Re: Class Wide Type Invariants - My bug or compiler bug

["Randy Brukardt" <randy@rrsoftware.com>]

<adambeneschan@gmail.com> wrote in message 
news:3cf20663-960d-4ab1-9210-08042ca6af43@googlegroups.com...
> On Tuesday, February 25, 2014 7:29:45 PM UTC-8, Anh Vo wrote:
>> GNAT did not raise Assertion_Error where I thought it should for the 
>> following codes. Either I misunderstood the LRM or it is a compiler bug.
>
> It looks to me like this should work, according to 7.3.2(19).  I don't 
> know what GNAT's
> default Assertion_Policy for Type_Invariant'Class is, however.

7.3.2(19/3) is a mess, however. AI12-0042-1 changed it a lot, but that 
change isn't right either, so it's rather in limbo at the moment. (See the 
working RM for the current state of things.)

Note that a literal implementation of 7.3.2(19/3) would cause every 
invariant check to go infinitely recursive, since there is supposed to be an 
invariant check on the parameter of Check_In, which is called from the 
invariant check - repeat forever. GNAT doesn't implement that for obvious 
reasons, so it can't exactly implement the rule as written, and once you 
have to go off the grid, all bets are off.

Some parts will be in every rule (checking of in out and out parameters, for 
instance), so you probably can assume those are checked. But that's about 
it. Probably it would be better to not depend too much on Type_Invariants 
until we figure out what rules actually make sense (and we find a set that 
isn't insane for one reason or another).

                                  Randy.