MXJ: Model-Centric, Safety-Critical Java for Exploration
description
Transcript of MXJ: Model-Centric, Safety-Critical Java for Exploration
MXJ: Model-Centric, Safety-Critical Java for
Exploration
Matthias AnlauffKestrel Institute, Palo Alto, CA
Project Goals
• Java for flight and ground software in exploration missions
• Java-centric software development environment
• Formal representation of requirements
• Generation of certifiable mission-critical Java
Background
• The MXJ project has been proposed and accepted by NASA as one of 70 proposals out of 3750 entries (11/04)
• MXJ will be part of the NASA Exploration Systems Mission Directorate (ESMD) Vision for Space Exploration
• MXJ: Java-based, high-assurance development environment suitable for Exploration applications
MXJ Team
Matthias Anlauff, Principal Investigator, Kestrel
Institute (KI)
Bill Bush, co-Investigator, Sun Microsystems (Sun)
Klaus Havelund, co-Investigator, Kestrel Technology
(KT)
Doug Wells, SC Java Standardization, The Open Group
Meyer/Clark/Schoppers, Domain Modeling, NASA/JPL
John Anton, Project Manager, KI & KT
Model-centric approach
Problem DescriptionDomain-Specific
Language(s)
Problem DescriptionDomain-Specific
Language(s)
Problem DescriptionDomain-Specific Language
High-level Model(s)JSL (Java Spec Language)
Operational ModelJSL
Translation
Composition & Refinement
Source/Byte CodeSCJ VM
Generator
AtmosphereModel
PlanetaryModel
Nav.,G&C Model
Land on Mars Surface at Position x,y
Precision Landing Models in JSL
Component Operation Control Models
Precision landing SCJ code
Mars Lander
Byte Code Compiler
Concrete Platform
Approach Overview
MXJ – Model-centric Architecture
High-assurance Java code
• High-assurance must be enforced on all levels implementation language VM must be
precisely defined and analyzable
• Exploration applications require real-time language constructs
• Java-based implementation language
Safety-Critical Java
Summary
• MXJ aims at enabling Java to be used in safety-critical Exploration applications
• High-assurance model approach using refinement and composition techniques
• Safety-Critical Java will be the main target VM