gnat_ugn.texi: The "Run-Time Checks" section said "arithmetic overflow checking for integer...

2008-08-08 Bob Duff <duff@adacore.com> * gnat_ugn.texi: The "Run-Time Checks" section said "arithmetic overflow checking for integer operations (including division by zero)", which is wrong -- divide by zero is not part of overflow checking. Also added misc clarification about what check-suppression means. * gnat_rm.texi: Clarify the meaning of pragma Suppress. From-SVN: r138879
2008-08-08 15:00:00 +02:00 · 2008-08-08 15:00:00 +02:00 · a3ea913742
parent e8c4584bd7
commit a3ea913742
3 changed files with 103 additions and 24 deletions
--- a/gcc/ada/ChangeLog
+++ b/gcc/ada/ChangeLog
@ -1,3 +1,51 @@
+2008-08-08  Thomas Quinot  <quinot@adacore.com>
+
+	* gsocket.h:
+	On Windows, include <errno.h> and redefine only selected errno values
+	from their <winsock2.h> definitions.
+
+	* s-osinte-freebsd.ads: Minor reformatting
+
+	* s-osinte-hpux.ads, s-osinte-irix.ads: Minor reformatting
+
+	* g-soccon.ads: New file.
+
+	* g-stheme.adb, g-socthi-vms.adb, g-socthi-vxworks.adb,
+	g-socthi-mingw.adb, g-sttsne-vxworks.adb, g-socthi.adb,
+	g-stsifd-sockets.adb, g-socket.adb, g-socket.ads,
+	g-sothco.adb, g-sothco.ads: Add back GNAT.Sockets.Constants as a child
+	unit, to allow building software that depends on this internal unit
+	with both older and newer compilers.
+
+2008-08-08  Robert Dewar  <dewar@adacore.com>
+
+	* s-strxdr.adb: Minor reformatting
+
+2008-08-08  Bob Duff  <duff@adacore.com>
+
+	* gnat_ugn.texi: The "Run-Time Checks" section said "arithmetic overflow
+	checking for integer operations (including division by zero)", which
+	is wrong -- divide by zero is not part of overflow checking.
+	Also added misc clarification about what check-suppression means.
+
+	* gnat_rm.texi: Clarify the meaning of pragma Suppress.
+
+2008-08-08  Jerome Lambourg  <lambourg@adacore.com>
+
+	* g-comlin.adb (Add_Switch): Handle addition of switches at the
+	begining of the command line.
+	(Append, Add): Renaming of Append to Add as this now allows addition
+	at the begining of the list.
+	
+	* g-comlin.ads (Add_Switch): Handle addition of switches at the
+	begining of the command line.
+
+2008-08-08  Thomas Quinot  <quinot@adacore.com>
+
+	* g-sercom.ads:
+	(Name): Document application scope (only legacy PC serial ports on
+	Linux and Windows).
+
 2008-08-08  Thomas Quinot  <quinot@adacore.com>

 	* gcc-interface/Makefile.in, gcc-interface/Make-lang.in: Revert
--- a/gcc/ada/gnat_rm.texi
+++ b/gcc/ada/gnat_rm.texi
@ -3413,7 +3413,7 @@ Syntax:

@smallexample @c ada
 pragma Obsolescent
-  (Entity => NAME [, static_string_EXPRESSION [,Ada_05]]);
+  [(Entity => NAME [, static_string_EXPRESSION [,Ada_05]])];
@end smallexample

@noindent
@ -4447,6 +4447,17 @@ on addresses used in address clauses. Such checks can also be suppressed
 by suppressing range checks, but the specific use of @code{Alignment_Check}
 allows suppression of alignment checks without suppressing other range checks.

+Note that pragma Suppress gives the compiler permission to omit
+checks, but does not require the compiler to omit checks. The compiler
+will generate checks if they are essentially free, even when they are
+suppressed. In particular, if the compiler can prove that a certain
+check will necessarily fail, it will generate code to do an
+unconditional ``raise'', even if checks are suppressed. The compiler
+warns in this case.
+
+Of course, run-time checks are omitted whenever the compiler can prove
+that they will not fail, whether or not checks are suppressed.
+
@node Pragma Suppress_All
@unnumberedsec Pragma Suppress_All
@findex Suppress_All
--- a/gcc/ada/gnat_ugn.texi
+++ b/gcc/ada/gnat_ugn.texi
@ -4022,12 +4022,12 @@ catches that cannot be dealt with in the front-end.
@item -gnato
@cindex @option{-gnato} (@command{gcc})
 Enable numeric overflow checking (which is not normally enabled by
-default). Not that division by zero is a separate check that is not
+default). Note that division by zero is a separate check that is not
 controlled by this switch (division by zero checking is on by default).

@item -gnatp
@cindex @option{-gnatp} (@command{gcc})
-Suppress all checks.
+Suppress all checks. See @ref{Run-Time Checks} for details.

@item -gnatP
@cindex @option{-gnatP} (@command{gcc})
@ -6222,14 +6222,11 @@ clears any previously set style checks.
@cindex Checks, stack overflow checking

@noindent
-If you compile with the default options, GNAT will insert many run-time
-checks into the compiled code, including code that performs range
-checking against constraints, but not arithmetic overflow checking for
-integer operations (including division by zero), checks for access
-before elaboration on subprogram calls, or stack overflow checking. All
-other run-time checks, as required by the Ada Reference Manual, are
-generated by default. The following @command{gcc} switches refine this
-default behavior:
+By default, the following checks are suppressed: integer overflow
+checks, stack overflow checks, and checks for access before
+elaboration on subprogram calls. All other checks, including range
+checks and array bounds checks, are turned on by default. The
+following @command{gcc} switches refine this default behavior.

@table @option
@c !sort!
@ -6238,13 +6235,33 @@ default behavior:
@cindex Suppressing checks
@cindex Checks, suppressing
@findex Suppress
-Suppress all run-time checks as though @code{pragma Suppress (all_checks})
+Suppress all run-time checks as though @code{pragma Suppress (All_checks)}
 had been present in the source. Validity checks are also suppressed (in
 other words @option{-gnatp} also implies @option{-gnatVn}.
 Use this switch to improve the performance
 of the code at the expense of safety in the presence of invalid data or
 program bugs.

+Note that when checks are suppressed, the compiler is allowed, but not
+required, to omit the checking code. If the run-time cost of the
+checking code is zero or near-zero, the compiler will generate it even
+if checks are suppressed. In particular, if the compiler can prove
+that a certain check will necessarily fail, it will generate code to
+do an unconditional ``raise'', even if checks are suppressed. The
+compiler warns in this case.
+
+Of course, run-time checks are omitted whenever the compiler can prove
+that they will not fail, whether or not checks are suppressed.
+
+Note that if you suppress a check that would have failed, program
+execution is erroneous, which means the behavior is totally
+unpredictable. The program might crash, or print wrong answers, or
+do anything else. It might even do exactly what you wanted it to do
+(and then it might start failing mysteriously next week or next
+year). The compiler will generate code based on the assumption that
+the condition being checked is true, which can result in disaster if
+that assumption is wrong.
+
@item -gnato
@cindex @option{-gnato} (@command{gcc})
@cindex Overflow checks
@ -6271,22 +6288,23 @@ X4 := Integer (F);
@end smallexample

@noindent
-Note that if explicit values are assigned at compile time, the compiler may
-be able to detect overflow at compile time, in which case no run-time check
-is required, and the setting of -gnato is irrelevant. That's why the assigned
-values in the above fragment are in quotes, the meaning is "assign a value
-not known to the compiler that happens to be equal to ...". The remaining
-discussion assumes that the compiler cannot detect the values at compile time.
+Note that if explicit values are assigned at compile time, the
+compiler may be able to detect overflow at compile time, in which case
+no actual run-time checking code is required, and Constraint_Error
+will be raised unconditionally, with or without
+@option{-gnato}. That's why the assigned values in the above fragment
+are in quotes, the meaning is "assign a value not known to the
+compiler that happens to be equal to ...". The remaining discussion
+assumes that the compiler cannot detect the values at compile time.

 Here the first addition results in a value that is outside the base range
 of Integer, and hence requires an overflow check for detection of the
 constraint error. Thus the first assignment to @code{X1} raises a
@code{Constraint_Error} exception only if @option{-gnato} is set.

-The second increment operation results in a violation
-of the explicit range constraint, and such range checks are always
-performed (unless specifically suppressed with a pragma @code{suppress}
-or the use of @option{-gnatp}).
+The second increment operation results in a violation of the explicit
+range constraint; such range checks are performed by default, and are
+unaffected by @option{-gnato}.

 The two conversions of @code{F} both result in values that are outside
 the base range of type @code{Integer} and thus will raise
@ -6342,6 +6360,8 @@ explicitly use the -gnato switch either on the @command{gnatmake} or
@cindex Check, elaboration
 Enables dynamic checks for access-before-elaboration
 on subprogram calls and generic instantiations.
+Note that @option{-gnatE} is not necessary for safety, because in the
+default mode, GNAT ensures statically that the checks would not fail.
 For full details of the effect and use of this switch,
@xref{Compiling Using gcc}.

@ -9548,8 +9568,8 @@ some guidelines on debugging optimized code.
@subsection Controlling Run-Time Checks

@noindent
-By default, GNAT generates all run-time checks, except arithmetic overflow
-checking for integer operations and checks for access before elaboration on
+By default, GNAT generates all run-time checks, except integer overflow
+checks, stack overflow checks, and checks for access before elaboration on
 subprogram calls. The latter are not required in default mode, because all
 necessary checking is done at compile time.
@cindex @option{-gnatp} (@command{gcc})