From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,45a9122ddf5fcf5
X-Google-Attributes: gid103376,public
From: eachus@spectre.mitre.org (Robert I. Eachus)
Subject: Re: Valid Attribute and Unchecked Conversion
Date: 1996/10/02
Message-ID: <EACHUS.96Oct2161139@spectre.mitre.org>#1/1
X-Deja-AN: 186759620
references: <DyCF97.7zp@world.std.com> <1996Sep26.191257.1@eisner>
organization: The Mitre Corp., Bedford, MA.
newsgroups: comp.lang.ada
Date: 1996-10-02T00:00:00+00:00
List-Id: <comp.lang.ada>


In article <mheaney-ya023180000110962027510001@news.ni.net> mheaney@ni.net (Matthew Heaney) writes:

  > So it's legal to check (using the valid attribute) the value of a (scalar)
  > object with an invalid representation, right?

  Right, but...

  > Given the following program:

  >    declare
  >	 type T is range 1 .. 10;
  >	 function To_T is new Unchecked_Conversion (Integer, T);
  >	 O : constant T := To_T (0);
  >    begin
  >	 if O'Valid then
  >	    ...
  >    end;

  > I want to know if the program is correct.  Is it erroneous, yes or no?

   It is erroneous.  That is the point of this discussion change to:

     declare
         type T is range 1 .. 10;
         for T'SIZE use Integer'SIZE;
  	 function To_T is new Unchecked_Conversion (Integer, T'Base);
  	 O : constant T := To_T (0);
      begin
  	 if O'Valid then
  	    ...
      end;

    Now To_T returns a bit pattern that is legal for the type (T'Base),
and the constraint check occurs on the assignment.  You never get to
the call to O'Valid.

    Change to:

     declare
         type T is range 1 .. 10;
         for T'SIZE use Integer'SIZE;
  	 function To_T is new Unchecked_Conversion (Integer, T'Base);
  	 O : T;
      begin
        begin
          O := To_T (0);
        exception when others => null;
        end;

   	if O'Valid then
  	  ...
      end;

      ...and you still don't get what you want.  In this case the
O'Valid check may or may not succeed, depending on the initial junk in
that stack location.

      'Valid is very useful for validating fields of record objects.
But for scalars that may be invalid, you usually want to produce a
(potentially) invalid value of the base type then do a (constraint
checked) assignment.

 
--

					Robert I. Eachus

with Standard_Disclaimer;
use  Standard_Disclaimer;
function Message (Text: in Clever_Ideas) return Better_Ideas is...