Re: A hole in Ada type safety

comp.lang.ada
 help / color / mirror / Atom feed

From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: A hole in Ada type safety
Date: Sat, 30 Apr 2011 18:16:40 +0200
Date: 2011-04-30T18:16:40+02:00	[thread overview]
Message-ID: <87tydfbtp3.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: wccoc3oq7ev.fsf@shell01.TheWorld.com

* Robert A. Duff:

> Florian Weimer <fw@deneb.enyo.de> writes:
>
>> I don't know if this is a new observation---I couldn't find
>> documentation for it.
>
> It's not new.  It is documented in AARM-3.7.2(4,4.a),
> which dates back to Ada 83 days.

Ah.  I didn't realize that call to Convert was already erroneous.

It does not seem possible to extend the restrictions on 'Access
prefixes to to subprogram parameters (due to the way controlled types
are implemented, for example).

>> Our implementation lacks the full power of Ada.Unchecked_Conversion
>> because it does not supported limited or unconstrained types. However,
>> it is sufficient to break type safety.
>
> Yes.  Anything that is erroneous necessarily breaks type safety.
> If you look up "erroneous execution" in the index, you'll find
> them all.

My concern was that this was not explicitly labeled as erroneous. 8-)

> Your comment, "This note shows that a combination of safe-looking
> language features can be used to undermine type safety, too."
> is the key point.  It is indeed unfortunate when "safe-looking"
> features can be erroneous.

And once there is something like this in the language, it is difficult
to decide if a new addition (such as aliased parameters) make things
worse or not.

next prev parent reply	other threads:[~2011-04-30 16:16 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-30  8:41 A hole in Ada type safety Florian Weimer
2011-04-30 11:56 ` Robert A Duff
2011-04-30 15:27   ` Gavino
2011-04-30 16:16   ` Florian Weimer [this message]
2011-04-30 23:39     ` Randy Brukardt
2011-05-01 10:26       ` Florian Weimer
2011-05-03  1:40         ` Randy Brukardt
2011-05-03 16:57           ` Robert A Duff
2011-05-07  9:09           ` Florian Weimer
2011-05-07  9:28             ` Dmitry A. Kazakov
2011-05-07  9:57               ` Florian Weimer
2011-05-08  8:08                 ` Dmitry A. Kazakov
2011-05-08  8:46                   ` Florian Weimer
2011-05-08  9:32                     ` Dmitry A. Kazakov
2011-05-08 10:30                       ` Florian Weimer
2011-05-08 20:24                         ` anon
2011-05-08 21:11                           ` Simon Wright
2011-05-10  6:27                             ` anon
2011-05-10 14:39                               ` Adam Beneschan
2011-05-11 20:39                                 ` anon
2011-05-12  0:51                                   ` Randy Brukardt
2011-05-13  0:47                                     ` anon
2011-05-13  0:58                                       ` Adam Beneschan
2011-05-13  5:31                                       ` AdaMagica
2011-05-12  5:51                                   ` AdaMagica
2011-05-12 12:09                                     ` Robert A Duff
2011-05-12 14:40                                     ` Adam Beneschan
2011-05-14  0:30                                       ` Randy Brukardt
2011-05-09  7:48                         ` Dmitry A. Kazakov
2011-05-09 20:41             ` Randy Brukardt
2011-05-14 23:47     ` anon

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox