> > The primary purpose of this change is to prevent the possible memory > > corruption detailed in PR ada/124225 without making any changes to the > > locking patterns. This still leaves a hole where a fallback handler > > may be missed if the user is moving the fallback handler between > > levels while a fallback handler is being resolved. However, it > > prevents the risk of memory corruption caused by calling a protected > > procedure with an invalid protected object. There are also likely > > other places where this will be a useful option to have. > > But PR ada/124225 is a theoretical case that no one will run into, so I don't > really think that it is worth anyone's time. Moreover, it pertains to a very > delicate area where changes generally break things, so the barrier for making > them is very high.
That's why I came up with a partial solution which completely avoids logic changes in the runtime, however if you think this still has the potential to break things then I'll defer to your judgement on that. The reason that I think a partial solution is worth implementing, if it can be done in a safe way, is because if someone does ever hit this bug it will be practically impossible to debug.
