13.3 Operational and Representation Attributes
This Reference Manual output has not been verified, and may contain omissions or errors. Report any problems on the tracking issue
{8652/0009} [ The values of certain implementation-dependent characteristics can be obtained by interrogating appropriate operational or representation attributes. Some of these attributes are specifiable via an attribute_definition_clause
.]
Language Design Principles
In general, the meaning of a given attribute should not depend on whether the attribute was specified via an attribute_definition_clause
, or chosen by default by the implementation.
Syntax
2attribute_definition_clause
::=
for local_name
'attribute_designator
use expression
;
| for local_name
'attribute_designator
use name
;
Name Resolution Rules
3For an attribute_definition_clause
that specifies an attribute that denotes a value, the form with an expression
shall be used. Otherwise, the form with a name
shall be used.
For an attribute_definition_clause
that specifies an attribute that denotes a value or an object, the expected type for the expression or name
is that of the attribute. For an attribute_definition_clause
that specifies an attribute that denotes a subprogram, the expected profile for the name
is the profile required for the attribute. For an attribute_definition_clause
that specifies an attribute that denotes some other kind of entity, the name
shall resolve to denote an entity of the appropriate kind.
For example, the Size attribute is of type universal_integer. Therefore, the expected type for Y in “for X'Size use Y;” is universal_integer, which means that Y can be of any integer type.
For attributes that denote subprograms, the required profile is indicated separately for the individual attributes.
For an attribute_definition_clause
with a name
, the name
need not statically denote the entity it denotes. For example, the following kinds of things are allowed:
for Some_Access_Type'Storage_Pool use Storage_Pool_Array(I);
for Some_Type'Read use Subprogram_Pointer.all;
Legality Rules
5/3{8652/0009} An attribute_designator
is allowed in an attribute_definition_clause
only if this Reference Manual explicitly allows it, or for an implementation-defined attribute if the implementation allows it. Each specifiable attribute constitutes an operational aspect or aspect of representation; the name of the aspect is that of the attribute.
For each specifiable attribute, we generally say something like, “The ... attribute may be specified for ... via an attribute_definition_clause
.”
The above wording allows for T'Class'Alignment, T'Class'Size, T'Class'Input, and T'Class'Output to be specifiable.
A specifiable attribute is not necessarily specifiable for all entities for which it is defined. For example, one is allowed to ask T'Component_Size for an array subtype T, but “for T'Component_Size use ...” is only allowed if T is a first subtype, because Component_Size is a type-related aspect.
This paragraph was deleted.
This paragraph was deleted.
Static Semantics
7/2A Size clause is an attribute_definition_clause
whose attribute_designator
is Size. Similar definitions apply to the other specifiable attributes.
To be honest: An attribute_definition_clause
is type-related or subtype-specific if the attribute_designator
denotes a type-related or subtype-specific attribute, respectively.
A storage element is an addressable element of storage in the machine. A word is the largest amount of storage that can be conveniently and efficiently manipulated by the hardware, given the implementation's run-time model. A word consists of an integral number of storage elements.
A storage element is not intended to be a single bit, unless the machine can efficiently address individual bits.
For example, on a machine with 8-bit storage elements, if there exist 32-bit integer registers, with a full set of arithmetic and logical instructions to manipulate those registers, a word ought to be 4 storage elements — that is, 32 bits.
The “given the implementation's run-time model” part is intended to imply that, for example, on an 80386 running MS-DOS, the word might be 16 bits, even though the hardware can support 32 bits.
A word is what ACID refers to as a “natural hardware boundary”.
Storage elements may, but need not be, independently addressable (see 9.10, “Shared Variables”). Words are expected to be independently addressable.
A machine scalar is an amount of storage that can be conveniently and efficiently loaded, stored, or operated upon by the hardware. Machine scalars consist of an integral number of storage elements. The set of machine scalars is implementation defined, but includes at least the storage element and the word. Machine scalars are used to interpret component_clause
s when the nondefault bit ordering applies.
The set of machine scalars.
A single storage element is a machine scalar in all Ada implementations. Similarly, a word is a machine scalar in all implementations (although it might be the same as a storage element). An implementation may define other machine scalars that make sense on the target (a half-word, for instance).
{8652/0009} The following representation attributes are defined: Address, Alignment, Size, Object_Size, Storage_Size, Component_Size, Has_Same_Storage, and Overlaps_Storage.
For a prefix
X that denotes an object, program unit, or label:
X'Address
- Denotes the address of the first of the storage elements allocated to X. For a program unit or label, this value refers to the machine code associated with the corresponding body or
statement
. The value of this attribute is of type System.Address.
Here, the “first of the storage elements” is intended to mean the one with the lowest address; the endianness of the machine doesn't matter.
- The prefix of X'Address shall not statically denote a subprogram that has convention Intrinsic. X'Address raises Program_Error if X denotes a subprogram that has convention Intrinsic.
- Address may be specified for stand-alone objects and for program units via an
attribute_definition_clause
.
Address is not allowed for enumeration literals, predefined operators, derived task types, or derived protected types, since they are not program units.
Address is not allowed for intrinsic subprograms, either. That can be checked statically unless the prefix is a generic formal subprogram and the attribute reference is in the body of a generic unit. We define that case to raise Program_Error, in order that the compiler does not have to build a wrapper for intrinsic subprograms.
The validity of a given address depends on the run-time model; thus, in order to use Address clauses correctly, one needs intimate knowledge of the run-time model.
If the Address of an object is specified, any explicit or implicit initialization takes place as usual, unless the Import aspect is also specified for the object (in which case any necessary initialization is presumably done in the foreign language).
Any compilation unit containing an attribute_reference
of a given type depends semantically on the declaration of the package in which the type is declared, even if not mentioned in an applicable with_clause
— see 10.1.1. In this case, it means that if a compilation unit contains X'Address, then it depends on the declaration of System. Otherwise, the fact that the value of Address is of a type in System wouldn't make sense; it would violate the “legality determinable via semantic dependences” Language Design Principle.
AI83-00305 — If X is a task type, then within the body of X, X denotes the current task object; thus, X'Address denotes the object's address.
Interrupt entries and their addresses are described in J.7.1, “Interrupt Entries”.
If X is not allocated on a storage element boundary, X'Address points at the first of the storage elements that contains any part of X. This is important for the definition of the Position attribute to be sensible.
Aspect Description for Address: Machine address of an entity.
Erroneous Execution
13/3If an Address is specified, it is the programmer's responsibility to ensure that the address is valid and appropriate for the entity and its use; otherwise, program execution is erroneous.
“Appropriate for the entity and its use” covers cases such as misaligned addresses, read-only code addresses for variable data objects (and nonexecutable data addresses for code units), and addresses which would force objects that are supposed to be independently addressable to not be. Such addresses may be “valid” as they designate locations that are accessible to the program, but the program execution is still erroneous (meaning that implementations do not have to worry about these cases).
Implementation Advice
14For an array X, X'Address should point at the first component of the array, and not at the array bounds.
For an array X, X'Address should point at the first component of the array rather than the array bounds.
On the other hand, we have no advice to offer about discriminants and tag fields; whether or not the address points at them is not specified by the language. If discriminants are stored separately, then the Position of a discriminant might be negative, or might raise an exception.
The recommended level of support for the Address attribute is:
- X'Address should produce a useful result if X is an object that is aliased or of a by-reference type, or is an entity whose Address has been specified.
Aliased objects are the ones for which the Unchecked_Access attribute is allowed; hence, these have to be allocated on an addressable boundary anyway. Similar considerations apply to objects of a by-reference type.
An implementation need not go to any trouble to make Address work in other cases. For example, if an object X is not aliased and not of a by-reference type, and the implementation chooses to store it in a register, X'Address might return System.Null_Address (assuming registers are not addressable). For a subprogram whose calling convention is Intrinsic, or for a package, the implementation need not generate an out-of-line piece of code for it.
- An implementation should support Address clauses for imported subprograms.
- This paragraph was deleted.
- If the Address of an object is specified, or it is imported or exported, then the implementation should not perform optimizations based on assumptions of no aliases.
The recommended level of support for the Address attribute should be followed.
NOTE 1 The specification of a link name with the Link_Name aspect (see B.1) for a subprogram or object is an alternative to explicit specification of its link-time address, allowing a link-time directive to place the subprogram or object within memory.
NOTE 2 The rules for the Size attribute imply, for an aliased object X, that if X'Size = Storage_Unit, then X'Address points at a storage element containing all of the bits of X, and only the bits of X.
Wording Changes from Ada 83
The intended meaning of the various attributes, and their attribute_definition_clause
s, is more explicit.
The address_clause
has been renamed to at_clause
and moved to Annex J, “Obsolescent Features”. One can use an Address clause (“for T'Address use ...;”) instead.
Wording Changes from Ada 2005
Defined that the names of aspects are the same as the name of the attribute; that gives a name to use in aspect_specification
s (see 13.1.1).
Language Design Principles
By default, the Alignment of a subtype should reflect the “natural” alignment for objects of the subtype on the machine. The Alignment, whether specified or default, should be known at compile time, even though Addresses are generally not known at compile time. (The generated code should never need to check at run time the number of zero bits at the end of an address to determine an alignment).
There are two symmetric purposes of Alignment clauses, depending on whether or not the implementation has control over object allocation. If the implementation allocates an object, the implementation should ensure that the Address and Alignment are consistent with each other. If something outside the implementation allocates an object, the implementation should be allowed to assume that the Address and Alignment are consistent, but should not assume stricter alignments than that.
Static Semantics
22/2For a prefix
X that denotes an object:
X'Alignment
- The value of this attribute is of type universal_integer, and nonnegative; zero means that the object is not necessarily aligned on a storage element boundary. If X'Alignment is not zero, then X is aligned on a storage unit boundary and X'Address is an integral multiple of X'Alignment (that is, the Address modulo the Alignment is zero).
- This paragraph was deleted.
The Alignment is passed by an allocator
to the Allocate operation; the implementation has to choose a value such that if the address returned by Allocate is aligned as requested, the generated code can correctly access the object.
The above mention of “modulo” is referring to the "mod" operator declared in System.Storage_Elements; if X mod N = 0, then X is by definition aligned on an N-storage-element boundary.
- Alignment may be specified for [stand-alone] objects via an
attribute_definition_clause
; the expression of such a clause shall be static, and its value nonnegative.
Aspect Description for Alignment (object): Alignment of an object.
- This paragraph was deleted.
For every subtype S:
S'Alignment
- The value of this attribute is of type universal_integer, and nonnegative.
- For an object X of subtype S, if S'Alignment is not zero, then X'Alignment is a nonzero integral multiple of S'Alignment unless specified otherwise by a representation item.
- Alignment may be specified for first subtypes via an
attribute_definition_clause
; the expression of such a clause shall be static, and its value nonnegative.
Aspect Description for Alignment (subtype): Alignment of a subtype.
Erroneous Execution
27Program execution is erroneous if an Address clause is given that conflicts with the Alignment.
The user has to either give an Alignment clause also, or else know what Alignment the implementation will choose by default.
For an object that is not allocated under control of the implementation, execution is erroneous if the object is not aligned according to its Alignment.
Implementation Advice
28.1/3For any tagged specific subtype S, S'Class'Alignment should equal S'Alignment.
