A METHOD OF PREDICTING THE MAINTENANCE PERIOD OF EMBEDDED SYSTEMS FOR PREVENTING BREACH OF THEIR TIME REQUIREMENTS

The work deals with a significant problem of ensuring that the execution time of a firmware running inside a microcontroller-based real-time embedded system never goes out of its expected range, no matter for how long the embedded system has been used. Once having been tested before the first usage, a newly created embedded system is gradually getting slower in its response, due to the fact that its hardware components get worn-out with aging. A possible solution is a replacement of the hardware components that most contribute to such a change in the response time of the embedded system. If such a replacement takes place too far in advance, long before hardware components actually start showing any decline in their response time, the above-mentioned solution is cost-ineffective and impractical, as it leads to a waste of equipment and efforts. We introduce a method for predicting the appropriate maintenance period of a real-time embedded system on the basis of the characteristics of its hardware components.


INTRODUCTION
The firmware execution time is one of the most important metrics of software running in real-time embedded systems, as the applicability of the latter depends not only on the logical correctness of such a software, but also on the timeliness of its results [1].If a real-time embedded system fails to accomplish its time-critical functions on time, it might lead to catastrophic consequences, thus a breach of time requirements can be considered as the failure of a system.
Thus, in order to ensure the required level of reliability and safety of real-time embedded systems, additional kinds of software analysis should be applied to them.One of such kinds is an analysis of the firmware execution time controlled by standards DO178B [2] and ARINC 653 [3].However, these standards do not regulate any conditions for testing and do not prescribe any methods that would make allowances for the fact that hardware components of an embedded system are gradually getting worn-out over time and, for this reason, the response time of any embedded system tends to worsen over time (the longer an embedded system has been in use, the slower its response time proves to be).
One of the ways to keep the firmware execution time within its expected range is to perform the maintenance of an embedded system on time, i.e., to replace all the hardware items composing the system, that tend to show some noticeable decline in their response time with age.
If a replacement of hardware components has been done too early, long before any considerable change in the firmware response time takes place, the procedure proves to be a waste of components, costs for the delivery of an embedded system under maintenance to the manufacturer's office, and human resources responsible for such a replacement.On the other hand, if a replacement takes place too late, the whole embedded system does not respond within an expected time period any longer, i.e., fails to function properly.
In [4] the approach and modeling technique for estimation availability function of FPGA basedsystems using a two different strategy of maintenance was presented.However, this approach can be used for estimating embedded system that is based on microcontroller.
The work is aimed at the development of a method that would enable a manufacturer of a real-time embedded system to determine the most reasonable maintenance period, i.e., such a maintenance period that is free of a waste of time and costs attendant to replacing old specimens of hardware components with new ones and, at the same time, enables the manufacturer to ensure that the execution time of the firmware running in the embedded system never exceeds its maximum allowed value.

RELEVANT WORKS
All the modern methods for analysis of the firmware execution time fall into two large groups in accordance with the main principle of their execution: static methods and dynamic methods.
Static methods do not assume any real firmware execution, i.e. the firmware runs neither in an embedded system nor in an emulator during static analysis.All methods of this group use the source code of the firmware in question and/or the model of the hardware architecture of the embedded system being considered.
Since the architectures of processors are constantly evolving, there is a constant need in modification of the existing models so that they keep applicable.Thus, when a new processor hardware model is developed, those who work on modification of static models focus their attention on the structure of the cash memory and the analysis of the content of the cash [5][6][7], the structure of the instruction pipeline [8,9], and losses in data rate during transmitting data via communication interfaces [10].However, the more sophisticated the architectures of modern processors become, the more efforts and time their analysis and modification of the models require.
Moreover, static methods never take into consideration the influence of the environment on the firmware execution time.Besides, static methods do not make allowances for the dependence of the firmware execution time on the age of the underlying hardware components.
Dynamic methods for analysis of the firmware execution time are based on the actual measurement of the response time of the firmware running inside a real embedded system or a simulator.Due to their close connection with the real execution of firmware, they are considered to be potentially more accurate than static methods, for any measured execution time does include the influence of different ambient factors implicitly.Thus, a dynamic method makes allowances for a variety of factors influencing the firmware execution time and not only the source code itself.Moreover, in most cases measurement of the execution time is performed in real working conditions, but not in some artificial, laboratory environment, completely different from the real one.Typically, dynamic methods are applied to measure the firmware execution time using a logical analyzer or an oscilloscope [11,12], hardware tracing [13,14], integration of an additional code into an embedded system being tested [15,16] or simulators of an embedded system [17].Each of these approaches has their advantages and disadvantages.However, neither of dynamic methods takes into consideration the fact that the execution time of any firmware running inside a real embedded system might change because the underlying hardware components change their behavior with age.Thus, these dynamic methods provide one-shot results for an embedded system either before it started being used or at the very beginning of its life cycle, but no predictions were made what would happen to the firmware execution time with age.
All the above said statements lead to the idea of developing a method that would promote to determine the maintenance period to ensure that the execution time of the firmware running in the embedded system never exceeds its maximum allowed value.

CONCEPT CONSTRUCT AND TASK FORMULATION
In order to predict the execution time of a program code, we represent the code as a control flow graph (Fig. 1).The vertices of a control flow graph denote operators or function calls.The edges represent connections between vertices.
The execution time of any branch in a program ( b  ) can be calculated by the following formula: where i  is the time spent on vertex i (i.e., the time spent on execution of instruction i), n is the total number of vertices in the branch.
The total execution time of a program branch depends not only on the duration of an instruction but on the response time of different peripheral devices as well, and the latter tend to get slower in their response over time.
Taking into account this fact, we can expand formula (1) as follows: ) ( where j  is the time spent on vertex j (the time of execution of the corresponding instruction), k is the number of vertices that take always the same amount of time to be executed (the corresponding instructions do not depend on any peripheral devices, but on the microcontroller's computational resources only), і  is the time spent on execution of an instruction that depends on the response time of a peripheral device (the response time changes with the age of a peripheral device), T is the time period of the embedded system's being in use, l is the number of vertices such that the time spent on them depends on the response time of peripheral devices composing the embedded system.
Thus, we came to the conclusion that there exists a lack of such a method for estimation of the firmware execution time that would make allowances for the fact that the response time of peripheral devices changes over the time of their use.Such a method would allow calculation of the maintenance period of an embedded system in question.

INPUT DATA
In accordance with the technical report [18], we established the dependence of the response time of a hardware component on the time during which it has been in use.The results are summarized in Table 1.The nominal value of the response time is equal to 7.812•10 -3 s [19].The results of calculation of the response time of a peripheral device on the basis of the data from Table 1, are presented in Table 2.The dependence of the response time on the time of being in use, drawn on the basis of the experimental data, is shown in Fig. 2. Having analyzed the above-stated data, one can conclude that the analytical dependence could be approximated well enough using regression methods including methods of linear, cubic and logarithmic regression.

CHOSING AN APPROPRIATE MODEL
In order to calculate the response time of a peripheral device using the linear regression method, we apply the following formula: where T is the time period during which the peripheral device has been used, and a and b are some coefficients that can be evaluated using formulas (4) and ( 5): Using formulas ( 4) and ( 5 In order to evaluate the response time of a peripheral device using the cubic regression method, we apply the following formula: where c b a , , and d are some coefficients that can be evaluated when solving the following equation set: The response time of a peripheral device using the logarithmic regression method can be calculated by the applying the following formula: where a and b are some coefficients that have to be calculated using formulas (11) and (12).

THE INACCURACY OF THE MODELS
In order to choose the most appropriate regression model, we have to verify how the results provided by each of the above-mentioned models fit the experimental data.In order to do this, we first visualize the analytical dependencies obtained on the basis of the coefficients, calculated previously, and visually compare the resulting curves with the graph built on the basis of the experimental data.
Then, we choose a number of equal-distant points on the time axis that did not participate in either of the above-mentioned equation sets used for calculation of coefficients a and b .For each of the chosen time points, we evaluate the difference between the experimental data and the results provided by each of the regression methods.
The average approximation error is calculated by the formula: 1 100 Using formula ( 14) we calculated the average approximation errors: for linear regression method: for cubic regression method: for logarithmic regression method: For visual comparison of the obtained results, we show a graph depicting the experimental data and the approximation results obtained by the linear, cubic and logarithmic regression methods, Fig. 3.As one can see on the graph, the cubic regression method provides the least approximation inaccuracy (on average).Thus, we chose this method for predicting the firmware execution time and the right time moments of embedded systems' maintenance.

EXPERIMENTS
In order to verify our ideas about the importance of taking into account the aging effects of electronic units for predicting an appropriate maintenance period of an embedded system, we chose a commercial product, the main functions of which include regular measurement of the temperature and pressure inside industrial pumps, logging all the values of the temperature and pressure lower or higher than their allowed lower an upper limits correspondingly, and control of valves on the basis of the temperature and pressure readings.
The firmware thread responsible for measurement is shown in Fig. 4. In accordance with the user requirements, the thread responsible for measurement should be executed each 100 ms, and the maximum execution time of the thread's fragment intended for measurement and saving data, should not exceed 70 ms.
The thread used here as an example contains functions of two types:  Functions, the execution time of which depends only on the computational capabilities of the underlying microcontroller (osSignalWait, memset, local_compensation, ADC_code2temp). Functions, the execution time of which depends on the response time of peripheral devices (the execution time of function ADS_Read() depends on the response time of an external ADC ASD1118.The execution time of function WriteToExternalMemory() depends on the response time of an external flash memory.The execution time of Valve_control function depends on the execution time of the module responsible for controlling the valves.In order to predict the execution time of a firmware fragment, we find out that the nominal value of the response time for external ADC ADS1118 is equal to 15.625 mcs, in accordance with the device's datasheet [19].
From the datasheet [20] of flash memory AT45DB041E we fetch the nominal value of its response time (0.5 mcs).
Here we assume that the dependence of the response time on the time of being in use is similar to that one presented in Table 1.
We have calculated the response time of the peripheral devices in the reference points.The calculation results are given in Tables 3 and 4.
2) The approximation coefficients for calculating the response time of flash memory AT45DB041E.
Using the approach described in [10], we estimate the execution time of each function that depends only on the computational resources of the underlying microcontroller.
In accordance with formula (2), we evaluate the execution time of the fragment of the thread in firmware intended for measuring and logging data.The calculation results of the execution time with consideration of the aging effect and without such consideration are shown in Fig. 5.The obtained results demonstrate that if one ignores the influence of the aging effect of a peripheral device on the response time of the latter particularly and the firmware execution time in general, one is likely to underestimate the execution time of the whole embedded system's firmware drastically, and such an underestimation might have catastrophic consequences in real-time embedded systems.
Making allowances for the influence of the aging effect on the firmware execution time would enable us to predict the right time for the maintenance of an embedded system before the latter becomes inapplicable because it fails to perform its timecritical tasks quickly enough.
For example, on the basis of the obtained results, we came to the conclusion that in order to ensure that a specific firmware fragment meets its required execution time, one should replace the worn-out components in the embedded system in question after three years of being in use.

DISCUSSION OF THE RESULTS
The research carried out by the authors show that the least approximation inaccuracy can be achieved due to the cubic regression method, thus one needs to choose the cubic approximation when predicting the suitable maintenance period.
It's worth bearing in mind that in order to calculate the approximation coefficients with the minimum inaccuracy we need to use the response time of a peripheral device, not the difference between the nominal value of the response time and the actual value.
For this reason, one should evaluate the approximation coefficients for each peripheral device individually, even if different peripheral devices are characterized by the same change of their response time with respect to the nominal value in percent, with age.For example, device 1 responses within 1 ms, device 2 -within 5 ms and device 3 -within 7 ms and the response time of each of these devices changes by 10% after three months and by 15% after six months of being in use.Despite the fact that it would be convenient to operate with relative values, which are identical for the three devices, we still should take the absolute value of the response time of each device individually.
Significant advantage is in the fact that input data for proposed method can be obtained using any static or dynamic method for analysis of the firmware execution time, which was represented in chapter 2.

CONCLUSION AND FUTURE WORK
In this work, we have solved an important problem of determining the most appropriate time moments for maintaining an embedded system in order to ensure that the execution time of the firmware running in this system is kept within its required range and the system is still able to perform its time-critical tasks on time.
The approximation coefficients presented in this paper are unique for the hardware component taken as an example to show the significance of the aging effect in electronic units in general.In order to apply the proposed method for predicting the most appropriate maintenance period for an arbitrary microcontroller-based real-time embedded system, one should take the following steps.First, one is supposed to detect the hardware components that tend to change their behavior over time and apply the cubic regression method in order to draw the analytical dependency of the hardware component's response time on the time period, during which it has been in use.One should make sure that the analytical dependency is correct by evaluation the average approximation error.Then, one finds the maximum time value at which the execution time calculated using formula (2) still does not exceed the allowed limit.
Our further planned research is aimed at automating the proposed approach and integrating the module that implements it into a software tool intended for automated testing of the execution time of firmware running in embedded systems.

Figure 1 -
Figure 1 -An example of a control flow graph that represents a function in a program.

Table 2 .
The dependence of the response time on how long the system has been in use.

Figure 2 -
Figure 2 -The dependence of the response time on the time of being in use.
), we can figure out that the values of the coefficients a and b for approximation by the linear regression method are as follows: ), we have figured out that the values of coefficients a and b for approximation by the logarithmic regression methods are as follows:

Figure 3 -
Figure 3 -The experimental data and analytical dependencies of the response time of a peripheral device on the time of being in use.

Figure 4 -
Figure 4 -An example of a time-critical thread in firmware.

Table 3 .Table 4 .
The dependence of the response time of ADC ADS1118 on the time during which it has been in use.The dependence of the response time of Flash AT45DB041E on the time during which it has been in use.

Fig. 5 -
Fig. 5 -The execution time of a software code that taking into account the aging effect and without it.