From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,8acd4291c317f897 X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,8acd4291c317f897 X-Google-Attributes: gid109fba,public From: herwin@gmu.edu (Harry Erwin) Subject: Re: Safety of the Booch Ada 95 Components Date: 1999/12/12 Message-ID: <1e2pl97.97q6v6s9u4jkN%herwin@gmu.edu>#1/1 X-Deja-AN: 559836708 References: <1e2lds4.7trgj21rgj9i0N%herwin@gmu.edu> Organization: HDE Associates X-Server-Date: 12 Dec 1999 21:57:13 GMT User-Agent: MacSOUP/2.4.1 Newsgroups: comp.lang.ada,comp.lang.c++ Date: 1999-12-12T21:57:13+00:00 List-Id: Simon Wright wrote: > herwin@gmu.edu (Harry Erwin) writes: > > > In C++, the equate operation for a container class C is preferably > > defined as follows (Sutter, Exceptional C++, Addison-Wesley, 2000): > > > > template > > C& operator=(const C& c) > > { > > if(&c == this) return *this; // not required; done for efficiency > > C temp(c); // uses the copy constructor, may throw > > swap(temp, *this); // swaps the guts of this container with > > // temp. May not throw. > > return *this; // May not throw. > > } // the destructor for temp releases the memory originally in this > > // container, and destructors may not throw > > > > This is strongly exception-safe and exception-neutral, since only the > > copy constructor can throw, and that occurs before the guts are swapped. > > Hence the container remains useable, and no objects are lost from it. > > Now I've been looking at the Booch components for Ada 95, and have > > noticed that the Copy function typically starts by clearing the To > > container. That immediately implies that they are not exception-safe, > > but I'm concerned that they may not be safe under self-assignment as > > well. Is there something about the Ada 95 standard that guarantees that > > there will be no aliasing of container args? > > (1) the Copy subprogram -- in this case > > procedure Copy (From : Queue'Class; To : in out Queue'Class); > > is used for copying queues using the same element type but different > storage allocation strategies (Bounded, Unbounded). It's the > equivalent of the C++ > > virtual BC_TQueue& operator=(const BC_TQueue&); In C++ 99, we'd use: C1 source; // assume initialized C2 destination(source.begin(), source.end()); // strongly safe This uses the copy constructor with two iterator arguments. Or we'd use: destination.insert(position, source.begin(), source.edu()); which, like your Copy, is not strongly safe. > > in the abstract class template class BC_TQueue. > > (2) I'm not quite sure what should occur if an exception happened in > the middle of copying a queue; it would be reasonable to expect the > data structure to be uncorrupted, but you couldn't expect any > particular subset of the elements in the queue to have been copied. > > Nevertheless, I need to look at this one .. > > (3) The deep copy you expect on normal assignment of one Queue to > another (Second := First;) is managed by having them be Controlled: > > type Container is abstract new Ada.Finalization.Controlled with private; > type Queue is abstract new Container with private; > type Bounded_Queue is new Queue with private; > > and (ALRM 7.6(17)): > > For an assignment_statement, after the name and expression have been > evaluated, and any conversion (including constraint checking) has > been done, an anonymous object is created, and the value is assigned > into it; that is, the assignment operation is applied. (Assignment > includes value adjustment.) The target of the assignment_statement > is then finalized. The value of the anonymous object is then > assigned into the target of the assignment_statement. Finally, the > anonymous object is finalized. As explained below, the > implementation may eliminate the intermediate anonymous object, so > this description subsumes the one given in 5.2, ``Assignment > Statements''. Thanks. I'll nose around into this. It looks like the Ada language hides a lot of the detail that a C++ 99 student has to learn to be anal about. > > GNAT 3.11p not only eliminates the intermediate anonymous object, it > special-cases the "A := A;" case; well, in the quick check I've just > run: > > ... > Queue_B_P1, Queue_B_P2 : Queue_Finalization_Test.Queue; > > begin > > Append (Queue_B_P2, '1'); > Append (Queue_B_P2, '2'); > Append (Queue_B_P2, '3'); > Append (Queue_B_P2, '4'); > > Put_Line ("Queue_B_P2:"); > Print (Queue_B_P2); > > Queue_B_P1 := Queue_B_P2; > Put_Line ("Queue_B_P1:"); > Print (Queue_B_P1); > > Queue_B_P1 := Queue_B_P1; > Put_Line ("Queue_B_P1:"); > Print (Queue_B_P1); > ... > > outputs > > initializing a Queue > initializing a Queue > Queue_B_P2: > Item: 1 > Item: 2 > Item: 3 > Item: 4 > finalizing a Queue > adjusting a Queue > Queue_B_P1: > Item: 1 > Item: 2 > Item: 3 > Item: 4 > Queue_B_P1: > Item: 1 > Item: 2 > Item: 3 > Item: 4 > finalizing a Queue > finalizing a Queue Good, so self-assignment works. -- Harry Erwin, PhD,