E.2.2 Remote Types Library Units
[A remote types library unit supports the definition
of types intended for use in communication between active partitions.]
Language Design Principles
The restrictions governing a remote types package
are similar to those for a declared pure package. However, the restrictions
are relaxed deliberately to allow such a package to contain declarations
that violate the stateless property of pure packages, though it is presumed
that any state-dependent properties are essentially invisible outside
form of a pragma
Remote_Types is as follows:
Remote_Types is used to specify that a library unit is a remote types
, namely that the Remote_Types aspect
of the library unit is True. The following restrictions apply to the
declaration of such a library unit:
Aspect Description for Remote_Types:
Types in a given package may be used in remote procedure calls.
[it shall be preelaborable;]
it shall depend semantically only on declared pure library_item
shared passive library units, other remote types library units, or preelaborated
normal library units that are mentioned only in private with clauses;
We say declared pure library_item
here, so that (all) limited views are allowed; those are not library
units, but they are declared pure library_item
it shall not contain the declaration of any variable
within the visible part of the library unit;
Reason: This is essentially a “methodological”
restriction. A separate copy of a remote types package is included in
each partition that references it, just like a normal package. Nevertheless,
a remote types package is thought of as an “essentially pure”
package for defining types to be used for interpartition communication,
and it could be misleading to declare visible objects when no remote
data access is actually being provided.
the full view of each type declared in the visible part of the library
unit that has any available stream attributes shall support external
streaming (see 13.13.2
Reason: This is to prevent the use of
the predefined Read and Write attributes of an access type as part of
the Read and Write attributes of a visible type.
Types that do not have available stream attributes are excluded from
this rule; that means that attributes do not need to be specified for
most limited types. It is only necessary to specify attributes for nonlimited
types that have a part that is of any access type, and for extensions
of limited types with available stream attributes where the record_extension_part
includes a subcomponent of an access type, where the access type does
not have specified attributes.
A named access type declared in the visible part
of a remote types or remote call interface library unit is called a remote
Such a type
a general access type that designates a class-wide limited private type,
a class-wide limited interface type, or a class-wide private extension
all of whose ancestors are either private extensions, limited interface
types, or limited private types.
A remote access-to-subprogram type shall not be
nonblocking (see 9.5).
Reason: All calls
on remote subprograms are considered potentially blocking, so they cannot
statically be allowed in nonblocking code.
type declaration of a remote type is illegal if the Nonblocking aspect
is True, either implicitly by inheritance or by explicit specification.
The following restrictions
apply to the use of a remote access-to-subprogram type:
A value of a remote access-to-subprogram type shall be converted only
to or from another (subtype-conformant) remote access-to-subprogram type;
of an Access attribute_reference
that yields a value of a remote access-to-subprogram type shall statically
denote a (subtype-conformant) remote subprogram.
The following restrictions
apply to the use of a remote access-to-class-wide type:
The primitive subprograms of the corresponding specific type shall only
have access parameters if they are controlling formal parameters. The
primitive functions of the corresponding specific type shall only have
an access result if it is a controlling access result. Each noncontrolling
formal parameter and noncontrolling result type shall support external
streaming (see 13.13.2
A value of a remote access-to-class-wide type shall
be explicitly converted only to another remote access-to-class-wide type;
A value of a remote access-to-class-wide type shall be dereferenced (or
implicitly converted to an anonymous access type) only as part of a dispatching
call to a primitive operation of the designated
where the value designates a controlling operand of the call
Stream attributes of the designated type are not
primitive operations of the designated type, and thus remote calls to
them are prohibited by this rule. This is good, as the access parameter
of a stream attribute does not have external streaming, and thus cannot
be a parameter of a remote call.
A controlling access result value for a primitive function with any controlling
operands of the corresponding specific type shall either be explicitly
converted to a remote access-to-class-wide type or be part of a dispatching
call where the value designates a controlling operand of the call;
The Storage_Pool attribute is not defined for a remote access-to-class-wide
type; the expected type for an allocator
shall not be a remote access-to-class-wide type. A remote access-to-class-wide
type shall not be an actual parameter for a generic formal access type.
The Storage_Size attribute of a remote access-to-class-wide type yields
0; it is not allowed in an attribute_definition_clause
. The Storage_Pool and Storage_Size aspects shall not be specified for
a remote access-to-class-wide type.
All of these restrictions are because there is no storage pool associated
with a remote access-to-class-wide type. The Storage_Size is defined
to be 0 so that there is no conflict with the rules for pure units.
Execution is erroneous if some operation (other
than the initialization or finalization of the object) modifies the value
of a constant object declared in the visible part of a remote types package.
could be accomplished via a self-referencing pointer or via squirrelling
a writable pointer to a controlled object.
5 A remote types library unit need not
be pure, and the types it defines may include levels of indirection implemented
by using access types. User-specified Read and Write attributes (see
) provide for sending values of
such a type between active partitions, with Write marshalling the representation,
and Read unmarshalling any levels of indirection.
The value of a remote access-to-class-wide limited interface can designate
an object of a nonlimited type derived from the interface.
A remote access type may designate a class-wide synchronized, protected,
or task interface type.
Synchronized, protected, and task
interfaces are all considered limited interfaces, see 3.9.4
Incompatibilities With Ada 95
The wording was changed
from “user-specified” to “available” read and
write attributes. (This was then further changed, see below.) This means
that an access type with the attributes specified in the private part
would originally have been sufficient to allow the access type to be
used in a remote type, but that is no longer allowed. Similarly, the
attributes of a remote type that has access components have to be specified
in the visible part. These changes were made so that the rules were consistent
with the rules introduced for the Corrigendum for stream attributes;
moreover, legality should not depend on the contents of the private part.
Extensions to Ada 95
Remote types that cannot be streamed (that is, have
no available stream attributes) do not require the specification of stream
attributes. This is necessary so that most extensions of Limited_Controlled
do not need stream attributes defined (otherwise there would be a significant
incompatibility, as Limited_Controlled would need stream attributes,
and then all extensions of it also would need stream attributes).
Wording Changes from Ada 95
Added missing wording so that a type derived from
a remote access type is also a remote access type.
Clarified that user-defined Read and Write attributes
are required for the primitive subprograms corresponding to a remote
Added missing wording so that a remote access type
can designate an appropriate private extension.
Changed the wording to use the newly defined term type that supports
, so that various issues with access types in pure
units and implicitly declared attributes for type extensions are properly
Defined Storage_Size to be 0 for remote access-to-class-wide types, rather
than having it undefined. This eliminates issues with pure units requiring
a defined storage size.
Corrected the wording so that a value of a local access-to-subprogram
type cannot be converted to a remote access-to-subprogram type, as intended
(and required by the ACATS).
Incompatibilities With Ada 2005
Added rules about
returning of remote access-to-class-wide access-to-classwide
types; this had been missed in the past. While programs that returned
unstreamable types from RCI functions were legal, it is not clear what
they could have done (as the results could not be marshalled). Similarly,
RCI functions that return remote controlling access types could try to
save those values, but it is unlikely that a compiler would know how
to do that usefully. Thus, it seems unlikely that any real programs will
be impacted by these changes.
Extensions to Ada 2005
Clarified that anonymous access
types are never remote access types (and can be used in remote types
units subject to the normal restrictions). Added wording to allow limited
class-wide interfaces to be designated by remote access types.
Added wording to allow private withs of preelaborated normal units in
the specification of a remote types unit.
Remote_Types is now a categorization aspect, so it
can be specified by an aspect_specification
— although the pragma is still preferred by the Standard.
Wording Changes from Ada 2012
Corrigendum: Clarified that dispatching
remote stream attribute calls are prohibited. We don't document this
as an incompatibility, as the stream parameter cannot be marshalled for
a remote call (it doesn't have external streaming), so it's impossible
that any working program depends on this functionality.
Corrigendum: Explicitly stated that modifying
a visible constant in a remote types package is erroneous. We don't document
this as inconsistent as implementations certainly can still do whatever
they were previously doing (no change is required); moreover, this case
(and many more) were erroneous in Ada 2005 and before, so we're just
restoring the previous semantics.
Corrigendum: Clarified that specifying the
Storage_Pool or Storage_Size aspect for an access-to-class-wide type
is not allowed. The intent is clear, and no implementation has ever allowed
specifying the aspects (the attributes already cannot be specified),
so we don't document this as an incompatibility.
Added a rule to ensure that potentially blocking
remote calls are not considered nonblocking.
Ada 2005 and 2012 Editions sponsored in part by Ada-Europe