Kai Henningsen wrote:
But at least, in that case, the compiler could easily issue the (presumably not required by the standard) warning that the else branch is "unreachable code".
Yes, absolutely, a compiler should generate warnings as much as possible when it is making these kind of assujmptions. Sometimes this is difficult though, because the unexpected actions emerge from the depths of complex optimization algorithms that don't easily link back what they are doing to the source code. Actually an easier warning here is that npassword_attempts is uninitialized. That should be easy enough to generate (certainly GNAT would generate that warning in this situation). Working hard to generate good warnings is an important part of the compiler writers job, even if it is quite outside the scope of the formal standard. Being careful to look at warnings and not ignore them is an important part of the programmers job :-)