CVS difference for ais/ai-00265.txt
--- ais/ai-00265.txt 2001/07/14 00:01:48 1.2
+++ ais/ai-00265.txt 2002/10/01 03:08:54 1.3
@@ -1,4 +1,4 @@
-!standard D.2.2 (5) 01-06-06 AI95-00265/02
+!standard D.2.2 (5) 02-09-05 AI95-00265/03
!standard D.7 (00)
!class amendment 01-05-10
!status work item 01-05-10
@@ -12,7 +12,7 @@
A configuration pragma is proposed to select the partition elaboration policy.
This is in response to certification concerns about hazardous race conditions
that could occur due to tasks being activated prior to completion of the
-library-level elaboration code. (See also AI-00249.)
+library-level elaboration code.
@@ -33,23 +33,38 @@
as part of execution of its elaboration code.
A proposed approach to addressing this concern is to introduce a configuration
-pragma to define the partition elaboration policy. This pragma is considered
-independently of the Ravenscar Profile definition since this dynamic behavior
-is optional rather than mandated by the Profile. In addition, it may be
-required by programs that do not use the Ravenscar Profile.
+pragma to define the partition elaboration policy.
The policy is selected by the configuration pragma
Partition_Elaboration_Policy. Two policy identifiers are defined by the
standard : Sequential and Concurrent. The default policy is Concurrent.
+If Sequential is chosen then Restriction No_Task_Hierarchy must also
- pragma Partition_Elaboration_Policy ( <policy_identifier> );
+New section H.6:
+H.6 Pragma Partition_Elaboration_Policy
+The form of a pragma Partition_Elaboration_Policy is as follows:
+pragma Partition_Elaboration_Policy ( <Policy_Identifier> );
+The Policy_Identifier shall be either Sequential or Concurrent;
+Concurrent is the default.
+If the Policy_Identifier is Sequential then Pragma
+Restrictions (No_Task_Hierarchy) must have already been specified for
+The pragma is a configuration pragma.
-1.1 Partition_Elaboration_Policy => Sequential
+Partition_Elaboration_Policy => Sequential
With the Sequential value as the partition elaboration policy, all task
activation for library-level tasks, and all interrupt handler attachment for
@@ -59,9 +74,9 @@
deferred task activation and handler attachment is complete.
In this mode of operation, it is a bounded error for the Environment task to
-execute a potentially-blocking operation other than a delay statement during
-its declarative part. Program_Error may be raised by the call, or the active
-partition may deadlock.
+execute a potentially-blocking operation other than a delay statement or
+task creation during its declarative part. Program_Error may be raised
+by the call, or the active partition may deadlock.
In this mode of operation, if any deferred task activation fails then
Tasking_Error exception is raised at the "begin" of the Environment Task.
@@ -73,12 +88,12 @@
-If the Environment task executes a potentially blocking operation that is not a
-delay statement during its declarative part (prior to activation of tasks and
-enabling of delivery of interrupts) then it is recommended that the active
-partition be immediately terminated. However, detection of this case may
-introduce distributed overhead in the runtime execution, and so it is not
+If the Environment task executes a potentially blocking operation that is
+not a delay statement or task creation during its declarative part (prior
+to activation of tasks and enabling of delivery of interrupts) then it is
+recommended that the active partition be immediately terminated. However,
+detection of this case may introduce distributed overhead in the runtime
+execution, and so it is not mandated.
If any deferred task activation fails, it is recommended that the active
partition be immediately terminated to mitigate the hazard posed by continuing
@@ -86,7 +101,7 @@
case may introduce distributed overhead in the runtime execution, and so it is
not mandated (see 10.2 (30)).
-1.2. Partition_Elaboration_Policy => Concurrent
+Partition_Elaboration_Policy => Concurrent
With the Concurrent value as the partition elaboration policy, the execution of
the declarative part of the Environment task is as defined by the standard mode
@@ -95,6 +110,11 @@
+a) The Restriction No_Task_Hierarchy is needed to prevent deadlock.
+b) Do we need to say what happens if an interrupt does occur during
Questions? Ask the ACAA Technical Agent