From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,e8c8d1c63ffacf0d X-Google-Attributes: gid103376,public From: Robert A Duff Subject: Re: Constraint checking of actuals passed to Attributes Date: 2000/05/17 Message-ID: #1/1 X-Deja-AN: 624522311 Sender: bobduff@world.std.com (Robert A Duff) References: <391250A8.99D1585C@hotmail.com> <39171B69.2F983487@averstar.com> <8f93lm$1es$1@nnrp1.deja.com> <8f9snr$vbr$1@nnrp1.deja.com> Organization: The World Public Access UNIX, Brookline, MA Newsgroups: comp.lang.ada Date: 2000-05-17T00:00:00+00:00 List-Id: Simon Wright writes: > Robert A Duff writes: > > > In the run-time model the AverStar compiler chooses, the compiler can > > prove validity quite often. For example, an 'in' parameter of an > > integer type is always valid, because it was constraint checked at the > > call site. > > Presumably this isn't true if the subprogram was exported .. You mean exported as in pragma Export? It's true even in that case. Eg: procedure P(X: Positive) is S: String(1..10); begin S(X) := 'x'; end P; Inside P, we assume X is in Positive. On the assignment, the generated code will check that X <= 10, but will *not* check that X >= 1. If you call P from C code, it's your responsibility to pass the correct stuff. If you pass in a negative value, you will overwrite an arbitrary memory location. This is always true: you always lose all checking (compile time and run time) at the interface between Ada and some foreign language. - Bob