Your browser does not support JavaScript! Skip to main content
Free 30-day trial DO-178C Handbook RapiCoupling Preview DO-178C Multicore Training Multicore Resources
Rapita Systems
 

Industry leading verification tools & services

Rapita Verification Suite (RVS)

  RapiTest - Unit/system testing  RapiCover - Structural coverage analysis  RapiTime - Timing analysis (inc. WCET)  RapiTask - Scheduling visualization  RapiCoverZero - Zero footprint coverage analysis  RapiTimeZero - Zero footprint timing analysis  RapiTaskZero - Zero footprint scheduling analysis  RapiCouplingPreview - DCCC analysis

Multicore Verification

  MACH178  MACH178 Foundations  Multicore Timing Solution  RapiDaemons

Engineering Services

  V&V Services  Data Coupling & Control Coupling  Object code verification  Qualification  Training  Consultancy  Tool Integration  Support

Industries

  Civil Aviation (DO-178C)   Automotive (ISO 26262)   Military & Defense   Space

Other

RTBx Mx-Suite Software licensing Product life cycle policy RVS Assurance issue policy RVS development roadmap

Latest from Rapita HQ

Latest news

SAIF Autonomy to use RVS to verify their groundbreaking AI platform
RVS 3.22 Launched
Hybrid electric pioneers, Ascendance, join Rapita Systems Trailblazer Partnership Program
Magline joins Rapita Trailblazer Partnership Program to support DO-178 Certification
View News

Latest from the Rapita blog

How to certify multicore processors - what is everyone asking?
Data Coupling Basics in DO-178C
Control Coupling Basics in DO-178C
Components in Data Coupling and Control Coupling
View Blog

Latest discovery pages

control_tower DO-278A Guidance: Introduction to RTCA DO-278 approval
Picture of a car ISO 26262
DCCC Image Data Coupling & Control Coupling
Additional Coe verification thumb Verifying additional code for DO-178C
View Discovery pages

Upcoming events

Avionics and Testing Innovations 2025
2025-05-20
DASC 2025
2025-09-14
DO-178C Multicore In-person Training (Fort Worth, TX)
2025-10-01
DO-178C Multicore In-person Training (Toulouse)
2025-11-04
View Events

Technical resources for industry professionals

Latest White papers

Mitigation of interference in multicore processors for A(M)C 20-193
Sysgo WP
Developing DO-178C and ED-12C-certifiable multicore software
DO178C Handbook
Efficient Verification Through the DO-178C Life Cycle
View White papers

Latest Videos

Rapita Systems - Safety Through Quality
Simulation for the Motorola 68020 microprocessor with Sim68020
AI-driven Requirements Traceability for Faster Testing and Certification
Multicore software verification with RVS 3.22
View Videos

Latest Case studies

GMV case study front cover
GMV verify ISO26262 automotive software with RVS
Kappa: Verifying Airborne Video Systems for Air-to-Air Refueling using RVS
Supporting DanLaw with unit testing and code coverage analysis for automotive software
View Case studies

Other Resources

 Webinars

 Brochures

 Product briefs

 Technical notes

 Research projects

 Multicore resources

Discover Rapita

Who we are

The company menu

  • About us
  • Customers
  • Distributors
  • Locations
  • Partners
  • Research projects
  • Contact us

US office

+1 248-957-9801
info@rapitasystems.com
Rapita Systems, Inc.
41131 Vincenti Ct.
Novi
MI 48375
USA

UK office

+44 (0)1904 413945
info@rapitasystems.com
Rapita Systems Ltd.
Atlas House
Osbaldwick Link Road
York, YO10 3JB
UK

Spain office

+34 93 351 02 05
info@rapitasystems.com
Rapita Systems S.L.
Parc UPC, Edificio K2M
c/ Jordi Girona, 1-3
Barcelona 08034
Spain

Working at Rapita

Careers

Careers menu

  • Current opportunities & application process
  • Working at Rapita
Back to Top Contact Us

Breadcrumb

  1. Home

Discover Worst-Case Execution Time

  • Intro
  • What is WCET?
  • Calculating WCET
  • WCET in multicore
  • RapiTime

Importance of Worst-Case Execution Time

The importance of worst-case execution time (WCET) can be illustrated using a simple example relating to a system to control air bags in an automobile. If the airbag does not deploy within certain timing deadlines, its effectiveness in preventing injury to the driver may be negatively affected. Similar use cases exist in other safety-critical industries including aerospace, rail, nuclear etc.

For this reason, DO-178C guidance for aerospace and the ISO 26262 standard for automotive both require WCET estimates of your application and its critical sub-routines as evidence to support your certification argument.

MC/DC

What is WCET?

First, some terminology. A task is a piece of code that is to be run within a single thread of execution. A task issues a sequence of jobs to the processor which are queued and executed.

The time spent by the job actively using processor resources is its execution time. The execution time of each job instance from the same task is likely to differ.

Execution times are of interest to real-time systems designers usually in the context of worst-case execution times. High level system requirements will specify maximum response times for a task, known as a deadline.

Worst-case execution time is the maximum length of time a task takes to execute on a specific hardware platform. WCET is a metric commonly used in reliable real-time systems which have a non-negotiable deadline for execution. Real-time systems need to be able to receive inputs, process them and then return results quickly enough to affect the environment at that time.

Methods of calculating WCET

1. Measurement analysis

Measurement analysis involves measuring execution times of short code segments on real hardware or on simulator for some set of inputs. Measurements are taken by using a processor clock or external hardware units such as the oscilloscope of a logic analyzer. Using this technique, a developer can analyze the worst observed execution time - known as high-water mark time – and the likelihood of the occurrence of the worst-case scenario.

Measurement based analysis can’t provably identify WCET as, in general, only a subset of the executions are exercised, which may not contain the worst-case scenario.






MC/DC

For a variety of reasons, the use of measurement-based analysis tends to be the more practical approach, and consequently the approach used for many systems past and present. Because of the vast number of possible paths through the code, that could be taken, there is still the concern that you could miss a long execution time. Therefore, in practice, the optimism of a measurement-based approach is reduced by adding a "safety margin", for example, adding 20% to the longest observed execution time.

2. Static analysis

Static analysis WCET estimation was developed as an alternative to measurement-based estimation. The main advantage of static analysis is that it is not necessary to take measurements from a real target, minimizing cost and effort.

Static analysis estimation requires a precisely accurate model of the timing characteristics of the processor, which includes the behavior of pipelines, caches, memory, buses, and any other feature of the hardware under examination that may affect execution time of machine instructions. This is done without executing the code.

However, static analysis suffers from two key weaknesses:

  • It is pessimistic as it identifies the pathological – worst theoretically possible - WCET.
  • Complex architectures, such as multicore processors, cannot be accurately modelled.

3. Hybrid method

Rapita use a third approach – hybrid WCET estimation, using a combination of three techniques:

  • Recognizing that the best possible model of a processor is the processor itself, hybrid approaches use online testing to measure the execution time of short sub-paths between decision points in the code.
  • Support offline analysis with information obtained during testing, such as numbers of loop iterations, and execution frequencies (modal operation) to build up a model of the overall code structure and determine which combinations of sub-paths form complete and feasible paths through the code.
  • Measurement and path analysis information is combined to compute worst-case execution times in a way that captures execution time variation on individual paths due to hardware effects.


control_flow

Using these techniques, hybrid analysis aims to provide a value between the overly pessimistic WCET of static analysis and the optimistic values of pure measurement.

Execution times are determined from real measurements, addressing the first problem with static-only WCET: we can avoid relying on an MCP model that may contain errors, meaning it can be applied to more complex system models.

Another advantage of hybrid analysis is that we can obtain other accurate on-target timing metrics such as high and low water marks, execution frequencies, and execution time distributions.

Timing analysis-whitepapers
 
Choose your free Timing Analysis White Paper:
When you contact us, we will process your personal data in accordance with our data protection policy, please see our Customer Privacy Information for more information.

WCET in multicore and complex systems

 

As mentioned previously, static analysis falls short when complex architectures, such as multicore processors, are being modelled. Model-based WCET analysis is designed to identify pathological WCET and therefore produces extremely pessimistic estimates. As the FAA identifies in the Assurance of Multicore Processors in Airborne Systems document, “Abstractions used for the WCET evaluation, for instance processor models, may not be correct or be so inaccurate that the computed WCETs are too pessimistic”. For this reason, it is intractable to estimate WCET in multicore system using static analysis.

When performing WCET analysis on multicore systems, the hybrid approach is the only effective method for generating useful timing metrics. That said, the conventional hybrid approach to single-core analysis does not answer multicore WCET estimation on its own, as it does not account for interference due to contention for shared resources and other hardware idiosyncrasies. Static WCET estimation techniques cannot account for all possible sources of interference; and even if they could, they would be hugely complex and computationally expensive to run.

For more information on performing WCET estimation on multicore systems, visit our Multicore Timing Solution page.

Rapita's approach to WCET

Rapita’s unique hybrid timing analysis tool is called RapiTime and is identified by The FAA as “an example of a mature tool" for dynamic timing analysis. By using a novel hybrid technique to produce WCET estimations, RapiTime eliminates the problems often encountered when using pure static or measurement-based approaches:

  • As RapiTime measures software timing on your processor itself, the WCET it calculates is not affected by model errors
  • RapiTime lets you specify infeasible paths in your source code and considers different call and loop contexts that may affect WCET
  • RapiTime allows you to estimate WCET using transitions between instrumentation points, thereby analyzing execution paths more accurately for more realistic WCET estimates.
rapitime

You can find out more about Rapita’s methodology for evaluating WCET for DO-178 standards in our whitepaper. Alternatively, this webinar explains how Rapita tackles WCET for multicore applications.

control_flow
 

View WCET analysis webinar

 
  • Solutions
    • Rapita Verification Suite
    • RapiTest
    • RapiCover
    • RapiTime
    • RapiTask
    • MACH178

    • Verification and Validation Services
    • Qualification
    • Training
    • Integration
  • Latest
  • Latest menu

    • News
    • Blog
    • Events
    • Videos
  • Downloads
  • Downloads menu

    • Brochures
    • Webinars
    • White Papers
    • Case Studies
    • Product briefs
    • Technical notes
    • Software licensing
  • Company
  • Company menu

    • About Rapita
    • Careers
    • Customers
    • Distributors
    • Industries
    • Locations
    • Partners
    • Research projects
    • Contact
  • Discover
    • Multicore Timing Analysis
    • Embedded Software Testing Tools
    • Worst Case Execution Time
    • WCET Tools
    • Code coverage for Ada, C & C++
    • MC/DC Coverage
    • Verifying additional code for DO-178C
    • Timing analysis (WCET) & Code coverage for MATLAB® Simulink®
    • Data Coupling & Control Coupling
    • Aerospace Software Testing
    • Automotive Software Testing
    • Certifying eVTOL
    • DO-178C
    • AC 20-193 and AMC 20-193
    • ISO 26262
    • What is CAST-32A?

All materials © Rapita Systems Ltd. 2025 - All rights reserved | Privacy information | Trademark notice Subscribe to our newsletter