-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Compile-time range checks differ from run-time checks (one fails, the other passes) #111
Comments
I've spend considerable time looking at this. This has resulted in the decision to enhance the documentation on this subject. Also it turns out that this behavior will be different for C++20+ so that needs to be demonstrated and documented as well. Turns out that it's a subtle idea. But for now, I'm going to answer your questions posed by your example. consider This is handled at compile time as If the exception policy is not "trap", the operation is considered legitimate but subject to checking during runtime. In this case x + 3, having been promoted to int will not result in error, no runtime error will be detected ... UNTIL the return value is covered to safe_t which has a range from 0 to 10 for some values of x. At this point a runtime error is thrown. All in all this seems like good behavior. consider On my configuration (mac os clang++ C++14) this is not failing under any mode. However, The key distinction between the compile time trap where ranges are compared to see if some sort of overflow This has come up before (see case study for embedded controller) and working around it is sort of hack. This has convinced me to add a utility function safe_numerics::for(S & s, lambda...); to avoid having to re-do this workaround continually and thereby run the risk of getting it wrong. It's quite annoying that the compiler doesn't see the compile time value when it's available. We should be able to write the following:
Well, with C++20 we will be able to !!! this version has the function It took me quite a bit of time to see all this. But in the end, I didn't detect any errors in the library code. The research led me to a better understanding, improvement of the manual, and understanding of the implications of C++20 in this context of safe numerics. |
Hello. I work in the European Space Agency, and have experience with the kinds of checks done by Ada and SPARK - and since I just met "safe_numerics", I did a quick test of the library with the following code:
As the comments suggest, function
f
fails to compile when we enable compile-time checks (i.e. theloose_trap_policy
) - but I don't see why....10-x
doesn't change the range (it remains 0..10 inclusive) and dividing by two gives a range from 0 to 5.To verify I am not missing something obvious, when compiling without
-DCOMPILE_TIME
, we use the run-time checks - andmain
goes through the entire range, without triggering a run-time exception (and prints the expected outputs).Is this a bug?
The text was updated successfully, but these errors were encountered: