From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,25aa3c7e1b59f7b5
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-01-10 12:58:29 PST
Newsgroups: comp.lang.ada
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!headwall.stanford.edu!hub1.nntpserver.com!easynews!uunet!dfw.uu.net!ash.uu.net!world!news
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: A case where Ada defaults to unsafe?
Sender: news@world.std.com (Mr Usenet Himself)
Message-ID: <wccd70i3pc3.fsf@shell01.TheWorld.com>
Date: Thu, 10 Jan 2002 20:47:56 GMT
References: <mailman.1010234881.12215.comp.lang.ada@ada.eu.org>
 <PYj_7.7187$cD4.11072@www.newsranger.com> <3C39E62F.3020504@look.ca>
 <3C39E726.8000408@mail.com> <87advpdi0f.fsf@chiark.greenend.org.uk>
NNTP-Posting-Host: shell01.theworld.com
Organization: The World Public Access UNIX, Brookline, MA
X-Newsreader: Gnus v5.7/Emacs 20.7
Xref: archiver1.google.com comp.lang.ada:18741
Date: 2002-01-10T20:47:56+00:00
List-Id: <comp.lang.ada>

Matthew Woodcraft <mattheww@chiark.greenend.org.uk> writes:

> Hyman Rosen <hyrosen@mail.com> writes:
> > What many of you seem to forget is that the commutative form requires
> > that both operands are evaluated. Of course the compiler can elide by
> > the as-if rule, but not if there is a chance of overflow:
> > 
> >     if a + b > 3 and        x + y < 4       -- case 1
> >     if a + b > 3 and then   x + y < 4       -- case 2
> > 
> > In the first case, if there is a chance that evaluating x + y could
> > lead to overflow, the compiler cannot forgo the evaluation even in
> > the case of a + b <= 3, becuase the exception must be generated.
> 
> Doesn't RM 11.6 allow the compiler to ignore this exception?

The compiler is always allowed to get the right answer instead of
overflowing.  But I don't think that rule is stated in 11.6 -- somewhere
in chap 3 or 4, I think.

But replace "x + y < 4" with something that fails in some other way (not
overflow).  Then Hyman Rosen's point is correct: the compiler has to
evaluate both sides unless it can prove the absense of the check
failure.  For example, "Integer'(x+y) < 4" must fail if x+y is out of
bounds.

- Bob