| blob | 26a8d2894b2ea0ab704e1d517fba755934919c87 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C O N T R A C T S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 2015-2018, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
59 -- Analyze all delayed pragmas chained on the contract of package
60 -- instantiation Inst_Id as if they appear at the end of a declarative
61 -- region. The pragmas in question are:
62 --
63 -- Part_Of
66 -- (CodePeer): Subsidiary procedure to Analyze_Contracts which builds the
67 -- contract-only subprogram body of eligible subprograms found in L, adds
68 -- them to their corresponding list of declarations, and analyzes them.
71 -- Expand the contracts of a subprogram body and its correspoding spec (if
72 -- any). This routine processes all [refined] pre- and postconditions as
73 -- well as Contract_Cases, invariants and predicates. Body_Id denotes the
74 -- entity of the subprogram body.
76 -----------------------
77 -- Add_Contract_Item --
78 -----------------------
84 -- Prepend Prag to the list of classifications
87 -- Prepend Prag to the list of contract and test cases
90 -- Prepend Prag to the list of pre- and postconditions
92 ------------------------
93 -- Add_Classification --
94 ------------------------
97 begin
102 ----------------------------
103 -- Add_Contract_Test_Case --
104 ----------------------------
107 begin
112 ----------------------------
113 -- Add_Pre_Post_Condition --
114 ----------------------------
117 begin
122 -- Local variables
124 -- A contract must contain only pragmas
129 -- Start of processing for Add_Contract_Item
131 begin
132 -- Create a new contract when adding the first item
139 -- Constants, the applicable pragmas are:
140 -- Part_Of
144 Add_Classification;
146 -- The pragma is not a proper contract item
148 else
152 -- Entry bodies, the applicable pragmas are:
153 -- Refined_Depends
154 -- Refined_Global
155 -- Refined_Post
159 Add_Classification;
162 Add_Pre_Post_Condition;
164 -- The pragma is not a proper contract item
166 else
170 -- Entry or subprogram declarations, the applicable pragmas are:
171 -- Attach_Handler
172 -- Contract_Cases
173 -- Depends
174 -- Extensions_Visible
175 -- Global
176 -- Interrupt_Handler
177 -- Postcondition
178 -- Precondition
179 -- Test_Case
180 -- Volatile_Function
184 E_Generic_Function,
185 E_Generic_Procedure,
186 E_Procedure)
187 then
190 then
191 Add_Classification;
194 Name_Extensions_Visible,
195 Name_Global)
196 then
197 Add_Classification;
201 then
202 Add_Classification;
205 Add_Contract_Test_Case;
208 Add_Pre_Post_Condition;
210 -- The pragma is not a proper contract item
212 else
216 -- Packages or instantiations, the applicable pragmas are:
217 -- Abstract_States
218 -- Initial_Condition
219 -- Initializes
220 -- Part_Of (instantiation only)
224 Name_Initial_Condition,
225 Name_Initializes)
226 then
227 Add_Classification;
229 -- Indicator Part_Of must be associated with a package instantiation
232 Add_Classification;
234 -- The pragma is not a proper contract item
236 else
240 -- Package bodies, the applicable pragmas are:
241 -- Refined_States
245 Add_Classification;
247 -- The pragma is not a proper contract item
249 else
253 -- Protected units, the applicable pragmas are:
254 -- Part_Of
258 Add_Classification;
260 -- The pragma is not a proper contract item
262 else
266 -- Subprogram bodies, the applicable pragmas are:
267 -- Postcondition
268 -- Precondition
269 -- Refined_Depends
270 -- Refined_Global
271 -- Refined_Post
275 Add_Classification;
278 Name_Precondition,
279 Name_Refined_Post)
280 then
281 Add_Pre_Post_Condition;
283 -- The pragma is not a proper contract item
285 else
289 -- Task bodies, the applicable pragmas are:
290 -- Refined_Depends
291 -- Refined_Global
295 Add_Classification;
297 -- The pragma is not a proper contract item
299 else
303 -- Task units, the applicable pragmas are:
304 -- Depends
305 -- Global
306 -- Part_Of
310 Add_Classification;
312 -- The pragma is not a proper contract item
314 else
318 -- Variables, the applicable pragmas are:
319 -- Async_Readers
320 -- Async_Writers
321 -- Constant_After_Elaboration
322 -- Depends
323 -- Effective_Reads
324 -- Effective_Writes
325 -- Global
326 -- Part_Of
330 Name_Async_Writers,
331 Name_Constant_After_Elaboration,
332 Name_Depends,
333 Name_Effective_Reads,
334 Name_Effective_Writes,
335 Name_Global,
336 Name_Part_Of)
337 then
338 Add_Classification;
340 -- The pragma is not a proper contract item
342 else
348 -----------------------
349 -- Analyze_Contracts --
350 -----------------------
355 begin
363 -- Entry or subprogram declarations
366 N_Entry_Declaration,
367 N_Generic_Subprogram_Declaration,
368 N_Subprogram_Declaration)
369 then
370 declare
373 begin
376 -- If analysis of a class-wide pre/postcondition indicates
377 -- that a class-wide clone is needed, analyze its declaration
378 -- now. Its body is created when the body of the original
379 -- operation is analyzed (and rewritten).
383 then
388 -- Entry or subprogram bodies
393 -- Objects
398 -- Package instantiation
403 -- Protected units
406 N_Single_Protected_Declaration)
407 then
410 -- Subprogram body stubs
415 -- Task units
418 N_Task_Type_Declaration)
419 then
422 -- For type declarations, we need to do the preanalysis of Iterable
423 -- aspect specifications.
425 -- Other type aspects need to be resolved here???
429 then
430 declare
434 begin
445 -----------------------------------------------
446 -- Analyze_Entry_Or_Subprogram_Body_Contract --
447 -----------------------------------------------
449 -- WARNING: This routine manages SPARK regions. Return statements must be
450 -- replaced by gotos which jump to the end of the routine and restore the
451 -- SPARK mode.
460 -- Save the SPARK_Mode-related data to restore on exit
462 begin
463 -- When a subprogram body declaration is illegal, its defining entity is
464 -- left unanalyzed. There is nothing left to do in this case because the
465 -- body lacks a contract, or even a proper Ekind.
470 -- Do not analyze a contract multiple times
475 else
480 -- Due to the timing of contract analysis, delayed pragmas may be
481 -- subject to the wrong SPARK_Mode, usually that of the enclosing
482 -- context. To remedy this, restore the original SPARK_Mode of the
483 -- related subprogram body.
487 -- Ensure that the contract cases or postconditions mention 'Result or
488 -- define a post-state.
492 -- A stand-alone nonvolatile function body cannot have an effectively
493 -- volatile formal parameter or return type (SPARK RM 7.1.3(9)). This
494 -- check is relevant only when SPARK_Mode is on, as it is not a standard
495 -- legality rule. The check is performed here because Volatile_Function
496 -- is processed after the analysis of the related subprogram body. The
497 -- check only applies to source subprograms and not to generated TSS
498 -- subprograms.
504 then
508 -- Restore the SPARK_Mode of the enclosing context after all delayed
509 -- pragmas have been analyzed.
513 -- Capture all global references in a generic subprogram body now that
514 -- the contract has been analyzed.
517 Save_Global_References_In_Contract
522 -- Deal with preconditions, [refined] postconditions, Contract_Cases,
523 -- invariants and predicates associated with body and its spec. Do not
524 -- expand the contract of subprogram body stubs.
531 ------------------------------------------
532 -- Analyze_Entry_Or_Subprogram_Contract --
533 ------------------------------------------
535 -- WARNING: This routine manages SPARK regions. Return statements must be
536 -- replaced by gotos which jump to the end of the routine and restore the
537 -- SPARK mode.
539 procedure Analyze_Entry_Or_Subprogram_Contract
542 is
548 -- Save the SPARK_Mode-related data to restore on exit
552 and then not ASIS_Mode
560 begin
561 -- Do not analyze a contract multiple times
566 else
571 -- Due to the timing of contract analysis, delayed pragmas may be
572 -- subject to the wrong SPARK_Mode, usually that of the enclosing
573 -- context. To remedy this, restore the original SPARK_Mode of the
574 -- related subprogram body.
578 -- All subprograms carry a contract, but for some it is not significant
579 -- and should not be processed.
586 -- Do not analyze the pre/postconditions of an entry declaration
587 -- unless annotating the original tree for ASIS or GNATprove. The
588 -- real analysis occurs when the pre/postconditons are relocated to
589 -- the contract wrapper procedure (see Build_Contract_Wrapper).
594 -- Otherwise analyze the pre/postconditions. Their expressions
595 -- might include references to types that are not frozen yet, in the
596 -- case where the body is a rewritten expression function that is a
597 -- completion, so freeze all types within before constructing the
598 -- contract code.
600 else
601 declare
605 begin
614 then
622 Freeze_Expr_Types
635 -- Analyze contract-cases and test-cases
643 -- Do not analyze the contract cases of an entry declaration
644 -- unless annotating the original tree for ASIS or GNATprove.
645 -- The real analysis occurs when the contract cases are moved
646 -- to the contract wrapper procedure (Build_Contract_Wrapper).
651 -- Otherwise analyze the contract cases
653 else
656 else
664 -- Analyze classification pragmas
680 -- Analyze Global first, as Depends may mention items classified in
681 -- the global categorization.
687 -- Depends must be analyzed after Global in order to see the modes of
688 -- all global items.
694 -- Ensure that the contract cases or postconditions mention 'Result
695 -- or define a post-state.
700 -- A nonvolatile function cannot have an effectively volatile formal
701 -- parameter or return type (SPARK RM 7.1.3(9)). This check is relevant
702 -- only when SPARK_Mode is on, as it is not a standard legality rule.
703 -- The check is performed here because pragma Volatile_Function is
704 -- processed after the analysis of the related subprogram declaration.
710 then
714 -- Restore the SPARK_Mode of the enclosing context after all delayed
715 -- pragmas have been analyzed.
719 -- Capture all global references in a generic subprogram now that the
720 -- contract has been analyzed.
723 Save_Global_References_In_Contract
729 -----------------------------
730 -- Analyze_Object_Contract --
731 -----------------------------
733 -- WARNING: This routine manages SPARK regions. Return statements must be
734 -- replaced by gotos which jump to the end of the routine and restore the
735 -- SPARK mode.
737 procedure Analyze_Object_Contract
740 is
745 -- Save the SPARK_Mode-related data to restore on exit
756 begin
757 -- The loop parameter in an element iterator over a formal container
758 -- is declared with an object declaration, but no contracts apply.
764 -- Do not analyze a contract multiple times
771 else
776 -- The anonymous object created for a single concurrent type inherits
777 -- the SPARK_Mode from the type. Due to the timing of contract analysis,
778 -- delayed pragmas may be subject to the wrong SPARK_Mode, usually that
779 -- of the enclosing context. To remedy this, restore the original mode
780 -- of the related anonymous object.
784 then
788 -- Constant-related checks
792 -- Analyze indicator Part_Of
796 -- Check whether the lack of indicator Part_Of agrees with the
797 -- placement of the constant with respect to the state space.
803 -- A constant cannot be effectively volatile (SPARK RM 7.1.3(4)).
804 -- This check is relevant only when SPARK_Mode is on, as it is not
805 -- a standard Ada legality rule. Internally-generated constants that
806 -- map generic formals to actuals in instantiations are allowed to
807 -- be volatile.
813 then
817 -- Variable-related checks
821 -- Analyze all external properties
851 -- Verify the mutual interaction of the various external properties
857 -- The anonymous object created for a single concurrent type carries
858 -- pragmas Depends and Globat of the type.
862 -- Analyze Global first, as Depends may mention items classified
863 -- in the global categorization.
871 -- Depends must be analyzed after Global in order to see the modes
872 -- of all global items.
883 -- Analyze indicator Part_Of
888 -- The variable is a constituent of a single protected/task type
889 -- and behaves as a component of the type. Verify that references
890 -- to the variable occur within the definition or body of the type
891 -- (SPARK RM 9.3).
894 and then Is_Single_Concurrent_Object
897 then
905 -- Otherwise check whether the lack of indicator Part_Of agrees with
906 -- the placement of the variable with respect to the state space.
908 else
912 -- The following checks are relevant only when SPARK_Mode is on, as
913 -- they are not standard Ada legality rules. Internally generated
914 -- temporaries are ignored.
919 -- The declaration of an effectively volatile object must
920 -- appear at the library level (SPARK RM 7.1.3(3), C.6(6)).
923 Error_Msg_N
927 -- An object of a discriminated type cannot be effectively
928 -- volatile except for protected objects (SPARK RM 7.1.3(5)).
932 then
933 Error_Msg_N
937 -- The object is not effectively volatile
939 else
940 -- A non-effectively volatile object cannot have effectively
941 -- volatile components (SPARK RM 7.1.3(6)).
945 then
946 Error_Msg_N
948 Obj_Id);
954 -- Common checks
958 -- A Ghost object cannot be of a type that yields a synchronized
959 -- object (SPARK RM 6.9(19)).
964 -- A Ghost object cannot be effectively volatile (SPARK RM 6.9(7) and
965 -- SPARK RM 6.9(19)).
970 -- A Ghost object cannot be imported or exported (SPARK RM 6.9(7)).
971 -- One exception to this is the object that represents the dispatch
972 -- table of a Ghost tagged type, as the symbol needs to be exported.
982 -- Restore the SPARK_Mode of the enclosing context after all delayed
983 -- pragmas have been analyzed.
988 -----------------------------------
989 -- Analyze_Package_Body_Contract --
990 -----------------------------------
992 -- WARNING: This routine manages SPARK regions. Return statements must be
993 -- replaced by gotos which jump to the end of the routine and restore the
994 -- SPARK mode.
996 procedure Analyze_Package_Body_Contract
999 is
1006 -- Save the SPARK_Mode-related data to restore on exit
1010 begin
1011 -- Do not analyze a contract multiple times
1016 else
1021 -- Due to the timing of contract analysis, delayed pragmas may be
1022 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1023 -- context. To remedy this, restore the original SPARK_Mode of the
1024 -- related package body.
1030 -- The analysis of pragma Refined_State detects whether the spec has
1031 -- abstract states available for refinement.
1037 -- Restore the SPARK_Mode of the enclosing context after all delayed
1038 -- pragmas have been analyzed.
1042 -- Capture all global references in a generic package body now that the
1043 -- contract has been analyzed.
1046 Save_Global_References_In_Contract
1052 ------------------------------
1053 -- Analyze_Package_Contract --
1054 ------------------------------
1056 -- WARNING: This routine manages SPARK regions. Return statements must be
1057 -- replaced by gotos which jump to the end of the routine and restore the
1058 -- SPARK mode.
1066 -- Save the SPARK_Mode-related data to restore on exit
1073 begin
1074 -- Do not analyze a contract multiple times
1079 else
1084 -- Due to the timing of contract analysis, delayed pragmas may be
1085 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1086 -- context. To remedy this, restore the original SPARK_Mode of the
1087 -- related package.
1093 -- Locate and store pragmas Initial_Condition and Initializes, since
1094 -- their order of analysis matters.
1110 -- Analyze the initialization-related pragmas. Initializes must come
1111 -- before Initial_Condition due to item dependencies.
1122 -- Restore the SPARK_Mode of the enclosing context after all delayed
1123 -- pragmas have been analyzed.
1127 -- Capture all global references in a generic package now that the
1128 -- contract has been analyzed.
1131 Save_Global_References_In_Contract
1137 --------------------------------------------
1138 -- Analyze_Package_Instantiation_Contract --
1139 --------------------------------------------
1141 -- WARNING: This routine manages SPARK regions. Return statements must be
1142 -- replaced by gotos which jump to the end of the routine and restore the
1143 -- SPARK mode.
1151 -- Save the SPARK_Mode-related data to restore on exit
1156 begin
1157 -- Nothing to do when the package instantiation is erroneous or left
1158 -- partially decorated.
1167 -- Due to the timing of contract analysis, delayed pragmas may be
1168 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1169 -- context. To remedy this, restore the original SPARK_Mode of the
1170 -- related package.
1174 -- Check whether the lack of indicator Part_Of agrees with the placement
1175 -- of the package instantiation with respect to the state space. Nested
1176 -- package instantiations do not need to be checked because they inherit
1177 -- Part_Of indicator of the outermost package instantiation (see routine
1178 -- Propagate_Part_Of in Sem_Prag).
1187 -- Restore the SPARK_Mode of the enclosing context after all delayed
1188 -- pragmas have been analyzed.
1193 --------------------------------
1194 -- Analyze_Protected_Contract --
1195 --------------------------------
1200 begin
1201 -- Do not analyze a contract multiple times
1206 else
1212 -------------------------------------------
1213 -- Analyze_Subprogram_Body_Stub_Contract --
1214 -------------------------------------------
1220 begin
1221 -- A subprogram body stub may act as its own spec or as the completion
1222 -- of a previous declaration. Depending on the context, the contract of
1223 -- the stub may contain two sets of pragmas.
1225 -- The stub is a completion, the applicable pragmas are:
1226 -- Refined_Depends
1227 -- Refined_Global
1232 -- The stub acts as its own spec, the applicable pragmas are:
1233 -- Contract_Cases
1234 -- Depends
1235 -- Global
1236 -- Postcondition
1237 -- Precondition
1238 -- Test_Case
1240 else
1245 ---------------------------
1246 -- Analyze_Task_Contract --
1247 ---------------------------
1249 -- WARNING: This routine manages SPARK regions. Return statements must be
1250 -- replaced by gotos which jump to the end of the routine and restore the
1251 -- SPARK mode.
1258 -- Save the SPARK_Mode-related data to restore on exit
1262 begin
1263 -- Do not analyze a contract multiple times
1268 else
1273 -- Due to the timing of contract analysis, delayed pragmas may be
1274 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1275 -- context. To remedy this, restore the original SPARK_Mode of the
1276 -- related task unit.
1280 -- Analyze Global first, as Depends may mention items classified in the
1281 -- global categorization.
1289 -- Depends must be analyzed after Global in order to see the modes of
1290 -- all global items.
1298 -- Restore the SPARK_Mode of the enclosing context after all delayed
1299 -- pragmas have been analyzed.
1304 -------------------------------------------------
1305 -- Build_And_Analyze_Contract_Only_Subprograms --
1306 -------------------------------------------------
1310 -- Analyze the contract-only subprograms of L
1313 -- Append the contract-only bodies of Subp_List to its declarations list
1316 -- If E is an entity for a non-imported subprogram specification with
1317 -- pre/postconditions and we are compiling with CodePeer mode, then
1318 -- this procedure will create a wrapper to help Gnat2scil process its
1319 -- contracts. Return Empty if the wrapper cannot be built.
1322 -- Build the contract-only subprograms of all eligible subprograms found
1323 -- in list L.
1326 -- Return True for package specs, task definitions, and protected type
1327 -- definitions whose list of private declarations is not empty.
1329 ---------------------------------------
1330 -- Analyze_Contract_Only_Subprograms --
1331 ---------------------------------------
1335 -- Analyze all the contract-only bodies of L
1337 ----------------------------------
1338 -- Analyze_Contract_Only_Bodies --
1339 ----------------------------------
1344 begin
1348 and then Is_Contract_Only_Body
1350 then
1358 -- Start of processing for Analyze_Contract_Only_Subprograms
1360 begin
1362 Analyze_Contract_Only_Bodies;
1364 else
1365 declare
1369 begin
1371 Analyze_Contract_Only_Bodies;
1373 -- For packages with private declarations, the contract-only
1374 -- bodies of subprograms defined in the visible part of the
1375 -- package are added to its private declarations (to ensure
1376 -- that they do not cause premature freezing of types and also
1377 -- that they are analyzed with proper visibility). Hence they
1378 -- will be analyzed later.
1384 Analyze_Contract_Only_Bodies;
1390 --------------------------------------
1391 -- Append_Contract_Only_Subprograms --
1392 --------------------------------------
1395 begin
1403 else
1404 declare
1408 begin
1412 -- If the package has private declarations then append them to
1413 -- its private declarations; they will be analyzed when the
1414 -- contracts of its private declarations are analyzed.
1416 else
1417 Append_List
1425 ------------------------------------
1426 -- Build_Contract_Only_Subprogram --
1427 ------------------------------------
1429 -- This procedure takes care of building a wrapper to generate better
1430 -- analysis results in the case of a call to a subprogram whose body
1431 -- is unavailable to CodePeer but whose specification includes Pre/Post
1432 -- conditions. The body might be unavailable for any of a number or
1433 -- reasons (it is imported, the .adb file is simply missing, or the
1434 -- subprogram might be subject to an Annotate (CodePeer, Skip_Analysis)
1435 -- pragma). The built subprogram has the following contents:
1436 -- * check preconditions
1437 -- * call the subprogram
1438 -- * check postconditions
1447 -- Build the declaration of the missing body subprogram and its
1448 -- corresponding pragma Import.
1451 -- Build the call to the missing body subprogram
1454 -- Return True for cases where the wrapper is not needed or we cannot
1455 -- build it.
1457 ------------------------------
1458 -- Build_Missing_Body_Decls --
1459 ------------------------------
1466 begin
1467 Decl :=
1471 Prag :=
1484 ----------------------------------------
1485 -- Build_Missing_Body_Subprogram_Call --
1486 ----------------------------------------
1492 begin
1495 -- Build parameter list that we need
1503 -- Build the call to the missing body subprogram
1506 return
1508 Expression =>
1510 Name =>
1514 else
1515 return
1517 Name =>
1523 -----------------------------------
1524 -- Skip_Contract_Only_Subprogram --
1525 -----------------------------------
1527 function Skip_Contract_Only_Subprogram
1529 is
1531 -- Return True if some formal of E (or its return type) are
1532 -- private types defined in an enclosing package.
1535 -- Return True if some enclosing package of the current scope has
1536 -- private declarations.
1538 ---------------------------------------
1539 -- Depends_On_Enclosing_Private_Type --
1540 ---------------------------------------
1543 function Defined_In_Enclosing_Package
1545 -- Return True if Typ is an entity defined in an enclosing
1546 -- package of the current scope.
1548 ----------------------------------
1549 -- Defined_In_Enclosing_Package --
1550 ----------------------------------
1552 function Defined_In_Enclosing_Package
1554 is
1557 begin
1560 loop
1567 -- Local variables
1572 -- Start of processing for Depends_On_Enclosing_Private_Type
1574 begin
1581 then
1588 return
1594 ----------------------------------------------
1595 -- Some_Enclosing_Package_Has_Private_Decls --
1596 ----------------------------------------------
1602 begin
1603 loop
1605 and then Has_Private_Declarations
1607 then
1618 -- Start of processing for Skip_Contract_Only_Subprogram
1620 begin
1621 if not CodePeer_Mode
1622 or else Inside_A_Generic
1630 then
1633 -- We do not support building the contract-only subprogram if E
1634 -- is a subprogram declared in a nested package that has some
1635 -- formal or return type depending on a private type defined in
1636 -- an enclosing package.
1639 and then Some_Enclosing_Package_Has_Private_Decls
1640 and then Depends_On_Enclosing_Private_Type
1641 then
1643 declare
1646 begin
1647 -- Warnings are disabled by default under CodePeer_Mode
1648 -- (see switch-c). Enable them temporarily.
1651 Error_Msg_N
1663 -- Start of processing for Build_Contract_Only_Subprogram
1665 begin
1666 -- Test cases where the wrapper is not needed and cases where we
1667 -- cannot build it.
1673 -- Note on calls to Copy_Separate_Tree. The trees we are copying
1674 -- here are fully analyzed, but we definitely want fully syntactic
1675 -- unanalyzed trees in the body we construct, so that the analysis
1676 -- generates the right visibility, and that is exactly what the
1677 -- calls to Copy_Separate_Tree give us.
1679 declare
1685 begin
1686 Bod :=
1688 Specification =>
1690 Declarations =>
1691 Build_Missing_Body_Decls,
1692 Handled_Statement_Sequence =>
1695 Build_Missing_Body_Subprogram_Call),
1700 -- Copy only the pre/postconditions of the original contract
1701 -- since it is what we need, but also because pragmas stored in
1702 -- the other fields have N_Pragmas with N_Aspect_Specifications
1703 -- that reference their associated pragma (thus causing an endless
1704 -- loop when trying to copy the subtree).
1706 declare
1709 begin
1715 -- Fix the name of this new subprogram and link the original
1716 -- subprogram with its Contract_Only_Body subprogram.
1726 -------------------------------------
1727 -- Build_Contract_Only_Subprograms --
1728 -------------------------------------
1736 begin
1758 ------------------------------
1759 -- Has_Private_Declarations --
1760 ------------------------------
1763 begin
1765 N_Protected_Definition,
1766 N_Task_Definition)
1767 then
1769 else
1770 return
1776 -- Local variables
1780 -- Start of processing for Build_And_Analyze_Contract_Only_Subprograms
1782 begin
1785 Analyze_Contract_Only_Subprograms;
1788 -----------------------------
1789 -- Create_Generic_Contract --
1790 -----------------------------
1797 -- Add a single contract-related source pragma Prag to the contract of
1798 -- generic template Templ_Id.
1800 ---------------------------------
1801 -- Add_Generic_Contract_Pragma --
1802 ---------------------------------
1807 begin
1808 -- Mark the pragma to prevent the premature capture of global
1809 -- references when capturing global references of the context
1810 -- (see Save_References_In_Pragma).
1814 -- Pragmas that apply to a generic subprogram declaration are not
1815 -- part of the semantic structure of the generic template:
1817 -- generic
1818 -- procedure Example (Formal : Integer);
1819 -- pragma Precondition (Formal > 0);
1821 -- Create a generic template for such pragmas and link the template
1822 -- of the pragma with the generic template.
1825 Rewrite
1832 -- Otherwise link the pragma with the generic template
1834 else
1839 -- Local variables
1844 -- Start of processing for Create_Generic_Contract
1846 begin
1847 -- A generic package declaration carries contract-related source pragmas
1848 -- in its visible declarations.
1857 -- A generic package body carries contract-related source pragmas in its
1858 -- declarations.
1867 -- Generic subprogram declaration
1872 else
1876 -- When the generic subprogram acts as a compilation unit, inspect
1877 -- the Pragmas_After list for contract-related source pragmas.
1882 then
1886 -- Otherwise inspect the successive declarations for contract-related
1887 -- source pragmas.
1889 else
1893 -- A generic subprogram body carries contract-related source pragmas in
1894 -- its declarations.
1904 -- Inspect the relevant declarations looking for contract-related source
1905 -- pragmas and add them to the contract of the generic unit.
1911 -- The source pragma is a contract annotation
1917 -- The region where a contract-related source pragma may appear
1918 -- ends with the first source non-pragma declaration or statement.
1920 else
1929 --------------------------------
1930 -- Expand_Subprogram_Contract --
1931 --------------------------------
1937 procedure Add_Invariant_And_Predicate_Checks
1941 -- Process the result of function Subp_Id (if applicable) and all its
1942 -- formals. Add invariant and predicate checks where applicable. The
1943 -- routine appends all the checks to list Stmts. If Subp_Id denotes a
1944 -- function, Result contains the entity of parameter _Result, to be
1945 -- used in the creation of procedure _Postconditions.
1948 -- Append a node to a list. If there is no list, create a new one. When
1949 -- the item denotes a pragma, it is added to the list only when it is
1950 -- enabled.
1952 procedure Build_Postconditions_Procedure
1956 -- Create the body of procedure _Postconditions which handles various
1957 -- assertion actions on exit from subprogram Subp_Id. Stmts is the list
1958 -- of statements to be checked on exit. Parameter Result is the entity
1959 -- of parameter _Result when Subp_Id denotes a function.
1962 -- Process pragma Contract_Cases. This routine prepends items to the
1963 -- body declarations and appends items to list Stmts.
1966 -- Collect all [inherited] spec and body postconditions and accumulate
1967 -- their pragma Check equivalents in list Stmts.
1970 -- Collect all [inherited] spec and body preconditions and prepend their
1971 -- pragma Check equivalents to the declarations of the body.
1973 ----------------------------------------
1974 -- Add_Invariant_And_Predicate_Checks --
1975 ----------------------------------------
1977 procedure Add_Invariant_And_Predicate_Checks
1981 is
1983 -- Id denotes the return value of a function or a formal parameter.
1984 -- Add an invariant check if the type of Id is access to a type with
1985 -- invariants. The routine appends the generated code to Stmts.
1988 -- Determine whether type Typ can benefit from invariant checks. To
1989 -- qualify, the type must have a non-null invariant procedure and
1990 -- subprogram Subp_Id must appear visible from the point of view of
1991 -- the type.
1993 ---------------------------------
1994 -- Add_Invariant_Access_Checks --
1995 ---------------------------------
2002 begin
2009 Ref :=
2014 -- Generate:
2015 -- if <Id> /= null then
2016 -- <invariant_call (<Ref>)>
2017 -- end if;
2019 Append_Enabled_Item
2022 Condition =>
2033 -------------------------
2034 -- Invariant_Checks_OK --
2035 -------------------------
2039 -- Determine whether type Typ has public visibility of subprogram
2040 -- Subp_Id.
2042 -----------------------------------------
2043 -- Has_Public_Visibility_Of_Subprogram --
2044 -----------------------------------------
2049 begin
2050 -- An Initialization procedure must be considered visible even
2051 -- though it is internally generated.
2059 -- Internally generated code is never publicly visible except
2060 -- for a subprogram that is the implementation of an expression
2061 -- function. In that case the visibility is determined by the
2062 -- last check.
2065 and then
2067 or else not
2069 then
2072 -- Determine whether the subprogram is declared in the visible
2073 -- declarations of the package containing the type, or in the
2074 -- visible declaration of a child unit of that package.
2076 else
2077 declare
2084 begin
2085 return
2086 Decls = Visible_Declarations
2089 or else
2093 and then
2095 and then
2096 Decls = Visible_Declarations
2097 (Specification
2103 -- Start of processing for Invariant_Checks_OK
2105 begin
2106 return
2113 -- Local variables
2116 -- Source location of subprogram body contract
2121 -- Start of processing for Add_Invariant_And_Predicate_Checks
2123 begin
2126 -- Process the result of a function
2131 -- Generate _Result which is used in procedure _Postconditions to
2132 -- verify the return value.
2137 -- Add an invariant check when the return type has invariants and
2138 -- the related function is visible to the outside.
2141 Append_Enabled_Item
2147 -- Add an invariant check when the return type is an access to a
2148 -- type with invariants.
2153 -- Add invariant and predicates for all formals that qualify
2161 then
2163 Append_Enabled_Item
2171 -- Note: we used to add predicate checks for OUT and IN OUT
2172 -- formals here, but that was misguided, since such checks are
2173 -- performed on the caller side, based on the predicate of the
2174 -- actual, rather than the predicate of the formal.
2182 -------------------------
2183 -- Append_Enabled_Item --
2184 -------------------------
2187 begin
2188 -- Do not chain ignored or disabled pragmas
2192 then
2195 -- Otherwise, add the item
2197 else
2202 -- If the pragma is a conjunct in a composite postcondition, it
2203 -- has been processed in reverse order. In the postcondition body
2204 -- it must appear before the others.
2209 then
2211 else
2217 ------------------------------------
2218 -- Build_Postconditions_Procedure --
2219 ------------------------------------
2221 procedure Build_Postconditions_Procedure
2225 is
2227 -- Insert node Stmt before the first source declaration of the
2228 -- related subprogram's body. If no such declaration exists, Stmt
2229 -- becomes the last declaration.
2231 --------------------------------------------
2232 -- Insert_Before_First_Source_Declaration --
2233 --------------------------------------------
2239 begin
2240 -- Inspect the declarations of the related subprogram body looking
2241 -- for the first source declaration.
2254 -- If we get there, then the subprogram body lacks any source
2255 -- declarations. The body of _Postconditions now acts as the
2256 -- last declaration.
2260 -- Ensure that the body has a declaration list
2262 else
2267 -- Local variables
2276 -- Start of processing for Build_Postconditions_Procedure
2278 begin
2279 -- Nothing to do if there are no actions to check on exit
2289 -- Force the front-end inlining of _Postconditions when generating C
2290 -- code, since its body may have references to itypes defined in the
2291 -- enclosing subprogram, which would cause problems for unnesting
2292 -- routines in the absence of inlining.
2300 -- The related subprogram is a function: create the specification of
2301 -- parameter _Result.
2307 Parameter_Type =>
2311 Proc_Spec :=
2318 -- Insert _Postconditions before the first source declaration of the
2319 -- body. This ensures that the body will not cause any premature
2320 -- freezing, as it may mention types:
2322 -- procedure Proc (Obj : Array_Typ) is
2323 -- procedure _postconditions is
2324 -- begin
2325 -- ... Obj ...
2326 -- end _postconditions;
2328 -- subtype T is Array_Typ (Obj'First (1) .. Obj'Last (1));
2329 -- begin
2331 -- In the example above, Obj is of type T but the incorrect placement
2332 -- of _Postconditions will cause a crash in gigi due to an out-of-
2333 -- order reference. The body of _Postconditions must be placed after
2334 -- the declaration of Temp to preserve correct visibility.
2339 -- Set an explicit End_Label to override the sloc of the implicit
2340 -- RETURN statement, and prevent it from inheriting the sloc of one
2341 -- the postconditions: this would cause confusing debug info to be
2342 -- produced, interfering with coverage-analysis tools.
2344 Proc_Bod :=
2346 Specification =>
2349 Handled_Statement_Sequence =>
2357 ----------------------------
2358 -- Process_Contract_Cases --
2359 ----------------------------
2363 -- Process pragma Contract_Cases for subprogram Subp_Id
2365 --------------------------------
2366 -- Process_Contract_Cases_For --
2367 --------------------------------
2373 begin
2379 then
2380 Expand_Pragma_Contract_Cases
2393 -- Stmts is passed as IN OUT to signal that the list can be updated,
2394 -- even if the corresponding integer value representing the list does
2395 -- not change.
2397 -- Start of processing for Process_Contract_Cases
2399 begin
2407 ----------------------------
2408 -- Process_Postconditions --
2409 ----------------------------
2413 -- Collect all [refined] postconditions of a specific kind denoted
2414 -- by Post_Nam that belong to the body, and generate pragma Check
2415 -- equivalents in list Stmts.
2418 -- Collect all [inherited] postconditions of the spec, and generate
2419 -- pragma Check equivalents in list Stmts.
2421 ---------------------------------
2422 -- Process_Body_Postconditions --
2423 ---------------------------------
2431 begin
2432 -- Process the contract
2439 then
2440 Append_Enabled_Item
2449 -- The subprogram body being processed is actually the proper body
2450 -- of a stub with a corresponding spec. The subprogram stub may
2451 -- carry a postcondition pragma, in which case it must be taken
2452 -- into account. The pragma appears after the stub.
2458 -- Note that non-matching pragmas are skipped
2463 then
2464 Append_Enabled_Item
2469 -- Skip internally generated code
2474 -- Postcondition pragmas are usually grouped together. There
2475 -- is no need to inspect the whole declarative list.
2477 else
2486 ---------------------------------
2487 -- Process_Spec_Postconditions --
2488 ---------------------------------
2498 begin
2499 -- Process the contract
2508 then
2509 Append_Enabled_Item
2518 -- Process the contracts of all inherited subprograms, looking for
2519 -- class-wide postconditions.
2530 then
2531 Item :=
2532 Build_Pragma_Check_Equivalent
2537 -- The pragma Check equivalent of the class-wide
2538 -- postcondition is still created even though the
2539 -- pragma may be ignored because the equivalent
2540 -- performs semantic checks.
2554 -- Stmts is passed as IN OUT to signal that the list can be updated,
2555 -- even if the corresponding integer value representing the list does
2556 -- not change.
2558 -- Start of processing for Process_Postconditions
2560 begin
2561 -- The processing of postconditions is done in reverse order (body
2562 -- first) to ensure the following arrangement:
2564 -- <refined postconditions from body>
2565 -- <postconditions from body>
2566 -- <postconditions from spec>
2567 -- <inherited postconditions>
2573 Process_Spec_Postconditions;
2577 ---------------------------
2578 -- Process_Preconditions --
2579 ---------------------------
2583 -- The sole [inherited] class-wide precondition pragma that applies
2584 -- to the subprogram.
2587 -- The insertion node after which all pragma Check equivalents are
2588 -- inserted.
2591 -- Determine whether arbitrary declaration Decl denotes a renaming of
2592 -- a discriminant or protection field _object.
2595 -- Merge two class-wide preconditions by "or else"-ing them. The
2596 -- changes are accumulated in parameter Into. Update the error
2597 -- message of Into.
2600 -- Prepend a single item to the declarations of the subprogram body
2603 -- Save a class-wide precondition into Class_Pre, or prepend a normal
2604 -- precondition to the declarations of the body and analyze it.
2607 -- Collect all inherited class-wide preconditions and merge them into
2608 -- one big precondition to be evaluated as pragma Check.
2611 -- Collect all preconditions of subprogram Subp_Id and prepend their
2612 -- pragma Check equivalents to the declarations of the body.
2614 --------------------------
2615 -- Is_Prologue_Renaming --
2616 --------------------------
2624 begin
2633 -- A discriminant renaming appears as
2634 -- Discr : constant ... := Prefix.Discr;
2640 then
2643 -- A protection field renaming appears as
2644 -- Prot : ... := _object._object;
2646 -- A renamed private component is just a component of
2647 -- _object, with an arbitrary name.
2653 then
2662 -------------------------
2663 -- Merge_Preconditions --
2664 -------------------------
2668 -- Return the boolean expression argument of a precondition while
2669 -- updating its parentheses count for the subsequent merge.
2672 -- Return the message argument of a precondition
2674 --------------------
2675 -- Expression_Arg --
2676 --------------------
2682 begin
2690 -----------------
2691 -- Message_Arg --
2692 -----------------
2696 begin
2700 -- Local variables
2708 -- Start of processing for Merge_Preconditions
2710 begin
2711 -- Merge the two preconditions by "or else"-ing them
2718 -- Merge the two error messages to produce a single message of the
2719 -- form:
2721 -- failed precondition from ...
2722 -- also failed inherited precondition from ...
2734 ----------------------
2735 -- Prepend_To_Decls --
2736 ----------------------
2741 begin
2744 -- Ensure that the body has a declarative list
2754 ------------------------------
2755 -- Prepend_To_Decls_Or_Save --
2756 ------------------------------
2761 begin
2764 -- Save the sole class-wide precondition (if any) for the next
2765 -- step, where it will be merged with inherited preconditions.
2771 -- Accumulate the corresponding Check pragmas at the top of the
2772 -- declarations. Prepending the items ensures that they will be
2773 -- evaluated in their original order.
2775 else
2778 else
2786 -------------------------------------
2787 -- Process_Inherited_Preconditions --
2788 -------------------------------------
2799 begin
2800 -- Process the contracts of all inherited subprograms, looking for
2801 -- class-wide preconditions.
2812 then
2813 Item :=
2814 Build_Pragma_Check_Equivalent
2819 -- The pragma Check equivalent of the class-wide
2820 -- precondition is still created even though the
2821 -- pragma may be ignored because the equivalent
2822 -- performs semantic checks.
2826 -- The spec of an inherited subprogram already
2827 -- yielded a class-wide precondition. Merge the
2828 -- existing precondition with the current one
2829 -- using "or else".
2833 else
2844 -- Add the merged class-wide preconditions
2852 -------------------------------
2853 -- Process_Preconditions_For --
2854 -------------------------------
2863 begin
2864 -- Process the contract
2871 then
2879 -- The subprogram declaration being processed is actually a body
2880 -- stub. The stub may carry a precondition pragma, in which case
2881 -- it must be taken into account. The pragma appears after the
2882 -- stub.
2888 -- Inspect the declarations following the body stub
2893 -- Note that non-matching pragmas are skipped
2898 then
2902 -- Skip internally generated code
2907 -- Preconditions are usually grouped together. There is no
2908 -- need to inspect the whole declarative list.
2910 else
2919 -- Local variables
2924 -- Start of processing for Process_Preconditions
2926 begin
2927 -- Find the proper insertion point for all pragma Check equivalents
2933 -- First source declaration terminates the search, because all
2934 -- preconditions must be evaluated prior to it, by definition.
2939 -- Certain internally generated object renamings such as those
2940 -- for discriminants and protection fields must be elaborated
2941 -- before the preconditions are evaluated, as their expressions
2942 -- may mention the discriminants. The renamings include those
2943 -- for private components so we need to find the last such.
2948 loop
2954 -- Otherwise the declaration does not come from source. This
2955 -- also terminates the search, because internal code may raise
2956 -- exceptions which should not preempt the preconditions.
2958 else
2966 -- The processing of preconditions is done in reverse order (body
2967 -- first), because each pragma Check equivalent is inserted at the
2968 -- top of the declarations. This ensures that the final order is
2969 -- consistent with following diagram:
2971 -- <inherited preconditions>
2972 -- <preconditions from spec>
2973 -- <preconditions from body>
2979 Process_Inherited_Preconditions;
2983 -- Local variables
2990 -- Start of processing for Expand_Subprogram_Contract
2992 begin
2993 -- Obtain the entity of the initial declaration
2997 else
3001 -- Do not perform expansion activity when it is not needed
3006 -- ASIS requires an unaltered tree
3011 -- GNATprove does not need the executable semantics of a contract
3016 -- The contract of a generic subprogram or one declared in a generic
3017 -- context is not expanded, as the corresponding instance will provide
3018 -- the executable semantics of the contract.
3023 -- All subprograms carry a contract, but for some it is not significant
3024 -- and should not be processed. This is a small optimization.
3029 -- The contract of an ignored Ghost subprogram does not need expansion,
3030 -- because the subprogram and all calls to it will be removed.
3035 -- Do not re-expand the same contract. This scenario occurs when a
3036 -- construct is rewritten into something else during its analysis
3037 -- (expression functions for instance).
3043 -- Prevent multiple expansion attempts of the same contract
3047 -- Ensure that the formal parameters are visible when expanding all
3048 -- contract items.
