File : s-rident.ads
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- S Y S T E M . R I D E N T --
6 -- --
7 -- S p e c --
8 -- --
9 -- Copyright (C) 1992-2016, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. --
17 -- --
18 -- --
19 -- --
20 -- --
21 -- --
22 -- You should have received a copy of the GNU General Public License and --
23 -- a copy of the GCC Runtime Library Exception along with this program; --
24 -- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see --
25 -- <http://www.gnu.org/licenses/>. --
26 -- --
27 -- GNAT was originally developed by the GNAT team at New York University. --
28 -- Extensive contributions were provided by Ada Core Technologies Inc. --
29 -- --
30 ------------------------------------------------------------------------------
31
32 -- This package defines the set of restriction identifiers. It is a generic
33 -- package that is instantiated by the compiler/binder in package Rident, and
34 -- is instantiated in package System.Restrictions for use at run-time.
35
36 -- The reason that we make this a generic package is so that in the case of
37 -- the instantiation in Rident for use at compile time and bind time, we can
38 -- generate normal image tables for the enumeration types, which are needed
39 -- for diagnostic and informational messages. At run-time we really do not
40 -- want to waste the space for these image tables, and they are not needed,
41 -- so we can do the instantiation under control of Discard_Names to remove
42 -- the tables.
43
44 ---------------------------------------------------
45 -- Note On Compile/Run-Time Consistency Checking --
46 ---------------------------------------------------
47
48 -- This unit is with'ed by the run-time (to make System.Restrictions which is
49 -- used for run-time access to restriction information), by the compiler (to
50 -- determine what restrictions are implemented and what their category is) and
51 -- by the binder (in processing ali files, and generating the information used
52 -- at run-time to access restriction information).
53
54 -- Normally the version of System.Rident referenced in all three contexts
55 -- should be the same. However, problems could arise in certain inconsistent
56 -- builds that used inconsistent versions of the compiler and run-time. This
57 -- sort of thing is not strictly correct, but it does arise when short-cuts
58 -- are taken in build procedures.
59
60 -- Previously, this kind of inconsistency could cause a significant problem.
61 -- If versions of System.Rident accessed by the compiler and binder differed,
62 -- then the binder could fail to recognize the R (restrictions line) in the
63 -- ali file, leading to bind errors when restrictions were added or removed.
64
65 -- The latest implementation avoids both this problem by using a named
66 -- scheme for recording restrictions, rather than a positional scheme which
67 -- fails completely if restrictions are added or subtracted. Now the worst
68 -- that happens at bind time in inconsistent builds is that unrecognized
69 -- restrictions are ignored, and the consistency checking for restrictions
70 -- might be incomplete, which is no big deal.
71
72 pragma Compiler_Unit_Warning;
73
74 generic
75 package System.Rident is
76 pragma Preelaborate;
77
78 -- The following enumeration type defines the set of restriction
79 -- identifiers that are implemented in GNAT.
80
81 -- To add a new restriction identifier, add an entry with the name to be
82 -- used in the pragma, and add calls to the Restrict.Check_Restriction
83 -- routine as appropriate.
84
85 type Restriction_Id is
86
87 -- The following cases are checked for consistency in the binder. The
88 -- binder will check that every unit either has the restriction set, or
89 -- does not violate the restriction.
90
91 (Simple_Barriers, -- Ada 2012 (D.7 (10.9/3))
92 No_Abort_Statements, -- (RM D.7(5), H.4(3))
93 No_Access_Parameter_Allocators, -- Ada 2012 (RM H.4 (8.3/3))
94 No_Access_Subprograms, -- (RM H.4(17))
95 No_Allocators, -- (RM H.4(7))
96 No_Anonymous_Allocators, -- Ada 2012 (RM H.4(8/1))
97 No_Asynchronous_Control, -- (RM J.13(3/2)
98 No_Calendar, -- GNAT
99 No_Coextensions, -- Ada 2012 (RM H.4(8.2/3))
100 No_Default_Stream_Attributes, -- Ada 2012 (RM 13.12.1(4/2))
101 No_Delay, -- (RM H.4(21))
102 No_Direct_Boolean_Operators, -- GNAT
103 No_Dispatch, -- (RM H.4(19))
104 No_Dispatching_Calls, -- GNAT
105 No_Dynamic_Attachment, -- Ada 2012 (RM E.7(10/3))
106 No_Dynamic_Priorities, -- (RM D.9(9))
107 No_Enumeration_Maps, -- GNAT
108 No_Entry_Calls_In_Elaboration_Code, -- GNAT
109 No_Entry_Queue, -- GNAT (Ravenscar)
110 No_Exception_Handlers, -- GNAT
111 No_Exception_Propagation, -- GNAT
112 No_Exception_Registration, -- GNAT
113 No_Exceptions, -- (RM H.4(12))
114 No_Finalization, -- GNAT
115 No_Fixed_IO, -- GNAT
116 No_Fixed_Point, -- (RM H.4(15))
117 No_Floating_Point, -- (RM H.4(14))
118 No_IO, -- (RM H.4(20))
119 No_Implicit_Conditionals, -- GNAT
120 No_Implicit_Dynamic_Code, -- GNAT
121 No_Implicit_Heap_Allocations, -- (RM D.8(8), H.4(3))
122 No_Implicit_Task_Allocations, -- GNAT
123 No_Implicit_Protected_Object_Allocations, -- GNAT
124 No_Initialize_Scalars, -- GNAT
125 No_Local_Allocators, -- (RM H.4(8))
126 No_Local_Timing_Events, -- (RM D.7(10.2/2))
127 No_Local_Protected_Objects, -- Ada 2012 (D.7(10/1.3))
128 No_Long_Long_Integers, -- GNAT
129 No_Multiple_Elaboration, -- GNAT
130 No_Nested_Finalization, -- (RM D.7(4))
131 No_Protected_Type_Allocators, -- Ada 2012 (D.7 (10.3/2))
132 No_Protected_Types, -- (RM H.4(5))
133 No_Recursion, -- (RM H.4(22))
134 No_Reentrancy, -- (RM H.4(23))
135 No_Relative_Delay, -- Ada 2012 (D.7 (10.5/3))
136 No_Requeue_Statements, -- Ada 2012 (D.7 (10.6/3))
137 No_Secondary_Stack, -- GNAT
138 No_Select_Statements, -- Ada 2012 (D.7 (10.7/4))
139 No_Specific_Termination_Handlers, -- (RM D.7(10.7/2))
140 No_Standard_Allocators_After_Elaboration, -- Ada 2012 (RM D.7(19.1/2))
141 No_Standard_Storage_Pools, -- GNAT
142 No_Stream_Optimizations, -- GNAT
143 No_Streams, -- GNAT
144 No_Task_Allocators, -- (RM D.7(7))
145 No_Task_Attributes_Package, -- GNAT
146 No_Task_At_Interrupt_Priority, -- GNAT
147 No_Task_Hierarchy, -- (RM D.7(3), H.4(3))
148 No_Task_Termination, -- GNAT (Ravenscar)
149 No_Tasking, -- GNAT
150 No_Terminate_Alternatives, -- (RM D.7(6))
151 No_Unchecked_Access, -- (RM H.4(18))
152 No_Unchecked_Conversion, -- (RM J.13(4/2))
153 No_Unchecked_Deallocation, -- (RM J.13(5/2))
154 Static_Priorities, -- GNAT
155 Static_Storage_Size, -- GNAT
156
157 -- The following require consistency checking with special rules. See
158 -- individual routines in unit Bcheck for details of what is required.
159
160 No_Default_Initialization, -- GNAT
161
162 -- The following cases do not require consistency checking and if used
163 -- as a configuration pragma within a specific unit, apply only to that
164 -- unit (e.g. if used in the package spec, do not apply to the body)
165
166 -- Note: No_Elaboration_Code is handled specially. Like the other
167 -- non-partition-wide restrictions, it can only be set in a unit that
168 -- is part of the extended main source unit (body/spec/subunits). But
169 -- it is sticky, in that if it is found anywhere within any of these
170 -- units, it applies to all units in this extended main source.
171
172 Immediate_Reclamation, -- (RM H.4(10))
173 No_Dynamic_Sized_Objects, -- GNAT
174 No_Implementation_Aspect_Specifications, -- Ada 2012 AI-241
175 No_Implementation_Attributes, -- Ada 2005 AI-257
176 No_Implementation_Identifiers, -- Ada 2012 AI-246
177 No_Implementation_Pragmas, -- Ada 2005 AI-257
178 No_Implementation_Restrictions, -- GNAT
179 No_Implementation_Units, -- Ada 2012 AI-242
180 No_Implicit_Aliasing, -- GNAT
181 No_Implicit_Loops, -- GNAT
182 No_Elaboration_Code, -- GNAT
183 No_Obsolescent_Features, -- Ada 2005 AI-368
184 No_Wide_Characters, -- GNAT
185 Pure_Barriers, -- GNAT
186 SPARK_05, -- GNAT
187
188 -- The following cases require a parameter value
189
190 No_Specification_Of_Aspect, -- 2012 (RM 13.12.1 (6.1/3))
191 No_Use_Of_Attribute, -- 2012 (RM 13.12.1 (6.2/3))
192 No_Use_Of_Pragma, -- 2012 (RM 13.12.1 (6.3/3))
193
194 -- The following entries are fully checked at compile/bind time, which
195 -- means that the compiler can in general tell the minimum value which
196 -- could be used with a restrictions pragma. The binder can deduce the
197 -- appropriate minimum value for the partition by taking the maximum
198 -- value required by any unit.
199
200 Max_Protected_Entries, -- (RM D.7(14))
201 Max_Select_Alternatives, -- (RM D.7(12))
202 Max_Task_Entries, -- (RM D.7(13), H.4(3))
203
204 -- The following entries are also fully checked at compile/bind time,
205 -- and the compiler can also at least in some cases tell the minimum
206 -- value which could be used with a restriction pragma. The difference
207 -- is that the contributions are additive, so the binder deduces this
208 -- value by adding the unit contributions.
209
210 Max_Tasks, -- (RM D.7(19), H.4(3))
211
212 -- The following entries are checked at compile time only for zero/
213 -- nonzero entries. This means that the compiler can tell at compile
214 -- time if a restriction value of zero is (would be) violated, but that
215 -- the compiler cannot distinguish between different non-zero values.
216
217 Max_Asynchronous_Select_Nesting, -- (RM D.7(18), H.4(3))
218 Max_Entry_Queue_Length, -- Ada 2012 (RM D.7 (19.1/2))
219
220 -- The remaining entries are not checked at compile/bind time
221
222 Max_Storage_At_Blocking, -- (RM D.7(17))
223
224 Not_A_Restriction_Id);
225
226 -- Synonyms permitted for historical purposes of compatibility.
227 -- Must be coordinated with Restrict.Process_Restriction_Synonym.
228
229 Boolean_Entry_Barriers : Restriction_Id renames Simple_Barriers;
230 Max_Entry_Queue_Depth : Restriction_Id renames Max_Entry_Queue_Length;
231 No_Dynamic_Interrupts : Restriction_Id renames No_Dynamic_Attachment;
232 No_Requeue : Restriction_Id renames No_Requeue_Statements;
233 No_Task_Attributes : Restriction_Id renames No_Task_Attributes_Package;
234 SPARK : Restriction_Id renames SPARK_05;
235
236 subtype All_Restrictions is Restriction_Id range
237 Simple_Barriers .. Max_Storage_At_Blocking;
238 -- All restrictions (excluding only Not_A_Restriction_Id)
239
240 subtype All_Boolean_Restrictions is Restriction_Id range
241 Simple_Barriers .. SPARK_05;
242 -- All restrictions which do not take a parameter
243
244 subtype Partition_Boolean_Restrictions is All_Boolean_Restrictions range
245 Simple_Barriers .. Static_Storage_Size;
246 -- Boolean restrictions that are checked for partition consistency.
247 -- Note that all parameter restrictions are checked for partition
248 -- consistency by default, so this distinction is only needed in the
249 -- case of Boolean restrictions.
250
251 subtype Cunit_Boolean_Restrictions is All_Boolean_Restrictions range
252 Immediate_Reclamation .. SPARK_05;
253 -- Boolean restrictions that are not checked for partition consistency
254 -- and that thus apply only to the current unit. Note that for these
255 -- restrictions, the compiler does not apply restrictions found in
256 -- with'ed units, parent specs etc. to the main unit, and vice versa.
257
258 subtype All_Parameter_Restrictions is
259 Restriction_Id range
260 No_Specification_Of_Aspect .. Max_Storage_At_Blocking;
261 -- All restrictions that take a parameter
262
263 subtype Integer_Parameter_Restrictions is
264 Restriction_Id range
265 Max_Protected_Entries .. Max_Storage_At_Blocking;
266 -- All restrictions taking an integer parameter
267
268 subtype Checked_Parameter_Restrictions is
269 All_Parameter_Restrictions range
270 Max_Protected_Entries .. Max_Entry_Queue_Length;
271 -- These are the parameter restrictions that can be at least partially
272 -- checked at compile/binder time. Minimally, the compiler can detect
273 -- violations of a restriction pragma with a value of zero reliably.
274
275 subtype Checked_Max_Parameter_Restrictions is
276 Checked_Parameter_Restrictions range
277 Max_Protected_Entries .. Max_Task_Entries;
278 -- Restrictions with parameters that can be checked in some cases by
279 -- maximizing among statically detected instances where the compiler
280 -- can determine the count.
281
282 subtype Checked_Add_Parameter_Restrictions is
283 Checked_Parameter_Restrictions range
284 Max_Tasks .. Max_Tasks;
285 -- Restrictions with parameters that can be checked in some cases by
286 -- summing the statically detected instances where the compiler can
287 -- determine the count.
288
289 subtype Checked_Val_Parameter_Restrictions is
290 Checked_Parameter_Restrictions range
291 Max_Protected_Entries .. Max_Tasks;
292 -- Restrictions with parameter where the count is known at least in some
293 -- cases by the compiler/binder.
294
295 subtype Checked_Zero_Parameter_Restrictions is
296 Checked_Parameter_Restrictions range
297 Max_Asynchronous_Select_Nesting .. Max_Entry_Queue_Length;
298 -- Restrictions with parameters where the compiler can detect the use of
299 -- the feature, and hence violations of a restriction specifying a value
300 -- of zero, but cannot detect specific values other than zero/nonzero.
301
302 subtype Unchecked_Parameter_Restrictions is
303 All_Parameter_Restrictions range
304 Max_Storage_At_Blocking .. Max_Storage_At_Blocking;
305 -- Restrictions with parameters where the compiler cannot ever detect
306 -- corresponding compile time usage, so the binder and compiler never
307 -- detect violations of any restriction.
308
309 -------------------------------------
310 -- Restriction Status Declarations --
311 -------------------------------------
312
313 -- The following declarations are used to record the current status or
314 -- restrictions (for the current unit, or related units, at compile time,
315 -- and for all units in a partition at bind time or run time).
316
317 type Restriction_Flags is array (All_Restrictions) of Boolean;
318 type Restriction_Values is array (All_Parameter_Restrictions) of Natural;
319 type Parameter_Flags is array (All_Parameter_Restrictions) of Boolean;
320
321 type Restrictions_Info is record
322 Set : Restriction_Flags;
323 -- An entry is True in the Set array if a restrictions pragma has been
324 -- encountered for the given restriction. If the value is True for a
325 -- parameter restriction, then the corresponding entry in the Value
326 -- array gives the minimum value encountered for any such restriction.
327
328 Value : Restriction_Values;
329 -- If the entry for a parameter restriction in Set is True (i.e. a
330 -- restrictions pragma for the restriction has been encountered), then
331 -- the corresponding entry in the Value array is the minimum value
332 -- specified by any such restrictions pragma. Note that a restrictions
333 -- pragma specifying a value greater than Int'Last is simply ignored.
334
335 Violated : Restriction_Flags;
336 -- An entry is True in the violations array if the compiler has detected
337 -- a violation of the restriction. For a parameter restriction, the
338 -- Count and Unknown arrays have additional information.
339
340 Count : Restriction_Values;
341 -- If an entry for a parameter restriction is True in Violated, the
342 -- corresponding entry in the Count array may record additional
343 -- information. If the actual minimum count is known (by taking
344 -- maximums, or sums, depending on the restriction), it will be
345 -- recorded in this array. If not, then the value will remain zero.
346 -- The value is also zero for a non-violated restriction.
347
348 Unknown : Parameter_Flags;
349 -- If an entry for a parameter restriction is True in Violated, the
350 -- corresponding entry in the Unknown array may record additional
351 -- information. If the actual count is not known by the compiler (but
352 -- is known to be non-zero), then the entry in Unknown will be True.
353 -- This indicates that the value in Count is not known to be exact,
354 -- and the actual violation count may be higher.
355
356 -- Note: If Violated (K) is True, then either Count (K) > 0 or
357 -- Unknown (K) = True. It is possible for both these to be set.
358 -- For example, if Count (K) = 3 and Unknown (K) is True, it means
359 -- that the actual violation count is at least 3 but might be higher.
360 end record;
361
362 No_Restrictions : constant Restrictions_Info :=
363 (Set => (others => False),
364 Value => (others => 0),
365 Violated => (others => False),
366 Count => (others => 0),
367 Unknown => (others => False));
368 -- Used to initialize Restrictions_Info variables
369
370 ----------------------------------
371 -- Profile Definitions and Data --
372 ----------------------------------
373
374 -- Note: to add a profile, modify the following declarations appropriately,
375 -- add Name_xxx to Snames, and add a branch to the conditions for pragmas
376 -- Profile and Profile_Warnings in the body of Sem_Prag.
377
378 type Profile_Name is
379 (No_Profile,
380 No_Implementation_Extensions,
381 Ravenscar,
382 GNAT_Extended_Ravenscar,
383 Restricted);
384 -- Names of recognized profiles. No_Profile is used to indicate that a
385 -- restriction came from pragma Restrictions[_Warning], as opposed to
386 -- pragma Profile[_Warning].
387
388 subtype Profile_Name_Actual is Profile_Name
389 range No_Implementation_Extensions .. Restricted;
390 -- Actual used profile names
391
392 type Profile_Data is record
393 Set : Restriction_Flags;
394 -- Set to True if given restriction must be set for the profile, and
395 -- False if it need not be set (False does not mean that it must not be
396 -- set, just that it need not be set). If the flag is True for a
397 -- parameter restriction, then the Value array gives the maximum value
398 -- permitted by the profile.
399
400 Value : Restriction_Values;
401 -- An entry in this array is meaningful only if the corresponding flag
402 -- in Set is True. In that case, the value in this array is the maximum
403 -- value of the parameter permitted by the profile.
404 end record;
405
406 Profile_Info : constant array (Profile_Name_Actual) of Profile_Data := (
407
408 -- No_Implementation_Extensions profile
409
410 No_Implementation_Extensions =>
411
412 (Set =>
413 (No_Implementation_Aspect_Specifications => True,
414 No_Implementation_Attributes => True,
415 No_Implementation_Identifiers => True,
416 No_Implementation_Pragmas => True,
417 No_Implementation_Units => True,
418 others => False),
419
420 -- Value settings for Restricted profile (none
421
422 Value =>
423 (others => 0)),
424
425 -- Restricted Profile
426
427 Restricted =>
428
429 -- Restrictions for Restricted profile
430
431 (Set =>
432 (No_Abort_Statements => True,
433 No_Asynchronous_Control => True,
434 No_Dynamic_Attachment => True,
435 No_Dynamic_Priorities => True,
436 No_Entry_Queue => True,
437 No_Local_Protected_Objects => True,
438 No_Protected_Type_Allocators => True,
439 No_Requeue_Statements => True,
440 No_Task_Allocators => True,
441 No_Task_Attributes_Package => True,
442 No_Task_Hierarchy => True,
443 No_Terminate_Alternatives => True,
444 Max_Asynchronous_Select_Nesting => True,
445 Max_Protected_Entries => True,
446 Max_Select_Alternatives => True,
447 Max_Task_Entries => True,
448 others => False),
449
450 -- Value settings for Restricted profile
451
452 Value =>
453 (Max_Asynchronous_Select_Nesting => 0,
454 Max_Protected_Entries => 1,
455 Max_Select_Alternatives => 0,
456 Max_Task_Entries => 0,
457 others => 0)),
458
459 -- Ravenscar Profile
460
461 -- Note: the table entries here only represent the
462 -- required restriction profile for Ravenscar. The
463 -- full Ravenscar profile also requires:
464
465 -- pragma Dispatching_Policy (FIFO_Within_Priorities);
466 -- pragma Locking_Policy (Ceiling_Locking);
467 -- pragma Detect_Blocking;
468
469 Ravenscar =>
470
471 -- Restrictions for Ravenscar = Restricted profile ..
472
473 (Set =>
474 (No_Abort_Statements => True,
475 No_Asynchronous_Control => True,
476 No_Dynamic_Attachment => True,
477 No_Dynamic_Priorities => True,
478 No_Entry_Queue => True,
479 No_Local_Protected_Objects => True,
480 No_Protected_Type_Allocators => True,
481 No_Requeue_Statements => True,
482 No_Task_Allocators => True,
483 No_Task_Attributes_Package => True,
484 No_Task_Hierarchy => True,
485 No_Terminate_Alternatives => True,
486 Max_Asynchronous_Select_Nesting => True,
487 Max_Protected_Entries => True,
488 Max_Select_Alternatives => True,
489 Max_Task_Entries => True,
490
491 -- plus these additional restrictions:
492
493 No_Calendar => True,
494 No_Implicit_Heap_Allocations => True,
495 No_Local_Timing_Events => True,
496 No_Relative_Delay => True,
497 No_Select_Statements => True,
498 No_Specific_Termination_Handlers => True,
499 No_Task_Termination => True,
500 Simple_Barriers => True,
501 others => False),
502
503 -- Value settings for Ravenscar (same as Restricted)
504
505 Value =>
506 (Max_Asynchronous_Select_Nesting => 0,
507 Max_Protected_Entries => 1,
508 Max_Select_Alternatives => 0,
509 Max_Task_Entries => 0,
510 others => 0)),
511
512 GNAT_Extended_Ravenscar =>
513
514 -- Restrictions for GNAT_Extended_Ravenscar =
515 -- Restricted profile ..
516
517 (Set =>
518 (No_Abort_Statements => True,
519 No_Asynchronous_Control => True,
520 No_Dynamic_Attachment => True,
521 No_Dynamic_Priorities => True,
522 No_Entry_Queue => True,
523 No_Local_Protected_Objects => True,
524 No_Protected_Type_Allocators => True,
525 No_Requeue_Statements => True,
526 No_Task_Allocators => True,
527 No_Task_Attributes_Package => True,
528 No_Task_Hierarchy => True,
529 No_Terminate_Alternatives => True,
530 Max_Asynchronous_Select_Nesting => True,
531 Max_Protected_Entries => True,
532 Max_Select_Alternatives => True,
533 Max_Task_Entries => True,
534
535 -- plus these additional restrictions:
536
537 No_Calendar => True,
538 No_Implicit_Task_Allocations => True,
539 No_Implicit_Protected_Object_Allocations
540 => True,
541 No_Local_Timing_Events => True,
542 No_Relative_Delay => True,
543 No_Select_Statements => True,
544 No_Specific_Termination_Handlers => True,
545 No_Task_Termination => True,
546 Pure_Barriers => True,
547 others => False),
548
549 -- Value settings for Ravenscar (same as Restricted)
550
551 Value =>
552 (Max_Asynchronous_Select_Nesting => 0,
553 Max_Protected_Entries => 1,
554 Max_Select_Alternatives => 0,
555 Max_Task_Entries => 0,
556 others => 0)));
557
558 end System.Rident;