CVS difference for ai05s/ai05-0290-1.txt

Differences between 1.2 and version 1.3
Log of other versions for file ai05s/ai05-0290-1.txt

--- ai05s/ai05-0290-1.txt	2012/02/19 03:34:30	1.2
+++ ai05s/ai05-0290-1.txt	2012/03/17 03:38:53	1.3
@@ -1,4 +1,4 @@
-!standard  3.2.4(0)                               12-02-18    AI05-0290-1/02
+!standard  3.2.4(0)                               12-02-25    AI05-0290-1/03
 !standard  7.3.2(0)
 !class Amendment 12-02-14
 !status Amendment 2012 12-02-14
@@ -109,16 +109,6 @@
     body and are immune to optimization. That's why the original proposal
     is preferred (the cost doesn't change when checks are turned off).
-Proposal #5: There is an optional "exception" clause on predicates and
-    preconditions. This specifies the exception that will be raised on the
-    failure of the check.
-Reason: We want to encourage the conversion of comments to
-    predicates/preconditions in existing libraries. However, changing the
-    exception raised may be an unacceptable incompatibility. By allowing
-    the exception to be raised to be specified, the specification can remain
-    unchanged while additional information is given to tools.
 Since this AI was created, a number of additional issues/proposals have been
@@ -162,6 +152,117 @@
     more likely that everyone will use them. Best to have a definition. This
     will simplify the wording for #2.
+Proposal from Erhard during ARG Meeting #46. [Other parts of AI need updating.]
+This replaces parts of 11.4.2.
+Pragma Assertion_Policy is used to control whether assertions are to be ignored
+by the implementation, checked at run time, or handled in some
+implementation-defined manner.
+The form of a pragma Assertion_Policy is as follows:
+pragma Assertion_Policy(policy_identifier);
+ pragma Assertion_Policy(assertion_kind => policy_identifier
+                         {, assertion_kind => policy_identifier});
+Pragma Assertion_Policy is allowed only immediately within a declarative_part,
+immediately within a package_specification, or as a configuration pragma.
+Legality Rules
+The assertion_kind shall be one of Assert, Static_Predicate, Dynamic_Predicate,
+Pre, Pre'Class, Post, Post’Class, Type_Invariant, Type_Invariant'Class, or some
+implementation defined aspect_mark. The policy_identifier shall be Ignore or
+Check or some implementation defined policy identifier.
+Implementation defined: Implementation-defined policy_identifiers and
+aspect_marks allowed in a pragma Assertion_Policy.]
+Static Semantics
+Pragma Assertion_Policy determines for each assertion kind named in the argument
+associations whether or not the assertion kind is to be enforced by a run-time
+check. The policy_identifier Check requires the run-time check; the
+policy_identifier Ignore suppresses the check. If no assertion_kinds are
+provided in the pragma, the specified policy applies to all assertion kinds.
+Pragma Assertion_Policy applies to the named assertion kinds in a specific
+region, and applies to all entities in that region. A Pragma Assertion_Policy
+given in a declarative_part or immediately within a package_specification
+applies from the place of the pragma to the end of the innermost enclosing
+declarative region. The region for a Pragma Assertion_Policy given as a
+configuration pragma is the declarative region for the entire compilation unit
+(or units) to which it applies.
+If a Pragma Assertion_Policy applies to a generic instantiation, then the Pragma
+Assertion_Policy also applies to the instance. If a Pragma Assertion_Policy
+applies to a call to a subprogram for which aspect Inline is True, then the
+Pragma Assertion_Policy also applies to the inlined subprogram body.
+If multiple Assertion_Policy pragmas apply to a construct and an assertion kind,
+the assertion policy is determined by the one in the smallest enclosing
+declarative region specifying a policy for the assertion kind. If no such
+Assertion_Policy pragma exists, the policy is implementation-defined. <<< I
+would love to make it Check!!! in analogy that checks are always enabled out of
+the box>>>
+Implementation defined: The default assertion policy.]
+Dynamic Semantics
+Whether or not an assertion expression is checked at run-time is determined as
+For pragma Assert, the check is performed in accordance with the Assert policy
+in effect at the place of the pragma Assert.
+For subtype predicates, the check is performed in accordance with the
+Static_Predicate and Dynamic_Predicate policies in effect at the place of the
+predicate aspect specification.
+For type invariants, the check is performed in accordance with the
+Type_Invariant and Type_Invariant'Class policies in effect at the place of the
+invariant aspect specification.
+For preconditions, the check is performed in accordance with the Pre and
+Pre'Class policies in effect at the place of the explicit declaration of the
+For postconditions, the check is performed in accordance with the Post and
+Post'Class policies in effect at the place of the explicit declaration of the
+An assertion policy specifies how a pragma Assert is interpreted by the
+implementation. If the assertion policy is Ignore at the point of a pragma
+Assert, the pragma is ignored. If the assertion policy is Check at the point of
+a pragma Assert, the elaboration of the pragma consists of evaluating the
+boolean expression, and if the result is False, evaluating the Message argument,
+if any, and raising the exception Assertions.Assertion_Error, with a message if
+the Message argument is provided.
+Represents the union of all checks; suppressing All_Checks suppresses all
+checks. In addition, All_Checks suppresses all checks of assertion expressions.
+Erroneous Execution
+If a given check has been suppressed, and the corresponding error situation
+occurs, the execution of the program is erroneous.
 For #1: The subtype declaration should be the determining
@@ -222,33 +323,6 @@
     Since predicates and preconditions provide better and more formal
     documentation than comments can, it would be unfortunate to discourage
     their use by a segment of the programming population.
-For #5:
-Example: Imagine the following routine in GUI library:
-    procedure Show_Window (Window : in out Root_Window);
-       -- Shows the window.
-       -- Raises Not_Valid_Error if Window is not valid.
-We would like to be able to use a predicate to check the comment. With the
-"exception" clause we can do this without changing the semantics:
-    subtype Valid_Root_Window is Root_Window
-       with Dynamic_Predicate =>
-           Is_Valid (Valid_Root_Window) exception Not_Valid_Error;
-    procedure Show_Window (Window : in out Valid_Root_Window);
-       -- Shows the window.
-If we didn't have the "exception" clause here, using the predicate would
-change the exception raised on this failure. That could cause the exception
-to fall into a different handler than currently, which is likely to not be
-Similarly, the various Containers packages in Ada could use predicates in
-this way to make some of the needed checks; but that can only be done if the
-semantics remains unchanged (raising Program_Error and Constraint_Error,
-not Assertion_Error).
 !ACATS Test

Questions? Ask the ACAA Technical Agent