Andreas Sailer
Reverse Engineering of Real-Time System Models From Event Trace Recordings
Reihe: Schriften aus der Fakultät Wirtschaftsinformatik und Angewandte Informatik der Otto-Friedrich-Universität BambergModel-driven approaches are experiencing an increasing acceptance in the automotive domain thanks to the availability of the AUTOSAR standard, which defines an open software architecture for the model-based development of real-time systems and a corresponding development methodology. However, the process of creating models of existing system components is often difficult and time consuming, especially when legacy code is involved or information about the exact timing is needed. The research community tackles this problem by developing algorithms for automatically deriving characteristics of the system’s timing behaviour, e.g., response times and resource blockings from various artefacts such as source code or runtime measurements.
This work focuses on reversely engineering an AUTOSAR-compliant model, which can be used for further processing including timing simulation and optimisation, via a dynamic analysis from trace recordings of a real-time system.
Although software reverse engineering via dynamic analysis has a long history, little research targets embedded systems and its use for multi-core architectures is largely unresearched. Furthermore, related work mainly discusses the analysis of individual characteristics of a real-time system, such as execution times or stimulation patterns instead of creating a description of the entire system. Huselius, whose work is among the publications most related to the topic of this thesis, proposes a technique to reverse engineer a model that reflects the general temporal behaviour of the original real-time software. However, like other existing solutions, it was not developed with AUTOSAR in mind. It is also not feasible to make this approach applicable to the automotive domain, because Huselius has not considered some required details, such as activation patterns, scheduling information, and compliance to the standardised development methodology of AUTOSAR.
We want to tackle this deficiency by introducing, in this work, an approach that seizes on Huselius’s considerations and extends them in order to make them applicable to the automotive domain. To do so, we present CoreTAna, a prototypical tool that derives an AUTOSAR compliant model of a real-time system by conducting dynamic analysis using trace recordings. Its reverse engineering approach is designed in such a way that it fits seamlessly into the methodology specified by AUTOSAR. CoreTAna’s current features are explained and their benefits for reverse engineering are highlighted, and a framework for evaluating the quality of synthesised models is described.
Motivated by the challenge of assessing the quality of reverse engineered models of real-time software, we also introduce a mathematical measure for comparing trace recordings from embedded real-time systems regarding their temporal behaviour and a benchmark framework based on this measure, for evaluating reverse engineering tools such as CoreTAna. This framework considers common system architectures and also includes randomly generated systems and systems of projects in the automotive domain and other industries. Finally, CoreTAna’s performance and applicability are evaluated on the basis of this benchmark.