From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,INVALID_DATE autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,e258612d447226e4 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 1994-11-21 09:28:42 PST Path: nntp.gmd.de!xlink.net!howland.reston.ans.net!gatech!bloom-beacon.mit.edu!news.kei.com!eff!blanket.mitre.org!linus.mitre.org!linus!mbunix!eachus From: eachus@spectre.mitre.org (Robert I. Eachus) Newsgroups: comp.lang.ada Subject: Re: Range Check Query Date: 21 Nov 94 10:57:18 Organization: The Mitre Corp., Bedford, MA. Message-ID: References: <9411181527.AA08827@eurocontrol.de> <3alasi$9eg@gnat.cs.nyu.edu> NNTP-Posting-Host: spectre.mitre.org In-reply-to: dewar@cs.nyu.edu's message of 19 Nov 1994 11:58:58 -0500 Date: 1994-11-21T10:57:18+00:00 List-Id: In article <3alasi$9eg@gnat.cs.nyu.edu> dewar@cs.nyu.edu (Robert Dewar) writes: > First, that's not an easy check to do, it certainly doesn't fall out free, > because it requires the generalized notion of the subtype of a result, where > in the language we are only ever interested in the base type for operands > of an operator. Certainly it could be done with a special check. It is better done with a flow analysis that tracks ALL the values a scalar variable can have at that point in the program, and it is fairly useless to do this in Ada unless you are willing to not only do inter-procedural analysis, but to look at all units in the library (and create additional dependences...) > Second, are you really *sure* that you want this warning. Yes I know you > can suppress warnings, but the trick is to keep warnings useful so that > people don't need to suppress them in normal cases. IF you need this kind of compilation tool, then yes you do want the warning. It is not the sort of thing you do in a casual development environment. It is the sort of tool you want when doing safety-critical code, and under those conditions you sometimes want a warning for ANY statement that can cause a predefined exception to be raised. In fact, I have built tools to "browse" compiled code looking for the sequences for raising predefined exceptions. But you have to start with a "very smart" compiler for such a tool to be useful. > I an very dubious that this is a desirable approach It is, but it is not for ordinary software. > Robert Eachus' analysis of the original question is certainly quite > correct, there is no basis to expect range constraint to be raised > in either situation. Thanks, and I agree, except as mentioned above. It is a shame that any useable language definition requires that we allow erroneous programs to exist, but that reflects reality and Goedels' Proof. Even in safety-critical systems you sometimes need to write code which is technically erroneous, and there are cases where the compiler just can't help you--you need a good programmer who knows the potential pitfalls. The best you can hope for is a compiler that does a good job with warnings of saying "Here be Dragons." Is looking at all the possible places that exceptions can be raised worthwhile? Yes, I've found it so. When I have done it, again with ferociously optimized code, about one third to one forth of the occurrences tagged were potential errors. (Lines were tagged if they were not in the scope of a local exception handler, and could raise an exception.) On the other hand 90% of those potential errors were for situations only of concern in a safety analysis--for example, opening a file without a handler for Device_Error. -- Robert I. Eachus with Standard_Disclaimer; use Standard_Disclaimer; function Message (Text: in Clever_Ideas) return Better_Ideas is...