N-version Programming in WCET Analysis: Revisiting a Discredited Idea

摘要

Worst-case execution time (WCET) analysis is safe in theory, but it may not truly be safe in practice. Even if a particular analysis algorithm is sound, its implementation may contain bugs that result in unsafe WCET estimation. This potential for error is serious, given that the usual purpose of WCET analysis is to verify the correctness of hard real-time systems-software on which entire missions and even human lives may depend. A possible solution lies in N-version programming, where N teams of developers work independently on N unique but equivalent implementations. Although this fault-tolerance technique has been criticized for its statistical assumptions and high cost, it may be perfectly suited to address the inherent risks in implementing WCET analysis tools. This paper argues that N-version programming still has merit and cites an example of how the technique improved the quality of two WCET analysis tools at relatively low cost.