HVMTP: A Time Predictable and Portable Java Virtual Machine for Hard Real-Time Embedded Systems
JTRES 2014
Kasper Søe Luckow1 Bent Thomsen1 Stephan Erbs Korsholm2
1Department of Computer Science
Aalborg University Denmark
2VIA University College
Horsens Denmark
17 2 Introduction HVMTP Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Motivation
I WCET analysis necessitates that the temporal behavior of
the execution environment can be analysed
I Java Optimized Processor1
I Hardware Java Virtual Machine
I Execution times of the Java Bytecodes can be predicted
I This work addresses:
I Software Java Virtual Machine
I (Commodity) embedded hardware
1
3 Introduction HVMTP Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Contributions
I Time-predictable, software Java Virtual Machine
I Temporal behavior of Java Bytecodes can be modeled and
analysed
I HVMTP
I Accompanying tool support
I TETASARTSJVM
17 Introduction 4 HVMTP Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
HVM
TP
at a Glance
SCJ Application HVM-SCJ Icecap SDK HVM VM InterfaceHW CPU Clock Memory
HW Interface
... Interrupts I/O
I Based on the Hardware near Virtual Machine (HVM)2
I Java-to-C compiler
I ICECAP-TOOLS
I Supports (iterative) interpretation
I Ahead-Of-Time compilation
I Tailors and optimises HVM for the hosted program
I Requirements: 256 kB flash and 20 kB RAM
I Self-contained (runs on bare metal), ANSI C
I ARM, AVR, x86, cr16c, . . .
2
Introduction HVMTP 5 Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Time-Predictability of HVM
TP
I Time-predictability is possible byI Harnessing the SCJ programming model
I HVMTPimplements SCJ Level 1
I Harnessing information obtained statically (ICECAP-TOOLS)
I This work focuses on the iterative interpreter (constant
time stages)
I Many Java Bytecodes from HVM are time-predictable
I Re-design comprises
I Object allocation
I Exceptions
I Method invocation
I Type checking of reference types
17 Introduction HVMTP 6 Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Object Allocation
I HVM performs zeroing at allocation time
I Linear time operation
I In HVMTPthe heap structure is zeroed at Safelet
initialisation
I Zeroing happens when scoped memory is exited
I Performed in Java space using native variables
Introduction HVMTP 7 Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Exceptions
I SCJ permits exception objects to be pre-allocated before
entering a time critical phase
I ICECAP-TOOLSapproximates the set of exceptions that can be thrown
I E.g. athrow and idiv
I Exception handler is located in the call stack (linear time)
I Maximum call stack depth is estimated by ICECAP-TOOLS
I Reconstructs call graph
17 Introduction HVMTP 8 Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Method Invocation
1case INVOKEVIRTUAL_OPCODE: {2 constMethodInfo*mInfo;
3 signed shortexcep;
4 mInfo= findMethodInfo(&sp[top] , &
method_code[pc] ) ; 5 excep=methodInterpreter(mInfo, &sp[top]);
6 / / . . .
7 }
Listing 1 :Originalinvokevirtual.
1case INVOKEVIRTUAL_OPCODE: { 2 / / . . .
3 unsigned shortpc =method_code−(
unsigned char * )
pgm_read_pointer(&method−>code,
unsigned char* * ) ;
4 fp=pushStackFrame(mInfo, method, pc, fp, sp);
5 method= mInfo; 6 / / . . .
7 }
Listing 2 :Using stack frames.
I The HVM employed recursion
I Difficult to analyse and model
I HVMTPimplements a call stack
I HVMTPattempts to devirtualise call sites (using VTA)
I Method dispatch at virtual call sites (invokevirtualand
invokeinterface)
I Treated (almost) equally for simplicity
I Consult method tables ofobjectref’s class and superclasses
I Bounded by maximum height of class hierarchy
I (Obvious) future work: generate dispatch table
Introduction HVMTP 9 Design Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Type Checking Reference Types
I The HVM iteratively consultsobjectref’s class and
superclasses
I HVMTPexploits availability of the class hierarchy at
HVMTPconstruction time
I A bit matrix is constructed with entries denoting the type
17 Introduction HVMTP Design 10 Tools TETASARTSJVM TETASARTSTS Results Conclusion Future Work
Tool Support
I Tools for HVMTP: I TETASARTSJVM I TETASARTSTSIntroduction HVMTP Design Tools 11 TETASARTSJVM TETASARTSTS Results Conclusion Future Work
T
ETA
SARTS
JVM
1case I2L_OPCODE: { 2# i f d e f i n e d (INSTRUMENT) 3 BEGIN_JBC(I2L_OP) ; 4# e n d i f 5 int32 lsb= *(−−sp) ; 6 i f(lsb< 0 ) { 7 *sp++ =−1; 8 } else { 9 *sp++ = 0x0; 10 } 11 *sp++ =lsb; 12 method_code++; 13# i f d e f i n e d (INSTRUMENT) 14 END_JBC(I2L_OP) ; 15# e n d i f 16 } Listing 3 :i2l. fetch! fetch! fetch! fetch! fetch! fetch! fetch! fetch! sbci_38 subi_37 movw_91 subi_92 ldd_33 movw_36 and_34 brge_35 asm_inst = asm_ldd asm_inst = asm_brge asm_inst = asm_subi asm_inst = asm_movw asm_inst = asm_subi asm_inst = asm_and asm_inst = asm_movw asm_inst = asm_brge sbci_93Figure :Excerpt of TA fori2l.
I Generates a JVM Timing Model
I Timed Automata (TA) (UPPAAL3model checker)
I Executable is instrumented
I Loop bounds provided comment-style
17 Introduction HVMTP Design Tools 12 TETASARTSJVM TETASARTSTS Results Conclusion Future Work
T
ETA
SARTS
JVM
Cont’d
Figure :Fetch and execute TA from METAMOC4.
I Composition with HW TA yields the JVM Timing Model
I Verification of properties (TCTL)
I E.g. estimate execution times of the Java Bytecodes
4
Introduction HVMTP Design Tools TETASARTSJVM 13 TETASARTSTS Results Conclusion Future Work
T
ETA
SARTS
TS
I TETASARTSTSgenerates a timing scheme from the JVM
Timing Model
I A timing scheme captures an abstract timing model of the
execution environment
17 Introduction HVMTP Design Tools TETASARTSJVM 14 TETASARTSTS Results Conclusion Future Work
The Big Picture
TetaSARTSJVM JVM Src JVM Executable (AVR/ ARM/...) JVM Timing Model (Network of Timed Automata) TetaSARTSanalyser TetaSARTSTS JVM Timing Model (BCET and WCET)
Schedulability WCRT WCET Blocking Time ... Analysis Result SCJ Application
Introduction HVMTP Design Tools TETASARTSJVM TETASARTSTS 15 Results Conclusion Future Work
Results
I Constructing complete JVM Timing Model: 16s
I Generating a timing scheme forallJava Bytecodes:
I ∼4.5hours(without exception handling)
I ∼5days(with exception handling)
I Application-dependent Java Bytecodes:
I Only these must be re-analysed if the program is modified
I 13 (without exception handling)
I 47 (with exception handling)
I In reality, only a subset of the Java Bytecodes are used
I The Minepump uses 49 distinct Bytecodes→5s(JVM
Timing Model) and 6m(timing scheme)
I Only two Java Bytecodes are application-dependent
17 Introduction HVMTP Design Tools TETASARTSJVM TETASARTSTS 16 Results Conclusion Future Work
Results Cont’d
Bytecode TETASARTSTS Measured
BCET WCET Avg Low High i2l 129 136 130 130 130 aload_* 79 79 79 79 79 new 469 1715 1568 1568 1568 ireturn 505 1080 893 865 976 invokespecial 501 977 710 639 772 iinc 191 194 192 192 192
Times are represented in clock cycles.
I Simulation on Atmel AVR
I Measurements obtained from Atmel Studio 6
Introduction HVMTP Design Tools TETASARTSJVM TETASARTSTS Results Conclusion 17 Future Work
Future Work
I Further improve HVMTP I E.g.invokevirtualI Improve precision of JVM Timing Model
I CFG contains both feasible and infeasible execution paths
I Symbolic execution
I Evaluate analysis approach on other (and more complex)