From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,2308afbbe4ecec0b X-Google-Attributes: gid103376,public From: adam@irvine.com Subject: Re: Subverting 'Access for Sub-programs Date: 1999/08/06 Message-ID: <7of1ju$d0m$1@nnrp1.deja.com>#1/1 X-Deja-AN: 509616406 References: <37A71EF1.2201@dera.gov.uk> <37A7FDE8.4F5@dera.gov.uk> <7o9vrv$qgt$1@wanadoo.fr> <7oc5ih$6mb$1@wanadoo.fr> <7occq3$g9v$1@nnrp1.deja.com> <7ocrji$scl$1@nnrp1.deja.com> X-Http-Proxy: 1.0 x41.deja.com:80 (Squid/1.1.22) for client 204.17.204.34 Organization: Deja.com - Share what you know. Learn what you don't. X-Article-Creation-Date: Fri Aug 06 16:14:01 1999 GMT X-MyDeja-Info: XMYDJUIDabeneschan Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.6 [en] (X11; I; Linux 2.2.5-22 i686) Date: 1999-08-06T00:00:00+00:00 List-Id: In article , Robert A Duff wrote: > There was one proposal that involved run-time checks (see my other > posting), Note: I haven't looked at this yet. > but I'm not sure it matches the kinds of run-time checks > you're thinking of. I don't think anybody ever proposed a feature > where > you could form a pointer to a (possibly-nested) subprogram, and then > check the validity of this pointer at the call site. Such a feature > would be difficult to implement efficiently. After I wrote the above post, I actually did think of a simple way that this type of runtime check could be implemented efficiently. Suppose you have a subprogram P that contains nested subprograms Q1, Q2, etc. If Q1'ACCESS is used, the compiler allocates a global counter for P (Q1's parent); the access value for Q1'ACCESS would contain the address of P's global counter, and the current value of the counter. When P exits, it increments the global counter just before returning. Now, any access-subprogram type that has this property will have a counter address (possibly null) and a current counter value; so when dereferencing, the program would look up the pointed-to counter and see if its value matches the value stored in the access-subprogram type. If not, the dereference is illegal. (A null counter address would indicate a global subprogram, or perhaps any subprogram that is statically not deeper than the type, so that the check would be unnecessary.) P's counter would also have to be incremented when its execution is abandoned due to an exception; this may add a little complication in some implementations, but not too much. Tasking probably complicates things. -- Adam Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't.