Interestingly, I just ran into "bad" code generation with exactly the properties
discussed in this thread.
Take a function like this:
function SignatureSubpacketTypeToStr(const X: TSignatureSubpacketType): String;
begin
case X of
sstReserved00 : Result:= 'Reserved00';
sstReserved01 : Result:= 'Reserved01';
sstCreationTime : Result:= 'CreationTime';
....
Because every declared element is covered, the generated code for it ends up
being a computed goto:
0x10047c4c <+28>: mov -0x4(%ebp),%al
0x10047c4f <+31>: and $0xff,%eax
0x10047c54 <+36>: jmp *0x10071d08(,%eax,4)
Which is perfectly fine if X is guaranteed to be in range of the elements the
case statement matches to. If it is not, as it may be with invalid input data
(as read from a file), that jump goes somewhere undefined - and most
importantly, not into any else statement.
So, while we have code that looks like Result is always properly initialized,
what we get instead is code that doesn't actually work. And no kind of DFA could
detect that, except also range-checking everything.
Just thought I'd share that, as a less synthetic example than some discussed
here.
Regards,
Martok
_______________________________________________
fpc-devel maillist - fpc-devel@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-devel
