HVM TP : A Time Predictable and Portable Java Virtual Machine for Hard Real-Time Embedded Systems JTRES 2014 Kasper Søe Luckow 1 Bent Thomsen 1 Stephan Erbs Korsholm 2 1 Department of Computer Science 2 VIA University College Aalborg University Horsens Denmark Denmark
Motivation 2 Introduction HVMTP Design ◮ WCET analysis necessitates that the temporal behavior of Tools the execution environment can be analysed T ETA SARTS JVM T ETA SARTS TS ◮ Java Optimized Processor 1 Results Conclusion ◮ Hardware Java Virtual Machine Future Work ◮ Execution times of the Java Bytecodes can be predicted ◮ This work addresses: ◮ Software Java Virtual Machine ◮ (Commodity) embedded hardware 1 http://www.jopdesign.com/ 17
Contributions 3 Introduction HVMTP Design Tools ◮ Time-predictable, software Java Virtual Machine T ETA SARTS JVM T ETA SARTS TS ◮ Temporal behavior of Java Bytecodes can be modeled and Results analysed Conclusion ◮ HVM TP Future Work ◮ Accompanying tool support ◮ T ETA SARTS JVM ◮ T ETA SARTS TS 17
HVM TP at a Glance SCJ Application Introduction Icecap SDK HVM-SCJ 4 HVMTP VM Interface Design HW Interface HVM Tools T ETA SARTS JVM T ETA SARTS TS HW Interrupts I/O ... CPU Clock Memory Results Conclusion Future Work ◮ Based on the Hardware near Virtual Machine (HVM) 2 ◮ Java-to-C compiler ◮ I CECAP - TOOLS ◮ Supports (iterative) interpretation ◮ Ahead-Of-Time compilation ◮ Tailors and optimises HVM for the hosted program ◮ Requirements: 256 kB flash and 20 kB RAM ◮ Self-contained (runs on bare metal), ANSI C ◮ ARM, AVR, x86, cr16c, . . . 2 http://icelab.dk/ 17
Time-Predictability of HVM TP Introduction ◮ Time-predictability is possible by HVMTP ◮ Harnessing the SCJ programming model 5 Design ◮ HVM TP implements SCJ Level 1 Tools T ETA SARTS JVM ◮ Harnessing information obtained statically (I CECAP - TOOLS ) T ETA SARTS TS Results ◮ This work focuses on the iterative interpreter (constant Conclusion time stages) Future Work ◮ Many Java Bytecodes from HVM are time-predictable ◮ Re-design comprises ◮ Object allocation ◮ Exceptions ◮ Method invocation ◮ Type checking of reference types ◮ . . . and a few others 17
Object Allocation Introduction HVMTP 6 Design ◮ HVM performs zeroing at allocation time Tools T ETA SARTS JVM ◮ Linear time operation T ETA SARTS TS Results ◮ In HVM TP the heap structure is zeroed at Safelet Conclusion Future Work initialisation ◮ Zeroing happens when scoped memory is exited ◮ Performed in Java space using native variables ◮ Variables in the HVM accessible in Java space 17
Exceptions Introduction HVMTP 7 Design ◮ SCJ permits exception objects to be pre-allocated before Tools entering a time critical phase T ETA SARTS JVM T ETA SARTS TS ◮ I CECAP - TOOLS approximates the set of exceptions that Results can be thrown Conclusion Future Work ◮ E.g. athrow and idiv ◮ Exception handler is located in the call stack (linear time) ◮ Maximum call stack depth is estimated by I CECAP - TOOLS ◮ Reconstructs call graph ◮ Recursion is not allowed 17
Method Invocation 1 case INVOKEVIRTUAL_OPCODE : { 1 case INVOKEVIRTUAL_OPCODE : { 2 / / . . . 2 const MethodInfo * mInfo ; 3 unsigned short pc = method_code − ( 3 signed short excep ; Introduction unsigned char * ) 4 mInfo = findMethodInfo (& sp [ top ] , & pgm_read_pointer (& method − > code , HVMTP method_code [ pc ] ) ; unsigned char * * ) ; 5 excep = methodInterpreter(mInfo, &sp[top]); 8 4 fp = pushStackFrame(mInfo, method, pc, fp, sp); Design 6 / / . . . 5 method = mInfo ; Tools 7 } 6 / / . . . T ETA SARTS JVM 7 } Listing 1 : Original invokevirtual . T ETA SARTS TS Listing 2 : Using stack frames. Results Conclusion ◮ The HVM employed recursion Future Work ◮ Difficult to analyse and model ◮ HVM TP implements a call stack ◮ HVM TP attempts to devirtualise call sites (using VTA) ◮ Method dispatch at virtual call sites ( invokevirtual and invokeinterface ) ◮ Treated (almost) equally for simplicity ◮ Consult method tables of objectref ’s class and superclasses ◮ Bounded by maximum height of class hierarchy ◮ (Obvious) future work: generate dispatch table ( invokevirtual ) 17
Type Checking Reference Types Introduction HVMTP 9 Design Tools ◮ The HVM iteratively consults objectref ’s class and T ETA SARTS JVM T ETA SARTS TS superclasses Results Conclusion ◮ HVM TP exploits availability of the class hierarchy at Future Work HVM TP construction time ◮ A bit matrix is constructed with entries denoting the type compatibility of ( x , y ) 17
Tool Support Introduction HVMTP Design 10 Tools T ETA SARTS JVM T ETA SARTS TS ◮ Tools for HVM TP : Results Conclusion ◮ T ETA SARTS JVM Future Work ◮ T ETA SARTS TS 17
T ETA SARTS JVM ldd_33 1 case I2L_OPCODE : { fetch! 2 # i f defined (INSTRUMENT) asm_inst = asm_ldd 3 BEGIN_JBC ( I2L_OP ) ; and_34 4 #endif Introduction fetch! 5 int32 lsb = *( −− sp ) ; asm_inst = asm_and 6 i f ( lsb < 0) { HVMTP brge_35 7 * sp ++ = − 1; Design 8 } else { fetch! fetch! asm_inst = asm_brge Tools 9 * sp ++ = 0 x0 ; asm_inst = asm_brge 10 } movw_91 movw_36 11 T ETA SARTS JVM 11 * sp ++ = lsb ; T ETA SARTS TS fetch! fetch! 12 method_code ++; asm_inst = asm_movw asm_inst = asm_movw Results 13 # i f defined (INSTRUMENT) subi_92 subi_37 14 END_JBC ( I2L_OP ) ; Conclusion 15 #endif fetch! fetch! Future Work asm_inst = asm_subi asm_inst = asm_subi 16 } sbci_93 sbci_38 Listing 3 : i2l . Figure : Excerpt of TA for i2l . ◮ Generates a JVM Timing Model ◮ Timed Automata (TA) (U PPAAL 3 model checker) ◮ Executable is instrumented ◮ Loop bounds provided comment-style ◮ All bounds are provided by I CECAP - TOOLS ◮ Reconstructs Control-Flow Graph and translates to TA 3 http://www.uppaal.org 17
T ETA SARTS JVM Cont’d Introduction HVMTP Design Tools 12 T ETA SARTS JVM T ETA SARTS TS Results Conclusion Future Work Figure : Fetch and execute TA from METAMOC 4 . ◮ Composition with HW TA yields the JVM Timing Model ◮ Verification of properties (TCTL) ◮ E.g. estimate execution times of the Java Bytecodes 4 http://metamoc.dk/ 17
T ETA SARTS TS Introduction HVMTP Design Tools T ETA SARTS JVM ◮ T ETA SARTS TS generates a timing scheme from the JVM 13 T ETA SARTS TS Results Timing Model Conclusion ◮ A timing scheme captures an abstract timing model of the Future Work execution environment ◮ [ BCET i , WCET i ] for instruction i 17
The Big Picture Introduction HVMTP Design Tools TetaSARTS TS T ETA SARTS JVM Analysis Result 14 T ETA SARTS TS TetaSARTS JVM Results JVM Src Conclusion JVM Timing Model (BCET and WCET) TetaSARTS analyser Future Work Schedulability JVM Executable (AVR/ WCRT ARM/...) WCET JVM Timing Model Blocking Time (Network of Timed SCJ Application ... Automata) 17
Results Introduction ◮ Constructing complete JVM Timing Model: 16 s HVMTP ◮ Generating a timing scheme for all Java Bytecodes: Design Tools ◮ ∼ 4 . 5 hours (without exception handling) T ETA SARTS JVM ◮ ∼ 5 days (with exception handling) T ETA SARTS TS 15 Results ◮ Application-dependent Java Bytecodes: Conclusion ◮ Only these must be re-analysed if the program is modified Future Work ◮ 13 (without exception handling) ◮ 47 (with exception handling) ◮ In reality, only a subset of the Java Bytecodes are used ◮ The Minepump uses 49 distinct Bytecodes → 5 s (JVM Timing Model) and 6 m (timing scheme) ◮ Only two Java Bytecodes are application-dependent ( invokevirtual and invokeinterface ) 17
Results Cont’d Introduction T ETA SARTS TS Measured HVMTP Bytecode BCET WCET Avg Low High Design Tools i2l 129 136 130 130 130 T ETA SARTS JVM aload_* 79 79 79 79 79 T ETA SARTS TS new 469 1715 1568 1568 1568 16 Results ireturn 505 1080 893 865 976 Conclusion invokespecial 501 977 710 639 772 Future Work iinc 191 194 192 192 192 Times are represented in clock cycles. ◮ Simulation on Atmel AVR ◮ Measurements obtained from Atmel Studio 6 ◮ Safety: BCET ≤ Low and High ≤ WCET 17
Future Work Introduction HVMTP Design Tools ◮ Further improve HVM TP T ETA SARTS JVM ◮ E.g. invokevirtual T ETA SARTS TS Results ◮ Improve precision of JVM Timing Model Conclusion 17 Future Work ◮ CFG contains both feasible and infeasible execution paths ◮ Symbolic execution ◮ Evaluate analysis approach on other (and more complex) hardware models 17
Recommend
More recommend