| blob | c65c26d8875662699e1d29cf75350cd1b2c1f794 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- A C C E S S I B I L I T Y --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 2022-2023, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
59 ---------------------------
60 -- Accessibility_Message --
61 ---------------------------
68 begin
69 -- In an instance, this is a runtime check, but one we know will fail,
70 -- so generate an appropriate warning.
74 Error_Msg_F
83 else
86 -- Check for case where we have a missing access definition
89 and then
91 | N_Index_Or_Discriminant_Constraint
92 then
96 loop
101 Error_Msg_NE
110 -------------------------
111 -- Accessibility_Level --
112 -------------------------
114 function Accessibility_Level
119 is
124 -- Renaming of the enclosing function to facilitate recursive calls
127 -- Construct an integer literal representing an accessibility level with
128 -- its type set to Natural.
131 -- Returns the scope depth of the given node's innermost enclosing scope
132 -- (effectively the accessibility level of the innermost enclosing
133 -- master).
136 -- Centralized processing of subprogram calls which may appear in prefix
137 -- notation.
141 -- Renaming of Type_Access_Level with Allow_Alt_Model specified to avoid
142 -- passing the parameter specifically in every call.
144 ----------------------------------
145 -- Innermost_Master_Scope_Depth --
146 ----------------------------------
154 begin
155 -- Locate the nearest enclosing node (by traversing Parents)
156 -- that Defining_Entity can be applied to, and return the
157 -- depth of that entity's nearest enclosing scope.
159 -- The RM 7.6.1(3) definition of "master" includes statements
160 -- and conditions for loops among other things. Are these cases
161 -- detected properly ???
169 -- Ignore transient scopes made during expansion while also
170 -- taking into account certain expansions - like iterators
171 -- which get expanded into renamings and thus not marked
172 -- as coming from source.
177 then
178 -- Note that in some rare cases the scope depth may not be
179 -- set, for example, when we are in the middle of analyzing
180 -- a type and the enclosing scope is said type. So, instead,
181 -- continue to move up the parent chain since the scope
182 -- depth of the type's parent is the same as that of the
183 -- type.
188 else
189 return
194 -- For a return statement within a function, return
195 -- the depth of the function itself. This is not just
196 -- a small optimization, but matters when analyzing
197 -- the expression in an expression function before
198 -- the body is created.
201 | N_Simple_Return_Statement
202 then
205 -- Statements are counted as masters
215 -- Should never reach the following return
222 ------------------------
223 -- Make_Level_Literal --
224 ------------------------
229 begin
234 --------------------------------------
235 -- Function_Call_Or_Allocator_Level --
236 --------------------------------------
241 begin
242 -- Results of functions are objects, so we either get the
243 -- accessibility of the function or, in case of a call which is
244 -- indirect, the level of the access-to-subprogram type.
246 -- This code looks wrong ???
250 then
252 return Make_Level_Literal
254 else
255 return Make_Level_Literal
259 -- We ignore coextensions as they cannot be implemented under the
260 -- "small-integer" model.
265 then
269 -- Named access types have a designated level
274 -- Otherwise, the level is dictated by RM 3.10.2 (10.7/3)
276 else
277 -- Check No_Dynamic_Accessibility_Checks restriction override for
278 -- alternative accessibility model.
280 if Allow_Alt_Model
283 then
284 -- In the alternative model the level is that of the
285 -- designated type.
290 -- For function calls the level is that of the innermost
291 -- master, otherwise (for allocators etc.) we get the level
292 -- of the corresponding anonymous access type, which is
293 -- calculated through the normal path of execution.
296 return Make_Level_Literal
302 -- Dynamic checks are generated when we are within a return
303 -- value or we are in a function call within an anonymous
304 -- access discriminant constraint of a return object (signified
305 -- by In_Return_Context) on the side of the callee.
307 -- So, in this case, return accessibility level of the
308 -- enclosing subprogram.
311 or else In_Return_Context
312 then
313 return Make_Level_Literal
318 -- When the call is being dereferenced the level is that of the
319 -- enclosing master of the dereferenced call.
322 | N_Indexed_Component
323 | N_Selected_Component
324 then
325 return Make_Level_Literal
329 -- Find any relevant enclosing parent nodes that designate an
330 -- object being initialized.
332 -- Note: The above is only relevant if the result is used "in its
333 -- entirety" as RM 3.10.2 (10.2/3) states. However, this is
334 -- accounted for in the case statement in the main body of
335 -- Accessibility_Level for N_Selected_Component.
340 -- Detect an expanded implicit conversion, typically this
341 -- occurs on implicitly converted actuals in calls.
343 -- Does this catch all implicit conversions ???
347 then
348 return Make_Level_Literal
352 -- Jump out when we hit an object declaration or the right-hand
353 -- side of an assignment, or a construct such as an aggregate
354 -- subtype indication which would be the result is not used
355 -- "in its entirety."
365 -- Assignment statements are handled in a similar way in
366 -- accordance to the left-hand part. However, strictly speaking,
367 -- this is illegal according to the RM, but this change is needed
368 -- to pass an ACATS C-test and is useful in general ???
372 return Make_Level_Literal
373 (Scope_Depth
377 -- Return the accessibility level of the left-hand part
379 return Accessibility_Level
385 return Make_Level_Literal
391 -- Local variables
396 -- Start of processing for Accessibility_Level
398 begin
399 -- We could be looking at a reference to a formal due to the expansion
400 -- of entries and other cases, so obtain the renaming if necessary.
406 -- Extract the entity
411 -- Deal with a possible renaming of a private protected component
418 -- Perform the processing on the expression
421 -- The level of an aggregate is that of the innermost master that
422 -- evaluates it as defined in RM 3.10.2 (10/4).
427 -- The accessibility level is that of the access type, except for an
428 -- anonymous allocators which have special rules defined in RM 3.10.2
429 -- (14/3).
434 -- We could reach this point for two reasons. Either the expression
435 -- applies to a special attribute ('Loop_Entry, 'Result, or 'Old), or
436 -- we are looking at the access attributes directly ('Access,
437 -- 'Address, or 'Unchecked_Access).
442 -- Regular 'Access attribute presence means we have to look at the
443 -- prefix.
448 -- Unchecked or unrestricted attributes have unlimited depth
451 | Name_Unchecked_Access
452 | Name_Unrestricted_Access
453 then
456 -- 'Access can be taken further against other special attributes,
457 -- so handle these cases explicitly.
460 in Name_Old | Name_Loop_Entry | Name_Result
461 then
462 -- Named access types
465 return Make_Level_Literal
468 -- Anonymous access types
474 then
475 return New_Occurrence_Of
478 -- Otherwise the level is treated in a similar way as
479 -- aggregates according to RM 6.1.1 (35.1/4) which concerns
480 -- an implicit constant declaration - in turn defining the
481 -- accessibility level to be that of the implicit constant
482 -- declaration.
484 else
485 return Make_Level_Literal
489 else
493 -- This is the "base case" for accessibility level calculations which
494 -- means we are near the end of our recursive traversal.
497 -- A dynamic check is performed on the side of the callee when we
498 -- are within a return statement, so return a library-level
499 -- accessibility level to null out checks on the side of the
500 -- caller.
506 then
509 -- Something went wrong and an extra accessibility formal has not
510 -- been generated when one should have ???
515 then
518 -- Stand-alone object of an anonymous access type "SAOAAT"
522 | E_Constant)
526 then
528 return Make_Level_Literal
532 -- No_Dynamic_Accessibility_Checks restriction override for
533 -- alternative accessibility model.
535 if Allow_Alt_Model
537 then
538 -- In the alternative model the level is that of the
539 -- designated type entity's context.
544 -- Otherwise the level depends on the entity's context
547 return Make_Level_Literal
548 (Subprogram_Access_Level
550 else
551 return Make_Level_Literal
556 -- Return the dynamic level in the normal case
558 return New_Occurrence_Of
561 -- Initialization procedures have a special extra accessibility
562 -- parameter associated with the level at which the object
563 -- being initialized exists
569 then
570 return New_Occurrence_Of
573 -- Current instance of the type is deeper than that of the type
574 -- according to RM 3.10.2 (21).
577 -- When restriction No_Dynamic_Accessibility_Checks is active
578 -- along with -gnatd_b.
580 if Allow_Alt_Model
582 and then Debug_Flag_Underscore_B
583 then
587 -- Normal path
591 -- Move up the renamed entity or object if it came from source
592 -- since expansion may have created a dummy renaming under
593 -- certain circumstances.
595 -- Note: We check if the original node of the renaming comes
596 -- from source because the node may have been rewritten.
599 and then Comes_From_Source
601 then
604 -- Named access types get their level from their associated type
607 return Make_Level_Literal
610 -- Check if E is an expansion-generated renaming of an iterator
611 -- by examining Related_Expression. If so, determine the
612 -- accessibility level based on the original expression.
616 then
622 then
623 return New_Occurrence_Of
626 -- Normal object - get the level of the enclosing scope
628 else
629 return Make_Level_Literal
633 -- Handle indexed and selected components including the special cases
634 -- whereby there is an implicit dereference, a component of a
635 -- composite type, or a function call in prefix notation.
637 -- We don't handle function calls in prefix notation correctly ???
642 -- Fetch the original node when the prefix comes from the result
643 -- of expanding a function call since we want to find the level
644 -- of the original source call.
648 then
652 -- When E is an indexed component or selected component and
653 -- the current Expr is a function call, we know that we are
654 -- looking at an expanded call in prefix notation.
659 -- If the prefix is a named access type, then we are dealing
660 -- with an implicit deferences. In that case the level is that
661 -- of the named access type in the prefix.
664 return Make_Level_Literal
667 -- The current expression is a named access type, so there is no
668 -- reason to look at the prefix. Instead obtain the level of E's
669 -- named access type.
672 return Make_Level_Literal
675 -- A nondiscriminant selected component where the component
676 -- is an anonymous access type means that its associated
677 -- level is that of the containing type - see RM 3.10.2 (16).
679 -- Note that when restriction No_Dynamic_Accessibility_Checks is
680 -- in effect we treat discriminant components as regular
681 -- components.
683 elsif
691 -- The alternative accessibility models both treat
692 -- discriminants as regular components.
697 -- Arrays featuring components of anonymous access components
698 -- get their corresponding level from their containing type's
699 -- declaration.
701 or else
707 then
708 -- When restriction No_Dynamic_Accessibility_Checks is active
709 -- and -gnatd_b set, the level is that of the designated type.
711 if Allow_Alt_Model
713 and then Debug_Flag_Underscore_B
714 then
715 return Make_Level_Literal
719 -- Otherwise proceed normally
721 return Make_Level_Literal
724 -- The accessibility calculation routine that handles function
725 -- calls (Function_Call_Level) assumes, in the case the
726 -- result is of an anonymous access type, that the result will be
727 -- used "in its entirety" when the call is present within an
728 -- assignment or object declaration.
730 -- To properly handle cases where the result is not used in its
731 -- entirety, we test if the prefix of the component in question is
732 -- a function call, which tells us that one of its components has
733 -- been identified and is being accessed. Therefore we can
734 -- conclude that the result is not used "in its entirety"
735 -- according to RM 3.10.2 (10.2/3).
739 then
740 -- Dynamic checks are generated when we are within a return
741 -- value or we are in a function call within an anonymous
742 -- access discriminant constraint of a return object (signified
743 -- by In_Return_Context) on the side of the callee.
745 -- So, in this case, return a library accessibility level to
746 -- null out the check on the side of the caller.
751 then
752 return Make_Level_Literal
756 return Make_Level_Literal
759 -- Otherwise, continue recursing over the expression prefixes
761 else
765 -- Qualified expressions
769 return Make_Level_Literal
771 else
775 -- Handle function calls
780 -- Explicit dereference accessibility level calculation
785 -- The prefix is a named access type so the level is taken from
786 -- its type.
791 -- Otherwise, recurse deeper
793 else
797 -- Type conversions
800 -- View conversions are special in that they require use to
801 -- inspect the expression of the type conversion.
803 -- Allocators of anonymous access types are internally generated,
804 -- so recurse deeper in that case as well.
808 then
811 -- We don't care about the master if we are looking at a named
812 -- access type.
815 return Make_Level_Literal
818 -- In section RM 3.10.2 (10/4) the accessibility rules for
819 -- aggregates and value conversions are outlined. Are these
820 -- followed in the case of initialization of an object ???
822 -- Should use Innermost_Master_Scope_Depth ???
824 else
828 -- Default to the type accessibility level for the type of the
829 -- expression's entity.
836 -------------------------------
837 -- Apply_Accessibility_Check --
838 -------------------------------
840 procedure Apply_Accessibility_Check
844 is
852 begin
853 -- Verify we haven't tried to add a dynamic accessibility check when we
854 -- shouldn't.
863 then
866 -- Renamed_Object must return an Entity_Name here
867 -- because of preceding "Present (E_E_A (...))" test.
876 -- Only apply the run-time check if the access parameter has an
877 -- associated extra access level parameter and when accessibility checks
878 -- are enabled.
884 then
885 -- Obtain the parameter's accessibility level
887 Param_Level :=
890 -- Use the dynamic accessibility parameter for the function's result
891 -- when one has been created instead of statically referring to the
892 -- deepest type level so as to appropriatly handle the rules for
893 -- RM 3.10.2 (10.1/3).
898 then
899 -- Associate the level of the result type to the extra result
900 -- accessibility parameter belonging to the current function.
903 Type_Level :=
904 New_Occurrence_Of
907 -- In Ada 2005 and earlier modes, a result extra accessibility
908 -- parameter is not generated and no dynamic check is performed.
910 else
914 -- Otherwise get the type's accessibility level normally
916 else
917 Type_Level :=
921 -- Raise Program_Error if the accessibility level of the access
922 -- parameter is deeper than the level of the target access type.
924 Check_Cond :=
936 -- If constant folding has happened on the condition for the
937 -- generated error, then warn about it being unconditional.
941 then
949 ---------------------------------------------
950 -- Apply_Accessibility_Check_For_Allocator --
951 ---------------------------------------------
953 procedure Apply_Accessibility_Check_For_Allocator
958 is
969 begin
972 and then Tagged_Type_Expansion
975 and then
977 or else
980 then
981 -- If the allocator was built in place, Ref is already a reference
982 -- to the access object initialized to the result of the allocator
983 -- (see Exp_Ch6.Make_Build_In_Place_Call_In_Allocator). We call
984 -- Remove_Side_Effects for cases where the build-in-place call may
985 -- still be the prefix of the reference (to avoid generating
986 -- duplicate calls). Otherwise, it is the entity associated with
987 -- the object containing the address of the allocated object.
992 else
996 -- For access to interface types we must generate code to displace
997 -- the pointer to the base of the object since the subsequent code
998 -- references components located in the TSD of the object (which
999 -- is associated with the primary dispatch table --see a-tags.ads)
1000 -- and also generates code invoking Free, which requires also a
1001 -- reference to the base of the unallocated object.
1004 Obj_Ref :=
1007 Name =>
1014 -- Step 1: Create the object clean up code
1018 -- Deallocate the object if the accessibility check fails. This is
1019 -- done only on targets or profiles that support deallocation.
1021 -- Free (Obj_Ref);
1029 -- The target or profile cannot deallocate objects
1031 else
1035 -- Finalize the object if applicable. Generate:
1037 -- [Deep_]Finalize (Obj_Ref.all);
1041 then
1042 Fin_Call :=
1043 Make_Final_Call
1048 -- Guard against a missing [Deep_]Finalize when the designated
1049 -- type was not properly frozen.
1055 -- When the target or profile supports deallocation, wrap the
1056 -- finalization call in a block to ensure proper deallocation even
1057 -- if finalization fails. Generate:
1059 -- begin
1060 -- <Fin_Call>
1061 -- exception
1062 -- when others =>
1063 -- <Free_Stmt>
1064 -- raise;
1065 -- end;
1068 Fin_Call :=
1070 Handled_Statement_Sequence =>
1086 -- Signal the accessibility failure through a Program_Error
1092 -- Step 2: Create the accessibility comparison
1094 -- Generate:
1095 -- Ref'Tag
1097 Obj_Ref :=
1102 -- For tagged types, determine the accessibility level by looking at
1103 -- the type specific data of the dispatch table. Generate:
1105 -- Type_Specific_Data (Address (Ref'Tag)).Access_Level
1110 -- Use a runtime call to determine the accessibility level when
1111 -- compiling on virtual machine targets. Generate:
1113 -- Get_Access_Level (Ref'Tag)
1115 else
1116 Cond :=
1118 Name =>
1123 Cond :=
1128 -- Due to the complexity and side effects of the check, utilize an if
1129 -- statement instead of the regular Program_Error circuitry.
1138 ------------------------------------------
1139 -- Check_Return_Construct_Accessibility --
1140 ------------------------------------------
1142 procedure Check_Return_Construct_Accessibility
1145 is
1150 -- Function result subtype
1153 -- Obtain the first selector or choice from a given association
1155 function Is_Formal_Of_Current_Function
1157 -- Predicate to test if a given expression associated with a
1158 -- discriminant is a formal parameter to the function in which the
1159 -- return construct we checking applies to.
1161 --------------------
1162 -- First_Selector --
1163 --------------------
1166 begin
1173 else
1178 -----------------------------------
1179 -- Is_Formal_Of_Current_Function --
1180 -----------------------------------
1182 function Is_Formal_Of_Current_Function
1184 begin
1186 and then Enclosing_Subprogram
1191 -- Local declarations
1194 -- Assoc should perhaps be renamed and declared as a
1195 -- Node_Or_Entity_Id since it encompasses not only component and
1196 -- discriminant associations, but also discriminant components within
1197 -- a type declaration or subtype indication ???
1212 -- Start of processing for Check_Return_Construct_Accessibility
1214 begin
1215 -- Only perform checks on record types with access discriminants and
1216 -- non-internally generated functions.
1221 then
1225 -- We are only interested in return statements
1228 N_Extended_Return_Statement | N_Simple_Return_Statement
1229 then
1233 -- Fetch the object from the return statement, in the case of a
1234 -- simple return statement the expression is part of the node.
1237 -- Obtain the object definition from the expanded extended return
1241 -- Inspect the original node to avoid object declarations
1242 -- expanded into renamings.
1246 then
1255 -- Could be dealing with a renaming
1258 else
1262 -- Obtain the accessibility levels of the expressions associated
1263 -- with all anonymous access discriminants, then generate a
1264 -- dynamic check or static error when relevant.
1266 -- Note the repeated use of Original_Node to avoid checking
1267 -- expanded code.
1271 -- Get the corresponding declaration based on the return object's
1272 -- identifier.
1276 in N_Object_Declaration
1277 | N_Object_Renaming_Declaration
1278 then
1281 -- We were passed the object declaration directly, so use it
1284 | N_Object_Renaming_Declaration
1285 then
1288 -- Otherwise, we are looking at something else
1290 else
1295 -- Hop up object renamings when present
1299 then
1303 -- We may be looking at the expansion of iterators or
1304 -- some other internally generated construct, so it is safe
1305 -- to ignore checks ???
1311 Obj_Decl := Original_Node
1312 (Declaration_Node
1315 -- Move up to the next declaration based on the object's name
1317 else
1318 Obj_Decl := Original_Node
1324 -- Obtain the discriminant values from the return aggregate
1326 -- Do we cover extension aggregates correctly ???
1331 else
1335 -- There is an object declaration for the return object
1338 -- When a subtype indication is present in an object declaration
1339 -- it must contain the object's discriminants.
1342 Assoc := First
1343 (Constraints
1344 (Constraint
1347 -- The object declaration contains an aggregate
1352 -- Grab the first associated discriminant expresion
1354 if Present
1356 then
1357 Assoc := First
1358 (Expressions
1360 else
1361 Assoc := First
1362 (Component_Associations
1366 -- Otherwise, this is something else
1368 else
1372 -- There are no supplied discriminants in the object declaration,
1373 -- so get them from the type definition since they must be default
1374 -- initialized.
1376 -- Do we handle constrained subtypes correctly ???
1379 Assoc := First_Discriminant
1382 else
1386 -- When we are not looking at an aggregate or an identifier, return
1387 -- since any other construct (like a function call) is not
1388 -- applicable since checks will be performed on the side of the
1389 -- callee.
1391 else
1395 -- Obtain the discriminants so we know the actual type in case the
1396 -- value of their associated expression gets implicitly converted.
1403 else
1404 Disc := First_Discriminant
1408 -- Preserve the first discriminant for checking named associations
1412 -- Count the number of discriminants for processing an aggregate
1413 -- which includes an others.
1424 -- Loop through each of the discriminants and check each expression
1425 -- associated with an anonymous access discriminant.
1427 -- When named associations occur in the return aggregate then
1428 -- discriminants can be in any order, so we need to ensure we do
1429 -- not continue to loop when all discriminants have been seen.
1435 loop
1436 -- Handle named associations by searching through the names of
1437 -- the relevant discriminant components.
1440 in N_Component_Association | N_Discriminant_Association
1441 then
1445 -- We currently don't handle box initialized discriminants,
1446 -- however, since default initialized anonymous access
1447 -- discriminants are a corner case, this is ok for now ???
1451 then
1456 -- When others is present we must identify a discriminant we
1457 -- haven't already seen so as to get the appropriate type for
1458 -- the static accessibility check.
1460 -- This works because all components within an others clause
1461 -- must have the same type.
1467 declare
1469 begin
1470 -- Move through the list of identified discriminants
1474 -- Exit the loop when we found a match
1476 exit when
1482 -- When we have exited the above loop without finding
1483 -- a match then we know that Disc has not been seen.
1491 -- If we got to an others clause with a non-zero
1492 -- discriminant count there must be a discriminant left to
1493 -- check.
1497 -- Set the unseen discriminant count to zero because we know
1498 -- an others clause sets all remaining components of an
1499 -- aggregate.
1503 -- Move through each of the selectors in the named association
1504 -- and obtain a discriminant for accessibility checking if one
1505 -- is referenced in the list. Also track which discriminants
1506 -- are referenced for the purpose of handling an others clause.
1508 else
1509 declare
1512 begin
1517 -- Check each of the choices in the associations for a
1518 -- match to the name of the current discriminant.
1522 -- When the name matches we track that we have seen
1523 -- the discriminant, but instead of exiting the
1524 -- loop we continue iterating to make sure all the
1525 -- discriminants within the named association get
1526 -- tracked.
1543 -- Unwrap the associated expression if we are looking at a default
1544 -- initialized type declaration. In this case Assoc is not really
1545 -- an association, but a component declaration. Should Assoc be
1546 -- renamed in some way to be more clear ???
1548 -- This occurs when the return object does not initialize
1549 -- discriminant and instead relies on the type declaration for
1550 -- their supplied values.
1554 then
1560 -- Otherwise, there is nothing to do because Assoc is an
1561 -- expression within the return aggregate itself.
1563 else
1570 -- Check the accessibility level of the expression when the
1571 -- discriminant is of an anonymous access type.
1577 -- We disable the check when we have a tagged return type and
1578 -- the associated expression for the discriminant is a formal
1579 -- parameter since the check would require us to compare the
1580 -- accessibility level of Assoc_Expr to the level of the
1581 -- Extra_Accessibility_Of_Result of the function - which is
1582 -- currently disabled for functions with tagged return types.
1583 -- This may change in the future ???
1585 -- See Needs_Result_Accessibility_Level for details.
1587 and then not
1591 then
1592 -- Generate a dynamic check based on the extra accessibility of
1593 -- the result or the scope of the current function.
1595 Check_Cond :=
1597 Left_Opnd => Accessibility_Level
1601 Right_Opnd =>
1604 -- When Assoc_Expr is a formal we have to look at the
1605 -- extra accessibility-level formal associated with
1606 -- the result.
1609 then
1610 New_Occurrence_Of
1613 -- Otherwise, we compare the level of Assoc_Expr to the
1614 -- scope of the current function.
1616 else
1617 Make_Integer_Literal
1625 -- If constant folding has happened on the condition for the
1626 -- generated error, then warn about it being unconditional when
1627 -- we know an error will be raised.
1631 then
1632 Error_Msg_N
1638 -- Iterate over the discriminants, except when we have encountered
1639 -- a named association since the discriminant order becomes
1640 -- irrelevant in that case.
1646 -- Iterate over associations
1650 else
1656 -------------------------------
1657 -- Deepest_Type_Access_Level --
1658 -------------------------------
1660 function Deepest_Type_Access_Level
1663 is
1664 begin
1668 then
1669 -- No_Dynamic_Accessibility_Checks override for alternative
1670 -- accessibility model.
1672 if Allow_Alt_Model
1674 then
1678 -- Typ is the type of an Ada 2012 stand-alone object of an anonymous
1679 -- access type.
1681 return
1682 Scope_Depth (Enclosing_Dynamic_Scope
1683 (Defining_Identifier
1686 -- For generic formal type, return Int'Last (infinite).
1687 -- See comment preceding Is_Generic_Type call in Type_Access_Level.
1692 else
1697 -----------------------------------
1698 -- Effective_Extra_Accessibility --
1699 -----------------------------------
1702 begin
1705 then
1707 else
1712 -------------------------------
1713 -- Get_Dynamic_Accessibility --
1714 -------------------------------
1717 begin
1718 -- When minimum accessibility is set for E then we utilize it - except
1719 -- in a few edge cases like the expansion of select statements where
1720 -- generated subprogram may attempt to unnecessarily use a minimum
1721 -- accessibility object declared outside of scope.
1723 -- To avoid these situations where expansion may get complex we verify
1724 -- that the minimum accessibility object is within scope.
1729 then
1736 -----------------------
1737 -- Has_Access_Values --
1738 -----------------------
1741 is
1744 begin
1745 -- Case of a private type which is not completed yet. This can only
1746 -- happen in the case of a generic formal type appearing directly, or
1747 -- as a component of the type to which this function is being applied
1748 -- at the top level. Return False in this case, since we certainly do
1749 -- not know that the type contains access types.
1761 declare
1764 begin
1765 -- Loop to check components
1770 -- Check for access component, tag field does not count, even
1771 -- though it is implemented internally using an access type.
1775 then
1785 else
1790 ---------------------------------------
1791 -- Has_Anonymous_Access_Discriminant --
1792 ---------------------------------------
1795 is
1798 begin
1815 --------------------------------------------
1816 -- Has_Unconstrained_Access_Discriminants --
1817 --------------------------------------------
1819 function Has_Unconstrained_Access_Discriminants
1821 is
1824 begin
1827 then
1841 --------------------------------
1842 -- Is_Anonymous_Access_Actual --
1843 --------------------------------
1847 begin
1855 | N_If_Expression
1856 | N_Parameter_Association
1857 loop
1863 --------------------------------------
1864 -- Is_Special_Aliased_Formal_Access --
1865 --------------------------------------
1867 function Is_Special_Aliased_Formal_Access
1870 is
1872 begin
1873 -- Verify the expression is an access reference to 'Access within a
1874 -- return statement as this is the only time an explicitly aliased
1875 -- formal has different semantics.
1882 then
1886 -- Check if the prefix of the reference is indeed an explicitly aliased
1887 -- formal parameter for the function Scop. Additionally, we must check
1888 -- that Scop returns an anonymous access type, otherwise the special
1889 -- rules dictating a need for a dynamic check are not in effect.
1895 --------------------------------------
1896 -- Needs_Result_Accessibility_Level --
1897 --------------------------------------
1899 function Needs_Result_Accessibility_Level
1901 is
1904 function Has_Unconstrained_Access_Discriminant_Component
1906 -- Returns True if any component of the type has an unconstrained access
1907 -- discriminant.
1909 -----------------------------------------------------
1910 -- Has_Unconstrained_Access_Discriminant_Component --
1911 -----------------------------------------------------
1913 function Has_Unconstrained_Access_Discriminant_Component
1915 is
1916 begin
1920 -- Only limited types can have access discriminants with
1921 -- defaults.
1927 return Has_Unconstrained_Access_Discriminant_Component
1931 declare
1934 begin
1937 if Has_Unconstrained_Access_Discriminant_Component
1939 then
1952 -- Flag used to temporarily disable a "True" result for tagged types.
1953 -- See comments further below for details.
1955 -- Start of processing for Needs_Result_Accessibility_Level
1957 begin
1958 -- False if completion unavailable, which can happen when we are
1959 -- analyzing an abstract subprogram or if the subprogram has
1960 -- delayed freezing.
1965 -- False if not a function, also handle enum-lit renames case
1969 then
1972 -- Handle a corner case, a cross-dialect subp renaming. For example,
1973 -- an Ada 2012 renaming of an Ada 2005 subprogram. This can occur when
1974 -- an Ada 2005 (or earlier) unit references predefined run-time units.
1978 -- Unimplemented: a cross-dialect subp renaming which does not set
1979 -- the Alias attribute (e.g., a rename of a dereference of an access
1980 -- to subprogram value). ???
1984 -- Remaining cases require Ada 2012 mode, unless they are dispatching
1985 -- operations, since they may be overridden by Ada_2012 primitives.
1989 then
1992 -- Handle the situation where a result is an anonymous access type
1993 -- RM 3.10.2 (10.3/3).
1998 -- In the case of, say, a null tagged record result type, the need for
1999 -- this extra parameter might not be obvious so this function returns
2000 -- True for all tagged types for compatibility reasons.
2002 -- A function with, say, a tagged null controlling result type might
2003 -- be overridden by a primitive of an extension having an access
2004 -- discriminant and the overrider and overridden must have compatible
2005 -- calling conventions (including implicitly declared parameters).
2007 -- Similarly, values of one access-to-subprogram type might designate
2008 -- both a primitive subprogram of a given type and a function which is,
2009 -- for example, not a primitive subprogram of any type. Again, this
2010 -- requires calling convention compatibility. It might be possible to
2011 -- solve these issues by introducing wrappers, but that is not the
2012 -- approach that was chosen.
2014 -- Note: Despite the reasoning noted above, the extra accessibility
2015 -- parameter for tagged types is disabled for performance reasons.
2026 -- False for all other cases
2028 else
2033 ------------------------------------------
2034 -- Prefix_With_Safe_Accessibility_Level --
2035 ------------------------------------------
2037 function Prefix_With_Safe_Accessibility_Level
2040 is
2047 -- Return False if the prefix has a value conversion of an array type
2049 ----------------------------
2050 -- Safe_Value_Conversions --
2051 ----------------------------
2056 begin
2057 loop
2063 | N_Unchecked_Type_Conversion
2065 then
2072 N_Aggregate | N_Extension_Aggregate
2073 then
2076 else
2084 -- Start of processing for Prefix_With_Safe_Accessibility_Level
2086 begin
2087 -- No check required for unchecked and unrestricted access
2091 then
2094 -- Check value conversions
2097 and then not Safe_Value_Conversions
2098 then
2105 -----------------------------
2106 -- Subprogram_Access_Level --
2107 -----------------------------
2110 begin
2113 else
2118 --------------------------------
2119 -- Static_Accessibility_Level --
2120 --------------------------------
2122 function Static_Accessibility_Level
2126 is
2127 begin
2128 return Intval
2132 -----------------------
2133 -- Type_Access_Level --
2134 -----------------------
2136 function Type_Access_Level
2140 is
2144 begin
2145 -- Ada 2005 (AI-230): For most cases of anonymous access types, we
2146 -- simply use the level where the type is declared. This is true for
2147 -- stand-alone object declarations, and for anonymous access types
2148 -- associated with components the level is the same as that of the
2149 -- enclosing composite type. However, special treatment is needed for
2150 -- the cases of access parameters, return objects of an anonymous access
2151 -- type, and, in Ada 95, access discriminants of limited types.
2155 -- No_Dynamic_Accessibility_Checks restriction override for
2156 -- alternative accessibility model.
2158 if Allow_Alt_Model
2160 then
2161 -- In the -gnatd_b model, the level of an anonymous access
2162 -- type is always that of the designated type.
2165 return Type_Access_Level
2169 -- When an anonymous access type's Assoc_Ent is specified,
2170 -- calculate the result based on the general accessibility
2171 -- level routine.
2173 -- We would like to use Associated_Node_For_Itype here instead,
2174 -- but in some cases it is not fine grained enough ???
2177 return Static_Accessibility_Level
2181 -- Otherwise take the context of the anonymous access type into
2182 -- account.
2184 -- Obtain the defining entity for the internally generated
2185 -- anonymous access type.
2187 Def_Ent := Defining_Entity_Or_Empty
2191 -- When the defining entity is a subprogram then we know the
2192 -- anonymous access type Typ has been generated to either
2193 -- describe an anonymous access type formal or an anonymous
2194 -- access result type.
2196 -- Since we are only interested in the formal case, avoid
2197 -- the anonymous access result type.
2202 then
2203 -- When the type comes from an anonymous access
2204 -- parameter, the level is that of the subprogram
2205 -- declaration.
2209 -- When the type is an access discriminant, the level is
2210 -- that of the type.
2217 -- If the type is a nonlocal anonymous access type (such as for
2218 -- an access parameter) we treat it as being declared at the
2219 -- library level to ensure that names such as X.all'access don't
2220 -- fail static accessibility checks.
2225 -- If this is a return object, the accessibility level is that of
2226 -- the result subtype of the enclosing function. The test here is
2227 -- little complicated, because we have to account for extended
2228 -- return statements that have been rewritten as blocks, in which
2229 -- case we have to find and the Is_Return_Object attribute of the
2230 -- itype's associated object. It would be nice to find a way to
2231 -- simplify this test, but it doesn't seem worthwhile to add a new
2232 -- flag just for purposes of this test. ???
2235 or else
2238 N_Object_Declaration
2239 and then Is_Return_Object
2240 (Defining_Identifier
2242 then
2243 declare
2246 begin
2253 -- Treat the return object's type as having the level of the
2254 -- function's result subtype (as per RM05-6.5(5.3/2)).
2263 -- The accessibility level of anonymous access types associated with
2264 -- discriminants is that of the current instance of the type, and
2265 -- that's deeper than the type itself (AARM 3.10.2 (12.3.21)).
2267 -- AI-402: access discriminants have accessibility based on the
2268 -- object rather than the type in Ada 2005, so the above paragraph
2269 -- doesn't apply.
2271 -- ??? Needs completion with rules from AI-416
2277 N_Discriminant_Specification
2278 then
2283 -- Return library level for a generic formal type. This is done because
2284 -- RM(10.3.2) says that "The statically deeper relationship does not
2285 -- apply to ... a descendant of a generic formal type". Rather than
2286 -- checking at each point where a static accessibility check is
2287 -- performed to see if we are dealing with a formal type, this rule is
2288 -- implemented by having Type_Access_Level and Deepest_Type_Access_Level
2289 -- return extreme values for a formal type; Deepest_Type_Access_Level
2290 -- returns Int'Last. By calling the appropriate function from among the
2291 -- two, we ensure that the static accessibility check will pass if we
2292 -- happen to run into a formal type. More specifically, we should call
2293 -- Deepest_Type_Access_Level instead of Type_Access_Level whenever the
2294 -- call occurs as part of a static accessibility check and the error
2295 -- case is the case where the type's level is too shallow (as opposed
2296 -- to too deep).