From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,4e5770c49b971630 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news1.google.com!postnews.google.com!j26g2000yqa.googlegroups.com!not-for-mail From: Maciej Sobczak Newsgroups: comp.lang.ada Subject: Re: High-Integrity OO and controlled types Date: Tue, 3 May 2011 02:59:05 -0700 (PDT) Organization: http://groups.google.com Message-ID: References: <679e3217-98dd-43c1-86f6-2038a029c3ea@b19g2000yqg.googlegroups.com> <94f3a272-d071-4a74-bfbd-8f2b4c2347cf@m10g2000yqd.googlegroups.com> NNTP-Posting-Host: 77.255.224.125 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1304416745 1392 127.0.0.1 (3 May 2011 09:59:05 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 3 May 2011 09:59:05 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: j26g2000yqa.googlegroups.com; posting-host=77.255.224.125; posting-account=bMuEOQoAAACUUr_ghL3RBIi5neBZ5w_S User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13,gzip(gfe) Xref: g2news1.google.com comp.lang.ada:19138 Date: 2011-05-03T02:59:05-07:00 List-Id: On May 3, 11:32=A0am, Cyrille wrote: > > Excluding controlled types altogether sounded like throwing baby out > > with the water, but now the motivations are a bit more clear to me. > > HI profiles are usually much more constrained. The first goal of this > document is to gather the necessary information to make it possible to > build a safety case when using tagged types and more generally OOP in > a HI context. Usually those are banned along with almost all the > "advanced" features of the language. So no baby thrown with the water. > This is a the other way around: we put more water in the bath so that > maybe one day we can consider bathing your "controlled" baby ;-) I see. Note that between these two: 1. dynamically allocated class-wide (with open hierarchy) objects tied to locally scoped storage pool with all resulting mess, and 2. limited controlled object on the stack as a way to hook scope exit event there is a *wide* spectrum of use cases, some of them being unreasonable in the HI context, but some of them being entirely justified. I would very much welcome at least that second extreme above being acknowledged as a valid programming pattern in safety critical systems. Another angle: the fact that the lack of controlled types in HI profiles can be considered as a problem is entirely a result of the fact that Ada completely screwed this aspect at the beginning. Controlledness should not be based on tags - it should be a completely orthogonal property of the type, without any relation to class-wide objects and dispatching calls (see C++ for an example). Interestingly this conclusion comes up regularly. Time to fix that part of the language, perhaps? ;-) -- Maciej Sobczak * http://www.msobczak.com * http://www.inspirel.com