From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,aaabba5db6b5df34,start X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!postnews.google.com!y17g2000yqd.googlegroups.com!not-for-mail From: Alex Mentis Newsgroups: comp.lang.ada Subject: Min/Max attribute makes promises it can't keep Date: Tue, 27 Apr 2010 12:34:18 -0700 (PDT) Organization: http://groups.google.com Message-ID: <98b7e6f2-32ed-465c-9a52-541b7878ca86@y17g2000yqd.googlegroups.com> NNTP-Posting-Host: 134.240.241.3 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Trace: posting.google.com 1272396858 32170 127.0.0.1 (27 Apr 2010 19:34:18 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 27 Apr 2010 19:34:18 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: y17g2000yqd.googlegroups.com; posting-host=134.240.241.3; posting-account=CedHywoAAAAcVQwJt5x8TeyAwJA5ElaR User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:11215 Date: 2010-04-27T12:34:18-07:00 List-Id: I'm disappointed with some allowed syntax that seems a little error- prone. Consider the following code: with Ada.Integer_Text_Io; use Ada.Integer_Text_Io; procedure Main is Nat : constant Natural := 0; Pos : Positive; begin Get (Pos); Put (Positive'Min(Nat, Pos)); -- Ada does not require the Min attribute to enforce a Positive result end Main; This program happily outputs that the minimum of (0 and whatever positive value you enter) is 0. Now, I concede that the program is working exactly as the ARM specifies. The Min (and Max) attribute functions accept and return types of S'Base, in this case Positive'Base. But doesn't it seem like a bit of a tease to allow a programmer to specify S'Min if the compiler is allowed to ignore the type of S in the function's parameter list and the program does not raise a Constraint_Error at run-time if it returns a value outside the range of type S? If it's too hard to enforce strictly then maybe the functions should be named Unchecked_Min/Unchecked_Max. Or maybe the programmer should be constrained to using the attributes with only a base type. Or, at the very least, can't the compiler generate a warning about this? I turned on all warnings in GPS and got nothing. Things that make you go hmmm... Alex