| blob | 7afabd1c2c68e0b3f4f94b5474e43299ac600e69 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C H E C K S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 1992-2013, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
69 -- General note: many of these routines are concerned with generating
70 -- checking code to make sure that constraint error is raised at runtime.
71 -- Clearly this code is only needed if the expander is active, since
72 -- otherwise we will not be generating code or going into the runtime
73 -- execution anyway.
75 -- We therefore disconnect most of these checks if the expander is
76 -- inactive. This has the additional benefit that we do not need to
77 -- worry about the tree being messed up by previous errors (since errors
78 -- turn off expansion anyway).
80 -- There are a few exceptions to the above rule. For instance routines
81 -- such as Apply_Scalar_Range_Check that do not insert any code can be
82 -- safely called even when the Expander is inactive (but Errors_Detected
83 -- is 0). The benefit of executing this code when expansion is off, is
84 -- the ability to emit constraint error warning for static expressions
85 -- even when we are not generating code.
87 -------------------------------------
88 -- Suppression of Redundant Checks --
89 -------------------------------------
91 -- This unit implements a limited circuit for removal of redundant
92 -- checks. The processing is based on a tracing of simple sequential
93 -- flow. For any sequence of statements, we save expressions that are
94 -- marked to be checked, and then if the same expression appears later
95 -- with the same check, then under certain circumstances, the second
96 -- check can be suppressed.
98 -- Basically, we can suppress the check if we know for certain that
99 -- the previous expression has been elaborated (together with its
100 -- check), and we know that the exception frame is the same, and that
101 -- nothing has happened to change the result of the exception.
103 -- Let us examine each of these three conditions in turn to describe
104 -- how we ensure that this condition is met.
106 -- First, we need to know for certain that the previous expression has
107 -- been executed. This is done principally by the mechanism of calling
108 -- Conditional_Statements_Begin at the start of any statement sequence
109 -- and Conditional_Statements_End at the end. The End call causes all
110 -- checks remembered since the Begin call to be discarded. This does
111 -- miss a few cases, notably the case of a nested BEGIN-END block with
112 -- no exception handlers. But the important thing is to be conservative.
113 -- The other protection is that all checks are discarded if a label
114 -- is encountered, since then the assumption of sequential execution
115 -- is violated, and we don't know enough about the flow.
117 -- Second, we need to know that the exception frame is the same. We
118 -- do this by killing all remembered checks when we enter a new frame.
119 -- Again, that's over-conservative, but generally the cases we can help
120 -- with are pretty local anyway (like the body of a loop for example).
122 -- Third, we must be sure to forget any checks which are no longer valid.
123 -- This is done by two mechanisms, first the Kill_Checks_Variable call is
124 -- used to note any changes to local variables. We only attempt to deal
125 -- with checks involving local variables, so we do not need to worry
126 -- about global variables. Second, a call to any non-global procedure
127 -- causes us to abandon all stored checks, since such a all may affect
128 -- the values of any local variables.
130 -- The following define the data structures used to deal with remembering
131 -- checks so that redundant checks can be eliminated as described above.
133 -- Right now, the only expressions that we deal with are of the form of
134 -- simple local objects (either declared locally, or IN parameters) or
135 -- such objects plus/minus a compile time known constant. We can do
136 -- more later on if it seems worthwhile, but this catches many simple
137 -- cases in practice.
139 -- The following record type reflects a single saved check. An entry
140 -- is made in the stack of saved checks if and only if the expression
141 -- has been elaborated with the indicated checks.
145 -- Set True if entry is killed by Kill_Checks
148 -- The entity involved in the expression that is checked
151 -- A compile time value indicating the result of adding or
152 -- subtracting a compile time value. This value is to be
153 -- added to the value of the Entity. A value of zero is
154 -- used for the case of a simple entity reference.
157 -- This is set to 'R' for a range check (in which case Target_Type
158 -- is set to the target type for the range check) or to 'O' for an
159 -- overflow check (in which case Target_Type is set to Empty).
162 -- Used only if Do_Range_Check is set. Records the target type for
163 -- the check. We need this, because a check is a duplicate only if
164 -- it has the same target type (or more accurately one with a
165 -- range that is smaller or equal to the stored target type of a
166 -- saved check).
169 -- The following table keeps track of saved checks. Rather than use an
170 -- extensible table. We just use a table of fixed size, and we discard
171 -- any saved checks that do not fit. That's very unlikely to happen and
172 -- this is only an optimization in any case.
175 -- Array of saved checks
178 -- Number of saved checks
180 -- The following stack keeps track of statement ranges. It is treated
181 -- as a stack. When Conditional_Statements_Begin is called, an entry
182 -- is pushed onto this stack containing the value of Num_Saved_Checks
183 -- at the time of the call. Then when Conditional_Statements_End is
184 -- called, this value is popped off and used to reset Num_Saved_Checks.
186 -- Note: again, this is a fixed length stack with a size that should
187 -- always be fine. If the value of the stack pointer goes above the
188 -- limit, then we just forget all saved checks.
193 -----------------------
194 -- Local Subprograms --
195 -----------------------
198 -- Used to apply arithmetic overflow checks for all cases except operators
199 -- on signed arithmetic types in MINIMIZED/ELIMINATED case (for which we
200 -- call Apply_Arithmetic_Overflow_Minimized_Eliminated below). N can be a
201 -- signed integer arithmetic operator (but not an if or case expression).
202 -- It is also called for types other than signed integers.
205 -- Used to apply arithmetic overflow checks for the case where the overflow
206 -- checking mode is MINIMIZED or ELIMINATED and we have a signed integer
207 -- arithmetic op (which includes the case of if and case expressions). Note
208 -- that Do_Overflow_Check may or may not be set for node Op. In these modes
209 -- we have work to do even if overflow checking is suppressed.
211 procedure Apply_Division_Check
216 -- N is an N_Op_Div, N_Op_Rem, or N_Op_Mod node. This routine applies
217 -- division checks as required if the Do_Division_Check flag is set.
218 -- Rlo and Rhi give the possible range of the right operand, these values
219 -- can be referenced and trusted only if ROK is set True.
221 procedure Apply_Float_Conversion_Check
224 -- The checks on a conversion from a floating-point type to an integer
225 -- type are delicate. They have to be performed before conversion, they
226 -- have to raise an exception when the operand is a NaN, and rounding must
227 -- be taken into account to determine the safe bounds of the operand.
229 procedure Apply_Selected_Length_Checks
234 -- This is the subprogram that does all the work for Apply_Length_Check
235 -- and Apply_Static_Length_Check. Expr, Target_Typ and Source_Typ are as
236 -- described for the above routines. The Do_Static flag indicates that
237 -- only a static check is to be done.
239 procedure Apply_Selected_Range_Checks
244 -- This is the subprogram that does all the work for Apply_Range_Check.
245 -- Expr, Target_Typ and Source_Typ are as described for the above
246 -- routine. The Do_Static flag indicates that only a static check is
247 -- to be done.
251 -- This function is used to see if an access or division by zero check is
252 -- needed. The check is to be applied to a single variable appearing in the
253 -- source, and N is the node for the reference. If N is not of this form,
254 -- True is returned with no further processing. If N is of the right form,
255 -- then further processing determines if the given Check is needed.
256 --
257 -- The particular circuit is to see if we have the case of a check that is
258 -- not needed because it appears in the right operand of a short circuited
259 -- conditional where the left operand guards the check. For example:
260 --
261 -- if Var = 0 or else Q / Var > 12 then
262 -- ...
263 -- end if;
264 --
265 -- In this example, the division check is not required. At the same time
266 -- we can issue warnings for suspicious use of non-short-circuited forms,
267 -- such as:
268 --
269 -- if Var = 0 or Q / Var > 12 then
270 -- ...
271 -- end if;
273 procedure Find_Check
281 -- This routine is used by Enable_Range_Check and Enable_Overflow_Check
282 -- to see if a check is of the form for optimization, and if so, to see
283 -- if it has already been performed. Expr is the expression to check,
284 -- and Check_Type is 'R' for a range check, 'O' for an overflow check.
285 -- Target_Type is the target type for a range check, and Empty for an
286 -- overflow check. If the entry is not of the form for optimization,
287 -- then Entry_OK is set to False, and the remaining out parameters
288 -- are undefined. If the entry is OK, then Ent/Ofs are set to the
289 -- entity and offset from the expression. Check_Num is the number of
290 -- a matching saved entry in Saved_Checks, or zero if no such entry
291 -- is located.
294 -- If a discriminal is used in constraining a prival, Return reference
295 -- to the discriminal of the protected body (which renames the parameter
296 -- of the enclosing protected operation). This clumsy transformation is
297 -- needed because privals are created too late and their actual subtypes
298 -- are not available when analysing the bodies of the protected operations.
299 -- This function is called whenever the bound is an entity and the scope
300 -- indicates a protected operation. If the bound is an in-parameter of
301 -- a protected operation that is not a prival, the function returns the
302 -- bound itself.
303 -- To be cleaned up???
305 function Guard_Access
309 -- In the access type case, guard the test with a test to ensure
310 -- that the access value is non-null, since the checks do not
311 -- not apply to null access values.
314 -- Called by Apply_{Length,Range}_Checks to rewrite the tree with the
315 -- Constraint_Error node.
318 -- Returns True if node N is for an arithmetic operation with signed
319 -- integer operands. This includes unary and binary operators, and also
320 -- if and case expression nodes where the dependent expressions are of
321 -- a signed integer type. These are the kinds of nodes for which special
322 -- handling applies in MINIMIZED or ELIMINATED overflow checking mode.
324 function Range_Or_Validity_Checks_Suppressed
326 -- Returns True if either range or validity checks or both are suppressed
327 -- for the type of the given expression, or, if the expression is the name
328 -- of an entity, if these checks are suppressed for the entity.
330 function Selected_Length_Checks
335 -- Like Apply_Selected_Length_Checks, except it doesn't modify
336 -- anything, just returns a list of nodes as described in the spec of
337 -- this package for the Range_Check function.
339 function Selected_Range_Checks
344 -- Like Apply_Selected_Range_Checks, except it doesn't modify anything,
345 -- just returns a list of nodes as described in the spec of this package
346 -- for the Range_Check function.
348 ------------------------------
349 -- Access_Checks_Suppressed --
350 ------------------------------
353 begin
356 else
361 -------------------------------------
362 -- Accessibility_Checks_Suppressed --
363 -------------------------------------
366 begin
369 else
374 -----------------------------
375 -- Activate_Division_Check --
376 -----------------------------
379 begin
384 -----------------------------
385 -- Activate_Overflow_Check --
386 -----------------------------
389 begin
396 --------------------------
397 -- Activate_Range_Check --
398 --------------------------
401 begin
406 ---------------------------------
407 -- Alignment_Checks_Suppressed --
408 ---------------------------------
411 begin
414 else
419 -------------------------
420 -- Append_Range_Checks --
421 -------------------------
423 procedure Append_Range_Checks
429 is
437 begin
438 -- For now we just return if Checks_On is false, however this should
439 -- be enhanced to check for an always True value in the condition
440 -- and to generate a compilation warning???
451 then
457 else
458 Append_To
466 ------------------------
467 -- Apply_Access_Check --
468 ------------------------
473 begin
474 -- We do not need checks if we are not generating code (i.e. the
475 -- expander is not active). This is not just an optimization, there
476 -- are cases (e.g. with pragma Debug) where generating the checks
477 -- can cause real trouble).
483 -- No check if short circuiting makes check unnecessary
489 -- No check if accessing the Offset_To_Top component of a dispatch
490 -- table. They are safe by construction.
492 if Tagged_Type_Expansion
497 then
501 -- Otherwise go ahead and install the check
506 -------------------------------
507 -- Apply_Accessibility_Check --
508 -------------------------------
510 procedure Apply_Accessibility_Check
514 is
520 begin
526 then
530 -- Renamed_Object must return an Entity_Name here
531 -- because of preceding "Present (E_E_A (...))" test.
540 -- Only apply the run-time check if the access parameter has an
541 -- associated extra access level parameter and when the level of the
542 -- type is less deep than the level of the access parameter, and
543 -- accessibility checks are not suppressed.
551 then
552 Param_Level :=
555 Type_Level :=
558 -- Raise Program_Error if the accessibility level of the access
559 -- parameter is deeper than the level of the target access type.
563 Condition =>
573 --------------------------------
574 -- Apply_Address_Clause_Check --
575 --------------------------------
586 -- Address expression (not necessarily the same as Aexp, for example
587 -- when Aexp is a reference to a constant, in which case Expr gets
588 -- reset to reference the value expression of the constant.
591 -- Post error warnings when alignment is known to be incompatible. Note
592 -- that we do not go as far as inserting a raise of Program_Error since
593 -- this is an erroneous case, and it may happen that we are lucky and an
594 -- underaligned address turns out to be OK after all.
596 --------------------------------
597 -- Compile_Time_Bad_Alignment --
598 --------------------------------
601 begin
603 Error_Msg_FE
606 Error_Msg_FE
613 -- Start of processing for Apply_Address_Clause_Check
615 begin
616 -- See if alignment check needed. Note that we never need a check if the
617 -- maximum alignment is one, since the check will always succeed.
619 -- Note: we do not check for checks suppressed here, since that check
620 -- was done in Sem_Ch13 when the address clause was processed. We are
621 -- only called if checks were not suppressed. The reason for this is
622 -- that we have to delay the call to Apply_Alignment_Check till freeze
623 -- time (so that all types etc are elaborated), but we have to check
624 -- the status of check suppressing at the point of the address clause.
629 then
633 -- Obtain expression from address clause
637 -- The following loop digs for the real expression to use in the check
639 loop
640 -- For constant, get constant expression
644 then
647 -- For unchecked conversion, get result to convert
652 -- For (common case) of To_Address call, get argument
657 then
664 -- We finally have the real expression
666 else
671 -- See if we know that Expr has a bad alignment at compile time
675 then
676 declare
679 begin
680 -- The object alignment might be more restrictive than the
681 -- type alignment.
688 Compile_Time_Bad_Alignment;
689 else
694 -- If the expression has the form X'Address, then we can find out if
695 -- the object X has an alignment that is compatible with the object E.
696 -- If it hasn't or we don't know, we defer issuing the warning until
697 -- the end of the compilation to take into account back end annotations.
702 then
706 -- Here we do not know if the value is acceptable. Strictly we don't
707 -- have to do anything, since if the alignment is bad, we have an
708 -- erroneous program. However we are allowed to check for erroneous
709 -- conditions and we decide to do this by default if the check is not
710 -- suppressed.
712 -- However, don't do the check if elaboration code is unwanted
717 -- Generate a check to raise PE if alignment may be inappropriate
719 else
720 -- If the original expression is a non-static constant, use the
721 -- name of the constant itself rather than duplicating its
722 -- defining expression, which was extracted above.
724 -- Note: Expr is empty if the address-clause is applied to in-mode
725 -- actuals (allowed by 13.1(22)).
728 or else
733 then
735 else
745 Condition =>
747 Left_Opnd =>
749 Left_Opnd =>
750 Unchecked_Convert_To
752 Right_Opnd =>
762 exception
763 -- If we have some missing run time component in configurable run time
764 -- mode then just skip the check (it is not required in any case).
770 -------------------------------------
771 -- Apply_Arithmetic_Overflow_Check --
772 -------------------------------------
775 begin
776 -- Use old routine in almost all cases (the only case we are treating
777 -- specially is the case of a signed integer arithmetic op with the
778 -- overflow checking mode set to MINIMIZED or ELIMINATED).
782 then
785 -- Otherwise use the new routine for the case of a signed integer
786 -- arithmetic op, with Do_Overflow_Check set to True, and the checking
787 -- mode is MINIMIZED or ELIMINATED.
789 else
794 --------------------------------------
795 -- Apply_Arithmetic_Overflow_Strict --
796 --------------------------------------
798 -- This routine is called only if the type is an integer type, and a
799 -- software arithmetic overflow check may be needed for op (add, subtract,
800 -- or multiply). This check is performed only if Software_Overflow_Checking
801 -- is enabled and Do_Overflow_Check is set. In this case we expand the
802 -- operation into a more complex sequence of tests that ensures that
803 -- overflow is properly caught.
805 -- This is used in CHECKED modes. It is identical to the code for this
806 -- cases before the big overflow earthquake, thus ensuring that in this
807 -- modes we have compatible behavior (and reliability) to what was there
808 -- before. It is also called for types other than signed integers, and if
809 -- the Do_Overflow_Check flag is off.
