Version 1.4 of ais/ai-00379.txt

Unformatted version of ais/ai-00379.txt version 1.4
Other versions for file ais/ai-00379.txt

!standard A.05.03(26)          04-04-20 AI95-00379/01
!standard A.05.03(29)
!standard A.05.03(47)
!class binding interpretation 04-04-20
!status No Action (7-0-2) 04-11-21
!status work item 04-04-20
!status received 04-04-05
!priority Low
!difficulty Medium
!subject Static evaluation of numeric attributes
!summary
!question
The wording of Remainder specifies that the result is zero if the result is not a machine number. That seems very strange. It might make sense if the operands are assumed to be machine numbers, but if they are not (as in static evaluation), this could lead to nonsense results.
The definition of Scaling and Compose require the result to be a machine number. Is this intended even for static evaluation?
!wording
Change A.5.3(47) by approximately "If the result R is a machine number, the result is R; if R satisfies T'Pred(0.0) < R < T'Succ (0.0), then the result is 0.0; otherwise, the result is one of the machine numbers adjacent to R."
Dunno what to change A.5.3(26) and A.5.3(29) to (if anything).
!discussion
The requirement for Compose and Scaling to return a machine number means that an implementation has to discard any extra precision in the calculation. On a machine like the Intel processors, where operations are done in extra precision, and instructions exist to implement these attributes, that's a significant extra expense.
--!corrigendum
!example
!ACATS test
!appendix

!topic Unexpected semantics of 'Floor, 'Ceiling and other static attributes
!reference RM95-A.5.3(30-35)
!from Gary Dismukes 2004-04-05
!discussion

[Note: This comment is submitted on behalf of Geert Bosch of Ada Core
Technologies.  This issue is outside my area of expertise and I have
only made minor editorial changes to the write-up from Geert. -- Gary]


The following program raises constraint error:

   procedure t is
      X : constant Float := Float'Floor (2.0**32 - 0.5);
   begin
      if X >= 2.0**32 then
         raise Constraint_Error;
      end if;
   end t;

The reason is that the Float'Floor attribute returns the largest integer
smaller than or equal to its argument even if that number is not a machine
number.  When leaving the static context, the value gets rounded to the
nearest machine number, which rounds up in this case.

Even though this is consistent with a literal reading of the RM, this
seems unintended and is unexpected.  It seems more useful to define
these attributes as follows:

  30. S'Floor

           S'Floor denotes a function with the following specification:

       31. function S'Floor (X : T)
             return T

       32. The function yields the value Floor(X), i.e., the largest
           (most positive) integral value less than or equal to X. When
 >>>                                ^^^^^machine number
           X is zero, the result has the sign of X; a zero result
           otherwise has a positive sign.

  33. S'Ceiling

           S'Ceiling denotes a function with the following specification:

       34. function S'Ceiling (X : T)
             return T

       35. The function yields the value Ceiling(X), i.e., the smallest
           (most negative) integral value greater than or equal to X.
 >>>                                ^^^^^ machine number
           When X is zero, the result has the sign of X; a zero result
           otherwise has a negative sign when S'Signed_Zeros is True.

(That is, replace "integral value" with "integral machine number".)

Rounding and Unbiased_Rounding need similar replacements of value by
machine number.

****************************************************************

From: Adam Beneschan
Sent: Monday, April 5, 2004  3:15 PM

I disagree, at least with respect to Floor and Ceiling.  The
definition of "Floor" given in the RM is the mathematical definition.
If I were to say Y := Floor(X), I would assume that after this
statement,

   0.0 <= X-Y < 1.0

regardless of the value of X beforehand.  But, assuming "Float" is a
32-bit float with a 23-bit mantissa (which really ought to be stated
in a post like this---we can't assume that every Float in every Ada
compiler is implemented this way), the proposed definition would, for
X = 2.0**32, yield a value of Y = Floor(X) where X-Y = 256.  This, to
me, would be unexpected semantics.

If it's *useful* to return the largest integral machine number smaller
than or equal to the argument, then let's propose a new attribute for
that purpose.  But it seems wrong to change the definition of a
well-known mathematical term.

****************************************************************

From: Tucker Taft
Sent: Monday, April 5, 2004  3:36 PM

The suggestion to replace "integral value" with "integral machine number"
makes sense to me.

****************************************************************

From: Randy Brukardt
Sent: Monday, April 5, 2004  4:18 PM

I agree with Adam, this seems like a horrible idea.

A common use of these attributes is to use them immediately before a conversion
to some integer type:

   procedure t is
      X : constant Integer := Integer(Float'Floor (2.0**31 - 0.5));
   begin
      if X /= 2.0**31-1 then
         raise Program_Error;
      end if;
   end t;

I think virtually everyone would find it goofy if the above program raised
Program_Error. Yet, the proposed wording change would require X to be 2**31-128
on IEEE machines.

The case that causes concern can only happen for a static expression (if the
argument had already been a machine number, the answer also would have to be a
machine number), and as the above shows, the change is likely to produce
nonsense as it is to fix something. And it's clearly incompatible (it's
changing the answer of something in use for years). So I don't think the change
meets the "smell" test.

****************************************************************

From: Nick Roberts
Sent: Monday, April 5, 2004  6:58 PM

> (That is, replace "integral value" with "integral machine number".)

I don't think the proposed wording is acceptable, as such, because (if
followed pedantically) it would produce silly results. For example,
Float'Floor(5.1) could produce the result 4.0000... if 5.0000... happened
not to be a machine number. I'm sure that this is not the intended effect of
the proposed wording (and would not be acceptable to anyone).

I suggest the required wording for Floor is to change "integral value less
than or equal to X" to "integral value less than or equal to X whose nearest
machine number is not greater than X." Similarly, for Ceiling, change
"integral value greater than or equal to X" to "integral value greater than
or equal to X whose nearest machine number is not less than X."

> Rounding and Unbiased_Rounding need similar replacements of value by
> machine number.

For the Rounding function, the existing wording is:

    S'Rounding denotes a function with the following specification:

        function S'Rounding (X : T) return T

    The function yields the integral value nearest to X, rounding away
    from zero if X lies exactly halfway between two integers. A zero
    result has the sign of X when S'Signed_Zeros is True.

This could be changed to:

    The function yields the machine number nearest to the integer
    nearest to X, preferring the result further from zero if X lies exactly
    halfway between two integers. A zero result has the sign of X
    when S'Signed_Zeros is True.

    S'Unbiased_Rounding denotes a function with the following specification:

        function S'Unbiased_Rounding (X : T) return T

    The function yields the integral value nearest to X, rounding toward
    the even integer if X lies exactly halfway between two integers. A
    zero result has the sign of X when S'Signed_Zeros is True.

This could be changed to:

    The function yields the machine number nearest to the integer
    nearest to X, preferring the result nearer the even integer of the
    two integers nearest X if X lies exactly halfway between two
    integers. A zero result has the sign of X when S'Signed_Zeros is
    True.

I support these changes, with the proviso that a minimal survey is first
conducted to confirm that it is unlikely that existing (important,
operational) software will not be adversely affected. I can confirm that
none of the software I am responsible for (which isn't much) would be.

****************************************************************

From: Randy Brukardt
Sent: Monday, April 5, 2004  8:08 PM

> > Rounding and Unbiased_Rounding need similar replacements of value by
> > machine number.

I hadn't noticed this before. I would be very opposed to any such change to
Unbiased_Rounding. That's because that attribute is often used directly in
Integer type conversions. On the Intel processors, we optimize these down to
just the store instruction (rounding comes for free in that instruction).

If the expression is at all complex, it will have been evaluated in the
80-bit precision of the Intel floating point registers. In order to
implement any machine number wording, we'd have to truncate the expression
value to a machine number. That is an expensive operation, as the
implementation usually involves writing the value to memory and then reading
it back. So adding such a requirement would not only change the answers in
significant ways, but it also would cost quite a bit in performance.
Rounding is pretty common!

****************************************************************

From: Pascal Leroy
Sent: Tuesday, April  6, 2004  4:26 AM

> The reason is that the Float'Floor attribute returns the
> largest integer smaller than or equal to its argument even if
> that number is not a machine number.  When leaving the static
> context, the value gets rounded to the nearest machine
> number, which rounds up in this case.

The analysis is confused here.  The issue has nothing to do with
"leaving the static context", because all the expressions involved are
static.  The issue comes from the "tweaking" of floating-point values
required by 4.9(38).  In other words the result of Float'Floor is
2.0**32-1.0, but the value of X is 2.0**32 because that's presumably the
machine number closer to 2.0**32-1.0.

> (That is, replace "integral value" with "integral machine number".)
>
> Rounding and Unbiased_Rounding need similar replacements of
> value by machine number.

I am going to strenuously oppose this change.  For one, it's grossly
incompatible: it would silently change the semantics of existing code,
in ways that may only be detected the hard way under the debugger.  But
more importantly it's completely misguided: one very important use of
the attributes of A.5.3 is for static computations.  For such
computations, we want to stick to the mathematical definition as much as
possible.  After all, exact evaluation of static expressions is one of
the great features of Ada.  Introducing dependencies on machine numbers
here is not only killing all hopes of portability, it also makes it
impossible to reason about static expressions, as Adam and Randy have
pointed out.  Furthermore, it leads to definitional problems; for
instance, what is the value of:

	Float'Ceiling (10.0*10000) - 10.0*10000

I hope it is 0.0, but I can't deduce that from the proposed wording
because there is no machine number above 10.0*10000 (assuming a
reasonably-size Float).

As much as possible, we want to avoid any dependency on the set of
machine numbers in A.5.3.  In fact, I have always assumed that the
references to machine numbers in A.5.3 do not really apply to static
computations, and I notice that GNAT has the same view; witness the fact
that the following declarations compile with both GNAT and Apex:

    X : constant := Float'Compose (1.0, -1000);
    Y : constant := 1 / Boolean'Pos (X = 2.0 ** (-1001));

A strict reading of A.5.3(26) would lead to the conclusion that, because
2.0 ** (-1001) is not a machine number of Float, X should be 0.0 or the
machine number immediately above 0.0.  However, that interpretation
would be actively harmful as it would lose the accuracy of static
computations for no benefit at all.

****************************************************************

From: Tucker Taft
Sent: Tuesday, April  6, 2004  8:01 AM

Pascal's discussion convinces me we should not change the definition
of this attribute.

****************************************************************

From: Nick Roberts
Sent: Tuesday, April  6, 2004  9:17 AM

It doesn't convince me.

I'm not certain that the issue is important for Rounding and
Unbiased_Rounding, but I would prefer the definitions I proposed (after
Geert and Gary) for Floor and Ceiling, because they would correspond to the
semantics that I would require in real working software (as opposed to the
artificial examples given by Randy and Pascal).

Presumably Geert's customer will write their own, probably non-portable,
versions of Floor and Ceiling in order to get the semantics they need.
That's hardly a victory for the language standard, is it?

****************************************************************

From: Randy Brukardt
Sent: Tuesday, April  6, 2004  2:41 PM

Why would they need a non-portable version? The attributes of A.5.3 and the
'Machine attribute provide all of the support needed to write Floor and
Ceiling. (The only reason that they're built-in is that some hardware
supports such operations, and the attributes provide a way to use those
operations.)

Indeed, Janus/Ada implements Floor and Ceiling in software, using A.5.3
attributes.

****************************************************************

From: Geert Bosch
Sent: Tuesday, April  6, 2004  4:22 PM

Hi everyone,

I just joined this list after Gary submitted my comment earlier today.
I'd like to clarify a few points.

> I disagree, at least with respect to Floor and Ceiling.  The
> definition of "Floor" given in the RM is the mathematical definition.
> If I were to say Y := Floor(X), I would assume that after this
> statement,
>
>    0.0 <= X-Y < 1.0
>
> regardless of the value of X beforehand.  But, assuming "Float" is a
> 32-bit float with a 23-bit mantissa (which really ought to be stated
> in a post like this---we can't assume that every Float in every Ada
> compiler is implemented this way), the proposed definition would, for
> X = 2.0**32, yield a value of Y = Floor(X) where X-Y = 256.  This, to
> me, would be unexpected semantics.

I'd like to point out, that (assuming a 32-bit float type T with
T'Machine_Radix = 2 and T'Machine_Mantissa = 24) if X = 2.0**32,
this is an integral machine number, so T'Floor (X) = T'Ceiling (X) = X,
and X - T'Floor (X) = 0.0.

Finally, in a statement

    Y := T'Floor (X);

the value in Y is necessarily a machine number and that may
cause the equality 0.0 <= X - T'Floor (X) < 1.0 to be false.
Currently, the following case

    X : constant := 2.0**32 - 0.5;
    Y : T := T'Floor (X);

will cause Y to be negative: neither of the conditions you gave
are guaranteed to hold for all values of X. With my proposed
change, at least X - T'Floor (X) will be guaranteed not to be
negative. This is in my opinion an important property.

Finally, the 'Floor attribute is stated to return a value of type T,
not a universal_real value, so I feel the current language in the RM
isn't very clear on the intended behavior.

****************************************************************

From: Randy Brukardt
Sent: Tuesday, April  6, 2004  4:50 PM

Geert Bosch wrote:

...
> I'd like to point out, that (assuming a 32-bit float type T with
> T'Machine_Radix = 2 and T'Machine_Mantissa = 24) if X = 2.0**32,
> this is an integral machine number, so T'Floor (X) = T'Ceiling (X) = X,
> and X - T'Floor (X) = 0.0.

I'm sure Adam meant your example of X := 2.0**32-0.5.

> Finally, the 'Floor attribute is stated to return a value of type T,
> not a universal_real value, so I feel the current language in the RM
> isn't very clear on the intended behavior.

So is the result of "*", and the language is just as clear about that:

-- Static expressions are evaluated exactly;
-- Extra precision is allowed in intermediate results.

Thus the result type has nothing to do with the result other than for
resolution purposes.

As Pascal pointed out, the problem you're worrying about comes from the
conversion to a machine number, and that isn't part of the attribute (or any
of the others) at all.

I don't care much about Floor (it's pretty useless), but I'm sure that we
can't make silent incompatibilities because someone has some code that
expects behavior not guaranteed by the standard. It would be better to
delete the attributes altogether (but that of course would be an even worse
incompatibility).

And, then you have to wonder why these attributes are special. It's crystal
clear that you don't want any machine number baloney going on in the
rounding attributes; but Floor and Ceiling are just (funny) rounding
attributes. Why should they be different?

****************************************************************

From: Adam Beneschan
Sent: Tuesday, April  6, 2004  6:11 PM

> I'm sure Adam meant your example of X := 2.0**32-0.5.

Yes, indeed that's what I meant.  Sorry about the mistake, which
appears to be an effect of Caffeine Deficiency Syndrome . . .

****************************************************************

From: Tucker Taft
Sent: Tuesday, April  6, 2004  5:19 PM

> ...
> Finally, the 'Floor attribute is stated to  return a value of type T,
> not a universal_real value, so I feel the current language in the RM
> isn't very clear on the intended behavior.

Referring to a value of type T does not imply a machine number.
Static arithmetic is infinite precision even for non-univeral-
real floating point types.    In fact, universality has relatively
little to do with precision in Ada 95.  Staticness is what
matters.

After reading Pascal's argument, I really don't see how
we can change the definition of these attributes.  We could
add a note to warn users that they are essentially useless
for non-static calculation when the values are so large that
the integral values are not machine numbers.

I'm not sure what the original example was trying to prove,
but if the goal was to find the largest integral machine number
less than 2**32, I would suggest you use 'Pred.

****************************************************************

From: Adam Beneschan
Sent: Tuesday, April  6, 2004  6:06 PM

That would certainly work in the original example.  The way Geert
wanted to redefine 'Floor was as "the largest integral machine number
less than or equal to X".  My first reaction to this was that perhaps
this was, for some reason, a useful function, one whose value would be
'Pred if the number was so large that 'Floor couldn't be represented
as a machine number, but would be 'Floor for numbers with smaller
exponents in the range where the delta between consecutive machine
numbers would be <= 0.5.  I suggested that if this really was useful,
a new attribute could be proposed.

But it's now occurred to me that this isn't necessary.  I believe that
"the largest integral machine number less than or equal to X" can
always be obtained via:

    Float'Min (Float'Floor (X), Float'Pred (X))

I haven't yet tried to prove it formally, but I believe that for an
IEEE representation, Float'Pred(X) must always be an integer if
Float'Pred(X) < Float'Floor(X), and that should be true of any other
real-life floating-point representation.  Thus the above formula will
return the value in the above proposal.

****************************************************************

From: Geert Bosch
Sent: Tuesday, April  6, 2004  6:13 PM

If X itself is an integral machine number, this is not correct.
Thanks anyway for the help. I've solved the problem (which was
related to range-checking in float-to-integer conversion) directly
in the front-end by using extra tests and adjustments.

****************************************************************

From: Geert Bosch
Sent: Tuesday, April  6, 2004  6:09 PM

> After reading Pascal's argument, I really don't see how
> we can change the definition of these attributes.  We could
> add a note to warn users that they are essentially useless
> for non-static calculation when the values are so large that
> the integral values are not machine numbers.

OK. I think we can do without the note, it may only cause
more confusion. The original problem came up in computing
bounds for range/overflow checking in float-to-integer
conversion.

Thanks for everyone's help and views.

****************************************************************

From: Nick Roberts
Sent: Tuesday, April  6, 2004  6:10 PM

> I'm not sure what the original example was trying to prove,
> but if the goal was to find the largest integral machine number
> less than 2**32, I would suggest you use 'Pred.

But I feel that's a bit like saying to users: here's a function that
computes the Floor/Ceiling of a floating point expression; but don't use it,
because it doesn't work properly (under certain conditions), you should
define your own function in terms of Pred/Succ instead.

Why not just fix the standard functions to work properly?

****************************************************************

From: Pascal Leroy
Sent: Wednesday, April  7, 2004  3:38 AM

Nick, by your definition of "properly", no (nonstatic) floating-point
computation works properly.  I don't see why you are focusing on Floor here.
Take plain old arithmetic.  For some values of X, it is perfectly possible for:


        X - 1.0E9 >= X

to return True (just make X big enough).

Anyone believing that (nonstatic) floating-point computations have any
ressemblance to mathematical computations is seriously confused, and should
urgenly re-read Knuth's chapter 4.2.2.

Again, the great thing about static computations is that they match their
mathematical counterparts, and this makes it much easier to reason about them.

****************************************************************

From: Nick Roberts
Sent: Thursday, April  8, 2004 10:46 AM

By 'properly' what I mean is 'usefully'. Plain old (non-static) arithmetic
does not work properly (it is inaccurate), but it is still useful.

I believe that the semantics that will be useful for almost all real,
working software, for Floor and Ceiling, will be what Geert wanted, not what
is currently defined. Whether it is mathematically correct is not what is
required for these functions, in practice, it is what Geert required.
Specifically, I believe the most important property for Floor/Ceiling is
that it never returns a value greater/less than its operand under any
circumstances.

That is why I think the language standard definition of the functions should
be changed.

In order to supply the mathematically correct functions, we need to
introduce something like Universal_Real'Floor and so on.

There also seems (to me) to be implications for Truncation, and a separate
question regarding Remainder seems to have been raised.

This is a complicated issue, and I'm still analysing it (while doing my day
job).

****************************************************************

From: Geert Bosch
Sent: Tuesday, April  6, 2004  5:54 PM

> In fact, I have always assumed that the
> references to machine numbers in A.5.3 do not really apply to static
> computations,

I do not see any grounds to assume that references to machine numbers
in A.5.3 do not apply to static computations. At least the 'Succ,
'Pred, 'Adjacent, 'Remainder and 'Machine attributes would not be
meaningful without this.

The main use of floating-point attributes in static expressions is
to be able to determine how arbitrary precision constants or
constant expressions will be rounded to machine numbers by the
implementation. This way, it is possible to adjust for rounding
errors that result from the finite precision of machine numbers.

****************************************************************

From: Pascal Leroy
Sent: Wednesday, April  7, 2004  3:31 AM

> I do not see any grounds to assume that references to machine numbers
> in A.5.3 do not apply to static computations. At least the 'Succ,
> 'Pred, 'Adjacent, 'Remainder and 'Machine attributes would not be
> meaningful without this.

You're absolutely right regarding Succ, Pred, Adjacent and Machine.  Their sole
purpose in life is to expose the properties of the underlying machine numbers,
so of course references to machine numbers in the RM text is appropriate here.

I should have been more precise and I should have mentioned the exact
paragraphs that I believe are faulty.  Take for instance Remainder.  It's
meaning is perfectly well-defined mathematically, independently of machine
numbers, so any reference to machine numbers in A.5.3(47) is bogus.  Consider
the (static) expression:

        Float'Remainder (Pi, E)

and assume that Pi and E are static values with a fairly large number of digits
(say 50, as shown in A.5(3)).  With the notation of A.5.3(47), n is 1 here, and
v is Pi-E.  Surely v is not a machine number of Float (it's somewhere between
two machine numbers) so the result of this attribute is +0.0 by a strict
reading of A.5.3(47).  Now that's a clear absurdity and every reasonable
compiler will return Pi-E here.

****************************************************************

From: Tucker Taft
Sent: Thursday, April  8, 2004  8:43 AM

I had never noticed this, but it seems that the definition
of Float'Remainder must simply be wrong.  All of the
other attributes talk about returning an "adjacent"
machine number.  But this one says zero if the
result is not a machine number.  That doesn't make
any sense to me.  Maybe it makes sense to someone else...

As far as machine numbers applying to static calculations,
I believe the specification of machine numbers was
intentional for Compose and Scaling (and our compiler definitely
applies 'Machine to the result, even if static).  I am
completely confused as to why Remainder is defined
the way it is.  All I can think was that someone concluded
that if the result were not a machine number, then one
of the adjacent machine numbers would be zero, and so we
might as well specify that that is the one always chosen.
But your Remainder(Pi,e) example clearly disproves that.

Perhaps it should have said that 'Machine is applied to the
two operands *before* computing the Remainder.  In that
case, I guess I can believe the result will always be
a machine number unless you get underflow, in which
case zero seems like a reasonable answer.

Perhaps someone else can shed more light...

****************************************************************

From: Robert A. Duff
Sent: Thursday, April  8, 2004  8:54 AM

I suggest you ask Ken Dritz.

****************************************************************

From: Pascal Leroy
Sent: Thursday, April  8, 2004  10:13 AM

This entire section was written by someone who missed the implications
of static computations.  In other words, it was written exclusively with
run-time computations in mind.

As explained in IEC 559, the run-time version of remainder is always
exact.  There is one caveat, though: if Y is very close to 0.0 (for
instance if Y is the machine number immediately above 0.0) then the
result may not be representable (because it is always less than Y/2.0).
In this case, returning 0.0 makes sense; however, it smells of
overspecification because I can't find a similar rule in IEC 559.

But clearly, for static computations, the sentence about machine numbers
is absurd...

> Perhaps it should have said that 'Machine is applied to the
> two operands *before* computing the Remainder.  In that
> case, I guess I can believe the result will always be
> a machine number unless you get underflow, in which
> case zero seems like a reasonable answer.

No, if you want to apply Machine automatically, you can always do that
yourselves explicitly.  If the current wording really gives you the
willies, we could fix it, but let's not change the semantics.

All this verbiage about machine numbers in Remainder, Scaling and the
like is actually completely unnecessary: we don't have anything
equivalent for the basic arithmetic operations "+", "*", etc.  All we
say is that they have their usual mathematical meaning, and that (in
strict mode) you get a value in the proper interval.  In the case of the
attribute we have to specify their "mathematical meaning", because it's
not obvious, but other than that we should let the strict mode do its
job.

It is actually worse that you think because, unlike all the rest of the
language, it doesn't let you keep more accuracy.  If you are on a
Pentium and your type Float corresponds to the 32-bit format, the result
of Scaling has to be a machine number of Float.  So if you did the
intermediate computations using the 80-bit format (quite likely on this
architecture ;-), you have to explicitly emit a load/store pair to get
rid of the extra accuracy.  Yuck!

****************************************************************

From: Tucker Taft
Sent: Thursday, April  8, 2004  10:39 AM

> This entire section was written by someone who missed the implications
> of static computations.  In other words, it was written exclusively with
> run-time computations in mind.

I believe Ken Dritz of Argonne National Lab wrote much of
this.  He is no fool.  I suspect he wanted the results to
be in terms of machine numbers for Compose, Scaling, and Remainder.
We of course may disagree.  However, I wouldn't be surprised
if various compilers implement the attributes as written
(I know we do).  For Remainder, they are definitely getting
bizarre answers if they don't first apply 'Machine to the
operands (we don't).

I think we need to fix the wording for Remainder, one way
or the other.  For Scaling and Compose, I have no problem
leaving them the way they are as returning machine numbers.
I think that is better than silently changing the behavior.
Also, these seem to be oriented toward manipulating machine
representations more than abstract real values.

On the other hand, Remainder is clearly broken the way it
is currently written, and perhaps we can make our own decision
which way makes more sense.  I could go either way,
though I probably have a slight preference for specifying
that 'Machine is applied before using the given algorithm,
but you could convince me the opposite.

> ...
> But clearly, for static computations, the sentence about machine numbers
> is absurd...

Unless 'Machine is applied to the operands.
>
>
>>Perhaps it should have said that 'Machine is applied to the
>>two operands *before* computing the Remainder.  In that
>>case, I guess I can believe the result will always be
>>a machine number unless you get underflow, in which
>>case zero seems like a reasonable answer.
>
>
> No, if you want to apply Machine automatically, you can always do that
> yourselves explicitly.  If the current wording really gives you the
> willies, we could fix it, but let's not change the semantics.

But what exactly *are* the semantics?  For this one, I am
not sure.  The notion of a Remainder that is sometimes
positive and sometimes negative depending not on the
sign of the operands, but rather their values, is a bit
bizarre to me, and I really don't know what this is used
for.  Is it for argument reduction?

> All this verbiage about machine numbers in Remainder, Scaling and the
> like is actually completely unnecessary: we don't have anything
> equivalent for the basic arithmetic operations "+", "*", etc...

That's true, but these are not basic arithmetic operations.
At least scaling and compose are pretty low level manipulations
that seem pretty oriented toward representation.

Remainder I will admit sounds more "mathematical" and
as I indicated, I could be convinced that any reference to
machine numbers should be removed.

> It is actually worse that you think because, unlike all the rest of the
> language, it doesn't let you keep more accuracy...

I believe that was intentional.  You can argue (and you have ;-)
that that was a mistake.  Whether it should be changed now is
a debate in my mind.  We argued for not changing what the manual
said about Floor for compatibility reasons.  The same could
certainly be said about Scaling and Compose.  I am at a loss
as to say what to do with Remainder.  If we use the "RM never
says anything silly" rule, then the only reasonable interpretation
of Remainder is either that 'Machine is applied to the operands, or
something like "if the result cannot be represented exactly,
the result is zero."

In any case, I think it is a bit of a stretch to allow additional
accuracy in the run-time results of Scaling and Compose,
based on the well-defined wording already present in the manual.

****************************************************************

From: Tucker Taft
Sent: Thursday, April  8, 2004  10:44 AM

One last comment.  Scaling and Compose are designed
to be performed by directly manipulating the IEEE
representation, rather than doing multiplication or
division.  For Scaling, you just adjust the exponent
and leave the mantissa as is.  For Compose you shove
the exponent and the mantissa into the appropriate parts
of the 32-bit or 64-bit representation.
So I don't think the 80-bit intermediate form is really
an issue.

****************************************************************

From: Pascal Leroy
Sent: Thursday, April  8, 2004  11:15 AM

It is when it comes to underflows/overflows.  I have always thought that
these attributes should be implemented as efficiently as possible, using
one or a few machine instructions.  Now you want me to do an extra
conversion/check to detect underflow/overflow.  Sorry, that doesn't
sound like a good idea to me.

****************************************************************

From: Geert Bosch
Sent: Thursday, April  8, 2004  11:44 AM

In order to implement these attributes efficiently, you need to
work on the in-memory representation anyway (which will have caused
rounding to the type's precision). I don't see where the inefficiency
is.

****************************************************************

From: Michael F. Yoder
Sent: Thursday, April  8, 2004  3:01 AM

>As explained in IEC 559, the run-time version of remainder is always
>exact.  There is one caveat, though: if Y is very close to 0.0 (for
>instance if Y is the machine number immediately above 0.0) then the
>result may not be representable (because it is always less than Y/2.0).
>In this case, returning 0.0 makes sense; however, it smells of
>overspecification because I can't find a similar rule in IEC 559.
>
If the representation incorporates gradual underflow, as the 'single'
and 'double' IEEE reps do, then the remainder of two machine numbers is
always representable as a machine number.  If Y is the machine number
immediately above 0.0, the remainder is always exactly 0.0 when X is a
machine number.

The case cited only obtains if the floating point representation doesn't
use gradual underflow.  In that case, converting underflowed results to
0.0 is easier in hardware than other methods.  (I don't recall whether
there are machines that do anything different.)  I'd be willing to bet
lots of money at even odds that this is the origin of the rule, but I
could be wrong.

Unfortunately, the above suggests that the right generalization to
static expressions differs according to whether the type T incorporates
gradual underflow.  I'd say, if it does, the right generalization of
T'Remainder would be to make the remainder exact.  If not, I'd say the
right generalization is to force underflowed results to zero, and
otherwise use an exact result.

The "gradual underflow" case corresponds to T'Denorm being true.

It's likely the language in A.5.3(47) is a slip based on the implicit
assumption that the operands are machine numbers (in which case a result
that isn't a machine number must be an underflow).

My personal suggestion: make the result be forced to zero if and only if
T'Denorm is false, and the result R is such that T'Pred(0.0) < R <
T'Succ (0.0).

****************************************************************

From: Pascal Leroy
Sent: Friday, April  9, 2004  3:18 AM

> The case cited only obtains if the floating point representation doesn't
> use gradual underflow.  In that case, converting underflowed results to
> 0.0 is easier in hardware than other methods.  (I don't recall whether
> there are machines that do anything different.)  I'd be willing to bet
> lots of money at even odds that this is the origin of the rule, but I
> could be wrong.

Thank you, Mike, for a very rigorous analysis.  You're absolutely
correct here.

> It's likely the language in A.5.3(47) is a slip based on the implicit
> assumption that the operands are machine numbers (in which case a result
> that isn't a machine number must be an underflow).

I concur.

> My personal suggestion: make the result be forced to zero if and only if
> T'Denorm is false, and the result R is such that T'Pred(0.0) < R < T'Succ (0.0).

I find the dependence on T'Denorm unpalatable.  However I could probably
live with this: it is much more sensible that Tuck's notion of applying
Machine to the arguments.

****************************************************************

From: Pascal Leroy
Sent: Friday, April  9, 2004  4:35 AM

> I believe Ken Dritz of Argonne National Lab wrote much of this.  He is
> no fool.

Right, and the description is exactly correct for nonstatic
computations, as pointed out by Mike Yoder.  (I withdraw my previous
comment that the reference to zero in Remainder is overspecification:
Mike convinced me that it is exactly the right thing.)

A little bit of historical context helps here: this section is the
result of integrating ISO/IEC 11729:1994 into the Ada 95 RM.  Now 11729
was defining a predefined unit, so staticness was irrelevant.
Unfortunately my copy of 11729 seems to have evaporated so I cannot
check it, but I suspect that the problematic wording must have been
inherited from 11729.

> However, I wouldn't be
> surprised if various compilers implement the attributes as
> written (I know we do).

Sorry, I don't take your word for it.  We need a compiler survey here.
The version of GNAT that I am using (arguably oldish) seems to agree
with my interpretation for Compose; to believe that Scaling is never
static; and to be using some form of inexact computation for Remainder
(but not applying Machine to the arguments).

Writing tests for static evaluation is really hard when you don't know
what to expect, so it would be useful for implementers to tell us what
they think they implement.

****************************************************************

From: Tucker Taft
Sent: Friday, April  9, 2004  7:31 AM

We do the following for static computations of these
attributes:

   S'Compose:  S'Machine(Fraction*S'Machine_Radix**(-k) *
                S'Machine_Radix**Exponent)
       where "k" is the normalized exponent of Fraction

   S'Scaling:  S'Machine(X * S'Machine_Radix**Adjustment)

   S'Remainder: Let R = X - Y * S'Unbiased_Rounding(X/Y)
              if R = S'Machine(R) then R else 0.0 end if


I would suggest that we leave Compose and Scaling as is
(including the application of S'Machine to the result).

S'Remainder makes no sense as is.  What do you propose
we do instead?  My preference would be to change it
to return S'Machine(R), but making sure that it returns
0 on underflow.

Note that S'Machine takes advantage of denormalized numbers
if they exist on the machine, so there is no need to
explicitly depend on S'Denorm.

****************************************************************

From: Pascal Leroy
Sent: Tuesday, April 13, 2004  7:14 AM

This is _not_ what A.5.3(26, 29) require, btw.

For Scaling, it should be, by a strict reading of the RM:

	V = X * S'Machine_Radix**Adjustment;
	if abs V >= T'Model_Small or else V = S'Machine (V) then
	   return V;
	else
	   return S'Machine (V);
	end if;

Similarly for Compose.

Your implementation is going to cause trouble when V is large because
S'Machine will raise C_E (or be illegal in the case of static
computations).

****************************************************************

From: Tucker Taft
Sent: Tuesday, April 13, 2004  6:35 AM

Interesting.  You are clearly right.  The person who implemented
our static evaluation must have thought for some reason just
calling S'Machine would do the right thing.  But that again presumes
the inputs are machine numbers.  And as you point out, even if
they are machine numbers, it might give the wrong answer for
large positive adjustments.

> Your implementation is going to cause trouble when V is large because
> S'Machine will raise C_E (or be illegal in the case of static
> computations).

Blech.  Oh well, it's nice to have somebody else
debug our compiler for a change... ;-)

****************************************************************

From: Randy Brukardt
Sent: Monday, April 26, 2004  8:33 PM

> You _may_ but you don't _need_to_ if you hardware has appropriate
> instructions.  On a Pentium you can (should?) implement some of these
> attributes using the FSCALE and FXTRACT instructions, and that won't
> touch memory.

For what it's worth (probably not much), Janus/Ada uses FSCALE and FXTRACT
to implement these operations, and doesn't truncate to machine numbers.

As I recall, these attributes are used frequently in the GEF implementation;
you'd want to control the use of 'Machine only to those parts of the code
where its actually needed.

****************************************************************

From: Geert Bosch
Sent: Wednesday, April 28, 2004  7:33 AM

This seems confused. We were discussing the behavior of these attributes
in a static context. If you would be using machine instructions such
as FSCALE and FXTRACT for the static evaluation, that would not seem
a conforming implementation is the operands are rounded to machine
numbers as well. Of course the results of FSCALE and FXTRACT, which
most likely are used for run-time evaluation, are by definition
machine numbers.

****************************************************************

From: Randy Brukardt
Sent: Wednesday, April 28, 2004  2:49 PM

> This seems confused. We were discussing the behavior of these attributes
> in a static context.

Actually, Pascal was discussing them in a dynamic context as well. But
perhaps you missed that (I only noticed it when I re-read this stuff while
filing it).

> If you would be using machine instructions such
> as FSCALE and FXTRACT for the static evaluation, that would not seem
> a conforming implementation is the operands are rounded to machine
> numbers as well. Of course the results of FSCALE and FXTRACT, which
> most likely are used for run-time evaluation, are by definition
> machine numbers.

No, FSCALE and FXTRACT operate on the Pentium floating point stack, which
are 80-bit numbers. These definitely are not machine numbers for float (for
example). As Pascal notes, in an underflow case, these will be very
different than one of the machine numbers (since the exponents of the 80-bit
numbers go to +/- 1024); an implementation that doesn't truncate such
numbers to zero is wrong, by the wording of the standard.

But that means writing and rereading the values of memory on the Pentium,
which obviously a substantial extra expense. The reason that we recognize
these in the code generator is because they are commonly used in numerical
software (like GEF); and that's the last place we want to be paying a large
extra cost to truncate to machine numbers.

Obviously we could avoid that by adding Machine_Compose and Machine_Scale
attributes, but that seems like overkill. Or we can just not implement
strict mode (that was our solution); but it's hard to see who benefits from
that.

****************************************************************


Questions? Ask the ACAA Technical Agent