From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: f849b,b8d52151b7b306d2
X-Google-Attributes: gidf849b,public
X-Google-Thread: 103376,a00006d3c4735d70
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-12-28 01:24:23 PST
Path: 
 archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newsfeed.icl.net!newsfeed.fjserv.net!newsfeed00.sul.t-online.de!t-online.de!news-lei1.dfn.de!news-ham1.dfn.de!news.uni-hamburg.de!cs.tu-berlin.de!uni-duisburg.de!not-for-mail
From: Georg Bauhaus <sb463ba@l1-hrz.uni-duisburg.de>
Newsgroups: comp.arch.embedded,comp.lang.ada
Subject: Re: Certified C compilers for safety-critical embedded systems
Date: Sat, 27 Dec 2003 21:32:10 +0000 (UTC)
Organization: GMUGHDU
Message-ID: <bsktoq$id1$1@a1-hrz.uni-duisburg.de>
References: <3fe00b82.90228601@News.CIS.DFN.DE> <3FE026A8.3CD6A3A@yahoo.com>
 <$km9afA3DB7$EAYO@phaedsys.demon.co.uk>
 <bcEFNEK9esyI@eisner.encompasserve.org>
 <p$OIcVFWHL7$EA6t@phaedsys.demon.co.uk>
 <wccekur4151.fsf@shell01.TheWorld.com>
 <Xns945DE49836882jimmaureenrogers@204.127.36.1>
 <3feda44e_3@mk-nntp-1.news.uk.worldonline.com>
 <x7vekuq6wdw.fsf@smaug.pushface.org>
 <3fedbbf0_3@mk-nntp-1.news.uk.worldonline.com>
NNTP-Posting-Host: l1-hrz.uni-duisburg.de
X-Trace: a1-hrz.uni-duisburg.de 1072560730 18849 134.91.1.34 (27 Dec 2003
 21:32:10 GMT)
X-Complaints-To: usenet@news.uni-duisburg.de
NNTP-Posting-Date: Sat, 27 Dec 2003 21:32:10 +0000 (UTC)
User-Agent: tin/1.5.8-20010221 ("Blue Water") (UNIX) (HP-UX/B.11.00
 (9000/800))
Xref: archiver1.google.com comp.arch.embedded:6212 comp.lang.ada:3877
Date: 2003-12-27T21:32:10+00:00
List-Id: <comp.lang.ada>

In comp.lang.ada Ian Bell <ian@ruffrecordsdotworldonline.co.uk> wrote:
:> You mean as in
:> 
:>   type my_index is range 0 .. some_variable;
:> 
:> -- yes, Ada compilers will perform the check.
:> 
: 
: That was not what I had in mind and seems to me to be rather dodgy code.  i
: was thinking more of the return value of some function being used as an
: index to the array.

That should depend on what the compiler can find out about the
function.  For example, if there is "type Index is range 0..359;",
then if a function is specified to return values of a constrained
subtype of Index ranging from 0..179, and a buffer has been allocated for
some Index subtype's values ranging from 180..359, the compiler will
warn if you use the function's values as indices to the array,
_although_ in C terms the array index values and the function return
values are indistinguishable (both unsigned shorts for example).
I.e.
   type Index is range 0..359;
   subtype First_Half is Index range 0..179;
   subtype Second_Half is Index range 180..359;

   buffer: array(First_Half) of Some_Decimal_Type;

   function some_val return Second_Half;
   --  Second_Half values at random

...

    27.    if buffer(some_val) > 10.0 then
                     |
        >>> warning: value not in range of type "First_Half" defined at line 6
        >>> warning: "Constraint_Error" will be raised at run time