Version 1.2 of ai12s/ai12-0432-1.txt

Unformatted version of ai12s/ai12-0432-1.txt version 1.2
Other versions for file ai12s/ai12-0432-1.txt

!standard 3.2.4(31/5)          21-05-28 AI12-0432-1/01
!standard 4.6(51.1/5)
!class Amendment 21-05-28
!status work item 21-05-28
!status received 21-05-28
!priority Low
!difficulty Easy
!subject View conversions of assignments and predicate checks
!summary
Exclude view conversions of targets of assignment_statements from predicate checks.
[Editor's note: This was classified as an Amendment, since the previous AI that created the 4.6 rule that is modified here, AI12-0333-1, was an Amendment. I'm not sure why the previous AI was an Amendment (it would seem that we don't want such checks in Ada 2012, either), but in the absence of a change to that we can't have this one be a Binding Interpretation.]
!problem
We have decided that no predicate checks should be performed "on the way in" for an OUT parameter. It seems the same should apply to a view conversion applied to the LHS of a (tagged) assignment. If the specified subtype has a predicate, the value being assigned should be checked that it satisfies the predicate, but there seems no reason the prior value of the LHS should satisfy the predicate. For example:
subtype Is_Boiling is Some_Tagged_Type with Is_Boiling.Temp_In_Celsius >= 100;
Is_Boiling(X) := (Temp_In_Celsius => 101, ...); -- should be OK even if X.Temp_In_Celsius < 100 before the assignment.
!proposal
(See Summary.)
!wording
Modify 3.2.4(31/5):
[Redundant: On a subtype conversion, a check is performed that the operand satisfies the predicates of the target subtype, [unless it is a conversion for] {except for certain view conversions applied to the target of an assignment or} an actual parameter of mode out (see 4.6).] ...
[Editor's note: I'd prefer to simplify this more, as the important thing is not to lie, rather than repeat rules defined elsewhere. I'd suggest:
On a subtype conversion, a check is performed that the operand satisfies the predicates of the target subtype, except for certain view conversions (see 4.6). ...
End Editor's note.]
Modify 4.6(51.1/5):
a view conversion that is {the target of an assignment statement and is not referenced with a target_name, or} an actual parameter of mode out; or
!discussion
A reference to a target via a target_name ('@') is a read of the object, and it would be unusual if it didn't meet the predicate of its nominal subtype. But there's no need for the object being written to meet the predicate (only the source expression needs to do that).
!ASIS
No ASIS change.
!ACATS test
An ACATS C-Test is needed to make sure no check is made in this case, and that the check is made on the source expression and on any target_names.
!appendix

From WG 9 review issue #113 (Tucker Taft)

We have decided that no predicate checks should be performed "on the way in"
for an OUT parameter. It seems the same should apply to a view conversion 
applied to the LHS of a (tagged) assignment. If the specified subtype has a 
predicate, the value being assigned should be checked that it satisfies the 
predicate, but there seems no reason the prior value of the LHS should satisfy
the predicate. E.g.:

   subtype Is_Boiling is Some_Tagged_Type with Is_Boiling.Temp_In_Celsius >= 100;

   Is_Boiling(X) := (Temp_In_Celsius => 101, ...);
      -- should be OK even if X.Temp_In_Celsius < 100 before the assignment.

I would suggest we alter 4.6(51.1/5) as follows:

        a view conversion that is {the target of an assignment or} an actual
        parameter of mode out; or

A similar fix is needed in 3.2.4(31/5):

    [Redundant: On a subtype conversion, a check is performed that the operand 
    satisfies the predicates of the target subtype, unless it is a conversion
    for {the target of an assignment or} an actual parameter of mode 
    out (see 4.6).] ...

---

We need to take references by "target_name" into account ('@'), which leads to 
something like:

Modify 4.6(51.1/5):

        a view conversion that is {the target of an assignment statement and 
        is not referenced with a target_name, or} an actual parameter of 
        mode out; or

It is painful to have to copy all of this into 3.2.4(31/5), so perhaps we could say:

    [Redundant: On a subtype conversion, a check is performed that the operand 
    satisfies the predicates of the target subtype, [unless it is a conversion 
    for] {except for certain view conversions applied to the target of an 
    assignment or} an actual parameter of mode out (see 4.6).]

[Editor's comment:]

If we're going to simplify 3.2.4(31/5) anyway, why don't we go all the way and
just say "except for certain view conversions (see 4.6)"? The less text we 
duplicate, the better, and this is already marked as redundant. We just don't 
want this to be wrong (since Redundant markings aren't normative, so this text 
is normative).

****************************************************************


Questions? Ask the ACAA Technical Agent