Embedding Timing Analysis Into Your CI for Safety-Critical Software

Catch timing regressions before they reach the safety lab: embed WCET into CI pipelines

Safety-critical systems fail when timing assumptions fail. Teams shipping automotive, aerospace, and industrial firmware worry most about unpredictable execution time, missed deadlines, and hard-to-reproduce regressions that only show up on the test bench. The good news in 2026: you don't need to wait for manual timing runs. By integrating WCET and timing-analysis tools into your CI pipeline you can detect regressions early, enforce timing budgets on pull requests, and keep release artifacts auditable and reproducible.

This article is a hands-on guide to embedding timing analysis (static and measurement-based) using tools such as RocqStat and VectorCAST into CI systems (GitHub Actions, GitLab CI, Jenkins). We cover practical pipeline patterns, scripts, baseline management, gating strategies, and how to handle tool licensing and security for license tokens and hardware-in-the-loop runs.

Why WCET in CI matters now (2026 trends)

Over late 2025 and early 2026 the verification tool market moved decisively toward unified toolchains that combine functional tests, static analysis, and timing verification. Vector Informatik's January 2026 acquisition of StatInf's RocqStat technology is a clear signal: organizations want a single, auditable environment that ties WCET results to the same build and test artifacts used for software verification and certification workflows. This reduces manual handoffs and speeds up developer feedback loops, which is critical as automotive and avionics stacks become increasingly software-defined.

"Timing safety is becoming a critical" — Vector Informatik announcement on the RocqStat acquisition (January 2026)

The practical effect for CI teams: timing analysis is no longer a late-stage, human-only activity. It belongs in your pipelines alongside unit tests, static code analysis, and security scans.

Three integration patterns for timing analysis in CI

Choose a pattern based on iteration speed, required accuracy, and available hardware:

1. Static analysis only — Fast, deterministic, and license-friendly. Use tools like RocqStat's static WCET estimator to analyze compiled code and compute bound estimates. Best for PR checks and early gating.
2. Measurement-based (recommended for final verification) — Use instrumented runs on target hardware or cycle-accurate simulation (QEMU or instruction-set simulator) to collect execution-time traces. Slower but captures dynamic effects not modeled by static analyzers.
3. Hybrid (static + measurements) — Run static WCET for fast PR feedback and schedule periodic measurement runs (nightly or release candidate) to validate and tighten bounds. This is the practical compromise for safety-critical projects.

Prerequisites: what you need before adding timing checks

• Reproducible builds: deterministic compiler flags, pinned toolchain versions, and reproducible link maps.
• Instrumented builds or map files: your timing tool needs either binary + debug info or map/listing files for control-flow reconstruction.
• Baseline WCET artifacts: initial baseline measurement or static estimate stored in JSON/CSV.
• License management: headless license servers or CI-friendly license tokens for commercial tools.
• Storage for artifacts: S3, Git LFS, or artifact registry for storing WCET reports and baselines.

How to structure WCET output and baselines

Use machine-readable output. A single JSON object per build makes automation simple:

{
  "build": "2026-01-17-commit-abc123",
  "target": "armv7m",
  "tool": "rocqstat",
  "module_results": [
    {"name": "sensor_task", "wcet_us": 1200, "confidence": 0.98},
    {"name": "comm_handler", "wcet_us": 900, "confidence": 0.95}
  ],
  "overall_wcet_us": 3560
}

Store this JSON as the canonical baseline. Each CI run produces its own JSON. A small compare script can then decide whether a PR introduces a regression.

Practical CI examples

Below are working examples you can adapt to your environment. The scripts use conservative, generic CLI names — replace with your tool's real CLI (for example, RocqStat's or VectorCAST's headless interface).

GitHub Actions: fast static WCET check on PRs

Use static analysis for fast feedback. The job runs on Linux runners, uses a prebuilt cross-toolchain container (or virtualenv), then runs the timing tool to emit JSON. A comparison script fails the job if the overall WCET increased above threshold.

name: wcet-pr-check

on:
  pull_request:
    paths:
      - 'src/**'

jobs:
  wcet:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up toolchain
        run: |
          sudo apt-get update && sudo apt-get install -y gcc-arm-none-eabi

      - name: Build firmware
        run: |
          make clean && make all

      - name: Run static timing analysis (RocqStat)
        env:
          ROQC_LICENSE: ${{ secrets.ROQC_LICENSE }}
        run: |
          ./tools/rocqstat/rocqstat-cli --input build/firmware.elf --output wcet.json

      - name: Download baseline
        run: |
          curl -sS -o baseline.json https://artifacts.example.com/wcet/baseline.json || echo '{}' > baseline.json

      - name: Compare and gate
        run: |
          ./ci/check-wcet-regression.sh baseline.json wcet.json 0.05

The check-wcet-regression.sh script (example below) exits non-zero when the regression exceeds the relative threshold (5% here).

#!/usr/bin/env bash
set -e
BASE=$1
CURR=$2
THRESHOLD=$3

base_sum=$(jq '.overall_wcet_us' $BASE || echo 0)
curr_sum=$(jq '.overall_wcet_us' $CURR)

if [ "$base_sum" = "0" ]; then
  echo "No baseline found — accepting current measurement as baseline.";
  exit 0
fi

delta=$(echo "scale=6; ($curr_sum - $base_sum) / $base_sum" | bc -l)

comp=$(echo "$delta > $THRESHOLD" | bc -l)
if [ "$comp" -eq 1 ]; then
  echo "WCET regression detected: baseline=$base_sum us current=$curr_sum us delta=$delta"
  exit 1
else
  echo "WCET OK: baseline=$base_sum us current=$curr_sum us delta=$delta"
fi

GitLab CI: hybrid nightly measurement + PR static checks

Use GitLab pipelines to run fast static checks for each MR and a nightly matrix that runs measurements on lab hardware (or a QEMU-based cycle model).

stages:
  - build
  - wcet_static
  - wcet_nightly

build:
  stage: build
  script:
    - make all
  artifacts:
    paths:
      - build/firmware.elf

wcet_static:
  stage: wcet_static
  script:
    - ./tools/rocqstat/rocqstat-cli --input build/firmware.elf --output wcet.json
    - ./ci/check-wcet-regression.sh baseline.json wcet.json 0.05
  only:
    - merge_requests

wcet_nightly:
  stage: wcet_nightly
  script:
    - ./ci/run-hil-measurement.sh build/firmware.elf --output measurement.json
    - ./tools/rocqstat/rocqstat-cli --input measurement.json --model hybrid --output wcet_from_measurement.json
  only:
    - schedules

Jenkins pipeline: integrate VectorCAST / RocqStat runs and archive results

Jenkins is common in regulated organizations. The declarative pipeline below runs analysis in a container, archives the JSON artifacts, and updates a baseline stored in S3 on merge to main.

pipeline {
  agent any
  environment {
    S3_BUCKET = 's3://wcet-baselines'
    ROQC_LICENSE = credentials('roqc-license')
  }
  stages {
    stage('Checkout') { steps { checkout scm } }
    stage('Build') { steps { sh 'make clean && make all' } }
    stage('Static WCET') {
      steps {
        sh './tools/rocqstat/rocqstat-cli --input build/firmware.elf --output wcet.json'
        archiveArtifacts artifacts: 'wcet.json', fingerprint: true
        sh './ci/check-wcet-regression.sh baseline.json wcet.json 0.05'
      }
    }
    stage('Publish Baseline (on main)') {
      when { branch 'main' }
      steps {
        sh 'aws s3 cp wcet.json $S3_BUCKET/baseline.json'
      }
    }
  }
}

Dealing with nondeterminism and platform effects

Timing is sensitive to caches, pipelines, interrupts, and compiler optimizations. Here are practical mitigations:

• Pin toolchain and compiler flags — Use precise compiler versions and flags; document and store them with the artifact.
• Model hardware effects — Static WCET tools allow models for cache and pipeline; keep models versioned in your repo.
• Control runtime environment — Disable interrupts, DVFS, and power-saving features during measurement runs where possible.
• Warm caches — For measurement-based tests, perform warmup runs and collect steady-state distributions, not single-shot values.
• Use instruction-accurate simulation — When hardware access is limited, a QEMU variant or vendor simulator can provide repeatable traces for pre-release validation.

Managing baselines and acceptable drift

Baselines are policy objects, not static artifacts. Follow these practical rules:

• Baseline per release train — Have a baseline for development, release-candidate, and production branches.
• Allow controlled drift — Define a small percentage threshold and a review workflow for increases beyond it. For example: minor drift (<2%) triggers a review; medium (2–10%) blocks merge until justification; large (>10%) fails CI and requires root-cause analysis.
• Tag baseline changes — When you intentionally change algorithms or scheduling assumptions that increase WCET, update the baseline with a signed commit and attach a justification document for audit trails.
• Automate trend tracking — Send overall_wcet_us each CI run to a time-series store (InfluxDB/Prometheus + Grafana) to visualize gradual regressions that single-run checks might miss.

Gate strategies: fast feedback vs. strict safety gates

Combine fast and strict gates to balance developer productivity and safety.

• Fast PR gate: static WCET analysis, light thresholds (e.g., 5%) to prevent obvious regressions and give devs quick feedback.
• Nightly verification: longer measurement runs, hybrid analysis, and statistical distributions to validate cumulative changes.
• Release gate: full measurement on certified hardware, updated baselines, and a signed artifact for traceability required for certification (ISO 26262, DO-178C workflows).

Reporting and developer feedback

The value of CI-integrated timing checks is in usable feedback. A wall of raw numbers is not enough. Automate friendly outputs:

• Fail with context — On PR failures post a comment with the top 3 functions that increased and links to the diff and artifact.
• Annotate files — Use the GitHub Checks API or GitLab code suggestions to link the offending lines to analysis results.
• Badge and dashboards — Add a timing-health badge for the main branch and a Grafana dashboard showing historical WCET trends for each module.

Licensing and enterprise considerations

Commercial tools often require license tokens or host-based locks. For CI:

• Use headless license servers — Many vendors provide license servers for CI farms; treat license tokens as secrets and rotate regularly.
• Containerize licensed tools — Build a trusted container image that contains the vendor client and required models; sign and store it in a private registry.
• Auditing: keep run logs, tool version, and license usage metadata attached to the WCET JSON for certification artifacts.

Case study: small automotive ECU team

A 12-person ECU team integrated static WCET checks into PRs and configured nightly HIL measurement runs. Implementation details:

• Static checks run on each PR using RocqStat headless, producing JSON reports stored in S3.
• Nightly jobs exercise the ECU over CAN and collect real traces; an automated script feeds traces into RocqStat to compute a measurement-informed WCET.
• PRs that increased the overall WCET by >3% triggered an automatic request for a performance review; main branch merges updated the production baseline and recorded a signed rationale in the release documents.

Result: the team reduced late-stage timing defects by 78% and shortened release cycles by two weeks because scheduling surprises were caught during development rather than during system integration.

Advanced strategies

1) Differential WCET per feature branch

Run your PRs against a branch-specific baseline (the target branch's head) to measure the delta introduced only by the PR. This avoids noise from unrelated concurrent changes.

2) Per-path WCET and symbolic regression checks

Some tools support path-sensitive WCET reports. Instead of a single number, track the top N worst-case paths. If a PR introduces a new worst-case path, require a manual root-cause analysis.

3) Correlate performance regressions with code churn

Add simple attribution: map functions in the WCET report to the Git diff. This surfaces candidate files quickly and saves investigation time.

Common pitfalls and how to avoid them

• Pitfall: Using measurement only for PR checks — measurements are flaky and slow. Fix: combine with static checks for immediate gating.
• Pitfall: No baseline versioning — you lose auditability. Fix: store baselines as versioned artifacts and tie them to commits/releases.
• Pitfall: Ignoring tool and model versions — WCET is model-dependent. Fix: include tool version, model revision, and build metadata in every WCET report.

Actionable checklist to get started this sprint

1. Pick a fast static WCET tool (RocqStat or equivalent) and verify it can run headless in CI.
2. Make your build reproducible and create an initial baseline WCET JSON from current release artifacts.
3. Implement a PR job that runs static analysis and uses a small script to compare with baseline (fail on >5% drift).
4. Set up nightly measurement runs against either HIL or instruction-accurate simulators and reconcile measurement outcomes with static estimates.
5. Store all WCET outputs as signed artifacts and add a Grafana dashboard for long-term trends.

Conclusion and next steps

Embedding WCET and timing analysis into CI transforms timing verification from a late-stage bottleneck into an automated, auditable part of your developer workflow. With the growing tool consolidation in 2026 — exemplified by Vector's acquisition of RocqStat — expect tighter integrations between functional tests and timing analysis. Adopt a hybrid approach: fast static checks on PRs, measurement-backed nightly/RC validation, and strict release gates with signed baselines.

Start small (static checks + baseline JSON) and iterate toward full measurement-backed pipelines. When done well, timing-aware CI reduces surprise regressions, accelerates release cycles, and produces the traceable artifacts required for safety certification.

Key takeaways

• Integrate early: static WCET in PRs prevents most regressions.
• Hybrid is pragmatic: combine static and measurement-based runs for accuracy and speed.
• Automate baselines and audits: versioned JSON artifacts make audits and certification easier.
• Use gates wisely: fast PR gates + nightly validation + strict release gates.

Ready to reduce timing surprises in your embedded CI? Try adding a static WCET step to a single PR pipeline this week, store the JSON baseline, and iterate. If you're evaluating tooling, the 2026 consolidation (RocqStat into VectorCAST) means vendor roadmaps favor unified verification and timing analysis — make sure your CI will accept headless runs and produce machine-readable outputs for automation.

For help designing a WCET CI pattern tailored to your stack (toolchain, hardware, and certification needs), contact your verification tool vendor or a DevOps team experienced in embedded pipelines. If you want a practical starter template for GitHub Actions or Jenkins adapted to your firmware, we can provide example repos and scripts to accelerate your integration.

Call to action

Embed timing safety into your CI today: add a static WCET check to one PR, store the output as a baseline artifact, and configure a nightly measurement job within 30 days. Need a jump start? Download our CI starter templates and scripts for GitHub Actions, GitLab CI, and Jenkins — tailored for RocqStat/VectorCAST workflows — and reduce timing regressions on your next release.

Related Reading

• CI/CD for Generative Models: patterns you can adapt for firmware CI
• Monitoring and Observability for Caches: tools and metrics
• Portable Edge Kits: field gear and HIL alternatives
• Modern Home Cloud Studio: running repeatable simulations at home
• Donor Dollars and Tax Relief: How to Give Effectively and Efficiently—Lessons from the Guardian’s Hope Appeal
• Pop-Ups & Partnerships: How to Pitch Your Abaya Capsule to Department Stores
• Music Release Mini-Series Template: From Teasers to Tour Announcements
• Designing High‑ROI Microstays: A 2026 Field Guide for Small‑Group Tour Operators
• From Test Pot to Global Shelf: Sustainability Lessons for Small-Batch Beverage Makers