, impact analysis and model validation purposes. Several tools has been developed during this work, of which two are in

commercialization in the spin-off company Percepio AB. Note that the Katana approach, in area (2), is subject for a recent patent application - patent pending.

ISSN 1651-4238

ISBN 978-91-86135-76-8

Abstract

Cars, trains, trucks, telecom networks and industrial robots are examples of products relying on complex embedded software systems, running on embed-ded computers. Such systems may consist of millions of lines of program code developed by hundreds of engineers over many years, often decades.

Over the long life-cycle of such systems, the main part of the product de-velopment costs is typically not the initial dede-velopment, but the software

main-tenance, i.e., improvements and corrections of defects, over the years. Of the

maintenance costs, a major cost is the veriﬁcation of the system after changes has been applied, which often requires a huge amount of testing. However, to-day’s techniques are not sufﬁcient, as defects often are found post-release, by the customers. This area is therefore of high relevance for industry.

Complex embedded systems often control machinery where timing is cru-cial for accuracy and safety. Such systems therefore have important require-ments on timing, such as maximum response times to different events. How-ever, when maintaining complex embedded software systems, it is difﬁcult to predict how changes may impact the system’s run-time behavior and timing, e.g., response times. Analytical and formal methods for timing analysis ex-ist, but are often hard to apply in practice on complex embedded systems, for several reasons. As a result, the industrial practice in deciding the suitability of a proposed change, with respect to its run-time impact, is to rely on the subjective judgment of experienced developers and architects. This is a risky and inefﬁcient, trial-and-error approach, which may waste large amounts of person-hours on implementing unsuitable software designs, with potential tim-ing or performance problems. This can generally not be detected at all until late stages of testing, when the updated software system can be tested on sys-tem level, under realistic conditions. Even then, it is easy to miss such prob-lems. If products are released containing software with latent timing errors, it may cause huge costs, such as car recalls, or even accidents. Even when such

(6)

ii

problems are found using testing, they necessitate design changes late in the development project, which cause delays and increase costs.

This thesis presents a framework for impact analysis with respect to run-time behavior such as timing and performance, targeting complex embedded systems. The impact analysis is performed through optimizing simulation, where the simulation models are automatically generated from the system im-plementation. This approach allows for predicting the consequences of pro-posed designs, for new or modified features, by prototyping the change in the simulation model on a high level of abstraction. This could be to simply in-crease the execution time of a particular task. Thereby, unsuitable designs can be identified early, before implementation, and a late redesigns are thereby avoided, which improves development efficiency and predictability, as well as software quality.

The contributions presented in this thesis are within four areas related to simulation-based analysis of complex embedded systems: (1) simulation and simulation optimization techniques, (2) automated model extraction of simu-lation models from source code, (3) methods for validation of such simusimu-lation models and (4) recording techniques for model extraction, impact analysis and model validation purposes. Several tools has been developed during this work, of which two are in commercialization in the spin-off company Percepio AB. Note that the Katana approach presented in Chapter 5 is subject for a U.S. patent application – patent pending.

