1------------------------------------------------------------------------------ 2-- -- 3-- GNAT COMPILER COMPONENTS -- 4-- -- 5-- S Y S T E M . R I D E N T -- 6-- -- 7-- S p e c -- 8-- -- 9-- Copyright (C) 1992-2013, Free Software Foundation, Inc. -- 10-- -- 11-- GNAT is free software; you can redistribute it and/or modify it under -- 12-- terms of the GNU General Public License as published by the Free Soft- -- 13-- ware Foundation; either version 3, or (at your option) any later ver- -- 14-- sion. GNAT is distributed in the hope that it will be useful, but WITH- -- 15-- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -- 16-- or FITNESS FOR A PARTICULAR PURPOSE. -- 17-- -- 18-- As a special exception under Section 7 of GPL version 3, you are granted -- 19-- additional permissions described in the GCC Runtime Library Exception, -- 20-- version 3.1, as published by the Free Software Foundation. -- 21-- -- 22-- You should have received a copy of the GNU General Public License and -- 23-- a copy of the GCC Runtime Library Exception along with this program; -- 24-- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see -- 25-- <http://www.gnu.org/licenses/>. -- 26-- -- 27-- GNAT was originally developed by the GNAT team at New York University. -- 28-- Extensive contributions were provided by Ada Core Technologies Inc. -- 29-- -- 30------------------------------------------------------------------------------ 31 32-- This package defines the set of restriction identifiers. It is a generic 33-- package that is instantiated by the compiler/binder in package Rident, and 34-- is instantiated in package System.Restrictions for use at run-time. 35 36-- The reason that we make this a generic package is so that in the case of 37-- the instantiation in Rident for use at compile time and bind time, we can 38-- generate normal image tables for the enumeration types, which are needed 39-- for diagnostic and informational messages. At run-time we really do not 40-- want to waste the space for these image tables, and they are not needed, 41-- so we can do the instantiation under control of Discard_Names to remove 42-- the tables. 43 44--------------------------------------------------- 45-- Note On Compile/Run-Time Consistency Checking -- 46--------------------------------------------------- 47 48-- This unit is with'ed by the run-time (to make System.Restrictions which is 49-- used for run-time access to restriction information), by the compiler (to 50-- determine what restrictions are implemented and what their category is) and 51-- by the binder (in processing ali files, and generating the information used 52-- at run-time to access restriction information). 53 54-- Normally the version of System.Rident referenced in all three contexts 55-- should be the same. However, problems could arise in certain inconsistent 56-- builds that used inconsistent versions of the compiler and run-time. This 57-- sort of thing is not strictly correct, but it does arise when short-cuts 58-- are taken in build procedures. 59 60-- Previously, this kind of inconsistency could cause a significant problem. 61-- If versions of System.Rident accessed by the compiler and binder differed, 62-- then the binder could fail to recognize the R (restrictions line) in the 63-- ali file, leading to bind errors when restrictions were added or removed. 64 65-- The latest implementation avoids both this problem by using a named 66-- scheme for recording restrictions, rather than a positional scheme which 67-- fails completely if restrictions are added or subtracted. Now the worst 68-- that happens at bind time in incosistent builds is that unrecognized 69-- restrictions are ignored, and the consistency checking for restrictions 70-- might be incomplete, which is no big deal. 71 72pragma Compiler_Unit; 73 74generic 75package System.Rident is 76 pragma Preelaborate; 77 78 -- The following enumeration type defines the set of restriction 79 -- identifiers that are implemented in GNAT. 80 81 -- To add a new restriction identifier, add an entry with the name to be 82 -- used in the pragma, and add calls to the Restrict.Check_Restriction 83 -- routine as appropriate. 