CVS difference for ais/ai-00249.txt

Differences between 1.5 and version 1.6
Log of other versions for file ais/ai-00249.txt

--- ais/ai-00249.txt	2002/06/14 23:48:55	1.5
+++ ais/ai-00249.txt	2002/07/23 01:05:24	1.6
@@ -1,4 +1,4 @@
-!standard D.2.2 (5)                                02-06-11  AI95-00249/04
+!standard D.2.2 (5)                                02-07-17  AI95-00249/05
 !standard D.7 (00)
 !class amendment 00-12-04
 !status work item 00-12-04
@@ -9,7 +9,7 @@
 
 !summary
 
-New pragmas and restrictions are proposed to directly support the Ravenscar
+New pragmas are proposed to directly support the Ravenscar
 Profile -- an execution time profile suitable for use in High-Integrity and
 Safety-Critical applications.
 
@@ -27,10 +27,8 @@
 runtime profile identifier "Ravenscar" to be defined in the standard and
 specifies its semantics.
 
-The proposal also introduces several new restriction identifiers to define
-runtime behaviors that are to be restricted when using the Ravenscar profile.
-These identifiers may be used to specify runtime behavior which is independent
-of the Ravenscar definition.
+The proposal assumes that additional Restriction identifiers and pragma
+Detect_Blocking have been defined (see AI-305).
 
 A runtime profile is an alternative mode of operation that is defined by the
 standard. It is selected by inclusion of the configuration pragma Profile that
@@ -43,122 +41,52 @@
     pragma Profile (profile_identifier [profile_argument_definition]);
 
 The profile_identifier shall be either Ravenscar or an implementation-defined
-identifier. For profile_identifier Ravenscar, there shall be no
-profile_argument_definition. For other profile_identifiers, the semantics
-of the profile_argument_definition are implementation-defined.
-
-Pragma Profile is a configuration pragma. It is equivalent to the set of
-pragmas that are defined below. There may be more than one pragma Profile for
-a partition.
+identifier.  For profile_identifier Ravenscar, there shall be no
+profile_argument_definition.  For other profile_identifiers, the
+semantics of the profile_argument_definition are implementation-defined
+
+Pragma Profile is a configuration pragma.  It is equivalent to the set of
+pragmas that are defined below.  There may be more than one pragma Profile
+for a partition.
 
 Dynamic Semantics
 
-When profile_identifier Ravenscar is in effect, the following dynamic
-semantics apply:
+When profile_identifier Ravenscar is in effect, the following
+dynamic semantics apply:
 
-1.1. Task Dispatching Policy
+* The Task_Dispatching_Policy for the active partition shall be
+  FIFO_Within_Priorities.
 
-The Task_Dispatching_Policy for the active partition shall be
-FIFO_Within_Priorities.
+* The Locking_Policy for the active partition shall be Ceiling_Locking.
 
-1.2. Locking Policy
+* Pragma Detect_Blocking applies to the partition.
 
-The Locking_Policy for the active partition shall be Ceiling_Locking.
+* The following pragma Restrictions identifiers apply to
+  the alternative mode of operation defined by the Ravenscar Profile:
 
-1.3. Restrictions Pragma
-
-1.3.1. Standard Identifiers
-
-The following pragma Restrictions identifiers defined in the standard apply to
-the alternative mode of operation defined by the Ravenscar Profile:
-
-	Max_Asynchronous_Select_Nesting => 0
+	Max_Entry_Queue_Length => 1
 	Max_Task_Entries => 0
 	Max_Protected_Entries => 1
 	No_Abort_Statements
 	No_Asynchronous_Control
-	No_Dynamic_Priorities
-	No_Implicit_Heap_Allocations
-	No_Task_Allocators
-	No_Task_Hierarchy
-
-1.3.2. New Identifiers
-
-The following new pragma Restrictions identifiers are defined and apply to
-the alternative mode of operation defined by the Ravenscar Profile:
-
-	Max_Entry_Queue_Length = N
-Max_Entry_Queue_Length defines the maximum number N of calls that are queued on
-an entry. Violation of this restriction results in the raising of Program_Error
-exception at the point of the call.
-
-For the Ravenscar Profile, the value of N is 1. Note that the affect of this
-restriction applies only to protected entry queues due to the accompanying
-restriction of Max_Task_Entries => 0.
-
 	No_Calendar
-There are no semantic dependencies on package Ada.Calendar.
-
 	No_Dynamic_Attachment
-There is no call to any of the operations defined in package Ada.Interrupts
-(Is_Reserved, Is_Attached, Current_Handler, Attach_Handler, Exchange_Handler,
-Detach_Handler, Reference).
-
+	No_Dynamic_Priorities
+	No_Implicit_Heap_Allocations
 	No_Local_Protected_Objects
-All protected objects are created via library-level declarations.
-
 	No_Protected_Type_Allocators
-There are no allocators for protected types or types containing protected
-type components.
-
 	No_Relative_Delay
-Delay_relative statements are not allowed.
-
 	No_Requeue_Statements
-Requeue statements are not allowed.
-
 	No_Select_Statements
-Select_statements are not allowed.
-
+	No_Task_Allocators
 	No_Task_Attributes_Package
-There are no semantic dependencies on package Ada.Task_Attributes.
-
+	No_Task_Hierarchy
 	Simple_Barriers
-The Boolean expression in an entry barrier shall be either a Boolean literal
-value or the value of a Boolean component of the enclosing protected object.
 
 NOTES
-(1) The effect of the Max_Entry_Queue_Length = 1 restriction applies only to
-protected entry queues due to the accompanying restriction of
-Max_Task_Entries => 0. [Editor's note: Not true, these must be usable in
-all contexts, not just Ravenscar.]
-
-1.4. Bounded Error Detection
-
-The bounded error that is the invocation of one of the following
-potentially blocking operations during a protected action shall be detected:
--	a protected entry_call_statement
--	a delay_until_statement
--	a call to a language-defined subprogram that is potentially blocking,
-          for example Ada.Synchronous_Task_Control.Suspend_Until_True
-
-Notes
-(1) The Ravenscar Profile subset excludes the following potentially blocking
-    operations within a protected action:
-    - a select statement
-    - an accept statement
-    - a task entry call
-    - a relative delay statement
-    - an abort statement
-    - task creation or activation
-    - an external requeue statement with the same target object as that of
-      the protected action
-
-(2) Detection of these bounded error cases results in Program_Error being
-    raised (see 9.5.1(17)).
-
-(3) An operation that causes a task to be blocked within a foreign language
-    domain is not defined to be potentially blocking, and may not be detected.
+(1) The effect of the Max_Entry_Queue_Length => 1 restriction applies
+only to protected entry queues due to the accompanying restriction of
+Max_Task_Entries => 0.
 
 !example
 
@@ -170,32 +98,14 @@
 implementation, for example to define the SPARK subset, or to define variations
 of the Ravenscar definition such as Ravenscar_Non_Preemptive.
 
-b) The pragma No_Task_Hierarchy must impose the constraint that all tasks
-depend directly on the Environment task as a result of all task objects being
-created by library level declarations. The restriction means that no support
-is needed for "masters" and "waiting for dependent tasks" even for tasks
-declared within the main subprogram. This also matches the semantics for
-pragma No_Local_Protected_Objects.
-
-c) The restrictions forcing the maximum length of an entry queue to be one and
+b) The restrictions forcing the maximum length of an entry queue to be one and
 the maximum number of entries to be one are there for deterministic operation
 of entry queue servicing and to simplify the runtime implementation. The
 semantics are intended to be consistent with those for blocking on a
 suspension object via Suspend_Until_True.
 
-d) Static attachment of interrupt handlers via pragma Attach_Handler is
+c) Static attachment of interrupt handlers via pragma Attach_Handler is
 supported.
-
-e) No_Protected_Type_Allocators matches existing restriction
-No_Task_Allocators.
-
-f) No_Delay in H.4 is too strong for the Ravenscar Profile since we want to
-allow delay_until Ada.Real_Time.Time, but not relative delay (non-
-deterministic) nor package Ada.Calendar (too coarse).
-
-g) No_Select_Statements excludes selective_accept (there are no task entries
-anyway), timed and conditional (protected) entry calls, and asynchronous_select
-(which is re-inforced by also requiring Max_Asynchronous_Select_Nesting = 0).
 
 !ACATS test
 

Questions? Ask the ACAA Technical Agent