From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-12-27 08:49:12 PST Path: archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newsfeed.icl.net!newsfeed.fjserv.net!newsfeed00.sul.t-online.de!t-online.de!news-lei1.dfn.de!news-ham1.dfn.de!news.uni-hamburg.de!cs.tu-berlin.de!uni-duisburg.de!not-for-mail From: Georg Bauhaus Newsgroups: comp.arch.embedded,comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems Date: Sat, 27 Dec 2003 16:49:11 +0000 (UTC) Organization: GMUGHDU Message-ID: References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com> <$km9afA3DB7$EAYO@phaedsys.demon.co.uk> <3feda44e_3@mk-nntp-1.news.uk.worldonline.com> NNTP-Posting-Host: l1-hrz.uni-duisburg.de X-Trace: a1-hrz.uni-duisburg.de 1072543751 6862 134.91.1.34 (27 Dec 2003 16:49:11 GMT) X-Complaints-To: usenet@news.uni-duisburg.de NNTP-Posting-Date: Sat, 27 Dec 2003 16:49:11 +0000 (UTC) User-Agent: tin/1.5.8-20010221 ("Blue Water") (UNIX) (HP-UX/B.11.00 (9000/800)) Xref: archiver1.google.com comp.arch.embedded:6160 comp.lang.ada:3850 Date: 2003-12-27T16:49:11+00:00 List-Id: In comp.lang.ada Ian Bell wrote: :James Rogers> foo : My_Array_Type; :> :> for num in 0..99 loop :> foo(num) := num; :> end loop; :> :> All Ada compilers will correctly identify the error in the for loop. :> [...] : : I know nothing about ada so this is a genuine query rather than a ctiticism. : The above example is fine as long as literals are used - even a C compiler : could be devised to make this check - but what happens when the array index : is computed? Wouldn't that become a famous compiler that finds out, at compile time, which value a certain variable is going to have? :-) If you want a hole in your foot, you can make one, though it might not be easy: with Interfaces; with Ada.Integer_Text_IO; use Ada; procedure t is -- read a positive value from standard input and create an -- array of that size, which is filled (hopping excessively) procedure rubber_buffer(limit: Positive) is subtype Index is Positive range 1 .. limit; -- a range constraint on Positive, determined at call time buffer: array(Index) of Interfaces.Unsigned_8; -- storage for 1 .. limit 8bit quantities begin -- demonstration of constraint_error off_buffer: -- k grows too large for a buffer index for k in Index'first .. 2 * Index'last loop buffer(k) := 42; -- index check failed, at run time end loop off_buffer; off_index_range: -- k gets too large for Index subtype's range for k in Index'first .. Index(2 * Index'last) -- range check failed, at run time loop buffer(k) := 42; end loop off_index_range; end rubber_buffer; n: Positive; -- upper limit of 1-based buffer, read at run time begin Integer_Text_IO.get(n); rubber_buffer(n); end t; That's why language-defined array constructs such as the 'range attribute are useful. You can write for k in buffer'range loop buffer(k) := 42; end loop; (or in this case more simply, using language defined `others' buffer := (others => 42);) no matter what the buffer's index range currently is. -- Georg