Re: Concerning subscript bounds checks

[adam@irvine.com (Adam Beneschan)]

In article <dewar.835402601@schonberg> dewar@cs.nyu.edu (Robert Dewar) writes:
 >Richard said
 >
 >"The remaining 4 occur in this context:
 >    subtype Simplex_Range is Natural range 0 .. Point'Length;
 >    P: "array (Simplex_Range) of ..."
 >    Y: "array (Simplex_Range) of ..."
 >    X: Point;
 >    J: Simplex_Range;
 >    ...
 >    J := 0;             -- at the start, J = Simplex_Range'First
 >    for I in X'Range loop
 >        ...
 >        P(J) := ...
 >        Y(J) := ...
 >        J := J + 1;
 >    end loop;           -- at the end, J = Simplex_Range'Last
 >    P(J) := ...
 >    Y(J) := ...
 >end;
 >
 >A reasonably smart compiler should be able to tell that these four
 >subscripts are also safe.
 >"
 >
 >I suspect this judgment is based on informal reasoning ("well it is pretty
 >obvious to me that it can be figured out"). As always compiler optimizations,
 >particularly range analysis are always more complicated than they appear
 >from simple examples. Yes, a compiler could figure this out, but "reasonably
 >smart" is probably an underestimate. I would be surprised if many existing
 >compilers can figure even this particular one out.
 >
 >P.S. GNAT has not even started to think about optimizing checks yet,
 >you get junk checks even in simple loops. It's something we plan
 >to start work on soon!

Maybe I'm missing something, but it seems that the compiler should be
able to figure this out easily just from the fact that J is declared
as having subtype Simplex_Range.  If the program isn't erroneous, J
can never have a value outside Simplex_Range, and therefore no array
bounds checks should be necessary.

But is this still the case with Ada95, given the new definitions of
"bounded error" and the like?

In any case, if the declaration of J is changed to

    J : Natural;

then yes, the compiler's job would be harder.

                                -- Adam