Ada Reference Manual — Legal Information

9.4 Protected Units and Protected Objects

A protected object provides coordinated access to shared data, through calls on its visible protected operations, which can be protected subprograms or protected entries. A protected unit is declared by a protected declaration, which has a corresponding protected_body. A protected declaration may be a protected_type_declaration, in which case it declares a named protected type; alternatively, it may be a single_protected_declaration, in which case it defines an anonymous protected type, as well as declaring a named protected object of that type.

Syntax

2/2

protected_type_declaration ::=
  protected type defining_identifier [known_discriminant_part] is
     [new interface_list with]
     protected_definition;

3/2

single_protected_declaration ::=
  protected defining_identifier is
     [new interface_list with]
     protected_definition;

protected_definition ::=
    { protected_operation_declaration }
[ private
    { protected_element_declaration } ]
  end [protected_identifier]

5/1

protected_operation_declaration ::= subprogram_declaration
| entry_declaration
| aspect_clause

protected_element_declaration ::= protected_operation_declaration
| component_declaration

protected_body ::=
  protected body defining_identifier is
   { protected_operation_item }
  end [protected_identifier];

8/1

protected_operation_item ::= subprogram_declaration
     | subprogram_body
     | entry_body
     | aspect_clause

If a protected_identifier appears at the end of a protected_definition or protected_body, it shall repeat the defining_identifier.

Legality Rules

10/2

This paragraph was deleted.

Static Semantics

11/2

A protected_definition defines a protected type and its first subtype. The list of protected_operation_declarations of a protected_definition, together with the known_discriminant_part, if any, is called the visible part of the protected unit. The optional list of protected_element_declarations after the reserved word private is called the private part of the protected unit.

11.1/2

For a protected declaration with an interface_list, the protected type inherits user-defined primitive subprograms from each progenitor type (see 3.9.4), in the same way that a derived type inherits user-defined primitive subprograms from its progenitor types (see 3.4). If the first parameter of a primitive inherited subprogram is of the protected type or an access parameter designating the protected type, and there is a protected_operation_declaration for a protected subprogram or single entry with the same identifier within the protected declaration, whose profile is type conformant with the prefixed view profile of the inherited subprogram, the inherited subprogram is said to be implemented by the conforming protected subprogram or entry.

Legality Rules

11.2/2

A protected declaration requires a completion, which shall be a protected_body, and every protected_body shall be the completion of some protected declaration.

11.3/2

Each interface_subtype_mark of an interface_list appearing within a protected declaration shall denote a limited interface type that is not a task interface.

11.4/2

The prefixed view profile of an explicitly declared primitive subprogram of a tagged protected type shall not be type conformant with any protected operation of the protected type, if the first parameter of the subprogram is of the protected type or is an access parameter designating the protected type.

11.5/2

For each primitive subprogram inherited by the type declared by a protected declaration, at most one of the following shall apply:

11.6/2

the inherited subprogram is overridden with a primitive subprogram of the protected type, in which case the overriding subprogram shall be subtype conformant with the inherited subprogram and not abstract; or

11.7/2

the inherited subprogram is implemented by a protected subprogram or single entry of the protected type, in which case its prefixed view profile shall be subtype conformant with that of the protected subprogram or entry.

11.8/2

If neither applies, the inherited subprogram shall be a null procedure. In addition to the places where Legality Rules normally apply (see 12.3), these rules also apply in the private part of an instance of a generic unit.

11.9/2

If an inherited subprogram is implemented by a protected procedure or an entry, then the first parameter of the inherited subprogram shall be of mode out or in out, or an access-to-variable parameter.

11.10/2

If a protected subprogram declaration has an overriding_indicator, then at the point of the declaration:

11.11/2

if the overriding_indicator is overriding, then the subprogram shall implement an inherited subprogram;

11.12/2

if the overriding_indicator is not overriding, then the subprogram shall not implement any inherited subprogram.

11.13/2

In addition to the places where Legality Rules normally apply (see 12.3), these rules also apply in the private part of an instance of a generic unit.

Dynamic Semantics

The elaboration of a protected declaration elaborates the protected_definition. The elaboration of a single_protected_declaration also creates an object of an (anonymous) protected type.

The elaboration of a protected_definition creates the protected type and its first subtype; it also includes the elaboration of the component_declarations and protected_operation_declarations in the given order.

As part of the initialization of a protected object, any per-object constraints (see 3.8) are elaborated.

The elaboration of a protected_body has no other effect than to establish that protected operations of the type can from then on be called without failing the Elaboration_Check.

The content of an object of a given protected type includes:

The values of the components of the protected object, including (implicitly) an entry queue for each entry declared for the protected object;

A representation of the state of the execution resource associated with the protected object (one such resource is associated with each protected object).

The execution resource associated with a protected object has to be acquired to read or update any components of the protected object; it can be acquired (as part of a protected action — see 9.5.1) either for concurrent read-only access, or for exclusive read-write access.

As the first step of the finalization of a protected object, each call remaining on any entry queue of the object is removed from its queue and Program_Error is raised at the place of the corresponding entry_call_statement.

Bounded (Run-Time) Errors

20.1/2

It is a bounded error to call an entry or subprogram of a protected object after that object is finalized. If the error is detected, Program_Error is raised. Otherwise, the call proceeds normally, which may leave a task queued forever.

NOTES

21/2

13 Within the declaration or body of a protected unit other than in an access_definition, the name of the protected unit denotes the current instance of the unit (see 8.6), rather than the first subtype of the corresponding protected type (and thus the name cannot be used as a subtype_mark).

14 A selected_component can be used to denote a discriminant of a protected object (see 4.1.3). Within a protected unit, the name of a discriminant of the protected type denotes the corresponding discriminant of the current instance of the unit.

23/2

15 A protected type is a limited type (see 7.5), and hence precludes use of assignment_statements and predefined equality operators.

16 The bodies of the protected operations given in the protected_body define the actions that take place upon calls to the protected operations.

17 The declarations in the private part are only visible within the private part and the body of the protected unit.

Examples

Example of declaration of protected type and corresponding body:

protected type Resource is
   entry Seize;
   procedure Release;
private
   Busy : Boolean := False;
end Resource;

protected body Resource is
   entry Seize when not Busy is
   begin
      Busy := True;
   end Seize;

   procedure Release is
   begin
      Busy := False;
   end Release;
end Resource;

Example of a single protected declaration and corresponding body:

protected Shared_Array is
   --  Index, Item, and Item_Array are global types
   function  Component    (N : in Index) return Item;
   procedure Set_Component(N : in Index; E : in  Item);
private
   Table : Item_Array(Index) := (others => Null_Item);
end Shared_Array;

protected body Shared_Array is
   function Component(N : in Index) return Item is
   begin
      return Table(N);
   end Component;

   procedure Set_Component(N : in Index; E : in Item) is
   begin
      Table(N) := E;
   end Set_Component;
end Shared_Array;

Examples of protected objects:

Control : Resource;
Flags : array(1 .. 100) of Resource;