Re: Safety of the Booch Ada 95 Components

[Simon Wright <simon@pogner.demon.co.uk>]

"Robert I. Eachus" <eachus@mitre.org> writes:

> Hyman Rosen wrote:
>  
> > Why is an assignment operator that raises an exception broken?
> 
>    It isn't.  But in Ada, an assignment that raises an exception does so
> before actually "copying the bits."

I don't believe this is true. See LRM 7.6(2).

>                                      So that objects that were
> consistant are not broken except by an explicit abort from some other
> task while outside an abort-deferred region.  However, one explicit
> abort-deferred operation is: "an assignment operation to an object with
> a controlled part." RM9.8(11)  There other such operations included so
> that a user of an object of a controlled type can expect that the value
> is never corrupted.
> 
>    So any user of an Ada package which did corrupt objects in this
> manner would be consider it to be broken.

Since (LRM 7.6(2)) Adjust is called as the _last_ step of an
assignment, I don't see how the provider of an Ada package can do as
you ask.

I'm going to do a deep copy.

I have an object containing a pointer to the value that has been
assigned, so I need to make the deep copy and then put a pointer to
the copy in the current object.

If that fails, presumably because of memory exhaustion, I can

(1) make sure that the assignee has a valid but partial copy

(2) make sure that the assignee has a null pointer

(3) leave the assignee pointing to the value that has been assigned,
    so that the copy isn't deep after all

(4) not bother

In *none* of these cases is the assignee "valid". Whether that equates
to being "corrupt" is a question I prefer to leave to the reader ..