From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Ada2012 Invariants and obaque types
Date: Wed, 22 Jun 2011 09:55:43 +0200
Date: 2011-06-22T09:55:43+02:00 [thread overview]
Message-ID: <12rkz5xtyhm2e.1anhwaja6imwo$.dlg@40tude.net> (raw)
In-Reply-To: op.vxf39qy3lzeukk@jellix.jlfencey.com
On Tue, 21 Jun 2011 23:50:04 +0200, Vinzent Hoefler wrote:
> Dmitry A. Kazakov wrote:
>
>> On Tue, 21 Jun 2011 21:34:31 +0200, Vinzent Hoefler wrote:
>>
>>> Dmitry A. Kazakov wrote:
>>>
>>>> 'Valid is a hack around missing value initialization enforcement or some
>>>> kludges to support Unchecked_Conversion. It cannot justify anything because
>>>> 'Valid itself lacks credibility.
>>>
>>> How do you properly initialise and/or validate values coming from an untrusted
>>> external source (i.e. "bus")? Always using the full bit pattern and write the
>>> conversion routine yourself?
>>
>> Yes, I always do exactly this, at least in order to make my program
>> portable.
>
> Hmm. Reading bus values in a particular endianes and being portable... ;)
>
> Example:
>
> -- type used for clock source and retrigger mode selections
> -- bits [4:2]
> -- RTG PSC_SEL EXT_CLK clock mode
> -- 0 0 0 Internal, cpu clock, gated
> -- 0 0 1 External
> -- 0 1 0 Internal, prescaled, gated
> -- 0 1 1 N/A (same as 001)
> -- 1 0 0 Internal, cpu clock, retriggered
> -- 1 0 1 N/A (same as 001)
> -- 1 1 0 internal, prescaled, retriggered
> -- 1 1 1 N/A (same as 001)
> type Clock_Source is (Internal_Gated,
> External,
> Prescaled_Gated,
> Internal_Retriggered,
> Prescaled_Retriggered);
>
> for Clock_Source use (Internal_Gated => 2#000#,
> External => 2#001#,
> Prescaled_Gated => 2#010#,
> Internal_Retriggered => 2#100#,
> Prescaled_Retriggered => 2#110#);
>
> for Clock_Source'Size use 3;
>
> Would you actually do without the type representation here and start masking off the
> bits by hand again instead of using 'Valid, just in case of of those "N/A" values
> sneak in?
Yes. I always provide a low-level I/O package which defines operations for
getting objects from, say, an octet array and putting it back:
procedure Get
( Data : Octet_Array;
Pointer : in out Integer; -- Advanced to the next octet
Value : out Clock_Source -- May raise Data_Error
);
I never use memory mapping of read data. Incoming data are parsed by a
sequence of calls to the corresponding Get operations.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2011-06-22 7:55 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-21 8:53 Ada2012 Invariants and obaque types Martin
2011-06-21 10:27 ` Yannick Duchêne (Hibou57)
2011-06-21 10:36 ` Martin
2011-06-21 10:46 ` Martin
2011-06-21 18:42 ` Yannick Duchêne (Hibou57)
2011-06-21 10:43 ` Ludovic Brenta
2011-06-21 10:53 ` Martin
2011-06-21 11:14 ` Martin
2011-06-21 11:31 ` Robert A Duff
2011-06-21 11:48 ` Martin
2011-06-21 12:01 ` Martin
2011-06-21 12:13 ` Robert A Duff
2011-06-21 12:22 ` Martin
2011-06-21 12:54 ` Robert A Duff
2011-06-21 13:00 ` Martin
2011-06-21 12:08 ` Dmitry A. Kazakov
2011-06-21 12:17 ` Georg Bauhaus
2011-06-21 12:31 ` Dmitry A. Kazakov
2011-06-21 13:29 ` Georg Bauhaus
2011-06-21 14:42 ` Dmitry A. Kazakov
2011-06-21 18:37 ` Yannick Duchêne (Hibou57)
2011-06-21 18:53 ` Dmitry A. Kazakov
2011-06-21 19:34 ` Vinzent Hoefler
2011-06-21 20:52 ` Dmitry A. Kazakov
2011-06-21 21:50 ` Vinzent Hoefler
2011-06-22 7:55 ` Dmitry A. Kazakov [this message]
2011-06-21 21:18 ` Manuel Collado
2011-06-22 8:00 ` Dmitry A. Kazakov
2011-06-22 10:39 ` Egil Høvik
2011-06-22 13:57 ` Martin
2011-06-23 16:21 ` anon
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox