Re: Saturation arithmetic woes.

[Niklas Holsti <niklas.holsti@tidorum.invalid>]

In addition to the replies from Martin and Dmitry regarding the absence 
of a "+" operator for Discrete_Type, I would like to comment on the 
logic of your saturated-"+":

xorque wrote:
> package body Saturation is
> 
>   function "+"
>     (Left  : Saturated_Type;
>      Right : Saturated_Type) return Saturated_Type
>   is
>     Temp_Left  : constant Discrete_Type := Discrete_Type (Left);
>     Temp_Right : constant Discrete_Type := Discrete_Type (Right);
>   begin
>     if Temp_Left + Temp_Right > Discrete_Type'Last then

Depending on the actual type associated with Discrete_Type (and assuming 
you use the predefined "+" for that type), you risk getting an overflow 
on Temp_Left + Temp_Right. If you have overflow checks disabled (as Gnat 
has by default) the sum may "wrap around" and seem to be less than 
Discrete_Type'Last, giving you the wrong result. If you have overflow 
checks enabled, you get a Constraint_Error instead of 
Discrete_Type'Last. Ditto for underflow and Discrete_Type'First.

One option is to have two formal types, one that defines the range for 
saturation (as Discrete_Type in your code) and another that is wide 
enough to compute the sum of Left and Right without under- or overflow.

If the other type is called Wide_Type, you could then replace Temp_Left 
and Temp_Right with

    Sum : constant Wide_Type := Wide_Type (Left) + Wide_Type (Right);

which would simplify your code a bit. Or just write one expression:

    return Discrete_Type (
       Wide_Type'Min (Wide_Type (Discrete_Type'Last),
       Wide_Type'Max (Wide_Type (Discrete_Type'First),
                      Wide_Type (Left) + Wide_Type (Right))));

That assumes that the formal Wide_Type is defined as an integer type, 
not just as any discrete type.

HTH,

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .