Finding Failures in Real-Time Systems Using Realistic Model Scheduling

Abstract

Model-Driven Engineering (MDE) has developed into an increasingly accepted and established research field. With the widespread use of MDE development methods, the need for analysis of models becomes imperative. One form of analysis is temporal correctness. Temporal correctness depends on timing assumptions for each functional model. The functional models usually are based on a Synchronous Reactive (SR) execution paradigm, and the model executes simultaneously and instantaneously. It assumes the model behaviors are completed in approximately zero execution time, while the implementation execution requires a finite execution time, which may cause a failure.

This thesis extends the Matlab/Simulink (ML/SL) environment to model the real-time system's timing properties. We develop a tool SimSched, which can schedule ML/SL models more realistically so that ML/SL simulation can reflect the real-time execution on the target platform with non-zero simulation times. It enables a more realistic analysis during model development at the early stage to reduce the software maintenance cost. SimSched supports AUTOSAR (AUTomotive Open System ARchitecture), an open industry standard for the automotive sector. To address AUTOSAR's lack of support for modeling behaviors of runnables, languages such as ML/SL are employed. SimSched uses a model transformation to integrate scheduling into the model to validate the real-time context during a simulation.

To evaluate SimSched, we turn to mutation testing. Model-based mutation testing (MBMT) is a specific variant of model testing. It generates faulty versions of a model using mutation operators to evaluate and improve test cases. Mutation testing is an effective way to ensure software correctness and has been applied to various application areas. Simulink is a vital modeling language for real-time systems. This thesis introduces ML/SL model mutation analysis to improve Model-in-the-loop(MIL) testing. We propose a set of Simulink mutation operators based on AUTOSAR, which reflects the temporal correctness when a Simulink model is mapped to Operating System tasks. We implement a mutation framework that generates mutants for implicit clock Simulink models. We demonstrate how this framework generates mutants to reveal task interference issues in the simulation.