| blob | a6670fa7697d201dfcaaf90a4c3e391fe63f0dda |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C H E C K S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 1992-2017, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
69 -- General note: many of these routines are concerned with generating
70 -- checking code to make sure that constraint error is raised at runtime.
71 -- Clearly this code is only needed if the expander is active, since
72 -- otherwise we will not be generating code or going into the runtime
73 -- execution anyway.
75 -- We therefore disconnect most of these checks if the expander is
76 -- inactive. This has the additional benefit that we do not need to
77 -- worry about the tree being messed up by previous errors (since errors
78 -- turn off expansion anyway).
80 -- There are a few exceptions to the above rule. For instance routines
81 -- such as Apply_Scalar_Range_Check that do not insert any code can be
82 -- safely called even when the Expander is inactive (but Errors_Detected
83 -- is 0). The benefit of executing this code when expansion is off, is
84 -- the ability to emit constraint error warning for static expressions
85 -- even when we are not generating code.
87 -- The above is modified in gnatprove mode to ensure that proper check
88 -- flags are always placed, even if expansion is off.
90 -------------------------------------
91 -- Suppression of Redundant Checks --
92 -------------------------------------
94 -- This unit implements a limited circuit for removal of redundant
95 -- checks. The processing is based on a tracing of simple sequential
96 -- flow. For any sequence of statements, we save expressions that are
97 -- marked to be checked, and then if the same expression appears later
98 -- with the same check, then under certain circumstances, the second
99 -- check can be suppressed.
101 -- Basically, we can suppress the check if we know for certain that
102 -- the previous expression has been elaborated (together with its
103 -- check), and we know that the exception frame is the same, and that
104 -- nothing has happened to change the result of the exception.
106 -- Let us examine each of these three conditions in turn to describe
107 -- how we ensure that this condition is met.
109 -- First, we need to know for certain that the previous expression has
110 -- been executed. This is done principally by the mechanism of calling
111 -- Conditional_Statements_Begin at the start of any statement sequence
112 -- and Conditional_Statements_End at the end. The End call causes all
113 -- checks remembered since the Begin call to be discarded. This does
114 -- miss a few cases, notably the case of a nested BEGIN-END block with
115 -- no exception handlers. But the important thing is to be conservative.
116 -- The other protection is that all checks are discarded if a label
117 -- is encountered, since then the assumption of sequential execution
118 -- is violated, and we don't know enough about the flow.
120 -- Second, we need to know that the exception frame is the same. We
121 -- do this by killing all remembered checks when we enter a new frame.
122 -- Again, that's over-conservative, but generally the cases we can help
123 -- with are pretty local anyway (like the body of a loop for example).
125 -- Third, we must be sure to forget any checks which are no longer valid.
126 -- This is done by two mechanisms, first the Kill_Checks_Variable call is
127 -- used to note any changes to local variables. We only attempt to deal
128 -- with checks involving local variables, so we do not need to worry
129 -- about global variables. Second, a call to any non-global procedure
130 -- causes us to abandon all stored checks, since such a all may affect
131 -- the values of any local variables.
133 -- The following define the data structures used to deal with remembering
134 -- checks so that redundant checks can be eliminated as described above.
136 -- Right now, the only expressions that we deal with are of the form of
137 -- simple local objects (either declared locally, or IN parameters) or
138 -- such objects plus/minus a compile time known constant. We can do
139 -- more later on if it seems worthwhile, but this catches many simple
140 -- cases in practice.
142 -- The following record type reflects a single saved check. An entry
143 -- is made in the stack of saved checks if and only if the expression
144 -- has been elaborated with the indicated checks.
148 -- Set True if entry is killed by Kill_Checks
151 -- The entity involved in the expression that is checked
154 -- A compile time value indicating the result of adding or
155 -- subtracting a compile time value. This value is to be
156 -- added to the value of the Entity. A value of zero is
157 -- used for the case of a simple entity reference.
160 -- This is set to 'R' for a range check (in which case Target_Type
161 -- is set to the target type for the range check) or to 'O' for an
162 -- overflow check (in which case Target_Type is set to Empty).
165 -- Used only if Do_Range_Check is set. Records the target type for
166 -- the check. We need this, because a check is a duplicate only if
167 -- it has the same target type (or more accurately one with a
168 -- range that is smaller or equal to the stored target type of a
169 -- saved check).
172 -- The following table keeps track of saved checks. Rather than use an
173 -- extensible table, we just use a table of fixed size, and we discard
174 -- any saved checks that do not fit. That's very unlikely to happen and
175 -- this is only an optimization in any case.
178 -- Array of saved checks
181 -- Number of saved checks
183 -- The following stack keeps track of statement ranges. It is treated
184 -- as a stack. When Conditional_Statements_Begin is called, an entry
185 -- is pushed onto this stack containing the value of Num_Saved_Checks
186 -- at the time of the call. Then when Conditional_Statements_End is
187 -- called, this value is popped off and used to reset Num_Saved_Checks.
189 -- Note: again, this is a fixed length stack with a size that should
190 -- always be fine. If the value of the stack pointer goes above the
191 -- limit, then we just forget all saved checks.
196 -----------------------
197 -- Local Subprograms --
198 -----------------------
201 -- Used to apply arithmetic overflow checks for all cases except operators
202 -- on signed arithmetic types in MINIMIZED/ELIMINATED case (for which we
203 -- call Apply_Arithmetic_Overflow_Minimized_Eliminated below). N can be a
204 -- signed integer arithmetic operator (but not an if or case expression).
205 -- It is also called for types other than signed integers.
208 -- Used to apply arithmetic overflow checks for the case where the overflow
209 -- checking mode is MINIMIZED or ELIMINATED and we have a signed integer
210 -- arithmetic op (which includes the case of if and case expressions). Note
211 -- that Do_Overflow_Check may or may not be set for node Op. In these modes
212 -- we have work to do even if overflow checking is suppressed.
214 procedure Apply_Division_Check
219 -- N is an N_Op_Div, N_Op_Rem, or N_Op_Mod node. This routine applies
220 -- division checks as required if the Do_Division_Check flag is set.
221 -- Rlo and Rhi give the possible range of the right operand, these values
222 -- can be referenced and trusted only if ROK is set True.
224 procedure Apply_Float_Conversion_Check
227 -- The checks on a conversion from a floating-point type to an integer
228 -- type are delicate. They have to be performed before conversion, they
229 -- have to raise an exception when the operand is a NaN, and rounding must
230 -- be taken into account to determine the safe bounds of the operand.
232 procedure Apply_Selected_Length_Checks
237 -- This is the subprogram that does all the work for Apply_Length_Check
238 -- and Apply_Static_Length_Check. Expr, Target_Typ and Source_Typ are as
239 -- described for the above routines. The Do_Static flag indicates that
240 -- only a static check is to be done.
242 procedure Apply_Selected_Range_Checks
247 -- This is the subprogram that does all the work for Apply_Range_Check.
248 -- Expr, Target_Typ and Source_Typ are as described for the above
249 -- routine. The Do_Static flag indicates that only a static check is
250 -- to be done.
254 -- This function is used to see if an access or division by zero check is
255 -- needed. The check is to be applied to a single variable appearing in the
256 -- source, and N is the node for the reference. If N is not of this form,
257 -- True is returned with no further processing. If N is of the right form,
258 -- then further processing determines if the given Check is needed.
259 --
260 -- The particular circuit is to see if we have the case of a check that is
261 -- not needed because it appears in the right operand of a short circuited
262 -- conditional where the left operand guards the check. For example:
263 --
264 -- if Var = 0 or else Q / Var > 12 then
265 -- ...
266 -- end if;
267 --
268 -- In this example, the division check is not required. At the same time
269 -- we can issue warnings for suspicious use of non-short-circuited forms,
270 -- such as:
271 --
272 -- if Var = 0 or Q / Var > 12 then
273 -- ...
274 -- end if;
276 procedure Find_Check
284 -- This routine is used by Enable_Range_Check and Enable_Overflow_Check
285 -- to see if a check is of the form for optimization, and if so, to see
286 -- if it has already been performed. Expr is the expression to check,
287 -- and Check_Type is 'R' for a range check, 'O' for an overflow check.
288 -- Target_Type is the target type for a range check, and Empty for an
289 -- overflow check. If the entry is not of the form for optimization,
290 -- then Entry_OK is set to False, and the remaining out parameters
291 -- are undefined. If the entry is OK, then Ent/Ofs are set to the
292 -- entity and offset from the expression. Check_Num is the number of
293 -- a matching saved entry in Saved_Checks, or zero if no such entry
294 -- is located.
297 -- If a discriminal is used in constraining a prival, Return reference
298 -- to the discriminal of the protected body (which renames the parameter
299 -- of the enclosing protected operation). This clumsy transformation is
300 -- needed because privals are created too late and their actual subtypes
301 -- are not available when analysing the bodies of the protected operations.
302 -- This function is called whenever the bound is an entity and the scope
303 -- indicates a protected operation. If the bound is an in-parameter of
304 -- a protected operation that is not a prival, the function returns the
305 -- bound itself.
306 -- To be cleaned up???
308 function Guard_Access
312 -- In the access type case, guard the test with a test to ensure
313 -- that the access value is non-null, since the checks do not
314 -- not apply to null access values.
317 -- Called by Apply_{Length,Range}_Checks to rewrite the tree with the
318 -- Constraint_Error node.
321 -- Returns True if node N is for an arithmetic operation with signed
322 -- integer operands. This includes unary and binary operators, and also
323 -- if and case expression nodes where the dependent expressions are of
324 -- a signed integer type. These are the kinds of nodes for which special
325 -- handling applies in MINIMIZED or ELIMINATED overflow checking mode.
327 function Range_Or_Validity_Checks_Suppressed
329 -- Returns True if either range or validity checks or both are suppressed
330 -- for the type of the given expression, or, if the expression is the name
331 -- of an entity, if these checks are suppressed for the entity.
333 function Selected_Length_Checks
338 -- Like Apply_Selected_Length_Checks, except it doesn't modify
339 -- anything, just returns a list of nodes as described in the spec of
340 -- this package for the Range_Check function.
341 -- ??? In fact it does construct the test and insert it into the tree,
342 -- and insert actions in various ways (calling Insert_Action directly
343 -- in particular) so we do not call it in GNATprove mode, contrary to
344 -- Selected_Range_Checks.
346 function Selected_Range_Checks
351 -- Like Apply_Selected_Range_Checks, except it doesn't modify anything,
352 -- just returns a list of nodes as described in the spec of this package
353 -- for the Range_Check function.
355 ------------------------------
356 -- Access_Checks_Suppressed --
357 ------------------------------
360 begin
363 else
368 -------------------------------------
369 -- Accessibility_Checks_Suppressed --
370 -------------------------------------
373 begin
376 else
381 -----------------------------
382 -- Activate_Division_Check --
383 -----------------------------
386 begin
391 -----------------------------
392 -- Activate_Overflow_Check --
393 -----------------------------
398 begin
399 -- Floating-point case. If Etype is not set (this can happen when we
400 -- activate a check on a node that has not yet been analyzed), then
401 -- we assume we do not have a floating-point type (as per our spec).
405 -- Ignore call if we have no automatic overflow checks on the target
406 -- and Check_Float_Overflow mode is not set. These are the cases in
407 -- which we expect to generate infinities and NaN's with no check.
412 -- Ignore for unary operations ("+", "-", abs) since these can never
413 -- result in overflow for floating-point cases.
418 -- Otherwise we will set the flag
420 else
424 -- Discrete case
426 else
427 -- Nothing to do for Rem/Mod/Plus (overflow not possible, the check
428 -- for zero-divide is a divide check, not an overflow check).
435 -- Fall through for cases where we do set the flag
441 --------------------------
442 -- Activate_Range_Check --
443 --------------------------
446 begin
451 ---------------------------------
452 -- Alignment_Checks_Suppressed --
453 ---------------------------------
456 begin
459 else
464 ----------------------------------
465 -- Allocation_Checks_Suppressed --
466 ----------------------------------
468 -- Note: at the current time there are no calls to this function, because
469 -- the relevant check is in the run-time, so it is not a check that the
470 -- compiler can suppress anyway, but we still have to recognize the check
471 -- name Allocation_Check since it is part of the standard.
474 begin
477 else
482 -------------------------
483 -- Append_Range_Checks --
484 -------------------------
486 procedure Append_Range_Checks
492 is
495 or else
501 begin
502 -- For now we just return if Checks_On is false, however this should be
503 -- enhanced to check for an always True value in the condition and to
504 -- generate a compilation warning???
515 then
521 else
522 Append_To
530 ------------------------
531 -- Apply_Access_Check --
532 ------------------------
537 begin
538 -- We do not need checks if we are not generating code (i.e. the
539 -- expander is not active). This is not just an optimization, there
540 -- are cases (e.g. with pragma Debug) where generating the checks
541 -- can cause real trouble).
547 -- No check if short circuiting makes check unnecessary
553 -- No check if accessing the Offset_To_Top component of a dispatch
554 -- table. They are safe by construction.
556 if Tagged_Type_Expansion
561 then
565 -- Otherwise go ahead and install the check
570 -------------------------------
571 -- Apply_Accessibility_Check --
572 -------------------------------
574 procedure Apply_Accessibility_Check
578 is
584 begin
590 then
594 -- Renamed_Object must return an Entity_Name here
595 -- because of preceding "Present (E_E_A (...))" test.
604 -- Only apply the run-time check if the access parameter has an
605 -- associated extra access level parameter and when the level of the
606 -- type is less deep than the level of the access parameter, and
607 -- accessibility checks are not suppressed.
615 then
616 Param_Level :=
619 Type_Level :=
622 -- Raise Program_Error if the accessibility level of the access
623 -- parameter is deeper than the level of the target access type.
627 Condition =>
637 --------------------------------
638 -- Apply_Address_Clause_Check --
639 --------------------------------
649 -- Address expression (not necessarily the same as Aexp, for example
650 -- when Aexp is a reference to a constant, in which case Expr gets
651 -- reset to reference the value expression of the constant).
653 begin
654 -- See if alignment check needed. Note that we never need a check if the
655 -- maximum alignment is one, since the check will always succeed.
657 -- Note: we do not check for checks suppressed here, since that check
658 -- was done in Sem_Ch13 when the address clause was processed. We are
659 -- only called if checks were not suppressed. The reason for this is
660 -- that we have to delay the call to Apply_Alignment_Check till freeze
661 -- time (so that all types etc are elaborated), but we have to check
662 -- the status of check suppressing at the point of the address clause.
667 then
671 -- Obtain expression from address clause
675 -- See if we know that Expr has an acceptable value at compile time. If
676 -- it hasn't or we don't know, we defer issuing the warning until the
677 -- end of the compilation to take into account back end annotations.
681 then
682 declare
685 begin
686 -- The object alignment might be more restrictive than the type
687 -- alignment.
698 -- If the expression has the form X'Address, then we can find out if the
699 -- object X has an alignment that is compatible with the object E. If it
700 -- hasn't or we don't know, we defer issuing the warning until the end
701 -- of the compilation to take into account back end annotations.
705 and then
707 then
711 -- Here we do not know if the value is acceptable. Strictly we don't
712 -- have to do anything, since if the alignment is bad, we have an
713 -- erroneous program. However we are allowed to check for erroneous
714 -- conditions and we decide to do this by default if the check is not
715 -- suppressed.
717 -- However, don't do the check if elaboration code is unwanted
722 -- Generate a check to raise PE if alignment may be inappropriate
724 else
725 -- If the original expression is a non-static constant, use the name
726 -- of the constant itself rather than duplicating its initialization
727 -- expression, which was extracted above.
729 -- Note: Expr is empty if the address-clause is applied to in-mode
730 -- actuals (allowed by 13.1(22)).
733 or else
737 N_Object_Declaration)
738 then
740 else
750 Condition =>
752 Left_Opnd =>
754 Left_Opnd =>
755 Unchecked_Convert_To
757 Right_Opnd =>
767 -- If the above raise action generated a warning message (for example
768 -- from Warn_On_Non_Local_Exception mode with the active restriction
769 -- No_Exception_Propagation).
773 -- If the expression has a known at compile time value, then
774 -- once we know the alignment of the type, we can check if the
775 -- exception will be raised or not, and if not, we don't need
776 -- the warning so we will kill the warning later on.
779 Alignment_Warnings.Append
782 -- Add explanation of the warning generated by the check
784 else
785 Error_Msg_N
794 exception
796 -- If we have some missing run time component in configurable run time
797 -- mode then just skip the check (it is not required in any case).
803 -------------------------------------
804 -- Apply_Arithmetic_Overflow_Check --
805 -------------------------------------
808 begin
809 -- Use old routine in almost all cases (the only case we are treating
810 -- specially is the case of a signed integer arithmetic op with the
811 -- overflow checking mode set to MINIMIZED or ELIMINATED).
815 then
818 -- Otherwise use the new routine for the case of a signed integer
819 -- arithmetic op, with Do_Overflow_Check set to True, and the checking
820 -- mode is MINIMIZED or ELIMINATED.
822 else
827 --------------------------------------
828 -- Apply_Arithmetic_Overflow_Strict --
829 --------------------------------------
831 -- This routine is called only if the type is an integer type and an
832 -- arithmetic overflow check may be needed for op (add, subtract, or
833 -- multiply). This check is performed if Backend_Overflow_Checks_On_Target
834 -- is not enabled and Do_Overflow_Check is set. In this case we expand the
835 -- operation into a more complex sequence of tests that ensures that
836 -- overflow is properly caught.
838 -- This is used in CHECKED modes. It is identical to the code for this
839 -- cases before the big overflow earthquake, thus ensuring that in this
840 -- modes we have compatible behavior (and reliability) to what was there
841 -- before. It is also called for types other than signed integers, and if
842 -- the Do_Overflow_Check flag is off.
844 -- Note: we also call this routine if we decide in the MINIMIZED case
845 -- to give up and just generate an overflow check without any fuss.
852 begin
853 -- Nothing to do if Do_Overflow_Check not set or overflow checks
854 -- suppressed.
860 -- An interesting special case. If the arithmetic operation appears as
861 -- the operand of a type conversion:
863 -- type1 (x op y)
865 -- and all the following conditions apply:
867 -- arithmetic operation is for a signed integer type
868 -- target type type1 is a static integer subtype
869 -- range of x and y are both included in the range of type1
870 -- range of x op y is included in the range of type1
871 -- size of type1 is at least twice the result size of op
873 -- then we don't do an overflow check in any case. Instead, we transform
874 -- the operation so that we end up with:
876 -- type1 (type1 (x) op type1 (y))
878 -- This avoids intermediate overflow before the conversion. It is
879 -- explicitly permitted by RM 3.5.4(24):
881 -- For the execution of a predefined operation of a signed integer
882 -- type, the implementation need not raise Constraint_Error if the
883 -- result is outside the base range of the type, so long as the
884 -- correct result is produced.
886 -- It's hard to imagine that any programmer counts on the exception
887 -- being raised in this case, and in any case it's wrong coding to
888 -- have this expectation, given the RM permission. Furthermore, other
889 -- Ada compilers do allow such out of range results.
891 -- Note that we do this transformation even if overflow checking is
892 -- off, since this is precisely about giving the "right" result and
893 -- avoiding the need for an overflow check.
895 -- Note: this circuit is partially redundant with respect to the similar
896 -- processing in Exp_Ch4.Expand_N_Type_Conversion, but the latter deals
897 -- with cases that do not come through here. We still need the following
898 -- processing even with the Exp_Ch4 code in place, since we want to be
899 -- sure not to generate the arithmetic overflow check in these cases
900 -- (Exp_Ch4 would have a hard time removing them once generated).
904 then
920 begin
923 then
927 Determine_Range
929 Determine_Range
935 then
949 -- Rewrite the conversion operand so that the original
950 -- node is retained, in order to avoid the warning for
951 -- redundant conversions in Resolve_Type_Conversion.
960 -- Given that the target type is twice the size of the
961 -- source type, overflow is now impossible, so we can
962 -- safely kill the overflow check and return.
972 -- Now see if an overflow check is required
974 declare
982 begin
983 -- Skip check if back end does overflow checks, or the overflow flag
984 -- is not set anyway, or we are not doing code expansion, or the
985 -- parent node is a type conversion whose operand is an arithmetic
986 -- operation on signed integers on which the expander can promote
987 -- later the operands to type Integer (see Expand_N_Type_Conversion).
989 if Backend_Overflow_Checks_On_Target
991 or else not Expander_Active
995 then
999 -- Otherwise, generate the full general code for front end overflow
1000 -- detection, which works by doing arithmetic in a larger type:
1002 -- x op y
1004 -- is expanded into
1006 -- Typ (Checktyp (x) op Checktyp (y));
1008 -- where Typ is the type of the original expression, and Checktyp is
1009 -- an integer type of sufficient length to hold the largest possible
1010 -- result.
1012 -- If the size of check type exceeds the size of Long_Long_Integer,
1013 -- we use a different approach, expanding to:
1015 -- typ (xxx_With_Ovflo_Check (Integer_64 (x), Integer (y)))
1017 -- where xxx is Add, Multiply or Subtract as appropriate
1019 -- Find check type if one exists
1027 -- No check type exists, use runtime call
1029 else
1036 else
1053 -- If we fall through, we have the case where we do the arithmetic
1054 -- in the next higher type and get the check by conversion. In these
1055 -- cases Ctyp is set to the type to be used as the check type.
1073 -- The type of the operation changes to the base type of the check
1074 -- type, and we reset the overflow check indication, since clearly no
1075 -- overflow is possible now that we are using a double length type.
1076 -- We also set the Analyzed flag to avoid a recursive attempt to
1077 -- expand the node.
1083 -- Now build the outer conversion
1089 -- In the discrete type case, we directly generate the range check
1090 -- for the outer operand. This range check will implement the
1091 -- required overflow check.
1095 Generate_Range_Check
1098 -- For other types, we enable overflow checking on the conversion,
1099 -- after setting the node as analyzed to prevent recursive attempts
1100 -- to expand the conversion node.
1102 else
1108 exception
1114 ----------------------------------------------------
1115 -- Apply_Arithmetic_Overflow_Minimized_Eliminated --
1116 ----------------------------------------------------
1125 -- Operands and results are of this type when we convert
1128 -- Original result type
1134 -- Ranges of values for result
1136 begin
1137 -- Nothing to do if our parent is one of the following:
1139 -- Another signed integer arithmetic op
1140 -- A membership operation
1141 -- A comparison operation
1143 -- In all these cases, we will process at the higher level (and then
1144 -- this node will be processed during the downwards recursion that
1145 -- is part of the processing in Minimize_Eliminate_Overflows).
1151 -- This is also true for an alternative in a case expression
1155 -- This is also true for a range operand in a membership test
1159 then
1160 -- If_Expressions and Case_Expressions are treated as arithmetic
1161 -- ops, but if they appear in an assignment or similar contexts
1162 -- there is no overflow check that starts from that parent node,
1163 -- so apply check now.
1167 then
1169 else
1174 -- Otherwise, we have a top level arithmetic operation node, and this
1175 -- is where we commence the special processing for MINIMIZED/ELIMINATED
1176 -- modes. This is the case where we tell the machinery not to move into
1177 -- Bignum mode at this top level (of course the top level operation
1178 -- will still be in Bignum mode if either of its operands are of type
1179 -- Bignum).
1183 -- That call may but does not necessarily change the result type of Op.
1184 -- It is the job of this routine to undo such changes, so that at the
1185 -- top level, we have the proper type. This "undoing" is a point at
1186 -- which a final overflow check may be applied.
1188 -- If the result type was not fiddled we are all set. We go to base
1189 -- types here because things may have been rewritten to generate the
1190 -- base type of the operand types.
1195 -- Bignum case
1199 -- We need a sequence that looks like:
1201 -- Rnn : Result_Type;
1203 -- declare
1204 -- M : Mark_Id := SS_Mark;
1205 -- begin
1206 -- Rnn := Long_Long_Integer'Base (From_Bignum (Op));
1207 -- SS_Release (M);
1208 -- end;
1210 -- This block is inserted (using Insert_Actions), and then the node
1211 -- is replaced with a reference to Rnn.
1213 -- If our parent is a conversion node then there is no point in
1214 -- generating a conversion to Result_Type. Instead, we let the parent
1215 -- handle this. Note that this special case is not just about
1216 -- optimization. Consider
1218 -- A,B,C : Integer;
1219 -- ...
1220 -- X := Long_Long_Integer'Base (A * (B ** C));
1222 -- Now the product may fit in Long_Long_Integer but not in Integer.
1223 -- In MINIMIZED/ELIMINATED mode, we don't want to introduce an
1224 -- overflow exception for this intermediate value.
1226 declare
1233 begin
1240 -- Interesting question, do we need a check on that conversion
1241 -- operation. Answer, not if we know the result is in range.
1242 -- At the moment we are not taking advantage of this. To be
1243 -- looked at later ???
1245 else
1249 Insert_Before
1259 Blk));
1265 -- Here we know the result is Long_Long_Integer'Base, or that it has
1266 -- been rewritten because the parent operation is a conversion. See
1267 -- Apply_Arithmetic_Overflow_Strict.Conversion_Optimization.
1269 else
1270 pragma Assert
1273 -- All we need to do here is to convert the result to the proper
1274 -- result type. As explained above for the Bignum case, we can
1275 -- omit this if our parent is a type conversion.
1285 ----------------------------
1286 -- Apply_Constraint_Check --
1287 ----------------------------
1289 procedure Apply_Constraint_Check
1293 is
1296 begin
1297 -- No checks inside a generic (check the instantiations)
1303 -- Apply required constraint checks
1310 -- A useful optimization: an aggregate with only an others clause
1311 -- always has the right bounds.
1315 and then Nkind
1317 = N_Others_Choice
1318 then
1328 else
1335 then
1342 -- No checks necessary if expression statically null
1349 -- No sliding possible on access to arrays
1358 -- Do not install a discriminant check for a constrained subtype
1359 -- created for an unconstrained nominal type because the subtype
1360 -- has the correct constraints by construction.
1365 then
1369 -- Apply the 2005 Null_Excluding check. Note that we do not apply
1370 -- this check if the constraint node is illegal, as shown by having
1371 -- an error posted. This additional guard prevents cascaded errors
1372 -- and compiler aborts on illegal programs involving Ada 2005 checks.
1377 then
1383 ------------------------------
1384 -- Apply_Discriminant_Check --
1385 ------------------------------
1387 procedure Apply_Discriminant_Check
1391 is
1399 -- A heap object with an indefinite subtype is constrained by its
1400 -- initial value, and assigning to it requires a constraint_check.
1401 -- The target may be an explicit dereference, or a renaming of one.
1404 -- It is possible for an aliased component to have a nominal
1405 -- unconstrained subtype (through instantiation). If this is a
1406 -- discriminated component assigned in the expansion of an aggregate
1407 -- in an initialization, the check must be suppressed. This unusual
1408 -- situation requires a predicate of its own.
1410 ----------------------------------
1411 -- Denotes_Explicit_Dereference --
1412 ----------------------------------
1415 begin
1416 return
1418 or else
1422 N_Explicit_Dereference);
1425 ----------------------------------------
1426 -- Is_Aliased_Unconstrained_Component --
1427 ----------------------------------------
1433 begin
1436 else
1443 then
1448 and then In_Instance
1452 -- Start of processing for Apply_Discriminant_Check
1454 begin
1457 else
1461 -- Only apply checks when generating code and discriminant checks are
1462 -- not suppressed. In GNATprove mode, we do not apply the checks, but we
1463 -- still analyze the expression to possibly issue errors on SPARK code
1464 -- when a run-time error can be detected at compile time.
1467 if not Expander_Active
1469 then
1474 -- No discriminant checks necessary for an access when expression is
1475 -- statically Null. This is not only an optimization, it is fundamental
1476 -- because otherwise discriminant checks may be generated in init procs
1477 -- for types containing an access to a not-yet-frozen record, causing a
1478 -- deadly forward reference.
1480 -- Also, if the expression is of an access type whose designated type is
1481 -- incomplete, then the access value must be null and we suppress the
1482 -- check.
1495 -- If an assignment target is present, then we need to generate the
1496 -- actual subtype if the target is a parameter or aliased object with
1497 -- an unconstrained nominal subtype.
1499 -- Ada 2005 (AI-363): For Ada 2005, we limit the building of the actual
1500 -- subtype to the parameter and dereference cases, since other aliased
1501 -- objects are unconstrained (unless the nominal subtype is explicitly
1502 -- constrained).
1514 N_Function_Call))
1515 then
1519 -- Nothing to do if the type is unconstrained (this is the case where
1520 -- the actual subtype in the RM sense of N is unconstrained and no check
1521 -- is required).
1526 -- Ada 2005: nothing to do if the type is one for which there is a
1527 -- partial view that is constrained.
1530 and then Object_Type_Has_Constrained_Partial_View
1533 then
1537 -- Nothing to do if the type is an Unchecked_Union
1543 -- Suppress checks if the subtypes are the same. The check must be
1544 -- preserved in an assignment to a formal, because the constraint is
1545 -- given by the actual.
1551 then
1555 then
1559 -- We can also eliminate checks on allocators with a subtype mark that
1560 -- coincides with the context type. The context type may be a subtype
1561 -- without a constraint (common case, a generic actual).
1565 then
1566 declare
1570 begin
1577 then
1583 -- See if we have a case where the types are both constrained, and all
1584 -- the constraints are constants. In this case, we can do the check
1585 -- successfully at compile time.
1587 -- We skip this check for the case where the node is rewritten as
1588 -- an allocator, because it already carries the context subtype,
1589 -- and extracting the discriminants from the aggregate is messy.
1593 then
1594 declare
1601 begin
1602 -- S_Typ may not have discriminants in the case where it is a
1603 -- private type completed by a default discriminated type. In that
1604 -- case, we need to get the constraints from the underlying type.
1605 -- If the underlying type is unconstrained (i.e. has no default
1606 -- discriminants) no check is needed.
1612 else
1614 DconS :=
1615 First_Elmt
1622 -- A further optimization: if T_Typ is derived from S_Typ
1623 -- without imposing a constraint, no check is needed.
1626 N_Full_Type_Declaration
1627 then
1628 declare
1631 begin
1635 then
1642 -- Constraint may appear in full view of type
1646 then
1647 DconT :=
1649 else
1650 DconT :=
1658 -- For a discriminated component type constrained by the
1659 -- current instance of an enclosing type, there is no
1660 -- applicable discriminant check.
1666 then
1670 -- If the expressions for the discriminants are identical
1671 -- and it is side-effect free (for now just an entity),
1672 -- this may be a shared constraint, e.g. from a subtype
1673 -- without a constraint introduced as a generic actual.
1674 -- Examine other discriminants if any.
1678 then
1683 then
1689 else
1690 Apply_Compile_Time_Constraint_Error
1708 -- In GNATprove mode, we do not apply the checks
1714 -- Here we need a discriminant check. First build the expression
1715 -- for the comparisons of the discriminants:
1717 -- (n.disc1 /= typ.disc1) or else
1718 -- (n.disc2 /= typ.disc2) or else
1719 -- ...
1720 -- (n.discn /= typ.discn)
1724 -- If Lhs is set and is a parameter, then the condition is guarded by:
1725 -- lhs'constrained and then (condition built above)
1728 Cond :=
1730 Left_Opnd =>
1747 -------------------------
1748 -- Apply_Divide_Checks --
1749 -------------------------
1758 -- Current overflow checking mode
1769 -- Don't actually use this value
1771 begin
1772 -- If we are operating in MINIMIZED or ELIMINATED mode, and we are
1773 -- operating on signed integer types, then the only thing this routine
1774 -- does is to call Apply_Arithmetic_Overflow_Minimized_Eliminated. That
1775 -- procedure will (possibly later on during recursive downward calls),
1776 -- ensure that any needed overflow/division checks are properly applied.
1780 then
1785 -- Proceed here in SUPPRESSED or CHECKED modes
1787 if Expander_Active
1788 and then not Backend_Divide_Checks_On_Target
1790 then
1793 -- Deal with division check
1797 then
1801 -- Deal with overflow check
1805 then
1808 -- Test for extremely annoying case of xxx'First divided by -1
1809 -- for division of signed integer types (only overflow case).
1813 then
1818 and then
1820 then
1821 -- Ensure that expressions are not evaluated twice (once
1822 -- for their runtime checks and once for their regular
1823 -- computation).
1830 Condition =>
1832 Left_Opnd =>
1834 Left_Opnd =>
1838 Right_Opnd =>
1850 --------------------------
1851 -- Apply_Division_Check --
1852 --------------------------
1854 procedure Apply_Division_Check
1859 is
1865 begin
1866 if Expander_Active
1867 and then not Backend_Divide_Checks_On_Target
1869 then
1870 -- See if division by zero possible, and if so generate test. This
1871 -- part of the test is not controlled by the -gnato switch, since
1872 -- it is a Division_Check and not an Overflow_Check.
1880 Condition =>
1890 ----------------------------------
1891 -- Apply_Float_Conversion_Check --
1892 ----------------------------------
1894 -- Let F and I be the source and target types of the conversion. The RM
1895 -- specifies that a floating-point value X is rounded to the nearest
1896 -- integer, with halfway cases being rounded away from zero. The rounded
1897 -- value of X is checked against I'Range.
1899 -- The catch in the above paragraph is that there is no good way to know
1900 -- whether the round-to-integer operation resulted in overflow. A remedy is
1901 -- to perform a range check in the floating-point domain instead, however:
1903 -- (1) The bounds may not be known at compile time
1904 -- (2) The check must take into account rounding or truncation.
1905 -- (3) The range of type I may not be exactly representable in F.
1906 -- (4) For the rounding case, The end-points I'First - 0.5 and
1907 -- I'Last + 0.5 may or may not be in range, depending on the
1908 -- sign of I'First and I'Last.
1909 -- (5) X may be a NaN, which will fail any comparison
1911 -- The following steps correctly convert X with rounding:
1913 -- (1) If either I'First or I'Last is not known at compile time, use
1914 -- I'Base instead of I in the next three steps and perform a
1915 -- regular range check against I'Range after conversion.
1916 -- (2) If I'First - 0.5 is representable in F then let Lo be that
1917 -- value and define Lo_OK as (I'First > 0). Otherwise, let Lo be
1918 -- F'Machine (I'First) and let Lo_OK be (Lo >= I'First).
1919 -- In other words, take one of the closest floating-point numbers
1920 -- (which is an integer value) to I'First, and see if it is in
1921 -- range or not.
1922 -- (3) If I'Last + 0.5 is representable in F then let Hi be that value
1923 -- and define Hi_OK as (I'Last < 0). Otherwise, let Hi be
1924 -- F'Machine (I'Last) and let Hi_OK be (Hi <= I'Last).
1925 -- (4) Raise CE when (Lo_OK and X < Lo) or (not Lo_OK and X <= Lo)
1926 -- or (Hi_OK and X > Hi) or (not Hi_OK and X >= Hi)
1928 -- For the truncating case, replace steps (2) and (3) as follows:
1929 -- (2) If I'First > 0, then let Lo be F'Pred (I'First) and let Lo_OK
1930 -- be False. Otherwise, let Lo be F'Succ (I'First - 1) and let
1931 -- Lo_OK be True.
1932 -- (3) If I'Last < 0, then let Hi be F'Succ (I'Last) and let Hi_OK
1933 -- be False. Otherwise let Hi be F'Pred (I'Last + 1) and let
1934 -- Hi_OK be True.
1936 procedure Apply_Float_Conversion_Check
1939 is
1949 -- Parent of check node, must be a type conversion
1953 UI_Expon
1957 -- Largest bound, so bound plus or minus half is a machine number of F
1960 -- Bounds of integer type
1963 -- Bounds to check in floating-point domain
1966 -- True iff Lo resp. Hi belongs to I'Range
1969 -- Expressions that are False iff check fails
1973 begin
1974 -- We do not need checks if we are not generating code (i.e. the full
1975 -- expander is not active). In SPARK mode, we specifically don't want
1976 -- the frontend to expand these checks, which are dealt with directly
1977 -- in the formal verification backend.
1985 then
1986 declare
1987 -- First check that the value falls in the range of the base type,
1988 -- to prevent overflow during conversion and then perform a
1989 -- regular range check against the (dynamic) bounds.
1995 begin
2008 Condition =>
2019 -- Get the (static) bounds of the target type
2024 -- A simple optimization: if the expression is a universal literal,
2025 -- we can do the comparison with the bounds and the conversion to
2026 -- an integer type statically. The range checks are unchanged.
2032 then
2033 declare
2036 begin
2039 -- Conversion is safe
2049 -- Check against lower bound
2063 else
2070 -- Lo_Chk := (X >= Lo)
2076 else
2077 -- Lo_Chk := (X > Lo)
2084 -- Check against higher bound
2097 else
2104 -- Hi_Chk := (X <= Hi)
2110 else
2111 -- Hi_Chk := (X < Hi)
2118 -- If the bounds of the target type are the same as those of the base
2119 -- type, the check is an overflow check as a range check is not
2120 -- performed in these cases.
2124 then
2126 else
2130 -- Raise CE if either conditions does not hold
2138 ------------------------
2139 -- Apply_Length_Check --
2140 ------------------------
2142 procedure Apply_Length_Check
2146 is
2147 begin
2148 Apply_Selected_Length_Checks
2152 -------------------------------------
2153 -- Apply_Parameter_Aliasing_Checks --
2154 -------------------------------------
2156 procedure Apply_Parameter_Aliasing_Checks
2159 is
2162 function May_Cause_Aliasing
2165 -- Determine whether two formal parameters can alias each other
2166 -- depending on their modes.
2169 -- The expander may replace an actual with a temporary for the sake of
2170 -- side effect removal. The temporary may hide a potential aliasing as
2171 -- it does not share the address of the actual. This routine attempts
2172 -- to retrieve the original actual.
2174 procedure Overlap_Check
2180 -- Create a check to determine whether Actual_1 overlaps with Actual_2.
2181 -- If detailed exception messages are enabled, the check is augmented to
2182 -- provide information about the names of the corresponding formals. See
2183 -- the body for details. Actual_1 and Actual_2 denote the two actuals to
2184 -- be tested. Formal_1 and Formal_2 denote the corresponding formals.
2185 -- Check contains all and-ed simple tests generated so far or remains
2186 -- unchanged in the case of detailed exception messaged.
2188 ------------------------
2189 -- May_Cause_Aliasing --
2190 ------------------------
2192 function May_Cause_Aliasing
2195 is
2196 begin
2197 -- The following combination cannot lead to aliasing
2199 -- Formal 1 Formal 2
2200 -- IN IN
2203 and then
2205 then
2208 -- The following combinations may lead to aliasing
2210 -- Formal 1 Formal 2
2211 -- IN OUT
2212 -- IN IN OUT
2213 -- OUT IN
2214 -- OUT IN OUT
2215 -- OUT OUT
2217 else
2222 ---------------------
2223 -- Original_Actual --
2224 ---------------------
2227 begin
2231 -- The expander created a temporary to capture the result of a type
2232 -- conversion where the expression is the real actual.
2237 then
2244 -------------------
2245 -- Overlap_Check --
2246 -------------------
2248 procedure Overlap_Check
2254 is
2259 begin
2260 -- Generate:
2261 -- Actual_1'Overlaps_Storage (Actual_2)
2263 Cond :=
2267 Expressions =>
2270 -- Generate the following check when detailed exception messages are
2271 -- enabled:
2273 -- if Actual_1'Overlaps_Storage (Actual_2) then
2274 -- raise Program_Error with <detailed message>;
2275 -- end if;
2278 Start_String;
2280 -- Do not generate location information for internal calls
2306 Name =>
2310 -- Create a sequence of overlapping checks by and-ing them all
2311 -- together.
2313 else
2316 else
2317 Check :=
2325 -- Local variables
2335 -- Start of processing for Apply_Parameter_Aliasing_Checks
2337 begin
2345 -- Ensure that the actual is an object that is not passed by value.
2346 -- Elementary types are always passed by value, therefore actuals of
2347 -- such types cannot lead to aliasing. An aggregate is an object in
2348 -- Ada 2012, but an actual that is an aggregate cannot overlap with
2349 -- another actual. A type that is By_Reference (such as an array of
2350 -- controlled types) is not subject to the check because any update
2351 -- will be done in place and a subsequent read will always see the
2352 -- correct value, see RM 6.2 (12/3).
2357 then
2363 then
2369 -- The other actual we are testing against must also denote
2370 -- a non pass-by-value object. Generate the check only when
2371 -- the mode of the two formals may lead to aliasing.
2376 then
2380 Overlap_Check
2397 -- Place a simple check right before the call
2407 -------------------------------------
2408 -- Apply_Parameter_Validity_Checks --
2409 -------------------------------------
2414 procedure Add_Validity_Check
2418 -- Add a single 'Valid[_Scalar] check which verifies the initialization
2419 -- of Formal. Prag_Nam denotes the pre or post condition pragma name.
2420 -- Set flag For_Result when to verify the result of a function.
2422 ------------------------
2423 -- Add_Validity_Check --
2424 ------------------------
2426 procedure Add_Validity_Check
2430 is
2432 -- Create a pre/postcondition pragma that tests expression Expr
2434 ------------------------------
2435 -- Build_Pre_Post_Condition --
2436 ------------------------------
2443 begin
2444 Prag :=
2452 -- Add a message unless exception messages are suppressed
2458 Expression =>
2466 -- Insert the pragma in the tree
2472 -- PPC pragmas associated with subprogram bodies must be inserted
2473 -- in the declarative part of the body.
2486 -- For subprogram declarations insert the PPC pragma right after
2487 -- the declarative node.
2489 else
2494 -- Local variables
2501 -- Start of processing for Add_Validity_Check
2503 begin
2504 -- For scalars, generate 'Valid test
2509 -- For any non-scalar with scalar parts, generate 'Valid_Scalars test
2514 -- No test needed for other cases (no scalars to test)
2516 else
2520 -- Step 1: Create the expression to verify the validity of the
2521 -- context.
2525 -- When processing a function result, use 'Result. Generate
2526 -- Context'Result
2529 Check :=
2535 -- Generate:
2536 -- Context['Result]'Valid[_Scalars]
2538 Check :=
2543 -- Step 2: Create a pre or post condition pragma
2548 -- Local variables
2553 -- Start of processing for Apply_Parameter_Validity_Checks
2555 begin
2556 -- Extract the subprogram specification and declaration nodes
2568 -- Do not process formal subprograms because the corresponding actual
2569 -- will receive the proper checks when the instance is analyzed.
2573 -- Do not process imported subprograms since pre and postconditions
2574 -- are never verified on routines coming from a different language.
2579 -- The PPC pragmas generated by this routine do not correspond to
2580 -- source aspects, therefore they cannot be applied to abstract
2581 -- subprograms.
2585 -- Do not consider subprogram renaminds because the renamed entity
2586 -- already has the proper PPC pragmas.
2590 -- Do not process null procedures because there is no benefit of
2591 -- adding the checks to a no action routine.
2595 then
2599 -- Inspect all the formals applying aliasing and scalar initialization
2600 -- checks where applicable.
2605 -- Generate the following scalar initialization checks for each
2606 -- formal parameter:
2608 -- mode IN - Pre => Formal'Valid[_Scalars]
2609 -- mode IN OUT - Pre, Post => Formal'Valid[_Scalars]
2610 -- mode OUT - Post => Formal'Valid[_Scalars]
2625 -- Generate following scalar initialization check for function result:
2627 -- Post => Subp'Result'Valid[_Scalars]
2634 ---------------------------
2635 -- Apply_Predicate_Check --
2636 ---------------------------
2638 procedure Apply_Predicate_Check
2642 is
2645 begin
2658 -- A predicate check does not apply within internally generated
2659 -- subprograms, such as TSS functions.
2664 -- If the check appears within the predicate function itself, it
2665 -- means that the user specified a check whose formal is the
2666 -- predicated subtype itself, rather than some covering type. This
2667 -- is likely to be a common error, and thus deserves a warning.
2670 Error_Msg_NE
2673 Error_Msg_N
2677 Error_Msg_NE
2686 -- Here for normal case of predicate active
2688 else
2689 -- If the type has a static predicate and the expression is known
2690 -- at compile time, see if the expression satisfies the predicate.
2698 -- For an entity of the type, generate a call to the predicate
2699 -- function, unless its type is an actual subtype, which is not
2700 -- visible outside of the enclosing subprogram.
2704 then
2706 Make_Predicate_Check
2709 -- If the expression is not an entity it may have side effects,
2710 -- and the following call will create an object declaration for
2711 -- it. We disable checks during its analysis, to prevent an
2712 -- infinite recursion.
2714 else
2716 Make_Predicate_Check
2723 -----------------------
2724 -- Apply_Range_Check --
2725 -----------------------
2727 procedure Apply_Range_Check
2731 is
2732 begin
2733 Apply_Selected_Range_Checks
2737 ------------------------------
2738 -- Apply_Scalar_Range_Check --
2739 ------------------------------
2741 -- Note that Apply_Scalar_Range_Check never turns the Do_Range_Check flag
2742 -- off if it is already set on.
2744 procedure Apply_Scalar_Range_Check
2749 is
2757 -- Set true if Expr is a subscript
2760 -- Set true if Expr is a subscript of an unconstrained array. In this
2761 -- case we do not attempt to do an analysis of the value against the
2762 -- range of the subscript, since we don't know the actual subtype.
2765 -- Set to True if Expr should be regarded as a real value even though
2766 -- the type of Expr might be discrete.
2769 -- Procedure called if value is determined to be out of range. Warn is
2770 -- True to force a warning instead of an error, even when SPARK_Mode is
2771 -- On.
2773 ---------------
2774 -- Bad_Value --
2775 ---------------
2778 begin
2779 Apply_Compile_Time_Constraint_Error
2786 -- Start of processing for Apply_Scalar_Range_Check
2788 begin
2789 -- Return if check obviously not needed
2791 if
2792 -- Not needed inside generic
2794 Inside_A_Generic
2796 -- Not needed if previous error
2801 -- Not needed for non-scalar type
2805 -- Not needed if we know node raises CE already
2808 then
2812 -- Now, see if checks are suppressed
2814 Is_Subscr_Ref :=
2828 -- Subscript reference. Check for Index_Checks suppressed
2832 -- Check array type and its base type
2836 then
2839 -- Check array itself if it is an entity name
2843 then
2846 -- Check expression itself if it is an entity name
2850 then
2854 -- All other cases, check for Range_Checks suppressed
2856 else
2857 -- Check target type and its base type
2861 then
2864 -- Check expression itself if it is an entity name
2868 then
2871 -- If Expr is part of an assignment statement, then check left
2872 -- side of assignment if it is an entity name.
2877 then
2883 -- Do not set range checks if they are killed
2887 then
2891 -- Do not set range checks for any values from System.Scalar_Values
2892 -- since the whole idea of such values is to avoid checking them.
2896 then
2900 -- Now see if we need a check
2904 else
2912 Is_Unconstrained_Subscr_Ref :=
2915 -- Special checks for floating-point type
2919 -- Always do a range check if the source type includes infinities and
2920 -- the target type does not include infinities. We do not do this if
2921 -- range checks are killed.
2922 -- If the expression is a literal and the bounds of the type are
2923 -- static constants it may be possible to optimize the check.
2927 then
2928 -- If the expression is a literal and the bounds of the type are
2929 -- static constants it may be possible to optimize the check.
2932 declare
2936 begin
2941 then
2943 else
2948 else
2954 -- Return if we know expression is definitely in the range of the target
2955 -- type as determined by Determine_Range. Right now we only do this for
2956 -- discrete types, and not fixed-point or floating-point types.
2958 -- The additional less-precise tests below catch these cases
2960 -- In GNATprove_Mode, also deal with the case of a conversion from
2961 -- floating-point to integer. It is only possible because analysis
2962 -- in GNATprove rules out the possibility of a NaN or infinite value.
2964 -- Note: skip this if we are given a source_typ, since the point of
2965 -- supplying a Source_Typ is to stop us looking at the expression.
2966 -- We could sharpen this test to be out parameters only ???
2972 and then not Is_Unconstrained_Subscr_Ref
2974 then
2975 declare
2979 begin
2982 then
2983 declare
2989 begin
2990 -- If range is null, we for sure have a constraint error (we
2991 -- don't even need to look at the value involved, since all
2992 -- possible values will raise CE).
2996 -- When SPARK_Mode is On, force a warning instead of
2997 -- an error in that case, as this likely corresponds
2998 -- to deactivated code.
3002 -- In GNATprove mode, we enable the range check so that
3003 -- GNATprove will issue a message if it cannot be proved.
3012 -- Otherwise determine range of value
3015 Determine_Range
3018 -- When converting a float to an integer type, determine the
3019 -- range in real first, and then convert the bounds using
3020 -- UR_To_Uint which correctly rounds away from zero when
3021 -- half way between two integers, as required by normal
3022 -- Ada 95 rounding semantics. It is only possible because
3023 -- analysis in GNATprove rules out the possibility of a NaN
3024 -- or infinite value.
3026 elsif GNATprove_Mode
3028 then
3029 declare
3033 begin
3034 Determine_Range_R
3046 -- If definitely in range, all OK
3051 -- If definitely not in range, warn
3054 Bad_Value;
3057 -- Otherwise we don't know
3059 else
3068 Int_Real :=
3072 -- Check if we can determine at compile time whether Expr is in the
3073 -- range of the target type. Note that if S_Typ is within the bounds
3074 -- of Target_Typ then this must be the case. This check is meaningful
3075 -- only if this is not a conversion between integer and real types.
3077 if not Is_Unconstrained_Subscr_Ref
3079 and then
3082 -- Also check if the expression itself is in the range of the
3083 -- target type if it is a known at compile time value. We skip
3084 -- this test if S_Typ is set since for OUT and IN OUT parameters
3085 -- the Expr itself is not relevant to the checking.
3087 or else
3093 then
3100 then
3101 Bad_Value;
3104 -- Floating-point case
3105 -- In the floating-point case, we only do range checks if the type is
3106 -- constrained. We definitely do NOT want range checks for unconstrained
3107 -- types, since we want to have infinities, except when
3108 -- Check_Float_Overflow is set.
3115 -- For all other cases we enable a range check unconditionally
3117 else
3123 ----------------------------------
3124 -- Apply_Selected_Length_Checks --
3125 ----------------------------------
3127 procedure Apply_Selected_Length_Checks
3132 is
3135 or else
3144 begin
3145 -- Only apply checks when generating code
3147 -- Note: this means that we lose some useful warnings if the expander
3148 -- is not active.
3154 R_Result :=
3161 -- A length check may mention an Itype which is attached to a
3162 -- subsequent node. At the top level in a package this can cause
3163 -- an order-of-elaboration problem, so we make sure that the itype
3164 -- is referenced now.
3168 then
3179 -- If the item is a conditional raise of constraint error, then have
3180 -- a look at what check is being performed and ???
3184 then
3187 -- Case where node does not now have a dynamic check
3191 -- If checks are on, just insert the check
3200 -- If checks are off, then analyze the length check after
3201 -- temporarily attaching it to the tree in case the relevant
3202 -- condition can be evaluated at compile time. We still want a
3203 -- compile time warning in this case.
3205 else
3211 -- Output a warning if the condition is known to be True
3215 then
3216 Apply_Compile_Time_Constraint_Error
3218 CE_Length_Check_Failed,
3222 -- If we were only doing a static check, or if checks are not
3223 -- on, then we want to delete the check, since it is not needed.
3224 -- We do this by replacing the if statement by a null statement
3231 else
3237 ---------------------------------
3238 -- Apply_Selected_Range_Checks --
3239 ---------------------------------
3241 procedure Apply_Selected_Range_Checks
3246 is
3249 or else
3258 begin
3259 -- Only apply checks when generating code. In GNATprove mode, we do not
3260 -- apply the checks, but we still call Selected_Range_Checks to possibly
3261 -- issue errors on SPARK code when a run-time error can be detected at
3262 -- compile time.
3270 R_Result :=
3281 -- The range check requires runtime evaluation. Depending on what its
3282 -- triggering condition is, the check may be converted into a compile
3283 -- time constraint check.
3287 then
3290 -- Insert the range check before the related context. Note that
3291 -- this action analyses the triggering condition.
3295 -- This old code doesn't make sense, why is the context flagged as
3296 -- requiring dynamic range checks now in the middle of generating
3297 -- them ???
3303 -- The triggering condition evaluates to True, the range check
3304 -- can be converted into a compile time constraint check.
3308 then
3309 -- Since an N_Range is technically not an expression, we have
3310 -- to set one of the bounds to C_E and then just flag the
3311 -- N_Range. The warning message will point to the lower bound
3312 -- and complain about a range, which seems OK.
3315 Apply_Compile_Time_Constraint_Error
3318 CE_Range_Check_Failed,
3324 else
3325 Apply_Compile_Time_Constraint_Error
3328 CE_Range_Check_Failed,
3333 -- If we were only doing a static check, or if checks are not
3334 -- on, then we want to delete the check, since it is not needed.
3335 -- We do this by replacing the if statement by a null statement
3342 -- The range check raises Constraint_Error explicitly
3344 else
3350 -------------------------------
3351 -- Apply_Static_Length_Check --
3352 -------------------------------
3354 procedure Apply_Static_Length_Check
3358 is
3359 begin
3360 Apply_Selected_Length_Checks
3364 -------------------------------------
3365 -- Apply_Subscript_Validity_Checks --
3366 -------------------------------------
3371 begin
3374 -- Loop through subscripts
3379 -- Check one subscript. Note that we do not worry about enumeration
3380 -- type with holes, since we will convert the value to a Pos value
3381 -- for the subscript, and that convert will do the necessary validity
3382 -- check.
3386 -- Move to next subscript
3392 ----------------------------------
3393 -- Apply_Type_Conversion_Checks --
3394 ----------------------------------
3402 -- Note: if Etype (Expr) is a private type without discriminants, its
3403 -- full view might have discriminants with defaults, so we need the
3404 -- full view here to retrieve the constraints.
3406 begin
3410 -- Skip these checks if serious errors detected, there are some nasty
3411 -- situations of incomplete trees that blow things up.
3416 -- Never generate discriminant checks for Unchecked_Union types
3420 then
3423 -- Scalar type conversions of the form Target_Type (Expr) require a
3424 -- range check if we cannot be sure that Expr is in the base type of
3425 -- Target_Typ and also that Expr is in the range of Target_Typ. These
3426 -- are not quite the same condition from an implementation point of
3427 -- view, but clearly the second includes the first.
3430 declare
3432 -- If the Conversion_OK flag on the type conversion is set and no
3433 -- floating-point type is involved in the type conversion then
3434 -- fixed-point values must be read as integral values.
3440 begin
3443 and then not
3445 and then not Float_To_Int
3446 then
3447 -- A small optimization: the attribute 'Pos applied to an
3448 -- enumeration type has a known range, even though its type is
3449 -- Universal_Integer. So in numeric conversions it is usually
3450 -- within range of the target integer type. Use the static
3451 -- bounds of the base types to check. Disable this optimization
3452 -- in case of a generic formal discrete type, because we don't
3453 -- necessarily know the upper bound yet.
3460 then
3461 declare
3469 begin
3470 -- Character types have no explicit literals, so we use
3471 -- the known number of characters in the type.
3478 then
3481 else
3482 Last_E :=
3483 Enumeration_Pos
3490 else
3495 else
3502 then
3503 if Float_To_Int
3504 and then not GNATprove_Mode
3505 then
3507 else
3508 Apply_Scalar_Range_Check
3511 -- If the target type has predicates, we need to indicate
3512 -- the need for a check, even if Determine_Range finds that
3513 -- the value is within bounds. This may be the case e.g for
3514 -- a division with a constant denominator.
3530 then
3531 -- An unconstrained derived type may have inherited discriminant.
3532 -- Build an actual discriminant constraint list using the stored
3533 -- constraint, to verify that the expression of the parent type
3534 -- satisfies the constraints imposed by the (unconstrained) derived
3535 -- type. This applies to value conversions, not to view conversions
3536 -- of tagged types.
3538 declare
3549 begin
3556 then
3561 then
3562 -- Parent is constrained by new discriminant. Obtain
3563 -- Value of original discriminant in expression. If the
3564 -- new discriminant has been used to constrain more than
3565 -- one of the stored discriminants, this will provide the
3566 -- required consistency check.
3568 Append_Elmt
3570 Prefix =>
3571 Duplicate_Subexpr_No_Checks
3573 Selector_Name =>
3575 New_Constraints);
3577 else
3578 -- Discriminant of more remote ancestor ???
3583 -- Derived type definition has an explicit value for this
3584 -- stored discriminant.
3586 else
3587 Append_Elmt
3589 New_Constraints);
3595 -- Use the unconstrained expression type to retrieve the
3596 -- discriminants of the parent, and apply momentarily the
3597 -- discriminant constraint synthesized above.
3609 -- For arrays, checks are set now, but conversions are applied during
3610 -- expansion, to take into accounts changes of representation. The
3611 -- checks become range checks on the base type or length checks on the
3612 -- subtype, depending on whether the target type is unconstrained or
3613 -- constrained. Note that the range check is put on the expression of a
3614 -- type conversion, while the length check is put on the type conversion
3615 -- itself.
3620 else
3626 ----------------------------------------------
3627 -- Apply_Universal_Integer_Attribute_Checks --
3628 ----------------------------------------------
3634 begin
3638 -- Nothing to do if checks are suppressed
3642 then
3645 -- Nothing to do if the attribute does not come from source. The
3646 -- internal attributes we generate of this type do not need checks,
3647 -- and furthermore the attempt to check them causes some circular
3648 -- elaboration orders when dealing with packed types.
