From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,146d9a693430fff2 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Ada2012 Invariants and obaque types Date: Wed, 22 Jun 2011 09:55:43 +0200 Organization: cbb software GmbH Message-ID: <12rkz5xtyhm2e.1anhwaja6imwo$.dlg@40tude.net> References: <239a78ad-0937-4a7a-8163-231430fd5ffe@k27g2000yqn.googlegroups.com> <17t4afbmsrbm4.7llaajq91zz3.dlg@40tude.net> <1rxmqjvvd0nk6.1pqiavml8xwzf.dlg@40tude.net> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: FbOMkhMtVLVmu7IwBnt1tw.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 Xref: g2news1.google.com comp.lang.ada:20000 Date: 2011-06-22T09:55:43+02:00 List-Id: On Tue, 21 Jun 2011 23:50:04 +0200, Vinzent Hoefler wrote: > Dmitry A. Kazakov wrote: > >> On Tue, 21 Jun 2011 21:34:31 +0200, Vinzent Hoefler wrote: >> >>> Dmitry A. Kazakov wrote: >>> >>>> 'Valid is a hack around missing value initialization enforcement or some >>>> kludges to support Unchecked_Conversion. It cannot justify anything because >>>> 'Valid itself lacks credibility. >>> >>> How do you properly initialise and/or validate values coming from an untrusted >>> external source (i.e. "bus")? Always using the full bit pattern and write the >>> conversion routine yourself? >> >> Yes, I always do exactly this, at least in order to make my program >> portable. > > Hmm. Reading bus values in a particular endianes and being portable... ;) > > Example: > > -- type used for clock source and retrigger mode selections > -- bits [4:2] > -- RTG PSC_SEL EXT_CLK clock mode > -- 0 0 0 Internal, cpu clock, gated > -- 0 0 1 External > -- 0 1 0 Internal, prescaled, gated > -- 0 1 1 N/A (same as 001) > -- 1 0 0 Internal, cpu clock, retriggered > -- 1 0 1 N/A (same as 001) > -- 1 1 0 internal, prescaled, retriggered > -- 1 1 1 N/A (same as 001) > type Clock_Source is (Internal_Gated, > External, > Prescaled_Gated, > Internal_Retriggered, > Prescaled_Retriggered); > > for Clock_Source use (Internal_Gated => 2#000#, > External => 2#001#, > Prescaled_Gated => 2#010#, > Internal_Retriggered => 2#100#, > Prescaled_Retriggered => 2#110#); > > for Clock_Source'Size use 3; > > Would you actually do without the type representation here and start masking off the > bits by hand again instead of using 'Valid, just in case of of those "N/A" values > sneak in? Yes. I always provide a low-level I/O package which defines operations for getting objects from, say, an octet array and putting it back: procedure Get ( Data : Octet_Array; Pointer : in out Integer; -- Advanced to the next octet Value : out Clock_Source -- May raise Data_Error ); I never use memory mapping of read data. Incoming data are parsed by a sequence of calls to the corresponding Get operations. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de