From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.5-pre1 (2020-06-20) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.5-pre1 Date: 2 Sep 93 13:38:59 GMT From: butch!rapnet!lvonrude@uunet.uu.net (Lowell S. VonRuden x5294) Subject: Re: Unchecked_Conversion question Message-ID: <1993Sep2.133859.26958@Rapnet.Sanders.Lockheed.Com> List-Id: In article adam@irvine.com (Adam Beneschan) writes: >In article <1993Sep1.154715.10498@Rapnet.Sanders.Lockheed.Com> lvonrude@Rapnet .Sanders.Lockheed.Com (Lowell S. VonRuden x5294) writes: > >> I am doing something that seems to work using a Verdix compiler, but I >> have not been able to determine if this is something that will be safely >> transportable. Hopefully, someone here can tell me. >> >> I have a 32 bit value coming in from an external interface as an >> integer, which I am mapping to an enumeration type. The enumeration >> type has representation clauses for both size (Integer'Size) and >> implementation values. Assigning the result of an unchecked conversion >> from the integer to an object of the enumeration type doesn't raise any >> exception if the integer is out of range for the enumeration type >> representation. I found that if I do an explicit conversion of the >> enumeration object to its type, then the range gets checked. >> >> procedure Sample (Int : Integer) is >> >> type Enum is (AAA, BBB, CCC, DDD); >> for Enum use (AAA=> 1, >> BBB=> 2, >> CCC=> 13, >> DDD=> 14); >> for Enum'Size use Integer'Size; >> >> function Convert is new Unchecked_Conversion (Source => Integer, >> Target => Enum); >> begin >> >> E := Convert (Int); -- no exception raised here if Int is out of range >> >> E := Enum (Convert (Int)); -- this does raise constraint error if >> -- Int is out of range >> >> end Sample; >> >> >> So, is this a dependable thing to do? > >I don't think so. > >In fact, I'm surprised that your two statements generate different >code at all. After all, Convert is a function that returns an Enum, >so saying Enum(X) as a type conversion should be a no-op. I would >guess that many compilers would recognize this, and not generate any >constraint checking code when "converting" an object to an object of >the exact same type. > >I don't such a check is required by the LRM, either. I believe that >if you say > > X : Enum; >... > ... Enum(X) ... > >the compiler is allowed to assume that "X" contains a valid Enum >value, and therefore the compiler can determine that no range check is >required. That's what I'm concerned about. The Verdix compiler I'm using generates the check for the seemingly unnecessary conversion both with and without the optimizer turned on, but I still feel funny trusting this in all situations. I saw someone else's attempt at trying to catch bad values for X. They passed the Enum resulting from the unchecked conversion into a procedure, which did some unrelated thing, but they had a local block with an exception handler for Constraint_Error surrounding the call. This would assume that the constraints of the Enum type would always be checked when the object is passed to another procedure. E := Convert (Int); begin Do_Something_Unrelated (E); exception when Constraint_Error => -- assume Int must not have been a valid Enum representation end; Would this be a safe assumption? -- -------------------------------------------------------------------- -- Usual disclaimers apply... Lowell Von Ruden -- -- lvonrude@rapnet.sanders.lockheed.com Lockheed Sanders, Inc -- --------------------------------------------------------------------