From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,2193caf6800acc13 X-Google-Attributes: gid103376,public From: Ken Garlington Subject: Re: Ada for Data Processing? Date: 1996/10/11 Message-ID: <325E4BB3.206A@lmtas.lmco.com>#1/1 X-Deja-AN: 188784579 references: <52to6o$6p2@news1.mnsinc.com> <32546043.1BF3@dynamite.com.au> <325DF8CA.56A4@dynamite.com.au> content-type: text/plain; charset=us-ascii organization: Lockheed Martin Tactical Aircraft Systems mime-version: 1.0 newsgroups: comp.lang.ada x-mailer: Mozilla 2.02 (Macintosh; I; 68K) Date: 1996-10-11T00:00:00+00:00 List-Id: Alan Brain wrote: [snip] > > > -- do the unchecked conversion to SOURCE here -- > > > -- .. > > > > > > PARANOIA_BLOCK: > > > > > > begin > > > TARGET := TRAFFIC_LIGHT_TYPE(SOURCE); > > > exception > > > when CONSTRAINT_ERROR => -- your data is definitely bad > > > -- etc > > > end PARANOIA_BLOCK; > > > > > > .. > > > end > > > > If Source contains an invalid value, I don't think there's any guarantee > > that the conversion will raise Constraint_Error. [snip] > > Why? How is this different from any other checked conversion? I don't know for sure, but I suspect the answer is related to the following Ada 83 problem: type Widget is range 1 .. 10; function Unchecked_Widget is new Unchecked_Conversion (Natural, Widget); Foo : Widget := Unchecked_Widget(0); if Foo not in Widget'Range then raise Some_Error; end if; Some compilers would not raise Some_Error, since Foo was expected to always be in the range of its own type -- thus, the "if" statement was optimized away. Since the assignment to Foo was erroneous in Ada 83 (as well as Ada 95, apparently), this was not a compiler bug. In Ada 95, of course, you should be able to write if not Foo'Valid then raise Some_Error; end if; although technically this is not guaranteed to work for this particular example either. (The AARM recommends doing the common sense thing here, however.) > I see your > point about Program_Error, but would hate to be the guy writing the > compiler code to produce this. But a Constraint_Error is reasonable; and > to write a compiler so as not to do such a check in this instance would > be more work than leaving the check in. It depends on how the compiler generates the code. For example, I see code like the following fairly often. Using no particular assembly syntax: Load Register_1, SOURCE -- put contents of SOURCE into a register Test Register_1, 16#00FF# -- compare register contents to 16#00FF# If_Equal, YELLOW -- jump to label YELLOW if register=16#00FF# Test Register_1, 16#EE77# If_Equal, GREEN Store 16#0#, TARGET -- set TARGET to representation of RED GoTo NEXT -- move on to next Ada instruction YELLOW: Store 16#1#, TARGET GoTo NEXT GREEN: Store 16#2#, TARGET NEXT: So long as all three of the enums in the type for SOURCE are in the type for TARGET, this will be the code. If one or more enums are missing from TARGET, then the appropriate store(s) would usually be replaced by a call to the exception handler, but no additional checks would be required. Note that only two compares are required to process the three enum values. It would require the generation of an additional test and jump to separate RED from the invalid bit patterns, as follows: Load Register_1, SOURCE -- put contents of SOURCE into a register Test Register_1, 16#00FF# -- compare register contents to 16#00FF# If_Equal, YELLOW -- jump to label YELLOW if register=16#00FF# Test Register_1, 16#EE77# If_Equal, GREEN Test Register_1, 16#FE00# -- new test If_Not_Equal, ERROR -- new jump (could be PROGRAM_ERROR) Store 16#0#, TARGET -- set TARGET to representation of RED GoTo NEXT -- move on to next Ada instruction YELLOW: Store 16#1#, TARGET GoTo NEXT GREEN: Store 16#2#, TARGET NEXT: If invalid bit patterns can only be generated via erroneous constructs, then the compiler vendor can generate less code by assuming that only three bit patterns exist in SOURCE. -- LMTAS - "Our Brand Means Quality" For more info, see http://www.lmtas.com or http://www.lmco.com