Contents Index Search Previous Next
7.3 Private Types and Private Extensions
1
[The declaration (in the visible part of a package)
of a type as a private type or private extension serves to separate the
characteristics that can be used directly by outside program units (that
is, the logical properties) from other characteristics whose direct use
is confined to the package (the details of the definition of the type
itself). See
3.9.1 for an overview of type
extensions.
{private types and private extensions}
{information hiding: See private
types and private extensions} {opaque
type: See private types and private extensions} {abstract
data type (ADT): See private types and private extensions}
{ADT (abstract data type): See
private types and private extensions} ]
Language Design Principles
1.a
A private (untagged) type can
be thought of as a record type with the type of its single (hidden) component
being the full view.
1.b
A private tagged type can be
thought of as a private extension of an anonymous parent with no components.
The only dispatching operation of the parent is equality (although the
Size attribute, and, if nonlimited, assignment are allowed, and those
will presumably be implemented in terms of dispatching).
Syntax
2
private_type_declaration
::=
type defining_identifier [
discriminant_part]
is [[
abstract]
tagged] [
limited]
private;
3
private_extension_declaration
::=
type defining_identifier [
discriminant_part]
is
[
abstract]
new ancestor_subtype_indication with private;
Legality Rules
4
{partial view (of a type)}
{requires a completion (declaration
of a partial view) [partial]} A
private_type_declaration
or
private_extension_declaration
declares a
partial view of the type; such a declaration is allowed
only as a
declarative_item of the
visible part of a package, and it requires a completion, which shall
be a
full_type_declaration that
occurs as a
declarative_item of
the private part of the package.
{full view (of a
type)} The view of the type declared by
the
full_type_declaration is called
the
full view. A generic formal private type or a generic formal
private extension is also a partial view.
4.a
To be honest: A private
type can also be completed by a pragma
Import, if supported by an implementation.
4.b
Reason: We originally
used the term ``private view,'' but this was easily confused with the
view provided from the private part, namely the full view.
5
[A type shall be completely defined before it
is frozen (see
3.11.1 and
13.14).
Thus, neither the declaration of a variable of a partial view of a type,
nor the creation by an
allocator
of an object of the partial view are allowed before the full declaration
of the type. Similarly, before the full declaration, the name of the
partial view cannot be used in a
generic_instantiation
or in a representation item.]
5.a
6
[A private type is limited if its declaration
includes the reserved word limited; a private extension is limited
if its ancestor type is limited.] If the partial view is nonlimited,
then the full view shall be nonlimited. If a tagged partial view is limited,
then the full view shall be limited. [On the other hand, if an untagged
partial view is limited, the full view may be limited or nonlimited.]
7
If the partial view is tagged, then the full view
shall be tagged. [On the other hand, if the partial view is untagged,
then the full view may be tagged or untagged.] In the case where the
partial view is untagged and the full view is tagged, no derivatives
of the partial view are allowed within the immediate scope of the partial
view; [derivatives of the full view are allowed.]
7.a
Ramification: Note that
deriving from a partial view within its immediate scope can only occur
in a package that is a child of the one where the partial view is declared.
The rule implies that in the visible part of a public child package,
it is impossible to derive from an untagged private type declared in
the visible part of the parent package in the case where the full view
of the parent type turns out to be tagged. We considered a model in which
the derived type was implicitly redeclared at the earliest place within
its immediate scope where characteristics needed to be added. However,
we rejected that model, because (1) it would imply that (for an untagged
type) subprograms explicitly declared after the derived type could be
inherited, and (2) to make this model work for composite types as well,
several implicit redeclarations would be needed, since new characteristics
can become visible one by one; that seemed like too much mechanism.
7.b
Discussion: The rule
for tagged partial views is redundant for partial views that are private
extensions, since all extensions of a given ancestor tagged type are
tagged, and limited if the ancestor is limited. We phrase this rule partially
redundantly to keep its structure parallel with the other rules.
7.c
To be honest: This rule
is checked in a generic unit, rather than using the ``assume the best''
or ``assume the worst'' method.
7.d
Reason:
Tagged limited private types have certain capabilities that are incompatible
with having assignment for the full view of the type. In particular,
tagged limited private types can be extended with access discriminants
and components of a limited type, which works only because assignment
is not allowed. Consider the following example:
7.e
package P1 is
type T1 is tagged limited private;
procedure Foo(X : in T1'Class);
private
type T1 is tagged null record; -- Illegal!
-- This should say ``tagged limited null record''.
end P1;
7.f/1
package body P1 is
type A is access T1'Class;
Global : A;
procedure Foo(X : in T1'Class) is
begin
Global := new T1'Class'(X);
-- This would be illegal if the full view of
-- T1 were limited, like it's supposed to be.
end Foo A;
end P1;
7.g
with P1;
package P2 is
type T2(D : access Integer) -- Trouble!
is new P1.T1 with
record
My_Task : Some_Task_Type; -- More trouble!
end record;
end P2;
7.h/1
with P1;
with P2;
procedure Main is
Local : aliased Integer;
Y : P2.T2(D A => Local'Access);
begin
P1.Foo(Y);
end Main;
7.i
If the above example were legal,
we would have succeeded in making an access value that points to Main.Local
after Main has been left, and we would also have succeeded in doing an
assignment of a task object, both of which are supposed to be no-no's.
7.j
This rule is not needed for
private extensions, because they inherit their limitedness from their
ancestor, and there is a separate rule forbidding limited components
of the corresponding record extension if the parent is nonlimited.
7.k
Ramification:
A type derived from an untagged private type is untagged, even if
the full view of the parent is tagged, and even at places that can see
the parent:
7.l
package P is
type Parent is private;
private
type Parent is tagged
record
X: Integer;
end record;
end P;
7.m/1
with P;
package Q is
type T is new P. Parent;
end Q;
7.n
with Q; use Q;
package body P is
... T'Class ... -- Illegal!
Object: T;
... Object.X ... -- Illegal!
... Parent(Object).X ... -- OK.
end P;
7.o
The declaration of T declares
an untagged view. This view is always untagged, so T'Class is illegal,
it would be illegal to extend T, and so forth. The component name X is
never visible for this view, although the component is still there --
one can get one's hands on it via a type_conversion.
8
{ancestor subtype (of a private_extension_declaration)}
The
ancestor subtype of a
private_extension_declaration
is the subtype defined by the
ancestor_subtype_indication;
the ancestor type shall be a specific tagged type. The full view of a
private extension shall be derived (directly or indirectly) from the
ancestor type. In addition to the places where Legality Rules normally
apply (see
12.3), the requirement that the
ancestor be specific applies also in the private part of an instance
of a generic unit.
8.a
Reason: This rule allows
the full view to be defined through several intermediate derivations,
possibly from a series of types produced by generic_instantiations.
9
If the declaration of a partial view includes
a
known_discriminant_part, then
the
full_type_declaration shall
have a fully conforming [(explicit)]
known_discriminant_part
[(see
6.3.1, ``
Conformance
Rules'')].
{full conformance (required)}
[The ancestor subtype may be unconstrained; the parent
subtype of the full view is required to be constrained (see
3.7).]
9.a
Discussion: If the ancestor
subtype has discriminants, then it is usually best to make it unconstrained.
9.b
Ramification: If the
partial view has a known_discriminant_part,
then the full view has to be a composite, non-array type, since only
such types may have known discriminants. Also, the full view cannot inherit
the discriminants in this case; the known_discriminant_part
has to be explicit.
9.c
That
is, the following is illegal:
9.d
package P is
type T(D : Integer) is private;
private
type T is new Some_Other_Type; -- Illegal!
end P;
9.e
even if Some_Other_Type has
an integer discriminant called D.
9.f
It is a ramification of this
and other rules that in order for a tagged type to privately inherit
unconstrained discriminants, the private type declaration has to have
an unknown_discriminant_part.
10
If a private extension inherits known discriminants
from the ancestor subtype, then the full view shall also inherit its
discriminants from the ancestor subtype, and the parent subtype of the
full view shall be constrained if and only if the ancestor subtype is
constrained.
10.a
Reason: The first part
ensures that the full view has the same discriminants as the partial
view. The second part ensures that if the partial view is unconstrained,
then the full view is also unconstrained; otherwise, a client might constrain
the partial view in a way that conflicts with the constraint on the full
view.
11
[If a partial view has unknown discriminants,
then the full_type_declaration may
define a definite or an indefinite subtype, with or without discriminants.]
12
If a partial view has neither known nor unknown
discriminants, then the full_type_declaration
shall define a definite subtype.
13
If the ancestor subtype of a private extension
has constrained discriminants, then the parent subtype of the full view
shall impose a statically matching constraint on those discriminants.
{statically matching (required) [partial]}
13.a
Ramification: If the
parent type of the full view is not the ancestor type, but is rather
some descendant thereof, the constraint on the discriminants of the parent
type might come from the declaration of some intermediate type in the
derivation chain between the ancestor type and the parent type.
13.b
Reason:
This prevents the following:
13.c
package P is
type T2 is new T1(Discrim => 3) with private;
private
type T2 is new T1(Discrim => 999) -- Illegal!
with record ...;
end P;
13.d
The constraints in this example
do not statically match.
13.e
If
the constraint on the parent subtype of the full view depends on discriminants
of the full view, then the ancestor subtype has to be unconstrained:
13.f
type One_Discrim(A: Integer) is tagged ...;
...
package P is
type Two_Discrims(B: Boolean; C: Integer) is new One_Discrim with private;
private
type Two_Discrims(B: Boolean; C: Integer) is new One_Discrim(A => C) with
record
...
end record;
end P;
13.g
The above example would be illegal
if the private extension said ``is new One_Discrim(A => C);'', because
then the constraints would not statically match. (Constraints that depend
on discriminants are not static.)
Static Semantics
14
{private type [partial]}
A
private_type_declaration
declares a private type and its first subtype.
{private
extension [partial]} Similarly, a
private_extension_declaration
declares a private extension and its first subtype.
14.a
Discussion: {package-private
type} A package-private type is one declared
by a private_type_declaration; that
is, a private type other than a generic formal private type. {package-private
extension} Similarly, a package-private extension
is one declared by a private_extension_declaration.
These terms are not used in the RM95 version of this document.
15
A declaration of a partial view and the corresponding
full_type_declaration define two
views of a single type. The declaration of a partial view together with
the visible part define the operations that are available to outside
program units; the declaration of the full view together with the private
part define other operations whose direct use is possible only within
the declarative region of the package itself.
{characteristics}
Moreover, within the scope of the declaration of
the full view, the
characteristics of the type are determined
by the full view; in particular, within its scope, the full view determines
the classes that include the type, which components, entries, and protected
subprograms are visible, what attributes and other predefined operations
are allowed, and whether the first subtype is static. See
7.3.1.
16
A private extension inherits components (including
discriminants unless there is a new
discriminant_part
specified) and user-defined primitive subprograms from its ancestor type,
in the same way that a record extension inherits components and user-defined
primitive subprograms from its parent type (see
3.4).
16.a
To be honest: If an operation
of the parent type is abstract, then the abstractness of the inherited
operation is different for nonabstract record extensions than for nonabstract
private extensions (see 3.9.3).
Dynamic Semantics
17
{elaboration (private_type_declaration)
[partial]} The elaboration of a
private_type_declaration
creates a partial view of a type.
{elaboration (private_extension_declaration)
[partial]} The elaboration of a
private_extension_declaration
elaborates the
ancestor_subtype_indication,
and creates a partial view of a type.
18
5 The partial view of a
type as declared by a private_type_declaration
is defined to be a composite view (in 3.2).
The full view of the type might or might not be composite. A private
extension is also composite, as is its full view.
19
6 Declaring a private type
with an unknown_discriminant_part
is a way of preventing clients from creating uninitialized objects of
the type; they are then forced to initialize each object by calling some
operation declared in the visible part of the package. If such a type
is also limited, then no objects of the type can be declared outside
the scope of the full_type_declaration,
restricting all object creation to the package defining the type. This
allows complete control over all storage allocation for the type. Objects
of such a type can still be passed as parameters, however.
19.a
Discussion: {generic
contract/private type contract analogy} Packages
with private types are analogous to generic packages with formal private
types, as follows: The declaration of a package-private type is like
the declaration of a formal private type. The visible part of the package
is like the generic formal part; these both specify a contract (that
is, a set of operations and other things available for the private type).
The private part of the package is like an instantiation of the generic;
they both give a full_type_declaration
that specifies implementation details of the private type. The clients
of the package are like the body of the generic; usage of the private
type in these places is restricted to the operations defined by the contract.
19.b
In other words, being inside
the package is like being outside the generic, and being outside the
package is like being inside the generic; a generic is like an ``inside-out''
package.
19.c
This analogy also works for
private extensions in the same inside-out way.
19.d
Many of the legality rules are
defined with this analogy in mind. See, for example, the rules relating
to operations of [formal] derived types.
19.e
The completion rules for a private
type are intentionally quite similar to the matching rules for a generic
formal private type.
19.f
This analogy breaks down in
one respect: a generic actual subtype is a subtype, whereas the full
view for a private type is always a new type. (We considered allowing
the completion of a private_type_declaration
to be a subtype_declaration, but
the semantics just won't work.) This difference is behind the fact that
a generic actual type can be class-wide, whereas the completion of a
private type always declares a specific type.
20
7 The ancestor type specified
in a private_extension_declaration
and the parent type specified in the corresponding declaration of a record
extension given in the private part need not be the same -- the parent
type of the full view can be any descendant of the ancestor type. In
this case, for a primitive subprogram that is inherited from the ancestor
type and not overridden, the formal parameter names and default expressions
(if any) come from the corresponding primitive subprogram of the specified
ancestor type, while the body comes from the corresponding primitive
subprogram of the parent type of the full view. See 3.9.2.
Examples
21
Examples of
private type declarations:
22
type Key is private;
type File_Name is limited private;
23
Example of a private
extension declaration:
24
type List is new Ada.Finalization.Controlled with private;
Extensions to Ada 83
24.a
{extensions to Ada 83}
The syntax for a private_type_declaration
is augmented to allow the reserved word tagged.
24.b
In Ada 83, a private type without
discriminants cannot be completed with a type with discriminants. Ada
95 allows the full view to have discriminants, so long as they have defaults
(that is, so long as the first subtype is definite). This change is made
for uniformity with generics, and because the rule as stated is simpler
and easier to remember than the Ada 83 rule. In the original version
of Ada 83, the same restriction applied to generic formal private types.
However, the restriction was removed by the ARG for generics. In order
to maintain the ``generic contract/private type contract analogy'' discussed
above, we have to apply the same rule to package-private types. Note
that a private untagged type without discriminants can be completed with
a tagged type with discriminants only if the full view is constrained,
because discriminants of tagged types cannot have defaults.
Wording Changes from Ada 83
24.c
RM83-7.4.1(4), ``Within the
specification of the package that declares a private type and before
the end of the corresponding full type declaration, a restriction applies....'',
is subsumed (and corrected) by the rule that a type shall be completely
defined before it is frozen, and the rule that the parent type of a derived
type declaration shall be completely defined, unless the derived type
is a private extension.
Contents Index Search Previous Next Legal