predictability; the same byte code can also be executed on a standard ... nement, where the behavior of the initial Java code is .... Timer counts x or y seconds.
Modeling Reactive Systems in Java Roberto Passerone Department of EECS Univ. of California at Berkeley Berkeley, CA 94720
Claudio Passerone Dipartimento di Elettronica Politecnico di Torino Torino, ITALY 10129
Luciano Lavagno Cadence Berkeley Laboratories Cadence Design Systems, Inc. Berekeley, CA 94704
Claudio Sanso�e Dipartimento di Elettronica Politecnico di Torino, Torino, ITALY Torino, ITALY 10129
Alberto Sangiovanni Vincentelli Department of EECS Univ. of California at Berkeley Berkeley, CA 94720
Abstract
In this paper we present a class library extending the JavaTM programming language to model reactive realtime systems. It allows the user to describe concurrent modules communicating over asynchronous unidirectional non-blocking channels. A small example is presented to demonstrate some of the features of this extension.
1 Introduction
A reactive system is an application that continuously interacts with the environment and whose responses or actions need to come within a certain time imposed by some external constraints. They are usually composed of several di�erent concurrent processes which receive inputs and perform actions as response, in a continuous in nite loop. General purpose programming languages, like C or C++, are not suitable to specify such systems because they lack the ability to react to external stimuli, and often cannot describe concurrency. Therefore many other programming languages have been proposed (Esterel, Lustre, Signal, Statecharts, VHDL, Verilog, [3]), each with its strengths and weaknesses. The JavaTM [1] programming language is fairly general purpose, and lacks some speci c constructs that prevent its e�ective use in reactive system design. More speci cally, the Java concurrent programming paradigm based on threads, exceptions and method invocation is, in our opinion, insu�cient to concisely represent the speci cation of a reactive system. For this reason, we have developed a class library supporting constructs derived from the above mentioned family of synchronous languages.
Our goals in developing this extension to Java were to be able to have di�erent concurrent modules, to describe their interconnections and provide an eventdriven communication scheme, with methods to suspend and resume a process, or abort a certain task when a given condition occurs. The approach is inspired by the work on the socalled family of Synchronous Languages ([3]), and in particular by the Reactive C language developed by Boussinot et al. [2]. Our work di�ers from the former because we did not develop a new language, but rather extended an existing one. We can thus build on top of a wealth of experience and software tools. Our work also di�ers from the latter, because we tried to add a minimal amount of new constructs, in order to keep the extended language as simple and close to the original as possible. Another approach is the one described in [4] by Kevin Nielsen: in his work he mostly concentrate on the implementation of real-time systems using the Java language and a modi ed virtual machine (Real Time Java Virtual Machine), which provides real-time predictability; the same byte code can also be executed on a standard VM, but no guarantee is given on satisfying real time constraints. Our approach is di�erent from the above, since we mostly address reactivity and communication between components of a concurrent system; the nal implementation may or may not be in the Java language, which can be used at the high level to verify the behavior and as a virtual prototype. Another methodology is presented in J.Young and R.Newton. "Embedding Programs in the Java Language in the Synchronous Model of Computation through the Process of Successive, Formal Re ne-
1 of 4
ment", to appear in the proceedings of ICCAD 97. by Young and Newton: the focus here is tilted towards making a certain general-purpose language (Java in this case) compliant to a speci c model of computation (the synchronous model) through a process called successive, formal re nement . This is accomplished by establishing a policy of use which sets restrictions and extensions to the language in order to make it compatible with the target model of computation: this yields a new language, syntactically identical to the original, that can be directly mapped to the model. The di�erence with our approach is that the programmer initially describes the system in the native Java language; only later is the policy of use enforced and the program is translated into the new language during a human assisted process of iterative, incremental re nement, where the behavior of the initial Java code is interpreted in the framework of JavaTime, a model of computation based on a partial order of events. This procedure necessarily involves the programmer who is responsible of taking decisions that cannot be resolved by the tool. In our case these decisions have been taken upfront, and the programmer is encouraged to think directly in the model of computation, which consists of processes communicating via events. Moreover, the syntax introduced by the addition of the new classes makes it easy to use Java as the entry language to existing design exploration and synthesis tools riferimento a polis o ad altro che voi sapete. The paper is divided as follows: Section 2 brie y outlines some f the features of the Java language used to develop this extension. Section 3 describes the system and how we implemented it. Section 4 presents a small example. Section 5 concludes the paper.
2 Embedded systems and the Java language
Embedded systems applications are found almost everywhere, from home appliances to automotive, from cellular phones to airplanes. However, despite these many di�erent domains, they usually share some common characteristics: � They are composed of mixed hardware and software components. � Several concurrent processes run at the same time. � Tasks exchange data and thus often need a synchronization mechanism. � They interact with the environment. � Communication among components takes time. � Execution of software components takes time. The approach used in synchronous languages([3]) is to consider reaction time as small compared to the interval between successive incoming events; however, this is often not the case, especially when the timing constraints are tight and long computations are to be
performed. For this reason we believe that communication time among tasks and execution time of software components should be considered as well. Therefore, although our work was inspired by synchronous languages, we do not adhere to the synchronous hypothesis. Java already has many features that make it easy to program algorithms for embedded systems: in fact it supports multi{threading, synchronization among different threads when accessing shared resources and exception handling. The Java Virtual Machine speci cations do not impose any rule on the order of execution of threads of identical priority, and long computations may be carried out without being interrupted. Moreover, Java is a fully object oriented language, with all the constructs to handle complex data structures and
ow control. What Java lacks is an easy way to make it react to stimuli: this can be achieved by using thread synchronization, but as the number of signals increases it becomes less tractable, especially when more than one input is expected at the same time; in fact communication among threads should be made explicit by instantiating a shared object and provide mechanisms to access it. The problem gets even more complex when we want a process to react when it is performing a long computation. Our work adds new features (in the form of a class library and associated programming paradigm) to the Java language in order to solve the above problems. We provide methods to send and receive events, to react to incoming events on any input and to terminate long loops when a given condition occurs.
3 Reactive Java
When developing the set of features that we wanted for our class library, we looked for a minimal set of methods that would make it possible to derive others, and we wanted to implement them e�ciently by leveraging the constructs already available in Java. We therefore developed a library of classes to program in Java with a reactive avor, allowing the designer to: 1. De ne, instantiate and interconnect modules. 2. Send and wait for events. 3. React to externally generated events by aborting the current computation and handling the event. 4. React to internally generated events by aborting the current computation and handling the exception. Therefore, the basic constructs that were implemented are: await stops the execution of a thread until a given event or set of events becomes present. emit sends an event to the module connected to a given output.
2 of 4
do watching executes the enclosed code and kills :::
it if the event speci ed in the watching clause is detected when control reaches an await or a synch. synch creates a safe recovery point, where the process can be interrupted if a certain event is received. trap raises an exception which lets the process exit an arbitrary number of nested loops and do watching statements. We also provide a way of de ning new processes and connect them using inputs and outputs. :::
4 An example
We chose a small example to test our reactive Java extension: a seat-belt alarm. This one was chosen because it is su�ciently small so that it's easy to detect if something goes wrong, but at the same time it clearly shows di�erent behaviors when multiple events are awaited. The informal speci cation is as follows: 1. When the ignition key is turned on, wait for seconds. 2. If during these seconds the key is turned o� or the seat-belt is fastened, then go to 1. 3. After seconds have elapsed turn the alarm on and wait for seconds. 4. If during these seconds the key is turned o� or the seat-belt is fastened, then turn the alarm o� and go to 1. 5. After seconds have elapsed, then turn the alarm o� and go to 1. This system was implemented using four modules: Generator produces the external world events. Clock generates a periodic signal. Timer counts or seconds. Belt implements the above behavior. The Generator communicates with Belt using the events key on, key off and belt on. The Timer can be programmed by Belt with an event which carries the value of seconds to be waited, and sends an event end when it reaches the end of the count. Clearly, when waiting for end Belt should also monitor its inputs coming from the Generator , because in case one of the events occurs it must immediately react. The correct behavior was achieved using the do watching mechanism: Belt waits for the end of count while watching the input events belt on and key off. Also, a reset event can be send to the belt controller, to restart the system. In our tests we tried di�erent possible scenarios, including simultaneous events: in this last case the priority was always correctly given to the watched event. x
x
x
y
y
class beltcontrol extends Module { Input reset, key_on, key_off, belt_on, oc_end; Output oc_start; public beltcontrol(String name) { super(name, 5, 1); reset = AddInput("reset"); key_on = AddInput("key_on"); ... } public void run() { while (true) { try { reset.beginwatch(); while(true) { key_on.await(); try { belt_on.beginwatch(); oc_start.emit(50); oc_end.await(); System.out.println("Alarm ON"); oc_start.emit(50); oc_end.await(); } catch (WatchingException e) { e.check(belt_on); } finally { belt_on.endwatch(); } ... }
Figure 1: Reactive Java code for seat belt controller
y
x
:::
y
class belt { public static void main(...) { beltcontrol BELT; timer TIMER; ... BELT = new beltcontrol("BELT"); TIMER = new timer("TIMER"); ... Module.connect("TIMER", "oc_end", "BELT", "oc_end"); ... BELT.start(); TIMER.start(); } }
Figure 2: Reactive Java code for module interconnection
3 of 4
Figure 1 shows a fragment of the source code of the controller. Instantiating a module, creating inputs and outputs, and awaiting and emitting are fairly straightforward, as shown in Figure 2. An applet version of the Java implementation can also be tried at
http://polimage.polito.it/~alcor/belt/BELT.html
5 Conclusion
An extension of the Java programming language towards reactive systems programming has been presented. It is a class library providing means of describing di�erent concurrent modules and how they interact through an event passing mechanism of communication. Reactiveness is achieved using thread synchronization and exception handling, while concurrency and scheduling are left to the Java interpreter.
References
[1] K. Arnold and J. Gosling. The Java programming language. Addison Wesley, 1996. [2] F. Boussinot, G. Doumenc, and J.-B. Stefani. Reactive objects. Annales des Telecommunications, 51(9-10):459{473, September 1996. [3] N. Halbwachs. Synchronous Programming of Reactive Systems. Kluwer Academic Publishers, 1993. [4] K. Nielsen, 1997. See http://www.newmonics.com.
4 of 4
