From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: 103376,2308afbbe4ecec0b X-Google-Attributes: gid103376,public From: Brian Rogoff Subject: Re: Subverting 'Access for Sub-programs Date: 1999/08/06 Message-ID: #1/1 X-Deja-AN: 509847397 Content-Transfer-Encoding: QUOTED-PRINTABLE References: <37A71EF1.2201@dera.gov.uk> <37A7FDE8.4F5@dera.gov.uk> <7o9vrv$qgt$1@wanadoo.fr> <7oc5ih$6mb$1@wanadoo.fr> Content-Type: TEXT/PLAIN; charset=X-UNKNOWN X-Trace: nntp1.ba.best.com 934002116 227 bpr@206.184.139.136 MIME-Version: 1.0 Newsgroups: comp.lang.ada Date: 1999-08-06T00:00:00+00:00 List-Id: On Thu, 5 Aug 1999, Jean-Pierre Rosen wrote: > Brian Rogoff a =E9crit dans le message : > Pine.BSF.4.10.9908042041540.29130-100000@shell5.ba.best.com... > On Wed, 4 Aug 1999, Jean-Pierre Rosen wrote: > > [snip] > >> I understood from a previous message that you didn't like the solution > with > >> a generic taking a formal procedure. > >> It seems however that it would allow you to do precisely what you want= =2E > >> You may not "like" generics, but they are inherently safer than access > >> values. Actually, in the discussion about downward closures, it was no= ted > >> that all the cases presented could be equally well be dealt with with > >> generics, and therefore that it was not worth introducing a risky > feature. >=20 > >Not true for any reasonable value of "equally well". For instance, in on= e > >of those ancient postings of a few years ago on this very topic Richard > >O'Keefe presented the example of making a two dimensional integrator fro= m > >a one dimensional one. The Ada version with generics depended on the nam= e > >of the one dimensional integratoir, and so it was parameterized by that > >particular integrator. The downward closure one was free to range over a= ll > >one dimensional integrators. I'll append the code, if you can come up wi= th > >a perspicuous generic version that doesn't depend on the one dimensional > >code I'll be more convinced. > [code snipped for brievity] > OK, I understand your problem better (full examples always help :-) > Of course, you realize that "Integrator" could store the pointer to funct= ion > to any global variable, possibly resulting later in random branches. Yes, I only used 'Unrestricted_Access because that is the only workable solution in any Ada I know of. In Pascal, you wouldn't use function pointers at all so the safety issue does not arise; really the issue is=20 what kind of support for downward closures for Ada provide. A safe solution to this problem, like Bob Duff's limited access to subprogram,=20 was rejected but there are other possibilities too. So, in short, the safety issue is orthogonal, mostly a detail of how you=20 provide this capability. > I think the trade-off in language design was that accessing random memory > location was bad, but not THAT bad. OTOH, branching to random locations w= as > considered really too dangerous. Even if you promise not to store the > pointer to function to anything global, it would be a property of the bod= y, > i.e. something that could be changed without anybody noticing, not even > requiring recompilation of users. > So take it as a trade-off between security and usability. But in the real > world (i.e. not academic exercise), is it so important to dynamically cho= ose > the 1D integrator ? As you note, if the 1D integrator is fixed, there is = an > easy solution with generics. Yes, I think in the real world the decoupling provided by real downward closures over the generic approach is better because it allows more abstract, readable, and reusable code to be written. Whether it is worth=20 it in the context of a future version of Ada is a more complicated question to answer. My "real world" desire for this feature comes up frequently with mapping functions. I also wanted it when I was writing a backtracking parser, but the generic workaround is not as bad there.=20 > RR software has full generics sharing. Anyone do sometimes share / sometimes expand? I'm curious. -- Brian