From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,ecc38b3271b36b88
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news3.google.com!feeder.news-service.com!kanaga.switch.ch!news-zh.switch.ch!switch.ch!news.belwue.de!LF.net!news.enyo.de!not-for-mail
From: Florian Weimer <fw@deneb.enyo.de>
Newsgroups: comp.lang.ada
Subject: Re: What is the warning about builtin-function on gcc-4.6.0 ?
Date: Sun, 27 Mar 2011 19:21:43 +0200
Message-ID: <87r59slbrs.fsf@mid.deneb.enyo.de>
References: <b7736fb9-8593-47cc-9ac5-58a95ff6be5f@34g2000pru.googlegroups.com>
	<87aagiclte.fsf@mid.deneb.enyo.de>
	<475d10ca-5d4e-490c-9b88-e12cd3cd3faa@b13g2000prf.googlegroups.com>
	<87d3lejjyv.fsf@mid.deneb.enyo.de>
	<6c748f70-7e75-49b4-a467-d1d2d6b24323@w9g2000prg.googlegroups.com>
	<m2d3leey0k.fsf@pushface.org> <87k4flhoeg.fsf@mid.deneb.enyo.de>
	<m28vw1g7wf.fsf@pushface.org> <8762r5hl2u.fsf@mid.deneb.enyo.de>
	<imm67s$49s$1@munin.nbi.dk> <87vcz5ot5z.fsf@mid.deneb.enyo.de>
	<wccaaggh5xg.fsf@shell01.TheWorld.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ruchba.enyo.de 1301246503 11632 172.17.135.6 (27 Mar 2011 17:21:43
 GMT)
X-Complaints-To: news@enyo.de
Cancel-Lock: sha1:hMevg2lxEIXivQ4iuXREv26OQ/c=
Xref: g2news1.google.com comp.lang.ada:18504
Date: 2011-03-27T19:21:43+02:00
List-Id: <comp.lang.ada>

* Robert A. Duff:

> Florian Weimer <fw@deneb.enyo.de> writes:
>
>> I'm bothered by this reasoning because it means that Ada compilers
>> don't have to implement any overflow checks on integer arithmetic.
>
> Randy was talking about floating point.  I'm not sure why the
> above follows from what Randy said, but anyway, the rules for
> integer arithmetic are:

Okay, back one step.  I can't find the language rule which allows
floating point arithmetic to produce invalid values (or objects with
invalid representation, if you will).

Is this about 3.5.6(7/2)?

| For the execution of a predefined operation of a real type, the
| implementation need not raise Constraint_Error if the result is
| outside the base range of the type, so long as the correct result is
| produced, or the Machine_Overflows attribute of the type is False
| (see*note G.2).

In the typical i386 case, this simplifies to:

| For the execution of a predefined operation of a real type, the
| implementation need not raise Constraint_Error if the result is
| outside the base range of the type.

This means that my initial assessment that a false value for 'Valid
indicates a compiler bug was wrong.

>>...(You cannot detect values which are
>> conceptually invalid by inspecting the 'Valid attribute at run time
>> because it produces false negatives, but this is a different matter.)
>
> I'm not sure what you mean.  How can 'Valid produce false negatives?

The language rules define that a certain point of execution, an object
has an invalid representation (and a compiler may assume it has).  But
this might not be visible on the hardware during actual execution
because the invalid representation is, by sheer luck, valid for the
type of the object.