Javacard object deletion and garbage collection design

Javacard object Design of deletion and garbage collection

-- By Caesar

Object Storage:

ObjectHeapUnified management,RefRead the fixed-lengthHeapHeader.

Permanent object:HeapbodyStored inNVMAndTLV.HeapHeader storage pointHeapbody.

Temporary object:HeapbodyIs the preset global array.HeapThe header does not store the offset. The offset is calculated based on the space of all temporary objects before the index. Because the calculation amount for obtaining the offset is relatively largeCache(See the appendix1)

Object deletion:

Permanent object: DeleteHeapHeader. And deleteHeapbodyIfHeapbodyEmpty blocks are merged into a large empty block.

Temporary object: DeleteHeapHeader. The Global Array corresponds to the offset data and automatically moves the object forward in bytes.

Garbage collection:

The system can callJcsystem.Isobjectdeletionsupported andJcsystem.Requestobjectdeletion.

Definition of spam objects:

InJavaIn the environment, spam objects refer to objects that are not referenced by valid objects. InJavacardIn the environment, valid objects are defined as the following objects:

1. JRESystem Object.

2. Specify common objects that cannot be recycled by garbage collection.

3. PackageStatic ImageObject.

4. ApplicationInstanceInstance Object.

5. JavaThe object pointed to by the reference type variable in the running stack and Temporary Variable Area.

6. objects directly or indirectly referenced by the preceding objects.

All objects that do not conform to the preceding valid object description are called spam objects.

Traversal of Object Reference relationships:

Based on the description of the spam object, we can see that if you want to recycle garbage, you must first determine all valid objects. Because it is difficult to analyze the data types in the running stack, we usually chooseJavaStart garbage collection when the running stack is empty. Because the reference relationship of objects is deep and cross, it cannot be processed using a fixed dimension loop. The traversal logic is:

1. Apply for a large cache space. Each object references twoBit. Initially00.

2. traverse allPKGIndex to obtain the correspondingStatic ImageAnd set the flag10.

3. traverse allAppIndex to obtain the correspondingInstanceInstance Object reference, and set the corresponding flag10.

4. traverse allOBJIndex to obtain references to all objects that cannot be recycled, and set the corresponding flag10.

5. cyclically traverse the buffer and find all flag spaces10Obtain the reference of all objects directly referenced by this object (see appendix ).2), And set the corresponding flag1x. Then, set your flag11. Continues until the flag bit is no longer found10.

6. In the current buffer, the flag is11Is a valid object, the flag is00Is the spam object. Further processing can be performed on this basis.

The first flag indicates the validity of the object, and the second sign indicates whether the reference relationship of the object has been expanded. The above logic is to set the root node of the valid object and expand it all. The end of the loop indicates that the loop cannot be found.10This means that no valid object is not expanded.

Where1-4Method:Bool mmgc_objmap_init (p_fram (u08) mapbuf, 2010maplen)

5 of themMethod:VoidMmgc_objmap_traverse (p_fram (u08) mapbuf)

Where6Method:Bool mmgc_objmap_operate (u08 u8scope, u08 u8condition, u08 u8optype, p_fram (u08) mapbuf, heapref ref)

Garbage collection process:

We can see that the implementation of garbage collection: when usersProgramCallAPIWhen trying to recycle garbage, the system does not operate immediately (the running stack is not empty), but recordsFlg. Until next timeProcessBefore the entry point method is executed, determineFlg, ResetFlagAnd delete the object according to the preceding steps.

If (g_bgcflag & vmframe_isempty ())

{

G_bgcflag = false;

Mmgc_objmap_init (g_pau8tempbuf, mmobj_temp_buf_size );

Mmgc_objmap_traverse (g_pau8tempbuf );

Mmgc_objmap_operate (mmgc_op_scope_notin_map, mmgc_op_condition_none, mmgc_op_type_del, g_pau8tempbuf, mm_ref_null );

}

Delete An application:

When the user calls globalplatformOfDeleteWhen trying to delete an application, you must first determine whether the application is active in all logical channels, and then determine the dependency, the principle is that any object of the application (objectowner = thisapp) Cannot be directly or indirectly referenced by other application objects. Or wrappedStatic ImageDirectly or indirectly. (As a special application, the dependency is too complex and cannot be deleted)

Combined with the garbage collection process, the logic of this process is similar. After step 4AppCorrespondingInstanceInstance Object andAidObject reset00. DeleteAppThe entry point object and the associatedJcresObject. After traversing, determine whether the object of the application exists in the valid object. If the object does not exist, it indicates that the object of the application is not directly or indirectly referenced by other valid objects, and can be deleted. Otherwise, it cannot be deleted. The process of deletion is the same as that of garbage collection.00. Note,AidAs associatedJcresObject that does not participate in the judgment of the reference relationship, but is involved in the collection. As follows:

Mmgc_objmap_init (apdu_buffer, systp_iso_apdu_buffer_size );

Mmgc_objmap_resetapp (apdu_buffer, arapp );

Mmgc_objmap_traverse (apdu_buffer );

// Ref by other object

If (mmgc_objmap_operate (mmgc_op_scope_in_map, mmgc_op_condition_owner_eq, mmgc_op_type_ret, apdu_buffer, arapp ))

{

Sysexcp_throwiso (iso_sw_conditions_not_satisfied );

}

// Delete appref

Sysreg_delete (arapp );

// Delete All OBJ of app

Mmgc_objmap_operate (mmgc_op_scope_notin_map, mmgc_op_condition_none, mmgc_op_type_del, apdu_buffer, mm_ref_null );

Delete package:

When the user calls globalplatformOfDeleteWhen trying to delete a package, the command first needs to determine whether the application that belongs to the package is activated in all logical channels and whether the package is explicitly imported by other packages..Then we need to determine the dependency. The principle is that any object in the package (context = thispkg. Or other packagesStatic ImageDirectly or indirectly.

Combined with the garbage collection and application deletion processes, the process logic is similar. After step 4PKGCorrespondingStatic ImageObject and all applicationsInstanceInstance Object andAidObject reset00. DeletePKGThe entry point object and the associatedJcresObject. After traversing, determine whether the object of the package exists in the valid object. If the object does not exist, it indicates that the object of the application is not directly or indirectly referenced by other valid objects, and can be deleted. Otherwise, it cannot be deleted. The process of deletion is the same as that of garbage collection.00. Note,AidAs associatedJcresObject that does not participate in the judgment of the reference relationship, but is involved in the collection. As follows:

// Perform dependency checks

Mmgc_objmap_init (apdu_buffer, systp_iso_apdu_buffer_size );

//

Mmgc_objmap_resetpkg (apdu_buffer, prpkg, (bool) (iso_p2 = 0x80 ));

//

Mmgc_objmap_traverse (apdu_buffer );

If (mmgc_objmap_operate (mmgc_op_scope_in_map, mmgc_op_condition_context_eq, mmgc_op_type_ret, apdu_buffer, prpkg ))

{

Sysexcp_throwiso (iso_sw_conditions_not_satisfied );

}

If (iso_p2 = 0x80)

{

// Delete appref

Deleteappinpkg (prpkg );

}

// Delete pkgref

Mmheap_delete (prpkg );

// Delete All package object mmgc_objmap_operate (mmgc_op_scope_notin_map, mmgc_op_condition_none, mmgc_op_type_del, apdu_buffer, mm_ref_null );

Space Management Policy:

In view of the storage method of permanent objects, it is not suitable for large-scale migration and sorting. The maximum download capability of the system is not the total space of all empty blocks, but the heapbodyMaximumTLVBlock is restricted. Therefore, we need to guard against the fragmentation of space. Space fragmentation occurs in the following situations.

Cross-download and delete operations in user behavior:

User download packageA, PackageB, DeleteA, Will cause the packageBSplit two empty blocks and the maximum space is no longerMax-B.

Objects in system behavior:

User download packageA, RunAThe application process is calledAPIGeneratedJcresSystem Object. (RatioFor example, someStatic ref), DeleteA. This system object will be split into two empty blocks, and the maximum space will no longer beMax.

we cannot control user behavior. We can only minimize the number of objects generated during the API operation. Objects without Field do not have this restriction. We recommend that you delete all applications and packages and re-download and install them before large-scale downloads.