Integrating WCET Analysis into CI: Using RocqStat and VectorCAST for Automotive Safety Workflows

Hook: Your CI misses the thing that can break a car — timing

Automotive development teams already run unit tests, MC/DC, static code analysis and hardware-in-the-loop. Yet in continuous integration (CI) pipelines, the most critical property for many ECUs — deterministic timing — is often treated as an offline, late-stage activity. That gap causes late discoveries of worst-case execution time (WCET) regressions, rework, and certification risk. In 2026, after Vector Informatik's acquisition of StatInf's RocqStat, integrating WCET into CI is both feasible and essential for safety-grade embedded software.

Executive summary — what you'll learn now

• Why integrating RocqStat WCET analysis into CI with VectorCAST accelerates safety verification and reduces risk
• Reference CI patterns (Docker, GitHub Actions, GitLab CI, Jenkins, Kubernetes) with runnable snippets
• Practical recipes to fail builds on WCET regressions, capture artifacts, and keep baselines for ISO 26262 evidence
• Advanced strategies: cross-checking runtime traces, using coverage-driven WCET refinement, and scaling on Kubernetes

Why add WCET analysis to CI now (2026 context)

Late 2025 and early 2026 saw accelerating demand for deterministic software verification as vehicles become software-defined and time-sensitive functions proliferate (ADAS, domain controllers, e‑motor control). Vector's acquisition of RocqStat (announced Jan 2026) signals vendor consolidation of timing analysis and code testing to meet that demand. Integrating WCET into CI is no longer a nice-to-have — it is a practical way to:

• Catch timing regressions early, not at certification time
• Provide traceable artifacts (WCET reports, analyses) for ISO 26262 evidence
• Accelerate iterations by automating the heavy lifting of static timing analysis

High-level integration pattern

Use the following pattern when adding RocqStat into VectorCAST-driven CI:

1. Build instrumented or release binary (same compiler flags used for WCET analysis)
2. Run VectorCAST tests to exercise unit/integration cases and produce coverage artifacts
3. Invoke RocqStat static WCET analysis (CLI) using the project binary, platform timing model, and constraints
4. Collect RocqStat results (XML/JSON), attach to CI build, and compare against baseline WCET thresholds
5. Fail the build or create a review ticket when results exceed thresholds or regress

Key components

• VectorCAST — test runner, coverage data, test harness automation
• RocqStat — static timing/WCET estimator (CLI mode for CI)
• CI system (GitHub Actions, GitLab CI, Jenkins, etc.) orchestrating jobs and artifact storage
• Artifact storage (S3, Artifactory) for baselines and WCET reports

Prerequisites and licensing

Before implementing, ensure:

• RocqStat and VectorCAST licenses are available for CI (floating license server or node-locked CI license)
• Target platform timing model and instruction-level execution times are available (hardware vendor models or custom microarchitectural models)
• Project build produces deterministic, reproducible binaries (same compiler version, flags, link order)
• VectorCAST project and test suites are set up and runnable in headless/CLI mode

Hands-on: Minimal reproducible CI demo (local & cloud)

The example below shows a small, practical pipeline: compile, run VectorCAST tests, run RocqStat, parse results, and gate the build on WCET thresholds. Replace placeholders with your environment values.

1) Dockerfile: containerized analysis runner

Use a Docker image so CI runners are reproducible. In production use a secured, curated image from your registry. This example assumes you can install VectorCAST and RocqStat CLI binaries into /opt.

FROM ubuntu:22.04

# Install basic tools
RUN apt-get update && apt-get install -y build-essential git ca-certificates curl python3 python3-pip openjdk-11-jre-headless && rm -rf /var/lib/apt/lists/*

# Copy VectorCAST and RocqStat installers (or use company internal packages)
# Note: VectorCAST and RocqStat are commercial; licensing required.
COPY installers/vectorcast-cli /opt/vectorcast
COPY installers/rocqstat /opt/rocqstat

ENV PATH="/opt/vectorcast/bin:/opt/rocqstat/bin:${PATH}"

WORKDIR /workspace

ENTRYPOINT ["/bin/bash"]

2) Build and test script (run in container)

# run-ci.sh — executed by the CI job
set -euo pipefail

# Variables (override from CI env)
PROJECT_DIR=${PROJECT_DIR:-/workspace/project}
VECTORCAST_PROJECT=${VECTORCAST_PROJECT:-my_vcast_project}
ROCQ_PROJECT=${ROCQ_PROJECT:-my_rocq_project}
LICENSE_SERVER=${LICENSE_SERVER:-license.example.com}
BASELINE_WCET_MS=${BASELINE_WCET_MS:-10.0}

# 1) Build artifacts (use same flags as release)
cd "$PROJECT_DIR"
make clean && make -j$(nproc)

# 2) Run VectorCAST headless tests
# Example: vectorcastcli --run --project PATH
vectorcastcli --project "$VECTORCAST_PROJECT" --run

# 3) Export coverage/cfg used by RocqStat (VectorCAST can export CFG/objects) — pseudo-command
vectorcastcli --project "$VECTORCAST_PROJECT" --export-cfg ./vcast_cfg

# 4) Run RocqStat with the target platform model
rocqstat-cli analyze --project "$ROCQ_PROJECT" \
  --binary ./build/target.elf \
  --cfg ./vcast_cfg --platform-model ./models/cpu_model.json \
  --output ./rocq_report.json

# 5) Parse result and gate the build
WCET_MS=$(jq -r '.results.max_wcet_ms' ./rocq_report.json)
printf "WCET result: %s ms\n" "$WCET_MS"

# Fail on regression
python3 - < threshold:
    print(f'ERROR: WCET {wcet}ms exceeds baseline {threshold}ms')
    sys.exit(2)
print('WCET within baseline')
PY

# 6) Upload artifact (optional)
# aws s3 cp ./rocq_report.json s3://my-ci-artifacts/${CI_JOB_ID}/

CI examples

GitHub Actions (simplified)

name: WCET-CI

on: [push, pull_request]

jobs:
  analyze:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/yourorg/rocq-vectorcast:latest
    steps:
      - uses: actions/checkout@v4
      - name: Run WCET CI
        env:
          BASELINE_WCET_MS: 10.0
          LICENSE_SERVER: license.example.com
        run: |
          chmod +x ./ci/run-ci.sh
          ./ci/run-ci.sh

GitLab CI

stages:
  - build
  - test
  - wcet

wcet_analysis:
  stage: wcet
  image: registry.example.com/rocq-vectorcast:latest
  script:
    - ./ci/run-ci.sh
  artifacts:
    paths:
      - rocq_report.json
    when: always

Jenkins (Declarative pipeline snippet)

pipeline {
  agent {
    docker {
      image 'registry.example.com/rocq-vectorcast:latest'
    }
  }
  stages {
    stage('Build & Test') {
      steps {
        sh './ci/run-ci.sh'
      }
    }
  }
}

Running analysis at scale on Kubernetes

For large repositories, schedule RocqStat jobs as ephemeral Kubernetes Batch jobs. Use a Job or a Tekton pipeline task to run analyses in parallel for different components or platform models. Store artifacts in a central S3 bucket and use an object lifecycle to retain certification artifacts. If you need guidance on edge-oriented architectures and reducing tail latency in distributed runners, that reference is useful for designing the orchestration layer.

Kubernetes Job manifest (example)

apiVersion: batch/v1
kind: Job
metadata:
  name: wcet-analyze-$(JOB_ID)
spec:
  template:
    spec:
      containers:
      - name: rocq-runner
        image: registry.example.com/rocq-vectorcast:latest
        env:
        - name: LICENSE_SERVER
          value: license.example.com
        command: ["/bin/bash","-c","/workspace/ci/run-ci.sh"]
        volumeMounts:
        - name: workspace
          mountPath: /workspace
      restartPolicy: Never
      volumes:
      - name: workspace
        persistentVolumeClaim:
          claimName: project-workspace-pvc
  backoffLimit: 2

Practical tips — making analysis deterministic and fast

• Align build flags: Compiler optimizations and link order affect control flow; ensure CI uses the same exact flags as the artifact you plan to certify.
• Use precise platform models: Accurate instruction timing and cache models reduce over-approximation; collaborate with hardware vendors for models.
• Limit scope with slicing: Run focused WCET analysis on time-critical tasks rather than whole firmware to save runtime.
• Cache results: Use result diffs — only re-analyze affected modules on small changes. Tools for offline-first artifacts and caching are covered in our Tool Roundup.
• Combine static and dynamic: Use VectorCAST coverage to identify feasible paths, then let RocqStat refine WCET on exercised CFG regions.

Gating rules and baselining strategies

Automotive teams should avoid brittle numeric gating while remaining strict about regressions.

• Primary gate: Fail CI when WCET increases by > X% or > Y ms compared to the certified baseline.
• Secondary review: Smaller increases trigger a manual review with annotated RocqStat reports and VectorCAST test traces.
• Immutable baselines: Keep a certified baseline snapshot with the build that passed system integration; changes to the baseline must follow change control with justification and re-certification planning. For ideas on tag and baseline architecture, review Evolving Tag Architectures in 2026.

Interpreting RocqStat results with VectorCAST outputs

RocqStat will produce tight static WCET bounds if given accurate CFG and platform models. VectorCAST contributes by:

• Providing coverage data to filter infeasible paths
• Supplying unit test inputs that create concrete execution traces for comparison
• Exporting CFG artifacts used as hints to the static WCET engine

Cross-compare static WCET with measured worst-case times (HIL or instrumented runs). Large gaps suggest modeling errors or untested paths.

Troubleshooting common issues

Large over-approximation

Cause: conservative cache/model assumptions. Fix: refine platform model, add loop bounds and annotations, use more precise microarchitecture description.

Long analysis time

Cause: whole-firmware analysis or too many contexts. Fix: slice the analysis to critical tasks, run incremental analysis, or use cloud spot instances for batch runs.

Non-reproducible results

Cause: non-deterministic build or mismatched flags. Fix: pin compiler/toolchain versions, store toolchain in container images, and make builds hermetic. For containerization best practices and reproducible runners, consult micro-app templates like Micro-App Template Pack.

Safety and compliance (ISO 26262, SOTIF) — practical evidence in CI

Embedding RocqStat runs in CI improves the traceability of timing evidence. Recommended practice:

• Store RocqStat output (XML/JSON), VectorCAST test logs, and build metadata in your evidence repository. For offline-first documentation and evidence packaging tools, see Tool Roundup: Offline-First Document Backup.
• Use automated change control: any approved baseline change requires a ticket with analysis and decision trace.
• Automate packaging of artifacts into the safety case builder or evidence management tool to accelerate audits. If you have sovereign-cloud constraints for artifact residency, review AWS European Sovereign Cloud patterns at AWS European Sovereign Cloud: Technical Controls.

Advanced strategies used by production teams

• Coverage-guided timing: Use VectorCAST's coverage results to guide RocqStat to prioritize hot paths and exclude infeasible branches.
• Stage-based analysis: Quick checks on PRs (fast, coarse WCET) and full-blown analysis on main branch merges (precise, longer run).
• Delta analysis: Only analyze modules changed in a PR and combine with cross-module sanity checks. Tagging strategies from Evolving Tag Architectures help manage diffs and baselines.
• Parallel model testing: Run multiple platform models in parallel (different CPU variants) using Kubernetes to maintain multi-target safety evidence.

Case snapshot: braking ECU CI improvement (hypothetical operational example)

Problem: A braking ECU team discovered a timing regression during vehicle-level testing that delayed release by 6 weeks. After integrating RocqStat into CI with VectorCAST:

• They caught regressions during PR validation (average detection time: 1 hour after build)
• Reduced vehicle-level rework by 80%
• Maintained an immutable baseline for certification artifacts; the auditors reported improved traceability

2026 trends and what to expect next

By 2026, the market is moving toward unified toolchains that pair static timing engines with test automation. Vector's acquisition of RocqStat shows vendors aligning test coverage, static timing, and safety evidence generation. Expect:

• Deeper IDE and CI integrations that hide model complexity from developers
• More standardized platform timing models (industry consortia) to reduce model drift
• Tool-level support for mixed-criticality verification across software-defined vehicles

Actionable checklist to implement this week

1. Request CI-accessible RocqStat and VectorCAST licenses (floating or CI node).
2. Containerize a reproducible runner image with the exact toolchain and commit it to your registry. For guidance on reproducible container runners and CI patterns, see Micro-App Template Pack.
3. Create a lightweight PR-level job that runs a quick RocqStat check (sliced) and fails on significant regressions.
4. Store full RocqStat outputs and VectorCAST logs as artifacts for all main-branch merges.
5. Define governance for baseline updates and integrate that into your change-control workflow. Tagging and baseline control patterns are discussed in Evolving Tag Architectures.

Troubleshooting FAQ — quick answers

• Q: Is static WCET guaranteed to be tight? A: Not always — quality depends on platform model and annotations.
• Q: Should I measure WCET? A: Yes — use measurement (HIL) to validate and calibrate models; use both in your safety case.
• Q: Will adding RocqStat slow CI? A: It can; mitigate with staged runs, slicing, and caching. For orchestration at scale consider edge and distributed orchestration patterns like edge-oriented oracle architectures.

Final recommendations

Integrating RocqStat into VectorCAST-driven CI is a high-impact, low-friction way to move timing verification left in the development lifecycle. By automating static timing checks, linking them to VectorCAST test coverage, and gating merges on well-defined thresholds, teams reduce late-stage surprises and strengthen certification evidence.

"Move WCET analysis out of the lab and into CI: deterministic timing is best caught early and continuously." — Practical guidance for automotive teams in 2026

Call to action

Ready to add deterministic timing to your CI pipeline? Start with a proof-of-concept: containerize VectorCAST + RocqStat, add a PR-level sliced analysis, and track results for 30 days. If you want a reference implementation, migrate-ready Docker images, or an enterprise-grade Kubernetes pipeline blueprint, contact our engineering team at opensoftware.cloud to get a tailored workshop and production-ready templates. For secure device onboarding guidance and edge-aware patterns, see Secure Remote Onboarding for Field Devices. If you have constraints around artifact residency and controls, review AWS European Sovereign Cloud: Technical Controls.

Related Reading

• Secure Remote Onboarding for Field Devices in 2026: An Edge-Aware Playbook
• AWS European Sovereign Cloud: Technical Controls & Isolation Patterns
• Edge-Oriented Oracle Architectures: Reducing Tail Latency
• Tool Roundup: Offline-First Document Backup and Diagram Tools for Distributed Teams
• Announcement Timing: When to Send Sale Invites During a Big Tech Discount Window
• Care Guide: How to Keep Leather MagSafe Wallets and Phone Cases Looking New
• Accessible Emergency Shelters: How Expanded ABLE Accounts Can Help People with Disabilities Prepare for Storms
• Microbundles and Sustainable Shipping: The Evolution of OTC Fulfillment for Online Pharmacies in 2026
• From Festival Buzz to Creator Content: Timing Your Reaction Videos Around Film Markets