Re: Constraint checking of actuals passed to Attributes

[Tucker Taft <stt@averstar.com>]

Matt Brennan wrote:
> 
> Quick question:
> 
> Is an implementation required to generate code to check that an actual
> parameter passed to an attribute (for example, 'Image of a scalar type)
> is subtype conformant with the formal parameter?

Most attribute functions like 'Image, 'Pos, etc., have the base subtype
as the parameter subtype, meaning that no constraints apply.
Hence, the only possible problem occurs if the actual parameter is
not a value of the *type* which could happen due to unchecked
conversion, (unchecked) binary input, or an uninitialized variable.

Implementations are not required to deal nicely with the unchecked
conversion or binary input situation, but are required to at least
"survive" the uninitialized variable situation in Ada 95.
This is because the first two are "erroneous" situations whereas
the last one is merely a "bounded error."  This means that in the
first two cases, anything could happen (incineration of disk drive,
etc.), whereas in the uninitialized case, Program_Error, Constraint_Error,
or producing some arbitrary value as the result would be acceptable.

In Ada 83, using uninitialized variables is erroneous as well,
so some compilers out there might still misbehave on them due
to bugs or ancestry. 

> Opinions with ARM references most welcome! :-)

RM95 A.13(17) -- unchecked binary input
RM95 13.9(11)/13.9.1(8) -- unchecked conversion/abnormality
RM95 13.9.1(9-11) -- uninitialized variable bounded error

> 
>   Matt

-- 
-Tucker Taft   stt@averstar.com   http://www.averstar.com/~stt/
Technical Director, Commercial Division, AverStar (formerly Intermetrics)
(http://www.averstar.com/services/IT_consulting.html)  Burlington, MA  USA