From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,16e3a8dd4f3ab3f3 X-Google-Attributes: gid103376,public From: l117593@cliffy.lfwc.lockheed.com (Cordes MJ) Subject: Re: Elaboration order Date: 1996/03/20 Message-ID: <4ip58c$gqo@cliffy.lfwc.lockheed.com>#1/1 X-Deja-AN: 143388440 references: <314701A1.469D@lfwc.lockheed.com> <314D2E1C.5C72@lfwc.lockheed.com> <4in4am$klb@watnews1.watson.ibm.com> <4inpiv$alk@cliffy.lfwc.lockheed.com> organization: Lockheed Martin Tactical Aircraft Systems newsgroups: comp.lang.ada Date: 1996-03-20T00:00:00+00:00 List-Id: Robert A Duff (bobduff@world.std.com) wrote: : In article <4inpiv$alk@cliffy.lfwc.lockheed.com>, : Cordes MJ wrote: : >As an aside to the RM discussion of this thread, how do I know : >that Ada compiler X will generate the correct (as defined in : >the RM) elaboration order? : You don't. A compiler is a complex program, and probably has bugs. : FWIW, I've never seen this particular bug in an Ada implementation. : It's not very hard to get it right -- it's a fairly simple graph-walking : algorithm. I *have* seen bugs in Ada compilers, but not this particular : bug. : >I know that ACVC tests do not guarantee correct code generation. : Yes, of course. No test suite can be complete, since there are an : infinite number of possible Ada programs. : >Is the ACVC suite more complete when it comes to elaboration? : I dunno. I know there are *some* tests for this. : >...Is : >there a standard benchmark used by compiler vendors? : The ACVC. Also, the ACEC or whatever it's called, which tests : performance, as opposed to conformance to the Standard. Beyond that, : it's up to the compiler vendor to do whatever testing is deemed : necessary. : >...Or, for safety : >critical functions, should I verify this for every application : >build? : For safety critical functions, you should not trust your compiler. You : should print out the machine code, and verify correctness at that level. : This is very expensive, of course. But if lives are at stake (or large : amounts of money), that's what people do. But there's nothing about : elaboration order issues that makes this a particularly error-prone : part. Thanks for the input, but that doesn't help me quantify the risk. Scanning the machine code for a complex application (assume over 200 packages), looking for a class of error which neither of us has seen, does not give me any confidence that we would catch the error if it did show up. Some sort of automated verification is a possibility, but I need a better understanding of the risk before I propose a new tool. And getting a grasp on the risk was the intent of my original post. Is there anybody out there who is doing analysis on elaboration order? : - Bob -- --------------------------------------------------------------------- Michael J Cordes Phone: (817) 935-3823 Fax: (817) 935-3800 EMail: CordesMJ@lfwc.lockheed.com ---------------------------------------------------------------------