1 ------------------------------------------------------------------------------
3 -- GNAT RUN-TIME COMPONENTS --
5 -- A D A . T A S K _ A T T R I B U T E S --
9 -- Copyright (C) 1991-1994, Florida State University --
10 -- Copyright (C) 1995-2005, Ada Core Technologies --
12 -- GNARL is free software; you can redistribute it and/or modify it under --
13 -- terms of the GNU General Public License as published by the Free Soft- --
14 -- ware Foundation; either version 2, or (at your option) any later ver- --
15 -- sion. GNARL is distributed in the hope that it will be useful, but WITH- --
16 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
17 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
18 -- for more details. You should have received a copy of the GNU General --
19 -- Public License distributed with GNARL; see file COPYING. If not, write --
20 -- to the Free Software Foundation, 51 Franklin Street, Fifth Floor, --
21 -- Boston, MA 02110-1301, USA. --
23 -- As a special exception, if other files instantiate generics from this --
24 -- unit, or you link this unit with other files to produce an executable, --
25 -- this unit does not by itself cause the resulting executable to be --
26 -- covered by the GNU General Public License. This exception does not --
27 -- however invalidate any other reasons why the executable file might be --
28 -- covered by the GNU Public License. --
30 -- GNARL was developed by the GNARL team at Florida State University. --
31 -- Extensive contributions were provided by Ada Core Technologies, Inc. --
33 ------------------------------------------------------------------------------
35 -- The following notes are provided in case someone decides the implementation
36 -- of this package is too complicated, or too slow. Please read this before
37 -- making any "simplifications".
39 -- Correct implementation of this package is more difficult than one might
40 -- expect. After considering (and coding) several alternatives, we settled on
41 -- the present compromise. Things we do not like about this implementation
44 -- - It is vulnerable to bad Task_Id values, to the extent of possibly
45 -- trashing memory and crashing the runtime system.
47 -- - It requires dynamic storage allocation for each new attribute value,
48 -- except for types that happen to be the same size as System.Address, or
51 -- - Instantiations at other than the library level rely on being able to
52 -- do down-level calls to a procedure declared in the generic package body.
53 -- This makes it potentially vulnerable to compiler changes.
55 -- The main implementation issue here is that the connection from task to
56 -- attribute is a potential source of dangling references.
58 -- When a task goes away, we want to be able to recover all the storage
59 -- associated with its attributes. The Ada mechanism for this is
60 -- finalization, via controlled attribute types. For this reason, the ARM
61 -- requires finalization of attribute values when the associated task
64 -- This finalization must be triggered by the tasking runtime system, during
65 -- termination of the task. Given the active set of instantiations of
66 -- Ada.Task_Attributes is dynamic, the number and types of attributes
67 -- belonging to a task will not be known until the task actually terminates.
68 -- Some of these types may be controlled and some may not. The RTS must find
69 -- some way to determine which of these attributes need finalization, and
70 -- invoke the appropriate finalization on them.
72 -- One way this might be done is to create a special finalization chain for
73 -- each task, similar to the finalization chain that is used for controlled
74 -- objects within the task. This would differ from the usual finalization
75 -- chain in that it would not have a LIFO structure, since attributes may be
76 -- added to a task at any time during its lifetime. This might be the right
77 -- way to go for the longer term, but at present this approach is not open,
78 -- since GNAT does not provide such special finalization support.
80 -- Lacking special compiler support, the RTS is limited to the normal ways an
81 -- application invokes finalization, i.e.
83 -- a) Explicit call to the procedure Finalize, if we know the type has this
84 -- operation defined on it. This is not sufficient, since we have no way
85 -- of determining whether a given generic formal Attribute type is
86 -- controlled, and no visibility of the associated Finalize procedure, in
89 -- b) Leaving the scope of a local object of a controlled type. This does not
90 -- help, since the lifetime of an instantiation of Ada.Task_Attributes
91 -- does not correspond to the lifetimes of the various tasks which may
92 -- have that attribute.
94 -- c) Assignment of another value to the object. This would not help, since
95 -- we then have to finalize the new value of the object.
97 -- d) Unchecked deallocation of an object of a controlled type. This seems to
98 -- be the only mechanism available to the runtime system for finalization
99 -- of task attributes.
101 -- We considered two ways of using unchecked deallocation, both based on a
102 -- linked list of that would hang from the task control block.
104 -- In the first approach the objects on the attribute list are all derived
105 -- from one controlled type, say T, and are linked using an access type to
106 -- T'Class. The runtime system has an Unchecked_Deallocation for T'Class with
107 -- access type T'Class, and uses this to deallocate and finalize all the
108 -- items in the list. The limitation of this approach is that each
109 -- instantiation of the package Ada.Task_Attributes derives a new record
110 -- extension of T, and since T is controlled (RM 3.9.1 (3)), instantiation is
111 -- only allowed at the library level.
113 -- In the second approach the objects on the attribute list are of unrelated
114 -- but structurally similar types. Unchecked conversion is used to circument
115 -- Ada type checking. Each attribute-storage node contains not only the
116 -- attribute value and a link for chaining, but also a pointer to descriptor
117 -- for the corresponding instantiation of Task_Attributes. The instantiation
118 -- descriptor contains pointer to a procedure that can do the correct
119 -- deallocation and finalization for that type of attribute. On task
120 -- termination, the runtime system uses the pointer to call the appropriate
123 -- While this gets around the limitation that instantations be at the library
124 -- level, it relies on an implementation feature that may not always be safe,
125 -- i.e. that it is safe to call the Deallocate procedure for an instantiation
126 -- of Ada.Task_Attributes that no longer exists. In general, it seems this
127 -- might result in dangling references.
129 -- Another problem with instantiations deeper than the library level is that
130 -- there is risk of storage leakage, or dangling references to reused
131 -- storage. That is, if an instantiation of Ada.Task_Attributes is made
132 -- within a procedure, what happens to the storage allocated for attributes,
133 -- when the procedure call returns? Apparently (RM 7.6.1 (4)) any such
134 -- objects must be finalized, since they will no longer be accessible, and in
135 -- general one would expect that the storage they occupy would be recovered
136 -- for later reuse. (If not, we would have a case of storage leakage.)
137 -- Assuming the storage is recovered and later reused, we have potentially
138 -- dangerous dangling references. When the procedure containing the
139 -- instantiation of Ada.Task_Attributes returns, there may still be
140 -- unterminated tasks with associated attribute values for that instantiation.
141 -- When such tasks eventually terminate, the RTS will attempt to call the
142 -- Deallocate procedure on them. If the corresponding storage has already
143 -- been deallocated, when the master of the access type was left, we have a
144 -- potential disaster. This disaster is compounded since the pointer to
145 -- Deallocate is probably through a "trampoline" which will also have been
148 -- For this reason, we arrange to remove all dangling references before
149 -- leaving the scope of an instantiation. This is ugly, since it requires
150 -- traversing the list of all tasks, but it is no more ugly than a similar
151 -- traversal that we must do at the point of instantiation in order to
152 -- initialize the attributes of all tasks. At least we only need to do these
153 -- traversals if the type is controlled.
155 -- We chose to defer allocation of storage for attributes until the Reference
156 -- function is called or the attribute is first set to a value different from
157 -- the default initial one. This allows a potential savings in allocation,
158 -- for attributes that are not used by all tasks.
160 -- For efficiency, we reserve space in the TCB for a fixed number of
161 -- direct-access attributes. These are required to be of a size that fits in
162 -- the space of an object of type System.Address. Because we must use
163 -- unchecked bitwise copy operations on these values, they cannot be of a
164 -- controlled type, but that is covered automatically since controlled
165 -- objects are too large to fit in the spaces.