84 85 type Restriction_Id is 86 87 -- The following cases are checked for consistency in the binder. The 88 -- binder will check that every unit either has the restriction set, or 89 -- does not violate the restriction. 90 91 (Simple_Barriers, -- GNAT (Ravenscar) 92 No_Abort_Statements, -- (RM D.7(5), H.4(3)) 93 No_Access_Subprograms, -- (RM H.4(17)) 94 No_Allocators, -- (RM H.4(7)) 95 No_Allocators_After_Elaboration, -- Ada 2012 (RM D.7(19.1/2)) 96 No_Anonymous_Allocators, -- Ada 2012 (RM H.4(8/1)) 97 No_Asynchronous_Control, -- (RM J.13(3/2) 98 No_Calendar, -- GNAT 99 No_Default_Stream_Attributes, -- Ada 2012 (RM 13.12.1(4/2)) 100 No_Delay, -- (RM H.4(21)) 101 No_Direct_Boolean_Operators, -- GNAT 102 No_Dispatch, -- (RM H.4(19)) 103 No_Dispatching_Calls, -- GNAT 104 No_Dynamic_Attachment, -- GNAT 105 No_Dynamic_Priorities, -- (RM D.9(9)) 106 No_Enumeration_Maps, -- GNAT 107 No_Entry_Calls_In_Elaboration_Code, -- GNAT 108 No_Entry_Queue, -- GNAT (Ravenscar) 109 No_Exception_Handlers, -- GNAT 110 No_Exception_Propagation, -- GNAT 111 No_Exception_Registration, -- GNAT 112 No_Exceptions, -- (RM H.4(12)) 113 No_Finalization, -- GNAT 114 No_Fixed_Point, -- (RM H.4(15)) 115 No_Floating_Point, -- (RM H.4(14)) 116 No_IO, -- (RM H.4(20)) 117 No_Implicit_Conditionals, -- GNAT 118 No_Implicit_Dynamic_Code, -- GNAT 119 No_Implicit_Heap_Allocations, -- (RM D.8(8), H.4(3)) 120 No_Implicit_Loops, -- GNAT 121 No_Initialize_Scalars, -- GNAT 122 No_Local_Allocators, -- (RM H.4(8)) 123 No_Local_Timing_Events, -- (RM D.7(10.2/2)) 124 No_Local_Protected_Objects, -- GNAT 125 No_Nested_Finalization, -- (RM D.7(4)) 126 No_Protected_Type_Allocators, -- GNAT 127 No_Protected_Types, -- (RM H.4(5)) 128 No_Recursion, -- (RM H.4(22)) 129 No_Reentrancy, -- (RM H.4(23)) 130 No_Relative_Delay, -- GNAT (Ravenscar) 131 No_Requeue_Statements, -- GNAT 132 No_Secondary_Stack, -- GNAT 133 No_Select_Statements, -- GNAT (Ravenscar) 134 No_Specific_Termination_Handlers, -- (RM D.7(10.7/2)) 135 No_Standard_Storage_Pools, -- GNAT 136 No_Stream_Optimizations, -- GNAT 137 No_Streams, -- GNAT 138 No_Task_Allocators, -- (RM D.7(7)) 139 No_Task_Attributes_Package, -- GNAT 140 No_Task_Hierarchy, -- (RM D.7(3), H.4(3)) 141 No_Task_Termination, -- GNAT (Ravenscar) 142 No_Tasking, -- GNAT 143 No_Terminate_Alternatives, -- (RM D.7(6)) 144 No_Unchecked_Access, -- (RM H.4(18)) 145 No_Unchecked_Conversion, -- (RM J.13(4/2)) 146 No_Unchecked_Deallocation, -- (RM J.13(5/2)) 147 Static_Priorities, -- GNAT 148 Static_Storage_Size, -- GNAT 149 150 -- The following require consistency checking with special rules. See 151 -- individual routines in unit Bcheck for details of what is required. 152 153 No_Default_Initialization, -- GNAT 154 155 -- The following cases do not require consistency checking and if used 156 -- as a configuration pragma within a specific unit, apply only to that 157 -- unit (e.g. if used in the package spec, do not apply to the body) 158 159 -- Note: No_Elaboration_Code is handled specially. Like the other 160 -- non-partition-wide restrictions, it can only be set in a unit that 161 -- is part of the extended main source unit (body/spec/subunits). But 162 -- it is sticky, in that if it is found anywhere within any of these 163 -- units, it applies to all units in this extended main source. 164 165 Immediate_Reclamation, -- (RM H.4(10)) 166 No_Implementation_Aspect_Specifications, -- Ada 2012 AI-241 167 No_Implementation_Attributes, -- Ada 2005 AI-257 168 No_Implementation_Identifiers, -- Ada 2012 AI-246 169 No_Implementation_Pragmas, -- Ada 2005 AI-257 170 No_Implementation_Restrictions, -- GNAT 171 No_Implementation_Units, -- Ada 2012 AI-242 172 No_Implicit_Aliasing, -- GNAT 173 No_Elaboration_Code, -- GNAT 174 No_Obsolescent_Features, -- Ada 2005 AI-368 175 No_Wide_Characters, -- GNAT 176 SPARK, -- GNAT 177 178 -- The following cases require a parameter value 179 180 -- The following entries are fully checked at compile/bind time, which 181 -- means that the compiler can in general tell the minimum value which 182 -- could be used with a restrictions pragma. The binder can deduce the 183 -- appropriate minimum value for the partition by taking the maximum 184 -- value required by any unit. 185 186 Max_Protected_Entries, -- (RM D.7(14)) 187 Max_Select_Alternatives, -- (RM D.7(12)) 188 Max_Task_Entries, -- (RM D.7(13), H.4(3)) 189 190 -- The following entries are also fully checked at compile/bind time, 191 -- and the compiler can also at least in some cases tell the minimum 192 -- value which could be used with a restriction pragma. The difference 193 -- is that the contributions are additive, so the binder deduces this 194 -- value by adding the unit contributions. 195 196 Max_Tasks, -- (RM D.7(19), H.4(3)) 197 198 -- The following entries are checked at compile time only for zero/ 199 -- nonzero entries. This means that the compiler can tell at compile 200 -- time if a restriction value of zero is (would be) violated, but that 201 -- the compiler cannot distinguish between different non-zero values. 202 203 Max_Asynchronous_Select_Nesting, -- (RM D.7(18), H.4(3)) 204 Max_Entry_Queue_Length, -- GNAT 205 206 -- The remaining entries are not checked at compile/bind time 207 208 Max_Storage_At_Blocking, -- (RM D.7(17)) 209 210 Not_A_Restriction_Id); 211 212 -- Synonyms permitted for historical purposes of compatibility. 213 -- Must be coordinated with Restrict.Process_Restriction_Synonym. 214 215 Boolean_Entry_Barriers : Restriction_Id renames Simple_Barriers; 216 Max_Entry_Queue_Depth : Restriction_Id renames Max_Entry_Queue_Length; 217 No_Dynamic_Interrupts : Restriction_Id renames No_Dynamic_Attachment; 218 No_Requeue : Restriction_Id renames No_Requeue_Statements; 219 No_Task_Attributes : Restriction_Id renames No_Task_Attributes_Package; 220 221 subtype All_Restrictions is Restriction_Id range 222 Simple_Barriers .. Max_Storage_At_Blocking; 223 -- All restrictions (excluding only Not_A_Restriction_Id) 224 225 subtype All_Boolean_Restrictions is Restriction_Id range 226 Simple_Barriers .. SPARK; 227 -- All restrictions which do not take a parameter 228 229 subtype Partition_Boolean_Restrictions is All_Boolean_Restrictions range 230 Simple_Barriers .. Static_Storage_Size; 231 -- Boolean restrictions that are checked for partition consistency. 232 -- Note that all parameter restrictions are checked for partition 233 -- consistency by default, so this distinction is only needed in the 234 -- case of Boolean restrictions. 235 236 subtype Cunit_Boolean_Restrictions is All_Boolean_Restrictions range 237 Immediate_Reclamation .. SPARK; 238 -- Boolean restrictions that are not checked for partition consistency 239 -- and that thus apply only to the current unit. Note that for these 240 -- restrictions, the compiler does not apply restrictions found in 241 -- with'ed units, parent specs etc. to the main unit, and vice versa. 242 243 subtype All_Parameter_Restrictions is 244 Restriction_Id range 245 Max_Protected_Entries .. Max_Storage_At_Blocking; 246 -- All restrictions that take a parameter 247 248 subtype Checked_Parameter_Restrictions is 249 All_Parameter_Restrictions range 250 Max_Protected_Entries .. Max_Entry_Queue_Length; 251 -- These are the parameter restrictions that can be at least partially 252 -- checked at compile/binder time. Minimally, the compiler can detect 253 -- violations of a restriction pragma with a value of zero reliably. 254 255 subtype Checked_Max_Parameter_Restrictions is 256 Checked_Parameter_Restrictions range 257 Max_Protected_Entries .. Max_Task_Entries; 258 -- Restrictions with parameters that can be checked in some cases by 259 -- maximizing among statically detected instances where the compiler 260 -- can determine the count. 261 262 subtype Checked_Add_Parameter_Restrictions is 263 Checked_Parameter_Restrictions range 264 Max_Tasks .. Max_Tasks; 265 -- Restrictions with parameters that can be checked in some cases by 266 -- summing the statically detected instances where the compiler can 267 -- determine the count. 268 269 subtype Checked_Val_Parameter_Restrictions is 270 Checked_Parameter_Restrictions range 271 Max_Protected_Entries .. Max_Tasks; 272 -- Restrictions with parameter where the count is known at least in some 273 -- cases by the compiler/binder. 274 275 subtype Checked_Zero_Parameter_Restrictions is 276 Checked_Parameter_Restrictions range 277 Max_Asynchronous_Select_Nesting .. Max_Entry_Queue_Length; 278 -- Restrictions with parameters where the compiler can detect the use of 279 -- the feature, and hence violations of a restriction specifying a value 280 -- of zero, but cannot detect specific values other than zero/nonzero. 281 282 subtype Unchecked_Parameter_Restrictions is 283 All_Parameter_Restrictions range 284 Max_Storage_At_Blocking .. Max_Storage_At_Blocking; 285 -- Restrictions with parameters where the compiler cannot ever detect 286 -- corresponding compile time usage, so the binder and compiler never 287 -- detect violations of any restriction. 288 289 ------------------------------------- 290 -- Restriction Status Declarations -- 291 ------------------------------------- 292 293 -- The following declarations are used to record the current status or 294 -- restrictions (for the current unit, or related units, at compile time, 295 -- and for all units in a partition at bind time or run time). 296 297 type Restriction_Flags is array (All_Restrictions) of Boolean; 298 type Restriction_Values is array (All_Parameter_Restrictions) of Natural; 299 type Parameter_Flags is array (All_Parameter_Restrictions) of Boolean; 300 301 type Restrictions_Info is record 302 Set : Restriction_Flags; 303 -- An entry is True in the Set array if a restrictions pragma has been 304 -- encountered for the given restriction. If the value is True for a 305 -- parameter restriction, then the corresponding entry in the Value 306 -- array gives the minimum value encountered for any such restriction. 307 308 Value : Restriction_Values; 309 -- If the entry for a parameter restriction in Set is True (i.e. a 310 -- restrictions pragma for the restriction has been encountered), then 311 -- the corresponding entry in the Value array is the minimum value 312 -- specified by any such restrictions pragma. Note that a restrictions 313 -- pragma specifying a value greater than Int'Last is simply ignored. 314 315 Violated : Restriction_Flags; 316 -- An entry is True in the violations array if the compiler has detected 317 -- a violation of the restriction. For a parameter restriction, the 318 -- Count and Unknown arrays have additional information. 319 320 Count : Restriction_Values; 321 -- If an entry for a parameter restriction is True in Violated, the 322 -- corresponding entry in the Count array may record additional 323 -- information. If the actual minimum count is known (by taking 324 -- maximums, or sums, depending on the restriction), it will be 325 -- recorded in this array. If not, then the value will remain zero. 326 -- The value is also zero for a non-violated restriction. 327 328 Unknown : Parameter_Flags; 329 -- If an entry for a parameter restriction is True in Violated, the 330 -- corresponding entry in the Unknown array may record additional 331 -- information. If the actual count is not known by the compiler (but 332 -- is known to be non-zero), then the entry in Unknown will be True. 333 -- This indicates that the value in Count is not known to be exact, 334 -- and the actual violation count may be higher. 335 336 -- Note: If Violated (K) is True, then either Count (K) > 0 or 337 -- Unknown (K) = True. It is possible for both these to be set. 338 -- For example, if Count (K) = 3 and Unknown (K) is True, it means 339 -- that the actual violation count is at least 3 but might be higher. 340 end record; 341 342 No_Restrictions : constant Restrictions_Info := 343 (Set => (others => False), 344 Value => (others => 0), 345 Violated => (others => False), 346 Count => (others => 0), 347 Unknown => (others => False)); 348 -- Used to initialize Restrictions_Info variables 349 350 ---------------------------------- 351 -- Profile Definitions and Data -- 352 ---------------------------------- 353 354 -- Note: to add a profile, modify the following declarations appropriately, 355 -- add Name_xxx to Snames, and add a branch to the conditions for pragmas 356 -- Profile and Profile_Warnings in the body of Sem_Prag. 357 358 type Profile_Name is 359 (No_Profile, 360 No_Implementation_Extensions, 361 Ravenscar, 362 Restricted); 363 -- Names of recognized profiles. No_Profile is used to indicate that a 364 -- restriction came from pragma Restrictions[_Warning], as opposed to 365 -- pragma Profile[_Warning]. 