Re: Range Check Query

[eachus@spectre.mitre.org (Robert I. Eachus)]

In article <3alasi$9eg@gnat.cs.nyu.edu> dewar@cs.nyu.edu (Robert Dewar) writes:

 > First, that's not an easy check to do, it certainly doesn't fall out free,
 > because it requires the generalized notion of the subtype of a result, where
 > in the language we are only ever interested in the base type for operands
 > of an operator. Certainly it could be done with a special check.

   It is better done with a flow analysis that tracks ALL the values a
scalar variable can have at that point in the program, and it is
fairly useless to do this in Ada unless you are willing to not only do
inter-procedural analysis, but to look at all units in the library
(and create additional dependences...)

  > Second, are you really *sure* that you want this warning. Yes I know you
  > can suppress warnings, but the trick is to keep warnings useful so that
  > people don't need to suppress them in normal cases.

    IF you need this kind of compilation tool, then yes you do want
the warning.  It is not the sort of thing you do in a casual
development environment.  It is the sort of tool you want when doing
safety-critical code, and under those conditions you sometimes want a
warning for ANY statement that can cause a predefined exception to be
raised.  In fact, I have built tools to "browse" compiled code looking
for the sequences for raising predefined exceptions.

    But you have to start with a "very smart" compiler for such a tool
to be useful.

  > I an very dubious that this is a desirable approach

     It is, but it is not for ordinary software.

  > Robert Eachus' analysis of the original question is certainly quite
  > correct, there is no basis to expect range constraint to be raised
  > in either situation.

    Thanks, and I agree, except as mentioned above.  It is a shame
that any useable language definition requires that we allow erroneous
programs to exist, but that reflects reality and Goedels' Proof.  Even
in safety-critical systems you sometimes need to write code which is
technically erroneous, and there are cases where the compiler just
can't help you--you need a good programmer who knows the potential
pitfalls.  The best you can hope for is a compiler that does a good
job with warnings of saying "Here be Dragons."

    Is looking at all the possible places that exceptions can be
raised worthwhile?  Yes, I've found it so.  When I have done it, again
with ferociously optimized code, about one third to one forth of the
occurrences tagged were potential errors.  (Lines were tagged if they
were not in the scope of a local exception handler, and could raise an
exception.)  On the other hand 90% of those potential errors were for
situations only of concern in a safety analysis--for example, opening
a file without a handler for Device_Error.




--

					Robert I. Eachus

with Standard_Disclaimer;
use  Standard_Disclaimer;
function Message (Text: in Clever_Ideas) return Better_Ideas is...