A Methodology and Tool Support for Generating Scheduled Native Code for Real-Time Java Applications
Summary (3 min read)
1 Introduction
- Current trends in industry are leading towards the use of Java [5] as a programming language for implementing embedded and real-time applications.
- Among such work, the authors should mention the Real-Time Specification for Java [11], and the Real-Time Core Extension for the Java Platform [12], that provide support for real-time programming (timers, clocks, handlers, priorities, . . . ).
- The semantics proposed by the profile do not fit the needs of applications that would demand alternative scheduling and synchronization paradigms, and handling quality of service requirements.
- Its execution time is between 5ms and 6ms.
- Section 3 explains the scheduler architecture and execution semantics, while section 4 describes their methodology for synthesizing an application-dependent scheduler.
2 Model Generation
- The authors consider real-time Java applications made up of a fixed number of threads that synchronize and communicate through a fixed set of global shared objects.
- Large blocks of source code or to specific statements, such as:lock (corresponding to the Java-bytecodemonitorEnter ), unlock (monitorExit ), wait, waitTimed (the Javawait method with a timeout parameter), andwaitForPeriod (the method of the classPeriodicThread in the Expresso profile, which blocks a thread until its next period).
- This is done to keep the synchronization context consistent during the model extraction process.
- The fact that the threadTh holds the lock ofO is recorded by adding{O} to theΣ of thesynchronized statement.
- These graph-rewrite rules allow us to obtain an extended automaton at the desired level of abstraction for each application thread.
3.1 Architecture
- The architecture of the schedulers the authors synthesize consists of two three-layered stacks [7], as shown in Fig.
- The left stack selects a thread for execution.
- The reason for this is that the threads which will be notified (if any) cannot ever be selected for execution.
- The middle layerSafe-Notif, calculates the subsetSnotif of Rnotif consisting of those threads which, if notified, will not cause the system to enter into a deadlock state or to miss a deadline.
- In choosing a QoS policy (or policies, since these are composable) the designer can balance between the execution time and extra memory space needed by the policy and the gains to the overall system quality the particular policy can offer.
3.2 Semantics
- The model of the system the authors construct is the parallel composition of:(i) an automaton which is responsible for advancing time and firing timeouts,(ii) one automaton for each of the application threads, and(iii) two more automata, for theQoS-Execand theQoSNotif scheduler layers respectively.
- The application automata are those obtained from the Java source code, appropriately annotated with the timing constraints modeling the execution times of the code that has been abstracted away.
- The system goes through three different modes of execution, as shown in Fig. 5(c).
- In the “Time Only” mode (whereExecSchedEnabled = Notif SchedEnabled = true) the automaton responsible for advancing time and firing timeouts (shown in Fig. 5(a)) is the sole automaton enabled in the system and it can fire one or more timeouts, if any is enabled, corresponding to the expiration of awaitTimed orwaitForPeriod.
- If a timeout is fired then the execution mode changes to “Schedulers Only” (where ExecSchedEnabled= ¬Notif SchedEnabled), so that their scheduler can handle it.
4 Scheduler Synthesis
- In order to synthesize theSafe-ExecandSafe-Notifscheduler layers, the authors first construct the set of reachable states and, thus, identify the deadlocks.
- These are the states where the application threads are deadlocked, or the states where some thread has missed its deadline or period (since in that case the authors block the system explicitly).
- The existence of these states indicates that the predicate the authors are currently using to describe the setSexec (resp.Snotif ) needs to be constrained even further.
- Having obtained the deadlocked states, the authors do a backwards traversal of the whole state space starting from the deadlocked states, until they reach a state which corresponds to a choice of one of the scheduler automata.
- There, the authors identify the choiceTExec = ti which allowed the path leading to a deadlock state(s) and create a new constraint for the layerSafe-Exec(resp. Safe-Notif).
4.1 State-Space Reduction and Application Analysis
- Even though the basic idea of synthesizing theSafe-ExecandSafe-Notifscheduler layers is simple, it is evident that in practice it suffers from the state explosion problem.
