From: gautier_niouzes@hotmail.com (Gautier)
Subject: Re: Ada style of passing 'in' parameters considered dangerous?
Date: 11 Feb 2003 01:14:52 -0800
Date: 2003-02-11T09:14:53+00:00 [thread overview]
Message-ID: <17cd177c.0302110114.2c46b52@posting.google.com> (raw)
In-Reply-To: 86isvuzabx.fsf@hoastest1-8c.hoasnet.inet.fi
Antti:
> My concerns here are:
>
> - Is this generally considered a dangerous thing in Ada (or in
> general)?
Not enough!
> - Have you encountered a non-trivial real-life case where the
> programmer has shot himself in the foot in the form of
> implementation-defined behavior because of the error mentioned above?
> I'd be interested to hear of any such cases.
See my other reply. IIRC, the worst were cases where procedure P
calls Q, Q calls R and R modifies an IN parameter because it references
also a [IN] OUT, then even the IN parameter of P is also modified after
the call to Q. Add loops and so on... :-}
> - If there are such cases, could it have been prevented by having
> different policy in the language? Do you think it would've been
> better to force the programmer to specify the parameter passing
> mechanism, for example?
Yes and no: the explicit passing mechanism has the advantage of being
...explicit, but it is not always optimal according to target system.
The "in,in/out,out" is very readable and catches a lot of errors.
The "in", especially, ensures a fast mode and avoiding an explicit
modification. The security problem happens rarely, but it happens.
I'd suggest that compilers issue a warning when the following
conditions meet:
- there are parameters of the same type, some IN, some [IN] OUT
- the compiler decides to pass the IN by reference
- an IN parameter is referenced after an IN OUT was modified
and also:
- for a call, when the same variable is passed to an IN
by reference and an [IN] OUT (it doesn't solve the issue of
".all" objects!).
________________________________________________________
Gautier -- http://www.mysunrise.ch/users/gdm/gsoft.htm
NB: For a direct answer, e-mail address on the Web site!
next prev parent reply other threads:[~2003-02-11 9:14 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-08 22:24 Ada style of passing 'in' parameters considered dangerous? Antti Sykari
2003-02-09 0:41 ` James S. Rogers
2003-02-09 2:11 ` Robert A Duff
2003-02-09 2:25 ` Jeffrey Carter
2003-02-11 8:39 ` Gautier
2003-02-09 2:01 ` Robert A Duff
2003-02-09 2:33 ` Vinzent Hoefler
2003-02-09 6:07 ` Richard Riehle
2003-02-09 7:13 ` Robert I. Eachus
2003-02-10 4:40 ` Martin Dowie
2003-02-09 2:08 ` Jeffrey Carter
2003-02-10 0:13 ` Leif Holmgren
2003-02-10 9:49 ` Rod Chapman
2003-02-11 9:14 ` Gautier [this message]
2003-02-11 13:49 ` Antti Sykari
2003-02-11 17:18 ` Gautier
2003-02-11 17:29 ` Vinzent Hoefler
2003-02-12 1:09 ` Richard Riehle
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox