From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,c4cb2c432feebd9d
X-Google-Thread: 1094ba,c4cb2c432feebd9d
X-Google-Thread: 101deb,15c6ed4b761968e6
X-Google-Attributes: gid103376,gid1094ba,gid101deb,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news2.google.com!news4.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!t-online.de!syros.belnet.be!ikaria.belnet.be!news.belnet.be!not-for-mail
From: dirk@apollo.cs.kuleuven.ac.be (Dirk Craeynest)
Newsgroups: comp.lang.ada,comp.lang.fortran,comp.lang.pl1
Subject: Re: Checking for Undefined
Date: 26 May 2006 09:54:32 +0200
Organization: Ada-Belgium, c/o Dept. of Computer Science, K.U.Leuven
Message-ID: <e56c7o$94o$1@apollo.cs.kuleuven.ac.be>
References: <mubcg.13522$fb2.853@newssvr27.news.prodigy.net>
 <1hfv5wb.1x4ab1tbdzk7eN%nospam@see.signature>
 <pan.2006.05.25.12.11.52.919554@linuxchip.demon.co.uk.u
 <m2r72h69vz.fsf@grendel.local>
NNTP-Posting-Host: seven.kulnet.kuleuven.ac.be
X-Trace: ikaria.belnet.be 1148630073 3350 134.58.127.12 (26 May 2006 07:54:33
 GMT)
X-Complaints-To: abuse@belnet.be
NNTP-Posting-Date: Fri, 26 May 2006 07:54:33 +0000 (UTC)
Cache-Post-Path: seven.kulnet.kuleuven.ac.be!unknown@apollo.cs.kuleuven.ac.be
X-Cache: nntpcache 2.4.0b5 (see http://www.nntpcache.org/)
Xref: g2news2.google.com comp.lang.ada:4487 comp.lang.fortran:10282
 comp.lang.pl1:1734
Date: 2006-05-26T09:54:32+02:00
List-Id: <comp.lang.ada>

>Gordon Sande <g.sande@worldnet.att.net> writes:
>> I am getting the impression from the silence of the cross postings
>> that undefined checking has only shown up in Fortran systems.  [...]

Simon Wright  <simon@pushface.org> wrote:
>The pro version of GNAT (I don't know about the FSF version) has
>optional initialization with out-of-range values and checking even in
>places where it normally would be omitted because the compiler would
>assume it had already done the checks.

Pragma Initialize_Scalars together with improved control over validity
checking was introduced in GNAT in the 2001-2002 time frame.

As such, *early* versions are included already in GNAT 3.15p [1], which
was released in October 2002.  The implementation has been fine-tuned
and further improved in later GNAT releases, i.e. the GNAT Pro, GNAT
Academic, and GNAT GPL editions [2], as well as in the FSF version [3].

>This only works if there _are_ out-of-range values, so Integer can't
>be checked. Normally the recommendation is to define types appropriate
>to the application, so checks are possible.

True, but even for types without out-of-range values, there's help.

With GNAT, you can control the value used for initializing scalar objects.
Apart from using invalid values (where possible), you can also choose to
use high or low values, or with a specified bit pattern.  Running your
application tests with various such settings and checking for differences
in the results helps to detect the use of uninitialized variables.


For much more about uninitialized variables in Ada code, the following
paper might be useful:

  "Exposing Uninitialized Variables: Strengthening and Extending
  Run-Time Checks in Ada" [4],
  Robert Dewar, Olivier Hainque, Dirk Craeynest, and Philippe
  Waroquiers,
  In "Proceedings of the 7th International Conference on Reliable
  Software Technologies - Ada-Europe 2002" [5], Vienna, Austria,
  June 17-21, 2002, Johan Blieberger and Alfred Strohmeier (Eds.),
  volume 2361 of Lecture Notes in Computer Science, pages 193-204,
  Springer-Verlag, 2002.

The GNAT manuals provide more information on GNAT's pragma
Initialize_Scalars [6] and on enhanced validity checking [7].
Reference [6] mentions:

  ---start-quote---

  Note that pragma Initialize_Scalars is particularly useful in
  conjunction with the enhanced validity checking that is now provided
  in GNAT, which checks for invalid values under more conditions.
  Using this feature (see description of the -gnatV flag in the users
  guide) in conjunction with pragma Initialize_Scalars provides a
  powerful new tool to assist in the detection of problems caused by
  uninitialized variables. 

  ---end-quote---

We can assure everyone that from a developers and testers point of view
the combination of Initialize_Scalars and enhanced validity checking is
indeed "particularly useful".

References:
[1] <ftp://ftp.cs.kuleuven.be//pub/Ada-Belgium/mirrors/gnu-ada/3.15p>
[2] <https://libre2.adacore.com/dynamic/comp_chart.html
[3] <http://gcc.gnu.org/cvs.html>
[4] <http://www.cs.kuleuven.be/~dirk/papers/ae02cfmu-paper.pdf>
[5] <http://www.springeronline.com/3-540-43784-3>
[6] <http://www.adacore.com/wp-content/files/auto_update/gnat-unw-docs/html/gnat_rm_2.html#SEC48>
[7] <http://www.adacore.com/wp-content/files/auto_update/gnat-unw-docs/html/gnat_ugn_4.html#SEC47>

Dirk
Dirk.Craeynest@cs.kuleuven.be (for Ada-Belgium/-Europe/SIGAda/WG9 mail)

+-------------/  Home: http://www.cs.kuleuven.be/~dirk/ada-belgium
|Ada-Belgium /    FTP: ftp://ftp.cs.kuleuven.be/pub/Ada-Belgium
|on Internet/  E-mail: ada-belgium-board@cs.kuleuven.be
+----------/ Maillist: ada-belgium-info-request@cs.kuleuven.be

*** 11th Intl.Conf.on Reliable Software Technologies - Ada-Europe'2006
*** June 5-9, 2006 ** Porto, Portugal ** http://www.ada-europe.org ***