From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.5-pre1 (2020-06-20) on
	ip-172-31-74-118.ec2.internal
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,MSGID_SHORT
	autolearn=no autolearn_force=no version=3.4.5-pre1
Date: 31 Dec 91 13:53:05 GMT
From: mcsun!corton!enst!cyclope!rosen@uunet.uu.net  (Jean-Pierre Rosen)
Subject: Re: unchecked conversion
Message-ID: <1546@cyclope.enst.fr>
List-Id: <comp.lang.ada>

UNCHECKED_CONVERSION is a FUNDAMENTAL feature of Ada. It is needed each time
you need to look at some data from different abstraction layers. For example,
suppose you are implementing an access method for files. The spec would look
like:
   generic
      type ITEM is private;
   package ACCESS_METHOD is
      ... various access procedures, returning values of type ITEM

However, inside the package body, you would view the underlying OS file as
a blocks of bytes. You need UNCHECKED_CONVERSION to view the same bytes
sometimes as a value of type ITEM, sometimes as a stream of bytes.

Note that UNCHECKED_CONVERSION is *safer* than passing the 'ADDRESS of an objec
t
of type ITEM, since it works on values, not on objects. Descriptors, dope 
vectors etc. that are part of the object (and included in the memory area 
referred to by 'ADDRESS) are not included.

Of course, UNCHECKED_CONVERSION should not be used to get rid of Ada's typing
model. But the way it is designed, any use of it cannot be concealed since
users must "with" it. In a project, QA should forbid using UNCHECKED_CONVERSION
unless a waiver is granted. QA will then just ask the library manager for units
that depend on UNCHECKED_CONVERSION to check that only authorized modules make
use of it, NO CODE INSPECTION is necessary. This is a great improvement over
undisciplined type-cast (like in C/C++) where careful reading of all code
is mandatory.