CVS difference for ais/ai-00363.txt

Differences between 1.5 and version 1.6
Log of other versions for file ais/ai-00363.txt

--- ais/ai-00363.txt	2004/06/08 01:04:53	1.5
+++ ais/ai-00363.txt	2004/07/27 23:01:06	1.6
@@ -1,5 +1,17 @@
-!standard  03.07(08/1)                                  04-06-05  AI95-00363/03
+!standard  03.03.1(9)                                   04-06-30  AI95-00363/04
+!standard  03.06(11)
+!standard  03.07.01(7/1)
+!standard  03.10(9)
+!standard  03.10.2(26)
+!standard  03.10.2(27)
+!standard  04.06(12.1/1)
+!standard  04.06(14)
+!standard  04.06(16)
+!standard  04.08(6)
+!standard  08.05.1(5/1)
 !class amendment 03-11-26
+!status Amendment 200Y 04-06-30
+!status ARG Approved 8-0-1  04-06-14
 !status work item 03-11-26
 !status received 03-11-15
 !priority High
@@ -83,7 +95,7 @@
 based on concerns about constrained access subtypes. However, the change
 might still be justified if we were concerned about the effect on optimizers
 if an array with aliased components were "viewed" as an array without aliased
-components, or vice-versa.  However, this is only a concern in the presence of
+components, or vice-versa. However, this is only a concern in the presence of
 shared generics, and in that case, this is a probably a negligible extra
 overhead. Hence, we recommend that AI-275 be dropped, and the changes
 associated with AI-168 (which are already in RM2000) be "backed out."
@@ -104,11 +116,14 @@
     apply (see 12.3), these rules apply also in the private part of an instance
     of a generic unit. In a generic body, this rule is checked presuming all
     formal access types of the generic might be general access types, and all
-    non-tagged discriminated formal types of the generic might have defaults.
+    untagged discriminated formal types of the generic might have defaults.
 
 [part 1] In 3.10(9), delete the last two sentences (starting with
 "If the view defined by an object_declaration is aliased...").
 
+    AARM NOTE: The rules about allocated objects being constrained by their
+    initial values are moved to 4.8.
+
 [part 1] Modify 3.10.2(26):
 
     ... unless this subtype is indefinite, or the variable is [aliased]
@@ -135,6 +150,10 @@
           unconstrained in any partial view, and the target designated
           subtype shall be unconstrained.
 
+      AARM Note: This does not require that types have a partial view in order
+          to allow the conversion, simply that any partial view that does exist
+          is unconstrained.
+
 [part 2] Replace 4.8(6) with:
 
     If the designated type of the allocator is elementary, then the subtype
@@ -145,14 +164,16 @@
     created object is constrained by its initial value (even if the designated
     subtype is unconstrained with defaults).
 
-  AARM NOTE: The created object is effectively contrained by its initial
-    value if the access type is an access-to-constant type, or the
-    designated type is limited (in all views), but we don't need to
-    state that here. It is implicit in other rules. Note, however,
-    that a value of an access-to-constant type can designate a variable
-    object via 'Access or conversion, and the variable object might
-    be assigned by some other access path, and that assignment might
-    alter the discriminants.
+  AARM NOTE: If there is a constrained partial view of the type, this
+    allows the objects to be unconstrained. This eliminates privacy breaking
+    (we don't want the objects to act different simply because they're
+    allocated). Such a created object is effectively contrained by its initial
+    value if the access type is an access-to-constant type, or the designated
+    type is limited (in all views), but we don't need to state that here. It is
+    implicit in other rules. Note, however, that a value of an
+    access-to-constant type can designate a variable object via 'Access or
+    conversion, and the variable object might be assigned by some other access
+    path, and that assignment might alter the discriminants.
 
 [part 1] Modify 8.5.1(5/1):
 
@@ -195,10 +216,9 @@
 with defaulted discriminants. Objects of such a type become
 constrained when allocated in the heap or declared as aliased.
 
-I know about this problem because a few years ago it hit
-some of our customers, because we had implemented Unbounded_Strings
-with a variant record, one variant for "short" strings, and
-one variant for longer strings. It is easy enough to solve
+Sofcheck reported that it hit some of their customers, because they had
+implemented Unbounded_Strings with a variant record. (One variant for "short"
+strings, and one variant for longer strings.) It is easy enough to solve
 by wrapping the full type in a record, but it seems a clear
 violation of the "spirit" of privateness, namely that objects
 of a private type with no visible discriminants should suddenly
@@ -216,8 +236,251 @@
 declared outside the scope of the full type.
 
 !example
+
+The Sofcheck example of the part 2 problem would look something like:
 
---!corrigendum
+    package Ada.Strings.Unbounded is
+        type Unbounded_String is private;
+        ...
+        type String_Access is access all String;
+        ...
+        function To_Unbounded_String (Source : in String)
+            return Unbounded_String;
+        ...
+    private
+        Small_Max : constant := 20;
+        type Unbounded_String (Small : Boolean := True) is
+            record
+                case Small is
+                    when True =>
+                        Length : Natural := 0;
+                        Data : String (1..Small_Max);
+                    when False =>
+                        Ptr : String_Access;
+                end case;
+            end record;
+    end Ada.Strings.Unbounded;
+
+    package body Ada.Strings.Unbounded is
+        function To_Unbounded_String (Source : in String)
+            return Unbounded_String is
+        begin
+            if Source'Length <= Small_Max then
+                return (Small => True, Length => Source'Length,
+                        Data => Source & (Source'Length+1..Small_Max => ' '));
+            else
+                return (Small => False, Ptr => new String'(Source));
+            end if;
+        end To_Unbounded_String;
+        ...
+    end Ada.Strings.Unbounded;
+
+    with Ada.Strings.Unbounded; use Ada.Strings.Unbounded;
+    procedure Test is
+        type Access_Unbounded is access Unbounded_String;
+        UStr : Unbounded_String;
+        AStr : Access_Unbounded := new Unbounded_String;
+    begin
+        UStr := To_Unbounded_String ("A string longer than Small_Max");
+            -- OK; the discriminant can be changed.
+        AStr.all := To_Unbounded_String ("A string longer than Small_Max");
+            -- Raises Constraint_Error in Ada 95; the discriminant cannot
+            -- be changed. OK with the proposed changes.
+    end Test;
+
+Because the AStr object is allocated from a storage pool, Ada 95 says that it
+is constrained by it's initial value (the null string in this case). That
+means that the attempt to assign a longer string raises Constraint_Error,
+even though the presense of the discriminants are unknown to the client.
+The proposed changes allow unconstrained allocated objects so long as they
+have a constrained partial view (as in this example), so this anomoly is
+eliminated.
+
+!corrigendum 3.3.1(9)
+
+@drepl
+If a composite object declared by an @fa<object_declaration> has an
+unconstrained nominal subtype, then if this subtype is indefinite or the object
+is constant or aliased (see 3.10) the actual subtype of this object is
+constrained. The constraint is determined by the bounds or discriminants (if
+any) of its initial value; the object is said to be @i<constrained by its
+initial value>. In the case of an aliased object, this initial value may be
+either explicit or implicit; in the other cases, an explicit initial value is
+required. When not constrained by its initial value, the actual and nominal
+subtypes of the object are the same. If its actual subtype is constrained, the
+object is called a @i<constrained object>.
+@dby
+If a composite object declared by an @fa<object_declaration> has an
+unconstrained nominal subtype, then if this subtype is indefinite or the object
+is constant the actual subtype of this object is constrained. The constraint is
+determined by the bounds or discriminants (if any) of its initial value; the
+object is said to be @i<constrained by its initial value>. When not constrained
+by its initial value, the actual and nominal subtypes of the object are the
+same. If its actual subtype is constrained, the object is called a
+@i<constrained object>.
+
+!corrigendum 3.6(11)
+
+@ddel
+Within the definition of a nonlimited composite type (or a limited composite
+type that later in its immediate scope becomes nonlimited -- see 7.3.1 and
+7.5), if a @fa<component_definition> contains the reserved word @b<aliased> and
+the type of the component is discriminated, then the nominal subtype of the
+component shall be constrained.
+
+!corrigendum 3.7.1(7/1)
+
+@drepl
+A @fa<discriminant_constraint> is only allowed in a @fa<subtype_indication> whose
+@fa<subtype_mark> denotes either an unconstrained discriminated subtype, or an
+unconstrained access subtype whose designated subtype is an unconstrained
+discriminated subtype. However, in the case of a general access subtype, a
+@fa<discriminant_constraint> is illegal if there is a place within the
+immediate scope of the designated subtype where the designated subtype's view
+is constrained.
+@dby
+A @fa<discriminant_constraint> is only allowed in a @fa<subtype_indication> whose
+@fa<subtype_mark> denotes either an unconstrained discriminated subtype, or an
+unconstrained access subtype whose designated subtype is an unconstrained
+discriminated subtype. However, in the case of a general access subtype, a
+@fa<discriminant_constraint> is illegal if the designated type has defaults for
+its discriminants. In addition to the places where Legality Rules normally
+apply (see 12.3), these rules apply also in the private part of an instance
+of a generic unit. In a generic body, this rule is checked presuming all
+formal access types of the generic might be general access types, and all
+untagged discriminated formal types of the generic might have defaults.
+
+!corrigendum 3.10(9)
+
+@drepl
+A view of an object is defined to be @i<aliased> if it is defined by an
+@fa<object_declaration> or @fa<component_definition> with the reserved word
+@b<aliased>, or by a renaming of an aliased view. In addition, the dereference
+of an access-to-object value denotes an aliased view, as does a view conversion
+(see 4.6) of an aliased view. Finally, the current instance of a limited type,
+and a formal parameter or generic formal object of a tagged type are defined to
+be aliased. Aliased views are the ones that can be designated by an access
+value. If the view defined by an @fa<object_declaration> is aliased, and the
+type of the object has discriminants, then the object is constrained; if its
+nominal subtype is unconstrained, then the object is constrained by its initial
+value. Similarly, if the object created by an @fa<allocator> has discriminants,
+the object is constrained, either by the designated subtype, or by its initial
+value.
+@dby
+A view of an object is defined to be @i<aliased> if it is defined by an
+@fa<object_declaration> or @fa<component_definition> with the reserved word
+@b<aliased>, or by a renaming of an aliased view. In addition, the dereference
+of an access-to-object value denotes an aliased view, as does a view conversion
+(see 4.6) of an aliased view. Finally, the current instance of a limited type,
+and a formal parameter or generic formal object of a tagged type are defined to
+be aliased. Aliased views are the ones that can be designated by an access
+value.
+
+!corrigendum 3.10.2(26)
+
+@drepl
+@xbullet<The view shall not be a subcomponent that depends on discriminants of
+a variable whose nominal subtype is unconstrained, unless this subtype is
+indefinite, or the variable is aliased.>
+@dby
+@xbullet<The view shall not be a subcomponent that depends on discriminants of
+a variable whose nominal subtype is unconstrained, unless this subtype is
+indefinite, or the variable is constrained by its initial value.>
+
+!corrigendum 3.10.2(27/1)
+
+@drepl
+@xinbull<If @i<A> is a named access type and @i<D> is a tagged type, then the
+type of the view shall be covered by @i<D>; if @i<A> is anonymous and @i<D> is
+tagged, then the type of the view shall be either @i<D>'Class or a type
+covered by @i<D>; if @i<D> is untagged, then the type of the view shall be
+@i<D>, and @i<A>'s designated subtype shall either statically match the
+nominal subtype of the view or be discriminated and unconstrained;>
+@dby
+@xinbull<If @i<A> is a named access type and @i<D> is a tagged type, then the
+type of the view shall be covered by @i<D>; if @i<A> is anonymous and @i<D> is
+tagged, then the type of the view shall be either @i<D>'Class or a type
+covered by @i<D>; if @i<D> is untagged, then the type of the view shall be
+@i<D>, and either:>
+@xi2bull<@i<A>'s designated subtype shall statically match the nominal subtype
+of the view; or>
+@xi2bull<@i<D> shall be discriminated in its full view and unconstrained in any
+partial view, and A's designated subtype shall be unconstrained.>
+
+!corrigendum 4.06(12.1/1)
+
+@drepl
+@xbullet<In a view conversion, the target type and the operand type shall both
+or neither have aliased components.>
+@dby
+@xbullet<In a view conversion, if the target type has aliased components, then
+so shall the operand type.>
+
+!corrigendum 4.06(14)
+
+@ddel
+@xbullet<If the target type is an access-to-variable type, then the operand
+type shall be an access-to-variable type;>
+
+!corrigendum 4.06(16)
+
+@drepl
+@xbullet<If the target designated type is not tagged, then the designated types
+shall be the same, and either the designated subtypes shall statically match or
+the target designated subtype shall be discriminated and unconstrained; and >
+@dby
+@xbullet<If the target designated type is not tagged, then the designated
+types shall be the same, and either:>
+@xinbull<the designated subtypes shall statically match; or>
+@xinbull<the designated type shall be discriminated in its full view and
+unconstrained in any partial view, and the target designated
+subtype shall be unconstrained;>
+
+@xbullet<If the target type is an access-to-variable type, then the operand
+type shall be an access-to-variable type; and>
+
+!corrigendum 4.08(6)
+
+@drepl
+If the designated type of the type of the @fa<allocator> is elementary, then
+the subtype of the created object is the designated subtype. If the designated
+type is composite, then the created object is always constrained; if the
+designated subtype is constrained, then it provides the constraint of the
+created object; otherwise, the object is constrained by its initial value (even
+if the designated subtype is unconstrained with defaults).
+@dby
+If the designated type of the type of the @fa<allocator> is elementary, then
+the subtype of the created object is the designated subtype. If the designated
+type is composite, then the subtype of the created object is the designated
+subtype when the designated subtype is constrained or there is a partial view
+of the designated type that is constrained; otherwise, the created object is
+constrained by its initial value (even if the designated subtype is
+unconstrained with defaults).
+
+!corrigendum 8.5.1(5)
+
+@drepl
+The renamed entity shall not be a subcomponent that depends on
+discriminants of a variable whose nominal subtype is unconstrained, unless
+this subtype is indefinite, or the variable is aliased. A @fa<slice> of an array
+shall not be renamed if this restriction disallows renaming of the array.
+In addition to the places where Legality Rules normally apply, these rules
+apply also in the private part of an instance of a generic unit. These rules
+also apply for a renaming that appears in the body of a generic unit, with
+the additional requirement that even if the nominal subtype of the variable is
+indefinite, its type shall not be a descendant of an untagged generic
+formal derived type.
+@dby
+The renamed entity shall not be a subcomponent that depends on
+discriminants of a variable whose nominal subtype is unconstrained, unless this
+subtype is indefinite, or the variable is constrained by its initial value. A
+@fa<slice> of an array shall not be renamed if this restriction disallows
+renaming of the array. In addition to the places where Legality Rules normally
+apply, these rules apply also in the private part of an instance of a generic
+unit. These rules also apply for a renaming that appears in the body of a
+generic unit, with the additional requirement that even if the nominal subtype
+of the variable is indefinite, its type shall not be a descendant of an
+untagged generic formal derived type.
 
 !ACATS test
 

Questions? Ask the ACAA Technical Agent