1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>AARM95 - Operations of Access Types</TITLE>
<META NAME="Author" CONTENT="JTC1/SC22/WG9/ARG, by Randall Brukardt, ARG Editor">
<META NAME="GENERATOR" CONTENT="Arm_Form.Exe, Ada Reference Manual generator">
<STYLE type="text/css">
DIV.paranum {position: absolute; font-family: Arial, Helvetica, sans-serif; left: 0.5 em; top: auto}
TT {font-family: "Courier New", monospace}
DT {display: compact}
DIV.Normal {font-family: "Times New Roman", Times, serif; margin-bottom: 0.6em}
DIV.Wide {font-family: "Times New Roman", Times, serif; margin-top: 0.6em; margin-bottom: 0.6em}
DIV.Annotations {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-bottom: 0.6em}
DIV.WideAnnotations {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-top: 0.6em; margin-bottom: 0.6em}
DIV.Index {font-family: "Times New Roman", Times, serif}
DIV.SyntaxSummary {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-bottom: 0.4em}
DIV.Notes {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-bottom: 0.6em}
DIV.NotesHeader {font-family: "Times New Roman", Times, serif; margin-left: 2.0em}
DIV.SyntaxIndented {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-bottom: 0.4em}
DIV.Indented {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-bottom: 0.6em}
DIV.CodeIndented {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-bottom: 0.6em}
DIV.SmallIndented {font-family: "Times New Roman", Times, serif; margin-left: 10.0em; margin-bottom: 0.6em}
DIV.SmallCodeIndented {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-bottom: 0.6em}
DIV.Examples {font-family: "Courier New", monospace; margin-left: 2.0em; margin-bottom: 0.6em}
DIV.SmallExamples {font-family: "Courier New", monospace; font-size: 80%; margin-left: 7.5em; margin-bottom: 0.6em}
DIV.IndentedExamples {font-family: "Courier New", monospace; margin-left: 8.0em; margin-bottom: 0.6em}
DIV.SmallIndentedExamples {font-family: "Courier New", monospace; font-size: 80%; margin-left: 15.0em; margin-bottom: 0.6em}
UL.Bulleted {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-right: 2.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.SmallBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.NestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.SmallNestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-right: 8.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.IndentedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-right: 8.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.CodeIndentedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.CodeIndentedNestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-right: 8.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.SyntaxIndentedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.NotesBulleted {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
UL.NotesNestedBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
DL.Hanging {font-family: "Times New Roman", Times, serif; margin-top: 0em; margin-bottom: 0.6em}
DD.Hanging {margin-left: 6.0em}
DL.IndentedHanging {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-top: 0em; margin-bottom: 0.6em}
DD.IndentedHanging {margin-left: 2.0em}
DL.HangingInBulleted {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-right: 2.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.HangingInBulleted {margin-left: 4.0em}
DL.SmallHanging {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-top: 0em; margin-bottom: 0.6em}
DD.SmallHanging {margin-left: 7.5em}
DL.SmallIndentedHanging {font-family: "Times New Roman", Times, serif; margin-left: 8.0em; margin-top: 0em; margin-bottom: 0.6em}
DD.SmallIndentedHanging {margin-left: 2.0em}
DL.SmallHangingInBulleted {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.SmallHangingInBulleted {margin-left: 5.0em}
DL.Enumerated {font-family: "Times New Roman", Times, serif; margin-right: 0.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.Enumerated {margin-left: 2.0em}
DL.SmallEnumerated {font-family: "Times New Roman", Times, serif; margin-left: 4.0em; margin-right: 4.0em; margin-top: 0em; margin-bottom: 0.5em}
DD.SmallEnumerated {margin-left: 2.5em}
DL.NestedEnumerated {font-family: "Times New Roman", Times, serif; margin-left: 2.0em; margin-right: 2.0em; margin-top: 0em; margin-bottom: 0.5em}
DL.SmallNestedEnumerated {font-family: "Times New Roman", Times, serif; margin-left: 6.0em; margin-right: 6.0em; margin-top: 0em; margin-bottom: 0.5em}
</STYLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFF0" LINK="#0000FF" VLINK="#800080" ALINK="#FF0000">
<P><A HREF="AA-TOC.html">Contents</A> <A HREF="AA-0-29.html">Index</A> <A HREF="AA-3-10-1.html">Previous</A> <A HREF="AA-3-11.html">Next</A></P>
<HR>
<H1> 3.10.2 Operations of Access Types</H1>
<DIV Class="Paranum"><FONT SIZE=-2>1</FONT></DIV>
<DIV Class="Normal"> [The attribute Access is used to create access
values designating aliased objects and non-intrinsic subprograms. The
``accessibility'' rules prevent dangling references (in the absence of
uses of certain unchecked features -- see Section 13).] </DIV>
<H4 ALIGN=CENTER>Language Design Principles</H4>
<DIV Class="Paranum"><FONT SIZE=-2>1.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>It should be possible for an access
value to designate an object declared by an object declaration, or a
subcomponent thereof. In implementation terms, this means pointing at
stack-allocated and statically allocated data structures. However, dangling
references should be prevented, primarily via compile-time rules, so
long as features like Unchecked_Access and Unchecked_Deallocation are
not used.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>1.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>In order to create such access
values, we require that the access type be a general access type, that
the designated object be aliased, and that the accessibility rules be
obeyed. </FONT></DIV>
<H4 ALIGN=CENTER>Name Resolution Rules</H4>
<DIV Class="Paranum"><FONT SIZE=-2>2</FONT></DIV>
<DIV Class="Normal"> <A NAME="I2186"></A>For an <FONT FACE="Arial, Helvetica">attribute_reference</FONT>
with <FONT FACE="Arial, Helvetica">attribute_designator</FONT> Access
(or Unchecked_Access -- see <A HREF="AA-13-10.html">13.10</A>), the expected
type shall be a single access type[; the <FONT FACE="Arial, Helvetica">prefix</FONT>
of such an <FONT FACE="Arial, Helvetica">attribute_reference</FONT> is
never interpreted as an <FONT FACE="Arial, Helvetica">implicit_dereference</FONT>].
<A NAME="I2187"></A>If the expected type is an access-to-subprogram type,
then the expected profile of the <FONT FACE="Arial, Helvetica">prefix</FONT>
is the designated profile of the access type. </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>2.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>Saying that
the expected type shall be a "single access type" is our "new"
way of saying that the type has to be determinable from context using
only the fact that it is an access type. See <A HREF="AA-4-2.html">4.2</A>
and <A HREF="AA-8-6.html">8.6</A>. Specifying the expected profile only
implies type conformance. The more stringent subtype conformance is required
by a Legality Rule. This is the only Resolution Rule that applies to
the <FONT FACE="Arial, Helvetica">name</FONT> in a <FONT FACE="Arial, Helvetica">prefix</FONT>
of an <FONT FACE="Arial, Helvetica">attribute_reference</FONT>. In all
other cases, the <FONT FACE="Arial, Helvetica">name</FONT> has to be
resolved without using context. See <A HREF="AA-4-1-4.html">4.1.4</A>.
</FONT></DIV>
<H4 ALIGN=CENTER>Static Semantics</H4>
<DIV Class="Paranum"><FONT SIZE=-2>3</FONT></DIV>
<DIV Class="Normal"> <A NAME="I2188"></A><A NAME="I2189"></A><A NAME="I2190"></A><A NAME="I2191"></A><A NAME="I2192"></A><A NAME="I2193"></A>[The
accessibility rules, which prevent dangling references, are written in
terms of <I>accessibility levels</I>, which reflect the run-time nesting
of <I>masters</I>. As explained in <A HREF="AA-7-6-1.html">7.6.1</A>,
a master is the execution of a <FONT FACE="Arial, Helvetica">task_body</FONT>,
a <FONT FACE="Arial, Helvetica">block_statement</FONT>, a <FONT FACE="Arial, Helvetica">subprogram_body</FONT>,
an <FONT FACE="Arial, Helvetica">entry_body</FONT>, or an <FONT FACE="Arial, Helvetica">accept_statement</FONT>.
An accessibility level is <I>deeper than</I> another if it is more deeply
nested at run time. For example, an object declared local to a called
subprogram has a deeper accessibility level than an object declared local
to the calling subprogram. The accessibility rules for access types require
that the accessibility level of an object designated by an access value
be no deeper than that of the access type. This ensures that the object
will live at least as long as the access type, which in turn ensures
that the access value cannot later designate an object that no longer
exists. The Unchecked_Access attribute may be used to circumvent the
accessibility rules.]</DIV>
<DIV Class="Paranum"><FONT SIZE=-2>4</FONT></DIV>
<DIV Class="Normal"> <A NAME="I2194"></A><A NAME="I2195"></A>[A given
accessibility level is said to be <I>statically deeper</I> than another
if the given level is known at compile time (as defined below) to be
deeper than the other for all possible executions. In most cases, accessibility
is enforced at compile time by Legality Rules. Run-time accessibility
checks are also used, since the Legality Rules do not cover certain cases
involving access parameters and generic packages.]</DIV>
<DIV Class="Paranum"><FONT SIZE=-2>5</FONT></DIV>
<DIV Class="Normal" Style="margin-bottom: 0.4em"> Each master, and
each entity and view created by it, has an accessibility level: </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>6</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of a given master is deeper than
that of each dynamically enclosing master, and deeper than that of each
master upon which the task executing the given master directly depends
(see <A HREF="AA-9-3.html">9.3</A>).</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>7</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>An entity or view created by a declaration has the same
accessibility level as the innermost enclosing master, except in the
cases of renaming and derived access types described below. A parameter
of a master has the same accessibility level as the master.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>8</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of a view of an object or subprogram
defined by a <FONT FACE="Arial, Helvetica">renaming_declaration</FONT>
is the same as that of the renamed view.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>9</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of a view conversion is the same
as that of the operand.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>10</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>For a function whose result type is a return-by-reference
type, the accessibility level of the result object is the same as that
of the master that elaborated the function body. For any other function,
the accessibility level of the result object is that of the execution
of the called function.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>11</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of a derived access type is the
same as that of its ultimate ancestor.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>12</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of the anonymous access type of
an access discriminant is the same as that of the containing object or
associated constrained subtype.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>13</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of the anonymous access type of
an access parameter is the same as that of the view designated by the
actual. If the actual is an <FONT FACE="Arial, Helvetica">allocator</FONT>,
this is the accessibility level of the execution of the called subprogram.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>14</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of an object created by an <FONT FACE="Arial, Helvetica">allocator</FONT>
is the same as that of the access type.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>15</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of a view of an object or subprogram
denoted by a dereference of an access value is the same as that of the
access type.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>16</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The accessibility level of a component, protected subprogram,
or entry of (a view of) a composite object is the same as that of (the
view of) the composite object. </LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>17</FONT></DIV>
<DIV Class="Wide" Style="margin-bottom: 0.4em"> <A NAME="I2196"></A><A NAME="I2197"></A>One
accessibility level is defined to be <I>statically deeper</I> than another
in the following cases: </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>18</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>For a master that is statically nested within another master,
the accessibility level of the inner master is statically deeper than
that of the outer master. </LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>18.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>To be honest: </B>Strictly
speaking, this should talk about the <I>constructs</I> (such as <FONT FACE="Arial, Helvetica">subprogram_bodi</FONT>es)
being statically nested within one another; the masters are really the
<I>executions</I> of those constructs. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>18.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>To be honest: </B>If a given
accessibility level is statically deeper than another, then each level
defined to be the same as the given level is statically deeper than each
level defined to be the same as the other level. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>19</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>The statically deeper relationship does not apply to the
accessibility level of the anonymous type of an access parameter; that
is, such an accessibility level is not considered to be statically deeper,
nor statically shallower, than any other.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>20</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>For determining whether one level is statically deeper
than another when within a generic package body, the generic package
is presumed to be instantiated at the same level as where it was declared;
run-time checks are needed in the case of more deeply nested instantiations.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>21</FONT></DIV>
<UL Class="Bulleted"><LI TYPE=DISC>For determining whether one level is statically deeper
than another when within the declarative region of a <FONT FACE="Arial, Helvetica">type_declaration</FONT>,
the current instance of the type is presumed to be an object created
at a deeper level than that of the type. </LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>21.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B>In other
words, the rules are checked at compile time of the <FONT FACE="Arial, Helvetica">type_declaration</FONT>,
in an assume-the-worst manner. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22</FONT></DIV>
<DIV Class="Normal"> <A NAME="I2198"></A><A NAME="I2199"></A>The accessibility
level of all library units is called the <I>library level</I>; a library-level
declaration or entity is one whose accessibility level is the library
level. </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B><FONT FACE="Arial, Helvetica">Library_unit_declaration</FONT>s
are library level. Nested declarations are library level if they are
nested only within packages (possibly more than one), and not within
subprograms, tasks, etc. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.b</FONT></DIV>
<DIV Class="Annotations" Style="margin-bottom: 0.4em"><FONT SIZE=-1><B>To
be honest: </B>The definition of the accessibility level of the anonymous
type of an access parameter cheats a bit, since it refers to the view
designated by the actual, but access values designate objects, not views
of objects. What we really mean is the view that ``would be'' denoted
by an expression ``X.<B>all</B>'', where X is the actual, even though
such an expression is a figment of our imagination. The definition is
intended to be equivalent to the following more verbose version: The
accessibility level of the anonymous type of an access parameter is as
follows: </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.c</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>if the actual is an expression of a named access type --
the accessibility level of that type;</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.d</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>if the actual is an <FONT FACE="Arial, Helvetica">allocator</FONT>
-- the accessibility level of the execution of the called subprogram;</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.e/1</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>if the actual is a reference to the Access attribute --
the accessibility level of the view denoted by the <U><FONT FACE="Arial, Helvetica">prefix</FONT></U><S>prefix</S>;</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.f</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>if the actual is a reference to the Unchecked_Access attribute
-- library accessibility level;</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.g</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>if the actual is an access parameter -- the accessibility
level of its type. </LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.h</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Note that the <FONT FACE="Arial, Helvetica">allocator</FONT>
case is explicitly mentioned in the RM95, because otherwise the definition
would be circular: the level of the anonymous type is that of the view
designated by the actual, which is that of the access type. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.i</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>A deeper accessibility
level implies a shorter maximum lifetime. Hence, when a rule requires
X to have a level that is ``not deeper than'' Y's level, this requires
that X has a lifetime at least as long as Y. (We say ``maximum lifetime''
here, because the accessibility level really represents an upper bound
on the lifetime; an object created by an <FONT FACE="Arial, Helvetica">allocator</FONT>
can have its lifetime prematurely ended by an instance of Unchecked_Deallocation.)</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.j</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Package elaborations are not masters,
and are therefore invisible to the accessibility rules: an object declared
immediately within a package has the same accessibility level as an object
declared immediately within the declarative region containing the package.
This is true even in the body of a package; it jibes with the fact that
objects declared in a <FONT FACE="Arial, Helvetica">package_body</FONT>
live as long as objects declared outside the package, even though the
body objects are not visible outside the package.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.k</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Note that the level of the <I>view</I>
denoted by X.<B>all</B> can be different from the level of the <I>object</I>
denoted by X.<B>all</B>. The former is determined by the type of X; the
latter is determined either by the type of the <FONT FACE="Arial, Helvetica">allocator</FONT>,
or by the master in which the object was declared. The former is used
in several Legality Rules and run-time checks; the latter is used to
define when X.<B>all</B> gets finalized. The level of a view reflects
what we can conservatively ``know'' about the object of that view; for
example, due to <FONT FACE="Arial, Helvetica">type_conversion</FONT>s,
an access value might designate an object that was allocated by an <FONT FACE="Arial, Helvetica">allocator</FONT>
for a different access type.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.l</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Similarly, the level of the view
denoted by X.<B>all</B>.Comp can be different from the level of the object
denoted by X.<B>all</B>.Comp.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.m</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>If Y is statically deeper than
X, this implies that Y will be (dynamically) deeper than X in all possible
executions.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.n</FONT></DIV>
<DIV Class="Annotations" Style="margin-bottom: 0.4em"><FONT SIZE=-1>Most
accessibility checking is done at compile time; the rules are stated
in terms of ``statically deeper than''. The exceptions are: </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.o</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>Checks involving access parameters. The fact that ``statically
deeper than'' is not defined for the anonymous access type of an access
parameter implies that any rule saying ``shall not be statically deeper
than'' does not apply to such a type, nor to anything defined to have
``the same'' level as such a type.</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.p</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>Checks involving entities and views within generic packages.
This is because an instantiation can be at a level that is more deeply
nested than the generic package itself. In implementations that use a
macro-expansion model of generics, these violations can be detected at
macro-expansion time. For implementations that share generics, run-time
code is needed to detect the error.</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.q</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>Checks during function return. </LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.r</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Note that run-time checks are
not required for access discriminants, because their accessibility is
determined statically by the accessibility level of the enclosing object.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.s</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>The accessibility level of the
result object of a function reflects the time when that object will be
finalized; we don't allow pointers to the object to survive beyond that
time.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.t</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>We sometimes use the terms ``accessible''
and ``inaccessible'' to mean that something has an accessibility level
that is not deeper, or deeper, respectively, than something else. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.u</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Implementation Note: </B>If
an accessibility Legality Rule is satisfied, then the corresponding run-time
check (if any) cannot fail (and a reasonable implementation will not
generate any checking code) unless access parameters or shared generic
bodies are involved.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.v</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Accessibility levels are defined
in terms of the relations ``the same as'' and ``deeper than''. To make
the discussion more concrete, we can assign actual numbers to each level.
Here, we assume that library-level accessibility is level 0, and each
level defined as ``deeper than'' is one level deeper. Thus, a subprogram
directly called from the environment task (such as the main subprogram)
would be at level 1, and so on.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.w</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Accessibility is not enforced
at compile time for access parameters. The ``obvious'' implementation
of the run-time checks would be inefficient, and would involve distributed
overhead; therefore, an efficient method is given below. The ``obvious''
implementation would be to pass the level of the caller at each subprogram
call, task creation, etc. This level would be incremented by 1 for each
dynamically nested master. An Accessibility_Check would be implemented
as a simple comparison -- checking that X is not deeper than Y would
involve checking that X <= Y.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.x</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>A more efficient method is based
on passing <I>static</I> nesting levels (within constructs that correspond
at run time to masters -- packages don't count). Whenever an access parameter
is passed, an implicit extra parameter is passed with it. The extra parameter
represents (in an indirect way) the accessibility level of the anonymous
access type, and, therefore, the level of the view denoted by a dereference
of the access parameter. This is analogous to the implicit ``Constrained''
bit associated with certain formal parameters of an unconstrained but
definite composite subtype. In this method, we avoid distributed overhead:
it is not necessary to pass any extra information to subprograms that
have no access parameters. For anything other than an access parameter
and its anonymous type, the static nesting level is known at compile
time, and is defined analogously to the RM95 definition of accessibility
level (e.g. derived access types get their nesting level from their parent).
Checking ``not deeper than'' is a "<=" test on the levels.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.y</FONT></DIV>
<DIV Class="Annotations" Style="margin-bottom: 0.4em"><FONT SIZE=-1>For
each access parameter, the static depth passed depends on the actual,
as follows: </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.z</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>If the actual is an expression of a named access type,
pass the static nesting level of that type.</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.aa</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>If the actual is an <FONT FACE="Arial, Helvetica">allocator</FONT>,
pass the static nesting level of the caller, plus one.</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.bb/1</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>If the actual is a reference to the Access attribute, pass
the level of the view denoted by the <U><FONT FACE="Arial, Helvetica">prefix</FONT></U><S>prefix</S>.</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.cc</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>If the actual is a reference to the Unchecked_Access attribute,
pass 0 (the library accessibility level).</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.dd</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>If the actual is an access parameter, usually just pass
along the level passed in. However, if the static nesting level of the
formal (access) parameter is greater than the static nesting level of
the actual (access) parameter, the level to be passed is the minimum
of the static nesting level of the access parameter and the actual level
passed in. </LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>22.ee</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>For the Accessibility_Check associated
with a <FONT FACE="Arial, Helvetica">type_conversion</FONT> of an access
parameter of a given subprogram to a named access type, if the target
type is statically nested within the subprogram, do nothing; the check
can't fail in this case. Otherwise, check that the value passed in is
<= the static nesting depth of the target type. The other Accessibility_Checks
are handled in a similar manner.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.ff</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>This method, using statically
known values most of the time, is efficient, and, more importantly, avoids
distributed overhead. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.gg</FONT></DIV>
<DIV Class="Annotations" Style="margin-bottom: 0.4em"><FONT SIZE=-1><B>Discussion:
</B>Examples of accessibility: </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.hh</FONT></DIV>
<DIV Class="SmallExamples"><TT><B>package</B> <B>body</B> Lib_Unit <B>is</B><BR>
<B>type</B> T <B>is</B> <B>tagged</B> ...;<BR>
<B>type</B> A0 <B>is</B> <B>access</B> <B>all</B> T;<BR>
Global: A0 := ...;<BR>
<B>procedure</B> P(X: T) <B>is</B><BR>
Y: <B>aliased</B> T;<BR>
<B>type</B> A1 <B>is</B> <B>access</B> <B>all</B> T;<BR>
Ptr0: A0 := Global; --<I> OK.</I><BR>
Ptr1: A1 := X'Access; --<I> OK.</I><BR>
<B>begin</B><BR>
Ptr1 := Y'Access; --<I> OK;</I><BR>
Ptr0 := A0(Ptr1); --<I> Illegal type conversion!</I><BR>
Ptr0 := X'Access; --<I> Illegal reference to Access attribute!</I><BR>
Ptr0 := Y'Access; --<I> Illegal reference to Access attribute!</I><BR>
Global := Ptr0; --<I> OK.</I><BR>
<B>end</B> P;<BR>
<B>end</B> Lib_Unit;</TT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.ii</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>The above illegal statements are
illegal because the accessibility level of X and Y are statically deeper
than the accessibility level of A0. In every possible execution of any
program including this library unit, if P is called, the accessibility
level of X will be (dynamically) deeper than that of A0. Note that the
accessibility levels of X and Y are the same.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.jj</FONT></DIV>
<DIV Class="Annotations" Style="margin-bottom: 0.4em"><FONT SIZE=-1>Here's
an example involving access parameters: </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.kk</FONT></DIV>
<DIV Class="SmallExamples"><TT><B>procedure</B> Main <B>is</B><BR>
<B>type</B> Level_1_Type <B>is</B> <B>access</B> <B>all</B> Integer;</TT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.ll</FONT></DIV>
<DIV Class="SmallExamples"><TT> <B>procedure</B> P(X: <B>access</B> Integer) <B>is</B><BR>
<B>type</B> Nested_Type <B>is</B> <B>access</B> <B>all</B> Integer;<BR>
<B>begin</B><BR>
... Nested_Type(X) ... --<I> (1)</I><BR>
... Level_1_Type(X) ... --<I> (2)</I><BR>
<B>end</B> P;</TT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.mm</FONT></DIV>
<DIV Class="SmallExamples"><TT> <B>procedure</B> Q(X: <B>access</B> Integer) <B>is</B><BR>
<B>procedure</B> Nested(X: <B>access</B> Integer) <B>is</B><BR>
<B>begin</B><BR>
P(X);<BR>
<B>end</B> Nested;<BR>
<B>begin</B><BR>
Nested(X);<BR>
<B>end</B> Q;</TT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.nn</FONT></DIV>
<DIV Class="SmallExamples"><TT> <B>procedure</B> R <B>is</B><BR>
Level_2: <B>aliased</B> Integer;<BR>
<B>begin</B><BR>
Q(Level_2'Access); --<I> (3)</I><BR>
<B>end</B> R;</TT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.oo</FONT></DIV>
<DIV Class="SmallExamples"><TT> Level_1: <B>aliased</B> Integer;<BR>
<B>begin</B><BR>
Q(Level_1'Access); --<I> (4)</I><BR>
R;<BR>
<B>end</B> Main;</TT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.pp</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>The run-time Accessibility_Check
at (1) can never fail, and no code should be generated to check it. The
check at (2) will fail when called from (3), but not when called from
(4).</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.qq</FONT></DIV>
<DIV Class="Annotations" Style="margin-bottom: 0.4em"><FONT SIZE=-1>Within
a <FONT FACE="Arial, Helvetica">type_declaration</FONT>, the rules are
checked in an assume-the-worst manner. For example: </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.rr</FONT></DIV>
<DIV Class="SmallExamples"><TT><B>package</B> P <B>is</B><BR>
<B>type</B> Int_Ptr <B>is</B> <B>access</B> <B>all</B> Integer;<BR>
<B>type</B> Rec(D: <B>access</B> Integer) <B>is</B> <B>limited</B> <B>private</B>;<BR>
<B>private</B><BR>
<B>type</B> Rec_Ptr <B>is</B> <B>access</B> <B>all</B> Rec;<BR>
<B>function</B> F(X: Rec_Ptr) <B>return</B> Boolean;<BR>
<B>function</B> G(X: <B>access</B> Rec) <B>return</B> Boolean;<BR>
<B>type</B> Rec(D: <B>access</B> Integer) <B>is</B><BR>
<B>record</B><BR>
C1: Int_Ptr := Int_Ptr(D); --<I> Illegal!</I><BR>
C2: Rec_Ptr := Rec'Access; --<I> Illegal!</I><BR>
C3: Boolean := F(Rec'Access); --<I> Illegal!</I><BR>
C4: Boolean := G(Rec'Access);<BR>
<B>end</B> <B>record</B>;<BR>
<B>end</B> P;</TT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.ss</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>C1, C2, and C3 are all illegal,
because one might declare an object of type Rec at a more deeply nested
place than the declaration of the type. C4 is legal, but the accessibility
level of the object will be passed to function G, and constraint checks
within G will prevent it from doing any evil deeds.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>22.tt</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Note that we cannot defer the
checks on C1, C2, and C3 until compile-time of the object creation, because
that would cause violation of the privacy of private parts. Furthermore,
the problems might occur within a task or protected body, which the compiler
can't see while compiling an object creation. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>23</FONT></DIV>
<DIV Class="Wide" Style="margin-bottom: 0.4em"> The following attribute
is defined for a <FONT FACE="Arial, Helvetica">prefix</FONT> X that denotes
an aliased view of an object: </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>24/1</FONT></DIV>
<DL Class="Hanging"><DT> X'Access<DD Class="Hanging">
<A NAME="I2200"></A><A NAME="I2201"></A>{<I><A HREF="defect1.html#8652/0010">8652/0010</A></I>}
X'Access yields an access value that designates the object denoted by
X. The type of X'Access is an access-to-object type, as determined by
the expected type. The expected type shall be a general access type.
<A NAME="I2202"></A>X shall denote an aliased view of an object[, including
possibly the current instance (see <A HREF="AA-8-6.html">8.6</A>) of
a limited type within its definition, or a formal parameter or generic
formal object of a tagged type]. The view denoted by the <FONT FACE="Arial, Helvetica">prefix</FONT>
X shall satisfy the following additional requirements, presuming the
expected type for X'Access is the general access type <I>A</I><U> with
designated type <I>D</I></U>: </DL>
<DIV Class="Paranum"><FONT SIZE=-2>25</FONT></DIV>
<UL Class="IndentedBulleted"><LI TYPE=DISC>If <I>A</I> is an access-to-variable type, then the view
shall be a variable; [on the other hand, if <I>A</I> is an access-to-constant
type, the view may be either a constant or a variable.] </LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>25.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>The current
instance of a limited type is considered a variable. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>26</FONT></DIV>
<UL Class="IndentedBulleted"><LI TYPE=DISC>The view shall not be a subcomponent that depends on discriminants
of a variable whose nominal subtype is unconstrained, unless this subtype
is indefinite, or the variable is aliased.</LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>26.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>This restriction
is intended to be similar to the restriction on renaming discriminant-dependent
subcomponents. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>26.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Reason: </B>This prevents references
to subcomponents that might disappear or move or change constraints after
creating the reference. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>26.c</FONT></DIV>
<DIV Class="Annotations" Style="margin-bottom: 0.4em"><FONT SIZE=-1><B>Implementation
Note: </B>There was some thought to making this restriction more stringent,
roughly: "X shall not denote a subcomponent of a variable with discriminant-dependent
subcomponents, if the nominal subtype of the variable is an unconstrained
definite subtype." This was because in some implementations, it
is not just the discriminant-dependent subcomponents that might move
as the result of an assignment that changed the discriminants of the
enclosing object. However, it was decided not to make this change because
a reasonable implementation strategy was identified to avoid such problems,
as follows: </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>26.d</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>Place non-discriminant-dependent components with any aliased
parts at offsets preceding any discriminant-dependent components in a
discriminated record type with defaulted discriminants.</LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>26.e</FONT></DIV>
<UL Class="SmallBulleted"><FONT SIZE=-1><LI TYPE=DISC>Preallocate the maximum space for unconstrained discriminated
variables with aliased subcomponents, rather than allocating the initial
size and moving them to a larger (heap-resident) place if they grow as
the result of an assignment. </LI></FONT></UL>
<DIV Class="Paranum"><FONT SIZE=-2>26.f</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Note that for objects of a by-reference
type, it is not an error for a programmer to take advantage of the fact
that such objects are passed by reference. Therefore, the above approach
is also necessary for discriminated record types with components of a
by-reference type.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>26.g</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>To make the above strategy work,
it is important that a component of a derived type is defined to be discriminant-dependent
if it is inherited and the parent subtype constraint is defined in terms
of a discriminant of the derived type (see <A HREF="AA-3-7.html">3.7</A>).
</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>27/1</FONT></DIV>
<UL Class="IndentedBulleted"><LI TYPE=DISC>{<I><A HREF="defect1.html#8652/0010">8652/0010</A></I>}
If <U><I>A</I> is a named access type and <I>D</I> is a tagged type</U><S>the
designated type of <I>A</I> is tagged</S>, then the type of the view
shall be covered by <U><I>D</I></U><S>the designated type</S>; <U>if
<I>A</I> is anonymous and <I>D</I> is tagged, then the type of the view
shall be either <I>D</I>'Class or a type covered by D;</U> if <U><I>D</I>
is untagged</U><S><I>A</I>'s designated type is not tagged</S>, then
the type of the view shall be <U><I>D</I></U><S>the same</S>, and <S>either
</S><I>A</I>'s designated subtype shall <U>either </U>statically match
the nominal subtype of the view<U> or be</U><S>, or the designated subtype
shall be</S> discriminated and unconstrained; <A NAME="I2203"></A></LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>27.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Implementation Note: </B>This
ensures that the dope for an aliased array object can always be stored
contiguous with it, but need not be if its nominal subtype is constrained.
</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>27.a.1/1</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B>{<I><A HREF="defect1.html#8652/0010">8652/0010</A></I>}
<U>An access attribute can be used as the controlling operand in a dispatching
call; see <A HREF="AA-3-9-2.html">3.9.2</A>.</U> </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>28</FONT></DIV>
<UL Class="IndentedBulleted"><LI TYPE=DISC>The accessibility level of the view shall not be statically
deeper than that of the access type <I>A</I>. In addition to the places
where Legality Rules normally apply (see <A HREF="AA-12-3.html">12.3</A>),
this rule applies also in the private part of an instance of a generic
unit. <A NAME="I2204"></A><A NAME="I2205"></A></LI></UL>
<DIV Class="Paranum"><FONT SIZE=-2>28.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B>In an instance
body, a run-time check applies.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>28.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>If <I>A</I> is an anonymous access
type, then the view can never have a deeper accessibility level than
<I>A</I>, except when X'Access is used to initialize an access discriminant
of an object created by an <FONT FACE="Arial, Helvetica">allocator</FONT>.
The latter case is illegal if the accessibility level of X is statically
deeper than that of the access type of the <FONT FACE="Arial, Helvetica">allocator</FONT>;
a run-time check is needed in the case where the initial value comes
from an access parameter. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>29</FONT></DIV>
<DL Class="Hanging"><DD Class ="Hanging"><A NAME="I2206"></A><A NAME="I2207"></A><A NAME="I2208"></A>A
check is made that the accessibility level of X is not deeper than that
of the access type <I>A</I>. If this check fails, Program_Error is raised.
</DL>
<DIV Class="Paranum"><FONT SIZE=-2>29.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B>The check
is needed for access parameters and in instance bodies. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>29.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Implementation Note: </B>This
check requires that some indication of lifetime is passed as an implicit
parameter along with access parameters. No such requirement applies to
access discriminants, since the checks associated with them are all compile-time
checks. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>30</FONT></DIV>
<DL Class="Hanging"><DD Class ="Hanging"><A NAME="I2209"></A>If the nominal subtype of X
does not statically match the designated subtype of <I>A</I>, a view
conversion of X to the designated subtype is evaluated (which might raise
Constraint_Error -- see <A HREF="AA-4-6.html">4.6</A>) and the value
of X'Access designates that view. </DL>
<DIV Class="Paranum"><FONT SIZE=-2>31</FONT></DIV>
<DIV Class="Normal"> The following attribute is defined for a <FONT FACE="Arial, Helvetica">prefix</FONT>
P that denotes a subprogram: </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>32</FONT></DIV>
<DL Class="Hanging"><DT> P'Access<DD Class="Hanging">
<A NAME="I2210"></A><A NAME="I2211"></A>P'Access yields an access value
that designates the subprogram denoted by P. The type of P'Access is
an access-to-subprogram type (<I>S</I>), as determined by the expected
type. <A NAME="I2212"></A>The accessibility level of P shall not be statically
deeper than that of <I>S</I>. <A NAME="I2213"></A>In addition to the
places where Legality Rules normally apply (see <A HREF="AA-12-3.html">12.3</A>),
this rule applies also in the private part of an instance of a generic
unit. The profile of P shall be subtype-conformant with the designated
profile of <I>S</I>, and shall not be Intrinsic. <A NAME="I2214"></A>If
the subprogram denoted by P is declared within a generic body, <I>S</I>
shall be declared within the generic body.</DL>
<DIV Class="Paranum"><FONT SIZE=-2>32.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Discussion: </B>The part about
generic bodies is worded in terms of the denoted subprogram, not the
denoted view; this implies that renaming is invisible to this part of
the rule. This rule is partly to prevent contract model problems with
respect to the accessibility rules, and partly to ease shared-generic-body
implementations, in which a subprogram declared in an instance needs
to have a different calling convention from other subprograms with the
same profile.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>32.b</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1>Overload resolution ensures only
that the profile is type-conformant. This rule specifies that subtype
conformance is required (which also requires matching calling conventions).
P cannot denote an entry because access-to-subprogram types never have
the <I>entry</I> calling convention. P cannot denote an enumeration literal
or an attribute function because these have intrinsic calling conventions.
</FONT></DIV>
<DIV Class="NotesHeader"><FONT SIZE=-1>NOTES</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>33</FONT></DIV>
<DIV Class="Notes"><FONT SIZE=-1>81 The Unchecked_Access attribute
yields the same result as the Access attribute for objects, but has fewer
restrictions (see <A HREF="AA-13-10.html">13.10</A>). There are other
predefined operations that yield access values: an <FONT FACE="Arial, Helvetica">allocator</FONT>
can be used to create an object, and return an access value that designates
it (see <A HREF="AA-4-8.html">4.8</A>); evaluating the literal <B>null</B>
yields a null access value that designates no entity at all (see <A HREF="AA-4-2.html">4.2</A>).</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>34</FONT></DIV>
<DIV Class="Notes"><FONT SIZE=-1>82 <A NAME="I2215"></A>The
predefined operations of an access type also include the assignment operation,
qualification, and membership tests. Explicit conversion is allowed between
general access types with matching designated subtypes; explicit conversion
is allowed between access-to-subprogram types with subtype conformant
profiles (see <A HREF="AA-4-6.html">4.6</A>). <A NAME="I2216"></A>Named
access types have predefined equality operators; anonymous access types
do not (see <A HREF="AA-4-5-2.html">4.5.2</A>). </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>34.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Reason: </B>By not having equality
operators for anonymous access types, we eliminate the need to specify
exactly where the predefined operators for anonymous access types would
be defined, as well as the need for an implementer to insert an implicit
declaration for "=", etc. at the appropriate place in their
symbol table. Note that 'Access and ".<B>all</B>" are defined,
and ":=" is defined though useless since all instances are
constant. The literal <B>null</B> is also defined for the purposes of
overload resolution, but is disallowed by a Legality Rule of this subclause.
</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>35</FONT></DIV>
<DIV Class="Notes"><FONT SIZE=-1>83 The object or subprogram
designated by an access value can be named with a dereference, either
an <FONT FACE="Arial, Helvetica">explicit_dereference</FONT> or an <FONT FACE="Arial, Helvetica">implicit_dereference</FONT>.
See <A HREF="AA-4-1.html">4.1</A>.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>36</FONT></DIV>
<DIV Class="Notes"><FONT SIZE=-1>84 A call through the dereference
of an access-to-subprogram value is never a dispatching call. </FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>36.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Proof: </B>See <A HREF="AA-3-9-2.html">3.9.2</A>.
</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>37</FONT></DIV>
<DIV Class="Notes"><FONT SIZE=-1>85 <A NAME="I2217"></A><A NAME="I2218"></A>The
accessibility rules imply that it is not possible to use the Access attribute
to implement ``downward closures'' -- that is, to pass a more-nested
subprogram as a parameter to a less-nested subprogram, as might be desired
for example for an iterator abstraction. Instead, downward closures can
be implemented using generic formal subprograms (see <A HREF="AA-12-6.html">12.6</A>).
Note that Unchecked_Access is not allowed for subprograms.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>38</FONT></DIV>
<DIV Class="Notes"><FONT SIZE=-1>86 Note that using an access-to-class-wide
tagged type with a dispatching operation is a potentially more structured
alternative to using an access-to-subprogram type.</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>39</FONT></DIV>
<DIV Class="Notes"><FONT SIZE=-1>87 An implementation may
consider two access-to-subprogram values to be unequal, even though they
designate the same subprogram. This might be because one points directly
to the subprogram, while the other points to a special prologue that
performs an Elaboration_Check and then jumps to the subprogram. See <A HREF="AA-4-5-2.html">4.5.2</A>.
</FONT></DIV>
<DIV Class="Paranum"><FONT SIZE=-2>39.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><B>Ramification: </B>If equality
of access-to-subprogram values is important to the logic of a program,
a reference to the Access attribute of a subprogram should be evaluated
only once and stored in a global constant for subsequent use and equality
comparison.</FONT></DIV>
<H4 ALIGN=CENTER>Examples</H4>
<DIV Class="Paranum"><FONT SIZE=-2>40</FONT></DIV>
<DIV Class="Normal" Style="margin-bottom: 0.4em"> <I>Example of use
of the Access attribute:</I> </DIV>
<DIV Class="Paranum"><FONT SIZE=-2>41</FONT></DIV>
<DIV Class="Examples"><TT>Martha : Person_Name := <B>new</B> Person(F); <I>-- see <A HREF="AA-3-10-1.html">3.10.1</A></I><BR>
Cars : <B>array</B> (1..2) <B>of</B> <B>aliased</B> Car;<BR>
...<BR>
Martha.Vehicle := Cars(1)'Access;<BR>
George.Vehicle := Cars(2)'Access;</TT></DIV>
<H4 ALIGN=CENTER>Extensions to Ada 83</H4>
<DIV Class="Paranum"><FONT SIZE=-2>41.a</FONT></DIV>
<DIV Class="Annotations"><FONT SIZE=-1><A NAME="I2219"></A>We no longer
make things like 'Last and ".component" (basic) operations
of an access type that need to be "declared" somewhere. Instead,
implicit dereference in a <FONT FACE="Arial, Helvetica">prefix</FONT>
takes care of them all. This means that there should never be a case
when X.<B>all</B>'Last is legal while X'Last is not. See AI83-00154.
</FONT></DIV>
<HR>
<P><A HREF="AA-TOC.html">Contents</A> <A HREF="AA-0-29.html">Index</A> <A HREF="AA-3-10-1.html">Previous</A> <A HREF="AA-3-11.html">Next</A> <A HREF="AA-TTL.html">Legal</A></P>
</BODY>
</HTML>
|
