From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,38fc011071df5a27 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-04 23:08:06 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!lnsnews.lns.cornell.edu!newsstand.cit.cornell.edu!news.stealth.net news.stealth.net!news.stealth.net!204.127.161.6.MISMATCH!wn12feed!wn14feed!worldnet.att.net!204.127.198.204!attbi_feed4!attbi.com!sccrnsc03.POSTED!not-for-mail Message-ID: <3EDEDDB3.6020200@attbi.com> From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Ideas for Ada 200X References: <6a90b886.0305262344.1d558079@posting.google.com> <3ED4F3FD.A0EF7079@alfred-hilscher.de> <6vWcnTWjF83bD0qjXTWcpA@gbronline.com> <3EDCBDF4.1050900@attbi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit NNTP-Posting-Host: 24.62.164.137 X-Complaints-To: abuse@attbi.com X-Trace: sccrnsc03 1054793178 24.62.164.137 (Thu, 05 Jun 2003 06:06:18 GMT) NNTP-Posting-Date: Thu, 05 Jun 2003 06:06:18 GMT Organization: AT&T Broadband Date: Thu, 05 Jun 2003 06:06:18 GMT Xref: archiver1.google.com comp.lang.ada:38657 Date: 2003-06-05T06:06:18+00:00 List-Id: Robert A Duff wrote: > Robert Eachus and I have had that argument before, and I don't really > feel like having it again, but for the record: I disagree with > Robert. I believe the wording of RM-11.6 allows the left-hand side of > an assignment to be destroyed in the presence of Constraint_Error. I > also believe that was the *intent* of 11.6. (I know something about > the intent, I think, since Tucker and I spent days wrestling with the > wording.) > > For example: > > type T is range 1..10; X: T := 10; > > X := X + 1; > > If X is in register R1, then the compiler can generate machine code > like: > > Add R1+1, putting the result in R1. Check that R1 in 1..10, and raise > C_E if not. > > thus leaving the junk value 11 in X (i.e. R1). This is true even if > an exception handler can see X. Agreed. > The semantics described by Robert Eachus is correct for Ada 83, but > it was deliberately changed for Ada 95, to make the language more > competitive with other languages in terms of efficiency. Again we come to this point, and you and I agree on the language, but disagree on what it means. (For those of you who are not language lawyers, this particular case is an excellent example of what the argument is all about.) Look at the code I just posted. In one case there is a function "+". (Assume for a second that the definition of "+" is in a different package from the caller, and does not have a pragma Inline applied to it.) If an exception occurs during the execution of "+", the compiler is not allowed to munge anything outside the scope of the "+" operator. If instead you use the Add(A, B) form, then, inside or outside the scope of the Add operator if Constraint_Error occurs, both the formal parameter A, and the actual array to which it is bound are trash. Now on to the subtle issue. As written, if Constraint_Error occurred in any of the "+" operators, whether or not they contained pragma Suppress, any of the variables in the main program could be munged. But if the "+" operators were defined in a separate package, without pragma Inline, then the variables in the main program would be "safe" in the "+" case, including the target of the assignment. (Of course you would have to wrap the call to "+" in an exception handler.) > The moral of the story is: If you handle predefined exceptions, you > are playing with fire. Yes, and if you have to play with fire, the rules in RM 11.6 are carefully crafted so that you can draw a useful line around the area that will burn. Bob Duff is correct when he says that "I believe the wording of RM-11.6 allows the left-hand side of an assignment to be destroyed in the presence of Constraint_Error." I am right to add: "But not always!" In practice, the global code movement allowed by 11.6 is at best uncommon absent pragma Inline. But if you absolutely have to have the protection, read 11.6(6) carefully, including the definition of independent subprograms. Technically you sometimes have to put in place exception handlers whose only function is to define in which library unit an exception actually occurs. Also, when you are writing Ada programs, most cases where exceptions will actually occur are pushed into special I/O handlers, and the use of 'Valid instead of depending on predefined exceptions.