From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7348b9598602fc10 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.219.170 with SMTP id pp10mr4770622pbc.1.1340396583869; Fri, 22 Jun 2012 13:23:03 -0700 (PDT) MIME-Version: 1.0 Path: l9ni8048pbj.0!nntp.google.com!news2.google.com!feed-C.news.volia.net!volia.net!news2.volia.net!feed-A.news.volia.net!news.ecp.fr!news.jacob-sparre.dk!munin.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Limited_Controlled and out parameters Date: Fri, 22 Jun 2012 15:22:57 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <544352ec-9d9e-4f08-8629-50ef394ab846@googlegroups.com> <08532996-7c1f-4521-b1fc-41a03e26fcce@googlegroups.com> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1340396582 11579 69.95.181.76 (22 Jun 2012 20:23:02 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Fri, 22 Jun 2012 20:23:02 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-RFC2646: Format=Flowed; Original Date: 2012-06-22T15:22:57-05:00 List-Id: "Adam Beneschan" wrote in message news:08532996-7c1f-4521-b1fc-41a03e26fcce@googlegroups.com... ... > But Ada 95 introduced parameters that were required to be passed by > reference; > in those cases, I don't think they're "notionally uninitialized" any more. Actually, Ada 95 made a larger change (although a bit of it was already present in Ada 83): if the type of an Out parameter has explicit initialization, then it is *never* treated as uninitialized. That's necessary as Ada 95 allows Out parameters to be read (that wasn't true in Ada 83). See 6.4.1(12-15/3). The only time that the formal parameter is uninitialized is the "otherwise" branch of this wording. The OP's question is covered by 6.4.1(14): "For a composite type with discriminants or that has implicit initial values for any subcomponents (see 3.3.1), the behavior is as for an in out parameter passed by copy." Since his example includes a component with an access type, it is always included in this bullet, so the behavior of the parameter is the same for "in out" and "out". And thus it is safe and reasonable to check if the object is already in use. So, no, there is no definitional problem. As J-P notes, from the calleRs perspective, the situation might be different (and thus "out" still provides value in the contract), but inside a subprogram, "in out" and "out" are the same on the majority of composite types (including all of them that contain access components). Don't use that as an excuse to allow leaking. (And I agree, don't make these things limited unless you really must not allow assignment. It's not that hard to write a proper Adjust routine for a type like this one. "Limited poisoning" is a real problem in practice.) Randy.