Real-Time Java by ExampleExperiences from a 9th Semester Software Project

at AAU

Kasper S. Luckow, Christian Frost, and Casper S. Jensen

2. February 2011InfinIT

1

Focus of the Project

• Gain knowledge in the area of real-time systems• Specifically embedded and safety-critical real-time systems

• Determine how temporal correctness can be ensured(schedulability, WCET)

• Determine how Java can be applied to this area

• Conduct a case-study for practical experience

2

Java for Real-Time Systems Development

• It would be nice to use Java for real-time systemsdevelopment over languages such as C/C++

• Increased productivity• Reduced risk of errors• A more common language for newly educated programmers

• Using Java poses a number of interesting problems

• How can we express the necessary real-time concepts in Java?

• How can we verify properties such as WCET andschedulability?

3

The Real-Time Specification for JavaAt a quick glance

• Java, in the traditional sense lacks facilities for real-timesystems

• The RTSJ is broad, flexible, and contains many details

Facilities and concepts introduced in the RTSJ:

• Schedulable objects and scheduling.

• Real-time threads.

• Asynchronous event handling and timers.

• Asynchronous transfer of control (ATC).

• Physical and raw memory access.

• Time values and clocks.

• Synchronization and resource sharing.

• Memory management, scoped and immortal memory.

4

Profiles

• Desire to certify safety-critical systems

• Desire to reduce resource usage for embedded systems

• Profiles are used to reduce complexity of the RTSJ and allowfor easier analysis

• Ravenscar-Java (RJ)

• Safety-Critical Java (SCJ)

• Predictable Java (PJ)

5

Changes to the RTSJExample from the Ravenscar-Java

“The key aim of the Ravenscar-Java profile is to developa concurrent Java programming model that supportspredictable and reliable execution of applicationprograms, thus benefiting the construction of modernhigh integrity software”

Changes can be categorised into three areas:

• Predictability of memory utilisation.

• Predictability of timing.

• Predictability of control and data flow.

6

Case - The Mine PumpOverview

• Classic text-book example of a real-time system

• Pump starts when water level is high

• Pump stops when water level is low

• Pump never runs when methane level is high

Carbon monoxide sensor

Methane sensor

Air flow sensor

Water flow sensor

High water level detector

Low water level detector

7

Modelling the Mine PumpThe LEGO Construction

1 Brick feeder

2 Conveyor belt

3 JOP board

4 High water sensor

5 Low water sensor

6 Mine shaft

7 Water pump

8 Methane sensor

9 Conveyor belt

10 Slide

11 Environment motor

12 Environment motor

8

Modelling the Mine PumpHardware

• Java Optimized Processor (JOP) (jopdesign.com)

• Implemented on a Cyclone EP1C12 FPGA

• 100MHz processor, 512KB flash, 1MB SRAM

Implementation language: Ravenscar-Java9

Demo of the Mine Pump

10

Walk-through of the ImplementationDeclaring Tasks

new P e r i o d i c T h r e a d (new P r i o r i t y P a r a m e t e r s ( PERIODIC PRIORITY ) ,new P e r i o d i c P a r a m e t e r s (

new Abso luteTime ( 0 , 0 ) ,new R e l a t i v e T i m e ( PERIODIC PERIOD , 0 ) ) ,

new W a t e r L e v e l D e t e c t i o n R u n n a b l e ( . . . ) ) ;

new S p o r a d i c W a t e r L e v e l H i g h (new P r i o r i t y P a r a m e t e r s ( SPORADIC PRIORITY ) ,new S p o r a d i c P a r a m e t e r s (

new R e l a t i v e T i m e (SPORADIC PERIOD , 0 ) , 1 ) ,waterpumpMotor ) ;

11

Walk-through of the ImplementationHandling the Periodic Event

p u b l i c c l a s s W a t e r L e v e l D e t e c t i o n R u n n a b l e implements Runnable{. . .

p u b l i c v o i d run ( ) {i f ( h i g hW at e rS e ns or . i s W a t e r L e v e l R e a c h e d ( ) ) {

waterHighEvent.fire();}e l s e i f ( lowWaterSensor . i s N o W a t e r P r e s e n t ( ) ) {

waterLowEvent . f i r e ( ) ;}

}}

12

Walk-through of the ImplementationHandling the Sporadic Event

p u b l i c c l a s s S p o r a d i c W a t e r L e v e l H i g he x t e n d s S p o r a d i c E v e n t H a n d l e r

{p u b l i c v o i d ha nd l eA sy n cE v en t ( ) {

t h i s . waterpumpMotor . s t a r t ( ) ;}

}

13

Comparing the ProfilesSafety Critical Java

addToMiss ion (new P e r i o d i c G a s D e t e c t i o n (

new P r i o r i t y P a r a m e t e r s ( GAS PRIORITY ) ,new P e r i o d i c P a r a m e t e r s ( new R e l a t i v e T i m e ( 0 , 0 ) , new R e l a t i v e T i m e ( PERIODIC GAS PERIOD , 0 ) ,S c h e d u l e r . g e t D e f a u l t S c h e d u l e r ( ) ,new LTMemory ( 1 0∗1 0 2 4 ) ,gasSensor ,waterPumpMotor )

) ) ;

14

Temporal Correctness

• WCET analysis• Can be determined through e.g. measurements, simulation,

and static analysis• In our case safe WCETs are required and tight WCETs are

desirable• Often dependent on the underlying hardware, operating system

and virtual-machine• Predictability is the key!

• Schedulability analysis• “Tightness” of schedulability analysis desirable• Must take necessary factors into account to ensure the

schedulability

15

Analysing the ProgramWCET Analysis using WCA

16

Analysing the ProgramSchedulability Analysis using TIMES

Idle

waterLevelChanged==1go?

C HighSporadicHighWaterLevel

C LowSporadicLowWaterLevel

CWaterDetection

CCleanup

waterLevelChanged:=0

Furthermore schedulability analysis was also conducted usingResponse Time Analysis (RTA)

17

Summary

• The Java language is being adapted for easier analysisthrough profiles

• Tools can help determine properties such as WCET andschedulability for the programmer

• Still a lot of limitations regarding the capabilities of these tools

18