From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,c840deaa6965e67a X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 1995-01-25 08:31:55 PST Newsgroups: comp.lang.ada Path: nntp.gmd.de!newsserver.jvnc.net!nntpserver.pppl.gov!princeton!udel!news.mathworks.com!news.kei.com!world!bobduff From: bobduff@world.std.com (Robert A Duff) Subject: Re: Memory overwrite? Message-ID: Organization: The World Public Access UNIX, Brookline, MA References: <3g2stg$i0u@miranda.gmrc.gecm.com> Date: Wed, 25 Jan 1995 16:31:55 GMT Date: 1995-01-25T16:31:55+00:00 List-Id: In article <3g2stg$i0u@miranda.gmrc.gecm.com>, R.A.L Williams wrote: >In article <1995Jan18.182039.7324@wdl.loral.com> Mark Biggar wrote: >: if i in index then >: a(i) := 0; >: else >: raise constraint_error; >: end if; > >: because an aggressive optimizer will notice that the if test is always true >: (in the absence of uninitialized variables, but uninitialized variables >: are erroneous, which allow any behaviour, so it can ignore the problem) >: and eliminate the test and the else branch completely. I just want to emphasize that this is no longer true in Ada 95. In Ada 95, the above will raise an exception if i is not in index, even if its because i is not initialized. >: Ada95 add the 'valid attribute to handle this problem. Not really. 'Valid is mainly for checking data that comes from Unchecked_Conversion, input, or from another language. These are isolated cases, and the programmer can use 'Valid as appropriate. But variables occur all over the place. It would not be feasible to put 'Valid checks all over the place, just to make sure you didn't forget to initialize a variable. Note the difference in these two cases: using an uninitialized variable is a bug, and there are numerous places where it *might* happen in any given program. Input data, on the other hand, is not under control of the programmer. Bad input data is not a program bug. And the number of places in a program that do input is relatively small. Again, using an uninitialized variable is *not* erroneous is Ada 95, so if an optimizer wants to eliminate a check, it has to prove that the check will not fail, even in the presence of uninitialized variables. There's also a feature in the Safety and Security annex that tells the compiler to initialize things to an out-of-range value (if it fits in the bits of the object), to increase the likelihood that using an uninitialized variable will cause the program to trip over a constraint check. - Bob