From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID,
	MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,2308afbbe4ecec0b
X-Google-Attributes: gid103376,public
From: Robert Dewar <robert_dewar@my-deja.com>
Subject: Re: Subverting 'Access for Sub-programs
Date: 1999/08/06
Message-ID: <7oeini$1pb$1@nnrp1.deja.com>#1/1
X-Deja-AN: 509545482
References: <Pine.BSF.4.10.9908042121260.29130-100000@shell5.ba.best.com>
 <Yq9q3.349$cb1.79221@typhoon-sf.snfc21.pbi.net> <7ocqru$rrm$1@nnrp1.deja.com>
 <m3iu6tjw2d.fsf@vault83.infomatch.bc.ca>
X-Http-Proxy: 1.0 x24.deja.com:80 (Squid/1.1.22) for client 205.232.38.14
Organization: Deja.com - Share what you know. Learn what you don't.
X-Article-Creation-Date: Fri Aug 06 11:59:50 1999 GMT
X-MyDeja-Info: XMYDJUIDrobert_dewar
Newsgroups: comp.lang.ada
X-Http-User-Agent: Mozilla/4.04 [en] (OS/2; I)
Date: 1999-08-06T00:00:00+00:00
List-Id: <comp.lang.ada>

In article <m3iu6tjw2d.fsf@vault83.infomatch.bc.ca>,
  Ray Blaak <blaak@infomatch.com> wrote:
> It is not fundamental and obvious to me. Perhaps you could
> explain.

Well this has been dealt with in length in previous threads,
so it is not appropriate to repeat it, but briefly, an extension
of a tagged type with new overriding primitives clearly
generates the possibility of dispatching to these new
primitives. If you allow extension in a smaller scope, you
can obviously generate dangling pointers for these methods,
using class variables whose value is the inner derived type.
It would thus be unsafe to allow this extension.
>
> I am aware of implementation concerns with allowing such a
> thing, but the restriction seems is an exception to the
> generality of declaring Ada constructs that is usually
> allowed.

It is not an implementation concern, it is trivial to allow
this in an implementation, it is a concern with safety of the
code and avoiding dangling pointers.

Pointers are in general a menace, they are the "gotos" of
data structures. Ada admits them into the language, but only
under the strict rule that if you do not use unchecked features,
then you can never generate a dangling pointer. Dangling
pointers are very dangerous when dealing with nested procedures
because they can lead to undetected and subtle data corruption.

> The current practice of knowing that some things have to be
> defined at the library level is not something that is obvious
> when reading sources, and is something that just seems to be
> part of the Ada lore.

I see no reason to expect that you could learn the rules of
a language simply by reading code. This rule is in fact very
clearly stated in the RM 3.9.1:

3   The parent type of a record extension shall not be a
    class-wide type.  If the parent type is nonlimited, then
    each of the components of the record_extension_part shall
    be nonlimited. The accessibility level (see 3.10.2) of a
    record extension shall not be statically deeper than that
    of its parent type.  In addition to the places where
    Legality Rules normally apply (see 12.3), these rules apply
    also in the private part of an instance of a generic unit.

Seems clear enough, hardly part of the "lore" of Ada unless you
include the rules of the language in the standard. And if you
do, all I can say is where else do you expect to find the rules
of writing Ada except in the book of rules :-)


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.