Static Checking of Safety
Critical Java Annotations
Daniel Tang, Ales Plsek, Jan Vitek
http://www.ovmj.net/oscj/
S3 Lab, P...
API Visibility
public abstract class PeriodicEventHandler
extends ManagedEventHandler
implements Runnable {
public Periodi...
API Visibility
@SCJAllowed(LEVEL_0, members=true)
class M extends CyclicExecutive {
public void initialize() {
PEH p = new...
API Visibility
@SCJAllowed(LEVEL_0)
public abstract class PeriodicEventHandler
extends ManagedEventHandler
implements Runn...
Level Compliance Annotations
parameter
s
values
@SCJAllowed
value
LEVEL_0
@SCJAllowed
value
LEVEL_1
@SCJAllowed
value
LEVE...
Phase Restrictions
USER CODE
Wednesday, September 15, 2010
Phase Restrictions
USER CODE
class M extends CyclicExecutive {
public void setUp() {...}
public void tearDown() {...}
}
We...
Phase Restrictions
USER CODE
class M extends CyclicExecutive {
public void setUp() {...}
public void tearDown() {...}
}
@S...
Phase Restrictions
USER CODE
Wednesday, September 15, 2010
Phase Restrictions
USER CODE
class M extends CyclicExecutive {
...
@SCJRestricted(INITIALIZATION)
public void setUp() {......
Phase Restrictions
USER CODE
class M extends CyclicExecutive {
...
@SCJRestricted(INITIALIZATION)
public void setUp() {......
Phase Annotations
•
parameters values
@SCJRestricted
value
INITIALIZATION
@SCJRestricted
value RUN
@SCJRestricted
value
CL...
Behavior Restrictions
@SCJAllowed(LEVEL_1)
public class IH extends InterruptHandler{
@SCJRestricted(mayAllocate=false,
may...
Behavior Restrictions
@SCJAllowed(LEVEL_1)
public class IH extends InterruptHandler{
@SCJRestricted(mayAllocate=false,
may...
Behavior Restrictions
parameters values
@SCJRestricted
mayAllocate
TRUE (default)
@SCJRestricted
mayAllocate
FALSE
@SCJRes...
Memory Safety
class PEH extends PeriodicEventHandler {
Data data;
public void handleEvent() {
R r = new R(this);
ManagedMe...
Memory Safety
class PEH extends PeriodicEventHandler {
Data data;
public void handleEvent() {
R r = new R(this);
ManagedMe...
Memory Safety
class PEH extends PeriodicEventHandler {
Data data;
R r = new R(this);
enterPrivateMemory(r); ...
class R im...
Memory Safety
@Scope("M") @RunsIn("PEH")
class PEH extends PeriodicEventHandler {
Data data;
public void handleEvent() {
@...
Memory Safety
@Scope("M") @RunsIn("PEH")
class PEH extends PeriodicEventHandler {
Data data;
public void handleEvent() {
@...
Memory Safety Annotations
parameters values
@DefineScope
name a name of newly defined scope
@DefineScope
parent a parenting s...
@Scope
@Scope("M") @RunsIn("PEH")
class PEH extends PeriodicEventHandler {
... new Data() ....
}
@Scope("PEH") @RunsIn("R"...
Objects with no @Scope
@Scope("M") @RunsIn("PEH")
class PEH extends PeriodicEventHandler {
... new Data() ....
}
@Scope("P...
Class and Fields
@Scope("M") @RunsIn("PEH")
class Clazz {
Field f;
Data d;
@RunsIn("R")
public void foo(Data d) {
this.d =...
Class Casting
@Scope("PEH") @RunsIn("R")
class R implements Runnable {
... Foo f = (Foo) new Data() ...
}
class Foo { ... ...
Enter Child Scope
@Scope("M") @RunsIn("PEH")
class PEH
...
@DefineScope(name="R", parent="PEH")
R r = new R(this);
Managed...
Conclusion
• Checker Implementation
• Java 7 Checker Framework
• Compile-time checking (Eclipse plugin coming soon)
• Eval...
Safety Critical Java
• High level story: Java for safety critical systems
• Safety critical systems may cause harm to pers...
Upcoming SlideShare
Loading in …5
×

Static Checker for Safety-Critical Java Annotations

606 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
606
On SlideShare
0
From Embeds
0
Number of Embeds
142
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Static Checker for Safety-Critical Java Annotations

  1. 1. Static Checking of Safety Critical Java Annotations Daniel Tang, Ales Plsek, Jan Vitek http://www.ovmj.net/oscj/ S3 Lab, Purdue University oSCJOpen Safety-Critical Java Wednesday, September 15, 2010
  2. 2. API Visibility public abstract class PeriodicEventHandler extends ManagedEventHandler implements Runnable { public PeriodicEventHandler(...) ... public ReleaseParameters getReleaseParameters() ... public final void run() {...} Wednesday, September 15, 2010
  3. 3. API Visibility @SCJAllowed(LEVEL_0, members=true) class M extends CyclicExecutive { public void initialize() { PEH p = new PEH(...); p.run(); ... @SCJAllowed(LEVEL_0, members=true) class PEH extends PeriodicEventHandler { public ReleaseParameters getReleaseParameters(){ public void handleEvent() {...} ... } Wednesday, September 15, 2010
  4. 4. API Visibility @SCJAllowed(LEVEL_0) public abstract class PeriodicEventHandler extends ManagedEventHandler implements Runnable { public PeriodicEventHandler(...) ... @SCJAllowed(LEVEL_2) public ReleaseParameters getReleaseParameters() ... @SCJAllowed(INFRASTRUCTURE) public final void run() {} Wednesday, September 15, 2010
  5. 5. Level Compliance Annotations parameter s values @SCJAllowed value LEVEL_0 @SCJAllowed value LEVEL_1 @SCJAllowed value LEVEL_2 @SCJAllowed value SUPPORT @SCJAllowed value INFRASTRUCTURE @SCJAllowed value HIDDEN (default) @SCJAllowed members TRUE @SCJAllowed members FALSE (default) Wednesday, September 15, 2010
  6. 6. Phase Restrictions USER CODE Wednesday, September 15, 2010
  7. 7. Phase Restrictions USER CODE class M extends CyclicExecutive { public void setUp() {...} public void tearDown() {...} } Wednesday, September 15, 2010
  8. 8. Phase Restrictions USER CODE class M extends CyclicExecutive { public void setUp() {...} public void tearDown() {...} } @SCJAllowed(LEVEL_0, members=true) class PEH extends PeriodicEventHandler { public void handleEvent() { new PEH(...); ... getCurrentMission().tearDown(); Wednesday, September 15, 2010
  9. 9. Phase Restrictions USER CODE Wednesday, September 15, 2010
  10. 10. Phase Restrictions USER CODE class M extends CyclicExecutive { ... @SCJRestricted(INITIALIZATION) public void setUp() {...} @SCJRestricted(CLEANUP) public void tearDown() {...} } Wednesday, September 15, 2010
  11. 11. Phase Restrictions USER CODE class M extends CyclicExecutive { ... @SCJRestricted(INITIALIZATION) public void setUp() {...} @SCJRestricted(CLEANUP) public void tearDown() {...} } @SCJAllowed(LEVEL_0, members=true) class PEH extends PeriodicEventHandler { SCJRestricted(EXECUTION) public void handleEvent() { new PEH(...); ... getCurrentMission().tearDown(); ... Wednesday, September 15, 2010
  12. 12. Phase Annotations • parameters values @SCJRestricted value INITIALIZATION @SCJRestricted value RUN @SCJRestricted value CLEANUP @SCJRestricted value ALL (default) Wednesday, September 15, 2010
  13. 13. Behavior Restrictions @SCJAllowed(LEVEL_1) public class IH extends InterruptHandler{ @SCJRestricted(mayAllocate=false, maySelfSuspend=false) protected void handleInterrupt() { foo(); } protected void foo() { new PEH(...); sleep(); ... Wednesday, September 15, 2010
  14. 14. Behavior Restrictions @SCJAllowed(LEVEL_1) public class IH extends InterruptHandler{ @SCJRestricted(mayAllocate=false, maySelfSuspend=false) protected void handleInterrupt() { foo(); } @SCJRestricted(mayAllocate=false, maySelfSuspend=false) protected void foo() { new PEH(...); sleep(); Wednesday, September 15, 2010
  15. 15. Behavior Restrictions parameters values @SCJRestricted mayAllocate TRUE (default) @SCJRestricted mayAllocate FALSE @SCJRestricted maySelfSuspend TRUE @SCJRestricted maySelfSuspend FALSE (default) Wednesday, September 15, 2010
  16. 16. Memory Safety class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } class Data { ... } Wednesday, September 15, 2010
  17. 17. Memory Safety class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } class Data { ... } Wednesday, September 15, 2010
  18. 18. Memory Safety class PEH extends PeriodicEventHandler { Data data; R r = new R(this); enterPrivateMemory(r); ... class R implements Runnable { PEH p; pp.data = new Data(); } } class Data data new Data() PEHMission Memory PEH Memory Runnable Memory Wednesday, September 15, 2010
  19. 19. Memory Safety @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { @DefineScope(name="R", parent="PEH") R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... @Scope("PEH") @RunsIn("R") class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } @Scope("R") class Data { ... } Wednesday, September 15, 2010
  20. 20. Memory Safety @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { Data data; public void handleEvent() { @DefineScope(name="R", parent="PEH") R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... @Scope("PEH") @RunsIn("R") class R implements Runnable { PEH p; public void run() { p.data = new Data(); } } @Scope("R") class Data { ... } Wednesday, September 15, 2010
  21. 21. Memory Safety Annotations parameters values @DefineScope name a name of newly defined scope @DefineScope parent a parenting scope of a new scope @Scope name a name of scope in which the object is allocated @RunsIn name name of scope where a method will allocate Wednesday, September 15, 2010
  22. 22. @Scope @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { ... new Data() .... } @Scope("PEH") @RunsIn("R") class R implements Runnable { ... new Data() ... } @Scope("R") class Data { ... } Wednesday, September 15, 2010
  23. 23. Objects with no @Scope @Scope("M") @RunsIn("PEH") class PEH extends PeriodicEventHandler { ... new Data() .... } @Scope("PEH") @RunsIn("R") class R implements Runnable { ... new Data() ... } class Data { ... } Wednesday, September 15, 2010
  24. 24. Class and Fields @Scope("M") @RunsIn("PEH") class Clazz { Field f; Data d; @RunsIn("R") public void foo(Data d) { this.d = d; d may not reside in immortal } } @Scope("R") class Field { ... } class Data { ... } no @Scope annotation Field must be in the same or parent scope Wednesday, September 15, 2010
  25. 25. Class Casting @Scope("PEH") @RunsIn("R") class R implements Runnable { ... Foo f = (Foo) new Data() ... } class Foo { ... } @Scope("R") class Data extends Foo { ... } Wednesday, September 15, 2010
  26. 26. Enter Child Scope @Scope("M") @RunsIn("PEH") class PEH ... @DefineScope(name="R", parent="PEH") R r = new R(this); ManagedMemory.getCurrentManagedMemory(). enterPrivateMemory(3000, r); ... @DefineScope(name="R2", parent="PEH") R r2 = new R(this); .... @Scope("PEH") @RunsIn("R") class R implements Runnable { ...} Wednesday, September 15, 2010
  27. 27. Conclusion • Checker Implementation • Java 7 Checker Framework • Compile-time checking (Eclipse plugin coming soon) • Evaluation • miniCDj benchmark Case Study • ~100 annotations, ~100 examples in the Checker distribution • @SCJAllowed and @SCJRestricted easy to use • Memory safety annotations • Sometimes overly restrictive, resulting in class duplication Wednesday, September 15, 2010
  28. 28. Safety Critical Java • High level story: Java for safety critical systems • Safety critical systems may cause harm to persons if they fail, so they require vigorous certifications • SCJ compliance levels • Java annotations may help the certification process • A mechanism for adding metadata to Java constructs for compile-time or run-time processing • Java annotations preserved in the bytecode as well • Enhanced in Java 7 by allowing use in more constructs, enabling construction of pluggable type systems in Java Wednesday, September 15, 2010

×