SlideShare a Scribd company logo

Open Safety-Critical Java

Aleš Plšek
Aleš Plšek

This document discusses the oSCJ project for developing safety-critical applications in Java. It describes safety-critical systems and the challenges of developing such systems. It then provides an overview of the Safety-Critical Java (SCJ) specification, the oSCJ implementation including its virtual machine, libraries, and tools. It also presents benchmark results and discusses future work.

Technology
1 of 31
Download to read offline
oSCJ Project: Developing Safety-Critical Applications in Java Ales Plsek www.omvj.net/oscj/ oSCJ Open Safety-Critical Java Saturday, April 24, 2010
Safety-Critical Systems Safety-Critical Systems is a system whose failure or malfunction may result in: death or serious injury to people, or loss or severe damage to equipment. Ariane 5, 1996 $800 million embedded software growing complexity failure MLOC - code size productivity, reusability, and availability of trained personnel Saturday, April 24, 2010
Safety-Critical Software Development Programming Languages C, C++, Ada static allocation, schedulability analysis Certification standards DO-178 A, B, C and D Saturday, April 24, 2010
Java in Real-Time Domain 2001 - RTSJ 2003 - Golden Gate Java 10-100 times slower than C 2005 - RT GC technology 2005-7 - RT Java Technology boom SUN, IBM Metronome, Aicas, Aonix, etc. 2010 - Fiji VM comparable performance with C, ~30% overhead 2010 - SCJ (JSR-302) near completion Saturday, April 24, 2010
Safety-Critical Specification for Java Expressivness SCJ specified by JSR-302 Java RT GC subset of RTSJ RTSJ memory safety SCJ no heap, no GC <<1ms 1ms >>1ms annotations Latency static allocation Designed to be amenable for certification - DO-178B, Level A reduction of system’s complexity and cost of certification Compliance Levels Saturday, April 24, 2010
oSCJ oSCJ Open Safety-Critical Java oSCJ contains L3 - No Heap oSCJ Level 2 RealtimeThreads Level 1 L2 - Asynchronous Event Library Handlers Level 0 L0 - Periodic Event Handlers oSCJ VM - running on top of oSCJ VM OS or directly on bare hardware SCJ-compliant VM RTEMS RTEMS OS Xilinx FPGA board with Tools HARDWARE LEON 3 architecture Static Checker Technology Compatibility Kit (TCK) miniCDj benchmark Saturday, April 24, 2010
SCJ Library Saturday, April 24, 2010
Safety-Critical Specification for Java Execution Model current mission Mission Concept setup initialization execution cleanup teardown next mission Memory Model region based memory model, no heap no dynamic allocation Compliance Levels 0-2 Level 0 - single-threaded, Periodic Event Handlers, single Mission Level 1 - AperiodicEvent handlers, Fixed-Priority Preemptive Scheduler Level 2 - sub-missions, ManagedThreads Saturday, April 24, 2010
The Mission Concept application organized as a series of Missions ImmortalMemory setup missions teardown Mission - independent computation unit with respect to lifetime and resources MissionSequencer - getNextMission() M1 ... Mi ... Mn current MissionSequencer - creates MissionMemory MissionMemory - runs in manages Missions and determines their initialization execution cleanup execution order MissionManager - startAll() - waitAll() bounded number of Schedulable objects SO1 ... ... SOn - runs in PrivateMemory PrivateMemory Schedulable Objects (SO) application logic executed by SO parameters - scheduling, priority, storage e.g. storage requirements must be know prior to execution Saturday, April 24, 2010
Memory Model PEH AEH P3 Memory Management Strategy P2 P4 P2 no heap, no GC P1 P1 memory safety Mission each SO memory size statically given Immortal static analysis friendly model Memory Types Region-Based Memory model immortal memory inspired by scoped memory areas (RTSJ) shared by all missions memory areas forming an easily-analyzable mission memory tree - scope stack shared by all SOs in mission strictly nested lifetime of scopes private memory execInArea supported SO is allowed to switch its allocation context SO private Saturday, April 24, 2010
Compliance Levels Compliance Levels 0-2 refer to expected cost and difficulty of certification allow to develop variously constrained SCJ applications both application and implementation can conform Level 0 only PeriodicEventHandlers only 1 Mission simple cyclic-execution model used already during Apollo missions [1] no aperiodicity Saturday, April 24, 2010
Compliance Levels Level 1 Periodic and Aperiodic Event Handlers Fixed-priority preemptive scheduler Level 2 nesting of missions is allowed Saturday, April 24, 2010
Library Status Stable features In development programming model exceptions memory model JNI support scheduling model external event / interrupt model time and clock dependent on JSR-282 annotations I/0 raw memory access Saturday, April 24, 2010
VM Interface interface VM_Interface { public static native Opaque makeExplicitArea ( long size); public static native Opaque makeArea (MemoryArea ma, long size); public static native Opaque setCurrentArea(Opaque scope); public static native Opaque getCurrentArea( ); ... Memory Management public static native Opaque getCurrentTime{}; public static native getClockResolution(); Time ... VM Interface } Library designed independently on the VM dedicated interface for communication with the VM Delegated tasks to the VM memory management thread-related methods (e.g. getMaxPriority) I/O - raw memory access methods time Saturday, April 24, 2010
SCJ VM Saturday, April 24, 2010
SCJ VM Design SquawkVM Java code OVM a metacircular Virtual Machine C code similarly as J9, FijiVM, Squawk VM, etc. requires a bootstrap JVM to run upon to create a boot image. a small C loader is responsible for loading the boot image at runtime. Java code compiled down to C SCJ VM optimizations towards Level 0 Memory Manager Saturday, April 24, 2010
Optimizations Synchronization Support Level 0 - single threaded no synchronization/Monitor support needed Java Object Model BluePrint Hash-Code Object Model Monitor GC info optimized fields DATA monitor, GC information hash-code SCJ Object Model BluePrint physical address of the object - non- moving object model DATA Saturday, April 24, 2010
Memory Manager Saturday, April 24, 2010
Memory Manager PEH AEH P3 backing-store area P2 P4 P2 P1 P1 Mission Immortal MemoryManager stack based allocation top level BS level (PEH ) BS level (AEH) Advantages Im M1 P1 P2 P3 P4 P1 P2 linear time memory allocation constant-time allocation scope level linear-time memory zeroing Saturday, April 24, 2010
Static Checker Saturday, April 24, 2010
Static Checker Static verification of certain SCJ properties of the code API visibility @SCJAllowed, @SCJProtected to prevent users to access internal elements Memory Safety @AllocFree, @ScopeDef, @Scope, @RunsIn Saturday, April 24, 2010
API Visibility javax.realtime package @SCJAllowed(Level 2) javax.safetycritical package class Realtime { @SCJAllowed(Level 1) @SCJAllowed(Level 2) class Foo extends Realtime { public void foobar() { @SCJAllowed(Level 1) ... class ExFoo extends Foo { @SCJAllowed(Level 1) } } public void foo() { @SCJAllowed(Level 2) ... public void foo() { } super.foo(); } bar(); } @SCJProtected @SCJAllowed(Level 1) public void bar () { class User { } public main() { } Foo.foo(); Realtime.foobar(); } } user-level code Saturday, April 24, 2010
Memory Safety @Scope(“immortal”) class Outer { Scope A @ScopeDef(name=”a”, parent=”immortal”) PrivateMemory a = new PrivateMemory(“10000”); void initialize() { run( ); } @AllocFree boolean foo ( ) {...} Scope A @RunsIn(“a”) void run () { Memory Safety initialize(); foo(); @AllocFree - no allocation } } @ScopeDef - defines a scope memory @Scope - per object, indicates allocation context @RunsIn - overrides the class annotation, the default scope in which the type runs Saturday, April 24, 2010
Static Checker Implementation based on Checker Framework (JSR 308) that will be part of Java 7 verification is done through AST visitors Memory Safety double pass of the algorithm 1. a scope-tree is constructed 2. scope-tree used to verify the memory-safety rules Saturday, April 24, 2010
Evaluation Saturday, April 24, 2010
Evaluation Platform Hardware Platform Xilinx FPGA GR-XC3S-1500 development board 8Mb flash PROM, 64MB SDRAM no FPU LEON3 Processor flashed with LEON3, running at 40MHz used by NASA and ESA (Venus Express Mission 2005, Dawn Misssion 2007) Real-time OS RTEMS 4.9 Saturday, April 24, 2010
Benchmark Collision Detector Benchmark - CDx periodic real-time task highly configurable workloads - # of planes, # of iterations, # of collisions, period Various languages used C, RTSJ, regular Java miniCDj - CDx implementation in SCJ Open-source, available at www.ovmj.net/cdx/ Saturday, April 24, 2010
Results Benchmark results for LEON3 and x86 platforms to be published soon.... Saturday, April 24, 2010
Conclusion Saturday, April 24, 2010
Conclusion oSCJ Open Safety-Critical Java oSCJ Distribution available and open-source Library, VM, tools and benchmark www.omvj.net/oscj Performance compatitive with C both on LEON3 and x86 Future Work Library implementation full Level 0 functionality (Exceptions, I/O, etc.) supported both by OVM and FijiVM FijiVM optimizations Saturday, April 24, 2010
References [1] Apollo's Rocket Scientists, http://www.technologyreview.com/computing/23636/ [2] oSCJ : www.ovmj.net/oscj/ [3] Java for Safety-Critical Applications, Hunt, Locke, Nilsen, Schoeberl,Vitek, SAFECERT 2009. [4] oSCJ Project, Purdue CS Annual Report 2010. [5] A Technology Compatibility Kit for Safety Critical Java. Zhao,Tang,Vitek. JTRES 2009. Saturday, April 24, 2010

Recommended

List ofsuparco projectsforuniversities
List ofsuparco projectsforuniversitiesList ofsuparco projectsforuniversities
List ofsuparco projectsforuniversitiesMr SMAK
 
Simple insites into JVM
Simple insites into JVMSimple insites into JVM
Simple insites into JVMRamakanth Tarimala
 
FlexRay Product Days RTaW
FlexRay Product Days RTaWFlexRay Product Days RTaW
FlexRay Product Days RTaWRealTime-at-Work (RTaW)
 
Presentation of the open source CFD code Code_Saturne
Presentation of the open source CFD code Code_SaturnePresentation of the open source CFD code Code_Saturne
Presentation of the open source CFD code Code_SaturneRenuda SARL
 
Lec Jan29 2009
Lec Jan29 2009Lec Jan29 2009
Lec Jan29 2009Ravi Soni
 
OSGi Applications Clustering using Distributed Shared Memory
OSGi Applications Clustering using Distributed Shared MemoryOSGi Applications Clustering using Distributed Shared Memory
OSGi Applications Clustering using Distributed Shared MemoryAnthony Gelibert
 
Of Bugs and Men (and Plugins too)
Of Bugs and Men (and Plugins too)Of Bugs and Men (and Plugins too)
Of Bugs and Men (and Plugins too)Michel Wermelinger
 
Project by Koushik
Project by KoushikProject by Koushik
Project by Koushikmrkoushikmondal
 

Recommended

List ofsuparco projectsforuniversities
List ofsuparco projectsforuniversitiesList ofsuparco projectsforuniversities
List ofsuparco projectsforuniversitiesMr SMAK
 
Simple insites into JVM
Simple insites into JVMSimple insites into JVM
Simple insites into JVMRamakanth Tarimala
 
FlexRay Product Days RTaW
FlexRay Product Days RTaWFlexRay Product Days RTaW
FlexRay Product Days RTaWRealTime-at-Work (RTaW)
 
Presentation of the open source CFD code Code_Saturne
Presentation of the open source CFD code Code_SaturnePresentation of the open source CFD code Code_Saturne
Presentation of the open source CFD code Code_SaturneRenuda SARL
 
Lec Jan29 2009
Lec Jan29 2009Lec Jan29 2009
Lec Jan29 2009Ravi Soni
 
OSGi Applications Clustering using Distributed Shared Memory
OSGi Applications Clustering using Distributed Shared MemoryOSGi Applications Clustering using Distributed Shared Memory
OSGi Applications Clustering using Distributed Shared MemoryAnthony Gelibert
 
Of Bugs and Men (and Plugins too)
Of Bugs and Men (and Plugins too)Of Bugs and Men (and Plugins too)
Of Bugs and Men (and Plugins too)Michel Wermelinger
 
Project by Koushik
Project by KoushikProject by Koushik
Project by Koushikmrkoushikmondal
 
Soleil: A Component Framework for RTSJ
Soleil: A Component Framework for RTSJSoleil: A Component Framework for RTSJ
Soleil: A Component Framework for RTSJAleš Plšek
 
Real-time Programming in Java
Real-time Programming in JavaReal-time Programming in Java
Real-time Programming in JavaAleš Plšek
 
balashsa
balashsabalashsa
balashsaCastelaa
 
Jtres checker
Jtres checkerJtres checker
Jtres checkerAleš Plšek
 
Transfermation
TransfermationTransfermation
Transfermationubstudentadvisingservices
 
Static Checker for Safety-Critical Java Annotations
Static Checker for Safety-Critical Java AnnotationsStatic Checker for Safety-Critical Java Annotations
Static Checker for Safety-Critical Java AnnotationsAleš Plšek
 
Business Golf Challenge 2012
Business Golf Challenge 2012Business Golf Challenge 2012
Business Golf Challenge 2012TenBokum
 
Proiect Panotaj Exterior
Proiect Panotaj ExteriorProiect Panotaj Exterior
Proiect Panotaj Exteriorandreear
 
How To Use Class Schedule
How To Use Class ScheduleHow To Use Class Schedule
How To Use Class Scheduleubstudentadvisingservices
 
Watching
WatchingWatching
Watchingliluming
 
Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Aleš Plšek
 
搜索 VS 查询
搜索 VS 查询搜索 VS 查询
搜索 VS 查询liluming
 
Crash presentation for class
Crash presentation for classCrash presentation for class
Crash presentation for classabdul khan
 
People On The Move
People On The MovePeople On The Move
People On The Movedcmoboces
 
Sumer
SumerSumer
Sumerdcmoboces
 
The World of Google: US Vs. Europe
The World of Google: US Vs. EuropeThe World of Google: US Vs. Europe
The World of Google: US Vs. EuropePeter "Dr. Pete" Meyers
 
Beyond 10 Blue Links: The Future of Ranking
Beyond 10 Blue Links: The Future of RankingBeyond 10 Blue Links: The Future of Ranking
Beyond 10 Blue Links: The Future of RankingPeter "Dr. Pete" Meyers
 
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look ForwardACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look ForwardProject ACRN
 
Introduction To SPOT
Introduction To SPOTIntroduction To SPOT
Introduction To SPOTpauldeng
 
Discover Micronaut
Discover MicronautDiscover Micronaut
Discover MicronautRiadh MNASRI
 
Scotas - Oracle Open World Sao Pablo
Scotas - Oracle Open World Sao PabloScotas - Oracle Open World Sao Pablo
Scotas - Oracle Open World Sao PabloJulian Arocena
 
Windows Azure Interoperability
Windows Azure InteroperabilityWindows Azure Interoperability
Windows Azure InteroperabilityMihai Dan Nadas
 

More Related Content

Viewers also liked

Soleil: A Component Framework for RTSJ
Soleil: A Component Framework for RTSJSoleil: A Component Framework for RTSJ
Soleil: A Component Framework for RTSJAleš Plšek
 
Real-time Programming in Java
Real-time Programming in JavaReal-time Programming in Java
Real-time Programming in JavaAleš Plšek
 
Static Checker for Safety-Critical Java Annotations
Static Checker for Safety-Critical Java AnnotationsStatic Checker for Safety-Critical Java Annotations
Static Checker for Safety-Critical Java AnnotationsAleš Plšek
 
Business Golf Challenge 2012
Business Golf Challenge 2012Business Golf Challenge 2012
Business Golf Challenge 2012TenBokum
 
Proiect Panotaj Exterior
Proiect Panotaj ExteriorProiect Panotaj Exterior
Proiect Panotaj Exteriorandreear
 
Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Aleš Plšek
 
搜索 VS 查询
搜索 VS 查询搜索 VS 查询
搜索 VS 查询liluming
 
Crash presentation for class
Crash presentation for classCrash presentation for class
Crash presentation for classabdul khan
 
People On The Move
People On The MovePeople On The Move
People On The Movedcmoboces
 
Beyond 10 Blue Links: The Future of Ranking
Beyond 10 Blue Links: The Future of RankingBeyond 10 Blue Links: The Future of Ranking
Beyond 10 Blue Links: The Future of RankingPeter "Dr. Pete" Meyers
 

Viewers also liked (17)

Soleil: A Component Framework for RTSJ
Soleil: A Component Framework for RTSJSoleil: A Component Framework for RTSJ
Soleil: A Component Framework for RTSJ
 
Real-time Programming in Java
Real-time Programming in JavaReal-time Programming in Java
Real-time Programming in Java
 
balashsa
balashsabalashsa
balashsa
 
Jtres checker
Jtres checkerJtres checker
Jtres checker
 
Transfermation
TransfermationTransfermation
Transfermation
 
Static Checker for Safety-Critical Java Annotations
Static Checker for Safety-Critical Java AnnotationsStatic Checker for Safety-Critical Java Annotations
Static Checker for Safety-Critical Java Annotations
 
Business Golf Challenge 2012
Business Golf Challenge 2012Business Golf Challenge 2012
Business Golf Challenge 2012
 
Proiect Panotaj Exterior
Proiect Panotaj ExteriorProiect Panotaj Exterior
Proiect Panotaj Exterior
 
How To Use Class Schedule
How To Use Class ScheduleHow To Use Class Schedule
How To Use Class Schedule
 
Watching
WatchingWatching
Watching
 
Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ Developing Safety-Critical Java Applications with oSCJ
Developing Safety-Critical Java Applications with oSCJ
 
搜索 VS 查询
搜索 VS 查询搜索 VS 查询
搜索 VS 查询
 
Crash presentation for class
Crash presentation for classCrash presentation for class
Crash presentation for class
 
People On The Move
People On The MovePeople On The Move
People On The Move
 
Sumer
SumerSumer
Sumer
 
The World of Google: US Vs. Europe
The World of Google: US Vs. EuropeThe World of Google: US Vs. Europe
The World of Google: US Vs. Europe
 
Beyond 10 Blue Links: The Future of Ranking
Beyond 10 Blue Links: The Future of RankingBeyond 10 Blue Links: The Future of Ranking
Beyond 10 Blue Links: The Future of Ranking
 

Similar to Open Safety-Critical Java

ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look ForwardACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look ForwardProject ACRN
 
Introduction To SPOT
Introduction To SPOTIntroduction To SPOT
Introduction To SPOTpauldeng
 
Discover Micronaut
Discover MicronautDiscover Micronaut
Discover MicronautRiadh MNASRI
 
Scotas - Oracle Open World Sao Pablo
Scotas - Oracle Open World Sao PabloScotas - Oracle Open World Sao Pablo
Scotas - Oracle Open World Sao PabloJulian Arocena
 
Windows Azure Interoperability
Windows Azure InteroperabilityWindows Azure Interoperability
Windows Azure InteroperabilityMihai Dan Nadas
 
Selfxl Project Solutions Linux Ow2
Selfxl Project Solutions Linux Ow2Selfxl Project Solutions Linux Ow2
Selfxl Project Solutions Linux Ow2Catherine Nuel
 
Microsoft HPC User Group
Microsoft HPC User Group Microsoft HPC User Group
Microsoft HPC User Group sjwoodman
 
Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010
Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010
Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010FPGA Central
 
Непрерывное тестирование для улучшения качества кода
Непрерывное тестирование для улучшения качества кодаНепрерывное тестирование для улучшения качества кода
Непрерывное тестирование для улучшения качества кодаSQALab
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCFPGA Central
 
V Labs Product Presentation
V Labs Product PresentationV Labs Product Presentation
V Labs Product PresentationWil Huijben
 
Постоянное тестирование интеграции
Постоянное тестирование интеграцииПостоянное тестирование интеграции
Постоянное тестирование интеграцииSQALab
 
Ese2008 Swordfish
Ese2008 SwordfishEse2008 Swordfish
Ese2008 Swordfishwwtyler
 
SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1
SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1
SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1Benton "Ben" Bovée
 
Enterprise deck feb2013v2
Enterprise deck feb2013v2Enterprise deck feb2013v2
Enterprise deck feb2013v2Kalen Kimm
 
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...Project ACRN
 

Similar to Open Safety-Critical Java (20)

ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look ForwardACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
 
Introduction To SPOT
Introduction To SPOTIntroduction To SPOT
Introduction To SPOT
 
Discover Micronaut
Discover MicronautDiscover Micronaut
Discover Micronaut
 
Scotas - Oracle Open World Sao Pablo
Scotas - Oracle Open World Sao PabloScotas - Oracle Open World Sao Pablo
Scotas - Oracle Open World Sao Pablo
 
Windows Azure Interoperability
Windows Azure InteroperabilityWindows Azure Interoperability
Windows Azure Interoperability
 
Selfxl Project Solutions Linux Ow2
Selfxl Project Solutions Linux Ow2Selfxl Project Solutions Linux Ow2
Selfxl Project Solutions Linux Ow2
 
Microsoft HPC User Group
Microsoft HPC User Group Microsoft HPC User Group
Microsoft HPC User Group
 
No Heap Remote Objects for Distributed real-time Java
No Heap Remote Objects for Distributed real-time JavaNo Heap Remote Objects for Distributed real-time Java
No Heap Remote Objects for Distributed real-time Java
 
Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010
Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010
Upgrading to SystemVerilog for FPGA Designs - FPGA Camp Bangalore, 2010
 
Cytoscape seminar
Cytoscape seminarCytoscape seminar
Cytoscape seminar
 
Непрерывное тестирование для улучшения качества кода
Непрерывное тестирование для улучшения качества кодаНепрерывное тестирование для улучшения качества кода
Непрерывное тестирование для улучшения качества кода
 
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
 
Cast vs sonar
Cast vs sonarCast vs sonar
Cast vs sonar
 
Cast vs sonar
Cast vs sonarCast vs sonar
Cast vs sonar
 
V Labs Product Presentation
V Labs Product PresentationV Labs Product Presentation
V Labs Product Presentation
 
Постоянное тестирование интеграции
Постоянное тестирование интеграцииПостоянное тестирование интеграции
Постоянное тестирование интеграции
 
Ese2008 Swordfish
Ese2008 SwordfishEse2008 Swordfish
Ese2008 Swordfish
 
SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1
SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1
SSTC-2012 BenKBovée 2933a_Backup Slides 26-Apr 1130-1300 Track1
 
Enterprise deck feb2013v2
Enterprise deck feb2013v2Enterprise deck feb2013v2
Enterprise deck feb2013v2
 
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
 

Recently uploaded

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Open Safety-Critical Java

  • 1. oSCJ Project: Developing Safety-Critical Applications in Java Ales Plsek www.omvj.net/oscj/ oSCJ Open Safety-Critical Java Saturday, April 24, 2010
  • 2. Safety-Critical Systems Safety-Critical Systems is a system whose failure or malfunction may result in: death or serious injury to people, or loss or severe damage to equipment. Ariane 5, 1996 $800 million embedded software growing complexity failure MLOC - code size productivity, reusability, and availability of trained personnel Saturday, April 24, 2010
  • 3. Safety-Critical Software Development Programming Languages C, C++, Ada static allocation, schedulability analysis Certification standards DO-178 A, B, C and D Saturday, April 24, 2010
  • 4. Java in Real-Time Domain 2001 - RTSJ 2003 - Golden Gate Java 10-100 times slower than C 2005 - RT GC technology 2005-7 - RT Java Technology boom SUN, IBM Metronome, Aicas, Aonix, etc. 2010 - Fiji VM comparable performance with C, ~30% overhead 2010 - SCJ (JSR-302) near completion Saturday, April 24, 2010
  • 5. Safety-Critical Specification for Java Expressivness SCJ specified by JSR-302 Java RT GC subset of RTSJ RTSJ memory safety SCJ no heap, no GC <<1ms 1ms >>1ms annotations Latency static allocation Designed to be amenable for certification - DO-178B, Level A reduction of system’s complexity and cost of certification Compliance Levels Saturday, April 24, 2010
  • 6. oSCJ oSCJ Open Safety-Critical Java oSCJ contains L3 - No Heap oSCJ Level 2 RealtimeThreads Level 1 L2 - Asynchronous Event Library Handlers Level 0 L0 - Periodic Event Handlers oSCJ VM - running on top of oSCJ VM OS or directly on bare hardware SCJ-compliant VM RTEMS RTEMS OS Xilinx FPGA board with Tools HARDWARE LEON 3 architecture Static Checker Technology Compatibility Kit (TCK) miniCDj benchmark Saturday, April 24, 2010
  • 8. Safety-Critical Specification for Java Execution Model current mission Mission Concept setup initialization execution cleanup teardown next mission Memory Model region based memory model, no heap no dynamic allocation Compliance Levels 0-2 Level 0 - single-threaded, Periodic Event Handlers, single Mission Level 1 - AperiodicEvent handlers, Fixed-Priority Preemptive Scheduler Level 2 - sub-missions, ManagedThreads Saturday, April 24, 2010
  • 9. The Mission Concept application organized as a series of Missions ImmortalMemory setup missions teardown Mission - independent computation unit with respect to lifetime and resources MissionSequencer - getNextMission() M1 ... Mi ... Mn current MissionSequencer - creates MissionMemory MissionMemory - runs in manages Missions and determines their initialization execution cleanup execution order MissionManager - startAll() - waitAll() bounded number of Schedulable objects SO1 ... ... SOn - runs in PrivateMemory PrivateMemory Schedulable Objects (SO) application logic executed by SO parameters - scheduling, priority, storage e.g. storage requirements must be know prior to execution Saturday, April 24, 2010
  • 10. Memory Model PEH AEH P3 Memory Management Strategy P2 P4 P2 no heap, no GC P1 P1 memory safety Mission each SO memory size statically given Immortal static analysis friendly model Memory Types Region-Based Memory model immortal memory inspired by scoped memory areas (RTSJ) shared by all missions memory areas forming an easily-analyzable mission memory tree - scope stack shared by all SOs in mission strictly nested lifetime of scopes private memory execInArea supported SO is allowed to switch its allocation context SO private Saturday, April 24, 2010
  • 11. Compliance Levels Compliance Levels 0-2 refer to expected cost and difficulty of certification allow to develop variously constrained SCJ applications both application and implementation can conform Level 0 only PeriodicEventHandlers only 1 Mission simple cyclic-execution model used already during Apollo missions [1] no aperiodicity Saturday, April 24, 2010
  • 12. Compliance Levels Level 1 Periodic and Aperiodic Event Handlers Fixed-priority preemptive scheduler Level 2 nesting of missions is allowed Saturday, April 24, 2010
  • 13. Library Status Stable features In development programming model exceptions memory model JNI support scheduling model external event / interrupt model time and clock dependent on JSR-282 annotations I/0 raw memory access Saturday, April 24, 2010
  • 14. VM Interface interface VM_Interface { public static native Opaque makeExplicitArea ( long size); public static native Opaque makeArea (MemoryArea ma, long size); public static native Opaque setCurrentArea(Opaque scope); public static native Opaque getCurrentArea( ); ... Memory Management public static native Opaque getCurrentTime{}; public static native getClockResolution(); Time ... VM Interface } Library designed independently on the VM dedicated interface for communication with the VM Delegated tasks to the VM memory management thread-related methods (e.g. getMaxPriority) I/O - raw memory access methods time Saturday, April 24, 2010
  • 16. SCJ VM Design SquawkVM Java code OVM a metacircular Virtual Machine C code similarly as J9, FijiVM, Squawk VM, etc. requires a bootstrap JVM to run upon to create a boot image. a small C loader is responsible for loading the boot image at runtime. Java code compiled down to C SCJ VM optimizations towards Level 0 Memory Manager Saturday, April 24, 2010
  • 17. Optimizations Synchronization Support Level 0 - single threaded no synchronization/Monitor support needed Java Object Model BluePrint Hash-Code Object Model Monitor GC info optimized fields DATA monitor, GC information hash-code SCJ Object Model BluePrint physical address of the object - non- moving object model DATA Saturday, April 24, 2010
  • 19. Memory Manager PEH AEH P3 backing-store area P2 P4 P2 P1 P1 Mission Immortal MemoryManager stack based allocation top level BS level (PEH ) BS level (AEH) Advantages Im M1 P1 P2 P3 P4 P1 P2 linear time memory allocation constant-time allocation scope level linear-time memory zeroing Saturday, April 24, 2010
  • 21. Static Checker Static verification of certain SCJ properties of the code API visibility @SCJAllowed, @SCJProtected to prevent users to access internal elements Memory Safety @AllocFree, @ScopeDef, @Scope, @RunsIn Saturday, April 24, 2010
  • 22. API Visibility javax.realtime package @SCJAllowed(Level 2) javax.safetycritical package class Realtime { @SCJAllowed(Level 1) @SCJAllowed(Level 2) class Foo extends Realtime { public void foobar() { @SCJAllowed(Level 1) ... class ExFoo extends Foo { @SCJAllowed(Level 1) } } public void foo() { @SCJAllowed(Level 2) ... public void foo() { } super.foo(); } bar(); } @SCJProtected @SCJAllowed(Level 1) public void bar () { class User { } public main() { } Foo.foo(); Realtime.foobar(); } } user-level code Saturday, April 24, 2010
  • 23. Memory Safety @Scope(“immortal”) class Outer { Scope A @ScopeDef(name=”a”, parent=”immortal”) PrivateMemory a = new PrivateMemory(“10000”); void initialize() { run( ); } @AllocFree boolean foo ( ) {...} Scope A @RunsIn(“a”) void run () { Memory Safety initialize(); foo(); @AllocFree - no allocation } } @ScopeDef - defines a scope memory @Scope - per object, indicates allocation context @RunsIn - overrides the class annotation, the default scope in which the type runs Saturday, April 24, 2010
  • 24. Static Checker Implementation based on Checker Framework (JSR 308) that will be part of Java 7 verification is done through AST visitors Memory Safety double pass of the algorithm 1. a scope-tree is constructed 2. scope-tree used to verify the memory-safety rules Saturday, April 24, 2010
  • 26. Evaluation Platform Hardware Platform Xilinx FPGA GR-XC3S-1500 development board 8Mb flash PROM, 64MB SDRAM no FPU LEON3 Processor flashed with LEON3, running at 40MHz used by NASA and ESA (Venus Express Mission 2005, Dawn Misssion 2007) Real-time OS RTEMS 4.9 Saturday, April 24, 2010
  • 27. Benchmark Collision Detector Benchmark - CDx periodic real-time task highly configurable workloads - # of planes, # of iterations, # of collisions, period Various languages used C, RTSJ, regular Java miniCDj - CDx implementation in SCJ Open-source, available at www.ovmj.net/cdx/ Saturday, April 24, 2010
  • 28. Results Benchmark results for LEON3 and x86 platforms to be published soon.... Saturday, April 24, 2010
  • 30. Conclusion oSCJ Open Safety-Critical Java oSCJ Distribution available and open-source Library, VM, tools and benchmark www.omvj.net/oscj Performance compatitive with C both on LEON3 and x86 Future Work Library implementation full Level 0 functionality (Exceptions, I/O, etc.) supported both by OVM and FijiVM FijiVM optimizations Saturday, April 24, 2010
  • 31. References [1] Apollo's Rocket Scientists, http://www.technologyreview.com/computing/23636/ [2] oSCJ : www.ovmj.net/oscj/ [3] Java for Safety-Critical Applications, Hunt, Locke, Nilsen, Schoeberl,Vitek, SAFECERT 2009. [4] oSCJ Project, Purdue CS Annual Report 2010. [5] A Technology Compatibility Kit for Safety Critical Java. Zhao,Tang,Vitek. JTRES 2009. Saturday, April 24, 2010