Re: Ada style of passing 'in' parameters considered dangerous?

[Vinzent Hoefler <JeLlyFish.software@gmx.net>]

Robert A Duff <bobduff@shell01.TheWorld.com> wrote:

>Antti Sykari <jsykari@gamma.hut.fi> writes:
>
>> - Have you encountered a non-trivial real-life case where the
>>   programmer has shot himself in the foot in the form of
>>   implementation-defined behavior because of the error mentioned above?
>>   I'd be interested to hear of any such cases.

I once did encounter such problem. It wasn't Ada, it was Pascal, so it
had nothing to do with "implementation defined", but if you take a
closer look to it, the problem might be considered as similar.

I changed the parameter mode of a string to "const" because there was
no write access to it. So then it was passed by reference instead of
by value like it did before. The bad thing was, this string was part
of another parameter to this procedure so indeed the string got
changed during the call. An example of badly structured data, I'd say.

>I don't know.  I would feel more comfortable if one could *prove* that
>such things can't happen.

Well, that's what SPARK is for.

>One possible solution is to disallow cases that might be aliased.

Like SPARK does. :)


Vinzent.