GNAT Constraint Catching

GNAT Constraint Catching

[Matthew Baulch]

Hi,

I've just switched compilers to GNAT which i have been
very impressed with, all except for one minor issue. Instead
of catching an integer constraint error and executing my error handling
code, it appears to overflow starting back at the lowest possible value.

Any ideas?

thanks

Re: GNAT Constraint Catching

[Christoph Grein]

> From: Matthew Baulch <matt@greenroom.com.au>
> 
> Hi,
> 
> I've just switched compilers to GNAT which i have been
> very impressed with, all except for one minor issue. Instead
> of catching an integer constraint error and executing my error handling
> code, it appears to overflow starting back at the lowest possible value.
> 
> Any ideas?
> 
> thanks

See the Gnat documentation. In standard mode, integer overflow checking is 
switched off. You have to use a certain compiler switch to switch it on:

-gnato

Re: GNAT Constraint Catching

[David C. Hoos, Sr.]

A good first rule is to read the documentation.

Here is the relevant section of the Gnat Usar's Guide:

Run-Time Checks

If you compile with the default options, GNAT will insert many run-time checks
into the compiled code, including code that performs range checking against
constraints, but not arithmetic overflow checking for integer operations
(including division by zero) or checks for access before elaboration on
subprogram calls. All other run-time checks, as required by the Ada 95
Reference Manual, are generated by default. The following gcc switches refine
this default behavior:

  -gnatp
  Suppress all run-time checks as though pragma Suppress (all_checks) had been
present in the source. Use this switch to improve the performance of the code
at the expense of safety in the presence of invalid data or program bugs.
  -gnato
  Enables overflow checking for integer operations. This causes GNAT to
generate slower and larger executable programs by adding code to check for
both overflow and division by zero (resulting in raising Constraint_Error as
required by standard Ada semantics). These overflow checks correspond to
situations in which the true value of the result of an operation may be
outside the base range of the result type. The following example shows the
distinction:
X1 : Integer := Integer'Last;
X2 : Integer range 1 .. 5 := 5;
...
X1 := X1 + 1;   -- -gnato required to catch the Constraint_Error
X2 := X2 + 1;   -- range check, -gnato has no effect here

  Here the first addition results in a value that is outside the base range of
Integer, and hence requires an overflow check for detection of the constraint
error. The second increment operation results in a violation of the explicit
range constraint, and such range checks are always performed. Basically the
compiler can assume that in the absence of the -gnato switch that any value of
type xxx is in range of the base type of xxx. Note that the -gnato switch does
not affect the code generated for any floating-point operations; it applies
only to integer semantics). For floating-point, GNAT has the Machine_Overflows
attribute set to False and the normal mode of operation is to generate IEEE
NaN and infinite values on overflow or invalid operations (such as dividing
0.0 by 0.0). The reason that we distinguish overflow checking from other kinds
of range constraint checking is that a failure of an overflow check can
generate an incorrect value, but cannot cause erroneous behavior. This is
unlike the situation with a constraint check on an array subscript, where
failure to perform the check can result in random memory description, or the
range check on a case statement, where failure to perform the check can cause
a wild jump. Note again that -gnato is off by default, so overflow checking is
not performed in default mode. This means that out of the box, with the
default settings, GNAT does not do all the checks expected from the language
description in the Ada Reference Manual. If you want all constraint checks to
be performed, as described in this Manual, then you must explicitly use
the -gnato switch either on the gnatmake or gcc command.
  -gnatE
  Enables dynamic checks for access-before-elaboration on subprogram calls and
generic instantiations. For full details of the effect and use of this switch,
See section Compiling Using gcc.
The setting of these switches only controls the default setting of the checks.
You may modify them using either Suppress (to remove checks) or Unsuppress (to
add back suppressed checks) pragmas in the program source.

----- Original Message -----
From: "Matthew Baulch" <matt@greenroom.com.au>
Newsgroups: comp.lang.ada
To: <comp.lang.ada@ada.eu.org>
Sent: April 15, 2002 3:06 AM
Subject: GNAT Constraint Catching


> Hi,
>
> I've just switched compilers to GNAT which i have been
> very impressed with, all except for one minor issue. Instead
> of catching an integer constraint error and executing my error handling
> code, it appears to overflow starting back at the lowest possible value.
>
> Any ideas?
>
> thanks
>
> _______________________________________________
> comp.lang.ada mailing list
> comp.lang.ada@ada.eu.org
> http://ada.eu.org/mailman/listinfo/comp.lang.ada
>
>