From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,af0c6ea85f3ed92d
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.68.226.10 with SMTP id ro10mr10005431pbc.6.1329591348990;
        Sat, 18 Feb 2012 10:55:48 -0800 (PST)
Path: 
 wr5ni40695pbc.0!nntp.google.com!news1.google.com!newsfeed2.dallas1.level3.net!news.level3.com!newsfeed-00.mathworks.com!nntp.TheWorld.com!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: Arbitrary Sandbox
Date: Sat, 18 Feb 2012 13:55:48 -0500
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wccobswc6ob.fsf@shell01.TheWorld.com>
References: <bfeb9869-9323-4ad5-bdf8-af20593734ef@q8g2000pbb.googlegroups.com>
 <2aaee0a4-e820-4a75-bbaf-d9d09c366d2c@f5g2000yqm.googlegroups.com>
 <4da4bf75-e6c9-4c17-9072-ab6f533ed93f@vd8g2000pbc.googlegroups.com>
 <jh7739$9os$1@munin.nbi.dk>
 <203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com>
 <jhh6qr$9av$1@munin.nbi.dk>
 <e10bf38c-3c48-4fa4-bb0a-e61211aee90d@f30g2000yqh.googlegroups.com>
 <193cr8xol0ysi.14p4cp2yxnb0r$.dlg@40tude.net>
 <op.v9veuwe6ule2fv@douda-yannick>
 <1jleu301thnd3$.s23priwn3ajb$.dlg@40tude.net>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
X-Trace: pcls6.std.com 1329591348 32181 192.74.137.71 (18 Feb 2012 18:55:48
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Sat, 18 Feb 2012 18:55:48 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:NJEvvTcRuIaKzP9sAEX3I/ZwpgI=
Content-Type: text/plain; charset=us-ascii
Date: 2012-02-18T13:55:48-05:00
List-Id: <comp.lang.ada>

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> I wonder what kind of architecture could require a safe implementation of
> Ada, e.g. when private parts of packages and protected objects would be
> mapped onto the memory physically inaccessible from public contexts.

The kind of architecture that is overly complicated
and grossly inefficient.  Imagine a private type with
discriminants.  The discriminant of each object is visible
to clients; other components are not.  Or imagine a private
extension of a (visible) record extension.  What about the
fact that some portion (not all) of a child package has
visibility on the private part (but not the body) of the
parent package?

Why do work at run time that can be done at compile time?
Implementing things in hardware doesn't magically make
them free.

Putting high-level support for higher-level languages in hardware
has been tried a number of times, and it's always been a bad idea.

- Bob