Real Time Java
A new, and for my opinion hot, topic. To get a University like start let's discuss on a very restricitve real-time Java system:
Safety Critical Java
[edit | edit source]Safety critical java is a Java specification request (JSR 302). The idea is to extend the usage of Java even for safety critical applications. that means the application AND the runtime system have to be certified. To achive this at the runtime system (JVM + library) a very simple and restrictive API should be used.
Overview
[edit | edit source]- Periodic tasks and sporadic hardware/software events
- No priorities, just time (period and deadline)
- Three application phases:
- Startup (Initialization)
- Mission
- Shutdown
- No garbage collection (should be discussed)
- Single scoped memory per thread (another discussion point)
- Simple API, simple implementation
- Not derived from the RTSJ
- Implementable on top of the RTSJ
Criticism
[edit | edit source]Nokia voted Yes on the proposal but added the following comments: "Regarding JCP practices and relation to Java ME, it isn't clear if this JSR is proposing a new Java ME Configuration or Profile or is some kind of other specification to be used for possible future Configurations or Profiles. Section 2.6 states that this JSR will not assume the presence of a garbage collector, implying that it is a more limited environment than CLDC, the currently smallest Java ME Configuration."
Intel voted No on the proposal and added the following comments: "While we support the idea of a Java specification for safety critical systems, we believe that it is generally necessary for JSR to be clear about the kind of specification that will be generated, that is, a library, a configuration, or a profile. Therefore, we do not support approving this JSR in its current state. We would like to see this JSR clarified in this regard and resubmitted."
Proposed API for Safety Critical Real-time Java
[edit | edit source]The following API is inspired by the Ravenscar profile for ADA and the derived work on Java (see 'missing references to R-ADA, Puschner/Wellings, RJ').
As a like it simple (personal opinion Schoeberl 22:20, 30 November 2006 (UTC)) here are the two classes that make up the API:
RtEvent
[edit | edit source]We use a single class to express all schedulable entities (periodic time-triggered, software event-triggered, and hardware event-triggered). Your real-time application has to extend this class.
package safetycritical; public abstract class RtEvent { /** * A periodic real-time event, equivalent to a periodic thread * @param period * @param deadline * @param offset */ public RtEvent(int period, int deadline, int offset) { } public RtEvent(int period, int deadline) { this(period, deadline, 0); } public RtEvent(int period) { this(period, period, 0); } /** * A sporadic event with a minimum interarrival time * @param event * @param minInterval * @param deadline */ public RtEvent(String event, int minInterval, int deadline) { } public RtEvent(String event, int minInterval) { this(event, minInterval, 0); } /** * The logic for the event. run() gets invoked from the * scheduler either periodic, or on a hardware event or * on a software event (fire): * @return true if ready for termination */ abstract protected boolean run(); /** * Gets invoked in the shutdown phase at the same period as * run (instead of run()). Invoked until return true. * @return true if shutdown is finished. */ protected boolean cleanup() { return true; } }
RtSystem
[edit | edit source]This static class represents the real-time systems (similar to java.lang.System). Static methods provide the change between the different phases of the application.
package safetycritical; public class RtSystem { private RtSystem() { // no RtSystem object } /** * Starts the real-time system (the mission). * All periodic and sporadic RT-events are scheduled. * */ public static void start() { } /** * Stop the real-time system (mission). When the event run() method returns * true the cleanup() methods are invoked until returning true * for a clean shutdown. * */ public static void stop() { } /** * Schedule a software event. * @param event */ public static void fire(String event) { } /** * Schedule a software event. * TODO: decide on which version is better: String or RtEvent * @param re */ public static void fire(RtEvent re) { } /** * Return the elapsed time from system startup in micro seconds. * Wraps around all 4295 seconds. * * @return */ public static int currentTimeMicro() { } }
Examples
[edit | edit source]A few short examples how to use the proposed API:
package safetycritical.examples; import safetycritical.RtEvent; import safetycritical.RtSystem; public class TwoPeriodic { /** * @param args */ public static void main(String[] args) { new RtEvent(1000000) { protected boolean run() { System.out.println("P1"); return true; } }; new MyEvent(); RtSystem.start(); } } class MyEvent extends RtEvent { int counter; public MyEvent() { super(2000000); counter = 0; } protected boolean run() { System.out.println("P2"); ++counter; if (counter==5) { RtSystem.stop(); } return true; } protected boolean cleanup() { System.out.println("cleanup invoked!"); return true; } }
package safetycritical.examples; import safetycritical.RtEvent; import safetycritical.RtSystem; public class PeriodicSporadic { /** * @param args */ public static void main(String[] args) { new RtEvent("SWEVENT", 1000000) { protected boolean run() { System.out.println("SW event fired"); return true; } }; new MyPeriodic(); RtSystem.start(); } } class MyPeriodic extends RtEvent { int counter; public MyPeriodic() { super(1000000); counter = 0; } protected boolean run() { System.out.println("P2"); ++counter; if (counter%2==1) { RtSystem.fire("SWEVENT"); } if (counter==10) { RtSystem.stop(); } return true; } protected boolean cleanup() { System.out.println("cleanup invoked!"); return true; } }
Implementation
[edit | edit source]A prototype of the API is implemented on JOP. You can play around, without any real-time guarantees, with this API on the simulation of JOP (JopSim).
TODO
[edit | edit source]Discuss following issues:
- Scoped memory
- Critical sections (PCP or even interrupt disabling)
- Shutdown needs probably a two-phase commit
References
[edit | edit source]- G. Bollella, J. Gosling, B. Brosgol, P. Dibble, S. Furr, and M. Turnbull. The Real-Time Specification for Java. Java Series. Addison-Wesley, June 2000.
- A. J. Wellings. Concurrent and real-time programming in Java. John Wiley and Sons, pub-WILEY:adr, 2004.
- A. Burns, B. Dobbing, and G. Romanski. The ravenscar tasking profile for high integrity real-time programs. In Proceedings of the 1998 Ada-Europe International Conference on Reliable Software Technologies, pages 263–275. Springer-Verlag, 1998.
- P. Puschner and A. J. Wellings. A profile for high integrity real-time Java programs. In 4th IEEE International Symposium on Object-oriented Real-time distributed Computing (ISORC), 2001.
- J. Kwon, A. Wellings, and S. King. Ravenscar-Java: A high integrity profile for real-time Java. In Proceedings of the 2002 joint ACM-ISCOPE conference on Java Grande, pages 131–140. ACM Press, 2002.
- C. L. Liu and J.W. Layland. Scheduling algorithms for multiprogramming in a hard-real-time environment. J. ACM, 20(1):46–61, 1973.
- M. Schoeberl. Restrictions of Java for embedded real-time systems. In Proceedings of the 7th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC 2004), pages 93–100, Vienna, Austria, May 2004.
- H. Sondergaard, B. Thomsen, and A. P. Ravn. A ravenscarjava profile implementation. In Proceedings of theWorkshop on Java Technologies for Real-Time and Embedded Systems (JTRES 2006), Paris, France, October 2006.