| blob | 760c06b1114f51158ce4fab34eccdb9af0df32f1 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C O N T R A C T S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 2015-2018, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
60 -- Analyze all delayed pragmas chained on the contract of package
61 -- instantiation Inst_Id as if they appear at the end of a declarative
62 -- region. The pragmas in question are:
63 --
64 -- Part_Of
67 -- (CodePeer): Subsidiary procedure to Analyze_Contracts which builds the
68 -- contract-only subprogram body of eligible subprograms found in L, adds
69 -- them to their corresponding list of declarations, and analyzes them.
72 -- Expand the contracts of a subprogram body and its correspoding spec (if
73 -- any). This routine processes all [refined] pre- and postconditions as
74 -- well as Contract_Cases, invariants and predicates. Body_Id denotes the
75 -- entity of the subprogram body.
77 -----------------------
78 -- Add_Contract_Item --
79 -----------------------
85 -- Prepend Prag to the list of classifications
88 -- Prepend Prag to the list of contract and test cases
91 -- Prepend Prag to the list of pre- and postconditions
93 ------------------------
94 -- Add_Classification --
95 ------------------------
98 begin
103 ----------------------------
104 -- Add_Contract_Test_Case --
105 ----------------------------
108 begin
113 ----------------------------
114 -- Add_Pre_Post_Condition --
115 ----------------------------
118 begin
123 -- Local variables
125 -- A contract must contain only pragmas
130 -- Start of processing for Add_Contract_Item
132 begin
133 -- Create a new contract when adding the first item
140 -- Constants, the applicable pragmas are:
141 -- Part_Of
145 Add_Classification;
147 -- The pragma is not a proper contract item
149 else
153 -- Entry bodies, the applicable pragmas are:
154 -- Refined_Depends
155 -- Refined_Global
156 -- Refined_Post
160 Add_Classification;
163 Add_Pre_Post_Condition;
165 -- The pragma is not a proper contract item
167 else
171 -- Entry or subprogram declarations, the applicable pragmas are:
172 -- Attach_Handler
173 -- Contract_Cases
174 -- Depends
175 -- Extensions_Visible
176 -- Global
177 -- Interrupt_Handler
178 -- Postcondition
179 -- Precondition
180 -- Test_Case
181 -- Volatile_Function
185 E_Generic_Function,
186 E_Generic_Procedure,
187 E_Procedure)
188 then
191 then
192 Add_Classification;
195 Name_Extensions_Visible,
196 Name_Global)
197 then
198 Add_Classification;
202 then
203 Add_Classification;
206 Add_Contract_Test_Case;
209 Add_Pre_Post_Condition;
211 -- The pragma is not a proper contract item
213 else
217 -- Packages or instantiations, the applicable pragmas are:
218 -- Abstract_States
219 -- Initial_Condition
220 -- Initializes
221 -- Part_Of (instantiation only)
225 Name_Initial_Condition,
226 Name_Initializes)
227 then
228 Add_Classification;
230 -- Indicator Part_Of must be associated with a package instantiation
233 Add_Classification;
235 -- The pragma is not a proper contract item
237 else
241 -- Package bodies, the applicable pragmas are:
242 -- Refined_States
246 Add_Classification;
248 -- The pragma is not a proper contract item
250 else
254 -- Protected units, the applicable pragmas are:
255 -- Part_Of
259 Add_Classification;
261 -- The pragma is not a proper contract item
263 else
267 -- Subprogram bodies, the applicable pragmas are:
268 -- Postcondition
269 -- Precondition
270 -- Refined_Depends
271 -- Refined_Global
272 -- Refined_Post
276 Add_Classification;
279 Name_Precondition,
280 Name_Refined_Post)
281 then
282 Add_Pre_Post_Condition;
284 -- The pragma is not a proper contract item
286 else
290 -- Task bodies, the applicable pragmas are:
291 -- Refined_Depends
292 -- Refined_Global
296 Add_Classification;
298 -- The pragma is not a proper contract item
300 else
304 -- Task units, the applicable pragmas are:
305 -- Depends
306 -- Global
307 -- Part_Of
311 Add_Classification;
313 -- The pragma is not a proper contract item
315 else
319 -- Variables, the applicable pragmas are:
320 -- Async_Readers
321 -- Async_Writers
322 -- Constant_After_Elaboration
323 -- Depends
324 -- Effective_Reads
325 -- Effective_Writes
326 -- Global
327 -- Part_Of
331 Name_Async_Writers,
332 Name_Constant_After_Elaboration,
333 Name_Depends,
334 Name_Effective_Reads,
335 Name_Effective_Writes,
336 Name_Global,
337 Name_Part_Of)
338 then
339 Add_Classification;
341 -- The pragma is not a proper contract item
343 else
349 -----------------------
350 -- Analyze_Contracts --
351 -----------------------
356 begin
364 -- Entry or subprogram declarations
367 N_Entry_Declaration,
368 N_Generic_Subprogram_Declaration,
369 N_Subprogram_Declaration)
370 then
371 declare
374 begin
377 -- If analysis of a class-wide pre/postcondition indicates
378 -- that a class-wide clone is needed, analyze its declaration
379 -- now. Its body is created when the body of the original
380 -- operation is analyzed (and rewritten).
384 then
389 -- Entry or subprogram bodies
394 -- Objects
399 -- Package instantiation
404 -- Protected units
407 N_Single_Protected_Declaration)
408 then
411 -- Subprogram body stubs
416 -- Task units
419 N_Task_Type_Declaration)
420 then
423 -- For type declarations, we need to do the preanalysis of Iterable
424 -- aspect specifications.
426 -- Other type aspects need to be resolved here???
430 then
431 declare
435 begin
446 -----------------------------------------------
447 -- Analyze_Entry_Or_Subprogram_Body_Contract --
448 -----------------------------------------------
450 -- WARNING: This routine manages SPARK regions. Return statements must be
451 -- replaced by gotos which jump to the end of the routine and restore the
452 -- SPARK mode.
461 -- Save the SPARK_Mode-related data to restore on exit
463 begin
464 -- When a subprogram body declaration is illegal, its defining entity is
465 -- left unanalyzed. There is nothing left to do in this case because the
466 -- body lacks a contract, or even a proper Ekind.
471 -- Do not analyze a contract multiple times
476 else
481 -- Due to the timing of contract analysis, delayed pragmas may be
482 -- subject to the wrong SPARK_Mode, usually that of the enclosing
483 -- context. To remedy this, restore the original SPARK_Mode of the
484 -- related subprogram body.
488 -- Ensure that the contract cases or postconditions mention 'Result or
489 -- define a post-state.
493 -- A stand-alone nonvolatile function body cannot have an effectively
494 -- volatile formal parameter or return type (SPARK RM 7.1.3(9)). This
495 -- check is relevant only when SPARK_Mode is on, as it is not a standard
496 -- legality rule. The check is performed here because Volatile_Function
497 -- is processed after the analysis of the related subprogram body. The
498 -- check only applies to source subprograms and not to generated TSS
499 -- subprograms.
505 then
509 -- Restore the SPARK_Mode of the enclosing context after all delayed
510 -- pragmas have been analyzed.
514 -- Capture all global references in a generic subprogram body now that
515 -- the contract has been analyzed.
518 Save_Global_References_In_Contract
523 -- Deal with preconditions, [refined] postconditions, Contract_Cases,
524 -- invariants and predicates associated with body and its spec. Do not
525 -- expand the contract of subprogram body stubs.
532 ------------------------------------------
533 -- Analyze_Entry_Or_Subprogram_Contract --
534 ------------------------------------------
536 -- WARNING: This routine manages SPARK regions. Return statements must be
537 -- replaced by gotos which jump to the end of the routine and restore the
538 -- SPARK mode.
540 procedure Analyze_Entry_Or_Subprogram_Contract
543 is
549 -- Save the SPARK_Mode-related data to restore on exit
553 and then not ASIS_Mode
561 begin
562 -- Do not analyze a contract multiple times
567 else
572 -- Due to the timing of contract analysis, delayed pragmas may be
573 -- subject to the wrong SPARK_Mode, usually that of the enclosing
574 -- context. To remedy this, restore the original SPARK_Mode of the
575 -- related subprogram body.
579 -- All subprograms carry a contract, but for some it is not significant
580 -- and should not be processed.
587 -- Do not analyze the pre/postconditions of an entry declaration
588 -- unless annotating the original tree for ASIS or GNATprove. The
589 -- real analysis occurs when the pre/postconditons are relocated to
590 -- the contract wrapper procedure (see Build_Contract_Wrapper).
595 -- Otherwise analyze the pre/postconditions.
596 -- If these come from an aspect specification, their expressions
597 -- might include references to types that are not frozen yet, in the
598 -- case where the body is a rewritten expression function that is a
599 -- completion, so freeze all types within before constructing the
600 -- contract code.
602 else
603 declare
607 begin
616 then
623 if Freeze_Types
625 then
626 Freeze_Expr_Types
639 -- Analyze contract-cases and test-cases
647 -- Do not analyze the contract cases of an entry declaration
648 -- unless annotating the original tree for ASIS or GNATprove.
649 -- The real analysis occurs when the contract cases are moved
650 -- to the contract wrapper procedure (Build_Contract_Wrapper).
655 -- Otherwise analyze the contract cases
657 else
660 else
668 -- Analyze classification pragmas
684 -- Analyze Global first, as Depends may mention items classified in
685 -- the global categorization.
691 -- Depends must be analyzed after Global in order to see the modes of
692 -- all global items.
698 -- Ensure that the contract cases or postconditions mention 'Result
699 -- or define a post-state.
704 -- A nonvolatile function cannot have an effectively volatile formal
705 -- parameter or return type (SPARK RM 7.1.3(9)). This check is relevant
706 -- only when SPARK_Mode is on, as it is not a standard legality rule.
707 -- The check is performed here because pragma Volatile_Function is
708 -- processed after the analysis of the related subprogram declaration.
714 then
718 -- Restore the SPARK_Mode of the enclosing context after all delayed
719 -- pragmas have been analyzed.
723 -- Capture all global references in a generic subprogram now that the
724 -- contract has been analyzed.
727 Save_Global_References_In_Contract
733 -----------------------------
734 -- Analyze_Object_Contract --
735 -----------------------------
737 -- WARNING: This routine manages SPARK regions. Return statements must be
738 -- replaced by gotos which jump to the end of the routine and restore the
739 -- SPARK mode.
741 procedure Analyze_Object_Contract
744 is
749 -- Save the SPARK_Mode-related data to restore on exit
760 begin
761 -- The loop parameter in an element iterator over a formal container
762 -- is declared with an object declaration, but no contracts apply.
768 -- Do not analyze a contract multiple times
775 else
780 -- The anonymous object created for a single concurrent type inherits
781 -- the SPARK_Mode from the type. Due to the timing of contract analysis,
782 -- delayed pragmas may be subject to the wrong SPARK_Mode, usually that
783 -- of the enclosing context. To remedy this, restore the original mode
784 -- of the related anonymous object.
788 then
792 -- Constant-related checks
796 -- Analyze indicator Part_Of
800 -- Check whether the lack of indicator Part_Of agrees with the
801 -- placement of the constant with respect to the state space.
807 -- A constant cannot be effectively volatile (SPARK RM 7.1.3(4)).
808 -- This check is relevant only when SPARK_Mode is on, as it is not
809 -- a standard Ada legality rule. Internally-generated constants that
810 -- map generic formals to actuals in instantiations are allowed to
811 -- be volatile.
817 then
821 -- Variable-related checks
825 -- Analyze all external properties
855 -- Verify the mutual interaction of the various external properties
861 -- The anonymous object created for a single concurrent type carries
862 -- pragmas Depends and Globat of the type.
866 -- Analyze Global first, as Depends may mention items classified
867 -- in the global categorization.
875 -- Depends must be analyzed after Global in order to see the modes
876 -- of all global items.
887 -- Analyze indicator Part_Of
892 -- The variable is a constituent of a single protected/task type
893 -- and behaves as a component of the type. Verify that references
894 -- to the variable occur within the definition or body of the type
895 -- (SPARK RM 9.3).
898 and then Is_Single_Concurrent_Object
901 then
909 -- Otherwise check whether the lack of indicator Part_Of agrees with
910 -- the placement of the variable with respect to the state space.
912 else
916 -- The following checks are relevant only when SPARK_Mode is on, as
917 -- they are not standard Ada legality rules. Internally generated
918 -- temporaries are ignored.
923 -- The declaration of an effectively volatile object must
924 -- appear at the library level (SPARK RM 7.1.3(3), C.6(6)).
927 Error_Msg_N
931 -- An object of a discriminated type cannot be effectively
932 -- volatile except for protected objects (SPARK RM 7.1.3(5)).
936 then
937 Error_Msg_N
941 -- The object is not effectively volatile
943 else
944 -- A non-effectively volatile object cannot have effectively
945 -- volatile components (SPARK RM 7.1.3(6)).
949 then
950 Error_Msg_N
952 Obj_Id);
958 -- Common checks
962 -- A Ghost object cannot be of a type that yields a synchronized
963 -- object (SPARK RM 6.9(19)).
968 -- A Ghost object cannot be effectively volatile (SPARK RM 6.9(7) and
969 -- SPARK RM 6.9(19)).
974 -- A Ghost object cannot be imported or exported (SPARK RM 6.9(7)).
975 -- One exception to this is the object that represents the dispatch
976 -- table of a Ghost tagged type, as the symbol needs to be exported.
986 -- Restore the SPARK_Mode of the enclosing context after all delayed
987 -- pragmas have been analyzed.
992 -----------------------------------
993 -- Analyze_Package_Body_Contract --
994 -----------------------------------
996 -- WARNING: This routine manages SPARK regions. Return statements must be
997 -- replaced by gotos which jump to the end of the routine and restore the
998 -- SPARK mode.
1000 procedure Analyze_Package_Body_Contract
1003 is
1010 -- Save the SPARK_Mode-related data to restore on exit
1014 begin
1015 -- Do not analyze a contract multiple times
1020 else
1025 -- Due to the timing of contract analysis, delayed pragmas may be
1026 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1027 -- context. To remedy this, restore the original SPARK_Mode of the
1028 -- related package body.
1034 -- The analysis of pragma Refined_State detects whether the spec has
1035 -- abstract states available for refinement.
1041 -- Restore the SPARK_Mode of the enclosing context after all delayed
1042 -- pragmas have been analyzed.
1046 -- Capture all global references in a generic package body now that the
1047 -- contract has been analyzed.
1050 Save_Global_References_In_Contract
1056 ------------------------------
1057 -- Analyze_Package_Contract --
1058 ------------------------------
1060 -- WARNING: This routine manages SPARK regions. Return statements must be
1061 -- replaced by gotos which jump to the end of the routine and restore the
1062 -- SPARK mode.
1070 -- Save the SPARK_Mode-related data to restore on exit
1077 begin
1078 -- Do not analyze a contract multiple times
1083 else
1088 -- Due to the timing of contract analysis, delayed pragmas may be
1089 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1090 -- context. To remedy this, restore the original SPARK_Mode of the
1091 -- related package.
1097 -- Locate and store pragmas Initial_Condition and Initializes, since
1098 -- their order of analysis matters.
1114 -- Analyze the initialization-related pragmas. Initializes must come
1115 -- before Initial_Condition due to item dependencies.
1126 -- Restore the SPARK_Mode of the enclosing context after all delayed
1127 -- pragmas have been analyzed.
1131 -- Capture all global references in a generic package now that the
1132 -- contract has been analyzed.
1135 Save_Global_References_In_Contract
1141 --------------------------------------------
1142 -- Analyze_Package_Instantiation_Contract --
1143 --------------------------------------------
1145 -- WARNING: This routine manages SPARK regions. Return statements must be
1146 -- replaced by gotos which jump to the end of the routine and restore the
1147 -- SPARK mode.
1155 -- Save the SPARK_Mode-related data to restore on exit
1160 begin
1161 -- Nothing to do when the package instantiation is erroneous or left
1162 -- partially decorated.
1171 -- Due to the timing of contract analysis, delayed pragmas may be
1172 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1173 -- context. To remedy this, restore the original SPARK_Mode of the
1174 -- related package.
1178 -- Check whether the lack of indicator Part_Of agrees with the placement
1179 -- of the package instantiation with respect to the state space. Nested
1180 -- package instantiations do not need to be checked because they inherit
1181 -- Part_Of indicator of the outermost package instantiation (see routine
1182 -- Propagate_Part_Of in Sem_Prag).
1191 -- Restore the SPARK_Mode of the enclosing context after all delayed
1192 -- pragmas have been analyzed.
1197 --------------------------------
1198 -- Analyze_Protected_Contract --
1199 --------------------------------
1204 begin
1205 -- Do not analyze a contract multiple times
1210 else
1216 -------------------------------------------
1217 -- Analyze_Subprogram_Body_Stub_Contract --
1218 -------------------------------------------
1224 begin
1225 -- A subprogram body stub may act as its own spec or as the completion
1226 -- of a previous declaration. Depending on the context, the contract of
1227 -- the stub may contain two sets of pragmas.
1229 -- The stub is a completion, the applicable pragmas are:
1230 -- Refined_Depends
1231 -- Refined_Global
1236 -- The stub acts as its own spec, the applicable pragmas are:
1237 -- Contract_Cases
1238 -- Depends
1239 -- Global
1240 -- Postcondition
1241 -- Precondition
1242 -- Test_Case
1244 else
1249 ---------------------------
1250 -- Analyze_Task_Contract --
1251 ---------------------------
1253 -- WARNING: This routine manages SPARK regions. Return statements must be
1254 -- replaced by gotos which jump to the end of the routine and restore the
1255 -- SPARK mode.
1262 -- Save the SPARK_Mode-related data to restore on exit
1266 begin
1267 -- Do not analyze a contract multiple times
1272 else
1277 -- Due to the timing of contract analysis, delayed pragmas may be
1278 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1279 -- context. To remedy this, restore the original SPARK_Mode of the
1280 -- related task unit.
1284 -- Analyze Global first, as Depends may mention items classified in the
1285 -- global categorization.
1293 -- Depends must be analyzed after Global in order to see the modes of
1294 -- all global items.
1302 -- Restore the SPARK_Mode of the enclosing context after all delayed
1303 -- pragmas have been analyzed.
1308 -------------------------------------------------
1309 -- Build_And_Analyze_Contract_Only_Subprograms --
1310 -------------------------------------------------
1314 -- Analyze the contract-only subprograms of L
1317 -- Append the contract-only bodies of Subp_List to its declarations list
1320 -- If E is an entity for a non-imported subprogram specification with
1321 -- pre/postconditions and we are compiling with CodePeer mode, then
1322 -- this procedure will create a wrapper to help Gnat2scil process its
1323 -- contracts. Return Empty if the wrapper cannot be built.
1326 -- Build the contract-only subprograms of all eligible subprograms found
1327 -- in list L.
1330 -- Return True for package specs, task definitions, and protected type
1331 -- definitions whose list of private declarations is not empty.
1333 ---------------------------------------
1334 -- Analyze_Contract_Only_Subprograms --
1335 ---------------------------------------
1339 -- Analyze all the contract-only bodies of L
1341 ----------------------------------
1342 -- Analyze_Contract_Only_Bodies --
1343 ----------------------------------
1348 begin
1352 and then Is_Contract_Only_Body
1354 then
1362 -- Start of processing for Analyze_Contract_Only_Subprograms
1364 begin
1366 Analyze_Contract_Only_Bodies;
1368 else
1369 declare
1373 begin
1375 Analyze_Contract_Only_Bodies;
1377 -- For packages with private declarations, the contract-only
1378 -- bodies of subprograms defined in the visible part of the
1379 -- package are added to its private declarations (to ensure
1380 -- that they do not cause premature freezing of types and also
1381 -- that they are analyzed with proper visibility). Hence they
1382 -- will be analyzed later.
1388 Analyze_Contract_Only_Bodies;
1394 --------------------------------------
1395 -- Append_Contract_Only_Subprograms --
1396 --------------------------------------
1399 begin
1407 else
1408 declare
1412 begin
1416 -- If the package has private declarations then append them to
1417 -- its private declarations; they will be analyzed when the
1418 -- contracts of its private declarations are analyzed.
1420 else
1421 Append_List
1429 ------------------------------------
1430 -- Build_Contract_Only_Subprogram --
1431 ------------------------------------
1433 -- This procedure takes care of building a wrapper to generate better
1434 -- analysis results in the case of a call to a subprogram whose body
1435 -- is unavailable to CodePeer but whose specification includes Pre/Post
1436 -- conditions. The body might be unavailable for any of a number or
1437 -- reasons (it is imported, the .adb file is simply missing, or the
1438 -- subprogram might be subject to an Annotate (CodePeer, Skip_Analysis)
1439 -- pragma). The built subprogram has the following contents:
1440 -- * check preconditions
1441 -- * call the subprogram
1442 -- * check postconditions
1451 -- Build the declaration of the missing body subprogram and its
1452 -- corresponding pragma Import.
1455 -- Build the call to the missing body subprogram
1458 -- Return True for cases where the wrapper is not needed or we cannot
1459 -- build it.
1461 ------------------------------
1462 -- Build_Missing_Body_Decls --
1463 ------------------------------
1470 begin
1471 Decl :=
1475 Prag :=
1488 ----------------------------------------
1489 -- Build_Missing_Body_Subprogram_Call --
1490 ----------------------------------------
1496 begin
1499 -- Build parameter list that we need
1507 -- Build the call to the missing body subprogram
1510 return
1512 Expression =>
1514 Name =>
1518 else
1519 return
1521 Name =>
1527 -----------------------------------
1528 -- Skip_Contract_Only_Subprogram --
1529 -----------------------------------
1531 function Skip_Contract_Only_Subprogram
1533 is
1535 -- Return True if some formal of E (or its return type) are
1536 -- private types defined in an enclosing package.
1539 -- Return True if some enclosing package of the current scope has
1540 -- private declarations.
1542 ---------------------------------------
1543 -- Depends_On_Enclosing_Private_Type --
1544 ---------------------------------------
1547 function Defined_In_Enclosing_Package
1549 -- Return True if Typ is an entity defined in an enclosing
1550 -- package of the current scope.
1552 ----------------------------------
1553 -- Defined_In_Enclosing_Package --
1554 ----------------------------------
1556 function Defined_In_Enclosing_Package
1558 is
1561 begin
1564 loop
1571 -- Local variables
1576 -- Start of processing for Depends_On_Enclosing_Private_Type
1578 begin
1585 then
1592 return
1598 ----------------------------------------------
1599 -- Some_Enclosing_Package_Has_Private_Decls --
1600 ----------------------------------------------
1606 begin
1607 loop
1609 and then Has_Private_Declarations
1611 then
1622 -- Start of processing for Skip_Contract_Only_Subprogram
1624 begin
1625 if not CodePeer_Mode
1626 or else Inside_A_Generic
1634 then
1637 -- We do not support building the contract-only subprogram if E
1638 -- is a subprogram declared in a nested package that has some
1639 -- formal or return type depending on a private type defined in
1640 -- an enclosing package.
1643 and then Some_Enclosing_Package_Has_Private_Decls
1644 and then Depends_On_Enclosing_Private_Type
1645 then
1647 declare
1650 begin
1651 -- Warnings are disabled by default under CodePeer_Mode
1652 -- (see switch-c). Enable them temporarily.
1655 Error_Msg_N
1667 -- Start of processing for Build_Contract_Only_Subprogram
1669 begin
1670 -- Test cases where the wrapper is not needed and cases where we
1671 -- cannot build it.
1677 -- Note on calls to Copy_Separate_Tree. The trees we are copying
1678 -- here are fully analyzed, but we definitely want fully syntactic
1679 -- unanalyzed trees in the body we construct, so that the analysis
1680 -- generates the right visibility, and that is exactly what the
1681 -- calls to Copy_Separate_Tree give us.
1683 declare
1689 begin
1690 Bod :=
1692 Specification =>
1694 Declarations =>
1695 Build_Missing_Body_Decls,
1696 Handled_Statement_Sequence =>
1699 Build_Missing_Body_Subprogram_Call),
1704 -- Copy only the pre/postconditions of the original contract
1705 -- since it is what we need, but also because pragmas stored in
1706 -- the other fields have N_Pragmas with N_Aspect_Specifications
1707 -- that reference their associated pragma (thus causing an endless
1708 -- loop when trying to copy the subtree).
1710 declare
1713 begin
1719 -- Fix the name of this new subprogram and link the original
1720 -- subprogram with its Contract_Only_Body subprogram.
1730 -------------------------------------
1731 -- Build_Contract_Only_Subprograms --
1732 -------------------------------------
1740 begin
1762 ------------------------------
1763 -- Has_Private_Declarations --
1764 ------------------------------
1767 begin
1769 N_Protected_Definition,
1770 N_Task_Definition)
1771 then
1773 else
1774 return
1780 -- Local variables
1784 -- Start of processing for Build_And_Analyze_Contract_Only_Subprograms
1786 begin
1789 Analyze_Contract_Only_Subprograms;
1792 -----------------------------
1793 -- Create_Generic_Contract --
1794 -----------------------------
1801 -- Add a single contract-related source pragma Prag to the contract of
1802 -- generic template Templ_Id.
1804 ---------------------------------
1805 -- Add_Generic_Contract_Pragma --
1806 ---------------------------------
1811 begin
1812 -- Mark the pragma to prevent the premature capture of global
1813 -- references when capturing global references of the context
1814 -- (see Save_References_In_Pragma).
1818 -- Pragmas that apply to a generic subprogram declaration are not
1819 -- part of the semantic structure of the generic template:
1821 -- generic
1822 -- procedure Example (Formal : Integer);
1823 -- pragma Precondition (Formal > 0);
1825 -- Create a generic template for such pragmas and link the template
1826 -- of the pragma with the generic template.
1829 Rewrite
1836 -- Otherwise link the pragma with the generic template
1838 else
1843 -- Local variables
1848 -- Start of processing for Create_Generic_Contract
1850 begin
1851 -- A generic package declaration carries contract-related source pragmas
1852 -- in its visible declarations.
1861 -- A generic package body carries contract-related source pragmas in its
1862 -- declarations.
1871 -- Generic subprogram declaration
1876 else
1880 -- When the generic subprogram acts as a compilation unit, inspect
1881 -- the Pragmas_After list for contract-related source pragmas.
1886 then
1890 -- Otherwise inspect the successive declarations for contract-related
1891 -- source pragmas.
1893 else
1897 -- A generic subprogram body carries contract-related source pragmas in
1898 -- its declarations.
1908 -- Inspect the relevant declarations looking for contract-related source
1909 -- pragmas and add them to the contract of the generic unit.
1915 -- The source pragma is a contract annotation
1921 -- The region where a contract-related source pragma may appear
1922 -- ends with the first source non-pragma declaration or statement.
1924 else
1933 --------------------------------
1934 -- Expand_Subprogram_Contract --
1935 --------------------------------
1941 procedure Add_Invariant_And_Predicate_Checks
1945 -- Process the result of function Subp_Id (if applicable) and all its
1946 -- formals. Add invariant and predicate checks where applicable. The
1947 -- routine appends all the checks to list Stmts. If Subp_Id denotes a
1948 -- function, Result contains the entity of parameter _Result, to be
1949 -- used in the creation of procedure _Postconditions.
1952 -- Append a node to a list. If there is no list, create a new one. When
1953 -- the item denotes a pragma, it is added to the list only when it is
1954 -- enabled.
1956 procedure Build_Postconditions_Procedure
1960 -- Create the body of procedure _Postconditions which handles various
1961 -- assertion actions on exit from subprogram Subp_Id. Stmts is the list
1962 -- of statements to be checked on exit. Parameter Result is the entity
1963 -- of parameter _Result when Subp_Id denotes a function.
1966 -- Process pragma Contract_Cases. This routine prepends items to the
1967 -- body declarations and appends items to list Stmts.
1970 -- Collect all [inherited] spec and body postconditions and accumulate
1971 -- their pragma Check equivalents in list Stmts.
1974 -- Collect all [inherited] spec and body preconditions and prepend their
1975 -- pragma Check equivalents to the declarations of the body.
1977 ----------------------------------------
1978 -- Add_Invariant_And_Predicate_Checks --
1979 ----------------------------------------
1981 procedure Add_Invariant_And_Predicate_Checks
1985 is
1987 -- Id denotes the return value of a function or a formal parameter.
1988 -- Add an invariant check if the type of Id is access to a type with
1989 -- invariants. The routine appends the generated code to Stmts.
1992 -- Determine whether type Typ can benefit from invariant checks. To
1993 -- qualify, the type must have a non-null invariant procedure and
1994 -- subprogram Subp_Id must appear visible from the point of view of
1995 -- the type.
1997 ---------------------------------
1998 -- Add_Invariant_Access_Checks --
1999 ---------------------------------
2006 begin
2013 Ref :=
2018 -- Generate:
2019 -- if <Id> /= null then
2020 -- <invariant_call (<Ref>)>
2021 -- end if;
2023 Append_Enabled_Item
2026 Condition =>
2037 -------------------------
2038 -- Invariant_Checks_OK --
2039 -------------------------
2043 -- Determine whether type Typ has public visibility of subprogram
2044 -- Subp_Id.
2046 -----------------------------------------
2047 -- Has_Public_Visibility_Of_Subprogram --
2048 -----------------------------------------
2053 begin
2054 -- An Initialization procedure must be considered visible even
2055 -- though it is internally generated.
2063 -- Internally generated code is never publicly visible except
2064 -- for a subprogram that is the implementation of an expression
2065 -- function. In that case the visibility is determined by the
2066 -- last check.
2069 and then
2071 or else not
2073 then
2076 -- Determine whether the subprogram is declared in the visible
2077 -- declarations of the package containing the type, or in the
2078 -- visible declaration of a child unit of that package.
2080 else
2081 declare
2088 begin
2089 return
2090 Decls = Visible_Declarations
2093 or else
2097 and then
2099 and then
2100 Decls = Visible_Declarations
2101 (Specification
2107 -- Start of processing for Invariant_Checks_OK
2109 begin
2110 return
2117 -- Local variables
2120 -- Source location of subprogram body contract
2125 -- Start of processing for Add_Invariant_And_Predicate_Checks
2127 begin
2130 -- Process the result of a function
2135 -- Generate _Result which is used in procedure _Postconditions to
2136 -- verify the return value.
2141 -- Add an invariant check when the return type has invariants and
2142 -- the related function is visible to the outside.
2145 Append_Enabled_Item
2151 -- Add an invariant check when the return type is an access to a
2152 -- type with invariants.
2157 -- Add invariant and predicates for all formals that qualify
2165 then
2167 Append_Enabled_Item
2175 -- Note: we used to add predicate checks for OUT and IN OUT
2176 -- formals here, but that was misguided, since such checks are
2177 -- performed on the caller side, based on the predicate of the
2178 -- actual, rather than the predicate of the formal.
2186 -------------------------
2187 -- Append_Enabled_Item --
2188 -------------------------
2191 begin
2192 -- Do not chain ignored or disabled pragmas
2196 then
2199 -- Otherwise, add the item
2201 else
2206 -- If the pragma is a conjunct in a composite postcondition, it
2207 -- has been processed in reverse order. In the postcondition body
2208 -- it must appear before the others.
2213 then
2215 else
2221 ------------------------------------
2222 -- Build_Postconditions_Procedure --
2223 ------------------------------------
2225 procedure Build_Postconditions_Procedure
2229 is
2231 -- Insert node Stmt before the first source declaration of the
2232 -- related subprogram's body. If no such declaration exists, Stmt
2233 -- becomes the last declaration.
2235 --------------------------------------------
2236 -- Insert_Before_First_Source_Declaration --
2237 --------------------------------------------
2243 begin
2244 -- Inspect the declarations of the related subprogram body looking
2245 -- for the first source declaration.
2258 -- If we get there, then the subprogram body lacks any source
2259 -- declarations. The body of _Postconditions now acts as the
2260 -- last declaration.
2264 -- Ensure that the body has a declaration list
2266 else
2271 -- Local variables
2280 -- Start of processing for Build_Postconditions_Procedure
2282 begin
2283 -- Nothing to do if there are no actions to check on exit
2293 -- Force the front-end inlining of _Postconditions when generating C
2294 -- code, since its body may have references to itypes defined in the
2295 -- enclosing subprogram, which would cause problems for unnesting
2296 -- routines in the absence of inlining.
2304 -- The related subprogram is a function: create the specification of
2305 -- parameter _Result.
2311 Parameter_Type =>
2315 Proc_Spec :=
2322 -- Insert _Postconditions before the first source declaration of the
2323 -- body. This ensures that the body will not cause any premature
2324 -- freezing, as it may mention types:
2326 -- procedure Proc (Obj : Array_Typ) is
2327 -- procedure _postconditions is
2328 -- begin
2329 -- ... Obj ...
2330 -- end _postconditions;
2332 -- subtype T is Array_Typ (Obj'First (1) .. Obj'Last (1));
2333 -- begin
2335 -- In the example above, Obj is of type T but the incorrect placement
2336 -- of _Postconditions will cause a crash in gigi due to an out-of-
2337 -- order reference. The body of _Postconditions must be placed after
2338 -- the declaration of Temp to preserve correct visibility.
2343 -- Set an explicit End_Label to override the sloc of the implicit
2344 -- RETURN statement, and prevent it from inheriting the sloc of one
2345 -- the postconditions: this would cause confusing debug info to be
2346 -- produced, interfering with coverage-analysis tools.
2348 Proc_Bod :=
2350 Specification =>
2353 Handled_Statement_Sequence =>
2361 ----------------------------
2362 -- Process_Contract_Cases --
2363 ----------------------------
2367 -- Process pragma Contract_Cases for subprogram Subp_Id
2369 --------------------------------
2370 -- Process_Contract_Cases_For --
2371 --------------------------------
2377 begin
2383 then
2384 Expand_Pragma_Contract_Cases
2397 -- Stmts is passed as IN OUT to signal that the list can be updated,
2398 -- even if the corresponding integer value representing the list does
2399 -- not change.
2401 -- Start of processing for Process_Contract_Cases
2403 begin
2411 ----------------------------
2412 -- Process_Postconditions --
2413 ----------------------------
2417 -- Collect all [refined] postconditions of a specific kind denoted
2418 -- by Post_Nam that belong to the body, and generate pragma Check
2419 -- equivalents in list Stmts.
2422 -- Collect all [inherited] postconditions of the spec, and generate
2423 -- pragma Check equivalents in list Stmts.
2425 ---------------------------------
2426 -- Process_Body_Postconditions --
2427 ---------------------------------
2435 begin
2436 -- Process the contract
2443 then
2444 Append_Enabled_Item
2453 -- The subprogram body being processed is actually the proper body
2454 -- of a stub with a corresponding spec. The subprogram stub may
2455 -- carry a postcondition pragma, in which case it must be taken
2456 -- into account. The pragma appears after the stub.
2462 -- Note that non-matching pragmas are skipped
2467 then
2468 Append_Enabled_Item
2473 -- Skip internally generated code
2478 -- Postcondition pragmas are usually grouped together. There
2479 -- is no need to inspect the whole declarative list.
2481 else
2490 ---------------------------------
2491 -- Process_Spec_Postconditions --
2492 ---------------------------------
2502 begin
2503 -- Process the contract
2512 then
2513 Append_Enabled_Item
2522 -- Process the contracts of all inherited subprograms, looking for
2523 -- class-wide postconditions.
2534 then
2535 Item :=
2536 Build_Pragma_Check_Equivalent
2541 -- The pragma Check equivalent of the class-wide
2542 -- postcondition is still created even though the
2543 -- pragma may be ignored because the equivalent
2544 -- performs semantic checks.
2558 -- Stmts is passed as IN OUT to signal that the list can be updated,
2559 -- even if the corresponding integer value representing the list does
2560 -- not change.
2562 -- Start of processing for Process_Postconditions
2564 begin
2565 -- The processing of postconditions is done in reverse order (body
2566 -- first) to ensure the following arrangement:
2568 -- <refined postconditions from body>
2569 -- <postconditions from body>
2570 -- <postconditions from spec>
2571 -- <inherited postconditions>
2577 Process_Spec_Postconditions;
2581 ---------------------------
2582 -- Process_Preconditions --
2583 ---------------------------
2587 -- The sole [inherited] class-wide precondition pragma that applies
2588 -- to the subprogram.
2591 -- The insertion node after which all pragma Check equivalents are
2592 -- inserted.
2595 -- Determine whether arbitrary declaration Decl denotes a renaming of
2596 -- a discriminant or protection field _object.
2599 -- Merge two class-wide preconditions by "or else"-ing them. The
2600 -- changes are accumulated in parameter Into. Update the error
2601 -- message of Into.
2604 -- Prepend a single item to the declarations of the subprogram body
2607 -- Save a class-wide precondition into Class_Pre, or prepend a normal
2608 -- precondition to the declarations of the body and analyze it.
2611 -- Collect all inherited class-wide preconditions and merge them into
2612 -- one big precondition to be evaluated as pragma Check.
2615 -- Collect all preconditions of subprogram Subp_Id and prepend their
2616 -- pragma Check equivalents to the declarations of the body.
2618 --------------------------
2619 -- Is_Prologue_Renaming --
2620 --------------------------
2628 begin
2637 -- A discriminant renaming appears as
2638 -- Discr : constant ... := Prefix.Discr;
2644 then
2647 -- A protection field renaming appears as
2648 -- Prot : ... := _object._object;
2650 -- A renamed private component is just a component of
2651 -- _object, with an arbitrary name.
2657 then
2666 -------------------------
2667 -- Merge_Preconditions --
2668 -------------------------
2672 -- Return the boolean expression argument of a precondition while
2673 -- updating its parentheses count for the subsequent merge.
2676 -- Return the message argument of a precondition
2678 --------------------
2679 -- Expression_Arg --
2680 --------------------
2686 begin
2694 -----------------
2695 -- Message_Arg --
2696 -----------------
2700 begin
2704 -- Local variables
2712 -- Start of processing for Merge_Preconditions
2714 begin
2715 -- Merge the two preconditions by "or else"-ing them
2722 -- Merge the two error messages to produce a single message of the
2723 -- form:
2725 -- failed precondition from ...
2726 -- also failed inherited precondition from ...
2738 ----------------------
2739 -- Prepend_To_Decls --
2740 ----------------------
2745 begin
2748 -- Ensure that the body has a declarative list
2758 ------------------------------
2759 -- Prepend_To_Decls_Or_Save --
2760 ------------------------------
2765 begin
2768 -- Save the sole class-wide precondition (if any) for the next
2769 -- step, where it will be merged with inherited preconditions.
2775 -- Accumulate the corresponding Check pragmas at the top of the
2776 -- declarations. Prepending the items ensures that they will be
2777 -- evaluated in their original order.
2779 else
2782 else
2790 -------------------------------------
2791 -- Process_Inherited_Preconditions --
2792 -------------------------------------
2803 begin
2804 -- Process the contracts of all inherited subprograms, looking for
2805 -- class-wide preconditions.
2816 then
2817 Item :=
2818 Build_Pragma_Check_Equivalent
2823 -- The pragma Check equivalent of the class-wide
2824 -- precondition is still created even though the
2825 -- pragma may be ignored because the equivalent
2826 -- performs semantic checks.
2830 -- The spec of an inherited subprogram already
2831 -- yielded a class-wide precondition. Merge the
2832 -- existing precondition with the current one
2833 -- using "or else".
2837 else
2848 -- Add the merged class-wide preconditions
2856 -------------------------------
2857 -- Process_Preconditions_For --
2858 -------------------------------
2867 begin
2868 -- Process the contract. If the body is an expression function
2869 -- that is a completion, freeze types within, because this may
2870 -- not have been done yet, when the subprogram declaration and
2871 -- its completion by an expression function appear in distinct
2872 -- declarative lists of the same unit (visible and private).
2874 Freeze_T :=
2887 then
2888 if Freeze_T
2890 then
2891 Freeze_Expr_Types
2905 -- The subprogram declaration being processed is actually a body
2906 -- stub. The stub may carry a precondition pragma, in which case
2907 -- it must be taken into account. The pragma appears after the
2908 -- stub.
2912 -- Inspect the declarations following the body stub
2917 -- Note that non-matching pragmas are skipped
2922 then
2926 -- Skip internally generated code
2931 -- Preconditions are usually grouped together. There is no
2932 -- need to inspect the whole declarative list.
2934 else
2943 -- Local variables
2948 -- Start of processing for Process_Preconditions
2950 begin
2951 -- Find the proper insertion point for all pragma Check equivalents
2957 -- First source declaration terminates the search, because all
2958 -- preconditions must be evaluated prior to it, by definition.
2963 -- Certain internally generated object renamings such as those
2964 -- for discriminants and protection fields must be elaborated
2965 -- before the preconditions are evaluated, as their expressions
2966 -- may mention the discriminants. The renamings include those
2967 -- for private components so we need to find the last such.
2972 loop
2978 -- Otherwise the declaration does not come from source. This
2979 -- also terminates the search, because internal code may raise
2980 -- exceptions which should not preempt the preconditions.
2982 else
2990 -- The processing of preconditions is done in reverse order (body
2991 -- first), because each pragma Check equivalent is inserted at the
2992 -- top of the declarations. This ensures that the final order is
2993 -- consistent with following diagram:
2995 -- <inherited preconditions>
2996 -- <preconditions from spec>
2997 -- <preconditions from body>
3003 Process_Inherited_Preconditions;
3007 -- Local variables
3014 -- Start of processing for Expand_Subprogram_Contract
3016 begin
3017 -- Obtain the entity of the initial declaration
3021 else
3025 -- Do not perform expansion activity when it is not needed
3030 -- ASIS requires an unaltered tree
3035 -- GNATprove does not need the executable semantics of a contract
3040 -- The contract of a generic subprogram or one declared in a generic
3041 -- context is not expanded, as the corresponding instance will provide
3042 -- the executable semantics of the contract.
3047 -- All subprograms carry a contract, but for some it is not significant
3048 -- and should not be processed. This is a small optimization.
3053 -- The contract of an ignored Ghost subprogram does not need expansion,
3054 -- because the subprogram and all calls to it will be removed.
3059 -- Do not re-expand the same contract. This scenario occurs when a
3060 -- construct is rewritten into something else during its analysis
3061 -- (expression functions for instance).
3067 -- Prevent multiple expansion attempts of the same contract
3071 -- Ensure that the formal parameters are visible when expanding all
3072 -- contract items.
3080 else
3085 -- The expansion of a subprogram contract involves the creation of Check
3086 -- pragmas to verify the contract assertions of the spec and body in a
3087 -- particular order. The order is as follows:
3089 -- function Example (...) return ... is
3090 -- procedure _Postconditions (...) is
3091 -- begin
3092 -- <refined postconditions from body>
3093 -- <postconditions from body>
3094 -- <postconditions from spec>
3095 -- <inherited postconditions>
3096 -- <contract case consequences>
3097 -- <invariant check of function result>
3098 -- <invariant and predicate checks of parameters>
3099 -- end _Postconditions;
3101 -- <inherited preconditions>
3102 -- <preconditions from spec>
3103 -- <preconditions from body>
3104 -- <contract case conditions>
3106 -- <source declarations>
3107 -- begin
3108 -- <source statements>
3110 -- _Preconditions (Result);
3111 -- return Result;
3112 -- end Example;
3114 -- Routine _Postconditions holds all contract assertions that must be
3115 -- verified on exit from the related subprogram.
3117 -- Step 1: Handle all preconditions. This action must come before the
3118 -- processing of pragma Contract_Cases because the pragma prepends items
3119 -- to the body declarations.
3121 Process_Preconditions;
3123 -- Step 2: Handle all postconditions. This action must come before the
3124 -- processing of pragma Contract_Cases because the pragma appends items
3125 -- to list Stmts.
3129 -- Step 3: Handle pragma Contract_Cases. This action must come before
3130 -- the processing of invariants and predicates because those append
3131 -- items to list Stmts.
3135 -- Step 4: Apply invariant and predicate checks on a function result and
3136 -- all formals. The resulting checks are accumulated in list Stmts.
3140 -- Step 5: Construct procedure _Postconditions
3145 End_Scope;
3149 -------------------------------
3150 -- Freeze_Previous_Contracts --
3151 -------------------------------
3156 -- Determine whether arbitrary node N causes contract freezing
3160 -- Freeze the contracts of all eligible constructs which precede body
3161 -- Body_Decl.
3165 -- Freeze the contract of the nearest package body (if any) which
3166 -- encloses body Body_Decl.
3168 ------------------------------
3169 -- Causes_Contract_Freezing --
3170 ------------------------------
3173 begin
3175 N_Package_Body,
3176 N_Protected_Body,
3177 N_Subprogram_Body,
3178 N_Subprogram_Body_Stub,
3179 N_Task_Body);
3182 ----------------------
3183 -- Freeze_Contracts --
3184 ----------------------
3190 begin
3191 -- Nothing to do when the body which causes freezing does not appear
3192 -- in a declarative list because there cannot possibly be constructs
3193 -- with contracts.
3199 -- Inspect the declarations preceding the body, and freeze individual
3200 -- contracts of eligible constructs.
3205 -- Stop the traversal when a preceding construct that causes
3206 -- freezing is encountered as there is no point in refreezing
3207 -- the already frozen constructs.
3212 -- Entry or subprogram declarations
3215 N_Entry_Declaration,
3216 N_Generic_Subprogram_Declaration,
3217 N_Subprogram_Declaration)
3218 then
3219 Analyze_Entry_Or_Subprogram_Contract
3223 -- Objects
3226 Analyze_Object_Contract
3230 -- Protected units
3233 N_Single_Protected_Declaration)
3234 then
3237 -- Subprogram body stubs
3242 -- Task units
3245 N_Task_Type_Declaration)
3246 then
3254 -----------------------------------
3255 -- Freeze_Enclosing_Package_Body --
3256 -----------------------------------
3262 begin
3263 -- Climb the parent chain looking for an enclosing package body. Do
3264 -- not use the scope stack, because a body utilizes the entity of its
3265 -- corresponding spec.
3270 Analyze_Package_Body_Contract
3276 -- Do not look for an enclosing package body when the construct
3277 -- which causes freezing is a body generated for an expression
3278 -- function and it appears within a package spec. This ensures
3279 -- that the traversal will not reach too far up the parent chain
3280 -- and attempt to freeze a package body which must not be frozen.
3282 -- package body Enclosing_Body
3283 -- with Refined_State => (State => Var)
3284 -- is
3285 -- package Nested is
3286 -- type Some_Type is ...;
3287 -- function Cause_Freezing return ...;
3288 -- private
3289 -- function Cause_Freezing is (...);
3290 -- end Nested;
3291 --
3292 -- Var : Nested.Some_Type;
3296 then
3299 -- Prevent the search from going too far
3309 -- Local variables
3313 -- Start of processing for Freeze_Previous_Contracts
3315 begin
3318 -- A body that is in the process of being inlined appears from source,
3319 -- but carries name _parent. Such a body does not cause freezing of
3320 -- contracts.
3326 Freeze_Enclosing_Package_Body;
3327 Freeze_Contracts;
3330 ---------------------------------
3331 -- Inherit_Subprogram_Contract --
3332 ---------------------------------
3334 procedure Inherit_Subprogram_Contract
3337 is
3339 -- Propagate a pragma denoted by Prag_Id from From_Subp's contract to
3340 -- Subp's contract.
3342 --------------------
3343 -- Inherit_Pragma --
3344 --------------------
3350 begin
3351 -- A pragma cannot be part of more than one First_Pragma/Next_Pragma
3352 -- chains, therefore the node must be replicated. The new pragma is
3353 -- flagged as inherited for distinction purposes.
3363 -- Start of processing for Inherit_Subprogram_Contract
3365 begin
3366 -- Inheritance is carried out only when both entities are subprograms
3367 -- with contracts.
3372 then
3377 -------------------------------------
3378 -- Instantiate_Subprogram_Contract --
3379 -------------------------------------
3383 -- Instantiate all contract-related source pragmas found in the list,
3384 -- starting with pragma First_Prag. Each instantiated pragma is added
3385 -- to list L.
3387 -------------------------
3388 -- Instantiate_Pragmas --
3389 -------------------------
3395 begin
3399 Inst_Prag :=
3410 -- Local variables
3414 -- Start of processing for Instantiate_Subprogram_Contract
3416 begin
3424 ----------------------------------------
3425 -- Save_Global_References_In_Contract --
3426 ----------------------------------------
3428 procedure Save_Global_References_In_Contract
3431 is
3433 -- Save all global references in contract-related source pragmas found
3434 -- in the list, starting with pragma First_Prag.
3436 ------------------------------------
3437 -- Save_Global_References_In_List --
3438 ------------------------------------
3443 begin
3454 -- Local variables
3458 -- Start of processing for Save_Global_References_In_Contract
3460 begin
3461 -- The entity of the analyzed generic copy must be on the scope stack
3462 -- to ensure proper detection of global references.
3468 then
3478 Pop_Scope;