E.2.2 Remote Types Library Units
[A remote types library unit supports the definition
of types intended for use in communication between active partitions.]
Language Design Principles
The restrictions governing a remote types package
are similar to those for a declared pure package. However, the restrictions
are relaxed deliberately to allow such a package to contain declarations
that violate the stateless property of pure packages, though it is presumed
that any state-dependent properties are essentially invisible outside
the package.
Legality Rules
{
AI05-0243-1}
{
AI12-0417-1}
When the library unit aspect (see
13.1.1)
Remote_Types
of a library unit
is True, the library unit is a
remote types library unit. The
following restrictions apply to such a library unit:
Aspect Description for Remote_Types:
Types in a given package may be used in remote procedure calls.
[it shall be preelaborable;]
{
AI05-0206-1}
{
AI05-0243-1}
it shall depend semantically only on declared pure
library_items,
shared passive library units, other remote types library units, or preelaborated
normal library units that are mentioned only in private with clauses;
Ramification: {
AI05-0243-1}
We say declared pure
library_item
here, so that (all) limited views are allowed; those are not library
units, but they are declared pure
library_items.
it shall not contain the declaration of any variable
within the visible part of the library unit;
Reason: This is essentially a “methodological”
restriction. A separate copy of a remote types package is included in
each partition that references it, just like a normal package. Nevertheless,
a remote types package is thought of as an “essentially pure”
package for defining types to be used for interpartition communication,
and it could be misleading to declare visible objects when no remote
data access is actually being provided.
{
AI95-00240-01}
{
AI95-00366-01}
the full view of each type declared in the visible part of the library
unit that has any available stream attributes shall support external
streaming (see
13.13.2).
Reason: This is to prevent the use of
the predefined Read and Write attributes of an access type as part of
the Read and Write attributes of a visible type.
Ramification: {
AI95-00366-01}
Types that do not have available stream attributes are excluded from
this rule; that means that attributes do not need to be specified for
most limited types. It is only necessary to specify attributes for nonlimited
types that have a part that is of any access type, and for extensions
of limited types with available stream attributes where the
record_extension_part
includes a subcomponent of an access type, where the access type does
not have specified attributes.
{
8652/0082}
{
AI95-00164-01}
{
AI05-0060-1}
A named access type declared in the visible part
of a remote types or remote call interface library unit is called a
remote
access type.
Such a type
shall be:
{
8652/0082}
{
AI95-00164-01}
{
AI05-0060-1}
a general access type that designates a class-wide limited private type,
a class-wide limited interface type, or a class-wide private extension
all of whose ancestors are either private extensions, limited interface
types, or limited private types.
{
AI12-0283-1}
A remote access-to-subprogram type shall not be nonblocking (see
9.5).
Reason: All calls on remote subprograms
are considered potentially blocking, so they cannot statically be allowed
in nonblocking code.
Ramification: The type declaration of
a remote type is illegal if the Nonblocking aspect is True, either implicitly
by inheritance or by explicit specification.
The following restrictions
apply to the use of a remote access-to-subprogram type:
{
AI95-00431-01}
A value of a remote access-to-subprogram type shall be converted only
to or from another (subtype-conformant) remote access-to-subprogram type;
The
prefix
of an Access
attribute_reference
that yields a value of a remote access-to-subprogram type shall statically
denote a (subtype-conformant) remote subprogram.
The following restrictions
apply to the use of a remote access-to-class-wide type:
{
8652/0083}
{
AI95-00047-01}
{
AI95-00240-01}
{
AI95-00366-01}
{
AI05-0060-1}
{
AI05-0101-1}
The primitive subprograms of the corresponding specific type shall only
have access parameters if they are controlling formal parameters. The
primitive functions of the corresponding specific type shall only have
an access result if it is a controlling access result. Each noncontrolling
formal parameter and noncontrolling result type shall support external
streaming (see
13.13.2);
A value of a remote access-to-class-wide type shall
be explicitly converted only to another remote access-to-class-wide type;
{
AI12-0034-1}
A value of a remote access-to-class-wide type shall be dereferenced (or
implicitly converted to an anonymous access type) only as part of a dispatching
call to a primitive operation of the designated type where the value
designates a controlling operand of the call (see
E.4,
“
Remote Subprogram Calls”);
Ramification: {
AI12-0034-1}
Stream attributes of the designated type are not primitive operations
of the designated type, and thus remote calls to them are prohibited
by this rule. This is good, as the access parameter of a stream attribute
does not have external streaming, and thus cannot be a parameter of a
remote call.
{
AI05-0101-1}
A controlling access result value for a primitive function with any controlling
operands of the corresponding specific type shall either be explicitly
converted to a remote access-to-class-wide type or be part of a dispatching
call where the value designates a controlling operand of the call;
{
AI95-00366-01}
{
AI12-0085-1}
The Storage_Pool attribute is not defined for a remote access-to-class-wide
type; the expected type for an
allocator
shall not be a remote access-to-class-wide type. A remote access-to-class-wide
type shall not be an actual parameter for a generic formal access type.
The Storage_Size attribute of a remote access-to-class-wide type yields
0. The Storage_Pool and Storage_Size aspects shall not be specified for
a remote access-to-class-wide type.
Reason: {
AI05-0005-1}
All of these restrictions are because there is no storage pool associated
with a remote access-to-class-wide type. The Storage_Size is defined
to be 0 so that there is no conflict with the rules for pure units.
Erroneous Execution
{
AI12-0076-1}
Execution is erroneous if some operation (other than the initialization
or finalization of the object) modifies the value of a constant object
declared in the visible part of a remote types package.
Discussion: {
AI12-0005-1}
This could be accomplished via a self-referencing pointer or via squirrelling
away a writable pointer to a controlled object.
NOTE 1 {
AI12-0442-1}
A remote types library unit is not necessarily pure, and the types it
defines can include levels of indirection implemented by using access
types. User-specified Read and Write attributes (see
13.13.2)
provide for sending values of such a type between active partitions,
with Write marshalling the representation, and Read unmarshalling any
levels of indirection.
NOTE 2 {
AI05-0060-1}
The value of a remote access-to-class-wide limited interface can designate
an object of a nonlimited type derived from the interface.
NOTE 3 {
AI05-0060-1}
{
AI12-0440-1}
A remote access type can designate a class-wide synchronized, protected,
or task interface type.
Proof: Synchronized, protected, and task
interfaces are all considered limited interfaces, see
3.9.4.
Incompatibilities With Ada 95
{
AI95-00240-01}
{
AI05-0248-1}
Amendment Correction: The wording was changed
from “user-specified” to “available” read and
write attributes. (This was then further changed, see below.) This means
that an access type with the attributes specified in the private part
would originally have been sufficient to allow the access type to be
used in a remote type, but that is no longer allowed. Similarly, the
attributes of a remote type that has access components have to be specified
in the visible part. These changes were made so that the rules were consistent
with the rules introduced for the Corrigendum for stream attributes;
moreover, legality should not depend on the contents of the private part.
Extensions to Ada 95
{
AI95-00366-01}
{
AI05-0005-1}
Remote types that cannot be streamed (that is, have
no available stream attributes) do not require the specification of stream
attributes. This is necessary so that most extensions of Limited_Controlled
do not need stream attributes defined (otherwise there would be a significant
incompatibility, as Limited_Controlled would need stream attributes,
and then all extensions of it also would need stream attributes).
Wording Changes from Ada 95
{
8652/0081}
{
AI95-00004-01}
Corrigendum: Added missing wording so that a type derived from
a remote access type is also a remote access type.
{
8652/0083}
{
AI95-00047-01}
Corrigendum: Clarified that user-defined Read and Write attributes
are required for the primitive subprograms corresponding to a remote
access-to-class-wide type.
{
8652/0082}
{
AI95-00164-01}
Corrigendum: Added missing wording so that a remote access type
can designate an appropriate private extension.
{
AI95-00366-01}
Changed the wording to use the newly defined term
type that supports
external streaming, so that various issues with access types in pure
units and implicitly declared attributes for type extensions are properly
handled.
{
AI95-00366-01}
Defined Storage_Size to be 0 for remote access-to-class-wide types, rather
than having it undefined. This eliminates issues with pure units requiring
a defined storage size.
{
AI95-00431-01}
Corrected the wording so that a value of a local access-to-subprogram
type cannot be converted to a remote access-to-subprogram type, as intended
(and required by the ACATS).
Incompatibilities With Ada 2005
{
AI05-0101-1}
{
AI12-0005-1}
{
AI12-0005-1}
Correction: Added rules about the returning
of remote access-to-class-wide types; this had been missed in the past.
While programs that returned unstreamable types from RCI functions were
legal, it is not clear what they could have done (as the results could
not be marshalled). Similarly, RCI functions that return remote controlling
access types could try to save those values, but it is unlikely that
a compiler would know how to do that usefully. Thus, it seems unlikely
that any real programs will be impacted by these changes.
Extensions to Ada 2005
{
AI05-0060-1}
Correction: Clarified that anonymous access
types are never remote access types (and can be used in remote types
units subject to the normal restrictions). Added wording to allow limited
class-wide interfaces to be designated by remote access types.
{
AI05-0206-1}
Added wording to allow private withs of preelaborated normal units in
the specification of a remote types unit.
Wording Changes from Ada 2012
{
AI12-0034-1}
Corrigendum: Clarified that dispatching remote stream attribute
calls are prohibited. We don't document this as an incompatibility, as
the stream parameter cannot be marshalled for a remote call (it doesn't
have external streaming), so it's impossible that any working program
depends on this functionality.
{
AI12-0076-1}
Corrigendum: Explicitly stated that modifying a visible constant
in a remote types package is erroneous. We don't document this as inconsistent
as implementations certainly can still do whatever they were previously
doing (no change is required); moreover, this case (and many more) were
erroneous in Ada 2005 and before, so we're just restoring the previous
semantics.
{
AI12-0085-1}
Corrigendum: Clarified that specifying the Storage_Pool or Storage_Size
aspect for an access-to-class-wide type is not allowed. The intent is
clear, and no implementation has ever allowed specifying the aspects
(the attributes already cannot be specified), so we don't document this
as an incompatibility.
{
AI12-0283-1}
Added a rule to ensure that potentially blocking remote calls are not
considered nonblocking.
{
AI12-0417-1}
The pragma Remote_Types is now obsolescent.
Ada 2005 and 2012 Editions sponsored in part by Ada-Europe
