From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7d83a6223f4f2443 X-Google-Attributes: gid103376,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!postnews.google.com!v13g2000yqm.googlegroups.com!not-for-mail From: Ludovic Brenta Newsgroups: comp.lang.ada Subject: Re: Run-time accessibility checks (was: Construction initialization problem) Date: Sat, 6 Dec 2008 09:10:49 -0800 (PST) Organization: http://groups.google.com Message-ID: <68719e0e-af31-488a-b45c-f8db93fb70d2@v13g2000yqm.googlegroups.com> References: NNTP-Posting-Host: 94.108.164.68 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: posting.google.com 1228583450 15265 127.0.0.1 (6 Dec 2008 17:10:50 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Sat, 6 Dec 2008 17:10:50 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: v13g2000yqm.googlegroups.com; posting-host=94.108.164.68; posting-account=pcLQNgkAAAD9TrXkhkIgiY6-MDtJjIlC User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.17) Gecko/20080829 Iceape/1.1.12 (Debian-1.1.12-1),gzip(gfe),gzip(gfe) Xref: g2news1.google.com comp.lang.ada:2904 Date: 2008-12-06T09:10:49-08:00 List-Id: Dmitry A. Kazakov wrote: > It would be interesting to make a poll, how many programmers > > 1. start straight with Unchecked_Access > > 2. write Access first and then switch to Unchecked_Access after the first > compiler message without analyzing the message > > 3. try to understand the message and change the design Put me in category 3. However, changing the design isn't always desirable because alternative designs may have unacceptable drawbacks. > My guess is 65-30-5. Yours? I don't know but I don't remember seeing any Unchecked_Access that wasn't thoroughly explained in the comments near it; this would indicate the person who wrote it was at least in category 2. > > I've been trying to work on this problem, but the obvious solutions would > > require full dynamic accessibility checks, including passing the > > accessibility of all by-reference parameters -- and that is way too > > expensive to consider. Plus dynamic checks provide a new failure mechanism > > for code; it's not clear that is an advantage. > > Ooch, this is the major contributor to the group 1. If I had any danger > that X'Access might fail at run-time, I would immediately switch to > X'Unchecked_Access. Actually, the presence of run-time accessibility checks are the reason that puts me in category 3. If the run-time overhead or, worse, the possibility of failure at run-time are unacceptable, then I prefer not to use access types at all. > It is absolutely unacceptable to me that a correct > program might fail at run-time because of accessibility checks. I differ here; to me, a program that fails an accessibility check at run time is incorrect. > The only > case I could buy it, if exceptions where contracted, so that I would get an > compile-time error at some other place. Like "Constraint_Error may be > propagated, but the contract states otherwise." In my understanding, there is an implicit contract stating that all subprograms may raise at least Program_Error, Storage_Error or Constraint_Error. I accept that as a fact and keep it in mind when designing. -- Ludovic Brenta.