N-Version Programming in WCET Analysis: Revisiting a Discredited Idea
Worst-Case Execution Time (WCET) analysis is safe in theory, but it may not truly be safe in practice. Even if a particular analysis algorithm is sound, its implementation may contain bugs that result in unsafe WCET estimation. This potential for error is serious, given that the usual purpose of WCET analysis is to verify the correctness of hard real-time systems - software on which entire missions and even human lives may depend. A possible solution lies in N-version programming, where N teams of developers work independently on N unique, but equivalent implementations. Although this fault-tolerance technique has been criticized for its statistical assumptions and high cost, it may be perfectly suited to address the inherent risks in implementing WCET analysis tools.