From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00, PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!newsfeed.xs3.de!io.xs3.de!news.jacob-sparre.dk!franka.jacob-sparre.dk!pnx.dk!.POSTED.rrsoftware.com!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: [Newbie] doubly constrained array, dumb question Date: Tue, 27 Feb 2018 16:11:27 -0600 Organization: JSA Research & Innovation Message-ID: References: <62f83fe5-15d6-41cf-952f-bc3cb077d42f@googlegroups.com> Injection-Date: Tue, 27 Feb 2018 22:11:28 -0000 (UTC) Injection-Info: franka.jacob-sparre.dk; posting-host="rrsoftware.com:24.196.82.226"; logging-data="22207"; mail-complaints-to="news@jacob-sparre.dk" X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.7246 Xref: reader02.eternal-september.org comp.lang.ada:50692 Date: 2018-02-27T16:11:27-06:00 List-Id: "Simon Wright" wrote in message news:lyefl6kdrc.fsf@pushface.org... > "Randy Brukardt" writes: > >> "J-P. Rosen" wrote in message >> news:p71rvj$vgh$1@gioia.aioe.org... >>> Le 26/02/2018 à 17:26, Mehdi Saada a écrit : >>>> Hello. >>>> >>>> I would like an constrained String subtype with narrower bounds that >>>> Positive'Range. >>>> How can I do something like: >>>> subtype Possible_Length is NATURAL range 1..80; >>>> subtype T_Line is String (Possible_Length range <>); >>>> ? I know "range <>" isn't included in the definition of >>>> "range_constraint". How can I express the same thing. >>>> So that I can get after, a dynamic string with: >>>> A: access T_LINE := new T_LINE'("BLABLABLA"); while checking for its >>>> range. >>>> >>> You can't do that, because a subtype can't be both constrained and >>> unconstrainde at the same time... >>> >>> OTOH, you can define your own string type: >>> type Short_String is array (Possible_length range <>) of character; >> >> Or you could use a subtype with a dynamic predicate: >> >> subtype Short_String is String >> with Dynamic_Predicate => Short_String'First >= >> Possible_Length'First >> and Short_String'Last <= Possible_Length'Last; >> >> This would be checked any time that you convert a string value into a >> Short_String subtype (explicitly or implicitly), so it probably would >> give >> the right effect. Note that unlike a real constraint, it wouldn't have >> any >> effect on other subtypes, so: >> Silly_Object : Short_String (1..100); >> would not raise Constraint_Error, but any attempt to assign into it would >> raise Assertion_Error. (Assuming the Assertion_Policy is Check, it isn't >> for >> GNAT by default.) > > I tried this first: > > with Ada.Text_IO; > procedure Short_String is > pragma Assertion_Policy (Check); > subtype Possible_Length is Integer range 0 .. 5; > subtype Short_String is String > with Dynamic_Predicate => Short_String'Length <= > Possible_Length'Last; > begin > for J in 0 .. 6 loop > declare > S : Short_String (1 .. J) := (others => 'm'); Argubly, assigning an aggregate doesn't involve a subtype conversion, in which case there would be no predicate check. You could also argue the reverse: 5.2(11) says that there is a conversion. A compiler would be allowed to omit it if it can prove that it already passed -- but not to ignore it. > -- pragma Assert (S'Length <= Possible_Length'Last); > begin > S := (others => 'x'); > Ada.Text_IO.Put_Line (String (S) & S'Length'Img); > end; > end loop; > end Short_String; > > and then with your suggestion, and neither raised AE. > > I put in an assertion as commented out, and it was triggered. > > SPARK detectd the problem ("medium: predicate check might fail"). I think it is is GNAT bug, but it is very much on the edge -- as noted above, an assignment should check the predicate, but we also want compilers to be able to eliminate redundant checks. In this case, it appears that no one is checking the predicate, which hardly makes the assignment check redundant (thus it is a bug). (That is, it would be OK if the aggregate checked the predicate, but it doesn't actually have a reason to do so -- so the assignment ought to be doing it. For other subtype checks on "others" aggregates, the aggregate itself has to make them. That might cause the compiler to not make the subtype check on the assignment, thinking it is redundant [but it isn't if the subtype has a predicate]). Randy. Randy.