Re: Elaboration_check For Instantiations

[csampson@cod.nosc.mil (Charles H. Sampson)]

Robert Dewar wrote:
>Charlie (me) says
>
><<     Are you sure about that, Robert?  (Never fearing, he leaps back
>into the fray.)  11.5(2) says that language-defined checks, which in-
>clude Elaboration_check, have to be made at run time and 3.11(14) says
>that Program_error is raised if Elaboration_check fails.
>
>     Of course, 11.5(1) says that pragma Suppress "gives permission to
>an implementation" to omit the check, so the GNAT implementation is
>technically correct, at least.>>
>
>
>You are making a common mistake, GNAT is entirely correct. Detecting a check
>that fails at compile time and compiling the appropriate raise is of course
>completely permissible, and indeed highly desirable (note that annex H 
>requires that a compiler that *does* detect such a situation at compile
>time *must* output a warning).

     I'm quite aware of this principle.  I call it the "no harm, no 
foul" principle: If the program executes correctly, it doesn't matter 
what kind of code was generated.  (That applies only to program seman-
tics.  When efficiency considerations arise, it can matter very much.)

     It's amazing how many don't understand this.  (A common mistake, 
as you characterized it.)  The developers of one ill-fated Ada 83 com-
piler insisted on generating code for initializing arrays one element at 
a time, claiming that this is what the RM required.  I was unable to 
convince them that, even if their interpretation were correct, if the 
compiler was able to determine that the initialization could not raise 
an exception then "pre-initialization" was o. k.

>Why is this correct? Becuase it is behaviorally equivalent to doing the
>check at runtime. I often find that people do not understand the critical
>as-if principle that applies to all compiler code generation. This is such
>a case. Generating the raise of PE behaves *exactly* "as if" the check were
>done at runtime and is therefore fine.
>
>The whole point of 11.5(1) allowing you NOT to omit the check is precisely
>to deal with cases like this, where it would take extra time and code to
>omit the check. The purpose of Suppress is to permit the compiler to speed
>up the code by omitting the check. It is *NOT* to guarantee that the 
>exception will not be raised. 
>
>So, yes, I am 100% sure!

     You are right, the GNAT implementation is entirely correct.  I 
must have mislead you when I said "technically correct".  Technically 
correct is correct, no doubt about it.  All I meant was that GNAT is not 
following the programmer's wishes.  If Suppress(Elaboration_check) is 
written, then the programmer doesn't want the check made; if the check 
is not made then Program_error can't be raised.  The programmer's wisdom 
in making such a request is another discussion.

 				Charlie

--
******

    If my user name appears as "csampson", remove the 'c' to get my
correct e-mail address.