Florian Weimer wrote:
Yes, Ada has some nice features. At least there are real arrays, but
they are somewhat cumbersome to work with, compared to Java, Python or,
well, C pointers. There are two aspects: preservation of array bounds
in slices (so that you have to write Table (Table'First + Offset) to
access the element Offset of Table, Offset ranging from 0 to
Table'Length - 1)
That array bounds must be preserved becomes obvious when you consider
arrays where the index type has a meaning beyond just position in the
array. If you have an array Week with a range of Monday..Sunday, and
you take the slice Week(Saturday..Sunday) and call it Weekend, then you
really don't want Weekend to suddenly have the indexes Monday and
Tuesday.
The GNAT run-time is compiled without language-defined checks, and it
used to have at least one buffer overflow in the Ada part. Many Ada
libraries used to follow GNAT's example and disabled the checks as well,
but this has changed during the last few years, it appears. Manual
overflow checks are hampered by the fact that -gnato still isn't the
default.
Those are things that we can control in Fedora. I don't see why we
couldn't compile Libgnat with checks enabled if we wanted to – except
for the code that performs the checking i guess.
The RPM macros Gnatmake_optflags and GPRbuild_optflags contain mandatory
compiler flags that try to prevent suppression of important checks.
Unfortunately they can't override pragmas, but tools to check for
dangerous pragmas could be developed. I will add -gnato to the mandatory
compiler flags if the FPC decides so.
Controlled types have a fixed overhead which is quite visible with
small
objects.
Of course there is always some overhead. Do you mean that they have a
significantly larger overhead than garbage collectors have?
Björn Persson