!standard H.7(4/5)                               23-02-21  AI22-0052-1/02

!standard H.7(7/5)

!class Binding Interpretation 22-10-27

!status work item 22-10-27

!status received 22-10-27

!priority Low

!difficulty Easy

!qualifier Omission

!subject Storage Pool-related side effects


The Storage_Pool attribute of an access type may be used as a global name in order to more conveniently describe the effects of the implicit Storage_Pool calls associated with constructs such as allocators and unchecked deallocations.


In the case of a formal access type, precisely describing the effects of allocation/deallocation-related operations is impossible without this addition. In the case of a non-formal access type, this change improves maintainability.


To help in describing the effects of the (implicit) storage pool calls associated with an allocator or an unchecked deallocation, a Storage_Pool attribute reference may be used as a global name. This includes the case where the attribute prefix denotes a formal access-to-subprogram type. This is an Annex H feature.


Add after H.7(4/5):

An object_name used as a global_name may also be an attribute_reference with attribute designator Storage_Pool. [Redundant: The attribute prefix may denote a formal access-to-object type.]

 Modify H.7(7/5):

The Global aspect for a subtype identifies the global variables that might be referenced during default initialization, adjustment as part of assignment, finalization of an object of the subtype, or conversion to the subtype, including the evaluation of any assertion expressions that apply. {For a formal access-to-object subtype, or an access-to-object subtype whose storage pool is not a standard storage pool, the Global aspect identifies the global variables (other than the storage pool itself) that might be referenced by a call on Allocate, Deallocate, or Storage_Size for the storage pool type.} ... [Note: the rest is unchanged]


As explained in the !issue, side effects on storage pools can be significant. This AI attempts to address this. We only enforce checks on storage pools if the restriction No_Hidden_Indirect_Globals is present, since without that restriction the use of access types is not necessarily reflected at all within global aspects.

For standard storage pools, we don't worry about deallocation or Storage_Size, as they are not presumed to have any interesting side effects. We worry about allocation because if we were to write "Global => null" for a function that returns the result of an allocator, that implies that the function returns the same result on each invocation, which is clearly not the case. We don't worry about subprograms whose outputs don't include any parts that are visibly of an access type, to be consistent with the model that such "hidden" access types are presumed to be "well behaved". Clearly such an assumption is not always true, but we choose to follow this assumption consistently for the purposes of the Global aspect. Presuming they are "well behaved" then one would expect, for example, an equality operator over two "compound" objects involving hidden levels of indirection would follow those levels of indirection rather than having the equality depend on the particular values of the internal access values.


        type A is access Integer;
       type B is access Integer;
       for B'Storage_Pool use My_Cool_Storage_Pool;
       function New_A (X : Integer) return A
          with Global => in out synchronized;
       function New_B (Y : Integer) return B
          with Global => in out all;
            -- "in out synchronized" would not cover B'Storage_Pool
            -- unless My_Coll_Storage_Pool is a synchronized object
       function Another_New_B (Z : Integer) return B
          with Global => in out B'Storage_Pool;

!ACATS test

ACATS B and C-Tests are needed to check that Storage_Pools are included in the global as needed (or the code is rejected if not), when No_Hidden_Indirect_Globals is in effect..


This AI was originally considered as AI12-0410-1, which was deferred. This AI initially contained all of the relevant contents of that AI. There was no e-mail filed in that AI.