Rationale for Ada 2005
5.7 High Integrity Systems annex
There are a few changes to this annex. The most noticeable
is that its title has been changed from Safety and Security to High
. This reflects common practice in that high-integrity
is now the accepted general term for systems such as safety-critical
systems and security-critical systems.
There are some small changes to reflect the introduction
of the Ravenscar profile (see Section 5.4
It is clarified that tasking is permitted in a high-integrity system
provided that it is well controlled through, for example, the use of
the Ravenscar profile. Also the new pragma Detect_Blocking
used by the Ravenscar profile is defined in this annex.
Another new pragma is Partition_Elaboration_Policy
Its syntax is
Two policy identifiers are predefined, namely, Concurrent
and Sequential. The pragma is a configuration
pragma and so applies throughout a partition. The default policy is Concurrent.
The normal behaviour in Ada when a program starts
is that a task declared at library level is activated by the environment
task and can begin to execute before all library level elaboration is
completed and before the main subprogram is called by the environment
task. Race conditions can arise especially when several library tasks
are involved. Problems also arise with the attachment of interrupt handlers.
If the policy Sequential
is specified then the rules are changed. The following things happen
The elaboration of all library units takes place
(this is done by the environment task) but library tasks are not activated
(we say their activation is deferred). Similarly the attachment of interrupt
handlers is deferred.
The environment task then attaches the interrupts.
The library tasks are then activated. While this
is happening the environment task is suspended.
Finally, the environment task then executes the
main subprogram in parallel with the executing tasks.
Note that from the library tasks' point of view they
go seamlessly from activation to execution. Moreover, they are assured
that all library units will have been elaborated and all handlers attached
before they execute.
is specified then
must also be specified. This ensures that all tasks
are at library level.
A final small point is that the Restrictions identifiers
are now banished to Annex
can be used instead.
© 2005, 2006, 2007 John Barnes Informatics.
Sponsored in part by: