Tomas Kalibera
ABSTRACT
With traditional testing, the test case has no control over non-deterministic scheduling decisions, and thus errors dependent on scheduling are only found by pure chance. Java Path Finder (JPF) is a specialized Java virtual machine that can systematically explore execution paths for all possible schedulings, and thus catch these errors. Unfortunately, execution-based model checkers, including JPF, cannot be easily adapted to support real-time programs.
We propose a scheduling algorithm for JPF which allows testing of Safety Critical Java (SCJ) applications with periodic event handlers at SCJ levels 0 and 1 (without aperiodic event handlers). The algorithm requires that deadlines are not missed and that there is an execution time model that can give best- and worst-case execution time estimates for a given program path and specific program inputs.
Our implementation, named RSJ, allows to search for scheduling dependent memory access errors, certain invalid argument errors, priority ceiling emulation protocol violations, and failed assertions in application code in SCJ programs for levels 0 and 1. It uses the execution time model of the Java Optimized Processor (JOP). We test our tool with Collision Detector and PapaBench application benchmarks. We provide an SCJ version of the C PapaBench benchmark, which implements an autopilot that has flown real UAVs.
- Java Path Finder. http://babelfish.arc.nasa.gov/trac/jpf/, 2010.Google Scholar
- Paparazzi: The free autopilot. http://paparazzi.enac.fr/, 2010.Google Scholar
- Walter Binder, Martin Schoeberl, Philippe Moret, and Alex Villazon. Cross-profiling for Java processors. Soft. Pract. Exp., 39/18, 2009. Google ScholarDigital Library
- Greg Bollella, James Gosling, Benjamin Brosgol, Peter Dibble, Steve Furr, and Mark Turnbull. The Real-Time Specification for Java. Addison-Wesley, 2000. Google ScholarDigital Library
- Chandrasekhar Boyapati, Alexandru Salcianu, William Beebee, Jr., and Martin Rinard. Ownership types for safe region-based memory management in real-time java. SIGPLAN Not., 38(5), 2003. Google ScholarDigital Library
- S. R. Chidamber and C. F. Kemerer. A metrics suite for object oriented design. IEEE Trans. Soft. Eng., 20(6), 1994. Google ScholarDigital Library
- EUROCAE ED-12B software considerations in airborne systems and equipment certification, 1992.Google Scholar
- Patrice Godefroid. Model checking for programming languages usingVeriSoft. In Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages (POPL), 1997. Google ScholarDigital Library
- Trevor Harmon. Interactive Worst-case Execution Time Analysis of Hard Real-time Systems. PhD thesis, University of California, Irvine, 2009. Google ScholarDigital Library
- Thomas Henties, James Hunt, Doug Locke, Kelvin Nilsen, Martin Schoeberl, and Jan Vitek. Java for safety-critical applications. In Certification of Safety-Critical Software Controlled Systems (SafeCert), 2009.Google Scholar
- Ranjit Jhala and Rupak Majumdar. Software model checking. ACM Comput. Surv., 41(4), 2009. Google ScholarDigital Library
- Tomas Kalibera, Jeff Hagelberg, Filip Pizlo, Ales Plsek, Ben Titzer, and Jan Vitek. CDx: A family of real-time Java benchmarks. In Proceedings of the International Workshop on Java Technologies for Real-time and Embedded Systems (JTRES), 2009. Google ScholarDigital Library
- Tomas Kalibera, Pavel Parizek, Ghaith Haddad, Gary T. Leavens, and Jan Vitek. Challenge benchmarks for verification of real-time programs. In Proceedings of the 4th ACM SIGPLAN workshop on Programming languages meets program verification (PLPV), 2010. Google ScholarDigital Library
- Kim Guldstrand Larsen, Paul Pettersson, and Wang Yi. Uppaal in a nutshell. STTT, 1(1--2), 1997.Google Scholar
- Gary Lindstrom, Peter C. Mehlitz, and Willem Visser. Model checking real time Java using Java PathFinder. In Proceedings of Automated Technology for Verification and Analysis, Third International Symposium (ATVA), 2005. Google ScholarDigital Library
