From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,c840deaa6965e67a X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 1995-01-24 12:56:25 PST Path: pad-thai.cam.ov.com!bloom-beacon.mit.edu!news.kei.com!news.mathworks.com!udel!gatech!swrinde!pipex!bt!btnet!uknet!hrc63!gmrc.gecm.com!valiant!bill From: bill@valiant (R.A.L Williams) Newsgroups: comp.lang.ada Subject: Memory overwrite? Date: 24 Jan 1995 12:47:44 GMT Organization: GEC-Marconi Research Centre Message-ID: <3g2stg$i0u@miranda.gmrc.gecm.com> NNTP-Posting-Host: valiant.gmrc.gecm.com X-Newsreader: TIN [version 1.2 PL1] Date: 1995-01-24T12:47:44+00:00 List-Id: In article <1995Jan18.182039.7324@wdl.loral.com> Mark Biggar wrote: [original post and a reply deleted] : Actually the most likely reason for this is an uninitialized variable used : as an array index. In Ada 83 the following code fragment can write anywhere : in memory and may well not raise an exception: : declare : subtype index is integer range 1..10; : type table is array (index) of integer; : a: table; : i: index; : begin : a(i) := 0; : end; : An aggressive optimizer will eliminate any checks from the above code. : Even putting an explisit if statement around it doesn't help: OK, I can see how an optimiser *could* do that, and, of course, RM9x section 3.3.1 says that 'There is no implicit initial value defined for a scalar subtype ... might have a value which does not belong to that subtype' (para 21). I'm a little suprised, however, that the compiler isn't expected to perform a simple data flow analysis and generate a warning about use of uninitialised variables. You're quite right though, I can't find anything in RM9x which says it should, and I'm pretty sure there was nothing in the Ada83 LRM. : if i in index then : a(i) := 0; : else : raise constraint_error; : end if; : because an aggressive optimizer will notice that the if test is always true : (in the absence of uninitialized variables, but uninitialized variables : are erroneous, which allow any behaviour, so it can ignore the problem) : and eliminate the test and the else branch completely. GCC can tell me about the possible use of uninitialised variables. It produces a warning because the analysis is not sophisticated enough to follow all the possible paths. Can GNAT do this as well ? Perhaps I'll try your example out with GNAT and see what it does. : Ada95 add the 'valid attribute to handle this problem. Yes, this is a good idea. In another thread I've been gently pushing the notion that use of Ada does not eliminate the use of good SWE principles. It looks like you've found another example of where the sort of error that other languages are always being blamed for can occur in Ada. : -- : Mark Biggar : mab@wdl.lroal.com Bill Williams