From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, REPLYTO_WITHOUT_TO_CC,WEIRD_QUOTING autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,3a7c118fd2cc64f9 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!feeder.news-service.com!94.75.214.39.MISMATCH!aioe.org!.POSTED!not-for-mail From: anon@att.net Newsgroups: comp.lang.ada Subject: Re: A hole in Ada type safety Date: Tue, 10 May 2011 06:27:44 +0000 (UTC) Organization: Aioe.org NNTP Server Message-ID: References: <87oc3odtci.fsf@mid.deneb.enyo.de> Reply-To: anon@anon.org NNTP-Posting-Host: WuRdBLppphFC6X7DGKqrWg.user.speranza.aioe.org X-Complaints-To: abuse@aioe.org X-Notice: Filtered by postfilter v. 0.8.2 X-Newsreader: IBM NewsReader/2 2.0 Xref: g2news1.google.com comp.lang.ada:19210 Date: 2011-05-10T06:27:44+00:00 List-Id: Better look again! Even though a compiler emulates the "Unchecked_Conversion" with a built-in "pragma inline" being enforced. The function still must be able to be written in Ada. That goes back to the origins of Ada and has not change. Plus, the function's source code can be inserted into a routine or re-named for use or testing of this routine. That is also apart of Ada. Any programmer should be able to simulated the Unchecked_Conversion function in Ada (non GNAT), such as: pragma Suppress ( All_Checks ) ; -- Ada 95/2005 Target_Object := Target ( Source_Object ) ; pragma Unsuppress ( All_Checks ) ; -- Ada 95/2005 Now, in Ada 83 there was no way to turn the checks back on after they were suppressed. The exception was to use a function where the scope of the suppressed checks would be limited to that function only, thus a reason for the creation of the generic "Unchecked_Conversion" function. The body of the "Unchecked_Conversion" function is: --------------------------------------- function Unchecked_Conversion ( S : Source ) return Target is -- Ada 83 a Suppress statement per check must be given -- pragma Suppress ( All_Checks ) ; begin -- This statement should compile because all checks have been -- turn off. Even without checks this routine must still comply -- with type conversion rules set in RM 4.6, which can limited -- or restriction the conversion. -- -- Starting with Ada 95 the semantic and expansion analysis -- must also, insure that the additional rules RM 13.9 -- ( 5 .. 10 ) are enforced. Since these rules can be derived -- from the legal rules for type conversion ( RM 4.6 ), these -- checks can be done in the while evaluating the type -- conversion expression. -- -- Ada 83, RM 13.10.2 ( 3 ) states the programmer is -- "responsibility to ensure that these conversions maintain -- the properties that are guaranteed by the language for -- objects of the target type." But the vendor can set -- restrictions. -- return Target ( S ) ; end Unchecked_Conversion ; --------------------------------------- Now in Ada 2005, RM 7.5 (1/2) states that a routine can not just copy a "limited private" object. RM 6.5 (5.1/2, 5.c/2 ) states that if the target is limited the function "must produce a ""new"" object" instead of just copying the object. Aka the "Unchecked_Conversion" which is a generic function is no longer just an inlined expression that is just a type conversions with all checks being disable. The function must now return a "new" object RM 6.5 (5.5/2, 5.c/2 ), by first requesting an new object from the Target's storage pool and then copying the Source data to that new object. So, in Ada 2005 the "Unchecked_Conversion" must be handled as a true generic function with a true return, instead of a built-in inline expression. But GNAT still just performs a simple copy. So, is GNAT or the RM or is the generic "Unchecked_Conversion" function in error? In , Simon Wright writes: >anon@att.net writes: > >> Your two programs has pointed out a puzzle in the RM-2005. And that is >> does the definition of the standard Generic package Unchecked_Conversion >> violate the RM (6.5/(5.5/2). > >"I beseech you, in the bowels of Christ, think it possible that you may > be mistaken." > O. Cromwell, 1650.