811 -- Note: we also call this routine if we decide in the MINIMIZED case
812 -- to give up and just generate an overflow check without any fuss.
819 begin
820 -- Nothing to do if Do_Overflow_Check not set or overflow checks
821 -- suppressed.
827 -- An interesting special case. If the arithmetic operation appears as
828 -- the operand of a type conversion:
830 -- type1 (x op y)
832 -- and all the following conditions apply:
834 -- arithmetic operation is for a signed integer type
835 -- target type type1 is a static integer subtype
836 -- range of x and y are both included in the range of type1
837 -- range of x op y is included in the range of type1
838 -- size of type1 is at least twice the result size of op
840 -- then we don't do an overflow check in any case, instead we transform
841 -- the operation so that we end up with:
843 -- type1 (type1 (x) op type1 (y))
845 -- This avoids intermediate overflow before the conversion. It is
846 -- explicitly permitted by RM 3.5.4(24):
848 -- For the execution of a predefined operation of a signed integer
849 -- type, the implementation need not raise Constraint_Error if the
850 -- result is outside the base range of the type, so long as the
851 -- correct result is produced.
853 -- It's hard to imagine that any programmer counts on the exception
854 -- being raised in this case, and in any case it's wrong coding to
855 -- have this expectation, given the RM permission. Furthermore, other
856 -- Ada compilers do allow such out of range results.
858 -- Note that we do this transformation even if overflow checking is
859 -- off, since this is precisely about giving the "right" result and
860 -- avoiding the need for an overflow check.
862 -- Note: this circuit is partially redundant with respect to the similar
863 -- processing in Exp_Ch4.Expand_N_Type_Conversion, but the latter deals
864 -- with cases that do not come through here. We still need the following
865 -- processing even with the Exp_Ch4 code in place, since we want to be
866 -- sure not to generate the arithmetic overflow check in these cases
867 -- (Exp_Ch4 would have a hard time removing them once generated).
871 then
887 begin
890 then
894 Determine_Range
896 Determine_Range
902 then
916 -- Rewrite the conversion operand so that the original
917 -- node is retained, in order to avoid the warning for
918 -- redundant conversions in Resolve_Type_Conversion.
927 -- Given that the target type is twice the size of the
928 -- source type, overflow is now impossible, so we can
929 -- safely kill the overflow check and return.
939 -- Now see if an overflow check is required
941 declare
949 begin
950 -- Skip check if back end does overflow checks, or the overflow flag
951 -- is not set anyway, or we are not doing code expansion, or the
952 -- parent node is a type conversion whose operand is an arithmetic
953 -- operation on signed integers on which the expander can promote
954 -- later the operands to type Integer (see Expand_N_Type_Conversion).
956 -- Special case CLI target, where arithmetic overflow checks can be
957 -- performed for integer and long_integer
959 if Backend_Overflow_Checks_On_Target
961 or else not Full_Expander_Active
965 or else
967 then
971 -- Otherwise, generate the full general code for front end overflow
972 -- detection, which works by doing arithmetic in a larger type:
974 -- x op y
976 -- is expanded into
978 -- Typ (Checktyp (x) op Checktyp (y));
980 -- where Typ is the type of the original expression, and Checktyp is
981 -- an integer type of sufficient length to hold the largest possible
982 -- result.
984 -- If the size of check type exceeds the size of Long_Long_Integer,
985 -- we use a different approach, expanding to:
987 -- typ (xxx_With_Ovflo_Check (Integer_64 (x), Integer (y)))
989 -- where xxx is Add, Multiply or Subtract as appropriate
991 -- Find check type if one exists
999 -- No check type exists, use runtime call
1001 else
1008 else
1025 -- If we fall through, we have the case where we do the arithmetic
1026 -- in the next higher type and get the check by conversion. In these
1027 -- cases Ctyp is set to the type to be used as the check type.
1045 -- The type of the operation changes to the base type of the check
1046 -- type, and we reset the overflow check indication, since clearly no
1047 -- overflow is possible now that we are using a double length type.
1048 -- We also set the Analyzed flag to avoid a recursive attempt to
1049 -- expand the node.
1055 -- Now build the outer conversion
1061 -- In the discrete type case, we directly generate the range check
1062 -- for the outer operand. This range check will implement the
1063 -- required overflow check.
1067 Generate_Range_Check
1070 -- For other types, we enable overflow checking on the conversion,
1071 -- after setting the node as analyzed to prevent recursive attempts
1072 -- to expand the conversion node.
1074 else
1080 exception
1086 ----------------------------------------------------
1087 -- Apply_Arithmetic_Overflow_Minimized_Eliminated --
1088 ----------------------------------------------------
1097 -- Operands and results are of this type when we convert
1100 -- Original result type
1106 -- Ranges of values for result
1108 begin
1109 -- Nothing to do if our parent is one of the following:
1111 -- Another signed integer arithmetic op
1112 -- A membership operation
1113 -- A comparison operation
1115 -- In all these cases, we will process at the higher level (and then
1116 -- this node will be processed during the downwards recursion that
1117 -- is part of the processing in Minimize_Eliminate_Overflows).
1123 -- This is also true for an alternative in a case expression
1127 -- This is also true for a range operand in a membership test
1131 then
1135 -- Otherwise, we have a top level arithmetic operation node, and this
1136 -- is where we commence the special processing for MINIMIZED/ELIMINATED
1137 -- modes. This is the case where we tell the machinery not to move into
1138 -- Bignum mode at this top level (of course the top level operation
1139 -- will still be in Bignum mode if either of its operands are of type
1140 -- Bignum).
1144 -- That call may but does not necessarily change the result type of Op.
1145 -- It is the job of this routine to undo such changes, so that at the
1146 -- top level, we have the proper type. This "undoing" is a point at
1147 -- which a final overflow check may be applied.
1149 -- If the result type was not fiddled we are all set. We go to base
1150 -- types here because things may have been rewritten to generate the
1151 -- base type of the operand types.
1156 -- Bignum case
1160 -- We need a sequence that looks like:
1162 -- Rnn : Result_Type;
1164 -- declare
1165 -- M : Mark_Id := SS_Mark;
1166 -- begin
1167 -- Rnn := Long_Long_Integer'Base (From_Bignum (Op));
1168 -- SS_Release (M);
1169 -- end;
1171 -- This block is inserted (using Insert_Actions), and then the node
1172 -- is replaced with a reference to Rnn.
1174 -- A special case arises if our parent is a conversion node. In this
1175 -- case no point in generating a conversion to Result_Type, we will
1176 -- let the parent handle this. Note that this special case is not
1177 -- just about optimization. Consider
1179 -- A,B,C : Integer;
1180 -- ...
1181 -- X := Long_Long_Integer'Base (A * (B ** C));
1183 -- Now the product may fit in Long_Long_Integer but not in Integer.
1184 -- In MINIMIZED/ELIMINATED mode, we don't want to introduce an
1185 -- overflow exception for this intermediate value.
1187 declare
1194 begin
1201 -- Interesting question, do we need a check on that conversion
1202 -- operation. Answer, not if we know the result is in range.
1203 -- At the moment we are not taking advantage of this. To be
1204 -- looked at later ???
1206 else
1210 Insert_Before
1220 Blk));
1226 -- Here we know the result is Long_Long_Integer'Base, of that it has
1227 -- been rewritten because the parent operation is a conversion. See
1228 -- Apply_Arithmetic_Overflow_Strict.Conversion_Optimization.
1230 else
1231 pragma Assert
1234 -- All we need to do here is to convert the result to the proper
1235 -- result type. As explained above for the Bignum case, we can
1236 -- omit this if our parent is a type conversion.
1246 ----------------------------
1247 -- Apply_Constraint_Check --
1248 ----------------------------
1250 procedure Apply_Constraint_Check
1254 is
1257 begin
1258 -- No checks inside a generic (check the instantiations)
1264 -- Apply required constraint checks
1271 -- A useful optimization: an aggregate with only an others clause
1272 -- always has the right bounds.
1276 and then Nkind
1278 = N_Others_Choice
1279 then
1289 else
1296 then
1303 -- No checks necessary if expression statically null
1310 -- No sliding possible on access to arrays
1321 then
1325 -- Apply the 2005 Null_Excluding check. Note that we do not apply
1326 -- this check if the constraint node is illegal, as shown by having
1327 -- an error posted. This additional guard prevents cascaded errors
1328 -- and compiler aborts on illegal programs involving Ada 2005 checks.
1333 then
1339 ------------------------------
1340 -- Apply_Discriminant_Check --
1341 ------------------------------
1343 procedure Apply_Discriminant_Check
1347 is
1355 -- A heap object with an indefinite subtype is constrained by its
1356 -- initial value, and assigning to it requires a constraint_check.
1357 -- The target may be an explicit dereference, or a renaming of one.
1360 -- It is possible for an aliased component to have a nominal
1361 -- unconstrained subtype (through instantiation). If this is a
1362 -- discriminated component assigned in the expansion of an aggregate
1363 -- in an initialization, the check must be suppressed. This unusual
1364 -- situation requires a predicate of its own.
1366 ----------------------------------
1367 -- Denotes_Explicit_Dereference --
1368 ----------------------------------
1371 begin
1372 return
1374 or else
1378 N_Explicit_Dereference);
1381 ----------------------------------------
1382 -- Is_Aliased_Unconstrained_Component --
1383 ----------------------------------------
1389 begin
1392 else
1399 then
1404 and then In_Instance
1408 -- Start of processing for Apply_Discriminant_Check
1410 begin
1413 else
1417 -- Nothing to do if discriminant checks are suppressed or else no code
1418 -- is to be generated
1420 if not Full_Expander_Active
1422 then
1426 -- No discriminant checks necessary for an access when expression is
1427 -- statically Null. This is not only an optimization, it is fundamental
1428 -- because otherwise discriminant checks may be generated in init procs
1429 -- for types containing an access to a not-yet-frozen record, causing a
1430 -- deadly forward reference.
1432 -- Also, if the expression is of an access type whose designated type is
1433 -- incomplete, then the access value must be null and we suppress the
1434 -- check.
1447 -- If an assignment target is present, then we need to generate the
1448 -- actual subtype if the target is a parameter or aliased object with
1449 -- an unconstrained nominal subtype.
1451 -- Ada 2005 (AI-363): For Ada 2005, we limit the building of the actual
1452 -- subtype to the parameter and dereference cases, since other aliased
1453 -- objects are unconstrained (unless the nominal subtype is explicitly
1454 -- constrained).
1466 N_Function_Call))
1467 then
1471 -- Nothing to do if the type is unconstrained (this is the case where
1472 -- the actual subtype in the RM sense of N is unconstrained and no check
1473 -- is required).
1478 -- Ada 2005: nothing to do if the type is one for which there is a
1479 -- partial view that is constrained.
1482 and then Effectively_Has_Constrained_Partial_View
1485 then
1489 -- Nothing to do if the type is an Unchecked_Union
1495 -- Suppress checks if the subtypes are the same. the check must be
1496 -- preserved in an assignment to a formal, because the constraint is
1497 -- given by the actual.
1503 then
1507 then
1511 -- We can also eliminate checks on allocators with a subtype mark that
1512 -- coincides with the context type. The context type may be a subtype
1513 -- without a constraint (common case, a generic actual).
1517 then
1518 declare
1522 begin
1529 then
1535 -- See if we have a case where the types are both constrained, and all
1536 -- the constraints are constants. In this case, we can do the check
1537 -- successfully at compile time.
1539 -- We skip this check for the case where the node is rewritten`as
1540 -- an allocator, because it already carries the context subtype,
1541 -- and extracting the discriminants from the aggregate is messy.
1545 then
1546 declare
1553 begin
1554 -- S_Typ may not have discriminants in the case where it is a
1555 -- private type completed by a default discriminated type. In that
1556 -- case, we need to get the constraints from the underlying_type.
1557 -- If the underlying type is unconstrained (i.e. has no default
1558 -- discriminants) no check is needed.
1564 else
1566 DconS :=
1567 First_Elmt
1574 -- A further optimization: if T_Typ is derived from S_Typ
1575 -- without imposing a constraint, no check is needed.
1578 N_Full_Type_Declaration
1579 then
1580 declare
1583 begin
1587 then
1594 -- Constraint may appear in full view of type
1598 then
1599 DconT :=
1601 else
1602 DconT :=
1610 -- For a discriminated component type constrained by the
1611 -- current instance of an enclosing type, there is no
1612 -- applicable discriminant check.
1618 then
1622 -- If the expressions for the discriminants are identical
1623 -- and it is side-effect free (for now just an entity),
1624 -- this may be a shared constraint, e.g. from a subtype
1625 -- without a constraint introduced as a generic actual.
1626 -- Examine other discriminants if any.
1630 then
1635 then
1641 else
1642 Apply_Compile_Time_Constraint_Error
1660 -- Here we need a discriminant check. First build the expression
1661 -- for the comparisons of the discriminants:
1663 -- (n.disc1 /= typ.disc1) or else
1664 -- (n.disc2 /= typ.disc2) or else
1665 -- ...
1666 -- (n.discn /= typ.discn)
1670 -- If Lhs is set and is a parameter, then the condition is guarded by:
1671 -- lhs'constrained and then (condition built above)
1674 Cond :=
1676 Left_Opnd =>
1693 -------------------------
1694 -- Apply_Divide_Checks --
1695 -------------------------
1704 -- Current overflow checking mode
1715 -- Don't actually use this value
1717 begin
1718 -- If we are operating in MINIMIZED or ELIMINATED mode, and we are
1719 -- operating on signed integer types, then the only thing this routine
1720 -- does is to call Apply_Arithmetic_Overflow_Minimized_Eliminated. That
1721 -- procedure will (possibly later on during recursive downward calls),
1722 -- ensure that any needed overflow/division checks are properly applied.
1726 then
1731 -- Proceed here in SUPPRESSED or CHECKED modes
1733 if Full_Expander_Active
1734 and then not Backend_Divide_Checks_On_Target
1736 then
1739 -- Deal with division check
1743 then
1747 -- Deal with overflow check
1751 then
1753 -- Test for extremely annoying case of xxx'First divided by -1
1754 -- for division of signed integer types (only overflow case).
1758 then
1763 and then
1765 then
1768 Condition =>
1770 Left_Opnd =>
1772 Left_Opnd =>
1776 Right_Opnd =>
1788 --------------------------
1789 -- Apply_Division_Check --
1790 --------------------------
1792 procedure Apply_Division_Check
1797 is
1803 begin
1804 if Full_Expander_Active
1805 and then not Backend_Divide_Checks_On_Target
1807 then
1808 -- See if division by zero possible, and if so generate test. This
1809 -- part of the test is not controlled by the -gnato switch, since
1810 -- it is a Division_Check and not an Overflow_Check.
1816 Condition =>
1826 ----------------------------------
1827 -- Apply_Float_Conversion_Check --
1828 ----------------------------------
1830 -- Let F and I be the source and target types of the conversion. The RM
1831 -- specifies that a floating-point value X is rounded to the nearest
1832 -- integer, with halfway cases being rounded away from zero. The rounded
1833 -- value of X is checked against I'Range.
1835 -- The catch in the above paragraph is that there is no good way to know
1836 -- whether the round-to-integer operation resulted in overflow. A remedy is
1837 -- to perform a range check in the floating-point domain instead, however:
1839 -- (1) The bounds may not be known at compile time
1840 -- (2) The check must take into account rounding or truncation.
1841 -- (3) The range of type I may not be exactly representable in F.
1842 -- (4) For the rounding case, The end-points I'First - 0.5 and
1843 -- I'Last + 0.5 may or may not be in range, depending on the
1844 -- sign of I'First and I'Last.
1845 -- (5) X may be a NaN, which will fail any comparison
1847 -- The following steps correctly convert X with rounding:
1849 -- (1) If either I'First or I'Last is not known at compile time, use
1850 -- I'Base instead of I in the next three steps and perform a
1851 -- regular range check against I'Range after conversion.
1852 -- (2) If I'First - 0.5 is representable in F then let Lo be that
1853 -- value and define Lo_OK as (I'First > 0). Otherwise, let Lo be
1854 -- F'Machine (I'First) and let Lo_OK be (Lo >= I'First).
1855 -- In other words, take one of the closest floating-point numbers
1856 -- (which is an integer value) to I'First, and see if it is in
1857 -- range or not.
1858 -- (3) If I'Last + 0.5 is representable in F then let Hi be that value
1859 -- and define Hi_OK as (I'Last < 0). Otherwise, let Hi be
1860 -- F'Machine (I'Last) and let Hi_OK be (Hi <= I'Last).
1861 -- (4) Raise CE when (Lo_OK and X < Lo) or (not Lo_OK and X <= Lo)
1862 -- or (Hi_OK and X > Hi) or (not Hi_OK and X >= Hi)
1864 -- For the truncating case, replace steps (2) and (3) as follows:
1865 -- (2) If I'First > 0, then let Lo be F'Pred (I'First) and let Lo_OK
1866 -- be False. Otherwise, let Lo be F'Succ (I'First - 1) and let
1867 -- Lo_OK be True.
1868 -- (3) If I'Last < 0, then let Hi be F'Succ (I'Last) and let Hi_OK
1869 -- be False. Otherwise let Hi be F'Pred (I'Last + 1) and let
1870 -- Hi_OK be True.
1872 procedure Apply_Float_Conversion_Check
1875 is
1885 -- Parent of check node, must be a type conversion
1889 UI_Expon
1893 -- Largest bound, so bound plus or minus half is a machine number of F
1896 -- Bounds of integer type
1899 -- Bounds to check in floating-point domain
1902 -- True iff Lo resp. Hi belongs to I'Range
1905 -- Expressions that are False iff check fails
1909 begin
1912 then
1913 declare
1914 -- First check that the value falls in the range of the base type,
1915 -- to prevent overflow during conversion and then perform a
1916 -- regular range check against the (dynamic) bounds.
1922 begin
1935 Condition =>
1946 -- Get the (static) bounds of the target type
1951 -- A simple optimization: if the expression is a universal literal,
1952 -- we can do the comparison with the bounds and the conversion to
1953 -- an integer type statically. The range checks are unchanged.
1959 then
1960 declare
1963 begin
1966 -- Conversion is safe
1976 -- Check against lower bound
1990 else
1997 -- Lo_Chk := (X >= Lo)
2003 else
2004 -- Lo_Chk := (X > Lo)
2011 -- Check against higher bound
2024 else
2031 -- Hi_Chk := (X <= Hi)
2037 else
2038 -- Hi_Chk := (X < Hi)
2045 -- If the bounds of the target type are the same as those of the base
2046 -- type, the check is an overflow check as a range check is not
2047 -- performed in these cases.
2051 then
2053 else
2057 -- Raise CE if either conditions does not hold
2065 ------------------------
2066 -- Apply_Length_Check --
2067 ------------------------
2069 procedure Apply_Length_Check
2073 is
2074 begin
2075 Apply_Selected_Length_Checks
2079 -------------------------------------
2080 -- Apply_Parameter_Aliasing_Checks --
2081 -------------------------------------
2083 procedure Apply_Parameter_Aliasing_Checks
2086 is
2087 function May_Cause_Aliasing
2090 -- Determine whether two formal parameters can alias each other
2091 -- depending on their modes.
2094 -- The expander may replace an actual with a temporary for the sake of
2095 -- side effect removal. The temporary may hide a potential aliasing as
2096 -- it does not share the address of the actual. This routine attempts
2097 -- to retrieve the original actual.
2099 ------------------------
2100 -- May_Cause_Aliasing --
2101 ------------------------
2103 function May_Cause_Aliasing
2106 is
2107 begin
2108 -- The following combination cannot lead to aliasing
2110 -- Formal 1 Formal 2
2111 -- IN IN
2114 and then
2116 then
2119 -- The following combinations may lead to aliasing
2121 -- Formal 1 Formal 2
2122 -- IN OUT
2123 -- IN IN OUT
2124 -- OUT IN
2125 -- OUT IN OUT
2126 -- OUT OUT
2128 else
2133 ---------------------
2134 -- Original_Actual --
2135 ---------------------
2138 begin
2142 -- The expander created a temporary to capture the result of a type
2143 -- conversion where the expression is the real actual.
2148 then
2155 -- Local variables
2165 -- Start of processing for Apply_Parameter_Aliasing_Checks
2167 begin
2174 -- Ensure that the actual is an object that is not passed by value.
2175 -- Elementary types are always passed by value, therefore actuals of
2176 -- such types cannot lead to aliasing.
2180 then
2185 -- The other actual we are testing against must also denote
2186 -- a non pass-by-value object. Generate the check only when
2187 -- the mode of the two formals may lead to aliasing.
2190 and then not
2193 then
2194 -- Generate:
2195 -- Actual_1'Overlaps_Storage (Actual_2)
2197 Check :=
2199 Prefix =>
2202 Expressions =>
2207 else
2208 Cond :=
2224 -- Place the check right before the call
2234 -------------------------------------
2235 -- Apply_Parameter_Validity_Checks --
2236 -------------------------------------
2241 procedure Add_Validity_Check
2245 -- Add a single 'Valid[_Scalar] check which verifies the initialization
2246 -- of Context. PPC_Nam denotes the pre or post condition pragma name.
2247 -- Set flag For_Result when to verify the result of a function.
2250 -- Create a pre or post condition pragma with name PPC_Nam which
2251 -- tests expression Check.
2253 ------------------------
2254 -- Add_Validity_Check --
2255 ------------------------
2257 procedure Add_Validity_Check
2261 is
2267 begin
2268 -- Pick the proper version of 'Valid depending on the type of the
2269 -- context. If the context is not eligible for such a check, return.
2275 else
2279 -- Step 1: Create the expression to verify the validity of the
2280 -- context.
2284 -- When processing a function result, use 'Result. Generate
2285 -- Context'Result
2288 Check :=
2294 -- Generate:
2295 -- Context['Result]'Valid[_Scalars]
2297 Check :=
2302 -- Step 2: Create a pre or post condition pragma
2307 ----------------------
2308 -- Build_PPC_Pragma --
2309 ----------------------
2316 begin
2317 Prag :=
2325 -- Add a message unless exception messages are suppressed
2331 Expression =>
2337 -- Insert the pragma in the tree
2343 -- PPC pragmas associated with subprogram bodies must be inserted in
2344 -- the declarative part of the body.
2356 -- Ensure the proper visibility of the subprogram body and its
2357 -- parameters.
2361 Pop_Scope;
2363 -- For subprogram declarations insert the PPC pragma right after the
2364 -- declarative node.
2366 else
2371 -- Local variables
2376 -- Start of processing for Apply_Parameter_Validity_Checks
2378 begin
2379 -- Extract the subprogram specification and declaration nodes
2391 -- Do not process formal subprograms because the corresponding actual
2392 -- will receive the proper checks when the instance is analyzed.
2396 -- Do not process imported subprograms since pre and post conditions
2397 -- are never verified on routines coming from a different language.
2402 -- The PPC pragmas generated by this routine do not correspond to
2403 -- source aspects, therefore they cannot be applied to abstract
2404 -- subprograms.
2408 -- Do not consider subprogram renaminds because the renamed entity
2409 -- already has the proper PPC pragmas.
2413 -- Do not process null procedures because there is no benefit of
2414 -- adding the checks to a no action routine.
2418 then
2422 -- Inspect all the formals applying aliasing and scalar initialization
2423 -- checks where applicable.
2428 -- Generate the following scalar initialization checks for each
2429 -- formal parameter:
2431 -- mode IN - Pre => Formal'Valid[_Scalars]
2432 -- mode IN OUT - Pre, Post => Formal'Valid[_Scalars]
2433 -- mode OUT - Post => Formal'Valid[_Scalars]
2448 -- Generate following scalar initialization check for function result:
2450 -- Post => Subp'Result'Valid[_Scalars]
2457 ---------------------------
2458 -- Apply_Predicate_Check --
2459 ---------------------------
2464 begin
2467 -- A predicate check does not apply within internally generated
2468 -- subprograms, such as TSS functions.
2478 -- If the check appears within the predicate function itself, it
2479 -- means that the user specified a check whose formal is the
2480 -- predicated subtype itself, rather than some covering type. This
2481 -- is likely to be a common error, and thus deserves a warning.
2484 Error_Msg_N
2487 Error_Msg_N
2493 -- Here for normal case of predicate active.
2495 else
2496 -- If the predicate is a static predicate and the operand is
2497 -- static, the predicate must be evaluated statically. If the
2498 -- evaluation fails this is a static constraint error. This check
2499 -- is disabled in -gnatc mode, because the compiler is incapable
2500 -- of evaluating static expressions in that case.
2506 then
2508 else
2509 Error_Msg_NE
2522 -----------------------
2523 -- Apply_Range_Check --
2524 -----------------------
2526 procedure Apply_Range_Check
2530 is
2531 begin
2532 Apply_Selected_Range_Checks
2536 ------------------------------
2537 -- Apply_Scalar_Range_Check --
2538 ------------------------------
2540 -- Note that Apply_Scalar_Range_Check never turns the Do_Range_Check flag
2541 -- off if it is already set on.
2543 procedure Apply_Scalar_Range_Check
2548 is
2556 -- Set true if Expr is a subscript
2559 -- Set true if Expr is a subscript of an unconstrained array. In this
2560 -- case we do not attempt to do an analysis of the value against the
2561 -- range of the subscript, since we don't know the actual subtype.
2564 -- Set to True if Expr should be regarded as a real value even though
2565 -- the type of Expr might be discrete.
2568 -- Procedure called if value is determined to be out of range
2570 ---------------
2571 -- Bad_Value --
2572 ---------------
2575 begin
2576 Apply_Compile_Time_Constraint_Error
2582 -- Start of processing for Apply_Scalar_Range_Check
2584 begin
2585 -- Return if check obviously not needed
2587 if
2588 -- Not needed inside generic
2590 Inside_A_Generic
2592 -- Not needed if previous error
2597 -- Not needed for non-scalar type
2601 -- Not needed if we know node raises CE already
2604 then
2608 -- Now, see if checks are suppressed
2610 Is_Subscr_Ref :=
2624 -- Subscript reference. Check for Index_Checks suppressed
2628 -- Check array type and its base type
2632 then
2635 -- Check array itself if it is an entity name
2639 then
2642 -- Check expression itself if it is an entity name
2646 then
2650 -- All other cases, check for Range_Checks suppressed
2652 else
2653 -- Check target type and its base type
2657 then
2660 -- Check expression itself if it is an entity name
2664 then
2667 -- If Expr is part of an assignment statement, then check left
2668 -- side of assignment if it is an entity name.
2673 then
2679 -- Do not set range checks if they are killed
2683 then
2687 -- Do not set range checks for any values from System.Scalar_Values
2688 -- since the whole idea of such values is to avoid checking them!
2692 then
2696 -- Now see if we need a check
2700 else
2708 Is_Unconstrained_Subscr_Ref :=
2711 -- Special checks for floating-point type
2715 -- Always do a range check if the source type includes infinities and
2716 -- the target type does not include infinities. We do not do this if
2717 -- range checks are killed.
2721 then
2724 -- Always do a range check for operators if option set
2731 -- Return if we know expression is definitely in the range of the target
2732 -- type as determined by Determine_Range. Right now we only do this for
2733 -- discrete types, and not fixed-point or floating-point types.
2735 -- The additional less-precise tests below catch these cases
2737 -- Note: skip this if we are given a source_typ, since the point of
2738 -- supplying a Source_Typ is to stop us looking at the expression.
2739 -- We could sharpen this test to be out parameters only ???
2743 and then not Is_Unconstrained_Subscr_Ref
2745 then
2746 declare
2752 begin
2755 then
2756 declare
2760 begin
2761 -- If range is null, we for sure have a constraint error
2762 -- (we don't even need to look at the value involved,
2763 -- since all possible values will raise CE).
2766 Bad_Value;
2770 -- Otherwise determine range of value
2776 -- If definitely in range, all OK
2781 -- If definitely not in range, warn
2784 Bad_Value;
2787 -- Otherwise we don't know
2789 else
2798 Int_Real :=
2802 -- Check if we can determine at compile time whether Expr is in the
2803 -- range of the target type. Note that if S_Typ is within the bounds
2804 -- of Target_Typ then this must be the case. This check is meaningful
2805 -- only if this is not a conversion between integer and real types.
2807 if not Is_Unconstrained_Subscr_Ref
2809 and then
2811 or else
2816 then
2823 then
2824 Bad_Value;
2827 -- Floating-point case
2828 -- In the floating-point case, we only do range checks if the type is
2829 -- constrained. We definitely do NOT want range checks for unconstrained
2830 -- types, since we want to have infinities
2834 -- Normally, we only do range checks if the type is constrained. We do
2835 -- NOT want range checks for unconstrained types, since we want to have
2836 -- infinities. Override this decision in Check_Float_Overflow mode.
2842 -- For all other cases we enable a range check unconditionally
2844 else
2850 ----------------------------------
2851 -- Apply_Selected_Length_Checks --
2852 ----------------------------------
2854 procedure Apply_Selected_Length_Checks
2859 is
2869 begin
2874 R_Result :=
2881 -- A length check may mention an Itype which is attached to a
2882 -- subsequent node. At the top level in a package this can cause
2883 -- an order-of-elaboration problem, so we make sure that the itype
2884 -- is referenced now.
2888 then
2899 -- If the item is a conditional raise of constraint error, then have
2900 -- a look at what check is being performed and ???
2904 then
2907 -- Case where node does not now have a dynamic check
2911 -- If checks are on, just insert the check
2920 -- If checks are off, then analyze the length check after
2921 -- temporarily attaching it to the tree in case the relevant
2922 -- condition can be evaluated at compile time. We still want a
2923 -- compile time warning in this case.
2925 else
2931 -- Output a warning if the condition is known to be True
2935 then
2936 Apply_Compile_Time_Constraint_Error
2938 CE_Length_Check_Failed,
2942 -- If we were only doing a static check, or if checks are not
2943 -- on, then we want to delete the check, since it is not needed.
2944 -- We do this by replacing the if statement by a null statement
2951 else
2957 ---------------------------------
2958 -- Apply_Selected_Range_Checks --
2959 ---------------------------------
2961 procedure Apply_Selected_Range_Checks
2966 is
2976 begin
2981 R_Result :=
2989 -- If the item is a conditional raise of constraint error, then have
2990 -- a look at what check is being performed and ???
2994 then
3005 -- Output a warning if the condition is known to be True
3009 then
3010 -- Since an N_Range is technically not an expression, we have
3011 -- to set one of the bounds to C_E and then just flag the
3012 -- N_Range. The warning message will point to the lower bound
3013 -- and complain about a range, which seems OK.
3016 Apply_Compile_Time_Constraint_Error
3018 CE_Range_Check_Failed,
3024 else
3025 Apply_Compile_Time_Constraint_Error
3027 CE_Range_Check_Failed,
3032 -- If we were only doing a static check, or if checks are not
3033 -- on, then we want to delete the check, since it is not needed.
3034 -- We do this by replacing the if statement by a null statement
3041 else
3047 -------------------------------
3048 -- Apply_Static_Length_Check --
3049 -------------------------------
3051 procedure Apply_Static_Length_Check
3055 is
3056 begin
3057 Apply_Selected_Length_Checks
3061 -------------------------------------
3062 -- Apply_Subscript_Validity_Checks --
3063 -------------------------------------
3068 begin
3071 -- Loop through subscripts
3076 -- Check one subscript. Note that we do not worry about enumeration
3077 -- type with holes, since we will convert the value to a Pos value
3078 -- for the subscript, and that convert will do the necessary validity
3079 -- check.
3083 -- Move to next subscript
3089 ----------------------------------
3090 -- Apply_Type_Conversion_Checks --
3091 ----------------------------------
3099 -- Note: if Etype (Expr) is a private type without discriminants, its
3100 -- full view might have discriminants with defaults, so we need the
3101 -- full view here to retrieve the constraints.
3103 begin
3107 -- Skip these checks if serious errors detected, there are some nasty
3108 -- situations of incomplete trees that blow things up.
3113 -- Scalar type conversions of the form Target_Type (Expr) require a
3114 -- range check if we cannot be sure that Expr is in the base type of
3115 -- Target_Typ and also that Expr is in the range of Target_Typ. These
3116 -- are not quite the same condition from an implementation point of
3117 -- view, but clearly the second includes the first.
3120 declare
3122 -- If the Conversion_OK flag on the type conversion is set and no
3123 -- floating point type is involved in the type conversion then
3124 -- fixed point values must be read as integral values.
3130 begin
3133 and then not
3135 and then not Float_To_Int
3136 then
3142 then
3145 else
3146 Apply_Scalar_Range_Check
3149 -- If the target type has predicates, we need to indicate
3150 -- the need for a check, even if Determine_Range finds
3151 -- that the value is within bounds. This may be the case
3152 -- e.g for a division with a constant denominator.
3168 then
3169 -- An unconstrained derived type may have inherited discriminant.
3170 -- Build an actual discriminant constraint list using the stored
3171 -- constraint, to verify that the expression of the parent type
3172 -- satisfies the constraints imposed by the (unconstrained!)
3173 -- derived type. This applies to value conversions, not to view
3174 -- conversions of tagged types.
3176 declare
3187 begin
3194 then
3199 then
3200 -- Parent is constrained by new discriminant. Obtain
3201 -- Value of original discriminant in expression. If the
3202 -- new discriminant has been used to constrain more than
3203 -- one of the stored discriminants, this will provide the
3204 -- required consistency check.
3206 Append_Elmt
3208 Prefix =>
3209 Duplicate_Subexpr_No_Checks
3211 Selector_Name =>
3213 New_Constraints);
3215 else
3216 -- Discriminant of more remote ancestor ???
3221 -- Derived type definition has an explicit value for this
3222 -- stored discriminant.
3224 else
3225 Append_Elmt
3227 New_Constraints);
3233 -- Use the unconstrained expression type to retrieve the
3234 -- discriminants of the parent, and apply momentarily the
3235 -- discriminant constraint synthesized above.
3247 -- For arrays, conversions are applied during expansion, to take into
3248 -- accounts changes of representation. The checks become range checks on
3249 -- the base type or length checks on the subtype, depending on whether
3250 -- the target type is unconstrained or constrained.
3252 else
3257 ----------------------------------------------
3258 -- Apply_Universal_Integer_Attribute_Checks --
3259 ----------------------------------------------
3265 begin
3269 -- Nothing to do if checks are suppressed
3273 then
3276 -- Nothing to do if the attribute does not come from source. The
3277 -- internal attributes we generate of this type do not need checks,
3278 -- and furthermore the attempt to check them causes some circular
3279 -- elaboration orders when dealing with packed types.
3284 -- If the prefix is a selected component that depends on a discriminant
3285 -- the check may improperly expose a discriminant instead of using
3286 -- the bounds of the object itself. Set the type of the attribute to
3287 -- the base type of the context, so that a check will be imposed when
3288 -- needed (e.g. if the node appears as an index).
3293 then
3296 -- Otherwise, replace the attribute node with a type conversion node
3297 -- whose expression is the attribute, retyped to universal integer, and
3298 -- whose subtype mark is the target type. The call to analyze this
3299 -- conversion will set range and overflow checks as required for proper
3300 -- detection of an out of range value.
3302 else
3316 -------------------------------------
3317 -- Atomic_Synchronization_Disabled --
3318 -------------------------------------
3320 -- Note: internally Disable/Enable_Atomic_Synchronization is implemented
3321 -- using a bogus check called Atomic_Synchronization. This is to make it
3322 -- more convenient to get exactly the same semantics as [Un]Suppress.
3325 begin
3326 -- If debug flag d.e is set, always return False, i.e. all atomic sync
3327 -- looks enabled, since it is never disabled.
3332 -- If debug flag d.d is set then always return True, i.e. all atomic
3333 -- sync looks disabled, since it always tests True.
3338 -- If entity present, then check result for that entity
3343 -- Otherwise result depends on current scope setting
3345 else
3350 -------------------------------
3351 -- Build_Discriminant_Checks --
3352 -------------------------------
3354 function Build_Discriminant_Checks
3357 is
3367 ----------------------------------
3368 -- Aggregate_Discriminant_Value --
3369 ----------------------------------
3374 begin
3375 -- The aggregate has been normalized with named associations. We use
3376 -- the Chars field to locate the discriminant to take into account
3377 -- discriminants in derived types, which carry the same name as those
3378 -- in the parent.
3384 else
3389 -- Discriminant must have been found in the loop above
3394 -- Start of processing for Build_Discriminant_Checks
3396 begin
3397 -- Loop through discriminants evolving the condition
3402 -- For a fully private type, use the discriminants of the parent type
3406 then
3408 else
3417 then
3419 else
3423 -- If we have an Unchecked_Union node, we can infer the discriminants
3424 -- of the node.
3428 Get_Discriminant_Value (
3430 T_Typ,
3434 Dref :=
3435 Duplicate_Subexpr_No_Checks
3438 else
3439 Dref :=
3441 Prefix =>
3443 Selector_Name =>
3461 ------------------
3462 -- Check_Needed --
3463 ------------------
3472 begin
3473 -- Always check if not simple entity
3477 then
3481 -- Look up tree for short circuit
3484 loop
3488 -- Done if out of subexpression (note that we allow generated stuff
3489 -- such as itype declarations in this context, to keep the loop going
3490 -- since we may well have generated such stuff in complex situations.
3491 -- Also done if no parent (probably an error condition, but no point
3492 -- in behaving nasty if we find it!)
3496 then
3499 -- Or/Or Else case, where test is part of the right operand, or is
3500 -- part of one of the actions associated with the right operand, and
3501 -- the left operand is an equality test.
3509 or else
3514 -- Similar test for the And/And then case, where the left operand
3515 -- is an inequality test.
3523 or else
3532 -- If we fall through the loop, then we have a conditional with an
3533 -- appropriate test as its left operand. So test further.
3539 -- Left operand of test must match original variable
3543 then
3547 -- Right operand of test must be key value (zero or null)
3558 then
3566 -- Here we have the optimizable case, warn if not short-circuited
3571 Error_Msg_N
3575 Error_Msg_N
3584 Error_Msg_N -- CODEFIX
3586 else
3587 Error_Msg_N -- CODEFIX
3591 -- If not short-circuited, we need the check
3595 -- If short-circuited, we can omit the check
3597 else
3602 -----------------------------------
3603 -- Check_Valid_Lvalue_Subscripts --
3604 -----------------------------------
3607 begin
3608 -- Skip this if range checks are suppressed
3613 -- Only do this check for expressions that come from source. We assume
3614 -- that expander generated assignments explicitly include any necessary
3615 -- checks. Note that this is not just an optimization, it avoids
3616 -- infinite recursions!
3621 -- For a selected component, check the prefix
3627 -- Case of indexed component
3632 -- Prefix may itself be or contain an indexed component, and these
3633 -- subscripts need checking as well.
3639 ----------------------------------
3640 -- Null_Exclusion_Static_Checks --
3641 ----------------------------------
3650 begin
3651 pragma Assert
3660 else
3668 else
3690 -- Enforce legality rule 3.10 (13): A null exclusion can only be
3691 -- applied to an access [sub]type.
3694 Error_Msg_N
3697 -- Enforce legality rule RM 3.10(14/1): A null exclusion can only
3698 -- be applied to a [sub]type that does not exclude null already.
3702 then
3703 Error_Msg_NE
3709 -- Check that null-excluding objects are always initialized, except for
3710 -- deferred constants, for which the expression will appear in the full
3711 -- declaration.
3717 then
3718 -- Add an expression that assigns null. This node is needed by
3719 -- Apply_Compile_Time_Constraint_Error, which will replace this with
3720 -- a Constraint_Error node.
3725 Apply_Compile_Time_Constraint_Error
3727 Msg =>
3732 -- Check that a null-excluding component, formal or object is not being
3733 -- assigned a null value. Otherwise generate a warning message and
3734 -- replace Expression (N) by an N_Constraint_Error node.
3741 when N_Component_Declaration |
3742 N_Discriminant_Specification =>
3743 Apply_Compile_Time_Constraint_Error
3750 Apply_Compile_Time_Constraint_Error
3757 Apply_Compile_Time_Constraint_Error
3770 ----------------------------------
3771 -- Conditional_Statements_Begin --
3772 ----------------------------------
3775 begin
3778 -- If stack overflows, kill all checks, that way we know to simply reset
3779 -- the number of saved checks to zero on return. This should never occur
3780 -- in practice.
3783 Kill_All_Checks;
3785 -- In the normal case, we just make a new stack entry saving the current
3786 -- number of saved checks for a later restore.
3788 else
3793 Num_Saved_Checks);
3798 --------------------------------
3799 -- Conditional_Statements_End --
3800 --------------------------------
3803 begin
3806 -- If the saved checks stack overflowed, then we killed all checks, so
3807 -- setting the number of saved checks back to zero is correct. This
3808 -- should never occur in practice.
3813 -- In the normal case, restore the number of saved checks from the top
3814 -- stack entry.
3816 else
3820 Num_Saved_Checks);
3827 -------------------------
3828 -- Convert_From_Bignum --
3829 -------------------------
3834 begin
3837 -- Construct call From Bignum
3839 return
3841 Name =>
3846 -----------------------
3847 -- Convert_To_Bignum --
3848 -----------------------
3853 begin
3854 -- Nothing to do if Bignum already except call Relocate_Node
3859 -- Otherwise construct call to To_Bignum, converting the operand to the
3860 -- required Long_Long_Integer form.
3862 else
3864 return
3866 Name =>
3873 ---------------------
3874 -- Determine_Range --
3875 ---------------------
3879 -- Determine size of below cache (power of 2 is more efficient!)
3885 -- The above arrays are used to implement a small direct cache for
3886 -- Determine_Range calls. Because of the way Determine_Range recursively
3887 -- traces subexpressions, and because overflow checking calls the routine
3888 -- on the way up the tree, a quadratic behavior can otherwise be
3889 -- encountered in large expressions. The cache entry for node N is stored
3890 -- in the (N mod Cache_Size) entry, and can be validated by checking the
3891 -- actual node value stored there. The Range_Cache_V array records the
3892 -- setting of Assume_Valid for the cache entry.
3894 procedure Determine_Range
3900 is
3902 -- Type to use, may get reset to base type for possibly invalid entity
3906 -- Lo and Hi bounds of left operand
3910 -- Lo and Hi bounds of right (or only) operand
3913 -- Temp variable used to hold a bound node
3916 -- High bound of base type of expression
3920 -- Refined values for low and high bounds, after tightening
3923 -- Used in lower level calls to indicate if call succeeded
3926 -- Used to search cache
3929 -- Base type
3932 -- Used for binary operators. Determines the ranges of the left and
3933 -- right operands, and if they are both OK, returns True, and puts
3934 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left.
3936 -----------------
3937 -- OK_Operands --
3938 -----------------
3941 begin
3942 Determine_Range
3949 Determine_Range
3954 -- Start of processing for Determine_Range
3956 begin
3957 -- For temporary constants internally generated to remove side effects
3958 -- we must use the corresponding expression to determine the range of
3959 -- the expression.
3965 then
3966 Determine_Range
3971 -- Prevent junk warnings by initializing range variables
3978 -- If type is not defined, we can't determine its range
3982 -- We don't deal with anything except discrete types
3986 -- Ignore type for which an error has been posted, since range in
3987 -- this case may well be a bogosity deriving from the error. Also
3988 -- ignore if error posted on the reference node.
3991 then
3996 -- For all other cases, we can determine the range
4000 -- If value is compile time known, then the possible range is the one
4001 -- value that we know this expression definitely has!
4009 -- Return if already in the cache
4014 and then
4016 then
4022 -- Otherwise, start by finding the bounds of the type of the expression,
4023 -- the value cannot be outside this range (if it is, then we have an
4024 -- overflow situation, which is a separate check, we are talking here
4025 -- only about the expression value).
4027 -- First a check, never try to find the bounds of a generic type, since
4028 -- these bounds are always junk values, and it is only valid to look at
4029 -- the bounds in an instance.
4036 -- First step, change to use base type unless we know the value is valid
4039 or else Assume_No_Invalid_Values
4040 or else Assume_Valid
4041 then
4043 else
4047 -- Retrieve the base type. Handle the case where the base type is a
4048 -- private enumeration type.
4056 -- We use the actual bound unless it is dynamic, in which case use the
4057 -- corresponding base type bound if possible. If we can't get a bound
4058 -- then we figure we can't determine the range (a peculiar case, that
4059 -- perhaps cannot happen, but there is no point in bombing in this
4060 -- optimization circuit.
4062 -- First the low bound
4072 else
4077 -- Now the high bound
4081 -- We need the high bound of the base type later on, and this should
4082 -- always be compile time known. Again, it is not clear that this
4083 -- can ever be false, but no point in bombing.
4089 else
4094 -- If we have a static subtype, then that may have a tighter bound so
4095 -- use the upper bound of the subtype instead in this case.
4101 -- We may be able to refine this value in certain situations. If any
4102 -- refinement is possible, then Lor and Hir are set to possibly tighter
4103 -- bounds, and OK1 is set to True.
4107 -- For unary plus, result is limited by range of operand
4110 Determine_Range
4113 -- For unary minus, determine range of operand, and negate it
4116 Determine_Range
4124 -- For binary addition, get range of each operand and do the
4125 -- addition to get the result range.
4133 -- Division is tricky. The only case we consider is where the right
4134 -- operand is a positive constant, and in this case we simply divide
4135 -- the bounds of the left operand
4141 then
4145 else
4150 -- For binary subtraction, get range of each operand and do the worst
4151 -- case subtraction to get the result range.
4159 -- For MOD, if right operand is a positive constant, then result must
4160 -- be in the allowable range of mod results.
4166 then
4176 else
4181 -- For REM, if right operand is a positive constant, then result must
4182 -- be in the allowable range of mod results.
4188 then
4189 declare
4192 begin
4193 -- The sign of the result depends on the sign of the
4194 -- dividend (but not on the sign of the divisor, hence
4195 -- the abs operation above).
4199 else
4205 else
4210 else
4215 -- Attribute reference cases
4220 -- For Pos/Val attributes, we can refine the range using the
4221 -- possible range of values of the attribute expression.
4224 Determine_Range
4227 -- For Length attribute, use the bounds of the corresponding
4228 -- index type to refine the range.
4231 declare
4239 begin
4244 -- For string literal, we know exact value
4253 -- Otherwise check for expression given
4257 else
4258 Inum :=
4267 -- If the index type is a formal type or derived from
4268 -- one, the bounds are not static.
4275 Determine_Range
4277 Assume_Valid);
4280 Determine_Range
4282 Assume_Valid);
4286 -- The maximum value for Length is the biggest
4287 -- possible gap between the values of the bounds.
4288 -- But of course, this value cannot be negative.
4292 -- For constrained arrays, the minimum value for
4293 -- Length is taken from the actual value of the
4294 -- bounds, since the index will be exactly of this
4295 -- subtype.
4300 -- For an unconstrained array, the minimum value
4301 -- for length is always zero.
4303 else
4310 -- No special handling for other attributes
4311 -- Probably more opportunities exist here???
4318 -- For type conversion from one discrete type to another, we can
4319 -- refine the range using the converted value.
4324 -- Nothing special to do for all other expression kinds
4332 -- At this stage, if OK1 is true, then we know that the actual result of
4333 -- the computed expression is in the range Lor .. Hir. We can use this
4334 -- to restrict the possible range of results.
4338 -- If the refined value of the low bound is greater than the type
4339 -- high bound, then reset it to the more restrictive value. However,
4340 -- we do NOT do this for the case of a modular type where the
4341 -- possible upper bound on the value is above the base type high
4342 -- bound, because that means the result could wrap.
4346 then
4350 -- Similarly, if the refined value of the high bound is less than the
4351 -- value so far, then reset it to the more restrictive value. Again,
4352 -- we do not do this if the refined low bound is negative for a
4353 -- modular type, since this would wrap.
4357 then
4362 -- Set cache entry for future call and we are all done
4370 -- If any exception occurs, it means that we have some bug in the compiler,
4371 -- possibly triggered by a previous error, or by some unforeseen peculiar
4372 -- occurrence. However, this is only an optimization attempt, so there is
4373 -- really no point in crashing the compiler. Instead we just decide, too
4374 -- bad, we can't figure out a range in this case after all.
4376 exception
4379 -- Debug flag K disables this behavior (useful for debugging)
4383 else
4391 ------------------------------------
4392 -- Discriminant_Checks_Suppressed --
4393 ------------------------------------
4396 begin
4408 --------------------------------
4409 -- Division_Checks_Suppressed --
4410 --------------------------------
4413 begin
4416 else
4421 -----------------------------------
4422 -- Elaboration_Checks_Suppressed --
4423 -----------------------------------
4426 begin
4427 -- The complication in this routine is that if we are in the dynamic
4428 -- model of elaboration, we also check All_Checks, since All_Checks
4429 -- does not set Elaboration_Check explicitly.
4440 else
4450 else
4455 ---------------------------
4456 -- Enable_Overflow_Check --
4457 ---------------------------
4469 begin
4477 -- No check if overflow checks suppressed for type of node
4482 -- Nothing to do for unsigned integer types, which do not overflow
4488 -- This is the point at which processing for STRICT mode diverges
4489 -- from processing for MINIMIZED/ELIMINATED modes. This divergence is
4490 -- probably more extreme that it needs to be, but what is going on here
4491 -- is that when we introduced MINIMIZED/ELIMINATED modes, we wanted
4492 -- to leave the processing for STRICT mode untouched. There were
4493 -- two reasons for this. First it avoided any incompatible change of
4494 -- behavior. Second, it guaranteed that STRICT mode continued to be
4495 -- legacy reliable.
4497 -- The big difference is that in STRICT mode there is a fair amount of
4498 -- circuitry to try to avoid setting the Do_Overflow_Check flag if we
4499 -- know that no check is needed. We skip all that in the two new modes,
4500 -- since really overflow checking happens over a whole subtree, and we
4501 -- do the corresponding optimizations later on when applying the checks.
4507 then
4518 -- Remainder of processing is for STRICT case, and is unchanged from
4519 -- earlier versions preceding the addition of MINIMIZED/ELIMINATED.
4521 -- Nothing to do if the range of the result is known OK. We skip this
4522 -- for conversions, since the caller already did the check, and in any
4523 -- case the condition for deleting the check for a type conversion is
4524 -- different.
4529 -- Note in the test below that we assume that the range is not OK
4530 -- if a bound of the range is equal to that of the type. That's not
4531 -- quite accurate but we do this for the following reasons:
4533 -- a) The way that Determine_Range works, it will typically report
4534 -- the bounds of the value as being equal to the bounds of the
4535 -- type, because it either can't tell anything more precise, or
4536 -- does not think it is worth the effort to be more precise.
4538 -- b) It is very unusual to have a situation in which this would
4539 -- generate an unnecessary overflow check (an example would be
4540 -- a subtype with a range 0 .. Integer'Last - 1 to which the
4541 -- literal value one is added).
4543 -- c) The alternative is a lot of special casing in this routine
4544 -- which would partially duplicate Determine_Range processing.
4546 if OK
4549 then
4558 -- If not in optimizing mode, set flag and we are done. We are also done
4559 -- (and just set the flag) if the type is not a discrete type, since it
4560 -- is not worth the effort to eliminate checks for other than discrete
4561 -- types. In addition, we take this same path if we have stored the
4562 -- maximum number of checks possible already (a very unlikely situation,
4563 -- but we do not want to blow up!)
4568 then
4578 -- Otherwise evaluate and check the expression
4580 Find_Check
4601 -- If check is not of form to optimize, then set flag and we are done
4608 -- If check is already performed, then return without setting flag
4618 -- Here we will make a new entry for the new check
4638 -- If we get an exception, then something went wrong, probably because of
4639 -- an error in the structure of the tree due to an incorrect program. Or it
4640 -- may be a bug in the optimization circuit. In either case the safest
4641 -- thing is simply to set the check flag unconditionally.
4643 exception
4654 ------------------------
4655 -- Enable_Range_Check --
4656 ------------------------
4666 begin
4667 -- Return if unchecked type conversion with range check killed. In this
4668 -- case we never set the flag (that's what Kill_Range_Check is about!)
4672 then
4676 -- Do not set range check flag if parent is assignment statement or
4677 -- object declaration with Suppress_Assignment_Checks flag set
4681 then
4685 -- Check for various cases where we should suppress the range check
4687 -- No check if range checks suppressed for type of node
4691 then
4694 -- No check if node is an entity name, and range checks are suppressed
4695 -- for this entity, or for the type of this entity.
4700 then
4703 -- No checks if index of array, and index checks are suppressed for
4704 -- the array object or the type of the array.
4707 declare
4709 begin
4712 then
4720 -- Debug trace output
4729 -- If not in optimizing mode, set flag and we are done. We are also done
4730 -- (and just set the flag) if the type is not a discrete type, since it
4731 -- is not worth the effort to eliminate checks for other than discrete
4732 -- types. In addition, we take this same path if we have stored the
4733 -- maximum number of checks possible already (a very unlikely situation,
4734 -- but we do not want to blow up!)
4740 then
4750 -- Otherwise find out the target type
4754 -- For assignment, use left side subtype
4758 then
4761 -- For indexed component, use subscript subtype
4764 declare
4769 begin
4775 -- If the prefix is an access to an unconstrained array,
4776 -- perform check unconditionally: it depends on the bounds of
4777 -- an object and we cannot currently recognize whether the test
4778 -- may be redundant.
4785 -- Ditto if the prefix is an explicit dereference whose designated
4786 -- type is unconstrained.
4790 then
4797 loop
4808 -- For now, ignore all other cases, they are not so interesting
4810 else
4819 -- Evaluate and check the expression
4821 Find_Check
4843 -- If check is not of form to optimize, then set flag and we are done
4854 -- If check is already performed, then return without setting flag
4864 -- Here we will make a new entry for the new check
4885 -- If we get an exception, then something went wrong, probably because of
4886 -- an error in the structure of the tree due to an incorrect program. Or
4887 -- it may be a bug in the optimization circuit. In either case the safest
4888 -- thing is simply to set the check flag unconditionally.
4890 exception
4901 ------------------
4902 -- Ensure_Valid --
4903 ------------------
4908 begin
4909 -- Ignore call if we are not doing any validity checking
4914 -- Ignore call if range or validity checks suppressed on entity or type
4919 -- No check required if expression is from the expander, we assume the
4920 -- expander will generate whatever checks are needed. Note that this is
4921 -- not just an optimization, it avoids infinite recursions!
4923 -- Unchecked conversions must be checked, unless they are initialized
4924 -- scalar values, as in a component assignment in an init proc.
4926 -- In addition, we force a check if Force_Validity_Checks is set
4929 and then not Force_Validity_Checks
4932 then
4935 -- No check required if expression is known to have valid value
4940 -- Ignore case of enumeration with holes where the flag is set not to
4941 -- worry about holes, since no special validity check is needed
4945 and then Holes_OK
4946 then
4949 -- No check required on the left-hand side of an assignment
4953 then
4956 -- No check on a universal real constant. The context will eventually
4957 -- convert it to a machine number for some target type, or report an
4958 -- illegality.
4962 then
4965 -- If the expression denotes a component of a packed boolean array,
4966 -- no possible check applies. We ignore the old ACATS chestnuts that
4967 -- involve Boolean range True..True.
4969 -- Note: validity checks are generated for expressions that yield a
4970 -- scalar type, when it is possible to create a value that is outside of
4971 -- the type. If this is a one-bit boolean no such value exists. This is
4972 -- an optimization, and it also prevents compiler blowing up during the
4973 -- elaboration of improperly expanded packed array references.
4978 then
4981 -- An annoying special case. If this is an out parameter of a scalar
4982 -- type, then the value is not going to be accessed, therefore it is
4983 -- inappropriate to do any validity check at the call site.
4985 else
4986 -- Only need to worry about scalar types
4989 declare
4997 begin
4998 -- Find actual argument (which may be a parameter association)
4999 -- and the parent of the actual argument (the call statement)
5009 -- Only need to worry if we are argument of a procedure call
5010 -- since functions don't have out parameters. If this is an
5011 -- indirect or dispatching call, get signature from the
5012 -- subprogram type.
5019 else
5024 -- Only need to worry if there are indeed actuals, and if
5025 -- this could be a procedure call, otherwise we cannot get a
5026 -- match (either we are not an argument, or the mode of the
5027 -- formal is not OUT). This test also filters out the
5028 -- generic case.
5032 then
5033 -- This is the loop through parameters, looking for an
5034 -- OUT parameter for which we are the argument.
5052 -- If this is a boolean expression, only its elementary operands need
5053 -- checking: if they are valid, a boolean or short-circuit operation
5054 -- with them will be valid as well.
5057 and then
5059 then
5063 -- If we fall through, a validity check is required
5069 then
5074 ----------------------
5075 -- Expr_Known_Valid --
5076 ----------------------
5081 begin
5082 -- Non-scalar types are always considered valid, since they never give
5083 -- rise to the issues of erroneous or bounded error behavior that are
5084 -- the concern. In formal reference manual terms the notion of validity
5085 -- only applies to scalar types. Note that even when packed arrays are
5086 -- represented using modular types, they are still arrays semantically,
5087 -- so they are also always valid (in particular, the unused bits can be
5088 -- random rubbish without affecting the validity of the array value).
5093 -- If no validity checking, then everything is considered valid
5098 -- Floating-point types are considered valid unless floating-point
5099 -- validity checks have been specifically turned on.
5102 and then not Validity_Check_Floating_Point
5103 then
5106 -- If the expression is the value of an object that is known to be
5107 -- valid, then clearly the expression value itself is valid.
5111 then
5114 -- References to discriminants are always considered valid. The value
5115 -- of a discriminant gets checked when the object is built. Within the
5116 -- record, we consider it valid, and it is important to do so, since
5117 -- otherwise we can try to generate bogus validity checks which
5118 -- reference discriminants out of scope. Discriminants of concurrent
5119 -- types are excluded for the same reason.
5123 then
5126 -- If the type is one for which all values are known valid, then we are
5127 -- sure that the value is valid except in the slightly odd case where
5128 -- the expression is a reference to a variable whose size has been
5129 -- explicitly set to a value greater than the object size.
5135 then
5137 else
5141 -- Integer and character literals always have valid values, where
5142 -- appropriate these will be range checked in any case.
5145 or else
5147 then
5150 -- Real literals are assumed to be valid in VM targets
5154 then
5157 -- If we have a type conversion or a qualification of a known valid
5158 -- value, then the result will always be valid.
5161 or else
5163 then
5166 -- The result of any operator is always considered valid, since we
5167 -- assume the necessary checks are done by the operator. For operators
5168 -- on floating-point operations, we must also check when the operation
5169 -- is the right-hand side of an assignment, or is an actual in a call.
5173 and then Validity_Check_Floating_Point
5174 and then
5178 then
5180 else
5184 -- The result of a membership test is always valid, since it is true or
5185 -- false, there are no other possibilities.
5190 -- For all other cases, we do not know the expression is valid
5192 else
5197 ----------------
5198 -- Find_Check --
5199 ----------------
5201 procedure Find_Check
5209 is
5210 function Within_Range_Of
5213 -- Given a requirement for checking a range against Target_Type, and
5214 -- and a range Check_Type against which a check has already been made,
5215 -- determines if the check against check type is sufficient to ensure
5216 -- that no check against Target_Type is required.
5218 ---------------------
5219 -- Within_Range_Of --
5220 ---------------------
5222 function Within_Range_Of
5225 is
5226 begin
5230 else
5231 declare
5237 begin
5240 and then
5242 and then
5244 and then
5247 and then
5249 and then
5251 then
5253 else
5260 -- Start of processing for Find_Check
5262 begin
5263 -- Establish default, in case no entry is found
5267 -- Case of expression is simple entity reference
5273 -- Case of expression is entity + known constant
5278 then
5282 -- Case of expression is entity - known constant
5287 then
5291 -- Any other expression is not of the right form
5293 else
5300 -- Come here with expression of appropriate form, check if entity is an
5301 -- appropriate one for our purposes.
5306 then
5308 else
5313 -- See if there is matching check already
5316 declare
5319 begin
5325 then
5332 -- If we fall through entry was not found
5337 ---------------------------------
5338 -- Generate_Discriminant_Check --
5339 ---------------------------------
5341 -- Note: the code for this procedure is derived from the
5342 -- Emit_Discriminant_Check Routine in trans.c.
5351 -- The original component to be checked
5355 -- The discriminant checking function
5358 -- One discriminant to be checked in the type
5361 -- Actual discriminant in the call
5364 -- Type of relevant prefix (ignoring private/access stuff)
5367 -- List of arguments for function call
5370 -- Keep track of the formal corresponding to the actual we build for
5371 -- each discriminant, in order to be able to perform the necessary type
5372 -- conversions.
5375 -- Selected component reference for checking function argument
5377 begin
5380 -- Force evaluation of the prefix, so that it does not get evaluated
5381 -- twice (once for the check, once for the actual reference). Such a
5382 -- double evaluation is always a potential source of inefficiency,
5383 -- and is functionally incorrect in the volatile case, or when the
5384 -- prefix may have side-effects. An entity or a component of an
5385 -- entity requires no evaluation.
5397 then
5400 else
5404 -- For a tagged type, use the scope of the original component to
5405 -- obtain the type, because ???
5410 -- For an untagged derived type, use the discriminants of the parent
5411 -- which have been renamed in the derivation, possibly by a one-to-many
5412 -- discriminant constraint. For non-tagged type, initially get the Etype
5413 -- of the prefix
5415 else
5419 then
5424 -- We definitely should have a checking function, This routine should
5425 -- not be called if no discriminant checking function is present.
5429 -- Create the list of the actual parameters for the call. This list
5430 -- is the list of the discriminant fields of the record expression to
5431 -- be discriminant checked.
5438 -- If we have a corresponding discriminant field, and a parent
5439 -- subtype is present, then we want to use the corresponding
5440 -- discriminant since this is the one with the useful value.
5445 then
5447 else
5451 -- Construct the reference to the discriminant
5453 Scomp :=
5455 Prefix =>
5460 -- Manually analyze and resolve this selected component. We really
5461 -- want it just as it appears above, and do not want the expander
5462 -- playing discriminal games etc with this reference. Then we append
5463 -- the argument to the list we are gathering.
5473 -- Now build and insert the call
5477 Condition =>
5484 ---------------------------
5485 -- Generate_Index_Checks --
5486 ---------------------------
5491 -- Returns the entity of the prefix of N (or Empty if not found)
5493 ----------------------
5494 -- Entity_Of_Prefix --
5495 ----------------------
5500 begin
5504 N_Indexed_Component)
5505 then
5515 -- Local variables
5522 -- Start of processing for Generate_Index_Checks
5524 begin
5525 -- Ignore call if the prefix is not an array since we have a serious
5526 -- error in the sources. Ignore it also if index checks are suppressed
5527 -- for array object or type.
5533 then
5536 -- The indexed component we are dealing with contains 'Loop_Entry in its
5537 -- prefix. This case arises when analysis has determined that constructs
5538 -- such as
5540 -- Prefix'Loop_Entry (Expr)
5541 -- Prefix'Loop_Entry (Expr1, Expr2, ... ExprN)
5543 -- require rewriting for error detection purposes. A side effect of this
5544 -- action is the generation of index checks that mention 'Loop_Entry.
5545 -- Delay the generation of the check until 'Loop_Entry has been properly
5546 -- expanded. This is done in Expand_Loop_Entry_Attributes.
5550 then
5554 -- Generate a raise of constraint error with the appropriate reason and
5555 -- a condition of the form:
5557 -- Base_Type (Sub) not in Array'Range (Subscript)
5559 -- Note that the reason we generate the conversion to the base type here
5560 -- is that we definitely want the range check to take place, even if it
5561 -- looks like the subtype is OK. Optimization considerations that allow
5562 -- us to omit the check have already been taken into account in the
5563 -- setting of the Do_Range_Check flag earlier on.
5567 -- Handle string literals
5573 -- For string literals we obtain the bounds of the string from the
5574 -- associated subtype.
5578 Condition =>
5580 Left_Opnd =>
5583 Right_Opnd =>
5590 -- General case
5592 else
5593 declare
5600 begin
5607 -- Force evaluation except for the case of a simple name of
5608 -- a non-volatile entity.
5612 then
5621 then
5628 -- For array objects with constant bounds we can generate
5629 -- the index check using the bounds of the type of the index
5635 then
5636 Range_N :=
5638 Prefix =>
5642 -- For arrays with non-constant bounds we cannot generate
5643 -- the index check using the bounds of the type of the index
5644 -- since it may reference discriminants of some enclosing
5645 -- type. We obtain the bounds directly from the prefix
5646 -- object.
5648 else
5651 else
5655 Range_N :=
5657 Prefix =>
5665 Condition =>
5667 Left_Opnd =>
5682 --------------------------
5683 -- Generate_Range_Check --
5684 --------------------------
5686 procedure Generate_Range_Check
5690 is
5696 begin
5697 -- First special case, if the source type is already within the range
5698 -- of the target type, then no check is needed (probably we should have
5699 -- stopped Do_Range_Check from being set in the first place, but better
5700 -- late than never in preventing junk code!
5704 -- We do NOT apply this if the source node is a literal, since in this
5705 -- case the literal has already been labeled as having the subtype of
5706 -- the target.
5708 and then not
5710 or else
5714 -- Also do not apply this for floating-point if Check_Float_Overflow
5716 and then not
5718 then
5722 -- We need a check, so force evaluation of the node, so that it does
5723 -- not get evaluated twice (once for the check, once for the actual
5724 -- reference). Such a double evaluation is always a potential source
5725 -- of inefficiency, and is functionally incorrect in the volatile case.
5731 -- The easiest case is when Source_Base_Type and Target_Base_Type are
5732 -- the same since in this case we can simply do a direct check of the
5733 -- value of N against the bounds of Target_Type.
5735 -- [constraint_error when N not in Target_Type]
5737 -- Note: this is by far the most common case, for example all cases of
5738 -- checks on the RHS of assignments are in this category, but not all
5739 -- cases are like this. Notably conversions can involve two types.
5744 Condition =>
5750 -- Next test for the case where the target type is within the bounds
5751 -- of the base type of the source type, since in this case we can
5752 -- simply convert these bounds to the base type of T to do the test.
5754 -- [constraint_error when N not in
5755 -- Source_Base_Type (Target_Type'First)
5756 -- ..
5757 -- Source_Base_Type(Target_Type'Last))]
5759 -- The conversions will always work and need no check
5761 -- Unchecked_Convert_To is used instead of Convert_To to handle the case
5762 -- of converting from an enumeration value to an integer type, such as
5763 -- occurs for the case of generating a range check on Enum'Val(Exp)
5764 -- (which used to be handled by gigi). This is OK, since the conversion
5765 -- itself does not require a check.
5770 Condition =>
5774 Right_Opnd =>
5776 Low_Bound =>
5779 Prefix =>
5783 High_Bound =>
5786 Prefix =>
5791 -- Note that at this stage we now that the Target_Base_Type is not in
5792 -- the range of the Source_Base_Type (since even the Target_Type itself
5793 -- is not in this range). It could still be the case that Source_Type is
5794 -- in range of the target base type since we have not checked that case.
5796 -- If that is the case, we can freely convert the source to the target,
5797 -- and then test the target result against the bounds.
5801 -- We make a temporary to hold the value of the converted value
5802 -- (converted to the base type), and then we will do the test against
5803 -- this temporary.
5805 -- Tnn : constant Target_Base_Type := Target_Base_Type (N);
5806 -- [constraint_error when Tnn not in Target_Type]
5808 -- Then the conversion itself is replaced by an occurrence of Tnn
5810 declare
5813 begin
5817 Object_Definition =>
5820 Expression =>
5826 Condition =>
5835 -- Set the type of N, because the declaration for Tnn might not
5836 -- be analyzed yet, as is the case if N appears within a record
5837 -- declaration, as a discriminant constraint or expression.
5842 -- At this stage, we know that we have two scalar types, which are
5843 -- directly convertible, and where neither scalar type has a base
5844 -- range that is in the range of the other scalar type.
5846 -- The only way this can happen is with a signed and unsigned type.
5847 -- So test for these two cases:
5849 else
5850 -- Case of the source is unsigned and the target is signed
5854 then
5855 -- If the source is unsigned and the target is signed, then we
5856 -- know that the source is not shorter than the target (otherwise
5857 -- the source base type would be in the target base type range).
5859 -- In other words, the unsigned type is either the same size as
5860 -- the target, or it is larger. It cannot be smaller.
5862 pragma Assert
5865 -- We only need to check the low bound if the low bound of the
5866 -- target type is non-negative. If the low bound of the target
5867 -- type is negative, then we know that we will fit fine.
5869 -- If the high bound of the target type is negative, then we
5870 -- know we have a constraint error, since we can't possibly
5871 -- have a negative source.
5873 -- With these two checks out of the way, we can do the check
5874 -- using the source type safely
5876 -- This is definitely the most annoying case!
5878 -- [constraint_error
5879 -- when (Target_Type'First >= 0
5880 -- and then
5881 -- N < Source_Base_Type (Target_Type'First))
5882 -- or else Target_Type'Last < 0
5883 -- or else N > Source_Base_Type (Target_Type'Last)];
5885 -- We turn off all checks since we know that the conversions
5886 -- will work fine, given the guards for negative values.
5890 Condition =>
5893 Left_Opnd =>
5896 Left_Opnd =>
5898 Prefix =>
5903 Right_Opnd =>
5906 Right_Opnd =>
5909 Prefix =>
5913 Right_Opnd =>
5915 Left_Opnd =>
5921 Right_Opnd =>
5924 Right_Opnd =>
5933 -- Only remaining possibility is that the source is signed and
5934 -- the target is unsigned.
5936 else
5940 -- If the source is signed and the target is unsigned, then we
5941 -- know that the target is not shorter than the source (otherwise
5942 -- the target base type would be in the source base type range).
5944 -- In other words, the unsigned type is either the same size as
5945 -- the target, or it is larger. It cannot be smaller.
5947 -- Clearly we have an error if the source value is negative since
5948 -- no unsigned type can have negative values. If the source type
5949 -- is non-negative, then the check can be done using the target
5950 -- type.
5952 -- Tnn : constant Target_Base_Type (N) := Target_Type;
5954 -- [constraint_error
5955 -- when N < 0 or else Tnn not in Target_Type];
5957 -- We turn off all checks for the conversion of N to the target
5958 -- base type, since we generate the explicit check to ensure that
5959 -- the value is non-negative
5961 declare
5964 begin
5968 Object_Definition =>
5971 Expression =>
5973 Subtype_Mark =>
5978 Condition =>
5980 Left_Opnd =>
5985 Right_Opnd =>
5988 Right_Opnd =>
5994 -- Set the Etype explicitly, because Insert_Actions may have
5995 -- placed the declaration in the freeze list for an enclosing
5996 -- construct, and thus it is not analyzed yet.
6005 ------------------
6006 -- Get_Check_Id --
6007 ------------------
6010 begin
6011 -- For standard check name, we can do a direct computation
6016 -- For non-standard names added by pragma Check_Name, search table
6018 else
6026 -- No matching name found
6031 ---------------------
6032 -- Get_Discriminal --
6033 ---------------------
6040 begin
6041 -- The bound can be a bona fide parameter of a protected operation,
6042 -- rather than a prival encoded as an in-parameter.
6048 -- Climb the scope stack looking for an enclosing protected type. If
6049 -- we run out of scopes, return the bound itself.
6075 ----------------------
6076 -- Get_Range_Checks --
6077 ----------------------
6079 function Get_Range_Checks
6084 is
6085 begin
6086 return Selected_Range_Checks
6090 ------------------
6091 -- Guard_Access --
6092 ------------------
6094 function Guard_Access
6098 is
6099 begin
6106 else
6107 return
6109 Left_Opnd =>
6117 -----------------------------
6118 -- Index_Checks_Suppressed --
6119 -----------------------------
6122 begin
6125 else
6130 ----------------
6131 -- Initialize --
6132 ----------------
6135 begin
6147 -------------------------
6148 -- Insert_Range_Checks --
6149 -------------------------
6151 procedure Insert_Range_Checks
6158 is
6167 begin
6168 -- For now we just return if Checks_On is false, however this should be
6169 -- enhanced to check for an always True value in the condition and to
6170 -- generate a compilation warning???
6189 then
6196 else
6203 else
6204 Check_Node :=
6211 else
6218 ------------------------
6219 -- Insert_Valid_Check --
6220 ------------------------
6226 begin
6227 -- Do not insert if checks off, or if not checking validity or
6228 -- if expression is known to be valid
6230 if not Validity_Checks_On
6233 then
6237 -- If we have a checked conversion, then validity check applies to
6238 -- the expression inside the conversion, not the result, since if
6239 -- the expression inside is valid, then so is the conversion result.
6246 -- We are about to insert the validity check for Exp. We save and
6247 -- reset the Do_Range_Check flag over this validity check, and then
6248 -- put it back for the final original reference (Exp may be rewritten).
6250 declare
6255 begin
6258 -- Force evaluation to avoid multiple reads for atomic/volatile
6262 then
6266 -- Build the prefix for the 'Valid call
6270 -- A rather specialized kludge. If PV is an analyzed expression
6271 -- which is an indexed component of a packed array that has not
6272 -- been properly expanded, turn off its Analyzed flag to make sure
6273 -- it gets properly reexpanded.
6275 -- The reason this arises is that Duplicate_Subexpr_No_Checks did
6276 -- an analyze with the old parent pointer. This may point e.g. to
6277 -- a subprogram call, which deactivates this expansion.
6282 then
6286 -- Build the raise CE node to check for validity
6288 CE :=
6290 Condition =>
6292 Right_Opnd =>
6298 -- Insert the validity check. Note that we do this with validity
6299 -- checks turned off, to avoid recursion, we do not want validity
6300 -- checks on the validity checking code itself!
6304 -- If the expression is a reference to an element of a bit-packed
6305 -- array, then it is rewritten as a renaming declaration. If the
6306 -- expression is an actual in a call, it has not been expanded,
6307 -- waiting for the proper point at which to do it. The same happens
6308 -- with renamings, so that we have to force the expansion now. This
6309 -- non-local complication is due to code in exp_ch2,adb, exp_ch4.adb
6310 -- and exp_ch6.adb.
6314 N_Object_Renaming_Declaration
6315 then
6316 declare
6318 begin
6321 then
6327 -- Put back the Do_Range_Check flag on the resulting (possibly
6328 -- rewritten) expression.
6330 -- Note: it might be thought that a validity check is not required
6331 -- when a range check is present, but that's not the case, because
6332 -- the back end is allowed to assume for the range check that the
6333 -- operand is within its declared range (an assumption that validity
6334 -- checking is all about NOT assuming!)
6336 -- Note: no need to worry about Possible_Local_Raise here, it will
6337 -- already have been called if original node has Do_Range_Check set.
6343 -------------------------------------
6344 -- Is_Signed_Integer_Arithmetic_Op --
6345 -------------------------------------
6348 begin
6350 when N_Op_Abs | N_Op_Add | N_Op_Divide | N_Op_Expon |
6351 N_Op_Minus | N_Op_Mod | N_Op_Multiply | N_Op_Plus |
6352 N_Op_Rem | N_Op_Subtract =>
6363 ----------------------------------
6364 -- Install_Null_Excluding_Check --
6365 ----------------------------------
6372 -- Determines if it is safe to capture Known_Non_Null status for an
6373 -- the entity referenced by node N. The caller ensures that N is indeed
6374 -- an entity name. It is safe to capture the non-null status for an IN
6375 -- parameter when the reference occurs within a declaration that is sure
6376 -- to be executed as part of the declarative region.
6379 -- After installation of check, if the node in question is an entity
6380 -- name, then mark this entity as non-null if possible.
6387 begin
6392 -- Two initial context checks. We must be inside a subprogram body
6393 -- with declarations and reference must not appear in nested scopes.
6397 then
6405 then
6409 declare
6413 begin
6414 -- Retrieve the declaration node of N (if any). Note that N
6415 -- may be a part of a complex initialization expression.
6421 -- If we have a short circuit form, and we are within the right
6422 -- hand expression, we return false, since the right hand side
6423 -- is not guaranteed to be elaborated.
6427 then
6431 -- Similarly, if we are in an if expression and not part of the
6432 -- condition, then we return False, since neither the THEN or
6433 -- ELSE dependent expressions will always be elaborated.
6437 then
6441 -- If we are in a case expression, and not part of the
6442 -- expression, then we return False, since a particular
6443 -- dependent expression may not always be elaborated
6447 then
6451 -- While traversing the parent chain, we find that N
6452 -- belongs to a statement, thus it may never appear in
6453 -- a declarative region.
6457 then
6461 -- If we are at a declaration, record it and exit
6465 then
6481 -------------------
6482 -- Mark_Non_Null --
6483 -------------------
6486 begin
6487 -- Only case of interest is if node N is an entity name
6491 -- For sure, we want to clear an indication that this is known to
6492 -- be null, since if we get past this check, it definitely is not!
6496 -- We can mark the entity as known to be non-null if either it is
6497 -- safe to capture the value, or in the case of an IN parameter,
6498 -- which is a constant, if the check we just installed is in the
6499 -- declarative region of the subprogram body. In this latter case,
6500 -- a check is decisive for the rest of the body if the expression
6501 -- is sure to be elaborated, since we know we have to elaborate
6502 -- all declarations before executing the body.
6504 -- Couldn't this always be part of Safe_To_Capture_Value ???
6507 or else Safe_To_Capture_In_Parameter_Value
6508 then
6514 -- Start of processing for Install_Null_Excluding_Check
6516 begin
6519 -- No check inside a generic (why not???)
6525 -- No check needed if known to be non-null
6531 -- If known to be null, here is where we generate a compile time check
6535 -- Avoid generating warning message inside init procs
6538 Apply_Compile_Time_Constraint_Error
6541 CE_Access_Check_Failed);
6542 else
6548 Mark_Non_Null;
6552 -- If entity is never assigned, for sure a warning is appropriate
6558 -- No check needed if checks are suppressed on the range. Note that we
6559 -- don't set Is_Known_Non_Null in this case (we could legitimately do
6560 -- so, since the program is erroneous, but we don't like to casually
6561 -- propagate such conclusions from erroneosity).
6567 -- No check needed for access to concurrent record types generated by
6568 -- the expander. This is not just an optimization (though it does indeed
6569 -- remove junk checks). It also avoids generation of junk warnings.
6573 and then Is_Concurrent_Record_Type
6575 then
6579 -- No check needed for the Get_Current_Excep.all.all idiom generated by
6580 -- the expander within exception handlers, since we know that the value
6581 -- can never be null.
6583 -- Is this really the right way to do this? Normally we generate such
6584 -- code in the expander with checks off, and that's how we suppress this
6585 -- kind of junk check ???
6591 then
6595 -- Otherwise install access check
6599 Condition =>
6605 Mark_Non_Null;
6608 --------------------------
6609 -- Install_Static_Check --
6610 --------------------------
6616 begin
6625 -- Now deal with possible local raise handling
6630 -------------------------
6631 -- Is_Check_Suppressed --
6632 -------------------------
6637 begin
6638 -- First search the local entity suppress stack. We search this from the
6639 -- top of the stack down so that we get the innermost entry that applies
6640 -- to this case if there are nested entries.
6646 then
6653 -- Now search the global entity suppress table for a matching entry.
6654 -- We also search this from the top down so that if there are multiple
6655 -- pragmas for the same entity, the last one applies (not clear what
6656 -- or whether the RM specifies this handling, but it seems reasonable).
6662 then
6669 -- If we did not find a matching entry, then use the normal scope
6670 -- suppress value after all (actually this will be the global setting
6671 -- since it clearly was not overridden at any point). For a predefined
6672 -- check, we test the specific flag. For a user defined check, we check
6673 -- the All_Checks flag. The Overflow flag requires special handling to
6674 -- deal with the General vs Assertion case
6680 else
6685 ---------------------
6686 -- Kill_All_Checks --
6687 ---------------------
6690 begin
6695 -- We reset the number of saved checks to zero, and also modify all
6696 -- stack entries for statement ranges to indicate that the number of
6697 -- checks at each level is now zero.
6701 -- Note: the Int'Min here avoids any possibility of J being out of
6702 -- range when called from e.g. Conditional_Statements_Begin.
6709 -----------------
6710 -- Kill_Checks --
6711 -----------------
6714 begin
6730 ------------------------------
6731 -- Length_Checks_Suppressed --
6732 ------------------------------
6735 begin
6738 else
6743 -----------------------
6744 -- Make_Bignum_Block --
6745 -----------------------
6750 begin
6751 return
6756 Object_Definition =>
6758 Expression =>
6762 Handled_Statement_Sequence =>
6771 ----------------------------------
6772 -- Minimize_Eliminate_Overflows --
6773 ----------------------------------
6775 -- This is a recursive routine that is called at the top of an expression
6776 -- tree to properly process overflow checking for a whole subtree by making
6777 -- recursive calls to process operands. This processing may involve the use
6778 -- of bignum or long long integer arithmetic, which will change the types
6779 -- of operands and results. That's why we can't do this bottom up (since
6780 -- it would interfere with semantic analysis).
6782 -- What happens is that if MINIMIZED/ELIMINATED mode is in effect then
6783 -- the operator expansion routines, as well as the expansion routines for
6784 -- if/case expression, do nothing (for the moment) except call the routine
6785 -- to apply the overflow check (Apply_Arithmetic_Overflow_Check). That
6786 -- routine does nothing for non top-level nodes, so at the point where the
6787 -- call is made for the top level node, the entire expression subtree has
6788 -- not been expanded, or processed for overflow. All that has to happen as
6789 -- a result of the top level call to this routine.
6791 -- As noted above, the overflow processing works by making recursive calls
6792 -- for the operands, and figuring out what to do, based on the processing
6793 -- of these operands (e.g. if a bignum operand appears, the parent op has
6794 -- to be done in bignum mode), and the determined ranges of the operands.
6796 -- After possible rewriting of a constituent subexpression node, a call is
6797 -- made to either reexpand the node (if nothing has changed) or reanalyze
6798 -- the node (if it has been modified by the overflow check processing). The
6799 -- Analyzed_Flag is set to False before the reexpand/reanalyze. To avoid
6800 -- a recursive call into the whole overflow apparatus, an important rule
6801 -- for this call is that the overflow handling mode must be temporarily set
6802 -- to STRICT.
6804 procedure Minimize_Eliminate_Overflows
6809 is
6812 -- Result type, must be a signed integer type
6820 -- Ranges of values for right operand (operator case)
6823 -- Ranges of values for left operand (operator case)
6826 -- Operands and results are of this type when we convert
6830 -- Bounds of Long_Long_Integer
6833 -- Indicates binary operator case
6836 -- Used in call to Determine_Range
6839 -- Set True if one or more operands is already of type Bignum, meaning
6840 -- that for sure (regardless of Top_Level setting) we are committed to
6841 -- doing the operation in Bignum mode (or in the case of a case or if
6842 -- expression, converting all the dependent expressions to Bignum).
6845 -- Set True if one or more operands is already of type Long_Long_Integer
6846 -- which means that if the result is known to be in the result type
6847 -- range, then we must convert such operands back to the result type.
6850 -- This is called when we have modified the node and we therefore need
6851 -- to reanalyze it. It is important that we reset the mode to STRICT for
6852 -- this reanalysis, since if we leave it in MINIMIZED or ELIMINATED mode
6853 -- we would reenter this routine recursively which would not be good!
6854 -- The argument Suppress is set True if we also want to suppress
6855 -- overflow checking for the reexpansion (this is set when we know
6856 -- overflow is not possible). Typ is the type for the reanalysis.
6859 -- This is like Reanalyze, but does not do the Analyze step, it only
6860 -- does a reexpansion. We do this reexpansion in STRICT mode, so that
6861 -- instead of reentering the MINIMIZED/ELIMINATED mode processing, we
6862 -- follow the normal expansion path (e.g. converting A**4 to A**2**2).
6863 -- Note that skipping reanalysis is not just an optimization, testing
6864 -- has showed up several complex cases in which reanalyzing an already
6865 -- analyzed node causes incorrect behavior.
6868 -- Returns True iff Lo .. Hi are within range of the result type
6871 -- If A is No_Uint, sets A to B, else to UI_Max (A, B)
6874 -- If A is No_Uint, sets A to B, else to UI_Min (A, B)
6876 ---------------------
6877 -- In_Result_Range --
6878 ---------------------
6881 begin
6887 and then
6890 else
6892 and then
6897 ---------
6898 -- Max --
6899 ---------
6902 begin
6908 ---------
6909 -- Min --
6910 ---------
6913 begin
6919 ---------------
6920 -- Reanalyze --
6921 ---------------
6931 begin
6946 --------------
6947 -- Reexpand --
6948 --------------
6958 begin
6974 -- Start of processing for Minimize_Eliminate_Overflows
6976 begin
6977 -- Case where we do not have a signed integer arithmetic operation
6981 -- Use the normal Determine_Range routine to get the range. We
6982 -- don't require operands to be valid, invalid values may result in
6983 -- rubbish results where the result has not been properly checked for
6984 -- overflow, that's fine!
6988 -- If Determine_Range did not work (can this in fact happen? Not
6989 -- clear but might as well protect), use type bounds.
6996 -- If we don't have a binary operator, all we have to do is to set
6997 -- the Hi/Lo range, so we are done
7001 -- Processing for if expression
7004 declare
7008 begin
7011 Minimize_Eliminate_Overflows
7018 Minimize_Eliminate_Overflows
7023 else
7024 Long_Long_Integer_Operands :=
7031 -- If at least one of our operands is now Bignum, we must rebuild
7032 -- the if expression to use Bignum operands. We will analyze the
7033 -- rebuilt if expression with overflow checks off, since once we
7034 -- are in bignum mode, we are all done with overflow checks!
7047 -- If we have no Long_Long_Integer operands, then we are in result
7048 -- range, since it means that none of our operands felt the need
7049 -- to worry about overflow (otherwise it would have already been
7050 -- converted to long long integer or bignum). We reexpand to
7051 -- complete the expansion of the if expression (but we do not
7052 -- need to reanalyze).
7056 Reexpand;
7058 -- Otherwise convert us to long long integer mode. Note that we
7059 -- don't need any further overflow checking at this level.
7061 else
7066 -- Now reanalyze with overflow checks off
7075 -- Here for case expression
7081 declare
7084 begin
7085 -- Loop through expressions applying recursive call
7089 declare
7092 begin
7093 Minimize_Eliminate_Overflows
7106 -- If we have no bignum or long long integer operands, it means
7107 -- that none of our dependent expressions could raise overflow.
7108 -- In this case, we simply return with no changes except for
7109 -- resetting the overflow flag, since we are done with overflow
7110 -- checks for this node. We will reexpand to get the needed
7111 -- expansion for the case expression, but we do not need to
7112 -- reanalyze, since nothing has changed.
7118 -- Otherwise we are going to rebuild the case expression using
7119 -- either bignum or long long integer operands throughout.
7121 else
7122 declare
7127 begin
7134 else
7161 -- If we have an arithmetic operator we make recursive calls on the
7162 -- operands to get the ranges (and to properly process the subtree
7163 -- that lies below us!)
7165 Minimize_Eliminate_Overflows
7169 Minimize_Eliminate_Overflows
7173 -- Record if we have Long_Long_Integer operands
7175 Long_Long_Integer_Operands :=
7179 -- If either operand is a bignum, then result will be a bignum and we
7180 -- don't need to do any range analysis. As previously discussed we could
7181 -- do range analysis in such cases, but it could mean working with giant
7182 -- numbers at compile time for very little gain (the number of cases
7183 -- in which we could slip back from bignum mode is small).
7190 -- Otherwise compute result range
7192 else
7197 -- Absolute value
7203 -- Addition
7209 -- Division
7213 -- If the right operand can only be zero, set 0..0
7219 -- Possible bounds of division must come from dividing end
7220 -- values of the input ranges (four possibilities), provided
7221 -- zero is not included in the possible values of the right
7222 -- operand.
7224 -- Otherwise, we just consider two intervals of values for
7225 -- the right operand: the interval of negative values (up to
7226 -- -1) and the interval of positive values (starting at 1).
7227 -- Since division by 1 is the identity, and division by -1
7228 -- is negation, we get all possible bounds of division in that
7229 -- case by considering:
7230 -- - all values from the division of end values of input
7231 -- ranges;
7232 -- - the end values of the left operand;
7233 -- - the negation of the end values of the left operand.
7235 else
7236 declare
7238 -- Mark so we can release the RR and Ev values
7245 begin
7246 -- Discard extreme values of zero for the divisor, since
7247 -- they will simply result in an exception in any case.
7255 -- Compute possible bounds coming from dividing end
7256 -- values of the input ranges.
7266 -- If the right operand can be both negative or positive,
7267 -- include the end values of the left operand in the
7268 -- extreme values, as well as their negation.
7282 -- Release the RR and Ev values
7288 -- Exponentiation
7292 -- Discard negative values for the exponent, since they will
7293 -- simply result in an exception in any case.
7301 -- Estimate number of bits in result before we go computing
7302 -- giant useless bounds. Basically the number of bits in the
7303 -- result is the number of bits in the base multiplied by the
7304 -- value of the exponent. If this is big enough that the result
7305 -- definitely won't fit in Long_Long_Integer, switch to bignum
7306 -- mode immediately, and avoid computing giant bounds.
7308 -- The comparison here is approximate, but conservative, it
7309 -- only clicks on cases that are sure to exceed the bounds.
7315 -- If right operand is zero then result is 1
7321 else
7322 -- High bound comes either from exponentiation of largest
7323 -- positive value to largest exponent value, or from
7324 -- the exponentiation of most negative value to an
7325 -- even exponent.
7327 declare
7330 begin
7333 else
7340 else
7343 else
7350 -- Result can only be negative if base can be negative
7355 else
7359 -- Otherwise low bound is minimum ** minimum
7361 else
7366 -- Negation
7372 -- Mod
7375 declare
7377 -- This is the maximum absolute value of the result
7379 begin
7383 -- The result depends only on the sign and magnitude of
7384 -- the right operand, it does not depend on the sign or
7385 -- magnitude of the left operand.
7396 -- Multiplication
7400 -- Possible bounds of multiplication must come from multiplying
7401 -- end values of the input ranges (four possibilities).
7403 declare
7405 -- Mark so we can release the Ev values
7412 begin
7416 -- Release the Ev values
7421 -- Plus operator (affirmation)
7427 -- Remainder
7430 declare
7432 -- This is the maximum absolute value of the result. Note
7433 -- that the result range does not depend on the sign of the
7434 -- right operand.
7436 begin
7440 -- Case of left operand negative, which results in a range
7441 -- of -Maxabs .. 0 for those negative values. If there are
7442 -- no negative values then Lo value of result is always 0.
7448 -- Case of left operand positive
7455 -- Subtract
7461 -- Nothing else should be possible
7468 -- Here for the case where we have not rewritten anything (no bignum
7469 -- operands or long long integer operands), and we know the result.
7470 -- If we know we are in the result range, and we do not have Bignum
7471 -- operands or Long_Long_Integer operands, we can just reexpand with
7472 -- overflow checks turned off (since we know we cannot have overflow).
7473 -- As always the reexpansion is required to complete expansion of the
7474 -- operator, but we do not need to reanalyze, and we prevent recursion
7475 -- by suppressing the check.
7478 and then In_Result_Range
7479 then
7484 -- Here we know that we are not in the result range, and in the general
7485 -- case we will move into either the Bignum or Long_Long_Integer domain
7486 -- to compute the result. However, there is one exception. If we are
7487 -- at the top level, and we do not have Bignum or Long_Long_Integer
7488 -- operands, we will have to immediately convert the result back to
7489 -- the result type, so there is no point in Bignum/Long_Long_Integer
7490 -- fiddling.
7492 elsif Top_Level
7495 -- One further refinement. If we are at the top level, but our parent
7496 -- is a type conversion, then go into bignum or long long integer node
7497 -- since the result will be converted to that type directly without
7498 -- going through the result type, and we may avoid an overflow. This
7499 -- is the case for example of Long_Long_Integer (A ** 4), where A is
7500 -- of type Integer, and the result A ** 4 fits in Long_Long_Integer
7501 -- but does not fit in Integer.
7504 then
7505 -- Here keep original types, but we need to complete analysis
7507 -- One subtlety. We can't just go ahead and do an analyze operation
7508 -- here because it will cause recursion into the whole MINIMIZED/
7509 -- ELIMINATED overflow processing which is not what we want. Here
7510 -- we are at the top level, and we need a check against the result
7511 -- mode (i.e. we want to use STRICT mode). So do exactly that!
7512 -- Also, we have not modified the node, so this is a case where
7513 -- we need to reexpand, but not reanalyze.
7515 Reexpand;
7518 -- Cases where we do the operation in Bignum mode. This happens either
7519 -- because one of our operands is in Bignum mode already, or because
7520 -- the computed bounds are outside the bounds of Long_Long_Integer,
7521 -- which in some cases can be indicated by Hi and Lo being No_Uint.
7523 -- Note: we could do better here and in some cases switch back from
7524 -- Bignum mode to normal mode, e.g. big mod 2 must be in the range
7525 -- 0 .. 1, but the cases are rare and it is not worth the effort.
7526 -- Failing to do this switching back is only an efficiency issue.
7530 -- OK, we are definitely outside the range of Long_Long_Integer. The
7531 -- question is whether to move to Bignum mode, or stay in the domain
7532 -- of Long_Long_Integer, signalling that an overflow check is needed.
7534 -- Obviously in MINIMIZED mode we stay with LLI, since we are not in
7535 -- the Bignum business. In ELIMINATED mode, we will normally move
7536 -- into Bignum mode, but there is an exception if neither of our
7537 -- operands is Bignum now, and we are at the top level (Top_Level
7538 -- set True). In this case, there is no point in moving into Bignum
7539 -- mode to prevent overflow if the caller will immediately convert
7540 -- the Bignum value back to LLI with an overflow check. It's more
7541 -- efficient to stay in LLI mode with an overflow check (if needed)
7545 then
7550 -- The result now has to be in Long_Long_Integer mode, so adjust
7551 -- the possible range to reflect this. Note these calls also
7552 -- change No_Uint values from the top level case to LLI bounds.
7557 -- Otherwise we are in ELIMINATED mode and we switch to Bignum mode
7559 else
7562 declare
7566 begin
7595 -- Anything else is an internal error, this includes the
7596 -- N_Op_Plus case, since how can plus cause the result
7597 -- to be out of range if the operand is in range?
7603 -- Construct argument list for Bignum call, converting our
7604 -- operands to Bignum form if they are not already there.
7614 -- Now rewrite the arithmetic operator with a call to the
7615 -- corresponding bignum function.
7623 -- Indicate result is Bignum mode
7631 -- Otherwise we are in range of Long_Long_Integer, so no overflow
7632 -- check is required, at least not yet.
7634 else
7638 -- Here we are not in Bignum territory, but we may have long long
7639 -- integer operands that need special handling. First a special check:
7640 -- If an exponentiation operator exponent is of type Long_Long_Integer,
7641 -- it means we converted it to prevent overflow, but exponentiation
7642 -- requires a Natural right operand, so convert it back to Natural.
7643 -- This conversion may raise an exception which is fine.
7649 -- Here we will do the operation in Long_Long_Integer. We do this even
7650 -- if we know an overflow check is required, better to do this in long
7651 -- long integer mode, since we are less likely to overflow!
7653 -- Convert right or only operand to Long_Long_Integer, except that
7654 -- we do not touch the exponentiation right operand.
7660 -- Convert left operand to Long_Long_Integer for binary case
7666 -- Reset node to unanalyzed
7672 -- Now analyze this new node. This reanalysis will complete processing
7673 -- for the node. In particular we will complete the expansion of an
7674 -- exponentiation operator (e.g. changing A ** 2 to A * A), and also
7675 -- we will complete any division checks (since we have not changed the
7676 -- setting of the Do_Division_Check flag).
7678 -- We do this reanalysis in STRICT mode to avoid recursion into the
7679 -- MINIMIZED/ELIMINATED handling, since we are now done with that!
7681 declare
7687 begin
7693 else
7702 -------------------------
7703 -- Overflow_Check_Mode --
7704 -------------------------
7707 begin
7710 else
7715 --------------------------------
7716 -- Overflow_Checks_Suppressed --
7717 --------------------------------
7720 begin
7723 else
7728 -----------------------------
7729 -- Range_Checks_Suppressed --
7730 -----------------------------
7733 begin
7736 -- Note: for now we always suppress range checks on Vax float types,
7737 -- since Gigi does not know how to generate these checks.
7751 -----------------------------------------
7752 -- Range_Or_Validity_Checks_Suppressed --
7753 -----------------------------------------
7755 -- Note: the coding would be simpler here if we simply made appropriate
7756 -- calls to Range/Validity_Checks_Suppressed, but that would result in
7757 -- duplicated checks which we prefer to avoid.
7759 function Range_Or_Validity_Checks_Suppressed
7761 is
7762 begin
7763 -- Immediate return if scope checks suppressed for either check
7766 or
7768 then
7772 -- If no expression, that's odd, decide that checks are suppressed,
7773 -- since we don't want anyone trying to do checks in this case, which
7774 -- is most likely the result of some other error.
7780 -- Expression is present, so perform suppress checks on type
7782 declare
7784 begin
7789 or else
7791 then
7796 -- If expression is an entity name, perform checks on this entity
7799 declare
7801 begin
7809 -- If we fall through, no checks suppressed
7814 -------------------
7815 -- Remove_Checks --
7816 -------------------
7820 -- Process a single node during the traversal
7823 -- The traversal procedure itself
7825 -------------
7826 -- Process --
7827 -------------
7830 begin
7893 -- Start of processing for Remove_Checks
7895 begin
7899 ----------------------------
7900 -- Selected_Length_Checks --
7901 ----------------------------
7903 function Selected_Length_Checks
7908 is
7921 -- Adds the action given to Ret_Result if N is non-Empty
7925 -- Comments required ???
7928 -- True for equal literals and for nodes that denote the same constant
7929 -- entity, even if its value is not a static constant. This includes the
7930 -- case of a discriminal reference within an init proc. Removes some
7931 -- obviously superfluous checks.
7933 function Length_E_Cond
7937 -- Returns expression to compute:
7938 -- Typ'Length /= Exptyp'Length
7940 function Length_N_Cond
7944 -- Returns expression to compute:
7945 -- Typ'Length /= Expr'Length
7947 ---------------
7948 -- Add_Check --
7949 ---------------
7952 begin
7955 -- For now, ignore attempt to place more than 2 checks ???
7967 ------------------
7968 -- Get_E_Length --
7969 ------------------
7976 begin
7979 then
7989 return
7997 and then not Inside_Init_Proc
7998 then
7999 -- If the type whose length is needed is a private component
8000 -- constrained by a discriminant, we must expand the 'Length
8001 -- attribute into an explicit computation, using the discriminal
8002 -- of the current protected operation. This is because the actual
8003 -- type of the prival is constructed after the protected opera-
8004 -- tion has been fully expanded.
8006 declare
8012 begin
8023 then
8030 then
8044 N :=
8046 Left_Opnd =>
8054 else
8055 N :=
8058 Prefix =>
8070 else
8071 N :=
8074 Prefix =>
8086 ------------------
8087 -- Get_N_Length --
8088 ------------------
8091 begin
8092 return
8095 Prefix =>
8101 -------------------
8102 -- Length_E_Cond --
8103 -------------------
8105 function Length_E_Cond
8109 is
8110 begin
8111 return
8117 -------------------
8118 -- Length_N_Cond --
8119 -------------------
8121 function Length_N_Cond
8125 is
8126 begin
8127 return
8133 -----------------
8134 -- Same_Bounds --
8135 -----------------
8138 begin
8139 return
8144 or else
8149 or else
8154 or else
8161 or else
8169 -- Start of processing for Selected_Length_Checks
8171 begin
8179 then
8191 else
8204 -- A simple optimization for the null case
8214 -- The checking code to be generated will freeze the corresponding
8215 -- array type. However, we must freeze the type now, so that the
8216 -- freeze node does not appear within the generated if expression,
8217 -- but ahead of it.
8228 -- String_Literal case. This needs to be handled specially be-
8229 -- cause no index types are available for string literals. The
8230 -- condition is simply:
8232 -- T_Typ'Length = string-literal-length
8236 then
8237 Cond :=
8240 Right_Opnd =>
8242 Intval =>
8245 -- General array case. Here we have a usable actual subtype for
8246 -- the expression, and the condition is built from the two types
8247 -- (Do_Length):
8249 -- T_Typ'Length /= Exptyp'Length or else
8250 -- T_Typ'Length (2) /= Exptyp'Length (2) or else
8251 -- T_Typ'Length (3) /= Exptyp'Length (3) or else
8252 -- ...
8255 declare
8268 begin
8269 -- At the library level, we need to ensure that the type of
8270 -- the object is elaborated before the check itself is
8271 -- emitted. This is only done if the object is in the
8272 -- current compilation unit, otherwise the type is frozen
8273 -- and elaborated in its unit.
8276 and then
8278 and then
8281 then
8292 or else
8294 then
8298 -- Deal with compile time length check. Note that we
8299 -- skip this in the access case, because the access
8300 -- value may be null, so we cannot know statically.
8302 if not Do_Access
8307 then
8311 else
8318 else
8323 Add_Check
8324 (Compile_Time_Constraint_Error
8328 Add_Check
8329 (Compile_Time_Constraint_Error
8333 -- The comparison for an individual index subtype
8334 -- is omitted if the corresponding index subtypes
8335 -- statically match, since the result is known to
8336 -- be true. Note that this test is worth while even
8337 -- though we do static evaluation, because non-static
8338 -- subtypes can statically match.
8340 elsif not
8341 Subtypes_Statically_Match
8344 and then not
8347 then
8348 Evolve_Or_Else
8358 -- Handle cases where we do not get a usable actual subtype that
8359 -- is constrained. This happens for example in the function call
8360 -- and explicit dereference cases. In these cases, we have to get
8361 -- the length or range from the expression itself, making sure we
8362 -- do not evaluate it more than once.
8364 -- Here Ck_Node is the original expression, or more properly the
8365 -- result of applying Duplicate_Expr to the original tree, forcing
8366 -- the result to be a name.
8368 else
8369 declare
8372 begin
8373 -- Build the condition for the explicit dereference case
8376 Evolve_Or_Else
8384 -- Construct the test and insert into the tree
8391 Add_Check
8400 ---------------------------
8401 -- Selected_Range_Checks --
8402 ---------------------------
8404 function Selected_Range_Checks
8409 is
8422 -- Adds the action given to Ret_Result if N is non-Empty
8424 function Discrete_Range_Cond
8427 -- Returns expression to compute:
8428 -- Low_Bound (Expr) < Typ'First
8429 -- or else
8430 -- High_Bound (Expr) > Typ'Last
8432 function Discrete_Expr_Cond
8435 -- Returns expression to compute:
8436 -- Expr < Typ'First
8437 -- or else
8438 -- Expr > Typ'Last
8440 function Get_E_First_Or_Last
8445 -- Returns an attribute reference
8446 -- E'First or E'Last
8447 -- with a source location of Loc.
8448 --
8449 -- Nam is Name_First or Name_Last, according to which attribute is
8450 -- desired. If Indx is non-zero, it is passed as a literal in the
8451 -- Expressions of the attribute reference (identifying the desired
8452 -- array dimension).
8456 -- Returns expression to compute:
8457 -- N'First or N'Last using Duplicate_Subexpr_No_Checks
8459 function Range_E_Cond
8464 -- Returns expression to compute:
8465 -- Exptyp'First < Typ'First or else Exptyp'Last > Typ'Last
8467 function Range_Equal_E_Cond
8471 -- Returns expression to compute:
8472 -- Exptyp'First /= Typ'First or else Exptyp'Last /= Typ'Last
8474 function Range_N_Cond
8478 -- Return expression to compute:
8479 -- Expr'First < Typ'First or else Expr'Last > Typ'Last
8481 ---------------
8482 -- Add_Check --
8483 ---------------
8486 begin
8489 -- For now, ignore attempt to place more than 2 checks ???
8501 -------------------------
8502 -- Discrete_Expr_Cond --
8503 -------------------------
8505 function Discrete_Expr_Cond
8508 is
8509 begin
8510 return
8512 Left_Opnd =>
8514 Left_Opnd =>
8517 Right_Opnd =>
8521 Right_Opnd =>
8523 Left_Opnd =>
8526 Right_Opnd =>
8527 Convert_To
8532 -------------------------
8533 -- Discrete_Range_Cond --
8534 -------------------------
8536 function Discrete_Range_Cond
8539 is
8546 begin
8549 then
8553 Left_Opnd :=
8555 Left_Opnd =>
8556 Convert_To
8559 Right_Opnd =>
8560 Convert_To
8566 then
8570 Right_Opnd :=
8572 Left_Opnd =>
8573 Convert_To
8576 Right_Opnd =>
8577 Convert_To
8584 -------------------------
8585 -- Get_E_First_Or_Last --
8586 -------------------------
8588 function Get_E_First_Or_Last
8593 is
8595 begin
8598 else
8608 -----------------
8609 -- Get_N_First --
8610 -----------------
8613 begin
8614 return
8617 Prefix =>
8623 ----------------
8624 -- Get_N_Last --
8625 ----------------
8628 begin
8629 return
8632 Prefix =>
8638 ------------------
8639 -- Range_E_Cond --
8640 ------------------
8642 function Range_E_Cond
8646 is
8647 begin
8648 return
8650 Left_Opnd =>
8652 Left_Opnd =>
8654 Right_Opnd =>
8657 Right_Opnd =>
8659 Left_Opnd =>
8661 Right_Opnd =>
8665 ------------------------
8666 -- Range_Equal_E_Cond --
8667 ------------------------
8669 function Range_Equal_E_Cond
8673 is
8674 begin
8675 return
8677 Left_Opnd =>
8679 Left_Opnd =>
8681 Right_Opnd =>
8684 Right_Opnd =>
8686 Left_Opnd =>
8688 Right_Opnd =>
8692 ------------------
8693 -- Range_N_Cond --
8694 ------------------
8696 function Range_N_Cond
8700 is
8701 begin
8702 return
8704 Left_Opnd =>
8706 Left_Opnd =>
8708 Right_Opnd =>
8711 Right_Opnd =>
8713 Left_Opnd =>
8715 Right_Opnd =>
8719 -- Start of processing for Selected_Range_Checks
8721 begin
8729 then
8741 else
8749 -- The order of evaluating T_Typ before S_Typ seems to be critical
8750 -- because S_Typ can be derived from Etype (Ck_Node), if it's not passed
8751 -- in, and since Node can be an N_Range node, it might be invalid.
8752 -- Should there be an assert check somewhere for taking the Etype of
8753 -- an N_Range node ???
8760 -- A simple optimization for the null case
8767 -- For an N_Range Node, check for a null range and then if not
8768 -- null generate a range check action.
8772 -- There's no point in checking a range against itself
8778 declare
8793 begin
8794 -- Compute what is known at compile time
8800 -- There's no point in checking that a bound is within its
8801 -- own range so pretend that it is known in this case. First
8802 -- deal with low bound.
8806 then
8810 else
8814 -- Likewise for the high bound
8821 then
8825 else
8830 -- Check for case where everything is static and we can do the
8831 -- check at compile time. This is skipped if we have an access
8832 -- type, since the access value may be null.
8834 -- ??? This code can be improved since you only need to know that
8835 -- the two respective bounds (LB & T_LB or HB & T_HB) are known at
8836 -- compile time to emit pertinent messages.
8839 and not Do_Access
8840 then
8841 -- Floating-point case
8845 Out_Of_Range_L :=
8847 or else
8850 Out_Of_Range_H :=
8852 or else
8855 -- Fixed or discrete type case
8857 else
8859 Out_Of_Range_L :=
8861 or else
8864 Out_Of_Range_H :=
8866 or else
8873 Add_Check
8874 (Compile_Time_Constraint_Error
8878 else
8879 Add_Check
8880 (Compile_Time_Constraint_Error
8888 Add_Check
8889 (Compile_Time_Constraint_Error
8893 else
8894 Add_Check
8895 (Compile_Time_Constraint_Error
8902 else
8903 declare
8907 begin
8908 -- If either bound is a discriminant and we are within the
8909 -- record declaration, it is a use of the discriminant in a
8910 -- constraint of a component, and nothing can be checked
8911 -- here. The check will be emitted within the init proc.
8912 -- Before then, the discriminal has no real meaning.
8913 -- Similarly, if the entity is a discriminal, there is no
8914 -- check to perform yet.
8916 -- The same holds within a discriminated synchronized type,
8917 -- where the discriminant may constrain a component or an
8918 -- entry family.
8922 then
8926 then
8928 else
8929 LB :=
8936 then
8940 then
8942 else
8943 HB :=
8951 Cond :=
8953 Left_Opnd =>
8964 -- This somewhat duplicates what Apply_Scalar_Range_Check does,
8965 -- except the above simply sets a flag in the node and lets
8966 -- gigi generate the check base on the Etype of the expression.
8967 -- Sometimes, however we want to do a dynamic check against an
8968 -- arbitrary target type, so we do that here.
8973 -- For literals, we can tell if the constraint error will be
8974 -- raised at compile time, so we never need a dynamic check, but
8975 -- if the exception will be raised, then post the usual warning,
8976 -- and replace the literal with a raise constraint error
8977 -- expression. As usual, skip this for access types
8980 and then not Do_Access
8981 then
8982 declare
8991 begin
8992 -- Following range tests should use Sem_Eval routine ???
8996 Out_Of_Range :=
8998 or else
9001 -- Fixed or discrete type
9003 else
9004 Out_Of_Range :=
9006 or else
9010 -- Bounds of the type are static and the literal is out of
9011 -- range so output a warning message.
9015 Add_Check
9016 (Compile_Time_Constraint_Error
9020 else
9021 Add_Check
9022 (Compile_Time_Constraint_Error
9028 else
9033 -- Here for the case of a non-static expression, we need a runtime
9034 -- check unless the source type range is guaranteed to be in the
9035 -- range of the target type.
9037 else
9054 -- String_Literal case. This needs to be handled specially be-
9055 -- cause no index types are available for string literals. The
9056 -- condition is simply:
9058 -- T_Typ'Length = string-literal-length
9063 -- General array case. Here we have a usable actual subtype for
9064 -- the expression, and the condition is built from the two types
9066 -- T_Typ'First < Exptyp'First or else
9067 -- T_Typ'Last > Exptyp'Last or else
9068 -- T_Typ'First(1) < Exptyp'First(1) or else
9069 -- T_Typ'Last(1) > Exptyp'Last(1) or else
9070 -- ...
9073 declare
9079 begin
9085 or else
9087 then
9088 -- Deal with compile time length check. Note that we
9089 -- skip this in the access case, because the access
9090 -- value may be null, so we cannot know statically.
9092 if not
9093 Subtypes_Statically_Match
9095 then
9096 -- If the target type is constrained then we
9097 -- have to check for exact equality of bounds
9098 -- (required for qualified expressions).
9101 Evolve_Or_Else
9104 else
9105 Evolve_Or_Else
9116 -- Handle cases where we do not get a usable actual subtype that
9117 -- is constrained. This happens for example in the function call
9118 -- and explicit dereference cases. In these cases, we have to get
9119 -- the length or range from the expression itself, making sure we
9120 -- do not evaluate it more than once.
9122 -- Here Ck_Node is the original expression, or more properly the
9123 -- result of applying Duplicate_Expr to the original tree,
9124 -- forcing the result to be a name.
9126 else
9127 declare
9130 begin
9131 -- Build the condition for the explicit dereference case
9134 Evolve_Or_Else
9140 else
9141 -- For a conversion to an unconstrained array type, generate an
9142 -- Action to check that the bounds of the source value are within
9143 -- the constraints imposed by the target type (RM 4.6(38)). No
9144 -- check is needed for a conversion to an access to unconstrained
9145 -- array type, as 4.6(24.15/2) requires the designated subtypes
9146 -- of the two access types to statically match.
9149 and then not Do_Access
9150 then
9151 declare
9156 begin
9161 -- If the index is a range, use its bounds. If it is an
9162 -- entity (as will be the case if it is a named subtype
9163 -- or an itype created for a slice) retrieve its range.
9167 then
9169 else
9174 if Is_In_Range
9177 and then
9178 Is_In_Range
9181 then
9184 -- If null range, no check needed
9186 elsif
9188 and then
9190 and then
9193 then
9196 elsif Is_Out_Of_Range
9199 or else
9200 Is_Out_Of_Range
9203 then
9204 Add_Check
9205 (Compile_Time_Constraint_Error
9208 else
9209 Evolve_Or_Else
9211 Discrete_Range_Cond
9224 -- Construct the test and insert into the tree
9231 Add_Check
9240 -------------------------------
9241 -- Storage_Checks_Suppressed --
9242 -------------------------------
9245 begin
9248 else
9253 ---------------------------
9254 -- Tag_Checks_Suppressed --
9255 ---------------------------
9258 begin
9261 then
9268 --------------------------
9269 -- Validity_Check_Range --
9270 --------------------------
9273 begin
9282 --------------------------------
9283 -- Validity_Checks_Suppressed --
9284 --------------------------------
9287 begin
9290 else