From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7d83a6223f4f2443 X-Google-Attributes: gid103376,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!t-online.de!news.karotte.org!news2.arglkargh.de!nuzba.szn.dk!news.jacob-sparre.dk!pnx.dk!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Run-time accessibility checks Date: Wed, 10 Dec 2008 19:03:23 -0600 Organization: Jacob Sparre Andersen Message-ID: References: <68719e0e-af31-488a-b45c-f8db93fb70d2@v13g2000yqm.googlegroups.com> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1228957417 21850 69.95.181.76 (11 Dec 2008 01:03:37 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Thu, 11 Dec 2008 01:03:37 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5512 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 Xref: g2news1.google.com comp.lang.ada:2953 Date: 2008-12-10T19:03:23-06:00 List-Id: "Dmitry A. Kazakov" wrote in message news:ggyyafzb06rk.1fkbqhnepowug$.dlg@40tude.net... > On Sat, 6 Dec 2008 09:10:49 -0800 (PST), Ludovic Brenta wrote: > >> Dmitry A. Kazakov wrote: > >>> It is absolutely unacceptable to me that a correct >>> program might fail at run-time because of accessibility checks. >> >> I differ here; to me, a program that fails an accessibility check at >> run time is incorrect. > > Ah, I used to think this way too. But then I realized that this form of > constraint is not a semantic one. Comparing to the constraint range 1..10, > accessibility constraint is an implementation detail. It has no semantic > meaning. When you assign a value outside the range that is semantically > incorrect. When you assign a pointer that potentially might become > dangling, that has no semantic meaning. The pointer is not yet dangling. > The program correctness depends on whether it will become dangling. You are wrong here; that occurs when an *static* accessibility check is triggered that has to be checked at runtime because the source has dynamic accessibility. That conversion between worlds is the problem. IMHO, the static accessibility model is a pile of steaming dung - it never, ever works (I have yet to successfully write 'Access in anything outside of ACATS tests). OTOH, a fully dynamic model would only fail when the pointer really is dangling, because the accessibility would stay with the access type and there would never be any conversion to the static world. So that would only represent a real bug. But of course it is a lot more expensive at runtime. I'm going to write up a proposal for a fully dynamic model. I don't really expect it to get anywhere, but at least we'll have it around the next time someone starts realizing that static accessibility is complete junk. Randy. P.S. Although it is not completely clear from the Standard, Ada has two virtually separate sets of definitions for static accessibility and "dynamic" accessibility (the latter is called just plain "accessibility" to add to the confusion). It's the static model that is such a mess; the dynamic model is just fine. Randy.