366 367 subtype Profile_Name_Actual is Profile_Name 368 range No_Implementation_Extensions .. Restricted; 369 -- Actual used profile names 370 371 type Profile_Data is record 372 Set : Restriction_Flags; 373 -- Set to True if given restriction must be set for the profile, and 374 -- False if it need not be set (False does not mean that it must not be 375 -- set, just that it need not be set). If the flag is True for a 376 -- parameter restriction, then the Value array gives the maximum value 377 -- permitted by the profile. 378 379 Value : Restriction_Values; 380 -- An entry in this array is meaningful only if the corresponding flag 381 -- in Set is True. In that case, the value in this array is the maximum 382 -- value of the parameter permitted by the profile. 383 end record; 384 385 Profile_Info : constant array (Profile_Name_Actual) of Profile_Data := ( 386 387 -- No_Implementation_Extensions profile 388 389 No_Implementation_Extensions => 390 391 (Set => 392 (No_Implementation_Aspect_Specifications => True, 393 No_Implementation_Attributes => True, 394 No_Implementation_Identifiers => True, 395 No_Implementation_Pragmas => True, 396 No_Implementation_Units => True, 397 others => False), 398 399 -- Value settings for Restricted profile (none 400 401 Value => 402 (others => 0)), 403 404 -- Restricted Profile 405 406 Restricted => 407 408 -- Restrictions for Restricted profile 409 410 (Set => 411 (No_Abort_Statements => True, 412 No_Asynchronous_Control => True, 413 No_Dynamic_Attachment => True, 414 No_Dynamic_Priorities => True, 415 No_Entry_Queue => True, 416 No_Local_Protected_Objects => True, 417 No_Protected_Type_Allocators => True, 418 No_Requeue_Statements => True, 419 No_Task_Allocators => True, 420 No_Task_Attributes_Package => True, 421 No_Task_Hierarchy => True, 422 No_Terminate_Alternatives => True, 423 Max_Asynchronous_Select_Nesting => True, 424 Max_Protected_Entries => True, 425 Max_Select_Alternatives => True, 426 Max_Task_Entries => True, 427 others => False), 428 429 -- Value settings for Restricted profile 430 431 Value => 432 (Max_Asynchronous_Select_Nesting => 0, 433 Max_Protected_Entries => 1, 434 Max_Select_Alternatives => 0, 435 Max_Task_Entries => 0, 436 others => 0)), 437 438 -- Ravenscar Profile 439 440 -- Note: the table entries here only represent the 441 -- required restriction profile for Ravenscar. The 442 -- full Ravenscar profile also requires: 443 444 -- pragma Dispatching_Policy (FIFO_Within_Priorities); 445 -- pragma Locking_Policy (Ceiling_Locking); 446 -- pragma Detect_Blocking 447 448 Ravenscar => 449 450 -- Restrictions for Ravenscar = Restricted profile .. 451 452 (Set => 453 (No_Abort_Statements => True, 454 No_Asynchronous_Control => True, 455 No_Dynamic_Attachment => True, 456 No_Dynamic_Priorities => True, 457 No_Entry_Queue => True, 458 No_Local_Protected_Objects => True, 459 No_Protected_Type_Allocators => True, 460 No_Requeue_Statements => True, 461 No_Task_Allocators => True, 462 No_Task_Attributes_Package => True, 463 No_Task_Hierarchy => True, 464 No_Terminate_Alternatives => True, 465 Max_Asynchronous_Select_Nesting => True, 466 Max_Protected_Entries => True, 467 Max_Select_Alternatives => True, 468 Max_Task_Entries => True, 469 470 -- plus these additional restrictions: 471 472 No_Calendar => True, 473 No_Implicit_Heap_Allocations => True, 474 No_Relative_Delay => True, 475 No_Select_Statements => True, 476 No_Task_Termination => True, 477 Simple_Barriers => True, 478 others => False), 479 480 -- Value settings for Ravenscar (same as Restricted) 481 482 Value => 483 (Max_Asynchronous_Select_Nesting => 0, 484 Max_Protected_Entries => 1, 485 Max_Select_Alternatives => 0, 486 Max_Task_Entries => 0, 487 others => 0))); 488 489end System.Rident; 490