CVS difference for ai12s/ai12-0343-1.txt

--- ai12s/ai12-0343-1.txt	2020/01/16 05:42:06	1.4
+++ ai12s/ai12-0343-1.txt	2020/01/25 04:43:56	1.5
@@ -69,13 +69,14 @@
 Replace the moved 6.5(22/3) with:
 
 A check is performed that the return value satisfies the predicates of the 
-return subtype.
+return subtype. If this check fails, the effect is as defined in subclause
+3.2.4, "Subtype Predicates".
 
    AARM Implementation Note: The subtype conversion of the return 
    expression for a simple_return_statement performs this same check. The 
-   permissions of 11.4.2 ensure that duplicate evaluation of a predicate is 
-   never required, so a single evaluation of the predicate is enough in this 
-   case.
+   permissions of 11.4.2 ensure that duplicate evaluation of a predicate at
+   a single point is never required, so a single evaluation of the predicate 
+   is enough in this case.
 
 !discussion
 
@@ -139,11 +140,11 @@
 
 It seems odd that using an extended return statement removes a guarantee about 
 the predicate of the return subtype. This sort of dependence on the exact way 
-some code is written is uncomfortable (at least to the author). Thus we propose
-to make a predicate check immediately before returning from an extended return
-statement; of course, if the compiler can prove that the return object hasn't
-been modified since the initial predicate check, then it can omit it. Note that
-this is similar to the predicate check on out/in out by-reference parameters -- 
+some code is written is uncomfortable. Thus we propose to make a predicate check
+immediately before returning from an extended return statement; of course, if 
+the compiler can prove that the return object hasn't been modified since the 
+initial predicate check, then it can omit it. Note that this is similar to 
+the predicate check on out/in out by-reference parameters -- 
 there is not a natural predicate check at that location, but it seems nasty to
 allow the return of objects that don't meet the indicated predicate.
 
@@ -165,6 +166,50 @@
 would make it much harder for the compiler to determine whether a check is a 
 duplicate.
 
+!corrigendum 6.5(8.1/3)
+
+@drepl
+If the result subtype of the function is defined by an @fa<access_definition>
+designating a specific tagged type @i<T>, a check is made that the result value
+is null or the tag of the object designated by the result value identifies
+@i<T>. Constraint_Error is raised if this check fails.
+@dby
+For the execution of an @fa<extended_return_statement>, the
+@fa<handled_sequence_of_statements> is executed. Within this
+@fa<handled_sequence_of_statements>, the execution of a
+@fa<simple_return_statement> that applies to the @fa<extended_return_statement>
+causes a transfer of control that completes the
+@fa<extended_return_statement>. Upon completion of a return statement that
+applies to a callable construct by the normal completion
+of a @fa<simple_return_statement> or by reaching the @b<end return>
+of an @fa<extended_return_statement>, a transfer of control is performed
+which completes the execution of the callable construct, and returns
+to the caller.
+
+If the result subtype of the function is defined by an @fa<access_definition>
+designating a specific tagged type @i<T>, a check is made that the result value
+is null or the tag of the object designated by the result value identifies
+@i<T>. Constraint_Error is raised if this check fails.
+
+!corrigendum 6.5(22/3)
+
+@drepl
+For the execution of an @fa<extended_return_statement>, the
+@fa<handled_sequence_of_statements> is executed. Within this
+@fa<handled_sequence_of_statements>, the execution of a
+@fa<simple_return_statement> that applies to the @fa<extended_return_statement>
+causes a transfer of control that completes the
+@fa<extended_return_statement>. Upon completion of a return statement that
+applies to a callable construct by the normal completion
+of a @fa<simple_return_statement> or by reaching the @b<end return>
+of an @fa<extended_return_statement>, a transfer of control is performed
+which completes the execution of the callable construct, and returns
+to the caller.
+@dby
+A check is performed that the return value satisfies the predicates of the 
+return subtype. If this check fails, the effect is as defined in subclause
+3.2.4, "Subtype Predicates".
+
 !ASIS
 
 No ASIS effect.
@@ -519,5 +564,31 @@
 two things are different ways of doing the same thing (return a value 
 from a subprogram), and they probably ought to have the same requirements 
 for predicate checks.
+
+****************************************************************
+
+From: Randy Brukardt
+Sent: Friday, January 24, 2020  10:12 PM
+
+A "for the record" note:
+
+In AI12-0343-1, I added the rule:
+
+  A check is performed that the return value satisfies the predicates of the
+
+  return subtype. 
+
+But *of course* one cannot define a check without specifying the consequence 
+of failure. Since that's pretty complex for predicate checks, we want to refer
+to 3.2.4. Luckily, we already faced this problem in 4.6 (Type Conversions), so
+we can use a version of that wording:
+
+  A check is performed that the return value satisfies the predicates of the
+  return subtype. If this check fails, the effect is as defined in subclause
+  3.2.4, "Subtype Predicates".
+
+Since "doing the usual thing" for a check we've already agreed to add should 
+not be controversial, I'll just treat this as part of my editorial review of 
+this AI.
 
 ****************************************************************