A tagged object should never be less aligned than the alignment of the type of its view, so for a class-wide type T'Class, the alignment should be no greater than that of any type covered by T'Class. If the implementation only supports alignments that are required by the recommended level of support (and this is most likely), then the alignment of any covered type has to be the same or greater than that of T — which leaves the only reasonable value of T'Class'Alignment being T'Alignment. Thus we recommend this, but don't require it so that in the unlikely case that the implementation does support smaller alignments for covered types, it can select a smaller value for T'Class'Alignment.
For any tagged specific subtype S, S'Class'Alignment should equal S'Alignment.
The recommended level of support for the Alignment attribute for subtypes is:
- An implementation should support an Alignment clause for a discrete type, fixed point type, record type, or array type, specifying an Alignment value that is zero or a power of two, subject to the following:
- An implementation is not required to support an Alignment clause for a signed integer type specifying an Alignment greater than the largest Alignment value that is ever chosen by default by the implementation for any signed integer type. A corresponding limitation may be imposed for modular integer types, fixed point types, enumeration types, record types, and array types.
- An implementation is not required to support a nonconfirming Alignment clause that can cause the creation of an object of an elementary type that cannot be easily loaded and stored by available machine instructions.
- An implementation is not required to support an Alignment specified for a derived tagged type that is not a multiple of the Alignment of the parent type. An implementation is not required to support a nonconfirming Alignment specified for a derived untagged by-reference type.
There is no recommendation to support any nonconfirming Alignment clauses for types not mentioned above. Remember that 13.1 requires support for confirming Alignment clauses for all types.
An implementation that tries to support other alignments for derived tagged types will need to allow inherited subprograms to be passed objects that are less aligned than expected by the parent subprogram and type. This is unlikely to work if alignment has any effect on code selection. Similar issues arise for untagged derived types whose parameters are passed by reference.
The recommended level of support for the Alignment attribute for objects is:
- This paragraph was deleted.
- For stand-alone library-level objects of statically constrained subtypes, the implementation should support all Alignments supported by the target linker. For example, page alignment is likely to be supported for such objects, but not for subtypes.
- For other objects, an implementation should at least support the alignments supported for their subtype, subject to the following:
- An implementation is not required to support Alignments specified for objects of a by-reference type or for objects of types containing aliased subcomponents if the specified Alignment is not a multiple of the Alignment of the subtype of the object.
The recommended level of support for the Alignment attribute should be followed.
NOTE 3 Alignment is a subtype-specific attribute.
NOTE 4 A component_clause
, Component_Size clause, or specifying the Pack aspect as True can override a specified Alignment.
Most objects are allocated by the implementation; for these, the implementation obeys the Alignment. The implementation is of course allowed to make an object more aligned than its Alignment requires — an object whose Alignment is 4 might just happen to land at an address that's a multiple of 4096. For formal parameters, the implementation might want to force an Alignment stricter than the parameter's subtype. For example, on some systems, it is customary to always align parameters to 4 storage elements.
Hence, one might initially assume that the implementation could evilly make all Alignments 1 by default, even though integers, say, are normally aligned on a 4-storage-element boundary. However, the implementation cannot get away with that — if the Alignment is 1, the generated code cannot assume an Alignment of 4, at least not for objects allocated outside the control of the implementation.
Of course implementations can assume anything they can prove, but typically an implementation will be unable to prove much about the alignment of, say, an imported object. Furthermore, the information about where an address “came from” can be lost to the compiler due to separate compilation.
The Alignment of an object that is a component of a packed composite object will usually be 0, to indicate that the component is not necessarily aligned on a storage element boundary. For a subtype, an Alignment of 0 means that objects of the subtype are not normally aligned on a storage element boundary at all. For example, an implementation might choose to make Component_Size be 1 for an array of Booleans, even when the Pack aspect has not been specified for the array. In this case, Boolean'Alignment would be 0. (In the presence of tasking, this would in general be feasible only on a machine that had atomic test-bit and set-bit instructions.)
If the machine has no particular natural alignments, then all subtype Alignments will probably be 1 by default.
Specifying an Alignment of 0 in an attribute_definition_clause
does not require the implementation to do anything (except return 0 when the Alignment is queried). However, it might be taken as advice on some implementations.
It is an error for an Address clause to disobey the object's Alignment. The error cannot be detected at compile time, in general, because the Address is not necessarily known at compile time (and is almost certainly not static). We do not require a runtime check, since efficiency seems paramount here, and Address clauses are treading on thin ice anyway. Hence, this misuse of Address clauses is just like any other misuse of Address clauses — it's erroneous.
A type extension can have a stricter Alignment than its parent. This can happen, for example, if the Alignment of the parent is 4, but the extension contains a component with Alignment 8. The Alignment of a class-wide type or object will have to be the maximum possible Alignment of any extension.
The recommended level of support for the Alignment attribute is intended to reflect a minimum useful set of capabilities. An implementation can assume that all Alignments are multiples of each other — 1, 2, 4, and 8 might be the only supported Alignments for subtypes. An Alignment of 3 or 6 is unlikely to be useful. For objects that can be allocated statically, we recommend that the implementation support larger alignments, such as 4096. We do not recommend such large alignments for subtypes, because the maximum subtype alignment will also have to be used as the alignment of stack frames, heap objects, and class-wide objects. Similarly, we do not recommend such large alignments for stack-allocated objects.
If the maximum default Alignment is 8 (say, Long_Float'Alignment = 8), then the implementation can refuse to accept stricter alignments for subtypes. This simplifies the generated code, since the compiler can align the stack and class-wide types to this maximum without a substantial waste of space (or time).
Note that the recommended level of support takes into account interactions between Size and Alignment. For example, on a 32-bit machine with 8-bit storage elements, where load and store instructions have to be aligned according to the size of the thing being loaded or stored, the implementation might accept an Alignment of 1 if the Size is 8, but might reject an Alignment of 1 if the Size is 32. On a machine where unaligned loads and stores are merely inefficient (as opposed to causing hardware traps), we would expect an Alignment of 1 to be supported for any Size.
Wording Changes from Ada 83
The nonnegative part is missing from RM83 (for mod_clause
s, known in Ada 83 as alignment_clause
s, which are an obsolete version of Alignment clauses).
Static Semantics
39/1For a prefix
X that denotes an object:
X'Size
- Denotes the size in bits of the representation of the object. The value of this attribute is of the type universal_integer.
Note that Size is in bits even if Machine_Radix is 10. Each decimal digit (and the sign) is presumably represented as some number of bits.
- Size may be specified for [stand-alone] objects via an
attribute_definition_clause
; the expression of such a clause shall be static and its value nonnegative.
Aspect Description for Size (object): Size in bits of an object.
Implementation Advice
41.1/2The size of an array object should not include its bounds.
The Size of an array object should not include its bounds.
The recommended level of support for the Size attribute of objects is the same as for subtypes (see below), except that only a confirming Size clause is required to be supported for an aliased elementary object.
- This paragraph was deleted.
Static Semantics
44For every subtype S:
S'Size
- If S is definite, denotes the size [(in bits)] that the implementation would choose for the following objects of subtype S:
- A record component of subtype S when the record type is packed.
- The formal parameter of an instance of Unchecked_Conversion that converts from subtype S to some other subtype.
- If S is indefinite, the meaning is implementation defined. The value of this attribute is of the type universal_integer. The Size of an object is at least as large as that of its subtype, unless the object's Size is determined by a Size clause, a component_clause, or a Component_Size clause. Size may be specified for first subtypes via an
attribute_definition_clause
; the expression of such a clause shall be static and its value nonnegative.
The meaning of Size for indefinite subtypes.
The effects of specifying the Size of a subtype are:
- Unchecked_Conversion works in a predictable manner.
- A composite type cannot be packed so tightly as to override the specified Size of a component's subtype.
- Assuming the is obeyed, if the specified Size allows independent addressability, then the Size of certain objects of the subtype should be equal to the subtype's Size. This applies to stand-alone objects and to components (unless a
component_clause
or a Component_Size clause applies).
A component_clause
or a Component_Size clause can cause an object to be smaller than its subtype's specified size. The aspect Pack cannot; if a component subtype's size is specified, this limits how tightly the composite object can be packed.
The Size of a class-wide (tagged) subtype is unspecified, because it's not clear what it should mean; it should certainly not depend on all of the descendants that happen to exist in a given program. Note that this cannot be detected at compile time, because in a generic unit, it is not necessarily known whether a given subtype is class-wide. It might raise an exception on some implementations.
A Size clause for a numeric subtype need not affect the underlying numeric type. For example, if I say:
type S is range 1..2;
for S'Size use 64;
I am not guaranteed that S'Base'Last >= 2**63–1, nor that intermediate results will be represented in 64 bits.
There is no need to complicate implementations for this sort of thing, because the right way to affect the base range of a type is to use the normal way of declaring the base range:
type Big is range -2**63 .. 2**63 - 1;
subtype Small is Big range 1..1000;
The Size of a large unconstrained subtype (e.g. String'Size) is likely to raise Constraint_Error, since it is a nonstatic expression of type universal_integer that might overflow the largest signed integer type. There is no requirement that the largest integer type be able to represent the size in bits of the largest possible object.
Aspect Description for Size (subtype): Size in bits of a subtype.
Implementation Requirements
49In an implementation, Boolean'Size shall be 1.
Implementation Advice
50/5If the Size of a subtype is nonconfirming and allows for efficient independent addressability (see 9.10) on the target architecture, then the Object_Size of the subtype should have the same value in the absence of an explicit specification of a different value.
Paragraphs 51 and 52 were moved to the for attribute Object_Size.
If the Size of a subtype is nonconfirming and allows for efficient independent addressability, then the Object_Size of the subtype (unless otherwise specified) should equal the Size of the subtype.
Thus, on a typical 32-bit machine, “for S'Size use 32;” will guarantee that aliased objects of subtype S, and components whose subtype is S, will have Size = 32 (assuming the implementation chooses to obey this ). On the other hand, if one writes, “for S2'Size use 5;” then stand-alone objects of subtype S2 will typically have their Size rounded up to ensure independent addressability.
Note that “for S'Size use 32;” does not cause things like formal parameters to have Size = 32 — the implementation is allowed to make all parameters be at least 64 bits, for example.
Note that “for S2'Size use 5;” requires record components whose subtype is S2 to be exactly 5 bits if the record type is packed. The same is not true of array components; their Size may be rounded up to the nearest factor of the word size.
On most machines, arrays don't contain gaps between elementary components; if the Component_Size is greater than the Size of the component subtype, the extra bits are generally considered part of each component, rather than gaps between components. On the other hand, a record might contain gaps between elementary components, depending on what sorts of loads, stores, and masking operations are generally done by the generated code.
For an array, any extra bits stored for each elementary component will generally be part of the component — the whole point of storing extra bits is to make loads and stores more efficient by avoiding the need to mask out extra bits. The PDP-10 is one counter-example; since the hardware supports byte strings with a gap at the end of each word, one would want to pack in that manner.
We talk about the explicit specification of Object_Size so that we have specified what happens if both Object_Size and Size are specified incompatibly; we give priority to Object_Size. Note that the value of Size no longer has any direct effect on the Size of objects; what happens instead is that the value of Size can have an effect on the value of Object_Size in the absence of a specification for Object_Size, and it is always the value of Object_Size that determines the size of an object.
A Size clause on a composite subtype should not affect the internal layout of components.
A Size clause on a composite subtype should not affect the internal layout of components.
That's what Pack aspects, record_representation_clause
s, and Component_Size clauses are for.
The recommended level of support for the Size attribute of subtypes is:
- The Size (if not specified) of a static discrete or fixed point subtype should be the number of bits necessary to represent each value belonging to the subtype using an unbiased representation, leaving space for a sign bit only if the subtype contains negative values. If such a subtype is a first subtype, then an implementation should support a specified Size for it that reflects this representation.
This applies to static enumeration subtypes, using the internal codes used to represent the values.
For a two's-complement machine, this implies that for a static signed integer subtype S, if all values of S are in the range 0 .. 2n–1, or all values of S are in the range –2n–1 .. 2n–1–1, for some n less than or equal to the word size, then S'Size should be <= the smallest such n. For a one's-complement machine, it is the same except that in the second range, the lower bound “–2n–1” is replaced by “–2n–1+1”.
If an integer subtype (whether signed or unsigned) contains no negative values, the Size should not include space for a sign bit.
Typically, the implementation will choose to make the Size of a subtype be exactly the smallest such n. However, it might, for example, choose a biased representation, in which case it could choose a smaller value.
On most machines, it is in general not a good idea to pack (parts of) multiple stand-alone objects into the same storage element, because (1) it usually doesn't save much space, and (2) it requires locking to prevent tasks from interfering with each other, since separate stand-alone objects are independently addressable. Therefore, if S'Size = 2 on a machine with 8-bit storage elements, the size of a stand-alone object of subtype S will probably not be 2. It might, for example, be 8, 16 or 32, depending on the availability and efficiency of various machine instructions. The same applies to components of composite types, unless Pack, Component_Size, or record layout is specified.
For an unconstrained discriminated object, if the implementation allocates the maximum possible size, then the Size attribute should return that maximum possible size.
The Size of an object X is not usually the same as that of its subtype S. If X is a stand-alone object or a parameter, for example, most implementations will round X'Size up to a storage element boundary, or more, so X'Size might be greater than S'Size. On the other hand, X'Size cannot be less than S'Size, even if the implementation can prove, for example, that the range of values actually taken on by X during execution is smaller than the range of S.
For example, if S is a first integer subtype whose range is 0..3, S'Size will be probably be 2 bits, and components of packed composite types of this subtype will be 2 bits (assuming Storage_Unit is a multiple of 2), but stand-alone objects and parameters will probably not have a size of 2 bits; they might be rounded up to 32 bits, for example. On the other hand, Unchecked_Conversion will use the 2-bit size, even when converting a stand-alone object, as one would expect.
Another reason for making the Size of an object bigger than its subtype's Size is to support the run-time detection of uninitialized variables. The implementation might add an extra value to a discrete subtype that represents the uninitialized state, and check for this value on use. In some cases, the extra value will require an extra bit in the representation of the object. Such detection is not required by the language. If it is provided, the implementation has to be able to turn it off. For example, if the programmer gives a record_representation_clause
or Component_Size clause that makes a component too small to allow the extra bit, then the implementation will not be able to perform the checking (not using this method, anyway).
The fact that the size of an object is not necessarily the same as its subtype can be confusing:
type Device_Register is range 0..2**8 - 1;
for Device_Register'Size use 8; -- Confusing!
My_Device : Device_Register;
for My_Device'Address use To_Address(16#FF00#);
The programmer might think that My_Device'Size is 8, and that My_Device'Address points at an 8-bit location. However, this is not guaranteed to be true. In Ada 83 (and in Ada 95), My_Device'Size might well be 32, and My_Device'Address might well point at the high-order 8 bits of the 32-bit object, which are always all zero bits. If My_Device'Address is passed to an assembly language subprogram, based on the programmer's assumption, the program will not work properly.
It is not reasonable to require that an implementation allocate exactly 8 bits to all objects of subtype Device_Register. For example, in many run-time models, stand-alone objects and parameters are always aligned to a word boundary. Such run-time models are generally based on hardware considerations that are beyond the control of the implementer. (It is reasonable to require that an implementation allocate exactly 8 bits to all components of subtype Device_Register, if packed.)
The correct way to write the above code is like this:
type Device_Register is range 0..2**8 - 1;
My_Device : Device_Register;
for My_Device'Size use 8;
for My_Device'Address use To_Address(16#FF00#);
If the implementation cannot accept 8-bit stand-alone objects, then this will be illegal. However, on a machine where an 8-bit device register exists, the implementation will probably be able to accept 8-bit stand-alone objects. Therefore, My_Device'Size will be 8, and My_Device'Address will point at those 8 bits, as desired.
If an object of subtype Device_Register is passed to a foreign language subprogram, it will be passed according to that subprogram's conventions. Most foreign language implementations have similar run-time model restrictions. For example, when passing to a C function, where the argument is of the C type char* (that is, pointer to char), the C compiler will generally expect a full word value, either on the stack, or in a register. It will not expect a single byte. Thus, Size clauses for subtypes really have nothing to do with passing parameters to foreign language subprograms.
- For a subtype implemented with levels of indirection, the Size should include the size of the pointers, but not the size of what they point at.
For example, if a task object is represented as a pointer to some information (including a task stack), then the size of the object should be the size of the pointer. The Storage_Size, on the other hand, should include the size of the stack.
- An implementation should support a Size clause for a discrete type, fixed point type, record type, or array type, subject to the following:
- An implementation is not required to support a Size clause for a signed integer type specifying a Size greater than that of the largest signed integer type supported by the implementation in the absence of a size clause (that is, when the size is chosen by default). A corresponding limitation may be imposed for modular integer types, fixed point types, enumeration types, record types, and array types.
Note that the “corresponding limitation” for a record or array type implies that an implementation may impose some reasonable maximum size for records and arrays (e.g. 2**32 bits), which is an upper bound (“capacity” limit) on the size, whether chosen by default or by being specified by the user. The largest size supported for records need not be the same as the largest size supported for arrays.
Only Size clauses with a size greater than or equal to the Size that would be chosen by default may be safely presumed to be supported on nonstatic elementary subtypes. Implementations may choose to support smaller sizes, but only if the Size allows any value of the subtype to be represented, for any possible value of the bounds.
- A nonconfirming size clause for the first subtype of a derived untagged by-reference type is not required to be supported.
The recommended level of support for the Size attribute should be followed.
There is no recommendation to support any nonconfirming Size clauses for types not mentioned above. Remember that 13.1 requires support for confirming Size clauses for all types.
NOTE 5 Size is a subtype-specific attribute.
NOTE 6 A component_clause
or Component_Size clause can override a specified Size. Aspect Pack cannot.
Inconsistencies With Ada 83
We specify the meaning of Size in much more detail than Ada 83. This is not technically an inconsistency, but it is in practice, as most Ada 83 compilers use a different definition for Size than is required here. This should have been documented more explicitly during the Ada 9X process.
Wording Changes from Ada 83
The requirement for a nonnegative value in a Size clause was not in RM83, but it's hard to see how it would make sense. For uniformity, we forbid negative sizes, rather than letting implementations define their meaning.
Static Semantics
58.1/5For every subtype S:
S'Object_Size
- If S is definite, denotes the size (in bits) of a stand-alone aliased object, or a component of subtype S in the absence of an
aspect_specification
or representation item that specifies the size of the object or component. If S is indefinite, the meaning is implementation-defined. The value of this attribute is of the type universal_integer. If not specified otherwise, the Object_Size of a subtype is at least as large as the Size of the subtype. Object_Size may be specified via anattribute_definition_clause
; the expression of such a clause shall be static and its value nonnegative. All aliased objects with nominal subtype S have the size S'Object_Size. In the absence of an explicit specification, the Object_Size of a subtype S defined by asubtype_indication
without a constraint, is that of the value of the Object_Size of the subtype denoted by thesubtype_mark
of thesubtype_indication
, at the point of this definition.
The meaning of Object_Size for indefinite subtypes.
We allow the specification of Object_Size for any subtype (not just first subtypes, as with other aspects). An implementation can, of course, put restrictions on which subtypes allow specification of Object_Size (as with any representation attribute).
Implementation Advice
58.3/5If S is a definite first subtype and S'Object_Size is not specified, S'Object_Size should be the smallest multiple of the storage element size larger than or equal to S'Size that is consistent with the alignment of S.
If S is a definite first subtype for which Object_Size is not specified, S'Object_Size should be the smallest multiple of the storage element size larger than or equal to S'Size that is consistent with the alignment of S.
Many implementations “round up” allocations to the nearest multiple of the alignment. For instance, this example appears in the GNAT documentation:
[Given] a record containing an integer and a character:
type Rec is record
I : Integer;
C : Character;
end record;
will have a size of 40 (that is Rec'Size will be 40). The alignment will be 4, because of the integer field, and so the default size of record objects for this type will be 64 (8 bytes).
We purposely used the vague phrase “consistent with the alignment of S” so that implementations that do not round up allocations (just using padding to provide alignment) are not required to do any rounding up.
If X denotes an object (including a component) of subtype S, X'Size should equal S'Object_Size, unless:
- X'Size is specified; or
- X is a nonaliased stand-alone object; or
- The size of X is determined by a
component_clause
or Component_Size clause; or 58.8/5 - The type containing component X is packed.
The Size of most objects of a subtype should equal the Object_Size of the subtype.
An Object_Size clause on a composite type should not affect the internal layout of components.
An Object_Size clause on a composite type should not affect the internal layout of components.
The recommended level of support for the Object_Size attribute of subtypes is:
- If S is a static signed integer subtype, the implementation should support the specification of S'Object_Size to match the size of any signed integer base subtype provided by the implementation that is no smaller than S'Size. Corresponding support is expected for modular integer subtypes, fixed point subtypes, and enumeration subtypes.
The intent is that a compiler need support only those Object_Sizes for integer subtypes that it might select for an integer type declaration. Similarly for the other kinds of subtypes listed.
- If S is an array or record subtype with static constraints and S is not a first subtype of a derived untagged by-reference type, the implementation should support the specification of S'Object_Size to be any multiple of the storage element size that is consistent with the alignment of S, that is no smaller than S'Size, and that is no larger than that of the largest composite subtype supported by the implementation.
Any extra bits required this way will be padding bits. Unlike elementary objects, padding bits can be considered part of composite objects.
- If S is some other subtype, only confirming specifications of Object_Size are required to be supported.
The recommended level of support for the Object_Size attribute should be followed.
Static Semantics
59/1For a prefix
T that denotes a task object [(after any implicit dereference)]:
T'Storage_Size
- Denotes the number of storage elements reserved for the task. The value of this attribute is of the type universal_integer. The Storage_Size includes the size of the task's stack, if any. The language does not specify whether or not it includes other storage associated with the task (such as the “task control block” used by some implementations.) If the aspect Storage_Size is specified for the type of the object, the value of the Storage_Size attribute is at least the value determined by the aspect.
The value of this attribute is never negative, since it is impossible to “reserve” a negative number of storage elements.
If the implementation chooses to allocate an initial amount of storage, and then increase this as needed, the Storage_Size cannot include the additional amounts (assuming the allocation of the additional amounts can raise Storage_Error); this is inherent in the meaning of “reserved”.
The implementation is allowed to allocate different amounts of storage for different tasks of the same subtype.
[Aspect Storage_Size specifies the amount of storage to be reserved for the execution of a task.]
Paragraphs 62 through 65 were moved to Annex J, “Obsolescent Features”.
Static Semantics
65.1/3For a task type (including the anonymous type of a single_task_declaration
), the following language-defined representation aspect may be specified:
Storage_Size
- The Storage_Size aspect is an
expression
, which shall be of any integer type.
To be honest: This definition somewhat conflicts with the "automatic" one for the obsolescent attribute Storage_Size (which can be specified). The only difference is where the given expression is evaluated. We intend for the above definition to supersede that "automatic" definition for this attribute.
Note that the value of the Storage_Size aspect is an expression
; it is not the value of an expression
. The expression
is evaluated for each object of the type (see below).
Aspect Description for Storage_Size (task): Size in storage elements reserved for a task type or single task object.
Legality Rules
65.3/3The Storage_Size aspect shall not be specified for a task interface type.
Dynamic Semantics
66/3When a task object is created, the expression
(if any) associated with the Storage_Size aspect of its type is evaluated; the Storage_Size attribute of the newly created task object is at least the value of the expression
.
The implementation is allowed to round up a specified Storage_Size amount. For example, if the implementation always allocates in chunks of 4096 bytes, the number 200 might be rounded up to 4096. Also, if the user specifies a negative number, the implementation has to normalize this to 0, or perhaps to a positive number.
If the Storage_Size aspect is not specified for the type of the task object, the value of the Storage_Size attribute is unspecified.
At the point of task object creation, or upon task activation, Storage_Error is raised if there is insufficient free storage to accommodate the requested Storage_Size.
Static Semantics
68/1For a prefix
X that denotes an array subtype or array object [(after any implicit dereference)]:
X'Component_Size
- Denotes the size in bits of components of the type of X. The value of this attribute is of type universal_integer.
- Component_Size may be specified for array types via an
attribute_definition_clause
; the expression of such a clause shall be static, and its value nonnegative.
The intent is that the value of X'Component_Size is always nonnegative. If the array is stored “backwards” in memory (which might be caused by an implementation-defined pragma), X'Component_Size is still positive.
For an array object A, A'Component_Size = A(I)'Size for any index I.
Aspect Description for Component_Size: Size in bits of a component of an array type.
Implementation Advice
71The recommended level of support for the Component_Size attribute is:
- An implementation is not required to support specified Component_Sizes that are less than the Size of the component subtype.
- An implementation should support specified Component_Sizes that are factors and multiples of the word size. For such Component_Sizes, the array should contain no gaps between components. For other Component_Sizes (if supported), the array should contain no gaps between components when Pack is also specified; the implementation should forbid this combination in cases where it cannot support a no-gaps representation.
For example, if Storage_Unit = 8, and Word_Size = 32, then the user is allowed to specify a Component_Size of 1, 2, 4, 8, 16, and 32, with no gaps. In addition, n*32 is allowed for positive integers n, again with no gaps. If the implementation accepts Component_Size = 3, then it might allocate 10 components per word, with a 2-bit gap at the end of each word (unless Pack is also specified), or it might not have any internal gaps at all. (There can be gaps at either end of the array.)
The recommended level of support for the Component_Size attribute should be followed.
Static Semantics
73.1/3For a prefix
X that denotes an object:
X'Has_Same_Storage
- X'Has_Same_Storage denotes a function with the following specification:
function X'Has_Same_Storage (Arg : any_type)
return Boolean
73.4/4
- The actual parameter shall be a name that denotes an object. The object denoted by the actual parameter can be of any type. This function evaluates the names of the objects involved. It returns True if the representation of the object denoted by the actual parameter occupies exactly the same bits as the representation of the object denoted by X and the objects occupy at least one bit; otherwise, it returns False.
Has_Same_Storage means that, if the representation is contiguous, the objects sit at the same address and occupy the same length of memory.
For a prefix
X that denotes an object:
X'Overlaps_Storage
- X'Overlaps_Storage denotes a function with the following specification:
function X'Overlaps_Storage (Arg : any_type)
return Boolean
73.8/3
- The actual parameter shall be a name that denotes an object. The object denoted by the actual parameter can be of any type. This function evaluates the names of the objects involved and returns True if the representation of the object denoted by the actual parameter shares at least one bit with the representation of the object denoted by X; otherwise, it returns False.
NOTE 8 X'Has_Same_Storage(Y) and X'Overlaps_Storage(Y) are not considered to be reads of X and Y.
Static Semantics
73.11/3{8652/0009} The following type-related operational attribute is defined: External_Tag.
{8652/0009} For every subtype S of a tagged type T (specific or class-wide):
S'External_Tag
- {8652/0040} S'External_Tag denotes an external string representation for S'Tag; it is of the predefined type String. External_Tag may be specified for a specific tagged type via an
attribute_definition_clause
; the expression of such a clause shall be static. The default external tag representation is implementation defined. See 13.13.2. The value of External_Tag is never inherited[; the default value is always used unless a new value is directly specified for a type].
The default external representation for a type tag.
Aspect Description for External_Tag: Unique identifier for a tagged type in streams.
Dynamic Semantics
75.1/3If a user-specified external tag S'External_Tag is the same as T'External_Tag for some other tagged type declared by a different declaration in the partition, Program_Error is raised by the elaboration of the attribute_definition_clause
.
This rule does not depend on the visibility of the other tagged type, but it does depend on the existence of the other tagged type. The other tagged type could have the default external tag or a user-specified external tag.
This rule allows the same declaration to be elaborated multiple times. In that case, different types could have the same external tag. If that happens, Internal_Tag would return some unspecified tag, and Descendant_Tag probably would return the intended tag (using the given ancestor to determine which type is intended). However, in some cases (such as multiple instantiations of a derived tagged type declared in a generic body), Tag_Error might be raised by Descendant_Tag if multiple types are identified.
Note that while there is a race condition inherent in this definition (which attribute_definition_clause
raises Program_Error depends on the order of elaboration), it doesn't matter as a program with two such clauses is simply wrong. Two types that both come from the same declaration are allowed, as noted previously.
