From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,f0be8eebb2993001 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!proxad.net!feeder1-2.proxad.net!news.in2p3.fr!in2p3.fr!news.ecp.fr!news.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Ada 2012 : aliased parameters ? Date: Tue, 29 Mar 2011 19:09:47 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1301443791 12510 69.95.181.76 (30 Mar 2011 00:09:51 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Wed, 30 Mar 2011 00:09:51 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931 Xref: g2news1.google.com comp.lang.ada:18593 Date: 2011-03-29T19:09:47-05:00 List-Id: "Maciej Sobczak" wrote in message news:f0c752a7-993e-4cee-addc-ff748a1fe10d@f18g2000yqd.googlegroups.com... On 29 Mar, 05:16, "Randy Brukardt" wrote: >> The motivating case is to make the containers better. Ada 2012 adds the >> following to all of the containers: >> >> function Reference (Container : aliased in out Vector; Position : in >> Cursor) >> return Reference_Type; >Out of curiosity - is it possible to leak the reference this way? I >mean - is it possible for the caller to make a copy of returned >reference and store it arbitrarily long? No, because the attempt to make the copy will fail the accessibility check. Specifically, the access discriminant has the lifetime of the containing object. So if the object is short-lived (as most return objects are), the access discriminant cannot be assigned into anything that lives longer. OTOH, if the object is long-lived, there is no problem, because as long as the object lives, attempting to add or remove elements from the container is not allowed and must raise Program_Error. There is are a couple of small holes that occur by using Unchecked_Deallocation, but no one is going to do that by accident, and if there is any sort of management (or sense) on a project, the end-around will be easily detected. >Note that the "copy" might not be obvious, as in: > >declare > My_Element : Vector_Type.Reference_Type renames > My_Vector.Reference (My_Cursor); >begin > My_Element.Comp := 10; > My_Element.Other_Comp := 3.14; >end; This isn't a leak, because the Reference object has to continue to exist until the renames goes away (and thus the reference). Instead, My_Vector is locked against "tampering" so long as that object exists. So any attempt to delete this element in this block body will raise Program_Error. >The C++ equivalent of this is both a fantastic performance feature and >a deadly security hole. How is this solved in Ada? See above. Randy.