From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,8acd4291c317f897 X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,8acd4291c317f897 X-Google-Attributes: gid109fba,public From: herwin@gmu.edu (Harry Erwin) Subject: Re: Safety of the Booch Ada 95 Components Date: 1999/12/10 Message-ID: <1e2lkpj.jfhkndlca1p6N%herwin@gmu.edu>#1/1 X-Deja-AN: 559071106 References: <1e2lds4.7trgj21rgj9i0N%herwin@gmu.edu> <38512921_3@news1.prserv.net> Organization: HDE Associates X-Server-Date: 10 Dec 1999 17:52:23 GMT User-Agent: MacSOUP/2.4.1 Newsgroups: comp.lang.ada,comp.lang.c++ Date: 1999-12-10T17:52:23+00:00 List-Id: Matthew Heaney wrote: > In article <1e2lds4.7trgj21rgj9i0N%herwin@gmu.edu> , herwin@gmu.edu > (Harry Erwin) wrote: > > > Now I've been looking at the Booch components for Ada 95, and have > > noticed that the Copy function typically starts by clearing the To > > container. > > I haven't studied the Booch components specifically, but here's how Copy > operations should be implemented in general. > > Assuming the data structure is implemented as a by-reference type (the > type is tagged and/or limited), you can invoke RM95 13.3 (16) to legally > compare the addresses of the subprogram parameters: > > procedure Copy > (From : in Source_Type; > To : in out Target_Type) is > begin > if From'Address = To'Address then > return; -- do nothing, because From is same object as To > end if; That's missing from the code I've been looking at. > > Clear (To); -- safe, because we now know To isn't From > > > end Copy; > > If the Booch Components don't first check whether aliasing has occurred, > prior to clearing the target object, then perhaps something is wrong. > > > > That immediately implies that they are not exception-safe, > > but I'm concerned that they may not be safe under self-assignment as > > well. > > I don't understand your comment about not being "exception-safe." > Perhaps you could elaborate on that point. Strong exception-safety == supports commit/rollback semantics. Apparently in the Booch components, if the copy goes bad, the To container has been cleared and is partially written. Basic exception safety (== the container is still useable) is probably supported. > > > > Is there something about the Ada 95 standard that guarantees that > > there will be no aliasing of container args? > > No, it's up to you the programmer to determine whether aliasing has > occurred. That may not be possible. > > The idiom for determining whether aliasing has occurred is to compare > object addresses, per RM95 13.3 (16). Got it. Thanks! > > > -- > Help keep evolution in the science classroom and religion out: become a > member of the National Center for Science Education. > > -- Harry Erwin, PhD,