Re: Possible compiler bug with this simple program

[Niklas Holsti <niklas.holsti@tidorum.invalid>]

Jerry wrote:
> The following is a program which emulates the structure of a binding
> to a bunch of C code (but there is no C code included here--it is all
> Ada). This structure exhibits a behavior which I think might be a
> compiler error but could be the result of incorrect declarations when
> running on certain machines.

I suspect that one problem is using the C convention to pass a 
parameter that is of an unconstrained array type, see below.

> Specifically, the program compiles (with two warnings which are
> expected and OK) and runs correctly on my machine, OS X 10.4.11
> running GNAT 4.3.0 (32-bit PowerPC G4). However, on someone else's
> box, a 64-bit Intel Duo running Debian lenny and GNAT 4.3.1-2, the
> program compiles but bombs at runtime with
> 
> raised STORAGE_ERROR : stack overflow (or erroneous memory access)
> 
> reported.
> 
> However, on the Debian lenny machine, if the three lines with
> 
>    --***
> 
> at the end of them are commented out (they relate to Pragma-C
> conventions), the program compiles and runs correctly, printing out 10
> lines of floats. (It also runs correctly on the OS X machine.)
> 
> Here is the program, stored in two files (damn the line wraps):
> 
...
> 
> procedure x19a_temp is
> 
>     procedure mapform19(n : Integer; x : in out Real_Vector); --***
>     pragma Convention(C, mapform19); --***

>     procedure mapform19(n : Integer; x : in out Real_Vector) is
...
> 
> 
> package type_declaration is
> 
>     type Real_Vector is array (Integer range <>) of Long_Float;

So Real_Vector is an unconstrained array type. According to RM 
B.3(70), the C convention passes only a single pointer to the first 
element of the array, so the 'Range attribute will not be available 
to the subprogram.

> As a second problem, in the program above there is a loop line that
> looks like this:
> 
>         for i in 0 .. n - 1 loop
> 
> One would normally write this as
> 
>         for i in x'range loop
> 
> but when this runs on the OS X box, it segfaults after printing about
> 187 lines of bogus floats. I don't know what happens on the Debian
> box. However, if the -- *** lines are commented out, it runs OK on OS
> X.
> 
> Comments?

My guess: the compiler implements convention C for the x parameter, 
which means x'range is not available, but the code for the second 
quoted for-loop tries to access x'range anyway -- boom! The 
compiler should IMHO have rejected the use of x'range here, with an 
error message.

Using the first form of the quoted loop may trigger the same 
problem in the code that checks that x(i) has a valid index, i.

In fact, when an Ada subprogram has an unconstrained array 
parameter with Convention C, it seems to me that the subprogram's 
body cannot make any use of individual elements of the array, 
because it doesn't know the index range, so the compiler should 
reject any indexing of such an array parameter, as well as any 
attempt to pass it on as a Convention Ada parameter.

Conclusion: Your program tries to do something that cannot possibly 
work, but the compiler should have told you so.

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .