From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Natasha Kerensikova <lithiumcat@instinctive.eu>
Newsgroups: comp.lang.ada
Subject: Re: How to declare a generic formal type "covered" by another?
Date: Fri, 2 May 2014 08:17:40 +0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <slrnlm6l53.i0l.lithiumcat@nat.rebma.instinctive.eu>
References: <slrnlm3rt4.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <ljsrvg$nbc$1@dont-email.me>
 <slrnlm3u5u.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <ljucjn$in$1@dont-email.me>
 <21e0e1f0-3fe4-4c5a-8e01-21691a0207f4@googlegroups.com>
Injection-Date: Fri, 2 May 2014 08:17:40 +0000 (UTC)
Injection-Info: mx05.eternal-september.org;
 posting-host="76a49b86bc3e16725b7cfca3d85cb4c8";
	logging-data="30332"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX19RkECOkb6SZ9L9X6VLdGkE"
User-Agent: slrn/1.0.1 (FreeBSD)
Cancel-Lock: sha1:qyCS/HS0nCG5iJKCfZ1I3EyZlrQ=
Xref: news.eternal-september.org comp.lang.ada:19641
Date: 2014-05-02T08:17:40+00:00
List-Id: <comp.lang.ada>

On 2014-05-02, AdaMagica <christ-usch.grein@t-online.de> wrote:
>> Most smart-pointer packages expose the access type; see, for example,
>>
>> http://www.oopweb.com/Ada/Documents/AdaLinux/Volume/18.html
>> http://www.adacore.com/adaanswers/gems/gem-97-reference-counting-in-ada-part-1/
>
> But exposing the access type is bad since pointes may easily outlive the object they point to.
>
> Let Get return the access value of the smart pointer P and let P be the only pointer to the object accessed. Let Q be another smart pointer.
>
>   declare
>     Obj: access Client_Data'Class := Get (P);
>   begin
>     My_Data (Obj.all).I := 2012;  -- No problem.
>     P := Q;                       -- Frees the original object,
>                                   -- because the reference count
>                                   -- is zero after this operation.
>     My_Data (Obj.all).I := 95;    -- Oops - writing freed memory!
>   end;
>
> See also:
>
> http://www.adacore.com/adaanswers/gems/gem-107-preventing-deallocation-for-reference-counted-types/

I have already read that gem, and used that mechanism in my generic
package.

Your text here show how exposing access *values* is bad, which I already
guessed, but it says nothing about the risks of exposing only the
internal access *type*, and involving access values only as input from
client, never to be seen again.

The only risk I identified in such a case is if the client stores an
access value it has provided to the reference-counting and subsequently
uses it.

Are there any other risk? Is there a way to mitigate them?