Java in sicherheits-kritischen Systemen: Das HIJA-Profil



Similar documents
Antonio Kung, Trialog. HIJA technical coordinator. Scott Hansen, The Open Group. HIJA coordinator

Java Environment for Parallel Realtime Development Platform Independent Software Development for Multicore Systems

aicas Technology Multi Core und Echtzeit Böse Überraschungen vermeiden Dr. Fridtjof Siebert CTO, aicas OOP 2011, 25 th January 2011

Realtime Java. Christoph Neijenhuis

General Introduction

Integrated Development of Distributed Real-Time Applications with Asynchronous Communication

How To Write A Multi Threaded Software On A Single Core (Or Multi Threaded) System

Reasoning about Safety Critical Java

Validating Java for Safety-Critical Applications

Practical Performance Understanding the Performance of Your Application

Facing the Challenges for Real-Time Software Development on Multi-Cores

CSCI E 98: Managed Environments for the Execution of Programs

2 Introduction to Java. Introduction to Programming 1 1

Java Mission Control

Interpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters

Unified Static and Runtime Verification of Object-Oriented Software

Constant-Time Root Scanning for Deterministic Garbage Collection

What s Cool in the SAP JVM (CON3243)

Know or Go Practical Quest for Reliable Software

Formal Specification and Verification of Avionics Software

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Monitoring and Managing a JVM

Identifying Performance Bottleneck using JRockit. - Shivaram Thirunavukkarasu Performance Engineer Wipro Technologies

Java Programming. Binnur Kurt Istanbul Technical University Computer Engineering Department. Java Programming. Version 0.0.

Restraining Execution Environments

Resource Aware Scheduler for Storm. Software Design Document. Date: 09/18/2015

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

Debugging Java performance problems. Ryan Matteson

SSC - Concurrency and Multi-threading Java multithreading programming - Synchronisation (I)

Effective Java Programming. measurement as the basis

University of Dayton Department of Computer Science Undergraduate Programs Assessment Plan DRAFT September 14, 2011

Crash Course in Java

VDM vs. Programming Language Extensions or their Integration

VoiceXML Data Logging Overview

Chapter 3 Operating-System Structures

Tuning WebSphere Application Server ND 7.0. Royal Cyber Inc.

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

picojava TM : A Hardware Implementation of the Java Virtual Machine

Java Troubleshooting and Performance

Shared Address Space Computing: Programming

Monitoring Java enviroment / applications

NetBeans Profiler is an

Rootbeer: Seamlessly using GPUs from Java

Tutorial: Getting Started

Precise and Efficient Garbage Collection in VMKit with MMTk

An Oracle White Paper September Advanced Java Diagnostics and Monitoring Without Performance Overhead

Lua as a business logic language in high load application. Ilya Martynov ilya@iponweb.net CTO at IPONWEB

Performance Tools for Parallel Java Environments

Rigorous Software Development CSCI-GA

Port of the Java Virtual Machine Kaffe to DROPS by using L4Env

MAC A Run Time monitoring and checking tool

Cloud Computing. Up until now

Replication on Virtual Machines

WebSphere Architect (Performance and Monitoring) 2011 IBM Corporation

Certification of a Scade 6 compiler

AN AES encryption and decryption software on LPC microcontrollers. Document information

Formal verification of contracts for synchronous software components using NuSMV

Zing Vision. Answering your toughest production Java performance questions

Application Performance in the Cloud

Operating Systems and Networks

Java Coding Practices for Improved Application Performance

Verum white paper study ASD SaaS Business Case for Philips Healthcare

Abstract Interpretation-based Static Analysis Tools:

Tool - 1: Health Center

Oracle JRockit Mission Control Overview

Applying RAMS Principles to the Development of a Safety-Critical Java Specification. broad issues: reliability, availability, maintainability,

Production time profiling On-Demand with Java Flight Recorder

Profiling Java Applications. Kostis Kapelonis - Agilis SA

Preferred citation style for this presentation

Design Pattern for the Adaptive Scheduling of Real-Time Tasks with Multiple Versions in RTSJ

Comp 411 Principles of Programming Languages Lecture 34 Semantics of OO Languages. Corky Cartwright Swarat Chaudhuri November 30, 20111

To Java SE 8, and Beyond (Plan B)

Advances in Programming Languages

Threads Scheduling on Linux Operating Systems

Cloud Monitoring. A challenging Application for Complex Event Processing. Bastian Hoßbach, Bernhard Seeger. ETH Zürich October 7, 2011

How To Develop An Open Play Context Framework For Android (For Android)

The Java Virtual Machine and Mobile Devices. John Buford, Ph.D. Oct 2003 Presented to Gordon College CS 311

IBM SDK, Java Technology Edition Version 1. IBM JVM messages IBM

PC Based Escape Analysis in the Java Virtual Machine

Optimizing Generation of Object Graphs in Java PathFinder

Free Java textbook available online. Introduction to the Java programming language. Compilation. A simple java program

Angelika Langer The Art of Garbage Collection Tuning

Free Java textbook available online. Introduction to the Java programming language. Compilation. A simple java program

Understanding Hardware Transactional Memory

Secure Software Programming and Vulnerability Analysis

Java Virtual Machine Locks

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

Lecture 03 ( ) Quality of the Software Development Process

OpenACC 2.0 and the PGI Accelerator Compilers

AN OSEK/VDX-BASED MULTI-JVM FOR AUTOMOTIVE APPLIANCES

introduction to program monitoring

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

Performance Testing of Java Enterprise Systems

Monday, April 8, 13. Creating Successful Magento ERP Integrations

Performance Analysis and Visualization of SystemC Models. Adam Donlin and Thomas Lenart Xilinx Research

Monitors, Java, Threads and Processes

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

How to create/avoid memory leak in Java and.net? Venkat Subramaniam

Enterprise Manager Performance Tips

SQL Server 2012 Optimization, Performance Tuning and Troubleshooting

Transcription:

Java in sicherheits-kritischen Systemen: Das HIJA-Profil... Korrektheitsnachweis für (echtzeit-) Java Anwendungen Dr. Fridtjof Siebert Director of Development, aicas GmbH Java Forum, Stuttgart, 7. Juli 2005

Java in sicherheits-kritischen Systemen: Das HIJA-Profil Who is aicas GmbH? Founded in March 2001 in Karlsruhe, Germany Products: Realtime Java implementations Today: 18 employees, offices in Karlsruhe (D), Berlin (D) and New Haven/CT (USA)

Java in sicherheits-kritischen Systemen: Das HIJA-Profil HIJA-Project: High-Integrity Java Project overview: 6th FP EC-funded project started June '04 duration: 27 months, until Aug'06 Project coordinator: The Open Group

HIJA-Project Project partners:

Java in sicherheits-kritischen Systemen: Das HIJA-Profil Project Overview Goals Identify suitable computational models Contribute to functional and nonfunctional analysis Develop profile based reference implementations Work based on results of earlier projects: HIDOORS, AJACS, Expresso, KeY, etc.

Java in sicherheits-kritischen Systemen: Das HIJA-Profil Project Overview Three main profiles are defined: All are subsetting the Java language, standard APIs and Realtime Specification for Java (RTS) Safety-Critical profile certification up to the highest criticality level (DO178B-A). Business-Critical applications Flexible Dynamic Systems (OSGi, etc.)

Java in sicherheits-kritischen Systemen: Das HIJA-Profil HIJA SC-Java Profile Guiding Principles: Conservative Approach no concepts that go too far for SC community Do not fragment the market: Base specification on standard Java and RTSJ SC-Java programs should run on any RTSJ JVM Use of annotations for off-line checking

Java in sicherheits-kritischen Systemen: Das HIJA-Profil Safety-Critical Profile Severe restrictions on Java and RTSJ: Clear distinction: initialization phase, mission phase No dynamic loading, thread creation, etc. during mission phase No GC Strict Partitioning: Memory: Local memory area for each task CPU utilization Use of annotations to document correctness of classes

Java in sicherheits-kritischen Systemen: Das HIJA-Profil Business-Critical Profile Relaxations compared to safety-critical profile: no distinction of phases (initialization vs. mission) dynamic features (GC, thread creation, etc.) permitted for non-critical tasks Strict Partitioning for critical tasks: Memory: Local memory area for each task CPU utilization Use of tools to proof correctness of critical tasks

Java in sicherheits-kritischen Systemen: Das HIJA-Profil HIJA Tools: Tools for correctness proof of application: DFA analysis to proof absence of runtime errors Formal verification using JML annotations (KeY) Model-Checker based tools to verify distributed system and multi-threading

HIJA Tool Chain Java in sicherheits-kritischen Systemen: Das HIJA-Profil Annotated Java Code Auxilary Annotations Network Analyzer javac Schedule Analyzer Model Checker *.class Data Flow Analyzer KeY Annotation Parser/Editor Builder Flow Information Annotation Checker WC Memory Usage Analyzer Constraints Executable WC Execution Time Analyzer Runtime Monitoring

Java in sicherheits-kritischen Systemen: Das HIJA-Profil HIJA Tools: DFA Start with the following calls = { main() (set of calls) values = { (set of variables value) Iterate do { calls := calls {m c calls "m()" c values := values { (a,x) : c calls "a = new X()" c) { (a,v) : c calls "a = b" c (b,v) values until fix point is reached;

Java in sicherheits-kritischen Systemen: Das HIJA-Profil HIJA Tools: DFA Difficulties that need to be managed Analysis accuracy has to be high enough Analysis effort must not explode for non-trivial applications Solution Store context information with each value and call Reduce context information for types that cause explosion

HIJA Tools: DFA... new Thread() { public void run() { synchronized(o1) { synchronized (o2) {.start(); new Thread() { public void run() { synchronized(o2) { synchronized (o1) {.start();...

Example DFA results > jamaica test -dfa NEEDEDSYNCS : 17 (17 locations out of 326) DEADLOCKS : 2 (2 locations out of 326) SCOPE CYCLES : 0 (0 locations out of 0) ILLEGAL ASSIGNMENTS : 0 (0 locations out of 167) CLASSCAST EXCEPTIONS : 0 (0 locations out of 33) ARRAY STORE EXCEPTIONS : 0 (0 locations out of 18) NULL POINTER EXCEPTIONS: 0 (0 locations out of 953) STACK USE: 1264 FOR THREAD: java/lang/finalizerthread STACK USE: 104 FOR THREAD: test$1: (test.java:6) STACK USE: 104 FOR THREAD: test$2: (test.java:14) STACK USE: 1764 FOR THREAD: INITIAL THREAD HEAP USE: 39680 FOR THREAD: java/lang/finalizerthread HEAP USE: 0 FOR THREAD: test$1: (test.java:6) HEAP USE: 0 FOR THREAD: test$2: (test.java:14) HEAP USE: 851200 FOR THREAD: INITIAL THREAD DFA DONE: 6431ms TRACED 334 VALUES and 1032 VALUE SETS.

HIJA Tools: KeY Formal verification using JML and KeY verifier private int[] array; public int size() { return array.length; public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* */ int size() { return array.length; /* */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* */ int size() { return array.length; /* public normal_behavior */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* pure */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* pure */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); assignable \nothing; */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* pure */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); assignable \nothing; ensures true; */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* pure */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); assignable \nothing; ensures true; also public exceptional_behavior */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* pure */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); assignable \nothing; ensures true; also public exceptional_behavior requires (index < 0) (index >= size()); */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* pure */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); assignable \nothing; ensures true; also public exceptional_behavior requires (index < 0) (index >= size()); assignable \nothing; */ public int getelement(int index) { return array[index];

HIJA Tools: Formal verification using JML and KeY verifier private int[] array; public /* pure */ int size() { return array.length; /* public normal_behavior requires (index >= 0) && (index < size()); assignable \nothing; ensures true; also public exceptional_behavior requires (index < 0) (index >= size()); assignable \nothing; signals (ArrayIndexOutOfBoundsException) true; */ public int getelement(int index) { return array[index];

Java in sicherheits-kritischen Systemen: Das HIJA-Profil Current Status: First phase completed: Requirements document finished Methodology handbook draft Design Documents finished Tools development has started, first prototypes running

Conclusion The RTSJ is now the established standard for realtime Java development. The HIJA project will permit to extend the application of RTSJ to safety- and business-critical applications. Complementary tools for correctness verification of applications are provided. Project homepage: www.hija.info. www.aicas.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information