Open simonjwright opened 1 year ago
The problem can be made to go away with this patch:
diff --git a/lib/ravenscar/coldframe-events-standard.ads b/lib/ravenscar/coldframe-events-standard.ads
index 20cdc3ba..3d8ca247 100644
--- a/lib/ravenscar/coldframe-events-standard.ads
+++ b/lib/ravenscar/coldframe-events-standard.ads
@@ -226,7 +224,7 @@ private
pragma Priority (Priority);
pragma Storage_Size (Storage_Size);
- pragma Secondary_Stack_Size (Secondary_Stack_Size);
+ -- pragma Secondary_Stack_Size (Secondary_Stack_Size);
end Dispatcher;
which is. a. shame.
Thinking about it, it’s not a surprise: the natural way to implement Secondary_Stack_Size
would be to allocate the required memory, which would be an implicit heap allocation. I wonder how GCC 13 handles this?
In System.Tasking.Restricted.Stages
, tasks are created by
procedure Create_Restricted_Task
(Priority : Integer;
Stack_Address : System.Address;
Size : System.Parameters.Size_Type;
Sec_Stack_Address : System.Secondary_Stack.SS_Stack_Ptr;
Secondary_Stack_Size : System.Parameters.Size_Type;
Task_Info : System.Task_Info.Task_Info_Type;
CPU : Integer;
State : Task_Procedure_Access;
Discriminants : System.Address;
Elaborated : Access_Boolean;
Chain : in out Activation_Chain;
Task_Image : String;
Created_Task : Task_Id);
(or Create_Restricted_Task_Sequential
), where
-- Sec_Stack_Address is the pointer to the secondary stack created by the
-- compiler. If null, the secondary stack is either allocated by the binder
-- or the run-time.
--
-- Secondary_Stack_Size is the secondary stack size of the task to create
In GCC 12, the compiler called these procedures with Secondary_Stack_Size
set to the required size and Sec_Stack_Address
set to null
; so the compiler knows it's requesting an implicit heap allocation. In GCC 13, Sec_Stack_Address
is set to the address of an area of BSS reserved by the compiler.
Later I think that even in GCC 12 the compiler allocated the BSS itself, except that in this case it got confused by the restriction!
This is a cut-down reproducer:
pragma Restrictions (No_Implicit_Heap_Allocations);
package Demo is
type Event_Queue_Base (Secondary_Stack_Size : Natural)
is tagged limited private;
private
task type Dispatcher (The_Queue : access Event_Queue_Base'Class;
Secondary_Stack_Size : Natural)
with Secondary_Stack_Size => Secondary_Stack_Size;
type Event_Queue_Base (Secondary_Stack_Size : Natural)
is tagged limited record
The_Dispatcher : Dispatcher
(Event_Queue_Base'Access,
Secondary_Stack_Size => Secondary_Stack_Size);
end record;
end Demo;
Compiling with the native compiler results in
bash-5.2$ gnatmake -c -u -f demo.ads
gcc -c demo.ads
+===========================GNAT BUG DETECTED==============================+
| 12.2.0 (x86_64-apple-darwin15) Constraint_Error erroneous memory access |
| Error detected at demo.ads:14:9 |
| Compiling demo.ads |
| Please submit a bug report; see https://gcc.gnu.org/bugs/ . |
| Use a subject line meaningful to you and us to track the bug. |
| Include the entire contents of this bug box in the report. |
| Include the exact command that you entered. |
| Also include sources listed below. |
+==========================================================================+
Please include these source files with error report
Note that list may not be accurate in some cases,
so please double check that the problem can still
be reproduced with the set of files listed.
Consider also -gnatd.n switch (see debug.adb).
demo.ads
compilation abandoned
gnatmake: "demo.ads" compilation error
See GCC PR 108801.
Another problem:
Compiling: /Users/simon/Developer/coldframe/examples/microbit/Simple_Buttons.impl/simple_buttons-button-changed.adb
Source file time stamp: 2019-03-12 12:06:37
Compiled at: 2023-02-21 11:24:21
1. -- The state of the button has changed; tell the controlled LEDs to
2. -- reevaluate their own states (by checking whether any of the
3. -- Buttons they are controlled by is set).
4.
5. separate (Simple_Buttons.Button)
6. procedure Changed
7. (This : not null Handle) is
8. LEDs : constant LED.Vectors.Vector := A1.Is_Controlled_By (This);
9. begin
10. for L of LEDs loop
11. LED.Changed (L);
12. end loop;
13. end Changed;
259 lines: No errors
+===========================GNAT BUG DETECTED==============================+
| 12.2.0 (arm-eabi) Program_Error sem_ch8.adb:5773 explicit raise |
| Error detected at simple_buttons-button-changed.adb:10:18 |
| Compiling /Users/simon/Developer/coldframe/examples/microbit/Simple_Buttons.gen/simple_buttons-button.adb|
| Please submit a bug report; see https://gcc.gnu.org/bugs/ . |
| Use a subject line meaningful to you and us to track the bug. |
| Include the entire contents of this bug box in the report. |
| Include the exact command that you entered. |
| Also include sources listed below. |
+==========================================================================+
Please include these source files with error report
(snipped a long list of source files).
This was with GCC 12.2.0 (arm-eabi) and Ada.Containers.Bounded_Vectors from Cortex GNAT RTS.
These containers were derived in 2015 from those provided with GCC 4.9.1; the differences were the removal of tampering checks and the need for finalization (not available in Cortex GNAT RTS).
The same doesn’t happen with Minimal Containers.
It turns out that FSF GCC versions between 10 and 12 and GNAT CE versions between 2020 and 2021 won’t compile
lib/ravenscar/coldframe-events-standard.ads
in the presence of the restrictionNo_Implicit_Heap_Allocations
, which is part of the Ravenscar profile.FSF GCC 13 (currently still under development; the 20230129 snapshot) appears not to have this problem.