TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy


Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
"Team Ada: Ada Advocacy Issues (83 & 95)" <[log in to unmask]>
"Deller, Steve" <[log in to unmask]>
Fri, 16 Feb 2001 09:49:53 -0800
"Deller, Steve" <[log in to unmask]>
text/plain (52 lines)
It might be reasonable to consider adding:

     type Source(<>) is limited private;
     type Target(<>) is limited private;
  function Checked_Conversion( S : Source ) return Target ;
  pragma Convention(Intrinsic, Checked_Conversion);
  pragma Pure(Checked_Conversion);

to the language.  The function would return "Constraint_Error" if any scalar
component of the return value would return a false 'Valid.

I had thought one could write such a function, but it is virtually
impossible to write an Ada program to "walk" an arbitrary type to find all
components, and even if possible, the limited private target makes it
impossible to create a temporary object that could be used with 'Valid.

On the other hand, it seems to me that compilers have all the information to
do such a "walk" and do the appropriate scalar tests, even "in place" on the
Source, before copying and returning it.

Further, it seems to me that I have seen LOADS of applications that would
have used "Checked_Conversion" instead of "Unchecked_Conversion", had it
been available.

Now it is true that one could create the appropriate 'Valid tests for each
instance where Unchecked_Conversion is used, but that can be quite daunting,
and is subject to considerable human error (with complex types, it is quite
hard to manually identify every scalar in the type).

Absence of a "Checked_Conversion" seems to me to be one of the "*unsafer*"
aspects of Ada.


> -----Original Message-----
> From: Taylor, Bill - UK [mailto:[log in to unmask]]
> Sent: Friday, February 16, 2001 10:11 AM
> To: [log in to unmask]
> Subject: Re: Technical Question
> John
> You could always look at the value of
> Control_Data.Month'Valid to check that
> Unchecked_Conversion has yielded a valid value. The attribute
> was added in
> Ada95 precisely becuase you couldn't rely on compilers to
> perform a range
> check. If they did, then the Unchecked_Conversion wouldn't be
> "unchecked".