3653 -- If the prefix is a selected component that depends on a discriminant
3654 -- the check may improperly expose a discriminant instead of using
3655 -- the bounds of the object itself. Set the type of the attribute to
3656 -- the base type of the context, so that a check will be imposed when
3657 -- needed (e.g. if the node appears as an index).
3662 then
3665 -- Otherwise, replace the attribute node with a type conversion node
3666 -- whose expression is the attribute, retyped to universal integer, and
3667 -- whose subtype mark is the target type. The call to analyze this
3668 -- conversion will set range and overflow checks as required for proper
3669 -- detection of an out of range value.
3671 else
3685 -------------------------------------
3686 -- Atomic_Synchronization_Disabled --
3687 -------------------------------------
3689 -- Note: internally Disable/Enable_Atomic_Synchronization is implemented
3690 -- using a bogus check called Atomic_Synchronization. This is to make it
3691 -- more convenient to get exactly the same semantics as [Un]Suppress.
3694 begin
3695 -- If debug flag d.e is set, always return False, i.e. all atomic sync
3696 -- looks enabled, since it is never disabled.
3701 -- If debug flag d.d is set then always return True, i.e. all atomic
3702 -- sync looks disabled, since it always tests True.
3707 -- If entity present, then check result for that entity
3712 -- Otherwise result depends on current scope setting
3714 else
3719 -------------------------------
3720 -- Build_Discriminant_Checks --
3721 -------------------------------
3723 function Build_Discriminant_Checks
3726 is
3736 ----------------------------------
3737 -- Aggregate_Discriminant_Value --
3738 ----------------------------------
3743 begin
3744 -- The aggregate has been normalized with named associations. We use
3745 -- the Chars field to locate the discriminant to take into account
3746 -- discriminants in derived types, which carry the same name as those
3747 -- in the parent.
3753 else
3758 -- Discriminant must have been found in the loop above
3763 -- Start of processing for Build_Discriminant_Checks
3765 begin
3766 -- Loop through discriminants evolving the condition
3771 -- For a fully private type, use the discriminants of the parent type
3775 then
3777 else
3786 then
3788 else
3792 -- If we have an Unchecked_Union node, we can infer the discriminants
3793 -- of the node.
3797 Get_Discriminant_Value (
3799 T_Typ,
3803 Dref :=
3804 Duplicate_Subexpr_No_Checks
3807 else
3808 Dref :=
3810 Prefix =>
3829 ------------------
3830 -- Check_Needed --
3831 ------------------
3841 -- Return the relevant expression from the left operand of the given
3842 -- short circuit form: this is LO itself, except if LO is a qualified
3843 -- expression, a type conversion, or an expression with actions, in
3844 -- which case this is Left_Expression (Expression (LO)).
3846 ---------------------
3847 -- Left_Expression --
3848 ---------------------
3852 begin
3854 N_Type_Conversion,
3855 N_Expression_With_Actions)
3856 loop
3863 -- Start of processing for Check_Needed
3865 begin
3866 -- Always check if not simple entity
3870 then
3874 -- Look up tree for short circuit
3877 loop
3881 -- Done if out of subexpression (note that we allow generated stuff
3882 -- such as itype declarations in this context, to keep the loop going
3883 -- since we may well have generated such stuff in complex situations.
3884 -- Also done if no parent (probably an error condition, but no point
3885 -- in behaving nasty if we find it).
3889 then
3892 -- Or/Or Else case, where test is part of the right operand, or is
3893 -- part of one of the actions associated with the right operand, and
3894 -- the left operand is an equality test.
3902 or else
3907 -- Similar test for the And/And then case, where the left operand
3908 -- is an inequality test.
3916 or else
3925 -- If we fall through the loop, then we have a conditional with an
3926 -- appropriate test as its left operand, so look further.
3930 -- L is an "=" or "/=" operator: extract its operands
3935 -- Left operand of test must match original variable
3941 -- Right operand of test must be key value (zero or null)
3952 then
3960 -- Here we have the optimizable case, warn if not short-circuited
3968 Error_Msg_N
3971 else
3972 Error_Msg_N
3979 Error_Msg_N
3982 else
3983 Error_Msg_N
3993 Error_Msg_N -- CODEFIX
3995 else
3996 Error_Msg_N -- CODEFIX
4000 -- If not short-circuited, we need the check
4004 -- If short-circuited, we can omit the check
4006 else
4011 -----------------------------------
4012 -- Check_Valid_Lvalue_Subscripts --
4013 -----------------------------------
4016 begin
4017 -- Skip this if range checks are suppressed
4022 -- Only do this check for expressions that come from source. We assume
4023 -- that expander generated assignments explicitly include any necessary
4024 -- checks. Note that this is not just an optimization, it avoids
4025 -- infinite recursions.
4030 -- For a selected component, check the prefix
4036 -- Case of indexed component
4041 -- Prefix may itself be or contain an indexed component, and these
4042 -- subscripts need checking as well.
4048 ----------------------------------
4049 -- Null_Exclusion_Static_Checks --
4050 ----------------------------------
4052 procedure Null_Exclusion_Static_Checks
4056 is
4063 begin
4064 pragma Assert
4066 N_Discriminant_Specification,
4067 N_Function_Specification,
4068 N_Object_Declaration,
4069 N_Parameter_Specification));
4073 else
4081 else
4103 -- Enforce legality rule 3.10 (13): A null exclusion can only be
4104 -- applied to an access [sub]type.
4107 Error_Msg_N
4110 -- Enforce legality rule RM 3.10(14/1): A null exclusion can only
4111 -- be applied to a [sub]type that does not exclude null already.
4114 Error_Msg_NE
4120 -- Check that null-excluding objects are always initialized, except for
4121 -- deferred constants, for which the expression will appear in the full
4122 -- declaration.
4128 then
4131 -- Specialize the warning message to indicate that we are dealing
4132 -- with an uninitialized composite object that has a defaulted
4133 -- null-excluding component.
4138 Discard_Node
4139 (Compile_Time_Constraint_Error
4141 Msg =>
4142 "(Ada 2005) null-excluding component % of object % must "
4146 -- This is a case of an array with null-excluding components, so
4147 -- indicate that in the warning.
4150 Discard_Node
4151 (Compile_Time_Constraint_Error
4153 Msg =>
4154 "(Ada 2005) null-excluding array components must "
4158 -- Normal case of object of a null-excluding access type
4160 else
4161 -- Add an expression that assigns null. This node is needed by
4162 -- Apply_Compile_Time_Constraint_Error, which will replace this
4163 -- with a Constraint_Error node.
4168 Apply_Compile_Time_Constraint_Error
4170 Msg =>
4176 -- Check that a null-excluding component, formal or object is not being
4177 -- assigned a null value. Otherwise generate a warning message and
4178 -- replace Expression (N) by an N_Constraint_Error node.
4185 when N_Component_Declaration
4186 | N_Discriminant_Specification
4187 =>
4188 Apply_Compile_Time_Constraint_Error
4190 Msg =>
4191 "(Ada 2005) null not allowed in null-excluding "
4196 Apply_Compile_Time_Constraint_Error
4198 Msg =>
4199 "(Ada 2005) null not allowed in null-excluding "
4204 Apply_Compile_Time_Constraint_Error
4206 Msg =>
4207 "(Ada 2005) null not allowed in null-excluding "
4218 ----------------------------------
4219 -- Conditional_Statements_Begin --
4220 ----------------------------------
4223 begin
4226 -- If stack overflows, kill all checks, that way we know to simply reset
4227 -- the number of saved checks to zero on return. This should never occur
4228 -- in practice.
4231 Kill_All_Checks;
4233 -- In the normal case, we just make a new stack entry saving the current
4234 -- number of saved checks for a later restore.
4236 else
4241 Num_Saved_Checks);
4246 --------------------------------
4247 -- Conditional_Statements_End --
4248 --------------------------------
4251 begin
4254 -- If the saved checks stack overflowed, then we killed all checks, so
4255 -- setting the number of saved checks back to zero is correct. This
4256 -- should never occur in practice.
4261 -- In the normal case, restore the number of saved checks from the top
4262 -- stack entry.
4264 else
4269 Num_Saved_Checks);
4276 -------------------------
4277 -- Convert_From_Bignum --
4278 -------------------------
4283 begin
4286 -- Construct call From Bignum
4288 return
4290 Name =>
4295 -----------------------
4296 -- Convert_To_Bignum --
4297 -----------------------
4302 begin
4303 -- Nothing to do if Bignum already except call Relocate_Node
4308 -- Otherwise construct call to To_Bignum, converting the operand to the
4309 -- required Long_Long_Integer form.
4311 else
4313 return
4315 Name =>
4322 ---------------------
4323 -- Determine_Range --
4324 ---------------------
4328 -- Determine size of below cache (power of 2 is more efficient)
4336 -- The above arrays are used to implement a small direct cache for
4337 -- Determine_Range and Determine_Range_R calls. Because of the way these
4338 -- subprograms recursively traces subexpressions, and because overflow
4339 -- checking calls the routine on the way up the tree, a quadratic behavior
4340 -- can otherwise be encountered in large expressions. The cache entry for
4341 -- node N is stored in the (N mod Cache_Size) entry, and can be validated
4342 -- by checking the actual node value stored there. The Range_Cache_V array
4343 -- records the setting of Assume_Valid for the cache entry.
4345 procedure Determine_Range
4351 is
4353 -- Type to use, may get reset to base type for possibly invalid entity
4357 -- Lo and Hi bounds of left operand
4361 -- Lo and Hi bounds of right (or only) operand
4364 -- Temp variable used to hold a bound node
4367 -- High bound of base type of expression
4371 -- Refined values for low and high bounds, after tightening
4374 -- Used in lower level calls to indicate if call succeeded
4377 -- Used to search cache
4380 -- Base type
4383 -- Used for binary operators. Determines the ranges of the left and
4384 -- right operands, and if they are both OK, returns True, and puts
4385 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left.
4387 -----------------
4388 -- OK_Operands --
4389 -----------------
4392 begin
4393 Determine_Range
4400 Determine_Range
4405 -- Start of processing for Determine_Range
4407 begin
4408 -- Prevent junk warnings by initializing range variables
4415 -- For temporary constants internally generated to remove side effects
4416 -- we must use the corresponding expression to determine the range of
4417 -- the expression. But note that the expander can also generate
4418 -- constants in other cases, including deferred constants.
4424 then
4426 Determine_Range
4430 Determine_Range
4434 else
4440 -- If type is not defined, we can't determine its range
4444 -- We don't deal with anything except discrete types
4448 -- Ignore type for which an error has been posted, since range in
4449 -- this case may well be a bogosity deriving from the error. Also
4450 -- ignore if error posted on the reference node.
4453 then
4458 -- For all other cases, we can determine the range
4462 -- If value is compile time known, then the possible range is the one
4463 -- value that we know this expression definitely has.
4471 -- Return if already in the cache
4476 and then
4478 then
4484 -- Otherwise, start by finding the bounds of the type of the expression,
4485 -- the value cannot be outside this range (if it is, then we have an
4486 -- overflow situation, which is a separate check, we are talking here
4487 -- only about the expression value).
4489 -- First a check, never try to find the bounds of a generic type, since
4490 -- these bounds are always junk values, and it is only valid to look at
4491 -- the bounds in an instance.
4498 -- First step, change to use base type unless we know the value is valid
4501 or else Assume_No_Invalid_Values
4502 or else Assume_Valid
4503 then
4505 else
4509 -- Retrieve the base type. Handle the case where the base type is a
4510 -- private enumeration type.
4518 -- We use the actual bound unless it is dynamic, in which case use the
4519 -- corresponding base type bound if possible. If we can't get a bound
4520 -- then we figure we can't determine the range (a peculiar case, that
4521 -- perhaps cannot happen, but there is no point in bombing in this
4522 -- optimization circuit.
4524 -- First the low bound
4534 else
4539 -- Now the high bound
4543 -- We need the high bound of the base type later on, and this should
4544 -- always be compile time known. Again, it is not clear that this
4545 -- can ever be false, but no point in bombing.
4551 else
4556 -- If we have a static subtype, then that may have a tighter bound so
4557 -- use the upper bound of the subtype instead in this case.
4563 -- We may be able to refine this value in certain situations. If any
4564 -- refinement is possible, then Lor and Hir are set to possibly tighter
4565 -- bounds, and OK1 is set to True.
4569 -- For unary plus, result is limited by range of operand
4572 Determine_Range
4575 -- For unary minus, determine range of operand, and negate it
4578 Determine_Range
4586 -- For binary addition, get range of each operand and do the
4587 -- addition to get the result range.
4595 -- Division is tricky. The only case we consider is where the right
4596 -- operand is a positive constant, and in this case we simply divide
4597 -- the bounds of the left operand
4603 then
4606 else
4611 -- For binary subtraction, get range of each operand and do the worst
4612 -- case subtraction to get the result range.
4620 -- For MOD, if right operand is a positive constant, then result must
4621 -- be in the allowable range of mod results.
4627 then
4637 else
4642 -- For REM, if right operand is a positive constant, then result must
4643 -- be in the allowable range of mod results.
4648 declare
4651 begin
4652 -- The sign of the result depends on the sign of the
4653 -- dividend (but not on the sign of the divisor, hence
4654 -- the abs operation above).
4658 else
4664 else
4669 else
4674 -- Attribute reference cases
4679 -- For Pos/Val attributes, we can refine the range using the
4680 -- possible range of values of the attribute expression.
4682 when Name_Pos
4683 | Name_Val
4684 =>
4685 Determine_Range
4688 -- For Length attribute, use the bounds of the corresponding
4689 -- index type to refine the range.
4692 declare
4700 begin
4705 -- For string literal, we know exact value
4714 -- Otherwise check for expression given
4718 else
4719 Inum :=
4728 -- If the index type is a formal type or derived from
4729 -- one, the bounds are not static.
4736 Determine_Range
4738 Assume_Valid);
4741 Determine_Range
4743 Assume_Valid);
4747 -- The maximum value for Length is the biggest
4748 -- possible gap between the values of the bounds.
4749 -- But of course, this value cannot be negative.
4753 -- For constrained arrays, the minimum value for
4754 -- Length is taken from the actual value of the
4755 -- bounds, since the index will be exactly of this
4756 -- subtype.
4761 -- For an unconstrained array, the minimum value
4762 -- for length is always zero.
4764 else
4771 -- No special handling for other attributes
4772 -- Probably more opportunities exist here???
4781 -- For type conversion from one discrete type to another, we can
4782 -- refine the range using the converted value.
4787 -- When converting a float to an integer type, determine the range
4788 -- in real first, and then convert the bounds using UR_To_Uint
4789 -- which correctly rounds away from zero when half way between two
4790 -- integers, as required by normal Ada 95 rounding semantics. It
4791 -- is only possible because analysis in GNATprove rules out the
4792 -- possibility of a NaN or infinite value.
4794 elsif GNATprove_Mode
4796 then
4797 declare
4799 begin
4801 Assume_Valid);
4809 else
4813 -- Nothing special to do for all other expression kinds
4821 -- At this stage, if OK1 is true, then we know that the actual result of
4822 -- the computed expression is in the range Lor .. Hir. We can use this
4823 -- to restrict the possible range of results.
4827 -- If the refined value of the low bound is greater than the type
4828 -- low bound, then reset it to the more restrictive value. However,
4829 -- we do NOT do this for the case of a modular type where the
4830 -- possible upper bound on the value is above the base type high
4831 -- bound, because that means the result could wrap.
4835 then
4839 -- Similarly, if the refined value of the high bound is less than the
4840 -- value so far, then reset it to the more restrictive value. Again,
4841 -- we do not do this if the refined low bound is negative for a
4842 -- modular type, since this would wrap.
4846 then
4851 -- Set cache entry for future call and we are all done
4859 -- If any exception occurs, it means that we have some bug in the compiler,
4860 -- possibly triggered by a previous error, or by some unforeseen peculiar
4861 -- occurrence. However, this is only an optimization attempt, so there is
4862 -- really no point in crashing the compiler. Instead we just decide, too
4863 -- bad, we can't figure out a range in this case after all.
4865 exception
4868 -- Debug flag K disables this behavior (useful for debugging)
4872 else
4880 -----------------------
4881 -- Determine_Range_R --
4882 -----------------------
4884 procedure Determine_Range_R
4890 is
4892 -- Type to use, may get reset to base type for possibly invalid entity
4896 -- Lo and Hi bounds of left operand
4900 -- Lo and Hi bounds of right (or only) operand
4903 -- Temp variable used to hold a bound node
4906 -- High bound of base type of expression
4910 -- Refined values for low and high bounds, after tightening
4913 -- Used in lower level calls to indicate if call succeeded
4916 -- Used to search cache
4919 -- Base type
4922 -- Used for binary operators. Determines the ranges of the left and
4923 -- right operands, and if they are both OK, returns True, and puts
4924 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left.
4927 -- B is a real bound. Round it using mode Round_Even.
4929 -----------------
4930 -- OK_Operands --
4931 -----------------
4934 begin
4935 Determine_Range_R
4942 Determine_Range_R
4947 -------------------
4948 -- Round_Machine --
4949 -------------------
4952 begin
4956 -- Start of processing for Determine_Range_R
4958 begin
4959 -- Prevent junk warnings by initializing range variables
4966 -- For temporary constants internally generated to remove side effects
4967 -- we must use the corresponding expression to determine the range of
4968 -- the expression. But note that the expander can also generate
4969 -- constants in other cases, including deferred constants.
4975 then
4977 Determine_Range_R
4981 Determine_Range_R
4985 else
4992 -- If type is not defined, we can't determine its range
4996 -- We don't deal with anything except IEEE floating-point types
5001 -- Ignore type for which an error has been posted, since range in
5002 -- this case may well be a bogosity deriving from the error. Also
5003 -- ignore if error posted on the reference node.
5006 then
5011 -- For all other cases, we can determine the range
5015 -- If value is compile time known, then the possible range is the one
5016 -- value that we know this expression definitely has.
5024 -- Return if already in the cache
5029 and then
5031 then
5037 -- Otherwise, start by finding the bounds of the type of the expression,
5038 -- the value cannot be outside this range (if it is, then we have an
5039 -- overflow situation, which is a separate check, we are talking here
5040 -- only about the expression value).
5042 -- First a check, never try to find the bounds of a generic type, since
5043 -- these bounds are always junk values, and it is only valid to look at
5044 -- the bounds in an instance.
5051 -- First step, change to use base type unless we know the value is valid
5054 or else Assume_No_Invalid_Values
5055 or else Assume_Valid
5056 then
5058 else
5062 -- Retrieve the base type. Handle the case where the base type is a
5063 -- private type.
5071 -- We use the actual bound unless it is dynamic, in which case use the
5072 -- corresponding base type bound if possible. If we can't get a bound
5073 -- then we figure we can't determine the range (a peculiar case, that
5074 -- perhaps cannot happen, but there is no point in bombing in this
5075 -- optimization circuit).
5077 -- First the low bound
5087 else
5092 -- Now the high bound
5096 -- We need the high bound of the base type later on, and this should
5097 -- always be compile time known. Again, it is not clear that this
5098 -- can ever be false, but no point in bombing.
5104 else
5109 -- If we have a static subtype, then that may have a tighter bound so
5110 -- use the upper bound of the subtype instead in this case.
5116 -- We may be able to refine this value in certain situations. If any
5117 -- refinement is possible, then Lor and Hir are set to possibly tighter
5118 -- bounds, and OK1 is set to True.
5122 -- For unary plus, result is limited by range of operand
5125 Determine_Range_R
5128 -- For unary minus, determine range of operand, and negate it
5131 Determine_Range_R
5139 -- For binary addition, get range of each operand and do the
5140 -- addition to get the result range.
5148 -- For binary subtraction, get range of each operand and do the worst
5149 -- case subtraction to get the result range.
5157 -- For multiplication, get range of each operand and do the
5158 -- four multiplications to get the result range.
5162 declare
5168 begin
5174 -- For division, consider separately the cases where the right
5175 -- operand is positive or negative. Otherwise, the right operand
5176 -- can be arbitrarily close to zero, so the result is likely to
5177 -- be unbounded in one direction, do not attempt to compute it.
5182 -- Right operand is positive
5186 -- If the low bound of the left operand is negative, obtain
5187 -- the overall low bound by dividing it by the smallest
5188 -- value of the right operand, and otherwise by the largest
5189 -- value of the right operand.
5193 else
5197 -- If the high bound of the left operand is negative, obtain
5198 -- the overall high bound by dividing it by the largest
5199 -- value of the right operand, and otherwise by the
5200 -- smallest value of the right operand.
5204 else
5208 -- Right operand is negative
5212 -- If the low bound of the left operand is negative, obtain
5213 -- the overall low bound by dividing it by the largest
5214 -- value of the right operand, and otherwise by the smallest
5215 -- value of the right operand.
5219 else
5223 -- If the high bound of the left operand is negative, obtain
5224 -- the overall high bound by dividing it by the smallest
5225 -- value of the right operand, and otherwise by the
5226 -- largest value of the right operand.
5230 else
5234 else
5241 -- For type conversion from one floating-point type to another, we
5242 -- can refine the range using the converted value.
5247 -- When converting an integer to a floating-point type, determine
5248 -- the range in integer first, and then convert the bounds.
5251 declare
5255 begin
5256 Determine_Range
5265 else
5269 -- Nothing special to do for all other expression kinds
5277 -- At this stage, if OK1 is true, then we know that the actual result of
5278 -- the computed expression is in the range Lor .. Hir. We can use this
5279 -- to restrict the possible range of results.
5283 -- If the refined value of the low bound is greater than the type
5284 -- low bound, then reset it to the more restrictive value.
5290 -- Similarly, if the refined value of the high bound is less than the
5291 -- value so far, then reset it to the more restrictive value.
5298 -- Set cache entry for future call and we are all done
5306 -- If any exception occurs, it means that we have some bug in the compiler,
5307 -- possibly triggered by a previous error, or by some unforeseen peculiar
5308 -- occurrence. However, this is only an optimization attempt, so there is
5309 -- really no point in crashing the compiler. Instead we just decide, too
5310 -- bad, we can't figure out a range in this case after all.
5312 exception
5315 -- Debug flag K disables this behavior (useful for debugging)
5319 else
5327 ------------------------------------
5328 -- Discriminant_Checks_Suppressed --
5329 ------------------------------------
5332 begin
5344 --------------------------------
5345 -- Division_Checks_Suppressed --
5346 --------------------------------
5349 begin
5352 else
5357 --------------------------------------
5358 -- Duplicated_Tag_Checks_Suppressed --
5359 --------------------------------------
5362 begin
5365 else
5370 -----------------------------------
5371 -- Elaboration_Checks_Suppressed --
5372 -----------------------------------
5375 begin
5376 -- The complication in this routine is that if we are in the dynamic
5377 -- model of elaboration, we also check All_Checks, since All_Checks
5378 -- does not set Elaboration_Check explicitly.
5389 else
5399 else
5404 ---------------------------
5405 -- Enable_Overflow_Check --
5406 ---------------------------
5420 begin
5428 -- No check if overflow checks suppressed for type of node
5433 -- Nothing to do for unsigned integer types, which do not overflow
5439 -- This is the point at which processing for STRICT mode diverges
5440 -- from processing for MINIMIZED/ELIMINATED modes. This divergence is
5441 -- probably more extreme that it needs to be, but what is going on here
5442 -- is that when we introduced MINIMIZED/ELIMINATED modes, we wanted
5443 -- to leave the processing for STRICT mode untouched. There were
5444 -- two reasons for this. First it avoided any incompatible change of
5445 -- behavior. Second, it guaranteed that STRICT mode continued to be
5446 -- legacy reliable.
5448 -- The big difference is that in STRICT mode there is a fair amount of
5449 -- circuitry to try to avoid setting the Do_Overflow_Check flag if we
5450 -- know that no check is needed. We skip all that in the two new modes,
5451 -- since really overflow checking happens over a whole subtree, and we
5452 -- do the corresponding optimizations later on when applying the checks.
5458 then
5469 -- Remainder of processing is for STRICT case, and is unchanged from
5470 -- earlier versions preceding the addition of MINIMIZED/ELIMINATED.
5472 -- Nothing to do if the range of the result is known OK. We skip this
5473 -- for conversions, since the caller already did the check, and in any
5474 -- case the condition for deleting the check for a type conversion is
5475 -- different.
5480 -- Note in the test below that we assume that the range is not OK
5481 -- if a bound of the range is equal to that of the type. That's not
5482 -- quite accurate but we do this for the following reasons:
5484 -- a) The way that Determine_Range works, it will typically report
5485 -- the bounds of the value as being equal to the bounds of the
5486 -- type, because it either can't tell anything more precise, or
5487 -- does not think it is worth the effort to be more precise.
5489 -- b) It is very unusual to have a situation in which this would
5490 -- generate an unnecessary overflow check (an example would be
5491 -- a subtype with a range 0 .. Integer'Last - 1 to which the
5492 -- literal value one is added).
5494 -- c) The alternative is a lot of special casing in this routine
5495 -- which would partially duplicate Determine_Range processing.
5500 -- Note that the following checks are quite deliberately > and <
5501 -- rather than >= and <= as explained above.
5504 and then
5506 then
5509 -- Despite the comments above, it is worth dealing specially with
5510 -- division specially. The only case where integer division can
5511 -- overflow is (largest negative number) / (-1). So we will do
5512 -- an extra range analysis to see if this is possible.
5515 Determine_Range
5521 else
5522 Determine_Range
5526 or else
5528 then
5534 -- If no overflow check required, we are done
5546 -- If not in optimizing mode, set flag and we are done. We are also done
5547 -- (and just set the flag) if the type is not a discrete type, since it
5548 -- is not worth the effort to eliminate checks for other than discrete
5549 -- types. In addition, we take this same path if we have stored the
5550 -- maximum number of checks possible already (a very unlikely situation,
5551 -- but we do not want to blow up).
5556 then
5566 -- Otherwise evaluate and check the expression
5568 Find_Check
5589 -- If check is not of form to optimize, then set flag and we are done
5596 -- If check is already performed, then return without setting flag
5606 -- Here we will make a new entry for the new check
5626 -- If we get an exception, then something went wrong, probably because of
5627 -- an error in the structure of the tree due to an incorrect program. Or
5628 -- it may be a bug in the optimization circuit. In either case the safest
5629 -- thing is simply to set the check flag unconditionally.
5631 exception
5642 ------------------------
5643 -- Enable_Range_Check --
5644 ------------------------
5654 begin
5655 -- Return if unchecked type conversion with range check killed. In this
5656 -- case we never set the flag (that's what Kill_Range_Check is about).
5660 then
5664 -- Do not set range check flag if parent is assignment statement or
5665 -- object declaration with Suppress_Assignment_Checks flag set
5669 then
5673 -- Check for various cases where we should suppress the range check
5675 -- No check if range checks suppressed for type of node
5680 -- No check if node is an entity name, and range checks are suppressed
5681 -- for this entity, or for the type of this entity.
5686 then
5689 -- No checks if index of array, and index checks are suppressed for
5690 -- the array object or the type of the array.
5693 declare
5695 begin
5698 then
5706 -- Debug trace output
5715 -- If not in optimizing mode, set flag and we are done. We are also done
5716 -- (and just set the flag) if the type is not a discrete type, since it
5717 -- is not worth the effort to eliminate checks for other than discrete
5718 -- types. In addition, we take this same path if we have stored the
5719 -- maximum number of checks possible already (a very unlikely situation,
5720 -- but we do not want to blow up).
5726 then
5736 -- Otherwise find out the target type
5740 -- For assignment, use left side subtype
5744 then
5747 -- For indexed component, use subscript subtype
5750 declare
5755 begin
5761 -- If the prefix is an access to an unconstrained array,
5762 -- perform check unconditionally: it depends on the bounds of
5763 -- an object and we cannot currently recognize whether the test
5764 -- may be redundant.
5771 -- Ditto if prefix is simply an unconstrained array. We used
5772 -- to think this case was OK, if the prefix was not an explicit
5773 -- dereference, but we have now seen a case where this is not
5774 -- true, so it is safer to just suppress the optimization in this
5775 -- case. The back end is getting better at eliminating redundant
5776 -- checks in any case, so the loss won't be important.
5780 then
5787 loop
5798 -- For now, ignore all other cases, they are not so interesting
5800 else
5809 -- Evaluate and check the expression
5811 Find_Check
5833 -- If check is not of form to optimize, then set flag and we are done
5844 -- If check is already performed, then return without setting flag
5854 -- Here we will make a new entry for the new check
5875 -- If we get an exception, then something went wrong, probably because of
5876 -- an error in the structure of the tree due to an incorrect program. Or
5877 -- it may be a bug in the optimization circuit. In either case the safest
5878 -- thing is simply to set the check flag unconditionally.
5880 exception
5891 ------------------
5892 -- Ensure_Valid --
5893 ------------------
5895 procedure Ensure_Valid
5901 is
5904 begin
5905 -- Ignore call if we are not doing any validity checking
5910 -- Ignore call if range or validity checks suppressed on entity or type
5915 -- No check required if expression is from the expander, we assume the
5916 -- expander will generate whatever checks are needed. Note that this is
5917 -- not just an optimization, it avoids infinite recursions.
5919 -- Unchecked conversions must be checked, unless they are initialized
5920 -- scalar values, as in a component assignment in an init proc.
5922 -- In addition, we force a check if Force_Validity_Checks is set
5925 and then not Force_Validity_Checks
5928 then
5931 -- No check required if expression is known to have valid value
5936 -- No check needed within a generated predicate function. Validity
5937 -- of input value will have been checked earlier.
5941 then
5944 -- Ignore case of enumeration with holes where the flag is set not to
5945 -- worry about holes, since no special validity check is needed
5949 and then Holes_OK
5950 then
5953 -- No check required on the left-hand side of an assignment
5957 then
5960 -- No check on a universal real constant. The context will eventually
5961 -- convert it to a machine number for some target type, or report an
5962 -- illegality.
5966 then
5969 -- If the expression denotes a component of a packed boolean array,
5970 -- no possible check applies. We ignore the old ACATS chestnuts that
5971 -- involve Boolean range True..True.
5973 -- Note: validity checks are generated for expressions that yield a
5974 -- scalar type, when it is possible to create a value that is outside of
5975 -- the type. If this is a one-bit boolean no such value exists. This is
5976 -- an optimization, and it also prevents compiler blowing up during the
5977 -- elaboration of improperly expanded packed array references.
5982 then
5985 -- For an expression with actions, we want to insert the validity check
5986 -- on the final Expression.
5992 -- An annoying special case. If this is an out parameter of a scalar
5993 -- type, then the value is not going to be accessed, therefore it is
5994 -- inappropriate to do any validity check at the call site.
5996 else
5997 -- Only need to worry about scalar types
6000 declare
6008 begin
6009 -- Find actual argument (which may be a parameter association)
6010 -- and the parent of the actual argument (the call statement)
6020 -- Only need to worry if we are argument of a procedure call
6021 -- since functions don't have out parameters. If this is an
6022 -- indirect or dispatching call, get signature from the
6023 -- subprogram type.
6030 else
6035 -- Only need to worry if there are indeed actuals, and if
6036 -- this could be a procedure call, otherwise we cannot get a
6037 -- match (either we are not an argument, or the mode of the
6038 -- formal is not OUT). This test also filters out the
6039 -- generic case.
6043 -- This is the loop through parameters, looking for an
6044 -- OUT parameter for which we are the argument.
6062 -- If this is a boolean expression, only its elementary operands need
6063 -- checking: if they are valid, a boolean or short-circuit operation
6064 -- with them will be valid as well.
6067 and then
6069 then
6073 -- If we fall through, a validity check is required
6079 then
6084 ----------------------
6085 -- Expr_Known_Valid --
6086 ----------------------
6091 begin
6092 -- Non-scalar types are always considered valid, since they never give
6093 -- rise to the issues of erroneous or bounded error behavior that are
6094 -- the concern. In formal reference manual terms the notion of validity
6095 -- only applies to scalar types. Note that even when packed arrays are
6096 -- represented using modular types, they are still arrays semantically,
6097 -- so they are also always valid (in particular, the unused bits can be
6098 -- random rubbish without affecting the validity of the array value).
6103 -- If no validity checking, then everything is considered valid
6108 -- Floating-point types are considered valid unless floating-point
6109 -- validity checks have been specifically turned on.
6112 and then not Validity_Check_Floating_Point
6113 then
6116 -- If the expression is the value of an object that is known to be
6117 -- valid, then clearly the expression value itself is valid.
6122 -- Exclude volatile variables
6125 then
6128 -- References to discriminants are always considered valid. The value
6129 -- of a discriminant gets checked when the object is built. Within the
6130 -- record, we consider it valid, and it is important to do so, since
6131 -- otherwise we can try to generate bogus validity checks which
6132 -- reference discriminants out of scope. Discriminants of concurrent
6133 -- types are excluded for the same reason.
6137 then
6140 -- If the type is one for which all values are known valid, then we are
6141 -- sure that the value is valid except in the slightly odd case where
6142 -- the expression is a reference to a variable whose size has been
6143 -- explicitly set to a value greater than the object size.
6149 then
6151 else
6155 -- Integer and character literals always have valid values, where
6156 -- appropriate these will be range checked in any case.
6161 -- If we have a type conversion or a qualification of a known valid
6162 -- value, then the result will always be valid.
6167 -- Case of expression is a non-floating-point operator. In this case we
6168 -- can assume the result is valid the generated code for the operator
6169 -- will include whatever checks are needed (e.g. range checks) to ensure
6170 -- validity. This assumption does not hold for the floating-point case,
6171 -- since floating-point operators can generate Infinite or NaN results
6172 -- which are considered invalid.
6174 -- Historical note: in older versions, the exemption of floating-point
6175 -- types from this assumption was done only in cases where the parent
6176 -- was an assignment, function call or parameter association. Presumably
6177 -- the idea was that in other contexts, the result would be checked
6178 -- elsewhere, but this list of cases was missing tests (at least the
6179 -- N_Object_Declaration case, as shown by a reported missing validity
6180 -- check), and it is not clear why function calls but not procedure
6181 -- calls were tested for. It really seems more accurate and much
6182 -- safer to recognize that expressions which are the result of a
6183 -- floating-point operator can never be assumed to be valid.
6188 -- The result of a membership test is always valid, since it is true or
6189 -- false, there are no other possibilities.
6194 -- For all other cases, we do not know the expression is valid
6196 else
6201 ----------------
6202 -- Find_Check --
6203 ----------------
6205 procedure Find_Check
6213 is
6214 function Within_Range_Of
6217 -- Given a requirement for checking a range against Target_Type, and
6218 -- and a range Check_Type against which a check has already been made,
6219 -- determines if the check against check type is sufficient to ensure
6220 -- that no check against Target_Type is required.
6222 ---------------------
6223 -- Within_Range_Of --
6224 ---------------------
6226 function Within_Range_Of
6229 is
6230 begin
6234 else
6235 declare
6241 begin
6244 and then
6246 and then
6248 and then
6251 and then
6253 and then
6255 then
6257 else
6264 -- Start of processing for Find_Check
6266 begin
6267 -- Establish default, in case no entry is found
6271 -- Case of expression is simple entity reference
6277 -- Case of expression is entity + known constant
6282 then
6286 -- Case of expression is entity - known constant
6291 then
6295 -- Any other expression is not of the right form
6297 else
6304 -- Come here with expression of appropriate form, check if entity is an
6305 -- appropriate one for our purposes.
6310 then
6312 else
6317 -- See if there is matching check already
6320 declare
6322 begin
6328 then
6335 -- If we fall through entry was not found
6340 ---------------------------------
6341 -- Generate_Discriminant_Check --
6342 ---------------------------------
6344 -- Note: the code for this procedure is derived from the
6345 -- Emit_Discriminant_Check Routine in trans.c.
6354 -- The original component to be checked
6358 -- The discriminant checking function
6361 -- One discriminant to be checked in the type
6364 -- Actual discriminant in the call
6367 -- Type of relevant prefix (ignoring private/access stuff)
6370 -- List of arguments for function call
6373 -- Keep track of the formal corresponding to the actual we build for
6374 -- each discriminant, in order to be able to perform the necessary type
6375 -- conversions.
6378 -- Selected component reference for checking function argument
6380 begin
6383 -- Force evaluation of the prefix, so that it does not get evaluated
6384 -- twice (once for the check, once for the actual reference). Such a
6385 -- double evaluation is always a potential source of inefficiency, and
6386 -- is functionally incorrect in the volatile case, or when the prefix
6387 -- may have side effects. A nonvolatile entity or a component of a
6388 -- nonvolatile entity requires no evaluation.
6400 then
6403 else
6407 -- For a tagged type, use the scope of the original component to
6408 -- obtain the type, because ???
6413 -- For an untagged derived type, use the discriminants of the parent
6414 -- which have been renamed in the derivation, possibly by a one-to-many
6415 -- discriminant constraint. For untagged type, initially get the Etype
6416 -- of the prefix
6418 else
6422 then
6427 -- We definitely should have a checking function, This routine should
6428 -- not be called if no discriminant checking function is present.
6432 -- Create the list of the actual parameters for the call. This list
6433 -- is the list of the discriminant fields of the record expression to
6434 -- be discriminant checked.
6441 -- If we have a corresponding discriminant field, and a parent
6442 -- subtype is present, then we want to use the corresponding
6443 -- discriminant since this is the one with the useful value.
6448 then
6450 else
6454 -- Construct the reference to the discriminant
6456 Scomp :=
6458 Prefix =>
6463 -- Manually analyze and resolve this selected component. We really
6464 -- want it just as it appears above, and do not want the expander
6465 -- playing discriminal games etc with this reference. Then we append
6466 -- the argument to the list we are gathering.
6476 -- Now build and insert the call
6480 Condition =>
6487 ---------------------------
6488 -- Generate_Index_Checks --
6489 ---------------------------
6494 -- Returns the entity of the prefix of N (or Empty if not found)
6496 ----------------------
6497 -- Entity_Of_Prefix --
6498 ----------------------
6503 begin
6507 N_Indexed_Component)
6508 then
6518 -- Local variables
6525 -- Start of processing for Generate_Index_Checks
6527 begin
6528 -- Ignore call if the prefix is not an array since we have a serious
6529 -- error in the sources. Ignore it also if index checks are suppressed
6530 -- for array object or type.
6535 then
6538 -- The indexed component we are dealing with contains 'Loop_Entry in its
6539 -- prefix. This case arises when analysis has determined that constructs
6540 -- such as
6542 -- Prefix'Loop_Entry (Expr)
6543 -- Prefix'Loop_Entry (Expr1, Expr2, ... ExprN)
6545 -- require rewriting for error detection purposes. A side effect of this
6546 -- action is the generation of index checks that mention 'Loop_Entry.
6547 -- Delay the generation of the check until 'Loop_Entry has been properly
6548 -- expanded. This is done in Expand_Loop_Entry_Attributes.
6552 then
6556 -- Generate a raise of constraint error with the appropriate reason and
6557 -- a condition of the form:
6559 -- Base_Type (Sub) not in Array'Range (Subscript)
6561 -- Note that the reason we generate the conversion to the base type here
6562 -- is that we definitely want the range check to take place, even if it
6563 -- looks like the subtype is OK. Optimization considerations that allow
6564 -- us to omit the check have already been taken into account in the
6565 -- setting of the Do_Range_Check flag earlier on.
6569 -- Handle string literals
6575 -- For string literals we obtain the bounds of the string from the
6576 -- associated subtype.
6580 Condition =>
6582 Left_Opnd =>
6585 Right_Opnd =>
6592 -- General case
6594 else
6595 declare
6602 begin
6609 -- Force evaluation except for the case of a simple name of
6610 -- a nonvolatile entity.
6614 then
6623 then
6630 -- For array objects with constant bounds we can generate
6631 -- the index check using the bounds of the type of the index
6637 then
6638 Range_N :=
6640 Prefix =>
6644 -- For arrays with non-constant bounds we cannot generate
6645 -- the index check using the bounds of the type of the index
6646 -- since it may reference discriminants of some enclosing
6647 -- type. We obtain the bounds directly from the prefix
6648 -- object.
6650 else
6653 else
6657 Range_N :=
6659 Prefix =>
6667 Condition =>
6669 Left_Opnd =>
6684 --------------------------
6685 -- Generate_Range_Check --
6686 --------------------------
6688 procedure Generate_Range_Check
6692 is
6699 -- Convert the conversion operand to the target base type and save in
6700 -- a temporary. Then check the converted value against the range of the
6701 -- target subtype.
6703 -----------------------------
6704 -- Convert_And_Check_Range --
6705 -----------------------------
6710 begin
6711 -- We make a temporary to hold the value of the converted value
6712 -- (converted to the base type), and then do the test against this
6713 -- temporary. The conversion itself is replaced by an occurrence of
6714 -- Tnn and followed by the explicit range check. Note that checks
6715 -- are suppressed for this code, since we don't want a recursive
6716 -- range check popping up.
6718 -- Tnn : constant Target_Base_Type := Target_Base_Type (N);
6719 -- [constraint_error when Tnn not in Target_Type]
6726 Expression =>
6732 Condition =>
6741 -- Set the type of N, because the declaration for Tnn might not
6742 -- be analyzed yet, as is the case if N appears within a record
6743 -- declaration, as a discriminant constraint or expression.
6748 -- Start of processing for Generate_Range_Check
6750 begin
6751 -- First special case, if the source type is already within the range
6752 -- of the target type, then no check is needed (probably we should have
6753 -- stopped Do_Range_Check from being set in the first place, but better
6754 -- late than never in preventing junk code and junk flag settings.
6758 -- We do NOT apply this if the source node is a literal, since in this
6759 -- case the literal has already been labeled as having the subtype of
6760 -- the target.
6762 and then not
6764 or else
6767 then
6772 -- Here a check is needed. If the expander is not active, or if we are
6773 -- in GNATProve mode, then simply set the Do_Range_Check flag and we
6774 -- are done. In both these cases, we just want to see the range check
6775 -- flag set, we do not want to generate the explicit range check code.
6782 -- Here we will generate an explicit range check, so we don't want to
6783 -- set the Do_Range check flag, since the range check is taken care of
6784 -- by the code we will generate.
6788 -- Force evaluation of the node, so that it does not get evaluated twice
6789 -- (once for the check, once for the actual reference). Such a double
6790 -- evaluation is always a potential source of inefficiency, and is
6791 -- functionally incorrect in the volatile case.
6797 -- The easiest case is when Source_Base_Type and Target_Base_Type are
6798 -- the same since in this case we can simply do a direct check of the
6799 -- value of N against the bounds of Target_Type.
6801 -- [constraint_error when N not in Target_Type]
6803 -- Note: this is by far the most common case, for example all cases of
6804 -- checks on the RHS of assignments are in this category, but not all
6805 -- cases are like this. Notably conversions can involve two types.
6809 -- Insert the explicit range check. Note that we suppress checks for
6810 -- this code, since we don't want a recursive range check popping up.
6814 Condition =>
6821 -- Next test for the case where the target type is within the bounds
6822 -- of the base type of the source type, since in this case we can
6823 -- simply convert these bounds to the base type of T to do the test.
6825 -- [constraint_error when N not in
6826 -- Source_Base_Type (Target_Type'First)
6827 -- ..
6828 -- Source_Base_Type(Target_Type'Last))]
6830 -- The conversions will always work and need no check
6832 -- Unchecked_Convert_To is used instead of Convert_To to handle the case
6833 -- of converting from an enumeration value to an integer type, such as
6834 -- occurs for the case of generating a range check on Enum'Val(Exp)
6835 -- (which used to be handled by gigi). This is OK, since the conversion
6836 -- itself does not require a check.
6840 -- Insert the explicit range check. Note that we suppress checks for
6841 -- this code, since we don't want a recursive range check popping up.
6844 and then
6846 then
6849 Condition =>
6853 Right_Opnd =>
6855 Low_Bound =>
6858 Prefix =>
6862 High_Bound =>
6865 Prefix =>
6871 -- For conversions involving at least one type that is not discrete,
6872 -- first convert to target type and then generate the range check.
6873 -- This avoids problems with values that are close to a bound of the
6874 -- target type that would fail a range check when done in a larger
6875 -- source type before converting but would pass if converted with
6876 -- rounding and then checked (such as in float-to-float conversions).
6878 else
6879 Convert_And_Check_Range;
6882 -- Note that at this stage we now that the Target_Base_Type is not in
6883 -- the range of the Source_Base_Type (since even the Target_Type itself
6884 -- is not in this range). It could still be the case that Source_Type is
6885 -- in range of the target base type since we have not checked that case.
6887 -- If that is the case, we can freely convert the source to the target,
6888 -- and then test the target result against the bounds.
6891 Convert_And_Check_Range;
6893 -- At this stage, we know that we have two scalar types, which are
6894 -- directly convertible, and where neither scalar type has a base
6895 -- range that is in the range of the other scalar type.
6897 -- The only way this can happen is with a signed and unsigned type.
6898 -- So test for these two cases:
6900 else
6901 -- Case of the source is unsigned and the target is signed
6905 then
6906 -- If the source is unsigned and the target is signed, then we
6907 -- know that the source is not shorter than the target (otherwise
6908 -- the source base type would be in the target base type range).
6910 -- In other words, the unsigned type is either the same size as
6911 -- the target, or it is larger. It cannot be smaller.
6913 pragma Assert
6916 -- We only need to check the low bound if the low bound of the
6917 -- target type is non-negative. If the low bound of the target
6918 -- type is negative, then we know that we will fit fine.
6920 -- If the high bound of the target type is negative, then we
6921 -- know we have a constraint error, since we can't possibly
6922 -- have a negative source.
6924 -- With these two checks out of the way, we can do the check
6925 -- using the source type safely
6927 -- This is definitely the most annoying case.
6929 -- [constraint_error
6930 -- when (Target_Type'First >= 0
6931 -- and then
6932 -- N < Source_Base_Type (Target_Type'First))
6933 -- or else Target_Type'Last < 0
6934 -- or else N > Source_Base_Type (Target_Type'Last)];
6936 -- We turn off all checks since we know that the conversions
6937 -- will work fine, given the guards for negative values.
6941 Condition =>
6944 Left_Opnd =>
6947 Left_Opnd =>
6949 Prefix =>
6954 Right_Opnd =>
6957 Right_Opnd =>
6960 Prefix =>
6964 Right_Opnd =>
6966 Left_Opnd =>
6972 Right_Opnd =>
6975 Right_Opnd =>
6984 -- Only remaining possibility is that the source is signed and
6985 -- the target is unsigned.
6987 else
6991 -- If the source is signed and the target is unsigned, then we
6992 -- know that the target is not shorter than the source (otherwise
6993 -- the target base type would be in the source base type range).
6995 -- In other words, the unsigned type is either the same size as
6996 -- the target, or it is larger. It cannot be smaller.
6998 -- Clearly we have an error if the source value is negative since
6999 -- no unsigned type can have negative values. If the source type
7000 -- is non-negative, then the check can be done using the target
7001 -- type.
7003 -- Tnn : constant Target_Base_Type (N) := Target_Type;
7005 -- [constraint_error
7006 -- when N < 0 or else Tnn not in Target_Type];
7008 -- We turn off all checks for the conversion of N to the target
7009 -- base type, since we generate the explicit check to ensure that
7010 -- the value is non-negative
7012 declare
7015 begin
7019 Object_Definition =>
7022 Expression =>
7024 Subtype_Mark =>
7029 Condition =>
7031 Left_Opnd =>
7036 Right_Opnd =>
7039 Right_Opnd =>
7045 -- Set the Etype explicitly, because Insert_Actions may have
7046 -- placed the declaration in the freeze list for an enclosing
7047 -- construct, and thus it is not analyzed yet.
7056 ------------------
7057 -- Get_Check_Id --
7058 ------------------
7061 begin
7062 -- For standard check name, we can do a direct computation
7067 -- For non-standard names added by pragma Check_Name, search table
7069 else
7077 -- No matching name found
7082 ---------------------
7083 -- Get_Discriminal --
7084 ---------------------
7091 begin
7092 -- The bound can be a bona fide parameter of a protected operation,
7093 -- rather than a prival encoded as an in-parameter.
7099 -- Climb the scope stack looking for an enclosing protected type. If
7100 -- we run out of scopes, return the bound itself.
7125 ----------------------
7126 -- Get_Range_Checks --
7127 ----------------------
7129 function Get_Range_Checks
7134 is
7135 begin
7136 return
7140 ------------------
7141 -- Guard_Access --
7142 ------------------
7144 function Guard_Access
7148 is
7149 begin
7157 else
7158 return
7160 Left_Opnd =>
7168 -----------------------------
7169 -- Index_Checks_Suppressed --
7170 -----------------------------
7173 begin
7176 else
7181 ----------------
7182 -- Initialize --
7183 ----------------
7186 begin
7198 -------------------------
7199 -- Insert_Range_Checks --
7200 -------------------------
7202 procedure Insert_Range_Checks
7209 is
7212 or else
7219 begin
7220 -- For now we just return if Checks_On is false, however this should be
7221 -- enhanced to check for an always True value in the condition and to
7222 -- generate a compilation warning???
7241 then
7248 else
7255 else
7256 Check_Node :=
7263 else
7270 ------------------------
7271 -- Insert_Valid_Check --
7272 ------------------------
7274 procedure Insert_Valid_Check
7279 is
7284 begin
7285 -- Do not insert if checks off, or if not checking validity or if
7286 -- expression is known to be valid.
7288 if not Validity_Checks_On
7291 then
7294 -- Do not insert checks within a predicate function. This will arise
7295 -- if the current unit and the predicate function are being compiled
7296 -- with validity checks enabled.
7300 then
7303 -- If the expression is a packed component of a modular type of the
7304 -- right size, the data is always valid.
7310 then
7313 -- Do not generate a validity check when inside a generic unit as this
7314 -- is an expansion activity.
7320 -- If we have a checked conversion, then validity check applies to
7321 -- the expression inside the conversion, not the result, since if
7322 -- the expression inside is valid, then so is the conversion result.
7329 -- Do not generate a check for a variable which already validates the
7330 -- value of an assignable object.
7336 -- We are about to insert the validity check for Exp. We save and
7337 -- reset the Do_Range_Check flag over this validity check, and then
7338 -- put it back for the final original reference (Exp may be rewritten).
7340 declare
7348 begin
7351 -- If the expression denotes an assignable object, capture its value
7352 -- in a variable and replace the original expression by the variable.
7353 -- This approach has several effects:
7355 -- 1) The evaluation of the object results in only one read in the
7356 -- case where the object is atomic or volatile.
7358 -- Var ... := Object; -- read
7360 -- 2) The captured value is the one verified by attribute 'Valid.
7361 -- As a result the object is not evaluated again, which would
7362 -- result in an unwanted read in the case where the object is
7363 -- atomic or volatile.
7365 -- if not Var'Valid then -- OK, no read of Object
7367 -- if not Object'Valid then -- Wrong, extra read of Object
7369 -- 3) The captured value replaces the original object reference.
7370 -- As a result the object is not evaluated again, in the same
7371 -- vein as 2).
7373 -- ... Var ... -- OK, no read of Object
7375 -- ... Object ... -- Wrong, extra read of Object
7377 -- 4) The use of a variable to capture the value of the object
7378 -- allows the propagation of any changes back to the original
7379 -- object.
7381 -- procedure Call (Val : in out ...);
7383 -- Var : ... := Object; -- read Object
7384 -- if not Var'Valid then -- validity check
7385 -- Call (Var); -- modify Var
7386 -- Object := Var; -- update Object
7402 -- Otherwise the expression does not denote a variable. Force its
7403 -- evaluation by capturing its value in a constant. Generate:
7405 -- Temp : constant ... := Exp;
7407 else
7408 Force_Evaluation
7417 -- A rather specialized test. If PV is an analyzed expression which
7418 -- is an indexed component of a packed array that has not been
7419 -- properly expanded, turn off its Analyzed flag to make sure it
7420 -- gets properly reexpanded. If the prefix is an access value,
7421 -- the dereference will be added later.
7423 -- The reason this arises is that Duplicate_Subexpr_No_Checks did
7424 -- an analyze with the old parent pointer. This may point e.g. to
7425 -- a subprogram call, which deactivates this expansion.
7431 then
7435 -- Build the raise CE node to check for validity. We build a type
7436 -- qualification for the prefix, since it may not be of the form of
7437 -- a name, and we don't care in this context!
7439 CE :=
7441 Condition =>
7443 Right_Opnd =>
7449 -- Insert the validity check. Note that we do this with validity
7450 -- checks turned off, to avoid recursion, we do not want validity
7451 -- checks on the validity checking code itself.
7455 -- If the expression is a reference to an element of a bit-packed
7456 -- array, then it is rewritten as a renaming declaration. If the
7457 -- expression is an actual in a call, it has not been expanded,
7458 -- waiting for the proper point at which to do it. The same happens
7459 -- with renamings, so that we have to force the expansion now. This
7460 -- non-local complication is due to code in exp_ch2,adb, exp_ch4.adb
7461 -- and exp_ch6.adb.
7465 N_Object_Renaming_Declaration
7466 then
7467 declare
7469 begin
7472 then
7478 -- Put back the Do_Range_Check flag on the resulting (possibly
7479 -- rewritten) expression.
7481 -- Note: it might be thought that a validity check is not required
7482 -- when a range check is present, but that's not the case, because
7483 -- the back end is allowed to assume for the range check that the
7484 -- operand is within its declared range (an assumption that validity
7485 -- checking is all about NOT assuming).
7487 -- Note: no need to worry about Possible_Local_Raise here, it will
7488 -- already have been called if original node has Do_Range_Check set.
7494 -------------------------------------
7495 -- Is_Signed_Integer_Arithmetic_Op --
7496 -------------------------------------
7499 begin
7501 when N_Op_Abs
7502 | N_Op_Add
7503 | N_Op_Divide
7504 | N_Op_Expon
7505 | N_Op_Minus
7506 | N_Op_Mod
7507 | N_Op_Multiply
7508 | N_Op_Plus
7509 | N_Op_Rem
7510 | N_Op_Subtract
7511 =>
7514 when N_Case_Expression
7515 | N_If_Expression
7516 =>
7524 ----------------------------------
7525 -- Install_Null_Excluding_Check --
7526 ----------------------------------
7533 -- Determines if it is safe to capture Known_Non_Null status for an
7534 -- the entity referenced by node N. The caller ensures that N is indeed
7535 -- an entity name. It is safe to capture the non-null status for an IN
7536 -- parameter when the reference occurs within a declaration that is sure
7537 -- to be executed as part of the declarative region.
7540 -- After installation of check, if the node in question is an entity
7541 -- name, then mark this entity as non-null if possible.
7548 begin
7553 -- Two initial context checks. We must be inside a subprogram body
7554 -- with declarations and reference must not appear in nested scopes.
7558 then
7566 then
7570 declare
7574 begin
7575 -- Retrieve the declaration node of N (if any). Note that N
7576 -- may be a part of a complex initialization expression.
7582 -- If we have a short circuit form, and we are within the right
7583 -- hand expression, we return false, since the right hand side
7584 -- is not guaranteed to be elaborated.
7588 then
7592 -- Similarly, if we are in an if expression and not part of the
7593 -- condition, then we return False, since neither the THEN or
7594 -- ELSE dependent expressions will always be elaborated.
7598 then
7602 -- If within a case expression, and not part of the expression,
7603 -- then return False, since a particular dependent expression
7604 -- may not always be elaborated
7608 then
7612 -- While traversing the parent chain, if node N belongs to a
7613 -- statement, then it may never appear in a declarative region.
7617 then
7621 -- If we are at a declaration, record it and exit
7625 then
7641 -------------------
7642 -- Mark_Non_Null --
7643 -------------------
7646 begin
7647 -- Only case of interest is if node N is an entity name
7651 -- For sure, we want to clear an indication that this is known to
7652 -- be null, since if we get past this check, it definitely is not.
7656 -- We can mark the entity as known to be non-null if either it is
7657 -- safe to capture the value, or in the case of an IN parameter,
7658 -- which is a constant, if the check we just installed is in the
7659 -- declarative region of the subprogram body. In this latter case,
7660 -- a check is decisive for the rest of the body if the expression
7661 -- is sure to be elaborated, since we know we have to elaborate
7662 -- all declarations before executing the body.
7664 -- Couldn't this always be part of Safe_To_Capture_Value ???
7667 or else Safe_To_Capture_In_Parameter_Value
7668 then
7674 -- Start of processing for Install_Null_Excluding_Check
7676 begin
7679 -- No check inside a generic, check will be emitted in instance
7685 -- No check needed if known to be non-null
7691 -- If known to be null, here is where we generate a compile time check
7695 -- Avoid generating warning message inside init procs. In SPARK mode
7696 -- we can go ahead and call Apply_Compile_Time_Constraint_Error
7697 -- since it will be turned into an error in any case.
7701 -- Do not emit the warning within a conditional expression,
7702 -- where the expression might not be evaluated, and the warning
7703 -- appear as extraneous noise.
7706 then
7707 Apply_Compile_Time_Constraint_Error
7710 -- Remaining cases, where we silently insert the raise
7712 else
7718 Mark_Non_Null;
7722 -- If entity is never assigned, for sure a warning is appropriate
7728 -- No check needed if checks are suppressed on the range. Note that we
7729 -- don't set Is_Known_Non_Null in this case (we could legitimately do
7730 -- so, since the program is erroneous, but we don't like to casually
7731 -- propagate such conclusions from erroneosity).
7737 -- No check needed for access to concurrent record types generated by
7738 -- the expander. This is not just an optimization (though it does indeed
7739 -- remove junk checks). It also avoids generation of junk warnings.
7743 and then Is_Concurrent_Record_Type
7745 then
7749 -- No check needed in interface thunks since the runtime check is
7750 -- already performed at the caller side.
7756 -- No check needed for the Get_Current_Excep.all.all idiom generated by
7757 -- the expander within exception handlers, since we know that the value
7758 -- can never be null.
7760 -- Is this really the right way to do this? Normally we generate such
7761 -- code in the expander with checks off, and that's how we suppress this
7762 -- kind of junk check ???
7768 then
7772 -- Otherwise install access check
7776 Condition =>
7782 Mark_Non_Null;
7785 -----------------------------------------
7786 -- Install_Primitive_Elaboration_Check --
7787 -----------------------------------------
7790 function Within_Compilation_Unit_Instance
7792 -- Determine whether subprogram Subp_Id appears within an instance which
7793 -- acts as a compilation unit.
7795 --------------------------------------
7796 -- Within_Compilation_Unit_Instance --
7797 --------------------------------------
7799 function Within_Compilation_Unit_Instance
7801 is
7804 begin
7805 -- Examine the scope chain looking for a compilation-unit-level
7806 -- instance.
7813 N_Compilation_Unit
7814 then
7824 -- Local declarations
7836 -- Start of processing for Install_Primitive_Elaboration_Check
7838 begin
7839 -- Do not generate an elaboration check in compilation modes where
7840 -- expansion is not desirable.
7845 -- Do not generate an elaboration check if all checks have been
7846 -- suppressed.
7851 -- Do not generate an elaboration check if the related subprogram is
7852 -- not subjected to accessibility checks.
7857 -- Do not generate an elaboration check if such code is not desirable
7862 -- Do not consider subprograms which act as compilation units, because
7863 -- they cannot be the target of a dispatching call.
7868 -- Only nonabstract library-level source primitives are considered for
7869 -- this check.
7871 elsif not
7876 then
7879 -- Do not consider inlined primitives, because once the body is inlined
7880 -- the reference to the elaboration flag will be out of place and will
7881 -- result in an undefined symbol.
7886 -- Do not generate a duplicate elaboration check. This happens only in
7887 -- the case of primitives completed by an expression function, as the
7888 -- corresponding body is apparently analyzed and expanded twice.
7893 -- Do not consider primitives which occur within an instance that acts
7894 -- as a compilation unit. Such an instance defines its spec and body out
7895 -- of order (body is first) within the tree, which causes the reference
7896 -- to the elaboration flag to appear as an undefined symbol.
7904 -- Only tagged primitives may be the target of a dispatching call
7909 -- Do not consider finalization-related primitives, because they may
7910 -- need to be called while elaboration is taking place.
7914 Name_Finalize,
7915 Name_Initialize)
7916 then
7920 -- Create the declaration of the elaboration flag. The name carries a
7921 -- unique counter in case of name overloading.
7923 Flag_Id :=
7928 -- Insert the declaration of the elaboration flag in front of the
7929 -- primitive spec and analyze it in the proper context.
7933 -- Generate:
7934 -- F : Boolean := False;
7941 Pop_Scope;
7943 -- Prevent the compiler from optimizing the elaboration check by killing
7944 -- the current value of the flag and the associated assignment.
7949 -- Add a check at the top of the body declarations to ensure that the
7950 -- elaboration flag has been set.
7959 -- Generate:
7960 -- if not F then
7961 -- raise Program_Error with "access before elaboration";
7962 -- end if;
7966 Condition =>
7973 -- Set the elaboration flag once the body has been elaborated. Insert
7974 -- the statement after the subprogram stub when the primitive body is
7975 -- a subunit.
7979 else
7983 -- Generate:
7984 -- F := True;
7992 --------------------------
7993 -- Install_Static_Check --
7994 --------------------------
8000 begin
8009 -- Now deal with possible local raise handling
8014 -------------------------
8015 -- Is_Check_Suppressed --
8016 -------------------------
8021 begin
8022 -- First search the local entity suppress stack. We search this from the
8023 -- top of the stack down so that we get the innermost entry that applies
8024 -- to this case if there are nested entries.
8030 then
8037 -- Now search the global entity suppress table for a matching entry.
8038 -- We also search this from the top down so that if there are multiple
8039 -- pragmas for the same entity, the last one applies (not clear what
8040 -- or whether the RM specifies this handling, but it seems reasonable).
8046 then
8053 -- If we did not find a matching entry, then use the normal scope
8054 -- suppress value after all (actually this will be the global setting
8055 -- since it clearly was not overridden at any point). For a predefined
8056 -- check, we test the specific flag. For a user defined check, we check
8057 -- the All_Checks flag. The Overflow flag requires special handling to
8058 -- deal with the General vs Assertion case
8064 else
8069 ---------------------
8070 -- Kill_All_Checks --
8071 ---------------------
8074 begin
8079 -- We reset the number of saved checks to zero, and also modify all
8080 -- stack entries for statement ranges to indicate that the number of
8081 -- checks at each level is now zero.
8085 -- Note: the Int'Min here avoids any possibility of J being out of
8086 -- range when called from e.g. Conditional_Statements_Begin.
8093 -----------------
8094 -- Kill_Checks --
8095 -----------------
8098 begin
8114 ------------------------------
8115 -- Length_Checks_Suppressed --
8116 ------------------------------
8119 begin
8122 else
8127 -----------------------
8128 -- Make_Bignum_Block --
8129 -----------------------
8133 begin
8134 return
8136 Declarations =>
8138 Handled_Statement_Sequence =>
8143 ----------------------------------
8144 -- Minimize_Eliminate_Overflows --
8145 ----------------------------------
8147 -- This is a recursive routine that is called at the top of an expression
8148 -- tree to properly process overflow checking for a whole subtree by making
8149 -- recursive calls to process operands. This processing may involve the use
8150 -- of bignum or long long integer arithmetic, which will change the types
8151 -- of operands and results. That's why we can't do this bottom up (since
8152 -- it would interfere with semantic analysis).
8154 -- What happens is that if MINIMIZED/ELIMINATED mode is in effect then
8155 -- the operator expansion routines, as well as the expansion routines for
8156 -- if/case expression, do nothing (for the moment) except call the routine
8157 -- to apply the overflow check (Apply_Arithmetic_Overflow_Check). That
8158 -- routine does nothing for non top-level nodes, so at the point where the
8159 -- call is made for the top level node, the entire expression subtree has
8160 -- not been expanded, or processed for overflow. All that has to happen as
8161 -- a result of the top level call to this routine.
8163 -- As noted above, the overflow processing works by making recursive calls
8164 -- for the operands, and figuring out what to do, based on the processing
8165 -- of these operands (e.g. if a bignum operand appears, the parent op has
8166 -- to be done in bignum mode), and the determined ranges of the operands.
8168 -- After possible rewriting of a constituent subexpression node, a call is
8169 -- made to either reexpand the node (if nothing has changed) or reanalyze
8170 -- the node (if it has been modified by the overflow check processing). The
8171 -- Analyzed_Flag is set to False before the reexpand/reanalyze. To avoid
8172 -- a recursive call into the whole overflow apparatus, an important rule
8173 -- for this call is that the overflow handling mode must be temporarily set
8174 -- to STRICT.
8176 procedure Minimize_Eliminate_Overflows
8181 is
8184 -- Result type, must be a signed integer type
8192 -- Ranges of values for right operand (operator case)
8196 -- Ranges of values for left operand (operator case)
8199 -- Operands and results are of this type when we convert
8203 -- Bounds of Long_Long_Integer
8206 -- Indicates binary operator case
8209 -- Used in call to Determine_Range
8212 -- Set True if one or more operands is already of type Bignum, meaning
8213 -- that for sure (regardless of Top_Level setting) we are committed to
8214 -- doing the operation in Bignum mode (or in the case of a case or if
8215 -- expression, converting all the dependent expressions to Bignum).
8218 -- Set True if one or more operands is already of type Long_Long_Integer
8219 -- which means that if the result is known to be in the result type
8220 -- range, then we must convert such operands back to the result type.
8223 -- This is called when we have modified the node and we therefore need
8224 -- to reanalyze it. It is important that we reset the mode to STRICT for
8225 -- this reanalysis, since if we leave it in MINIMIZED or ELIMINATED mode
8226 -- we would reenter this routine recursively which would not be good.
8227 -- The argument Suppress is set True if we also want to suppress
8228 -- overflow checking for the reexpansion (this is set when we know
8229 -- overflow is not possible). Typ is the type for the reanalysis.
8232 -- This is like Reanalyze, but does not do the Analyze step, it only
8233 -- does a reexpansion. We do this reexpansion in STRICT mode, so that
8234 -- instead of reentering the MINIMIZED/ELIMINATED mode processing, we
8235 -- follow the normal expansion path (e.g. converting A**4 to A**2**2).
8236 -- Note that skipping reanalysis is not just an optimization, testing
8237 -- has showed up several complex cases in which reanalyzing an already
8238 -- analyzed node causes incorrect behavior.
8241 -- Returns True iff Lo .. Hi are within range of the result type
8244 -- If A is No_Uint, sets A to B, else to UI_Max (A, B)
8247 -- If A is No_Uint, sets A to B, else to UI_Min (A, B)
8249 ---------------------
8250 -- In_Result_Range --
8251 ---------------------
8254 begin
8260 and then
8263 else
8265 and then
8270 ---------
8271 -- Max --
8272 ---------
8275 begin
8281 ---------
8282 -- Min --
8283 ---------
8286 begin
8292 ---------------
8293 -- Reanalyze --
8294 ---------------
8304 begin
8319 --------------
8320 -- Reexpand --
8321 --------------
8331 begin
8347 -- Start of processing for Minimize_Eliminate_Overflows
8349 begin
8350 -- Case where we do not have a signed integer arithmetic operation
8354 -- Use the normal Determine_Range routine to get the range. We
8355 -- don't require operands to be valid, invalid values may result in
8356 -- rubbish results where the result has not been properly checked for
8357 -- overflow, that's fine.
8361 -- If Determine_Range did not work (can this in fact happen? Not
8362 -- clear but might as well protect), use type bounds.
8369 -- If we don't have a binary operator, all we have to do is to set
8370 -- the Hi/Lo range, so we are done.
8374 -- Processing for if expression
8377 declare
8381 begin
8384 Minimize_Eliminate_Overflows
8391 Minimize_Eliminate_Overflows
8396 else
8397 Long_Long_Integer_Operands :=
8404 -- If at least one of our operands is now Bignum, we must rebuild
8405 -- the if expression to use Bignum operands. We will analyze the
8406 -- rebuilt if expression with overflow checks off, since once we
8407 -- are in bignum mode, we are all done with overflow checks.
8420 -- If we have no Long_Long_Integer operands, then we are in result
8421 -- range, since it means that none of our operands felt the need
8422 -- to worry about overflow (otherwise it would have already been
8423 -- converted to long long integer or bignum). We reexpand to
8424 -- complete the expansion of the if expression (but we do not
8425 -- need to reanalyze).
8429 Reexpand;
8431 -- Otherwise convert us to long long integer mode. Note that we
8432 -- don't need any further overflow checking at this level.
8434 else
8439 -- Now reanalyze with overflow checks off
8448 -- Here for case expression
8454 declare
8457 begin
8458 -- Loop through expressions applying recursive call
8462 declare
8465 begin
8466 Minimize_Eliminate_Overflows
8479 -- If we have no bignum or long long integer operands, it means
8480 -- that none of our dependent expressions could raise overflow.
8481 -- In this case, we simply return with no changes except for
8482 -- resetting the overflow flag, since we are done with overflow
8483 -- checks for this node. We will reexpand to get the needed
8484 -- expansion for the case expression, but we do not need to
8485 -- reanalyze, since nothing has changed.
8491 -- Otherwise we are going to rebuild the case expression using
8492 -- either bignum or long long integer operands throughout.
8494 else
8495 declare
8501 begin
8508 else
8535 -- If we have an arithmetic operator we make recursive calls on the
8536 -- operands to get the ranges (and to properly process the subtree
8537 -- that lies below us).
8539 Minimize_Eliminate_Overflows
8543 Minimize_Eliminate_Overflows
8547 -- Record if we have Long_Long_Integer operands
8549 Long_Long_Integer_Operands :=
8553 -- If either operand is a bignum, then result will be a bignum and we
8554 -- don't need to do any range analysis. As previously discussed we could
8555 -- do range analysis in such cases, but it could mean working with giant
8556 -- numbers at compile time for very little gain (the number of cases
8557 -- in which we could slip back from bignum mode is small).
8564 -- Otherwise compute result range
8566 else
8571 -- Absolute value
8577 -- Addition
8583 -- Division
8587 -- If the right operand can only be zero, set 0..0
8593 -- Possible bounds of division must come from dividing end
8594 -- values of the input ranges (four possibilities), provided
8595 -- zero is not included in the possible values of the right
8596 -- operand.
8598 -- Otherwise, we just consider two intervals of values for
8599 -- the right operand: the interval of negative values (up to
8600 -- -1) and the interval of positive values (starting at 1).
8601 -- Since division by 1 is the identity, and division by -1
8602 -- is negation, we get all possible bounds of division in that
8603 -- case by considering:
8604 -- - all values from the division of end values of input
8605 -- ranges;
8606 -- - the end values of the left operand;
8607 -- - the negation of the end values of the left operand.
8609 else
8610 declare
8612 -- Mark so we can release the RR and Ev values
8619 begin
8620 -- Discard extreme values of zero for the divisor, since
8621 -- they will simply result in an exception in any case.
8629 -- Compute possible bounds coming from dividing end
8630 -- values of the input ranges.
8640 -- If the right operand can be both negative or positive,
8641 -- include the end values of the left operand in the
8642 -- extreme values, as well as their negation.
8656 -- Release the RR and Ev values
8662 -- Exponentiation
8666 -- Discard negative values for the exponent, since they will
8667 -- simply result in an exception in any case.
8675 -- Estimate number of bits in result before we go computing
8676 -- giant useless bounds. Basically the number of bits in the
8677 -- result is the number of bits in the base multiplied by the
8678 -- value of the exponent. If this is big enough that the result
8679 -- definitely won't fit in Long_Long_Integer, switch to bignum
8680 -- mode immediately, and avoid computing giant bounds.
8682 -- The comparison here is approximate, but conservative, it
8683 -- only clicks on cases that are sure to exceed the bounds.
8689 -- If right operand is zero then result is 1
8695 else
8696 -- High bound comes either from exponentiation of largest
8697 -- positive value to largest exponent value, or from
8698 -- the exponentiation of most negative value to an
8699 -- even exponent.
8701 declare
8704 begin
8707 else
8714 else
8717 else
8724 -- Result can only be negative if base can be negative
8729 else
8733 -- Otherwise low bound is minimum ** minimum
8735 else
8740 -- Negation
8746 -- Mod
8749 declare
8751 -- This is the maximum absolute value of the result
8753 begin
8757 -- The result depends only on the sign and magnitude of
8758 -- the right operand, it does not depend on the sign or
8759 -- magnitude of the left operand.
8770 -- Multiplication
8774 -- Possible bounds of multiplication must come from multiplying
8775 -- end values of the input ranges (four possibilities).
8777 declare
8779 -- Mark so we can release the Ev values
8786 begin
8790 -- Release the Ev values
8795 -- Plus operator (affirmation)
8801 -- Remainder
8804 declare
8806 -- This is the maximum absolute value of the result. Note
8807 -- that the result range does not depend on the sign of the
8808 -- right operand.
8810 begin
8814 -- Case of left operand negative, which results in a range
8815 -- of -Maxabs .. 0 for those negative values. If there are
8816 -- no negative values then Lo value of result is always 0.
8822 -- Case of left operand positive
8829 -- Subtract
8835 -- Nothing else should be possible
8842 -- Here for the case where we have not rewritten anything (no bignum
8843 -- operands or long long integer operands), and we know the result.
8844 -- If we know we are in the result range, and we do not have Bignum
8845 -- operands or Long_Long_Integer operands, we can just reexpand with
8846 -- overflow checks turned off (since we know we cannot have overflow).
8847 -- As always the reexpansion is required to complete expansion of the
8848 -- operator, but we do not need to reanalyze, and we prevent recursion
8849 -- by suppressing the check.
8852 and then In_Result_Range
8853 then
8858 -- Here we know that we are not in the result range, and in the general
8859 -- case we will move into either the Bignum or Long_Long_Integer domain
8860 -- to compute the result. However, there is one exception. If we are
8861 -- at the top level, and we do not have Bignum or Long_Long_Integer
8862 -- operands, we will have to immediately convert the result back to
8863 -- the result type, so there is no point in Bignum/Long_Long_Integer
8864 -- fiddling.
8866 elsif Top_Level
8869 -- One further refinement. If we are at the top level, but our parent
8870 -- is a type conversion, then go into bignum or long long integer node
8871 -- since the result will be converted to that type directly without
8872 -- going through the result type, and we may avoid an overflow. This
8873 -- is the case for example of Long_Long_Integer (A ** 4), where A is
8874 -- of type Integer, and the result A ** 4 fits in Long_Long_Integer
8875 -- but does not fit in Integer.
8878 then
8879 -- Here keep original types, but we need to complete analysis
8881 -- One subtlety. We can't just go ahead and do an analyze operation
8882 -- here because it will cause recursion into the whole MINIMIZED/
8883 -- ELIMINATED overflow processing which is not what we want. Here
8884 -- we are at the top level, and we need a check against the result
8885 -- mode (i.e. we want to use STRICT mode). So do exactly that.
8886 -- Also, we have not modified the node, so this is a case where
8887 -- we need to reexpand, but not reanalyze.
8889 Reexpand;
8892 -- Cases where we do the operation in Bignum mode. This happens either
8893 -- because one of our operands is in Bignum mode already, or because
8894 -- the computed bounds are outside the bounds of Long_Long_Integer,
8895 -- which in some cases can be indicated by Hi and Lo being No_Uint.
8897 -- Note: we could do better here and in some cases switch back from
8898 -- Bignum mode to normal mode, e.g. big mod 2 must be in the range
8899 -- 0 .. 1, but the cases are rare and it is not worth the effort.
8900 -- Failing to do this switching back is only an efficiency issue.
8904 -- OK, we are definitely outside the range of Long_Long_Integer. The
8905 -- question is whether to move to Bignum mode, or stay in the domain
8906 -- of Long_Long_Integer, signalling that an overflow check is needed.
8908 -- Obviously in MINIMIZED mode we stay with LLI, since we are not in
8909 -- the Bignum business. In ELIMINATED mode, we will normally move
8910 -- into Bignum mode, but there is an exception if neither of our
8911 -- operands is Bignum now, and we are at the top level (Top_Level
8912 -- set True). In this case, there is no point in moving into Bignum
8913 -- mode to prevent overflow if the caller will immediately convert
8914 -- the Bignum value back to LLI with an overflow check. It's more
8915 -- efficient to stay in LLI mode with an overflow check (if needed)
8919 then
8924 -- The result now has to be in Long_Long_Integer mode, so adjust
8925 -- the possible range to reflect this. Note these calls also
8926 -- change No_Uint values from the top level case to LLI bounds.
8931 -- Otherwise we are in ELIMINATED mode and we switch to Bignum mode
8933 else
8936 declare
8940 begin
8969 -- Anything else is an internal error, this includes the
8970 -- N_Op_Plus case, since how can plus cause the result
8971 -- to be out of range if the operand is in range?
8977 -- Construct argument list for Bignum call, converting our
8978 -- operands to Bignum form if they are not already there.
8988 -- Now rewrite the arithmetic operator with a call to the
8989 -- corresponding bignum function.
8997 -- Indicate result is Bignum mode
9005 -- Otherwise we are in range of Long_Long_Integer, so no overflow
9006 -- check is required, at least not yet.
9008 else
9012 -- Here we are not in Bignum territory, but we may have long long
9013 -- integer operands that need special handling. First a special check:
9014 -- If an exponentiation operator exponent is of type Long_Long_Integer,
9015 -- it means we converted it to prevent overflow, but exponentiation
9016 -- requires a Natural right operand, so convert it back to Natural.
9017 -- This conversion may raise an exception which is fine.
9023 -- Here we will do the operation in Long_Long_Integer. We do this even
9024 -- if we know an overflow check is required, better to do this in long
9025 -- long integer mode, since we are less likely to overflow.
9027 -- Convert right or only operand to Long_Long_Integer, except that
9028 -- we do not touch the exponentiation right operand.
9034 -- Convert left operand to Long_Long_Integer for binary case
9040 -- Reset node to unanalyzed
9046 -- Now analyze this new node. This reanalysis will complete processing
9047 -- for the node. In particular we will complete the expansion of an
9048 -- exponentiation operator (e.g. changing A ** 2 to A * A), and also
9049 -- we will complete any division checks (since we have not changed the
9050 -- setting of the Do_Division_Check flag).
9052 -- We do this reanalysis in STRICT mode to avoid recursion into the
9053 -- MINIMIZED/ELIMINATED handling, since we are now done with that.
9055 declare
9061 begin
9067 else
9076 -------------------------
9077 -- Overflow_Check_Mode --
9078 -------------------------
9081 begin
9084 else
9089 --------------------------------
9090 -- Overflow_Checks_Suppressed --
9091 --------------------------------
9094 begin
9097 else
9102 ---------------------------------
9103 -- Predicate_Checks_Suppressed --
9104 ---------------------------------
9107 begin
9110 else
9115 -----------------------------
9116 -- Range_Checks_Suppressed --
9117 -----------------------------
9120 begin
9133 -----------------------------------------
9134 -- Range_Or_Validity_Checks_Suppressed --
9135 -----------------------------------------
9137 -- Note: the coding would be simpler here if we simply made appropriate
9138 -- calls to Range/Validity_Checks_Suppressed, but that would result in
9139 -- duplicated checks which we prefer to avoid.
9141 function Range_Or_Validity_Checks_Suppressed
9143 is
9144 begin
9145 -- Immediate return if scope checks suppressed for either check
9148 or
9150 then
9154 -- If no expression, that's odd, decide that checks are suppressed,
9155 -- since we don't want anyone trying to do checks in this case, which
9156 -- is most likely the result of some other error.
9162 -- Expression is present, so perform suppress checks on type
9164 declare
9166 begin
9169 or else
9171 then
9176 -- If expression is an entity name, perform checks on this entity
9179 declare
9181 begin
9189 -- If we fall through, no checks suppressed
9194 -------------------
9195 -- Remove_Checks --
9196 -------------------
9200 -- Process a single node during the traversal
9203 -- The traversal procedure itself
9205 -------------
9206 -- Process --
9207 -------------
9210 begin
9273 -- Start of processing for Remove_Checks
9275 begin
9279 ----------------------------
9280 -- Selected_Length_Checks --
9281 ----------------------------
9283 function Selected_Length_Checks
9288 is
9301 -- Adds the action given to Ret_Result if N is non-Empty
9305 -- Comments required ???
9308 -- True for equal literals and for nodes that denote the same constant
9309 -- entity, even if its value is not a static constant. This includes the
9310 -- case of a discriminal reference within an init proc. Removes some
9311 -- obviously superfluous checks.
9313 function Length_E_Cond
9317 -- Returns expression to compute:
9318 -- Typ'Length /= Exptyp'Length
9320 function Length_N_Cond
9324 -- Returns expression to compute:
9325 -- Typ'Length /= Expr'Length
9327 ---------------
9328 -- Add_Check --
9329 ---------------
9332 begin
9335 -- For now, ignore attempt to place more than two checks ???
9336 -- This is really worrisome, are we really discarding checks ???
9348 ------------------
9349 -- Get_E_Length --
9350 ------------------
9357 begin
9360 then
9370 return
9378 and then not Inside_Init_Proc
9379 then
9380 -- If the type whose length is needed is a private component
9381 -- constrained by a discriminant, we must expand the 'Length
9382 -- attribute into an explicit computation, using the discriminal
9383 -- of the current protected operation. This is because the actual
9384 -- type of the prival is constructed after the protected opera-
9385 -- tion has been fully expanded.
9387 declare
9393 begin
9404 then
9411 then
9425 N :=
9427 Left_Opnd =>
9435 else
9436 N :=
9439 Prefix =>
9451 else
9452 N :=
9455 Prefix =>
9467 ------------------
9468 -- Get_N_Length --
9469 ------------------
9472 begin
9473 return
9476 Prefix =>
9482 -------------------
9483 -- Length_E_Cond --
9484 -------------------
9486 function Length_E_Cond
9490 is
9491 begin
9492 return
9498 -------------------
9499 -- Length_N_Cond --
9500 -------------------
9502 function Length_N_Cond
9506 is
9507 begin
9508 return
9514 -----------------
9515 -- Same_Bounds --
9516 -----------------
9519 begin
9520 return
9525 or else
9530 or else
9535 or else
9542 or else
9550 -- Start of processing for Selected_Length_Checks
9552 begin
9553 -- Checks will be applied only when generating code
9562 then
9574 else
9587 -- A simple optimization for the null case
9597 -- The checking code to be generated will freeze the corresponding
9598 -- array type. However, we must freeze the type now, so that the
9599 -- freeze node does not appear within the generated if expression,
9600 -- but ahead of it.
9611 -- String_Literal case. This needs to be handled specially be-
9612 -- cause no index types are available for string literals. The
9613 -- condition is simply:
9615 -- T_Typ'Length = string-literal-length
9619 then
9620 Cond :=
9623 Right_Opnd =>
9625 Intval =>
9628 -- General array case. Here we have a usable actual subtype for
9629 -- the expression, and the condition is built from the two types
9630 -- (Do_Length):
9632 -- T_Typ'Length /= Exptyp'Length or else
9633 -- T_Typ'Length (2) /= Exptyp'Length (2) or else
9634 -- T_Typ'Length (3) /= Exptyp'Length (3) or else
9635 -- ...
9638 declare
9651 begin
9652 -- At the library level, we need to ensure that the type of
9653 -- the object is elaborated before the check itself is
9654 -- emitted. This is only done if the object is in the
9655 -- current compilation unit, otherwise the type is frozen
9656 -- and elaborated in its unit.
9659 and then
9661 and then
9664 then
9675 or else
9677 then
9681 -- Deal with compile time length check. Note that we
9682 -- skip this in the access case, because the access
9683 -- value may be null, so we cannot know statically.
9685 if not Do_Access
9690 then
9694 else
9701 else
9706 Add_Check
9707 (Compile_Time_Constraint_Error
9711 Add_Check
9712 (Compile_Time_Constraint_Error
9716 -- The comparison for an individual index subtype
9717 -- is omitted if the corresponding index subtypes
9718 -- statically match, since the result is known to
9719 -- be true. Note that this test is worth while even
9720 -- though we do static evaluation, because non-static
9721 -- subtypes can statically match.
9723 elsif not
9724 Subtypes_Statically_Match
9727 and then not
9730 then
9731 Evolve_Or_Else
9741 -- Handle cases where we do not get a usable actual subtype that
9742 -- is constrained. This happens for example in the function call
9743 -- and explicit dereference cases. In these cases, we have to get
9744 -- the length or range from the expression itself, making sure we
9745 -- do not evaluate it more than once.
9747 -- Here Ck_Node is the original expression, or more properly the
9748 -- result of applying Duplicate_Expr to the original tree, forcing
9749 -- the result to be a name.
9751 else
9752 declare
9755 begin
9756 -- Build the condition for the explicit dereference case
9759 Evolve_Or_Else
9767 -- Construct the test and insert into the tree
9774 Add_Check
9783 ---------------------------
9784 -- Selected_Range_Checks --
9785 ---------------------------
9787 function Selected_Range_Checks
9792 is
9805 -- Adds the action given to Ret_Result if N is non-Empty
9807 function Discrete_Range_Cond
9810 -- Returns expression to compute:
9811 -- Low_Bound (Expr) < Typ'First
9812 -- or else
9813 -- High_Bound (Expr) > Typ'Last
9815 function Discrete_Expr_Cond
9818 -- Returns expression to compute:
9819 -- Expr < Typ'First
9820 -- or else
9821 -- Expr > Typ'Last
9823 function Get_E_First_Or_Last
9828 -- Returns an attribute reference
9829 -- E'First or E'Last
9830 -- with a source location of Loc.
9831 --
9832 -- Nam is Name_First or Name_Last, according to which attribute is
9833 -- desired. If Indx is non-zero, it is passed as a literal in the
9834 -- Expressions of the attribute reference (identifying the desired
9835 -- array dimension).
9839 -- Returns expression to compute:
9840 -- N'First or N'Last using Duplicate_Subexpr_No_Checks
9842 function Range_E_Cond
9847 -- Returns expression to compute:
9848 -- Exptyp'First < Typ'First or else Exptyp'Last > Typ'Last
9850 function Range_Equal_E_Cond
9854 -- Returns expression to compute:
9855 -- Exptyp'First /= Typ'First or else Exptyp'Last /= Typ'Last
9857 function Range_N_Cond
9861 -- Return expression to compute:
9862 -- Expr'First < Typ'First or else Expr'Last > Typ'Last
9864 ---------------
9865 -- Add_Check --
9866 ---------------
9869 begin
9872 -- For now, ignore attempt to place more than 2 checks ???
9884 -------------------------
9885 -- Discrete_Expr_Cond --
9886 -------------------------
9888 function Discrete_Expr_Cond
9891 is
9892 begin
9893 return
9895 Left_Opnd =>
9897 Left_Opnd =>
9900 Right_Opnd =>
9904 Right_Opnd =>
9906 Left_Opnd =>
9909 Right_Opnd =>
9910 Convert_To
9915 -------------------------
9916 -- Discrete_Range_Cond --
9917 -------------------------
9919 function Discrete_Range_Cond
9922 is
9929 begin
9932 then
9936 Left_Opnd :=
9938 Left_Opnd =>
9939 Convert_To
9942 Right_Opnd =>
9943 Convert_To
9949 then
9953 Right_Opnd :=
9955 Left_Opnd =>
9956 Convert_To
9959 Right_Opnd =>
9960 Convert_To
9967 -------------------------
9968 -- Get_E_First_Or_Last --
9969 -------------------------
9971 function Get_E_First_Or_Last
9976 is
9978 begin
9981 else
9991 -----------------
9992 -- Get_N_First --
9993 -----------------
9996 begin
9997 return
10000 Prefix =>
10006 ----------------
10007 -- Get_N_Last --
10008 ----------------
10011 begin
10012 return
10015 Prefix =>
10021 ------------------
10022 -- Range_E_Cond --
10023 ------------------
10025 function Range_E_Cond
10029 is
10030 begin
10031 return
10033 Left_Opnd =>
10035 Left_Opnd =>
10037 Right_Opnd =>
10040 Right_Opnd =>
10042 Left_Opnd =>
10044 Right_Opnd =>
10048 ------------------------
10049 -- Range_Equal_E_Cond --
10050 ------------------------
10052 function Range_Equal_E_Cond
10056 is
10057 begin
10058 return
10060 Left_Opnd =>
10062 Left_Opnd =>
10064 Right_Opnd =>
10067 Right_Opnd =>
10069 Left_Opnd =>
10071 Right_Opnd =>
10075 ------------------
10076 -- Range_N_Cond --
10077 ------------------
10079 function Range_N_Cond
10083 is
10084 begin
10085 return
10087 Left_Opnd =>
10089 Left_Opnd =>
10091 Right_Opnd =>
10094 Right_Opnd =>
10096 Left_Opnd =>
10098 Right_Opnd =>
10102 -- Start of processing for Selected_Range_Checks
10104 begin
10105 -- Checks will be applied only when generating code. In GNATprove mode,
10106 -- we do not apply the checks, but we still call Selected_Range_Checks
10107 -- to possibly issue errors on SPARK code when a run-time error can be
10108 -- detected at compile time.
10117 then
10129 else
10137 -- The order of evaluating T_Typ before S_Typ seems to be critical
10138 -- because S_Typ can be derived from Etype (Ck_Node), if it's not passed
10139 -- in, and since Node can be an N_Range node, it might be invalid.
10140 -- Should there be an assert check somewhere for taking the Etype of
10141 -- an N_Range node ???
10148 -- A simple optimization for the null case
10155 -- For an N_Range Node, check for a null range and then if not
10156 -- null generate a range check action.
10160 -- There's no point in checking a range against itself
10166 declare
10181 begin
10182 -- Compute what is known at compile time
10188 -- There's no point in checking that a bound is within its
10189 -- own range so pretend that it is known in this case. First
10190 -- deal with low bound.
10194 then
10199 -- Likewise for the high bound
10206 then
10212 -- Check for case where everything is static and we can do the
10213 -- check at compile time. This is skipped if we have an access
10214 -- type, since the access value may be null.
10216 -- ??? This code can be improved since you only need to know that
10217 -- the two respective bounds (LB & T_LB or HB & T_HB) are known at
10218 -- compile time to emit pertinent messages.
10221 and not Do_Access
10222 then
10223 -- Floating-point case
10227 Out_Of_Range_L :=
10229 or else
10232 Out_Of_Range_H :=
10234 or else
10237 -- Fixed or discrete type case
10239 else
10241 Out_Of_Range_L :=
10243 or else
10246 Out_Of_Range_H :=
10248 or else
10255 Add_Check
10256 (Compile_Time_Constraint_Error
10260 else
10261 Add_Check
10262 (Compile_Time_Constraint_Error
10270 Add_Check
10271 (Compile_Time_Constraint_Error
10275 else
10276 Add_Check
10277 (Compile_Time_Constraint_Error
10284 else
10285 declare
10289 begin
10290 -- If either bound is a discriminant and we are within the
10291 -- record declaration, it is a use of the discriminant in a
10292 -- constraint of a component, and nothing can be checked
10293 -- here. The check will be emitted within the init proc.
10294 -- Before then, the discriminal has no real meaning.
10295 -- Similarly, if the entity is a discriminal, there is no
10296 -- check to perform yet.
10298 -- The same holds within a discriminated synchronized type,
10299 -- where the discriminant may constrain a component or an
10300 -- entry family.
10304 then
10308 then
10310 else
10311 LB :=
10318 then
10322 then
10324 else
10325 HB :=
10333 Cond :=
10335 Left_Opnd =>
10337 Left_Opnd =>
10340 Right_Opnd =>
10350 -- This somewhat duplicates what Apply_Scalar_Range_Check does,
10351 -- except the above simply sets a flag in the node and lets
10352 -- gigi generate the check base on the Etype of the expression.
10353 -- Sometimes, however we want to do a dynamic check against an
10354 -- arbitrary target type, so we do that here.
10359 -- For literals, we can tell if the constraint error will be
10360 -- raised at compile time, so we never need a dynamic check, but
10361 -- if the exception will be raised, then post the usual warning,
10362 -- and replace the literal with a raise constraint error
10363 -- expression. As usual, skip this for access types
10366 declare
10375 begin
10376 -- Following range tests should use Sem_Eval routine ???
10380 Out_Of_Range :=
10382 or else
10385 -- Fixed or discrete type
10387 else
10388 Out_Of_Range :=
10390 or else
10394 -- Bounds of the type are static and the literal is out of
10395 -- range so output a warning message.
10399 Add_Check
10400 (Compile_Time_Constraint_Error
10404 else
10405 Add_Check
10406 (Compile_Time_Constraint_Error
10412 else
10417 -- Here for the case of a non-static expression, we need a runtime
10418 -- check unless the source type range is guaranteed to be in the
10419 -- range of the target type.
10421 else
10438 -- String_Literal case. This needs to be handled specially be-
10439 -- cause no index types are available for string literals. The
10440 -- condition is simply:
10442 -- T_Typ'Length = string-literal-length
10447 -- General array case. Here we have a usable actual subtype for
10448 -- the expression, and the condition is built from the two types
10450 -- T_Typ'First < Exptyp'First or else
10451 -- T_Typ'Last > Exptyp'Last or else
10452 -- T_Typ'First(1) < Exptyp'First(1) or else
10453 -- T_Typ'Last(1) > Exptyp'Last(1) or else
10454 -- ...
10457 declare
10463 begin
10469 or else
10471 then
10472 -- Deal with compile time length check. Note that we
10473 -- skip this in the access case, because the access
10474 -- value may be null, so we cannot know statically.
10476 if not
10477 Subtypes_Statically_Match
10479 then
10480 -- If the target type is constrained then we
10481 -- have to check for exact equality of bounds
10482 -- (required for qualified expressions).
10485 Evolve_Or_Else
10488 else
10489 Evolve_Or_Else
10500 -- Handle cases where we do not get a usable actual subtype that
10501 -- is constrained. This happens for example in the function call
10502 -- and explicit dereference cases. In these cases, we have to get
10503 -- the length or range from the expression itself, making sure we
10504 -- do not evaluate it more than once.
10506 -- Here Ck_Node is the original expression, or more properly the
10507 -- result of applying Duplicate_Expr to the original tree,
10508 -- forcing the result to be a name.
10510 else
10511 declare
10514 begin
10515 -- Build the condition for the explicit dereference case
10518 Evolve_Or_Else
10524 else
10525 -- For a conversion to an unconstrained array type, generate an
10526 -- Action to check that the bounds of the source value are within
10527 -- the constraints imposed by the target type (RM 4.6(38)). No
10528 -- check is needed for a conversion to an access to unconstrained
10529 -- array type, as 4.6(24.15/2) requires the designated subtypes
10530 -- of the two access types to statically match.
10533 and then not Do_Access
10534 then
10535 declare
10540 begin
10545 -- If the index is a range, use its bounds. If it is an
10546 -- entity (as will be the case if it is a named subtype
10547 -- or an itype created for a slice) retrieve its range.
10551 then
10553 else
10558 if Is_In_Range
10561 and then
10562 Is_In_Range
10565 then
10568 -- If null range, no check needed
10570 elsif
10572 and then
10574 and then
10577 then
10580 elsif Is_Out_Of_Range
10583 or else
10584 Is_Out_Of_Range
10587 then
10588 Add_Check
10589 (Compile_Time_Constraint_Error
10592 else
10593 Evolve_Or_Else
10595 Discrete_Range_Cond
10608 -- Construct the test and insert into the tree
10615 Add_Check
10624 -------------------------------
10625 -- Storage_Checks_Suppressed --
10626 -------------------------------
10629 begin
10632 else
10637 ---------------------------
10638 -- Tag_Checks_Suppressed --
10639 ---------------------------
10642 begin
10645 then
10647 else
10652 ---------------------------------------
10653 -- Validate_Alignment_Check_Warnings --
10654 ---------------------------------------
10657 begin
10659 declare
10660 AWR : Alignment_Warnings_Record
10662 begin
10665 then
10672 --------------------------
10673 -- Validity_Check_Range --
10674 --------------------------
10676 procedure Validity_Check_Range
10679 is
10680 begin
10683 Ensure_Valid
10688 Ensure_Valid
10696 --------------------------------
10697 -- Validity_Checks_Suppressed --
10698 --------------------------------
10701 begin
10704 else