Re: Static assertions

[Robert A Duff <bobduff@world.std.com>]

Christoph Grein <christoph.grein@eurocopter.com> writes:

> Robert A Duff wrote:
> 
> > Interesting.  But shouldn't it be Assert'(...)?
> >                                         ^ ie a qualified expression

What I meant was that it's better style to use a qualfied expression
than a type conversion, in cases where both work, because a qual exp is
less powerful.  That is, why say "Warning Will Robinson: I'm converting
types" when you're *not* converting types?

(IMHO a type conversion that converts from a type to itself should cause
at least a warning.)

>   package Verifier is
>     subtype Assert is Boolean range True .. True;
> 
>     Assert_1 : constant := Boolean'Pos (Assert (Integer'Size = 16));
>     Assert_2 : constant := Boolean'Pos
> 				  (Assert (Integer'Size = 2 * Character'Size));
>   end Verifier;
> 
> With a type conversion this compiles on my Apex Ada 95 Compiler 3.0.0b on 

Sounds like a compiler bug, which you should report.  The above code is
illegal (as desired).  The AverCom Ada front end gives two error
messages for the above.

> It seems like the type conversion is ignored.
[... RM exegesis snipped]

You missed 4.6(51), which says that the subtype is checked.  A
type_conversion is really a subtype conversion, despite its name.  That
is, a type_conversion T(X) converts the value of X to the type of
subtype T, and then checks that the value is in the subtype T.

> Thus there is nowhere specified that the subtype range is checked.
>    Put_Line (Integer'Image (Natural (-2.3)));
> compiles just fine and produces -2.

Again, that sounds like a compiler bug.  The AverCom Ada compiler says
it's illegal.

> So thanx to Robert Duff for hinting.

Well, I wasn't hinting at what you thought I was hinting.  ;-)

- Bob