From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.glorb.com!peer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!news.flashnewsgroups.com-b7.4zTQh5tI3A!not-for-mail
From: Stephen Leake <stephen_leake@stephe-leake.org>
Newsgroups: comp.lang.ada
Subject: Re: Making guarantees about record components
References: <l6gbro$1oc$1@loke.gir.dk> <l6gqci$lrk$1@dont-email.me>
Date: Wed, 20 Nov 2013 03:36:50 -0600
Message-ID: <8561rnwh1p.fsf@stephe-leake.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (windows-nt)
Cancel-Lock: sha1:wQ3KoXPiejhNgWNPGx4FxcQwkU4=
MIME-Version: 1.0
Content-Type: text/plain
X-Complaints-To: abuse@flashnewsgroups.com
Organization: FlashNewsgroups.com
X-Trace: 95b3a528c82b3eef2f4a329745
X-Received-Bytes: 1919
X-Received-Body-CRC: 1338603036
Xref: news.eternal-september.org comp.lang.ada:17738
Date: 2013-11-20T03:36:50-06:00
List-Id: <comp.lang.ada>

Jeffrey Carter <spam.jrcarter.not@spam.not.acm.org> writes:

> On 11/19/2013 11:49 AM, J Kimball wrote:
>>
>> I'm trying to guarantee that two record component values map to the same
>> value of another type.
>>
>> type A is (...);
>> type C is (...);
>>
>> M : array (A) of C := (...);
>>
>> type R is record
>>     A1 : A;
>>     A2 : A;
>> end record
>>     with Dynamic_Predicate => (M (R.A1) = M (R.A2) );
>>
>> Is this the best solution we have as of Ada 2012?
>
> If you really want to guarantee that the property always holds, this
> doesn't do that. Changes to components of variables of type R, and
> changes to M, may invalidate the predicate but not be detected until
> later. To really guarantee the property, you'd have to encapsulate M
> and all instances of R so that all such changes can be checked.

The rules for when the Dynamic_Predicate is checked are in LRM 3.2.3
31/3. To me, that says any changes to an object of type R are checked,
but not changes to M. 

There is no value for M that satisfies this constraint for all possible
values of R, so this does not seem like a well-defined problem.

I think you need a private type hiding both R and M to enforce this
constraint.

-- 
-- Stephe