- Madanlal Musuvathi, David Y. W. Park, Andy Chou, Dawson R. Engler, and David L. Dill. CMC: a pragmatic approach to model checking real code. SIGOPS Oper. Syst. Rev., 36(SI), 2002. Google ScholarDigital Library
- Madanlal Musuvathi and Shaz Qadeer. Iterative context bounding for systematic testing of multithreaded programs. SIGPLAN Not., 42(6), 2007. Google ScholarDigital Library
- Fadia Nemer, Hugues Cassé, Pascal Sainrat, Jean Paul Bahsoun, and Marianne De Michiel. Papabench: a free real-time benchmark. In Proceedings of 6th International Workshop on Worst-Case Execution Time Analysis (WCET), 2006.Google Scholar
- Pavel Parizek, Tomas Kalibera, and Jan Vitek. Model checking real-time Java. Technical Report 1, Dept. of Distributed and Dependable System, Charles University, http://d3s.mff.cuni.cz/publications/rtJavaChecking.pdf, 2010.Google Scholar
- Software considerations in airborne systems and equipment certification, 1992.Google Scholar
- Martin Schoeberl. A time predictable instruction cache for a Java processor. In Proceedings of the International Workshop on Java Technologies for Real-Time and Embedded Systems (JTRES), 2004.Google ScholarCross Ref
- Martin Schoeberl. Evaluation of a Java processor. In Tagungsband Austrochip 2005, Vienna, Austria, 2005.Google Scholar
- Martin Schoeberl. Application experiences with a real-time Java processor. In Proceedings of the 17th IFAC World Congress, 2008.Google ScholarCross Ref
- Martin Schoeberl. A Java processor architecture for embedded real-time systems. J. Sys. Arch., 54/1--2, 2008. Google ScholarDigital Library
- Martin Schoeberl, Thomas B. Preusser, and Sascha Uhrig. The embedded Java benchmark suite JemBench. In Proceedings of the International Workshop on Java Technologies for Real-time and Embedded Systems (JTRES), 2010. Google ScholarDigital Library
- Martin Schoeberl, Wolfgang Puffitsch, Rasmus Ulslev Pedersen, and Benedikt Huber. Worst-case execution time analysis for a Java processor. Soft. Pract. Exp., 40/6, 2010. Google ScholarDigital Library
- D. D. Spinellis. ckjm - A Tool for Calculating Chidamber and Kemerer Java Metrics. http://gromit.iiar.pwr.wroc.pl/p_inf/ckjm/, 2009.Google Scholar
- Stavros Tripakis and Costas Courcoubetis. Extending Promela and Spin for real time. In Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems(TACAS), 1996. Google ScholarDigital Library
- Willem Visser, Klaus Havelund, Guillaume P. Brat, Seungjoon Park, and Flavio Lerda. Model checking programs. Autom. Softw. Eng., 10(2), 2003. Google ScholarDigital Library
- Sergio Yovine. Kronos: A verification tool for real-time systems. STTT, 1(1--2):123--133, 1997.Google Scholar
- Tian Zhao, James Noble, and Jan Vitek. Scoped types for real-time java. In Proceedings of the 25th IEEE International Real-Time Systems Symposium (RTSS), 2004. Google ScholarDigital Library
Index Terms
- Exhaustive testing of safety critical Java
Recommendations
A Safety-Critical Java Technology Compatibility Kit
JTRES '14: Proceedings of the 12th International Workshop on Java Technologies for Real-time and Embedded SystemsIn order to claim conformance with a given Java Specification Request (JSR), a Java implementation has to pass all tests in an associated Technology Compatibility Kit (TCK). This paper presents development of test cases and tools for the draft Safety-...
Tools to generate and check consistency of model classes for Java PathFinder
Java PathFinder (JPF) is a model checker for Java applications. Like any other model checker, JPF has to combat the notorious state space explosion problem. Since JPF is a JVM, it can only model check Java bytecode and needs to handle native calls ...
Model-based schedulability analysis of safety critical hard real-time Java programs
JTRES '08: Proceedings of the 6th international workshop on Java technologies for real-time and embedded systemsIn this paper, we present a novel approach to schedulability analysis of Safety Critical Hard Real-Time Java programs. The approach is based on a translation of programs, written in the Safety Critical Java profile introduced in [21] for the Java ...
Comments