Re: Uninitialized out parameters.

[ahlan@marriott.org]

On Tuesday, April 5, 2016 at 3:17:46 PM UTC+2, riea...@comcast.net wrote:
> On Tuesday, April 5, 2016 at 8:02:51 AM UTC-4, ah...@marriott.org wrote:
> > Hi,
> > 
> > Is this a GNAT (GPL-2015) bug or my not understanding Ada?
> > 
> > I was surprised that I could compile
> >   procedure Test (V : out Positive) is null;
> > 
> > and even more by the results of calling the procedure 
> > 
> >   V : Positive;
> > begin
> >   Test (V);
> >   Ada.Text_IO.Put_Line ("V:" & V'img);
> > 
> > The value zero is output, which because V is positive should be impossible.
> > 
> > I would have thought that null procedures with out parameters would fail to compile. 
> > 
> > Opinions anyone?
> > 
> > MfG
> > Ahlan
> 
> There are two issues here. One is whether this program is 'legal' Ada.  Short answer, there are many, many more Ada programs than Ada programs that "make sense."  This is just another example.  The second issue?  Are compilers allowed to warn you about this code?  Sure.  But why allow it?  Right now I am working on a generic package where GNAT warns me that some of the code in an instantiation will Constraint_Error if executed. But it can only be reached if the generic is instantiated with a generic formal such that the code will not raise an error.  I'll add pragma Suppress (Index_Check) before I'm done, but for now, if a fifth warning shows up, I'll know to be concerned. ;-)
> 
> Is it possible to write code which will only raise an error if Fermat's Last Theorem is false?  Sure, I've done it.  I did it just to show that a proposal for elaboration order checking was flawed.  The ARG navigates a fine line between allowing all useful programs to be written, and requiring compilers to do tons of checks for unintended errors.  Look for example at 6.5.1 Nonreturning procedures.
> 
> Is it meaningful for a nonreturning procedure to set an out parameter?  Should a compiler be required to make that check? (Either for or against.)  The answer is that Ada is used in many contexts where nonreturning procedures are meaningful--I normally did so in flight guidance software.  For manned aircraft you certainly want to be sure that the main processing loop never exits while power is on.  But the intersection of a parameter check and nonreturning procedures (whatever you would expect that check to do) is just making unnecessary work for the compiler.  Similarly a procedure may be called with an out parameter that already has a value.  So it is the programmer's job to deal with the union of these issues in a sensible way.
> 
> Could GNAT (or any other) compiler provide a warning?  Sure, and it does:
> 
> procedure NoSet is
>   Counter: Positive;
>   procedure Reset (V : out Positive;
>                    User_Check: Boolean := True) is
>     function Ask_User return Boolean is begin return True; end; -- TBD
>   begin
>     if User_Check and then Ask_User then return; end if;
>     V := 1;
>   end Reset;
> begin
>   Reset(Counter);
> end NoSet;
> 
> gnatmake -O3 noset.adb
> gcc -c -O3 noset.adb
> noset.adb:7:42: warning: "out" parameter "V" not set before return
> gnatbind -x noset.ali
> gnatlink noset.ali -O3
> 
> Compilation finished at Tue Apr 05 09:13:54

Hi,
You write
"Could GNAT (or any other) compiler provide a warning?  Sure, and it does: "
but that's my whole point - GNAT doesn't in my example.
And I feel that it should.
A null procedure is NOT a non-returning procedure - it does return and moreover in my example actually returns an illegal value!

In my gpr I compile with
   package Compiler is
      for Default_Switches ("ada") use ("-O1", "-gnatQ", "-gnato", "-g", "-gnat12",
                                        "-gnatwcehijkmopruvz.c.n.p.t.w.x", "-gnatykmpM120");
   end Compiler;

Is there a warning that I need to explicitly switch on in order that GNAT checks for out parameters in  null procedures?

MfG
Ahlan