From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: "Jeffrey R. Carter" <spam.jrcarter.not@spam.not.acm.org>
Newsgroups: comp.lang.ada
Subject: Re: Reference counter in smart pointers are not updated properly when
 used by multiple tasks
Date: Thu, 1 Feb 2018 15:48:08 +0100
Organization: Also freenews.netfront.net; news.tornevall.net;
 news.eternal-september.org
Message-ID: <p4v9b8$8o1$1@dont-email.me>
References: <a89d76e4-a2b2-4ad9-8816-f3bfe9686930@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 1 Feb 2018 14:48:09 -0000 (UTC)
Injection-Info: reader02.eternal-september.org;
 posting-host="d00a48bca5dfe0f5f0b7287eda11020b";
	logging-data="8961"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX19ck95CwONc3lDEZl63JPME0nlin5sD1PQ="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
In-Reply-To: <a89d76e4-a2b2-4ad9-8816-f3bfe9686930@googlegroups.com>
Content-Language: en-US
Cancel-Lock: sha1:EgnZQoI35ZgCujFOln2XfwSajGs=
Xref: reader02.eternal-september.org comp.lang.ada:50249
Date: 2018-02-01T15:48:08+01:00
List-Id: <comp.lang.ada>

The referenced code has a library-level generic package Orka.Smart_Pointers with 
the public declaration

type Free_Ptr is not null access procedure (Value : in out Object_Type);

The body of the generic pkg has

    procedure Set
      (Object : in out Abstract_Pointer;
       Value  : Object_Type;
       Free   : not null access procedure (Value : in out Object_Type))
    is
       Procedure_Free : constant Free_Ptr := Free;
    begin
       if Object.Data /= null then
          --  Decrement old reference count
          Finalize (Object);
       end if;

       Object.Data := new Data_Record'(Object => Value, Free => Procedure_Free, 
References => <>);
    end Set;

    overriding
    procedure Finalize (Object : in out Abstract_Pointer) is
       Result : Natural;
    begin
       if Object.Data /= null then
          if Object.Data.References.Count = 0 then
             --  This exception is raised if the Future slot is released too early
             raise Program_Error;
          end if;
          Object.Data.References.Decrement (Result);
          if Result = 0 then
             Object.Data.Free (Object.Data.Object);
             Free (Object.Data);
          end if;
       end if;

       --  Idempotence: next call to Finalize has no effect
       Object.Data := null;
    end Finalize;

Set's parameter Free is an anonymous access-to-subprogram parameter; one is not 
supposed to be able to assign those and call them later, but that is exactly 
what this code does. Is this code legal? GNAT compiles it fine. If it is legal, 
should it be?

-- 
Jeff Carter
"My mind is aglow with whirling, transient nodes of
thought, careening through a cosmic vapor of invention."
Blazing Saddles
85