From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,INVALID_DATE autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,682ac581ea925e5 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 1994-11-17 14:35:21 PST Newsgroups: comp.lang.ada Path: nntp.gmd.de!urmel.informatik.rwth-aachen.de!newsserver.rrzn.uni-hannover.de!aix11.hrz.uni-oldenburg.de!nordwest.germany.eu.net!pophh!Germany.EU.net!howland.reston.ans.net!news.moneng.mei.com!uwm.edu!lll-winken.llnl.gov!trib.apple.com!amd!netcomsv!telesoft!kst From: kst@alsys.com (Keith Thompson) Subject: Re: Systemless use of 'Address. Message-ID: Originator: kst@pulsar Sender: news@alsys.com (USENET News Admin @flash) Organization: Alsys, San Diego, CA, USA References: <9411101514.AA21438@eurocontrol.de> <3a8l9b$10rk@watnews1.watson.ibm.com> <3ae5s0$o1p@gnat.cs.nyu.edu> Date: Thu, 17 Nov 1994 22:35:21 GMT Date: 1994-11-17T22:35:21+00:00 List-Id: In <3ae5s0$o1p@gnat.cs.nyu.edu> dewar@cs.nyu.edu (Robert Dewar) writes: > Why on earth should unchecked_access require system? it has nothing to do > with entities declared in system, and its semantics is not system > dependent. Several other "unsafe" Ada constructs require an explicit "with". Address clauses require a "with" of System, instantiations of Unchecked_Conversion and Unchecked_Deallocation require a "with" of the respective generic subprogram, machine code insertions require a "with" of Machine_Code. (Note, however, that calls to instances of Unchecked_Conversion and Unchecked_Deallocation don't require a direct "with".) The purpose is to flag a compilation unit that uses these unsafe constructs in a highly visible way. It would be consistent with this policy to require an explicit "with" before using 'Unchecked_Access, but there's no clean way to add such a requirement, since the 'Unchecked_Access attribute doesn't depend on anything declared in any particular predefined unit. I suppose the language could have defined something like this: generic type Object is limited private; type Name is access all Object; function Unchecked_Access(X: Object) return Name; (I *think* that's right.) The drawbacks of this would be that it's less convenient (which I might argue is a good thing), and that it draws attention to instantiations and not to calls. Of course, you can always scan the source file for the identifier Unchecked_Access, so marking the context clause probably isn't such a big deal anyway. > Sure it can be used to construct erroneous programs whose behavior is > implementation dependent, but hey, you can do that with uninitialized > variables, and you don't have to with system to create those! There's a difference between code that's unintentionally erroneous (i.e., buggy) and code that's deliberately "unsafe". It's reasonable to make the user work harder to write unsafe code. It would be nice to make it difficult or impossible to write buggy code, but that's beyond the current state of the art. In any case, I'm sure it's far to late in the Ada 9X process to contemplate this kind of change. -- Keith Thompson (The_Other_Keith) kst@alsys.com TeleSoft^H^H^H^H^H^H^H^H Alsys, Inc. 10251 Vista Sorrento Parkway, Suite 300, San Diego, CA, USA, 92121-2718 /user/kst/.signature: I/O error (core dumped)