From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Subject: Re: ada compiler?
Date: Wed, 14 Nov 2007 08:36:51 -0800
Date: 2007-11-14T08:36:51-08:00 [thread overview]
Message-ID: <1195058211.682783.288340@d55g2000hsg.googlegroups.com> (raw)
In-Reply-To: <1195056238.1007.317.camel@kartoffel>
Georg Bauhaus wrote:
> On Wed, 2007-11-14 at 07:09 -0800, Ludovic Brenta wrote:
> > But if the stack is exhausted or nearly so (perhaps because the last
> > in a long series of recursive calls raises Storage_Error), chances are
> > high that the exception handler itself will overflow the stack (e.g.
> > passing your string "Hey! You!" to a procedure might itself cause a
> > stack overflow). This, in my view, greatly reduces the benefit of the
> > exception. Also, what if raising the exception requires some stack
> > space? Maybe I should have said that explicitly.
>
> No, these are matters of course, and they are mentioned in the RM.
Not really. 11.5(23) says that a stack overflow raises Storage_Error
but, since the stack has overflowed, I'm not convinced that the
exception can still be raised, propagated and handled properly. The RM
is silent about that part and I believe this is an implementation
issue.
> However, I prefer being given a chance to run some emergency code,
> even knowing that I cannot in general rely on anything
> in the presence of Storage_Error (or exceptions with -O, for that
> matter). Perhaps I should mention that the programs that I have
> in mind are more mundane than hard real-time control programs.
The gnat package in Debian is for mundane programs; if you write
safety-critical software, you use a supported and certified compiler.
So, enabling -fstack-check by default is a viable option that I am
considering. Like I said earlier, it would still be possible to
disable stack checking by saying -fno-stack-check explicitly.
You say that -fstack-check and the Storage_Error allow you to try and
"recover" but I'm not convinced that recovery is possible after a
stack overflow. In fact, I'm not even convinced that exception
propagation can be relied on after a stack overflow. Heap overflows
are different, of course, and are not affected by -fstack-check. Your
latest example was a heap overflow and therefore off-topic.
Does someone here know GNAT internals in sufficient detail as to
enlighten us? Also can someone explain what "reliable" stack checking
is in GNAT parlance?
--
Ludovic Brenta.
next prev parent reply other threads:[~2007-11-14 16:36 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-09 22:25 ada compiler? Bill Cunningham
2007-11-09 22:39 ` anon
2007-11-09 22:59 ` Bill Cunningham
2007-11-09 23:28 ` anon
2007-11-09 23:50 ` Jeffrey R. Carter
2007-11-10 0:32 ` anon
2007-11-10 4:15 ` Jeffrey Creem
2007-11-10 5:08 ` tmoran
2007-11-10 6:12 ` anon
2007-11-10 8:35 ` tmoran
2007-11-10 20:20 ` anon
2007-11-10 22:15 ` Jeffrey Creem
2007-11-11 1:01 ` anon
2007-11-11 1:14 ` (see below)
2007-11-11 2:21 ` Georg Bauhaus
2007-11-11 4:08 ` Jeffrey R. Carter
2007-11-13 13:24 ` Ludovic Brenta
2007-11-14 7:00 ` Jacob Sparre Andersen
2007-11-14 9:15 ` Georg Bauhaus
2007-11-14 10:26 ` Ludovic Brenta
2007-11-14 12:25 ` Georg Bauhaus
2007-11-14 15:09 ` Ludovic Brenta
2007-11-14 16:03 ` Georg Bauhaus
2007-11-14 16:36 ` Ludovic Brenta [this message]
2007-11-14 17:39 ` Georg Bauhaus
2007-11-14 20:40 ` Ludovic Brenta
2007-11-15 9:59 ` Georg Bauhaus
2007-11-14 17:52 ` Georg Bauhaus
2007-11-16 1:07 ` Samuel Tardieu
2007-11-16 1:58 ` tmoran
2007-11-16 9:41 ` Stack checking in GNAT (was: ada compiler?) Ludovic Brenta
2007-11-16 10:56 ` Stack checking in GNAT Samuel Tardieu
2007-11-16 13:04 ` Ludovic Brenta
2007-11-17 7:24 ` anon
2007-11-29 0:32 ` Robert A Duff
2007-11-17 1:37 ` ada compiler? Randy Brukardt
2007-11-17 1:18 ` Randy Brukardt
2007-11-29 0:41 ` Robert A Duff
2007-11-14 21:31 ` Niklas Holsti
2007-11-17 1:50 ` Randy Brukardt
2007-11-14 18:33 ` anon
2007-11-12 5:13 ` anon
2007-11-11 14:15 ` Jeffrey Creem
2007-11-13 7:11 ` Martin Krischik
2007-11-13 8:47 ` anon
2007-11-13 9:34 ` to gnat make or not to gnat make (Was: ada compiler?) Martin Krischik
2007-11-13 22:46 ` anon
2007-11-13 23:14 ` to gnat make or not to gnat make Simon Wright
2007-11-14 9:21 ` to gnat make or not to gnat make (Was: ada compiler?) Georg Bauhaus
2007-11-13 22:41 ` ada compiler? Simon Wright
2007-11-17 2:07 ` Randy Brukardt
2007-11-17 7:51 ` anon
2007-11-17 9:00 ` Pascal Obry
2007-11-17 12:24 ` Ludovic Brenta
2007-11-19 21:35 ` Randy Brukardt
2007-11-10 15:03 ` (see below)
2007-11-12 16:38 ` Adam Beneschan
2007-11-13 3:16 ` John W. Kennedy
2007-11-13 16:46 ` Adam Beneschan
2007-11-10 3:07 ` Georg Bauhaus
2007-11-13 0:20 ` adaworks
2007-11-13 22:27 ` Simon Wright
2007-11-14 17:32 ` Britt Snodgrass
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox