Home (RTSOPS 2026) | Program | Call for Abstracts | Organizers | Submission Instructions | Collection of Open Problems
RTSOPS 2026 will take place on July 7th, 2026 in Lund, Sweden, in conjunction with ECRTS 2026.
Program Overview
RTSOPS 2026 includes an Industrial Open Problem “A Tale of Two Challenges”. presented by Silviu S. Craciunas (TrustMotion / NXP).
The talk introduces a publicly released automotive cause-effect-chain benchmark and frames open questions in end-to-end timing analysis and schedule synthesis. The presentation is scheduled in Session 3. The extended abstract, together with the benchmark DOI and repository link, is provided below in the corresponding program entry.
| 9:00–10:30 | Session 1: Foundations: Scheduling, Hardware & Memory | |
| 9:00–9:30 | Reshaping Real-Time Workload Geometry to the Dimensions of Modern Hardware | Bryan Ward (Vanderbilt University) |
| 9:30–10:00 | Worst-case memory latency and distributed DRAM banks | Raffaele Zippo (University of Pisa) |
| 10:00–10:30 | Schedules, Lag, Fraenkel, and Tribonacci, all at Once | Enrico Bini (University of Turin) |
| 10:30–11:00 | Coffee break | |
| 11:00–12:30 | Session 2: Designing Timing-Correct Systems: Control, Autonomy & Chains | |
| 11:00–11:30 | Closing the Control Abstraction Gap: From Linear Control Models to Fine-Grained Verification of Control Software | Martina Maggio (Saarland University) |
| 11:30–12:00 | Toward the Right Analytical Model and System Software for Autonomous Driving Systems: Open Problems and Research Directions | Atsushi Yano & Takuya Azumi (Saitama University / TIER IV) |
| 12:00–12:30 | Challenges in the design of cause-effect chains: How to tune the end-to-end latency? | Matthias Becker (KTH) |
| 12:30–14:00 | Lunch | |
| 14:00–15:30 | Session 3: Questioning the State of the Art in Chain Analysis | |
| 14:00–14:30 | Expected end-to-end latency of cause-effect chains | Yde Sinnema (Lund University) |
| 14:30–15:00 | A Tale of Two Challenges | Silviu S. Craciunas (TrustMotion / NXP) |
| 15:00–15:30 | Open discussion & closing remarks | |
Session 1 – 9:00–10:30:
Foundations: Scheduling, Hardware & Memory
Building blocks of real-time analysis: from scheduling theory and workload models to worst-case memory latency on modern COTS hardware.
> Reshaping Real-Time Workload Geometry to the Dimensions of Modern Hardware
Invited Speaker: Bryan Ward
Affiliation: Vanderbilt University
> Worst-case memory latency and distributed DRAM banks
Invited Speaker: Raffaele Zippo
Affiliation: University of Pisa
Abstract:
A critical component in worst-case timing of computing systems is the memory latency. Modern COTS systems employ many techniques to improve the memory performance in the average case: there are multiple layers of caches, physically distinct DRAM banks, with address hashing algorithms designed to spread the request among them for parallelism gains. These mechanisms are hard to capture in worst-case analysis, and a trivial (but safe) one can be overly pessimistic. In this talk we discuss the problem via the Network Calculus formalism, and present improvements to this formalism that will allow to capture some of these effects to reduce this pessimism gap.
> Schedules, Lag, Fraenkel, and Tribonacci, all at Once
Invited Speaker: Enrico Bini
Affiliation: University of Turin
Session 2 – 11:00–12:30:
Designing Timing-Correct Systems: Control, Autonomy & Chains
How do we design systems that are correct by construction? From bridging abstraction gaps in control software and AD timing models, to the open challenges of tuning cause-effect chains at design time.
> Closing the Control Abstraction Gap: From Linear Control Models to Fine-Grained Verification of Control Software
Invited Speaker: Martina Maggio
Affiliation: Saarland University
Abstract:
Control systems rely on multiple levels of physical abstraction, ranging from detailed nonlinear descriptions with many forces, to reduced nonlinear models, to linearized models, and finally to simplified linear models used for synthesis. In practice, designers often carry out control synthesis on these simpler linear abstractions and then validate the resulting controllers against richer plant models. The digital side of the system, however, rarely follows the same pattern. Physics models often gain or lose detail across abstraction levels, whereas control software often remains captured only through coarse timing assumptions or high-level failure models. This asymmetry creates a critical gap between the controller, the software that implements it, and the system that ultimately requires verification.
One of the next open problems in cyber-physical systems is to extend multi-granularity modeling to the software and timing behavior of the controller itself. Timing problems emerge at the level of computation, communication, and especially at their interaction, and they can affect closed-loop behavior even when the physical controller appears nominally robust. The key challenge is to move from verifying a linear controller against a simplified fault model to verifying implemented control software across several levels of fidelity, including delays, missed updates, unfinished computations, synchronization errors, and other code-level timing effects. This shift would support not only more realistic verification, but also a principled framework that relates plant-model granularity to software-model granularity, so that control design and certification rest on abstractions that remain both analyzable and faithful to implementation.
