Precise Cache Timing Analysis via Symbolic Execution

We present a framework for WCET analysis of programs with emphasis on cache micro-architecture. Such an analysis is challenging primarily because of the timing model of a dynamic nature, that is, the timing of a basic block is heavily dependent on the context in which it is executed. At its core, our algorithm is based on symbolic execution, and an analysis is obtained by locating the "longest" symbolic execution path. Clearly a challenge is the intractable number of paths in the symbolic execution tree. Traditionally this challenge is met by performing some form of abstraction in the path generation process but this leads to a loss of path-sensitivity and thus precision in the analysis. The key feature of our algorithm is the ability for reuse. This is critical for maintaining a high-level of path-sensitivity, which in turn produces significantly increased accuracy. In other words, reuse allows scalability in path-sensitive exploration. Finally, we present an experimental evaluation on well known benchmarks in order to show two things: that systematic path-sensitivity in fact brings significant accuracy gains, and that the algorithm still scales well.

[1]  Pascal Sainrat,et al.  PapaBench: a Free Real-Time Benchmark , 2006, WCET.

[2]  Xianfeng Li,et al.  Modeling out-of-order processors for software timing analysis , 2004, 25th IEEE International Real-Time Systems Symposium.

[3]  Jan Gustafsson,et al.  Algorithms for Infeasible Path Calculation , 2006, WCET.

[4]  WilhelmReinhard,et al.  Fast and Precise WCET Prediction by Separated Cache andPath Analyses , 2000 .

[5]  Björn Lisper,et al.  An Efficient Algorithm for Parametric WCET Calculation , 2009, 2009 15th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications.

[6]  Isabelle Puaut,et al.  Tracing Flow Information for Tighter WCET Estimation: Application to Vectorization , 2015, 2015 IEEE 21st International Conference on Embedded and Real-Time Computing Systems and Applications.

[7]  AbsInt Angewandte,et al.  Fast and Precise WCET Prediction by Separated Cache and Path Analyses , 1999 .

[8]  Jakob Engblom,et al.  The worst-case execution-time problem—overview of methods and survey of tools , 2008, TECS.

[9]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[10]  Roland H. C. Yap,et al.  The CLP( R ) language and system , 1992, TOPL.

[11]  Jan Gustafsson,et al.  Towards a flow analysis for embedded system C programs , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[12]  Bernd Becker,et al.  A Definition and Classification of Timing Anomalies , 2006, WCET.

[13]  Per Stenström,et al.  An Integrated Path and Timing Analysis Method based on Cycle-Level Symbolic Execution , 1999, Real-Time Systems.

[14]  Joxan Jaffar,et al.  Lazy Symbolic Execution for Enhanced Learning , 2014, RV.

[15]  Jan Reineke,et al.  Sound and Efficient WCET Analysis in the Presence of Timing Anomalies , 2009, WCET.

[16]  Alan Burns,et al.  Guest Editorial: A Review of Worst-Case Execution-Time Analysis , 2000, Real-Time Systems.

[17]  Sharad Malik,et al.  Performance Analysis of Embedded Software Using Implicit Path Enumeration , 1995, 32nd Design Automation Conference.

[18]  Jens Knoop,et al.  WCET squeezing: on-demand feasibility refinement for proven precise WCET-bounds , 2013, RTNS '13.

[19]  Jan Gustafsson,et al.  Deriving Annotations for Tight Calculation of Execution Time , 1997, Euro-Par.

[20]  Björn Lisper,et al.  Fully Automatic, Parametric Worst-Case Execution Time Analysis , 2003, WCET.

[21]  Viorica Sofronie-Stokkermans,et al.  Constraint solving for interpolation , 2007, J. Symb. Comput..

[22]  William Craig,et al.  Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory , 1957, Journal of Symbolic Logic.

[23]  Abhik Roychoudhury,et al.  Scalable and Precise Refinement of Cache Timing Analysis via Model Checking , 2011, 2011 IEEE 32nd Real-Time Systems Symposium.

[24]  Hermann Härtig,et al.  Cost and benefit of separate address spaces in real-time operating systems , 2002, 23rd IEEE Real-Time Systems Symposium, 2002. RTSS 2002..

[25]  Abhik Roychoudhury,et al.  Scope-Aware Data Cache Analysis for WCET Estimation , 2011, 2011 17th IEEE Real-Time and Embedded Technology and Applications Symposium.

[26]  Joxan Jaffar,et al.  Path-sensitive resource analysis compliant with assertions , 2013, 2013 Proceedings of the International Conference on Embedded Software (EMSOFT).

[27]  Joxan Jaffar,et al.  Symbolic simulation on complicated loops for WCET Path Analysis , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[28]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[29]  Reinhard Wilhelm,et al.  On Predicting Data Cache Behavior for Real-Time Systems , 1998, LCTES.

[30]  Pavol Cerný,et al.  Segment Abstraction for Worst-Case Execution Time Analysis , 2015, ESOP.

[31]  Sharad Malik,et al.  Performance estimation of embedded software with instruction cache modeling , 1995, ICCAD.

[32]  Raimund Kirner,et al.  Calculating WCET estimates from timed traces , 2015, Real-Time Systems.

[33]  J StuckeyPeter,et al.  The CLP( ℛ ) language and system , 1992 .

[34]  Andrew E. Santosa,et al.  Efficient Memoization for Dynamic Programming with Ad-Hoc Constraints , 2008, AAAI.

[35]  Y. N. Srikant,et al.  Path Sensitive Cache Analysis Using Cache Miss Paths , 2015, VMCAI.

[36]  Abhik Roychoudhury,et al.  Precise micro-architectural modeling for WCET analysis via AI+SAT , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[37]  David B. Whalley,et al.  Timing analysis for data caches and set-associative caches , 1997, Proceedings Third IEEE Real-Time Technology and Applications Symposium.

[38]  David Monniaux,et al.  How to compute worst-case execution time by optimization modulo theory and a clever encoding of program semantics , 2014, LCTES '14.