Version 1.1 of acs/ac-00276.txt

Unformatted version of acs/ac-00276.txt version 1.1
Other versions for file acs/ac-00276.txt

!standard A.10.7(20)          16-03-22 AC95-00276/00
!class confirmation 16-03-22
!status received no action 16-03-22
!status received 16-03-04
!subject
!summary
!appendix

From: Tucker Taft
Sent: Friday, March 4, 2016  9:41 AM

Our SPARK team ran across the interesting anomaly while trying to specify
formally the behavior of Text_IO.Get_Line -- what happens if you pass in a
null String that has bounds of "0 .. -1" (which is legal).  What is the value
of Last after a call on such a Get_Line? 
  It is supposed to be Item'First - 1, but that is outside the range of the
Last parameter (which is declared to be of type Natural).  Bob Duff suggests
it should raise Constraint_Error in that case, and I agree.  Bob would also
suggest we *not* make any normative change.  I agree, and would suggest we
consider adding a "To Be Honest" or equivalent in the AARM mentioning the
expected behavior in this corner case.

***************************************************************

From: Jean-Pierre Rosen
Sent: Friday, March 4, 2016  10:19 AM

Agreed, since it wouldn't be surprising to the user. The only alternative I
can think of (just to entertain the group) is Layout_Error.

***************************************************************

From: Randy Brukardt
Sent: Friday, March 4, 2016  2:15 PM

> Our SPARK team ran across the interesting anomaly while trying to 
> specify formally the behavior of Text_IO.Get_Line
> -- what happens if you pass in a null String that has bounds of "0 .. 
> -1" (which is legal).

It seems to me that that is the real anomaly. It's silly that the lower bound
is allowed to be out of the index subtype (we need that for the *upper* bound,
so we can represent null arrays with a reasonable lower bound, but there is no
reason to allow that for the *lower* bound). Obviously, way too late to fix,
but it causes all kinds of problems (and requires extra code to be generated
to avoid checking the subtype of the bound) and I'd expect there to be
zillions of cases like this -- pretty much any code that passes an
unconstrained array will be at risk.

>  What is the value of Last after a call on such a Get_Line? 
>   It is supposed to be Item'First - 1, but that is outside the range 
> of the Last parameter (which is declared to be of type Natural).  Bob 
> Duff suggests it should raise Constraint_Error in that case, and I 
> agree.  Bob would also suggest we *not* make any normative change.  I 
> agree, and would suggest we consider adding a "To Be Honest" or 
> equivalent in the AARM mentioning the expected behavior in this corner 
> case.

Well, we discussed (twice!) a very similar case in the context of
Ada.Streams.Read, and decided that it (a) raises Constraint_Error; and (b) we
didn't need to do anything about it (including an AARM note). (There's more
chance of it happening with Ada.Streams.Read, because the lower bound can be
Base'First even with a non-null array.) As I noted above, there will be a risk
of something like this happening any time unconstrained arrays are passed,
because it's always possible to pass a null string with out-of-bounds bounds.

So I don't see much need to add such a note specifically for Get_Line. If
we're going to add them, we need to do it for all similar routines (certainly
for Ada.Streams.Read). (And it's not an "To Be Honest" at all; it's a
"Ramification", since it follows [non-obviously] from other rules).

***************************************************************

From: Tucker Taft
Sent: Friday, March 4, 2016  2:41 PM

OK, I'm convinced.  I vote No Action on my own AI. ;-)  (Bob voted No Action
before I sent my e-mail.)

***************************************************************


Questions? Ask the ACAA Technical Agent