Florian Weimer wrote:
Are we talking about the Ada semantics or GNAT without -gnato? In the latter case, the documentation disagrees with you:The reason that we distinguish overflow checking from other kinds of range constraint checking is that a failure of an overflow check can generate an incorrect value, but cannot cause erroneous behavior. This is unlike the situation with a constraint check on an array subscript, where failure to perform the check can result in random memory description, or the range check on a case statement, where failure to perform the check can cause a wild jump. And to avoid erroneous execution on integer overflow, I think you have to specify the equivalent -fwrapv (otherwise, the middle end might do nasty things to your range checks).
The documentation needs minor adjustment, I will remove the word erroneous, and rephrase it as:
The reason that we distinguish overflow checking from other kinds of constraint checking is that a failure of an overflow check, unlike for example the failure of a range check, can result in an incorrect value, but cannot cause random memory destruction (like an out of range subscript), or a wild jump (from an out of range case value). Overflow checking is also quite expensive in time and space, since in general it requires the use of double length arithmetic.
