From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,b3c479d8e293030d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news4.google.com!feeder3.cambriumusenet.nl!feed.tweaknews.nl!193.201.147.78.MISMATCH!feeder.news-service.com!85.214.198.2.MISMATCH!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: Ludovic Brenta Newsgroups: comp.lang.ada Subject: Re: Unconstrained base subtype questions Date: Thu, 31 Mar 2011 23:09:49 +0200 Organization: A noiseless patient Spider Message-ID: <8762qzm1ya.fsf@ludovic-brenta.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: mx02.eternal-september.org; posting-host="7aJR7Z6rvBMZc2WfcNJCXQ"; logging-data="30441"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+1f8FU013HyEpBOLC+HvjN" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) Cancel-Lock: sha1:7xbTsKIDTK4ABW3C4EuNQmnqihw= sha1:kBw412fl1QM9jEBCmZRFRTj0j0o= Xref: g2news2.google.com comp.lang.ada:19604 Date: 2011-03-31T23:09:49+02:00 List-Id: "Alex Mentis" writes: > The following does not cause a constraint error in my version of GNAT > on my system: > > ... > > Integer_Result := (Integer'Last + Integer'Last) / 2; > > ... > > > If I understand correctly, this is because the Integer operators are > defined for operands of type Integer'Base, which is an unconstrained > subtype and allows the operands to be stored in extended-length > registers so that intermediate values in calculations do not overflow. > > My questions are: > > 1) Do I understand correctly what's going on? I suspect you compiled without the secret -gnato option, which enables overflow checking. Yes, by default GNAT omits these checks and is therefore not strictly speaking a compliant Ada compiler. With gnat-4.4 I even get: $ gnatmake -g -O2 -gnato f gcc-4.4 -c -g -O2 -gnato f.adb f.adb:4:11: warning: value not in range of type "Standard.Integer" f.adb:4:11: warning: "Constraint_Error" will be raised at run time gnatbind -x f.ali gnatlink f.ali -g > 2) Does the language make any guarantees about preventing spurious > overflow, or am I just getting lucky with my compiler/architecture? If > guarantees are made by the language, what are they? I'm not sure what you mean by "spurious overflow" (as opposed to "overflow") but: - static constants must be computed without any overflow checks at compile time (ARM 4.9(33)); this means that intermediate values can be arbitrarily large or small (ARM 4.9(35/2)) but the final result must be in the range specified for the constant. If not, the compiler reports an error. - during execution, there are two kinds of overflow checks. Intermediate results must lie within the "base range of the type" which, for all intents and purposes, is the full range of [[Long_]Long_]Integer (ARM 4.5.4(20)). So, if an intermediate value exceeds e.g. Integer'Last you get a Constraint_Error. - At the end of a computation, the result is either assigned to a variable, a constant, or a subprogram parameter. This assignment involves a conversion to the target subtype, the range of which may be smaller than the base range of the type, and this conversion includes an overflow check (ARM 4.6(51/2)) which must raise Constraint_Error if it fails (ARM 4.6(57)). For example: type T is range 1 .. 10; A : T := 95 - 90; -- OK See also http://en.wikibooks.org/wiki/Ada_Programming/Type_System#Elaborated_Discussion_of_Types_for_Signed_Integer_Types HTH -- Ludovic Brenta.