From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,eca91508b02e7e97 X-Google-Attributes: gid103376,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Alex R. Mosteo" Newsgroups: comp.lang.ada Subject: Re: Amount of copying on returned constant objects Date: Tue, 19 Jun 2007 13:24:50 +0300 Message-ID: <5dpp8pF35116bU1@mid.individual.net> References: <5dfsfnF1qav8bU1@mid.individual.net> <46730bf5$0$23134$9b4e6d93@newsspool1.arcor-online.net> <5dntd6F35jc57U1@mid.individual.net> <4676C27D.2050608@obry.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Trace: individual.net JBZHDvEjuz2FEdACEi72cQSsH3FcL/U3lrd44/nGbo8ZSDPo0= User-Agent: KNode/0.10.5 Xref: g2news1.google.com comp.lang.ada:16233 Date: 2007-06-19T13:24:50+03:00 List-Id: Randy Brukardt wrote: > "Pascal Obry" wrote in message > news:4676C27D.2050608@obry.net... >> Or in a more Ada 2005 way: >> >> function Element >> (Key : Key_Type) return access constant Element_Type; > > The problem with this is that this access can be saved, and any operation > on the original container could make it become dangling (and thus any > further use be erroneous). That is *very* unsafe and virtually impossible > to detect. I see. I suspected that would be the reason for its absence. > There were a substantial number of people (a group that includes me) that > want the containers to be safer than using raw access types (because they > can do checks that would be too tedious to do in hand-written code). > That's why the containers access-in-place routines use > access-to-subprograms, because they can have tampering checks that prevent > the dangling access problem (you get Program_Error if you try to do > something that could make the element inaccessible). That makes them much > safer than returning a raw pointer. Actually I have benefitted from these sanity checks in real code. Too bad we can have both things... > We actually spent quite a bit of effort on trying to find a way to secure > access values returned this way. But it isn't quite possible: even if you > make them uncopyable; they still can be held onto long enough to > potentially cause trouble with a renames. > > What really would help would be a way for the container to know when the > access was destroyed, but there isn't any obvious way to do that in Ada. I guess then that some reference counting companion type (or maybe making Cursors tagged and more heavyweight) was discarded because the distributed overhead?