Detecting Architectural Drift in Safety-Critical Firmware through Runtime Trace Analysis

📅 2026-07-03
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the challenge of detecting architectural drift—discrepancies between design-time architecture and runtime behavior—in long-lived embedded firmware. The authors propose a practical, hardware-assisted detection approach that captures runtime execution traces, abstracts them into inter-component message interaction sequences, and performs deterministic comparison against design-phase UML sequence diagrams to precisely identify confirmed, missing, extraneous, or inverted behavioral deviations. To facilitate expert review, the method further leverages a constrained large language model to generate human-readable explanatory reports. Integrating runtime trace analysis, deterministic architectural conformance checking, and constraint-guided LLM-based explanation generation for the first time, the approach demonstrates high agreement with expert annotations across 26 industrial cases, substantially reducing manual analysis effort while effectively supporting ISO 26262 safety documentation requirements.
📝 Abstract
Maintaining consistency between architectural design and runtime-observed behavior is challenging in long-lived safety-critical firmware. This paper presents a runtime-informed methodology for detecting architectural drift in ISO 26262-compliant firmware. The approach collects hardware-assisted execution traces, abstracts them into message exchanges among firmware components, and compares the resulting runtime behavior with design-time sequence diagrams through a deterministic differencing step. The computed delta identifies discrepancies as confirmed, missing, additional, or inverted, while a constrained LLM-based step generates a human-readable report only to support expert review. We evaluate the methodology in an industrial firmware context through agreement-based validation and a practitioner survey. Results over 26 test cases show strong agreement between the generated deltas and expert-curated references, while practitioners perceive the reports as useful for interpreting drift, reducing manual analysis effort, and supporting safety-oriented documentation activities. The findings suggest that combining runtime trace analysis, deterministic architectural differencing, and constrained LLM-based reporting can practically support architectural drift detection in evolving safety-critical firmware.
Problem

Research questions and friction points this paper is trying to address.

architectural drift
safety-critical firmware
runtime trace analysis
ISO 26262
design-behavior consistency
Innovation

Methods, ideas, or system contributions that make the work stand out.

architectural drift
runtime trace analysis
deterministic differencing
constrained LLM
safety-critical firmware
🔎 Similar Papers
No similar papers found.