Cost Monitoring and Enforcement in the Real-Time Specification for Java - A Formal Evaluation

The Real-Time Specification for Java (RTSJ) provides an integrated approach to scheduling periodic threads and monitoring their CPU execution time. It defines a cost enforcement model whereby a periodic thread is suspended when it consumes more CPU time (budget) than it requested. However, the support for this model is optional and it is generally not given by most implementations. Consequently, this aspect of the specification has not been rigorously evaluated. In this paper we define a formal model of the RTSJ cost monitoring and enforcement approach using the extended timed automata formalism provided in the UPPAAL tool. Using the model, properties are explored and it is shown that whilst implementations that conform to the RTSJ specification are free from potential deadlock, the specification allows an implementation, under certain circumstances, to give a periodic thread more than its CPU budget in one period. These circumstances are detailed and a correction to the RTSJ specification is suggested to remove this anomaly.