Re: C's trikery semantic opens up backdoor in new Linux kernel

[Craig Carey <research@ijs.co.nz>]

On Fri, 14 Nov 2003 11:16:22 +0100, Dmitry A. Kazakov wrote:
>On Fri, 14 Nov 2003 10:44:47 +0100, Vinzent 'Gadget' Hoefler wrote:
...
>>>On Fri, 14 Nov 2003 10:04:02 +1300
>>>Craig Carey <research@ijs.co.nz> wrote:
...
>>>> Ada 95 could be enhanced so that specified record fields could be
>>>> read-only.
>>
>>BTW, this is a neat idea. OTOH, for this approach to be practical
>>someone *must* have write access.
>
>1. Not always. We already have constant "record" fields in Ada. They
>are called discriminants.
>2. Constructor
...

1. Perhaps Mr Kazakov would priovide more details about the
 "Not Always" comment.It could be the default assignment of a pointer
  pointing into the interior of the same record.

2. Since Ada 95 lacks read-only fields, so would the "We" of the
  message I reply to.

A solution is to replace field "X : Integer" with

  X  : Integer_Access_Constant_Ptr
  XA : Private_Type_Supposedly_Integer;

Maybe the record has to the tagged to get the pointer initialized.
It is awkward inide of the package and outside too.

All external statements like this

       "if X.Denom /= Y.Denom .."

would be changed to

       "if X.Denom.all /= Y.Denom.all".

A better solution might be to make every field be read-only, and
then remove read-only statuse from fields only by one.

The package is rewritten so that its procedures expect an
"access constant" pointer to the record, instead of record.

   Data_ZZZ : aliased P.D_Priv_Rec;      --  Real record, don't use
   Data     : constant P.D_Type := Data_ZZZX'Access;  --  100% R/O

To write to a single field, dereference a pointer function. E.g.:

   Ptr_Field_Bigness (X).all := (3, 2);

ObjectAda compiler easily finds that discriminants are not the
hoped for read-only feature:

   -------------
   type num is
      record
         Num, Den : Integer;
      end record;

   type Arbitrary (Pool_Const : Num) is      --  <-- Invalid Ada
      record
         Arb   : Num;
      end record;

      --   ObjectAda 7.2.2 says  "Error: LRM:3.7(9), the subtype of a
      --    discriminant must be a discrete or access subtype"
      --  [or defined using "access subtype_mark"].
   -------------

Discrimannts are not actually read-only since they don't need to be
supplied when the variable is declared but can be changed simply
afterwards. It does not sound like something that is read-only.


Craig Carey
Ada mailing lists: http://www.ijs.co.nz/ada_95.htm