Version 1.3 of ai12s/ai12-0407-1.txt

Unformatted version of ai12s/ai12-0407-1.txt version 1.3
Other versions for file ai12s/ai12-0407-1.txt

!standard 3.3(21)          20-12-03 AI12-0407-1/03
!standard 12.3(15)
!standard 13.1(8/5)
!standard 13.1(8.1/3)
!standard 13.1.1(17/5)
!standard 13.14(7.2/5)
!standard A.5.6(3/5)
!standard A.5.6(15/5)
!standard A.5.7(3/5)
!standard A.5.7(16/5)
!standard A.18.2(79.2/5)
!standard A.18.3(50.2/5)
!standard A.18.5(37.3/5)
!standard A.18.6(51.4/5)
!standard A.18.8(58.2/5)
!standard A.18.9(74.2/5)
!standard H.4.1(1/5)
!standard H.4.1(3/5)
!standard H.4.1(4/5)
!standard H.4.1(5/5)
!class Amendment 20-11-23
!status Amendment 1-2012 20-11-23
!status work item 20-11-23
!status received 20-11-23
!priority Low
!difficulty Easy
!subject Fixups from Draft 26 review - part 1
!summary
(1) We use the new named number mechanism in the Big_Number packages, and make some naming improvements.
(2) Language-defined aspects cannot be specified on renamings or generic formal parameters unless they explicitly allow those uses.
(3) Aspect No_Controlled_Parts is a representation aspect that looks through privacy.
(4) Aspect_definitions are frozen at the freezing point of the entity if the aspect is needed for future static semantics and legality checks. The freezing point of an aspect_specification given on a construct that is not a declaration is considered to occur immediately after the specification.
(5) A definition of type-related aspects is added.
(6) We allow aspects to differ for the replicated actual of a generic formal type.
(7) If a name denoting the current instance of a type denotes an object (as opposed to a value) then it denotes a variable view of the object.
(8) Stable views of containers do not have Aggregate aspects (and consequently do not support aggregates).
!problem
(1) AI12-0394-1 added a mechanism to use named numbers with user-defined literals. But we did not add that mechanism to the Big_Reals package. That isn't responsive to the original question.
(2) The Nonblocking/Global changes included removing 13.1.1(17/5), with the body portion of the rule being moved to 13.1.1(18/5). But this removes the renaming and generic formal parameter parts of the rule. While we now have some aspects that we allow on generic formal parameters, the majority of aspects are not view-specific. For such aspects, we need matching or replacement rules in order to support them on renaming and generic formal parameters. No such rules exist for most aspects; their definitions assumed that 13.1.1(17/5) eliminated the need. We need some sort of replacement.
(3) Legality Rules in Ada generally do not look through private types at the full definition. For aspect No_Controlled_Parts, this would allow hiding controlled components in a private type. That would defeat the purpose of the aspect.
(4) The updated rules 13.14(7.2/5) and 13.14(15.2/5) for freezing of aspect_specifications do not cover all possible operational aspects, and potentially could defer freezing of operation aspects until after they are needed to enforce a Legality Rule. We don't want constructs for which there is no freezing rules defined, and we certainly don't want freezing to happen after something is used.
(5) There is no definition of "type-related aspect" and "subtype-related aspect" in the RM. There is To Be Honest note that claims to do that, but it depends on a definition for representation items (and later, operational items). Aspects that do not have a representation item or an operation item are not normatively classified at all. Given that we have included "type-related" in a number of rules in 13.1, this oversight should be corrected.
(6) 12.3(15) says that the properties of a generic formal parameter in an instance are exactly the same as those of the actual. We allow adding additional Pre and Post assertions to generic formal subprograms, but there is no allowance for this difference in 12.3(15).
(7) The list of variable objects in 3.3 (created by AI12-0392-1 as the inverse of the previous list) does not mention the current instance of a type. That would seem to imply that the following commonly-used idiom is illegal because the 'Access attribute reference is of an access-to-variable type:
package Pkg is type T; type T_Ref (Ref : access T) is null record; type T is limited record Self : T_Ref (T'access); end record; end Pkg;
The previous list assumed that all current instances of types and subtypes were variables, but 8.6(17.1/5) says that current instances in aspect specifications represent values (which necessarily are constants).
(8) A stable view of a container is intended to eliminate the need for tampering checks by ensuring that no operations that tamper (change the size of the container) are supported. This includes Append and Insert. However, the stable view types include Aggregate aspects that call non-existent Append and Insert routines. That doesn't make sense.
!proposal
(1) Add renamings of From_String to From_Universal_Image to both the Big_Integer and Big_Real packages. Use From_Universal_Image as the Integer_Literal/Real_Literal aspect. Add an expression function to Big_Real to provide the two parameter version of From_Universal_Image.
(2) Replace a version of 13.1.1(17/5), with the words "unless otherwise specified for a specific aspect" preceding it.
(3) Clarify that No_Controlled_Parts looks through privacy when enforcing its restrictions. Improve the generic assume-the-worst rules.
(4) Revise 13.14(7.2/5) to make it clear that it applies to any aspect that is needed to enforce a Legality Rule, or otherwise affects static semantics. Also revise that paragraph to ensure that it covers aspect_specifications given on constructs that do not declare an entity.
(5) Add a definition of type-related aspect and subtype-related aspect after 13.1(8.1/3).
(6) Add an exception to explicitly defined differences for a generic formal parameter in an instance.
(7) 8.6(17-17.1) defines some current instances as objects, and others as values. The objects should be variable objects, while the values are not objects at all and thus cannot be variable. We word the new bullet to reflect that.
(8) Remove the aggregate aspects from the stable view type declarations.
!wording
[Editor's note: These changes were applied to Draft 27 of the Ada 202x RM, even though they have not yet been approved, in order that that draft be as accurate as possible.]
Replace the deleted 3.3(21) with:
* the current instance of a type other than a protected type@Redundant[, if the current instance is an object and not a value (see 8.6)];
AARM Reason: We exclude current instances of protected types
as they are protected units and the next bullet applies.
AARM Proof: This list of bullets only applies to views of objects, so current instances that are not objects are not considered here.
Modify 12.3(15):
In an instance, a generic_formal_parameter_declaration declares a view whose properties are identical to those of the actual, except {when}[as] specified {otherwise (in particular, see 6.1.1, "Preconditions and Postconditions",} [in] 12.4, "Formal Objects"{,} and 12.6, "Formal Subprograms". Similarly, for a declaration within a generic_formal_parameter_declaration, the corresponding declaration in an instance declares a view whose properties are identical to the corresponding declaration within the declaration of the actual.
AARM Reason: We allow differences in particular for aspects that can be specified on generic formal parameters. For instance, Pre (see 6.1.1) can be specified on generic formal subprograms to be added to the Pre of the actual.
Modify 13.1(8/5):
A representation item /directly specifies a representation aspect/ of the entity denoted by the local_name, except in the case of a type-related representation item, whose local_name shall denote a first subtype, and which directly specifies an aspect of the subtype's type. A representation item that names a subtype is either subtype-specific (Size, Object_Size, and Alignment clauses) or type-related (all others). [Subtype-specific aspects may differ for different subtypes of the same type.]
[Editor's note: This last sentence is moved below.]
Delete AARM 13.1(8.a).
Add after 13.1(8.1/3):
Aspects that can be specified for types and subtypes are also classified into type-related or subtype-specific aspects. Representation aspects that can be specified for types and subtypes are considered type-related unless specified otherwise. In contrast, the classification of operational aspects are given with the definition of the aspect. Type-related aspects have the same value for all subtypes of (a view of) a type@Redundant[, while subtype-specific aspects may differ for different subtypes of the same type].
AARM Discussion: We talk about "type-related aspects", which of course include both type-related representation aspects and type-related operational aspects. Aspects Size, Object_Size, and Alignment are subtype-specific, as that is specified above. All other representation aspects are either type-related or not specifiable for a type or subtype. Unlike representation aspects, there is no default for operational aspects; whether they are type-related or subtype-specific should be part of the definition of the aspect.
Replace deleted 13.1.1(17/5) with:
Unless otherwise specified for a specific aspect, a language-defined aspect cannot be specified on a renaming_declaration or a generic_formal_parameter_declaration.
Modify 13.14(7.2/5):
At the freezing point of the entity associated with an aspect_specification, any static expressions within the aspect_specification cause freezing, as do expressions or names in aspect_definitions for representation aspects, or operational aspects that have a corresponding operational attribute. {Similarly, if an aspect_definition for an operational aspect, other than an assertion aspect, could affect the Name Resolution, Static Semantics, or Legality Rules of a subsequent construct, then any expressions or names within the aspect_definition cause freezing at the freezing point of the associated entity.} Any static expressions within an aspect_specification also cause freezing at the end of the immediately enclosing declaration list. {For the purposes of this rule, if there is no declared entity associated with an aspect_specification, the freezing point is considered to occur immediately following the aspect_specification.}
