Re: Concatenation and Characters

[Robert A Duff <bobduff@shell01.TheWorld.com>]

Jeffrey Carter <jrcarter@acm.org> writes:

> Matthew Heaney wrote:
> > This isn't quite right.  If an object of a discrete type is used to index an
> > array, the compiler is required to ensure that the object --even if
> > uninitialized-- is only used to index an actual component of the array
> > object.
> > For example:
> > procedure Op (S : String) is
> >   I : Positive;
> > begin
> >   S (I) := 'x';
> > end;
> 
> I presume you mean "S : in out String"?
> 
> > The Ada95 language guarantees that index I will only touch the memory
> > owned
> > by array object S.
> > This is one area where Ada95 differs from Ada83, which made no such
> > guarantee.
> 
> This has nothing to do with detecting a reference to an uninitialized
> variable.

It has to do with uninitialized variables, certainly, if not their
"detection".  In Ada 83, there was no requirement for an array bounds
check in the above program.  That's because the execution was erroneous.
In Ada 95, there *is* a requirement for an array bounds check.
In fact, the *only* purpose of a bounds check in the above example is to
detect uninit vars -- if I were initialized, there would be no need for
the check.  So I think your "...nothing to do with..." claim is
overstated at best.

This *does* make a difference in practise.  Ada 83 compilers *were*
sometimes smart enough to notice that "S(I) := ..." does not need a
range check, and eliminated the check, so that statement could destroy
arbitrary memory locations.  Ada 95 compilers are not allowed to do that
optimization, unless they can prove I is initialized.

The Ada 83 optimizer could reason as follows:

    I is of subtype Positive.
    So either the value of I is in Positive, or else I is uninitialized.
    If I is in Positive, we can leave out the array bounds check,
    because the index subtype of String is also Positive.
    If I is uninitialized, we can leave out the check because
    the program execution will be erroneous (unpredictable).

This reasoning is incorrect for an Ada 95 compiler, and the difference
is precisely in the semantics of uninit vars.

>...It is about bound checking of array indexing, which did exist
> in Ada 83.

No, as I said, bounds checking did *not* exist in Ada 83 for the above
example.  (Yes, bounds checking did exist -- but not in the cases we're
talking about.)

>... Unless run-time checks are suppressed, this behaves as if it
> were written
> 
> procedure Op (S : in out String) is
>     I : Positive;
> begin
>     if I not in S'range then
>        raise Constraint_Error;
>     end if;
> 
>     S (I) := 'x';
> end Op;
> 
> This was true in Ada 83.

Yes, this is essentially equivalent.  In Ada 83, the compiler was
allowed to optimize away the entire 'if' statement.  In Ada 95, it is
not (unless it somehow knows that I is initialized).

>... This is true even if I is initialized:
> 
> -- In Op:
> I : Positive := 7;
> 
> -- Elsewhere:
> X : String := "abcdefg";
> ...
> Op (S => X (3 .. 5) ); -- Raises Constraint_Error

Correct.

> With run-time checks suppressed, what happens is anyone's guess, in Ada
> 83 and Ada.

Correct.

- Bob