> Toward the Right Analytical Model and System Software for Autonomous Driving Systems: Open Problems and Research Directions [Extended PDF Abstract]
Invited Speaker: Atsushi Yano and Takuya Azumi
Affiliation: Saitama University/TIER IV
Abstract:
Autonomous driving (AD) systems continuously transform multi-rate and asynchronous sensor streams into vehicle actuation through graphs of callbacks, nodes, and middleware components. In such systems, temporal correctness cannot be characterized by the execution time or deadline of an individual task alone: localization and perception chains run in parallel, fuse data with different timestamps, converge at planning, and propagate through control to actuation. Moreover, the demand for high processing capability places AD systems on high-performance processors with multicore parallelism and GPU acceleration, where execution times vary strongly with the input scene, hardware state, and co-running work. Rare deadline misses at runtime therefore cannot be ruled out, and safety is preserved through fail-safe mechanisms such as the minimal-risk maneuver (MRM). This raises a two-sided question: what analytical models are needed to reason about timing in AD systems, and what system software is needed to realize, observe, and enforce those models on real platforms? On the analytical side, real-time research has evolved from periodic/sporadic tasks, directed acyclic graphs (DAGs), pipelines, mixed-criticality systems, and timer-/event-driven models toward end-to-end latency along cause-effect chains, data freshness, timing disparity, probabilistic timing, highest-criticality fail-safe operation, and early deadline-miss detection. On the system-software side, AD stacks and middleware, such as Autoware and ROS 2, expose both the opportunities and limitations of implementing analyzable timing behavior through executors, communication layers, tracing tools, and evaluation frameworks. This paper surveys these two lines of work and identifies the remaining gaps along five dimensions: units of timing constraints, timing metrics, resource models, execution-time variability, and safety integration. Rather than proposing a single new model or runtime, we formulate open problems and research directions for converging theory and practice: analytical models must move closer to AD reality, while AD system software must be reshaped into analyzable, enforceable, and safety-aware infrastructure.
> Challenges in the design of cause-effect chains: How to tune the end-to-end latency?
Invited Speaker: Matthias Becker
Affiliation: KTH
Session 3 – 14:00–15:30:
Questioning the State of the Art in Chain Analysis
Two perspectives that challenge prevailing assumptions — one asking whether expected behaviour matters as much as worst-case bounds, the other confronting the field with industrial-scale data and the gaps it exposes between existing analyzers.
> Expected end-to-end latency of cause-effect chains [Extended PDF Abstract]
Speaker: Yde Sinnema
Authors: Yde Sinnema and Martina Maggio
Affiliation: Lund University
Abstract:
The literature on end-to-end latency of cause-effect chains is strongly oriented towards bounding the maximum reaction time and maximum data age. When combining the real-time analysis with the control-theoretical design of cyber-physical systems, only considering the worst case yields suboptimal behaviour under normal operating conditions. We want to promote research at the boundary between control design and real-time systems, and in particular derive probability distributions of end-to-end latency under uncertainty caused by jitter and deadline misses. Such results will enable the design of controllers that optimise the expected performance of cyber-physical systems while guaranteeing worst-case compliance.
> A Tale of Two Challenges RTSOPS Industrial Open Problem
[Extended PDF Abstract] [Zenodo Benchmark] [GitHub Repository]
Speaker: Silviu S. Craciunas
Authors: Silviu S. Craciunas, Matthias Becker, and Paul Pop
Affiliation: TrustMotion / NXP
Zenodo DOI: https://doi.org/10.5281/zenodo.20637979
Abstract:
Cause-effect chains, which are ordered sensor-to-actuator task sequences governed by reaction-delay and data-age constraints, constitute a central class of timing requirements for advanced driver-assistance and automated-driving (ADAS/AD) functions in the automotive domain. The community has nonetheless lacked openly shareable problem instances that reflect industrial reality. This talk presents two open challenges that arise once a representative industrial workload becomes available. The TrustMotion benchmark is derived from a real integrated ADAS controller (102 tasks on a three-CPU, nine-core platform, with 39 ASIL-tagged chains), and is published as an anonymised statistical fingerprint together with a generator that reproduces the same statistical shape at arbitrary scale.
The first challenge is academic and concerns the analysis and synthesis of schedules that respect chain budgets. Seven publicly available analyzers exhibit substantial variation on the released data, with the fraction of chains certified within budget ranging from 81% down to 10%, and the synthesis of enforceable and jointly schedulable job-level dependencies (JLDs) remains an open problem. This in turn raises the question of whether machine-learning approaches can exploit the recurring structural patterns of real-world chains to solve the JLD synthesis problem more efficiently than exhaustive or greedy methods. The second challenge is directed at industry and addresses the release of proprietary workloads as statistical fingerprints rather than as raw intellectual property. The talk concludes with a call to establish a shared, versioned fingerprint suite for the community.