Re: Reference counting and idempotent finalize

["Jeffrey R. Carter" <spam.jrcarter.not@spam.acm.org>]

On 09/11/2013 10:05 PM, Natasha Kerensikova wrote:
>
> If Counter is already zero, a range check fails, an exception is
> propagated, and the world ends.
>
> A negative value of Counter would mean something is seriously wrong with
> the compiler or the memory has been corrupted. If I can't trust a
> variable to be within the range defined for its type, I probably can't
> trust the system to perform any meaningful computation.

I check to ensure that the exception doesn't occur not because I don't trust the compiler, or even memory, but to 
protect against future, incorrect modifications, which I have encountered often enough in the past to worry about. This 
is why my code often checks a Natural for "<= 0", even though that can't happen; it's a habit I developed over 30 yrs 
ago in inferior languages.

> I genuinely don't see any difference between this and my code, except
> for my range check (but if it fails I do want the world to end), and
> that you cover the possibility of Unchecked_Deallocation not setting the
> access to null. Is this really possible?

No. The postcondition for UD is "X = null", and the 1st Ada compiler I used apparently implemented UD as "begin X := 
null; end;". In my case, this is another unnecessarily defensive idiom. The postcondition for Finalize is "Item.Ptr = 
null" and I make sure of that, even if UD misbehaves. Your version could leave Self.Access_Value non-null if the 
decrement fails. In practice they're the same; in theory, not.

-- 
Jeff Carter
"Now go away or I shall taunt you a second time."
Monty Python and the Holy Grail

--- news://freenews.netfront.net/ - complaints: news@netfront.net ---