From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,25aa3c7e1b59f7b5
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-01-11 01:14:07 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed00.sul.t-online.de!newsfeed01.sul.t-online.de!t-online.de!fu-berlin.de!uni-berlin.de!tar-alcarin.cbb-automation.DE!not-for-mail
From: dmitry@elros.cbb-automation.de (Dmitry A. Kazakov)
Newsgroups: comp.lang.ada
Subject: Re: A case where Ada defaults to unsafe?
Date: Fri, 11 Jan 2002 09:14:03 GMT
Message-ID: <3c3ea66f.88422109@News.CIS.DFN.DE>
References: <3C34BF2C.6030500@mail.com> <a12il6$gcs$1@bob.news.rcn.net>
 <3C34D252.4070307@mail.com> <wccwuyycht9.fsf@shell01.TheWorld.com>
 <0pkZ7.3899$cD4.6730@www.newsranger.com>
 <wcc7kqp52bm.fsf@shell01.TheWorld.com>
NNTP-Posting-Host: tar-alcarin.cbb-automation.de (212.79.194.111)
X-Trace: fu-berlin.de 1010740444 28745424 212.79.194.111 (16 [77047])
X-Newsreader: Forte Free Agent 1.21/32.243
Xref: archiver1.google.com comp.lang.ada:18761
Date: 2002-01-11T09:14:03+00:00
List-Id: <comp.lang.ada>

On Thu, 10 Jan 2002 21:22:05 GMT, Robert A Duff
<bobduff@shell01.TheWorld.com> wrote:

>Ted Dennison<dennison@telepath.com> writes:
>
>> In article <wccwuyycht9.fsf@shell01.TheWorld.com>, Robert A Duff says...
>> >If you're looking for cases where Ada makes the default less safe, I can
>> >think of a few.  Here's one: "X: T := ...;" is a variable, whereas
>> >"X: constant T := ...;" is a constant.  IMHO, it should be the other way
>> >around ("X: var T := ...;" for a variable), since constants are safer
>> >than variables.

Why not "X : in out T := ...;" for variables, and "X : [in] T := ...;"
for constants?

[too many keywords already]

>> I think this is another example of the *real* design principle here,
>> which is to make the more common and more general form take the least
>> syntax, and use added syntax to specify a more constrained and/or less
>> common form.
>
>I do not agree with that design principle.  The default should be the
>thing that is safer/less-powerful.  To use the
>more-powerful/more-dangerous option should require extra syntax.
>What's more common is irrelevant.

Argee

If we continue the logic of providing extra syntax for dangerous
things, then IMO, it would be safer to require an initial value to be
given if there is no default. I.e. to have an uninitialized variable
one should write something like:

X : out T; -- No initial value

or even:

X : [in] out T := abstract; -- No initial value

X : [in out] T; -- Error, if T provides no initialization of its
instances

Regards,
Dmitry Kazakov