Real Time Java

A new, and for my opinion hot, topic. To get a University like start let's discuss on a very restricitve real-time Java system:

Safety Critical Java
Safety critical java is a Java specification request (JSR 302). The idea is to extend the usage of Java even for safety critical applications. that means the application AND the runtime system have to be certified. To achive this at the runtime system (JVM + library) a very simple and restrictive API should be used.

Overview

 * Periodic tasks and sporadic hardware/software events
 * No priorities, just time (period and deadline)
 * Three application phases:
 * Startup (Initialization)
 * Mission
 * Shutdown
 * No garbage collection (should be discussed)
 * Single scoped memory per thread (another discussion point)
 * Simple API, simple implementation
 * Not derived from the RTSJ
 * Implementable on top of the RTSJ

Criticism
Nokia voted Yes on the proposal but added the following comments: "Regarding JCP practices and relation to Java ME, it isn't clear if this JSR is proposing a new Java ME Configuration or Profile or is some kind of other specification to be used for possible future Configurations or Profiles. Section 2.6 states that this JSR will not assume the presence of a garbage collector, implying that it is a more limited environment than CLDC, the currently smallest Java ME Configuration."

Intel voted No on the proposal and added the following comments: "While we support the idea of a Java specification for safety critical systems, we believe that it is generally necessary for JSR to be clear about the kind of specification that will be generated, that is, a library, a configuration, or a profile. Therefore, we do not support approving this JSR in its current state.  We would like to see this JSR clarified in this regard and resubmitted."

Proposed API for Safety Critical Real-time Java
The following API is inspired by the Ravenscar profile for ADA and the derived work on Java (see 'missing references to R-ADA, Puschner/Wellings, RJ').

As a like it simple (personal opinion Schoeberl 22:20, 30 November 2006 (UTC)) here are the two classes that make up the API:

RtEvent
We use a single class to express all schedulable entities (periodic time-triggered, software event-triggered, and hardware event-triggered). Your real-time application has to extend this class.

package safetycritical; public abstract class RtEvent { /**    * A periodic real-time event, equivalent to a periodic thread * @param period * @param deadline * @param offset */   public RtEvent(int period, int deadline, int offset) { }   public RtEvent(int period, int deadline) { this(period, deadline, 0); }   public RtEvent(int period) { this(period, period, 0); }   /**     * A sporadic event with a minimum interarrival time * @param event * @param minInterval * @param deadline */   public RtEvent(String event, int minInterval, int deadline) { }   public RtEvent(String event, int minInterval) { this(event, minInterval, 0); }   /**     * The logic for the event. run gets invoked from the * scheduler either periodic, or on a hardware event or    * on a software event (fire): * @return true if ready for termination */   abstract protected boolean run; /**    * Gets invoked in the shutdown phase at the same period as     * run (instead of run). Invoked until return true. * @return true if shutdown is finished. */   protected boolean cleanup { return true; } }

RtSystem
This static class represents the real-time systems (similar to java.lang.System). Static methods provide the change between the different phases of the application.

package safetycritical; public class RtSystem { private RtSystem { // no RtSystem object }   /**     * Starts the real-time system (the mission). * All periodic and sporadic RT-events are scheduled. *    */    public static void start { }   /**     * Stop the real-time system (mission). When the event run method returns * true the cleanup methods are invoked until returning true * for a clean shutdown. *    */    public static void stop { }   /**     * Schedule a software event. * @param event */   public static void fire(String event) { }   /**     * Schedule a software event. * TODO: decide on which version is better: String or RtEvent * @param re    */ public static void fire(RtEvent re) { }   /**     * Return the elapsed time from system startup in micro seconds. * Wraps around all 4295 seconds. *    * @return */   public static int currentTimeMicro { } }

Examples
A few short examples how to use the proposed API:

package safetycritical.examples; import safetycritical.RtEvent; import safetycritical.RtSystem; public class TwoPeriodic { /** 	 * @param args */ 	public static void main(String[] args) { new RtEvent(1000000) { protected boolean run { System.out.println("P1"); return true; }		 		}; 		new MyEvent; RtSystem.start; } } class MyEvent extends RtEvent { int counter; public MyEvent { super(2000000); counter = 0; } 	protected boolean run { System.out.println("P2"); ++counter; if (counter==5) { RtSystem.stop; } 		return true; } 	protected boolean cleanup { System.out.println("cleanup invoked!"); return true; } }

package safetycritical.examples; import safetycritical.RtEvent; import safetycritical.RtSystem; public class PeriodicSporadic { /** 	 * @param args */ 	public static void main(String[] args) { new RtEvent("SWEVENT", 1000000) { protected boolean run { System.out.println("SW event fired"); return true; }		 		}; 		new MyPeriodic; RtSystem.start; } } class MyPeriodic extends RtEvent { int counter; public MyPeriodic { super(1000000); counter = 0; } 	protected boolean run { System.out.println("P2"); ++counter; if (counter%2==1) { RtSystem.fire("SWEVENT"); } 		if (counter==10) { RtSystem.stop; } 		return true; } 	protected boolean cleanup { System.out.println("cleanup invoked!"); return true; } }

Implementation
A prototype of the API is implemented on JOP. You can play around, without any real-time guarantees, with this API on the simulation of JOP (JopSim).

TODO
Discuss following issues:


 * Scoped memory
 * Critical sections (PCP or even interrupt disabling)
 * Shutdown needs probably a two-phase commit