Specifying subtypes in SCJ programs

Modular reasoning about programs that use subtypes requires that an overriding method in a subtype obeys the specifications of all methods that it overrides. For example, if method m is specified in a supertype T to take at most 42 nanoseconds to execute, then m cannot take more than 42 nanoseconds to execute in any subtype of T. Subtyping is an important aid to maintenance of programs, since it allows one to write polymorphic code (reducing code size and increasing reuse), and allows for convenient extension and enhancement of programs, all of which could be very useful in real-time programming. In this paper we show how to specify timing constraints for subtypes in a way that: permits modular reasoning about timing constraints, supports subtype polymorphism and object-oriented design patterns, and still permits precise reasoning about execution times. This technique supports object-oriented coding and design patterns based on subtype polymorphism, with all their maintenance advantages, to be used in real-time software. © 2011 ACM

Memory Management for Safety-Critical Java

Safety-Critical Java (SCJ) is based on the Real-Time Specification for Java. To simplify the certification of Java programs, SCJ supports only a restricted scoped memory model. Individual threads share only immortal memory and the newly introduced mission memory. All other scoped memories are thread private. Furthermore, the notation of a maximum backing store requirement enables implementation of the scoped memories without fragmentation issues. In this paper we explore the implications of this new scoped memory model and possible simplifications in the implementation. It is possible to unify the three memory area types and provide a single class to represent all three memory areas of SCJ. The knowledge of the maximum storage requirements allows using nested backing stores in the implementation of the memory area representation. The proposed design of an SCJ compliant scope implementation is evaluated on an embedded Java processor

Safety-Critical Java on a Java Processor

The safety-critical Java (SCJ) specification is developed within the Java Community Process under specification request number JSR 302. The specification is available as public draft, but details are still discussed by the expert group. In this stage of the specification we need prototype implementations of SCJ and first test applications that are written with SCJ, even when the specification is not finalized. The feedback from those prototype implementations is needed for final decisions. To help the SCJ expert group, a prototype implementation of SCJ on top of the Java optimized processor is developed and presented in this paper. This implementation raises issues in the SCJ specification and provides feedback to the expert group

Specification And Runtime Checking Of Timing Constraints In Safety Critical Java

The Java platform is becoming a vital tool for developing real-time and safety-critical systems. Design patterns and the availability of Java libraries, both provide solutions to many known problems. Furthermore, the object-oriented nature of Java simplifies modular development of real-time systems. However, limitations of Java as a programming language for real-time systems are a notable obstacle to producing safe real-time systems. These limitations are found in the unpredictable execution model of the language, due to Java’s garbage collector, and the lack of support for non-functional specification and verification tools. In this dissertation I introduce SafeJML, a specification language for support of functional and non-functional specifications, based on an implementation of a safety-critical Java platform and the Java Modeling Language (JML). This dissertation concentrates on techniques that enable specification and dynamic checking of timing constraints for some important Java features, including methods and subtyping. SafeJML and these dynamic checking techniques allow modular specification and checking of safety-critical systems, including those that use object-orientation and design patterns. Such coding techniques could have maintenance benefits for real-time and safety-critical softwar

A switchable approach to large object allocation in real-time Java

Over the last 20 years object-oriented programming languages and managed run-times like Java have been very popular because of their software engineering benefits. Despite their popularity in many application areas, they have not been considered suitable for real-time programming. Besides many other factors, one of the barriers that prevent their acceptance in the development of real-time systems is the long pause times that may arise during large object allocation. This paper examines different kinds of solutions that have been developed so far and introduces a switchable approach to large object allocation in real-time Java. A synthetic benchmark application that is developed to evaluate the effectiveness of the presented technique against other currently implemented techniques is also described

Safety-critical Java for embedded systems

This paper presents the motivation for and outcomes of an engineering research project on certifiable Java for embedded systems. The project supports the upcoming standard for safety-critical Java, which defines a subset of Java and libraries aiming for development of high criticality systems. The outcome of this project include prototype safety-critical Java implementations, a time-predictable Java processor, analysis tools for memory safety, and example applications to explore the usability of safety-critical Java for this application area. The text summarizes developments and key contributions and concludes with the lessons learned

Affine Data-Flow Graphs for the Synthesis of Hard Real-Time Applications

International audienceData-flow models ease the task of constructing feasible schedules of computations and communications of high-assurance embedded applications. One key and open issue is how to schedule data-flow graphs so as to minimize the buffering of data and reduce end-to-end latency. Most of the proposed techniques in that respect are based on either static or data-driven scheduling. This paper looks at the problem in a different way by considering priority-driven preemptive scheduling theory of periodic tasks to execute a data-flow program. Our approach to the problem can be detailed as follows. (1) We propose a model of computation in which the activation clocks of actors are related by affine functions. The affine relations describe the symbolic scheduling constraints of the data-flow graph. (2) Based on this framework, we present an algorithm that computes affine schedules in a way that minimizes buffering requirements and, in addition, guarantees the absence of overflow and underflow exceptions over communication channels. (3) Depending on the chosen scheduling policy (earliest-deadline first or rate-monotonic), we concretize the symbolic schedule by defining the period and the phase of each actor. This concretization guarantees schedulability and maximizes the processor utilization factor