|
LCS-2016-014b |
|
1 {22-Jan-2017} |
|
22-Jan-2017 |
|
Draft |
|
Patrick Lehmann Lieven Lemiengre |
|
Main.PatrickLehmann Main.LievenLemiengre |
|
- - - - |
|
This LCS allows the retrieval of access values (references) to declared objects. |
a :
new INTEGER'(5);= ).
This LCS adds a 'access
attribute.
This LCS also allows protected types to be passed as IN parameters and deprecates the INOUT mode.
access_type_definition ::= access subtype_indicationFor each access type, there is a literal null that has a null access value designating no object at all. The null value of an access type is the default initial value of the type. Other values of an access type are obtained by evaluation of a special operation of the type, called an allocator. Each such access value designates an object of the subtype defined by the subtype indication of the access type definition. This subtype is called the designated subtype and the base type of this subtype is called the designated type.
type ADDRESS is access MEMORY; type BUFFER_PTR is access TEMP_BUFFER;NOTE 1 -- An access value delivered by an allocator or attribute ACCESS can be assigned to several variables of the corresponding access type. Hence, it is possible for an object created by an allocator or object declaration to be designated by more than one variable of the access type.
incomplete_type_declaration ::= type identifier ;For each incomplete type declaration there shall be a corresponding full type declaration with the same identifier. This full type declaration shall occur later and immediately within the same declarative part as the incomplete type declaration to which it corresponds.
V'access | Kind: | Access value |
Prefix: | Any prefix V that is appropriate for a variable object with a protected type PT, or an alias thereof. | |
Result type: | Access value. | |
Result: | The access value referencing the object denoted by prefix V. |
void*
like in C.
TBP: The underlying objects may reside on the stack or in static data areas rather than the heap.
PL: Protected types declared as shared variables are never allocated on a stack to fulfill the lifetime rule.
TBP: Heap allocation and reference counting must be used for everything ...
PL: Reference counting is not necessary, there are other techniques available e.g. garbage collection (GC). As requested by a high ranked proposal (position 30 of 104), I wrote LCS 030 allowing garbage collection.
TBP: ... or escape analysis must be performed for stack-allocated values ...
PL: References to protected types declared in e.g. processes can be passed to subprograms, as long as an access value is not assigned to a variable with greater scope or longer lifetime. (I'll add this rule as marked in blue).
-- Patrick Lehmann - 2017-01-22
PL: Access types are still strong typed pointers and no void*
like in C.
TBP: I said differently allocated not differently typed.
PL: Protected types declared as shared variables are never allocated on a stack to fulfill the lifetime rule.
TBP: Protected types may be used for regular variables in a process
, function
or procedure
as well.
PL: Reference counting is not necessary, there are other techniques available e.g. garbage collection (GC). As requested by a high ranked proposal (position 30 of 104), I wrote LCS 030 allowing garbage collection.
TBP: Reference counting was just an example. The underlying problem cannot be solved by GC either. With a static, scope-defined lifetime, you keep the door open for synthesis support. Tools like it when this information is explicit and need not be reconstructed and proven.
PL: References to protected types declared in e.g. processes can be passed to subprograms, as long as an access value is not assigned to a variable with greater scope or longer lifetime. (I'll add this rule as marked in blue).
TBP: This statement is too vague. Is this dynamically checked? Must the smaller scope be provable locally at compile time?
This proposal is too big a beast to be tackled just before the door's closing. I think it is worth to pursue but should be backed by thoroughly studying existing examples like Rust, which try to safely cope with those reference issues.
-- Thomas Preusser - 2017-01-23
VHDL is a simulation language, not a hi-performance systems language. Adding an ownership type system like Rust isn't worth the complexity it brings, garbage collection will be good enough and it will simplify things for the designer.
-- Lieven Lemiengre - 2017-01-23
Yet, you need to be precise in the specification to avoid room for interpretation and tool divergence. To "prohibit [the] assignment of access values to variables with a greater scope than the created object, unless it was created by an allocator" is a goal but not a firm ruling. Do you check this at run time? Are there static assignment rules? If so, which? Let GC take care of allocated objects. If you really want references to subsume objects created another way, make sure to create a consistent and precise solution. And for this, it is always good to learn from the achievements and mistakes of others.
-- Thomas Preusser - 2017-01-23
The unary & operator in C is dangerous, and this brings the danger to VHDL. It allows the lifetime of a pointer to exceed the lifetime of the object. It risks garbage collection of static or stack objects. It avoids enforcement of in/out restrictions.
-- Peter Flake - 2017-02-02