From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.157.33.43 with SMTP id i40mr12734749otb.2.1459865234913; Tue, 05 Apr 2016 07:07:14 -0700 (PDT) X-Received: by 10.182.125.37 with SMTP id mn5mr385115obb.10.1459865234808; Tue, 05 Apr 2016 07:07:14 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!news.glorb.com!nt3no7988593igb.0!news-out.google.com!u9ni554igk.0!nntp.google.com!nt3no7988589igb.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Tue, 5 Apr 2016 07:07:14 -0700 (PDT) In-Reply-To: <4b5fb0cb-2dbd-47c1-a5e2-41d4ffcab84e@googlegroups.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=2a02:120b:7f3:dcd0:f806:212b:2dfc:b2eb; posting-account=DQbqYQoAAACn8hHn2LmG2aF7Mhbxl_Lf NNTP-Posting-Host: 2a02:120b:7f3:dcd0:f806:212b:2dfc:b2eb References: <3be79ab3-ebc7-4169-9713-d50349662403@googlegroups.com> <4b5fb0cb-2dbd-47c1-a5e2-41d4ffcab84e@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <531318fc-daf0-4f4e-bc82-2b48699f3cb5@googlegroups.com> Subject: Re: Uninitialized out parameters. From: ahlan@marriott.org Injection-Date: Tue, 05 Apr 2016 14:07:14 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Xref: news.eternal-september.org comp.lang.ada:29993 Date: 2016-04-05T07:07:14-07:00 List-Id: On Tuesday, April 5, 2016 at 3:17:46 PM UTC+2, riea...@comcast.net wrote: > On Tuesday, April 5, 2016 at 8:02:51 AM UTC-4, ah...@marriott.org wrote: > > Hi, > >=20 > > Is this a GNAT (GPL-2015) bug or my not understanding Ada? > >=20 > > I was surprised that I could compile > > procedure Test (V : out Positive) is null; > >=20 > > and even more by the results of calling the procedure=20 > >=20 > > V : Positive; > > begin > > Test (V); > > Ada.Text_IO.Put_Line ("V:" & V'img); > >=20 > > The value zero is output, which because V is positive should be impossi= ble. > >=20 > > I would have thought that null procedures with out parameters would fai= l to compile.=20 > >=20 > > Opinions anyone? > >=20 > > MfG > > Ahlan >=20 > There are two issues here. One is whether this program is 'legal' Ada. S= hort answer, there are many, many more Ada programs than Ada programs that = "make sense." This is just another example. The second issue? Are compil= ers allowed to warn you about this code? Sure. But why allow it? Right n= ow I am working on a generic package where GNAT warns me that some of the c= ode in an instantiation will Constraint_Error if executed. But it can only = be reached if the generic is instantiated with a generic formal such that t= he code will not raise an error. I'll add pragma Suppress (Index_Check) be= fore I'm done, but for now, if a fifth warning shows up, I'll know to be co= ncerned. ;-) >=20 > Is it possible to write code which will only raise an error if Fermat's L= ast Theorem is false? Sure, I've done it. I did it just to show that a pr= oposal for elaboration order checking was flawed. The ARG navigates a fine= line between allowing all useful programs to be written, and requiring com= pilers to do tons of checks for unintended errors. Look for example at 6.5= .1 Nonreturning procedures. >=20 > Is it meaningful for a nonreturning procedure to set an out parameter? S= hould a compiler be required to make that check? (Either for or against.) = The answer is that Ada is used in many contexts where nonreturning procedur= es are meaningful--I normally did so in flight guidance software. For mann= ed aircraft you certainly want to be sure that the main processing loop nev= er exits while power is on. But the intersection of a parameter check and = nonreturning procedures (whatever you would expect that check to do) is jus= t making unnecessary work for the compiler. Similarly a procedure may be c= alled with an out parameter that already has a value. So it is the program= mer's job to deal with the union of these issues in a sensible way. >=20 > Could GNAT (or any other) compiler provide a warning? Sure, and it does: >=20 > procedure NoSet is > Counter: Positive; > procedure Reset (V : out Positive; > User_Check: Boolean :=3D True) is > function Ask_User return Boolean is begin return True; end; -- TBD > begin > if User_Check and then Ask_User then return; end if; > V :=3D 1; > end Reset; > begin > Reset(Counter); > end NoSet; >=20 > gnatmake -O3 noset.adb > gcc -c -O3 noset.adb > noset.adb:7:42: warning: "out" parameter "V" not set before return > gnatbind -x noset.ali > gnatlink noset.ali -O3 >=20 > Compilation finished at Tue Apr 05 09:13:54 Hi, You write "Could GNAT (or any other) compiler provide a warning? Sure, and it does: = " but that's my whole point - GNAT doesn't in my example. And I feel that it should. A null procedure is NOT a non-returning procedure - it does return and more= over in my example actually returns an illegal value! In my gpr I compile with package Compiler is for Default_Switches ("ada") use ("-O1", "-gnatQ", "-gnato", "-g", "-= gnat12", "-gnatwcehijkmopruvz.c.n.p.t.w.x", = "-gnatykmpM120"); end Compiler; Is there a warning that I need to explicitly switch on in order that GNAT c= hecks for out parameters in null procedures? MfG Ahlan