From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!reality.xs3.de!news.jacob-sparre.dk!loke.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Accessibility checks Date: Wed, 17 Jul 2013 18:44:30 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <87mwplvthn.fsf@mid.deneb.enyo.de> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: loke.gir.dk 1374104671 4851 69.95.181.76 (17 Jul 2013 23:44:31 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Wed, 17 Jul 2013 23:44:31 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Response X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Xref: news.eternal-september.org comp.lang.ada:16402 Date: 2013-07-17T18:44:30-05:00 List-Id: "Jeffrey Carter" wrote in message news:ks718g$aim$2@dont-email.me... > On 07/17/2013 01:09 PM, Florian Weimer wrote: >> One thing in Ada I could never quite grasp where the accessiblity >> checks. I haven't seen much Ada code, and personally, I didn't have >> much need for nested access types anyway. If I have used them, they >> were still potentially unsafe due to aliasing or calls to >> Unchecked_Deallocation in neighboring code. >> >> So what's the point for this language feature? It seems to add quite >> a bit of complexity to the language. > > Ada 83 didn't have these checks, and had only named access types that > could only designate objects created by an allocator ("new"). > > Accessibility rules were introduced in Ada 95, along with general access > types (declared with "all") that can access objects allocated on the > stack, the 'Access and 'Unchecked_Access attributes, and anonymous access > types in the forms of access parameters and access discriminants. > > Anonymous types are a Bad Idea, and anonymous access types are a Very Bad > Idea. The language would be better off without them. > > Brukardt, ARG member and editor of the ARM, claims that 'Access never > works and 'Unchecked_Access is always required, bypassing the > accessibility checks. While this is not entirely true, it's quite common > that one must use 'Unchecked_Access, so we could do without these rules > and checks in the majority of cases. That's not entirely true: I did find one (and only one) instance where I was able to use 'Access in my code (it had to do with a library-level initialization). But for the most part, accessibility gets in the way more than it helps anything. It does prevent some gross errors, but that's about it. The dynamic checks are actually better, but that assumes that they're implemented properly, and that has some distributed overhead. The biggest advantage of the accessibility checks is that they taught us (the ARG) what not to do. :-) When we designed anti-aliasing rules for Ada 2012, one of the big concerns was that they wouldn't turn into accessibility checks. So we only make checks in cases where it's obvious that there is something dubious going on, and there is no attempt at completeness. It would be tempting to dump the entire accessibility mess into trash, but the only alternative is erroneousness, which is too awful to contemplate. Randy.