Re: Run-time checking and speed

[karthurs@vnet.ibm.com (Keith Arthurs)]

In article <3ev16u$ojc@pong.lasc.lockheed.com>,
 on 10 Jan 1995 22:20:14 GMT,
 Tony Leavitt <tony@deepthought.Sgi.COM> writes:
>I have a question about developing Ada code that still has all of
>its normal run-time checking and is "fast."  Is there an execution
>difference with repsect to run-time checking in any of the following.
>Or, is there "a good real-time style" for this type of stuff?
>
>
>-- CASE 1
>-- This case seems to need all of the full run-time checking since
>-- the variables x and y can be unlimited when accessing the array.
>
>XY_array : array (integer range 1..100, integer range 1..100) of float ;
>
>for x in 1..100 loop
>  for y in 1..100 loop
>     XY_array(x,y) := calc_something  ;
>   end loop ;
>end loop ;
>

  In the above case, the compiler may be smart enough to optimize out the
index range check since the loops are hardcoded within a valid range.  But
I'm assuming you're more interested in what happens when you index an array
using a variable that has a larger range constraint than the array index
constraint.  In this case all compilers should perform an index constraint
check.

>
>
>-- CASE 2
>-- This case it seems that no runtime checking is needed when
>-- accessing the array since x and y are, by definition, within
>-- the array bounds (assuming memory doesn't go bad while running).
>
>subtype arraybounds is integer range 1..100 ;
>
>XY_array : array (arraybounds, arraybounds) of float ;
>
>for x in arraybounds loop
>  for y in arraybounds loop
>     XY_array(x,y) := calc_something  ;
>   end loop ;
>end loop ;
>
>

  In this case, or cases where you are indexing an array using a variable of
the same constraints as the array bounds, some compilers will optimize out
the constraint check.  I have a problem with this type of optimization
because I have seen two types of cases where this can cause problems.

problem case 1:

 x, y : boolean;  -- UNINITIALIZED!!!! The variables could be out of range!

 ...
 x := y;
 if x=TRUE then
   text_io.put_line("TRUE");
 elsif x=FALSE then
   text_io.put_line("FALSE");
 else
   text_io.put_line("x is neither TRUE nor FALSE!"); -- Shouldn't happen,
                                                     -- but does!
 end if;

In this case, there is no range check on the assignment of x with the
uninitialized value in y.  If y was out of range of FALSE..TRUE, then
the third case of the if would be executed, with no constraint_errors
being raised.


Problem case 2:

  function get_element (x : index_t) return element_t is
  begin
    return (element_array (x));
  end get_element;

  In this case, element_array has the index constraints of index_t, so no
range check is performed.  If the function is called with an uninitialized
variable, anything could happen.  I've seen this core dump!  Not a very
graceful way for an Ada program to terminate.  Also not a very safe
behaviour for safety critical software that contains exception handlers to
prevent the program from terminating.


Keith Arthurs
Software Engineer Specialist - McDonnell Douglas Corporation

/home/karthurs => cd /usr/bin/standard/disclaimer
/usr/bin/standard/disclaimer => grep "nions" *
The opinions expressed here do not reflect those of MDC.
then proceed to dice the onions into little pieces and
/usr/bin/standard/disclaimer =>