Re: What is the warning about builtin-function on gcc-4.6.0 ?

[Florian Weimer <fw@deneb.enyo.de>]

* Randy Brukardt:

> "Florian Weimer" <fw@deneb.enyo.de> wrote in message 
> news:8762r5hl2u.fsf@mid.deneb.enyo.de...
> ...
>>> If the compiler doesn't raise an exception on division by zero (it's
>>> allowed not to, and GNAT doesn't) it will (in this case) set the result
>>> to +Inf, and 'Valid will return False.
>>
>> My understanding is that an implementation must either raise
>> Constraint_Error, or the evaluation of an expression must result in a
>> valid value.
>
> Your understanding is wrong.
>
> The only real requirement on Ada math is that the resulting values are not 
> used in a way that causes erroneous execution (and there is even an explicit 
> hole allowing that for Unchecked_Conversion). Otherwise, using/producing an 
> "invalid value" is allowed in almost all contexts -- but it is a bounded 
> error so a compiler can raise an exception if it wants.

I'm bothered by this reasoning because it means that Ada compilers
don't have to implement any overflow checks on integer arithmetic.
This is at odds with the existing Ada literature, and existing ACATS
tests (C45632A, for example).

A concrete example: Suppose that A, B are of type Integer, and
Integer'Base has the same range as Integer, and A + B gives a
mathematical result outside this range.  The implementation chooses to
produce an "invalid value" for the result.  During actual execution on
real hardware, it is represented as the lower Integer'Size bits of the
result.  This representation will not cause erroneous execution on its
own, so it passes the test in 13.9.1.

> Also note that "abnormal" is something different from "invalid" (only scalar 
> objects can be invalid).

It's also not clear whether "abnormal" and "not normal" and "invalid"
and "not valid" are equivalent.  (You cannot detect values which are
conceptually invalid by inspecting the 'Valid attribute at run time
because it produces false negatives, but this is a different matter.)

> Data validity is a very complex subject; you can read 13.9.1 10
> times and get different impressions each time.

I don't think 13.9.1 comes into play at all.  It says what happens
with invalid representations, but doesn't say how they are produced.
(The standard doesn't say much at all about the behavior of Ada
programs if you can invoke 13.9.1 whenever it's convenient.)