Ada 95 Quality and Style Guide Chapter 5

Chapter 5: Programming Practices - TOC - 5.9 ERRONEOUS EXECUTION AND BOUNDED ERRORS

5.9.1 Unchecked Conversion


  • Use Ada.Unchecked_Conversion only with the utmost care (Ada Reference Manual 1995, §13.9).
  • Consider using the 'Valid attribute to check the validity of scalar data.
  • Ensure that the value resulting from Ada.Unchecked_Conversion properly represents a value of the parameter's subtype.
  • Isolate the use of Ada.Unchecked_Conversion in package bodies.

  • example

    The following example shows how to use the 'Valid attribute to check validity of scalar data:

    with Ada.Unchecked_Conversion;
    with Ada.Text_IO;
    with Ada.Integer_Text_IO;
    procedure Test is
       type Color is (Red, Yellow, Blue);
       for Color'Size use Integer'Size;
       function Integer_To_Color is
          new Ada.Unchecked_Conversion (Source => Integer,
                                        Target => Color);
       Possible_Color : Color;
       Number         : Integer;
    begin  -- Test
       Ada.Integer_Text_IO.Get (Number);
       Possible_Color := Integer_To_Color (Number);
       if Possible_Color'Valid then
          Ada.Text_IO.Put_Line("Number does not correspond to a color.");
       end if;
    end Test;


    An unchecked conversion is a bit-for-bit copy without regard to the meanings attached to those bits and bit positions by either the source or the destination type. The source bit pattern can easily be meaningless in the context of the destination type. Unchecked conversions can create values that violate type constraints on subsequent operations. Unchecked conversion of objects mismatched in size has implementation-dependent results.

    Using the 'Valid attribute on scalar data allows you to check whether it is in range without raising an exception if it is out of range. There are several cases where such a validity check enhances the readability and maintainability of the code:

    - Data produced through an unchecked conversion
    - Input data
    - Parameter values returned from a foreign language interface
    - Aborted assignment (during asynchronous transfer of control or execution of an abort statement)
    - Disrupted assignment from failure of a language-defined check
    - Data whose address has been specified with the 'Address attribute

    An access value should not be assumed to be correct when obtained without compiler or run-time checks. When dealing with access values, use of the 'Valid attribute helps prevent the erroneous dereferencing that might occur after using Ada.Unchecked_Deallocation, Unchecked_Access, or Ada.Unchecked_Conversion.

    In the case of a nonscalar object used as an actual parameter in an unchecked conversion, you should ensure that its value on return from the procedure properly represents a value in the subtype. This case occurs when the parameter is of mode out or in out. It is important to check the value when interfacing to foreign languages or using a language-defined input procedure. The Ada Reference Manual (1995, §13.9.1) lists the full rules concerning data validity.

    < Previous Page Search Contents Index Next Page >
    1 2 3 4 5 6 7 8 9 10 11
    Appendix References Bibliography