From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00,INVALID_MSGID, PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: 103376,2308afbbe4ecec0b X-Google-Attributes: gid103376,public From: "Jean-Pierre Rosen" Subject: Re: Subverting 'Access for Sub-programs Date: 1999/08/05 Message-ID: <7oc5ih$6mb$1@wanadoo.fr>#1/1 X-Deja-AN: 509183864 References: <37A71EF1.2201@dera.gov.uk> <37A7FDE8.4F5@dera.gov.uk> <7o9vrv$qgt$1@wanadoo.fr> X-Priority: 3 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 X-Complaints-To: abuse@wanadoo.fr X-Trace: wanadoo.fr 933861777 6859 164.138.28.54 (5 Aug 1999 14:02:57 GMT) Organization: Adalog X-MSMail-Priority: Normal NNTP-Posting-Date: 5 Aug 1999 14:02:57 GMT Newsgroups: comp.lang.ada Date: 1999-08-05T14:02:57+00:00 List-Id: Brian Rogoff a �crit dans le message : Pine.BSF.4.10.9908042041540.29130-100000@shell5.ba.best.com... On Wed, 4 Aug 1999, Jean-Pierre Rosen wrote: > [snip] >> I understood from a previous message that you didn't like the solution with >> a generic taking a formal procedure. >> It seems however that it would allow you to do precisely what you want. >> You may not "like" generics, but they are inherently safer than access >> values. Actually, in the discussion about downward closures, it was noted >> that all the cases presented could be equally well be dealt with with >> generics, and therefore that it was not worth introducing a risky feature. >Not true for any reasonable value of "equally well". For instance, in one >of those ancient postings of a few years ago on this very topic Richard >O'Keefe presented the example of making a two dimensional integrator from >a one dimensional one. The Ada version with generics depended on the name >of the one dimensional integratoir, and so it was parameterized by that >particular integrator. The downward closure one was free to range over all >one dimensional integrators. I'll append the code, if you can come up with >a perspicuous generic version that doesn't depend on the one dimensional >code I'll be more convinced. [code snipped for brievity] OK, I understand your problem better (full examples always help :-) Of course, you realize that "Integrator" could store the pointer to function to any global variable, possibly resulting later in random branches. I think the trade-off in language design was that accessing random memory location was bad, but not THAT bad. OTOH, branching to random locations was considered really too dangerous. Even if you promise not to store the pointer to function to anything global, it would be a property of the body, i.e. something that could be changed without anybody noticing, not even requiring recompilation of users. So take it as a trade-off between security and usability. But in the real world (i.e. not academic exercise), is it so important to dynamically choose the 1D integrator ? As you note, if the 1D integrator is fixed, there is an easy solution with generics. >I think its also true that in the typical implementation of generics there >will be a code size problem too. RR software has full generics sharing. -- --------------------------------------------------------- J-P. Rosen (Rosen.Adalog@wanadoo.fr) Visit Adalog's web site at http://perso.wanadoo.fr/adalog