!standard  13.12.1(6/2)                              11-12-20    AI05-0272-1/02
!standard  13.12.1(7/2)
!standard  2.8(10)
!standard  H.4(24)
!class Amendment 11-11-13
!status Amendment 2012 11-11-13
!status ARG Approved 7-0-0  11-11-13
!status work item 11-11-13
!status received 11-09-11
!priority Low
!difficulty Easy
!subject Pragma and Attribute restrictions

!summary

Two new restrictions are defined:

    pragma Restrictions(No_Use_Of_Attribute => <attribute-identifier>);
    pragma Restrictions(No_Use_Of_Pragma => <pragma-identifier>);

!problem

Restrictions can be useful, but it is burdensome to create distinct restrictions
for every attribute or pragma that might want to be restricted.  Would it make
sense to define general restrictions, analogous to No_Dependence and
No_Specification_Of_Aspect, which allow individual attributes or pragmas
to be restricted?

!proposal

(See wording.)

!wording

Modify 2.8(10):

“...is an identifier {or reserved word} that is used...”

Add after 13.12.1(6/2):

    No_Use_Of_Attribute
    
       Identifies an attribute for which no attribute_reference
       or attribute_definition_clause is given.
	      
    No_Use_Of_Pragma
    
       Identifies a pragma which is not to be used.
	      

Add after 13.12.1(7/2):

The restriction_parameter_argument of a No_Use_Of_Attribute restriction
shall be an identifier or one of the reserved words Access, Delta, Digits,
Mod, or Range.

The restriction_parameter_argument of a No_Use_Of_Pragma restriction
shall be an identifier or the reserved word Interface.

AARM note:

     Ramification: The restriction_parameter_argument is not resolved for these
     Restrictions.
     As for No_Dependence, there is no check that the attribute or pragma identifier is
     meaningful; it might refer to an implementation-defined attribute or pragma on one
     implementation, but nothing at all on another implementation. Of course,
     a good implementation will warn if the identifier is unknown to it.

AARM To Be Honest:
    pragma Restrictions (No_Use_of_Pragma => Restrictions); necessarily will be
    rejected (either at compile-time or link-time) because it applies to itself.

Modify H.4(24/3):

"...No_Unchecked_Access, {No_Specification_of_Aspect, No_Use_of_Attribute,
No_Use_of_Pragma,} and..."

!discussion

Note that No_Use_Of_Attribute and No_Use_Of_Pragma can be used for both 
language-defined and implementation-defined attributes and pragmas.

!example

    pragma Restrictions(No_Use_Of_Attribute => Unrestricted_Access);

    pragma Restrictions(No_Use_Of_Pragma => Import);

!corrigendum 2.8(10)

@drepl
An @i<identifier specific to a pragma> is an identifier that is used in a pragma argument
with special meaning for that pragma. 
@dby
An @i<identifier specific to a pragma> is an identifier or reserved word that is used in
a pragma argument with special meaning for that pragma. 

!corrigendum 13.12.1(6/2)

@dinsa
@xhang<@xterm<No_Dependence>
Specifies a library unit on which there are no semantic dependences.>
@dinst
@xhang<@xterm<No_Specification_of_Aspect>
Identifies an aspect for which no @fa<aspect_specification>,
@fa<attribute_definition_clause>, or @fa<pragma> is given.>

@xhang<@xterm<No_Use_Of_Attribute>
Identifies an attribute for which no @fa<attribute_reference>
or @fa<attribute_definition_clause> is given.>
	      
@xhang<@xterm<No_Use_Of_Pragma>
Identifies a @fa<pragma> which is not to be used.>

!corrigendum 13.12.1(7/2)

@dinsa
The @fa<restriction_parameter_argument> of a No_Dependence restriction shall be
a @fa<name>; the @fa<name> shall have the form of a full expanded name of a
library unit, but need not denote a unit present in the environment.
@dinst
The @fa<restriction_parameter_argument> of a No_Specification_of_Aspect restriction
shall be an @fa<identifier>; this is an identifier specific to a pragma (see 2.8) and
does not denote any declaration.

The @fa<restriction_parameter_argument> of a No_Use_Of_Attribute restriction
shall be an @fa<identifier> or one of the reserved words Access, Delta, Digits,
Mod, or Range; this is an identifier specific to a pragma.

The @fa<restriction_parameter_argument> of a No_Use_Of_Pragma restriction
shall be an @fa<identifier> or the reserved word Interface; this is an identifier
specific to a pragma.

!corrigendum H.4(24)

@drepl
If an implementation supports @fa<pragma> Restrictions for a particular argument, then except
for the restrictions No_Unchecked_Deallocation, No_Unchecked_Conversion,
No_Access_Subprograms, and No_Unchecked_Access, the associated restriction applies
to the run-time system. 
@dby
If an implementation supports @fa<pragma> Restrictions for a particular argument, then except
for the restrictions No_Unchecked_Deallocation, No_Unchecked_Conversion,
No_Access_Subprograms, No_Unchecked_Access, No_Specification_of_Aspect, No_Use_of_Attribute,
No_Use_of_Pragma, and the equivalent use of No_Dependence, the associated restriction
applies to the run-time system. 


!ACATS Test

ACATS L-Tests should be created to check that these restrictions work, preferably in
different units from the pragma.

!ASIS

No ASIS effect (Restrictions are not handled specially by ASIS).

!appendix

From: Robert Dewar
Sent: Sunday, September 11, 2011  9:29 AM

I am thinking of implementing restrictions No_Use_Of_Attribute and No_Use_Of_Pragma
(analogous to the newly defined No_Specification_Of_Aspect), since it seems quite useful
to be able to enforce coding restrictions that disallow certain pragmas and attributes.

Thoughts? Are these the right names?

Of course I know that we can do this anyway, but it seems worth getting ARG input in case
there is agreement that this makes sense, for possible inclusion in the standard later.

****************************************************************