* Robert Dewar:
> Florian Weimer wrote:
>> * Robert Dewar:
>>
>>> So here's exactly what happens now in Ada
>>>
>>> 1. If -gnato is not set (no overflow checking)
>>>
>>> In this case, the situation is exactly the same as C, and the front end
>>> ignores the possibility of overflow.
>>
>> It's C in -fwrapv mode, isn't it? (Otherwise, you can't really get the
>> other constraint checks to work, including bounds checking for array
>> access.)
>
> No, it is exactly C, if an arithmetic operation causes overflow
> and you do not have -gnato set, and overflow occurs, the program
> execution is erroneous. I reread the last para above more than once
> but cannot guess what you are getting.
Are we talking about the Ada semantics or GNAT without -gnato? In the
latter case, the documentation disagrees with you:
The reason that we distinguish overflow checking from other kinds
of range constraint checking is that a failure of an overflow
check can generate an incorrect value, but cannot cause erroneous
behavior. This is unlike the situation with a constraint check on
an array subscript, where failure to perform the check can result
in random memory description, or the range check on a case
statement, where failure to perform the check can cause a wild
jump.
And to avoid erroneous execution on integer overflow, I think you have
to specify the equivalent -fwrapv (otherwise, the middle end might do
nasty things to your range checks).
> Why is it surprising, if you suppress overflow checks you are saying
> that overflow does not occur, just as you say this for *any* C
> program.
>
> I don't understand the surprise or the concern here, can you
> elucidate?
The documentation says something else, that's why it's surprising. 8-)
