Re: Streams and abnormality

[Simon Wright <simon@pushface.org>]

Adam Beneschan <adam@irvine.com> writes:

> On Tuesday, June 12, 2012 2:31:17 AM UTC-7, Simon Wright wrote:
>> Using this code with GCC 4.6, 4.7 and GNAT GPL 2011,
>> 
>>       Str : aliased {a child of Root_Stream_Type};
>>       subtype Short_Int is Integer range 0 .. 42;
>>       S : Short_Int;
>>    begin
>>       Integer'Output (Str'Access, -1);
>>       S := Short_Int'Input (Str'Access);
>>       Put_Line (S'Img & " " & S'Valid'Img);
>> 
>> I get the output " 63 FALSE".
>> 
>>  My reading of AARM05 13.9.1(4..6) [1] is that - because S is a scalar
>>  object - S should not have been allowed to become abnormal; I think
>>  that, instead, some exception (Constraint_Error? Data_Error?) should
>>  have been raised.
>> 
>> [1] http://www.adaic.org/resources/add_content/standards/05aarm/html/AA-13-9-1.html
>
> You're right; it should have raised Constraint_Error, but I think it
> has nothing to do with 13.9.1, because Short_Int'Input is defined to
> return a value of type Short_Int'Base, not Short_Int (13.13.2(23),
> which actually says Short_Int'Input returns the *type* T of which
> Short_Int is a subtype, but I think that's the same thing).  Thus, in
> a normal situation, the result of Short_Int'Input *cannot* be an
> invalid value, because (if Integer'Size = 16) then 16 bits will be
> read from the stream, and all possible 16-bit bit patterns are valid
> values of Short_Int'Base.  I don't see anything in 13.13.2 that says
> the function result of ST'Input is checked against the constraints
> defined for subtype ST.  The Constraint_Error should occur during the
> assignment, when the value of the expression (of type S'Base) needs to
> be constraint-checked before assigning into S, just as it would if
> *any* function returning Integer appeared on the right side of the
> assignment.
>
> After rereading 13.9.1, though, I think it's wrong to suppose that
> there's a dichotomy between "abnormal" and "must raise an exception".
> 13.9.1 appears to define two different concepts, abnormal objects and
> objects with invalid representation.  A scalar object can have invalid
> representation without being abnormal, and this condition could be
> produced by stream operations, such as T'Input where T is an
> enumeration type.  It looks like the main difference between "abnormal
> objects" and "scalars with invalid representation" is that the latter
> is a "bounded error" and there is more definition about what programs
> are required to do with scalars to ensure they don't make a huge mess.
> But raising an exception isn't required.

Thanks, Dennis & Adam.

I think Dennis is right; there's no explicit statement of what checks
are made for a bare scalar, but AARM05 13.13.2(35)[1] says that scalar
*components* are only checked if they are discriminants or if the
component_declaration has a default_expression.

Looking at the AI[2], I must say I don't see quite where the
"discriminants or if the component_declaration has a default_expression"
comes from. It looks to me as though this should have read
"discriminants whose component_declaration has a default_expression"
(see !summary 7).

With GNAT, -gnatVc (turn on validity checking for copies) catches the
problem in my code.

[1] http://www.adaic.org/resources/add_content/standards/05aarm/html/AA-13-13-2.html
[2] http://www.ada-auth.org/cgi-bin/cvsweb.cgi/ais/ai-00195.txt?rev=1.33