Re: Bug in Ada (SuSe 10.2) ?

["Randy Brukardt" <randy@rrsoftware.com>]

<billjones6789@yahoo.com> wrote in message
news:69019a65-736e-48ee-bd9f-4c29cd7fc88f@72g2000hsu.googlegroups.com...
>On Feb 21, 2:32 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
>> We're talking about language-defined checks. There are no
language-defined
>> checks for dangling pointers!
>
>Huh?
>In Ada83 there was no provision for pointers into the stack, because
>of the well-known danger of leaving a dangling pointer when the
>subprogram exited.  Ada95 considered it necessary to allow pointers
>into the stack, in part because users were doing it anyway (using
>unsafe techniques like 'address and Unchecked_Conversion) to avoid
>the well-known dangers of using heap allocation.
>
>To eliminate the danger of dangling pointers into the stack, Ada95
>introduced the concept of Accessibility_Check, which, like
>Overflow_Check, can be controlled using pragma Suppress/Unsuppress,
>and possibly compiler switches.

These aren't "dangling pointer" checks (which would occur on the
dereference). If you wanted to talk about them informally, I'd call them
"lifetime" checks, but it is best to call them by their real name (which you
finally did above). I thought you were talking about something completely
different.

Anyway, accessibility checks contain both a static and dynamic part, and it
is fairly difficult to write an interesting program that passes the static
check and fails the dynamic check. The most likely way to do so in practice
is to use an anonymous access parameter -- and this is the best reason for
avoiding such parameters, as you have the possibility of failure just
because you are making a call from a nested location.

And, yes, I suppose you could suppress the check. You could also play
Russian Roulette. Or, most likely, you'll have used 'Unchecked_Access to
avoid that silly check in the first place (it prevents lots of things that
are safe to do). But you still would have been better off avoiding the
unchecked access in the first place, because eliminating the check would not
eliminate most of the overhead (that overhead can only be eliminated if the
subprogram body and all calls are compiled such that it is certain that the
check is suppressed and cannot be turned back on -- which means that any
separate compilation eliminates that possibility).

In any case, there is nothing wrong with having the ability to suppress
language-defined checks via a compiler switch or whatever. But there is
something wrong with having the default operation of a compiler having those
checks suppressed. Yes, pendantically this is OK, but it means that new
users don't actually use the Ada standard mode.

                                           Randy.



Of course, the danger is only eliminated when this language-defined
check is fully implemented in standard mode.