ada compiler?

ada compiler?

[Bill Cunningham]

    I have just began looking at the ada language and some tutorials but I 
have no idea how to compile ada programs. I am using gcc with C,C++, and Ada 
support. Do Ada programs have to end in .ads ? How do I work the compiler?

Bill

Re: ada compiler?

[anon]

The program and package bodies should be <name>.adb
The package spec files are <name>.ads

For the gcc, the current version uses GNU GNAT:
Ada programs must be compiled, then they must bind, before they can be 
linked into executable programs.

  gnat compile <name>.adb
  gnatbind <name>.ali
  gnatlink <name>.ali

In some cases the extension are optional.

To get started try try searching the www.adapower.com site for 
some example programs.

In <A75Zi.24$Vp3.16@trnddc05>, "Bill Cunningham" <nospam@nspam.com> writes:
>    I have just began looking at the ada language and some tutorials but I 
>have no idea how to compile ada programs. I am using gcc with C,C++, and Ada 
>support. Do Ada programs have to end in .ads ? How do I work the compiler?
>
>Bill
>
>

Re: ada compiler?

[Bill Cunningham]

"anon" <anon@anon.org> wrote in message 
news:Qk5Zi.10116$if6.911@bgtnsc05-news.ops.worldnet.att.net...
> The program and package bodies should be <name>.adb
> The package spec files are <name>.ads
>
> For the gcc, the current version uses GNU GNAT:
> Ada programs must be compiled, then they must bind, before they can be
> linked into executable programs.
>
>  gnat compile <name>.adb
>  gnatbind <name>.ali
>  gnatlink <name>.ali
>
> In some cases the extension are optional.
>
> To get started try try searching the www.adapower.com site for
> some example programs.

    OK great thanks. So what does a completed executable look like? Does it 
have an extension in the name or does it not need it. In linux systems are 
they executed just like other executables?

Bill

Re: ada compiler?

[anon]

In Linux, Ada executable program look and at like other Linux
program.  But the GNAT Ada compiler use mostly the Shell ASCII 
like structure. No, windows or sub-windows.

 ./<name>

For windows, KDE, GOME, etc. environments you need to search for AdaSDL 
or other interface packages, and install. You can find some of these linked 
at Adapower as well.


In <vD5Zi.57$Y32.23@trnddc04>, "Bill Cunningham" <nospam@nspam.com> writes:
>
>"anon" <anon@anon.org> wrote in message 
>news:Qk5Zi.10116$if6.911@bgtnsc05-news.ops.worldnet.att.net...
>> The program and package bodies should be <name>.adb
>> The package spec files are <name>.ads
>>
>> For the gcc, the current version uses GNU GNAT:
>> Ada programs must be compiled, then they must bind, before they can be
>> linked into executable programs.
>>
>>  gnat compile <name>.adb
>>  gnatbind <name>.ali
>>  gnatlink <name>.ali
>>
>> In some cases the extension are optional.
>>
>> To get started try try searching the www.adapower.com site for
>> some example programs.
>
>    OK great thanks. So what does a completed executable look like? Does it 
>have an extension in the name or does it not need it. In linux systems are 
>they executed just like other executables?
>
>Bill
>
>

Re: ada compiler?

[Jeffrey R. Carter]

Bill Cunningham wrote:
>     I have just began looking at the ada language and some tutorials but I 
> have no idea how to compile ada programs. I am using gcc with C,C++, and Ada 
> support. Do Ada programs have to end in .ads ? How do I work the compiler?

The default for GNAT (which is what you have) is that package 
specifications end in .ads, and everything else ends in .adb. You can 
use other extensions if you like, but to start off with it's probably 
easiest to abide by this convention.

The easiest way to use the compiler is to use gnatmake:

gnatmake -gnato -fstack-check [-O2] <main-procedure-name>

This will compile <main-procedure-name>.adb and everything needed to 
produce an executable for it.

Note that "-gnato -fstack-check" is needed for GNAT to be an Ada compiler.

-- 
Jeff Carter
"Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam!"
Monty Python's Flying Circus
53

Re: ada compiler?

[anon]

>Note that "-gnato -fstack-check" is needed for GNAT to be an Ada compiler.

Where did you get that one!

  I have never use "-gnato -fstack-check" and all programs that I have 
created have work. May be you have some wrong on your system.



In <8n6Zi.193391$Fc.57033@attbi_s21>, "Jeffrey R. Carter" <spam.jrcarter.not@acm.nospam.org> writes:
>Bill Cunningham wrote:
>>     I have just began looking at the ada language and some tutorials but I 
>> have no idea how to compile ada programs. I am using gcc with C,C++, and Ada 
>> support. Do Ada programs have to end in .ads ? How do I work the compiler?
>
>The default for GNAT (which is what you have) is that package 
>specifications end in .ads, and everything else ends in .adb. You can 
>use other extensions if you like, but to start off with it's probably 
>easiest to abide by this convention.
>
>The easiest way to use the compiler is to use gnatmake:
>
>gnatmake -gnato -fstack-check [-O2] <main-procedure-name>
>
>This will compile <main-procedure-name>.adb and everything needed to 
>produce an executable for it.
>
>Note that "-gnato -fstack-check" is needed for GNAT to be an Ada compiler.
>
>-- 
>Jeff Carter
>"Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam!"
>Monty Python's Flying Circus
>53

Re: ada compiler?

[Georg Bauhaus]

On Fri, 2007-11-09 at 22:25 +0000, Bill Cunningham wrote:
> I have just began looking at the ada language and some tutorials but I 
> have no idea how to compile ada programs. I am using gcc with C,C++, and Ada 
> support. Do Ada programs have to end in .ads ? How do I work the compiler?

This is the intro to using GNAT:
http://gcc.gnu.org/onlinedocs/gnat_ugn_unw/Getting-Started-with-GNAT.html#Getting-Started-with-GNAT

If you have a GNAT installation, the Users Guide
--from which this section is taken--should be right there.

Re: ada compiler?

[Jeffrey Creem]

anon wrote:
>> Note that "-gnato -fstack-check" is needed for GNAT to be an Ada compiler.
> 
> Where did you get that one!
> 
>   I have never use "-gnato -fstack-check" and all programs that I have 
> created have work. May be you have some wrong on your system.
> 
> 
I suspect he got it from the GNAT documentation. These options are 
required to get full run-time checking that people would expect after 
reading the LRM. Notice he did not indicate that the options were needed 
to get gcc to be an Ada compiler but rather that this was needed to get 
GNAT to be an Ada compiler.

Re: ada compiler?

[tmoran]

> >Note that "-gnato -fstack-check" is needed for GNAT to be an Ada compiler.
>
> Where did you get that one!
>
>   I have never use "-gnato -fstack-check" and all programs that I have
> created have work. May be you have some wrong on your system.
  Try
with ada.text_io;
procedure isitada is
  x : integer := integer'last-2;
begin
  ada.text_io.put("it is");
  for i in 1 .. 3 loop
    x := x+1;
  end loop;
  ada.text_io.put(" not Ada");
exception
  when constraint_error =>
    ada.text_io.put_line(" Ada");
end isitada;

Re: ada compiler?

[anon]

Your program work correctly with or without the command line option!  
Using two different operating systems, Linux and FreeBSD. So, what 
problem should I have seen?

Plus, it is not required.   To increase the Ada programmer and Ada usage 
you first must get the newbees to enjoy Ada before getting into the specific 
stuff. So, why confuse him with command line options that are not needed 
unless you want him to "HATE" Ada. 




In <y4qdnVf5K_RaoajanZ2dnUVZ_hOdnZ2d@comcast.com>, tmoran@acm.org writes:
>> >Note that "-gnato -fstack-check" is needed for GNAT to be an Ada compiler.
>>
>> Where did you get that one!
>>
>>   I have never use "-gnato -fstack-check" and all programs that I have
>> created have work. May be you have some wrong on your system.
>  Try
>with ada.text_io;
>procedure isitada is
>  x : integer := integer'last-2;
>begin
>  ada.text_io.put("it is");
>  for i in 1 .. 3 loop
>    x := x+1;
>  end loop;
>  ada.text_io.put(" not Ada");
>exception
>  when constraint_error =>
>    ada.text_io.put_line(" Ada");
>end isitada;

Re: ada compiler?

[tmoran]

> Your program work correctly with or without the command line option!
> Using two different operating systems, Linux and FreeBSD. So, what
> problem should I have seen?
  I would hope it works correctly!  With -gnato "correctly" means it
should print "it is Ada" and without -gnato "correctly" means it should
print "it is not Ada"  Is that not the behavior you observe?

Re: ada compiler?

[(see below)]

On 10/11/07 06:12, in article
TYbZi.77377$kj1.12383@bgtnsc04-news.ops.worldnet.att.net, "anon"
<anon@anon.org> drivelled:

> Your program work correctly with or without the command line option!
> Using two different operating systems, Linux and FreeBSD. So, what
> problem should I have seen?
> 
> Plus, it is not required.   To increase the Ada programmer and Ada usage
> you first must get the newbees to enjoy Ada before getting into the specific
> stuff. So, why confuse him with command line options that are not needed
> unless you want him to "HATE" Ada.

It's not what they know, it's what they think they know that ain't so ...
8-(

-- 
Bill Findlay
<surname><forename> chez blueyonder.co.uk

Re: ada compiler?

[anon]

Since, my version of GNAT by default is set to the "High_Integrity" Mode 
the program always takes the CONSTRAINT_ERROR exits unless the 
correct "pragma Suppress" or "pragma Restrictions" is set. Such as 
adding:

    pragma Suppress ( All_Checks ) ;

So never assume that you need an options less you have proven that it 
is needed on that version. Plus, if you switch vendor or newer releases 
that option may not exist.  

And as for newbees, let them enjoy the power and beauty of Ada before 
getting into the implementation junk that destroys their desire to support 
and promote Ada. Because they may never need the implementation junk 
that you are required to used. Or may be you want Ada to DIE. And the 
implementation junk such as command line options is what a lot of 
newbees use to HATE Ada. I know a number of people who hate 
C/C++ because of the command line options that you have to set. 

In <QPednZmRA_Te8KjanZ2dnUVZ_jednZ2d@comcast.com>, tmoran@acm.org writes:
>> Your program work correctly with or without the command line option!
>> Using two different operating systems, Linux and FreeBSD. So, what
>> problem should I have seen?
>  I would hope it works correctly!  With -gnato "correctly" means it
>should print "it is Ada" and without -gnato "correctly" means it should
>print "it is not Ada"  Is that not the behavior you observe?

Re: ada compiler?

[Jeffrey Creem]

anon wrote:
> Since, my version of GNAT by default is set to the "High_Integrity" Mode 
> the program always takes the CONSTRAINT_ERROR exits unless the 
> correct "pragma Suppress" or "pragma Restrictions" is set. Such as 
> adding:
> 
>     pragma Suppress ( All_Checks ) ;
> 
> So never assume that you need an options less you have proven that it 
> is needed on that version. Plus, if you switch vendor or newer releases 
> that option may not exist.  
> 
> And as for newbees, let them enjoy the power and beauty of Ada before 
> getting into the implementation junk that destroys their desire to support 

I think the odds of the original poster having a special version of GNAT 
that is "Ada" by default is very low. Especially given that he said he 
was using gcc with c,c++ and Ada support. That almost certainly means it 
is some distribution native gcc that is bundled with the FSF/AdaCore 
default of 'not quite Ada'.

Re: ada compiler?

[anon]

You are missing the point. You should not assume that they need command 
line option until they ask for help that require that type of answer. And if 
there is a Ada language answer then that is the answer that should be the 
given. Not a simple command line answer which is vendor and/or version 
specific.

Plus, how many beginners first downloads a GNAT version that requires:

    gnatmake -gnato -fstack-check <name>.adb  

to compile a simple program!

Most beginners that are learning Ada just use: 

Note: (Linux version)

    gnat compile <name>.adb
    gnat bind <name>.ali
    gnat link <name>.ali
    ./<name>

Extension can be optional in some cases.  Which is what I stated.
By learning the long way first a person is allowed a more deeper 
understanding and appreciation of the language. 

Only after they learn the basics should they start to use:

    gnat make <name>.adb  

without any options. 

Then in most cases, the first command option they will use is to include 
object files from other languages. Later they may get into more complex 
concepts that may require some command line options, but they should 
always use the standard Ada language concepts first. 

Now academic version of GNAT defaults to low integrity, while most 
others Ada compilers default to high integrity including GNAT PRO. And 
with a few vendors, the install program will ask for the desired 
installation integrity level.


In <uklh05-6gt.ln1@newserver.thecreems.com>, Jeffrey Creem <jeff@thecreems.com> writes:
>anon wrote:
>> Since, my version of GNAT by default is set to the "High_Integrity" Mode 
>> the program always takes the CONSTRAINT_ERROR exits unless the 
>> correct "pragma Suppress" or "pragma Restrictions" is set. Such as 
>> adding:
>> 
>>     pragma Suppress ( All_Checks ) ;
>> 
>> So never assume that you need an options less you have proven that it 
>> is needed on that version. Plus, if you switch vendor or newer releases 
>> that option may not exist.  
>> 
>> And as for newbees, let them enjoy the power and beauty of Ada before 
>> getting into the implementation junk that destroys their desire to support 
>
>I think the odds of the original poster having a special version of GNAT 
>that is "Ada" by default is very low. Especially given that he said he 
>was using gcc with c,c++ and Ada support. That almost certainly means it 
>is some distribution native gcc that is bundled with the FSF/AdaCore 
>default of 'not quite Ada'.
>

Re: ada compiler?

[(see below)]

On 11/11/07 01:01, in article
lvsZi.13247$if6.1368@bgtnsc05-news.ops.worldnet.att.net, "anon"
<anon@anon.org> wrote:

> You are missing the point. You should not assume that they need command
> line option until they ask for help that require that type of answer. And if
> there is a Ada language answer then that is the answer that should be the
> given. Not a simple command line answer which is vendor and/or version
> specific.
> 
...
> 
> Most beginners that are learning Ada just use:
> 
> Note: (Linux version)
> 
>     gnat compile <name>.adb
>     gnat bind <name>.ali
>     gnat link <name>.ali
>     ./<name>
...

Nonsense.

I managed labs that taught Ada to 500 beginners a year using GNAT,
and they did no such thing. What is *your* experience of teaching
Ada beginners, exactly?

-- 
Bill Findlay
<surname><forename> chez blueyonder.co.uk

Re: ada compiler?

[Georg Bauhaus]

On Sun, 2007-11-11 at 01:01 +0000, anon wrote:
>  how many beginners first downloads a GNAT version that requires:
> 
>     gnatmake -gnato -fstack-check <name>.adb  
> 
> to compile a simple program!

Wouldn't this be even more evidence in favor of having
-gnato -fstack-check on by default? If someone begins
learning Ada and then notices that the promised overflow
checking doesn't take place, what will be the reaction?
Also, what is the effect of an Ada compiler on the perception
of the language if, by default, stack overflow (e.g. due to
massive recursion without TCE) causes segmentation
violations rather than Storage_Error? What if we are told
that this or that is an operating system issue and that we
should learn how to adjust OS resources (ulimit etc.) so that
GNAT's produce works according to expectations?

OTOH, -gnato renders the speed race among languages more
promising, and -fstack-check is a common gcc option.

What should the default choices of gnatmake be then?

Re: ada compiler?

[Jeffrey R. Carter]

Georg Bauhaus wrote:
> 
> Wouldn't this be even more evidence in favor of having
> -gnato -fstack-check on by default? If someone begins
> learning Ada and then notices that the promised overflow
> checking doesn't take place, what will be the reaction?

There have been a number of threads here dealing with just that: people 
asking why GNAT didn't give the expected behavior, generally because 
they didn't compile with -gnato.

-- 
Jeff Carter
"Ada has made you lazy and careless. You can write programs in C that
are just as safe by the simple application of super-human diligence."
E. Robert Tisdale
72

Re: ada compiler?

[Jeffrey Creem]

anon wrote:

> Now academic version of GNAT defaults to low integrity, while most 
> others Ada compilers default to high integrity including GNAT PRO. And 
> with a few vendors, the install program will ask for the desired 
> installation integrity level.
> 
> 
Wrong again. Normal GNATPro does not default to high integrity. I've got 
GNATPro on Solaris, Linux, vxWorks, Windows XP and none of them default 
to what you are calling high integrity.

e.g.
Under XP
gnatls -v
GNATLS Pro 6.0.2 (20070620-41)

Running isitada, returns

it is not Ada


I have been willing to take it on faith for a while that perhaps you 
have a version version of GNATPro (perhaps one for a DO-178B platform) 
that acts differently....

It also is quite odd to start talking about other vendorS when the 
switches we are discussing are all gcc ada switches. Most other Ada 
vendors are not using GCC and don't compile c,c++ and Ada as the 
original poster requested.

Granted, there are a few (at least one) other people selling Ada 
compilers based on gnat other than AdaCore so perhaps you are talking 
about them.

Re: ada compiler?

[anon]

--
-- This will answer a few statements: 
--
-- Georg Bauhaus and Jeffrey R. Carter := There is an specific answer
--                                        at the bottom for you two.
--
--
-- Jeffrey Creem  := Your answer is almost at the bottom. 
--

--
-- a.adb
--

--
-- The Error in using "-gnato" is that it does not work for all 
-- types as demonstrated in this example.  "-gnato"? Is it a trick 
-- or a treat that Adacore coded into its compilers.
--


with Ada.Text_IO ;
with Ada.Float_Text_IO ;

procedure a is

  Z : float := 0.0 ;

  A : float := 1.0 ;
  B : float := 2.0 ;
  C : float := 3.0 ;


begin

  Ada.text_io.put_line ( "Perform Divide by Zero" ) ;
  --
  --  This code does a divide by zero. The compiler uses the FPU 
  --  instructions. And since the code can not generate a 
  --  divide-by-zero error or exception or hardware interrupt, there 
  --  will never be a Constraint_Error generated. 
  --
  --  Also, there is no pragma or command line option that will 
  --  generated the code to detect this error condition for real 
  --  number types.
  --
  B := A / Z ;

  Ada.text_io.put_line ( "    Done" ) ;

  Ada.text_io.put_line ( "Validate before perform a Divide" ) ;

  --
  --  The only way to detect this error is for the programmer to learn 
  --  to write a higher integrity form of code. Which is a type of 
  --  learning and debugging feature that is build-in to Ada. This 
  --  feature aids the programmer to write high efficient code.  And 
  --  not just allow bad coding with extra compiler generated checks 
  --  that tries to correct the programmer's coding errors.
  --
  -- Special Note:  Ada aids a programmer in writing code but no 
  --                Ada options or pragma should be use to replace 
  --                integrity or efficiency in write programs.
  --
  if B'Valid then 
    if Z /= 0.0 then 
      C := B / Z ;
    else
      Ada.text_io.put_line ( "Divide-By-Zero was attempted" ) ;
    end if ;
  else
    Ada.text_io.put_line ( "Invalid Data has been detected" ) ;
  end if ;

  --
  -- User can even print the invalid data! In any method you like.
  --
  Ada.text_io.new_line ;
                         --
                         -- Just for those who like the IMAGE attribute
                         --
  Ada.text_io.put_line ( "B (image) := " & Float'Image ( B ) ) ;
                         --
  Ada.text_io.put ( "B (io package) := " ) ;
  Ada.Float_Text_IO.put ( B, 5, 2 ) ;
  Ada.text_io.new_line ;

  --
  --  Look MOM! No EXCEPTIONS!
  --
  Ada.text_io.put_line ( "End of Job" ) ;

end ;
--
--  Since the "-gnato" does not check for Real numbers I bet some 
--  one will suggest that this should be reported to Adacore.
--
--  If you look in the language RM you can Restrict or Suppress 
--  coding but there is no standard pragma that causes the 
--  compiler to generated extra checking code. With that said,  
--  the Ada standard does not recommend the use of GNAT's "-gnato" 
--  for Ada implementation coding scheme, which can violate language 
--  integrity.
--

--
--               Now for Ada Defaults:
--
-- NOTE: Most users want to use the code just out of the box like they 
--       do with close source code. This is a MAJOR problem for open 
--       source. Users forget they can, but they will be using a low 
--       level vendor defaulted version.  These defaulted versions
--       are set to work with a wide range of software and hardware 
--       configurations. Even if that hardware and software is outdate 
--       and no longer supported. But to get the true power from an 
--       open source project, the source code must be recompiled (this
--       include the Linux Kernel). And before rebuilding the binaries 
--       the user or company or etc. can customize the default 
--       operating code for the type of job or jobs that will be done. 
--       This also allows any outdated code to be removed or moved 
--       into special section or directory or into a set of special 
--       outdated hardware packages for Ada.
--
-- Note: Most Code Convention and Practices rules does not allow the 
--       end user to modify the code. This is a close source rule, 
--       because it is ILLEGAL to modify close source code. This rule
--       should be updated to reflect the use of open source and the
--       GPL which allows customizing and modification of its source. 
--       Which allow the software to be optimized and specificity 
--       built for the job to be done. Giving an edge over the close 
--       source software vendors as well as the users competitors.
--
-- Note: Actually, most system analysts will tell you that even close 
--       source code needs to be fine tune to the job they are set up 
--       to do. This goes for Microsoft operating system Windows (all 
--       version) as well as others. 
--
-- Note: System Software Engineers, know that the software needs to be 
--       check for optimization, package validity and fine tuning may 
--       be needed.  That's one reason why on new system you get an OEM 
--       version of the operating system that is set up for that 
--       pre-installed computer hardware. Also it makes it hard to copy
--       and to install on other hardware.
--

--
-- Now to install the correct version of GNAT Ada (Linux): 
--
-- Note: This is stated on a number of Adacore and GNAT source files 
--       as well as a few web sites. With limited instructions, this 
--       version just hits the highlights.
--
-- 1 => Install a temporary binary version aka older version of 
--      GNAT or other Ada compiler. Such as Adacore's GNAT 2007 
--      GPL LIBC 2.3.
--
--  Note: Currently most people are using GCC LIBC 3.2.x or 4.1.x
--        Or people can get An Ada version for their GCC LIBC 4.x.x 
--        from either their Linux Vendor archives or in some cases
--        sourceforge or other places may be available.
--
-- NOTE: This is where most people stop. Which all GNAT versions are
--       set to the defaults and GNAT is set to academic default 
--       version only. For schools, this is great but for the 
--       non-academic programming uses this is not. Another reason 
--       why Adacores suggests the move to GNAT PRO.
--
-- For the non-academic programmer needs:
--
-- 2 => Install the current GCC source packages, at least the 
--      "gcc-core" source package.
-- 3 => Install the current GNAT source into the GCC source tree.
-- 
-- Note: If you installed the complete GCC source instead of just
--       the core it may contain the current version of GNAT. Or 
--       you may need to replace it and perform any patches if 
--       needed.
--
-- 4 => Set the correct Default and Integrity mode that you need
--      need for work. They are a few web sites and books that can
--      help you decide on how to do this. And this does not change
--      Ada just how the compile will perform and how the user will 
--      be requires to write code, including style may be set. 
--
-- Note: There are others facts that can be address here as well.
--       Such as cross-compiling libraries, etc.
--
-- 5 => Follow GCC build instructions for languages including Ada
--      that you want. Time: 2 to 12+ hours. Time depends on a number
--      of factors such as cpu speed and the number of language 
--      packages installed to be compiled such as 
--      C / Ada / JAVA / FORTRAN.
--      Another reason is that the core system and libraries will be 
--      compiled in a number of 3 stages at the movement to optimize 
--      the code. And this can includes Ada as well.
--
-- 6 => Uninstall and Remove Temporary Ada and older version of C 
--      and other packages if needed.
-- 7 => Install newly build versions. Either complete C / Ada / etc 
--      or just Ada.
-- 8 => Use the new system.
--
-- For GNAT PRO: (For Jeffrey Creem) 
-- 1 => Install stocked GNAT PRO binary and source
-- 2 => Install any compiler packages that are required by GNAT PRO
--      to rebuild system.
-- 3 => Set the correct Default and Integrity mode that you need 
--      for work. Most company do not want to spend the time to 
--      configure and rebuild GNAT and GNAT PRO. But a lot are 
--      learning they should when it comes to open source.
-- 4 => Rebuild GNAT PRO
-- 5 => Remove stocked version and reinstall updated version.
--
-- Note: I have never seen a installed GNAT PRO that was not modified.
--
--  Also, since in a previous reply post you kind of suggested that you 
--  are a student. Try this! Copy a test program to a test directory
--  and also copy system.ads to this directory.  Find and alter 
--
--   High_Integrity_Mode       : constant Boolean := False;
--
-- or add 
--
--   High_Integrity_Mode       : constant Boolean := True;
--
-- in the private section of system.ads.  The GNAT compiler reads 
-- those Boolean statement after it processes the command line.
--
-- Adacores states the High_Integrity_Mode is obsolete but it is 
-- still built into the compiler. Compile the test program. Resolve 
-- any binding errors by copying the package and recompile aka 
-- rebuilding the RTS with High_Integrity_Mode option set. For 
-- the "isitada" program its only 33 packages. You will find that 
-- Ada.Text_IO and the program "isitada" and a few other packages 
-- that uses the exception statement will have to be rewritten. 
-- Because in EXTREME HIGH INTEGRITY the exception statements and 
-- handlers are illegal to use.
--

--
-- 
-- For ( Georg Bauhaus and Jeffrey R. Carter)
--
--  It seams that Adacores is trying to destroy the learning 
--  and teaching ability that was incorporated into Ada. With 
--  the usage of its command line and GNAT special compiler 
--  commands, like "-gnato". I have said in another post that 
--  Adacore is one of many that is trying to Kill and Destroy 
--  the nature of Ada.
--
--  SIDE NOTE: If you alter either or both SYSTEM private statements
--
--             Backend_Divide_Checks     : constant Boolean := False;
--             Backend_Overflow_Checks   : constant Boolean := False;
--
--             to True, which is done in some default systems will 
--             disable the "gnato". Of course you will need to 
--             recompile language packages. So, the use of "-gnato" 
--             is not guarantee to work properly on all system. 
--             Which Ada RM suggest that you reject this type of
--             concept.
--
--  The Ada compiler was never design to allow the use command line 
--  to alter the coding of the source code, it should only identify 
--  the source files to be compile and libraries files for compiling, 
--  else some of the compiler options would be defined in the Ada 
--  LRM. The Ada manual does touch on the idea that implementation 
--  can use a 'nonstandard mode'. [ 1.1.5 ( 11 ) ].  But these are for 
--  setting limits on processing excessive warning or errors. Setting 
--  compiler special optimizations code and provides for alternative 
--  algorithms aka "-RTS=", "-nostdinc", "-nostdlib" command line 
--  options. Which allows different runtime packages and algorithms 
--  to be used without altering the source code. Plus, adding 
--  compiler generated code can lead to inefficiencies in the code 
--  which Ada RM suggests that concept should be rejected.
--
--  Why is optimizations not a part of the Ada standard mode as define 
--  in LRM [ 1.1.5 ( 11 ) ]. Because if a programmer created a more 
--  efficient and integrity algorithm then increasing the compiler 
--  optimizations is a waste of time. No real improvement in the code 
--  efficiency. Plus, in most case the optimization routines alters 
--  the true nature of the algorithm. Also, in a few cases the compiler 
--  optimizations does decrease the efficiency of an algorithm. So, 
--  by the concept explain in LRM [ 1.1.5 ( 11 ) ] the usage 
--  optimization by the compiler should be avoided as well.
--
--  The linker may have its own requirements. Ada language provide a 
--  method for that by using the "pragma Linker_Options" statement 
--  [ B.1 (8-9) ] without use a command line. And comments should be 
--  added to explain the reason for each option and how it effect the 
--  partition. That way if the reason is no longer valid then the 
--  software maintainer can remove or comment out this option, without 
--  altering the compile or algorithm integrity.
--
--  What I am saying is use the following:
--
--    pragma Linker_Options ( "-fstack-check" ) ;
-- 
--  statement instead of command line. But this feature is not for 
--  the newbees programmer just learning Ada. Plus if you write an
--  efficiency code you do not need to to have routines for checking 
--  either the primary or secondary stacks.
--
--  As for the use of the "gnat compile" [ "gnat1" ] then "gnat bind" 
--  and then  "gnat link" instead of using "gnatmake" well I refer 
--  you to paragraph 10 in the LRM "Design Goal" section at the first 
--  of the LRM. "gnatmake is a resource hog" while using the either 
--  gnat or gnat sub packages requires less resources.  With that 
--  stated you should, in the case of GNAT, use the sub packages to 
--  conform to the Ada standards aka the LRM.
--
--  And in a similar way that paragraph may also explain why Ada 2005 
--  is not being accepted by other vendors.  Some of the new 
--  constructs and packages are a concern that they lead Ada to 
--  inefficiencies in it coding.
--
--  Plus, have you seen some of the gcc command line options used 
--  for other languages.  Even in compiling GNAT Ada the gcc command 
--  line needs to be shorted.
--
-- ---------------------------------------------------------------- --
--  So what I am saying use Ada to help you learn to write higher   --
--  integrity and more efficient code. That meets the true nature  --
--  of the Ada standards. And until you do, insert comments and     --
--  pragmas like the "Linker_Options" pragma. Such as:              --
--                                                                  --
--    pragma Linker_Options ( "-fstack-check" ) ;                   --
--                                                                  --
--  with comments to help you create a fix.  Because this type of   --
--  problem and the use of "-fstack-check" solution is not always   --
--  portable to all Ada systems. And this type of statement allows  --
--  others to understand that, so they may need to create a fix, or --
--  to work around it. But using command line options defeats some  --
--  of the purposes that you use Ada  in the first place.           --
-- ---------------------------------------------------------------- --

In <1194747665.6151.31.camel@K72>, Georg Bauhaus <rm.tsoh+bauhaus@maps.futureapps.de> writes:
>
>On Sun, 2007-11-11 at 01:01 +0000, anon wrote:
>>  how many beginners first downloads a GNAT version that requires:
>> 
>>     gnatmake -gnato -fstack-check <name>.adb  
>> 
>> to compile a simple program!
>
>Wouldn't this be even more evidence in favor of having
>-gnato -fstack-check on by default? If someone begins
>learning Ada and then notices that the promised overflow
>checking doesn't take place, what will be the reaction?
>Also, what is the effect of an Ada compiler on the perception
>of the language if, by default, stack overflow (e.g. due to
>massive recursion without TCE) causes segmentation
>violations rather than Storage_Error? What if we are told
>that this or that is an operating system issue and that we
>should learn how to adjust OS resources (ulimit etc.) so that
>GNAT's produce works according to expectations?
>
>OTOH, -gnato renders the speed race among languages more
>promising, and -fstack-check is a common gcc option.
>
>What should the default choices of gnatmake be then?
>
>

Re: ada compiler?

[Adam Beneschan]

On Nov 9, 9:08 pm, tmo...@acm.org wrote:
> > >Note that "-gnato -fstack-check" is needed for GNAT to be an Ada compiler.
>
> > Where did you get that one!
>
> >   I have never use "-gnato -fstack-check" and all programs that I have
> > created have work. May be you have some wrong on your system.
>
>   Try
> with ada.text_io;
> procedure isitada is
>   x : integer := integer'last-2;
> begin
>   ada.text_io.put("it is");
>   for i in 1 .. 3 loop
>     x := x+1;
>   end loop;
>   ada.text_io.put(" not Ada");
> exception
>   when constraint_error =>
>     ada.text_io.put_line(" Ada");
> end isitada;

I've noticed that in the argument that has ensued from this post (yes
it works fine, no it doesn't, it's real Ada, it isn't, it's high-
integrity or low-integrity mode blah blah blah), nobody has mentioned
what platform they're running on.  I'm not familiar with GNAT in great
detail, but it would seem to me that this is the sort of option where
the default would depend on the processor and OS.  On some processor/
OS combinations, it's fairly easy to get programs to raise an
exception when integer overflow occurs---because the processor is
capable of faulting when overflow happens, and the OS has ways of
letting the program trap the fault and map it to a Constraint_Error
exception.  On other processors or OS's, the facility isn't there, and
you can't implement this overflow without additional code, such as
doing a "branch if overflow bit is set in the condition code" after
every addition or subtraction.  (One processor I've worked with
doesn't even have an integer overflow status; to check for overflow we
had to perform two different kinds of additions and see if the results
were the same.)  On such platforms, the efficiency penalty for
implementing the checks required by the language is significant.
That's the reason for having an option like -gnato in the first
place.  But it would not surprise me that on some platforms, where
there is no efficiency penalty, that the overflow checking would be in
effect whether it's explicitly specified on the command line or not.
There wouldn't be any reason to turn it off.

                            -- Adam

Re: ada compiler?

[adaworks]

"Bill Cunningham" <nospam@nspam.com> wrote in message 
news:A75Zi.24$Vp3.16@trnddc05...
>    I have just began looking at the ada language and some tutorials but I have 
> no idea how to compile ada programs. I am using gcc with C,C++, and Ada 
> support. Do Ada programs have to end in .ads ? How do I work the compiler?
>
Ada programs are not required to end in .adb or .ads.  This is a convention
adopted by GNAT.   Seom compilers allow files to end in any extension
you want to choose.   Also, GNAT requires that the internal name match
the file name.  This is also a convention unique to GNAT.  Other compilers
allow a mismatch between the internal name and the external name.

Richard Riehle 

Re: ada compiler?

[John W. Kennedy]

Adam Beneschan wrote:
> I've noticed that in the argument that has ensued from this post (yes
> it works fine, no it doesn't, it's real Ada, it isn't, it's high-
> integrity or low-integrity mode blah blah blah), nobody has mentioned
> what platform they're running on.

T'Machine_overflows

-- 
John W. Kennedy
A proud member of the reality-based community.

Re: ada compiler?

[Martin Krischik]

anon schrieb:
> You are missing the point. You should not assume that they need command 
> line option until they ask for help that require that type of answer. And if 
> there is a Ada language answer then that is the answer that should be the 
> given. Not a simple command line answer which is vendor and/or version 
> specific.
> 
> Plus, how many beginners first downloads a GNAT version that requires:
> 
>     gnatmake -gnato -fstack-check <name>.adb  
> 
> to compile a simple program!
> 
> Most beginners that are learning Ada just use: 
> 
> Note: (Linux version)
> 
>     gnat compile <name>.adb
>     gnat bind <name>.ali
>     gnat link <name>.ali
>     ./<name>

No they should taught "gnat make" - which is lot simpler - separate
compile-bind-link cycles are not needed any more. Even in tricky cases
like stand alone libraries or cross compilation where it was needed 3
years ago. Today the project manager does it all for you. There is no
reason left to learn how to do it the hard way.

Also note the space - just "gnat" will give you a short on-line help.

Martin

-- 
mailto://krischik@users.sourceforge.net
Ada programming at: http://ada.krischik.com

Re: ada compiler?

[anon]

-- You have to learn to crawl before you can walk and learn the rules 
-- to walk before you should run.

First, GNAT may be the only Ada 2005 compiler at the movement but that 
may change if other posters arecorrect. Second, GNAT is not the only 
compiler in use today, people are still using Ada 95 from other vendors. 
Software vedors like GHS, IBM, and Janas have Ada compilers and not one 
of them use "gnatmake".  But all vendors including Adacore uses a version 
of the three steps to build an Ada partition.

And if you check with the Ada LRM you will see that the LM promotes a 
concept of not wasting or hogging resources.  Since "gnatmake" is a 
resource hog the concept states that it should not be used. And as most 
poster say the Ada LRM is the final word.

Plus, if Adacore is sold and gutted, goes out of business, or falls out of 
favor with other companies.  The newbees need to know the concept of 
how an Ada partition is generated.  

Now just to be funny. Adacore would love to hear this but, the boss's blood 
pressure might hit the roof. That is, if the programmer said, "I do not know 
how to build a Ada program without using 'gnatmake' ".  





In <47394e4b$1@news.post.ch>, Martin Krischik <krischik@users.sourceforge.net> writes:
>anon schrieb:
>> You are missing the point. You should not assume that they need command 
>> line option until they ask for help that require that type of answer. And if 
>> there is a Ada language answer then that is the answer that should be the 
>> given. Not a simple command line answer which is vendor and/or version 
>> specific.
>> 
>> Plus, how many beginners first downloads a GNAT version that requires:
>> 
>>     gnatmake -gnato -fstack-check <name>.adb  
>> 
>> to compile a simple program!
>> 
>> Most beginners that are learning Ada just use: 
>> 
>> Note: (Linux version)
>> 
>>     gnat compile <name>.adb
>>     gnat bind <name>.ali
>>     gnat link <name>.ali
>>     ./<name>
>
>No they should taught "gnat make" - which is lot simpler - separate
>compile-bind-link cycles are not needed any more. Even in tricky cases
>like stand alone libraries or cross compilation where it was needed 3
>years ago. Today the project manager does it all for you. There is no
>reason left to learn how to do it the hard way.
>
>Also note the space - just "gnat" will give you a short on-line help.
>
>Martin
>
>-- 
>mailto://krischik@users.sourceforge.net
>Ada programming at: http://ada.krischik.com

to gnat make or not to gnat make (Was: ada compiler?)

[Martin Krischik]

anon schrieb:
> -- You have to learn to crawl before you can walk and learn the rules 
> -- to walk before you should run.

Indeed - only I think that using the GPS is crawling, "gnat make" is
walking, "gnat compile" / "gnat bind" / "gnat link" is hurdles and "gcc
-x ada" / "ld" steeplechase [1].

The reason you learn to craws first is because crawling is easier then
walking. And using the GPS is the easiest way to compile/bind/link an
Ada program using - well - gnat.

> First, GNAT may be the only Ada 2005 compiler at the movement but that 
> may change if other posters arecorrect. Second, GNAT is not the only 
> compiler in use today, people are still using Ada 95 from other vendors. 
> Software vedors like GHS, IBM, and Janas have Ada compilers and not one 
> of them use "gnatmake".  But all vendors including Adacore uses a version 
> of the three steps to build an Ada partition.

Well, ObjectAda has an IDE and uses some form of project manager.

> And if you check with the Ada LRM you will see that the LM promotes a 
> concept of not wasting or hogging resources.  Since "gnatmake" is a 
> resource hog the concept states that it should not be used. And as most 
> poster say the Ada LRM is the final word.

I see, you have not dug deep enough into the workings of "gnat". Have a
look at the help page:

----------------------------------------------------------------------
GNAT GPL 2007 (20070405-41)

Copyright 1996-2007, Free Software Foundation, Inc.



List of available commands



gnat bind               gnatbind

gnat chop               gnatchop

gnat clean              gnatclean

gnat compile            gnatmake -f -u -c

gnat check              gnatcheck

gnat elim               gnatelim

gnat find               gnatfind

gnat krunch             gnatkr

gnat link               gnatlink

gnat list               gnatls

gnat make               gnatmake

gnat metric             gnatmetric

gnat name               gnatname

gnat preprocess         gnatprep

gnat pretty             gnatpp

gnat stack              gnatstack

gnat stub               gnatstub

gnat xref               gnatxref



Commands find, list, metric, pretty, stack, stub and xref accept project
file switches -vPx, -Pprj an
d -Xnam=val



----------------------------------------------------------------------

"gnat compile" is an alias name for "gnatmake -f -u -c" - So the only
way to avoid "gnatmake" is using "gcc -x ada".

> Plus, if Adacore is sold and gutted, goes out of business, or falls out of 
> favor with other companies.  The newbees need to know the concept of 
> how an Ada partition is generated.  

But they don't need to use the actual commands - they are too different
between two compilers systems anyway. (I use DecAda as well).

> Now just to be funny. Adacore would love to hear this but, the boss's blood 
> pressure might hit the roof. That is, if the programmer said, "I do not know 
> how to build a Ada program without using 'gnatmake' ".  

I know in theory how to compile an Ada program using "gcc -x ada" - but
I can live without turning that theoretical knowledge into practical use.

Martin

[1] http://en.wikipedia.org/wiki/Steeplechase_%28athletics%29
-- 
mailto://krischik@users.sourceforge.net
Ada programming at: http://ada.krischik.com

Re: ada compiler?

[Ludovic Brenta]

Jeffrey R. Carter writes:
> Georg Bauhaus wrote:
>>
>> Wouldn't this be even more evidence in favor of having
>> -gnato -fstack-check on by default? If someone begins
>> learning Ada and then notices that the promised overflow
>> checking doesn't take place, what will be the reaction?
>
> There have been a number of threads here dealing with just that:
> people asking why GNAT didn't give the expected behavior, generally
> because they didn't compile with -gnato.

I'm starting to consider such a change for Debian gnat.  Overflow
checks can be disabled explicitly with -gnatp or pragma Suppress.
However, some programs don't compile with -fstack-check because some
stack frames are "too big" (whatever that means).  Thoughts?

-- 
Ludovic Brenta.

Re: ada compiler?

[Adam Beneschan]

On Nov 12, 7:16 pm, "John W. Kennedy" <jwke...@attglobal.net> wrote:
> Adam Beneschan wrote:
> > I've noticed that in the argument that has ensued from this post (yes
> > it works fine, no it doesn't, it's real Ada, it isn't, it's high-
> > integrity or low-integrity mode blah blah blah), nobody has mentioned
> > what platform they're running on.
>
> T'Machine_overflows

I don't know what your point is.  First of all, we're talking about
integer overflow, and T'Machine_Overflows isn't defined for integers.
It's defined for floating-point and fixed-point types only.  (Check
the manual.)  Second, the issue is that some people are saying that
the integer-overflow check works for them, using GNAT, even when they
don't use -gnato, and my point was that it's reasonable to suppose
that this might be true for some platforms and not others; the
question wasn't about how to write a program that switches logic
depending on whether integer overflow is detected without programming
overhead or not, or anything of that nature.

                           -- Adam

Re: ada compiler?

[Simon Wright]

<adaworks@sbcglobal.net> writes:

> "Bill Cunningham" <nospam@nspam.com> wrote in message 
> news:A75Zi.24$Vp3.16@trnddc05...
>>    I have just began looking at the ada language and some tutorials
>> but I have no idea how to compile ada programs. I am using gcc with
>> C,C++, and Ada support. Do Ada programs have to end in .ads ? How
>> do I work the compiler?
>>
> Ada programs are not required to end in .adb or .ads.  This is a
> convention adopted by GNAT.  Seom compilers allow files to end in
> any extension you want to choose.  Also, GNAT requires that the
> internal name match the file name.  This is also a convention unique
> to GNAT.  Other compilers allow a mismatch between the internal name
> and the external name.

GNAT doesn't normally mind too much if the main program has the wrong
name; I just saved the normal Hello program as hi.ada and gnatmake
said

   grendel:~/tmp simon$ gnatmake hi.ada
   gcc -c -x ada hi.ada
   hi.ada:2:11: warning: file name does not match unit name, should be "hello.adb"
   gnatbind -x hi.ali
   gnatlink hi.ali
   grendel:~/tmp simon$ ./hi 
   hello.

You do have to jump through hoops if you want this to work with
with'ed units, though.

--S

Re: ada compiler?

[Simon Wright]

anon@anon.org (anon) writes:

> First, GNAT may be the only Ada 2005 compiler at the movement but
> that may change if other posters arecorrect. Second, GNAT is not the
> only compiler in use today, people are still using Ada 95 from other
> vendors.  Software vedors like GHS, IBM, and Janas have Ada
> compilers and not one of them use "gnatmake".  But all vendors
> including Adacore uses a version of the three steps to build an Ada
> partition.

It does me no good to know how to invoke the components of a GNAT
build session if I'm using Object Ada.

I suppose you don't use gcc either; cccp, cc1, as, ld? No, I thought
not.

> And if you check with the Ada LRM you will see that the LM promotes a 
> concept of not wasting or hogging resources.  Since "gnatmake" is a 
> resource hog the concept states that it should not be used. And as most 
> poster say the Ada LRM is the final word.

Please quote chapter and verse (ie, I think you are making this up).

> Now just to be funny. Adacore would love to hear this but, the
> boss's blood pressure might hit the roof. That is, if the programmer
> said, "I do not know how to build a Ada program without using
> 'gnatmake' ".

Since the boss has never heard of gnatmake I don't think you are
correct in this scenario.

The boss would be really pissed off if people were wasting their time
using gcc, gnatbind, gnatlink as you suggest when there is a perfectly
adequate tool ie gnatmake which suits 99% of the uses.

Re: to gnat make or not to gnat make (Was: ada compiler?)

[anon]

You better learn how things work:

'gnat compile' is equivalent to using 'gnatmake -f -u' but it does not 
call 'gnatmake' program.

Plus, 'gnatmake' perform it compiling in serial only. But a user can 
executes multiple 'gnat compile' in background which speeds up compiling. 
Which means using 'gnatmake' can be considered as inefficient execution 
which is against the RM. Using multiple compiles alone is worth the time 
to use 'gnat compile'.



Resource usage:

The 'gnat compile' program requires the execution of 
    'gcc' which requires 'gnat1' and 'as' (4 programs in memory)

'gnatbind' is stand-alone partition. (1 programs in memory)

Then the 'gnatlink' program requires the execution of 
    'gcc' which requires 'gnat1' and 'as' afterwards use ld
    (5 programs in memory)


Now the 'gnatmake' program requires the execution of
    'gcc' which requires 'gnat1' and 'as' also, an additional
    copy of the "gcc-gnat1-as' for each additional package 
    executed. (7 programs in memory)

    Then 'gnatmake' executes the 'gnatbind' (2 programs in memory)

    Then 'gnatmake' executes the 'gnatlink' which executes
    'gcc' which requires 'gnat1' and 'as' afterwards use ld
     (6 programs in memory)

Which means that 'gnatmake' requires the resources of at least 7 programs 
while 'gnat compile' requires 4.  Which proves that 'gnat compile' is more 
efficient to use.  You could in the "GNU GCC" system reduces the 
resources to 3 by using 'gcc -c <name>.ad[b|s]'. But that even strengthen 
the concept that 'gnatmake' should never be used.  


And just to be funny about it. Why blame the computer when the boss 
see you goofing-off. Finish the job early and take the next day off 
with pay. Use parallel compiling!



In <47396fb1$1@news.post.ch>, Martin Krischik <krischik@users.sourceforge.net> writes:
>anon schrieb:
>> -- You have to learn to crawl before you can walk and learn the rules 
>> -- to walk before you should run.
>
>Indeed - only I think that using the GPS is crawling, "gnat make" is
>walking, "gnat compile" / "gnat bind" / "gnat link" is hurdles and "gcc
>-x ada" / "ld" steeplechase [1].
>
>The reason you learn to craws first is because crawling is easier then
>walking. And using the GPS is the easiest way to compile/bind/link an
>Ada program using - well - gnat.
>
>> First, GNAT may be the only Ada 2005 compiler at the movement but that 
>> may change if other posters arecorrect. Second, GNAT is not the only 
>> compiler in use today, people are still using Ada 95 from other vendors. 
>> Software vedors like GHS, IBM, and Janas have Ada compilers and not one 
>> of them use "gnatmake".  But all vendors including Adacore uses a version 
>> of the three steps to build an Ada partition.
>
>Well, ObjectAda has an IDE and uses some form of project manager.
>
>> And if you check with the Ada LRM you will see that the LM promotes a 
>> concept of not wasting or hogging resources.  Since "gnatmake" is a 
>> resource hog the concept states that it should not be used. And as most 
>> poster say the Ada LRM is the final word.
>
>I see, you have not dug deep enough into the workings of "gnat". Have a
>look at the help page:
>
>----------------------------------------------------------------------
>GNAT GPL 2007 (20070405-41)
>
>Copyright 1996-2007, Free Software Foundation, Inc.
>
>
>
>List of available commands
>
>
>
>gnat bind               gnatbind
>
>gnat chop               gnatchop
>
>gnat clean              gnatclean
>
>gnat compile            gnatmake -f -u -c
>
>gnat check              gnatcheck
>
>gnat elim               gnatelim
>
>gnat find               gnatfind
>
>gnat krunch             gnatkr
>
>gnat link               gnatlink
>
>gnat list               gnatls
>
>gnat make               gnatmake
>
>gnat metric             gnatmetric
>
>gnat name               gnatname
>
>gnat preprocess         gnatprep
>
>gnat pretty             gnatpp
>
>gnat stack              gnatstack
>
>gnat stub               gnatstub
>
>gnat xref               gnatxref
>
>
>
>Commands find, list, metric, pretty, stack, stub and xref accept project
>file switches -vPx, -Pprj an
>d -Xnam=val
>
>
>
>----------------------------------------------------------------------
>
>"gnat compile" is an alias name for "gnatmake -f -u -c" - So the only
>way to avoid "gnatmake" is using "gcc -x ada".
>
>> Plus, if Adacore is sold and gutted, goes out of business, or falls out of 
>> favor with other companies.  The newbees need to know the concept of 
>> how an Ada partition is generated.  
>
>But they don't need to use the actual commands - they are too different
>between two compilers systems anyway. (I use DecAda as well).
>
>> Now just to be funny. Adacore would love to hear this but, the boss's blood 
>> pressure might hit the roof. That is, if the programmer said, "I do not know 
>> how to build a Ada program without using 'gnatmake' ".  
>
>I know in theory how to compile an Ada program using "gcc -x ada" - but
>I can live without turning that theoretical knowledge into practical use.
>
>Martin
>
>[1] http://en.wikipedia.org/wiki/Steeplechase_%28athletics%29
>-- 
>mailto://krischik@users.sourceforge.net
>Ada programming at: http://ada.krischik.com

Re: to gnat make or not to gnat make

[Simon Wright]

anon@anon.org (anon) writes:

> Plus, 'gnatmake' perform it compiling in serial only. But a user can
> executes multiple 'gnat compile' in background which speeds up
> compiling.  Which means using 'gnatmake' can be considered as
> inefficient execution which is against the RM. Using multiple
> compiles alone is worth the time to use 'gnat compile'.

I suggest you look up the -n switch to gnatmake.

And I would say that if your program is so small that you can afford
to 

   loop
      gnat compile a unit
      gnat bind
      exit when it finally tells you you haven't forgotten anything
   end loop

you have a pretty small problem, so you might as well forget about
demonstrating your cleverness and use gnatmake.

Re: ada compiler?

[Jacob Sparre Andersen]

Ludovic Brenta wrote:
>> Georg Bauhaus wrote:

>>> Wouldn't this be even more evidence in favor of having -gnato
>>> -fstack-check on by default?

> I'm starting to consider such a change for Debian gnat.  Overflow
> checks can be disabled explicitly with -gnatp or pragma Suppress.
> However, some programs don't compile with -fstack-check because some
> stack frames are "too big" (whatever that means).  Thoughts?

Would it be too big a change to add a new option to negate a default
"-fstack-check"?

I can only remember a _warning_ about a too big stack frame; not a
plain compilation error.  Are you sure programs actually don't compile
because of too big stack frames in some cases?

Greetings,

Jacob
-- 
"It ain't rocket science!"

Re: ada compiler?

[Georg Bauhaus]

Jacob Sparre Andersen wrote:

> I can only remember a _warning_ about a too big stack frame; not a
> plain compilation error.  Are you sure programs actually don't compile
> because of too big stack frames in some cases?

The message says something to the effect that stack checking
won't be reliable with large stack frames (where large seems
to start at N_000 sized arrays, say).

Also, -fstack-check is a GCC option, not GNAT-specific. Maybe some
new technology is built into GCC (speculation); as always, most
GCC technologists get inspiration from the Pascal branch of
languages--later.

Re: to gnat make or not to gnat make (Was: ada compiler?)

[Georg Bauhaus]

anon wrote:
> You better learn how things work:
> 
> 'gnat compile' is equivalent to using 'gnatmake -f -u' but it does not 
> call 'gnatmake' program.

I think that yes it does.

D:\work>gnat -v make run.adb
D:\opt\GNAT\2007\bin\gnatmake.exe run.adb
gcc -c run.adb
run.adb:6:09: warning: variable "common" is read but never assigned
gcc -c danger.adb
gnatbind -x run.ali
gnatlink run.ali

Re: ada compiler?

[Ludovic Brenta]

Georg Bauhaus wrote:
> Jacob Sparre Andersen wrote:
> > I can only remember a _warning_ about a too big stack frame; not a
> > plain compilation error.  Are you sure programs actually don't compile
> > because of too big stack frames in some cases?

You are correct; it is only a warning. However, if one subprogram has
"unreliable" (whatever that means) stack checking, then the entire
program has "unreliable" stack checking and I'm not sure it is a good
idea to turn that on by default. Also, if a stack overflow results in
a SEGV (instead of Storage_Error), I don't clearly see the functional
difference i.e. the stack overflow gets caught either way. Unless of
course I'm missing something.

> The message says something to the effect that stack checking
> won't be reliable with large stack frames (where large seems
> to start at N_000 sized arrays, say).
>
> Also, -fstack-check is a GCC option, not GNAT-specific.

Yes and as with all -f options in GCC, one can explicitly turn it off
with -fno-stack-check.

> Maybe some
> new technology is built into GCC (speculation); as always, most
> GCC technologists get inspiration from the Pascal branch of
> languages--later.

Agreed.

--
Ludovic Brenta.

Re: ada compiler?

[Georg Bauhaus]

On Wed, 2007-11-14 at 02:26 -0800, Ludovic Brenta wrote:
>  Also, if a stack overflow results in
> a SEGV (instead of Storage_Error), I don't clearly see the functional
> difference i.e. the stack overflow gets caught either way. 

But who catches? A player in the game (Ada partition),
or someone in the stadium (OS)?

Assume the desired bahavior is this. A message is emitted by
calling Storehouse.Notify in the exception handler below,
shouting "Hey! You!".

$ ./attempt 
Hey! You!

raised STORAGE_ERROR : stack overflow detected


Executable translated without -fstack-check:

$ ./attempt 
Segmentation fault (core dumped)

How would the other task (Storehouse) learn about the failure in
this case?

with Storehouse;

procedure attempt is

   type A is array (Positive range <>) of Natural;

   function Get_N return Positive is separate;

   function make_array return A is
      result : A (1 .. Get_N);
   begin
      return result;
   end make_array;

begin

   Sandbox : declare
      x : A := make_array;
   begin
      x (x'First) := x (x'Last);
   end Sandbox;

exception
   when Storage_Error =>
      Storehouse.Notify;  -- Hey! You!
      raise;
end attempt;

Re: ada compiler?

[Ludovic Brenta]

On Nov 14, 1:25 pm, Georg Bauhaus <rm.tsoh+bauh...@maps.futureapps.de>
wrote:
> On Wed, 2007-11-14 at 02:26 -0800, Ludovic Brenta wrote:
> >  Also, if a stack overflow results in
> > a SEGV (instead of Storage_Error), I don't clearly see the functional
> > difference i.e. the stack overflow gets caught either way.
>
> But who catches? A player in the game (Ada partition),
> or someone in the stadium (OS)?

But if the stack is exhausted or nearly so (perhaps because the last
in a long series of recursive calls raises Storage_Error), chances are
high that the exception handler itself will overflow the stack (e.g.
passing your string "Hey! You!" to a procedure might itself cause a
stack overflow). This, in my view, greatly reduces the benefit of the
exception. Also, what if raising the exception requires some stack
space? Maybe I should have said that explicitly.

--
Ludovic Brenta.

Re: ada compiler?

[Georg Bauhaus]

On Wed, 2007-11-14 at 07:09 -0800, Ludovic Brenta wrote:

> But if the stack is exhausted or nearly so (perhaps because the last
> in a long series of recursive calls raises Storage_Error), chances are
> high that the exception handler itself will overflow the stack (e.g.
> passing your string "Hey! You!" to a procedure might itself cause a
> stack overflow). This, in my view, greatly reduces the benefit of the
> exception. Also, what if raising the exception requires some stack
> space? Maybe I should have said that explicitly.

No, these are matters of course, and they are mentioned in the RM.

However, I prefer being given a chance to run some emergency code,
even knowing that I cannot in general rely on anything
in the presence of Storage_Error (or exceptions with -O, for that
matter). Perhaps I should mention that the programs that I have
in mind are more mundane than hard real-time control programs.

Thus I can afford more optimistic attempts at recovery,
using exception handling rather than invoking, well, something
outside the program.

I think it is better to try something in case of a detected
error than
- have service personnel (if any) say F,
- pick up the next phone (if any) or micro (if functional),
- call the other end (if someone is there and has a phone/ear~s),
- ...

I could also try to have the operating system (if any; well, we
have Debian in this case) react to the SEGV (if possible)
and trigger something else (if possible; load might be high
already, though, persistance is futile ...)  But, ... I can do that,
too, if the program exits "more normally" as a consequence of
an exception.

Right now I don't remember exactly what happens to files
still open when a Linux Ada executable is brought
to a halt by a segmentation violation. Is it better to exit
"more normally"?

And what is more, the program shown is only trying
to allocate a larger chunk of memory. What should stop
programmers from at least trying to allocate larger objects in
a (more or less) controlled fashion?

A related example:

 declare
    Long_String: String_Access;
 begin
       Long_String := new String'(Lots);

 exception
    when Storage_Error =>
          -- trouble ahead? But anyway, we may be
          -- able to try something else, again.
          -- Maybe decrease Lots.
          ...
  end;

I also remember (vaguely) that in those days (Turbo Pascal?) we were
asked to do something similar, make sure that handlers (of interrupts?)
would not need more storage than was allocated before the program
would start. As the previous program has shown, there is no guarantee
that a simple exception handler must fail in the presence of
Storage_Error.  There are programs where optimism is a necessary
attitude.

Re: ada compiler?

[Ludovic Brenta]

Georg Bauhaus wrote:
> On Wed, 2007-11-14 at 07:09 -0800, Ludovic Brenta wrote:
> > But if the stack is exhausted or nearly so (perhaps because the last
> > in a long series of recursive calls raises Storage_Error), chances are
> > high that the exception handler itself will overflow the stack (e.g.
> > passing your string "Hey! You!" to a procedure might itself cause a
> > stack overflow). This, in my view, greatly reduces the benefit of the
> > exception. Also, what if raising the exception requires some stack
> > space? Maybe I should have said that explicitly.
>
> No, these are matters of course, and they are mentioned in the RM.

