Re: Ada 2012 : aliased parameters ?

comp.lang.ada
 help / color / mirror / Atom feed

From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Ada 2012 : aliased parameters ?
Date: Tue, 29 Mar 2011 19:09:47 -0500
Date: 2011-03-29T19:09:47-05:00	[thread overview]
Message-ID: <imtscf$c6u$1@munin.nbi.dk> (raw)
In-Reply-To: f0c752a7-993e-4cee-addc-ff748a1fe10d@f18g2000yqd.googlegroups.com

"Maciej Sobczak" <see.my.homepage@gmail.com> wrote in message 
news:f0c752a7-993e-4cee-addc-ff748a1fe10d@f18g2000yqd.googlegroups.com...
On 29 Mar, 05:16, "Randy Brukardt" <ra...@rrsoftware.com> wrote:

>> The motivating case is to make the containers better. Ada 2012 adds the
>> following to all of the containers:
>>
>> function Reference (Container : aliased in out Vector; Position : in
>> Cursor)
>> return Reference_Type;

>Out of curiosity - is it possible to leak the reference this way? I
>mean - is it possible for the caller to make a copy of returned
>reference and store it arbitrarily long?

No, because the attempt to make the copy will fail the accessibility check.

Specifically, the access discriminant has the lifetime of the containing 
object. So if the object is short-lived (as most return objects are), the 
access discriminant cannot be assigned into anything that lives longer. 
OTOH, if the object is long-lived, there is no problem, because as long as 
the object lives, attempting to add or remove elements from the container is 
not allowed and must raise Program_Error.

There is are a couple of small holes that occur by using 
Unchecked_Deallocation, but no one is going to do that by accident, and if 
there is any sort of management (or sense) on a project, the end-around will 
be easily detected.

>Note that the "copy" might not be obvious, as in:
>
>declare
>   My_Element : Vector_Type.Reference_Type renames
>     My_Vector.Reference (My_Cursor);
>begin
>   My_Element.Comp := 10;
>   My_Element.Other_Comp := 3.14;
>end;

This isn't a leak, because the Reference object has to continue to exist 
until the renames goes away (and thus the reference). Instead, My_Vector is 
locked against "tampering" so long as that object exists. So any attempt to 
delete this element in this block body will raise Program_Error.

>The C++ equivalent of this is both a fantastic performance feature and
>a deadly security hole. How is this solved in Ada?

See above.
                    Randy.

next prev parent reply	other threads:[~2011-03-30  0:09 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-03-28 11:47 Ada 2012 : aliased parameters ? Yannick Duchêne (Hibou57)
2011-03-28 11:56 ` Dmitry A. Kazakov
2011-03-29  3:04   ` Randy Brukardt
2011-03-28 11:56 ` AdaMagica
2011-03-29 18:22   ` Florian Weimer
2011-03-29 18:34     ` Shark8
2011-03-29 19:35       ` Florian Weimer
2011-03-30  0:12     ` Randy Brukardt
2011-03-29  3:16 ` Randy Brukardt
2011-03-29  7:34   ` Maciej Sobczak
2011-03-30  0:09     ` Randy Brukardt [this message]
2011-03-30 19:44       ` Randy Brukardt
2011-04-23 18:47   ` Florian Weimer
2011-04-25  7:19     ` Randy Brukardt
2011-04-28 19:47       ` Florian Weimer
2011-04-28 23:54         ` Randy Brukardt
2011-04-30 18:32           ` Florian Weimer
2011-04-30 23:46             ` Randy Brukardt

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox