From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,5bc4be576204aa20 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!news2.volia.net!newsfeed01.sul.t-online.de!t-online.de!newsfeed.arcor.de!news.arcor.de!not-for-mail From: "Dmitry A. Kazakov" Subject: Re: Buffer overflow Article - CACM Newsgroups: comp.lang.ada User-Agent: 40tude_Dialog/2.0.14.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Reply-To: mailbox@dmitry-kazakov.de Organization: cbb software GmbH References: <43783810.6080808@obry.net> <2jzfmy3kqhw9$.10by8ooz0jy1b.dlg@40tude.net> <4379ea6d$0$21945$9b4e6d93@newsread2.arcor-online.net> <15gzlx0mv4n2t$.1ono4o1ozibur.dlg@40tude.net> <437a61d0$0$7421$9b4e6d93@newsread4.arcor-online.net> Date: Wed, 16 Nov 2005 10:26:05 +0100 Message-ID: <1wclw5pmb787b$.1srcn4xk9xxr5.dlg@40tude.net> NNTP-Posting-Date: 16 Nov 2005 10:25:35 MET NNTP-Posting-Host: 2221925c.newsread4.arcor-online.net X-Trace: DXC=9l\P^a^X`6bA>\Y32QN0_h:ejgIfPPlddjW\KbG]kaMh1BZS;MmC65fD?T9Vagl]CgWRXZ37ga[7jn919Q4_`VjiB8=X\UUgbkd X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:6422 Date: 2005-11-16T10:25:35+01:00 List-Id: On Tue, 15 Nov 2005 23:32:37 +0100, Georg Bauhaus wrote: > Dmitry A. Kazakov wrote: >> On Tue, 15 Nov 2005 15:03:11 +0100, Georg Bauhaus wrote: >> >>>Dmitry A. Kazakov wrote: >>> >>>>Ada.Container. >>>>They don't support safe iteration constructs "for I in X'Range loop". >>> >>>Ada.Container does provide safe iteration construct, be >>>suitably defining and/or suggesting what is meant by "safe". >>> >>>OTOH, for I in X'Range loop alone doesn't imply that >>>iteration will be safe. >> >> As you said, it depends on the definition. Clearly it isn't safe against >> shelling the computer. > > For sure you can get Constrain_Error using the library, > and this isn't alwas pleasant. Yet, in which ways is any of the > following more safe than the other? > > for I in X'Range loop > Modify_Element(X(I)); > end loop; > > Iterate(X, Modify_Element'Access); You are comparing apples and oranges. The first is a language construct, the second is a call to procedure. They could be made comparable if Ada had subroutines as first class objects: Iterate (X, procedure (E : in out Element_Type) is begin ... end); Or at least: Iterate (X, Modify_Element); But that is aside. What would you say about the same written in Assembly: MOV $Modify_Element, R1 MOV $X, R2 JMP $Iterate ; Isn't this safe? The question is not how iteration and element processing are composed: using procedural decomposition or language constructs. The question is how iteration is expressed. These are not directly related issues and there is not much choice here: loop vs. recursion. Note also that your example is based on a trick. You bring a black horse Modify_Element into consideration. Nothing is known about it. So whatever the enclosing construct does and how it does this, safety is 0. As for Robert's note about explicit indices, it would be nice to have for E in X loop ... for array types as well. I think it would be quite easy to implement in an Ada compiler. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de