Re: Dynamic allocation in the predefined language environment

[Bob Duff <bobduff@theworld.com>]

Matthias-Christian Ott <ott@mirix.org> writes:

> It could be implemented in C or assembly language and than it could
> definitely crash.

Yes, it could be implemented in any language.  But it still has to be
implemented correctly.  If it crashes, then it's not a conforming
implementation of Ada.  (And of course, "conforming implementation of
Ada" is synonymous with "implementation of Ada"!)

If you think the RM says otherwise, then either you are misunderstanding
the RM, or else the RM has an error.  The latter is possible, but for
sure the INTENT of the RM is that running out of memory raises
Storage_Error, and does not "simply crash".

I mean, consider a simple addition:

    X + Y

The RM requires this to compute the sum of X and Y, or raise
Constraint_Error on overflow (or (unlikely) raise Storage_Error --
anything can raise Storage_Error).  The implementer doesn't get to say,
"Well the RM doesn't specify HOW '+' is implemented, and I'm choosing to
implement it wrong."

>...The point is: If the standard specifies how to
> implement a package, you have to assume anything when reasoning about
> the correctness of code.

I don't understand that sentence.  Are you missing a "not" or something?

Anyway, your original complaint (that the language doesn't let you
choose the storage pool used for containers) is quite correct.
I think it was considered, but I don't remember the details.

- Bob