My summary: the best way to check any virtual address is not to check it. You use the address as the interface intend it to be used, with suitable recovery (be that FRR, ESTAE/ESTAEX, ESPIE) and handle blowing up when it turns out that it is not valid. Sure, there are cases where you could find that the address is not valid and avoid a "recovery path", but you'd usually still need to have the recovery path/protection to avoid a time of check to time of use exposure. And why would you care about a long path if your caller gave you improper data (if anything, such "punishment" might be "incentive" for them to get it right).
LRA was mentioned, but it's got the same situation as TPROT. If the data is properly paged out, LRA and TPROT will not give a result that is helpful (unless you require/expect that the data is page-fixed). For example, I could use TPROT on a purported ASCB address and if I didn't get success, I'd know it wasn't an ASCB address (because an ASCB cannot be paged out). Peter Relson z/OS Core Technology Design
