From: Niklas Holsti <niklas.holsti@tidorum.invalid>
Subject: Re: Ada.Strings.Fixed.Count raises Storage_Error
Date: Wed, 29 Jun 2016 11:15:23 +0300
Date: 2016-06-29T11:15:23+03:00 [thread overview]
Message-ID: <dthecrFe9fjU1@mid.individual.net> (raw)
In-Reply-To: <bd07cd4b-6bfc-4cd0-83b9-a53bb3e7ecea@googlegroups.com>
On 16-06-27 02:23 , rieachus@comcast.net wrote:
> On Sunday, June 26, 2016 at 5:18:49 PM UTC-4, Victor Porton wrote:
>
>> Let's decide who of us will report the bug, so that the report
>> won't happen to be duplicate?
>
> How about no one reports this non-existent error?
There are IMO three bugs/errors here:
1. That AdaCore delivers a default RTS compiled with checks off, without
having ensured (by CodePeer &c) that checks cannot fail. This bug is
similar to AdaCore's original choice to have overflow checks disabled by
default (as I understand it, they are now enabled by default) but is
harder to work around for the average GNAT user. I understand that the
motivation is performance, but Ada is about correctness and reliability,
not about getting wrong answers quickly.
2. That an integer overflow manifests itself as a Storage_Error
exception, which is misleading. However, an overflow with checks off is
erroneous execution, I believe, so perhaps nothing can or should be done
about this bug.
3. The coding error in the library function Ada.Strings.Fixed.Count,
which is a very common and simple kind of error, and should surely be
corrected.
> This is a category
> of problem that the ARG decided long ago should be considered
> pathologies. The original case was a program that checked whether a
> task returned by a function was Terminated.
I don't see any connection between these problems. Can you give a
reference for the "original case", an AI number perhaps?
> A string which ends at Integer'Last is either huge enough to raise
> Storage_Error anyway, or a clever compiler test that exists only to
> make compiler developers lives miserable.
Such strings can also occur in tests of application programs, to check
that _their_ index arithmetic works without overflows. These test cases
may even be required, and automatically generated, to cover boundary values.
Writing loop code so that the counter and index arithmetic cannot cause
overflow should be normal practice for Ada programmers. If that makes us
miserable, we should be doing something else. And today we even have
tools like CodePeer that can find such mistakes by static analysis.
We make fun of C programs falling over when a coding error causes
wrap-around in a loop counter, for example. We expect Ada to be better.
> And as Randy pointed out anything is allowed to raise Storage_Error.
That Storage_Error is raised here is surely not intentional, but an
unexpected and misleading consequence of the erroneous behaviour of the
library function.
> but in this case (Strings ending at Integer'Last) no
> sensible user is going to run into the problem.
There are sensible uses of such Strings.
If your position is that predefined library subprograms should not be
expected to work for a String S with S'Last = Integer'Last, then it
would have been a simple matter for the ARG to define String with an
index subtype extending only to Integer'Last - 1.
--
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
. @ .
next prev parent reply other threads:[~2016-06-29 8:15 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-12 11:36 Ada.Strings.Fixed.Count raises Storage_Error Xavier Petit
2016-05-12 15:22 ` Tero Koskinen
2016-05-12 22:05 ` Georg Bauhaus
2016-06-26 21:18 ` Victor Porton
2016-06-26 23:23 ` rieachus
2016-06-27 0:21 ` Jeffrey R. Carter
2016-06-27 4:00 ` rieachus
2016-06-27 0:51 ` Xavier Petit
2016-06-27 4:48 ` rieachus
2016-06-28 18:25 ` Xavier Petit
2016-06-29 18:49 ` Niklas Holsti
2016-06-29 19:40 ` Jeffrey R. Carter
2016-06-29 19:57 ` Dmitry A. Kazakov
2016-07-01 11:48 ` rieachus
2016-07-01 13:08 ` Dmitry A. Kazakov
2016-06-27 8:29 ` Simon Wright
2016-06-27 8:41 ` Georg Bauhaus
2016-06-29 8:15 ` Niklas Holsti [this message]
2016-06-29 9:13 ` J-P. Rosen
2016-06-29 17:43 ` Niklas Holsti
2016-06-29 18:19 ` J-P. Rosen
2016-06-29 20:30 ` Robert A Duff
2016-06-30 5:38 ` Niklas Holsti
2016-07-01 10:40 ` rieachus
2016-07-01 10:55 ` J-P. Rosen
2016-07-01 12:17 ` rieachus
2016-07-01 12:55 ` G.B.
2016-06-27 12:52 ` Victor Porton
2016-05-12 22:56 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox