From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Unsigned Integer Restraint Errors
Date: Mon, 12 Mar 2007 22:00:23 -0500
Date: 2007-03-12T22:00:23-05:00 [thread overview]
Message-ID: <et57ho$bjm$1@jacob-sparre.dk> (raw)
In-Reply-To: BFoJh.14542$PF.8157@attbi_s21
"Jeffrey R. Carter" <jrcarter@acm.org> wrote in message
news:BFoJh.14542$PF.8157@attbi_s21...
> Randy Brukardt wrote:
> >
> > Ada has signed, checked integers, and unsigned, unchecked integers. It
> > doesn't have unsigned, checked integers. That omission is only a problem
if
> > you need checked, maximum range unsigned integers; usually, you should
just
> > use an appropriate signed integer type:
>
> From one point of view, Ada has signed, checked integers:
>
> type Signed_Checked_Byte is range -128 .. 127;
Yes.
> unsigned, checked integers:
>
> type Unsigned_Checked_Byte is range 0 .. 255;
> for Unsigned_Checked_Byte'Size use 8;
>
> (with the limitation that the upper bound can't exceed System.Max_Int,
> which is generally < System.Max_Binary_Modulus - 1);
Yes; I explained this. System.Max_Int is usually approximately
System.Max_Binary_Modulus/2, which means that there may be some programs
that can't use this technique. (Doesn't seem that likely, though.)
> signed, unchecked integers:
>
> type Signed_Unchecked_Byte is range -128 .. 127;
> pragma Suppress (Overflow_Check, On => Signed_Unchecked_Byte);
These aren't unchecked in any useful sense:
(1) The On parameter to Suppress is an obsolescent feature in Ada (*);
it was so poorly defined that we gave up on it.
(2) In any case, Suppress is a suggestion to the compiler; there is no
requirement that checks are actually suppressed. A lot of compilers ignore
some or all "On" parameters.
(3) A violation of a suppressed check makes a program erroneous; whereas a
modular type has defined behavior. Thus any program that has correctness
concerns can't really use this technique (you can't verify a program that
includes erroneous execution, because *anything* can happen). The only time
this is legitimate is if there are known (or proved) to be no checking
failures in the program: but then there is by definition no difference
between checked and unchecked numbers.
> and unsigned, unchecked integers:
>
> type Unsigned_Unchecked_Byte is mod 256;
>
> It seems odd that we use a different syntax for 1 of the 4 (yes, I
> understand that the implications of modular types go beyond the lack of
> overflow checks).
And the supposedly unchecked signed type is not unchecked in any useful
way...the only difference might be to remove code generated to make checks,
and that isn't even guaranteed.
Randy.
(*) ISO published the Amendment on March 9th. So Ada 95 is now
obsolete...and "Ada" includes the Amendment.
next prev parent reply other threads:[~2007-03-13 3:00 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-12 15:07 Unsigned Integer Restraint Errors frikk
2007-03-12 16:27 ` Georg Bauhaus
2007-03-12 17:17 ` Adam Beneschan
2007-03-12 17:23 ` Adam Beneschan
2007-03-12 18:11 ` frikk
2007-03-12 20:00 ` frikk
2007-03-12 20:07 ` Adam Beneschan
2007-03-12 18:00 ` Dmitry A. Kazakov
2007-03-12 19:00 ` Martin Krischik
2007-03-12 21:13 ` Dmitry A. Kazakov
2007-03-12 19:13 ` frikk
2007-03-12 19:22 ` Randy Brukardt
2007-03-13 3:13 ` Jeffrey R. Carter
2007-03-13 3:00 ` Randy Brukardt [this message]
2007-03-13 12:09 ` frikk
2007-03-13 14:58 ` frikk
2007-03-13 15:31 ` frikk
2007-03-13 15:59 ` Robert A Duff
2007-03-13 16:18 ` Dmitry A. Kazakov
2007-03-13 16:21 ` Jeffrey R. Carter
2007-03-13 16:04 ` Adam Beneschan
2007-03-13 16:41 ` Adam Beneschan
2007-03-13 16:42 ` Adam Beneschan
2007-03-14 14:06 ` frikk
2007-03-13 17:23 ` Dmitry A. Kazakov
2007-03-13 17:31 ` Adam Beneschan
2007-03-14 0:54 ` Jeffrey R. Carter
2007-03-16 13:38 ` frikk
2007-03-13 16:16 ` Jeffrey R. Carter
2007-03-12 21:04 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox