[M3devel] comparisons vs. subranges
Rodney M. Bates
rodney_bates at lcwb.coop
Sun Mar 14 16:20:29 CET 2010
hendrik at topoi.pooq.com wrote:
>
> Wasn't there a discussion a while ago about subranges out-of-bounds not
> being a safety problem? (Or was it arithmetic overflow?) This
> optimisation might well cause a quite hard-to-find bug if we don't
> guarantee subrange integrity.
Subrange is a safety problem. Overflow is not, although it can be a
valuable way for the language/implementation to help find bugs.
Most of the definitions of safety are neither very useful nor consistent
with common, informal usage. My definition is that safety means everything
that can happen can be explained and understood using only the concepts of
the programming language. You don't have to resort to knowing about machine
level stuff, especially bit representations and the fact that things that are
entirely autonomous in the language (e.g. separately declared variables)
actually occupy the same homogeneous memory, along with machine code and
all sorts of other stuff.
So, if LAST(INTEGER)+LAST(INTEGER) overflows, even if it is undefined by
the language what happens, all the possibilities are still comprehensible
in terms of the language. Either you get some value that is a member of
INTEGER, or an exception, all of which are language concepts.
But if you could assign 16_FF to a variable of type [0..20], you get
something that can only be understood by looking at the machine-level
representation. Most likely, it is a bit pattern that would represent a
value that is not a member of the variable's type. This is a safely
problem. BTW, it's also implementation- and target-dependent.
>
> -- hendrik
>
More information about the M3devel
mailing list