Validation and Evaluation

Question 1

Definition: Evaluation

Answer 1

• Evaluation is the process of computing quantitative information of some key characteristics of a certain (possible partial) design
• qualitative, give number on how good the product is

Question 2

Definition: Validation

Answer 2

Validation is the process of checking wether or not a certain (possibly partial) design is appropriate for its purpose, meet all constraints and will perform as expected (yes/no decision)

Question 3

Give criteria for evaluation

Answer 3

• average- & worst-case delay
• power/energy consumption
• thermal behavior
• reliability, safetey, security
• cost, size,
  weight,
  EMC characteristics
• radiation hardness, environmental friendliness

Question 4

What is the solution space and what is the objective space?

Answer 4

• Solution space: Design decisions (number of processors, size of memories, type and width of busses …)
• Objective space: (results from decisions in solution space) for example: power/energy consumption, size, weight…

Question 5

Pareto points: when does a solution dominate?

Answer 5

A vector u dominates a vector v if u is “better” than v with respect to one objective and not worse than v with respect to all other objectives

Question 6

Pareto points: When is a solution indifferent?

Answer 6

A vector u is indifferent in respect to v if neither u dominates v nor v dominates u.

Question 7

Pareto-optimal?

Answer 7

If x is a solution and there is no other solution that dominates x, then x is a Pareto-point and the solution pareto-optimal.

x is also pareto-optimal if it is non-dominated with respect to all solutions

Question 8

Pareto-Set, Pareto-Front?

Answer 8

• A pareto-set is the set of all Pareto-optimal solutions.

- Pareto-sets define a Pareto-Front (boundry of dominated sub-space)

Question 9

What is Design Space Evaluation?

Answer 9

(DSE) based on Pareto-points is the process of finding and returning a set of Pareto-optimal designs to the user, enabling the user to select the most appropriate design

Question 10

Execution time, what objectives must be checked?

Answer 10

• Average execution time and worst-case execution time (WCET)
• WCET must firstly be smaller than Time constraint and it must be safe, meaning that the measured WCET is smaller than the estimated (given by you) WCETest. Also it must be tight (small difference between WCETest and known WCET)

Question 11

In generals WCETest are unable to determine for sure, especially for modern complex systems. What tools exist to get WCETest?

Answer 11

• Hardware: requires detailed timing behavior
• Software: requires availability of machine programs; complex analysis
• analysis of loop cicles, pipeline/cache (static analysis)
• analysis of path length (longest = WCET)

Question 12

Realtime calculus / MPA (modular performance analysis): Arrival Curves opposed to Service curves

Answer 12

• arrival curves: demand of phys. environment to our system (+/- higher and lower bounds ‘jitter’),
• service curves: capabilities that the embedded device provides (ie. TDMA [‘round-robin’] bus giving bandwidth to task or computing power)

(V.5 p. 28ff)

Question 13

Realtime calculus / MPA: work load characterization?

Answer 13

• how much time does it take to handle certain number of events (upper/lower bound)
• –> WCET, BCET

Question 14

Realtime calculus (RTC) in Modular Performance Analysis: Remarks?

Answer 14

• the three curves with lower/upper bounds: Arrival curves, service curves and work load characterization contribute with their function to an overall timing understanding of the system
• high level abstraction, mathematical (and formally proven)

Question 15

Pros of Modular Performance Analysis for timing analysis?

Answer 15

• easy to construct models
• evaluation speed is fast and linear to model complexity
• needs little information to construct early models
• even though involved mathematics is very complex, the method is easy to use (ie. using Matlab toolbox)

Question 16

Average vs. Worst-Case Energy Consumption

Answer 16

• Average energy consumption is based on the consumption for selected sets of input data
• worst-case energy consumption is a safe upper-bound on the energy consumption

Question 17

Energy-consumption predictability?

Answer 17

• hardly from source code (compiler&linker impact not known)
• small variations can lead to variation of energy consumption (example: shifting code in memory by one byte)
• energy consumption must be predicted from executable code! (like WCET)
• might even depend on which instance of the hardware is used

Question 18

Instruction-dependent costs in the CPU?

Answer 18

• depend on one-bits in the registers/variables (ones are energy expensive)
• depend on kind and order of instructions (ADD, MUL,SHL etc.) –> switching between hardware denoted by ‘hamming distance’

Question 19

What is the hamming distance?

Answer 19

• distance between the corresponding hardware to handle instructions like ADD (ALU), SHL (Bit shifting), MUL etc
• contributes to energy consumption

Question 20

Terms: failure, error, fault?

Answer 20

• (Service) failure: is an event that occurs when the delivered service of a system deviates from the correct service.
• Error: is the part of the total state of the system that may lead to its subsequent service failure
• Fault: the adjudged or hypothized cause of an error (can be internal or external of a system)

Question 21

Define the Reliability R(t) and Failure F(t)

Answer 21

• The Reliability R(t) is the probability that the time until the first failure is larger than some time t
• The Failure F(t)

F(t) + R(t) = 1

Question 22

Define Failure rate

Answer 22

The failure rate is the probability of the system failing between time t and t+dt
(probability at a certain time interval)

Question 23

What is FIT?

Answer 23

• Measurement (‘failure-in-time’) for failure rate
• 1 FIT is the rate of failures in10^-9 per hour
  (= or at most one failure in 10^9 hours)

Question 24

What can make a system more reliable than its components?

Answer 24

Redundancy

Question 25

Kopetz’s 12 Design Principles (1-3)?

Answer 25

1. safety considerations are part of the specification, driving the entire design process
2. prescice specifications of design hypotheses must (including expected failures and their probability) be documented
3. Fault containment regions (FCR) must be made right at the beginning. Faults in one FCR should not affect other FCRs

Question 26

Kopetz’s 12 Design Principles (4-6)?

Answer 26

4. A consistent notion of time and state must be established. Otherwise it will be impossible to differentiate between original and follow-up errors
5. Well-defined interfaces have to hide the internal of components (abstraction)
6. It must be ensured that components fail independently (ensures redundancy)

Question 27

Kopetz’s 12 Design Principles (7-9)?

Answer 27

7. principle of self-confidence: components should consider themselves to be correct unless two or more other components pretend the contrary to be true
8. fault tolerance mechanisms must not be designed such that they do not create any additional difficulty in explaining the behavior of the system. Also they should be decoupled from the regular function.
9. the system must be designed for diagnosis. for exampe it has to be possible to identify existing (but masked) errors

Question 28

Kopetz’s 12 Design Principles (10-12)

Answer 28

10. the man-machine interface must be intuitive and forgiving. Safety should be maintained despite mistakes made by humans.
11. Every anomaly should be recorded. These anomalies may be unobservable at the regular interface level. Recording should involve internal effects, otherwise the may be masked by fault tolerance mechanisms.
12. provide a nerver-give-up strategy. ES may have to provide uninterrupted service. Going offline is unacceptable.

Question 29

Limitations of Simulations?

Answer 29

• typically slower than actual design –> violations of timing constraints
• simulations in the real environment may be dangerous
• hugh amounts of data –> may be impossible to simulate enough data in available time
• most actual systems are too complex to allow all possible cases (inputs)
• simulations can help find errors in designs but the cannot guarantee the absence of errors!

Question 30

What is Rapid Prototyping?

Answer 30

• quickly generated ES which behaves similar to final product
• may be larger, more power consuming an have other properties that can be accepted in the validation phase
• can be built, for example using FPGA

Question 31

What is Emulation?

Answer 31

Hybrid: Simulations based on models which are approximations of real systems, while other parts of the system are implemented in real hardware

Question 32

What is formal verification? (ideal/real)

Answer 32

• formally proving a system correct, using the language of mathematics
• formal model required -> obtaining this cannot be automated
• when model available -> try to prove properties

Ideal: formally verified tools transforming specifications into implementations (‘correctness by construction’)
Real: non-verified tools and manual design steps -> validation of each and every design required

Question 33

Model checking: verification and analysis of the state space of the system. Three steps?

Answer 33

1. Generation of a formal model of the system to be verified
2. Definition of the properties expected
3. Model checking (actual verification)