> This proposal here is to add a new Build_Atomic_Trampolines aspect > which may be applied to subprograms of protected types.
Whatever this is for, it should not be called "trampoline". Trampolines have a specific meaning in GCC and we generally want to get rid of them. > The primary purpose of this change is to prevent the possible memory > corruption detailed in PR ada/124225 without making any changes to the > locking patterns. This still leaves a hole where a fallback handler > may be missed if the user is moving the fallback handler between > levels while a fallback handler is being resolved. However, it > prevents the risk of memory corruption caused by calling a protected > procedure with an invalid protected object. There are also likely > other places where this will be a useful option to have. But PR ada/124225 is a theoretical case that no one will run into, so I don't really think that it is worth anyone's time. Moreover, it pertains to a very delicate area where changes generally break things, so the barrier for making them is very high. > Lastly, around 20 years ago it was possible to apply the atomic aspect > to all access-to-protected-subprogram types. I don't know if the old > implementation did what I am describing here, but if it did, it's long > gone from the compiler anyway. I suspect that it accepted the pragma but disregarded it altogether... -- Eric Botcazou
