From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,INVALID_DATE
	autolearn=no autolearn_force=no version=3.4.4
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!mcsun!cernvax!chx400!bernina!bernina!neeri
From: neeri@iis.ethz.ch (Matthias Ulrich Neeracher)
Newsgroups: comp.lang.ada
Subject: Re: Reference vs. copy semantics in passing parameters
Message-ID: <NEERI.91May17101929@iis.ethz.ch>
Date: 17 May 91 08:19:29 GMT
References: <2725@sparko.gwu.edu> <jls.666659373@yoda> <2742@sparko.gwu.edu>
	<1991May16.135103.1688@software.org>
Sender: news@bernina.ethz.ch (USENET News System)
Organization: Integrated Systems Laboratory, ETH, Zurich
In-Reply-To: blakemor@software.org's message of 16 May 91 13:51:03 GMT
Nntp-Posting-Host: etzj-gw
List-Id: <comp.lang.ada>

In article <1991May16.135103.1688@software.org> blakemor@software.org (Alex Blakemore) writes:
>In article <2742@sparko.gwu.edu> mfeldman@seas.gwu.edu () writes:
>> In article <jls.666659373@yoda> jls@yoda.Rational.COM (Jim Showalter) writes:
>> In C++, you can declare not only the pointer constant but the pointed
>> to construct constant as well. This allows passing by reference in a
>> read-only manner, which is NOT possible in Ada at present.
>
>This sounds like a nice safety feature but can callers really rely on it ?
>Even if the C++ language prevents updating the object if the pointer is
>declared appropriately, does it prevent assignment to a normal pointer
>which will allow the referenced object to be updated ?
>[...]
>Consider this Ada flavored example, where constant means the referenced
>object may not be updated.
>
>procedure look_at_object (p : in CONSTANT ptr_to_object);
>
>procedure look_at_object (p : in CONSTANT ptr_to_object) is
>  temp : ptr_to_object;
>begin 
>  temp := p;  -- is this legal in C++ ?
>  p.all := anything;
>end;
>
>Unless C++ prevents the assignment to another pointer above, then the feature
>can be easily subverted (purposely or accidently).

[Sorry to post C++ to comp.lang.ada, but the question is posted here]

In C++, the above assignment is illegal, so the risk of subverting the feature
accidentally is low. On the other hand, the assignment can easily be done if an
explicit type cast to the non-constant type is employed in the right-hand side,
so the feature can indeed easily be subverted purposely.

I tend to agree with this design philosophy, as I believe that it is beneficial
to try to guard programmers from their own stupid... I mean fallibility, but that
there is little use of trying to control their malice with programming language
features. A borderline case is, of course, programmer's lazyness.

Matthias

-----
Matthias Neeracher                                      neeri@iis.ethz.ch
   "These days, though, you have to be pretty technical before you can 
    even aspire to crudeness." -- William Gibson, _Johnny Mnemonic_