From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Niklas Holsti Newsgroups: comp.lang.ada Subject: Re: Rust's temporal safety for Ada/SPARK Date: Sun, 14 May 2017 22:59:55 +0300 Organization: Tidorum Ltd Message-ID: References: <1c0e2c7c-4fd6-43d1-9848-f03e1a72bcb3@googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net RWC/YdeNeRfcDfJfdk0Kgg4E5A3ZO+tODNIIfrSmTJo6xKzuLh Cancel-Lock: sha1:nt5kYOlmyS4BUsSOUBcmf6OdjMg= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 In-Reply-To: Xref: news.eternal-september.org comp.lang.ada:46780 Date: 2017-05-14T22:59:55+03:00 List-Id: On 17-05-14 20:36 , Jeffrey R. Carter wrote: > On 05/14/2017 06:46 PM, digitalkevlar@gmail.com wrote: >> >> So, can someone today use Ada in a straight-forward way to write >> single- or >> multi-threaded applications that are, in every use-case, totally >> immune at >> compile-time to use-after-free and double-free errors with zero, runtime >> overhead? Or can it not do that? > > Of course this is possible. Yes... if one does not have to meet stringent resource constraints (time, space) on limited HW. > It's very rare for well designed Ada to need access types. "Well designed" is of course subjective. The container library has made it practical to avoid access types in the application code, but then there are other potential run-time problems, such as "tampering" with the containers, which require run-time checks (and which are to some extent consequences of the use of access types within the container library). > An overwhelming majority of applications can be > implemented without ever writing "access". I find it difficult to agree with that "overwhelming", at least if one includes the access types used under the covers in the container library. Even in applications where heap allocation is forbidden, there are usually some dynamically allocated resources -- elements of "resource pools" such as message buffers -- with the corresponding application-defined "reference" data types, and the same problems of managing allocations over time. I don't know if Rust's memory-management scheme extends to such non-heap "references, however. -- Niklas Holsti Tidorum Ltd niklas holsti tidorum fi . @ .