![]() If shutdown hooks have already been run and on-exit finalization has been enabled, then this method halts the virtual machine with the given status code if the status is nonzero otherwise, it blocks indefinitely. If this method is invoked after the virtual machine has begun its shutdown sequence, then if shutdown hooks are being run, this method will block indefinitely. Once this is performed the virtual machine halts. In the second phase all uninvoked finalizers are run if finalization-on-exit has been enabled. In the first phase all registered shutdown hooks, if any, are started in some unspecified order and allowed to run concurrently until they finish. The virtual machine's shutdown sequence consists of two phases. The argument serves as a status code by convention, a nonzero status code indicates abnormal termination. Terminates the currently running Java virtual machine by initiating its shutdown sequence. According to the Java API, Runtime.exit() : Runtime.exit() is the typical way of exiting a program. Java provides two options for program termination: Runtime.exit() (which is equivalent to System.exit()) and Runtime.halt(). Having inconsistent reactions to a fault can potentially be a vulnerability. The latency of task termination and whether tasks can ignore termination signals should be clearly specified. Ideally, a task that detects a fault within itself should be able to halt leaving its resources available for use by the rest of the program, halt clearing away its resources, or halt the entire program. If a task is critical, it may or may not be restartable by the rest of the program. When a program consists of several tasks, each task may be critical, or not. The reaction to a fault in a system can depend on the criticality of the part in which the fault originates. A system that fails securely, such as cryptologic systems, would maintain maximum security when a fault is detected, possibly through a denial of service. For fail-safe systems, such as flight controllers, traffic signals, or medical monitoring systems, there would be no effort to meet normal operational requirements, but rather to limit the damage or danger caused by the fault. ![]() What is actually done in a fail soft approach can vary depending on whether the system is used for safety critical or security critical purposes. Systems used in a high availability environment such as telephone switching centers, e-commerce, or other "always available" applications would likely use a fail soft approach. The system would keep working with the faults present, but the performance of the system would be degraded. Alternatively, the reaction to a detected fault could be to fail soft. The reaction to a detected fault is to immediately halt the system. The quickest and most noticeable way is to fail hard, also known as fail fast or fail stop. ![]() When a fault is detected, there are many ways in which a system can react. Section 6.46, "Termination Strategy ," says: ![]() When certain kinds of errors are detected, such as irrecoverable logic errors, rather than risk data corruption by continuing to execute in an indeterminate state, the appropriate strategy may be for the system to quickly shut down, allowing the operator to start it afresh in a determinate state.
0 Comments
Leave a Reply. |