From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,FORGED_MUA_MOZILLA
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,12a7e74c384c0acb
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.180.86.133 with SMTP id p5mr148688wiz.3.1348660895635;
        Wed, 26 Sep 2012 05:01:35 -0700 (PDT)
Path: 
 q11ni63708316wiw.1!nntp.google.com!proxad.net!feeder1-2.proxad.net!usenet-fr.net!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!newsfeed1.swip.net!newsfeed.arcor.de!newsspool2.arcor-online.net!news.arcor.de.POSTED!not-for-mail
Date: Wed, 26 Sep 2012 14:01:14 +0200
From: Georg Bauhaus <rm.dash-bauhaus@futureapps.de>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
 rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: optimization away of checks in 'valid
References: <5a0711d8-81ad-4200-9b6e-a80feffd5302@googlegroups.com>
In-Reply-To: <5a0711d8-81ad-4200-9b6e-a80feffd5302@googlegroups.com>
Message-ID: <5062ee87$0$6567$9b4e6d93@newsspool3.arcor-online.net>
Organization: Arcor
NNTP-Posting-Date: 26 Sep 2012 14:01:11 CEST
NNTP-Posting-Host: 66a99d3d.newsspool3.arcor-online.net
X-Trace: 
 DXC=Yi]ofc:<fTk9kIfcjg:0fdMcF=Q^Z^V3h4Fo<]lROoRa8kF<OcfhCOkNc<S4EZ9<8nnc\616M64>jLh>_cHTX3jm\k;ZHMBb5D`
X-Complaints-To: usenet-abuse@arcor.de
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Date: 2012-09-26T14:01:11+02:00
List-Id: <comp.lang.ada>

On 26.09.12 03:33, Joseph Wisniewski wrote:
> Specifically, we had a case where C++ code was not checking the bounds of a integer subtype as it was passed to Ada code via a function parameter. The Ada code _was_ checking via 'valid. 'valid returned true even though the integer value was out of bounds. Turns out the compiler relied on the "allowed assumption" that all callers "check their bounds" for such data.

FWIW, is the function like any of the ones below?
I see Exported_2 and Exported_3 have 'Valid removed
after compilation, as expected maybe.

with Interfaces.C;

package Rcheck is

   use type Interfaces.C.int;

   subtype T is Interfaces.C.int range -7 .. 100;
   subtype int is Interfaces.C.int;

   function Exported_1 (Item : T) return T;
   pragma Export (C, Exported_1);

   function Exported_2 (Item : int) return int;
   pragma Export (C, Exported_2);

   function Exported_3 (Item : int) return T;
   pragma Export (C, Exported_3);

   Default_Value : constant T := 33;

end Rcheck;


package body Rcheck is

   Dummy : constant := 66;

   function Exported_1 (Item : T) return T is
      Result : T;
   begin
      if Item'Valid then
	 Result := Dummy;
      else
	 Result := Default_Value;
      end if;
      return Result;
   end Exported_1;

   function Exported_2 (Item : int) return int is
      Result : int;
   begin
      if Item'Valid then
	 Result := Dummy;
      else
	 Result := Default_Value;
      end if;
      return Result;
   end Exported_2;

   function Exported_3 (Item : int) return T is
      Result : T;
   begin
      if Item'Valid then
	 Result := Dummy;
      else
	 Result := Default_Value;
      end if;
      return Result;
   end Exported_3;

end Rcheck;