- The authors then apply the synthesis algorithm again on the parallel composition of the already constrained models.
- The authors examine theuntimed model (U) of the system and search for constraints which can guarantee theabsence of deadlocks.
- Once the authors can indeed safely schedule the system under the hypothesis that threads are never preempted, then they can use the constraints obtained during this step toreduce even furtherthe state space that they have to construct and analyze when they do allow threads to be preempted.
- Therefore, if the authors wish their scheduler to always make a decision which issafe, then theSexec set of thisequivalence classof states should be theintersectionof theSexec sets of the states which belong to the same equivalence class.
5 Scheduler Implementation
- Once the scheduler has been synthesized using the model, it has to be implemented and integrated with the code generated by the TurboJ compiler.
- The application-level scheduler is implemented on top of an accompanying runtime library, which offers an implementation in native code of the aforementioned statements and methods.
- Finally, the authors use three different priority levels, namely,BLOCKED , EXEC & SUPER (from lowest to highest) and theSCHED_FIFOPOSIX scheduling policy (i.e., priority based, FIFO, non-preemptive execution of tasks having the same priority).
- J_Scheduler calls the function Synthesized_Predicates (generated by the synthesis tool) passing it the current labels of all the application threads.
- This final action releasessched mx just before blocking, thus allowing the notified threadtn to resume execution.
6 Conclusions
- The authors have presented a complete application-driven scheduler synthesis chain that allows to automatically generate native code for embedded real-time systems based on Java.
- In addition, it allows one to substitute RMA/EDF & PCP with a scheduler which is still safe but not as pessimistic and which can be easily extended with QoS scheduling policies.
- The authors are not aware of any other similar chain.
- The full integration of the model- generation and scheduler-synthesis tools with the compiler is under test as it requires a close collaboration with the TurboJ development team.
Did you find this useful? Give us your feedback
Citations
246 citations
Cites background from "A Methodology and Tool Support for ..."
...Nevertheless, its key features, such as combination of behavior and priorities and the resulting advantages in composability and compositionality, have already been positively assessed in some non-trivial applications [18] and [12]....
[...]
43 citations
Cites background from "A Methodology and Tool Support for ..."
..., [29]) to make decisions based on available memory resources and the memory-consumption estimates....
[...]
29 citations
Cites background from "A Methodology and Tool Support for ..."
...In closely related work, [17, 16] study the synthesis of code-aware managers for Java....
[...]
...This analysis is not present in some recent work on code-aware schedulers [17, 16], a circumstance that prevents those schemes from addressing the problem of progress (or absence of starvation), C compiler C compiler...
[...]
29 citations
26 citations
References
121 citations
103 citations
"A Methodology and Tool Support for ..." refers background in this paper
..., [10,17]) to generate executable code for a run-time system and to provide a native implementation of the real-time primitives....
[...]
90 citations
"A Methodology and Tool Support for ..." refers background in this paper
...In order to obtain more precise semantics, domain-specific profiles have also been defined, such as the Ravenscar-Java [8] high-integrity profile for safety-critical systems....
[...]
...Besides, we have a non-POSIX prototype implementation overCos that uses alarms and alarm handlers, thus allowing us to support deadline and period miss handlers as proposed by the RTSJ, but disallowed by the Expresso and the Ravenscar-Java profiles....
[...]
...Our work is based on the two/three-phase execution model and API of the Expresso High-Integrity Profile [4], which itself inherits concepts from the Ravenscar-Java profile and the RTSJ API....
[...]
60 citations
"A Methodology and Tool Support for ..." refers methods in this paper
...Following [13], we first extract a formal model of the behavior of the application program as an extended automaton (see Fig....
[...]
41 citations
"A Methodology and Tool Support for ..." refers methods in this paper
...1 Architecture The architecture of the schedulers we synthesize consists of two three-layered stacks [7], as shown in Fig....
[...]