From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,b2dd3ff35d68d825 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-04-09 13:19:02 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.icl.net!newsfeed.fjserv.net!skynet.be!skynet.be!fu-berlin.de!uni-berlin.de!82-43-33-254.cable.ubr01.croy.blueyonder.co.UK!not-for-mail From: Nick Roberts Newsgroups: comp.lang.ada Subject: Re: Unchecked_Deallocation subtleties Date: Wed, 09 Apr 2003 21:19:06 +0100 Organization: ThoughtWing Computer Software Message-ID: References: <87smssj94u.fsf@inf.enst.fr> <3E94502E.6070108@cogeco.ca> NNTP-Posting-Host: 82-43-33-254.cable.ubr01.croy.blueyonder.co.uk (82.43.33.254) Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15; format=flowed X-Trace: fu-berlin.de 1049919540 7106755 82.43.33.254 (16 [25716]) In-Reply-To: <3E94502E.6070108@cogeco.ca> User-Agent: Opera7.03/Win32 M2 build 2670 Xref: archiver1.google.com comp.lang.ada:36031 Date: 2003-04-09T21:19:06+01:00 List-Id: On Wed, 09 Apr 2003 12:54:06 -0400, Warren W. Gay VE3WWG wrote: [that an instance of Unchecked_Deallocation (e.g. 'Free') permits the access value passed to it to be null] > > I have always believed that this type of "permissiveness" is > bad. If the caller knew in advance that there was nothing to > free, then Free(X) would never be called in the first place. > To me, this (when X is null) should raise an exception since > it represents an unintended operation or state of the access > type [value?]. > > It appears that a concession has been made to lazy > programmers so that they can avoid the necessary if > statements, such as: > > if X /= null then > Free(X); > end if; To be fair to the designers of Ada (83), I suspect that upon deep deliberation they found that the behaviour specified (a null value is permitted, and does nothing) could not sensibly be avoided. I'll try to explain why. Consider the following example skeleton piece of code: declare X: Some_Access_Type; begin ... -- [1] Y := X.all; -- [2] last use of X ... -- [3] Free(X); -- [4] end; Although it may be that no compiler would (or even could) do so in practice, other rules in the ARM made it theoretically possible for the implementation to automatically reclaim the storage occupied by whatever X pointed to (assuming no other access value pointed to it) at any point in the elided code section [3]. If this were to occur, the implementation would be within its rights to set X to null at the same time. Thus X could legitimately be null by the time it gets to [4]. In practice this would be found to be a general situation. So, not permitting Free to simply ignore a null value would theoretically have condemned every and any call to Free to have the explicit test for a null value, and I'm sure that the Ada ('Green') design team didn't fancy that idea. -- Nick Roberts Jabber: debater@charente.de [ICQ: 159718630]