Zusammenfassung der Projektergebnisse

Current analysis techniques for critical real-time systems are based on complex pen-and-paper proofs that are error prone and hard to reuse. Real-time systems are at the heart of most modern safetycritical technologies, including avionics, automotive, robotics, and factory automation. To make sure they react in a timely fashion even in worst-case scenarios, rigorous validation efforts based on sophisticated timing analysis techniques are required. However, current analysis methods are backed by informal proofs, which are often difficult to follow, check, or reuse, and hence at risk of subtle, but fatal mistakes. As a result, an alarming number of unsound results had to be corrected in recent years. Famously, the timing analysis of the CAN bus (used in most modern cars) was refuted 13 years after initial publication. More recently, a systematic evaluation of the literature on self-suspending real-time systems found a large number of flaws, many of them due to an unsound generalization of a proof. Computer-assisted proofs have the potential to prevent such mathematical errors. Formalizing existing real-time analysis methods could both avoid errors in their proofs and ease their reuse, adaptation to a new context or even their combination to provide improved, more precise, results. Interactive theorem provers enable computers to automatically check mathematical proofs, ensuring they are free of reasoning errors. Proof assistants are software tools providing a formal language to express mathematical definitions, theorem statements and their proofs. The tool is then able to check the wellformedness of the definitions and statements and the validity of the proofs. Moreover, proof assistants help users interactively develop the proofs. Using a proof assistant to formalize the foundations of real-time analyses allows us to achieve the required level of confidence. At the same time, it alleviates peer review of future results, as only specifications must be agreed upon while proofs can be trusted. The past decade has shown that proof assistants have now reached a level of maturity that makes them suitable for such a task. The Coq proof assistant was chosen as it is a mature tool of which project partners had some extensive and positive prior experience. Furthermore, Coq is able to perform computations, which makes it possible to manage certificates coming from other tools, achieving a high assurance level while retaining the possibility to exploit the efficiency of specialized analysis and verification tools. We have used the Coq proof assistant to formalize the foundations of two main analysis techniques, namely classical Response Time Analyses (RTA) and Network Calculus (NC). In addition, we have built mathematical links between the Compositional Performance Analysis method (CPA), RTA and NC. Finally, Coq automatic tactics have been developed to check RTA and NC certificates. A third tool has been designed to target specifically CAN bus analysis with high efficiency. These results show the feasibility of using certified proofs for the analysis of real-time systems, as well as the many benefits resulting from it beyond certified correctness. One of the project partners was granted an ERC funding to pursue investigation on this subject and two of the project’s software tools are currently being licensed. The project yielded sixteen publications in international conferences or journals with review committees such as ECRTS, RTAS, RTNS, DATE, CAV or NFM. Most of these publications were accompanied by a Coq formalization, often based on the Prosa library developed within the project. Most of this code is available under either free open source licenses or licenses enabling non commercial use. The RT-proofs project is a fundamental research project between INRIA, ONERA and VERIMAG on the French side, and the Max-Plack Institute for Software Systems and TU Braunschweig on the German side.

Projektbezogene Publikationen (Auswahl)

• A Generalized Digraph Model for Expressing Dependencies. Proceedings of the 26th International Conference on Real-Time Networks and Systems, 72-82. ACM.
  Fradet, Pascal; Guo, Xiaojie; Monin, Jean-François & Quinton, Sophie
  
• A Generic Coq Proof of Typical Worst-Case Analysis. 2018 IEEE Real-Time Systems Symposium (RTSS), 218-229. IEEE.
  Fradet, Pascal; Lesourd, Maxime; Monin, Jean-Francois & Quinton, Sophie
  
• Correspondence article: a correction of the reduction-based schedulability analysis for APA scheduling. Real-Time Systems, 55(1), 136-143.
  Gujarati, Arpan; Cerqueira, Felipe; Brandenburg, Björn B. & Nelissen, Geoffrey
  
