Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Static Checking of Safety
  Critical Java Annotations
    Daniel Tang, Ales Plsek, Jan Vitek                         S3 La...
API Visibility

          public abstract class PeriodicEventHandler
                extends ManagedEventHandler
         ...
API Visibility

         @SCJAllowed(LEVEL_0, members=true)
         class M extends CyclicExecutive {

                  ...
API Visibility

         @SCJAllowed(LEVEL_0)
         public abstract class PeriodicEventHandler
               extends M...
Level Compliance Annotations

                                parameter          values
                                  ...
Phase Restrictions




  USER CODE


Wednesday, September 15, 2010
Phase Restrictions

      class M extends CyclicExecutive {
        public void setUp() {...}
        public void tearDown...
Phase Restrictions

      class M extends CyclicExecutive {
        public void setUp() {...}
        public void tearDown...
Phase Restrictions




  USER CODE


Wednesday, September 15, 2010
Phase Restrictions
     class M extends CyclicExecutive {
       ...
       @SCJRestricted(INITIALIZATION)
       public v...
Phase Restrictions
     class M extends CyclicExecutive {
       ...
       @SCJRestricted(INITIALIZATION)
       public v...
Phase Annotations




                                   parameters       values
                                         ...
Behavior Restrictions

         @SCJAllowed(LEVEL_1)
         public class IH extends InterruptHandler{

               @S...
Behavior Restrictions
        @SCJAllowed(LEVEL_1)
        public class IH extends InterruptHandler{

              @SCJRe...
Behavior Restrictions



                                  parameters         values
                                     ...
Memory Safety


      class PEH extends PeriodicEventHandler {
        Data data;
        public void handleEvent() {
    ...
Memory Safety


      class PEH extends PeriodicEventHandler {
        Data data;
        public void handleEvent() {
    ...
Memory Safety
      class PEH extends PeriodicEventHandler {
                                     Runnable      new Data()...
Memory Safety

      @Scope("M") @RunsIn("PEH")
      class PEH extends PeriodicEventHandler {
        Data data;
        ...
Memory Safety

      @Scope("M") @RunsIn("PEH")
      class PEH extends PeriodicEventHandler {
        Data data;
        ...
Memory Safety Annotations


                                parameters                        values

                    ...
@Scope

      @Scope("M") @RunsIn("PEH")
      class PEH extends PeriodicEventHandler {

               ... new Data() ......
Objects with no @Scope

      @Scope("M") @RunsIn("PEH")
      class PEH extends PeriodicEventHandler {

               .....
Class and Fields
    @Scope("M") @RunsIn("PEH")
    class Clazz {
       Field f;           Field must be in the same or
 ...
Class Casting

      @Scope("PEH") @RunsIn("R")
      class R implements Runnable {
        ... Foo f = (Foo) new Data() ....
Enter Child Scope

    @Scope("M") @RunsIn("PEH")
    class PEH
        ...
        @DefineScope(name="R", parent="PEH")
 ...
Conclusion
      • Checker Implementation

                 • Java 7 Checker Framework
                 • Compile-time che...
Safety Critical Java
      • High level story: Java for safety critical systems

                 • Safety critical system...
Upcoming SlideShare
Loading in …5
×

Jtres checker

676 views

Published on

  • Be the first to comment

  • Be the first to like this

Jtres checker

  1. 1. Static Checking of Safety Critical Java Annotations Daniel Tang, Ales Plsek, Jan Vitek S3 Lab, Purdue University http://www.ovmj.net/oscj/ oSCJ Open Safety-Critical Java Wednesday, September 15, 2010
  2. 2. API Visibility public abstract class PeriodicEventHandler extends ManagedEventHandler implements Runnable { public PeriodicEventHandler(...) ... public ReleaseParameters getReleaseParameters() ... public final void run() {...} Wednesday, September 15, 2010
  3. 3. API Visibility @SCJAllowed(LEVEL_0, members=true) class M extends CyclicExecutive { public void initialize() { PEH p = new PEH(...); p.run(); ... @SCJAllowed(LEVEL_0, members=true) class PEH extends PeriodicEventHandler { public ReleaseParameters getReleaseParameters(){ public void handleEvent() {...} ... } Wednesday, September 15, 2010
  4. 4. API Visibility @SCJAllowed(LEVEL_0) public abstract class PeriodicEventHandler extends ManagedEventHandler implements Runnable { public PeriodicEventHandler(...) ... @SCJAllowed(LEVEL_2) public ReleaseParameters getReleaseParameters() ... @SCJAllowed(INFRASTRUCTURE) public final void run() {} Wednesday, September 15, 2010
  5. 5. Level Compliance Annotations parameter values s LEVEL_0 LEVEL_1 LEVEL_2 value SUPPORT @SCJAllowed INFRASTRUCTURE HIDDEN (default) TRUE members FALSE (default) Wednesday, September 15, 2010
  6. 6. Phase Restrictions USER CODE Wednesday, September 15, 2010
  7. 7. Phase Restrictions class M extends CyclicExecutive { public void setUp() {...} public void tearDown() {...} } USER CODE Wednesday, September 15, 2010
  8. 8. Phase Restrictions class M extends CyclicExecutive { public void setUp() {...} public void tearDown() {...} } @SCJAllowed(LEVEL_0, members=true) class PEH extends PeriodicEventHandler { public void handleEvent() { new PEH(...); ... getCurrentMission().tearDown(); USER CODE Wednesday, September 15, 2010
  9. 9. Phase Restrictions USER CODE Wednesday, September 15, 2010
  10. 10. Phase Restrictions class M extends CyclicExecutive { ... @SCJRestricted(INITIALIZATION) public void setUp() {...} @SCJRestricted(CLEANUP) public void tearDown() {...} } USER CODE Wednesday, September 15, 2010
  11. 11. Phase Restrictions class M extends CyclicExecutive { ... @SCJRestricted(INITIALIZATION) public void setUp() {...} @SCJRestricted(CLEANUP) public void tearDown() {...} } @SCJAllowed(LEVEL_0, members=true) class PEH extends PeriodicEventHandler { SCJRestricted(EXECUTION) public void handleEvent() { new PEH(...); ... getCurrentMission().tearDown(); USER CODE ... Wednesday, September 15, 2010
  12. 12. Phase Annotations parameters values INITIALIZATION • value RUN @SCJRestricted CLEANUP ALL (default) Wednesday, September 15, 2010
  13. 13. Behavior Restrictions @SCJAllowed(LEVEL_1) public class IH extends InterruptHandler{ @SCJRestricted(mayAllocate=false, maySelfSuspend=false) protected void handleInterrupt() { foo(); } protected void foo() { new PEH(...); sleep(); ... Wednesday, September 15, 2010
  14. 14. Behavior Restrictions @SCJAllowed(LEVEL_1) public class IH extends InterruptHandler{ @SCJRestricted(mayAllocate=false, maySelfSuspend=false) protected void handleInterrupt() { foo(); } @SCJRestricted(mayAllocate=false, maySelfSuspend=false) protected void foo() { new PEH(...); sleep(); Wednesday, September 15, 2010
  15. 15. Behavior Restrictions parameters values TRUE (default) mayAllocate FALSE @SCJRestricted TRUE maySelfSuspend FALSE (default) Wednesday, September 15, 2010
  16. 16. Memory Safety class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } class Data { ... } Wednesday, September 15, 2010
  17. 17. Memory Safety class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } class Data { ... } Wednesday, September 15, 2010
  18. 18. Memory Safety class PEH extends PeriodicEventHandler { Runnable new Data() Data data; Memory R r = new R(this); enterPrivateMemory(r); ... PEH data Memory class R implements Runnable { PEH p; Mission PEH pp.data = new Data(); } Memory } class Data Wednesday, September 15, 2010
  19. 19. Memory Safety @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { @DefineScope(name="R", parent="PEH") R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... @Scope("PEH") @RunsIn("R") class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } @Scope("R") class Data { ... } Wednesday, September 15, 2010
  20. 20. Memory Safety @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { @DefineScope(name="R", parent="PEH") R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... @Scope("PEH") @RunsIn("R") class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } @Scope("R") class Data { ... } Wednesday, September 15, 2010
  21. 21. Memory Safety Annotations parameters values name a name of newly defined scope @DefineScope parent a parenting scope of a new scope @Scope name a name of scope in which the object is allocated @RunsIn name name of scope where a method will allocate Wednesday, September 15, 2010
  22. 22. @Scope @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { ... new Data() .... } @Scope("PEH") @RunsIn("R") class R implements Runnable { ... new Data() ... } @Scope("R") class Data { ... } Wednesday, September 15, 2010
  23. 23. Objects with no @Scope @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { ... new Data() .... } @Scope("PEH") @RunsIn("R") class R implements Runnable { ... new Data() ... } class Data { ... } Wednesday, September 15, 2010
  24. 24. Class and Fields @Scope("M") @RunsIn("PEH") class Clazz { Field f; Field must be in the same or Data d; parent scope @RunsIn("R") public void foo(Data d) { this.d = d; d may not reside in immortal } } @Scope("R") class Field { ... } class Data { ... } no @Scope annotation Wednesday, September 15, 2010
  25. 25. Class Casting @Scope("PEH") @RunsIn("R") class R implements Runnable { ... Foo f = (Foo) new Data() ... } class Foo { ... } @Scope("R") class Data extends Foo { ... } Wednesday, September 15, 2010
  26. 26. Enter Child Scope @Scope("M") @RunsIn("PEH") class PEH ... @DefineScope(name="R", parent="PEH") R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... @DefineScope(name="R2", parent="PEH") R r2 = new R(this); .... @Scope("PEH") @RunsIn("R") class R implements Runnable { ...} Wednesday, September 15, 2010
  27. 27. Conclusion • Checker Implementation • Java 7 Checker Framework • Compile-time checking (Eclipse plugin coming soon) • Evaluation • miniCDj benchmark Case Study • ~100 annotations, ~100 examples in the Checker distribution • @SCJAllowed and @SCJRestricted easy to use • Memory safety annotations • Sometimes overly restrictive, resulting in class duplication Wednesday, September 15, 2010
  28. 28. Safety Critical Java • High level story: Java for safety critical systems • Safety critical systems may cause harm to persons if they fail, so they require vigorous certifications • SCJ compliance levels • Java annotations may help the certification process • A mechanism for adding metadata to Java constructs for compile-time or run-time processing • Java annotations preserved in the bytecode as well • Enhanced in Java 7 by allowing use in more constructs, enabling construction of pluggable type systems in Java Wednesday, September 15, 2010

×