From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,583275b6950bf4e6 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-05-27 05:02:16 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!newshub.sdsu.edu!newsfeed2.earthlink.net!newsfeed.earthlink.net!stamper.news.pas.earthlink.net!stamper.news.atl.earthlink.net!harp.news.atl.earthlink.net!not-for-mail From: Marin David Condic Newsgroups: comp.lang.ada Subject: Re: Quality systems (Was: Using Ada for device drivers? (Was: the Ada mandate, and why it collapsed and died)) Date: Tue, 27 May 2003 08:02:06 -0400 Organization: MindSpring Enterprises Message-ID: <3ED353BE.40605@noplace.com> References: <3ec4b1c9$1@news.wineasy.se> <9fa75d42.0305161748.1735fc32@posting.google.com> <4W%xa.28765$cK5.11964@nwrdny02.gnilink.net> <1053353256.804734@master.nyc.kbcfp.com> <3ECFF541.1010705@attbi.com> <3ED0B820.5050603@noplace.com> <3ED2096F.3020800@noplace.com> NNTP-Posting-Host: d1.56.bf.3d Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Server-Date: 27 May 2003 12:02:14 GMT User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 (OEM-HPQ-PRS1C03) X-Accept-Language: en-us, en Xref: archiver1.google.com comp.lang.ada:37831 Date: 2003-05-27T12:02:14+00:00 List-Id: Pretty simple stuff. Suppose you had a type like: type Saturated_Integer is range -10..10 ; and an object of that type such as: X : Saturated_Integer := 9 ; and then: X := X + 4 ; would mean: (X = 10) and later you might do: X := X - 25 ; and you get (X = -10) I don't know of any hardware that would do this for either floating point or integer numbers, so I'd suspect it would not be practical to do anything but implement it in software. You'd probably want to do whatever it is you do to check for an overflow on a subtype, but instead of raising an exception, you plug it with the max value and continue to run. The idea is that you're not exactly catching an error in the code - presumably you should be building the code such that it doesn't compute values outside of the valid range - but if there is such an error, it lets the code continue to run uninterrupted and do something that might be more sensible than halting with an exception or wrapping around to the opposite end of the range. I'm sure there would be issues about where the range checks would have to be performed, how efficient the checks would be, the consequences of turning off checks and what it does to your worst-case behavior if it takes the failure path. Still, it seems like a useful feature for some kinds of jobs. MDC Hyman Rosen wrote: > What semantics do you want for the arithmetic? For example, > IEEE floats have saturation (using infinity), but once you > get there you stay there. It sounds like what you want is > different, in that subtraction from the high limit gets you > back down. That has various effects, such as making addition > no longer be associative, so you could very easily write > erroneous programs which would trigger saturation effects > on some platforms but not others. > -- ====================================================================== Marin David Condic I work for: http://www.belcan.com/ My project is: http://www.jast.mil/ Send Replies To: m c o n d i c @ a c m . o r g "In general the art of government consists in taking as much money as possible from one class of citizens to give to the other." -- Voltaire ======================================================================