From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,f0be8eebb2993001 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!feeder.news-service.com!feeder2.cambriumusenet.nl!feed.tweaknews.nl!138.195.8.3.MISMATCH!news.ecp.fr!news.jacob-sparre.dk!pnx.dk!jacob-sparre.dk!ada-dk.org!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Ada 2012 : aliased parameters ? Date: Sat, 30 Apr 2011 18:46:57 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <87aafgerez.fsf@mid.deneb.enyo.de> <87mxjaf99i.fsf@mid.deneb.enyo.de> <87y62ra8uz.fsf@mid.deneb.enyo.de> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1304207221 12962 69.95.181.76 (30 Apr 2011 23:47:01 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Sat, 30 Apr 2011 23:47:01 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931 X-RFC2646: Format=Flowed; Original Xref: g2news1.google.com comp.lang.ada:19107 Date: 2011-04-30T18:46:57-05:00 List-Id: "Florian Weimer" wrote in message news:87y62ra8uz.fsf@mid.deneb.enyo.de... ... >> The advantage of the aliased parameters is that they eliminate the >> runtime >> checks by forcing the checks to the call site (where they can be >> statically >> made 99% of the time). > > I'm wondering if it is necessary that the returned limited record is > controlled, so that a reference counter can be incremented and later > decremented to ensure that the access discriminant does not become > dangling. That would make the whole thing a bit clumsy to use, and > come with quite a bit of run-time overhead. It's not required, but that is the way it will be used in the containers (so that the tampering check can apply only so long as the access exists). One hopes that compilers will work to minimize the overhead in this case (the non-list finalization implementation that GNAT is supposedly getting will be ideal for such cases). >> The intent is that it is impossible to create a dangling pointer if no >> unchecked programming is used. (Unchecked_Deallocation, >> 'Unchecked_Access, >> Unchecked_Conversion, Address_to_Access_Conversions, abuse of >> Unchecked_Unions, etc.) That goes for all access types (not just >> anonymous >> ones). The problem, of course, is that it is impractical to do much >> without >> using one of those things. (I've only succeeded in using 'Access once in >> one >> of my programs; in all other cases I had to use 'Unchecked_Access.) > > Anonymous access types seem to help quite a bit. I use 'Access for > access discriminants, creating proxies, to fake the in-out parameter > mode for functions, and on locally defined callback functions. Well, of course for "in out", just use that if you are using Ada 2012 -- no need to fake it. The other uses of course will remain. >> (Personally, I prefer to hide pointers as much as possible, as in >> the container cursors, so that dangling pointer detection becomes >> much more possible, and their creation becomes less likely.) > > And implicit deference could make them even safer to use. Exactly. And more convinient, too. I would like to see containers use to be as easy as using access types; if that is true, then there is little reason to use the less safe access types to create lists and trees (and maps and sets). There always will be cases not covered by containers or where performance needs are ultra-critical -- but those should be the unusual cases. Ada 2012 definitely moves us closer to that goal. Randy.