From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD,
	FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4
Path: 
 border1.nntp.ams3.giganews.com!border2.nntp.ams3.giganews.com!border2.nntp.ams2.giganews.com!border4.nntp.ams.giganews.com!border2.nntp.ams.giganews.com!nntp.giganews.com!eternal-september.org!feeder.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Natasha Kerensikova <lithiumcat@gmail.com>
Newsgroups: comp.lang.ada
Subject: Re: Reference counting and idempotent finalize
Date: Thu, 12 Sep 2013 05:05:27 +0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <slrnl32is7.1lme.lithiumcat@sigil.instinctive.eu>
References: <slrnl30ie3.1lme.lithiumcat@sigil.instinctive.eu>
 <l0pn8q$rih$1@adenine.netfront.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 12 Sep 2013 05:05:27 +0000 (UTC)
Injection-Info: mx05.eternal-september.org;
 posting-host="31d6bde745a337034b005384ef225743";
 logging-data="25524"; mail-complaints-to="abuse@eternal-september.org";
 posting-account="U2FsdGVkX1/qdigDO7SmPPLmNBuoWPGq"
User-Agent: slrn/0.9.9p1 (FreeBSD)
Cancel-Lock: sha1:1jWzkL3CjQDKkRb3qEgj8yqPwN0=
X-Original-Bytes: 2207
Date: 2013-09-12T05:05:27+00:00
List-Id: <comp.lang.ada>

On 2013-09-11, Jeffrey R. Carter <spam.jrcarter.not@spam.acm.org> wrote:
> On 09/11/2013 03:45 AM, Natasha Kerensikova wrote:
>>          Access_Value.all.Counter := Access_Value.all.Counter - 1;
>
> What happens if Counter is already zero? Can Counter become negative,
> and if so, what does it mean for Counter to be negative?

If Counter is already zero, a range check fails, an exception is
propagated, and the world ends.

A negative value of Counter would mean something is seriously wrong with
the compiler or the memory has been corrupted. If I can't trust a
variable to be within the range defined for its type, I probably can't
trust the system to perform any meaningful computation.

> FWIW, Finalize from PragmARC.Safe_Pointers looks like
>
>     [...]

I genuinely don't see any difference between this and my code, except
for my range check (but if it fails I do want the world to end), and
that you cover the possibility of Unchecked_Deallocation not setting the
access to null. Is this really possible?