From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,55f243f32a97dc7e X-Google-Attributes: gid103376,public From: csampson@cod.nosc.mil (Charles H. Sampson) Subject: Re: Elaboration_check For Instantiations Date: 1997/10/28 Message-ID: <1997Oct28.192057.29122@nosc.mil>#1/1 X-Deja-AN: 286284644 Sender: news@nosc.mil References: <1997Oct23.205254.25272@nosc.mil> <1997Oct27.223135.2373@nosc.mil> Organization: Computer Sciences Corporation Newsgroups: comp.lang.ada Date: 1997-10-28T00:00:00+00:00 List-Id: Robert Dewar wrote: >Charlie (me) says > ><< Are you sure about that, Robert? (Never fearing, he leaps back >into the fray.) 11.5(2) says that language-defined checks, which in- >clude Elaboration_check, have to be made at run time and 3.11(14) says >that Program_error is raised if Elaboration_check fails. > > Of course, 11.5(1) says that pragma Suppress "gives permission to >an implementation" to omit the check, so the GNAT implementation is >technically correct, at least.>> > > >You are making a common mistake, GNAT is entirely correct. Detecting a check >that fails at compile time and compiling the appropriate raise is of course >completely permissible, and indeed highly desirable (note that annex H >requires that a compiler that *does* detect such a situation at compile >time *must* output a warning). I'm quite aware of this principle. I call it the "no harm, no foul" principle: If the program executes correctly, it doesn't matter what kind of code was generated. (That applies only to program seman- tics. When efficiency considerations arise, it can matter very much.) It's amazing how many don't understand this. (A common mistake, as you characterized it.) The developers of one ill-fated Ada 83 com- piler insisted on generating code for initializing arrays one element at a time, claiming that this is what the RM required. I was unable to convince them that, even if their interpretation were correct, if the compiler was able to determine that the initialization could not raise an exception then "pre-initialization" was o. k. >Why is this correct? Becuase it is behaviorally equivalent to doing the >check at runtime. I often find that people do not understand the critical >as-if principle that applies to all compiler code generation. This is such >a case. Generating the raise of PE behaves *exactly* "as if" the check were >done at runtime and is therefore fine. > >The whole point of 11.5(1) allowing you NOT to omit the check is precisely >to deal with cases like this, where it would take extra time and code to >omit the check. The purpose of Suppress is to permit the compiler to speed >up the code by omitting the check. It is *NOT* to guarantee that the >exception will not be raised. > >So, yes, I am 100% sure! You are right, the GNAT implementation is entirely correct. I must have mislead you when I said "technically correct". Technically correct is correct, no doubt about it. All I meant was that GNAT is not following the programmer's wishes. If Suppress(Elaboration_check) is written, then the programmer doesn't want the check made; if the check is not made then Program_error can't be raised. The programmer's wisdom in making such a request is another discussion. Charlie -- ****** If my user name appears as "csampson", remove the 'c' to get my correct e-mail address.