From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,583275b6950bf4e6 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-05-24 15:42:35 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!out.nntp.be!propagator2-sterling!news-in.nuthinbutnews.com!cyclone1.gnilink.net!wn14feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi.com!rwcrnsc54.POSTED!not-for-mail Message-ID: <3ECFF541.1010705@attbi.com> From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Quality systems (Was: Using Ada for device drivers? (Was: the Ada mandate, and why it collapsed and died)) References: <3ec4b1c9$1@news.wineasy.se> <9fa75d42.0305161748.1735fc32@posting.google.com> <4W%xa.28765$cK5.11964@nwrdny02.gnilink.net> <1053353256.804734@master.nyc.kbcfp.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit NNTP-Posting-Host: 24.62.164.137 X-Complaints-To: abuse@attbi.com X-Trace: rwcrnsc54 1053816149 24.62.164.137 (Sat, 24 May 2003 22:42:29 GMT) NNTP-Posting-Date: Sat, 24 May 2003 22:42:29 GMT Organization: AT&T Broadband Date: Sat, 24 May 2003 22:42:29 GMT Xref: archiver1.google.com comp.lang.ada:37741 Date: 2003-05-24T22:42:29+00:00 List-Id: Randy Brukardt wrote: > Ada doesn't have unsigned but checked integer types. You can define an > unsigned subtype of a signed type, but not all compilers support the > unsigned representation, and most do math with the next larger size of > signed math. Depending on the processor, that can be more expensive (for > instance, if the compiler supports 64-bit math on a 32-bit machine). > Moreover, if you want the largest possible unsigned type (say 0 .. > 2**32-1 or 0 .. 2**64-1), it has to be modular; you can't declare the > needed signed type to make a subtype. > In any case, this is a relatively minor issue. It's annoying that Ada is > less safe than it can be, but you can live with it. It also seems like a problem that is easy to fix in Ada0Y, if not just by getting compilers to do the right thing. You want to be able to say: type Unsigned is range 0..2**32-1; for Unsigned'Size use 32; There are three potential solutions for Ada0Y: 1) All vendors agree to support such a declaration. (What about you Randy?) 2) Such a type is declared in Standard, probably saying: for Unsigned'Size use Integer'Size; This type should be a non-standard integer type in the sense of 3.5.4(25). It could also be declared in a package other than Standard, possibly System. After all it is very likely that System.Address will be such a type. 3) Add a pragma Unsigned which has to be used immediately after a type declaration, and has the semantic effect that negative values of the type can raise Constraint_Error even on intermediate calculations. In other words A-B+C could raise an exception if B < A, even if B < A+C. I think that solution two is probably the right choice. After all what Randy is saying is that it is the particular case which the current language doesn't guarantee to work and that he needs. Those of us who want real modular types can ignore the silly inequality operators that are there but we would never use. (Well, not really. There are some cases where A < B is useful shorthand for: A, B: Modular; ... if Some_Integer_Type(A) < Some_Integer_Type(B) then... Of course, those implicit conversions to an integer type prevent refactoring.)