[M3devel] FloatMode

Jay K jay.krell at cornell.edu
Tue Jan 12 06:32:35 CET 2010


Rewrite code to avoid overflow?

 That seems..difficult.

 Write it in a typical normal straightfoward

   fashion and rely on overflow checking to avoid bugs, imho.

 

I think relying on silent wrap is bad but relying on overflow

checks is appropriate.

 

Really what I think is you need multiple types or interfaces.

So that you can request silent wraparound for certain code

and overflow checking for other code. It's not a per-thread

setting, but a type thing.

It is more "statically bound" than a runtime per thread setting.

 

In the absence of this profusion of

types though, a good safe compromise is the INTEGER/Word

split. INTEGER is signed and should check overflow.

 

Word is unsigned and silently wraps.

 

Really this isn't everything. You also want unsigned

with overflow checks, maybe signed with silent wraparound.

Maybe the arithmetic library provides all this.

I need to check.

 

 

Testing your code one way and shipping it another way

is a bad recipe. The checks need to be preserved

in the shipping version because testing is never complete.

Also because the checks might have unintended side effects.

Ship what you test.

 

 

Again though, isn't silent wraparound a safety hole?

Or maybe not, maybe given that we have array bounds checking,

maybe safety is preserved?

(You know, what would happen incorrectly when positive + positive

yields negative?)

 

 - Jay

 


From: rcolebur at SCIRES.COM
To: m3devel at elegosoft.com
Date: Tue, 12 Jan 2010 00:18:51 -0500
Subject: Re: [M3devel] FloatMode





Jay, 
 
I think the documented intent in Modula-3 is that the programmer should write his code under the premise that any operation that could produce an overflow should be rewritten so as to avoid that problem.  Further, that the implementation may or may not actually check for this condition, but to rely on it working a certain way (e.g., silent wrap) would be wrong.  Further, if FloatMode were implemented, it would be possible to force the overflow check on.
 
This situation does not prohibit a programmer from writing something that could produce overflow, and the fact that on some implementations overflow is not checked is considered ok for performance reasons.  It is just that if the programmer were to rely on silent wrap, this reliance is NOT supported by the language and at some point will probably cause a checked runtime error.
 
Indeed, folks often turn on extra checking during program testing to find as many programming faults as possible, then turn off the extra checking for production/delivery code to gain performance.  So Modula-3 as a language supports this concept, though not all implementations may provide the ability to turn certain checks on or off.
 
I agree that lumping the integer overflow control into an interface named “FloatMode” makes it a bit hard to find since “FloatMode” would make one think that the interface deals only with floating point.
 
So, in Modula-3 a good programmer will add appropriate logic to prevent overflow by explicitly coding wrap-around or using some other method appropriate to the task at hand.  A sloppy programmer won’t care and his code will eventually break.  See the comments about long-lived readers/writers for an example.
 
Regards,
Randy
 


From: jayk123 at hotmail.com [mailto:jayk123 at hotmail.com] On Behalf Of Jay K
Sent: Monday, January 11, 2010 11:55 PM
To: Tony; m3devel
Subject: [M3devel] FloatMode
 
I thought FloatMode was only related to floating point.
So I looked:
 
   "IntOverflow" = an integer operation produced a result whose
   absolute value is too large to be represented.
 
   "IntDivByZero" = integer "DIV" or "MOD" by zero.
\end{quote}

 
This part of it should be easy to implement for all architectures.
The entire thing probably isn't too difficult either on many platforms either.
 
However...I was surprised by this.
I thought the real "intent" in Modula-3 to not have this be configurable
and endeavor for overflow and divide by zero to always immediately
raise an exception? The only "out" is that it might not get implemented on some platforms for some reason?
 
For the floating point stuff:
 
Probably like other per-platform code, this should be done in #ifdefed C.
 
http://msdn.microsoft.com/en-us/library/e9b52ceh(VS.80).aspx
http://kernel.org/doc/man-pages/online/pages/man3/fetestexcept.3.html
etc.
 
 - Jay 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://m3lists.elegosoft.com/pipermail/m3devel/attachments/20100112/57b85e47/attachment-0002.html>


More information about the M3devel mailing list