5.6      Processes

(1)   A process represents a virtual address space, i.e., it represents a space partition unit whose boundaries are enforced at runtime.  The Runtime_Protection process property indicates whether runtime protection is disabled. The virtual address space contains the program formed by the source text associated with the process and its subcomponents.  Threads of a process must be explicitly declared.

Legality Rules

Category

Type

Implementation

process

Features:

·         port

·         feature group

·         provides data access

·         requires data access

·         provides subprogram access

·         requires subprogram access

·         provides subprogram group access

·         requires subprogram group access

·         feature

Flow specifications: yes

Modes: yes

Properties: yes

Subcomponents:

·         data

·         subprogram

·         subprogram group

·         thread

·         thread group

·         abstract

Subprogram calls: no

Connections: yes

Flows: yes

Modes: yes

Properties: yes

 

(L1)      A process component type can contain port, feature group, provides and requires data access, provides and requires subprogram access declarations, and provides and requires subprogram group access declarations.  It can also contain flow specifications, modes subclause, and property associations.

(L2)      A process component implementation can contain abstract, data, subprogram, subprogram group, thread, and thread group subcomponent declarations.

(L3)      A process implementation can contain a connections subclause, a flows subclause, a modes subclause, and a properties subclause. 

(L4)      A thread group must not contain a subprogram calls subclause.

Consistency Rules

(C1)The complete source text associated with a process component must form a complete and legal program as defined in the applicable source language standard.  This source text shall include the source text that corresponds to the complete set of subcomponents in the process’s containment hierarchy along with the data and subprograms that are referenced by required subcomponent declarations.

Standard Properties

-- Runtime enforcement of virtual address space boundary
Runtime_Protection : inherit aadlboolean 
-- Properties related to source text
Source_Text: inherit list of aadlstring
Source_Language: inherit list of Supported_Source_Languages 
-- Properties related to virtual address space loading
Load_Time: Time_Range
Load_Deadline: Time
-- Inheritable thread properties
Synchronized_Component: inherit aadlboolean => true
 
Active_Thread_Handling_Protocol: 
   inherit Supported_Active_Thread_Handling_Protocols => abort
Period: inherit Time
Deadline: inherit Time => Period
Dispatch_Offset: inherit Time
-- execution time related properties
Reference_Processor: inherit classifier ( processor )
-- Scheduling related properties
Priority: inherit aadlinteger
-- mode related properties
Resumption_Policy: enumeration ( restart, resume )
Deactivation_Policy: enumeration (inactive, unload) => inactive 
-- process initialization
Startup_Deadline: Time
Startup_Execution_Time: Time_Range
-- Properties specifying constraints memory binding
Allowed_Processor_Binding_Class: 
   inherit list of classifier (processor, virtual processor, system)
Allowed_Processor_Binding: inherit list of reference (processor, virtual processor, system)
Actual_Processor_Binding: inherit list of reference (processor, virtual processor)
Allowed_Connection_Binding_Class: 
   inherit list of classifier(processor, virtual processor, bus, virtual bus, device, memory)
Allowed_Connection_Binding: inherit list of reference (processor, virtual processor, bus, virtual bus, device, memory)
Actual_Connection_Binding: inherit list of reference (processor, virtual processor, bus, virtual bus, device, memory)
Allowed_Memory_Binding_Class: 
   inherit list of classifier (memory, system, processor)     
Allowed_Memory_Binding: inherit list of reference (memory, system, processor)
Actual_Memory_Binding: inherit list of reference (memory)

 

Semantics

(2)   Every process has its own virtual address space.  This address space provides access to source code and data associated with the process and all its contained components.  This address space boundary is by default enforced at runtime, but can be disabled through the Runtime_Protection property.

(3)   Threads contained in a process execute within the virtual address space of the process.   

(4)   Processes may contain subprogram subcomponents.  The code of such subprograms resides in the address space of the process.  The calling semantics to such subprograms are defined in Section 5.2.

(5)   A process may contain mode declarations. In this case, each mode can represent a different configuration of contained threads, their connections, and mode-specific property associations. The transition between modes is determined by the mode transition declarations and is triggered by the arrival of mode transition trigger events (see Sections 12 and 13.6).

(6)   The associated source text for each process is compiled and linked to form binary images in accordance with the applicable source language standard.  These binary images must be loaded into memory before any thread contained in a process can execute, i.e., enter its perform thread initialization state. 

(7)   The time to load binary images into the virtual address space of a process is bounded by the Load_Deadline and Load_Time properties.  The failure to meet these timing requirements is considered an error.

(8)   The process states, transitions, and actions are illustrated in Figure 8.  Once a processor of an execution platform is started, binary images making up the virtual address space of processes bound to the processor are ready to be loaded, which is indicated by started(processor).  If the process is bound to a virtual processor of a processor, then process loading begins when the virtual processor is started, which is indicated by started(vprocessor). Loading may take zero time for binary images that have been preloaded in ROM, PROM, or EPROM.  Completion of loading, which is indicated by loaded(process), triggers threads to be initialized (see Figure 5). 

(9)   A process, i.e., its contained threads, can be stopped (also known as a deferred abort), which is indicated by stop(process) , or by stopping the virtual processor or processor to which the process is bound.  A process is considered stopped when all threads of the process are halted, are awaiting a dispatch, or are not part of the current mode and have executed their finalize entrypoint. 

(10)  A process, i.e., its contained threads, can be aborted, which is indicated by abort(process).  In this case, all contained threads terminate their execution immediately and release any resources (see Figure 5, Figure 6, and Figure 7). 

Figure 8 Process States and Actions

Processing Requirements and Permissions

(11)  A method of implementation must link all associated source text for the complete set of subcomponents of a process, including the process component itself and all actual subcomponents specified for required subcomponents.  This set of source compilation units must form a single complete and legal program as defined by the applicable source language standard.  Linking of this set of source compilation units is performed in accordance with the applicable source language standard for the process.

(12)  If the applicable source language standard used to implement a component permits a mixture of source languages, then subcomponents may have different source language property values.

(13)  This standard permits dynamic virtual memory management or dynamic library linking after process loading has completed and thread execution has started.  However, a method for implementing a system must assure that all deadline properties will be satisfied to the required level of assurance for each thread. 

NOTES:

An AADL process represents only a virtual address space and requires at least one explicitly declared thread subcomponent in order to be executable. The explicitly declared thread in AADL allows for unambiguous specification of port connections to threads. In contrast, a POSIX process represents both a protected address space and an implicit thread.