Re: Min/Max attribute makes promises it can't keep

[Martin <martin.dowie@btopenworld.com>]

On Apr 27, 8:34 pm, Alex Mentis <asmen...@gmail.com> wrote:
> I'm disappointed with some allowed syntax that seems a little error-
> prone.  Consider the following code:
>
> with Ada.Integer_Text_Io; use Ada.Integer_Text_Io;
>
> procedure Main is
>
>    Nat : constant Natural := 0;
>    Pos : Positive;
>
> begin
>
>    Get (Pos);
>    Put (Positive'Min(Nat, Pos)); -- Ada does not require the Min
> attribute to enforce a Positive result
>
> end Main;
>
> This program happily outputs that the minimum of (0 and whatever
> positive value you enter) is 0.  Now, I concede that the program is
> working exactly as the ARM specifies.  The Min (and Max) attribute
> functions accept and return types of S'Base, in this case
> Positive'Base.  But doesn't it seem like a bit of a tease to allow a
> programmer to specify S'Min if the compiler is allowed to ignore the
> type of S in the function's parameter list and the program does not
> raise a Constraint_Error at run-time if it returns a value outside the
> range of type S?
>
> If it's too hard to enforce strictly then maybe the functions should
> be named Unchecked_Min/Unchecked_Max.  Or maybe the programmer should
> be constrained to using the attributes with only a base type.  Or, at
> the very least, can't the compiler generate a warning about this?  I
> turned on all warnings in GPS and got nothing.
>
> Things that make you go hmmm...
>
> Alex

If you want the check, this should do:

begin
   Get (Pos);
   Put (Positive (Positive'Min(Nat, Pos)));
end ...

-- Martin