Re: Ada.Strings.Fixed.Count raises Storage_Error

[Niklas Holsti <niklas.holsti@tidorum.invalid>]

On 16-06-27 02:23 , rieachus@comcast.net wrote:
> On Sunday, June 26, 2016 at 5:18:49 PM UTC-4, Victor Porton wrote:
>
>> Let's decide who of us will report the bug, so that the report
>> won't happen to be duplicate?
>
> How about no one reports this non-existent error?

There are IMO three bugs/errors here:

1. That AdaCore delivers a default RTS compiled with checks off, without 
having ensured (by CodePeer &c) that checks cannot fail. This bug is 
similar to AdaCore's original choice to have overflow checks disabled by 
default (as I understand it, they are now enabled by default) but is 
harder to work around for the average GNAT user. I understand that the 
motivation is performance, but Ada is about correctness and reliability, 
not about getting wrong answers quickly.

2. That an integer overflow manifests itself as a Storage_Error 
exception, which is misleading. However, an overflow with checks off is 
erroneous execution, I believe, so perhaps nothing can or should be done 
about this bug.

3. The coding error in the library function Ada.Strings.Fixed.Count, 
which is a very common and simple kind of error, and should surely be 
corrected.

> This is a category
> of problem that the ARG decided long ago should be considered
> pathologies.   The original case was a program that checked whether a
> task returned by a function was Terminated.

I don't see any connection between these problems. Can you give a 
reference for the "original case", an AI number perhaps?

> A string which ends at Integer'Last is either huge enough to raise
> Storage_Error anyway, or a clever compiler test that exists only to
> make compiler developers lives miserable.

Such strings can also occur in tests of application programs, to check 
that _their_ index arithmetic works without overflows. These test cases 
may even be required, and automatically generated, to cover boundary values.

Writing loop code so that the counter and index arithmetic cannot cause 
overflow should be normal practice for Ada programmers. If that makes us 
miserable, we should be doing something else. And today we even have 
tools like CodePeer that can find such mistakes by static analysis.

We make fun of C programs falling over when a coding error causes 
wrap-around in a loop counter, for example. We expect Ada to be better.

> And as Randy pointed out anything is allowed to raise Storage_Error.

That Storage_Error is raised here is surely not intentional, but an 
unexpected and misleading consequence of the erroneous behaviour of the 
library function.

> but in this case (Strings ending at Integer'Last) no
> sensible user is going to run into the problem.

There are sensible uses of such Strings.

If your position is that predefined library subprograms should not be 
expected to work for a String S with S'Last = Integer'Last, then it 
would have been a simple matter for the ARG to define String with an 
index subtype extending only to Integer'Last - 1.

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .