Re: Subverting 'Access for Sub-programs

[Robert A Duff <bobduff@world.std.com>]

adam@irvine.com writes:

> After I wrote the above post, I actually did think of a simple way
> that this type of runtime check could be implemented efficiently.
> Suppose you have a subprogram P that contains nested subprograms Q1,
> Q2, etc.  If Q1'ACCESS is used, the compiler allocates a global counter
> for P (Q1's parent); the access value for Q1'ACCESS would contain the
> address of P's global counter, and the current value of the counter.
> When P exits, it increments the global counter just before returning.
> Now, any access-subprogram type that has this property will have a
> counter address (possibly null) and a current counter value; so when
> dereferencing, the program would look up the pointed-to counter and see
> if its value matches the value stored in the access-subprogram type.  If
> not, the dereference is illegal.  (A null counter address would indicate
> a global subprogram, or perhaps any subprogram that is statically not
> deeper than the type, so that the check would be unnecessary.)

This is sort of like the "generation count" scheme, which we use in the
AdaMagic run-time system to detect dangling task id's.  You can use this
to detect dangling pointers in general, but it's rather expensive for
smallish things -- doubles the size of all the pointers, and increases
the number of memory references.  I'd rather have full garbage
collection.

> P's counter would also have to be incremented when its execution is
> abandoned due to an exception; this may add a little complication in
> some implementations, but not too much.

Or an abort statement or ATC.

>...Tasking probably complicates
> things.

Yeah.  I guess you would need a per-task count (and per-task data is
expensive on some systems).  Your scheme could work, but I still stand
by my statement, "Such a feature would be difficult to implement
efficiently."

- Bob
-- 
Change robert to bob to get my real email address.  Sorry.