From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,583275b6950bf4e6 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-05-27 14:07:42 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Quality systems (Was: Using Ada for device drivers? (Was: the Ada mandate, and why it collapsed and died)) Date: Tue, 27 May 2003 16:08:51 -0500 Organization: Posted via Supernews, http://www.supernews.com Message-ID: References: <3ec4b1c9$1@news.wineasy.se> <9fa75d42.0305161748.1735fc32@posting.google.com> <4W%xa.28765$cK5.11964@nwrdny02.gnilink.net> <1053353256.804734@master.nyc.kbcfp.com> <3ECFF541.1010705@attbi.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Newsreader: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3719.2500 X-Complaints-To: abuse@supernews.com Xref: archiver1.google.com comp.lang.ada:37867 Date: 2003-05-27T16:08:51-05:00 List-Id: Robert I. Eachus wrote in message <3ECFF541.1010705@attbi.com>... >Randy Brukardt wrote: > >> Ada doesn't have unsigned but checked integer types. You can define an >> unsigned subtype of a signed type, but not all compilers support the >> unsigned representation, and most do math with the next larger size of >> signed math. Depending on the processor, that can be more expensive (for >> instance, if the compiler supports 64-bit math on a 32-bit machine). >> Moreover, if you want the largest possible unsigned type (say 0 .. >> 2**32-1 or 0 .. 2**64-1), it has to be modular; you can't declare the >> needed signed type to make a subtype. > >> In any case, this is a relatively minor issue. It's annoying that Ada is >> less safe than it can be, but you can live with it. > >It also seems like a problem that is easy to fix in Ada0Y, if not just >by getting compilers to do the right thing. > >You want to be able to say: > >type Unsigned is range 0..2**32-1; >for Unsigned'Size use 32; > >There are three potential solutions for Ada0Y: > >1) All vendors agree to support such a declaration. (What about you Randy?) Our code generators always have supported unsigned and checked types. I had to add a set of special operations to support the wrap-around semantics of But: this type is very nasty for code shared generics. It essentially means that you cannot share generics with formal integer types, or you have to have bizarre operations that decide at runtime whether they are handling a signed or unsigned type. (Ada 95 has a little of this for formal discrete types, but it never happens in practice.) >2) Such a type is declared in Standard, probably saying: >for Unsigned'Size use Integer'Size; >This type should be a non-standard integer type in the sense of >3.5.4(25). It could also be declared in a package other than Standard, >possibly System. After all it is very likely that System.Address will >be such a type. Non-standard avoids the generic problem, but it makes one wonder why this isn't a first class type. >3) Add a pragma Unsigned which has to be used immediately after a type >declaration, and has the semantic effect that negative values of the >type can raise Constraint_Error even on intermediate calculations. In >other words A-B+C could raise an exception if B < A, even if B < A+C. Yuck. Randy.