ERC32 Ada Technical Summary: For mission-critical applications using the ERC32 spacecraft computer | ||
---|---|---|
Prev | Next |
This Appendix defines how the Ada 95 restrictions, accessible through the pragma Restrictions, are supported. Unsafe features such as run-time dispatching and heap management are not supported in the run-time system, so all the restrictions that are relevant for these features are set to True by default.
The following restrictions are built in. That is, they cannot be turned off and are exploited by the compiler to offer better-quality generated code than would otherwise be possible.
No_Abort_Statements
No_Dispatch
No_Local_Protected_Objects
No_Requeue
No_Task_Attributes
No_Task_Hierarchy
No_Terminate_Alternatives
The implementation-defined pragma Profile may also be used to set and unset restrictions that correspond to a certain application area. The profiles supported are as follows:
Table B-1. Supported Profiles
Profile Name | Description |
---|---|
XGC | This is the default profile and offers the least restrictions. |
Ravenscar | This allows a limited form of tasking that includes static tasks, protected objects, the delay until statement and interrupts. |
Restricted_Run_Time | This severely restricts the use of non-deterministic language features (including tasking) and is suitable for general avionics applications. |
No_Run_Time | This profile prohibits all calls to the predefined Ada library and is useful for safety-critical applications. Calls to the compiler support library are not restricted. |
Table B-2 gives the individual restrictions for each profile. Note that the built-in restrictions apply to all profiles.
Table B-2. Profiles and Restrictions
Restriction | Ada 95 Reference Manual Section | Default | Ravenscar | Restricted_ Run_Time |
---|---|---|---|---|
Boolean_Entry_Barriers | XGC (Ravenscar) | False | True | True |
Immediate_Reclamation | RM H.4(10) | False | False | False |
No_Abort_Statements | RM D.7(5), H.4(3) | True | True | True |
No_Access_Subprograms | RM H.4(17) | False | True | True |
No_Allocators | RM H.4(7) | False | False | True |
No_Asynchronous_Control | RM D.9(10) | False | True | True |
No_Calendar | XGC | False | True | True |
No_Delay | RM H.4(21) | False | False | True |
No_Dispatch | RM H.4(19) | True | True | True |
No_Dynamic_Interrupts | XGC | True | True | True |
No_Dynamic_Priorities | RM D.9(9) | False | True | True |
No_Elaboration_Code | XGC | False | False | True |
No_Entry_Calls_In_Elaboration_Code | XGC | False | True | True |
No_Entry_Queue | XGC | True | True | True |
No_Enumeration_Maps | XGC | False | False | True |
No_Exception_Handlers | XGC | False | False | True |
No_Exceptions | RM H.4(12) | False | False | False |
No_Fixed_Point | RM H.4(15) | False | False | False |
No_Floating_Point | RM H.4(14) | False | False | False |
No_Implementation_Attributes | XGC | False | False | True |
No_Implementation_Pragmas | XGC | False | False | True |
No_Implementation_Restrictions | XGC | False | False | True |
No_Implicit_Conditionals | XGC | False | False | True |
No_Implicit_Heap_Allocations | RM D.8(8), H.4(3) | False | True | True |
No_Implicit_Loops | XGC | False | False | False |
No_IO | RM H.4(20) | False | True | True |
No_Local_Allocators | RM H.4(8) | False | True | True |
No_Local_Protected_Objects | XGC | True | True | True |
No_Nested_Finalization | RM D.7(4) | True | True | True |
No_Protected_Type_Allocators | XGC | True | True | True |
No_Protected_Types | RM H.4(5) | False | False | True |
No_Recursion | RM H.4(22) | False | True | True |
No_Reentrancy | RM H.4(23) | False | False | False |
No_Relative_Delay | XGC | False | True | True |
No_Requeue | XGC | True | True | True |
No_Select_Statements | XGC (Ravenscar) | False | True | True |
No_Standard_Storage_Pools | XGC | True | True | True |
No_Streams | XGC | True | True | True |
No_Task_Allocators | RM D.7(7) | False | True | True |
No_Task_Attributes | XGC | True | True | True |
No_Task_Hierarchy | RM D.7(3), H.4(3) | True | True | True |
No_Task_Termination | XGC | True | True | True |
No_Terminate_Alternatives | RM D.7(6) | True | True | True |
No_Unchecked_Access | RM H.4(18) | False | True | True |
No_Unchecked_Conversion | RM H.4(16) | False | False | True |
No_Unchecked_Deallocation | RM H.4(9) | True | True | True |
No_Wide_Characters | XGC | False | True | True |
Static_Priorities | XGC | False | True | True |
Static_Storage_Size | XGC | False | True | True |
Table B-3 gives the restrictions concerning numerical limits.
Table B-3. Profiles and Numerical Restrictions
Restriction | Ada 95 Reference Manual Section | Default | Ravenscar | Restricted_ Run_Time |
---|---|---|---|---|
Max_Asynchronous_Select_Nesting | RM D.7(18), H.4(2) | 0 | 0 | 0 |
Max_Protected_Entries | RM D.7(14) | 1 | 1 | 1 |
Max_Select_Alternatives | RM D.7(12) | Undefined | 0 | 0 |
Max_Storage_At_Blocking | RM D.7(17) | 0 | 0 | 0 |
Max_Task_Entries | RM D.7(13), H.4(2) | Undefined | 0 | 0 |
Max_Tasks | RM D.7(19), H.4(2) | Undefined | Undefined | Undefined |
Max_Entry_Queue_Depth | Ravenscar specific | 1 | 1 | 1 |
Violation of the restriction Max_Entry_Queue_Depth is detected at run time and raises the predefined exception Program_Error.