From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.7 required=5.0 tests=BAYES_00,INVALID_DATE,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,18069d15345a10c8
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 1994-10-12 22:37:00 PST
Path: 
 bga.com!news.sprintlink.net!howland.reston.ans.net!pipex!uunet!newsgate.watson.ibm.com!watnews.watson.ibm.com!ncohen
From: ncohen@watson.ibm.com (Norman H. Cohen)
Newsgroups: comp.lang.ada
Subject: Re: Modulus and Remainder operations (Was Re: Help with a bit of C
 code)
Date: 11 Oct 1994 14:42:15 GMT
Organization: IBM T.J. Watson Research Center
Distribution: world
Message-ID: <37e887$oh0@watnews1.watson.ibm.com>
References: <36bsmq$5p@gnat.cs.nyu.edu> <1994Oct7.225248.6208@nosc.mil>
 <1994Oct10.084630.19894@sei.cmu.edu> <37bof4$ljl@gnat.cs.nyu.edu>
 <37cigq$6e0@felix.seas.gwu.edu>
Reply-To: ncohen@watson.ibm.com
NNTP-Posting-Host: rios8.watson.ibm.com
Date: 1994-10-11T14:42:15+00:00
List-Id: <comp.lang.ada>

In article <37cigq$6e0@felix.seas.gwu.edu>, mfeldman@seas.gwu.edu (Michael Feldman) writes: 
|> In article <37bof4$ljl@gnat.cs.nyu.edu>, Robert Dewar <dewar@cs.nyu.edu> wrote: 
|>
|> >Indeed one can even argue that it promotes portability for a compiler to
|> >deliberately behave in the worst possible manner when given freedom (I
|> >believe that Tuck mentioned that the Intermetrics compiler has two
|> >options, nice and nasty, for choosing order of elaboration, which seems
|> >a good idea, one which we have had on the GNAT todo list for some
|> >time!)
|>
|> Yes, I agree. Indeed, I would love to see an implementer make a random
|> selection among implementation-dependent possibilities (expression
|> evaluation order, etc.) just to discourage side-effect-y code. 0.5 :-)

Indeed, this is the reasoning behind the following implementation advice
in the Safety and Security Annex:  "Whenever possible, the implicit
initial value for a scalar subtype should be an invalid representation."
The idea is to smoke out uses of uninitialized scalar variables by
increasing the likelihood that their use will raise Constraint_Error.

This approach provides no guarantees, of course, but it does tip the odds
a little bit in favor of the tester (who gets paid by the bug :-) ).

--
Norman H. Cohen    ncohen@watson.ibm.com