From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,ad4aec717fd8556e
X-Google-Attributes: gid103376,public
From: Ken Garlington <kennieg@flash.net>
Subject: Re: 'size attribute inheritance
Date: 1997/08/13
Message-ID: <33F250A4.2B42@flash.net>#1/1
X-Deja-AN: 264040655
References: <33ECF679.4B5D@lmco.com>
 <mheaney-ya023680001008972210070001@news.ni.net> <dewar.871345653@merv>
 <mheaney-ya023680001208971859210001@news.ni.net>
Organization: Flashnet Communications, http://www.flash.net
Reply-To: Ken.Garlington@computer.org
Newsgroups: comp.lang.ada
Date: 1997-08-13T00:00:00+00:00
List-Id: <comp.lang.ada>


Matthew Heaney wrote:
> 
> >Matthew says
> >
> ><<YOU SHOULD NEVER USE CONSTRAINED SUBTYPES TO TRANSMIT OR RECIEVE DATA
> >ACROSS AN EXTERNAL INTERFACE.>>
>

[snip]

> My own lesson was learned the hard way on a VAX.  I was reading into an
> object of an enumeration type, and using that object in a case statement.
> I would get ACCVIO (equivalent to a segmentation fault under UNIX) when I
> got a flakey value from the hardware, which could happen at startup, and
> when power was cycled.

Note that this can happen even if your rule is followed. For example,
if you provide an address to the hardware, the device can "flake" and
write the result to a different address. Also, the device may mislead
you as to the number of consecutive storage units it will write.

On the other hand, a constrained subtype is just as useful as a base
type
if it matches the size of the expected storage units to be written (in
Ada or
Ada 83), or if you use 'Valid (Ada only), which is intended for this
case.

> Consider yourself fortunate that you get any indication that a value is
> outside its constrained range.  But even then, if you're flying a plane
> controlled by software that has an illegal value for an object, is a core
> dump really want you'd want to happen?

No; on the other hand, you don't want to either weaken the typing
abilities
of Ada, nor do you want to introduce too many base types. The intent of
your rule can be followed with constrained subtypes, so long as you
understand the nature of your I/O device.

> Please be very, very careful with data from an external source.

As always!

> 
> --------------------------------------------------------------------
> Matthew Heaney
> Software Development Consultant
> <mailto:matthew_heaney@acm.org>
> (818) 985-1271