CVS difference for ai05s/ai05-0022-1.txt

Differences between 1.2 and version 1.3
Log of other versions for file ai05s/ai05-0022-1.txt
--- ai05s/ai05-0022-1.txt	2007/05/25 23:13:55	1.2
+++ ai05s/ai05-0022-1.txt	2007/12/13 04:39:34	1.3
@@ -1,5 +1,9 @@
-!standard A.18.2(239/2)                                   07-05-25    AI05-0022-1/02
+!standard A.18.2(239/2)                                   07-11-20    AI05-0022-1/03
+!standard A.18.3(152/2)
+!standard A.18.4(75/2)
+!standard A.18.7(96/2)
 !class binding interpretation 06-11-10
+!status ARG Approved  9-0-1  06-11-09
 !status work item 06-11-10
 !status received 06-10-13
 !priority Medium
@@ -8,21 +12,23 @@
 !subject Container tampering should be checked for formal subprograms
 !summary
 
-Calls to generic formal subprograms of the containers packages are protected
-with tampering checks.
+Calls to generic formal subprograms of the containers packages either are
+protected with tampering checks, or otherwise prevent erroneousness when
+tampering occurs.
 
 !question
 
 There appears to be an interesting problem if the actual function passed
 to the generic tampers with (cursors or elements) of the container.  Say
-that the "=" operator finalizes some globally visible list L, and that we
-are calling Find (L, ...).  Presumably the implementation of Find keeps
-internally a pointer designating some node of L, and when L gets
-finalized, that pointer is left dangling, which is recipe for
-erroneousness.  Not good.
+that the "=" operator deletes an element from some globally visible list L,
+and that we are calling Find (L, ...). Presumably the implementation of
+Find keeps internally a pointer designating some node of L, and if that designates
+the element node that was deleted, that pointer will left dangling,
+which is recipe for erroneousness.
 
 We say that the behavior of Find with a misbehaving "=" is unspecified,
-but A.18(4.v/2) explains that we don't mean for erroneousness to be allowed.
+but A.18(4.v/2) explains that we don't intend for erroneousness to be
+allowed.
 
 !recommendation
 
@@ -35,7 +41,7 @@
    It is a bounded error for the actual function associated with
    a generic formal subprogram, when called as part of an operation 
    of this package, to tamper with elements of any Vector parameter
-   to the operation.  Either Program_Error is raised, or the operation 
+   to the operation. Either Program_Error is raised, or the operation 
    works as defined on the value of the Vector either prior to, or
    subsequent to, some or all of the modifications to the Vector.
 
@@ -59,11 +65,74 @@
 sufficiently great that a tampering check is probably not going 
 to add to it significantly.
 
---!corrigendum A.18.2(239/2)
+!corrigendum A.18.2(239/2)
 
+@dinsa
+Calling Merge in an instance of Generic_Sorting with either Source
+or Target not ordered smallest first using the provided generic formal
+"<" operator is a bounded error. Either Program_Error is raised after
+Target is updated as described for Merge, or the operation works as defined.
+@dinst
+It is a bounded error for the actual function associated with
+a generic formal subprogram, when called as part of an operation 
+of this package, to tamper with elements of any Vector parameter
+to the operation. Either Program_Error is raised, or the operation 
+works as defined on the value of the Vector either prior to, or
+subsequent to, some or all of the modifications to the Vector.
+
+!corrigendum A.18.3(152/2)
+
+@dinsa
+Calling Merge in an instance of Generic_Sorting with either Source
+or Target not ordered smallest first using the provided generic formal
+"<" operator is a bounded error. Either Program_Error is raised after
+Target is updated as described for Merge, or the operation works as defined.
+@dinst
+It is a bounded error for the actual function associated with
+a generic formal subprogram, when called as part of an operation 
+of this package, to tamper with elements of any List parameter
+to the operation. Either Program_Error is raised, or the operation 
+works as defined on the value of the List either prior to, or
+subsequent to, some or all of the modifications to the List.
+
+!corrigendum A.18.4(75/2)
+
+@dinsa
+@xindent<Iterate calls Process.@b<all> with a cursor that designates each node
+in Container, starting with the first node and moving the cursor according
+to the successor relation. Program_Error is propagated if Process.@b<all>
+tampers with the cursors of Container. Any exception raised by Process.@b<all>
+is propagated.
+@dinss
+@s8<@i<Bounded Error>>
+
+It is a bounded error for the actual function associated with
+a generic formal subprogram, when called as part of an operation 
+of a map package, to tamper with elements of any map parameter
+to the operation. Either Program_Error is raised, or the operation 
+works as defined on the value of the map either prior to, or
+subsequent to, some or all of the modifications to the map.
+
+!corrigendum A.18.7(96/2)
+
+@dinsa
+If Element_Type is unconstrained and definite, then the actual Element
+parameter of Process.@b<all> shall be unconstrained.
+@dinss
+@s8<@i<Bounded Error>>
+
+It is a bounded error for the actual function associated with
+a generic formal subprogram, when called as part of an operation 
+of a set package, to tamper with elements of any set parameter
+to the operation. Either Program_Error is raised, or the operation 
+works as defined on the value of the set either prior to, or
+subsequent to, some or all of the modifications to the set.
 
 !ACATS test
 
+ACATS C-Tests should be constructed to check this rule. In particular,
+Constraint_Error should not be raised (and the test program should not
+crash).
 
 !appendix
Questions? Ask the ACAA Technical Agent