From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news2.google.com!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!cyclone1.gnilink.net!gnilink.net!nx02.iad01.newshosting.com!newshosting.com!newspeer.monmouth.com!newsswitch.lcs.mit.edu!nntp.TheWorld.com!not-for-mail From: Robert A Duff Newsgroups: comp.lang.ada Subject: Re: Issue with GNAT GPL 2009 and GtkAda Date: Tue, 30 Jun 2009 14:10:22 -0400 Organization: The World Public Access UNIX, Brookline, MA Message-ID: References: <4A414EBB.8060204@free.fr> <1avd65rn49abv$.krcxo2gdzb16$.dlg@40tude.net> <4a43c9ce$0$420$426a74cc@news.free.fr> <4a44ae4e$0$6295$4f793bc4@news.tdc.fi> NNTP-Posting-Host: shell01.theworld.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: pcls6.std.com 1246385423 31252 192.74.137.71 (30 Jun 2009 18:10:23 GMT) X-Complaints-To: abuse@TheWorld.com NNTP-Posting-Date: Tue, 30 Jun 2009 18:10:23 +0000 (UTC) User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix) Cancel-Lock: sha1:9JXDnRGM2tQCnzZPG/aaE8pOfCU= Xref: g2news2.google.com comp.lang.ada:6766 Date: 2009-06-30T14:10:22-04:00 List-Id: Stephen Leake writes: > Robert A Duff writes: >> type T_Ref is access all T; >> Global : T_Ref; >> >> procedure P (X : in out T) is -- Suppose T is tagged. >> begin >> Global := X'Access; -- Illegal! >> end P; >> >> procedure Q (...) is >> Local : aliased T; >> begin >> P (Local); >> end Q; >> >> After calling Q, Global is a dangling pointer. The language design rule >> is: If you do anything that _might_ create a dangling pointer, you >> have to use 'Unchecked_Access (and take care). > > But if X was actually a global object, 'Access would be ok; I thought > the run-time accessibility checks would handle that case for tagged > types. > > But apparently accessibility information is only passed with access > parameters (either 'access', or 'in [out]' of an access type). Right. Access parameters (anonymous access types only!) get the extra info, other parameters, and regular objects and so on do not. > This is my key mis-understanding. If 'in out' parameters of tagged types > carried accessibility information that could be checked at runtime, > the above example would be ok. Yes. > I'm not clear why you say that is the "wrong direction". Because I think it was a mistake to use dynamic accessibility for access parameters. For the usual reasons: Catching errors sooner is better than later. Especially when "later" means "by the customer". Run-time checks are inefficient. Run-time checks give more flexibility, usually. But in this case, I don't find that important. When using access parameters, it's (almost?) always the case that either: 1. The callee expects to store the pointer in a global, so the caller needs to pass a pointer to a global. 2. The caller can pass pointers to local objects, so the callee had better not store the pointer in a global. And this distinction is known when writing the code. You don't see code like: if (the thing is pointing to a global) then Store it globally; else Do something else; end if; Unfortunately, this distinction is not visible in the spec. How is the caller supposed to know whether it's OK to pass a pointer to local? You have to look at the body of the callee, or trust in comments. I also don't like the fact that anonymity causes all kinds of magic. It's confusing. I think: type T is ; X : T; and X : ; ought to mean the same thing (whether X is a parameter, or something else). - Bob