Re: Unchecked_Conversion question

[butch!rapnet!lvonrude@uunet.uu.net (Lowell S. VonRuden x5294)]

In article <CCop4H.Hz8@irvine.com> adam@irvine.com (Adam Beneschan) writes:
>In article <1993Sep1.154715.10498@Rapnet.Sanders.Lockheed.Com> lvonrude@Rapnet
.Sanders.Lockheed.Com (Lowell S. VonRuden x5294) writes:
>
>>   I am doing something that seems to work using a Verdix compiler, but I
>>   have not been able to determine if this is something that will be safely
>>   transportable.  Hopefully, someone here can tell me.
>>
>>   I have a 32 bit value coming in from an external interface as an
>>   integer, which I am mapping to an enumeration type.  The enumeration
>>   type has representation clauses for both size (Integer'Size) and
>>   implementation values.  Assigning the result of an unchecked conversion
>>   from the integer to an object of the enumeration type doesn't raise any
>>   exception if the integer is out of range for the enumeration type
>>   representation.  I found that if I do an explicit conversion of the
>>   enumeration object to its type, then the range gets checked.
>>
>>   procedure Sample (Int : Integer) is
>>
>>     type Enum is (AAA, BBB, CCC, DDD);
>>     for  Enum use (AAA=> 1,
>>                    BBB=> 2,
>>                    CCC=> 13,
>>                    DDD=> 14);
>>     for  Enum'Size use Integer'Size;
>>
>>     function Convert is new Unchecked_Conversion (Source => Integer,
>>                                                   Target => Enum);
>>   begin
>>
>>     E := Convert (Int);  -- no exception raised here if Int is out of range
>>
>>     E := Enum (Convert (Int));  -- this does raise constraint error if
>>                                 -- Int is out of range
>>
>>   end Sample;
>>
>>
>>   So, is this a dependable thing to do?
>
>I don't think so.
>
>In fact, I'm surprised that your two statements generate different
>code at all.  After all, Convert is a function that returns an Enum,
>so saying Enum(X) as a type conversion should be a no-op.  I would
>guess that many compilers would recognize this, and not generate any
>constraint checking code when "converting" an object to an object of
>the exact same type.  
>
>I don't such a check is required by the LRM, either.  I believe that
>if you say
>
>    X : Enum;
>...
>   ... Enum(X) ...
>
>the compiler is allowed to assume that "X" contains a valid Enum
>value, and therefore the compiler can determine that no range check is
>required.

That's what I'm concerned about.  The Verdix compiler I'm using
generates the check for the seemingly unnecessary conversion both with
and without the optimizer turned on, but I still feel funny trusting
this in all situations.

I saw someone else's attempt at trying to catch bad values for X.  They
passed the Enum resulting from the unchecked conversion into a procedure,
which did some unrelated thing, but they had a local block with an exception
handler for Constraint_Error surrounding the call.  This would assume
that the constraints of the Enum type would always be checked when the
object is passed to another procedure.

  E := Convert (Int);

  begin
    Do_Something_Unrelated (E);
  exception
    when Constraint_Error =>
      -- assume Int must not have been a valid Enum representation
  end;

Would this be a safe assumption?

-- 
--------------------------------------------------------------------
-- Usual disclaimers apply...               Lowell Von Ruden      --
-- lvonrude@rapnet.sanders.lockheed.com     Lockheed Sanders, Inc --
--------------------------------------------------------------------