From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,4e5770c49b971630 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!b19g2000yqg.googlegroups.com!not-for-mail From: Cyrille Newsgroups: comp.lang.ada Subject: Re: High-Integrity OO and controlled types Date: Mon, 2 May 2011 02:50:14 -0700 (PDT) Organization: http://groups.google.com Message-ID: <679e3217-98dd-43c1-86f6-2038a029c3ea@b19g2000yqg.googlegroups.com> References: NNTP-Posting-Host: 194.98.77.125 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1304329817 18705 127.0.0.1 (2 May 2011 09:50:17 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Mon, 2 May 2011 09:50:17 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: b19g2000yqg.googlegroups.com; posting-host=194.98.77.125; posting-account=bNhsVwoAAAB6XmNPWgYcbUm6npIwL2C4 User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 ( .NET CLR 3.5.30729),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:20093 Date: 2011-05-02T02:50:14-07:00 List-Id: On May 1, 10:38=A0pm, Maciej Sobczak wrote: > There is an interesting white paper describing the high-integrity > point of view on object-oriented programming: > > http://www.open-do.org/high-integrity-oo-programming-in-ada/ > > One of the parts that has caught my attention is the description of > GNAT high-integrity profiles, where it is written that controlled > types are not supported (page 43): > > "Controlled types are not supported since they require extensive run- > time support." > > This is surprising to me. I don't see anything in controlled types > that would require "extensive run-time support". Admittedly, we could provide more info here. "Extensive runtime support" is, in fact, only one aspect of it. Let me first say why "runtime support" is an issue: that's because in a HI context, the Ada runtime needs to be certified along with the application and thus certification material (for various standards) needs to be developed and maintained. This is one of the reasons why we minimize our HI runtime footprint. There are other reasons: source to object tracea > Obviously, there is > some implicit additional code required for controlled types to work, > but as far as I understand this additional code can be entirely > generated by the compiler (in many cases even the dynamic dispatch can > be omitted) and no run-time library is necessary for it at all. > > Am I missing something? What "extensive run-time support" is needed > for controlled types that excludes them from high-integrity GNAT > profiles? > > There is another angle to this question: the Ravenscar profile does > not exclude controlled types. If GNAT's so-called Ravenscar profile > does exclude them, then it looks that it does not support some > formally valid Ravenscar programs, even some very trivial ones. Am I > missing something? > > -- > Maciej Sobczak *http://www.msobczak.com*http://www.inspirel.com