From: kst@alsys.com (Keith Thompson)
Subject: Re: Systemless use of 'Address.
Date: Thu, 17 Nov 1994 22:35:21 GMT
Date: 1994-11-17T22:35:21+00:00 [thread overview]
Message-ID: <CzFo2x.Kp0@alsys.com> (raw)
In-Reply-To: 3ae5s0$o1p@gnat.cs.nyu.edu
In <3ae5s0$o1p@gnat.cs.nyu.edu> dewar@cs.nyu.edu (Robert Dewar) writes:
> Why on earth should unchecked_access require system? it has nothing to do
> with entities declared in system, and its semantics is not system
> dependent.
Several other "unsafe" Ada constructs require an explicit "with". Address
clauses require a "with" of System, instantiations of Unchecked_Conversion
and Unchecked_Deallocation require a "with" of the respective generic
subprogram, machine code insertions require a "with" of Machine_Code.
(Note, however, that calls to instances of Unchecked_Conversion and
Unchecked_Deallocation don't require a direct "with".)
The purpose is to flag a compilation unit that uses these unsafe
constructs in a highly visible way.
It would be consistent with this policy to require an explicit "with"
before using 'Unchecked_Access, but there's no clean way to add such
a requirement, since the 'Unchecked_Access attribute doesn't depend on
anything declared in any particular predefined unit.
I suppose the language could have defined something like this:
generic
type Object is limited private;
type Name is access all Object;
function Unchecked_Access(X: Object) return Name;
(I *think* that's right.)
The drawbacks of this would be that it's less convenient (which I might
argue is a good thing), and that it draws attention to instantiations
and not to calls.
Of course, you can always scan the source file for the identifier
Unchecked_Access, so marking the context clause probably isn't such a
big deal anyway.
> Sure it can be used to construct erroneous programs whose behavior is
> implementation dependent, but hey, you can do that with uninitialized
> variables, and you don't have to with system to create those!
There's a difference between code that's unintentionally erroneous (i.e.,
buggy) and code that's deliberately "unsafe". It's reasonable to make
the user work harder to write unsafe code. It would be nice to make
it difficult or impossible to write buggy code, but that's beyond the
current state of the art.
In any case, I'm sure it's far to late in the Ada 9X process to
contemplate this kind of change.
--
Keith Thompson (The_Other_Keith) kst@alsys.com
TeleSoft^H^H^H^H^H^H^H^H Alsys, Inc.
10251 Vista Sorrento Parkway, Suite 300, San Diego, CA, USA, 92121-2718
/user/kst/.signature: I/O error (core dumped)
next prev parent reply other threads:[~1994-11-17 22:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
1994-11-10 15:14 Systemless use of 'Address Bob Wells #402
1994-11-11 20:32 ` Cary Jamison
1994-11-12 20:38 ` Robert Dewar
1994-11-14 21:36 ` Norman H. Cohen
1994-11-16 16:11 ` Mats Weber
1994-11-16 23:50 ` Robert Dewar
1994-11-17 22:35 ` Keith Thompson [this message]
1994-11-17 1:41 ` Bob Duff
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox