Re: A hole in Ada type safety

comp.lang.ada
 help / color / mirror / Atom feed

From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: A hole in Ada type safety
Date: Sat, 30 Apr 2011 07:56:40 -0400
Date: 2011-04-30T07:56:40-04:00	[thread overview]
Message-ID: <wccoc3oq7ev.fsf@shell01.TheWorld.com> (raw)
In-Reply-To: 87oc3odtci.fsf@mid.deneb.enyo.de

Florian Weimer <fw@deneb.enyo.de> writes:

> I don't know if this is a new observation---I couldn't find
> documentation for it.

It's not new.  It is documented in AARM-3.7.2(4,4.a),
which dates back to Ada 83 days.

> When the inner function Convert is called, the discriminant Sel of M
> has the value Target_Field, thus the component M.T can be
> dereferenced. The assignment statement in Convert changes the
> discriminant and the value. But the source value S is still reachable
> as an object of type Target because the parameter T aliases the
> component M.T, so the return statement executes without raising an
> exception.

Well, the program exhibits erroneous (i.e. unpredictable) behavior,
so anything could happen.  The above description is likely to happen.

> Our implementation lacks the full power of Ada.Unchecked_Conversion
> because it does not supported limited or unconstrained types. However,
> it is sufficient to break type safety.

Yes.  Anything that is erroneous necessarily breaks type safety.
If you look up "erroneous execution" in the index, you'll find
them all.

Your comment, "This note shows that a combination of safe-looking
language features can be used to undermine type safety, too."
is the key point.  It is indeed unfortunate when "safe-looking"
features can be erroneous.

- Bob

next prev parent reply	other threads:[~2011-04-30 11:56 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-30  8:41 A hole in Ada type safety Florian Weimer
2011-04-30 11:56 ` Robert A Duff [this message]
2011-04-30 15:27   ` Gavino
2011-04-30 16:16   ` Florian Weimer
2011-04-30 23:39     ` Randy Brukardt
2011-05-01 10:26       ` Florian Weimer
2011-05-03  1:40         ` Randy Brukardt
2011-05-03 16:57           ` Robert A Duff
2011-05-07  9:09           ` Florian Weimer
2011-05-07  9:28             ` Dmitry A. Kazakov
2011-05-07  9:57               ` Florian Weimer
2011-05-08  8:08                 ` Dmitry A. Kazakov
2011-05-08  8:46                   ` Florian Weimer
2011-05-08  9:32                     ` Dmitry A. Kazakov
2011-05-08 10:30                       ` Florian Weimer
2011-05-08 20:24                         ` anon
2011-05-08 21:11                           ` Simon Wright
2011-05-10  6:27                             ` anon
2011-05-10 14:39                               ` Adam Beneschan
2011-05-11 20:39                                 ` anon
2011-05-12  0:51                                   ` Randy Brukardt
2011-05-13  0:47                                     ` anon
2011-05-13  0:58                                       ` Adam Beneschan
2011-05-13  5:31                                       ` AdaMagica
2011-05-12  5:51                                   ` AdaMagica
2011-05-12 12:09                                     ` Robert A Duff
2011-05-12 14:40                                     ` Adam Beneschan
2011-05-14  0:30                                       ` Randy Brukardt
2011-05-09  7:48                         ` Dmitry A. Kazakov
2011-05-09 20:41             ` Randy Brukardt
2011-05-14 23:47     ` anon

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox