A Formal Model of the Safety-Critical Java Level 2 Paradigm

  title={A Formal Model of the Safety-Critical Java Level 2 Paradigm},
  author={Matt Luckcuck and Ana Cavalcanti and Andy J. Wellings},
Safety-Critical Java SCJ introduces a new programming paradigm for applications that must be certified. The SCJ specificationi?źJSR 302 is an Open Group Standard, but it does not include verification techniques. Previous work has addressed verification for SCJ Leveli?ź1 programs. We support the much more complex SCJ Leveli?ź2 programs, which allows the programming of highly concurrent multi-processor applications with Java threads, and wait and notify mechanisms. We present a formal model of… 
Java Technologies for Cyber-Physical Systems
Challenges and opportunities in the development of cyber-physical systems are outlined by using distributed real-time and embedded Java technologies.


Circus Models for Safety-Critical Java Programs
A formalisation of the SCJ Level 1 execution model is presented, a translation strategy from SCJ into a refinement notation is formalised, and a tool is described that largely automates the generation of the formal models.
Safety-critical Java in Circus
This position paper proposes a refinement technique for the development of Safety-Critical Java programs, and presents a Circus variant that captures the essence of the SCJ paradigm independently from Java.
Safety‐Critical Java: level 2 in practice
Several areas where the SCJ specification needs modifications to support these requirements fully are identified; these include support for terminating managed threads, the ability to set a deadline on the transition between missions and augmentation of the mission sequencer concept to support composibility of timing constraints.
The design of SafeJML, a specification language for SCJ with support for WCET specification
The SafeJML extends the Java Modeling Language (JML) to allow specification and checking of both functional and timing constraints for SCJ programs, to help check the correctness of detailed designs, including timing for real-time systems written in SCJ.
A process algebraic framework for specification and validation of real-time systems
This paper introduces Circus Time, a timed extension of Circus, and presents a new UTP time theory, which is used to give semantics to Circus Time and to validate some of its laws, and provides a framework for validation of timed programs based on FDR, the CSP model-checker.
Safety-critical Java level 2: motivations, example applications and issues
This paper broadly classifies the features that exist only at Level 2 into three groups: support for nested mission sequencers, support for managed threads, including the use of the Object.wait, Object.notify, HighResolutionTime.delay methods, and support for global scheduling across multiple processors.
Exhaustive testing of safety critical Java
This work proposes a scheduling algorithm for JPF which allows testing of Safety Critical Java applications with periodic event handlers at SCJ levels 0 and 1 (without aperiodic event handlers), and provides an SCJ version of the C PapaBench benchmark, which implements an autopilot that has flown real UAVs.
From Safety Critical Java Programs to Timed Process Models
The theoretical underpinning of the translation from Java programs to timed automata models is elaborated and some of the results based on this translation are summarized.
Safety-critical Java for low-end embedded platforms
An implementation of the Safety-Critical Java profile (SCJ), targeted for low-end embedded platforms with as little as 16 kB RAM and 256 kB flash, which is evaluated with a known benchmark and shown to reduce this to a size where it can execute on a minimal configuration.
Model checking JAVA programs using JAVA PathFinder
An effort to formally analyze, using Spin, a multi-threaded operating system for the Deep-Space 1 space craft, and of previous work in applying existing model checkers and theorem provers to real applications.