gcc/ada/a-cfhama.ads

   1 ------------------------------------------------------------------------------
   2 --                                                                          --
   3 --                         GNAT LIBRARY COMPONENTS                          --
   4 --                                                                          --
   5 --    A D A . C O N T A I N E R S . F O R M A L _ H A S H E D _ M A P S     --
   6 --                                                                          --
   7 --                                 S p e c                                  --
   8 --                                                                          --
   9 --          Copyright (C) 2004-2015, Free Software Foundation, Inc.         --
  10 --                                                                          --
  11 -- This specification is derived from the Ada Reference Manual for use with --
  12 -- GNAT. The copyright notice above, and the license provisions that follow --
  13 -- apply solely to the  contents of the part following the private keyword. --
  14 --                                                                          --
  15 -- GNAT is free software;  you can  redistribute it  and/or modify it under --
  16 -- terms of the  GNU General Public License as published  by the Free Soft- --
  17 -- ware  Foundation;  either version 3,  or (at your option) any later ver- --
  18 -- sion.  GNAT is distributed in the hope that it will be useful, but WITH- --
  19 -- OUT ANY WARRANTY;  without even the  implied warranty of MERCHANTABILITY --
  20 -- or FITNESS FOR A PARTICULAR PURPOSE.                                     --
  21 --                                                                          --
  22 -- As a special exception under Section 7 of GPL version 3, you are granted --
  23 -- additional permissions described in the GCC Runtime Library Exception,   --
  24 -- version 3.1, as published by the Free Software Foundation.               --
  25 --                                                                          --
  26 -- You should have received a copy of the GNU General Public License and    --
  27 -- a copy of the GCC Runtime Library Exception along with this program;     --
  28 -- see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see    --
  29 -- <http://www.gnu.org/licenses/>.                                          --
  30 ------------------------------------------------------------------------------
  31
  32 --  This spec is derived from package Ada.Containers.Bounded_Hashed_Maps in the
  33 --  Ada 2012 RM. The modifications are meant to facilitate formal proofs by
  34 --  making it easier to express properties, and by making the specification of
  35 --  this unit compatible with SPARK 2014. Note that the API of this unit may be
  36 --  subject to incompatible changes as SPARK 2014 evolves.
  37
  38 --  The modifications are:
  39
  40 --    A parameter for the container is added to every function reading the
  41 --    contents of a container: Key, Element, Next, Query_Element, Has_Element,
  42 --    Iterate, Equivalent_Keys. This change is motivated by the need to have
  43 --    cursors which are valid on different containers (typically a container C
  44 --    and its previous version C'Old) for expressing properties, which is not
  45 --    possible if cursors encapsulate an access to the underlying container.
  46
  47 --    There are four new functions:
  48
  49 --      function Strict_Equal (Left, Right : Map) return Boolean;
  50 --      function Overlap (Left, Right : Map) return Boolean;
  51 --      function First_To_Previous (Container : Map; Current : Cursor)
  52 --         return Map;
  53 --      function Current_To_Last (Container : Map; Current : Cursor)
  54 --         return Map;
  55
  56 --    See detailed specifications for these subprograms
  57
  58 private with Ada.Containers.Hash_Tables;
  59
  60 generic
  61    type Key_Type is private;
  62    type Element_Type is private;
  63
  64    with function Hash (Key : Key_Type) return Hash_Type;
  65    with function Equivalent_Keys (Left, Right : Key_Type) return Boolean;
  66    with function "=" (Left, Right : Element_Type) return Boolean is <>;
  67
  68 package Ada.Containers.Formal_Hashed_Maps with
  69   Pure,
  70   SPARK_Mode
  71 is
  72    pragma Annotate (GNATprove, External_Axiomatization);
  73
  74    type Map (Capacity : Count_Type; Modulus : Hash_Type) is private with
  75      Iterable => (First       => First,
  76                   Next        => Next,
  77                   Has_Element => Has_Element,
  78                   Element     => Element),
  79      Default_Initial_Condition => Is_Empty (Map);
  80    pragma Preelaborable_Initialization (Map);
  81
  82    type Cursor is private;
  83    pragma Preelaborable_Initialization (Cursor);
  84
  85    Empty_Map : constant Map;
  86
  87    No_Element : constant Cursor;
  88
  89    function "=" (Left, Right : Map) return Boolean with
  90      Global => null;
  91
  92    function Capacity (Container : Map) return Count_Type with
  93      Global => null;
  94
  95    procedure Reserve_Capacity
  96      (Container : in out Map;
  97       Capacity  : Count_Type)
  98    with
  99      Global => null,
 100      Pre    => Capacity <= Container.Capacity;
 101
 102    function Length (Container : Map) return Count_Type with
 103      Global => null;
 104
 105    function Is_Empty (Container : Map) return Boolean with
 106      Global => null;
 107
 108    procedure Clear (Container : in out Map) with
 109      Global => null;
 110
 111    procedure Assign (Target : in out Map; Source : Map) with
 112      Global => null,
 113      Pre    => Target.Capacity >= Length (Source);
 114
 115    function Copy
 116      (Source   : Map;
 117       Capacity : Count_Type := 0) return Map
 118    with
 119      Global => null,
 120      Pre    => Capacity = 0 or else Capacity >= Source.Capacity;
 121    --  Copy returns a container stricty equal to Source. It must have
 122    --  the same cursors associated with each element. Therefore:
 123    --  - capacity=0 means use container.capacity as capacity of target
 124    --  - the modulus cannot be changed.
 125
 126    function Key (Container : Map; Position : Cursor) return Key_Type with
 127      Global => null,
 128      Pre    => Has_Element (Container, Position);
 129
 130    function Element
 131      (Container : Map;
 132       Position  : Cursor) return Element_Type
 133    with
 134      Global => null,
 135      Pre    => Has_Element (Container, Position);
 136
 137    procedure Replace_Element
 138      (Container : in out Map;
 139       Position  : Cursor;
 140       New_Item  : Element_Type)
 141    with
 142      Global => null,
 143      Pre    => Has_Element (Container, Position);
 144
 145    procedure Move (Target : in out Map; Source : in out Map) with
 146      Global => null,
 147      Pre    => Target.Capacity >= Length (Source);
 148
 149    procedure Insert
 150      (Container : in out Map;
 151       Key       : Key_Type;
 152       New_Item  : Element_Type;
 153       Position  : out Cursor;
 154       Inserted  : out Boolean)
 155    with
 156      Global => null,
 157      Pre    => Length (Container) < Container.Capacity;
 158
 159    procedure Insert
 160      (Container : in out Map;
 161       Key       : Key_Type;
 162       New_Item  : Element_Type)
 163    with
 164      Global => null,
 165      Pre    => Length (Container) < Container.Capacity
 166                  and then (not Contains (Container, Key));
 167
 168    procedure Include
 169      (Container : in out Map;
 170       Key       : Key_Type;
 171       New_Item  : Element_Type)
 172    with
 173      Global => null,
 174      Pre    => Length (Container) < Container.Capacity;
 175
 176    procedure Replace
 177      (Container : in out Map;
 178       Key       : Key_Type;
 179       New_Item  : Element_Type)
 180    with
 181      Global => null,
 182      Pre    => Contains (Container, Key);
 183
 184    procedure Exclude (Container : in out Map; Key : Key_Type) with
 185      Global => null;
 186
 187    procedure Delete (Container : in out Map; Key : Key_Type) with
 188      Global => null,
 189      Pre    => Contains (Container, Key);
 190
 191    procedure Delete (Container : in out Map; Position : in out Cursor) with
 192      Global => null,
 193      Pre    => Has_Element (Container, Position);
 194
 195    function First (Container : Map) return Cursor with
 196      Global => null;
 197
 198    function Next (Container : Map; Position : Cursor) return Cursor with
 199      Global => null,
 200      Pre    => Has_Element (Container, Position) or else Position = No_Element;
 201
 202    procedure Next (Container : Map; Position : in out Cursor) with
 203      Global => null,
 204      Pre    => Has_Element (Container, Position) or else Position = No_Element;
 205
 206    function Find (Container : Map; Key : Key_Type) return Cursor with
 207      Global => null;
 208
 209    function Contains (Container : Map; Key : Key_Type) return Boolean with
 210      Global => null;
 211
 212    function Element (Container : Map; Key : Key_Type) return Element_Type with
 213      Global => null,
 214      Pre    => Contains (Container, Key);
 215
 216    function Has_Element (Container : Map; Position : Cursor) return Boolean
 217    with
 218      Global => null;
 219
 220    function Equivalent_Keys
 221      (Left   : Map;
 222       CLeft  : Cursor;
 223       Right  : Map;
 224       CRight : Cursor) return Boolean
 225    with
 226      Global => null;
 227
 228    function Equivalent_Keys
 229      (Left  : Map;
 230       CLeft : Cursor;
 231       Right : Key_Type) return Boolean
 232    with
 233      Global => null;
 234
 235    function Equivalent_Keys
 236      (Left   : Key_Type;
 237       Right  : Map;
 238       CRight : Cursor) return Boolean
 239    with
 240      Global => null;
 241
 242    function Default_Modulus (Capacity : Count_Type) return Hash_Type with
 243      Global => null;
 244
 245    function Strict_Equal (Left, Right : Map) return Boolean with
 246      Ghost,
 247      Global => null;
 248    --  Strict_Equal returns True if the containers are physically equal, i.e.
 249    --  they are structurally equal (function "=" returns True) and that they
 250    --  have the same set of cursors.
 251
 252    function First_To_Previous (Container : Map; Current : Cursor) return Map
 253    with
 254      Ghost,
 255      Global => null,
 256      Pre    => Has_Element (Container, Current) or else Current = No_Element;
 257
 258    function Current_To_Last (Container : Map; Current : Cursor) return Map
 259    with
 260      Ghost,
 261      Global => null,
 262      Pre    => Has_Element (Container, Current) or else Current = No_Element;
 263    --  First_To_Previous returns a container containing all elements preceding
 264    --  Current (excluded) in Container. Current_To_Last returns a container
 265    --  containing all elements following Current (included) in Container.
 266    --  These two new functions can be used to express invariant properties in
 267    --  loops which iterate over containers. First_To_Previous returns the part
 268    --  of the container already scanned and Current_To_Last the part not
 269    --  scanned yet.
 270
 271    function Overlap (Left, Right : Map) return Boolean with
 272      Global => null;
 273    --  Overlap returns True if the containers have common keys
 274
 275 private
 276    pragma SPARK_Mode (Off);
 277
 278    pragma Inline (Length);
 279    pragma Inline (Is_Empty);
 280    pragma Inline (Clear);
 281    pragma Inline (Key);
 282    pragma Inline (Element);
 283    pragma Inline (Contains);
 284    pragma Inline (Capacity);
 285    pragma Inline (Has_Element);
 286    pragma Inline (Equivalent_Keys);
 287    pragma Inline (Next);
 288
 289    type Node_Type is record
 290       Key         : Key_Type;
 291       Element     : Element_Type;
 292       Next        : Count_Type;
 293       Has_Element : Boolean := False;
 294    end record;
 295
 296    package HT_Types is new
 297      Ada.Containers.Hash_Tables.Generic_Bounded_Hash_Table_Types (Node_Type);
 298
 299    type Map (Capacity : Count_Type; Modulus : Hash_Type) is
 300      new HT_Types.Hash_Table_Type (Capacity, Modulus) with null record;
 301
 302    use HT_Types;
 303
 304    type Cursor is record
 305       Node : Count_Type;
 306    end record;
 307
 308    Empty_Map : constant Map := (Capacity => 0, Modulus => 0, others => <>);
 309
 310    No_Element : constant Cursor := (Node => 0);
 311
 312 end Ada.Containers.Formal_Hashed_Maps;