'Valid, subtypes and constraint checking

[Peter Amey <peter.amey@praxis-cs.co.uk>]

Some guidance please to reduce the slight panic I am suffering from.

When reading in values from an external device it is important to check 
that the value read is a valid representation for its type.  The read 
values are also considered volatile so each read returns a potentially 
different value.

I have alsways believed the way to do this is:

ExternalPort : T;
Temp  : T;    -- note same SUBtype as the port
...
Temp := ExternalPort; -- no checks generated because same subtype
if Temp'Valid then
   -- we can use value safely
else
   -- handle error safely
end if;

I have also assumed that applying 'Valid to the volatile value 
(ExternalPort) is pointless because, even if the check passes, any 
subsequent use of ExternalPort may return a different (perhaps invalid) 
value.

My confidence has now been shaken by a test case for a compiler, as yet 
unnamed, which raises constraint error for the initial assignment of an 
invalid value in ExternalPort to Temp.  Is this correct behaviour?  If 
it _is_ correct, how can you ever validate external volatile data?

(Horrible strawman solution: do an unchecked conversion of External_Port 
into Temp and then do the validity check).

Thoughts?



Peter