DocAda^(tm) is a productivity tool of KSCE

| | | |
About DocAda Light: Preface / Preliminary / Help / TOC / Copyright
DocAda Online at the Ada Home: Complete RM95 / Updates / News

H.4 Safety and Security Restrictions

This clause defines restrictions that can be used with pragma Restrictions (see 13.12); these facilitate the demonstration of program correctness by allowing tailored versions of the run-time system.

Static Semantics

The following restrictions, the same as in D.7, apply in this Annex: No_Task_Hierarchy, No_Abort_Statement, No_Implicit_Heap_Allocation, Max_Task_Entries is 0, Max_Asynchronous_Select_Nesting is 0, and Max_Tasks is 0. The last three restrictions are checked prior to program execution.

The following additional restrictions apply in this Annex.

Tasking-related restriction:

No_Protected_Types

There are no declarations of protected types or protected objects.

Memory-management related restrictions:

No_Allocators

There are no occurrences of an allocator.

No_Local_Allocators

Allocators are prohibited in subprograms, generic subprograms, tasks, and entry bodies; instantiations of generic packages are also prohibited in these contexts.

No_Unchecked_Deallocation

Semantic dependence on Unchecked_Deallocation is not allowed.

Immediate_Reclamation

Except for storage occupied by objects created by allocators and not deallocated via unchecked deallocation, any storage reserved at run time for an object is immediately reclaimed when the object no longer exists.

Exception-related restriction:

No_Exceptions

Raise_statements and exception_handlers are not allowed. No language-defined run-time checks are generated; however, a run-time check performed automatically by the hardware is permitted.

Other restrictions:

No_Floating_Point

Uses of predefined floating point types and operations, and declarations of new floating point types, are not allowed.

No_Fixed_Point

Uses of predefined fixed point types and operations, and declarations of new fixed point types, are not allowed.

No_Unchecked_Conversion

Semantic dependence on the predefined generic Unchecked_Conversion is not allowed.

No_Access_Subprograms

The declaration of access-to-subprogram types is not allowed.

No_Unchecked_Access

The Unchecked_Access attribute is not allowed.

No_Dispatch

Occurrences of T'Class are not allowed, for any (tagged) subtype T.

No_IO

Semantic dependence on any of the library units Sequential_IO, Direct_IO, Text_IO, Wide_Text_IO, or Stream_IO is not allowed.

No_Delay

Delay_Statements and semantic dependence on package Calendar are not allowed.

No_Recursion

As part of the execution of a subprogram, the same subprogram is not invoked.

No_Reentrancy

During the execution of a subprogram by a task, no other task invokes the same subprogram.

Implementation Requirements

If an implementation supports pragma Restrictions for a particular argument, then except for the restrictions No_Unchecked_Deallocation, No_Unchecked_Conversion, No_Access_Subprograms, and No_Unchecked_Access, the associated restriction applies to the run-time system.

Documentation Requirements

If a pragma Restrictions(No_Exceptions) is specified, the implementation shall document the effects of all constructs where language-defined checks are still performed automatically (for example, an overflow check performed by the processor).

Erroneous Execution

Program execution is erroneous if pragma Restrictions(No_Exceptions) has been specified and the conditions arise under which a generated language-defined run-time check would fail.

Program execution is erroneous if pragma Restrictions(No_Recursion) has been specified and a subprogram is invoked as part of its own execution, or if pragma Restrictions(No_Reentrancy) has been specified and during the execution of a subprogram by a task, another task invokes the same subprogram.

About DocAda Light: Preface / Preliminary / Help / TOC / Copyright
DocAda Online at the Ada Home: Complete RM95 / Updates / News
| | | |