Re: [announcement] SYSAPI and SYSSVC for Windows

• Previous message: Larry Kilgallen: "Re: Certified C compilers for safety-critical embedded systems"
• In reply to: Dmitry A. Kazakov: "Re: [announcement] SYSAPI and SYSSVC for Windows"
• Next in thread: Dmitry A. Kazakov: "Re: [announcement] SYSAPI and SYSSVC for Windows"
• Reply: Dmitry A. Kazakov: "Re: [announcement] SYSAPI and SYSSVC for Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 23 Dec 2003 18:02:45 -0500

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> Ekkehard Morgenstern wrote:

> > so I could've just used a tagged limited record?
> >
> > Like this:
> >
> > type T is tagged limited
> > record
> > A : My_Array_Type;
> > end record;
> >
> > procedure F ( O : in out T ) is
> > Ptr : My_Array_Cell_Ptr;
> > begin
> > Ptr := O.A(1)'Access;
> > end;
> >
> > Right?
>
> No. It is unrelated. The thing you are getting access of has to be aliased.
> So it is the array elements which has to be, for example:
>
> type T is limited private;
> private
> type Integer_Array is array (Integer range <>) of aliased Integer;
> type T is limited record
> A : Integer_Array (1..3);
> end record;
>
> procedure F (O : in out T ) is
> begin
> ... O.A(1)'Access; -- This is OK, A(i) are aliased

No, that's not quite good enough. The parameter O is considered to be
nested within F, so you need 'Unchecked_Access instead of 'Access here.
Whenever you use 'Unchecked_Access, you have to make sure you don't
use dangling pointers -- so the & operator in C or C++ is more like
'Unchecked_Access than 'Access in that regard.

The point is: when you say 'Access, the compiler can prove that you
don't have dangling pointers. Otherwise, you need 'Unchecked_Access
(but then you better prove it yourself, or your program might do bad
things).

> end;
>
> If the array elements be tagged, then you would need not write "aliased" in
> the array declaration.

That's not quite right. Tagged *parameters* (like O in the above
example) are automatically aliased. But other objects are aliased only
if declared so (by the "aliased" keyword) or if allocated in the heap by
"new" (whether tagged or not).

IMHO, it was a mistake to make tagged parameters automatically aliased.
We should, instead, have allowed the "aliased" keyword on parameters.

Summary: To get an access value to an existing object, you must first
make sure it's aliased (which means allocated on the heap, explicitly
declared "aliased", or a tagged parameter). Then you must worry about
accessibility level (which determines whether you should use 'Access or
'Unchecked_Access).

- Bob

• Previous message: Larry Kilgallen: "Re: Certified C compilers for safety-critical embedded systems"
• In reply to: Dmitry A. Kazakov: "Re: [announcement] SYSAPI and SYSSVC for Windows"
• Next in thread: Dmitry A. Kazakov: "Re: [announcement] SYSAPI and SYSSVC for Windows"
• Reply: Dmitry A. Kazakov: "Re: [announcement] SYSAPI and SYSSVC for Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]