D.7 Tasking Restrictions
[This clause defines restrictions that can be used
with a pragma Restrictions (see
13.12) to
facilitate the construction of highly efficient tasking run-time systems.]
Static Semantics
The following
restriction_identifiers
are language defined:
{Restrictions
(No_Task_Hierarchy)} No_Task_Hierarchy
All (nonenvironment) tasks depend directly on the environment task of
the partition.
Objects of a type that needs finalization (see
7.6)
and access types that designate a type that needs finalization shall
be declared only at library level.
{Restrictions
(No_Abort_Statements)} No_Abort_Statements
There are no
abort_statements,
and there are no calls on Task_Identification.Abort_Task.
{Restrictions
(No_Terminate_Alternatives)} No_Terminate_Alternatives
{Restrictions
(No_Task_Allocators)} No_Task_Allocators
There are no
allocators
for task types or types containing task subcomponents.
{Restrictions
(No_Implicit_Heap_Allocations)} No_Implicit_Heap_Allocations
There are no operations that implicitly require heap storage allocation
to be performed by the implementation. The operations that implicitly
require heap storage allocation are implementation defined.
Implementation defined: Any operations
that implicitly require heap storage allocation.
There are no semantic dependences on the package Dynamic_Priorities,
and no occurrences of the attribute Priority.
{Restrictions
(No_Dynamic_Priorities)}
There is no call to any of the operations defined in package Interrupts
(Is_Reserved, Is_Attached, Current_Handler, Attach_Handler, Exchange_Handler,
Detach_Handler, and Reference).
{
AI95-00305-01}
{Restrictions (No_Local_Protected_Objects)}
No_Local_Protected_Objects
Protected objects shall be declared only at library level.
{
AI95-00297-01}
{Restrictions (No_Local_Timing_Events)}
No_Local_Timing_Events
Timing_Events shall be declared only at library level.
{
AI95-00305-01}
{Restrictions (No_Protected_Type_Allocators)}
No_Protected_Type_Allocators
There are no
allocators
for protected types or types containing protected type subcomponents.
{
AI95-00305-01}
{Restrictions (No_Relative_Delay)}
No_Relative_Delay
{
AI95-00305-01}
{Restrictions (No_Requeue_Statements)}
No_Requeue_Statements
{
AI95-00305-01}
{Restrictions (No_Select_Statements)}
No_Select_Statements
{
AI95-00394-01}
{Restrictions (No_Specific_Termination_Handlers)}
No_Specific_Termination_Handlers
There are no calls to the Set_Specific_Handler and Specific_Handler subprograms
in Task_Termination.
The Boolean expression in an entry barrier shall be either a static Boolean
expression or a Boolean component of the enclosing protected object.
The following
restriction_parameter_identifiers
are language defined:
{Restrictions
(Max_Select_Alternatives)} Max_Select_Alternatives
Specifies the maximum number of alternatives in a
selective_accept.
{Restrictions
(Max_Task_Entries)} Max_Task_Entries
Specifies the maximum number of entries per task. The bounds of every
entry family of a task unit shall be static, or shall be defined by a
discriminant of a subtype whose corresponding bound is static. [A value
of zero indicates that no rendezvous are possible.]
Max_Protected_Entries
Specifies the maximum number of entries per protected type. The bounds
of every entry family of a protected unit shall be static, or shall be
defined by a discriminant of a subtype whose corresponding bound is static.
{Restrictions (Max_Protected_Entries)}
Dynamic Semantics
All tasks are non-terminating. It is implementation-defined what happens
if a task attempts to terminate. If there is a fall-back handler (see
C.7.3) set for the partition it should be called when the first task
attempts to terminate.
Implementation defined: When restriction
No_Task_Termination applies to a partition, what happens when a task
terminates.
The following
restriction_parameter_identifiers
are language defined:
Specifies the maximum portion [(in storage elements)] of a task's Storage_Size
that can be retained by a blocked task. If an implementation chooses
to detect a violation of this restriction, Storage_Error should be raised;
{Storage_Check [partial]}
{check, language-defined
(Storage_Check)} {Storage_Error
(raised by failure of run-time check)} otherwise,
the behavior is implementation defined.
Implementation defined: The behavior
when restriction Max_Storage_At_Blocking is violated.
Specifies the maximum dynamic nesting level of
asynchronous_selects.
A value of zero prevents the use of any
asynchronous_select
and, if a program contains an
asynchronous_select,
it is illegal. If an implementation chooses to detect a violation of
this restriction for values other than zero, Storage_Error should be
raised;
{Storage_Check [partial]}
{check, language-defined
(Storage_Check)} {Storage_Error
(raised by failure of run-time check)} otherwise,
the behavior is implementation defined.
Implementation defined: The behavior
when restriction Max_Asynchronous_Select_Nesting is violated.
Specifies the maximum number of task creations that may be executed over
the lifetime of a partition, not counting the creation of the environment
task. A value of zero prevents any task creation and, if a program contains
a task creation, it is illegal. If an implementation chooses to detect
a violation of this restriction, Storage_Error should be raised;
{Storage_Check
[partial]} {check,
language-defined (Storage_Check)} {Storage_Error
(raised by failure of run-time check)} otherwise,
the behavior is implementation defined.
Ramification: Note that this is not a
limit on the number of tasks active at a given time; it is a limit on
the total number of task creations that occur.
Implementation Note: We envision an implementation
approach that places TCBs or pointers to them in a fixed-size table,
and never reuses table elements.
Implementation defined: The behavior
when restriction Max_Tasks is violated.
{
AI95-00305-01}
{Restrictions (Max_Entry_Queue_Length)}
Max_Entry_Queue_Length
Max_Entry_Queue_Length defines the maximum number of calls that are queued
on an entry. Violation of this restriction results in the raising of
Program_Error at the point of the call or requeue.
{Program_Error
(raised by failure of run-time check)}
It is implementation defined whether the use of pragma
Restrictions results in a reduction in executable program size, storage
requirements, or execution time. If possible, the implementation should
provide quantitative descriptions of such effects for each restriction.
Implementation defined: Whether the use
of pragma Restrictions results in a reduction in program code or data
size or execution time.
Implementation Advice
When feasible, the implementation should take advantage
of the specified restrictions to produce a more efficient implementation.
Implementation Advice: When feasible,
specified restrictions should be used to produce a more efficient implementation.
34 The above Storage_Checks can be suppressed
with pragma Suppress.
Incompatibilities With Ada 95
{
AI95-00360-01}
{
incompatibilities with Ada 95}
Amendment
Correction: The No_Nested_Finalization is now defined in terms of
types that need finalization. These types include a variety of language-defined
types that
might be implemented with a controlled type. If the
restriction No_Nested_Finalization (see
D.7)
applies to the partition, and one of these language-defined types does
not have a controlled part, it will not be allowed in local objects in
Ada 2005 whereas it would be allowed in original Ada 95. Such code is
not portable, as other Ada compilers may have had a controlled part,
and thus would be illegal under the restriction.
Extensions to Ada 95
{
AI95-00297-01}
{
AI95-00305-01}
{
AI95-00394-01}
{
extensions to Ada 95}
Restrictions No_Dynamic_Attachment,
No_Local_Protected_Objects, No_Protected_Type_Allocators, No_Local_Timing_Events,
No_Relative_Delay, No_Requeue_Statement, No_Select_Statements, No_Specific_Termination_Handlers,
No_Task_Termination, Max_Entry_Queue_Length, and Simple_Barriers are
newly added to Ada.
Wording Changes from Ada 95
{
8652/0042}
{
AI95-00130-01}
Corrigendum: Clarified that No_Nested_Finalization covered task
and protected parts as well.
{
8652/0076}
{
AI95-00067-01}
Corrigendum: Changed the description of Max_Tasks and Max_Asynchronous_Select_Nested
to eliminate conflicts with the High Integrity Annex (see
H.4).
{
AI95-00327-01}
Added using of the new Priority attribute to the restriction No_Dynamic_Priorities.
{
AI95-00394-01}
Restriction No_Asynchronous_Control is now obsolescent.