From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,4e5770c49b971630,start X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!postnews.google.com!v8g2000yqb.googlegroups.com!not-for-mail From: Maciej Sobczak Newsgroups: comp.lang.ada Subject: High-Integrity OO and controlled types Date: Sun, 1 May 2011 13:38:44 -0700 (PDT) Organization: http://groups.google.com Message-ID: NNTP-Posting-Host: 77.255.228.6 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Trace: posting.google.com 1304282324 22404 127.0.0.1 (1 May 2011 20:38:44 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Sun, 1 May 2011 20:38:44 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: v8g2000yqb.googlegroups.com; posting-host=77.255.228.6; posting-account=bMuEOQoAAACUUr_ghL3RBIi5neBZ5w_S User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13,gzip(gfe) Xref: g2news1.google.com comp.lang.ada:19112 Date: 2011-05-01T13:38:44-07:00 List-Id: There is an interesting white paper describing the high-integrity point of view on object-oriented programming: http://www.open-do.org/high-integrity-oo-programming-in-ada/ One of the parts that has caught my attention is the description of GNAT high-integrity profiles, where it is written that controlled types are not supported (page 43): "Controlled types are not supported since they require extensive run- time support." This is surprising to me. I don't see anything in controlled types that would require "extensive run-time support". Obviously, there is some implicit additional code required for controlled types to work, but as far as I understand this additional code can be entirely generated by the compiler (in many cases even the dynamic dispatch can be omitted) and no run-time library is necessary for it at all. Am I missing something? What "extensive run-time support" is needed for controlled types that excludes them from high-integrity GNAT profiles? There is another angle to this question: the Ravenscar profile does not exclude controlled types. If GNAT's so-called Ravenscar profile does exclude them, then it looks that it does not support some formally valid Ravenscar programs, even some very trivial ones. Am I missing something? -- Maciej Sobczak * http://www.msobczak.com * http://www.inspirel.com