Re: Limited_Controlled and out parameters

["Randy Brukardt" <randy@rrsoftware.com>]

"Adam Beneschan" <adam@irvine.com> wrote in message 
news:08532996-7c1f-4521-b1fc-41a03e26fcce@googlegroups.com...
...
> But Ada 95 introduced parameters that were required to be passed by 
> reference;
> in those cases, I don't think they're "notionally uninitialized" any more.

Actually, Ada 95 made a larger change (although a bit of it was already 
present in Ada 83): if the type of an Out parameter has explicit 
initialization, then it is *never* treated as uninitialized.  That's 
necessary as Ada 95 allows Out parameters to be read (that wasn't true in 
Ada 83). See 6.4.1(12-15/3). The only time that the formal parameter is 
uninitialized is the "otherwise" branch of this wording.

The OP's question is covered by 6.4.1(14): "For a composite type with 
discriminants or that has implicit initial values for any subcomponents (see 
3.3.1), the behavior is as for an in out parameter passed by copy."

Since his example includes a component with an access type, it is always 
included in this bullet, so the behavior of the parameter is the same for 
"in out" and "out". And thus it is safe and reasonable to check if the 
object is already in use.

So, no, there is no definitional problem. As J-P notes, from the calleRs 
perspective, the situation might be different (and thus "out" still provides 
value in the contract), but inside a subprogram, "in out" and "out" are the 
same on the majority of composite types (including all of them that contain 
access components). Don't use that as an excuse to allow leaking.

(And I agree, don't make these things limited unless you really must not 
allow assignment. It's not that hard to write a proper Adjust routine for a 
type like this one. "Limited poisoning" is a real problem in practice.)

                                               Randy.