* Accessibility checks @ 2013-07-17 20:09 Florian Weimer 2013-07-17 20:20 ` Alan Jump 2013-07-17 21:16 ` Jeffrey Carter 0 siblings, 2 replies; 15+ messages in thread From: Florian Weimer @ 2013-07-17 20:09 UTC (permalink / raw) One thing in Ada I could never quite grasp where the accessiblity checks. I haven't seen much Ada code, and personally, I didn't have much need for nested access types anyway. If I have used them, they were still potentially unsafe due to aliasing or calls to Unchecked_Deallocation in neighboring code. So what's the point for this language feature? It seems to add quite a bit of complexity to the language. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-17 20:09 Accessibility checks Florian Weimer @ 2013-07-17 20:20 ` Alan Jump 2013-07-17 21:16 ` Jeffrey Carter 1 sibling, 0 replies; 15+ messages in thread From: Alan Jump @ 2013-07-17 20:20 UTC (permalink / raw) Not all that complex, from where I sit. Here's a good, concise description: http://www.adacore.com/adaanswers/gems/gem-33/ In short, enforcing accessibility eliminates dangling pointers and their associated...umm...issues. - - 73 de N5ILN Alan On Wednesday, July 17, 2013 1:09:24 PM UTC-7, Florian Weimer wrote: > One thing in Ada I could never quite grasp where the accessiblity > > checks. I haven't seen much Ada code, and personally, I didn't have > > much need for nested access types anyway. If I have used them, they > > were still potentially unsafe due to aliasing or calls to > > Unchecked_Deallocation in neighboring code. > > > > So what's the point for this language feature? It seems to add quite > > a bit of complexity to the language. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-17 20:09 Accessibility checks Florian Weimer 2013-07-17 20:20 ` Alan Jump @ 2013-07-17 21:16 ` Jeffrey Carter 2013-07-17 23:44 ` Randy Brukardt 1 sibling, 1 reply; 15+ messages in thread From: Jeffrey Carter @ 2013-07-17 21:16 UTC (permalink / raw) On 07/17/2013 01:09 PM, Florian Weimer wrote: > One thing in Ada I could never quite grasp where the accessiblity > checks. I haven't seen much Ada code, and personally, I didn't have > much need for nested access types anyway. If I have used them, they > were still potentially unsafe due to aliasing or calls to > Unchecked_Deallocation in neighboring code. > > So what's the point for this language feature? It seems to add quite > a bit of complexity to the language. Ada 83 didn't have these checks, and had only named access types that could only designate objects created by an allocator ("new"). Accessibility rules were introduced in Ada 95, along with general access types (declared with "all") that can access objects allocated on the stack, the 'Access and 'Unchecked_Access attributes, and anonymous access types in the forms of access parameters and access discriminants. Anonymous types are a Bad Idea, and anonymous access types are a Very Bad Idea. The language would be better off without them. Brukardt, ARG member and editor of the ARM, claims that 'Access never works and 'Unchecked_Access is always required, bypassing the accessibility checks. While this is not entirely true, it's quite common that one must use 'Unchecked_Access, so we could do without these rules and checks in the majority of cases. -- Jeff Carter "I unclog my nose towards you." Monty Python & the Holy Grail 11 ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-17 21:16 ` Jeffrey Carter @ 2013-07-17 23:44 ` Randy Brukardt 2013-07-18 0:39 ` Bill Findlay 2013-07-18 0:41 ` Jeffrey Carter 0 siblings, 2 replies; 15+ messages in thread From: Randy Brukardt @ 2013-07-17 23:44 UTC (permalink / raw) "Jeffrey Carter" <spam.jrcarter.not@spam.not.acm.org> wrote in message news:ks718g$aim$2@dont-email.me... > On 07/17/2013 01:09 PM, Florian Weimer wrote: >> One thing in Ada I could never quite grasp where the accessiblity >> checks. I haven't seen much Ada code, and personally, I didn't have >> much need for nested access types anyway. If I have used them, they >> were still potentially unsafe due to aliasing or calls to >> Unchecked_Deallocation in neighboring code. >> >> So what's the point for this language feature? It seems to add quite >> a bit of complexity to the language. > > Ada 83 didn't have these checks, and had only named access types that > could only designate objects created by an allocator ("new"). > > Accessibility rules were introduced in Ada 95, along