From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.glorb.com!peer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!newsswitch.lcs.mit.edu!nntp.TheWorld.com!.POSTED!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: Differences between Ada 83 and other revisions
Date: Wed, 19 Feb 2014 17:09:31 -0500
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wccd2ii4uw4.fsf@shell01.TheWorld.com>
References: <19ac8735-7a9c-429f-a111-a1b3c4b0985b@googlegroups.com>
 <bm4ll9Fjs95U1@mid.individual.net>
 <3872de7d-2df4-4ddb-8348-45eb03b3588e@googlegroups.com>
 <bm4tirFlj8gU1@mid.individual.net>
 <6aca36a4-cd78-4098-a1f7-646cb37cd14d@googlegroups.com>
 <a2f5ae62-cc3f-4cfb-ac78-b3ec0eae1c4a@googlegroups.com>
 <wcczjlrjgc9.fsf@shell01.TheWorld.com> <ldqn70$sl3$1@dont-email.me>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: pcls7.std.com 1392847776 870 192.74.137.71 (19 Feb 2014 22:09:36 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Wed, 19 Feb 2014 22:09:36 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:7SIfCe864fwa70bN7ypt+dEOg8Q=
X-Received-Bytes: 2939
X-Received-Body-CRC: 2536459995
Xref: news.eternal-september.org comp.lang.ada:18682
Date: 2014-02-19T17:09:31-05:00
List-Id: <comp.lang.ada>

"J-P. Rosen" <rosen@adalog.fr> writes:

> Le 16/02/2014 15:13, Robert A Duff a écrit :
>>> But at least it spells out that it is potentially dangerous by being
>>> > called 'Unchecked", like all the other 'Unchecked" parts of the
>>> > language ...very easy to find!
>> If only that were true.  I don't see any "unchecked" here:
>> 
>>     for X'Address use ...;
>> 
>>     X := ...;
>> 
>> It would be great if you could find all unsafe (i.e. potentially
>> erroneous) code by searching for something like "unchecked".
>> But alas.
> But AdaControl can find every use of (instantiations of) Unchecked_*,
> and all usages of 'Address, or only address clauses that refer to the
> address of another object.

That's useful.  Can it find all unsafe features?  There are some
that are quite difficult to detect, such as passing a component
of a variant record to a procedure that causes that component
to vanish.

> There needs to be a boundary between what is checked by the compiler and
> what is best handled by external tools; you may not agree to where the
> line has been drawn, but tools that can find unsafe features do exist!

I didn't mention any compiler checking up there.  I said "search".
I'm asking for a language-design principle that says "you cannot use
any unsafe feature without with-ing a package called Unsafe, or a descendant
thereof".  Then a simple search for "unsafe" finds them all, without
any need for sophisticated tools.

Can you name all the unsafe features of Ada off the top of your head,
and tell what strings to search for to find them?  I can't.  You can
find them by looking up "erroneous" in the Index.

(C is far worse in that regard!)

- Bob