Re: Access parameters and accessibility

["Randy Brukardt" <randy@rrsoftware.com>]

"Robert A Duff" <bobduff@shell01.TheWorld.com> wrote in message 
news:wccwq5prd0n.fsf@shell01.TheWorld.com...
> "Randy Brukardt" <randy@rrsoftware.com> writes:
...
>> In the case of Timer, (a) no one ever uses this feature, and (b) I have 
>> no
>> idea why this just isn't
>>
>> type Timer (T : Ada.Task_Identification.Task_Id) is tagged limited 
>> private;
>
> Because Task_Id is a private type, and unfortunately you can't have
> discriminants of private type in Ada.

Ah yes, another language bug that we had to work around. I'm sure that by 
Ada 2045 discriminants will be allowed to be any type. ;-)

> But it if is actually used as an access type (with the access value being
>> copied somewhere), then you have trouble (with random Program_Errors and 
>> a
>> need to avoid passing local objects). It's possible in Ada 2012 to write 
>> a
>> precondition for this case, but of course that's not required (and surely 
>> is
>> not found in existing libraries), so the possibility doesn't help much.
>
> Not sure what you mean.  Could you show an example of such a
> precondition?

We extended membership checks to do accessibility checking in Ada 2005. (One 
of the things near the top of my ACATS priority list is to create a couple 
of tests for that feature.)

So if you have something like (stolen from Claw):

     type Any_Window_Type is access all Root_Window_Type'Class;

then you could write:

     procedure Show (Win : access Root_Window_Type; How : in 
Show_Window_Kind)
         with Pre => Win in Any_Window_Type;

and that will fail if Win is not convertable to Any_Window_Type, including 
accessibility. (See 4.5.2(30.3/4)). [I think we put this feature in in 
response to a comment/e-mail made by one Bob Duff. But it was a long time 
ago, so I might be wrong about that.]

The presence of such a precondition clearly shows that we're going to make 
an accessibility check in the body of the routine, and thus one had better 
not pass a local object. Of course if you just have:

     procedure Show (Win : access Root_Window_Type; How : in 
Show_Window_Kind);

you don't know that there isn't any conversion. Indeed, I don't know of any 
way to declare that no conversion happens (you can't really write that there 
are no restrictions). I suppose Pre => True sort of has that effect, if it's 
really meant and not just a short-hand for I-dunno!

Of course, the actual Claw specification is:
     procedure Show (Win : in Root_Window_Type; How : in Show_Window_Kind);
and we use 'Unchecked_Access and finalization to ensure that there's no 
dangling pointer problems for the conversion. Which is better still, IMHO 
(as no restrictions are needed).

                                            Randy.