| blob | 3c7839754e4299f0aaf313dde5b7f0c372af6e1f |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C H E C K S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 1992-2004 Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 2, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING. If not, write --
19 -- to the Free Software Foundation, 59 Temple Place - Suite 330, Boston, --
20 -- MA 02111-1307, USA. --
21 -- --
22 -- GNAT was originally developed by the GNAT team at New York University. --
23 -- Extensive contributions were provided by Ada Core Technologies Inc. --
24 -- --
25 ------------------------------------------------------------------------------
64 -- General note: many of these routines are concerned with generating
65 -- checking code to make sure that constraint error is raised at runtime.
66 -- Clearly this code is only needed if the expander is active, since
67 -- otherwise we will not be generating code or going into the runtime
68 -- execution anyway.
70 -- We therefore disconnect most of these checks if the expander is
71 -- inactive. This has the additional benefit that we do not need to
72 -- worry about the tree being messed up by previous errors (since errors
73 -- turn off expansion anyway).
75 -- There are a few exceptions to the above rule. For instance routines
76 -- such as Apply_Scalar_Range_Check that do not insert any code can be
77 -- safely called even when the Expander is inactive (but Errors_Detected
78 -- is 0). The benefit of executing this code when expansion is off, is
79 -- the ability to emit constraint error warning for static expressions
80 -- even when we are not generating code.
82 -------------------------------------
83 -- Suppression of Redundant Checks --
84 -------------------------------------
86 -- This unit implements a limited circuit for removal of redundant
87 -- checks. The processing is based on a tracing of simple sequential
88 -- flow. For any sequence of statements, we save expressions that are
89 -- marked to be checked, and then if the same expression appears later
90 -- with the same check, then under certain circumstances, the second
91 -- check can be suppressed.
93 -- Basically, we can suppress the check if we know for certain that
94 -- the previous expression has been elaborated (together with its
95 -- check), and we know that the exception frame is the same, and that
96 -- nothing has happened to change the result of the exception.
98 -- Let us examine each of these three conditions in turn to describe
99 -- how we ensure that this condition is met.
101 -- First, we need to know for certain that the previous expression has
102 -- been executed. This is done principly by the mechanism of calling
103 -- Conditional_Statements_Begin at the start of any statement sequence
104 -- and Conditional_Statements_End at the end. The End call causes all
105 -- checks remembered since the Begin call to be discarded. This does
106 -- miss a few cases, notably the case of a nested BEGIN-END block with
107 -- no exception handlers. But the important thing is to be conservative.
108 -- The other protection is that all checks are discarded if a label
109 -- is encountered, since then the assumption of sequential execution
110 -- is violated, and we don't know enough about the flow.
112 -- Second, we need to know that the exception frame is the same. We
113 -- do this by killing all remembered checks when we enter a new frame.
114 -- Again, that's over-conservative, but generally the cases we can help
115 -- with are pretty local anyway (like the body of a loop for example).
117 -- Third, we must be sure to forget any checks which are no longer valid.
118 -- This is done by two mechanisms, first the Kill_Checks_Variable call is
119 -- used to note any changes to local variables. We only attempt to deal
120 -- with checks involving local variables, so we do not need to worry
121 -- about global variables. Second, a call to any non-global procedure
122 -- causes us to abandon all stored checks, since such a all may affect
123 -- the values of any local variables.
125 -- The following define the data structures used to deal with remembering
126 -- checks so that redundant checks can be eliminated as described above.
128 -- Right now, the only expressions that we deal with are of the form of
129 -- simple local objects (either declared locally, or IN parameters) or
130 -- such objects plus/minus a compile time known constant. We can do
131 -- more later on if it seems worthwhile, but this catches many simple
132 -- cases in practice.
134 -- The following record type reflects a single saved check. An entry
135 -- is made in the stack of saved checks if and only if the expression
136 -- has been elaborated with the indicated checks.
140 -- Set True if entry is killed by Kill_Checks
143 -- The entity involved in the expression that is checked
146 -- A compile time value indicating the result of adding or
147 -- subtracting a compile time value. This value is to be
148 -- added to the value of the Entity. A value of zero is
149 -- used for the case of a simple entity reference.
152 -- This is set to 'R' for a range check (in which case Target_Type
153 -- is set to the target type for the range check) or to 'O' for an
154 -- overflow check (in which case Target_Type is set to Empty).
157 -- Used only if Do_Range_Check is set. Records the target type for
158 -- the check. We need this, because a check is a duplicate only if
159 -- it has a the same target type (or more accurately one with a
160 -- range that is smaller or equal to the stored target type of a
161 -- saved check).
164 -- The following table keeps track of saved checks. Rather than use an
165 -- extensible table. We just use a table of fixed size, and we discard
166 -- any saved checks that do not fit. That's very unlikely to happen and
167 -- this is only an optimization in any case.
170 -- Array of saved checks
173 -- Number of saved checks
175 -- The following stack keeps track of statement ranges. It is treated
176 -- as a stack. When Conditional_Statements_Begin is called, an entry
177 -- is pushed onto this stack containing the value of Num_Saved_Checks
178 -- at the time of the call. Then when Conditional_Statements_End is
179 -- called, this value is popped off and used to reset Num_Saved_Checks.
181 -- Note: again, this is a fixed length stack with a size that should
182 -- always be fine. If the value of the stack pointer goes above the
183 -- limit, then we just forget all saved checks.
188 -----------------------
189 -- Local Subprograms --
190 -----------------------
192 procedure Apply_Float_Conversion_Check
195 -- The checks on a conversion from a floating-point type to an integer
196 -- type are delicate. They have to be performed before conversion, they
197 -- have to raise an exception when the operand is a NaN, and rounding must
198 -- be taken into account to determine the safe bounds of the operand.
200 procedure Apply_Selected_Length_Checks
205 -- This is the subprogram that does all the work for Apply_Length_Check
206 -- and Apply_Static_Length_Check. Expr, Target_Typ and Source_Typ are as
207 -- described for the above routines. The Do_Static flag indicates that
208 -- only a static check is to be done.
210 procedure Apply_Selected_Range_Checks
215 -- This is the subprogram that does all the work for Apply_Range_Check.
216 -- Expr, Target_Typ and Source_Typ are as described for the above
217 -- routine. The Do_Static flag indicates that only a static check is
218 -- to be done.
220 procedure Find_Check
228 -- This routine is used by Enable_Range_Check and Enable_Overflow_Check
229 -- to see if a check is of the form for optimization, and if so, to see
230 -- if it has already been performed. Expr is the expression to check,
231 -- and Check_Type is 'R' for a range check, 'O' for an overflow check.
232 -- Target_Type is the target type for a range check, and Empty for an
233 -- overflow check. If the entry is not of the form for optimization,
234 -- then Entry_OK is set to False, and the remaining out parameters
235 -- are undefined. If the entry is OK, then Ent/Ofs are set to the
236 -- entity and offset from the expression. Check_Num is the number of
237 -- a matching saved entry in Saved_Checks, or zero if no such entry
238 -- is located.
241 -- If a discriminal is used in constraining a prival, Return reference
242 -- to the discriminal of the protected body (which renames the parameter
243 -- of the enclosing protected operation). This clumsy transformation is
244 -- needed because privals are created too late and their actual subtypes
245 -- are not available when analysing the bodies of the protected operations.
246 -- To be cleaned up???
248 function Guard_Access
252 -- In the access type case, guard the test with a test to ensure
253 -- that the access value is non-null, since the checks do not
254 -- not apply to null access values.
257 -- Determines whether an access node requires a runtime access check and
258 -- if so inserts the appropriate run-time check
261 -- Called by Apply_{Length,Range}_Checks to rewrite the tree with the
262 -- Constraint_Error node.
264 function Selected_Length_Checks
269 -- Like Apply_Selected_Length_Checks, except it doesn't modify
270 -- anything, just returns a list of nodes as described in the spec of
271 -- this package for the Range_Check function.
273 function Selected_Range_Checks
278 -- Like Apply_Selected_Range_Checks, except it doesn't modify anything,
279 -- just returns a list of nodes as described in the spec of this package
280 -- for the Range_Check function.
282 ------------------------------
283 -- Access_Checks_Suppressed --
284 ------------------------------
287 begin
290 else
295 -------------------------------------
296 -- Accessibility_Checks_Suppressed --
297 -------------------------------------
300 begin
303 else
308 -------------------------
309 -- Append_Range_Checks --
310 -------------------------
312 procedure Append_Range_Checks
318 is
324 or else
327 begin
328 -- For now we just return if Checks_On is false, however this should
329 -- be enhanced to check for an always True value in the condition
330 -- and to generate a compilation warning???
341 then
347 else
348 Append_To
356 ------------------------
357 -- Apply_Access_Check --
358 ------------------------
363 begin
372 -- We do not need access checks if prefix is known to be non-null
377 -- We do not need access checks if they are suppressed on the type
382 -- We do not need checks if we are not generating code (i.e. the
383 -- expander is not active). This is not just an optimization, there
384 -- are cases (e.g. with pragma Debug) where generating the checks
385 -- can cause real trouble).
391 -- Case where P is an entity name
394 declare
397 begin
402 -- Otherwise we are going to generate an access check, and
403 -- are we have done it, the entity will now be known non null
404 -- But we have to check for safe sequential semantics here!
412 -- Access check is required
417 -------------------------------
418 -- Apply_Accessibility_Check --
419 -------------------------------
427 begin
431 -- Only apply the run-time check if the access parameter
432 -- has an associated extra access level parameter and
433 -- when the level of the type is less deep than the level
434 -- of the access parameter.
442 then
443 Param_Level :=
446 Type_Level :=
449 -- Raise Program_Error if the accessibility level of the
450 -- the access parameter is deeper than the level of the
451 -- target access type.
455 Condition =>
465 ---------------------------
466 -- Apply_Alignment_Check --
467 ---------------------------
475 -- Constant to show whether target requires alignment checks
477 begin
478 -- See if check needed. Note that we never need a check if the
479 -- maximum alignment is one, since the check will always succeed
483 or else not Alignment_Required
484 then
496 then
504 -- Here Expr is the address value. See if we know that the
505 -- value is unacceptable at compile time.
509 then
514 Error_Msg_NE
519 -- Here we do not know if the value is acceptable, generate
520 -- code to raise PE if alignment is inappropriate.
522 else
523 -- Skip generation of this code if we don't want elab code
528 Condition =>
530 Left_Opnd =>
532 Left_Opnd =>
533 Unchecked_Convert_To
536 Right_Opnd =>
548 exception
553 -------------------------------------
554 -- Apply_Arithmetic_Overflow_Check --
555 -------------------------------------
557 -- This routine is called only if the type is an integer type, and
558 -- a software arithmetic overflow check must be performed for op
559 -- (add, subtract, multiply). The check is performed only if
560 -- Software_Overflow_Checking is enabled and Do_Overflow_Check
561 -- is set. In this case we expand the operation into a more complex
562 -- sequence of tests that ensures that overflow is properly caught.
575 begin
576 -- Skip this if overflow checks are done in back end, or the overflow
577 -- flag is not set anyway, or we are not doing code expansion.
579 if Backend_Overflow_Checks_On_Target
581 or else not Expander_Active
582 then
586 -- Otherwise, we generate the full general code for front end overflow
587 -- detection, which works by doing arithmetic in a larger type:
589 -- x op y
591 -- is expanded into
593 -- Typ (Checktyp (x) op Checktyp (y));
595 -- where Typ is the type of the original expression, and Checktyp is
596 -- an integer type of sufficient length to hold the largest possible
597 -- result.
599 -- In the case where check type exceeds the size of Long_Long_Integer,
600 -- we use a different approach, expanding to:
602 -- typ (xxx_With_Ovflo_Check (Integer_64 (x), Integer (y)))
604 -- where xxx is Add, Multiply or Subtract as appropriate
606 -- Find check type if one exists
614 -- No check type exists, use runtime call
616 else
623 else
640 -- If we fall through, we have the case where we do the arithmetic in
641 -- the next higher type and get the check by conversion. In these cases
642 -- Ctyp is set to the type to be used as the check type.
660 -- The type of the operation changes to the base type of the check
661 -- type, and we reset the overflow check indication, since clearly
662 -- no overflow is possible now that we are using a double length
663 -- type. We also set the Analyzed flag to avoid a recursive attempt
664 -- to expand the node.
670 -- Now build the outer conversion
676 -- In the discrete type case, we directly generate the range check
677 -- for the outer operand. This range check will implement the required
678 -- overflow check.
684 -- For other types, we enable overflow checking on the conversion,
685 -- after setting the node as analyzed to prevent recursive attempts
686 -- to expand the conversion node.
688 else
694 exception
699 ----------------------------
700 -- Apply_Array_Size_Check --
701 ----------------------------
703 -- Note: Really of course this entre check should be in the backend,
704 -- and perhaps this is not quite the right value, but it is good
705 -- enough to catch the normal cases (and the relevant ACVC tests!)
707 -- The situation is as follows. In GNAT 3 (GCC 2.x), the size in bits
708 -- is computed in 32 bits without an overflow check. That's a real
709 -- problem for Ada. So what we do in GNAT 3 is to approximate the
710 -- size of an array by manually multiplying the element size by the
711 -- number of elements, and comparing that against the allowed limits.
713 -- In GNAT 5, the size in byte is still computed in 32 bits without
714 -- an overflow check in the dynamic case, but the size in bits is
715 -- computed in 64 bits. We assume that's good enough, so we use the
716 -- size in bits for the test.
734 -- Set false if any index subtye bound is non-static
737 -- We can throw away all the Uint computations here, since they are
738 -- done only to generate boolean test results.
741 -- Size to check against
744 -- Determines if Decl is an address clause or Import/Interface pragma
745 -- that references the defining identifier of the current declaration.
747 --------------------------
748 -- Is_Address_Or_Import --
749 --------------------------
752 begin
757 return
759 and then
761 and then
766 or else
769 then
770 declare
774 begin
775 return
777 and then
779 and then
781 and then
785 else
789 else
794 -- Start of processing for Apply_Array_Size_Check
796 begin
797 -- No need for a check if not expanding
803 -- No need for a check if checks are suppressed
809 -- It is pointless to insert this check inside an init proc, because
810 -- that's too late, we have already built the object to be the right
811 -- size, and if it's too large, too bad!
817 -- Look head for pragma interface/import or address clause applying
818 -- to this entity. If found, we suppress the check entirely. For now
819 -- we only look ahead 20 declarations to stop this becoming too slow
820 -- Note that eventually this whole routine gets moved to gigi.
832 -- GCC 3 case
836 -- No problem if size is known at compile time (even if the front
837 -- end does not know it) because the back end does do overflow
838 -- checking on the size in bytes if it is compile time known.
845 -- Following code is temporarily deleted, since GCC 3 is returning
846 -- zero for size in bits of large dynamic arrays. ???
848 -- -- Otherwise we check for the size in bits exceeding 2**31-1 * 8.
849 -- -- This is the case in which we could end up with problems from
850 -- -- an unnoticed overflow in computing the size in bytes
851 --
852 -- Check_Siz := (Uint_2 ** 31 - Uint_1) * Uint_8;
853 --
854 -- Sizx :=
855 -- Make_Attribute_Reference (Loc,
856 -- Prefix => New_Occurrence_Of (Typ, Loc),
857 -- Attribute_Name => Name_Size);
859 -- GCC 2 case (for now this is for GCC 3 dynamic case as well)
861 begin
862 -- First step is to calculate the maximum number of elements. For
863 -- this calculation, we use the actual size of the subtype if it is
864 -- static, and if a bound of a subtype is non-static, we go to the
865 -- bound of the base type.
874 -- If any bound raises constraint error, we will never get this
875 -- far, so there is no need to generate any kind of check.
878 or else
880 then
885 -- Otherwise get bounds values
889 else
896 else
905 -- Compute the limit against which we want to check. For subprograms,
906 -- where the array will go on the stack, we use 8*2**24, which (in
907 -- bits) is the size of a 16 megabyte array.
911 else
915 -- If we have all static bounds and Siz is too large, then we know
916 -- we know we have a storage error right now, so generate message
927 -- Case of component size known at compile time. If the array
928 -- size is definitely in range, then we do not need a check.
932 then
937 -- Here if a dynamic check is required
939 -- What we do is to build an expression for the size of the array,
940 -- which is computed as the 'Size of the array component, times
941 -- the size of each dimension.
945 Sizx :=
956 Sizx :=
959 Right_Opnd =>
969 -- Common code to actually emit the check
971 Code :=
973 Condition =>
976 Right_Opnd =>
985 ----------------------------
986 -- Apply_Constraint_Check --
987 ----------------------------
989 procedure Apply_Constraint_Check
993 is
996 begin
1005 -- A useful optimization: an aggregate with only an Others clause
1006 -- always has the right bounds.
1010 and then Nkind
1012 = N_Others_Choice
1013 then
1023 else
1031 then
1038 -- No checks necessary if expression statically null
1043 -- No sliding possible on access to arrays
1054 then
1060 then
1066 ------------------------------
1067 -- Apply_Discriminant_Check --
1068 ------------------------------
1070 procedure Apply_Discriminant_Check
1074 is
1082 -- It is possible for an aliased component to have a nominal
1083 -- unconstrained subtype (through instantiation). If this is a
1084 -- discriminated component assigned in the expansion of an aggregate
1085 -- in an initialization, the check must be suppressed. This unusual
1086 -- situation requires a predicate of its own (see 7503-008).
1088 ----------------------------------------
1089 -- Is_Aliased_Unconstrained_Component --
1090 ----------------------------------------
1096 begin
1099 else
1106 then
1111 and then In_Instance
1115 -- Start of processing for Apply_Discriminant_Check
1117 begin
1120 else
1124 -- Nothing to do if discriminant checks are suppressed or else no code
1125 -- is to be generated
1127 if not Expander_Active
1129 then
1133 -- No discriminant checks necessary for access when expression
1134 -- is statically Null. This is not only an optimization, this is
1135 -- fundamental because otherwise discriminant checks may be generated
1136 -- in init procs for types containing an access to a non-frozen yet
1137 -- record, causing a deadly forward reference.
1139 -- Also, if the expression is of an access type whose designated
1140 -- type is incomplete, then the access value must be null and
1141 -- we suppress the check.
1154 -- If an assignment target is present, then we need to generate
1155 -- the actual subtype if the target is a parameter or aliased
1156 -- object with an unconstrained nominal subtype.
1163 then
1167 -- Nothing to do if the type is unconstrained (this is the case
1168 -- where the actual subtype in the RM sense of N is unconstrained
1169 -- and no check is required).
1175 -- Nothing to do if the type is an Unchecked_Union
1181 -- Suppress checks if the subtypes are the same.
1182 -- the check must be preserved in an assignment to a formal, because
1183 -- the constraint is given by the actual.
1189 then
1193 then
1197 -- We can also eliminate checks on allocators with a subtype mark
1198 -- that coincides with the context type. The context type may be a
1199 -- subtype without a constraint (common case, a generic actual).
1203 then
1204 declare
1208 begin
1215 then
1221 -- See if we have a case where the types are both constrained, and
1222 -- all the constraints are constants. In this case, we can do the
1223 -- check successfully at compile time.
1225 -- We skip this check for the case where the node is a rewritten`
1226 -- allocator, because it already carries the context subtype, and
1227 -- extracting the discriminants from the aggregate is messy.
1231 then
1232 declare
1239 begin
1240 -- S_Typ may not have discriminants in the case where it is a
1241 -- private type completed by a default discriminated type. In
1242 -- that case, we need to get the constraints from the
1243 -- underlying_type. If the underlying type is unconstrained (i.e.
1244 -- has no default discriminants) no check is needed.
1250 else
1252 DconS :=
1253 First_Elmt
1260 -- A further optimization: if T_Typ is derived from S_Typ
1261 -- without imposing a constraint, no check is needed.
1264 N_Full_Type_Declaration
1265 then
1266 declare
1268 Type_Definition
1270 begin
1274 then
1287 exit when
1289 or else
1295 else
1296 Apply_Compile_Time_Constraint_Error
1314 -- Here we need a discriminant check. First build the expression
1315 -- for the comparisons of the discriminants:
1317 -- (n.disc1 /= typ.disc1) or else
1318 -- (n.disc2 /= typ.disc2) or else
1319 -- ...
1320 -- (n.discn /= typ.discn)
1324 -- If Lhs is set and is a parameter, then the condition is
1325 -- guarded by: lhs'constrained and then (condition built above)
1328 Cond :=
1330 Left_Opnd =>
1347 ------------------------
1348 -- Apply_Divide_Check --
1349 ------------------------
1365 begin
1366 if Expander_Active
1367 and not Backend_Divide_Checks_On_Target
1368 then
1371 -- See if division by zero possible, and if so generate test. This
1372 -- part of the test is not controlled by the -gnato switch.
1378 Condition =>
1386 -- Test for extremely annoying case of xxx'First divided by -1
1392 then
1397 and then
1399 then
1402 Condition =>
1406 Left_Opnd =>
1411 Left_Opnd =>
1413 Right_Opnd =>
1422 ----------------------------------
1423 -- Apply_Float_Conversion_Check --
1424 ----------------------------------
1426 -- Let F and I be the source and target types of the conversion.
1427 -- The Ada standard specifies that a floating-point value X is rounded
1428 -- to the nearest integer, with halfway cases being rounded away from
1429 -- zero. The rounded value of X is checked against I'Range.
1431 -- The catch in the above paragraph is that there is no good way
1432 -- to know whether the round-to-integer operation resulted in
1433 -- overflow. A remedy is to perform a range check in the floating-point
1434 -- domain instead, however:
1435 -- (1) The bounds may not be known at compile time
1436 -- (2) The check must take into account possible rounding.
1437 -- (3) The range of type I may not be exactly representable in F.
1438 -- (4) The end-points I'First - 0.5 and I'Last + 0.5 may or may
1439 -- not be in range, depending on the sign of I'First and I'Last.
1440 -- (5) X may be a NaN, which will fail any comparison
1442 -- The following steps take care of these issues converting X:
1443 -- (1) If either I'First or I'Last is not known at compile time, use
1444 -- I'Base instead of I in the next three steps and perform a
1445 -- regular range check against I'Range after conversion.
1446 -- (2) If I'First - 0.5 is representable in F then let Lo be that
1447 -- value and define Lo_OK as (I'First > 0). Otherwise, let Lo be
1448 -- F'Machine (T) and let Lo_OK be (Lo >= I'First). In other words,
1449 -- take one of the closest floating-point numbers to T, and see if
1450 -- it is in range or not.
1451 -- (3) If I'Last + 0.5 is representable in F then let Hi be that value
1452 -- and define Hi_OK as (I'Last < 0). Otherwise, let Hi be
1453 -- F'Rounding (T) and let Hi_OK be (Hi <= I'Last).
1454 -- (4) Raise CE when (Lo_OK and X < Lo) or (not Lo_OK and X <= Lo)
1455 -- or (Hi_OK and X > Hi) or (not Hi_OK and X >= Hi)
1457 procedure Apply_Float_Conversion_Check
1460 is
1470 -- Largest bound, so bound plus or minus half is a machine number of F
1472 Ifirst,
1475 Lo_OK,
1478 Lo_Chk,
1483 begin
1486 then
1487 declare
1488 -- First check that the value falls in the range of the base
1489 -- type, to prevent overflow during conversion and then
1490 -- perform a regular range check against the (dynamic) bounds.
1501 begin
1514 Condition =>
1525 -- Get the bounds of the target type
1530 -- Check against lower bound
1535 else
1542 -- Lo_Chk := (X >= Lo)
1548 else
1549 -- Lo_Chk := (X > Lo)
1556 -- Check against higher bound
1561 else
1568 -- Hi_Chk := (X <= Hi)
1574 else
1575 -- Hi_Chk := (X < Hi)
1582 -- If the bounds of the target type are the same as those of the
1583 -- base type, the check is an overflow check as a range check is
1584 -- not performed in these cases.
1588 then
1590 else
1594 -- Raise CE if either conditions does not hold
1602 ------------------------
1603 -- Apply_Length_Check --
1604 ------------------------
1606 procedure Apply_Length_Check
1610 is
1611 begin
1612 Apply_Selected_Length_Checks
1616 -----------------------
1617 -- Apply_Range_Check --
1618 -----------------------
1620 procedure Apply_Range_Check
1624 is
1625 begin
1626 Apply_Selected_Range_Checks
1630 ------------------------------
1631 -- Apply_Scalar_Range_Check --
1632 ------------------------------
1634 -- Note that Apply_Scalar_Range_Check never turns the Do_Range_Check
1635 -- flag off if it is already set on.
1637 procedure Apply_Scalar_Range_Check
1642 is
1650 -- Set true if Expr is a subscript
1653 -- Set true if Expr is a subscript of an unconstrained array. In this
1654 -- case we do not attempt to do an analysis of the value against the
1655 -- range of the subscript, since we don't know the actual subtype.
1658 -- Set to True if Expr should be regarded as a real value
1659 -- even though the type of Expr might be discrete.
1662 -- Procedure called if value is determined to be out of range
1664 ---------------
1665 -- Bad_Value --
1666 ---------------
1669 begin
1670 Apply_Compile_Time_Constraint_Error
1676 -- Start of processing for Apply_Scalar_Range_Check
1678 begin
1682 -- Return if check obviously not needed. Note that we do not check
1683 -- for the expander being inactive, since this routine does not
1684 -- insert any code, but it does generate useful warnings sometimes,
1685 -- which we would like even if we are in semantics only mode.
1690 then
1694 -- Now, see if checks are suppressed
1696 Is_Subscr_Ref :=
1706 -- Subscript reference. Check for Index_Checks suppressed
1710 -- Check array type and its base type
1714 then
1717 -- Check array itself if it is an entity name
1721 then
1724 -- Check expression itself if it is an entity name
1728 then
1732 -- All other cases, check for Range_Checks suppressed
1734 else
1735 -- Check target type and its base type
1739 then
1742 -- Check expression itself if it is an entity name
1746 then
1749 -- If Expr is part of an assignment statement, then check
1750 -- left side of assignment if it is an entity name.
1755 then
1761 -- Do not set range checks if they are killed
1765 then
1769 -- Do not set range checks for any values from System.Scalar_Values
1770 -- since the whole idea of such values is to avoid checking them!
1774 then
1778 -- Now see if we need a check
1782 else
1790 Is_Unconstrained_Subscr_Ref :=
1793 -- Always do a range check if the source type includes infinities
1794 -- and the target type does not include infinities. We do not do
1795 -- this if range checks are killed.
1800 then
1804 -- Return if we know expression is definitely in the range of
1805 -- the target type as determined by Determine_Range. Right now
1806 -- we only do this for discrete types, and not fixed-point or
1807 -- floating-point types.
1809 -- The additional less-precise tests below catch these cases.
1811 -- Note: skip this if we are given a source_typ, since the point
1812 -- of supplying a Source_Typ is to stop us looking at the expression.
1813 -- could sharpen this test to be out parameters only ???
1817 and then not Is_Unconstrained_Subscr_Ref
1819 then
1820 declare
1826 begin
1829 then
1830 declare
1834 begin
1835 -- If range is null, we for sure have a constraint error
1836 -- (we don't even need to look at the value involved,
1837 -- since all possible values will raise CE).
1840 Bad_Value;
1844 -- Otherwise determine range of value
1850 -- If definitely in range, all OK
1855 -- If definitely not in range, warn
1858 Bad_Value;
1861 -- Otherwise we don't know
1863 else
1872 Int_Real :=
1876 -- Check if we can determine at compile time whether Expr is in the
1877 -- range of the target type. Note that if S_Typ is within the bounds
1878 -- of Target_Typ then this must be the case. This check is meaningful
1879 -- only if this is not a conversion between integer and real types.
1881 if not Is_Unconstrained_Subscr_Ref
1882 and then
1884 and then
1886 or else
1888 then
1892 Bad_Value;
1895 -- In the floating-point case, we only do range checks if the
1896 -- type is constrained. We definitely do NOT want range checks
1897 -- for unconstrained types, since we want to have infinities
1904 -- For all other cases we enable a range check unconditionally
1906 else
1912 ----------------------------------
1913 -- Apply_Selected_Length_Checks --
1914 ----------------------------------
1916 procedure Apply_Selected_Length_Checks
1921 is
1929 or else
1932 begin
1937 R_Result :=
1944 -- A length check may mention an Itype which is attached to a
1945 -- subsequent node. At the top level in a package this can cause
1946 -- an order-of-elaboration problem, so we make sure that the itype
1947 -- is referenced now.
1951 then
1962 -- If the item is a conditional raise of constraint error,
1963 -- then have a look at what check is being performed and
1964 -- ???
1968 then
1972 and then Checks_On
1973 then
1981 -- Output a warning if the condition is known to be True
1985 then
1986 Apply_Compile_Time_Constraint_Error
1988 CE_Length_Check_Failed,
1992 -- If we were only doing a static check, or if checks are not
1993 -- on, then we want to delete the check, since it is not needed.
1994 -- We do this by replacing the if statement by a null statement
2000 else
2008 ---------------------------------
2009 -- Apply_Selected_Range_Checks --
2010 ---------------------------------
2012 procedure Apply_Selected_Range_Checks
2017 is
2025 or else
2028 begin
2033 R_Result :=
2041 -- If the item is a conditional raise of constraint error,
2042 -- then have a look at what check is being performed and
2043 -- ???
2047 then
2058 -- Output a warning if the condition is known to be True
2062 then
2063 -- Since an N_Range is technically not an expression, we
2064 -- have to set one of the bounds to C_E and then just flag
2065 -- the N_Range. The warning message will point to the
2066 -- lower bound and complain about a range, which seems OK.
2069 Apply_Compile_Time_Constraint_Error
2071 CE_Range_Check_Failed,
2077 else
2078 Apply_Compile_Time_Constraint_Error
2080 CE_Range_Check_Failed,
2085 -- If we were only doing a static check, or if checks are not
2086 -- on, then we want to delete the check, since it is not needed.
2087 -- We do this by replacing the if statement by a null statement
2093 else
2099 -------------------------------
2100 -- Apply_Static_Length_Check --
2101 -------------------------------
2103 procedure Apply_Static_Length_Check
2107 is
2108 begin
2109 Apply_Selected_Length_Checks
2113 -------------------------------------
2114 -- Apply_Subscript_Validity_Checks --
2115 -------------------------------------
2120 begin
2123 -- Loop through subscripts
2128 -- Check one subscript. Note that we do not worry about
2129 -- enumeration type with holes, since we will convert the
2130 -- value to a Pos value for the subscript, and that convert
2131 -- will do the necessary validity check.
2135 -- Move to next subscript
2141 ----------------------------------
2142 -- Apply_Type_Conversion_Checks --
2143 ----------------------------------
2151 begin
2155 -- Skip these checks if serious errors detected, there are some nasty
2156 -- situations of incomplete trees that blow things up.
2161 -- Scalar type conversions of the form Target_Type (Expr) require
2162 -- a range check if we cannot be sure that Expr is in the base type
2163 -- of Target_Typ and also that Expr is in the range of Target_Typ.
2164 -- These are not quite the same condition from an implementation
2165 -- point of view, but clearly the second includes the first.
2168 declare
2170 -- If the Conversion_OK flag on the type conversion is set
2171 -- and no floating point type is involved in the type conversion
2172 -- then fixed point values must be read as integral values.
2178 begin
2181 and then not Float_To_Int
2182 then
2188 then
2191 else
2192 Apply_Scalar_Range_Check
2204 then
2205 -- An unconstrained derived type may have inherited discriminant
2206 -- Build an actual discriminant constraint list using the stored
2207 -- constraint, to verify that the expression of the parent type
2208 -- satisfies the constraints imposed by the (unconstrained!)
2209 -- derived type. This applies to value conversions, not to view
2210 -- conversions of tagged types.
2212 declare
2223 begin
2231 then
2236 then
2237 -- Parent is constrained by new discriminant. Obtain
2238 -- Value of original discriminant in expression. If
2239 -- the new discriminant has been used to constrain more
2240 -- than one of the stored discriminants, this will
2241 -- provide the required consistency check.
2243 Append_Elmt (
2245 Prefix =>
2246 Duplicate_Subexpr_No_Checks
2248 Selector_Name =>
2250 New_Constraints);
2252 else
2253 -- Discriminant of more remote ancestor ???
2258 -- Derived type definition has an explicit value for
2259 -- this stored discriminant.
2261 else
2262 Append_Elmt
2264 New_Constraints);
2270 -- Use the unconstrained expression type to retrieve the
2271 -- discriminants of the parent, and apply momentarily the
2272 -- discriminant constraint synthesized above.
2284 -- For arrays, conversions are applied during expansion, to take
2285 -- into accounts changes of representation. The checks become range
2286 -- checks on the base type or length checks on the subtype, depending
2287 -- on whether the target type is unconstrained or constrained.
2289 else
2294 ----------------------------------------------
2295 -- Apply_Universal_Integer_Attribute_Checks --
2296 ----------------------------------------------
2302 begin
2306 -- Nothing to do if checks are suppressed
2310 then
2313 -- Nothing to do if the attribute does not come from source. The
2314 -- internal attributes we generate of this type do not need checks,
2315 -- and furthermore the attempt to check them causes some circular
2316 -- elaboration orders when dealing with packed types.
2321 -- If the prefix is a selected component that depends on a discriminant
2322 -- the check may improperly expose a discriminant instead of using
2323 -- the bounds of the object itself. Set the type of the attribute to
2324 -- the base type of the context, so that a check will be imposed when
2325 -- needed (e.g. if the node appears as an index).
2330 then
2333 -- Otherwise, replace the attribute node with a type conversion
2334 -- node whose expression is the attribute, retyped to universal
2335 -- integer, and whose subtype mark is the target type. The call
2336 -- to analyze this conversion will set range and overflow checks
2337 -- as required for proper detection of an out of range value.
2339 else
2354 -------------------------------
2355 -- Build_Discriminant_Checks --
2356 -------------------------------
2358 function Build_Discriminant_Checks
2361 is
2369 begin
2373 -- For a fully private type, use the discriminants of the parent type
2377 then
2379 else
2388 then
2390 else
2394 -- If we have an Unchecked_Union node, we can infer the discriminants
2395 -- of the node.
2399 Get_Discriminant_Value (
2401 T_Typ,
2404 else
2405 Dref :=
2407 Prefix =>
2409 Selector_Name =>
2427 -----------------------------------
2428 -- Check_Valid_Lvalue_Subscripts --
2429 -----------------------------------
2432 begin
2433 -- Skip this if range checks are suppressed
2438 -- Only do this check for expressions that come from source. We
2439 -- assume that expander generated assignments explicitly include
2440 -- any necessary checks. Note that this is not just an optimization,
2441 -- it avoids infinite recursions!
2446 -- For a selected component, check the prefix
2452 -- Case of indexed component
2457 -- Prefix may itself be or contain an indexed component, and
2458 -- these subscripts need checking as well
2464 ----------------------------------
2465 -- Null_Exclusion_Static_Checks --
2466 ----------------------------------
2476 -- Used by local subprograms to generate precise error messages
2478 procedure Check_Must_Be_Access
2481 -- ??? local subprograms must have comment on spec
2483 procedure Check_Already_Null_Excluding_Type
2487 -- ??? local subprograms must have comment on spec
2489 procedure Check_Must_Be_Initialized
2492 -- ??? local subprograms must have comment on spec
2495 -- ??? local subprograms must have comment on spec
2497 -- ??? following bodies lack comments
2499 --------------------------
2500 -- Check_Must_Be_Access --
2501 --------------------------
2503 procedure Check_Must_Be_Access
2506 is
2507 begin
2508 if Has_Null_Exclusion
2510 then
2515 ---------------------------------------
2516 -- Check_Already_Null_Excluding_Type --
2517 ---------------------------------------
2519 procedure Check_Already_Null_Excluding_Type
2523 is
2524 begin
2525 if Has_Null_Exclusion
2527 then
2528 Error_Msg_N
2533 -------------------------------
2534 -- Check_Must_Be_Initialized --
2535 -------------------------------
2537 procedure Check_Must_Be_Initialized
2540 is
2543 begin
2550 Error_Msg_N
2555 Error_Msg_N
2557 Related_Nod);
2560 Error_Msg_N
2562 Related_Nod);
2567 ----------------------------
2568 -- Check_Null_Not_Allowed --
2569 ----------------------------
2574 begin
2577 then
2580 Error_Msg_N
2585 Error_Msg_N
2587 Expr);
2590 Error_Msg_N
2592 Expr);
2597 -- Start of processing for Null_Exclusion_Static_Checks
2599 begin
2611 Has_Null_Exclusion := Null_Exclusion_Present
2616 Check_Already_Null_Excluding_Type
2629 Check_Already_Null_Excluding_Type
2639 Check_Already_Null_Excluding_Type
2652 Check_Already_Null_Excluding_Type
2665 else
2670 Check_Already_Null_Excluding_Type
2679 ----------------------------------
2680 -- Conditional_Statements_Begin --
2681 ----------------------------------
2684 begin
2687 -- If stack overflows, kill all checks, that way we know to
2688 -- simply reset the number of saved checks to zero on return.
2689 -- This should never occur in practice.
2692 Kill_All_Checks;
2694 -- In the normal case, we just make a new stack entry saving
2695 -- the current number of saved checks for a later restore.
2697 else
2702 Num_Saved_Checks);
2707 --------------------------------
2708 -- Conditional_Statements_End --
2709 --------------------------------
2712 begin
2715 -- If the saved checks stack overflowed, then we killed all
2716 -- checks, so setting the number of saved checks back to
2717 -- zero is correct. This should never occur in practice.
2722 -- In the normal case, restore the number of saved checks
2723 -- from the top stack entry.
2725 else
2729 Num_Saved_Checks);
2736 ---------------------
2737 -- Determine_Range --
2738 ---------------------
2742 -- Determine size of below cache (power of 2 is more efficient!)
2747 -- The above arrays are used to implement a small direct cache
2748 -- for Determine_Range calls. Because of the way Determine_Range
2749 -- recursively traces subexpressions, and because overflow checking
2750 -- calls the routine on the way up the tree, a quadratic behavior
2751 -- can otherwise be encountered in large expressions. The cache
2752 -- entry for node N is stored in the (N mod Cache_Size) entry, and
2753 -- can be validated by checking the actual node value stored there.
2755 procedure Determine_Range
2760 is
2765 -- Lo and Hi bounds of left operand
2769 -- Lo and Hi bounds of right (or only) operand
2772 -- Temp variable used to hold a bound node
2775 -- High bound of base type of expression
2779 -- Refined values for low and high bounds, after tightening
2782 -- Used in lower level calls to indicate if call succeeded
2785 -- Used to search cache
2788 -- Used for binary operators. Determines the ranges of the left and
2789 -- right operands, and if they are both OK, returns True, and puts
2790 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left
2792 -----------------
2793 -- OK_Operands --
2794 -----------------
2797 begin
2808 -- Start of processing for Determine_Range
2810 begin
2811 -- Prevent junk warnings by initializing range variables
2818 -- If the type is not discrete, or is undefined, then we can't
2819 -- do anything about determining the range.
2823 then
2828 -- For all other cases, we can determine the range
2832 -- If value is compile time known, then the possible range is the
2833 -- one value that we know this expression definitely has!
2841 -- Return if already in the cache
2851 -- Otherwise, start by finding the bounds of the type of the
2852 -- expression, the value cannot be outside this range (if it
2853 -- is, then we have an overflow situation, which is a separate
2854 -- check, we are talking here only about the expression value).
2856 -- We use the actual bound unless it is dynamic, in which case
2857 -- use the corresponding base type bound if possible. If we can't
2858 -- get a bound then we figure we can't determine the range (a
2859 -- peculiar case, that perhaps cannot happen, but there is no
2860 -- point in bombing in this optimization circuit.
2862 -- First the low bound
2872 else
2877 -- Now the high bound
2881 -- We need the high bound of the base type later on, and this should
2882 -- always be compile time known. Again, it is not clear that this
2883 -- can ever be false, but no point in bombing.
2889 else
2894 -- If we have a static subtype, then that may have a tighter bound
2895 -- so use the upper bound of the subtype instead in this case.
2901 -- We may be able to refine this value in certain situations. If
2902 -- refinement is possible, then Lor and Hir are set to possibly
2903 -- tighter bounds, and OK1 is set to True.
2907 -- For unary plus, result is limited by range of operand
2912 -- For unary minus, determine range of operand, and negate it
2922 -- For binary addition, get range of each operand and do the
2923 -- addition to get the result range.
2931 -- Division is tricky. The only case we consider is where the
2932 -- right operand is a positive constant, and in this case we
2933 -- simply divide the bounds of the left operand
2939 then
2943 else
2948 -- For binary subtraction, get range of each operand and do
2949 -- the worst case subtraction to get the result range.
2957 -- For MOD, if right operand is a positive constant, then
2958 -- result must be in the allowable range of mod results.
2964 then
2974 else
2979 -- For REM, if right operand is a positive constant, then
2980 -- result must be in the allowable range of mod results.
2986 then
2987 declare
2990 begin
2991 -- The sign of the result depends on the sign of the
2992 -- dividend (but not on the sign of the divisor, hence
2993 -- the abs operation above).
2997 else
3003 else
3008 else
3013 -- Attribute reference cases
3018 -- For Pos/Val attributes, we can refine the range using the
3019 -- possible range of values of the attribute expression
3024 -- For Length attribute, use the bounds of the corresponding
3025 -- index type to refine the range.
3028 declare
3036 begin
3041 -- For string literal, we know exact value
3050 -- Otherwise check for expression given
3054 else
3055 Inum :=
3064 Determine_Range
3068 Determine_Range
3073 -- The maximum value for Length is the biggest
3074 -- possible gap between the values of the bounds.
3075 -- But of course, this value cannot be negative.
3079 -- For constrained arrays, the minimum value for
3080 -- Length is taken from the actual value of the
3081 -- bounds, since the index will be exactly of
3082 -- this subtype.
3087 -- For an unconstrained array, the minimum value
3088 -- for length is always zero.
3090 else
3097 -- No special handling for other attributes
3098 -- Probably more opportunities exist here ???
3105 -- For type conversion from one discrete type to another, we
3106 -- can refine the range using the converted value.
3111 -- Nothing special to do for all other expression kinds
3119 -- At this stage, if OK1 is true, then we know that the actual
3120 -- result of the computed expression is in the range Lor .. Hir.
3121 -- We can use this to restrict the possible range of results.
3125 -- If the refined value of the low bound is greater than the
3126 -- type high bound, then reset it to the more restrictive
3127 -- value. However, we do NOT do this for the case of a modular
3128 -- type where the possible upper bound on the value is above the
3129 -- base type high bound, because that means the result could wrap.
3134 then
3138 -- Similarly, if the refined value of the high bound is less
3139 -- than the value so far, then reset it to the more restrictive
3140 -- value. Again, we do not do this if the refined low bound is
3141 -- negative for a modular type, since this would wrap.
3146 then
3151 -- Set cache entry for future call and we are all done
3158 -- If any exception occurs, it means that we have some bug in the compiler
3159 -- possibly triggered by a previous error, or by some unforseen peculiar
3160 -- occurrence. However, this is only an optimization attempt, so there is
3161 -- really no point in crashing the compiler. Instead we just decide, too
3162 -- bad, we can't figure out a range in this case after all.
3164 exception
3167 -- Debug flag K disables this behavior (useful for debugging)
3171 else
3179 ------------------------------------
3180 -- Discriminant_Checks_Suppressed --
3181 ------------------------------------
3184 begin
3196 --------------------------------
3197 -- Division_Checks_Suppressed --
3198 --------------------------------
3201 begin
3204 else
3209 -----------------------------------
3210 -- Elaboration_Checks_Suppressed --
3211 -----------------------------------
3214 begin
3226 ---------------------------
3227 -- Enable_Overflow_Check --
3228 ---------------------------
3239 begin
3247 -- Nothing to do if the range of the result is known OK. We skip
3248 -- this for conversions, since the caller already did the check,
3249 -- and in any case the condition for deleting the check for a
3250 -- type conversion is different in any case.
3255 -- Note in the test below that we assume that if a bound of the
3256 -- range is equal to that of the type. That's not quite accurate
3257 -- but we do this for the following reasons:
3259 -- a) The way that Determine_Range works, it will typically report
3260 -- the bounds of the value as being equal to the bounds of the
3261 -- type, because it either can't tell anything more precise, or
3262 -- does not think it is worth the effort to be more precise.
3264 -- b) It is very unusual to have a situation in which this would
3265 -- generate an unnecessary overflow check (an example would be
3266 -- a subtype with a range 0 .. Integer'Last - 1 to which the
3267 -- literal value one is added.
3269 -- c) The alternative is a lot of special casing in this routine
3270 -- which would partially duplicate Determine_Range processing.
3272 if OK
3275 then
3284 -- If not in optimizing mode, set flag and we are done. We are also
3285 -- done (and just set the flag) if the type is not a discrete type,
3286 -- since it is not worth the effort to eliminate checks for other
3287 -- than discrete types. In addition, we take this same path if we
3288 -- have stored the maximum number of checks possible already (a
3289 -- very unlikely situation, but we do not want to blow up!)
3294 then
3304 -- Otherwise evaluate and check the expression
3306 Find_Check
3327 -- If check is not of form to optimize, then set flag and we are done
3334 -- If check is already performed, then return without setting flag
3344 -- Here we will make a new entry for the new check
3364 -- If we get an exception, then something went wrong, probably because
3365 -- of an error in the structure of the tree due to an incorrect program.
3366 -- Or it may be a bug in the optimization circuit. In either case the
3367 -- safest thing is simply to set the check flag unconditionally.
3369 exception
3380 ------------------------
3381 -- Enable_Range_Check --
3382 ------------------------
3392 begin
3393 -- Return if unchecked type conversion with range check killed.
3394 -- In this case we never set the flag (that's what Kill_Range_Check
3395 -- is all about!)
3399 then
3403 -- Debug trace output
3412 -- If not in optimizing mode, set flag and we are done. We are also
3413 -- done (and just set the flag) if the type is not a discrete type,
3414 -- since it is not worth the effort to eliminate checks for other
3415 -- than discrete types. In addition, we take this same path if we
3416 -- have stored the maximum number of checks possible already (a
3417 -- very unlikely situation, but we do not want to blow up!)
3423 then
3433 -- Otherwise find out the target type
3437 -- For assignment, use left side subtype
3441 then
3444 -- For indexed component, use subscript subtype
3447 declare
3452 begin
3458 -- If the prefix is an access to an unconstrained array,
3459 -- perform check unconditionally: it depends on the bounds
3460 -- of an object and we cannot currently recognize whether
3461 -- the test may be redundant.
3471 loop
3482 -- For now, ignore all other cases, they are not so interesting
3484 else
3493 -- Evaluate and check the expression
3495 Find_Check
3517 -- If check is not of form to optimize, then set flag and we are done
3528 -- If check is already performed, then return without setting flag
3538 -- Here we will make a new entry for the new check
3559 -- If we get an exception, then something went wrong, probably because
3560 -- of an error in the structure of the tree due to an incorrect program.
3561 -- Or it may be a bug in the optimization circuit. In either case the
3562 -- safest thing is simply to set the check flag unconditionally.
3564 exception
3575 ------------------
3576 -- Ensure_Valid --
3577 ------------------
3582 begin
3583 -- Ignore call if we are not doing any validity checking
3588 -- Ignore call if range checks suppressed on entity in question
3592 then
3595 -- No check required if expression is from the expander, we assume
3596 -- the expander will generate whatever checks are needed. Note that
3597 -- this is not just an optimization, it avoids infinite recursions!
3599 -- Unchecked conversions must be checked, unless they are initialized
3600 -- scalar values, as in a component assignment in an init proc.
3602 -- In addition, we force a check if Force_Validity_Checks is set
3605 and then not Force_Validity_Checks
3608 then
3611 -- No check required if expression is known to have valid value
3616 -- No check required if checks off
3621 -- Ignore case of enumeration with holes where the flag is set not
3622 -- to worry about holes, since no special validity check is needed
3626 and then Holes_OK
3627 then
3630 -- No check required on the left-hand side of an assignment.
3634 then
3637 -- An annoying special case. If this is an out parameter of a scalar
3638 -- type, then the value is not going to be accessed, therefore it is
3639 -- inappropriate to do any validity check at the call site.
3641 else
3642 -- Only need to worry about scalar types
3645 declare
3653 begin
3654 -- Find actual argument (which may be a parameter association)
3655 -- and the parent of the actual argument (the call statement)
3665 -- Only need to worry if we are argument of a procedure
3666 -- call since functions don't have out parameters. If this
3667 -- is an indirect or dispatching call, get signature from
3668 -- the subprogram type.
3675 else
3680 -- Only need to worry if there are indeed actuals, and
3681 -- if this could be a procedure call, otherwise we cannot
3682 -- get a match (either we are not an argument, or the
3683 -- mode of the formal is not OUT). This test also filters
3684 -- out the generic case.
3688 then
3689 -- This is the loop through parameters, looking to
3690 -- see if there is an OUT parameter for which we are
3691 -- the argument.
3710 -- If we fall through, a validity check is required. Note that it would
3711 -- not be good to set Do_Range_Check, even in contexts where this is
3712 -- permissible, since this flag causes checking against the target type,
3713 -- not the source type in contexts such as assignments
3718 ----------------------
3719 -- Expr_Known_Valid --
3720 ----------------------
3725 begin
3726 -- Non-scalar types are always consdered valid, since they never
3727 -- give rise to the issues of erroneous or bounded error behavior
3728 -- that are the concern. In formal reference manual terms the
3729 -- notion of validity only applies to scalar types.
3734 -- If no validity checking, then everything is considered valid
3739 -- Floating-point types are considered valid unless floating-point
3740 -- validity checks have been specifically turned on.
3743 and then not Validity_Check_Floating_Point
3744 then
3747 -- If the expression is the value of an object that is known to
3748 -- be valid, then clearly the expression value itself is valid.
3752 then
3755 -- If the type is one for which all values are known valid, then
3756 -- we are sure that the value is valid except in the slightly odd
3757 -- case where the expression is a reference to a variable whose size
3758 -- has been explicitly set to a value greater than the object size.
3764 then
3766 else
3770 -- Integer and character literals always have valid values, where
3771 -- appropriate these will be range checked in any case.
3774 or else
3776 then
3779 -- If we have a type conversion or a qualification of a known valid
3780 -- value, then the result will always be valid.
3783 or else
3785 then
3788 -- The result of any function call or operator is always considered
3789 -- valid, since we assume the necessary checks are done by the call.
3792 or else
3794 or else
3796 then
3799 -- For all other cases, we do not know the expression is valid
3801 else
3806 ----------------
3807 -- Find_Check --
3808 ----------------
3810 procedure Find_Check
3818 is
3819 function Within_Range_Of
3822 -- Given a requirement for checking a range against Target_Type, and
3823 -- and a range Check_Type against which a check has already been made,
3824 -- determines if the check against check type is sufficient to ensure
3825 -- that no check against Target_Type is required.
3827 ---------------------
3828 -- Within_Range_Of --
3829 ---------------------
3831 function Within_Range_Of
3834 is
3835 begin
3839 else
3840 declare
3846 begin
3849 and then
3851 and then
3853 and then
3856 and then
3858 and then
3860 then
3862 else
3869 -- Start of processing for Find_Check
3871 begin
3872 -- Establish default, to avoid warnings from GCC.
3876 -- Case of expression is simple entity reference
3882 -- Case of expression is entity + known constant
3887 then
3891 -- Case of expression is entity - known constant
3896 then
3900 -- Any other expression is not of the right form
3902 else
3909 -- Come here with expression of appropriate form, check if
3910 -- entity is an appropriate one for our purposes.
3913 or else
3915 or else
3917 or else
3920 then
3922 else
3927 -- See if there is matching check already
3930 declare
3933 begin
3939 then
3946 -- If we fall through entry was not found
3952 ---------------------------------
3953 -- Generate_Discriminant_Check --
3954 ---------------------------------
3956 -- Note: the code for this procedure is derived from the
3957 -- emit_discriminant_check routine a-trans.c v1.659.
3966 -- The original component to be checked
3970 -- The discriminant checking function
3973 -- One discriminant to be checked in the type
3976 -- Actual discriminant in the call
3979 -- Type of relevant prefix (ignoring private/access stuff)
3982 -- List of arguments for function call
3985 -- Keep track of the formal corresponding to the actual we build
3986 -- for each discriminant, in order to be able to perform the
3987 -- necessary type conversions.
3990 -- Selected component reference for checking function argument
3992 begin
3995 -- Force evaluation of the prefix, so that it does not get evaluated
3996 -- twice (once for the check, once for the actual reference). Such a
3997 -- double evaluation is always a potential source of inefficiency,
3998 -- and is functionally incorrect in the volatile case, or when the
3999 -- prefix may have side-effects. An entity or a component of an
4000 -- entity requires no evaluation.
4012 then
4015 else
4019 -- For a tagged type, use the scope of the original component to
4020 -- obtain the type, because ???
4025 -- For an untagged derived type, use the discriminants of the
4026 -- parent which have been renamed in the derivation, possibly
4027 -- by a one-to-many discriminant constraint.
4028 -- For non-tagged type, initially get the Etype of the prefix
4030 else
4034 then
4039 -- We definitely should have a checking function, This routine should
4040 -- not be called if no discriminant checking function is present.
4044 -- Create the list of the actual parameters for the call. This list
4045 -- is the list of the discriminant fields of the record expression to
4046 -- be discriminant checked.
4053 -- If we have a corresponding discriminant field, and a parent
4054 -- subtype is present, then we want to use the corresponding
4055 -- discriminant since this is the one with the useful value.
4060 then
4062 else
4066 -- Construct the reference to the discriminant
4068 Scomp :=
4070 Prefix =>
4075 -- Manually analyze and resolve this selected component. We really
4076 -- want it just as it appears above, and do not want the expander
4077 -- playing discriminal games etc with this reference. Then we
4078 -- append the argument to the list we are gathering.
4088 -- Now build and insert the call
4092 Condition =>
4099 ---------------------------
4100 -- Generate_Index_Checks --
4101 ---------------------------
4110 begin
4117 -- Force evaluation except for the case of a simple name of
4118 -- a non-volatile entity.
4122 then
4126 -- Generate a raise of constraint error with the appropriate
4127 -- reason and a condition of the form:
4129 -- Base_Type(Sub) not in array'range (subscript)
4131 -- Note that the reason we generate the conversion to the
4132 -- base type here is that we definitely want the range check
4133 -- to take place, even if it looks like the subtype is OK.
4134 -- Optimization considerations that allow us to omit the
4135 -- check have already been taken into account in the setting
4136 -- of the Do_Range_Check flag earlier on.
4140 else
4146 Condition =>
4148 Left_Opnd =>
4151 Right_Opnd =>
4164 --------------------------
4165 -- Generate_Range_Check --
4166 --------------------------
4168 procedure Generate_Range_Check
4172 is
4178 begin
4179 -- First special case, if the source type is already within the
4180 -- range of the target type, then no check is needed (probably we
4181 -- should have stopped Do_Range_Check from being set in the first
4182 -- place, but better late than later in preventing junk code!
4184 -- We do NOT apply this if the source node is a literal, since in
4185 -- this case the literal has already been labeled as having the
4186 -- subtype of the target.
4189 and then not
4191 or else
4193 or else
4195 or else
4198 then
4202 -- We need a check, so force evaluation of the node, so that it does
4203 -- not get evaluated twice (once for the check, once for the actual
4204 -- reference). Such a double evaluation is always a potential source
4205 -- of inefficiency, and is functionally incorrect in the volatile case.
4209 then
4213 -- The easiest case is when Source_Base_Type and Target_Base_Type
4214 -- are the same since in this case we can simply do a direct
4215 -- check of the value of N against the bounds of Target_Type.
4217 -- [constraint_error when N not in Target_Type]
4219 -- Note: this is by far the most common case, for example all cases of
4220 -- checks on the RHS of assignments are in this category, but not all
4221 -- cases are like this. Notably conversions can involve two types.
4226 Condition =>
4232 -- Next test for the case where the target type is within the bounds
4233 -- of the base type of the source type, since in this case we can
4234 -- simply convert these bounds to the base type of T to do the test.
4236 -- [constraint_error when N not in
4237 -- Source_Base_Type (Target_Type'First)
4238 -- ..
4239 -- Source_Base_Type(Target_Type'Last))]
4241 -- The conversions will always work and need no check.
4246 Condition =>
4250 Right_Opnd =>
4252 Low_Bound =>
4255 Prefix =>
4259 High_Bound =>
4262 Prefix =>
4267 -- Note that at this stage we now that the Target_Base_Type is
4268 -- not in the range of the Source_Base_Type (since even the
4269 -- Target_Type itself is not in this range). It could still be
4270 -- the case that the Source_Type is in range of the target base
4271 -- type, since we have not checked that case.
4273 -- If that is the case, we can freely convert the source to the
4274 -- target, and then test the target result against the bounds.
4278 -- We make a temporary to hold the value of the converted
4279 -- value (converted to the base type), and then we will
4280 -- do the test against this temporary.
4282 -- Tnn : constant Target_Base_Type := Target_Base_Type (N);
4283 -- [constraint_error when Tnn not in Target_Type]
4285 -- Then the conversion itself is replaced by an occurrence of Tnn
4287 declare
4292 begin
4296 Object_Definition =>
4299 Expression =>
4305 Condition =>
4315 -- At this stage, we know that we have two scalar types, which are
4316 -- directly convertible, and where neither scalar type has a base
4317 -- range that is in the range of the other scalar type.
4319 -- The only way this can happen is with a signed and unsigned type.
4320 -- So test for these two cases:
4322 else
4323 -- Case of the source is unsigned and the target is signed
4327 then
4328 -- If the source is unsigned and the target is signed, then we
4329 -- know that the source is not shorter than the target (otherwise
4330 -- the source base type would be in the target base type range).
4332 -- In other words, the unsigned type is either the same size
4333 -- as the target, or it is larger. It cannot be smaller.
4335 pragma Assert
4338 -- We only need to check the low bound if the low bound of the
4339 -- target type is non-negative. If the low bound of the target
4340 -- type is negative, then we know that we will fit fine.
4342 -- If the high bound of the target type is negative, then we
4343 -- know we have a constraint error, since we can't possibly
4344 -- have a negative source.
4346 -- With these two checks out of the way, we can do the check
4347 -- using the source type safely
4349 -- This is definitely the most annoying case!
4351 -- [constraint_error
4352 -- when (Target_Type'First >= 0
4353 -- and then
4354 -- N < Source_Base_Type (Target_Type'First))
4355 -- or else Target_Type'Last < 0
4356 -- or else N > Source_Base_Type (Target_Type'Last)];
4358 -- We turn off all checks since we know that the conversions
4359 -- will work fine, given the guards for negative values.
4363 Condition =>
4366 Left_Opnd =>
4369 Left_Opnd =>
4371 Prefix =>
4376 Right_Opnd =>
4379 Right_Opnd =>
4382 Prefix =>
4386 Right_Opnd =>
4388 Left_Opnd =>
4394 Right_Opnd =>
4397 Right_Opnd =>
4406 -- Only remaining possibility is that the source is signed and
4407 -- the target is unsigned
4409 else
4413 -- If the source is signed and the target is unsigned, then
4414 -- we know that the target is not shorter than the source
4415 -- (otherwise the target base type would be in the source
4416 -- base type range).
4418 -- In other words, the unsigned type is either the same size
4419 -- as the target, or it is larger. It cannot be smaller.
4421 -- Clearly we have an error if the source value is negative
4422 -- since no unsigned type can have negative values. If the
4423 -- source type is non-negative, then the check can be done
4424 -- using the target type.
4426 -- Tnn : constant Target_Base_Type (N) := Target_Type;
4428 -- [constraint_error
4429 -- when N < 0 or else Tnn not in Target_Type];
4431 -- We turn off all checks for the conversion of N to the
4432 -- target base type, since we generate the explicit check
4433 -- to ensure that the value is non-negative
4435 declare
4440 begin
4444 Object_Definition =>
4447 Expression =>
4449 Subtype_Mark =>
4454 Condition =>
4456 Left_Opnd =>
4461 Right_Opnd =>
4464 Right_Opnd =>
4470 -- Set the Etype explicitly, because Insert_Actions may
4471 -- have placed the declaration in the freeze list for an
4472 -- enclosing construct, and thus it is not analyzed yet.
4481 ---------------------
4482 -- Get_Discriminal --
4483 ---------------------
4490 begin
4491 -- The entity E is the type of a private component of the protected
4492 -- type, or the type of a renaming of that component within a protected
4493 -- operation of that type.
4509 loop
4516 ------------------
4517 -- Guard_Access --
4518 ------------------
4520 function Guard_Access
4524 is
4525 begin
4532 else
4533 return
4535 Left_Opnd =>
4543 -----------------------------
4544 -- Index_Checks_Suppressed --
4545 -----------------------------
4548 begin
4551 else
4556 ----------------
4557 -- Initialize --
4558 ----------------
4561 begin
4567 -------------------------
4568 -- Insert_Range_Checks --
4569 -------------------------
4571 procedure Insert_Range_Checks
4578 is
4585 or else
4588 begin
4589 -- For now we just return if Checks_On is false, however this should
4590 -- be enhanced to check for an always True value in the condition
4591 -- and to generate a compilation warning???
4610 then
4617 else
4624 else
4625 Check_Node :=
4632 else
4639 ------------------------
4640 -- Insert_Valid_Check --
4641 ------------------------
4647 begin
4648 -- Do not insert if checks off, or if not checking validity
4652 then
4656 -- If we have a checked conversion, then validity check applies to
4657 -- the expression inside the conversion, not the result, since if
4658 -- the expression inside is valid, then so is the conversion result.
4665 -- Insert the validity check. Note that we do this with validity
4666 -- checks turned off, to avoid recursion, we do not want validity
4667 -- checks on the validity checking code itself!
4670 Insert_Action
4673 Condition =>
4675 Right_Opnd =>
4677 Prefix =>
4685 ----------------------------------
4686 -- Install_Null_Excluding_Check --
4687 ----------------------------------
4693 begin
4696 -- Don't need access check if: 1) we are analyzing a generic, 2) it is
4697 -- known to be non-null, or 3) the check was suppressed on the type
4699 if Inside_A_Generic
4701 then
4704 -- Otherwise install access check
4706 else
4709 Condition =>
4717 --------------------------
4718 -- Install_Static_Check --
4719 --------------------------
4725 begin
4735 ---------------------
4736 -- Kill_All_Checks --
4737 ---------------------
4740 begin
4745 -- We reset the number of saved checks to zero, and also modify
4746 -- all stack entries for statement ranges to indicate that the
4747 -- number of checks at each level is now zero.
4756 -----------------
4757 -- Kill_Checks --
4758 -----------------
4761 begin
4777 ------------------------------
4778 -- Length_Checks_Suppressed --
4779 ------------------------------
4782 begin
4785 else
4790 --------------------------------
4791 -- Overflow_Checks_Suppressed --
4792 --------------------------------
4795 begin
4798 else
4803 -----------------
4804 -- Range_Check --
4805 -----------------
4807 function Range_Check
4812 is
4813 begin
4814 return Selected_Range_Checks
4818 -----------------------------
4819 -- Range_Checks_Suppressed --
4820 -----------------------------
4823 begin
4826 -- Note: for now we always suppress range checks on Vax float types,
4827 -- since Gigi does not know how to generate these checks.
4841 -------------------
4842 -- Remove_Checks --
4843 -------------------
4850 -- Process a single node during the traversal
4853 -- The traversal function itself
4855 -------------
4856 -- Process --
4857 -------------
4860 begin
4923 -- Start of processing for Remove_Checks
4925 begin
4929 ----------------------------
4930 -- Selected_Length_Checks --
4931 ----------------------------
4933 function Selected_Length_Checks
4938 is
4951 -- Adds the action given to Ret_Result if N is non-Empty
4955 -- Comments required ???
4958 -- True for equal literals and for nodes that denote the same constant
4959 -- entity, even if its value is not a static constant. This includes the
4960 -- case of a discriminal reference within an init proc. Removes some
4961 -- obviously superfluous checks.
4963 function Length_E_Cond
4967 -- Returns expression to compute:
4968 -- Typ'Length /= Exptyp'Length
4970 function Length_N_Cond
4974 -- Returns expression to compute:
4975 -- Typ'Length /= Expr'Length
4977 ---------------
4978 -- Add_Check --
4979 ---------------
4982 begin
4985 -- For now, ignore attempt to place more than 2 checks ???
4997 ------------------
4998 -- Get_E_Length --
4999 ------------------
5006 begin
5009 then
5019 return
5026 and then not Inside_Init_Proc
5027 then
5029 -- If the type whose length is needed is a private component
5030 -- constrained by a discriminant, we must expand the 'Length
5031 -- attribute into an explicit computation, using the discriminal
5032 -- of the current protected operation. This is because the actual
5033 -- type of the prival is constructed after the protected opera-
5034 -- tion has been fully expanded.
5036 declare
5042 begin
5053 then
5060 then
5074 N :=
5076 Left_Opnd =>
5084 else
5085 N :=
5088 Prefix =>
5100 else
5101 N :=
5104 Prefix =>
5117 ------------------
5118 -- Get_N_Length --
5119 ------------------
5122 begin
5123 return
5126 Prefix =>
5133 -------------------
5134 -- Length_E_Cond --
5135 -------------------
5137 function Length_E_Cond
5141 is
5142 begin
5143 return
5150 -------------------
5151 -- Length_N_Cond --
5152 -------------------
5154 function Length_N_Cond
5158 is
5159 begin
5160 return
5168 begin
5169 return
5174 or else
5179 or else
5184 or else
5191 or else
5199 -- Start of processing for Selected_Length_Checks
5201 begin
5209 then
5221 else
5234 -- A simple optimization
5244 -- The checking code to be generated will freeze the
5245 -- corresponding array type. However, we must freeze the
5246 -- type now, so that the freeze node does not appear within
5247 -- the generated condional expression, but ahead of it.
5258 -- String_Literal case. This needs to be handled specially be-
5259 -- cause no index types are available for string literals. The
5260 -- condition is simply:
5262 -- T_Typ'Length = string-literal-length
5266 then
5267 Cond :=
5270 Right_Opnd =>
5272 Intval =>
5275 -- General array case. Here we have a usable actual subtype for
5276 -- the expression, and the condition is built from the two types
5277 -- (Do_Length):
5279 -- T_Typ'Length /= Exptyp'Length or else
5280 -- T_Typ'Length (2) /= Exptyp'Length (2) or else
5281 -- T_Typ'Length (3) /= Exptyp'Length (3) or else
5282 -- ...
5285 declare
5298 begin
5300 -- At the library level, we need to ensure that the
5301 -- type of the object is elaborated before the check
5302 -- itself is emitted. This is only done if the object
5303 -- is in the current compilation unit, otherwise the
5304 -- type is frozen and elaborated in its unit.
5307 and then
5309 and then
5312 then
5323 or else
5325 then
5329 -- Deal with compile time length check. Note that we
5330 -- skip this in the access case, because the access
5331 -- value may be null, so we cannot know statically.
5333 if not Do_Access
5338 then
5342 else
5349 else
5354 Add_Check
5355 (Compile_Time_Constraint_Error
5359 Add_Check
5360 (Compile_Time_Constraint_Error
5364 -- The comparison for an individual index subtype
5365 -- is omitted if the corresponding index subtypes
5366 -- statically match, since the result is known to
5367 -- be true. Note that this test is worth while even
5368 -- though we do static evaluation, because non-static
5369 -- subtypes can statically match.
5371 elsif not
5372 Subtypes_Statically_Match
5375 and then not
5378 then
5379 Evolve_Or_Else
5389 -- Handle cases where we do not get a usable actual subtype that
5390 -- is constrained. This happens for example in the function call
5391 -- and explicit dereference cases. In these cases, we have to get
5392 -- the length or range from the expression itself, making sure we
5393 -- do not evaluate it more than once.
5395 -- Here Ck_Node is the original expression, or more properly the
5396 -- result of applying Duplicate_Expr to the original tree,
5397 -- forcing the result to be a name.
5399 else
5400 declare
5403 begin
5404 -- Build the condition for the explicit dereference case
5407 Evolve_Or_Else
5415 -- Construct the test and insert into the tree
5422 Add_Check
5431 ---------------------------
5432 -- Selected_Range_Checks --
5433 ---------------------------
5435 function Selected_Range_Checks
5440 is
5453 -- Adds the action given to Ret_Result if N is non-Empty
5455 function Discrete_Range_Cond
5458 -- Returns expression to compute:
5459 -- Low_Bound (Expr) < Typ'First
5460 -- or else
5461 -- High_Bound (Expr) > Typ'Last
5463 function Discrete_Expr_Cond
5466 -- Returns expression to compute:
5467 -- Expr < Typ'First
5468 -- or else
5469 -- Expr > Typ'Last
5471 function Get_E_First_Or_Last
5475 -- Returns expression to compute:
5476 -- E'First or E'Last
5480 -- Returns expression to compute:
5481 -- N'First or N'Last using Duplicate_Subexpr_No_Checks
5483 function Range_E_Cond
5488 -- Returns expression to compute:
5489 -- Exptyp'First < Typ'First or else Exptyp'Last > Typ'Last
5491 function Range_Equal_E_Cond
5495 -- Returns expression to compute:
5496 -- Exptyp'First /= Typ'First or else Exptyp'Last /= Typ'Last
5498 function Range_N_Cond
5502 -- Return expression to compute:
5503 -- Expr'First < Typ'First or else Expr'Last > Typ'Last
5505 ---------------
5506 -- Add_Check --
5507 ---------------
5510 begin
5513 -- For now, ignore attempt to place more than 2 checks ???
5525 -------------------------
5526 -- Discrete_Expr_Cond --
5527 -------------------------
5529 function Discrete_Expr_Cond
5532 is
5533 begin
5534 return
5536 Left_Opnd =>
5538 Left_Opnd =>
5541 Right_Opnd =>
5545 Right_Opnd =>
5547 Left_Opnd =>
5550 Right_Opnd =>
5551 Convert_To
5556 -------------------------
5557 -- Discrete_Range_Cond --
5558 -------------------------
5560 function Discrete_Range_Cond
5563 is
5570 begin
5581 Left_Opnd :=
5583 Left_Opnd =>
5584 Convert_To
5587 Right_Opnd =>
5588 Convert_To
5595 and then
5598 then
5602 then
5606 else
5609 then
5615 Right_Opnd :=
5617 Left_Opnd =>
5618 Convert_To
5621 Right_Opnd =>
5622 Convert_To
5629 -------------------------
5630 -- Get_E_First_Or_Last --
5631 -------------------------
5633 function Get_E_First_Or_Last
5637 is
5643 begin
5651 else
5663 else
5670 else
5676 then
5677 -- If this is a task discriminant, and we are the body, we must
5678 -- retrieve the corresponding body discriminal. This is another
5679 -- consequence of the early creation of discriminals, and the
5680 -- need to generate constraint checks before their declarations
5681 -- are made visible.
5684 declare
5686 Corresponding_Concurrent_Type
5690 begin
5693 then
5694 -- Find discriminant of original task, and use its
5695 -- current discriminal, which is the renaming within
5696 -- the task body.
5708 -- That loop should always succeed in finding a matching
5709 -- entry and returning. Fatal error if not.
5713 else
5714 return
5718 else
5724 and then not Inside_Init_Proc
5725 then
5731 else
5736 -----------------
5737 -- Get_N_First --
5738 -----------------
5741 begin
5742 return
5745 Prefix =>
5751 ----------------
5752 -- Get_N_Last --
5753 ----------------
5756 begin
5757 return
5760 Prefix =>
5766 ------------------
5767 -- Range_E_Cond --
5768 ------------------
5770 function Range_E_Cond
5774 is
5775 begin
5776 return
5778 Left_Opnd =>
5783 Right_Opnd =>
5790 ------------------------
5791 -- Range_Equal_E_Cond --
5792 ------------------------
5794 function Range_Equal_E_Cond
5798 is
5799 begin
5800 return
5802 Left_Opnd =>
5806 Right_Opnd =>
5812 ------------------
5813 -- Range_N_Cond --
5814 ------------------
5816 function Range_N_Cond
5820 is
5821 begin
5822 return
5824 Left_Opnd =>
5829 Right_Opnd =>
5835 -- Start of processing for Selected_Range_Checks
5837 begin
5845 then
5857 else
5865 -- The order of evaluating T_Typ before S_Typ seems to be critical
5866 -- because S_Typ can be derived from Etype (Ck_Node), if it's not passed
5867 -- in, and since Node can be an N_Range node, it might be invalid.
5868 -- Should there be an assert check somewhere for taking the Etype of
5869 -- an N_Range node ???
5876 -- A simple optimization
5883 -- For an N_Range Node, check for a null range and then if not
5884 -- null generate a range check action.
5888 -- There's no point in checking a range against itself
5894 declare
5904 begin
5905 -- Check for case where everything is static and we can
5906 -- do the check at compile time. This is skipped if we
5907 -- have an access type, since the access value may be null.
5909 -- ??? This code can be improved since you only need to know
5910 -- that the two respective bounds (LB & T_LB or HB & T_HB)
5911 -- are known at compile time to emit pertinent messages.
5917 and then not Do_Access
5918 then
5919 -- Floating-point case
5923 Out_Of_Range_L :=
5925 or else
5928 Out_Of_Range_H :=
5930 or else
5933 -- Fixed or discrete type case
5935 else
5937 Out_Of_Range_L :=
5939 or else
5942 Out_Of_Range_H :=
5944 or else
5951 Add_Check
5952 (Compile_Time_Constraint_Error
5956 else
5957 Add_Check
5958 (Compile_Time_Constraint_Error
5966 Add_Check
5967 (Compile_Time_Constraint_Error
5971 else
5972 Add_Check
5973 (Compile_Time_Constraint_Error
5981 else
5982 declare
5986 begin
5988 -- If either bound is a discriminant and we are within
5989 -- the record declaration, it is a use of the discriminant
5990 -- in a constraint of a component, and nothing can be
5991 -- checked here. The check will be emitted within the
5992 -- init proc. Before then, the discriminal has no real
5993 -- meaning.
5997 then
6000 else
6001 LB :=
6008 then
6011 else
6012 HB :=
6020 Cond :=
6022 Left_Opnd =>
6034 -- This somewhat duplicates what Apply_Scalar_Range_Check does,
6035 -- except the above simply sets a flag in the node and lets
6036 -- gigi generate the check base on the Etype of the expression.
6037 -- Sometimes, however we want to do a dynamic check against an
6038 -- arbitrary target type, so we do that here.
6043 -- For literals, we can tell if the constraint error will be
6044 -- raised at compile time, so we never need a dynamic check, but
6045 -- if the exception will be raised, then post the usual warning,
6046 -- and replace the literal with a raise constraint error
6047 -- expression. As usual, skip this for access types
6050 and then not Do_Access
6051 then
6052 declare
6061 begin
6062 -- Following range tests should use Sem_Eval routine ???
6066 Out_Of_Range :=
6068 or else
6072 Out_Of_Range :=
6074 or else
6078 -- Bounds of the type are static and the literal is
6079 -- out of range so make a warning message.
6083 Add_Check
6084 (Compile_Time_Constraint_Error
6088 else
6089 Add_Check
6090 (Compile_Time_Constraint_Error
6096 else
6101 -- Here for the case of a non-static expression, we need a runtime
6102 -- check unless the source type range is guaranteed to be in the
6103 -- range of the target type.
6105 else
6122 -- String_Literal case. This needs to be handled specially be-
6123 -- cause no index types are available for string literals. The
6124 -- condition is simply:
6126 -- T_Typ'Length = string-literal-length
6131 -- General array case. Here we have a usable actual subtype for
6132 -- the expression, and the condition is built from the two types
6134 -- T_Typ'First < Exptyp'First or else
6135 -- T_Typ'Last > Exptyp'Last or else
6136 -- T_Typ'First(1) < Exptyp'First(1) or else
6137 -- T_Typ'Last(1) > Exptyp'Last(1) or else
6138 -- ...
6141 declare
6151 begin
6157 or else
6159 then
6163 -- Deal with compile time length check. Note that we
6164 -- skip this in the access case, because the access
6165 -- value may be null, so we cannot know statically.
6167 if not
6168 Subtypes_Statically_Match
6170 then
6171 -- If the target type is constrained then we
6172 -- have to check for exact equality of bounds
6173 -- (required for qualified expressions).
6176 Evolve_Or_Else
6180 else
6181 Evolve_Or_Else
6193 -- Handle cases where we do not get a usable actual subtype that
6194 -- is constrained. This happens for example in the function call
6195 -- and explicit dereference cases. In these cases, we have to get
6196 -- the length or range from the expression itself, making sure we
6197 -- do not evaluate it more than once.
6199 -- Here Ck_Node is the original expression, or more properly the
6200 -- result of applying Duplicate_Expr to the original tree,
6201 -- forcing the result to be a name.
6203 else
6204 declare
6207 begin
6208 -- Build the condition for the explicit dereference case
6211 Evolve_Or_Else
6218 else
6219 -- Generate an Action to check that the bounds of the
6220 -- source value are within the constraints imposed by the
6221 -- target type for a conversion to an unconstrained type.
6222 -- Rule is 4.6(38).
6225 declare
6229 begin
6230 Opnd_Index
6236 if Is_In_Range
6238 and then
6239 Is_In_Range
6241 then
6244 -- If null range, no check needed.
6245 elsif
6247 and then
6249 and then
6252 then
6255 elsif Is_Out_Of_Range
6257 or else
6258 Is_Out_Of_Range
6260 then
6261 Add_Check
6262 (Compile_Time_Constraint_Error
6265 else
6266 Evolve_Or_Else
6268 Discrete_Range_Cond
6281 -- Construct the test and insert into the tree
6288 Add_Check
6297 -------------------------------
6298 -- Storage_Checks_Suppressed --
6299 -------------------------------
6302 begin
6305 else
6310 ---------------------------
6311 -- Tag_Checks_Suppressed --
6312 ---------------------------
6315 begin