| blob | 8bb91714202301bbcb13bc18a63cbec6918e3235 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C H E C K S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 1992-2005 Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 2, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING. If not, write --
19 -- to the Free Software Foundation, 51 Franklin Street, Fifth Floor, --
20 -- Boston, MA 02110-1301, USA. --
21 -- --
22 -- GNAT was originally developed by the GNAT team at New York University. --
23 -- Extensive contributions were provided by Ada Core Technologies Inc. --
24 -- --
25 ------------------------------------------------------------------------------
65 -- General note: many of these routines are concerned with generating
66 -- checking code to make sure that constraint error is raised at runtime.
67 -- Clearly this code is only needed if the expander is active, since
68 -- otherwise we will not be generating code or going into the runtime
69 -- execution anyway.
71 -- We therefore disconnect most of these checks if the expander is
72 -- inactive. This has the additional benefit that we do not need to
73 -- worry about the tree being messed up by previous errors (since errors
74 -- turn off expansion anyway).
76 -- There are a few exceptions to the above rule. For instance routines
77 -- such as Apply_Scalar_Range_Check that do not insert any code can be
78 -- safely called even when the Expander is inactive (but Errors_Detected
79 -- is 0). The benefit of executing this code when expansion is off, is
80 -- the ability to emit constraint error warning for static expressions
81 -- even when we are not generating code.
83 -------------------------------------
84 -- Suppression of Redundant Checks --
85 -------------------------------------
87 -- This unit implements a limited circuit for removal of redundant
88 -- checks. The processing is based on a tracing of simple sequential
89 -- flow. For any sequence of statements, we save expressions that are
90 -- marked to be checked, and then if the same expression appears later
91 -- with the same check, then under certain circumstances, the second
92 -- check can be suppressed.
94 -- Basically, we can suppress the check if we know for certain that
95 -- the previous expression has been elaborated (together with its
96 -- check), and we know that the exception frame is the same, and that
97 -- nothing has happened to change the result of the exception.
99 -- Let us examine each of these three conditions in turn to describe
100 -- how we ensure that this condition is met.
102 -- First, we need to know for certain that the previous expression has
103 -- been executed. This is done principly by the mechanism of calling
104 -- Conditional_Statements_Begin at the start of any statement sequence
105 -- and Conditional_Statements_End at the end. The End call causes all
106 -- checks remembered since the Begin call to be discarded. This does
107 -- miss a few cases, notably the case of a nested BEGIN-END block with
108 -- no exception handlers. But the important thing is to be conservative.
109 -- The other protection is that all checks are discarded if a label
110 -- is encountered, since then the assumption of sequential execution
111 -- is violated, and we don't know enough about the flow.
113 -- Second, we need to know that the exception frame is the same. We
114 -- do this by killing all remembered checks when we enter a new frame.
115 -- Again, that's over-conservative, but generally the cases we can help
116 -- with are pretty local anyway (like the body of a loop for example).
118 -- Third, we must be sure to forget any checks which are no longer valid.
119 -- This is done by two mechanisms, first the Kill_Checks_Variable call is
120 -- used to note any changes to local variables. We only attempt to deal
121 -- with checks involving local variables, so we do not need to worry
122 -- about global variables. Second, a call to any non-global procedure
123 -- causes us to abandon all stored checks, since such a all may affect
124 -- the values of any local variables.
126 -- The following define the data structures used to deal with remembering
127 -- checks so that redundant checks can be eliminated as described above.
129 -- Right now, the only expressions that we deal with are of the form of
130 -- simple local objects (either declared locally, or IN parameters) or
131 -- such objects plus/minus a compile time known constant. We can do
132 -- more later on if it seems worthwhile, but this catches many simple
133 -- cases in practice.
135 -- The following record type reflects a single saved check. An entry
136 -- is made in the stack of saved checks if and only if the expression
137 -- has been elaborated with the indicated checks.
141 -- Set True if entry is killed by Kill_Checks
144 -- The entity involved in the expression that is checked
147 -- A compile time value indicating the result of adding or
148 -- subtracting a compile time value. This value is to be
149 -- added to the value of the Entity. A value of zero is
150 -- used for the case of a simple entity reference.
153 -- This is set to 'R' for a range check (in which case Target_Type
154 -- is set to the target type for the range check) or to 'O' for an
155 -- overflow check (in which case Target_Type is set to Empty).
158 -- Used only if Do_Range_Check is set. Records the target type for
159 -- the check. We need this, because a check is a duplicate only if
160 -- it has a the same target type (or more accurately one with a
161 -- range that is smaller or equal to the stored target type of a
162 -- saved check).
165 -- The following table keeps track of saved checks. Rather than use an
166 -- extensible table. We just use a table of fixed size, and we discard
167 -- any saved checks that do not fit. That's very unlikely to happen and
168 -- this is only an optimization in any case.
171 -- Array of saved checks
174 -- Number of saved checks
176 -- The following stack keeps track of statement ranges. It is treated
177 -- as a stack. When Conditional_Statements_Begin is called, an entry
178 -- is pushed onto this stack containing the value of Num_Saved_Checks
179 -- at the time of the call. Then when Conditional_Statements_End is
180 -- called, this value is popped off and used to reset Num_Saved_Checks.
182 -- Note: again, this is a fixed length stack with a size that should
183 -- always be fine. If the value of the stack pointer goes above the
184 -- limit, then we just forget all saved checks.
189 -----------------------
190 -- Local Subprograms --
191 -----------------------
193 procedure Apply_Float_Conversion_Check
196 -- The checks on a conversion from a floating-point type to an integer
197 -- type are delicate. They have to be performed before conversion, they
198 -- have to raise an exception when the operand is a NaN, and rounding must
199 -- be taken into account to determine the safe bounds of the operand.
201 procedure Apply_Selected_Length_Checks
206 -- This is the subprogram that does all the work for Apply_Length_Check
207 -- and Apply_Static_Length_Check. Expr, Target_Typ and Source_Typ are as
208 -- described for the above routines. The Do_Static flag indicates that
209 -- only a static check is to be done.
211 procedure Apply_Selected_Range_Checks
216 -- This is the subprogram that does all the work for Apply_Range_Check.
217 -- Expr, Target_Typ and Source_Typ are as described for the above
218 -- routine. The Do_Static flag indicates that only a static check is
219 -- to be done.
223 -- This function is used to see if an access or division by zero check is
224 -- needed. The check is to be applied to a single variable appearing in the
225 -- source, and N is the node for the reference. If N is not of this form,
226 -- True is returned with no further processing. If N is of the right form,
227 -- then further processing determines if the given Check is needed.
228 --
229 -- The particular circuit is to see if we have the case of a check that is
230 -- not needed because it appears in the right operand of a short circuited
231 -- conditional where the left operand guards the check. For example:
232 --
233 -- if Var = 0 or else Q / Var > 12 then
234 -- ...
235 -- end if;
236 --
237 -- In this example, the division check is not required. At the same time
238 -- we can issue warnings for suspicious use of non-short-circuited forms,
239 -- such as:
240 --
241 -- if Var = 0 or Q / Var > 12 then
242 -- ...
243 -- end if;
245 procedure Find_Check
253 -- This routine is used by Enable_Range_Check and Enable_Overflow_Check
254 -- to see if a check is of the form for optimization, and if so, to see
255 -- if it has already been performed. Expr is the expression to check,
256 -- and Check_Type is 'R' for a range check, 'O' for an overflow check.
257 -- Target_Type is the target type for a range check, and Empty for an
258 -- overflow check. If the entry is not of the form for optimization,
259 -- then Entry_OK is set to False, and the remaining out parameters
260 -- are undefined. If the entry is OK, then Ent/Ofs are set to the
261 -- entity and offset from the expression. Check_Num is the number of
262 -- a matching saved entry in Saved_Checks, or zero if no such entry
263 -- is located.
266 -- If a discriminal is used in constraining a prival, Return reference
267 -- to the discriminal of the protected body (which renames the parameter
268 -- of the enclosing protected operation). This clumsy transformation is
269 -- needed because privals are created too late and their actual subtypes
270 -- are not available when analysing the bodies of the protected operations.
271 -- To be cleaned up???
273 function Guard_Access
277 -- In the access type case, guard the test with a test to ensure
278 -- that the access value is non-null, since the checks do not
279 -- not apply to null access values.
282 -- Called by Apply_{Length,Range}_Checks to rewrite the tree with the
283 -- Constraint_Error node.
285 function Selected_Length_Checks
290 -- Like Apply_Selected_Length_Checks, except it doesn't modify
291 -- anything, just returns a list of nodes as described in the spec of
292 -- this package for the Range_Check function.
294 function Selected_Range_Checks
299 -- Like Apply_Selected_Range_Checks, except it doesn't modify anything,
300 -- just returns a list of nodes as described in the spec of this package
301 -- for the Range_Check function.
303 ------------------------------
304 -- Access_Checks_Suppressed --
305 ------------------------------
308 begin
311 else
316 -------------------------------------
317 -- Accessibility_Checks_Suppressed --
318 -------------------------------------
321 begin
324 else
329 -------------------------
330 -- Append_Range_Checks --
331 -------------------------
333 procedure Append_Range_Checks
339 is
345 or else
348 begin
349 -- For now we just return if Checks_On is false, however this should
350 -- be enhanced to check for an always True value in the condition
351 -- and to generate a compilation warning???
362 then
368 else
369 Append_To
377 ------------------------
378 -- Apply_Access_Check --
379 ------------------------
384 begin
393 -- We do not need access checks if prefix is known to be non-null
398 -- We do not need access checks if they are suppressed on the type
403 -- We do not need checks if we are not generating code (i.e. the
404 -- expander is not active). This is not just an optimization, there
405 -- are cases (e.g. with pragma Debug) where generating the checks
406 -- can cause real trouble).
411 -- We do not need checks if not needed because of short circuiting
417 -- Case where P is an entity name
420 declare
423 begin
428 -- Otherwise we are going to generate an access check, and
429 -- are we have done it, the entity will now be known non null
430 -- But we have to check for safe sequential semantics here!
438 -- Access check is required
443 -------------------------------
444 -- Apply_Accessibility_Check --
445 -------------------------------
453 begin
457 -- Only apply the run-time check if the access parameter
458 -- has an associated extra access level parameter and
459 -- when the level of the type is less deep than the level
460 -- of the access parameter.
468 then
469 Param_Level :=
472 Type_Level :=
475 -- Raise Program_Error if the accessibility level of the
476 -- the access parameter is deeper than the level of the
477 -- target access type.
481 Condition =>
491 ---------------------------
492 -- Apply_Alignment_Check --
493 ---------------------------
502 -- Constant to show whether target requires alignment checks
504 begin
505 -- See if check needed. Note that we never need a check if the
506 -- maximum alignment is one, since the check will always succeed
510 or else not Alignment_Required
511 then
524 then
532 -- Here Expr is the address value. See if we know that the
533 -- value is unacceptable at compile time.
537 then
538 declare
541 begin
542 -- The object alignment might be more restrictive than the
543 -- type alignment.
553 Error_Msg_NE
559 -- Here we do not know if the value is acceptable, generate
560 -- code to raise PE if alignment is inappropriate.
562 else
563 -- Skip generation of this code if we don't want elab code
568 Condition =>
570 Left_Opnd =>
572 Left_Opnd =>
573 Unchecked_Convert_To
576 Right_Opnd =>
588 exception
593 -------------------------------------
594 -- Apply_Arithmetic_Overflow_Check --
595 -------------------------------------
597 -- This routine is called only if the type is an integer type, and
598 -- a software arithmetic overflow check must be performed for op
599 -- (add, subtract, multiply). The check is performed only if
600 -- Software_Overflow_Checking is enabled and Do_Overflow_Check
601 -- is set. In this case we expand the operation into a more complex
602 -- sequence of tests that ensures that overflow is properly caught.
615 begin
616 -- Skip this if overflow checks are done in back end, or the overflow
617 -- flag is not set anyway, or we are not doing code expansion.
619 if Backend_Overflow_Checks_On_Target
621 or else not Expander_Active
622 then
626 -- Otherwise, we generate the full general code for front end overflow
627 -- detection, which works by doing arithmetic in a larger type:
629 -- x op y
631 -- is expanded into
633 -- Typ (Checktyp (x) op Checktyp (y));
635 -- where Typ is the type of the original expression, and Checktyp is
636 -- an integer type of sufficient length to hold the largest possible
637 -- result.
639 -- In the case where check type exceeds the size of Long_Long_Integer,
640 -- we use a different approach, expanding to:
642 -- typ (xxx_With_Ovflo_Check (Integer_64 (x), Integer (y)))
644 -- where xxx is Add, Multiply or Subtract as appropriate
646 -- Find check type if one exists
654 -- No check type exists, use runtime call
656 else
663 else
680 -- If we fall through, we have the case where we do the arithmetic in
681 -- the next higher type and get the check by conversion. In these cases
682 -- Ctyp is set to the type to be used as the check type.
700 -- The type of the operation changes to the base type of the check
701 -- type, and we reset the overflow check indication, since clearly
702 -- no overflow is possible now that we are using a double length
703 -- type. We also set the Analyzed flag to avoid a recursive attempt
704 -- to expand the node.
710 -- Now build the outer conversion
716 -- In the discrete type case, we directly generate the range check
717 -- for the outer operand. This range check will implement the required
718 -- overflow check.
724 -- For other types, we enable overflow checking on the conversion,
725 -- after setting the node as analyzed to prevent recursive attempts
726 -- to expand the conversion node.
728 else
734 exception
739 ----------------------------
740 -- Apply_Array_Size_Check --
741 ----------------------------
743 -- The situation is as follows. In GNAT 3 (GCC 2.x), the size in bits
744 -- is computed in 32 bits without an overflow check. That's a real
745 -- problem for Ada. So what we do in GNAT 3 is to approximate the
746 -- size of an array by manually multiplying the element size by the
747 -- number of elements, and comparing that against the allowed limits.
749 -- In GNAT 5, the size in byte is still computed in 32 bits without
750 -- an overflow check in the dynamic case, but the size in bits is
751 -- computed in 64 bits. We assume that's good enough, and we do not
752 -- bother to generate any front end test.
770 -- Set false if any index subtye bound is non-static
773 -- We can throw away all the Uint computations here, since they are
774 -- done only to generate boolean test results.
777 -- Size to check against
780 -- Determines if Decl is an address clause or Import/Interface pragma
781 -- that references the defining identifier of the current declaration.
783 --------------------------
784 -- Is_Address_Or_Import --
785 --------------------------
788 begin
793 return
795 and then
797 and then
802 or else
805 then
806 declare
810 begin
811 return
813 and then
815 and then
817 and then
821 else
825 else
830 -- Start of processing for Apply_Array_Size_Check
832 begin
833 -- Do size check on local arrays. We only need this in the GCC 2
834 -- case, since in GCC 3, we expect the back end to properly handle
835 -- things. This routine can be removed when we baseline GNAT 3.
841 -- No need for a check if not expanding
847 -- No need for a check if checks are suppressed
853 -- It is pointless to insert this check inside an init proc, because
854 -- that's too late, we have already built the object to be the right
855 -- size, and if it's too large, too bad!
861 -- Look head for pragma interface/import or address clause applying
862 -- to this entity. If found, we suppress the check entirely. For now
863 -- we only look ahead 20 declarations to stop this becoming too slow
864 -- Note that eventually this whole routine gets moved to gigi.
876 -- First step is to calculate the maximum number of elements. For
877 -- this calculation, we use the actual size of the subtype if it is
878 -- static, and if a bound of a subtype is non-static, we go to the
879 -- bound of the base type.
888 -- If any bound raises constraint error, we will never get this
889 -- far, so there is no need to generate any kind of check.
892 or else
894 then
899 -- Otherwise get bounds values
903 else
910 else
919 -- Compute the limit against which we want to check. For subprograms,
920 -- where the array will go on the stack, we use 8*2**24, which (in
921 -- bits) is the size of a 16 megabyte array.
925 else
929 -- If we have all static bounds and Siz is too large, then we know
930 -- we know we have a storage error right now, so generate message
941 -- Case of component size known at compile time. If the array
942 -- size is definitely in range, then we do not need a check.
946 then
951 -- Here if a dynamic check is required
953 -- What we do is to build an expression for the size of the array,
954 -- which is computed as the 'Size of the array component, times
955 -- the size of each dimension.
959 Sizx :=
970 Sizx :=
973 Right_Opnd =>
982 -- Emit the check
984 Code :=
986 Condition =>
989 Right_Opnd =>
998 ----------------------------
999 -- Apply_Constraint_Check --
1000 ----------------------------
1002 procedure Apply_Constraint_Check
1006 is
1009 begin
1018 -- A useful optimization: an aggregate with only an others clause
1019 -- always has the right bounds.
1023 and then Nkind
1025 = N_Others_Choice
1026 then
1036 else
1044 then
1051 -- No checks necessary if expression statically null
1056 -- No sliding possible on access to arrays
1067 then
1073 then
1079 ------------------------------
1080 -- Apply_Discriminant_Check --
1081 ------------------------------
1083 procedure Apply_Discriminant_Check
1087 is
1095 -- It is possible for an aliased component to have a nominal
1096 -- unconstrained subtype (through instantiation). If this is a
1097 -- discriminated component assigned in the expansion of an aggregate
1098 -- in an initialization, the check must be suppressed. This unusual
1099 -- situation requires a predicate of its own (see 7503-008).
1101 ----------------------------------------
1102 -- Is_Aliased_Unconstrained_Component --
1103 ----------------------------------------
1109 begin
1112 else
1119 then
1124 and then In_Instance
1128 -- Start of processing for Apply_Discriminant_Check
1130 begin
1133 else
1137 -- Nothing to do if discriminant checks are suppressed or else no code
1138 -- is to be generated
1140 if not Expander_Active
1142 then
1146 -- No discriminant checks necessary for an access when expression
1147 -- is statically Null. This is not only an optimization, this is
1148 -- fundamental because otherwise discriminant checks may be generated
1149 -- in init procs for types containing an access to a not-yet-frozen
1150 -- record, causing a deadly forward reference.
1152 -- Also, if the expression is of an access type whose designated
1153 -- type is incomplete, then the access value must be null and
1154 -- we suppress the check.
1167 -- If an assignment target is present, then we need to generate
1168 -- the actual subtype if the target is a parameter or aliased
1169 -- object with an unconstrained nominal subtype.
1176 then
1180 -- Nothing to do if the type is unconstrained (this is the case
1181 -- where the actual subtype in the RM sense of N is unconstrained
1182 -- and no check is required).
1187 -- Ada 2005: nothing to do if the type is one for which there is a
1188 -- partial view that is constrained.
1192 then
1196 -- Nothing to do if the type is an Unchecked_Union
1202 -- Suppress checks if the subtypes are the same.
1203 -- the check must be preserved in an assignment to a formal, because
1204 -- the constraint is given by the actual.
1210 then
1214 then
1218 -- We can also eliminate checks on allocators with a subtype mark
1219 -- that coincides with the context type. The context type may be a
1220 -- subtype without a constraint (common case, a generic actual).
1224 then
1225 declare
1229 begin
1236 then
1242 -- See if we have a case where the types are both constrained, and
1243 -- all the constraints are constants. In this case, we can do the
1244 -- check successfully at compile time.
1246 -- We skip this check for the case where the node is a rewritten`
1247 -- allocator, because it already carries the context subtype, and
1248 -- extracting the discriminants from the aggregate is messy.
1252 then
1253 declare
1260 begin
1261 -- S_Typ may not have discriminants in the case where it is a
1262 -- private type completed by a default discriminated type. In
1263 -- that case, we need to get the constraints from the
1264 -- underlying_type. If the underlying type is unconstrained (i.e.
1265 -- has no default discriminants) no check is needed.
1271 else
1273 DconS :=
1274 First_Elmt
1281 -- A further optimization: if T_Typ is derived from S_Typ
1282 -- without imposing a constraint, no check is needed.
1285 N_Full_Type_Declaration
1286 then
1287 declare
1289 Type_Definition
1291 begin
1295 then
1308 exit when
1310 or else
1316 else
1317 Apply_Compile_Time_Constraint_Error
1335 -- Here we need a discriminant check. First build the expression
1336 -- for the comparisons of the discriminants:
1338 -- (n.disc1 /= typ.disc1) or else
1339 -- (n.disc2 /= typ.disc2) or else
1340 -- ...
1341 -- (n.discn /= typ.discn)
1345 -- If Lhs is set and is a parameter, then the condition is
1346 -- guarded by: lhs'constrained and then (condition built above)
1349 Cond :=
1351 Left_Opnd =>
1368 ------------------------
1369 -- Apply_Divide_Check --
1370 ------------------------
1386 begin
1387 if Expander_Active
1388 and then not Backend_Divide_Checks_On_Target
1390 then
1393 -- See if division by zero possible, and if so generate test. This
1394 -- part of the test is not controlled by the -gnato switch.
1400 Condition =>
1408 -- Test for extremely annoying case of xxx'First divided by -1
1413 then
1418 and then
1420 then
1423 Condition =>
1427 Left_Opnd =>
1432 Left_Opnd =>
1434 Right_Opnd =>
1443 ----------------------------------
1444 -- Apply_Float_Conversion_Check --
1445 ----------------------------------
1447 -- Let F and I be the source and target types of the conversion.
1448 -- The Ada standard specifies that a floating-point value X is rounded
1449 -- to the nearest integer, with halfway cases being rounded away from
1450 -- zero. The rounded value of X is checked against I'Range.
1452 -- The catch in the above paragraph is that there is no good way
1453 -- to know whether the round-to-integer operation resulted in
1454 -- overflow. A remedy is to perform a range check in the floating-point
1455 -- domain instead, however:
1456 -- (1) The bounds may not be known at compile time
1457 -- (2) The check must take into account possible rounding.
1458 -- (3) The range of type I may not be exactly representable in F.
1459 -- (4) The end-points I'First - 0.5 and I'Last + 0.5 may or may
1460 -- not be in range, depending on the sign of I'First and I'Last.
1461 -- (5) X may be a NaN, which will fail any comparison
1463 -- The following steps take care of these issues converting X:
1464 -- (1) If either I'First or I'Last is not known at compile time, use
1465 -- I'Base instead of I in the next three steps and perform a
1466 -- regular range check against I'Range after conversion.
1467 -- (2) If I'First - 0.5 is representable in F then let Lo be that
1468 -- value and define Lo_OK as (I'First > 0). Otherwise, let Lo be
1469 -- F'Machine (T) and let Lo_OK be (Lo >= I'First). In other words,
1470 -- take one of the closest floating-point numbers to T, and see if
1471 -- it is in range or not.
1472 -- (3) If I'Last + 0.5 is representable in F then let Hi be that value
1473 -- and define Hi_OK as (I'Last < 0). Otherwise, let Hi be
1474 -- F'Rounding (T) and let Hi_OK be (Hi <= I'Last).
1475 -- (4) Raise CE when (Lo_OK and X < Lo) or (not Lo_OK and X <= Lo)
1476 -- or (Hi_OK and X > Hi) or (not Hi_OK and X >= Hi)
1478 procedure Apply_Float_Conversion_Check
1481 is
1491 -- Largest bound, so bound plus or minus half is a machine number of F
1493 Ifirst,
1496 Lo_OK,
1499 Lo_Chk,
1504 begin
1507 then
1508 declare
1509 -- First check that the value falls in the range of the base
1510 -- type, to prevent overflow during conversion and then
1511 -- perform a regular range check against the (dynamic) bounds.
1522 begin
1535 Condition =>
1546 -- Get the bounds of the target type
1551 -- Check against lower bound
1556 else
1563 -- Lo_Chk := (X >= Lo)
1569 else
1570 -- Lo_Chk := (X > Lo)
1577 -- Check against higher bound
1582 else
1589 -- Hi_Chk := (X <= Hi)
1595 else
1596 -- Hi_Chk := (X < Hi)
1603 -- If the bounds of the target type are the same as those of the
1604 -- base type, the check is an overflow check as a range check is
1605 -- not performed in these cases.
1609 then
1611 else
1615 -- Raise CE if either conditions does not hold
1623 ------------------------
1624 -- Apply_Length_Check --
1625 ------------------------
1627 procedure Apply_Length_Check
1631 is
1632 begin
1633 Apply_Selected_Length_Checks
1637 -----------------------
1638 -- Apply_Range_Check --
1639 -----------------------
1641 procedure Apply_Range_Check
1645 is
1646 begin
1647 Apply_Selected_Range_Checks
1651 ------------------------------
1652 -- Apply_Scalar_Range_Check --
1653 ------------------------------
1655 -- Note that Apply_Scalar_Range_Check never turns the Do_Range_Check
1656 -- flag off if it is already set on.
1658 procedure Apply_Scalar_Range_Check
1663 is
1671 -- Set true if Expr is a subscript
1674 -- Set true if Expr is a subscript of an unconstrained array. In this
1675 -- case we do not attempt to do an analysis of the value against the
1676 -- range of the subscript, since we don't know the actual subtype.
1679 -- Set to True if Expr should be regarded as a real value
1680 -- even though the type of Expr might be discrete.
1683 -- Procedure called if value is determined to be out of range
1685 ---------------
1686 -- Bad_Value --
1687 ---------------
1690 begin
1691 Apply_Compile_Time_Constraint_Error
1697 -- Start of processing for Apply_Scalar_Range_Check
1699 begin
1703 -- Return if check obviously not needed. Note that we do not check
1704 -- for the expander being inactive, since this routine does not
1705 -- insert any code, but it does generate useful warnings sometimes,
1706 -- which we would like even if we are in semantics only mode.
1711 then
1715 -- Now, see if checks are suppressed
1717 Is_Subscr_Ref :=
1727 -- Subscript reference. Check for Index_Checks suppressed
1731 -- Check array type and its base type
1735 then
1738 -- Check array itself if it is an entity name
1742 then
1745 -- Check expression itself if it is an entity name
1749 then
1753 -- All other cases, check for Range_Checks suppressed
1755 else
1756 -- Check target type and its base type
1760 then
1763 -- Check expression itself if it is an entity name
1767 then
1770 -- If Expr is part of an assignment statement, then check
1771 -- left side of assignment if it is an entity name.
1776 then
1782 -- Do not set range checks if they are killed
1786 then
1790 -- Do not set range checks for any values from System.Scalar_Values
1791 -- since the whole idea of such values is to avoid checking them!
1795 then
1799 -- Now see if we need a check
1803 else
1811 Is_Unconstrained_Subscr_Ref :=
1814 -- Always do a range check if the source type includes infinities
1815 -- and the target type does not include infinities. We do not do
1816 -- this if range checks are killed.
1821 then
1825 -- Return if we know expression is definitely in the range of
1826 -- the target type as determined by Determine_Range. Right now
1827 -- we only do this for discrete types, and not fixed-point or
1828 -- floating-point types.
1830 -- The additional less-precise tests below catch these cases
1832 -- Note: skip this if we are given a source_typ, since the point
1833 -- of supplying a Source_Typ is to stop us looking at the expression.
1834 -- could sharpen this test to be out parameters only ???
1838 and then not Is_Unconstrained_Subscr_Ref
1840 then
1841 declare
1847 begin
1850 then
1851 declare
1855 begin
1856 -- If range is null, we for sure have a constraint error
1857 -- (we don't even need to look at the value involved,
1858 -- since all possible values will raise CE).
1861 Bad_Value;
1865 -- Otherwise determine range of value
1871 -- If definitely in range, all OK
1876 -- If definitely not in range, warn
1879 Bad_Value;
1882 -- Otherwise we don't know
1884 else
1893 Int_Real :=
1897 -- Check if we can determine at compile time whether Expr is in the
1898 -- range of the target type. Note that if S_Typ is within the bounds
1899 -- of Target_Typ then this must be the case. This check is meaningful
1900 -- only if this is not a conversion between integer and real types.
1902 if not Is_Unconstrained_Subscr_Ref
1903 and then
1905 and then
1907 or else
1909 then
1913 Bad_Value;
1916 -- In the floating-point case, we only do range checks if the
1917 -- type is constrained. We definitely do NOT want range checks
1918 -- for unconstrained types, since we want to have infinities
1925 -- For all other cases we enable a range check unconditionally
1927 else
1933 ----------------------------------
1934 -- Apply_Selected_Length_Checks --
1935 ----------------------------------
1937 procedure Apply_Selected_Length_Checks
1942 is
1950 or else
1953 begin
1958 R_Result :=
1965 -- A length check may mention an Itype which is attached to a
1966 -- subsequent node. At the top level in a package this can cause
1967 -- an order-of-elaboration problem, so we make sure that the itype
1968 -- is referenced now.
1972 then
1983 -- If the item is a conditional raise of constraint error,
1984 -- then have a look at what check is being performed and
1985 -- ???
1989 then
1993 and then Checks_On
1994 then
2002 -- Output a warning if the condition is known to be True
2006 then
2007 Apply_Compile_Time_Constraint_Error
2009 CE_Length_Check_Failed,
2013 -- If we were only doing a static check, or if checks are not
2014 -- on, then we want to delete the check, since it is not needed.
2015 -- We do this by replacing the if statement by a null statement
2021 else
2029 ---------------------------------
2030 -- Apply_Selected_Range_Checks --
2031 ---------------------------------
2033 procedure Apply_Selected_Range_Checks
2038 is
2046 or else
2049 begin
2054 R_Result :=
2062 -- If the item is a conditional raise of constraint error,
2063 -- then have a look at what check is being performed and
2064 -- ???
2068 then
2079 -- Output a warning if the condition is known to be True
2083 then
2084 -- Since an N_Range is technically not an expression, we
2085 -- have to set one of the bounds to C_E and then just flag
2086 -- the N_Range. The warning message will point to the
2087 -- lower bound and complain about a range, which seems OK.
2090 Apply_Compile_Time_Constraint_Error
2092 CE_Range_Check_Failed,
2098 else
2099 Apply_Compile_Time_Constraint_Error
2101 CE_Range_Check_Failed,
2106 -- If we were only doing a static check, or if checks are not
2107 -- on, then we want to delete the check, since it is not needed.
2108 -- We do this by replacing the if statement by a null statement
2114 else
2120 -------------------------------
2121 -- Apply_Static_Length_Check --
2122 -------------------------------
2124 procedure Apply_Static_Length_Check
2128 is
2129 begin
2130 Apply_Selected_Length_Checks
2134 -------------------------------------
2135 -- Apply_Subscript_Validity_Checks --
2136 -------------------------------------
2141 begin
2144 -- Loop through subscripts
2149 -- Check one subscript. Note that we do not worry about
2150 -- enumeration type with holes, since we will convert the
2151 -- value to a Pos value for the subscript, and that convert
2152 -- will do the necessary validity check.
2156 -- Move to next subscript
2162 ----------------------------------
2163 -- Apply_Type_Conversion_Checks --
2164 ----------------------------------
2172 begin
2176 -- Skip these checks if serious errors detected, there are some nasty
2177 -- situations of incomplete trees that blow things up.
2182 -- Scalar type conversions of the form Target_Type (Expr) require
2183 -- a range check if we cannot be sure that Expr is in the base type
2184 -- of Target_Typ and also that Expr is in the range of Target_Typ.
2185 -- These are not quite the same condition from an implementation
2186 -- point of view, but clearly the second includes the first.
2189 declare
2191 -- If the Conversion_OK flag on the type conversion is set
2192 -- and no floating point type is involved in the type conversion
2193 -- then fixed point values must be read as integral values.
2199 begin
2202 and then not Float_To_Int
2203 then
2209 then
2212 else
2213 Apply_Scalar_Range_Check
2225 then
2226 -- An unconstrained derived type may have inherited discriminant
2227 -- Build an actual discriminant constraint list using the stored
2228 -- constraint, to verify that the expression of the parent type
2229 -- satisfies the constraints imposed by the (unconstrained!)
2230 -- derived type. This applies to value conversions, not to view
2231 -- conversions of tagged types.
2233 declare
2244 begin
2252 then
2257 then
2258 -- Parent is constrained by new discriminant. Obtain
2259 -- Value of original discriminant in expression. If
2260 -- the new discriminant has been used to constrain more
2261 -- than one of the stored discriminants, this will
2262 -- provide the required consistency check.
2264 Append_Elmt (
2266 Prefix =>
2267 Duplicate_Subexpr_No_Checks
2269 Selector_Name =>
2271 New_Constraints);
2273 else
2274 -- Discriminant of more remote ancestor ???
2279 -- Derived type definition has an explicit value for
2280 -- this stored discriminant.
2282 else
2283 Append_Elmt
2285 New_Constraints);
2291 -- Use the unconstrained expression type to retrieve the
2292 -- discriminants of the parent, and apply momentarily the
2293 -- discriminant constraint synthesized above.
2305 -- For arrays, conversions are applied during expansion, to take
2306 -- into accounts changes of representation. The checks become range
2307 -- checks on the base type or length checks on the subtype, depending
2308 -- on whether the target type is unconstrained or constrained.
2310 else
2315 ----------------------------------------------
2316 -- Apply_Universal_Integer_Attribute_Checks --
2317 ----------------------------------------------
2323 begin
2327 -- Nothing to do if checks are suppressed
2331 then
2334 -- Nothing to do if the attribute does not come from source. The
2335 -- internal attributes we generate of this type do not need checks,
2336 -- and furthermore the attempt to check them causes some circular
2337 -- elaboration orders when dealing with packed types.
2342 -- If the prefix is a selected component that depends on a discriminant
2343 -- the check may improperly expose a discriminant instead of using
2344 -- the bounds of the object itself. Set the type of the attribute to
2345 -- the base type of the context, so that a check will be imposed when
2346 -- needed (e.g. if the node appears as an index).
2351 then
2354 -- Otherwise, replace the attribute node with a type conversion
2355 -- node whose expression is the attribute, retyped to universal
2356 -- integer, and whose subtype mark is the target type. The call
2357 -- to analyze this conversion will set range and overflow checks
2358 -- as required for proper detection of an out of range value.
2360 else
2375 -------------------------------
2376 -- Build_Discriminant_Checks --
2377 -------------------------------
2379 function Build_Discriminant_Checks
2382 is
2390 begin
2394 -- For a fully private type, use the discriminants of the parent type
2398 then
2400 else
2409 then
2411 else
2415 -- If we have an Unchecked_Union node, we can infer the discriminants
2416 -- of the node.
2420 Get_Discriminant_Value (
2422 T_Typ,
2425 else
2426 Dref :=
2428 Prefix =>
2430 Selector_Name =>
2448 ------------------
2449 -- Check_Needed --
2450 ------------------
2459 begin
2460 -- Always check if not simple entity
2464 then
2468 -- Look up tree for short circuit
2471 loop
2478 -- Or/Or Else case, left operand must be equality test
2484 -- And/And then case, left operand must be inequality test. Note that
2485 -- at this stage, the expander will have changed a/=b to not (a=b).
2496 -- If we fall through the loop, then we have a conditional with an
2497 -- appropriate test as its left operand. So test further.
2508 -- Left operand of test must match original variable
2512 then
2516 -- Right operand of test mus be key value (zero or null)
2527 then
2532 -- Here we have the optimizable case, warn if not short-circuited
2537 Error_Msg_N
2541 Error_Msg_N
2548 else
2552 -- If not short-circuited, we need the ckeck
2556 -- If short-circuited, we can omit the check
2558 else
2563 -----------------------------------
2564 -- Check_Valid_Lvalue_Subscripts --
2565 -----------------------------------
2568 begin
2569 -- Skip this if range checks are suppressed
2574 -- Only do this check for expressions that come from source. We
2575 -- assume that expander generated assignments explicitly include
2576 -- any necessary checks. Note that this is not just an optimization,
2577 -- it avoids infinite recursions!
2582 -- For a selected component, check the prefix
2588 -- Case of indexed component
2593 -- Prefix may itself be or contain an indexed component, and
2594 -- these subscripts need checking as well
2600 ----------------------------------
2601 -- Null_Exclusion_Static_Checks --
2602 ----------------------------------
2610 begin
2637 Has_Null_Exclusion :=
2638 Null_Exclusion_Present
2640 else
2641 Related_Nod :=
2643 Has_Null_Exclusion :=
2651 -- Enforce legality rule 3.10 (14/1): A null_exclusion is only allowed
2652 -- of the access subtype does not exclude null.
2654 if Has_Null_Exclusion
2657 -- No need to check itypes that have the null-excluding attribute
2658 -- because they were checked at their point of creation
2661 then
2662 Error_Msg_N
2666 -- Check that null-excluding objects are always initialized
2670 then
2671 -- Add a an expression that assignates null. This node is needed
2672 -- by Apply_Compile_Time_Constraint_Error, that will replace this
2673 -- node by a Constraint_Error node.
2678 Apply_Compile_Time_Constraint_Error
2684 -- Check that the null value is not used as a single expression to
2685 -- assignate a value to a null-excluding component, formal or object;
2686 -- otherwise generate a warning message at the sloc of Related_Nod and
2687 -- replace Expression (N) by an N_Contraint_Error node.
2689 declare
2692 begin
2695 then
2697 when N_Discriminant_Specification |
2698 N_Component_Declaration =>
2699 Apply_Compile_Time_Constraint_Error
2706 Apply_Compile_Time_Constraint_Error
2713 Apply_Compile_Time_Constraint_Error
2726 ----------------------------------
2727 -- Conditional_Statements_Begin --
2728 ----------------------------------
2731 begin
2734 -- If stack overflows, kill all checks, that way we know to
2735 -- simply reset the number of saved checks to zero on return.
2736 -- This should never occur in practice.
2739 Kill_All_Checks;
2741 -- In the normal case, we just make a new stack entry saving
2742 -- the current number of saved checks for a later restore.
2744 else
2749 Num_Saved_Checks);
2754 --------------------------------
2755 -- Conditional_Statements_End --
2756 --------------------------------
2759 begin
2762 -- If the saved checks stack overflowed, then we killed all
2763 -- checks, so setting the number of saved checks back to
2764 -- zero is correct. This should never occur in practice.
2769 -- In the normal case, restore the number of saved checks
2770 -- from the top stack entry.
2772 else
2776 Num_Saved_Checks);
2783 ---------------------
2784 -- Determine_Range --
2785 ---------------------
2789 -- Determine size of below cache (power of 2 is more efficient!)
2794 -- The above arrays are used to implement a small direct cache
2795 -- for Determine_Range calls. Because of the way Determine_Range
2796 -- recursively traces subexpressions, and because overflow checking
2797 -- calls the routine on the way up the tree, a quadratic behavior
2798 -- can otherwise be encountered in large expressions. The cache
2799 -- entry for node N is stored in the (N mod Cache_Size) entry, and
2800 -- can be validated by checking the actual node value stored there.
2802 procedure Determine_Range
2807 is
2812 -- Lo and Hi bounds of left operand
2816 -- Lo and Hi bounds of right (or only) operand
2819 -- Temp variable used to hold a bound node
2822 -- High bound of base type of expression
2826 -- Refined values for low and high bounds, after tightening
2829 -- Used in lower level calls to indicate if call succeeded
2832 -- Used to search cache
2835 -- Used for binary operators. Determines the ranges of the left and
2836 -- right operands, and if they are both OK, returns True, and puts
2837 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left
2839 -----------------
2840 -- OK_Operands --
2841 -----------------
2844 begin
2855 -- Start of processing for Determine_Range
2857 begin
2858 -- Prevent junk warnings by initializing range variables
2865 -- If the type is not discrete, or is undefined, then we can't
2866 -- do anything about determining the range.
2870 then
2875 -- For all other cases, we can determine the range
2879 -- If value is compile time known, then the possible range is the
2880 -- one value that we know this expression definitely has!
2888 -- Return if already in the cache
2898 -- Otherwise, start by finding the bounds of the type of the
2899 -- expression, the value cannot be outside this range (if it
2900 -- is, then we have an overflow situation, which is a separate
2901 -- check, we are talking here only about the expression value).
2903 -- We use the actual bound unless it is dynamic, in which case
2904 -- use the corresponding base type bound if possible. If we can't
2905 -- get a bound then we figure we can't determine the range (a
2906 -- peculiar case, that perhaps cannot happen, but there is no
2907 -- point in bombing in this optimization circuit.
2909 -- First the low bound
2919 else
2924 -- Now the high bound
2928 -- We need the high bound of the base type later on, and this should
2929 -- always be compile time known. Again, it is not clear that this
2930 -- can ever be false, but no point in bombing.
2936 else
2941 -- If we have a static subtype, then that may have a tighter bound
2942 -- so use the upper bound of the subtype instead in this case.
2948 -- We may be able to refine this value in certain situations. If
2949 -- refinement is possible, then Lor and Hir are set to possibly
2950 -- tighter bounds, and OK1 is set to True.
2954 -- For unary plus, result is limited by range of operand
2959 -- For unary minus, determine range of operand, and negate it
2969 -- For binary addition, get range of each operand and do the
2970 -- addition to get the result range.
2978 -- Division is tricky. The only case we consider is where the
2979 -- right operand is a positive constant, and in this case we
2980 -- simply divide the bounds of the left operand
2986 then
2990 else
2995 -- For binary subtraction, get range of each operand and do
2996 -- the worst case subtraction to get the result range.
3004 -- For MOD, if right operand is a positive constant, then
3005 -- result must be in the allowable range of mod results.
3011 then
3021 else
3026 -- For REM, if right operand is a positive constant, then
3027 -- result must be in the allowable range of mod results.
3033 then
3034 declare
3037 begin
3038 -- The sign of the result depends on the sign of the
3039 -- dividend (but not on the sign of the divisor, hence
3040 -- the abs operation above).
3044 else
3050 else
3055 else
3060 -- Attribute reference cases
3065 -- For Pos/Val attributes, we can refine the range using the
3066 -- possible range of values of the attribute expression
3071 -- For Length attribute, use the bounds of the corresponding
3072 -- index type to refine the range.
3075 declare
3083 begin
3088 -- For string literal, we know exact value
3097 -- Otherwise check for expression given
3101 else
3102 Inum :=
3111 Determine_Range
3115 Determine_Range
3120 -- The maximum value for Length is the biggest
3121 -- possible gap between the values of the bounds.
3122 -- But of course, this value cannot be negative.
3126 -- For constrained arrays, the minimum value for
3127 -- Length is taken from the actual value of the
3128 -- bounds, since the index will be exactly of
3129 -- this subtype.
3134 -- For an unconstrained array, the minimum value
3135 -- for length is always zero.
3137 else
3144 -- No special handling for other attributes
3145 -- Probably more opportunities exist here ???
3152 -- For type conversion from one discrete type to another, we
3153 -- can refine the range using the converted value.
3158 -- Nothing special to do for all other expression kinds
3166 -- At this stage, if OK1 is true, then we know that the actual
3167 -- result of the computed expression is in the range Lor .. Hir.
3168 -- We can use this to restrict the possible range of results.
3172 -- If the refined value of the low bound is greater than the
3173 -- type high bound, then reset it to the more restrictive
3174 -- value. However, we do NOT do this for the case of a modular
3175 -- type where the possible upper bound on the value is above the
3176 -- base type high bound, because that means the result could wrap.
3181 then
3185 -- Similarly, if the refined value of the high bound is less
3186 -- than the value so far, then reset it to the more restrictive
3187 -- value. Again, we do not do this if the refined low bound is
3188 -- negative for a modular type, since this would wrap.
3193 then
3198 -- Set cache entry for future call and we are all done
3205 -- If any exception occurs, it means that we have some bug in the compiler
3206 -- possibly triggered by a previous error, or by some unforseen peculiar
3207 -- occurrence. However, this is only an optimization attempt, so there is
3208 -- really no point in crashing the compiler. Instead we just decide, too
3209 -- bad, we can't figure out a range in this case after all.
3211 exception
3214 -- Debug flag K disables this behavior (useful for debugging)
3218 else
3226 ------------------------------------
3227 -- Discriminant_Checks_Suppressed --
3228 ------------------------------------
3231 begin
3243 --------------------------------
3244 -- Division_Checks_Suppressed --
3245 --------------------------------
3248 begin
3251 else
3256 -----------------------------------
3257 -- Elaboration_Checks_Suppressed --
3258 -----------------------------------
3261 begin
3273 ---------------------------
3274 -- Enable_Overflow_Check --
3275 ---------------------------
3286 begin
3294 -- Nothing to do if the range of the result is known OK. We skip
3295 -- this for conversions, since the caller already did the check,
3296 -- and in any case the condition for deleting the check for a
3297 -- type conversion is different in any case.
3302 -- Note in the test below that we assume that if a bound of the
3303 -- range is equal to that of the type. That's not quite accurate
3304 -- but we do this for the following reasons:
3306 -- a) The way that Determine_Range works, it will typically report
3307 -- the bounds of the value as being equal to the bounds of the
3308 -- type, because it either can't tell anything more precise, or
3309 -- does not think it is worth the effort to be more precise.
3311 -- b) It is very unusual to have a situation in which this would
3312 -- generate an unnecessary overflow check (an example would be
3313 -- a subtype with a range 0 .. Integer'Last - 1 to which the
3314 -- literal value one is added.
3316 -- c) The alternative is a lot of special casing in this routine
3317 -- which would partially duplicate Determine_Range processing.
3319 if OK
3322 then
3331 -- If not in optimizing mode, set flag and we are done. We are also
3332 -- done (and just set the flag) if the type is not a discrete type,
3333 -- since it is not worth the effort to eliminate checks for other
3334 -- than discrete types. In addition, we take this same path if we
3335 -- have stored the maximum number of checks possible already (a
3336 -- very unlikely situation, but we do not want to blow up!)
3341 then
3351 -- Otherwise evaluate and check the expression
3353 Find_Check
3374 -- If check is not of form to optimize, then set flag and we are done
3381 -- If check is already performed, then return without setting flag
3391 -- Here we will make a new entry for the new check
3411 -- If we get an exception, then something went wrong, probably because
3412 -- of an error in the structure of the tree due to an incorrect program.
3413 -- Or it may be a bug in the optimization circuit. In either case the
3414 -- safest thing is simply to set the check flag unconditionally.
3416 exception
3427 ------------------------
3428 -- Enable_Range_Check --
3429 ------------------------
3439 begin
3440 -- Return if unchecked type conversion with range check killed.
3441 -- In this case we never set the flag (that's what Kill_Range_Check
3442 -- is all about!)
3446 then
3450 -- Debug trace output
3459 -- If not in optimizing mode, set flag and we are done. We are also
3460 -- done (and just set the flag) if the type is not a discrete type,
3461 -- since it is not worth the effort to eliminate checks for other
3462 -- than discrete types. In addition, we take this same path if we
3463 -- have stored the maximum number of checks possible already (a
3464 -- very unlikely situation, but we do not want to blow up!)
3470 then
3480 -- Otherwise find out the target type
3484 -- For assignment, use left side subtype
3488 then
3491 -- For indexed component, use subscript subtype
3494 declare
3499 begin
3505 -- If the prefix is an access to an unconstrained array,
3506 -- perform check unconditionally: it depends on the bounds
3507 -- of an object and we cannot currently recognize whether
3508 -- the test may be redundant.
3515 -- Ditto if the prefix is an explicit dereference whose
3516 -- designated type is unconstrained.
3520 then
3527 loop
3538 -- For now, ignore all other cases, they are not so interesting
3540 else
3549 -- Evaluate and check the expression
3551 Find_Check
3573 -- If check is not of form to optimize, then set flag and we are done
3584 -- If check is already performed, then return without setting flag
3594 -- Here we will make a new entry for the new check
3615 -- If we get an exception, then something went wrong, probably because
3616 -- of an error in the structure of the tree due to an incorrect program.
3617 -- Or it may be a bug in the optimization circuit. In either case the
3618 -- safest thing is simply to set the check flag unconditionally.
3620 exception
3631 ------------------
3632 -- Ensure_Valid --
3633 ------------------
3638 begin
3639 -- Ignore call if we are not doing any validity checking
3644 -- Ignore call if range checks suppressed on entity in question
3648 then
3651 -- No check required if expression is from the expander, we assume
3652 -- the expander will generate whatever checks are needed. Note that
3653 -- this is not just an optimization, it avoids infinite recursions!
3655 -- Unchecked conversions must be checked, unless they are initialized
3656 -- scalar values, as in a component assignment in an init proc.
3658 -- In addition, we force a check if Force_Validity_Checks is set
3661 and then not Force_Validity_Checks
3664 then
3667 -- No check required if expression is known to have valid value
3672 -- No check required if checks off
3677 -- Ignore case of enumeration with holes where the flag is set not
3678 -- to worry about holes, since no special validity check is needed
3682 and then Holes_OK
3683 then
3686 -- No check required on the left-hand side of an assignment
3690 then
3693 -- An annoying special case. If this is an out parameter of a scalar
3694 -- type, then the value is not going to be accessed, therefore it is
3695 -- inappropriate to do any validity check at the call site.
3697 else
3698 -- Only need to worry about scalar types
3701 declare
3709 begin
3710 -- Find actual argument (which may be a parameter association)
3711 -- and the parent of the actual argument (the call statement)
3721 -- Only need to worry if we are argument of a procedure
3722 -- call since functions don't have out parameters. If this
3723 -- is an indirect or dispatching call, get signature from
3724 -- the subprogram type.
3731 else
3736 -- Only need to worry if there are indeed actuals, and
3737 -- if this could be a procedure call, otherwise we cannot
3738 -- get a match (either we are not an argument, or the
3739 -- mode of the formal is not OUT). This test also filters
3740 -- out the generic case.
3744 then
3745 -- This is the loop through parameters, looking to
3746 -- see if there is an OUT parameter for which we are
3747 -- the argument.
3766 -- If we fall through, a validity check is required. Note that it would
3767 -- not be good to set Do_Range_Check, even in contexts where this is
3768 -- permissible, since this flag causes checking against the target type,
3769 -- not the source type in contexts such as assignments
3774 ----------------------
3775 -- Expr_Known_Valid --
3776 ----------------------
3781 begin
3782 -- Non-scalar types are always considered valid, since they never
3783 -- give rise to the issues of erroneous or bounded error behavior
3784 -- that are the concern. In formal reference manual terms the
3785 -- notion of validity only applies to scalar types. Note that
3786 -- even when packed arrays are represented using modular types,
3787 -- they are still arrays semantically, so they are also always
3788 -- valid (in particular, the unused bits can be random rubbish
3789 -- without affecting the validity of the array value).
3794 -- If no validity checking, then everything is considered valid
3799 -- Floating-point types are considered valid unless floating-point
3800 -- validity checks have been specifically turned on.
3803 and then not Validity_Check_Floating_Point
3804 then
3807 -- If the expression is the value of an object that is known to
3808 -- be valid, then clearly the expression value itself is valid.
3812 then
3815 -- If the type is one for which all values are known valid, then
3816 -- we are sure that the value is valid except in the slightly odd
3817 -- case where the expression is a reference to a variable whose size
3818 -- has been explicitly set to a value greater than the object size.
3824 then
3826 else
3830 -- Integer and character literals always have valid values, where
3831 -- appropriate these will be range checked in any case.
3834 or else
3836 then
3839 -- If we have a type conversion or a qualification of a known valid
3840 -- value, then the result will always be valid.
3843 or else
3845 then
3848 -- The result of any function call or operator is always considered
3849 -- valid, since we assume the necessary checks are done by the call.
3850 -- For operators on floating-point operations, we must also check
3851 -- when the operation is the right-hand side of an assignment, or
3852 -- is an actual in a call.
3854 elsif
3856 then
3858 and then Validity_Check_Floating_Point
3859 and then
3863 then
3865 else
3872 -- For all other cases, we do not know the expression is valid
3874 else
3879 ----------------
3880 -- Find_Check --
3881 ----------------
3883 procedure Find_Check
3891 is
3892 function Within_Range_Of
3895 -- Given a requirement for checking a range against Target_Type, and
3896 -- and a range Check_Type against which a check has already been made,
3897 -- determines if the check against check type is sufficient to ensure
3898 -- that no check against Target_Type is required.
3900 ---------------------
3901 -- Within_Range_Of --
3902 ---------------------
3904 function Within_Range_Of
3907 is
3908 begin
3912 else
3913 declare
3919 begin
3922 and then
3924 and then
3926 and then
3929 and then
3931 and then
3933 then
3935 else
3942 -- Start of processing for Find_Check
3944 begin
3945 -- Establish default, to avoid warnings from GCC
3949 -- Case of expression is simple entity reference
3955 -- Case of expression is entity + known constant
3960 then
3964 -- Case of expression is entity - known constant
3969 then
3973 -- Any other expression is not of the right form
3975 else
3982 -- Come here with expression of appropriate form, check if
3983 -- entity is an appropriate one for our purposes.
3986 or else
3988 or else
3990 or else
3993 then
3995 else
4000 -- See if there is matching check already
4003 declare
4006 begin
4012 then
4019 -- If we fall through entry was not found
4025 ---------------------------------
4026 -- Generate_Discriminant_Check --
4027 ---------------------------------
4029 -- Note: the code for this procedure is derived from the
4030 -- emit_discriminant_check routine a-trans.c v1.659.
4039 -- The original component to be checked
4043 -- The discriminant checking function
4046 -- One discriminant to be checked in the type
4049 -- Actual discriminant in the call
4052 -- Type of relevant prefix (ignoring private/access stuff)
4055 -- List of arguments for function call
4058 -- Keep track of the formal corresponding to the actual we build
4059 -- for each discriminant, in order to be able to perform the
4060 -- necessary type conversions.
4063 -- Selected component reference for checking function argument
4065 begin
4068 -- Force evaluation of the prefix, so that it does not get evaluated
4069 -- twice (once for the check, once for the actual reference). Such a
4070 -- double evaluation is always a potential source of inefficiency,
4071 -- and is functionally incorrect in the volatile case, or when the
4072 -- prefix may have side-effects. An entity or a component of an
4073 -- entity requires no evaluation.
4085 then
4088 else
4092 -- For a tagged type, use the scope of the original component to
4093 -- obtain the type, because ???
4098 -- For an untagged derived type, use the discriminants of the
4099 -- parent which have been renamed in the derivation, possibly
4100 -- by a one-to-many discriminant constraint.
4101 -- For non-tagged type, initially get the Etype of the prefix
4103 else
4107 then
4112 -- We definitely should have a checking function, This routine should
4113 -- not be called if no discriminant checking function is present.
4117 -- Create the list of the actual parameters for the call. This list
4118 -- is the list of the discriminant fields of the record expression to
4119 -- be discriminant checked.
4126 -- If we have a corresponding discriminant field, and a parent
4127 -- subtype is present, then we want to use the corresponding
4128 -- discriminant since this is the one with the useful value.
4133 then
4135 else
4139 -- Construct the reference to the discriminant
4141 Scomp :=
4143 Prefix =>
4148 -- Manually analyze and resolve this selected component. We really
4149 -- want it just as it appears above, and do not want the expander
4150 -- playing discriminal games etc with this reference. Then we
4151 -- append the argument to the list we are gathering.
4161 -- Now build and insert the call
4165 Condition =>
4172 ---------------------------
4173 -- Generate_Index_Checks --
4174 ---------------------------
4183 begin
4190 -- Force evaluation except for the case of a simple name of
4191 -- a non-volatile entity.
4195 then
4199 -- Generate a raise of constraint error with the appropriate
4200 -- reason and a condition of the form:
4202 -- Base_Type(Sub) not in array'range (subscript)
4204 -- Note that the reason we generate the conversion to the
4205 -- base type here is that we definitely want the range check
4206 -- to take place, even if it looks like the subtype is OK.
4207 -- Optimization considerations that allow us to omit the
4208 -- check have already been taken into account in the setting
4209 -- of the Do_Range_Check flag earlier on.
4213 else
4219 Condition =>
4221 Left_Opnd =>
4224 Right_Opnd =>
4237 --------------------------
4238 -- Generate_Range_Check --
4239 --------------------------
4241 procedure Generate_Range_Check
4245 is
4251 begin
4252 -- First special case, if the source type is already within the
4253 -- range of the target type, then no check is needed (probably we
4254 -- should have stopped Do_Range_Check from being set in the first
4255 -- place, but better late than later in preventing junk code!
4257 -- We do NOT apply this if the source node is a literal, since in
4258 -- this case the literal has already been labeled as having the
4259 -- subtype of the target.
4262 and then not
4264 or else
4266 or else
4268 or else
4271 then
4275 -- We need a check, so force evaluation of the node, so that it does
4276 -- not get evaluated twice (once for the check, once for the actual
4277 -- reference). Such a double evaluation is always a potential source
4278 -- of inefficiency, and is functionally incorrect in the volatile case.
4282 then
4286 -- The easiest case is when Source_Base_Type and Target_Base_Type
4287 -- are the same since in this case we can simply do a direct
4288 -- check of the value of N against the bounds of Target_Type.
4290 -- [constraint_error when N not in Target_Type]
4292 -- Note: this is by far the most common case, for example all cases of
4293 -- checks on the RHS of assignments are in this category, but not all
4294 -- cases are like this. Notably conversions can involve two types.
4299 Condition =>
4305 -- Next test for the case where the target type is within the bounds
4306 -- of the base type of the source type, since in this case we can
4307 -- simply convert these bounds to the base type of T to do the test.
4309 -- [constraint_error when N not in
4310 -- Source_Base_Type (Target_Type'First)
4311 -- ..
4312 -- Source_Base_Type(Target_Type'Last))]
4314 -- The conversions will always work and need no check
4319 Condition =>
4323 Right_Opnd =>
4325 Low_Bound =>
4328 Prefix =>
4332 High_Bound =>
4335 Prefix =>
4340 -- Note that at this stage we now that the Target_Base_Type is
4341 -- not in the range of the Source_Base_Type (since even the
4342 -- Target_Type itself is not in this range). It could still be
4343 -- the case that the Source_Type is in range of the target base
4344 -- type, since we have not checked that case.
4346 -- If that is the case, we can freely convert the source to the
4347 -- target, and then test the target result against the bounds.
4351 -- We make a temporary to hold the value of the converted
4352 -- value (converted to the base type), and then we will
4353 -- do the test against this temporary.
4355 -- Tnn : constant Target_Base_Type := Target_Base_Type (N);
4356 -- [constraint_error when Tnn not in Target_Type]
4358 -- Then the conversion itself is replaced by an occurrence of Tnn
4360 declare
4365 begin
4369 Object_Definition =>
4372 Expression =>
4378 Condition =>
4388 -- At this stage, we know that we have two scalar types, which are
4389 -- directly convertible, and where neither scalar type has a base
4390 -- range that is in the range of the other scalar type.
4392 -- The only way this can happen is with a signed and unsigned type.
4393 -- So test for these two cases:
4395 else
4396 -- Case of the source is unsigned and the target is signed
4400 then
4401 -- If the source is unsigned and the target is signed, then we
4402 -- know that the source is not shorter than the target (otherwise
4403 -- the source base type would be in the target base type range).
4405 -- In other words, the unsigned type is either the same size
4406 -- as the target, or it is larger. It cannot be smaller.
4408 pragma Assert
4411 -- We only need to check the low bound if the low bound of the
4412 -- target type is non-negative. If the low bound of the target
4413 -- type is negative, then we know that we will fit fine.
4415 -- If the high bound of the target type is negative, then we
4416 -- know we have a constraint error, since we can't possibly
4417 -- have a negative source.
4419 -- With these two checks out of the way, we can do the check
4420 -- using the source type safely
4422 -- This is definitely the most annoying case!
4424 -- [constraint_error
4425 -- when (Target_Type'First >= 0
4426 -- and then
4427 -- N < Source_Base_Type (Target_Type'First))
4428 -- or else Target_Type'Last < 0
4429 -- or else N > Source_Base_Type (Target_Type'Last)];
4431 -- We turn off all checks since we know that the conversions
4432 -- will work fine, given the guards for negative values.
4436 Condition =>
4439 Left_Opnd =>
4442 Left_Opnd =>
4444 Prefix =>
4449 Right_Opnd =>
4452 Right_Opnd =>
4455 Prefix =>
4459 Right_Opnd =>
4461 Left_Opnd =>
4467 Right_Opnd =>
4470 Right_Opnd =>
4479 -- Only remaining possibility is that the source is signed and
4480 -- the target is unsigned
4482 else
4486 -- If the source is signed and the target is unsigned, then
4487 -- we know that the target is not shorter than the source
4488 -- (otherwise the target base type would be in the source
4489 -- base type range).
4491 -- In other words, the unsigned type is either the same size
4492 -- as the target, or it is larger. It cannot be smaller.
4494 -- Clearly we have an error if the source value is negative
4495 -- since no unsigned type can have negative values. If the
4496 -- source type is non-negative, then the check can be done
4497 -- using the target type.
4499 -- Tnn : constant Target_Base_Type (N) := Target_Type;
4501 -- [constraint_error
4502 -- when N < 0 or else Tnn not in Target_Type];
4504 -- We turn off all checks for the conversion of N to the
4505 -- target base type, since we generate the explicit check
4506 -- to ensure that the value is non-negative
4508 declare
4513 begin
4517 Object_Definition =>
4520 Expression =>
4522 Subtype_Mark =>
4527 Condition =>
4529 Left_Opnd =>
4534 Right_Opnd =>
4537 Right_Opnd =>
4543 -- Set the Etype explicitly, because Insert_Actions may
4544 -- have placed the declaration in the freeze list for an
4545 -- enclosing construct, and thus it is not analyzed yet.
4554 ---------------------
4555 -- Get_Discriminal --
4556 ---------------------
4563 begin
4564 -- The entity E is the type of a private component of the protected
4565 -- type, or the type of a renaming of that component within a protected
4566 -- operation of that type.
4582 loop
4589 ------------------
4590 -- Guard_Access --
4591 ------------------
4593 function Guard_Access
4597 is
4598 begin
4605 else
4606 return
4608 Left_Opnd =>
4616 -----------------------------
4617 -- Index_Checks_Suppressed --
4618 -----------------------------
4621 begin
4624 else
4629 ----------------
4630 -- Initialize --
4631 ----------------
4634 begin
4640 -------------------------
4641 -- Insert_Range_Checks --
4642 -------------------------
4644 procedure Insert_Range_Checks
4651 is
4658 or else
4661 begin
4662 -- For now we just return if Checks_On is false, however this should
4663 -- be enhanced to check for an always True value in the condition
4664 -- and to generate a compilation warning???
4683 then
4690 else
4697 else
4698 Check_Node :=
4705 else
4712 ------------------------
4713 -- Insert_Valid_Check --
4714 ------------------------
4720 begin
4721 -- Do not insert if checks off, or if not checking validity
4725 then
4729 -- If we have a checked conversion, then validity check applies to
4730 -- the expression inside the conversion, not the result, since if
4731 -- the expression inside is valid, then so is the conversion result.
4738 -- Insert the validity check. Note that we do this with validity
4739 -- checks turned off, to avoid recursion, we do not want validity
4740 -- checks on the validity checking code itself!
4743 Insert_Action
4746 Condition =>
4748 Right_Opnd =>
4750 Prefix =>
4756 -- If the expression is a a reference to an element of a bit-packed
4757 -- array, it is rewritten as a renaming declaration. If the expression
4758 -- is an actual in a call, it has not been expanded, waiting for the
4759 -- proper point at which to do it. The same happens with renamings, so
4760 -- that we have to force the expansion now. This non-local complication
4761 -- is due to code in exp_ch2,adb, exp_ch4.adb and exp_ch6.adb.
4765 then
4766 declare
4768 begin
4771 then
4780 ----------------------------------
4781 -- Install_Null_Excluding_Check --
4782 ----------------------------------
4788 begin
4791 -- Don't need access check if:
4792 -- 1) we are analyzing a generic
4793 -- 2) it is known to be non-null
4794 -- 3) the check was suppressed on the type
4795 -- 4) This is an attribute reference that returns an access type.
4797 if Inside_A_Generic
4799 then
4802 and then
4804 or else
4806 or else
4808 then
4810 -- Otherwise install access check
4812 else
4815 Condition =>
4823 --------------------------
4824 -- Install_Static_Check --
4825 --------------------------
4831 begin
4841 ---------------------
4842 -- Kill_All_Checks --
4843 ---------------------
4846 begin
4851 -- We reset the number of saved checks to zero, and also modify
4852 -- all stack entries for statement ranges to indicate that the
4853 -- number of checks at each level is now zero.
4862 -----------------
4863 -- Kill_Checks --
4864 -----------------
4867 begin
4883 ------------------------------
4884 -- Length_Checks_Suppressed --
4885 ------------------------------
4888 begin
4891 else
4896 --------------------------------
4897 -- Overflow_Checks_Suppressed --
4898 --------------------------------
4901 begin
4904 else
4909 -----------------
4910 -- Range_Check --
4911 -----------------
4913 function Range_Check
4918 is
4919 begin
4920 return Selected_Range_Checks
4924 -----------------------------
4925 -- Range_Checks_Suppressed --
4926 -----------------------------
4929 begin
4932 -- Note: for now we always suppress range checks on Vax float types,
4933 -- since Gigi does not know how to generate these checks.
4947 -------------------
4948 -- Remove_Checks --
4949 -------------------
4956 -- Process a single node during the traversal
4959 -- The traversal function itself
4961 -------------
4962 -- Process --
4963 -------------
4966 begin
5029 -- Start of processing for Remove_Checks
5031 begin
5035 ----------------------------
5036 -- Selected_Length_Checks --
5037 ----------------------------
5039 function Selected_Length_Checks
5044 is
5057 -- Adds the action given to Ret_Result if N is non-Empty
5061 -- Comments required ???
5064 -- True for equal literals and for nodes that denote the same constant
5065 -- entity, even if its value is not a static constant. This includes the
5066 -- case of a discriminal reference within an init proc. Removes some
5067 -- obviously superfluous checks.
5069 function Length_E_Cond
5073 -- Returns expression to compute:
5074 -- Typ'Length /= Exptyp'Length
5076 function Length_N_Cond
5080 -- Returns expression to compute:
5081 -- Typ'Length /= Expr'Length
5083 ---------------
5084 -- Add_Check --
5085 ---------------
5088 begin
5091 -- For now, ignore attempt to place more than 2 checks ???
5103 ------------------
5104 -- Get_E_Length --
5105 ------------------
5112 begin
5115 then
5125 return
5132 and then not Inside_Init_Proc
5133 then
5135 -- If the type whose length is needed is a private component
5136 -- constrained by a discriminant, we must expand the 'Length
5137 -- attribute into an explicit computation, using the discriminal
5138 -- of the current protected operation. This is because the actual
5139 -- type of the prival is constructed after the protected opera-
5140 -- tion has been fully expanded.
5142 declare
5148 begin
5159 then
5166 then
5180 N :=
5182 Left_Opnd =>
5190 else
5191 N :=
5194 Prefix =>
5206 else
5207 N :=
5210 Prefix =>
5223 ------------------
5224 -- Get_N_Length --
5225 ------------------
5228 begin
5229 return
5232 Prefix =>
5239 -------------------
5240 -- Length_E_Cond --
5241 -------------------
5243 function Length_E_Cond
5247 is
5248 begin
5249 return
5256 -------------------
5257 -- Length_N_Cond --
5258 -------------------
5260 function Length_N_Cond
5264 is
5265 begin
5266 return
5274 begin
5275 return
5280 or else
5285 or else
5290 or else
5297 or else
5305 -- Start of processing for Selected_Length_Checks
5307 begin
5315 then
5327 else
5340 -- A simple optimization
5350 -- The checking code to be generated will freeze the
5351 -- corresponding array type. However, we must freeze the
5352 -- type now, so that the freeze node does not appear within
5353 -- the generated condional expression, but ahead of it.
5364 -- String_Literal case. This needs to be handled specially be-
5365 -- cause no index types are available for string literals. The
5366 -- condition is simply:
5368 -- T_Typ'Length = string-literal-length
5372 then
5373 Cond :=
5376 Right_Opnd =>
5378 Intval =>
5381 -- General array case. Here we have a usable actual subtype for
5382 -- the expression, and the condition is built from the two types
5383 -- (Do_Length):
5385 -- T_Typ'Length /= Exptyp'Length or else
5386 -- T_Typ'Length (2) /= Exptyp'Length (2) or else
5387 -- T_Typ'Length (3) /= Exptyp'Length (3) or else
5388 -- ...
5391 declare
5404 begin
5406 -- At the library level, we need to ensure that the
5407 -- type of the object is elaborated before the check
5408 -- itself is emitted. This is only done if the object
5409 -- is in the current compilation unit, otherwise the
5410 -- type is frozen and elaborated in its unit.
5413 and then
5415 and then
5418 then
5429 or else
5431 then
5435 -- Deal with compile time length check. Note that we
5436 -- skip this in the access case, because the access
5437 -- value may be null, so we cannot know statically.
5439 if not Do_Access
5444 then
5448 else
5455 else
5460 Add_Check
5461 (Compile_Time_Constraint_Error
5465 Add_Check
5466 (Compile_Time_Constraint_Error
5470 -- The comparison for an individual index subtype
5471 -- is omitted if the corresponding index subtypes
5472 -- statically match, since the result is known to
5473 -- be true. Note that this test is worth while even
5474 -- though we do static evaluation, because non-static
5475 -- subtypes can statically match.
5477 elsif not
5478 Subtypes_Statically_Match
5481 and then not
5484 then
5485 Evolve_Or_Else
5495 -- Handle cases where we do not get a usable actual subtype that
5496 -- is constrained. This happens for example in the function call
5497 -- and explicit dereference cases. In these cases, we have to get
5498 -- the length or range from the expression itself, making sure we
5499 -- do not evaluate it more than once.
5501 -- Here Ck_Node is the original expression, or more properly the
5502 -- result of applying Duplicate_Expr to the original tree,
5503 -- forcing the result to be a name.
5505 else
5506 declare
5509 begin
5510 -- Build the condition for the explicit dereference case
5513 Evolve_Or_Else
5521 -- Construct the test and insert into the tree
5528 Add_Check
5537 ---------------------------
5538 -- Selected_Range_Checks --
5539 ---------------------------
5541 function Selected_Range_Checks
5546 is
5559 -- Adds the action given to Ret_Result if N is non-Empty
5561 function Discrete_Range_Cond
5564 -- Returns expression to compute:
5565 -- Low_Bound (Expr) < Typ'First
5566 -- or else
5567 -- High_Bound (Expr) > Typ'Last
5569 function Discrete_Expr_Cond
5572 -- Returns expression to compute:
5573 -- Expr < Typ'First
5574 -- or else
5575 -- Expr > Typ'Last
5577 function Get_E_First_Or_Last
5581 -- Returns expression to compute:
5582 -- E'First or E'Last
5586 -- Returns expression to compute:
5587 -- N'First or N'Last using Duplicate_Subexpr_No_Checks
5589 function Range_E_Cond
5594 -- Returns expression to compute:
5595 -- Exptyp'First < Typ'First or else Exptyp'Last > Typ'Last
5597 function Range_Equal_E_Cond
5601 -- Returns expression to compute:
5602 -- Exptyp'First /= Typ'First or else Exptyp'Last /= Typ'Last
5604 function Range_N_Cond
5608 -- Return expression to compute:
5609 -- Expr'First < Typ'First or else Expr'Last > Typ'Last
5611 ---------------
5612 -- Add_Check --
5613 ---------------
5616 begin
5619 -- For now, ignore attempt to place more than 2 checks ???
5631 -------------------------
5632 -- Discrete_Expr_Cond --
5633 -------------------------
5635 function Discrete_Expr_Cond
5638 is
5639 begin
5640 return
5642 Left_Opnd =>
5644 Left_Opnd =>
5647 Right_Opnd =>
5651 Right_Opnd =>
5653 Left_Opnd =>
5656 Right_Opnd =>
5657 Convert_To
5662 -------------------------
5663 -- Discrete_Range_Cond --
5664 -------------------------
5666 function Discrete_Range_Cond
5669 is
5676 begin
5687 Left_Opnd :=
5689 Left_Opnd =>
5690 Convert_To
5693 Right_Opnd =>
5694 Convert_To
5701 and then
5704 then
5708 then
5712 else
5715 then
5721 Right_Opnd :=
5723 Left_Opnd =>
5724 Convert_To
5727 Right_Opnd =>
5728 Convert_To
5735 -------------------------
5736 -- Get_E_First_Or_Last --
5737 -------------------------
5739 function Get_E_First_Or_Last
5743 is
5749 begin
5757 else
5769 else
5776 else
5782 then
5783 -- If this is a task discriminant, and we are the body, we must
5784 -- retrieve the corresponding body discriminal. This is another
5785 -- consequence of the early creation of discriminals, and the
5786 -- need to generate constraint checks before their declarations
5787 -- are made visible.
5790 declare
5792 Corresponding_Concurrent_Type
5796 begin
5799 then
5800 -- Find discriminant of original task, and use its
5801 -- current discriminal, which is the renaming within
5802 -- the task body.
5814 -- That loop should always succeed in finding a matching
5815 -- entry and returning. Fatal error if not.
5819 else
5820 return
5824 else
5830 and then not Inside_Init_Proc
5831 then
5837 -- Case of a bound that has been rewritten to an
5838 -- N_Raise_Constraint_Error node because it is an out-of-range
5839 -- value. We may not call Duplicate_Subexpr on this node because
5840 -- an N_Raise_Constraint_Error is not side effect free, and we may
5841 -- not assume that we are in the proper context to remove side
5842 -- effects on it at the point of reference.
5847 else
5852 -----------------
5853 -- Get_N_First --
5854 -----------------
5857 begin
5858 return
5861 Prefix =>
5867 ----------------
5868 -- Get_N_Last --
5869 ----------------
5872 begin
5873 return
5876 Prefix =>
5882 ------------------
5883 -- Range_E_Cond --
5884 ------------------
5886 function Range_E_Cond
5890 is
5891 begin
5892 return
5894 Left_Opnd =>
5899 Right_Opnd =>
5906 ------------------------
5907 -- Range_Equal_E_Cond --
5908 ------------------------
5910 function Range_Equal_E_Cond
5914 is
5915 begin
5916 return
5918 Left_Opnd =>
5922 Right_Opnd =>
5928 ------------------
5929 -- Range_N_Cond --
5930 ------------------
5932 function Range_N_Cond
5936 is
5937 begin
5938 return
5940 Left_Opnd =>
5945 Right_Opnd =>
5951 -- Start of processing for Selected_Range_Checks
5953 begin
5961 then
5973 else
5981 -- The order of evaluating T_Typ before S_Typ seems to be critical
5982 -- because S_Typ can be derived from Etype (Ck_Node), if it's not passed
5983 -- in, and since Node can be an N_Range node, it might be invalid.
5984 -- Should there be an assert check somewhere for taking the Etype of
5985 -- an N_Range node ???
5992 -- A simple optimization
5999 -- For an N_Range Node, check for a null range and then if not
6000 -- null generate a range check action.
6004 -- There's no point in checking a range against itself
6010 declare
6020 begin
6021 -- Check for case where everything is static and we can
6022 -- do the check at compile time. This is skipped if we
6023 -- have an access type, since the access value may be null.
6025 -- ??? This code can be improved since you only need to know
6026 -- that the two respective bounds (LB & T_LB or HB & T_HB)
6027 -- are known at compile time to emit pertinent messages.
6033 and then not Do_Access
6034 then
6035 -- Floating-point case
6039 Out_Of_Range_L :=
6041 or else
6044 Out_Of_Range_H :=
6046 or else
6049 -- Fixed or discrete type case
6051 else
6053 Out_Of_Range_L :=
6055 or else
6058 Out_Of_Range_H :=
6060 or else
6067 Add_Check
6068 (Compile_Time_Constraint_Error
6072 else
6073 Add_Check
6074 (Compile_Time_Constraint_Error
6082 Add_Check
6083 (Compile_Time_Constraint_Error
6087 else
6088 Add_Check
6089 (Compile_Time_Constraint_Error
6097 else
6098 declare
6102 begin
6104 -- If either bound is a discriminant and we are within
6105 -- the record declaration, it is a use of the discriminant
6106 -- in a constraint of a component, and nothing can be
6107 -- checked here. The check will be emitted within the
6108 -- init proc. Before then, the discriminal has no real
6109 -- meaning.
6113 then
6116 else
6117 LB :=
6124 then
6127 else
6128 HB :=
6136 Cond :=
6138 Left_Opnd =>
6150 -- This somewhat duplicates what Apply_Scalar_Range_Check does,
6151 -- except the above simply sets a flag in the node and lets
6152 -- gigi generate the check base on the Etype of the expression.
6153 -- Sometimes, however we want to do a dynamic check against an
6154 -- arbitrary target type, so we do that here.
6159 -- For literals, we can tell if the constraint error will be
6160 -- raised at compile time, so we never need a dynamic check, but
6161 -- if the exception will be raised, then post the usual warning,
6162 -- and replace the literal with a raise constraint error
6163 -- expression. As usual, skip this for access types
6166 and then not Do_Access
6167 then
6168 declare
6177 begin
6178 -- Following range tests should use Sem_Eval routine ???
6182 Out_Of_Range :=
6184 or else
6188 Out_Of_Range :=
6190 or else
6194 -- Bounds of the type are static and the literal is
6195 -- out of range so make a warning message.
6199 Add_Check
6200 (Compile_Time_Constraint_Error
6204 else
6205 Add_Check
6206 (Compile_Time_Constraint_Error
6212 else
6217 -- Here for the case of a non-static expression, we need a runtime
6218 -- check unless the source type range is guaranteed to be in the
6219 -- range of the target type.
6221 else
6238 -- String_Literal case. This needs to be handled specially be-
6239 -- cause no index types are available for string literals. The
6240 -- condition is simply:
6242 -- T_Typ'Length = string-literal-length
6247 -- General array case. Here we have a usable actual subtype for
6248 -- the expression, and the condition is built from the two types
6250 -- T_Typ'First < Exptyp'First or else
6251 -- T_Typ'Last > Exptyp'Last or else
6252 -- T_Typ'First(1) < Exptyp'First(1) or else
6253 -- T_Typ'Last(1) > Exptyp'Last(1) or else
6254 -- ...
6257 declare
6267 begin
6273 or else
6275 then
6279 -- Deal with compile time length check. Note that we
6280 -- skip this in the access case, because the access
6281 -- value may be null, so we cannot know statically.
6283 if not
6284 Subtypes_Statically_Match
6286 then
6287 -- If the target type is constrained then we
6288 -- have to check for exact equality of bounds
6289 -- (required for qualified expressions).
6292 Evolve_Or_Else
6296 else
6297 Evolve_Or_Else
6309 -- Handle cases where we do not get a usable actual subtype that
6310 -- is constrained. This happens for example in the function call
6311 -- and explicit dereference cases. In these cases, we have to get
6312 -- the length or range from the expression itself, making sure we
6313 -- do not evaluate it more than once.
6315 -- Here Ck_Node is the original expression, or more properly the
6316 -- result of applying Duplicate_Expr to the original tree,
6317 -- forcing the result to be a name.
6319 else
6320 declare
6323 begin
6324 -- Build the condition for the explicit dereference case
6327 Evolve_Or_Else
6334 else
6335 -- Generate an Action to check that the bounds of the
6336 -- source value are within the constraints imposed by the
6337 -- target type for a conversion to an unconstrained type.
6338 -- Rule is 4.6(38).
6341 declare
6345 begin
6346 Opnd_Index
6352 if Is_In_Range
6354 and then
6355 Is_In_Range
6357 then
6360 -- If null range, no check needed
6362 elsif
6364 and then
6366 and then
6369 then
6372 elsif Is_Out_Of_Range
6374 or else
6375 Is_Out_Of_Range
6377 then
6378 Add_Check
6379 (Compile_Time_Constraint_Error
6382 else
6383 Evolve_Or_Else
6385 Discrete_Range_Cond
6398 -- Construct the test and insert into the tree
6405 Add_Check
6414 -------------------------------
6415 -- Storage_Checks_Suppressed --
6416 -------------------------------
6419 begin
6422 else
6427 ---------------------------
6428 -- Tag_Checks_Suppressed --
6429 ---------------------------
6432 begin