CVS difference for ai12s/ai12-0171-1.txt

Differences between 1.6 and version 1.7
Log of other versions for file ai12s/ai12-0171-1.txt

--- ai12s/ai12-0171-1.txt	2016/06/07 05:17:19	1.6
+++ ai12s/ai12-0171-1.txt	2016/10/03 22:08:06	1.7
@@ -1,4 +1,4 @@
-!standard D.10(7/2)                                   15-10-05  AI12-0171-1/00
+!standard D.10(7/2)                                   16-10-02  AI12-0171-1/01
 !class binding interpretation 15-10-05
 !status work item 15-10-05
 !status received 15-07-10
@@ -8,7 +8,8 @@
 !subject Ambiguity in Synchronous_Task_Control semantics
-** TBD.
+For a given suspension object, it is a bounded error if more than one task
+calls Suspend_Until_True concurrently.
@@ -70,26 +71,43 @@
-** TBD.
+Add the following section after paragraph D.10(11):
+   Bounded (Run-Time) Errors
+  It is a bounded error for two or more tasks to call Suspend_Until_True
+  on the same Suspension_Object concurrently. Program_Error might be
+  raised in one or more of the tasks; alternatively, it might result in
+  none of the tasks suspending, or in one or more of the tasks
+  suspending, potentially indefinitely, with the state of the
+  Suspension_Object ending up either True or False.
-Following is the editor's ramblings on this topic.
+It is clear that existing implementations take advantage of the lack of
+atomicity between concurrent calls on Suspend_Until_True. After some
+discussion at the most recent International Real Time Ada Workshop, it
+was felt that supporting concurrent calls could add some inefficiency to
+the Suspension_Object construct, which is primarily of interest because
+of its simplicity and potential for high-performance implementation.
+Here are some comments on the example:
 (1) The technique shown in the example will work only for exactly two
 tasks. But exactly two of anything happens very, very rarely in practice --
 after all, the fundemental rule of programming language design is that a
 language feature should be usable zero, one, or many times. Something that
 is usable exactly twice violates that.
+(2) AARM D.10(6.a) implies that design intent was that only a single task ever
+calls Suspend_Until_True.
-(2) With the introduction of the Max_Entry_Queue_Length aspect (see
+(3) With the introduction of the Max_Entry_Queue_Length aspect (see
 AI12-0164-1), it is trivial to declare a protected object without a queue.
 One hopes that implementations will take advantage of this aspect to create
 lightweight POs when Max_Entry_Queue_Length is set to 1 (after all, this is
-the primary purpose of the aspect). If this happens, it will be possible
-to declare a suspension object directly with Ada code, and get the same sort
-of lightweight performance. As such, there will be no good reason for a
-separate definition of suspension objects: they will be equivalent to
+the primary purpose of the aspect). This means that it ought to be possible
+to declare a lightweight PO that allows additional calls. Such a PO could be
     protected type SO with Max_Entry_Queue_Length => 1 is
         procedure Set_True;
@@ -128,6 +146,8 @@
 !ACATS test
+The bounded error is not practically testable in an ACATS test (almost anything
+short of crashing is allowed).

Questions? Ask the ACAA Technical Agent