Run-Time Checks (GNAT User’s Guide for Native Platforms)

Next: Using gcc for Syntax Checking, Previous: Style Checking, Up: Compiler Switches [Contents][Index]

4.3.8 Run-Time Checks ¶

By default, the following checks are suppressed: stack overflow checks, and checks for access before elaboration on subprogram calls. All other checks, including overflow checks, range checks and array bounds checks, are turned on by default. The following gcc switches refine this default behavior.

-gnatp

This switch causes the unit to be compiled as though pragma Suppress (All_checks) had been present in the source. Validity checks are also eliminated (in other words -gnatp also implies -gnatVn. Use this switch to improve the performance of the code at the expense of safety in the presence of invalid data or program bugs.

Note that when checks are suppressed, the compiler is allowed, but not required, to omit the checking code. If the run-time cost of the checking code is zero or near-zero, the compiler will generate it even if checks are suppressed. In particular, if the compiler can prove that a certain check will necessarily fail, it will generate code to do an unconditional ‘raise’, even if checks are suppressed. The compiler warns in this case. Another case in which checks may not be eliminated is when they are embedded in certain run-time routines such as math library routines.

Of course, run-time checks are omitted whenever the compiler can prove that they will not fail, whether or not checks are suppressed.

Note that if you suppress a check that would have failed, program execution is erroneous, which means the behavior is totally unpredictable. The program might crash, or print wrong answers, or do anything else. It might even do exactly what you wanted it to do (and then it might start failing mysteriously next week or next year). The compiler will generate code based on the assumption that the condition being checked is true, which can result in erroneous execution if that assumption is wrong.

The checks subject to suppression include all the checks defined by the Ada standard, as well as all implementation-defined checks, including any checks introduced using pragma Check_Name.

If the code depends on certain checks being active, you can use pragma Unsuppress either as a configuration pragma or as a local pragma to make sure that a specified check is performed even if gnatp is specified.

The -gnatp switch has no effect if a subsequent -gnat-p switch appears.

-gnat-p: This switch cancels the effect of a previous gnatp switch.

-gnato??: This switch controls the mode used for computing intermediate arithmetic integer operations, and also enables overflow checking. For a full description of overflow mode and checking control, see the Overflow Check Handling in GNAT appendix in this User’s Guide.

-gnatE: Enables dynamic checks for access-before-elaboration on subprogram calls and generic instantiations. Note that -gnatE is not necessary for safety, because in the default mode, GNAT ensures statically that the checks would not fail. For full details of the effect and use of this switch, Compiling with gcc.

-fstack-check: Activates stack overflow checking. For full details of the effect and use of this switch see Stack Overflow Checking.

The setting of these switches only controls the default setting of the checks. You may modify them using either Suppress (to remove checks) or Unsuppress (to add back suppressed checks) pragmas in the program source.