CVS difference for ai05s/ai05-0297-1.txt

--- ai05s/ai05-0297-1.txt	2012/03/14 00:17:44	1.1
+++ ai05s/ai05-0297-1.txt	2012/03/15 03:21:38	1.2
@@ -1,4 +1,4 @@
-!standard  3.5.5(7)                               12-02-26    AI05-0297-1/01
+!standard  3.5.5(7)                               12-03-13    AI05-0297-1/02
 !class Amendment 12-02-26
 !status Amendment 2012 12-02-26
 !status ARG Approved 8-1-1  12-02-26
@@ -33,31 +33,44 @@
 
 !wording
 
-Change section name of 13.9.2 from
-    The Valid Attribute
-to
-     Validity Attributes
+Add after 3.5.5(7) (i.e. at the end of the existing Static Semantics section):
 
-Add after 13.9.2(13.c/2) (i.e. at the end of the existing Static Semantics section):
+    For every static discrete subtype S for which there exists at least
+    one value belonging to S that satisfies any predicate of S, the
+    following attributes are defined:
 
-    For each static discrete subtype S for which there exists at least
-    one value belonging to S, the following attributes
-    are defined:
-
        S'First_Valid
-           S'First_Valid denotes the smallest value that belongs to S.
+           S'First_Valid denotes the smallest value that belongs to S and
+           satisfies any predicate of S.
            The value of this attribute is of the type of S.
        S'Last_Valid
-           S'Last_Valid denotes the largest value that belongs to S.
+           S'Last_Valid denotes the largest value that belongs to S and
+           satisfies any predicate of S.
            The value of this attribute is of the type of S.
+
+    [Redundant: First_Valid and Last_Valid attribute_references are always static
+    expressions. Any predicate of S is always a static predicate.]
 
-    Redundant:
-    First_Valid and Last_Valid attribute values are always static.
+    AARM Reason:
+    We require there to be at least one value so that these are always values of
+    the subtype. (This sidesteps the question of what to return for a subtype
+    with no values.)
 
-    AARM note:
+    AARM discussion:
     These attributes are intended primarily for use in the case
-    where the Static_Predicate aspect of S has been specified.
+    where the Static_Predicate aspect of S has been specified; First and Last
+    are equivalent if these are allowed and there is no predicate.
+
+Add an AARM Note after 3.2.4(18/3):
 
+  This is to prevent confusion about whether the
+  First value is the lowest value of the subtype (which does not depend on the
+  predicate) or the lowest value of the subtype which meets the predicate.
+  (For a dynamic predicate, determining this latter value is expensive as it
+  would usually require a loop.) For a static subtype that has a static
+  predicate, the First_Valid and Last_Valid attributes (see 3.5.5) can be
+  used instead.
+
 !discussion
 
 One could imagine defining these attributes for nonstatic subtypes but we always want
@@ -71,6 +84,37 @@
 a separate legality rule that the attribute prefix must denote a subtype which has at least
 one value.
 
+----
+
+The idea of the naming of these attributes is that they return the smallest (largest) value
+for which Obj'Valid would be True (that is, the smallest (largest) valid value).
+
+----
+
+Note that the requirement that the prefix of these attributes be static prevents them from
+ever being used on a subtype descended from a generic formal type (these are never static).
+
+!corrigendum 3.5.5(7)
+
+@dinsa
+@xindent<This function returns a value of the type of S whose position number equals the
+value of @i<Arg>. For the evaluation of a call on S'Val, if there is no value in the base
+range of its type with the given position number, Constraint_Error is raised.>
+@dinss
+For every static discrete subtype S for which there exists at least
+one value belonging to S that satisfies any predicate of S, the
+following attributes are defined:
+
+@xhang<@xterm<S'First_Valid>
+S'First_Valid denotes the smallest value that belongs to S and
+satisfies any predicate of S. The value of this attribute is of the type of S.>
+@xhang<@xterm<S'Last_Valid>
+S'Last_Valid denotes the largest value that belongs to S and
+satisfies any predicate of S. The value of this attribute is of the type of S.>
+
+First_Valid and Last_Valid attribute_references are always static
+expressions. Any predicate of S is always a static predicate.
+
 !ACATS Test
 
 An ACATS C-Test should be created to test these attributes, especially in the Static_Predicate
@@ -157,7 +201,8 @@
 
 Aside: while 'Last (or 'Max) is well-defined even for dynamic predicates, we
 would not want to support that because it could be very expensive. Consider:
-     subtype Power_of_Two is Long_Long_Integer with Dynamic_Predicate => Is_Power_of_Two (Power_of_Two);
+     subtype Power_of_Two is Long_Long_Integer
+        with Dynamic_Predicate => Is_Power_of_Two (Power_of_Two);
 Assume that Long_Long_Integer'Last is (2**127)-1. In that case,
 Power_of_Two'Last (or Max) = 2**126. But to figure that out, you would need a
 loop that goes from Long_Long_Integer'Last down until the predicate is True -
@@ -601,5 +646,68 @@
 > that works? :-)
 
 Yes, I see.  We find a bug, and we thereby open Pandora's Box.  ;-)
+
+****************************************************************
+
+From: Randy Brukardt
+Sent: Tuesday, March 13, 2012  7:11 PM
+
+(Please Bob, forget the "I told you so" - Randy).
+
+I'm afraid that we were so focused on the names of these attributes that we never
+bothered to check the actual wording. (And I put it into the standard draft before
+I realized that it is complete junk.)
+
+Steve proposed:
+
+    For every static discrete subtype S for which there exists at least
+    one value belonging to S, the following attributes
+    are defined:
+
+       S'First_Valid
+           S'First_Valid denotes the smallest value that belongs to S.
+           The value of this attribute is of the type of S.
+       S'Last_Valid
+           S'Last_Valid denotes the largest value that belongs to S.
+           The value of this attribute is of the type of S.
+
+The problem with this is that predicates don't modify the value set of a subtype, and they don't
+have any effect on the "belongs" relationship. Just look at 4.5.2(29/3):
+
+  The membership_choice is a subtype_mark, the tested type is scalar, the value of the
+  simple_expression belongs to the range of the named subtype, and the predicate of the named
+  subtype evaluates to True.
+
+So the problem is that both the lead-in and the definitions are completely wrong.
+
+The problem with the lead-in is that just because there is "one value belonging to S" doesn't
+mean that there are any values that satisfy the predicate (and that's the point). The problem
+with the bullets is that they don't mention the predicates.
+
+The fix is fairly easy, I think (hope?):
+
+    For every static discrete subtype S for which there exists at least
+    one value belonging to S {that satisfies any predicate of S}, the following attributes
+    are defined:
+
+       S'First_Valid
+           S'First_Valid denotes the smallest value that belongs to S {and
+           satisfies any predicate of S}. The value of this attribute is of the type of S.
+       S'Last_Valid
+           S'Last_Valid denotes the largest value that belongs to S {and
+           satisfies any predicate of S}. The value of this attribute is of the type of S.
+
+****************************************************************
+
+From: Tucker Taft
+Sent: Tuesday, March 13, 2012  8:30 PM
+
+Good catch.
+
+I think we all just believed that "belong" took static predicates into account, but alas,
+I think we argued with ourselves about that for a long time and ultimately decided it
+shouldn't.
+
+I don't remember all the reasons, but they are too late to reexamine at this point...
 
 ****************************************************************