13.12 Pragma Restrictions and Pragma ProfilePragma Restrictions
Restrictions expresses the user's intent to abide by certain restrictions. A pragma Profile
expresses the user's intent to abide by a set of Restrictions or other
specified run-time policies. These This
may facilitate the construction of simpler run-time environments.]
The form of a pragma
Restrictions is as follows:
Name Resolution Rules
Unless otherwise specified for
a particular restriction, the expression
is expected to be of any integer type.
Unless otherwise specified for a particular restriction,
shall be static, and its value shall be nonnegative.
The set of restrictions restrictions
is implementation defined.
The set of restrictions restrictions
allowed in a pragma
is a configuration pragma. If a pragma
Restrictions applies to any compilation unit included in the partition,
this may impose either (or both) of two kinds of requirements, as;
specified for the a
a partition shall obey the restriction if a pragma
Restrictions applies to any compilation unit included in the partition.
A restriction may impose requirements on some or
all of the units comprising the partition. Unless otherwise specified
for a particular restriction, such a requirement applies to all of the
units comprising the partition and is enforced via a post-compilation
A restriction may impose requirements on the runtime
behavior of the program, as indicated by the specification of runtime
behavior associated with a violation of the requirement.
this latter case, there is no post-compilation check needed for the requirement.
For the purpose of checking whether a partition
contains constructs that violate any restriction (unless specified otherwise
for a particular restriction):
If an object of a type is declared or allocated
and not explicitly initialized, then all expressions appearing in the
definition for the type and any of its ancestors are presumed to be used;
for a formal parameter or a generic formal object is considered to be
used if and only if the corresponding actual parameter is not provided
in a given call or instantiation.
An implementation may place limitations on the values
of the expression
that are supported, and limitations on the supported combinations of
restrictions. The consequences of violating such limitations are implementation
of violating limitations on Restrictions pragma
Ramification: Such limitations may be
enforced at compile time or at run time. Alternatively, the implementation
is allowed to declare violations of the restrictions to be erroneous,
and not enforce them at all.
An implementation is permitted to omit restriction
checks for code that is recognized at compile time to be unreachable
and for which no code is generated.
Whenever enforcement of a restriction is not required
prior to execution, an implementation may nevertheless enforce the restriction
prior to execution of a partition to which the restriction applies, provided
that every execution of the partition would violate the restriction.
A profile is equivalent to the set of configuration
pragmas that is defined for each usage profile.
Restrictions intended to facilitate the construction of efficient tasking
run-time systems are defined in D.7
intended for use when constructing high integrity systems Safety-
and security-related restrictions
are defined in H.4
38 An implementation has to enforce the
restrictions in cases where enforcement is required, even if it chooses
not to take advantage of the restrictions in terms of efficiency.
Discussion: It is not the intent that
an implementation will support a different run-time system for every
possible combination of restrictions. An implementation might support
only two run-time systems, and document a set of restrictions that is
sufficient to allow use of the more efficient and safe one.
Extensions to Ada 83
Pragma Restrictions is new
to Ada 95.
Extensions to Ada 95
Wording Changes from Ada 95
Corrigendum: Corrected the wording so that
restrictions are checked inside of generic instantiations and in default
expressions. Since not making these checks would violate the purpose
of restrictions, we are not documenting this as an incompatibility.
Corrigendum: Added a permission that restrictions
can be enforced at compile-time. While this is technically incompatible,
documenting it as such would be unnecessarily alarming - there should
not be any programs depending on the runtime failure of restrictions.
Wording Changes from Ada 2005
Correction: When restrictions are checked
has been clarified.
Ada 2005 and 2012 Editions sponsored in part by Ada-Europe