CVS difference for ais/ai-00249.txt
--- ais/ai-00249.txt 2002/06/14 23:48:55 1.5
+++ ais/ai-00249.txt 2002/07/23 01:05:24 1.6
@@ -1,4 +1,4 @@
-!standard D.2.2 (5) 02-06-11 AI95-00249/04
+!standard D.2.2 (5) 02-07-17 AI95-00249/05
!standard D.7 (00)
!class amendment 00-12-04
!status work item 00-12-04
@@ -9,7 +9,7 @@
-New pragmas and restrictions are proposed to directly support the Ravenscar
+New pragmas are proposed to directly support the Ravenscar
Profile -- an execution time profile suitable for use in High-Integrity and
@@ -27,10 +27,8 @@
runtime profile identifier "Ravenscar" to be defined in the standard and
specifies its semantics.
-The proposal also introduces several new restriction identifiers to define
-runtime behaviors that are to be restricted when using the Ravenscar profile.
-These identifiers may be used to specify runtime behavior which is independent
-of the Ravenscar definition.
+The proposal assumes that additional Restriction identifiers and pragma
+Detect_Blocking have been defined (see AI-305).
A runtime profile is an alternative mode of operation that is defined by the
standard. It is selected by inclusion of the configuration pragma Profile that
@@ -43,122 +41,52 @@
pragma Profile (profile_identifier [profile_argument_definition]);
The profile_identifier shall be either Ravenscar or an implementation-defined
-identifier. For profile_identifier Ravenscar, there shall be no
-profile_argument_definition. For other profile_identifiers, the semantics
-of the profile_argument_definition are implementation-defined.
-Pragma Profile is a configuration pragma. It is equivalent to the set of
-pragmas that are defined below. There may be more than one pragma Profile for
+identifier. For profile_identifier Ravenscar, there shall be no
+profile_argument_definition. For other profile_identifiers, the
+semantics of the profile_argument_definition are implementation-defined
+Pragma Profile is a configuration pragma. It is equivalent to the set of
+pragmas that are defined below. There may be more than one pragma Profile
+for a partition.
-When profile_identifier Ravenscar is in effect, the following dynamic
+When profile_identifier Ravenscar is in effect, the following
+dynamic semantics apply:
-1.1. Task Dispatching Policy
+* The Task_Dispatching_Policy for the active partition shall be
-The Task_Dispatching_Policy for the active partition shall be
+* The Locking_Policy for the active partition shall be Ceiling_Locking.
-1.2. Locking Policy
+* Pragma Detect_Blocking applies to the partition.
-The Locking_Policy for the active partition shall be Ceiling_Locking.
+* The following pragma Restrictions identifiers apply to
+ the alternative mode of operation defined by the Ravenscar Profile:
-1.3. Restrictions Pragma
-1.3.1. Standard Identifiers
-The following pragma Restrictions identifiers defined in the standard apply to
-the alternative mode of operation defined by the Ravenscar Profile:
- Max_Asynchronous_Select_Nesting => 0
+ Max_Entry_Queue_Length => 1
Max_Task_Entries => 0
Max_Protected_Entries => 1
-1.3.2. New Identifiers
-The following new pragma Restrictions identifiers are defined and apply to
-the alternative mode of operation defined by the Ravenscar Profile:
- Max_Entry_Queue_Length = N
-Max_Entry_Queue_Length defines the maximum number N of calls that are queued on
-an entry. Violation of this restriction results in the raising of Program_Error
-exception at the point of the call.
-For the Ravenscar Profile, the value of N is 1. Note that the affect of this
-restriction applies only to protected entry queues due to the accompanying
-restriction of Max_Task_Entries => 0.
-There are no semantic dependencies on package Ada.Calendar.
-There is no call to any of the operations defined in package Ada.Interrupts
-(Is_Reserved, Is_Attached, Current_Handler, Attach_Handler, Exchange_Handler,
-All protected objects are created via library-level declarations.
-There are no allocators for protected types or types containing protected
-Delay_relative statements are not allowed.
-Requeue statements are not allowed.
-Select_statements are not allowed.
-There are no semantic dependencies on package Ada.Task_Attributes.
-The Boolean expression in an entry barrier shall be either a Boolean literal
-value or the value of a Boolean component of the enclosing protected object.
-(1) The effect of the Max_Entry_Queue_Length = 1 restriction applies only to
-protected entry queues due to the accompanying restriction of
-Max_Task_Entries => 0. [Editor's note: Not true, these must be usable in
-all contexts, not just Ravenscar.]
-1.4. Bounded Error Detection
-The bounded error that is the invocation of one of the following
-potentially blocking operations during a protected action shall be detected:
-- a protected entry_call_statement
-- a delay_until_statement
-- a call to a language-defined subprogram that is potentially blocking,
- for example Ada.Synchronous_Task_Control.Suspend_Until_True
-(1) The Ravenscar Profile subset excludes the following potentially blocking
- operations within a protected action:
- - a select statement
- - an accept statement
- - a task entry call
- - a relative delay statement
- - an abort statement
- - task creation or activation
- - an external requeue statement with the same target object as that of
- the protected action
-(2) Detection of these bounded error cases results in Program_Error being
- raised (see 9.5.1(17)).
-(3) An operation that causes a task to be blocked within a foreign language
- domain is not defined to be potentially blocking, and may not be detected.
+(1) The effect of the Max_Entry_Queue_Length => 1 restriction applies
+only to protected entry queues due to the accompanying restriction of
+Max_Task_Entries => 0.
@@ -170,32 +98,14 @@
implementation, for example to define the SPARK subset, or to define variations
of the Ravenscar definition such as Ravenscar_Non_Preemptive.
-b) The pragma No_Task_Hierarchy must impose the constraint that all tasks
-depend directly on the Environment task as a result of all task objects being
-created by library level declarations. The restriction means that no support
-is needed for "masters" and "waiting for dependent tasks" even for tasks
-declared within the main subprogram. This also matches the semantics for
-c) The restrictions forcing the maximum length of an entry queue to be one and
+b) The restrictions forcing the maximum length of an entry queue to be one and
the maximum number of entries to be one are there for deterministic operation
of entry queue servicing and to simplify the runtime implementation. The
semantics are intended to be consistent with those for blocking on a
suspension object via Suspend_Until_True.
-d) Static attachment of interrupt handlers via pragma Attach_Handler is
+c) Static attachment of interrupt handlers via pragma Attach_Handler is
-e) No_Protected_Type_Allocators matches existing restriction
-f) No_Delay in H.4 is too strong for the Ravenscar Profile since we want to
-allow delay_until Ada.Real_Time.Time, but not relative delay (non-
-deterministic) nor package Ada.Calendar (too coarse).
-g) No_Select_Statements excludes selective_accept (there are no task entries
-anyway), timed and conditional (protected) entry calls, and asynchronous_select
-(which is re-inforced by also requiring Max_Asynchronous_Select_Nesting = 0).
Questions? Ask the ACAA Technical Agent