From: "Alejandro R. Mosteo" <alejandro@mosteo.com>
Subject: Re: Adacore joins with Ferrous Systems to support Rust
Date: Sat, 12 Feb 2022 18:34:04 +0100 [thread overview]
Message-ID: <su8quj$qta$1@dont-email.me> (raw)
In-Reply-To: <su6d4g$1c8d$1@gioia.aioe.org>
I'm sorry if this pops up twice, something strange happened with my
first attempt.
On Fri, Feb 11, 2022 at 8:24 PM 'Luke A. Guest' wrote:
> So, you'd prefer, if Ada was designed now, it didn't do runtime check
(on pointers) and have compile-time checks?
I'd prefer that, as much as feasible, checks were moved (not removed!)
to compile-time, yes. I know there are efforts in this direction at
AdaCore to simplify the accessibility checks model.
> I'm more ashamed now of the whole anonymous pointers and
accessibility surprises in Ada.
I'm not sure what you mean here.
My problem with runtime checks (which are undoubtedly better than no
checks, sure), and in particular with accessibility checks, is that
sometimes you get a failure much later during testing. By that time,
understanding the problem may be 1) hard and 2) require painful
redesign. At compile-time you get to deal with the problem immediately.
This is something in which Rust and Ada share the sentiment: "if it
compiles, it works". So having something in another language found at
compile-time makes me want to have it also in Ada at compile-time. It
really spoils you against runtime checks. Much like I prefer the static
elaboration model in GNAT instead of the dynamic one.
Also there are times in Ada where static checks are false positives that
require some 'Unchecked_Access, and other times there is no failure yet
you're doing something wrong. I find these from time to time in pretty
obscure combinations not easy to provide a reproducer and frankly, I
hate it. I'm never sure if I'm at fault, the compiler is at fault, or
I've hit a corner case in the "heart of darkness". Nowadays I won't use
a pointer even if it means obscene underperformance, until the thing is
unavoidable.
There are also situations in which marking a parameter as aliased, even
if you know it is already by reference (a limited/tagged type), will
alter the things you can do with 'Access/'Unchecked_Access. There have
been a couple of recent posts about that. Even if it's my fault, I find
too hard to repeatably remember the finer details.
next prev parent reply other threads:[~2022-02-12 17:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 8:57 Adacore joins with Ferrous Systems to support Rust Paul Rubin
2022-02-02 13:04 ` Luke A. Guest
2022-02-02 15:29 ` Marius Amado-Alves
2022-02-02 16:36 ` Luke A. Guest
2022-02-04 17:51 ` Stephen Leake
2022-04-18 16:01 ` Rene
2022-02-02 20:07 ` G.B.
2022-02-03 23:29 ` John McCabe
2022-02-11 17:40 ` amo...@unizar.es
2022-02-11 19:24 ` Luke A. Guest
2022-02-12 17:34 ` Alejandro R. Mosteo [this message]
2022-02-12 5:22 ` John Perry
2022-02-12 10:08 ` Marius Amado-Alves
2022-02-12 18:24 ` Alejandro R. Mosteo
2022-02-13 8:10 ` J-P. Rosen
2022-02-14 23:25 ` Randy Brukardt
2022-02-15 4:29 ` Paul Rubin
2022-02-12 23:59 ` John Perry
2022-02-18 13:24 ` Kevin Chadwick
2022-02-02 20:06 ` Paul Rubin
2022-02-03 1:34 ` Luke A. Guest
2022-02-03 2:20 ` Paul Rubin
2022-02-03 2:52 ` Luke A. Guest
2022-02-03 4:22 ` Paul Rubin
2022-02-03 9:54 ` Björn Lundin
2022-02-04 3:38 ` Randy Brukardt
2022-02-04 5:19 ` Paul Rubin
2022-02-03 11:30 ` Simon Wright
2022-02-03 12:51 ` Luke A. Guest
2022-02-04 3:20 ` Randy Brukardt
2022-02-04 10:28 ` Luke A. Guest
2022-02-04 17:51 ` Andreas ZEURCHER
2022-02-05 4:31 ` Randy Brukardt
2022-02-02 16:19 ` Stephen Leake
2022-02-02 18:48 ` Gautier write-only address
2022-02-02 20:03 ` Paul Rubin
2022-02-02 20:45 ` Dennis Lee Bieber
2022-02-12 4:42 ` 25.BZ943
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox