Version 1.3 of ai12s/ai12-0064-1.txt
!standard 9.5.1(18) 13-05-09 AI12-0064-1/01
!class Amendment 13-04-22
!status work item 13-04-22
!status received 13-04-22
!priority Medium
!difficulty Medium
!subject Nonblocking subprograms
!summary
Aspect Nonblocking is added.
!problem
During a protected action, it is a bounded error to invoke an operation that
is potentially blocking. There is currently no mechanism (other than a comment)
to specify that a given subprogram is intended to be safely callable during a
protected action (i.e., that the subprogram will not invoke an operation that
is potentially blocking). This seems like a useful part of a subprogram's
"contract" that should be (optionally) specifiable at the point of a
subprogram's declaration.
!proposal
Add an aspect Nonblocking.
!wording
Add at the end of 9.5.1 (as continuation of bounded error section?)
For a callable entity or a generic subprogram, the following
language-defined representation aspect may be specified:
The type of aspect Nonblocking is Boolean. When aspect Nonblocking is
True for an entity, the entity is said to be nonblocking.
If directly specified, the aspect_definition shall be a static
expression. [This aspect is never inherited;] if not directly
specified, the aspect is False.
When a callable entity is nonblocking, a call to the
entity is considered to be within a protected operation for
purposes of the check described above that is associated
with invoking an operation that is potentially blocking
(including interactions with pragma Detect_Blocking (see H.5)).
In addition, a call to an entity that is not a nonblocking
entity is considered potentially blocking for the purposes of the
check.
AARM Ramification: This implies, if Detect_Blocking is set, that
calling a potentially blocking operation from the body of Nonblocking
subprogram raises Program_Error. That includes calling any
non-nonblocking subprograms.
AARM Implementation Note: We make calling non-nonblocking subprograms
from the body of a nonblocking subprogram a bounded error so that
the check can be made statically in the case that pragma Detect_Blocking
is in force. We certainly do not want distributed overhead in the
case where pragma Detect_Blocking is in force, a nonblocking subprogram
that is called from outside of a protected action then calls a normal
subprogram that uses a potentially blocking operation (this case would
require an extra TCB flag or the like to be reliably detected, which
is required in the presence of the pragma).
A subprogram shall be nonblocking if it overrides a dispatching
nonblocking procedure. In addition to the places where Legality
Rules normally apply (see 12.3), this rule applies also in the
private part of an instance of a generic unit.
!discussion
We've modeled this aspect after No_Return, which has a similar purpose
and presumably has already worked out the needed rules.
For this reason, we don't have nonblocking access-to-subprogram types.
One could imagine such a thing, but it would take a number of additional
rules and certainly wouldn't be "keeping it simple".
The rules do not allow calling "normal" subprograms from a nonblocking
subprogram. This allows detecting any potentially blocking operations used
in a nonblocking subprogram statically. This is important if pragma
Detect_Blocking is used, as such detection is required. (Otherwise, this
is just a bounded error and the "mistake" can be ignored with the usual
consequences.)
!example
Using this feature to create an array of tasks that "know" their index
within the array:
subtype Worker_Indexes is Natural range 1 .. 20;
task type Worker (Index : Worker_Indexes := 1) is ...
type Task_Array (Worker_Indexes) of Worker;
function Creator (Index : Worker_Indexes) return Worker is
begin
return Result : Worker (Index);
end Creator;
Worker_Tasks : Task_Array :=
(for Index in Worker_Indexes => Creator (Index));
All of these tasks will be activated together, and they will know
their position in the array (so that they can communicate directly
with the neighbors) without needing an initialization entry call
(which necessarily would serialize the starting of the tasks).
!ASIS
** ASIS queries needed **
!ACATS test
ACATS B-Tests (to test 4.3.3(17-18) and the new rules) and C-Tests.
!appendix
****************************************************************
Questions? Ask the ACAA Technical Agent