From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 2002:a6b:a94b:: with SMTP id s72-v6mr17247399ioe.87.1525555382758; Sat, 05 May 2018 14:23:02 -0700 (PDT) X-Received: by 2002:a9d:24a1:: with SMTP id z30-v6mr311179ota.4.1525555382642; Sat, 05 May 2018 14:23:02 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!news.uzoreto.com!weretis.net!feeder6.news.weretis.net!feeder.usenetexpress.com!feeder-in1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!v8-v6no2537824itc.0!news-out.google.com!b185-v6ni3395itb.0!nntp.google.com!u74-v6no1420972itb.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Sat, 5 May 2018 14:23:02 -0700 (PDT) Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=2a04:ae04:9408:b600:c58c:2066:a4e5:ed3b; posting-account=HFCrOQoAAABZD_f-UUbYHm3lJDIrh-UX NNTP-Posting-Host: 2a04:ae04:9408:b600:c58c:2066:a4e5:ed3b User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <9839db28-b6c6-44c9-9d36-336a39c12f25@googlegroups.com> Subject: Recommendation of safe subset of Ada to use? From: joakimds@kth.se Injection-Date: Sat, 05 May 2018 21:23:02 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader02.eternal-september.org comp.lang.ada:52017 Date: 2018-05-05T14:23:02-07:00 List-Id: Jere gave the following example in the other thread about how to get Ada ac= ross the chasm: 1. Dangling references: Keeping a reference to an object past its lifetim= e=20 Ada:=20 ***********************************************=20 with Ada.Text_IO; use Ada.Text_IO;=20 procedure jdoodle is=20 type Integer_Access is access all Integer;=20 =20 function Inner(Value : aliased in out Integer) return Integer_Access is= =20 begin=20 return Value'Access;=20 end Inner;=20 =20 function Outer return Integer_Access is=20 Value : aliased Integer :=3D 0;=20 begin=20 return Inner(Value);=20 end Outer;=20 =20 Ptr : Integer_Access :=3D Outer; -- !!! Dangling reference=20 begin=20 Put_Line("Hello World");=20 end jdoodle;=20 ***********************************************=20 Hello World=20 gcc -c jdoodle.adb=20 gnatbind -x jdoodle.ali=20 gnatlink jdoodle.ali -o jdoodle=20 It's a 20 line application that demonstrates a dangling pointer in Ada. Tha= t's not supposed to be able to happen unless one goes outside of Ada's type= system by using Unchecked_Deallocation, Unchecked_Conversion or System.Add= ress_To_Access_Conversion. I've tried the example with the GNAT compiler an= d it does not detect the issue. I do not believe this is a GNAT bug. Aliase= d parameters were part of the solution to be able to safely reference eleme= nts in containers and thereby avoid unnecessary copying. By making this pos= sible was a hole in Adas type system introduced? It means that one cannot s= afely use all the features of Ada and be sure of memory safety instead one = should stick to a subset of Ada. One subset that comes to mind is SPARK. An= other is for example sticking to Ada95 or Ada 2005. Or maybe one should jus= t ban usage of aliased parameters but then what should one do with the stan= dard containers that one probably uses throughout one's application. I am c= onfused. Anybody that can shed light? /Joakim