From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,eca91508b02e7e97 X-Google-Attributes: gid103376,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!feeder1-2.proxad.net!proxad.net!feeder1-1.proxad.net!club-internet.fr!feedme-small.clubint.net!news.ecp.fr!news.jacob-sparre.dk!pnx.dk!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Amount of copying on returned constant objects Date: Mon, 18 Jun 2007 15:25:33 -0500 Organization: Jacob's private Usenet server Message-ID: References: <5dfsfnF1qav8bU1@mid.individual.net> <46730bf5$0$23134$9b4e6d93@newsspool1.arcor-online.net> <5dntd6F35jc57U1@mid.individual.net> <4676C27D.2050608@obry.net> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: jacob-sparre.dk 1182198192 24251 69.95.181.76 (18 Jun 2007 20:23:12 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Mon, 18 Jun 2007 20:23:12 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Xref: g2news1.google.com comp.lang.ada:16227 Date: 2007-06-18T15:25:33-05:00 List-Id: "Pascal Obry" wrote in message news:4676C27D.2050608@obry.net... > Or in a more Ada 2005 way: > > function Element > (Key : Key_Type) return access constant Element_Type; The problem with this is that this access can be saved, and any operation on the original container could make it become dangling (and thus any further use be erroneous). That is *very* unsafe and virtually impossible to detect. There were a substantial number of people (a group that includes me) that want the containers to be safer than using raw access types (because they can do checks that would be too tedious to do in hand-written code). That's why the containers access-in-place routines use access-to-subprograms, because they can have tampering checks that prevent the dangling access problem (you get Program_Error if you try to do something that could make the element inaccessible). That makes them much safer than returning a raw pointer. We actually spent quite a bit of effort on trying to find a way to secure access values returned this way. But it isn't quite possible: even if you make them uncopyable; they still can be held onto long enough to potentially cause trouble with a renames. What really would help would be a way for the container to know when the access was destroyed, but there isn't any obvious way to do that in Ada. Dmitry might (will?) tell us that a user-defined ".all" operation would do the trick, but it's not obvious how to define that operation so that the ".all" definition itself would not expose the original problem. Randy.