Re: Controlled types and exception safety

comp.lang.ada
 help / color / mirror / Atom feed

From: "Jeffrey R. Carter" <spam@spam.com>
Subject: Re: Controlled types and exception safety
Date: Tue, 06 Dec 2005 18:34:38 GMT
Date: 2005-12-06T18:34:38+00:00	[thread overview]
Message-ID: <2Rklf.171$n1.114@newsread2.news.pas.earthlink.net> (raw)
In-Reply-To: <3trncoj4t0va.19bs46zhm4xbe.dlg@40tude.net>

Dmitry A. Kazakov wrote:

> generic
>    type Object is limited private;
>    with procedure Deep_Copy (Left : in out Object; Right : Object) is <>;
> package Container is
>    ...
> end Container;
> -------------------------------
> with Container;
> generic
>    type Object is private;
> package Specialized_Container is
>    procedure Deep_Copy (Left : in out Object; Right : Object);
>    pragma Inline (Deep_Copy);
>    package Copying_By_Assignment is new Container (Object);   
> end Specialized_Container;
> -------------------------------
> package body Specialized_Container is
>    procedure Deep_Copy (Left : in out Object; Right Object) is
>    begin
>       Left := Right;
>    end Deep_Copy;
> end Specialized_Container;

There's a gotcha in here. Suppose we have

subtype S is Integer range 3 .. 4;

and we instantiate

package S_Container is new Specialized_Container (Object => S);

Now suppose that Container has something like

procedure Op (Item : in Object) is
    X : Object;
begin -- Op
    Deep_Copy (Left => X, Right => Item);
    ...
end Op;

This is actually quite likely for a container, except X will be a component of 
the structure.

For scalars, there is a check on "in" and "in out" parameters that the actual 
value is of the subtype; Constraint_Error is raised if it is not. The check is 
likely to fail in this case; X probably is not in 3 .. 4.

So, for Container to work correctly for all possible actual types, the 
assignment procedure must have Left be mode "out". Now the uninitialized actual 
for Left is not checked on entry to the procedure, and it works correctly for 
scalars. For composite types, there is a whole collection of situations in which 
"out" really means "in out", so the user can still write a meaningful procedure 
that can inspect the contents of Left.

Personally, I would have preferred

procedure R'Assign (To : in out R; From : in R);

for any record type R. This can be redefined by the user:

for R'Assign use My_Assignment_Procedure;

I have seen objections to this approach, but none that aren't handled by one of 
the following rules:

* Within the body of a procedure used to implement 'Assign, ":=" refers to the 
predefined, bitwise copy assignment.

or

* There exists a procedure

R'Bitwise_Copy (To : in out R; From : in R);

that cannot be redefined by the user and is the default procedure for R'Assign. 
'Bitwise_Copy can be called explicitly inside a procedure used to implement 
'Assign to invoke default assignment.

Perhaps I'm missing something, but in any case, it's an elephant.

-- 
Jeff Carter
"English bed-wetting types."
Monty Python & the Holy Grail
15

next prev parent reply	other threads:[~2005-12-06 18:34 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-30 13:57 Controlled types and exception safety Maciej Sobczak
2005-11-30 15:06 ` Dmitry A. Kazakov
2005-11-30 16:19   ` Maciej Sobczak
2005-12-01  0:05     ` Stephen Leake
2005-12-01  9:21     ` Dmitry A. Kazakov
2005-12-01 10:46       ` Maciej Sobczak
2005-12-01 15:08         ` Dmitry A. Kazakov
2005-12-02  4:17           ` Randy Brukardt
2005-12-02  9:29             ` Maciej Sobczak
2005-12-02 18:12               ` tmoran
2005-12-02 19:15                 ` Robert A Duff
2005-12-02 21:42                   ` tmoran
2005-12-06  9:00                     ` Maciej Sobczak
2005-12-06  9:50                       ` Dmitry A. Kazakov
2005-12-06 18:34                         ` Jeffrey R. Carter [this message]
2005-12-06 19:34                           ` Randy Brukardt
2005-12-06 21:20                             ` Dmitry A. Kazakov
2005-12-07  1:57                             ` Jeffrey R. Carter
2005-12-08  0:50                               ` Randy Brukardt
2005-12-08 19:37                                 ` Jeffrey R. Carter
2005-12-09  2:36                                   ` Randy Brukardt
2005-12-09  6:33                                     ` Jeffrey R. Carter
2005-12-09 20:35                                       ` Randy Brukardt
2005-12-10  7:53                                         ` Jeffrey R. Carter
2005-12-06 20:43                           ` Dmitry A. Kazakov
2005-12-07  2:00                             ` Jeffrey R. Carter
2005-12-07 10:01                               ` Dmitry A. Kazakov
2005-12-02 23:21             ` Robert A Duff
2005-11-30 17:46 ` Jean-Pierre Rosen
2005-11-30 21:02 ` Jeffrey R. Carter
2005-11-30 22:06   ` Björn Persson
2005-11-30 23:52     ` Randy Brukardt
2005-12-01  5:26     ` Jeffrey R. Carter
2005-12-02 23:51       ` Robert A Duff
2005-12-06 11:41   ` Peter C. Chapin
2005-12-06 12:50     ` Jean-Pierre Rosen
2005-12-06 13:06     ` Dmitry A. Kazakov

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox