From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Compiler quality
Date: Mon, 1 Dec 2008 21:51:26 -0600
Date: 2008-12-01T21:51:26-06:00 [thread overview]
Message-ID: <gh2be4$dhg$1@munin.nbi.dk> (raw)
In-Reply-To: 492fc7bc$0$31869$9b4e6d93@newsspool3.arcor-online.net
"Georg Bauhaus" <rm.tsoh.plus-bug.bauhaus@maps.futureapps.de> wrote in
message news:492fc7bc$0$31869$9b4e6d93@newsspool3.arcor-online.net...
> Martin wrote:
>
>> To be fair to anon...that's not a SYNTAX bug. His claim was that
>> compilers should be able to be 100% tested for syntax bugs by limiting
>> the input so much that's it becomes practical to do on current
>> machines.
>
> Considering the Ada 83 rule that 'Base must be prefixed to
> 'Another_Attribute (i.e., have context), do Ada compilers
> typically check this rule in the parts handling syntax?
> (In the case of GNAT, the sem*.ad? files refer to the 'Base
> attribute, AFAICS.)
I don't think so; the typical syntax for attributes is something like:
prefix APOSTROPHE IDENTIFIER
where the capitalized items are terminals ' and an identifier. The only
"identifier"s that have special handling in the syntax are the reserved
words, and "base" is not reserved.
A data point about anon's more general point. We discovered a syntax
processing error (in our case, an error in the grammar input to the table
generator for the syntax part of Janus/Ada 95) more than 6 1/2 years after
the Ada 95 grammar was completed (and the associated compiler was in use by
many people during the time period of February 1996 to November 2002). The
error was allowing the declaration of abstract subprograms in places that
they are not allowed, such as generic formal parameters.
The point is that no amount of (sane) testing can find unintended additional
capabilities -- because the only way to do that is to guess the possible
errors, and that is not a practical thing to do as there is a very low
probability of actually finding any errors. Thus such testing is not a good
use of limited testing effort; there are many more things that are better
uses of effort. For this reason, the ACATS does not test separately for
syntax errors unless there is a significant probability that the error will
be detected outside of the syntax portion of the compiler. After all, most
compiler parsers are generated by tools these days, so the errors will
almost certainly be limited to simple errors (omission, transposition, or
substitution) in the input to those tools and can be detected by pretty much
any use of a particular feature of the language. Thus the tests for other
language rules provide enough testing for the syntax proper. (I believe that
GNAT uses a hand-coded parser, and thus is at somewhat more risk for syntax
processing errors than most other compilers, but that still seems to be a
low priority error to detect compared to violations of other language
rules.)
Testing in general is a poor way to eliminate errors in a compiler. Back in
1997, I ran some coverage tests to determine what code in Janus/Ada has been
executed in tests. (That doesn't prove that such code will work in all
circumstances, but code that is executed is more likely to be correct than
code that has never been known to be executed.) I ran pretty much every test
and program that we had access to at the time (more than a thousand in-house
tests, plus the ACATS, plus Claw and its tests, plus the compiler source
code), and still was able only to show coverage on about 70% of the code in
the part of the compiler I was testing. While some of the unreached paths
detected internal compiler errors (that is, represented redundant checks),
many of them represented combinations of language features that had simply
not been tested. (Looking at a randomly selected piece of the compiler, some
such cases are a timed internal protected entry call; selection of a
component from a formal parameter of an unconstrained record type; and
selection of a component using the "current instance" of a protected
object.) My original idea was to write some test cases to try to reach the
untouched code, but the magnitude of the task made it impractical. (It would
make more sense to use "white box" unit tests to force coverage, but that
brings up the possibility of spending a lot of time testing things that
can't happen in real input programs. Not a great choice either way.)
Randy.
next prev parent reply other threads:[~2008-12-02 3:51 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-15 9:16 Extending discriminant types Stefan Bellon
2008-11-15 18:50 ` Jeffrey R. Carter
2008-11-17 16:30 ` Adam Beneschan
2008-11-18 11:02 ` christoph.grein
2008-11-18 23:24 ` Adam Beneschan
2008-11-19 9:49 ` anon
2008-11-19 10:15 ` christoph.grein
2008-11-19 19:19 ` Georg Bauhaus
2008-11-19 11:38 ` Martin
2008-11-20 7:21 ` anon
2008-11-20 8:30 ` christoph.grein
2008-11-20 8:36 ` Ludovic Brenta
2008-11-20 11:45 ` Georg Bauhaus
2008-11-20 11:46 ` Georg Bauhaus
2008-11-20 23:01 ` anon
2008-11-21 11:54 ` Ludovic Brenta
2008-11-20 14:03 ` Dmitry A. Kazakov
2008-11-20 15:03 ` Robert A Duff
2008-11-20 15:57 ` Stefan Bellon
2008-11-21 0:32 ` Adam Beneschan
2008-11-20 16:11 ` Adam Beneschan
2008-11-20 22:59 ` anon
2008-11-21 0:29 ` Adam Beneschan
2008-11-21 7:25 ` anon
2008-11-21 9:19 ` Jean-Pierre Rosen
2008-11-21 10:11 ` christoph.grein
2008-11-21 12:00 ` Ludovic Brenta
2008-11-21 22:31 ` anon
2008-11-22 0:18 ` Stefan Bellon
2008-11-23 4:06 ` anon
2008-11-23 5:39 ` Georg Bauhaus
2008-11-23 8:00 ` anon
2008-11-24 10:08 ` Georg Bauhaus
2008-11-24 22:16 ` anon
2008-11-25 10:37 ` Martin
2008-11-25 11:24 ` Georg Bauhaus
2008-11-25 20:49 ` Jeffrey R. Carter
2008-11-25 21:01 ` Adam Beneschan
2008-11-25 22:09 ` Georg Bauhaus
2008-11-25 22:33 ` Jeffrey R. Carter
2008-11-26 0:58 ` Adam Beneschan
2008-11-26 1:45 ` Jeffrey R. Carter
2008-11-26 9:31 ` Martin
2008-11-26 9:38 ` Stefan Bellon
2008-11-26 9:48 ` Martin
2008-11-26 10:16 ` Stefan Bellon
2008-11-26 11:05 ` Ludovic Brenta
2008-11-26 11:33 ` Stefan Bellon
2008-11-26 15:49 ` Adam Beneschan
2008-11-26 16:15 ` Ludovic Brenta
2008-11-26 11:10 ` Niklas Holsti
2008-11-23 8:48 ` Compiler quality (was: Extending discriminant types) Ludovic Brenta
2008-11-24 23:33 ` anon
2008-11-25 6:54 ` christoph.grein
2008-11-25 10:01 ` Ludovic Brenta
2008-11-26 23:34 ` anon
2008-11-27 10:24 ` Compiler quality Georg Bauhaus
2008-11-27 14:46 ` Ludovic Brenta
2008-11-28 9:13 ` Martin
2008-11-28 10:28 ` Georg Bauhaus
2008-12-02 3:51 ` Randy Brukardt [this message]
2008-11-22 13:10 ` Extending discriminant types Gautier
2008-11-24 8:24 ` christoph.grein
2008-11-21 6:11 ` christoph.grein
2008-11-21 21:12 ` Jeffrey R. Carter
2008-11-22 16:41 ` sjw
2008-11-21 11:44 ` Martin
2008-11-20 9:55 ` Martin
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox