1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>AARM95 - Safety and Security Restrictions</TITLE>
<META NAME="Author" CONTENT="JTC1/SC22/WG9/ARG, by Randall Brukardt, ARG Editor">
<META NAME="GENERATOR" CONTENT="Arm_Form.Exe, Ada Reference Manual generator">
<STYLE type="text/css">
DIV.paranum {position: absolute; font-family: Arial, Helvetica, sans-serif; left: 0.5 em; top: auto}
TT {font-family: "Courier New", monospace}
DT {display: compact}
DIV.Normal {font-family: "Times New Roman", Times, serif; margin-bottom: 0.6em}
DIV.Wide {font-family: "Times New Roman", Times, serif; margin-top: 0.6em; margin-bottom: 0.6em}
DIV.Annotations {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-bottom: 0.6em}
DIV.WideAnnotations {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-top: 0.6em; margin-bottom: 0.6em}
DIV.Index {font-family: "Times New Roman", Times, serif}
DIV.SyntaxSummary {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-bottom: 0.4em}
DIV.Notes {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-bottom: 0.6em}
DIV.NotesHeader {font-family: "Times New Roman", Times, serif; margin-left: 2.0em}
DIV.SyntaxIndented {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-bottom: 0.4em}
DIV.Indented {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-bottom: 0.6em}
DIV.CodeIndented {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-bottom: 0.6em}
DIV.SmallIndented {font-family: "Times New Roman", Times, serif; margin-left: 10.0em; margin-bottom: 0.6em}
DIV.SmallCodeIndented {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-bottom: 0.6em}
DIV.Examples {font-family: "Courier New", monospace; margin-left: 2.0em; margin-bottom: 0.6em}
DIV.SmallExamples {font-family: "Courier New", monospace; font-size: 80%; margin-left: 7.5em; margin-bottom: 0.6em}
DIV.IndentedExamples {font-family: "Courier New", monospace; margin-left: 8.0em; margin-bottom: 0.6em}
DIV.SmallIndentedExamples {font-family: "Courier New", monospace; font-size: 80%; margin-left: 15.0em; margin-bottom: 0.6em}
UL.Bulleted {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-right: 2.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.SmallBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.NestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.SmallNestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-right: 8.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.IndentedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-right: 8.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.CodeIndentedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.CodeIndentedNestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-right: 8.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.SyntaxIndentedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.NotesBulleted {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.NotesNestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
DL.Hanging {font-family: "Times New Roman", Times, serif; margin-top: 0em; margin-bottom: 0.6em}
DD.Hanging {margin-left: 6.0em}
DL.IndentedHanging {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-top: 0em; margin-bottom: 0.6em}
DD.IndentedHanging {margin-left: 2.0em}
DL.HangingInBulleted {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-right: 2.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.HangingInBulleted {margin-left: 4.0em}
DL.SmallHanging {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-top: 0em; margin-bottom: 0.6em}
DD.SmallHanging {margin-left: 7.5em}
DL.SmallIndentedHanging {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-top: 0em; margin-bottom: 0.6em}
DD.SmallIndentedHanging {margin-left: 2.0em}
DL.SmallHangingInBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.SmallHangingInBulleted {margin-left: 5.0em}
DL.Enumerated {font-family: "Times New Roman", Times, serif; margin-right: 0.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.Enumerated {margin-left: 2.0em}
DL.SmallEnumerated {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.SmallEnumerated {margin-left: 2.5em}
DL.NestedEnumerated {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-right: 2.0em; margin-top: 0em; margin-bottom: 0.5em}
DL.SmallNestedEnumerated {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
</STYLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFF0" LINK="#0000FF" VLINK="#800080" ALINK="#FF0000">
<P><A HREF="AA-TOC.html">Contents</A> <A HREF="AA-0-29.html">Index</A> <A HREF="AA-H-3-2.html">Previous</A> <A HREF="AA-J.html">Next</A></P>
<HR>
<H1> H.4 Safety and Security Restrictions</H1>
<DIV Class="Paranum"><FONT SIZE=-2>1</FONT></DIV>
<DIV Class="Normal"> This clause defines restrictions that can be used
with pragma Restrictions (see <A HREF="AA-13-12.html">13.12</A>); these
facilitate the demonstration of program correctness by allowing tailored
versions of the run-time system. </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>1.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>Note that the
restrictions are absolute. If a partition has 100 library units and just
one needs Unchecked_Conversion, then the pragma cannot be used to ensure
the other 99 units do not use Unchecked_Conversion. Note also that these
are restrictions on all Ada code within a partition, and therefore it
may not be evident from the specification of a package whether a restriction
can be imposed.</FONT></DIV>
<H4 ALIGN=CENTER>Static Semantics</H4>
<DIV Class="Paranum"><FONT SIZE=-2>2</FONT></DIV>
<DIV Class="Normal"> The following restrictions, the same as in <A HREF="AA-D-7.html">D.7</A>,
apply in this Annex: No_Task_Hierarchy, No_Abort_Statement, No_Implicit_Heap_Allocation,
Max_Task_Entries is 0, Max_Asynchronous_Select_Nesting is 0, and Max_Tasks
is 0. [The last three restrictions are checked prior to program execution.]</DIV>
<DIV Class="Paranum"><FONT SIZE=-2>3</FONT></DIV>
<DIV Class="Normal" Style="margin-bottom: 0.9em"> The following additional
restrictions apply in this Annex.</DIV>
<DIV Class="Paranum"><FONT SIZE=-2>4</FONT></DIV>
<DIV Class="Normal" Style="margin-bottom: 0.4em"> <B>Tasking-related
restriction:</B> </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>5</FONT></DIV>
<DL Class="Hanging" Style="margin-bottom: 0.9em"><DT> <A NAME="I7308"></A>No_Protected_Types <DD Class="Hanging">
There are no declarations of protected types or protected objects.</DL>
<DIV Class="Paranum"><FONT SIZE=-2>6</FONT></DIV>
<DL Class="Hanging" Style="margin-bottom: 0.4em"><DT> <B>Memory-management related restrictions:</B></DL>
<DIV Class="Paranum"><FONT SIZE=-2>7</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7309"></A>No_Allocators <DD Class="Hanging">
There are no occurrences of an <FONT FACE="Arial, Helvetica">allocator</FONT>.</DL>
<DIV Class="Paranum"><FONT SIZE=-2>8/1</FONT></DIV>
<DL Class="Hanging"><DT> {<I><A HREF="defect1.html#8652/0042">8652/0042</A></I>} <A NAME="I7310"></A>No_Local_Allocators
<DD Class="Hanging">
<FONT FACE="Arial, Helvetica">Allocator</FONT>s are prohibited in subprograms,
generic subprograms, tasks, and entry bodies<S>; instantiations of generic
packages are also prohibited in these contexts</S>. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>8.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B>Thus <FONT FACE="Arial, Helvetica">allocator</FONT>s
are permitted only in expressions whose evaluation can only be performed
before the main subprogram is invoked. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>8.b/1</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><FONT SIZE=-1><I>This paragraph
was deleted.</I></FONT><B>Reason: </B>{<I><A HREF="defect1.html#8652/0042">8652/0042</A></I>}
<S>The reason for the prohibition against instantiations of generic packages
is to avoid contract model violations. An alternative would be to prohibit
<FONT FACE="Arial, Helvetica">allocator</FONT>s from generic packages,
but it seems preferable to allow generality on the defining side and
then place the restrictions on the usage (instantiation), rather than
inhibiting what can be in the generic while liberalizing where they can
be instantiated.</S> </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>9</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7311"></A>No_Unchecked_Deallocation <DD Class="Hanging">
Semantic dependence on Unchecked_Deallocation is not allowed. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>9.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>This restriction
would be useful in those contexts in which heap storage is needed on
program start-up, but need not be increased subsequently. The danger
of a dangling pointer can therefore be avoided.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>10</FONT></DIV>
<DL Class="Hanging" Style="margin-bottom: 0.9em"><DT> Immediate_Reclamation <DD Class="Hanging">
Except for storage occupied by objects created by <FONT FACE="Arial, Helvetica">allocator</FONT>s
and not deallocated via unchecked deallocation, any storage reserved
at run time for an object is immediately reclaimed when the object no
longer exists. <A NAME="I7312"></A></DL>
<DIV Class="Paranum"><FONT SIZE=-2>10.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>Immediate reclamation
would apply to storage created by the compiler, such as for a return
value from a function whose size is not known at the call site. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>11</FONT></DIV>
<DL Class="Hanging" Style="margin-bottom: 0.4em"><DT> <B>Exception-related restriction:</B></DL>
<DIV Class="Paranum"><FONT SIZE=-2>12</FONT></DIV>
<DL Class="Hanging" Style="margin-bottom: 0.9em"><DT> <A NAME="I7313"></A>No_Exceptions <DD Class="Hanging">
<FONT FACE="Arial, Helvetica">Raise_statement</FONT>s and <FONT FACE="Arial, Helvetica">exception_handler</FONT>s
are not allowed. No language-defined run-time checks are generated; however,
a run-time check performed automatically by the hardware is permitted.
</DL>
<DIV Class="Paranum"><FONT SIZE=-2>12.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>This restriction
mirrors a method of working that is quite common in the safety area.
The programmer is required to show that exceptions cannot be raised.
Then a simplified run-time system is used without exception handling.
However, some hardware checks may still be enforced. If the software
check would have failed, or if the hardware check actually fails, then
the execution of the program is unpredictable. There are obvious dangers
in this approach, but it is similar to programming at the assembler level.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>13</FONT></DIV>
<DL Class="Hanging" Style="margin-bottom: 0.4em"><DT> <B>Other restrictions:</B></DL>
<DIV Class="Paranum"><FONT SIZE=-2>14</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7314"></A>No_Floating_Point <DD Class="Hanging">
Uses of predefined floating point types and operations, and declarations
of new floating point types, are not allowed. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>14.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>The intention
is to avoid the use of floating point hardware at run time, but this
is expressed in language terms. It is conceivable that floating point
is used implicitly in some contexts, say fixed point type conversions
of high accuracy. However, the Implementation Requirements below make
it clear that the restriction would apply to the ``run-time system''
and hence not be allowed. This parameter could be used to inform a compiler
that a variant of the architecture is being used which does not have
floating point instructions.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>15</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7315"></A>No_Fixed_Point <DD Class="Hanging">
Uses of predefined fixed point types and operations, and declarations
of new fixed point types, are not allowed. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>15.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>This restriction
would have the side-effect of prohibiting the <FONT FACE="Arial, Helvetica">delay_relative_statement</FONT>.
As with the No_Floating_Point restriction, this might be used to avoid
any question of rounding errors. Unless an Ada run-time is written in
Ada, it seems hard to rule out implicit use of fixed point, since at
the machine level, fixed point is virtually the same as integer arithmetic.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>16</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7316"></A>No_Unchecked_Conversion <DD Class="Hanging">
Semantic dependence on the predefined generic Unchecked_Conversion is
not allowed. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>16.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>Most critical
applications would require some restrictions or additional validation
checks on uses of unchecked conversion. If the application does not require
the functionality, then this restriction provides a means of ensuring
the design requirement has been satisfied. The same applies to several
of the following restrictions.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>17</FONT></DIV>
<DL Class="Hanging"><DT> No_Access_Subprograms <DD Class="Hanging">
The declaration of access-to-subprogram types is not allowed. <A NAME="I7317"></A></DL>
<DIV Class="Paranum"><FONT SIZE=-2>18</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7318"></A>No_Unchecked_Access <DD Class="Hanging">
The <A NAME="I7319"></A>Unchecked_Access attribute is not allowed.</DL>
<DIV Class="Paranum"><FONT SIZE=-2>19</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7320"></A>No_Dispatch <DD Class="Hanging">
Occurrences of T'Class are not allowed, for any (tagged) subtype T.</DL>
<DIV Class="Paranum"><FONT SIZE=-2>20</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7321"></A>No_IO <DD Class="Hanging">
Semantic dependence on any of the library units Sequential_IO, Direct_IO,
Text_IO, Wide_Text_IO, or Stream_IO is not allowed. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>20.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>Excluding the
input-output facilities of an implementation may be needed in those environments
which cannot support the supplied functionality. A program in such an
environment is likely to require some low level facilities or a call
on a non-Ada feature.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>21</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7322"></A>No_Delay <DD Class="Hanging">
<FONT FACE="Arial, Helvetica">Delay_Statement</FONT>s and semantic dependence
on package Calendar are not allowed. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>21.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B>This implies
that <FONT FACE="Arial, Helvetica">delay_alternative</FONT>s in a <FONT FACE="Arial, Helvetica">select_statement</FONT>
are prohibited.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>21.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>The purpose of this restriction
is to avoid the need for timing facilities within the run-time system.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7323"></A>No_Recursion <DD Class="Hanging">
As part of the execution of a subprogram, the same subprogram is not
invoked.</DL>
<DIV Class="Paranum"><FONT SIZE=-2>23</FONT></DIV>
<DL Class="Hanging"><DT> <A NAME="I7324"></A>No_Reentrancy <DD Class="Hanging">
During the execution of a subprogram by a task, no other task invokes
the same subprogram.</DL>
<H4 ALIGN=CENTER>Implementation Requirements</H4>
<DIV Class="Paranum"><FONT SIZE=-2>24</FONT></DIV>
<DIV Class="Normal"> If an implementation supports <FONT FACE="Arial, Helvetica">pragma</FONT>
Restrictions for a particular argument, then except for the restrictions
No_Unchecked_Deallocation, No_Unchecked_Conversion, No_Access_Subprograms,
and No_Unchecked_Access, the associated restriction applies to the run-time
system. </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>24.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Reason: </B>Permission is granted
for the run-time system to use the specified otherwise-restricted features,
since the use of these features may simplify the run-time system by allowing
more of it to be written in Ada. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>24.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>The restrictions
that are applied to the partition are also applied to the run-time system.
For example, if No_Floating_Point is specified, then an implementation
that uses floating point for implementing the delay statement (say) would
require that No_Floating_Point is only used in conjunction with No_Delay.
It is clearly important that restrictions are effective so that Max_Tasks=0
does imply that tasking is not used, even implicitly (for input-output,
say).</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>24.c</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>An implementation of tasking could
be produced based upon a run-time system written in Ada in which the
rendezvous was controlled by protected types. In this case, No_Protected_Types
could only be used in conjunction with Max_Task_Entries=0. Other implementation
dependencies could be envisaged.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>24.d</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>If the run-time system is not
written in Ada, then the wording needs to be applied in an appropriate
fashion.</FONT></DIV>
<H4 ALIGN=CENTER>Documentation Requirements</H4>
<DIV Class="Paranum"><FONT SIZE=-2>25</FONT></DIV>
<DIV Class="Normal"> If a pragma Restrictions(No_Exceptions) is specified,
the implementation shall document the effects of all constructs where
language-defined checks are still performed automatically (for example,
an overflow check performed by the processor). </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>25.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Implementation defined: </B>Implementation-defined
aspects of pragma Restrictions.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>25.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>The documentation
requirements here are quite difficult to satisfy. One method is to review
the object code generated and determine the checks that are still present,
either explicitly, or implicitly within the architecture. As another
example from that of overflow, consider the question of deferencing a
null pointer. This could be undertaken by a memory access trap when checks
are performed. When checks are suppressed via the argument No_Exceptions,
it would not be necessary to have the memory access trap mechanism enabled.</FONT></DIV>
<H4 ALIGN=CENTER>Erroneous Execution</H4>
<DIV Class="Paranum"><FONT SIZE=-2>26</FONT></DIV>
<DIV Class="Normal"> <A NAME="I7325"></A>Program execution is erroneous
if pragma Restrictions(No_Exceptions) has been specified and the conditions
arise under which a generated language-defined run-time check would fail.
</DIV>
<DIV Class="Paranum"><FONT SIZE=-2>26.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>The situation
here is very similar to the application of pragma Suppress. Since users
are removing some of the protection the language provides, they had better
be careful!</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>27</FONT></DIV>
<DIV Class="Normal"> <A NAME="I7326"></A>Program execution is erroneous
if pragma Restrictions(No_Recursion) has been specified and a subprogram
is invoked as part of its own execution, or if pragma Restrictions(No_Reentrancy)
has been specified and during the execution of a subprogram by a task,
another task invokes the same subprogram. </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>27.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>In practice,
many implementations may not exploit the absence of recursion or need
for reentrancy, in which case the program execution would be unaffected
by the use of recursion or reentrancy, even though the program is still
formally erroneous.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>27.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Implementation defined: </B>Any
restrictions on pragma Restrictions.</FONT></DIV>
<HR>
<P><A HREF="AA-TOC.html">Contents</A> <A HREF="AA-0-29.html">Index</A> <A HREF="AA-H-3-2.html">Previous</A> <A HREF="AA-J.html">Next</A> <A HREF="AA-TTL.html">Legal</A></P>
</BODY>
</HTML>
|
