From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.7 required=5.0 tests=BAYES_00,INVALID_DATE, MSGID_SHORT,REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 Path: utzoo!mnetor!uunet!husc6!mit-eddie!uw-beaver!cornell!rochester!PT.CS.CMU.EDU!sei!sei.cmu.edu!firth From: firth@sei.cmu.edu (Robert Firth) Newsgroups: comp.lang.ada Subject: Re: A Bug in VAX Ada (ACCVIO) Message-ID: <3818@aw.sei.cmu.edu> Date: 18 Jan 88 13:34:49 GMT References: <1@<1988> <124000008@inmet> Sender: netnews@sei.cmu.edu Reply-To: firth@bd.sei.cmu.edu.UUCP (Robert Firth) Organization: Carnegie-Mellon University, SEI, Pgh, Pa List-Id: In article <124000008@inmet> ron@inmet.UUCP writes: >Over the last few years, I've encountered various bugs with the VAX Ada >compiler's handling of access types. The simplest (and my personal >favorite) example is that Unchecked_Deallocation(null) raises >Program_Error. This is my favorite because the only concrete thing >that the LRM has to say about Unchecked_Deallocation is that after any >call to Unchecked_Deallocation(x), x is null. Sorry, not so. RM 13.10.1 (b) says explicitly " FREE(X), when X is already equal to null, has no effect" (where FREE is an instantiation of UNCHECKED_DEALLOCATION) We discussed this point, and decided that it was appropriate for FREE to take very weak preconditions. Note also that Ada doesn't require X to be the only variable whose value designates the deallocated object, merely that you don't subsequently use such a value to access the object. We also decided to say most of this explicitly, to avoid the kind of oversight that the above compiler seems to have made. This might seem needlessly pedantic (after all, who would do it any other way?), but I'm glad we were mistrustful. I can recall another important issue where we DID trust the implementors. The question was raised at one DR meeting: should we say explicitly that one task doing input from a slow device does not cause the whole program to block? The response was almost universal stupified disbelief that any implementor would ever be so incompetent as to do it that way. Sigh!