From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 2002:a24:455e:: with SMTP id y91-v6mr758868ita.0.1525708475673; Mon, 07 May 2018 08:54:35 -0700 (PDT) X-Received: by 2002:a9d:5511:: with SMTP id l17-v6mr2622191oth.14.1525708475475; Mon, 07 May 2018 08:54:35 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!paganini.bofh.team!weretis.net!feeder6.news.weretis.net!feeder.usenetexpress.com!feeder-in1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!u74-v6no3377559itb.0!news-out.google.com!b185-v6ni5173itb.0!nntp.google.com!v8-v6no4507849itc.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Mon, 7 May 2018 08:54:35 -0700 (PDT) In-Reply-To: <9839db28-b6c6-44c9-9d36-336a39c12f25@googlegroups.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=80.114.173.191; posting-account=BtkjvAoAAADwEquGb07eykXfyiDMOxfl NNTP-Posting-Host: 80.114.173.191 References: <9839db28-b6c6-44c9-9d36-336a39c12f25@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <3d48e916-7ec1-4e01-9a9d-1d8c3c81061f@googlegroups.com> Subject: Re: Recommendation of safe subset of Ada to use? From: onox Injection-Date: Mon, 07 May 2018 15:54:35 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader02.eternal-september.org comp.lang.ada:52067 Date: 2018-05-07T08:54:35-07:00 List-Id: On Saturday, May 5, 2018 at 11:23:04 PM UTC+2, joak...@kth.se wrote: > Jere gave the following example in the other thread about how to get Ada = across the chasm: >=20 > 1. Dangling references: Keeping a reference to an object past its lifet= ime=20 >=20 > Ada:=20 > ***********************************************=20 > with Ada.Text_IO; use Ada.Text_IO;=20 >=20 > procedure jdoodle is=20 > type Integer_Access is access all Integer;=20 > =20 > function Inner(Value : aliased in out Integer) return Integer_Access = is=20 > begin=20 > return Value'Access;=20 > end Inner;=20 > =20 > function Outer return Integer_Access is=20 > Value : aliased Integer :=3D 0;=20 > begin=20 > return Inner(Value);=20 > end Outer;=20 > =20 > Ptr : Integer_Access :=3D Outer; -- !!! Dangling reference=20 > begin=20 > Put_Line("Hello World");=20 > end jdoodle;=20 > ***********************************************=20 > Hello World=20 >=20 > gcc -c jdoodle.adb=20 > gnatbind -x jdoodle.ali=20 > gnatlink jdoodle.ali -o jdoodle=20 >=20 > It's a 20 line application that demonstrates a dangling pointer in Ada. T= hat's not supposed to be able to happen unless one goes outside of Ada's ty= pe system by using Unchecked_Deallocation, Unchecked_Conversion or System.A= ddress_To_Access_Conversion. I've tried the example with the GNAT compiler = and it does not detect the issue. I do not believe this is a GNAT bug. Alia= sed parameters were part of the solution to be able to safely reference ele= ments in containers and thereby avoid unnecessary copying. By making this p= ossible was a hole in Adas type system introduced? It means that one cannot= safely use all the features of Ada and be sure of memory safety instead on= e should stick to a subset of Ada. One subset that comes to mind is SPARK. = Another is for example sticking to Ada95 or Ada 2005. Or maybe one should j= ust ban usage of aliased parameters but then what should one do with the st= andard containers that one probably uses throughout one's application. I am= confused. Anybody that can shed light? >=20 > /Joakim A similar problem happens with anonymous access procedures (GNAT 7.2): with Ada.Text_IO; procedure A is type Proc_Access is access procedure (P1 : Integer); function Inner (Value : access procedure (P2 : Integer)) return Proc_Acc= ess is begin return Value; end Inner; function Outer (X : Integer) return Proc_Access is use Ada.Text_IO; procedure Value (Y : Integer) is begin Put_Line ("X: " & X'Image); -- random Put_Line ("Y: " & Y'Image); -- 2 end Value; begin return Inner (Value'Access); end Outer; Ptr : Proc_Access :=3D Outer (1); begin Ptr (2); end A;