Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Laurent GUERBY
On Mon, 2009-07-27 at 10:28 -0400, Robert Dewar wrote: > Laurent GUERBY wrote: > > > In most Ada code array T index type will likely be "Natural range <>" > > and so the type system will not give useful bounds for optimizations. > > Well very often the bounds of the loop are taken from the bounds

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Robert Dewar
Laurent GUERBY wrote: In most Ada code array T index type will likely be "Natural range <>" and so the type system will not give useful bounds for optimizations. Well very often the bounds of the loop are taken from the bounds of the array, so I don't agree with that statement :-) Laurent

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Laurent GUERBY
On Mon, 2009-07-27 at 15:32 +0200, Paolo Bonzini wrote: > On 07/27/2009 12:25 PM, Robert Dewar wrote: > > Laurent GUERBY wrote: > > > if Dynamic_N >= T'First and Dynamic_N > T'Last then > >>> Huh? I can't understand the first comparison. > >>> Actually Ada is not Fortran-66 and allows empty lo

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Paolo Bonzini
On 07/27/2009 12:25 PM, Robert Dewar wrote: Laurent GUERBY wrote: if Dynamic_N >= T'First and Dynamic_N > T'Last then Huh? I can't understand the first comparison. Actually Ada is not Fortran-66 and allows empty loops, no? Ada for loop over "A .. B" will be empty if "A > B" and we obviously

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Richard Kenner
> Only if you know the loop will run once can you hoist the check (or > sink it, but you might as well hoist!) GNAT does not do this kind of > hoisting, it is really something for the back end optimization > circuits, not front end fiddling, though this particular case could > be fiddled in the fro

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Robert Dewar
Gabriel Paubert wrote: We're talking about range checking here, not arithmetic overflow checking (which is another topic where GCC infrastructure change could help Ada of course). That would be a huge undertaking. Indeed, but such an undertaking might make sense if it was helpful for C/C++ r

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Robert Dewar
Laurent GUERBY wrote: if Dynamic_N >= T'First and Dynamic_N > T'Last then Huh? I can't understand the first comparison. Actually Ada is not Fortran-66 and allows empty loops, no? Ada for loop over "A .. B" will be empty if "A > B" and we obviously must not raise an exception if the loop

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Robert Dewar
Laurent GUERBY wrote: I don't think so. And the code quality when checking for overflows was abysmal last time I tried. We're talking about range checking here, not arithmetic overflow checking (which is another topic where GCC infrastructure change could help Ada of course). Actually in ter

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Gabriel Paubert
On Mon, Jul 27, 2009 at 10:46:53AM +0200, Laurent GUERBY wrote: > On Mon, 2009-07-27 at 09:34 +0200, Gabriel Paubert wrote: > > On Fri, Jul 24, 2009 at 06:25:12PM +0200, Laurent GUERBY wrote: > > >for I in T'First .. Dynamic_N loop > > > T (I) := 0.0; -- generate check I in T'First .. T'L

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Laurent GUERBY
On Mon, 2009-07-27 at 09:34 +0200, Gabriel Paubert wrote: > On Fri, Jul 24, 2009 at 06:25:12PM +0200, Laurent GUERBY wrote: > >for I in T'First .. Dynamic_N loop > > T (I) := 0.0; -- generate check I in T'First .. T'Last > >end loop; > > > > => > > > >if Dynamic_N >= T'First and

Re: As-if Infinitely Ranged Integer Model

2009-07-27 Thread Gabriel Paubert
On Fri, Jul 24, 2009 at 06:25:12PM +0200, Laurent GUERBY wrote: > On Fri, 2009-07-24 at 12:03 -0400, Robert Dewar wrote: > > Indeed an alternative approach to handling this problem in GCC would > > be to adapt the Ada model for C and C++ which would not be too hard > > to do I suspect. Then gcc cou

RE: As-if Infinitely Ranged Integer Model

2009-07-25 Thread Robert Seacord
Joseph, Comments below. Then you are building on the runtime-constraint mechanism and rsize_t of TR 24731-1. TR 24731-1 is considered useless in the Linux world, and not implemented in the GNU C Library, and with good reason; see . I

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Robert Dewar
Laurent GUERBY wrote: On Fri, 2009-07-24 at 12:03 -0400, Robert Dewar wrote: Indeed an alternative approach to handling this problem in GCC would be to adapt the Ada model for C and C++ which would not be too hard to do I suspect. Then gcc could be improved to handle this model better and more e

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Joseph S. Myers
On Fri, 24 Jul 2009, Dave Korn wrote: > Joseph S. Myers wrote: > > > If an operation that overflows has been carried out, may the AIR abstract > > machine then trap at any future time (if the implementation has moved or > > copied the relevant operation to that future time)? > > I think th

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Laurent GUERBY
On Fri, 2009-07-24 at 12:03 -0400, Robert Dewar wrote: > Indeed an alternative approach to handling this problem in GCC would > be to adapt the Ada model for C and C++ which would not be too hard > to do I suspect. Then gcc could be improved to handle this model > better and more effectively with r

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Robert Dewar
Dave Korn wrote: " AIR Integers do not require Ada-style precise traps, which require that an exception is raised every time there is an integer overflow. In the AIR integer model, it is acceptable to delay catching an incorrectly represented value until an observation point is reached just be

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Joseph S. Myers
As further comments, it's unfortunate that this document has chosen certain badly thought out basis documents and concepts. On page 13 you have a short table of "critical undefined behavior" and an attempt to define "bounded undefined behavior", that ignore all my previous comments in this area

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Dave Korn
Joseph S. Myers wrote: > If an operation that overflows has been carried out, may the AIR abstract > machine then trap at any future time (if the implementation has moved or > copied the relevant operation to that future time)? I think that's answered on p.12 isn't it? " AIR Integers do n

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Dave Korn
Robert Seacord wrote: Hi Robert, > Source code for the As GCC 4.4.0 and GCC 4.5.0 (svn) prototypes can be > downloaded form: > > http://www.cert.org/secure-coding/integralsecurity.html Since you've got a version based off SVN, can you possibly post up a diff as well as a full archive of the

Re: As-if Infinitely Ranged Integer Model

2009-07-24 Thread Joseph S. Myers
On Fri, 24 Jul 2009, Robert Seacord wrote: > A PDF Download of this paper is available at: > > http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html This model still seems extremely poorly defined. The only sensible way to fix this is a careful definition of the AIR abstract