From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,caabf5265fad78e5 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!g1g2000pra.googlegroups.com!not-for-mail From: Adam Beneschan Newsgroups: comp.lang.ada Subject: Re: unsigned type Date: Fri, 3 Jul 2009 14:46:57 -0700 (PDT) Organization: http://groups.google.com Message-ID: References: <273dedb7-8d68-42d2-8602-aa44c79f3708@b9g2000yqm.googlegroups.com> <4b83m.98382$d36.15650@bgtnsc04-news.ops.worldnet.att.net> NNTP-Posting-Host: 66.126.103.122 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1246657618 27541 127.0.0.1 (3 Jul 2009 21:46:58 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Fri, 3 Jul 2009 21:46:58 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: g1g2000pra.googlegroups.com; posting-host=66.126.103.122; posting-account=duW0ogkAAABjRdnxgLGXDfna0Gc6XqmQ User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618),gzip(gfe),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:6827 Date: 2009-07-03T14:46:57-07:00 List-Id: On Jul 3, 1:53=A0pm, a...@anon.org (anon) wrote: > Based on the Ada LRM and the ACATS tests. > > Now there is no RM rule that states you check if the Left > Right first, > before verifying if the bounds are legal. Yes, there is, and we have already told you what they are. 4.1.2(7) says that for a slice, "If the slice is not a null slice (a slice where the discrete_range is a null range), then a check is made that the bounds... belong...". Since the check is not made for null slices, then yes, you do have to check first. 3.5(8) says that a range is compatible with a subtype if it is a null range or if the bounds belong, so again you have to check for a null range before making sure the bounds are in range. But both of these RM paragraphs have already been pointed out to you, and you apparently didn't bother to read them but are still insisting you are right, so I don't know what the point of my spelling this out for you is since you probably won't pay any attention to this either. So I think this will have to be my last contribution on this subject. Of course, most of the people on this newsgroup are wondering why I didn't quit long ago. > Since the RM does not directly > give one permission to use an illegal index value, then one should assume > that all index must be valid before checking for a null array. Actually, > Ada RM 0 ( 29 ) states that it is illegal and the program shall create > an exception if the program "access an array component by using an > incorrect index value". When you are creating a null array slice you are not accessing *any* array component, since a null slice has no components. So how would that paragraph apply, even if it were a language rule and not just an example in the Language Summary? > And actually, a number of ACATS tests, show that both index bounds, that = is, > the Left and the Right side must be within the valid range of the subscri= pt > type, even for a null array. Now, the RM 3.5 ( 4 ) states that if the Rig= ht > index is less the Left you have a null array, but it does not say rather = the > bounds must be within the legal range of the index type or not. The parts of the RM which we have pointed out, and that you apparently have not bothered to read, do say explicitly that the bounds of a null array don't have to be in range. > But due to > other parts of RM you should assume that all index must be valid even in > creating a null array. > > -- > -- =A0An example to prove my point. No, it doesn't. This is a special case because the integer type is a *modular* type. Yes, the rules for modular types make things very different. I could go through the rules and explain exactly why this is so, but it isn't going to matter since you won't believe me and you'll just cite some other inapplicable general principle somewhere else in the RM to argue your point and ignore the specific details of what the rules actually say. I'll just say that null strings don't work with modular index types because the 'First of the string is the lower bound of the subtype, which is 0, and the 'Last is what you get by subtracting 1, which is 0-1=3D4 since this is a modular type, and a string whose bounds are (0..4) can't be a null string, which is why an error will result. Another reason for errors in this test is because the base range of modular types is defined differently than for signed integer types. Actually, you *could* cause a similar problem with a signed integer type, but not with String because the lower bound is 1; you'd need to define your own array type whose index range starts with the smallest possible value in the *base range* of the integer (something like -2**32 or -2**64), which then gets an error because you can't subtract one from it. -- Adam > -- > > procedure u is > > =A0 =A0 -- copied from ACATS "B420001.A" > > =A0 =A0 type M5 is mod 5 ; > =A0 =A0 type String_5 is array ( M5 range <> ) of Character ; > =A0 =A0 subtype String_5_5 is String_5 ( 4..3 ) ; > =A0 =A0 Null_5 =A0 =A0: constant String_5 =A0 :=3D "" ; -- ERROR: Would r= aise C_E. > =A0 =A0 OK_Null_5 : =A0 =A0 =A0 =A0 =A0String_5_5 :=3D "" ; -- OK > > -- ----------------------------------------------------------------------= -- -- > -- =A0Now these "Null array" type statement are Illegal. And will raise C= _E. =A0-- > -- =A0GNAT compiler does flag these statement as ERROR =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- > -- ----------------------------------------------------------------------= -- -- > > =A0 =A0 -- both indexes are "out of bounds" > > =A0 =A0 Check_Null_5_A : String_5 :=3D ( 100 .. -100 =3D> 'A' ) ; > =A0 =A0 subtype String_5_A is String_5 ( 100 .. -100 ) ; > > =A0 =A0 -- Left index is valid, with right index "out of bounds" > > =A0 =A0 Check_Null_5_C : String_5 :=3D ( 0 .. -100 =3D> 'C' ) ; > =A0 =A0 subtype String_5_C is String_5 ( 0 .. -100 ) ; > > =A0 =A0 -- Left index is "out of bounds", with the right index valid > > =A0 =A0 Check_Null_5_B : String_5 :=3D ( 100 .. 3 =3D> 'B' ) ; > =A0 =A0 subtype String_5_B is String_5 ( 100 .. 3 ) ; > > begin > =A0 null ; > end u ; > > In , Jean-Pierre Rosen w= rites: > > > > >anon a =E9crit : > >> -- =A0Adam. > >> -- =A0 =A0Now, can you please explain the results from this program. > >Please don't try to make things more complicated than they are. > > >The rule is simple: no bounds checking on null arrays. Full stop. > >Or if you prefer, here is how the check happens: > > >if S'Last >=3D S'First then > > =A0 if S'Last not in S'Range > > =A0 =A0 =A0or S'First not in S'Range > > =A0 then > > =A0 =A0 =A0raise Constraint_Error; > > =A0 end if; > >end if; > >-- > >--------------------------------------------------------- > > =A0 =A0 =A0 =A0 =A0 J-P. Rosen (ro...@adalog.fr) > >Visit Adalog's web site athttp://www.adalog.fr- Hide quoted text - > > - Show quoted text -