From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,INVALID_DATE
	autolearn=no autolearn_force=no version=3.4.4
Newsgroups: comp.lang.ada
Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!wuarchive!decwrl!ads.com!bhanafee
From: bhanafee@ADS.COM (Brian Hanafee)
Subject: Re: Ada Constraints
Message-ID: <MB^%$C$@ads.com>
Sender: usenet@ads.com (USENET News)
Organization: Advanced Decision Systems, Mt. View, CA (415) 960-7300
References: <4CE1FEE5846FC025DB@icdc.llnl.gov>
Date: Thu, 16 Aug 90 18:31:19 GMT
List-Id: <comp.lang.ada>

In article <4CE1FEE5846FC025DB@icdc.llnl.gov> WILSON@AMSTEL.llnl.gov (One Heppy Heppy 'Ket') writes:
>Today's Ada Challenge:
>
>   How can I force range checks on data presented to my Ada program from a
>foreign (viz., C) routine?
>

[stuff deleted]

>   By the time Ada gets involved, the data is already loaded (by the non-Ada
>network routines) into an Ada record-type variable.  Our Ada compiler
>(VAX Ada V1.5) sees no reason to perform any range checks, since it didn't do
>the actual assignment which loaded the variable.  Eventually the program
>performs an array index based on a component of the record variable, and gets
>an access violation, or worse, crashes a task, or who-knows-what.

[list of possible approaches deleted]

>
>   Thanks in advance,
>
>				--- Rick Wilson
>				    Lawrence Livermore National Laboratory
>				    (415) 423-6662
>				    wilson@derby.llnl.gov

How about defining a generic like this:

generic
    type The_Range_Limited_Integer_Type is range <>;
function Checked (Item : in Integer)
  return The_Range_Limited_Integer_Type;


function Checked (Item : in Integer)
  return The_Range_Limited_Integer_Type is
begin
    return The_Range_Limited_Integer_Type (Item);
end Checked;

and using it like this:

    function Checker is new Checked (The_Element_Type);

    The_Record.The_Element := Checker (The_Record.The_Element);


Since the compiler doesn't know how the generic function is used,
it can't assume the range will be good in all cases, so it should
have to embed a range check in the function instantiation.  The
only time I can think of when the optimizer might catch this is
if Checker gets inlined rather than called.

You'll have to write generics for all the possible root types
(e.g. float, long_integer, etc.).  Enumerated types might be
a little trickier.


Brian Hanafee
Advanced Decision Systems