CVS difference for ai12s/ai12-0363-1.txt

--- ai12s/ai12-0363-1.txt	2020/06/11 03:11:28	1.4
+++ ai12s/ai12-0363-1.txt	2020/06/17 00:20:22	1.5
@@ -1,8 +1,10 @@
-!standard 3.10.2(26/3)                                  20-06-10  AI12-0363-1/04
+!standard 3.10.2(26/3)                                  20-06-15  AI12-0363-1/05
 !standard 9.10(1/5)
 !standard C.6(13.3/5)
 !standard C.6(19.1/5)
 !class Amendment 20-02-05
+!status Amendment 1-2012 20-06-15
+!status ARG Approved 10-0-2  20-06-13
 !status work item 20-02-05
 !status received 19-11-12
 !priority Low
@@ -94,7 +96,7 @@
   * The view shall not be a subcomponent that depends on discriminants
     of an object unless the object is known to be constrained{;
 
-  * The view shall not be a nonatomic subcomponent of an atomic object
+  * The view shall not be a nonatomic subcomponent of a full access object
     (see C.6)}.
 
 Modify 9.10 (1/5):
@@ -124,29 +126,37 @@
   True, then the Volatile_Components aspect (if defined) is True, and
   vice versa. When not determined by one of the other aspects, or for an
   object by its type, the Volatile, Volatile_Components, Independent,
-  and Independent_Components aspects are False.
+  and Independent_Components aspects are False.}
 
-     AARM Ramification: Aspects Volatile and Volatile_Components (when
+     {AARM Ramification: Aspects Volatile and Volatile_Components (when
      defined) are equivalent. We provide the Volatile_Components aspect
      only to give symmetry with Atomic_Components and
-     Independent_Components aspects.
+     Independent_Components aspects.}
 
 Add after C.6(8.1/4):
 
   The Full_Access_Only aspect shall not be specified unless the
-  associated type or object is volatile [Reduntant:(or atomic)]. A /full
+  associated type or object is volatile [Redundant:(or atomic)]. A /full
   access/ type is any atomic type, or a volatile type for which the
   aspect Full_Access_Only is True. A /full access/ object (including a
   component) is any atomic object, or a volatile object for which the
   aspect Full_Access_Only is True for the object [Redundant: or its
   type]. A Full_Access_Only aspect is illegal if any subcomponent of
-  the object or type is a full access object.
+  the object or type is a full access object or is of a generic formal 
+  type.
 
     AARM Ramification: This last rule breaks privacy, but that is
     considered OK for representation clauses when there is no clear
     alternative. Note that atomic objects may be nested, so long as the
     outer atomic object does not have the Full_Access_Only aspect True.
 
+    AARM Reason: We disallow subcomponents of a generic formal type 
+    in a Full_Access_Only object or type as the actual to a formal
+    type can be a full access type. We could have had a less restrictive
+    rule, but such a use is unlikely as full access only objects are intended
+    to be used to access memory-mapped devices with access restrictions, and
+    those will need a concrete mapping not possible for generic formal types.
+
 Modify C.6(12/5):
 
   If an atomic object is passed as a parameter, then the formal
@@ -167,8 +177,8 @@
    volatile type is used as an actual for a generic formal array type,
    then the element type of the formal type shall be volatile. If an
    atomic type is used as an actual for a generic formal derived type,
-   then the ancestor of the formal type shall be atomic. A corresponding
-   rule applies to volatile types.
+   then the ancestor of the formal type shall be atomic. A corresponding 
+   rule applies to volatile types and similarly to full access types.
 
 with:
 
@@ -183,7 +193,8 @@
   formal array type, then the components of the formal type shall be
   volatile. Furthermore, if the actual type has atomic components and
   the formal array type has aliased components, then the
-  components of the formal array type shall also be atomic.
+  components of the formal array type shall also be atomic. A corresponding 
+  rule applies when the actual type has volatile full access components.
 
     AARM Reason: The limitations on formal array types are separate for
     volatile and atomic because of the fact that only volatility is
@@ -203,7 +214,7 @@
 Modify C.6(13.3/5):
 
   If a nonatomic subcomponent of [an atomic]{a full access} object is
-  passed as the actual parameter in a call then the formal parameter
+  passed as {an}[the] actual parameter in a call then the formal parameter
   shall allow pass by copy (and, at run time, the parameter shall be
   passed by copy). A nonatomic subcomponent of [an atomic]{a full
   access} object shall not be used as an actual for a generic formal of
@@ -244,8 +255,8 @@
 
 For the issue of independent addressability, we remove the last sentence
 of (13.3/5), and change the rules associated with independent
-addressibility in 9.10 to say that threads can safely manipulate
-independently addressible components, unless they are subcomponents of
+addressability in 9.10 to say that threads can safely manipulate
+independently addressable components, unless they are subcomponents of
 the same full access object, and either is nonatomic. This also prevents
 breaking privacy. The existing sentence could require breaking privacy
 in certain cases.