From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,5dacec64c8c879fa
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.68.189.72 with SMTP id gg8mr14499100pbc.4.1328632072825;
        Tue, 07 Feb 2012 08:27:52 -0800 (PST)
Path: 
 lh20ni271049pbb.0!nntp.google.com!news2.google.com!news1.google.com!newsfeed2.dallas1.level3.net!news.level3.com!newsfeed-00.mathworks.com!nntp.TheWorld.com!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: Preventing Unchecked_Deallocation?
Date: Tue, 07 Feb 2012 11:27:52 -0500
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wcchaz27gmv.fsf@shell01.TheWorld.com>
References: 
 <33a35da4-6c3e-4ab4-b58f-a9d73565d79a@t30g2000vbx.googlegroups.com>
 <ad427e2f-efdb-4e34-b4cf-ee55a3f8e9f5@f14g2000yqe.googlegroups.com>
 <f4c34323-d0d8-4315-aaaa-31c0119e2ba4@n6g2000vbz.googlegroups.com>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
X-Trace: pcls6.std.com 1328632072 30784 192.74.137.71 (7 Feb 2012 16:27:52
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Tue, 7 Feb 2012 16:27:52 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:Nmpm0+1KMBxqnJh3TkkpPBLTZs4=
Content-Type: text/plain; charset=us-ascii
Date: 2012-02-07T11:27:52-05:00
List-Id: <comp.lang.ada>

Simon Belmont <sbelmont700@gmail.com> writes:

> When you say erroneous, do you mean forbidden by the language (i.e. an
> exception)

No.

>... or that it will cause undefined operation?

Yes.  I suggest you look up the definition of "erroneous"
in the Ada RM.  It doesn't mean what it means in normal English.
I'm planning to write an AdaCore "gem" on this confusing subject
one of these days.

Ada's "erroneous behavior" is roughly equivalent to C's "undefined
behavior".

>...My concern is
> that if a unit exposes an access value to other units, any of them may
> use UD to delete the object at any time.  Obviously this sort of
> behavior would cause the program to quickly crash due to a null
> pointer, ...

That's not obvious!  It might crash slowly.  Worst of all,
it might not crash -- it might do exactly what you wanted,
and now you have a latent bug that might rear it's ugly
head years later.

As others have suggested, the usual solution is to use
a private type.

You could also have a configuration pragma:

    pragma Restrictions(No_Dependence => Ada.Unchecked_Deallocation);

or the GNAT-specific:

    pragma Restriction_Warnings(No_Dependence => Ada.Unchecked_Deallocation);

The latter is more flexible.

- Bob