| blob | 551e9f3c32ce0358fb8882e45b22a3d309982f3b |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C O N T R A C T S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 2015-2024, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
66 -- This exception is raised by Add_Contract_Item when it is invoked on an
67 -- invalid pragma. Note that clients of the package must filter them out
68 -- before invoking Add_Contract_Item, so it should not escape the package.
71 -- Analyze all delayed pragmas chained on the contract of package
72 -- instantiation Inst_Id as if they appear at the end of a declarative
73 -- region. The pragmas in question are:
74 --
75 -- Part_Of
77 procedure Build_Subprogram_Contract_Wrapper
82 -- Generate a wrapper for a given subprogram body when the expansion of
83 -- postconditions require it by moving its declarations and statements
84 -- into a locally declared subprogram _Wrapped_Statements.
86 -- Postcondition and precondition checks then get inserted in place of
87 -- the original statements and declarations along with a call to
88 -- _Wrapped_Statements.
90 procedure Check_Class_Condition
95 -- Perform checking of class-wide pre/postcondition Cond inherited by Subp
96 -- from Par_Subp. Is_Precondition enables check specific for preconditions.
97 -- In SPARK_Mode, an inherited operation that is not overridden but has
98 -- inherited modified conditions pre/postconditions is illegal.
101 -- Determine whether arbitrary declaration Decl denotes a renaming of
102 -- a discriminant or protection field _object.
104 procedure Check_Type_Or_Object_External_Properties
106 -- Perform checking of external properties pragmas that is common to both
107 -- type declarations and object declarations.
110 -- Expand the contracts of a subprogram body and its correspoding spec (if
111 -- any). This routine processes all [refined] pre- and postconditions as
112 -- well as Always_Terminates, Contract_Cases, Exceptional_Cases,
113 -- Subprogram_Variant, invariants and predicates. Body_Id denotes the
114 -- entity of the subprogram body.
116 procedure Preanalyze_Condition
119 -- Preanalyze the class-wide condition Expr of Subp
121 procedure Set_Class_Condition
125 -- Set the class-wide Kind condition of Subp
127 -----------------------
128 -- Add_Contract_Item --
129 -----------------------
135 -- Prepend Prag to the list of classifications
138 -- Prepend Prag to the list of contract and test cases
141 -- Prepend Prag to the list of pre- and postconditions
143 ------------------------
144 -- Add_Classification --
145 ------------------------
148 begin
153 ----------------------------
154 -- Add_Contract_Test_Case --
155 ----------------------------
158 begin
163 ----------------------------
164 -- Add_Pre_Post_Condition --
165 ----------------------------
168 begin
173 -- Local variables
175 -- A contract must contain only pragmas
180 -- Start of processing for Add_Contract_Item
182 begin
183 -- Create a new contract when adding the first item
190 -- Constants, the applicable pragmas are:
191 -- Part_Of
195 | Name_Async_Writers
196 | Name_Effective_Reads
197 | Name_Effective_Writes
198 | Name_No_Caching
199 | Name_Part_Of
200 then
201 Add_Classification;
203 -- The pragma is not a proper contract item
205 else
209 -- Entry bodies, the applicable pragmas are:
210 -- Refined_Depends
211 -- Refined_Global
212 -- Refined_Post
216 Add_Classification;
219 Add_Pre_Post_Condition;
221 -- The pragma is not a proper contract item
223 else
227 -- Entry or subprogram declarations, the applicable pragmas are:
228 -- Always_Terminates
229 -- Attach_Handler
230 -- Contract_Cases
231 -- Depends
232 -- Exceptional_Cases
233 -- Extensions_Visible
234 -- Global
235 -- Interrupt_Handler
236 -- Postcondition
237 -- Precondition
238 -- Side_Effects
239 -- Subprogram_Variant
240 -- Test_Case
241 -- Volatile_Function
245 | E_Generic_Function
246 | E_Generic_Procedure
247 | E_Procedure
248 then
251 then
252 Add_Classification;
255 | Name_Extensions_Visible
256 | Name_Global
257 | Name_Side_Effects
258 then
259 Add_Classification;
263 then
264 Add_Classification;
267 | Name_Contract_Cases
268 | Name_Exceptional_Cases
269 | Name_Subprogram_Variant
270 | Name_Test_Case
271 then
272 Add_Contract_Test_Case;
275 Add_Pre_Post_Condition;
277 -- The pragma is not a proper contract item
279 else
283 -- Packages or instantiations, the applicable pragmas are:
284 -- Abstract_States
285 -- Initial_Condition
286 -- Initializes
287 -- Part_Of (instantiation only)
291 | Name_Initial_Condition
292 | Name_Initializes
293 then
294 Add_Classification;
296 -- Indicator Part_Of must be associated with a package instantiation
299 Add_Classification;
302 Add_Contract_Test_Case;
304 -- The pragma is not a proper contract item
306 else
310 -- Package bodies, the applicable pragmas are:
311 -- Refined_States
315 Add_Classification;
317 -- The pragma is not a proper contract item
319 else
323 -- The four volatility refinement pragmas are ok for all types.
324 -- Part_Of is ok for task types and protected types.
325 -- Depends and Global are ok for task types.
326 --
327 -- Precondition and Postcondition are added separately; they are allowed
328 -- for access-to-subprogram types.
331 declare
333 Prag_Nam in Name_Async_Readers
334 | Name_Async_Writers
335 | Name_Effective_Reads
336 | Name_Effective_Writes
337 | Name_No_Caching
340 | Name_Depends
341 | Name_Global)
345 begin
347 Add_Classification;
351 | Name_Postcondition
352 then
353 Add_Pre_Post_Condition;
354 else
356 -- The pragma is not a proper contract item
362 -- Subprogram bodies, the applicable pragmas are:
363 -- Postcondition
364 -- Precondition
365 -- Refined_Depends
366 -- Refined_Global
367 -- Refined_Post
371 Add_Classification;
374 | Name_Precondition
375 | Name_Refined_Post
376 then
377 Add_Pre_Post_Condition;
379 -- The pragma is not a proper contract item
381 else
385 -- Task bodies, the applicable pragmas are:
386 -- Refined_Depends
387 -- Refined_Global
391 Add_Classification;
393 -- The pragma is not a proper contract item
395 else
399 -- Task units, the applicable pragmas are:
400 -- Depends
401 -- Global
402 -- Part_Of
404 -- Variables, the applicable pragmas are:
405 -- Async_Readers
406 -- Async_Writers
407 -- Constant_After_Elaboration
408 -- Depends
409 -- Effective_Reads
410 -- Effective_Writes
411 -- Global
412 -- No_Caching
413 -- Part_Of
417 | Name_Async_Writers
418 | Name_Constant_After_Elaboration
419 | Name_Depends
420 | Name_Effective_Reads
421 | Name_Effective_Writes
422 | Name_Global
423 | Name_No_Caching
424 | Name_Part_Of
425 then
426 Add_Classification;
428 -- The pragma is not a proper contract item
430 else
434 else
439 -----------------------
440 -- Analyze_Contracts --
441 -----------------------
446 begin
450 -- Entry or subprogram declarations
453 | N_Entry_Declaration
454 | N_Generic_Subprogram_Declaration
455 | N_Subprogram_Declaration
456 then
459 -- Entry or subprogram bodies
464 -- Objects
469 -- Package instantiation
474 -- Protected units
477 | N_Single_Protected_Declaration
478 then
481 -- Subprogram body stubs
486 -- Task units
489 | N_Task_Type_Declaration
490 then
493 -- For type declarations, we need to do the preanalysis of Iterable
494 -- and the 3 Xxx_Literal aspect specifications.
496 -- Other type aspects need to be resolved here???
500 then
501 declare
511 begin
529 | N_Private_Type_Declaration
530 | N_Task_Type_Declaration
531 | N_Protected_Type_Declaration
532 | N_Formal_Type_Declaration
533 then
541 -------------------------------------
542 -- Analyze_Pragmas_In_Declarations --
543 -------------------------------------
548 begin
549 -- Move through the body's declarations analyzing all pragmas which
550 -- appear at the top of the declarations.
557 if Pragma_Significant_To_Subprograms
559 then
563 -- Skip the renamings of discriminants and protection fields
568 -- We have reached something which is not a pragma so we can be sure
569 -- there are no more contracts or pragmas which need to be taken into
570 -- account.
572 else
580 -----------------------------------------------
581 -- Analyze_Entry_Or_Subprogram_Body_Contract --
582 -----------------------------------------------
584 -- WARNING: This routine manages SPARK regions. Return statements must be
585 -- replaced by gotos which jump to the end of the routine and restore the
586 -- SPARK mode.
593 begin
594 -- When a subprogram body declaration is illegal, its defining entity is
595 -- left unanalyzed. There is nothing left to do in this case because the
596 -- body lacks a contract, or even a proper Ekind.
601 -- Do not analyze a contract multiple times
606 else
610 -- When this is a subprogram body not coming from source, for example an
611 -- expression function, it does not cause freezing of previous contracts
612 -- (see Analyze_Subprogram_Body_Helper), in particular not of those on
613 -- its spec if it exists. In this case make sure they have been properly
614 -- analyzed before being expanded below, as we may be invoked during the
615 -- freezing of the subprogram in the middle of its enclosing declarative
616 -- part because the declarative part contains e.g. the declaration of a
617 -- variable initialized by means of a call to the subprogram.
623 then
627 -- Ensure that the contract cases or postconditions mention 'Result or
628 -- define a post-state.
632 -- Capture all global references in a generic subprogram body now that
633 -- the contract has been analyzed.
636 Save_Global_References_In_Contract
641 -- Deal with preconditions, [refined] postconditions, Always_Terminates,
642 -- Contract_Cases, Exceptional_Cases, Subprogram_Variant, invariants and
643 -- predicates associated with body and its spec. Do not expand the
644 -- contract of subprogram body stubs.
651 ------------------------------------------
652 -- Analyze_Entry_Or_Subprogram_Contract --
653 ------------------------------------------
655 -- WARNING: This routine manages SPARK regions. Return statements must be
656 -- replaced by gotos which jump to the end of the routine and restore the
657 -- SPARK mode.
659 procedure Analyze_Entry_Or_Subprogram_Contract
662 is
671 -- Save the SPARK_Mode-related data to restore on exit
681 begin
682 -- Do not analyze a contract multiple times
687 else
692 -- Due to the timing of contract analysis, delayed pragmas may be
693 -- subject to the wrong SPARK_Mode, usually that of the enclosing
694 -- context. To remedy this, restore the original SPARK_Mode of the
695 -- related subprogram body.
699 -- All subprograms carry a contract, but for some it is not significant
700 -- and should not be processed.
707 -- Do not analyze the pre/postconditions of an entry declaration
708 -- unless annotating the original tree for GNATprove. The
709 -- real analysis occurs when the pre/postconditons are relocated to
710 -- the contract wrapper procedure (see Build_Contract_Wrapper).
715 -- Otherwise analyze the pre/postconditions.
716 -- If these come from an aspect specification, their expressions
717 -- might include references to types that are not frozen yet, in the
718 -- case where the body is a rewritten expression function that is a
719 -- completion, so freeze all types within before constructing the
720 -- contract code.
722 else
723 declare
727 begin
736 then
743 if Freeze_Types
745 then
746 Freeze_Expr_Types
749 Expr =>
750 Expression
761 -- Analyze contract-cases, subprogram-variant and test-cases
772 -- Do not analyze the contract cases of an entry declaration
773 -- unless annotating the original tree for GNATprove.
774 -- The real analysis occurs when the contract cases are moved
775 -- to the contract wrapper procedure (Build_Contract_Wrapper).
780 -- Otherwise analyze the contract cases
782 else
792 else
800 -- Analyze classification pragmas
816 -- Analyze Global first, as Depends may mention items classified in
817 -- the global categorization.
823 -- Depends must be analyzed after Global in order to see the modes of
824 -- all global items.
830 -- Ensure that the contract cases or postconditions mention 'Result
831 -- or define a post-state.
836 -- Restore the SPARK_Mode of the enclosing context after all delayed
837 -- pragmas have been analyzed.
841 -- Capture all global references in a generic subprogram now that the
842 -- contract has been analyzed.
845 Save_Global_References_In_Contract
851 ----------------------------------------------
852 -- Check_Type_Or_Object_External_Properties --
853 ----------------------------------------------
855 procedure Check_Type_Or_Object_External_Properties
857 is
860 -- Local variables
870 -- Start of processing for Check_Type_Or_Object_External_Properties
872 begin
873 -- Analyze all external properties
876 -- If the parent type of a derived type is volatile
877 -- then the derived type inherits volatility-related flags.
880 declare
883 begin
897 declare
899 begin
903 Error_Msg_N
905 Prag);
913 declare
915 begin
919 Error_Msg_N
921 Prag);
929 declare
931 begin
935 Error_Msg_N
937 Prag);
945 declare
947 begin
951 Error_Msg_N
953 Prag);
958 -- Verify the mutual interaction of the various external properties.
959 -- For types and variables for which No_Caching is enabled, it has been
960 -- checked already that only False values for other external properties
961 -- are allowed.
963 if Seen
965 then
966 Check_External_Properties
970 -- Analyze the non-external volatility property No_Caching
979 -----------------------------
980 -- Analyze_Object_Contract --
981 -----------------------------
983 -- WARNING: This routine manages SPARK regions. Return statements must be
984 -- replaced by gotos which jump to the end of the routine and restore the
985 -- SPARK mode.
987 procedure Analyze_Object_Contract
990 is
995 -- Save the SPARK_Mode-related data to restore on exit
1001 begin
1002 -- The loop parameter in an element iterator over a formal container
1003 -- is declared with an object declaration, but no contracts apply.
1009 -- Do not analyze a contract multiple times
1016 else
1021 -- The anonymous object created for a single concurrent type inherits
1022 -- the SPARK_Mode from the type. Due to the timing of contract analysis,
1023 -- delayed pragmas may be subject to the wrong SPARK_Mode, usually that
1024 -- of the enclosing context. To remedy this, restore the original mode
1025 -- of the related anonymous object.
1029 then
1033 -- Checks related to external properties, same for constants and
1034 -- variables.
1038 -- Constant-related checks
1042 -- Analyze indicator Part_Of
1046 -- Check whether the lack of indicator Part_Of agrees with the
1047 -- placement of the constant with respect to the state space.
1053 -- Variable-related checks
1057 -- The anonymous object created for a single task type carries
1058 -- pragmas Depends and Global of the type.
1062 -- Analyze Global first, as Depends may mention items classified
1063 -- in the global categorization.
1071 -- Depends must be analyzed after Global in order to see the modes
1072 -- of all global items.
1083 -- Analyze indicator Part_Of
1088 -- The variable is a constituent of a single protected/task type
1089 -- and behaves as a component of the type. Verify that references
1090 -- to the variable occur within the definition or body of the type
1091 -- (SPARK RM 9.3).
1094 and then Is_Single_Concurrent_Object
1097 then
1105 -- Otherwise check whether the lack of indicator Part_Of agrees with
1106 -- the placement of the variable with respect to the state space.
1108 else
1113 -- Common checks
1117 -- A Ghost object cannot be of a type that yields a synchronized
1118 -- object (SPARK RM 6.9(19)).
1123 -- A Ghost object cannot be imported or exported (SPARK RM 6.9(7)).
1124 -- One exception to this is the object that represents the dispatch
1125 -- table of a Ghost tagged type, as the symbol needs to be exported.
1135 -- Restore the SPARK_Mode of the enclosing context after all delayed
1136 -- pragmas have been analyzed.
1141 -----------------------------------
1142 -- Analyze_Package_Body_Contract --
1143 -----------------------------------
1145 -- WARNING: This routine manages SPARK regions. Return statements must be
1146 -- replaced by gotos which jump to the end of the routine and restore the
1147 -- SPARK mode.
1149 procedure Analyze_Package_Body_Contract
1152 is
1159 -- Save the SPARK_Mode-related data to restore on exit
1163 begin
1164 -- Do not analyze a contract multiple times
1169 else
1174 -- Due to the timing of contract analysis, delayed pragmas may be
1175 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1176 -- context. To remedy this, restore the original SPARK_Mode of the
1177 -- related package body.
1183 -- The analysis of pragma Refined_State detects whether the spec has
1184 -- abstract states available for refinement.
1190 -- Restore the SPARK_Mode of the enclosing context after all delayed
1191 -- pragmas have been analyzed.
1195 -- Capture all global references in a generic package body now that the
1196 -- contract has been analyzed.
1199 Save_Global_References_In_Contract
1205 ------------------------------
1206 -- Analyze_Package_Contract --
1207 ------------------------------
1209 -- WARNING: This routine manages SPARK regions. Return statements must be
1210 -- replaced by gotos which jump to the end of the routine and restore the
1211 -- SPARK mode.
1219 -- Save the SPARK_Mode-related data to restore on exit
1226 begin
1227 -- Do not analyze a contract multiple times
1233 -- Do not analyze the contract of the internal package
1234 -- created to check conformance of an actual package.
1235 -- Such an internal package is removed from the tree after
1236 -- legality checks are completed, and it does not contain
1237 -- the declarations of all local entities of the generic.
1241 then
1244 else
1249 -- Due to the timing of contract analysis, delayed pragmas may be
1250 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1251 -- context. To remedy this, restore the original SPARK_Mode of the
1252 -- related package.
1258 -- Locate and store pragmas Initial_Condition and Initializes, since
1259 -- their order of analysis matters.
1275 -- Analyze the initialization-related pragmas. Initializes must come
1276 -- before Initial_Condition due to item dependencies.
1287 -- Restore the SPARK_Mode of the enclosing context after all delayed
1288 -- pragmas have been analyzed.
1292 -- Capture all global references in a generic package now that the
1293 -- contract has been analyzed.
1296 Save_Global_References_In_Contract
1302 --------------------------------------------
1303 -- Analyze_Package_Instantiation_Contract --
1304 --------------------------------------------
1306 -- WARNING: This routine manages SPARK regions. Return statements must be
1307 -- replaced by gotos which jump to the end of the routine and restore the
1308 -- SPARK mode.
1316 -- Save the SPARK_Mode-related data to restore on exit
1321 begin
1322 -- Nothing to do when the package instantiation is erroneous or left
1323 -- partially decorated.
1332 -- Due to the timing of contract analysis, delayed pragmas may be
1333 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1334 -- context. To remedy this, restore the original SPARK_Mode of the
1335 -- related package.
1339 -- Check whether the lack of indicator Part_Of agrees with the placement
1340 -- of the package instantiation with respect to the state space. Nested
1341 -- package instantiations do not need to be checked because they inherit
1342 -- Part_Of indicator of the outermost package instantiation (see routine
1343 -- Propagate_Part_Of in Sem_Prag).
1352 -- Restore the SPARK_Mode of the enclosing context after all delayed
1353 -- pragmas have been analyzed.
1358 --------------------------------
1359 -- Analyze_Protected_Contract --
1360 --------------------------------
1365 begin
1366 -- Do not analyze a contract multiple times
1371 else
1377 -------------------------------------------
1378 -- Analyze_Subprogram_Body_Stub_Contract --
1379 -------------------------------------------
1385 begin
1386 -- A subprogram body stub may act as its own spec or as the completion
1387 -- of a previous declaration. Depending on the context, the contract of
1388 -- the stub may contain two sets of pragmas.
1390 -- The stub is a completion, the applicable pragmas are:
1391 -- Refined_Depends
1392 -- Refined_Global
1397 -- The stub acts as its own spec, the applicable pragmas are:
1398 -- Always_Terminates
1399 -- Contract_Cases
1400 -- Depends
1401 -- Exceptional_Cases
1402 -- Global
1403 -- Postcondition
1404 -- Precondition
1405 -- Subprogram_Variant
1406 -- Test_Case
1408 else
1413 ---------------------------
1414 -- Analyze_Task_Contract --
1415 ---------------------------
1417 -- WARNING: This routine manages SPARK regions. Return statements must be
1418 -- replaced by gotos which jump to the end of the routine and restore the
1419 -- SPARK mode.
1426 -- Save the SPARK_Mode-related data to restore on exit
1430 begin
1431 -- Do not analyze a contract multiple times
1436 else
1441 -- Due to the timing of contract analysis, delayed pragmas may be
1442 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1443 -- context. To remedy this, restore the original SPARK_Mode of the
1444 -- related task unit.
1448 -- Analyze Global first, as Depends may mention items classified in the
1449 -- global categorization.
1457 -- Depends must be analyzed after Global in order to see the modes of
1458 -- all global items.
1466 -- Restore the SPARK_Mode of the enclosing context after all delayed
1467 -- pragmas have been analyzed.
1472 ---------------------------
1473 -- Analyze_Type_Contract --
1474 ---------------------------
1477 begin
1478 Check_Type_Or_Object_External_Properties
1481 -- Analyze Pre/Post on access-to-subprogram type
1484 Analyze_Entry_Or_Subprogram_Contract
1489 ---------------------------------------
1490 -- Build_Subprogram_Contract_Wrapper --
1491 ---------------------------------------
1493 procedure Build_Subprogram_Contract_Wrapper
1498 is
1509 begin
1510 -- When there are no postcondition statements we do not need to
1511 -- generate a wrapper.
1517 -- Obtain the related subprogram id from the body id.
1521 else
1526 -- Generate the contracts wrapper by moving the original declarations
1527 -- and statements within a local subprogram, calling it and possibly
1528 -- preserving the result for the purpose of evaluating postconditions,
1529 -- contracts, type invariants, etc.
1531 -- In the case of a function, generate:
1532 --
1533 -- function Original_Func (X : in out Integer) return Typ is
1534 -- <prologue renamings>
1535 -- <preconditions>
1536 --
1537 -- function _Wrapped_Statements return Typ is
1538 -- <original declarations>
1539 -- begin
1540 -- <original statements>
1541 -- end;
1542 --
1543 -- begin
1544 -- return
1545 -- Result_Obj : constant Typ := _Wrapped_Statements
1546 -- do
1547 -- <postconditions statements>
1548 -- end return;
1549 -- end;
1551 -- Or else, in the case of a procedure, generate:
1552 --
1553 -- procedure Original_Proc (X : in out Integer) is
1554 -- <prologue renamings>
1555 -- <preconditions>
1556 --
1557 -- procedure _Wrapped_Statements is
1558 -- <original declarations>
1559 -- begin
1560 -- <original statements>
1561 -- end;
1562 --
1563 -- begin
1564 -- _Wrapped_Statements;
1565 -- <postconditions statements>
1566 -- end;
1568 -- Create Identifier
1575 Set_Has_Pragma_Inline_Always
1578 -- Create specification and declaration for the wrapper
1581 Wrapper_Spec :=
1584 else
1585 Wrapper_Spec :=
1591 -- Create the wrapper body using Body_Id's statements and declarations
1593 Wrapper_Body :=
1597 Handled_Statement_Sequence =>
1606 -- Prepend a call to the wrapper when the subprogram is a procedure
1612 Set_Statements
1615 -- Generate the post-execution statements and the extended return
1616 -- when the subprogram being wrapped is a function.
1618 else
1625 Object_Definition =>
1627 Expression =>
1629 Name =>
1631 Handled_Statement_Sequence =>
1637 ----------------------------------
1638 -- Build_Entry_Contract_Wrapper --
1639 ----------------------------------
1645 procedure Add_Discriminant_Renamings
1648 -- Add renaming declarations for all discriminants of concurrent type
1649 -- Conc_Typ. Obj_Id is the entity of the wrapper formal parameter which
1650 -- represents the concurrent object.
1652 procedure Add_Matching_Formals
1655 -- Add formal parameters that match those of entry E to list Formals.
1656 -- The routine also adds matching actuals for the new formals to list
1657 -- Actuals.
1660 -- Relocate pragma Prag to list To. The routine creates a new list if
1661 -- To does not exist.
1663 --------------------------------
1664 -- Add_Discriminant_Renamings --
1665 --------------------------------
1667 procedure Add_Discriminant_Renamings
1670 is
1674 begin
1675 -- Inspect the discriminants of the concurrent type and generate a
1676 -- renaming for each one.
1681 Renaming_Decl :=
1683 Defining_Identifier =>
1685 Subtype_Mark =>
1687 Name =>
1690 Selector_Name =>
1700 --------------------------
1701 -- Add_Matching_Formals --
1702 --------------------------
1704 procedure Add_Matching_Formals
1707 is
1711 begin
1712 -- Inspect the formal parameters of the entry and generate a new
1713 -- matching formal with the same name for the wrapper. A reference
1714 -- to the new formal becomes an actual in the entry call.
1724 Parameter_Type =>
1736 ---------------------
1737 -- Transfer_Pragma --
1738 ---------------------
1743 begin
1754 -- Local variables
1768 -- Start of processing for Build_Entry_Contract_Wrapper
1770 begin
1771 -- This routine generates a specialized wrapper for a protected or task
1772 -- entry [family] which implements precondition/postcondition semantics.
1773 -- Preconditions and case guards of contract cases are checked before
1774 -- the protected action or rendezvous takes place.
1776 -- procedure Wrapper
1777 -- (Obj_Id : Conc_Typ; -- concurrent object
1778 -- [Index : Index_Typ;] -- index of entry family
1779 -- [Formal_1 : ...; -- parameters of original entry
1780 -- Formal_N : ...])
1781 -- is
1782 -- [Discr_1 : ... renames Obj_Id.Discr_1; -- discriminant
1783 -- Discr_N : ... renames Obj_Id.Discr_N;] -- renamings
1785 -- <contracts pragmas>
1786 -- <case guard checks>
1788 -- begin
1789 -- Entry_Call (Obj_Id, [Index,] [Formal_1, Formal_N]);
1790 -- end Wrapper;
1792 -- Create the wrapper only when the entry has at least one executable
1793 -- contract item such as contract cases, precondition or postcondition.
1797 -- Inspect the list of pre/postconditions and transfer all available
1798 -- pragmas to the declarative list of the wrapper.
1803 | Name_Precondition
1805 then
1813 -- Inspect the list of test/contract cases and transfer only contract
1814 -- cases pragmas to the declarative part of the wrapper.
1820 then
1829 -- The entry lacks executable contract items and a wrapper is not needed
1835 -- Create the profile of the wrapper. The first formal parameter is the
1836 -- concurrent object.
1838 Obj_Id :=
1849 -- Construct the call to the original entry. The call will be gradually
1850 -- augmented with an optional entry index and extra parameters.
1852 Call_Nam :=
1857 -- When creating a wrapper for an entry family, the second formal is the
1858 -- entry index.
1866 Parameter_Type =>
1869 -- The call to the original entry becomes an indexed component to
1870 -- accommodate the entry index.
1872 Call_Nam :=
1878 -- Add formal parameters to match those of the entry and build actuals
1879 -- for the entry call.
1883 Call :=
1888 -- Add renaming declarations for the discriminants of the enclosing type
1889 -- as the various contract items may reference them.
1893 Wrapper_Id :=
1898 -- The wrapper body is analyzed when the enclosing type is frozen
1902 Specification =>
1907 Handled_Statement_Sequence =>
1912 ---------------------------
1913 -- Check_Class_Condition --
1914 ---------------------------
1916 procedure Check_Class_Condition
1921 is
1923 -- Check reference to formal of inherited operation or to primitive
1924 -- operation of root type.
1926 ------------------
1927 -- Check_Entity --
1928 ------------------
1934 begin
1937 and then
1939 and then
1942 then
1943 -- These checks do not apply to dispatching calls within the
1944 -- condition, but only to calls whose static tag is that of
1945 -- the parent type.
1950 then
1954 -- Determine whether entity has a renaming
1961 -- AI12-0166: A precondition for a protected operation
1962 -- cannot include an internal call to a protected function
1963 -- of the type. In the case of an inherited condition for an
1964 -- overriding operation, both the operation and the function
1965 -- are given by primitive wrappers.
1967 if Is_Precondition
1972 then
1974 Error_Msg_NE
1981 -- Check that there are no calls left to abstract operations if
1982 -- the current subprogram is not abstract.
1987 then
1990 then
1995 Error_Msg_NE
1998 else
1999 Error_Msg_NE
2004 -- In SPARK mode, report error on inherited condition for an
2005 -- inherited operation if it contains a call to an overriding
2006 -- operation, because this implies that the pre/postconditions
2007 -- of the inherited operation have changed silently.
2010 and then Warn_On_Suspicious_Contract
2014 then
2015 Error_Msg_N
2020 Error_Msg_NE
2033 -- Start of processing for Check_Class_Condition
2035 begin
2036 -- No check required if the subprograms match
2047 -----------------------------
2048 -- Create_Generic_Contract --
2049 -----------------------------
2056 -- Add a single contract-related source pragma Prag to the contract of
2057 -- generic template Templ_Id.
2059 ---------------------------------
2060 -- Add_Generic_Contract_Pragma --
2061 ---------------------------------
2066 begin
2067 -- Mark the pragma to prevent the premature capture of global
2068 -- references when capturing global references of the context
2069 -- (see Save_References_In_Pragma).
2073 -- Pragmas that apply to a generic subprogram declaration are not
2074 -- part of the semantic structure of the generic template:
2076 -- generic
2077 -- procedure Example (Formal : Integer);
2078 -- pragma Precondition (Formal > 0);
2080 -- Create a generic template for such pragmas and link the template
2081 -- of the pragma with the generic template.
2084 Rewrite
2091 -- Otherwise link the pragma with the generic template
2093 else
2097 exception
2098 -- We do not stop the compilation at this point in the case of an
2099 -- invalid pragma because it will be properly diagnosed afterward.
2104 -- Local variables
2109 -- Start of processing for Create_Generic_Contract
2111 begin
2112 -- A generic package declaration carries contract-related source pragmas
2113 -- in its visible declarations.
2122 -- A generic package body carries contract-related source pragmas in its
2123 -- declarations.
2132 -- Generic subprogram declaration
2137 else
2141 -- When the generic subprogram acts as a compilation unit, inspect
2142 -- the Pragmas_After list for contract-related source pragmas.
2147 then
2151 -- Otherwise inspect the successive declarations for contract-related
2152 -- source pragmas.
2154 else
2158 -- A generic subprogram body carries contract-related source pragmas in
2159 -- its declarations.
2169 -- Inspect the relevant declarations looking for contract-related source
2170 -- pragmas and add them to the contract of the generic unit.
2176 -- The source pragma is a contract annotation
2182 -- The region where a contract-related source pragma may appear
2183 -- ends with the first source non-pragma declaration or statement.
2185 else
2194 --------------------------------
2195 -- Expand_Subprogram_Contract --
2196 --------------------------------
2202 procedure Add_Invariant_And_Predicate_Checks
2206 -- Process the result of function Subp_Id (if applicable) and all its
2207 -- formals. Add invariant and predicate checks where applicable. The
2208 -- routine appends all the checks to list Stmts. If Subp_Id denotes a
2209 -- function, Result contains the entity of parameter _Result, to be
2210 -- used in the creation of procedure _Postconditions.
2212 procedure Add_Stable_Property_Contracts
2214 -- Augment postcondition contracts to reflect Stable_Property aspect
2215 -- (if Class_Present = False) or Stable_Property'Class aspect (if
2216 -- Class_Present = True).
2219 -- Append a node to a list. If there is no list, create a new one. When
2220 -- the item denotes a pragma, it is added to the list only when it is
2221 -- enabled.
2223 procedure Process_Contract_Cases
2226 -- Process pragma Contract_Cases. This routine prepends items to the
2227 -- body declarations and appends items to list Stmts.
2230 -- Collect all [inherited] spec and body postconditions and accumulate
2231 -- their pragma Check equivalents in list Stmts.
2234 -- Collect all [inherited] spec and body preconditions and prepend their
2235 -- pragma Check equivalents to the declarations of the body.
2237 ----------------------------------------
2238 -- Add_Invariant_And_Predicate_Checks --
2239 ----------------------------------------
2241 procedure Add_Invariant_And_Predicate_Checks
2245 is
2247 -- Id denotes the return value of a function or a formal parameter.
2248 -- Add an invariant check if the type of Id is access to a type with
2249 -- invariants. The routine appends the generated code to Stmts.
2252 -- Determine whether type Typ can benefit from invariant checks. To
2253 -- qualify, the type must have a non-null invariant procedure and
2254 -- subprogram Subp_Id must appear visible from the point of view of
2255 -- the type.
2257 ---------------------------------
2258 -- Add_Invariant_Access_Checks --
2259 ---------------------------------
2266 begin
2273 Ref :=
2278 -- Generate:
2279 -- if <Id> /= null then
2280 -- <invariant_call (<Ref>)>
2281 -- end if;
2283 Append_Enabled_Item
2286 Condition =>
2297 -------------------------
2298 -- Invariant_Checks_OK --
2299 -------------------------
2303 -- Determine whether type Typ has public visibility of subprogram
2304 -- Subp_Id.
2306 -----------------------------------------
2307 -- Has_Public_Visibility_Of_Subprogram --
2308 -----------------------------------------
2313 begin
2314 -- An Initialization procedure must be considered visible even
2315 -- though it is internally generated.
2323 -- Internally generated code is never publicly visible except
2324 -- for a subprogram that is the implementation of an expression
2325 -- function. In that case the visibility is determined by the
2326 -- last check.
2329 and then
2331 or else not
2333 then
2336 -- Determine whether the subprogram is declared in the visible
2337 -- declarations of the package containing the type, or in the
2338 -- visible declaration of a child unit of that package.
2341 declare
2348 begin
2349 return
2350 Decls = Visible_Declarations
2353 or else
2357 and then
2359 and then
2360 Decls = Visible_Declarations
2361 (Specification
2365 -- Determine whether the subprogram is a child subprogram of
2366 -- of the package containing the type.
2368 else
2369 pragma Assert
2372 declare
2377 begin
2378 return
2380 and then
2382 or else
2384 and then Is_Ancestor_Package
2390 -- Start of processing for Invariant_Checks_OK
2392 begin
2393 return
2400 -- Local variables
2403 -- Source location of subprogram body contract
2408 -- Start of processing for Add_Invariant_And_Predicate_Checks
2410 begin
2413 -- Process the result of a function
2418 -- Generate _Result which is used in procedure _Postconditions to
2419 -- verify the return value.
2424 -- Add an invariant check when the return type has invariants and
2425 -- the related function is visible to the outside.
2428 Append_Enabled_Item
2434 -- Add an invariant check when the return type is an access to a
2435 -- type with invariants.
2440 -- Add invariant checks for all formals that qualify (see AI05-0289
2441 -- and AI12-0044).
2450 then
2452 Append_Enabled_Item
2460 -- Note: we used to add predicate checks for OUT and IN OUT
2461 -- formals here, but that was misguided, since such checks are
2462 -- performed on the caller side, based on the predicate of the
2463 -- actual, rather than the predicate of the formal.
2471 -----------------------------------
2472 -- Add_Stable_Property_Contracts --
2473 -----------------------------------
2475 procedure Add_Stable_Property_Contracts
2477 is
2480 procedure Insert_Stable_Property_Check
2482 -- Build the pragma for one check and insert it in the tree.
2484 function Make_Stable_Property_Condition
2486 -- Builds tree for "Func (Formal) = Func (Formal)'Old" expression.
2488 function Stable_Properties
2491 -- If no aspect specified, then returns length-zero result.
2492 -- Negated indicates that reserved word NOT was specified.
2494 ----------------------------------
2495 -- Insert_Stable_Property_Check --
2496 ----------------------------------
2498 procedure Insert_Stable_Property_Check
2502 New_List
2503 (Make_Pragma_Argument_Association
2505 Expression =>
2506 Make_Stable_Property_Condition
2509 Make_Pragma_Argument_Association
2511 Expression =>
2512 Make_String_Literal
2514 Strval =>
2515 "failed stable property check at "
2523 )));
2527 Pragma_Identifier =>
2534 begin
2538 ------------------------------------
2539 -- Make_Stable_Property_Condition --
2540 ------------------------------------
2542 function Make_Stable_Property_Condition
2544 is
2546 (Make_Function_Call
2548 Name =>
2550 Parameter_Associations =>
2552 begin
2553 return Make_Op_Eq
2555 Call_Property_Function,
2556 Make_Attribute_Reference
2562 -----------------------
2563 -- Stable_Properties --
2564 -----------------------
2566 function Stable_Properties
2568 return Subprogram_List
2569 is
2571 Find_Value_Of_Aspect
2574 begin
2575 -- ??? For a derived type, we wish Find_Value_Of_Aspect
2576 -- somehow knew that this aspect is not inherited.
2577 -- But it doesn't, so we cope with that here.
2578 --
2579 -- There are probably issues here with inheritance from
2580 -- interface types, where just looking for the one parent type
2581 -- isn't enough. But this is far from the only work needed for
2582 -- Stable_Properties'Class for interface types.
2585 declare
2588 begin
2590 Find_Value_Of_Aspect
2593 then
2594 -- prevent inheritance
2602 -- This is a little bit subtle.
2603 -- We need to assign True in the Subp_Id case in order to
2604 -- distinguish between no aspect spec at all vs. an
2605 -- explicitly specified "with S_P => []" empty list.
2606 -- In both cases Stable_Properties will return a length-0
2607 -- array, but the two cases are not equivalent.
2608 -- Very roughly speaking the lack of an S_P aspect spec for
2609 -- a subprogram would be equivalent to something like
2610 -- "with S_P => [not]", where we apply the "not" modifier to
2611 -- an empty set of subprograms, if such a construct existed.
2612 -- We could just assign True here, but it seems untidy to
2613 -- return True in the case of an aspect spec for a type
2614 -- (since negation is only allowed for subp S_P aspects).
2617 else
2618 return Parse_Aspect_Stable_Properties
2630 -- start of processing for Add_Stable_Property_Contracts
2632 begin
2634 then
2646 then
2647 -- ??? Need to filter out checks for SPFs that are
2648 -- mentioned explicitly in the postcondition of
2649 -- Subp_Id.
2651 Insert_Stable_Property_Check
2657 declare
2663 function Excluded_By_Aspect_Spec_Of_Subp
2665 -- Examine Subp_Properties to determine whether SPF should
2666 -- be excluded.
2668 -------------------------------------
2669 -- Excluded_By_Aspect_Spec_Of_Subp --
2670 -------------------------------------
2672 function Excluded_By_Aspect_Spec_Of_Subp
2674 begin
2676 -- Look through renames for equality test here ???
2680 -- Look through renames for equality test here ???
2683 begin
2687 -- ??? Need to filter out checks for SPFs that are
2688 -- mentioned explicitly in the postcondition of
2689 -- Subp_Id.
2690 Insert_Stable_Property_Check
2701 -------------------------
2702 -- Append_Enabled_Item --
2703 -------------------------
2706 begin
2707 -- Do not chain ignored or disabled pragmas
2711 then
2714 -- Otherwise, add the item
2716 else
2721 -- If the pragma is a conjunct in a composite postcondition, it
2722 -- has been processed in reverse order. In the postcondition body
2723 -- it must appear before the others.
2728 then
2730 else
2736 ----------------------------
2737 -- Process_Contract_Cases --
2738 ----------------------------
2740 procedure Process_Contract_Cases
2743 is
2745 -- Process pragma Contract_Cases for subprogram Subp_Id
2747 --------------------------------
2748 -- Process_Contract_Cases_For --
2749 --------------------------------
2755 begin
2764 Expand_Pragma_Contract_Cases
2774 Expand_Pragma_Subprogram_Variant
2786 -- Start of processing for Process_Contract_Cases
2788 begin
2796 ----------------------------
2797 -- Process_Postconditions --
2798 ----------------------------
2802 -- Collect all [refined] postconditions of a specific kind denoted
2803 -- by Post_Nam that belong to the body, and generate pragma Check
2804 -- equivalents in list Stmts.
2807 -- Collect all [inherited] postconditions of the spec, and generate
2808 -- pragma Check equivalents in list Stmts.
2810 ---------------------------------
2811 -- Process_Body_Postconditions --
2812 ---------------------------------
2820 begin
2821 -- Process the contract
2828 then
2829 Append_Enabled_Item
2838 -- The subprogram body being processed is actually the proper body
2839 -- of a stub with a corresponding spec. The subprogram stub may
2840 -- carry a postcondition pragma, in which case it must be taken
2841 -- into account. The pragma appears after the stub.
2847 -- Note that non-matching pragmas are skipped
2852 then
2853 Append_Enabled_Item
2858 -- Skip internally generated code
2863 -- Postcondition pragmas are usually grouped together. There
2864 -- is no need to inspect the whole declarative list.
2866 else
2875 ---------------------------------
2876 -- Process_Spec_Postconditions --
2877 ---------------------------------
2885 -- Return True if the contract of subprogram Subp_Id has been
2886 -- processed.
2888 ---------------
2889 -- Seen_Subp --
2890 ---------------
2893 begin
2903 -- Local variables
2910 -- Start of processing for Process_Spec_Postconditions
2912 begin
2913 -- Process the contract
2922 then
2923 Append_Enabled_Item
2932 -- Process the contracts of all inherited subprograms, looking for
2933 -- class-wide postconditions.
2942 -- Wrappers of class-wide pre/postconditions reference the
2943 -- parent primitive that has the inherited contract.
2947 then
2960 then
2961 Item :=
2962 Build_Pragma_Check_Equivalent
2967 -- The pragma Check equivalent of the class-wide
2968 -- postcondition is still created even though the
2969 -- pragma may be ignored because the equivalent
2970 -- performs semantic checks.
2984 -- Stmts is passed as IN OUT to signal that the list can be updated,
2985 -- even if the corresponding integer value representing the list does
2986 -- not change.
2988 -- Start of processing for Process_Postconditions
2990 begin
2991 -- The processing of postconditions is done in reverse order (body
2992 -- first) to ensure the following arrangement:
2994 -- <refined postconditions from body>
2995 -- <postconditions from body>
2996 -- <postconditions from spec>
2997 -- <inherited postconditions>
3003 Process_Spec_Postconditions;
3007 ---------------------------
3008 -- Process_Preconditions --
3009 ---------------------------
3013 -- The insertion node after which all pragma Check equivalents are
3014 -- inserted.
3017 -- Prepend a single item to the declarations of the subprogram body
3020 -- Prepend a normal precondition to the declarations of the body and
3021 -- analyze it.
3024 -- Collect all preconditions of subprogram Subp_Id and prepend their
3025 -- pragma Check equivalents to the declarations of the body.
3027 ----------------------
3028 -- Prepend_To_Decls --
3029 ----------------------
3032 begin
3033 -- Ensure that the body has a declarative list
3043 -----------------------------
3044 -- Prepend_Pragma_To_Decls --
3045 -----------------------------
3050 begin
3051 -- Skip the sole class-wide precondition (if any) since it is
3052 -- processed by Merge_Class_Conditions.
3057 -- Accumulate the corresponding Check pragmas at the top of the
3058 -- declarations. Prepending the items ensures that they will be
3059 -- evaluated in their original order.
3061 else
3068 -------------------------------
3069 -- Process_Preconditions_For --
3070 -------------------------------
3079 begin
3080 -- Process the contract. If the body is an expression function
3081 -- that is a completion, freeze types within, because this may
3082 -- not have been done yet, when the subprogram declaration and
3083 -- its completion by an expression function appear in distinct
3084 -- declarative lists of the same unit (visible and private).
3086 Freeze_T :=
3097 then
3098 if Freeze_T
3100 then
3101 Freeze_Expr_Types
3104 Expr =>
3105 Expression
3117 -- The subprogram declaration being processed is actually a body
3118 -- stub. The stub may carry a precondition pragma, in which case
3119 -- it must be taken into account. The pragma appears after the
3120 -- stub.
3124 -- Inspect the declarations following the body stub
3129 -- Note that non-matching pragmas are skipped
3134 then
3138 -- Skip internally generated code
3143 -- Preconditions are usually grouped together. There is no
3144 -- need to inspect the whole declarative list.
3146 else
3155 -- Local variables
3161 -- Start of processing for Process_Preconditions
3163 begin
3164 -- Find the proper insertion point for all pragma Check equivalents
3170 -- First source declaration terminates the search, because all
3171 -- preconditions must be evaluated prior to it, by definition.
3176 -- Certain internally generated object renamings such as those
3177 -- for discriminants and protection fields must be elaborated
3178 -- before the preconditions are evaluated, as their expressions
3179 -- may mention the discriminants. The renamings include those
3180 -- for private components so we need to find the last such.
3185 loop
3191 -- Otherwise the declaration does not come from source. This
3192 -- also terminates the search, because internal code may raise
3193 -- exceptions which should not preempt the preconditions.
3195 else
3202 -- The processing of preconditions is done in reverse order (body
3203 -- first), because each pragma Check equivalent is inserted at the
3204 -- top of the declarations. This ensures that the final order is
3205 -- consistent with following diagram:
3207 -- <inherited preconditions>
3208 -- <preconditions from spec>
3209 -- <preconditions from body>
3213 -- Move the generated entry-call prologue renamings into the
3214 -- outer declarations for use in the preconditions.
3232 -- Local variables
3240 -- Start of processing for Expand_Subprogram_Contract
3242 begin
3243 -- Obtain the entity of the initial declaration
3247 else
3251 -- Do not perform expansion activity when it is not needed
3256 -- GNATprove does not need the executable semantics of a contract
3261 -- The contract of a generic subprogram or one declared in a generic
3262 -- context is not expanded, as the corresponding instance will provide
3263 -- the executable semantics of the contract.
3268 -- All subprograms carry a contract, but for some it is not significant
3269 -- and should not be processed. This is a small optimization.
3274 -- The contract of an ignored Ghost subprogram does not need expansion,
3275 -- because the subprogram and all calls to it will be removed.
3280 -- No action needed for helpers and indirect-call wrapper built to
3281 -- support class-wide preconditions.
3286 -- Do not re-expand the same contract. This scenario occurs when a
3287 -- construct is rewritten into something else during its analysis
3288 -- (expression functions for instance).
3294 -- Prevent multiple expansion attempts of the same contract
3298 -- Ensure that the formal parameters are visible when expanding all
3299 -- contract items.
3307 else
3312 -- The expansion of a subprogram contract involves the creation of Check
3313 -- pragmas to verify the contract assertions of the spec and body in a
3314 -- particular order. The order is as follows:
3316 -- function Original_Code (...) return ... is
3317 -- <prologue renamings>
3318 -- <inherited preconditions>
3319 -- <preconditions from spec>
3320 -- <preconditions from body>
3321 -- <contract case conditions>
3323 -- function _Wrapped_Statements (...) return ... is
3324 -- <source declarations>
3325 -- begin
3326 -- <source statements>
3327 -- end _Wrapped_Statements;
3329 -- begin
3330 -- return Result : constant ... := _Wrapped_Statements do
3331 -- <refined postconditions from body>
3332 -- <postconditions from body>
3333 -- <postconditions from spec>
3334 -- <inherited postconditions>
3335 -- <contract case consequences>
3336 -- <invariant check of function result>
3337 -- <invariant and predicate checks of parameters
3338 -- end return;
3339 -- end Original_Code;
3341 -- Step 1: augment contracts list with postconditions associated with
3342 -- Stable_Properties and Stable_Properties'Class aspects. This must
3343 -- precede Process_Postconditions.
3346 Add_Stable_Property_Contracts
3350 -- Step 2: Handle all preconditions. This action must come before the
3351 -- processing of pragma Contract_Cases because the pragma prepends items
3352 -- to the body declarations.
3356 -- Step 3: Handle all postconditions. This action must come before the
3357 -- processing of pragma Contract_Cases because the pragma appends items
3358 -- to list Stmts.
3362 -- Step 4: Handle pragma Contract_Cases. This action must come before
3363 -- the processing of invariants and predicates because those append
3364 -- items to list Stmts.
3368 -- Step 5: Apply invariant and predicate checks on a function result and
3369 -- all formals. The resulting checks are accumulated in list Stmts.
3373 -- Step 6: Construct subprogram _wrapped_statements
3375 -- When no statements are present we still need to insert contract
3376 -- related declarations.
3381 -- Otherwise, we need a wrapper
3383 else
3388 End_Scope;
3392 -------------------------------
3393 -- Freeze_Previous_Contracts --
3394 -------------------------------
3399 -- Determine whether arbitrary node N causes contract freezing. This is
3400 -- used as an assertion for the current body declaration that caused
3401 -- contract freezing, and as a condition to detect body declaration that
3402 -- already caused contract freezing before.
3406 -- Freeze the contracts of all eligible constructs which precede body
3407 -- Body_Decl.
3411 -- Freeze the contract of the nearest package body (if any) which
3412 -- encloses body Body_Decl.
3414 ------------------------------
3415 -- Causes_Contract_Freezing --
3416 ------------------------------
3419 begin
3420 -- The following condition matches guards for calls to
3421 -- Freeze_Previous_Contracts from routines that analyze various body
3422 -- declarations. In particular, it detects expression functions, as
3423 -- described in the call from Analyze_Subprogram_Body_Helper.
3425 return
3427 and then
3429 N_Entry_Body | N_Package_Body | N_Protected_Body |
3430 N_Subprogram_Body | N_Subprogram_Body_Stub | N_Task_Body;
3433 ----------------------
3434 -- Freeze_Contracts --
3435 ----------------------
3441 begin
3442 -- Nothing to do when the body which causes freezing does not appear
3443 -- in a declarative list because there cannot possibly be constructs
3444 -- with contracts.
3450 -- Inspect the declarations preceding the body, and freeze individual
3451 -- contracts of eligible constructs.
3456 -- Stop the traversal when a preceding construct that causes
3457 -- freezing is encountered as there is no point in refreezing
3458 -- the already frozen constructs.
3463 -- Entry or subprogram declarations
3466 | N_Entry_Declaration
3467 | N_Generic_Subprogram_Declaration
3468 | N_Subprogram_Declaration
3469 then
3470 Analyze_Entry_Or_Subprogram_Contract
3474 -- Objects
3477 Analyze_Object_Contract
3481 -- Protected units
3484 | N_Single_Protected_Declaration
3485 then
3488 -- Subprogram body stubs
3493 -- Task units
3496 | N_Task_Type_Declaration
3497 then
3502 | N_Private_Type_Declaration
3503 | N_Task_Type_Declaration
3504 | N_Protected_Type_Declaration
3505 | N_Formal_Type_Declaration
3506 then
3514 -----------------------------------
3515 -- Freeze_Enclosing_Package_Body --
3516 -----------------------------------
3522 begin
3523 -- Climb the parent chain looking for an enclosing package body. Do
3524 -- not use the scope stack, because a body utilizes the entity of its
3525 -- corresponding spec.
3530 Analyze_Package_Body_Contract
3536 -- Do not look for an enclosing package body when the construct
3537 -- which causes freezing is a body generated for an expression
3538 -- function and it appears within a package spec. This ensures
3539 -- that the traversal will not reach too far up the parent chain
3540 -- and attempt to freeze a package body which must not be frozen.
3542 -- package body Enclosing_Body
3543 -- with Refined_State => (State => Var)
3544 -- is
3545 -- package Nested is
3546 -- type Some_Type is ...;
3547 -- function Cause_Freezing return ...;
3548 -- private
3549 -- function Cause_Freezing is (...);
3550 -- end Nested;
3551 --
3552 -- Var : Nested.Some_Type;
3556 then
3559 -- Prevent the search from going too far
3569 -- Local variables
3573 -- Start of processing for Freeze_Previous_Contracts
3575 begin
3578 -- A body that is in the process of being inlined appears from source,
3579 -- but carries name _parent. Such a body does not cause freezing of
3580 -- contracts.
3586 Freeze_Enclosing_Package_Body;
3587 Freeze_Contracts;
3590 ---------------------------------
3591 -- Inherit_Subprogram_Contract --
3592 ---------------------------------
3594 procedure Inherit_Subprogram_Contract
3597 is
3599 -- Propagate a pragma denoted by Prag_Id from From_Subp's contract to
3600 -- Subp's contract.
3602 --------------------
3603 -- Inherit_Pragma --
3604 --------------------
3610 begin
3611 -- A pragma cannot be part of more than one First_Pragma/Next_Pragma
3612 -- chains, therefore the node must be replicated. The new pragma is
3613 -- flagged as inherited for distinction purposes.
3623 -- Start of processing for Inherit_Subprogram_Contract
3625 begin
3626 -- Inheritance is carried out only when both entities are subprograms
3627 -- with contracts.
3632 then
3638 -------------------------------------
3639 -- Instantiate_Subprogram_Contract --
3640 -------------------------------------
3644 -- Instantiate all contract-related source pragmas found in the list,
3645 -- starting with pragma First_Prag. Each instantiated pragma is added
3646 -- to list L.
3648 -------------------------
3649 -- Instantiate_Pragmas --
3650 -------------------------
3656 begin
3660 Inst_Prag :=
3671 -- Local variables
3675 -- Start of processing for Instantiate_Subprogram_Contract
3677 begin
3685 --------------------------
3686 -- Is_Prologue_Renaming --
3687 --------------------------
3689 -- This should be turned into a flag and set during the expansion of
3690 -- task and protected types when the renamings get generated ???
3698 begin
3701 then
3706 -- Analyze the renaming declaration so we can further examine it
3715 -- A discriminant renaming appears as
3716 -- Discr : constant ... := Prefix.Discr;
3722 then
3725 -- A protection field renaming appears as
3726 -- Prot : ... := _object._object;
3728 -- A renamed private component is just a component of
3729 -- _object, with an arbitrary name.
3735 then
3744 -----------------------------------
3745 -- Make_Class_Precondition_Subps --
3746 -----------------------------------
3748 procedure Make_Class_Precondition_Subps
3751 is
3756 -- Build the indirect-call wrapper and append it to the freezing actions
3757 -- of Tagged_Type.
3759 procedure Add_Call_Helper
3762 -- Factorizes code for building a call helper with the given identifier
3763 -- and append it to the freezing actions of Tagged_Type. Is_Dynamic
3764 -- controls building the static or dynamic version of the helper.
3767 -- Build an unique new name adding suffix to Subp_Id name (plus its
3768 -- homonym number for values bigger than 1).
3770 -------------------------------
3771 -- Add_Indirect_Call_Wrapper --
3772 -------------------------------
3777 -- Build the body of the indirect call wrapper
3780 -- Build the declaration of the indirect call wrapper
3782 --------------------
3783 -- Build_ICW_Body --
3784 --------------------
3793 begin
3796 -- Build call to wrapped subprogram
3798 declare
3802 begin
3803 -- Build parameter association & call
3807 New_Occurrence_Of
3813 Call :=
3817 else
3818 Call :=
3820 Expression =>
3827 ICW_Body :=
3831 Handled_Statement_Sequence =>
3835 -- The new operation is internal and overriding indicators do not
3836 -- apply.
3843 --------------------
3844 -- Build_ICW_Decl --
3845 --------------------
3854 begin
3862 -- The indirect call wrapper is commonly used for indirect calls
3863 -- but inlined for direct calls performed from the DTW.
3873 -- Link original subprogram to indirect wrapper and vice versa
3878 -- Inherit debug info flag to allow debugging the wrapper
3887 -- Local Variables
3892 -- Start of processing for Add_Indirect_Call_Wrapper
3894 begin
3905 -- We cannot defer the analysis of this ICW wrapper when it is
3906 -- built as a consequence of building its partner DTW wrapper
3907 -- at the freezing point of the tagged type.
3914 ---------------------
3915 -- Add_Call_Helper --
3916 ---------------------
3918 procedure Add_Call_Helper
3921 is
3923 -- Build the body of a call helper
3926 -- Build the declaration of a call helper
3929 -- Build the specification of the helper
3931 ----------------------------
3932 -- Build_Call_Helper_Body --
3933 ----------------------------
3937 function Copy_And_Update_References
3939 -- Copy Expr updating references to formals of Helper_Id; update
3940 -- also references to loop identifiers of quantified expressions.
3942 --------------------------------
3943 -- Copy_And_Update_References --
3944 --------------------------------
3946 function Copy_And_Update_References
3948 is
3952 -- Traverse Expr and append to Assoc_List the mapping of loop
3953 -- identifers of quantified expressions with its new copy.
3955 ------------------------------------------------
3956 -- Map_Quantified_Expression_Loop_Identifiers --
3957 ------------------------------------------------
3961 -- Append to Assoc_List the mapping of loop identifers of
3962 -- quantified expressions with its new copy.
3964 --------------------
3965 -- Map_Loop_Param --
3966 --------------------
3969 is
3970 begin
3973 then
3974 declare
3977 begin
3989 begin
3993 -- Local variables
3998 -- Start of processing for Copy_And_Update_References
4000 begin
4009 Map_Quantified_Expression_Loop_Identifiers;
4014 -- Local variables
4023 -- Start of processing for Build_Call_Helper_Body
4025 begin
4036 -- Evaluate the expression if we are building a dynamic helper
4037 -- or we are building a static helper for a non-abstract tagged
4038 -- type; for abstract tagged types the helper just returns True
4039 -- since it is called by the indirect call wrapper (ICW).
4040 and then
4041 (Is_Dynamic
4042 or else
4044 then
4045 Return_Expr :=
4048 -- When the subprogram is compiled with assertions disabled the
4049 -- helper just returns True; done to avoid reporting errors at
4050 -- link time since a unit may be compiled with assertions disabled
4051 -- and another (which depends on it) compiled with assertions
4052 -- enabled.
4054 else
4060 Body_Stmts :=
4065 Helper_Body :=
4074 ----------------------------
4075 -- Build_Call_Helper_Decl --
4076 ----------------------------
4082 begin
4091 -- Inherit debug info flag from Subp_Id to Helper_Id to allow
4092 -- debugging of the helper subprogram.
4101 ----------------------------
4102 -- Build_Call_Helper_Spec --
4103 ----------------------------
4106 is
4116 begin
4117 -- Create a list of formal parameters with the same types as the
4118 -- original subprogram but changing the controlling formal.
4127 = N_Access_Definition
4128 then
4129 Param_Type :=
4136 else
4137 Param_Type :=
4142 else
4148 Defining_Identifier =>
4152 Null_Exclusion_Present => Null_Exclusion_Present
4160 return
4164 Result_Definition =>
4168 -- Local variables
4173 -- Start of processing for Add_Call_Helper
4175 begin
4179 -- Add the helper to the freezing actions of the tagged type
4187 -- If this helper is built as part of building the DTW at the
4188 -- freezing point of its tagged type then we cannot defer
4189 -- its analysis.
4197 -----------------------
4198 -- Build_Unique_Name --
4199 -----------------------
4202 begin
4203 -- Append the homonym number. Strip the leading space character in
4204 -- the image of natural numbers. Also do not add the homonym value
4205 -- of 1.
4208 declare
4211 begin
4220 -- Local variables
4224 -- Start of processing for Make_Class_Precondition_Subps
4226 begin
4229 then
4230 pragma Assert
4236 -- Build and add to the freezing actions of Tagged_Type its
4237 -- dynamic-call helper.
4239 Helper_Id :=
4244 -- Link original subprogram to helper and vice versa
4252 then
4253 -- Build and add to the freezing actions of Tagged_Type its
4254 -- static-call helper.
4256 Helper_Id :=
4262 -- Link original subprogram to helper and vice versa
4267 -- Build and add to the freezing actions of Tagged_Type the
4268 -- indirect-call wrapper.
4270 Add_Indirect_Call_Wrapper;
4275 ----------------------------------------------
4276 -- Process_Class_Conditions_At_Freeze_Point --
4277 ----------------------------------------------
4282 -- Check class-wide pre/postconditions of Spec_Id
4284 function Has_Class_Postconditions_Subprogram
4286 -- Return True if Spec_Id has (or inherits) a postconditions subprogram.
4288 function Has_Class_Preconditions_Subprogram
4290 -- Return True if Spec_Id has (or inherits) a preconditions subprogram.
4292 ----------------------------
4293 -- Check_Class_Conditions --
4294 ----------------------------
4299 begin
4304 Check_Class_Condition
4309 | Class_Precondition);
4314 -----------------------------------------
4315 -- Has_Class_Postconditions_Subprogram --
4316 -----------------------------------------
4318 function Has_Class_Postconditions_Subprogram
4320 begin
4321 return
4322 Present (Nearest_Class_Condition_Subprogram
4325 or else
4326 Present (Nearest_Class_Condition_Subprogram
4331 ----------------------------------------
4332 -- Has_Class_Preconditions_Subprogram --
4333 ----------------------------------------
4335 function Has_Class_Preconditions_Subprogram
4337 begin
4338 return
4339 Present (Nearest_Class_Condition_Subprogram
4342 or else
4343 Present (Nearest_Class_Condition_Subprogram
4348 -- Local variables
4353 -- Start of processing for Process_Class_Conditions_At_Freeze_Point
4355 begin
4361 then
4367 -- Handle wrapper of protected operation
4372 -- Check inherited class-wide conditions, excluding internal
4373 -- entities built for mapping of interface primitives.
4378 then
4387 ----------------------------
4388 -- Merge_Class_Conditions --
4389 ----------------------------
4394 -- Collect all inherited class-wide conditions of Spec_Id and merge
4395 -- them into one big condition.
4397 ----------------------------------
4398 -- Process_Inherited_Conditions --
4399 ----------------------------------
4406 function Inherit_Condition
4409 -- Inherit the class-wide condition from Par_Subp to Subp and adjust
4410 -- all the references to formals in the inherited condition.
4413 -- Merge two class-wide preconditions or postconditions (the former
4414 -- are merged using "or else", and the latter are merged using "and-
4415 -- then"). The changes are accumulated in parameter Into.
4418 -- Return True if the contract of subprogram Id has been processed
4420 -----------------------
4421 -- Inherit_Condition --
4422 -----------------------
4424 function Inherit_Condition
4427 is
4429 -- Used in assertion to check that Expr has no reference to the
4430 -- formals of Par_Subp.
4432 ---------------------
4433 -- Check_Condition --
4434 ---------------------
4440 -- Check occurrence of Par_Formal_Id
4442 ------------------
4443 -- Check_Entity --
4444 ------------------
4447 begin
4451 then
4460 -- Start of processing for Check_Condition
4462 begin
4476 -- Local variables
4483 begin
4492 -- Check that Parent field of all the nodes have their correct
4493 -- decoration; required because otherwise mapped nodes with
4494 -- wrong Parent field are left unmodified in the copied tree
4495 -- and cause reporting wrong errors at later stages.
4497 pragma Assert
4500 New_Condition :=
4501 New_Copy_Tree
4505 -- Ensure that the inherited condition has no reference to the
4506 -- formals of the parent subprogram.
4513 ----------------------
4514 -- Merge_Conditions --
4515 ----------------------
4519 -- Return the boolean expression argument of a condition while
4520 -- updating its parentheses count for the subsequent merge.
4522 --------------------
4523 -- Expression_Arg --
4524 --------------------
4527 begin
4535 -- Local variables
4541 -- Start of processing for Merge_Conditions
4543 begin
4546 -- Merge the two preconditions by "or else"-ing them
4548 when Ignored_Class_Precondition
4549 | Class_Precondition
4550 =>
4556 -- Merge the two postconditions by "and then"-ing them
4558 when Ignored_Class_Postcondition
4559 | Class_Postcondition
4560 =>
4568 ---------------
4569 -- Seen_Subp --
4570 ---------------
4573 begin
4583 -- Local variables
4591 -- Start of processing for Process_Inherited_Conditions
4593 begin
4596 -- Process parent primitives looking for nearest ancestor with
4597 -- class-wide conditions.
4604 then
4609 -- Wrappers of class-wide pre/postconditions reference the
4610 -- parent primitive that has the inherited contract and help
4611 -- us to climb fast.
4615 then
4621 then
4626 Cond := Inherit_Condition
4632 else
4636 Check_Class_Condition
4641 | Class_Precondition);
4642 Build_Class_Wide_Expression
4648 -- We are done as soon as we process the nearest ancestor
4655 -- Process the contract of interface primitives not covered by
4656 -- the nearest ancestor.
4669 then
4672 Cond := Inherit_Condition
4676 Check_Class_Condition
4681 | Class_Precondition);
4682 Build_Class_Wide_Expression
4690 else
4700 -- Local variables
4704 -- Start of processing for Merge_Class_Conditions
4706 begin
4710 -- If this subprogram has class-wide conditions then preanalyze
4711 -- them before processing inherited conditions since conditions
4712 -- are checked and merged from right to left.
4720 -- Preanalyze merged inherited conditions
4729 ---------------------------------
4730 -- Preanalyze_Class_Conditions --
4731 ---------------------------------
4736 begin
4746 --------------------------
4747 -- Preanalyze_Condition --
4748 --------------------------
4750 procedure Preanalyze_Condition
4753 is
4755 -- Clear unset references on formals of Subp since preanalysis
4756 -- occurs in a place unrelated to the actual code.
4759 -- Traverse Expr and clear the Controlling_Argument of calls to
4760 -- nonabstract functions.
4763 -- Traverse Expr searching for dispatching calls to functions whose
4764 -- original node was a selected component, and replace them with
4765 -- their original node.
4767 ----------------------------
4768 -- Clear_Unset_References --
4769 ----------------------------
4774 begin
4781 ----------------------------------
4782 -- Remove_Controlling_Arguments --
4783 ----------------------------------
4787 -- Reset the Controlling_Argument of calls to nonabstract
4788 -- function calls.
4790 ---------------------
4791 -- Remove_Ctrl_Arg --
4792 ---------------------
4795 begin
4799 then
4807 begin
4811 -----------------------------------------
4812 -- Restore_Original_Selected_Component --
4813 -----------------------------------------
4819 -- Traverse the subtree of N fixing the Parent field of all the
4820 -- nodes.
4823 -- Process dispatching calls to functions whose original node was
4824 -- a selected component, and replace them with their original
4825 -- node. Restored nodes are stored in the Restored_Nodes_List
4826 -- to fix the parent fields of their subtrees in a separate
4827 -- tree traversal.
4829 -----------------
4830 -- Fix_Parents --
4831 -----------------
4835 function Fix_Parent
4838 -- Process a single node
4840 ----------------
4841 -- Fix_Parent --
4842 ----------------
4844 function Fix_Parent
4847 is
4850 begin
4854 else
4865 begin
4869 ------------------
4870 -- Restore_Node --
4871 ------------------
4874 begin
4878 then
4882 -- Save the restored node in the Restored_Nodes_List to fix
4883 -- the parent fields of their subtrees in a separate tree
4884 -- traversal.
4894 -- Start of processing for Restore_Original_Selected_Component
4896 begin
4899 -- After restoring the original node we must fix the decoration
4900 -- of the Parent attribute to ensure tree consistency; required
4901 -- because when the class-wide condition is inherited, calls to
4902 -- New_Copy_Tree will perform copies of this subtree, and formal
4903 -- occurrences with wrong Parent field cannot be mapped to the
4904 -- new formals.
4907 declare
4910 begin
4919 -- Start of processing for Preanalyze_Condition
4921 begin
4932 End_Scope;
4934 -- If this preanalyzed condition has occurrences of dispatching calls
4935 -- using the Object.Operation notation, during preanalysis such calls
4936 -- are rewritten as dispatching function calls; if at later stages
4937 -- this condition is inherited we must have restored the original
4938 -- selected-component node to ensure that the preanalysis of the
4939 -- inherited condition rewrites these dispatching calls in the
4940 -- correct context to avoid reporting spurious errors.
4942 Restore_Original_Selected_Component;
4944 -- Traverse Expr and clear the Controlling_Argument of calls to
4945 -- nonabstract functions. Required since the preanalyzed condition
4946 -- is not yet installed on its definite context and will be cloned
4947 -- and extended in derivations with additional conditions.
4949 Remove_Controlling_Arguments;
4951 -- Clear also attribute Unset_Reference; again because preanalysis
4952 -- occurs in a place unrelated to the actual code.
4954 Clear_Unset_References;
4957 ----------------------------------------
4958 -- Save_Global_References_In_Contract --
4959 ----------------------------------------
4961 procedure Save_Global_References_In_Contract
4964 is
4966 -- Save all global references in contract-related source pragmas found
4967 -- in the list, starting with pragma First_Prag.
4969 ------------------------------------
4970 -- Save_Global_References_In_List --
4971 ------------------------------------
4976 begin
4986 -- Local variables
4990 -- Start of processing for Save_Global_References_In_Contract
4992 begin
4993 -- The entity of the analyzed generic copy must be on the scope stack
4994 -- to ensure proper detection of global references.
5000 then
5010 Pop_Scope;
5013 -------------------------
5014 -- Set_Class_Condition --
5015 -------------------------
5017 procedure Set_Class_Condition
5021 is
5022 begin