From: dewar@cs.nyu.edu (Robert Dewar)
Subject: Re: next "big" language?? (disagree)
Date: 1996/06/30
Date: 1996-06-30T00:00:00+00:00 [thread overview]
Message-ID: <dewar.836156361@schonberg> (raw)
In-Reply-To: 4r56dg$1k4@mulga.cs.mu.OZ.AU
Fergus said:
"But it *does* affect the behaviour!
Are the people who want this model asking for the impossible?"
Maybe I was not clear enough, because at least informally, it is easy
enough to understand what is wanted.
The word behavior was confusing in my original note, because I was
talking about the behavior of the compiler, not the behavior of the
program.
What is wanted is that the code generated not be affected by the presence
of assert, so you can stick in asserts without affecting the code. Now that's
a little bit of a self-contradiction, since obviously there is code for the
assert itself if it is turned on, so more accurately (and this is why it is
hard to characterize this requirement), the requirement is to minimize the
effect on the generated code.
For example, suppose we write:
x := y / z;
and we get a divide by zero error from the generated code. Now there are
two reasons for this. Either z is zero, or there is something wrong with
the generated code. Now suppose we add an assertion:
pragma Assert (z /= 0);
x := y / z;
and we run the code and this time get no error. Well that's confusing. The
probably explanation is that the assert is intefering and changing the
generated code. In particular, the most likely cause of getting no error is
that indeed z is non-zero, and that the compiler now generates different
(correct) code for the division, omitting the faulty check for a zero
divisor.
If your assert is non-intrusive according to the definition (or rather
informal description) above, then you will get a division by zero error
at the divide, even though the assertion does not fail.
Well that's still a puzzle, but leaves things clearer. Note that we are
not necessarily talking about improper code generation from the compiler,
erroneous programs can cause this difficulty. For example, suppose the
definition of z is:
z : integer range 1 .. 10;
now the compiler can legitimately use 32 bits to represent z, but it can
also legitimately assume that the value is in the range 1 .. 10.
It would therefore be fine for the assert to check only the low order 8 bits
of the 32 bits, and the divide to use all 32 bits. This would result in the
anomolous behavior perceived.
(in the case where z was in fact uninitialized or otherwise abnormal)
The notion of the non-intrusive assert ("please compiler, don't try to
figure out things from the assert, compile it in isolation and do not
let it affect other code") is particularly valuable in the presence of
errors in the compiler code generator, or in the case of erroneous
programs. In either case, the additional deductions the compiler does
from the assert (which of course might even be wrong themselves) can
make it harder to figure out what is going on.
I hope this is clear enough to understand this point of view. One thing
for sure is that it is essential to understand all three points of view
before starting off to design language features in this area. I am not
saying you have to agree with all points of view, but you definitely
have to make the effort to fully understand them.
next prev parent reply other threads:[~1996-06-30 0:00 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4p0fdd$4ml@news.atlantic.net>
1996-06-04 0:00 ` next "big" language?? (disagree) Peter Hermann
1996-06-04 0:00 ` The Amorphous Mass
1996-06-04 0:00 ` Robert Dewar
1996-06-06 0:00 ` Ken Garlington
1996-06-12 0:00 ` Help making ada pretty CSC Trusted Systems Group
1996-06-14 0:00 ` Sandy McPherson
1996-06-19 0:00 ` Ruediger Berlich
1996-06-04 0:00 ` next "big" language?? (disagree) Peter Hermann
1996-06-04 0:00 ` The Amorphous Mass
1996-06-05 0:00 ` Michael David WINIKOFF
1996-06-07 0:00 ` Robert Dewar
1996-06-05 0:00 ` Ian Ward
1996-06-05 0:00 ` The Amorphous Mass
1996-06-08 0:00 ` Robert Dewar
1996-06-08 0:00 ` The Amorphous Mass
1996-06-09 0:00 ` Robert Dewar
1996-06-08 0:00 ` Robert Dewar
1996-06-05 0:00 ` ++ robin
1996-06-05 0:00 ` Ian Ward
1996-06-05 0:00 ` Ian Ward
1996-06-06 0:00 ` Richard Riehle
1996-06-07 0:00 ` Richard Riehle
1996-06-08 0:00 ` O'Connor
1996-06-07 0:00 ` Robert Dewar
1996-06-10 0:00 ` Richard Riehle
1996-06-11 0:00 ` ++ robin
1996-06-11 0:00 ` James_Rogers
1996-06-11 0:00 ` Kevin J. Weise
1996-06-11 0:00 ` David Weller
1996-06-11 0:00 ` Chris Warack <sys mgr>
1996-06-11 0:00 ` ++ robin
1996-06-11 0:00 ` Ian Ward
1996-06-12 0:00 ` ++ robin
1996-06-12 0:00 ` Ian Ward
1996-06-11 0:00 ` Jon S Anthony
[not found] ` <4p60nk$imd@euas20.eua.ericsson.se>
[not found] ` <4p8lmq$oq7@goanna.cs.rmit.edu.au>
1996-06-11 0:00 ` ++ robin
1996-06-11 0:00 ` A. Grant
1996-06-12 0:00 ` Robert Dewar
1996-06-17 0:00 ` A. Grant
1996-06-18 0:00 ` Robert Dewar
1996-06-24 0:00 ` Robert I. Eachus
1996-06-26 0:00 ` Norman H. Cohen
1996-06-19 0:00 ` Jon S Anthony
1996-06-20 0:00 ` Robert Dewar
1996-06-24 0:00 ` Keith Thompson
1996-06-25 0:00 ` Robert A Duff
1996-06-25 0:00 ` Simon Read
1996-06-24 0:00 ` Dale Stanbrough
1996-06-24 0:00 ` Lars Duening
1996-06-24 0:00 ` hopkinc
1996-06-24 0:00 ` Assertions (was: Re: next "big" language?? (disagree)) Robert A Duff
1996-06-24 0:00 ` Robert Dewar
1996-06-25 0:00 ` Robert A Duff
1996-06-28 0:00 ` Robert Dewar
1996-06-24 0:00 ` Assertions (a different intent?) Gary McKee
[not found] ` <4qrljg$15l8@watnews1.watson.ibm.com>
1996-06-28 0:00 ` Assertions (was: Re: next "big" language?? (disagree)) Robert Dewar
1996-06-24 0:00 ` next "big" language?? (disagree) Robert Dewar
1996-06-24 0:00 ` Adam Beneschan
1996-06-26 0:00 ` Marc C. Brooks
1996-06-26 0:00 ` Marc C. Brooks
[not found] ` <4qsbm7$r1s@Starbase.NeoSoft.COM>
1996-06-28 0:00 ` "Assert"? "Assume"? (was: next "big" language?? (disagree)) Alexander Bunkenburg
1996-06-28 0:00 ` Ian Collier
1996-07-01 0:00 ` Cameron Laird
1996-06-24 0:00 ` next "big" language?? (disagree) Adam Beneschan
1996-06-25 0:00 ` Darin Johnson
1996-06-26 0:00 ` Dale Stanbrough
1996-06-26 0:00 ` A. Grant
1996-06-25 0:00 ` Brian Nettleton @pulsar
1996-06-26 0:00 ` Robert Dewar
1996-06-28 0:00 ` Fergus Henderson
1996-06-28 0:00 ` Robert Dewar
1996-06-30 0:00 ` Fergus Henderson
1996-06-30 0:00 ` Robert Dewar [this message]
1996-06-12 0:00 ` ++ robin
1996-06-12 0:00 ` A. Grant
1996-06-14 0:00 ` Richard A. O'Keefe
1996-06-12 0:00 ` Richard A. O'Keefe
1996-06-12 0:00 ` ++ robin
1996-06-12 0:00 ` Richard A. O'Keefe
1996-06-13 0:00 ` ++ robin
1996-06-13 0:00 ` ++ robin
1996-06-12 0:00 ` Jon S Anthony
1996-06-14 0:00 ` Jon S Anthony
1996-06-15 0:00 ` Jon S Anthony
1996-06-18 0:00 ` Adam Beneschan
1996-06-18 0:00 ` Jon S Anthony
1996-06-28 0:00 ` Assertions (an heretic view) Michel Gauthier
1996-06-28 0:00 ` Robert Dewar
1996-06-28 0:00 ` Robert A Duff
1996-06-06 0:00 ` next "big" language?? (disagree) Dale Pontius
1996-06-11 0:00 ` Jon S Anthony
1996-06-12 0:00 ` Help making ada pretty Pedro de las Heras
1996-06-18 0:00 ` next "big" language?? (disagree) ++ robin
1996-06-07 0:00 Ian Ward
1996-06-08 0:00 ` O'Connor
1996-06-10 0:00 ` Matt Kennel
1996-06-11 0:00 ` Ian Ward
1996-06-12 0:00 ` Norman H. Cohen
1996-06-11 0:00 ` Robb Nebbe
1996-06-09 0:00 ` Robert Dewar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox