Ada Alternatives to Unrestricted_Access

[Jere <jhb.chat@gmail.com>]

I'm currently updating a generic package that takes a container type
as an input and creates an iterative type around it.  I found quite a
few instances of GNAT's Unrestricted_Access which appear to be
necessary because of the Iterate function's container parameter of
being mode "in" and the iterator needing a non constant access to it
to supply tamper check semantics.  I tried changing the mode to
"in out" but that caused a slew of errors where Iterate was used 
inside other operations that had the Container supplied via "in"
mode parameters.  Changing those other operations doesn't make
sense (and causes other errors later), but I don't like relying
on GNAT's implementation defined attribute if I can help it.

I was able to use System.Address_To_Access_Conversions to 
achieve both compiler happiness and expected runtime execution, but
I am worried this is not legal as it is skirting kind of close
to Address overlays.  In this case the types are identical aside
from one (the Iterate "in" mode parameter) being constant and the
other (the iterators "Container_Access" component) being variable.
However, I am not fully convinced it is (relatively) safe or portable yet.

The gist of the differences being:

   Container_Access => C'Unrestricted_Access

is converted to:

   Container_Access => A2A.To_Pointer(C'Address)

where:
   
   package A2A is new System.Address_To_Access_Conversions(Container);

and the parameter mode of C is defined as:

   function Iterate
            (C : in Container)
             return Iterator_Interfaces.Forward_Iterator'Class;

and the generic formal for Container

   type Container is tagged private;

I'm working with an existing code base, so complete overhaul is 
not a great option.

If it isn't a good idea, are there alternatives?  Since the Container
implementation is unknown in the generic, I wasn't able to get a version
of the Rosen technique to work as an alternative (same constant vs
variable access problem).