!standard 4.7(4) 14-07-14 AI12-0100-1/02 !class binding interpretation 14-05-12 !status Corrigendum 2015 14-07-14 !status WG9 Approved 14-10-20 !status ARG Approved 9-0-0 13-06-28 !status work item 14-05-12 !status received 14-03-11 !priority Medium !difficulty Easy !qualifier Omission !subject A qualified expression makes a predicate check !summary A qualified expression checks that the value satisfies any predicates of the qualified subtype. !question If the subtype of a qualified expression has a predicate, is that predicate checked? (Yes.) 4.7(4) says that the evaluation of a qualified_expression "...checks that its value belongs to the subtype denoted by the subtype_mark." The AARM note 4.7(4.a) makes it clear that a subtype conversion is NOT performed here, so the predicate check associated with a subtype conversion doesn't happen here. 3.2(8) defines "belongs" for this context: "The set of values of a subtype consists of the values of its type that satisfy its constraint and any exclusion of the null value. Such values belong to the subtype." As we know, a predicate doesn't change the set of values. So it doesn't appear here, either. Thus there is no predicate check for a qualified expression. This seems weird, since a similar type conversion would make a predicate check. Should the wording make it clear that a qualified expression does make a predicate check? (Yes.) !recommendation (See Summary.) !wording Modify 4.7(4): The evaluation of a qualified_expression evaluates the operand (and if of a universal type, converts it to the type determined by the subtype_mark) and checks that its value belongs to the subtype denoted by the subtype_mark. The exception Constraint_Error is raised if this check fails. {Furthermore, if predicate checks are enabled for the subtype denoted by the subtype_mark, a check is performed as defined in subclause 3.2.4, "Subtype Predicates" that the value satifies the predicates of the subtype.} !discussion We certainly want the checks made by a qualified expression to be at least as strict as those associated with an explicit type conversion (the type conversion will allow additional things where a conversion happens). For example: subtype Even is Natural with Dynamic_Predicate => Even mod 2 = 0; Var : Natural; Three : constant Natural := 3; Var := Even'(Three); -- Needs new wording for a predicate check. Var := Even(Three); -- Predicate check, thus raises Assertion_Error. Without the new wording, Even'(Three) would not raise an exception, while Even(Three) would. [Aside: Even'(3) would raise an exception, as in that case 3 would have a universal type and that would be subtype converted, thus checking the predicate.] We need to refer to the effect defined in 3.2.4 for the same reason that we do that in 4.6 (see AI12-0096-1). We don't want to repeat the somewhat complex rules as to what happens when a predicate check fails. !corrigendum 4.7(4) @drepl The evaluation of a @fa evaluates the operand (and if of a universal type, converts it to the type determined by the @fa) and checks that its value belongs to the subtype denoted by the @fa. The exception Constraint_Error is raised if this check fails. @dby The evaluation of a @fa evaluates the operand (and if of a universal type, converts it to the type determined by the @fa) and checks that its value belongs to the subtype denoted by the @fa. The exception Constraint_Error is raised if this check fails. Furthermore, if predicate checks are enabled for the subtype denoted by the @fa, a check is performed as defined in subclause 3.2.4, "Subtype Predicates" that the value satifies the predicates of the subtype. !ASIS No ASIS effect. !ACATS test An ACATS C-Test should ensure that this check is made. There is a commented-out subtest at the bottom of ACATS 4.0 test C324002; once this AI is approved that test case can be uncommented. !appendix From: Randy Brukardt Sent: Tuesday, March 11, 2014 4:59 PM If the subtype of a qualified expression has a predicate, is that predicate checked? 4.7(4) says that the evaluation of a qualified_expression "...checks that its value belongs to the subtype denoted by the subtype_mark." The AARM note 4.7(4.a) makes it clear that a subtype conversion is NOT performed here, so the predicate check associated with that doesn't happen here. 3.2(8) defines belongs for this context: "The set of values of a subtype onsists of the values of its type that satisfy its constraint and any exclusion of the null value. Such values belong to the subtype." As we know, a predicate doesn't change the set of values. So it doesn't appear here, either. So, according to this wording (and the lack of any specific wording to the contrary), a qualified expression appears to not check whether the value satisfies the predicate of the subtype. That seems weird, given that an explicit type conversion would make such a check. Thus, subtype Even is Natural with Dynamic_Predicate => Even mod 2 = 0; Var : Natural; Var := Even'(3); -- No predicate check, thus no exception Var := Even(3); -- Predicate check, thus raises Assertion_Error. I think this is wrong and we need some wording in either 4.7 or 3.2.4 to say that the predicate (if any) is checked for a qualified expression. I was going to put such a test case (to ensure that the check was made) into an ACATS test that I'm working on, but it appears that there would be no justification for such a test. And I surely don't want a test insisting that the check isn't made unless we agree that we really want that. As such, it is best left for the round 2 tests (which will include tests for Binding Interpretations like AI12-0071-1). Thoughts? **************************************************************** From: Gary Dismukes Sent: Tuesday, March 11, 2014 5:24 PM > I think this is wrong and we need some wording in either 4.7 or 3.2.4 > to say that the predicate (if any) is checked for a qualified expression. It looks like your reading is right, and I agree that it seems wrong (and definitely surprising) not to do the predicate check along with the constraint check. An RM correction seems in order. **************************************************************** From: Steve Baird Sent: Tuesday, March 11, 2014 5:29 PM I agree on all points. **************************************************************** From: Randy Brukardt Sent: Tuesday, March 11, 2014 6:17 PM FYI, GNAT does not appear to make a predicate check for a qualified expression. ****************************************************************