From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,aaabba5db6b5df34 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!y30g2000yqh.googlegroups.com!not-for-mail From: Martin Newsgroups: comp.lang.ada Subject: Re: Min/Max attribute makes promises it can't keep Date: Tue, 27 Apr 2010 13:20:41 -0700 (PDT) Organization: http://groups.google.com Message-ID: <9b17e781-f46a-4384-8809-b16602d10114@y30g2000yqh.googlegroups.com> References: <98b7e6f2-32ed-465c-9a52-541b7878ca86@y17g2000yqd.googlegroups.com> NNTP-Posting-Host: 86.169.172.61 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1272399641 10112 127.0.0.1 (27 Apr 2010 20:20:41 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 27 Apr 2010 20:20:41 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: y30g2000yqh.googlegroups.com; posting-host=86.169.172.61; posting-account=g4n69woAAACHKbpceNrvOhHWViIbdQ9G User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.0.10, Ant.com Toolbar 1.3,gzip(gfe) Xref: g2news2.google.com comp.lang.ada:11216 Date: 2010-04-27T13:20:41-07:00 List-Id: On Apr 27, 8:34=A0pm, Alex Mentis wrote: > I'm disappointed with some allowed syntax that seems a little error- > prone. =A0Consider the following code: > > with Ada.Integer_Text_Io; use Ada.Integer_Text_Io; > > procedure Main is > > =A0 =A0Nat : constant Natural :=3D 0; > =A0 =A0Pos : Positive; > > begin > > =A0 =A0Get (Pos); > =A0 =A0Put (Positive'Min(Nat, Pos)); -- Ada does not require the Min > attribute to enforce a Positive result > > end Main; > > This program happily outputs that the minimum of (0 and whatever > positive value you enter) is 0. =A0Now, I concede that the program is > working exactly as the ARM specifies. =A0The Min (and Max) attribute > functions accept and return types of S'Base, in this case > Positive'Base. =A0But doesn't it seem like a bit of a tease to allow a > programmer to specify S'Min if the compiler is allowed to ignore the > type of S in the function's parameter list and the program does not > raise a Constraint_Error at run-time if it returns a value outside the > range of type S? > > If it's too hard to enforce strictly then maybe the functions should > be named Unchecked_Min/Unchecked_Max. =A0Or maybe the programmer should > be constrained to using the attributes with only a base type. =A0Or, at > the very least, can't the compiler generate a warning about this? =A0I > turned on all warnings in GPS and got nothing. > > Things that make you go hmmm... > > Alex If you want the check, this should do: begin Get (Pos); Put (Positive (Positive'Min(Nat, Pos))); end ... -- Martin