Re: Rust's temporal safety for Ada/SPARK

["Jeffrey R. Carter" <spam.jrcarter.not@spam.not.acm.org>]

On 05/14/2017 09:59 PM, Niklas Holsti wrote:
>
> "Well designed" is of course subjective. The container library has made it
> practical to avoid access types in the application code, but then there are
> other potential run-time problems, such as "tampering" with the containers,
> which require run-time checks (and which are to some extent consequences of the
> use of access types within the container library).

I'm pretty sure the "tampering" restrictions in the containers have nothing to 
do with possible implementations (which need not even be in Ada), and everything 
to do with maintaining the integrity of the structures. They're intended to 
ensure that an ordered container doesn't have an element out of order, or a 
hashed container, one with a different hash than its bin.

> I find it difficult to agree with that "overwhelming", at least if one includes
> the access types used under the covers in the container library.

There's nothing about using the containers that requires the user to write 
"access", so clearly they should not be included.

One might want to use 'access to pass a subprogram as an anonymous 
access-to-subprogram parameter of a container operation, but since such things 
can't be assigned and can't be freed, they're not really access types, but 
rather a strange syntax for limited subprogram types.

-- 
Jeff Carter
"Strange women lying in ponds distributing swords
is no basis for a system of government."
Monty Python & the Holy Grail
66