CVS difference for ai12s/ai12-0111-1.txt

Differences between 1.2 and version 1.3
Log of other versions for file ai12s/ai12-0111-1.txt

--- ai12s/ai12-0111-1.txt	2014/06/20 01:00:29	1.2
+++ ai12s/ai12-0111-1.txt	2014/11/13 04:00:55	1.3
@@ -2203,3 +2203,62 @@
 Especially at this stage.
 
 ***************************************************************
+
+From: Brad Moore
+Sent: Thursday, October 16, 2014  9:32 AM
+
+The discussion section of this AI shows an example of tampering with elements
+that the tampering checks detect, basically involving obtaining a reference to
+an element of a vector, and then using that reference to call a procedure
+which appends an item to container, which could cause the array to be
+increased in size, leaving the original reference pointing to garbage.
+
+I'm wondering if it would be possible to catch this sort of error at compile
+time rather than at run time.
+
+This is the approach taken by the Rust programming language, for a similar example.
+
+See http://doc.rust-lang.org/nightly/intro.html
+
+fn main() {
+     let mut v = vec![];
+
+     v.push("Hello");
+
+     let x = &v[0];
+
+     v.push("world");
+
+     println!("{}", x);
+}
+
+
+This fails to compile because the second push call it attempting to "borrow" a
+mutable reference to vector v, while an immutable "borrow" exists (the
+declaration of x)
+
+Maybe Ada could have a compiler mode where it does this sort of checking, or
+maybe the Global aspects proposal of AI12-0079 could help here. If we had a way
+to rely on these sorts of errors being caught at compile time, then maybe the
+need for expensive run-time checks could be eliminated.
+
+***************************************************************
+
+From: Robert Dewar
+Sent: Saturday, October 18, 2014  8:25 AM
+
+> The discussion section of this AI shows an example of tampering with 
+> elements that the tampering checks detect, basically involving 
+> obtaining a reference to an element of a vector, and then using that 
+> reference to call a procedure which appends an item to container, 
+> which could cause the array to be increased in size, leaving the 
+> original reference pointing to garbage.
+>
+> I'm wondering if it would be possible to catch this sort of error at 
+> compile time rather than at run time.
+
+VERY messy to have the compiler have to know this much about container
+packages, so best would be if some pragmas could be devised that makes the
+relevant check more general.
+
+***************************************************************

Questions? Ask the ACAA Technical Agent