From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,ecc38b3271b36b88 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news4.google.com!feeder.news-service.com!kanaga.switch.ch!news-zh.switch.ch!switch.ch!news.belwue.de!LF.net!news.enyo.de!not-for-mail From: Florian Weimer Newsgroups: comp.lang.ada Subject: Re: What is the warning about builtin-function on gcc-4.6.0 ? Date: Sun, 27 Mar 2011 10:37:44 +0200 Message-ID: <87vcz5ot5z.fsf@mid.deneb.enyo.de> References: <87aagiclte.fsf@mid.deneb.enyo.de> <475d10ca-5d4e-490c-9b88-e12cd3cd3faa@b13g2000prf.googlegroups.com> <87d3lejjyv.fsf@mid.deneb.enyo.de> <6c748f70-7e75-49b4-a467-d1d2d6b24323@w9g2000prg.googlegroups.com> <87k4flhoeg.fsf@mid.deneb.enyo.de> <8762r5hl2u.fsf@mid.deneb.enyo.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ruchba.enyo.de 1301215065 2797 172.17.135.6 (27 Mar 2011 08:37:45 GMT) X-Complaints-To: news@enyo.de Cancel-Lock: sha1:SomCi4ovI9Vdu9Dn4VmznePl6fM= Xref: g2news2.google.com comp.lang.ada:19464 Date: 2011-03-27T10:37:44+02:00 List-Id: * Randy Brukardt: > "Florian Weimer" wrote in message > news:8762r5hl2u.fsf@mid.deneb.enyo.de... > ... >>> If the compiler doesn't raise an exception on division by zero (it's >>> allowed not to, and GNAT doesn't) it will (in this case) set the result >>> to +Inf, and 'Valid will return False. >> >> My understanding is that an implementation must either raise >> Constraint_Error, or the evaluation of an expression must result in a >> valid value. > > Your understanding is wrong. > > The only real requirement on Ada math is that the resulting values are not > used in a way that causes erroneous execution (and there is even an explicit > hole allowing that for Unchecked_Conversion). Otherwise, using/producing an > "invalid value" is allowed in almost all contexts -- but it is a bounded > error so a compiler can raise an exception if it wants. I'm bothered by this reasoning because it means that Ada compilers don't have to implement any overflow checks on integer arithmetic. This is at odds with the existing Ada literature, and existing ACATS tests (C45632A, for example). A concrete example: Suppose that A, B are of type Integer, and Integer'Base has the same range as Integer, and A + B gives a mathematical result outside this range. The implementation chooses to produce an "invalid value" for the result. During actual execution on real hardware, it is represented as the lower Integer'Size bits of the result. This representation will not cause erroneous execution on its own, so it passes the test in 13.9.1. > Also note that "abnormal" is something different from "invalid" (only scalar > objects can be invalid). It's also not clear whether "abnormal" and "not normal" and "invalid" and "not valid" are equivalent. (You cannot detect values which are conceptually invalid by inspecting the 'Valid attribute at run time because it produces false negatives, but this is a different matter.) > Data validity is a very complex subject; you can read 13.9.1 10 > times and get different impressions each time. I don't think 13.9.1 comes into play at all. It says what happens with invalid representations, but doesn't say how they are produced. (The standard doesn't say much at all about the behavior of Ada programs if you can invoke 13.9.1 whenever it's convenient.)