A High Integrity Profile for Memory Safe Programming in Real-time Java

The Real-time Specification for Java (RTSJ) has been designed to cover a large spectrum of real-time applications, to achieve this goal the specification must cater to different real-time programming styles. This generality is essential for acceptance of Java by the industry but it also means that there are many error modes that application developers must deal with. The memory subsystem of the RTSJ is one particular area where the RTSJ’s generality creates complexity. This complexity is a problem in high integrity systems as it can be the source of errors, and runtime overheads. The contribution of this paper is a new high integrity profile for memory safe programming in Real-time Java. This profile is notable in the sense that it does not restrict expressiveness of RTSJ programs, yet it guarantees that no memory-related programming errors will occur at runtime. The profile is machine checkable, and simple enough that errors can be readily corrected. While other profile have been put forward, this proposal is the first to have been evaluated on actual deployed software. We report on the use of our profile in a real-time CORBA server which has been used in an avionics application. The results are encouraging as we have been able to refactor the CORBA server relatively easily. The profile allowed to express all of the idioms present in the original system, but without any possibility of errors. Our refactoring effort also uncovered errors and resulted in an executable running 10% faster than the original.