Not really. 11.5(23) says that a stack overflow raises Storage_Error
but, since the stack has overflowed, I'm not convinced that the
exception can still be raised, propagated and handled properly. The RM
is silent about that part and I believe this is an implementation
issue.

> However, I prefer being given a chance to run some emergency code,
> even knowing that I cannot in general rely on anything
> in the presence of Storage_Error (or exceptions with -O, for that
> matter). Perhaps I should mention that the programs that I have
> in mind are more mundane than hard real-time control programs.

The gnat package in Debian is for mundane programs; if you write
safety-critical software, you use a supported and certified compiler.
So, enabling -fstack-check by default is a viable option that I am
considering.  Like I said earlier, it would still be possible to
disable stack checking by saying -fno-stack-check explicitly.

You say that -fstack-check and the Storage_Error allow you to try and
"recover" but I'm not convinced that recovery is possible after a
stack overflow. In fact, I'm not even convinced that exception
propagation can be relied on after a stack overflow. Heap overflows
are different, of course, and are not affected by -fstack-check. Your
latest example was a heap overflow and therefore off-topic.

Does someone here know GNAT internals in sufficient detail as to
enlighten us? Also can someone explain what "reliable" stack checking
is in GNAT parlance?

--
Ludovic Brenta.

Re: ada compiler?

[Britt Snodgrass]

On Nov 12, 6:20 pm, <adawo...@sbcglobal.net> wrote:
>> Ada programs are not required to end in .adb or .ads.  This is a convention
> adopted by GNAT.   Seom compilers allow files to end in any extension
> you want to choose.   Also, GNAT requires that the internal name match
> the file name.  This is also a convention unique to GNAT.  Other compilers
> allow a mismatch between the internal name and the external name.

GNAT defaults to insisting on ".ads" and ".adb", but it is possible to
configure GNAT to use any filename convention including the ".1.ada"
and ".2.ada" convention required by Apex.  This is all described in
the "Alternative File Naming Schemes" and "Handling Arbitrary File
Naming Conventions Using gnatname" sections of the GNAT Users Manual.

I have used GNAT with the Apex file name convention in the past and it
works fine.

-- Britt

Re: ada compiler?

[Georg Bauhaus]

On Wed, 2007-11-14 at 08:36 -0800, Ludovic Brenta wrote:

>  Heap overflows
> are different, of course, and are not affected by -fstack-check. Your
> latest example was a heap overflow and therefore off-topic.

Heap overflow seems entirely unrelated at first sight, but in
two ways it needs to be considered here, I think.

First, the -fstack-check warning suggests, in a sense, to use allocators
and pointers instead of direct objects. When a programmer interprets
the warning this way and starts using pointers, -f[no]-stack-check
is likely to affect the structure of his/her Ada program.

Second, there is a limit to the *sum* of stack memory and heap
memory. ;-) Whatever that means at an implementation level.

> Does someone here know GNAT internals in sufficient detail as to
> enlighten us? Also can someone explain what "reliable" stack checking
> is in GNAT parlance?

I 2nd the request.

Re: ada compiler?

[Georg Bauhaus]

On Wed, 2007-11-14 at 08:36 -0800, Ludovic Brenta wrote:

>  Heap overflows
> are different, of course, and are not affected by -fstack-check. Your
> latest example was a heap overflow and therefore off-topic.

Heap overflow seems entirely unrelated at first sight, but in
two ways it needs to be considered here, I think.

First, the -fstack-check warning suggests, in a sense, to use allocators
and pointers instead of direct objects. When a programmer interprets
the warning this way and starts using pointers, -f[no]-stack-check
is likely to affect the structure of his/her Ada program.

Second, there is a limit to the *sum* of stack memory and heap
memory. ;-) Whatever that means at an implementation level.

> Does someone here know GNAT internals in sufficient detail as to
> enlighten us? Also can someone explain what "reliable" stack checking
> is in GNAT parlance?

I 2nd the request.

Re: ada compiler?

[anon]

Note to Ludovic Brenta! I will post an answer for you tonight. Actually 
it can be done with altering a couple lines of code.  And rebuilding of 
the compiler. The first part is in "System.ads" and is documented in 
this post. For you look for <Part 1>  . 

Now for others:

The discussion was about rather a person should teach a newness to use

  gnatmake -gnato -fstack-check <name>

at first. Or wait to see if they need the 

    -fstack-check

option.  The RM considers this to be the nonstandard way!

Note: There are two version of "stack checking". The '-fstack-check' 
is a GNAT compiler option while '-lfstack-check; is a GCC linker 
option.  They work a little differently.  The GNAT version includes an 
Ada written stack checking code.  While the GCC version uses GCC 
built-in routines.

So, should a newbee they be taught to use command line option or 
be taught to use the Ada Standard pragma:

  pragma Linker_Options ( "-fstack-check" ) ;

within the main procedure and skip using the command line option. 
This way the option is documented and can be easily commented to 
aid the software maintainers. And this version uses the GCC stack 
checking routine.


<Part 1>

But To answer your question. In GNAT it is possible to set the stack 
checking to default by just changing the statement:

   Stack_Check_Default       : constant Boolean := False;

to 'True' in the private section of the "System.ads". Then rebuild the 
'Adalib'.  Should take less than 20 minutes. This adds by default the 
GNAT version of stack_checking. Then to test it use the '-RTS' 
command line option.  Using alternative libraries is this way 
that Ada RM suggest it, be done.

Also, in the GNAT "VMS / POSIX / LYNXOS" runtime code there is a 
special procedure that handles the stack checking, in the other 
versions the procedure just contains a "null' statement. 
<end Part 1>

This default could be easy be included as an option in the build 
configuration script for GCC.  But its already there, been there 
for longer than 10 years for GCC! 

The problem is that most people just download a stocked binary 
version of GNAT which defaults to no stack checking and look to 
the old 'C' language way to handle things aka command line option. 

The bigger issue is, in Ada the programmer should know and allocate 
the correct amount of stack and other memory needed which is also 
implied in the RM of writting efficient code.


In <yger6ite2fu.fsf@hugsarin.dmusyd.edu>, Jacob Sparre Andersen <sparre@nbi.dk> writes:
>Ludovic Brenta wrote:
>>> Georg Bauhaus wrote:
>
>>>> Wouldn't this be even more evidence in favor of having -gnato
>>>> -fstack-check on by default?
>
>> I'm starting to consider such a change for Debian gnat.  Overflow
>> checks can be disabled explicitly with -gnatp or pragma Suppress.
>> However, some programs don't compile with -fstack-check because some
>> stack frames are "too big" (whatever that means).  Thoughts?
>
>Would it be too big a change to add a new option to negate a default
>"-fstack-check"?
>
>I can only remember a _warning_ about a too big stack frame; not a
>plain compilation error.  Are you sure programs actually don't compile
>because of too big stack frames in some cases?
>
>Greetings,
>
>Jacob
>-- 
>"It ain't rocket science!"

Re: ada compiler?

[Ludovic Brenta]

Georg Bauhaus writes:
> Heap overflow seems entirely unrelated at first sight, but in
> two ways it needs to be considered here, I think.
>
> First, the -fstack-check warning suggests, in a sense, to use allocators
> and pointers instead of direct objects. When a programmer interprets
> the warning this way and starts using pointers, -f[no]-stack-check
> is likely to affect the structure of his/her Ada program.

No, I don't think -fstack-check suggests changing the program in any
way.  All it does is insert extra run-time checks.  You then convert
stack allocation into heap allocation only if and when necessary.  I
for one almost never use pointers, even in general-purpose
(non-safety-critical) programs because I like to use the scope of
variables to handle memory and accessibility for me.  I see access
values and heap allocation as a necessary evil for dynamic data
structures, and for the occasional very large array that won't fit on
the stack anyway.

-- 
Ludovic Brenta.

Re: ada compiler?

[Niklas Holsti]

Ludovic Brenta wrote:
> On Nov 14, 1:25 pm, Georg Bauhaus <rm.tsoh+bauh...@maps.futureapps.de>
> wrote:
> 
>>On Wed, 2007-11-14 at 02:26 -0800, Ludovic Brenta wrote:
>>
>>> Also, if a stack overflow results in
>>>a SEGV (instead of Storage_Error), I don't clearly see the functional
>>>difference i.e. the stack overflow gets caught either way.
>>
>>But who catches? A player in the game (Ada partition),
>>or someone in the stadium (OS)?
> 
> 
> But if the stack is exhausted or nearly so (perhaps because the last
> in a long series of recursive calls raises Storage_Error), chances are
> high that the exception handler itself will overflow the stack (e.g.
> passing your string "Hey! You!" to a procedure might itself cause a
> stack overflow). This, in my view, greatly reduces the benefit of the
> exception. Also, what if raising the exception requires some stack
> space? Maybe I should have said that explicitly.

My wishlist for stack checking support in Ada compilers:

Storage_Error should be raised a bit before the stack is fully 
exhausted. The amount of "reserve" stack-space left at that point 
should be configurable by an option or an environment variable to 
an (application-specific) value that lets the exception be raised 
and handled.

While the exception is being propagated and handled (that is, while 
it is possible to say "raise;") the application should be able to 
use the reserve stack capacity (with possibly a Segmentation 
Violation if the reserve capacity is exhausted).

Normal checking rules (respecting the reserve capacity) should 
return into force when the exception has been handled (when it is 
no longer possible to reraise the exception).

But I have no idea how hard that would be to implement...

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .

Re: ada compiler?

[Georg Bauhaus]

Ludovic Brenta wrote:
> Georg Bauhaus writes:
>> Heap overflow seems entirely unrelated at first sight, but in
>> two ways it needs to be considered here, I think.
>>
>> First, the -fstack-check warning suggests, in a sense, to use allocators
>> and pointers instead of direct objects. When a programmer interprets
>> the warning this way and starts using pointers, -f[no]-stack-check
>> is likely to affect the structure of his/her Ada program.
> 
> No, I don't think -fstack-check suggests changing the program in any
> way. 

(I thought that the *warning* might suggest that. Like so:
Ehr, not reliable when stack checking is turned on and the
local array is not trivially small? Uhm, o.K., o.K., then
I will use an allocator instead. After all, Ada culture
asks you to be serious about compiler warnings.)

Anyway, some hints in here:
http://gcc.gnu.org/ml/gcc-patches/2006-11/msg01846.html

Perhaps -fstack-check warning is temporary and platform dependent;
can affect interfacing to C programs; introduces surprises when
moving to another platform; makes Ada reputation--to not
generate SEGV but an exception and such--depend on knowing the
switches; ...

My vote would be cast for at least the effect of -gnato in Debian GNAT.
Maybe the gnat installation script can display a warning box
brining this to Debian Ada users' attention.

Big thanks for bringing this up!

Re: ada compiler?

[Samuel Tardieu]

>>>>> "Ludovic" == Ludovic Brenta <ludovic@ludovic-brenta.org> writes:

Ludovic> Does someone here know GNAT internals in sufficient detail as
Ludovic> to enlighten us? Also can someone explain what "reliable"
Ludovic> stack checking is in GNAT parlance?

You have two ways of doing stack checking:

 1- at the GCC level by checking the stack at the entry of every
    subprogram and comparing it to a thread/task specific marker; this
    is costly

 2- at the OS level by mapping a page after the stack which does not
    allow either reads or writes to the page (or, when this is not
    possible, which doesn't allow writes)

Let me describe how solution 2 is implemented, assuming the stack
grows downwards: (from higher to lower addresses)

     |
     | Stack for task T1
     |
     v
     |
     | Allowed space for stack for task T1
     |
     -
     |
     | Protected memory page
     |
     -
     |
     | Stack for task T2
     |
     v
     
If stack for task T1 slowly grows downwards, it will eventually reach
the protected memory page and raise a SIGSEGV to represent the access
violation.

However, if you allocate an object on stack T1 larger than the
remaining task space + the size of a protected memory page, then you
may end up with something looking like: (say a large T1Obj array is
allocated on the stack)

     |
     | Stack for task T1
     |
     | Return address for previous function call
     | Stack frame (I won't detail here what it is) for current funcall
     | Address of T1Obj[6]
     | Address of T1Obj[5]
     -
     | Address of T1Obj[4]
     | Address of T1Obj[3]   Protected memory page
     | Address of T1Obj[2]
     - 
     | Address of T1Obj[1]
     | Stack for task T2
     |
     v

You may then write T1Obj[1] without triggering a memory protection
error and overwrite the stack of task T2 without noticing. If you
modify only T1Obj[1] and return, you will leave T2 with a corrupted
task.

So to make this scheme work, every subprogram must use a stack area
smaller than a page size (typically 4KB, but this may vary from system
to system and you may also have pages of different sizes to reduce the
number of MMU [memory management unit] lookups that you need to map
your process virtual address space into the physical+swap address space).

I have not checked if GNAT knows how to mix those two schemes, i.e. if
it can generate a call to Stack_Check only in functions where the local
stack area is large enough to mandate the check and in subprograms
callable from other languages (because they may have had the same
problem and not done the check themselves -- in case of problems, the
program should be aborted as other stacks may already have been
corrupted).

An obvious improvement would be to increase the number of protected
memory pages between different stacks. However, this would reduce the
number of tasks that you can run simultaneously because on a 32 bits
system you have access to a maximum 4GB of addressable memory from any
processus (usually 3GB under Linux for example).

Does that answer your question?

  Sam
-- 
Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/

Re: ada compiler?

[tmoran]

>You have two ways of doing stack checking:
  Is the variable sized segment of the 386 unavailable?

Stack checking in GNAT (was: ada compiler?)

[Ludovic Brenta]

Samuel Tardieu writes:
> You have two ways of doing stack checking:
>
>  1- at the GCC level by checking the stack at the entry of every
>     subprogram and comparing it to a thread/task specific marker; this
>     is costly
>
>  2- at the OS level by mapping a page after the stack which does not
>     allow either reads or writes to the page (or, when this is not
>     possible, which doesn't allow writes)

[detailed explanation]

> Does that answer your question?

Yes, thank you very much.  It seems that I can enable or disable stack
checking, and select from the two methods above, by patching some
flags in System and Targparm.  In System:

   Stack_Check_Default       : constant Boolean := False;
   Stack_Check_Probes        : constant Boolean := False;

Stack_Check_Default is True only on VMS.

Stack_Check_Probes is True only on VMS, IRIX, MinGW, Solaris and Tru64
Unix (it depends on the OS, not the processor).

And in Targparm.ads:

   Stack_Check_Probes_On_Target : Boolean := False;
   --  Indicates if stack check probes are used, as opposed to the standard
   --  target independent comparison method.

(the "stack check probes" are method 2, the "standard target
independent comparison method" is method 1)

   Stack_Check_Default_On_Target : Boolean := False;
   --  Indicates if stack checking is on by default

I don't understand the difference between the flags in System and
those in Targparm (i.e. why are there two sets of flags, and what
happens if their values are different?).  Also I am curious to know
what would be the effect of changing these flags in Debian.  Can you
help?

-- 
Ludovic Brenta.

Re: Stack checking in GNAT

[Samuel Tardieu]

>>>>> "Ludovic" == Ludovic Brenta <ludovic@ludovic-brenta.org> writes:

Ludovic> I don't understand the difference between the flags in System
Ludovic> and those in Targparm (i.e. why are there two sets of flags,
Ludovic> and what happens if their values are different?).

The Targparm package can be seen as a quick system.ads parser. To
avoid a full semantic analysis of system.ads, Targparm reads it and
set its options from system.ads. This is why you should be extra
careful when modifying system.ads, even the indentation has to be
correct to be understood by Targparm (note that system.ads may not be
replaced by the user so this is a perfectly right way to do this for
GNAT).

You can see values in Targparm as default values in case nothing
corresponding is found in system.ads. So any change you make must
definitely be in system.ads.

Ludovic> Also I am curious to know what would be the effect of
Ludovic> changing these flags in Debian.

The effect would be disastrous for people handling bug reports from
Debian users submitted to http://gcc.gnu.org/bugzilla/ :)

If you want to change a flag, I would suggest that you try to get it
changed in the GCC distribution rather than doing Debian specific
changes.

  Sam
-- 
Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/

Re: Stack checking in GNAT

[Ludovic Brenta]

Samuel Tardieu writes:
> Ludovic> Also I am curious to know what would be the effect of
> Ludovic> changing these flags in Debian.
>
> The effect would be disastrous for people handling bug reports from
> Debian users submitted to http://gcc.gnu.org/bugzilla/ :)
>
> If you want to change a flag, I would suggest that you try to get it
> changed in the GCC distribution rather than doing Debian specific
> changes.

OK.  I have filed two new bug reports in GCC's bugzilla:

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34117
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34118

If you support these requests, please post a comment in these bugs.
The more supporters, the more likely it is that GCC maintainers will
accept the change.  I anticipate some opposition, too, along the lines
of "it breaks backward compatibility" and "it is too CPU-intensive".

-- 
Ludovic Brenta.

Re: ada compiler?

[Randy Brukardt]

"Ludovic Brenta" <ludovic@ludovic-brenta.org> wrote in message
news:1195058211.682783.288340@d55g2000hsg.googlegroups.com...
> Georg Bauhaus wrote:
> > On Wed, 2007-11-14 at 07:09 -0800, Ludovic Brenta wrote:
> > > But if the stack is exhausted or nearly so (perhaps because the last
> > > in a long series of recursive calls raises Storage_Error), chances are
> > > high that the exception handler itself will overflow the stack (e.g.
> > > passing your string "Hey! You!" to a procedure might itself cause a
> > > stack overflow). This, in my view, greatly reduces the benefit of the
> > > exception. Also, what if raising the exception requires some stack
> > > space? Maybe I should have said that explicitly.
> >
> > No, these are matters of course, and they are mentioned in the RM.
>
> Not really. 11.5(23) says that a stack overflow raises Storage_Error
> but, since the stack has overflowed, I'm not convinced that the
> exception can still be raised, propagated and handled properly. The RM
> is silent about that part and I believe this is an implementation
> issue.

True enough, but an implementation that couldn't raise and handle
Storage_Error (without any further operations in the handler) would fail the
ACATS (yes, this is tested, and has been all the way back to Ada 83).

One possible reaction is to unwind the broken recursion by putting the
handler outside of the recursive call. In this case, one would expect to
have no trouble handling the exception as much of the stack memory has been
freed before the handler is entered. I think anyone who did that would be on
the phone to their vendor in a hurry if that did not work (and yes, I've
been on the receiving end of such calls).

Formally, *anything* (including "null;") in an Ada program can raise
Storage_Error. But implementations generally take precautions to ensure that
it works as expected, because having the bare minimum implementation is
rarely enough in the real world.

                           Randy.

Re: ada compiler?

[Randy Brukardt]

"Samuel Tardieu" <sam@rfc1149.net> wrote in message
news:87pryb2e2k.fsf@willow.rfc1149.net...
> >>>>> "Ludovic" == Ludovic Brenta <ludovic@ludovic-brenta.org> writes:
...
> You have two ways of doing stack checking:
>
>  1- at the GCC level by checking the stack at the entry of every
>     subprogram and comparing it to a thread/task specific marker; this
>     is costly

Calling this approach "costly" is ludicrous. There is a small space cost and
the cost of a single integer compare. Compared to other subprogram linkage
costs, it isn't significant. The only time that it isn't true is only really
trivial subprograms that probably should have been inlined anyway. (I think
inlining should be performed automatically in such cases.)

Back in the very early days of Ada and RRS, we used to suppress all checking
in the runtime libraries, because of the very limited memory of the Z-80 (we
started with a 48K machine, the most you could have under vanilla CP/M was
about 61K). We quickly had a number of mysterious bugs that eventually were
traced into stack overflows occurring in the runtime system, especially
Text_IO. It quickly became apparent that the tiny space saving was not worth
the added headaches, and we quickly enabled stack checking everywhere by
removing it from the effect of pragma Checks(Off);. Indeed, for many years
we didn't even provide a way to turn it off (it got added when we
implemented pragma Suppress (Storage_Check) for Ada 95).

Yes, I've seen flaky stack behavior on Windows. But the problem wasn't with
the stack check, but rather that Windows doesn't (didn't??) allocate stack
pages until they are touched, and the stack can (could?) only be extended
one page at a time, and allocating a large array on the stack could cause
the stack to grow quickly.

I hardly ever trust an OS to do something that I can do as well, because my
experience is that the OS version does something subtly different that what
you want. Everytime. That surely applies to stack checking - I've never been
able to make an OS mechanism work "right".. (My holy grail would be an
all-Ada system, but I realize that is not practical in the real world for
the vast majority of applications - including mine.)

                                 Randy.

Re: ada compiler?

[Randy Brukardt]

"Niklas Holsti" <niklas.holsti@tidorum.invalid> wrote in message
news:473b58af$0$27815$39db0f71@news.song.fi...
...
> My wishlist for stack checking support in Ada compilers:
>
> Storage_Error should be raised a bit before the stack is fully
> exhausted. The amount of "reserve" stack-space left at that point
> should be configurable by an option or an environment variable to
> an (application-specific) value that lets the exception be raised
> and handled.
>
> While the exception is being propagated and handled (that is, while
> it is possible to say "raise;") the application should be able to
> use the reserve stack capacity (with possibly a Segmentation
> Violation if the reserve capacity is exhausted).
>
> Normal checking rules (respecting the reserve capacity) should
> return into force when the exception has been handled (when it is
> no longer possible to reraise the exception).
>
> But I have no idea how hard that would be to implement...

That's pretty close to how Janus/Ada implements, actually, but there is one
issue: given that pretty much anything can be called during the handler, and
further exceptions raised and handled, it is pretty hard to both allow the
reserve capacity to be used and then not allow it to be used. (Moreover,
that probably would cause the exception to be immediately raised instantly
when the handler completed - because the finalization handlers would
overflow - probably not what was intended.)

We obviously can't make stack checks more expensive (for obvious reasons;
one of the purposes of the reserve is to allow room for interrupt handlers
and OS calls, neither of which respect Ada task stacks),.

The amount of the reserve can be configured in the runtime system (with just
a simple recompile), but we don't have an "option" for configuring it - it
seems a rare enough need.

Of course, other runtime models (especially those using hardware checking)
would be different.

                            Randy.

Re: ada compiler?

[Randy Brukardt]

"anon" <anon@anon.org> wrote in message
news:kwd_i.94821$kj1.82854@bgtnsc04-news.ops.worldnet.att.net...
> -- You have to learn to crawl before you can walk and learn the rules
> -- to walk before you should run.
>
> First, GNAT may be the only Ada 2005 compiler at the movement but that
> may change if other posters arecorrect. Second, GNAT is not the only
> compiler in use today, people are still using Ada 95 from other vendors.
> Software vedors like GHS, IBM, and Janas have Ada compilers and not one
> of them use "gnatmake".

That's surely true. But the first thing we try to teach programmers (on page
3 of our installation instructions) is to use "make" or "jmake" to do
compiles, rather than running the compiler phases individually. We've had a
tool called "make" (or "jmake" on Unix-like systems, since "make" is already
taken) since the mid-80s, and unlike most other programming languages, it is
fully automated. The only time I use individual compile or link commands is
when debugging the compiler.

>  But all vendors including Adacore uses a version
> of the three steps to build an Ada partition.

Sure, if you want to tear your hair out rather than letting the computer do
the difficult work of calculating a legal compilation order.

> And if you check with the Ada LRM you will see that the LM promotes a
> concept of not wasting or hogging resources.  Since "gnatmake" is a
> resource hog the concept states that it should not be used. And as most
> poster say the Ada LRM is the final word.

Gee, I think I know something about the RM, and I don't recall any such
statement about the compilation environment. Could you provide a referemce?
Perhaps you are confusing a statement about the user's program as applying
to the compilation environment?  Or perhaps you are taking some
non-normative text as having some important meaning??

> Plus, if Adacore is sold and gutted, goes out of business, or falls out of
> favor with other companies.  The newbees need to know the concept of
> how an Ada partition is generated.

It's different for every Ada compiler. There's little knowledge that can be
carried over, so it simply doesn't matter.

> Now just to be funny. Adacore would love to hear this but, the boss's
blood
> pressure might hit the roof. That is, if the programmer said, "I do not
know
> how to build a Ada program without using 'gnatmake' ".

*I* barely remember how to build an Ada program using Janus/Ada commands
other than "make", and I *designed* and *wrote* much of Janus/Ada!!
Obviously, there is value to knowing alternative ways of doing things, but
they should very rarely be needed. It's probably better to spend your
learning things that you'll actually use in your job, but what do I know.
;-)

                        Randy.

Re: Stack checking in GNAT

[anon]

If you compile using the option "-fstack-check", the statement

pragma Suppress ( Storage_Check ) ;

will NOT turn this feature off, the compile will still generate 
calls to check the stack. Once the "-fstack-check" is enable, it 
can only be disable by using a different compiler or recompiling 
the GNAT1 aka GNAT1DRV.

So, making this option mandatory default is wrong.

Reasons:
        In some college courses, some profs create an assignment 
        to test the performance of a number of languages using 
        the same algorithm.  If GNAT has stack checking and the 
        others languages do not, (C in Linux will never have this 
        default because it will kill rebuilding the Linux Kernel) 
        it will only demonstrate to the students and prof that 
        Ada is a inefficient language to use. Which will decrease 
        the number of new students wanting to using Ada after that 
        class. And that will be one thing that will insure the 
        death of Ada.

        Then there is Adacore reason for having some of the default 
        features the way they are, since the GNAT Ada is provided 
        as an academic compiler. First, Adacore states that the GPL 
        version of GNAT is for academic usage. Second, it helps 
        student by providing a Free complete Ada compiler, with a 
        few features that may need to be altered like "-gnato". Which 
        the student can either work around by writing better code or 
        modifying the compiler in an advance class. But if all of the 
        default features are fix then you basically have the GNAT PRO 
        compiler without the extra Run-Time Libraries. In this case,
        Adacore could just shutdown the free source version or go out 
        of business. Note: They own the copyright to the GNAT Ada 
        compiler, so they can have all version pulled from the net.

        Adjusting the stack check default option would destroy using 
        GNAT as the core compiler for Real-Time projects such as 
        RTEMS, or MaRTE which are primarily written in Ada. These 
        projects depends upon a number of factors to maximize the 
        execution speed of the code, as well as having full control of 
        the language checks. Forcing the stack check will slow the 
        code to the point, that users will just change to other free 
        real-time projects that are non Ada. Killing Ada for these 
        type of free projects.

        Also which GNAT will be altered.  The GNU GCC version only or 
        will this include the versions at sourceforge, and what about 
        the master copy at Adacore. If Adacore rejects these changes 
        what will happen on their next release.  Will these changes 
        work or have to be reworked or be removed.

This type changes should for a personal, school, or company choice only, 
never for implementation that is being used by many different group and 
needs.

And as for making a comment to "http://gcc.gnu.org/bugzilla", Why? 
This is not a BUG, but some people's desire to hurt the true nature of 
Ada and Adacore's GPL GNAT compiler.

What we should be doing is to strengthen the GCC/GPL GNAT compiler 
to be true "to the nature of Ada". And there are a number of fixes that 
are needed.



In <874pfm2vgb.fsf@ludovic-brenta.org>, Ludovic Brenta <ludovic@ludovic-brenta.org> writes:
>Samuel Tardieu writes:
>> Ludovic> Also I am curious to know what would be the effect of
>> Ludovic> changing these flags in Debian.
>>
>> The effect would be disastrous for people handling bug reports from
>> Debian users submitted to http://gcc.gnu.org/bugzilla/ :)
>>
>> If you want to change a flag, I would suggest that you try to get it
>> changed in the GCC distribution rather than doing Debian specific
>> changes.
>
>OK.  I have filed two new bug reports in GCC's bugzilla:
>
>http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34117
>http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34118
>
>If you support these requests, please post a comment in these bugs.
>The more supporters, the more likely it is that GCC maintainers will
>accept the change.  I anticipate some opposition, too, along the lines
>of "it breaks backward compatibility" and "it is too CPU-intensive".
>
>-- 
>Ludovic Brenta.

Re: ada compiler?

[anon]

First, you better check the RM again. I found it in the RM by accident. 
And since this group like to harp on the RM you should know what it 
says.

In using the three phases of programming allows the use of parallel 
compiling, Most "make"s or "gnatmake" will only allow serial 
compiles. For example when you are only updating comments or 
copyright info in all packages and recompiling, you do not need to 
worry about compiling errors, only the time it takes to rebuild the 
system. Running, 16, 24, 32, etc compilers in parallel is more 
efficient that using a serial make. Afterwards, a quick Binding and 
end with a link and your done.

If you do not remember how to build a Janus/Ada then I hope that 
no one's life have to depends upon you code!!! 

Take Pride in your Work! And your memory!


In <fhli74$5p1$1@jacob-sparre.dk>, "Randy Brukardt" <randy@rrsoftware.com> writes:
>"anon" <anon@anon.org> wrote in message
>news:kwd_i.94821$kj1.82854@bgtnsc04-news.ops.worldnet.att.net...
>> -- You have to learn to crawl before you can walk and learn the rules
>> -- to walk before you should run.
>>
>> First, GNAT may be the only Ada 2005 compiler at the movement but that
>> may change if other posters arecorrect. Second, GNAT is not the only
>> compiler in use today, people are still using Ada 95 from other vendors.
>> Software vedors like GHS, IBM, and Janas have Ada compilers and not one
>> of them use "gnatmake".
>
>That's surely true. But the first thing we try to teach programmers (on page
>3 of our installation instructions) is to use "make" or "jmake" to do
>compiles, rather than running the compiler phases individually. We've had a
>tool called "make" (or "jmake" on Unix-like systems, since "make" is already
>taken) since the mid-80s, and unlike most other programming languages, it is
>fully automated. The only time I use individual compile or link commands is
>when debugging the compiler.
>
>>  But all vendors including Adacore uses a version
>> of the three steps to build an Ada partition.
>
>Sure, if you want to tear your hair out rather than letting the computer do
>the difficult work of calculating a legal compilation order.
>
>> And if you check with the Ada LRM you will see that the LM promotes a
>> concept of not wasting or hogging resources.  Since "gnatmake" is a
>> resource hog the concept states that it should not be used. And as most
>> poster say the Ada LRM is the final word.
>
>Gee, I think I know something about the RM, and I don't recall any such
>statement about the compilation environment. Could you provide a referemce?
>Perhaps you are confusing a statement about the user's program as applying
>to the compilation environment?  Or perhaps you are taking some
>non-normative text as having some important meaning??
>
>> Plus, if Adacore is sold and gutted, goes out of business, or falls out of
>> favor with other companies.  The newbees need to know the concept of
>> how an Ada partition is generated.
>
>It's different for every Ada compiler. There's little knowledge that can be
>carried over, so it simply doesn't matter.
>
>> Now just to be funny. Adacore would love to hear this but, the boss's
>blood
>> pressure might hit the roof. That is, if the programmer said, "I do not
>know
>> how to build a Ada program without using 'gnatmake' ".
>
>*I* barely remember how to build an Ada program using Janus/Ada commands
>other than "make", and I *designed* and *wrote* much of Janus/Ada!!
>Obviously, there is value to knowing alternative ways of doing things, but
>they should very rarely be needed. It's probably better to spend your
>learning things that you'll actually use in your job, but what do I know.
>;-)
>
>                        Randy.
>
>
>
>

Re: ada compiler?

[Pascal Obry]

anon a �crit :
> First, you better check the RM again. I found it in the RM by accident. 
> And since this group like to harp on the RM you should know what it 
> says.

I love this one. You ask Randy to read the RM... Do you know that he
*wrote* it :)

Could not resist! Sorry that too much... ROTFL !

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|              http://www.obry.net
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595

Re: ada compiler?

[Ludovic Brenta]

anon@anon.org (anon) writes:
> First, you better check the RM again. I found it in the RM by accident. 
> And since this group like to harp on the RM you should know what it 
> says.

Randy *wrote* the RM.  *You* do your homework.

> In using the three phases of programming allows the use of parallel 
> compiling, Most "make"s or "gnatmake" will only allow serial 
> compiles.

Wrong.  Do your homework and check our "gnatmake -jN" and "make -jN"
where N is the number of parallel tasks you want.

"Anon", you are now permanently in my killfile.

-- 
Ludovic Brenta.

Re: ada compiler?

[Randy Brukardt]

"Ludovic Brenta" <ludovic@ludovic-brenta.org> wrote in message
news:87zlxd12ly.fsf@ludovic-brenta.org...
> anon@anon.org (anon) writes:
> > First, you better check the RM again. I found it in the RM by accident.
> > And since this group like to harp on the RM you should know what it
> > says.
>
> Randy *wrote* the RM.  *You* do your homework.

For the record, I only *edited* the RM. Most of the text was written by
others (although I did contribute wording in a number of areas, and of
course made many corrections to wording - and I also wrote most of the new
AARM notes).

                         Randy.

Re: Stack checking in GNAT

[Robert A Duff]

Ludovic Brenta <ludovic@ludovic-brenta.org> writes:

> I don't understand the difference between the flags in System and
> those in Targparm (i.e. why are there two sets of flags, and what
> happens if their values are different?). ...

The flags in Targparm are read from the flags in System,
so they should match.  The default values in Targparm are
irrelevant, unless you have some sort of version mismatch
(new version of Targparm with an old version of System).

Anyway, as far as I know, stack checking works correctly in the latest
GNAT versions from AdaCore.

- Bob

Re: ada compiler?

[Robert A Duff]

Ludovic Brenta <ludovic@ludovic-brenta.org> writes:

> Georg Bauhaus wrote:
>> On Wed, 2007-11-14 at 07:09 -0800, Ludovic Brenta wrote:
>> > But if the stack is exhausted or nearly so (perhaps because the last
>> > in a long series of recursive calls raises Storage_Error), chances are
>> > high that the exception handler itself will overflow the stack (e.g.
>> > passing your string "Hey! You!" to a procedure might itself cause a
>> > stack overflow). This, in my view, greatly reduces the benefit of the
>> > exception. Also, what if raising the exception requires some stack
>> > space? Maybe I should have said that explicitly.
>>
>> No, these are matters of course, and they are mentioned in the RM.
>
> Not really. 11.5(23) says that a stack overflow raises Storage_Error
> but, since the stack has overflowed, I'm not convinced that the
> exception can still be raised, propagated and handled properly. The RM
> is silent about that part and I believe this is an implementation
> issue.

The RM requires that Storage_Error be raised.  So the implementation
must have a little bit of reserve stack space -- enough to do the raise
S_E, and then jump to whatever handler applies.  The stack is normally
chopped back when jumping to the handler, but there is no guarantee (in
the RM) that there's enough stack space to do whatever the handler does.
The handler might raise S_E itself.

- Bob