CVS difference for ai05s/ai05-0075-1.txt

Differences between 1.2 and version 1.3
Log of other versions for file ai05s/ai05-0075-1.txt

--- ai05s/ai05-0075-1.txt	2007/11/07 06:32:42	1.2
+++ ai05s/ai05-0075-1.txt	2008/01/18 07:45:25	1.3
@@ -1,4 +1,4 @@
-!standard 4.8(5.2/2)                                      07-10-30    AI05-0075-1/01
+!standard 4.8(5.2/2)                                      08-01-18    AI05-0075-1/02
 !standard 4.8(10.1/2)
 !standard 6.5(5.3/2)
 !standard 6.5(5.6/2)
@@ -33,31 +33,31 @@
 
 !wording
 
-Append after 4.8(5.2/2)
-
-   This condition shall also hold if the designated subtype of the type of
-   the allocator is class-wide and the type determined by the
-   subtype_indication or qualified_expression of the allocator
-   has one or more noninherited access discriminants.
-   
+Replace 4.8(5.2/2)
+    If the designated subtype of the type of the allocator has one or more
+    unconstrained access discriminants, then the accessibility level of the
+    anonymous access type of each access discriminant, as determined by the
+    subtype_indication or qualified_expression of the allocator, shall not
+    be statically deeper than that of the type of the allocator (see 3.10.2).
+                  
+with
+    If the subtype determined by the subtype_indication or qualified_expression
+    of the allocator has one or more access discriminants,
+    then the accessibility level of the anonymous access type of each access
+    discriminant shall not be statically deeper than that of the type of the
+    allocator (see 3.10.2).
+  
 Append after 4.8(10.1/2)
 
-   If the designated type of the type of the allocator is class-wide,
+   If the designated subtype of the type of the allocator is class-wide,
    then a check is made that either the type of the allocated
    object (that is, the type determined either by the subtype_indication or
    by the tag of the value of the qualified_expression) lacks
-   noninherited access discriminants or that the accessibility
+   access discriminants or that the accessibility
    level of the anonymous access type of each access discriminant is
    not deeper than that of the type of the allocator.
    Program_Error is raised if the check fails.
    
-Append after 6.5(5.3/2) (as a new item in the same bulleted list):
-
-   - If the result subtype of the function is class-wide, the
-     accessibility level of the type of the subtype defined by
-     the return_subtype_indication shall not be statically deeper
-     than that of the master that elaborated the function body.     
-
 In 6.5(5.6/2) replace
 
    - If the result subtype of the function is class-wide, the
@@ -77,25 +77,22 @@
      statement (if any) shall not be statically deeper than that of the
      master that elaborated the function body.
      
-   - If the result subtype has one or more unconstrained access discriminants,
-     the accessibility level of the anonymous access type of each access
-     discriminant, as determined by the expression of the
-     simple_return_statement or the return_subtype_indication, shall not be
-     statically deeper than that of the master that elaborated the function
-     body. If the result subtype of the function is class-wide, this condition
-     shall also hold if the type of the expression of the return statement
-     (if any) or the type of the result_subtype_indication (if any) has
-     one or more noninherited access discriminants.     
+   - If the subtype determined by the expression of the simple_return_statement
+     or by the return_subtype_indication has one or more
+     access discriminants, the accessibility level of the anonymous access
+     type of each access discriminant shall not be statically deeper than that
+     of the master that elaborated the function body.
 
 Append after 6.5(21/2):
 
    If the result type of the function is class-wide, then a check is
    made that either the (specific) type of the function result lacks
-   noninherited access discriminants or that the accessibility level
+   access discriminants or that the accessibility level
    of the anonymous access type of each access discriminant is not deeper
    than that of the master that elaborated the function body. If the check
    fails, Program_Error is raised.
-  
+
+
 !discussion 
 
 A wording change in 6.5(21/2) seems to be needed; in the case of
@@ -167,15 +164,74 @@
 cases (see 4.8(10.1/2), 6.5(21/2)). Just adding runtime checks would be sloppy.
 Additional static checks are also needed (see 4.8(5.2/2) and 6.5(5.6/2)).
 So that's what's been done.
+
+The preceding two examples illustrate the need for runtime checks in
+the cases of function results and allocators. The following variations
+on those examples illustrate the need for static checking for function
+results and for allocators:
+
+ declare
+    type Root is tagged null record;
+    type Ext (D : access Integer) is new Root with null record;
+
+    function F return Root'Class is
+      Local_Var : aliased Integer;
+      
+      Result : Ext (Local_Var'Access);
+    begin
+      return Result; -- should be rejected
+    end F;
+    
+    procedure Do_Something (X : access Integer) is ... end;
+  begin
+    Do_Something (Ext (F).D);
+  end;
+  
+  declare
+    type Root is tagged null record;
+    type Ext (D : access Integer) is new Root with null record;
 
-A couple of other changes that really should have gone into AI05-0032
-are also included to handle static rejection of cases like
+    type Ref is access Root'Class;
 
-  function Foo return T'Class is
-    type Local_Extension is new T with null record;
+    function F return Ref is
+      Local_Var : aliased Integer;
+      subtype Designated is Ext (D => Local_Var'Access);
+    begin
+      return new Designated; -- should be rejected
+    end F;
+    
+    procedure Do_Something (X : access Integer) is ... end;
   begin
-    return X : Local_Extension;
-  end Foo;
+    Do_Something (Ext (F.all).D);
+  end;
+  
+Note that AI05-0032, not this AI, contains the wording changes needed
+to ensure the static rejection of cases like
+
+  declare
+    type Root is tagged null record;
+    function F return Root'Class is
+      type Local_Extension is new Root with null record;
+    begin
+      return X : Local_Extension; -- should be rejected
+    end F;
+  begin null; end;
+  
+Does the proposed wording correctly handle the case where no static check
+is possible because no information is known about the discriminant values?
+Consider the first two examples (which are intended to illustrate the need
+for runtime checks; they are not intended to be rejected at compile-time).
+Does the proposed wording for static checks correctly let these examples
+through without any definitional problems? In particular, is the
+test that "the accessibility level of the anonymous access
+type of each access discriminant shall not be statically deeper than that
+of the master that elaborated the function body" well-defined in these cases?
+
+When we refer to the subtype "determined by the expression of the
+simple_return_statement", is this well-defined?
+Suppose, for example, that the expression is an aggregate.
+Do we need to generalize the definition of "nominal subtype" so that it
+is defined for all expressions, not just names?
 
 --!corrigendum 7.6.1(17.1/1)
 

Questions? Ask the ACAA Technical Agent