Re: Subtypes boundaries

["Yannick Duchêne (Hibou57)" <yannick_duchene@yahoo.fr>]

Le Mon, 14 Jun 2010 23:01:17 +0200, Gautier write-only  
<gautier_niouzes@hotmail.com> a écrit:
> To my surprise, it looks legal Ada.
The base type of IDEFIX is ASTERIX, by definition.

[ARM 2005 3.5(5)] just says:
> For a subtype_indication containing a range_constraint, either directly 
> or as part of some other scalar_constraint, the type of the range shall
> resolve to that of the type determined by the subtype_mark of the
> subtype_indication.

Nowhere in 3.5 I could find something explicitly stating when the error  
must be detected (compile time or runtime).

If the ranges was defined using non-literal, like values of type ASTERIX,  
and if these was variables, then there would be no other way except a  
runtime detection of an error.

What disturbed me, is that a literal here, match an ASTERIX while it is  
statically out-of range ?

Needs investigation in the RM (or may be the reference lacks something  
here ?). What is the RM part involved here ?

-- 
There is even better than a pragma Assert: a SPARK --# check.
--# check C and WhoKnowWhat and YouKnowWho;
--# assert Ada;
--  i.e. forget about previous premises which leads to conclusion
--  and start with new conclusion as premise.