Re: High-Integrity OO and controlled types

[Cyrille <comar@eu.adacore.com>]

On May 1, 10:38 pm, Maciej Sobczak <see.my.homep...@gmail.com> wrote:
> There is an interesting white paper describing the high-integrity
> point of view on object-oriented programming:
>
> http://www.open-do.org/high-integrity-oo-programming-in-ada/
>
> One of the parts that has caught my attention is the description of
> GNAT high-integrity profiles, where it is written that controlled
> types are not supported (page 43):
>
> "Controlled types are not supported since they require extensive run-
> time support."
>
> This is surprising to me. I don't see anything in controlled types
> that would require "extensive run-time support".

Admittedly, we could provide more info here. "Extensive runtime
support" is, in fact, only one aspect of it. Let me first say why
"runtime support" is an issue: that's because in a HI context, the Ada
runtime needs to be certified along with the application and thus
certification material  (for various standards) needs to be developed
and maintained. This is one of the reasons why we minimize  our HI
runtime footprint. There are other reasons: source to object tracea

> Obviously, there is
> some implicit additional code required for controlled types to work,
> but as far as I understand this additional code can be entirely
> generated by the compiler (in many cases even the dynamic dispatch can
> be omitted) and no run-time library is necessary for it at all.
>
> Am I missing something? What "extensive run-time support" is needed
> for controlled types that excludes them from high-integrity GNAT
> profiles?
>
> There is another angle to this question: the Ravenscar profile does
> not exclude controlled types. If GNAT's so-called Ravenscar profile
> does exclude them, then it looks that it does not support some
> formally valid Ravenscar programs, even some very trivial ones. Am I
> missing something?
>
> --
> Maciej Sobczak *http://www.msobczak.com*http://www.inspirel.com