| blob | f0ba9a8ad9e41bab0cd7f067f819e8c228377ab4 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C H E C K S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 1992-2016, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
68 -- General note: many of these routines are concerned with generating
69 -- checking code to make sure that constraint error is raised at runtime.
70 -- Clearly this code is only needed if the expander is active, since
71 -- otherwise we will not be generating code or going into the runtime
72 -- execution anyway.
74 -- We therefore disconnect most of these checks if the expander is
75 -- inactive. This has the additional benefit that we do not need to
76 -- worry about the tree being messed up by previous errors (since errors
77 -- turn off expansion anyway).
79 -- There are a few exceptions to the above rule. For instance routines
80 -- such as Apply_Scalar_Range_Check that do not insert any code can be
81 -- safely called even when the Expander is inactive (but Errors_Detected
82 -- is 0). The benefit of executing this code when expansion is off, is
83 -- the ability to emit constraint error warning for static expressions
84 -- even when we are not generating code.
86 -- The above is modified in gnatprove mode to ensure that proper check
87 -- flags are always placed, even if expansion is off.
89 -------------------------------------
90 -- Suppression of Redundant Checks --
91 -------------------------------------
93 -- This unit implements a limited circuit for removal of redundant
94 -- checks. The processing is based on a tracing of simple sequential
95 -- flow. For any sequence of statements, we save expressions that are
96 -- marked to be checked, and then if the same expression appears later
97 -- with the same check, then under certain circumstances, the second
98 -- check can be suppressed.
100 -- Basically, we can suppress the check if we know for certain that
101 -- the previous expression has been elaborated (together with its
102 -- check), and we know that the exception frame is the same, and that
103 -- nothing has happened to change the result of the exception.
105 -- Let us examine each of these three conditions in turn to describe
106 -- how we ensure that this condition is met.
108 -- First, we need to know for certain that the previous expression has
109 -- been executed. This is done principally by the mechanism of calling
110 -- Conditional_Statements_Begin at the start of any statement sequence
111 -- and Conditional_Statements_End at the end. The End call causes all
112 -- checks remembered since the Begin call to be discarded. This does
113 -- miss a few cases, notably the case of a nested BEGIN-END block with
114 -- no exception handlers. But the important thing is to be conservative.
115 -- The other protection is that all checks are discarded if a label
116 -- is encountered, since then the assumption of sequential execution
117 -- is violated, and we don't know enough about the flow.
119 -- Second, we need to know that the exception frame is the same. We
120 -- do this by killing all remembered checks when we enter a new frame.
121 -- Again, that's over-conservative, but generally the cases we can help
122 -- with are pretty local anyway (like the body of a loop for example).
124 -- Third, we must be sure to forget any checks which are no longer valid.
125 -- This is done by two mechanisms, first the Kill_Checks_Variable call is
126 -- used to note any changes to local variables. We only attempt to deal
127 -- with checks involving local variables, so we do not need to worry
128 -- about global variables. Second, a call to any non-global procedure
129 -- causes us to abandon all stored checks, since such a all may affect
130 -- the values of any local variables.
132 -- The following define the data structures used to deal with remembering
133 -- checks so that redundant checks can be eliminated as described above.
135 -- Right now, the only expressions that we deal with are of the form of
136 -- simple local objects (either declared locally, or IN parameters) or
137 -- such objects plus/minus a compile time known constant. We can do
138 -- more later on if it seems worthwhile, but this catches many simple
139 -- cases in practice.
141 -- The following record type reflects a single saved check. An entry
142 -- is made in the stack of saved checks if and only if the expression
143 -- has been elaborated with the indicated checks.
147 -- Set True if entry is killed by Kill_Checks
150 -- The entity involved in the expression that is checked
153 -- A compile time value indicating the result of adding or
154 -- subtracting a compile time value. This value is to be
155 -- added to the value of the Entity. A value of zero is
156 -- used for the case of a simple entity reference.
159 -- This is set to 'R' for a range check (in which case Target_Type
160 -- is set to the target type for the range check) or to 'O' for an
161 -- overflow check (in which case Target_Type is set to Empty).
164 -- Used only if Do_Range_Check is set. Records the target type for
165 -- the check. We need this, because a check is a duplicate only if
166 -- it has the same target type (or more accurately one with a
167 -- range that is smaller or equal to the stored target type of a
168 -- saved check).
171 -- The following table keeps track of saved checks. Rather than use an
172 -- extensible table, we just use a table of fixed size, and we discard
173 -- any saved checks that do not fit. That's very unlikely to happen and
174 -- this is only an optimization in any case.
177 -- Array of saved checks
180 -- Number of saved checks
182 -- The following stack keeps track of statement ranges. It is treated
183 -- as a stack. When Conditional_Statements_Begin is called, an entry
184 -- is pushed onto this stack containing the value of Num_Saved_Checks
185 -- at the time of the call. Then when Conditional_Statements_End is
186 -- called, this value is popped off and used to reset Num_Saved_Checks.
188 -- Note: again, this is a fixed length stack with a size that should
189 -- always be fine. If the value of the stack pointer goes above the
190 -- limit, then we just forget all saved checks.
195 -----------------------
196 -- Local Subprograms --
197 -----------------------
200 -- Used to apply arithmetic overflow checks for all cases except operators
201 -- on signed arithmetic types in MINIMIZED/ELIMINATED case (for which we
202 -- call Apply_Arithmetic_Overflow_Minimized_Eliminated below). N can be a
203 -- signed integer arithmetic operator (but not an if or case expression).
204 -- It is also called for types other than signed integers.
207 -- Used to apply arithmetic overflow checks for the case where the overflow
208 -- checking mode is MINIMIZED or ELIMINATED and we have a signed integer
209 -- arithmetic op (which includes the case of if and case expressions). Note
210 -- that Do_Overflow_Check may or may not be set for node Op. In these modes
211 -- we have work to do even if overflow checking is suppressed.
213 procedure Apply_Division_Check
218 -- N is an N_Op_Div, N_Op_Rem, or N_Op_Mod node. This routine applies
219 -- division checks as required if the Do_Division_Check flag is set.
220 -- Rlo and Rhi give the possible range of the right operand, these values
221 -- can be referenced and trusted only if ROK is set True.
223 procedure Apply_Float_Conversion_Check
226 -- The checks on a conversion from a floating-point type to an integer
227 -- type are delicate. They have to be performed before conversion, they
228 -- have to raise an exception when the operand is a NaN, and rounding must
229 -- be taken into account to determine the safe bounds of the operand.
231 procedure Apply_Selected_Length_Checks
236 -- This is the subprogram that does all the work for Apply_Length_Check
237 -- and Apply_Static_Length_Check. Expr, Target_Typ and Source_Typ are as
238 -- described for the above routines. The Do_Static flag indicates that
239 -- only a static check is to be done.
241 procedure Apply_Selected_Range_Checks
246 -- This is the subprogram that does all the work for Apply_Range_Check.
247 -- Expr, Target_Typ and Source_Typ are as described for the above
248 -- routine. The Do_Static flag indicates that only a static check is
249 -- to be done.
253 -- This function is used to see if an access or division by zero check is
254 -- needed. The check is to be applied to a single variable appearing in the
255 -- source, and N is the node for the reference. If N is not of this form,
256 -- True is returned with no further processing. If N is of the right form,
257 -- then further processing determines if the given Check is needed.
258 --
259 -- The particular circuit is to see if we have the case of a check that is
260 -- not needed because it appears in the right operand of a short circuited
261 -- conditional where the left operand guards the check. For example:
262 --
263 -- if Var = 0 or else Q / Var > 12 then
264 -- ...
265 -- end if;
266 --
267 -- In this example, the division check is not required. At the same time
268 -- we can issue warnings for suspicious use of non-short-circuited forms,
269 -- such as:
270 --
271 -- if Var = 0 or Q / Var > 12 then
272 -- ...
273 -- end if;
275 procedure Find_Check
283 -- This routine is used by Enable_Range_Check and Enable_Overflow_Check
284 -- to see if a check is of the form for optimization, and if so, to see
285 -- if it has already been performed. Expr is the expression to check,
286 -- and Check_Type is 'R' for a range check, 'O' for an overflow check.
287 -- Target_Type is the target type for a range check, and Empty for an
288 -- overflow check. If the entry is not of the form for optimization,
289 -- then Entry_OK is set to False, and the remaining out parameters
290 -- are undefined. If the entry is OK, then Ent/Ofs are set to the
291 -- entity and offset from the expression. Check_Num is the number of
292 -- a matching saved entry in Saved_Checks, or zero if no such entry
293 -- is located.
296 -- If a discriminal is used in constraining a prival, Return reference
297 -- to the discriminal of the protected body (which renames the parameter
298 -- of the enclosing protected operation). This clumsy transformation is
299 -- needed because privals are created too late and their actual subtypes
300 -- are not available when analysing the bodies of the protected operations.
301 -- This function is called whenever the bound is an entity and the scope
302 -- indicates a protected operation. If the bound is an in-parameter of
303 -- a protected operation that is not a prival, the function returns the
304 -- bound itself.
305 -- To be cleaned up???
307 function Guard_Access
311 -- In the access type case, guard the test with a test to ensure
312 -- that the access value is non-null, since the checks do not
313 -- not apply to null access values.
316 -- Called by Apply_{Length,Range}_Checks to rewrite the tree with the
317 -- Constraint_Error node.
320 -- Returns True if node N is for an arithmetic operation with signed
321 -- integer operands. This includes unary and binary operators, and also
322 -- if and case expression nodes where the dependent expressions are of
323 -- a signed integer type. These are the kinds of nodes for which special
324 -- handling applies in MINIMIZED or ELIMINATED overflow checking mode.
326 function Range_Or_Validity_Checks_Suppressed
328 -- Returns True if either range or validity checks or both are suppressed
329 -- for the type of the given expression, or, if the expression is the name
330 -- of an entity, if these checks are suppressed for the entity.
332 function Selected_Length_Checks
337 -- Like Apply_Selected_Length_Checks, except it doesn't modify
338 -- anything, just returns a list of nodes as described in the spec of
339 -- this package for the Range_Check function.
340 -- ??? In fact it does construct the test and insert it into the tree,
341 -- and insert actions in various ways (calling Insert_Action directly
342 -- in particular) so we do not call it in GNATprove mode, contrary to
343 -- Selected_Range_Checks.
345 function Selected_Range_Checks
350 -- Like Apply_Selected_Range_Checks, except it doesn't modify anything,
351 -- just returns a list of nodes as described in the spec of this package
352 -- for the Range_Check function.
354 ------------------------------
355 -- Access_Checks_Suppressed --
356 ------------------------------
359 begin
362 else
367 -------------------------------------
368 -- Accessibility_Checks_Suppressed --
369 -------------------------------------
372 begin
375 else
380 -----------------------------
381 -- Activate_Division_Check --
382 -----------------------------
385 begin
390 -----------------------------
391 -- Activate_Overflow_Check --
392 -----------------------------
397 begin
398 -- Floating-point case. If Etype is not set (this can happen when we
399 -- activate a check on a node that has not yet been analyzed), then
400 -- we assume we do not have a floating-point type (as per our spec).
404 -- Ignore call if we have no automatic overflow checks on the target
405 -- and Check_Float_Overflow mode is not set. These are the cases in
406 -- which we expect to generate infinities and NaN's with no check.
411 -- Ignore for unary operations ("+", "-", abs) since these can never
412 -- result in overflow for floating-point cases.
417 -- Otherwise we will set the flag
419 else
423 -- Discrete case
425 else
426 -- Nothing to do for Rem/Mod/Plus (overflow not possible, the check
427 -- for zero-divide is a divide check, not an overflow check).
434 -- Fall through for cases where we do set the flag
440 --------------------------
441 -- Activate_Range_Check --
442 --------------------------
445 begin
450 ---------------------------------
451 -- Alignment_Checks_Suppressed --
452 ---------------------------------
455 begin
458 else
463 ----------------------------------
464 -- Allocation_Checks_Suppressed --
465 ----------------------------------
467 -- Note: at the current time there are no calls to this function, because
468 -- the relevant check is in the run-time, so it is not a check that the
469 -- compiler can suppress anyway, but we still have to recognize the check
470 -- name Allocation_Check since it is part of the standard.
473 begin
476 else
481 -------------------------
482 -- Append_Range_Checks --
483 -------------------------
485 procedure Append_Range_Checks
491 is
499 begin
500 -- For now we just return if Checks_On is false, however this should
501 -- be enhanced to check for an always True value in the condition
502 -- and to generate a compilation warning???
513 then
519 else
520 Append_To
528 ------------------------
529 -- Apply_Access_Check --
530 ------------------------
535 begin
536 -- We do not need checks if we are not generating code (i.e. the
537 -- expander is not active). This is not just an optimization, there
538 -- are cases (e.g. with pragma Debug) where generating the checks
539 -- can cause real trouble).
545 -- No check if short circuiting makes check unnecessary
551 -- No check if accessing the Offset_To_Top component of a dispatch
552 -- table. They are safe by construction.
554 if Tagged_Type_Expansion
559 then
563 -- Otherwise go ahead and install the check
568 -------------------------------
569 -- Apply_Accessibility_Check --
570 -------------------------------
572 procedure Apply_Accessibility_Check
576 is
582 begin
588 then
592 -- Renamed_Object must return an Entity_Name here
593 -- because of preceding "Present (E_E_A (...))" test.
602 -- Only apply the run-time check if the access parameter has an
603 -- associated extra access level parameter and when the level of the
604 -- type is less deep than the level of the access parameter, and
605 -- accessibility checks are not suppressed.
613 then
614 Param_Level :=
617 Type_Level :=
620 -- Raise Program_Error if the accessibility level of the access
621 -- parameter is deeper than the level of the target access type.
625 Condition =>
635 --------------------------------
636 -- Apply_Address_Clause_Check --
637 --------------------------------
647 -- Address expression (not necessarily the same as Aexp, for example
648 -- when Aexp is a reference to a constant, in which case Expr gets
649 -- reset to reference the value expression of the constant).
651 begin
652 -- See if alignment check needed. Note that we never need a check if the
653 -- maximum alignment is one, since the check will always succeed.
655 -- Note: we do not check for checks suppressed here, since that check
656 -- was done in Sem_Ch13 when the address clause was processed. We are
657 -- only called if checks were not suppressed. The reason for this is
658 -- that we have to delay the call to Apply_Alignment_Check till freeze
659 -- time (so that all types etc are elaborated), but we have to check
660 -- the status of check suppressing at the point of the address clause.
665 then
669 -- Obtain expression from address clause
673 -- See if we know that Expr has an acceptable value at compile time. If
674 -- it hasn't or we don't know, we defer issuing the warning until the
675 -- end of the compilation to take into account back end annotations.
679 then
680 declare
683 begin
684 -- The object alignment might be more restrictive than the type
685 -- alignment.
696 -- If the expression has the form X'Address, then we can find out if the
697 -- object X has an alignment that is compatible with the object E. If it
698 -- hasn't or we don't know, we defer issuing the warning until the end
699 -- of the compilation to take into account back end annotations.
703 and then
705 then
709 -- Here we do not know if the value is acceptable. Strictly we don't
710 -- have to do anything, since if the alignment is bad, we have an
711 -- erroneous program. However we are allowed to check for erroneous
712 -- conditions and we decide to do this by default if the check is not
713 -- suppressed.
715 -- However, don't do the check if elaboration code is unwanted
720 -- Generate a check to raise PE if alignment may be inappropriate
722 else
723 -- If the original expression is a non-static constant, use the name
724 -- of the constant itself rather than duplicating its initialization
725 -- expression, which was extracted above.
727 -- Note: Expr is empty if the address-clause is applied to in-mode
728 -- actuals (allowed by 13.1(22)).
731 or else
735 N_Object_Declaration)
736 then
738 else
748 Condition =>
750 Left_Opnd =>
752 Left_Opnd =>
753 Unchecked_Convert_To
755 Right_Opnd =>
765 -- If the above raise action generated a warning message (for example
766 -- from Warn_On_Non_Local_Exception mode with the active restriction
767 -- No_Exception_Propagation).
771 -- If the expression has a known at compile time value, then
772 -- once we know the alignment of the type, we can check if the
773 -- exception will be raised or not, and if not, we don't need
774 -- the warning so we will kill the warning later on.
777 Alignment_Warnings.Append
780 -- Add explanation of the warning generated by the check
782 else
783 Error_Msg_N
792 exception
794 -- If we have some missing run time component in configurable run time
795 -- mode then just skip the check (it is not required in any case).
801 -------------------------------------
802 -- Apply_Arithmetic_Overflow_Check --
803 -------------------------------------
806 begin
807 -- Use old routine in almost all cases (the only case we are treating
808 -- specially is the case of a signed integer arithmetic op with the
809 -- overflow checking mode set to MINIMIZED or ELIMINATED).
813 then
816 -- Otherwise use the new routine for the case of a signed integer
817 -- arithmetic op, with Do_Overflow_Check set to True, and the checking
818 -- mode is MINIMIZED or ELIMINATED.
820 else
825 --------------------------------------
826 -- Apply_Arithmetic_Overflow_Strict --
827 --------------------------------------
829 -- This routine is called only if the type is an integer type and an
830 -- arithmetic overflow check may be needed for op (add, subtract, or
831 -- multiply). This check is performed if Backend_Overflow_Checks_On_Target
832 -- is not enabled and Do_Overflow_Check is set. In this case we expand the
833 -- operation into a more complex sequence of tests that ensures that
834 -- overflow is properly caught.
836 -- This is used in CHECKED modes. It is identical to the code for this
837 -- cases before the big overflow earthquake, thus ensuring that in this
838 -- modes we have compatible behavior (and reliability) to what was there
839 -- before. It is also called for types other than signed integers, and if
840 -- the Do_Overflow_Check flag is off.
842 -- Note: we also call this routine if we decide in the MINIMIZED case
843 -- to give up and just generate an overflow check without any fuss.
850 begin
851 -- Nothing to do if Do_Overflow_Check not set or overflow checks
852 -- suppressed.
858 -- An interesting special case. If the arithmetic operation appears as
859 -- the operand of a type conversion:
861 -- type1 (x op y)
863 -- and all the following conditions apply:
865 -- arithmetic operation is for a signed integer type
866 -- target type type1 is a static integer subtype
867 -- range of x and y are both included in the range of type1
868 -- range of x op y is included in the range of type1
869 -- size of type1 is at least twice the result size of op
871 -- then we don't do an overflow check in any case. Instead, we transform
872 -- the operation so that we end up with:
874 -- type1 (type1 (x) op type1 (y))
876 -- This avoids intermediate overflow before the conversion. It is
877 -- explicitly permitted by RM 3.5.4(24):
879 -- For the execution of a predefined operation of a signed integer
880 -- type, the implementation need not raise Constraint_Error if the
881 -- result is outside the base range of the type, so long as the
882 -- correct result is produced.
884 -- It's hard to imagine that any programmer counts on the exception
885 -- being raised in this case, and in any case it's wrong coding to
886 -- have this expectation, given the RM permission. Furthermore, other
887 -- Ada compilers do allow such out of range results.
889 -- Note that we do this transformation even if overflow checking is
890 -- off, since this is precisely about giving the "right" result and
891 -- avoiding the need for an overflow check.
893 -- Note: this circuit is partially redundant with respect to the similar
894 -- processing in Exp_Ch4.Expand_N_Type_Conversion, but the latter deals
895 -- with cases that do not come through here. We still need the following
896 -- processing even with the Exp_Ch4 code in place, since we want to be
897 -- sure not to generate the arithmetic overflow check in these cases
898 -- (Exp_Ch4 would have a hard time removing them once generated).
902 then
918 begin
921 then
925 Determine_Range
927 Determine_Range
933 then
947 -- Rewrite the conversion operand so that the original
948 -- node is retained, in order to avoid the warning for
949 -- redundant conversions in Resolve_Type_Conversion.
958 -- Given that the target type is twice the size of the
959 -- source type, overflow is now impossible, so we can
960 -- safely kill the overflow check and return.
970 -- Now see if an overflow check is required
972 declare
980 begin
981 -- Skip check if back end does overflow checks, or the overflow flag
982 -- is not set anyway, or we are not doing code expansion, or the
983 -- parent node is a type conversion whose operand is an arithmetic
984 -- operation on signed integers on which the expander can promote
985 -- later the operands to type Integer (see Expand_N_Type_Conversion).
987 if Backend_Overflow_Checks_On_Target
989 or else not Expander_Active
993 then
997 -- Otherwise, generate the full general code for front end overflow
998 -- detection, which works by doing arithmetic in a larger type:
1000 -- x op y
1002 -- is expanded into
1004 -- Typ (Checktyp (x) op Checktyp (y));
1006 -- where Typ is the type of the original expression, and Checktyp is
1007 -- an integer type of sufficient length to hold the largest possible
1008 -- result.
1010 -- If the size of check type exceeds the size of Long_Long_Integer,
1011 -- we use a different approach, expanding to:
1013 -- typ (xxx_With_Ovflo_Check (Integer_64 (x), Integer (y)))
1015 -- where xxx is Add, Multiply or Subtract as appropriate
1017 -- Find check type if one exists
1025 -- No check type exists, use runtime call
1027 else
1034 else
1051 -- If we fall through, we have the case where we do the arithmetic
1052 -- in the next higher type and get the check by conversion. In these
1053 -- cases Ctyp is set to the type to be used as the check type.
1071 -- The type of the operation changes to the base type of the check
1072 -- type, and we reset the overflow check indication, since clearly no
1073 -- overflow is possible now that we are using a double length type.
1074 -- We also set the Analyzed flag to avoid a recursive attempt to
1075 -- expand the node.
1081 -- Now build the outer conversion
1087 -- In the discrete type case, we directly generate the range check
1088 -- for the outer operand. This range check will implement the
1089 -- required overflow check.
1093 Generate_Range_Check
1096 -- For other types, we enable overflow checking on the conversion,
1097 -- after setting the node as analyzed to prevent recursive attempts
1098 -- to expand the conversion node.
1100 else
1106 exception
1112 ----------------------------------------------------
1113 -- Apply_Arithmetic_Overflow_Minimized_Eliminated --
1114 ----------------------------------------------------
1123 -- Operands and results are of this type when we convert
1126 -- Original result type
1132 -- Ranges of values for result
1134 begin
1135 -- Nothing to do if our parent is one of the following:
1137 -- Another signed integer arithmetic op
1138 -- A membership operation
1139 -- A comparison operation
1141 -- In all these cases, we will process at the higher level (and then
1142 -- this node will be processed during the downwards recursion that
1143 -- is part of the processing in Minimize_Eliminate_Overflows).
1149 -- This is also true for an alternative in a case expression
1153 -- This is also true for a range operand in a membership test
1157 then
1158 -- If_Expressions and Case_Expressions are treated as arithmetic
1159 -- ops, but if they appear in an assignment or similar contexts
1160 -- there is no overflow check that starts from that parent node,
1161 -- so apply check now.
1165 then
1167 else
1172 -- Otherwise, we have a top level arithmetic operation node, and this
1173 -- is where we commence the special processing for MINIMIZED/ELIMINATED
1174 -- modes. This is the case where we tell the machinery not to move into
1175 -- Bignum mode at this top level (of course the top level operation
1176 -- will still be in Bignum mode if either of its operands are of type
1177 -- Bignum).
1181 -- That call may but does not necessarily change the result type of Op.
1182 -- It is the job of this routine to undo such changes, so that at the
1183 -- top level, we have the proper type. This "undoing" is a point at
1184 -- which a final overflow check may be applied.
1186 -- If the result type was not fiddled we are all set. We go to base
1187 -- types here because things may have been rewritten to generate the
1188 -- base type of the operand types.
1193 -- Bignum case
1197 -- We need a sequence that looks like:
1199 -- Rnn : Result_Type;
1201 -- declare
1202 -- M : Mark_Id := SS_Mark;
1203 -- begin
1204 -- Rnn := Long_Long_Integer'Base (From_Bignum (Op));
1205 -- SS_Release (M);
1206 -- end;
1208 -- This block is inserted (using Insert_Actions), and then the node
1209 -- is replaced with a reference to Rnn.
1211 -- If our parent is a conversion node then there is no point in
1212 -- generating a conversion to Result_Type. Instead, we let the parent
1213 -- handle this. Note that this special case is not just about
1214 -- optimization. Consider
1216 -- A,B,C : Integer;
1217 -- ...
1218 -- X := Long_Long_Integer'Base (A * (B ** C));
1220 -- Now the product may fit in Long_Long_Integer but not in Integer.
1221 -- In MINIMIZED/ELIMINATED mode, we don't want to introduce an
1222 -- overflow exception for this intermediate value.
1224 declare
1231 begin
1238 -- Interesting question, do we need a check on that conversion
1239 -- operation. Answer, not if we know the result is in range.
1240 -- At the moment we are not taking advantage of this. To be
1241 -- looked at later ???
1243 else
1247 Insert_Before
1257 Blk));
1263 -- Here we know the result is Long_Long_Integer'Base, or that it has
1264 -- been rewritten because the parent operation is a conversion. See
1265 -- Apply_Arithmetic_Overflow_Strict.Conversion_Optimization.
1267 else
1268 pragma Assert
1271 -- All we need to do here is to convert the result to the proper
1272 -- result type. As explained above for the Bignum case, we can
1273 -- omit this if our parent is a type conversion.
1283 ----------------------------
1284 -- Apply_Constraint_Check --
1285 ----------------------------
1287 procedure Apply_Constraint_Check
1291 is
1294 begin
1295 -- No checks inside a generic (check the instantiations)
1301 -- Apply required constraint checks
1308 -- A useful optimization: an aggregate with only an others clause
1309 -- always has the right bounds.
1313 and then Nkind
1315 = N_Others_Choice
1316 then
1326 else
1333 then
1340 -- No checks necessary if expression statically null
1347 -- No sliding possible on access to arrays
1358 then
1362 -- Apply the 2005 Null_Excluding check. Note that we do not apply
1363 -- this check if the constraint node is illegal, as shown by having
1364 -- an error posted. This additional guard prevents cascaded errors
1365 -- and compiler aborts on illegal programs involving Ada 2005 checks.
1370 then
1376 ------------------------------
1377 -- Apply_Discriminant_Check --
1378 ------------------------------
1380 procedure Apply_Discriminant_Check
1384 is
1392 -- A heap object with an indefinite subtype is constrained by its
1393 -- initial value, and assigning to it requires a constraint_check.
1394 -- The target may be an explicit dereference, or a renaming of one.
1397 -- It is possible for an aliased component to have a nominal
1398 -- unconstrained subtype (through instantiation). If this is a
1399 -- discriminated component assigned in the expansion of an aggregate
1400 -- in an initialization, the check must be suppressed. This unusual
1401 -- situation requires a predicate of its own.
1403 ----------------------------------
1404 -- Denotes_Explicit_Dereference --
1405 ----------------------------------
1408 begin
1409 return
1411 or else
1415 N_Explicit_Dereference);
1418 ----------------------------------------
1419 -- Is_Aliased_Unconstrained_Component --
1420 ----------------------------------------
1426 begin
1429 else
1436 then
1441 and then In_Instance
1445 -- Start of processing for Apply_Discriminant_Check
1447 begin
1450 else
1454 -- Only apply checks when generating code and discriminant checks are
1455 -- not suppressed. In GNATprove mode, we do not apply the checks, but we
1456 -- still analyze the expression to possibly issue errors on SPARK code
1457 -- when a run-time error can be detected at compile time.
1460 if not Expander_Active
1462 then
1467 -- No discriminant checks necessary for an access when expression is
1468 -- statically Null. This is not only an optimization, it is fundamental
1469 -- because otherwise discriminant checks may be generated in init procs
1470 -- for types containing an access to a not-yet-frozen record, causing a
1471 -- deadly forward reference.
1473 -- Also, if the expression is of an access type whose designated type is
1474 -- incomplete, then the access value must be null and we suppress the
1475 -- check.
1488 -- If an assignment target is present, then we need to generate the
1489 -- actual subtype if the target is a parameter or aliased object with
1490 -- an unconstrained nominal subtype.
1492 -- Ada 2005 (AI-363): For Ada 2005, we limit the building of the actual
1493 -- subtype to the parameter and dereference cases, since other aliased
1494 -- objects are unconstrained (unless the nominal subtype is explicitly
1495 -- constrained).
1507 N_Function_Call))
1508 then
1512 -- Nothing to do if the type is unconstrained (this is the case where
1513 -- the actual subtype in the RM sense of N is unconstrained and no check
1514 -- is required).
1519 -- Ada 2005: nothing to do if the type is one for which there is a
1520 -- partial view that is constrained.
1523 and then Object_Type_Has_Constrained_Partial_View
1526 then
1530 -- Nothing to do if the type is an Unchecked_Union
1536 -- Suppress checks if the subtypes are the same. The check must be
1537 -- preserved in an assignment to a formal, because the constraint is
1538 -- given by the actual.
1544 then
1548 then
1552 -- We can also eliminate checks on allocators with a subtype mark that
1553 -- coincides with the context type. The context type may be a subtype
1554 -- without a constraint (common case, a generic actual).
1558 then
1559 declare
1563 begin
1570 then
1576 -- See if we have a case where the types are both constrained, and all
1577 -- the constraints are constants. In this case, we can do the check
1578 -- successfully at compile time.
1580 -- We skip this check for the case where the node is rewritten as
1581 -- an allocator, because it already carries the context subtype,
1582 -- and extracting the discriminants from the aggregate is messy.
1586 then
1587 declare
1594 begin
1595 -- S_Typ may not have discriminants in the case where it is a
1596 -- private type completed by a default discriminated type. In that
1597 -- case, we need to get the constraints from the underlying type.
1598 -- If the underlying type is unconstrained (i.e. has no default
1599 -- discriminants) no check is needed.
1605 else
1607 DconS :=
1608 First_Elmt
1615 -- A further optimization: if T_Typ is derived from S_Typ
1616 -- without imposing a constraint, no check is needed.
1619 N_Full_Type_Declaration
1620 then
1621 declare
1624 begin
1628 then
1635 -- Constraint may appear in full view of type
1639 then
1640 DconT :=
1642 else
1643 DconT :=
1651 -- For a discriminated component type constrained by the
1652 -- current instance of an enclosing type, there is no
1653 -- applicable discriminant check.
1659 then
1663 -- If the expressions for the discriminants are identical
1664 -- and it is side-effect free (for now just an entity),
1665 -- this may be a shared constraint, e.g. from a subtype
1666 -- without a constraint introduced as a generic actual.
1667 -- Examine other discriminants if any.
1671 then
1676 then
1682 else
1683 Apply_Compile_Time_Constraint_Error
1701 -- In GNATprove mode, we do not apply the checks
1707 -- Here we need a discriminant check. First build the expression
1708 -- for the comparisons of the discriminants:
1710 -- (n.disc1 /= typ.disc1) or else
1711 -- (n.disc2 /= typ.disc2) or else
1712 -- ...
1713 -- (n.discn /= typ.discn)
1717 -- If Lhs is set and is a parameter, then the condition is guarded by:
1718 -- lhs'constrained and then (condition built above)
1721 Cond :=
1723 Left_Opnd =>
1740 -------------------------
1741 -- Apply_Divide_Checks --
1742 -------------------------
1751 -- Current overflow checking mode
1762 -- Don't actually use this value
1764 begin
1765 -- If we are operating in MINIMIZED or ELIMINATED mode, and we are
1766 -- operating on signed integer types, then the only thing this routine
1767 -- does is to call Apply_Arithmetic_Overflow_Minimized_Eliminated. That
1768 -- procedure will (possibly later on during recursive downward calls),
1769 -- ensure that any needed overflow/division checks are properly applied.
1773 then
1778 -- Proceed here in SUPPRESSED or CHECKED modes
1780 if Expander_Active
1781 and then not Backend_Divide_Checks_On_Target
1783 then
1786 -- Deal with division check
1790 then
1794 -- Deal with overflow check
1798 then
1801 -- Test for extremely annoying case of xxx'First divided by -1
1802 -- for division of signed integer types (only overflow case).
1806 then
1811 and then
1813 then
1816 Condition =>
1818 Left_Opnd =>
1820 Left_Opnd =>
1824 Right_Opnd =>
1836 --------------------------
1837 -- Apply_Division_Check --
1838 --------------------------
1840 procedure Apply_Division_Check
1845 is
1851 begin
1852 if Expander_Active
1853 and then not Backend_Divide_Checks_On_Target
1855 then
1856 -- See if division by zero possible, and if so generate test. This
1857 -- part of the test is not controlled by the -gnato switch, since
1858 -- it is a Division_Check and not an Overflow_Check.
1866 Condition =>
1876 ----------------------------------
1877 -- Apply_Float_Conversion_Check --
1878 ----------------------------------
1880 -- Let F and I be the source and target types of the conversion. The RM
1881 -- specifies that a floating-point value X is rounded to the nearest
1882 -- integer, with halfway cases being rounded away from zero. The rounded
1883 -- value of X is checked against I'Range.
1885 -- The catch in the above paragraph is that there is no good way to know
1886 -- whether the round-to-integer operation resulted in overflow. A remedy is
1887 -- to perform a range check in the floating-point domain instead, however:
1889 -- (1) The bounds may not be known at compile time
1890 -- (2) The check must take into account rounding or truncation.
1891 -- (3) The range of type I may not be exactly representable in F.
1892 -- (4) For the rounding case, The end-points I'First - 0.5 and
1893 -- I'Last + 0.5 may or may not be in range, depending on the
1894 -- sign of I'First and I'Last.
1895 -- (5) X may be a NaN, which will fail any comparison
1897 -- The following steps correctly convert X with rounding:
1899 -- (1) If either I'First or I'Last is not known at compile time, use
1900 -- I'Base instead of I in the next three steps and perform a
1901 -- regular range check against I'Range after conversion.
1902 -- (2) If I'First - 0.5 is representable in F then let Lo be that
1903 -- value and define Lo_OK as (I'First > 0). Otherwise, let Lo be
1904 -- F'Machine (I'First) and let Lo_OK be (Lo >= I'First).
1905 -- In other words, take one of the closest floating-point numbers
1906 -- (which is an integer value) to I'First, and see if it is in
1907 -- range or not.
1908 -- (3) If I'Last + 0.5 is representable in F then let Hi be that value
1909 -- and define Hi_OK as (I'Last < 0). Otherwise, let Hi be
1910 -- F'Machine (I'Last) and let Hi_OK be (Hi <= I'Last).
1911 -- (4) Raise CE when (Lo_OK and X < Lo) or (not Lo_OK and X <= Lo)
1912 -- or (Hi_OK and X > Hi) or (not Hi_OK and X >= Hi)
1914 -- For the truncating case, replace steps (2) and (3) as follows:
1915 -- (2) If I'First > 0, then let Lo be F'Pred (I'First) and let Lo_OK
1916 -- be False. Otherwise, let Lo be F'Succ (I'First - 1) and let
1917 -- Lo_OK be True.
1918 -- (3) If I'Last < 0, then let Hi be F'Succ (I'Last) and let Hi_OK
1919 -- be False. Otherwise let Hi be F'Pred (I'Last + 1) and let
1920 -- Hi_OK be True.
1922 procedure Apply_Float_Conversion_Check
1925 is
1935 -- Parent of check node, must be a type conversion
1939 UI_Expon
1943 -- Largest bound, so bound plus or minus half is a machine number of F
1946 -- Bounds of integer type
1949 -- Bounds to check in floating-point domain
1952 -- True iff Lo resp. Hi belongs to I'Range
1955 -- Expressions that are False iff check fails
1959 begin
1960 -- We do not need checks if we are not generating code (i.e. the full
1961 -- expander is not active). In SPARK mode, we specifically don't want
1962 -- the frontend to expand these checks, which are dealt with directly
1963 -- in the formal verification backend.
1971 then
1972 declare
1973 -- First check that the value falls in the range of the base type,
1974 -- to prevent overflow during conversion and then perform a
1975 -- regular range check against the (dynamic) bounds.
1981 begin
1994 Condition =>
2005 -- Get the (static) bounds of the target type
2010 -- A simple optimization: if the expression is a universal literal,
2011 -- we can do the comparison with the bounds and the conversion to
2012 -- an integer type statically. The range checks are unchanged.
2018 then
2019 declare
2022 begin
2025 -- Conversion is safe
2035 -- Check against lower bound
2049 else
2056 -- Lo_Chk := (X >= Lo)
2062 else
2063 -- Lo_Chk := (X > Lo)
2070 -- Check against higher bound
2083 else
2090 -- Hi_Chk := (X <= Hi)
2096 else
2097 -- Hi_Chk := (X < Hi)
2104 -- If the bounds of the target type are the same as those of the base
2105 -- type, the check is an overflow check as a range check is not
2106 -- performed in these cases.
2110 then
2112 else
2116 -- Raise CE if either conditions does not hold
2124 ------------------------
2125 -- Apply_Length_Check --
2126 ------------------------
2128 procedure Apply_Length_Check
2132 is
2133 begin
2134 Apply_Selected_Length_Checks
2138 -------------------------------------
2139 -- Apply_Parameter_Aliasing_Checks --
2140 -------------------------------------
2142 procedure Apply_Parameter_Aliasing_Checks
2145 is
2148 function May_Cause_Aliasing
2151 -- Determine whether two formal parameters can alias each other
2152 -- depending on their modes.
2155 -- The expander may replace an actual with a temporary for the sake of
2156 -- side effect removal. The temporary may hide a potential aliasing as
2157 -- it does not share the address of the actual. This routine attempts
2158 -- to retrieve the original actual.
2160 procedure Overlap_Check
2166 -- Create a check to determine whether Actual_1 overlaps with Actual_2.
2167 -- If detailed exception messages are enabled, the check is augmented to
2168 -- provide information about the names of the corresponding formals. See
2169 -- the body for details. Actual_1 and Actual_2 denote the two actuals to
2170 -- be tested. Formal_1 and Formal_2 denote the corresponding formals.
2171 -- Check contains all and-ed simple tests generated so far or remains
2172 -- unchanged in the case of detailed exception messaged.
2174 ------------------------
2175 -- May_Cause_Aliasing --
2176 ------------------------
2178 function May_Cause_Aliasing
2181 is
2182 begin
2183 -- The following combination cannot lead to aliasing
2185 -- Formal 1 Formal 2
2186 -- IN IN
2189 and then
2191 then
2194 -- The following combinations may lead to aliasing
2196 -- Formal 1 Formal 2
2197 -- IN OUT
2198 -- IN IN OUT
2199 -- OUT IN
2200 -- OUT IN OUT
2201 -- OUT OUT
2203 else
2208 ---------------------
2209 -- Original_Actual --
2210 ---------------------
2213 begin
2217 -- The expander created a temporary to capture the result of a type
2218 -- conversion where the expression is the real actual.
2223 then
2230 -------------------
2231 -- Overlap_Check --
2232 -------------------
2234 procedure Overlap_Check
2240 is
2245 begin
2246 -- Generate:
2247 -- Actual_1'Overlaps_Storage (Actual_2)
2249 Cond :=
2253 Expressions =>
2256 -- Generate the following check when detailed exception messages are
2257 -- enabled:
2259 -- if Actual_1'Overlaps_Storage (Actual_2) then
2260 -- raise Program_Error with <detailed message>;
2261 -- end if;
2264 Start_String;
2266 -- Do not generate location information for internal calls
2292 Name =>
2296 -- Create a sequence of overlapping checks by and-ing them all
2297 -- together.
2299 else
2302 else
2303 Check :=
2311 -- Local variables
2321 -- Start of processing for Apply_Parameter_Aliasing_Checks
2323 begin
2331 -- Ensure that the actual is an object that is not passed by value.
2332 -- Elementary types are always passed by value, therefore actuals of
2333 -- such types cannot lead to aliasing. An aggregate is an object in
2334 -- Ada 2012, but an actual that is an aggregate cannot overlap with
2335 -- another actual. A type that is By_Reference (such as an array of
2336 -- controlled types) is not subject to the check because any update
2337 -- will be done in place and a subsequent read will always see the
2338 -- correct value, see RM 6.2 (12/3).
2343 then
2349 then
2355 -- The other actual we are testing against must also denote
2356 -- a non pass-by-value object. Generate the check only when
2357 -- the mode of the two formals may lead to aliasing.
2362 then
2366 Overlap_Check
2383 -- Place a simple check right before the call
2393 -------------------------------------
2394 -- Apply_Parameter_Validity_Checks --
2395 -------------------------------------
2400 procedure Add_Validity_Check
2404 -- Add a single 'Valid[_Scalar] check which verifies the initialization
2405 -- of Formal. Prag_Nam denotes the pre or post condition pragma name.
2406 -- Set flag For_Result when to verify the result of a function.
2408 ------------------------
2409 -- Add_Validity_Check --
2410 ------------------------
2412 procedure Add_Validity_Check
2416 is
2418 -- Create a pre/postcondition pragma that tests expression Expr
2420 ------------------------------
2421 -- Build_Pre_Post_Condition --
2422 ------------------------------
2429 begin
2430 Prag :=
2438 -- Add a message unless exception messages are suppressed
2444 Expression =>
2452 -- Insert the pragma in the tree
2458 -- PPC pragmas associated with subprogram bodies must be inserted
2459 -- in the declarative part of the body.
2472 -- For subprogram declarations insert the PPC pragma right after
2473 -- the declarative node.
2475 else
2480 -- Local variables
2487 -- Start of processing for Add_Validity_Check
2489 begin
2490 -- For scalars, generate 'Valid test
2495 -- For any non-scalar with scalar parts, generate 'Valid_Scalars test
2500 -- No test needed for other cases (no scalars to test)
2502 else
2506 -- Step 1: Create the expression to verify the validity of the
2507 -- context.
2511 -- When processing a function result, use 'Result. Generate
2512 -- Context'Result
2515 Check :=
2521 -- Generate:
2522 -- Context['Result]'Valid[_Scalars]
2524 Check :=
2529 -- Step 2: Create a pre or post condition pragma
2534 -- Local variables
2539 -- Start of processing for Apply_Parameter_Validity_Checks
2541 begin
2542 -- Extract the subprogram specification and declaration nodes
2554 -- Do not process formal subprograms because the corresponding actual
2555 -- will receive the proper checks when the instance is analyzed.
2559 -- Do not process imported subprograms since pre and postconditions
2560 -- are never verified on routines coming from a different language.
2565 -- The PPC pragmas generated by this routine do not correspond to
2566 -- source aspects, therefore they cannot be applied to abstract
2567 -- subprograms.
2571 -- Do not consider subprogram renaminds because the renamed entity
2572 -- already has the proper PPC pragmas.
2576 -- Do not process null procedures because there is no benefit of
2577 -- adding the checks to a no action routine.
2581 then
2585 -- Inspect all the formals applying aliasing and scalar initialization
2586 -- checks where applicable.
2591 -- Generate the following scalar initialization checks for each
2592 -- formal parameter:
2594 -- mode IN - Pre => Formal'Valid[_Scalars]
2595 -- mode IN OUT - Pre, Post => Formal'Valid[_Scalars]
2596 -- mode OUT - Post => Formal'Valid[_Scalars]
2611 -- Generate following scalar initialization check for function result:
2613 -- Post => Subp'Result'Valid[_Scalars]
2620 ---------------------------
2621 -- Apply_Predicate_Check --
2622 ---------------------------
2624 procedure Apply_Predicate_Check
2628 is
2631 begin
2644 -- A predicate check does not apply within internally generated
2645 -- subprograms, such as TSS functions.
2650 -- If the check appears within the predicate function itself, it
2651 -- means that the user specified a check whose formal is the
2652 -- predicated subtype itself, rather than some covering type. This
2653 -- is likely to be a common error, and thus deserves a warning.
2656 Error_Msg_NE
2659 Error_Msg_N
2663 Error_Msg_NE
2672 -- Here for normal case of predicate active
2674 else
2675 -- If the type has a static predicate and the expression is known
2676 -- at compile time, see if the expression satisfies the predicate.
2684 -- For an entity of the type, generate a call to the predicate
2685 -- function, unless its type is an actual subtype, which is not
2686 -- visible outside of the enclosing subprogram.
2690 then
2692 Make_Predicate_Check
2695 -- If the expression is not an entity it may have side effects,
2696 -- and the following call will create an object declaration for
2697 -- it. We disable checks during its analysis, to prevent an
2698 -- infinite recursion.
2700 else
2702 Make_Predicate_Check
2709 -----------------------
2710 -- Apply_Range_Check --
2711 -----------------------
2713 procedure Apply_Range_Check
2717 is
2718 begin
2719 Apply_Selected_Range_Checks
2723 ------------------------------
2724 -- Apply_Scalar_Range_Check --
2725 ------------------------------
2727 -- Note that Apply_Scalar_Range_Check never turns the Do_Range_Check flag
2728 -- off if it is already set on.
2730 procedure Apply_Scalar_Range_Check
2735 is
2743 -- Set true if Expr is a subscript
2746 -- Set true if Expr is a subscript of an unconstrained array. In this
2747 -- case we do not attempt to do an analysis of the value against the
2748 -- range of the subscript, since we don't know the actual subtype.
2751 -- Set to True if Expr should be regarded as a real value even though
2752 -- the type of Expr might be discrete.
2755 -- Procedure called if value is determined to be out of range. Warn is
2756 -- True to force a warning instead of an error, even when SPARK_Mode is
2757 -- On.
2759 ---------------
2760 -- Bad_Value --
2761 ---------------
2764 begin
2765 Apply_Compile_Time_Constraint_Error
2772 -- Start of processing for Apply_Scalar_Range_Check
2774 begin
2775 -- Return if check obviously not needed
2777 if
2778 -- Not needed inside generic
2780 Inside_A_Generic
2782 -- Not needed if previous error
2787 -- Not needed for non-scalar type
2791 -- Not needed if we know node raises CE already
2794 then
2798 -- Now, see if checks are suppressed
2800 Is_Subscr_Ref :=
2814 -- Subscript reference. Check for Index_Checks suppressed
2818 -- Check array type and its base type
2822 then
2825 -- Check array itself if it is an entity name
2829 then
2832 -- Check expression itself if it is an entity name
2836 then
2840 -- All other cases, check for Range_Checks suppressed
2842 else
2843 -- Check target type and its base type
2847 then
2850 -- Check expression itself if it is an entity name
2854 then
2857 -- If Expr is part of an assignment statement, then check left
2858 -- side of assignment if it is an entity name.
2863 then
2869 -- Do not set range checks if they are killed
2873 then
2877 -- Do not set range checks for any values from System.Scalar_Values
2878 -- since the whole idea of such values is to avoid checking them.
2882 then
2886 -- Now see if we need a check
2890 else
2898 Is_Unconstrained_Subscr_Ref :=
2901 -- Special checks for floating-point type
2905 -- Always do a range check if the source type includes infinities and
2906 -- the target type does not include infinities. We do not do this if
2907 -- range checks are killed.
2908 -- If the expression is a literal and the bounds of the type are
2909 -- static constants it may be possible to optimize the check.
2913 then
2914 -- If the expression is a literal and the bounds of the type are
2915 -- static constants it may be possible to optimize the check.
2918 declare
2922 begin
2927 then
2929 else
2934 else
2940 -- Return if we know expression is definitely in the range of the target
2941 -- type as determined by Determine_Range. Right now we only do this for
2942 -- discrete types, and not fixed-point or floating-point types.
2944 -- The additional less-precise tests below catch these cases
2946 -- Note: skip this if we are given a source_typ, since the point of
2947 -- supplying a Source_Typ is to stop us looking at the expression.
2948 -- We could sharpen this test to be out parameters only ???
2952 and then not Is_Unconstrained_Subscr_Ref
2954 then
2955 declare
2961 begin
2964 then
2965 declare
2969 begin
2970 -- If range is null, we for sure have a constraint error
2971 -- (we don't even need to look at the value involved,
2972 -- since all possible values will raise CE).
2976 -- When SPARK_Mode is On, force a warning instead of
2977 -- an error in that case, as this likely corresponds
2978 -- to deactivated code.
2982 -- In GNATprove mode, we enable the range check so that
2983 -- GNATprove will issue a message if it cannot be proved.
2992 -- Otherwise determine range of value
2998 -- If definitely in range, all OK
3003 -- If definitely not in range, warn
3006 Bad_Value;
3009 -- Otherwise we don't know
3011 else
3020 Int_Real :=
3024 -- Check if we can determine at compile time whether Expr is in the
3025 -- range of the target type. Note that if S_Typ is within the bounds
3026 -- of Target_Typ then this must be the case. This check is meaningful
3027 -- only if this is not a conversion between integer and real types.
3029 if not Is_Unconstrained_Subscr_Ref
3031 and then
3034 -- Also check if the expression itself is in the range of the
3035 -- target type if it is a known at compile time value. We skip
3036 -- this test if S_Typ is set since for OUT and IN OUT parameters
3037 -- the Expr itself is not relevant to the checking.
3039 or else
3045 then
3052 then
3053 Bad_Value;
3056 -- Floating-point case
3057 -- In the floating-point case, we only do range checks if the type is
3058 -- constrained. We definitely do NOT want range checks for unconstrained
3059 -- types, since we want to have infinities, except when
3060 -- Check_Float_Overflow is set.
3067 -- For all other cases we enable a range check unconditionally
3069 else
3075 ----------------------------------
3076 -- Apply_Selected_Length_Checks --
3077 ----------------------------------
3079 procedure Apply_Selected_Length_Checks
3084 is
3094 begin
3095 -- Only apply checks when generating code
3097 -- Note: this means that we lose some useful warnings if the expander
3098 -- is not active.
3104 R_Result :=
3111 -- A length check may mention an Itype which is attached to a
3112 -- subsequent node. At the top level in a package this can cause
3113 -- an order-of-elaboration problem, so we make sure that the itype
3114 -- is referenced now.
3118 then
3129 -- If the item is a conditional raise of constraint error, then have
3130 -- a look at what check is being performed and ???
3134 then
3137 -- Case where node does not now have a dynamic check
3141 -- If checks are on, just insert the check
3150 -- If checks are off, then analyze the length check after
3151 -- temporarily attaching it to the tree in case the relevant
3152 -- condition can be evaluated at compile time. We still want a
3153 -- compile time warning in this case.
3155 else
3161 -- Output a warning if the condition is known to be True
3165 then
3166 Apply_Compile_Time_Constraint_Error
3168 CE_Length_Check_Failed,
3172 -- If we were only doing a static check, or if checks are not
3173 -- on, then we want to delete the check, since it is not needed.
3174 -- We do this by replacing the if statement by a null statement
3181 else
3187 ---------------------------------
3188 -- Apply_Selected_Range_Checks --
3189 ---------------------------------
3191 procedure Apply_Selected_Range_Checks
3196 is
3200 or else
3207 begin
3208 -- Only apply checks when generating code. In GNATprove mode, we do not
3209 -- apply the checks, but we still call Selected_Range_Checks to possibly
3210 -- issue errors on SPARK code when a run-time error can be detected at
3211 -- compile time.
3219 R_Result :=
3230 -- The range check requires runtime evaluation. Depending on what its
3231 -- triggering condition is, the check may be converted into a compile
3232 -- time constraint check.
3236 then
3239 -- Insert the range check before the related context. Note that
3240 -- this action analyses the triggering condition.
3244 -- This old code doesn't make sense, why is the context flagged as
3245 -- requiring dynamic range checks now in the middle of generating
3246 -- them ???
3252 -- The triggering condition evaluates to True, the range check
3253 -- can be converted into a compile time constraint check.
3257 then
3258 -- Since an N_Range is technically not an expression, we have
3259 -- to set one of the bounds to C_E and then just flag the
3260 -- N_Range. The warning message will point to the lower bound
3261 -- and complain about a range, which seems OK.
3264 Apply_Compile_Time_Constraint_Error
3267 CE_Range_Check_Failed,
3273 else
3274 Apply_Compile_Time_Constraint_Error
3277 CE_Range_Check_Failed,
3282 -- If we were only doing a static check, or if checks are not
3283 -- on, then we want to delete the check, since it is not needed.
3284 -- We do this by replacing the if statement by a null statement
3291 -- The range check raises Constraint_Error explicitly
3293 else
3299 -------------------------------
3300 -- Apply_Static_Length_Check --
3301 -------------------------------
3303 procedure Apply_Static_Length_Check
3307 is
3308 begin
3309 Apply_Selected_Length_Checks
3313 -------------------------------------
3314 -- Apply_Subscript_Validity_Checks --
3315 -------------------------------------
3320 begin
3323 -- Loop through subscripts
3328 -- Check one subscript. Note that we do not worry about enumeration
3329 -- type with holes, since we will convert the value to a Pos value
3330 -- for the subscript, and that convert will do the necessary validity
3331 -- check.
3335 -- Move to next subscript
3341 ----------------------------------
3342 -- Apply_Type_Conversion_Checks --
3343 ----------------------------------
3351 -- Note: if Etype (Expr) is a private type without discriminants, its
3352 -- full view might have discriminants with defaults, so we need the
3353 -- full view here to retrieve the constraints.
3355 begin
3359 -- Skip these checks if serious errors detected, there are some nasty
3360 -- situations of incomplete trees that blow things up.
3365 -- Never generate discriminant checks for Unchecked_Union types
3369 then
3372 -- Scalar type conversions of the form Target_Type (Expr) require a
3373 -- range check if we cannot be sure that Expr is in the base type of
3374 -- Target_Typ and also that Expr is in the range of Target_Typ. These
3375 -- are not quite the same condition from an implementation point of
3376 -- view, but clearly the second includes the first.
3379 declare
3381 -- If the Conversion_OK flag on the type conversion is set and no
3382 -- floating-point type is involved in the type conversion then
3383 -- fixed-point values must be read as integral values.
3389 begin
3392 and then not
3394 and then not Float_To_Int
3395 then
3396 -- A small optimization: the attribute 'Pos applied to an
3397 -- enumeration type has a known range, even though its type is
3398 -- Universal_Integer. So in numeric conversions it is usually
3399 -- within range of the target integer type. Use the static
3400 -- bounds of the base types to check. Disable this optimization
3401 -- in case of a generic formal discrete type, because we don't
3402 -- necessarily know the upper bound yet.
3409 then
3410 declare
3418 begin
3419 -- Character types have no explicit literals, so we use
3420 -- the known number of characters in the type.
3427 then
3430 else
3431 Last_E :=
3432 Enumeration_Pos
3439 else
3444 else
3451 then
3454 else
3455 Apply_Scalar_Range_Check
3458 -- If the target type has predicates, we need to indicate
3459 -- the need for a check, even if Determine_Range finds that
3460 -- the value is within bounds. This may be the case e.g for
3461 -- a division with a constant denominator.
3477 then
3478 -- An unconstrained derived type may have inherited discriminant.
3479 -- Build an actual discriminant constraint list using the stored
3480 -- constraint, to verify that the expression of the parent type
3481 -- satisfies the constraints imposed by the (unconstrained) derived
3482 -- type. This applies to value conversions, not to view conversions
3483 -- of tagged types.
3485 declare
3496 begin
3503 then
3508 then
3509 -- Parent is constrained by new discriminant. Obtain
3510 -- Value of original discriminant in expression. If the
3511 -- new discriminant has been used to constrain more than
3512 -- one of the stored discriminants, this will provide the
3513 -- required consistency check.
3515 Append_Elmt
3517 Prefix =>
3518 Duplicate_Subexpr_No_Checks
3520 Selector_Name =>
3522 New_Constraints);
3524 else
3525 -- Discriminant of more remote ancestor ???
3530 -- Derived type definition has an explicit value for this
3531 -- stored discriminant.
3533 else
3534 Append_Elmt
3536 New_Constraints);
3542 -- Use the unconstrained expression type to retrieve the
3543 -- discriminants of the parent, and apply momentarily the
3544 -- discriminant constraint synthesized above.
3556 -- For arrays, checks are set now, but conversions are applied during
3557 -- expansion, to take into accounts changes of representation. The
3558 -- checks become range checks on the base type or length checks on the
3559 -- subtype, depending on whether the target type is unconstrained or
3560 -- constrained. Note that the range check is put on the expression of a
3561 -- type conversion, while the length check is put on the type conversion
3562 -- itself.
3567 else
3573 ----------------------------------------------
3574 -- Apply_Universal_Integer_Attribute_Checks --
3575 ----------------------------------------------
3581 begin
3585 -- Nothing to do if checks are suppressed
3589 then
3592 -- Nothing to do if the attribute does not come from source. The
3593 -- internal attributes we generate of this type do not need checks,
3594 -- and furthermore the attempt to check them causes some circular
3595 -- elaboration orders when dealing with packed types.
3600 -- If the prefix is a selected component that depends on a discriminant
3601 -- the check may improperly expose a discriminant instead of using
3602 -- the bounds of the object itself. Set the type of the attribute to
3603 -- the base type of the context, so that a check will be imposed when
3604 -- needed (e.g. if the node appears as an index).
3609 then
3612 -- Otherwise, replace the attribute node with a type conversion node
3613 -- whose expression is the attribute, retyped to universal integer, and
3614 -- whose subtype mark is the target type. The call to analyze this
3615 -- conversion will set range and overflow checks as required for proper
3616 -- detection of an out of range value.
3618 else
3632 -------------------------------------
3633 -- Atomic_Synchronization_Disabled --
3634 -------------------------------------
3636 -- Note: internally Disable/Enable_Atomic_Synchronization is implemented
3637 -- using a bogus check called Atomic_Synchronization. This is to make it
3638 -- more convenient to get exactly the same semantics as [Un]Suppress.
3641 begin
3642 -- If debug flag d.e is set, always return False, i.e. all atomic sync
3643 -- looks enabled, since it is never disabled.
3648 -- If debug flag d.d is set then always return True, i.e. all atomic
3649 -- sync looks disabled, since it always tests True.
3654 -- If entity present, then check result for that entity
3659 -- Otherwise result depends on current scope setting
3661 else
3666 -------------------------------
3667 -- Build_Discriminant_Checks --
3668 -------------------------------
3670 function Build_Discriminant_Checks
3673 is
3683 ----------------------------------
3684 -- Aggregate_Discriminant_Value --
3685 ----------------------------------
3690 begin
3691 -- The aggregate has been normalized with named associations. We use
3692 -- the Chars field to locate the discriminant to take into account
3693 -- discriminants in derived types, which carry the same name as those
3694 -- in the parent.
3700 else
3705 -- Discriminant must have been found in the loop above
3710 -- Start of processing for Build_Discriminant_Checks
3712 begin
3713 -- Loop through discriminants evolving the condition
3718 -- For a fully private type, use the discriminants of the parent type
3722 then
3724 else
3733 then
3735 else
3739 -- If we have an Unchecked_Union node, we can infer the discriminants
3740 -- of the node.
3744 Get_Discriminant_Value (
3746 T_Typ,
3750 Dref :=
3751 Duplicate_Subexpr_No_Checks
3754 else
3755 Dref :=
3757 Prefix =>
3776 ------------------
3777 -- Check_Needed --
3778 ------------------
3788 -- Return the relevant expression from the left operand of the given
3789 -- short circuit form: this is LO itself, except if LO is a qualified
3790 -- expression, a type conversion, or an expression with actions, in
3791 -- which case this is Left_Expression (Expression (LO)).
3793 ---------------------
3794 -- Left_Expression --
3795 ---------------------
3799 begin
3801 N_Type_Conversion,
3802 N_Expression_With_Actions)
3803 loop
3810 -- Start of processing for Check_Needed
3812 begin
3813 -- Always check if not simple entity
3817 then
3821 -- Look up tree for short circuit
3824 loop
3828 -- Done if out of subexpression (note that we allow generated stuff
3829 -- such as itype declarations in this context, to keep the loop going
3830 -- since we may well have generated such stuff in complex situations.
3831 -- Also done if no parent (probably an error condition, but no point
3832 -- in behaving nasty if we find it).
3836 then
3839 -- Or/Or Else case, where test is part of the right operand, or is
3840 -- part of one of the actions associated with the right operand, and
3841 -- the left operand is an equality test.
3849 or else
3854 -- Similar test for the And/And then case, where the left operand
3855 -- is an inequality test.
3863 or else
3872 -- If we fall through the loop, then we have a conditional with an
3873 -- appropriate test as its left operand, so look further.
3877 -- L is an "=" or "/=" operator: extract its operands
3882 -- Left operand of test must match original variable
3888 -- Right operand of test must be key value (zero or null)
3899 then
3907 -- Here we have the optimizable case, warn if not short-circuited
3915 Error_Msg_N
3918 else
3919 Error_Msg_N
3926 Error_Msg_N
3929 else
3930 Error_Msg_N
3940 Error_Msg_N -- CODEFIX
3942 else
3943 Error_Msg_N -- CODEFIX
3947 -- If not short-circuited, we need the check
3951 -- If short-circuited, we can omit the check
3953 else
3958 -----------------------------------
3959 -- Check_Valid_Lvalue_Subscripts --
3960 -----------------------------------
3963 begin
3964 -- Skip this if range checks are suppressed
3969 -- Only do this check for expressions that come from source. We assume
3970 -- that expander generated assignments explicitly include any necessary
3971 -- checks. Note that this is not just an optimization, it avoids
3972 -- infinite recursions.
3977 -- For a selected component, check the prefix
3983 -- Case of indexed component
3988 -- Prefix may itself be or contain an indexed component, and these
3989 -- subscripts need checking as well.
3995 ----------------------------------
3996 -- Null_Exclusion_Static_Checks --
3997 ----------------------------------
4006 begin
4007 pragma Assert
4009 N_Discriminant_Specification,
4010 N_Function_Specification,
4011 N_Object_Declaration,
4012 N_Parameter_Specification));
4016 else
4024 else
4046 -- Enforce legality rule 3.10 (13): A null exclusion can only be
4047 -- applied to an access [sub]type.
4050 Error_Msg_N
4053 -- Enforce legality rule RM 3.10(14/1): A null exclusion can only
4054 -- be applied to a [sub]type that does not exclude null already.
4058 then
4059 Error_Msg_NE
4065 -- Check that null-excluding objects are always initialized, except for
4066 -- deferred constants, for which the expression will appear in the full
4067 -- declaration.
4073 then
4074 -- Add an expression that assigns null. This node is needed by
4075 -- Apply_Compile_Time_Constraint_Error, which will replace this with
4076 -- a Constraint_Error node.
4081 Apply_Compile_Time_Constraint_Error
4083 Msg =>
4088 -- Check that a null-excluding component, formal or object is not being
4089 -- assigned a null value. Otherwise generate a warning message and
4090 -- replace Expression (N) by an N_Constraint_Error node.
4097 when N_Component_Declaration
4098 | N_Discriminant_Specification
4099 =>
4100 Apply_Compile_Time_Constraint_Error
4102 Msg =>
4103 "(Ada 2005) null not allowed in null-excluding "
4108 Apply_Compile_Time_Constraint_Error
4110 Msg =>
4111 "(Ada 2005) null not allowed in null-excluding "
4116 Apply_Compile_Time_Constraint_Error
4118 Msg =>
4119 "(Ada 2005) null not allowed in null-excluding "
4130 ----------------------------------
4131 -- Conditional_Statements_Begin --
4132 ----------------------------------
4135 begin
4138 -- If stack overflows, kill all checks, that way we know to simply reset
4139 -- the number of saved checks to zero on return. This should never occur
4140 -- in practice.
4143 Kill_All_Checks;
4145 -- In the normal case, we just make a new stack entry saving the current
4146 -- number of saved checks for a later restore.
4148 else
4153 Num_Saved_Checks);
4158 --------------------------------
4159 -- Conditional_Statements_End --
4160 --------------------------------
4163 begin
4166 -- If the saved checks stack overflowed, then we killed all checks, so
4167 -- setting the number of saved checks back to zero is correct. This
4168 -- should never occur in practice.
4173 -- In the normal case, restore the number of saved checks from the top
4174 -- stack entry.
4176 else
4181 Num_Saved_Checks);
4188 -------------------------
4189 -- Convert_From_Bignum --
4190 -------------------------
4195 begin
4198 -- Construct call From Bignum
4200 return
4202 Name =>
4207 -----------------------
4208 -- Convert_To_Bignum --
4209 -----------------------
4214 begin
4215 -- Nothing to do if Bignum already except call Relocate_Node
4220 -- Otherwise construct call to To_Bignum, converting the operand to the
4221 -- required Long_Long_Integer form.
4223 else
4225 return
4227 Name =>
4234 ---------------------
4235 -- Determine_Range --
4236 ---------------------
4240 -- Determine size of below cache (power of 2 is more efficient)
4248 -- The above arrays are used to implement a small direct cache for
4249 -- Determine_Range and Determine_Range_R calls. Because of the way these
4250 -- subprograms recursively traces subexpressions, and because overflow
4251 -- checking calls the routine on the way up the tree, a quadratic behavior
4252 -- can otherwise be encountered in large expressions. The cache entry for
4253 -- node N is stored in the (N mod Cache_Size) entry, and can be validated
4254 -- by checking the actual node value stored there. The Range_Cache_V array
4255 -- records the setting of Assume_Valid for the cache entry.
4257 procedure Determine_Range
4263 is
4265 -- Type to use, may get reset to base type for possibly invalid entity
4269 -- Lo and Hi bounds of left operand
4273 -- Lo and Hi bounds of right (or only) operand
4276 -- Temp variable used to hold a bound node
4279 -- High bound of base type of expression
4283 -- Refined values for low and high bounds, after tightening
4286 -- Used in lower level calls to indicate if call succeeded
4289 -- Used to search cache
4292 -- Base type
4295 -- Used for binary operators. Determines the ranges of the left and
4296 -- right operands, and if they are both OK, returns True, and puts
4297 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left.
4299 -----------------
4300 -- OK_Operands --
4301 -----------------
4304 begin
4305 Determine_Range
4312 Determine_Range
4317 -- Start of processing for Determine_Range
4319 begin
4320 -- Prevent junk warnings by initializing range variables
4327 -- For temporary constants internally generated to remove side effects
4328 -- we must use the corresponding expression to determine the range of
4329 -- the expression. But note that the expander can also generate
4330 -- constants in other cases, including deferred constants.
4336 then
4338 Determine_Range
4342 Determine_Range
4346 else
4352 -- If type is not defined, we can't determine its range
4356 -- We don't deal with anything except discrete types
4360 -- Ignore type for which an error has been posted, since range in
4361 -- this case may well be a bogosity deriving from the error. Also
4362 -- ignore if error posted on the reference node.
4365 then
4370 -- For all other cases, we can determine the range
4374 -- If value is compile time known, then the possible range is the one
4375 -- value that we know this expression definitely has.
4383 -- Return if already in the cache
4388 and then
4390 then
4396 -- Otherwise, start by finding the bounds of the type of the expression,
4397 -- the value cannot be outside this range (if it is, then we have an
4398 -- overflow situation, which is a separate check, we are talking here
4399 -- only about the expression value).
4401 -- First a check, never try to find the bounds of a generic type, since
4402 -- these bounds are always junk values, and it is only valid to look at
4403 -- the bounds in an instance.
4410 -- First step, change to use base type unless we know the value is valid
4413 or else Assume_No_Invalid_Values
4414 or else Assume_Valid
4415 then
4417 else
4421 -- Retrieve the base type. Handle the case where the base type is a
4422 -- private enumeration type.
4430 -- We use the actual bound unless it is dynamic, in which case use the
4431 -- corresponding base type bound if possible. If we can't get a bound
4432 -- then we figure we can't determine the range (a peculiar case, that
4433 -- perhaps cannot happen, but there is no point in bombing in this
4434 -- optimization circuit.
4436 -- First the low bound
4446 else
4451 -- Now the high bound
4455 -- We need the high bound of the base type later on, and this should
4456 -- always be compile time known. Again, it is not clear that this
4457 -- can ever be false, but no point in bombing.
4463 else
4468 -- If we have a static subtype, then that may have a tighter bound so
4469 -- use the upper bound of the subtype instead in this case.
4475 -- We may be able to refine this value in certain situations. If any
4476 -- refinement is possible, then Lor and Hir are set to possibly tighter
4477 -- bounds, and OK1 is set to True.
4481 -- For unary plus, result is limited by range of operand
4484 Determine_Range
4487 -- For unary minus, determine range of operand, and negate it
4490 Determine_Range
4498 -- For binary addition, get range of each operand and do the
4499 -- addition to get the result range.
4507 -- Division is tricky. The only case we consider is where the right
4508 -- operand is a positive constant, and in this case we simply divide
4509 -- the bounds of the left operand
4515 then
4518 else
4523 -- For binary subtraction, get range of each operand and do the worst
4524 -- case subtraction to get the result range.
4532 -- For MOD, if right operand is a positive constant, then result must
4533 -- be in the allowable range of mod results.
4539 then
4549 else
4554 -- For REM, if right operand is a positive constant, then result must
4555 -- be in the allowable range of mod results.
4560 declare
4563 begin
4564 -- The sign of the result depends on the sign of the
4565 -- dividend (but not on the sign of the divisor, hence
4566 -- the abs operation above).
4570 else
4576 else
4581 else
4586 -- Attribute reference cases
4591 -- For Pos/Val attributes, we can refine the range using the
4592 -- possible range of values of the attribute expression.
4594 when Name_Pos
4595 | Name_Val
4596 =>
4597 Determine_Range
4600 -- For Length attribute, use the bounds of the corresponding
4601 -- index type to refine the range.
4604 declare
4612 begin
4617 -- For string literal, we know exact value
4626 -- Otherwise check for expression given
4630 else
4631 Inum :=
4640 -- If the index type is a formal type or derived from
4641 -- one, the bounds are not static.
4648 Determine_Range
4650 Assume_Valid);
4653 Determine_Range
4655 Assume_Valid);
4659 -- The maximum value for Length is the biggest
4660 -- possible gap between the values of the bounds.
4661 -- But of course, this value cannot be negative.
4665 -- For constrained arrays, the minimum value for
4666 -- Length is taken from the actual value of the
4667 -- bounds, since the index will be exactly of this
4668 -- subtype.
4673 -- For an unconstrained array, the minimum value
4674 -- for length is always zero.
4676 else
4683 -- No special handling for other attributes
4684 -- Probably more opportunities exist here???
4691 -- For type conversion from one discrete type to another, we can
4692 -- refine the range using the converted value.
4697 -- Nothing special to do for all other expression kinds
4705 -- At this stage, if OK1 is true, then we know that the actual result of
4706 -- the computed expression is in the range Lor .. Hir. We can use this
4707 -- to restrict the possible range of results.
4711 -- If the refined value of the low bound is greater than the type
4712 -- low bound, then reset it to the more restrictive value. However,
4713 -- we do NOT do this for the case of a modular type where the
4714 -- possible upper bound on the value is above the base type high
4715 -- bound, because that means the result could wrap.
4719 then
4723 -- Similarly, if the refined value of the high bound is less than the
4724 -- value so far, then reset it to the more restrictive value. Again,
4725 -- we do not do this if the refined low bound is negative for a
4726 -- modular type, since this would wrap.
4730 then
4735 -- Set cache entry for future call and we are all done
4743 -- If any exception occurs, it means that we have some bug in the compiler,
4744 -- possibly triggered by a previous error, or by some unforeseen peculiar
4745 -- occurrence. However, this is only an optimization attempt, so there is
4746 -- really no point in crashing the compiler. Instead we just decide, too
4747 -- bad, we can't figure out a range in this case after all.
4749 exception
4752 -- Debug flag K disables this behavior (useful for debugging)
4756 else
4764 -----------------------
4765 -- Determine_Range_R --
4766 -----------------------
4768 procedure Determine_Range_R
4774 is
4776 -- Type to use, may get reset to base type for possibly invalid entity
4780 -- Lo and Hi bounds of left operand
4784 -- Lo and Hi bounds of right (or only) operand
4787 -- Temp variable used to hold a bound node
4790 -- High bound of base type of expression
4794 -- Refined values for low and high bounds, after tightening
4797 -- Used in lower level calls to indicate if call succeeded
4800 -- Used to search cache
4803 -- Base type
4806 -- Used for binary operators. Determines the ranges of the left and
4807 -- right operands, and if they are both OK, returns True, and puts
4808 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left.
4811 -- B is a real bound. Round it using mode Round_Even.
4813 -----------------
4814 -- OK_Operands --
4815 -----------------
4818 begin
4819 Determine_Range_R
4826 Determine_Range_R
4831 -------------------
4832 -- Round_Machine --
4833 -------------------
4836 begin
4840 -- Start of processing for Determine_Range_R
4842 begin
4843 -- Prevent junk warnings by initializing range variables
4850 -- For temporary constants internally generated to remove side effects
4851 -- we must use the corresponding expression to determine the range of
4852 -- the expression. But note that the expander can also generate
4853 -- constants in other cases, including deferred constants.
4859 then
4861 Determine_Range_R
4865 Determine_Range_R
4869 else
4876 -- If type is not defined, we can't determine its range
4880 -- We don't deal with anything except IEEE floating-point types
4885 -- Ignore type for which an error has been posted, since range in
4886 -- this case may well be a bogosity deriving from the error. Also
4887 -- ignore if error posted on the reference node.
4890 then
4895 -- For all other cases, we can determine the range
4899 -- If value is compile time known, then the possible range is the one
4900 -- value that we know this expression definitely has.
4908 -- Return if already in the cache
4913 and then
4915 then
4921 -- Otherwise, start by finding the bounds of the type of the expression,
4922 -- the value cannot be outside this range (if it is, then we have an
4923 -- overflow situation, which is a separate check, we are talking here
4924 -- only about the expression value).
4926 -- First a check, never try to find the bounds of a generic type, since
4927 -- these bounds are always junk values, and it is only valid to look at
4928 -- the bounds in an instance.
4935 -- First step, change to use base type unless we know the value is valid
4938 or else Assume_No_Invalid_Values
4939 or else Assume_Valid
4940 then
4942 else
4946 -- Retrieve the base type. Handle the case where the base type is a
4947 -- private type.
4955 -- We use the actual bound unless it is dynamic, in which case use the
4956 -- corresponding base type bound if possible. If we can't get a bound
4957 -- then we figure we can't determine the range (a peculiar case, that
4958 -- perhaps cannot happen, but there is no point in bombing in this
4959 -- optimization circuit).
4961 -- First the low bound
4971 else
4976 -- Now the high bound
4980 -- We need the high bound of the base type later on, and this should
4981 -- always be compile time known. Again, it is not clear that this
4982 -- can ever be false, but no point in bombing.
4988 else
4993 -- If we have a static subtype, then that may have a tighter bound so
4994 -- use the upper bound of the subtype instead in this case.
5000 -- We may be able to refine this value in certain situations. If any
5001 -- refinement is possible, then Lor and Hir are set to possibly tighter
5002 -- bounds, and OK1 is set to True.
5006 -- For unary plus, result is limited by range of operand
5009 Determine_Range_R
5012 -- For unary minus, determine range of operand, and negate it
5015 Determine_Range_R
5023 -- For binary addition, get range of each operand and do the
5024 -- addition to get the result range.
5032 -- For binary subtraction, get range of each operand and do the worst
5033 -- case subtraction to get the result range.
5041 -- For multiplication, get range of each operand and do the
5042 -- four multiplications to get the result range.
5046 declare
5051 begin
5057 -- For division, consider separately the cases where the right
5058 -- operand is positive or negative. Otherwise, the right operand
5059 -- can be arbitrarily close to zero, so the result is likely to
5060 -- be unbounded in one direction, do not attempt to compute it.
5065 -- Right operand is positive
5069 -- If the low bound of the left operand is negative, obtain
5070 -- the overall low bound by dividing it by the smallest
5071 -- value of the right operand, and otherwise by the largest
5072 -- value of the right operand.
5076 else
5080 -- If the high bound of the left operand is negative, obtain
5081 -- the overall high bound by dividing it by the largest
5082 -- value of the right operand, and otherwise by the
5083 -- smallest value of the right operand.
5087 else
5091 -- Right operand is negative
5095 -- If the low bound of the left operand is negative, obtain
5096 -- the overall low bound by dividing it by the largest
5097 -- value of the right operand, and otherwise by the smallest
5098 -- value of the right operand.
5102 else
5106 -- If the high bound of the left operand is negative, obtain
5107 -- the overall high bound by dividing it by the smallest
5108 -- value of the right operand, and otherwise by the
5109 -- largest value of the right operand.
5113 else
5117 else
5122 -- For type conversion from one floating-point type to another, we
5123 -- can refine the range using the converted value.
5128 -- Nothing special to do for all other expression kinds
5136 -- At this stage, if OK1 is true, then we know that the actual result of
5137 -- the computed expression is in the range Lor .. Hir. We can use this
5138 -- to restrict the possible range of results.
5142 -- If the refined value of the low bound is greater than the type
5143 -- low bound, then reset it to the more restrictive value.
5149 -- Similarly, if the refined value of the high bound is less than the
5150 -- value so far, then reset it to the more restrictive value.
5157 -- Set cache entry for future call and we are all done
5165 -- If any exception occurs, it means that we have some bug in the compiler,
5166 -- possibly triggered by a previous error, or by some unforeseen peculiar
5167 -- occurrence. However, this is only an optimization attempt, so there is
5168 -- really no point in crashing the compiler. Instead we just decide, too
5169 -- bad, we can't figure out a range in this case after all.
5171 exception
5174 -- Debug flag K disables this behavior (useful for debugging)
5178 else
5186 ------------------------------------
5187 -- Discriminant_Checks_Suppressed --
5188 ------------------------------------
5191 begin
5203 --------------------------------
5204 -- Division_Checks_Suppressed --
5205 --------------------------------
5208 begin
5211 else
5216 --------------------------------------
5217 -- Duplicated_Tag_Checks_Suppressed --
5218 --------------------------------------
5221 begin
5224 else
5229 -----------------------------------
5230 -- Elaboration_Checks_Suppressed --
5231 -----------------------------------
5234 begin
5235 -- The complication in this routine is that if we are in the dynamic
5236 -- model of elaboration, we also check All_Checks, since All_Checks
5237 -- does not set Elaboration_Check explicitly.
5248 else
5258 else
5263 ---------------------------
5264 -- Enable_Overflow_Check --
5265 ---------------------------
5279 begin
5287 -- No check if overflow checks suppressed for type of node
5292 -- Nothing to do for unsigned integer types, which do not overflow
5298 -- This is the point at which processing for STRICT mode diverges
5299 -- from processing for MINIMIZED/ELIMINATED modes. This divergence is
5300 -- probably more extreme that it needs to be, but what is going on here
5301 -- is that when we introduced MINIMIZED/ELIMINATED modes, we wanted
5302 -- to leave the processing for STRICT mode untouched. There were
5303 -- two reasons for this. First it avoided any incompatible change of
5304 -- behavior. Second, it guaranteed that STRICT mode continued to be
5305 -- legacy reliable.
5307 -- The big difference is that in STRICT mode there is a fair amount of
5308 -- circuitry to try to avoid setting the Do_Overflow_Check flag if we
5309 -- know that no check is needed. We skip all that in the two new modes,
5310 -- since really overflow checking happens over a whole subtree, and we
5311 -- do the corresponding optimizations later on when applying the checks.
5317 then
5328 -- Remainder of processing is for STRICT case, and is unchanged from
5329 -- earlier versions preceding the addition of MINIMIZED/ELIMINATED.
5331 -- Nothing to do if the range of the result is known OK. We skip this
5332 -- for conversions, since the caller already did the check, and in any
5333 -- case the condition for deleting the check for a type conversion is
5334 -- different.
5339 -- Note in the test below that we assume that the range is not OK
5340 -- if a bound of the range is equal to that of the type. That's not
5341 -- quite accurate but we do this for the following reasons:
5343 -- a) The way that Determine_Range works, it will typically report
5344 -- the bounds of the value as being equal to the bounds of the
5345 -- type, because it either can't tell anything more precise, or
5346 -- does not think it is worth the effort to be more precise.
5348 -- b) It is very unusual to have a situation in which this would
5349 -- generate an unnecessary overflow check (an example would be
5350 -- a subtype with a range 0 .. Integer'Last - 1 to which the
5351 -- literal value one is added).
5353 -- c) The alternative is a lot of special casing in this routine
5354 -- which would partially duplicate Determine_Range processing.
5359 -- Note that the following checks are quite deliberately > and <
5360 -- rather than >= and <= as explained above.
5363 and then
5365 then
5368 -- Despite the comments above, it is worth dealing specially with
5369 -- division specially. The only case where integer division can
5370 -- overflow is (largest negative number) / (-1). So we will do
5371 -- an extra range analysis to see if this is possible.
5374 Determine_Range
5380 else
5381 Determine_Range
5385 or else
5387 then
5393 -- If no overflow check required, we are done
5405 -- If not in optimizing mode, set flag and we are done. We are also done
5406 -- (and just set the flag) if the type is not a discrete type, since it
5407 -- is not worth the effort to eliminate checks for other than discrete
5408 -- types. In addition, we take this same path if we have stored the
5409 -- maximum number of checks possible already (a very unlikely situation,
5410 -- but we do not want to blow up).
5415 then
5425 -- Otherwise evaluate and check the expression
5427 Find_Check
5448 -- If check is not of form to optimize, then set flag and we are done
5455 -- If check is already performed, then return without setting flag
5465 -- Here we will make a new entry for the new check
5485 -- If we get an exception, then something went wrong, probably because of
5486 -- an error in the structure of the tree due to an incorrect program. Or
5487 -- it may be a bug in the optimization circuit. In either case the safest
5488 -- thing is simply to set the check flag unconditionally.
5490 exception
5501 ------------------------
5502 -- Enable_Range_Check --
5503 ------------------------
5513 begin
5514 -- Return if unchecked type conversion with range check killed. In this
5515 -- case we never set the flag (that's what Kill_Range_Check is about).
5519 then
5523 -- Do not set range check flag if parent is assignment statement or
5524 -- object declaration with Suppress_Assignment_Checks flag set
5528 then
5532 -- Check for various cases where we should suppress the range check
5534 -- No check if range checks suppressed for type of node
5539 -- No check if node is an entity name, and range checks are suppressed
5540 -- for this entity, or for the type of this entity.
5545 then
5548 -- No checks if index of array, and index checks are suppressed for
5549 -- the array object or the type of the array.
5552 declare
5554 begin
5557 then
5565 -- Debug trace output
5574 -- If not in optimizing mode, set flag and we are done. We are also done
5575 -- (and just set the flag) if the type is not a discrete type, since it
5576 -- is not worth the effort to eliminate checks for other than discrete
5577 -- types. In addition, we take this same path if we have stored the
5578 -- maximum number of checks possible already (a very unlikely situation,
5579 -- but we do not want to blow up).
5585 then
5595 -- Otherwise find out the target type
5599 -- For assignment, use left side subtype
5603 then
5606 -- For indexed component, use subscript subtype
5609 declare
5614 begin
5620 -- If the prefix is an access to an unconstrained array,
5621 -- perform check unconditionally: it depends on the bounds of
5622 -- an object and we cannot currently recognize whether the test
5623 -- may be redundant.
5630 -- Ditto if prefix is simply an unconstrained array. We used
5631 -- to think this case was OK, if the prefix was not an explicit
5632 -- dereference, but we have now seen a case where this is not
5633 -- true, so it is safer to just suppress the optimization in this
5634 -- case. The back end is getting better at eliminating redundant
5635 -- checks in any case, so the loss won't be important.
5639 then
5646 loop
5657 -- For now, ignore all other cases, they are not so interesting
5659 else
5668 -- Evaluate and check the expression
5670 Find_Check
5692 -- If check is not of form to optimize, then set flag and we are done
5703 -- If check is already performed, then return without setting flag
5713 -- Here we will make a new entry for the new check
5734 -- If we get an exception, then something went wrong, probably because of
5735 -- an error in the structure of the tree due to an incorrect program. Or
5736 -- it may be a bug in the optimization circuit. In either case the safest
5737 -- thing is simply to set the check flag unconditionally.
5739 exception
5750 ------------------
5751 -- Ensure_Valid --
5752 ------------------
5754 procedure Ensure_Valid
5760 is
5763 begin
5764 -- Ignore call if we are not doing any validity checking
5769 -- Ignore call if range or validity checks suppressed on entity or type
5774 -- No check required if expression is from the expander, we assume the
5775 -- expander will generate whatever checks are needed. Note that this is
5776 -- not just an optimization, it avoids infinite recursions.
5778 -- Unchecked conversions must be checked, unless they are initialized
5779 -- scalar values, as in a component assignment in an init proc.
5781 -- In addition, we force a check if Force_Validity_Checks is set
5784 and then not Force_Validity_Checks
5787 then
5790 -- No check required if expression is known to have valid value
5795 -- No check needed within a generated predicate function. Validity
5796 -- of input value will have been checked earlier.
5800 then
5803 -- Ignore case of enumeration with holes where the flag is set not to
5804 -- worry about holes, since no special validity check is needed
5808 and then Holes_OK
5809 then
5812 -- No check required on the left-hand side of an assignment
5816 then
5819 -- No check on a universal real constant. The context will eventually
5820 -- convert it to a machine number for some target type, or report an
5821 -- illegality.
5825 then
5828 -- If the expression denotes a component of a packed boolean array,
5829 -- no possible check applies. We ignore the old ACATS chestnuts that
5830 -- involve Boolean range True..True.
5832 -- Note: validity checks are generated for expressions that yield a
5833 -- scalar type, when it is possible to create a value that is outside of
5834 -- the type. If this is a one-bit boolean no such value exists. This is
5835 -- an optimization, and it also prevents compiler blowing up during the
5836 -- elaboration of improperly expanded packed array references.
5841 then
5844 -- For an expression with actions, we want to insert the validity check
5845 -- on the final Expression.
5851 -- An annoying special case. If this is an out parameter of a scalar
5852 -- type, then the value is not going to be accessed, therefore it is
5853 -- inappropriate to do any validity check at the call site.
5855 else
5856 -- Only need to worry about scalar types
5859 declare
5867 begin
5868 -- Find actual argument (which may be a parameter association)
5869 -- and the parent of the actual argument (the call statement)
5879 -- Only need to worry if we are argument of a procedure call
5880 -- since functions don't have out parameters. If this is an
5881 -- indirect or dispatching call, get signature from the
5882 -- subprogram type.
5889 else
5894 -- Only need to worry if there are indeed actuals, and if
5895 -- this could be a procedure call, otherwise we cannot get a
5896 -- match (either we are not an argument, or the mode of the
5897 -- formal is not OUT). This test also filters out the
5898 -- generic case.
5902 -- This is the loop through parameters, looking for an
5903 -- OUT parameter for which we are the argument.
5921 -- If this is a boolean expression, only its elementary operands need
5922 -- checking: if they are valid, a boolean or short-circuit operation
5923 -- with them will be valid as well.
5926 and then
5928 then
5932 -- If we fall through, a validity check is required
5938 then
5943 ----------------------
5944 -- Expr_Known_Valid --
5945 ----------------------
5950 begin
5951 -- Non-scalar types are always considered valid, since they never give
5952 -- rise to the issues of erroneous or bounded error behavior that are
5953 -- the concern. In formal reference manual terms the notion of validity
5954 -- only applies to scalar types. Note that even when packed arrays are
5955 -- represented using modular types, they are still arrays semantically,
5956 -- so they are also always valid (in particular, the unused bits can be
5957 -- random rubbish without affecting the validity of the array value).
5962 -- If no validity checking, then everything is considered valid
5967 -- Floating-point types are considered valid unless floating-point
5968 -- validity checks have been specifically turned on.
5971 and then not Validity_Check_Floating_Point
5972 then
5975 -- If the expression is the value of an object that is known to be
5976 -- valid, then clearly the expression value itself is valid.
5981 -- Exclude volatile variables
5984 then
5987 -- References to discriminants are always considered valid. The value
5988 -- of a discriminant gets checked when the object is built. Within the
5989 -- record, we consider it valid, and it is important to do so, since
5990 -- otherwise we can try to generate bogus validity checks which
5991 -- reference discriminants out of scope. Discriminants of concurrent
5992 -- types are excluded for the same reason.
5996 then
5999 -- If the type is one for which all values are known valid, then we are
6000 -- sure that the value is valid except in the slightly odd case where
6001 -- the expression is a reference to a variable whose size has been
6002 -- explicitly set to a value greater than the object size.
6008 then
6010 else
6014 -- Integer and character literals always have valid values, where
6015 -- appropriate these will be range checked in any case.
6020 -- If we have a type conversion or a qualification of a known valid
6021 -- value, then the result will always be valid.
6026 -- Case of expression is a non-floating-point operator. In this case we
6027 -- can assume the result is valid the generated code for the operator
6028 -- will include whatever checks are needed (e.g. range checks) to ensure
6029 -- validity. This assumption does not hold for the floating-point case,
6030 -- since floating-point operators can generate Infinite or NaN results
6031 -- which are considered invalid.
6033 -- Historical note: in older versions, the exemption of floating-point
6034 -- types from this assumption was done only in cases where the parent
6035 -- was an assignment, function call or parameter association. Presumably
6036 -- the idea was that in other contexts, the result would be checked
6037 -- elsewhere, but this list of cases was missing tests (at least the
6038 -- N_Object_Declaration case, as shown by a reported missing validity
6039 -- check), and it is not clear why function calls but not procedure
6040 -- calls were tested for. It really seems more accurate and much
6041 -- safer to recognize that expressions which are the result of a
6042 -- floating-point operator can never be assumed to be valid.
6047 -- The result of a membership test is always valid, since it is true or
6048 -- false, there are no other possibilities.
6053 -- For all other cases, we do not know the expression is valid
6055 else
6060 ----------------
6061 -- Find_Check --
6062 ----------------
6064 procedure Find_Check
6072 is
6073 function Within_Range_Of
6076 -- Given a requirement for checking a range against Target_Type, and
6077 -- and a range Check_Type against which a check has already been made,
6078 -- determines if the check against check type is sufficient to ensure
6079 -- that no check against Target_Type is required.
6081 ---------------------
6082 -- Within_Range_Of --
6083 ---------------------
6085 function Within_Range_Of
6088 is
6089 begin
6093 else
6094 declare
6100 begin
6103 and then
6105 and then
6107 and then
6110 and then
6112 and then
6114 then
6116 else
6123 -- Start of processing for Find_Check
6125 begin
6126 -- Establish default, in case no entry is found
6130 -- Case of expression is simple entity reference
6136 -- Case of expression is entity + known constant
6141 then
6145 -- Case of expression is entity - known constant
6150 then
6154 -- Any other expression is not of the right form
6156 else
6163 -- Come here with expression of appropriate form, check if entity is an
6164 -- appropriate one for our purposes.
6169 then
6171 else
6176 -- See if there is matching check already
6179 declare
6181 begin
6187 then
6194 -- If we fall through entry was not found
6199 ---------------------------------
6200 -- Generate_Discriminant_Check --
6201 ---------------------------------
6203 -- Note: the code for this procedure is derived from the
6204 -- Emit_Discriminant_Check Routine in trans.c.
6213 -- The original component to be checked
6217 -- The discriminant checking function
6220 -- One discriminant to be checked in the type
6223 -- Actual discriminant in the call
6226 -- Type of relevant prefix (ignoring private/access stuff)
6229 -- List of arguments for function call
6232 -- Keep track of the formal corresponding to the actual we build for
6233 -- each discriminant, in order to be able to perform the necessary type
6234 -- conversions.
6237 -- Selected component reference for checking function argument
6239 begin
6242 -- Force evaluation of the prefix, so that it does not get evaluated
6243 -- twice (once for the check, once for the actual reference). Such a
6244 -- double evaluation is always a potential source of inefficiency, and
6245 -- is functionally incorrect in the volatile case, or when the prefix
6246 -- may have side effects. A nonvolatile entity or a component of a
6247 -- nonvolatile entity requires no evaluation.
6259 then
6262 else
6266 -- For a tagged type, use the scope of the original component to
6267 -- obtain the type, because ???
6272 -- For an untagged derived type, use the discriminants of the parent
6273 -- which have been renamed in the derivation, possibly by a one-to-many
6274 -- discriminant constraint. For untagged type, initially get the Etype
6275 -- of the prefix
6277 else
6281 then
6286 -- We definitely should have a checking function, This routine should
6287 -- not be called if no discriminant checking function is present.
6291 -- Create the list of the actual parameters for the call. This list
6292 -- is the list of the discriminant fields of the record expression to
6293 -- be discriminant checked.
6300 -- If we have a corresponding discriminant field, and a parent
6301 -- subtype is present, then we want to use the corresponding
6302 -- discriminant since this is the one with the useful value.
6307 then
6309 else
6313 -- Construct the reference to the discriminant
6315 Scomp :=
6317 Prefix =>
6322 -- Manually analyze and resolve this selected component. We really
6323 -- want it just as it appears above, and do not want the expander
6324 -- playing discriminal games etc with this reference. Then we append
6325 -- the argument to the list we are gathering.
6335 -- Now build and insert the call
6339 Condition =>
6346 ---------------------------
6347 -- Generate_Index_Checks --
6348 ---------------------------
6353 -- Returns the entity of the prefix of N (or Empty if not found)
6355 ----------------------
6356 -- Entity_Of_Prefix --
6357 ----------------------
6362 begin
6366 N_Indexed_Component)
6367 then
6377 -- Local variables
6384 -- Start of processing for Generate_Index_Checks
6386 begin
6387 -- Ignore call if the prefix is not an array since we have a serious
6388 -- error in the sources. Ignore it also if index checks are suppressed
6389 -- for array object or type.
6394 then
6397 -- The indexed component we are dealing with contains 'Loop_Entry in its
6398 -- prefix. This case arises when analysis has determined that constructs
6399 -- such as
6401 -- Prefix'Loop_Entry (Expr)
6402 -- Prefix'Loop_Entry (Expr1, Expr2, ... ExprN)
6404 -- require rewriting for error detection purposes. A side effect of this
6405 -- action is the generation of index checks that mention 'Loop_Entry.
6406 -- Delay the generation of the check until 'Loop_Entry has been properly
6407 -- expanded. This is done in Expand_Loop_Entry_Attributes.
6411 then
6415 -- Generate a raise of constraint error with the appropriate reason and
6416 -- a condition of the form:
6418 -- Base_Type (Sub) not in Array'Range (Subscript)
6420 -- Note that the reason we generate the conversion to the base type here
6421 -- is that we definitely want the range check to take place, even if it
6422 -- looks like the subtype is OK. Optimization considerations that allow
6423 -- us to omit the check have already been taken into account in the
6424 -- setting of the Do_Range_Check flag earlier on.
6428 -- Handle string literals
6434 -- For string literals we obtain the bounds of the string from the
6435 -- associated subtype.
6439 Condition =>
6441 Left_Opnd =>
6444 Right_Opnd =>
6451 -- General case
6453 else
6454 declare
6461 begin
6468 -- Force evaluation except for the case of a simple name of
6469 -- a nonvolatile entity.
6473 then
6482 then
6489 -- For array objects with constant bounds we can generate
6490 -- the index check using the bounds of the type of the index
6496 then
6497 Range_N :=
6499 Prefix =>
6503 -- For arrays with non-constant bounds we cannot generate
6504 -- the index check using the bounds of the type of the index
6505 -- since it may reference discriminants of some enclosing
6506 -- type. We obtain the bounds directly from the prefix
6507 -- object.
6509 else
6512 else
6516 Range_N :=
6518 Prefix =>
6526 Condition =>
6528 Left_Opnd =>
6543 --------------------------
6544 -- Generate_Range_Check --
6545 --------------------------
6547 procedure Generate_Range_Check
6551 is
6558 -- Convert the conversion operand to the target base type and save in
6559 -- a temporary. Then check the converted value against the range of the
6560 -- target subtype.
6562 -----------------------------
6563 -- Convert_And_Check_Range --
6564 -----------------------------
6569 begin
6570 -- We make a temporary to hold the value of the converted value
6571 -- (converted to the base type), and then do the test against this
6572 -- temporary. The conversion itself is replaced by an occurrence of
6573 -- Tnn and followed by the explicit range check. Note that checks
6574 -- are suppressed for this code, since we don't want a recursive
6575 -- range check popping up.
6577 -- Tnn : constant Target_Base_Type := Target_Base_Type (N);
6578 -- [constraint_error when Tnn not in Target_Type]
6585 Expression =>
6591 Condition =>
6600 -- Set the type of N, because the declaration for Tnn might not
6601 -- be analyzed yet, as is the case if N appears within a record
6602 -- declaration, as a discriminant constraint or expression.
6607 -- Start of processing for Generate_Range_Check
6609 begin
6610 -- First special case, if the source type is already within the range
6611 -- of the target type, then no check is needed (probably we should have
6612 -- stopped Do_Range_Check from being set in the first place, but better
6613 -- late than never in preventing junk code and junk flag settings.
6617 -- We do NOT apply this if the source node is a literal, since in this
6618 -- case the literal has already been labeled as having the subtype of
6619 -- the target.
6621 and then not
6623 or else
6626 then
6631 -- Here a check is needed. If the expander is not active, or if we are
6632 -- in GNATProve mode, then simply set the Do_Range_Check flag and we
6633 -- are done. In both these cases, we just want to see the range check
6634 -- flag set, we do not want to generate the explicit range check code.
6641 -- Here we will generate an explicit range check, so we don't want to
6642 -- set the Do_Range check flag, since the range check is taken care of
6643 -- by the code we will generate.
6647 -- Force evaluation of the node, so that it does not get evaluated twice
6648 -- (once for the check, once for the actual reference). Such a double
6649 -- evaluation is always a potential source of inefficiency, and is
6650 -- functionally incorrect in the volatile case.
6656 -- The easiest case is when Source_Base_Type and Target_Base_Type are
6657 -- the same since in this case we can simply do a direct check of the
6658 -- value of N against the bounds of Target_Type.
6660 -- [constraint_error when N not in Target_Type]
6662 -- Note: this is by far the most common case, for example all cases of
6663 -- checks on the RHS of assignments are in this category, but not all
6664 -- cases are like this. Notably conversions can involve two types.
6668 -- Insert the explicit range check. Note that we suppress checks for
6669 -- this code, since we don't want a recursive range check popping up.
6673 Condition =>
6680 -- Next test for the case where the target type is within the bounds
6681 -- of the base type of the source type, since in this case we can
6682 -- simply convert these bounds to the base type of T to do the test.
6684 -- [constraint_error when N not in
6685 -- Source_Base_Type (Target_Type'First)
6686 -- ..
6687 -- Source_Base_Type(Target_Type'Last))]
6689 -- The conversions will always work and need no check
6691 -- Unchecked_Convert_To is used instead of Convert_To to handle the case
6692 -- of converting from an enumeration value to an integer type, such as
6693 -- occurs for the case of generating a range check on Enum'Val(Exp)
6694 -- (which used to be handled by gigi). This is OK, since the conversion
6695 -- itself does not require a check.
6699 -- Insert the explicit range check. Note that we suppress checks for
6700 -- this code, since we don't want a recursive range check popping up.
6703 and then
6705 then
6708 Condition =>
6712 Right_Opnd =>
6714 Low_Bound =>
6717 Prefix =>
6721 High_Bound =>
6724 Prefix =>
6730 -- For conversions involving at least one type that is not discrete,
6731 -- first convert to target type and then generate the range check.
6732 -- This avoids problems with values that are close to a bound of the
6733 -- target type that would fail a range check when done in a larger
6734 -- source type before converting but would pass if converted with
6735 -- rounding and then checked (such as in float-to-float conversions).
6737 else
6738 Convert_And_Check_Range;
6741 -- Note that at this stage we now that the Target_Base_Type is not in
6742 -- the range of the Source_Base_Type (since even the Target_Type itself
6743 -- is not in this range). It could still be the case that Source_Type is
6744 -- in range of the target base type since we have not checked that case.
6746 -- If that is the case, we can freely convert the source to the target,
6747 -- and then test the target result against the bounds.
6750 Convert_And_Check_Range;
6752 -- At this stage, we know that we have two scalar types, which are
6753 -- directly convertible, and where neither scalar type has a base
6754 -- range that is in the range of the other scalar type.
6756 -- The only way this can happen is with a signed and unsigned type.
6757 -- So test for these two cases:
6759 else
6760 -- Case of the source is unsigned and the target is signed
6764 then
6765 -- If the source is unsigned and the target is signed, then we
6766 -- know that the source is not shorter than the target (otherwise
6767 -- the source base type would be in the target base type range).
6769 -- In other words, the unsigned type is either the same size as
6770 -- the target, or it is larger. It cannot be smaller.
6772 pragma Assert
6775 -- We only need to check the low bound if the low bound of the
6776 -- target type is non-negative. If the low bound of the target
6777 -- type is negative, then we know that we will fit fine.
6779 -- If the high bound of the target type is negative, then we
6780 -- know we have a constraint error, since we can't possibly
6781 -- have a negative source.
6783 -- With these two checks out of the way, we can do the check
6784 -- using the source type safely
6786 -- This is definitely the most annoying case.
6788 -- [constraint_error
6789 -- when (Target_Type'First >= 0
6790 -- and then
6791 -- N < Source_Base_Type (Target_Type'First))
6792 -- or else Target_Type'Last < 0
6793 -- or else N > Source_Base_Type (Target_Type'Last)];
6795 -- We turn off all checks since we know that the conversions
6796 -- will work fine, given the guards for negative values.
6800 Condition =>
6803 Left_Opnd =>
6806 Left_Opnd =>
6808 Prefix =>
6813 Right_Opnd =>
6816 Right_Opnd =>
6819 Prefix =>
6823 Right_Opnd =>
6825 Left_Opnd =>
6831 Right_Opnd =>
6834 Right_Opnd =>
6843 -- Only remaining possibility is that the source is signed and
6844 -- the target is unsigned.
6846 else
6850 -- If the source is signed and the target is unsigned, then we
6851 -- know that the target is not shorter than the source (otherwise
6852 -- the target base type would be in the source base type range).
6854 -- In other words, the unsigned type is either the same size as
6855 -- the target, or it is larger. It cannot be smaller.
6857 -- Clearly we have an error if the source value is negative since
6858 -- no unsigned type can have negative values. If the source type
6859 -- is non-negative, then the check can be done using the target
6860 -- type.
6862 -- Tnn : constant Target_Base_Type (N) := Target_Type;
6864 -- [constraint_error
6865 -- when N < 0 or else Tnn not in Target_Type];
6867 -- We turn off all checks for the conversion of N to the target
6868 -- base type, since we generate the explicit check to ensure that
6869 -- the value is non-negative
6871 declare
6874 begin
6878 Object_Definition =>
6881 Expression =>
6883 Subtype_Mark =>
6888 Condition =>
6890 Left_Opnd =>
6895 Right_Opnd =>
6898 Right_Opnd =>
6904 -- Set the Etype explicitly, because Insert_Actions may have
6905 -- placed the declaration in the freeze list for an enclosing
6906 -- construct, and thus it is not analyzed yet.
6915 ------------------
6916 -- Get_Check_Id --
6917 ------------------
6920 begin
6921 -- For standard check name, we can do a direct computation
6926 -- For non-standard names added by pragma Check_Name, search table
6928 else
6936 -- No matching name found
6941 ---------------------
6942 -- Get_Discriminal --
6943 ---------------------
6950 begin
6951 -- The bound can be a bona fide parameter of a protected operation,
6952 -- rather than a prival encoded as an in-parameter.
6958 -- Climb the scope stack looking for an enclosing protected type. If
6959 -- we run out of scopes, return the bound itself.
6984 ----------------------
6985 -- Get_Range_Checks --
6986 ----------------------
6988 function Get_Range_Checks
6993 is
6994 begin
6995 return
6999 ------------------
7000 -- Guard_Access --
7001 ------------------
7003 function Guard_Access
7007 is
7008 begin
7016 else
7017 return
7019 Left_Opnd =>
7027 -----------------------------
7028 -- Index_Checks_Suppressed --
7029 -----------------------------
7032 begin
7035 else
7040 ----------------
7041 -- Initialize --
7042 ----------------
7045 begin
7057 -------------------------
7058 -- Insert_Range_Checks --
7059 -------------------------
7061 procedure Insert_Range_Checks
7068 is
7077 begin
7078 -- For now we just return if Checks_On is false, however this should be
7079 -- enhanced to check for an always True value in the condition and to
7080 -- generate a compilation warning???
7099 then
7106 else
7113 else
7114 Check_Node :=
7121 else
7128 ------------------------
7129 -- Insert_Valid_Check --
7130 ------------------------
7132 procedure Insert_Valid_Check
7137 is
7142 begin
7143 -- Do not insert if checks off, or if not checking validity or if
7144 -- expression is known to be valid.
7146 if not Validity_Checks_On
7149 then
7153 -- Do not insert checks within a predicate function. This will arise
7154 -- if the current unit and the predicate function are being compiled
7155 -- with validity checks enabled.
7159 then
7163 -- If the expression is a packed component of a modular type of the
7164 -- right size, the data is always valid.
7170 then
7174 -- If we have a checked conversion, then validity check applies to
7175 -- the expression inside the conversion, not the result, since if
7176 -- the expression inside is valid, then so is the conversion result.
7183 -- We are about to insert the validity check for Exp. We save and
7184 -- reset the Do_Range_Check flag over this validity check, and then
7185 -- put it back for the final original reference (Exp may be rewritten).
7187 declare
7192 begin
7195 -- Force evaluation to avoid multiple reads for atomic/volatile
7197 -- Note: we set Name_Req to False. We used to set it to True, with
7198 -- the thinking that a name is required as the prefix of the 'Valid
7199 -- call, but in fact the check that the prefix of an attribute is
7200 -- a name is in the parser, and we just don't require it here.
7201 -- Moreover, when we set Name_Req to True, that interfered with the
7202 -- checking for Volatile, since we couldn't just capture the value.
7206 then
7207 -- Same reasoning as above for setting Name_Req to False
7212 -- Build the prefix for the 'Valid call. If the expression denotes
7213 -- a name, use a renaming to alias it, otherwise use a constant to
7214 -- capture the value of the expression.
7216 -- Temp : ... renames Expr; -- reference to a name
7217 -- Temp : constant ... := Expr; -- all other cases
7219 PV :=
7220 Duplicate_Subexpr_No_Checks
7228 -- A rather specialized test. If PV is an analyzed expression which
7229 -- is an indexed component of a packed array that has not been
7230 -- properly expanded, turn off its Analyzed flag to make sure it
7231 -- gets properly reexpanded. If the prefix is an access value,
7232 -- the dereference will be added later.
7234 -- The reason this arises is that Duplicate_Subexpr_No_Checks did
7235 -- an analyze with the old parent pointer. This may point e.g. to
7236 -- a subprogram call, which deactivates this expansion.
7242 then
7246 -- Build the raise CE node to check for validity. We build a type
7247 -- qualification for the prefix, since it may not be of the form of
7248 -- a name, and we don't care in this context!
7250 CE :=
7252 Condition =>
7254 Right_Opnd =>
7260 -- Insert the validity check. Note that we do this with validity
7261 -- checks turned off, to avoid recursion, we do not want validity
7262 -- checks on the validity checking code itself.
7266 -- If the expression is a reference to an element of a bit-packed
7267 -- array, then it is rewritten as a renaming declaration. If the
7268 -- expression is an actual in a call, it has not been expanded,
7269 -- waiting for the proper point at which to do it. The same happens
7270 -- with renamings, so that we have to force the expansion now. This
7271 -- non-local complication is due to code in exp_ch2,adb, exp_ch4.adb
7272 -- and exp_ch6.adb.
7276 N_Object_Renaming_Declaration
7277 then
7278 declare
7280 begin
7283 then
7289 -- Put back the Do_Range_Check flag on the resulting (possibly
7290 -- rewritten) expression.
7292 -- Note: it might be thought that a validity check is not required
7293 -- when a range check is present, but that's not the case, because
7294 -- the back end is allowed to assume for the range check that the
7295 -- operand is within its declared range (an assumption that validity
7296 -- checking is all about NOT assuming).
7298 -- Note: no need to worry about Possible_Local_Raise here, it will
7299 -- already have been called if original node has Do_Range_Check set.
7305 -------------------------------------
7306 -- Is_Signed_Integer_Arithmetic_Op --
7307 -------------------------------------
7310 begin
7312 when N_Op_Abs
7313 | N_Op_Add
7314 | N_Op_Divide
7315 | N_Op_Expon
7316 | N_Op_Minus
7317 | N_Op_Mod
7318 | N_Op_Multiply
7319 | N_Op_Plus
7320 | N_Op_Rem
7321 | N_Op_Subtract
7322 =>
7325 when N_Case_Expression
7326 | N_If_Expression
7327 =>
7335 ----------------------------------
7336 -- Install_Null_Excluding_Check --
7337 ----------------------------------
7344 -- Determines if it is safe to capture Known_Non_Null status for an
7345 -- the entity referenced by node N. The caller ensures that N is indeed
7346 -- an entity name. It is safe to capture the non-null status for an IN
7347 -- parameter when the reference occurs within a declaration that is sure
7348 -- to be executed as part of the declarative region.
7351 -- After installation of check, if the node in question is an entity
7352 -- name, then mark this entity as non-null if possible.
7359 begin
7364 -- Two initial context checks. We must be inside a subprogram body
7365 -- with declarations and reference must not appear in nested scopes.
7369 then
7377 then
7381 declare
7385 begin
7386 -- Retrieve the declaration node of N (if any). Note that N
7387 -- may be a part of a complex initialization expression.
7393 -- If we have a short circuit form, and we are within the right
7394 -- hand expression, we return false, since the right hand side
7395 -- is not guaranteed to be elaborated.
7399 then
7403 -- Similarly, if we are in an if expression and not part of the
7404 -- condition, then we return False, since neither the THEN or
7405 -- ELSE dependent expressions will always be elaborated.
7409 then
7413 -- If within a case expression, and not part of the expression,
7414 -- then return False, since a particular dependent expression
7415 -- may not always be elaborated
7419 then
7423 -- While traversing the parent chain, if node N belongs to a
7424 -- statement, then it may never appear in a declarative region.
7428 then
7432 -- If we are at a declaration, record it and exit
7436 then
7452 -------------------
7453 -- Mark_Non_Null --
7454 -------------------
7457 begin
7458 -- Only case of interest is if node N is an entity name
7462 -- For sure, we want to clear an indication that this is known to
7463 -- be null, since if we get past this check, it definitely is not.
7467 -- We can mark the entity as known to be non-null if either it is
7468 -- safe to capture the value, or in the case of an IN parameter,
7469 -- which is a constant, if the check we just installed is in the
7470 -- declarative region of the subprogram body. In this latter case,
7471 -- a check is decisive for the rest of the body if the expression
7472 -- is sure to be elaborated, since we know we have to elaborate
7473 -- all declarations before executing the body.
7475 -- Couldn't this always be part of Safe_To_Capture_Value ???
7478 or else Safe_To_Capture_In_Parameter_Value
7479 then
7485 -- Start of processing for Install_Null_Excluding_Check
7487 begin
7490 -- No check inside a generic, check will be emitted in instance
7496 -- No check needed if known to be non-null
7502 -- If known to be null, here is where we generate a compile time check
7506 -- Avoid generating warning message inside init procs. In SPARK mode
7507 -- we can go ahead and call Apply_Compile_Time_Constraint_Error
7508 -- since it will be turned into an error in any case.
7512 -- Do not emit the warning within a conditional expression,
7513 -- where the expression might not be evaluated, and the warning
7514 -- appear as extraneous noise.
7517 then
7518 Apply_Compile_Time_Constraint_Error
7521 -- Remaining cases, where we silently insert the raise
7523 else
7529 Mark_Non_Null;
7533 -- If entity is never assigned, for sure a warning is appropriate
7539 -- No check needed if checks are suppressed on the range. Note that we
7540 -- don't set Is_Known_Non_Null in this case (we could legitimately do
7541 -- so, since the program is erroneous, but we don't like to casually
7542 -- propagate such conclusions from erroneosity).
7548 -- No check needed for access to concurrent record types generated by
7549 -- the expander. This is not just an optimization (though it does indeed
7550 -- remove junk checks). It also avoids generation of junk warnings.
7554 and then Is_Concurrent_Record_Type
7556 then
7560 -- No check needed in interface thunks since the runtime check is
7561 -- already performed at the caller side.
7567 -- No check needed for the Get_Current_Excep.all.all idiom generated by
7568 -- the expander within exception handlers, since we know that the value
7569 -- can never be null.
7571 -- Is this really the right way to do this? Normally we generate such
7572 -- code in the expander with checks off, and that's how we suppress this
7573 -- kind of junk check ???
7579 then
7583 -- Otherwise install access check
7587 Condition =>
7593 Mark_Non_Null;
7596 --------------------------
7597 -- Install_Static_Check --
7598 --------------------------
7604 begin
7613 -- Now deal with possible local raise handling
7618 -------------------------
7619 -- Is_Check_Suppressed --
7620 -------------------------
7625 begin
7626 -- First search the local entity suppress stack. We search this from the
7627 -- top of the stack down so that we get the innermost entry that applies
7628 -- to this case if there are nested entries.
7634 then
7641 -- Now search the global entity suppress table for a matching entry.
7642 -- We also search this from the top down so that if there are multiple
7643 -- pragmas for the same entity, the last one applies (not clear what
7644 -- or whether the RM specifies this handling, but it seems reasonable).
7650 then
7657 -- If we did not find a matching entry, then use the normal scope
7658 -- suppress value after all (actually this will be the global setting
7659 -- since it clearly was not overridden at any point). For a predefined
7660 -- check, we test the specific flag. For a user defined check, we check
7661 -- the All_Checks flag. The Overflow flag requires special handling to
7662 -- deal with the General vs Assertion case
7668 else
7673 ---------------------
7674 -- Kill_All_Checks --
7675 ---------------------
7678 begin
7683 -- We reset the number of saved checks to zero, and also modify all
7684 -- stack entries for statement ranges to indicate that the number of
7685 -- checks at each level is now zero.
7689 -- Note: the Int'Min here avoids any possibility of J being out of
7690 -- range when called from e.g. Conditional_Statements_Begin.
7697 -----------------
7698 -- Kill_Checks --
7699 -----------------
7702 begin
7718 ------------------------------
7719 -- Length_Checks_Suppressed --
7720 ------------------------------
7723 begin
7726 else
7731 -----------------------
7732 -- Make_Bignum_Block --
7733 -----------------------
7737 begin
7738 return
7740 Declarations =>
7742 Handled_Statement_Sequence =>
7747 ----------------------------------
7748 -- Minimize_Eliminate_Overflows --
7749 ----------------------------------
7751 -- This is a recursive routine that is called at the top of an expression
7752 -- tree to properly process overflow checking for a whole subtree by making
7753 -- recursive calls to process operands. This processing may involve the use
7754 -- of bignum or long long integer arithmetic, which will change the types
7755 -- of operands and results. That's why we can't do this bottom up (since
7756 -- it would interfere with semantic analysis).
7758 -- What happens is that if MINIMIZED/ELIMINATED mode is in effect then
7759 -- the operator expansion routines, as well as the expansion routines for
7760 -- if/case expression, do nothing (for the moment) except call the routine
7761 -- to apply the overflow check (Apply_Arithmetic_Overflow_Check). That
7762 -- routine does nothing for non top-level nodes, so at the point where the
7763 -- call is made for the top level node, the entire expression subtree has
7764 -- not been expanded, or processed for overflow. All that has to happen as
7765 -- a result of the top level call to this routine.
7767 -- As noted above, the overflow processing works by making recursive calls
7768 -- for the operands, and figuring out what to do, based on the processing
7769 -- of these operands (e.g. if a bignum operand appears, the parent op has
7770 -- to be done in bignum mode), and the determined ranges of the operands.
7772 -- After possible rewriting of a constituent subexpression node, a call is
7773 -- made to either reexpand the node (if nothing has changed) or reanalyze
7774 -- the node (if it has been modified by the overflow check processing). The
7775 -- Analyzed_Flag is set to False before the reexpand/reanalyze. To avoid
7776 -- a recursive call into the whole overflow apparatus, an important rule
7777 -- for this call is that the overflow handling mode must be temporarily set
7778 -- to STRICT.
7780 procedure Minimize_Eliminate_Overflows
7785 is
7788 -- Result type, must be a signed integer type
7796 -- Ranges of values for right operand (operator case)
7799 -- Ranges of values for left operand (operator case)
7802 -- Operands and results are of this type when we convert
7806 -- Bounds of Long_Long_Integer
7809 -- Indicates binary operator case
7812 -- Used in call to Determine_Range
7815 -- Set True if one or more operands is already of type Bignum, meaning
7816 -- that for sure (regardless of Top_Level setting) we are committed to
7817 -- doing the operation in Bignum mode (or in the case of a case or if
7818 -- expression, converting all the dependent expressions to Bignum).
7821 -- Set True if one or more operands is already of type Long_Long_Integer
7822 -- which means that if the result is known to be in the result type
7823 -- range, then we must convert such operands back to the result type.
7826 -- This is called when we have modified the node and we therefore need
7827 -- to reanalyze it. It is important that we reset the mode to STRICT for
7828 -- this reanalysis, since if we leave it in MINIMIZED or ELIMINATED mode
7829 -- we would reenter this routine recursively which would not be good.
7830 -- The argument Suppress is set True if we also want to suppress
7831 -- overflow checking for the reexpansion (this is set when we know
7832 -- overflow is not possible). Typ is the type for the reanalysis.
7835 -- This is like Reanalyze, but does not do the Analyze step, it only
7836 -- does a reexpansion. We do this reexpansion in STRICT mode, so that
7837 -- instead of reentering the MINIMIZED/ELIMINATED mode processing, we
7838 -- follow the normal expansion path (e.g. converting A**4 to A**2**2).
7839 -- Note that skipping reanalysis is not just an optimization, testing
7840 -- has showed up several complex cases in which reanalyzing an already
7841 -- analyzed node causes incorrect behavior.
7844 -- Returns True iff Lo .. Hi are within range of the result type
7847 -- If A is No_Uint, sets A to B, else to UI_Max (A, B)
7850 -- If A is No_Uint, sets A to B, else to UI_Min (A, B)
7852 ---------------------
7853 -- In_Result_Range --
7854 ---------------------
7857 begin
7863 and then
7866 else
7868 and then
7873 ---------
7874 -- Max --
7875 ---------
7878 begin
7884 ---------
7885 -- Min --
7886 ---------
7889 begin
7895 ---------------
7896 -- Reanalyze --
7897 ---------------
7907 begin
7922 --------------
7923 -- Reexpand --
7924 --------------
7934 begin
7950 -- Start of processing for Minimize_Eliminate_Overflows
7952 begin
7953 -- Case where we do not have a signed integer arithmetic operation
7957 -- Use the normal Determine_Range routine to get the range. We
7958 -- don't require operands to be valid, invalid values may result in
7959 -- rubbish results where the result has not been properly checked for
7960 -- overflow, that's fine.
7964 -- If Determine_Range did not work (can this in fact happen? Not
7965 -- clear but might as well protect), use type bounds.
7972 -- If we don't have a binary operator, all we have to do is to set
7973 -- the Hi/Lo range, so we are done.
7977 -- Processing for if expression
7980 declare
7984 begin
7987 Minimize_Eliminate_Overflows
7994 Minimize_Eliminate_Overflows
7999 else
8000 Long_Long_Integer_Operands :=
8007 -- If at least one of our operands is now Bignum, we must rebuild
8008 -- the if expression to use Bignum operands. We will analyze the
8009 -- rebuilt if expression with overflow checks off, since once we
8010 -- are in bignum mode, we are all done with overflow checks.
8023 -- If we have no Long_Long_Integer operands, then we are in result
8024 -- range, since it means that none of our operands felt the need
8025 -- to worry about overflow (otherwise it would have already been
8026 -- converted to long long integer or bignum). We reexpand to
8027 -- complete the expansion of the if expression (but we do not
8028 -- need to reanalyze).
8032 Reexpand;
8034 -- Otherwise convert us to long long integer mode. Note that we
8035 -- don't need any further overflow checking at this level.
8037 else
8042 -- Now reanalyze with overflow checks off
8051 -- Here for case expression
8057 declare
8060 begin
8061 -- Loop through expressions applying recursive call
8065 declare
8068 begin
8069 Minimize_Eliminate_Overflows
8082 -- If we have no bignum or long long integer operands, it means
8083 -- that none of our dependent expressions could raise overflow.
8084 -- In this case, we simply return with no changes except for
8085 -- resetting the overflow flag, since we are done with overflow
8086 -- checks for this node. We will reexpand to get the needed
8087 -- expansion for the case expression, but we do not need to
8088 -- reanalyze, since nothing has changed.
8094 -- Otherwise we are going to rebuild the case expression using
8095 -- either bignum or long long integer operands throughout.
8097 else
8098 declare
8103 begin
8110 else
8137 -- If we have an arithmetic operator we make recursive calls on the
8138 -- operands to get the ranges (and to properly process the subtree
8139 -- that lies below us).
8141 Minimize_Eliminate_Overflows
8145 Minimize_Eliminate_Overflows
8149 -- Record if we have Long_Long_Integer operands
8151 Long_Long_Integer_Operands :=
8155 -- If either operand is a bignum, then result will be a bignum and we
8156 -- don't need to do any range analysis. As previously discussed we could
8157 -- do range analysis in such cases, but it could mean working with giant
8158 -- numbers at compile time for very little gain (the number of cases
8159 -- in which we could slip back from bignum mode is small).
8166 -- Otherwise compute result range
8168 else
8173 -- Absolute value
8179 -- Addition
8185 -- Division
8189 -- If the right operand can only be zero, set 0..0
8195 -- Possible bounds of division must come from dividing end
8196 -- values of the input ranges (four possibilities), provided
8197 -- zero is not included in the possible values of the right
8198 -- operand.
8200 -- Otherwise, we just consider two intervals of values for
8201 -- the right operand: the interval of negative values (up to
8202 -- -1) and the interval of positive values (starting at 1).
8203 -- Since division by 1 is the identity, and division by -1
8204 -- is negation, we get all possible bounds of division in that
8205 -- case by considering:
8206 -- - all values from the division of end values of input
8207 -- ranges;
8208 -- - the end values of the left operand;
8209 -- - the negation of the end values of the left operand.
8211 else
8212 declare
8214 -- Mark so we can release the RR and Ev values
8221 begin
8222 -- Discard extreme values of zero for the divisor, since
8223 -- they will simply result in an exception in any case.
8231 -- Compute possible bounds coming from dividing end
8232 -- values of the input ranges.
8242 -- If the right operand can be both negative or positive,
8243 -- include the end values of the left operand in the
8244 -- extreme values, as well as their negation.
8258 -- Release the RR and Ev values
8264 -- Exponentiation
8268 -- Discard negative values for the exponent, since they will
8269 -- simply result in an exception in any case.
8277 -- Estimate number of bits in result before we go computing
8278 -- giant useless bounds. Basically the number of bits in the
8279 -- result is the number of bits in the base multiplied by the
8280 -- value of the exponent. If this is big enough that the result
8281 -- definitely won't fit in Long_Long_Integer, switch to bignum
8282 -- mode immediately, and avoid computing giant bounds.
8284 -- The comparison here is approximate, but conservative, it
8285 -- only clicks on cases that are sure to exceed the bounds.
8291 -- If right operand is zero then result is 1
8297 else
8298 -- High bound comes either from exponentiation of largest
8299 -- positive value to largest exponent value, or from
8300 -- the exponentiation of most negative value to an
8301 -- even exponent.
8303 declare
8306 begin
8309 else
8316 else
8319 else
8326 -- Result can only be negative if base can be negative
8331 else
8335 -- Otherwise low bound is minimum ** minimum
8337 else
8342 -- Negation
8348 -- Mod
8351 declare
8353 -- This is the maximum absolute value of the result
8355 begin
8359 -- The result depends only on the sign and magnitude of
8360 -- the right operand, it does not depend on the sign or
8361 -- magnitude of the left operand.
8372 -- Multiplication
8376 -- Possible bounds of multiplication must come from multiplying
8377 -- end values of the input ranges (four possibilities).
8379 declare
8381 -- Mark so we can release the Ev values
8388 begin
8392 -- Release the Ev values
8397 -- Plus operator (affirmation)
8403 -- Remainder
8406 declare
8408 -- This is the maximum absolute value of the result. Note
8409 -- that the result range does not depend on the sign of the
8410 -- right operand.
8412 begin
8416 -- Case of left operand negative, which results in a range
8417 -- of -Maxabs .. 0 for those negative values. If there are
8418 -- no negative values then Lo value of result is always 0.
8424 -- Case of left operand positive
8431 -- Subtract
8437 -- Nothing else should be possible
8444 -- Here for the case where we have not rewritten anything (no bignum
8445 -- operands or long long integer operands), and we know the result.
8446 -- If we know we are in the result range, and we do not have Bignum
8447 -- operands or Long_Long_Integer operands, we can just reexpand with
8448 -- overflow checks turned off (since we know we cannot have overflow).
8449 -- As always the reexpansion is required to complete expansion of the
8450 -- operator, but we do not need to reanalyze, and we prevent recursion
8451 -- by suppressing the check.
8454 and then In_Result_Range
8455 then
8460 -- Here we know that we are not in the result range, and in the general
8461 -- case we will move into either the Bignum or Long_Long_Integer domain
8462 -- to compute the result. However, there is one exception. If we are
8463 -- at the top level, and we do not have Bignum or Long_Long_Integer
8464 -- operands, we will have to immediately convert the result back to
8465 -- the result type, so there is no point in Bignum/Long_Long_Integer
8466 -- fiddling.
8468 elsif Top_Level
8471 -- One further refinement. If we are at the top level, but our parent
8472 -- is a type conversion, then go into bignum or long long integer node
8473 -- since the result will be converted to that type directly without
8474 -- going through the result type, and we may avoid an overflow. This
8475 -- is the case for example of Long_Long_Integer (A ** 4), where A is
8476 -- of type Integer, and the result A ** 4 fits in Long_Long_Integer
8477 -- but does not fit in Integer.
8480 then
8481 -- Here keep original types, but we need to complete analysis
8483 -- One subtlety. We can't just go ahead and do an analyze operation
8484 -- here because it will cause recursion into the whole MINIMIZED/
8485 -- ELIMINATED overflow processing which is not what we want. Here
8486 -- we are at the top level, and we need a check against the result
8487 -- mode (i.e. we want to use STRICT mode). So do exactly that.
8488 -- Also, we have not modified the node, so this is a case where
8489 -- we need to reexpand, but not reanalyze.
8491 Reexpand;
8494 -- Cases where we do the operation in Bignum mode. This happens either
8495 -- because one of our operands is in Bignum mode already, or because
8496 -- the computed bounds are outside the bounds of Long_Long_Integer,
8497 -- which in some cases can be indicated by Hi and Lo being No_Uint.
8499 -- Note: we could do better here and in some cases switch back from
8500 -- Bignum mode to normal mode, e.g. big mod 2 must be in the range
8501 -- 0 .. 1, but the cases are rare and it is not worth the effort.
8502 -- Failing to do this switching back is only an efficiency issue.
8506 -- OK, we are definitely outside the range of Long_Long_Integer. The
8507 -- question is whether to move to Bignum mode, or stay in the domain
8508 -- of Long_Long_Integer, signalling that an overflow check is needed.
8510 -- Obviously in MINIMIZED mode we stay with LLI, since we are not in
8511 -- the Bignum business. In ELIMINATED mode, we will normally move
8512 -- into Bignum mode, but there is an exception if neither of our
8513 -- operands is Bignum now, and we are at the top level (Top_Level
8514 -- set True). In this case, there is no point in moving into Bignum
8515 -- mode to prevent overflow if the caller will immediately convert
8516 -- the Bignum value back to LLI with an overflow check. It's more
8517 -- efficient to stay in LLI mode with an overflow check (if needed)
8521 then
8526 -- The result now has to be in Long_Long_Integer mode, so adjust
8527 -- the possible range to reflect this. Note these calls also
8528 -- change No_Uint values from the top level case to LLI bounds.
8533 -- Otherwise we are in ELIMINATED mode and we switch to Bignum mode
8535 else
8538 declare
8542 begin
8571 -- Anything else is an internal error, this includes the
8572 -- N_Op_Plus case, since how can plus cause the result
8573 -- to be out of range if the operand is in range?
8579 -- Construct argument list for Bignum call, converting our
8580 -- operands to Bignum form if they are not already there.
8590 -- Now rewrite the arithmetic operator with a call to the
8591 -- corresponding bignum function.
8599 -- Indicate result is Bignum mode
8607 -- Otherwise we are in range of Long_Long_Integer, so no overflow
8608 -- check is required, at least not yet.
8610 else
8614 -- Here we are not in Bignum territory, but we may have long long
8615 -- integer operands that need special handling. First a special check:
8616 -- If an exponentiation operator exponent is of type Long_Long_Integer,
8617 -- it means we converted it to prevent overflow, but exponentiation
8618 -- requires a Natural right operand, so convert it back to Natural.
8619 -- This conversion may raise an exception which is fine.
8625 -- Here we will do the operation in Long_Long_Integer. We do this even
8626 -- if we know an overflow check is required, better to do this in long
8627 -- long integer mode, since we are less likely to overflow.
8629 -- Convert right or only operand to Long_Long_Integer, except that
8630 -- we do not touch the exponentiation right operand.
8636 -- Convert left operand to Long_Long_Integer for binary case
8642 -- Reset node to unanalyzed
8648 -- Now analyze this new node. This reanalysis will complete processing
8649 -- for the node. In particular we will complete the expansion of an
8650 -- exponentiation operator (e.g. changing A ** 2 to A * A), and also
8651 -- we will complete any division checks (since we have not changed the
8652 -- setting of the Do_Division_Check flag).
8654 -- We do this reanalysis in STRICT mode to avoid recursion into the
8655 -- MINIMIZED/ELIMINATED handling, since we are now done with that.
8657 declare
8663 begin
8669 else
8678 -------------------------
8679 -- Overflow_Check_Mode --
8680 -------------------------
8683 begin
8686 else
8691 --------------------------------
8692 -- Overflow_Checks_Suppressed --
8693 --------------------------------
8696 begin
8699 else
8704 ---------------------------------
8705 -- Predicate_Checks_Suppressed --
8706 ---------------------------------
8709 begin
8712 else
8717 -----------------------------
8718 -- Range_Checks_Suppressed --
8719 -----------------------------
8722 begin
8735 -----------------------------------------
8736 -- Range_Or_Validity_Checks_Suppressed --
8737 -----------------------------------------
8739 -- Note: the coding would be simpler here if we simply made appropriate
8740 -- calls to Range/Validity_Checks_Suppressed, but that would result in
8741 -- duplicated checks which we prefer to avoid.
8743 function Range_Or_Validity_Checks_Suppressed
8745 is
8746 begin
8747 -- Immediate return if scope checks suppressed for either check
8750 or
8752 then
8756 -- If no expression, that's odd, decide that checks are suppressed,
8757 -- since we don't want anyone trying to do checks in this case, which
8758 -- is most likely the result of some other error.
8764 -- Expression is present, so perform suppress checks on type
8766 declare
8768 begin
8771 or else
8773 then
8778 -- If expression is an entity name, perform checks on this entity
8781 declare
8783 begin
8791 -- If we fall through, no checks suppressed
8796 -------------------
8797 -- Remove_Checks --
8798 -------------------
8802 -- Process a single node during the traversal
8805 -- The traversal procedure itself
8807 -------------
8808 -- Process --
8809 -------------
8812 begin
8875 -- Start of processing for Remove_Checks
8877 begin
8881 ----------------------------
8882 -- Selected_Length_Checks --
8883 ----------------------------
8885 function Selected_Length_Checks
8890 is
8903 -- Adds the action given to Ret_Result if N is non-Empty
8907 -- Comments required ???
8910 -- True for equal literals and for nodes that denote the same constant
8911 -- entity, even if its value is not a static constant. This includes the
8912 -- case of a discriminal reference within an init proc. Removes some
8913 -- obviously superfluous checks.
8915 function Length_E_Cond
8919 -- Returns expression to compute:
8920 -- Typ'Length /= Exptyp'Length
8922 function Length_N_Cond
8926 -- Returns expression to compute:
8927 -- Typ'Length /= Expr'Length
8929 ---------------
8930 -- Add_Check --
8931 ---------------
8934 begin
8937 -- For now, ignore attempt to place more than two checks ???
8938 -- This is really worrisome, are we really discarding checks ???
8950 ------------------
8951 -- Get_E_Length --
8952 ------------------
8959 begin
8962 then
8972 return
8980 and then not Inside_Init_Proc
8981 then
8982 -- If the type whose length is needed is a private component
8983 -- constrained by a discriminant, we must expand the 'Length
8984 -- attribute into an explicit computation, using the discriminal
8985 -- of the current protected operation. This is because the actual
8986 -- type of the prival is constructed after the protected opera-
8987 -- tion has been fully expanded.
8989 declare
8995 begin
9006 then
9013 then
9027 N :=
9029 Left_Opnd =>
9037 else
9038 N :=
9041 Prefix =>
9053 else
9054 N :=
9057 Prefix =>
9069 ------------------
9070 -- Get_N_Length --
9071 ------------------
9074 begin
9075 return
9078 Prefix =>
9084 -------------------
9085 -- Length_E_Cond --
9086 -------------------
9088 function Length_E_Cond
9092 is
9093 begin
9094 return
9100 -------------------
9101 -- Length_N_Cond --
9102 -------------------
9104 function Length_N_Cond
9108 is
9109 begin
9110 return
9116 -----------------
9117 -- Same_Bounds --
9118 -----------------
9121 begin
9122 return
9127 or else
9132 or else
9137 or else
9144 or else
9152 -- Start of processing for Selected_Length_Checks
9154 begin
9155 -- Checks will be applied only when generating code
9164 then
9176 else
9189 -- A simple optimization for the null case
9199 -- The checking code to be generated will freeze the corresponding
9200 -- array type. However, we must freeze the type now, so that the
9201 -- freeze node does not appear within the generated if expression,
9202 -- but ahead of it.
9213 -- String_Literal case. This needs to be handled specially be-
9214 -- cause no index types are available for string literals. The
9215 -- condition is simply:
9217 -- T_Typ'Length = string-literal-length
9221 then
9222 Cond :=
9225 Right_Opnd =>
9227 Intval =>
9230 -- General array case. Here we have a usable actual subtype for
9231 -- the expression, and the condition is built from the two types
9232 -- (Do_Length):
9234 -- T_Typ'Length /= Exptyp'Length or else
9235 -- T_Typ'Length (2) /= Exptyp'Length (2) or else
9236 -- T_Typ'Length (3) /= Exptyp'Length (3) or else
9237 -- ...
9240 declare
9253 begin
9254 -- At the library level, we need to ensure that the type of
9255 -- the object is elaborated before the check itself is
9256 -- emitted. This is only done if the object is in the
9257 -- current compilation unit, otherwise the type is frozen
9258 -- and elaborated in its unit.
9261 and then
9263 and then
9266 then
9277 or else
9279 then
9283 -- Deal with compile time length check. Note that we
9284 -- skip this in the access case, because the access
9285 -- value may be null, so we cannot know statically.
9287 if not Do_Access
9292 then
9296 else
9303 else
9308 Add_Check
9309 (Compile_Time_Constraint_Error
9313 Add_Check
9314 (Compile_Time_Constraint_Error
9318 -- The comparison for an individual index subtype
9319 -- is omitted if the corresponding index subtypes
9320 -- statically match, since the result is known to
9321 -- be true. Note that this test is worth while even
9322 -- though we do static evaluation, because non-static
9323 -- subtypes can statically match.
9325 elsif not
9326 Subtypes_Statically_Match
9329 and then not
9332 then
9333 Evolve_Or_Else
9343 -- Handle cases where we do not get a usable actual subtype that
9344 -- is constrained. This happens for example in the function call
9345 -- and explicit dereference cases. In these cases, we have to get
9346 -- the length or range from the expression itself, making sure we
9347 -- do not evaluate it more than once.
9349 -- Here Ck_Node is the original expression, or more properly the
9350 -- result of applying Duplicate_Expr to the original tree, forcing
9351 -- the result to be a name.
9353 else
9354 declare
9357 begin
9358 -- Build the condition for the explicit dereference case
9361 Evolve_Or_Else
9369 -- Construct the test and insert into the tree
9376 Add_Check
9385 ---------------------------
9386 -- Selected_Range_Checks --
9387 ---------------------------
9389 function Selected_Range_Checks
9394 is
9407 -- Adds the action given to Ret_Result if N is non-Empty
9409 function Discrete_Range_Cond
9412 -- Returns expression to compute:
9413 -- Low_Bound (Expr) < Typ'First
9414 -- or else
9415 -- High_Bound (Expr) > Typ'Last
9417 function Discrete_Expr_Cond
9420 -- Returns expression to compute:
9421 -- Expr < Typ'First
9422 -- or else
9423 -- Expr > Typ'Last
9425 function Get_E_First_Or_Last
9430 -- Returns an attribute reference
9431 -- E'First or E'Last
9432 -- with a source location of Loc.
9433 --
9434 -- Nam is Name_First or Name_Last, according to which attribute is
9435 -- desired. If Indx is non-zero, it is passed as a literal in the
9436 -- Expressions of the attribute reference (identifying the desired
9437 -- array dimension).
9441 -- Returns expression to compute:
9442 -- N'First or N'Last using Duplicate_Subexpr_No_Checks
9444 function Range_E_Cond
9449 -- Returns expression to compute:
9450 -- Exptyp'First < Typ'First or else Exptyp'Last > Typ'Last
9452 function Range_Equal_E_Cond
9456 -- Returns expression to compute:
9457 -- Exptyp'First /= Typ'First or else Exptyp'Last /= Typ'Last
9459 function Range_N_Cond
9463 -- Return expression to compute:
9464 -- Expr'First < Typ'First or else Expr'Last > Typ'Last
9466 ---------------
9467 -- Add_Check --
9468 ---------------
9471 begin
9474 -- For now, ignore attempt to place more than 2 checks ???
9486 -------------------------
9487 -- Discrete_Expr_Cond --
9488 -------------------------
9490 function Discrete_Expr_Cond
9493 is
9494 begin
9495 return
9497 Left_Opnd =>
9499 Left_Opnd =>
9502 Right_Opnd =>
9506 Right_Opnd =>
9508 Left_Opnd =>
9511 Right_Opnd =>
9512 Convert_To
9517 -------------------------
9518 -- Discrete_Range_Cond --
9519 -------------------------
9521 function Discrete_Range_Cond
9524 is
9531 begin
9534 then
9538 Left_Opnd :=
9540 Left_Opnd =>
9541 Convert_To
9544 Right_Opnd =>
9545 Convert_To
9551 then
9555 Right_Opnd :=
9557 Left_Opnd =>
9558 Convert_To
9561 Right_Opnd =>
9562 Convert_To
9569 -------------------------
9570 -- Get_E_First_Or_Last --
9571 -------------------------
9573 function Get_E_First_Or_Last
9578 is
9580 begin
9583 else
9593 -----------------
9594 -- Get_N_First --
9595 -----------------
9598 begin
9599 return
9602 Prefix =>
9608 ----------------
9609 -- Get_N_Last --
9610 ----------------
9613 begin
9614 return
9617 Prefix =>
9623 ------------------
9624 -- Range_E_Cond --
9625 ------------------
9627 function Range_E_Cond
9631 is
9632 begin
9633 return
9635 Left_Opnd =>
9637 Left_Opnd =>
9639 Right_Opnd =>
9642 Right_Opnd =>
9644 Left_Opnd =>
9646 Right_Opnd =>
9650 ------------------------
9651 -- Range_Equal_E_Cond --
9652 ------------------------
9654 function Range_Equal_E_Cond
9658 is
9659 begin
9660 return
9662 Left_Opnd =>
9664 Left_Opnd =>
9666 Right_Opnd =>
9669 Right_Opnd =>
9671 Left_Opnd =>
9673 Right_Opnd =>
9677 ------------------
9678 -- Range_N_Cond --
9679 ------------------
9681 function Range_N_Cond
9685 is
9686 begin
9687 return
9689 Left_Opnd =>
9691 Left_Opnd =>
9693 Right_Opnd =>
9696 Right_Opnd =>
9698 Left_Opnd =>
9700 Right_Opnd =>
9704 -- Start of processing for Selected_Range_Checks
9706 begin
9707 -- Checks will be applied only when generating code. In GNATprove mode,
9708 -- we do not apply the checks, but we still call Selected_Range_Checks
9709 -- to possibly issue errors on SPARK code when a run-time error can be
9710 -- detected at compile time.
9719 then
9731 else
9739 -- The order of evaluating T_Typ before S_Typ seems to be critical
9740 -- because S_Typ can be derived from Etype (Ck_Node), if it's not passed
9741 -- in, and since Node can be an N_Range node, it might be invalid.
9742 -- Should there be an assert check somewhere for taking the Etype of
9743 -- an N_Range node ???
9750 -- A simple optimization for the null case
9757 -- For an N_Range Node, check for a null range and then if not
9758 -- null generate a range check action.
9762 -- There's no point in checking a range against itself
9768 declare
9783 begin
9784 -- Compute what is known at compile time
9790 -- There's no point in checking that a bound is within its
9791 -- own range so pretend that it is known in this case. First
9792 -- deal with low bound.
9796 then
9801 -- Likewise for the high bound
9808 then
9814 -- Check for case where everything is static and we can do the
9815 -- check at compile time. This is skipped if we have an access
9816 -- type, since the access value may be null.
9818 -- ??? This code can be improved since you only need to know that
9819 -- the two respective bounds (LB & T_LB or HB & T_HB) are known at
9820 -- compile time to emit pertinent messages.
9823 and not Do_Access
9824 then
9825 -- Floating-point case
9829 Out_Of_Range_L :=
9831 or else
9834 Out_Of_Range_H :=
9836 or else
9839 -- Fixed or discrete type case
9841 else
9843 Out_Of_Range_L :=
9845 or else
9848 Out_Of_Range_H :=
9850 or else
9857 Add_Check
9858 (Compile_Time_Constraint_Error
9862 else
9863 Add_Check
9864 (Compile_Time_Constraint_Error
9872 Add_Check
9873 (Compile_Time_Constraint_Error
9877 else
9878 Add_Check
9879 (Compile_Time_Constraint_Error
9886 else
9887 declare
9891 begin
9892 -- If either bound is a discriminant and we are within the
9893 -- record declaration, it is a use of the discriminant in a
9894 -- constraint of a component, and nothing can be checked
9895 -- here. The check will be emitted within the init proc.
9896 -- Before then, the discriminal has no real meaning.
9897 -- Similarly, if the entity is a discriminal, there is no
9898 -- check to perform yet.
9900 -- The same holds within a discriminated synchronized type,
9901 -- where the discriminant may constrain a component or an
9902 -- entry family.
9906 then
9910 then
9912 else
9913 LB :=
9920 then
9924 then
9926 else
9927 HB :=
9935 Cond :=
9937 Left_Opnd =>
9939 Left_Opnd =>
9942 Right_Opnd =>
9952 -- This somewhat duplicates what Apply_Scalar_Range_Check does,
9953 -- except the above simply sets a flag in the node and lets
9954 -- gigi generate the check base on the Etype of the expression.
9955 -- Sometimes, however we want to do a dynamic check against an
9956 -- arbitrary target type, so we do that here.
9961 -- For literals, we can tell if the constraint error will be
9962 -- raised at compile time, so we never need a dynamic check, but
9963 -- if the exception will be raised, then post the usual warning,
9964 -- and replace the literal with a raise constraint error
9965 -- expression. As usual, skip this for access types
9968 declare
9977 begin
9978 -- Following range tests should use Sem_Eval routine ???
9982 Out_Of_Range :=
9984 or else
9987 -- Fixed or discrete type
9989 else
9990 Out_Of_Range :=
9992 or else
9996 -- Bounds of the type are static and the literal is out of
9997 -- range so output a warning message.
10001 Add_Check
10002 (Compile_Time_Constraint_Error
10006 else
10007 Add_Check
10008 (Compile_Time_Constraint_Error
10014 else
10019 -- Here for the case of a non-static expression, we need a runtime
10020 -- check unless the source type range is guaranteed to be in the
10021 -- range of the target type.
10023 else
10040 -- String_Literal case. This needs to be handled specially be-
10041 -- cause no index types are available for string literals. The
10042 -- condition is simply:
10044 -- T_Typ'Length = string-literal-length
10049 -- General array case. Here we have a usable actual subtype for
10050 -- the expression, and the condition is built from the two types
10052 -- T_Typ'First < Exptyp'First or else
10053 -- T_Typ'Last > Exptyp'Last or else
10054 -- T_Typ'First(1) < Exptyp'First(1) or else
10055 -- T_Typ'Last(1) > Exptyp'Last(1) or else
10056 -- ...
10059 declare
10065 begin
10071 or else
10073 then
10074 -- Deal with compile time length check. Note that we
10075 -- skip this in the access case, because the access
10076 -- value may be null, so we cannot know statically.
10078 if not
10079 Subtypes_Statically_Match
10081 then
10082 -- If the target type is constrained then we
10083 -- have to check for exact equality of bounds
10084 -- (required for qualified expressions).
10087 Evolve_Or_Else
10090 else
10091 Evolve_Or_Else
10102 -- Handle cases where we do not get a usable actual subtype that
10103 -- is constrained. This happens for example in the function call
10104 -- and explicit dereference cases. In these cases, we have to get
10105 -- the length or range from the expression itself, making sure we
10106 -- do not evaluate it more than once.
10108 -- Here Ck_Node is the original expression, or more properly the
10109 -- result of applying Duplicate_Expr to the original tree,
10110 -- forcing the result to be a name.
10112 else
10113 declare
10116 begin
10117 -- Build the condition for the explicit dereference case
10120 Evolve_Or_Else
10126 else
10127 -- For a conversion to an unconstrained array type, generate an
10128 -- Action to check that the bounds of the source value are within
10129 -- the constraints imposed by the target type (RM 4.6(38)). No
10130 -- check is needed for a conversion to an access to unconstrained
10131 -- array type, as 4.6(24.15/2) requires the designated subtypes
10132 -- of the two access types to statically match.
10135 and then not Do_Access
10136 then
10137 declare
10142 begin
10147 -- If the index is a range, use its bounds. If it is an
10148 -- entity (as will be the case if it is a named subtype
10149 -- or an itype created for a slice) retrieve its range.
10153 then
10155 else
10160 if Is_In_Range
10163 and then
10164 Is_In_Range
10167 then
10170 -- If null range, no check needed
10172 elsif
10174 and then
10176 and then
10179 then
10182 elsif Is_Out_Of_Range
10185 or else
10186 Is_Out_Of_Range
10189 then
10190 Add_Check
10191 (Compile_Time_Constraint_Error
10194 else
10195 Evolve_Or_Else
10197 Discrete_Range_Cond
10210 -- Construct the test and insert into the tree
10217 Add_Check
10226 -------------------------------
10227 -- Storage_Checks_Suppressed --
10228 -------------------------------
10231 begin
10234 else
10239 ---------------------------
10240 -- Tag_Checks_Suppressed --
10241 ---------------------------
10244 begin
10247 then
10249 else
10254 ---------------------------------------
10255 -- Validate_Alignment_Check_Warnings --
10256 ---------------------------------------
10259 begin
10261 declare
10262 AWR : Alignment_Warnings_Record
10264 begin
10267 then
10274 --------------------------
10275 -- Validity_Check_Range --
10276 --------------------------
10278 procedure Validity_Check_Range
10281 is
10282 begin
10285 Ensure_Valid
10290 Ensure_Valid
10298 --------------------------------
10299 -- Validity_Checks_Suppressed --
10300 --------------------------------
10303 begin
10306 else