From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Subject: Re: Unconstrained base subtype questions
Date: Thu, 31 Mar 2011 23:09:49 +0200
Date: 2011-03-31T23:09:49+02:00 [thread overview]
Message-ID: <8762qzm1ya.fsf@ludovic-brenta.org> (raw)
In-Reply-To: in2nv8$v3e$1@dont-email.me
"Alex Mentis" <foo@invalid.invalid> writes:
> The following does not cause a constraint error in my version of GNAT
> on my system:
>
> ...
>
> Integer_Result := (Integer'Last + Integer'Last) / 2;
>
> ...
>
>
> If I understand correctly, this is because the Integer operators are
> defined for operands of type Integer'Base, which is an unconstrained
> subtype and allows the operands to be stored in extended-length
> registers so that intermediate values in calculations do not overflow.
>
> My questions are:
>
> 1) Do I understand correctly what's going on?
I suspect you compiled without the secret -gnato option, which enables
overflow checking. Yes, by default GNAT omits these checks and is
therefore not strictly speaking a compliant Ada compiler.
With gnat-4.4 I even get:
$ gnatmake -g -O2 -gnato f
gcc-4.4 -c -g -O2 -gnato f.adb
f.adb:4:11: warning: value not in range of type "Standard.Integer"
f.adb:4:11: warning: "Constraint_Error" will be raised at run time
gnatbind -x f.ali
gnatlink f.ali -g
> 2) Does the language make any guarantees about preventing spurious
> overflow, or am I just getting lucky with my compiler/architecture? If
> guarantees are made by the language, what are they?
I'm not sure what you mean by "spurious overflow" (as opposed to
"overflow") but:
- static constants must be computed without any overflow checks at
compile time (ARM 4.9(33)); this means that intermediate values can be
arbitrarily large or small (ARM 4.9(35/2)) but the final result must
be in the range specified for the constant. If not, the compiler
reports an error.
- during execution, there are two kinds of overflow checks.
Intermediate results must lie within the "base range of the type"
which, for all intents and purposes, is the full range of
[[Long_]Long_]Integer (ARM 4.5.4(20)). So, if an intermediate value
exceeds e.g. Integer'Last you get a Constraint_Error.
- At the end of a computation, the result is either assigned to a
variable, a constant, or a subprogram parameter. This assignment
involves a conversion to the target subtype, the range of which may be
smaller than the base range of the type, and this conversion includes
an overflow check (ARM 4.6(51/2)) which must raise Constraint_Error if
it fails (ARM 4.6(57)).
For example:
type T is range 1 .. 10;
A : T := 95 - 90; -- OK
See also
http://en.wikibooks.org/wiki/Ada_Programming/Type_System#Elaborated_Discussion_of_Types_for_Signed_Integer_Types
HTH
--
Ludovic Brenta.
next prev parent reply other threads:[~2011-03-31 21:09 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-31 20:25 Unconstrained base subtype questions Alex Mentis
2011-03-31 21:09 ` Ludovic Brenta [this message]
2011-03-31 21:26 ` Alex Mentis
2011-03-31 21:36 ` Ludovic Brenta
2011-03-31 22:18 ` Adam Beneschan
2011-03-31 21:10 ` Adam Beneschan
2011-03-31 21:18 ` Simon Wright
2011-03-31 21:24 ` Randy Brukardt
2011-03-31 21:51 ` Alex Mentis
2011-04-01 8:20 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox