Re: Dynamic allocation in the predefined language environment

[Matthias-Christian Ott <ott@mirix.org>]

On 06/07/15 14:45, Bob Duff wrote:
> Matthias-Christian Ott <ott@mirix.org> writes:
> 
>> It could be implemented in C or assembly language and than it could
>> definitely crash.
> 
> Yes, it could be implemented in any language.  But it still has to be
> implemented correctly.  If it crashes, then it's not a conforming
> implementation of Ada.  (And of course, "conforming implementation of
> Ada" is synonymous with "implementation of Ada"!)
> 
> If you think the RM says otherwise, then either you are misunderstanding
> the RM, or else the RM has an error.  The latter is possible, but for
> sure the INTENT of the RM is that running out of memory raises
> Storage_Error, and does not "simply crash".
> 
> I mean, consider a simple addition:
> 
>     X + Y
> 
> The RM requires this to compute the sum of X and Y, or raise
> Constraint_Error on overflow (or (unlikely) raise Storage_Error --
> anything can raise Storage_Error).  The implementer doesn't get to say,
> "Well the RM doesn't specify HOW '+' is implemented, and I'm choosing to
> implement it wrong."

You have fully convinced me.

>> ...The point is: If the standard specifies how to
>> implement a package, you have to assume anything when reasoning about
>> the correctness of code.
> 
> I don't understand that sentence.  Are you missing a "not" or something?

Yes.

- Matthias-Christian