From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: a07f3367d7,146d9a693430fff2
X-Google-Attributes: gida07f3367d7,public,usenet
X-Google-NewGroupId: yes
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news3.google.com!proxad.net!feeder1-2.proxad.net!usenet-fr.net!gegeweb.org!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Ada2012 Invariants and obaque types
Date: Tue, 21 Jun 2011 22:52:22 +0200
Organization: cbb software GmbH
Message-ID: <h0xxgcuu0jt$.1egpe6nxhiili.dlg@40tude.net>
References: 
 <239a78ad-0937-4a7a-8163-231430fd5ffe@k27g2000yqn.googlegroups.com>
 <17t4afbmsrbm4.7llaajq91zz3.dlg@40tude.net> <op.vxfvc6uxule2fv@douda-yannick>
 <1rxmqjvvd0nk6.1pqiavml8xwzf.dlg@40tude.net>
 <op.vxfxztmglzeukk@jellix.jlfencey.com>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: tTbBIp3XEhzVGZRkrrt0pg.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
Xref: g2news1.google.com comp.lang.ada:19995
Date: 2011-06-21T22:52:22+02:00
List-Id: <comp.lang.ada>

On Tue, 21 Jun 2011 21:34:31 +0200, Vinzent Hoefler wrote:

> Dmitry A. Kazakov wrote:
> 
>> 'Valid is a hack around missing value initialization enforcement or some
>> kludges to support Unchecked_Conversion. It cannot justify anything because
>> 'Valid itself lacks credibility.
> 
> How do you properly initialise and/or validate values coming from an untrusted
> external source (i.e. "bus")? Always using the full bit pattern and write the
> conversion routine yourself?

Yes, I always do exactly this, at least in order to make my program
portable. E.g. instead of querying the endianness of the machine and trying
to guess what kind of bit shuffling might be appropriate in order to map an
external representation onto the machine one through Unchecked_Conversion
(provided such mapping exists, which in real life could not be the case
when working with bus encodings), I just interpret bits as they are
described. It is safer, cleaner, easier to understand, requires no
preprocessing. If this could be slightly less efficient, I don't care.

BTW, what I do miss for this stuff is cross type checks. E.g.

   X : Integer := ...;

   if X in Unsigned_32'Range then

The problem is that both

   if X in Integer (Unsigned_32'First)..Integer (Unsigned_32'Last) then

or

   if Unsigned_32 (X) in Unsigned_32'Range then

might fail on different machines. I need a test if the value of the type T
can be converted to the type S. (For real types it can be a quite
non-trivial to test)

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de