From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,bbe592428babd509 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news4.google.com!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!newsfeed.arcor.de!newsspool1.arcor-online.net!news.arcor.de.POSTED!not-for-mail From: "Dmitry A. Kazakov" Subject: Re: Integer overflow is int overflow (Re: Web browser in Ada) Newsgroups: comp.lang.ada User-Agent: 40tude_Dialog/2.0.15.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Reply-To: mailbox@dmitry-kazakov.de Organization: cbb software GmbH References: <02c2bf63-260d-4acc-bd58-c8fb8a591ec3@b6g2000yqi.googlegroups.com> <0bf9425c-32a1-4b93-b938-ae4a4e24a761@c21g2000yqk.googlegroups.com> <4bd1b090$0$7651$9b4e6d93@newsspool1.arcor-online.net> <4bd6d6e8$0$6892$9b4e6d93@newsspool2.arcor-online.net> <4bd70325$0$7666$9b4e6d93@newsspool1.arcor-online.net> <1k01d6ghve2o7.15fw3tjmkbb7s.dlg@40tude.net> <4bd71a58$0$6889$9b4e6d93@newsspool2.arcor-online.net> Date: Tue, 27 Apr 2010 19:56:48 +0200 Message-ID: <3n2b0k6018j6.11197jmpw7kgs$.dlg@40tude.net> NNTP-Posting-Date: 27 Apr 2010 19:56:46 CEST NNTP-Posting-Host: 7e5a718e.newsspool1.arcor-online.net X-Trace: DXC=n<52VCg:R@\I?44J>Z[:RQic==]BZ:af^4Fo<]lROoRQ<`=YMgDjhgRd2OU1aaAFVT[6LHn;2LCV^[ On Tue, 27 Apr 2010 19:09:43 +0200, Georg Bauhaus wrote: > On 27.04.10 18:13, Dmitry A. Kazakov wrote: > >> The value is determined by the expression and the >> language rules. > > (OK, nitpicking, there is no value denoted by a named number > if determination does not actually happen. Words mean > nothing unless they are given meaning. ;-) ;-) Yes, but the meaning is given by the language rules, not by the running instance of the compiler. Therefore: X : constant := 2**(2**(2**(2**1_000_000_000))); is well-defined even if there likely will never exist a compiler-machine combination capable to swallow it. >> You need overflow in order to define the behavior of the operations closed >> only in Z. E.g. "+". > > True if it is not possible to define "+" in terms of saturation > or wrap-around, I think. Correct? "+" can be defined in any way. The question is the semantics of. If the semantics of "+" is to model Z, then it cannot return a value from Z which is mathematically wrong. The problem is not in a singular value. It is with the programs that will use this value in other computations. In the end it will break everything about Z. You won't be certain about any evaluated value. Ideals like exceptions, NaN etc, limit the damage. > However, programmers do not define "+" in their C programs. > They use "+"! > Then overflow occurs, and not to prove the soundness of the > language definition, but as a mishap. Yes. If the programmer is lucky then the behavior maps the implied semantics. This is what we call "safe choice." Unfortunately C's choices are often unsafe in the sense that the layman programmer's expectations are far not what C actually does. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de