CVS difference for ais/ai-00058.txt

Differences between 1.1 and version 1.2
Log of other versions for file ais/ai-00058.txt

--- ais/ai-00058.txt	1998/09/30 00:17:11	1.1
+++ ais/ai-00058.txt	1999/03/22 23:00:31	1.2
@@ -1,4 +1,4 @@
-!standard E.2.1    (08)                               98-03-27  AI95-00058/06
+!standard E.2.1    (08)                               99-03-22  AI95-00058/07
 !class ramification 95-06-25
 !status work item 95-06-25
 !status received 95-06-25
@@ -6,40 +6,39 @@
 !difficulty Hard
 !subject Accessibility Rules for Shared_Passive Packages
 
-!summary 98-03-27
+!summary 99-03-22
 
-Consider a library unit P1, and a shared passive library unit P2.  The
-accessibility level of P1 is considered deeper than, and statically
-deeper than, that of P2, unless the declaration of P2 depends
-semantically on the declaration of P1.
-
-Bob will update this to address issues raised in the April 1998 meeting:
-
-???Or within the scope of a with_clause.  E.g. if we're in the body of
-one of the shared passive packages, then we know about more
-with_clauses, and we want to be able to take advantage of that case.
-
-??Perhaps define "not statically deeper" or "not known to be statically
-deeper", since the rules require "not statically deeper".  "Known to not
-be statically deeper".
+Consider a library unit P1, and a shared passive library unit P2.  If
+the declaration of P2 depends semantically on the declaration of P1,
+then the accessibility level of P2 is known (at all places) not to be
+statically deeper than that of P1.  Now consider a place within the
+declarative region of P2.  If this place is within the scope of a with
+clause that mentions P1, then the accessibility level of P2 is known (at
+that place) not to be statically deeper than that of P1.  Otherwise, the
+accessibility level of P1 is considered to be statically deeper than
+that of P2.
 
 Compile-time accessibility rules are enforced accordingly.
 
-Similarly, for a run-time Accessibility_Check that involves
-accessibility levels defined in terms of a shared passive library unit
-and one that is not shared passive, then the check is done as usual --
-Program_Error is raised if the check fails.
+The same definition applies to "deeper than" as for "statically deeper
+than" above.
 
+For a run-time Accessibility_Check that involves accessibility levels
+defined in terms of a shared passive library unit and one that is not
+shared passive, then the check is done as usual -- Program_Error is
+raised if the check fails.
+
 However, if the accessibility levels to be checked (at run time) are
 defined in terms of accessibility of two shared passive library units,
 then an implementation need not perform the check.  If the
 implementation ensures that all shared passive library units have the
-same lifetime as the program as a whole, then omitting such checks
-cannot cause dangling pointers.  On the other hand, if the
-implementation allows shared passive partitions to come and go during
-execution of the program as a whole, then the undetected failure of such
-a check can cause dangling pointers; ???Improve wording: in that case, the program's
-execution is defined to be erroneous.
+same lifetime as the program as a whole, and are universally
+addressable, then omitting such checks cannot cause dangling pointers.
+On the other hand, if the implementation allows shared passive
+partitions to come and go during execution of the program as a whole, or
+if some shared passive partitions are not addressable from others, then
+the undetected failure of such a check can cause dangling pointers; in
+that case, the program's execution is defined to be erroneous.
 
 !question 96-09-09
 
@@ -66,7 +65,7 @@
 as" or "deeper than" other accessibility levels.  So what does E.2.1(8)
 mean by "accessible from"?
 
-!response 98-03-27
+!response 99-03-22
 
 Within a single partition, it is possible to have an access value that
 designates a library level object in any library package.  This model
@@ -98,8 +97,8 @@
       the first package.
 
 In other words, a with_clause of A upon (shared passive) B constitutes a
-statement that the partition containing A will be able to address the
-partition containing B.
+statement that the partition containing A will (at all times) be able to
+address the partition containing B.
 
 Example 1:
 
@@ -116,7 +115,7 @@
    with P1, P2;
    procedure Main is
    begin
-      P2.Y := P1.X'Access; --Illegal.
+      P2.Y := P1.X'Access; -- Illegal.
    end Main;
 
 The intent of E.2.1(8) is that the above assignment be illegal, and the
@@ -151,8 +150,8 @@
    with P1, P2;
    procedure Main is
    begin
-      P2.Y := P1.X'Access; --Illegal.
-      P1.Y := P2.X'Access; --Illegal.
+      P2.Y := P1.X'Access; -- Illegal.
+      P1.Y := P2.X'Access; -- Illegal.
    end Main;
 
 P1 and P2 are both statically deeper than each other.  Therefore, both
@@ -193,8 +192,8 @@
    with P2;
    procedure P3(Z: access Integer) is
    begin
-      P2.Y := P2.A(Z); -- Erroneous. ??Not on all implementations
-      P2.Y := Z.all'Access; -- Erroneous.  "Possibly erroneous?"
+      P2.Y := P2.A(Z); -- Possibly erroneous.
+      P2.Y := Z.all'Access; -- Possibly erroneous.
    end P3;
 
    with P1, P3;
@@ -206,7 +205,8 @@
 In this case, it is not known at compile time of P3, whether Z
 designates an object in P1.  Furthermore, given the potential
 circularities in deepness, it is not easy to check this at run time.
-Therefore, we define the above situation to be erroneous.???On some implementations.
+Therefore, we define the above situation to be erroneous on any
+implementation where P3 cannot address P1.
 
 The accessibility rules in question are those on 'Access (where the
 result type is a general access type, or an access-to-subprogram type),
@@ -227,8 +227,8 @@
 partition.
 
 If we were to remove the "pragma Shared_Passive(P1);", then P1 would be
-part of the active partition, and the lines marked "-- Erroneous."??? would
-instead raise Program_Error.
+part of the active partition, and the lines marked "-- Possibly
+erroneous." would instead raise Program_Error.
 
 Example 4 illustrates various consequences of the rules given in this
 AI:
@@ -263,9 +263,9 @@
 
       function F return P1.Protected_Type is
       begin
-         return P1.Protected_Object; -- Erroneous.???
+         return P1.Protected_Object; -- Possibly erroneous.
       end F;
-      
+
       procedure Proc is
       begin
          Y := P1.X'Access; -- Illegal.
@@ -282,7 +282,7 @@
    package body G is
       function F return P1.Protected_Type is
       begin
-         return P1.Protected_Object; -- Erroneous.???
+         return P1.Protected_Object; -- Possibly erroneous.
       end F;
 
       procedure Proc is
@@ -304,9 +304,41 @@
    package body P3 is
       package G_Instance is new G;
    begin
-      G_Instance.Proc; -- Causes erroneous??? execution.
+      G_Instance.Proc; -- Can cause erroneous execution.
    end P3;
 
+Example 5 illustrates why the definition in the summary depends on the
+place:
+
+   package P1 is
+      X: aliased Integer;
+   end P1;
+
+   package P2 is
+      pragma Elaborate_Body; -- so we can have a body.
+      pragma Shared_Passive(P2);
+      type A is access all Integer;
+      Y: A;
+   end P2;
+
+   with P1, P2;
+   procedure Main is
+   begin
+      P2.Y := P1.X'Access; -- Illegal.
+   end Main;
+
+   with P1;
+   package body P2 is
+   begin
+      Y := P1.X'Access; -- OK.
+   end P2;
+
+In the body of P2, we are within the scope of "with P1;", so the
+accessibility level of P2 is known not to be statically deeper than that
+of P1.  Therefore, the statement marked "-- OK." is legal.  However, in
+Main, we don't know about the "with P1;" on the body of P2, so the same
+statement at that place is illegal.
+
 !appendix 97-03-19
 
 !section E.2.1(08)
@@ -686,6 +718,5 @@
 Israel
 972-3-695-1923
 pazy@world.std.com
-
 
 ****************************************************************

Questions? Ask the ACAA Technical Agent