167 -- We originally deferred the initialization of these direct-access
168 -- attributes, just as we do for the indirect-access attributes, and used a
169 -- per-task bit vector to keep track of which attributes were currently
170 -- defined for that task. We found that the overhead of maintaining this
171 -- bit-vector seriously slowed down access to the attributes, and made the
172 -- fetch operation non-atomic, so that even to read an attribute value
173 -- required locking the TCB. Therefore, we now initialize such attributes for
174 -- all existing tasks at the time of the attribute instantiation, and
175 -- initialize existing attributes for each new task at the time it is
178 -- The latter initialization requires a list of all the instantiation
179 -- descriptors. Updates to this list, as well as the bit-vector that is used
180 -- to reserve slots for attributes in the TCB, require mutual exclusion. That
181 -- is provided by the Lock/Unlock_RTS.
183 -- One special problem that added complexity to the design is that the
184 -- per-task list of indirect attributes contains objects of different types.
185 -- We use unchecked pointer conversion to link these nodes together and
186 -- access them, but the records may not have identical internal structure.
187 -- Initially, we thought it would be enough to allocate all the common
188 -- components of the records at the front of each record, so that their
189 -- positions would correspond. Unfortunately, GNAT adds "dope" information at
190 -- the front of a record, if the record contains any controlled-type
193 -- This means that the offset of the fields we use to link the nodes is at
194 -- different positions on nodes of different types. To get around this, each
195 -- attribute storage record consists of a core node and wrapper. The core
196 -- nodes are all of the same type, and it is these that are linked together
197 -- and generally "seen" by the RTS. Each core node contains a pointer to its
198 -- own wrapper, which is a record that contains the core node along with an
199 -- attribute value, approximately as follows:
202 -- type Node_Access is access all Node;
204 -- type Access_Wrapper is access all Wrapper;
205 -- type Node is record
206 -- Next : Node_Access;
208 -- Wrapper : Access_Wrapper;
210 -- type Wrapper is record
211 -- Dummy_Node : aliased Node;
212 -- Value : aliased Attribute; -- the generic formal type
215 -- Another interesting problem is with the initialization of the
216 -- instantiation descriptors. Originally, we did this all via the Initialize
217 -- procedure of the descriptor type and code in the package body. It turned
218 -- out that the Initialize procedure needed quite a bit of information,
219 -- including the size of the attribute type, the initial value of the
220 -- attribute (if it fits in the TCB), and a pointer to the deallocator
221 -- procedure. These needed to be "passed" in via access discriminants. GNAT
222 -- was having trouble with access discriminants, so all this work was moved
223 -- to the package body.
225 with Ada.Task_Identification;
230 with System.Error_Reporting;
231 -- Used for Shutdown;
233 with System.Storage_Elements;
234 -- Used for Integer_Address
236 with System.Task_Primitives.Operations;
237 -- Used for Write_Lock
242 -- Used for Access_Address
244 -- Direct_Index_Vector
247 with System.Tasking.Initialization;
248 -- Used for Defer_Abortion
250 -- Initialize_Attributes_Link
251 -- Finalize_Attributes_Link
253 with System.Tasking.Task_Attributes;
254 -- Used for Access_Node
255 -- Access_Dummy_Wrapper
262 -- Used for Raise_Exception
264 with Unchecked_Conversion;
265 with Unchecked_Deallocation;
267 pragma Elaborate_All (System.Tasking.Task_Attributes);
268 -- To ensure the initialization of object Local (below) will work
270 package body Ada.Task_Attributes is
272 use System.Error_Reporting,
273 System.Tasking.Initialization,
275 System.Tasking.Task_Attributes,
278 use type System.Tasking.Access_Address;
280 package POP renames System.Task_Primitives.Operations;
282 ---------------------------
283 -- Unchecked Conversions --
284 ---------------------------
286 -- The following type corresponds to Dummy_Wrapper,
287 -- declared in System.Tasking.Task_Attributes.
290 type Access_Wrapper is access all Wrapper;
292 pragma Warnings (Off);
293 -- We turn warnings off for the following declarations of the
294 -- To_Attribute_Handle conversions, since these are used only for small
295 -- attributes where we know that there are no problems with alignment, but
296 -- the compiler will generate warnings for the occurrences in the large
297 -- attribute case, even though they will not actually be used.
299 function To_Attribute_Handle is new Unchecked_Conversion
300 (System.Address, Attribute_Handle);
301 function To_Direct_Attribute_Element is new Unchecked_Conversion
302 (System.Address, Direct_Attribute_Element);
303 -- For reference to directly addressed task attributes
305 type Access_Integer_Address is access all
306 System.Storage_Elements.Integer_Address;
308 function To_Attribute_Handle is new Unchecked_Conversion
309 (Access_Integer_Address, Attribute_Handle);
310 -- For reference to directly addressed task attributes
312 pragma Warnings (On);
313 -- End of warnings off region for directly addressed
314 -- attribute conversion functions.
316 function To_Access_Address is new Unchecked_Conversion
317 (Access_Node, Access_Address);
318 -- To store pointer to list of indirect attributes
320 pragma Warnings (Off);
321 function To_Access_Wrapper is new Unchecked_Conversion
322 (Access_Dummy_Wrapper, Access_Wrapper);
323 pragma Warnings (On);
324 -- To fetch pointer to actual wrapper of attribute node. We turn off
325 -- warnings since this may generate an alignment warning. The warning can
326 -- be ignored since Dummy_Wrapper is only a non-generic standin for the
327 -- real wrapper type (we never actually allocate objects of type
330 function To_Access_Dummy_Wrapper is new Unchecked_Conversion
331 (Access_Wrapper, Access_Dummy_Wrapper);
332 -- To store pointer to actual wrapper of attribute node
334 function To_Task_Id is new Unchecked_Conversion
335 (Task_Identification.Task_Id, Task_Id);
336 -- To access TCB of identified task
338 type Local_Deallocator is access procedure (P : in out Access_Node);
340 function To_Lib_Level_Deallocator is new Unchecked_Conversion
341 (Local_Deallocator, Deallocator);
342 -- To defeat accessibility check
344 pragma Warnings (On);
346 ------------------------
347 -- Storage Management --
348 ------------------------
350 procedure Deallocate (P : in out Access_Node);
351 -- Passed to the RTS via unchecked conversion of a pointer to
352 -- permit finalization and deallocation of attribute storage nodes
354 --------------------------
355 -- Instantiation Record --
356 --------------------------
358 Local : aliased Instance;
359 -- Initialized in package body
361 type Wrapper is record
362 Dummy_Node : aliased Node;
364 Value : aliased Attribute := Initial_Value;
365 -- The generic formal type, may be controlled
368 -- A number of unchecked conversions involving Wrapper_Access sources
369 -- are performed in this unit. We have to ensure that the designated
370 -- object is always strictly enough aligned.
372 for Wrapper'Alignment use Standard'Maximum_Alignment;
375 new Unchecked_Deallocation (Wrapper, Access_Wrapper);
377 procedure Deallocate (P : in out Access_Node) is
378 T : Access_Wrapper := To_Access_Wrapper (P.Wrapper);
389 (T : Task_Identification.Task_Id := Task_Identification.Current_Task)
390 return Attribute_Handle
392 TT : constant Task_Id := To_Task_Id (T);
393 Error_Message : constant String := "Trying to get the reference of a ";
397 Raise_Exception (Program_Error'Identity, Error_Message & "null task");
400 if TT.Common.State = Terminated then
401 Raise_Exception (Tasking_Error'Identity,
402 Error_Message & "terminated task");
405 -- Directly addressed case
407 if Local.Index /= 0 then
409 -- Return the attribute handle. Warnings off because this return
410 -- statement generates alignment warnings for large attributes
411 -- (but will never be executed in this case anyway).
413 pragma Warnings (Off);
415 To_Attribute_Handle (TT.Direct_Attributes (Local.Index)'Address);
416 pragma Warnings (On);
418 -- Not directly addressed
422 P : Access_Node := To_Access_Node (TT.Indirect_Attributes);
424 Self_Id : constant Task_Id := POP.Self;
427 Defer_Abort (Self_Id);
431 if P.Instance = Access_Instance'(Local'Unchecked_Access) then
433 Undefer_Abort (Self_Id);
434 return To_Access_Wrapper (P.Wrapper).Value'Access;
440 -- Unlock the RTS here to follow the lock ordering rule
441 -- that prevent us from using new (i.e the Global_Lock) while
442 -- holding any other lock.
446 ((null, Local'Unchecked_Access, null), Initial_Value);
449 P := W.Dummy_Node'Unchecked_Access;
450 P.Wrapper := To_Access_Dummy_Wrapper (W);
451 P.Next := To_Access_Node (TT.Indirect_Attributes);
452 TT.Indirect_Attributes := To_Access_Address (P);
454 Undefer_Abort (Self_Id);
455 return W.Value'Access;
460 Undefer_Abort (Self_Id);
465 pragma Assert (Shutdown ("Should never get here in Reference"));
469 when Tasking_Error | Program_Error =>
480 procedure Reinitialize
481 (T : Task_Identification.Task_Id := Task_Identification.Current_Task)
483 TT : constant Task_Id := To_Task_Id (T);
484 Error_Message : constant String := "Trying to Reinitialize a ";
488 Raise_Exception (Program_Error'Identity, Error_Message & "null task");
491 if TT.Common.State = Terminated then
492 Raise_Exception (Tasking_Error'Identity,
493 Error_Message & "terminated task");
496 if Local.Index /= 0 then
497 Set_Value (Initial_Value, T);
502 Self_Id : constant Task_Id := POP.Self;
505 Defer_Abort (Self_Id);
507 Q := To_Access_Node (TT.Indirect_Attributes);
510 if Q.Instance = Access_Instance'(Local'Unchecked_Access) then
512 TT.Indirect_Attributes := To_Access_Address (Q.Next);
517 W := To_Access_Wrapper (Q.Wrapper);
520 Undefer_Abort (Self_Id);
529 Undefer_Abort (Self_Id);
534 Undefer_Abort (Self_Id);
540 when Tasking_Error | Program_Error =>
553 T : Task_Identification.Task_Id := Task_Identification.Current_Task)
555 TT : constant Task_Id := To_Task_Id (T);
556 Error_Message : constant String := "Trying to Set the Value of a ";
560 Raise_Exception (Program_Error'Identity, Error_Message & "null task");
563 if TT.Common.State = Terminated then
564 Raise_Exception (Tasking_Error'Identity,
565 Error_Message & "terminated task");
568 -- Directly addressed case
570 if Local.Index /= 0 then
572 -- Set attribute handle, warnings off, because this code can generate
573 -- alignment warnings with large attributes (but of course will not
574 -- be executed in this case, since we never have direct addressing in
577 pragma Warnings (Off);
579 (TT.Direct_Attributes (Local.Index)'Address).all := Val;
580 pragma Warnings (On);
584 -- Not directly addressed
587 P : Access_Node := To_Access_Node (TT.Indirect_Attributes);
589 Self_Id : constant Task_Id := POP.Self;
592 Defer_Abort (Self_Id);
597 if P.Instance = Access_Instance'(Local'Unchecked_Access) then
598 To_Access_Wrapper (P.Wrapper).Value := Val;
600 Undefer_Abort (Self_Id);
607 -- Unlock RTS here to follow the lock ordering rule that prevent us
608 -- from using new (i.e the Global_Lock) while holding any other
612 W := new Wrapper'((null, Local'Unchecked_Access, null), Val);
614 P := W.Dummy_Node'Unchecked_Access;
615 P.Wrapper := To_Access_Dummy_Wrapper (W);
616 P.Next := To_Access_Node (TT.Indirect_Attributes);
617 TT.Indirect_Attributes := To_Access_Address (P);
620 Undefer_Abort (Self_Id);
625 Undefer_Abort (Self_Id);
630 when Tasking_Error | Program_Error =>
642 (T : Task_Identification.Task_Id := Task_Identification.Current_Task)
645 TT : constant Task_Id := To_Task_Id (T);
646 Error_Message : constant String := "Trying to get the Value of a ";
650 Raise_Exception (Program_Error'Identity, Error_Message & "null task");
653 if TT.Common.State = Terminated then
655 (Program_Error'Identity, Error_Message & "terminated task");
658 -- Directly addressed case
660 if Local.Index /= 0 then
662 -- Get value of attribute. Warnings off, because for large
663 -- attributes, this code can generate alignment warnings. But of
664 -- course large attributes are never directly addressed so in fact
665 -- we will never execute the code in this case.
667 pragma Warnings (Off);
668 return To_Attribute_Handle
669 (TT.Direct_Attributes (Local.Index)'Address).all;
670 pragma Warnings (On);
673 -- Not directly addressed
678 Self_Id : constant Task_Id := POP.Self;
681 Defer_Abort (Self_Id);
683 P := To_Access_Node (TT.Indirect_Attributes);
686 if P.Instance = Access_Instance'(Local'Unchecked_Access) then
687 Result := To_Access_Wrapper (P.Wrapper).Value;
689 Undefer_Abort (Self_Id);
697 Undefer_Abort (Self_Id);
698 return Initial_Value;
703 Undefer_Abort (Self_Id);
708 when Tasking_Error | Program_Error =>
715 -- Start of elaboration code for package Ada.Task_Attributes
718 -- This unchecked conversion can give warnings when alignments
719 -- are incorrect, but they will not be used in such cases anyway,
720 -- so the warnings can be safely ignored.
722 pragma Warnings (Off);
723 Local.Deallocate := To_Lib_Level_Deallocator (Deallocate'Access);
724 pragma Warnings (On);
727 Two_To_J : Direct_Index_Vector;
728 Self_Id : constant Task_Id := POP.Self;
730 Defer_Abort (Self_Id);
732 -- Need protection for updating links to per-task initialization and
733 -- finalization routines, in case some task is being created or
734 -- terminated concurrently.
738 -- Add this instantiation to the list of all instantiations
740 Local.Next := System.Tasking.Task_Attributes.All_Attributes;
741 System.Tasking.Task_Attributes.All_Attributes :=
742 Local'Unchecked_Access;
744 -- Try to find space for the attribute in the TCB
749 if Attribute'Size <= System.Address'Size then
750 for J in Direct_Index_Range loop
751 if (Two_To_J and In_Use) = 0 then
753 -- Reserve location J for this attribute
755 In_Use := In_Use or Two_To_J;
758 -- This unchecked conversions can give a warning when the the
759 -- alignment is incorrect, but it will not be used in such a
760 -- case anyway, so the warning can be safely ignored.
762 pragma Warnings (Off);
763 To_Attribute_Handle (Local.Initial_Value'Access).all :=
765 pragma Warnings (On);
770 Two_To_J := Two_To_J * 2;
774 -- Attribute goes directly in the TCB
776 if Local.Index /= 0 then
777 -- Replace stub for initialization routine that is called at task
780 Initialization.Initialize_Attributes_Link :=
781 System.Tasking.Task_Attributes.Initialize_Attributes'Access;
783 -- Initialize the attribute, for all tasks
786 C : System.Tasking.Task_Id := System.Tasking.All_Tasks_List;
789 C.Direct_Attributes (Local.Index) :=
790 To_Direct_Attribute_Element
791 (System.Storage_Elements.To_Address (Local.Initial_Value));
792 C := C.Common.All_Tasks_Link;
796 -- Attribute goes into a node onto a linked list
799 -- Replace stub for finalization routine that is called at task
802 Initialization.Finalize_Attributes_Link :=
803 System.Tasking.Task_Attributes.Finalize_Attributes'Access;
807 Undefer_Abort (Self_Id);
809 end Ada.Task_Attributes;