Min/Max attribute makes promises it can't keep

[Alex Mentis <asmentis@gmail.com>]

I'm disappointed with some allowed syntax that seems a little error-
prone.  Consider the following code:

with Ada.Integer_Text_Io; use Ada.Integer_Text_Io;

procedure Main is

   Nat : constant Natural := 0;
   Pos : Positive;

begin

   Get (Pos);
   Put (Positive'Min(Nat, Pos)); -- Ada does not require the Min
attribute to enforce a Positive result

end Main;

This program happily outputs that the minimum of (0 and whatever
positive value you enter) is 0.  Now, I concede that the program is
working exactly as the ARM specifies.  The Min (and Max) attribute
functions accept and return types of S'Base, in this case
Positive'Base.  But doesn't it seem like a bit of a tease to allow a
programmer to specify S'Min if the compiler is allowed to ignore the
type of S in the function's parameter list and the program does not
raise a Constraint_Error at run-time if it returns a value outside the
range of type S?

If it's too hard to enforce strictly then maybe the functions should
be named Unchecked_Min/Unchecked_Max.  Or maybe the programmer should
be constrained to using the attributes with only a base type.  Or, at
the very least, can't the compiler generate a warning about this?  I
turned on all warnings in GPS and got nothing.

Things that make you go hmmm...

Alex