Draft API for safety-critical Java (subset of RTSJ and J2SE)

Introduction:

These notes introduce the Draft API for Safety Critical Java (subset of RTSJ and J2SE) produced in July 2004.  The draft API specification is presented in javadoc format.

Here are some clarifications and explanations:

1. The Beta JDK 1.5 compiler was used to compile all of the API code and to produce the javadoc.  At the time of its preparation, tools to validate consistency of the meta-data annotations were not available. The intent is that a safety-critical Java byte-code verifier would subseqeuently provide this consistency checking.

2. A few problems with the JDK 1.5 javadoc tool affected the resultant specification which was produced.  In particular:

   a) Annotations associated with parameters are not being displayed, and

   b) Annotations associated with constructors are not being displayed.

For both of these shortcomings, the author inserted redundant comments into the corresponding javadoc commentary.  Another shortcoming of the 1.5 beta software was that mif-doclet has not yet been released.

3. At the time of its preparation and publication, the resulting specification was not extensively reviewed.  As a result, there are likely to be errors and/or inconsistencies in this draft API specification.  More detail is needed in many descriptions, especially those of the java.lang package.  The API described in this specification is proposed to represent the API for the entire safety-critical Java platform.  Any library not described here is not "generally" available to safety-critical developers.

Individual vendors are free to supplement the platform with additional libraries if they choose to do so, but those additional libraries should be clearly distinguished from the "standard platform".

4. A careful reader of the draft spec raised the following question: In each of the following code fragments, what method(s) does the InvocationMode apply to

  assert StaticLimit.InvocationMode(MyMode);

  x =3D y ? foo() : bar() + zot();

  assert StaticLimit.InvocationMode(YourMode);

  x =3D foo(bar(), zot());

This needs to be clarified.  A proposed resolution is to adopt the position that the effects of each InvocationMode assertion endure until a subsequent contradictory InvocationMode assertion.

5. The same careful reader says: "It bothers me that some of the StaticLimit assertions apply to the next statement (e.g. InvocationMode) while others apply to the previous statment (e.g. ArrayLength).  This seems like an easy source of programmer errors."  There is "good rationale" for the way things are currently specified, with perhaps a need for a better explanation in the specifcation.

----

Kelvin Nilsen, Ph.D.
Chief Technology Officer for Java, Atego


About Atego

Atego™ is the leading independent supplier of industrial-grade, collaborative development tools , services and runtime environments for engineering complex, high reliability, mission- and safety-critical architectures, systems, software and hardware. Atego delivers stable, robust and scalable tools, services and working environments to thousands of users across an extensive range of complex applications in demanding engineering sectors such as aerospace, automotive, avionics, defense, electronics, medical, telecommunications and transportation.

Atego’s market leading products include; Aonix Perc® – a real-time embedded Java™ virtual machine, Artisan Studio® – a standards-based (OMG UML, SysML & UPDM) modeling tool suite, Atego Exerpt™ – an independent, Requirements data synchronization tool, Atego Process Director™ – a tool for authoring, measuring, managing & improving your organizations engineering and development processes, and Atego HighRely™ tools and services for avionics certification and training, particularly relating to DO-178 and DO-254.

Atego’s tools deliver on the promise of an integrated collaborative development environment – allowing architecture, systems, software and hardware engineering teams to Work-as-One™ – from concept through to delivery, maintenance and support. Founded in 2010 in a merger between Artisan Software Tools™ and Aonix®, Atego is headquartered in San Diego, CA, USA and Cheltenham, UK with offices in France, Germany and Italy, and is supported by a global distributor network.