From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,9cccd7364739aea1 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII Path: g2news1.google.com!postnews.google.com!j24g2000yqa.googlegroups.com!not-for-mail From: Ludovic Brenta Newsgroups: comp.lang.ada Subject: Re: Passing the same actual as both in and out formal parameters? Date: Tue, 17 Nov 2009 08:07:39 -0800 (PST) Organization: http://groups.google.com Message-ID: References: <1fbe454c-52b0-408b-9159-982fc019a53c@j19g2000yqk.googlegroups.com> <81utdh.otp.ln@hunter.axlog.fr> <044632e0-e40c-4c47-ab56-189f4ae0c15b@u7g2000yqm.googlegroups.com> NNTP-Posting-Host: 153.98.68.197 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1258474059 8289 127.0.0.1 (17 Nov 2009 16:07:39 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 17 Nov 2009 16:07:39 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: j24g2000yqa.googlegroups.com; posting-host=153.98.68.197; posting-account=pcLQNgkAAAD9TrXkhkIgiY6-MDtJjIlC User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5,gzip(gfe),gzip(gfe) Xref: g2news1.google.com comp.lang.ada:8129 Date: 2009-11-17T08:07:39-08:00 List-Id: Jean-Pierre Rosen wrote: > Ludovic Brenta a =E9crit : >> My exampled was heavily simplified; the actual type has about a >> hundred components and the procedure P is a little more complex than >> swapping components :) > > > But thanks for the responses, Niklas and Jean-Pierre. They confirm my > > suspicion. > > But the important thing is that there is no risk: behaviour is well > defined, and will not change with the next release of the compiler. > > If it is not the behaviour you want, you can make a local copy (but you > know that). Indeed; I was careful not to use the phrases "bounded error" or "erroneous execution", just "bug" :) The construct is well-defined but error-prone and needs documentation in my sources, so I've added that. Triggering the bug requires: (1) pass-by-reference type (i.e. tagged, limited, etc.) or explicit access type (2) same object passed twice as both in and out parameters (3) non-atomic reads and writes to the object inside the subprogram When writing such a procedure, it is necessary to pay attention: either prevent the bug by checking for condition (2) and raising an exception if it is met; use only atomic operations so as to prevent (3); or accept that the bug may happen and warn about it. In my particular case, the operations are "atomic" in that the procedure first reads the Object, then passes it as an "out" parameter to another procedure, and never reads it again. However, this being long-term-support software, one never knows that (3) can never happen in some future revision. -- Ludovic Brenta.