Range checking not working as expected?

Range checking not working as expected?

[Maciej Sobczak]

Hello,

Consider this:

with Ada.Text_IO, Ada.Integer_Text_IO;
procedure Overflow is
    A : Integer := 0;
    D : constant Integer := 500000000;
begin
    for I in 1..20 loop
       Ada.Integer_Text_IO.Put(A);
       Ada.Text_IO.New_Line;
       A := A + D;
    end loop;
end Overflow;

On my machine (PC+Linux+GNAT) it produces the following output:

           0
   500000000
  1000000000
  1500000000
  2000000000
-1794967296
-1294967296
  -794967296
  -294967296
   205032704
   705032704
  1205032704
  1705032704
-2089934592
-1589934592
-1089934592
  -589934592
   -89934592
   410065408
   910065408

Not good - I expected constraint error instead of going round the counter.
What has really confused me is that declaring A as Natural gives the 
same effect.
Further investigation with the following declarations:

    type MyType is range 0..Integer'Last;
    A : MyType := 0;

(and type casts later, when necessary)

showed exactly the same effect. Following this path, I tried this:

    type MyType is range 0..Integer'Last - 1;
    A : MyType := 0;

And *now* I got what I wanted - the constraint error.

What's going on? Well, I understand the low-level mechanics of this 
difference (and also why this might be a border-case for the compiler), 
but the question is rather high-level: what does *that* mean? :)


-- 
Maciej Sobczak : http://www.msobczak.com/
Programming    : http://www.msobczak.com/prog/

Re: Range checking not working as expected?

[Vinzent 'Gadget' Hoefler]

Maciej Sobczak wrote:

> Not good - I expected constraint error instead of going round the
> counter.

Try again after compiling with -gnato to actually enable the overflow
checking.


Vinzent.

-- 
worst case: The wrong assumption there actually is one.

Re: Range checking not working as expected?

[Maciej Sobczak]

Vinzent 'Gadget' Hoefler wrote:

> Try again after compiling with -gnato to actually enable the overflow
> checking.

OK, it "works" now. It is still not what I'd expect - "the default in 
Ada is safety", or something like this; I'd expect to actually need to 
go into some troubles to disable such checking. But it is still good 
that it works by default for non-border-case definitions like range 
1..10. I presume that in practice the Integer type is not widely used 
and that typical ranges have limits dependent on the given domain and 
not on some hardware specifics.

Thank you for explanation,


-- 
Maciej Sobczak : http://www.msobczak.com/
Programming    : http://www.msobczak.com/prog/

Re: Range checking not working as expected?

[Jeffrey Carter]

Maciej Sobczak wrote:
> 
> OK, it "works" now. It is still not what I'd expect - "the default in 
> Ada is safety", or something like this; I'd expect to actually need to 
> go into some troubles to disable such checking. But it is still good 
> that it works by default for non-border-case definitions like range 
> 1..10. I presume that in practice the Integer type is not widely used 
> and that typical ranges have limits dependent on the given domain and 
> not on some hardware specifics.

The default for GNAT, unfortunately, is not Ada. IIRC, at one time 
overflow checking was "very expensive" on one platform GNAT supported, 
so they turned it off by default. I don't think that's the case any 
longer, but it's still turned off by default.

-- 
Jeffrey Carter
"Now go away or I shall taunt you a second time."
Monty Python and the Holy Grail
E-mail: jeffrey_r_carter-nr [commercial-at]
         raytheon [period | full stop] com

Re: Range checking not working as expected?

[Mark Lorenzen]

Maciej Sobczak <no.spam@no.spam.com> writes:

> Vinzent 'Gadget' Hoefler wrote:
> 
> > Try again after compiling with -gnato to actually enable the overflow
> > checking.
> 
> OK, it "works" now. It is still not what I'd expect - "the default in
> Ada is safety", or something like this; I'd expect to actually need to
> go into some troubles to disable such checking. But it is still good
> that it works by default for non-border-case definitions like range
> 1..10. I presume that in practice the Integer type is not widely used
> and that typical ranges have limits dependent on the given domain and
> not on some hardware specifics.
> 
> Thank you for explanation,
> 
> 
> -- 
> Maciej Sobczak : http://www.msobczak.com/
> Programming    : http://www.msobczak.com/prog/

Check the "-gnato" section at

http://gcc.gnu.org/onlinedocs/gcc-4.0.1/gnat_ugn_unw/Run_002dTime-Checks.html#Run_002dTime-Checks

for a discussion.

- Mark Lorenzen

Re: Range checking not working as expected?

[Randy Brukardt]

"Maciej Sobczak" <no.spam@no.spam.com> wrote in message
news:dcatvk$iji$1@sunnews.cern.ch...
> Vinzent 'Gadget' Hoefler wrote:
>
> > Try again after compiling with -gnato to actually enable the overflow
> > checking.
>
> OK, it "works" now. It is still not what I'd expect - "the default in
> Ada is safety", or something like this; I'd expect to actually need to
> go into some troubles to disable such checking.

You *should* be right. However, GNAT does not default to the behavior
required by the Ada standard in various ways. Some differences might be an
improvement (-gnatE), but IMHO there is no real justification for the
overflow check.

In any case, this has nothing to do with Ada, but rather with a particular
widely-used implementation of it. So far as I'm aware, the other major Ada
compilers all default to doing this checking (that is, they follow the
standard closely by default). Remember, GNAT /= Ada; it's just one
implementation of Ada.

                     Randy.