Re: A hole in Ada type safety

["Randy Brukardt" <randy@rrsoftware.com>]

<anon@att.net> wrote in message news:iqes6i$18g$1@speranza.aioe.org...
> The RM 13.9 (3) defines the Unchecked_Conversion function with
>
>    pragma Convention ( Intrinsic, Ada.Unchecked_Conversion ) ;
>
> Intrinsic is built-in" and RM C.1 ( 10 ) implies inlining to reduce
> overhead of this function and RM 13.8 ( 15 ) helps reduces the code
> to that of an inline Machine Code Insertions.
>
>
> Proof basically come from RM 6.3.1 ( 4 ), RM 13.9 ( 15 ) and
> C.1 ( 10 ).
>
> RM 6.3.1 Conformance Rules
>
>    4  "The Intrinsic calling convention represents subprograms that
>       are ``built in'' to the compiler." ...
>
> RM 13.9 Unchecked Type Conversions
>
>  15   The implementation should not generate unnecessary run-time
>       checks to ensure that the representation of S is a
>       representation of the target type. It should take advantage of
>       the permission to return by reference when possible.
>       Restrictions on unchecked conversions should be avoided unless
>       required by the target environment.
>
> RM C.1 Access to Machine Operations
>
>  10   "The implementation should ensure that little or no overhead
>       is associated with calling intrinsic and machine-code
>       subprograms"
>
>
>
> Associative RMs
>
> RM 13.8 Machine Code Insertions
>
>  11   "(17) Intrinsic subprograms (see 6.3.1, ``Conformance Rules'')
>       can also be used to achieve machine code insertions." ...
>
> RM C.1 Access to Machine Operations
>
>   6   "The implementation shall document the overhead associated
>        with calling machine-code or intrinsic subprograms, as
>        compared to a fully-inlined call, and to a regular
>        out-of-line call."
>
>
>
> Now in Ada 2005, RM 7.5 (1/2) states that a routine can not just copy
> a "limited private" object. RM 6.5 (5.1/2, 5.c/2 ) states that if
> the target is limited the function "must produce a ""new"" object"
> instead of just copying the object.
>
> Aka the "Unchecked_Conversion" which is a generic function is no
> longer just an inlined expression that is just a type conversions
> with all checks being disable. The function must now return a "new"
> object RM 6.5 (5.5/2, 5.c/2 ), by first requesting an new object
> from the Target's storage pool and then copying the Source data to
> that new object. So, in Ada 2005 the "Unchecked_Conversion" must be
> handled as a true generic function with a true return, instead of a
> built-in inline expression.
>
> But GNAT still just performs a simple copy. So, is GNAT or the RM
> or is the generic "Unchecked_Conversion" function in error?

You, of course. :-) Your language-lawyering skills need some work.

13.9(12) (an implementation permission) says that an implementation can 
return the result of an unchecked_conversion "by reference". Especially note 
the second sentence of that rule, which explains the intent.

                            Randy.