Re: A question about private types

[Jeffrey Carter <spam.jrcarter.not@spam.not.acm.org>]

On 06/12/2014 08:03 AM, Mike H wrote:
>
> My instinct is that the package below is vulnerable to erroneous use
> because the "Address" component of "Cell_type" can be changed. I suspect
> that this vulnerability could be removed if "Grid_index_type" is made
> read only. I have attempted to make it a private type but it then
> becomes non-discrete and can no longer be used as a parameter in
> functions such as "Line_of".

There's no reason a function can't have a parameter of a private type.

>
>     type Grid_index_type is range 1 .. 81;
>
>     -- to simplify mapping in either direction each cell contains its own
>     -- (home) address within the grid
>     type Cell_type is
>        record
>           Address : Grid_index_type;  -- ========== vulnerable?
>           Data      : Cell_data;
>        end record;
>     type Grid_type is array (Grid_index_type) of Cell_type;

A private type can't be used as an array index as you're doing here, however. 
Perhaps that's really what you're complaining about.

Even if Grid_Index_Type were private, Address could still be changed.

Address would be harder to change if it were a discriminant:

type Cell_Type (Address: Grid_Index_Type := Some_Initial_Value) is record
     Data : Cell_Data;
end record;

The default is needed for Cell_Type to be definite and so usable as the 
component type of an array type. You can still change Address by assigning to 
the whole record.

If that's not good enough, I'd make Cell_Type limited private, and provide 
Address and Data functions and a Set procedure that takes a Cell_Data.

-- 
Jeff Carter
"My mind is a raging torrent, flooded with rivulets of
thought, cascading into a waterfall of creative alternatives."
Blazing Saddles
89