Re: How to declare a generic formal type "covered" by another?

[Natasha Kerensikova <lithiumcat@instinctive.eu>]

On 2014-05-02, AdaMagica <christ-usch.grein@t-online.de> wrote:
>> Most smart-pointer packages expose the access type; see, for example,
>>
>> http://www.oopweb.com/Ada/Documents/AdaLinux/Volume/18.html
>> http://www.adacore.com/adaanswers/gems/gem-97-reference-counting-in-ada-part-1/
>
> But exposing the access type is bad since pointes may easily outlive the object they point to.
>
> Let Get return the access value of the smart pointer P and let P be the only pointer to the object accessed. Let Q be another smart pointer.
>
>   declare
>     Obj: access Client_Data'Class := Get (P);
>   begin
>     My_Data (Obj.all).I := 2012;  -- No problem.
>     P := Q;                       -- Frees the original object,
>                                   -- because the reference count
>                                   -- is zero after this operation.
>     My_Data (Obj.all).I := 95;    -- Oops - writing freed memory!
>   end;
>
> See also:
>
> http://www.adacore.com/adaanswers/gems/gem-107-preventing-deallocation-for-reference-counted-types/

I have already read that gem, and used that mechanism in my generic
package.

Your text here show how exposing access *values* is bad, which I already
guessed, but it says nothing about the risks of exposing only the
internal access *type*, and involving access values only as input from
client, never to be seen again.

The only risk I identified in such a case is if the client stores an
access value it has provided to the reference-counting and subsequently
uses it.

Are there any other risk? Is there a way to mitigate them?