Towards Programming Safety Critical Systems in Java
description
Transcript of Towards Programming Safety Critical Systems in Java
![Page 1: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/1.jpg)
Towards Programming Safety Critical Systems in
JavaBent Thomsen
Aalborg University
![Page 2: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/2.jpg)
2
Joint work with:
• Martin Schoeberl– Institute of Computer Engineering Vienna University of Technology, Austria
• Hans Søndergaard– Vitus Bering University College
• Stephan Korsholm– Polycom (former KIRK telecom) and CISS
• Anders P. Ravn, Thomas Bøgholm, Henrik Kragh-Hansen, Petur Olsen, Kim G. Larsen, Rene R. Hansen and Lone Leth Thomsen – CISS/Department of Computer Science Aalborg University
![Page 3: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/3.jpg)
3
Computers today
A computer is a grey box full of black smoke.When the black smoke escapes the computerdoes not work any more
Anonymous CS student
![Page 4: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/4.jpg)
4
Some have a broader view
![Page 5: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/5.jpg)
5
But what about these?
![Page 6: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/6.jpg)
6
Especially this one
• JOP - Java Optimized Processor
![Page 7: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/7.jpg)
7
• Computer purchased as part of some other piece of equipment
– Typically dedicated software (may be user customizable)
– Often replaces previously electromechanical components
– Often no “real” keyboard
– Often limited display or no general purpose display
Embedded Systems
![Page 8: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/8.jpg)
8
Real-time Systems Landscape
• Interaction software– Psychology
• Signal processing– Compute as much as possible within deadline
• Media processing– QoS, graceful degradation
• Control software– Catastrophic consequences of missed
deadlines
![Page 9: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/9.jpg)
9
High Integrity Embedded Real-Time Systems
• Implemented in hardware
• Customized components
• Hardware specific software
• Poor reusability
• Specially trained programmers– Assembler and C (and C++) dominate
embedded systems programming– Still at lot of Ada programming going on
![Page 10: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/10.jpg)
10
What is the problem?
• Sheer number of systems
• Poor programmer productivity– Fewer and fewer C/C++ programmers
![Page 11: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/11.jpg)
11
How to increase Programmer Productivity?
3 ways of increasing programmer productivity:
1. Process (software engineering)
– Controlling programmers– Good process can yield up to 20% increase
2. Tools (verification, static analysis, program generation)
– Good tools can yield up to 10% increase3. Better designed Languages --- the center of the universe!
– Core abstractions, mechanisms, services, guarantees– Affect how programmers approach a task (C vs. SML)– New languages can yield 700% increase
![Page 12: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/12.jpg)
12
Why Java
• Easy to learn
• Early (first) programming language
• Object oriented
• Industrial strength
• Platform independent
• Concurrent
• (Almost) Well-defined semantics
![Page 13: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/13.jpg)
13
Java is all around us
Java-enabled Handsets
0
200
400
600
800
1,000
1,200
1,400
1,600
Un
its
(in
mil
lio
n)
Installed Base Annual Shipment
1B 1B installedinstalledbase in base in 20062006
2004 2005 2006 2007 2008
![Page 14: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/14.jpg)
14
Even in space
![Page 15: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/15.jpg)
15
Java Disadvantages wrt. Real-time
• Unpredictable performance– Scheduling– Memory– Control and data flow
• Automatic garbage collection
• Dynamic class loading
![Page 16: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/16.jpg)
16
Real-Time Specification for Java
• RTSJ for short• First JSR request (JSR-001)• Still not completely finished• Implementations
– Timesys RI– OVM (Purdue)– PERCS (AONIX), – JamaicaVM (AICAS)– McKinack (SUN) based on Hotspot– Websphere (IBM) based on J9
![Page 17: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/17.jpg)
17
RTSJ Guiding Principles
• Backward compatibility to standard Java
• Write Once, Run Anywhere
• Reflects current real-time practice
• Predictable execution
• No Syntactic extension– But subtle changes to semantics
• Allow implementation flexibility
![Page 18: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/18.jpg)
18
RTSJ Overview
• Clear definition of scheduler• Priority inheritance protocol• NoHeapRealtimeThread• BoundAsyncEventHandler• Scoped memory to avoid GC• Low-level access through raw memory• High resolution time and timer• Targeted at larger systems
– implementation from Sun requires a dual UltraSparc III or higher with 512 MB memory and the Solaris 10 operating system
![Page 19: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/19.jpg)
19
RTSJ Subset
• Ravenscar Java– Name from Ravenscar Ada– Based in Puschner & Wellings paper
• Profile for high integrity applications• RTSJ compatible• No dynamic thread creation• Simplified scoped memory• Targeted at Java 2 Micro Edition• Implementations?
– Partial on aJ-100 at CISS/AAU
![Page 20: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/20.jpg)
20
Observation
There is essentially only one way to get a more predictable language:
• Namely to select a set of features which makes it controllable.
• Which implies that a set of features can be deselected as well
![Page 21: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/21.jpg)
21
The bottom up approach1. take the Java language and its associated VM2. provide low level access to physical memory (and interrupts),3. add an interface to a scheduler which is some mechanism that
gives predictability to thread execution, and which implements some policy that is specified through release and scheduling parameters,
4. add an interface to some memory areas controlled by mechanisms that may give more predictable allocation of objects,
5. add some mechanism to make synchronization more predictable,
6. add new classes of asynchronous events and their handlers, and internal event generators called timers related to clocks,
7. and try to come to terms with asynchronous transfer of control and termination.
![Page 22: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/22.jpg)
22
Life is complicated enough
• apart from 1 and 2, the remaining ”enhancements” complicate life for a programmer
• source program for an application becomes a mixture of – application specific requirements
• (deadlines, periods, binding of external events, and program logic),
– parameters for controlling policies of the underlying middleware mechanisms
• (cost, priority, importance, event queue sizes, memory area sizes),
– parameters for tuning or sidestepping the mechanisms • (miss handlers, timers).
![Page 23: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/23.jpg)
23
Our Target Community
Real-TimeComputing
ControlEngineeringSC Java
Control in Real-Time Computing
Real-Time Programming Techniques in Control System Implementation
![Page 24: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/24.jpg)
24
A typical embedded program
Cruise control:Loop
Read the sensors;
Compute speed;
if speed too high
Compute pressure for brake pedal;
if speed too low
Compute pressure for accelerator;
Transmit the outputs to actuators;
![Page 25: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/25.jpg)
25
FOSS WineScan Case Study
enclosed in a Thermobox
FTIR instrument
Interfero-gram
FTIR technology: Fourier Transform Infrared Spectroscopy
![Page 26: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/26.jpg)
26
Interferometer functional requirements
The instrument
• Temperature reading and regulation
thermobox, cuvette, interferometer, IR-source
reading: 5 times/sec regulation: 1 time/sec
• Interferometer measurement move the mirror and read IR-detector
every 333 µs up to 3200 times in a scan
an interferometer measurement 32 scans
Thermobox
![Page 27: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/27.jpg)
27
Our approach
• the Java language and machine supported by existing RT mechanisms and policies
• low level access to hardware, since hardware abstraction layers are yet in the future
• plus periodic and sporadic threads with application specific parameters, including program logic
![Page 28: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/28.jpg)
28
The Aim
• An easy to use framework
• Simplified program analysis
• Easy to implement on embedded systems
• Minimum implementation details
• J2ME programmers should be able to learn to use SC Java in a day
![Page 29: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/29.jpg)
29
SC Java Programming ModelInitialized: An RT application is in the Initialized state untilthe initialization code of the RealTimeSystem hasrun to completion and its start method has not beeninvoked. Application threads and passive objects arecreated and initialized here. Threads are not started.
Mission: An RT application is in the Mission state whenit has returned from its start method which starts allthreads.
Stop: An RT application is in the Stop state when it hasreturned from the stop method which waits for threadsto perform their optional cleanup.
![Page 30: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/30.jpg)
30
Difference to RTSJ
• No Initializer Thread– Done as part of main method
• No WaitForNextperiod– Scheduler does this
• No priorities– Programmer Specify deadline and periods– Scheduler calculates priorities
![Page 31: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/31.jpg)
31
Only few concepts
• Periodic Threads
• Sporadic Threads
• RunTimeSystem
• Relative Time
• Immortal and Raw Memory
![Page 32: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/32.jpg)
32
Schedulable Entities
All schedulable entities (periodic and sporadic) are represented by threads.
The abstract class RealtimeThread has two methods:
• run() – the run logic to be executed every time the thread is activated
• cleanup() – a clean-up method to be executed if the system should be shut
down or stopped
Initialize is done in main()
![Page 33: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/33.jpg)
33
The Class Diagram
![Page 34: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/34.jpg)
34
The RealtimeThread Class
![Page 35: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/35.jpg)
35
PeriodicThread
![Page 36: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/36.jpg)
36
SporadicThread
![Page 37: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/37.jpg)
37
The Runtime System
![Page 38: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/38.jpg)
38
An example
![Page 39: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/39.jpg)
39
Implementations of SC Java
• On Ajile aJ-100 and JOP– Use existing schedulers and threads
• On Mechatronic Brick and Polycom (Kirk)– Currently experimenting with JamVM
• Implementation on RTSJ underway
![Page 40: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/40.jpg)
40
What about Program Analysis?
• Traditional approaches to analysis of RT systems are hard and conservative
• Alternatives via:– Java PathFinder– SARTS
• WCET and Schedulability on JOP
![Page 41: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/41.jpg)
41
Utilisation-Based Analysis
• A simple sufficient but not necessary schedulability test exists
)12( /1
1
NN
i i
i NT
CU
NU as 69.0
Where C is WCET and T is period
![Page 42: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/42.jpg)
42
Response Time Equation
jihpj
j
iii C
T
RCR
)(
Where hp(i) is the set of tasks with priority higher than task i
Solve by forming a recurrence relationship:
jihpj
j
n
ii
n
i CTw
Cw
)(
1
The set of values is monotonically non decreasingWhen the solution to the equation has been found, must not be greater that (e.g. 0 or )
1 n
i
n
i ww,..,...,,, 210 n
iiii wwww0
iw
iR iC
![Page 43: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/43.jpg)
43
Java PathFinder
void add(Object o) { buffer[head] = o; head = (head+1)%size;}
Object take() { … tail=(tail+1)%size; return buffer[tail];}
Java Code
JAVAC JVM
0: iconst_01: istore_22: goto #395: getstatic 8: aload_09: iload_210: aaload
Bytecode
Special JVM
Model Checker
![Page 44: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/44.jpg)
44
SARTS
• WCET and Schedulability analyzer for Java programs written in the SCJ profile (PRTJ)
• Assumes correct Loop bounds annotations• Generated code to be executed on JOP
• Generates Timed Automata• Control flow graph with timing information• Uppaal Model-checker checks for deadlock
![Page 45: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/45.jpg)
45
SARTS Overview
![Page 46: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/46.jpg)
46
Java to UPPAAL
![Page 47: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/47.jpg)
47
Timed Automata templates
• Translation of Basic Blocks into states and transitions
• Patterns for:– Loops– Monitor statements– If statements– Method invoke– Sporadic task release
![Page 48: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/48.jpg)
48
Simple models of RM scheduler
• Predefined models– Scheduler– Periodic Task– Sporadic Task
![Page 49: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/49.jpg)
49
Periodic Task/Sporadic Task
![Page 50: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/50.jpg)
50
SARTS can do better than utilisation test
• Example• One periodic task• Two sporadic tasks
– Mutually exclusive
![Page 51: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/51.jpg)
51
SARTS can do better than utilisation test
• Period: 240• Minimum inter-arrival time: 240• Periodic cost: 161• Sporadic cost: 64• Utilisation test fails:
![Page 52: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/52.jpg)
52
Time Line
![Page 53: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/53.jpg)
53
real-time sorting machine
![Page 54: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/54.jpg)
54
SARTS future work
• Cache analysis• Different scheduling strategies• Memory usage analysis• Multicore• IDE integration
![Page 55: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/55.jpg)
55
Java Objects Project
• CISS/DPT CS AAU• Vitus Bering Denmark• Polycom (Kirk telecom A/S)• Wirtek A/S• Mechatronic Brick ApS • Aalborg Industries A/S• Prevas A/S • Teknologisk Institut
JJ B
O J
![Page 56: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/56.jpg)
56
Project Objectives
• Porting JVM on various hardware platforms• WCET and other prgl. analysis• Integration into IDE (eclipse)• Legacy programming (not JNI)• Applications, applications …
![Page 57: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/57.jpg)
57
The missing parts
• Standard Libraries • Generalised phases• Generalised WCET analysis
– Works for JOP!
• Memory usage analysis• Memory mechanisms
– Immortal and local (with weak references) memory
![Page 58: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/58.jpg)
58
Standard Library
• Problems with existing libraries:– Use a lot of dynamic allocations– Bad for WCET and memory usage– Focus on improved average performance
• Javolution– Reuse memory– Focus on WCET, but no guarantees– Focus on predictability
![Page 59: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/59.jpg)
59
Standard Library
• Canteen– Implements List, Set and Map– WCET analysis possible– Does not throw exceptions– No memory allocation in mission phase– Support for generics– Use standard interfaces (almost)
![Page 60: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/60.jpg)
60
Generalised Phases
• JSR 302 proposal by The Open Group:
![Page 61: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/61.jpg)
61
Generalised Mode Change
![Page 62: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/62.jpg)
62
Mode Change Requirements
Requirements the transition from mode mi to the next mode mj must satisfy:
R1. When a Mode Change Request (MCR) has occurred, a transition from mode mi to mode mj must take place
R2. Continuing tasks belonging to both mode mi and mode mj are permitted
R3. A mix of old tasks from mode mi and new tasks from mode mj must not be concurrently active
R4. All real-time requirements of the system must be met (deadlines, periods, etc.)
R5. The mode changes of the system must happen within a bounded time δt
![Page 63: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/63.jpg)
63
Mode Change Contract
C1. Each mode m in {m1,..,mn} has a fixed set of periodic or sporadic tasks τ(m) which are individually schedulable under a given scheduling discipline
C2. A specific event, MCR, is designated as request to change from a current mode mi to a new mode mj
C3. When a MCR occurs, the task set τ(mi) of the current mode mi remains active till a time-interval, Δt idle, within a delay δt(mi) after MCR, after which the task set τ(mj) of mode mj is active
C4. Periodic and sporadic tasks that occur in both mi and mj remain periodic and sporadic over the mode change
![Page 64: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/64.jpg)
64
![Page 65: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/65.jpg)
65
SC Java Programming Model
• Periodic/sporadic tasks with constant period, hard deadline, and known WCET
• Just a model:– Does not fit all control problems– Overly restrictive for many control problems
![Page 66: Towards Programming Safety Critical Systems in Java](https://reader035.fdocuments.in/reader035/viewer/2022081418/568145f5550346895db2fe3b/html5/thumbnails/66.jpg)
66
JSR 302
• Safety Critical Java Technology• This specification creates a J2ME capability,
based on the Real-Time Specification for Java (JSR-1), containing minimal features necessary for safety critical systems capable of certification, e.g., DO-178B