From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 border1.nntp.dca.giganews.com!border4.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!ottix-news.ottix.net!newsswitch.lcs.mit.edu!nntp.TheWorld.com!.POSTED!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: Differences between Ada 83 and other revisions
Date: Fri, 14 Feb 2014 09:08:50 -0500
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wcceh353hxp.fsf@shell01.TheWorld.com>
References: <19ac8735-7a9c-429f-a111-a1b3c4b0985b@googlegroups.com>
 <bm4ll9Fjs95U1@mid.individual.net>
 <3872de7d-2df4-4ddb-8348-45eb03b3588e@googlegroups.com>
 <bm4tirFlj8gU1@mid.individual.net>
 <6aca36a4-cd78-4098-a1f7-646cb37cd14d@googlegroups.com>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: pcls7.std.com 1392386933 22700 192.74.137.71 (14 Feb 2014 14:08:53
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Fri, 14 Feb 2014 14:08:53 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:WF+zQbOLX05urEwjiwg9px+S1VE=
Xref: number.nntp.dca.giganews.com comp.lang.ada:184860
Date: 2014-02-14T09:08:50-05:00
List-Id: <comp.lang.ada>

adambeneschan@gmail.com writes:

> The one new feature that I think *could* be used to create less
> reliable code, if abused, is 'Unchecked_Access.

Well, I think you have to look at the alternatives, rather than
looking at a feature like 'Unchecked_Access in isolation.

Suppose you have an Ada 2012 (or 2005 or 95) program that uses
'Unchecked_Access.  There is a risk of dangling pointers.

But how would you write that code in Ada 83?  Probably you'd
allocate an object on the heap.  And Ada 83 didn't have finalization,
so you have to manage deallocation by hand.  So in Ada 83 you would
have a similar risk of dangling pointers, plus additional risks:
storage leaks, heap fragmentation, etc.

Or perhaps (still talking about Ada 83), you'd use 'Address and
Unchecked_Conversion.  Again, additional risks, such as nonportability
(given that the semantics of 'Address are rather ill defined).
Plus there's no "aliased" there warning you about aliasing.

So although 'Unchecked_Access is indeed an unsafe feature, the
existence of 'Unchecked_Access makes the language safer overall.

I think the same can be said of other supposedly-unsafe features
added to Ada since Ada 83, such as storage pools.

Or consider the assertion facilities ("contracts"): pre/postconditions,
predicates, invariants.  There is a risk that those will raise
an exception and crash the program.  Yet programming using contracts
is clearly safer than the Ada 83 alternatives.

- Bob