Re: Unconstrained base subtype questions

["Alex Mentis" <foo@invalid.invalid>]

Ludovic Brenta wrote:

> "Alex Mentis" <foo@invalid.invalid> writes:
> > The following does not cause a constraint error in my version of
> > GNAT on my system:
> > 
> > ...
> > 
> > Integer_Result := (Integer'Last + Integer'Last) / 2;
> > 
> > ...
> > 
> > 
> > If I understand correctly, this is because the Integer operators are
> > defined for operands of type Integer'Base, which is an unconstrained
> > subtype and allows the operands to be stored in extended-length
> > registers so that intermediate values in calculations do not
> > overflow.
> > 
> > My questions are:
> > 
> > 1) Do I understand correctly what's going on?
> 
> I suspect you compiled without the secret -gnato option

No, I compiled with that option enabled. It still ran happily and
produced the correct output.

> > 2) Does the language make any guarantees about preventing spurious
> > overflow, or am I just getting lucky with my compiler/architecture?
> > If guarantees are made by the language, what are they?
> 
> I'm not sure what you mean by "spurious overflow" (as opposed to
> "overflow") but:

By "spurious overflow" I mean overflow from intermediate results of a
calculation in which the correct final result is actually still within
the type constraints.
 
> - during execution, there are two kinds of overflow checks.
>   Intermediate results must lie within the "base range of the type"
>   which, for all intents and purposes, is the full range of
>   [[Long_]Long_]Integer (ARM 4.5.4(20)).  So, if an intermediate value
>   exceeds e.g. Integer'Last you get a Constraint_Error.

Well, that's my question. In the calculation above, I clearly have an
intermediate value that exceeds Integer'Last. And I tried something
similar with Long_Long_Integer and still couldn't get an overflow
error! So what is the actual limit on the base range of the type? Is it
language defined, compiler defined, hardware defined, none of the above?