CVS difference for ai12s/ai12-0005-1.txt

--- ai12s/ai12-0005-1.txt	2017/08/12 02:48:59	1.23
+++ ai12s/ai12-0005-1.txt	2019/02/09 02:06:25	1.24
@@ -1190,7 +1190,64 @@
 
 ***************************************************************
 
-Editor's note (August 10, 2017): All of the items above this
+From: Steve Baird
+Sent: Friday, February 8, 2019  12:51 PM
+
+Does it seem odd to you that the Ada.Strings.Unbounded spec doesn't seem to
+rule out constructing a string longer than Integer'Last?
+
+If you concatenate, for example, two strings whose lengths add up to more than 
+Integer'Last, it seems like an exception ought to be guaranteed to result 
+(obviously storage_error is possible, but I'm saying that it should be 
+guaranteed that the call does not return normally).
+
+It's not documented what the Length function is supposed to do with such a 
+string. Presumably it raises Constraint_Error, but that's not stated.
+
+Better IMO to leave the spec for Length unmodified and instead rule out this 
+case by preventing construction of such a too-long string.
+
+What do you think?
+
+***************************************************************
+
+From: Randy Brukardt
+Sent: Friday, February 8, 2019  4:16 PM
+
+I don't know if it is "odd", but it certainly isn't possible. Janus/Ada raises 
+Constraint_Error in that case (and since Integer is 16-bit in Janus/Ada, it 
+does come up periodically. I even had to make a Long_Unbounded_String that 
+uses Long_Integer indexes for some projects.), but that might be just because 
+that's what happens in the Ada code.
+
+That is
+    Str.Length := Str1.Length + Str2.Length; 
+overflows in the case in question. I never made any attempt to prevent it, 
+because what else could it do?
+
+(Looks at wording).
+
+Actually, in the case of "&", the wording does say that Constraint_Error is 
+raised in this case. It is defined in terms of the String "&", and that would 
+have an upper bound outside of the index subtype of Natural, which would raise
+Constraint_Error by 4.5.3(8). Indeed, an implementation that allowed 
+Unbounded_Strings longer than Natural would be wrong for "&".
+
+Append is defined in terms of "&", so it too is covered.
+
+And the others like Replace_Slice and Insert are defined in terms of 
+Ada.Strings.Fixed operations, which I hope (I didn't check) would also check 
+the index subtype.
+
+So I conclude there is no problem here. (Any problem is in Ada.Strings.Fixed.)
+
+It might make sense to have an AARM note that mentions this; I certainly agree 
+that this is a non-obvious ramification. (We can just do that, no need to 
+involve anyone else.)
+
+***************************************************************
+
+Editor's note (February 08, 2019): All of the items above this
 marker have been included in the working version of the AARM.
 
 ****************************************************************