Re: A hole in Ada type safety

[anon@att.net]

The RM 13.9 (3) defines the Unchecked_Conversion function with

    pragma Convention ( Intrinsic, Ada.Unchecked_Conversion ) ;

Intrinsic is built-in" and RM C.1 ( 10 ) implies inlining to reduce 
overhead of this function and RM 13.8 ( 15 ) helps reduces the code 
to that of an inline Machine Code Insertions.


Proof basically come from RM 6.3.1 ( 4 ), RM 13.9 ( 15 ) and 
C.1 ( 10 ).

RM 6.3.1 Conformance Rules 
   
    4  "The Intrinsic calling convention represents subprograms that 
       are ``built in'' to the compiler." ...

RM 13.9 Unchecked Type Conversions

  15   The implementation should not generate unnecessary run-time 
       checks to ensure that the representation of S is a 
       representation of the target type. It should take advantage of 
       the permission to return by reference when possible.  
       Restrictions on unchecked conversions should be avoided unless
       required by the target environment.

RM C.1 Access to Machine Operations

  10   "The implementation should ensure that little or no overhead 
       is associated with calling intrinsic and machine-code 
       subprograms"



Associative RMs  

RM 13.8 Machine Code Insertions

  11   "(17) Intrinsic subprograms (see 6.3.1, ``Conformance Rules'') 
       can also be used to achieve machine code insertions." ...

RM C.1 Access to Machine Operations

   6   "The implementation shall document the overhead associated 
        with calling machine-code or intrinsic subprograms, as 
        compared to a fully-inlined call, and to a regular 
        out-of-line call."



Now in Ada 2005, RM 7.5 (1/2) states that a routine can not just copy
a "limited private" object. RM 6.5 (5.1/2, 5.c/2 ) states that if 
the target is limited the function "must produce a ""new"" object" 
instead of just copying the object.

Aka the "Unchecked_Conversion" which is a generic function is no 
longer just an inlined expression that is just a type conversions 
with all checks being disable. The function must now return a "new" 
object RM 6.5 (5.5/2, 5.c/2 ), by first requesting an new object 
from the Target's storage pool and then copying the Source data to 
that new object. So, in Ada 2005 the "Unchecked_Conversion" must be 
handled as a true generic function with a true return, instead of a 
built-in inline expression.

But GNAT still just performs a simple copy. So, is GNAT or the RM 
or is the generic "Unchecked_Conversion" function in error?


In <715a5498-095c-4e61-8a09-8510c19b2553@s16g2000prf.googlegroups.com>, Adam Beneschan <adam@irvine.com> writes:
>On May 9, 11:27=A0pm, a...@att.net wrote:
>> Better look again!
>>
>> Even though a compiler emulates the "Unchecked_Conversion" with a built-i=
>n
>> "pragma inline" being enforced. =A0The function still must be able to be
>> written in Ada.
>
>No, it doesn't.  Show me a rule in the RM that says it does.  You
>can't.  There isn't one.
>
>                           -- Adam