Re: Idea: Array Boundary Checks on Write Access Only

[Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>]

Lieven Marchand wrote:
> About the only commonly used case that most compilers don't handle is
> where you put in the check yourself.

It would be really neat if Ada compilers would keep track not only of
the declared range of a subtype, but also of the effectively possible
range of Integer variables inside a certain program fragment as part
of the flow analysis.

For instance in code such as

  if J > 0 then
     -- compiler notes that here J : range 1 .. J'Last
     if I > J then
        -- compiler notes that here I : range 1 .. I'Last

then the compiler should know that inside the second "if" I > 0 always
holds. This need not be a full blown automatic proof system, just some
logic that understands simple inequalities and monotonic expressions
and that keeps track of the effective maximum and minimum value
of integer variables and supresses most checks accordingly.

It would then also be a nice option if the compiler would be
able to dump a list of all the checks that it still had to insert
to give developers a clue of whether they can by intelligently
placing a manual check at the right place make a large number
of automatically inserted less efficient checks unnecessary.

Markus

-- 
Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK
email: mkuhn at acm.org,  home page: <http://www.cl.cam.ac.uk/~mgk25/>