3056 else
3061 -- The expansion of a subprogram contract involves the creation of Check
3062 -- pragmas to verify the contract assertions of the spec and body in a
3063 -- particular order. The order is as follows:
3065 -- function Example (...) return ... is
3066 -- procedure _Postconditions (...) is
3067 -- begin
3068 -- <refined postconditions from body>
3069 -- <postconditions from body>
3070 -- <postconditions from spec>
3071 -- <inherited postconditions>
3072 -- <contract case consequences>
3073 -- <invariant check of function result>
3074 -- <invariant and predicate checks of parameters>
3075 -- end _Postconditions;
3077 -- <inherited preconditions>
3078 -- <preconditions from spec>
3079 -- <preconditions from body>
3080 -- <contract case conditions>
3082 -- <source declarations>
3083 -- begin
3084 -- <source statements>
3086 -- _Preconditions (Result);
3087 -- return Result;
3088 -- end Example;
3090 -- Routine _Postconditions holds all contract assertions that must be
3091 -- verified on exit from the related subprogram.
3093 -- Step 1: Handle all preconditions. This action must come before the
3094 -- processing of pragma Contract_Cases because the pragma prepends items
3095 -- to the body declarations.
3097 Process_Preconditions;
3099 -- Step 2: Handle all postconditions. This action must come before the
3100 -- processing of pragma Contract_Cases because the pragma appends items
3101 -- to list Stmts.
3105 -- Step 3: Handle pragma Contract_Cases. This action must come before
3106 -- the processing of invariants and predicates because those append
3107 -- items to list Stmts.
3111 -- Step 4: Apply invariant and predicate checks on a function result and
3112 -- all formals. The resulting checks are accumulated in list Stmts.
3116 -- Step 5: Construct procedure _Postconditions
3121 End_Scope;
3125 -------------------------------
3126 -- Freeze_Previous_Contracts --
3127 -------------------------------
3132 -- Determine whether arbitrary node N causes contract freezing
3136 -- Freeze the contracts of all eligible constructs which precede body
3137 -- Body_Decl.
3141 -- Freeze the contract of the nearest package body (if any) which
3142 -- encloses body Body_Decl.
3144 ------------------------------
3145 -- Causes_Contract_Freezing --
3146 ------------------------------
3149 begin
3151 N_Package_Body,
3152 N_Protected_Body,
3153 N_Subprogram_Body,
3154 N_Subprogram_Body_Stub,
3155 N_Task_Body);
3158 ----------------------
3159 -- Freeze_Contracts --
3160 ----------------------
3166 begin
3167 -- Nothing to do when the body which causes freezing does not appear
3168 -- in a declarative list because there cannot possibly be constructs
3169 -- with contracts.
3175 -- Inspect the declarations preceding the body, and freeze individual
3176 -- contracts of eligible constructs.
3181 -- Stop the traversal when a preceding construct that causes
3182 -- freezing is encountered as there is no point in refreezing
3183 -- the already frozen constructs.
3188 -- Entry or subprogram declarations
3191 N_Entry_Declaration,
3192 N_Generic_Subprogram_Declaration,
3193 N_Subprogram_Declaration)
3194 then
3195 Analyze_Entry_Or_Subprogram_Contract
3199 -- Objects
3202 Analyze_Object_Contract
3206 -- Protected units
3209 N_Single_Protected_Declaration)
3210 then
3213 -- Subprogram body stubs
3218 -- Task units
3221 N_Task_Type_Declaration)
3222 then
3230 -----------------------------------
3231 -- Freeze_Enclosing_Package_Body --
3232 -----------------------------------
3238 begin
3239 -- Climb the parent chain looking for an enclosing package body. Do
3240 -- not use the scope stack, because a body utilizes the entity of its
3241 -- corresponding spec.
3246 Analyze_Package_Body_Contract
3252 -- Do not look for an enclosing package body when the construct
3253 -- which causes freezing is a body generated for an expression
3254 -- function and it appears within a package spec. This ensures
3255 -- that the traversal will not reach too far up the parent chain
3256 -- and attempt to freeze a package body which must not be frozen.
3258 -- package body Enclosing_Body
3259 -- with Refined_State => (State => Var)
3260 -- is
3261 -- package Nested is
3262 -- type Some_Type is ...;
3263 -- function Cause_Freezing return ...;
3264 -- private
3265 -- function Cause_Freezing is (...);
3266 -- end Nested;
3267 --
3268 -- Var : Nested.Some_Type;
3272 then
3275 -- Prevent the search from going too far
3285 -- Local variables
3289 -- Start of processing for Freeze_Previous_Contracts
3291 begin
3294 -- A body that is in the process of being inlined appears from source,
3295 -- but carries name _parent. Such a body does not cause freezing of
3296 -- contracts.
3302 Freeze_Enclosing_Package_Body;
3303 Freeze_Contracts;
3306 ---------------------------------
3307 -- Inherit_Subprogram_Contract --
3308 ---------------------------------
3310 procedure Inherit_Subprogram_Contract
3313 is
3315 -- Propagate a pragma denoted by Prag_Id from From_Subp's contract to
3316 -- Subp's contract.
3318 --------------------
3319 -- Inherit_Pragma --
3320 --------------------
3326 begin
3327 -- A pragma cannot be part of more than one First_Pragma/Next_Pragma
3328 -- chains, therefore the node must be replicated. The new pragma is
3329 -- flagged as inherited for distinction purposes.
3339 -- Start of processing for Inherit_Subprogram_Contract
3341 begin
3342 -- Inheritance is carried out only when both entities are subprograms
3343 -- with contracts.
3348 then
3353 -------------------------------------
3354 -- Instantiate_Subprogram_Contract --
3355 -------------------------------------
3359 -- Instantiate all contract-related source pragmas found in the list,
3360 -- starting with pragma First_Prag. Each instantiated pragma is added
3361 -- to list L.
3363 -------------------------
3364 -- Instantiate_Pragmas --
3365 -------------------------
3371 begin
3375 Inst_Prag :=
3386 -- Local variables
3390 -- Start of processing for Instantiate_Subprogram_Contract
3392 begin
3400 ----------------------------------------
3401 -- Save_Global_References_In_Contract --
3402 ----------------------------------------
3404 procedure Save_Global_References_In_Contract
3407 is
3409 -- Save all global references in contract-related source pragmas found
3410 -- in the list, starting with pragma First_Prag.
3412 ------------------------------------
3413 -- Save_Global_References_In_List --
3414 ------------------------------------
3419 begin
3430 -- Local variables
3434 -- Start of processing for Save_Global_References_In_Contract
3436 begin
3437 -- The entity of the analyzed generic copy must be on the scope stack
3438 -- to ensure proper detection of global references.
3444 then
3454 Pop_Scope;