Home

Extracts - AERO-VM

Contents

1. 1 eClassChonget EZ NoClassDefFoundError EA p ell i UnsatisfiedLinkEr P E AERO SP1 0 3 2002 09 09 Page 59 of 134 Details of standard Java Lang API that shall be supported without restriction The following list of API defines the minimum requirement for supported APIs by the core JVM Embedded APIs shall be taken into this list without require to take all except dependable sub APIs REQ AERO API GEN 0070 The java lang subset of APIs that the AERO JVM shall support without restriction is defined as Aero er er GLER ERE Cr EN B ler GR ER GREN CR BER T 6512 GEN ET E CR Creer Geir Gje ava la ava la ava la ava la ava la ava la ava la ava la ng AbstractMethodError ng Boolean ng Byte ng ArithmeticException ng ArrayIndexOutOfBoundsl ng ArrayStoreException ng ClassCastException ng ClassCircularityError ava la ava la ava la ava la ng ClassNotFoundi ng Cloneable ava la ava la ava la ava la ava la ava la ava la ava la ng Comparable ng Compiler ng Double ng Error ng Exception ng Float ng IllegalAccessl ava la ng IllegalAccessl ava la ava la ava la ng ClassFormatError Exception ng CloneNotSupportedException ng ExceptionInInitializerError Error Exception ng IllegalArgumentException ng IllegalMonitorStateException ng IllegalStateException ava la
2. The EventObject class and the EventListener interface which form the basis of the new AWT event model in Java 1 1 The Locale class in Java 1 1 which represents a particular locale for internationalization purposes The Calendar and TimeZone classes in Java These classes interpret the value of a Date object in the context of a particular calendar system The ResourceBundle class and its subclasses ListResourcel which represent sets of localized data in Java 1 1 Next figure shows the class hierarchy for the java util package Bundle and PropertyResourcel Bundle Page 66 of 134 i amp iE i ts gt is Time AERO SPI 0 3 2002 09 09 MissingResourceException AERO SP1 0 3 2002 09 09 Page 67 of 134 Details of standard Java Util API that shall be supported without restriction The following list of API defines the minimum requirement for supported APIs by the core JVM Embedded APIs shall be taken into this list without require to take all except dependable sub APIs REQ AERO API GEN 0100 The java util subset of APIs that the AERO JVM shall support without restriction is defined as Aero er er AAA GREN B ler RER GREN GEER E LE C212 ER er GR Er br ler Geir Ej ava u ava u ava u ava u ava u ava u ava u ava u ava u ava u ava u ava ut ava u ava u ava u ava u ava u ava ut ava ut ava u ava u ava u ava u ava u ava u ava u ava u ava
3. 3 1 1 Design General Design general requirement defines the base capabilities of the AERO VM including the compliance with the JVM core standard One of the most important features of Java is the ability to dynamically load code in the form of class files during execution be it from local files or from a remote system Performance is another important requirement but on board constraints involve to provide other techniques than standard ones like JIT technologies Remark the initial delay for compilation is breaking all real time constraint REO AERO DES GEN 0010 The AERO JVM shall implement base mechanism as defined in JVMS and interface of the STD T standard core JVM including Classloader Garbage Collector Memory Manager and Security Manager REQ AERO DES GEN 0020 The AERO JVM shall supports dynamic class loading STD T Justification Any software component can be loaded dynamically allowing on the fly reconfiguration hot swapping of code dynamic additions of new features and application execution REQ AERO DES GEN 0030 Optimisations shall be developed to ensure good performance of the java code execution Aero T Remark verification shall be made using standard Java Benchmark tools 0040 Just in time compilation technologies shall not be used Aero I AERO SP1 0 3 2002 09 09 Page 12 of 134 REQ AERO DES GEN 0050 The AERO JVM shall execute up to 64 tasks without requiring to run a new instance of the JVM
4. Aero A REQ AERO DES GEN 0060 The Start process of an application shall be implemented as loading application create new Aero T instance of corresponding object start the associated process and run the application AERO SP1 0 3 2002 09 09 Page 13 of 134 Scheduling In the AERO JVM scheduling refers to the production of a sequence or ordering for the execution of a set of threads a schedule Requirements on scheduling have a direct impact on the design of the solution REQ AERO DES SCH 0010 Execution of machine instructions shall be predictable and in conformance with RTSJ Aero I on A real time Scheduler shall be provided instead of standard Java scheduler expected WCET to Aero T react on an event shall be fewer than 10 milliseconds REQ AERO DES SCH 0030 A generic java standard interface Schedulable interface will be provided RTSJ T Justification this interface will be used to specify that an object is schedulable by the real time scheduler REQ AERO DES SCH 0040 Any instance of any class implementing Schedulable shall be a schedulable object RTSJ T REQ AERO DES SCH 0050 Schedulable objects scheduling and dispatching shall be managed by the instance of Scheduler RTSJ T REQ AERO DES SCH 0060 In conformance with RTSJ three classes and corresponding JVM internal execution model RTSJ T shall be implemented in AERO JVM AsyncEventHandler
5. RealtimeThread NoHeapRealtimeThread and AERO SP1 0 3 2002 09 09 Page 14 of 134 Memory Real time constraints introduce the concept of memory area memory area represents an area of memory that may be used for the allocation of objects Some memory areas exist outside the heap and place restrictions on what the system and garbage collector may do with objects allocated within Objects in some memory areas are never garbage collected however the garbage collector must be capable of scanning these memory areas for references any object within the heap to preserve the integrity of the heap REQ AERO DES MEM 0010 To be compliant with RTSJ four types of memory areas shall be provided scoped physical RTSJ T immortal and heap Justification Scoped memory provides a mechanism for dealing with a class of objects that have lifetime defined by syntactic scope Physical memory allows java objects to be created within specific physical memory regions that have particular important characteristics such as memory that has substantially faster access Immortal memory represents an area of memory containing objects that once allocated exist until the end of the application i e the objects are immortal Heap memory represents an area of memory that is the heap The determinant of lifetime of objects on the heap is unchanged compare with standard Java implementation the lifetime is still determined by visibility REQ A
6. ava la ava la ava la ava la ava la ng Instantiationl ng Instantiationl ng IllegalThreadStateException ng IncompatibleClassChangeError ng IndexOutOfBoundsException Error Exception ng Integer Exception T AERO SP1 0 3 2002 09 09 Page 60 of 134 je Le Ce C Ce CI Chl Cl Qu Us C Cl Ul Cl Cl Cl CJ CJ Y Y Cl Cl Cl CJ CJ Y Y Cl Cl Cl CJ U Cl Cl Cl C t T5ava lang InternalError rv 4 jp 9o TOT I ava la ava la ng InternalError ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ng LinkageError ng Long ng Math ng InterruptedException ng NegativeArraySizeException ng NoClassDefFoundError ng NoSuchFieldError ng NoSuchFieldException ng NoSuchMethodError ng NoSuchMethodException ng NullPointerException ng Number ng Object ng Process ng Runnable ng RuntimePermis ng Short ng StackOverflowE ng ThreadDeath ng ThreadLocal ng UnknownError ng VerifyError ng NumberFormatException ng OutOfMemoryError ng RuntimeException sion ng SecurityException Lrror ng UnsatisfiedLinkError ng UnsupportedClassVersionError ng UnsupportedOperationException ng VirtualMachineError
7. AERO SP1 0 3 2002 09 09 Page 77 of 134 4 2 Operating System REQ AERO ENVIRON 050 AERO JVM software shall run on Sparc ERC32 processor under a standard posix Operating Aero I System Aero I REQ AERO ENVIRON 060 AERO JVM environment tools shall run on Solaris Operating System and or Linux AERO SP1 0 3 2002 09 09 Page 78 of 134 5 Operability requirements 5 1 User s manual REQ AERO OPERAB 010 A user s manual shall be written Aero I 52 Online help N A 5 3 Interface standard N A 5 4 Interface ergonomy N A AERO SP1 0 3 2002 09 09 Page 79 of 134 6 Development requirements REQ AERO DEVELOP 010 The tailored ECSS B standard provided in MP is applicable to development Aero I T AERO SP1 0 3 2002 09 09 Page 80 of 134 7 Portability and maintainability requirements 7 1 Portability of design and code REQ AERO PORT 010 The solution shall be implemented in ANSI C using the GNU gcc cross compiler Aero I one Threads shall be based on the POSIX threads standard STD I REQ AERO PORT 030 Design shall provide clear separation of platform dependant from platform independant code to Aero I reduces the required effort to port to other platforms REQ AERO PORT 040 It shall be possible to port the solution to a new posix operating system Aero I 7 2 Maintainability requirements REQ AERO
8. MAINT 010 The source code shall be delivered to Astrium to be analysed by Astrium quality engineers Aero N A metrics will be made on code especially size of modules cyclomatic complexity used for granting such access of thread when they re are preempted in favor of a thread with higher execution eligibility REQ AERO MAINT 030 The implementation is required to provide in the DDD a documentation stating exactly the Aero I algorithm used for such placement of threads with higher priority than preempted ones that may be given access to the processor at any time as determined by a particular implementation REQ AERO MAINT 020 The implementation is required to provide in DDD a documentation stating exactly the algorithm Aero I REQ AERO MAINT 040 Implementations that provide a monitor control algorithm in addition to those described in this Aero AERO SP1 0 3 2002 09 09 Page 81 of 134 document are required to clearly document the behavior of that algorithm in DDD AERO SP1 0 3 2002 09 09 Page 82 of 134 CHAPTER REMOVED FROM THE AERO PROJECT ORIGINAL SPI DOCUMENT
9. Memory Area that is associated with a NoHeap RealtimeThread RTSJ must remain fixed while they are alive REQ AERO RT MEM 0090 Each instance of the virtual machine must have exactly one instance of the class RTSJ ImmortalMemory REQ AERO RT MEM 0100 Each instance of the virtual machine must have exactly one instance of the class HeapMemory RTSJ REQ AERO RT MEM 0110 Each instance of the virtual machine shall behave as if there is an area of memory into which all RTSJ Class objects are and which is NoHeapRealtimeThreads placed unexceptionally referenceable by AERO SP1 0 3 2002 09 09 Page 36 of 134 REQ AERO RT MEM 0120 Strict assignment rules placed on assignments to or from memory areas must prevent the creation RTSJ A of dangling pointers and thus maintain the pointer safety of Java The restrictions are listed in the following table Reference to Heap Ref To Immortal Ref To Scoped Heap Yes Yes No Immortal Yes Yes No Scoped Yes Yes Yes if same outer shared scope Local Variable Yes Yes Yes if same outer shared scope REQ AERO RT MEM 0130 An implementation must ensure that the above checks are performed on every assignment RTSJ A statement before the statement is executed This includes the possibility of static analysis of the application logic AERO SP1 0 3 2002 09 09 Page 37 of 134 Synchronization Java monitors and especially
10. Yes Real time scheduler No Yes Schedulable interface Yes Yes Specific thread No Yes RealtimeThread NoHeapRealtimeThread Asynchronous handler No Yes Memory Memory types No Yes Memory allocation for thread No Yes Real time GC No Yes AERO SP1 0 3 2002 09 09 Page 25 of 134 Function Standard JVM core AERO VM Remarks Thread Classical thread Yes Yes Classical thread as assimilated to real time one in AERO VM Real time thread No Yes Asynchronous Asynchronous event class No Yes Asynchronous handler No Yes Timer Yes Yes Standard Timer class is not a real time implementation PeriodicTimer No Yes ATC No Yes Asynchronous thread term Partially Yes Standard thread termination is not deterministic Exception amp Errors Standard mechanism Yes Yes Standard class Yes Yes Asynchronous exceptions No Yes Asynchronous error No Yes AERO SP1 0 3 2002 09 09 Page 26 of 134 3 1 2 Real time Init This specification accommodates the variation in underlying system variation in a number of ways One of the most important is the concept of optionally required classes e g the POSIX signal handler class This class provides a commonality that can be relied upon by program logic that intends to execute on implementations that themselves execute on POSIX compliant systems The RealtimeSystem class functions in similar capacity to java lang System Similarly the RealtimeSecurity class functions similarly to java
11. all error and exception classes in Java Classes that encapsulate the primitive data types in Java Classes for accessing system resources and other low level entities Math a class that provides standard mathematical methods String the class that represents strings Because the classes in the java lang package are so essential the java lang package is implicitly imported by every Java source file In other words it could be possible to all of the classes and interfaces in java lang using their simple names Next figures shows the class hierarchy for the java lang package The possible exceptions in a Java program are organized in a hierarchy of exception classes The Throwable class is at the root of the exception hierarchy Throwable has two immediate subclasses Exception and Error Next figures shows the standard exception classes defined in the java lang package and the standard error classes defined in java lang AERO SPI 0 3 2002 09 09 Page 57 of 134 B E EE mu TED extends implements ClassNotFoundException CloneNotSupportedException GessCostException MegalThreodStoteExceprion EEE 1 I i InterruptedEx HoSuchFieldException T I i THE IndexQutOiBoundsException StringindexOutOfBoundsException H t 3 H AERO SP1 0 3 2002 09 09 Page 58 of 134 bka EZ h ExceptioninlnitializerError
12. ava la ava la ava la ava la ava la ava la ng Void ng ref PhantomRe ng ref Reference ference ng ref ReferenceQueu ng ref SoftReference ljava lang ref WeakReference nc AERO SP1 0 3 2002 09 09 Page 61 of 134 Details of standard Java API that shall be supported with restriction not all function defined in each APIs are required REQ AERO API GEN 0080 The java io subset of APIs that the AERO JVM shall support with restriction is defined as ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la ava la tfh ET E E Ce Ce Es it E fs tl ede ng Class 1 ng ClassLoader 1 ng InheritableThreadLocal 1 ng Package 1 ng Runtime 1 ng SecurityManager 1 ng System 1 ng Thread 1 ng ThreadGroup 1 ng Throwable 1 ng ref ng ref lect AccessibleObject 1 lect Constructor 1 ng ref lect Method 1 1 exact subset of APIs will be defined in Detailed Design Document Aero T AERO SP1 0 3 2002 09 09 Page 62 of 134 3 2 2 3 Lang Reflect API The package java lang reflect is new as of Java 1 1 It contains classes and interfaces that support the Reflection API Reflection refers to the ability of a class to reflect upon itself or look inside of itself to see what it can do The Reflection API makes it possible to Discover the variables methods and constructors of any class Create an instance of any cl
13. clocks REQ AERO DES ASY 0090 In conformance with RTSJ the clock class provide the getRealtimeClock method AERO SP1 0 3 2002 09 09 Page 19 of 134 Asynchronous Transfer of Control ATC Sometimes the real world changes so drastically and asynchronously that the current point of logic execution should be immediately and efficiently transferred to another location A mechanism which extends Java s exception handling shall be include to allow applications to programmatically change the locus of control of another Java thread It is important to note that in the RTSJ this asynchronous transfer of control is restricted to logic specifically written with the assumption that its locus of control may asynchronously change REQ AERO DES ASY 0100 A mechanism shall be providing through which an ATC can be explicitly triggered in a target thread This triggering may be direct from a source thread or indirect through an asynchronous RTSJ event handler REQ AERO DES ASY 0110 A thread shall explicitly indicate its susceptibility to ATC RTSJ Remark Since legacy code or library methods might have been written assuming no ATC by default ATC should be turned off more precisely it should be deferred as long as control is in such code REQ AERO DES ASY 0120 Even if a thread allows ATC some code sections shall be executed to completion and thus ATC 1s deferred in such sections Justification The AT
14. is discarded and replaced by the AIE REQ AERO RT ASY 0150 If an AIE is in a pending state then this AIE shall be thrown only when RTSJ T 1 Control enters an Al method 2 Control returns to an AI method 2 Control leaves a synchronized block within an AI method REQ AERO RT ASY 0160 When inherited event class happened method is called on an AIE or that AIE is superseded by RTSJ another the first AIE s state must be made non pending REQ AERO RT ASY 0170 If the current AIE is an AIEO and the new AIE is an AIEx associated with any frame on the stack RTSJ T then the new AIE AIEx shall be discarded If the current AIE is an AIEx and the new AIE is an AIEO then the current AIE AIEx shall be RTSJ T REQ AERO RT ASY 0180 replaced by the new AIE AIEO AERO SP1 0 3 2002 09 09 Page 44 of 134 REQ AERO RT ASY 0190 If the current AIE is an AIEx and the new AIE is an AIEy from a frame lower on the stack then RTSJ T the new AIE AIEy must be discarded REQ AERO RT ASY 0200 If the current AIE is an AIEx and the new AIE is an AIEy from a frame higher on the stack the RTSJ T current AIE AIEx must be replaced by the new AIE AIEy Remark An AIE may be raised while another AIE is pending or in action Because AI code blocks are nested by method invocation a stack based nesting there is a natural SEMANTICS AND REQUIREMENTS precedence among
15. lang SecurityManager The POSIX signal handler class shall be available AERO JVM executes on an underlying platform that provides a subset of signals named with the POSIX names T REQ AERO RT INI 0010 Aero REQ AERO RT INI 0020 The RealtimeSecurity class is required as defined in RTSJ RTSJ T AERO SP1 0 3 2002 09 09 Page 27 of 134 Thread The Java platform s priority preemptive dispatching model is very similar to the dispatching model found in the majority of commercial real time operating systems However the dispatching semantics were purposefully relaxed in order to allow execution on a wide variety of operating systems Thus it is appropriate to specify RealtimeParameters and Memory Parameters provided to the RealtimeThread constructor allow for number of common real time thread types including periodic threads The NoHeapRealtimeThread class is provided in order to allow time critical threads to execute in preference to the garbage collector The memory access and assignment semantics of the NoHeapRealtimeThread are designed to guarantee that the execution of such threads does not lead to an inconsistent heap state REQ AERO RT THR 0010 Specific classes shall be provided to allow creation of threads that have more precise scheduling RTSJ semantics than java lang thread REQ AERO RT THR 0020 This classes shall allow the use of areas of memory other than the heap f
16. local filesystem Classes that handle object serialization VO in Java is based on streams A stream represents a flow of data or a channel of communication Java 1 0 supports only byte streams The InputStream class is the superclass of all of the Java 1 0 byte input streams while OutputStreamis the superclass of all the byte output streams The drawback to these byte streams is that they do not always handle Unicode characters correctly As of Java 1 1 java io contains classes that represent character streams These character stream classes handle Unicode characters appropriately by using a character encoding to convert bytes to characters and vice versa The Reader class is the superclass of all the Java 1 1 character input streams while Writer is the superclass of all character output streams The InputStreamReader and OutputStreamWriter classes provide a bridge between byte streams and character streams By wrapping an InputStreamReader around an InputStream object the bytes in the byte stream are read and converted to characters using the character encoding scheme specified by the Input StreamReader Likewise it is possible to wrap an OutputStreamWriter around any OutputStream object so that it is possible to write characters and have them converted to bytes As of Java 1 1 java io also contains classes to support object serialization Object serialization is the ability to write the complete state of an object to an outpu
17. outer timer times out while control is in the nested code of the inner timer then the nested code must be aborted as soon as it is outside an ATCdeferred section and control must then transfer to the appropriate catch clause for the outer timer An implementation that either handles the outer timeout in the nested code or that waits for the longer nested timer is incorrect REQ AERO DES ASY 0190 RTSJ A ATC must be implemented without inducing an overhead for programs that do not use it If code with a timeout completes before the timeout s deadline the timeout shall be RTSJ T REQ AERO DES ASY 0200 automatically stopped and corresponding resources returned to the system AERO SP1 0 3 2002 09 09 Page 21 of 134 Asynchronous Thread Termination Again due to the sometimes drastic and asynchronous changes in the real world application logic may need to arrange for a real time Java thread to expeditiously and safely transfer its control to its outermost scope and thus end in a normal manner Note that unlike the traditional unsafe and deprecated Java mechanism for stopping threads as defined in RTSJ mechanism for asynchronous event handling and transfer of control is safe Earlier versions of the Java language supplied mechanisms for achieving these effects in particular the methods stop and destroy in class Thread However since stop could leave shared objects in an inconsistent state
18. the active scheduling policy such threads shall be queued in FIFO order REQ AERO RT SYN 0020 Any conforming implementation must provide an implementation of the synchronized primitive RTSJ T with default behavior that ensures that there is no unbounded priority inversion Furthermore this must apply to code if it is run within the implementation as well as to real time threads REQ AERO RT SYN 0030 The Priority Inheritance monitor control policy must be implemented RTSJ T AERO SP1 0 3 2002 09 09 Page 38 of 134 Time Time is the essence of real time systems and a method of expressing absolute time with sub millisecond precision is an absolute minimum requirement Expressing time in terms of milliseconds has precedent and allows the implementation to provide time based services such as timers using whatever precision it is capable of while the application requirements are expressed to an arbitrary level of precision The expression of millisecond constituents is consistent with other Java interfaces The expression of relative times allows for time based metaphors such as deadline based periodic scheduling where the cost of the task is expressed as a relative time and deadlines are usually represented as times relative to the beginning of the period occurs exactly x times in every y milliseconds even if the intervals between occurrences of the activity have
19. the synchronized keyword provide a very elegant means for mutual exclusion synchronization Thus rather than invent a new real time synchronization mechanism this specification strengthens the semantics of Java synchronization to allow its use in real time systems In particular this specification mandates priority inversion control Priority inheritance and priority ceiling emulation are both popular priority inversion control mechanisms however priority inheritance is more widely implemented in real time operating systems and so is the default mechanism in this specification By design the only mechanism required by RTSJ which can enforce mutual exclusion in the traditional sense is the keyword synchronized Noting that this specification allows the use of synchronized by both instances of java lang Thread RealtimeThread and NoHeapRealtimeThread and that such flexibility precludes the correct implementation of any known priority inversion algorithm when locked objects are accessed by instances of java lang Thread and NoHeapRealtimeThread it is incumbent on the specification to provide alternate means for protected concurrent data access by both types of threads protected means access to data without the possibility of corruption The three wait free queue classes provide such access REQ AERO RT SYN 0010 Threads waiting to enter synchronized blocks must be priority queue ordered If threads with the RTSJ T same priority are possible under
20. to be adjusted slightly Remark the RTSJ does not impose any required distribution on the lengths of the intervals but REQ AERO RT GEN 0010 All time objects must maintain microsecond precision and report their values in terms of Aero millisecond and microsecond constituents REQ AERO RT GEN 0020 Time objects must be constructed from other time objects or from millisecond microseconds Aero values REQ AERO RT GEN 0030 Time objects must provide simple addition and subtraction operations both for the entire object RTSJ and for constituent parts REQ AERO RT GEN 0040 Time objects must implement the Comparable interface if it is available The compareTo RTSJ method must be implemented even if the interface is not available REQ AERO RT GEN 0050 Any method of constructor that accepts a RationalTime of x y must guarantee that its activity RTSJ strongly suggests that implementations attempt to make them of approximately equal lengths AERO SP1 0 3 2002 09 09 Page 39 of 134 Timer The importance of the use of one shot timers for timeout behavior and the vagaries in the execution of code prior to enabling the timer for short timeouts dictate that the triggering of the timer should be guaranteed The problem is exacerbated for periodic timers where the importance of the periodic triggering outweighs the precision of the start time In such cases it is also convenient to allow for example a relative time of zero to be used as the star
21. 5 OVERVIEW uante 9 2 1 AERO VM DEFINITION esee enne enne nennen ERREUR SIGNET NON DEFINI 2 2 JAVA STANDARD PRINCIPES ERREUR SIGNET NON DEFINI 2 3 INSIDE A JAVA VIRTUAL MACHINE ERREUR SIGNET NON DEFINI 2 3 1 What is a Java Virtual Machine sss Erreur Signet non d fini 2 3 2 The Lifetime of a Java Virtual Machine Erreur Signet non d fini 2 3 3 The Architecture of the Java Virtual Machine Erreur Signet non d fini 2 3 4 Data Types s RAV RR e Air SDA oo RS Erreur Signet non d fini 235 Word SIZE vad aksene eee eanet Erreur Signet non d fini 2 3 6 The Class Loader Subsystem sss Erreur Signet non d fini 2 3 6 1 Loading Linking and Initialisation esee Erreur Signet non d fini 2 3 6 2 The Bootstrap Class Loader eene Erreur Signet non d fini 2 3 6 3 User Defined Class Loaders een Erreur Signet non d fini 2 3 6 4 NEIN I M S Erreur Signet non d fini 23 7 Th Method AFC s teet ap edet dieu sd Erreur Signet non d fini E Type Informations si A te e e I Erreur Signet non d fini 2 3 9 The Constant Pool pis dae adipe a ATRIIS Erreur Signet non d fini 2 3 10 Fjeld Informations ias tui te ene ates Erreur Signet non d fini 2 3 11 Method Information eit et et t adt Erreur Signet non d fini 2 3 12 Class Variables sais e Re RH eat ERE ERR Erreur Signet non d
22. AERO Architecture for Enhanced Reprogrammability and Operability Contract ESTEC 15750 02 NL LVH pe P gt Specification Extract of original document F Deladerri re Astrium SaS F Siebert Aicas Gmbh T Ritzau Link ping Universitet Reference AERO SP1 Issue 0 3 Date 2002 09 09 Ref AERO SP1 AERO SP1 Software JVM Specification Ge T Page 2 of 83 Abstract This document is the specification of the AERO Real time Java Virtual Machine project output of the task 1 a 2 This document defines functional requirements for AERO JVM who is a Java Virtual Machine with real time capacities for ERC32 processor This document contains an overview of AERO JVM functionalities functional requirements representative s requirements environment requirement operability requirements portability and maintenance requirements Written by Name Company Signature Internal reference F Deladerri re Astrium AERO Architecture for Enhanced Reprogrammability and Operability is an ESA project Contract ESTEC 15750 02 NL LVH conducted by a consortium led by ASTRIUM SAS with Aicas Gmbh and Link ping Universitet For more information please contact Frank J de Bruin E ESTEC Keplerlaan 1 PO Box 299 esa 2200 AG Noordwijk ZH The Netherlands SHUI RAL LE IG ZU Tel 31 0 71 565 4951 Fax 31 0 71 565 5420 e mail fdebruin estec esa nl a E m amp m S s a B ty 4 m aas realtime
23. Bundle 1 java util Locale 1 java util jar JarEntry 1 java util jar JarFile 1 j ti j ti 1 exact subset of APIs will be defined in Detailed Design Document AERO SP1 0 3 2002 09 09 Page 69 of 134 3 2 3 Specific new API in embedded context 3 2 3 1 javax realtime API The package javax realtime is a new package introduced by the RTJ group and specified through the RTSJ document It contains a number of useful classes and interfaces specific for real time The classes and interfaces in javax realtime include The AsyncEvent class for implementing Asynchronous event and timer The MemoryArea class which supports different memory types The Monitor class for priority management The MemoryControl class for memory management The RealtimeSecurity class and the Rea1timeSy stem class which form the basis of the new realtime model in Java The Scheduler class which represents a upgrade of the base Java scheduler The RealTimeThread extension of base Thread The Throwable extension class and its subclasses which represent sets of new Error and Exception for realtime The complete javax realtime hierarchy class is provided in annex AERO SP1 0 3 2002 09 09 Page 70 of 134 The full standard Java realtime API defined in RTJS shall be supported without restriction Embedded APIs shall be taken into this list without require to take all except dependable sub APIs REQ AERO API GEN 0120
24. C deferred sections are synchronized methods and statements REQ AERO DES ASY 0130 Code that responds to an ATC shall not return to the point in the thread where the ATC was RTSJ triggered that is an ATC is an unconditional transfer of control Presumptive semantics which returns control from the handler to the point of interruption are not needed since they can be achieved through other mechanisms in particular an AsyncEventHandler REQ AERO DES ASY 0140 It must be possible to trigger an ATC based on any asynchronous event including an external RTSJ happening or an explicit event firing from another thread In particular it must be possible to base an ATC on a timer going off RTSJ T AERO SP1 0 3 2002 09 09 Page 20 of 134 REQ AERO DES ASY 0150 Through ATC it shall be possible to abort a thread but in another manner that does not carry the I dangers of the Thread class s stop and destroy methods RTSJ REQ AERO DES ASY 0160 If ATC is modeled by exception handling there shall be some way to ensure that an RTSJ I asynchronous exception is only caught by the intended handler and not for example by an all purpose handler that happens to be on the propagation path REQ AERO DES ASY 0170 Nested ATCs must work in conformance with RSTJ RTSJ T Remarks For example consider two nested ATC based timers and assume that the outer timer has a shorter timeout than the nested inner timer If the
25. ERO DES MEM 0020 AERO VM shall provide support for memory allocation budgets for threads using memory areas Aero A Maximum memory area consumption and maximum allocation rates for individual real time threads shall be specified by the user when the thread is created AERO SP1 0 3 2002 09 09 Page 15 of 134 REQ AERO DES MEM 0030 AERO VM shall provide deterministic real time garbage collection based on a known and Aero proven technique REQ AERO DES MEM 0040 AERO VM garbage collection shall be exact in contrast to being conservative i e all Aero unreachable objects must be reclaimed REQ AERO DES MEM 0050 It must be possible to predict the amount of garbage collection work needed by any piece of Aero code i e it must be possible to calculate the WCET of any piece of code regardless if contains memory management or not Given a maximum memory usage and the amount of available memory it must be possible to Aero REQ AERO DES MEM 0060 prove that the system never runs out of memory AERO SP1 0 3 2002 09 09 Page 16 of 134 Thread REQ AERO DES THR 0010 To provide robust execution model and performance all java threads provided by the AERO VM Aero shall be real time threads REQ AERO DES THR 0020 Threads waiting to acquire a resource shall be released in execution eligibility order based on RTSJ their priorities Remark Calling
26. KA S aes wa ust a a a EAE ix Fridtjof Siebert Tobias Ritzau RES Deladerniere AICAS Gmbh Link ping Universitet ASTRIUM 31 avenae des cosmonalies Hoepfner Burg Dep Of Computer and Information Science E3 1 402 Toulouse Cedex 4 France Haid und Neu StraBe 18 SE 58183 Link ping Sweden Tel 33 5 62 19 56 49 Fax 33 562197897 D 76131 KarlsRuhe Germany Tel 46 13 28 4494 Fax 46 13 28 5899 E P Tel 49 721 663 96823 Fax 49 721 663 96893 E e mail frederic deladerriere astrium space com HN i e mail tobri ida liu se e mail siebert aicas com AERO SP1 0 3 2002 09 09 Page 3 of 83 Revision History Version Date Paragraphs modified Comments 0 1 2002 04 15 First issue 0 2 2002 07 15 2 2 3 1 1 3 1 2 4 2 7 1 PDR comments taken into account 0 3 2002 09 09 All documents Grammar and spelling corrections AERO SP1 0 3 2002 09 09 Page 4 of 83 Table of Contents L INTRODUCTION a ria 6 1 1 COPE oes se S 6 Ic Scope of the T e RERO B Re UR RE ata RR RE REM 6 11 2 Seopeof the Document eei ine Re E qe E dne E PESE d 6 1 2 RELATED DOCUMENTATION serievinnere abstrakt nets en prse ent ln eee ie ruere t Eee iko 7 1 3 APPLICABLE DOCUMENTATION vi 51e ro OTHO UE AR te 7 1 4 DEFINITION OF TERMS AND ACRONYMS sese 8 LAT Definition of Terms tote teet date MR trente eda pd 8 1 4 2 Acronyms and Abbreviations suisses 8 2
27. The AERO JVM shall support API specified in the final release V1 0 of 11 12 2001 of RTSJ T javax realtime API It may include later additions and clarification 3 2 3 2 Others APIs Some new generic functions will be necessary to implement onboard application even if representative application porting in Java will show later API that could be defined some first basic functions could be defined implantation depending of On board software REQ AERO API GEN 0130 An application shall be able to send internal message to the rest of onboard software through a Aero T unique simple mechanism REQ AERO APLGEN 0140 An application shall be able to send internal message to the rest of onboard software and wait an Aero T acknowledge through a unique simple mechanism REQ AERO API GEN 0150 An application shall be able to read on board time with a precision of TBD implantation Aero T depending of On board software Aero T REQ AERO API GEN 0160 An application shall be able to wait a specified on board time with a precision of TBD i AERO SP1 0 3 2002 09 09 Page 71 of 134 3 2 4 API for test amp debug purposes This chapter details of standard Java APT subset that shall be supported for debug and test purposes not in embedded context The following list of API defines the minimum requirement for supported APIs by the core JVM This APIs will be used for validation and debug of
28. a thread with lower priority means to increase priority of this thread temporarily to not be stopped during the call REQ AERO DES THR 0030 Threads waiting to enter synchronized blocks shall be granted access to the synchronized block RTSJ in execution eligibility order REQ AERO DES THR 0040 A blocked thread that becomes ready to run shall be given access to the processor in execution RTSJ eligibility order REQ AERO DES THR 0050 A thread that performs a yield shall be given access to the processor after waiting threads of the RTSJ same execution eligibility AERO SP1 0 3 2002 09 09 Page 17 of 134 Asynchronous Event handling Real time systems typically interact closely with the real world With respect to the execution of logic the real world is asynchronous We thus felt compelled to include efficient mechanisms for programming disciplines that would accommodate this inherent asynchrony The real time specification generalizes the Java language s mechanism of asynchronous event handling Required classes represent things that can happen and logic that executes when those things happen notable feature is that the execution of the logic is scheduled and dispatched by an implemented scheduler REQ AERO DES ASY 0060 whose occurrence is driven by time REQ AERO DES ASY 0070 There must be two forms of Timers to be compliant wi
29. active instances of AIE Let AIEO be the AIE raised when t interrupt is invoked and AIEi i 1 n for n unique instances of AIF be the AIE raised when AIEi fire is invoked Assume stacks grow down and therefore the phrase a frame lower on the stack than this frame refers to a method at a deeper nesting level Match No Match Propagate true clear the pending AIE propagate whether the AIE remains pending return true is invisible except to the implementation Propagate false clear the pending AIE do not clear the pending AIE return false return false AERO SP1 0 3 2002 09 09 Page 45 of 134 Exception The need for additional exceptions given the new semantics added by the other sections of this specification is obvious That the specification attaches new nontraditional exception semantics to AsynchronouslyInterruptedException is perhaps not so obvious REQ AERO RT EXC 0010 All exceptions except AsynchronouslyInterruptedException are required to have semantics RTSJ T exactly as those of their eventual superclass in the java hierarchy REQ AERO RT EXC 0020 Instances of the class AsynchronouslyInterruptedException shall be generated by execution of RTSJ T program logic and by internal virtual machine mechanisms that are asynchronous to the execution of program logic which is the target of the exception REQ AERO RT EXC 0030 Program logic that exists in methods that throw Asynchronous
30. al Machine WP Work Package AERO SP1 0 3 2002 09 09 Page 9 of 83 2 Overview CHAPTER REMOVED FROM THE AERO PROJECT ORIGINAL SPI DOCUMENT AERO SP1 0 3 2002 09 09 Page 10 of 83 3 Functional Requirements This chapter defines functional requirements for general use of the AERO JVM The SRD requirements are introduced trough 5 column tables to be used in tracability tool e the first column identifies the SRD requirement with following rules REQ AERO xxx for function xxx for sub function xxxx number Functions identifiers are ENV for environment GEN for general DES for design RT for real time TOO for tools Sub function identifiers are INIT for initialisation DBG for debug RUN for running VER for verification TRA for trace SCH for scheduling SYN for synchroning ASY from asynchroning THR for thread MEM for memory e the second column describes the requirement e the third column is empty link with URD is not applicable for AERO JVM e the fourth column indicate the level of compliance of the requirement STD Standard Java core RTSJ Real Time Specification for Java Aero specific to project e the fifth column gives the corresponding verification method with T testing A analysis I inspection code When a requirement will be suppressed identifier will not be suppressed deleted mention will replace description AERO SP1 0 3 2002 09 09 Page 11 of 134 3 1 Java Virtual Machine
31. andard release is the version 1 2 of the Java Native Interface Since JNI provides hundreds of routines including support for JNI would pose too big an overhead on those applications that are not using it This is why JNI support must be activated explicitly when required Native code that is interfaced through the JNI interface is typically stored in shared libraries that are dynamically loaded by the virtual machine when the application uses native code Since dynamically loading libraries is not possible on small embedded systems that dont provide a file system a different approach must be taken Instead of loading a library it is preferable to have the native code be part of the application itself 1 e to link the native object code directly with the application REQ AERO APLGEN 0200 AERO JVM shall provides the support for JNI in a Real Time deterministic implementation REQ AERO API GEN 0210 It shall be possible to specify an option that enables the support for JNI dep REQ AERO API GEN 0220 It shall be possible to allows direct linking of native object code with the application through an Aero option This option could be used in addition to the JNI support option provide a specific object file that contains the JNI support REQ AERO API GEN 0230 To build an application that uses the native code on a target that requires manual linking it might Aero I also be required to provide these object files to the linker and it might even
32. application but are not destined to be embed 3 2 4 1 VO API REQ AERO API GEN 0170 The java io subset of APIs that the AERO JVM shall support for test purposes without Aero T restriction is defined as java io PrintStream java io PrintWriter java io RandomAccessFile java io StringBufferInputStream java io StringReader java io StringWriter java io UTFDataFormatException java io UnsupportedEncodingException java io WriteAbortedException java io Writer AERO SP1 0 3 2002 09 09 Page 72 of 134 3 2 4 2 Lang API REQ AERO API GEN 0180 The java lang subset of APIs that the AERO JVM shall support for test purposes without Aero T restriction is defined as java lang Character java lang String java lang StringBuffer java lang StringIndexOutOfBoundsException 3 2 4 3 Net API The package java net contains classes and interfaces that provide a powerful infrastructure for networking in Java These include e The URL class for basic access to Uniform Resource Locators URLs e The URLConnection class which supports more complex operations on URLs e The Socket class for connecting to particular ports on specific Internet hosts and reading and writing data using streams The ServerSocket class for implementing servers that accept connections from clients The DatagramSocket MulticastSocket and DatagramPacket classes for implementing low level networking The InetAddress class which repre
33. arge number of potential events and event handlers numbering in the thousands or perhaps even the tens of thousands although at any given time only a small number will be used Thus it would not be appropriate to dedicate a thread to each event handler The RTSJ addresses this issue by allowing the programmer to specify an event handler either as not bound to a specific thread the class AsyncEventHandler or alternatively as bound to a thread BoundAsyncEventHandler Events are dataless the fire method does not pass any data to the handler This was intentional in the interest of simplicity and efficiency An application that needs to associate data with an AsyncEvent can do so explicitly by setting up a buffer it will then need to deal with buffer overflow issues as required by the application The ability for one thread to trigger an ATC Asynchronous Transfer of Control in another thread is necessary in many kinds of real time applications but must be designed carefully in order to minimize the risks of problems such as data structure corruption and deadlock There is invariably a tension between the desire to cause an ATC to be immediate and the desire to ensure that certain sections of code are executed to completion One basic solution was to allow ATC in a method only if the method explicitly permits this The default of no ATC is reasonable since legacy code might be written expecting no ATC and asynchronously aborting the execution of suc
34. ass using any available constructor of that class even if the class initiating the creation was not compiled with any information about the class to be instantiated Access the variables of any object even if the accessing class was not compiled with any information about the class to be accessed Call the methods of any object even if the calling class was not compiled with any information about the class that contains the methods Create an array of objects that are instances of any class even if the creating class was not compiled with any information about the class These capabilities are implemented by the java lang Class class and the classes in the java lang reflect package Next figure shows the class hierarchy for the java lang reflect package AERO SP1 0 3 2002 09 09 Page 63 of 134 java lang java lang reflect Java 1 1 currently uses the Reflection API for two purposes The JavaBeans API supports a mechanism for customizing objects that is based on being able to discover their public variables methods and constructors JavaBeans are not foreseen to be embedded in space context The object serialization functionality in java io is built on top of the Reflection API Object serialization allows arbitrary objects to be written to a stream of bytes and then read back later as objects Space context could use the Reflection to develop new onboard capabilities to investigate when error occurs in em
35. be subject to receiving an instance of AsynchronouslyInterrupted Exception at any time during execution except as provided below RTSJ REQ AERO RT ASY 0100 The RTSJ specifically requires that blocking methods in java io must be prevented from blocking indefinitely when invoked from a method with AIE in its throws clause Justification The implementation when either AIE fire or Realtime Thread interrupt shall be called when control is in a java io method invoked from an interruptible method may either unblock the blocked call raise an IOException on behalf of the call or allow the call to complete normally if the implementation determines that the call would eventually unblock RTSJ REQ AERO RT ASY 0110 Program logic executing within a synchronized block within a method with AsynchronouslyInterruptedException in its throws clause must not be subject to receiving an instance of AIE Justification The interrupted state of the execution context is set to pending and the program logic will receive the instance when control passes out of the synchronized block if other semantics in this list so indicate RTSJ REQ AERO RT ASY 0120 Constructors must be allowed to include AsynchronouslyInterruptedException in their throws clause and will thus be interruptible RTSJ REQ AERO RT ASY 0130 A thread that is subject to asynchronous interruption in a method that throws AIE but not in a synchronize
36. be required to AERO SP1 0 3 2002 09 09 Page 76 of 134 4 Environment requirements 4 1 Tools REQ AERO ENVIRON 010 A tool for creating a single executable image out of the AERO JVM and a set of Java classes Aero shall be develop This image can be loaded into flash memory or ROM avoiding the need for a file system in the target platform This tool shall be extended such that opportunities to replace dynamic allocation by static allocation whenever analysis of the application reveals that this optimisation is possible REQ AERO ENVIRON 020 The static GC shall be part of the tool to build an executable image It shall bring fast and Aero predictable execution to the affected heap operations REQ AERO ENVIRON 030 the future application development systems OS Solaris or Windows to be able to run applications there Native code e g accessing hardware shall not be included in the emulation Also Java code that accesses hardware directly eg through RTSJ s PhysicalMemory class will not work directly on such an emulation and stub will be written TBC REQ AERO ENVIRON 040 For most effective memory usage a tool that finds the amount of memory that is actually used by Aero A simulator of the AERO JVM shall be provided by porting the VM to Aero an application shall be provided This allows for exact selection of the memory required for the system and to select a heap size for optimal run time performance
37. bedded application code monitoring data etc AERO SP1 0 3 2002 09 09 Page 64 of 134 Details of standard Java Reflect API that shall be supported without restriction The following list of API defines the minimum requirement for supported APIs by the core JVM Embedded APIs shall be taken into this list without require to take all except dependable sub APIs REQ AERO API GEN 0090 The java lang reflect subset of APIs that the AERO JVM shall support without restriction is Aero T defined as java lang reflect Array java lang reflect Field java lang reflect InvocationTargetException java lang reflect Member java lang reflect Modifier java lang reflect ReflectPermission AERO SP1 0 3 2002 09 09 Page 65 of 134 3 2 2 4 Util API The package java util contains a number of useful classes and interfaces Although the name of the package might imply that these are utility classes they are really more important than that In fact Java depends directly on several of the classes in this package and many programs will find these classes indispensable The classes and interfaces in java util include The Hashtable class for implementing hashtables or associative arrays The Vector class which supports variable length arrays The Enumeration interface for iterating through a collection of elements The StringTokenizer class for parsing strings into distinct tokens separated by delimiter characters
38. chine Jon Meyer amp Troy Downing O Reilly ISBN 1 56592 194 1 1 3 Applicable Documentation AERO Prop MNM MP Architecture for Enhanced Reprogrammability and Operability ESTEC Contract n 15750 02 NL LVH Architecture for Enhanced Reprogrammability and Operability Proposal for ESA ITT AO 1 3959 01 NL PB Astrium EEA PR FD 3682269 01 Minutes of AERO Project Negotiation Meeting Noordwijk NL January 31 2002 Management Plan of AERO Project AERO SP1 0 3 2002 09 09 Page 8 of 83 1 4 Definition of Terms and Acronyms 1 4 1 Definition of Terms None 1 4 2 Acronyms and Abbreviations Acronyms and abbreviations used in this text are defined as follows AERO Architecture for Enhanced Reprogrammability and Operability AIE AsynchronouslyInterruptedException Al method Asynchronously Interruptible A method is said to be asynchronously interruptible if it includes AIE in its throws clause ATC Asynchronous Transfer of Control ATC deferred section a synchronized method a synchronized statement or any method or constructor without AIE in its throws clause ESA European Space Agency ESTEC European Space Technological Centre GC Garbage Collector ICD Interface Control Document ICR Individual Control Register JNI Java Native Interface JVM Java Virtual Machine OBS On Board Software RTSJ Real Time Specification for Java TBC To Be Confirmed TBD To Be Defined TN Technical Note VM Virtu
39. ciency RTSJ requires at least 28 unique priority levels as a compromise noting that implementations of this specification will exist on systems with logic executing outside of the Java Virtual Machine and may need priorities above below or both for system activities REQ AERO RT SCH 0010 The base scheduler shall support at least 28 unique values in the priorityLevel field of an RTSJ T instance of PriorityParameters RTJS minimum compliance requirement Justification current onboard interpreter use 3 priorities REQ AERO RT SCH 0020 Higher values in the priorityLevel field of an instance of PriorityParameters must have a higher RTSJ T execution eligibility their respective instance of PriorityParameters the schedulable object with the higher value shall always execute in preference to the schedulable object with the lower value when both are ready to execute REQ AERO RT SCH 0040 Native priorities which are lower than the 28 required real time priorities shall be available These are to be used for regular Java threads ie instance of threads which are not instances of RealtimeThread NoHeapRealtimeThread or AsyncEventHandler classes or subclasses The ten traditional Java thread priorities shall have an arbitrary mapping into the native priorities These REQ AERO RT SCH 0030 In unique means that if two schedulable objects have different values in the priorityLevel field in RTSJ T ten traditional Java thread priorities a
40. ct that defines a custom security policy for the application In Java 1 2 the job of the security manager was taken over by the access controller a class that performs stack inspection to determine whether the operation should be allowed For backwards compatibility the security manager still exists in Java 1 2 By enforcing the security policy established by the security manager and access controller the Java API helps to establish a safe environment in which potentially unsafe code can run API reference to the fundamental classes in the Java programming environment The fundamental classes in the Java Development Kit JDK provide a powerful set of tools for creating portable applications they are an important component of the toolbox used by every Java programmer This reference covers the classes in the java lang java io java net java util java lang reflect packages But in the space context not all of them are required note that the material herein does not cover the classes that comprise the AWT and Swing graphics such as the classes in the java math BigInteger class not the same APIs that java lang math java text java util zip java rmi java sql and java security packages AERO SP1 0 3 2002 09 09 Page 48 of 134 3 2 1 General requirements Basic requirements REQ AERO API GEN 0010 The full java core language without restriction shall be available to write embedded application STD T code Remarks Core la
41. d block must respond to that exception within a bounded number of bytecodes This worst case response interval in bytecode instructions must be documented RTSJ AERO SP1 0 3 2002 09 09 Page 43 of 134 REQ AERO RT ASY 0140 ATC must work as follows if t is an instance of RealtimeThread or NoHeapRealtimeThread and RTSJ T t interrupt or AIE fire is executed by any thread in the system then 1 If control is in an ATC deferred section then the AIE is put into a pending state If control is not in an ATC deferred section then control is transferred to the nearest dynamically enclosing catch clause of a try statement that handles this AIE and which is in an ATC deferred section See section 11 3 of The Java Language Specification second edition for an explanation of the terms dynamically enclosingand handles The RTSJ uses those definitions unaltered 3 If control is in either wait sleep or join the thread is awakened and the fired AIE which is a subclass of InterruptedException is thrown Then ATC follows option 1 or 2 as appropriate 4 If control is in a non AI method control continues normally until the first attempt to return to an AI method or invoke an AI method Then ATC follows option 1 or 2 as appropriate 5 If control is transferred from a non AI method to an AI method through the action of propagating an exception and if an AIE is pending then when the transition to the AI method occurs the thrown exception
42. dulingParameters object a SchedulingParameters object must be created and assigned the values of the current thread This does not imply that other schedulers should follow this rule Other schedulers are free to define the default scheduling parameters in the absence of a given Scheduling Parameters object REQ AERO RT SCH 0100 Feasibility algorithm is not required the function shall return success whenever the feasibility Aero algorithm is executed Justification the RTSJ does not require any particular feasibility algorithm be implemented in the Scheduler object AERO SP1 0 3 2002 09 09 Page 32 of 134 REQ AERO RT SCH 0110 For instances of AsyncEventHandler with a release parameters object of type Sporadic Parameters implementations are required to maintain a list of times at which instances of AsyncEvent occurred The ith time may be removed from the queue after the ith execution of the handleAsyncEvent method RTSJ REQ AERO RT SCH 0120 If the instance of AsyncEvent has more than one instance of AsyncEvent Handler with release parameters objects of type SporadicParameters attached and the execution of AsyncEvent fire introduces the requirement to throw at least one type of exception then all instance of AsyncEventHandler not affected by the exception shall be handled normally RTSJ REQ AERO RT SCH 0130 If the instance of AsyncEvent has more than one instance of AsyncEvent Handler with release param
43. eeennnttteennnnnnss 79 7 PORTABILITY AND MAINTAINABILITY REQUIREMENTS 80 7 1 PORTABILITY OF DESIGN AND CODE s csescecesecesececesceesneecesecesncecssceecaeecsseceaeecsaceseneecsaeeeeneecseeeeaeess 80 7 2 MAINTAINABILITY REQUIREMENTS sese 80 8 ANNEXE HIERARCHY FOR PACKAGE JAVAX REALTIME ERREUR SIGNET NON DEFINI AERO SP1 0 3 2002 09 09 Page 6 of 83 8 1 CLASS HIERARCHY eese eec dde sd ddl suce eee eee teo dee eee ERREUR SIGNET NON DEFINI 8 2 INTERFACE HIERARCHY 000 0000000000000 00000000 oo oo ooo non on ERREUR SIGNET NON DEFINI AERO SP1 0 3 2002 09 09 Page 6 of 83 1 Introduction 1 1 Scope 1 1 1 Scope of the Project AERO Architecture for Enhanced Reprogrammability and Operability is an ESA project contract ESTEC 15750 02 NL LVH The objectives of the project are to investigate on a real time Java virtual machine for ERC32 Special attention is put on the garbage collection mechanism and deterministic execution model The project is split in two phases The first phase investigates existing virtual machine to choose a potential candidate that will be customized are then investigates the definition of requirements concerning a real time interpreter in on board systems An implementation plan is proposed for the second phase This second phase is dedicated to the definition of software functions of the real time Java virtual machine and to their implementation and assessment through va
44. eption Generated by the physical memory classes when the given size is out of bounds AERO SP1 0 3 2002 09 09 Page 23 of 134 REQ AERO DES EXE 0020 New runtime exceptions and associated mechanisms shall be implanted RTSJ T UnsupportedPhysicalMemoryException Generated by the physical memory classes when the requested physical memory is unsupported MemoryInUseException Thrown when an attempt is made to allocate a range of physical or virtual memory that is already in use ScopedCycleException Thrown when a user tries to enter a ScopedMemory that is already accessible ScopedMemory is present on stack or when a user tries to create ScopedMemory cycle spanning threads tries to make cycle in the VM ScopedMemory tree structure UnknownHappeningException Thrown when bindTo is called with an illegal happening REQ AERO DES EXE 0030 New error and associated mechanisms shall be implanted RTSJ T ResourceLimitError Thrown if an attempt is made to exceed a system resource limit such as the maximum number of locks AERO SP1 0 3 2002 09 09 Page 24 of 134 JVM conformance table Function Standard JVM core Required in Remarks AERO VM General Dynamic class loading Yes Yes Garbage collector Yes Yes Specific GC for real time Memory manager Yes Yes Security manager Yes Yes Just in Time compiler No No Single JVM No Yes Use a single instance to run any java applications Scheduling Predictable execution No
45. esting order AERO SP1 0 3 2002 09 09 Page 34 of 134 REQ AERO RT MEM 0010 Some MemoryArea classes are required to have linear in object size allocation time Justification The linear time attribute requires that ignoring performance variations due to hardware caches or similar optimizations and execution of any static initialises the execution time of new must be bounded by a polynomial f n where n is the size of the object and for all n 0 f n lt Cn for constant C RTSJ I REQ AERO RT MEM 0020 The structure of enclosing scopes is accessible through a set of methods on RealtimeThread These methods allow the outer scopes to be accessed like an array Remark The algorithms for maintaining the scope structure are given in Maintaining the Scope Stack Of the RTSJ Justification memory scope is represented by an instance of the ScopedMemory class When a new scope is entered by calling the enter method of the instance or by starting an instance of RealtimeThread or NoHeapRealtimeThread whose constructors were given a reference to an instance of ScopedMemory all subsequent uses of the new keyword within the program logic of the scope will allocate the memory from the memory represented by that instance of ScopedMemory When the scope is exited by returning from the enter method of the instance of Scoped Memory all subsequent uses of the new operation will allocate the memory from the area of memory assoc
46. eters objects of type SporadicParameters attached and the execution of AsyncEvent fire introduces the simultaneous requirement to throw more than one type of exception or error then MITViolation Exception must have precedence over ResourceLimitExceeded RTSJ REQ AERO RT SCH 0140 The following hold for the PriorityScheduler 1 A blocked thread that becomes ready to run is added to the tail of any runnable queue for that priority 2 For a thread whose effective priority is changed as a result of explicitly setting priorityLevel this thread or another thread is added to the tail of the runnable queue for the new priorityLevel 3 A thread that performs a yield goes to the tail of the runnable queue for its priorityLevel RTSJ AERO SP1 0 3 2002 09 09 Page 33 of 134 Memory Languages that employ automatic reclamation of blocks of memory allocated in what is traditionally called the heap by program logic also typically use an algorithm called a garbage collector Garbage collection algorithms and implementations vary in the amount of non determinacy they add to the execution of program logic To date experts believes that no garbage collector algorithm or implementation is known that allows preemption at points that leave the inter object pointers in the heap in a consistent state and are sufficiently close in time to minimize the overhead added to MEMORYAREA task switch latencies to a sufficiently small enough value which co
47. fini 2 3 13 A Reference to Class Classloader sene Erreur Signet non d fini 2 3 14 A Reference to Class C1255 ie Erreur Signet non d fini 23 144 Method Tables Rete me eR PO Eee Pet pe ok eee ovde Erreur Signet non d fini 2 3 14 2 An Example of Method Area Use Erreur Signet non d fini 2 3 15 The Heap nsi Fem A a Erreur Signet non d fini 2 3 16 GarbageCollection ata tias pee Erreur Signet non d fini 2 3 17 Object Representation it dt hielt Erreur Signet non d fini 2 3 18 Array Representation esses eene Erreur Signet non d fini 2 3 19 The Program Counter Erreur Signet non d fini 2 3 20 ThexlavaStacks Lis eii reet ei e eie UR RT ds Erreur Signet non d fini 2 3 20 1 lt THE Stack Brame sss pe recto toe oer ene og er ied Erreur Signet non d fini 2 3 20 2 Possible Implementations of the Java Stack sees Erreur Signet non d fini AERO SP1 0 3 2002 09 09 Page 5 of 83 2 3 20 3 gt Native Method Stacks ec ee Erreur Signet non d fini 2 3 21 Ex cution Engine assessment Erreur Signet non d fini 2321 1 The Instructor Sete tdt Ed e e ees Erreur Signet non d fini 23212 Ex cution Techniques eee eee erre ne Erreur Signet non d fini 2 3 22 TOPES erectio ete tears Ene INL Eo Be Mela odo ie tue Erreur Signet non d fini 2 3 23 Native Method Interface Erreur Signet non d fini 2 3 24 The Real Mac
48. h a method could lead to unpredictable results Since the natural way to model ATC is with an exception AsynchronouslyInterruptedException or AIE the way that a method indicates its susceptibility to ATC is by including AIE on its throws clause Causing this exception to be thrown in a thread t as an effect of calling t interrupt was a natural extension of the semantics of interrupt as currently defined by java lang Thread One ATC deferred section is synchronized code This is a context that needs to be executed completely in order to ensure a program operates correctly If synchronized code were aborted a shared object could be left in an inconsistent state Constructors and finally clauses are subject to interruption If a constructor is aborted an object might be only partially initialized If a finally clause is aborted needed cleanup code might not be performed It is the programmer s responsibility to ensure that executing these constructs does not induce unwanted ATC latency Note that by making synchronized code ATC deferred this specification avoids the problems that caused Thread stop to be deprecated and that have made the use of Thread destroy prone to deadlock A potential problem with using the exception mechanism to model ATC is that a method with a catch all handler for example a catch clause identifying Exception or even Throwable as the exception class can inadvertently intercept an exception intended for a caller This pr
49. hine eet e eden ed Erreur Signet non d fini 3 FUNCTIONAL REQUIREMENTS rss 10 3 1 JAVA VIRTUAL MACHINE isos eroe epe eet tenete rete epe EE Ee peer eg RE ipee eer reae ee be pee penetra dee 11 Jobs DET s ie E dee d e eee qe ec ens te sa Tal ee ee oo 11 3 1 2 Realtime een ier ons eneren E tiens sn 26 32 APL o ea ET 46 3 2 1 Geherala guirements a do D Spre e quete pa edes 48 3 2 2 Standard API supported in embedded context ss 50 3 2 2 1 VOABL E EIE 50 3 2 2 2 Lans API nsectetur ER e ERE 56 3 2 2 3 Lans Re tlect APs 62 3 2 2 4 Ut API m 65 3 2 3 Specific new API in embedded context eee ss 69 3 2 3 1 javax realtime API 3 2 3 2 Others APIS esie t e dd eo e Ee e b etd eee ff ei n 3 2 4 API for test amp debug purposes ementi nennen 71 3 2 4 1 VO API spriker 71 3 2 4 2 Lans APL GER TET 72 3 2 4 3 Net API 3 3 INLA ne TT 4 ENVIRONMENT REQUIREMENTS eeseeeeeennnntttennnnnnns 76 4 1 TS CMM M MIHI E Net E 76 4 2 OPERATING SYSTEM heels eese eint br tes ee rte er ee eode ree eere caridad bee e eee s TI 5 OPERABILITY REQUIREMENTS ooo ooo 78 5 1 USERS MANUAL 4 eos 78 29 2 ONLINE HE Pasan I DEDERE EYE LEER EE RS O E IEEE ELI ERE EXER RETIRER YR 78 5 3 INTERFACE STANDARD ss eerte eere eee novy PER Re Pet Ere eere ER eR eee ep ee PREX tient Poen rara Ee ERE ndn 78 54 INTERFACE ERGONOM Y sans an See ee anne anse 78 6 DEVELOPMENT REQUIREMENTS 111 eeeese
50. iated with the enclosing scope RTSJ I REQ AERO RT MEM 0030 The parent of a scoped memory area must be the memory area in which the object representing the scoped memory area is allocated REQ AERO RT MEM 0040 The single parent rule requires that a scope memory area must have exactly zero or one parent REQ AERO RT MEM 0050 Memory scopes that are made current by entering them or passing them as the initial memory area for a new thread must satisfy the single parent rule REQ AERO RT MEM 0060 Each instance of the class ScopedMemory or its subclasses must maintain a reference count of RTSJ AERO SP1 0 3 2002 09 09 Page 35 of 134 the number of threads in which it is being used Remark When the reference count for an instance of the class ScopedMemory is decremented from one to zero all objects within that area are considered unreachable and are candidates for reclamation The finalizers for each object in the memory associated with an instance of ScopedMemory are executed to completion before any statement in any thread attempts to access the memory area again REQ AERO RT MEM 0070 Objects created in any immortal memory area shall live for the duration of the application Their RTSJ finalizers are only run when the application is terminated REQ AERO RT MEM 0080 The addresses of objects in any
51. lidation tests 1 1 2 Scope of the Document This document is an output of the task 1 a 2 Software JVM Specification This document defines functional requirements for AERO JVM is a Java Virtual Machine with real time capacities for ERC32 processor On board application programs shall be written in a standard language Java which is compiled to give Bytecode Then this code can be loaded in spacecraft to be executed by the virtual machine that is a part of on board software This document contains an overview of AERO JVM functionalities and standard JVM mechanisms functional requirements environment requirement operability requirements e portability and maintenance requirements Important notice Due to complexity of JVM concept the overview chapter introduces with precision the mechanisms of standard JVM to provide easier requirements understanding AERO SP1 0 3 2002 09 09 Page 7 of 83 1 2 Related Documentation RTSJ Real Time Specification for Java RT for Java Expert Group final release December 2001 JSL Java Specification Language Bill Joy Guy Steele James Gosling Gilad Bracha 2000 2nd Edition ISBN 0 20131 008 2 JVMS BOOK 1 BOOK2 Java Virtual Machine Specification Tim Lindholm amp Frank Yellin Addison Wesley Pub Co 1999 2nd Edition ISBN 0 20 143294 3 Inside Java 2 Virtual Machine B Veners Mac Graw Hill 1999 2nd Edition ISBN 0 07 135093 4 Java Virtual Ma
52. lyInterrupted Exception shall be RTSJ T subject to receiving an instance of AsynchronouslyInterrupted Exception at any time during execution AERO SP1 0 3 2002 09 09 Page 46 of 134 3 2 API The Java API helps make Java suitable for networks through its support for platform independence and security The Java API is set of runtime libraries that give a standard way to access the system resources of a host computer When writing a Java program the base mechanism assume the class files of the Java API will be available at any Java virtual machine that may ever have the privilege of running the program This is a relatively safe assumption because the Java virtual machine and the class files for the Java API are the required components of any implementation of the Java Platform When running a Java program the virtual machine loads the Java APT class files that are referred to by the program s class files The combination of all loaded class files from the program and from the Java APT and any loaded dynamic libraries containing native methods constitute the full program executed by the Java virtual machine The class files of the Java API are inherently specific to the host platform The API s functionality must be implemented expressly for a particular platform before that platform can host Java programs To access the native resources of the host the Java API calls native methods As shown in next figure the class files of the Java API i
53. n of the current Java language rules for java lang Thread interrupt REQ AERO RT ASY 0020 When an instance of AsyncEvent occurs by either program logic or a happening all run RTSJ T methods of instances of the AsyncEventHandler class that have been added to the instance of AsyncEvent by the execution of addHandler must be scheduled for execution This action may or may not be idempotent REQ AERO RT ASY 0030 Every occurrence of an event shall increment a counter in each associated handler RTSJ T REQ AERO RT ASY 0040 Handlers shall elect to execute logic for each occurrence of the event or not RTSJ T REQ AERO RT ASY 0050 Instances of AsyncEvent and AsyncEventHandler must be created and used by any program RTSJ T logic REQ AERO RT ASY 0060 More than one instance of AsyncEventHandler must be added to an instance of AsyncEvent RTSJ T REQ AERO RT ASY 0070 An instance of AsyncEventHandler must be added to more than one instance of AsyncEvent RTSJ T Instances of the class AsynchronouslyInterruptedException shall be generated by execution of I REQ AERO RT ASY 0080 RTSJ program logic and by internal virtual machine mechanisms that are asynchronous to the AERO SP1 0 3 2002 09 09 Page 42 of 134 execution of program logic which is the target of the exception REQ AERO RT ASY 0090 Program logic that exists in methods that throw AsynchronouslyInterrupted Exception must
54. nd the required minimum 28 unique real time thread AERO SP1 0 3 2002 09 09 Page 31 of 134 priorities shall be from the same space Assignment of any of this minimum 38 priorities to real time threads or traditional Java threads is legal It is the responsibility of application logic to make rational priority assignments RTJS requirement REQ AERO RT SCH 0050 The dispatching mechanism must allow the pre emption of the execution of schedulable objects RTSJ at a point not governed by the pre empted object REQ AERO RT SCH 0060 For schedulable objects managed by the base scheduler no part of the system shall change the RTSJ execution eligibility for any reason other than implementation of a priority inversion algorithm This does not preclude additional schedulers from changing the execution eligibility of schedulable objects REQ AERO RT SCH 0070 All instances of RelativeTime used in instances of ProcessingParameters Scheduling Parameters RTSJ and ReleaseParameters shall be measured from the time at which the associated thread or first such thread is started REQ AERO RT SCH 0080 PriorityScheduler getNormPriority shall be set to Priority Scheduler getMaxPriority RTSJ PriorityScheduler getMinPriority 3 PriorityScheduler getMinPriority REQ AERO RT SCH 0090 If instances of RealtimeThread or NoHeapRealtimeThread are constructed without a reference to RTSJ a Sche
55. nguage mean the part of the language independent of APIs REQ AERO API GEN 0020 The following standard Java API shall be support with restriction detailed in next chapter Aero T o java io o java lang o java lang ref o java lang reflect o Java net o java util o javax realtime REQ AERO API GEN 0030 With supported APIs is defined the minimum supported APIs by the AERO JVM Supported Aero mean that application could use this APIs as required but not involve to necessary embed all APIs if they re not all required Only a set of required APIs take in the minimum supported APIs could be embed AERO SP1 0 3 2002 09 09 Page 49 of 134 REQ AERO API GEN 0040 The following set of data types shall be provided STD T Boolean Integer on 32 bits Double integer precision on 64 bits Hloating point Double floating point precision on 64 bits Multi dimension arrays REQ AERO APLGEN 0045 An java application shall be able to compute complex mathematical operations on integer STD floating point long and double values AERO SP1 0 3 2002 09 09 Page 50 of 134 3 2 2 Standard API supported in embedded context 3 2 2 1 VO API The package java io contains the classes that handle fundamental input and output operations in Java The I O classes can be grouped as follows Classes for reading input from a stream of data Classes for writing output to a stream of data Classes that manipulate files on the
56. nvoke native methods so the Java program doesnt have to In this manner the Java APIs class files provide a Java program with a standard platform independent interface to the underlying host To the Java program the Java API looks the same and behaves predictably no matter what platform happens to be underneath Precisely because the Java virtual machine and Java API are implemented specifically for each particular host platform Java programs themselves can be platform independent Java methods Java APT A i native methods dynamic libraries host operating system AERO SP1 0 3 2002 09 09 Page 47 of 134 The internal design of the Java API is also geared towards platform independence With the aim of making the execution its best on each platform the virtual machine will very likely adapt elements of application slightly differently on different platforms In these ways and many others the internal architecture of the Java APT is aimed at facilitating the platform independence of the Java programs that use it In addition to facilitating platform independence the Java API contributes to Java s security model The methods of the Java API before they perform any action that could potentially be harmful such as writing to the local disk check for permission In Java releases prior to 1 2 the methods of the Java API checked permission by querying the security manager The security manager is a special obje
57. oblem is avoided by having special semantics for catching an instance of AIE Even though a catch clause may catch an AIE the exception will be propagated unless the handler invokes the happened method from AIE Thus if a thread is asynchronously interrupted while in a try block that has a handler such as AERO SP1 0 3 2002 09 09 Page 41 of 134 catch Throwable e return then the AIE instance will still be propagated to the caller This specification does not provide a special mechanism for terminating a thread ATC can be used to achieve this effect This means that by default a thread cannot be terminated it needs to invoke methods that have AIE in their throws clauses Allowing termination as the default would have been questionable bringing the same insecurities that are found in Thread stop and Thread destroy The following terms and abbreviations will be used ATC Asynchronous Transfer of Control AIE Asynchronously Interrupted Exception a subclass of java lang InterruptedException AI method Asynchronously Interruptible A method is said to be asynchronously interruptible if it includes AIE in its throws clause ATC deferred section a synchronized method a synchronized statement or any method or constructor without AIE in its throws clause REQ AERO RT ASY 0010 The Java Real Time approach to ATC shall be designed to be based on exceptions and it shall be RTSJ T an extensio
58. of NoHeapRealtimeThread to wait for the garbage collector exception is transferred to the immediate previous bytecode instruction that produce a bytecode exception RTSJ REQ AERO RT THR 0080 If GC implementation is made at thread level RealtimeThread class instance shall have an execution eligibility lower than garbage collector Remark GC implementation may be not at thread level RTSJ REQ AERO RT THR 0090 Changing values in SchedulingParameters ProcessingParameters ReleaseParameters ProcessingGroupParameters or use of Thread setPriority must not affect the correctness of any implemented priority inversion avoidance algorithm RTSJ REQ AERO RT THR 0100 Instances of objects which implement the interface Schedulable shall inherit the scope stack of the thread invoking the constructor Justification If the thread invoking the constructor does not have a scope stack then the scope stack of the new object will have one entry which will be the current allocation of context of the thread invoking the constructor RTJS requirement RTSJ REQ AERO RT THR 0110 Instances of objects which implement the interface Schedulable shall have an initial entry in their scope stack This entry will be either the memory area given as a parameter to the constructor or if no memory area is given the allocation context of the thread invoking the constructor RTSJ REQ AERO RT THR 0120 The default parameter
59. or the allocation of RTSJ objects They must allow the definition of methods for handling asynchronously interrupted and provide the scheduling semantics for handling asynchronous events REQ AERO RT THR 0030 The default scheduling policy shall manage the execution of instances of Object that implement RTSJ the interface Schedulable Any scheduling policy presents in an implementation shall be available to instances of objects RTSJ REQ AERO RT THR 0040 which implement the interface Schedulable REQ AERO RT THR 0050 The function of allocating objects in memory areas defined by instances of ScopedMemory or its RTSJ subclasses shall be available only to logic within instances of RealtimeThread NoHeapRealtimeThread AsyncEventHandler and BoundAsyncEventHandler REQ AERO RT THR 0060 The invocation of methods that throw AsynchronouslyInterruptedException shall have effect RTSJ only when the invocation occurs in the context of instances of RealtimeThread NoHeapRealtimeThread AsyncEventHandler and BoundAsyncEventHandler AERO SP1 0 3 2002 09 09 Page 28 of 134 Remark Chosen AERO VM implementation is fully compliant of RTSJ requirement REQ AERO RT THR 0070 In the specific case in which an instance of NoHeapRealtimeThread and instance of either RealtimeThread or Thread synchronize on the same object an exception to the immediately previous statement applies This exception has the effect of causing an instance
60. sents Internet addresses Next figure shows the class hierarchy for the java net package AERO SPI 0 3 2002 09 09 Page 73 of 134 java lang ES A AUS EDS CI A 2 AA A A A lt a EE AERO SP1 0 3 2002 09 09 Page 74 of 134 REQ AERO API GEN 0190 The java net subset of APIs that the AERO JVM shall support for test purposes without Aero T restriction is defined as ava net Authenticator ava net BindException ava net ConnectException ava net ContentHandler ava net ContentHandlerFactory ava net DatagramPacket ava net DatagramSocket ava net DatagramSocketImpl ava net FileNameMap ava net HttpURLConnection ava net InetAddress ava net JarURLConnection ava net MalformedURLException ava net MulticastSocket ava net NetPermission ava net NoRouteToHostException ava net PasswordAuthentication ava net ProtocolException ava net ServerSocket ava net Socket ava net SocketException ava net SocketImpl ava net SocketImplFactory ava net SocketInputStream ava net SocketOptions ava net SocketOutputStream ava net SocketPermission U CI uu Ce Ce u Ce yu Cl Cl Cl Ce CJ Y Y Cl Cl Y QU CJ Ce Ul Cl Cl Cl U Ce AERO SP1 0 3 2002 09 09 Page 75 of 134 3 3 JNI The Java Native Interface JNI is a standard mechanism for inter operability between Java and native code i e code written in non portable system programming languages like C Last st
61. stop has been deprecated A goal was to meet the requirements of asynchronous thread termination without introducing the dangers of the stop or destroy methods The RTSJ accommodates safe asynchronous thread termination through a combination of the asynchronous event handling and the asynchronous transfer of control mechanisms If the significantly long or blocking methods of a thread are made interruptible the corresponding algorithm can consist of a number of asynchronous event handlers that are bound to external events REQ AERO DES ASY 0210 When an asynchronous event occurs the handlers shall invoke interrupt on appropriate threads RTS T REQ AERO DES ASY 0220 Threads that are terminated will then clean up by having all of the interruptible methods transfer RTSJ T control to appropriate catch clauses as control enters those methods either by invocation or by the return bytecode This continues until the run method of the thread returns Remark This idiom provides a quick if coded to be so but orderly clean up and termination of the thread REQ AERO DES ASY 0230 The system shall comprise 10 asynchronous event handlers as appropriate This number could be Aero T change at AERO VM generation AERO SP1 0 3 2002 09 09 Page 22 of 134 Exceptions amp Errors Real time problematic require to introduce several new exceptions and some new treatment of exceptions surrounding asynchronous transfer of con
62. t stream and then later recreate that object by reading in the serialized state from an AERO SP1 0 3 2002 09 09 Page 51 of 134 input stream The ObjectOutputStream and Object objects respectively nputStream classes handle serializing and deserializing The RandomAccessFi le class is the only class that does not use a stream for reading or writing data As its name implies RandomAccessFile provides nonsequential access to a file The File class represents a file on the local file system Th about a file for both reading and writing purposes e class provides methods to identify and retrieve information Next figures shows the class hierarchy for the java io package The java io package defines a number of standard I O exception classes These exception classes are all subclasses of IOException as shown in next figures AERO SPI 0 3 2002 09 09 Page 52 of 134 cm PushbockReoder CL MT X sens M implements E InterruptedlOException StreamCorruptedExceptio t AERO SP1 0 3 2002 09 09 Page 53 of 134 Details of standard Java VO API that shall be supported without restriction The following list of API defines the minimum requirement for supported APIs by the core JVM Embedded APIs shall be taken into
63. t time for relative timers In many situations it is important that a periodic task be represented as a frequency and that the period remain synchronized In these cases a relatively simple correction can be enforced by the implementation at the expense of some additional overhead for the timer REQ AERO RT GEN 0060 The Clock class shall be capable of reporting the achievable resolution of timers based on that RTSJ clock The OneShotTimer class shall ensure that a one shot timer is triggered exactly once regardless RTSJ REQ AERO RT GEN 0070 of whether or not the timer is enabled after expiration of the indicated time REQ AERO RT GEN 0080 The PeriodicTimer class shall allow the period of the timer to be expressed in terms of a RTSJ RelativeTime or a RationalTime In the latter case the implementation shall provide a best effort to perform any correction necessary to maintain the frequency at which the event occurs RTSJ REQ AERO RT GEN 0090 If a periodic timer is enabled after expiration of the start time the first event shall occur immediately and thus mark the start of the first period AERO SP1 0 3 2002 09 09 Page 40 of 134 Asynchrony The design of the asynchronous event handling was intended to provide the necessary functionality while allowing efficient implementations and catering to a variety of real time applications In particular in some real time systems there may be a l
64. ter ava io PushbackInputStream ava io PushbackReader ava io SequenceInputStream ava io Serializable ava io SerializablePermission ava io StreamCorruptedException ava io SyncFailedException AERO SP1 0 3 2002 09 09 Page 55 of 134 Details of standard Java API that shall be supported with restriction not all function defined in each APIs are required REQ AERO API GEN 0060 The java io subset of APIs that the AERO JVM shall support with restriction is defined as java io Bu java io Fil java io Fil java io Fil java io Fil e 1 eNotFoundl java io Fi java io ObjectStreamClass 1 java io ObjectStreamConstants 1 java io ObjectStreamField 1 java io OutputStreamWriter 1 java io PipedInputStream 1 java io PipedOutputStream 1 java io Reader 1 java io StreamTokenizer 1 eOutputStream 1 ePermission 1 java io InputStreamReader 1 java io ObjectInputStream 1 java io ObjectOutputStream 1 fferedReader 1 eInputStream 1 Exception 1 exact subset of APIs will be defined in Detailed Design Document Aero T AERO SP1 0 3 2002 09 09 Page 56 of 134 3 2 2 2 Lang API The package java lang contains classes and interfaces that are essential to the Java language These include e Object the ultimate superclass of all classes in Java Thread the class that controls each thread in a multithreaded program Throwable the superclass of
65. th RTSJ the OneShotTimer and the RTSJ T PeriodicTime Instance of OneShotTimer fire once at the specified time Periodic timers fire off at the specified time and then periodically according to a specified interval REQ AERO DES ASY 0010 Asynchronous event facility shall be provided In conformance with RTSJ two classes shall be RTSJ T available AsyncEvent and AsyncEventHandler REQ AERO DES ASY 0020 AsyncEvent object shall manage the unblocking of handlers when event is fired and the set of RTSJ T handlers associated with the event cf corresponding API REQ AERO DES ASY 0030 AsyncEventHandler object shall be a java runnable event handler object with parameters to RTSJ T control execution of handler once the associated AsyncEvent is fired REQ AERO DES ASY 0040 When an event is fired the handler shall be executed asynchronously scheduled according to the RTSJ T associated parameters cf corresponding API REQ AERO DES ASY 0050 The system must cope well with situations where there are 100 instances of AsyncEvent and RTSJ T AsyncEventHandler The number of fired in process handlers is expected to be smaller New Timer class shall be a specialized form of an AsyncEventHandler that represents an event RTSJ T REQ AERO DES ASY 0080 A specific object must drive timers Clock that represents the real time clock The Clock class RTS T AERO SP1 0 3 2002 09 09 Page 18 of 134 may be extended to represent other
66. this list without require to take all except dependable sub APIs REQ AERO API GEN 0050 The java io subset of APIs that the AERO JVM shall support without restriction is defined as cea eg a po ER E dee pr pee He ET OP LEN EL ELLE FO FO EL EL TULL ER ER LIS ava io BufferedInputStream ava io BufferedOutputStream ava io BufferedWriter ava io ByteArrayInputStream ava io ByteArrayOutputStream ava io CharArrayReader ava io CharArrayWriter ava io CharConversionException ava io DataInput ava io DataInputStream ava io DataOutput ava io DataOutputStream ava io EOFException ava io Externalizable ava io Fil ava io Fil ava io Fil ava io Fil ava io Fil ava io Fil ava io Fil ava io Fil ava io Fil leDescriptor leFilter leNotFoundException leReader leWriter lenameFilter lterInputStream lterOutputStream lterReader ava io Fil lterWriter ava io IOException ava io InputStream ava io InterruptedIOException ava io InvalidClassException ava io InvalidObjectException ava io LineNumberInputStream Aero T AERO SP1 0 3 2002 09 09 Page 54 of 134 U CI uu Qu u u Ce Y Cl Cl Y Us Us U Cl Cl Cl U ava io LineNumberReader ava io NotActiveException ava io NotSerializableException ava io Object Input ava io ObjectInputValidation ava io ObjectOutput ava io ObjectStreamException ava io OptionalDataException ava io OutputStream ava io PipedReader ava io PipedWri
67. trol and memory allocators REQ AERO DES EXE 0010 In conformance with RTSJ new exceptions compare with standard Java and associated RTSJ T mechanisms shall be implanted AsynchronouslyInterruptedException Generated when a thread is asynchronously interrupted DuplicateFilterException PhysicalMemoryManager can only accomodate one filter object for each type of memory It throws this exception if an attempt is made to register more than one filter for a type of memory InaccessibleAreaException Thrown when an attempt is made to execute or allo cate from an allocation context that is not accessible on the scope stack of the current thread MITViolationException Thrown by the fire method of an instance of AsyncEvent when the bound instance of AsyncEventHandler with a Release Parameter type of SporadicParameters has mit ViolationExcept behavior and the minimum interarrival time gets violated MemoryScopeException Thrown by the wait free queue implementation when an object is passed that is not compatible with both ends of the queue MemoryTypeConflictException Thrown when the PhysicalMemoryManager is given conflicting specification for memory The conflict can be between two types in an array of memory type specifiers or when the specified base address does not fall in the requested memory type OffsetOutOfBoundsException Generated by the physical memory classes when the given offset 1s out of bounds SizeOutOfBoundsExc
68. u ava u ava u ti til ti ti ET ti ti ET AbstractMap L ArrayList l Arrays il BitSet Collection l Collections l Dictionary l EmptyStackException 1 Comparator l ConcurrentModificationException l AbstractCollection l AbstractSequentialList l AbstractSet Enumeration EventListener EventObject til ti HashMap HashSet Hashtable Iterator inkedList ti ist til jistIterator til ET ET til til Map MissingResourcel Exception NoSuchElementException Observable Observer Properties til til Random T AERO SP1 0 3 2002 09 09 Page 68 of 134 java util ResourceBundl java util Set java util SortedMap java util SortedSet java util Stack java util StringTokenizer java util TooManyListenersException java util Vector java util WeakHashMap Details of standard Java API that shall be supported with restriction not all function defined in each APIs are required ava u ava u 1 jar JarInputStream 1 1 jar Manifest 1 REQ AERO API GEN 0110 The java util subset of APIs that the AERO JVM shall support with restriction is defined as Aero T java util AbstractList 1 java util Calendar 1 java util Date 1 java util jar Attributes 1 java util PropertyPermission 1 java util PropertyResourceBundle 1 java util GregorianCalendar 1 java util ListResource
69. uld be considered appropriate for all real time systems Thus this specification provides the above described areas of memory to allow program logic to allocate objects in a Java like style ignore the reclamation of those objects and not incur the latency of the implemented garbage collection algorithm The Single Parent Rule Every push of a scoped memory type on a scope stack requires reference to the single parent rule which requires that every scoped memory area have no more than one parent The parent of a scoped memory area is for a stack that grows up f the memory area is not currently on any scope stack it has no parent f the memory area is the outermost lowest scoped memory area on any scope stack its parent is the primordial scope For all other scoped memory areas the parent is the first scoped memory are below it on the scope stack Except for the primordial scope which represents both heap and immortal memory only scoped memory areas are visible to the single parent rule The operational effect of the single parent rule is that once a scoped memory area is assigned a parent none of the above operations can change the parent and thus an ordering imposed by the first assignments of parents of a series of nested scoped memory areas is the only nesting order allowed until control leaves the scopes then a new nesting order is possible Thus a thread attempting to enter a scope can only do so by entering in the established n
70. values for an object implementing the interface Schedulable must be the parameter values of the thread invoking the constructor RTSJ AERO SP1 0 3 2002 09 09 Page 29 of 134 Justification If the thread invoking the constructor does not have parameter values then the default values are those values associated with the instance if Scheduler which will manage the object REQ AERO RT THR 0130 Instance of objects implementing the interface Schedulable shall be placed in memory RTSJ represented by instances of ImmortalMemory HeapMemory LTPhysicalMemory VTPhysicalMemory or ImmortalPhysical Memory I AERO SP1 0 3 2002 09 09 Page 30 of 134 Scheduling As specified the required semantics and requirements of this section establish a scheduling policy that is very similar to the scheduling policies found on the vast majority of real time operating systems and kernels in commercial use today The specification accommodates existing practice which is a stated goal of the effort The semantics of the classes constructors methods and fields within allow for the natural extension of the scheduling policy by implementations that provide different scheduler objects Some research shows that given a set of reasonable common assumptions 32 unique priority levels are a reasonable choice for close to optimal scheduling efficiency when using the rate monotonic priority assignment algorithm 256 priority levels better provide better effi

Download Pdf Manuals

Related Search

Related Contents

Abocom FT128MX User's Manual  C-7111  LG CB630 Quick Start Guide  Wilo-Safe WS 5-24 Yonos PICO  S - 光洋電子工業  DOC 51 0797/001 DOC 51 0797/001  取扱説明書  User Manual - Projector Central  Nesco Removable Motor Food Slicer  T7 à Batteries NA Manuel Opérateur (FR)  

Copyright © All rights reserved. Failed to retrieve file