GameTime: A Toolkit for Timing Analysis of Software



Similar documents
Network Monitoring in Multicast Networks Using Network Coding

Making Dynamic Memory Allocation Static To Support WCET Analyses

µz An Efficient Engine for Fixed points with Constraints

Timing Analysis of Real-Time Software

HVM TP : A Time Predictable and Portable Java Virtual Machine for Hard Real-Time Embedded Systems JTRES 2014

EECS 583 Class 11 Instruction Scheduling Software Pipelining Intro

InvGen: An Efficient Invariant Generator

Model Checking: An Introduction

Obfuscation: know your enemy

Memory Allocation Technique for Segregated Free List Based on Genetic Algorithm

Applications of obfuscation to software and hardware systems

Software Pipelining - Modulo Scheduling

Regression Verification: Status Report

Reliability Guarantees in Automata Based Scheduling for Embedded Control Software

AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS

A STUDY OF TASK SCHEDULING IN MULTIPROCESSOR ENVIROMENT Ranjit Rajak 1, C.P.Katti 2, Nidhi Rajak 3

Optimization of ETL Work Flow in Data Warehouse

Algebraic Computation Models. Algebraic Computation Models

Static Program Transformations for Efficient Software Model Checking

Lecture 2 Introduction to Data Flow Analysis

Static Analysis. Find the Bug! : Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

Performance Workload Design

How To Encrypt Data With A Power Of N On A K Disk

SIMS 255 Foundations of Software Design. Complexity and NP-completeness

3/25/ /25/2014 Sensor Network Security (Simon S. Lam) 1

Parallel Ray Tracing using MPI: A Dynamic Load-balancing Approach

FPGA area allocation for parallel C applications

Multiobjective Multicast Routing Algorithm

SYSM 6304: Risk and Decision Analysis Lecture 5: Methods of Risk Analysis

Why? A central concept in Computer Science. Algorithms are ubiquitous.

Optimizations. Optimization Safety. Optimization Safety. Control Flow Graphs. Code transformations to improve program

MEng, BSc Applied Computer Science

Compression algorithm for Bayesian network modeling of binary systems

Instruction Set Architecture (ISA)

Firewall Verification and Redundancy Checking are Equivalent

Integer Factorization using the Quadratic Sieve

FoREnSiC An Automatic Debugging Environment for C Programs

An Exception Monitoring System for Java

Optimization Modeling for Mining Engineers

OPTIMAL DESIGN OF DISTRIBUTED SENSOR NETWORKS FOR FIELD RECONSTRUCTION

Experimental Analysis of Privacy-Preserving Statistics Computation

Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring

A Modular Representation of a Business Process Planner

Random vs. Structure-Based Testing of Answer-Set Programs: An Experimental Comparison

A Dynamic Programming Approach for Generating N-ary Reflected Gray Code List

Fault Localization in a Software Project using Back- Tracking Principles of Matrix Dependency

Formal Verification Problems in a Bigdata World: Towards a Mighty Synergy

Risk Management for IT Security: When Theory Meets Practice

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

A Network Flow Approach in Cloud Computing

SEQUENCES ARITHMETIC SEQUENCES. Examples

Testing LTL Formula Translation into Büchi Automata

CORRELATED TO THE SOUTH CAROLINA COLLEGE AND CAREER-READY FOUNDATIONS IN ALGEBRA

Optimised Realistic Test Input Generation

Cost Model: Work, Span and Parallelism. 1 The RAM model for sequential computation:

Keywords: Dynamic Load Balancing, Process Migration, Load Indices, Threshold Level, Response Time, Process Age.


Architectures and Platforms

2) Write in detail the issues in the design of code generator.