Modify A.5.6(3/5):
type Big_Integer is private with Integer_Literal => From_[String]{Universal_Image}, Put_Image => Put_Image;
Add after A.5.6(15/5):
function From_Universal_Image (Arg : String) return Valid_Big_Integer renames From_String;
Modify A.5.7(3/5):
type Big_Real is private with Integer_Literal => From_[String]{Universal_Image}, Put_Image => Put_Image;
Add after A.5.7(16/5):
function From_Universal_Image (Arg : String) return Valid_Big_Real renames From_String;
function From_Universal_Image (Num, Den : String) return Valid_Big_Real is (Big_Integers.From_Universal_Image (Num) / Big_Integers.From_Universal_Image (Den));
In A.18.2(79.2/5), A.18.3(50.2/5), A.18.5(37.3/5), A.18.6(51.4/5), A.18.8(58.2/5), A.18.9(74.2/5), remove the Aggregate aspect.
Modify H.4.1(4/5):
If No_Controlled_Parts is True for a type, no component of the type shall have a controlled part nor shall the type itself be controlled. {For the purposes of this rule, a type has a controlled part if its full type has a controlled part; this is applied recursively.} In addition to the places where Legality Rules normally apply (see 12.3), this rule also applies in the private part of an instance of a generic unit.
Add an AARM note:
AARM Discussion: This check breaks privacy by looking at the
full definition of all of the types involved. This is more like a representation aspect than an operational aspect, but representation aspects are not allowed on partial views and we need this aspect to be visible.
Modify H.4.1(5/5):
When enforcing the above rule within a generic body {G or within the body of a generic unit declared within the declarative region of generic unit G}, a generic formal private type {of G} and a generic formal derived type {of G whose ancestor is a tagged type whose No_Controlled_Parts aspect is False} [of a composite type] are considered to have a controlled part.
AARM To Be Honest: If the ancestor of the generic derived type is class-wide, the aspect in question belongs to the specific type associated with the class-wide type.
!discussion
This AI is a companion to AI12-0404-1. That AI contains wording changes only, where no meaning (semantics) is intended to be changed. This AI contains cases where there is new or changed semantics.
(1) (See proposal.)
(2) The alternative of checking all aspect definitions and changing those that need definitions (or rules against specifications) would certainly require too much change. Ada 95 had rules preventing the specification of attributes for both renames and generic formal parameters, so the original aspects like Size and Alignment were not designed to support such usages.
(3) For a formal derived type, only ancestor types that are tagged types that have No_Controlled_Parts False could cause a problem. Untagged types cannot add components, so it is obvious from the ancestor type whether any controlled types are involved. And of course if No_Controlled_Parts is true for the ancestor, then there are no controlled components by definition.
The generic body rule does not use our usual wording, which is messy but takes into account the possibility of nested or child generics. We change it to use that.
(4) We want freezing rules to be defined for all kinds of aspects, since no one wants implementation-defined aspects to have to invent their own freezing rules.
(5) The definition echoes the definition for representation items and for operational items. We also add an definition of "type-related" - the value is the same for all subtypes of a single view of the type. This has always been assumed but not stated.
(6) We chose general wording about properties of generic formal parameters beinging allowed to be different if there is an explicit rule to that effect, rather than a specific fix for specific aspects or just for aspects, in order that we don't have to revisit this paragraph when defining aspects or other characteristics in the future.
(7) We do not want to repeat any of 8.6 in 3.3, it's too messy. So we just refer to it to avoid confusion.
The list in 3.3 is roughly in the order that the concepts appear in the Standard. So we put "current instance of a type" (from 8.6) before "current instance of a protected unit" (mostly 9.4). We exclude protected types from the new bullet -- the protected unit rule applies to them.
(8) Container aggregates are generally built up element-by-element into an empty container. (Only the indexed aggregates work differently.) This is incompatible with the intent of a stable view, which never changes length as long as the stable view exists. As such, the only choice is to remove the Aggregate attributes.
!corrigendum 3.3(21/3)
Replace the paragraph:
by:
!corrigendum 12.3(15)
Replace the paragraph:
In an instance, a generic_formal_parameter_declaration declares a view whose properties are identical to those of the actual, except as specified in 12.4, “Formal Objects” and 12.6, “Formal Subprograms”. Similarly, for a declaration within a generic_formal_parameter_declaration, the corresponding declaration in an instance declares a view whose properties are identical to the corresponding declaration within the declaration of the actual.
by:
In an instance, a generic_formal_parameter_declaration declares a view whose properties are identical to those of the actual, except when specified otherwise (in particular, see 6.1.1, "Preconditions and Postconditions", 12.4, "Formal Objects", and 12.6, "Formal Subprograms"). Similarly, for a declaration within a generic_formal_parameter_declaration, the corresponding declaration in an instance declares a view whose properties are identical to the corresponding declaration within the declaration of the actual.
!corrigendum 13.1(8/3)
Replace the paragraph:
A representation item directly specifies a representation aspect of the entity denoted by the local_name, except in the case of a type-related representation item, whose local_name shall denote a first subtype, and which directly specifies an aspect of the subtype's type. A representation item that names a subtype is either subtype-specific (Size and Alignment clauses) or type-related (all others). Subtype-specific aspects may differ for different subtypes of the same type.
by:
A representation item directly specifies a representation aspect of the entity denoted by the local_name, except in the case of a type-related representation item, whose local_name shall denote a first subtype, and which directly specifies an aspect of the subtype's type. A representation item that names a subtype is either subtype-specific (Size, Object_Size, and Alignment clauses) or type-related (all others).
!corrigendum 13.1(8.1/3)
Insert after the paragraph:
An operational item directly specifies an operational aspect of the entity denoted by the local_name, except in the case of a type-related operational item, whose local_name shall denote a first subtype, and which directly specifies an aspect of the type of the subtype.
the new paragraph:
Aspects that can be specified for types and subtypes are also classified into type-related or subtype-specific aspects. Representation aspects that can be specified for types and subtypes are considered type-related unless specified otherwise. In contrast, the classification of operational aspects are given with the definition of the aspect. Type-related aspects have the same value for all subtypes of (a view of) a type, while subtype-specific aspects may differ for different subtypes of the same type.
!corrigendum 13.1.1(17/3)
Replace the paragraph:
There are no language-defined aspects that may be specified on a renaming_declaration, a generic_formal_parameter_declaration, a subunit, a package_body, a task_body, a protected_body, or a body_stub other than a subprogram_body_stub.
by:
Unless otherwise specified for a specific aspect, a language-defined aspect cannot be specified on a renaming_declaration or a generic_formal_parameter_declaration.
!corrigendum 13.14(7.2/3)
Replace the paragraph:
by:
!corrigendum A.5.6(0)
Insert new clause:
See the conflict file for the changes.
!corrigendum A.5.7(0)
Insert new clause:
See the conflict file for the changes.
!comment The container changes are not shown here.
!corrigendum H.7.1(0)
Insert new clause:
See the conflict file for the changes.
!corrigendum H.4.1(0)
Insert new clause:
Static Semantics
For a type, the following type-related, representation aspect may be specified:
No_Controlled_Parts
The type of this aspect is Boolean. If True, the type and any descendants shall not have any controlled parts. If specified, the value of the expression shall be static. If not specified, the value of this aspect is False.
Legality Rules
If No_Controlled_Parts is True for a type, no component of the type shall have a controlled part nor shall the type itself be controlled. For the purposes of this rule, a type has a controlled part if its full type has a controlled part; this is applied recursively. In addition to the places where Legality Rules normally apply (see 12.3), this rule also applies in the private part of an instance of a generic unit.
When enforcing the above rule within a generic body G or within the body of a generic unit declared within the declarative region of generic unit G, a generic formal private type of G and a generic formal derived type of G whose ancestor is a tagged type whose No_Controlled_Parts aspect is False are considered to have a controlled part.
!ASIS
No ASIS effect.
!ACATS test
ACATS B- and C-Tests are needed to check that the new capabilities are supported.
!appendix

From a private conversation:

Arnaud Charlet: We forgot to use AI12-0394-1 in the Big_Real package.
  We need to add a two parameter From_String to Big_Real.
Steve Baird: It's bizarre to call a routine with TWO String parameters
  "From_String".
Tucker Taft: The name has to be the same as the one parameter version.
Randy Brukardt: "From_String" seems strange to me as well. Perhaps we
  should call it From_Literal, with a renaming from From_String for
  the one parameter version and an expression function for the
  two parameter version.
Steve Baird: From_Literal doesn't help, only the one parameter version has
  anything to do with literals and that's loose (the compiler has already
  converted them to a string before these routines get called). How about 
  calling them From_Text?
Tucker Taft: That's hardly different than From_String in my mind. How about
  From_Universal_Integer and From_Universal_Real? The length of the names
  of these functions doesn't matter much, since they are mainly compiler-
  generated calls. Perhaps From_Universal would be better, since that
  would be the same for both packages.
Steve Baird: There's no universals anywhere to be seen for these functions,
  so From_Universal doesn't do it for me. How about From_Universal_Image?
All: Yea, verily!

****************************************************************

From the AARM review of Jeff Cousins (September 2020).

13.1.1 (38.m/5) Says formal parameters removed from the list of entities 
without language-defined aspects, but they look to still be there in 
13.1.1 (4.c/5) (though the mention in  (17/5) has gone – indeed the whole
of (17/5) has gone).

****************************************************************

From: Randy Brukardt
Sent: Tuesday, November 3, 2020  8:51 PM

The list in 13.1.1 (4.c/5) was previously fixed (a number of mistakes were 
found, that being one), but since draft 26 came out. The remaining operative
parts of 13.1.1(17/5) were moved to 13.1.1.(18/5).

I'm a bit worried that the removal of the 13.1.1(17/5) formal parameter part 
might start allowing aspect specifications for other existing language-defined
aspects. With that rule gone, we have to look at the entire list of aspects 
(and attributes) to ensure that none of them could be used on a generic formal.
The whole reason we had this rule was because that was too hard to do. 

So I wonder if we would be better served replacing 13.1.1(17/5) as a default 
for formals and renamings:

  Unless otherwise specified for a specific aspect, a language-defined aspect 
  cannot be specified on a @fa<renaming_declaration> or a 
  @fa<generic_formal_parameter_declaration>.

(We don't want Size or Pre or Pack or many others specified on renamings or on 
formals, as we don't have any sort of matching rules.)

****************************************************************

From: Tucker Taft
Sent: Wednesday, November 4, 2020  6:14 AM

I agree with all of your dispensations for Jeff's comments. ...

****************************************************************

Summary of private mail, October 21-22, 2020.

Steve Baird:

uppose user X asserts that the following example is illegal because the element
type of T2 is controlled:

     with Ada.Finalization;
     package Pkg1 is
       type T1 is private;
     private
       type T1 is new Ada.Finalization.Controlled with null record;
     end Pkg1;

     with Pkg1;
     package Pkg2 is
       type T2 is array (Boolean) of Pkg1.T1 with No_Controlled_Parts;
     end;

But then user Y responds "No, T2's element type isn't controlled - as seen 
from the point where the No_Controlled_Parts rule is enforced, the element 
type is an untagged private type. So the example is legal." .

It seems to me that X's interpretation is pretty clearly what was intended, 
but Y's interpretation is what you get from a strict reading of the existing 
RM wording.

Is there a problem here?

Tucker Taft:

Yes.  How do your recommend we fix it?

Actually, since this is a restriction, we generally allow these things to 
see through privacy.  Wouldn't that simplify things substantially?

Randy Brukardt:

As Steve said, it's not a restriction, it's an operational attribute. But 
I'm not sure why it's operational, it has more in common with representation
attributes, I'd think, and those generally ignore privacy as well.

Tucker Taft:

If by making it a representation aspect we eliminate most of this complexity, 
I am all in favor.  It is effectively a restriction -- it doesn't introduce 
or override any existing implicit operation on the type -- it merely makes 
certain otherwise legal programs illegal.  There is nothing particularly 
"operational" about it.

Steve Baird:

== start digression #1 ==

I see another H.4.1 problem. We've got

    When enforcing the above rule within a generic body, a generic formal
    private type and a generic formal derived type of a composite type
    are considered to have a controlled part.

Seems like "generic formal derived type" should be "generic formal derived 
TAGGED type".

But because this aspect is nonoverridable, we also want to allow a formal 
derived tagged type if the No_Controlled_Parts aspect of the ancestor type 
is True. So that change (by itself) isn't quite right.

== end digression #1 ==

Randy Brukardt:

Can't an untagged composite type have controlled components? That has to be 
covered for generic derived types. You could exclude elementary ancestors, 
I guess.

Steve Baird:

In the untagged case, derivation cannot add new controlled components that
were not already present in the ancestor type.

If a formal untagged derived type does not appear to have any controlled 
parts, then the actual parameter for a particular instance isn't going to 
provide any unpleasant surprises.

Steve Baird:

== start digression #2 ==

We've got (in H.4.1)
    When enforcing the above rule within a generic body, a generic formal
    private type and a generic formal derived type of a composite type
    are considered to have a controlled part.

Should that rule be limited to generic formal types of the generic whose body 
we are within (as opposed to formals of other generics)?

== end digression #2 ==

Randy Brukardt:

You can be inside of multiple generic bodies at the same time, because of
nested generic units or even child generic units. All of our 
wording uses plural for that reason. Perhaps you are complaining that we 
didn't use *exactly* the magic words we used elsewhere. Specifically:

"Additionally, if <something> occurs within the body of a generic unit G or 
within the body of a generic unit declared within the declarative region of 
generic unit G, then ..."


Here's my try at the fixes needed:

(1) Change this to a representation aspect. 

Delete H.4.1(3/5) ["nonoverridable" is only defined for operational aspects. 
But this is a Boolean aspect subject to blanket rules like Atomic and Pack and
many other aspects that prevent it from being specified False for derived 
types that have an ancestor that specify it True. Representation aspects have 
detailed inheritance rules. Do we need anything else??]

(2) Modify H.4.1(4/5):

If No_Controlled_Parts is True for a type, no component of the type shall have 
a controlled part nor shall the type itself be controlled. {For the purposes 
of this rule, a type has a controlled part if its full type has a controlled 
part; this is applied recursively.} In addition to the places where Legality 
Rules normally apply (see 12.3), this rule also applies in the private part of
an instance of a generic unit.

Add an AARM note:

AARM Discussion: Like most representation aspects, this check breaks privacy 
by looking at the full definition of all of the types involved.

(3) Modify H.4.1(5/5):

When enforcing the above rule within a generic body {G or within the body of 
a generic unit declared within the declarative region of generic unit G}, a 
generic formal private type {of G} and a generic formal derived type {of G 
whose ancestor is a tagged type whose No_Controlled_Parts aspect is False} 
[of a composite type] are considered to have a controlled part.

AARM To Be Honest: If the ancestor of the generic derived type is class-wide, 
the aspect in question belongs to the specific type associated with the 
class-wide type.

------------

Addendum, November 23, 2020

The reason that we had No_Controlled_Parts as operational was so that it
could be visibly specified on a private type. The reason that we had 
No_Controlled_Parts as nonoverridable was to deal with the conflicting 
progenitor problem. (We don't care about breaking privacy for the aspect,
since we're doing that in any case, but it would be too painful to
define a separate set of rules just for this aspect.)

As such, I've removed those changes from the proposal.

****************************************************************

Part of a private review of AI12-0396-1.

From: Randy Brukardt, November 25.

The current wording for the freezing rules in AI12-0396-1 is:

13.14(7.2/5):

  At the freezing point of the entity associated with an
  aspect_specification, any static expressions within the
  aspect_specification cause freezing, as do expressions or names in
  aspect_definitions for representation aspects, or operational aspects
  that have a corresponding operational attribute. Any static
  expressions within an aspect_specification also cause freezing at the
  end of the immediately enclosing declaration list. 
  
13.14(15.2/5):

  * At the place where a construct causes freezing, if the construct
    includes a check associated with some assertion aspect [Redundant:
    (independent of whether the check is enabled)], or depends on the
    definition of some operational aspect as part of its Dynamic
    Semantics, any names or expressions in the aspect_definition for the
    aspect cause freezing.

These rules collectively determine when an aspect_specification (and the
included aspect_definitions) are frozen. But for operational aspects, we 
seem to be missing some cases.

Aside: I don't think any cases are missing for language-defined aspects. But 
it seems to me that we don't want implementation-defined freezing rules (and I
doubt any implementers want to be inventing such things). So I don't think we 
want holes here.

There are two cases that aren't covered. First of all, when we have constructs 
that are not declarations (like loops) that allow aspect_specifications, the 
first rule doesn't apply at all. Thus, the only aspects that have a rule in 
loop contexts are those that are covered by the second rule [assertion aspects
and operational aspects with Dynamic Semantics effects]. Even if we assume
that there aren't any representation aspects for loops (not sure if that makes
sense or not), that seems to leave a truck-sized hole for any (operational) 
aspects that only have Static Semantic/Legality Effects -- and even if those 
have Dynamic Semantics as well, they very well might be frozen too late for 
Legality enforcement.

Second, the aspect_definition for any operational aspects that don't require 
static expressions and don't have Dynamic Semantics nor associated operational 
items are never frozen anywhere. I note that a lot of types can't be static, 
including System.Address and any composite type. Nor can objects or 
subprograms be static. So it is relatively easy to imagine aspects that would
not have any freezing rules at all. (Imagine an aspect that required a 
compile-time address or a library-level object.) As noted previously, I don't
think this is a good idea to leave these cases undefined.

It's fairly clear that there should be a "else" here!

The second problem is fairly easy to fix. We just need to ensure that the 
rules in the two paragraphs are mirrors of each other. I'd suggest doing that
by changing the first paragraph to be closer to the second:

  At the freezing point of the entity associated with an
  aspect_specification, any static expressions within the
  aspect_specification cause freezing, as do expressions or names in
  aspect_definitions for representation aspects, or operational aspects
  that have a corresponding operational attribute {or are neither
  assertion aspect nor have a Dynamic Semantics effect}. Any static
  expressions within an aspect_specification also cause freezing at the
  end of the immediately enclosing declaration list. 

or maybe more positively (since it isn't a problem to freeze something twice):

  At the freezing point of the entity associated with an
  aspect_specification, any static expressions within the
  aspect_specification cause freezing, as do expressions or names in
  aspect_definitions for representation aspects, or operational aspects
  that have a corresponding operational attribute {or have an
  effect on the legality of some other construct and are not an assertion
  aspect}. Any static expressions within an aspect_specification also
  cause freezing at the end of the immediately enclosing declaration
  list. 

The first problem appears to need an additional rule (put it after 13.14(8.2/1)):

  For an aspect_specification that appears in a construct that is not
  the declaration of an entity, any static expressions within the
  aspect_specification cause freezing, as do expressions or names in
  aspect_definitions for aspects that have an effect on the legality
  of some construct (including the construct with the
  aspect_specification) and are not an assertion aspect. 

  AARM To Be Honest: This rule applies to aspect_specifications in
  loop_statements. A loop may contain contains a declaration of a
  loop parameter, but that is a separate syntactic construct from
  the one that contains the aspect_specification. A similar analysis
  applies to other kinds of iterator.

Thoughts??

From: Tucker Taft, November 26, 2020.

...
>  At the freezing point of the entity associated with an  
> aspect_specification, any static expressions within the  
> aspect_specification cause freezing, as do expressions or names in  
> aspect_definitions for representation aspects, or operational aspects  
> that have a corresponding operational attribute {or have an effect on 
> the legality of some other construct and are not an assertion  
> aspect}. Any static expressions within an aspect_specification also  
> cause freezing at the end of the immediately enclosing declaration  
> list.

That first sentence seems to be getting a bit complex.  Perhaps we can break
it up a bit:

 At the freezing point of the entity associated with an aspect_specification, 
 any static expressions within the aspect_specification cause freezing, as do
 expressions or names in aspect_definitions for representation aspects, or 
 operational aspects that have a corresponding operational attribute.
 {Similarly, if an aspect_definition for an operational attribute, other than 
 an assertion aspect, could affect the Name Resolution, Static Semantics, or 
 Legality Rules of a subsequent construct, then any expressions or names 
 within the  aspect_definition cause freezing at the freezing point of the 
 associated entity.} Any static expressions within an aspect_specification
 also cause freezing at the end of the immediately enclosing declaration list. 

> The first problem appears to need an additional rule (put it after
> 13.14(8.2/1)):
> 
>  For an aspect_specification that appears in a construct that is not  
> the declaration of an entity, any static expressions within the  
> aspect_specification cause freezing, as do expressions or names in  
> aspect_definitions for aspects that have an effect on the legality  of 
> some construct (including the construct with the
>  aspect_specification) and are not an assertion aspect. 
> 
>  AARM To Be Honest: This rule applies to aspect_specifications in  
> loop_statements. A loop may contain contains a declaration of a  loop 
> parameter, but that is a separate syntactic construct from  the one 
> that contains the aspect_specification. A similar analysis  applies to 
> other kinds of iterator.

This seems a bit excessive for this one special case.  How about we just add
this to the end of 13.14(7.2):

  For the purposes of this rule, if there is no declared entity associated 
  with an aspect_specification, the freezing point is considered to occur 
  immediately following the aspect_specification.

****************************************************************

Part of a private review of AI12-0396-1.

From: Randy Brukardt, November 25.

13.1(8/3) is now:
 
A representation item directly specifies a representation aspect of 
the entity denoted by the local_name, except in the case of a 
type-related representation item, whose local_name shall denote a 
first subtype, and which directly specifies an aspect of the subtype's 
type. A representation item that names a subtype is either 
subtype-specific (Size, Object_Size, and Alignment clauses) or type-related 
(all others). [Redundant: Subtype-specific aspects may differ for different 
subtypes of the same type.]

This is mostly unchanged from Ada 2012. But we have a To Be Honest 
note following it:

To be honest: Type-related and subtype-specific are defined likewise 
for the corresponding aspects of representation.

This means that we have no normative definition for "type-related 
representation aspect", and in particular, we have no definition at 
all (even in the AARM) for an aspect that doesn't have any representation items.
To "fix" this latter problem, I added some text to the note above:

To be honest: Type-related and subtype-specific are defined likewise 
for the corresponding aspects of representation. {The terms are also 
defined for aspects of representation that do not have corresponding 
representation items; these also are type-related unless explicitly 
specified otherwise.}
 
I also added a similar note after the following paragraph about 
operational aspects.

To Be Honest: Type-related and subtype-related are defined likewise 
for the corresponding operational aspects, and are defined as well for 
operational aspects that apply to types but do not have corresponding 
operational items. Unlike representation aspects, we explicitly define
operational aspects to be type-related (that is the default for 
representation aspects).

However, I think this is very much a bridge too far. I think it would 
be a lot better to add an appropriate overall definition after 13.1(8.1/3).
Perhaps something like:

  Aspects that can be specified for types and subtypes are also 
  classified into type-related or subtype-specific aspects. 
  Representation aspects that can be specified for types and subtypes 
  are considered type-related unless specified otherwise. In contrast, 
  the classification of operational aspects are given with the 
  definition of the aspect.

    AARM Discussion: We talk about "type-related aspects", which of 
    course include both type-related representation aspects and 
    type-related operational aspects. Aspects Size, Object_Size, and
    Alignment are subtype-specific, as that is specified above. All 
    other representation aspects are either type-related or not 
    specifiable for a type or subtype. Unlike representation 
    aspects, there is no default for operational aspects; whether they 
    are type-related or subtype-specific should be part of the definition 
    of the aspect.

If we added this, we could get rid of both of those "To Be Honest" notes.
(Perhaps the AARM note could be tightened up - it's not my best work!)

From: Tucker Taft, November 26

The above seems like a good change.


Questions? Ask the ACAA Technical Agent