RTC Magazine

As the complexity of embedded systems evolves, real-time Java has come to play a more central role in large-scale applications that demand higher levels of abstraction, portability, and dynamic behavior. Such applications are taking on roles in management of network infrastructure, automation of manufacturing processes and control of power generating equipment. To meet these demands, real-time Java vendors have moved increasingly into the mission-critical domain.

The accelerating penetration into mission critical and the expected eventual integration into safety-critical applications has increased the need to assure that Java can deliver reliable operation without exceeding resource constraints. Among the breadth of conflicting objectives imposed on mission-critical Java developers are ease of development and maintenance, support for dynamic behavior and on-the-fly workload reconfiguration. Additional requirements include high performance, soft and hard real-time constraints and cooling, along with reduction of physical footprint and power consumption,

To meet these heightened demands, standards are being developed to assist developers in making the engineering tradeoffs necessary for components of mission-critical software.

What Does Mission Critical Mean?

While there are differences of opinion about the precise characterization of mission-critical computing, the general consensus of what “mission critical” means centers around the following attributes:

• Mission size: Mission-critical software requires a minimum of one “person year” and more typically 10-100 person years of development. Smaller projects generally cannot justify the higher costs associated with mission-critical development methodologies.
• Critical role: The role of software in fulfilling the mission must be critical to the mission’s success. If the software only contributes to convenience or comfort, it is not mission critical.
• Dedicated resources: Typically, all of the computing resources that run the mission-critical software are dedicated to mission-critical activities and are not available for non-critical computing.

Mission-critical computing involves a broad spectrum of applications. Resource-limited applications such as deep-space probes, remote planetary exploration and communications satellites stand in contrast to the resource-rich applications of telephone switches, semiconductor manufacturing and air-traffic control.

But Why Mission-Critical Java?

Given the breadth of domains spanned by mission-critical software, one challenge is to establish a sufficiently large area of common ground on which to base meaningful standards for mission-critical computing. Here, we outline key requirements that are common to most, if not all, mission-critical software systems.

Part of what makes mission-critical software difficult is the need to integrate large numbers of independently developed components, each satisfying different mission objectives (Figure 1). Over time, most mission-critical systems scale upward in response to evolving requirements and expanding capacity. Each step of the integration process must preserve the key characteristics of each component so that no mission-critical objectives go ignored.

Specific mission-critical scalability issues for which Java is particularly well suited include:

• Portability: Mission-critical software developed and tested in one environment needs to run the same when ported to another mission-critical system.
• Partitioning: Mission-critical software is partitioned so a failure in one part of the system does not cause the entire system to go down.
• Composability: New functionality must be integrated with existing components to extend and evolve the capabilities of the existing mission-critical system. Java’s strong encapsulation, object-oriented inheritance, secure dynamic loading and commercially available frameworks such as OSGi contribute to strong composability of Java software components.
• Levels of abstraction: Mission-critical systems include components from multiple levels of the abstraction hierarchy, ranging from low-level hard real-time device drivers running as interrupt handlers to large real-time databases on general-purpose multiprocessor hardware and COTS operating systems. Java standards under development are working to support components in each abstraction layer and to provide efficient, reliable and safe integration of multilayer systems.

Given that the success or failure of the mission hinges on the ability of software to do its job, software reliability is of critical importance. Many mission-critical systems are required to deliver five nines reliability (correctly operating more than 99.999% of the time). To achieve these levels of reliability, existing Java strengths are complemented with certain mission-critical enhancements, such as:

• Reliable dynamic memory management: Automatic garbage collection successfully reclaims all garbage without conservative approximations and defragments memory to ensure reliable future memory allocation.
• Redundancy and fault tolerance: Mission-critical software achieves high reliability in the presence of hardware failures by efficiently maintaining coherent copies of redundant information on standby computers that can quickly take over if the primary computers fail. Java services to support reliable replication of information include transaction processing and databases and remote method invocation (RMI).
• Static analysis and enforcement: The lower layers of mission-critical software require static determination and guaranteed availability of resources to ensure reliable operation.

One difficulty in developing mission-critical systems stems from the challenge of assuring reliable operation without exceeding resource constraints. Tight resource constraints are especially common within lower layers of the mission-critical software hierarchy. Mission-critical developers often need to sacrifice ease of development and maintenance, certain dynamic behavior and general software flexibility in order to achieve higher performance, harder real-time constraints and smaller memory footprint. Standards for mission-critical Java must enable developers to selectively make these engineering tradeoffs for particular components of the mission-critical system. Working with the J Consortium, Aonix has designed a hard real-time subset of traditional Java that will match C in terms of performance and memory footprint.