3 Declarations and Types 1/3 {AI05-0299-1} This clause describes the types in the language and the rules for declaring constants, variables, and named numbers. 3.1 Declarations 1 The language defines several kinds of named entities that are declared by declarations. The entity's name is defined by the declaration, usually by a defining_identifier, but sometimes by a defining_character_literal or defining_- operator_symbol. 2 There are several forms of declaration. A basic_declaration is a form of declaration defined as follows. Syntax 3/3 {AI95-00348-01} {AI05-0177-1} basic_declaration ::= type_declaration | subtype_declaration | object_declaration | number_declaration | subprogram_declaration | abstract_subprogram_declaration | null_procedure_declaration | expression_function_declaration | package_declaration | renaming_declaration | exception_declaration | generic_declaration | generic_instantiation 4 defining_identifier ::= identifier Static Semantics 5 A declaration is a language construct that associates a name with (a view of) an entity. A declaration may appear explicitly in the program text (an explicit declaration), or may be supposed to occur at a given place in the text as a consequence of the semantics of another construct (an implicit declaration). 5.a Discussion: An implicit declaration generally declares a predefined or inherited operation associated with the definition of a type. This term is used primarily when allowing explicit declarations to override implicit declarations, as part of a type declaration. 6/3 {AI95-00318-02} {AI05-0255-1} {AI05-0277-1} Each of the following is defined to be a declaration: any basic_declaration; an enumeration_literal_- specification; a discriminant_specification; a component_declaration; a loop_- parameter_specification; an iterator_specification; a parameter_specification; a subprogram_body; an extended_return_object_declaration; an entry_declaration; an entry_index_specification; a choice_parameter_specification; a generic_formal_parameter_declaration. 6.a Discussion: This list (when basic_declaration is expanded out) contains all syntactic categories that end in "_declaration" or "_specification", except for program unit _specifications. Moreover, it contains subprogram_body. A subprogram_body is a declaration, whether or not it completes a previous declaration. This is a bit strange, subprogram_body is not part of the syntax of basic_declaration or library_unit_declaration. A renaming-as-body is considered a declaration. An accept_statement is not considered a declaration. Completions are sometimes declarations, and sometimes not. 7 All declarations contain a definition for a view of an entity. A view consists of an identification of the entity (the entity of the view), plus view-specific characteristics that affect the use of the entity through that view (such as mode of access to an object, formal parameter names and defaults for a subprogram, or visibility to components of a type). In most cases, a declaration also contains the definition for the entity itself (a renaming_declaration is an example of a declaration that does not define a new entity, but instead defines a view of an existing entity (see 8.5)). 7.a/2 Glossary entry: A view of an entity reveals some or all of the properties of the entity. A single entity may have multiple views. 7.b Discussion: Most declarations define a view (of some entity) whose view-specific characteristics are unchanging for the life of the view. However, subtypes are somewhat unusual in that they inherit characteristics from whatever view of their type is currently visible. Hence, a subtype is not a view of a type; it is more of an indirect reference. By contrast, a private type provides a single, unchanging (partial) view of its full type. 7.1/3 {AI05-0080-1} When it is clear from context, the term object is used in place of view of an object. Similarly, the terms type and subtype are used in place of view of a type and view of a subtype, respectively. 7.c/3 Discussion: Rules interpreted at compile time generally refer to views of entities, rather than the entities themselves. This is necessary to preserve privacy; characteristics that are not visible should not be used in compile-time rules. Thus, Static Semantics and Legality Rules generally implicitly have " view of". Legality Rules that need to look into the private part are the exception to this interpretation. 7.d/3 On the other hand, run-time rules can work either way, so "view of" should not be assumed in Dynamic Semantics rules. 8 For each declaration, the language rules define a certain region of text called the scope of the declaration (see 8.2). Most declarations associate an identifier with a declared entity. Within its scope, and only there, there are places where it is possible to use the identifier to refer to the declaration, the view it defines, and the associated entity; these places are defined by the visibility rules (see 8.3). At such places the identifier is said to be a name of the entity (the direct_name or selector_name); the name is said to denote the declaration, the view, and the associated entity (see 8.6). The declaration is said to declare the name, the view, and in most cases, the entity itself. 9 As an alternative to an identifier, an enumeration literal can be declared with a character_literal as its name (see 3.5.1), and a function can be declared with an operator_symbol as its name (see 6.1). 10 The syntax rules use the terms defining_identifier, defining_character_- literal, and defining_operator_symbol for the defining occurrence of a name; these are collectively called defining names. The terms direct_name and selector_name are used for usage occurrences of identifiers, character_literals, and operator_symbols. These are collectively called usage names. 10.a To be honest: The terms identifier, character_literal, and operator_symbol are used directly in contexts where the normal visibility rules do not apply (such as the identifier that appears after the end of a task_body). Analogous conventions apply to the use of designator, which is the collective term for identifier and operator_symbol. Dynamic Semantics 11 The process by which a construct achieves its run-time effect is called execution. This process is also called elaboration for declarations and evaluation for expressions. One of the terms execution, elaboration, or evaluation is defined by this International Standard for each construct that has a run-time effect. 11.a Glossary entry: The process by which a construct achieves its run-time effect is called execution. Execution of a declaration is also called elaboration. Execution of an expression is also called evaluation. 11.b To be honest: The term elaboration is also used for the execution of certain constructs that are not declarations, and the term evaluation is used for the execution of certain constructs that are not expressions. For example, subtype_indications are elaborated, and ranges are evaluated. 11.c For bodies, execution and elaboration are both explicitly defined. When we refer specifically to the execution of a body, we mean the explicit definition of execution for that kind of body, not its elaboration. 11.d Discussion: Technically, "the execution of a declaration" and "the elaboration of a declaration" are synonymous. We use the term "elaboration" of a construct when we know the construct is elaborable. When we are talking about more arbitrary constructs, we use the term "execution". For example, we use the term "erroneous execution", to refer to any erroneous execution, including erroneous elaboration or evaluation. 11.e When we explicitly define evaluation or elaboration for a construct, we are implicitly defining execution of that construct. 11.f We also use the term "execution" for things like statements, which are executable, but neither elaborable nor evaluable. We considered using the term "execution" only for nonelaborable, nonevaluable constructs, and defining the term "action" to mean what we have defined "execution" to mean. We rejected this idea because we thought three terms that mean the same thing was enough - four would be overkill. Thus, the term "action" is used only informally in the standard (except where it is defined as part of a larger term, such as "protected action"). 11.f.1/2 Glossary entry: The process by which a declaration achieves its run-time effect is called elaboration. Elaboration is one of the forms of execution. 11.f.2/2 Glossary entry: The process by which an expression achieves its run-time effect is called evaluation. Evaluation is one of the forms of execution. 11.g To be honest: A construct is elaborable if elaboration is defined for it. A construct is evaluable if evaluation is defined for it. A construct is executable if execution is defined for it. 11.h Discussion: Don't confuse "elaborable" with "preelaborable" (defined in 10.2.1). 11.i/2 {AI95-00114-01} Evaluation of an evaluable construct produces a result that is either a value, a denotation, or a range. The following are evaluable: expression; name prefix; range; entry_index_specification; and possibly discrete_range. The last one is curious - RM83 uses the term "evaluation of a discrete_range," but never defines it. One might presume that the evaluation of a discrete_range consists of the evaluation of the range or the subtype_indication, depending on what it is. But subtype_indications are not evaluated; they are elaborated. 11.j Intuitively, an executable construct is one that has a defined run-time effect (which may be null). Since execution includes elaboration and evaluation as special cases, all elaborable and all evaluable constructs are also executable. Hence, most constructs in Ada are executable. An important exception is that the constructs inside a generic unit are not executable directly, but rather are used as a template for (generally) executable constructs in instances of the generic. NOTES 12 1 At compile time, the declaration of an entity declares the entity. At run time, the elaboration of the declaration creates the entity. 12.a Ramification: Syntactic categories for declarations are named either entity_declaration (if they include a trailing semicolon) or entity_specification (if not). 12.b The various kinds of named entities that can be declared are as follows: an object (including components and parameters), a named number, a type (the name always refers to its first subtype), a subtype, a subprogram (including enumeration literals and operators), a single entry, an entry family, a package, a protected or task unit (which corresponds to either a type or a single object), an exception, a generic unit, a label, and the name of a statement. 12.c Identifiers are also associated with names of pragmas, arguments to pragmas, and with attributes, but these are not user-definable. Wording Changes from Ada 83 12.d The syntax rule for defining_identifier is new. It is used for the defining occurrence of an identifier. Usage occurrences use the direct_name or selector_name syntactic categories. Each occurrence of an identifier (or simple_name), character_literal, or operator_symbol in the Ada 83 syntax rules is handled as follows in Ada 95: 12.e * It becomes a defining_identifier, defining_character_literal, or defining_operator_symbol (or some syntactic category composed of these), to indicate a defining occurrence; 12.f/3 * {AI05-0299-1} It becomes a direct_name, in usage occurrences where the usage is required (in Clause 8) to be directly visible; 12.g/3 * {AI05-0299-1} It becomes a selector_name, in usage occurrences where the usage is required (in Clause 8) to be visible but not necessarily directly visible; 12.h * It remains an identifier, character_literal, or operator_symbol, in cases where the visibility rules do not apply (such as the designator that appears after the end of a subprogram_body). 12.i For declarations that come in "two parts" (program unit declaration plus body, private or incomplete type plus full type, deferred constant plus full constant), we consider both to be defining occurrences. Thus, for example, the syntax for package_body uses defining_identifier after the reserved word body, as opposed to direct_name. 12.j The defining occurrence of a statement name is in its implicit declaration, not where it appears in the program text. Considering the statement name itself to be the defining occurrence would complicate the visibility rules. 12.k The phrase "visible by selection" is not used in Ada 95. It is subsumed by simply "visible" and the Name Resolution Rules for selector_names. 12.l/3 {AI05-0299-1} (Note that in Ada 95, a declaration is visible at all places where one could have used a selector_name, not just at places where a selector_name was actually used. Thus, the places where a declaration is directly visible are a subset of the places where it is visible. See Clause 8 for details.) 12.m We use the term "declaration" to cover _specifications that declare (views of) objects, such as parameter_specifications. In Ada 83, these are referred to as a "form of declaration," but it is not entirely clear that they are considered simply " declarations." 12.n/3 {AI05-0299-1} RM83 contains an incomplete definition of "elaborated" in this subclause: it defines "elaborated" for declarations, declarative_parts, declarative_items and compilation_units, but "elaboration" is defined elsewhere for various other constructs. To make matters worse, Ada 95 has a different set of elaborable constructs. Instead of correcting the list, it is more maintainable to refer to the term "elaborable," which is defined in a distributed manner. 12.o RM83 uses the term "has no other effect" to describe an elaboration that doesn't do anything except change the state from not-yet-elaborated to elaborated. This was a confusing wording, because the answer to "other than what?" was to be found many pages away. In Ada 95, we change this wording to "has no effect" (for things that truly do nothing at run time), and "has no effect other than to establish that so-and-so can happen without failing the Elaboration_Check" (for things where it matters). 12.p We make it clearer that the term "execution" covers elaboration and evaluation as special cases. This was implied in RM83. For example, "erroneous execution" can include any execution, and RM83-9.4(3) has, "The task designated by any other task object depends on the master whose execution creates the task object;" the elaboration of the master's declarative_part is doing the task creation. Wording Changes from Ada 95 12.q/2 {AI95-00318-02} Added extended_return_statement to the list of declarations. 12.r/2 {AI95-00348-01} Added null procedures (see 6.7) to the syntax. Wording Changes from Ada 2005 12.s/3 {AI05-0177-1} Added expression functions (see 6.8) to the syntax. 3.2 Types and Subtypes Static Semantics 1 A type is characterized by a set of values, and a set of primitive operations which implement the fundamental aspects of its semantics. An object of a given type is a run-time entity that contains (has) a value of the type. 1.a/2 Glossary entry: Each object has a type. A type has an associated set of values, and a set of primitive operations which implement the fundamental aspects of its semantics. Types are grouped into categories. Most language-defined categories of types are also classes of types. 1.b/3 Glossary entry: A subtype is a type together with optional constraints, null exclusions, and predicates, which constrain the values of the subtype to satisfy certain conditions. The values of a subtype are a subset of the values of its type. 2/2 {AI95-00442-01} Types are grouped into categories of types. There exist several language-defined categories of types (see NOTES below), reflecting the similarity of their values and primitive operations. [Most categories of types form classes of types.] Elementary types are those whose values are logically indivisible; composite types are those whose values are composed of component values. 2.a/2 Proof: {AI95-00442-01} The formal definition of category and class is found in 3.4. 2.b/2 Glossary entry: A class is a set of types that is closed under derivation, which means that if a given type is in the class, then all types derived from that type are also in the class. The set of types of a class share common properties, such as their primitive operations. 2.b.1/2 Glossary entry: A category of types is a set of types with one or more common properties, such as primitive operations. A category of types that is closed under derivation is also known as a class. 2.c Glossary entry: An elementary type does not have components. 2.d/2 Glossary entry: A composite type may have components. 2.e Glossary entry: A scalar type is either a discrete type or a real type. 2.f Glossary entry: An access type has values that designate aliased objects. Access types correspond to "pointer types" or "reference types" in some other languages. 2.g Glossary entry: A discrete type is either an integer type or an enumeration type. Discrete types may be used, for example, in case_statements and as array indices. 2.h Glossary entry: A real type has values that are approximations of the real numbers. Floating point and fixed point types are real types. 2.i Glossary entry: Integer types comprise the signed integer types and the modular types. A signed integer type has a base range that includes both positive and negative numbers, and has operations that may raise an exception when the result is outside the base range. A modular type has a base range whose lower bound is zero, and has operations with "wraparound" semantics. Modular types subsume what are called "unsigned types" in some other languages. 2.j Glossary entry: An enumeration type is defined by an enumeration of its values, which may be named by identifiers or character literals. 2.k Glossary entry: A character type is an enumeration type whose values include characters. 2.l Glossary entry: A record type is a composite type consisting of zero or more named components, possibly of different types. 2.m Glossary entry: A record extension is a type that extends another type by adding additional components. 2.n Glossary entry: An array type is a composite type whose components are all of the same type. Components are selected by indexing. 2.o/2 Glossary entry: A task type is a composite type used to represent active entities which execute concurrently and which can communicate via queued task entries. The top-level task of a partition is called the environment task. 2.p/2 Glossary entry: A protected type is a composite type whose components are accessible only through one of its protected operations which synchronize concurrent access by multiple tasks. 2.q/2 Glossary entry: A private type gives a view of a type that reveals only some of its properties. The remaining properties are provided by the full view given elsewhere. Private types can be used for defining abstractions that hide unnecessary details from their clients. 2.r/2 Glossary entry: A private extension is a type that extends another type, with the additional properties hidden from its clients. 2.s/2 Glossary entry: An incomplete type gives a view of a type that reveals only some of its properties. The remaining properties are provided by the full view given elsewhere. Incomplete types can be used for defining recursive data structures. 3 The elementary types are the scalar types (discrete and real) and the access types (whose values provide access to objects or subprograms). Discrete types are either integer types or are defined by enumeration of their values (enumeration types). Real types are either floating point types or fixed point types. 4/2 {AI95-00251-01} {AI95-00326-01} The composite types are the record types, record extensions, array types, interface types, task types, and protected types. 4.a/2 This paragraph was deleted.{AI95-00442-01} 4.1/2 {AI95-00326-01} There can be multiple views of a type with varying sets of operations. [An incomplete type represents an incomplete view (see 3.10.1) of a type with a very restricted usage, providing support for recursive data structures. A private type or private extension represents a partial view (see 7.3) of a type, providing support for data abstraction. The full view (see 3.2.1) of a type represents its complete definition.] An incomplete or partial view is considered a composite type[, even if the full view is not]. 4.b/3 Proof: {AI05-0299-1} The real definitions of the views are in the referenced subclauses. 5/2 {AI95-00326-01} Certain composite types (and views thereof) have special components called discriminants whose values affect the presence, constraints, or initialization of other components. Discriminants can be thought of as parameters of the type. 6/2 {AI95-00366-01} The term subcomponent is used in this International Standard in place of the term component to indicate either a component, or a component of another subcomponent. Where other subcomponents are excluded, the term component is used instead. Similarly, a part of an object or value is used to mean the whole object or value, or any set of its subcomponents. The terms component, subcomponent, and part are also applied to a type meaning the component, subcomponent, or part of objects and values of the type. 6.a Discussion: The definition of "part" here is designed to simplify rules elsewhere. By design, the intuitive meaning of "part" will convey the correct result to the casual reader, while this formalistic definition will answer the concern of the compiler-writer. 6.b We use the term "part" when talking about the parent part, ancestor part, or extension part of a type extension. In contexts such as these, the part might represent an empty set of subcomponents (e.g. in a null record extension, or a nonnull extension of a null record). We also use "part" when specifying rules such as those that apply to an object with a "controlled part" meaning that it applies if the object as a whole is controlled, or any subcomponent is. 7/2 {AI95-00231-01} The set of possible values for an object of a given type can be subjected to a condition that is called a constraint (the case of a null constraint that specifies no restriction is also included)[; the rules for which values satisfy a given kind of constraint are given in 3.5 for range_constraints, 3.6.1 for index_constraints, and 3.7.1 for discriminant_constraints]. The set of possible values for an object of an access type can also be subjected to a condition that excludes the null value (see 3.10). 8/2 {AI95-00231-01} {AI95-00415-01} A subtype of a given type is a combination of the type, a constraint on values of the type, and certain attributes specific to the subtype. The given type is called the type of the subtype. Similarly, the associated constraint is called the constraint of the subtype. The set of values of a subtype consists of the values of its type that satisfy its constraint and any exclusion of the null value. Such values belong to the subtype. 8.a Discussion: We make a strong distinction between a type and its subtypes. In particular, a type is not a subtype of itself. There is no constraint associated with a type (not even a null one), and type-related attributes are distinct from subtype-specific attributes. 8.b Discussion: We no longer use the term "base type." All types were "base types" anyway in Ada 83, so the term was redundant, and occasionally confusing. In the RM95 we say simply "the type of the subtype" instead of "the base type of the subtype." 8.c Ramification: The value subset for a subtype might be empty, and need not be a proper subset. 8.d/2 To be honest: {AI95-00442-01} Any name of a category of types (such as "discrete", "real", or "limited") is also used to qualify its subtypes, as well as its objects, values, declarations, and definitions, such as an "integer type declaration" or an "integer value." In addition, if a term such as "parent subtype" or "index subtype" is defined, then the corresponding term for the type of the subtype is "parent type" or "index type." 8.e Discussion: We use these corresponding terms without explicitly defining them, when the meaning is obvious. 9 A subtype is called an unconstrained subtype if its type has unknown discriminants, or if its type allows range, index, or discriminant constraints, but the subtype does not impose such a constraint; otherwise, the subtype is called a constrained subtype (since it has no unconstrained characteristics). 9.a Discussion: In an earlier version of Ada 9X, "constrained" meant "has a nonnull constraint." However, we changed to this definition since we kept having to special case composite non-array/nondiscriminated types. It also corresponds better to the (now obsolescent) attribute 'Constrained. 9.b For scalar types, "constrained" means "has a nonnull constraint". For composite types, in implementation terms, "constrained" means that the size of all objects of the subtype is the same, assuming a typical implementation model. 9.c Class-wide subtypes are always unconstrained. NOTES 10/2 2 {AI95-00442-01} Any set of types can be called a "category" of types, and any set of types that is closed under derivation (see 3.4) can be called a "class" of types. However, only certain categories and classes are used in the description of the rules of the language - generally those that have their own particular set of primitive operations (see 3.2.3), or that correspond to a set of types that are matched by a given kind of generic formal type (see 12.5). The following are examples of "interesting" language-defined classes: elementary, scalar, discrete, enumeration, character, boolean, integer, signed integer, modular, real, floating point, fixed point, ordinary fixed point, decimal fixed point, numeric, access, access-to-object, access-to-subprogram, composite, array, string, (untagged) record, tagged, task, protected, nonlimited. Special syntax is provided to define types in each of these classes. In addition to these classes, the following are examples of "interesting" language-defined categories: abstract, incomplete, interface, limited, private, record. 10.a Discussion: A value is a run-time entity with a given type which can be assigned to an object of an appropriate subtype of the type. An operation is a program entity that operates on zero or more operands to produce an effect, or yield a result, or both. 10.b/2 Ramification: {AI95-00442-01} Note that a type's category (and class) depends on the place of the reference - a private type is composite outside and possibly elementary inside. It's really the view that is elementary or composite. Note that although private types are composite, there are some properties that depend on the corresponding full view - for example, parameter passing modes, and the constraint checks that apply in various places. 10.c/2 {AI95-00345-01} {AI95-00442-01} Every property of types forms a category, but not every property of types represents a class. For example, the set of all abstract types does not form a class, because this set is not closed under derivation. Similarly, the set of all interface types does not form a class. 10.d/2 {AI95-00442-01} The set of limited types does not form a class (since nonlimited types can inherit from limited interfaces), but the set of nonlimited types does. The set of tagged record types and the set of tagged private types do not form a class (because each of them can be extended to create a type of the other category); that implies that the set of record types and the set of private types also do not form a class (even though untagged record types and untagged private types do form a class). In all of these cases, we can talk about the category of the type; for instance, we can talk about the "category of limited types".. 10.e/2 {AI95-00442-01} Normatively, the language-defined classes are those that are defined to be inherited on derivation by 3.4; other properties either aren't interesting or form categories, not classes. 11/2 {AI95-00442-01} These language-defined categories are organized like this: 12/2 {AI95-00345-01} all types elementary scalar discrete enumeration character boolean other enumeration integer signed integer modular integer real floating point fixed point ordinary fixed point decimal fixed point access access-to-object access-to-subprogram composite untagged array string other array record task protected tagged (including interfaces) nonlimited tagged record limited tagged limited tagged record synchronized tagged tagged task tagged protected 13/2 {AI95-00345-01} {AI95-00442-01} There are other categories, such as "numeric" and "discriminated", which represent other categorization dimensions, but do not fit into the above strictly hierarchical picture. 13.a.1/2 Discussion: {AI95-00345-01} {AI95-00442-01} Note that this is also true for some categories mentioned in the chart. The category " task" includes both untagged tasks and tagged tasks. Similarly for "protected", "limited", and "nonlimited" (note that limited and nonlimited are not shown for untagged composite types). Wording Changes from Ada 83 13.a/3 {AI05-0299-1} This subclause now precedes the subclauses on objects and named numbers, to cut down on the number of forward references. 13.b We have dropped the term "base type" in favor of simply "type" (all types in Ada 83 were "base types" so it wasn't clear when it was appropriate/necessary to say "base type"). Given a subtype S of a type T, we call T the "type of the subtype S." Wording Changes from Ada 95 13.c/2 {AI95-00231-01} Added a mention of null exclusions when we're talking about constraints (these are not constraints, but they are similar). 13.d/2 {AI95-00251-01} Defined an interface type to be a composite type. 13.e/2 {AI95-00326-01} Revised the wording so that it is clear that an incomplete view is similar to a partial view in terms of the language. 13.f/2 {AI95-00366-01} Added a definition of component of a type, subcomponent of a type, and part of a type. These are commonly used in the standard, but they were not previously defined. 13.g/3 {AI95-00442-01} {AI05-0299-1} Reworded most of this subclause to use category rather than class, since so many interesting properties are not, strictly speaking, classes. Moreover, there was no normative description of exactly which properties formed classes, and which did not. The real definition of class, along with a list of properties, is now in 3.4. 3.2.1 Type Declarations 1 A type_declaration declares a type and its first subtype. Syntax 2 type_declaration ::= full_type_declaration | incomplete_type_declaration | private_type_declaration | private_extension_declaration 3/3 {AI05-0183-1} full_type_declaration ::= type defining_identifier [known_discriminant_part ] is type_definition [aspect_specification]; | task_type_declaration | protected_type_declaration 4/2 {AI95-00251-01} type_definition ::= enumeration_type_definition | integer_type_definition | real_type_definition | array_type_definition | record_type_definition | access_type_definition | derived_type_definition | interface_type_definition Legality Rules 5 A given type shall not have a subcomponent whose type is the given type itself. Static Semantics 6 The defining_identifier of a type_declaration denotes the first subtype of the type. The known_discriminant_part, if any, defines the discriminants of the type (see 3.7, "Discriminants"). The remainder of the type_declaration defines the remaining characteristics of (the view of) the type. 7/2 {AI95-00230-01} A type defined by a type_declaration is a named type; such a type has one or more nameable subtypes. Certain other forms of declaration also include type definitions as part of the declaration for an object. The type defined by such a declaration is anonymous - it has no nameable subtypes. For explanatory purposes, this International Standard sometimes refers to an anonymous type by a pseudo-name, written in italics, and uses such pseudo-names at places where the syntax normally requires an identifier. For a named type whose first subtype is T, this International Standard sometimes refers to the type of T as simply "the type T". 7.a/2 Ramification: {AI95-00230-01} The only user-defined types that can be anonymous in the above sense are array, access, task, and protected types. An anonymous array, task, or protected type can be defined as part of an object_declaration. An anonymous access type can be defined as part of numerous other constructs. 8/2 {AI95-00230-01} {AI95-00326-01} A named type that is declared by a full_type_declaration, or an anonymous type that is defined by an access_definition or as part of declaring an object of the type, is called a full type. The declaration of a full type also declares the full view of the type. The type_definition, task_definition, protected_definition, or access_- definition that defines a full type is called a full type definition. [Types declared by other forms of type_declaration are not separate types; they are partial or incomplete views of some full type.] 8.a To be honest: Class-wide, universal, and root numeric types are full types. 8.b/2 Reason: {AI95-00230-01} We need to mention access_definition separately, as it may occur in renames, which do not declare objects. 9 The definition of a type implicitly declares certain predefined operators that operate on the type, according to what classes the type belongs, as specified in 4.5, "Operators and Expression Evaluation". 9.a Discussion: We no longer talk about the implicit declaration of basic operations. These are treated like an if_statement - they don't need to be declared, but are still applicable to only certain classes of types. 10 The predefined types [(for example the types Boolean, Wide_Character, Integer, root_integer, and universal_integer)] are the types that are defined in [a predefined library package called] Standard[; this package also includes the [(implicit)] declarations of their predefined operators]. [The package Standard is described in A.1.] 10.a Ramification: We use the term "predefined" to refer to entities declared in the visible part of Standard, to implicitly declared operators of a type whose semantics are defined by the language, to Standard itself, and to the "predefined environment". We do not use this term to refer to library packages other than Standard. For example Text_IO is a language-defined package, not a predefined package, and Text_IO.Put_Line is not a predefined operation. Dynamic Semantics 11 The elaboration of a full_type_declaration consists of the elaboration of the full type definition. Each elaboration of a full type definition creates a distinct type and its first subtype. 11.a Reason: The creation is associated with the type definition, rather than the type declaration, because there are types that are created by full type definitions that are not immediately contained within a type declaration (e.g. an array object declaration, a singleton task declaration, etc.). 11.b Ramification: Any implicit declarations that occur immediately following the full type definition are elaborated where they (implicitly) occur. Examples 12 Examples of type definitions: 13 (White, Red, Yellow, Green, Blue, Brown, Black) range 1 .. 72 array(1 .. 10) of Integer 14 Examples of type declarations: 15 type Color is (White, Red, Yellow, Green, Blue, Brown, Black); type Column is range 1 .. 72; type Table is array(1 .. 10) of Integer; NOTES 16 3 Each of the above examples declares a named type. The identifier given denotes the first subtype of the type. Other named subtypes of the type can be declared with subtype_declarations (see 3.2.2). Although names do not directly denote types, a phrase like "the type Column" is sometimes used in this International Standard to refer to the type of Column, where Column denotes the first subtype of the type. For an example of the definition of an anonymous type, see the declaration of the array Color_Table in 3.3.1; its type is anonymous - it has no nameable subtypes. Wording Changes from Ada 83 16.a The syntactic category full_type_declaration now includes task and protected type declarations. 16.b/3 {AI05-0299-1} We have generalized the concept of first-named subtype (now called simply "first subtype") to cover all kinds of types, for uniformity of description elsewhere. RM83 defined first-named subtype in Section 13. We define first subtype here, because it is now a more fundamental concept. We renamed the term, because in Ada 95 some first subtypes have no name. 16.c/2 {AI95-00230-01} We no longer elaborate discriminant_parts, because there is nothing to do, and it was complex to say that you only wanted to elaborate it once for a private or incomplete type. This is also consistent with the fact that subprogram specifications are not elaborated (neither in Ada 83 nor in Ada 95). Note, however, that an access_definition appearing in a discriminant_part is elaborated at the full_type_declaration (for a nonlimited type) or when an object with such a discriminant is created (for a limited type). Wording Changes from Ada 95 16.d/2 {AI95-00230-01} Added wording so that anonymous access types are always full types, even if they appear in renames. 16.e/2 {AI95-00251-01} Added interface types (see 3.9.4) to the syntax. 16.f/2 {AI95-00326-01} Added a definition of full view, so that all types have a well-defined full view. Extensions to Ada 2005 16.g/3 {AI05-0183-1} An optional aspect_specification can be used in a full_type_declaration. This is described in 13.1.1. 3.2.2 Subtype Declarations 1 A subtype_declaration declares a subtype of some previously declared type, as defined by a subtype_indication. Syntax 2/3 {AI05-0183-1} subtype_declaration ::= subtype defining_identifier is subtype_indication [aspect_specification]; 3/2 {AI95-00231-01} subtype_indication ::= [null_exclusion ] subtype_mark [constraint] 4 subtype_mark ::= subtype_name 4.a Ramification: Note that name includes attribute_reference; thus, S'Base can be used as a subtype_mark. 4.b Reason: We considered changing subtype_mark to subtype_name. However, existing users are used to the word "mark," so we're keeping it. 5 constraint ::= scalar_constraint | composite_constraint 6 scalar_constraint ::= range_constraint | digits_constraint | delta_constraint 7 composite_constraint ::= index_constraint | discriminant_constraint Name Resolution Rules 8 A subtype_mark shall resolve to denote a subtype. The type determined by a subtype_mark is the type of the subtype denoted by the subtype_mark. 8.a/3 Ramification: {AI05-0005-1} Types are never directly named; all subtype_marks denote subtypes - possibly an unconstrained (base) subtype, but never the type. When we use the term anonymous type we really mean a type with no nameable subtypes. Dynamic Semantics 9 The elaboration of a subtype_declaration consists of the elaboration of the subtype_indication. The elaboration of a subtype_indication creates a new subtype. If the subtype_indication does not include a constraint, the new subtype has the same (possibly null) constraint as that denoted by the subtype_mark. The elaboration of a subtype_indication that includes a constraint proceeds as follows: 10 * The constraint is first elaborated. 11 * A check is then made that the constraint is compatible with the subtype denoted by the subtype_mark. 11.a Ramification: The checks associated with constraint compatibility are all Range_Checks. Discriminant_Checks and Index_Checks are associated only with checks that a value satisfies a constraint. 12 The condition imposed by a constraint is the condition obtained after elaboration of the constraint. The rules defining compatibility are given for each form of constraint in the appropriate subclause. These rules are such that if a constraint is compatible with a subtype, then the condition imposed by the constraint cannot contradict any condition already imposed by the subtype on its values. The exception Constraint_Error is raised if any check of compatibility fails. 12.a To be honest: The condition imposed by a constraint is named after it - a range_constraint imposes a range constraint, etc. 12.b Ramification: A range_constraint causes freezing of its type. Other constraints do not. NOTES 13 4 A scalar_constraint may be applied to a subtype of an appropriate scalar type (see 3.5, 3.5.9, and J.3), even if the subtype is already constrained. On the other hand, a composite_constraint may be applied to a composite subtype (or an access-to-composite subtype) only if the composite subtype is unconstrained (see 3.6.1 and 3.7.1). Examples 14 Examples of subtype declarations: 15/2 {AI95-00433-01} subtype Rainbow is Color range Red .. Blue; -- see 3.2.1 subtype Red_Blue is Rainbow; subtype Int is Integer; subtype Small_Int is Integer range -10 .. 10; subtype Up_To_K is Column range 1 .. K; -- see 3.2.1 subtype Square is Matrix(1 .. 10, 1 .. 10); -- see 3.6 subtype Male is Person(Sex => M); -- see 3.10.1 subtype Binop_Ref is not null Binop_Ptr; -- see 3.10 Incompatibilities With Ada 83 15.a In Ada 95, all range_constraints cause freezing of their type. Hence, a type-related representation item for a scalar type has to precede any range_constraints whose type is the scalar type. Wording Changes from Ada 83 15.b Subtype_marks allow only subtype names now, since types are never directly named. There is no need for RM83-3.3.2(3), which says a subtype_mark can denote both the type and the subtype; in Ada 95, you denote an unconstrained (base) subtype if you want, but never the type. 15.c The syntactic category type_mark is now called subtype_mark, since it always denotes a subtype. Extensions to Ada 95 15.d/2 {AI95-00231-01} An optional null_exclusion can be used in a subtype_indication. This is described in 3.10. Extensions to Ada 2005 15.e/3 {AI05-0183-1} An optional aspect_specification can be used in a subtype_declaration. This is described in 13.1.1. 3.2.3 Classification of Operations Static Semantics 1/2 {AI95-00416-01} An operation operates on a type T if it yields a value of type T, if it has an operand whose expected type (see 8.6) is T, or if it has an access parameter or access result type (see 6.1) designating T. A predefined operator, or other language-defined operation such as assignment or a membership test, that operates on a type, is called a predefined operation of the type. The primitive operations of a type are the predefined operations of the type, plus any user-defined primitive subprograms. 1.a Glossary entry: The primitive operations of a type are the operations (such as subprograms) declared together with the type declaration. They are inherited by other types in the same class of types. For a tagged type, the primitive subprograms are dispatching subprograms, providing run-time polymorphism. A dispatching subprogram may be called with statically tagged operands, in which case the subprogram body invoked is determined at compile time. Alternatively, a dispatching subprogram may be called using a dispatching call, in which case the subprogram body invoked is determined at run time. 1.b To be honest: Protected subprograms are not considered to be " primitive subprograms," even though they are subprograms, and they are inherited by derived types. 1.c Discussion: We use the term "primitive subprogram" in most of the rest of the manual. The term "primitive operation" is used mostly in conceptual discussions. 2 The primitive subprograms of a specific type are defined as follows: 3 * The predefined operators of the type (see 4.5); 4 * For a derived type, the inherited (see 3.4) user-defined subprograms; 5 * For an enumeration type, the enumeration literals (which are considered parameterless functions - see 3.5.1); 6 * For a specific type declared immediately within a package_specification, any subprograms (in addition to the enumeration literals) that are explicitly declared immediately within the same package_specification and that operate on the type; 6.1/3 * {AI05-0128-1} For a specific type with an explicitly declared primitive "=" operator whose result type is Boolean, the corresponding "/=" operator (see 6.6); 7/2 * {AI95-00200-01} For a nonformal type, any subprograms not covered above [that are explicitly declared immediately within the same declarative region as the type] and that override (see 8.3) other implicitly declared primitive subprograms of the type. 7.a Discussion: In Ada 83, only subprograms declared in the visible part were "primitive" (i.e. derivable). In Ada 95, mostly because of child library units, we include all operations declared in the private part as well, and all operations that override implicit declarations. 7.b Ramification: It is possible for a subprogram to be primitive for more than one type, though it is illegal for a subprogram to be primitive for more than one tagged type. See 3.9. 7.c Discussion: The order of the implicit declarations when there are both predefined operators and inherited subprograms is described in 3.4, "Derived Types and Classes". 7.d/2 Ramification: {AI95-00200-01} Subprograms declared in a generic package specification are never primitive for a formal type, even if they happen to override an operation of the formal type. This includes formal subprograms, which are never primitive operations (that's true even for an abstract formal subprogram). 8 A primitive subprogram whose designator is an operator_symbol is called a primitive operator. Incompatibilities With Ada 83 8.a The attribute S'Base is no longer defined for nonscalar subtypes. Since this was only permitted as the prefix of another attribute, and there are no interesting nonscalar attributes defined for an unconstrained composite or access subtype, this should not affect any existing programs. Extensions to Ada 83 8.b The primitive subprograms (derivable subprograms) include subprograms declared in the private part of a package specification as well, and those that override implicitly declared subprograms, even if declared in a body. Wording Changes from Ada 83 8.c We have dropped the confusing term operation of a type in favor of the more useful primitive operation of a type and the phrase operates on a type. 8.d The description of S'Base has been moved to 3.5, "Scalar Types" because it is now defined only for scalar types. Wording Changes from Ada 95 8.e/2 {AI95-00200-01} Clarified that a formal subprogram that happens to override a primitive operation of a formal type is not a primitive operation (and thus not a dispatching operation) of the formal type. 8.f/2 {AI95-00416-01} Added wording to include access result types in the kinds of operations that operate on a type T. Wording Changes from Ada 2005 8.g/3 {AI05-0128-1} Correction: The implicitly declared "/=" for a primitive "=" operator is also primitive; this makes it eligible to be made visible by a use type clause. 3.2.4 Subtype Predicates 1/3 {AI05-0153-3} {AI05-0269-1} {AI05-0299-1} The language-defined predicate aspects Static_Predicate and Dynamic_Predicate may be used to define properties of subtypes. A predicate specification is an aspect_specification for one of the two predicate aspects. General rules for aspects and aspect_specifications are found in Clause 13 (13.1 and 13.1.1 respectively). 1.a/3 Aspect Description for Static_Predicate: Condition that must hold true for objects of a given subtype; the subtype may be static. 1.b/3 Aspect Description for Dynamic_Predicate: Condition that must hold true for objects of a given subtype; the subtype is not static. Name Resolution Rules 2/3 {AI05-0153-3} The expected type for a predicate aspect expression is any boolean type. Static Semantics 3/3 {AI05-0153-3} A predicate specification may be given on a type_declaration or a subtype_declaration, and applies to the declared subtype. In addition, predicate specifications apply to certain other subtypes: 4/4 * {AI12-0071-1} {AI12-0099-1} For a (first) subtype defined by a type declaration, any predicates of parent or progenitor subtypes apply. 5/3 * For a subtype created by a subtype_indication, the predicate of the subtype denoted by the subtype_mark applies. 6/4 This paragraph was deleted.{AI05-0153-3} {AI12-0071-1} 7/3 {AI05-0290-1} Predicate checks are defined to be enabled or disabled for a given subtype as follows: 8/3 * If a subtype is declared by a type_declaration or subtype_declaration that includes a predicate specification, then: 9/3 * if performing checks is required by the Static_Predicate assertion policy (see 11.4.2) and the declaration includes a Static_Predicate specification, then predicate checks are enabled for the subtype; 10/3 * if performing checks is required by the Dynamic_Predicate assertion policy (see 11.4.2) and the declaration includes a Dynamic_Predicate specification, then predicate checks are enabled for the subtype; 11/3 * otherwise, predicate checks are disabled for the subtype[, regardless of whether predicate checking is enabled for any other subtypes mentioned in the declaration]; 12/4 * {AI12-0099-1} If a subtype is defined by a type declaration that does not include a predicate specification, then predicate checks are enabled for the subtype if and only if any predicate checks are enabled for parent or progenitor subtypes; 13/3 * If a subtype is created by a subtype_indication other than in one of the previous cases, then predicate checks are enabled for the subtype if and only if predicate checks are enabled for the subtype denoted by the subtype_mark; 14/3 * Otherwise, predicate checks are disabled for the given subtype. 14.a/3 Discussion: In this case, no predicate specifications can apply to the subtype and so it doesn't typically matter whether predicate checks are enabled. This rule does make a difference, however, when determining whether predicate checks are enabled for another type when this type is one of multiple progenitors. See the " derived type declaration" wording above. 14.b/4 {AI12-0071-1} Even when predicate checks are disabled, a predicate can affect various Legality Rules, the results of membership tests, the items in a for loop, and the result of the Valid attribute. 14.1/4 {AI12-0054-2} For a subtype with a directly-specified predicate aspect, the following additional language-defined aspect may be specified with an aspect_specification (see 13.1.1): 14.2/4 Predicate_Failure This aspect shall be specified by an expression, which determines the action to be performed when a predicate check fails because a directly-specified predicate aspect of the subtype evaluates to False, as explained below. 14.b.1/4 Aspect Description for Predicate_Failure: Action to be performed when a predicate check fails. Name Resolution Rules 14.3/4 {AI12-0054-2} The expected type for the Predicate_Failure expression is String. Legality Rules 15/3 {AI05-0153-3} {AI05-0269-1} The expression of a Static_Predicate specification shall be predicate-static; that is, one of the following: 16/3 * a static expression; 17/4 * {AI12-0039-1} a membership test whose tested_simple_expression is the current instance, and whose membership_choice_list meets the requirements for a static membership test (see 4.9); 18/3 * a case_expression whose selecting_expression is the current instance, and whose dependent_expressions are static expressions; 19/3 * a call to a predefined equality or ordering operator, where one operand is the current instance, and the other is a static expression; 20/4 * {AI05-0262-1} {AI12-0099-1} a call to a predefined boolean operator and, or, xor, or not, where each operand is predicate-static; 21/3 * {AI05-0269-1} a short-circuit control form where both operands are predicate-static; or 22/3 * a parenthesized predicate-static expression. 23/3 {AI05-0262-1} A predicate shall not be specified for an incomplete subtype. 23.a/3 Reason: The expression of such a predicate could not depend on the properties of the value of the type (since it doesn't have any), so it is useless and we don't want to require the added complexity needed to support it. 24/3 {AI05-0287-1} If a predicate applies to a subtype, then that predicate shall not mention any other subtype to which the same predicate applies. 24.a/3 Reason: This is intended to prevent recursive predicates, which cause definitional problems for static predicates. Inside of the predicate, the subtype name refers to the current instance of the subtype, which is an object, so a direct use of the subtype name cannot be recursive. But other subtypes naming the same type might: 24.b/3 type Really_Ugly is private; private subtype Ugly is Really_Ugly; type Really_Ugly is new Integer with Static_Predicate => Really_Ugly not in Ugly; -- Illegal! 25/3 {AI05-0153-3} An index subtype, discrete_range of an index_constraint or slice, or a discrete_subtype_definition of a constrained_array_definition, entry_declaration, or entry_index_specification shall not denote a subtype to which predicate specifications apply. 26/3 {AI05-0153-3} The prefix of an attribute_reference whose attribute_designator is First, Last, or Range shall not denote a scalar subtype to which predicate specifications apply. 26.a/3 Reason: {AI05-0297-1} This is to prevent confusion about whether the First value is the lowest value of the subtype (which does not depend on the predicate) or the lowest value of the subtype which meets the predicate. (For a dynamic predicate, determining this latter value is expensive as it would usually require a loop.) For a static subtype that has a static predicate, the First_Valid and Last_Valid attributes (see 3.5.5) can be used instead. 27/3 {AI05-0153-3} {AI05-0262-1} {AI05-0287-1} The discrete_subtype_definition of a loop_parameter_specification shall not denote a nonstatic subtype to which predicate specifications apply or any subtype to which Dynamic_Predicate specifications apply. 28/3 {AI05-0153-3} {AI05-0262-1} The discrete_choice of a named_array_aggregate shall not denote a nonstatic subtype to which predicate specifications apply. 28.a/3 Reason: {AI05-0262-1} This rule prevents noncontiguous dynamically bounded array aggregates, which could be expensive to check for. (Array aggregates have rules to prevent problems with static subtypes.) We define this rule here so that the runtime generic body check applies. 29/3 {AI05-0262-1} In addition to the places where Legality Rules normally apply (see 12.3), these rules apply also in the private part of an instance of a generic unit. Dynamic Semantics 29.1/4 {AI125-0071} If any of the above Legality Rules is violated in an instance of a generic unit, Program_Error is raised at the point of the violation. 29.a/4 Discussion: This is the usual way around the contract model; this applies even in instance bodies. Note that errors in instance specifications will be detected at compile-time by the "re-check" of the specification, only errors in the body should raise Program_Error. 29.2/4 {AI12-0071-1} To determine whether a value satisfies the predicates of a subtype S, the following tests are performed in the following order, until one of the tests fails, in which case the predicates are not satisfied and no further tests are performed, or all of the tests succeed, in which case the predicates are satisfied: 29.3/4 * the value is first tested to determine whether it satisfies any constraints or any null exclusion of S; 29.4/4 * then: 29.5/4 * if S is a first subtype, the value is tested to determine whether it satisfies the predicates of the parent and progenitor subtypes (if any) of S (in an arbitrary order); 29.b/4 Ramification: This rule has an effect for derived types (which have a parent subtype and may have progenitors) and for task and protected types (which may have progentitors). Other kinds of type declarations can have neither, and no test is required for other first subtypes. 29.6/4 * if S is defined by a subtype_indication, the value is tested to determine whether it satisfies the predicates of the subtype denoted by the subtype_mark of the subtype_indication; 29.7/4 * finally, if S is defined by a declaration to which one or more predicate specifications apply, the predicates are evaluated (in an arbitrary order) to test that all of them yield True for the given value. 29.b.1/4 Discussion: It is important to stop on the first of the above steps that fails, as later steps might presume that the earlier steps had succeeded. 30/3 {AI05-0153-3} {AI05-0290-1} If predicate checks are enabled for a given subtype, then: 31/4 {AI12-0054-2} {AI12-0071-1} [On every subtype conversion, a check is performed that the operand satisfies the predicates of the target subtype. This includes all parameter passing, except for certain parameters passed by reference, which are covered by the following rule: ] After normal completion and leaving of a subprogram, for each in out or out parameter that is passed by reference, a check is performed that the value of the parameter satisfies the predicates of the subtype of the actual. For an object created by an object_declaration with no explicit initialization expression, or by an uninitialized allocator, if any subcomponents have default_expressions, a check is performed that the value of the created object satisfies the predicates of the nominal subtype. 31.1/4 {AI12-0054-2} If any of the predicate checks fail, Assertion_Error is raised, unless the subtype whose directly-specified predicate aspect evaluated to False also has a directly-specified Predicate_Failure aspect. In that case, the specified Predicate_Failure expression is evaluated; if the evaluation of the Predicate_Failure expression propagates an exception occurrence, then this occurrence is propagated for the failure of the predicate check; otherwise, Assertion_Error is raised, with an associated message string defined by the value of the Predicate_Failure expression. In the absence of such a Predicate_Failure aspect, an implementation-defined message string is associated with the Assertion_Error exception. 31.a/3 Ramification: Predicates are not evaluated at the point of the (sub)type declaration. 31.b/3 Implementation Note: Static_Predicate checks can be removed even in the presence of potentially invalid values, just as constraint checks can be removed. 31.c/4 Implementation defined: The message string associated with the Assertion_Error exception raised by the failure of a predicate check if there is no applicable Predicate_Failure aspect. 32/4 This paragraph was deleted.{AI05-0262-1} {AI125-0071} 33/4 This paragraph was deleted.{AI05-0153-3} {AI05-0276-1} {AI125-0071} 33.a/4 This paragraph was deleted. NOTES 34/3 5 {AI05-0153-3} A predicate specification does not cause a subtype to be considered constrained. 35/3 6 {AI05-0153-3} A Static_Predicate, like a constraint, always remains True for all objects of the subtype, except in the case of uninitialized variables and other invalid values. A Dynamic_Predicate, on the other hand, is checked as specified above, but can become False at other times. For example, the predicate of a record subtype is not checked when a subcomponent is modified. 36/4 7 {AI12-0071-1} No predicates apply to the base subtype of a scalar type; every value of a scalar type T is considered to satisfy the predicates of T'Base. 37/4 8 {AI12-0054-2} Predicate_Failure expressions are never evaluated during the evaluation of a membership test (see 4.5.2) or Valid attribute (see 13.9.2). 38/4 9 {AI12-0054-2} A Predicate_Failure expression can be a raise_expression (see 11.3). Examples 39/4 {AI12-0054-2} subtype Basic_Letter is Character -- See A.3.2 for "basic letter". with Static_Predicate => Basic_Letter in 'A'..'Z' | 'a'..'z' | 'Æ' | 'æ' | 'Ð' | 'ð' | 'Þ' | 'þ' | 'ß'; 40/4 {AI12-0054-2} subtype Even_Integer is Integer with Dynamic_Predicate => Even_Integer mod 2 = 0, Predicate_Failure => "Even_Integer must be a multiple of 2"; 41/4 {AI12-0054-2} Text_IO (see A.10.1) could have used predicates to describe some common exceptional conditions as follows: 42/4 with Ada.IO_Exceptions; package Ada.Text_IO is 43/4 type File_Type is limited private; 44/4 subtype Open_File_Type is File_Type with Dynamic_Predicate => Is_Open (Open_File_Type), Predicate_Failure => raise Status_Error with "File not open"; subtype Input_File_Type is Open_File_Type with Dynamic_Predicate => Mode (Input_File_Type) = In_File, Predicate_Failure => raise Mode_Error with "Cannot read file: " & Name (Input_File_Type); subtype Output_File_Type is Open_File_Type with Dynamic_Predicate => Mode (Output_File_Type) /= In_File, Predicate_Failure => raise Mode_Error with "Cannot write file: " & Name (Output_File_Type); 45/4 ... 46/4 function Mode (File : in Open_File_Type) return File_Mode; function Name (File : in Open_File_Type) return String; function Form (File : in Open_File_Type) return String; 47/4 ... 48/4 procedure Get (File : in Input_File_Type; Item : out Character); 49/4 procedure Put (File : in Output_File_Type; Item : in Character); 50/4 ... 51/4 -- Similarly for all of the other input and output subprograms. Extensions to Ada 2005 51.a/3 {AI05-0153-3} {AI05-0262-1} {AI05-0276-1} {AI05-0290-1} Predicate aspects are new in Ada 2012. Extensions to Ada 2012 51.b/4 {AI12-0054-2} Corrigendum: The Predicate_Failure aspect is new. We can consider this a correction as it is always possible for implementers to add implementation-defined aspects, so the same is true for language-defined aspects. Wording Changes from Ada 2012 51.c/4 {AI12-0071-1} Corrigendum: Specified the order of evaluation of most predicates, by defining the new term "satisfies the predicates of the subtype". This is not inconsistent, as the order previously was unspecified, so any code depending on the order was incorrect. The change is necessary so that the Predicate_Failure aspect has consistent results in cases where multiple predicates and aspects apply; see the Ada.Text_IO example above for such a case. 51.d/4 {AI12-0099-1} Corrigendum: Revised wording to ensure all kinds of types are covered, including the anonymous task associated with a single_task_declaration, and generalized it. 51.e/4 {AI12-0099-1} Corrigendum: Revised wording to list the boolean operators that can be predicate-static, to eliminate confusion about whether not is included. 3.3 Objects and Named Numbers 1 [Objects are created at run time and contain a value of a given type. An object can be created and initialized as part of elaborating a declaration, evaluating an allocator, aggregate, or function_call, or passing a parameter by copy. Prior to reclaiming the storage for an object, it is finalized if necessary (see 7.6.1).] Static Semantics 2 All of the following are objects: 2.a Glossary entry: An object is either a constant or a variable. An object contains a value. An object is created by an object_declaration or by an allocator. A formal parameter is (a view of) an object. A subcomponent of an object is an object. 3 * the entity declared by an object_declaration; 4 * a formal parameter of a subprogram, entry, or generic subprogram; 5 * a generic formal object; 6 * a loop parameter; 7 * a choice parameter of an exception_handler; 8 * an entry index of an entry_body; 9 * the result of dereferencing an access-to-object value (see 4.1); 10/3 * {AI95-00416-01} {AI05-0015-1} the return object of a function; 11 * the result of evaluating an aggregate; 11.1/3 * {AI05-0003-1} a qualified_expression whose operand denotes an object; 12 * a component, slice, or view conversion of another object. 13/3 {AI05-0054-2} An object is either a constant object or a variable object. Similarly, a view of an object is either a constant or a variable. All views of a constant elementary object are constant. All views of a constant composite object are constant, except for parts that are of controlled or immutably limited types; variable views of those parts and their subcomponents may exist. In this sense, objects of controlled and immutably limited types are inherently mutable. A constant view of an object cannot be used to modify its value. The terms constant and variable by themselves refer to constant and variable views of objects. 14 The value of an object is read when the value of any part of the object is evaluated, or when the value of an enclosing object is evaluated. The value of a variable is updated when an assignment is performed to any part of the variable, or when an assignment is performed to an enclosing object. 14.a Ramification: Reading and updating are intended to include read/write references of any kind, even if they are not associated with the evaluation of a particular construct. Consider, for example, the expression "X.all(F)", where X is an access-to-array object, and F is a function. The implementation is allowed to first evaluate "X.all" and then F. Finally, a read is performed to get the value of the F'th component of the array. Note that the array is not necessarily read as part of the evaluation of " X.all". This is important, because if F were to free X using Unchecked_Deallocation, we want the execution of the final read to be erroneous. 15 Whether a view of an object is constant or variable is determined by the definition of the view. The following (and no others) represent constants: 16 * an object declared by an object_declaration with the reserved word constant; 16.a/2 To be honest: {AI95-00385-01} We mean the word constant as defined by the grammar for object_declaration, not some random word constant. Thus, 16.b/2 X : access constant T; 16.c/2 is not a constant. 17 * a formal parameter or generic formal object of mode in; 18 * a discriminant; 18.1/3 * {AI05-0262-1} a loop parameter unless specified to be a variable for a generalized loop (see 5.5.2); 19/3 * {AI05-0262-1} a choice parameter or entry index; 20 * the dereference of an access-to-constant value; 20.1/3 * {AI05-0015-1} the return object declared by an extended_return_statement with the reserved word constant; 21/3 * {AI05-0015-1} the object denoted by a function_call or an aggregate; 21.1/3 * {AI05-0003-1} the result of evaluating a qualified_expression; 21.2/3 * {AI05-0120-1} within the body of a protected function (or a function declared immediately within a protected_body), the current instance of the enclosing protected unit; 22 * a selected_component, indexed_component, slice, or view conversion of a constant. 23/3 {AI05-0264-1} At the place where a view of an object is defined, a nominal subtype is associated with the view. The object's actual subtype (that is, its subtype) can be more restrictive than the nominal subtype of the view; it always is if the nominal subtype is an indefinite subtype. A subtype is an indefinite subtype if it is an unconstrained array subtype, or if it has unknown discriminants or unconstrained discriminants without defaults (see 3.7); otherwise, the subtype is a definite subtype [(all elementary subtypes are definite subtypes)]. [A class-wide subtype is defined to have unknown discriminants, and is therefore an indefinite subtype. An indefinite subtype does not by itself provide enough information to create an object; an additional constraint or explicit initialization expression is necessary (see 3.3.1). A component cannot have an indefinite nominal subtype.] 23.1/3 {AI05-0008-1} A view of a composite object is known to be constrained if: 23.2/3 * its nominal subtype is constrained, and is not an untagged partial view; or 23.3/3 * its nominal subtype is indefinite; or 23.4/3 * {AI05-0008-1} {AI05-0093-1} its type is immutably limited (see 7.5); or 23.5/3 * it is part of a stand-alone constant (including a generic formal object of mode in); or 23.6/3 * it is part of a formal parameter of mode in; or 23.7/3 * it is part of the object denoted by a function_call or aggregate; or 23.8/3 * it is part of a constant return object of an extended_return_statement; or 23.9/3 * {AI05-0008-1} {AI05-0041-1} it is a dereference of a pool-specific access type, and there is no ancestor of its type that has a constrained partial view. 23.a/3 Discussion: We do not include dereferences of general access types because they might denote stand-alone aliased unconstrained variables. That's true even for access-to-constant types (the denoted object does not have to be a constant). 23.b/3 {AI05-0005-1} {AI05-0008-1} There are other cases that could have been included in this definition (view conversions, the current instance of a type, objects of a formal discriminated private type), but these are not relevant to the places this term is used, so they were not included. If this term is used in additional places, the definition should be checked to see if any of these additional cases are relevant and appropriate wording added if necessary. 23.10/3 {AI05-0008-1} {AI05-0041-1} For the purposes of determining within a generic body whether an object is known to be constrained: 23.11/3 * if a subtype is a descendant of an untagged generic formal private or derived type, and the subtype is not an unconstrained array subtype, it is not considered indefinite and is considered to have a constrained partial view; 23.12/3 * if a subtype is a descendant of a formal access type, it is not considered pool-specific. 24 A named number provides a name for a numeric value known at compile time. It is declared by a number_declaration. NOTES 25 10 A constant cannot be the target of an assignment operation, nor be passed as an in out or out parameter, between its initialization and finalization, if any. 25.1/3 11 {AI05-0054-2} The value of a constant object cannot be changed after its initialization, except in some cases where the object has a controlled or immutably limited part (see 7.5, 7.6, and 13.9.1). 26/3 12 {AI05-0264-1} The nominal and actual subtypes of an elementary object are always the same. For a discriminated or array object, if the nominal subtype is constrained, then so is the actual subtype. Extensions to Ada 83 26.a There are additional kinds of objects (choice parameters and entry indices of entry bodies). 26.b The result of a function and of evaluating an aggregate are considered (constant) objects. This is necessary to explain the action of finalization on such things. Because a function_call is also syntactically a name (see 4.1), the result of a function_call can be renamed, thereby allowing repeated use of the result without calling the function again. Wording Changes from Ada 83 26.c/3 {AI05-0299-1} This subclause now follows the subclauses on types and subtypes, to cut down on the number of forward references. 26.d The term nominal subtype is new. It is used to distinguish what is known at compile time about an object's constraint, versus what its "true" run-time constraint is. 26.e The terms definite and indefinite (which apply to subtypes) are new. They are used to aid in the description of generic formal type matching, and to specify when an explicit initial value is required in an object_declaration. 26.f We have moved the syntax for object_declaration and number_declaration down into their respective subclauses, to keep the syntax close to the description of the associated semantics. 26.g We talk about variables and constants here, since the discussion is not specific to object_declarations, and it seems better to have the list of the kinds of constants juxtaposed with the kinds of objects. 26.h We no longer talk about indirect updating due to parameter passing. Parameter passing is handled in 6.2 and 6.4.1 in a way that there is no need to mention it here in the definition of read and update. Reading and updating now includes the case of evaluating or assigning to an enclosing object. Wording Changes from Ada 95 26.i/2 {AI95-00416-01} Clarified that the return object is the object created by a function call. Extensions to Ada 2005 26.j/3 {AI05-0015-1} Added wording to allow return objects to be declared as constants, and corrected the definition of return objects as objects. Wording Changes from Ada 2005 26.k/3 {AI05-0008-1} {AI05-0041-1} {AI05-0093-1} Correction: Added a definition of known to be constrained, for use in other rules. 26.l/3 {AI05-0054-2} Correction: We now recognize the fact that not all declared constant objects are immutable; for those that a variable view can be constructed, they can be changed via that view. 26.m/3 {AI05-0120-1} Correction: Added the current instance of a protected object to the list of constant views; since the list claims to include all possibilities, it had better include that one. 26.n/3 {AI05-0003-1} The result of a qualified_expression is defined to be a constant view and is defined to be an object if the operand of the qualified_expression is an object. These definitions, combined with some grammar changes, allow qualified_expressions to be used in more places. See 4.1 for details. 3.3.1 Object Declarations 1/3 {AI05-0262-1} An object_declaration declares a stand-alone object with a given nominal subtype and, optionally, an explicit initial value given by an initialization expression. For an array, access, task, or protected object, the object_declaration may include the definition of the (anonymous) type of the object. Syntax 2/3 {AI95-00385-01} {AI95-00406-01} {AI05-0183-1} object_declaration ::= defining_identifier_list : [aliased] [constant] subtype_indication [:= expression] [aspect_specification]; | defining_identifier_list : [aliased] [constant] access_definition [:= expression] [aspect_specification]; | defining_identifier_list : [aliased] [constant] array_type_definition [:= expression] [aspect_specification]; | single_task_declaration | single_protected_declaration 3 defining_identifier_list ::= defining_identifier {, defining_identifier} Name Resolution Rules 4 For an object_declaration with an expression following the compound delimiter :=, the type expected for the expression is that of the object. This expression is called the initialization expression. Legality Rules 5/2 {AI95-00287-01} An object_declaration without the reserved word constant declares a variable object. If it has a subtype_indication or an array_type_definition that defines an indefinite subtype, then there shall be an initialization expression. Static Semantics 6/3 {AI05-0264-1} {AI05-0299-1} An object_declaration with the reserved word constant declares a constant object. If it has an initialization expression, then it is called a full constant declaration. Otherwise, it is called a deferred constant declaration. The rules for deferred constant declarations are given in subclause 7.4. The rules for full constant declarations are given in this subclause. 7 Any declaration that includes a defining_identifier_list with more than one defining_identifier is equivalent to a series of declarations each containing one defining_identifier from the list, with the rest of the text of the declaration copied for each declaration in the series, in the same order as the list. The remainder of this International Standard relies on this equivalence; explanations are given for declarations with a single defining_identifier. 8/2 {AI95-00385-01} The subtype_indication, access_definition, or full type definition of an object_declaration defines the nominal subtype of the object. The object_declaration declares an object of the type of the nominal subtype. 8.a/2 Discussion: {AI95-00385-01} The phrase "full type definition" here includes the case of an anonymous array, access, task, or protected type. 8.1/2 {AI95-00373-01} A component of an object is said to require late initialization if it has an access discriminant value constrained by a per-object expression, or if it has an initialization expression that includes a name denoting the current instance of the type or denoting an access discriminant. 8.b/2 Reason: Such components can depend on the values of other components of the object. We want to initialize them as late and as reproducibly as possible. Dynamic Semantics 9/2 {AI95-00363-01} If a composite object declared by an object_declaration has an unconstrained nominal subtype, then if this subtype is indefinite or the object is constant the actual subtype of this object is constrained. The constraint is determined by the bounds or discriminants (if any) of its initial value; the object is said to be constrained by its initial value. When not constrained by its initial value, the actual and nominal subtypes of the object are the same. If its actual subtype is constrained, the object is called a constrained object. 10 For an object_declaration without an initialization expression, any initial values for the object or its subcomponents are determined by the implicit initial values defined for its nominal subtype, as follows: 11 * The implicit initial value for an access subtype is the null value of the access type. 11.1/3 * {AI05-0228-1} The implicit initial value for a scalar subtype that has the Default_Value aspect specified is the value of that aspect converted to the nominal subtype (which might raise Constraint_Error - see 4.6, "Type Conversions"); 11.a.1/3 Ramification: This is a Dynamic Semantics rule, so the visibility of the aspect_specification is not relevant - if the full type for a private type has the Default_Value aspect specified, partial views of the type also have this implicit initial value. 12 * The implicit initial (and only) value for each discriminant of a constrained discriminated subtype is defined by the subtype. 13/3 * {AI05-0228-1} For a (definite) composite subtype, the implicit initial value of each component with a default_expression is obtained by evaluation of this expression and conversion to the component's nominal subtype (which might raise Constraint_Error), unless the component is a discriminant of a constrained subtype (the previous case), or is in an excluded variant (see 3.8.1). For each component that does not have a default_expression, if the composite subtype has the Default_Component_Value aspect specified, the implicit initial value is the value of that aspect converted to the component's nominal subtype; otherwise, any implicit initial values are those determined by the component's nominal subtype. 14 * For a protected or task subtype, there is an implicit component (an entry queue) corresponding to each entry, with its implicit initial value being an empty queue. 14.a Implementation Note: The implementation may add implicit components for its own use, which might have implicit initial values. For a task subtype, such components might represent the state of the associated thread of control. For a type with dynamic-sized components, such implicit components might be used to hold the offset to some explicit component. 15 The elaboration of an object_declaration proceeds in the following sequence of steps: 16/2 1. {AI95-00385-01} The subtype_indication, access_definition, array_- type_definition, single_task_declaration, or single_protected_declaration is first elaborated. This creates the nominal subtype (and the anonymous type in the last four cases). 17 2. If the object_declaration includes an initialization expression, the (explicit) initial value is obtained by evaluating the expression and converting it to the nominal subtype (which might raise Constraint_Error - see 4.6). 18/2 3. {8652/0002} {AI95-00171-01} {AI95-00373-01} The object is created, and, if there is not an initialization expression, the object is initialized by default. When an object is initialized by default, any per-object constraints (see 3.8) are elaborated and any implicit initial values for the object or for its subcomponents are obtained as determined by the nominal subtype. Any initial values (whether explicit or implicit) are assigned to the object or to the corresponding subcomponents. As described in 5.2 and 7.6, Initialize and Adjust procedures can be called. 18.a Discussion: For a per-object constraint that contains some per-object expressions and some non-per-object expressions, the values used for the constraint consist of the values of the non-per-object expressions evaluated at the point of the type_declaration, and the values of the per-object expressions evaluated at the point of the creation of the object. 18.b The elaboration of per-object constraints was presumably performed as part of the dependent compatibility check in Ada 83. If the object is of a limited type with an access discriminant, the access_definition is elaborated at this time (see 3.7). 18.c Reason: The reason we say that evaluating an explicit initialization expression happens before creating the object is that in some cases it is impossible to know the size of the object being created until its initial value is known, as in "X: String := Func_Call(...);". The implementation can create the object early in the common case where the size can be known early, since this optimization is semantically neutral. 19/2 This paragraph was deleted.{AI95-00373-01} 19.a Ramification: Since the initial values have already been converted to the appropriate nominal subtype, the only Constraint_Errors that might occur as part of these assignments are for values outside their base range that are used to initialize unconstrained numeric subcomponents. See 3.5. 20/2 {AI95-00373-01} For the third step above, evaluations and assignments are performed in an arbitrary order subject to the following restrictions: 20.1/2 * {AI95-00373-01} Assignment to any part of the object is preceded by the evaluation of the value that is to be assigned. 20.a.1/2 Reason: Duh. But we ought to say it. Note that, like any rule in the International Standard, it doesn't prevent an "as-if" optimization; as long as the semantics as observed from the program are correct, the compiler can generate any code it wants. 20.2/2 * {AI95-00373-01} The evaluation of a default_expression that includes the name of a discriminant is preceded by the assignment to that discriminant. 20.a.2/2 Reason: Duh again. But we have to say this, too. It's odd that Ada 95 only required the default expressions to be evaluated before the discriminant is used; it says nothing about discriminant values that come from subtype_indications. 20.3/2 * {AI95-00373-01} The evaluation of the default_expression for any component that depends on a discriminant is preceded by the assignment to that discriminant. 20.a Reason: For example: 20.b type R(D : Integer := F) is record S : String(1..D) := (others => G); end record; 20.c X : R; 20.d For the elaboration of the declaration of X, it is important that F be evaluated before the aggregate. 20.4/3 * {AI95-00373-01} {AI05-0092-1} The assignments to any components, including implicit components, not requiring late initialization precede the initial value evaluations for any components requiring late initialization; if two components both require late initialization, then assignments to parts of the component occurring earlier in the order of the component declarations precede the initial value evaluations of the component occurring later. 20.e/2 Reason: Components that require late initialization can refer to the entire object during their initialization. We want them to be initialized as late as possible to reduce the chance that their initialization depends on uninitialized components. For instance: 20.f/2 type T (D : Natural) is limited record C1 : T1 (T'Access); C2 : Natural := F (D); C3 : String (1 .. D) := (others => ' '); end record; 20.g/2 Component C1 requires late initialization. The initialization could depend on the values of any component of T, including D, C2, or C3. Therefore, we want to it to be initialized last. Note that C2 and C3 do not require late initialization; they only have to be initialized after D. 20.h/2 It is possible for there to be more than one component that requires late initialization. In this case, the language can't prevent problems, because all of the components can't be the last one initialized. In this case, we specify the order of initialization for components requiring late initialization; by doing so, programmers can arrange their code to avoid accessing uninitialized components, and such arrangements are portable. Note that if the program accesses an uninitialized component, 13.9.1 defines the execution to be erroneous. 21/3 {AI05-0228-1} [There is no implicit initial value defined for a scalar subtype unless the Default_Value aspect has been specified for the type.] In the absence of an explicit initialization or the specification of the Default_Value aspect, a newly created scalar object might have a value that does not belong to its subtype (see 13.9.1 and H.1). 21.a To be honest: It could even be represented by a bit pattern that doesn't actually represent any value of the type at all, such as an invalid internal code for an enumeration type, or a NaN for a floating point type. It is a generally a bounded error to reference scalar objects with such "invalid representations", as explained in 13.9.1, "Data Validity". 21.b Ramification: There is no requirement that two objects of the same scalar subtype have the same implicit initial "value" (or representation). It might even be the case that two elaborations of the same object_declaration produce two different initial values. However, any particular uninitialized object is default-initialized to a single value (or invalid representation). Thus, multiple reads of such an uninitialized object will produce the same value each time (if the implementation chooses not to detect the error). NOTES 22 13 Implicit initial values are not defined for an indefinite subtype, because if an object's nominal subtype is indefinite, an explicit initial value is required. 23/3 14 {AI05-0092-1} {AI05-0255-1} As indicated above, a stand-alone object is an object declared by an object_declaration. Similar definitions apply to "stand-alone constant" and "stand-alone variable." A subcomponent of an object is not a stand-alone object, nor is an object that is created by an allocator. An object declared by a loop_parameter_specification, iterator_specification, parameter_specification, entry_index_specification, choice_parameter_specification, extended_return_statement, or a formal_object_declaration of mode in out is not considered a stand-alone object. 24 15 The type of a stand-alone object cannot be abstract (see 3.9.3). Examples 25 Example of a multiple object declaration: 26 -- the multiple object declaration 27/2 {AI95-00433-01} John, Paul : not null Person_Name := new Person(Sex => M); -- see 3.10.1 28 -- is equivalent to the two single object declarations in the order given 29/2 {AI95-00433-01} John : not null Person_Name := new Person(Sex => M); Paul : not null Person_Name := new Person(Sex => M); 30 Examples of variable declarations: 31/2 {AI95-00433-01} Count, Sum : Integer; Size : Integer range 0 .. 10_000 := 0; Sorted : Boolean := False; Color_Table : array(1 .. Max) of Color; Option : Bit_Vector(1 .. 10) := (others => True); Hello : aliased String := "Hi, world."; , : Float range -PI .. +PI; 32 Examples of constant declarations: 33/2 {AI95-00433-01} Limit : constant Integer := 10_000; Low_Limit : constant Integer := Limit/10; Tolerance : constant Real := Dispersion(1.15); Hello_Msg : constant access String := Hello'Access; -- see 3.10.2 Extensions to Ada 83 33.a The syntax rule for object_declaration is modified to allow the aliased reserved word. 33.b A variable declared by an object_declaration can be constrained by its initial value; that is, a variable of a nominally unconstrained array subtype, or discriminated type without defaults, can be declared so long as it has an explicit initial value. In Ada 83, this was permitted for constants, and for variables created by allocators, but not for variables declared by object_declarations. This is particularly important for tagged class-wide types, since there is no way to constrain them explicitly, and so an initial value is the only way to provide a constraint. It is also important for generic formal private types with unknown discriminants. 33.c We now allow an unconstrained_array_definition in an object_declaration. This allows an object of an anonymous array type to have its bounds determined by its initial value. This is for uniformity: If one can write "X: constant array(Integer range 1..10) of Integer := ...;" then it makes sense to also allow "X: constant array(Integer range <>) of Integer := ...;". (Note that if anonymous array types are ever sensible, a common situation is for a table implemented as an array. Tables are often constant, and for constants, there's usually no point in forcing the user to count the number of elements in the value.) Wording Changes from Ada 83 33.d We have moved the syntax for object_declarations into this subclause. 33.e Deferred constants no longer have a separate syntax rule, but rather are incorporated in object_declaration as constants declared without an initialization expression. Inconsistencies With Ada 95 33.f/2 {AI95-00363-01} Unconstrained aliased objects of types with discriminants with defaults are no longer constrained by their initial values. This means that a program that raised Constraint_Error from an attempt to change the discriminants will no longer do so. The change only affects programs that depended on the raising of Constraint_Error in this case, so the inconsistency is unlikely to occur outside of the ACATS. This change may however cause compilers to implement these objects differently, possibly taking additional memory or time. This is unlikely to be worse than the differences caused by any major compiler upgrade. Extensions to Ada 95 33.g/2 {AI95-00287-01} A constant may have a limited type; the initialization expression has to be built-in-place (see 7.5). 33.h/2 {AI95-00385-01} {AI95-00406-01} A stand-alone object may have an anonymous access type. Wording Changes from Ada 95 33.i/2 {8652/0002} {AI95-00171-01} Corrigendum: Corrected wording to say that per-object constraints are elaborated (not evaluated). 33.j/2 {AI95-00373-01} The rules for evaluating default initialization have been tightened. In particular, components whose default initialization can refer to the rest of the object are required to be initialized last. 33.k/2 {AI95-00433-01} Added examples of various new constructs. Extensions to Ada 2005 33.l/3 {AI05-0183-1} An optional aspect_specification can be used in an object_declaration. This is described in 13.1.1. Wording Changes from Ada 2005 33.m/3 {AI05-0228-1} Implicit initial values can now be given for scalar types and for scalar array components, using the Default_Value (see 3.5) and Default_Component_Value (see 3.6) aspects; the extension is documented there. 3.3.2 Number Declarations 1 A number_declaration declares a named number. 1.a/3 Discussion: {AI05-0299-1} If a value or other property of a construct is required to be static that means it is required to be determined prior to execution. A static expression is an expression whose value is computed at compile time and is usable in contexts where the actual value might affect the legality of the construct. This is fully defined in subclause 4.9. Syntax 2 number_declaration ::= defining_identifier_list : constant := static_expression; Name Resolution Rules 3 The static_expression given for a number_declaration is expected to be of any numeric type. Legality Rules 4/3 {AI05-0299-1} The static_expression given for a number declaration shall be a static expression, as defined by subclause 4.9. Static Semantics 5 The named number denotes a value of type universal_integer if the type of the static_expression is an integer type. The named number denotes a value of type universal_real if the type of the static_expression is a real type. 6 The value denoted by the named number is the value of the static_expression, converted to the corresponding universal type. Dynamic Semantics 7 The elaboration of a number_declaration has no effect. 7.a Proof: Since the static_expression was evaluated at compile time. Examples 8 Examples of number declarations: 9 Two_Pi : constant := 2.0*Ada.Numerics.Pi; -- a real number (see A.5 ) 10/2 {AI95-00433-01} Max : constant := 500; -- an integer number Max_Line_Size : constant := Max/6; -- the integer 83 Power_16 : constant := 2**16; -- the integer 65_536 One, Un, Eins : constant := 1; -- three different names for 1 Extensions to Ada 83 10.a We now allow a static expression of any numeric type to initialize a named number. For integer types, it was possible in Ada 83 to use 'Pos to define a named number, but there was no way to use a static expression of some nonuniversal real type to define a named number. This change is upward compatible because of the preference rule for the operators of the root numeric types. Wording Changes from Ada 83 10.b We have moved the syntax rule into this subclause. 10.c AI83-00263 describes the elaboration of a number declaration in words similar to that of an object_declaration. However, since there is no expression to be evaluated and no object to be created, it seems simpler to say that the elaboration has no effect. 3.4 Derived Types and Classes 1/2 {AI95-00401-01} {AI95-00419-01} A derived_type_definition defines a derived type (and its first subtype) whose characteristics are derived from those of a parent type, and possibly from progenitor types. 1.a/2 Glossary entry: A derived type is a type defined in terms of one or more other types given in a derived type definition. The first of those types is the parent type of the derived type and any others are progenitor types. Each class containing the parent type or a progenitor type also contains the derived type. The derived type inherits properties such as components and primitive operations from the parent and progenitors. A type together with the types derived from it (directly or indirectly) form a derivation class. 1.1/2 {AI95-00442-01} A class of types is a set of types that is closed under derivation; that is, if the parent or a progenitor type of a derived type belongs to a class, then so does the derived type. By saying that a particular group of types forms a class, we are saying that all derivatives of a type in the set inherit the characteristics that define that set. The more general term category of types is used for a set of types whose defining characteristics are not necessarily inherited by derivatives; for example, limited, abstract, and interface are all categories of types, but not classes of types. 1.b/2 Ramification: A class of types is also a category of types. Syntax 2/2 {AI95-00251-01} {AI95-00419-01} derived_type_definition ::= [abstract] [limited] new parent_subtype_indication [[and interface_list] record_extension_part] Legality Rules 3/2 {AI95-00251-01} {AI95-00401-01} {AI95-00419-01} The parent_subtype_indication defines the parent subtype; its type is the parent type. The interface_list defines the progenitor types (see 3.9.4). A derived type has one parent type and zero or more progenitor types. 3.a/2 Glossary entry: The parent of a derived type is the first type given in the definition of the derived type. The parent can be almost any kind of type, including an interface type. 4 A type shall be completely defined (see 3.11.1) prior to being specified as the parent type in a derived_type_definition - [the full_type_declarations for the parent type and any of its subcomponents have to precede the derived_type_definition.] 4.a Discussion: This restriction does not apply to the ancestor type of a private extension - see 7.3; such a type need not be completely defined prior to the private_extension_declaration. However, the restriction does apply to record extensions, so the ancestor type will have to be completely defined prior to the full_type_declaration corresponding to the private_extension_declaration. 4.b Reason: We originally hoped we could relax this restriction. However, we found it too complex to specify the rules for a type derived from an incompletely defined limited type that subsequently became nonlimited. 5/2 {AI95-00401-01} If there is a record_extension_part, the derived type is called a record extension of the parent type. A record_extension_part shall be provided if and only if the parent type is a tagged type. [An interface_list shall be provided only if the parent type is a tagged type.] 5.a.1/2 Proof: {AI95-00401-01} The syntax only allows an interface_list to appear with a record_extension_part, and a record_extension_part can only be provided if the parent type is a tagged type. We give the last sentence anyway for completeness. 5.a Implementation Note: We allow a record extension to inherit discriminants; an early version of Ada 9X did not. If the parent subtype is unconstrained, it can be implemented as though its discriminants were repeated in a new known_discriminant_part and then used to constrain the old ones one-for-one. However, in an extension aggregate, the discriminants in this case do not appear in the component association list. 5.b/2 Ramification: {AI95-00114-01} This rule needs to be rechecked in the visible part of an instance of a generic unit because of the "only if" part of the rule. For example: 5.c/2 generic type T is private; package P is type Der is new T; end P; 5.d/2 package I is new P (Some_Tagged_Type); -- illegal 5.e/2 {AI95-00114-01} The instantiation is illegal because a tagged type is being extended in the visible part without a record_extension_part. Note that this is legal in the private part or body of an instance, both to avoid a contract model violation, and because no code that can see that the type is actually tagged can also see the derived type declaration. 5.f/2 No recheck is needed for derived types with a record_extension_part, as that has to be derived from something that is known to be tagged (otherwise the template is illegal). 5.1/3 {AI95-00419-01} {AI05-0096-1} If the reserved word limited appears in a derived_type_definition, the parent type shall be a limited type. If the parent type is a tagged formal type, then in addition to the places where Legality Rules normally apply (see 12.3), this rule applies also in the private part of an instance of a generic unit. 5.g/2 Reason: We allow limited because we don't inherit limitedness from interfaces, so we must have a way to derive a limited type from interfaces. The word limited has to be legal when the parent could be an interface, and that includes generic formal abstract types. Since we have to allow it in this case, we might as well allow it everywhere as documentation, to make it explicit that the type is limited. 5.h/2 However, we do not want to allow limited when the parent is nonlimited: limitedness cannot change in a derivation tree. 5.i/3 If the parent type is an untagged limited formal type with an actual type that is nonlimited, we allow derivation as a limited type in the private part or body as no place could have visibility on the resulting type where it was known to be nonlimited (outside of the instance). (See the previous paragraph's annotations for an explanation of this.) However, if the parent type is a tagged limited formal type with an actual type that is nonlimited, it would be possible to pass a value of the limited type extension to a class-wide type of the parent, which would be nonlimited. That's too weird to allow (even though all of the extension components would have to be nonlimited because the rules of 3.9.1 are rechecked), so we have a special rule to prevent that in the private part (type extension from a formal type is illegal in a generic package body). Static Semantics 6 The first subtype of the derived type is unconstrained if a known_discriminant_part is provided in the declaration of the derived type, or if the parent subtype is unconstrained. Otherwise, the constraint of the first subtype corresponds to that of the parent subtype in the following sense: it is the same as that of the parent subtype except that for a range constraint (implicit or explicit), the value of each bound of its range is replaced by the corresponding value of the derived type. 6.a Discussion: A digits_constraint in a subtype_indication for a decimal fixed point subtype always imposes a range constraint, implicitly if there is no explicit one given. See 3.5.9, " Fixed Point Types". 6.1/2 {AI95-00231-01} The first subtype of the derived type excludes null (see 3.10) if and only if the parent subtype excludes null. 7/3 {AI05-0110-1} The characteristics and implicitly declared primitive subprograms of the derived type are defined as follows: 7.a/3 Ramification: {AI05-0110-1} The characteristics of a type do not include its primitive subprograms (primitive subprograms include predefined operators). The rules governing availability/visibility and inheritance of characteristics are separate from those for primitive subprograms. 8/2 * {AI95-00251-01} {AI95-00401-01} {AI95-00442-01} [If the parent type or a progenitor type belongs to a class of types, then the derived type also belongs to that class.] The following sets of types, as well as any higher-level sets composed from them, are classes in this sense[, and hence the characteristics defining these classes are inherited by derived types from their parent or progenitor types]: signed integer, modular integer, ordinary fixed, decimal fixed, floating point, enumeration, boolean, character, access-to-constant, general access-to-variable, pool-specific access-to-variable, access-to-subprogram, array, string, non-array composite, nonlimited, untagged record, tagged, task, protected, and synchronized tagged. 8.a Discussion: This is inherent in our notion of a "class" of types. It is not mentioned in the initial definition of "class" since at that point type derivation has not been defined. In any case, this rule ensures that every class of types is closed under derivation. 9 * If the parent type is an elementary type or an array type, then the set of possible values of the derived type is a copy of the set of possible values of the parent type. For a scalar type, the base range of the derived type is the same as that of the parent type. 9.a Discussion: The base range of a type defined by an integer_type_definition or a real_type_definition is determined by the _definition, and is not necessarily the same as that of the corresponding root numeric type from which the newly defined type is implicitly derived. Treating numerics types as implicitly derived from one of the two root numeric types is simply to link them into a type hierarchy; such an implicit derivation does not follow all the rules given here for an explicit derived_type_definition. 10 * If the parent type is a composite type other than an array type, then the components, protected subprograms, and entries that are declared for the derived type are as follows: 11 * The discriminants specified by a new known_discriminant_part, if there is one; otherwise, each discriminant of the parent type (implicitly declared in the same order with the same specifications) - in the latter case, the discriminants are said to be inherited, or if unknown in the parent, are also unknown in the derived type; 12 * Each nondiscriminant component, entry, and protected subprogram of the parent type, implicitly declared in the same order with the same declarations; these components, entries, and protected subprograms are said to be inherited; 12.a Ramification: The profiles of entries and protected subprograms do not change upon type derivation, although the type of the " implicit" parameter identified by the prefix of the name in a call does. 12.b To be honest: Any name in the parent type_declaration that denotes the current instance of the type is replaced with a name denoting the current instance of the derived type, converted to the parent type. 13 * Each component declared in a record_extension_part, if any. 14 Declarations of components, protected subprograms, and entries, whether implicit or explicit, occur immediately within the declarative region of the type, in the order indicated above, following the parent subtype_indication. 14.a Discussion: The order of declarations within the region matters for record_aggregates and extension_aggregates. 14.b Ramification: In most cases, these things are implicitly declared immediately following the parent subtype_indication. However, 7.3.1, "Private Operations" defines some cases in which they are implicitly declared later, and some cases in which the are not declared at all. 14.c Discussion: The place of the implicit declarations of inherited components matters for visibility - they are not visible in the known_discriminant_part nor in the parent subtype_indication, but are usually visible within the record_extension_part, if any (although there are restrictions on their use). Note that a discriminant specified in a new known_discriminant_part is not considered "inherited" even if it has the same name and subtype as a discriminant of the parent type. 15/2 * This paragraph was deleted.{AI95-00419-01} 16 * [For each predefined operator of the parent type, there is a corresponding predefined operator of the derived type.] 16.a Proof: This is a ramification of the fact that each class that includes the parent type also includes the derived type, and the fact that the set of predefined operators that is defined for a type, as described in 4.5, is determined by the classes to which it belongs. 16.b Reason: Predefined operators are handled separately because they follow a slightly different rule than user-defined primitive subprograms. In particular the systematic replacement described below does not apply fully to the relational operators for Boolean and the exponentiation operator for Integer. The relational operators for a type derived from Boolean still return Standard.Boolean. The exponentiation operator for a type derived from Integer still expects Standard.Integer for the right operand. In addition, predefined operators "reemerge" when a type is the actual type corresponding to a generic formal type, so they need to be well defined even if hidden by user-defined primitive subprograms. 17/2 * {AI95-00401-01} For each user-defined primitive subprogram (other than a user-defined equality operator - see below) of the parent type or of a progenitor type that already exists at the place of the derived_type_definition, there exists a corresponding inherited primitive subprogram of the derived type with the same defining name. Primitive user-defined equality operators of the parent type and any progenitor types are also inherited by the derived type, except when the derived type is a nonlimited record extension, and the inherited operator would have a profile that is type conformant with the profile of the corresponding predefined equality operator; in this case, the user-defined equality operator is not inherited, but is rather incorporated into the implementation of the predefined equality operator of the record extension (see 4.5.2). 17.a Ramification: We say "...already exists..." rather than "is visible" or "has been declared" because there are certain operations that are declared later, but still exist at the place of the derived_type_definition, and there are operations that are never declared, but still exist. These cases are explained in 7.3.1. 17.b Note that nonprivate extensions can appear only after the last primitive subprogram of the parent - the freezing rules ensure this. 17.c Reason: A special case is made for the equality operators on nonlimited record extensions because their predefined equality operators are already defined in terms of the primitive equality operator of their parent type (and of the tagged components of the extension part). Inheriting the parent's equality operator as is would be undesirable, because it would ignore any components of the extension part. On the other hand, if the parent type is limited, then any user-defined equality operator is inherited as is, since there is no predefined equality operator to take its place. 17.d/2 Ramification: {AI95-00114-01} Because user-defined equality operators are not inherited by nonlimited record extensions, the formal parameter names of = and /= revert to Left and Right, even if different formal parameter names were used in the user-defined equality operators of the parent type. 17.e/2 Discussion: {AI95-00401-01} This rule only describes what operations are inherited; the rules that describe what happens when there are conflicting inherited subprograms are found in 8.3. 18/3 {AI95-00401-01} {AI05-0164-1} {AI05-0240-1} The profile of an inherited subprogram (including an inherited enumeration literal) is obtained from the profile of the corresponding (user-defined) primitive subprogram of the parent or progenitor type, after systematic replacement of each subtype of its profile (see 6.1) that is of the parent or progenitor type, other than those subtypes found in the designated profile of an access_definition, with a corresponding subtype of the derived type. For a given subtype of the parent or progenitor type, the corresponding subtype of the derived type is defined as follows: 19 * If the declaration of the derived type has neither a known_discriminant_part nor a record_extension_part, then the corresponding subtype has a constraint that corresponds (as defined above for the first subtype of the derived type) to that of the given subtype. 20 * If the derived type is a record extension, then the corresponding subtype is the first subtype of the derived type. 21 * If the derived type has a new known_discriminant_part but is not a record extension, then the corresponding subtype is constrained to those values that when converted to the parent type belong to the given subtype (see 4.6). 21.a Reason: An inherited subprogram of an untagged type has an Intrinsic calling convention, which precludes the use of the Access attribute. We preclude 'Access because correctly performing all required constraint checks on an indirect call to such an inherited subprogram was felt to impose an undesirable implementation burden. 21.b/3 {AI05-0164-1} Note that the exception to substitution of the parent or progenitor type applies only in the profiles of anonymous access-to-subprogram types. The exception is necessary to avoid calling an access-to-subprogram with types and/or constraints different than expected by the actual routine. 22/2 {AI95-00401-01} The same formal parameters have default_expressions in the profile of the inherited subprogram. [Any type mismatch due to the systematic replacement of the parent or progenitor type by the derived type is handled as part of the normal type conversion associated with parameter passing - see 6.4.1.] 22.a/2 Reason: {AI95-00401-01} We don't introduce the type conversion explicitly here since conversions to record extensions or on access parameters are not generally legal. Furthermore, any type conversion would just be "undone" since the subprogram of the parent or progenitor is ultimately being called anyway. (Null procedures can be inherited from a progenitor without being overridden, so it is possible to call subprograms of an interface.) 23/2 {AI95-00401-01} If a primitive subprogram of the parent or progenitor type is visible at the place of the derived_type_definition, then the corresponding inherited subprogram is implicitly declared immediately after the derived_type_definition. Otherwise, the inherited subprogram is implicitly declared later or not at all, as explained in 7.3.1. 24 A derived type can also be defined by a private_extension_declaration (see 7.3) or a formal_derived_type_definition (see 12.5.1). Such a derived type is a partial view of the corresponding full or actual type. 25 All numeric types are derived types, in that they are implicitly derived from a corresponding root numeric type (see 3.5.4 and 3.5.6). Dynamic Semantics 26 The elaboration of a derived_type_definition creates the derived type and its first subtype, and consists of the elaboration of the subtype_indication and the record_extension_part, if any. If the subtype_indication depends on a discriminant, then only those expressions that do not depend on a discriminant are evaluated. 26.a/2 Discussion: {AI95-00251-01} We don't mention the interface_list, because it does not need elaboration (see 3.9.4). This is consistent with the handling of discriminant_parts, which aren't elaborated either. 27/2 {AI95-00391-01} {AI95-00401-01} For the execution of a call on an inherited subprogram, a call on the corresponding primitive subprogram of the parent or progenitor type is performed; the normal conversion of each actual parameter to the subtype of the corresponding formal parameter (see 6.4.1) performs any necessary type conversion as well. If the result type of the inherited subprogram is the derived type, the result of calling the subprogram of the parent or progenitor is converted to the derived type, or in the case of a null extension, extended to the derived type using the equivalent of an extension_aggregate with the original result as the ancestor_part and null record as the record_component_association_list. 27.a/2 Discussion: {AI95-00391-01} If an inherited function returns the derived type, and the type is a nonnull record extension, then the inherited function shall be overridden, unless the type is abstract (in which case the function is abstract, and (unless overridden) cannot be called except via a dispatching call). See 3.9.3. NOTES 28 16 Classes are closed under derivation - any class that contains a type also contains its derivatives. Operations available for a given class of types are available for the derived types in that class. 29 17 Evaluating an inherited enumeration literal is equivalent to evaluating the corresponding enumeration literal of the parent type, and then converting the result to the derived type. This follows from their equivalence to parameterless functions. 30 18 A generic subprogram is not a subprogram, and hence cannot be a primitive subprogram and cannot be inherited by a derived type. On the other hand, an instance of a generic subprogram can be a primitive subprogram, and hence can be inherited. 31 19 If the parent type is an access type, then the parent and the derived type share the same storage pool; there is a null access value for the derived type and it is the implicit initial value for the type. See 3.10. 32 20 If the parent type is a boolean type, the predefined relational operators of the derived type deliver a result of the predefined type Boolean (see 4.5.2). If the parent type is an integer type, the right operand of the predefined exponentiation operator is of the predefined type Integer (see 4.5.6). 33 21 Any discriminants of the parent type are either all inherited, or completely replaced with a new set of discriminants. 34 22 For an inherited subprogram, the subtype of a formal parameter of the derived type need not have any value in common with the first subtype of the derived type. 34.a Proof: This happens when the parent subtype is constrained to a range that does not overlap with the range of a subtype of the parent type that appears in the profile of some primitive subprogram of the parent type. For example: 34.b type T1 is range 1..100; subtype S1 is T1 range 1..10; procedure P(X : in S1); -- P is a primitive subprogram type T2 is new T1 range 11..20; -- implicitly declared: -- procedure P(X : in T2'Base range 1..10); -- X cannot be in T2'First .. T2'Last 35 23 If the reserved word abstract is given in the declaration of a type, the type is abstract (see 3.9.3). 35.1/2 24 {AI95-00251-01} {AI95-00401-01} An interface type that has a progenitor type "is derived from" that type. A derived_type_definition, however, never defines an interface type. 35.2/2 25 {AI95-00345-01} It is illegal for the parent type of a derived_type_definition to be a synchronized tagged type. 35.a/3 Proof: {AI05-0299-1} 3.9.1 prohibits record extensions whose parent type is a synchronized tagged type, and this subclause requires tagged types to have a record extension. Thus there are no legal derivations. Note that a synchronized interface can be used as a progenitor in an interface_type_definition as well as in task and protected types, but we do not allow concrete extensions of any synchronized tagged type. Examples 36 Examples of derived type declarations: 37 type Local_Coordinate is new Coordinate; -- two different types type Midweek is new Day range Tue .. Thu; -- see 3.5.1 type Counter is new Positive; -- same range as Positive 38 type Special_Key is new Key_Manager.Key; -- see 7.3.1 -- the inherited subprograms have the following specifications: -- procedure Get_Key(K : out Special_Key); -- function "<"(X,Y : Special_Key) return Boolean; Inconsistencies With Ada 83 38.a When deriving from a (nonprivate, nonderived) type in the same visible part in which it is defined, if a predefined operator had been overridden prior to the derivation, the derived type will inherit the user-defined operator rather than the predefined operator. The work-around (if the new behavior is not the desired behavior) is to move the definition of the derived type prior to the overriding of any predefined operators. Incompatibilities With Ada 83 38.b When deriving from a (nonprivate, nonderived) type in the same visible part in which it is defined, a primitive subprogram of the parent type declared before the derived type will be inherited by the derived type. This can cause upward incompatibilities in cases like this: 38.c package P is type T is (A, B, C, D); function F( X : T := A ) return Integer; type NT is new T; -- inherits F as -- function F( X : NT := A ) return Integer; -- in Ada 95 only ... end P; ... use P; -- Only one declaration of F from P is use-visible in -- Ada 83; two declarations of F are use-visible in -- Ada 95. begin ... if F > 1 then ... -- legal in Ada 83, ambiguous in Ada 95 Extensions to Ada 83 38.d The syntax for a derived_type_definition is amended to include an optional record_extension_part (see 3.9.1). 38.e A derived type may override the discriminants of the parent by giving a new discriminant_part. 38.f The parent type in a derived_type_definition may be a derived type defined in the same visible part. 38.g When deriving from a type in the same visible part in which it is defined, the primitive subprograms declared prior to the derivation are inherited as primitive subprograms of the derived type. See 3.2.3. Wording Changes from Ada 83 38.h We now talk about the classes to which a type belongs, rather than a single class. Extensions to Ada 95 38.i/2 {AI05-0190-1} {AI95-00251-01} {AI95-00401-01} A derived type may inherit from multiple (interface) progenitors, as well as the parent type - see 3.9.4, "Interface Types". 38.j/2 {AI95-00419-01} A derived type may specify that it is a limited type. This is required for interface ancestors (from which limitedness is not inherited), but it is generally useful as documentation of limitedness. Wording Changes from Ada 95 38.k/2 {AI95-00391-01} Defined the result of functions for null extensions (which we no longer require to be overridden - see 3.9.3). 38.l/2 {AI95-00442-01} Defined the term "category of types" and used it in wording elsewhere; also specified the language-defined categories that form classes of types (this was never normatively specified in Ada 95). Incompatibilities With Ada 2005 38.m/3 {AI05-0096-1} Correction: Added a (re)check that limited type extensions never are derived from nonlimited types in generic private parts. This is disallowed as it would make it possible to pass a limited object to a nonlimited class-wide type, which could then be copied. This is only possible using Ada 2005 syntax, so examples in existing programs should be rare. Wording Changes from Ada 2005 38.n/3 {AI05-0110-1} Correction: Added wording to clarify that the characteristics of derived types are formally defined here. (This is the only place in the Standard that actually spells out what sorts of things are actually characteristics, which is rather important.) 38.o/3 {AI05-0164-1} Correction: Added wording to ensure that anonymous access-to-subprogram types don't get modified on derivation. 3.4.1 Derivation Classes 1 In addition to the various language-defined classes of types, types can be grouped into derivation classes. Static Semantics 2/2 {AI95-00251-01} {AI95-00401-01} A derived type is derived from its parent type directly; it is derived indirectly from any type from which its parent type is derived. A derived type, interface type, type extension, task type, protected type, or formal derived type is also derived from every ancestor of each of its progenitor types, if any. The derivation class of types for a type T (also called the class rooted at T) is the set consisting of T (the root type of the class) and all types derived from T (directly or indirectly) plus any associated universal or class-wide types (defined below). 2.a Discussion: Note that the definition of "derived from" is a recursive definition. We don't define a root type for all interesting language-defined classes, though presumably we could. 2.b To be honest: By the class-wide type "associated" with a type T, we mean the type T'Class. Similarly, the universal type associated with root_integer, root_real, and root_fixed are universal_integer, universal_real, and universal_fixed, respectively. 3/2 {AI95-00230-01} Every type is either a specific type, a class-wide type, or a universal type. A specific type is one defined by a type_declaration, a formal_type_declaration, or a full type definition embedded in another construct. Class-wide and universal types are implicitly defined, to act as representatives for an entire class of types, as follows: 3.a To be honest: The root types root_integer, root_real, and root_fixed are also specific types. They are declared in the specification of package Standard. 4 Class-wide types Class-wide types are defined for [(and belong to)] each derivation class rooted at a tagged type (see 3.9). Given a subtype S of a tagged type T, S'Class is the subtype_mark for a corresponding subtype of the tagged class-wide type T'Class. Such types are called "class-wide" because when a formal parameter is defined to be of a class-wide type T'Class, an actual parameter of any type in the derivation class rooted at T is acceptable (see 8.6). 5 The set of values for a class-wide type T'Class is the discriminated union of the set of values of each specific type in the derivation class rooted at T (the tag acts as the implicit discriminant - see 3.9). Class-wide types have no primitive subprograms of their own. However, as explained in 3.9.2, operands of a class-wide type T'Class can be used as part of a dispatching call on a primitive subprogram of the type T. The only components [(including discriminants)] of T'Class that are visible are those of T. If S is a first subtype, then S'Class is a first subtype. 5.a Reason: We want S'Class to be a first subtype when S is, so that an attribute_definition_clause like "for S'Class'Output use ...;" will be legal. 6/2 {AI95-00230-01} Universal types Universal types are defined for [(and belong to)] the integer, real, fixed point, and access classes, and are referred to in this standard as respectively, universal_integer, universal_real, universal_fixed, and universal_access. These are analogous to class-wide types for these language-defined elementary classes. As with class-wide types, if a formal parameter is of a universal type, then an actual parameter of any type in the corresponding class is acceptable. In addition, a value of a universal type (including an integer or real numeric_literal, or the literal null) is "universal" in that it is acceptable where some particular type in the class is expected (see 8.6). 7 The set of values of a universal type is the undiscriminated union of the set of values possible for any definable type in the associated class. Like class-wide types, universal types have no primitive subprograms of their own. However, their " universality" allows them to be used as operands with the primitive subprograms of any type in the corresponding class. 7.a Discussion: A class-wide type is only class-wide in one direction, from specific to class-wide, whereas a universal type is class-wide (universal) in both directions, from specific to universal and back. 7.b/2 {AI95-00230-01} We considered defining class-wide or perhaps universal types for all derivation classes, not just tagged classes and these four elementary classes. However, this was felt to overly weaken the strong-typing model in some situations. Tagged types preserve strong type distinctions thanks to the run-time tag. Class-wide or universal types for untagged types would weaken the compile-time type distinctions without providing a compensating run-time-checkable distinction. 7.c We considered defining standard names for the universal numeric types so they could be used in formal parameter specifications. However, this was felt to impose an undue implementation burden for some implementations. 7.d To be honest: Formally, the set of values of a universal type is actually a copy of the undiscriminated union of the values of the types in its class. This is because we want each value to have exactly one type, with explicit or implicit conversion needed to go between types. An alternative, consistent model would be to associate a class, rather than a particular type, with a value, even though any given expression would have a particular type. In that case, implicit type conversions would not generally need to change the value, although an associated subtype conversion might need to. 8 The integer and real numeric classes each have a specific root type in addition to their universal type, named respectively root_integer and root_real. 9 A class-wide or universal type is said to cover all of the types in its class. A specific type covers only itself. 10/2 {AI95-00230-01} {AI95-00251-01} A specific type T2 is defined to be a descendant of a type T1 if T2 is the same as T1, or if T2 is derived (directly or indirectly) from T1. A class-wide type T2'Class is defined to be a descendant of type T1 if T2 is a descendant of T1. Similarly, the numeric universal types are defined to be descendants of the root types of their classes. If a type T2 is a descendant of a type T1, then T1 is called an ancestor of T2. An ultimate ancestor of a type is an ancestor of that type that is not itself a descendant of any other type. Every untagged type has a unique ultimate ancestor. 10.a Ramification: A specific type is a descendant of itself. Class-wide types are considered descendants of the corresponding specific type, and do not have any descendants of their own. 10.b A specific type is an ancestor of itself. The root of a derivation class is an ancestor of all types in the class, including any class-wide types in the class. 10.c Discussion: The terms root, parent, ancestor, and ultimate ancestor are all related. For example: 10.d/2 * {AI95-00251-01} Each type has at most one parent, and one or more ancestor types; each untagged type has exactly one ultimate ancestor. In Ada 83, the term "parent type" was sometimes used more generally to include any ancestor type (e.g. RM83-9.4(14)). In Ada 95, we restrict parent to mean the immediate ancestor. 10.e * A class of types has at most one root type; a derivation class has exactly one root type. 10.f * The root of a class is an ancestor of all of the types in the class (including itself). 10.g * The type root_integer is the root of the integer class, and is the ultimate ancestor of all integer types. A similar statement applies to root_real. 10.h/2 Glossary entry: An ancestor of a type is the type itself or, in the case of a type derived from other types, its parent type or one of its progenitor types or one of their ancestors. Note that ancestor and descendant are inverse relationships. 10.i/2 Glossary entry: A type is a descendant of itself, its parent and progenitor types, and their ancestors. Note that descendant and ancestor are inverse relationships. 11 An inherited component [(including an inherited discriminant)] of a derived type is inherited from a given ancestor of the type if the corresponding component was inherited by each derived type in the chain of derivations going back to the given ancestor. NOTES 12 26 Because operands of a universal type are acceptable to the predefined operators of any type in their class, ambiguity can result. For universal_integer and universal_real, this potential ambiguity is resolved by giving a preference (see 8.6) to the predefined operators of the corresponding root types (root_integer and root_real, respectively). Hence, in an apparently ambiguous expression like 13 1 + 4 < 7 14 where each of the literals is of type universal_integer, the predefined operators of root_integer will be preferred over those of other specific integer types, thereby resolving the ambiguity. 14.a Ramification: Except for this preference, a root numeric type is essentially like any other specific type in the associated numeric class. In particular, the result of a predefined operator of a root numeric type is not "universal" (implicitly convertible) even if both operands were. Wording Changes from Ada 95 14.b/2 {AI95-00230-01} Updated the wording to define the universal_access type. This was defined to make null for anonymous access types sensible. 14.c/2 {AI95-00251-01} {AI95-00401-01} The definitions of ancestors and descendants were updated to allow multiple ancestors (necessary to support interfaces). 3.5 Scalar Types 1 Scalar types comprise enumeration types, integer types, and real types. Enumeration types and integer types are called discrete types; each value of a discrete type has a position number which is an integer value. Integer types and real types are called numeric types. [All scalar types are ordered, that is, all relational operators are predefined for their values.] Syntax 2 range_constraint ::= range range 3 range ::= range_attribute_reference | simple_expression .. simple_expression 3.a Discussion: These need to be simple_expressions rather than more general expressions because ranges appear in membership tests and other contexts where expression .. expression would be ambiguous. 4 A range has a lower bound and an upper bound and specifies a subset of the values of some scalar type (the type of the range). A range with lower bound L and upper bound R is described by "L .. R". If R is less than L, then the range is a null range, and specifies an empty set of values. Otherwise, the range specifies the values of the type from the lower bound to the upper bound, inclusive. A value belongs to a range if it is of the type of the range, and is in the subset of values specified by the range. A value satisfies a range constraint if it belongs to the associated range. One range is included in another if all values that belong to the first range also belong to the second. Name Resolution Rules 5 For a subtype_indication containing a range_constraint, either directly or as part of some other scalar_constraint, the type of the range shall resolve to that of the type determined by the subtype_mark of the subtype_indication. For a range of a given type, the simple_expressions of the range (likewise, the simple_expressions of the equivalent range for a range_attribute_reference) are expected to be of the type of the range. 5.a Discussion: In Ada 95, constraints only appear within subtype_indications; things that look like constraints that appear in type declarations are called something else like real_range_specifications. 5.b/3 {AI05-0299-1} We say "the expected type is ..." or "the type is expected to be ..." depending on which reads better. They are fundamentally equivalent, and both feed into the type resolution rules of subclause 8.6. 5.c In some cases, it doesn't work to use expected types. For example, in the above rule, we say that the "type of the range shall resolve to ..." rather than "the expected type for the range is ...". We then use "expected type" for the bounds. If we used " expected" at both points, there would be an ambiguity, since one could apply the rules of 8.6 either on determining the type of the range, or on determining the types of the individual bounds. It is clearly important to allow one bound to be of a universal type, and the other of a specific type, so we need to use "expected type" for the bounds. Hence, we used "shall resolve to" for the type of the range as a whole. There are other situations where " expected type" is not quite right, and we use "shall resolve to" instead. Static Semantics 6 The base range of a scalar type is the range of finite values of the type that can be represented in every unconstrained object of the type; it is also the range supported at a minimum for intermediate values during the evaluation of expressions involving predefined operators of the type. 6.a Implementation Note: Note that in some machine architectures intermediates in an expression (particularly if static), and register-resident variables might accommodate a wider range. The base range does not include the values of this wider range that are not assignable without overflow to memory-resident objects. 6.b Ramification: The base range of an enumeration type is the range of values of the enumeration type. 6.c Reason: If the representation supports infinities, the base range is nevertheless restricted to include only the representable finite values, so that 'Base'First and 'Base'Last are always guaranteed to be finite. 6.d To be honest: By a "value that can be assigned without overflow" we don't mean to restrict ourselves to values that can be represented exactly. Values between machine representable values can be assigned, but on subsequent reading, a slightly different value might be retrieved, as (partially) determined by the number of digits of precision of the type. 7 [A constrained scalar subtype is one to which a range constraint applies.] The range of a constrained scalar subtype is the range associated with the range constraint of the subtype. The range of an unconstrained scalar subtype is the base range of its type. Dynamic Semantics 8 A range is compatible with a scalar subtype if and only if it is either a null range or each bound of the range belongs to the range of the subtype. A range_constraint is compatible with a scalar subtype if and only if its range is compatible with the subtype. 8.a Ramification: Only range_constraints (explicit or implicit) impose conditions on the values of a scalar subtype. The other scalar_constraints, digits_constraints and delta_constraints impose conditions on the subtype denoted by the subtype_mark in a subtype_indication, but don't impose a condition on the values of the subtype being defined. Therefore, a scalar subtype is not called constrained if all that applies to it is a digits_constraint. Decimal subtypes are subtle, because a digits_constraint without a range_constraint nevertheless includes an implicit range_constraint. 9 The elaboration of a range_constraint consists of the evaluation of the range. The evaluation of a range determines a lower bound and an upper bound. If simple_expressions are given to specify bounds, the evaluation of the range evaluates these simple_expressions in an arbitrary order, and converts them to the type of the range. If a range_attribute_reference is given, the evaluation of the range consists of the evaluation of the range_attribute_reference. 10 Attributes 11 For every scalar subtype S, the following attributes are defined: 12 S'First S'First denotes the lower bound of the range of S. The value of this attribute is of the type of S. 12.a Ramification: Evaluating S'First never raises Constraint_Error. 13 S'Last S'Last denotes the upper bound of the range of S. The value of this attribute is of the type of S. 13.a Ramification: Evaluating S'Last never raises Constraint_Error. 14 S'Range S'Range is equivalent to the range S'First .. S'Last. 15 S'Base S'Base denotes an unconstrained subtype of the type of S. This unconstrained subtype is called the base subtype of the type. 16 S'Min S'Min denotes a function with the following specification: 17 function S'Min(Left, Right : S'Base) return S'Base 18 The function returns the lesser of the values of the two parameters. 18.a Discussion: The formal parameter names are italicized because they cannot be used in calls - see 6.4. Such a specification cannot be written by the user because an attribute_reference is not permitted as the designator of a user-defined function, nor can its formal parameters be anonymous. 19 S'Max S'Max denotes a function with the following specification: 20 function S'Max(Left, Right : S'Base) return S'Base 21 The function returns the greater of the values of the two parameters. 22 S'Succ S'Succ denotes a function with the following specification: 23 function S'Succ(Arg : S'Base) return S'Base 24 For an enumeration type, the function returns the value whose position number is one more than that of the value of Arg; Constraint_Error is raised if there is no such value of the type. For an integer type, the function returns the result of adding one to the value of Arg. For a fixed point type, the function returns the result of adding small to the value of Arg. For a floating point type, the function returns the machine number (as defined in 3.5.7) immediately above the value of Arg; Constraint_Error is raised if there is no such machine number. 24.a Ramification: S'Succ for a modular integer subtype wraps around if the value of Arg is S'Base'Last. S'Succ for a signed integer subtype might raise Constraint_Error if the value of Arg is S'Base'Last, or it might return the out-of-base-range value S'Base'Last+1, as is permitted for all predefined numeric operations. 25 S'Pred S'Pred denotes a function with the following specification: 26 function S'Pred(Arg : S'Base) return S'Base 27 For an enumeration type, the function returns the value whose position number is one less than that of the value of Arg; Constraint_Error is raised if there is no such value of the type. For an integer type, the function returns the result of subtracting one from the value of Arg. For a fixed point type, the function returns the result of subtracting small from the value of Arg. For a floating point type, the function returns the machine number (as defined in 3.5.7) immediately below the value of Arg; Constraint_Error is raised if there is no such machine number. 27.a Ramification: S'Pred for a modular integer subtype wraps around if the value of Arg is S'Base'First. S'Pred for a signed integer subtype might raise Constraint_Error if the value of Arg is S'Base'First, or it might return the out-of-base-range value S'Base'First-1, as is permitted for all predefined numeric operations. 27.1/2 S'Wide_Wide_Image {AI95-00285-01} S'Wide_Wide_Image denotes a function with the following specification: 27.2/2 function S'Wide_Wide_Image(Arg : S'Base) return Wide_Wide_String 27.3/2 The function returns an image of the value of Arg, that is, a sequence of characters representing the value in display form. The lower bound of the result is one. 27.4/2 The image of an integer value is the corresponding decimal literal, without underlines, leading zeros, exponent, or trailing spaces, but with a single leading character that is either a minus sign or a space. 27.b/2 Implementation Note: If the machine supports negative zeros for signed integer types, it is not specified whether " 0" or "-0" should be returned for negative zero. We don't have enough experience with such machines to know what is appropriate, and what other languages do. In any case, the implementation should be consistent. 27.5/2 The image of an enumeration value is either the corresponding identifier in upper case or the corresponding character literal (including the two apostrophes); neither leading nor trailing spaces are included. For a nongraphic character (a value of a character type that has no enumeration literal associated with it), the result is a corresponding language-defined name in upper case (for example, the image of the nongraphic character identified as nul is "NUL" - the quotes are not part of the image). 27.c/2 Implementation Note: For an enumeration type T that has "holes" (caused by an enumeration_representation_clause), T'Wide_Image should raise Program_Error if the value is one of the holes (which is a bounded error anyway, since holes can be generated only via uninitialized variables and similar things). 27.6/2 The image of a floating point value is a decimal real literal best approximating the value (rounded away from zero if halfway between) with a single leading character that is either a minus sign or a space, a single digit (that is nonzero unless the value is zero), a decimal point, S'Digits-1 (see 3.5.8) digits after the decimal point (but one if S'Digits is one), an upper case E, the sign of the exponent (either + or -), and two or more digits (with leading zeros if necessary) representing the exponent. If S'Signed_Zeros is True, then the leading character is a minus sign for a negatively signed zero. 27.d/2 To be honest: Leading zeros are present in the exponent only if necessary to make the exponent at least two digits. 27.e/2 Reason: This image is intended to conform to that produced by Text_IO.Float_IO.Put in its default format. 27.f/2 Implementation Note: The rounding direction is specified here to ensure portability of output results. 27.7/2 The image of a fixed point value is a decimal real literal best approximating the value (rounded away from zero if halfway between) with a single leading character that is either a minus sign or a space, one or more digits before the decimal point (with no redundant leading zeros), a decimal point, and S'Aft (see 3.5.10) digits after the decimal point. 27.g/2 Reason: This image is intended to conform to that produced by Text_IO.Fixed_IO.Put. 27.h/2 Implementation Note: The rounding direction is specified here to ensure portability of output results. 27.i/2 Implementation Note: For a machine that supports negative zeros, it is not specified whether " 0.000" or "-0.000" is returned. See corresponding comment above about integer types with signed zeros. 28 S'Wide_Image S'Wide_Image denotes a function with the following specification: 29 function S'Wide_Image(Arg : S'Base) return Wide_String 30/3 {AI95-00285-01} {AI05-0262-1} {AI05-0264-1} The function returns an image of the value of Arg as a Wide_String. The lower bound of the result is one. The image has the same sequence of graphic characters as defined for S'Wide_Wide_Image if all the graphic characters are defined in Wide_Character; otherwise, the sequence of characters is implementation defined (but no shorter than that of S'Wide_Wide_Image for the same value of Arg). 30.a/2 Implementation defined: The sequence of characters of the value returned by S'Wide_Image when some of the graphic characters of S'Wide_Wide_Image are not defined in Wide_Character. Paragraphs 31 through 34 were moved to Wide_Wide_Image. 35 S'Image S'Image denotes a function with the following specification: 36 function S'Image(Arg : S'Base) return String 37/3 {AI95-00285-01} {AI05-0264-1} The function returns an image of the value of Arg as a String. The lower bound of the result is one. The image has the same sequence of graphic characters as that defined for S'Wide_Wide_Image if all the graphic characters are defined in Character; otherwise, the sequence of characters is implementation defined (but no shorter than that of S'Wide_Wide_Image for the same value of Arg). 37.a/2 Implementation defined: The sequence of characters of the value returned by S'Image when some of the graphic characters of S'Wide_Wide_Image are not defined in Character. 37.1/2 S'Wide_Wide_Width {AI95-00285-01} S'Wide_Wide_Width denotes the maximum length of a Wide_Wide_String returned by S'Wide_Wide_Image over all values of the subtype S. It denotes zero for a subtype that has a null range. Its type is universal_integer. 38 S'Wide_Width S'Wide_Width denotes the maximum length of a Wide_String returned by S'Wide_Image over all values of the subtype S. It denotes zero for a subtype that has a null range. Its type is universal_integer. 39 S'Width S'Width denotes the maximum length of a String returned by S'Image over all values of the subtype S. It denotes zero for a subtype that has a null range. Its type is universal_integer. 39.1/2 S'Wide_Wide_Value {AI95-00285-01} S'Wide_Wide_Value denotes a function with the following specification: 39.2/2 function S'Wide_Wide_Value(Arg : Wide_Wide_String) return S'Base 39.3/2 This function returns a value given an image of the value as a Wide_Wide_String, ignoring any leading or trailing spaces. 39.4/3 {AI05-0264-1} For the evaluation of a call on S'Wide_Wide_Value for an enumeration subtype S, if the sequence of characters of the parameter (ignoring leading and trailing spaces) has the syntax of an enumeration literal and if it corresponds to a literal of the type of S (or corresponds to the result of S'Wide_Wide_Image for a nongraphic character of the type), the result is the corresponding enumeration value; otherwise, Constraint_Error is raised. 39.a.1/2 Discussion: It's not crystal clear that Range_Check is appropriate here, but it doesn't seem worthwhile to invent a whole new check name just for this weird case, so we decided to lump it in with Range_Check. 39.a.2/2 To be honest: {8652/0096} {AI95-00053-01} A sequence of characters corresponds to the result of S'Wide_Wide_Image if it is the same ignoring case. Thus, the case of an image of a nongraphic character does not matter. For example, Character'Wide_Wide_Value("nul") does not raise Constraint_Error, even though Character'Wide_Wide_Image returns "NUL" for the nul character. 39.5/3 {AI05-0264-1} For the evaluation of a call on S'Wide_Wide_Value for an integer subtype S, if the sequence of characters of the parameter (ignoring leading and trailing spaces) has the syntax of an integer literal, with an optional leading sign character (plus or minus for a signed type; only plus for a modular type), and the corresponding numeric value belongs to the base range of the type of S, then that value is the result; otherwise, Constraint_Error is raised. 39.a.3/2 Discussion: We considered allowing 'Value to return a representable but out-of-range value without a Constraint_Error. However, we currently require (see 4.9) in an assignment_statement like "X := ;" that the value of the numeric-literal be in X's base range (at compile time), so it seems unfriendly and confusing to have a different range allowed for 'Value. Furthermore, for modular types, without the requirement for being in the base range, 'Value would have to handle arbitrarily long literals (since overflow never occurs for modular types). 39.6/2 For the evaluation of a call on S'Wide_Wide_Value for a real subtype S, if the sequence of characters of the parameter (ignoring leading and trailing spaces) has the syntax of one of the following: 39.7/2 * numeric_literal 39.8/2 * numeral.[exponent] 39.9/2 * .numeral[exponent] 39.10/2 * base#based_numeral.#[exponent] 39.11/2 * base#.based_numeral#[exponent] 39.12/3 {AI05-0264-1} with an optional leading sign character (plus or minus), and if the corresponding numeric value belongs to the base range of the type of S, then that value is the result; otherwise, Constraint_Error is raised. The sign of a zero value is preserved (positive if none has been specified) if S'Signed_Zeros is True. 40 S'Wide_Value S'Wide_Value denotes a function with the following specification: 41 function S'Wide_Value(Arg : Wide_String) return S'Base 42 This function returns a value given an image of the value as a Wide_String, ignoring any leading or trailing spaces. 43/3 {AI95-00285-01} {AI05-0264-1} For the evaluation of a call on S'Wide_Value for an enumeration subtype S, if the sequence of characters of the parameter (ignoring leading and trailing spaces) has the syntax of an enumeration literal and if it corresponds to a literal of the type of S (or corresponds to the result of S'Wide_Image for a value of the type), the result is the corresponding enumeration value; otherwise, Constraint_Error is raised. For a numeric subtype S, the evaluation of a call on S'Wide_Value with Arg of type Wide_String is equivalent to a call on S'Wide_Wide_Value for a corresponding Arg of type Wide_Wide_String. 43.a/2 This paragraph was deleted. 43.a.1/2 This paragraph was deleted.{8652/0096} {AI95-00053-01} 43.b/2 Reason: S'Wide_Value is subtly different from S'Wide_Wide_Value for enumeration subtypes since S'Wide_Image might produce a different sequence of characters than S'Wide_Wide_Image if the enumeration literal uses characters outside of the predefined type Wide_Character. That is why we don't just define S'Wide_Value in terms of S'Wide_Wide_Value for enumeration subtypes. S'Wide_Value and S'Wide_Wide_Value for numeric subtypes yield the same result given the same sequence of characters. Paragraphs 44 through 51 were moved to Wide_Wide_Value. 52 S'Value S'Value denotes a function with the following specification: 53 function S'Value(Arg : String) return S'Base 54 This function returns a value given an image of the value as a String, ignoring any leading or trailing spaces. 55/3 {AI95-00285-01} {AI05-0264-1} For the evaluation of a call on S'Value for an enumeration subtype S, if the sequence of characters of the parameter (ignoring leading and trailing spaces) has the syntax of an enumeration literal and if it corresponds to a literal of the type of S (or corresponds to the result of S'Image for a value of the type), the result is the corresponding enumeration value; otherwise, Constraint_Error is raised. For a numeric subtype S, the evaluation of a call on S'Value with Arg of type String is equivalent to a call on S'Wide_Wide_Value for a corresponding Arg of type Wide_Wide_String. 55.a/2 Reason: {AI95-00285-01} S'Value is subtly different from S'Wide_Wide_Value for enumeration subtypes; see the discussion under S'Wide_Value. 55.1/4 {AI12-0124-1} For a prefix X that denotes an object of a scalar type[ (after any implicit dereference)], the following attributes are defined: 55.2/4 X'Wide_Wide_Image {AI12-0124-1} X'Wide_Wide_Image denotes the result of calling function S'Wide_Wide_Image with Arg being X, where S is the nominal subtype of X. 55.3/4 X'Wide_Image {AI12-0124-1} X'Wide_Image denotes the result of calling function S'Wide_Image with Arg being X, where S is the nominal subtype of X. 55.4/4 X'Image {AI12-0124-1} X'Image denotes the result of calling function S'Image with Arg being X, where S is the nominal subtype of X. Implementation Permissions 56/2 {AI95-00285-01} An implementation may extend the Wide_Wide_Value, [Wide_Value, Value, Wide_Wide_Image, Wide_Image, and Image] attributes of a floating point type to support special values such as infinities and NaNs. 56.a/2 Proof: {AI95-00285-01} The permission is really only necessary for Wide_Wide_Value, because Value and Wide_Value are defined in terms of Wide_Wide_Value, and because the behavior of Wide_Wide_Image, Wide_Image, and Image is already unspecified for things like infinities and NaNs. 56.b Reason: This is to allow implementations to define full support for IEEE arithmetic. See also the similar permission for Get in A.10.9. 56.1/3 {AI05-0182-1} {AI05-0262-1} {AI05-0269-1} An implementation may extend the Wide_Wide_Value, Wide_Value, and Value attributes of a character type to accept strings of the form "Hex_hhhhhhhh" (ignoring case) for any character (not just the ones for which Wide_Wide_Image would produce that form - see 3.5.2), as well as three-character strings of the form "'X'", where X is any character, including nongraphic characters. Static Semantics 56.2/3 {AI05-0228-1} For a scalar type, the following language-defined representation aspect may be specified with an aspect_specification (see 13.1.1): 56.3/3 Default_Value This aspect shall be specified by a static expression, and that expression shall be explicit, even if the aspect has a boolean type. Default_Value shall be specified only on a full_type_declaration. 56.c/3 Reason: The part about requiring an explicit expression is to disallow omitting the value for this aspect, which would otherwise be allowed by the rules of 13.1.1. 56.d/3 This is a representation aspect in order to disallow specifying it on a derived type that has inherited primitive subprograms; that is necessary as the sizes of out parameters could be different whether or not a Default_Value is specified (see 6.4.1). 56.e/3 Aspect Description for Default_Value: Default value for a scalar subtype. 56.4/3 {AI05-0228-1} If a derived type with no primitive subprograms inherits a boolean Default_Value aspect, the aspect may be specified to have any value for the derived type. 56.f/3 Reason: This overrides the 13.1.1 rule that says that a boolean aspect with a value True cannot be changed. Name Resolution Rules 56.5/3 {AI05-0228-1} The expected type for the expression specified for the Default_Value aspect is the type defined by the full_type_declaration on which it appears. NOTES 57 27 The evaluation of S'First or S'Last never raises an exception. If a scalar subtype S has a nonnull range, S'First and S'Last belong to this range. These values can, for example, always be assigned to a variable of subtype S. 57.a Discussion: This paragraph addresses an issue that came up with Ada 83, where for fixed point types, the end points of the range specified in the type definition were not necessarily within the base range of the type. However, it was later clarified (and we reconfirm it in 3.5.9, "Fixed Point Types") that the First and Last attributes reflect the true bounds chosen for the type, not the bounds specified in the type definition (which might be outside the ultimately chosen base range). 58 28 For a subtype of a scalar type, the result delivered by the attributes Succ, Pred, and Value might not belong to the subtype; similarly, the actual parameters of the attributes Succ, Pred, and Image need not belong to the subtype. 59 29 For any value V (including any nongraphic character) of an enumeration subtype S, S'Value(S'Image(V)) equals V, as do S'Wide_Value(S'Wide_Image(V)) and S'Wide_Wide_Value(S'Wide_Wide_Image(V)). None of these expressions ever raise Constraint_Error. Examples 60 Examples of ranges: 61 -10 .. 10 X .. X + 1 0.0 .. 2.0*Pi Red .. Green -- see 3.5.1 1 .. 0 -- a null range Table'Range -- a range attribute reference (see 3.6) 62 Examples of range constraints: 63 range -999.0 .. +999.0 range S'First+1 .. S'Last-1 Incompatibilities With Ada 83 63.a/1 S'Base is no longer defined for nonscalar types. One conceivable existing use of S'Base for nonscalar types is S'Base'Size where S is a generic formal private type. However, that is not generally useful because the actual subtype corresponding to S might be a constrained array or discriminated type, which would mean that S'Base'Size might very well overflow (for example, S'Base'Size where S is a constrained subtype of String will generally be 8 * (Integer'Last + 1)). For derived discriminated types that are packed, S'Base'Size might not even be well defined if the first subtype is constrained, thereby allowing some amount of normally required "dope" to have been squeezed out in the packing. Hence our conclusion is that S'Base'Size is not generally useful in a generic, and does not justify keeping the attribute Base for nonscalar types just so it can be used as a prefix. Extensions to Ada 83 63.b The attribute S'Base for a scalar subtype is now permitted anywhere a subtype_mark is permitted. S'Base'First .. S'Base'Last is the base range of the type. Using an attribute_definition_- clause, one cannot specify any subtype-specific attributes for the subtype denoted by S'Base (the base subtype). 63.c The attribute S'Range is now allowed for scalar subtypes. 63.d The attributes S'Min and S'Max are now defined, and made available for all scalar types. 63.e The attributes S'Succ, S'Pred, S'Image, S'Value, and S'Width are now defined for real types as well as discrete types. 63.f Wide_String versions of S'Image and S'Value are defined. These are called S'Wide_Image and S'Wide_Value to avoid introducing ambiguities involving uses of these attributes with string literals. Wording Changes from Ada 83 63.g We now use the syntactic category range_attribute_reference since it is now syntactically distinguished from other attribute references. 63.h The definition of S'Base has been moved here from 3.3.3 since it now applies only to scalar types. 63.i More explicit rules are provided for nongraphic characters. Extensions to Ada 95 63.j/2 {AI95-00285-01} The attributes Wide_Wide_Image, Wide_Wide_Value, and Wide_Wide_Width are new. Note that Wide_Image and Wide_Value are now defined in terms of Wide_Wide_Image and Wide_Wide_Value, but the image of types other than characters have not changed. Wording Changes from Ada 95 63.k/2 {AI95-00285-01} The Wide_Image and Wide_Value attributes are now defined in terms of Wide_Wide_Image and Wide_Wide_Value, but the images of numeric types have not changed. Inconsistencies With Ada 2005 63.l/3 {AI05-0181-1} Correction: Soft hyphen (code point 173) is nongraphic in ISO/IEC 10646:2011 (and also in the 2003 version of that standard). Thus, we have given it the language-defined name soft_hyphen. This changes the result of Character'Image (and all of the related types and Image attributes) for this character, and changes the behavior of Character'Value (and all of the related types and Value attributes) for this character, and (in unusual circumstances), changes the result for Character'Width (and all of the related types and Width attributes). The vast majority of programs won't see any difference, as they are already prepared to handle nongraphic characters. 63.m/3 {AI05-0182-1} Correction: Added an Implementation Permissions to let Wide_Wide_Value, Wide_Value, and Value accept strings in the form of literals containing nongraphic characters and "Hex_hhhhhhhh" for Latin-1 and graphic characters. These were required to raise Constraint_Error in Ada 2005. Since these attributes aren't very useful, implementations were inconsistent as to whether these were accepted, and since code that would care why the attribute failed seems unlikely, this should not be a problem in practice. Extensions to Ada 2005 63.n/3 {AI05-0228-1} The new aspect Default_Value allows defining implicit initial values (see 3.3.1) for scalar types. Extensions to Ada 2012 63.o/4 {AI12-0124-1} Corrigendum: An object can be now used as the prefix of the Image attribute (as well as Wide_Image and Wide_Wide_Image), a convenience feature already present in some implementations. 3.5.1 Enumeration Types 1 [ An enumeration_type_definition defines an enumeration type.] Syntax 2 enumeration_type_definition ::= (enumeration_literal_specification {, enumeration_literal_specification}) 3 enumeration_literal_specification ::= defining_identifier | defining_character_literal 4 defining_character_literal ::= character_literal Legality Rules 5/3 {AI05-0227-1} {AI05-0299-1} The defining_identifiers in upper case [and the defining_character_literals] listed in an enumeration_type_definition shall be distinct. 5.a/3 Proof: {AI05-0227-1} For character literals, this is a ramification of the normal disallowance of homographs explicitly declared immediately in the same declarative region. 5.b/3 Reason: {AI05-0227-1} To ease implementation of the attribute Wide_Wide_Value, we require that all enumeration literals have distinct images. Static Semantics 6/3 {AI05-0006-1} Each enumeration_literal_specification is the explicit declaration of the corresponding enumeration literal: it declares a parameterless function, whose defining name is the defining_identifier or defining_character_literal, and whose result subtype is the base subtype of the enumeration type. 6.a Reason: This rule defines the profile of the enumeration literal, which is used in the various types of conformance. 6.b Ramification: The parameterless function associated with an enumeration literal is fully defined by the enumeration_type_definition; a body is not permitted for it, and it never fails the Elaboration_Check when called. 6.c/3 Discussion: {AI05-0006-1} The result subtype is primarily a concern when an enumeration literal is used as the expression of a case statement, due to the full coverage requirement based on the nominal subtype. 7 Each enumeration literal corresponds to a distinct value of the enumeration type, and to a distinct position number. The position number of the value of the first listed enumeration literal is zero; the position number of the value of each subsequent enumeration literal is one more than that of its predecessor in the list. 8 [The predefined order relations between values of the enumeration type follow the order of corresponding position numbers.] 9 [ If the same defining_identifier or defining_character_literal is specified in more than one enumeration_type_definition, the corresponding enumeration literals are said to be overloaded. At any place where an overloaded enumeration literal occurs in the text of a program, the type of the enumeration literal has to be determinable from the context (see 8.6).] Dynamic Semantics 10 The elaboration of an enumeration_type_definition creates the enumeration type and its first subtype, which is constrained to the base range of the type. 10.a Ramification: The first subtype of a discrete type is always constrained, except in the case of a derived type whose parent subtype is Whatever'Base. 11 When called, the parameterless function associated with an enumeration literal returns the corresponding value of the enumeration type. NOTES 12 30 If an enumeration literal occurs in a context that does not otherwise suffice to determine the type of the literal, then qualification by the name of the enumeration type is one way to resolve the ambiguity (see 4.7). Examples 13 Examples of enumeration types and subtypes: 14 type Day is (Mon, Tue, Wed, Thu, Fri, Sat, Sun); type Suit is (Clubs, Diamonds, Hearts, Spades); type Gender is (M, F); type Level is (Low, Medium, Urgent); type Color is (White, Red, Yellow, Green, Blue, Brown, Black); type Light is (Red, Amber, Green); -- Red and Green are overloaded 15 type Hexa is ('A', 'B', 'C', 'D', 'E', 'F'); type Mixed is ('A', 'B', '*', B, None, '?', '%'); 16 subtype Weekday is Day range Mon .. Fri; subtype Major is Suit range Hearts .. Spades; subtype Rainbow is Color range Red .. Blue; -- the Color Red, not the Light Wording Changes from Ada 83 16.a The syntax rule for defining_character_literal is new. It is used for the defining occurrence of a character_literal, analogously to defining_identifier. Usage occurrences use the name or selector_name syntactic categories. 16.b We emphasize the fact that an enumeration literal denotes a function, which is called to produce a value. Incompatibilities With Ada 2005 16.c/3 {AI05-0227-1} Correction: Required that all enumeration literals in a type have distinct images; this might not be the case since upper case conversion can map distinct characters to the same upper case character. This can only happen for identifiers using Unicode characters first allowed by Ada 2005; moreover, the original definition of Ada 2005 was confused and appeared to require inconsistent results from the Image attribute, so implementations that allowed problematic cases are rare; the problematic cases are very rare; so it is expected that this change would only affect test programs. Wording Changes from Ada 2005 16.d/3 {AI05-0006-1} Correction: Defined the result subtype of an enumeration literal to close a minor language hole. 3.5.2 Character Types Static Semantics 1 An enumeration type is said to be a character type if at least one of its enumeration literals is a character_literal. 2/3 {AI95-00285-01} {AI05-0181-1} {AI05-0262-1} {AI05-0266-1} The predefined type Character is a character type whose values correspond to the 256 code points of Row 00 (also known as Latin-1) of the ISO/IEC 10646:2011 Basic Multilingual Plane (BMP). Each of the graphic characters of Row 00 of the BMP has a corresponding character_literal in Character. Each of the nongraphic characters of Row 00 has a corresponding language-defined name, which is not usable as an enumeration literal, but which is usable with the attributes Image, Wide_Image, Wide_Wide_Image, Value, Wide_Value, and Wide_Wide_Value; these names are given in the definition of type Character in A.1, " The Package Standard", but are set in italics. 2.a/3 Discussion: {AI05-0262-1} Code point is defined in ISO/IEC 10646:2011. 3/3 {AI95-00285-01} {AI05-0262-1} The predefined type Wide_Character is a character type whose values correspond to the 65536 code points of the ISO/IEC 10646:2011 Basic Multilingual Plane (BMP). Each of the graphic characters of the BMP has a corresponding character_literal in Wide_Character. The first 256 values of Wide_Character have the same character_literal or language-defined name as defined for Character. Each of the graphic_characters has a corresponding character_literal. 4/3 {AI95-00285-01} {AI05-0262-1} The predefined type Wide_Wide_Character is a character type whose values correspond to the 2147483648 code points of the ISO/IEC 10646:2011 character set. Each of the graphic_characters has a corresponding character_literal in Wide_Wide_Character. The first 65536 values of Wide_Wide_Character have the same character_literal or language-defined name as defined for Wide_Character. 5/3 {AI95-00285-01} {AI05-0262-1} The characters whose code point is larger than 16#FF# and which are not graphic_characters have language-defined names which are formed by appending to the string "Hex_" the representation of their code point in hexadecimal as eight extended digits. As with other language-defined names, these names are usable only with the attributes (Wide_)Wide_Image and (Wide_)Wide_Value; they are not usable as enumeration literals. 5.a/2 Reason: {AI95-00285-01} The language-defined names are not usable as enumeration literals to avoid "polluting" the name space. Since Wide_Character and Wide_Wide_Character are defined in Standard, if the language-defined names were usable as enumeration literals, they would hide other nonoverloadable declarations with the same names in use-d packages.]} Paragraphs 6 and 7 were deleted. NOTES 8 31 The language-defined library package Characters.Latin_1 (see A.3.3) includes the declaration of constants denoting control characters, lower case characters, and special characters of the predefined type Character. 8.a To be honest: The package ASCII does the same, but only for the first 128 characters of Character. Hence, it is an obsolescent package, and we no longer mention it here. 9/3 32 {AI05-0299-1} A conventional character set such as EBCDIC can be declared as a character type; the internal codes of the characters can be specified by an enumeration_representation_clause as explained in subclause 13.4. Examples 10 Example of a character type: 11 type Roman_Digit is ('I', 'V', 'X', 'L', 'C', 'D', 'M'); Inconsistencies With Ada 83 11.a The declaration of Wide_Character in package Standard hides use-visible declarations with the same defining identifier. In the unlikely event that an Ada 83 program had depended on such a use-visible declaration, and the program remains legal after the substitution of Standard.Wide_Character, the meaning of the program will be different. Incompatibilities With Ada 83 11.b The presence of Wide_Character in package Standard means that an expression such as 11.c 'a' = 'b' 11.d is ambiguous in Ada 95, whereas in Ada 83 both literals could be resolved to be of type Character. 11.e The change in visibility rules (see 4.2) for character literals means that additional qualification might be necessary to resolve expressions involving overloaded subprograms and character literals. Extensions to Ada 83 11.f The type Character has been extended to have 256 positions, and the type Wide_Character has been added. Note that this change was already approved by the ARG for Ada 83 conforming compilers. 11.g The rules for referencing character literals are changed (see 4.2), so that the declaration of the character type need not be directly visible to use its literals, similar to null and string literals. Context is used to resolve their type. Inconsistencies With Ada 95 11.h/2 {AI95-00285-01} Ada 95 defined most characters in Wide_Character to be graphic characters, while Ada 2005 uses the categorizations from ISO-10646:2003. It also provides language-defined names for all nongraphic characters. That means that in Ada 2005, Wide_Character'Wide_Value will raise Constraint_Error for a string representing a character_literal of a nongraphic character, while Ada 95 would have accepted it. Similarly, the result of Wide_Character'Wide_Image will change for such nongraphic characters. 11.i/3 {AI95-00395-01} {AI05-0005-1} {AI05-0262-1} The language-defined names FFFE and FFFF were replaced by a consistent set of language-defined names for all nongraphic characters with code points greater than 16#FF#. That means that in Ada 2005, Wide_Character'Wide_Value("FFFE") will raise Constraint_Error while Ada 95 would have accepted it. Similarly, the result of Wide_Character'Wide_Image will change for the position numbers 16#FFFE# and 16#FFFF#. It is very unlikely that this will matter in practice, as these names do not represent usable characters. 11.j/2 {AI95-00285-01} {AI95-00395-01} Because of the previously mentioned changes to the Wide_Character'Wide_Image of various character values, the value of attribute Wide_Width will change for some subtypes of Wide_Character. However, the new language-defined names were chosen so that the value of Wide_Character'Wide_Width itself does not change. 11.k/2 {AI95-00285-01} The declaration of Wide_Wide_Character in package Standard hides use-visible declarations with the same defining identifier. In the (very) unlikely event that an Ada 95 program had depended on such a use-visible declaration, and the program remains legal after the substitution of Standard.Wide_Wide_Character, the meaning of the program will be different. Extensions to Ada 95 11.l/2 {AI95-00285-01} The type Wide_Wide_Character is new. Wording Changes from Ada 95 11.m/2 {AI95-00285-01} Characters are now defined in terms of the entire ISO/IEC 10646:2003 character set. 11.n/3 {AI95-00285-01} {AI05-0248-1} We dropped the Implementation Advice for nonstandard interpretation of character sets; an implementation can do what it wants in a nonstandard mode, so there isn't much point to any advice. Wording Changes from Ada 2005 11.o/3 {AI05-0181-1} Correction: Removed the position numbers of nongraphic characters from the text, as it is wrong and thus misleading. 11.p/3 {AI05-0262-1} Changed "code position" to "code point" consistently throughout the standard, as ISO/IEC 10646:2011 prefers "code point" and we are referring to the definition in that Standard. This change also reduces confusion between "code point" and "position number"; while these have the same values for the predefined character types, there is no required relationship for other character types. 3.5.3 Boolean Types Static Semantics 1 There is a predefined enumeration type named Boolean, [declared in the visible part of package Standard]. It has the two enumeration literals False and True ordered with the relation False < True. Any descendant of the predefined type Boolean is called a boolean type. 1.a Implementation Note: An implementation is not required to support enumeration representation clauses on boolean types that impose an unacceptable implementation burden. See 13.4, " Enumeration Representation Clauses". However, it is generally straightforward to support representations where False is zero and True is 2**n - 1 for some n. 3.5.4 Integer Types 1 An integer_type_definition defines an integer type; it defines either a signed integer type, or a modular integer type. The base range of a signed integer type includes at least the values of the specified range. A modular type is an integer type with all arithmetic modulo a specified positive modulus; such a type corresponds to an unsigned type with wrap-around semantics. Syntax 2 integer_type_definition ::= signed_integer_type_definition | modular_type_definition 3 signed_integer_type_definition ::= range static_simple_expression .. static_simple_expression 3.a Discussion: We don't call this a range_constraint, because it is rather different - not only is it required to be static, but the associated overload resolution rules are different than for normal range constraints. A similar comment applies to real_range_specification. This used to be integer_range_specification but when we added support for modular types, it seemed overkill to have three levels of syntax rules, and just calling these signed_integer_range_specification and modular_range_specification loses the fact that they are defining different classes of types, which is important for the generic type matching rules. 4 modular_type_definition ::= mod static_expression Name Resolution Rules 5 Each simple_expression in a signed_integer_type_definition is expected to be of any integer type; they need not be of the same type. The expression in a modular_type_definition is likewise expected to be of any integer type. Legality Rules 6 The simple_expressions of a signed_integer_type_definition shall be static, and their values shall be in the range System.Min_Int .. System.Max_Int. 7 The expression of a modular_type_definition shall be static, and its value (the modulus) shall be positive, and shall be no greater than System.Max_Binary_Modulus if a power of 2, or no greater than System.Max_Nonbinary_Modulus if not. 7.a Reason: For a 2's-complement machine, supporting nonbinary moduli greater than System.Max_Int can be quite difficult, whereas essentially any binary moduli are straightforward to support, up to 2*System.Max_Int+2, so this justifies having two separate limits. Static Semantics 8 The set of values for a signed integer type is the (infinite) set of mathematical integers[, though only values of the base range of the type are fully supported for run-time operations]. The set of values for a modular integer type are the values from 0 to one less than the modulus, inclusive. 9 A signed_integer_type_definition defines an integer type whose base range includes at least the values of the simple_expressions and is symmetric about zero, excepting possibly an extra negative value. A signed_integer_type_definition also defines a constrained first subtype of the type, with a range whose bounds are given by the values of the simple_expressions, converted to the type being defined. 9.a/2 Implementation Note: {AI95-00114-01} The base range of a signed integer type might be much larger than is necessary to satisfy the above requirements. 9.a.1/1 To be honest: The conversion mentioned above is not an implicit subtype conversion (which is something that happens at overload resolution, see 4.6), although it happens implicitly. Therefore, the freezing rules are not invoked on the type (which is important so that representation items can be given for the type). 10 A modular_type_definition defines a modular type whose base range is from zero to one less than the given modulus. A modular_type_definition also defines a constrained first subtype of the type with a range that is the same as the base range of the type. 11 There is a predefined signed integer subtype named Integer[, declared in the visible part of package Standard]. It is constrained to the base range of its type. 11.a Reason: Integer is a constrained subtype, rather than an unconstrained subtype. This means that on assignment to an object of subtype Integer, a range check is required. On the other hand, an object of subtype Integer'Base is unconstrained, and no range check (only overflow check) is required on assignment. For example, if the object is held in an extended-length register, its value might be outside of Integer'First .. Integer'Last. All parameter and result subtypes of the predefined integer operators are of such unconstrained subtypes, allowing extended-length registers to be used as operands or for the result. In an earlier version of Ada 95, Integer was unconstrained. However, the fact that certain Constraint_Errors might be omitted or appear elsewhere was felt to be an undesirable upward inconsistency in this case. Note that for Float, the opposite conclusion was reached, partly because of the high cost of performing range checks when not actually necessary. Objects of subtype Float are unconstrained, and no range checks, only overflow checks, are performed for them. 12 Integer has two predefined subtypes, [declared in the visible part of package Standard:] 13 subtype Natural is Integer range 0 .. Integer'Last; subtype Positive is Integer range 1 .. Integer'Last; 14 A type defined by an integer_type_definition is implicitly derived from root_integer, an anonymous predefined (specific) integer type, whose base range is System.Min_Int .. System.Max_Int. However, the base range of the new type is not inherited from root_integer, but is instead determined by the range or modulus specified by the integer_type_definition. [Integer literals are all of the type universal_integer, the universal type (see 3.4.1) for the class rooted at root_integer, allowing their use with the operations of any integer type.] 14.a Discussion: This implicit derivation is not considered exactly equivalent to explicit derivation via a derived_type_definition. In particular, integer types defined via a derived_type_definition inherit their base range from their parent type. A type defined by an integer_type_definition does not necessarily inherit its base range from root_integer. It is not specified whether the implicit derivation from root_integer is direct or indirect, not that it really matters. All we want is for all integer types to be descendants of root_integer. 14.a.1/1 {8652/0099} {AI95-00152-01} Note that this derivation does not imply any inheritance of subprograms. Subprograms are inherited only for types derived by a derived_type_definition (see 3.4), or a private_extension_declaration (see 7.3, 7.3.1, and 12.5.1). 14.b Implementation Note: It is the intent that even nonstandard integer types (see below) will be descendants of root_integer, even though they might have a base range that exceeds that of root_integer. This causes no problem for static calculations, which are performed without range restrictions (see 4.9). However for run-time calculations, it is possible that Constraint_Error might be raised when using an operator of root_integer on the result of 'Val applied to a value of a nonstandard integer type. 15 The position number of an integer value is equal to the value. 16/2 {AI95-00340-01} For every modular subtype S, the following attributes are defined: 16.1/2 S'Mod {AI95-00340-01} S'Mod denotes a function with the following specification: 16.2/2 function S'Mod (Arg : universal_integer) return S'Base 16.3/2 This function returns Arg mod S'Modulus, as a value of the type of S. 17 S'Modulus S'Modulus yields the modulus of the type of S, as a value of the type universal_integer. Dynamic Semantics 18 The elaboration of an integer_type_definition creates the integer type and its first subtype. 19 For a modular type, if the result of the execution of a predefined operator (see 4.5) is outside the base range of the type, the result is reduced modulo the modulus of the type to a value that is within the base range of the type. 20 For a signed integer type, the exception Constraint_Error is raised by the execution of an operation that cannot deliver the correct result because it is outside the base range of the type. [ For any integer type, Constraint_Error is raised by the operators "/", "rem", and "mod" if the right operand is zero.] Implementation Requirements 21 In an implementation, the range of Integer shall include the range -2**15+1 .. +2**15-1. 22 If Long_Integer is predefined for an implementation, then its range shall include the range -2**31+1 .. +2**31-1. 23 System.Max_Binary_Modulus shall be at least 2**16. Implementation Permissions 24 For the execution of a predefined operation of a signed integer type, the implementation need not raise Constraint_Error if the result is outside the base range of the type, so long as the correct result is produced. 24.a Discussion: Constraint_Error is never raised for operations on modular types, except for divide-by-zero (and rem/mod-by-zero). 25 An implementation may provide additional predefined signed integer types[, declared in the visible part of Standard], whose first subtypes have names of the form Short_Integer, Long_Integer, Short_Short_Integer, Long_Long_Integer, etc. Different predefined integer types are allowed to have the same base range. However, the range of Integer should be no wider than that of Long_Integer. Similarly, the range of Short_Integer (if provided) should be no wider than Integer. Corresponding recommendations apply to any other predefined integer types. There need not be a named integer type corresponding to each distinct base range supported by an implementation. The range of each first subtype should be the base range of its type. 25.a Implementation defined: The predefined integer types declared in Standard. 26 An implementation may provide nonstandard integer types, descendants of root_integer that are declared outside of the specification of package Standard, which need not have all the standard characteristics of a type defined by an integer_type_definition. For example, a nonstandard integer type might have an asymmetric base range or it might not be allowed as an array or loop index (a very long integer). Any type descended from a nonstandard integer type is also nonstandard. An implementation may place arbitrary restrictions on the use of such types; it is implementation defined whether operators that are predefined for "any integer type" are defined for a particular nonstandard integer type. [In any case, such types are not permitted as explicit_generic_actual_parameters for formal scalar types - see 12.5.2.] 26.a Implementation defined: Any nonstandard integer types and the operators defined for them. 27 For a one's complement machine, the high bound of the base range of a modular type whose modulus is one less than a power of 2 may be equal to the modulus, rather than one less than the modulus. It is implementation defined for which powers of 2, if any, this permission is exercised. 27.1/1 {8652/0003} {AI95-00095-01} For a one's complement machine, implementations may support nonbinary modulus values greater than System.Max_Nonbinary_Modulus. It is implementation defined which specific values greater than System.Max_Nonbinary_Modulus, if any, are supported. 27.a.1/1 Reason: On a one's complement machine, the natural full word type would have a modulus of 2**Word_Size-1. However, we would want to allow the all-ones bit pattern (which represents negative zero as a number) in logical operations. These permissions are intended to allow that and the natural modulus value without burdening implementations with supporting expensive modulus values. Implementation Advice 28 An implementation should support Long_Integer in addition to Integer if the target machine supports 32-bit (or longer) arithmetic. No other named integer subtypes are recommended for package Standard. Instead, appropriate named integer subtypes should be provided in the library package Interfaces (see B.2). 28.a.1/2 Implementation Advice: Long_Integer should be declared in Standard if the target supports 32-bit arithmetic. No other named integer subtypes should be declared in Standard. 28.a Implementation Note: To promote portability, implementations should explicitly declare the integer (sub)types Integer and Long_Integer in Standard, and leave other predefined integer types anonymous. For implementations that already support Byte_Integer, etc., upward compatibility argues for keeping such declarations in Standard during the transition period, but perhaps generating a warning on use. A separate package Interfaces in the predefined environment is available for pre-declaring types such as Integer_8, Integer_16, etc. See B.2. In any case, if the user declares a subtype (first or not) whose range fits in, for example, a byte, the implementation can store variables of the subtype in a single byte, even if the base range of the type is wider. 29 An implementation for a two's complement machine should support modular types with a binary modulus up to System.Max_Int*2+2. An implementation should support a nonbinary modulus up to Integer'Last. 29.a.1/2 Implementation Advice: For a two's complement target, modular types with a binary modulus up to System.Max_Int*2+2 should be supported. A nonbinary modulus up to Integer'Last should be supported. 29.a Reason: Modular types provide bit-wise "and", "or", "xor", and "not" operations. It is important for systems programming that these be available for all integer types of the target hardware. 29.b Ramification: Note that on a one's complement machine, the largest supported modular type would normally have a nonbinary modulus. On a two's complement machine, the largest supported modular type would normally have a binary modulus. 29.c Implementation Note: Supporting a nonbinary modulus greater than Integer'Last can impose an undesirable implementation burden on some machines. NOTES 30 33 Integer literals are of the anonymous predefined integer type universal_integer. Other integer types have no literals. However, the overload resolution rules (see 8.6, " The Context of Overload Resolution") allow expressions of the type universal_integer whenever an integer type is expected. 31 34 The same arithmetic operators are predefined for all signed integer types defined by a signed_integer_type_definition (see 4.5 , "Operators and Expression Evaluation"). For modular types, these same operators are predefined, plus bit-wise logical operators (and, or, xor, and not). In addition, for the unsigned types declared in the language-defined package Interfaces (see B.2), functions are defined that provide bit-wise shifting and rotating. 32 35 Modular types match a generic_formal_parameter_declaration of the form "type T is mod <>;"; signed integer types match "type T is range <>;" (see 12.5.2). Examples 33 Examples of integer types and subtypes: 34 type Page_Num is range 1 .. 2_000; type Line_Size is range 1 .. Max_Line_Size; 35 subtype Small_Int is Integer range -10 .. 10; subtype Column_Ptr is Line_Size range 1 .. 10; subtype Buffer_Size is Integer range 0 .. Max; 36 type Byte is mod 256; -- an unsigned byte type Hash_Index is mod 97; -- modulus is prime Extensions to Ada 83 36.a An implementation is allowed to support any number of distinct base ranges for integer types, even if fewer integer types are explicitly declared in Standard. 36.b Modular (unsigned, wrap-around) types are new. Wording Changes from Ada 83 36.c Ada 83's integer types are now called "signed" integer types, to contrast them with "modular" integer types. 36.d Standard.Integer, Standard.Long_Integer, etc., denote constrained subtypes of predefined integer types, consistent with the Ada 95 model that only subtypes have names. 36.e We now impose minimum requirements on the base range of Integer and Long_Integer. 36.f We no longer explain integer type definition in terms of an equivalence to a normal type derivation, except to say that all integer types are by definition implicitly derived from root_integer. This is for various reasons. 36.g First of all, the equivalence with a type derivation and a subtype declaration was not perfect, and was the source of various AIs (for example, is the conversion of the bounds static? Is a numeric type a derived type with respect to other rules of the language?) 36.h Secondly, we don't want to require that every integer size supported shall have a corresponding named type in Standard. Adding named types to Standard creates nonportabilities. 36.i Thirdly, we don't want the set of types that match a formal derived type "type T is new Integer;" to depend on the particular underlying integer representation chosen to implement a given user-defined integer type. Hence, we would have needed anonymous integer types as parent types for the implicit derivation anyway. We have simply chosen to identify only one anonymous integer type - root_integer, and stated that every integer type is derived from it. 36.j Finally, the "fiction" that there were distinct preexisting predefined types for every supported representation breaks down for fixed point with arbitrary smalls, and was never exploited for enumeration types, array types, etc. Hence, there seems little benefit to pushing an explicit equivalence between integer type definition and normal type derivation. Extensions to Ada 95 36.k/2 {AI95-00340-01} The Mod attribute is new. It eases mixing of signed and unsigned values in an expression, which can be difficult as there may be no type which can contain all of the values of both of the types involved. Wording Changes from Ada 95 36.l/2 {8652/0003} {AI95-00095-01} Corrigendum: Added additional permissions for modular types on one's complement machines. 3.5.5 Operations of Discrete Types Static Semantics 1 For every discrete subtype S, the following attributes are defined: 2 S'Pos S'Pos denotes a function with the following specification: 3 function S'Pos(Arg : S'Base) return universal_integer 4 This function returns the position number of the value of Arg, as a value of type universal_integer. 5 S'Val S'Val denotes a function with the following specification: 6 function S'Val(Arg : universal_integer) return S'Base 7 This function returns a value of the type of S whose position number equals the value of Arg. For the evaluation of a call on S'Val, if there is no value in the base range of its type with the given position number, Constraint_Error is raised. 7.a Ramification: By the overload resolution rules, a formal parameter of type universal_integer allows an actual parameter of any integer type. 7.b Reason: We considered allowing S'Val for a signed integer subtype S to return an out-of-range value, but since checks were required for enumeration and modular types anyway, the allowance didn't seem worth the complexity of the rule. 7.1/4 {AI05-0297-1} {AI12-0071-1} For every static discrete subtype S for which there exists at least one value belonging to S that satisfies the predicates of S, the following attributes are defined: 7.2/4 S'First_Valid {AI05-0297-1} {AI12-0071-1} S'First_Valid denotes the smallest value that belongs to S and satisfies the predicates of S. The value of this attribute is of the type of S. 7.3/4 S'Last_Valid {AI05-0297-1} {AI12-0071-1} S'Last_Valid denotes the largest value that belongs to S and satisfies the predicates of S. The value of this attribute is of the type of S. 7.4/3 {AI05-0297-1} [First_Valid and Last_Valid attribute_references are always static expressions. Any explicit predicate of S can only have been specified by a Static_Predicate aspect.] 7.c/3 Proof: An attribute_reference is static if the prefix is a static subtype (see 4.9), (true by definition) and any arguments are static (there are none). Similarly, a dynamic predicate always makes a subtype nonstatic. QED. 7.d/3 Reason: We require there to be at least one value so that these are always values of the subtype. (This sidesteps the question of what to return for a subtype with no values.) 7.e/3 Discussion: These attributes are intended primarily for use in the case where the Static_Predicate aspect of S has been specified; First and Last are equivalent if these are allowed and there is no predicate. Implementation Advice 8 For the evaluation of a call on S'Pos for an enumeration subtype, if the value of the operand does not correspond to the internal code for any enumeration literal of its type [(perhaps due to an uninitialized variable)], then the implementation should raise Program_Error. This is particularly important for enumeration types with noncontiguous internal codes specified by an enumeration_representation_clause. 8.a.1/2 Implementation Advice: Program_Error should be raised for the evaluation of S'Pos for an enumeration type, if the value of the operand does not correspond to the internal code for any enumeration literal of the type. 8.a Reason: We say Program_Error here, rather than Constraint_Error, because the main reason for such values is uninitialized variables, and the normal way to indicate such a use (if detected) is to raise Program_Error. (Other reasons would involve the misuse of low-level features such as Unchecked_Conversion.) NOTES 9 36 Indexing and loop iteration use values of discrete types. 10/3 37 {AI05-0299-1} The predefined operations of a discrete type include the assignment operation, qualification, the membership tests, and the relational operators; for a boolean type they include the short-circuit control forms and the logical operators; for an integer type they include type conversion to and from other numeric types, as well as the binary and unary adding operators - and +, the multiplying operators, the unary operator abs, and the exponentiation operator. The assignment operation is described in 5.2. The other predefined operations are described in Clause 4. 11 38 As for all types, objects of a discrete type have Size and Address attributes (see 13.3). 12 39 For a subtype of a discrete type, the result delivered by the attribute Val might not belong to the subtype; similarly, the actual parameter of the attribute Pos need not belong to the subtype. The following relations are satisfied (in the absence of an exception) by these attributes: 13 S'Val(S'Pos(X)) = X S'Pos(S'Val(N)) = N Examples 14 Examples of attributes of discrete subtypes: 15 -- For the types and subtypes declared in subclause 3.5.1 the following hold: 16 -- Color'First = White, Color'Last = Black -- Rainbow'First = Red, Rainbow'Last = Blue 17 -- Color'Succ(Blue) = Rainbow'Succ(Blue) = Brown -- Color'Pos(Blue) = Rainbow'Pos(Blue) = 4 -- Color'Val(0) = Rainbow'Val(0) = White Extensions to Ada 83 17.a The attributes S'Succ, S'Pred, S'Width, S'Image, and S'Value have been generalized to apply to real types as well (see 3.5, " Scalar Types"). Extensions to Ada 2005 17.b/3 {AI05-0297-1} The attributes S'First_Valid and S'Last_Valid are new. Wording Changes from Ada 2012 17.c/4 {AI12-0071-1} Corrigendum: Updated wording of the attributes S'First_Valid and S'Last_Valid to use the new term "satisfies the predicates" (see 3.2.4). 3.5.6 Real Types 1 Real types provide approximations to the real numbers, with relative bounds on errors for floating point types, and with absolute bounds for fixed point types. Syntax 2 real_type_definition ::= floating_point_definition | fixed_point_definition Static Semantics 3 A type defined by a real_type_definition is implicitly derived from root_real, an anonymous predefined (specific) real type. [Hence, all real types, whether floating point or fixed point, are in the derivation class rooted at root_real.] 3.a Ramification: It is not specified whether the derivation from root_real is direct or indirect, not that it really matters. All we want is for all real types to be descendants of root_real. 3.a.1/1 {8652/0099} {AI95-00152-01} Note that this derivation does not imply any inheritance of subprograms. Subprograms are inherited only for types derived by a derived_type_definition (see 3.4), or a private_extension_declaration (see 7.3, 7.3.1, and 12.5.1). 4 [ Real literals are all of the type universal_real, the universal type (see 3.4.1) for the class rooted at root_real, allowing their use with the operations of any real type. Certain multiplying operators have a result type of universal_fixed (see 4.5.5), the universal type for the class of fixed point types, allowing the result of the multiplication or division to be used where any specific fixed point type is expected.] Dynamic Semantics 5 The elaboration of a real_type_definition consists of the elaboration of the floating_point_definition or the fixed_point_definition. Implementation Requirements 6 An implementation shall perform the run-time evaluation of a use of a predefined operator of root_real with an accuracy at least as great as that of any floating point type definable by a floating_point_definition. 6.a Ramification: Static calculations using the operators of root_real are exact, as for all static calculations. See 4.9. 6.b Implementation Note: The Digits attribute of the type used to represent root_real at run time is at least as great as that of any other floating point type defined by a floating_point_definition, and its safe range includes that of any such floating point type with the same Digits attribute. On some machines, there might be real types with less accuracy but a wider range, and hence run-time calculations with root_real might not be able to accommodate all values that can be represented at run time in such floating point or fixed point types. Implementation Permissions 7/2 {AI95-00114-01} [For the execution of a predefined operation of a real type, the implementation need not raise Constraint_Error if the result is outside the base range of the type, so long as the correct result is produced, or the Machine_Overflows attribute of the type is False (see G.2).] 8 An implementation may provide nonstandard real types, descendants of root_real that are declared outside of the specification of package Standard, which need not have all the standard characteristics of a type defined by a real_type_definition. For example, a nonstandard real type might have an asymmetric or unsigned base range, or its predefined operations might wrap around or "saturate" rather than overflow (modular or saturating arithmetic), or it might not conform to the accuracy model (see G.2). Any type descended from a nonstandard real type is also nonstandard. An implementation may place arbitrary restrictions on the use of such types; it is implementation defined whether operators that are predefined for "any real type" are defined for a particular nonstandard real type. [In any case, such types are not permitted as explicit_generic_actual_parameters for formal scalar types - see 12.5.2.] 8.a Implementation defined: Any nonstandard real types and the operators defined for them. NOTES 9 40 As stated, real literals are of the anonymous predefined real type universal_real. Other real types have no literals. However, the overload resolution rules (see 8.6) allow expressions of the type universal_real whenever a real type is expected. Wording Changes from Ada 83 9.a The syntax rule for real_type_definition is modified to use the new syntactic categories floating_point_definition and fixed_point_definition, instead of floating_point_constraint and fixed_point_constraint, because the semantics of a type definition are significantly different than the semantics of a constraint. 9.b All discussion of model numbers, safe ranges, and machine numbers is moved to 3.5.7, 3.5.8, and G.2. Values of a fixed point type are now described as being multiples of the small of the fixed point type, and we have no need for model numbers, safe ranges, etc. for fixed point types. 3.5.7 Floating Point Types 1 For floating point types, the error bound is specified as a relative precision by giving the required minimum number of significant decimal digits. Syntax 2 floating_point_definition ::= digits static_expression [real_range_specification] 3 real_range_specification ::= range static_simple_expression .. static_simple_expression Name Resolution Rules 4 The requested decimal precision, which is the minimum number of significant decimal digits required for the floating point type, is specified by the value of the expression given after the reserved word digits. This expression is expected to be of any integer type. 5 Each simple_expression of a real_range_specification is expected to be of any real type[; the types need not be the same]. Legality Rules 6 The requested decimal precision shall be specified by a static expression whose value is positive and no greater than System.Max_Base_Digits. Each simple_expression of a real_range_specification shall also be static. If the real_range_specification is omitted, the requested decimal precision shall be no greater than System.Max_Digits. 6.a Reason: We have added Max_Base_Digits to package System. It corresponds to the requested decimal precision of root_real. System.Max_Digits corresponds to the maximum value for Digits that may be specified in the absence of a real_range_specification, for upward compatibility. These might not be the same if root_real has a base range that does not include ± 10.0**(4*Max_Base_Digits). 7 A floating_point_definition is illegal if the implementation does not support a floating point type that satisfies the requested decimal precision and range. 7.a Implementation defined: What combinations of requested decimal precision and range are supported for floating point types. Static Semantics 8 The set of values for a floating point type is the (infinite) set of rational numbers. The machine numbers of a floating point type are the values of the type that can be represented exactly in every unconstrained variable of the type. The base range (see 3.5) of a floating point type is symmetric around zero, except that it can include some extra negative values in some implementations. 8.a Implementation Note: For example, if a 2's complement representation is used for the mantissa rather than a sign-mantissa or 1's complement representation, then there is usually one extra negative machine number. 8.b To be honest: If the Signed_Zeros attribute is True, then minus zero could in a sense be considered a value of the type. However, for most purposes, minus zero behaves the same as plus zero. 9 The base decimal precision of a floating point type is the number of decimal digits of precision representable in objects of the type. The safe range of a floating point type is that part of its base range for which the accuracy corresponding to the base decimal precision is preserved by all predefined operations. 9.a Implementation Note: In most cases, the safe range and base range are the same. However, for some hardware, values near the boundaries of the base range might result in excessive inaccuracies or spurious overflows when used with certain predefined operations. For such hardware, the safe range would omit such values. 10 A floating_point_definition defines a floating point type whose base decimal precision is no less than the requested decimal precision. If a real_range_specification is given, the safe range of the floating point type (and hence, also its base range) includes at least the values of the simple expressions given in the real_range_specification. If a real_range_specification is not given, the safe (and base) range of the type includes at least the values of the range -10.0**(4*D) .. +10.0**(4*D) where D is the requested decimal precision. [The safe range might include other values as well. The attributes Safe_First and Safe_Last give the actual bounds of the safe range.] 11 A floating_point_definition also defines a first subtype of the type. If a real_range_specification is given, then the subtype is constrained to a range whose bounds are given by a conversion of the values of the simple_expressions of the real_range_specification to the type being defined. Otherwise, the subtype is unconstrained. 11.a.1/1 To be honest: The conversion mentioned above is not an implicit subtype conversion (which is something that happens at overload resolution, see 4.6), although it happens implicitly. Therefore, the freezing rules are not invoked on the type (which is important so that representation items can be given for the type). 12 There is a predefined, unconstrained, floating point subtype named Float[, declared in the visible part of package Standard]. Dynamic Semantics 13 [The elaboration of a floating_point_definition creates the floating point type and its first subtype.] Implementation Requirements 14 In an implementation that supports floating point types with 6 or more digits of precision, the requested decimal precision for Float shall be at least 6. 15 If Long_Float is predefined for an implementation, then its requested decimal precision shall be at least 11. Implementation Permissions 16 An implementation is allowed to provide additional predefined floating point types[, declared in the visible part of Standard], whose (unconstrained) first subtypes have names of the form Short_Float, Long_Float, Short_Short_Float, Long_Long_Float, etc. Different predefined floating point types are allowed to have the same base decimal precision. However, the precision of Float should be no greater than that of Long_Float. Similarly, the precision of Short_Float (if provided) should be no greater than Float. Corresponding recommendations apply to any other predefined floating point types. There need not be a named floating point type corresponding to each distinct base decimal precision supported by an implementation. 16.a Implementation defined: The predefined floating point types declared in Standard. Implementation Advice 17 An implementation should support Long_Float in addition to Float if the target machine supports 11 or more digits of precision. No other named floating point subtypes are recommended for package Standard. Instead, appropriate named floating point subtypes should be provided in the library package Interfaces (see B.2). 17.a.1/2 Implementation Advice: Long_Float should be declared in Standard if the target supports 11 or more digits of precision. No other named float subtypes should be declared in Standard. 17.a Implementation Note: To promote portability, implementations should explicitly declare the floating point (sub)types Float and Long_Float in Standard, and leave other predefined float types anonymous. For implementations that already support Short_Float, etc., upward compatibility argues for keeping such declarations in Standard during the transition period, but perhaps generating a warning on use. A separate package Interfaces in the predefined environment is available for pre-declaring types such as Float_32, IEEE_Float_64, etc. See B.2. NOTES 18 41 If a floating point subtype is unconstrained, then assignments to variables of the subtype involve only Overflow_Checks, never Range_Checks. Examples 19 Examples of floating point types and subtypes: 20 type Coefficient is digits 10 range -1.0 .. 1.0; 21 type Real is digits 8; type Mass is digits 7 range 0.0 .. 1.0E35; 22 subtype Probability is Real range 0.0 .. 1.0; -- a subtype with a smaller range Inconsistencies With Ada 83 22.a No Range_Checks, only Overflow_Checks, are performed on variables (or parameters) of an unconstrained floating point subtype. This is upward compatible for programs that do not raise Constraint_Error. For those that do raise Constraint_Error, it is possible that the exception will be raised at a later point, or not at all, if extended range floating point registers are used to hold the value of the variable (or parameter). 22.b Reason: This change was felt to be justified by the possibility of improved performance on machines with extended-range floating point registers. An implementation need not take advantage of this relaxation in the range checking; it can hide completely the use of extended range registers if desired, presumably at some run-time expense. Wording Changes from Ada 83 22.c The syntax rules for floating_point_constraint and floating_accuracy_definition are removed. The syntax rules for floating_point_definition and real_range_specification are new. 22.d A syntax rule for digits_constraint is given in 3.5.9, " Fixed Point Types". In J.3 we indicate that a digits_constraint may be applied to a floating point subtype_mark as well (to be compatible with Ada 83's floating_point_constraint). 22.e Discussion of model numbers is postponed to 3.5.8 and G.2. The concept of safe numbers has been replaced by the concept of the safe range of values. The bounds of the safe range are given by T'Safe_First .. T'Safe_Last, rather than -T'Safe_Large .. T'Safe_Large, since on some machines the safe range is not perfectly symmetric. The concept of machine numbers is new, and is relevant to the definition of Succ and Pred for floating point numbers. 3.5.8 Operations of Floating Point Types Static Semantics 1 The following attribute is defined for every floating point subtype S: 2/1 S'Digits {8652/0004} {AI95-00203-01} S'Digits denotes the requested decimal precision for the subtype S. The value of this attribute is of the type universal_integer. The requested decimal precision of the base subtype of a floating point type T is defined to be the largest value of d for which ceiling(d * log(10) / log(T'Machine_Radix)) + g <= T'Model_Mantissa where g is 0 if Machine_Radix is a positive power of 10 and 1 otherwise. NOTES 3 42 The predefined operations of a floating point type include the assignment operation, qualification, the membership tests, and explicit conversion to and from other numeric types. They also include the relational operators and the following predefined arithmetic operators: the binary and unary adding operators - and +, certain multiplying operators, the unary operator abs, and the exponentiation operator. 4 43 As for all types, objects of a floating point type have Size and Address attributes (see 13.3). Other attributes of floating point types are defined in A.5.3. Wording Changes from Ada 95 4.a/2 {8652/0004} {AI95-00203-01} Corrigendum: Corrected the formula for Digits when the Machine_Radix is 10. 3.5.9 Fixed Point Types 1 A fixed point type is either an ordinary fixed point type, or a decimal fixed point type. The error bound of a fixed point type is specified as an absolute value, called the delta of the fixed point type. Syntax 2 fixed_point_definition ::= ordinary_fixed_point_definition | decimal_fixed_point_definition 3 ordinary_fixed_point_definition ::= delta static_expression real_range_specification 4 decimal_fixed_point_definition ::= delta static_expression digits static_expression [real_range_specification] 5/4 {AI12-0152-1} digits_constraint ::= digits static_simple_expression [range_constraint] Name Resolution Rules 6 For a type defined by a fixed_point_definition, the delta of the type is specified by the value of the expression given after the reserved word delta; this expression is expected to be of any real type. For a type defined by a decimal_fixed_point_definition (a decimal fixed point type), the number of significant decimal digits for its first subtype (the digits of the first subtype) is specified by the expression given after the reserved word digits; this expression is expected to be of any integer type. 6.1/4 {AI12-0159-1} The simple_expression of a digits_constraint is expected to be of any integer type. Legality Rules 7 In a fixed_point_definition or digits_constraint, the expressions given after the reserved words delta and digits shall be static; their values shall be positive. 8/2 {AI95-00100-01} The set of values of a fixed point type comprise the integral multiples of a number called the small of the type. The machine numbers of a fixed point type are the values of the type that can be represented exactly in every unconstrained variable of the type. For a type defined by an ordinary_fixed_point_definition (an ordinary fixed point type), the small may be specified by an attribute_definition_clause (see 13.3); if so specified, it shall be no greater than the delta of the type. If not specified, the small of an ordinary fixed point type is an implementation-defined power of two less than or equal to the delta. 8.a Implementation defined: The small of an ordinary fixed point type. 9 For a decimal fixed point type, the small equals the delta; the delta shall be a power of 10. If a real_range_specification is given, both bounds of the range shall be in the range -(10**digits-1)*delta .. +(10**digits-1)*delta. 10 A fixed_point_definition is illegal if the implementation does not support a fixed point type with the given small and specified range or digits. 10.a Implementation defined: What combinations of small, range, and digits are supported for fixed point types. 11 For a subtype_indication with a digits_constraint, the subtype_mark shall denote a decimal fixed point subtype. 11.a To be honest: Or, as an obsolescent feature, a floating point subtype is permitted - see J.3. Static Semantics 12 The base range (see 3.5) of a fixed point type is symmetric around zero, except possibly for an extra negative value in some implementations. 13 An ordinary_fixed_point_definition defines an ordinary fixed point type whose base range includes at least all multiples of small that are between the bounds specified in the real_range_specification. The base range of the type does not necessarily include the specified bounds themselves. An ordinary_- fixed_point_definition also defines a constrained first subtype of the type, with each bound of its range given by the closer to zero of: 14 * the value of the conversion to the fixed point type of the corresponding expression of the real_range_specification; 14.a.1/1 To be honest: The conversion mentioned above is not an implicit subtype conversion (which is something that happens at overload resolution, see 4.6), although it happens implicitly. Therefore, the freezing rules are not invoked on the type (which is important so that representation items can be given for the type). 15 * the corresponding bound of the base range. 16 A decimal_fixed_point_definition defines a decimal fixed point type whose base range includes at least the range -(10**digits-1)*delta .. +(10**digits-1)*delta. A decimal_fixed_point_definition also defines a constrained first subtype of the type. If a real_range_specification is given, the bounds of the first subtype are given by a conversion of the values of the expressions of the real_range_specification. Otherwise, the range of the first subtype is -(10**digits-1)*delta .. +(10**digits-1)*delta. 16.a.1/1 To be honest: The conversion mentioned above is not an implicit subtype conversion (which is something that happens at overload resolution, see 4.6), although it happens implicitly. Therefore, the freezing rules are not invoked on the type (which is important so that representation items can be given for the type). Dynamic Semantics 17 The elaboration of a fixed_point_definition creates the fixed point type and its first subtype. 18/4 {AI12-0152-1} For a digits_constraint on a decimal fixed point subtype with a given delta, if it does not have a range_constraint, then it specifies an implicit range -(10**D-1)*delta .. +(10**D-1)*delta, where D is the value of the simple_expression. A digits_constraint is compatible with a decimal fixed point subtype if the value of the simple_expression is no greater than the digits of the subtype, and if it specifies (explicitly or implicitly) a range that is compatible with the subtype. 18.a Discussion: Except for the requirement that the digits specified be no greater than the digits of the subtype being constrained, a digits_constraint is essentially equivalent to a range_constraint. 18.b Consider the following example: 18.c type D is delta 0.01 digits 7 range -0.00 .. 9999.99; 18.d/1 The compatibility rule implies that the digits_constraint "digits 6" specifies an implicit range of "-9999.99 .. 9999.99". Thus, "digits 6" is not compatible with the constraint of D, but "digits 6 range 0.00 .. 9999.99" is compatible. 18.e/2 {AI95-00114-01} A value of a scalar type belongs to a constrained subtype of the type if it belongs to the range of the subtype. Attributes like Digits and Delta have no effect on this fundamental rule. So the obsolescent forms of digits_constraints and delta_constraints that are called "accuracy constraints" in RM83 don't really represent constraints on the values of the subtype, but rather primarily affect compatibility of the " constraint" with the subtype being "constrained." In this sense, they might better be called "subtype assertions" rather than " constraints." 18.f Note that the digits_constraint on a decimal fixed point subtype is a combination of an assertion about the digits of the subtype being further constrained, and a constraint on the range of the subtype being defined, either explicit or implicit. 19/4 {AI12-0152-1} The elaboration of a digits_constraint consists of the elaboration of the range_constraint, if any. If a range_constraint is given, a check is made that the bounds of the range are both in the range -(10**D-1)*delta .. +(10**D-1)*delta, where D is the value of the (static) simple_expression given after the reserved word digits. If this check fails, Constraint_Error is raised. Implementation Requirements 20 The implementation shall support at least 24 bits of precision (including the sign bit) for fixed point types. 20.a Reason: This is sufficient to represent Standard.Duration with a small no more than 50 milliseconds. Implementation Permissions 21 Implementations are permitted to support only smalls that are a power of two. In particular, all decimal fixed point type declarations can be disallowed. Note however that conformance with the Information Systems Annex requires support for decimal smalls, and decimal fixed point type declarations with digits up to at least 18. 21.a Implementation Note: The accuracy requirements for multiplication, division, and conversion (see G.2.1, " Model of Floating Point Arithmetic") are such that support for arbitrary smalls should be practical without undue implementation effort. Therefore, implementations should support fixed point types with arbitrary values for small (within reason). One reasonable limitation would be to limit support to fixed point types that can be converted to the most precise floating point type without loss of precision (so that Fixed_IO is implementable in terms of Float_IO). NOTES 22 44 The base range of an ordinary fixed point type need not include the specified bounds themselves so that the range specification can be given in a natural way, such as: 23 type Fraction is delta 2.0**(-15) range -1.0 .. 1.0; 24 With 2's complement hardware, such a type could have a signed 16-bit representation, using 1 bit for the sign and 15 bits for fraction, resulting in a base range of -1.0 .. 1.0-2.0**(-15). Examples 25 Examples of fixed point types and subtypes: 26 type Volt is delta 0.125 range 0.0 .. 255.0; 27 -- A pure fraction which requires all the available -- space in a word can be declared as the type Fraction: type Fraction is delta System.Fine_Delta range -1.0 .. 1.0; -- Fraction'Last = 1.0 - System.Fine_Delta 28 type Money is delta 0.01 digits 15; -- decimal fixed point subtype Salary is Money digits 10; -- Money'Last = 10.0**13 - 0.01, Salary'Last = 10.0**8 - 0.01 Inconsistencies With Ada 83 28.a In Ada 95, S'Small always equals S'Base'Small, so if an implementation chooses a small for a fixed point type smaller than required by the delta, the value of S'Small in Ada 95 might not be the same as it was in Ada 83. Extensions to Ada 83 28.b/3 {AI05-0005-1} Decimal fixed point types are new, though their capabilities are essentially similar to that available in Ada 83 with a fixed point type whose small equals its delta and both are a power of 10. However, in the Information Systems Annex, additional requirements are placed on the support of decimal fixed point types (e.g. a minimum of 18 digits of precision). Wording Changes from Ada 83 28.c The syntax rules for fixed_point_constraint and fixed_accuracy_definition are removed. The syntax rule for fixed_point_definition is new. A syntax rule for delta_constraint is included in the Obsolescent features (to be compatible with Ada 83's fixed_point_constraint). Wording Changes from Ada 95 28.d/2 {AI95-00100-01} Added wording to define the machine numbers of fixed point types; this is needed by the static evaluation rules. Incompatibilities With Ada 2012 28.e/4 {AI12-0152-1} Corrigendum: Changed the syntax so that the value following digits in a digits_constraint is a simple_expression. This is compatible with one very unlikely exception: if the digits expression is a static expression of a modular type using an unparenthesized logical operator (like and or or). Parenthesizing the expression will make it legal in that case. The change is necessary to eliminate syntax ambguities in derived_type_definitions. Wording Changes from Ada 2012 28.f/4 {AI12-0159-1} Corrigendum:Added wording to define the expected type for a digits_constraint. This was missing since Ada 95, but as it is obvious and unchanged from Ada 83, we don't consider it an incompatibility. 3.5.10 Operations of Fixed Point Types Static Semantics 1 The following attributes are defined for every fixed point subtype S: 2/1 S'Small {8652/0005} {AI95-00054-01} S'Small denotes the small of the type of S. The value of this attribute is of the type universal_real. Small may be specified for nonderived ordinary fixed point types via an attribute_definition_clause (see 13.3); the expression of such a clause shall be static. 2.a/3 Aspect Description for Small: Scale factor for a fixed point type. 3 S'Delta S'Delta denotes the delta of the fixed point subtype S. The value of this attribute is of the type universal_real. 3.a Reason: The delta is associated with the subtype as opposed to the type, because of the possibility of an (obsolescent) delta_constraint. 4 S'Fore S'Fore yields the minimum number of characters needed before the decimal point for the decimal representation of any value of the subtype S, assuming that the representation does not include an exponent, but includes a one-character prefix that is either a minus sign or a space. (This minimum number does not include superfluous zeros or underlines, and is at least 2.) The value of this attribute is of the type universal_integer. 5 S'Aft S'Aft yields the number of decimal digits needed after the decimal point to accommodate the delta of the subtype S, unless the delta of the subtype S is greater than 0.1, in which case the attribute yields the value one. [(S'Aft is the smallest positive integer N for which (10**N)*S'Delta is greater than or equal to one.)] The value of this attribute is of the type universal_integer. 6 The following additional attributes are defined for every decimal fixed point subtype S: 7 S'Digits S'Digits denotes the digits of the decimal fixed point subtype S, which corresponds to the number of decimal digits that are representable in objects of the subtype. The value of this attribute is of the type universal_integer. Its value is determined as follows: 8 * For a first subtype or a subtype defined by a subtype_indication with a digits_constraint, the digits is the value of the expression given after the reserved word digits; 9 * For a subtype defined by a subtype_indication without a digits_constraint, the digits of the subtype is the same as that of the subtype denoted by the subtype_mark in the subtype_indication. 9.a Implementation Note: Although a decimal subtype can be both range-constrained and digits-constrained, the digits constraint is intended to control the Size attribute of the subtype. For decimal types, Size can be important because input/output of decimal types is so common. 10 * The digits of a base subtype is the largest integer D such that the range -(10**D-1)*delta .. +(10**D-1)*delta is included in the base range of the type. 11 S'Scale S'Scale denotes the scale of the subtype S, defined as the value N such that S'Delta = 10.0**(-N). [The scale indicates the position of the point relative to the rightmost significant digits of values of subtype S.] The value of this attribute is of the type universal_integer. 11.a Ramification: S'Scale is negative if S'Delta is greater than one. By contrast, S'Aft is always positive. 12 S'Round S'Round denotes a function with the following specification: 13 function S'Round(X : universal_real) return S'Base 14 The function returns the value obtained by rounding X (away from 0, if X is midway between two values of the type of S). NOTES 15 45 All subtypes of a fixed point type will have the same value for the Delta attribute, in the absence of delta_constraints (see J.3). 16 46 S'Scale is not always the same as S'Aft for a decimal subtype; for example, if S'Delta = 1.0 then S'Aft is 1 while S'Scale is 0. 17 47 The predefined operations of a fixed point type include the assignment operation, qualification, the membership tests, and explicit conversion to and from other numeric types. They also include the relational operators and the following predefined arithmetic operators: the binary and unary adding operators - and +, multiplying operators, and the unary operator abs. 18 48 As for all types, objects of a fixed point type have Size and Address attributes (see 13.3). Other attributes of fixed point types are defined in A.5.4. Wording Changes from Ada 95 18.a/2 {8652/0005} {AI95-00054-01} Corrigendum: Clarified that small may be specified only for ordinary fixed point types. 3.6 Array Types 1 An array object is a composite object consisting of components which all have the same subtype. The name for a component of an array uses one or more index values belonging to specified discrete types. The value of an array object is a composite value consisting of the values of the components. Syntax 2 array_type_definition ::= unconstrained_array_definition | constrained_array_definition 3 unconstrained_array_definition ::= array(index_subtype_definition {, index_subtype_definition }) of component_definition 4 index_subtype_definition ::= subtype_mark range <> 5 constrained_array_definition ::= array (discrete_subtype_definition {, discrete_subtype_definition}) of component_definition 6 discrete_subtype_definition ::= discrete_subtype_indication | range 7/2 {AI95-00230-01} {AI95-00406-01} component_definition ::= [aliased] subtype_indication | [aliased] access_definition Name Resolution Rules 8 For a discrete_subtype_definition that is a range, the range shall resolve to be of some specific discrete type[; which discrete type shall be determined without using any context other than the bounds of the range itself (plus the preference for root_integer - see 8.6).] Legality Rules 9 Each index_subtype_definition or discrete_subtype_definition in an array_type_definition defines an index subtype; its type (the index type) shall be discrete. 9.a Discussion: An index is a discrete quantity used to select along a given dimension of an array. A component is selected by specifying corresponding values for each of the indices. 10 The subtype defined by the subtype_indication of a component_definition (the component subtype) shall be a definite subtype. 10.a Ramification: This applies to all uses of component_definition, including in record_type_definitions and protected_definitions. 11/2 This paragraph was deleted.{AI95-00363-01} Static Semantics 12 An array is characterized by the number of indices (the dimensionality of the array), the type and position of each index, the lower and upper bounds for each index, and the subtype of the components. The order of the indices is significant. 13 A one-dimensional array has a distinct component for each possible index value. A multidimensional array has a distinct component for each possible sequence of index values that can be formed by selecting one value for each index position (in the given order). The possible values for a given index are all the values between the lower and upper bounds, inclusive; this range of values is called the index range. The bounds of an array are the bounds of its index ranges. The length of a dimension of an array is the number of values of the index range of the dimension (zero for a null range). The length of a one-dimensional array is the length of its only dimension. 14 An array_type_definition defines an array type and its first subtype. For each object of this array type, the number of indices, the type and position of each index, and the subtype of the components are as in the type definition[; the values of the lower and upper bounds for each index belong to the corresponding index subtype of its type, except for null arrays (see 3.6.1)]. 15 An unconstrained_array_definition defines an array type with an unconstrained first subtype. Each index_subtype_definition defines the corresponding index subtype to be the subtype denoted by the subtype_mark. [ The compound delimiter <> (called a box) of an index_subtype_definition stands for an undefined range (different objects of the type need not have the same bounds).] 16 A constrained_array_definition defines an array type with a constrained first subtype. Each discrete_subtype_definition defines the corresponding index subtype, as well as the corresponding index range for the constrained first subtype. The constraint of the first subtype consists of the bounds of the index ranges. 16.a/3 Discussion: {AI05-0005-1} Although there is no nameable unconstrained array subtype in this case, the predefined slicing and concatenation operations can operate on and yield values that do not necessarily belong to the first array subtype. This is also true for Ada 83. 17 The discrete subtype defined by a discrete_subtype_definition is either that defined by the subtype_indication, or a subtype determined by the range as follows: 18 * If the type of the range resolves to root_integer, then the discrete_subtype_definition defines a subtype of the predefined type Integer with bounds given by a conversion to Integer of the bounds of the range; 18.a Reason: This ensures that indexing over the discrete subtype can be performed with regular Integers, rather than only universal_integers. 18.b Discussion: We considered doing this by simply creating a " preference" for Integer when resolving the range. However, this can introduce Beaujolais effects when the simple_expressions involve calls on functions visible due to use clauses. 19 * Otherwise, the discrete_subtype_definition defines a subtype of the type of the range, with the bounds given by the range. 20 The component_definition of an array_type_definition defines the nominal subtype of the components. If the reserved word aliased appears in the component_definition, then each component of the array is aliased (see 3.10). Dynamic Semantics 21 The elaboration of an array_type_definition creates the array type and its first subtype, and consists of the elaboration of any discrete_subtype_- definitions and the component_definition. 22/2 {8652/0002} {AI95-00171-01} {AI95-00230-01} The elaboration of a discrete_subtype_definition that does not contain any per-object expressions creates the discrete subtype, and consists of the elaboration of the subtype_- indication or the evaluation of the range. The elaboration of a discrete_subtype_definition that contains one or more per-object expressions is defined in 3.8. The elaboration of a component_definition in an array_- type_definition consists of the elaboration of the subtype_indication or access_definition. The elaboration of any discrete_subtype_definitions and the elaboration of the component_definition are performed in an arbitrary order. Static Semantics 22.1/3 {AI05-0228-1} For an array type with a scalar component type, the following language-defined representation aspect may be specified with an aspect_specification (see 13.1.1): 22.2/3 Default_Component_Value This aspect shall be specified by a static expression, and that expression shall be explicit, even if the aspect has a boolean type. Default_Component_Value shall be specified only on a full_type_declaration. 22.a/3 Reason: The part about requiring an explicit expression is to disallow omitting the value for this aspect, which would otherwise be allowed by the rules of 13.1.1. 22.b/3 This is a representation attribute in order to disallow specifying it on a derived type that has inherited primitive subprograms; that is necessary as the sizes of out parameters could be different whether or not a Default_Value is specified (see 6.4.1 ). 22.c/3 Aspect Description for Default_Component_Value: Default value for the components of an array-of-scalar subtype. 22.3/3 {AI05-0228-1} If a derived type with no primitive subprograms inherits a boolean Default_Component_Value aspect, the aspect may be specified to have any value for the derived type. 22.d/3 Reason: This overrides the 13.1.1 rule that says that a boolean aspect with a value True cannot be changed. Name Resolution Rules 22.4/3 {AI05-0228-1} The expected type for the expression specified for the Default_Component_Value aspect is the component type of the array type defined by the full_type_declaration on which it appears. NOTES 23 49 All components of an array have the same subtype. In particular, for an array of components that are one-dimensional arrays, this means that all components have the same bounds and hence the same length. 24 50 Each elaboration of an array_type_definition creates a distinct array type. A consequence of this is that each object whose object_declaration contains an array_type_definition is of its own unique type. Examples 25 Examples of type declarations with unconstrained array definitions: 26 type Vector is array(Integer range <>) of Real; type Matrix is array(Integer range <>, Integer range <>) of Real; type Bit_Vector is array(Integer range <>) of Boolean; type Roman is array(Positive range <>) of Roman_Digit; -- see 3.5.2 27 Examples of type declarations with constrained array definitions: 28 type Table is array(1 .. 10) of Integer; type Schedule is array(Day) of Boolean; type Line is array(1 .. Max_Line_Size) of Character; 29 Examples of object declarations with array type definitions: 30/2 {AI95-00433-01} Grid : array(1 .. 80, 1 .. 100) of Boolean; Mix : array(Color range Red .. Green) of Boolean; Msg_Table : constant array(Error_Code) of access constant String := (Too_Big => new String'("Result too big"), Too_Small => ...); Page : array(Positive range <>) of Line := -- an array of arrays (1 | 50 => Line'(1 | Line'Last => '+', others => '-'), -- see 4.3.3 2 .. 49 => Line'(1 | Line'Last => '|', others => ' ')); -- Page is constrained by its initial value to (1..50) Extensions to Ada 83 30.a The syntax rule for component_definition is modified to allow the reserved word aliased. 30.b The syntax rules for unconstrained_array_definition and constrained_array_definition are modified to use component_definition (instead of component_subtype_indication). The effect of this change is to allow the reserved word aliased before the component subtype_indication. 30.c A range in a discrete_subtype_definition may use arbitrary universal expressions for each bound (e.g. -1 .. 3+5), rather than strictly "implicitly convertible" operands. The subtype defined will still be a subtype of Integer. Wording Changes from Ada 83 30.d We introduce a new syntactic category, discrete_subtype_definition, as distinct from discrete_range. These two constructs have the same syntax, but their semantics are quite different (one defines a subtype, with a preference for Integer subtypes, while the other just selects a subrange of an existing subtype). We use this new syntactic category in for loops and entry families. 30.e The syntax for index_constraint and discrete_range have been moved to their own subclause, since they are no longer used here. 30.f The syntax rule for component_definition (formerly component_subtype_definition) is moved here from RM83-3.7. Extensions to Ada 95 30.g/2 {AI95-00230-01} {AI95-00406-01} Array components can have an anonymous access type. 30.h/2 {AI95-00363-01} The prohibition against unconstrained discriminated aliased components has been lifted. It has been replaced by a prohibition against the actual troublemakers: general access discriminant constraints (see 3.7.1). Wording Changes from Ada 95 30.i/2 {8652/0002} {AI95-00171-01} Corrigendum: Added wording to allow the elaboration of per-object constraints for constrained arrays. Extensions to Ada 2005 30.j/3 {AI05-0228-1} The new aspect Default_Component_Value allows defining implicit initial values (see 3.3.1) for arrays of scalar types. 3.6.1 Index Constraints and Discrete Ranges 1 An index_constraint determines the range of possible values for every index of an array subtype, and thereby the corresponding array bounds. Syntax 2 index_constraint ::= (discrete_range {, discrete_range}) 3 discrete_range ::= discrete_subtype_indication | range Name Resolution Rules 4 The type of a discrete_range is the type of the subtype defined by the subtype_indication, or the type of the range. For an index_constraint, each discrete_range shall resolve to be of the type of the corresponding index. 4.a Discussion: In Ada 95, index_constraints only appear in a subtype_indication; they no longer appear in constrained_array_definitions. Legality Rules 5 An index_constraint shall appear only in a subtype_indication whose subtype_mark denotes either an unconstrained array subtype, or an unconstrained access subtype whose designated subtype is an unconstrained array subtype; in either case, the index_constraint shall provide a discrete_range for each index of the array type. Static Semantics 6 A discrete_range defines a range whose bounds are given by the range, or by the range of the subtype defined by the subtype_indication. Dynamic Semantics 7 An index_constraint is compatible with an unconstrained array subtype if and only if the index range defined by each discrete_range is compatible (see 3.5) with the corresponding index subtype. If any of the discrete_ranges defines a null range, any array thus constrained is a null array, having no components. An array value satisfies an index_constraint if at each index position the array value and the index_constraint have the same index bounds. 7.a Ramification: There is no need to define compatibility with a constrained array subtype, because one is not allowed to constrain it again. 8 The elaboration of an index_constraint consists of the evaluation of the discrete_range(s), in an arbitrary order. The evaluation of a discrete_range consists of the elaboration of the subtype_indication or the evaluation of the range. NOTES 9 51 The elaboration of a subtype_indication consisting of a subtype_mark followed by an index_constraint checks the compatibility of the index_constraint with the subtype_mark (see 3.2.2). 10 52 Even if an array value does not satisfy the index constraint of an array subtype, Constraint_Error is not raised on conversion to the array subtype, so long as the length of each dimension of the array value and the array subtype match. See 4.6. Examples 11 Examples of array declarations including an index constraint: 12 Board : Matrix(1 .. 8, 1 .. 8); -- see 3.6 Rectangle : Matrix(1 .. 20, 1 .. 30); Inverse : Matrix(1 .. N, 1 .. N); -- N need not be static 13 Filter : Bit_Vector(0 .. 31); 14 Example of array declaration with a constrained array subtype: 15 My_Schedule : Schedule; -- all arrays of type Schedule have the same bounds 16 Example of record type with a component that is an array: 17 type Var_Line(Length : Natural) is record Image : String(1 .. Length); end record; 18 Null_Line : Var_Line(0); -- Null_Line.Image is a null array Extensions to Ada 83 18.a We allow the declaration of a variable with a nominally unconstrained array subtype, so long as it has an initialization expression to determine its bounds. Wording Changes from Ada 83 18.b We have moved the syntax for index_constraint and discrete_range here since they are no longer used in constrained_array_definitions. We therefore also no longer have to describe the (special) semantics of index_constraints and discrete_ranges that appear in constrained_array_definitions. 18.c The rules given in RM83-3.6.1(5,7-10), which define the bounds of an array object, are redundant with rules given elsewhere, and so are not repeated here. RM83-3.6.1(6), which requires that the (nominal) subtype of an array variable be constrained, no longer applies, so long as the variable is explicitly initialized. 3.6.2 Operations of Array Types Legality Rules 1 [The argument N used in the attribute_designators for the N-th dimension of an array shall be a static expression of some integer type.] The value of N shall be positive (nonzero) and no greater than the dimensionality of the array. Static Semantics 2/1 {8652/0006} {AI95-00030-01} The following attributes are defined for a prefix A that is of an array type [(after any implicit dereference)], or denotes a constrained array subtype: 2.a Ramification: These attributes are not defined if A is a subtype-mark for an access-to-array subtype. They are defined (by implicit dereference) for access-to-array values. 3 A'First A'First denotes the lower bound of the first index range; its type is the corresponding index type. 4 A'First(N) A'First(N) denotes the lower bound of the N-th index range; its type is the corresponding index type. 5 A'Last A'Last denotes the upper bound of the first index range; its type is the corresponding index type. 6 A'Last(N) A'Last(N) denotes the upper bound of the N-th index range; its type is the corresponding index type. 7 A'Range A'Range is equivalent to the range A'First .. A'Last, except that the prefix A is only evaluated once. 8 A'Range(N) A'Range(N) is equivalent to the range A'First(N) .. A'Last(N), except that the prefix A is only evaluated once. 9 A'Length A'Length denotes the number of values of the first index range (zero for a null range); its type is universal_integer. 10 A'Length(N) A'Length(N) denotes the number of values of the N-th index range (zero for a null range); its type is universal_integer. Implementation Advice 11/3 {AI05-0229-1} An implementation should normally represent multidimensional arrays in row-major order, consistent with the notation used for multidimensional array aggregates (see 4.3.3). However, if convention Fortran is specified for a multidimensional array type, then column-major order should be used instead (see B.5, "Interfacing with Fortran"). 11.a/2 Implementation Advice: Multidimensional arrays should be represented in row-major order, unless the array has convention Fortran. NOTES 12 53 The attribute_references A'First and A'First(1) denote the same value. A similar relation exists for the attribute_references A'Last, A'Range, and A'Length. The following relation is satisfied (except for a null array) by the above attributes if the index type is an integer type: 13 A'Length(N) = A'Last(N) - A'First(N) + 1 14 54 An array type is limited if its component type is limited (see 7.5). 15 55 The predefined operations of an array type include the membership tests, qualification, and explicit conversion. If the array type is not limited, they also include assignment and the predefined equality operators. For a one-dimensional array type, they include the predefined concatenation operators (if nonlimited) and, if the component type is discrete, the predefined relational operators; if the component type is boolean, the predefined logical operators are also included. 16/2 56 {AI95-00287-01} A component of an array can be named with an indexed_component. A value of an array type can be specified with an array_aggregate. For a one-dimensional array type, a slice of the array can be named; also, string literals are defined if the component type is a character type. Examples 17 Examples (using arrays declared in the examples of subclause 3.6.1): 18 -- Filter'First = 0 Filter'Last = 31 Filter'Length = 32 -- Rectangle'Last(1) = 20 Rectangle'Last(2) = 30 3.6.3 String Types Static Semantics 1 A one-dimensional array type whose component type is a character type is called a string type. 2/2 {AI95-00285-01} [There are three predefined string types, String, Wide_String, and Wide_Wide_String, each indexed by values of the predefined subtype Positive; these are declared in the visible part of package Standard:] 3 [subtype Positive is Integer range 1 .. Integer'Last; 4/2 {AI95-00285-01} type String is array(Positive range <>) of Character; type Wide_String is array(Positive range <>) of Wide_Character; type Wide_Wide_String is array(Positive range <>) of Wide_Wide_Character; ] NOTES 5 57 String literals (see 2.6 and 4.2) are defined for all string types. The concatenation operator & is predefined for string types, as for all nonlimited one-dimensional array types. The ordering operators <, <=, >, and >= are predefined for string types, as for all one-dimensional discrete array types; these ordering operators correspond to lexicographic order (see 4.5.2). Examples 6 Examples of string objects: 7 Stars : String(1 .. 120) := (1 .. 120 => '*' ); Question : constant String := "How many characters?"; -- Question'First = 1, Question'Last = 20 -- Question'Length = 20 (the number of characters) 8 Ask_Twice : String := Question & Question; -- constrained to (1..40) Ninety_Six : constant Roman := "XCVI"; -- see 3.5.2 and 3.6 Inconsistencies With Ada 83 8.a The declaration of Wide_String in Standard hides a use-visible declaration with the same defining_identifier. In rare cases, this might result in an inconsistency between Ada 83 and Ada 95. Incompatibilities With Ada 83 8.b Because both String and Wide_String are always directly visible, an expression like 8.c "a" < "bc" 8.d is now ambiguous, whereas in Ada 83 both string literals could be resolved to type String. Extensions to Ada 83 8.e The type Wide_String is new (though it was approved by ARG for Ada 83 compilers as well). Wording Changes from Ada 83 8.f We define the term string type as a natural analogy to the term character type. Inconsistencies With Ada 95 8.g/2 {AI95-00285-01} The declaration of Wide_Wide_String in Standard hides a use-visible declaration with the same defining_identifier. In the (very) unlikely event that an Ada 95 program had depended on such a use-visible declaration, and the program remains legal after the substitution of Standard.Wide_Wide_String, the meaning of the program will be different. Extensions to Ada 95 8.h/2 {AI95-00285-01} The type Wide_Wide_String is new. 3.7 Discriminants 1/2 {AI95-00251-01} {AI95-00326-01} [ A composite type (other than an array or interface type) can have discriminants, which parameterize the type. A known_discriminant_part specifies the discriminants of a composite type. A discriminant of an object is a component of the object, and is either of a discrete type or an access type. An unknown_discriminant_part in the declaration of a view of a type specifies that the discriminants of the type are unknown for the given view; all subtypes of such a view are indefinite subtypes.] 1.a/2 Glossary entry: A discriminant is a parameter for a composite type. It can control, for example, the bounds of a component of the type if the component is an array. A discriminant for a task type can be used to pass data to a task of the type upon creation. 1.b/2 Discussion: {AI95-00114-01} A view of a type, and all subtypes of the view, have unknown discriminants when the number or names of the discriminants, if any, are unknown at the point of the type declaration for the view. A discriminant_part of (<>) is used to indicate unknown discriminants. Language Design Principles 1.c/2 {AI95-00402-01} When an access discriminant is initialized at the time of object creation with an allocator of an anonymous type, the allocated object and the object with the discriminant are tied together for their lifetime. They should be allocated out of the same storage pool, and then at the end of the lifetime of the enclosing object, finalized and reclaimed together. In this case, the allocated object is called a coextension (see 3.10.2). 1.d/2 Discussion: The above principle when applied to a nonlimited type implies that such an object may be copied only to a shorter-lived object, because attempting to assign it to a longer-lived object would fail because the access discriminants would not match. In a copy, the lifetime connection between the enclosing object and the allocated object does not exist. The allocated object is tied in the above sense only to the original object. Other copies have only secondary references to it. 1.e/2 Note that when an allocator appears as a constraint on an access discriminant in a subtype_indication that is elaborated independently from object creation, no such connection exists. For example, if a named constrained subtype is declared via "subtype Constr is Rec(Acc_Discrim => new T);" or if such an allocator appears in the subtype_indication for a component, the allocator is evaluated when the subtype_indication is elaborated, and hence its lifetime is typically longer than the objects or components that will later be subject to the constraint. In these cases, the allocated object should not be reclaimed until the subtype_indication goes out of scope. Syntax 2 discriminant_part ::= unknown_discriminant_part | known_discriminant_part 3 unknown_discriminant_part ::= (<>) 4 known_discriminant_part ::= (discriminant_specification {; discriminant_specification}) 5/2 {AI95-00231-01} discriminant_specification ::= defining_identifier_list : [null_exclusion] subtype_mark [:= default_expression] | defining_identifier_list : access_definition [:= default_expression] 6 default_expression ::= expression Name Resolution Rules 7 The expected type for the default_expression of a discriminant_specification is that of the corresponding discriminant. Legality Rules 8/2 {8652/0007} {AI95-00098-01} {AI95-00251-01} A discriminant_part is only permitted in a declaration for a composite type that is not an array or interface type [(this includes generic formal types)]. A type declared with a known_discriminant_part is called a discriminated type, as is a type that inherits (known) discriminants. 8.a Implementation Note: Discriminants on array types were considered, but were omitted to ease (existing) implementations. 8.b Discussion: Note that the above definition for "discriminated type" does not include types declared with an unknown_discriminant_part. This seems consistent with Ada 83, where such types (in a generic formal part) would not be considered discriminated types. Furthermore, the full type for a type with unknown discriminants need not even be composite, much less have any discriminants. 8.b.1/1 {8652/0007} {AI95-00098-01} On the other hand, unknown_discriminant_parts cannot be applied to type declarations that cannot have a known_discriminant_part. There is no point in having unknown discriminants on a type that can never have discriminants (for instance, a formal modular type), even when these are allowed syntactically. 9/2 {AI95-00231-01} {AI95-00254-01} The subtype of a discriminant may be defined by an optional null_exclusion and a subtype_mark, in which case the subtype_mark shall denote a discrete or access subtype, or it may be defined by an access_definition. A discriminant that is defined by an access_definition is called an access discriminant and is of an anonymous access type. 9.a/2 This paragraph was deleted.{AI95-00230-01} 9.b Reason: Note that discriminants of a named access type are not considered "access discriminants." Similarly, "access parameter" only refers to a formal parameter defined by an access_definition. 9.1/3 {AI95-00402-01} {AI05-0214-1} Default_expressions shall be provided either for all or for none of the discriminants of a known_discriminant_- part. No default_expressions are permitted in a known_discriminant_part in a declaration of a nonlimited tagged type [or a generic formal type]. 9.c/2 Reason: The all-or-none rule is related to the rule that a discriminant constraint shall specify values for all discriminants. One could imagine a different rule that allowed a constraint to specify only some of the discriminants, with the others provided by default. Having defaults for discriminants has a special significance - it allows objects of the type to be unconstrained, with the discriminants alterable as part of assigning to the object. 9.d/3 {AI05-0214-1} Defaults for discriminants of tagged types are disallowed so that every object of a nonlimited tagged type is constrained, either by an explicit constraint, or by its initial discriminant values. This substantially simplifies the semantic rules and the implementation of inherited dispatching operations. We don't need this rule for limited tagged types, as the discriminants of such objects cannot be changed after the object is created in any case - no full-object assignment is supported, and that is required to change discriminant values. For generic formal types, the restriction simplifies the type matching rules. If one simply wants a "default" value for the discriminants, a constrained subtype can be declared for future use. 10/3 {AI95-00230-01} {AI95-00402-01} {AI95-00419-01} {AI05-0063-1} A discriminant_specification for an access discriminant may have a default_expression only in the declaration for an immutably limited type (see 7.5). In addition to the places where Legality Rules normally apply (see 12.3), this rule applies also in the private part of an instance of a generic unit. 10.a/3 Discussion: This rule implies that a type can have a default for an access discriminant if the type is limited, but not if the only reason it's limited is because of a limited component. Compare the definition of limited type and immutably limited type in 7.5. 10.b/3 Ramification: A (nonformal) limited private type can always have a default for an access discriminant, because having the default itself makes the type immutably limited. Such a private type must necessarily have a full type with the same access discriminant with a default, and thus the full type will always be immutably limited (if legal). 10.c/2 Reason: {AI95-00230-01} We considered the following rules for access discriminants: 10.d * If a type has an access discriminant, this automatically makes it limited, just like having a limited component automatically makes a type limited. This was rejected because it decreases program readability, and because it seemed error prone (two bugs in a previous version of the RM9X were attributable to this rule). 10.e/2 * A type with an access discriminant shall be limited. This is equivalent to the rule we actually chose for Ada 95, except that it allows a type to have an access discriminant if it is limited just because of a limited component. For example, any record containing a task would be allowed to have an access discriminant, whereas the actual rule requires "limited record". This rule was also rejected due to readability concerns, and because would interact badly with the rules for limited types that "become nonlimited". 10.e.1/3 * {AI05-0063-1} A type may have an access discriminant if it is an immutably limited type. This was the rule chosen for Ada 95. 10.f/2 * Any type may have an access discriminant. For nonlimited type, there is no special accessibility for access discriminants; they're the same as any other anonymous access component. For a limited type, they have the special accessibility of Ada 95. However, this doesn't work because a limited partial view can have a nonlimited full view -- giving the two views different accessibility. 10.f.1/3 * {AI05-0063-1} Any type may have an access discriminant, as above. However, special accessibility rules only apply to types that are immutably limited (task, protected, and explicitly limited records). However, this breaks privacy; worse, Legality Rules depend on the definition of accessibility. 10.f.2/3 * {AI05-0063-1} Any type may have an access discriminant, as above. Limited types have special accessibility, while nonlimited types have normal accessibility. However, a limited partial view with an access discriminant can only be completed by an immutably limited type. That prevents accessibility from changing. A runtime accessibility check is required on generic formal types with access discriminants. However, changing between limited and nonlimited types would have far-reaching consequences for access discriminants - which is uncomfortable. 10.g/2 * Any type may have an access discriminant. All types have special accessibility. This was considered early during the Ada 9X process, but was dropped for "unpleasant complexities", which unfortunately aren't recorded. It does seem that an accessibility check would be needed on assignment of such a type, to avoid copying an object with a discriminant pointing to a local object into a more global object (and thus creating a dangling pointer). 10.h/2 * Any type may have an access discriminant, but access discriminants cannot have defaults. All types have special accessibility. This gets rid of the problems on assignment (you couldn't change such a discriminant), but it would be horribly incompatible with Ada 95. 10.h.1/3 * {AI05-0063-1} Any type may have an access discriminant, but access discriminants may have defaults only if they are of an immutably limited type. This is the rule chosen for Ada 2005, as it is not incompatible, and it doesn't require weird accessibility checks. 11/2 This paragraph was deleted.{AI95-00402-01} 12 For a type defined by a derived_type_definition, if a known_discriminant_part is provided in its declaration, then: 13 * The parent subtype shall be constrained; 14 * If the parent type is not a tagged type, then each discriminant of the derived type shall be used in the constraint defining the parent subtype; 14.a Implementation Note: This ensures that the new discriminant can share storage with an existing discriminant. 15 * If a discriminant is used in the constraint defining the parent subtype, the subtype of the discriminant shall be statically compatible (see 4.9.1) with the subtype of the corresponding parent discriminant. 15.a Reason: This ensures that on conversion (or extension via an extension aggregate) to a distantly related type, if the discriminants satisfy the target type's requirements they satisfy all the intermediate types' requirements as well. 15.b Ramification: There is no requirement that the new discriminant have the same (or any) default_expression as the parent's discriminant. 16/3 This paragraph was deleted.{AI05-0102-1} 16.a/3 This paragraph was deleted. Static Semantics 17 A discriminant_specification declares a discriminant; the subtype_mark denotes its subtype unless it is an access discriminant, in which case the discriminant's subtype is the anonymous access-to-variable subtype defined by the access_definition. 18 [For a type defined by a derived_type_definition, each discriminant of the parent type is either inherited, constrained to equal some new discriminant of the derived type, or constrained to the value of an expression.] When inherited or constrained to equal some new discriminant, the parent discriminant and the discriminant of the derived type are said to correspond. Two discriminants also correspond if there is some common discriminant to which they both correspond. A discriminant corresponds to itself as well. If a discriminant of a parent type is constrained to a specific value by a derived_type_definition, then that discriminant is said to be specified by that derived_type_definition. 18.a Ramification: The correspondence relationship is transitive, symmetric, and reflexive. That is, if A corresponds to B, and B corresponds to C, then A, B, and C each corresponds to A, B, and C in all combinations. 19 A constraint that appears within the definition of a discriminated type depends on a discriminant of the type if it names the discriminant as a bound or discriminant value. A component_definition depends on a discriminant if its constraint depends on the discriminant, or on a discriminant that corresponds to it. 19.a Ramification: A constraint in a task_body is not considered to depend on a discriminant of the task type, even if it names it. It is only the constraints in the type definition itself that are considered dependents. Similarly for protected types. 20 A component depends on a discriminant if: 21 * Its component_definition depends on the discriminant; or 21.a Ramification: A component does not depend on a discriminant just because its default_expression refers to the discriminant. 22 * It is declared in a variant_part that is governed by the discriminant; or 23 * It is a component inherited as part of a derived_type_definition, and the constraint of the parent_subtype_indication depends on the discriminant; or 23.a Reason: When the parent subtype depends on a discriminant, the parent part of the derived type is treated like a discriminant-dependent component. 23.b Ramification: Because of this rule, we don't really need to worry about "corresponding" discriminants, since all the inherited components will be discriminant-dependent if there is a new known_discriminant_part whose discriminants are used to constrain the old discriminants. 24 * It is a subcomponent of a component that depends on the discriminant. 24.a Reason: The concept of discriminant-dependent (sub)components is primarily used in various rules that disallow renaming or 'Access, or specify that certain discriminant-changing assignments are erroneous. The goal is to allow implementations to move around or change the size of discriminant-dependent subcomponents upon a discriminant-changing assignment to an enclosing object. The above definition specifies that all subcomponents of a discriminant-dependent component or parent part are themselves discriminant-dependent, even though their presence or size does not in fact depend on a discriminant. This is because it is likely that they will move in a discriminant-changing assignment if they are a component of one of several discriminant-dependent parts of the same record. 25 Each value of a discriminated type includes a value for each component of the type that does not depend on a discriminant[; this includes the discriminants themselves]. The values of discriminants determine which other component values are present in the value of the discriminated type. 25.a To be honest: Which values are present might depend on discriminants of some ancestor type that are constrained in an intervening derived_type_definition. That's why we say "values of discriminants" instead of "values of the discriminants" - a subtle point. 26 A type declared with a known_discriminant_part is said to have known discriminants; its first subtype is unconstrained. A type declared with an unknown_discriminant_part is said to have unknown discriminants. A type declared without a discriminant_part has no discriminants, unless it is a derived type; if derived, such a type has the same sort of discriminants (known, unknown, or none) as its parent (or ancestor) type. A tagged class-wide type also has unknown discriminants. [Any subtype of a type with unknown discriminants is an unconstrained and indefinite subtype (see 3.2 and 3.3).] 26.a/2 Discussion: {AI95-00114-01} An unknown_discriminant_part "(<>)" is only permitted in the declaration of a (generic or nongeneric) private type, private extension, incomplete type, or formal derived type. Hence, only such types, descendants thereof, and class-wide types can have unknown discriminants. An unknown_discriminant_part is used to indicate that the corresponding actual or full type might have discriminants without defaults, or be an unconstrained array subtype. Tagged class-wide types are also considered to have unknown discriminants because discriminants can be added by type extensions, so the total number of discriminants of any given value of a tagged class-wide type is not known at compile time. 26.b/2 {AI95-00287-01} A subtype with unknown discriminants is indefinite, and hence an object of such a subtype needs explicit initialization. A limited private type with unknown discriminants is "extremely" limited; objects of such a type can be initialized only by subprograms (either procedures with a parameter of the type, or a function returning the type) declared in the package. Subprograms declared elsewhere can operate on and even return the type, but they can only initialize the object by calling (ultimately) a subprogram in the package declaring the type. Such a type is useful for keeping complete control over object creation within the package declaring the type. 26.c A partial view of a type might have unknown discriminants, while the full view of the same type might have known, unknown, or no discriminants. Dynamic Semantics 27/2 {AI95-00230-01} {AI95-00416-01} For an access discriminant, its access_definition is elaborated when the value of the access discriminant is defined: by evaluation of its default_expression, by elaboration of a discriminant_constraint, or by an assignment that initializes the enclosing object. 27.a/2 Ramification: {AI95-00231-01} {AI95-00416-01} The conversion of the expression defining the access discriminant to the anonymous access type raises Program_Error for an object created by an allocator of an access type T, if the initial value is an access parameter that designates a view whose accessibility level is deeper than that of T. NOTES 28 58 If a discriminated type has default_expressions for its discriminants, then unconstrained variables of the type are permitted, and the values of the discriminants can be changed by an assignment to such a variable. If defaults are not provided for the discriminants, then all variables of the type are constrained, either by explicit constraint or by their initial value; the values of the discriminants of such a variable cannot be changed after initialization. 28.a Discussion: This connection between discriminant defaults and unconstrained variables can be a source of confusion. For Ada 95, we considered various ways to break the connection between defaults and unconstrainedness, but ultimately gave up for lack of a sufficiently simple and intuitive alternative. 28.b An unconstrained discriminated subtype with defaults is called a mutable subtype, and a variable of such a subtype is called a mutable variable, because the discriminants of such a variable can change. There are no mutable arrays (that is, the bounds of an array object can never change), because there is no way in the language to define default values for the bounds. Similarly, there are no mutable class-wide subtypes, because there is no way to define the default tag, and defaults for discriminants are not allowed in the tagged case. Mutable tags would also require a way for the maximum possible size of such a class-wide subtype to be known. (In some implementations, all mutable variables are allocated with the maximum possible size. This approach is appropriate for real-time applications where implicit use of the heap is inappropriate.) 29 59 The default_expression for a discriminant of a type is evaluated when an object of an unconstrained subtype of the type is created. 30 60 Assignment to a discriminant of an object (after its initialization) is not allowed, since the name of a discriminant is a constant; neither assignment_statements nor assignments inherent in passing as an in out or out parameter are allowed. Note however that the value of a discriminant can be changed by assigning to the enclosing object, presuming it is an unconstrained variable. 30.a/2 Discussion: {AI95-00114-01} An unknown_discriminant_part is permitted only in the declaration of a private type (including generic formal private), private extension, incomplete type, or generic formal derived type. These are the things that will have a corresponding completion or generic actual, which will either define the discriminants, or say there are none. The (<>) indicates that the actual/full subtype might be an indefinite subtype. An unknown_discriminant_part is not permitted in a normal untagged derived type declaration, because there is no separate full type declaration for such a type. Note that (<>) allows unconstrained array bounds; those are somewhat like undefaulted discriminants. 30.b For a derived type, either the discriminants are inherited as is, or completely respecified in a new discriminant_part. In this latter case, each discriminant of the parent type shall be constrained, either to a specific value, or to equal one of the new discriminants. Constraining a parent type's discriminant to equal one of the new discriminants is like a renaming of the discriminant, except that the subtype of the new discriminant can be more restrictive than that of the parent's one. In any case, the new discriminant can share storage with the parent's discriminant. 31 61 A discriminant that is of a named access type is not called an access discriminant; that term is used only for discriminants defined by an access_definition. Examples 32 Examples of discriminated types: 33 type Buffer(Size : Buffer_Size := 100) is -- see 3.5.4 record Pos : Buffer_Size := 0; Value : String(1 .. Size); end record; 34 type Matrix_Rec(Rows, Columns : Integer) is record Mat : Matrix(1 .. Rows, 1 .. Columns); -- see 3.6 end record; 35 type Square(Side : Integer) is new Matrix_Rec(Rows => Side, Columns => Side); 36 type Double_Square(Number : Integer) is record Left : Square(Number); Right : Square(Number); end record; 37/3 {AI95-00433-01} {AI05-0229-1} task type Worker(Prio : System.Priority; Buf : access Buffer) with Priority => Prio is -- see D.1 -- discriminants used to parameterize the task type (see 9.1) entry Fill; entry Drain; end Worker; Extensions to Ada 83 37.a The syntax for a discriminant_specification is modified to allow an access discriminant, with a type specified by an access_definition (see 3.10). 37.b/2 {AI95-00251-01} Discriminants are allowed on all composite types other than array and interface types. 37.c Discriminants may be of an access type. Wording Changes from Ada 83 37.d Discriminant_parts are not elaborated, though an access_definition is elaborated when the discriminant is initialized. Extensions to Ada 95 37.e/2 {AI95-00230-01} {AI95-00402-01} {AI95-00416-01} Access discriminants (anonymous access types used as a discriminant) can be used on any type allowing discriminants. Defaults aren't allowed on discriminants of nonlimited types, however, so that accessibility problems don't happen on assignment. 37.f/2 {AI95-00231-01} null_exclusion can be used in the declaration of a discriminant. Wording Changes from Ada 95 37.g/2 {8652/0007} {AI95-00098-01} Corrigendum: The wording was clarified so that types that cannot have discriminants cannot have an unknown_discriminant_part. 37.h/2 {AI95-00251-01} Added wording to prevent interfaces from having discriminants. We don't want interfaces to have any components. 37.i/2 {AI95-00254-01} Removed wording which implied or required an access discriminant to have an access-to-object type (anonymous access types can now be access-to-subprogram types as well). 37.j/3 {AI95-00326-01} {AI05-0299-1} Fixed the wording of the introduction to this subclause to reflect that both incomplete and partial views can have unknown discriminants. That was always true, but for some reason this wording specified partial views. 37.k/2 {AI95-00419-01} Changed the wording to use the new term " explicitly limited record", which makes the intent much clearer (and eliminates confusion with derived types that happen to contain the reserved word limited). Incompatibilities With Ada 2005 37.l/3 {AI05-0063-1} Correction: Changed the rules for when access discriminants can have defaults to depend on the new definition for immutably limited types; this will help ensure that unusual corner cases are properly handled. Note that the Ada 2005 rule was unintentionally incompatible with the Ada 95 rule (as enforced by the ACATS); this change brings it back into alignment with actual practice. So there should be no practical incompatibility. Extensions to Ada 2005 37.m/3 {AI05-0214-1} A limited tagged type may now have defaults for its discriminants. Wording Changes from Ada 2005 37.n/3 {AI05-0102-1} Correction: Moved implicit conversion Legality Rule to 8.6. 3.7.1 Discriminant Constraints 1 A discriminant_constraint specifies the values of the discriminants for a given discriminated type. Language Design Principles 1.a/3 {AI05-0299-1} The rules in this subclause are intentionally parallel to those given in 4.3.1, "Record Aggregates". Syntax 2 discriminant_constraint ::= (discriminant_association {, discriminant_association}) 3 discriminant_association ::= [discriminant_selector_name {| discriminant_selector_name } =>] expression 4 A discriminant_association is said to be named if it has one or more discriminant_selector_names; it is otherwise said to be positional. In a discriminant_constraint, any positional associations shall precede any named associations. Name Resolution Rules 5 Each selector_name of a named discriminant_association shall resolve to denote a discriminant of the subtype being constrained; the discriminants so named are the associated discriminants of the named association. For a positional association, the associated discriminant is the one whose discriminant_specification occurred in the corresponding position in the known_- discriminant_part that defined the discriminants of the subtype being constrained. 6 The expected type for the expression in a discriminant_association is that of the associated discriminant(s). Legality Rules 7/3 {8652/0008} {AI95-00168-01} {AI95-00363-01} {AI05-0041-1} A discriminant_constraint is only allowed in a subtype_indication whose subtype_mark denotes either an unconstrained discriminated subtype, or an unconstrained access subtype whose designated subtype is an unconstrained discriminated subtype. However, in the case of an access subtype, a discriminant_constraint is legal only if any dereference of a value of the access type is known to be constrained (see 3.3). In addition to the places where Legality Rules normally apply (see 12.3), these rules apply also in the private part of an instance of a generic unit. 7.a.1/2 This paragraph was deleted.{8652/0008} {AI95-00168-01} {AI95-00363-01} 7.a/2 Reason: {AI95-00363-01} The second rule is necessary to prevent objects from changing so that they no longer match their constraint. In Ada 95, we attempted to prevent this by banning every case where an aliased object could be unconstrained or be changed by an enclosing assignment. New ways to cause this problem were being discovered frequently, meaning that new rules had to be dreamed up to cover them. Meanwhile, aliased objects and components were getting more and more limited. In Ada 2005, we sweep away all of that cruft and replace it by a simple rule " thou shalt not create an access subtype that can point to an item whose discriminants can be changed by assignment". 7.b/3 Discussion: {AI05-0041-1} The second rule will only use the indefinite or dereference bullets in the definition of "known to be constrained". The rule is worded in terms of "known to be constrained" in order to capture the special rules that apply in generic bodies (rather than repeating them and getting them subtly wrong). 8 A named discriminant_association with more than one selector_name is allowed only if the named discriminants are all of the same type. A discriminant_constraint shall provide exactly one value for each discriminant of the subtype being constrained. 9/3 This paragraph was deleted.{AI05-0102-1} 9.a/3 Ramification: In addition, 8.6 requires that the expression associated with an access discriminant is convertible (see 4.6) to the anonymous access type. This implies both convertibility of designated types, and static accessibility. This implies that if an object of type T with an access discriminant is created by an allocator for an access type A, then it requires that the type of the expression associated with the access discriminant have an accessibility level that is not statically deeper than that of A. This is to avoid dangling references. Dynamic Semantics 10 A discriminant_constraint is compatible with an unconstrained discriminated subtype if each discriminant value belongs to the subtype of the corresponding discriminant. 10.a Ramification: The "dependent compatibility check" has been eliminated in Ada 95. Any checking on subcomponents is performed when (and if) an object is created. 10.b Discussion: There is no need to define compatibility with a constrained discriminated subtype, because one is not allowed to constrain it again. 11 A composite value satisfies a discriminant constraint if and only if each discriminant of the composite value has the value imposed by the discriminant constraint. 12 For the elaboration of a discriminant_constraint, the expressions in the discriminant_associations are evaluated in an arbitrary order and converted to the type of the associated discriminant (which might raise Constraint_Error - see 4.6); the expression of a named association is evaluated (and converted) once for each associated discriminant. The result of each evaluation and conversion is the value imposed by the constraint for the associated discriminant. 12.a Reason: We convert to the type, not the subtype, so that the definition of compatibility of discriminant constraints is not vacuous. NOTES 13 62 The rules of the language ensure that a discriminant of an object always has a value, either from explicit or implicit initialization. 13.a Discussion: Although it is illegal to constrain a class-wide tagged subtype, it is possible to have a partially constrained class-wide subtype: If the subtype S is defined by T(A => B), then S'Class is partially constrained in the sense that objects of subtype S'Class have to have discriminants corresponding to A equal to B, but there can be other discriminants defined in extensions that are not constrained to any particular value. Examples 14/3 {AI05-0299-1} Examples (using types declared above in subclause 3.7): 15 Large : Buffer(200); -- constrained, always 200 characters -- (explicit discriminant value) Message : Buffer; -- unconstrained, initially 100 characters -- (default discriminant value) Basis : Square(5); -- constrained, always 5 by 5 Illegal : Square; -- illegal, a Square has to be constrained Inconsistencies With Ada 83 15.a Dependent compatibility checks are no longer performed on subtype declaration. Instead they are deferred until object creation (see 3.3.1). This is upward compatible for a program that does not raise Constraint_Error. Wording Changes from Ada 83 15.b Everything in RM83-3.7.2(7-12), which specifies the initial values for discriminants, is now redundant with 3.3.1, 6.4.1, 8.5.1, and 12.4. Therefore, we don't repeat it here. Since the material is largely intuitive, but nevertheless complicated to state formally, it doesn't seem worth putting it in a "NOTE." Incompatibilities With Ada 95 15.c/2 {8652/0008} {AI95-00168-01} {AI95-00363-01} The Corrigendum added a restriction on discriminant_constraints for general access subtypes. Such constraints are prohibited if the designated type can be treated as constrained somewhere in the program. Ada 2005 goes further and prohibits such discriminant_constraints if the designated type has (or might have, in the case of a formal type) defaults for its discriminants. The use of general access subtypes is rare, and this eliminates a boatload of problems that required many restrictions on the use of aliased objects and components (now lifted). Similarly, Ada 2005 prohibits discriminant_constraints on any access type whose designated type has a partial view that is constrained. Such a type will not be constrained in the heap to avoid privacy problems. Again, the use of such subtypes is rare (they can only happen within the package and its child units). Wording Changes from Ada 2005 15.d/3 {AI05-0041-1} Correction: Revised the rules on access subtypes having discriminant constraints to depend on the "known to be constrained" rules. This centralizes the rules so that future fixes need to be made in only one place, as well as fixing bugs in obscure cases. 15.e/3 {AI05-0102-1} Correction: Moved implicit conversion Legality Rule to 8.6. 3.7.2 Operations of Discriminated Types 1 [If a discriminated type has default_expressions for its discriminants, then unconstrained variables of the type are permitted, and the discriminants of such a variable can be changed by assignment to the variable. For a formal parameter of such a type, an attribute is provided to determine whether the corresponding actual parameter is constrained or unconstrained.] Static Semantics 2 For a prefix A that is of a discriminated type [(after any implicit dereference)], the following attribute is defined: 3/3 A'Constrained {AI05-0214-1} Yields the value True if A denotes a constant, a value, a tagged object, or a constrained variable, and False otherwise. 3.a/3 Implementation Note: {AI05-0214-1} This attribute is primarily used on parameters, to determine whether the discriminants can be changed as part of an assignment. The Constrained attribute is statically True for in parameters. For in out and out parameters of a discriminated type, the value of this attribute needs to be passed as an implicit parameter, in general. However, if the type is tagged or does not have defaults for its discriminants, the attribute is statically True, so no implicit parameter is needed. Parameters of a limited untagged type with defaulted discriminants need this implicit parameter, unless there are no nonlimited views, because they might be passed to a subprogram whose body has visibility on a nonlimited view of the type, and hence might be able to assign to the object and change its discriminants. 3.b/4 Reason: {AI05-0214-1} {AI12-0005-1} All tagged objects are known to be constrained (as nonlimited tagged types cannot have discriminant defaults, and limited tagged objects are immutably limited), and are always considered constrained by this attribute to avoid distributed overhead for parameters of limited class-wide types, as limited tagged objects may technically be unconstrained if they use defaulted discriminants. Such objects still cannot have their discriminants changed, as assignment is not supported for them, so there is no use for this attribute that would justify the overhead of passing it with all class-wide parameters. 3.c/3 Discussion: {AI05-0005-1} {AI05-0214-1} If the type of A is a type derived from an untagged partial view of a tagged type such that it is not a tagged type, then A is not considered a tagged object, and A'Constrained can return either True or False depending on the nature of the object. Erroneous Execution 4 The execution of a construct is erroneous if the construct has a constituent that is a name denoting a subcomponent that depends on discriminants, and the value of any of these discriminants is changed by this execution between evaluating the name and the last use (within this execution) of the subcomponent denoted by the name. 4.a Ramification: This rule applies to assignment_statements, calls (except when the discriminant-dependent subcomponent is an in parameter passed by copy), indexed_components, and slices. Ada 83 only covered the first two cases. AI83-00585 pointed out the situation with the last two cases. The cases of object_renaming_declarations and generic formal in out objects are handled differently, by disallowing the situation at compile time. Extensions to Ada 83 4.b/1 For consistency with other attributes, we are allowing the prefix of Constrained to be a value as well as an object of a discriminated type, and also an implicit dereference. These extensions are not important capabilities, but there seems no reason to make this attribute different from other similar attributes. We are curious what most Ada 83 compilers do with F(1).X'Constrained. 4.c We now handle in a general way the cases of erroneousness identified by AI83-00585, where the prefix of an indexed_component or slice is discriminant-dependent, and the evaluation of the index or discrete range changes the value of a discriminant. Wording Changes from Ada 83 4.d We have moved all discussion of erroneous use of names that denote discriminant-dependent subcomponents to this subclause. In Ada 83, it used to appear separately under assignment_statements and subprogram calls. Wording Changes from Ada 2005 4.e/3 {AI05-0214-1} A'Constrained is now defined to return True for any A that is a tagged object. This doesn't change the result for any A allowed by previous versions of Ada; the change is necessary to avoid unnecessary overhead for limited tagged parameters. 3.8 Record Types 1 A record object is a composite object consisting of named components. The value of a record object is a composite value consisting of the values of the components. Syntax 2 record_type_definition ::= [[abstract] tagged] [limited] record_definition 3 record_definition ::= record component_list end record | null record 4 component_list ::= component_item {component_item} | {component_item} variant_part | null; 5/1 {8652/0009} {AI95-00137-01} component_item ::= component_declaration | aspect_clause 6/3 {AI05-0183-1} component_declaration ::= defining_identifier_list : component_definition [:= default_expression] [aspect_specification]; Name Resolution Rules 7 The expected type for the default_expression, if any, in a component_declaration is the type of the component. Legality Rules 8/2 This paragraph was deleted.{AI95-00287-01} 9/2 {AI95-00366-01} Each component_declaration declares a component of the record type. Besides components declared by component_declarations, the components of a record type include any components declared by discriminant_specifications of the record type declaration. [The identifiers of all components of a record type shall be distinct.] 9.a/3 Proof: {AI05-0299-1} The identifiers of all components of a record type have to be distinct because they are all declared immediately within the same declarative region. See Clause 8. 10 Within a type_declaration, a name that denotes a component, protected subprogram, or entry of the type is allowed only in the following cases: 11/3 * {AI05-0004-1} {AI05-0295-1} A name that denotes any component, protected subprogram, or entry is allowed within an aspect_specification, an operational item, or a representation item that occurs within the declaration of the composite type. 12/3 * {AI05-0264-1} A name that denotes a noninherited discriminant is allowed within the declaration of the type, but not within the discriminant_part. If the discriminant is used to define the constraint of a component, the bounds of an entry family, or the constraint of the parent subtype in a derived_type_definition, then its name shall appear alone as a direct_name (not as part of a larger expression or expanded name). A discriminant shall not be used to define the constraint of a scalar component. 12.a Reason: The penultimate restriction simplifies implementation, and allows the outer discriminant and the inner discriminant or bound to possibly share storage. 12.b Ramification: Other rules prevent such a discriminant from being an inherited one. 12.c Reason: The last restriction is inherited from Ada 83. The restriction is not really necessary from a language design point of view, but we did not remove it, in order to avoid unnecessary changes to existing compilers. 12.d Discussion: Note that a discriminant can be used to define the constraint for a component that is of an access-to-composite type. 12.e/2 Reason: {AI95-00373-01} The above rules, and a similar one in 6.1 for formal parameters, are intended to allow initializations of components or parameters to occur in a (nearly) arbitrary order - whatever order is most efficient (subject to the restrictions of 3.3.1), since one default_expression cannot depend on the value of another one. They also prevent circularities. 12.f/3 Ramification: {AI05-0295-1} Inherited discriminants are not allowed to be denoted, except within aspect_specifications and representation items. However, the discriminant_selector_name of the parent subtype_indication is allowed to denote a discriminant of the parent. 13 If the name of the current instance of a type (see 8.6) is used to define the constraint of a component, then it shall appear as a direct_name that is the prefix of an attribute_reference whose result is of an access type, and the attribute_reference shall appear alone. 13.a Reason: This rule allows T'Access or T'Unchecked_Access, but disallows, for example, a range constraint (1..T'Size). Allowing things like (1..T'Size) would mean that a per-object constraint could affect the size of the object, which would be bad. Static Semantics 13.1/3 {AI95-00318-02} {AI05-0004-1} If a record_type_definition includes the reserved word limited, the type is called an explicitly limited record type. 14 The component_definition of a component_declaration defines the (nominal) subtype of the component. If the reserved word aliased appears in the component_definition, then the component is aliased (see 3.10). 15 If the component_list of a record type is defined by the reserved word null and there are no discriminants, then the record type has no components and all records of the type are null records. A record_definition of null record is equivalent to record null; end record. 15.a Ramification: This short-hand is available both for declaring a record type and a record extension - see 3.9.1. Dynamic Semantics 16 The elaboration of a record_type_definition creates the record type and its first subtype, and consists of the elaboration of the record_definition. The elaboration of a record_definition consists of the elaboration of its component_list, if any. 17 The elaboration of a component_list consists of the elaboration of the component_items and variant_part, if any, in the order in which they appear. The elaboration of a component_declaration consists of the elaboration of the component_definition. 17.a Discussion: If the defining_identifier_list has more than one defining_identifier, we presume here that the transformation explained in 3.3.1 has already taken place. Alternatively, we could say that the component_definition is elaborated once for each defining_identifier in the list. 18/2 {8652/0002} {AI95-00171-01} {AI95-00230-01} Within the definition of a composite type, if a component_definition or discrete_subtype_definition (see 9.5.2) includes a name that denotes a discriminant of the type, or that is an attribute_reference whose prefix denotes the current instance of the type, the expression containing the name is called a per-object expression, and the constraint or range being defined is called a per-object constraint. For the elaboration of a component_definition of a component_declaration or the discrete_subtype_definition of an entry_declaration for an entry family (see 9.5.2), if the component subtype is defined by an access_definition or if the constraint or range of the subtype_indication or discrete_subtype_definition is not a per-object constraint, then the access_definition, subtype_indication, or discrete_subtype_definition is elaborated. On the other hand, if the constraint or range is a per-object constraint, then the elaboration consists of the evaluation of any included expression that is not part of a per-object expression. Each such expression is evaluated once unless it is part of a named association in a discriminant constraint, in which case it is evaluated once for each associated discriminant. 18.1/1 {8652/0002} {AI95-00171-01} When a per-object constraint is elaborated [(as part of creating an object)], each per-object expression of the constraint is evaluated. For other expressions, the values determined during the elaboration of the component_definition or entry_declaration are used. Any checks associated with the enclosing subtype_indication or discrete_subtype_definition are performed[, including the subtype compatibility check (see 3.2.2),] and the associated subtype is created. 18.a Discussion: The evaluation of other expressions that appear in component_definitions and discrete_subtype_definitions is performed when the type definition is elaborated. The evaluation of expressions that appear as default_expressions is postponed until an object is created. Expressions in representation items that appear within a composite type definition are evaluated according to the rules of the particular representation item. NOTES 19 63 A component_declaration with several identifiers is equivalent to a sequence of single component_declarations, as explained in 3.3.1. 20 64 The default_expression of a record component is only evaluated upon the creation of a default-initialized object of the record type (presuming the object has the component, if it is in a variant_part - see 3.3.1). 21 65 The subtype defined by a component_definition (see 3.6) has to be a definite subtype. 22 66 If a record type does not have a variant_part, then the same components are present in all values of the type. 23 67 A record type is limited if it has the reserved word limited in its definition, or if any of its components are limited (see 7.5). 24 68 The predefined operations of a record type include membership tests, qualification, and explicit conversion. If the record type is nonlimited, they also include assignment and the predefined equality operators. 25/2 69 {AI95-00287-01} A component of a record can be named with a selected_component. A value of a record can be specified with a record_aggregate. Examples 26 Examples of record type declarations: 27 type Date is record Day : Integer range 1 .. 31; Month : Month_Name; Year : Integer range 0 .. 4000; end record; 28 type Complex is record Re : Real := 0.0; Im : Real := 0.0; end record; 29 Examples of record variables: 30 Tomorrow, Yesterday : Date; A, B, C : Complex; 31 -- both components of A, B, and C are implicitly initialized to zero Extensions to Ada 83 31.a The syntax rule for component_declaration is modified to use component_definition (instead of component_subtype_definition). The effect of this change is to allow the reserved word aliased before the component_subtype_definition. 31.b A short-hand is provided for defining a null record type (and a null record extension), as these will be more common for abstract root types (and derived types without additional components). 31.c The syntax rule for record_type_definition is modified to allow the reserved words tagged and limited. Tagging is new. Limitedness is now orthogonal to privateness. In Ada 83 the syntax implied that limited private was sort of more private than private. However, limitedness really has nothing to do with privateness; limitedness simply indicates the lack of assignment capabilities, and makes perfect sense for nonprivate types such as record types. Wording Changes from Ada 83 31.d/1 {8652/0009} {AI95-00137-01} The syntax rules now allow aspect_clauses to appear in a record_definition. This is not a language extension, because Legality Rules prevent all language-defined representation clauses from appearing there. However, an implementation-defined attribute_definition_clause could appear there. The reason for this change is to allow the rules for aspect_clauses and representation pragmas to be as similar as possible. Extensions to Ada 95 31.e/2 {AI95-00287-01} Record components can have an anonymous access type. 31.f/2 {AI95-00287-01} Limited components can be initialized, so long as the expression is one that allows building the object in place (such as an aggregate or function_call). Wording Changes from Ada 95 31.g/2 {8652/0002} {AI95-00171-01} Corrigendum: Improved the description of the elaboration of per-object constraints. 31.h/2 {8652/0009} {AI95-00137-01} Corrigendum: Changed representation clauses to aspect clauses to reflect that they are used for more than just representation. 31.i/2 {AI95-00318-02} Defined explicitly limited record type to use in other rules. Extensions to Ada 2005 31.j/3 {AI05-0183-1} An optional aspect_specification can be used in a component_declaration. This is described in 13.1.1. 3.8.1 Variant Parts and Discrete Choices 1 A record type with a variant_part specifies alternative lists of components. Each variant defines the components for the value or values of the discriminant covered by its discrete_choice_list. 1.a Discussion: Discrete_choice_lists and discrete_choices are said to cover values as defined below; which discrete_choice_list covers a value determines which of various alternatives is chosen. These are used in variant_parts, array_aggregates, and case_statements. Language Design Principles 1.b The definition of "cover" in this subclause and the rules about discrete choices are designed so that they are also appropriate for array aggregates and case statements. 1.c The rules of this subclause intentionally parallel those for case statements. Syntax 2 variant_part ::= case discriminant_direct_name is variant {variant} end case; 3 variant ::= when discrete_choice_list => component_list 4 discrete_choice_list ::= discrete_choice {| discrete_choice} 5/3 {AI05-0153-3} {AI05-0158-1} discrete_choice ::= choice_expression | discrete_subtype_indication | range | others Name Resolution Rules 6 The discriminant_direct_name shall resolve to denote a discriminant (called the discriminant of the variant_part) specified in the known_discriminant_part of the full_type_declaration that contains the variant_part. The expected type for each discrete_choice in a variant is the type of the discriminant of the variant_part. 6.a Ramification: A full_type_declaration with a variant_part has to have a (new) known_discriminant_part; the discriminant of the variant_part cannot be an inherited discriminant. Legality Rules 7 The discriminant of the variant_part shall be of a discrete type. 7.a Ramification: It shall not be of an access type, named or anonymous. 8/3 {AI05-0153-3} The choice_expressions, subtype_indications, and ranges given as discrete_choices in a variant_part shall be static. The discrete_choice others shall appear alone in a discrete_choice_list, and such a discrete_choice_list, if it appears, shall be the last one in the enclosing construct. 9 A discrete_choice is defined to cover a value in the following cases: 10/3 * {AI05-0262-1} A discrete_choice that is a choice_expression covers a value if the value equals the value of the choice_expression converted to the expected type. 10.1/4 * {AI05-0153-3} {AI05-0262-1} {AI12-0071-1} A discrete_choice that is a subtype_indication covers all values (possibly none) that belong to the subtype and that satisfy the static predicates of the subtype (see 3.2.4). 10.a/3 Ramification: {AI05-0262-1} A dynamic predicate is never allowed in this case (for variants, case_statements, and case_expression s, a subtype with a dynamic predicate isn't static and thus isn't allowed in a discrete_choice, and for a choice in an array_aggregate, a dynamic predicate is explicitly disallowed - see 3.2.4). 11/3 * {AI05-0153-3} A discrete_choice that is a range covers all values (possibly none) that belong to the range. 12 * The discrete_choice others covers all values of its expected type that are not covered by previous discrete_choice_lists of the same construct. 12.a Ramification: For case_statements, this includes values outside the range of the static subtype (if any) to be covered by the choices. It even includes values outside the base range of the case expression's type, since values of numeric types (and undefined values of any scalar type?) can be outside their base range. 13 A discrete_choice_list covers a value if one of its discrete_choices covers the value. 14 The possible values of the discriminant of a variant_part shall be covered as follows: 15/4 * {AI05-0153-3} {AI05-0188-1} {AI05-0262-1} {AI12-0071-1} If the discriminant is of a static constrained scalar subtype then, except within an instance of a generic unit, each non-others discrete_- choice shall cover only values in that subtype that satisfy its predicates, and each value of that subtype that satisfies its predicates shall be covered by some discrete_choice [(either explicitly or by others)]; 15.a/3 Reason: {AI05-0188-1} The exemption for a discriminated type declared in an instance allows the following example: 15.b/3 generic type T is new Integer; package G is type Rec (Discrim : T) is record case Discrim is when -10 .. -1 => Foo : Float; when others => null; end case; end record; end G; 15.c/3 package I is new G (Natural); -- Legal 16/3 * {AI05-0264-1} If the type of the discriminant is a descendant of a generic formal scalar type, then the variant_part shall have an others discrete_choice; 16.a Reason: The base range is not known statically in this case. 17 * Otherwise, each value of the base range of the type of the discriminant shall be covered [(either explicitly or by others)]. 18 Two distinct discrete_choices of a variant_part shall not cover the same value. Static Semantics 19 If the component_list of a variant is specified by null, the variant has no components. 20 The discriminant of a variant_part is said to govern the variant_part and its variants. In addition, the discriminant of a derived type governs a variant_part and its variants if it corresponds (see 3.7) to the discriminant of the variant_part. Dynamic Semantics 21 A record value contains the values of the components of a particular variant only if the value of the discriminant governing the variant is covered by the discrete_choice_list of the variant. This rule applies in turn to any further variant that is, itself, included in the component_list of the given variant. 21.1/3 {AI05-0290-1} When an object of a discriminated type T is initialized by default, Constraint_Error is raised if no discrete_choice_list of any variant of a variant_part of T covers the value of the discriminant that governs the variant_part. When a variant_part appears in the component_list of another variant V, this test is only applied if the value of the discriminant governing V is covered by the discrete_choice_list of V. 21.a/3 Implementation Note: This is not a "check"; it cannot be suppressed. However, in most cases it is not necessary to generate any code to raise this exception. A test is needed (and can fail) in the case where the discriminant subtype has a Static_Predicate specified, it also has predicate checking disabled, and the discriminant governs a variant_part which lacks a when others choice. 21.b/3 The test also could fail for a static discriminant subtype with range checking suppressed and the discriminant governs a variant_part which lacks a when others choice. But execution is erroneous if a range check that would have failed is suppressed (see 11.5), so an implementation does not have to generate code to check this case. (An unchecked failed predicate does not cause erroneous execution, so the test is required in that case.) 21.c/3 Like the checks associated with a per-object constraint, this test is not made during the elaboration of a subtype_indication. 22 The elaboration of a variant_part consists of the elaboration of the component_list of each variant in the order in which they appear. Examples 23 Example of record type with a variant part: 24 type Device is (Printer, Disk, Drum); type State is (Open, Closed); 25 type Peripheral(Unit : Device := Disk) is record Status : State; case Unit is when Printer => Line_Count : Integer range 1 .. Page_Size; when others => Cylinder : Cylinder_Index; Track : Track_Number; end case; end record; 26 Examples of record subtypes: 27 subtype Drum_Unit is Peripheral(Drum); subtype Disk_Unit is Peripheral(Disk); 28 Examples of constrained record variables: 29 Writer : Peripheral(Unit => Printer); Archive : Disk_Unit; Extensions to Ada 83 29.a In Ada 83, the discriminant of a variant_part is not allowed to be of a generic formal type. This restriction is removed in Ada 95; an others discrete_choice is required in this case. Wording Changes from Ada 83 29.b The syntactic category choice is removed. The syntax rules for variant, array_aggregate, and case_statement now use discrete_choice_list or discrete_choice instead. The syntax rule for record_aggregate now defines its own syntax for named associations. 29.c/3 {AI05-0299-1} We have added the term Discrete Choice to the title since this is where they are talked about. This is analogous to the name of the subclause "Index Constraints and Discrete Ranges" in the subclause on Array Types. 29.d The rule requiring that the discriminant denote a discriminant of the type being defined seems to have been left implicit in RM83. Incompatibilities With Ada 2005 29.e/3 {AI05-0158-1} Membership tests are no longer allowed as a discrete_choice, in order that those tests can be expanded to allow multiple tests in a single expression without ambiguity. Since a membership test has a boolean type, they are very unlikely to be used as a discrete_choice. Extensions to Ada 2005 29.f/3 {AI05-0153-3} Subtypes with static predicates can be used in discrete_choices, and the coverage rules are modified to respect the predicates. 29.g/3 {AI05-0188-1} Variants in generic specifications are no longer rejected if the subtype of the actual type does not include all of the case choices. This probably isn't useful, but it is consistent with the treatment of case_expressions. Wording Changes from Ada 2005 29.h/3 {AI05-0290-1} Added a test that some variant covers the value of a discriminant that governs a variant_part. This is similar to the test that some case limb covers the value of the Selecting_expression of a case_statement. This test cannot change the behavior of any nonerroneous Ada 2005 program, so it is not an inconsistency. Wording Changes from Ada 2012 29.i/4 {AI12-0071-1} Corrigendum: Updated wording of the coverage rules to use the new term "satisfies the predicates" (see 3.2.4). 3.9 Tagged Types and Type Extensions 1 [ Tagged types and type extensions support object-oriented programming, based on inheritance with extension and run-time polymorphism via dispatching operations. ] Language Design Principles 1.a/2 {AI95-00251-01} The intended implementation model is for the static portion of a tag to be represented as a pointer to a statically allocated and link-time initialized type descriptor. The type descriptor contains the address of the code for each primitive operation of the type. It probably also contains other information, such as might make membership tests convenient and efficient. Tags for nested type extensions must also have a dynamic part that identifies the particular elaboration of the type. 1.b The primitive operations of a tagged type are known at its first freezing point; the type descriptor is laid out at that point. It contains linker symbols for each primitive operation; the linker fills in the actual addresses. 1.b.1/2 {AI95-00251-01} Primitive operations of type extensions that are declared at a level deeper than the level of the ultimate ancestor from which they are derived can be represented by wrappers that use the dynamic part of the tag to call the actual primitive operation. The dynamic part would generally be some way to represent the static link or display necessary for making a nested call. One implementation strategy would be to store that information in the extension part of such nested type extensions, and use the dynamic part of the tag to point at it. (That way, the "dynamic" part of the tag could be static, at the cost of indirect access.) 1.b.2/2 {AI95-00251-01} If the tagged type is descended from any interface types, it also will need to include "subtags" (one for each interface) that describe the mapping of the primitive operations of the interface to the primitives of the type. These subtags could directly reference the primitive operations (for faster performance), or simply provide the tag "slot" numbers for the primitive operations (for easier derivation). In either case, the subtags would be used for calls that dispatch through a class-wide type of the interface. 1.c Other implementation models are possible. 1.d The rules ensure that "dangling dispatching" is impossible; that is, when a dispatching call is made, there is always a body to execute. This is different from some other object-oriented languages, such as Smalltalk, where it is possible to get a run-time error from a missing method. 1.e/2 {AI95-00251-01} Dispatching calls should be efficient, and should have a bounded worst-case execution time. This is important in a language intended for real-time applications. In the intended implementation model, a dispatching call involves calling indirect through the appropriate slot in the dispatch table. No complicated "method lookup" is involved although a call which is dispatching on an interface may require a lookup of the appropriate interface subtag. 1.f The programmer should have the choice at each call site of a dispatching operation whether to do a dispatching call or a statically determined call (i.e. whether the body executed should be determined at run time or at compile time). 1.g The same body should be executed for a call where the tag is statically determined to be T'Tag as for a dispatching call where the tag is found at run time to be T'Tag. This allows one to test a given tagged type with statically determined calls, with some confidence that run-time dispatching will produce the same behavior. 1.h All views of a type should share the same type descriptor and the same tag. 1.i The visibility rules determine what is legal at compile time; they have nothing to do with what bodies can be executed at run time. Thus, it is possible to dispatch to a subprogram whose declaration is not visible at the call site. In fact, this is one of the primary facts that gives object-oriented programming its power. The subprogram that ends up being dispatched to by a given call might even be designed long after the call site has been coded and compiled. 1.j Given that Ada has overloading, determining whether a given subprogram overrides another is based both on the names and the type profiles of the operations. 1.k/2 {AI95-00401-01} When a type extension is declared, if there is any place within its immediate scope where a certain subprogram of the parent or progenitor is visible, then a matching subprogram should override. If there is no such place, then a matching subprogram should be totally unrelated, and occupy a different slot in the type descriptor. This is important to preserve the privacy of private parts; when an operation declared in a private part is inherited, the inherited version can be overridden only in that private part, in the package body, and in any children of the package. 1.l If an implementation shares code for instances of generic bodies, it should be allowed to share type descriptors of tagged types declared in the generic body, so long as they are not extensions of types declared in the specification of the generic unit. Static Semantics 2/2 {AI95-00345-01} A record type or private type that has the reserved word tagged in its declaration is called a tagged type. In addition, an interface type is a tagged type, as is a task or protected type derived from an interface (see 3.9.4). [When deriving from a tagged type, as for any derived type, additional primitive subprograms may be defined, and inherited primitive subprograms may be overridden.] The derived type is called an extension of its ancestor types, or simply a type extension. 2.1/2 {AI95-00345-01} Every type extension is also a tagged type, and is a record extension or a private extension of some other tagged type, or a noninterface synchronized tagged type (see 3.9.4). A record extension is defined by a derived_type_definition with a record_extension_part (see 3.9.1 )[, which may include the definition of additional components]. A private extension, which is a partial view of a record extension or of a synchronized tagged type, can be declared in the visible part of a package (see 7.3) or in a generic formal part (see 12.5.1). 2.a Glossary entry: The objects of a tagged type have a run-time type tag, which indicates the specific type with which the object was originally created. An operand of a class-wide tagged type can be used in a dispatching call; the tag indicates which subprogram body to invoke. Nondispatching calls, in which the subprogram body to invoke is determined at compile time, are also allowed. Tagged types may be extended with additional components. 2.b/2 Ramification: {AI95-00218-03} If a tagged type is declared other than in a package_specification, it is impossible to add new primitive subprograms for that type, although it can inherit primitive subprograms, and those can be overridden. If the user incorrectly thinks a certain subprogram is primitive when it is not, and tries to call it with a dispatching call, an error message will be given at the call site. Similarly, by using an overriding_indicator (see 6.1), the user can declare that a subprogram is intended to be overriding, and get an error message when they made a mistake. The use of overriding_indicators is highly recommended in new code that does not need to be compatible with Ada 95. 3 An object of a tagged type has an associated (run-time) tag that identifies the specific tagged type used to create the object originally. [ The tag of an operand of a class-wide tagged type T'Class controls which subprogram body is to be executed when a primitive subprogram of type T is applied to the operand (see 3.9.2); using a tag to control which body to execute is called dispatching.] 4/2 {AI95-00344-01} The tag of a specific tagged type identifies the full_type_declaration of the type, and for a type extension, is sufficient to uniquely identify the type among all descendants of the same ancestor. If a declaration for a tagged type occurs within a generic_package_declaration, then the corresponding type declarations in distinct instances of the generic package are associated with distinct tags. For a tagged type that is local to a generic package body and with all of its ancestors (if any) also local to the generic body, the language does not specify whether repeated instantiations of the generic body result in distinct tags. 4.a/2 This paragraph was deleted.{AI95-00344-01} 4.a.1/2 Implementation Note: {AI95-00344-01} In most cases, a tag need only identify a particular tagged type declaration, and can therefore be a simple link-time-known address. However, for tag checks (see 3.9.2) it is essential that each descendant (that currently exists) of a given type have a unique tag. Hence, for types declared in shared generic bodies where an ancestor comes from outside the generic, or for types declared at a deeper level than an ancestor, the tag needs to be augmented with some kind of dynamic descriptor (which may be a static link, global display, instance descriptor pointer, or combination). This implies that type Tag may need to be two words, the second of which is normally null, but in these identified special cases needs to include a static link or equivalent. Within an object of one of these types with a two-word tag, the two parts of the tag would typically be separated, one part as the first word of the object, the second placed in the first extension part that corresponds to a type declared more nested than its parent or declared in a shared generic body when the parent is declared outside. Alternatively, by using an extra level of indirection, the type Tag could remain a single-word. 4.b/2 {AI95-00344-01} For types that are not type extensions (even for ones declared in nested scopes), we do not require that repeated elaborations of the same full_type_declaration correspond to distinct tags. This was done so that Ada 2005 implementations of tagged types could maintain representation compatibility with Ada 95 implementations. Only type extensions that were not allowed in Ada 95 require additional information with the tag. 4.c/2 To be honest: {AI95-00344-01} The wording "is sufficient to uniquely identify the type among all descendants of the same ancestor" only applies to types that currently exist. It is not necessary to distinguish between descendants that currently exist, and descendants of the same type that no longer exist. For instance, the address of the stack frame of the subprogram that created the tag is sufficient to meet the requirements of this rule, even though it is possible, after the subprogram returns, that a later call of the subprogram could have the same stack frame and thus have an identical tag. 5 The following language-defined library package exists: 6/2 {AI95-00362-01} package Ada.Tags is pragma Preelaborate(Tags); type Tag is private; pragma Preelaborable_Initialization(Tag); 6.1/2 {AI95-00260-02} No_Tag : constant Tag; 7/2 {AI95-00400-01} function Expanded_Name(T : Tag) return String; function Wide_Expanded_Name(T : Tag) return Wide_String; function Wide_Wide_Expanded_Name(T : Tag) return Wide_Wide_String; function External_Tag(T : Tag) return String; function Internal_Tag(External : String) return Tag; 7.1/2 {AI95-00344-01} function Descendant_Tag (External : String; Ancestor : Tag) return Tag; function Is_Descendant_At_Same_Level(Descendant, Ancestor : Tag) return Boolean; 7.2/2 {AI95-00260-02} function Parent_Tag (T : Tag) return Tag; 7.3/2 {AI95-00405-01} type Tag_Array is array (Positive range <>) of Tag; 7.4/2 {AI95-00405-01} function Interface_Ancestor_Tags (T : Tag) return Tag_Array; 7.5/3 {AI05-0173-1} function Is_Abstract (T : Tag) return Boolean; 8 Tag_Error : exception; 9 private ... -- not specified by the language end Ada.Tags; 9.a Reason: Tag is a nonlimited, definite subtype, because it needs the equality operators, so that tag checking makes sense. Also, equality, assignment, and object declaration are all useful capabilities for this subtype. 9.b For an object X and a type T, "X'Tag = T'Tag" is not needed, because a membership test can be used. However, comparing the tags of two objects cannot be done via membership. This is one reason to allow equality for type Tag. 9.1/2 {AI95-00260-02} No_Tag is the default initial value of type Tag. 9.c/2 Reason: {AI95-00260-02} This is similar to the requirement that all access values be initialized to null. 10/2 {AI95-00400-01} The function Wide_Wide_Expanded_Name returns the full expanded name of the first subtype of the specific type identified by the tag, in upper case, starting with a root library unit. The result is implementation defined if the type is declared within an unnamed block_statement. 10.a To be honest: This name, as well as each prefix of it, does not denote a renaming_declaration. 10.b/2 Implementation defined: The result of Tags.Wide_Wide_Expanded_- Name for types declared within an unnamed block_statement. 10.1/2 {AI95-00400-01} The function Expanded_Name (respectively, Wide_Expanded_Name) returns the same sequence of graphic characters as that defined for Wide_Wide_Expanded_Name, if all the graphic characters are defined in Character (respectively, Wide_Character); otherwise, the sequence of characters is implementation defined, but no shorter than that returned by Wide_Wide_Expanded_Name for the same value of the argument. 10.c/2 Implementation defined: The sequence of characters of the value returned by Tags.Expanded_Name (respectively, Tags.Wide_Expanded_Name) when some of the graphic characters of Tags.Wide_Wide_Expanded_Name are not defined in Character (respectively, Wide_Character). 11 The function External_Tag returns a string to be used in an external representation for the given tag. The call External_Tag(S'Tag) is equivalent to the attribute_reference S'External_Tag (see 13.3). 11.a Reason: It might seem redundant to provide both the function External_Tag and the attribute External_Tag. The function is needed because the attribute can't be applied to values of type Tag. The attribute is needed so that it can be specified via an attribute_definition_clause. 11.1/2 {AI95-00417-01} The string returned by the functions Expanded_Name, Wide_Expanded_Name, Wide_Wide_Expanded_Name, and External_Tag has lower bound 1. 12/2 {AI95-00279-01} The function Internal_Tag returns a tag that corresponds to the given external tag, or raises Tag_Error if the given string is not the external tag for any specific type of the partition. Tag_Error is also raised if the specific type identified is a library-level type whose tag has not yet been created (see 13.14). 12.a/3 Reason: {AI95-00279-01} {AI05-0005-1} The check for uncreated library-level types prevents a reference to the type before execution reaches the freezing point of the type. This is important so that T'Class'Input or an instance of Tags.Generic_Dispatching_Constructor do not try to create an object of a type that hasn't been frozen (which might not have yet elaborated its constraints). We don't require this behavior for non-library-level types as the tag can be created multiple times and possibly multiple copies can exist at the same time, making the check complex. 12.1/3 {AI95-00344-01} {AI05-0113-1} The function Descendant_Tag returns the (internal) tag for the type that corresponds to the given external tag and is both a descendant of the type identified by the Ancestor tag and has the same accessibility level as the identified ancestor. Tag_Error is raised if External is not the external tag for such a type. Tag_Error is also raised if the specific type identified is a library-level type whose tag has not yet been created, or if the given external tag identifies more than one type that has the appropriate Ancestor and accessibility level. 12.b/2 Reason: Descendant_Tag is used by T'Class'Input to identify the type identified by an external tag. Because there can be multiple elaborations of a given type declaration, Internal_Tag does not have enough information to choose a unique such type. Descendant_Tag does not return the tag for types declared at deeper accessibility levels than the ancestor because there could be ambiguity in the presence of recursion or multiple tasks. Descendant_Tag can be used in constructing a user-defined replacement for T'Class'Input. 12.b.1/3 {AI05-0113-1} Rules for specifying external tags will usually prevent an external tag from identifying more than one type. However, an external tag can identify multiple types if a generic body contains a derivation of a tagged type declared outside of the generic, and there are multiple instances at the same accessibility level as the type. (The Standard allows default external tags to not be unique in this case.) 12.2/2 {AI95-00344-01} The function Is_Descendant_At_Same_Level returns True if the Descendant tag identifies a type that is both a descendant of the type identified by Ancestor and at the same accessibility level. If not, it returns False. 12.c/2 Reason: Is_Descendant_At_Same_Level (or something similar to it) is used by T'Class'Output to determine whether the item being written is at the same accessibility level as T. It may be used to determine prior to using T'Class'Output whether Tag_Error will be raised, and also can be used in constructing a user-defined replacement for T'Class'Output. 12.3/3 {AI05-0115-1} For the purposes of the dynamic semantics of functions Descendant_Tag and Is_Descendant_At_Same_Level, a tagged type T2 is a descendant of a type T1 if it is the same as T1, or if its parent type or one of its progenitor types is a descendant of type T1 by this rule[, even if at the point of the declaration of T2, one of the derivations in the chain is not visible]. 12.c.1/3 Discussion: In other contexts, "descendant" is dependent on visibility, and the particular view a derived type has of its parent type. See 7.3.1. 12.4/4 {AI95-00260-02} {AI12-0056-1} The function Parent_Tag returns the tag of the parent type of the type whose tag is T. If the type does not have a parent type (that is, it was not defined by a derived_type_definition), then No_Tag is returned. 12.d/4 Ramification: {AI12-0005-1} The parent type is always the parent of the full type; a private extension appears to define a parent type, but it does not (only the various forms of derivation do that). As this is a run-time operation, ignoring privacy is OK. 12.5/3 {AI95-00405-01} The function Interface_Ancestor_Tags returns an array containing the tag of each interface ancestor type of the type whose tag is T, other than T itself. The lower bound of the returned array is 1, and the order of the returned tags is unspecified. Each tag appears in the result exactly once.[ If the type whose tag is T has no interface ancestors, a null array is returned.] 12.e/2 Ramification: The result of Interface_Ancestor_Tags includes the tag of the parent type, if the parent is an interface. 12.f/2 Indirect interface ancestors are included in the result of Interface_Ancestor_Tags. That's because where an interface appears in the derivation tree has no effect on the semantics of the type; the only interesting property is whether the type has an interface as an ancestor. 12.6/3 {AI05-0173-1} The function Is_Abstract returns True if the type whose tag is T is abstract, and False otherwise. 13 For every subtype S of a tagged type T (specific or class-wide), the following attributes are defined: 14 S'Class S'Class denotes a subtype of the class-wide type (called T'Class in this International Standard) for the class rooted at T (or if S already denotes a class-wide subtype, then S'Class is the same as S). 15 S'Class is unconstrained. However, if S is constrained, then the values of S'Class are only those that when converted to the type T belong to S. 15.a Ramification: This attribute is defined for both specific and class-wide subtypes. The definition is such that S'Class'Class is the same as S'Class. 15.b Note that if S is constrained, S'Class is only partially constrained, since there might be additional discriminants added in descendants of T which are not constrained. 15.c/2 Reason: {AI95-00326-01} The Class attribute is not defined for untagged subtypes (except for incomplete types and private types whose full view is tagged - see J.11 and 7.3.1) so as to preclude implicit conversion in the absence of run-time type information. If it were defined for untagged subtypes, it would correspond to the concept of universal types provided for the predefined numeric classes. 16 S'Tag S'Tag denotes the tag of the type T (or if T is class-wide, the tag of the root type of the corresponding class). The value of this attribute is of type Tag. 16.a Reason: S'Class'Tag equals S'Tag, to avoid generic contract model problems when S'Class is the actual type associated with a generic formal derived type. 17 Given a prefix X that is of a class-wide tagged type [(after any implicit dereference)], the following attribute is defined: 18 X'Tag X'Tag denotes the tag of X. The value of this attribute is of type Tag. 18.a Reason: X'Tag is not defined if X is of a specific type. This is primarily to avoid confusion that might result about whether the Tag attribute should reflect the tag of the type of X, or the tag of X. No such confusion is possible if X is of a class-wide type. 18.1/2 {AI95-00260-02} {AI95-00441-01} The following language-defined generic function exists: 18.2/3 {AI05-0229-1} generic type T (<>) is abstract tagged limited private; type Parameters (<>) is limited private; with function Constructor (Params : not null access Parameters) return T is abstract; function Ada.Tags.Generic_Dispatching_Constructor (The_Tag : Tag; Params : not null access Parameters) return T'Class with Convention => Intrinsic; pragma Preelaborate(Generic_Dispatching_Constructor); 18.3/2 {AI95-00260-02} Tags.Generic_Dispatching_Constructor provides a mechanism to create an object of an appropriate type from just a tag value. The function Constructor is expected to create the object given a reference to an object of type Parameters. 18.b/2 Discussion: This specification is designed to make it easy to create dispatching constructors for streams; in particular, this can be used to construct overridings for T'Class'Input. 18.c/2 Note that any tagged type will match T (see 12.5.1). Dynamic Semantics 19 The tag associated with an object of a tagged type is determined as follows: 20 * The tag of a stand-alone object, a component, or an aggregate of a specific tagged type T identifies T. 20.a Discussion: The tag of a formal parameter of type T is not necessarily the tag of T, if, for example, the actual was a type conversion. 21 * The tag of an object created by an allocator for an access type with a specific designated tagged type T, identifies T. 21.a Discussion: The tag of an object designated by a value of such an access type might not be T, if, for example, the access value is the result of a type conversion. 22 * The tag of an object of a class-wide tagged type is that of its initialization expression. 22.a Ramification: The tag of an object (even a class-wide one) cannot be changed after it is initialized, since a "class-wide" assignment_statement raises Constraint_Error if the tags don't match, and a "specific" assignment_statement does not affect the tag. 23 * The tag of the result returned by a function whose result type is a specific tagged type T identifies T. 23.a/2 Implementation Note: {AI95-00318-02} For a limited tagged type, the return object is "built in place" in the ultimate result object with the appropriate tag. For a nonlimited type, a new anonymous object with the appropriate tag is created as part of the function return. See 6.5, "Return Statements". 24/2 * {AI95-00318-02} The tag of the result returned by a function with a class-wide result type is that of the return object. 25 The tag is preserved by type conversion and by parameter passing. The tag of a value is the tag of the associated object (see 6.2). 25.1/3 {AI95-00260-02} {AI95-00344-01} {AI95-00405-01} {AI05-0092-1} {AI05-0262-1} Tag_Error is raised by a call of Descendant_Tag, Expanded_Name, External_Tag, Interface_Ancestor_Tags, Is_Abstract, Is_Descendant_At_Same_Level, Parent_Tag, Wide_Expanded_Name, or Wide_Wide_Expanded_Name if any tag passed is No_Tag. 25.2/2 {AI95-00260-02} An instance of Tags.Generic_Dispatching_Constructor raises Tag_Error if The_Tag does not represent a concrete descendant of T or if the innermost master (see 7.6.1) of this descendant is not also a master of the instance. Otherwise, it dispatches to the primitive function denoted by the formal Constructor for the type identified by The_Tag, passing Params, and returns the result. Any exception raised by the function is propagated. 25.a/2 Ramification: The tag check checks both that The_Tag is in T'Class, and that it is not abstract. These checks are similar to the ones required by streams for T'Class'Input (see 13.13.2). In addition, there is a check that the tag identifies a type declared on the current dynamic call chain, and not a more nested type or a type declared by another task. This check is not necessary for streams, because the stream attributes are declared at the same dynamic level as the type used. Erroneous Execution 25.3/2 {AI95-00260-02} If an internal tag provided to an instance of Tags.Generic_Dispatching_Constructor or to any subprogram declared in package Tags identifies either a type that is not library-level and whose tag has not been created (see 13.14), or a type that does not exist in the partition at the time of the call, then execution is erroneous. 25.b/2 Ramification: One reason that a type might not exist in the partition is that the tag refers to a type whose declaration was elaborated as part of an execution of a subprogram_body which has been left (see 7.6.1). 25.c/2 We exclude tags of library-level types from the current execution of the partition, because misuse of such tags should always be detected. T'Tag freezes the type (and thus creates the tag), and Internal_Tag and Descendant_Tag cannot return the tag of a library-level type that has not been created. All ancestors of a tagged type must be frozen no later than the (full) declaration of a type that uses them, so Parent_Tag and Interface_Ancestor_Tags cannot return a tag that has not been created. Finally, library-level types never cease to exist while the partition is executing. Thus, if the tag comes from a library-level type, there cannot be erroneous execution (the use of Descendant_Tag rather than Internal_Tag can help ensure that the tag is of a library-level type). This is also similar to the rules for T'Class'Input (see 13.13.2). 25.d/2 Discussion: {AI95-00344-01} Ada 95 allowed Tag_Error in this case, or expected the functions to work. This worked because most implementations used tags constructed at link-time, and each elaboration of the same type_declaration produced the same tag. However, Ada 2005 requires at least part of the tags to be dynamically constructed for a type derived from a type at a shallower level. For dynamically constructed tags, detecting the error can be expensive and unreliable. To see this, consider a program containing two tasks. Task A creates a nested tagged type, passes the tag to task B (which saves it), and then terminates. The nested tag (if dynamic) probably will need to refer in some way to the stack frame for task A. If task B later tries to use the tag created by task A, the tag's reference to the stack frame of A probably is a dangling pointer. Avoiding this would require some sort of protected tag manager, which would be a bottleneck in a program's performance. Moreover, we'd still have a race condition; if task A terminated after the tag check, but before the tag was used, we'd still have a problem. That means that all of these operations would have to be serialized. That could be a significant performance drain, whether or not nested tagged types are ever used. Therefore, we allow execution to become erroneous as we do for other dangling pointers. If the implementation can detect the error, we recommend that Tag_Error be raised. Implementation Permissions 26/2 {AI95-00260-02} {AI95-00279-01} The implementation of Internal_Tag and Descendant_Tag may raise Tag_Error if no specific type corresponding to the string External passed as a parameter exists in the partition at the time the function is called, or if there is no such type whose innermost master is a master of the point of the function call. 26.a/2 Reason: {AI95-00260-02} {AI95-00279-01} {AI95-00344-01} Locking would be required to ensure that the mapping of strings to tags never returned tags of types which no longer exist, because types can cease to exist (because they belong to another task, as described above) during the execution of these operations. Moreover, even if these functions did use locking, that would not prevent the type from ceasing to exist at the instant that the function returned. Thus, we do not require the overhead of locking; hence the word "may" in this rule. Implementation Advice 26.1/3 {AI95-00260-02} {AI05-0113-1} Internal_Tag should return the tag of a type, if one exists, whose innermost master is a master of the point of the function call. 26.b/3 Implementation Advice: Tags.Internal_Tag should return the tag of a type, if one exists, whose innermost master is a master of the point of the function call.. 26.c/2 Reason: {AI95-00260-02} {AI95-00344-01} It's not helpful if Internal_Tag returns the tag of some type in another task when one is available in the task that made the call. We don't require this behavior (because it requires the same implementation techniques we decided not to insist on previously), but encourage it. 26.d/3 Discussion: {AI05-0113-1} There is no Advice for the result of Internal_Tag if no such type exists. In most cases, the Implementation Permission can be used to raise Tag_Error, but some other tag can be returned as well. NOTES 27 70 A type declared with the reserved word tagged should normally be declared in a package_specification, so that new primitive subprograms can be declared for it. 28 71 Once an object has been created, its tag never changes. 29 72 Class-wide types are defined to have unknown discriminants (see 3.7). This means that objects of a class-wide type have to be explicitly initialized (whether created by an object_declaration or an allocator), and that aggregates have to be explicitly qualified with a specific type when their expected type is class-wide. 30/2 73 {AI95-00260-02} {AI95-00326-01} The capability provided by Tags.Generic_Dispatching_Constructor is sometimes known as a factory. Examples 31 Examples of tagged record types: 32 type Point is tagged record X, Y : Real := 0.0; end record; 33 type Expression is tagged null record; -- Components will be added by each extension Extensions to Ada 83 33.a Tagged types are a new concept. Inconsistencies With Ada 95 33.b/2 {AI95-00279-01} Amendment Correction: Added wording specifying that Internal_Tag must raise Tag_Error if the tag of a library-level type has not yet been created. Ada 95 gave an Implementation Permission to do this; we require it to avoid erroneous execution when streaming in an object of a library-level type that has not yet been elaborated. This is technically inconsistent; a program that used Internal_Tag outside of streaming and used a compiler that didn't take advantage of the Implementation Permission would not have raised Tag_Error, and may have returned a useful tag. (If the tag was used in streaming, the program would have been erroneous.) Since such a program would not have been portable to a compiler that did take advantage of the Implementation Permission, this is not a significant inconsistency. 33.c/2 {AI95-00417-01} We now define the lower bound of the string returned from [[Wide_]Wide_]Expanded_Name and External_Name. This makes working with the returned string easier, and is consistent with many other string-returning functions in Ada. This is technically an inconsistency; if a program depended on some other lower bound for the string returned from one of these functions, it could fail when compiled with Ada 2005. Such code is not portable even between Ada 95 implementations, so it should be very rare. Incompatibilities With Ada 95 33.d/3 {AI95-00260-02} {AI95-00344-01} {AI95-00400-01} {AI95-00405-01} {AI05-0005-1} Constant No_Tag, and functions Parent_Tag, Interface_Ancestor_Tags, Descendant_Tag, Is_Descendant_At_Same_Level, Wide_Expanded_Name, and Wide_Wide_Expanded_Name are added to Ada.Tags. If Ada.Tags is referenced in a use_clause, and an entity E with the same defining_identifier as a new entity in Ada.Tags is defined in a package that is also referenced in a use_clause, the entity E may no longer be use-visible, resulting in errors. This should be rare and is easily fixed if it does occur. Extensions to Ada 95 33.e/2 {AI95-00362-01} Ada.Tags is now defined to be preelaborated. 33.f/2 {AI95-00260-02} Generic function Tags.Generic_Dispatching_Constructor is new. Wording Changes from Ada 95 33.g/2 {AI95-00318-02} We talk about return objects rather than return expressions, as functions can return using an extended_return_statement. 33.h/2 {AI95-00344-01} Added wording to define that tags for all descendants of a tagged type must be distinct. This is needed to ensure that more nested type extensions will work properly. The wording does not require implementation changes for types that were allowed in Ada 95. Inconsistencies With Ada 2005 33.i/3 {AI05-0113-1} Correction: Added wording specifying that Dependent_Tag must raise Tag_Error if there is more than one type which matches the requirements. If an implementation had returned a random tag of the matching types, a program may have worked properly. However, such a program would not be portable (another implementation may return a different tag) and the conditions that would cause the problem are unlikely (most likely, a tagged type extension declared in a generic body with multiple instances in the same scope). Incompatibilities With Ada 2005 33.j/3 {AI05-0173-1} Function Is_Abstract is added to Ada.Tags. If Ada.Tags is referenced in a use_clause, and an entity E with the defining_identifier Is_Abstract is defined in a package that is also referenced in a use_clause, the entity E may no longer be use-visible, resulting in errors. This should be rare and is easily fixed if it does occur. Wording Changes from Ada 2005 33.k/3 {AI05-0115-1} Correction: We explicitly define the meaning of "descendant" at runtime, so that it does not depend on visibility as does the usual meaning. 3.9.1 Type Extensions 1/2 {AI95-00345-01} [ Every type extension is a tagged type, and is a record extension or a private extension of some other tagged type, or a noninterface synchronized tagged type.] Language Design Principles 1.a We want to make sure that we can extend a generic formal tagged type, without knowing its discriminants. 1.b We don't want to allow components in an extension aggregate to depend on discriminants inherited from the parent value, since such dependence requires staticness in aggregates, at least for variants. Syntax 2 record_extension_part ::= with record_definition Legality Rules 3/2 {AI95-00344-01} {AI95-00345-01} {AI95-00419-01} The parent type of a record extension shall not be a class-wide type nor shall it be a synchronized tagged type (see 3.9.4). If the parent type or any progenitor is nonlimited, then each of the components of the record_extension_part shall be nonlimited. In addition to the places where Legality Rules normally apply (see 12.3), these rules apply also in the private part of an instance of a generic unit. 3.a Reason: If the parent is a limited formal type, then the actual might be nonlimited. 3.b/2 {AI95-00344-01} Ada 95 required the record extensions to be the same level as the parent type. Now we use accessibility checks on class-wide allocators and return statements to prevent objects from living longer than their type. 3.c/2 {AI95-00345-01} Synchronized tagged types cannot be extended. We have this limitation so that all of the data of a task or protected type is defined within the type. Data defined outside of the type wouldn't be subject to the mutual exclusion properties of a protected type, and couldn't be used by a task, and thus doesn't seem to be worth the potential impact on implementations. 4/2 {AI95-00344-01} Within the body of a generic unit, or the body of any of its descendant library units, a tagged type shall not be declared as a descendant of a formal type declared within the formal part of the generic unit. 4.a Reason: This paragraph ensures that a dispatching call will never attempt to execute an inaccessible subprogram body. 4.a.1/2 {AI95-00344-01} The convoluted wording ("formal type declared within the formal part") is necessary to include tagged types that are formal parameters of formal packages of the generic unit, as well as formal tagged and tagged formal derived types of the generic unit. 4.b/2 {AI95-00344-01} This rule is necessary in order to preserve the contract model. 4.c/2 {AI05-0005-1} {AI95-00344-01} If an ancestor is a formal of the generic unit , we have a problem because it might have an unknown number of subprograms that require overriding, as in the following example: 4.d/2 package P is type T is tagged null record; function F return T; -- Inherited versions will require overriding. end P; 4.e generic type TT is tagged private; package Gp is type NT is abstract new TT with null record; procedure Q(X : in NT) is abstract; end Gp; 4.f/2 package body Gp is type NT2 is new NT with null record; -- Illegal! procedure Q(X : in NT2) is begin null; end Q; -- Is this legal or not? Can't decide because -- we don't know whether TT had any functions that require -- overriding on extension. end Gp; 4.g package I is new Gp(TT => P.T); 4.h/2 I.NT is an abstract type with two abstract subprograms: F (inherited as abstract) and Q (explicitly declared as abstract). But the generic body doesn't know about F, so we don't know that it needs to be overridden to make a nonabstract extension of NT. Hence, we have to disallow this case. 4.h.1/2 Similarly, since the actual type for a formal tagged limited private type can be a nonlimited type, we would have a problem if a type extension of a limited private formal type could be declared in a generic body. Such an extension could have a task component, for example, and an object of that type could be passed to a dispatching operation of a nonlimited ancestor type. That operation could try to copy the object with the task component. That would be bad. So we disallow this as well. 4.i If TT were declared as abstract, then we could have the same problem with abstract procedures. 4.j We considered disallowing all tagged types in a generic body, for simplicity. We decided not to go that far, in order to avoid unnecessary restrictions. 4.k We also considered trying make the accessibility level part of the contract; i.e. invent some way of saying (in the generic_declaration) "all instances of this generic unit will have the same accessibility level as the generic_declaration." Unfortunately, that doesn't solve the part of the problem having to do with abstract types. 4.l/2 This paragraph was deleted. 4.m/2 Ramification: {AI95-00344} This rule applies to types with ancestors (directly or indirectly) of formal interface types (see 12.5.5), formal tagged private types (see 12.5.1), and formal derived private types whose ancestor type is tagged (see 12.5.1). Static Semantics 4.1/2 {AI95-00391-01} A record extension is a null extension if its declaration has no known_discriminant_part and its record_extension_part includes no component_declarations. Dynamic Semantics 5 The elaboration of a record_extension_part consists of the elaboration of the record_definition. NOTES 6 74 The term "type extension" refers to a type as a whole. The term "extension part" refers to the piece of text that defines the additional components (if any) the type extension has relative to its specified ancestor type. 6.a Discussion: We considered other terminology, such as "extended type." However, the terms "private extended type" and "record extended type" did not convey the proper meaning. Hence, we have chosen to uniformly use the term "extension" as the type resulting from extending a type, with "private extension" being one produced by privately extending the type, and "record extension" being one produced by extending the type with an additional record-like set of components. Note also that the term "type extension" refers to the result of extending a type in the language Oberon as well (though there the term "extended type" is also used, interchangeably, perhaps because Oberon doesn't have the concept of a "private extension"). 7/2 75 {AI95-00344-01} When an extension is declared immediately within a body, primitive subprograms are inherited and are overridable, but new primitive subprograms cannot be added. 8 76 A name that denotes a component (including a discriminant) of the parent type is not allowed within the record_extension_part. Similarly, a name that denotes a component defined within the record_extension_part is not allowed within the record_extension_part. It is permissible to use a name that denotes a discriminant of the record extension, providing there is a new known_discriminant_part in the enclosing type declaration. (The full rule is given in 3.8.) 8.a Reason: The restriction against depending on discriminants of the parent is to simplify the definition of extension aggregates. The restriction against using parent components in other ways is methodological; it presumably simplifies implementation as well. 9 77 Each visible component of a record extension has to have a unique name, whether the component is (visibly) inherited from the parent type or declared in the record_extension_part (see 8.3). Examples 10 Examples of record extensions (of types defined above in 3.9): 11 type Painted_Point is new Point with record Paint : Color := White; end record; -- Components X and Y are inherited 12 Origin : constant Painted_Point := (X | Y => 0.0, Paint => Black); 13 type Literal is new Expression with record -- a leaf in an Expression tree Value : Real; end record; 14 type Expr_Ptr is access all Expression'Class; -- see 3.10 15 type Binary_Operation is new Expression with record -- an internal node in an Expression tree Left, Right : Expr_Ptr; end record; 16 type Addition is new Binary_Operation with null record; type Subtraction is new Binary_Operation with null record; -- No additional components needed for these extensions 17 Tree : Expr_Ptr := -- A tree representation of " 5.0 + (13.0-7.0)" new Addition'( Left => new Literal'(Value => 5.0), Right => new Subtraction'( Left => new Literal'(Value => 13.0), Right => new Literal'(Value => 7.0))); Extensions to Ada 83 17.a Type extension is a new concept. Extensions to Ada 95 17.b/2 {AI95-00344-01} Type extensions now can be declared in more nested scopes than their parent types. Additional accessibility checks on allocators and return statements prevent objects from outliving their type. Wording Changes from Ada 95 17.c/2 {AI95-00345-01} Added wording to prevent extending synchronized tagged types. 17.d/2 {AI95-00391-01} Defined null extension for use elsewhere. 3.9.2 Dispatching Operations of Tagged Types 1/2 {AI95-00260-02} {AI95-00335-01} The primitive subprograms of a tagged type, the subprograms declared by formal_abstract_subprogram_declarations, and the stream attributes of a specific tagged type that are available (see 13.13.2) at the end of the declaration list where the type is declared are called dispatching operations. [A dispatching operation can be called using a statically determined controlling tag, in which case the body to be executed is determined at compile time. Alternatively, the controlling tag can be dynamically determined, in which case the call dispatches to a body that is determined at run time;] such a call is termed a dispatching call. [As explained below, the properties of the operands and the context of a particular call on a dispatching operation determine how the controlling tag is determined, and hence whether or not the call is a dispatching call. Run-time polymorphism is achieved when a dispatching operation is called by a dispatching call.] 1.a.1/2 Reason: {AI95-00335-01} For the stream attributes of a type declared immediately within a package_specification that has a partial view, the declaration list to consider is the visible part of the package. Stream attributes that are not available in the same declaration list are not dispatching as there is no guarantee that descendants of the type have available attributes (there is such a guarantee for visibly available attributes). If we allowed dispatching for any available attribute, then for attributes defined in the private part we could end up executing a nonexistent body. Language Design Principles 1.a The controlling tag determination rules are analogous to the overload resolution rules, except they deal with run-time type identification (tags) rather than compile-time type resolution. As with overload resolution, controlling tag determination may depend on operands or result context. Static Semantics 2/3 {AI95-00260-02} {AI95-00416-01} {AI05-0076-1} A call on a dispatching operation is a call whose name or prefix denotes the declaration of a dispatching operation. A controlling operand in a call on a dispatching operation of a tagged type T is one whose corresponding formal parameter is of type T or is of an anonymous access type with designated type T; the corresponding formal parameter is called a controlling formal parameter. If the controlling formal parameter is an access parameter, the controlling operand is the object designated by the actual parameter, rather than the actual parameter itself. If the call is to a (primitive) function with result type T (a function with a controlling result), then the call has a controlling result - the context of the call can control the dispatching. Similarly, if the call is to a function with an access result type designating T (a function with a controlling access result), then the call has a controlling access result, and the context can similarly control dispatching. 2.a Ramification: This definition implies that a call through the dereference of an access-to-subprogram value is never considered a call on a dispatching operation. Note also that if the prefix denotes a renaming_declaration, the place where the renaming occurs determines whether it is primitive; the thing being renamed is irrelevant. 3 A name or expression of a tagged type is either statically tagged, dynamically tagged, or tag indeterminate, according to whether, when used as a controlling operand, the tag that controls dispatching is determined statically by the operand's (specific) type, dynamically by its tag at run time, or from context. A qualified_expression or parenthesized expression is statically, dynamically, or indeterminately tagged according to its operand. For other kinds of names and expressions, this is determined as follows: 4/2 * {AI95-00416-01} The name or expression is statically tagged if it is of a specific tagged type and, if it is a call with a controlling result or controlling access result, it has at least one statically tagged controlling operand; 4.a Discussion: It is illegal to have both statically tagged and dynamically tagged controlling operands in the same call -- see below. 5/2 * {AI95-00416-01} The name or expression is dynamically tagged if it is of a class-wide type, or it is a call with a controlling result or controlling access result and at least one dynamically tagged controlling operand; 6/2 * {AI95-00416-01} The name or expression is tag indeterminate if it is a call with a controlling result or controlling access result, all of whose controlling operands (if any) are tag indeterminate. 7/1 {8652/0010} {AI95-00127-01} [A type_conversion is statically or dynamically tagged according to whether the type determined by the subtype_mark is specific or class-wide, respectively.] For an object that is designated by an expression whose expected type is an anonymous access-to-specific tagged type, the object is dynamically tagged if the expression, ignoring enclosing parentheses, is of the form X'Access, where X is of a class-wide type, or is of the form new T'(...), where T denotes a class-wide subtype. Otherwise, the object is statically or dynamically tagged according to whether the designated type of the type of the expression is specific or class-wide, respectively. 7.a Ramification: A type_conversion is never tag indeterminate, even if its operand is. A designated object is never tag indeterminate. 7.a.1/1 {8652/0010} {AI95-00127-01} Allocators and access attributes of class-wide types can be used as the controlling parameters of dispatching calls. Legality Rules 8 A call on a dispatching operation shall not have both dynamically tagged and statically tagged controlling operands. 8.a Reason: This restriction is intended to minimize confusion between whether the dynamically tagged operands are implicitly converted to, or tag checked against the specific type of the statically tagged operand(s). 9/1 {8652/0010} {AI95-00127-01} If the expected type for an expression or name is some specific tagged type, then the expression or name shall not be dynamically tagged unless it is a controlling operand in a call on a dispatching operation. Similarly, if the expected type for an expression is an anonymous access-to-specific tagged type, then the object designated by the expression shall not be dynamically tagged unless it is a controlling operand in a call on a dispatching operation. 9.a Reason: This prevents implicit "truncation" of a dynamically-tagged value to the specific type of the target object/formal. An explicit conversion is required to request this truncation. 9.b/4 Ramification: {AI95-00252-01} {AI12-0039-1} This rule applies to all expressions or names with a specific expected type, not just those that are actual parameters to a dispatching call. This rule does not apply to a membership test whose tested_simple_expression is class-wide, since any type that covers the tested type is explicitly allowed. See 4.5.2. This rule also doesn't apply to a selected_component whose selector_name is a subprogram, since the rules explicitly say that the prefix may be class-wide (see 4.1.3). 10/2 {8652/0011} {AI95-00117-01} {AI95-00430-01} In the declaration of a dispatching operation of a tagged type, everywhere a subtype of the tagged type appears as a subtype of the profile (see 6.1), it shall statically match the first subtype of the tagged type. If the dispatching operation overrides an inherited subprogram, it shall be subtype conformant with the inherited subprogram. The convention of an inherited dispatching operation is the convention of the corresponding primitive operation of the parent or progenitor type. The default convention of a dispatching operation that overrides an inherited primitive operation is the convention of the inherited operation; if the operation overrides multiple inherited operations, then they shall all have the same convention. An explicitly declared dispatching operation shall not be of convention Intrinsic. 10.a Reason: These rules ensure that constraint checks can be performed by the caller in a dispatching call, and parameter passing conventions match up properly. A special rule on aggregates prevents values of a tagged type from being created that are outside of its first subtype. 11/2 {AI95-00416-01} The default_expression for a controlling formal parameter of a dispatching operation shall be tag indeterminate. 11.a/2 Reason: {AI95-00416-01} This rule ensures that the default_expression always produces the "correct" tag when called with or without dispatching, or when inherited by a descendant. If it were statically tagged, the default would be useless for a dispatching call; if it were dynamically tagged, the default would be useless for a nondispatching call. 11.1/2 {AI95-00404-01} If a dispatching operation is defined by a subprogram_renaming_declaration or the instantiation of a generic subprogram, any access parameter of the renamed subprogram or the generic subprogram that corresponds to a controlling access parameter of the dispatching operation, shall have a subtype that excludes null. 12 A given subprogram shall not be a dispatching operation of two or more distinct tagged types. 12.a Reason: This restriction minimizes confusion since multiple dispatching is not provided. The normal solution is to replace all but one of the tagged types with their class-wide types. 12.a.1/1 Ramification: {8652/0098} {AI95-00183-01} This restriction applies even if the partial view (see 7.3) of one or both of the types is untagged. This follows from the definition of dispatching operation: the operation is a dispatching operation anywhere the full views of the (tagged) types are visible. 13 The explicit declaration of a primitive subprogram of a tagged type shall occur before the type is frozen (see 13.14). [For example, new dispatching operations cannot be added after objects or values of the type exist, nor after deriving a record extension from it, nor after a body.] 13.a/2 Reason: {AI95-00344-01} This rule is needed because (1) we don't want people dispatching to things that haven't been declared yet, and (2) we want to allow the static part of tagged type descriptors to be static (allocated statically, and initialized to link-time-known symbols). Suppose T2 inherits primitive P from T1, and then overrides P. Suppose P is called before the declaration of the overriding P. What should it dispatch to? If the answer is the new P, we've violated the first principle above. If the answer is the old P, we've violated the second principle. (A call to the new one necessarily raises Program_Error, but that's beside the point.) 13.b Note that a call upon a dispatching operation of type T will freeze T. 13.c We considered applying this rule to all derived types, for uniformity. However, that would be upward incompatible, so we rejected the idea. As in Ada 83, for an untagged type, the above call upon P will call the old P (which is arguably confusing). 13.d/2 Implementation Note: {AI95-00326-01} Because of this rule, the type descriptor can be created (presumably containing linker symbols pointing at the not-yet-compiled bodies) at the first freezing point of the type. It also prevents, for a (nonincomplete) tagged type declared in a package_specification, overriding in the body or by a child subprogram. 13.e/2 Ramification: {AI95-00251-01} A consequence is that for a tagged type declaration in a declarative_part, only the last (overriding) primitive subprogram can be declared by a subprogram_body. (Other overridings must be provided by subprogram_declarations.) 13.f/3 To be honest: {AI05-0222-1} This rule applies only to "original" declarations and not to the completion of a primitive subprogram, even though a completion is technically an explicit declaration, and it may declare a primitive subprogram. Dynamic Semantics 14 For the execution of a call on a dispatching operation of a type T, the controlling tag value determines which subprogram body is executed. The controlling tag value is defined as follows: 15 * If one or more controlling operands are statically tagged, then the controlling tag value is statically determined to be the tag of T. 16 * If one or more controlling operands are dynamically tagged, then the controlling tag value is not statically determined, but is rather determined by the tags of the controlling operands. If there is more than one dynamically tagged controlling operand, a check is made that they all have the same tag. If this check fails, Constraint_Error is raised unless the call is a function_call whose name denotes the declaration of an equality operator (predefined or user defined) that returns Boolean, in which case the result of the call is defined to indicate inequality, and no subprogram_body is executed. This check is performed prior to evaluating any tag-indeterminate controlling operands. 16.a Reason: Tag mismatch is considered an error (except for "=" and "/=") since the corresponding primitive subprograms in each specific type expect all controlling operands to be of the same type. For tag mismatch with an equality operator, rather than raising an exception, "=" returns False and "/=" returns True. No equality operator is actually invoked, since there is no common tag value to control the dispatch. Equality is a special case to be consistent with the existing Ada 83 principle that equality comparisons, even between objects with different constraints, never raise Constraint_Error. 17/2 * {AI95-00196-01} If all of the controlling operands (if any) are tag-indeterminate, then: 18/2 * {AI95-00239-01} {AI95-00416-01} If the call has a controlling result or controlling access result and is itself, or designates, a (possibly parenthesized or qualified) controlling operand of an enclosing call on a dispatching operation of a descendant of type T, then its controlling tag value is determined by the controlling tag value of this enclosing call; 18.a/2 Discussion: {AI95-00239-01} For code that a user can write explicitly, the only contexts that can control dispatching of a function with a controlling result of type T are those that involve controlling operands of the same type T: if the two types differ there is an illegality and the dynamic semantics are irrelevant. 18.b/2 In the case of an inherited subprogram however, if a default expression is a function call, it may be of type T while the parameter is of a type derived from T. To cover this case, we talk about "a descendant of T" above. This is safe, because if the type of the parameter is descended from the type of the function result, it is guaranteed to inherit or override the function, and this ensures that there will be an appropriate body to dispatch to. Note that abstract functions are not an issue here because the call to the function is a dispatching call, so it is guaranteed to always land on a concrete body. 18.1/2 * {AI95-00196-01} {AI95-00416-01} If the call has a controlling result or controlling access result and (possibly parenthesized, qualified, or dereferenced) is the expression of an assignment_statement whose target is of a class-wide type, then its controlling tag value is determined by the target; 19 * Otherwise, the controlling tag value is statically determined to be the tag of type T. 19.a Ramification: This includes the cases of a tag-indeterminate procedure call, and a tag-indeterminate function_call that is used to initialize a class-wide formal parameter or class-wide object. 20/3 {AI95-00345-01} {AI05-0126-1} For the execution of a call on a dispatching operation, the action performed is determined by the properties of the corresponding dispatching operation of the specific type identified by the controlling tag value: 20.1/3 * {AI05-0126-1} if the corresponding operation is explicitly declared for this type, [even if the declaration occurs in a private part], then the action comprises an invocation of the explicit body for the operation; 20.2/3 * {AI95-00345-01} {AI05-0126-1} if the corresponding operation is implicitly declared for this type and is implemented by an entry or protected subprogram (see 9.1 and 9.4), then the action comprises a call on this entry or protected subprogram, with the target object being given by the first actual parameter of the call, and the actual parameters of the entry or protected subprogram being given by the remaining actual parameters of the call, if any; 20.3/3 * {AI05-0197-1} if the corresponding operation is a predefined operator then the action comprises an invocation of that operator; 20.4/3 * {AI95-00345-01} {AI05-0126-1} {AI05-0197-1} {AI05-0250-1} {AI05-0254-1} otherwise, the action is the same as the action for the corresponding operation of the parent type or progenitor type from which the operation was inherited except that additional invariant checks (see 7.3.2) and class-wide postcondition checks (see 6.1.1) may apply. If there is more than one such corresponding operation, the action is that for the operation that is not a null procedure, if any; otherwise, the action is that of an arbitrary one of the operations. 20.a/3 This paragraph was deleted.{AI05-0126-1} 20.a.1/3 Ramification: {AI05-0005-1} {AI05-0126-1} "Corresponding dispatching operation" refers to the inheritance relationship between subprograms. Primitive operations are always inherited for a type T, but they might not be declared if the primitive operation is never visible within the immediate scope of the type T. If no corresponding operation is declared, the last bullet is used and the corresponding operation of the parent type is executed (an explicit body that happens to have the same name and profile is not called in that case). 20.a.2/3 {AI05-0005-1} {AI05-0126-1} We have to talk about progenitors in the last bullet in case the corresponding operation is a null procedure inherited from an interface. In that case, the parent type might not even have the operation in question. 20.a.3/3 {AI05-0197-1} For the last bullet, if there are multiple corresponding operations for the parent and progenitors, all but one of them have to be a null procedure. (If the progenitors declared abstract routines, there would have to be an explicit overriding of the operation, and then the first bullet would apply.) We call the nonnull routine if one exists. 20.a.4/3 {AI05-0126-1} Any explicit declaration for an inherited corresponding operation has to be an overriding routine. These rules mean that a dispatching call executes the overriding routine (if any) for the specific type. 20.b/3 Reason: {AI05-0005-1} The wording of the above rules is intended to ensure that the same body is executed for a given tag, whether that tag is determined statically or dynamically. For a type declared in a package, it doesn't matter whether a given subprogram is overridden in the visible part or the private part, and it doesn't matter whether the call is inside or outside the package. For example: 20.c package P1 is type T1 is tagged null record; procedure Op_A(Arg : in T1); procedure Op_B(Arg : in T1); end P1; 20.d with P1; use P1; package P2 is type T2 is new T1 with null record; procedure Op_A(Param : in T2); private procedure Op_B(Param : in T2); end P2; 20.e/1 with P1; with P2; procedure Main is X : P2.T2; Y : P1.T1'Class := X; begin P2.Op_A(Param => X); -- Nondispatching call to a dispatching operation. P1.Op_A(Arg => Y); -- Dispatching call. P2.Op_B(Arg => X); -- Nondispatching call to a dispatching operation. P1.Op_B(Arg => Y); -- Dispatching call. end Main; 20.f The two calls to Op_A both execute the body of Op_A that has to occur in the body of package P2. Similarly, the two calls to Op_B both execute the body of Op_B that has to occur in the body of package P2, even though Op_B is overridden in the private part of P2. Note, however, that the formal parameter names are different for P2.Op_A versus P2.Op_B. The overriding declaration for P2.Op_B is not visible in Main, so the name in the call actually denotes the implicit declaration of Op_B inherited from T1. 20.g If a call occurs in the program text before an overriding, which can happen only if the call is part of a default expression, the overriding will still take effect for that call. 20.h Implementation Note: Even when a tag is not statically determined, a compiler might still be able to figure it out and thereby avoid the overhead of run-time dispatching. NOTES 21 78 The body to be executed for a call on a dispatching operation is determined by the tag; it does not matter whether that tag is determined statically or dynamically, and it does not matter whether the subprogram's declaration is visible at the place of the call. 22/2 79 {AI95-00260-02} This subclause covers calls on dispatching subprograms of a tagged type. Rules for tagged type membership tests are described in 4.5.2. Controlling tag determination for an assignment_statement is described in 5.2. 23 80 A dispatching call can dispatch to a body whose declaration is not visible at the place of the call. 24 81 A call through an access-to-subprogram value is never a dispatching call, even if the access value designates a dispatching operation. Similarly a call whose prefix denotes a subprogram_renaming_declaration cannot be a dispatching call unless the renaming itself is the declaration of a primitive subprogram. Extensions to Ada 83 24.a The concept of dispatching operations is new. Incompatibilities With Ada 95 24.b/2 {AI95-00404-01} If a dispatching operation is defined by a subprogram_renaming_declaration, and it has a controlling access parameter, Ada 2005 requires the subtype of the parameter to exclude null. The same applies to instantiations. This is required so that all calls to the subprogram operate the same way (controlling access parameters have to exclude null so that dispatching calls will work). Since Ada 95 didn't have the notion of access subtypes that exclude null, and all access parameters excluded null, it had no such rules. These rules will require the addition of an explicit not null on nondispatching operations that are later renamed to be dispatching, or on a generic that is used to define a dispatching operation. Extensions to Ada 95 24.c/2 {AI95-00416-01} Functions that have an access result type can be dispatching in the same way as a function that returns a tagged object directly. Wording Changes from Ada 95 24.d/3 {8652/0010} {AI95-00127-01} {AI05-0299-1} Corrigendum: Allocators and access attributes of objects of class-wide types can be used as the controlling parameter in a dispatching calls. This was an oversight in the definition of Ada 95. (See 3.10.2 and 4.8). 24.e/2 {8652/0011} {AI95-00117-01} {AI95-00430-01} Corrigendum: Corrected the conventions of dispatching operations. This is extended in Ada 2005 to cover operations inherited from progenitors, and to ensure that the conventions of all inherited operations are the same. 24.f/2 {AI95-00196-01} Clarified the wording to ensure that functions with no controlling operands are tag-indeterminate, and to describe that the controlling tag can come from the target of an assignment_statement. 24.g/2 {AI95-00239-01} Fixed the wording to cover default expressions inherited by derived subprograms. A literal reading of the old wording would have implied that operations would be called with objects of the wrong type. 24.h/2 {AI95-00260-02} An abstract formal subprogram is a dispatching operation, even though it is not a primitive operation. See 12.6 , "Formal Subprograms". 24.i/2 {AI95-00345-01} Dispatching calls include operations implemented by entries and protected operations, so we have to update the wording to reflect that. 24.j/2 {AI95-00335-01} A stream attribute of a tagged type is usually a dispatching operation, even though it is not a primitive operation. If they weren't dispatching, T'Class'Input and T'Class'Output wouldn't work. Wording Changes from Ada 2005 24.k/3 {AI05-0076-1} Correction: Defined "function with a controlling result", as it is used in 3.9.3. 24.l/3 {AI05-0126-1} {AI05-0197-1} Correction: Corrected holes in the definition of dynamic dispatching: the behavior for operations that are never declared and/or inherited from a progenitor were not specified. 3.9.3 Abstract Types and Subprograms 1/2 {AI95-00345-01} [ An abstract type is a tagged type intended for use as an ancestor of other types, but which is not allowed to have objects of its own. An abstract subprogram is a subprogram that has no body, but is intended to be overridden at some point when inherited. Because objects of an abstract type cannot be created, a dispatching call to an abstract subprogram always dispatches to some overriding body.] 1.a.1/2 Glossary entry: An abstract type is a tagged type intended for use as an ancestor of other types, but which is not allowed to have objects of its own. Language Design Principles 1.a/3 {AI05-0299-1} An abstract subprogram has no body, so the rules in this subclause are designed to ensure (at compile time) that the body will never be invoked. We do so primarily by disallowing the creation of values of the abstract type. Therefore, since type conversion and parameter passing don't change the tag, we know we will never get a class-wide value with a tag identifying an abstract type. This means that we only have to disallow nondispatching calls on abstract subprograms (dispatching calls will never reach them). Syntax 1.1/3 {AI95-00218-03} {AI95-00348-01} {AI05-0183-1} abstract_subprogram_declaration ::= [overriding_indicator] subprogram_specification is abstract [aspect_specification]; Static Semantics 1.2/2 {AI95-00345-01} Interface types (see 3.9.4) are abstract types. In addition, a tagged type that has the reserved word abstract in its declaration is an abstract type. The class-wide type (see 3.4.1) rooted at an abstract type is not itself an abstract type. Legality Rules 2/2 {AI95-00345-01} Only a tagged type shall have the reserved word abstract in its declaration. 2.a Ramification: Untagged types are never abstract, even though they can have primitive abstract subprograms. Such subprograms cannot be called, unless they also happen to be dispatching operations of some tagged type, and then only via a dispatching call. 2.b Class-wide types are never abstract. If T is abstract, then it is illegal to declare a stand-alone object of type T, but it is OK to declare a stand-alone object of type T'Class; the latter will get a tag from its initial value, and this tag will necessarily be different from T'Tag. 3/2 {AI95-00260-02} {AI95-00348-01} A subprogram declared by an abstract_- subprogram_declaration or a formal_abstract_subprogram_declaration (see 12.6) is an abstract subprogram. If it is a primitive subprogram of a tagged type, then the tagged type shall be abstract. 3.a Ramification: Note that for a private type, this applies to both views. The following is illegal: 3.b package P is type T is abstract tagged private; function Foo (X : T) return Boolean is abstract; -- Illegal! private type T is tagged null record; -- Illegal! X : T; Y : Boolean := Foo (T'Class (X)); end P; 3.c The full view of T is not abstract, but has an abstract operation Foo, which is illegal. The two lines marked "-- Illegal!" are illegal when taken together. 3.d/2 Reason: {AI95-00310-01} We considered disallowing untagged types from having abstract primitive subprograms. However, we rejected that plan, because it introduced some silly anomalies, and because such subprograms are harmless. For example: 3.e/1 package P is type Field_Size is range 0..100; type T is abstract tagged null record; procedure Print(X : in T; F : in Field_Size := 0) is abstract; . . . package Q is type My_Field_Size is new Field_Size; -- implicit declaration of Print(X : T; F : My_Field_Size := 0) is abstract; end Q; 3.f It seemed silly to make the derivative of My_Field_Size illegal, just because there was an implicitly declared abstract subprogram that was not primitive on some tagged type. Other rules could be formulated to solve this problem, but the current ones seem like the simplest. 3.g/2 {AI95-00310-01} In Ada 2005, abstract primitive subprograms of an untagged type may be used to "undefine" an operation. 3.h/2 Ramification: {AI95-00260-02} Note that the second sentence does not apply to abstract formal subprograms, as they are never primitive operations of a type. 4/3 {AI95-00251-01} {AI95-00334-01} {AI95-00391-01} {AI05-0097-1} {AI05-0198-1} If a type has an implicitly declared primitive subprogram that is inherited or is a predefined operator, and the corresponding primitive subprogram of the parent or ancestor type is abstract or is a function with a controlling access result, or if a type other than a nonabstract null extension inherits a function with a controlling result, then: 4.a/3 Ramification: {AI05-0068-1} These rules apply to each view of the type individually. That is necessary to preserve privacy. For instance, in the following example: 4.b/3 package P is type I is interface; procedure Op (X : I) is abstract; end P; 4.c/3 with P; package Q is type T is abstract new P.I with private; -- Op inherited here. private type T is abstract new P.I with null record; procedure Op (X : T) is null; end Q; 4.d/3 with Q; package R is type T2 is new Q.T with null record; -- Illegal. Op inherited here, but requires overriding. end R; 4.e/3 If this did not depend on the view, this would be legal. But in that case, the fact that Op is overridden in the private part would be visible; package R would have to be illegal if no overriding was in the private part. 4.f/3 Note that this means that whether an inherited subprogram is abstract or concrete depends on where it inherited. In the case of Q, Q.Op in the visible part is abstract, while Q.Op in the private part is concrete. That is, R is illegal since it is an unrelated unit (and thus it cannot see the private part), but if R had been a private child of Q, it would have been legal. 5/2 * {AI95-00251-01} {AI95-00334-01} If the type is abstract or untagged, the implicitly declared subprogram is abstract. 5.a Ramification: Note that it is possible to override a concrete subprogram with an abstract one. 6/4 * {AI95-00391-01} {AI12-0080-1} Otherwise, the subprogram shall be overridden with a nonabstract subprogram or, in the case of a private extension inheriting a nonabstract function with a controlling result, have a full type that is a null extension[; for a type declared in the visible part of a package, the overriding may be either in the visible or the private part]. Such a subprogram is said to require overriding. However, if the type is a generic formal type, the subprogram need not be overridden for the formal type itself; [a nonabstract version will necessarily be provided by the actual type.] 6.a/2 Reason: {AI95-00228-01} {AI95-00391-01} A function that returns the parent type requires overriding for a type extension (or becomes abstract for an abstract type) because conversion from a parent type to a type extension is not defined, and function return semantics is defined in terms of conversion (other than for a null extension; see below). (Note that parameters of mode in out or out do not have this problem, because the tag of the actual is not changed.) 6.b Note that the overriding required above can be in the private part, which allows the following: 6.c package Pack1 is type Ancestor is abstract ...; procedure Do_Something(X : in Ancestor) is abstract; end Pack1; 6.d with Pack1; use Pack1; package Pack2 is type T1 is new Ancestor with record ...; -- A concrete type. procedure Do_Something(X : in T1); -- Have to override. end Pack2; 6.e with Pack1; use Pack1; with Pack2; use Pack2; package Pack3 is type T2 is new Ancestor with private; -- A concrete type. private type T2 is new T1 with -- Parent different from ancestor. record ... end record; -- Here, we inherit Pack2.Do_Something. end Pack3; 6.f/2 {AI95-00228-01} T2 inherits an abstract Do_Something, but T2 is not abstract, so Do_Something has to be overridden. However, it is OK to override it in the private part. In this case, we override it by inheriting a concrete version from a different type. Nondispatching calls to Pack3.Do_Something are allowed both inside and outside package Pack3, as the client "knows" that the subprogram was necessarily overridden somewhere. 6.g/2 {AI95-00391-01} For a null extension, the result of a function with a controlling result is defined in terms of an extension_aggregate with a null record extension part (see 3.4). This means that these restrictions on functions with a controlling result do not have to apply to null extensions. 6.h/2 {AI95-00391-01} However, functions with controlling access results still require overriding. Changing the tag in place might clobber a preexisting object, and allocating new memory would possibly change the pool of the object, leading to storage leaks. Moreover, copying the object isn't possible for limited types. We don't need to restrict functions that have an access return type of an untagged type, as derived types with primitive subprograms have to have the same representation as their parent type. 7 A call on an abstract subprogram shall be a dispatching call; [nondispatching calls to an abstract subprogram are not allowed.] 7.a/2 Ramification: {AI95-00310-01} If an abstract subprogram is not a dispatching operation of some tagged type, then it cannot be called at all. In Ada 2005, such subprograms are not even considered by name resolution (see 6.4). 8/3 {AI05-0073-1} {AI05-0203-1} The type of an aggregate, or of an object created by an object_declaration or an allocator, or a generic formal object of mode in, shall not be abstract. The type of the target of an assignment operation (see 5.2) shall not be abstract. The type of a component shall not be abstract. If the result type of a function is abstract, then the function shall be abstract. If a function has an access result type designating an abstract type, then the function shall be abstract. The type denoted by a return_subtype_indication (see 6.5) shall not be abstract. A generic function shall not have an abstract result type or an access result type designating an abstract type. 8.a Reason: This ensures that values of an abstract type cannot be created, which ensures that a dispatching call to an abstract subprogram will not try to execute the nonexistent body. 8.b Generic formal objects of mode in are like constants; therefore they should be forbidden for abstract types. Generic formal objects of mode in out are like renamings; therefore, abstract types are OK for them, though probably not terribly useful. 8.c/3 {AI05-0073-1} Generic functions returning a formal abstract type are illegal because any instance would have to be instantiated with a nonabstract type in order to avoid violating the function rule (generic functions cannot be declared abstract). But that would be an implied contract; it would be better for the contract to be explicit by the formal type not being declared abstract. Moreover, the implied contract does not add any capability. 9 If a partial view is not abstract, the corresponding full view shall not be abstract. If a generic formal type is abstract, then for each primitive subprogram of the formal that is not abstract, the corresponding primitive subprogram of the actual shall not be abstract. 9.a Discussion: By contrast, we allow the actual type to be nonabstract even if the formal type is declared abstract. Hence, the most general formal tagged type possible is "type T(<>) is abstract tagged limited private;". 9.b For an abstract private extension declared in the visible part of a package, it is only possible for the full type to be nonabstract if the private extension has no abstract dispatching operations. 9.c/2 To be honest: {AI95-00294-01} In the sentence about primitive subprograms above, there is some ambiguity as to what is meant by "corresponding" in the case where an inherited operation is overridden. This is best explained by an example, where the implicit declarations are shown as comments: 9.d/2 package P1 is type T1 is abstract tagged null record; procedure P (X : T1); -- (1) end P1; 9.e/2 package P2 is type T2 is abstract new P1.T1 with null record; -- procedure P (X : T2); -- (2) procedure P (X : T2) is abstract; -- (3) end P2; 9.f/2 generic type D is abstract new P1.T1 with private; -- procedure P (X : D); -- (4) procedure G (X : D); 9.g/2 procedure I is new G (P2.T2); -- Illegal. 9.h/2 Type T2 inherits a nonabstract procedure P (2) from the primitive procedure P (1) of T1. P (2) is overridden by the explicitly declared abstract procedure P (3). Type D inherits a nonabstract procedure P (4) from P (1). In instantiation I, the operation corresponding to P (4) is the one which is not overridden, that is, P (3): the overridden operation P (2) does not "reemerge". Therefore, the instantiation is illegal. 10/3 {AI05-0073-1} For an abstract type declared in a visible part, an abstract primitive subprogram shall not be declared in the private part, unless it is overriding an abstract subprogram implicitly declared in the visible part. For a tagged type declared in a visible part, a primitive function with a controlling result or a controlling access result shall not be declared in the private part, unless it is overriding a function implicitly declared in the visible part. 10.a Reason: The "visible part" could be that of a package or a generic package. This rule is needed because a nonabstract type extension declared outside the package would not know about any abstract primitive subprograms or primitive functions with controlling results declared in the private part, and wouldn't know that they need to be overridden with nonabstract subprograms. The rule applies to a tagged record type or record extension declared in a visible part, just as to a tagged private type or private extension. The rule applies to explicitly and implicitly declared abstract subprograms: 10.b package Pack is type T is abstract new T1 with private; private type T is abstract new T2 with record ... end record; ... end Pack; 10.c The above example would be illegal if T1 has a nonabstract primitive procedure P, but T2 overrides P with an abstract one; the private part should override P with a nonabstract version. On the other hand, if the P were abstract for both T1 and T2, the example would be legal as is. 11/2 {AI95-00260-02} A generic actual subprogram shall not be an abstract subprogram unless the generic formal subprogram is declared by a formal_abstract_subprogram_declaration. The prefix of an attribute_reference for the Access, Unchecked_Access, or Address attributes shall not denote an abstract subprogram. 11.a Ramification: An abstract_subprogram_declaration is not syntactically a subprogram_declaration. Nonetheless, an abstract subprogram is a subprogram, and an abstract_subprogram_declaration is a declaration of a subprogram. 11.b/2 {AI95-00260-02} The part about generic actual subprograms includes those given by default. Of course, an abstract formal subprogram's actual subprogram can be abstract. Dynamic Semantics 11.1/2 {AI95-00348-01} The elaboration of an abstract_subprogram_declaration has no effect. NOTES 12 82 Abstractness is not inherited; to declare an abstract type, the reserved word abstract has to be used in the declaration of the type extension. 12.a Ramification: A derived type can be abstract even if its parent is not. Similarly, an inherited concrete subprogram can be overridden with an abstract subprogram. 13 83 A class-wide type is never abstract. Even if a class is rooted at an abstract type, the class-wide type for the class is not abstract, and an object of the class-wide type can be created; the tag of such an object will identify some nonabstract type in the class. Examples 14 Example of an abstract type representing a set of natural numbers: 15 package Sets is subtype Element_Type is Natural; type Set is abstract tagged null record; function Empty return Set is abstract; function Union(Left, Right : Set) return Set is abstract; function Intersection(Left, Right : Set) return Set is abstract; function Unit_Set(Element : Element_Type) return Set is abstract; procedure Take(Element : out Element_Type; From : in out Set) is abstract; end Sets; NOTES 16 84 Notes on the example: Given the above abstract type, one could then derive various (nonabstract) extensions of the type, representing alternative implementations of a set. One might use a bit vector, but impose an upper bound on the largest element representable, while another might use a hash table, trading off space for flexibility. 16.a Discussion: One way to export a type from a package with some components visible and some components private is as follows: 16.b package P is type Public_Part is abstract tagged record ... end record; type T is new Public_Part with private; ... private type T is new Public_Part with record ... end record; end P; 16.c The fact that Public_Part is abstract tells clients they have to create objects of type T instead of Public_Part. Note that the public part has to come first; it would be illegal to declare a private type Private_Part, and then a record extension T of it, unless T were in the private part after the full declaration of Private_Part, but then clients of the package would not have visibility to T. Extensions to Ada 95 16.d/2 {AI95-00391-01} It is not necessary to override functions with a controlling result for a null extension. This makes it easier to derive a tagged type to complete a private type. Wording Changes from Ada 95 16.e/2 {AI95-00251-01} {AI95-00345-01} Updated the wording to reflect the addition of interface types (see 3.9.4). 16.f/2 {AI95-00260-02} Updated the wording to reflect the addition of abstract formal subprograms (see 12.6). 16.g/2 {AI95-00334-01} The wording of shall-be-overridden was clarified so that it clearly applies to abstract predefined equality. 16.h/2 {AI95-00348-01} Moved the syntax and elaboration rule for abstract_subprogram_declaration here, so the syntax and most of the semantics are together (which is consistent with null procedures). 16.i/2 {AI95-00391-01} We define the term require overriding to make other wording easier to understand. Incompatibilities With Ada 2005 16.j/3 {AI05-0073-1} Correction: Added rules to eliminate holes with controlling access results and generic functions that return abstract types. While these changes are technically incompatible, it is unlikely that they could be used in a program without violating some other rule of the use of abstract types. 16.k/3 {AI05-0097-1} Correction: Corrected a minor glitch having to do with abstract null extensions. The Ada 2005 rule allowed such extensions to inherit concrete operations in some rare cases. It is unlikely that these cases exist in user code. Extensions to Ada 2005 16.l/3 {AI05-0183-1} An optional aspect_specification can be used in an abstract_subprogram_declaration. This is described in 13.1.1. Wording Changes from Ada 2005 16.m/3 {AI05-0198-1} Correction: Clarified that the predefined operator corresponding to an inherited abstract operator is also abstract. The Ada 2005 rules caused the predefined operator and the inherited operator to override each other, which is weird. But the effect is the same either way (the operator is not considered for resolution). 16.n/3 {AI05-0203-1} Correction: Added wording to disallow abstract return objects. These were illegal in Ada 2005 by other rules; the extension to support class-wide type better opened a hole which has now been plugged. 3.9.4 Interface Types 1/2 {AI95-00251-01} {AI95-00345-01} [An interface type is an abstract tagged type that provides a restricted form of multiple inheritance. A tagged type, task type, or protected type may have one or more interface types as ancestors.] 1.a/2 Glossary entry: An interface type is a form of abstract tagged type which has no components or concrete operations except possibly null procedures. Interface types are used for composing other interfaces and tagged types and thereby provide multiple inheritance. Only an interface type can be used as a progenitor of another type. Language Design Principles 1.b/2 {AI95-00251-01} {AI95-00345-01} The rules are designed so that an interface can be used as either a parent type or a progenitor type without changing the meaning. That's important so that the order that interfaces are specified in a derived_type_definition is not significant. In particular, we want: 1.c/2 type Con1 is new Int1 and Int2 with null record; type Con2 is new Int2 and Int1 with null record; 1.d/2 to mean exactly the same thing. Syntax 2/2 {AI95-00251-01} {AI95-00345-01} interface_type_definition ::= [limited | task | protected | synchronized] interface [and interface_list ] 3/2 {AI95-00251-01} {AI95-00419-01} interface_list ::= interface_subtype_mark {and interface_subtype_mark} Static Semantics 4/2 {AI95-00251-01} An interface type (also called an interface) is a specific abstract tagged type that is defined by an interface_type_definition. 5/2 {AI95-00345-01} An interface with the reserved word limited, task, protected, or synchronized in its definition is termed, respectively, a limited interface, a task interface, a protected interface, or a synchronized interface. In addition, all task and protected interfaces are synchronized interfaces, and all synchronized interfaces are limited interfaces. 5.a/2 Glossary entry: A synchronized entity is one that will work safely with multiple tasks at one time. A synchronized interface can be an ancestor of a task or a protected type. Such a task or protected type is called a synchronized tagged type. 6/2 {AI95-00345-01} {AI95-00443-01} [A task or protected type derived from an interface is a tagged type.] Such a tagged type is called a synchronized tagged type, as are synchronized interfaces and private extensions whose declaration includes the reserved word synchronized. 6.a/2 Proof: The full definition of tagged types given in 3.9 includes task and protected types derived from interfaces. 6.b/2 Ramification: The class-wide type associated with a tagged task type (including a task interface type) is a task type, because " task" is one of the language-defined classes of types (see 3.2). However, the class-wide type associated with an interface is not an interface type, as "interface" is not one of the language-defined classes (as it is not closed under derivation). In this sense, "interface" is similar to "abstract". The class-wide type associated with an interface is a concrete (nonabstract) indefinite tagged composite type. 6.c/2 "Private extension" includes generic formal private extensions, as explained in 12.5.1. 7/2 {AI95-00345-01} A task interface is an [abstract] task type. A protected interface is an [abstract] protected type. 7.a/2 Proof: The "abstract" follows from the definition of an interface type. 7.b/2 Reason: This ensures that task operations (like abort and the Terminated attribute) can be applied to a task interface type and the associated class-wide type. While there are no protected type operations, we apply the same rule to protected interfaces for consistency. 8/2 {AI95-00251-01} [An interface type has no components.] 8.a/2 Proof: This follows from the syntax and the fact that discriminants are not allowed for interface types. 9/2 {AI95-00419-01} An interface_subtype_mark in an interface_list names a progenitor subtype; its type is the progenitor type. An interface type inherits user-defined primitive subprograms from each progenitor type in the same way that a derived type inherits user-defined primitive subprograms from its progenitor types (see 3.4). 9.a.1/2 Glossary entry: A progenitor of a derived type is one of the types given in the definition of the derived type other than the first. A progenitor is always an interface type. Interfaces, tasks, and protected types may also have progenitors. Legality Rules 10/2 {AI95-00251-01} All user-defined primitive subprograms of an interface type shall be abstract subprograms or null procedures. 11/2 {AI95-00251-01} The type of a subtype named in an interface_list shall be an interface type. 12/2 {AI95-00251-01} {AI95-00345-01} A type derived from a nonlimited interface shall be nonlimited. 13/2 {AI95-00345-01} An interface derived from a task interface shall include the reserved word task in its definition; any other type derived from a task interface shall be a private extension or a task type declared by a task declaration (see 9.1). 14/2 {AI95-00345-01} An interface derived from a protected interface shall include the reserved word protected in its definition; any other type derived from a protected interface shall be a private extension or a protected type declared by a protected declaration (see 9.4). 15/2 {AI95-00345-01} An interface derived from a synchronized interface shall include one of the reserved words task, protected, or synchronized in its definition; any other type derived from a synchronized interface shall be a private extension, a task type declared by a task declaration, or a protected type declared by a protected declaration. 15.a/2 Reason: We require that an interface descendant of a task, protected, or synchronized interface repeat the explicit kind of interface it will be, rather than simply inheriting it, so that a reader is always aware of whether the interface provides synchronization and whether it may be implemented only by a task or protected type. The only place where inheritance of the kind of interface might be useful would be in a generic if you didn't know the kind of the actual interface. However, the value of that is low because you cannot implement an interface properly if you don't know whether it is a task, protected, or synchronized interface. Hence, we require the kind of the actual interface to match the kind of the formal interface (see 12.5.5). 16/2 {AI95-00345-01} No type shall be derived from both a task interface and a protected interface. 16.a Reason: This prevents a single private extension from inheriting from both a task and a protected interface. For a private type, there can be no legal completion. For a generic formal derived type, there can be no possible matching type (so no instantiation could be legal). This rule provides early detection of the errors. 17/2 {AI95-00251-01} In addition to the places where Legality Rules normally apply (see 12.3), these rules apply also in the private part of an instance of a generic unit. 17.a/3 Ramification: {AI05-0299-1} This paragraph is intended to apply to all of the Legality Rules in this subclause. We cannot allow interface types which do not obey these rules, anywhere. Luckily, deriving from a formal type (which might be an interface) is not allowed for any tagged types in a generic body. So checking in the private part of a generic covers all of the cases. Dynamic Semantics 18/3 {AI95-00251-01} {AI05-0070-1} The elaboration of an interface_type_definition creates the interface type and its first subtype. 18.a/3 Discussion: There is no other effect. An interface_list is made up of subtype_marks, which do not need to be elaborated, so the interface_list does not either. This is consistent with the handling of discriminant_parts. NOTES 19/2 85 {AI95-00411-01} Nonlimited interface types have predefined nonabstract equality operators. These may be overridden with user-defined abstract equality operators. Such operators will then require an explicit overriding for any nonabstract descendant of the interface. Examples 20/2 {AI95-00433-01} Example of a limited interface and a synchronized interface extending it: 21/2 type Queue is limited interface; procedure Append(Q : in out Queue; Person : in Person_Name) is abstract; procedure Remove_First(Q : in out Queue; Person : out Person_Name) is abstract; function Cur_Count(Q : in Queue) return Natural is abstract; function Max_Count(Q : in Queue) return Natural is abstract; -- See 3.10.1 for Person_Name. 22/3 {AI05-0004-1} Queue_Error : exception; -- Append raises Queue_Error if Cur_Count(Q) = Max_Count(Q) -- Remove_First raises Queue_Error if Cur_Count(Q) = 0 23/2 type Synchronized_Queue is synchronized interface and Queue; -- see 9.11 procedure Append_Wait(Q : in out Synchronized_Queue; Person : in Person_Name) is abstract; procedure Remove_First_Wait(Q : in out Synchronized_Queue; Person : out Person_Name) is abstract; 24/2 ... 25/2 procedure Transfer(From : in out Queue'Class; To : in out Queue'Class; Number : in Natural := 1) is Person : Person_Name; begin for I in 1..Number loop Remove_First(From, Person); Append(To, Person); end loop; end Transfer; 26/2 This defines a Queue interface defining a queue of people. (A similar design could be created to define any kind of queue simply by replacing Person_Name by an appropriate type.) The Queue interface has four dispatching operations, Append, Remove_First, Cur_Count, and Max_Count. The body of a class-wide operation, Transfer is also shown. Every nonabstract extension of Queue must provide implementations for at least its four dispatching operations, as they are abstract. Any object of a type derived from Queue may be passed to Transfer as either the From or the To operand. The two operands need not be of the same type in any given call. 27/2 The Synchronized_Queue interface inherits the four dispatching operations from Queue and adds two additional dispatching operations, which wait if necessary rather than raising the Queue_Error exception. This synchronized interface may only be implemented by a task or protected type, and as such ensures safe concurrent access. 28/2 {AI95-00433-01} Example use of the interface: 29/3 {AI05-0004-1} type Fast_Food_Queue is new Queue with record ...; procedure Append(Q : in out Fast_Food_Queue; Person : in Person_Name); procedure Remove_First(Q : in out Fast_Food_Queue; Person : out Person_Name); function Cur_Count(Q : in Fast_Food_Queue) return Natural; function Max_Count(Q : in Fast_Food_Queue) return Natural; 30/2 ... 31/2 Cashier, Counter : Fast_Food_Queue; 32/2 ... -- Add George (see 3.10.1) to the cashier's queue: Append (Cashier, George); -- After payment, move George to the sandwich counter queue: Transfer (Cashier, Counter); ... 33/2 An interface such as Queue can be used directly as the parent of a new type (as shown here), or can be used as a progenitor when a type is derived. In either case, the primitive operations of the interface are inherited. For Queue, the implementation of the four inherited routines must be provided. Inside the call of Transfer, calls will dispatch to the implementations of Append and Remove_First for type Fast_Food_Queue. 34/2 {AI95-00433-01} Example of a task interface: 35/2 type Serial_Device is task interface; -- see 9.1 procedure Read (Dev : in Serial_Device; C : out Character) is abstract; procedure Write(Dev : in Serial_Device; C : in Character) is abstract; 36/2 The Serial_Device interface has two dispatching operations which are intended to be implemented by task entries (see 9.1). Extensions to Ada 95 36.a/2 {AI95-00251-01} {AI95-00345-01} Interface types are new. They provide multiple inheritance of interfaces, similar to the facility provided in Java and other recent language designs. Wording Changes from Ada 2005 36.b/3 {AI05-0070-1} Correction: Corrected the definition of elaboration for an interface_type_definition to match that of other type definitions. 3.10 Access Types 1 A value of an access type (an access value) provides indirect access to the object or subprogram it designates. Depending on its type, an access value can designate either subprograms, objects created by allocators (see 4.8), or more generally aliased objects of an appropriate type. 1.a Discussion: A name denotes an entity; an access value designates an entity. The "dereference" of an access value X, written " X.all", is a name that denotes the entity designated by X. Language Design Principles 1.b/3 {AI05-0299-1} Access values should always be well defined (barring uses of certain unchecked features of Clause 13). In particular, uninitialized access variables should be prevented by compile-time rules. Syntax 2/2 {AI95-00231-01} access_type_definition ::= [null_exclusion] access_to_object_definition | [null_exclusion] access_to_subprogram_definition 3 access_to_object_definition ::= access [general_access_modifier] subtype_indication 4 general_access_modifier ::= all | constant 5 access_to_subprogram_definition ::= access [protected] procedure parameter_profile | access [protected] function parameter_and_result_profile 5.1/2 {AI95-00231-01} null_exclusion ::= not null 6/2 {AI95-00231-01} {AI95-00254-01} {AI95-00404-01} access_definition ::= [null_exclusion] access [constant] subtype_mark | [null_exclusion] access [protected] procedure parameter_profile | [null_exclusion ] access [protected] function parameter_and_result_profile Static Semantics 7/1 {8652/0012} {AI95-00062-01} There are two kinds of access types, access-to-object types, whose values designate objects, and access-to-subprogram types, whose values designate subprograms. Associated with an access-to-object type is a storage pool; several access types may share the same storage pool. All descendants of an access type share the same storage pool. A storage pool is an area of storage used to hold dynamically allocated objects (called pool elements) created by allocators[; storage pools are described further in 13.11, "Storage Management"]. 8 Access-to-object types are further subdivided into pool-specific access types, whose values can designate only the elements of their associated storage pool, and general access types, whose values can designate the elements of any storage pool, as well as aliased objects created by declarations rather than allocators, and aliased subcomponents of other objects. 8.a Implementation Note: The value of an access type will typically be a machine address. However, a value of a pool-specific access type can be represented as an offset (or index) relative to its storage pool, since it can point only to the elements of that pool. 9/3 {AI95-00225-01} {AI95-00363-01} {AI05-0053-1} {AI05-0142-4} {AI05-0277-1} A view of an object is defined to be aliased if it is defined by an object_- declaration, component_definition, parameter_specification, or extended_return_object_declaration with the reserved word aliased, or by a renaming of an aliased view. In addition, the dereference of an access-to-object value denotes an aliased view, as does a view conversion (see 4.6) of an aliased view. The current instance of an immutably limited type (see 7.5) is defined to be aliased. Finally, a formal parameter or generic formal object of a tagged type is defined to be aliased. [Aliased views are the ones that can be designated by an access value.] 9.a Glossary entry: An aliased view of an object is one that can be designated by an access value. Objects allocated by allocators are aliased. Objects can also be explicitly declared as aliased with the reserved word aliased. The Access attribute can be used to create an access value designating an aliased object. 9.b Ramification: The current instance of a nonlimited type is not aliased. 9.c The object created by an allocator is aliased, but not its subcomponents, except of course for those that themselves have aliased in their component_definition. 9.d The renaming of an aliased object is aliased. 9.e Slices are never aliased. See 4.1.2 for more discussion. 9.f/2 Reason: {AI95-00225-01} The current instance of a limited type is defined to be aliased so that an access discriminant of a component can be initialized with T'Access inside the definition of T. Note that we don't want this to apply to a type that could become nonlimited later within its immediate scope, so we require the full definition to be limited. 9.g A formal parameter of a tagged type is defined to be aliased so that a (tagged) parameter X may be passed to an access parameter P by using P => X'Access. Access parameters are most important for tagged types because of dispatching-on-access-parameters (see 3.9.2). By restricting this to formal parameters, we minimize problems associated with allowing components that are not declared aliased to be pointed-to from within the same record. 9.h A view conversion of an aliased view is aliased so that the type of an access parameter can be changed without first converting to a named access type. For example: 9.i type T1 is tagged ...; procedure P(X : access T1); 9.j type T2 is new T1 with ...; procedure P(X : access T2) is begin P(T1(X.all)'Access); -- hand off to T1's P . . . -- now do extra T2-specific processing end P; 9.k/2 This paragraph was deleted.{AI95-00363-01} 9.l/2 We considered making more kinds of objects aliased by default. In particular, any object of a by-reference type will pretty much have to be allocated at an addressable location, so it can be passed by reference without using bit-field pointers. Therefore, one might wish to allow the Access and Unchecked_Access attributes for such objects. However, private parts are transparent to the definition of "by-reference type", so if we made all objects of a by-reference type aliased, we would be violating the privacy of private parts. Instead, we would have to define a concept of " visibly by-reference" and base the rule on that. This seemed to complicate the rules more than it was worth, especially since there is no way to declare an untagged limited private type to be by-reference, since the full type might by nonlimited. 9.m Discussion: Note that we do not use the term "aliased" to refer to formal parameters that are referenced through multiple access paths (see 6.2). 10 An access_to_object_definition defines an access-to-object type and its first subtype; the subtype_indication defines the designated subtype of the access type. If a general_access_modifier appears, then the access type is a general access type. If the modifier is the reserved word constant, then the type is an access-to-constant type[; a designated object cannot be updated through a value of such a type]. If the modifier is the reserved word all, then the type is an access-to-variable type[; a designated object can be both read and updated through a value of such a type]. If no general_access_- modifier appears in the access_to_object_definition, the access type is a pool-specific access-to-variable type. 10.a To be honest: The type of the designated subtype is called the designated type. 10.b Reason: The modifier all was picked to suggest that values of a general access type could point into "all" storage pools, as well as to objects declared aliased, and that "all" access (both read and update) to the designated object was provided. We couldn't think of any use for pool-specific access-to-constant types, so any access type defined with the modifier constant is considered a general access type, and can point into any storage pool or at other (appropriate) aliased objects. 10.c Implementation Note: The predefined generic Unchecked_Deallocation can be instantiated for any named access-to-variable type. There is no (language-defined) support for deallocating objects designated by a value of an access-to-constant type. Because of this, an allocator for an access-to-constant type can allocate out of a storage pool with no support for deallocation. Frequently, the allocation can be done at link-time, if the size and initial value are known then. 10.d Discussion: For the purpose of generic formal type matching, the relevant subclasses of access types are access-to-subprogram types, access-to-constant types, and (named) access-to-variable types, with its subclass (named) general access-to-variable types. Pool-specific access-to-variable types are not a separately matchable subclass of types, since they don't have any "extra" operations relative to all (named) access-to-variable types. 11 An access_to_subprogram_definition defines an access-to-subprogram type and its first subtype; the parameter_profile or parameter_and_result_profile defines the designated profile of the access type. There is a calling convention associated with the designated profile[; only subprograms with this calling convention can be designated by values of the access type.] By default, the calling convention is "protected" if the reserved word protected appears, and "Ada" otherwise. [See Annex B for how to override this default.] 11.a Ramification: The calling convention protected is in italics to emphasize that it cannot be specified explicitly by the user. This is a consequence of it being a reserved word. 11.b/2 Implementation Note: {AI95-00254-01} For a named access-to-subprogram type, the representation of an access value might include implementation-defined information needed to support up-level references - for example, a static link. The accessibility rules (see 3.10.2) ensure that in a "global-display-based" implementation model (as opposed to a static-link-based model), a named access-to-(unprotected)-subprogram value need consist only of the address of the subprogram. The global display is guaranteed to be properly set up any time the designated subprogram is called. Even in a static-link-based model, the only time a static link is definitely required is for an access-to-subprogram type declared in a scope nested at least two levels deep within subprogram or task bodies, since values of such a type might designate subprograms nested a smaller number of levels. For the normal case of a named access-to-subprogram type declared at the outermost (library) level, a code address by itself should be sufficient to represent the access value in many implementations. 11.c For access-to-protected-subprogram, the access values will necessarily include both an address (or other identification) of the code of the subprogram, as well as the address of the associated protected object. This could be thought of as a static link, but it will be needed even for global-display-based implementation models. It corresponds to the value of the " implicit parameter" that is passed into every call of a protected operation, to identify the current instance of the protected type on which they are to operate. 11.d Any Elaboration_Check is performed when a call is made through an access value, rather than when the access value is first "created" via a 'Access. For implementation models that normally put that check at the call-site, an access value will have to point to a separate entry point that does the check. Alternatively, the access value could point to a "subprogram descriptor" that consisted of two words (or perhaps more), the first being the address of the code, the second being the elaboration bit. Or perhaps more efficiently, just the address of the code, but using the trick that the descriptor is initialized to point to a Raise-Program-Error routine initially, and then set to point to the "real" code when the body is elaborated. 11.e For implementations that share code between generic instantiations, the extra level of indirection suggested above to support Elaboration_Checks could also be used to provide a pointer to the per-instance data area normally required when calling shared code. The trick would be to put a pointer to the per-instance data area into the subprogram descriptor, and then make sure that the address of the subprogram descriptor is loaded into a "known" register whenever an indirect call is performed. Once inside the shared code, the address of the per-instance data area can be retrieved out of the subprogram descriptor, by indexing off the "known" register. 11.f/2 This paragraph was deleted.{AI95-00344-01} 11.g/2 {AI95-00254-01} Note that access parameters of an anonymous access-to-subprogram type are permitted. Such parameters represent full "downward" closures, meaning that in an implementation that uses a per-task (global) display, the display will have to be passed as a hidden parameter, and reconstructed at the point of call. 12/3 {AI95-00230-01} {AI95-00231-01} {AI95-00254-01} {AI05-0264-1} An access_definition defines an anonymous general access type or an anonymous access-to-subprogram type. For a general access type, the subtype_mark denotes its designated subtype; if the general_access_modifier constant appears, the type is an access-to-constant type; otherwise, it is an access-to-variable type. For an access-to-subprogram type, the parameter_profile or parameter_- and_result_profile denotes its designated profile. 13/2 {AI95-00230-01} {AI95-00231-01} For each access type, there is a null access value designating no entity at all, which can be obtained by (implicitly) converting the literal null to the access type. [The null value of an access type is the default initial value of the type.] Nonnull values of an access-to-object type are obtained by evaluating an allocator[, which returns an access value designating a newly created object (see 3.10.2)], or in the case of a general access-to-object type, evaluating an attribute_reference for the Access or Unchecked_Access attribute of an aliased view of an object. Nonnull values of an access-to-subprogram type are obtained by evaluating an attribute_reference for the Access attribute of a nonintrinsic subprogram. 13.a/2 This paragraph was deleted.{AI95-00231-01} 13.b/2 This paragraph was deleted.{AI95-00231-01} 13.1/2 {AI95-00231-01} A null_exclusion in a construct specifies that the null value does not belong to the access subtype defined by the construct, that is, the access subtype excludes null. In addition, the anonymous access subtype defined by the access_definition for a controlling access parameter (see 3.9.2) excludes null. Finally, for a subtype_indication without a null_exclusion, the subtype denoted by the subtype_indication excludes null if and only if the subtype denoted by the subtype_mark in the subtype_indication excludes null. 13.c/2 Reason: {AI95-00231-01} An access_definition used in a controlling parameter excludes null because it is necessary to read the tag to dispatch, and null has no tag. We would have preferred to require not null to be specified for such parameters, but that would have been too incompatible with Ada 95 code to require. 13.d/2 {AI95-00416-01} Note that we considered imposing a similar implicit null exclusion for controlling access results, but chose not to do that, because there is no Ada 95 compatibility issue, and there is no automatic null check inherent in the use of a controlling access result. If a null check is necessary, it is because there is a dereference of the result, or because the value is passed to a parameter whose subtype excludes null. If there is no dereference of the result, a null return value is perfectly acceptable, and can be a useful indication of a particular status of the call. 14/3 {8652/0013} {AI95-00012-01} {AI05-0264-1} [All subtypes of an access-to-subprogram type are constrained.] The first subtype of a type defined by an access_definition or an access_to_object_definition is unconstrained if the designated subtype is an unconstrained array or discriminated subtype; otherwise, it is constrained. 14.a Proof: The Legality Rules on range_constraints (see 3.5) do not permit the subtype_mark of the subtype_indication to denote an access-to-scalar type, only a scalar type. The Legality Rules on index_constraints (see 3.6.1) and discriminant_constraints (see 3.7.1) both permit access-to-composite types in a subtype_indication with such _constraints. Note that an access-to-access-to-composite is never permitted in a subtype_indication with a constraint. 14.b/2 Reason: {AI95-00363-01} Only composite_constraints are permitted for an access type, and only on access-to-composite types. A constraint on an access-to-scalar or access-to-access type might be violated due to assignments via other access paths that were not so constrained. By contrast, if the designated subtype is an array or discriminated type without defaults, the constraint could not be violated by unconstrained assignments, since array objects are always constrained, and discriminated objects are also constrained when the type does not have defaults for its discriminants. Constraints are not allowed on general access-to-unconstrained discriminated types if the type has defaults for its discriminants; constraints on pool-specific access types are usually allowed because allocated objects are usually constrained by their initial value. Legality Rules 14.1/2 {AI95-00231-01} If a subtype_indication, discriminant_specification, parameter_specification, parameter_and_result_profile, object_renaming_- declaration, or formal_object_declaration has a null_exclusion, the subtype_- mark in that construct shall denote an access subtype that does not exclude null. 14.c/2 To be honest: {AI95-00231-01} This means "directly allowed in"; we are not talking about a null_exclusion that occurs in an access_definition in one of these constructs (for an access_definition, the subtype_mark in such an access_definition is not restricted). 14.d/2 Reason: {AI95-00231-01} This is similar to doubly constraining a composite subtype, which we also don't allow. Dynamic Semantics 15/2 {AI95-00231-01} A composite_constraint is compatible with an unconstrained access subtype if it is compatible with the designated subtype. A null_exclusion is compatible with any access subtype that does not exclude null. An access value satisfies a composite_constraint of an access subtype if it equals the null value of its type or if it designates an object whose value satisfies the constraint. An access value satisfies an exclusion of the null value if it does not equal the null value of its type. 16 The elaboration of an access_type_definition creates the access type and its first subtype. For an access-to-object type, this elaboration includes the elaboration of the subtype_indication, which creates the designated subtype. 17/2 {AI95-00230-01} {AI95-00254-01} The elaboration of an access_definition creates an anonymous access type. NOTES 18 86 Access values are called "pointers" or "references" in some other languages. 19 87 Each access-to-object type has an associated storage pool; several access types can share the same pool. An object can be created in the storage pool of an access type by an allocator (see 4.8) for the access type. A storage pool (roughly) corresponds to what some other languages call a "heap." See 13.11 for a discussion of pools. 20 88 Only index_constraints and discriminant_constraints can be applied to access types (see 3.6.1 and 3.7.1). Examples 21 Examples of access-to-object types: 22/4 {AI95-00433-01} {AI12-0056-1} type Frame is access Matrix; -- see 3.6 type Peripheral_Ref is not null access Peripheral; -- see 3.8.1 type Binop_Ptr is access all Binary_Operation'Class; -- general access-to-class-wide, see 3.9.1 23 Example of an access subtype: 24 subtype Drum_Ref is Peripheral_Ref(Drum); -- see 3.8.1 25 Example of an access-to-subprogram type: 26 type Message_Procedure is access procedure (M : in String := "Error!"); procedure Default_Message_Procedure(M : in String); Give_Message : Message_Procedure := Default_Message_Procedure'Access; ... procedure Other_Procedure(M : in String); ... Give_Message := Other_Procedure'Access; ... Give_Message("File not found."); -- call with parameter (.all is optional) Give_Message.all; -- call with no parameters Extensions to Ada 83 26.a The syntax for access_type_definition is changed to support general access types (including access-to-constants) and access-to-subprograms. The syntax rules for general_access_modifier and access_definition are new. Wording Changes from Ada 83 26.b/3 {AI05-0190-1} We use the term "storage pool" to talk about the data area from which allocation takes place. The term "collection" is only used for finalization. ("Collection" and "storage pool" are not the same thing because multiple unrelated access types can share the same storage pool; see 13.11 for more discussion.) Inconsistencies With Ada 95 26.c/2 {AI95-00231-01} Access discriminants and noncontrolling access parameters no longer exclude null. A program which passed null to such an access discriminant or access parameter and expected it to raise Constraint_Error may fail when compiled with Ada 2005. One hopes that there no such programs outside of the ACATS. (Of course, a program which actually wants to pass null will work, which is far more likely.) 26.d/2 {AI95-00363-01} Most unconstrained aliased objects with defaulted discriminants are no longer constrained by their initial values. This means that a program that raised Constraint_Error from an attempt to change the discriminants will no longer do so. The change only affects programs that depended on the raising of Constraint_Error in this case, so the inconsistency is unlikely to occur outside of the ACATS. This change may however cause compilers to implement these objects differently, possibly taking additional memory or time. This is unlikely to be worse than the differences caused by any major compiler upgrade. Incompatibilities With Ada 95 26.e/2 {AI95-00225-01} Amendment Correction: The rule defining when a current instance of a limited type is considered to be aliased has been tightened to apply only to types that cannot become nonlimited. A program that attempts to take 'Access of the current instance of a limited type that can become nonlimited will be illegal in Ada 2005. While original Ada 95 allowed the current instance of any limited type to be treated as aliased, this was inconsistently implemented in compilers, and was likely to not work as expected for types that are ultimately nonlimited. Extensions to Ada 95 26.f/2 {AI95-00231-01} The null_exclusion is new. It can be used in both anonymous and named access type definitions. It is most useful to declare that parameters cannot be null, thus eliminating the need for checks on use. 26.g/2 {AI95-00231-01} {AI95-00254-01} {AI95-00404-01} The kinds of anonymous access types allowed were increased by adding anonymous access-to-constant and anonymous access-to-subprogram types. Anonymous access-to-subprogram types used as parameters allow passing of subprograms at any level. Wording Changes from Ada 95 26.h/2 {8652/0012} {AI95-00062-01} Corrigendum: Added accidentally-omitted wording that says that a derived access type shares its storage pool with its parent type. This was clearly intended, both because of a note in 3.4, and because anything else would have been incompatible with Ada 83. 26.i/2 {8652/0013} {AI95-00012-01} Corrigendum: Fixed typographical errors in the description of when access types are constrained. 26.j/2 {AI95-00230-01} The wording was fixed to allow allocators and the literal null for anonymous access types. The former was clearly intended by Ada 95; see the Implementation Advice in 13.11. 26.k/2 {AI95-00363-01} The rules about aliased objects being constrained by their initial values now apply only to allocated objects, and thus have been moved to 4.8, "Allocators". Wording Changes from Ada 2005 26.l/3 {AI05-0053-1} {AI05-0277-1} Correction: The rule about a current instance being aliased now is worded in terms of immutably limited types. Wording was also added to make extended return object declarations that have the keyword aliased be considered aliased. This latter was a significant oversight in Ada 2005 - technically, the keyword aliased had no effect. But of course implementations followed the intent, not the letter of the Standard. 26.m/3 {AI05-0142-4} Explicitly aliased parameters (see 6.1) are defined to be aliased. 3.10.1 Incomplete Type Declarations 1 There are no particular limitations on the designated type of an access type. In particular, the type of a component of the designated type can be another access type, or even the same access type. This permits mutually dependent and recursive access types. An incomplete_type_declaration can be used to introduce a type to be used as a designated type, while deferring its full definition to a subsequent full_type_declaration. Syntax 2/2 {AI95-00326-01} incomplete_type_declaration ::= type defining_identifier [discriminant_part] [is tagged]; Static Semantics 2.1/4 {AI95-00326-01} {AI12-0137-1} An incomplete_type_declaration declares an incomplete view of a type and its first subtype; the first subtype is unconstrained if a discriminant_part appears. If the incomplete_type_declaration includes the reserved word tagged, it declares a tagged incomplete view. If T denotes a tagged incomplete view, then T'Class denotes a tagged incomplete view. [An incomplete view of a type is a limited view of the type (see 7.5).] 2.2/2 {AI95-00326-01} Given an access type A whose designated type T is an incomplete view, a dereference of a value of type A also has this incomplete view except when: 2.a/3 Discussion: {AI05-0208-1} Whether the designated type is an incomplete view (and thus whether this set of rules applies) is determined by the view of the type at the declaration of the access type; it does not change during the life of the type. 2.3/2 * it occurs within the immediate scope of the completion of T, or 2.4/3 * {AI05-0208-1} it occurs within the scope of a nonlimited_with_clause that mentions a library package in whose visible part the completion of T is declared, or 2.5/3 * {AI05-0208-1} it occurs within the scope of the completion of T and T is an incomplete view declared by an incomplete_type_declaration. 2.6/3 {AI05-0162-1} In these cases, the dereference has the view of T visible at the point of the dereference. 2.b/2 Discussion: We need the "in whose visible part" rule so that the second rule doesn't trigger in the body of a package with a with of a child unit: 2.c/2 package P is private type T; type PtrT is access T; end P; 2.d/2 private package P.C is Ptr : PtrT; end P.C; 2.e/3 {AI05-0005-1} with P.C; package body P is -- Ptr.all'Size is not legal here, but we are within the scope -- of a nonlimited_with_clause for P. type T is ... -- Ptr.all'Size is legal here. end P; 2.7/3 {AI95-00412-01} {AI05-0162-1} {AI05-0208-1} Similarly, if a subtype_mark denotes a subtype_declaration defining a subtype of an incomplete view T, the subtype_mark denotes an incomplete view except under the same three circumstances given above, in which case it denotes the view of T visible at the point of the subtype_mark. Legality Rules 3/3 {AI05-0162-1} An incomplete_type_declaration requires a completion, which shall be a type_declaration other than an incomplete_type_declaration. [If the incomplete_type_declaration occurs immediately within either the visible part of a package_specification or a declarative_part, then the type_declaration shall occur later and immediately within this visible part or declarative_- part. If the incomplete_type_declaration occurs immediately within the private part of a given package_specification, then the type_declaration shall occur later and immediately within either the private part itself, or the declarative_part of the corresponding package_body.] 3.a Proof: This is implied by the next AARM-only rule, plus the rules in 3.11.1, "Completions of Declarations" which require a completion to appear later and immediately within the same declarative region. 3.b To be honest: If the incomplete_type_declaration occurs immediately within the visible part of a package_specification, then the completing type_declaration shall occur immediately within this visible part. 3.c To be honest: If the implementation supports it, an incomplete_type_declaration can be imported (using aspect Import, see B.1), in which case no explicit completion is allowed. 4/3 {AI95-00326-01} {AI05-0162-1} If an incomplete_type_declaration includes the reserved word tagged, then a type_declaration that completes it shall declare a tagged type. If an incomplete_type_declaration has a known_discriminant_part, then a type_declaration that completes it shall have a fully conforming (explicit) known_discriminant_part (see 6.3.1). [If an incomplete_type_declaration has no discriminant_part (or an unknown_discriminant_part), then a corresponding type_declaration is nevertheless allowed to have discriminants, either explicitly, or inherited via derivation.] 5/2 {AI95-00326-01} A name that denotes an incomplete view of a type may be used as follows: 6/3 * {AI05-0098-1} as the subtype_mark in the subtype_indication of an access_to_object_definition; [the only form of constraint allowed in this subtype_indication is a discriminant_constraint [(a null_exclusion is not allowed)];] 6.a Implementation Note: We now allow discriminant_constraints even if the full type is deferred to the package body. However, there is no particular implementation burden because we have dropped the concept of the dependent compatibility check. In other words, we have effectively repealed AI83-00007. 7/2 * {AI95-00326-01} {AI95-00412-01} as the subtype_mark in the subtype_indication of a subtype_declaration; the subtype_indication shall not have a null_exclusion or a constraint; 8/3 * {AI95-00326-01} {AI05-0151-1} as the subtype_mark in an access_definition for an access-to-object type; 8.a/2 To be honest: This does not mean any random subtype_mark in a construct that makes up an access_definition, such as a formal_part, just the one given directly in the syntax of access_definition. 8.1/3 * {AI05-0151-1} as the subtype_mark defining the subtype of a parameter or result in a profile occurring within a basic_declaration; 8.b/3 Ramification: But not in the profile for a body or entry. 8.2/3 * {AI05-0213-1} as a generic actual parameter whose corresponding generic formal parameter is a formal incomplete type (see 12.5.1). 8.3/2 {AI95-00326-01} If such a name denotes a tagged incomplete view, it may also be used: 8.4/3 * {AI95-00326-01} {AI05-0151-1} as the subtype_mark defining the subtype of a parameter in the profile for a subprogram_body, entry_body, or accept_statement; 9/2 * {AI95-00326-01} as the prefix of an attribute_reference whose attribute_designator is Class; such an attribute_reference is restricted to the uses allowed here; it denotes a tagged incomplete view. 9.a/2 This paragraph was deleted.{AI95-00326-01} 9.1/3 This paragraph was deleted.{AI95-00326-01} {AI05-0151-1} 9.2/3 * This paragraph was deleted.{AI95-00326-01} {AI05-0098-1} {AI05-0151-1} 9.b/3 This paragraph was deleted. 9.3/2 {AI95-00326-01} If any of the above uses occurs as part of the declaration of a primitive subprogram of the incomplete view, and the declaration occurs immediately within the private part of a package, then the completion of the incomplete view shall also occur immediately within the private part; it shall not be deferred to the package body. 9.c/2 Reason: This fixes a hole in Ada 95 where a dispatching operation with an access parameter could be declared in a private part and a dispatching call on it could occur in a child even though there is no visibility on the full type, requiring access to the controlling tag without access to the representation of the type. 9.4/2 {AI95-00326-01} No other uses of a name that denotes an incomplete view of a type are allowed. 10/3 {AI95-00326-01} {AI05-0151-1} A prefix that denotes an object shall not be of an incomplete view. An actual parameter in a call shall not be of an untagged incomplete view. The result object of a function call shall not be of an incomplete view. A prefix shall not denote a subprogram having a formal parameter of an untagged incomplete view, nor a return type that is an incomplete view. 10.a/2 Reason: We used to disallow all dereferences of an incomplete type. Now we only disallow such dereferences when used as a prefix. Dereferences used in other contexts do not pose a problem since normal type matching will preclude their use except when the full type is "nearby" as context (for example, as the expected type). 10.b/2 This also disallows prefixes that are directly of an incomplete view. For instance, a parameter P can be declared of a tagged incomplete type, but we don't want to allow P'Size, P'Alignment, or the like, as representation values aren't known for an incomplete view. 10.c/2 We say "denotes an object" so that prefixes that directly name an incomplete view are not covered; the previous rules cover such cases, and we certainly don't want to ban Incomp'Class. 10.d/3 {AI05-0151-1} As subprogram profiles now may include any kind of incomplete type, we also disallow passing objects of untagged incomplete types in subprogram calls (as the parameter passing method is not known as it is for tagged types) and disallow returning any sort of incomplete objects (since we don't know how big they are). Paragraph 11 was deleted. Dynamic Semantics 12 The elaboration of an incomplete_type_declaration has no effect. 12.a Reason: An incomplete type has no real existence, so it doesn't need to be "created" in the usual sense we do for other types. It is roughly equivalent to a "forward;" declaration in Pascal. Private types are different, because they have a different set of characteristics from their full type. NOTES 13 89 Within a declarative_part, an incomplete_type_declaration and a corresponding full_type_declaration cannot be separated by an intervening body. This is because a type has to be completely defined before it is frozen, and a body freezes all types declared prior to it in the same declarative_part (see 13.14). 13.1/3 90 {AI05-0151-1} {AI05-0269-1} A name that denotes an object of an incomplete view is defined to be of a limited type. Hence, the target of an assignment statement cannot be of an incomplete view. Examples 14 Example of a recursive type: 15 type Cell; -- incomplete type declaration type Link is access Cell; 16 type Cell is record Value : Integer; Succ : Link; Pred : Link; end record; 17 Head : Link := new Cell'(0, null, null); Next : Link := Head.Succ; 18 Examples of mutually dependent access types: 19/2 {AI95-00433-01} type Person(<>); -- incomplete type declaration type Car is tagged; -- incomplete type declaration 20/2 {AI95-00433-01} type Person_Name is access Person; type Car_Name is access all Car'Class; 21/2 {AI95-00433-01} type Car is tagged record Number : Integer; Owner : Person_Name; end record; 22 type Person(Sex : Gender) is record Name : String(1 .. 20); Birth : Date; Age : Integer range 0 .. 130; Vehicle : Car_Name; case Sex is when M => Wife : Person_Name(Sex => F); when F => Husband : Person_Name(Sex => M); end case; end record; 23 My_Car, Your_Car, Next_Car : Car_Name := new Car; -- see 4.8 George : Person_Name := new Person(M); ... George.Vehicle := Your_Car; Extensions to Ada 83 23.a The full_type_declaration that completes an incomplete_type_declaration may have a known_discriminant_part even if the incomplete_type_declaration does not. 23.b/1 A discriminant_constraint may be applied to an incomplete type, even if its completion is deferred to the package body, because there is no "dependent compatibility check" required any more. Of course, the constraint can be specified only if a known_discriminant_part was given in the incomplete_type_declaration. As mentioned in the previous paragraph, that is no longer required even when the full type has discriminants. Wording Changes from Ada 83 23.c Dereferences producing incomplete types were not explicitly disallowed in RM83, though AI83-00039 indicated that it was not strictly necessary since troublesome cases would result in Constraint_Error at run time, since the access value would necessarily be null. However, this introduces an undesirable implementation burden, as illustrated by Example 4 of AI83-00039: 23.d package Pack is type Pri is private; private type Sep; type Pri is access Sep; X : Pri; end Pack; 23.e package body Pack is -- Could be separately compiled! type Sep is ...; X := new Sep; end Pack; 23.f pragma Elaborate(Pack); private package Pack.Child is I : Integer := X.all'Size; -- Legal, by AI-00039. end Pack.Child; 23.g Generating code for the above example could be a serious implementation burden, since it would require all aliased objects to store size dope, and for that dope to be in the same format for all kinds of types (or some other equivalently inefficient implementation). On the contrary, most implementations allocate dope differently (or not at all) for different designated subtypes. Incompatibilities With Ada 95 23.h/2 {AI95-00326-01} It is now illegal to use an incomplete view (type) as the parameter or result of an access-to-subprogram type unless the incomplete view is completed in the same declaration list as the use. This was allowed in Ada 95 for incomplete types where the completion was deferred to the body. By disallowing this rare use of incomplete views, we can allow the use of incomplete views in many more places, which is especially valuable for limited views. 23.i/2 {AI95-00326-01} It is now illegal to use an incomplete view (type) in a primitive subprogram of the type unless the incomplete view is completed in the package specification. This was allowed in Ada 95 for incomplete types where the completion was deferred to the body (the use would have to be in an access parameter). This incompatibility was caused by the fix for the hole noted in Legality Rules above. Extensions to Ada 95 23.j/2 {AI95-00326-01} Tagged incomplete types are new. They are allowed in parameter declarations as well as the usual places, as tagged types are always by-reference types (and thus there can be no code generation issue). 23.k/2 {AI95-00412-01} A subtype_declaration can be used to give a new name to an incomplete view of a type. This is valuable to give shorter names to entities imported with a limited_with_clause. Wording Changes from Ada 95 23.l/2 {AI95-00326-01} The description of incomplete types as incomplete views is new. Ada 95 defined these as separate types, but neglected to give any rules for matching them with other types. Luckily, implementers did the right thing anyway. This change also makes it easier to describe the meaning of a limited view. Extensions to Ada 2005 23.m/3 {AI05-0098-1} Correction: Fixed the definition so that an anonymous access-to-subprogram type can use an incomplete view in the same way that a named access-to-subprogram type can. 23.n/3 {AI05-0151-1} Incomplete types now can be used in subprogram declarations. The type has to be complete before any calls or the body is declared. This reduces the places where access types are required for types imported from limited views of packages. 23.o/3 {AI05-0162-1} Incomplete types now can be completed by private types and private extensions. Since this can already happen for limited views, there is no remaining reason to disallow it for explicitly declared incomplete types. Wording Changes from Ada 2005 23.p/3 {AI05-0208-1} Correction: Changed the rules of uses of dereferences of incomplete views such that it does not introduce an unintentional incompatibility with Ada 83 and Ada 95. 23.q/3 {AI05-0213-1} Incomplete types now can be used as actuals to formal incomplete types (see 12.5.1). Wording Changes from Ada 2012 23.r/4 {AI12-0137-1} Corrigndum: Changed the wording to clarify that the class-wide type associated with a specific tagged type that has an incomplete view is also an incomplete view. While this was previously undefined, an interpretation where it is not an incomplete view is leads to semantic nonsense, and thus we don't consider this a potential incompatibility, as compilers most likely are doing the right thing. 3.10.2 Operations of Access Types 1/3 {AI05-0299-1} [The attribute Access is used to create access values designating aliased objects and nonintrinsic subprograms. The " accessibility" rules prevent dangling references (in the absence of uses of certain unchecked features - see Clause 13).] Language Design Principles 1.a It should be possible for an access value to designate an object declared by an object declaration, or a subcomponent thereof. In implementation terms, this means pointing at stack-allocated and statically allocated data structures. However, dangling references should be prevented, primarily via compile-time rules, so long as features like Unchecked_Access and Unchecked_Deallocation are not used. 1.b In order to create such access values, we require that the access type be a general access type, that the designated object be aliased, and that the accessibility rules be obeyed. Name Resolution Rules 2/2 {AI95-00235-01} For an attribute_reference with attribute_designator Access (or Unchecked_Access - see 13.10), the expected type shall be a single access type A such that: 2.1/2 * {AI95-00235-01} A is an access-to-object type with designated type D and the type of the prefix is D'Class or is covered by D, or 2.2/2 * {AI95-00235-01} A is an access-to-subprogram type whose designated profile is type conformant with that of the prefix. 2.3/2 {AI95-00235-01} [The prefix of such an attribute_reference is never interpreted as an implicit_dereference or a parameterless function_call (see 4.1.4).] The designated type or profile of the expected type of the attribute_reference is the expected type or profile for the prefix. 2.a Discussion: Saying that the expected type shall be a "single access type" is our "new" way of saying that the type has to be determinable from context using only the fact that it is an access type. See 4.2 and 8.6. Specifying the expected profile only implies type conformance. The more stringent subtype conformance is required by a Legality Rule. This is the only Resolution Rule that applies to the name in a prefix of an attribute_reference. In all other cases, the name has to be resolved without using context. See 4.1.4. 2.b/2 {AI95-00235-01} Saying "single access type" is a bit of a fudge. Both the context and the prefix may provide both multiple types; "single" only means that a single, specific interpretation must remain after resolution. We say "single" here to trigger the Legality Rules of 8.6. The resolution of an access attribute is similar to that of an assignment_statement. For example: 2.c/2 type Int_Ptr is access all Integer; type Char_Ptr is access all Character; type Float_Ptr is access all Float; 2.d/2 function Zap (Val : Int_Ptr) return Float; -- (1) function Zap (Val : Float_Ptr) return Float; -- (2) function Zop return Int_Ptr; -- (3) function Zop return Char_Ptr; -- (4) 2.e/2 Result : Float := Zap (Zop.all'Access); -- Resolves to Zap (1) and Zop (3). Static Semantics 3/2 {AI95-00162-01} [The accessibility rules, which prevent dangling references, are written in terms of accessibility levels, which reflect the run-time nesting of masters. As explained in 7.6.1, a master is the execution of a certain construct, such as a subprogram_body. An accessibility level is deeper than another if it is more deeply nested at run time. For example, an object declared local to a called subprogram has a deeper accessibility level than an object declared local to the calling subprogram. The accessibility rules for access types require that the accessibility level of an object designated by an access value be no deeper than that of the access type. This ensures that the object will live at least as long as the access type, which in turn ensures that the access value cannot later designate an object that no longer exists. The Unchecked_Access attribute may be used to circumvent the accessibility rules.] 3.a/3 Discussion: {AI05-0005-1} The Unchecked_Access attribute acts as if the object was declared at library-level; this applies even when it is used as the value of anonymous access type. See 13.10. 3.b/3 Subclause 3.10.2, home of the accessibility rules, is informally known as the "Heart of Darkness" amongst the maintainers of Ada. Woe unto all who enter here (well, at least unto anyone that needs to understand any of these rules). 4 [A given accessibility level is said to be statically deeper than another if the given level is known at compile time (as defined below) to be deeper than the other for all possible executions. In most cases, accessibility is enforced at compile time by Legality Rules. Run-time accessibility checks are also used, since the Legality Rules do not cover certain cases involving access parameters and generic packages.] 5 Each master, and each entity and view created by it, has an accessibility level: 6 * The accessibility level of a given master is deeper than that of each dynamically enclosing master, and deeper than that of each master upon which the task executing the given master directly depends (see 9.3). 7/4 * {AI95-00162-01} {AI95-00416-01} {AI05-0235-1} {AI12-0067-1} {AI12-0089-1} An entity or view defined by a declaration and created as part of its elaboration has the same accessibility level as the innermost master of the declaration except in the cases of renaming and derived access types described below. Other than for an explicitly aliased parameter of a function or generic function, a formal parameter of a callable entity has the same accessibility level as the master representing the invocation of the entity. 7.a/2 Reason: {AI95-00416-01} This rule defines the "normal" accessibility of entities. In the absence of special rules below, we intend for this rule to apply. 7.b/4 Discussion: {AI95-00416-01} {AI12-0005-1} This rule defines the accessibility of all named access types, as well as the accessibility level of anonymous access types in a component_definition Special rules exist for the accessibility level of other anonymous types. Components whose (anonymous) type is defined by an access_definition have accessibility levels corresponding to named access types defined at the same point. 7.c/2 Ramification: {AI95-00230-01} Because accessibility level is determined by where the access_definition is elaborated, for a type extension, the anonymous access types of components (other than access discriminants) inherited from the parent have the same accessibility as they did in the parent; those in the extension part have the accessibility determined by the scope where the type extension is declared. Similarly, the types of the nondiscriminant access components of a derived untagged type have the same accessibility as they did in the parent. 7.d/3 To be honest: {AI05-0235-1} We use "invocation of" in the parameter case as a master is formally an execution of something. But we mean this to be interpreted statically (for instance, as the body of the subprogram) for the purposes of computing "statically deeper than" (see below). 7.e/3 Ramification: {AI05-0235-1} Note that accessibility can differ depending on the view of an object (for both static and dynamic accessibility). For instance, the accessibility level of a formal parameter may be different than the accessibility level of the corresponding actual parameter. This occurs in other cases as well. 7.f/3 Reason: {AI05-0235-1} We define the (dynamic) accessibility of formal parameters in order that it does not depend on the parameter passing model (by-reference or by-copy) as that is implementation defined. Otherwise, there would be a portability issue. 8 * The accessibility level of a view of an object or subprogram defined by a renaming_declaration is the same as that of the renamed view. 9/2 * {AI95-00416-01} The accessibility level of a view conversion, qualified_expression, or parenthesized expression, is the same as that of the operand. 9.1/3 * {AI05-0188-1} The accessibility level of a conditional_expression is the accessibility level of the evaluated dependent_expression. 10/4 * {AI95-00318-02} {AI95-00416-01} {AI05-0234-1} {AI12-0027-1} The accessibility level of an aggregate that is used (in its entirety) to directly initialize part of an object is that of the object being initialized. In other contexts, the accessibility level of an aggregate is that of the innermost master that evaluates the aggregate. Corresponding rules apply to a value conversion (see 4.6). 10.1/3 * {AI05-0234-1} The accessibility level of the result of a function call is that of the master of the function call, which is determined by the point of call as follows: 10.2/3 * If the result is used (in its entirety) to directly initialize part of an object, the master is that of the object being initialized. In the case where the initialized object is a coextension (see below) that becomes a coextension of another object, the master is that of the eventual object to which the coextension will be transferred. 10.a/2 To be honest: {AI95-00416-01} The first sentence is talking about a static use of the entire return object - a slice that happens to be the entire return object doesn't count. On the other hand, this is intended to allow parentheses and qualified_expressions. 10.b/3 Ramification: {AI95-00416-01} {AI05-0234-1} If the function is used as a prefix, this bullet does not apply. Similarly, an assignment_statement is not an initialization of an object, so this bullet does not apply. 10.3/3 * If the result is of an anonymous access type and is the operand of an explicit conversion, the master is that of the target type of the conversion; 10.4/3 * If the result is of an anonymous access type and defines an access discriminant, the master is the same as that for an object created by an anonymous allocator that defines an access discriminant (even if the access result is of an access-to-subprogram type). 10.5/3 * If the call itself defines the result of a function to which one of the above rules applies, these rules are applied recursively; 10.6/3 * In other cases, the master of the call is that of the innermost master that evaluates the function call. 10.c/2 Ramification: {AI95-00318-02} {AI95-00416-01} The "innermost master which evaluated the function call" does not include the function call itself (which might be a master). 10.d/2 {AI95-00318-02} {AI95-00416-01} We really mean the innermost master here, which could be a very short lifetime. Consider a function call used as a parameter of a procedure call. In this case the innermost master which evaluated the function call is the procedure call. 10.d.1/3 Ramification: {AI05-0234-1} These rules do not mention whether the result object is built-in-place (see 7.6). In particular, in the case where building in place is optional, the choice whether or not to build-in-place has no effect on masters, lifetimes, or accessibility. 10.d.2/3 Implementation Note: {AI05-0234-1} There are several cases where the implementation may have to pass in the accessibility level of the result object on a call, to support later rules where the accessibility level comes from the master of the call: 10.d.3/3 * when the function result may have a part with access discriminants; 10.d.4/3 * when the function result type is an anonymous access type; 10.d.5/3 * when the function result is built-in-place; 10.d.6/3 * when the function has an explicitly aliased parameter. 10.d.7/3 In particular, this implies passing a level parameter when the result type is class-wide, since descendants may add access discriminants. For most implementations this will mean that functions with controlling results will also need a level parameter. 10.7/3 {AI05-0284-1} In the case of a call to a function whose result type is an anonymous access type, the accessibility level of the type of the result of the function call is also determined by the point of call as described above. 10.8/3 * {AI95-00416-01} Within a return statement, the accessibility level of the return object is that of the execution of the return statement. If the return statement completes normally by returning from the function, then prior to leaving the function, the accessibility level of the return object changes to be a level determined by the point of call, as does the level of any coextensions (see below) of the return object. 10.e/2 Reason: We define the accessibility level of the return object during the return statement to be that of the return statement itself so that the object may be designated by objects local to the return statement, but not by objects outside the return statement. In addition, the intent is that the return object gets finalized if the return statement ends without actually returning (for example, due to propagating an exception, or a goto). For a normal return, of course, no finalization is done before returning. 11 * The accessibility level of a derived access type is the same as that of its ultimate ancestor. 11.1/2 * {AI95-00230-01} The accessibility level of the anonymous access type defined by an access_definition of an object_renaming_declaration is the same as that of the renamed view. 12/2 * {AI95-00230-01} {AI95-00416-01} The accessibility level of the anonymous access type of an access discriminant in the subtype_indication or qualified_expression of an allocator, or in the expression or return_subtype_indication of a return statement is determined as follows: 12.1/2 * If the value of the access discriminant is determined by a discriminant_association in a subtype_indication, the accessibility level of the object or subprogram designated by the associated value (or library level if the value is null); 12.a/2 Discussion: This deals with the following cases, when they occur in the context of an allocator or return statement: 12.b/2 * An extension_aggregate where the ancestor_part is a subtype_mark denoting a constrained subtype; 12.c/2 * An uninitialized allocator where the subtype_indication defines a constrained subtype; 12.d/2 * A discriminant of an object with a constrained nominal subtype, including constrained components, the result of calling a function with a constrained result subtype, the dereference of an access-to-constrained subtype, etc. 12.e/3 Ramification: {AI05-0281-1} The subtype_indication mentioned in this bullet is not necessarily the one given in the allocator or return statement that is determining the accessibility level; the constrained subtype might have been defined in an earlier declaration (as a named subtype). 12.f/3 {AI05-0005-1} If the value for this rule and the next one is derived from an Unchecked_Access attribute, the accessibility is library-level no matter what the accessibility level of the object is (see 13.10). 12.2/3 * {AI05-0234-1} If the value of the access discriminant is determined by a default_expression in the declaration of the discriminant, the level of the object or subprogram designated by the associated value (or library level if null); 12.f.1/3 Discussion: This covers the case of an unconstrained subcomponent of a limited type with defaulted access discriminants. 12.3/3 * {AI05-0004-1} If the value of the access discriminant is determined by a record_component_association in an aggregate, the accessibility level of the object or subprogram designated by the associated value (or library level if the value is null); 12.g/2 Discussion: In this bullet, the aggregate has to occur in the context of an allocator or return statement, while the subtype_indication of the previous bullet can occur anywhere (it doesn't have to be directly given in the allocator or return statement). 12.4/3 * In other cases, where the value of the access discriminant is determined by an object with an unconstrained nominal subtype, the accessibility level of the object. 12.h/2 Discussion: {AI95-00416-01} In other words, if you know the value of the discriminant for an allocator or return statement from a discriminant constraint or an aggregate component association, then that determines the accessibility level; if you don't know it, then it is based on the object itself. 12.5/3 * {AI95-00416-01} The accessibility level of the anonymous access type of an access discriminant in any other context is that of the enclosing object. 13/3 * {AI95-00162-01} {AI95-00254-01} {AI05-0270-1} The accessibility level of the anonymous access type of an access parameter specifying an access-to-object type is the same as that of the view designated by the actual (or library-level if the actual is null). 13.a/3 Ramification: {AI05-0005-1} If the value of the actual is derived from an Unchecked_Access attribute, the accessibility is always library-level (see 13.10). 13.1/2 * {AI95-00254-01} The accessibility level of the anonymous access type of an access parameter specifying an access-to-subprogram type is deeper than that of any master; all such anonymous access types have this same level. 13.b/2 Reason: These represent "downward closures" and thus require passing of static links or global display information (along with generic sharing information if the implementation does sharing) along with the address of the subprogram. We must prevent conversions of these to types with "normal" accessibility, as those typically don't include the extra information needed to make a call. 13.2/4 * {AI12-0070-1} The accessibility level of the anonymous access subtype defined by a return_subtype_indication that is an access_definition (see 6.5) is that of the result subtype of the enclosing function. 13.3/4 * {AI05-0148-1} {AI05-0240-1} {AI12-0070-1} The accessibility level of the type of a stand-alone object of an anonymous access-to-object type is the same as the accessibility level of the type of the access value most recently assigned to the object[; accessibility checks ensure that this is never deeper than that of the declaration of the stand-alone object]. 13.4/4 * {AI05-0142-4} {AI05-0240-1} {AI12-0070-1} The accessibility level of an explicitly aliased (see 6.1) formal parameter in a function body is determined by the point of call; it is the same level that the return object ultimately will have. 14/3 * {AI95-00416-01} {AI05-0051-1} {AI05-0253-1} The accessibility level of an object created by an allocator is the same as that of the access type, except for an allocator of an anonymous access type (an anonymous allocator) in certain contexts, as follows: For an anonymous allocator that defines the result of a function with an access result, the accessibility level is determined as though the allocator were in place of the call of the function; in the special case of a call that is the operand of a type conversion, the level is that of the target access type of the conversion. For an anonymous allocator defining the value of an access parameter, the accessibility level is that of the innermost master of the call. For an anonymous allocator whose type is that of a stand-alone object of an anonymous access-to-object type, the accessibility level is that of the declaration of the stand-alone object. For one defining an access discriminant, the accessibility level is determined as follows: 14.1/3 * {AI95-00416-01} {AI05-0024-1} for an allocator used to define the discriminant of an object, the level of the object; 14.2/3 * {AI95-00416-01} {AI05-0024-1} for an allocator used to define the constraint in a subtype_indication in any other context, the level of the master that elaborates the subtype_indication. 14.3/3 * This paragraph was deleted.{AI95-00416-01} {AI05-0024-1} 14.4/3 {AI95-00416-01} {AI05-0024-1} {AI05-0066-1} In the first case, the allocated object is said to be a coextension of the object whose discriminant designates it, as well as of any object of which the discriminated object is itself a coextension or subcomponent. If the allocated object is a coextension of an anonymous object representing the result of an aggregate or function call that is used (in its entirety) to directly initialize a part of an object, after the result is assigned, the coextension becomes a coextension of the object being initialized and is no longer considered a coextension of the anonymous object. All coextensions of an object [(which have not thus been transfered by such an initialization)] are finalized when the object is finalized (see 7.6.1). 14.a.1/2 Ramification: The rules of access discriminants are such that when the space for an object with a coextension is reclaimed, the space for the coextensions can be reclaimed. Hence, there is implementation advice (see 13.11) that an object and its coextensions all be allocated from the same storage pool (or stack frame, in the case of a declared object). 14.5/3 * {AI05-0051-1} Within a return statement, the accessibility level of the anonymous access type of an access result is that of the master of the call. 15/3 * {AI05-0014-1} The accessibility level of a view of an object or subprogram designated by an access value is the same as that of the access type. 15.a/3 Discussion: {AI05-0005-1} {AI05-0014-1} This rule applies even when no dereference exists, for example when an access value is passed as an access parameter. This rule ensures that implementations are not required to include dynamic accessibility values with all access values. 16 * The accessibility level of a component, protected subprogram, or entry of (a view of) a composite object is the same as that of (the view of) the composite object. 16.1/3 {AI95-00416-01} {AI05-0262-1} In the above rules, the operand of a view conversion, parenthesized expression or qualified_expression is considered to be used in a context if the view conversion, parenthesized expression or qualified_expression itself is used in that context. Similarly, a dependent_expression of a conditional_expression is considered to be used in a context if the conditional_expression itself is used in that context. 17 One accessibility level is defined to be statically deeper than another in the following cases: 18 * For a master that is statically nested within another master, the accessibility level of the inner master is statically deeper than that of the outer master. 18.a To be honest: Strictly speaking, this should talk about the constructs (such as subprogram_bodies) being statically nested within one another; the masters are really the executions of those constructs. 18.b To be honest: If a given accessibility level is statically deeper than another, then each level defined to be the same as the given level is statically deeper than each level defined to be the same as the other level. 18.1/2 * {AI95-00254-01} The accessibility level of the anonymous access type of an access parameter specifying an access-to-subprogram type is statically deeper than that of any master; all such anonymous access types have this same level. 18.c/2 Ramification: This rule means that it is illegal to convert an access parameter specifying an access to subprogram to a named access to subprogram type, but it is allowed to pass such an access parameter to another access parameter (the implicit conversion's accessibility will succeed). 19/3 * {AI95-00254-01} {AI05-0082-1} The statically deeper relationship does not apply to the accessibility level of the anonymous type of an access parameter specifying an access-to-object type nor does it apply to a descendant of a generic formal type; that is, such an accessibility level is not considered to be statically deeper, nor statically shallower, than any other. 19.1/3 * {AI05-0148-1} The statically deeper relationship does not apply to the accessibility level of the type of a stand-alone object of an anonymous access-to-object type; that is, such an accessibility level is not considered to be statically deeper, nor statically shallower, than any other. 19.a/3 Ramification: In these cases, we use dynamic accessibility checks. 19.2/4 * {AI05-0142-4} {AI05-0235-1} {AI12-0089-1} {AI12-0157-1} Inside a return statement that applies to a function or generic function F, or the return expression of an expression function F, when determining whether the accessibility level of an explicitly aliased parameter of F is statically deeper than the level of the return object of F, the level of the return object is considered to be the same as that of the level of the explicitly aliased parameter; for statically comparing with the level of other entities, an explicitly aliased parameter of F is considered to have the accessibility level of the body of F. 19.3/4 * {AI05-0051-1} {AI05-0234-1} {AI05-0235-1} {AI12-0089-1} {AI12-0157-1} For determining whether a level is statically deeper than the level of the anonymous access type of an access result of a function or generic function F, when within a return statement that applies to F or the return expression of expression function F, the level of the master of the call is presumed to be the same as that of the level of the master that elaborated the body of F. 20 * or generic function F 20.a/3 To be honest: {AI05-0235-1} This rule has no effect if the previous bullet also applies (that is, the "a level" is of an explicitly aliased parameter). 21 * [For determining whether one level is statically deeper than another when within a generic package body, the generic package is presumed to be instantiated at the same level as where it was declared; run-time checks are needed in the case of more deeply nested instantiations.] 21.a/3 Proof: {AI05-0082-1} A generic package does not introduce a new master, so it has the static level of its declaration; the rest follows from the other "statically deeper" rules. 22 * For determining whether one level is statically deeper than another when within the declarative region of a type_declaration, the current instance of the type is presumed to be an object created at a deeper level than that of the type. 22.a Ramification: In other words, the rules are checked at compile time of the type_declaration, in an assume-the-worst manner. 23 The accessibility level of all library units is called the library level; a library-level declaration or entity is one whose accessibility level is the library level. 23.a Ramification: Library_unit_declarations are library level. Nested declarations are library level if they are nested only within packages (possibly more than one), and not within subprograms, tasks, etc. 23.b/2 To be honest: The definition of the accessibility level of the anonymous type of an access parameter specifying an access-to-object type cheats a bit, since it refers to the view designated by the actual, but access values designate objects, not views of objects. What we really mean is the view that "would be" denoted by an expression "X.all", where X is the actual, even though such an expression is a figment of our imagination. The definition is intended to be equivalent to the following more verbose version: The accessibility level of the anonymous type of an access parameter is as follows: 23.c * if the actual is an expression of a named access type - the accessibility level of that type; 23.d * if the actual is an allocator - the accessibility level of the execution of the called subprogram; 23.e/1 * if the actual is a reference to the Access attribute - the accessibility level of the view denoted by the prefix; 23.f * if the actual is a reference to the Unchecked_Access attribute - library accessibility level; 23.g * if the actual is an access parameter - the accessibility level of its type. 23.h Note that the allocator case is explicitly mentioned in the RM95, because otherwise the definition would be circular: the level of the anonymous type is that of the view designated by the actual, which is that of the access type. 23.i Discussion: A deeper accessibility level implies a shorter maximum lifetime. Hence, when a rule requires X to have a level that is "not deeper than" Y's level, this requires that X has a lifetime at least as long as Y. (We say "maximum lifetime" here, because the accessibility level really represents an upper bound on the lifetime; an object created by an allocator can have its lifetime prematurely ended by an instance of Unchecked_Deallocation.) 23.j Package elaborations are not masters, and are therefore invisible to the accessibility rules: an object declared immediately within a package has the same accessibility level as an object declared immediately within the declarative region containing the package. This is true even in the body of a package; it jibes with the fact that objects declared in a package_body live as long as objects declared outside the package, even though the body objects are not visible outside the package. 23.k Note that the level of the view denoted by X.all can be different from the level of the object denoted by X.all. The former is determined by the type of X; the latter is determined either by the type of the allocator, or by the master in which the object was declared. The former is used in several Legality Rules and run-time checks; the latter is used to define when X.all gets finalized. The level of a view reflects what we can conservatively "know" about the object of that view; for example, due to type_conversions, an access value might designate an object that was allocated by an allocator for a different access type. 23.l Similarly, the level of the view denoted by X.all.Comp can be different from the level of the object denoted by X.all.Comp. 23.m If Y is statically deeper than X, this implies that Y will be (dynamically) deeper than X in all possible executions. 23.n Most accessibility checking is done at compile time; the rules are stated in terms of "statically deeper than". The exceptions are: 23.o/2 * Checks involving access parameters of an access-to-object type. The fact that "statically deeper than" is not defined for the anonymous access type of an access parameter implies that any rule saying "shall not be statically deeper than" does not apply to such a type, nor to anything defined to have "the same" level as such a type. 23.o.1/3 * {AI05-0082-1} Checks involving generic formal types and their descendants. This is because the actual type can be more or less deeply nested than the generic unit. Note that this only applies to the generic unit itself, and not to the instance. Any static checks needed in the instance will be performed. Any other checks (such as those in the generic body) will require a run-time check of some sort (although implementations that macro-expand generics can determine the result of the check when the generic is expanded). 23.p/3 * {AI05-0082-1} Checks involving other entities and views within generic packages. This is because an instantiation can be at a level that is more deeply nested than the generic package itself. In implementations that use a macro-expansion model of generics, these violations can be detected at macro-expansion time. For implementations that share generics, run-time code is needed to detect the error. 23.q/2 * {AI95-00318-02} {AI95-00344-01} {AI95-00416-01} Checks during function return and allocators, for nested type extensions and access discriminants. 23.r/3 {AI05-0005-1} Note that run-time checks are not required for access discriminants (except during function returns and allocators), because their accessibility is determined statically by the accessibility level of the enclosing object. 23.s/2 The accessibility level of the result object of a function reflects the time when that object will be finalized; we don't allow pointers to the object to survive beyond that time. 23.t We sometimes use the terms "accessible" and "inaccessible" to mean that something has an accessibility level that is not deeper, or deeper, respectively, than something else. 23.u/2 Implementation Note: {AI95-00318-02} {AI95-00344-01} {AI95-00416-01} If an accessibility Legality Rule is satisfied, then the corresponding run-time check (if any) cannot fail (and a reasonable implementation will not generate any checking code) unless one of the cases requiring run-time checks mentioned previously is involved. 23.v Accessibility levels are defined in terms of the relations "the same as" and "deeper than". To make the discussion more concrete, we can assign actual numbers to each level. Here, we assume that library-level accessibility is level 0, and each level defined as "deeper than" is one level deeper. Thus, a subprogram directly called from the environment task (such as the main subprogram) would be at level 1, and so on. 23.w/2 Accessibility is not enforced at compile time for access parameters of an access-to-object type. The "obvious" implementation of the run-time checks would be inefficient, and would involve distributed overhead; therefore, an efficient method is given below. The "obvious" implementation would be to pass the level of the caller at each subprogram call, task creation, etc. This level would be incremented by 1 for each dynamically nested master. An Accessibility_Check would be implemented as a simple comparison - checking that X is not deeper than Y would involve checking that X <= Y. 23.x A more efficient method is based on passing static nesting levels (within constructs that correspond at run time to masters - packages don't count). Whenever an access parameter is passed, an implicit extra parameter is passed with it. The extra parameter represents (in an indirect way) the accessibility level of the anonymous access type, and, therefore, the level of the view denoted by a dereference of the access parameter. This is analogous to the implicit "Constrained" bit associated with certain formal parameters of an unconstrained but definite composite subtype. In this method, we avoid distributed overhead: it is not necessary to pass any extra information to subprograms that have no access parameters. For anything other than an access parameter and its anonymous type, the static nesting level is known at compile time, and is defined analogously to the RM95 definition of accessibility level (e.g. derived access types get their nesting level from their parent). Checking "not deeper than" is a "<=" test on the levels. 23.y/2 For each access parameter of an access-to-object type, the static depth passed depends on the actual, as follows: 23.z * If the actual is an expression of a named access type, pass the static nesting level of that type. 23.aa * If the actual is an allocator, pass the static nesting level of the caller, plus one. 23.bb/1 * If the actual is a reference to the Access attribute, pass the level of the view denoted by the prefix. 23.cc * If the actual is a reference to the Unchecked_Access attribute, pass 0 (the library accessibility level). 23.dd/2 * If the actual is an access parameter of an access-to-object type, usually just pass along the level passed in. However, if the static nesting level of the formal (access) parameter is greater than the static nesting level of the actual (access) parameter, the level to be passed is the minimum of the static nesting level of the access parameter and the actual level passed in. 23.ee/2 For the Accessibility_Check associated with a type_conversion of an access parameter of an access-to-object type of a given subprogram to a named access type, if the target type is statically nested within the subprogram, do nothing; the check can't fail in this case. Otherwise, check that the value passed in is <= the static nesting depth of the target type. The other Accessibility_Checks are handled in a similar manner. 23.ff This method, using statically known values most of the time, is efficient, and, more importantly, avoids distributed overhead. 23.ff.1/3 {AI05-0148-1} The implementation of accessibility checks for stand-alone objects of anonymous access-to-object types can be similar to that for anonymous access-to-object parameters. A static level suffices; it can be calculated using rules similar to those previously described for access parameters. 23.ff.2/3 {AI05-0148-1} One important difference between the stand-alone access variables and access parameters is that one can assign a local access parameter to a more global stand-alone access variable. Similarly, one can assign a more global access parameter to a more local stand-alone access variable. 23.ff.3/3 {AI05-0148-1} For these cases, it is important to note that the "correct" static accessibility level for an access parameter assigned to a stand-alone access object is the minimum of the passed in level and the static accessibility level of the stand-alone object itself. This is true since the static accessibility level passed in might be deeper than that of the stand-alone object, but the dynamic accessibility of the passed in object clearly must be shallower than the stand-alone object (whatever is passed in must live at least as long as the subprogram call). We do not need to keep a more local static level as accesses to objects statically deeper than the stand-alone object cannot be stored into the stand-alone object. 23.gg Discussion: Examples of accessibility: 23.hh/3 {AI05-0005-1} package body Lib_Unit is type T is tagged ...; type A0 is access all T; Global: A0 := ...; procedure P(X: in out T) is Y: aliased T; type A1 is access all T; Ptr0: A0 := Global; -- OK. Ptr1: A1 := X'Access; -- OK. begin Ptr1 := Y'Access; -- OK; Ptr0 := A0(Ptr1); -- Illegal type conversion! Ptr0 := X'Access; -- Illegal reference to Access attribute! Ptr0 := Y'Access; -- Illegal reference to Access attribute! Global := Ptr0; -- OK. end P; end Lib_Unit; 23.ii/3 {AI05-0005-1} The above illegal statements are illegal because the accessibility levels of X and Y are statically deeper than the accessibility level of A0. In every possible execution of any program including this library unit, if P is called, the accessibility level of X will be (dynamically) deeper than that of A0. Note that the accessibility levels of X and Y are the same. 23.jj/2 Here's an example involving access parameters of an access-to-object type: 23.kk procedure Main is type Level_1_Type is access all Integer; 23.ll procedure P(X: access Integer) is type Nested_Type is access all Integer; begin ... Nested_Type(X) ... -- (1) ... Level_1_Type(X) ... -- (2) end P; 23.mm procedure Q(X: access Integer) is procedure Nested(X: access Integer) is begin P(X); end Nested; begin Nested(X); end Q; 23.nn procedure R is Level_2: aliased Integer; begin Q(Level_2'Access); -- (3) end R; 23.oo Level_1: aliased Integer; begin Q(Level_1'Access); -- (4) R; end Main; 23.pp The run-time Accessibility_Check at (1) can never fail, and no code should be generated to check it. The check at (2) will fail when called from (3), but not when called from (4). 23.qq Within a type_declaration, the rules are checked in an assume-the-worst manner. For example: 23.rr/3 {AI05-0298-1} package P is type Int_Ptr is access all Integer; type Rec(D: access Integer) is limited private; private type Rec_Ptr is access all Rec; function F(X: Rec_Ptr) return Boolean; function G(X: access Rec) return Boolean; type Rec(D: access Integer) is limited record C1: Int_Ptr := Int_Ptr(D); -- Illegal! C2: Rec_Ptr := Rec'Access; -- Illegal! C3: Boolean := F(Rec'Access); -- Illegal! C4: Boolean := G(Rec'Access); end record; end P; 23.ss C1, C2, and C3 are all illegal, because one might declare an object of type Rec at a more deeply nested place than the declaration of the type. C4 is legal, but the accessibility level of the object will be passed to function G, and constraint checks within G will prevent it from doing any evil deeds. 23.tt Note that we cannot defer the checks on C1, C2, and C3 until compile-time of the object creation, because that would cause violation of the privacy of private parts. Furthermore, the problems might occur within a task or protected body, which the compiler can't see while compiling an object creation. 24 The following attribute is defined for a prefix X that denotes an aliased view of an object: 25/1 X'Access {8652/0010} {AI95-00127-01} X'Access yields an access value that designates the object denoted by X. The type of X'Access is an access-to-object type, as determined by the expected type. The expected type shall be a general access type. X shall denote an aliased view of an object[, including possibly the current instance (see 8.6) of a limited type within its definition, or a formal parameter or generic formal object of a tagged type]. The view denoted by the prefix X shall satisfy the following additional requirements, presuming the expected type for X'Access is the general access type A with designated type D: 26 * If A is an access-to-variable type, then the view shall be a variable; [on the other hand, if A is an access-to-constant type, the view may be either a constant or a variable.] 26.a Discussion: The current instance of a limited type is considered a variable. 27/3 * {AI95-00363-01} {AI05-0008-1} {AI05-0041-1} The view shall not be a subcomponent that depends on discriminants of an object unless the object is known to be constrained. 27.a Discussion: This restriction is intended to be similar to the restriction on renaming discriminant-dependent subcomponents. 27.b Reason: This prevents references to subcomponents that might disappear or move or change constraints after creating the reference. 27.c Implementation Note: There was some thought to making this restriction more stringent, roughly: "X shall not denote a subcomponent of a variable with discriminant-dependent subcomponents, if the nominal subtype of the variable is an unconstrained definite subtype." This was because in some implementations, it is not just the discriminant-dependent subcomponents that might move as the result of an assignment that changed the discriminants of the enclosing object. However, it was decided not to make this change because a reasonable implementation strategy was identified to avoid such problems, as follows: 27.d * Place non-discriminant-dependent components with any aliased parts at offsets preceding any discriminant-dependent components in a discriminated record type with defaulted discriminants. 27.e * Preallocate the maximum space for unconstrained discriminated variables with aliased subcomponents, rather than allocating the initial size and moving them to a larger (heap-resident) place if they grow as the result of an assignment. 27.f Note that for objects of a by-reference type, it is not an error for a programmer to take advantage of the fact that such objects are passed by reference. Therefore, the above approach is also necessary for discriminated record types with components of a by-reference type. 27.g To make the above strategy work, it is important that a component of a derived type is defined to be discriminant-dependent if it is inherited and the parent subtype constraint is defined in terms of a discriminant of the derived type (see 3.7). 28/2 * {8652/0010} {AI95-00127-01} {AI95-00363-01} If A is a named access type and D is a tagged type, then the type of the view shall be covered by D; if A is anonymous and D is tagged, then the type of the view shall be either D'Class or a type covered by D; if D is untagged, then the type of the view shall be D, and either: 28.1/2 * {AI95-00363-01} the designated subtype of A shall statically match the nominal subtype of the view; or 28.2/4 * {AI95-00363-01} {AI05-0041-1} {AI12-0095-1} D shall be discriminated in its full view and unconstrained in any partial view, and the designated subtype of A shall be unconstrained. 28.a Implementation Note: This ensures that the dope for an aliased array object can always be stored contiguous with it, but need not be if its nominal subtype is constrained. 28.a.1/1 Ramification: {8652/0010} {AI95-00127-01} An access attribute can be used as the controlling operand in a dispatching call; see 3.9.2. 28.a.2/2 {AI95-00363-01} This does not require that types have a partial view in order to allow an access attribute of an unconstrained discriminated object, only that any partial view that does exist is unconstrained. 28.a.3/4 Discussion: {AI12-0095-1} We assume the worst in a generic body whether or not a formal subtype has a constrained partial view; specifically, in a generic body a discriminated subtype is considered to have a constrained partial view if it is a descendant of an untagged generic formal private or derived type (see 12.5.1 for the formal definition of this rule). 29/3 * {AI05-0041-1} The accessibility level of the view shall not be statically deeper than that of the access type A. 29.a Ramification: In an instance body, a run-time check applies. 29.b/2 {AI95-00230-01} If A is an anonymous access-to-object type of an access parameter, then the view can never have a deeper accessibility level than A. The same is true for an anonymous access-to-object type of an access discriminant, except when X'Access is used to initialize an access discriminant of an object created by an allocator. The latter case is illegal if the accessibility level of X is statically deeper than that of the access type of the allocator; a run-time check is needed in the case where the initial value comes from an access parameter. Other anonymous access-to-object types have "normal" accessibility checks. 29.1/3 {AI05-0041-1} In addition to the places where Legality Rules normally apply (see 12.3), these requirements apply also in the private part of an instance of a generic unit. 30 A check is made that the accessibility level of X is not deeper than that of the access type A. If this check fails, Program_Error is raised. 30.a/2 Ramification: The check is needed for access parameters of an access-to-object type and in instance bodies. 30.a.1/3 {AI05-0024-1} Because there are no access parameters permitted for task entries, the accessibility levels are always comparable. We would have to switch to the terminology used in 4.8 and 6.5 based on inclusion within masters if we relax this restriction. That might introduce unacceptable distributed overhead. 30.b/3 Implementation Note: {AI05-0148-1} This check requires that some indication of lifetime is passed as an implicit parameter along with access parameters of an access-to-object type. A similar indication is required for stand-alone objects of anonymous access-to-object types.No such requirement applies to other anonymous access types, since the checks associated with them are all compile-time checks. 31 If the nominal subtype of X does not statically match the designated subtype of A, a view conversion of X to the designated subtype is evaluated (which might raise Constraint_Error - see 4.6) and the value of X'Access designates that view. 32 The following attribute is defined for a prefix P that denotes a subprogram: 33/3 P'Access {AI95-00229-01} {AI95-00254-01} {AI05-0239-1} P'Access yields an access value that designates the subprogram denoted by P. The type of P'Access is an access-to-subprogram type (S), as determined by the expected type. The accessibility level of P shall not be statically deeper than that of S. In addition to the places where Legality Rules normally apply (see 12.3), this rule applies also in the private part of an instance of a generic unit. The profile of P shall be subtype conformant with the designated profile of S, and shall not be Intrinsic. If the subprogram denoted by P is declared within a generic unit, and the expression P'Access occurs within the body of that generic unit or within the body of a generic unit declared within the declarative region of the generic unit, then the ultimate ancestor of S shall be either a nonformal type declared within the generic unit or an anonymous access type of an access parameter. 33.a/2 Discussion: {AI95-00229-01} The part about generic bodies is worded in terms of the denoted subprogram, not the denoted view; this implies that renaming is invisible to this part of the rule. "Declared within the declarative region of the generic" is referring to child and nested generic units. This rule is partly to prevent contract model problems with respect to the accessibility rules, and partly to ease shared-generic-body implementations, in which a subprogram declared in an instance needs to have a different calling convention from other subprograms with the same profile. 33.b Overload resolution ensures only that the profile is type conformant. This rule specifies that subtype conformance is required (which also requires matching calling conventions). P cannot denote an entry because access-to-subprogram types never have the entry calling convention. P cannot denote an enumeration literal or an attribute function because these have intrinsic calling conventions. Legality Rules 33.1/3 {AI05-0188-1} An expression is said to have distributed accessibility if it is 33.2/3 * a conditional_expression (see 4.5.7); or 33.3/3 * a view conversion, qualified_expression, or parenthesized expression whose operand has distributed accessibility. 33.4/3 {AI05-0188-1} The statically deeper relationship does not apply to the accessibility level of an expression having distributed accessibility; that is, such an accessibility level is not considered to be statically deeper, nor statically shallower, than any other. 33.5/3 {AI05-0188-1} Any static accessibility requirement that is imposed on an expression that has distributed accessibility (or on its type) is instead imposed on the dependent_expressions of the underlying conditional_expression. This rule is applied recursively if a dependent_expression also has distributed accessibility. 33.c/3 Discussion: This means that any Legality Rule requiring that the accessibility level of an expression (or that of the type of an expression) shall or shall not be statically deeper than some other level also applies, in the case where the expression has distributed accessibility, to each dependent_expression of the underlying conditional_expression. NOTES 34 91 The Unchecked_Access attribute yields the same result as the Access attribute for objects, but has fewer restrictions (see 13.10). There are other predefined operations that yield access values: an allocator can be used to create an object, and return an access value that designates it (see 4.8); evaluating the literal null yields a null access value that designates no entity at all (see 4.2). 35/2 92 {AI95-00230-01} The predefined operations of an access type also include the assignment operation, qualification, and membership tests. Explicit conversion is allowed between general access types with matching designated subtypes; explicit conversion is allowed between access-to-subprogram types with subtype conformant profiles (see 4.6 ). Named access types have predefined equality operators; anonymous access types do not, but they can use the predefined equality operators for universal_access (see 4.5.2). 35.a/2 Reason: {AI95-00230-01} Anonymous access types can use the universal access equality operators declared in Standard, while named access types cannot for compatibility reasons. By not having equality operators for anonymous access types, we eliminate the need to specify exactly where the predefined operators for anonymous access types would be defined, as well as the need for an implementer to insert an implicit declaration for "=", etc. at the appropriate place in their symbol table. Note that ":=", 'Access, and ".all" are defined. 36 93 The object or subprogram designated by an access value can be named with a dereference, either an explicit_dereference or an implicit_dereference. See 4.1. 37 94 A call through the dereference of an access-to-subprogram value is never a dispatching call. 37.a Proof: See 3.9.2. 38/2 95 {AI95-00254-01} The Access attribute for subprograms and parameters of an anonymous access-to-subprogram type may together be used to implement "downward closures" - that is, to pass a more-nested subprogram as a parameter to a less-nested subprogram, as might be appropriate for an iterator abstraction or numerical integration. Downward closures can also be implemented using generic formal subprograms (see 12.6). Note that Unchecked_Access is not allowed for subprograms. 39 96 Note that using an access-to-class-wide tagged type with a dispatching operation is a potentially more structured alternative to using an access-to-subprogram type. 40 97 An implementation may consider two access-to-subprogram values to be unequal, even though they designate the same subprogram. This might be because one points directly to the subprogram, while the other points to a special prologue that performs an Elaboration_Check and then jumps to the subprogram. See 4.5.2. 40.a Ramification: If equality of access-to-subprogram values is important to the logic of a program, a reference to the Access attribute of a subprogram should be evaluated only once and stored in a global constant for subsequent use and equality comparison. Examples 41 Example of use of the Access attribute: 42 Martha : Person_Name := new Person(F); -- see 3.10.1 Cars : array (1..2) of aliased Car; ... Martha.Vehicle := Cars(1)'Access; George.Vehicle := Cars(2)'Access; Extensions to Ada 83 42.a We no longer make things like 'Last and ".component" (basic) operations of an access type that need to be "declared" somewhere. Instead, implicit dereference in a prefix takes care of them all. This means that there should never be a case when X.all'Last is legal while X'Last is not. See AI83-00154. Incompatibilities With Ada 95 42.b/2 {AI95-00363-01} Aliased variables are not necessarily constrained in Ada 2005 (see 3.6). Therefore, a subcomponent of an aliased variable may disappear or change shape, and taking 'Access of such a subcomponent thus is illegal, while the same operation would have been legal in Ada 95. Note that most allocated objects are still constrained by their initial value (see 4.8), and thus legality of 'Access didn't change for them. For example: 42.c/2 type T1 (D1 : Boolean := False) is record case D1 is when False => C1 : aliased Integer; when True => null; end case; end record; type Acc_Int is access all Integer; 42.d/2 A_T : aliased T1; Ptr : Acc_Int := A_T.C1'Access; -- Illegal in Ada 2005, legal in Ada 95 A_T := (D1 => True); -- Raised Constraint_Error in Ada 95, but does not -- in Ada 2005, so Ptr would become invalid when this -- is assigned (thus Ptr is illegal). 42.e/2 {AI95-00363-01} If a discriminated full type has a partial view (private type) that is constrained, we do not allow 'Access on objects to create a value of an object of an access-to-unconstrained type. Ada 95 allowed this attribute and various access subtypes, requiring that the heap object be constrained and thus making details of the implementation of the private type visible to the client of the private type. See 4.8 for more on this topic. 42.f/2 {AI95-00229-01} {AI95-00254-01} Amendment Correction: Taking 'Access of a subprogram declared in a generic unit in the body of that generic is no longer allowed. Such references can easily be used to create dangling pointers, as Legality Rules are not rechecked in instance bodies. At the same time, the rules were loosened a bit where that is harmless, and also to allow any routine to be passed to an access parameter of an access-to-subprogram type. The now illegal uses of 'Access can almost always be moved to the private part of the generic unit, where they are still legal (and rechecked upon instantiation for possibly dangling pointers). Extensions to Ada 95 42.g/2 {8652/0010} {AI95-00127-01} Corrigendum: Access attributes of objects of class-wide types can be used as the controlling parameter in a dispatching calls (see 3.9.2). This was an oversight in Ada 95. 42.h/2 {AI95-00235-01} Amendment Correction: The type of the prefix can now be used in resolving Access attributes. This allows more uses of the Access attribute to resolve. For example: 42.i/2 type Int_Ptr is access all Integer; type Float_Ptr is access all Float; 42.j/2 function Zap (Val : Int_Ptr) return Float; function Zap (Val : Float_Ptr) return Float; 42.k/2 Value : aliased Integer := 10; 42.l/2 Result1 : Float := Zap (Value'access); -- Ambiguous in Ada 95; resolves in Ada 2005. Result2 : Float := Zap (Int_Ptr'(Value'access)); -- Resolves in Ada 95 and Ada 2005. 42.m/2 This change is upward compatible; any expression that does not resolve by the new rules would have failed a Legality Rule. Wording Changes from Ada 95 42.n/2 {AI95-00162-01} Adjusted the wording to reflect the fact that expressions and function calls are masters. 42.o/2 {AI95-00230-01} {AI95-00254-01} {AI95-00318-02} {AI95-00385-01} {AI95-00416-01} Defined the accessibility of the various new kinds and uses of anonymous access types. Incompatibilities With Ada 2005 42.p/3 {AI05-0008-1} Correction: Simplified the description of when a discriminant-dependent component is allowed as the prefix of 'Access to when the object is known to be constrained. This fixes a confusion as to whether a subcomponent of an object that is not certain to be constrained can be used as a prefix of 'Access. The fix introduces an incompatibility, as the rule did not apply in Ada 95 if the prefix was a constant; but it now applies no matter what kind of object is involved. The incompatibility is not too bad, since most kinds of constants are known to be constrained. 42.q/3 {AI05-0041-1} Correction: Corrected the checks for the constrainedness of the prefix of the Access attribute so that assume-the-worst is used in generic bodies. This may make some programs illegal, but those programs were at risk having objects disappear while valid access values still pointed at them. Extensions to Ada 2005 42.r/3 {AI05-0082-1} Correction: Eliminated the static accessibility definition for generic formal types, as the actual can be more or less nested than the generic itself. This allows programs that were illegal for Ada 95 and for Ada 2005. 42.s/3 {AI05-0148-1} {AI05-0253-1} Eliminate the static accessibility definition for stand-alone objects of anonymous access-to-object types. This allows such objects to be used as temporaries without causing accessibility problems. Wording Changes from Ada 2005 42.t/3 {AI05-0014-1} Correction: Corrected the rules so that the accessibility of the object designated by an access object is that of the access type, even when no dereference is given. The accessibility was not specified in the past. This correction applies to both Ada 95 and Ada 2005. 42.u/3 {AI05-0024-1} Correction: Corrected accessibility rules for access discriminants so that no cases are omitted. 42.v/3 {AI05-0051-1} {AI05-0234-1} {AI05-0235-1} {AI05-0284-1} Correction: Corrected accessibility rules for anonymous access return types and access discriminants in return statements. 42.w/3 {AI05-0066-1} Correction: Changed coextension rules so that coextensions that belong to an anonymous object are transfered to the ultimate object. 42.x/3 {AI05-0142-4} {AI05-0188-1} {AI05-0235-1} Defined the accessibility of explicitly aliased parameters (see 6.1) and conditional_expressions (see 4.5.7). 42.y/3 {AI05-0234-1} Correction: Defined the term "master of the call" to simplify other wording, especially that for the accessibility checks associated with return statements and explicitly aliased parameters. 42.z/3 {AI05-0270-1} Correction: Defined the (omitted) accessibility level of null values when those are passed as the actual of an access-to-object parameter. Incompatibilities With Ada 2012 42.aa/4 {AI12-0027-1} Corrigendum: Defined the accessibility of a value conversion, so that it is treated like an aggregate built at the point of the conversion. This was previously unspecified, so this change might be incompatible if an Ada implementation treated the accessibility of such conversions as that of the operand type; in that case, previous legal conversions probably will become illegal as the lifetime of the conversion is very short. However, code that could tell this difference is fairly rare (taking 'Access of a component of a result of a type conversion), code depending on this accessibility was not portable, and such code could have created an immediately dangling pointer if the conversion actually made a copy (which is necessary in some instances). Wording Changes from Ada 2012 42.bb/4 {AI12-0067-1} Corrigendum: Corrected so that it is clear that explicitly aliased parameters in procedures have the same accessibility as other parameters. Only explicitly aliased parameters in functions are special. 42.cc/4 {AI12-0070-1} Corrigendum: The accessibility of an anonymous access type of an extended_return_statement is defined here rather than in 6.5 so that all accessibility rules are here. 42.dd/4 {AI12-0089-1} Corrigendum: Corrected a number of rules so that they clearly apply to generic functions as well as functions. (Remember, a generic function is not a function.) 42.ee/4 {AI12-0095-1} Corrigendum: Moved the assume the worst rule about constrainedness of the prefix of attribute Access to 12.5.1, as a number of places in the Standard need this rule. 42.ff/4 {AI12-0157-1} Corrigendum: Ensured that the statically deeper relationship applies within the return expression of an expression function. (Dynamic properties apply by equivalence, but static properties are handled separately.) 3.11 Declarative Parts 1 [A declarative_part contains declarative_items (possibly none).] Syntax 2 declarative_part ::= {declarative_item} 3 declarative_item ::= basic_declarative_item | body 4/1 {8652/0009} {AI95-00137-01} basic_declarative_item ::= basic_declaration | aspect_clause | use_clause 5 body ::= proper_body | body_stub 6 proper_body ::= subprogram_body | package_body | task_body | protected_body Static Semantics 6.1/2 {AI95-00420-01} The list of declarative_items of a declarative_part is called the declaration list of the declarative_part. Dynamic Semantics 7 The elaboration of a declarative_part consists of the elaboration of the declarative_items, if any, in the order in which they are given in the declarative_part. 8 An elaborable construct is in the elaborated state after the normal completion of its elaboration. Prior to that, it is not yet elaborated. 8.a Ramification: The elaborated state is only important for bodies; certain uses of a body raise an exception if the body is not yet elaborated. 8.b Note that "prior" implies before the start of elaboration, as well as during elaboration. 8.c The use of the term "normal completion" implies that if the elaboration propagates an exception or is aborted, the declaration is not elaborated. RM83 missed the aborted case. 9 For a construct that attempts to use a body, a check (Elaboration_Check) is performed, as follows: 10/1 * {8652/0014} {AI95-00064-01} For a call to a (non-protected) subprogram that has an explicit body, a check is made that the body is already elaborated. This check and the evaluations of any actual parameters of the call are done in an arbitrary order. 10.a Discussion: AI83-00180 specifies that there is no elaboration check for a subprogram defined by a pragma Interface (or equivalently, pragma Import). AI83-00430 specifies that there is no elaboration check for an enumeration literal. AI83-00406 specifies that the evaluation of parameters and the elaboration check occur in an arbitrary order. AI83-00406 applies to generic instantiation as well (see below). 10.a.1/3 {8652/0014} {AI95-00064-01} {AI05-0177-1} A subprogram can be completed by a renaming-as-body, a null_procedure_declaration, or an expression_function_declaration, and we need to make an elaboration check on such a body, so we use "body" rather than subprogram_body above. 11/3 * {AI05-0229-1} For a call to a protected operation of a protected type (that has a body - no check is performed if the protected type is imported - see B.1), a check is made that the protected_body is already elaborated. This check and the evaluations of any actual parameters of the call are done in an arbitrary order. 11.a Discussion: A protected type has only one elaboration "bit," rather than one for each operation, because one call may result in evaluating the barriers of other entries, and because there are no elaborable declarations between the bodies of the operations. In fact, the elaboration of a protected_body does not elaborate the enclosed bodies, since they are not considered independently elaborable. 11.b Note that there is no elaboration check when calling a task entry. Task entry calls are permitted even before the associated task_body has been seen. Such calls are simply queued until the task is activated and reaches a corresponding accept_statement. We considered a similar rule for protected entries - simply queuing all calls until the protected_body was seen, but felt it was not worth the possible implementation overhead, particularly given that there might be multiple instances of the protected type. 12 * For the activation of a task, a check is made by the activator that the task_body is already elaborated. If two or more tasks are being activated together (see 9.2), as the result of the elaboration of a declarative_part or the initialization for the object created by an allocator, this check is done for all of them before activating any of them. 12.a Reason: As specified by AI83-00149, the check is done by the activator, rather than by the task itself. If it were done by the task itself, it would be turned into a Tasking_Error in the activator, and the other tasks would still be activated. 13 * For the instantiation of a generic unit that has a body, a check is made that this body is already elaborated. This check and the evaluation of any explicit_generic_actual_parameters of the instantiation are done in an arbitrary order. 14 The exception Program_Error is raised if any of these checks fails. Extensions to Ada 83 14.a/2 {AI95-00114-01} The syntax for declarative_part is modified to remove the ordering restrictions of Ada 83; that is, the distinction between basic_declarative_items and later_declarative_items within declarative_parts is removed. This means that things like use_clauses and object_declarations can be freely intermixed with things like bodies. 14.b The syntax rule for proper_body now allows a protected_body, and the rules for elaboration checks now cover calls on protected operations. Wording Changes from Ada 83 14.c The syntax rule for later_declarative_item is removed; the syntax rule for declarative_item is new. 14.d RM83 defines "elaborated" and "not yet elaborated" for declarative_items here, and for other things in 3.1, " Declarations". That's no longer necessary, since these terms are fully defined in 3.1. 14.e In RM83, all uses of declarative_part are optional (except for the one in block_statement with a declare) which is sort of strange, since a declarative_part can be empty, according to the syntax. That is, declarative_parts are sort of "doubly optional". In Ada 95, these declarative_parts are always required (but can still be empty). To simplify description, we go further and say (see 5.6 , "Block Statements") that a block_statement without an explicit declarative_part is equivalent to one with an empty one. Wording Changes from Ada 95 14.f/2 {8652/0009} {AI95-00137-01} Corrigendum: Changed representation clauses to aspect clauses to reflect that they are used for more than just representation. 14.g/2 {8652/0014} {AI95-00064-01} Corrigendum: Clarified that the elaboration check applies to all kinds of subprogram bodies. 14.h/2 {AI95-00420-01} Defined "declaration list" to avoid confusion for various rules. Other kinds of declaration list are defined elsewhere. 3.11.1 Completions of Declarations 1/3 {8652/0014} {AI95-00064-01} {AI05-0177-1} Declarations sometimes come in two parts. A declaration that requires a second part is said to require completion. The second part is called the completion of the declaration (and of the entity declared), and is either another declaration, a body, or a pragma. A body is a body, an entry_body, a null_procedure_declaration or an expression_function_declaration that completes another declaration, or a renaming-as-body (see 8.5.4). 1.a Discussion: Throughout the RM95, there are rules about completions that define the following: 1.b * Which declarations require a corresponding completion. 1.c * Which constructs can only serve as the completion of a declaration. 1.d * Where the completion of a declaration is allowed to be. 1.e * What kinds of completions are allowed to correspond to each kind of declaration that allows one. 1.f Don't confuse this compile-time concept with the run-time concept of completion defined in 7.6.1. 1.g Note that the declaration of a private type (if limited) can be completed with the declaration of a task type, which is then completed with a body. Thus, a declaration can actually come in three parts. 1.h/3 {AI95-00217-06} {AI05-0162-1} An incomplete type (whether declared in the limited view of a package or not) may be completed by a private type declaration, so we can in fact have four parts. 1.i/3 {AI05-0229-1} In Ada 2012, there are no language-defined pragmas that act as completions. Pragma Import (which is obsolescent) has the effect of setting aspect Import to True; such an aspect makes giving a completion illegal. The wording that allows pragmas as completions was left as it is harmless and appears in many places in this Standard. Name Resolution Rules 2 A construct that can be a completion is interpreted as the completion of a prior declaration only if: 3 * The declaration and the completion occur immediately within the same declarative region; 4 * The defining name or defining_program_unit_name in the completion is the same as in the declaration, or in the case of a pragma, the pragma applies to the declaration; 5 * If the declaration is overloadable, then the completion either has a type-conformant profile, or is a pragma. Legality Rules 6/3 {AI05-0229-1} An implicit declaration shall not have a completion. For any explicit declaration that is specified to require completion, there shall be a corresponding explicit completion, unless the declared entity is imported (see B.1). 6.a.1/2 To be honest: {AI95-00217-06} The implicit declarations occurring in a limited view do have a completion (the explicit declaration occurring in the full view) but that's a special case, since the implicit declarations are actually built from the explicit ones. So they do not require a completion, they have one by fiat. 6.a/3 Discussion: {AI05-0299-1} The implicit declarations of predefined operators are not allowed to have a completion. Enumeration literals, although they are subprograms, are not allowed to have a corresponding subprogram_body. That's because the completion rules are described in terms of constructs (subprogram_declarations) and not entities (subprograms). When a completion is required, it has to be explicit; the implicit null package_body that Clause 7 talks about cannot serve as the completion of a package_declaration if a completion is required. 7 At most one completion is allowed for a given declaration. Additional requirements on completions appear where each kind of completion is defined. 7.a Ramification: A subunit is not a completion; the stub is. 7.b If the completion of a declaration is also a declaration, then that declaration might have a completion, too. For example, a limited private type can be completed with a task type, which can then be completed with a task body. This is not a violation of the "at most one completion" rule. 8 A type is completely defined at a place that is after its full type definition (if it has one) and after all of its subcomponent types are completely defined. A type shall be completely defined before it is frozen (see 13.14 and 7.3). 8.a Reason: Index types are always completely defined - no need to mention them. There is no way for a completely defined type to depend on the value of a (still) deferred constant. NOTES 9/3 98 {AI05-0229-1} Completions are in principle allowed for any kind of explicit declaration. However, for some kinds of declaration, the only allowed completion is an implementation-defined pragma, and implementations are not required to have any such pragmas. 9.a/3 This paragraph was deleted.{AI05-0229-1} 10 99 There are rules that prevent premature uses of declarations that have a corresponding completion. The Elaboration_Checks of 3.11 prevent such uses at run time for subprograms, protected operations, tasks, and generic units. The rules of 13.14, "Freezing Rules" prevent, at compile time, premature uses of other entities such as private types and deferred constants. Wording Changes from Ada 83 10.a This subclause is new. It is intended to cover all kinds of completions of declarations, be they a body for a spec, a full type for an incomplete or private type, a full constant declaration for a deferred constant declaration, or a pragma Import for any kind of entity. Wording Changes from Ada 95 10.b/2 {8652/0014} {AI95-00064-01} Corrigendum: Added a definition of body, which is different than body or body. Wording Changes from Ada 2005 10.c/3 {AI95-0177-1} Added null procedures and expression functions that are completions to the definition of body.