From: herwin@gmu.edu (Harry Erwin)
Subject: Re: Safety of the Booch Ada 95 Components
Date: 1999/12/10
Date: 1999-12-10T17:52:23+00:00 [thread overview]
Message-ID: <1e2lkpj.jfhkndlca1p6N%herwin@gmu.edu> (raw)
In-Reply-To: 38512921_3@news1.prserv.net
Matthew Heaney <matthew_heaney@acm.org> wrote:
> In article <1e2lds4.7trgj21rgj9i0N%herwin@gmu.edu> , herwin@gmu.edu
> (Harry Erwin) wrote:
>
> > Now I've been looking at the Booch components for Ada 95, and have
> > noticed that the Copy function typically starts by clearing the To
> > container.
>
> I haven't studied the Booch components specifically, but here's how Copy
> operations should be implemented in general.
>
> Assuming the data structure is implemented as a by-reference type (the
> type is tagged and/or limited), you can invoke RM95 13.3 (16) to legally
> compare the addresses of the subprogram parameters:
>
> procedure Copy
> (From : in Source_Type;
> To : in out Target_Type) is
> begin
> if From'Address = To'Address then
> return; -- do nothing, because From is same object as To
> end if;
That's missing from the code I've been looking at.
>
> Clear (To); -- safe, because we now know To isn't From
>
> <do rest of copy>
> end Copy;
>
> If the Booch Components don't first check whether aliasing has occurred,
> prior to clearing the target object, then perhaps something is wrong.
>
>
> > That immediately implies that they are not exception-safe,
> > but I'm concerned that they may not be safe under self-assignment as
> > well.
>
> I don't understand your comment about not being "exception-safe."
> Perhaps you could elaborate on that point.
Strong exception-safety == supports commit/rollback semantics.
Apparently in the Booch components, if the copy goes bad, the To
container has been cleared and is partially written. Basic exception
safety (== the container is still useable) is probably supported.
>
>
> > Is there something about the Ada 95 standard that guarantees that
> > there will be no aliasing of container args?
>
> No, it's up to you the programmer to determine whether aliasing has
> occurred.
That may not be possible.
>
> The idiom for determining whether aliasing has occurred is to compare
> object addresses, per RM95 13.3 (16).
Got it. Thanks!
>
>
> --
> Help keep evolution in the science classroom and religion out: become a
> member of the National Center for Science Education.
>
> <http://www.natcenscied.org/>
--
Harry Erwin, PhD, <http://mason.gmu.edu/~herwin>
next prev parent reply other threads:[~1999-12-10 0:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
1999-12-10 0:00 Safety of the Booch Ada 95 Components Harry Erwin
1999-12-10 0:00 ` Simon Wright
1999-12-12 0:00 ` Harry Erwin
1999-12-13 0:00 ` Simon Wright
1999-12-12 0:00 ` Simon Wright
1999-12-12 0:00 ` Matthew Heaney
1999-12-10 0:00 ` Matthew Heaney
1999-12-10 0:00 ` Harry Erwin [this message]
1999-12-12 0:00 ` Simon Wright
1999-12-12 0:00 ` Harry Erwin
1999-12-13 0:00 ` Simon Wright
1999-12-10 0:00 ` Hyman Rosen
1999-12-10 0:00 ` Matthew Heaney
1999-12-11 0:00 ` Harry Erwin
1999-12-12 0:00 ` Robert Dewar
1999-12-12 0:00 ` Harry Erwin
1999-12-13 0:00 ` Kent Paul Dolan
1999-12-13 0:00 ` Ted Dennison
1999-12-13 0:00 ` Simon Wright
1999-12-13 0:00 ` Robert I. Eachus
1999-12-13 0:00 ` Hyman Rosen
1999-12-13 0:00 ` Robert I. Eachus
1999-12-14 0:00 ` Simon Wright
1999-12-15 0:00 ` Harry Erwin
1999-12-15 0:00 ` Mats Weber
1999-12-17 0:00 ` Simon Wright
1999-12-14 0:00 ` Matthew Heaney
1999-12-10 0:00 ` Harry Erwin
1999-12-13 0:00 ` Tucker Taft
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox