From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,5dacec64c8c879fa X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.213.68 with SMTP id nq4mr2629904pbc.2.1328836743578; Thu, 09 Feb 2012 17:19:03 -0800 (PST) MIME-Version: 1.0 Path: wr5ni6848pbc.0!nntp.google.com!news2.google.com!volia.net!news2.volia.net!feed-A.news.volia.net!news.ecp.fr!news.jacob-sparre.dk!pnx.dk!jacob-sparre.dk!ada-dk.org!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Preventing Unchecked_Deallocation? Date: Thu, 9 Feb 2012 19:18:59 -0600 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <33a35da4-6c3e-4ab4-b58f-a9d73565d79a@t30g2000vbx.googlegroups.com> <5d25ffd0-a73e-48c6-aac1-d5e3b00c4e0a@l1g2000vbc.googlegroups.com> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1328836742 17417 69.95.181.76 (10 Feb 2012 01:19:02 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Fri, 10 Feb 2012 01:19:02 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Date: 2012-02-09T19:18:59-06:00 List-Id: "Maciej Sobczak" wrote in message news:5d25ffd0-a73e-48c6-aac1-d5e3b00c4e0a@l1g2000vbc.googlegroups.com... > On 9 Lut, 03:57, "Randy Brukardt" wrote: > >> > The smart user will define his own access types and will make pointers >> > from your objects at the nearest opportunity and there's lots of them >> > if the type in question is, for example, tagged. >> >> There is absolutely no *requirement* to use access types with tagged >> types. > > Tagged types are aliased, which allows to obtain access values from > their objects, now there is only one step to > Unchecked_Deallocation. :-) > > And this is what I had in mind - it is not possible to completely > defend against stupidity and if the user really wants, he will > deallocate his own pointers to your own objects, even if you have no > access types in your package specs. > > Putting it in other words: make something idiot proof and somebody > will invent better idiots. Well, as I said, a library needs to expect the objects it exports to disappear at any time. If that's done (often that means the objects have to be controlled, so they can be removed from internal data structures before they're gone), then the client can deallocate to their heart's content without damaging the the library. (Remember, Ada finalizes when Unchecked_Deallocation is called. Same if you use the new subpool mechanisms, or containers, or static allocation.) We took this approach in Claw, simply because I didn't relish having to explain to users that their "bug" was caused by their misuse of the library. So we tried to "idiot-proof" it as much as possible. You're of course right that there always is a bigger idiot out there, but nothing semi-reasonable should be crashing reusable libraries. (One-time use things is a different story, but be careful - a lot of one-time use things tend to stick around for a long time.) Randy.