From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,24d7acf9b853aac8 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news2.google.com!news1.google.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!novia!news-out.readnews.com!transit4.readnews.com!teleglobe.net!newsgate.cuhk.edu.hk!news.netfront.net!not-for-mail From: Jeffrey Carter Newsgroups: comp.lang.ada Subject: Re: S-expression I/O in Ada Date: Wed, 25 Aug 2010 07:07:44 -0700 Organization: Netfront http://www.netfront.net/ Message-ID: References: <547afa6b-731e-475f-a7f2-eaefefb25861@k8g2000prh.googlegroups.com> NNTP-Posting-Host: 69.177.175.206 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: adenine.netfront.net 1282745265 95989 69.177.175.206 (25 Aug 2010 14:07:45 GMT) X-Complaints-To: news@netfront.net NNTP-Posting-Date: Wed, 25 Aug 2010 14:07:45 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6 In-Reply-To: X-Original-Bytes: 3985 Xref: g2news1.google.com comp.lang.ada:13728 Date: 2010-08-25T07:07:44-07:00 List-Id: On 08/25/2010 05:18 AM, Natasha Kerensikova wrote: > > However it is more about security. I guess it's a bad habit from C, but > I can't make a design or write some code without considering how it can > be abused. And I acknowledge the Ada compiler does a lot to free the > programmer from such considerations. Thinking about security is hardly a bad habit > The deep copy won't be a problem for all the real-life cases I've ever > encountered so far, which is still quite a decent amount. However it > requires only one specially-crafted input from a single attacker to > bring the system on its knees (well, honestly I don't know how much an > Ada deep copy costs, but I do know how much a memcpy() costs and I'm > sure Ada deep copy is not cheaper). I'm not sure what you mean by "the system". The attacker might be able to exhaust memory in your program, causing Storage_Error to be raised, but that probably won't affect the rest of the system, such as other programs or the OS. If you're writing OS code, it would be a concern, but a general, reusable package is probably not appropriate for such a use. > If the source is shorter than the destination, the destination is > partially filled an everything continues; if the destination is shorter, > an exception is raised. > > Should this kind of information be put as comments after the procedure > declaration? My questions were intended to point out information that the client needs from the package spec and you weren't providing. Comments after the subprogram declaration are a good and common way to provide this kind of information. You need to tell the client what exception the operation might raise. You might also want to look at Ada.Text_IO.Get_Line (Item : out String; Last : out Natural); to see how it handles similar cases (http://www.adaic.org/standards/05rm/html/RM-A-10-1.html) > >> What happens if Element isn't an Atom? >> >> What happens when Element isn't a List? > > Constraint_Error is raised, which felt like the right thing to do. At > first I used to explicitly check the node type, and explicitly raised the > exception, until I discovered that the compiler already does this when > casting the input Node'Class object into Atom or List. Again, I wasn't asking what the implementation does, but pointing out information the client needs the package spec to provide. The Ada term is "[type] conversion" (ARM 4.6), so we'd say "when converting the input ..." -- Jeff Carter "What I wouldn't give for a large sock with horse manure in it." Annie Hall 42 --- news://freenews.netfront.net/ - complaints: news@netfront.net ---