- Ada 2012
- Ada 2005 / 95 / 83
- Embedded Development
- Formal Methods
- Open Source
- Safety-Critical Development
- Static Analysis
AI-0222 Primitive subp completion ok post-freezing
This AI confirms that the existing behavior of the GNAT compiler is correct in not treating the completion of a subprogram as a declaration for purposes of checking the rule prohibiting the declaration of a primitive operation of a tagged type after the type has been frozen.
AI-0220 Needed components for aggregates
This AI addresses a wording problem in the RM that appears to permit some complex cases of aggregates with non-static discriminants. GNAT has always implemented the intended semantics.
AI-0216 No_Task_Hierarchy forbids local tasks
It is clearly the intention that No_Task_Hierarchy is intended to forbid tasks declared locally within subprograms, or functions returning task objects, and that is the implementation that GNAT has always provided. However the language in the RM was not sufficiently clear on this point. Thus this is a docmentation change in the RM only.
AI-0210 Correct Timing_Events metric
This is a documentation only issue regarding wording of metric requirements, that does not affect the implementation of the compiler.
AI-0208 Characteristics of incomplete views
The wording in the Ada 2005 RM concerning characteristics of incomplete views was incorrect and implied that some programs intended to be legal were now illegal. GNAT had never considered such programs illegal, so it has always implemented the intent of this AI.
AI-0207 Mode conformance and access constant
This AI confirms that access_to_constant indication must match for mode conformance. This was implemented in GNAT when the qualifier was originally introduced in Ada 2005.
AI-0205 Extended return declares visible name
This AI corrects a simple omission in the RM. Return objects have always been visible within an extended return statement.
AI-0203 Extended return cannot be abstract
A return_subtype_indication cannot denote an abstract subtype. GNAT has never permitted such usage.
AI-0200 Mismatches in formal package declarations
This AI plugs a gap in the RM which appeared to allow some obviously intended illegal instantiations. GNAT has never allowed these instantiations.
AI-0198 Inheriting abstract operators
This AI resolves a conflict between two rules involving inherited abstract operations and predefined operators. If a derived numeric type inherits an abstract operator, it overrides the predefined one. This interpretation was always the one implemented in GNAT.
AI-0196 Null exclusion tests for out parameters
Null exclusion checks are not made for OUT parameters when evaluating the actual parameters. GNAT has never generated these checks.
AI-0194 Value of Stream_Size attribute
The Stream_Size attribute returns the default number of bits in the stream representation of the given type. This value is not affected by the presence of stream subprogram attributes for the type. GNAT has always implemented this interpretation.
AI-0182 Additional forms for Character’Value
This AI allows Character'Value to accept the string '?' where ? is any character including non-graphic control characters. GNAT has always accepted such strings. It also allows strings such as HEX_00000041 to be accepted, but GNAT does not take advantage of this permission and raises constraint error, as is certainly still permitted.
AI-0178 Incomplete views are limited
This AI clarifies the role of incomplete views and plugs an omission in the RM. GNAT always restricted correctly the use of incomplete views and types.
AI-0155 Size clause on type with non-static bounds
This AI clarifies the legality rules for size clauses on elementary subtypes whose bounds are non-static. GNAT has always followed what is now a precise implementation permission, namely that an implementation is allowed to assume the worst when computing the size of such a subtype.
AI-0134 Profiles must match for full conformance
For full conformance, the profiles of anonymous-access-to-subprogram parameters must match. GNAT has always enforced this rule.
AI-0133 Extending a type with self-reference
This AI discusses the legality of extending a record type when one of its components has a self-referencing discriminant constraint. GNAT has always treated such an extension as legal.
AI-0132 Placement of library unit pragmas
This AI fills a gap in the description of library unit pragmas. The pragma clearly must apply to a library unit, even if it does not carry the name of the enclosing unit. GNAT has always enforced the required check.
AI-0129 Limited views and incomplete types
This AI clarifies the description of limited views: a limited view of a package includes only one view of a type that has an incomplete declaration and a full declaration (there is no possible ambiguity in a client package). This AI also fixes an omission: a nested package in the private part has no limited view. GNAT always implemented this correctly.
AI-0128 Inequality is a primitive operation
If an equality operator ("=") is declared for a type, then the implicitly declared inequality operator ("/=") is a primitive operation of the type. This is the only reasonable interpretation, and is the one always implemented by GNAT, but the RM was not entirely clear in making this point.
AI-0126 Dispatching with no declared operation
This AI clarifies dispatching rules, and simply confirms that dispatching executes the operation of the parent type when there is no explicitly or implicitly declared operation for the descendant type. This has always been the case in all versions of GNAT.
AI-0122 Private with and children of generics
This AI clarifies the visibility of private children of generic units within instantiations of a parent. GNAT has always handled this correctly.
AI-0120 Constant instance of protected object
This is an RM editorial change only. The section that lists objects that are constant failed to include the current instance of a protected object within a protected function. This has always been treated as a constant in GNAT.
AI-0119 Effects of daylight saving on Time ops
All routines in Ada.Calendar and routine UTC_Time_Offset in Ada.Calendar. Time_Zones have implementation-defined behavior when a time-zone change such as daylight saving in the United States occurs.
AI-0118 The association of parameter associations
This AI clarifies the rules for named associations in subprogram calls and generic instantiations. The rules have been in place since Ada 83.
AI-0117 Memory barriers and volatile objects
This AI modifies the implementation advice for pragma Volatile to avoid some unintended overspecification. GNAT has always ignored the incorrect language in the standard.
AI-0116 Alignment of class-wide objects
This AI requires that the alignment of a class-wide object be no greater than the alignment of any type in the class. GNAT has always followed this recommendation.
AI-0114 Classification of letters
The code points 170 (FEMININE ORDINAL INDICATOR), 181 (MICRO SIGN), and 186 (MASCULINE ORDINAL INDICATOR) are technically considered lower case letters by Unicode. However, they are not allowed in identifiers, and they return False to Ada.Characters.Handling.Is_Letter/Is_lower. This behavior is consistent with that defined in Ada 95.
AI-0109 Redundant check in S’Class’Input
This AI is an editorial change only. It removes the need for a tag check that can never fail.
AI-0108 Limited incomplete view and discriminants
This AI confirms that an incomplete type from a limited view does not have discriminants. This has always been the case in GNAT.
AI-0107 A failed allocator need not leak memory
The RM used to mistakenly imply that a failed allocator must leak memory. This AI gives the implementation permission for (but does not require) avoiding this memory leak. This does not require any implementation change.
AI-0106 No rep pragmas on generic formals
The RM appears to allow representation pragmas on generic formals, but this was not intended, and GNAT has never permitted this usage.
AI-0102 Some implicit conversions are illegal
It is illegal to assign an anonymous access constant to an anonymous access variable. The RM did not have a clear rule to prevent this, but GNAT has always generated an error for this usage.
AI-0099 Tag determines whether finalization needed
This AI clarifies that "needs finalization" is part of dynamic semantics, and therefore depends on the run-time charateristics of an object (i.e. its tag) and not on its nominal type. As the AI indicates: "we do not expect this to affect any implementation".
AI-0098 Anonymous subprogram access restrictions
An unintentional omission in the RM implied some inconsistent restrictions on the use of anonymous access to subprogram values. These restrictions were not intentional, and have never been enforced by GNAT.
AI-0095 Address of intrinsic subprograms
The prefix of 'Address cannot statically denote a subprogram with convention Intrinsic. The use of the Address attribute raises Program_Error if the prefix denotes a subprogram with convention Intrinsic.
AI-0094 Timing_Events should not require deadlock
This AI fixes an error in the definition of the semantics defining the execution of timing events which may cause deadlocks.
AI-0093 Additional rules use immutably limited
This is an editorial change only, to make more widespread use of the Ada 2012 "immutably limited".
AI-0091 Do not allow other_format in identifiers
Wide characters in the unicode category other_format are not permitted within identifiers, since this can be a security problem. The error message for this case has been improved to be more specific, but GNAT has never allowed such characters to appear in identifiers.
AI-0088 The value of exponentiation
This AI clarifies the equivalence rule given for the dynamic semantics of exponentiation: the value of the operation can be obtained by repeated multiplication, but the operation can be implemented otherwise (for example using the familiar divide-by-two-and-square algorithm, even if this is less accurate), and does not imply repeated reads of a volatile base.
AI-0083 Representation values of formal parameters
Representation values such as 'Size and 'Alignment can have different values for a formal parameter than for the associated actual parameter, even when the parameter is passed by reference. This AI is a Ramification, and GNAT's behavior has always been consistent with these rules.
AI-0082 Accessibility level of formal types
This AI confirms that the existing behavior of the GNAT compiler is correct with respect to the static accessibility checking associated with uses of a generic formal type.
AI-0080 “View of” not needed if clear fr/ context
This is an editorial change only, described as non-testable in the AI.
AI-0078 Relax Unchecked_Conversion alignment rules
In Ada 2012, compilers are required to support unchecked conversion where the target alignment is a multiple of the source alignment. GNAT always supported this case (and indeed all cases of differing alignments, doing copies where required if the alignment was reduced).
AI-0077 Limited withs and scope of declarations
This AI clarifies that a declaration does not include a context clause, and confirms that it is illegal to have a context in which both a limited and a nonlimited view of a package are accessible. Such double visibility was always rejected by GNAT.
AI-0076 function with controlling result
This is an editorial change only. The RM defines calls with controlling results, but uses the term "function with controlling result" without an explicit definition.
AI-0072 Task signalling using ‘Terminated
This AI clarifies that task signalling for reading 'Terminated only occurs if the result is True. GNAT semantics has always been consistent with this notion of task signalling.
AI-0070 Elaboration of interface types
This is an editorial change only, there are no testable consequences short of checking for the absence of generated code for an interface declaration.
AI-0066 Temporaries required to live too long
This AI defines the master of an anonymous object used to temporarily hold the result of an aggregate or function call to be the expression itself (the innermost master enclosing the evaluation of the aggregate or function call), rather than being the master of the enclosing construct. This ensures that the anonymous object is finalized as soon as possible. GNAT already follows this requirement.
AI-0065 Remote access types and external streaming
This AI clarifies the fact that all remote access types support external streaming. This fixes an obvious oversight in the definition of the language, and GNAT always implemented the intended correct rules.