Implementation Requirements
76In an implementation, the default external tag for each specific tagged type declared in a partition shall be distinct, so long as the type is declared outside an instance of a generic body. If the compilation unit in which a given tagged type is declared, and all compilation units on which it semantically depends, are the same in two different partitions, then the external tag for the type shall be the same in the two partitions. What it means for a compilation unit to be the same in two different partitions is implementation defined. At a minimum, if the compilation unit is not recompiled between building the two different partitions that include it, the compilation unit is considered the same in the two partitions.
What determines whether a compilation unit is the same in two different partitions.
These requirements are important because external tags are used for input/output of class-wide types. These requirements ensure that what is written by one program can be read back by some other program so long as they share the same declaration for the type (and everything it depends on).
The user may specify the external tag if (s)he wishes its value to be stable even across changes to the compilation unit in which the type is declared (or changes in some unit on which it depends).
We use a String rather than a Stream_Element_Array to represent an external tag for portability.
Note that the characters of an external tag need not all be graphic characters. In other words, the external tag can be a sequence of arbitrary 8-bit bytes.
Implementation Permissions
76.1/3If a user-specified external tag S'External_Tag is the same as T'External_Tag for some other tagged type declared by a different declaration in the partition, the partition may be rejected.
This is, in general, a post-compilation check. This permission is intended for implementations that do link-time construction of the external tag lookup table; implementations that dynamically construct the table will likely prefer to raise Program_Error upon elaboration of the problem construct. We don't want this check to require any implementation complexity, as it will be very rare that there would be a problem.
NOTE 9 The following language-defined attributes are specifiable, at least for some of the kinds of entities to which they apply: Address, Alignment, Bit_Order, Component_Size, External_Tag, Input, Machine_Radix, Output, Read, Size, Small, Storage_Pool, Storage_Size, Stream_Size, and Write.
NOTE 10 It follows from the general rules in 13.1 that if one writes “for X'Size use Y;” then the X'Size attribute_reference
will return Y (assuming the implementation allows the Size clause). The same is true for all of the specifiable attributes except Storage_Size.
An implementation may specify that an implementation-defined attribute is specifiable for certain entities. This follows from the fact that the semantics of implementation-defined attributes is implementation defined. An implementation is not allowed to make a language-defined attribute specifiable if it isn't.
Examples
79Examples of attribute definition clauses:
Byte : constant := 8;
Page : constant := 2**12;
81
type Medium is range 0 .. 65_000;
for Medium'Size use 2*Byte;
for Medium'Alignment use 2;
Device_Register : Medium;
for Device_Register'Size use Medium'Size;
for Device_Register'Address use
System.Storage_Elements.To_Address(16#FFFF_0020#);
82
type Short is delta 0.01 range -100.0 .. 100.0;
for Short'Size use 15;
83
for Car_Name'Storage_Size use -- specify access type's storage pool size
2000*((Car'Size/System.Storage_Unit) +1); -- approximately 2000 cars
84/2
function My_Input(Stream : not null access Ada.Streams.Root_Stream_Type'Class)
return T;
for T'Input use My_Input; -- see 13.13.2
85/5
In the Size clause for Short, fifteen bits is the minimum necessary, since the type definition requires Short'Small <= 2**(–7).
Extensions to Ada 83
The syntax rule for length_clause
is replaced with the new syntax rule for attribute_definition_clause
, and it is modified to allow a name
(as well as an expression).
Wording Changes from Ada 83
The syntax rule for attribute_definition_clause
now requires that the prefix of the attribute be a local_name
; in Ada 83 this rule was stated in the text.
In Ada 83, the relationship between a aspect_clause
specifying a certain aspect and an attribute that queried that aspect was unclear. In Ada 95, they are the same, except for certain explicit exceptions.
Wording Changes from Ada 95
{8652/0009} Corrigendum: Added wording to specify for each attribute whether it is an operational or representation attribute.
Adjusted the Recommended Level of Support for Alignment to eliminate nonsense requirements and to ensure that useful capabilities are required.
Adjusted the Recommended Level of Support for Size to eliminate nonsense requirements and to ensure that useful capabilities are required. Also eliminated any dependence on whether an aspect was specified (a confirming representation item should not affect the semantics).
Removed the requirement that specified alignments for a composite type cannot override those for their components, because it was never intended to apply to components whose location was specified with a representation item. Moreover, it causes a difference in legality when a confirming alignment is specified for one of the composite types.
Removed recommended level of support rules about types with by-reference and aliased parts, because there are now blanket rules covering all recommended level of support rules.
Split the definition of Alignment for subtypes and for objects. This simplified the wording and eliminated confusion about which rules applied to objects, which applied to subtypes, and which applied to both.
Inconsistencies With Ada 2005
An address attribute with a prefix of a generic formal subprogram whose actual parameter has convention Intrinsic now raises Program_Error. Since it is unlikely that such an attribute would have done anything useful (a subprogram with convention Intrinsic is not expected to have a normal subprogram body), it is highly unlikely that any existing programs would notice the difference, and any that do probably are buggy.
User-specified external tags that conflict with other external tags raise Program_Error (or are optionally illegal). This was legal and did not raise an exception in the past, although the effects were not defined. So while a program might depend on such behavior, the results were not portable (even to different versions of the same implementation). Such programs should be rare.
Incompatibilities With Ada 2005
An address attribute with a prefix of a subprogram with convention Intrinsic is now illegal. Such attributes are very unlikely to have provided a useful answer (the intended meaning of convention Intrinsic is that there is no actual subprogram body for the operation), so this is highly unlikely to affect any existing programs unless they have a hidden bug.
Extensions to Ada 2005
Aspect Storage_Size is new; pragma
Storage_Size is now obsolescent, joining attribute Storage_Size for task types.
Wording Changes from Ada 2005
Improved the description of erroneous execution for address clauses to make it clear that specifying an address inappropriate for the entity will lead to erroneous execution.