From: Robert A Duff <bobduff@world.std.com>
Subject: Re: Constraint checking of actuals passed to Attributes
Date: 2000/05/10
Date: 2000-05-10T00:00:00+00:00 [thread overview]
Message-ID: <wccr9bak1zc.fsf@world.std.com> (raw)
In-Reply-To: yecitwn9kmr.fsf@king.cts.com
Keith Thompson <kst@cts.com> writes:
> If I understand the context of this example correctly, the intent is
> to make these guarantees if Uninit is merely uninitialized, but not if
> it's abnormal
Yes.
> I suppose the real requirement being imposed here is that, if the
> underlying system has "abnormal" representations for a given type, the
> Ada implementation must guarantee that an uninitialized variable isn't
> set to one of those representations.
Yes, that's necessary. Eg, an uninitialized array has to have bounds
or whatever dope the implementation uses properly initialized, so that
things like "A(1) := ...;" will work.
But the real bone of contention here, I think, is the requirement that,
for example:
My_String: String(1..10);
My_Index: Integer range 1..5;
...
My_String(My_Index) := ...;
will need a check (that My_Index is in 1..10) unless the compiler can
prove that My_Index is initialized. (Or, more precisely, is valid.) In
Ada 83, no such check was required, because either My_Index is in 1..5,
and therefore in 1..10, or else the program was erroneous, and therefore
can do anything. This intended change was a deliberate attempt to
increase safety at the expense of a small inefficiency.
In the run-time model the AverStar compiler chooses, the compiler can
prove validity quite often. For example, an 'in' parameter of an
integer type is always valid, because it was constraint checked at the
call site. The constraint check at the call site is not required -- the
compiler is allowed to propagate invalid values all over the place, but
I think that's less efficient, because then you have more checks inside
the called procedure. We also do flow analysis, to find cases where
variables are initialized by assignment statements on every path leading
to some place, rather than on the variable's declaration.
Again, I'm talking about the *intent* of the language design team.
Whether Robert Dewar or anyone else can see that intent in the RM
wording is another story.
- Bob
next prev parent reply other threads:[~2000-05-10 0:00 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-05-05 0:00 Constraint checking of actuals passed to Attributes Matt Brennan
2000-05-05 0:00 ` Keith Thompson
2000-05-08 0:00 ` Tucker Taft
2000-05-09 0:00 ` Robert Dewar
2000-05-09 0:00 ` Robert A Duff
2000-05-09 0:00 ` Robert Dewar
2000-05-09 0:00 ` Robert A Duff
2000-05-09 0:00 ` Keith Thompson
2000-05-10 0:00 ` Robert A Duff [this message]
2000-05-14 0:00 ` Simon Wright
2000-05-17 0:00 ` Robert A Duff
2000-05-12 0:00 ` Tucker Taft
2000-05-12 0:00 ` Ted Dennison
2000-05-12 0:00 ` Robert A Duff
2000-05-12 0:00 ` Ted Dennison
2000-05-16 0:00 ` Robert A Duff
2000-05-16 0:00 ` Ted Dennison
2000-05-17 0:00 ` Robert Dewar
2000-05-10 0:00 ` Robert Dewar
2000-05-10 0:00 ` Robert A Duff
2000-05-15 0:00 ` Bill Greene
2000-05-10 0:00 ` David C. Hoos, Sr.
2000-05-22 0:00 ` Kenneth Almquist
2000-05-09 0:00 ` Ted Dennison
2000-05-09 0:00 ` Robert Dewar
2000-05-09 0:00 ` Ted Dennison
2000-05-09 0:00 ` Robert Dewar
2000-05-09 0:00 ` Ted Dennison
2000-05-09 0:00 ` Robert A Duff
2000-05-10 0:00 ` Matt Brennan
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox