Reference counting and idempotent finalize

[Natasha Kerensikova <lithiumcat@gmail.com>]

Hello,

I have recently reinvented the reference counted wheel, and been told
that I got it all wrong because Finalize must be idempotent. However I
already diffusely knew that, though I cannot remember from where it
comes or whether I thought of it as a hard requirement or only as a good
practice (the difference is hard to tell when such a rule is
internalized).

Anyway, my naive implementation looks like that:

   procedure Finalize (Self : in out Reference) is
   begin
      Release (Self.Access_Value);
   end Finalize;

   procedure Release (Access_Value : in out Access_To_Actual_Data) is
   begin
      if Access_Value /= null then
        Access_Value.all.Counter := Access_Value.all.Counter - 1;

        if Access_Value.all.Counter = 0 then
           Unchecked_Deallocation_Instance (Access_Value);
        else
           Access_Value := null;
        end if;
     end if;
   end Release;

For the reference, I used explicit dereference because in the real code
the parameter is not called Access_Value and is not obviously an access,
so I thought it clearer that way. And the procedure Release is used
because Finalize feels "special" so I don't want to call it myself.

As far as I can see, Access_Value = null could be post condition for
Release, and unless the code flow is interrupted by an exception, that
looks extremely idempotent to me. Am I missing something here?

I neglected the possibility of exceptional flow interruption because I
felt that an exception in Finalize triggers the end of the world (the
same way I've felt for a long time the idempotency requirement). Now
having done the research, 7.6.1(13) doesn't really mention the world
ending, that looks quite close to it, doesn't it?

Am I missing something on the exception part? Or is my implementation
good enough?


Thanks in advance for your help,
Natasha