Cost enforcement in the real-time specification for Java

Research output: Contribution to journalArticlepeer-review


The Real-Time Specification for Java (RTSJ) provides an integrated approach to scheduling periodic real-time threads and monitoring their CPU execution time. It defines a cost enforcement model whereby a periodic real-time thread is suspended when it consumes more CPU time (budget) than it requested in a single release. However, compliant implementations need not support this model, as the underlying operating systems mechanisms are not widely available. Consequently, experience with the model is limited (it is generally not provided in most implementations of the RTSJ). In previous work we showed, using model checking techniques, that the current version of the cost enforcement model can, under certain unlikely scenarios, allow a periodic thread more than its CPU budget in a single period. Such a behaviour can undermine any schedulability analysis that has been undertaken. In this paper, we present a revised formal model, which corrects this anomalous behaviour, and evaluate its properties. We also extend the formal model, so it allows support for real-time threads with sporadic and aperiodic releases, and show how our revised cost enforcement model is valid for all types of threads.

Original languageEnglish
Pages (from-to)139-179
Number of pages41
JournalReal-Time Systems
Issue number2
Publication statusPublished - Nov 2007


  • fault-tolerance
  • java programming language
  • real-time specification for Java
  • model checking

Cite this