From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: **
X-Spam-Status: No, score=2.1 required=5.0 tests=BAYES_05,INVALID_DATE,
	MSGID_SHORT,REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no
	version=3.4.4
Path: utzoo!attcan!uunet!lll-winken!ames!hc!pprg.unm.edu!unmvax!ncar!gatech!hubcap!billwolf
From: billwolf@hubcap.clemson.edu (William Thomas Wolfe,2847,)
Newsgroups: comp.lang.ada
Subject: Re: procedure types
Message-ID: <4140@hubcap.UUCP>
Date: 19 Jan 89 18:07:07 GMT
References: <890119102705.20e0039e@elcc.epfl.ch>
Sender: news@hubcap.UUCP
Reply-To: billwolf@hubcap.clemson.edu
List-Id: <comp.lang.ada>

>From article <890119102705.20e0039e@elcc.epfl.ch>, by madmats@elma.epfl.ch (Mats Weber):
> Bill Wolfe writes :
> 
>>  Quick question: assuming the idea of a specification is expanded to
>>  include all externally accessible objects, what is the source of
>>  the insecurity?
> 
> Could you please clarify your question (may be with an example). Thanks

    Well, various references were made to some sort of insecurity arising
    from taking a inner-nested procedure and assigning it to a procedural
    variable, and then using it somewhere outside of its textual context.

    My idea was that if for example a procedure referenced an externally
    defined variable X, then that and all other externally referenced
    objects should form part of the procedure's specification.  Then if
    the procedure was called in a context which did not include X, of
    the type that X was expected to be, then an error similar to a 
    "missing parameter" error would occur.  Since a specification now
    includes all possible interactions between a procedure and its context, 
    we should then be free to pass procedures around without restriction.

    Other advantages would accrue in that during debugging and maintenance,
    it is frequently difficult to determine which global variables a 
    procedure is referencing.  By requiring that a shield exist by default,
    and providing a facility for poking holes in that shield, the compiler
    can provide a guarantee that the list of externally referenced objects
    is valid, eliminating the fact that one can never really be certain
    that the documentation regarding what this procedure allegedly accesses
    bears any relationship to the procedure's actual behavior.



                                          Bill Wolfe

                                   wtwolfe@hubcap.clemson.edu