It might be reasonable to consider adding:
type Source(<>) is limited private;
type Target(<>) is limited private;
function Checked_Conversion( S : Source ) return Target ;
pragma Convention(Intrinsic, Checked_Conversion);
to the language. The function would return "Constraint_Error" if any scalar
component of the return value would return a false 'Valid.
I had thought one could write such a function, but it is virtually
impossible to write an Ada program to "walk" an arbitrary type to find all
components, and even if possible, the limited private target makes it
impossible to create a temporary object that could be used with 'Valid.
On the other hand, it seems to me that compilers have all the information to
do such a "walk" and do the appropriate scalar tests, even "in place" on the
Source, before copying and returning it.
Further, it seems to me that I have seen LOADS of applications that would
have used "Checked_Conversion" instead of "Unchecked_Conversion", had it
Now it is true that one could create the appropriate 'Valid tests for each
instance where Unchecked_Conversion is used, but that can be quite daunting,
and is subject to considerable human error (with complex types, it is quite
hard to manually identify every scalar in the type).
Absence of a "Checked_Conversion" seems to me to be one of the "*unsafer*"
aspects of Ada.
> -----Original Message-----
> From: Taylor, Bill - UK [mailto:[log in to unmask]]
> Sent: Friday, February 16, 2001 10:11 AM
> To: [log in to unmask]
> Subject: Re: Technical Question
> You could always look at the value of
> Control_Data.Month'Valid to check that
> Unchecked_Conversion has yielded a valid value. The attribute
> was added in
> Ada95 precisely becuase you couldn't rely on compilers to
> perform a range
> check. If they did, then the Unchecked_Conversion wouldn't be