Sammanfattning

Mobiltelefoner, bilar, tåg, automationssystem och industrirobotar är exempel på produkter som är beroende av komplexa inbyggda mjukvarusystem, ofta bestående av milliontals rader programkod som utvecklats under många år. Dessa mjukvarusystem har möjliggjort helt nya funktioner, men även gjort pro-duktutveckling mer komplex. När nya funktioner läggs till komplexa system är det stor risk att fel uppstår, på grund av svårigheten att överblicka alla kon-sekvenser av ändringarna. Trots att produktföretagen lägger mycket tid och pengar på testning upptäcks inte alla fel vilket orsakar stora kostnader, t.ex. i form av återkallade bilar. Stora summor kan sparas och bättre produktk-valitet uppnås genom nya typer av utvecklingsverktyg som bättre identiﬁerar mjukvaruproblem så tidigt som möjligt i produktutvecklingsprocessen. Vissa typer av mjukvarufel är extra svåra att hitta och återskapa eftersom de bara uppstår i mycket speciella situationer, som t.ex. när datorns processor inte hinner köra en viss programkod inom avsedd tid. För vanliga PC datorer är så-dana fördröjningar vanliga, men orsakar oftast inte några större problem. För industriella mjukvarusystem, ofta tidskritiska, kan dock fördröjningar mätta i millisekunder orsaka allvarliga fel. Därför vill man tidigt i utvecklingen av nya funktioner kunna förutse hur CPU belastning och svarstider kommer att påverkas. Med denna analys kan produktföretag minska sina kostnader eftersom man kan förutse och undvika problem som annars orsakat kostnader, och man förbättrar produktens tillförlitlighet genom man minskar risken att införa svårfunna fel. För komplexa industriella system kräver denna analys en analyserbar modell som beskriver hur systemets delprogram utnyttjar de-lade resurser, som t.ex. processorn, och de möjliga kommunikationerna mellan delprogrammen samt med omgivningen. En sådan modell kan sedan analy-seras i ett simulatorprogram, utvecklad i för detta syfte, som visar effekten av föreslagna förändringar. Avhandlingen beskriver metoder och verktyg för att automatiskt skapa sådana modeller, baserat på analys av programkod och

(7)

ii

problems are found using testing, they necessitate design changes late in the development project, which cause delays and increase costs.

This thesis presents a framework for impact analysis with respect to run-time behavior such as timing and performance, targeting complex embedded systems. The impact analysis is performed through optimizing simulation, where the simulation models are automatically generated from the system im-plementation. This approach allows for predicting the consequences of pro-posed designs, for new or modified features, by prototyping the change in the simulation model on a high level of abstraction. This could be to simply in-crease the execution time of a particular task. Thereby, unsuitable designs can be identified early, before implementation, and a late redesigns are thereby avoided, which improves development efficiency and predictability, as well as software quality.

The contributions presented in this thesis are within four areas related to simulation-based analysis of complex embedded systems: (1) simulation and simulation optimization techniques, (2) automated model extraction of simu-lation models from source code, (3) methods for validation of such simusimu-lation models and (4) recording techniques for model extraction, impact analysis and model validation purposes. Several tools has been developed during this work, of which two are in commercialization in the spin-off company Percepio AB. Note that the Katana approach presented in Chapter 5 is subject for a U.S. patent application – patent pending.

Sammanfattning

Mobiltelefoner, bilar, tåg, automationssystem och industrirobotar är exempel på produkter som är beroende av komplexa inbyggda mjukvarusystem, ofta bestående av milliontals rader programkod som utvecklats under många år. Dessa mjukvarusystem har möjliggjort helt nya funktioner, men även gjort pro-duktutveckling mer komplex. När nya funktioner läggs till komplexa system är det stor risk att fel uppstår, på grund av svårigheten att överblicka alla kon-sekvenser av ändringarna. Trots att produktföretagen lägger mycket tid och pengar på testning upptäcks inte alla fel vilket orsakar stora kostnader, t.ex. i form av återkallade bilar. Stora summor kan sparas och bättre produktk-valitet uppnås genom nya typer av utvecklingsverktyg som bättre identiﬁerar mjukvaruproblem så tidigt som möjligt i produktutvecklingsprocessen. Vissa typer av mjukvarufel är extra svåra att hitta och återskapa eftersom de bara uppstår i mycket speciella situationer, som t.ex. när datorns processor inte hinner köra en viss programkod inom avsedd tid. För vanliga PC datorer är så-dana fördröjningar vanliga, men orsakar oftast inte några större problem. För industriella mjukvarusystem, ofta tidskritiska, kan dock fördröjningar mätta i millisekunder orsaka allvarliga fel. Därför vill man tidigt i utvecklingen av nya funktioner kunna förutse hur CPU belastning och svarstider kommer att påverkas. Med denna analys kan produktföretag minska sina kostnader eftersom man kan förutse och undvika problem som annars orsakat kostnader, och man förbättrar produktens tillförlitlighet genom man minskar risken att införa svårfunna fel. För komplexa industriella system kräver denna analys en analyserbar modell som beskriver hur systemets delprogram utnyttjar de-lade resurser, som t.ex. processorn, och de möjliga kommunikationerna mellan delprogrammen samt med omgivningen. En sådan modell kan sedan analy-seras i ett simulatorprogram, utvecklad i för detta syfte, som visar effekten av föreslagna förändringar. Avhandlingen beskriver metoder och verktyg för att automatiskt skapa sådana modeller, baserat på analys av programkod och

(8)

iv

spelningar av mjukvarusystemet i drift, metoder för att analysera de skapade modellerna, metoder för att spela in information från simuleringar eller från det skarpa mjukvarusystem under drift, samt metoder för att jämföra simuler-ingsresultat med verkliga inspelningar från det modellerade mjukvarusystemet. De viktigaste delarna av detta har utvärderats på ett skarpt industriellt system, ett styrsystem för industrirobotar från ABB; dock ﬁnns ännu ingen integrerad helheltslösning som möjliggör skarp användning av analysramverket. Dellös-ningar är dock under separat kommersialisering i författarens företag, Percepio AB. Observera att lösningen som presenteras i Kapitel 5, Katana, är under

(9)

iv

spelningar av mjukvarusystemet i drift, metoder för att analysera de skapade modellerna, metoder för att spela in information från simuleringar eller från det skarpa mjukvarusystem under drift, samt metoder för att jämföra simuler-ingsresultat med verkliga inspelningar från det modellerade mjukvarusystemet. De viktigaste delarna av detta har utvärderats på ett skarpt industriellt system, ett styrsystem för industrirobotar från ABB; dock ﬁnns ännu ingen integrerad helheltslösning som möjliggör skarp användning av analysramverket. Dellös-ningar är dock under separat kommersialisering i författarens företag, Percepio AB. Observera att lösningen som presenteras i Kapitel 5, Katana, är under

(10)

Preface

This work has been supported by ABB, Bombardier Transportation, the Knowl-edge Foundation (KKS), and the Swedish Foundation for Strategic Research (SSF), through the strategic research center PROGRESS.

This thesis concludes a long and probably quite unusual journey which started back in 2002, in my Magister thesis project together with Jonas Ne-ander, at ABB Robotics. My main supervisor, Christer Norström, was at the time in a position as development manager at ABB Robotics. From his back-ground in academic time systems research he realized their need for real-time analysis support and initiated a quite open magister thesis project in that direction. In that work we ﬁrst investigated simulation as a means for tim-ing analysis and proposed a simulator solution named ART-ML. An interesttim-ing story from the magister thesis project is the reactions from experienced devel-opers when we showed them recordings of their system’s run-time behavior; even highly skilled, senior developers were surprised by some details. After working some time with embedded software development at ABB Robotics, as a consultant, in 2004 I got the opportunity to develop a new solution for trace recording and trace visualization. This resulted in the Tracealyzer tool and the trcrec recorder module, which quickly became an integrated part of their control system. The Tracealyzer is still (2010) used for monitoring and troubleshooting purposes at ABB Robotics and is now also a commercial prod-uct of Percepio AB. The initial purpose of the Tracealyzer was however trace visualization in the context of simulation-based timing analysis and it is still a key part in the timing analysis framework presented in this thesis.

In April 2003 I enrolled as a PhD student at MDH with support from ABB and ASTEC, a Vinnova competence center, initially working 50/50 at ABB Robotics and MDH. The ﬁrst years were quite straight-forward; I developed some tools, including the ﬁrst version of the RTSSim simulator, and outlined a process for (manual) simulation modeling and validation, which lead to a

(11)

Preface

This work has been supported by ABB, Bombardier Transportation, the Knowl-edge Foundation (KKS), and the Swedish Foundation for Strategic Research (SSF), through the strategic research center PROGRESS.

This thesis concludes a long and probably quite unusual journey which started back in 2002, in my Magister thesis project together with Jonas Ne-ander, at ABB Robotics. My main supervisor, Christer Norström, was at the time in a position as development manager at ABB Robotics. From his back-ground in academic time systems research he realized their need for real-time analysis support and initiated a quite open magister thesis project in that direction. In that work we ﬁrst investigated simulation as a means for tim-ing analysis and proposed a simulator solution named ART-ML. An interesttim-ing story from the magister thesis project is the reactions from experienced devel-opers when we showed them recordings of their system’s run-time behavior; even highly skilled, senior developers were surprised by some details. After working some time with embedded software development at ABB Robotics, as a consultant, in 2004 I got the opportunity to develop a new solution for trace recording and trace visualization. This resulted in the Tracealyzer tool and the trcrec recorder module, which quickly became an integrated part of their control system. The Tracealyzer is still (2010) used for monitoring and troubleshooting purposes at ABB Robotics and is now also a commercial prod-uct of Percepio AB. The initial purpose of the Tracealyzer was however trace visualization in the context of simulation-based timing analysis and it is still a key part in the timing analysis framework presented in this thesis.

In April 2003 I enrolled as a PhD student at MDH with support from ABB and ASTEC, a Vinnova competence center, initially working 50/50 at ABB Robotics and MDH. The ﬁrst years were quite straight-forward; I developed some tools, including the ﬁrst version of the RTSSim simulator, and outlined a process for (manual) simulation modeling and validation, which lead to a

(12)

viii

licentiate thesis presented in 2005.

Since January 2006 I have been employed 100 % at MDH, up until 2009 in the EXTRACT project, supported by KKS in collaboration with ABB and Bombardier Transportation, and thereafter in PROGRESS, supported by SSF. After my licentiate thesis (2005) I started working on methods and tools for automated model extraction since it was realized that manual modeling is not realistic for large industrial systems. Initially I worked on a semi-automated approach where some manual modeling still was required. However, during 2007 I realized that also the semi-automated approach would require too much manual modeling to be realistic and a fully automated model extraction tool would be necessary for realistic applicability on large industrial systems. Fi-nally, I ended up spending 18 months (almost full time) on developing the Katana algorithm and implementing a tool using this approach. I am however very happy with the end result; a U.S. patent application has recently been ﬁled regarding Katana. I hope the reader will ﬁnd this thesis as interesting to read as I found it interesting to write!

I would like to thank my current and former supervisors, especially Christer Norström for trying to keep me focused and for sharing his industrial insights, and Anders Wall for the many creative discussions during these years. Björn Lisper contributed as assistant supervisor up until my licentiate thesis and pro-vided many interesting ideas. I greatly appreciate the enthusiastic support from people at ABB, especially Peter Eriksson, Anders Wall, Goran Mustapic and Magnus Larsson, and from Bombardier Transportation, through Erik Gyl-lenswärd, Christer Persson and Anders Östmark. Our discussions during these years has provided a lot of valuable input from an industrial perspective and given me a much better understanding of software development for complex embedded systems. Your enthusiasm and positive spirit have been very sup-portive. Thanks a lot. I also want to thank Anders Öberg, Stefan Rönning and Mikael Åkerholm1_{at CC Systems}2_{for all your help and enthusiasm.}

I greatly appreciate the feedback I have received on my thesis drafts, from more people than expected. Apart from my supervisors, also Jan Carlsson, Ste-fan Bygde, Holger Kienle, Daniel Sundmark, Joel Huselius, and Bill Dittmann (Quadros Systems, Inc.) have provided great feedback! Thanks!

I really enjoyed working with Joel Huselius during 2004 – 2007, especially during the Sydney trip! I hope that we can stay in touch in the future, as friends and hopefully also as colleagues. Since 2006 I have worked a lot with Yue Lu, a nice and interesting collaboration with signiﬁcant cultural differences from I

1_{Now at ABB} 2_{Now Cross Control}

ix

have learned a lot. I hope we continue this in the future.

In February 2008 I met Markus Bohlin at the hospital where our respec-tive wives were recovering after delivering Idun and Gabriel. Markus and I knew each other brieﬂy from our undergraduate studies, but this started a col-laboration which lead to quite interesting results, presented in Chapter 4. This collaboration, which also involved Yue Lu, Per Kreuger and Thomas Nolte, was very interesting and fun, and I think we can do great things in the future.

I would like to thank all current and former colleagues at the department, including Joel Huselius, Thomas Nolte, Markus Bohlin, Holger Kienle, Hans Hansson, Yue Lu, Farhang Nemati, Mikael Åsberg, Moris Benham, Daniel Sundmark, Anders Pettersson, Mikael Åkerholm, Johan Fredriksson, Jonas Neander, Stefan Bygde, Dag Nyström, Jan Carlsson, Andreas Hjertström, Ste-fan Cedergren, Joakim Fröberg, Jukka Mäki-Turja, Stig Larsson, Kaj Hän-ninen, Sara Dersten, Peter Wallin, Rikard Lindell, Hüseyin Aysan, Hongyu Pei-Breivold, Rikard Land, Christer Sandberg, Andreas Ermedahl, Sigrid Eldh, Filip Öhman, Gunnar Widforss, Malin Rosquist, Ivica Crnkovic, Mikael Sjödin, Mats Björkman, Mikael Ekström, Martin Ekström, Jörgen Lidholm, Monica Wasell and Harriet Ekwall. Working with you has been great and I hope to see you around also in the future. The “SAVE-IT rockers” deserve special thanks for nice company during our morale-boosting school trips, like Grenoble!

My dear friends and ﬁshing buddies Christian Hultman, Christian Anders-son and Rickard Söderbäck deserve many thanks for all the fun (with or without ﬁshing gear) and for keeping me connected to reality during the periods I have been deep into my algorithms.

My parents, Lennart and Susanne, and sisters, Josefin and Kim, deserve many thanks for your love and support during all the years. Thanks for helping me in so many ways. I love you! My mother-in-law, Margareta, has been curi-ous and supportive throughout this journey. I am very grateful that you raised such a great girl and sent her to Västerås for me to find! Last but definitely not least, Birgitta and Gabriel, my beloved wife and son. Being with you give me inspiration and energy and without you, life would not be the same. I love you with all my heart!

Johan Kraft June 2010

(13)

viii

licentiate thesis presented in 2005.

Since January 2006 I have been employed 100 % at MDH, up until 2009 in the EXTRACT project, supported by KKS in collaboration with ABB and Bombardier Transportation, and thereafter in PROGRESS, supported by SSF. After my licentiate thesis (2005) I started working on methods and tools for automated model extraction since it was realized that manual modeling is not realistic for large industrial systems. Initially I worked on a semi-automated approach where some manual modeling still was required. However, during 2007 I realized that also the semi-automated approach would require too much manual modeling to be realistic and a fully automated model extraction tool would be necessary for realistic applicability on large industrial systems. Fi-nally, I ended up spending 18 months (almost full time) on developing the Katana algorithm and implementing a tool using this approach. I am however very happy with the end result; a U.S. patent application has recently been ﬁled regarding Katana. I hope the reader will ﬁnd this thesis as interesting to read as I found it interesting to write!

I would like to thank my current and former supervisors, especially Christer Norström for trying to keep me focused and for sharing his industrial insights, and Anders Wall for the many creative discussions during these years. Björn Lisper contributed as assistant supervisor up until my licentiate thesis and pro-vided many interesting ideas. I greatly appreciate the enthusiastic support from people at ABB, especially Peter Eriksson, Anders Wall, Goran Mustapic and Magnus Larsson, and from Bombardier Transportation, through Erik Gyl-lenswärd, Christer Persson and Anders Östmark. Our discussions during these years has provided a lot of valuable input from an industrial perspective and given me a much better understanding of software development for complex embedded systems. Your enthusiasm and positive spirit have been very sup-portive. Thanks a lot. I also want to thank Anders Öberg, Stefan Rönning and Mikael Åkerholm1_{at CC Systems}2_{for all your help and enthusiasm.}

I greatly appreciate the feedback I have received on my thesis drafts, from more people than expected. Apart from my supervisors, also Jan Carlsson, Ste-fan Bygde, Holger Kienle, Daniel Sundmark, Joel Huselius, and Bill Dittmann (Quadros Systems, Inc.) have provided great feedback! Thanks!

I really enjoyed working with Joel Huselius during 2004 – 2007, especially during the Sydney trip! I hope that we can stay in touch in the future, as friends and hopefully also as colleagues. Since 2006 I have worked a lot with Yue Lu, a nice and interesting collaboration with signiﬁcant cultural differences from I

1_{Now at ABB} 2_{Now Cross Control}

ix

have learned a lot. I hope we continue this in the future.

In February 2008 I met Markus Bohlin at the hospital where our respec-tive wives were recovering after delivering Idun and Gabriel. Markus and I knew each other brieﬂy from our undergraduate studies, but this started a col-laboration which lead to quite interesting results, presented in Chapter 4. This collaboration, which also involved Yue Lu, Per Kreuger and Thomas Nolte, was very interesting and fun, and I think we can do great things in the future.

I would like to thank all current and former colleagues at the department, including Joel Huselius, Thomas Nolte, Markus Bohlin, Holger Kienle, Hans Hansson, Yue Lu, Farhang Nemati, Mikael Åsberg, Moris Benham, Daniel Sundmark, Anders Pettersson, Mikael Åkerholm, Johan Fredriksson, Jonas Neander, Stefan Bygde, Dag Nyström, Jan Carlsson, Andreas Hjertström, Ste-fan Cedergren, Joakim Fröberg, Jukka Mäki-Turja, Stig Larsson, Kaj Hän-ninen, Sara Dersten, Peter Wallin, Rikard Lindell, Hüseyin Aysan, Hongyu Pei-Breivold, Rikard Land, Christer Sandberg, Andreas Ermedahl, Sigrid Eldh, Filip Öhman, Gunnar Widforss, Malin Rosquist, Ivica Crnkovic, Mikael Sjödin, Mats Björkman, Mikael Ekström, Martin Ekström, Jörgen Lidholm, Monica Wasell and Harriet Ekwall. Working with you has been great and I hope to see you around also in the future. The “SAVE-IT rockers” deserve special thanks for nice company during our morale-boosting school trips, like Grenoble!

My dear friends and ﬁshing buddies Christian Hultman, Christian Anders-son and Rickard Söderbäck deserve many thanks for all the fun (with or without ﬁshing gear) and for keeping me connected to reality during the periods I have been deep into my algorithms.

My parents, Lennart and Susanne, and sisters, Josefin and Kim, deserve many thanks for your love and support during all the years. Thanks for helping me in so many ways. I love you! My mother-in-law, Margareta, has been curi-ous and supportive throughout this journey. I am very grateful that you raised such a great girl and sent her to Västerås for me to find! Last but definitely not least, Birgitta and Gabriel, my beloved wife and son. Being with you give me inspiration and energy and without you, life would not be the same. I love you with all my heart!

Johan Kraft June 2010

(14)

Publications

The thesis author has previously authored or co-authored the following pub-lications. Note that the thesis author was named Johan Andersson up until October 2006.

Theses

Modeling the Temporal Behavior of Complex Embedded Systems – A Reverse Engineer-ing Approach, Johan Andersson, Licentiate Thesis, Mälardalen University Press, June, 2005.

Timing analysis of a robot controller, Johan Andersson and Jonas Neander, Magister Thesis, Mälardalen University, October, 2002.

Articles in Collection

Decreasing Maintenance Costs by Introducing Formal Analysis of Real-Time Behavior in Industrial Settings, Anders Wall, Johan Andersson and Christer Norström. In “Lever-aging Applications of Formal Methods, Lecture Notes in Computer Science (LNCS) 4313", p 130 – 145, Springer, November, 2006.

A Framework for Analysis of Timing and Resource Utilization targeting Complex Em-bedded Systems, Johan Andersson, Anders Wall and Christer Norström. In “ARTES – A network for Real-Time research and graduate Education in Sweden 1997 – 2006", p 297 – 329, Uppsala University, Editor(s): Hans Hansson, 2006.

A Dependable Open Platform for Industrial Robotics – A Case Study, Goran Mustapic, Johan Andersson, Christer Norström and Anders Wall. In “Architecting Dependable Systems II, Lecture Notes in Computer Science (LNCS) 3069", Editors: Rogerio de Lemos, Cristina Gacek, Alexander Romanovsky, 2004.

(15)

Publications

The thesis author has previously authored or co-authored the following pub-lications. Note that the thesis author was named Johan Andersson up until October 2006.

Theses

Modeling the Temporal Behavior of Complex Embedded Systems – A Reverse Engineer-ing Approach, Johan Andersson, Licentiate Thesis, Mälardalen University Press, June, 2005.

Timing analysis of a robot controller, Johan Andersson and Jonas Neander, Magister Thesis, Mälardalen University, October, 2002.

Articles in Collection

Decreasing Maintenance Costs by Introducing Formal Analysis of Real-Time Behavior in Industrial Settings, Anders Wall, Johan Andersson and Christer Norström. In “Lever-aging Applications of Formal Methods, Lecture Notes in Computer Science (LNCS) 4313", p 130 – 145, Springer, November, 2006.

A Framework for Analysis of Timing and Resource Utilization targeting Complex Em-bedded Systems, Johan Andersson, Anders Wall and Christer Norström. In “ARTES – A network for Real-Time research and graduate Education in Sweden 1997 – 2006", p 297 – 329, Uppsala University, Editor(s): Hans Hansson, 2006.

A Dependable Open Platform for Industrial Robotics – A Case Study, Goran Mustapic, Johan Andersson, Christer Norström and Anders Wall. In “Architecting Dependable Systems II, Lecture Notes in Computer Science (LNCS) 3069", Editors: Rogerio de Lemos, Cristina Gacek, Alexander Romanovsky, 2004.

(16)

xii

Conferences and Workshops

Trace Recording for Embedded Systems: Lessons Learned from Five Industrial Projects, Johan Kraft, Anders Wall and Holger Kienle. To appear in Proceedings of the 1st Inter-national Conference on Runtime Veriﬁcation, Malta, November, 2010.

A Statistical Approach for Validation of Task Simulation Models with Intricate Temporal Execution Dependencies, Yue Lu, Johan Kraft, Thomas Nolte and Christer Norström. In Proceedings (Work-In-Progress track) of the 16th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’10), Stockholm, Sweden, April, 2010. System-speciﬁc Static Code Analyses for Complex Embedded Systems, Holger Kienle, Johan Kraft and Thomas Nolte. In Proceedings of the 4th International Workshop on Software Quality and Maintainability (SQM’10), Madrid, Spain, March, 2010. Statistical-based Response-Time Analysis of Systems with Execution Dependencies be-tween Tasks, Yue Lu, Thomas Nolte, Johan Kraft and Christer Norström. In Proceedings of 15th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS’10), St. Anne’s College, University of Oxford, March, 2010.

Statistical-based Response-Time Analysis of Systems with Execution Dependencies be-tween Tasks, Yue Lu, Thomas Nolte, Johan Kraft and Christer Norström. In Proceedings (Work-In-Progress track) of the 30th IEEE Real-Time Systems Symposium (RTSS’09), Washington, DC, USA, December, 2009.

Simulation-Based Timing Analysis of Complex Real-Time Systems, Markus Bohlin, Yue Lu, Johan Kraft, Per Kreuger and Thomas Nolte. In Proceedings of the 15th IEEE International Conference on Embedded and Real-Time Computing Systems and Appli-cations (RTCSA’09), p 321 – 328, Beijing, China, August, 2009.

Transformational Speciﬁcation of Complex Legacy Real-Time Systems via Semantic An-choring, Yue Lu, Antonio Cicchetti, Stefan Bygde, Johan Kraft, Thomas Nolte and Christer Norström. In Proceedings of the 2nd IEEE International Workshop on Component-Based Design of Resource-Constrained Systems (CORCS’09), p 510 – 515, IEEE Com-puter Society Press, Seattle, Washington, USA, July, 2009.

Approximate Timing Analysis of Complex Legacy Real-Time Systems using Simulation Optimization, Yue Lu, Markus Bohlin, Johan Kraft, Per Kreuger, Thomas Nolte and Christer Norström. In Proceedings (Work-In-Progress track) of the 29th IEEE Real-Time Systems Symposium (RTSS’08), p 29 – 32, Barcelona, Spain, December, 2008.

xiii

Towards Migrating Legacy Real-Time Systems to Multi-Core Platforms, Farhang Ne-mati, Johan Kraft and Thomas Nolte. In Proceedings (Work-In-Progress track) of the 13th IEEE International Conference on Emerging Technologies and Factory Automa-tion (ETFA’08), p 717 – 720, IEEE Industrial Electronics Society, Hamburg, Germany, September, 2008.

Validation of Temporal Simulation Models of Complex Real-Time Systems, Farhang Nemati, Johan Kraft and Christer Norström. In Proceedings of the 1st IEEE Inter-national Workshop On Component-Based Design Of Resource-Constrained Systems (CORCS’08), Turku, Finland, July, 2008.

A Metaheuristic Approach for Best Effort Timing Analysis targeting Complex Legacy Real-Time Systems, Johan Kraft, Yue Lu, Christer Norström and Anders Wall. In Pro-ceedings of the 14th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS’08), St. Louis, MO, USA, April, 2008.

Extracting Simulation Models from Complex Embedded Real-Time Systems, Johan Kraft, Joel Huselius, Anders Wall and Christer Norström. Real-Time in Sweden 2007, Västerås, August, 2007.

Evaluating the Quality of Models Extracted from Embedded Real-Time Software, Joel Huselius, Johan Kraft, Hans Hansson and Sasikumar Punnekkat. In Proceedings of the 14th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, p 577 – 585, IEEE, Tucson, USA, March, 2007.

Extracting Simulation Models from Complex Embedded Real-Time Systems, Johan An-dersson, Joel Huselius, Christer Norström and Anders Wall. In Proceedings of the 2006 International Conference on Software Engineering Advances, IEEE, Tahiti, French Poly-nesia, October, 2006. Best Paper Award.

Automatic Generation and Validation of Models of Legacy Software, Joel Huselius, Jo-han Andersson, Hans Hansson and Sasikumar Punnekkat. In Proceedings of the 12th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA’06), p 342 – 349, Sydney, Australia, August, 2006.

Model Synthesis for Real-Time Systems, Joel G Huselius and Johan Andersson. In Pro-ceedings of the 9th European Conference on Software Maintenance and Reengineering (CSMR’05), p 52 – 60, Manchester, UK, March, 2005.

Decreasing Maintenance Costs by Introducing Formal Analysis of Real-Time Behav-ior in Industrial Settings, Johan Andersson, Anders Wall and Christer Norström. In Proceedings of the 1st International Symposium on Leveraging Applications of Formal Methods (ISoLA’04), Paphos, Cyprus, October, 2004.

(17)