• “On Strong and Weak Sustainability, with an Application to Self-Suspending Real-Time Tasks.” In: 30th Euromicro Conference on Real-Time Systems, ECRTS 2018, July 3-6, 2018, Barcelona, Spain. 2018, 26:1–26:21.
  Felipe Cerqueira, Geoffrey Nelissen & Björn B. Brandenburg
  
• “Towards Synchronization in Prosa.” In: 30th Euromicro Conference on Real-Time Systems, ECRTS 2018, July 3-6, 2018, Barcelona, Spain.
  Antonin Riffard, Felipe Cerqueira & Björn B. Brandenburg
  
• CertiCAN: A Tool for the Coq Certification of CAN Analysis Results. 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 182-191. IEEE.
  Fradet, Pascal; Guo, Xiaojie; Monin, Jean-Francois & Quinton, Sophie
  
• Increasing Accuracy of Timing Models: From CPA to CPA+. 2019 Design, Automation & Test in Europe Conference & Exhibition, 1210-1215. IEEE.
  Kohler, Leonie; Nikolic, Borislav; Ernst, Rolf & Boyer, Marc
  
• Integrating Formal Schedulability Analysis into a Verified OS Kernel. Lecture Notes in Computer Science, 496-514. Springer International Publishing.
  Guo, Xiaojie; Lesourd, Maxime; Liu, Mengqi; Rieg, Lionel & Shao, Zhong
  
• “Abstract Response-Time Analysis: A Formal Foundation for the Busy-Window Principle.” In: 32nd Euromicro Conference on Real-Time Systems, ECRTS 2020, July 7-10, 2020, Virtual Conference. Ed. by Marcus Völp. Vol. 165. LIPIcs. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2020, 22:1–22:24.
  Sergey Bozhko & Björn B. Brandenburg
  
• A generic approach for the certified schedulability analysis of software systems. 2021 IEEE 27th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA), 83-92. IEEE.
  Guo, Xiaojie; Rieg, Lionel & Torrini, Paolo
  
• Work-in-Progress: Automatically Generated Response-Time Proofs as Evidence of Timeliness. 2021 IEEE Real-Time Systems Symposium (RTSS), 512-515. IEEE.
  Maida, Marco; Bozhko, Sergey & Brandenburg, Bjorn
  
• “A Residual Service Curve of Rate-Latency Server Used by Sporadic Flows Computable in Quadratic Time for Network Calculus.” In: 33rd Euromicro Conference on Real-Time Systems, ECRTS 2021, July 5-9, 2021, Virtual Conference. Ed. by Björn B. Brandenburg. Vol. 196. LIPIcs. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2021, 14:1–14:21.
  Marc Boyer; Pierre Roux; Hugo Daigmorte & David Puechmaille
  
• “Verifying Min-Plus Computations with Coq.” In: NASA Formal Methods - 13th International Symposium, NFM 2021, Virtual Event, May 24-28, 2021, Proceedings. Ed. by Aaron Dutle, Mariano M. Moscato, Laura Titolo, César A. Muñoz, and Ivan Perez. Vol. 12673. Lecture Notes in Computer Science. Springer, 2021, pp. 287–303.
  Lucien, Rakotomalala; Pierre, Roux & Marc, Boyer
  
• “A Formal Link Between Response Time Analysis and Network Calculus.” In: 34th Euromicro Conference on Real-Time Systems, ECRTS 2022, July 5-8, 2022, Modena, Italy. Ed. by Martina Maggio. Vol. 231. LIPIcs. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2022, 5:1–5:22.
  Pierre Roux, Sophie Quinton & Marc Boyer
  
• “Checking validity of the min-plus operations involved in the analysis of a real-time embedded network.” In: ERTS 2022- 11th European Congress Embedded Real Time System. Toulouse, France, June 2022
  Marc Boyer, Pierre Roux & Hugo Daigmorte
  
• “Foundational Response-Time Analysis as Explainable Evidence of Timeliness.” In: 34th Euromicro Conference on Real-Time Systems, ECRTS 2022, July 5-8, 2022, Modena, Italy. Ed. by Martina Maggio. Vol. 231. LIPIcs. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2022, 19:1–19:25
  Marco Maida, Sergey Bozhko & Björn B. Brandenburg