CVS difference for ai22s/ai22-0034-1.html

Differences between 1.1 and version 1.2
Log of other versions for file ai22s/ai22-0034-1.html

--- ai22s/ai22-0034-1.html	2022/06/17 06:13:50	1.1
+++ ai22s/ai22-0034-1.html	2022/06/18 04:17:03	1.2
@@ -1,10 +1,10 @@
 <html><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"><title>AI12-0034-1/01</title>
 <style type="text/css">
 table td,table th{padding:0}
-.c3{border-right-style:solid;padding:5pt 5pt 5pt 5pt;border-bottom-color:#000000;border-top-width:0pt;border-right-width:0pt;border-left-color:#000000;vertical-align:top;border-right-color:#000000;border-left-width:0pt;border-top-style:solid;background-co
lor:#f0f0f0;border-left-style:solid;border-bottom-width:0pt;width:468pt;border-top-color:#000000;border-bottom-style:solid}
-.c13{border-spacing:0;border-collapse:collapse;margin-right:auto}
+.c11{border-right-style:solid;padding:5pt 5pt 5pt 5pt;border-bottom-color:#000000;border-top-width:0pt;border-right-width:0pt;border-left-color:#000000;vertical-align:top;border-right-color:#000000;border-left-width:0pt;border-top-style:solid;background-c
olor:#f0f0f0;border-left-style:solid;border-bottom-width:0pt;width:468pt;border-top-color:#000000;border-bottom-style:solid}
+.c10{border-spacing:0;border-collapse:collapse;margin-right:auto}
 .c23{background-color:#ffffff;max-width:468pt;padding:72pt 72pt 72pt 72pt}
-.c10{height:0pt}
+.c12{height:0pt}
 P.head{margin-bottom:0; margin-top:0; margin-left:0; margin-right:0; padding-top:0pt; color:#000000; font-size:14pt; padding-bottom:0pt; font-family:"Arial","Liberation Sans",sans-serif; line-height:1.15; orphans:2; widows:2; text-align:left; font-weight:
400; text-decoration:none; vertical-align:baseline; font-style:normal}
 H2.head{margin-bottom:0; margin-top:0; margin-left:0; margin-right:0; padding-top:12pt; color:#000000; font-size:14pt; padding-bottom:6pt; font-family:"Arial","Liberation Sans",sans-serif; line-height:1.15; page-break-after:avoid; orphans:2; widows:2; tex
t-align:left; font-weight:400; text-decoration:none; vertical-align:baseline; font-style:normal}
 P.inst{margin-bottom:0; margin-top:0; margin-left:18pt; margin-right:0; padding-top:9pt; color:#000000; font-size:12pt; padding-bottom:6pt; font-family:"Arial","Liberation Sans",sans-serif;line-height:1.15; orphans:2; widows:2; text-align:left; font-weigh
t:400; text-decoration:none; vertical-align:baseline; font-style:normal}
@@ -15,11 +15,9 @@
 P.txts{margin-bottom:0; margin-top:0; margin-left:0; margin-right:0; padding-top:0pt; color:#000000; font-size:11pt; padding-bottom:11pt; font-family:"Arial","Liberation Sans",sans-serif; line-height:1.15; text-align:left; font-weight:400; text-decoration
:none; vertical-align:baseline; font-style:normal}
 UL.blts{margin-bottom:0; margin-top:0; margin-left:12pt; margin-right:0; padding-top:0pt; color:#000000; font-size:11pt; padding-bottom:12pt; font-family:"Arial","Liberation Sans",sans-serif; line-height:1.15;text-align:left; font-weight:400; text-decorat
ion:none; vertical-align:baseline; font-style:normal; list-style: disc outside}
 P.ind{margin-bottom:0; margin-top:0; margin-left:24pt; margin-right:0; padding-top:0pt; color:#000000; font-size:11pt; padding-bottom:0pt; font-family:"Arial","Liberation Sans",sans-serif; line-height:1.15; text-align:left; font-weight:400; text-decoratio
n:none; vertical-align:baseline; font-style:normal}
-P.inds{margin-bottom:0; margin-top:0; margin-left:24pt; margin-right:0; padding-top:0pt; color:#000000; font-size:11pt; padding-bottom:11pt; font-family:"Arial","Liberation Sans",sans-serif; line-height:1.15; text-align:left; font-weight:400; text-decorat
ion:none; vertical-align:baseline; font-style:normal}
 SPAN.ins{color:#005500}
 SPAN.del{color:#880000}
-P.a1{margin-bottom:0; margin-top:0; margin-left:0; margin-right:0;color:#000000;font-size:26pt;font-family:"Arial","Liberation Sans",sans-serif; padding-top:0pt; padding-bottom:3pt; line-height:1.15; page-break-after:avoid; orphans:2; widows:2; text-align
:left; font-weight:400; text-decoration:none; vertical-align:baseline; font-style:normal}
-P.a14{margin-bottom:0; margin-top:0; margin-left:0; margin-right:0; padding-top:0pt; color:#000000; font-size:14pt; padding-bottom:13pt; font-family:"Arial","Liberation Sans",sans-serif; line-height:1.15; orphans:2; widows:2; text-align:left; font-weight:
400; text-decoration:none; vertical-align:baseline; font-style:normal}
+P.a1{margin-bottom:0; margin-top:0; margin-left:0; margin-right:0;color:#000000;font-size:26pt;font-family:"Arial","Liberation Sans",sans-serif; page-break-after:avoid; padding-top:0pt; padding-bottom:3pt; line-height:1.15; orphans:2; widows:2; text-align
:left; font-weight:400; text-decoration:none; vertical-align:baseline; font-style:normal}
 </style>
 </head><body class="c23"><p class="a1">AI22-0034-1</p>
 <p class="head">!standard 3.10.2(22) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
@@ -30,10 +28,10 @@
 <p class="head">!status received 22-01-02</p>
 <p class="head">!priority Medium</p>
 <p class="head">!difficulty Hard</p>
-<p class="a14">!subject Implementation model of dynamic accessibility checking</p>
+<p class="head">!qualifier Clarification</p>
+<p class="head">!subject Implementation model of dynamic accessibility checking</p>
 
 <h2 class="head">!summary</h2>
-
 <p class="txts">[Editor&#39;s note: The contents of this AI is that of the last version of the Ada
 2012 AI. It needs to be revised in some way, yet to be determined. Note that this is the Binding
 Interpretation for dynamic accessibility -- it applies to the existing language versions of Ada
@@ -41,131 +39,106 @@
 substantial incompatibility, and should not invalidate basic guarantees of those Ada versions. We
 could be more aggressive with an Amendment AI that applies to future Ada versions. However, we
 still need to solve this problem for those older language versions.]</p>
-
 
-<p class="text">The implementation model of dynamic accessibility checking given in the AARM</p>
-<p class="text">is inadequate. It is proven by [Baird, Brukardt; 201x] that dynamic
-accessibility</p>
-<p class="text">checking as defined by the Standard is implementable without excessive
-overhead.</p>
-<p class="text">That model is too complex for the AARM, thus the associated notes are deleted.</p>
+<p class="text">The implementation model of dynamic accessibility checking given in the AARM is
+inadequate. It is proven by [Baird, Brukardt; 202x] that dynamic accessibility checking as defined
+by the Standard is implementable without excessive overhead. That model is too complex for the
+AARM, thus the associated notes are deleted.</p>
 <h2 class="head">!issue</h2>
+<p class="txts">The AARM provides a suggested implementation model for dynamic accessibility
+checking in the Implmentation Note beginning with AARM 3.10.2(22.u). However, this model alone is
+not enough to correctly implement Ada 2005, and Ada 2012 makes this even less true.</p>
 
-<p class="text">The AARM provides a suggested implementation model for dynamic accessibility</p>
-<p class="text">checking in the Implmentation Note beginning with AARM 3.10.2(22.u). However,</p>
-<p class="text">this model alone is not enough to correctly implement Ada 2005, and Ada 2012</p>
-<p class="txts">makes this even less true.</p>
-
-<p class="text">Is the intent that the &quot;small integer&quot; model of dynamic accessibility
-is</p>
-<p class="text">no longer enough? (Yes.) If so, the AARM notes should be updated to provide</p>
-<p class="text">a realistic model.</p>
+<p class="text">Is the intent that the &quot;small integer&quot; model of dynamic accessibility is
+no longer enough? (Yes.) If so, the AARM notes should be updated to provide a realistic model.</p>
 <h2 class="head">!recommendation</h2>
-
 <p class="text">(See summary.)</p>
 <h2 class="head">!wording</h2>
 <p class="inst">Modify 3.10.2(22.w/2):</p>
-
 <p class="word">The &ldquo;obvious&rdquo; implementation of the run-time checks would be
 inefficient, and would</p>
 <p class="word">involve distributed overhead; <span class="del">[therefore, an efficient method is
 given below]</span></p>
 <p class="wrds"><span class="ins">{fortunately, more efficient methods are described in
-<span class="del">[Baird,Brukardt;2019]</span>}</span>.</p>
+<span class="del">[Baird,Brukardt;202x]</span>}</span>.</p>
 
 <p class="ind">&lt;Editor&#39;s note: The citation in the square brackets will change to reflect
 the actual</p>
-<p class="inds">paper once it is published. I hope Steve is joking with the included date.
-:-)&gt;</p>
-
+<p class="ind">paper once it is published.&gt;</p>
 <p class="inst">Delete 3.10.2(22.x-22.ff).</p>
 <p class="text">&nbsp;[These described the &quot;small integer&quot; implementation.]</p>
 <h2 class="head">!discussion</h2>
-
 <p class="text">Problems with the the &quot;small integer&quot; model for representing
-accessibility</p>
-<p class="text">levels and performing run-time accessibility checking have been identified (see</p>
-<p class="text">mail message of July 28, 2011, previously filed in this AI - [Now AI12-0016-1 -
-Editor.]). This is a</p>
-<p class="text">description of a more general implementation approach which addresses these</p>
-<p class="text">problems without introducing unacceptable costs in space, time, or complexity.</p>
-<p class="text">This is only intended to demonstrate that at least one viable implementation</p>
-<p class="text">model exists and to make this available to language implementors as an option.</p>
-<p class="text">It is not intended to introduce any language changes, but rather to offer one</p>
-<p class="text">way of meeting the requirements that are already implicit in the language</p>
-<p class="txts">definition.</p>
-
-<p class="text">It may be that language changes in this area are needed.
-&quot;Master-based&quot;</p>
-<p class="text">accessibility checking (see the accept_statement example and the discussion of</p>
-<p class="text">incomparable accessibility levels in AI05-0024) may require wording changes to</p>
-<p class="text">address scenarios involving incomparable accessibility levels (i.e., unequal</p>
-<p class="text">levels, neither of which is &quot;deeper&quot; than the other). For example, the
-check</p>
-<p class="text">associated with an access type conversion is defined by</p>
+accessibility levels and performing run-time accessibility checking have been identified (see mail
+message of July 28, 2011, previously filed in this AI - [Now AI12-0016-1 - Editor.]). This is a
+description of a more general implementation approach which addresses these problems without
+introducing unacceptable costs in space, time, or complexity. This is only intended to demonstrate
+that at least one viable implementation model exists and to make this available to language
+implementors as an option.</p>
+<p class="txts">It is not intended to introduce any language changes, but rather to offer one way
+of meeting the requirements that are already implicit in the language definition.</p>
+
+<p class="text">It may be that language changes in this area are needed. &quot;Master-based&quot;
+accessibility checking (see the accept_statement example and the discussion of incomparable
+accessibility levels in AI05-0024) may require wording changes to address scenarios involving
+incomparable accessibility levels (i.e., unequal levels, neither of which is &quot;deeper&quot;
+than the other). For example, the check associated with an access type conversion is defined by</p>
 <p class="word">&nbsp; &nbsp;&quot;For an access-to-object type, a check is made that the
 accessibility</p>
 <p class="word">&nbsp; &nbsp; level of the operand type is not deeper than that of the target</p>
 <p class="word">&nbsp; &nbsp; type, ...&quot;.</p>
-<p class="text">If it is somehow possible that the two accessibility levels mentioned above</p>
-<p class="text">might be incomparable then we would want the run-time check to fail in this</p>
-<p class="text">case; with the current wording, the check would pass. Such RM wording changes</p>
-<p class="text">are outside the scope of this discussion, except that it is intended that the</p>
-<p class="txts">implementation model described herein would be compatible with such changes.</p>
+<p class="txts">If it is somehow possible that the two accessibility levels mentioned above might
+be incomparable then we would want the run-time check to fail in this case; with the current
+wording, the check would pass. Such RM wording changes are outside the scope of this discussion,
+except that it is intended that the implementation model described herein would be compatible with
+such changes.</p>
 
 <p class="txts">We describe the proposal in the &quot;software present tense&quot;, as a fait
 accompli.</p>
 
-<p class="text">The accessibility level of a master is represented at run-time by a pointer to</p>
-<p class="text">an object whose lifetime is that of the master. For example, if the master is
-an</p>
-<p class="text">execution of a subprogram body, then the object would be declared (implicitly,</p>
-<p class="txts">by the compiler) within the subprogram.</p>
+<p class="txts">The accessibility level of a master is represented at run-time by a pointer to an
+object whose lifetime is that of the master. For example, if the master is an execution of a
+subprogram body, then the object would be declared (implicitly, by the compiler) within the
+subprogram.</p>
 
 <p class="txts">For the following example</p>
 
-<a id="t.df337183af46f989ccdb5f9e5482b9efcc8e31fa"></a><a id="t.0"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
+<a id="t.df337183af46f989ccdb5f9e5482b9efcc8e31fa"></a><a id="t.0"></a><table class="c10"><tr class="c12"><td class="c11">
 <p class="codt">&nbsp; &nbsp; &nbsp;<b>procedure</b> P1 (X : <b>access</b> Integer) <b>is</b> ...
 ;<br>
  &nbsp; &nbsp; <b>procedure</b> P2 <b>is</b><br>
  &nbsp; &nbsp; &nbsp; &nbsp;Local : <b>aliased</b> Integer;<br>
  &nbsp; &nbsp; <b>begin</b><br>
  &nbsp; &nbsp; &nbsp; &nbsp;P1 (Local&#39;Access);</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
-<p class="text">the implicit parameter passed to P1 to describe X&#39;s accessibility level might
-be</p>
-<p class="txts">implemented by something like</p>
+</td></tr></table><p class="text">&nbsp;</p>
+<p class="txts">the implicit parameter passed to P1 to describe X&#39;s accessibility level might
+be implemented by something like</p>
 
-<a id="t.9bb92f495be778cddba978b97a9f9b943b612e2d"></a><a id="t.1"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
+<a id="t.9bb92f495be778cddba978b97a9f9b943b612e2d"></a><a id="t.1"></a><table class="c10"><tr class="c12"><td class="c11">
 <p class="codt">&nbsp; &nbsp; &nbsp;<b>procedure</b> P2 <b>is</b><br>
  &nbsp; &nbsp; &nbsp; &nbsp;P2_Level : <b>aliased</b> <b>constant</b> Level_Object := ... ;<br>
  &nbsp; &nbsp; &nbsp; &nbsp;Local : <b>aliased</b> Integer;<br>
  &nbsp; &nbsp; <b>begin</b><br>
  &nbsp; &nbsp; &nbsp; &nbsp;P1 (..., P2_Level&#39;Unchecked_Access);</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
+</td></tr></table><p class="text">&nbsp;</p>
 <p class="txts">So what does this type Level_Object look like?</p>
 
-<p class="text">Given two accessibility levels A and B, the fundamental operation that must be</p>
-<p class="text">supported is answering the question &quot;might an entity whose accessibility
-level</p>
-<p class="text">is A outlive one whose level is B?&quot;. Fortunately, it is not necessary to
-support</p>
-<p class="text">this query for an arbitrary pair of accessibility levels; an implementation can</p>
-<p class="text">take advantage of knowledge about the domain of this query. A query at some</p>
-<p class="text">point in the execution of a program can only involve levels that are directly</p>
+<p class="text">Given two accessibility levels A and B, the fundamental operation that must be
+supported is answering the question &quot;might an entity whose accessibility level is A outlive
+one whose level is B?&quot;. Fortunately, it is not necessary to support this query for an
+arbitrary pair of accessibility levels; an implementation can take advantage of knowledge about the
+domain of this query. A query at some point in the execution of a program can only involve levels
+that are directly</p>
 <p class="txts">visible or somehow indirectly reachable at that point.</p>
 
-<p class="text">To illustrate this point, let&#39;s first consider an implementation which
-would</p>
-<p class="text">suffice to implement Ada 95 (but not, as it turns out, Ada 2005 or Ada 2012).</p>
-<p class="text">Note that the small integer model also suffices for implementing Ada 95, so
-this</p>
-<p class="text">initial implementation is really only useful as an expository stepping stone</p>
-<p class="text">towards a more expressive implementation which does support Ada 2005 and Ada</p>
-<p class="txts">2012.</p>
+<p class="txts">To illustrate this point, let&#39;s first consider an implementation which would
+suffice to implement Ada 95 (but not, as it turns out, Ada 2005 or Ada 2012). Note that the small
+integer model also suffices for implementing Ada 95, so this initial implementation is really only
+useful as an expository stepping stone towards a more expressive implementation which does support
+Ada 2005 and Ada 2012.</p>
 
 <p class="text">The Ada-95-only implementation:</p>
-<p class="text">&nbsp; &nbsp; For each master whose level needs to be represented at run-time</p>
+<p class="text">&nbsp; &nbsp; For each master whose level needs to be represented at run-time </p>
 <p class="text">&nbsp; &nbsp; (e.g., because a reference to a local variable is passed as an</p>
 <p class="text">&nbsp; &nbsp; actual parameter where the corresponding formal is of an
 anonymous</p>
@@ -173,7 +146,7 @@
 <p class="text">&nbsp; &nbsp; aliased constant of type Level_Object_95 is declared. The type is</p>
 <p class="txts">&nbsp; &nbsp; declared as</p>
 
-<a id="t.21606d24ccd2c8fc1f047f8464d3ae22cb4fa69c"></a><a id="t.2"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
+<a id="t.21606d24ccd2c8fc1f047f8464d3ae22cb4fa69c"></a><a id="t.2"></a><table class="c10"><tr class="c12"><td class="c11">
 <p class="codt">&nbsp; &nbsp; &nbsp; &nbsp;<b>type</b> Level_Object_95;<br>
  &nbsp; &nbsp; &nbsp; <b>type</b> Level_95 <b>is</b> <b>access</b> <b>constant</b>
 Level_Object_95;<br>
@@ -181,34 +154,29 @@
  &nbsp; &nbsp; &nbsp; &nbsp; <b>record</b><br>
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Static_Link : Level_95;<br>
  &nbsp; &nbsp; &nbsp; &nbsp; <b>end</b> <b>record</b>;</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
+</td></tr></table><p class="text">&nbsp;</p>
 <p class="text">A single constant of type Level_Object_95 is declared at library level:</p>
-<a id="t.83f559a3e04cecaca38f6fd957c3526c83a2b5fe"></a><a id="t.3"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
+<a id="t.83f559a3e04cecaca38f6fd957c3526c83a2b5fe"></a><a id="t.3"></a><table class="c10"><tr class="c12"><td class="c11">
 <p class="codt">&nbsp; &nbsp; Library_Level_Object_95 : <b>aliased</b> <b>constant</b>
 Level_Object_95<br>
  &nbsp; &nbsp; &nbsp;:= (Static_Link =&gt; null);<br>
  &nbsp; &nbsp;Library_Level_95 : <b>constant</b> Level_95<br>
  &nbsp; &nbsp; &nbsp;:= Library_Level_Object_95&#39;Access;</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
-<p class="text">All other objects of type Level_Object_95 are aliased constants declared in
-more</p>
-<p class="text">nested scopes and containing pointers to the level object for the corresponding</p>
-<p class="text">elaboration of the nearest (statically) enclosing scope which has a level</p>
-<p class="text">object. This corresponds roughly to the &quot;static link&quot; mechanism
-traditionally</p>
-<p class="text">used for implementing up-level references. To determine whether level A is</p>
-<p class="text">deeper than level B, one traverses links starting at A until either B or null
-is</p>
-<p class="text">encountered (the former indicating A is deeper than B, the latter indicating</p>
-<p class="text">otherwise; a level is, by definition, not deeper than itself so the A = B case</p>
-<p class="txts">must also be handled correctly).</p>
-
-<p class="text">The following example (which involves an anonymous access-to-subprogram type,</p>
-<p class="text">not an Ada 95 feature) demonstrates that this approach, at least as described
-so</p>
-<p class="txts">far, doesn&#39;t handle some Ada 2012 constructs:</p>
+</td></tr></table><p class="text">&nbsp;</p>
+<p class="txts">All other objects of type Level_Object_95 are aliased constants declared in more
+nested scopes and containing pointers to the level object for the corresponding elaboration of the
+nearest (statically) enclosing scope which has a level object. This corresponds roughly to the
+&quot;static link&quot; mechanism traditionally used for implementing up-level references. To
+determine whether level A is deeper than level B, one traverses links starting at A until either B
+or null is encountered (the former indicating A is deeper than B, the latter indicating otherwise;
+a level is, by definition, not deeper than itself so the A = B case must also be handled
+correctly).</p>
+
+<p class="txts">The following example (which involves an anonymous access-to-subprogram type, not
+an Ada 95 feature) demonstrates that this approach, at least as described so far, doesn&#39;t
+handle some Ada 2012 constructs:</p>
 
-<a id="t.9fa8d4a1d07335ce3b0b436900e92465d76cb078"></a><a id="t.4"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
+<a id="t.9fa8d4a1d07335ce3b0b436900e92465d76cb078"></a><a id="t.4"></a><table class="c10"><tr class="c12"><td class="c11">
 <p class="codt">&nbsp; &nbsp;<b>procedure</b> Accessibility_Test <b>is</b><br>
  &nbsp; &nbsp; <b>procedure</b> Call_Proc<br>
  &nbsp; &nbsp; &nbsp; (Proc : <b>not</b> <b>null</b> <b>access</b> <b>procedure</b> (X, Y :
@@ -253,7 +221,7 @@
  &nbsp; <b>begin</b><br>
  &nbsp; &nbsp; P1;<br>
  &nbsp; <b>end</b>;</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
+</td></tr></table><p class="text">&nbsp;</p>
 <p class="text">Let&#39;s look at how this model breaks down in the case of this example.</p>
 <p class="text">When P3 is called, the call stack is</p>
 <ul class="blts"><li>&nbsp; &nbsp; P3</li>
@@ -264,217 +232,10 @@
 <li>&nbsp; &nbsp; Accessibility_Test</li>
 </ul>
 
-<p class="text">The two accessibility levels passed into P3 correspond to the two calls to</p>
-<p class="text">Call_Proc. One of these two levels is longer lived than the level of the call
-to</p>
-<p class="text">P2 (which is also the level of Ref, the target type of the access type</p>
-<p class="text">conversions) and one of them is shorter-lived, but this essential distinction
-is</p>
-<p class="text">lost. The first access type conversion should succeed and the second should</p>
+<p class="text">The two accessibility levels passed into P3 correspond to the two calls to
+Call_Proc. One of these two levels is longer lived than the level of the call to P2 (which is also
+the level of Ref, the target type of the access type conversions) and one of them is shorter-lived,
+but this essential distinction is lost. The first access type conversion should succeed and the
+second should</p>
 <p class="txts">fail, but there is insufficient information to make this distinction.</p>
 
-<p class="text">So now we take the view that the &quot;static link&quot; is just one example
-(albeit, the</p>
-<p class="text">most important one) of a level whose lifetime is known to be longer than that
-of</p>
-<p class="text">a given level for which we are declaring the level object. In the case of a</p>
-<p class="text">subprogram which has an anonymous access-to-object parameter, for example, the</p>
-<p class="text">level of the parameter (which is passed in) is also known to have this
-property.</p>
-<p class="text">For a class-wide parameter, the level of the underlying specific type of the</p>
-<p class="text">parameter is another such &quot;known to outlive me&quot; level. For a
-build-in-place</p>
-<p class="text">function or a function with an anonymous access result type, the level</p>
-<p class="text">determined at the point of call is another. &nbsp;The point is that a set of
-such</p>
-<p class="text">&quot;predecessor&quot; levels can be determined by combining the static-link with
-other</p>
-<p class="text">levels extracted (extraction details TBD) from the parameters. The idea is that</p>
-<p class="text">at the time of a subprogram call, the only existing levels that the callee will</p>
-<p class="text">need to refer to are those that are reachable via an uplevel reference to an</p>
-<p class="text">enclosing scope combined with those that are somehow passed in as parameters</p>
-<p class="text">(this includes things like the accessibility level of the underlying specific</p>
-<p class="text">type of a tagged parameter, not just simple cases like anonymous</p>
-<p class="text">access-to-object typed parameters; note that for most implementations this</p>
-<p class="text">particular example probably means that the descriptor for specific tagged type</p>
-<p class="txts">will contain the pointer value representing its accessibility level).</p>
-
-<p class="txts">This suggests something like</p>
-
-<a id="t.3748a82647d23d781564835c8b08edb25434358d"></a><a id="t.5"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
-<p class="codt">&nbsp; &nbsp; &nbsp; &nbsp;<b>type</b> Level_Object;<br>
- &nbsp; &nbsp; &nbsp; <b>type</b> Level <b>is</b> <b>access</b> <b>constant</b> Level_Object
-<b>with</b> Storage_Size =&gt; 0;<br>
- &nbsp; &nbsp; &nbsp; <b>type</b> Level_Vector <b>is</b> <b>array</b> (Positive <b>range</b>
-&lt;&gt;) <b>of</b> Level;<br>
- &nbsp; &nbsp; &nbsp; <b>type</b> Level_Object (Predecessor_Count : Natural) <b>is</b><br>
- &nbsp; &nbsp; &nbsp; &nbsp; <b>record</b><br>
- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Predecessors : Level_Vector (1 .. Predecessor_Count);<br>
- &nbsp; &nbsp; &nbsp; &nbsp; <b>end</b> <b>record</b>;<br>
-<br>
- &nbsp; &nbsp; &nbsp; Library_Level_Object : <b>aliased</b> <b>constant</b> Level_Object<br>
- &nbsp; &nbsp; &nbsp; &nbsp; := (Predecessor_Count =&gt; 0);<br>
- &nbsp; &nbsp; &nbsp; Library_Level : <b>constant</b> Level := Library_Level_Object&#39;Access;</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
-<p class="text">In our example above, the two level objects declared locally to the two</p>
-<p class="text">invocations of Call_Proc would now capture the needed distinction by</p>
-<p class="text">incorporating the levels of their parameters. See the &quot;gory details&quot;
-section</p>
-<p class="text">below for a detailed explanation of how this is accomplished. It would also be</p>
-<p class="text">instructive (I imagine) to look at the examples given in the initial AI</p>
-<p class="text">discussion (in particular, procedures Ada05_Example and Access_Result_Test)</p>
-<p class="text">which illustrate cases that the small integer model cannot handle and to work</p>
-<p class="text">through how these cases work with the proposed model (Note: I have not actually</p>
-<p class="text">had time to do this yet, but that doesn&#39;t stop me from recommending this
-action</p>
-<p class="txts">to others).</p>
-
-<p class="text">This raises performance questions. To decide whether level A is at least as</p>
-<p class="text">long-lived as level B, we need to traverse B&#39;s known predecessors, just as</p>
-<p class="text">before, but now this involves traversing a DAG instead of a linked list. Can</p>
-<p class="txts">this be done cheaply enough?</p>
-
-<p class="text">One answer to that is to store the &quot;static link&quot; in the first element of
-the</p>
-<p class="text">Predecessors array and to optimize for the case where the Ada-95-style</p>
-<p class="text">representation described above would have sufficed to determine that the check</p>
-<p class="text">would pass. We certainly don&#39;t care about performance in the case where the</p>
-<p class="text">check will fail; it might be that we also don&#39;t care very much about
-performance</p>
-<p class="text">in the corner cases where this richer data structure (i.e., multiple</p>
-<p class="txts">predecessors) is needed to get the right answer.</p>
-
-<p class="text">Is it worthwhile to try to avoid adding redundant predecessors to a</p>
-<p class="text">Level_Vector? Consider the case of a subprogram which takes an access parameter</p>
-<p class="text">when the parameter happens to be null (or a pointer to an object declared at</p>
-<p class="text">library level). If redundant predecessors are always filtered out, then we are</p>
-<p class="txts">talking about traversing a tree instead of a DAG.</p>
-
-<p class="text">We still have the important optimization that no level object is declared for a</p>
-<p class="text">master that doesn&#39;t need one. In particular, wrappers don&#39;t declare
-level</p>
-<p class="txts">objects.</p>
-
-<p class="text">The details of how we extract predecessor information from a routine&#39;s</p>
-<p class="text">parameters when building a level object have been glossed over here. Some</p>
-<p class="text">thought is needed here (e.g., are there cases where a parameter of a specific</p>
-<p class="text">tagged type requires extracting the accessibility level of the underlying type</p>
-<p class="text">of the actual and incorporating that into the predecessor set of the callee?).</p>
-<p class="text">Note, however, that the rest of the model is not particularly sensitive to
-these</p>
-<p class="txts">details.</p>
-
-<p class="txts">====</p>
-
-<p class="txts">Gory details (as promised above):</p>
-
-<p class="text">When P3 is called, the call stack is</p>
-<ul class="blts"><li>&nbsp; &nbsp; P3</li>
-<li>&nbsp; &nbsp; Call_Proc - second call</li>
-<li>&nbsp; &nbsp; P2</li>
-<li>&nbsp; &nbsp; Call_Proc - first call</li>
-<li>&nbsp; &nbsp; P1</li>
-<li>&nbsp; &nbsp; Accessibility_Test</li>
-</ul>
-
-<p class="text">The only masters in this example (besides the library_level master) are</p>
-<p class="text">subprogram body executions, so there are at most 7 accessibility level objects</p>
-<p class="text">to worry about. In fact, the procedures Accessibility_Test, P1, and P3 do not</p>
-<p class="txts">require level objects, so there are only 4.</p>
-
-<p class="text">When P1 calls Call_Proc, it has to pass in two accessibility levels for the</p>
-<p class="text">parameters X and Y. Because it is passing in &quot;null&quot; values, it passes in
-the</p>
-<p class="txts">library level.</p>
-
-<p class="text">Inside this (i.e., the first) call to Call_Proc, Call_Proc builds its local</p>
-<p class="text">level object. Let&#39;s ignore the access-to-subprogram parameter for now and
-also</p>
-<p class="text">assume that we are not going to perform any filtering at this point to weed out</p>
-<p class="text">predecessors which contribute no new information. So the object declaration</p>
-<p class="txts">might be implemented as something like</p>
-
-<a id="t.2b08d5d51d77b293e5cb35961ea07222b84ee26a"></a><a id="t.6"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
-<p class="codt">&nbsp; &nbsp; Level : <b>aliased</b> <b>constant</b> Level_Object :=<br>
- &nbsp; &nbsp; &nbsp;(Predecessor_Count =&gt; 3,<br>
- &nbsp; &nbsp; &nbsp; Predecessors =&gt;<br>
- &nbsp; &nbsp; &nbsp; &nbsp; (Library_Level, X&#39;Accessibility_Level,
-Y&#39;Accessibility_Level));</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
-<p class="text">In this case, X&#39;Accessibility_Level and Y&#39;Accessibility_Level both
-yield</p>
-<p class="txts">Library_Level, so we get three copies of the same dependency. To recap:</p>
-
-<a id="t.15a3b4adbfb1011b5c02c7661ed40866e17e09c5"></a><a id="t.7"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
-<p class="codt">&nbsp; &nbsp; Call_Proc_Call_1.Level_Object = (3, (1..3 =&gt; Library_Level))</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
-<p class="text">Call Proc then calls P2, passing in Call_Proc_Call_1.Level_Object&#39;Access as
-the</p>
-<p class="text">accessibility level for X and passing along Library_Level as the accessibility</p>
-<p class="txts">level for Y.</p>
-
-<p class="text">P2, upon being called, builds its local level object in much the same way that</p>
-<p class="txts">Call_Proc did, ending up with</p>
-
-<a id="t.fc4a08cfca1d52439a6429e106e99d53986d61ce"></a><a id="t.8"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
-<p class="codt">&nbsp; &nbsp; P2.Level_Object = (3, (Library_Level,<br>
- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
-Call_Proc_Call_1.Level_Object&#39;Access,<br>
- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
-Library_Level));</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
-<p class="text">P2 then calls Call_Proc, passing along Call_Proc_Call_1.Level_Object&#39;Access
-as</p>
-<p class="txts">the accessibility level for X and passing in Library_Level as the level for Y.</p>
-
-<p class="text">Call_Proc, upon being called again, builds its local level object, ending up</p>
-<p class="text">with</p>
-<a id="t.4a978e074559dc084f6d9a56739644dff5adbab4"></a><a id="t.9"></a><table class="c13"><tbody><tr class="c10"><td class="c3">
-<p class="codt">&nbsp; &nbsp; Call_Proc_Call_2.Level_Object = (3, (Library_Level,<br>
- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
-&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Call_Proc_Call_1.Level_Object&#39;Access,<br>
- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
-&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Library_Level));</p>
-</td></tr></tbody></table><p class="text">&nbsp;</p>
-<p class="text">Call Proc then calls P3, passing along Call_Proc_Call_1.Level_Object&#39;Access
-as</p>
-<p class="text">the accessibility level for X and passing in</p>
-<p class="txts">Call_Proc_Call_2.Level_Object&#39;Access as the accessibility level for Y.</p>
-
-<p class="text">P3 now performs two accessibility checks. For the first access type conversion,</p>
-<p class="text">it compares the accessibility level for X (which is</p>
-<p class="text">Call_Proc_Call_1.Level_Object&#39;Access) to that of the access type Ref (which
-is</p>
-<p class="text">P2.Level_Object&#39;Access) so see if X is sufficiently long-lived. The answer
-is</p>
-<p class="text">yes, because X&#39;s level is a predecessor of Ref&#39;s, and the check passes
-as</p>
-<p class="txts">desired.</p>
-
-<p class="text">For the second access type conversion, the accessibility level of Y is used in</p>
-<p class="text">place of X&#39;s. The accessibility level of Y is</p>
-<p class="text">Call_Proc_Call_2.Level_Object&#39;Access, which is nowhere to be found in a</p>
-<p class="text">predecessor traversal starting from Ref&#39;s level. Thus, the check fails as</p>
-<p class="txts">desired.</p>
-
-<h2 class="head">!ACATS test</h2>
-
-<p class="text">No ACATS tests are needed for this specifically, although tests for many
-dynamic</p>
-<p class="txts">accessibility checks should include examples like those in these above
-descriptions.</p>
-
-<h2 class="head">!ASIS</h2>
-
-<p class="txts">This has no effect on the normative standard, so it has no effect on ASIS,
-either.</p>
-
-<h2 class="head">!appendix</h2>
-<p class="text">[Editor&#39;s note: Older relevant e-mail can be found in the !appendix of</p>
-<p class="txts">AI12-0016-1.]</p>
-
-<p class="txts">****************************************************************</p>
-
-
-
-</body></html> 

Questions? Ask the ACAA Technical Agent