From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: 103376,6a0391eb7e0327d5,start X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-02-08 14:24:05 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!uio.no!newsfeed.song.fi!nntp.inet.fi!central.inet.fi!inet.fi!read3.inet.fi.POSTED!53ab2750!not-for-mail Newsgroups: comp.lang.ada Subject: Ada style of passing 'in' parameters considered dangerous? From: Antti Sykari Message-ID: <86isvuzabx.fsf@hoastest1-8c.hoasnet.inet.fi> User-Agent: Gnus/5.09001 (Oort Gnus v0.10) XEmacs/21.4 (Military Intelligence, i686-pc-linux) Cancel-Lock: sha1:fiduxclD1/zBsYF/YE9DrIx90yk= MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Date: Sat, 08 Feb 2003 22:24:03 GMT NNTP-Posting-Host: 80.221.226.140 X-Complaints-To: abuse@inet.fi X-Trace: read3.inet.fi 1044743043 80.221.226.140 (Sun, 09 Feb 2003 00:24:03 EET) NNTP-Posting-Date: Sun, 09 Feb 2003 00:24:03 EET Organization: Sonera corp Internet services Xref: archiver1.google.com comp.lang.ada:33919 Date: 2003-02-08T22:24:03+00:00 List-Id: Hello, I recently asked in comp.compilers advice about implementing a parameter passing policy for a rather close-to-machine language. My suggestion for the method of passing 'in' parameters to procedures was: Pass everything as readonly by default, and leave the by-reference/by-copy decision to the compiler. It was pointed out that Ada already has this kind of policy. In one reply (<03-01-169@comp.compilers>), it was mentioned that it is a time-bomb in Ada, since it permits the programmer to write code that is erroneous but the compiler cannot detect this. Indeed, the standard ([1]) says that if an object has been passed via an unspecified parameter passing mechanism, is written via one access path and read via another, "possible consequences are that Program_Error is raised, or the newly assigned value is read, or some old value of the object is read". For example, in the simplest case, a procedure can take a readonly 'in' argument "arg1" of type X, and an "in out" argument of the same type. Then, if it writes in arg2 and after that reads arg1, this might cause a run-time error or other implementation-defined behavior -- but only if the procedure is called with two identical arguments. Of course, the erroneous behavior might occur in a more subtle way, which is not expected to happen. I just can't think of any realistic example where this undefinedness would really hurt. My concerns here are: - Is this generally considered a dangerous thing in Ada (or in general)? - Have you encountered a non-trivial real-life case where the programmer has shot himself in the foot in the form of implementation-defined behavior because of the error mentioned above? I'd be interested to hear of any such cases. - If there are such cases, could it have been prevented by having different policy in the language? Do you think it would've been better to force the programmer to specify the parameter passing mechanism, for example? Thanks in advance, Antti Syk�ri [1] http://www.adaic.org/standards/95aarm/html/AA-6-2.html#I3062