Re: Safety of the Booch Ada 95 Components

["Matthew Heaney" <matthew_heaney@acm.org>]

In article <1e2lds4.7trgj21rgj9i0N%herwin@gmu.edu> , herwin@gmu.edu 
(Harry Erwin) wrote:

> Now I've been looking at the Booch components for Ada 95, and have
> noticed that the Copy function typically starts by clearing the To
> container.

I haven't studied the Booch components specifically, but here's how Copy
operations should be implemented in general.

Assuming the data structure is implemented as a by-reference type (the
type is tagged and/or limited), you can invoke RM95 13.3 (16) to legally
compare the addresses of the subprogram parameters:

  procedure Copy
    (From : in     Source_Type;
     To   : in out Target_Type) is
  begin
    if From'Address = To'Address then
      return;  -- do nothing, because From is same object as To
    end if;

    Clear (To);  -- safe, because we now know To isn't From

    <do rest of copy>
  end Copy;

If the Booch Components don't first check whether aliasing has occurred,
prior to clearing the target object, then perhaps something is wrong.


> That immediately implies that they are not exception-safe,
> but I'm concerned that they may not be safe under self-assignment as
> well.

I don't understand your comment about not being "exception-safe."
Perhaps you could elaborate on that point.


>  Is there something about the Ada 95 standard that guarantees that
> there will be no aliasing of container args?

No, it's up to you the programmer to determine whether aliasing has
occurred.

The idiom for determining whether aliasing has occurred is to compare
object addresses, per RM95 13.3 (16).


--
Help keep evolution in the science classroom and religion out: become a
member of the National Center for Science Education.

<http://www.natcenscied.org/>