Requirements

ARINC APEX The primary objective of this Specification is to define a general-purpose APEX (APplication/EXecutive) interface between the Operating System (O/S) of an avionics computer resource and the application software. Included within this specification, are the interface requirements between the application software and the O/S and the list of services which allow the application software to control the scheduling, communication, and status information of its internal processing elements.

Buffer Services A buffer is a communication object used by processes of a same partition to send or receive messages. In buffers, the messages are queued in FIFO order. The buffer message size is variable, but a maximum size value is given at buffer creation. A buffer must be created during the initialization mode before it can be used. A name is given at buffer creation, this name is local to the partition and is not an attribute of the partition configuration table.

CREATE_BUFFER The CREATE_BUFFER service request is used to create a message buffer with a maximum number of maximum size messages. A BUFFER_ID is assigned by the O/S and returned to the calling process. Processes can create as many buffers as the pre-allocated memory space will support. The QUEUING_DISCIPLINE input parameter indicates the process queuing policy (FIFO or priority order) associated with that buffer.

CREATE_BUFFER.01 RETURN_CODE := INVALID_CONFIG

CREATE_BUFFER.02 RETURN_CODE := NO_ACTION

CREATE_BUFFER.03 RETURN_CODE := INVALID_PARAM

CREATE_BUFFER.04 RETURN_CODE := INVALID_MODE

CREATE_BUFFER.05 BUFFER_ID := (ID of unallocated buffer control block)

CREATE_BUFFER.06 Set the process buffer queuing discipline to QUEUING_DISCIPLINE

CREATE_BUFFER.07 RETURN_CODE := NO_ERROR

CREATE_BUFFER.08

Set the process buffer capacity to MAX_NB_MESSAGE

CREATE_BUFFER.09

Set the process buffer message size to MAX_MESSAGE_SIZE

CREATE_BUFFER.10

The newly created buffer should be empty

SEND_BUFFER The SEND_BUFFER service request is used to send a message in the specified buffer. The calling process will be queued while the buffer is full for a maximum duration of specified time-out.

SEND_BUFFER.01 RETURN_CODE := INVALID_PARAM

SEND_BUFFER.02 store the message in the FIFO message queue of the specified buffer

SEND_BUFFER.03 Remove the first process from the process queue

SEND_BUFFER.04 Copy the message represented by MESSAGE_ADDR and LENGTH into the receiving process’s message area of the RECEIVE service request done by this receiving process

SEND_BUFFER.05 stop the affected time counter

SEND_BUFFER.06 move receiving process from the WAITING to the READY state (except if another process suspended it)

SEND_BUFFER.07 ask for process scheduling

SEND_BUFFER.08 RETURN_CODE := NO_ERROR

SEND_BUFFER.09 RETURN_CODE := NOT_AVAILABLE

SEND_BUFFER.10 RETURN_CODE := INVALID_MODE

SEND_BUFFER.11 set the current process state to WAITING

SEND_BUFFER.12 insert this process in the buffer process queue at the position specified by the queuing discipline

SEND_BUFFER.13 initiate a time counter with duration TIME_OUT

SEND_BUFFER.14 RETURN_CODE := TIMED_OUT

RECEIVE_BUFFER The RECEIVE_BUFFER service request is used to receive a message from the specified buffer. The calling process will be queued while the buffer is empty for a time-out maximum duration.

RECEIVE_BUFFER.01 RETURN_CODE := INVALID_PARAM

RECEIVE_BUFFER.02 copy the first message of the specified buffer message queue to the location represented by MESSAGE_ADDR

RECEIVE_BUFFER.03 LENGTH := Length of the copied message

RECEIVE_BUFFER.04 remove the first waiting process from the process queue

RECEIVE_BUFFER.05 put the message sent by this waiting process in the FIFO message queue

RECEIVE_BUFFER.06 stop the affected time counter

RECEIVE_BUFFER.07 move this sending process from the WAITING to the READY state (except if another process suspended it)

RECEIVE_BUFFER.08 ask for process scheduling

RECEIVE_BUFFER.09 RETURN_CODE := NO_ERROR

RECEIVE_BUFFER.10 RETURN_CODE := NOT_AVAILABLE

RECEIVE_BUFFER.11 RETURN_CODE := INVALID_MODE

RECEIVE_BUFFER.12 set the current process state to WAITING

RECEIVE_BUFFER.13 insert this process in the buffer process queue at the position specified by the queuing discipline

RECEIVE_BUFFER.14 initiate a time counter with duration TIME_OUT

RECEIVE_BUFFER.15 RETURN_CODE := TIMED_OUT

GET_BUFFER_ID The GET_BUFFER_ID service request allows the current process to get the identifier of a buffer giving its name.

GET_BUFFER_ID.01 RETURN_CODE := INVALID_CONFIG

GET_BUFFER_ID.02 BUFFER_ID := (ID of the buffer named BUFFER_NAME)

GET_BUFFER_ID.03 RETURN_CODE := NO_ERROR

GET_BUFFER_STATUS The GET_BUFFER_ID service request allows the current process to get the identifier of a buffer giving its name.

GET_BUFFER_STATUS.01 RETURN_CODE := INVALID_PARAM

GET_BUFFER_STATUS.02 BUFFER_STATUS := (NB_MESSAGE => current number of messages inside the buffer, MAX_NB_MESSAGE => maximum number of messages inside the buffer, MAX_MESSAGE_SIZE => maximum size of messages, WAITING_PROCESSES => the number of waiting processes)

GET_BUFFER_STATUS.02.01 NB_MESSAGE => current number of messages inside the buffer

GET_BUFFER_STATUS.02.02 MAX_NB_MESSAGE => maximum number of messages inside the buffer

GET_BUFFER_STATUS.02.03 MAX_MESSAGE_SIZE => maximum size of messages

GET_BUFFER_STATUS.02.04 WAITING_PROCESSES => the number of waiting processes

GET_BUFFER_STATUS.03 RETURN_CODE := NO_ERROR

Blackboard Services A blackboard is a communication object used by processes of a same partition to send or receive messages. A blackboard does not use message queues, each new occurrence of a message overwrites the current one. The blackboard message size is variable, but a maximum size value is given at blackboard creation. A blackboard must be created during the initialization mode before it can be used. The memory size given in the configuration table should include the memory size necessary to manage all the blackboards of a partition. A name is given at blackboard creation, this name is local to the partition and is not an attribute of the partition configuration table.

CREATE_BLACKBOARD The CREATE_BLACKBOARD service request is used to create a blackboard with a specified message size. A BLACKBOARD_ID is assigned by the O/S and returned to the calling process. Processes can create as many buffers as the pre-allocated memory space will support.

CREATE_BLACKBOARD.01 RETURN_CODE := INVALID_CONFIG

CREATE_BLACKBOARD.02 RETURN_CODE := NO_ACTION

CREATE_BLACKBOARD.03 RETURN_CODE := INVALID_PARAM

CREATE_BLACKBOARD.04 RETURN_CODE := INVALID_MODE

CREATE_BLACKBOARD.05 BLACKBOARD_ID := (ID of unallocated blackboard control block)

CREATE_BLACKBOARD.06 Set the empty indicator to TRUE

CREATE_BLACKBOARD.07 RETURN_CODE := NO_ERROR

DISPLAY_BLACKBOARD The DISPLAY_BLACKBOARD service request is used to display a message in the specified blackboard. The specified blackboard becomes not empty.

DISPLAY_BLACKBOARD.01 RETURN_CODE := INVALID_PARAM

DISPLAY_BLACKBOARD.02 set the empty indicator to OCCUPIED

DISPLAY_BLACKBOARD.03

overwrite the contents of the specified blackboard with the message represented by MESSAGE_ADDR and LENGTH

DISPLAY_BLACKBOARD.04 stop the affected time counters

DISPLAY_BLACKBOARD.05

move them from the WAITING to the READY state (except if another process suspended it)

DISPLAY_BLACKBOARD.06 ask for process scheduling

DISPLAY_BLACKBOARD.07 RETURN_CODE := NO_ERROR

READ_BLACKBOARD The READ_BLACKBOARD service request is used to read a message in the specified blackboard. The calling process will be in waiting state while the blackboard is empty for a time-out maximum duration.

READ_BLACKBOARD.01 RETURN_CODE := INVALID_PARAM

READ_BLACKBOARD.02

copy the message displayed in the specified blackboard

to the location represented by MESSAGE_ADDR

READ_BLACKBOARD.03 LENGTH := Length of the copied message

READ_BLACKBOARD.04 RETURN_CODE := NO_ERROR

READ_BLACKBOARD.05 RETURN_CODE := NOT_AVAILABLE

READ_BLACKBOARD.06 RETURN_CODE := INVALID_MODE

READ_BLACKBOARD.07 set the process state to WAITING

READ_BLACKBOARD.08 ask for process scheduling

READ_BLACKBOARD.09 initiate a time counter with duration TIME_OUT

READ_BLACKBOARD.10 RETURN_CODE := TIMED_OUT

CLEAR_BLACKBOARD The CLEAR_BLACKBOARD service request is used to clear the message of the specified blackboard. The specified blackboard becomes empty.

CLEAR_BLACKBOARD.01 RETURN_CODE := INVALID_PARAM

CLEAR_BLACKBOARD.02 Set the empty indicator of the specified blackboard to EMPTY

CLEAR_BLACKBOARD.03 RETURN_CODE := NO_ERROR

GET_BLACKBOARD_ID The GET_BLACKBOARD_ID service request allows the current process to get the identifier of a blackboard giving its name.

GET_BLACKBOARD_ID.01 RETURN_CODE := INVALID_CONFIG

GET_BLACKBOARD_ID.02 BLACKBOARD_ID := (ID of the blackboard named BLACKBOARD_NAME)

GET_BLACKBOARD_ID.03 RETURN_CODE := NO_ERROR

GET_BLACKBOARD_STATUS The GET_BLACKBOARD_STATUS service request returns the status of the specified blackboard.

GET_BLACKBOARD_STATUS.01 RETURN_CODE := INVALID_PARAM

GET_BLACKBOARD_STATUS.02

BLACKBOARD_STATUS :=

(EMPTY_INDICATOR => the value of the blackboard empty indicator, MAX_MESSAGE_SIZE => maximum size of messages, WAITING_PROCESSES => the number of waiting processes)

GET_BLACKBOARD_STATUS.02.01 EMPTY_INDICATOR => the value of the blackboard empty indicator

GET_BLACKBOARD_STATUS.02.02 MAX_MESSAGE_SIZE => maximum size of messages

GET_BLACKBOARD_STATUS.02.03 WAITING_PROCESSES => the number of waiting processes

GET_BLACKBOARD_STATUS.03 RETURN_CODE := NO_ERROR

Semaphore Services A counting semaphore is a synchronization object commonly used to provide access to partition resources. A semaphore must be created during the initialization mode before it can be used. A name is given at semaphore creation, this name is local to the partition and is not an attribute of the partition configuration table.

CREATE_SEMAPHORE The CREATE_SEMAPHORE service request is used to create a semaphore of a specified current and maximum value. The maximum value parameter is the maximum value that the semaphore can be signaled to. The current value is the semaphores’ starting value after creation. For example, if the semaphore was used to manage access to five resources, and at the time of creation three resources were available, the semaphore would be created with a maximum value of five and a current value of three. The QUEUING_DISCIPLINE input parameter indicates the process queuing policy (FIFO or priority order) associated with that semaphore.

CREATE_SEMAPHORE.01 RETURN_CODE := INVALID_CONFIG

CREATE_SEMAPHORE.02 RETURN_CODE := NO_ACTION

CREATE_SEMAPHORE.03 RETURN_CODE := INVALID_PARAM

CREATE_SEMAPHORE.04 RETURN_CODE := INVALID_MODE

CREATE_SEMAPHORE.05 SEMAPHORE_ID := (ID of unallocated semaphore control block)

CREATE_SEMAPHORE.06 Set the process semaphore queuing discipline to QUEUING_DISCIPLINE

CREATE_SEMAPHORE.07 RETURN_CODE := NO_ERROR

CREATE_SEMAPHORE.08 Initialize semaphore with MAXIMUM_VALUE and CURRENT_VALUE

WAIT_SEMAPHORE The WAIT_SEMAPHORE service request moves the current process from the running state to the waiting state if the current value of the specified semaphore is zero and if the specified time-out is not zero. The process goes on executing if the current value of the specified semaphore is positive and the semaphore current value is decremented.

WAIT_SEMAPHORE.01 RETURN_CODE := INVALID_PARAM

WAIT_SEMAPHORE.02 RETURN_CODE := NOT_AVAILABLE

WAIT_SEMAPHORE.03 RETURN_CODE := INVALID_MODE

WAIT_SEMAPHORE.04 set the current process state to WAITING

WAIT_SEMAPHORE.05

insert this process in the semaphore process queue at the position

specified by the queuing discipline

WAIT_SEMAPHORE.06 ask for process scheduling

WAIT_SEMAPHORE.07 RETURN_CODE := NO_ERROR

WAIT_SEMAPHORE.08 initiate a time counter with duration TIME_OUT

WAIT_SEMAPHORE.09 RETURN_CODE := TIMED_OUT

SIGNAL_SEMAPHORE The SIGNAL_SEMAPHORE service request increments the current value of the specified semaphore. If processes are waiting on that semaphore the first process of the queue is moved from the waiting state to the ready state. A scheduling takes place.

SIGNAL_SEMAPHORE.01 RETURN_CODE := INVALID_PARAM

SIGNAL_SEMAPHORE.02 RETURN_CODE := NO_ACTION

SIGNAL_SEMAPHORE.03 increment the current value of the specified semaphore

SIGNAL_SEMAPHORE.04 RETURN_CODE := NO_ERROR

SIGNAL_SEMAPHORE.05 remove the first process from the semaphore queue

SIGNAL_SEMAPHORE.06 Stop the affected time counter

SIGNAL_SEMAPHORE.07

move it from the WAITING to the READY state (except if another process

suspended it)

SIGNAL_SEMAPHORE.08 ask for process scheduling

GET_SEMAPHORE_ID The GET_SEMAPHORE_ID service request allows the current process to get the identifier of a semaphore giving its name.

GET_SEMAPHORE_ID.01 RETURN_CODE := INVALID_CONFIG

GET_SEMAPHORE_ID.02 SEMAPHORE_ID := (ID of the semaphore named SEMAPHORE_NAME)

GET_SEMAPHORE_ID.03 RETURN_CODE := NO_ERROR

GET_SEMAPHORE_STATUS The GET_SEMAPHORE_STATUS service request returns the status of the specified semaphore.

GET_SEMAPHORE_STATUS.01 RETURN_CODE := INVALID_PARAM

GET_SEMAPHORE_STATUS.02

SEMAPHORE_STATUS :=

(CURRENT_VALUE => Current value of the specified semaphore, MAXIMUM_VALUE => Maximum value of the specified semaphore, WAITING_PROCESSES => the number of waiting processes)

GET_SEMAPHORE_STATUS.02.01 CURRENT_VALUE => Current value of the specified semaphore

GET_SEMAPHORE_STATUS.02.02 MAXIMUM_VALUE => Maximum value of the specified semaphore

GET_SEMAPHORE_STATUS.02.03 WAITING_PROCESSES => the number of waiting processes

GET_SEMAPHORE_STATUS.03 RETURN_CODE := NO_ERROR

Event Services An event is a synchronization object used to notify the occurrence of a condition to processes which may wait for it. An event must be created during the initialization mode before it can be used. A name is given at event creation, this name is local to the partition and is not an attribute of the partition configuration table.

CREATE_EVENT

CREATE_EVENT.01 RETURN_CODE := INVALID_CONFIG

CREATE_EVENT.02 RETURN_CODE := NO_ACTION

CREATE_EVENT.03 RETURN_CODE := INVALID_MODE

CREATE_EVENT.04 EVENT_ID := (ID of unallocated event)

CREATE_EVENT.05 Set the event state to DOWN

CREATE_EVENT.06 RETURN_CODE := NO_ERROR

SET_EVENT

SET_EVENT.01 RETURN_CODE := INVALID_PARAM

SET_EVENT.02 set the specified event in UP state

SET_EVENT.03 stop the affected time counters

SET_EVENT.04

move each of these processes from the WAITING state to READY state (except

if another process suspended it)

SET_EVENT.05 ask for process scheduling

SET_EVENT.06 RETURN_CODE := NO_ERROR

RESET_EVENT

RESET_EVENT.01 RETURN_CODE := INVALID_PARAM

RESET_EVENT.02 Sets the specified event in DOWN state

RESET_EVENT.03 RETURN_CODE := NO_ERROR

WAIT_EVENT

WAIT_EVENT.01 RETURN_CODE := INVALID_PARAM

WAIT_EVENT.02 RETURN_CODE := NO_ERROR

WAIT_EVENT.03 RETURN_CODE := NOT_AVAILABLE

WAIT_EVENT.04 RETURN_CODE := INVALID_MODE

WAIT_EVENT.05 set the current process state to WAITING

WAIT_EVENT.06 ask for process scheduling

WAIT_EVENT.07 initiate a time counter with duration TIME_OUT

WAIT_EVENT.08 RETURN_CODE := TIMED_OUT

GET_EVENT_ID

GET_EVENT_ID.01 RETURN_CODE := INVALID_CONFIG

GET_EVENT_ID.02 EVENT_ID := (ID of the event named NAME)

GET_EVENT_ID.03 RETURN_CODE := NO_ERROR

GET_EVENT_STATUS

GET_EVENT_STATUS.01 RETURN_CODE := INVALID_PARAM

GET_EVENT_STATUS.02 EVENT_STATUS :=
(EVENT_STATE => state of the specified event,
WAITING_PROCESSES => the number of waiting processes)

GET_EVENT_STATUS.02.01 EVENT_STATE => state of the specified event

GET_EVENT_STATUS.02.02 WAITING_PROCESSES => the number of waiting processes

GET_EVENT_STATUS.03 RETURN_CODE := NO_ERROR

Partition Management Services

GET_PARTITION_STATUS The GET_PARTITION_STATUS service request is used to obtain the status of the current partition.

GET_PARTITION_STATUS.01 PARTITION_STATUS := current value of partition status

GET_PARTITION_STATUS.02 RETURN_CODE := NO_ERROR

SET_PARTITION_MODE The SET_PARTITION_MODE service request is used to set the operating mode of the current partition to normal after the application portion of the initialization of the partition is complete. The service is also expected to be used for setting the partition back to idle (partition shutdown), and to cold start or warm start (partition restart), when a serious fault is detected and processed.

SET_PARTITION_MODE.01 RETURN_CODE := INVALID_PARAM

SET_PARTITION_MODE.02 RETURN_CODE := NO_ACTION

SET_PARTITION_MODE.03 RETURN_CODE := INVALID_MODE

SET_PARTITION_MODE.04 set current partition’s operating_mode := OPERATING_MODE

SET_PARTITION_MODE.05 shut down the partition

SET_PARTITION_MODE.06 inhibit process scheduling and switch back to initialization mode

SET_PARTITION_MODE.07 set first release points of all previously started periodic processes to their next partition period

SET_PARTITION_MODE.08 set first release points of all previously delay started periodic processes to their next partition period, including their delay times

SET_PARTITION_MODE.09 calculate the DEADLINE_TIME of all non-dormant processes in the partition

SET_PARTITION_MODE.10 activate the process scheduling

SET_PARTITION_MODE.11 RETURN_CODE := NO_ERROR

Process Management Services The scope of a process management service is restricted to its partition. A process must be created during the initialization phase before it can be used.

GET_PROCESS_ID The GET_PROCESS_ID service request allows a process to obtain a process identifier by specifying the process name.

GET_PROCESS_ID.01 RETURN_CODE := INVALID_CONFIG

GET_PROCESS_ID.02 PROCESS_ID := (ID of the process named PROCESS_NAME)

GET_PROCESS_ID.03 RETURN_CODE := NO_ERROR

GET_PROCESS_STATUS The GET_PROCESS_STATUS service request returns the current status of the specified process. The current operating status of each of the individual processes of a partition is available to all processes within that partition.

GET_PROCESS_STATUS.01 RETURN_CODE := INVALID_PARAM

GET_PROCESS_STATUS.02 RETURN_CODE := NO_ERROR

GET_PROCESS_STATUS.03 PROCESS_STATUS := current value of process status

CREATE_PROCESS The CREATE_PROCESS service request creates a process and returns an identifier that denotes the created process. Partitions can create as many processes as the pre-allocated memory space will support. Consistency among process parameters and partition parameters are checked.

CREATE_PROCESS.01 RETURN_CODE := INVALID_CONFIG

CREATE_PROCESS.02 RETURN_CODE := NO_ACTION

CREATE_PROCESS.03 RETURN_CODE := INVALID_PARAM

CREATE_PROCESS.04 RETURN_CODE := INVALID_MODE

CREATE_PROCESS.05 set the process attributes to ATTRIBUTES

CREATE_PROCESS.06 set the process state to DORMANT

CREATE_PROCESS.07 reset context and stack

CREATE_PROCESS.08 PROCESS_ID := identifier of the created process

CREATE_PROCESS.09 RETURN_CODE := NO_ERROR

SET_PRIORITY The SET_PRIORITY service request changes a process’s current priority. The process is placed as the newest process with that priority in the ready state. Process rescheduling is performed after this service request only when the process whose priority is changed is in the ready or running state.

SET_PRIORITY.01 RETURN_CODE := INVALID_PARAM

SET_PRIORITY.02 RETURN_CODE := INVALID_MODE

SET_PRIORITY.03 set the current priority of the specified process to PRIORITY

SET_PRIORITY.04 ask for process scheduling

SET_PRIORITY.05 RETURN_CODE := NO_ERROR

SUSPEND_SELF The SUSPEND_SELF service request suspends the execution of the current process if aperiodic, until the RESUME service request is issued or the specified time-out value expires.

SUSPEND_SELF.01 RETURN_CODE := INVALID_MODE

SUSPEND_SELF.02 RETURN_CODE := INVALID_PARAM

SUSPEND_SELF.03 RETURN_CODE := NO_ERROR

SUSPEND_SELF.04 set the current process state to WAITING

SUSPEND_SELF.05 initiate a time counter with duration TIME_OUT

SUSPEND_SELF.06 ask for process scheduling

SUSPEND_SELF.07 RETURN_CODE := TIMED_OUT

SUSPEND The SUSPEND service request allows the current process to suspend the execution of any aperiodic process except itself, until the suspended process is resumed by another process. If the process is pending in a queue at the time it is suspended, it is not removed from that queue. When it is resumed, it will continue pending unless it has been removed from the queue (either by occurrence of a condition or expiration of a time-out or a reset of the queue) before the end of its suspension.

SUSPEND.01 RETURN_CODE := INVALID_MODE

SUSPEND.02 RETURN_CODE := INVALID_PARAM

SUSPEND.03 RETURN_CODE := NO_ACTION

SUSPEND.04 set the specified process state to WAITING

SUSPEND.05 RETURN_CODE := NO_ERROR

RESUME The RESUME service request allows the current process to resume another previously suspended process. The resumed process will become ready if it is not waiting on a resource (delay, semaphore, period, event, message). A periodic process cannot be suspended, so it can not be resumed.

RESUME.01 RETURN_CODE := INVALID_PARAM

RESUME.02 RETURN_CODE := INVALID_MODE

RESUME.03 RETURN_CODE := NO_ACTION

RESUME.04 stop the affected time counter

RESUME.05 set the specified process state to READY

RESUME.06 ask for process scheduling

RESUME.07 RETURN_CODE := NO_ERROR

STOP_SELF The STOP_SELF service request allows the current process to stop itself. If the current process is not the error handler process, the partition is placed in the unlocked condition. This service should not be called when the partition is in the WARM_START or the COLD_START mode. In this case, the behavior of this service is not defined.

STOP_SELF.01 release all the resources used by the current process

STOP_SELF.02 reset the LOCK_LEVEL counter

STOP_SELF.03 Set the current process state to DORMANT

STOP_SELF.04 return to previous process

STOP_SELF.05 ask for process scheduling

STOP The STOP service request makes a process ineligible for processor resources until another process issues the START service request.

STOP.01 RETURN_CODE := INVALID_PARAM

STOP.02 RETURN_CODE := NO_ACTION

STOP.03 set the specified process state to DORMANT

STOP.04 release all the resources used by the specified process

STOP.05 reset the LOCK_LEVEL counter

STOP.06 remove the process from the pending queue

STOP.07 RETURN_CODE := NO_ERROR

START The START service request initializes all attributes of a process to their default values, resets the runtime stack of the process. If the partition is in the NORMAL mode, the process’ deadline expiration time and next release point are calculated.

START.01 RETURN_CODE := INVALID_PARAM

START.02 RETURN_CODE := NO_ACTION

START.03 set the current priority of specified process to its base priority

START.04 reset context and stack

START.05 set the specified process state to READY

START.06 set the DEADLINE_TIME value for the specified process to
(current system clock plus TIME_CAPACITY)

START.07 ask for process scheduling

START.08 set the specified process state to WAITING

START.09 RETURN_CODE := NO_ERROR

START.10 set the first release point of the specified process

START.11 set the DEADLINE_TIME value for the specified process to
(first release point plus TIME_CAPACITY)

DELAYED_START The DELAYED_START service request initializes all attributes of a process to their default values, resets the runtime stack of the process, and places the process into the waiting state, i.e., the specified process goes from dormant to waiting. If the partition is in the normal operating mode, the process’s release point is calculated with the specified delay time and the process’ deadline expiration time is also calculated.

DELAYED_START.01 RETURN_CODE := INVALID_PARAM

DELAYED_START.02 RETURN_CODE := NO_ACTION

DELAYED_START.03 set the current priority of specified process to its base priority

DELAYED_START.04 reset context and stack

DELAYED_START.05 set the specified process state to READY

DELAYED_START.06 set the DEADLINE_TIME value for the specified process to
(current system clock plus TIME_CAPACITY)

DELAYED_START.07 set the specified process state to WAITING

DELAYED_START.08 initiate a time counter with duration DELAY_TIME

DELAYED_START.09 ask for process scheduling

DELAYED_START.10 RETURN_CODE := NO_ERROR

DELAYED_START.11 set the first release point of the specified process
including the delay time

DELAYED_START.12 set the DEADLINE_TIME value for the specified process to
(first release point + TIME_CAPACITY)

LOCK_PREEMPTION The LOCK_PREEMPTION service request increments the lock level of the partition and disables process rescheduling for a partition.

LOCK_PREEMPTION.01 RETURN_CODE := NO ACTION

LOCK_PREEMPTION.02 RETURN_CODE := INVALID_CONFIG

LOCK_PREEMPTION.03 LOCK_LEVEL := LOCK_LEVEL + 1

LOCK_PREEMPTION.04 RETURN_CODE := NO_ERROR

UNLOCK_PREEMPTION The UNLOCK_PREEMPTION service request decrements the current lock level of the partition. The process rescheduling function is performed only when the lock level becomes zero.

UNLOCK_ PREEMPTION.01 RETURN_CODE := NO_ACTION

UNLOCK_ PREEMPTION.02 LOCK_LEVEL := LOCK_LEVEL - 1

UNLOCK_ PREEMPTION.03 ask for process scheduling

UNLOCK_ PREEMPTION.04 RETURN_CODE := NO_ERROR

GET_MY_ID The GET_MY_ID service request returns the process identifier of the current process.

GET_MY_ID.01 RETURN_CODE := INVALID_MODE

GET_MY_ID.02 PROCESS_ID := ID of the current process

GET_MY_ID.03 RETURN_CODE := NO_ERROR

Time Management Services

TIMED_WAIT The TIMED_WAIT service request suspends execution of the requesting process for a minimum amount of elapsed time. A delay time of zero allows round-robin scheduling of processes of the same priority.

TIMED_WAIT.01 RETURN_CODE := INVALID_MODE

TIMED_WAIT.02 RETURN_CODE := INVALID_PARAM

TIMED_WAIT.03 Set the current process state to READY

TIMED_WAIT.04 Ask for process scheduling

TIMED_WAIT.05 Set the current process state to WAITING

TIMED_WAIT.06 Initiate a time counter with duration DELAY_TIME

TIMED_WAIT.07 RETURN_CODE := NO_ERROR

PERIODIC_WAIT The PERIODIC_WAIT service request suspends execution of the requesting process until the next release point in the processor time line that corresponds to the period of the process.

PERIODIC_WAIT.01 RETURN_CODE := INVALID_MODE

PERIODIC_WAIT.02 Set the requesting process state to WAITING

PERIODIC_WAIT.03 Next release point := process period plus previous release point

PERIODIC_WAIT.04 DEADLINE_TIME := time of next release point + TIME_CAPACITY

PERIODIC_WAIT.05 Ask for process scheduling

PERIODIC_WAIT.06 RETURN_CODE := NO_ERROR

GET_TIME The service GET_TIME requests the value of the system clock. The system clock is the value of a clock common to all processors in the module.

GET_TIME.01 SYSTEM_TIME := current system clock

GET_TIME.02 RETURN_CODE := NO_ERROR

REPLENISH The REPLENISH service request updates the deadline of the requesting process with a specified BUDGET_TIME value. It is not allowed to postpone a periodic process’ deadline past its next release point.

REPLENISH.01 RETURN_CODE := NO_ACTION

REPLENISH.02 RETURN_CODE := INVALID_MODE

REPLENISH.03 RETURN_CODE := INVALID_PARAM

REPLENISH.04 Set a new DEADLINE_TIME value for the current process
(current system clock + BUDGET_TIME)

REPLENISH.05 RETURN_CODE := NO_ERROR

Sampling Port Services A sampling port is a communication object allowing a partition to access a channel of communication configured to operate in sampling mode. Each new occurrence of a message overwrites the previous one. Messages may have a variable length. A refresh period attribute applies to reception ports. A validity output parameter indicates whether the age of the read message is consistent with the required refresh period attribute of the port. The REFRESH_PERIOD attribute indicates the maximum acceptable age of a valid message, from the time it was received in the port. A port must be created during the initialization phase before it can be used.

CREATE_SAMPLING_PORT The CREATE_SAMPLING_PORT service request is used to create a sampling port. An identifier is assigned by the O/S and returned to the calling process. For a source port, the refresh period is meaningless. At creation, the port is empty.

CREATE_SAMPLING_PORT.01 RETURN_CODE := INVALID_CONFIG

CREATE_SAMPLING_PORT.02 RETURN_CODE := NO_ACTION

CREATE_SAMPLING_PORT.03 RETURN_CODE := INVALID_MODE

CREATE_SAMPLING_PORT.04 SAMPLING_PORT_ID := identifier assigned by O/S to sampling port named
SAMPLING_PORT_NAME

CREATE_SAMPLING_PORT.05 RETURN_CODE := NO_ERROR

WRITE_SAMPLING_MESSAGE The WRITE_SAMPLING_MESSAGE service request is used to write a message in the specified sampling port. The message overwrites the previous one.

WRITE_SAMPLING_MESSAGE.01 RETURN_CODE := INVALID_PARAM

WRITE_SAMPLING_MESSAGE.02 RETURN_CODE := INVALID_CONFIG

WRITE_SAMPLING_MESSAGE.03 write the message represented by MESSAGE ADDR and LENGTH into the specified port

WRITE_SAMPLING_MESSAGE.04 RETURN_CODE := NO_ERROR

READ_SAMPLING_MESSAGE The READ_SAMPLING_MESSAGE service request is used to read a message in the specified sampling port. A validity output parameter indicates whether the age of the read message is consistent with the required refresh rate attribute of the port.

READ_SAMPLING_MESSAGE.01 RETURN_CODE := INVALID_PARAM

READ_SAMPLING_MESSAGE.02 RETURN_CODE := INVALID_MODE

READ_SAMPLING_MESSAGE.03 VALIDITY := INVALID

READ_SAMPLING_MESSAGE.04 RETURN_CODE := NO_ACTION

READ_SAMPLING_MESSAGE.05 copy last correct message arrived in the specified port to the location
represented by MESSAGE_ADDR

READ_SAMPLING_MESSAGE.06 LENGTH := length of the copied message

READ_SAMPLING_MESSAGE.07 VALIDITY := VALID

READ_SAMPLING_MESSAGE.08 RETURN_CODE := NO_ERROR

READ_SAMPLING_MESSAGE.09 update validity in status of the port

GET_SAMPLING_PORT_ID The GET_SAMPLING_PORT_ID service allows a process to obtain a sampling port identifier by specifying the sampling port name.

GET_SAMPLING_PORT_ID.01 RETURN_CODE := INVALID_CONFIG

GET_SAMPLING_PORT_ID.02 SAMPLING_PORT_ID := (ID of the sampling port named SAMPLING_PORT_NAME)

GET_SAMPLING_PORT_ID.03 RETURN_CODE := NO_ERROR

GET_SAMPLING_PORT_STATUS The GET_SAMPLING_PORT_STATUS service returns the current status of the specified sampling port.

GET_SAMPLING_PORT_STATUS.01 RETURN_CODE := INVALID_PARAM

GET_SAMPLING_PORT_STATUS.02 SAMPLING_PORT_STATUS := current value of port status

GET_SAMPLING_PORT_STATUS.03 RETURN_CODE := NO_ERROR

Queuing Port Services A queuing port is a communication object allowing a partition to access a channel of communication configured to operate in queuing mode. Messages are stored in FIFO order. Messages have variable length. In queuing mode, each new instance of a message cannot overwrite the previous one stored in the send or receive FIFO. However, if the receiving FIFO is full, new messages may be discarded, an appropriate value of return_code is set in accordance.

CREATE_QUEUING_PORT The CREATE_QUEUING_PORT service is used to create a port of communication operating in queuing mode. An identifier is assigned by the O/S and returned to the calling process. At creation, the port is empty. The QUEUING_DISCIPLINE attribute indicates whether blocked processes are queued in FIFO, or in priority order.

CREATE_QUEUING_PORT.01 RETURN_CODE := INVALID_CONFIG

CREATE_QUEUING_PORT.02 RETURN_CODE := NO_ACTION

CREATE_QUEUING_PORT.03 RETURN_CODE := INVALID_MODE

CREATE_QUEUING_PORT.04 QUEUING_PORT_ID := identifier assigned by the O/S to the port named
QUEUING_PORT_NAME

CREATE_QUEUING_PORT.05 RETURN_CODE := NO_ERROR

SEND_QUEUING_MESSAGE The SEND_QUEUING_MESSAGE service request is used to send a message in the specified queuing port. If there is sufficient space in the queuing port to accept the message, the message is added to the end of the port’s message queue. If there is insufficient space, the process is blocked and added to the sending process queue, according to the queuing discipline of the port. The process stays on the queue until the specified time-out, if finite, expires or space becomes free in the port to accept the message.

SEND_QUEUING_MESSAGE.01 RETURN_CODE := INVALID_PARAM

SEND_QUEUING_MESSAGE.02 RETURN_CODE := INVALID_CONFIG

SEND_QUEUING_MESSAGE.03 RETURN_CODE := INVALID_MODE

SEND_QUEUING_MESSAGE.04 insert the message represented by MESSAGE_ADDR and LENGTH in the FIFO message queue of the specified port

SEND_QUEUING_MESSAGE.05 RETURN_CODE := NO_ERROR

SEND_QUEUING_MESSAGE.06 RETURN_CODE := NOT_AVAILABLE

SEND_QUEUING_MESSAGE.07 initiate a time counter with duration TIME_OUT

SEND_QUEUING_MESSAGE.08 set the current process state to WAITING

SEND_QUEUING_MESSAGE.09 insert the process in the sending process queue according to the queuing
discipline of the specified port

SEND_QUEUING_MESSAGE.10 ask for process scheduling

SEND_QUEUING_MESSAGE.11 RETURN_CODE := TIMED_OUT

SEND_QUEUING_MESSAGE.12 stop the time counter

RECEIVE_QUEUING_MESSAGE The RECEIVE_QUEUING_MESSAGE service request is used to receive a message from the specified queuing port. If the queuing port is not empty, the message at the head of the port’s message queue is removed and returned to the calling process. If the queuing port is empty, the process is blocked and added to the receiving process queue, according to the queuing discipline of the port. The process stays on the queue until the specified time-out, if finite, expires or a message arrives in the port.

RECEIVE_QUEUING_MESSAGE.01 RETURN_CODE := INVALID_PARAM

RECEIVE_QUEUING_MESSAGE.02 RETURN_CODE := INVALID_MODE

RECEIVE_QUEUING_MESSAGE.03 copy the first message of the port’s message queue to the
Location represented by MESSAGE_ADDR

RECEIVE_QUEUING_MESSAGE.04 remove that message from the port’s message queue

RECEIVE_QUEUING_MESSAGE.05 LENGTH := length of the copied message

RECEIVE_QUEUING_MESSAGE.06 RETURN_CODE := INVALID_CONFIG

RECEIVE_QUEUING_MESSAGE.07 RETURN_CODE := NO_ERROR

RECEIVE_QUEUING_MESSAGE.08 RETURN_CODE := NOT_AVAILABLE

RECEIVE_QUEUING_MESSAGE.09 initiate a time counter with duration TIME_OUT

RECEIVE_QUEUING_MESSAGE.10 set the current process state to WAITING

RECEIVE_QUEUING_MESSAGE.11 insert the process in the receiving process queue according to the
queuing discipline of the specified port

RECEIVE_QUEUING_MESSAGE.12 ask for process scheduling

RECEIVE_QUEUING_MESSAGE.13 RETURN_CODE := TIMED_OUT

RECEIVE_QUEUING_MESSAGE.14 stop the time counter

GET_QUEUING_PORT_ID The GET_QUEUING_PORT_ID service allows a process to obtain a queuing port identifier by specifying the queuing port name.

GET_QUEUING_PORT_ID.01 RETURN_CODE := INVALID_CONFIG

GET_QUEUING_PORT_ID.02 QUEUING_PORT_ID := (ID of the queuing port named QUEUING_PORT_NAME)

GET_QUEUING_PORT_ID.03 RETURN_CODE := NO_ERROR

GET_QUEUING_PORT_STATUS The GET_QUEUING_PORT_STATUS service returns the current status of the specified queuing port.

GET_QUEUING_PORT_STATUS.01 RETURN_CODE := INVALID_PARAM

GET_QUEUING_PORT_STATUS.02 QUEUING_PORT_STATUS := current value of port status

GET_QUEUING_PORT_STATUS.03 RETURN_CODE := NO_ERROR

Health Monitoring Services

REPORT_APPLICATION_MESSAGE The REPORT_APPLICATION_MESSAGE service request allows the current partition to transmit a message to the HM function if it detects an erroneous behavior. REPORT_APPLICATION_MESSAGE may be used to record an event for logging purposes.

REPORT_APPLICATION_MESSAGE.01 RETURN_CODE := INVALID_PARAM

REPORT_APPLICATION_MESSAGE.02 transmit the message represented by MESSAGE_ADDR and LENGTH to the Health Monitoring function

REPORT_APPLICATION_MESSAGE.03 RETURN_CODE := NO_ERROR

CREATE_ERROR_HANDLER The CREATE_ERROR_HANDLER service request creates an error handler process for the current partition.

CREATE_ERROR_HANDLER.01 RETURN_CODE := NO_ACTION

CREATE_ERROR_HANDLER.02 RETURN_CODE := INVALID_CONFIG

CREATE_ERROR_HANDLER.03 RETURN_CODE := INVALID_MODE

CREATE_ERROR_HANDLER.04 Create a special process with the highest priority,
ENTRY_POINT and STACK_SIZE attributes

CREATE_ERROR_HANDLER.05 RETURN_CODE := NO_ERROR

GET_ERROR_STATUS The GET_ERROR_STATUS service must be used by the error handler process to determine the error code, the identifier of the faulty process, the address at which the error occurs, and the message associated with the fault. If more than one process is faulty, this service must be called in a loop in the error handler until there are no more processes in error.

GET_ERROR_STATUS.01 RETURN_CODE := INVALID_CONFIG

GET_ERROR_STATUS.02 RETURN_CODE := NO_ACTION

GET_ERROR_STATUS.03 ERROR_STATUS := error status of the first process in the process error list

GET_ERROR_STATUS.04 Clear this error

GET_ERROR_STATUS.05 RETURN_CODE := NO_ERROR

RAISE_APPLICATION_ERROR The RAISE_APPLICATION_ERROR service request allows the current partition to invoke the error handler process for a specific error code. The error handler of the partition is then started (if created) to take the recovery action for the process which raises the error code. Otherwise (if the error handler is not created) the error is considered a partition level error. The message passed may be read with the GET_ERROR_STATUS service. If the RAISE_APPLICATION_ERROR service is requested by the error handler process, the error is considered a partition level error. In this case the recovery action for the error specified by the Partition HM table of the current partition is automatically applied.

RAISE_APPLICATION_ERROR.01 RETURN_CODE := INVALID_PARAM

RAISE_APPLICATION_ERROR.02 RETURN_CODE := INVALID_PARAM

RAISE_APPLICATION_ERROR.03 Take the recovery action described for the error code in the current
Partition HM table

RAISE_APPLICATION_ERROR.04 Start the error handler process for the error code in the current process

RAISE_APPLICATION_ERROR.05 Ask for process scheduling

RAISE_APPLICATION_ERROR.06 RETURN_CODE := NO_ERROR