From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!newsfeed.xs3.de!io.xs3.de!news.jacob-sparre.dk!franka.jacob-sparre.dk!pnx.dk!.POSTED.rrsoftware.com!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: two questions on allocators
Date: Fri, 2 Mar 2018 16:37:57 -0600
Organization: JSA Research & Innovation
Message-ID: <p7cjo6$9t7$1@franka.jacob-sparre.dk>
References: 
 <93229821-ae3d-4e47-91d9-a20ff3c1f1a7@googlegroups.com><55fda761-55f8-4b25-b8ab-0125acf16b05@googlegroups.com><wcczi3t6qqh.fsf@TheWorld.com>
 <p77egm$k05$1@franka.jacob-sparre.dk><wcctvtzqtb1.fsf@TheWorld.com>
 <lyinaej0jy.fsf@pushface.org>
Injection-Date: Fri, 2 Mar 2018 22:37:58 -0000 (UTC)
Injection-Info: franka.jacob-sparre.dk;
 posting-host="rrsoftware.com:24.196.82.226";
	logging-data="10151"; mail-complaints-to="news@jacob-sparre.dk"
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.7246
Xref: reader02.eternal-september.org comp.lang.ada:50802
Date: 2018-03-02T16:37:57-06:00
List-Id: <comp.lang.ada>

"Simon Wright" <simon@pushface.org> wrote in message 
news:lyinaej0jy.fsf@pushface.org...
> Robert A Duff <bobduff@TheWorld.com> writes:
>
>> "not null" is checked in more places than "Predicate => S /= null".
>> You might think that means "not null" is safer.
>
> I think I'm going to be terminally confused. I'd rather have to work
> round the fact that something was *going* to be checked than be able to
> write code (with fingers crossed) using the fact that *in some
> circumstances* it might not be.

Exactly. The reason for the rule Bob noted was to avoid making predicate 
checks on objects that are completely uninitialized (full of garbage). (Ada 
has the invalid object rules to avoid constraint checks on initially garbage 
values.) But if the object *is* initialized to a known value, that reasoning 
doesn't hold - and Ada *does* require a constraint check on an object with a 
Default_Value aspect. (As noted, access types work like this.) Predicates 
(certainly Static_Predicates) should work the same.

The rule in question was crafted before Default_Value was added to the 
language, and should have taken that into account. Bob would not have "won" 
the argument about the wording of this rule had Default_Value existed then.

> I recently (discussed here) came across a problem using a predicate
> where even Randy wasn't sure whether the predicate check should have
> been triggered.

Yes, Dynamic_Predicate checks are messy. They're primarily associated with 
subtype conversions, when there isn't one there is many problems.

                                   Randy.