Contents   Index   Search   Previous   Next

9.8 Abort of a Task - Abort of a Sequence of Statements

   [An abort_statement causes one or more tasks to become abnormal, thus preventing any further interaction with such tasks. The completion of the triggering_statement of an asynchronous_select causes a sequence_of_statements to be aborted.]


abort_statement ::= abort task_name {, task_name};

Name Resolution Rules

   {expected type (abort_statement task_name) [partial]} Each task_name is expected to be of any task type[; they need not all be of the same task type.]

Dynamic Semantics

   {execution (abort_statement) [partial]} For the execution of an abort_statement, the given task_names are evaluated in an arbitrary order. {abort (of a task)} {abnormal task} {task state (abnormal) [partial]} Each named task is then aborted, which consists of making the task abnormal and aborting the execution of the corresponding task_body, unless it is already completed.
Ramification: Note that aborting those tasks is not defined to be an abort-deferred operation. Therefore, if one of the named tasks is the task executing the abort_statement, or if the task executing the abort_statement depends on one of the named tasks, then it is possible for the execution of the abort_statement to be aborted, thus leaving some of the tasks unaborted. This allows the implementation to use either a sequence of calls to an ``abort task'' RTS primitive, or a single call to an ``abort list of tasks'' RTS primitive.
   {execution (aborting the execution of a construct) [partial]} {abort (of the execution of a construct)} When the execution of a construct is aborted (including that of a task_body or of a sequence_of_statements), the execution of every construct included within the aborted execution is also aborted, except for executions included within the execution of an abort-deferred operation; the execution of an abort-deferred operation continues to completion without being affected by the abort; {abort-deferred operation} the following are the abort-deferred operations:
    [The last three of these are discussed further in 7.6.]
Reason: Deferring abort during Initialize and finalization allows, for example, the result of an allocator performed in an Initialize operation to be assigned into an access object without being interrupted in the middle, which would cause storage leaks. For an object with several controlled parts, each individual Initialize is abort-deferred. Note that there is generally no semantic difference between making each Finalize abort-deferred, versus making a group of them abort-deferred, because if the task gets aborted, the first thing it will do is complete any remaining finalizations. Individual objects are finalized prior to an assignment operation (if nonlimited controlled) and as part of Unchecked_Deallocation.
Ramification: Abort is deferred during the entire assignment operation to an object with a controlled part, even if only some subcomponents are controlled. Note that this says "assignment operation," not "assignment_statement." Explicit calls to Initialize, Finalize, or Adjust are not abort-deferred.
    When a master is aborted, all tasks that depend on that master are aborted.
    {unspecified [partial]} The order in which tasks become abnormal as the result of an abort_statement or the abort of a sequence_of_statements is not specified by the language.
    If the execution of an entry call is aborted, an immediate attempt is made to cancel the entry call (see 9.5.3). If the execution of a construct is aborted at a time when the execution is blocked, other than for an entry call, at a point that is outside the execution of an abort-deferred operation, then the execution of the construct completes immediately. For an abort due to an abort_statement, these immediate effects occur before the execution of the abort_statement completes. Other than for these immediate cases, the execution of a construct that is aborted does not necessarily complete before the abort_statement completes. However, the execution of the aborted construct completes no later than its next abort completion point (if any) that occurs outside of an abort-deferred operation; {abort completion point} the following are abort completion points for an execution:
Ramification: Although the abort completion point doesn't occur until the end of the entry call or delay_statement, these operations might be cut short because an abort attempts to cancel them.
Reason: The start of an exception_handler is considered an abort completion point simply because it is easy for an implementation to check at such points.
Implementation Note: Implementations may of course check for abort more often than at each abort completion point; ideally, a fully preemptive implementation of abort will be provided. If preemptive abort is not supported in a given environment, then supporting the checking for abort as part of subprogram calls and loop iterations might be a useful option.

Bounded (Run-Time) Errors

    {bounded error (cause) [partial]} An attempt to execute an asynchronous_select as part of the execution of an abort-deferred operation is a bounded error. Similarly, an attempt to create a task that depends on a master that is included entirely within the execution of an abort-deferred operation is a bounded error. {Program_Error (raised by failure of run-time check)} In both cases, Program_Error is raised if the error is detected by the implementation; otherwise the operations proceed as they would outside an abort-deferred operation, except that an abort of the abortable_part or the created task might or might not have an effect.
Reason: An asynchronous_select relies on an abort of the abortable_part to effect the asynchronous transfer of control. For an asynchronous_select within an abort-deferred operation, the abort might have no effect.
Creating a task dependent on a master included within an abort-deferred operation is considered an error, because such tasks could be aborted while the abort-deferred operation was still progressing, undermining the purpose of abort-deferral. Alternatively, we could say that such tasks are abort-deferred for their entire execution, but that seems too easy to abuse. Note that task creation is already a bounded error in protected actions, so this additional rule only applies to local task creation as part of Initialize, Finalize, or Adjust.

Erroneous Execution

    {normal state of an object [partial]} {abnormal state of an object [partial]} {disruption of an assignment} {erroneous execution (cause) [partial]} If an assignment operation completes prematurely due to an abort, the assignment is said to be disrupted; the target of the assignment or its parts can become abnormal, and certain subsequent uses of the object can be erroneous, as explained in 13.9.1.
38  An abort_statement should be used only in situations requiring unconditional termination.
39  A task is allowed to abort any task it can name, including itself.
40  Additional requirements associated with abort are given in D.6, ``Preemptive Abort''.

Wording Changes from Ada 83

This clause has been rewritten to accommodate the concept of aborting the execution of a construct, rather than just of a task.

Contents   Index   Search   Previous   Next   Legal