resend _____________________________________________ From: Bresticker, Shalom Sent: Monday, April 27, 2009 3:01 PM To: SV_BC List Subject: Mantis 2680: warnings on writes to invalid or out-of-range index Hi, I want to discuss Mantis 2680. To be clear, I was not the one to submit this ballot comment, but I think it deserves a more serious discussion than it received in the last meeting. Basically, this ballot comment request that SV be changed so that a write to an array with an invalid (x,z) or out-of-range index will issue a mandatory warning. Currently the LRM says that no action will be performed and a warning may optionally be issued. In practice, none of the Big 3 simulators do issue a warning. In my experience, no users think that the current behavior is good. Some people use quite strong language when expressing their discontent about it. See relatively recently, http://www.svug.org/Forum/tabid/57/forumid/33/postid/886/view/topic/Default.aspx, for example. The point was made in the committee meeting that this change would not be back-compatible. That is true. But this is a change that users want. It is interesting that some of these same objectors have pushed non-back-compatible changes even recently, on the grounds that the current behavior is not good. In our change, the change would not change the functional behavior, only cause a warning to be issued. In fact, users consider the current behavior bad, buggy, wrong, unacceptable, ... (choose an adjective). It is especially important because in this case, the simulation can behave differently from the real hardware with no warning that it is doing so. Note that the LRM already says that such writes to associative arrays (7.9.6) and queues (7.11.1) issue warnings. It was stated that vendors can implement warnings even if not required to. Yes, but in this case, they have not done so, and it does not look like they are inclined to do so. Besides, all tools have a switch to turn off specific warnings, and many do so. In fact, those same vendors, when they get complaints from users about unuseful warnings, tell the user that he can just turn them off. It was also said that the committees' inclination now is to reduce the number of warnings mentioned in the LRM. I think this needs to be taken on a case by case basis. I agree that a warning that is specified by the LRM as optional is less useful, because you can not depend on it being implemented. But this is a case where users want warnings, and it is for a situation that cannot be detected by Lint tools, for example, because it depends on run-time values of the indexes. Note that we are not talking about invalid reads, only invalid writes. I turned to the active members of this committee from the user community + also Jonathan Bromley to ask their opinions. I hope I represent their views accurately. The following strongly support a mandatory warning for an array write with an invalid or out-of-range index (on condition of user control, discussed below): Shalom Bresticker Yulik Feldman Stephen Hill Stuart Sutherland Don Mills Jonathan Bromley Heath Chambers Stu brought a real-time example from his training classes where such a warning would be very helpful, and its lack hides problems. I'm unsure currently of Matt Maidment's degree of support, but he did not object. The issue of user control is very important to Matt. I did not yet get responses from Cliff Cummings or Tom Alsop. Objectors: NONE! Summary: 8 in favor (7 strongly), 0 against. You can see that the user community very much wants this. At the same time, we agree that the user must be able to turn these warnings off, and it is strongly preferable that there be a standard mechanism specified for doing this, as opposed to a tool-specific one. This would also strongly mitigate any risk in this change. The requirements are as follows: - Default should be on. - The control needs to allow both global control (e.g., design-wide or instance-level) and individual control (for a specific array). - The control needs to allow the user to have run-time control so that he can turn it off and on at different times. In particular, one should be able to turn them off at time 0 and during resets. Jonathan suggested that it might be good to have separate controls for x/z indexes and out-of-range indexes. One way would be to define new system tasks with syntax and functionality similar to $assertoff and $asserton. They can be executed at any time and can be global, module-level, or assertion-specific. The array name itself could be used instead of a separate assertion name. Another way could be to define methods on arrays that do these tasks, like dynamic arrays that have methods. The specific details are open to discussion. I'm sure you have good suggestions. But this is a change that users want. Thanks, Shalom Shalom Bresticker Intel Jerusalem LAD DA +972 2 589-6582 +972 54 721-1033 --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.Received on Mon Apr 27 06:17:50 2009
This archive was generated by hypermail 2.1.8 : Mon Apr 27 2009 - 06:18:12 PDT