A Business Process Services Portal

Instruction Set Design

Competitive Analysis of On line Randomized Call Control in Cellular Networks

MEng, BSc Computer Science with Artificial Intelligence

A Lab Course on Computer Architecture

Throughput constraint for Synchronous Data Flow Graphs

Module 10. Coding and Testing. Version 2 CSE IIT, Kharagpur

DiPro - A Tool for Probabilistic Counterexample Generation

Lightweight Service-Based Software Architecture

Lecture 2: Universality

Adaptive Linear Programming Decoding

Fault Analysis in Software with the Data Interaction of Classes

Lecture 15 An Arithmetic Circuit Lowerbound and Flows in Graphs

CSE 504: Compiler Design. Data Flow Analysis

Generalized DCell Structure for Load-Balanced Data Center Networks

C H A P T E R. Logic Circuits

UFO: Verification with Interpolants and Abstract Interpretation

Approximation Algorithms

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

YOU CAN COUNT ON NUMBER LINES

An Analytical Framework for Measuring Network Security using Exploit Dependency Graph

Introduction to Scheduling Theory

Prediction of Business Process Model Quality based on Structural Metrics

A Performance Study of Load Balancing Strategies for Approximate String Matching on an MPI Heterogeneous System Environment

International Workshop on Field Programmable Logic and Applications, FPL '99

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Programming Using Python

Transcription:

GameTime: A Toolkit for Timing Analysis of Software Sanjit A. Seshia and Jonathan Kotker EECS Department, UC Berkeley {sseshia,jamhoot}@eecs.berkeley.edu Abstract. Timing analysis is a key step in the design of dependable real-time embedded systems. In this paper, we present GameTime, a toolkit for execution time analysis of software. GameTime is based on a combination of game-theoretic online learning and systematic testing using satisfiability modulo theories (SMT) solvers. In contrast with many existing tools for timing analysis, GameTime can be used for a range of tasks, including estimating worst-case execution time, predicting the distribution of execution times of a task, and finding timing-related bugs in programs. We describe key implementation details of GameTime and illustrate its usage through examples. 1 Introduction Timing properties of embedded systems are determined by the behavior of both the control software and the platform the software executes on. The verification of such properties is made difficult by their heavy dependence on characteristics of the platform, including details of the processor and memory hierarchy. Several kinds of timing analysis problems arise in practice. First, for hard real-time systems, a classic problem is to estimate the worst-case execution time (WCET) of a terminating software task. Such an estimate is relevant for verifying if deadlines or timing constraints are met as well as for use in scheduling strategies. Second, for soft real-time systems, it can be useful to estimate the distribution of execution times exhibitable by a task. Third, it can be very useful to find a test case on which the program exhibits anomalous timing behavior; e.g., a test case causing a task to miss its deadline. Finally, in software-in-the-loop simulation, the software implementation of a controller is simulated along with a model of the continuous plant it controls, with the simulations connected using execution time estimates. For scalability, such simulation must be performed on a workstation, not on the target embedded platform. Consequently, during the workstation-based simulation, it is necessary to predict the timing of the program along a particular execution path on the target platform. All of the problems mentioned in the preceding paragraph are instances of predicting a particular execution time property of a terminating software task. In this paper, we present GAMETIME, a toolkit for timing analysis of software. In contrast with existing tools for timing analysis (see, e.g., []), GAMETIME can predict not only extreme-case behavior, but also certain execution time statistics (e.g., the distribution) as well as a program s timing along particular execution paths. Additionally, it is measurementbased, making it easy to port to new platforms. The GAMETIME approach, along with an exposition of theoretical and experimental results, including comparisons with other P.A. Abdulla and K.R.M. Leino (Eds.): TACAS 011, LNCS 6605, pp. 9, 011. c Springer-Verlag Berlin Heidelberg 011

GameTime: A Toolkit for Timing Analysis of Software 9 methods, is described in existing papers [5,6]. The goal of this paper is to describe the overall tool flow along with aspects of the implementation not described in detail in those papers. We also illustrate, with a running example, how GAMETIME can be used to make various execution time predictions. Running Example We consider programs P where loops have statically-known finite loop bounds and function calls have known finite recursion depths. Thus P can be unrolled to an equivalent program Q where every execution path in the (possibly cyclic) control-flow graph of P is mapped 1-1 to a path in the acyclic control-flow graph of Q. Our running example is the modular exponentiation code given in Figure 1(a). Modular exponentiation is a necessary primitive for implementing public-key encryption and decryption. The unrolled version of this code for a -bit exponent is given in Figure 1(b). 1 modexp(base, exponent) { result = 1; for(i=exp_bits; i>0; i--) { // EXP_BITS = 5 if ((exponent & 1) == 1) { 6 result = (result * base) % p; } exponent >>= 1; 9 base = (base * base) % p; 10 } 11 return result; 1 } (a) Original code P 1 modexp_unrolled(base, exponent) { result = 1; if ((exponent & 1) == 1) { result = (result * base) % p; 5 } 6 exponent >>= 1; base = (base * base) % p; // unrolling below 9 if ((exponent & 1) == 1) { 10 result = (result * base) % p; 11 } 1 exponent >>= 1; 1 base = (base * base) % p; 1 return result; 15 } (b) Unrolled code Q Fig. 1. Modular exponentation. Both programs compute the value of base exponent modulo p The GAMETIME Approach We begin with a brief overview of the approach taken by GAMETIME and a description of one of the core components, the generation of basis paths of a program (Sec..1). Sec.. gives a sample experimental result on the running example described in Sec.. Figure depicts the operation of GAMETIME. As shown in the top-left corner, the process begins with the generation of the control-flow graph (CFG) corresponding to the program, where all loops have been unrolled to the maximum loop bound, and all function calls have been inlined into the top-level function. The CFG is assumed to have a single source node (entry point) and a single sink node (exit point); if not, dummy source and sink nodes are added. The next step is a critical one, where a subset of program paths, called basis paths are extracted. These basis paths are those that form a basis for the set of all paths, in the standard linear algebra sense of a basis. A satisfiability modulo theories (SMT) solver is invoked to ensure that the generated basis paths are feasible. We discuss this step in more detail in Sec..1.

90 S.A. Seshia and J. Kotker PROGRAM Compile Program for Platform Measure timing on Test Suite directed by Learning Algorithm i 1 i 5 i 101 Generate Control-Flow Graph, Unroll Loops, Inline Functions, etc. TEST SUITE LEARNING online ALGORITHM i 1 i i PREDICT TIMING PROPERTIES (worst-case, distribution, etc.) Fig.. GAMETIME overview CONTROL-FLOW GRAPH (DAG) Extract FEASIBLE BASIS PATHS with corresponding Test Cases SMT SOLVER The basis paths are generated along with the corresponding test cases that drive execution down those paths. The program is then compiled for the target platform, and executed on these test cases. In the basic GAMETIME algorithm (described in [5,6]), the sequence of tests is randomized, with basis paths being chosen uniformly at random to be executed. The overall execution time of the program is recorded for each test case. From these end-to-end execution time measurements, GAMETIME s learning algorithm generates a weighted graph model that is used to make predictions about timing properties of interest. The predictions hold with high probability; see the previous papers on GAMETIME [5,6] for details. In principle, GAMETIME can be set up to use any compiler front-end to generate the CFG and perform test generation along basis paths using an SMT solver; we have experimented with using both CIL [] and the Microsoft Phoenix compiler front-end [1]. Similarly, any SMT solver for the combination of bit-vector arithmetic and arrays can be used. The core GAMETIME algorithms (involving linear algebra to generate basis paths and the learning algorithm) are implemented separately in Python..1 Generating Basis Paths In the CFG extracted from a program, nodes correspond to program counter locations, and edges correspond to basic blocks or branches. Figure (a) denotes the control-flow graph for the code Edge labels indicate in Figure 1(b). Each source-sink 1 1 1 1 1 Edge IDs, and positions in vector path in the CFG can be represented as a 0-1 vector with m representation elements, where m is the number of edges. The interpretation x 1 = (1, 1, 0, 0, 1, 1, 0, 0, 1) 5 5 5 5 5 x = (1, 0, 1, 1, 1, 1, 0, 0, 1) x = (1, 1, 0, 0, 1, 0, 1, 1, 1) is that the ith entry of a path vector is 1 iff the ith edge is on the 6 6 6 x = (1, 0, 1, 1, 1, 0, 1, 1, 1) path (and 0 otherwise). For example, in the graph of Fig. (a), x = x + x - x 1 9 9 9 9 9 each edge is labeled with its (a) CFG for (b) Basis paths (c) Additional (d) Vector index in the vector representation of the path. For example, modexp x 1, x, x path x representations (unrolled) edge and correspond to the Fig.. CFG and Basis Paths for Code in Fig. 1(b) else (0th bit of exponent =0) and then branches of the condition statements at lines and 9

GameTime: A Toolkit for Timing Analysis of Software 91 respectively in the code, while edge 5 corresponds to the basic block comprising lines 6 and. We denote by P the subset of {0, 1} m corresponding to valid program paths. Note that this set can be exponentially large in m. A key feature of GAMETIME is the ability to exploit correlations between paths so as to be able to estimate program timing along any path by testing a relatively small subset of paths.this subset is a basis of the path-spacep, with two valuable properties: any path in the graph can be written as a linear combination of the paths in the basis, and the coefficients in this linear combination are bounded in absolute value. The first requirement says that the basis is a good representation for the exponentially-large set of possible paths; the second says that timings of some of the basis paths will be of the same order of magnitude as that of the longest path. These properties enable us to repeatedly sample timings of the basis paths to reconstruct the timings of all paths. As GAMETIME constructs each basis path, it ensures that it is feasible by formulating and checking an SMT formula that encodes the semantics of that path; a satisfying assignment yields a test case that drives execution down that path. Fig. (b) shows the basis paths for the graph of Fig. (a). Here x 1, x,andx are the paths corresponding to exponent taking values 00, 10, and01 respectively. Fig. (c) shows the fourth path x, expressible as the linear combination x + x x 1 (see Fig. (d)). Fig.. Actual (striped) and Predicted (shaded) Execution Times for Code in Fig. 1. The number of feasible basis paths b is bounded by m n + (where n is the number of CFG nodes). Note that our example graph has a -diamond structure, with feasible paths, any of which make up a basis. In general, an N-diamond graph with N feasible paths has at most N +1basis paths. Computing tests for all basis paths can be viewed as a structural test coverage criterion. Covering all basis paths (for any basis) gives full statement and branch coverage, but not full path coverage. Also, generating tests for basis paths can be viewed as a way of exploiting the structure of the program s CFG for systematic test generation. We have found basis path coverage to be valuable for the prediction of timing properties of a program.. Sample Experimental Result We used GAMETIME to estimate the distribution of execution times of modexp function for an -bit exponent (56 program paths) by testing only the (9) basis paths. The experiments were performed for the StrongARM-1100 processor which implements the ARM instruction set with a 5-stage pipeline and both data and instruction

9 S.A. Seshia and J. Kotker caches using the SimIt-ARM cycle-accurate simulator []. Fig. shows the predicted and actual distribution of execution times we see that GAMETIME predicts the distribution perfectly. Also, GAMETIME correctly predicts the WCET (and produces the corresponding test case: exponent=55). Acknowledgments. This work was supported in part by NSF grants CNS-066 CNS-06, and CNS-1056, an Alfred P. Sloan Research Fellowship, and the Multiscale Systems Center (MuSyC), one of six research centers funded under the Focus Center Research Program (FCRP), a Semiconductor Research Corporation entity. We also acknowledge the contributions of Andrew Chan, Sagar Jain, and Min Xu to the development of GAMETIME. References 1. Phoenix software optimization and analysis framework, https://connect.microsoft.com/phoenix. Necula, G., et al.: CIL - infrastructure for C program analysis and transformation, http://manju.cs.berkeley.edu/cil/. Qin, W., Malik, S.: Simit-ARM: A series of free instruction-set simulators and microarchitecture simulators, http://embedded.eecs.berkeley.edu/mescal/forum/.html. Wilhelm, R., et al.: The Determination of Worst-Case Execution Times Overview of the Methods and Survey of Tools. ACM Transactions on Embedded Computing Systems, TECS (00) 5. Seshia, S.A., Rakhlin, A.: Game-theoretic timing analysis. In: Proc. IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 55 5 (00) 6. Seshia, S.A., Rakhlin, A.: Quantitative analysis of systems using game-theoretic learning. ACM Transactions on Embedded Computing Systems (TECS) (to appear)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information