Roger Racine wrote:
> ...
> In my opinion, the Ada95 design is much, much worse than the Ada83 design
> in this area.
> 1) In Ada83, priorities were pretty much guaranteed to work.  Yes, I know
> there was an AI that opened up the meaning of "sensibly", but the vast
> majority of implementations, on a uniprocessor, did the right thing.  If a
> high priority task became eligible for execution, it pre-empted a
> lower-priority task.
> In Ada95, priorities have no guarantees to work unless A) one uses a
> specific pragma; and B) the compiler was validated for Annex D for that
> particular OS and runtime system and pragma parameter.

That's not quite right.  You don't need the pragma to know that higher
priority tasks preempt lower priority tasks.  That is guaranteed by
D.2.1(6), *the* task dispatching model for any compiler that supports
Annex D.  There are certain aspects of the task dispatching model
which can vary, and the Task_Dispatching_Policy pragma may be used
to control those.  The primary issues are exactly what are the
dispatching points (over and above those required by the language, such
as a delay statement), and how are equal priority tasks handled.
But a higher priority task always preempts a lower priority task
for any compiler that conforms to Annex D.

Note that in Ada 83, there were no guarantees about the number of
priorities, and that is why we moved the entire priority model
to the RT Annex, while at the same time imposing additional requirements,
such as a minimum of 30 priority levels.

> ... For a very clear
> example, we used to be able to run multitasking programs in application
> mode on every platform (Ada83).  Now, for GNAT using Linux threads (not
> validated for Annex D), one must be in supervisor mode.

I don't think these two things are directly related.

You may need to be in supervisor mode to disable time-slicing and get
true "real-time" behavior.  However, you should certainly be able
to "run multitasking programs" on all Ada 95 platforms without being
in supervisor mode.  It is possible that you won't get the same guranatees
about priority-based preemption, but that is presumably because those
guarantees can't be provided without being in supervisor mode.
I presume that if you run in non-supervisor mode, the Ada run-time
does the best it can.  If not, that sounds like an implementation bug,
not a language bug.

> ...
> 2) In Ada83, tasks were very much defined to be concurrent processing
> paths.  Problems occurred when calling system services (the whole program
> blocked), but one got used to that and worked around it.  If a program
> depended on different than concurrent behavior, it was erroneous.  It made
> for quite portable applications and generally safe designs (i.e. if the
> priority of a task changed, it did not affect data consistency).  We
> typically made sure we tested our programs with time-slicing on to make
> sure it was designed well.  Now it appears that Ada95 requires
> run-till-blocked semantics, which will lead to designs depending on that
> semantics.

Ada 95 certainly doesn't require run-till-blocked semantics.  That
is only required in the presence of the Task_Dispatching_Policy pragma
specifying FIFO_Within_Priorities.  In the absence of that pragma,
any scheduling of same-priority tasks is permitted.  Also, the only
"dependence" on run-till-blocked semantics that I imagined was a
schedulability dependence.  It is not surprising that schedulability
would depend on the details of context switching.  I haven't
heard of using run-till-blocked as a way to get "cheap" mutual
exclusion, for example.  On the other hand, the *implementation*
of protected types might be able to take advantage of run-till-blocked
to reduce the overhead of getting a lock, by simply raising and
lowering priorities while a lock is held.

> ...  And second, Ada vendors insisted on taking
> priorities out of the core language so that it would be easier to implement
> the core on top of existing threads-based operating systems.  ...

That was not the motivation.  We wanted to create additional portability
relating to priorities, by specifying a requirement for more priorities
and for clearer definition of the priority model.  However, we did not
feel it was appropriate to impose that on all environments, given that
Ada 83 allowed implementations to have a single priority.

In any case, based on what you say, it appears that there were some
*unintended* consequences which effectively made multitasking programs with
priorities *less* portable.  If true, I certainly agree that is
undesirable, and we should do something to fix it.  This is the
first time I have heard this complaint about actual loss of portability.
Earlier complaints had been about *potential* loss of portability,
but those seemed unfounded since essentially all vendors made it
clear they were going to support the real-time annex anyway, and Ada 83
made no guarantees about supporting multiple priorities.

There is an "ARG" meeting coming up in September, and perhaps we can
try to address this apparent loss of portability.  If you could give
a very specific example that would help.  For example, what happens
when you run your program without being in supervisor mode?  Does it
behave strangely?  What actually are the "fall-back" semantics when
run in non-supervisor mode?  etc...

> Roger Racine
> Draper Laboratory, MS 31
> 555 Technology Sq.
> Cambridge, MA 02139, USA
> 617-258-2489

-Tucker Taft   [log in to unmask]
Technical Director, Distributed IT Solutions  (
AverStar (formerly Intermetrics, Inc.)   Burlington, MA  USA