with general access > types (declared with "all") that can access objects allocated on the > stack, the 'Access and 'Unchecked_Access attributes, and anonymous access > types in the forms of access parameters and access discriminants. > > Anonymous types are a Bad Idea, and anonymous access types are a Very Bad > Idea. The language would be better off without them. > > Brukardt, ARG member and editor of the ARM, claims that 'Access never > works and 'Unchecked_Access is always required, bypassing the > accessibility checks. While this is not entirely true, it's quite common > that one must use 'Unchecked_Access, so we could do without these rules > and checks in the majority of cases. That's not entirely true: I did find one (and only one) instance where I was able to use 'Access in my code (it had to do with a library-level initialization). But for the most part, accessibility gets in the way more than it helps anything. It does prevent some gross errors, but that's about it. The dynamic checks are actually better, but that assumes that they're implemented properly, and that has some distributed overhead. The biggest advantage of the accessibility checks is that they taught us (the ARG) what not to do. :-) When we designed anti-aliasing rules for Ada 2012, one of the big concerns was that they wouldn't turn into accessibility checks. So we only make checks in cases where it's obvious that there is something dubious going on, and there is no attempt at completeness. It would be tempting to dump the entire accessibility mess into trash, but the only alternative is erroneousness, which is too awful to contemplate. Randy. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-17 23:44 ` Randy Brukardt @ 2013-07-18 0:39 ` Bill Findlay 2013-07-18 7:14 ` Simon Wright ` (2 more replies) 2013-07-18 0:41 ` Jeffrey Carter 1 sibling, 3 replies; 15+ messages in thread From: Bill Findlay @ 2013-07-18 0:39 UTC (permalink / raw) On 18/07/2013 00:44, in article ks7a8v$4nj$1@loke.gir.dk, "Randy Brukardt" <randy@rrsoftware.com> wrote: > "Jeffrey Carter" <spam.jrcarter.not@spam.not.acm.org> wrote in message > news:ks718g$aim$2@dont-email.me... >> Brukardt, ARG member and editor of the ARM, claims that 'Access never >> works and 'Unchecked_Access is always required, bypassing the >> accessibility checks. While this is not entirely true, it's quite common >> that one must use 'Unchecked_Access, so we could do without these rules >> and checks in the majority of cases. > > That's not entirely true: I did find one (and only one) instance where I was > able to use 'Access in my code (it had to do with a library-level > initialization). Interesting. My projects have 37 occurrences of 'Access and only 2 of 'Unchecked_Access. -- Bill Findlay with blueyonder.co.uk; use surname & forename; ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-18 0:39 ` Bill Findlay @ 2013-07-18 7:14 ` Simon Wright 2013-07-19 8:41 ` Georg Bauhaus 2013-07-19 4:48 ` Randy Brukardt 2013-07-22 6:11 ` ake.ragnar.dahlgren 2 siblings, 1 reply; 15+ messages in thread From: Simon Wright @ 2013-07-18 7:14 UTC (permalink / raw) Bill Findlay <yaldnif.w@blueyonder.co.uk> writes: > On 18/07/2013 00:44, in article ks7a8v$4nj$1@loke.gir.dk, "Randy Brukardt" > <randy@rrsoftware.com> wrote: > >> "Jeffrey Carter" <spam.jrcarter.not@spam.not.acm.org> wrote in message >> news:ks718g$aim$2@dont-email.me... > >>> Brukardt, ARG member and editor of the ARM, claims that 'Access >>> never works and 'Unchecked_Access is always required, bypassing the >>> accessibility checks. While this is not entirely true, it's quite >>> common that one must use 'Unchecked_Access, so we could do without >>> these rules and checks in the majority of cases. >> >> That's not entirely true: I did find one (and only one) instance >> where I was able to use 'Access in my code (it had to do with a >> library-level initialization). > > Interesting. > > My projects have 37 occurrences of 'Access and only 2 of > 'Unchecked_Access. A program which constructs a partial representation of a UML model, and then walks the representation, used 'Access 43 times to iterate over containers (in Ada 2005!) and 'Unchecked_Access 38 times to construct the representation. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-18 7:14 ` Simon Wright @ 2013-07-19 8:41 ` Georg Bauhaus 0 siblings, 0 replies; 15+ messages in thread From: Georg Bauhaus @ 2013-07-19 8:41 UTC (permalink / raw) On 18.07.13 09:14, Simon Wright wrote: > Bill Findlay <yaldnif.w@blueyonder.co.uk> writes: >> My projects have 37 occurrences of 'Access and only 2 of >> 'Unchecked_Access. > > A program which constructs a partial representation of a UML model, and > then walks the representation, used 'Access 43 times to iterate over > containers (in Ada 2005!) and 'Unchecked_Access 38 times to construct > the representation. In the sources of GNAT, 'Access wins, too: $ cat *.ads *.adb | grep -c "'Unchecked_Access" 225 $ cat *.ads *.adb | grep -c "'Access" 2156 $ cat *.ads *.adb | grep -c "'Unrestricted_Access" 998 ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-18 0:39 ` Bill Findlay 2013-07-18 7:14 ` Simon Wright @ 2013-07-19 4:48 ` Randy Brukardt 2013-07-22 6:11 ` ake.ragnar.dahlgren 2 siblings, 0 replies; 15+ messages in thread From: Randy Brukardt @ 2013-07-19 4:48 UTC (permalink / raw) "Bill Findlay" <yaldnif.w@blueyonder.co.uk> wrote in message news:CE0CF7DE.329A0%yaldnif.w@blueyonder.co.uk... > On 18/07/2013 00:44, in article ks7a8v$4nj$1@loke.gir.dk, "Randy Brukardt" > <randy@rrsoftware.com> wrote: > >> "Jeffrey Carter" <spam.jrcarter.not@spam.not.acm.org> wrote in message >> news:ks718g$aim$2@dont-email.me... > >>> Brukardt, ARG member and editor of the ARM, claims that 'Access never >>> works and 'Unchecked_Access is always required, bypassing the >>> accessibility checks. While this is not entirely true, it's quite common >>> that one must use 'Unchecked_Access, so we could do without these rules >>> and checks in the majority of cases. >> >> That's not entirely true: I did find one (and only one) instance where I >> was >> able to use 'Access in my code (it had to do with a library-level >> initialization). > > Interesting. > > My projects have 37 occurrences of 'Access and only 2 of > 'Unchecked_Access. I recall Tucker telling me (after one of my frequent rants about the uselessness of 'Access) that he used it quite often. He then deconstructed several possible uses for access values constructed from static objects, and noted that some of them fit 'Access very well, and others did not. (His description was much more useful than this summary, of course; he is so much better that me at being able to summarize ideas. That's one trait that I've never managed to learn, despite many examples; I'm almost always happy when Tucker jumps into a discussion because he often explains the issue much more clearly than I did. But I digress...) I tend to use 'Access on parameters to for temporary storage during processing in a package (Claw does this extensively), and in that case, accessibility is completely in the way. We use finalization to ensure the saved values don't live too long, a static check is never going to work. OTOH, creating values at initialization, for instance, works perfectly, and the static check is helpful. So this is a case where we have rules that help some programming usages and hinder others -- still not the best choice of programming rules. Randy. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-18 0:39 ` Bill Findlay 2013-07-18 7:14 ` Simon Wright 2013-07-19 4:48 ` Randy Brukardt @ 2013-07-22 6:11 ` ake.ragnar.dahlgren 2013-07-22 9:03 ` Bill Findlay 2 siblings, 1 reply; 15+ messages in thread From: ake.ragnar.dahlgren @ 2013-07-22 6:11 UTC (permalink / raw) Den torsdagen den 18:e juli 2013 kl. 02:39:42 UTC+2 skrev Bill Findlay: > On 18/07/2013 00:44, in article ks7a8v$4nj$1@loke.gir.dk, "Randy Brukardt" <randy@rrsoftware.com> wrote: > "Jeffrey Carter" <spam.jrcarter.not@spam.not.acm.org> wrote in message > news:ks718g$aim$2@dont-email.me... >> Brukardt, ARG member and editor of the ARM, claims that 'Access never >> works and 'Unchecked_Access is always required, bypassing the >> accessibility checks. While this is not entirely true, it's quite common >> that one must use 'Unchecked_Access, so we could do without these rules >> and checks in the majority of cases. > > That's not entirely true: I did find one (and only one) instance where I was > able to use 'Access in my code (it had to do with a library-level > initialization). Interesting. My projects have 37 occurrences of 'Access and only 2 of 'Unchecked_Access. -- Bill Findlay with blueyonder.co.uk; use surname & forename; Perhaps your projects use anonymous access types? Best regards, Åke Ragnar Dahlgren ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-22 6:11 ` ake.ragnar.dahlgren @ 2013-07-22 9:03 ` Bill Findlay 2013-07-24 13:01 ` ake.ragnar.dahlgren 0 siblings, 1 reply; 15+ messages in thread From: Bill Findlay @ 2013-07-22 9:03 UTC (permalink / raw) On 22/07/2013 07:11, in article 9a48d84b-4160-4824-a658-48dfcf12d0d6@googlegroups.com, "ake.ragnar.dahlgren@gmail.com" <ake.ragnar.dahlgren@gmail.com> wrote: > Den torsdagen den 18:e juli 2013 kl. 02:39:42 UTC+2 skrev Bill Findlay: >> On 18/07/2013 00:44, in article ks7a8v$4nj$1@loke.gir.dk, "Randy Brukardt" >> <randy@rrsoftware.com> wrote: > "Jeffrey Carter" >> <spam.jrcarter.not@spam.not.acm.org> wrote in message > >> news:ks718g$aim$2@dont-email.me... >> Brukardt, ARG member and editor of the >> ARM, claims that 'Access never >> works and 'Unchecked_Access is always >> required, bypassing the >> accessibility checks. While this is not entirely >> true, it's quite common >> that one must use 'Unchecked_Access, so we could >> do without these rules >> and checks in the majority of cases. > > That's not >> entirely true: I did find one (and only one) instance where I was > able to >> use 'Access in my code (it had to do with a library-level > initialization). >> Interesting. My projects have 37 occurrences of 'Access and only 2 of >> 'Unchecked_Access. -- Bill Findlay with blueyonder.co.uk; use surname & >> forename; > > Perhaps your projects use anonymous access types? No, I do not use any anonymous access types. -- Bill Findlay with blueyonder.co.uk; use surname & forename; ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-22 9:03 ` Bill Findlay @ 2013-07-24 13:01 ` ake.ragnar.dahlgren 2013-07-24 13:27 ` Dmitry A. Kazakov 0 siblings, 1 reply; 15+ messages in thread From: ake.ragnar.dahlgren @ 2013-07-24 13:01 UTC (permalink / raw) On Monday, July 22, 2013 11:03:02 AM UTC+2, Bill Findlay wrote: > On 22/07/2013 07:11, in article 9a48d84b-4160-4824-a658-48dfcf12d0d6@googlegroups.com, "ake.ragnar.dahlgren@gmail.com" <ake.ragnar.dahlgren@gmail.com> wrote: > Den torsdagen den 18:e juli 2013 kl. 02:39:42 UTC+2 skrev Bill Findlay: >> On 18/07/2013 00:44, in article ks7a8v$4nj$1@loke.gir.dk, "Randy Brukardt" >> <randy@rrsoftware.com> wrote: > "Jeffrey Carter" >> <spam.jrcarter.not@spam.not.acm.org> wrote in message > >> news:ks718g$aim$2@dont-email.me... >> Brukardt, ARG member and editor of the >> ARM, claims that 'Access never >> works and 'Unchecked_Access is always >> required, bypassing the >> accessibility checks. While this is not entirely >> true, it's quite common >> that one must use 'Unchecked_Access, so we could >> do without these rules >> and checks in the majority of cases. > > That's not >> entirely true: I did find one (and only one) instance where I was > able to >> use 'Access in my code (it had to do with a library-level > initialization). >> Interesting. My projects have 37 occurrences of 'Access and only 2 of >> 'Unchecked_Access. -- Bill Findlay with blueyonder.co.uk; use surname & >> forename; > > Perhaps your projects use anonymous access types? No, I do not use any anonymous access types. -- Bill Findlay with blueyonder.co.uk; use surname & forename; I do not use anonymous access types either. A recipe for avoiding 'Unchecked_Access could be: 1) Instantiate as many objects at the library level as is suitable to be able to use 'Access. 2) The objects that are unnecessary to instantiate at startup (to avoid long startup time if the application is HUGE and use resources more wisely) are instantiated on the heap using smart pointers á la GNATColl. The recipe is obviously not usable in projects where dynamic allocations are forbidden. To deal with "the objects that are unnecessary to instantiate at startup" I can think of four scenarios: 1) Using anonymous access types. 2) Using Unchecked_Access 3) Dynamic allocation on the heap. 4) Dynamic allocation on the heap using smart pointers á la GNATColl. Case 1) and 2) can lead to access types referencing non-existant objects. Case 3) can lead to memory leaks. Out of these case 4) seems to be safest since it protects against null pointer exceptions and memory leaks (although it won't protect from out of memory exceptions). Perhaps it is possible to verify using static code analysis that one has correctly used anonymous access types and Unchecked_Access in cases 1) and 2)? Maybe someone who has used CodePeer knows? Anyways, I would like to extend my thanks to everyone who has participated in the "Accessibility checks" discussion. It gave me something to think about. Best regards, Åke Ragnar Dahlgren ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-24 13:01 ` ake.ragnar.dahlgren @ 2013-07-24 13:27 ` Dmitry A. Kazakov 2013-07-29 6:18 ` ake.ragnar.dahlgren 0 siblings, 1 reply; 15+ messages in thread From: Dmitry A. Kazakov @ 2013-07-24 13:27 UTC (permalink / raw) On Wed, 24 Jul 2013 06:01:21 -0700 (PDT), ake.ragnar.dahlgren@gmail.com wrote: > I do not use anonymous access types either. Note that there exist quite important cases where anonymous access types are necessary and unavoidable: 1. Primitive operations. Named access types arguments cannot be dispatching; 2. Rosen's trick. Maybe it works with named types in Ada 2012. I didn't check it; 3. Discriminants; 4. Returning managed objects by reference. P.S. Arguably these issues could be resolved without anonymous access types and possibly without access types. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-24 13:27 ` Dmitry A. Kazakov @ 2013-07-29 6:18 ` ake.ragnar.dahlgren 0 siblings, 0 replies; 15+ messages in thread From: ake.ragnar.dahlgren @ 2013-07-29 6:18 UTC (permalink / raw) On Wednesday, July 24, 2013 3:27:45 PM UTC+2, Dmitry A. Kazakov wrote: > On Wed, 24 Jul 2013 06:01:21 -0700 (PDT), ake.ragnar.dahlgren@gmail.com wrote: > I do not use anonymous access types either. Note that there exist quite important cases where anonymous access types are necessary and unavoidable: 1. Primitive operations. Named access types arguments cannot be dispatching; 2. Rosen's trick. Maybe it works with named types in Ada 2012. I didn't check it; 3. Discriminants; 4. Returning managed objects by reference. P.S. Arguably these issues could be resolved without anonymous access types and possibly without access types. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de Thank you Dmitry for your feedback. Best regards, Åke Ragnar Dahlgren ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-17 23:44 ` Randy Brukardt 2013-07-18 0:39 ` Bill Findlay @ 2013-07-18 0:41 ` Jeffrey Carter 2013-07-19 4:51 ` Randy Brukardt 1 sibling, 1 reply; 15+ messages in thread From: Jeffrey Carter @ 2013-07-18 0:41 UTC (permalink / raw) On 07/17/2013 04:44 PM, Randy Brukardt wrote: > > That's not entirely true: I did find one (and only one) instance where I was > able to use 'Access in my code (it had to do with a library-level > initialization). I apologize if my memory was faulty. I too have found cases where 'Access worked, but like you I have found that they are rare. > It would be tempting to dump the entire accessibility mess into trash, but > the only alternative is erroneousness, which is too awful to contemplate. Isn't that what you get when you use 'Unchecked_Access? -- Jeff Carter "I unclog my nose towards you." Monty Python & the Holy Grail 11 ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Accessibility checks 2013-07-18 0:41 ` Jeffrey Carter @ 2013-07-19 4:51 ` Randy Brukardt 0 siblings, 0 replies; 15+ messages in thread From: Randy Brukardt @ 2013-07-19 4:51 UTC (permalink / raw) "Jeffrey Carter" <spam.jrcarter.not@spam.not.acm.org> wrote in message news:ks7d92$iv7$1@dont-email.me... > On 07/17/2013 04:44 PM, Randy Brukardt wrote: ... >> It would be tempting to dump the entire accessibility mess into trash, >> but >> the only alternative is erroneousness, which is too awful to contemplate. > > Isn't that what you get when you use 'Unchecked_Access? True, but in the cases where accessibility works, it would be a step backwards to remove protection. And at least some programmers claim that accessibility works for them (I presume that they are using it in contexts where static checking will work). Randy. ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2013-07-29 6:18 UTC | newest] Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-07-17 20:09 Accessibility checks Florian Weimer 2013-07-17 20:20 ` Alan Jump 2013-07-17 21:16 ` Jeffrey Carter 2013-07-17 23:44 ` Randy Brukardt 2013-07-18 0:39 ` Bill Findlay 2013-07-18 7:14 ` Simon Wright 2013-07-19 8:41 ` Georg Bauhaus 2013-07-19 4:48 ` Randy Brukardt 2013-07-22 6:11 ` ake.ragnar.dahlgren 2013-07-22 9:03 ` Bill Findlay 2013-07-24 13:01 ` ake.ragnar.dahlgren 2013-07-24 13:27 ` Dmitry A. Kazakov 2013-07-29 6:18 ` ake.ragnar.dahlgren 2013-07-18 0:41 ` Jeffrey Carter 2013-07-19 4:51 ` Randy Brukardt
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox