| blob | fa0d59a246a265093610857e310124f1423f46c8 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C O N T R A C T S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 2015-2023, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
66 -- This exception is raised by Add_Contract_Item when it is invoked on an
67 -- invalid pragma. Note that clients of the package must filter them out
68 -- before invoking Add_Contract_Item, so it should not escape the package.
71 -- Analyze all delayed pragmas chained on the contract of package
72 -- instantiation Inst_Id as if they appear at the end of a declarative
73 -- region. The pragmas in question are:
74 --
75 -- Part_Of
77 procedure Build_Subprogram_Contract_Wrapper
82 -- Generate a wrapper for a given subprogram body when the expansion of
83 -- postconditions require it by moving its declarations and statements
84 -- into a locally declared subprogram _Wrapped_Statements.
86 -- Postcondition and precondition checks then get inserted in place of
87 -- the original statements and declarations along with a call to
88 -- _Wrapped_Statements.
90 procedure Check_Class_Condition
95 -- Perform checking of class-wide pre/postcondition Cond inherited by Subp
96 -- from Par_Subp. Is_Precondition enables check specific for preconditions.
97 -- In SPARK_Mode, an inherited operation that is not overridden but has
98 -- inherited modified conditions pre/postconditions is illegal.
101 -- Determine whether arbitrary declaration Decl denotes a renaming of
102 -- a discriminant or protection field _object.
104 procedure Check_Type_Or_Object_External_Properties
106 -- Perform checking of external properties pragmas that is common to both
107 -- type declarations and object declarations.
110 -- Expand the contracts of a subprogram body and its correspoding spec (if
111 -- any). This routine processes all [refined] pre- and postconditions as
112 -- well as Always_Terminates, Contract_Cases, Exceptional_Cases,
113 -- Subprogram_Variant, invariants and predicates. Body_Id denotes the
114 -- entity of the subprogram body.
116 procedure Preanalyze_Condition
119 -- Preanalyze the class-wide condition Expr of Subp
121 procedure Set_Class_Condition
125 -- Set the class-wide Kind condition of Subp
127 -----------------------
128 -- Add_Contract_Item --
129 -----------------------
135 -- Prepend Prag to the list of classifications
138 -- Prepend Prag to the list of contract and test cases
141 -- Prepend Prag to the list of pre- and postconditions
143 ------------------------
144 -- Add_Classification --
145 ------------------------
148 begin
153 ----------------------------
154 -- Add_Contract_Test_Case --
155 ----------------------------
158 begin
163 ----------------------------
164 -- Add_Pre_Post_Condition --
165 ----------------------------
168 begin
173 -- Local variables
175 -- A contract must contain only pragmas
180 -- Start of processing for Add_Contract_Item
182 begin
183 -- Create a new contract when adding the first item
190 -- Constants, the applicable pragmas are:
191 -- Part_Of
195 | Name_Async_Writers
196 | Name_Effective_Reads
197 | Name_Effective_Writes
198 | Name_No_Caching
199 | Name_Part_Of
200 then
201 Add_Classification;
203 -- The pragma is not a proper contract item
205 else
209 -- Entry bodies, the applicable pragmas are:
210 -- Refined_Depends
211 -- Refined_Global
212 -- Refined_Post
216 Add_Classification;
219 Add_Pre_Post_Condition;
221 -- The pragma is not a proper contract item
223 else
227 -- Entry or subprogram declarations, the applicable pragmas are:
228 -- Always_Terminates
229 -- Attach_Handler
230 -- Contract_Cases
231 -- Depends
232 -- Exceptional_Cases
233 -- Extensions_Visible
234 -- Global
235 -- Interrupt_Handler
236 -- Postcondition
237 -- Precondition
238 -- Side_Effects
239 -- Subprogram_Variant
240 -- Test_Case
241 -- Volatile_Function
245 | E_Generic_Function
246 | E_Generic_Procedure
247 | E_Procedure
248 then
251 then
252 Add_Classification;
255 | Name_Extensions_Visible
256 | Name_Global
257 | Name_Side_Effects
258 then
259 Add_Classification;
263 then
264 Add_Classification;
267 | Name_Contract_Cases
268 | Name_Exceptional_Cases
269 | Name_Subprogram_Variant
270 | Name_Test_Case
271 then
272 Add_Contract_Test_Case;
275 Add_Pre_Post_Condition;
277 -- The pragma is not a proper contract item
279 else
283 -- Packages or instantiations, the applicable pragmas are:
284 -- Abstract_States
285 -- Initial_Condition
286 -- Initializes
287 -- Part_Of (instantiation only)
291 | Name_Initial_Condition
292 | Name_Initializes
293 then
294 Add_Classification;
296 -- Indicator Part_Of must be associated with a package instantiation
299 Add_Classification;
302 Add_Contract_Test_Case;
304 -- The pragma is not a proper contract item
306 else
310 -- Package bodies, the applicable pragmas are:
311 -- Refined_States
315 Add_Classification;
317 -- The pragma is not a proper contract item
319 else
323 -- The four volatility refinement pragmas are ok for all types.
324 -- Part_Of is ok for task types and protected types.
325 -- Depends and Global are ok for task types.
326 --
327 -- Precondition and Postcondition are added separately; they are allowed
328 -- for access-to-subprogram types.
331 declare
333 Prag_Nam in Name_Async_Readers
334 | Name_Async_Writers
335 | Name_Effective_Reads
336 | Name_Effective_Writes
337 | Name_No_Caching
340 | Name_Depends
341 | Name_Global)
345 begin
347 Add_Classification;
351 | Name_Postcondition
352 then
353 Add_Pre_Post_Condition;
354 else
356 -- The pragma is not a proper contract item
362 -- Subprogram bodies, the applicable pragmas are:
363 -- Postcondition
364 -- Precondition
365 -- Refined_Depends
366 -- Refined_Global
367 -- Refined_Post
371 Add_Classification;
374 | Name_Precondition
375 | Name_Refined_Post
376 then
377 Add_Pre_Post_Condition;
379 -- The pragma is not a proper contract item
381 else
385 -- Task bodies, the applicable pragmas are:
386 -- Refined_Depends
387 -- Refined_Global
391 Add_Classification;
393 -- The pragma is not a proper contract item
395 else
399 -- Task units, the applicable pragmas are:
400 -- Depends
401 -- Global
402 -- Part_Of
404 -- Variables, the applicable pragmas are:
405 -- Async_Readers
406 -- Async_Writers
407 -- Constant_After_Elaboration
408 -- Depends
409 -- Effective_Reads
410 -- Effective_Writes
411 -- Global
412 -- No_Caching
413 -- Part_Of
417 | Name_Async_Writers
418 | Name_Constant_After_Elaboration
419 | Name_Depends
420 | Name_Effective_Reads
421 | Name_Effective_Writes
422 | Name_Global
423 | Name_No_Caching
424 | Name_Part_Of
425 then
426 Add_Classification;
428 -- The pragma is not a proper contract item
430 else
434 else
439 -----------------------
440 -- Analyze_Contracts --
441 -----------------------
446 begin
450 -- Entry or subprogram declarations
453 | N_Entry_Declaration
454 | N_Generic_Subprogram_Declaration
455 | N_Subprogram_Declaration
456 then
459 -- Entry or subprogram bodies
464 -- Objects
469 -- Package instantiation
474 -- Protected units
477 | N_Single_Protected_Declaration
478 then
481 -- Subprogram body stubs
486 -- Task units
489 | N_Task_Type_Declaration
490 then
493 -- For type declarations, we need to do the preanalysis of Iterable
494 -- and the 3 Xxx_Literal aspect specifications.
496 -- Other type aspects need to be resolved here???
500 then
501 declare
511 begin
529 | N_Private_Type_Declaration
530 | N_Task_Type_Declaration
531 | N_Protected_Type_Declaration
532 | N_Formal_Type_Declaration
533 then
541 -------------------------------------
542 -- Analyze_Pragmas_In_Declarations --
543 -------------------------------------
548 begin
549 -- Move through the body's declarations analyzing all pragmas which
550 -- appear at the top of the declarations.
557 if Pragma_Significant_To_Subprograms
559 then
563 -- Skip the renamings of discriminants and protection fields
568 -- We have reached something which is not a pragma so we can be sure
569 -- there are no more contracts or pragmas which need to be taken into
570 -- account.
572 else
580 -----------------------------------------------
581 -- Analyze_Entry_Or_Subprogram_Body_Contract --
582 -----------------------------------------------
584 -- WARNING: This routine manages SPARK regions. Return statements must be
585 -- replaced by gotos which jump to the end of the routine and restore the
586 -- SPARK mode.
593 begin
594 -- When a subprogram body declaration is illegal, its defining entity is
595 -- left unanalyzed. There is nothing left to do in this case because the
596 -- body lacks a contract, or even a proper Ekind.
601 -- Do not analyze a contract multiple times
606 else
610 -- When this is a subprogram body not coming from source, for example an
611 -- expression function, it does not cause freezing of previous contracts
612 -- (see Analyze_Subprogram_Body_Helper), in particular not of those on
613 -- its spec if it exists. In this case make sure they have been properly
614 -- analyzed before being expanded below, as we may be invoked during the
615 -- freezing of the subprogram in the middle of its enclosing declarative
616 -- part because the declarative part contains e.g. the declaration of a
617 -- variable initialized by means of a call to the subprogram.
623 then
627 -- Ensure that the contract cases or postconditions mention 'Result or
628 -- define a post-state.
632 -- Capture all global references in a generic subprogram body now that
633 -- the contract has been analyzed.
636 Save_Global_References_In_Contract
641 -- Deal with preconditions, [refined] postconditions, Always_Terminates,
642 -- Contract_Cases, Exceptional_Cases, Subprogram_Variant, invariants and
643 -- predicates associated with body and its spec. Do not expand the
644 -- contract of subprogram body stubs.
651 ------------------------------------------
652 -- Analyze_Entry_Or_Subprogram_Contract --
653 ------------------------------------------
655 -- WARNING: This routine manages SPARK regions. Return statements must be
656 -- replaced by gotos which jump to the end of the routine and restore the
657 -- SPARK mode.
659 procedure Analyze_Entry_Or_Subprogram_Contract
662 is
671 -- Save the SPARK_Mode-related data to restore on exit
681 begin
682 -- Do not analyze a contract multiple times
687 else
692 -- Due to the timing of contract analysis, delayed pragmas may be
693 -- subject to the wrong SPARK_Mode, usually that of the enclosing
694 -- context. To remedy this, restore the original SPARK_Mode of the
695 -- related subprogram body.
699 -- All subprograms carry a contract, but for some it is not significant
700 -- and should not be processed.
707 -- Do not analyze the pre/postconditions of an entry declaration
708 -- unless annotating the original tree for GNATprove. The
709 -- real analysis occurs when the pre/postconditons are relocated to
710 -- the contract wrapper procedure (see Build_Contract_Wrapper).
715 -- Otherwise analyze the pre/postconditions.
716 -- If these come from an aspect specification, their expressions
717 -- might include references to types that are not frozen yet, in the
718 -- case where the body is a rewritten expression function that is a
719 -- completion, so freeze all types within before constructing the
720 -- contract code.
722 else
723 declare
727 begin
736 then
743 if Freeze_Types
745 then
746 Freeze_Expr_Types
749 Expr =>
750 Expression
761 -- Analyze contract-cases, subprogram-variant and test-cases
772 -- Do not analyze the contract cases of an entry declaration
773 -- unless annotating the original tree for GNATprove.
774 -- The real analysis occurs when the contract cases are moved
775 -- to the contract wrapper procedure (Build_Contract_Wrapper).
780 -- Otherwise analyze the contract cases
782 else
792 else
800 -- Analyze classification pragmas
816 -- Analyze Global first, as Depends may mention items classified in
817 -- the global categorization.
823 -- Depends must be analyzed after Global in order to see the modes of
824 -- all global items.
830 -- Ensure that the contract cases or postconditions mention 'Result
831 -- or define a post-state.
836 -- Restore the SPARK_Mode of the enclosing context after all delayed
837 -- pragmas have been analyzed.
841 -- Capture all global references in a generic subprogram now that the
842 -- contract has been analyzed.
845 Save_Global_References_In_Contract
851 ----------------------------------------------
852 -- Check_Type_Or_Object_External_Properties --
853 ----------------------------------------------
855 procedure Check_Type_Or_Object_External_Properties
857 is
860 -- Local variables
870 -- Start of processing for Check_Type_Or_Object_External_Properties
872 begin
873 -- Analyze all external properties
876 -- If the parent type of a derived type is volatile
877 -- then the derived type inherits volatility-related flags.
880 declare
883 begin
897 declare
899 begin
903 Error_Msg_N
905 Prag);
913 declare
915 begin
919 Error_Msg_N
921 Prag);
929 declare
931 begin
935 Error_Msg_N
937 Prag);
945 declare
947 begin
951 Error_Msg_N
953 Prag);
958 -- Verify the mutual interaction of the various external properties.
959 -- For types and variables for which No_Caching is enabled, it has been
960 -- checked already that only False values for other external properties
961 -- are allowed.
963 if Seen
965 then
966 Check_External_Properties
970 -- Analyze the non-external volatility property No_Caching
979 -----------------------------
980 -- Analyze_Object_Contract --
981 -----------------------------
983 -- WARNING: This routine manages SPARK regions. Return statements must be
984 -- replaced by gotos which jump to the end of the routine and restore the
985 -- SPARK mode.
987 procedure Analyze_Object_Contract
990 is
995 -- Save the SPARK_Mode-related data to restore on exit
1001 begin
1002 -- The loop parameter in an element iterator over a formal container
1003 -- is declared with an object declaration, but no contracts apply.
1009 -- Do not analyze a contract multiple times
1016 else
1021 -- The anonymous object created for a single concurrent type inherits
1022 -- the SPARK_Mode from the type. Due to the timing of contract analysis,
1023 -- delayed pragmas may be subject to the wrong SPARK_Mode, usually that
1024 -- of the enclosing context. To remedy this, restore the original mode
1025 -- of the related anonymous object.
1029 then
1033 -- Checks related to external properties, same for constants and
1034 -- variables.
1038 -- Constant-related checks
1042 -- Analyze indicator Part_Of
1046 -- Check whether the lack of indicator Part_Of agrees with the
1047 -- placement of the constant with respect to the state space.
1053 -- Variable-related checks
1057 -- The anonymous object created for a single task type carries
1058 -- pragmas Depends and Global of the type.
1062 -- Analyze Global first, as Depends may mention items classified
1063 -- in the global categorization.
1071 -- Depends must be analyzed after Global in order to see the modes
1072 -- of all global items.
1083 -- Analyze indicator Part_Of
1088 -- The variable is a constituent of a single protected/task type
1089 -- and behaves as a component of the type. Verify that references
1090 -- to the variable occur within the definition or body of the type
1091 -- (SPARK RM 9.3).
1094 and then Is_Single_Concurrent_Object
1097 then
1105 -- Otherwise check whether the lack of indicator Part_Of agrees with
1106 -- the placement of the variable with respect to the state space.
1108 else
1113 -- Common checks
1117 -- A Ghost object cannot be of a type that yields a synchronized
1118 -- object (SPARK RM 6.9(19)).
1123 -- A Ghost object cannot be imported or exported (SPARK RM 6.9(7)).
1124 -- One exception to this is the object that represents the dispatch
1125 -- table of a Ghost tagged type, as the symbol needs to be exported.
1135 -- Restore the SPARK_Mode of the enclosing context after all delayed
1136 -- pragmas have been analyzed.
1141 -----------------------------------
1142 -- Analyze_Package_Body_Contract --
1143 -----------------------------------
1145 -- WARNING: This routine manages SPARK regions. Return statements must be
1146 -- replaced by gotos which jump to the end of the routine and restore the
1147 -- SPARK mode.
1149 procedure Analyze_Package_Body_Contract
1152 is
1159 -- Save the SPARK_Mode-related data to restore on exit
1163 begin
1164 -- Do not analyze a contract multiple times
1169 else
1174 -- Due to the timing of contract analysis, delayed pragmas may be
1175 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1176 -- context. To remedy this, restore the original SPARK_Mode of the
1177 -- related package body.
1183 -- The analysis of pragma Refined_State detects whether the spec has
1184 -- abstract states available for refinement.
1190 -- Restore the SPARK_Mode of the enclosing context after all delayed
1191 -- pragmas have been analyzed.
1195 -- Capture all global references in a generic package body now that the
1196 -- contract has been analyzed.
1199 Save_Global_References_In_Contract
1205 ------------------------------
1206 -- Analyze_Package_Contract --
1207 ------------------------------
1209 -- WARNING: This routine manages SPARK regions. Return statements must be
1210 -- replaced by gotos which jump to the end of the routine and restore the
1211 -- SPARK mode.
1219 -- Save the SPARK_Mode-related data to restore on exit
1226 begin
1227 -- Do not analyze a contract multiple times
1233 -- Do not analyze the contract of the internal package
1234 -- created to check conformance of an actual package.
1235 -- Such an internal package is removed from the tree after
1236 -- legality checks are completed, and it does not contain
1237 -- the declarations of all local entities of the generic.
1241 then
1244 else
1249 -- Due to the timing of contract analysis, delayed pragmas may be
1250 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1251 -- context. To remedy this, restore the original SPARK_Mode of the
1252 -- related package.
1258 -- Locate and store pragmas Initial_Condition and Initializes, since
1259 -- their order of analysis matters.
1275 -- Analyze the initialization-related pragmas. Initializes must come
1276 -- before Initial_Condition due to item dependencies.
1287 -- Restore the SPARK_Mode of the enclosing context after all delayed
1288 -- pragmas have been analyzed.
1292 -- Capture all global references in a generic package now that the
1293 -- contract has been analyzed.
1296 Save_Global_References_In_Contract
1302 --------------------------------------------
1303 -- Analyze_Package_Instantiation_Contract --
1304 --------------------------------------------
1306 -- WARNING: This routine manages SPARK regions. Return statements must be
1307 -- replaced by gotos which jump to the end of the routine and restore the
1308 -- SPARK mode.
1316 -- Save the SPARK_Mode-related data to restore on exit
1321 begin
1322 -- Nothing to do when the package instantiation is erroneous or left
1323 -- partially decorated.
1332 -- Due to the timing of contract analysis, delayed pragmas may be
1333 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1334 -- context. To remedy this, restore the original SPARK_Mode of the
1335 -- related package.
1339 -- Check whether the lack of indicator Part_Of agrees with the placement
1340 -- of the package instantiation with respect to the state space. Nested
1341 -- package instantiations do not need to be checked because they inherit
1342 -- Part_Of indicator of the outermost package instantiation (see routine
1343 -- Propagate_Part_Of in Sem_Prag).
1352 -- Restore the SPARK_Mode of the enclosing context after all delayed
1353 -- pragmas have been analyzed.
1358 --------------------------------
1359 -- Analyze_Protected_Contract --
1360 --------------------------------
1365 begin
1366 -- Do not analyze a contract multiple times
1371 else
1377 -------------------------------------------
1378 -- Analyze_Subprogram_Body_Stub_Contract --
1379 -------------------------------------------
1385 begin
1386 -- A subprogram body stub may act as its own spec or as the completion
1387 -- of a previous declaration. Depending on the context, the contract of
1388 -- the stub may contain two sets of pragmas.
1390 -- The stub is a completion, the applicable pragmas are:
1391 -- Refined_Depends
1392 -- Refined_Global
1397 -- The stub acts as its own spec, the applicable pragmas are:
1398 -- Always_Terminates
1399 -- Contract_Cases
1400 -- Depends
1401 -- Exceptional_Cases
1402 -- Global
1403 -- Postcondition
1404 -- Precondition
1405 -- Subprogram_Variant
1406 -- Test_Case
1408 else
1413 ---------------------------
1414 -- Analyze_Task_Contract --
1415 ---------------------------
1417 -- WARNING: This routine manages SPARK regions. Return statements must be
1418 -- replaced by gotos which jump to the end of the routine and restore the
1419 -- SPARK mode.
1426 -- Save the SPARK_Mode-related data to restore on exit
1430 begin
1431 -- Do not analyze a contract multiple times
1436 else
1441 -- Due to the timing of contract analysis, delayed pragmas may be
1442 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1443 -- context. To remedy this, restore the original SPARK_Mode of the
1444 -- related task unit.
1448 -- Analyze Global first, as Depends may mention items classified in the
1449 -- global categorization.
1457 -- Depends must be analyzed after Global in order to see the modes of
1458 -- all global items.
1466 -- Restore the SPARK_Mode of the enclosing context after all delayed
1467 -- pragmas have been analyzed.
1472 ---------------------------
1473 -- Analyze_Type_Contract --
1474 ---------------------------
1477 begin
1478 Check_Type_Or_Object_External_Properties
1481 -- Analyze Pre/Post on access-to-subprogram type
1484 Analyze_Entry_Or_Subprogram_Contract
1489 ---------------------------------------
1490 -- Build_Subprogram_Contract_Wrapper --
1491 ---------------------------------------
1493 procedure Build_Subprogram_Contract_Wrapper
1498 is
1509 begin
1510 -- When there are no postcondition statements we do not need to
1511 -- generate a wrapper.
1517 -- Obtain the related subprogram id from the body id.
1521 else
1526 -- Generate the contracts wrapper by moving the original declarations
1527 -- and statements within a local subprogram, calling it and possibly
1528 -- preserving the result for the purpose of evaluating postconditions,
1529 -- contracts, type invariants, etc.
1531 -- In the case of a function, generate:
1532 --
1533 -- function Original_Func (X : in out Integer) return Typ is
1534 -- <prologue renamings>
1535 -- <preconditions>
1536 --
1537 -- function _Wrapped_Statements return Typ is
1538 -- <original declarations>
1539 -- begin
1540 -- <original statements>
1541 -- end;
1542 --
1543 -- begin
1544 -- return
1545 -- Result_Obj : constant Typ := _Wrapped_Statements
1546 -- do
1547 -- <postconditions statements>
1548 -- end return;
1549 -- end;
1551 -- Or else, in the case of a procedure, generate:
1552 --
1553 -- procedure Original_Proc (X : in out Integer) is
1554 -- <prologue renamings>
1555 -- <preconditions>
1556 --
1557 -- procedure _Wrapped_Statements is
1558 -- <original declarations>
1559 -- begin
1560 -- <original statements>
1561 -- end;
1562 --
1563 -- begin
1564 -- _Wrapped_Statements;
1565 -- <postconditions statements>
1566 -- end;
1568 -- Create Identifier
1575 Set_Has_Pragma_Inline_Always
1578 -- Create specification and declaration for the wrapper
1581 Wrapper_Spec :=
1584 else
1585 Wrapper_Spec :=
1591 -- Create the wrapper body using Body_Id's statements and declarations
1593 Wrapper_Body :=
1597 Handled_Statement_Sequence =>
1606 -- Prepend a call to the wrapper when the subprogram is a procedure
1612 Set_Statements
1615 -- Generate the post-execution statements and the extended return
1616 -- when the subprogram being wrapped is a function.
1618 else
1625 Object_Definition =>
1627 Expression =>
1629 Name =>
1631 Handled_Statement_Sequence =>
1637 ----------------------------------
1638 -- Build_Entry_Contract_Wrapper --
1639 ----------------------------------
1645 procedure Add_Discriminant_Renamings
1648 -- Add renaming declarations for all discriminants of concurrent type
1649 -- Conc_Typ. Obj_Id is the entity of the wrapper formal parameter which
1650 -- represents the concurrent object.
1652 procedure Add_Matching_Formals
1655 -- Add formal parameters that match those of entry E to list Formals.
1656 -- The routine also adds matching actuals for the new formals to list
1657 -- Actuals.
1660 -- Relocate pragma Prag to list To. The routine creates a new list if
1661 -- To does not exist.
1663 --------------------------------
1664 -- Add_Discriminant_Renamings --
1665 --------------------------------
1667 procedure Add_Discriminant_Renamings
1670 is
1674 begin
1675 -- Inspect the discriminants of the concurrent type and generate a
1676 -- renaming for each one.
1681 Renaming_Decl :=
1683 Defining_Identifier =>
1685 Subtype_Mark =>
1687 Name =>
1690 Selector_Name =>
1700 --------------------------
1701 -- Add_Matching_Formals --
1702 --------------------------
1704 procedure Add_Matching_Formals
1707 is
1711 begin
1712 -- Inspect the formal parameters of the entry and generate a new
1713 -- matching formal with the same name for the wrapper. A reference
1714 -- to the new formal becomes an actual in the entry call.
1724 Parameter_Type =>
1736 ---------------------
1737 -- Transfer_Pragma --
1738 ---------------------
1743 begin
1754 -- Local variables
1768 -- Start of processing for Build_Entry_Contract_Wrapper
1770 begin
1771 -- This routine generates a specialized wrapper for a protected or task
1772 -- entry [family] which implements precondition/postcondition semantics.
1773 -- Preconditions and case guards of contract cases are checked before
1774 -- the protected action or rendezvous takes place.
1776 -- procedure Wrapper
1777 -- (Obj_Id : Conc_Typ; -- concurrent object
1778 -- [Index : Index_Typ;] -- index of entry family
1779 -- [Formal_1 : ...; -- parameters of original entry
1780 -- Formal_N : ...])
1781 -- is
1782 -- [Discr_1 : ... renames Obj_Id.Discr_1; -- discriminant
1783 -- Discr_N : ... renames Obj_Id.Discr_N;] -- renamings
1785 -- <contracts pragmas>
1786 -- <case guard checks>
1788 -- begin
1789 -- Entry_Call (Obj_Id, [Index,] [Formal_1, Formal_N]);
1790 -- end Wrapper;
1792 -- Create the wrapper only when the entry has at least one executable
1793 -- contract item such as contract cases, precondition or postcondition.
1797 -- Inspect the list of pre/postconditions and transfer all available
1798 -- pragmas to the declarative list of the wrapper.
1803 | Name_Precondition
1805 then
1813 -- Inspect the list of test/contract cases and transfer only contract
1814 -- cases pragmas to the declarative part of the wrapper.
1820 then
1829 -- The entry lacks executable contract items and a wrapper is not needed
1835 -- Create the profile of the wrapper. The first formal parameter is the
1836 -- concurrent object.
1838 Obj_Id :=
1849 -- Construct the call to the original entry. The call will be gradually
1850 -- augmented with an optional entry index and extra parameters.
1852 Call_Nam :=
1857 -- When creating a wrapper for an entry family, the second formal is the
1858 -- entry index.
1866 Parameter_Type =>
1869 -- The call to the original entry becomes an indexed component to
1870 -- accommodate the entry index.
1872 Call_Nam :=
1878 -- Add formal parameters to match those of the entry and build actuals
1879 -- for the entry call.
1883 Call :=
1888 -- Add renaming declarations for the discriminants of the enclosing type
1889 -- as the various contract items may reference them.
1893 Wrapper_Id :=
1898 -- The wrapper body is analyzed when the enclosing type is frozen
1902 Specification =>
1907 Handled_Statement_Sequence =>
1912 ---------------------------
1913 -- Check_Class_Condition --
1914 ---------------------------
1916 procedure Check_Class_Condition
1921 is
1923 -- Check reference to formal of inherited operation or to primitive
1924 -- operation of root type.
1926 ------------------
1927 -- Check_Entity --
1928 ------------------
1934 begin
1937 and then
1939 and then
1942 then
1943 -- These checks do not apply to dispatching calls within the
1944 -- condition, but only to calls whose static tag is that of
1945 -- the parent type.
1950 then
1954 -- Determine whether entity has a renaming
1961 -- AI12-0166: A precondition for a protected operation
1962 -- cannot include an internal call to a protected function
1963 -- of the type. In the case of an inherited condition for an
1964 -- overriding operation, both the operation and the function
1965 -- are given by primitive wrappers.
1967 if Is_Precondition
1972 then
1974 Error_Msg_NE
1981 -- Check that there are no calls left to abstract operations if
1982 -- the current subprogram is not abstract.
1987 then
1990 then
1995 Error_Msg_NE
1998 else
1999 Error_Msg_NE
2004 -- In SPARK mode, report error on inherited condition for an
2005 -- inherited operation if it contains a call to an overriding
2006 -- operation, because this implies that the pre/postconditions
2007 -- of the inherited operation have changed silently.
2010 and then Warn_On_Suspicious_Contract
2014 then
2015 Error_Msg_N
2020 Error_Msg_NE
2033 -- Start of processing for Check_Class_Condition
2035 begin
2036 -- No check required if the subprograms match
2047 -----------------------------
2048 -- Create_Generic_Contract --
2049 -----------------------------
2056 -- Add a single contract-related source pragma Prag to the contract of
2057 -- generic template Templ_Id.
2059 ---------------------------------
2060 -- Add_Generic_Contract_Pragma --
2061 ---------------------------------
2066 begin
2067 -- Mark the pragma to prevent the premature capture of global
2068 -- references when capturing global references of the context
2069 -- (see Save_References_In_Pragma).
2073 -- Pragmas that apply to a generic subprogram declaration are not
2074 -- part of the semantic structure of the generic template:
2076 -- generic
2077 -- procedure Example (Formal : Integer);
2078 -- pragma Precondition (Formal > 0);
2080 -- Create a generic template for such pragmas and link the template
2081 -- of the pragma with the generic template.
2084 Rewrite
2091 -- Otherwise link the pragma with the generic template
2093 else
2097 exception
2098 -- We do not stop the compilation at this point in the case of an
2099 -- invalid pragma because it will be properly diagnosed afterward.
2104 -- Local variables
2109 -- Start of processing for Create_Generic_Contract
2111 begin
2112 -- A generic package declaration carries contract-related source pragmas
2113 -- in its visible declarations.
2122 -- A generic package body carries contract-related source pragmas in its
2123 -- declarations.
2132 -- Generic subprogram declaration
2137 else
2141 -- When the generic subprogram acts as a compilation unit, inspect
2142 -- the Pragmas_After list for contract-related source pragmas.
2147 then
2151 -- Otherwise inspect the successive declarations for contract-related
2152 -- source pragmas.
2154 else
2158 -- A generic subprogram body carries contract-related source pragmas in
2159 -- its declarations.
2169 -- Inspect the relevant declarations looking for contract-related source
2170 -- pragmas and add them to the contract of the generic unit.
2176 -- The source pragma is a contract annotation
2182 -- The region where a contract-related source pragma may appear
2183 -- ends with the first source non-pragma declaration or statement.
2185 else
2194 --------------------------------
2195 -- Expand_Subprogram_Contract --
2196 --------------------------------
2202 procedure Add_Invariant_And_Predicate_Checks
2206 -- Process the result of function Subp_Id (if applicable) and all its
2207 -- formals. Add invariant and predicate checks where applicable. The
2208 -- routine appends all the checks to list Stmts. If Subp_Id denotes a
2209 -- function, Result contains the entity of parameter _Result, to be
2210 -- used in the creation of procedure _Postconditions.
2212 procedure Add_Stable_Property_Contracts
2214 -- Augment postcondition contracts to reflect Stable_Property aspect
2215 -- (if Class_Present = False) or Stable_Property'Class aspect (if
2216 -- Class_Present = True).
2219 -- Append a node to a list. If there is no list, create a new one. When
2220 -- the item denotes a pragma, it is added to the list only when it is
2221 -- enabled.
2223 procedure Process_Contract_Cases
2226 -- Process pragma Contract_Cases. This routine prepends items to the
2227 -- body declarations and appends items to list Stmts.
2230 -- Collect all [inherited] spec and body postconditions and accumulate
2231 -- their pragma Check equivalents in list Stmts.
2234 -- Collect all [inherited] spec and body preconditions and prepend their
2235 -- pragma Check equivalents to the declarations of the body.
2237 ----------------------------------------
2238 -- Add_Invariant_And_Predicate_Checks --
2239 ----------------------------------------
2241 procedure Add_Invariant_And_Predicate_Checks
2245 is
2247 -- Id denotes the return value of a function or a formal parameter.
2248 -- Add an invariant check if the type of Id is access to a type with
2249 -- invariants. The routine appends the generated code to Stmts.
2252 -- Determine whether type Typ can benefit from invariant checks. To
2253 -- qualify, the type must have a non-null invariant procedure and
2254 -- subprogram Subp_Id must appear visible from the point of view of
2255 -- the type.
2257 ---------------------------------
2258 -- Add_Invariant_Access_Checks --
2259 ---------------------------------
2266 begin
2273 Ref :=
2278 -- Generate:
2279 -- if <Id> /= null then
2280 -- <invariant_call (<Ref>)>
2281 -- end if;
2283 Append_Enabled_Item
2286 Condition =>
2297 -------------------------
2298 -- Invariant_Checks_OK --
2299 -------------------------
2303 -- Determine whether type Typ has public visibility of subprogram
2304 -- Subp_Id.
2306 -----------------------------------------
2307 -- Has_Public_Visibility_Of_Subprogram --
2308 -----------------------------------------
2313 begin
2314 -- An Initialization procedure must be considered visible even
2315 -- though it is internally generated.
2323 -- Internally generated code is never publicly visible except
2324 -- for a subprogram that is the implementation of an expression
2325 -- function. In that case the visibility is determined by the
2326 -- last check.
2329 and then
2331 or else not
2333 then
2336 -- Determine whether the subprogram is declared in the visible
2337 -- declarations of the package containing the type, or in the
2338 -- visible declaration of a child unit of that package.
2341 declare
2348 begin
2349 return
2350 Decls = Visible_Declarations
2353 or else
2357 and then
2359 and then
2360 Decls = Visible_Declarations
2361 (Specification
2365 -- Determine whether the subprogram is a child subprogram of
2366 -- of the package containing the type.
2368 else
2369 pragma Assert
2372 declare
2377 begin
2378 return
2380 and then
2382 or else
2384 and then Is_Ancestor_Package
2390 -- Start of processing for Invariant_Checks_OK
2392 begin
2393 return
2400 -- Local variables
2403 -- Source location of subprogram body contract
2408 -- Start of processing for Add_Invariant_And_Predicate_Checks
2410 begin
2413 -- Process the result of a function
2418 -- Generate _Result which is used in procedure _Postconditions to
2419 -- verify the return value.
2424 -- Add an invariant check when the return type has invariants and
2425 -- the related function is visible to the outside.
2428 Append_Enabled_Item
2434 -- Add an invariant check when the return type is an access to a
2435 -- type with invariants.
2440 -- Add invariant checks for all formals that qualify (see AI05-0289
2441 -- and AI12-0044).
2450 then
2452 Append_Enabled_Item
2460 -- Note: we used to add predicate checks for OUT and IN OUT
2461 -- formals here, but that was misguided, since such checks are
2462 -- performed on the caller side, based on the predicate of the
2463 -- actual, rather than the predicate of the formal.
2471 -----------------------------------
2472 -- Add_Stable_Property_Contracts --
2473 -----------------------------------
2475 procedure Add_Stable_Property_Contracts
2477 is
2480 procedure Insert_Stable_Property_Check
2482 -- Build the pragma for one check and insert it in the tree.
2484 function Make_Stable_Property_Condition
2486 -- Builds tree for "Func (Formal) = Func (Formal)'Old" expression.
2488 function Stable_Properties
2491 -- If no aspect specified, then returns length-zero result.
2492 -- Negated indicates that reserved word NOT was specified.
2494 ----------------------------------
2495 -- Insert_Stable_Property_Check --
2496 ----------------------------------
2498 procedure Insert_Stable_Property_Check
2502 New_List
2503 (Make_Pragma_Argument_Association
2505 Expression =>
2506 Make_Stable_Property_Condition
2509 Make_Pragma_Argument_Association
2511 Expression =>
2512 Make_String_Literal
2514 Strval =>
2515 "failed stable property check at "
2523 )));
2527 Pragma_Identifier =>
2533 begin
2534 -- Enclosing_Declaration may return, for example,
2535 -- a N_Procedure_Specification node. Cope with this.
2536 loop
2546 ------------------------------------
2547 -- Make_Stable_Property_Condition --
2548 ------------------------------------
2550 function Make_Stable_Property_Condition
2552 is
2554 (Make_Function_Call
2556 Name =>
2558 Parameter_Associations =>
2560 begin
2561 return Make_Op_Eq
2563 Call_Property_Function,
2564 Make_Attribute_Reference
2570 -----------------------
2571 -- Stable_Properties --
2572 -----------------------
2574 function Stable_Properties
2576 return Subprogram_List
2577 is
2579 Find_Value_Of_Aspect
2582 begin
2583 -- ??? For a derived type, we wish Find_Value_Of_Aspect
2584 -- somehow knew that this aspect is not inherited.
2585 -- But it doesn't, so we cope with that here.
2586 --
2587 -- There are probably issues here with inheritance from
2588 -- interface types, where just looking for the one parent type
2589 -- isn't enough. But this is far from the only work needed for
2590 -- Stable_Properties'Class for interface types.
2593 declare
2596 begin
2598 Find_Value_Of_Aspect
2601 then
2602 -- prevent inheritance
2610 -- This is a little bit subtle.
2611 -- We need to assign True in the Subp_Id case in order to
2612 -- distinguish between no aspect spec at all vs. an
2613 -- explicitly specified "with S_P => []" empty list.
2614 -- In both cases Stable_Properties will return a length-0
2615 -- array, but the two cases are not equivalent.
2616 -- Very roughly speaking the lack of an S_P aspect spec for
2617 -- a subprogram would be equivalent to something like
2618 -- "with S_P => [not]", where we apply the "not" modifier to
2619 -- an empty set of subprograms, if such a construct existed.
2620 -- We could just assign True here, but it seems untidy to
2621 -- return True in the case of an aspect spec for a type
2622 -- (since negation is only allowed for subp S_P aspects).
2625 else
2626 return Parse_Aspect_Stable_Properties
2638 -- start of processing for Add_Stable_Property_Contracts
2640 begin
2642 then
2654 then
2655 -- ??? Need to filter out checks for SPFs that are
2656 -- mentioned explicitly in the postcondition of
2657 -- Subp_Id.
2659 Insert_Stable_Property_Check
2665 declare
2671 function Excluded_By_Aspect_Spec_Of_Subp
2673 -- Examine Subp_Properties to determine whether SPF should
2674 -- be excluded.
2676 -------------------------------------
2677 -- Excluded_By_Aspect_Spec_Of_Subp --
2678 -------------------------------------
2680 function Excluded_By_Aspect_Spec_Of_Subp
2682 begin
2684 -- Look through renames for equality test here ???
2688 -- Look through renames for equality test here ???
2691 begin
2695 -- ??? Need to filter out checks for SPFs that are
2696 -- mentioned explicitly in the postcondition of
2697 -- Subp_Id.
2698 Insert_Stable_Property_Check
2709 -------------------------
2710 -- Append_Enabled_Item --
2711 -------------------------
2714 begin
2715 -- Do not chain ignored or disabled pragmas
2719 then
2722 -- Otherwise, add the item
2724 else
2729 -- If the pragma is a conjunct in a composite postcondition, it
2730 -- has been processed in reverse order. In the postcondition body
2731 -- it must appear before the others.
2736 then
2738 else
2744 ----------------------------
2745 -- Process_Contract_Cases --
2746 ----------------------------
2748 procedure Process_Contract_Cases
2751 is
2753 -- Process pragma Contract_Cases for subprogram Subp_Id
2755 --------------------------------
2756 -- Process_Contract_Cases_For --
2757 --------------------------------
2763 begin
2772 Expand_Pragma_Contract_Cases
2782 Expand_Pragma_Subprogram_Variant
2794 -- Start of processing for Process_Contract_Cases
2796 begin
2804 ----------------------------
2805 -- Process_Postconditions --
2806 ----------------------------
2810 -- Collect all [refined] postconditions of a specific kind denoted
2811 -- by Post_Nam that belong to the body, and generate pragma Check
2812 -- equivalents in list Stmts.
2815 -- Collect all [inherited] postconditions of the spec, and generate
2816 -- pragma Check equivalents in list Stmts.
2818 ---------------------------------
2819 -- Process_Body_Postconditions --
2820 ---------------------------------
2828 begin
2829 -- Process the contract
2836 then
2837 Append_Enabled_Item
2846 -- The subprogram body being processed is actually the proper body
2847 -- of a stub with a corresponding spec. The subprogram stub may
2848 -- carry a postcondition pragma, in which case it must be taken
2849 -- into account. The pragma appears after the stub.
2855 -- Note that non-matching pragmas are skipped
2860 then
2861 Append_Enabled_Item
2866 -- Skip internally generated code
2871 -- Postcondition pragmas are usually grouped together. There
2872 -- is no need to inspect the whole declarative list.
2874 else
2883 ---------------------------------
2884 -- Process_Spec_Postconditions --
2885 ---------------------------------
2893 -- Return True if the contract of subprogram Subp_Id has been
2894 -- processed.
2896 ---------------
2897 -- Seen_Subp --
2898 ---------------
2901 begin
2911 -- Local variables
2918 -- Start of processing for Process_Spec_Postconditions
2920 begin
2921 -- Process the contract
2930 then
2931 Append_Enabled_Item
2940 -- Process the contracts of all inherited subprograms, looking for
2941 -- class-wide postconditions.
2950 -- Wrappers of class-wide pre/postconditions reference the
2951 -- parent primitive that has the inherited contract.
2955 then
2968 then
2969 Item :=
2970 Build_Pragma_Check_Equivalent
2975 -- The pragma Check equivalent of the class-wide
2976 -- postcondition is still created even though the
2977 -- pragma may be ignored because the equivalent
2978 -- performs semantic checks.
2992 -- Stmts is passed as IN OUT to signal that the list can be updated,
2993 -- even if the corresponding integer value representing the list does
2994 -- not change.
2996 -- Start of processing for Process_Postconditions
2998 begin
2999 -- The processing of postconditions is done in reverse order (body
3000 -- first) to ensure the following arrangement:
3002 -- <refined postconditions from body>
3003 -- <postconditions from body>
3004 -- <postconditions from spec>
3005 -- <inherited postconditions>
3011 Process_Spec_Postconditions;
3015 ---------------------------
3016 -- Process_Preconditions --
3017 ---------------------------
3021 -- The insertion node after which all pragma Check equivalents are
3022 -- inserted.
3025 -- Prepend a single item to the declarations of the subprogram body
3028 -- Prepend a normal precondition to the declarations of the body and
3029 -- analyze it.
3032 -- Collect all preconditions of subprogram Subp_Id and prepend their
3033 -- pragma Check equivalents to the declarations of the body.
3035 ----------------------
3036 -- Prepend_To_Decls --
3037 ----------------------
3040 begin
3041 -- Ensure that the body has a declarative list
3051 -----------------------------
3052 -- Prepend_Pragma_To_Decls --
3053 -----------------------------
3058 begin
3059 -- Skip the sole class-wide precondition (if any) since it is
3060 -- processed by Merge_Class_Conditions.
3065 -- Accumulate the corresponding Check pragmas at the top of the
3066 -- declarations. Prepending the items ensures that they will be
3067 -- evaluated in their original order.
3069 else
3076 -------------------------------
3077 -- Process_Preconditions_For --
3078 -------------------------------
3087 begin
3088 -- Process the contract. If the body is an expression function
3089 -- that is a completion, freeze types within, because this may
3090 -- not have been done yet, when the subprogram declaration and
3091 -- its completion by an expression function appear in distinct
3092 -- declarative lists of the same unit (visible and private).
3094 Freeze_T :=
3105 then
3106 if Freeze_T
3108 then
3109 Freeze_Expr_Types
3112 Expr =>
3113 Expression
3125 -- The subprogram declaration being processed is actually a body
3126 -- stub. The stub may carry a precondition pragma, in which case
3127 -- it must be taken into account. The pragma appears after the
3128 -- stub.
3132 -- Inspect the declarations following the body stub
3137 -- Note that non-matching pragmas are skipped
3142 then
3146 -- Skip internally generated code
3151 -- Preconditions are usually grouped together. There is no
3152 -- need to inspect the whole declarative list.
3154 else
3163 -- Local variables
3169 -- Start of processing for Process_Preconditions
3171 begin
3172 -- Find the proper insertion point for all pragma Check equivalents
3178 -- First source declaration terminates the search, because all
3179 -- preconditions must be evaluated prior to it, by definition.
3184 -- Certain internally generated object renamings such as those
3185 -- for discriminants and protection fields must be elaborated
3186 -- before the preconditions are evaluated, as their expressions
3187 -- may mention the discriminants. The renamings include those
3188 -- for private components so we need to find the last such.
3193 loop
3199 -- Otherwise the declaration does not come from source. This
3200 -- also terminates the search, because internal code may raise
3201 -- exceptions which should not preempt the preconditions.
3203 else
3210 -- The processing of preconditions is done in reverse order (body
3211 -- first), because each pragma Check equivalent is inserted at the
3212 -- top of the declarations. This ensures that the final order is
3213 -- consistent with following diagram:
3215 -- <inherited preconditions>
3216 -- <preconditions from spec>
3217 -- <preconditions from body>
3221 -- Move the generated entry-call prologue renamings into the
3222 -- outer declarations for use in the preconditions.
3240 -- Local variables
3248 -- Start of processing for Expand_Subprogram_Contract
3250 begin
3251 -- Obtain the entity of the initial declaration
3255 else
3259 -- Do not perform expansion activity when it is not needed
3264 -- GNATprove does not need the executable semantics of a contract
3269 -- The contract of a generic subprogram or one declared in a generic
3270 -- context is not expanded, as the corresponding instance will provide
3271 -- the executable semantics of the contract.
3276 -- All subprograms carry a contract, but for some it is not significant
3277 -- and should not be processed. This is a small optimization.
3282 -- The contract of an ignored Ghost subprogram does not need expansion,
3283 -- because the subprogram and all calls to it will be removed.
3288 -- No action needed for helpers and indirect-call wrapper built to
3289 -- support class-wide preconditions.
3294 -- Do not re-expand the same contract. This scenario occurs when a
3295 -- construct is rewritten into something else during its analysis
3296 -- (expression functions for instance).
3302 -- Prevent multiple expansion attempts of the same contract
3306 -- Ensure that the formal parameters are visible when expanding all
3307 -- contract items.
3315 else
3320 -- The expansion of a subprogram contract involves the creation of Check
3321 -- pragmas to verify the contract assertions of the spec and body in a
3322 -- particular order. The order is as follows:
3324 -- function Original_Code (...) return ... is
3325 -- <prologue renamings>
3326 -- <inherited preconditions>
3327 -- <preconditions from spec>
3328 -- <preconditions from body>
3329 -- <contract case conditions>
3331 -- function _Wrapped_Statements (...) return ... is
3332 -- <source declarations>
3333 -- begin
3334 -- <source statements>
3335 -- end _Wrapped_Statements;
3337 -- begin
3338 -- return Result : constant ... := _Wrapped_Statements do
3339 -- <refined postconditions from body>
3340 -- <postconditions from body>
3341 -- <postconditions from spec>
3342 -- <inherited postconditions>
3343 -- <contract case consequences>
3344 -- <invariant check of function result>
3345 -- <invariant and predicate checks of parameters
3346 -- end return;
3347 -- end Original_Code;
3349 -- Step 1: augment contracts list with postconditions associated with
3350 -- Stable_Properties and Stable_Properties'Class aspects. This must
3351 -- precede Process_Postconditions.
3354 Add_Stable_Property_Contracts
3358 -- Step 2: Handle all preconditions. This action must come before the
3359 -- processing of pragma Contract_Cases because the pragma prepends items
3360 -- to the body declarations.
3364 -- Step 3: Handle all postconditions. This action must come before the
3365 -- processing of pragma Contract_Cases because the pragma appends items
3366 -- to list Stmts.
3370 -- Step 4: Handle pragma Contract_Cases. This action must come before
3371 -- the processing of invariants and predicates because those append
3372 -- items to list Stmts.
3376 -- Step 5: Apply invariant and predicate checks on a function result and
3377 -- all formals. The resulting checks are accumulated in list Stmts.
3381 -- Step 6: Construct subprogram _wrapped_statements
3383 -- When no statements are present we still need to insert contract
3384 -- related declarations.
3389 -- Otherwise, we need a wrapper
3391 else
3396 End_Scope;
3400 -------------------------------
3401 -- Freeze_Previous_Contracts --
3402 -------------------------------
3407 -- Determine whether arbitrary node N causes contract freezing. This is
3408 -- used as an assertion for the current body declaration that caused
3409 -- contract freezing, and as a condition to detect body declaration that
3410 -- already caused contract freezing before.
3414 -- Freeze the contracts of all eligible constructs which precede body
3415 -- Body_Decl.
3419 -- Freeze the contract of the nearest package body (if any) which
3420 -- encloses body Body_Decl.
3422 ------------------------------
3423 -- Causes_Contract_Freezing --
3424 ------------------------------
3427 begin
3428 -- The following condition matches guards for calls to
3429 -- Freeze_Previous_Contracts from routines that analyze various body
3430 -- declarations. In particular, it detects expression functions, as
3431 -- described in the call from Analyze_Subprogram_Body_Helper.
3433 return
3435 and then
3437 N_Entry_Body | N_Package_Body | N_Protected_Body |
3438 N_Subprogram_Body | N_Subprogram_Body_Stub | N_Task_Body;
3441 ----------------------
3442 -- Freeze_Contracts --
3443 ----------------------
3449 begin
3450 -- Nothing to do when the body which causes freezing does not appear
3451 -- in a declarative list because there cannot possibly be constructs
3452 -- with contracts.
3458 -- Inspect the declarations preceding the body, and freeze individual
3459 -- contracts of eligible constructs.
3464 -- Stop the traversal when a preceding construct that causes
3465 -- freezing is encountered as there is no point in refreezing
3466 -- the already frozen constructs.
3471 -- Entry or subprogram declarations
3474 | N_Entry_Declaration
3475 | N_Generic_Subprogram_Declaration
3476 | N_Subprogram_Declaration
3477 then
3478 Analyze_Entry_Or_Subprogram_Contract
3482 -- Objects
3485 Analyze_Object_Contract
3489 -- Protected units
3492 | N_Single_Protected_Declaration
3493 then
3496 -- Subprogram body stubs
3501 -- Task units
3504 | N_Task_Type_Declaration
3505 then
3510 | N_Private_Type_Declaration
3511 | N_Task_Type_Declaration
3512 | N_Protected_Type_Declaration
3513 | N_Formal_Type_Declaration
3514 then
3522 -----------------------------------
3523 -- Freeze_Enclosing_Package_Body --
3524 -----------------------------------
3530 begin
3531 -- Climb the parent chain looking for an enclosing package body. Do
3532 -- not use the scope stack, because a body utilizes the entity of its
3533 -- corresponding spec.
3538 Analyze_Package_Body_Contract
3544 -- Do not look for an enclosing package body when the construct
3545 -- which causes freezing is a body generated for an expression
3546 -- function and it appears within a package spec. This ensures
3547 -- that the traversal will not reach too far up the parent chain
3548 -- and attempt to freeze a package body which must not be frozen.
3550 -- package body Enclosing_Body
3551 -- with Refined_State => (State => Var)
3552 -- is
3553 -- package Nested is
3554 -- type Some_Type is ...;
3555 -- function Cause_Freezing return ...;
3556 -- private
3557 -- function Cause_Freezing is (...);
3558 -- end Nested;
3559 --
3560 -- Var : Nested.Some_Type;
3564 then
3567 -- Prevent the search from going too far
3577 -- Local variables
3581 -- Start of processing for Freeze_Previous_Contracts
3583 begin
3586 -- A body that is in the process of being inlined appears from source,
3587 -- but carries name _parent. Such a body does not cause freezing of
3588 -- contracts.
3594 Freeze_Enclosing_Package_Body;
3595 Freeze_Contracts;
3598 ---------------------------------
3599 -- Inherit_Subprogram_Contract --
3600 ---------------------------------
3602 procedure Inherit_Subprogram_Contract
3605 is
3607 -- Propagate a pragma denoted by Prag_Id from From_Subp's contract to
3608 -- Subp's contract.
3610 --------------------
3611 -- Inherit_Pragma --
3612 --------------------
3618 begin
3619 -- A pragma cannot be part of more than one First_Pragma/Next_Pragma
3620 -- chains, therefore the node must be replicated. The new pragma is
3621 -- flagged as inherited for distinction purposes.
3631 -- Start of processing for Inherit_Subprogram_Contract
3633 begin
3634 -- Inheritance is carried out only when both entities are subprograms
3635 -- with contracts.
3640 then
3646 -------------------------------------
3647 -- Instantiate_Subprogram_Contract --
3648 -------------------------------------
3652 -- Instantiate all contract-related source pragmas found in the list,
3653 -- starting with pragma First_Prag. Each instantiated pragma is added
3654 -- to list L.
3656 -------------------------
3657 -- Instantiate_Pragmas --
3658 -------------------------
3664 begin
3668 Inst_Prag :=
3679 -- Local variables
3683 -- Start of processing for Instantiate_Subprogram_Contract
3685 begin
3693 --------------------------
3694 -- Is_Prologue_Renaming --
3695 --------------------------
3697 -- This should be turned into a flag and set during the expansion of
3698 -- task and protected types when the renamings get generated ???
3706 begin
3709 then
3714 -- Analyze the renaming declaration so we can further examine it
3723 -- A discriminant renaming appears as
3724 -- Discr : constant ... := Prefix.Discr;
3730 then
3733 -- A protection field renaming appears as
3734 -- Prot : ... := _object._object;
3736 -- A renamed private component is just a component of
3737 -- _object, with an arbitrary name.
3743 then
3752 -----------------------------------
3753 -- Make_Class_Precondition_Subps --
3754 -----------------------------------
3756 procedure Make_Class_Precondition_Subps
3759 is
3764 -- Build the indirect-call wrapper and append it to the freezing actions
3765 -- of Tagged_Type.
3767 procedure Add_Call_Helper
3770 -- Factorizes code for building a call helper with the given identifier
3771 -- and append it to the freezing actions of Tagged_Type. Is_Dynamic
3772 -- controls building the static or dynamic version of the helper.
3775 -- Build an unique new name adding suffix to Subp_Id name (plus its
3776 -- homonym number for values bigger than 1).
3778 -------------------------------
3779 -- Add_Indirect_Call_Wrapper --
3780 -------------------------------
3785 -- Build the body of the indirect call wrapper
3788 -- Build the declaration of the indirect call wrapper
3790 --------------------
3791 -- Build_ICW_Body --
3792 --------------------
3801 begin
3804 -- Build call to wrapped subprogram
3806 declare
3810 begin
3811 -- Build parameter association & call
3815 New_Occurrence_Of
3821 Call :=
3825 else
3826 Call :=
3828 Expression =>
3835 ICW_Body :=
3839 Handled_Statement_Sequence =>
3843 -- The new operation is internal and overriding indicators do not
3844 -- apply.
3851 --------------------
3852 -- Build_ICW_Decl --
3853 --------------------
3862 begin
3870 -- The indirect call wrapper is commonly used for indirect calls
3871 -- but inlined for direct calls performed from the DTW.
3881 -- Link original subprogram to indirect wrapper and vice versa
3886 -- Inherit debug info flag to allow debugging the wrapper
3895 -- Local Variables
3900 -- Start of processing for Add_Indirect_Call_Wrapper
3902 begin
3913 -- We cannot defer the analysis of this ICW wrapper when it is
3914 -- built as a consequence of building its partner DTW wrapper
3915 -- at the freezing point of the tagged type.
3922 ---------------------
3923 -- Add_Call_Helper --
3924 ---------------------
3926 procedure Add_Call_Helper
3929 is
3931 -- Build the body of a call helper
3934 -- Build the declaration of a call helper
3937 -- Build the specification of the helper
3939 ----------------------------
3940 -- Build_Call_Helper_Body --
3941 ----------------------------
3945 function Copy_And_Update_References
3947 -- Copy Expr updating references to formals of Helper_Id; update
3948 -- also references to loop identifiers of quantified expressions.
3950 --------------------------------
3951 -- Copy_And_Update_References --
3952 --------------------------------
3954 function Copy_And_Update_References
3956 is
3960 -- Traverse Expr and append to Assoc_List the mapping of loop
3961 -- identifers of quantified expressions with its new copy.
3963 ------------------------------------------------
3964 -- Map_Quantified_Expression_Loop_Identifiers --
3965 ------------------------------------------------
3969 -- Append to Assoc_List the mapping of loop identifers of
3970 -- quantified expressions with its new copy.
3972 --------------------
3973 -- Map_Loop_Param --
3974 --------------------
3977 is
3978 begin
3981 then
3982 declare
3985 begin
3997 begin
4001 -- Local variables
4006 -- Start of processing for Copy_And_Update_References
4008 begin
4017 Map_Quantified_Expression_Loop_Identifiers;
4022 -- Local variables
4031 -- Start of processing for Build_Call_Helper_Body
4033 begin
4044 -- Evaluate the expression if we are building a dynamic helper
4045 -- or we are building a static helper for a non-abstract tagged
4046 -- type; for abstract tagged types the helper just returns True
4047 -- since it is called by the indirect call wrapper (ICW).
4048 and then
4049 (Is_Dynamic
4050 or else
4052 then
4053 Return_Expr :=
4056 -- When the subprogram is compiled with assertions disabled the
4057 -- helper just returns True; done to avoid reporting errors at
4058 -- link time since a unit may be compiled with assertions disabled
4059 -- and another (which depends on it) compiled with assertions
4060 -- enabled.
4062 else
4068 Body_Stmts :=
4073 Helper_Body :=
4082 ----------------------------
4083 -- Build_Call_Helper_Decl --
4084 ----------------------------
4090 begin
4099 -- Inherit debug info flag from Subp_Id to Helper_Id to allow
4100 -- debugging of the helper subprogram.
4109 ----------------------------
4110 -- Build_Call_Helper_Spec --
4111 ----------------------------
4114 is
4124 begin
4125 -- Create a list of formal parameters with the same types as the
4126 -- original subprogram but changing the controlling formal.
4135 = N_Access_Definition
4136 then
4137 Param_Type :=
4144 else
4145 Param_Type :=
4150 else
4156 Defining_Identifier =>
4160 Null_Exclusion_Present => Null_Exclusion_Present
4168 return
4172 Result_Definition =>
4176 -- Local variables
4181 -- Start of processing for Add_Call_Helper
4183 begin
4187 -- Add the helper to the freezing actions of the tagged type
4195 -- If this helper is built as part of building the DTW at the
4196 -- freezing point of its tagged type then we cannot defer
4197 -- its analysis.
4205 -----------------------
4206 -- Build_Unique_Name --
4207 -----------------------
4210 begin
4211 -- Append the homonym number. Strip the leading space character in
4212 -- the image of natural numbers. Also do not add the homonym value
4213 -- of 1.
4216 declare
4219 begin
4228 -- Local variables
4232 -- Start of processing for Make_Class_Precondition_Subps
4234 begin
4237 then
4238 pragma Assert
4244 -- Build and add to the freezing actions of Tagged_Type its
4245 -- dynamic-call helper.
4247 Helper_Id :=
4252 -- Link original subprogram to helper and vice versa
4260 then
4261 -- Build and add to the freezing actions of Tagged_Type its
4262 -- static-call helper.
4264 Helper_Id :=
4270 -- Link original subprogram to helper and vice versa
4275 -- Build and add to the freezing actions of Tagged_Type the
4276 -- indirect-call wrapper.
4278 Add_Indirect_Call_Wrapper;
4283 ----------------------------------------------
4284 -- Process_Class_Conditions_At_Freeze_Point --
4285 ----------------------------------------------
4290 -- Check class-wide pre/postconditions of Spec_Id
4292 function Has_Class_Postconditions_Subprogram
4294 -- Return True if Spec_Id has (or inherits) a postconditions subprogram.
4296 function Has_Class_Preconditions_Subprogram
4298 -- Return True if Spec_Id has (or inherits) a preconditions subprogram.
4300 ----------------------------
4301 -- Check_Class_Conditions --
4302 ----------------------------
4307 begin
4312 Check_Class_Condition
4317 | Class_Precondition);
4322 -----------------------------------------
4323 -- Has_Class_Postconditions_Subprogram --
4324 -----------------------------------------
4326 function Has_Class_Postconditions_Subprogram
4328 begin
4329 return
4330 Present (Nearest_Class_Condition_Subprogram
4333 or else
4334 Present (Nearest_Class_Condition_Subprogram
4339 ----------------------------------------
4340 -- Has_Class_Preconditions_Subprogram --
4341 ----------------------------------------
4343 function Has_Class_Preconditions_Subprogram
4345 begin
4346 return
4347 Present (Nearest_Class_Condition_Subprogram
4350 or else
4351 Present (Nearest_Class_Condition_Subprogram
4356 -- Local variables
4361 -- Start of processing for Process_Class_Conditions_At_Freeze_Point
4363 begin
4369 then
4375 -- Handle wrapper of protected operation
4380 -- Check inherited class-wide conditions, excluding internal
4381 -- entities built for mapping of interface primitives.
4386 then
4395 ----------------------------
4396 -- Merge_Class_Conditions --
4397 ----------------------------
4402 -- Collect all inherited class-wide conditions of Spec_Id and merge
4403 -- them into one big condition.
4405 ----------------------------------
4406 -- Process_Inherited_Conditions --
4407 ----------------------------------
4414 function Inherit_Condition
4417 -- Inherit the class-wide condition from Par_Subp to Subp and adjust
4418 -- all the references to formals in the inherited condition.
4421 -- Merge two class-wide preconditions or postconditions (the former
4422 -- are merged using "or else", and the latter are merged using "and-
4423 -- then"). The changes are accumulated in parameter Into.
4426 -- Return True if the contract of subprogram Id has been processed
4428 -----------------------
4429 -- Inherit_Condition --
4430 -----------------------
4432 function Inherit_Condition
4435 is
4437 -- Used in assertion to check that Expr has no reference to the
4438 -- formals of Par_Subp.
4440 ---------------------
4441 -- Check_Condition --
4442 ---------------------
4448 -- Check occurrence of Par_Formal_Id
4450 ------------------
4451 -- Check_Entity --
4452 ------------------
4455 begin
4459 then
4468 -- Start of processing for Check_Condition
4470 begin
4484 -- Local variables
4491 begin
4500 -- Check that Parent field of all the nodes have their correct
4501 -- decoration; required because otherwise mapped nodes with
4502 -- wrong Parent field are left unmodified in the copied tree
4503 -- and cause reporting wrong errors at later stages.
4505 pragma Assert
4508 New_Condition :=
4509 New_Copy_Tree
4513 -- Ensure that the inherited condition has no reference to the
4514 -- formals of the parent subprogram.
4521 ----------------------
4522 -- Merge_Conditions --
4523 ----------------------
4527 -- Return the boolean expression argument of a condition while
4528 -- updating its parentheses count for the subsequent merge.
4530 --------------------
4531 -- Expression_Arg --
4532 --------------------
4535 begin
4543 -- Local variables
4549 -- Start of processing for Merge_Conditions
4551 begin
4554 -- Merge the two preconditions by "or else"-ing them
4556 when Ignored_Class_Precondition
4557 | Class_Precondition
4558 =>
4564 -- Merge the two postconditions by "and then"-ing them
4566 when Ignored_Class_Postcondition
4567 | Class_Postcondition
4568 =>
4576 ---------------
4577 -- Seen_Subp --
4578 ---------------
4581 begin
4591 -- Local variables
4599 -- Start of processing for Process_Inherited_Conditions
4601 begin
4604 -- Process parent primitives looking for nearest ancestor with
4605 -- class-wide conditions.
4612 then
4617 -- Wrappers of class-wide pre/postconditions reference the
4618 -- parent primitive that has the inherited contract and help
4619 -- us to climb fast.
4623 then
4629 then
4634 Cond := Inherit_Condition
4640 else
4644 Check_Class_Condition
4649 | Class_Precondition);
4650 Build_Class_Wide_Expression
4656 -- We are done as soon as we process the nearest ancestor
4663 -- Process the contract of interface primitives not covered by
4664 -- the nearest ancestor.
4677 then
4680 Cond := Inherit_Condition
4684 Check_Class_Condition
4689 | Class_Precondition);
4690 Build_Class_Wide_Expression
4698 else
4708 -- Local variables
4712 -- Start of processing for Merge_Class_Conditions
4714 begin
4718 -- If this subprogram has class-wide conditions then preanalyze
4719 -- them before processing inherited conditions since conditions
4720 -- are checked and merged from right to left.
4728 -- Preanalyze merged inherited conditions
4737 ---------------------------------
4738 -- Preanalyze_Class_Conditions --
4739 ---------------------------------
4744 begin
4754 --------------------------
4755 -- Preanalyze_Condition --
4756 --------------------------
4758 procedure Preanalyze_Condition
4761 is
4763 -- Clear unset references on formals of Subp since preanalysis
4764 -- occurs in a place unrelated to the actual code.
4767 -- Traverse Expr and clear the Controlling_Argument of calls to
4768 -- nonabstract functions.
4771 -- Traverse Expr searching for dispatching calls to functions whose
4772 -- original node was a selected component, and replace them with
4773 -- their original node.
4775 ----------------------------
4776 -- Clear_Unset_References --
4777 ----------------------------
4782 begin
4789 ----------------------------------
4790 -- Remove_Controlling_Arguments --
4791 ----------------------------------
4795 -- Reset the Controlling_Argument of calls to nonabstract
4796 -- function calls.
4798 ---------------------
4799 -- Remove_Ctrl_Arg --
4800 ---------------------
4803 begin
4807 then
4815 begin
4819 -----------------------------------------
4820 -- Restore_Original_Selected_Component --
4821 -----------------------------------------
4827 -- Traverse the subtree of N fixing the Parent field of all the
4828 -- nodes.
4831 -- Process dispatching calls to functions whose original node was
4832 -- a selected component, and replace them with their original
4833 -- node. Restored nodes are stored in the Restored_Nodes_List
4834 -- to fix the parent fields of their subtrees in a separate
4835 -- tree traversal.
4837 -----------------
4838 -- Fix_Parents --
4839 -----------------
4843 function Fix_Parent
4846 -- Process a single node
4848 ----------------
4849 -- Fix_Parent --
4850 ----------------
4852 function Fix_Parent
4855 is
4858 begin
4862 else
4873 begin
4877 ------------------
4878 -- Restore_Node --
4879 ------------------
4882 begin
4886 then
4890 -- Save the restored node in the Restored_Nodes_List to fix
4891 -- the parent fields of their subtrees in a separate tree
4892 -- traversal.
4902 -- Start of processing for Restore_Original_Selected_Component
4904 begin
4907 -- After restoring the original node we must fix the decoration
4908 -- of the Parent attribute to ensure tree consistency; required
4909 -- because when the class-wide condition is inherited, calls to
4910 -- New_Copy_Tree will perform copies of this subtree, and formal
4911 -- occurrences with wrong Parent field cannot be mapped to the
4912 -- new formals.
4915 declare
4918 begin
4927 -- Start of processing for Preanalyze_Condition
4929 begin
4940 End_Scope;
4942 -- If this preanalyzed condition has occurrences of dispatching calls
4943 -- using the Object.Operation notation, during preanalysis such calls
4944 -- are rewritten as dispatching function calls; if at later stages
4945 -- this condition is inherited we must have restored the original
4946 -- selected-component node to ensure that the preanalysis of the
4947 -- inherited condition rewrites these dispatching calls in the
4948 -- correct context to avoid reporting spurious errors.
4950 Restore_Original_Selected_Component;
4952 -- Traverse Expr and clear the Controlling_Argument of calls to
4953 -- nonabstract functions. Required since the preanalyzed condition
4954 -- is not yet installed on its definite context and will be cloned
4955 -- and extended in derivations with additional conditions.
4957 Remove_Controlling_Arguments;
4959 -- Clear also attribute Unset_Reference; again because preanalysis
4960 -- occurs in a place unrelated to the actual code.
4962 Clear_Unset_References;
4965 ----------------------------------------
4966 -- Save_Global_References_In_Contract --
4967 ----------------------------------------
4969 procedure Save_Global_References_In_Contract
4972 is
4974 -- Save all global references in contract-related source pragmas found
4975 -- in the list, starting with pragma First_Prag.
4977 ------------------------------------
4978 -- Save_Global_References_In_List --
4979 ------------------------------------
4984 begin
4994 -- Local variables
4998 -- Start of processing for Save_Global_References_In_Contract
5000 begin
5001 -- The entity of the analyzed generic copy must be on the scope stack
5002 -- to ensure proper detection of global references.
5008 then
5018 Pop_Scope;
5021 -------------------------
5022 -- Set_Class_Condition --
5023 -------------------------
5025 procedure Set_Class_Condition
5029 is
5030 begin